Patching: Technical Discussion ...

[sc0ty]

Thanks, it works!
calls c7876eh
r4 - random value

[rizapn]

SL45v56: About Incoming SMS Buffer:

From CDR.asm (Call Detail Record) source:

mov r8, #200h+'R' <- R(eceived)
- put "received sms" flag in the register R8

mov r12, #315h
- set R12 with value hexa 315

mov r5, #32h
- and R5 with 32h

R5:R12 is prepared to store the pointer to incoming SMS sender number (32h:0315h).

extp r5, #1
- work in page values stored in register R5 (32h)

movb rl4, 2F0h
- get the byte value of RAM 32h:02F0h and store it in the RL4. 32h:02f0 for incoming SMS is storing the SMS type, including normal or delivery status SMS. I don't know about another values meaning ...

andb rl4, #40h
jmpr cc_Z, sdr_001
- make some test. if (RL4 and 40h==0) goto sdr_001

mov r8, #200h+'D'
add r12, #1
- if the result of test is not zero (RL4 and 40h != 0), then set the flag with 'D' (Delivery status SMS), and change the incoming SMS sender number pointer to 32h:0316h ...

Hope it is clear and usefull,
rizapn

[trustkill]

Anyone called D631D2 ?

[sc0ty]

Hi masters!
Could you write me entrypoint to profile "without alarm"?

<EDIT>

And another two questions:
In mainscreen after I push long red button it called to procedure shutting down. From whot adress it calls?
And whot is the entrypoint to shut down phone?

[Seklth]

Quote:

Originally Posted by sc0ty

And another two questions:
In mainscreen after I push long red button it called to procedure shutting down. From whot adress it calls?
And whot is the entrypoint to shut down phone?

See xref to
E5:252C DrawShutdownAnimation

or see shutdown with confirm patch

[Seklth]

if run emulator sl45 with parametr (mmiu35.exe /p) can see debug window ( http://patchslik.nm.ru/ClipBoard-1.gif )
Can i hook info from this window?

[sc0ty]

Thenks Seklth, but i can't find this patch. And somebody know the entrypoint to profile "without alarm"?

[abomin]

@Riza
Soft button codes of most menu is defined on BAFB18. But where is codes of arrow keys (in main menu for ex.)?

[charlielao]

@Master Riza:
Thank you for taking some time to answer my questions. I'll analyze your answers before posting any questions i may come into.
here it is

Quote:

R5:R12 is prepared to store the pointer to incoming SMS sender number (32h:0315h)

1. Did you "make" this to get the SMS sender number? or is it always stored at 32h:0315h? Sorry if my questions seem stupid Master.
BTW Thank you for your KVSIM patch.
2. RAM 000C:326C is for addressbook entries? low byte of this RAM is for POSTCODE? what does the high byte point to?

[jash]

Hi all,

I got hold of a lot different Siemens phones, and since I´m a experianced assembler programmer, I thought lets give it a go.

So, yes im new here, and I might have posted this message in the wrong thread, DONT SHOOT ME, PLEASE

I got all the tools Like V_Klay ffmod etc etc. and bought a copy of IDA (4.8). The only thing I cant seem to find is MMIU35.EXE, it seems interesting enought to have a look at....Can anyone point out a location?

Next, I have a JTAG debugging system here with C166 support, the C35 has test points connected to the JTAG interface of the infineon chip, Although I have the scematics, I do not have the location of the testpoints, Anyone? if I cant get to the testpoint locations, I will take the infineon chip of the phone and use my multimeter to find them, seems mutch better solution since I have the gear.

On the SL45 (yes I have the scematics and board layout) the JTAG interface of the infineon chip are NOT connected, I will take the chip off, end connect all 200 points with wires end connect the JTAG pins from the chip to my debugging system. Any one did this?

I did find a way to flash SL42 to SL45 somewhere in the past, since I have only one SL45 and quite a lot of 42´s I would like the 42´s to become 45´s for debugging purposes can anyone point me to a howto, I do not seem to be able to find the information anymore

Any other remarks or questions based on the above are very welcome...

Jash

[rc-flitzer]

Quote:

Originally Posted by jash

I got all the tools Like V_Klay ffmod etc etc. and bought a copy of IDA (4.8). The only thing I cant seem to find is MMIU35.EXE, it seems interesting enought to have a look at....Can anyone point out a location?

It's part of Siemens' Java developement kit (SMTK). More exact it's part of SL45i-Emulator for Java testing purpose. It's downloadable on Siemens developer page after registration. I think you'll need both packages (SMTK and SL45i emulator), all in all maybe 12 MB.

Quote:

I did find a way to flash SL42 to SL45 somewhere in the past, since I have only one SL45 and quite a lot of 42´s I would like the 42´s to become 45´s for debugging purposes can anyone point me to a howto, I do not seem to be able to find the information anymore

Search for "sl42@45" or update sl45. The way I'd choose is to make a software update with SL45 v56. After that you also need to activate Java.

[abomin]

Quote:

Originally Posted by jash

The only thing I cant seem to find is MMIU35.EXE....Can anyone point out a location?

U can take it from: ttp://mamaich.kasone.com/sl45i/mmiu35exe.rar

Quote:

...I have a JTAG...

Wow!

Quote:

...I have the scematics...

Can u send it for me?(or give link) I can send to you a part of manual (pdf) with processor and memory schematics and board with testpoints.

[jash]

Quote:

Originally Posted by abomin

Wow!

Those Siemens bastards did not lead the JTAG pins away from the chip on the SL4X, as I found out when I took one apart last week, by doing so I killed one phone since I used a heat gun to remove the chips, I have a few of them so who cares

I Have to find a way to thake the PMB6850 of the PCB and reconnect it with small wires or so to get the JTAG connections out leaving the rest of the phone intact. by doing so I can really look into the firmware. all information will be shared on this forum.... It might offer some help to you guys

What is the stoy with the AT+CGSN debugging, although I did find the patch I do not find any description on how to use it, untill I have my JTAG system up and running I need this to start, anyone?

One stupid thing thoud, one of my SL42 is upgraded to a SL45 now, one other keeps saying "Wrong software" any one with help on this ?

[adancau]

Quote:

Originally Posted by jash

One stupid thing thoud, one of my SL42 is upgraded to a SL45 now, one other keeps saying "Wrong software" any one with help on this ?

Write back your original eprom

[jash]

Quote:

Originally Posted by adancau

Write back your original eprom

Sure, I allready did so, and it is a working 42 again. Maybe I should clarify this a bit more. I have two identical SL45, same firmware (checked with v_klay), main PCB etc. One did go to 45 without any problems, the other one did say "Wrong Software" after applying exactly the same procedure. so something differs between the the two.

(but lets go no futher on this in this thread since it is off topic, I´m new here and do not want to be kicked out )

rgds

Jash