https://freemyipod.org/api.php?action=feedcontributions&user=Benedikt93&feedformat=atom
freemyipod.org - User contributions [en]
2024-03-29T11:44:49Z
User contributions
MediaWiki 1.31.0
https://freemyipod.org/index.php?title=GUID_table&diff=4190
GUID table
2012-07-11T19:12:04Z
<p>Benedikt93: </p>
<hr />
<div>= Nano 3G EFI =<br />
{| class="wikitable prettytable sortable" <br />
|+ List of EFI protocol GUIDs found in the Nano 3G EFI<br />
|-<br />
! GUID !! Description<br />
|-<br />
| <0x3D4AA229, 0xB4E3, 0x4FD9, 0xEA90C99E, 0x3E832381><br />
| GUID at DxeD1671 +0x103C, registered at DxeD1671 +0x6F6, interface (at DxeD1671 +0xFAC):<br />
* +0 pmu_read(void *this, char reg, unsigned int size, void *data);<br />
* +4 pmu_write(void *this, char reg, unsigned int size, void *data);<br />
|-<br />
| <0x869D50FA, 0x2C74, 0x44D3, 0xEEEE0582, 0x76994CBF><br />
| GUID at Cpu +0x8E0, registered at Cpu +0x37C, interface (at Cpu +0x894):<br />
* +0 int disable_MMU_and_Caches(void* this);<br />
* +4 int enable_MMU_and_Caches(void* this);<br />
|-<br />
| <0x26BACCB1, 0x6F42, 0x11D4, 0x8000E7BC, 0x81883CC7><br />
| GUID at Cpu +0x8C4, registered at Cpu +0x37C, interface (at Cpu +0x89C):<br />
[http://feishare.com/edk2doxygen/d2/df2/struct___e_f_i___c_p_u___a_r_c_h___p_r_o_t_o_c_o_l.html EFI_CPU_ARCH_PROTOCOL]<br />
|-<br />
| <0xE49D33ED, 0x513D, 0x4634, 0x556F98B6, 0x1B1C75AA><br />
| GUID at DxeSmbus +0x6D8, registered at DxeSmbus +0x404, interface (at DxeSmbus +0x6BC):<br />
[http://feishare.com/edk2doxygen/db/d6c/struct___e_f_i___s_m_b_u_s___h_c___p_r_o_t_o_c_o_l.html EFI_SMBUS_HC_PROTOCOL]<br />
|-<br />
| <0x26BACCB2, 0x6F42, 0x11D4, 0x8000E7BC, 0x81883CC7><br />
| GUID at S5L8900Metronome +0x4FC, registered at S5L8900Metronome +0x246, interface (at S5L8900Metronome +0x4F4):<br />
[http://www.cse.msu.edu/~austinro/dox/html/struct___e_f_i___m_e_t_r_o_n_o_m_e___a_r_c_h___p_r_o_t_o_c_o_l.html _EFI_METRONOME_ARCH_PROTOCOL], TickPeriod = 10<br />
|-<br />
| <0xD15BFD46, 0x954C, 0x478D, 0xA5, 0x4C, 0x36, 0xD4, 0xD8, 0xCD, 0xB0, 0xD0><br />
| GUID at Nand +0xA5F4, registered at Nand +0x3F6, interface is emtpy:<br />
used by BDS to detect NAND (as it doesn't access it's BlockIO interface directly)<br />
|-<br />
| <0x964e5b21, 0x6459, 0x11d2, {0x8e, 0x39, 0x0, 0xa0, 0xc9, 0x69, 0x72, 0x3b}><br />
| GUID at Nand +0xA5D4, registered at Nand +0x3F6, interface (at Nand +0x84E8):<br />
[http://feishare.com/edk2doxygen/d8/dcb/struct___e_f_i___b_l_o_c_k___i_o___p_r_o_t_o_c_o_l.html _EFI_BLOCK_IO_PROTOCOL]<br />
|-<br />
| <0x9576e91, 0x6d3f, 0x11d2, {0x8e, 0x39, 0x0, 0xa0, 0xc9, 0x69, 0x72, 0x3b}><br />
| GUID at Nand +0xA5E4, registered at Nand +0x3F6, interface (at Nand +0x8508):<br />
[http://feishare.com/edk2doxygen/d6/d11/struct_e_f_i___d_e_v_i_c_e___p_a_t_h___p_r_o_t_o_c_o_l.html EFI_DEVICE_PATH_PROTOCOL]<br />
as [http://feishare.com/edk2doxygen/dc/d04/struct_v_e_n_d_o_r___d_e_v_i_c_e___p_a_t_h.html VENDOR_DEVICE_PATH]<br />
GUID: <0xEEE84FD3, 0xD696, 0x4DCF, 0x94, 0x15, 0xF8, 0x21, 0xA4, 0, 0x72, 0x6E><br />
|-<br />
|}<br />
<br />
<br />
= Nano 4G EFI =<br />
{| class="wikitable prettytable sortable"<br />
|+ This is a list of all GUIDs found in various Apple code that we've analyzed so far<br />
|-<br />
! GUID !! Source !! Description<br />
|-<br />
| <0x3FD4147F, 0xAF65, 0x49B0, 0x78CE098, 0x8BC1132B> || Nano4G EFI || DisplayPlatform:40030540<br />
|-<br />
| <0x4EEECD0C, 0xAE61, 0x4977, 0xBE3AA2AA, 0x12004FC2> || Nano4G EFI || Timer:40020488<br />
|-<br />
| <0x144D4ACA, 0x93EF, 0x47E4, 0xCAB686A4, 0x81D57EF9> || Nano4G EFI || Lcd:40090620<br />
|-<br />
| <0x487E8E93, 0xEF97, 0x4E77, 0x3E1628A4, 0x625F7170> || Nano4G EFI || DisplayPlatform:40030540<br />
|-<br />
| <0xC4FE7984, 0xC067, 0x4179, 0x857A288, 0x6516C7B4> || Nano4G EFI || NandReadOnly:400C6324,NandReadWrite:4063B84C<br />
|-<br />
| <0xD5406504, 0x2822, 0x4AF7, 0xEA7127AB, 0x4D1E0EE9> || Nano4G EFI || NandReadOnly:400C6334,NandReadWrite:4063B85C<br />
|-<br />
| <0x5B7F52C8, 0xF548, 0x4964, 0xE49205B3, 0xAA5BA56> || Nano4G EFI || DxeD1759:40081224<br />
|-<br />
| <0xE22D7299, 0x8923, 0x4FB6, 0xF79EF081, 0xC5011DF8> || Nano4G EFI || DxeD1759:4008122C<br />
|-<br />
| <0xE9A6AA07, 0x6C26, 0x4643, 0x571BF8A3, 0xDB3C544C> || Nano4G EFI || DxeD1759:40081250<br />
|-<br />
| <0x98AA9B39, 0x1794, 0x448F, 0x789B378B, 0x4B0B499C> || Nano4G EFI || DxeD1759:40081244<br />
|-<br />
| <0x28B7E144, 0xD74D, 0x46B1, 0xF5689495, 0xC9777C25> || Nano4G EFI || DxeD1759:40081210<br />
|-<br />
| <0xEB86F814, 0x80F7, 0x4EEC, 0x606824AA, 0x55A94602> || Nano4G EFI || DxeD1759:40081204<br />
|-<br />
| <0xDBFDB08, 0xB500, 0x4996, 0x1E4F959A, 0x934D2> || Nano4G EFI || DxeD1759:40081214<br />
|-<br />
| <0x3D4AA229, 0xB4E3, 0x4FD9, 0xEA90C99E, 0x3E832381> || Nano4G EFI || DxeD1759:40081234<br />
|-<br />
| <0xBD9A3AB2, 0x3A5C, 0x4CED, 0x2C4060B6, 0x21980D72> || Nano4G EFI || DxeD1759:40081200<br />
|-<br />
| <0x5CF6E3E, 0x458D, 0x4401, 0xC3D689B, 0xFD08109> || Nano4G EFI || DxeD1759:40081208<br />
|-<br />
| <0xECCA55D7, 0xEC52, 0x4F13, 0xBC32CBB7, 0x42CEDF0A> || Nano4G EFI || DxeD1759:4008120C<br />
|-<br />
| <0x26BACCB1, 0x6F42, 0x11D4, 0x8000E7BC, 0x81883CC7> ([http://feishare.com/edk2doxygen/d2/df2/struct___e_f_i___c_p_u___a_r_c_h___p_r_o_t_o_c_o_l.html EFI_CPU_ARCH_PROTOCOL_GUID]) || Nano4G EFI || Cpu:400A06EC (Nano4G)<br />
|-<br />
| <0x869D50FA, 0x2C74, 0x44D3, 0xEEEE0582, 0x76994CBF> || Nano4G EFI || Cpu:400A06F4<br />
|-<br />
| <0x3A6E3065, 0xCB91, 0x4DB1, 0xEED0E19A, 0x4300999B> || Nano4G EFI || ClockAndReset:4011191C<br />
|-<br />
| <0x1D602E87, 0xC708, 0x4ED3, 0xB0DB4D96, 0x1D2B46B1> || Nano4G EFI || MemoryAllocator:40190310<br />
|-<br />
| <0xE49D33ED, 0x513D, 0x4634, 0x556F98B6, 0x1B1C75AA> ([http://feishare.com/edk2doxygen/db/d6c/struct___e_f_i___s_m_b_u_s___h_c___p_r_o_t_o_c_o_l.html EFI_SMBUS_HC_PROTOCOL]) || Nano4G EFI || Pointers to malloc'ed tables containing DxeSmbus:40130498, DxeSmbus:401303F4, DxeSmbus:4013055C, DxeSmbus:40130564 (registered twice)<br />
|-<br />
| <0x487E8E93, 0xEF97, 0x4E77, 0x3E1628A4, 0x625F7170> || Nano4G EFI || Pointers to malloc'ed tables containing DxeSmbus:401303CC, 3C600000 (bus 0) / DxeSmbus:401303E0, 3C900000 (bus 1)<br />
|-<br />
| <0x17A0A3D7, 0xC0A5, 0x4635, 0x2107D5BB, 0xEEE2DF87> || Nano4G EFI || Gpio:4027031C<br />
|-<br />
| <0xE124AC3F, 0x3898, 0x44AA, 0x17E9958A, 0xB244869F> || Nano4G EFI || Usb:401D02B0<br />
|-<br />
| <0xC39B4F3A, 0xF24D, 0x4F8D, 0x82564584, 0x1FC1107F> || Nano4G EFI || Nand:40150C1C<br />
|-<br />
| <0x8708298A, 0xEEB2, 0x475F, 0xBF9EC296, 0x45163472> || Nano4G EFI || Nand:40150C78<br />
|-<br />
| <0xC71EFCAD, 0x7B2E, 0x46D3, 0x4B4420A0, 0xAFEC727F> || Nano4G EFI || Nand:40150C28<br />
|-<br />
| <0xA584D32F, 0x9837, 0x420B, 0x9D312694, 0xFBDBE98C> || Nano4G EFI || Nand:40150C30<br />
|-<br />
| <0x964E5B21, 0x6459, 0x11D2, 0xA000398E, 0x3B7269C9> || Nano4G EFI || Nand:40150C58<br />
|-<br />
| <0x9576E91, 0x6D3F, 0x11D2, 0xA000398E, 0x3B7269C9> || Nano4G EFI || Nand:40150C9C<br />
|-<br />
| <0xD15BFD46, 0x954C, 0x478D, 0xD4364CA5, 0xD0B0CDD8> || Nano4G EFI || NULL<br />
|-<br />
| <0xE8A9E232, 0x1708, 0x476D, 0xB10CDB9A, 0x20D9902E> || Nano4G EFI || DxeD1759Diagnostic:40310684<br />
|-<br />
| <0x618BA6A2, 0x690E, 0x4E7A, 0x1AB2E98E, 0xF865A959> || Nano4G EFI || DxeD1759Diagnostic:403106A4<br />
|-<br />
| <0x3622282D, 0xC57F, 0x4A7A, 0xD137CAAD, 0x2233AF3C> || Nano4G EFI || Swif:405F02E0<br />
|-<br />
|}</div>
Benedikt93
https://freemyipod.org/index.php?title=S5L8702_clock_gates&diff=4166
S5L8702 clock gates
2012-01-03T23:07:36Z
<p>Benedikt93: </p>
<hr />
<div>{| class="wikitable"<br />
! Gate !! Function<br />
|-<br />
| 0<br />
| SHA1 accelerator<br />
<br />
|-<br />
| 1<br />
| LCD controller?<br />
<br />
|-<br />
| 2<br />
| USB-related<br />
<br />
|-<br />
| 3<br />
| Unknown, masking crashes immediately<br />
<br />
|-<br />
| 4<br />
| Unknown, masking crashes after some milliseconds<br />
<br />
|-<br />
| 5<br />
| ATA controller<br />
<br />
|-<br />
| 6<br />
| Unknown (masked by default)<br />
<br />
|-<br />
| 7<br />
| I2S controller<br />
|-<br />
| 8<br />
| Nand controller (running by default)<br />
<br />
|-<br />
| 9<br />
| Unknown (masked by default)<br />
|-<br />
| 10<br />
| AES coprocessor<br />
<br />
|-<br />
| 11<br />
| Unknown (masked by default)<br />
|-<br />
| 12<br />
| Unknown (running by default)<br />
|-<br />
| 13<br />
| Unknown (running by default)<br />
|-<br />
| 14<br />
| Unknown (masked by default)<br />
|-<br />
| 15<br />
| Unknown (masked by default)<br />
|-<br />
| 16<br />
| Unknown (masked by default)<br />
|-<br />
| 17<br />
| Unknown (masked by default)<br />
|-<br />
| 18<br />
| Unknown (masked by default)<br />
|-<br />
| 19<br />
| Unknown (running by default)<br />
|-<br />
| 20<br />
| Unknown (running by default)<br />
|-<br />
| 21<br />
| Unknown (running by default)<br />
|-<br />
| 22<br />
| Unknown (running by default)<br />
|-<br />
| 23<br />
| Unknown (running by default)<br />
|-<br />
| 24<br />
| Unknown (running by default)<br />
|-<br />
| 25<br />
| DMA controller 0<br />
|-<br />
| 26<br />
| Unknown (running by default)<br />
|-<br />
| 27<br />
| Unknown (running by default)<br />
|-<br />
| 28<br />
| Unknown (running by default)<br />
|-<br />
| 29<br />
| Unknown (masked by default)<br />
|-<br />
| 30<br />
| Unknown (running by default)<br />
|-<br />
| 31<br />
| Unknown (running by default)<br />
|-<br />
| 32<br />
| Unknown (masked by default)<br />
|-<br />
| 33<br />
| Clickwheel controller?<br />
<br />
|-<br />
| 34<br />
| SPI0 (NOR flash)<br />
<br />
|-<br />
| 35<br />
| USB-related<br />
<br />
|-<br />
| 36<br />
| I2C controller 0<br />
<br />
|-<br />
| 37<br />
| Unknown, masking crashes after some milliseconds<br />
|-<br />
| 38<br />
| Unknown (masked by default)<br />
|-<br />
| 39<br />
| Unknown (masked by default)<br />
|-<br />
| 40<br />
| Unknown (masked by default)<br />
|-<br />
| 41<br />
| Unknown (masked by default)<br />
|-<br />
| 42<br />
| Unknown (masked by default)<br />
|-<br />
| 43<br />
| SPI1? (unconnected)<br />
|-<br />
| 44<br />
| GPIO controller<br />
|-<br />
| 45<br />
| Unknown (masked by default)<br />
|-<br />
| 46<br />
| ChipId (masked by default)<br />
|-<br />
| 47<br />
| SPI2? (unconnected)<br />
|-<br />
| 48<br />
| Unknown (masked by default)<br />
|-<br />
| 49<br />
| Unknown (masked by default)<br />
|}</div>
Benedikt93
https://freemyipod.org/index.php?title=GUID_table&diff=3956
GUID table
2011-07-14T17:20:36Z
<p>Benedikt93: </p>
<hr />
<div>= Nano 3G EFI =<br />
{| class="wikitable prettytable sortable" <br />
|+ List of EFI protocol GUIDs found in the Nano 3G EFI<br />
|-<br />
! GUID !! Description<br />
|-<br />
| <0x3D4AA229, 0xB4E3, 0x4FD9, 0xEA90C99E, 0x3E832381><br />
| GUID at DxeD1671 +0x103C, registered at DxeD1671 +0x6F6, interface (at DxeD1671 +0xFAC):<br />
* +0 pmu_read(void *this, char reg, unsigned int size, void *data);<br />
* +4 pmu_write(void *this, char reg, unsigned int size, void *data);<br />
|-<br />
| <0x869D50FA, 0x2C74, 0x44D3, 0xEEEE0582, 0x76994CBF><br />
| GUID at Cpu +0x8E0, registered at Cpu +0x37C, interface (at Cpu +0x894):<br />
* +0 int disable_MMU_and_Caches(void* this);<br />
* +4 int enable_MMU_and_Caches(void* this);<br />
|-<br />
| <0x26BACCB1, 0x6F42, 0x11D4, 0x8000E7BC, 0x81883CC7><br />
| GUID at Cpu +0x8C4, registered at Cpu +0x37C, interface (at Cpu +0x89C):<br />
[http://feishare.com/edk2doxygen/d2/df2/struct___e_f_i___c_p_u___a_r_c_h___p_r_o_t_o_c_o_l.html EFI_CPU_ARCH_PROTOCOL]<br />
|-<br />
| <0xE49D33ED, 0x513D, 0x4634, 0x556F98B6, 0x1B1C75AA><br />
| GUID at DxeSmbus +0x6D8, registered at DxeSmbus +0x404, interface (at DxeSmbus +0x6BC):<br />
[http://feishare.com/edk2doxygen/db/d6c/struct___e_f_i___s_m_b_u_s___h_c___p_r_o_t_o_c_o_l.html EFI_SMBUS_HC_PROTOCOL]<br />
|-<br />
| <0x26BACCB2, 0x6F42, 0x11D4, 0x8000E7BC, 0x81883CC7><br />
| GUID at S5L8900Metronome +0x4FC, registered at S5L8900Metronome +0x246, interface (at S5L8900Metronome +0x4F4):<br />
[http://www.cse.msu.edu/~austinro/dox/html/struct___e_f_i___m_e_t_r_o_n_o_m_e___a_r_c_h___p_r_o_t_o_c_o_l.html _EFI_METRONOME_ARCH_PROTOCOL], TickPeriod = 10<br />
|-<br />
|}<br />
<br />
<br />
= Nano 4G EFI =<br />
{| class="wikitable prettytable sortable"<br />
|+ This is a list of all GUIDs found in various Apple code that we've analyzed so far<br />
|-<br />
! GUID !! Source !! Description<br />
|-<br />
| <0x3FD4147F, 0xAF65, 0x49B0, 0x78CE098, 0x8BC1132B> || Nano4G EFI || DisplayPlatform:40030540<br />
|-<br />
| <0x4EEECD0C, 0xAE61, 0x4977, 0xBE3AA2AA, 0x12004FC2> || Nano4G EFI || Timer:40020488<br />
|-<br />
| <0x144D4ACA, 0x93EF, 0x47E4, 0xCAB686A4, 0x81D57EF9> || Nano4G EFI || Lcd:40090620<br />
|-<br />
| <0x487E8E93, 0xEF97, 0x4E77, 0x3E1628A4, 0x625F7170> || Nano4G EFI || DisplayPlatform:40030540<br />
|-<br />
| <0xC4FE7984, 0xC067, 0x4179, 0x857A288, 0x6516C7B4> || Nano4G EFI || NandReadOnly:400C6324,NandReadWrite:4063B84C<br />
|-<br />
| <0xD5406504, 0x2822, 0x4AF7, 0xEA7127AB, 0x4D1E0EE9> || Nano4G EFI || NandReadOnly:400C6334,NandReadWrite:4063B85C<br />
|-<br />
| <0x5B7F52C8, 0xF548, 0x4964, 0xE49205B3, 0xAA5BA56> || Nano4G EFI || DxeD1759:40081224<br />
|-<br />
| <0xE22D7299, 0x8923, 0x4FB6, 0xF79EF081, 0xC5011DF8> || Nano4G EFI || DxeD1759:4008122C<br />
|-<br />
| <0xE9A6AA07, 0x6C26, 0x4643, 0x571BF8A3, 0xDB3C544C> || Nano4G EFI || DxeD1759:40081250<br />
|-<br />
| <0x98AA9B39, 0x1794, 0x448F, 0x789B378B, 0x4B0B499C> || Nano4G EFI || DxeD1759:40081244<br />
|-<br />
| <0x28B7E144, 0xD74D, 0x46B1, 0xF5689495, 0xC9777C25> || Nano4G EFI || DxeD1759:40081210<br />
|-<br />
| <0xEB86F814, 0x80F7, 0x4EEC, 0x606824AA, 0x55A94602> || Nano4G EFI || DxeD1759:40081204<br />
|-<br />
| <0xDBFDB08, 0xB500, 0x4996, 0x1E4F959A, 0x934D2> || Nano4G EFI || DxeD1759:40081214<br />
|-<br />
| <0x3D4AA229, 0xB4E3, 0x4FD9, 0xEA90C99E, 0x3E832381> || Nano4G EFI || DxeD1759:40081234<br />
|-<br />
| <0xBD9A3AB2, 0x3A5C, 0x4CED, 0x2C4060B6, 0x21980D72> || Nano4G EFI || DxeD1759:40081200<br />
|-<br />
| <0x5CF6E3E, 0x458D, 0x4401, 0xC3D689B, 0xFD08109> || Nano4G EFI || DxeD1759:40081208<br />
|-<br />
| <0xECCA55D7, 0xEC52, 0x4F13, 0xBC32CBB7, 0x42CEDF0A> || Nano4G EFI || DxeD1759:4008120C<br />
|-<br />
| <0x26BACCB1, 0x6F42, 0x11D4, 0x8000E7BC, 0x81883CC7> ([http://feishare.com/edk2doxygen/d2/df2/struct___e_f_i___c_p_u___a_r_c_h___p_r_o_t_o_c_o_l.html EFI_CPU_ARCH_PROTOCOL_GUID]) || Nano4G EFI || Cpu:400A06EC (Nano4G)<br />
|-<br />
| <0x869D50FA, 0x2C74, 0x44D3, 0xEEEE0582, 0x76994CBF> || Nano4G EFI || Cpu:400A06F4<br />
|-<br />
| <0x3A6E3065, 0xCB91, 0x4DB1, 0xEED0E19A, 0x4300999B> || Nano4G EFI || ClockAndReset:4011191C<br />
|-<br />
| <0x1D602E87, 0xC708, 0x4ED3, 0xB0DB4D96, 0x1D2B46B1> || Nano4G EFI || MemoryAllocator:40190310<br />
|-<br />
| <0xE49D33ED, 0x513D, 0x4634, 0x556F98B6, 0x1B1C75AA> ([http://feishare.com/edk2doxygen/db/d6c/struct___e_f_i___s_m_b_u_s___h_c___p_r_o_t_o_c_o_l.html EFI_SMBUS_HC_PROTOCOL]) || Nano4G EFI || Pointers to malloc'ed tables containing DxeSmbus:40130498, DxeSmbus:401303F4, DxeSmbus:4013055C, DxeSmbus:40130564 (registered twice)<br />
|-<br />
| <0x487E8E93, 0xEF97, 0x4E77, 0x3E1628A4, 0x625F7170> || Nano4G EFI || Pointers to malloc'ed tables containing DxeSmbus:401303CC, 3C600000 (bus 0) / DxeSmbus:401303E0, 3C900000 (bus 1)<br />
|-<br />
| <0x17A0A3D7, 0xC0A5, 0x4635, 0x2107D5BB, 0xEEE2DF87> || Nano4G EFI || Gpio:4027031C<br />
|-<br />
| <0xE124AC3F, 0x3898, 0x44AA, 0x17E9958A, 0xB244869F> || Nano4G EFI || Usb:401D02B0<br />
|-<br />
| <0xC39B4F3A, 0xF24D, 0x4F8D, 0x82564584, 0x1FC1107F> || Nano4G EFI || Nand:40150C1C<br />
|-<br />
| <0x8708298A, 0xEEB2, 0x475F, 0xBF9EC296, 0x45163472> || Nano4G EFI || Nand:40150C78<br />
|-<br />
| <0xC71EFCAD, 0x7B2E, 0x46D3, 0x4B4420A0, 0xAFEC727F> || Nano4G EFI || Nand:40150C28<br />
|-<br />
| <0xA584D32F, 0x9837, 0x420B, 0x9D312694, 0xFBDBE98C> || Nano4G EFI || Nand:40150C30<br />
|-<br />
| <0x964E5B21, 0x6459, 0x11D2, 0xA000398E, 0x3B7269C9> || Nano4G EFI || Nand:40150C58<br />
|-<br />
| <0x9576E91, 0x6D3F, 0x11D2, 0xA000398E, 0x3B7269C9> || Nano4G EFI || Nand:40150C9C<br />
|-<br />
| <0xD15BFD46, 0x954C, 0x478D, 0xD4364CA5, 0xD0B0CDD8> || Nano4G EFI || NULL<br />
|-<br />
| <0xE8A9E232, 0x1708, 0x476D, 0xB10CDB9A, 0x20D9902E> || Nano4G EFI || DxeD1759Diagnostic:40310684<br />
|-<br />
| <0x618BA6A2, 0x690E, 0x4E7A, 0x1AB2E98E, 0xF865A959> || Nano4G EFI || DxeD1759Diagnostic:403106A4<br />
|-<br />
