Mbm

From MILEDROPEDIA
Revision as of 01:16, 9 August 2010 by Wikiadmin (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

mbm (also known as RAMLD or ramloader).

Versions of mbm

Milestone (A853)

 * 90.72 - Modes:90.72.tar.gz
 * 90.73 - phones from LA (Latin America) and DACH (Germany, Austria, Switzerland) Modes:90.73.tar.gz
 * 90.74 - Canadian Phones Modes:90.74.tar.gz
 * 90.76 - unknown
 * 90.78 - newly released phones Modes:90.78.tar.gz
 * 90.80 - developer phones Modes:90.80.tar.gz

Milestone XT701

Milestone XT720

Droid

Droid X

 * 26.01 - [download]
 * 27.01 - Preinstalled on the phons [download]

Droid 2

Booting errors

 * **E000** - wrong security type
 * **B655 EDDC EB** - security version error
 * **DBE7 11E1 83** - ramloader: wrong address
 * **D000** - ramloader: security checking error 
 * **FEBE** - ramloader: integrity checking error
 * **CAA5 6CCF** - error: none pds pages
 * **C0FF CABE E1** - ramloader: loading error
 * **C0FF 1CCC E1**
 * **C0FF 1CCC 8B** - error: wrong jump address (null)
 * **DAA5 19ED 83** - error: wrong jump address
 * **C0FF CABE 8B** - error: wrong jump address
 * **CAA5 6CCF** 
 * **1337 AB6B 83** 
 * **1337 510B 83** - invalid address 
 * **C0FF BBD6**
 * **C0FF 32DF D5**
 * **C0FF CABE D5**
 * **C0FF A430 83**
 * **C0FF 11E1 83**
 * **1337 11E1 83**
 * **DEA1** 
 * **DEA1 8D** - security checking error
 * **C089** - security checking error
 * **C0FF CABE** - error when executing BIN command
 * **DAA5 1D23 83** - wrong ramloader
 * **C0FF 200B** - usb error
 * **C0FF 2190** - usb error
 * **C0FF 1AB4** - usb error
 * **C0FF 1FFF** - usb error
 * **C0FF 101F** - usb error
 * **C0FF 21FF** - usb error
 * **C0FF 3001** - usb error
 * **B655 XXXX** - fastboot errors                    


Interfacing over pc

it can talk with pc over usb. It have this commands:

cmd_ADDR         EQU 1
cmd_BIN          EQU 2
cmd_START        EQU 3
cmd_HSYNC        EQU 4
cmd_POWER_DOWN   EQU 5
cmd_RQHW         EQU 7
cmd_RQRC         EQU 8
cmd_RQUID        EQU 0xA
cmd_RQVN         EQU 0xB
cmd_JUMP         EQU 0xC
cmd_RESTART      EQU 0xE
cmd_RQSW         EQU 0x12
cmd_READ         EQU 0x15
cmd_RQINFO       EQU 0x17
cmd_FL_RESTART   EQU 0x18

And this is a section inside mbm which parse this commands:

