-
Notifications
You must be signed in to change notification settings - Fork 12
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Missing commands #16
Comments
From digging at the 3.17 firmware a lot of those don't exist in the handler, and some of them do but only have functionality gated to Triforce/Chihiro. Did you reverse a different firmware to get them? Maybe 4.01? Essentially, can you describe your fact-finding for posterity, it helps me to understand the net dimm more and give insight into other vectors of understanding. |
Ah, I see you claim 13.05, Not familiar with that revision, it must be a Chihiro firmware that includes a netdimm version? What version does the netdimm in it report when you ask it for info using |
My method was quite crude, I simply edited your script to issue the commands 0x00~0xFF and watched the serial output of the net board. The media board firmware is the hacked firmware (4.00?), and the net board firmware is 13.05 (although it has a set of jumpers to use a backup 11.0X version). Ftr, I was just able to recover my mediaboard. Chihiro's flash has 2 segaboots, one being a backup 0.85, in this state it will only boot the firmware update tool. |
Oh by the way. I have a thread on AP with some random info about Chihiro Type-3, perhaps you'd be interested. Has serial logs from the netboard in the first post. https://www.arcade-projects.com/threads/random-chihiro-type-3-info-thread.13466/ |
Ah yeah, I was using the debug serial to try to RE the internet IOCTLs to try to add network support to Naomi homebrew games. |
Perhaps you'd be interested in my 2nd post, I'm fairly certain there's a dev net firmware for Type-1's in the firmware update util for Chihiro. See: |
Possibly it would help. I'm like 200% sure that my mis-handling of the control response is the root of all of my IOCTL troubles. I'm pretty sure the structure pointed at by that is where the netdimm reads params for IOCTLs and writes responses. The style of code they used for the Naomi BIOS as well as the netdimm, however, uses a lot of code pointers and as a result Ghidra struggles. Also, MAME does HLE of the netdimm board so watching traffic between the two isn't really possible. Maybe I'll figure it out someday. |
So coming back to this... I personally find it easier to work with C++ so I rewrote this and extended to my needs. https://gist.github.com/GXTX/1ece7ba9449cfa7094682c1035f52da6 There's actually a hidden command at 0x22, and from my testing I think I finally understand it... It seems like it's a 0x04 but causes the Mediaboard to erase the entire contents of the RAM before writing it's contents. I confirmed this by:
The original download request will have what ever contents were stored in RAM (aka random garbage on a bootup), the second will only contain 0xAA55AA55 and then 00's for the remaining 0x7C bytes. |
Bit more poking around with the commands. A fair few are just NOP, at least on Chihiro. Updated list. https://gist.github.com/GXTX/1ece7ba9449cfa7094682c1035f52da6#file-a-cpp-L43 Also documented the DIMM_MODE stuff for Chihiro. It appears that it only spawns some type of "Coin" thread. |
Documented and tested out both WRITE_TO_FLASH & 2NDBOOT_UPDATE. https://gist.github.com/GXTX/1ece7ba9449cfa7094682c1035f52da6/revisions Still unsure of 0x22, appears to have a max offset of 0x100000? Did you play around with this at all @DragonMinded ? |
No I didn't. My focus was mostly on reverse engineering the state management and control stuff so that I could have kiosk mode working flawlessly, port a gdb stub to my libnaomi library for on-target debugging and also allow PC->homebrew and homebrew->PC communication for the on screen menu. |
For science I killed one of my Type-3 Chihiro media boards. These were issued with Ver13.05.bin firmware.
The text was updated successfully, but these errors were encountered: