summaryrefslogtreecommitdiffstats
path: root/oncology/dpfhack_display/src
diff options
context:
space:
mode:
authorroot <root@filebitch>2011-08-28 18:28:51 +0200
committerroot <root@filebitch>2011-08-28 18:28:51 +0200
commitc8c27e3af96a84ccf8ecdfd7610e49dba0598e7d (patch)
tree3cb1a59b301f91b6a1524b48fb9d828a78a43dac /oncology/dpfhack_display/src
parent99bdbc04f2be1f0d27c4a4dde692e8a5b6eb8a7e (diff)
parent7a97f9d4baff89bbcfa4bef93ab4d4246b2b82e6 (diff)
Merge branch 'master' of https://github.com/krebscode/painload
Diffstat (limited to 'oncology/dpfhack_display/src')
-rw-r--r--oncology/dpfhack_display/src/jmptbl4.s22
-rw-r--r--oncology/dpfhack_display/src/jmptbl_black.s22
-rw-r--r--oncology/dpfhack_display/src/jmptbl_blue.s23
-rw-r--r--oncology/dpfhack_display/src/jmptbl_pearl.s22
-rw-r--r--oncology/dpfhack_display/src/jmptbl_pink.s23
-rw-r--r--oncology/dpfhack_display/src/jmptbl_white.s22
-rw-r--r--oncology/dpfhack_display/src/p_start_black.s32
-rw-r--r--oncology/dpfhack_display/src/p_start_blue.s34
-rw-r--r--oncology/dpfhack_display/src/p_start_pearl.s32
-rw-r--r--oncology/dpfhack_display/src/p_start_pink.s32
-rw-r--r--oncology/dpfhack_display/src/p_start_white.s32
-rw-r--r--oncology/dpfhack_display/src/p_usbdesc.s139
12 files changed, 435 insertions, 0 deletions
diff --git a/oncology/dpfhack_display/src/jmptbl4.s b/oncology/dpfhack_display/src/jmptbl4.s
new file mode 100644
index 00000000..c5582f6e
--- /dev/null
+++ b/oncology/dpfhack_display/src/jmptbl4.s
@@ -0,0 +1,22 @@
+; This is the jump table patch for the silver2 type DPF
+; It's activated through the first stage hack
+; This is necessary, because the first sector can not be patched safely.
+
+ .area HOME(CODE)
+ .area DSEG (DATA,ABS)
+
+ .include 'hack.inc'
+
+ TERMINATOR = 0x00
+
+; This is the bootstrap for our own firmware:
+ code_start.52 = start_addr ; Start of HOME
+ code_end.52 = end_addr
+ offset.52 = load_offset
+
+; User code escape bootstrap:
+ .org 0x228
+p52:
+ .dw code_start.52 - 0x800, code_end.52 - 0x800
+ .db offset.52, offset.52 >> 8, offset.52 >> 16
+ .db TERMINATOR
diff --git a/oncology/dpfhack_display/src/jmptbl_black.s b/oncology/dpfhack_display/src/jmptbl_black.s
new file mode 100644
index 00000000..8187a39e
--- /dev/null
+++ b/oncology/dpfhack_display/src/jmptbl_black.s
@@ -0,0 +1,22 @@
+; This is the jump table patch for the 'black' type DPF
+; It's activated through the first stage hack
+; This is necessary, because the first sector can not be patched safely.
+
+ .area HOME(CODE)
+ .area DSEG (DATA,ABS)
+
+ .include 'hack.inc'
+
+ TERMINATOR = 0x00
+
+; Module p51:
+ code_start.51 = start_addr ; DO NOT CHANGE. ABSOLUTE.
