Zeebo Update #1

Dec 7, 2010   #zeebo 

Novidades no Zeebo!

Aos que gostaram do Teardown, obrigado! 😀

Como havia comentado, planejo trabalhar no Z e tentar tornar a execução de aplicativos caseiros (homebrews) uma realidade. Não há garantias que isto acontecerá, mas despenderei um tempo estudando a plataforma.

Depois da descoberta que o “Z” tinha a interface JTAG exposta, faltava tentar comunicar com ela, já que a JTAG oferece uma liberdade grande para “fuçar” no console. Ela podia muito bem ser desativada na versão final do console, já que a finalidade dela é para depuração/diagnóstico/teste em “baixo nível”, digamos. Por isso, não é qualquer assistência técnica ou “eletrônica” que teria uso para ela. Para um engenheiro do sistema ou um desenvolvedor do OS, sim.

Por sorte (e… descuido?), a interface está ativa. :)

Por ela, já é possível: ler e gravar a RAM; inserir e modificar código executável existente; parar e executar passo-a-passo instruções na CPU. São habilidades bastante poderosas, mas que por agora, servem como ferramentas de estudo para conseguirmos mais informações sobre o sistema, já que estas não existem disponíveis pela Web.

Neste momento, temos “dumps” dos bootloaders (um que acredito ser o PBL), da RAM externa (EBI, 128MB)  no momento final da carga do sistema (momento final da bandeira do Brasil e do Zeebo, antes do logo do Zeebo aparecer) e de alguns trechos no espaço de memória da CPU que puderam ser lidos (em sua maioria, registradores de configuração, etc…).

Um pequeno “teaser” das strings contidas na RAM (EBI):

$ strings z0x10000000 | egrep -i "zeebo|brew|tectoy"

