[demo] the next one :)

[g3gg0]

yesterday in the night after i came back from holiday i made
a small demo again

thanx to krisha and wumpus!

-> 3310

should work with all lcds lol

[NokDoc]

Hi,

A-Ma-Zing!

Pure hardcore.

By mistake, I put it to my 8210, but it seemed to work.

Thanks

NokDoc

[StiNKy]

can you please tell us poor unfortunate souls who do not have a flashing cable what it does?

[g3gg0]

it plays a wave filé through the buzzer (not speaker)

[StiNKy]

wow, really? how did you do that? what's the quality like? is it loud?

[g3gg0]

u wont hear it when u have a radio playing music...
its not loud... but it works

[wumpus]

WOW, ingenious, the first step toward polyphonic ringtones on 331x

We should combine it with a simple MIDI synthesizer!

[StiNKy]

yeah I was thinking about somthing similar... I mean the 3310 can record and playback already (voice tag function)... is there much stopping us from recording music and playing back as the "ringtone"? only problem I could think of is whether or not it will be loud enough. and next problem is how big 10 seconds of music is going to be on the phone.... can anyone enlighten me?

[wumpus]

Yes, recording music/speech fills 2MB of flash in just about no time, although you could use the GSM halfrate stuff for compression..

As I'm currently working on reversing the DSP stuff, I'll give it a try as soon as I find out how to record sound from the mic

[g3gg0]

@wumpus:
i think its a little bit more complex... to play midi files we have to
stretch and compress wave and have a waveset for the instruments..
or we could do a midi synthesizer, not using wavetables...
but this is also rather complex

@stinky:
i use 8-bit samples with 8kHz sampling rate..
its no problem to "compress" it to 1-bit sample, 8kHz since
internally the byte is reduced to 1 bit
so we can have about 2000 seconds of wave in the phone
IF WE PLAY IT VIA BUZZER....

if u want it to be played via speaker, we have to provide PCM data.
but dont know how to access it, since its dome through the DSP

EDIT:
programming the flash in runtime is somehow critical....
the code that "flashes" has to be ran in RAM else the flash gets confused
by the reads of MAD...
short snippets with duration of just a few seconds wont matter imho...
the RAM is big enough for some seconds
but if u want to record some minutes its a little bit too small
and we have to flash and record at the same time

hmm but we could use the 0x00010000 region as a ringbuffer (4k)
and flash the 4k in the 64k(?) blocks of the flash...
of course we must not use ints which will call our code in flash

[wumpus]

Well, you have a point, the flash is too slow to write PCM in real time, but the flashing itself is not a problem; just stuff the flash writing routines into the 10000 range and halt interrupts with the ARM instruction provided for that. (if you write only one block the delay should not be too long)

[g3gg0]

the normal RAM doesnt work?
or depends it if the flash/sram is a combine one?
imho running from normal ram should be okay

[wumpus]

Yes, normal RAM should work too - the firmware flashes from normal RAM as well, I was confused by the default flasher software which copies routines to 10000 for some reason.

[g3gg0]

hehe i saw that too : )
i think they do it to bypass defect RAM chips (and maybe recognise bad RAM?)
im stuck with xbus init/reading, o u have a code snippet for ARM?
cvs should work now for you too

[wumpus]

Well I have this:

Code:

#define IO_MBUS_CTRL    0x20018
#define IO_MBUS_STATUS  0x20019
#define IO_MBUS_BYTE    0x2001A
/*...*/
uint IO_FlasherReceiveByte() {
	while(!(readb(IO_MBUS_STATUS) & 0x20)) ;
	return readb(IO_MBUS_BYTE);
}

uint IO_FlasherSendByte(uint dat) {
	int x;
	for(x=8; x>0; x--) {
		/* wait SCL low */
		while((readb(IO_MBUS_STATUS) & 0x40)) ;
		writeb(dat<<7, IO_MBUS_STATUS);
		/* wait SCL high */
		while(!(readb(IO_MBUS_STATUS) & 0x40)) ;
		dat >>= 1;
	}
}

But I suppose you're looking for *real* MBUS code not the ad-hoc flasher clocked serial, I haven't worked on that yet as I always leave my flasher cable connected for the duration of the code session for catching debug parameters..