+ code_end.51 = end_addr
+ offset.51 = load_offset
+
+ .org 0x0218
+p51:
+; New mod53:
+ .dw code_start.51 - 0x800, code_end.51 - 0x800
+ .db offset.51, offset.51 >> 8, offset.51 >> 16
+ .db TERMINATOR
diff --git a/oncology/dpfhack_display/src/jmptbl_blue.s b/oncology/dpfhack_display/src/jmptbl_blue.s
new file mode 100644
index 00000000..7a2a9725
--- /dev/null
+++ b/oncology/dpfhack_display/src/jmptbl_blue.s
@@ -0,0 +1,23 @@
+; This is the jump table patch for the pearl type DPF
+; It's activated through the first stage hack
+; This is necessary, because the first sector can not be patched safely.
+
+ .area HOME(CODE)
+ .area DSEG (DATA,ABS)
+
+ .include 'hack.inc'
+
+ TERMINATOR = 0x00
+
+; Module p50:
+; This is the bootstrap for our own firmware:
+ code_start.50 = start_addr ; Start of HOME
+ code_end.50 = end_addr
+ offset.50 = load_offset
+
+; User code escape bootstrap:
+ .org 0x210
+p50:
+ .dw code_start.50 - 0x800, code_end.50 - 0x800
+ .db offset.50, offset.50 >> 8, offset.50 >> 16
+ .db TERMINATOR
diff --git a/oncology/dpfhack_display/src/jmptbl_pearl.s b/oncology/dpfhack_display/src/jmptbl_pearl.s
new file mode 100644
index 00000000..42fcf78f
--- /dev/null
+++ b/oncology/dpfhack_display/src/jmptbl_pearl.s
@@ -0,0 +1,22 @@
+; This is the jump table patch for the pearl type DPF
+; It's activated through the first stage hack
+; This is necessary, because the first sector can not be patched safely.
+
+ .area HOME(CODE)
+ .area DSEG (DATA,ABS)
+
+ TERMINATOR = 0x00
+
+ .include 'hack.inc'
+
+; Module p54:
+ code_start.54 = start_addr ; DO NOT CHANGE. ABSOLUTE.
+ code_end.54 = end_addr
+ offset.54 = load_offset
+
+ .org 0x0230
+p54:
+; New mod54:
+ .dw code_start.54 - 0x800, code_end.54 - 0x800
+ .db offset.54, offset.54 >> 8, offset.54 >> 16
+ .db TERMINATOR
diff --git a/oncology/dpfhack_display/src/jmptbl_pink.s b/oncology/dpfhack_display/src/jmptbl_pink.s
new file mode 100644
index 00000000..a651aa59
--- /dev/null
+++ b/oncology/dpfhack_display/src/jmptbl_pink.s
@@ -0,0 +1,23 @@
+; This is the patched jump table located at 0x`OF`:00:00
+; It's activated through the first stage hack
+; This is necessary, because the first sector can not be patched safely.
+
+ .area HOME(CODE)
+ .area DSEG (DATA,ABS)
+
+ .include 'hack.inc'
+
+ TERMINATOR = 0x00
+
+; Module p53:
+ code_start.53 = start_addr ; DO NOT CHANGE. ABSOLUTE.
+ code_end.53 = end_addr
+ offset.53 = load_offset
+
+ .org 0x0228
+
+p53:
+; New mod53:
+ .dw code_start.53 - 0x800, code_end.53 - 0x800
+ .db offset.53, offset.53 >> 8, offset.53 >> 16
+ .db TERMINATOR
diff --git a/oncology/dpfhack_display/src/jmptbl_white.s b/oncology/dpfhack_display/src/jmptbl_white.s
new file mode 100644
index 00000000..bd8a0488
--- /dev/null
+++ b/oncology/dpfhack_display/src/jmptbl_white.s
@@ -0,0 +1,22 @@
+; This is the jump table patch for the 'white' type DPF
+; It's activated through the first stage hack
+; This is necessary, because the first sector can not be patched safely.
+
+ .area HOME(CODE)
+ .area DSEG (DATA,ABS)
+
+ .include 'hack.inc'
+
+ TERMINATOR = 0x00
+
+; Module p53:
+ code_start.53 = start_addr ; DO NOT CHANGE. ABSOLUTE.