| <0x3622282D, 0xC57F, 0x4A7A, 0xD137CAAD, 0x2233AF3C> || Nano4G EFI || Swif:405F02E0<br />
|-<br />
|}</div>
Benedikt93
https://freemyipod.org/index.php?title=GUID_table&diff=3955
GUID table
2011-07-14T17:12:28Z
<p>Benedikt93: </p>
<hr />
<div>= Nano 3G EFI =<br />
{| class="wikitable prettytable sortable" <br />
|+ List of EFI protocol GUIDs found in the Nano 3G EFI<br />
|-<br />
! GUID !! Description<br />
|-<br />
| <0x3D4AA229, 0xB4E3, 0x4FD9, 0xEA90C99E, 0x3E832381><br />
| GUID at DxeD1671 +0x103C, registered at DxeD1671 +0x6F6, interface (at DxeD1671 +0xFAC):<br />
* +0 pmu_read(void *this, char reg, unsigned int size, void *data);<br />
* +4 pmu_write(void *this, char reg, unsigned int size, void *data);<br />
|-<br />
| <0x869D50FA, 0x2C74, 0x44D3, 0xEEEE0582, 0x76994CBF><br />
| GUID at Cpu +0x8E0, registered at Cpu +0x37C, interface (at Cpu +0x894):<br />
* +0 int disable_MMU_and_Caches(void* this);<br />
* +4 int enable_MMU_and_Caches(void* this);<br />
|-<br />
| <0x26BACCB1, 0x6F42, 0x11D4, 0x8000E7BC, 0x81883CC7><br />
| GUID at Cpu +0x8C4, registered at Cpu +0x37C, interface (at Cpu +0x89C):<br />
[http://feishare.com/edk2doxygen/d2/df2/struct___e_f_i___c_p_u___a_r_c_h___p_r_o_t_o_c_o_l.html EFI_CPU_ARCH_PROTOCOL]<br />
<br />
|-<br />
| <0xE49D33ED, 0x513D, 0x4634, 0x556F98B6, 0x1B1C75AA><br />
| GUID at DxeSmbus +0x6D8, registered at DxeSmbus +0x404, interface (at DxeSmbus +0x6BC):<br />
[http://feishare.com/edk2doxygen/db/d6c/struct___e_f_i___s_m_b_u_s___h_c___p_r_o_t_o_c_o_l.html EFI_SMBUS_HC_PROTOCOL]<br />
|-<br />
|}<br />
<br />
<br />
= Nano 4G EFI =<br />
{| class="wikitable prettytable sortable"<br />
|+ This is a list of all GUIDs found in various Apple code that we've analyzed so far<br />
|-<br />
! GUID !! Source !! Description<br />
|-<br />
| <0x3FD4147F, 0xAF65, 0x49B0, 0x78CE098, 0x8BC1132B> || Nano4G EFI || DisplayPlatform:40030540<br />
|-<br />
| <0x4EEECD0C, 0xAE61, 0x4977, 0xBE3AA2AA, 0x12004FC2> || Nano4G EFI || Timer:40020488<br />
|-<br />
| <0x144D4ACA, 0x93EF, 0x47E4, 0xCAB686A4, 0x81D57EF9> || Nano4G EFI || Lcd:40090620<br />
|-<br />
| <0x487E8E93, 0xEF97, 0x4E77, 0x3E1628A4, 0x625F7170> || Nano4G EFI || DisplayPlatform:40030540<br />
|-<br />
| <0xC4FE7984, 0xC067, 0x4179, 0x857A288, 0x6516C7B4> || Nano4G EFI || NandReadOnly:400C6324,NandReadWrite:4063B84C<br />
|-<br />
| <0xD5406504, 0x2822, 0x4AF7, 0xEA7127AB, 0x4D1E0EE9> || Nano4G EFI || NandReadOnly:400C6334,NandReadWrite:4063B85C<br />
|-<br />
| <0x5B7F52C8, 0xF548, 0x4964, 0xE49205B3, 0xAA5BA56> || Nano4G EFI || DxeD1759:40081224<br />
|-<br />
| <0xE22D7299, 0x8923, 0x4FB6, 0xF79EF081, 0xC5011DF8> || Nano4G EFI || DxeD1759:4008122C<br />
|-<br />
| <0xE9A6AA07, 0x6C26, 0x4643, 0x571BF8A3, 0xDB3C544C> || Nano4G EFI || DxeD1759:40081250<br />
|-<br />
| <0x98AA9B39, 0x1794, 0x448F, 0x789B378B, 0x4B0B499C> || Nano4G EFI || DxeD1759:40081244<br />
|-<br />
| <0x28B7E144, 0xD74D, 0x46B1, 0xF5689495, 0xC9777C25> || Nano4G EFI || DxeD1759:40081210<br />
|-<br />
| <0xEB86F814, 0x80F7, 0x4EEC, 0x606824AA, 0x55A94602> || Nano4G EFI || DxeD1759:40081204<br />
|-<br />
| <0xDBFDB08, 0xB500, 0x4996, 0x1E4F959A, 0x934D2> || Nano4G EFI || DxeD1759:40081214<br />
|-<br />
| <0x3D4AA229, 0xB4E3, 0x4FD9, 0xEA90C99E, 0x3E832381> || Nano4G EFI || DxeD1759:40081234<br />
|-<br />
| <0xBD9A3AB2, 0x3A5C, 0x4CED, 0x2C4060B6, 0x21980D72> || Nano4G EFI || DxeD1759:40081200<br />
|-<br />
| <0x5CF6E3E, 0x458D, 0x4401, 0xC3D689B, 0xFD08109> || Nano4G EFI || DxeD1759:40081208<br />
|-<br />
| <0xECCA55D7, 0xEC52, 0x4F13, 0xBC32CBB7, 0x42CEDF0A> || Nano4G EFI || DxeD1759:4008120C<br />
|-<br />
| <0x26BACCB1, 0x6F42, 0x11D4, 0x8000E7BC, 0x81883CC7> ([http://feishare.com/edk2doxygen/d2/df2/struct___e_f_i___c_p_u___a_r_c_h___p_r_o_t_o_c_o_l.html EFI_CPU_ARCH_PROTOCOL_GUID]) || Nano4G EFI || Cpu:400A06EC (Nano4G)<br />
|-<br />
| <0x869D50FA, 0x2C74, 0x44D3, 0xEEEE0582, 0x76994CBF> || Nano4G EFI || Cpu:400A06F4<br />
|-<br />
| <0x3A6E3065, 0xCB91, 0x4DB1, 0xEED0E19A, 0x4300999B> || Nano4G EFI || ClockAndReset:4011191C<br />
|-<br />
| <0x1D602E87, 0xC708, 0x4ED3, 0xB0DB4D96, 0x1D2B46B1> || Nano4G EFI || MemoryAllocator:40190310<br />
|-<br />
| <0xE49D33ED, 0x513D, 0x4634, 0x556F98B6, 0x1B1C75AA> ([http://feishare.com/edk2doxygen/db/d6c/struct___e_f_i___s_m_b_u_s___h_c___p_r_o_t_o_c_o_l.html EFI_SMBUS_HC_PROTOCOL]) || Nano4G EFI || Pointers to malloc'ed tables containing DxeSmbus:40130498, DxeSmbus:401303F4, DxeSmbus:4013055C, DxeSmbus:40130564 (registered twice)<br />
|-<br />
| <0x487E8E93, 0xEF97, 0x4E77, 0x3E1628A4, 0x625F7170> || Nano4G EFI || Pointers to malloc'ed tables containing DxeSmbus:401303CC, 3C600000 (bus 0) / DxeSmbus:401303E0, 3C900000 (bus 1)<br />
|-<br />
| <0x17A0A3D7, 0xC0A5, 0x4635, 0x2107D5BB, 0xEEE2DF87> || Nano4G EFI || Gpio:4027031C<br />
|-<br />
| <0xE124AC3F, 0x3898, 0x44AA, 0x17E9958A, 0xB244869F> || Nano4G EFI || Usb:401D02B0<br />
|-<br />
| <0xC39B4F3A, 0xF24D, 0x4F8D, 0x82564584, 0x1FC1107F> || Nano4G EFI || Nand:40150C1C<br />
|-<br />
| <0x8708298A, 0xEEB2, 0x475F, 0xBF9EC296, 0x45163472> || Nano4G EFI || Nand:40150C78<br />
|-<br />
| <0xC71EFCAD, 0x7B2E, 0x46D3, 0x4B4420A0, 0xAFEC727F> || Nano4G EFI || Nand:40150C28<br />
|-<br />
| <0xA584D32F, 0x9837, 0x420B, 0x9D312694, 0xFBDBE98C> || Nano4G EFI || Nand:40150C30<br />
|-<br />
| <0x964E5B21, 0x6459, 0x11D2, 0xA000398E, 0x3B7269C9> || Nano4G EFI || Nand:40150C58<br />
|-<br />
| <0x9576E91, 0x6D3F, 0x11D2, 0xA000398E, 0x3B7269C9> || Nano4G EFI || Nand:40150C9C<br />
|-<br />
| <0xD15BFD46, 0x954C, 0x478D, 0xD4364CA5, 0xD0B0CDD8> || Nano4G EFI || NULL<br />
|-<br />
| <0xE8A9E232, 0x1708, 0x476D, 0xB10CDB9A, 0x20D9902E> || Nano4G EFI || DxeD1759Diagnostic:40310684<br />
|-<br />
| <0x618BA6A2, 0x690E, 0x4E7A, 0x1AB2E98E, 0xF865A959> || Nano4G EFI || DxeD1759Diagnostic:403106A4<br />
|-<br />
| <0x3622282D, 0xC57F, 0x4A7A, 0xD137CAAD, 0x2233AF3C> || Nano4G EFI || Swif:405F02E0<br />
|-<br />
|}</div>
Benedikt93
https://freemyipod.org/index.php?title=Talk:EmCORE_Releases&diff=3898
Talk:EmCORE Releases
2011-05-02T13:03:16Z
<p>Benedikt93: </p>
<hr />
<div>== Nano 2G ==<br />
<br />
So are there instructions to getting this on my 2G nano. I would really like to test this.<br />
<br />
<br />
== Voltage reduction on classic ==<br />
''Reducing the CPU core voltage on the iPod Classic has been disabled. Battery life might be adversely affected.''<br />
<br />
Is it good or bad? (:<br />
<br />
: In general, this is bad (and should eventually be handled differently) as the CPU now consumes more power than actually necesarry, but for now, it solves problems where it didn't work properly due to a too low voltage. --[[User:Benedikt93|Benedikt93]] 13:03, 2 May 2011 (UTC)</div>
Benedikt93
https://freemyipod.org/index.php?title=GUID_table&diff=3893
GUID table
2011-04-29T16:21:19Z
<p>Benedikt93: </p>
<hr />
<div>{| class="wikitable prettytable sortable"<br />
|+ This is a list of all GUIDs found in various Apple code that we've analyzed so far<br />
|-<br />
! GUID !! Source !! Description<br />
|-<br />
| <0x3FD4147F, 0xAF65, 0x49B0, 0x78CE098, 0x8BC1132B> || Nano4G EFI || DisplayPlatform:40030540<br />
|-<br />
| <0x4EEECD0C, 0xAE61, 0x4977, 0xBE3AA2AA, 0x12004FC2> || Nano4G EFI || Timer:40020488<br />
|-<br />
| <0x144D4ACA, 0x93EF, 0x47E4, 0xCAB686A4, 0x81D57EF9> || Nano4G EFI || Lcd:40090620<br />
|-<br />
| <0x487E8E93, 0xEF97, 0x4E77, 0x3E1628A4, 0x625F7170> || Nano4G EFI || DisplayPlatform:40030540<br />
|-<br />
| <0xC4FE7984, 0xC067, 0x4179, 0x857A288, 0x6516C7B4> || Nano4G EFI || NandReadOnly:400C6324,NandReadWrite:4063B84C<br />
|-<br />
| <0xD5406504, 0x2822, 0x4AF7, 0xEA7127AB, 0x4D1E0EE9> || Nano4G EFI || NandReadOnly:400C6334,NandReadWrite:4063B85C<br />
|-<br />
| <0x5B7F52C8, 0xF548, 0x4964, 0xE49205B3, 0xAA5BA56> || Nano4G EFI || DxeD1759:40081224<br />
|-<br />
| <0xE22D7299, 0x8923, 0x4FB6, 0xF79EF081, 0xC5011DF8> || Nano4G EFI || DxeD1759:4008122C<br />
|-<br />
| <0xE9A6AA07, 0x6C26, 0x4643, 0x571BF8A3, 0xDB3C544C> || Nano4G EFI || DxeD1759:40081250<br />
|-<br />
| <0x98AA9B39, 0x1794, 0x448F, 0x789B378B, 0x4B0B499C> || Nano4G EFI || DxeD1759:40081244<br />
|-<br />
| <0x28B7E144, 0xD74D, 0x46B1, 0xF5689495, 0xC9777C25> || Nano4G EFI || DxeD1759:40081210<br />
|-<br />
| <0xEB86F814, 0x80F7, 0x4EEC, 0x606824AA, 0x55A94602> || Nano4G EFI || DxeD1759:40081204<br />
|-<br />
| <0xDBFDB08, 0xB500, 0x4996, 0x1E4F959A, 0x934D2> || Nano4G EFI || DxeD1759:40081214<br />
|-<br />
|rowspan="2"| <0x3D4AA229, 0xB4E3, 0x4FD9, 0xEA90C99E, 0x3E832381><br />
| Nano4G EFI || DxeD1759:40081234<br />
|-<br />
| Nano3G EFI || DxeD1671:40030FAC, table entries:<br />
* +0 pmu_read(void *this, char reg, unsigned int size, void *data)<br />
* +4 pmu_write(void *this, char reg, unsigned int size, void *data)<br />
|-<br />
| <0xBD9A3AB2, 0x3A5C, 0x4CED, 0x2C4060B6, 0x21980D72> || Nano4G EFI || DxeD1759:40081200<br />
|-<br />
| <0x5CF6E3E, 0x458D, 0x4401, 0xC3D689B, 0xFD08109> || Nano4G EFI || DxeD1759:40081208<br />
|-<br />
| <0xECCA55D7, 0xEC52, 0x4F13, 0xBC32CBB7, 0x42CEDF0A> || Nano4G EFI || DxeD1759:4008120C<br />
|-<br />
| <0x26BACCB1, 0x6F42, 0x11D4, 0x8000E7BC, 0x81883CC7> ([http://feishare.com/edk2doxygen/d2/df2/struct___e_f_i___c_p_u___a_r_c_h___p_r_o_t_o_c_o_l.html EFI_CPU_ARCH_PROTOCOL_GUID]) || Nano4G EFI, Nano3G EFI || Cpu:400A06EC (Nano4G)<br />
|-<br />
| <0x869D50FA, 0x2C74, 0x44D3, 0xEEEE0582, 0x76994CBF> || Nano4G EFI, Nano3G EFI || Cpu:400A06F4 (Nano4G) (on Nano3G: some EFI_CPU_ARCH_PROTOCOL with two additional functions)<br />
|-<br />
| <0x3A6E3065, 0xCB91, 0x4DB1, 0xEED0E19A, 0x4300999B> || Nano4G EFI || ClockAndReset:4011191C<br />
|-<br />
| <0x1D602E87, 0xC708, 0x4ED3, 0xB0DB4D96, 0x1D2B46B1> || Nano4G EFI || MemoryAllocator:40190310<br />
|-<br />
| <0xE49D33ED, 0x513D, 0x4634, 0x556F98B6, 0x1B1C75AA> ([http://feishare.com/edk2doxygen/db/d6c/struct___e_f_i___s_m_b_u_s___h_c___p_r_o_t_o_c_o_l.html EFI_SMBUS_HC_PROTOCOL]) || Nano4G EFI, Nano3G EFI || Pointers to malloc'ed tables containing DxeSmbus:40130498, DxeSmbus:401303F4, DxeSmbus:4013055C, DxeSmbus:40130564 (registered twice, Nano 4G)<br />
|-<br />
| <0x487E8E93, 0xEF97, 0x4E77, 0x3E1628A4, 0x625F7170> || Nano4G EFI || Pointers to malloc'ed tables containing DxeSmbus:401303CC, 3C600000 (bus 0) / DxeSmbus:401303E0, 3C900000 (bus 1)<br />
|-<br />
| <0x17A0A3D7, 0xC0A5, 0x4635, 0x2107D5BB, 0xEEE2DF87> || Nano4G EFI || Gpio:4027031C<br />
|-<br />
| <0xE124AC3F, 0x3898, 0x44AA, 0x17E9958A, 0xB244869F> || Nano4G EFI || Usb:401D02B0<br />
|-<br />
| <0xC39B4F3A, 0xF24D, 0x4F8D, 0x82564584, 0x1FC1107F> || Nano4G EFI || Nand:40150C1C<br />
|-<br />
| <0x8708298A, 0xEEB2, 0x475F, 0xBF9EC296, 0x45163472> || Nano4G EFI || Nand:40150C78<br />
|-<br />
| <0xC71EFCAD, 0x7B2E, 0x46D3, 0x4B4420A0, 0xAFEC727F> || Nano4G EFI || Nand:40150C28<br />
|-<br />
| <0xA584D32F, 0x9837, 0x420B, 0x9D312694, 0xFBDBE98C> || Nano4G EFI || Nand:40150C30<br />
|-<br />
| <0x964E5B21, 0x6459, 0x11D2, 0xA000398E, 0x3B7269C9> || Nano4G EFI || Nand:40150C58<br />
|-<br />
| <0x9576E91, 0x6D3F, 0x11D2, 0xA000398E, 0x3B7269C9> || Nano4G EFI || Nand:40150C9C<br />
|-<br />
| <0xD15BFD46, 0x954C, 0x478D, 0xD4364CA5, 0xD0B0CDD8> || Nano4G EFI || NULL<br />
|-<br />
|}</div>
Benedikt93
https://freemyipod.org/index.php?title=GUID_table&diff=3888
GUID table
2011-04-25T17:55:24Z
<p>Benedikt93: </p>
<hr />
<div>{| class="wikitable prettytable sortable"<br />
|+ This is a list of all GUIDs found in various Apple code that we've analyzed so far<br />
|-<br />
! GUID !! Source !! Description<br />
|-<br />
| <0x3FD4147F, 0xAF65, 0x49B0, 0x78CE098, 0x8BC1132B> || Nano4G EFI || DisplayPlatform:40030540<br />
|-<br />
| <0x4EEECD0C, 0xAE61, 0x4977, 0xBE3AA2AA, 0x12004FC2> || Nano4G EFI || Timer:40020488<br />
|-<br />
| <0x144D4ACA, 0x93EF, 0x47E4, 0xCAB686A4, 0x81D57EF9> || Nano4G EFI || Lcd:40090620<br />
|-<br />
| <0x487E8E93, 0xEF97, 0x4E77, 0x3E1628A4, 0x625F7170> || Nano4G EFI || DisplayPlatform:40030540<br />
|-<br />
| <0xC4FE7984, 0xC067, 0x4179, 0x857A288, 0x6516C7B4> || Nano4G EFI || NandReadOnly:400C6324,NandReadWrite:4063B84C<br />
|-<br />
| <0xD5406504, 0x2822, 0x4AF7, 0xEA7127AB, 0x4D1E0EE9> || Nano4G EFI || NandReadOnly:400C6334,NandReadWrite:4063B85C<br />
|-<br />
| <0x5B7F52C8, 0xF548, 0x4964, 0xE49205B3, 0xAA5BA56> || Nano4G EFI || DxeD1759:40081224<br />
|-<br />
| <0xE22D7299, 0x8923, 0x4FB6, 0xF79EF081, 0xC5011DF8> || Nano4G EFI || DxeD1759:4008122C<br />
|-<br />
| <0xE9A6AA07, 0x6C26, 0x4643, 0x571BF8A3, 0xDB3C544C> || Nano4G EFI || DxeD1759:40081250<br />
|-<br />
| <0x98AA9B39, 0x1794, 0x448F, 0x789B378B, 0x4B0B499C> || Nano4G EFI || DxeD1759:40081244<br />
|-<br />
| <0x28B7E144, 0xD74D, 0x46B1, 0xF5689495, 0xC9777C25> || Nano4G EFI || DxeD1759:40081210<br />
|-<br />
| <0xEB86F814, 0x80F7, 0x4EEC, 0x606824AA, 0x55A94602> || Nano4G EFI || DxeD1759:40081204<br />
|-<br />
| <0xDBFDB08, 0xB500, 0x4996, 0x1E4F959A, 0x934D2> || Nano4G EFI || DxeD1759:40081214<br />
|-<br />
| <0x3D4AA229, 0xB4E3, 0x4FD9, 0xEA90C99E, 0x3E832381> || Nano4G EFI || DxeD1759:40081234<br />
|-<br />
| <0xBD9A3AB2, 0x3A5C, 0x4CED, 0x2C4060B6, 0x21980D72> || Nano4G EFI || DxeD1759:40081200<br />
|-<br />
| <0x5CF6E3E, 0x458D, 0x4401, 0xC3D689B, 0xFD08109> || Nano4G EFI || DxeD1759:40081208<br />
|-<br />
| <0xECCA55D7, 0xEC52, 0x4F13, 0xBC32CBB7, 0x42CEDF0A> || Nano4G EFI || DxeD1759:4008120C<br />
|-<br />
| <0x26BACCB1, 0x6F42, 0x11D4, 0x8000E7BC, 0x81883CC7> || Nano4G EFI, Nano3G EFI || Cpu:400A06EC (Nano4G) ([http://feishare.com/edk2doxygen/d2/df2/struct___e_f_i___c_p_u___a_r_c_h___p_r_o_t_o_c_o_l.html EFI_CPU_ARCH_PROTOCOL_GUID])<br />
|-<br />
| <0x869D50FA, 0x2C74, 0x44D3, 0xEEEE0582, 0x76994CBF> || Nano4G EFI, Nano3G EFI || Cpu:400A06F4 (Nano4G) (on Nano3G: some EFI_CPU_ARCH_PROTOCOL with two additional functions)<br />
|-<br />
| <0x3A6E3065, 0xCB91, 0x4DB1, 0xEED0E19A, 0x4300999B> || Nano4G EFI || ClockAndReset:4011191C<br />
|-<br />
| <0x1D602E87, 0xC708, 0x4ED3, 0xB0DB4D96, 0x1D2B46B1> || Nano4G EFI || MemoryAllocator:40190310<br />
|-<br />
| <0xE49D33ED, 0x513D, 0x4634, 0x556F98B6, 0x1B1C75AA> || Nano4G EFI, Nano3G EFI || ([http://feishare.com/edk2doxygen/db/d6c/struct___e_f_i___s_m_b_u_s___h_c___p_r_o_t_o_c_o_l.html EFI_SMBUS_HC_PROTOCOL])<br />
|-<br />
| <0x487E8E93, 0xEF97, 0x4E77, 0x3E1628A4, 0x625F7170> || Nano4G EFI || Pointers to malloc'ed tables containing DxeSmbus:401303CC, 3C600000 (bus 0) / DxeSmbus:401303E0, 3C900000 (bus 1)<br />
|-<br />
| <0x17A0A3D7, 0xC0A5, 0x4635, 0x2107D5BB, 0xEEE2DF87> || Nano4G EFI || Gpio:4027031C<br />
|-<br />
| <0xE124AC3F, 0x3898, 0x44AA, 0x17E9958A, 0xB244869F> || Nano4G EFI || Usb:401D02B0<br />
|-<br />
|}</div>
Benedikt93
https://freemyipod.org/index.php?title=GUID_table&diff=3887
GUID table
2011-04-25T17:41:14Z
<p>Benedikt93: </p>
<hr />
<div>{| class="wikitable prettytable sortable"<br />
|+ This is a list of all GUIDs found in various Apple code that we've analyzed so far<br />
|-<br />
! GUID !! Source !! Description<br />
|-<br />
| <0x3FD4147F, 0xAF65, 0x49B0, 0x78CE098, 0x8BC1132B> || Nano4G EFI || DisplayPlatform:40030540<br />
|-<br />
| <0x4EEECD0C, 0xAE61, 0x4977, 0xBE3AA2AA, 0x12004FC2> || Nano4G EFI || Timer:40020488<br />
|-<br />
| <0x144D4ACA, 0x93EF, 0x47E4, 0xCAB686A4, 0x81D57EF9> || Nano4G EFI || Lcd:40090620<br />
|-<br />
| <0x487E8E93, 0xEF97, 0x4E77, 0x3E1628A4, 0x625F7170> || Nano4G EFI || DisplayPlatform:40030540<br />
|-<br />
| <0xC4FE7984, 0xC067, 0x4179, 0x857A288, 0x6516C7B4> || Nano4G EFI || NandReadOnly:400C6324,NandReadWrite:4063B84C<br />
|-<br />
| <0xD5406504, 0x2822, 0x4AF7, 0xEA7127AB, 0x4D1E0EE9> || Nano4G EFI || NandReadOnly:400C6334,NandReadWrite:4063B85C<br />
|-<br />
| <0x5B7F52C8, 0xF548, 0x4964, 0xE49205B3, 0xAA5BA56> || Nano4G EFI || DxeD1759:40081224<br />
|-<br />
| <0xE22D7299, 0x8923, 0x4FB6, 0xF79EF081, 0xC5011DF8> || Nano4G EFI || DxeD1759:4008122C<br />
|-<br />
| <0xE9A6AA07, 0x6C26, 0x4643, 0x571BF8A3, 0xDB3C544C> || Nano4G EFI || DxeD1759:40081250<br />
|-<br />
| <0x98AA9B39, 0x1794, 0x448F, 0x789B378B, 0x4B0B499C> || Nano4G EFI || DxeD1759:40081244<br />
|-<br />
| <0x28B7E144, 0xD74D, 0x46B1, 0xF5689495, 0xC9777C25> || Nano4G EFI || DxeD1759:40081210<br />
|-<br />
| <0xEB86F814, 0x80F7, 0x4EEC, 0x606824AA, 0x55A94602> || Nano4G EFI || DxeD1759:40081204<br />
|-<br />
| <0xDBFDB08, 0xB500, 0x4996, 0x1E4F959A, 0x934D2> || Nano4G EFI || DxeD1759:40081214<br />
|-<br />
| <0x3D4AA229, 0xB4E3, 0x4FD9, 0xEA90C99E, 0x3E832381> || Nano4G EFI || DxeD1759:40081234<br />
|-<br />
| <0xBD9A3AB2, 0x3A5C, 0x4CED, 0x2C4060B6, 0x21980D72> || Nano4G EFI || DxeD1759:40081200<br />