StartZeeboApp,SUCCESS CLassID = %x,nErr= %d
..\..\apps\zeebo_app\src\UIUpgrade_Form.c
..\..\apps\zeebo_app\src\ZeeboLib.c
IZeeboDevice_Init is  not successful!
fs:/card0/longcheerzeebo/autocopysdcardinfotoenand.dat
GetRunningList clsid is Tectoy Exist
//BREW:
X-BREWADS
X-BREWADSHMAC
ZeeboLib.c
X-BREWDC:%s
brewma:W
..\..\apps\brew\src\OEM\OEMConfigItem\src\OEMConfigItem.c
..\..\apps\zeebo_app\src\spin_ui_utils.c
..\..\apps\zeebo_app\src\tectoy_utils.c
../tectoy/tectoy_pt.bar
../tectoy/tectoy.bar
../tectoy/tectoy_es.bar
CopyBrewSystemIntoEnand CopyFileSize nResult = %d
CopyBrewAppletsIntoMifEnand CopyFileSize nResult = %d
CopyBrewAppletsIntoModEnand CopyFileSize nResult = %d
CopyBrewAppletsIntoModEnand finish return nErr=%d
CopyBrewAppletsIntoMifEnand finish return nErr=%d
CopyBrewSystemIntoEnand finish return nErr=%d
Return EMApplet_Memcpy: CopyBrewAppletsIntoModEnand nErr = %d
Enter CopyBrewAppletsIntoEnand Format Enand:
Enter CopyBrewAppletsIntoEnand Format Enand: nErr = %d
nvi.brew_platform_id = %d
Set  NV_BREW_PLATFORM_ID_I nv_status =: %d
nvi.brew_carrier_id = %d
Set NV_BREW_CARRIER_ID_I nv_status =: %d
Set NV_BREW_SERVER_I nv_status =: %d
src\BREWSigVerify.c:626
BREW-Applet/0x%08X (BREW/4.0.2.24; DeviceId:  %u; Lang: %s)
ZeeboLib.c
IZeeboDevice_Init is  not successful!
brew/yuv_data.bin
src\BREWSigVerify.c:795
src\BREWSigVerify.c:812
BREW Version:
BREW Suspended
OEMCM_BREWCallEventCB: Unknown event (0x%X)
OEMCM_BREWPhEventCB: No event handler for this event (0x%X)
OEMCM_BREWCallEventCB: No event handler for this event (0x%X)
OEMCM_BREWPhEventCB: No event handler found for event 0x%X
OEMCM_BREWCallEventCB: No event handler found for event 0x%X
OEMCM_BREWCallEventCB: Unexpected NULL pointer
..\..\apps\brew\src\OEM\OEMNet\msm\OEMNet.c
..\..\apps\brew\src\OEM\OEMNet\msm\OEMQoS.c
BT EC: BREW SPP Callback registered %d
BT EC: BREW SPP Callback deregistered %d
BT EC: Max BREW SPP Callbacks registered
BT EC: BREW SPP Callback not found
..\..\apps\brew\pk\src\OEMDeviceNotifier.c
ObjMgr failed to register, hotplug feature unavailable in BREW
OEMFS_GetNativePath failed, hotplug feature unavailable in BREW
MALLOC failed, hotplug feature unavailable in BREW
OEMCM_BREWPhEventCB: No event handler for this event (0x%X)
OEMCM_BREWPhEventCB: No event handler found for event 0x%X
OEMCM_BREWCallEventCB: Unexpected NULL pointer
OEMCM_BREWCallEventCB: received AEET event 0x%X
OEMCM_BREWCallEventCB: No event handler for this event (0x%X)
OEMCM_BREWCallEventCB: Unknown event (0x%X)
OEMCM_BREWCallEventCB: No event handler found for event 0x%X
..\..\apps\nonpkbrew\pk\src\msm\OEMDIBDisplayDev.c
..\..\apps\zeebo_app\src\Zeebo_App.c
Zeebo App: Key hooked (0x%x)
Zeebo App: Keyhook timer elapsed %d ms
Zeebo_Start: handling ZEEBO_LAUNCH_ARG_UPGRADE_UI
Zeebo_Start: Key hook failed.
ZeeboApp: Start success
Zeebo App: EVT_APP_RESUME
Zeebo App: EVT_APP_SUSPEND
Zeebo App: EVT_APP_START
Zeebo App: EVT_APP_START_BACKGROUND
Zeebo App: Put into background
ZeeboApp: AEEAppletNew(AEECLSID_ZEEBO_APP,...) failed.
ZeeboApp: InitAppData failed.
G..\..\apps\openvg\oem\src\hkStdlib_brew.c
X-BREWHMAC:%s
ZeeboLib.c
BREW(tm)
Callback pointer not valid, access allowed until BREW initializes
Invalid images provided to CreateTectoyRollerWidget, could not initialize Roller
Failure in call to CreateOwnerDrawWidget in CreateTectoyRollerWidget
Unexpected error in CreateTectoyRollerWidget, could not initialize Roller
Assertion IDS_BREW_OPTIONS == pMe->m_mainMenu[indexBREWMenu].title failed
Assertion DT_SUBMENU == pMe->m_mainMenu[indexBREWMenu].itemType failed
fs:/shared/fonts/tectoy.ttf
