Project

General

Profile

ModemFirmwarePartitions » History » Version 2

Denis 'GNUtoo' Carikli, 02/24/2021 02:22 PM
update firmware partition parsing tool link

1 1 Denis 'GNUtoo' Carikli
h1. ModemFirmwarePartitions
2
3
h2. Modem partitions
4
5
|_. Name |_. Content |_. GT-I9100 |_. GT-N7000 |_. GT-I9250 |_. GT-I9300 |_. GT-N7100 |_. GT-P3100 |_. GT-N5100 |_. GT-P5100 |
6
| TOC | Partition table |\3. None |\4. [ 0x0 -> 0xfff ] |TODO |
7
| PSIRAM | First stage bootloader |\3. [ 0x0 -> 0xefff ] |\5. [ 0x1000 -> 0xefff ] |
8
| EBL | Second stage bootloader ? |\8. [ 0xF000 -> 0x27fff ] |
9
| MAIN | ? |\3. [ 0x28000 -> 0x9fffff ] |\5. [ 0x28000 -> 0x9ff7ff ] |
10
| SECPACK | ? |\8. [ 0x9ff800 -> 0x9fffff ] |
11
| NV | nvdata default values |\8. [ 0xa00000 -> 0xbfffff ] |
12
13
|_. Name |_. Content |_. aries |
14
| TOC | Partition table | None |
15
| PSIRAM | First stage bootloader | [ 0x0-> 0x4fff ] |
16
| MAIN? | Modem firmware? Is it splitable? | [ 0x5000 -> 0x9fffff ] |
17
| NV | ? (/efs/nv_data.bin loaded instead) | |
18
|\2. Filled with only 0xffff | [ 0xa00000 -> 0xbfffff ] |
19
|\2. Modem firmware size | 12 MiB | 
20
21
|_. Name |_. Content |_. crespo |
22
| TOC | Partition table |\ None |
23
| PSIRAM | First stage bootloader | [ 0x0-> 0x4fff ] |
24
| MAIN? | Modem firmware? Is it splitable? | [ 0x5000 -> 0x9fffff ] |
25
| NV | ? (/efs/nv_data.bin loaded instead) |
26
| Beside very few data (144 bytes starting at 0xc00000 ), it's filled with 0xFFs | [ 0xa00000 -> 0xd7ffff ] |
27
|\2. Modem firmware size | 13.5 MiB |
28
29
And the respective libsamsung-ipc functions: 
30
31
|_. Partition |_. Content |_. aries |_. crespo |_. GT-I9100 |_. GT-N7000 |_. GT-I9250 |_. GT-I9300 |_. GT-N7100 |_. GT-P3100 |_. GT-P5100 |_. GT-N5100 |
32
| PSIRAM | First stage bootloader |\2. xmm616_psi_send |\2. xmm626_hsic_psi_send | xmm626_mipi_psi_send |\2. xmm626_hsic_psi_send |\2. xmm626_mipi_psi_send | xmm626_hsic_psi_send |
33
| EBL | Second stage bootloader ? |\2. ? |\2. xmm626_hsic_ebl_send | xmm626_mipi_ebl_send |\2. xmm626_hsic_ebl_send |\2. xmm626_mipi_ebl_send | xmm626_hsic_ebl_send |
34
| MAIN | ? |\2. xmm616_firmware_send |\2. xmm626_hsic_firmware_send | xmm626_mipi_firmware_send |\2. xmm626_hsic_firmware_send |\2. xmm626_mipi_firmware_send | xmm626_hsic_firmware_send |
35
| SECPACK | ? |\2. ? |\2. xmm626_hsic_sec_start_send | xmm626_mipi_sec_start_send |\2. xmm626_hsic_sec_start_send |\2. xmm626_mipi_sec_start_send | xmm626_hsic_sec_start_send |
36
| NV |nvdata default values |\2. xmm616_nv_data_send |\2. xmm626_hsic_nv_data_send | xmm626_mipi_nv_data_send |\2. xmm626_hsic_nv_data_send |\2. xmm626_mipi_nv_data_send | xmm626_hsic_nv_data_send |
37
38
At least some of these functions can be merged together if we have a modem_data_send function:
39
* The only difference between xmm626_mipi_nv_data_send and xmm626_mipi_hsic_data_send is the use of xmm626_mipi_modem_data_send vs xmm626_hsic_modem_data_send
40
41
TODO: find the place in libsamsung-ipc source mentioning that
42
43
References for the table:
44
* https://git.replicant.us/replicant/hardware_replicant_libsamsung-ipc/tree/samsung-ipc/devices/i9300/i9300.h?id=9ff9785a7f48e32f107ca7fb2e298b1320ad4cbc
45
* https://git.replicant.us/replicant/hardware_replicant_libsamsung-ipc/tree/samsung-ipc/devices/n7100/n7100.h?id=9ff9785a7f48e32f107ca7fb2e298b1320ad4cbc
46
* Verified on GT-I9300 and GT-N7100 modem partition table
47
48
h4. GT-I9300, GT-N7100, GT-P3100 modem partition table dump
49
50
TODO:
51 2 Denis 'GNUtoo' Carikli
* Send patch for the "modem-partition-tool":https://git.replicant.us/contrib/GNUtoo/hardware_replicant_libsamsung-ipc/tree/tools/modem-image-tool.c?h=patches-todo/modem-firwmare-toc#n33
52 1 Denis 'GNUtoo' Carikli
* Make sure that we know the device from the command line
53
* Understand the field depths along the way when supporting more devices
54
* Document all other devices that don't have this partition table
55
* Find the name of this partition table
56
57
<pre>
58
$ hexdump -C RADIO.img
59
00000000  50 53 49 52 41 4d 00 00  00 00 00 00 00 10 00 00  |PSIRAM..........|
60
00000010  00 00 00 00 00 e0 00 00  00 00 00 00 00 00 00 00  |................|
61
00000020  45 42 4c 00 00 00 00 00  00 00 00 00 00 f0 00 00  |EBL.............|
62
00000030  00 00 00 60 00 90 01 00  00 00 00 00 00 00 00 00  |...`............|
63
00000040  4d 41 49 4e 00 00 00 00  00 00 00 00 00 80 02 00  |MAIN............|
64
00000050  00 00 30 60 00 78 9d 00  00 00 00 00 00 00 00 00  |..0`.x..........|
65
00000060  53 45 43 50 41 43 4b 00  00 00 00 00 00 f8 9f 00  |SECPACK.........|
66
00000070  00 00 00 00 00 08 00 00  00 00 00 00 00 00 00 00  |................|
67
00000080  4e 56 00 00 00 00 00 00  00 00 00 00 00 00 a0 00  |NV..............|
68
00000090  00 00 e8 60 00 00 20 00  00 00 00 00 00 00 00 00  |...`.. .........|
69
000000a0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
70
*
71
[...]
72
</pre>
73
74
h3. Devices with a different partition table
75
76
* The devices with a Qualcomm modem like the GT-I9305 and the GT-N7105 have individual files inside the vfat modem partition. See the "Samsung_Midas_4G":https://osmocom.org/projects/quectel-modems/wiki/Samsung_Midas_4G on the quectel-modems osmocom project for more details.
77
78
h3. Unknown
79
80
We would need to get a device and dump the modem firmware to check, but given the offset of the PSIRAM, it probably contains the same header:
81
* Galaxy Note 8.0
82
* GT-P5100 is untested but but it's probably similar to the GT-P3100