Posted By: wraggster
Some missed news while i was away from bushing:
One of the medium-to-long-term projects that Marcan and I have been working is hacking Skyeye to get it to emulate the Starlet. I don’t think will ever be useful as more than a tool for debugging the lowest-level hacks to boot2 that we plan to attempt, but it’s neat to actually see this code really running.
Skyeye is a generic ARM emulator, and it happens to emulate a lot of devices that we don’t need and can’t use (LCD panels, keyboards, networking, etc…). So, we’ve been coding drivers for the other parts of the Starlet that we know about — OTP and SEEPROM for keys, NAND flash driver, AES and SHA engines, GPIO ports, debug port …
At this point, it can either boot a modified version of boot2 (directly from a specially-crafted ELF), or it can boot from a specially-crafted ELF of boot0, its bootrom. After months of hacking on it, if I give it a real NAND flash dump, boot0 can load and run boot1, and boot1 can load, verify, and run boot2 (which then dies when it tries to load the FS driver due to an MMU problem — we’ll get there eventually).
[Read more →]
http://hackmii.com/2008/06/boot0-skyeye/