Documentation for Slik patching - GSM-Forum

jash · 04-20-2005, 16:13

Hi guys,

I'm new here on this forum and I keep reading and reading stuff to see if I can find information. I´m prefectly happy to spend some time collecting al information about SLIKfw56.

For instance I am unable to find the AT+CGSN patch & documentation. It would be very helpfull since the SL45 is my only phone type where i do not have access to JTAG pins. (i do have an EGold Jtag debugging system with c166 and ARM support).
Also I would like to build a new IDA database since the one from mamaich (where I found a lot of wrong things too) does not work very well on my IDA version 4.8 (oh yes I bought a copy)

.

I have quite a lot of experiance in c166 programming and even more on GSM technology.

Currently I am looking for entrypoints, memory locations etc. I´m perfeclty happy to share my newly build IDA database (for instance I now a lot about the interrupts already) and I know how the c166 communicates with the SP and more.

I will create a PDF or so with all information collected, so others (and newbies can get started quicker) can have fun with it

An idea to post replies with the info? i will check them all and update my docs which I'll put somewhere on the web so you can get to it for the latest version.

I also would like to include ASM code for (some) patches with usefull comments. When searching and learning it is of no use when patches are there without the source code.

just shoot!

JASH

adancau · 04-20-2005, 16:21

For AT+CGSN try:
http://forum.gsmhosting.com/vbb/show...gsn#post371646
and
http://forum.gsmhosting.com/vbb/show...gsn#post374323
and especially the latest set of the mamaich patches:
http://mamaich.f*ckru.net/sl45i/flash_edit.vkp

copy and paste last address in the browser, and replace the * with the letter "u"

Nerissa · 04-21-2005, 05:41

what does this at+cgsn patch do?

jash · 04-21-2005, 07:38

Quote:

Originally Posted by Nerissa

what does this at+cgsn patch do?

please stay on topic here!

jash · 04-21-2005, 10:15

@adancau: Thanks, I´ve got it working

@rizapn: I read in some thread that you have different versions of the AT+CGSN patch the one pointed out by adancau is using pages, which is a bit confusing and additional work. is there any version working with seg: offs which can read, write, search and call, if not I´ll either make a new one or as i´m planning to do make a shell for at+cgsn debugging with calls to sfe so we have an IDE for all these tools.

JASH

KoncaFung · 04-21-2005, 17:00

@jash: I do want to have a chat with you and beg your advises.

@Everyone:
I do want to know the "Interface" between the ICs embeded in PMB6850.
From the .pdf file, I can see there are X-Bus or I2C in it.

The even thing I want to know is that: how the C166 core let the OS know it should do some shedules.

For example, how it detect the Pressing of the Keyboard? Using "Interrupt" or scanning the I/O port time by time?

If we got the interfaces, we can use the existing function (in binary format) well.

rizapn · 04-21-2005, 23:31

@jash:
My AT+CGSN patch, both (old and new version) use pag:pof for read, write, and search. The only one which is use seg:ofs is execute (call).

jash · 04-22-2005, 09:27

[QUOTE=KoncaFung
@Everyone:
I do want to know the "Interface" between the ICs embeded in PMB6850.
From the .pdf file, I can see there are X-Bus or I2C in it.
[/QUOTE]

@KoncaFung you are 6 hours in advance!

the PMB285X definitively uses XBUS to communicate with the sim, kepad etc. I do not think they changed it in the 68.

for 2850, All XBUS devices communicate using shared memory like this: (all in seg000)

0-0200 Int vec tab
200-D400 RAM (at least used for SIMTOOLKIT)
D400-D800 Monitor data
D800-E000 XADdRess3 (xbus shared mem)
e000-e800 Xaddress2(xbus shared dev 2)
e800-ef00 ?????
ef00-f000 Xaddress1

Indeed communication goes by interrupts, I have made a list but do remember I have No 6850 jtag connection jet!

JAsh

04-20-2005, 16:13	#1 (permalink)
jash Junior Member Join Date: Apr 2005 Age: 53 Posts: 23 Member: 134505 Status: Offline Thanks Meter: 0	Documentation for Slik patching Hi guys, I'm new here on this forum and I keep reading and reading stuff to see if I can find information. I´m prefectly happy to spend some time collecting al information about SLIKfw56. For instance I am unable to find the AT+CGSN patch & documentation. It would be very helpfull since the SL45 is my only phone type where i do not have access to JTAG pins. (i do have an EGold Jtag debugging system with c166 and ARM support). Also I would like to build a new IDA database since the one from mamaich (where I found a lot of wrong things too) does not work very well on my IDA version 4.8 (oh yes I bought a copy) . I have quite a lot of experiance in c166 programming and even more on GSM technology. Currently I am looking for entrypoints, memory locations etc. I´m perfeclty happy to share my newly build IDA database (for instance I now a lot about the interrupts already) and I know how the c166 communicates with the SP and more. I will create a PDF or so with all information collected, so others (and newbies can get started quicker) can have fun with it An idea to post replies with the info? i will check them all and update my docs which I'll put somewhere on the web so you can get to it for the latest version. I also would like to include ASM code for (some) patches with usefull comments. When searching and learning it is of no use when patches are there without the source code. just shoot! JASH