+ code_end.53 = end_addr
+ offset.53 = load_offset
+
+ .org 0x0228
+p53:
+; New mod53:
+ .dw code_start.53 - 0x800, code_end.53 - 0x800
+ .db offset.53, offset.53 >> 8, offset.53 >> 16
+ .db TERMINATOR
diff --git a/oncology/dpfhack_display/src/p_start_black.s b/oncology/dpfhack_display/src/p_start_black.s
new file mode 100644
index 00000000..575313bb
--- /dev/null
+++ b/oncology/dpfhack_display/src/p_start_black.s
@@ -0,0 +1,32 @@
+; Patch for startup (mod37 on white)
+ .include 'dpf.inc'
+ .include 'dpf_int.inc'
+ .include 'hack.inc'
+
+ .area HOME (CODE)
+ .area BANK0 (CODE, ABS)
+
+ .org 0x1330
+
+ orl wdtcon,#0x20
+ mov a,i_G_f
+ jbc acc.3, usbact ; If this bit is 1, USB is plugged in.
+ sjmp continue
+usbact:
+ ljmp hack
+
+ .org 0x133c
+continue:
+
+ .org 0x159a
+hack:
+ clr ea ; No IRQ
+ mov dptr, #(0x196a - 0x800)
+ mov a, #cloned_jumptable_offset >> 16
+ movx @dptr, a
+
+ ; Jump into usb main:
+ mov a,#(51 - 1)
+ mov dptr,#entry_addr
+ ljmp tramp_jmp
+
diff --git a/oncology/dpfhack_display/src/p_start_blue.s b/oncology/dpfhack_display/src/p_start_blue.s
new file mode 100644
index 00000000..1098c0f1
--- /dev/null
+++ b/oncology/dpfhack_display/src/p_start_blue.s
@@ -0,0 +1,34 @@
+; Patch for startup (mod41 on DX_blue)
+ .include 'dpf.inc'
+ .include 'dpf_int.inc'
+ .include 'hack.inc'
+
+ .area HOME (CODE)
+ .area BANK0 (CODE, ABS)
+
+ .org 0x1418
+ lcall 0x13ac
+ orl wdtcon,#0x20
+ mov a,i_G_f
+ jbc acc.3, usbact ; If this bit is 1, USB is plugged in.
+ sjmp continue
+usbact:
+ ljmp hack
+
+continue:
+ ljmp tramp_return
+
+hack:
+ clr ea ; No IRQ
+ mov dptr, #(0x196a - 0x800)
+ mov a, #cloned_jumptable_offset >> 16
+ movx @dptr, a
+
+ pop acc ; Fixup stack, as we did a jsr
+ pop acc ; ..and a bank jsr
+
+ ; Jump into our firmware
+ mov a,#(50 - 1)
+ mov dptr,#entry_addr
+ ljmp tramp_jmp
+
diff --git a/oncology/dpfhack_display/src/p_start_pearl.s b/oncology/dpfhack_display/src/p_start_pearl.s
new file mode 100644
index 00000000..dde8ef9a
--- /dev/null
+++ b/oncology/dpfhack_display/src/p_start_pearl.s
@@ -0,0 +1,32 @@
+; Patch for startup (mod37 on pearl)
+ .include 'dpf.inc'
+ .include 'dpf_int.inc'
+ .include 'hack.inc'
+
+ .area HOME (CODE)
+ .area BANK0 (CODE, ABS)
+
+ .org 0x1330
+
+ orl wdtcon,#0x20
+ mov a,i_G_f
+ jbc acc.3, usbact ; If this bit is 1, USB is plugged in.