|-<br />
| <0x5CF6E3E, 0x458D, 0x4401, 0xC3D689B, 0xFD08109> || Nano4G EFI || DxeD1759:40081208<br />
|-<br />
| <0xECCA55D7, 0xEC52, 0x4F13, 0xBC32CBB7, 0x42CEDF0A> || Nano4G EFI || DxeD1759:4008120C<br />
|-<br />
| <0x26BACCB1, 0x6F42, 0x11D4, 0x8000E7BC, 0x81883CC7> || Nano4G EFI, Nano3G EFI || Cpu:400A06EC (Nano4G) ([http://feishare.com/edk2doxygen/d2/df2/struct___e_f_i___c_p_u___a_r_c_h___p_r_o_t_o_c_o_l.html EFI_CPU_ARCH_PROTOCOL_GUID])<br />
|-<br />
| <0x869D50FA, 0x2C74, 0x44D3, 0xEEEE0582, 0x76994CBF> || Nano4G EFI, Nano3G EFI || Cpu:400A06F4 (Nano4G) (on Nano3G: some EFI_CPU_ARCH_PROTOCOL with two additional functions)<br />
|-<br />
| <0x3A6E3065, 0xCB91, 0x4DB1, 0xEED0E19A, 0x4300999B> || Nano4G EFI || ClockAndReset:4011191C<br />
|-<br />
| <0x1D602E87, 0xC708, 0x4ED3, 0xB0DB4D96, 0x1D2B46B1> || Nano4G EFI || MemoryAllocator:40190310<br />
|-<br />
| <0xE49D33ED, 0x513D, 0x4634, 0x556F98B6, 0x1B1C75AA> || Nano4G EFI || Pointers to malloc'ed tables containing DxeSmbus:40130498, DxeSmbus:401303F4, DxeSmbus:4013055C, DxeSmbus:40130564 (registered twice)<br />
|-<br />
| <0x487E8E93, 0xEF97, 0x4E77, 0x3E1628A4, 0x625F7170> || Nano4G EFI || Pointers to malloc'ed tables containing DxeSmbus:401303CC, 3C600000 (bus 0) / DxeSmbus:401303E0, 3C900000 (bus 1)<br />
|-<br />
| <0x17A0A3D7, 0xC0A5, 0x4635, 0x2107D5BB, 0xEEE2DF87> || Nano4G EFI || Gpio:4027031C<br />
|-<br />
| <0xE124AC3F, 0x3898, 0x44AA, 0x17E9958A, 0xB244869F> || Nano4G EFI || Usb:401D02B0<br />
|-<br />
|}</div>
Benedikt93
https://freemyipod.org/index.php?title=GUID_table&diff=3884
GUID table
2011-04-25T12:18:22Z
<p>Benedikt93: </p>
<hr />
<div>{| class="wikitable prettytable sortable"<br />
|+ This is a list of all GUIDs found in various Apple code that we've analyzed so far<br />
|-<br />
! GUID !! Source !! Description<br />
|-<br />
| <0x3FD4147F, 0xAF65, 0x49B0, 0x78CE098, 0x8BC1132B> || Nano4G EFI || DisplayPlatform:40030540<br />
|-<br />
| <0x4EEECD0C, 0xAE61, 0x4977, 0xBE3AA2AA, 0x12004FC2> || Nano4G EFI || Timer:40020488<br />
|-<br />
| <0x144D4ACA, 0x93EF, 0x47E4, 0xCAB686A4, 0x81D57EF9> || Nano4G EFI || Lcd:40090620<br />
|-<br />
| <0x487E8E93, 0xEF97, 0x4E77, 0x3E1628A4, 0x625F7170> || Nano4G EFI || DisplayPlatform:40030540<br />
|-<br />
| <0xC4FE7984, 0xC067, 0x4179, 0x857A288, 0x6516C7B4> || Nano4G EFI || NandReadOnly:400C6324,NandReadWrite:4063B84C<br />
|-<br />
| <0xD5406504, 0x2822, 0x4AF7, 0xEA7127AB, 0x4D1E0EE9> || Nano4G EFI || NandReadOnly:400C6334,NandReadWrite:4063B85C<br />
|-<br />
| <0x5B7F52C8, 0xF548, 0x4964, 0xE49205B3, 0xAA5BA56> || Nano4G EFI || DxeD1759:40081224<br />
|-<br />
| <0xE22D7299, 0x8923, 0x4FB6, 0xF79EF081, 0xC5011DF8> || Nano4G EFI || DxeD1759:4008122C<br />
|-<br />
| <0xE9A6AA07, 0x6C26, 0x4643, 0x571BF8A3, 0xDB3C544C> || Nano4G EFI || DxeD1759:40081250<br />
|-<br />
| <0x98AA9B39, 0x1794, 0x448F, 0x789B378B, 0x4B0B499C> || Nano4G EFI || DxeD1759:40081244<br />
|-<br />
| <0x28B7E144, 0xD74D, 0x46B1, 0xF5689495, 0xC9777C25> || Nano4G EFI || DxeD1759:40081210<br />
|-<br />
| <0xEB86F814, 0x80F7, 0x4EEC, 0x606824AA, 0x55A94602> || Nano4G EFI || DxeD1759:40081204<br />
|-<br />
| <0xDBFDB08, 0xB500, 0x4996, 0x1E4F959A, 0x934D2> || Nano4G EFI || DxeD1759:40081214<br />
|-<br />
| <0x3D4AA229, 0xB4E3, 0x4FD9, 0xEA90C99E, 0x3E832381> || Nano4G EFI || DxeD1759:40081234<br />
|-<br />
| <0xBD9A3AB2, 0x3A5C, 0x4CED, 0x2C4060B6, 0x21980D72> || Nano4G EFI || DxeD1759:40081200<br />
|-<br />
| <0x5CF6E3E, 0x458D, 0x4401, 0xC3D689B, 0xFD08109> || Nano4G EFI || DxeD1759:40081208<br />
|-<br />
| <0xECCA55D7, 0xEC52, 0x4F13, 0xBC32CBB7, 0x42CEDF0A> || Nano4G EFI || DxeD1759:4008120C<br />
|-<br />
| <0x26BACCB1, 0x6F42, 0x11D4, 0x8000E7BC, 0x81883CC7> ([http://feishare.com/edk2doxygen/d2/df2/struct___e_f_i___c_p_u___a_r_c_h___p_r_o_t_o_c_o_l.html EFI_CPU_ARCH_PROTOCOL_GUID])|| Nano4G EFI || Cpu:400A06EC<br />
|-<br />
| <0x869D50FA, 0x2C74, 0x44D3, 0xEEEE0582, 0x76994CBF> || Nano4G EFI || Cpu:400A06F4<br />
|-<br />
| <0x3A6E3065, 0xCB91, 0x4DB1, 0xEED0E19A, 0x4300999B> || Nano4G EFI || ClockAndReset:4011191C<br />
|-<br />
| <0x1D602E87, 0xC708, 0x4ED3, 0xB0DB4D96, 0x1D2B46B1> || Nano4G EFI || MemoryAllocator:40190310<br />
|-<br />
| <0xE49D33ED, 0x513D, 0x4634, 0x556F98B6, 0x1B1C75AA> || Nano4G EFI || <br />
|-<br />
|}</div>
Benedikt93
https://freemyipod.org/index.php?title=Talk:EmCORE&diff=3866
Talk:EmCORE
2011-04-10T08:16:52Z
<p>Benedikt93: </p>
<hr />
<div><br />
==Autoboot==<br />
Is there any way to modify the config so that Rockbox boots automatically after (far example) 10 seconds? [[User:Wintermute|Wintermute]] 13:41, 5 April 2011 (UTC)<br />
<br />
and where the standard software? You can make so that it too was that?[[User:Yar_Chi|Yar_Chi]] 20:30 , 5 April 2011 (UTC)<br />
<br />
== ATA error: -11 ==<br />
<br />
When i click on rockbox i get this error. Is there anyway to fix this? I just installed EmCORE.<br />
: For others this was caused by a too old RockBox, so you might wan't to try upgrading it. --[[User:Benedikt93|Benedikt93]] 08:16, 10 April 2011 (UTC)</div>
Benedikt93
https://freemyipod.org/index.php?title=Chronology&diff=3690
Chronology
2011-02-09T20:49:44Z
<p>Benedikt93: add n6g identify link</p>
<hr />
<div>This page list all models of iPods and set the naming of it. So that, on this wiki, or on IRC nobody can be confused with what we are speaking about. Please also refer to Apple's [http://support.apple.com/kb/HT1353 Identifying iPod Models]" page<br />
<br />
==iPod Series==<br />
<br />
{| class="wikitable"<br />
! Model !! Introduced !! Capacity !! Notes <br />
|-<br />
| [http://support.apple.com/kb/HT1353#scrollwheel 1G] <br />
| 2001-10<br />
| 5 GB or 10 GB<br />
|<br />
|-<br />
| [http://support.apple.com/kb/HT1353#touchwheel 2G]<br />
| 2002-07 <br />
| 10 GB or 20 GB<br />
|<br />
|-<br />
| [http://support.apple.com/kb/HT1353#dockconnector 3G] <br />
| 2003-04<br />
| 10 GB, 15 GB, 20 GB, 30 GB, or 40 GB<br />
|<br />
|-<br />
| [http://support.apple.com/kb/HT1353#clickwheel 4G (Greyscale)]<br />
| 2004-07<br />
| 20 GB or 40 GB<br />
|<br />
|-<br />
| [http://support.apple.com/kb/HT1353#ipodphoto 4G (Color)]<br />
| 2004-10<br />
| 20 GB, 30 GB, or 60 GB<br />
|<br />
|-<br />
| [http://support.apple.com/kb/HT1353#ipodfifth 5G (Video)]<br />
| 2005-10<br />
| 30 GB or 60 GB<br />
|<br />
|-<br />
| [http://support.apple.com/kb/HT1353#ipodfifth2 5.5G (Video)]<br />
| 2006-09<br />
| 30 GB or 80 GB<br />
|<br />
|-<br />
| [http://support.apple.com/kb/HT1353#ipodclassic (6G) Classic 1G]<br />
| 2007-09<br />
| 80 GB or 160 GB<br />
| Encryption starts<br />
|-<br />
| [http://support.apple.com/kb/HT1353#iPod_classic_120GB (6G) Classic 2G]<br />
| 2008-09<br />
| 120 GB<br />
|<br />
|-<br />
| [http://support.apple.com/kb/HT1353#iPod_classic_160GB (6G) Classic 3G]<br />
| 2009-09<br />
| 160 GB<br />
|<br />
|}<br />
<br />
==iPod Nano Series==<br />
<br />
{| class="wikitable"<br />
! Model !! Introduced !! Capacity !! Notes <br />
|-<br />
| [http://support.apple.com/kb/HT1353#ipodnano Nano 1G]<br />
| 2005-09<br />
| 1 GB, 2 GB, or 4 GB<br />
|<br />
|-<br />
| [http://support.apple.com/kb/HT1353#ipodnano2 Nano 2G]<br />
| 2006-09<br />
| 2 GB, 4 GB, or 8 GB<br />
| Encryption starts<br />
|-<br />
| [http://support.apple.com/kb/HT1353#ipodnano3 Nano 3G]<br />
| 2007-09<br />
| 4 GB or 8 GB<br />
|<br />
|-<br />
| [http://support.apple.com/kb/HT1353#iPod_nano_4th_generation Nano 4G]<br />
| 2008-09<br />
| 8 GB or 16 GB<br />
|<br />
|-<br />
| [http://support.apple.com/kb/HT1353#iPod_nano5G Nano 5G]<br />
| 2009-09<br />
| 8 GB or 16 GB<br />
|<br />
|-<br />
| [http://support.apple.com/kb/HT1353#iPod_Nano_6G Nano 6G]<br />
| 2010-09<br />
| 8 GB or 16 GB<br />
| Multi-Touch display<br />
|}<br />
<br />
==Timeline==<br />
[[Image:IPod Timeline.png|800px|The timeline of iPod releases (from Wikipedia)]]<br />
<br />
==The Motive==<br />
Understanding the mindset and motives behind Apple is key to understanding how and why the iPod was encrypted. While many people believe that the iPod was encrypted to put an end to iPodLinux and Rockbox, the main reason for the encryption was to thwart third-party imitators. Apple was not as concerned with iPodLinux and Rockbox because people were still buying their (overpriced) hardware, and therefore still generating profits. The main reason was because there were many imitations that replicated the hardware and ran the exact firmware that was run on normal iPods. This was a major drain of money for Apple. Another reason was that the DRM mechanism in the unencrypted firmware was being hacked. This allowed pirated content like games to be run without being bought.<br />
==The Response==<br />
Since Apple was losing money from the iPod imitators, they encrypted the firmware so the iPod clones could no longer use Apple firmware on their devices. There are still iPod clones out there (just search eBay), but very few use the Apple firmware anymore. Apple has encrypted all of their portable devices since the iPod Nano 2G.<br />
==The Change==<br />
In order to stop the fake iPods from using their firmware, Apple encrypted the firmware so only their devices could decrypt it. Apple changed their processor to Samsung and no longer used PortalPlayer.<br />
==Helpful Pages==<br />
http://support.apple.com/kb/HT1353</div>
Benedikt93
https://freemyipod.org/index.php?title=User_talk:Windserfer&diff=3572
User talk:Windserfer
2011-01-11T20:39:16Z
<p>Benedikt93: </p>
<hr />
<div>The picture you added to the iPod Classic installation braindump page doesn't look like the LCD driver is working right on your iPod. As this doesn't happen on my iPod, it would be nice if you could come over to our IRC channel to debug this. --[[User:TheSeven|TheSeven]] 15:21, 7 January 2011 (UTC)<br />
<br />
:yes i thought it was so because of the early stage! right now I've have no time, but tomorrow I surelly will!<br />
<br />
<br />
Hi, i know i'm annoying but could u link me to the irc? I want to debug this and see why the new version of iloader doesn't work (the ubi file stops at "booting..." --[[User:Windserfer|Windserfer]] 17:58, 10 January 2011 (UTC))<br />
<br />
:You'll find more info about them and links to a webchat at the [[Contact]] page. --[[User:Benedikt93|Benedikt93]] 20:39, 11 January 2011 (UTC)</div>
Benedikt93
https://freemyipod.org/index.php?title=User_talk:TheSeven&diff=3340
User talk:TheSeven
2010-12-17T15:00:58Z
<p>Benedikt93: </p>
<hr />
<div>is there any scope of finding vulnerabilities, being able to execute code through the nike+ ipod kits? as in control the alter the sensor to send modified data to the ipod through the kit? i guess we havent already tried that. -- [[User:Psgarcha92]], 19:29, 21 November 2010<br />
:I don't the sensor will ever send data that's complex enough for the parser to have an exploitable bug. --[[User:TheSeven|TheSeven]] 18:22, 22 November 2010 (UTC)<br />
<br />
<br />
<br />
Hello.my classic 3g's HDD just broke,as no one provide classic 3g's PCB scan yet,if l4n need this,i will snap some photos of it..<br />
Then where should i upload it? -- [[User:sinless]]<br />
:I think you should upload them here [http://www.freemyipod.org/wiki/Special:Upload] and then add them to the Classic 3G page. --[[User:Benedikt93|Benedikt93]] 15:00, 17 December 2010 (UTC)</div>
Benedikt93
https://freemyipod.org/index.php?title=Talk:Nano_5G&diff=3200
Talk:Nano 5G
2010-10-26T16:20:16Z
<p>Benedikt93: </p>
<hr />
<div>Have you people tried using the usb_control_msg(0xA1, 1) on the Nano 5G? from the ipod touch? <br />
[http://theiphonewiki.com/wiki/index.php?title=Usb_control_msg%280xA1%2C_1%29_Exploit here] 23:28, 23 October 2010 (UTC)<br />
:I passed this to discussion on IRC, maybe someone will check this (I don't have a Nano 5G myself). Though, the Nano 5G uses a newer processor than the Touch 2G, so the code leading to this exploit might have changed. --[[User:Benedikt93|Benedikt93]] 17:38, 24 October 2010 (UTC)<br />
::Someone can also check out the new bootrom exploit Geohot released and see if it works on the Nanos. [[User:DaUnion|DaUnion]] 01:51, 26 October 2010 (UTC)<br />
:::AFAIK, [[User:TheSeven|TheSeven]] had the intention to do so, but I don't know if he already did so. --[[User:Benedikt93|Benedikt93]] 16:20, 26 October 2010 (UTC)</div>
Benedikt93
https://freemyipod.org/index.php?title=Talk:Nano_5G&diff=3197
Talk:Nano 5G
2010-10-24T17:38:06Z
<p>Benedikt93: </p>
<hr />
<div>Have you people tried using the usb_control_msg(0xA1, 1) on the Nano 5G? from the ipod touch? <br />
[http://theiphonewiki.com/wiki/index.php?title=Usb_control_msg%280xA1%2C_1%29_Exploit here] 23:28, 23 October 2010 (UTC)<br />
:I passed this to discussion on IRC, maybe someone will check this (I don't have a Nano 5G myself). Though, the Nano 5G uses a newer processor than the Touch 2G, so the code leading to this exploit might have changed. --[[User:Benedikt93|Benedikt93]] 17:38, 24 October 2010 (UTC)</div>
Benedikt93
https://freemyipod.org/index.php?title=S5L8700_datasheet&diff=3195
S5L8700 datasheet
2010-10-17T19:25:41Z
<p>Benedikt93: </p>
<hr />
<div>The datasheet for the S5L8700X was found [http://rapidshare.com/files/101234522/S5L8700X-DS.pdf.html here]. It matches the [http://www.samsung.com/global/business/semiconductor/productInfo.do?fmly_id=136&partnum=K4M56163PG official Samsung 8700 info page]. The datasheet describes every pin (page 1-5) and instruction (page 3-1) of the 8700 series in detail. The pin locations described in the datasheet are not the actual locations for the iPod's [http://www.samsung.com/global/business/semiconductor/support/PackageInformation/downloads/SystemLSI/FBGA/226_FBGA_0909_08_05.pdf 226-pin FBGA] version.<br />
==Helpful pages==<br />
http://www.samsung.com/global/business/semiconductor/support/PackageInformation/download_FBGA.html<br />
<br />
http://www.rockbox.org/twiki/bin/view/Main/SamsungSA58#SA58700_codename_Blues<br />
<br />
http://www.meizume.com/rockbox/5797-technical-information-s5l8700x07-sip.html</div>
Benedikt93
https://freemyipod.org/index.php?title=Main_Page&diff=3193
Main Page
2010-10-13T12:39:17Z
<p>Benedikt93: Undo revision 3192 by Wokfel (talk) -> Spam</p>
<hr />
<div>__NOTOC__<br />
[[File:Embios.jpg|115px|thumb|right|[[emBIOS]] on the 4G Nano]]<br />
This is the wiki for the freemyipod project. Freemyipod is a project for reverse-engineering iPods with clickwheel and creating tools and documentation so that other people can port alternative firmwares to them such as [http://www.rockbox.org rockbox]. Freemyipod is a relaunch of [[Linux4nano]]<br />
<br />
==Updates==<br />
*{{#dateformat:2010-08-29}} - We're proud to announce the release of [[emBIOS]] v0.1.0 and [[iLoader]] v0.2.0!<br />
*{{#dateformat:2010-08-26}} - [[iLoader]], its installer and uninstaller all have been fully ported to [[emBIOS]] now. A beta release will be coming soon!<br />
*{{#dateformat:2010-08-13}} - [[emBIOS]] is continually being improved and the next step is porting tools like [[iLoader]] to use it.<br />
* {{#dateformat:2010-08-06}} - The wiki has now been moved to www.freemyipod.org<br />
* {{#dateformat:2010-08-05}} - Recently we've been working on a hardware abstraction project called [[emBIOS]]. Follow development [http://websvn.freemyipod.org/listing.php?repname=freemyipod&path=/embios/ here]<br />
* {{#dateformat:2010-08-03}} - We can now access the Nano 4G accelerometer.<br />
* {{#dateformat:2010-08-02}} - serpilliere managed to decrypt the NOR flash on the [[Nano 3G]].<br />
* {{#dateformat:2010-08-01}} - serpilliere managed to access and dump the NOR flash on the [[Nano 3G]]. This code could possibly work on the Classics.<br />
* {{#dateformat:2010-07-27}} - The server got zapped by lightning but a new one was up and running within a day.<br />
* {{#dateformat:2010-02-23}} - We can now execute code on everything besides the [[Nano 5G]]! Minimalistic iBugger working on [[Nano 3G]]!<br />
* {{#dateformat:2009-11-01}} - iBugger core v0.1 successfully running on [[Nano 4G]]! [http://img217.imageshack.us/img217/4122/img0969.jpg]<br />
<br />
Follow [http://twitter.com/freemyipod our Twitter feed] to get status updates automatically. See the [[Status]] page for more detailed information.<br />
<br />
{| cellspacing="3" width="100%"<br />
|- valign="top"<br />
|style="border: 1px dashed #c6c9ff; background-color: #f0f0ff"|<br />
===Project info===<br />
* [[ Status ]]<br />
* [[ Contact ]]<br />
* [[ Contributing ]]<br />
* [[ SVN ]]<br />
* [[ Todo list ]]<br />
* [[ Project summary ]]<br />