We'd first need interrupt handling anyway

[StiNKy]

uggh... sounds like I have some serious catching up to do... half the stuff you guys talk about I don't have a clue what you mean.
can anyone suggest any reading material?..

[g3gg0]

thanx wumpus

due to lack of time i cant do an app that sends data via flasher ;(
but something different:

1. int handling?
do u know how the inthandling is set up?
2 weeks ago i tried to do the int handling but i failed...
i set up the ARM longjumps in 0x00000000 for each int,
enabled ints globally, but there will never be an int ;(
did u have a look at the CVS sources?
i think the register writes to enable ints must be in main.c
or did i remove them already? hmm cant check it now... (@work)

2. DSP init...
am i correct? after the DSP was reset, it runs the code at its 0x0800,
or 0x00010000 in MAD.. or is it some more complex? (communication
thorough control bytes etc)

[wumpus]

thanx wumpus

due to lack of time i cant do an app that sends data via flasher ;(
but something different:

Well, it's kind of easy (easier than making an MBUS protocol layer), you need those two functions (send and receive byte) on the Host side as well.. and you're as good as done (although some ad hoc flow control doesn't hurt either)
I'll put my stripped version of KNOK that does exactly this online one of these days

1. int handling?
do u know how the inthandling is set up?

Yes I do, I've had a very evil interrupt handler that crashes the phone when invoked
The problem is that ARM interrupt routines need to be special, they need some ARM32 assembly mumbo jumbo (see the ARM7DTMI data sheet). That's why I haven't been as far as having a *working* interrupt implementation yet - work, work, work

Also note that normally no interrupts are generated at all, you need to instruct some hardware to generate them as well. (I recommend you try to enable the Keyboard interrupts; I think they are easiest, next in line would be the programmable timer)

did u have a look at the CVS sources?

Yes I have, quite impressive; I did see some interrupt stuff, but couldn't get it to work either. Maybe because it's an THUMB handler?

am i correct? after the DSP was reset, it runs the code at its 0x0800,
or 0x00010000 in MAD.. or is it some more complex? (communication
thorough control bytes etc)

DSP = evil
I think the only things you really need to do are
1) set the DSPIF [30000] to 0x0000 (enable shared memory access by DSP)
2) set bit 0 of 20002 (DSP reset control register)

I have no idea at all where execution starts, it could be in ROM, in RAM; a good example of DSP code is the initial FAID Checksum calculation in the firmware. It works with un-initialized DSP.

But how the MDI and AUD high level stuff in is invoked initially..? I wish I knew.. I assume it has something to do with the codeblocks uploaded to the DSP in a certain sequence.

I really need a TMS320xx disassembler.. (and even more important, the skill to read DSP code )

[g3gg0]

Yes I do, I've had a very evil interrupt handler that crashes the phone when invoked

i wish i were so far

The problem is that ARM interrupt routines need to be special, they need some ARM32 assembly mumbo jumbo (see the ARM7DTMI data sheet). That's why I haven't been as far as having a *working* interrupt implementation yet - work, work, work

my actual problem is the time also ;(

Also note that normally no interrupts are generated at all, you need to instruct some hardware to generate them as well. (I recommend you try to enable the Keyboard interrupts; I think they are easiest, next in line would be the programmable timer)
Yes I have, quite impressive; I did see some interrupt stuff, but couldn't get it to work either. Maybe because it's an THUMB handler?

yepp this stuff isnt made to work, its made to crash at least (or work ; ) )
but it doesnt do anything
so i have to check how to enable keypad ints : )
with your page as excellent datasheet it shouldnt be a problem : )

DSP = evil
I think the only things you really need to do are
1) set the DSPIF [30000] to 0x0000 (enable shared memory access by DSP)
2) set bit 0 of 20002 (DSP reset control register)

I have no idea at all where execution starts, it could be in ROM, in RAM; a good example of DSP code is the initial FAID Checksum calculation in the firmware. It works with un-initialized DSP.

But how the MDI and AUD high level stuff in is invoked initially..? I wish I knew.. I assume it has something to do with the codeblocks uploaded to the DSP in a certain sequence.

