MobileRead Forums - View Single Post

Mark Nord · 02-14-2010, 09:05 AM

Hi everybody!

First I want to say, I'm very impressed of all your excellent work and efforts.

As the US-Updater contains one (1) raw.bootimg.img and two (2) cramfs-imges: cramfs.Fsk.img and cramfs.Rootfs.img, I was able to extract all 3 img's with a modified script from JeffElkin.

But the log shows several more partitions:
/proc/mtd
dev: size erasesize name
mtd0: 00200000 00010000 "sdm device NOR 0"
mtd1: 0f340000 00020000 "sdm device NAND/SBL 0"
mtd2: 10000000 00020000 "eBook-1 NAND flash partition 0"
mtd3: 00040000 00010000 "Loader"
mtd4: 00010000 00010000 "Reserved"
mtd5: 00010000 00010000 "FIS directory"
mtd6: 00080000 00020000 "nblconfig"
mtd7: 001a0000 00020000 "Linux"
mtd8: 00040000 00010000 "Wf"
mtd9: 00080000 00010000 "BootImg"
mtd10: 00010000 00010000 "Id"
mtd11: 00010000 00010000 "Info"
mtd12: 001a0000 00020000 "Linux0"
mtd13: 007e0000 00020000 "Rootfs2"
mtd14: 00980000 00020000 "Rootfs"
mtd15: 00840000 00020000 "Fsk"
mtd16: 00300000 00020000 "Opt0"
mtd17: 0d260000 00020000 "Data"
-----------------------------

I have saved mtd14, mtd15 and mtd9 at the moment.
Should the others be dumped too?

The 1.4 BootImg seams to be binary identical to the 1.1 version, exept off the slightly larger filesize.
After extraction with cramfsck.exe both the rootfs and the fsk partitions show differences between 1.1. and 1.4

Furthermore I managed to inject kartu's prs+ loader "PRSPlus.js" in the "applicationStart.xml" and flashed this based on the original 1.4.0.23260 files.

After rebooting, I can see the modified structure of the main menu, greyed out, rotating arrows show the scanning of the internal memory, and after a while... my prs-505 reboots.

After connecting the device to the PC I removed "_BrowseFolders.js" from the addons folder and the device reboots fine again.
The clock is shown (I added the SHD_TIME variable to "main.xml" and "applicationStart.xml" too).

The "PRS+ Settings" Menu is shown under Settings (Einstellungen) too,
But if I press "0" to open them, the device reboots again.

Maybe there is a isue with the way the objects get cloned, because of different versions of FSKChache.xsb in version 1.4 compared to 1.1.0.1840?

Two last things:
1) IMHO it should be possible to append Igorsk "flash_opt.sh", in a way that at least the rootfs.img could be flashed to,
by adding NEW_ROOTFS_SIZE var and by duplicating all code referencing NEW_OPT.IMG and Fsk using NEW_ROOTFS.IMG and Rootfs instead.

2) By patching 6 bytes in "eBookMSCDeviceUpdater.dll" at offset 0x1509 from 0F 85 91 01 00 00 to 90 90 90 90 90 90 it "should" be possible to use the sony flasher with any Fsk, Rootfs and BootImg.
Actually this patch "should" bypass the checksum-test.
But I hadn't the eggs to try it at the moment.

If you are interested in one or the other file mentioned, reply or e-mail.

Kind regard
Mark

02-14-2010, 09:05 AM	#27
Mark Nord 2B \|\| !2B Posts: 854 Karma: 327896 Join Date: Feb 2010 Location: Austria Device: Sony PRS505/650/T1/tolino vision 5	German firmware 1.4.0.23260 snapshot Hi everybody! First I want to say, I'm very impressed of all your excellent work and efforts. As the US-Updater contains one (1) raw.bootimg.img and two (2) cramfs-imges: cramfs.Fsk.img and cramfs.Rootfs.img, I was able to extract all 3 img's with a modified script from JeffElkin. But the log shows several more partitions: /proc/mtd dev: size erasesize name mtd0: 00200000 00010000 "sdm device NOR 0" mtd1: 0f340000 00020000 "sdm device NAND/SBL 0" mtd2: 10000000 00020000 "eBook-1 NAND flash partition 0" mtd3: 00040000 00010000 "Loader" mtd4: 00010000 00010000 "Reserved" mtd5: 00010000 00010000 "FIS directory" mtd6: 00080000 00020000 "nblconfig" mtd7: 001a0000 00020000 "Linux" mtd8: 00040000 00010000 "Wf" mtd9: 00080000 00010000 "BootImg" mtd10: 00010000 00010000 "Id" mtd11: 00010000 00010000 "Info" mtd12: 001a0000 00020000 "Linux0" mtd13: 007e0000 00020000 "Rootfs2" mtd14: 00980000 00020000 "Rootfs" mtd15: 00840000 00020000 "Fsk" mtd16: 00300000 00020000 "Opt0" mtd17: 0d260000 00020000 "Data" ----------------------------- I have saved mtd14, mtd15 and mtd9 at the moment. Should the others be dumped too? The 1.4 BootImg seams to be binary identical to the 1.1 version, exept off the slightly larger filesize. After extraction with cramfsck.exe both the rootfs and the fsk partitions show differences between 1.1. and 1.4 Furthermore I managed to inject kartu's prs+ loader "PRSPlus.js" in the "applicationStart.xml" and flashed this based on the original 1.4.0.23260 files. After rebooting, I can see the modified structure of the main menu, greyed out, rotating arrows show the scanning of the internal memory, and after a while... my prs-505 reboots. After connecting the device to the PC I removed "_BrowseFolders.js" from the addons folder and the device reboots fine again. The clock is shown (I added the SHD_TIME variable to "main.xml" and "applicationStart.xml" too). The "PRS+ Settings" Menu is shown under Settings (Einstellungen) too, But if I press "0" to open them, the device reboots again. Maybe there is a isue with the way the objects get cloned, because of different versions of FSKChache.xsb in version 1.4 compared to 1.1.0.1840? Two last things: 1) IMHO it should be possible to append Igorsk "flash_opt.sh", in a way that at least the rootfs.img could be flashed to, by adding NEW_ROOTFS_SIZE var and by duplicating all code referencing NEW_OPT.IMG and Fsk using NEW_ROOTFS.IMG and Rootfs instead. 2) By patching 6 bytes in "eBookMSCDeviceUpdater.dll" at offset 0x1509 from 0F 85 91 01 00 00 to 90 90 90 90 90 90 it "should" be possible to use the sony flasher with any Fsk, Rootfs and BootImg. Actually this patch "should" bypass the checksum-test. But I hadn't the eggs to try it at the moment. If you are interested in one or the other file mentioned, reply or e-mail. Kind regard Mark