<br />
===Released Software===<br />
* [[iLoader]]<br />
* [[iBugger]]<br />
* [[emBIOS]]<br />
** [[emBIOS Monitor Protocol]]<br />
<br />
===Basic skills===<br />
* [[Working with binaries]]<br />
* [[Dumping firmware]]<br />
* [[Extracting firmware]]<br />
|style="border: 1px dashed #c6c9ff; background-color: #f0f0ff"|<br />
<br />
===Reverse engineering results===<br />
* [[Firmware]]<br />
* [[Bootstrapping sequence]]<br />
* [[Firmware decryption]]<br />
* [[GUID table]]<br />
* Nano 2G<br />
** [[Nano2G clock gates‎]]<br />
** [[Nano2G LCD init]]<br />
** [[Nano2G FTL]]<br />
* Nano 4G<br />
** [[Nano4G firmware upgrade process]]<br />
<br />
===Exploiting===<br />
* [[Pwnage 2.0]]<br />
* [[Notes vulnerability]]<br />
** [[Address bruteforcing]]<br />
** [[Nanotron 3000]]<br />
|style="border: 1px dashed #c6c9ff; background-color: #f0f0ff"|<br />
===Hardware===<br />
* [[Hardware]]<br />
** [[Nano 1G]]<br />
** [[Nano 2G]]<br />
*** [[Nano2G HW analysis]]<br />
*** [[S5L8701 analysis]]<br />
** [[Nano 3G]]<br />
** [[Nano 4G]]<br />
** [[Nano 5G]]<br />
** [[Nano 6G]]<br />
** [[Classic 1G]]<br />
** [[Classic 2G]]<br />
** [[Classic 3G]]<br />
* [[Chronology]]<br />
* [[S5L8700 datasheet]]<br />
<br />
===Other guides===<br />
* [[MPEG movies]]<br />
* [[Modes]]<br />
|}</div>
Benedikt93
https://freemyipod.org/index.php?title=Contact&diff=3191
Contact
2010-10-08T20:13:04Z
<p>Benedikt93: </p>
<hr />
<div>There are various ways to contact the freemyipod team.<br />
<br />
== IRC ==<br />
We have some fairly active IRC channels on [http://freenode.net/ freenode].<br />
Some channels are logged, please check http://logs.freemyipod.org for the logfiles.<br />
<br />
=== #freemyipod ===<br />
This channel is for anything related to the project. This may be development related, but can also be a simple question to something. You can join it on<br />
<br />
[irc://irc.freenode.net/freemyipod #freemyipod]<br />
<br />
=== #freemyipod-support ===<br />
This is our support channel. If you have questions or problems concerning our software, this is the place to ask. You can join it on<br />
<br />
[irc://irc.freenode.net/freemyipod-support #freemyipod-support]<br />
<br />
=== #freemyipod-chatter ===<br />
This is our offtopic channel. Any stuff that is not related to the project should be discussed there. You can join it on<br />
<br />
[irc://irc.freenode.net/freemyipod-chatter #freemyipod-chatter]<br />
<br />
== Mailing lists ==<br />
We have several mailing lists. You can find them on http://lists.freemyipod.org.<br />
<br />
=== freemyipod ===<br />
This list is for questions on the project, development related stuff and everything else related to the project. Feel free to post here if you want to help out (also see [[Contributing]]) or just have a question on something.<br />
<br />
You can register on [http://lists.freemyipod.org/listinfo/freemyipod this page]<br />
<br />
=== freemyipod-commits ===<br />
This is a information-only list that posts a mail whenever a developer commits something into the [[SVN|Subversion repositiory]]. You can not post to this list.<br />
<br />
You can subscribe to it [http://lists.freemyipod.org/listinfo/freemyipod here]<br />
<br />
== Mail ==<br />
If you want to contact one of the core members directly you can send a mail to <member name>@freemyipod.org. Please only use this if you really want to contact this specific member, if you have a general question, suggestion or request please send it to the mailing list.</div>
Benedikt93
https://freemyipod.org/index.php?title=Chronology&diff=3190
Chronology
2010-10-07T18:38:00Z
<p>Benedikt93: </p>
<hr />
<div>This page list all models of iPods and set the naming of it. So that, on this wiki, or on IRC nobody can be confused with what we are speaking about. Please also refer to Apple's [http://support.apple.com/kb/HT1353 Identifying iPod Models]" page<br />
<br />
==iPod Series==<br />
<br />
{| class="wikitable"<br />
! Model !! Introduced !! Capacity !! Notes <br />
|-<br />
| [http://support.apple.com/kb/HT1353#scrollwheel 1G] <br />
| 2001-10<br />
| 5 GB or 10 GB<br />
|<br />
|-<br />
| [http://support.apple.com/kb/HT1353#touchwheel 2G]<br />
| 2002-07 <br />
| 10 GB or 20 GB<br />
|<br />
|-<br />
| [http://support.apple.com/kb/HT1353#dockconnector 3G] <br />
| 2003-04<br />
| 10 GB, 15 GB, 20 GB, 30 GB, or 40 GB<br />
|<br />
|-<br />
| [http://support.apple.com/kb/HT1353#clickwheel 4G (Greyscale)]<br />
| 2004-07<br />
| 20 GB or 40 GB<br />
|<br />
|-<br />
| [http://support.apple.com/kb/HT1353#ipodphoto 4G (Color)]<br />
| 2004-10<br />
| 20 GB, 30 GB, or 60 GB<br />
|<br />
|-<br />
| [http://support.apple.com/kb/HT1353#ipodfifth 5G (Video)]<br />
| 2005-10<br />
| 30 GB or 60 GB<br />
|<br />
|-<br />
| [http://support.apple.com/kb/HT1353#ipodfifth2 5.5G (Video)]<br />
| 2006-09<br />
| 30 GB or 80 GB<br />
|<br />
|-<br />
| [http://support.apple.com/kb/HT1353#ipodclassic (6G) Classic 1G]<br />
| 2007-09<br />
| 80 GB or 160 GB<br />
| Encryption starts<br />
|-<br />
| [http://support.apple.com/kb/HT1353#iPod_classic_120GB (6G) Classic 2G]<br />
| 2008-09<br />
| 120 GB<br />
|<br />
|-<br />
| [http://support.apple.com/kb/HT1353#iPod_classic_160GB (6G) Classic 3G]<br />
| 2009-09<br />
| 160 GB<br />
|<br />
|}<br />
<br />
==iPod Nano Series==<br />
<br />
{| class="wikitable"<br />
! Model !! Introduced !! Capacity !! Notes <br />
|-<br />
| [http://support.apple.com/kb/HT1353#ipodnano Nano 1G]<br />
| 2005-09<br />
| 1 GB, 2 GB, or 4 GB<br />
|<br />
|-<br />
| [http://support.apple.com/kb/HT1353#ipodnano2 Nano 2G]<br />
| 2006-09<br />
| 2 GB, 4 GB, or 8 GB<br />
| Encryption starts<br />
|-<br />
| [http://support.apple.com/kb/HT1353#ipodnano3 Nano 3G]<br />
| 2007-09<br />
| 4 GB or 8 GB<br />
|<br />
|-<br />
| [http://support.apple.com/kb/HT1353#iPod_nano_4th_generation Nano 4G]<br />
| 2008-09<br />
| 8 GB or 16 GB<br />
|<br />
|-<br />
| [http://support.apple.com/kb/HT1353#iPod_nano5G Nano 5G]<br />
| 2009-09<br />
| 8 GB or 16 GB<br />
|<br />
|-<br />
| Nano 6G<br />
| 2010-09<br />
| 8 GB or 16 GB<br />
| Multi-Touch display<br />
|}<br />
<br />
==Timeline==<br />
[[Image:IPod Timeline.png|800px|The timeline of iPod releases (from Wikipedia)]]<br />
<br />
==The Motive==<br />
Understanding the mindset and motives behind Apple is key to understanding how and why the iPod was encrypted. While many people believe that the iPod was encrypted to put an end to iPodLinux and Rockbox, the main reason for the encryption was to thwart third-party imitators. Apple was not as concerned with iPodLinux and Rockbox because people were still buying their (overpriced) hardware, and therefore still generating profits. The main reason was because there were many imitations that replicated the hardware and ran the exact firmware that was run on normal iPods. This was a major drain of money for Apple. Another reason was that the DRM mechanism in the unencrypted firmware was being hacked. This allowed pirated content like games to be run without being bought.<br />
==The Response==<br />
Since Apple was losing money from the iPod imitators, they encrypted the firmware so the iPod clones could no longer use Apple firmware on their devices. There are still iPod clones out there (just search eBay), but very few use the Apple firmware anymore. Apple has encrypted all of their portable devices since the iPod Nano 2G.<br />
==The Change==<br />
In order to stop the fake iPods from using their firmware, Apple encrypted the firmware so only their devices could decrypt it. Apple changed their processor to Samsung and no longer used PortalPlayer.<br />
==Helpful Pages==<br />
http://support.apple.com/kb/HT1353</div>
Benedikt93
https://freemyipod.org/index.php?title=Getting_execution&diff=3166
Getting execution
2010-09-04T18:58:37Z
<p>Benedikt93: fix redirect (though it might not be needed anymore)</p>
<hr />
<div>#REDIRECT [[Notes vulnerability]]</div>
Benedikt93
https://freemyipod.org/index.php?title=EmBIOS&diff=3085
EmBIOS
2010-08-10T22:09:20Z
<p>Benedikt93: </p>
<hr />
<div>[[File:Embios.jpg|115px|thumb|right|emBIOS on the 4G Nano]]<br />
emBIOS is best described as a hardware abstraction with threading and debugging capabilities built in. It simplifies development immensely by integrating drivers for all the iPods. Before drivers were scattered throughout multiple tools built for multiple iPods. If there was a bug fix for a driver, it would have to be applied in many different places. emBIOS attempts to solve this problem by providing a syscall interface that is standard throughout all iPod generations. This means that a build of a tool can work across generations as long as it is run on a native emBIOS. This allows for maximum code reuse.<br />
<br />
If you're curious about how emBIOS works, you can browse it's SVN folder [http://websvn.freemyipod.org/listing.php?repname=freemyipod&path=/embios/&#a70ba5517efd721bf4f2b7b4285a23990 here].<br />
<br />
The emBIOS trunk had temporarily abandoned support for the [[Nano 4G]] since there was a holdup concerning it's timer. 4G development continued in the '4g_compat' branch which was merged to the trunk again as of 10 august 2010.<br />
==Building==<br />
If you want to try it out on your own iPod, there are automatic builds on [http://builds.freemyipod.org/ our buildserver], but you might as well just check out the SVN and compile it yourself. After all, emBIOS itself doesn't do much except print out its version string to the console. You must put something in main.c if you want it to do anything. Here are the basic steps to getting emBIOS up and running on your iPod:<br />
* Check out the Freemyipod [[SVN]].<br />
* Build the UCL tool in the root of the SVN using make. You will need access to the UCL libraries to build this.<br />
* Make sure you have the arm-eabi toolchain. You can easily build this using the rockboxdev.sh script in the tools directory of the Rockbox SVN.<br />
* If you are on a Nano 2G, build the trunk using 'make ipodnano2g'. If on a Nano 4G, build the 4g_compat branch using 'make ipodnano4g'.</div>
Benedikt93
https://freemyipod.org/index.php?title=S5L8701_analysis&diff=3075
S5L8701 analysis
2010-08-10T09:12:51Z
<p>Benedikt93: /* Guessed pinout table */ fix link</p>
<hr />
<div>[[File:S5L8701_bonding_wires_via_x-ray_bottom_view_2.jpg|200px|thumb|View of the bonding via X-ray]]<br />
[[File:S5L8701_top_layer_bottom_view_2.jpg|200px|thumb|View of the top layer]]<br />
[[File:S5L8701 bottom layer bot view 2.jpg|200px|thumb|View of the bottom layer]]<br />
== Introduction ==<br />
<br />
The samsung S5L8701 is the SOC of the IN2G. This chip is supposed to be close to the 8700 used on some concurrent MP3 players.<br />
<br />
We currently know nearly nothing about the differences of both chips, and the further evolutions. There is probably a small unencrypted boot ROM inside, which would be very useful for integrating user SW. Probably containing crypto information.<br />
Knowing the location of some JTAG pins could be very helpful.<br />
<br />
There is an OpenOffice Calc document describing possible pinouts [http://f4eru.free.fr/8701/ here]. There is also [https://mail.gna.org/public/linux4nano-dev/2009-05/msg00003.html tof's mailing list post].<br />
<br />
== Structure of the packaging ==<br />
<br />
The chip is a 226-pin TFBGA with a pitch of 0.5mm.<br />
This is the structure of a BGA package: [http://www.freepatentsonline.com/6569694-0-display.jpg BGA package]<br />
<br />
The chip is glued to a small double side PCB substrate.<br />
the electrical current passes through:<br />
*a pad of the chip die<br />
*a bonding wire<br />
*the top layer of the substrate<br />
*a via<br />
*the bottom layer<br />
*finally, the BGA ball<br />
<br />
The [[S5L8700 datasheet|known datasheet]] shows die pad numbers that need to be correlated to ball numbers (the specified package has a different ball layout).<br />
In order to do this, we make an analysis of the bonding and PCB.<br />
<br />
== Packaging analysis ==<br />
<br />
Following steps were made: <br />
*desoldering of the IC<br />
*removing of the balls and filler glue<br />
*X-ray picture<br />
*microscope picture of the bottom layer<br />
*removing the bottom layer and most of the substrate (by careful manual grinding)<br />
*microscope picture of the top layer<br />
*superposition of these views, and path finding from the die to the ball<br />
<br />
== Guessed pinout table ==<br />
<br />
the pinout is currently under study. See [http://f4eru.free.fr/8701/ here] for the actual status.<br />
This is not an easy part of the work, each pad has to be tested for connections all over the board (most IC's removed). See [[Nano2G_HW_analysis|Nano2G HW analysis]] for further PCB analysis.</div>
Benedikt93
https://freemyipod.org/index.php?title=EmBIOS&diff=3074
EmBIOS
2010-08-10T09:05:26Z
<p>Benedikt93: /* Building */ add link to buildserver</p>
<hr />
<div>[[File:Embios.jpg|115px|thumb|right|emBIOS on the 4G Nano]]<br />
emBIOS is best described as a hardware abstraction with threading and debugging capabilities built in. It simplifies development immensely by integrating drivers for all the iPods. Before drivers were scattered throughout multiple tools built for multiple iPods. If there was a bug fix for a driver, it would have to be applied in many different places. emBIOS attempts to solve this problem by providing a syscall interface that is standard throughout all iPod generations. This means that a build of a tool can work across generations as long as it is run on a native emBIOS. This allows for maximum code reuse.<br />
<br />
If you're curious about how emBIOS works, you can browse it's SVN folder [http://websvn.freemyipod.org/listing.php?repname=freemyipod&path=/embios/&#a70ba5517efd721bf4f2b7b4285a23990 here]. The emBIOS trunk has temporarily abandoned support for the [[Nano 4G]] since there was a holdup concerning it's timer. 4G development continues in the '4g_compat' branch. It will be merged in as soon as this holdup is solved.<br />
==Building==<br />
If you want to try it out on your own iPod, there are automatic builds on [http://builds.freemyipod.org/ our buildserver], but you might as well just check out the SVN and compile it yourself. After all, emBIOS itself doesn't do much except print out its version string to the console. You must put something in main.c if you want it to do anything. Here are the basic steps to getting emBIOS up and running on your iPod:<br />
* Check out the Freemyipod [[SVN]].<br />
* Build the UCL tool in the root of the SVN using make. You will need access to the UCL libraries to build this.<br />
* Make sure you have the arm-eabi toolchain. You can easily build this using the rockboxdev.sh script in the tools directory of the Rockbox SVN.<br />
* If you are on a Nano 2G, build the trunk using 'make ipodnano2g'. If on a Nano 4G, build the 4g_compat branch using 'make ipodnano4g'.</div>
Benedikt93
https://freemyipod.org/index.php?title=EmBIOS_Monitor_Protocol&diff=3068
EmBIOS Monitor Protocol
2010-08-07T22:06:34Z
<p>Benedikt93: /* 15: Get process information */</p>
<hr />
<div>This article describes the USB communcation protocol of emBIOS monitor.<br />
<br />
<br />
== Endpoints ==<br />
<br />
The emBIOS Monitor interface contains 4 bulk endpoints, in the following order:<br />
* Command OUT Endpoint<br />
* Command IN Endpoint<br />
* Data OUT Endpoint<br />
* Data IN Endpoint<br />
<br />
If not stated otherwise, everything is little endian.<br />
<br />
<br />
== General Structure ==<br />
Each packet send to the Command OUT Endpoint has a 16 byte header. The first 4 bytes, interpreted as a 32bit little endian word, contain the command ID. The meaning of the other bytes depends on the command. For commands that send data to the device, it will immediately follow that header.<br />
<br />
After sending a packet to the Command OUT Endpoint, listen on the Command IN Endpoint for a response. The response also has a 16 byte header, followed by an optional data stage, depending on the command. The first 4 bytes of the header, interpreted as a 32bit word, is the status code, the meaning of the other bytes depends on the command.<br />
<br />
{| class="wikitable prettytable"<br />
|+ Status Codes<br />
|-<br />
! Status Code !! Description<br />
|-<br />
| style="text-align:right" | 0 || Invalid response, you should bail out when receiving this<br />
|-<br />
| style="text-align:right" | 1 || OK (everything went fine)<br />
|-<br />
| style="text-align:right" | 2 || Command not supported<br />
