[Prism54-devel] Re: SMC 2802 V2

Karsten Richter kasi@kasi-net.org
Mon, 02 Feb 2004 10:28:59 +0100 

Esa Loukkola wrote:
> --On 30. January 2004 13:21 +0100 Karsten Richter <kasi@kasi-net.org> 
> wrote:
Hi Esa, hi list,

> BTW, how did you extract the firmware from the Windows drivers, i.e. how 
> confident are you that it's OK?

As this information might be useful for other people that accidently 
bought the "wrong" 2802W card I decided to post my extraction story
to the list:

I extracted the firmware by experimenting with dd. First thing I found 
when xxd'ing the 2802W.sys file was the characteristical version string:

00009f0: 6275 696c 7420 6f6e 2057 6564 204e 6f76  built on Wed Nov
0000a00: 2035 2031 333a 3033 3a33 3620 4345 5420   5 13:03:36 CET
0000a10: 3230 3033 2062 7920 696e 6c62 7569 6c64  2003 by inlbuild
0000a20: 4074 6978 5041 434b 5041 434b 5041 434b  @tixPACKPACKPACK

Next thing I found was that it has to end somewhere around offset 0x79d0:


00079b0: efbe adde 0000 0000 0000 0000 0000 0000  ................
00079c0: 0000 0000 0000 0000 0000 0000 0000 0000  ................
00079d0: 0000 0000 d879 0100 534d 4332 3830 3257  .....y..SMC2802W
00079e0: 494f 432e 7678 6400 4e6f 7620 3234 2032  IOC.vxd.Nov 24 2

this seems to be an new segment in the Windows driver (not that I know
the internals of Windows driver binaries but I had seen the .vxd before 
;-) ).

A first try did not produce a vaild firmware, so I tried different 
offsets and sizes. Next thing I found was that the Linux driver
only accepts firmware that is a multiple of 4 bytes size, that eased 
finding the correct size a bit.
I was a bit astonished that the firmware obviously was less than 30kbyte 
size, but Luis pointed out, that the firmware might be okay.

I tried some offsets but the card used to reject the firmware by not 
resetting itself ("Resource temporarily unavailable").
Finally I found an offset/size combination that seems to work as the 
card triggers the reset interrupt.

The dd call that produces the firmware is:

dd if=2802W.exe of=test.firmware bs=1 skip=2244 count=28944

All just empirical proofs though...


Greetings

Karsten