Calypso DSP reverse engineering front ...
spaar at mirider.augusta.de
Thu Mar 11 08:23:45 UTC 2010
On Thu, 11 Mar 2010 01:18:06 +0100, "Sylvain Munaut" <246tnt at gmail.com> wrote:
> I've been slowly working on the DSP code for some time now and I
> tought I'd post a status here in case other people are interested.
Great that you work on the DSP part. I am working with the DSP code
for a while, mainly to look up things for my Layer1 experiments
if the meaning of API RAM fields are not clear from the header
files only. I also use the latest IDA Pro version (I am a Hex-Rays
customer too), however without much dealing with the Data ROM
till now, the Code ROM was good enough so far.
> The ultimate point of this is to add support for things the DSP isn't
> supposed to do. Like receiving the raw demodulated data without the
> deciphering / fire code / whatever.
I already found the location in the internal DSP RAM where the raw
bits of a frame from four normal bursts are stored. They are stored
as "soft" bits (16-bit value) and are already deinterleaved. It
should not be too hard to patch the appropriate functions and move
the raw bits to some unused location in the API RAM so that they can
be accessed from the ARM. So getting the raw bits of one timeslot
is probably rather easy, however getting the raw bits of all timeslots
is a different thing. I did not look at this in more detail because
there are currently other more important things to do in Layer1.
> Here's a sample results of what it looks like now (without much manual
> fixups, just loading the files and declaring a couple addresses as
> being structures) :
> It becomes clear what function does what :)
Yes, I have seen this code ;-).
> I'll try to push a maximum in my dsp branch tomorrow. I can't put the
> IDA processor module modification because even just the patch contains
> some hex-rays code, so I guess I'll have to ask them permission on a
> case by case basis to distribute it. (just ask me privately and we'll
> work it out)
Great. I am interested in your modification to IDA Pro (feel free
to ask Hex-Rays of course, they should know me).
As a side note: IDA Pro is an extraordinary tool and the support from
Hex-Rays is great. So if one use IDA Pro regulary, Hex-Rays really
deserves it that a licensed copy of IDA Pro is used and not a pirated
one. I am not related to Hex-Rays, just a happy customer for a long time.
Dieter Spaar, Germany spaar at mirider.augusta.de
More information about the baseband-devel