|-<br />
| style="text-align:right" | 3 || Device is busy, retry later (another asynchronous command is already running)<br />
|-<br />
|}<br />
<br />
<br />
== Commands ==<br />
<br />
=== 0: Invalid ===<br />
Never issue this command. It will be rejected with status code 2.<br />
<br />
<br />
=== 1: Get device information ===<br />
Use this command to figure out various device properties.<br />
<br />
==== Get version information ====<br />
{| class="wikitable prettytable"<br />
|+ Command Packet<br />
|-<br />
! Offset !! Size (bytes) !! Description<br />
|-<br />
| style="text-align:right" | 0 || style="text-align:right" | 4 || Command ID (1)<br />
|-<br />
| style="text-align:right" | 4 || style="text-align:right" | 4 || Requested information type (0)<br />
|-<br />
| style="text-align:right" | 8 || style="text-align:right" | 8 || Should be zero<br />
|-<br />
|}<br />
<br />
{| class="wikitable prettytable"<br />
|+ Response Packet<br />
|-<br />
! Offset !! Size (bytes) !! Description<br />
|-<br />
| style="text-align:right" | 0 || style="text-align:right" | 4 || Status Code (1)<br />
|-<br />
| style="text-align:right" | 4 || style="text-align:right" | 4 || SVN Revision Number<br />
|-<br />
| style="text-align:right" | 8 || style="text-align:right" | 1 || Major version<br />
|-<br />
| style="text-align:right" | 9 || style="text-align:right" | 1 || Minor version<br />
|-<br />
| style="text-align:right" | 10 || style="text-align:right" | 1 || Patch version<br />
|-<br />
| style="text-align:right" | 11 || style="text-align:right" | 1 || Software Type ID<br />
|-<br />
| style="text-align:right" | 12 || style="text-align:right" | 4 || Device Type ID<br />
|-<br />
|}<br />
<br />
{| class="wikitable prettytable"<br />
|+ Software Types<br />
|-<br />
! Software Type ID !! Description<br />
|-<br />
| style="text-align:right" | 0 || invalid<br />
|-<br />
| style="text-align:right" | 1 || emBIOS Debugger<br />
|-<br />
|}<br />
<br />
{| class="wikitable prettytable"<br />
|+ Hardware Types<br />
|-<br />
! Device Type ID !! Description<br />
|-<br />
| style="text-align:right" | 0 || invalid<br />
|-<br />
| style="text-align:right" | 0x47324e49 || iPod Nano 2G<br />
|-<br />
| style="text-align:right" | 0x47334e49 || iPod Nano 3G<br />
|-<br />
| style="text-align:right" | 0x47344e49 || iPod Nano 4G<br />
|-<br />
| style="text-align:right" | 0x4c435049 || iPod Classic<br />
|-<br />
|}<br />
<br />
==== Get packet size information ====<br />
{| class="wikitable prettytable"<br />
|+ Command Packet<br />
|-<br />
! Offset !! Size (bytes) !! Description<br />
|-<br />
| style="text-align:right" | 0 || style="text-align:right" | 4 || Command ID (1)<br />
|-<br />
| style="text-align:right" | 4 || style="text-align:right" | 4 || Requested information type (1)<br />
|-<br />
| style="text-align:right" | 8 || style="text-align:right" | 8 || Should be zero<br />
|-<br />
|}<br />
<br />
{| class="wikitable prettytable"<br />
|+ Response Packet<br />
|-<br />
! Offset !! Size (bytes) !! Description<br />
|-<br />
| style="text-align:right" | 0 || style="text-align:right" | 4 || Status Code (1)<br />
|-<br />
| style="text-align:right" | 4 || style="text-align:right" | 2 || Maximum Command OUT Endpoint packet size<br />
|-<br />
| style="text-align:right" | 6 || style="text-align:right" | 2 || Maximum Command IN Endpoint packet size<br />
|-<br />
| style="text-align:right" | 8 || style="text-align:right" | 4 || Maximum Data OUT Endpoint packet size<br />
|-<br />
| style="text-align:right" | 12 || style="text-align:right" | 4 || Maximum Data IN Endpoint packet size<br />
|-<br />
|}<br />
<br />
<br />
==== Get user memory address range ====<br />
Provides information about the range of memory not used by emBIOS itself.<br />
<br />
{| class="wikitable prettytable"<br />
|+ Command Packet<br />
|-<br />
! Offset !! Size (bytes) !! Description<br />
|-<br />
| style="text-align:right" | 0 || style="text-align:right" | 4 || Command ID (1)<br />
|-<br />
| style="text-align:right" | 4 || style="text-align:right" | 4 || Requested information type (2)<br />
|-<br />
| style="text-align:right" | 8 || style="text-align:right" | 8 || Should be zero<br />
|-<br />
|}<br />
<br />
{| class="wikitable prettytable"<br />
|+ Response Packet<br />
|-<br />
! Offset !! Size (bytes) !! Description<br />
|-<br />
| style="text-align:right" | 0 || style="text-align:right" | 4 || Status Code (1)<br />
|-<br />
| style="text-align:right" | 4 || style="text-align:right" | 4 || Lower bound (inclusive) of the usable memory range<br />
|-<br />
| style="text-align:right" | 8 || style="text-align:right" | 4 || Upper bound (exclusive) of the usable memory range<br />
|-<br />
| style="text-align:right" | 12 || style="text-align:right" | 4 || Undefined<br />
|-<br />
|}<br />
<br />
<br />
=== 2: Reset ===<br />
Reboot the device.<br />
<br />
{| class="wikitable prettytable"<br />
|+ Command Packet<br />
|-<br />
! Offset !! Size (bytes) !! Description<br />
|-<br />
| style="text-align:right" | 0 || style="text-align:right" | 4 || Command ID (2)<br />
|-<br />
| style="text-align:right" | 4 || style="text-align:right" | 4 || Type: Reboot forcibly (0) / Reboot gracefully (1)<br />
|-<br />
| style="text-align:right" | 8 || style="text-align:right" | 8 || Should be zero<br />
|-<br />
|}<br />
<br />
Graceful reboots are asynchronous commands. Forced reboots won't send a response packet before rebooting.<br />
<br />
{| class="wikitable prettytable"<br />
|+ Response Packet<br />
|-<br />
! Offset !! Size (bytes) !! Description<br />
|-<br />
| style="text-align:right" | 0 || style="text-align:right" | 4 || Status Code (1 or 3)<br />
|-<br />
| style="text-align:right" | 4 || style="text-align:right" | 12 || Undefined<br />
|-<br />
|}<br />
<br />
The response indicates that the request has been acknowledged, however there might be substantial delay before device actually reboots.<br />
<br />
<br />
=== 3: Power off ===<br />
Power the device off.<br />
<br />
{| class="wikitable prettytable"<br />
|+ Command Packet<br />
|-<br />
! Offset !! Size (bytes) !! Description<br />
|-<br />
| style="text-align:right" | 0 || style="text-align:right" | 4 || Command ID (3)<br />
|-<br />
| style="text-align:right" | 4 || style="text-align:right" | 4 || Type: Power off forcibly (0) / Shut down gracefully (1)<br />
|-<br />
| style="text-align:right" | 8 || style="text-align:right" | 8 || Should be zero<br />
|-<br />
|}<br />
<br />
Both variants are asynchronous commands.<br />
<br />
{| class="wikitable prettytable"<br />
|+ Response Packet<br />
|-<br />
! Offset !! Size (bytes) !! Description<br />
|-<br />
| style="text-align:right" | 0 || style="text-align:right" | 4 || Status Code (1 or 3)<br />
|-<br />
| style="text-align:right" | 4 || style="text-align:right" | 12 || Undefined<br />
|-<br />
|}<br />
<br />
The response indicates that the request has been acknowledged, however there might be substantial delay before device actually powers off.<br />
<br />
<br />
=== 4: Read memory ===<br />
Use this command to read small amouts of memory through the command pipe. You may not request a transfer that would exceed the maximum Command IN Endpoint packet size (including the header).<br />
<br />
{| class="wikitable prettytable"<br />
|+ Command Packet<br />
|-<br />
! Offset !! Size (bytes) !! Description<br />
|-<br />
| style="text-align:right" | 0 || style="text-align:right" | 4 || Command ID (4)<br />
|-<br />
| style="text-align:right" | 4 || style="text-align:right" | 4 || Memory address to read from<br />
|-<br />
| style="text-align:right" | 8 || style="text-align:right" | 4 || Number of bytes to be read<br />
|-<br />
| style="text-align:right" | 12 || style="text-align:right" | 4 || Should be zero<br />
|-<br />
|}<br />
<br />
{| class="wikitable prettytable"<br />
|+ Response Packet<br />
|-<br />
! Offset !! Size (bytes) !! Description<br />
|-<br />
| style="text-align:right" | 0 || style="text-align:right" | 4 || Status Code (1)<br />
|-<br />
| style="text-align:right" | 4 || style="text-align:right" | 12 || Undefined<br />
|-<br />
| style="text-align:right" | 16 || style="text-align:right" | variable || The data read from memory<br />
|-<br />
|}<br />
<br />
<br />
=== 5: Write memory ===<br />
Use this command to write small amouts of memory through the command pipe. You may not request a transfer that would exceed the maximum Command OUT Endpoint packet size (including the header).<br />
<br />
{| class="wikitable prettytable"<br />
|+ Command Packet<br />
|-<br />
! Offset !! Size (bytes) !! Description<br />
|-<br />
| style="text-align:right" | 0 || style="text-align:right" | 4 || Command ID (5)<br />
|-<br />
| style="text-align:right" | 4 || style="text-align:right" | 4 || Memory address to write to<br />
|-<br />
| style="text-align:right" | 8 || style="text-align:right" | 4 || Number of bytes to write<br />
|-<br />
| style="text-align:right" | 12 || style="text-align:right" | 4 || Should be zero<br />
|-<br />
| style="text-align:right" | 16 || style="text-align:right" | variable || The data to be written<br />
|-<br />
|}<br />
<br />
{| class="wikitable prettytable"<br />
|+ Response Packet<br />
|-<br />
! Offset !! Size (bytes) !! Description<br />
|-<br />
| style="text-align:right" | 0 || style="text-align:right" | 4 || Status Code (1)<br />
|-<br />
| style="text-align:right" | 4 || style="text-align:right" | 12 || Undefined<br />
|-<br />
|}<br />
<br />
<br />
=== 6: Read memory using DMA ===<br />
Use this command to read large amouts of memory through the data pipe. You may not request a transfer that would exceed the maximum Data IN Endpoint packet size.<br />
<br />
{| class="wikitable prettytable"<br />
|+ Command Packet<br />
|-<br />
! Offset !! Size (bytes) !! Description<br />
|-<br />
| style="text-align:right" | 0 || style="text-align:right" | 4 || Command ID (6)<br />
|-<br />
| style="text-align:right" | 4 || style="text-align:right" | 4 || Memory address to read from<br />
|-<br />
| style="text-align:right" | 8 || style="text-align:right" | 4 || Number of bytes to be read<br />
|-<br />
| style="text-align:right" | 12 || style="text-align:right" | 4 || Should be zero<br />
|-<br />
|}<br />
<br />
{| class="wikitable prettytable"<br />
|+ Response Packet<br />
|-<br />
! Offset !! Size (bytes) !! Description<br />
|-<br />
| style="text-align:right" | 0 || style="text-align:right" | 4 || Status Code (1)<br />
|-<br />
| style="text-align:right" | 4 || style="text-align:right" | 12 || Undefined<br />
|-<br />
|}<br />
<br />
After receiving the response, read the requested data from the Data IN Endpoint.<br />
<br />
<br />
=== 7: Write memory using DMA ===<br />
Use this command to read large amouts of memory through the data pipe. You may not request a transfer that would exceed the maximum Data OUT Endpoint packet size.<br />
<br />
{| class="wikitable prettytable"<br />
|+ Command Packet<br />
|-<br />
! Offset !! Size (bytes) !! Description<br />
|-<br />
| style="text-align:right" | 0 || style="text-align:right" | 4 || Command ID (7)<br />
|-<br />
| style="text-align:right" | 4 || style="text-align:right" | 4 || Memory address to write to<br />
|-<br />
| style="text-align:right" | 8 || style="text-align:right" | 4 || Number of bytes to be written<br />
|-<br />
| style="text-align:right" | 12 || style="text-align:right" | 4 || Should be zero<br />
|-<br />
|}<br />
<br />
{| class="wikitable prettytable"<br />
|+ Response Packet<br />
|-<br />
! Offset !! Size (bytes) !! Description<br />
|-<br />
| style="text-align:right" | 0 || style="text-align:right" | 4 || Status Code (1)<br />
|-<br />
| style="text-align:right" | 4 || style="text-align:right" | 12 || Undefined<br />
|-<br />
|}<br />
<br />
After receiving the response, send the data to be written to the Data OUT Endpoint.<br />
<br />
<br />
=== 8: Read from I2C device ===<br />
Use this command to read from an I2C slave. You may not request a transfer that would exceed the maximum Command IN Endpoint packet size (including the header) or 255 bytes (excluding the header), whichever is smaller.<br />
<br />
{| class="wikitable prettytable"<br />
|+ Command Packet<br />
|-<br />
! Offset !! Size (bytes) !! Description<br />
|-<br />
| style="text-align:right" | 0 || style="text-align:right" | 4 || Command ID (8)<br />
|-<br />
| style="text-align:right" | 4 || style="text-align:right" | 1 || I2C bus index<br />
|-<br />
| style="text-align:right" | 5 || style="text-align:right" | 1 || I2C slave address (in the upper 7 bits)<br />
|-<br />
| style="text-align:right" | 6 || style="text-align:right" | 1 || Start address on the I2C device<br />
|-<br />
| style="text-align:right" | 7 || style="text-align:right" | 1 || Number of bytes to be read<br />
|-<br />
| style="text-align:right" | 8 || style="text-align:right" | 8 || Should be zero<br />
|-<br />
|}<br />
<br />
I2C transactions are asynchronous commands.<br />
<br />
{| class="wikitable prettytable"<br />
|+ Response Packet<br />
|-<br />
! Offset !! Size (bytes) !! Description<br />
|-<br />
| style="text-align:right" | 0 || style="text-align:right" | 4 || Status Code (1 or 3)<br />
|-<br />
| style="text-align:right" | 4 || style="text-align:right" | 12 || Undefined<br />
|-<br />
| style="text-align:right" | 16 || style="text-align:right" | variable || The data read from the I2C device (undefined if the status code is not 1)<br />
|-<br />
|}<br />
<br />
<br />
=== 9: Write to I2C device ===<br />
Use this command to write to an I2C slave. You may not request a transfer that would exceed the maximum Command OUT Endpoint packet size (including the header) or 255 bytes (excluding the header), whichever is smaller.<br />
<br />
{| class="wikitable prettytable"<br />
|+ Command Packet<br />
|-<br />
! Offset !! Size (bytes) !! Description<br />
|-<br />
| style="text-align:right" | 0 || style="text-align:right" | 4 || Command ID (8)<br />
|-<br />
| style="text-align:right" | 4 || style="text-align:right" | 1 || I2C bus index<br />
|-<br />
| style="text-align:right" | 5 || style="text-align:right" | 1 || I2C slave address (in the upper 7 bits)<br />
|-<br />
| style="text-align:right" | 6 || style="text-align:right" | 1 || Start address on the I2C device<br />
|-<br />
| style="text-align:right" | 7 || style="text-align:right" | 1 || Number of bytes to be written<br />
|-<br />
| style="text-align:right" | 8 || style="text-align:right" | 8 || Should be zero<br />
|-<br />
| style="text-align:right" | 16 || style="text-align:right" | variable || The data to be written to the I2C device<br />
|-<br />
|}<br />
<br />
I2C transactions are asynchronous commands.<br />
<br />
{| class="wikitable prettytable"<br />
|+ Response Packet<br />
|-<br />
! Offset !! Size (bytes) !! Description<br />
|-<br />
| style="text-align:right" | 0 || style="text-align:right" | 4 || Status Code (1 or 3)<br />
|-<br />
| style="text-align:right" | 4 || style="text-align:right" | 12 || Undefined<br />
|-<br />
|}<br />
<br />
<br />
=== 10: Read from the USB console ===<br />
Use this command to get data written to the USB console. You may not request a transfer that would exceed the maximum Command IN Endpoint packet size (including the header).<br />
<br />
As long as the console application is running, make sure to issue this request at least once a second. Otherwise the console might start dropping data and inserting an "\n\n[overflowed]\n\n" mark. If you can't receive any data but need to keep the console from dropping data, issue zero-length read requests.<br />
<br />
{| class="wikitable prettytable"<br />
|+ Command Packet<br />
|-<br />
! Offset !! Size (bytes) !! Description<br />
|-<br />
| style="text-align:right" | 0 || style="text-align:right" | 4 || Command ID (10)<br />
|-<br />
| style="text-align:right" | 4 || style="text-align:right" | 4 || Number of bytes requested<br />
|-<br />
| style="text-align:right" | 8 || style="text-align:right" | 8 || Should be zero<br />
|-<br />
|}<br />
<br />
{| class="wikitable prettytable"<br />
|+ Response Packet<br />
|-<br />
! Offset !! Size (bytes) !! Description<br />
|-<br />
| style="text-align:right" | 0 || style="text-align:right" | 4 || Status Code (1)<br />
|-<br />
| style="text-align:right" | 4 || style="text-align:right" | 4 || Actual number of valid response bytes<br />
|-<br />
| style="text-align:right" | 8 || style="text-align:right" | 4 || Size of the on-device USB console read buffer<br />