+ sjmp continue
+usbact:
+ ljmp hack
+
+ .org 0x133c
+continue:
+
+ .org 0x15b0
+hack:
+ clr ea ; No IRQ
+ mov dptr, #(0x196a - 0x800)
+ mov a, #cloned_jumptable_offset >> 16
+ movx @dptr, a
+
+ ; Jump into own firmware:
+ mov a,#(54 - 1)
+ mov dptr,#entry_addr
+ ljmp tramp_jmp
+
diff --git a/oncology/dpfhack_display/src/p_start_pink.s b/oncology/dpfhack_display/src/p_start_pink.s
new file mode 100644
index 00000000..e7b845ef
--- /dev/null
+++ b/oncology/dpfhack_display/src/p_start_pink.s
@@ -0,0 +1,32 @@
+; Patch for startup (mod37 on pink)
+ .include 'dpf.inc'
+ .include 'dpf_int.inc'
+ .include 'hack.inc'
+
+ .area HOME (CODE)
+ .area BANK0 (CODE, ABS)
+
+ .org 0x1330
+
+ orl wdtcon,#0x20
+ mov a,i_G_f
+ jbc acc.3, usbact ; If this bit is 1, USB is plugged in.
+ sjmp continue
+usbact:
+ ljmp hack
+
+ .org 0x133c
+continue:
+
+ .org 0x15ac
+hack:
+ clr ea ; No IRQ
+ mov dptr, #(0x196a - 0x800)
+ mov a, #cloned_jumptable_offset >> 16;
+ movx @dptr, a
+
+ ; Jump into usb main:
+ mov a,#(53 - 1)
+ mov dptr,#entry_addr
+ ljmp tramp_jmp
+
diff --git a/oncology/dpfhack_display/src/p_start_white.s b/oncology/dpfhack_display/src/p_start_white.s
new file mode 100644
index 00000000..c04c7fba
--- /dev/null
+++ b/oncology/dpfhack_display/src/p_start_white.s
@@ -0,0 +1,32 @@
+; Patch for startup (mod37 on white)
+ .include 'dpf.inc'
+ .include 'dpf_int.inc'
+ .include 'hack.inc'
+
+ .area HOME (CODE)
+ .area BANK0 (CODE, ABS)
+
+ .org 0x1330
+
+ orl wdtcon,#0x20
+ mov a,i_G_f
+ jbc acc.3, usbact ; If this bit is 1, USB is plugged in.
+ sjmp continue
+usbact:
+ ljmp hack
+
+ .org 0x133c
+continue:
+
+ .org 0x1426
+hack:
+ clr ea ; No IRQ
+ mov dptr, #(0x196a - 0x800)
+ mov a, #cloned_jumptable_offset >> 16
+ movx @dptr, a
+
+ ; Jump into usb main:
+ mov a,#(53 - 1)
+ mov dptr,#entry_addr
+ ljmp tramp_jmp
+
diff --git a/oncology/dpfhack_display/src/p_usbdesc.s b/oncology/dpfhack_display/src/p_usbdesc.s
new file mode 100644
index 00000000..e9ee6538
--- /dev/null
+++ b/oncology/dpfhack_display/src/p_usbdesc.s
@@ -0,0 +1,139 @@
+; Hacked DPF descriptors
+
+ .module descriptors
+
+VENDOR_ID = 0x1908 ;
+PRODUCT_ID = 0x0102 ;
+PRODUCT_VERSION = 0x0200 ; 2.0
+
+
+ .include 'usb.inc'
+
+;; -----------------------------------------------------------------------------
+ .area HOME (CODE,ABS)
+ .org 0x1508
+
+_usb_desc_device::
+ .db USB_DT_DEVICE_SIZE
+ .db USB_DT_DEVICE
+ .db 0x10, 0x1 ; USB version 2.0 (BCD)
+ .db 0xff ; device class
+ .db 0xff ; sub class
+ .db 0xff ; protocol (0xff == vendor-specific)
+ .db 8 ; EP0 max packet size
+ ; Note little endianness:
+ .db <VENDOR_ID, >VENDOR_ID;