I really need a TMS320xx disassembler.. (and even more important, the skill to read DSP code )

[/QUOTE]

for that disassembler, contact nok5rev himself, he has one...
i think he made it himself.. i used it to crack the FAID ; )


thanks for all the info, i will work it out somewhen next week
(have still some other programming work to do)

cu then!

[AlexD]

DSP starts at 0xFF80 after reset and goto 0x0F00, which is in shared RAM

Code:

ROM:FF80                loc_FF80:                               ; CODE XREF: ROM:FF20
ROM:FF80 771D FFA8                      stm     #0FFA8h, PMST
ROM:FF82 F073 FF85                      b       loc_FF85
ROM:FF84                ; ---------------------------------------------------------------------------
ROM:FF84 F49B                           retf
ROM:FF85                ; ---------------------------------------------------------------------------
ROM:FF85                
ROM:FF85                loc_FF85:                               ; CODE XREF: ROM:FF82
ROM:FF85 F073 0F00                      b       unk_F00

[Crux]

hi how can i flash with this file? wich is the address/offset?

does it work also in 6210?

pls reply

[wumpus]

DSP starts at 0xFF80 after reset and goto 0x0F00, which is in shared RAM

Thanks for the info!

hi how can i flash with this file? wich is the address/offset?

200000, like normal flash

does it work also in 6210?

Unknown.

[Crux]

thanks for reply.
i will check it as soon as i get home

[Crux]

how do i know it worked?

[Crux]

can i make a new tone for it?

wich tone does it have?

i heard it's possible to make a vibra-tone

you make a tone wich only vibrate and doesn´t ring.

you make a personal vibratone

anyone know how to do this?

[g3gg0]

@Crux2002:
sorry but these posts are rather OT here...

[wumpus]

You could try to play a wave through the vibra though *grin*

[Crux]

Just for the record:

didn't work with my 6210 (updated to 6250)

will try later with a 3310

[rajkhikhi]

when i download and put this Fls in my nokia3310 after flashing it seems like something is burning inside the phone and some noise i hear .......and i can't see anything .......please tell me what is this and one more thing ....now when i am flashing another flash or my original eeprom from the backup of my phone on rollis flasher 4.79 it says unknown address in flash type :-000000 ......please tell me how can solve my problum i don't know what to do and even i can't flash it again ......i think i lost my mobile forever or there is any other way to flash it............i have dejan flasher 1.05 and 1.0 even i try to erase my flash on knock22 software .....but i don't know why my flasher not working on it and even i try to fullflash my mobile but whenver i just power it on just little bit for flashing it start noising becoz of g3d3m0_v2.zip .......so i am not able to flash it again ...please some one help me and let me know why my flasher not working on knock22..........and send me any modified flash file for 3310 .........i really need this..............please someone help me ....i am really belong to middle class family and i can't buy it again .............Thanks

[wumpus]

Well if you could flash g3gg0s file you should be able to flash any firmware, including Nokia's own, the same way.

[khizofdeath]

the fls file is to small should i flash it like en eeprom or what are the start adress and the end adress from 20000 to ?

[pedrofarinha]

i flashed it to a 3310 and it worked!! god i was so amazed! but then i flashed it to my 5110 and the phone didn't power on... lol
cheerz g3gg0! u rock!

[SmOg]

What is the address to flash this "flash"

Thx!

[g3gg0]

0x00200000

have phun

[SmOg]

Its not working under 3210.
I will try on 7110. Maybe its works unter it.

Btw nice work...

[g3gg0]

Its not working under 3210. : (
I will try on 7110. Maybe its works unter it.

Btw nice work... : P

it currently works with 33x0 phones and similar
8210 seems also to work except LCD

[Crux]

it currently works with 33x0 phones and similar
8210 seems also to work except LCD

i finally tested it on a 3310

worked great

can you put this on a ringtone?

[sirpaul1]

Just tried it out, Wicked G3ggo this is a superb bit of programming

For those who don't know how to flash this

1 Use knok phoenix, just select write flash to phone
2 The offsets box should pop up with the right start address 0x200000
start offset 0
3 Just switch on and admire G3ggos work

[erben]

ı can't work it.
i was proramed knok2k3 and rolis flasher 4.79 after programming phone automatc turn on and not see lcd but ligthts are on and repeat music
please help me



sorry not enough to englis

[Crux]

that's what is supposed to do