BPPRemotePrintReq - Print req from any BREW APP
..\..\apps\brew\pk\src\msm\OEMSMS.c
==>  OEMSMS_IgnorePrefixForBrewDirectedMsg
..\..\apps\nonpkbrew\pk\src\msm\OEMMediaCMX.c
brew/mod/mediaplayer/media/QtvDiagAPIReplayInputFile.txt
//BREW:
hotplug_notify_register err: %d, hotplug feature unavailable in BREW
..\..\apps\brew\pk\src\msm\OEMTelephone.c
..\..\apps\brew\src\OEM\OEMServingNetworks\msm\OEMServingNetworks.c
/brew/wlan_config
/brew/wlan_ho_config
/brew/wlan_ip_config
/brew/wlan_qos_config
/brew/wlan_hw_config
..\..\apps\zeebo_app\src\tectoy_gridwidget.c
Unable to create container widget in tectoy_gridwidget
BREW Renderer
X-BREWCLIENT:%s
..\pkdev\src\brew_debugger.c
BREW Version:
BREW Truetype Font Extension
DisplayImaging\wtle\product\source\port\brew\brewdc.c
BTFE BrewDC::FillPalette:  Unsuported palette depth
BTFE BrewDC::FillPalette:  Unable to allocate palette
BTFE BrewDC::UpdateGlyphDib:  Unable to create IDIB for bliting glyphs.
BTFE BrewDC::UpdateGlyphDib:  Unable to create IDisplay needed to create IDIB for bliting glyphs.
..\..\apps\nonpkbrew\pk\src\msm\OEMMediaCMXIF.c
fs:/mif/zeebo_app.mif
brew/PhgWlanFw.bin
brew/phg_bt_coex_params.txt
..\..\apps\brew\pk\src\OEMAppx5.c
..\..\apps\nonpkbrew\pk\src\msm\OEMFS.c
brew/lctsys/sysconfig/cursyscfg.dat
brew/lctsys/sysconfig/oldsyscfg.dat
/brew/mod/mediaplayer/media/
ZeeboLib.c
brewma:///discovery-ma/generateDStoken
filterBREWFamily
brewma:
BREWServerHost
..\..\apps\brew\pk\src\msm\OEMTSupps.c
..\..\apps\brew\pk\src\msm\OEMPosDet.c
fs:/sys/brewconfig.dat
..\..\apps\brew\pk\src\msm\OEMSVC.c
fs:/shared/brew_oemgc_debug.txt
brew/
brew/ssaver
ZeeboLib.c
==>  ParseBrewMsg
//BREW:
ZeeboLib.c
ossl\ssl\brewssl.c
ossl\ssl\brewssl.c
BREW IPosDet API
BREW Version:
#Zeebo Game Controller
#Zeebo Accelerometer Controller
#New Zeebo Game Controller
Transitioning to BREW
..\..\apps\nonpkbrew\pk\src\msm\OEMSVG.c
/brew/mod/videophone/h324_config.xml
brew/yuv_data.bin
BREWUDFLibAutoLoadTable
BREWUDFLibAutoLoadTable
BREW_reserved_fs_bytes
LCT_ChangeSeelpModeToOnMode Send EVT_USER_CHANGE_SLEEP_TO_ON to AEECLSID_TECTOY
BREW Root CA0
BREW Root CA0
fs:/mif/brewappmgr.mif
..\..\apps\nonpkbrew\pk\src\msm\OEMMediaPlayer.c
..\..\apps\brew\src\OEM\OEMNet\msm\OEMMcast.c
/mod/274755/zeebosplash.rgb565.raw
brew/mod/qmdp/bmp
brew/mod/qmdp/bin
..\..\apps\brew\pk\src\msm\OEMSIO.c
..\..\apps\zeebo_app\src\tectoy_keyboard.c
..\..\apps\zeebo_app\src\tectoy_rollerwidget.c
Out of memory in CreateTectoyRollerWidget
Unable to load font in CreateTectoyRollerWidget
Unable to create blank Image in CreateTectoyRollerWidget
Unable to load Image in CreateTectoyRollerWidget
Unable to create ValueModel in CreateTectoyRollerWidget
   %d BREW
src\BREWSigVerify.c:520
Assertion IDS_BREW_OPTIONS == pMe->m_mainMenu[indexBREWMenu].title failed
Assertion DT_SUBMENU == pMe->m_mainMenu[indexBREWMenu].itemType failed
$BREW
BREW Root CA0
BREW Root CA0
hsu_host_al_hid_test_app_send_event_to_brew(): Received unsupported HID Usage event, usage=%d
..\..\apps\brew\src\OEM\OEMNet\msm\OEMNetInfo.c
brew/phg_cfg_params.txt
brew/ssaver
Data Call End Send EVT_USER_DATACALL_END to Tectoy and Zeebo
..\..\apps\brew\pk\src\msm\OEMOS.c
..\..\apps\brew\pk\src\msm\OEMWSMS.c
AT$BREW
src\BREWSigVerify.c:325
BREW
Hebrew
brew/mod/net_user_manual_sys
brew/mod/net_list
fs:/mod/brewappmgr/appmgrls.bar
fs:/mod/brewappmgr/appmgrln.bar
..\..\apps\brew\src\OEM\OEMNet\msm\OEMMTPD.c
..\..\apps\brew\src\OEM\OEMNet\msm\OEMSocket.c
/brew/wlan_meas_config

Um dos próximos passos, seria extrair arquivos direto da Flash para ajudar no entendimento do sistema.

Reportarei qualquer avanço nas pesquisas!