Skip to content
This repository
Browse code

Added baseband NVRAM parsing.

  • Loading branch information...
commit 1f662ee5d82b0b5541a9b6d0528878064959f625 1 parent 8f8b5c1
planetbeing authored April 06, 2010
11  WISHLIST
@@ -87,13 +87,10 @@ some sort of software compression?
87 87
 
88 88
 5. Reverse AppleH1CameraInterface to figure out how to get data from the camera.
89 89
 
90  
-6. Figure out how to read the baseband's EEPROM/NVRAM. Presumably you can do
91  
-it with at commands. iBoot does it so that's probably the easiest thing to
92  
-reverse.
93  
-
94  
-7. Find out what all the various at+xdrv commands do, or at least which
  90
+6. Find out what all the various at+xdrv commands do, or at least which
95 91
 systems they are related to. CommCenter probably will have some idea.
96  
-at+xdrv=0,* is speakers/sound, at+xdrv=4,* is the vibrator. What about 7, 5, 9
97  
-or 10? Which are also prominently featured in baseband init.
  92
+at+xdrv=0,* is speakers/sound, at+xdrv=4,* is the vibrator. 7 seems to be
  93
+triggered whenever you turn Bluetooth on, 9 seems to be bb nvram related.
  94
+What about 5 or 10? Which are also prominently featured in baseband init.
98 95
 
99 96
 Thanks for reading all this. I'm impressed.
150  openiboot/radio.c
@@ -7,7 +7,12 @@
7 7
 #include "uart.h"
8 8
 
9 9
 // For the +XDRV stuff, it's usually device,function,arg1,arg2,arg3,...
10  
-// device 4 seems to be the vibrator, device 0 seems to be the speakers
  10
+// device 4 seems to be the vibrator, device 0 seems to be the speakers,
  11
+// 7 seems to have to do with bluetooth, and 9 is bb nvram
  12
+
  13
+static int radio_nvram_read_all(char** res);
  14
+static char* radio_nvram;
  15
+static int radio_nvram_len;
11 16
 
12 17
 int radio_setup()
13 18
 {
@@ -57,6 +62,58 @@ int radio_setup()
57 62
 
58 63
 	bufferPrintf("radio: ready.\r\n");
59 64
 
  65
+	bufferPrintf("radio: reading baseband nvram... ");
  66
+
  67
+	radio_nvram_len = radio_nvram_read_all(&radio_nvram);
  68
+
  69
+	bufferPrintf("done\r\n");
  70
+
  71
+	char* cursor = radio_nvram;
  72
+	while(cursor < (radio_nvram + radio_nvram_len))
  73
+	{
  74
+		int type = (cursor[0] << 8) | cursor[1];
  75
+		int size = ((cursor[2] << 8) | cursor[3]) * 2;
  76
+		if(size == 0)
  77
+			break;
  78
+
  79
+		uint8_t* data = (uint8_t*)(cursor + 4);
  80
+
  81
+		switch(type)
  82
+		{
  83
+			case 1:
  84
+				bufferPrintf("Wi-Fi TX Cal Data : <%d bytes, CRC = %08X>\r\n", size - 4, crc32(0, data, size - 4));
  85
+				break;
  86
+
  87
+			case 4:
  88
+				bufferPrintf("Build name        : %s\r\n", (char*)data);
  89
+				break;
  90
+
  91
+			case 2:
  92
+			case 3:
  93
+			case 5:
  94
+				if(type == 2)
  95
+					bufferPrintf("Wi-Fi MAC         : ");
  96
+
  97
+				if(type == 3)
  98
+					bufferPrintf("Bluetooth MAC     : ");
  99
+
  100
+				if(type == 5)
  101
+					bufferPrintf("Ethernet MAC      : ");
  102
+
  103
+				bufferPrintf("%02X:%02X:%02X:%02X:%02X:%02X\r\n", data[0], data[1], data[2], data[3], data[4], data[5]);
  104
+				break;
  105
+
  106
+			case 7:
  107
+				bufferPrintf("Unknown data      : %08X\r\n", *((uint32_t*)(data)));
  108
+				break;
  109
+
  110
+			default:
  111
+				bufferPrintf("Unknown entry %d  : <%d bytes>\r\n", type, size - 4);
  112
+		}
  113
+
  114
+		cursor += size;
  115
+	}
  116
+
60 117
 	speaker_setup();
61 118
 