+ .db <PRODUCT_ID, >PRODUCT_ID;
+ .db <PRODUCT_VERSION, >PRODUCT_VERSION;
+ .db 2 ; manufacturer string idx
+ .db 3 ; product string idx
+ .db 1 ; serial number string idx
+ .db 1 ; number of configurations
+
+; string table:
+ .org 0x151a
+strings:
+ .dw _usb_desc_string_language
+ .dw _usb_desc_string_serial
+ .dw _usb_desc_string_manufacturer
+ .dw _usb_desc_string_product
+ .dw _usb_desc_string_iface
+
+; note: strings are UNICODE
+_usb_desc_string_language::
+ .db 4 ; length
+ .db USB_DT_STRING
+ .db 0x09, 0x04 ; UNICODE language ID
+
+; string 1
+_usb_desc_string_manufacturer::
+ .db (usb_desc_string_manufacturer_end - _usb_desc_string_manufacturer)
+ .db USB_DT_STRING
+ .db 'h, 0
+ .db 'a, 0
+ .db 'c, 0
+ .db 'k, 0
+ .db 'f, 0
+ .db 'i, 0
+ .db 'n, 0
+usb_desc_string_manufacturer_end:
+
+_usb_desc_string_serial::
+ .db (usb_desc_string_serial_end - _usb_desc_string_serial)
+ .db USB_DT_STRING
+ .db '0, 0
+ .db '0, 0
+ .db '0, 0
+ .db '0, 0
+usb_desc_string_serial_end:
+
+; string 2
+_usb_desc_string_product::
+ .db (usb_desc_string_product_end - _usb_desc_string_product)
+ .db USB_DT_STRING
+ .db 'U, 0
+ .db 'S, 0
+ .db 'B, 0
+ .db '-, 0
+ .db 'D, 0
+ .db 'i, 0
+ .db 's, 0
+ .db 'p, 0
+ .db 'l, 0
+ .db 'a, 0
+ .db 'y, 0
+usb_desc_string_product_end:
+
+; string 3
+_usb_desc_string_iface::
+ .db (usb_desc_string_iface_end - _usb_desc_string_iface)
+ .db USB_DT_STRING
+ .db 'l, 0
+ .db 'i, 0
+ .db 'b, 0
+ .db 'u, 0
+ .db 's, 0
+ .db 'b, 0
+
+usb_desc_string_iface_end:
+
+ .org 0x159a
+
+_usb_desc_config::
+ .db USB_DT_CONFIG_SIZE
+ .db USB_DT_CONFIG
+ .db (usbdesc_config_end - _usb_desc_config) & 0xff
+ .db (usbdesc_config_end - _usb_desc_config) >> 8
+ .db 1 ; number of interfaces
+ .db 1 ; configuration number
+ .db 0 ; configuration string idx
+ .db 0x80 ; flags: self-powered, remote wakeup
+ .db 100 ; FIXME: bus power in 2mA units
+
+ .db USB_DT_INTERFACE_SIZE
+ .db USB_DT_INTERFACE
+ .db 0 ; interface number
+ .db 0 ; alternate setting
+ .db 2 ; number of endpoints
+ .db 0xff ; interface class (0xff == vendor specific)
+ .db 0x00 ; sub-class
+ .db 0 ; protocol
+ .db 4 ; interface string idx
+
+ .db USB_DT_ENDPOINT_SIZE
+ .db USB_DT_ENDPOINT
+ .db (1 | USB_DIR_IN) ; EP number and direction
+ .db USB_ET_BULK
+ .db 64 ; maximum packet size (lsb)
+ .db 0 ; maximum packet size (msb)
+ .db 0 ; polling interval
+
+ .db USB_DT_ENDPOINT_SIZE
+ .db USB_DT_ENDPOINT
+ .db (1 | USB_DIR_OUT) ; EP number and direction
+ .db USB_ET_BULK
+ .db 64 ; maximum packet size (lsb)
+ .db 0 ; maximum packet size (msb)
+ .db 0 ; polling interval
+
+usbdesc_config_end: