[Prism54-devel] Firmware built-in debugger ?
Sebastien B
sebastien.b at swissinfo.org
Sun Apr 17 19:46:19 UTC 2005
Hello,
> The oversized bogus frames are a sign that something went askew with the
> device (same as interrupt in version1 devices). They're always generated
> when you don't speak right to it, and i think they may be a memory dump.
I've just noticed another thing. The firmwares all contain the string
"LMAC > " surrounded by ANSI escape characters coding for "highlight" (this
string is sometimes a bit messed up by the firmware compression). This is
very similar to the "rom > " prompt of the GW3887. The format, and the escape
characters are exactly the same. Probably, the protocol will then be
text-based (like that of the GW3887 ROM), and that's what strings like
"normal0", "disabling", "possible" "stop timeout", "tx_active",.... are for
(there are longer and more explicit ones, but they are made almost unreadable
by the compression), since they are never part of the USB nor 802.11 protocol
as far as I know.
I've looked at recent (2.5.6, 2.5.8, 2.7.0 and 2.13.1 firmwares) as well as
old ones (2.4.6 and 2.4.0) ; they all contain this string. FullMAC firmwares
don't.
So I'll try to deliberately send bogus data to the device, and then look what
there is in those oversized frames. The LMAC debugger is certainly
interesting :)
To know what to send, we'll probably need to uncompress the firmware and look
at strings... I think the easiest way to do this is to run the firmware in a
ARM emulator and then stop it and examine the memory once it has
self-extracted. Unless someone guesses what the compression algorithm is...
Regards,
Sebastien
PS: firmware 2.13.1.0 is that of the new Gigaset 54 driver, download from the
Siemens website.
More information about the Prism54-devel
mailing list