62 119
 	return 0;
@@ -154,7 +211,7 @@ int radio_cmd(const char* cmd, int tries)
154 211
 	int i;
155 212
 	for(i = 0; i < tries; ++i)
156 213
 	{
157  
-		char buf[100];
  214
+		char buf[200];
158 215
 		int n;
159 216
 
160 217
 		radio_write(cmd);
@@ -176,6 +233,95 @@ int radio_cmd(const char* cmd, int tries)
176 233
 		return TRUE;
177 234
 }
178 235
 
  236
+static int radio_nvram_read_idx(int idx, char** res)
  237
+{
  238
+	char cmd[20];
  239
+	char* curBuf;
  240
+	char* resultStart;
  241
+	int curBufSize;
  242
+	int curPos;
  243
+	int c;
  244
+	int searchLen;
  245
+
  246
+	sprintf(cmd, "at+xdrv=9,1,%d\r\n", idx);
  247
+
  248
+	radio_write(cmd);
  249
+
  250
+	curPos = 0;
  251
+	curBufSize = 100;
  252
+
  253
+	curBuf = malloc(curBufSize);
  254
+
  255
+	curPos = radio_read(curBuf, curBufSize);
  256
+	while(curPos == (curBufSize - 1))
  257
+	{
  258
+		curBufSize += 100;
  259
+		curBuf = realloc(curBuf, curBufSize);
  260
+		c = radio_read(curBuf + curPos, curBufSize - curPos);
  261
+		curPos += c;
  262
+	}
  263
+
  264
+	sprintf(cmd, "+XDRV: 9,1,0,%d,", idx);
  265
+	searchLen = strlen(cmd);
  266
+
  267
+	resultStart = curBuf;
  268
+
  269
+	while((resultStart - curBuf) <= (curPos - searchLen) && memcmp(resultStart, cmd, searchLen) != 0)
  270
+		++resultStart;
  271
+
  272
+	if(memcmp(resultStart, cmd, searchLen) != 0)
  273
+	{
  274
+		free(curBuf);
  275
+		return 0;
  276
+	}
  277
+
  278
+	resultStart += searchLen;
  279
+
  280
+	if(memcmp(resultStart, "NULL", sizeof("NULL")) == 0)
  281
+	{
  282
+		free(curBuf);
  283
+		return 0;
  284
+	}
  285
+
  286
+	c = 0;
  287
+	while(*resultStart != '\r' && *resultStart != '\n' && *resultStart != '\0')
  288
+	{
  289
+		cmd[0] = resultStart[0];
  290
+		cmd[1] = resultStart[1];
  291
+		cmd[2] = '\0';
  292
+		curBuf[c++] = strtoul(cmd, NULL, 16);
  293
+		resultStart += 2;
  294
+	}
  295
+
  296
+	*res = curBuf;
  297
+
  298
+	return c;
  299
+}
  300
+
  301
+static int radio_nvram_read_all(char** res)
  302
+{
  303
+	int ret;
  304
+	int idx;
  305
+	int len;
  306
+
  307
+	*res = NULL;
  308
+	len = 0;
  309
+	idx = 0;
  310
+	while(TRUE)
  311
+	{
  312
+		char* line;
  313
+		ret = radio_nvram_read_idx(idx, &line);
  314
+		if(ret == 0)
  315
+			return len;
  316
+
  317
+		*res = realloc(*res, len + ret);
  318
+		memcpy(*res + len, line, ret);
  319
+		free(line);
  320
+		len += ret;
  321
+		++idx;
  322
+	}
  323
+}
  324
+
179 325
 int speaker_setup()
180 326
 {
181 327
 	bufferPrintf("radio: enabling internal speaker\r\n");

0 notes on commit 1f662ee

Please sign in to comment.
Something went wrong with that request. Please try again.