|-<br />
| style="text-align:right" | 12 || style="text-align:right" | 4 || Number of bytes still waiting in the on-device USB console read buffer<br />
|-<br />
| style="text-align:right" | 16 || style="text-align:right" | variable || Valid console data padded with undefined data to meet the requested size<br />
|-<br />
|}<br />
<br />
<br />
=== 11: Write to the USB console ===<br />
Use this command to write data to the USB console. You may not request a transfer that would exceed the maximum Command OUT Endpoint packet size (including the header).<br />
<br />
{| class="wikitable prettytable"<br />
|+ Command Packet<br />
|-<br />
! Offset !! Size (bytes) !! Description<br />
|-<br />
| style="text-align:right" | 0 || style="text-align:right" | 4 || Command ID (11)<br />
|-<br />
| style="text-align:right" | 4 || style="text-align:right" | 4 || Number of bytes to be written<br />
|-<br />
| style="text-align:right" | 8 || style="text-align:right" | 8 || Should be zero<br />
|-<br />
| style="text-align:right" | 16 || style="text-align:right" | variable || Data to be written<br />
|-<br />
|}<br />
<br />
{| class="wikitable prettytable"<br />
|+ Response Packet<br />
|-<br />
! Offset !! Size (bytes) !! Description<br />
|-<br />
| style="text-align:right" | 0 || style="text-align:right" | 4 || Status Code (1)<br />
|-<br />
| style="text-align:right" | 4 || style="text-align:right" | 4 || Actual number of bytes written (the remainder will have to be resent)<br />
|-<br />
| style="text-align:right" | 8 || style="text-align:right" | 4 || Size of the on-device USB console write buffer<br />
|-<br />
| style="text-align:right" | 12 || style="text-align:right" | 4 || Number of bytes still free in the on-device USB console write buffer<br />
|-<br />
|}<br />
<br />
<br />
=== 12: Write to device's consoles ===<br />
Use this command to write data to one or more of the consoles. This is equivalent to the cwrite system call. You may not request a transfer that would exceed the maximum Command OUT Endpoint packet size (including the header).<br />
<br />
{| class="wikitable prettytable"<br />
|+ Command Packet<br />
|-<br />
! Offset !! Size (bytes) !! Description<br />
|-<br />
| style="text-align:right" | 0 || style="text-align:right" | 4 || Command ID (12)<br />
|-<br />
| style="text-align:right" | 4 || style="text-align:right" | 4 || Bitmask of consoles to be written to<br />
|-<br />
| style="text-align:right" | 8 || style="text-align:right" | 4 || Number of bytes to be written<br />
|-<br />
| style="text-align:right" | 12 || style="text-align:right" | 4 || Should be zero<br />
|-<br />
| style="text-align:right" | 16 || style="text-align:right" | variable || Data to be written<br />
|-<br />
|}<br />
<br />
{| class="wikitable prettytable"<br />
|+ Response Packet<br />
|-<br />
! Offset !! Size (bytes) !! Description<br />
|-<br />
| style="text-align:right" | 0 || style="text-align:right" | 4 || Status Code (1)<br />
|-<br />
| style="text-align:right" | 4 || style="text-align:right" | 12 || Undefined<br />
|-<br />
|}<br />
<br />
<br />
=== 13: Read from device's consoles ===<br />
Use this command to read data from one or more of the consoles. This is equivalent to the cread system call. You may not request a transfer that would exceed the maximum Command IN Endpoint packet size (including the header). This command will '''not''' block until there is data available.<br />
<br />
{| class="wikitable prettytable"<br />
|+ Command Packet<br />
|-<br />
! Offset !! Size (bytes) !! Description<br />
|-<br />
| style="text-align:right" | 0 || style="text-align:right" | 4 || Command ID (13)<br />
|-<br />
| style="text-align:right" | 4 || style="text-align:right" | 4 || Bitmask of consoles to be read from<br />
|-<br />
| style="text-align:right" | 8 || style="text-align:right" | 4 || Number of bytes to be read<br />
|-<br />
| style="text-align:right" | 12 || style="text-align:right" | 4 || Should be zero<br />
|-<br />
|}<br />
<br />
{| class="wikitable prettytable"<br />
|+ Response Packet<br />
|-<br />
! Offset !! Size (bytes) !! Description<br />
|-<br />
| style="text-align:right" | 0 || style="text-align:right" | 4 || Status Code (1)<br />
|-<br />
| style="text-align:right" | 4 || style="text-align:right" | 4 || Number of bytes actually read<br />
|-<br />
| style="text-align:right" | 8 || style="text-align:right" | 8 || Undefined<br />
|-<br />
| style="text-align:right" | 16 || style="text-align:right" | variable || The data read, padded with undefined data to meet the requested size<br />
|-<br />
|}<br />
<br />
<br />
=== 14: Flush device's console buffers ===<br />
Use this command to flush one or more console's buffers. This is equivalent to the cflush system call.<br />
<br />
{| class="wikitable prettytable"<br />
|+ Command Packet<br />
|-<br />
! Offset !! Size (bytes) !! Description<br />
|-<br />
| style="text-align:right" | 0 || style="text-align:right" | 4 || Command ID (14)<br />
|-<br />
| style="text-align:right" | 4 || style="text-align:right" | 4 || Bitmask of consoles to be flushed<br />
|-<br />
| style="text-align:right" | 8 || style="text-align:right" | 8 || Should be zero<br />
|-<br />
|}<br />
<br />
{| class="wikitable prettytable"<br />
|+ Response Packet<br />
|-<br />
! Offset !! Size (bytes) !! Description<br />
|-<br />
| style="text-align:right" | 0 || style="text-align:right" | 4 || Status Code (1)<br />
|-<br />
| style="text-align:right" | 4 || style="text-align:right" | 12 || Undefined<br />
|-<br />
|}<br />
<br />
<br />
=== 15: Get process information ===<br />
Use this command to obtain the current state of the scheduler. You may not request a transfer that would exceed the maximum Command IN Endpoint packet size (including the header).<br />
<br />
{| class="wikitable prettytable"<br />
|+ Command Packet<br />
|-<br />
! Offset !! Size (bytes) !! Description<br />
|-<br />
| style="text-align:right" | 0 || style="text-align:right" | 4 || Command ID (15)<br />
|-<br />
| style="text-align:right" | 4 || style="text-align:right" | 4 || Offset of first byte requested<br />
|-<br />
| style="text-align:right" | 8 || style="text-align:right" | 4 || Number of bytes requested<br />
|-<br />
| style="text-align:right" | 12 || style="text-align:right" | 4 || Should be zero<br />
|-<br />
|}<br />
<br />
{| class="wikitable prettytable"<br />
|+ Response Packet<br />
|-<br />
! Offset !! Size (bytes) !! Description<br />
|-<br />
| style="text-align:right" | 0 || style="text-align:right" | 4 || Status Code (1)<br />
|-<br />
| style="text-align:right" | 4 || style="text-align:right" | 4 || Process information struct version (incremented each time the format changes)<br />
|-<br />
| style="text-align:right" | 8 || style="text-align:right" | 4 || Total size of the process information table<br />
|-<br />
| style="text-align:right" | 12 || style="text-align:right" | 4 || Undefined<br />
|-<br />
| style="text-align:right" | 16 || style="text-align:right" | variable || The requested data, padded with undefined data to meet the requested size, if it exceeds bounds<br />
|-<br />
|}<br />
<br />
=== 16: (Un)Freeze scheduler ===<br />
Use this command to prevent execution of userspace code on the device while dumping or manipulating critical data.<br />
<br />
{| class="wikitable prettytable"<br />
|+ Command Packet<br />
|-<br />
! Offset !! Size (bytes) !! Description<br />
|-<br />
| style="text-align:right" | 0 || style="text-align:right" | 4 || Command ID (16)<br />
|-<br />
| style="text-align:right" | 4 || style="text-align:right" | 4 || Lock (1) or unlock (0) the scheduler<br />
|-<br />
| style="text-align:right" | 8 || style="text-align:right" | 8 || Should be zero<br />
|-<br />
|}<br />
<br />
{| class="wikitable prettytable"<br />
|+ Response Packet<br />
|-<br />
! Offset !! Size (bytes) !! Description<br />
|-<br />
| style="text-align:right" | 0 || style="text-align:right" | 4 || Status Code (1)<br />
|-<br />
| style="text-align:right" | 4 || style="text-align:right" | 4 || Previous state: Locked (1) or unlocked (0)<br />
|-<br />
| style="text-align:right" | 8 || style="text-align:right" | 8 || Undefined<br />
|-<br />
|}<br />
<br />
=== 17: (Un)Suspend thread ===<br />
Suspend or resume a thread<br />
<br />
{| class="wikitable prettytable"<br />
|+ Command Packet<br />
|-<br />
! Offset !! Size (bytes) !! Description<br />
|-<br />
| style="text-align:right" | 0 || style="text-align:right" | 4 || Command ID (17)<br />
|-<br />
| style="text-align:right" | 4 || style="text-align:right" | 4 || Suspend (1) or resume (0) the thread<br />
|-<br />
| style="text-align:right" | 8 || style="text-align:right" | 4 || Thread ID<br />
|-<br />
| style="text-align:right" | 12 || style="text-align:right" | 4 || Should be zero<br />
|-<br />
|}<br />
<br />
{| class="wikitable prettytable"<br />
|+ Response Packet<br />
|-<br />
! Offset !! Size (bytes) !! Description<br />
|-<br />
| style="text-align:right" | 0 || style="text-align:right" | 4 || Status Code (1)<br />
|-<br />
| style="text-align:right" | 4 || style="text-align:right" | 4 || Previous state: Suspended (1) or running (0)<br />
|-<br />
| style="text-align:right" | 8 || style="text-align:right" | 8 || Undefined<br />
|}<br />
<br />
=== 18: Kill thread ===<br />
Kill a thread<br />
<br />
{| class="wikitable prettytable"<br />
|+ Command Packet<br />
|-<br />
! Offset !! Size (bytes) !! Description<br />
|-<br />
| style="text-align:right" | 0 || style="text-align:right" | 4 || Command ID (18)<br />
|-<br />
| style="text-align:right" | 4 || style="text-align:right" | 4 || Thread ID<br />
|-<br />
| style="text-align:right" | 8 || style="text-align:right" | 8 || Should be zero<br />
|-<br />
|}<br />
<br />
{| class="wikitable prettytable"<br />
|+ Response Packet<br />
|-<br />
! Offset !! Size (bytes) !! Description<br />
|-<br />
| style="text-align:right" | 0 || style="text-align:right" | 4 || Status Code (1)<br />
|-<br />
| style="text-align:right" | 4 || style="text-align:right" | 12 || Undefined<br />
|-<br />
|}<br />
<br />
<br />
=== 19: Create thread ===<br />
Create a new thread. This command uses an extended command size of 32 bytes.<br />
<br />
{| class="wikitable prettytable"<br />
|+ Command Packet<br />
|-<br />
! Offset !! Size (bytes) !! Description<br />
|-<br />
| style="text-align:right" | 0 || style="text-align:right" | 4 || Command ID (19)<br />
|-<br />
| style="text-align:right" | 4 || style="text-align:right" | 4 || Pointer to thread name or NULL<br />
|-<br />
| style="text-align:right" | 8 || style="text-align:right" | 4 || Pointer to entry point of the new thread<br />
|-<br />
| style="text-align:right" | 12 || style="text-align:right" | 4 || Pointer to stack of the new thread<br />
|-<br />
| style="text-align:right" | 16 || style="text-align:right" | 4 || Size of the new thread's stack in bytes<br />
|-<br />
| style="text-align:right" | 20 || style="text-align:right" | 4 || Type: User thread (0) or system thread (1)<br />
|-<br />
| style="text-align:right" | 24 || style="text-align:right" | 4 || Priority of the new thread (1-255)<br />
|-<br />
| style="text-align:right" | 28 || style="text-align:right" | 4 || Initial state: Ready (1) or suspended (0)<br />
|-<br />
|}<br />
<br />
{| class="wikitable prettytable"<br />
|+ Response Packet<br />
|-<br />
! Offset !! Size (bytes) !! Description<br />
|-<br />
| style="text-align:right" | 0 || style="text-align:right" | 4 || Status Code (1)<br />
|-<br />
| style="text-align:right" | 4 || style="text-align:right" | 4 || ID of the created thread (positive) or error code (negative)<br />
|-<br />
| style="text-align:right" | 8 || style="text-align:right" | 8 || Undefined<br />
|-<br />
|}<br />
<br />
<br />
=== 20: Flush CPU caches ===<br />
Flushes the CPU's instruction and data caches<br />
<br />
{| class="wikitable prettytable"<br />
|+ Command Packet<br />
|-<br />
! Offset !! Size (bytes) !! Description<br />
|-<br />
| style="text-align:right" | 0 || style="text-align:right" | 4 || Command ID (20)<br />
|-<br />
| style="text-align:right" | 4 || style="text-align:right" | 12 || Should be zero<br />
|-<br />
|}<br />
<br />
{| class="wikitable prettytable"<br />
|+ Response Packet<br />
|-<br />
! Offset !! Size (bytes) !! Description<br />
|-<br />
| style="text-align:right" | 0 || style="text-align:right" | 4 || Status Code (1)<br />
|-<br />
| style="text-align:right" | 4 || style="text-align:right" | 12 || Undefined<br />
|-<br />
|}</div>
Benedikt93
https://freemyipod.org/index.php?title=EmBIOS_Monitor_Protocol&diff=3064
EmBIOS Monitor Protocol
2010-08-07T12:25:33Z
<p>Benedikt93: Fixed copy & paste mistake</p>
<hr />
<div>This article describes the USB communcation protocol of emBIOS monitor.<br />
<br />
<br />
== Endpoints ==<br />
<br />
The emBIOS Monitor interface contains 4 bulk endpoints, in the following order:<br />
* Command OUT Endpoint<br />
* Command IN Endpoint<br />
* Data OUT Endpoint<br />
* Data IN Endpoint<br />
<br />
If not stated otherwise, everything is little endian.<br />
<br />
<br />
== General Structure ==<br />
Each packet send to the Command OUT Endpoint has a 16 byte header. The first 4 bytes, interpreted as a 32bit little endian word, contain the command ID. The meaning of the other bytes depends on the command. For commands that send data to the device, it will immediately follow that header.<br />
<br />
After sending a packet to the Command OUT Endpoint, listen on the Command IN Endpoint for a response. The response also has a 16 byte header, followed by an optional data stage, depending on the command. The first 4 bytes of the header, interpreted as a 32bit word, is the status code, the meaning of the other bytes depends on the command.<br />
<br />
{| class="wikitable prettytable"<br />
|+ Status Codes<br />
|-<br />
! Status Code !! Description<br />
|-<br />
| style="text-align:right" | 0 || Invalid response, you should bail out when receiving this<br />
|-<br />
| style="text-align:right" | 1 || OK (everything went fine)<br />
|-<br />
| style="text-align:right" | 2 || Command not supported<br />
|-<br />
| style="text-align:right" | 3 || Device is busy, retry later (another asynchronous command is already running)<br />
|-<br />
|}<br />
<br />
<br />
== Commands ==<br />
<br />
=== 0: Invalid ===<br />
Never issue this command. It will be rejected with status code 2.<br />
<br />
<br />
=== 1: Get device information ===<br />
Use this command to figure out various device properties.<br />
<br />
==== Get version information ====<br />
{| class="wikitable prettytable"<br />
|+ Command Packet<br />
|-<br />
! Offset !! Size (bytes) !! Description<br />
|-<br />
| style="text-align:right" | 0 || style="text-align:right" | 4 || Command ID (1)<br />
|-<br />
| style="text-align:right" | 4 || style="text-align:right" | 4 || Requested information type (0)<br />
|-<br />
| style="text-align:right" | 8 || style="text-align:right" | 8 || Should be zero<br />
|-<br />
|}<br />
<br />
{| class="wikitable prettytable"<br />
|+ Response Packet<br />
|-<br />
! Offset !! Size (bytes) !! Description<br />
|-<br />
| style="text-align:right" | 0 || style="text-align:right" | 4 || Status Code (1)<br />
|-<br />
| style="text-align:right" | 4 || style="text-align:right" | 4 || SVN Revision Number<br />
|-<br />
| style="text-align:right" | 8 || style="text-align:right" | 1 || Major version<br />
|-<br />
| style="text-align:right" | 9 || style="text-align:right" | 1 || Minor version<br />
|-<br />
| style="text-align:right" | 10 || style="text-align:right" | 1 || Patch version<br />
|-<br />
| style="text-align:right" | 11 || style="text-align:right" | 1 || Software Type ID<br />
|-<br />
| style="text-align:right" | 12 || style="text-align:right" | 4 || Device Type ID<br />
|-<br />
|}<br />
<br />
{| class="wikitable prettytable"<br />
|+ Software Types<br />
|-<br />
! Software Type ID !! Description<br />
|-<br />
| style="text-align:right" | 0 || invalid<br />
|-<br />
| style="text-align:right" | 1 || emBIOS Debugger<br />
|-<br />
|}<br />
<br />
{| class="wikitable prettytable"<br />
|+ Hardware Types<br />
|-<br />
! Device Type ID !! Description<br />
|-<br />
| style="text-align:right" | 0 || invalid<br />
|-<br />
| style="text-align:right" | 0x47324e49 || iPod Nano 2G<br />
|-<br />
| style="text-align:right" | 0x47334e49 || iPod Nano 3G<br />
|-<br />
| style="text-align:right" | 0x47344e49 || iPod Nano 4G<br />
|-<br />
| style="text-align:right" | 0x4c435049 || iPod Classic<br />
|-<br />
|}<br />
<br />
==== Get packet size information ====<br />
{| class="wikitable prettytable"<br />
|+ Command Packet<br />
|-<br />
! Offset !! Size (bytes) !! Description<br />
|-<br />
| style="text-align:right" | 0 || style="text-align:right" | 4 || Command ID (1)<br />
|-<br />
| style="text-align:right" | 4 || style="text-align:right" | 4 || Requested information type (1)<br />
|-<br />
| style="text-align:right" | 8 || style="text-align:right" | 8 || Should be zero<br />
|-<br />
|}<br />
<br />
{| class="wikitable prettytable"<br />
|+ Response Packet<br />
|-<br />
! Offset !! Size (bytes) !! Description<br />
|-<br />
| style="text-align:right" | 0 || style="text-align:right" | 4 || Status Code (1)<br />
|-<br />
| style="text-align:right" | 4 || style="text-align:right" | 2 || Maximum Command OUT Endpoint packet size<br />
|-<br />
| style="text-align:right" | 6 || style="text-align:right" | 2 || Maximum Command IN Endpoint packet size<br />
|-<br />
| style="text-align:right" | 8 || style="text-align:right" | 4 || Maximum Data OUT Endpoint packet size<br />
|-<br />
| style="text-align:right" | 12 || style="text-align:right" | 4 || Maximum Data IN Endpoint packet size<br />
|-<br />
|}<br />
<br />
<br />
==== Get user memory address range ====<br />
Provides information about the range of memory not used by emBIOS itself.<br />
<br />
{| class="wikitable prettytable"<br />
|+ Command Packet<br />
|-<br />
! Offset !! Size (bytes) !! Description<br />
|-<br />
| style="text-align:right" | 0 || style="text-align:right" | 4 || Command ID (1)<br />
|-<br />
| style="text-align:right" | 4 || style="text-align:right" | 4 || Requested information type (2)<br />
|-<br />
| style="text-align:right" | 8 || style="text-align:right" | 8 || Should be zero<br />
|-<br />
|}<br />
<br />
{| class="wikitable prettytable"<br />
|+ Response Packet<br />
|-<br />
! Offset !! Size (bytes) !! Description<br />
|-<br />
| style="text-align:right" | 0 || style="text-align:right" | 4 || Status Code (1)<br />
|-<br />
| style="text-align:right" | 4 || style="text-align:right" | 4 || Lower bound (inclusive) of the usable memory range<br />
|-<br />
| style="text-align:right" | 8 || style="text-align:right" | 4 || Upper bound (exclusive) of the usable memory range<br />
|-<br />
| style="text-align:right" | 12 || style="text-align:right" | 4 || Undefined<br />
|-<br />
|}<br />
<br />
<br />
=== 2: Reset ===<br />
Reboot the device.<br />
<br />
{| class="wikitable prettytable"<br />
|+ Command Packet<br />
|-<br />
! Offset !! Size (bytes) !! Description<br />
|-<br />
| style="text-align:right" | 0 || style="text-align:right" | 4 || Command ID (2)<br />
|-<br />
| style="text-align:right" | 4 || style="text-align:right" | 4 || Type: Reboot forcibly (0) / Reboot gracefully (1)<br />
|-<br />
| style="text-align:right" | 8 || style="text-align:right" | 8 || Should be zero<br />
|-<br />
|}<br />
<br />
Graceful reboots are asynchronous commands. Forced reboots won't send a response packet before rebooting.<br />
<br />
{| class="wikitable prettytable"<br />
|+ Response Packet<br />
|-<br />
! Offset !! Size (bytes) !! Description<br />
|-<br />
| style="text-align:right" | 0 || style="text-align:right" | 4 || Status Code (1 or 3)<br />
|-<br />
| style="text-align:right" | 4 || style="text-align:right" | 12 || Undefined<br />
|-<br />
|}<br />
<br />
The response indicates that the request has been acknowledged, however there might be substantial delay before device actually reboots.<br />
<br />
<br />
=== 3: Power off ===<br />
Power the device off.<br />
<br />
{| class="wikitable prettytable"<br />
|+ Command Packet<br />
|-<br />
! Offset !! Size (bytes) !! Description<br />
|-<br />
| style="text-align:right" | 0 || style="text-align:right" | 4 || Command ID (3)<br />
|-<br />
| style="text-align:right" | 4 || style="text-align:right" | 4 || Type: Power off forcibly (0) / Shut down gracefully (1)<br />
|-<br />
| style="text-align:right" | 8 || style="text-align:right" | 8 || Should be zero<br />
|-<br />
|}<br />
<br />
Both variants are asynchronous commands.<br />
<br />
{| class="wikitable prettytable"<br />
|+ Response Packet<br />
|-<br />
! Offset !! Size (bytes) !! Description<br />
|-<br />
| style="text-align:right" | 0 || style="text-align:right" | 4 || Status Code (1 or 3)<br />
|-<br />
| style="text-align:right" | 4 || style="text-align:right" | 12 || Undefined<br />
|-<br />
|}<br />
<br />
The response indicates that the request has been acknowledged, however there might be substantial delay before device actually powers off.<br />
<br />
<br />
=== 4: Read memory ===<br />
Use this command to read small amouts of memory through the command pipe. You may not request a transfer that would exceed the maximum Command IN Endpoint packet size (including the header).<br />
<br />
{| class="wikitable prettytable"<br />
|+ Command Packet<br />
|-<br />
! Offset !! Size (bytes) !! Description<br />
|-<br />
| style="text-align:right" | 0 || style="text-align:right" | 4 || Command ID (4)<br />
|-<br />
| style="text-align:right" | 4 || style="text-align:right" | 4 || Memory address to read from<br />
|-<br />
| style="text-align:right" | 8 || style="text-align:right" | 4 || Number of bytes to be read<br />
|-<br />
| style="text-align:right" | 12 || style="text-align:right" | 4 || Should be zero<br />
|-<br />
|}<br />
<br />
{| class="wikitable prettytable"<br />
|+ Response Packet<br />
|-<br />
! Offset !! Size (bytes) !! Description<br />
|-<br />
| style="text-align:right" | 0 || style="text-align:right" | 4 || Status Code (1)<br />
|-<br />
| style="text-align:right" | 4 || style="text-align:right" | 12 || Undefined<br />
|-<br />
| style="text-align:right" | 16 || style="text-align:right" | variable || The data read from memory<br />
|-<br />
|}<br />
<br />
<br />
=== 5: Write memory ===<br />
Use this command to write small amouts of memory through the command pipe. You may not request a transfer that would exceed the maximum Command OUT Endpoint packet size (including the header).<br />
<br />
{| class="wikitable prettytable"<br />
|+ Command Packet<br />
|-<br />
! Offset !! Size (bytes) !! Description<br />
|-<br />
| style="text-align:right" | 0 || style="text-align:right" | 4 || Command ID (5)<br />
|-<br />
| style="text-align:right" | 4 || style="text-align:right" | 4 || Memory address to write to<br />
|-<br />
| style="text-align:right" | 8 || style="text-align:right" | 4 || Number of bytes to write<br />
|-<br />
| style="text-align:right" | 12 || style="text-align:right" | 4 || Should be zero<br />
|-<br />
| style="text-align:right" | 16 || style="text-align:right" | variable || The data to be written<br />
|-<br />
|}<br />
<br />
{| class="wikitable prettytable"<br />
|+ Response Packet<br />
|-<br />
! Offset !! Size (bytes) !! Description<br />
|-<br />
| style="text-align:right" | 0 || style="text-align:right" | 4 || Status Code (1)<br />
|-<br />
| style="text-align:right" | 4 || style="text-align:right" | 12 || Undefined<br />
|-<br />
|}<br />
<br />
<br />
=== 6: Read memory using DMA ===<br />
Use this command to read large amouts of memory through the data pipe. You may not request a transfer that would exceed the maximum Data IN Endpoint packet size.<br />
<br />
{| class="wikitable prettytable"<br />
|+ Command Packet<br />
|-<br />
! Offset !! Size (bytes) !! Description<br />
|-<br />
| style="text-align:right" | 0 || style="text-align:right" | 4 || Command ID (6)<br />
|-<br />
| style="text-align:right" | 4 || style="text-align:right" | 4 || Memory address to read from<br />
|-<br />
| style="text-align:right" | 8 || style="text-align:right" | 4 || Number of bytes to be read<br />
|-<br />
| style="text-align:right" | 12 || style="text-align:right" | 4 || Should be zero<br />
|-<br />
|}<br />
<br />
{| class="wikitable prettytable"<br />
|+ Response Packet<br />
|-<br />
! Offset !! Size (bytes) !! Description<br />
|-<br />
| style="text-align:right" | 0 || style="text-align:right" | 4 || Status Code (1)<br />
|-<br />
| style="text-align:right" | 4 || style="text-align:right" | 12 || Undefined<br />
|-<br />
|}<br />
<br />
After receiving the response, read the requested data from the Data IN Endpoint.<br />
<br />
<br />
=== 7: Write memory using DMA ===<br />
Use this command to read large amouts of memory through the data pipe. You may not request a transfer that would exceed the maximum Data OUT Endpoint packet size.<br />
<br />
{| class="wikitable prettytable"<br />
|+ Command Packet<br />
|-<br />
! Offset !! Size (bytes) !! Description<br />
|-<br />
| style="text-align:right" | 0 || style="text-align:right" | 4 || Command ID (7)<br />
|-<br />
| style="text-align:right" | 4 || style="text-align:right" | 4 || Memory address to write to<br />
|-<br />
| style="text-align:right" | 8 || style="text-align:right" | 4 || Number of bytes to be written<br />
|-<br />
| style="text-align:right" | 12 || style="text-align:right" | 4 || Should be zero<br />
|-<br />
|}<br />
<br />
{| class="wikitable prettytable"<br />
|+ Response Packet<br />
|-<br />
! Offset !! Size (bytes) !! Description<br />
|-<br />
| style="text-align:right" | 0 || style="text-align:right" | 4 || Status Code (1)<br />
|-<br />
| style="text-align:right" | 4 || style="text-align:right" | 12 || Undefined<br />
|-<br />
|}<br />
<br />
After receiving the response, send the data to be written to the Data OUT Endpoint.<br />
<br />
<br />
=== 8: Read from I2C device ===<br />
Use this command to read from an I2C slave. You may not request a transfer that would exceed the maximum Command IN Endpoint packet size (including the header) or 255 bytes (excluding the header), whichever is smaller.<br />
<br />
{| class="wikitable prettytable"<br />
|+ Command Packet<br />
|-<br />
! Offset !! Size (bytes) !! Description<br />
|-<br />
| style="text-align:right" | 0 || style="text-align:right" | 4 || Command ID (8)<br />
|-<br />
| style="text-align:right" | 4 || style="text-align:right" | 1 || I2C bus index<br />
|-<br />
| style="text-align:right" | 5 || style="text-align:right" | 1 || I2C slave address (in the upper 7 bits)<br />
|-<br />
| style="text-align:right" | 6 || style="text-align:right" | 1 || Start address on the I2C device<br />
|-<br />
| style="text-align:right" | 7 || style="text-align:right" | 1 || Number of bytes to be read<br />
|-<br />
| style="text-align:right" | 8 || style="text-align:right" | 8 || Should be zero<br />
|-<br />
|}<br />
<br />
I2C transactions are asynchronous commands.<br />
<br />
{| class="wikitable prettytable"<br />
|+ Response Packet<br />
|-<br />
! Offset !! Size (bytes) !! Description<br />
|-<br />
| style="text-align:right" | 0 || style="text-align:right" | 4 || Status Code (1 or 3)<br />
|-<br />
| style="text-align:right" | 4 || style="text-align:right" | 12 || Undefined<br />
|-<br />
| style="text-align:right" | 16 || style="text-align:right" | variable || The data read from the I2C device (undefined if the status code is not 1)<br />
|-<br />
|}<br />
<br />
<br />
=== 9: Write to I2C device ===<br />
Use this command to write to an I2C slave. You may not request a transfer that would exceed the maximum Command OUT Endpoint packet size (including the header) or 255 bytes (excluding the header), whichever is smaller.<br />
<br />
{| class="wikitable prettytable"<br />
|+ Command Packet<br />
|-<br />
! Offset !! Size (bytes) !! Description<br />
|-<br />
| style="text-align:right" | 0 || style="text-align:right" | 4 || Command ID (8)<br />
|-<br />
| style="text-align:right" | 4 || style="text-align:right" | 1 || I2C bus index<br />
|-<br />
| style="text-align:right" | 5 || style="text-align:right" | 1 || I2C slave address (in the upper 7 bits)<br />
|-<br />
| style="text-align:right" | 6 || style="text-align:right" | 1 || Start address on the I2C device<br />
|-<br />
| style="text-align:right" | 7 || style="text-align:right" | 1 || Number of bytes to be written<br />
|-<br />
| style="text-align:right" | 8 || style="text-align:right" | 8 || Should be zero<br />
|-<br />
| style="text-align:right" | 16 || style="text-align:right" | variable || The data to be written to the I2C device<br />
|-<br />
|}<br />
<br />
I2C transactions are asynchronous commands.<br />
<br />
{| class="wikitable prettytable"<br />
|+ Response Packet<br />
|-<br />
! Offset !! Size (bytes) !! Description<br />
|-<br />
| style="text-align:right" | 0 || style="text-align:right" | 4 || Status Code (1 or 3)<br />
|-<br />
| style="text-align:right" | 4 || style="text-align:right" | 12 || Undefined<br />
|-<br />
|}<br />
<br />
<br />
=== 10: Read from the USB console ===<br />
Use this command to get data written to the USB console. You may not request a transfer that would exceed the maximum Command IN Endpoint packet size (including the header).<br />
<br />
As long as the console application is running, make sure to issue this request at least once a second. Otherwise the console might start dropping data and inserting an "\n\n[overflowed]\n\n" mark. If you can't receive any data but need to keep the console from dropping data, issue zero-length read requests.<br />
<br />
{| class="wikitable prettytable"<br />
|+ Command Packet<br />
|-<br />
! Offset !! Size (bytes) !! Description<br />
|-<br />
| style="text-align:right" | 0 || style="text-align:right" | 4 || Command ID (10)<br />
|-<br />
| style="text-align:right" | 4 || style="text-align:right" | 4 || Number of bytes requested<br />
|-<br />
| style="text-align:right" | 8 || style="text-align:right" | 8 || Should be zero<br />
|-<br />
|}<br />
<br />
{| class="wikitable prettytable"<br />
|+ Response Packet<br />
|-<br />
! Offset !! Size (bytes) !! Description<br />
|-<br />
| style="text-align:right" | 0 || style="text-align:right" | 4 || Status Code (1)<br />
|-<br />
| style="text-align:right" | 4 || style="text-align:right" | 4 || Actual number of valid response bytes<br />
|-<br />
| style="text-align:right" | 8 || style="text-align:right" | 4 || Size of the on-device USB console read buffer<br />
|-<br />
| style="text-align:right" | 12 || style="text-align:right" | 4 || Number of bytes still waiting in the on-device USB console read buffer<br />
|-<br />
| style="text-align:right" | 16 || style="text-align:right" | variable || Valid console data padded with undefined data to meet the requested size<br />
|-<br />
|}<br />
<br />
<br />
=== 11: Write to the USB console ===<br />
Use this command to write data to the USB console. You may not request a transfer that would exceed the maximum Command OUT Endpoint packet size (including the header).<br />
<br />
{| class="wikitable prettytable"<br />
|+ Command Packet<br />
|-<br />
! Offset !! Size (bytes) !! Description<br />
|-<br />
| style="text-align:right" | 0 || style="text-align:right" | 4 || Command ID (11)<br />
|-<br />
| style="text-align:right" | 4 || style="text-align:right" | 4 || Number of bytes to be written<br />
|-<br />
| style="text-align:right" | 8 || style="text-align:right" | 8 || Should be zero<br />
|-<br />
| style="text-align:right" | 16 || style="text-align:right" | variable || Data to be written<br />
|-<br />
|}<br />
<br />
{| class="wikitable prettytable"<br />
|+ Response Packet<br />
|-<br />
! Offset !! Size (bytes) !! Description<br />
|-<br />
| style="text-align:right" | 0 || style="text-align:right" | 4 || Status Code (1)<br />
|-<br />
| style="text-align:right" | 4 || style="text-align:right" | 4 || Actual number of bytes written (the remainder will have to be resent)<br />
|-<br />
| style="text-align:right" | 8 || style="text-align:right" | 4 || Size of the on-device USB console write buffer<br />
|-<br />
| style="text-align:right" | 12 || style="text-align:right" | 4 || Number of bytes still free in the on-device USB console write buffer<br />
|-<br />
|}<br />
<br />
<br />
=== 12: Write to device's consoles ===<br />
Use this command to write data to one or more of the consoles. This is equivalent to the cwrite system call. You may not request a transfer that would exceed the maximum Command OUT Endpoint packet size (including the header).<br />
<br />
{| class="wikitable prettytable"<br />
|+ Command Packet<br />
|-<br />
! Offset !! Size (bytes) !! Description<br />
|-<br />
| style="text-align:right" | 0 || style="text-align:right" | 4 || Command ID (12)<br />
|-<br />
| style="text-align:right" | 4 || style="text-align:right" | 4 || Bitmask of consoles to be written to<br />
|-<br />
| style="text-align:right" | 8 || style="text-align:right" | 4 || Number of bytes to be written<br />
|-<br />
| style="text-align:right" | 12 || style="text-align:right" | 4 || Should be zero<br />
|-<br />
| style="text-align:right" | 16 || style="text-align:right" | variable || Data to be written<br />
|-<br />
|}<br />
<br />
{| class="wikitable prettytable"<br />
|+ Response Packet<br />
|-<br />
! Offset !! Size (bytes) !! Description<br />
|-<br />
| style="text-align:right" | 0 || style="text-align:right" | 4 || Status Code (1)<br />
|-<br />
| style="text-align:right" | 4 || style="text-align:right" | 12 || Undefined<br />
|-<br />
|}<br />
<br />
<br />
=== 13: Read from device's consoles ===<br />
Use this command to read data from one or more of the consoles. This is equivalent to the cread system call. You may not request a transfer that would exceed the maximum Command IN Endpoint packet size (including the header). This command will '''not''' block until there is data available.<br />
<br />
{| class="wikitable prettytable"<br />
|+ Command Packet<br />
|-<br />
! Offset !! Size (bytes) !! Description<br />
|-<br />
| style="text-align:right" | 0 || style="text-align:right" | 4 || Command ID (13)<br />
|-<br />
| style="text-align:right" | 4 || style="text-align:right" | 4 || Bitmask of consoles to be read from<br />
|-<br />
| style="text-align:right" | 8 || style="text-align:right" | 4 || Number of bytes to be read<br />
|-<br />
| style="text-align:right" | 12 || style="text-align:right" | 4 || Should be zero<br />
|-<br />
|}<br />
<br />
{| class="wikitable prettytable"<br />
|+ Response Packet<br />
|-<br />
! Offset !! Size (bytes) !! Description<br />
|-<br />
| style="text-align:right" | 0 || style="text-align:right" | 4 || Status Code (1)<br />
|-<br />
| style="text-align:right" | 4 || style="text-align:right" | 4 || Number of bytes actually read<br />
|-<br />
| style="text-align:right" | 8 || style="text-align:right" | 8 || Undefined<br />
|-<br />
| style="text-align:right" | 16 || style="text-align:right" | variable || The data read, padded with undefined data to meet the requested size<br />
|-<br />
|}<br />
<br />
<br />
=== 14: Flush device's console buffers ===<br />
Use this command to flush one or more console's buffers. This is equivalent to the cflush system call.<br />
<br />
{| class="wikitable prettytable"<br />
|+ Command Packet<br />
|-<br />
! Offset !! Size (bytes) !! Description<br />
|-<br />
| style="text-align:right" | 0 || style="text-align:right" | 4 || Command ID (14)<br />
|-<br />
| style="text-align:right" | 4 || style="text-align:right" | 4 || Bitmask of consoles to be flushed<br />
|-<br />
| style="text-align:right" | 8 || style="text-align:right" | 8 || Should be zero<br />
|-<br />
|}<br />
<br />
{| class="wikitable prettytable"<br />
|+ Response Packet<br />
|-<br />
! Offset !! Size (bytes) !! Description<br />
|-<br />
| style="text-align:right" | 0 || style="text-align:right" | 4 || Status Code (1)<br />
|-<br />
| style="text-align:right" | 4 || style="text-align:right" | 12 || Undefined<br />
|-<br />
|}<br />
<br />
<br />
=== 15: Get process information ===<br />
Use this command to obtain the current state of the scheduler. You may not request a transfer that would exceed the maximum Command OUT Endpoint packet size (including the header).<br />
<br />
{| class="wikitable prettytable"<br />
|+ Command Packet<br />
|-<br />
! Offset !! Size (bytes) !! Description<br />
|-<br />
| style="text-align:right" | 0 || style="text-align:right" | 4 || Command ID (15)<br />
|-<br />
| style="text-align:right" | 4 || style="text-align:right" | 4 || Offset of first byte requested<br />
|-<br />
| style="text-align:right" | 8 || style="text-align:right" | 4 || Number of bytes requested<br />
|-<br />
| style="text-align:right" | 12 || style="text-align:right" | 4 || Should be zero<br />
|-<br />
|}<br />
<br />
{| class="wikitable prettytable"<br />
|+ Response Packet<br />
|-<br />
! Offset !! Size (bytes) !! Description<br />
|-<br />
| style="text-align:right" | 0 || style="text-align:right" | 4 || Status Code (1)<br />
|-<br />
| style="text-align:right" | 4 || style="text-align:right" | 4 || Process information struct version (incremented each time the format changes)<br />
|-<br />
| style="text-align:right" | 8 || style="text-align:right" | 4 || Total size of the process information table<br />
|-<br />
| style="text-align:right" | 12 || style="text-align:right" | 4 || Undefined<br />
|-<br />
| style="text-align:right" | 16 || style="text-align:right" | variable || The requested data, padded with undefined data to meet the requested size, if it exceeds bounds<br />
|-<br />
|}<br />
<br />
<br />
=== 16: (Un)Freeze scheduler ===<br />
Use this command to prevent execution of userspace code on the device while dumping or manipulating critical data.<br />
<br />
{| class="wikitable prettytable"<br />
|+ Command Packet<br />
|-<br />
! Offset !! Size (bytes) !! Description<br />
|-<br />
| style="text-align:right" | 0 || style="text-align:right" | 4 || Command ID (16)<br />
|-<br />
| style="text-align:right" | 4 || style="text-align:right" | 4 || Lock (1) or unlock (0) the scheduler<br />
|-<br />
| style="text-align:right" | 8 || style="text-align:right" | 8 || Should be zero<br />
|-<br />
|}<br />
<br />
{| class="wikitable prettytable"<br />
|+ Response Packet<br />
|-<br />
! Offset !! Size (bytes) !! Description<br />
|-<br />
| style="text-align:right" | 0 || style="text-align:right" | 4 || Status Code (1)<br />
|-<br />
| style="text-align:right" | 4 || style="text-align:right" | 12 || Undefined<br />
|-<br />
|}<br />
<br />
<br />
=== 17: (Un)Suspend thread ===<br />
Suspend or resume a thread<br />
<br />
{| class="wikitable prettytable"<br />
|+ Command Packet<br />
|-<br />
! Offset !! Size (bytes) !! Description<br />
|-<br />
| style="text-align:right" | 0 || style="text-align:right" | 4 || Command ID (17)<br />
|-<br />
| style="text-align:right" | 4 || style="text-align:right" | 4 || Suspend (1) or resume (0) the thread<br />
|-<br />
| style="text-align:right" | 8 || style="text-align:right" | 4 || Thread ID<br />
|-<br />
| style="text-align:right" | 12 || style="text-align:right" | 4 || Should be zero<br />
|-<br />
|}<br />
<br />
{| class="wikitable prettytable"<br />
|+ Response Packet<br />
|-<br />
! Offset !! Size (bytes) !! Description<br />
|-<br />
| style="text-align:right" | 0 || style="text-align:right" | 4 || Status Code (1)<br />
|-<br />
| style="text-align:right" | 4 || style="text-align:right" | 12 || Undefined<br />
|-<br />
|}<br />
<br />
<br />
=== 18: Kill thread ===<br />
Kill a thread<br />
<br />
{| class="wikitable prettytable"<br />
|+ Command Packet<br />
|-<br />
! Offset !! Size (bytes) !! Description<br />
|-<br />
| style="text-align:right" | 0 || style="text-align:right" | 4 || Command ID (18)<br />
|-<br />
| style="text-align:right" | 4 || style="text-align:right" | 4 || Thread ID<br />
|-<br />
| style="text-align:right" | 8 || style="text-align:right" | 8 || Should be zero<br />
|-<br />
|}<br />
<br />
{| class="wikitable prettytable"<br />
|+ Response Packet<br />
|-<br />
! Offset !! Size (bytes) !! Description<br />
|-<br />
| style="text-align:right" | 0 || style="text-align:right" | 4 || Status Code (1)<br />
|-<br />
| style="text-align:right" | 4 || style="text-align:right" | 12 || Undefined<br />
|-<br />
|}<br />
<br />
<br />
=== 19: Create thread ===<br />
Create a new thread. This command uses an extended command size of 32 bytes.<br />
<br />
{| class="wikitable prettytable"<br />
|+ Command Packet<br />
|-<br />
! Offset !! Size (bytes) !! Description<br />
|-<br />
| style="text-align:right" | 0 || style="text-align:right" | 4 || Command ID (19)<br />
|-<br />
| style="text-align:right" | 4 || style="text-align:right" | 4 || Pointer to thread name or NULL<br />
|-<br />
| style="text-align:right" | 8 || style="text-align:right" | 4 || Pointer to entry point of the new thread<br />
|-<br />
| style="text-align:right" | 12 || style="text-align:right" | 4 || Pointer to stack of the new thread<br />
|-<br />
| style="text-align:right" | 16 || style="text-align:right" | 4 || Size of the new thread's stack in bytes<br />
|-<br />
| style="text-align:right" | 20 || style="text-align:right" | 4 || Type: User thread (0) or system thread (1)<br />
|-<br />
| style="text-align:right" | 24 || style="text-align:right" | 4 || Priority of the new thread (1-255)<br />
|-<br />
| style="text-align:right" | 28 || style="text-align:right" | 4 || Initial state: Ready (1) or suspended (0)<br />
|-<br />
|}<br />
<br />
{| class="wikitable prettytable"<br />
|+ Response Packet<br />
|-<br />
! Offset !! Size (bytes) !! Description<br />
|-<br />
| style="text-align:right" | 0 || style="text-align:right" | 4 || Status Code (1)<br />
|-<br />
| style="text-align:right" | 4 || style="text-align:right" | 4 || ID of the created thread (positive) or error code (negative)<br />
|-<br />
| style="text-align:right" | 8 || style="text-align:right" | 8 || Undefined<br />
|-<br />
|}<br />
<br />
<br />
=== 20: Flush CPU caches ===<br />
Flushes the CPU's instruction and data caches<br />
<br />
{| class="wikitable prettytable"<br />
|+ Command Packet<br />
|-<br />
! Offset !! Size (bytes) !! Description<br />
|-<br />
| style="text-align:right" | 0 || style="text-align:right" | 4 || Command ID (20)<br />
|-<br />
| style="text-align:right" | 4 || style="text-align:right" | 12 || Should be zero<br />
|-<br />
|}<br />
<br />
{| class="wikitable prettytable"<br />
|+ Response Packet<br />
|-<br />
! Offset !! Size (bytes) !! Description<br />
|-<br />
| style="text-align:right" | 0 || style="text-align:right" | 4 || Status Code (1)<br />
|-<br />
| style="text-align:right" | 4 || style="text-align:right" | 12 || Undefined<br />
|-<br />
|}</div>
Benedikt93
https://freemyipod.org/index.php?title=Hardware&diff=2633
Hardware
2010-06-05T18:26:50Z
<p>Benedikt93: /* 3G Nano */</p>
<hr />
<div>Although iPods have many other components, here we are only listing the components that might be relavent to cracking firmware encryption. If you have any suggestions for any other components to add, just post on the talk page or IRC. Links to datasheets are important if they can be found. For a visual hardware reference, visit the [[Hardware annotation]] page.<br />
<br />
For information about the S5L8700 datasheet, see the [[S5L8700 datasheet]] page.<br />
==1G Nano==<br />
{| border="1" cellpadding="5" cellspacing="0"<br />
! Component !! Details<br />
|-<br />
| CPU <br />
| Portal Player PP5021C-TDF. This is the last Nano that used a PortalPlayer processor before Apple started using Samsung. If anybody knows of a datasheet for this, please add a link to it.<br />
|-<br />
| RAM<br />
| [http://www.samsung.com/global/business/semiconductor/productInfo.do?fmly_id=136&partnum=K4M56163PG Samsung K4M56163PG] - A datasheet for this Mobile SDRAM chip can be found [http://pdf1.alldatasheet.net/datasheet-pdf/view/168204/SAMSUNG/K4M56163PG.html here].<br />
|-<br />
| Utility Flash<br />
| [http://www.sst.com/products.xhtml/parallel_flash/39/x16/SST39WF400A SST39WF400A]. This chip is documented very well as is a similar chip on the 2G Nano.<br />
|}<br />
==2G Nano==<br />
{| border="1" cellpadding="5" cellspacing="0"<br />
! Component !! Details<br />
|-<br />
| CPU<br />
| Samsung S5L8701 System On Chip (SoC), includes ARM940T(SAM44X?) central processor, advanced DSP, 50kb boot ROM, 256kb SRAM, external RAM, flash and LCD controllers, USB(1.1-host; 2.0-function) and some other parts. Package: [http://www.samsung.com/global/business/semiconductor/support/PackageInformation/downloads/SystemLSI/FBGA/232_FBGA_1010_12_05.pdf 232-pin FBGA 10x10mm] or 224/226-pin 9x9mm. Similar chips: [http://www.samsung.com/global/business/semiconductor/productInfo.do?fmly_id=212&partnum=SA58700 SA58700X07]. Some documentation available for the S5L series can be found [[S5L8700 datasheet|here]]. The processor itself is Apple-branded and marked 337S3291 8701. <br />
|-<br />
| RAM<br />
| [http://www.samsung.com/global/business/semiconductor/productInfo.do?fmly_id=136&partnum=K4M56163PG Samsung K4M56163PG] - [http://pdf1.alldatasheet.net/datasheet-pdf/view/168204/SAMSUNG/K4M56163PG.html here] is the datasheet. This is the same chip used in the iPod 1G Nano. Sometimes the Qimonda [http://www.alldatasheet.com/datasheet-pdf/pdf/207179/QIMONDA/HYE18L256169BFX-7.5.html HYE18L256] chip is used instead.<br />
|-<br />
| Utility Flash<br />
| [http://www.sst.com/products.xhtml/parallel_flash/39/x16/SST39WF800A SST SST39WF800A],stores Disk Mode, Diagnostic Mode and the code to flash this chip. Tof has [http://home.gna.org/linux4nano/dumping_SST39WF800A.html managed to extract] this data and the dump can be obtained by emailing Emmanuel Fleury. All of the contents in the utility flash chip are encrypted from now on.<br />
|-<br />
| DSP <br />
| Combination of Samsung 16-bit CalmRisc16 and Samsung 24-bit CalmMAC2424.<br />
| <br />
|}<br />
<br />
==3G Nano==<br />
{| border="1" cellpadding="5" cellspacing="0"<br />
! Component !! Details<br />
|-<br />
| CPU <br />
| Samsung S5L8702 ARM940T processor. The package itself is Apple-branded and marked 337S3473 8702.<br />
|-<br />
| RAM<br />
| Like the flash chip, the memory also varies. The most popular chip seems to be the [http://www.samsung.com/global/business/semiconductor/productInfo.do?fmly_id=137&partnum=K4X56163PG&&ppmi=1209 K4X56163PI]. Another similar one that is sometimes used is the [http://www.qimonda.com/mobile-ram/ddr-18/index.html Qimonda HYE18M169CX75].<br />
|-<br />
| Utility Flash<br />
| [http://www.sst.com/products/?inode=41340 SST25VF080B]. Like the other SST chips, this one is also extremely well documented.<br />
|}<br />
<br />
==4G Nano==<br />
{| border="1" cellpadding="5" cellspacing="0"<br />
! Component !! Details<br />
|-<br />
| CPU <br />
| Samsung S5L8720 ARM940T processor. It is definitely worth knowing that this is the exact same processor used in the iTouch 2G. This could mean that some of the same exploits for that could possibly be used. [http://theiphonewiki.com/wiki/index.php?title=S5L8720_(Hardware) Here] is a very interesting page about the S5L8720 processor.<br />
|-<br />
| RAM<br />
| Integrated into the processor, similar to the iPod Touch and iPhone lines.<br />
|-<br />
| Click Wheel IC<br />
| There are two types of click wheel IC,CY8C214 and TS0839.<br />
|-<br />
| Utility Flash<br />
| Possibly the chip on the lower part of the 4G board? See [[Hardware annotation]].<br />
|}<br />
<br />
==Helpful pages==<br />
http://theiphonewiki.com/wiki/index.php?title=S5L8720_(Hardware)<br />
<br />
http://www.ipodlinux.org/wiki/Generations (Be careful! This is extremely inaccurate.)<br />
<br />
http://www.rockbox.org/twiki/bin/view/Main/SamsungSA58#SA58700_codename_Blues<br />
===1G Nano===<br />
http://www2.electronicproducts.com/Apple_iPod_nano-whatsinside-2.aspx<br />
<br />
http://arstechnica.com/apple/reviews/2005/09/nano.ars/4<br />
<br />
[http://pc.watch.impress.co.jp/docs/2005/0908/nano21.jpg Image of the 1G Nano board]<br />
<br />
[http://www.ipodlinux.org/wiki/Generations#iPod_Nano_.28Nano1G.29] - The pictures listed<br />
===2G Nano===<br />
[[Nano2G%2BHW%2Banalysis]]<br />
<br />
[[S5L8701 analysis]]<br />
<br />
http://home.gna.org/linux4nano/download/hardware_synth-1.0.pdf<br />
<br />
http://www.ifixit.com/Guide/First-Look/iPod-Nano-2nd-Generation/592/1<br />
<br />
http://arstechnica.com/apple/reviews/2006/09/ipod-2g.ars/4<br />
<br />
===3G Nano===<br />
http://www2.electronicproducts.com/Applie_iPod_Nano_(4GB)_3rd_Generation-whatsinside-16.aspx#<br />
<br />
http://content.techrepublic.com.com/2346-13636_11-170826-1.html<br />
<br />
http://www.ifixit.com/Guide/First-Look/iPod-Nano-3rd-Generation/594/1<br />
<br />
http://insidetronics.blogspot.com/2007/09/teardown-ipod-nano-3g.html<br />
<br />
[http://www.combert-elec.com/www/bookpic/200810916515460624.jpg Image of 3G Nano board]<br />
===4G Nano===<br />
http://www.ifixit.com/Guide/First-Look/iPod-Nano-4th-Generation/584/1<br />
===6G Classic===<br />
http://en.wikipedia.org/wiki/IPod_Classic<br />
<br />
http://homepage.mac.com/marc.heijligers/audio/ipod/comparison/measurements/measurements.html<br />
===Other (for comparison)===<br />
http://www2.electronicproducts.com/Apple_iPod_Touch-whatsinside-57.aspx<br />
<br />
http://www2.electronicproducts.com/Apple_iPhone-whatsinside-4.aspx</div>
Benedikt93