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
we looked for tecnical documentation for TSM1, TSM3, TSM5 of Vitel	MovilCom	Wanted Products	7	05-19-2005 14:02
Calendar program for SLIK	rc-flitzer	x4x, x5x Flashpatching	25	02-23-2005 16:51
Automatic power ON for SLIK	ficker	Siemens-Benq Flash Patching	0	11-23-2003 16:08
Any documentation for transfering Nokia Ringing tone using IrDA?? Like Logomanager?	id-mardi	GSM Programming & Reverse Engineering	0	01-04-2003 07:51
FW 56 for SLIK!!!! Tested	Invader	x1x to x45/x50	2	12-12-2002 19:46

04-20-2005, 16:21	#2 (permalink)
adancau Freak Poster Join Date: Jun 2004 Location: Romania Age: 43 Posts: 156 Member: 67838 Status: Offline Thanks Meter: 0	For AT+CGSN try: http://forum.gsmhosting.com/vbb/show...gsn#post371646 and http://forum.gsmhosting.com/vbb/show...gsn#post374323 and especially the latest set of the mamaich patches: http://mamaich.fckru.net/sl45i/flash_edit.vkp copy and paste last address in the browser, and replace the with the letter "u"

04-21-2005, 05:41	#3 (permalink)
Nerissa Junior Member Join Date: May 2004 Location: Philippines Age: 40 Posts: 18 Member: 65830 Status: Offline Thanks Meter: 0	what does this at+cgsn patch do?

04-21-2005, 10:15	#5 (permalink)
jash Junior Member Join Date: Apr 2005 Age: 53 Posts: 23 Member: 134505 Status: Offline Thanks Meter: 0	@adancau: Thanks, I´ve got it working @rizapn: I read in some thread that you have different versions of the AT+CGSN patch the one pointed out by adancau is using pages, which is a bit confusing and additional work. is there any version working with seg: offs which can read, write, search and call, if not I´ll either make a new one or as i´m planning to do make a shell for at+cgsn debugging with calls to sfe so we have an IDE for all these tools. JASH

04-21-2005, 17:00	#6 (permalink)
KoncaFung Junior Member Join Date: Mar 2004 Location: China Age: 43 Posts: 15 Member: 58580 Status: Offline Thanks Meter: 0	@jash: I do want to have a chat with you and beg your advises. @Everyone: I do want to know the "Interface" between the ICs embeded in PMB6850. From the .pdf file, I can see there are X-Bus or I2C in it. The even thing I want to know is that: how the C166 core let the OS know it should do some shedules. For example, how it detect the Pressing of the Keyboard? Using "Interrupt" or scanning the I/O port time by time? If we got the interfaces, we can use the existing function (in binary format) well.

04-21-2005, 23:31	#7 (permalink)
rizapn No Life Poster Join Date: Mar 2002 Location: -[r0]- Age: 53 Posts: 834 Member: 9891 Status: Offline Thanks Meter: 2	@jash: My AT+CGSN patch, both (old and new version) use pag:pof for read, write, and search. The only one which is use seg:ofs is execute (call).

04-22-2005, 09:27	#8 (permalink)
jash Junior Member Join Date: Apr 2005 Age: 53 Posts: 23 Member: 134505 Status: Offline Thanks Meter: 0	[QUOTE=KoncaFung @Everyone: I do want to know the "Interface" between the ICs embeded in PMB6850. From the .pdf file, I can see there are X-Bus or I2C in it. [/QUOTE] @KoncaFung you are 6 hours in advance! the PMB285X definitively uses XBUS to communicate with the sim, kepad etc. I do not think they changed it in the 68. for 2850, All XBUS devices communicate using shared memory like this: (all in seg000) 0-0200 Int vec tab 200-D400 RAM (at least used for SIMTOOLKIT) D400-D800 Monitor data D800-E000 XADdRess3 (xbus shared mem) e000-e800 Xaddress2(xbus shared dev 2) e800-ef00 ????? ef00-f000 Xaddress1 Indeed communication goes by interrupts, I have made a list but do remember I have No 6850 jtag connection jet! JAsh