Hooray!!! Rockchip SDK!

[makd511]

this is getting really good
we are seeing success here with the rockchip stuff and we have success in running linux with almost full operation on ingenics ship, with all this going on maybe it will be possible to add some decent functionality to the hardware that is so let down by the lazy chinese companies .. and yes i said lazy as this has been proven to be the case ... they actually cant be bothered .. nless cash is involved

good luck to all of you in this

[AleMaxx]

Quote:

Originally Posted by exec";p=&quot

[...] I've found that in /appdata folder in hidden partition there is a file named "base.rkw", which contains ARM code [...]

I have a "base.rkw" in the "SYSTEM" and "SYSTEM00" folders of my player, but both files start with "KRDL" fourcc and no vector table (there seems to be valid code from pos 0x30 onwards). I think for ARM processors there should be 8 branch instructions right at the beginning with the first one being the reset-vector (where the cpu starts execution after poweron/reset). Ive been working on the SPMP305x recently and that one has an ARM9 with MMU. Im sure youre referring to another base.rkw. I found this additional partition by copying rkusb.tag to one of the usb drive but there doesnt seem to be any startup-code.

[lolita]

"KRDL" is big-endian "LDRK" -- suggesting "kernel loader", so that is most likely the boot code.

Manufacturers can customize the processor core to start from whatever address they want, e.g. Z80 normally boots up from 0000 but the Actions ATJ209x boots from 8000.

[AleMaxx]

having a quick look at "startup.s" in "system/cpu/arm/boot" it seems like they're not using any branch instructions but instead explicitly change the PC so one has to look for opcodes like "ldr pc, SomeHandler" which translates (i compiled with gnu assembler) to "ldr pc, [pc, #offs_of_addr_to_handler]" and (always?) to something like 0xE59F for the upper 16bits of the opcode.
i actually found this:

Code:

SystemReset:
  14de74:	e59ff018 	ldr	pc, [pc, #24]	; ResetAddr
  14de78:	e59ff01c 	ldr	pc, [pc, #28]	; DBG_Addr
  14de7c:	e59ff01c 	ldr	pc, [pc, #28]	; DBG_Addr
  14de80:	e59ff014 	ldr	pc, [pc, #20]	; DBG_Addr
  14de84:	e59ff010 	ldr	pc, [pc, #16]	; DBG_Addr
  14de88:	e59ff00c 	ldr	pc, [pc, #12]	; DBG_Addr
  14de8c:	e59ff004 	ldr	pc, [pc, #4]	; IRQ_Addr
  14de90:	e59ff004 	ldr	pc, [pc, #4]	; DBG_Addr

  14de94:	00000030 	ResetAddr
  14de98:	00000040 	IRQ_Addr
  14de9c:	600f3390 	DBG_Addr
  14dea0:	600f3390 	DBG_Addr

ResetAddr:
  14dea4:	e59fd004 	ldr	sp, [pc, #4]	; 0x14deb0  -> sp = 60e00000
  14dea8:	e51ff004 	ldr	pc, [pc, #-4]	; 0x14deac	goto __main
  
  14deac:	6000f940 	__main
  14deb0:	60e00000 	||Image$$REALTABLE_SDRAM$$ZI$$Limit||

IRQ_Addr:
  14deb4:	e24ee004 	sub		lr, lr, #4	; 0x4
  14deb8:	e92d500f 	stmdb	sp!, {r0, r1, r2, r3, ip, lr}
  [...]

I filled in the names of "startup.s" where appropriate. So seems like the "main()" resides at @ 0x6000f940 in memory.

[WIZARD]

@knob:
I haven't a firmware backup.
And because there're no programs that can make backup,
I can't take part in modifying the firmware.
Don't want to kill my player.

[AleMaxx]

I actually was able to find some references to "LDRK" files in the source though it currently only partly makes sense.

Quote:

Originally Posted by knob";p=&quot

[...] even if you do a small change to base.rkw the player doesn't boot up [...]

knob, have a look at "ISetupGetFwOffset" in "system/os/setup/setup.c", there is a file header (KNL_SECINFO) with a CRC32 value that needs to be updated if you make any changes to the file i guess. Maybe changing the dword at fileoffset 0x24 to 0x80000000 will work to (this disables some CRC32 checks).

[knob]

Quote:

Originally Posted by WIZARD";p=&quot

@knob:
I haven't a firmware backup.
And because there're no programs that can make backup,
I can't take part in modifying the firmware.
Don't want to kill my player.

Hopefully now we have the SDK a firmware backup program can be developed.
I have a working backup for my 2" rockchip so I can test firmware out and I will try to add new features, I just need to sort the screen drivers out in the source code

@AleMaxx thanks for the info, I thought the CRC must be in the source somewhere.

[WIZARD]

Please, anybody, compile the emulator!
I've tried for many times without any luck. :cry: :cry: :cry:
Maybe I was doing something wrong... :roll:

Also, could you answer some of my questions? :roll:
:arrow: Can I decompile a firmware? (if I'll get it from the manufacturer)
:arrow: Can I decompile a rockchip game/application?
:arrow: Can I modify a fimware/rockchip game/rockchip application without decompiling?

[knob]

Quote:

Originally Posted by WIZARD";p=&quot

Please, anybody, compile the emulator!
I've tried for many times without any luck. :cry: :cry: :cry:
Maybe I was doing something wrong... :roll:

I have tried to compile the emulator, but no luck yet, I think it will only be good for RK2706 players, but I plan to keep trying, not much time at the moment I'd afraid.

Quote:

Also, could you answer some of my questions? :roll:
:arrow: Can I decompile a firmware? (if I'll get it from the manufacturer)
:arrow: Can I decompile a rockchip game/application?
:arrow: Can I modify a fimware/rockchip game/rockchip application without decompiling?

We don't have any decompiler so we can't decompile anything.
Best chance for you WIZARD is an extractor run as a .rkp application from the game menu to create a backup.
You can mod firmware, but you need a working backup first.

Safest for you is to learn .rkp appliction programming and leave the firmware alone unless an extractor can be made.

[WIZARD]

Thanks! :wink:
However, at the moment I'm not developing anything for player.
Making the new version of Gilraen! :P It's nearly completed.
You'll be able to create the awesome styles, settings, and more... 8)