In the previous episode of this reverse engineering effort, we finally found a good way to get hold of the real hardware register addresses, and we extracted the UART registers to begin with.
What’s needed for a minimal booting kernel is first interrupts, meaning information on how to drive the SoC’s interrupt controller, and timers, also a facility supplied by the SoC. We really only need one timer: the system timer, which supplies Linux’s “ticks” – it’s what drives the scheduler.
In the last episode of unlocking the Goke GK7101 SoC, we found ourselves faced with a big obstacle: a HAL layer in the form of I/O read/write calls that translated on-board peripherals’ register locations to their real addresses. The HAL’s underlying code is convoluted and much too hard to parse – it’s a large maze of twisty little if-then-elses, all alike. And since this SoC has tons of functionality, there are hundreds of register addresses to find.
In the previous post we found the GK7101 SoC’s UART base address and a few registers by decompiling their version of Linux’s decompressor:
UART base address is 0xa0005000 The input/output register is at offset 0x04 Offset 0x14 holds flags: Bit 6 needs to be high before sending. To drain the input buffer, read from offset 0x04 until bit 2 goes low. This all looks suspiciously like a standard 16550 UART, but not quite: offset 0x04 corresponds to the 16550’s RHR/THR register (Read/Transmit Holding Register), except the 16550 has it on offset 0x00.
In part 1 of this series we found an interesting little board, and located the built-in UART pins. Let’s take a look at the output on boot:
console init done U-Boot 2012.10 (Dec 07 2016 - 13:48:53) for GK7101 rb imx222 v1.00 (GOKE) HAL: 20151223 DRAM: 128 MiB Flash: 16 MiB 16 MiB NAND: SPINAND MID = 0xff, DID = 0xffff, Data = 0x1ffffff !spinand_board_init: No support this SPI nand! SF: Detected GD25Q128C with page size 256 B, sector size 64 KiB, total size 16 MiB In: serial Out: serial Err: serial Net: arm_freq(600MHz).
Some time ago I came across a strange product on Banggood. It was a small camera, with a base and separate camera head on top. The camera head supports pan and tilt, like a bobblehead.
Digoo DG-M1Z The specs aren’t half bad: supports 1080p, has wifi and ethernet on board, and has a microSD card slot. These are intended for home security. The idea is you set these down somewhere and it streams live video over wifi.