ROM:8F31657A
ROM:8F31657A                 ; =============== S U B R O U T I N E =======================================
ROM:8F31657A
ROM:8F31657A
ROM:8F31657A                 ; int __fastcall cmd_handler()
ROM:8F31657A                 cmd_handler                                       ; CODE XREF: parser+256�p
ROM:8F31657A
ROM:8F31657A                 var_28          = -0x28
ROM:8F31657A                 var_27          = -0x27
ROM:8F31657A
ROM:8F31657A                 ; FUNCTION CHUNK AT ROM:8F3166BC SIZE 00000018 BYTES
ROM:8F31657A
ROM:8F31657A 000 2D E9 F8 4F                 PUSH.W  {R3-R11,LR}               ; Push registers
ROM:8F31657E 028 80 46                       MOV     R8, R0                    ; Rd = Op2
ROM:8F316580 028 89 46                       MOV     R9, R1                    ; Rd = Op2
ROM:8F316582 028 92 46                       MOV     R10, R2                   ; Rd = Op2
ROM:8F316584 028 FB F7 C5 FB                 BL      check_security_type       ; Branch with Link
ROM:8F316588 028 F3 4C                       LDR     R4, =cmds_list            ; Load from Memory
ROM:8F31658A 028 00 25                       MOVS    R5, #0                    ; Rd = Op2
ROM:8F31658C 028 1A 26                       MOVS    R6, #0x1A                 ; Rd = Op2
ROM:8F31658E 028 07 46                       MOV     R7, R0                    ; Rd = Op2
ROM:8F316590
ROM:8F316590                 read_command                                      ; CODE XREF: cmd_handler+2C�j
ROM:8F316590 028 41 46                       MOV     R1, R8                    ; Rd = Op2
ROM:8F316592 028 20 68                       LDR     R0, [R4]                  ; Load from Memory
ROM:8F316594 028 FD F7 C0 FA                 BL      str_compare_0             ; Branch with Link
ROM:8F316598 028 08 B1                       CBZ     R0, read_next             ; Compare and Branch on Zero
ROM:8F31659A 028 26 79                       LDRB    R6, [R4,#4]               ; Load from Memory
ROM:8F31659C 028 04 E0                       B       parse_CMD                 ; Branch
ROM:8F31659E                 ; ---------------------------------------------------------------------------
ROM:8F31659E
ROM:8F31659E                 read_next                                         ; CODE XREF: cmd_handler+1E�j
ROM:8F31659E 028 68 1C                       ADDS    R0, R5, #1                ; Rd = Op1 + Op2
ROM:8F3165A0 028 08 34                       ADDS    R4, #8                    ; Rd = Op1 + Op2
ROM:8F3165A2 028 C5 B2                       UXTB    R5, R0                    ; Unsigned extend byte to word
ROM:8F3165A4 028 0F 2D                       CMP     R5, #0xF                  ; Set cond. codes on Op1 - Op2
ROM:8F3165A6 028 F3 D3                       BCC     read_command              ; Branch
ROM:8F3165A8
ROM:8F3165A8                 parse_CMD                                         ; CODE XREF: cmd_handler+22�j
ROM:8F3165A8 028 42 46                       MOV     R2, R8                    ; Rd = Op2
ROM:8F3165AA 028 49 46                       MOV     R1, R9                    ; Rd = Op2
ROM:8F3165AC 028 30 46                       MOV     R0, R6                    ; Rd = Op2
ROM:8F3165AE 028 FC F7 36 F8                 BL      chk_sec                   ; Branch with Link
ROM:8F3165B2 028 23 28                       CMP     R0, #0x23                 ; Set cond. codes on Op1 - Op2
ROM:8F3165B4 028 23 D0                       BEQ     exit                      ; Branch
ROM:8F3165B6 028 19 2E                       CMP     R6, #0x19                 ; switch 25 cases
ROM:8F3165B8 028 7D D2                       BCS     if_other                  ; default
ROM:8F3165BA
ROM:8F3165BA                 CMD_choise                                        ; switch jump
ROM:8F3165BA 028 DF E8 06 F0                 TBB.W   [PC,R6]
ROM:8F3165BA 028             ; ---------------------------------------------------------------------------
ROM:8F3165BE 028 7F          cmd_choise      DCB 0x7F                          ; jump table for switch statement
ROM:8F3165BF 028 0D                          DCB 0xD
ROM:8F3165C0 028 22                          DCB 0x22
ROM:8F3165C1 028 7F                          DCB 0x7F
ROM:8F3165C2 028 7F                          DCB 0x7F
ROM:8F3165C3 028 28                          DCB 0x28
ROM:8F3165C4 028 7F                          DCB 0x7F
ROM:8F3165C5 028 37                          DCB 0x37
ROM:8F3165C6 028 64                          DCB 0x64
ROM:8F3165C7 028 7F                          DCB 0x7F
ROM:8F3165C8 028 5A                          DCB 0x5A
ROM:8F3165C9 028 5F                          DCB 0x5F
ROM:8F3165CA 028 73                          DCB 0x73
ROM:8F3165CB 028 7F                          DCB 0x7F
ROM:8F3165CC 028 2D                          DCB 0x2D
ROM:8F3165CD 028 7F                          DCB 0x7F
ROM:8F3165CE 028 7F                          DCB 0x7F
ROM:8F3165CF 028 7F                          DCB 0x7F
ROM:8F3165D0 028 6E                          DCB 0x6E
ROM:8F3165D1 028 7F                          DCB 0x7F
ROM:8F3165D2 028 7F                          DCB 0x7F
ROM:8F3165D3 028 32                          DCB 0x32
ROM:8F3165D4 028 7F                          DCB 0x7F
ROM:8F3165D5 028 69                          DCB 0x69
ROM:8F3165D6 028 78                          DCB 0x78
ROM:8F3165D7 028 00                          ALIGN 2
ROM:8F3165D8
ROM:8F3165D8                 is_ADDR                                           ; CODE XREF: cmd_handler:CMD_choise�j
ROM:8F3165D8 028 E0 48                       LDR     R0, =byte_8F32D150        ; jumptable 8F3165BA case 1
ROM:8F3165DA 028 00 78                       LDRB    R0, [R0]                  ; Load from Memory
ROM:8F3165DC 028 01 28                       CMP     R0, #1                    ; Set cond. codes on Op1 - Op2
ROM:8F3165DE 028 04 D1                       BNE     error                     ; Branch
ROM:8F3165E0 028 48 46                       MOV     R0, R9                    ; Rd = Op2
ROM:8F3165E2 028 BD E8 F8 4F                 POP.W   {R3-R11,LR}               ; Pop registers
ROM:8F3165E6 000 FC F7 38 BC                 B.W     cmd_handler_ADDR          ; Branch
ROM:8F3165EA                 ; ---------------------------------------------------------------------------
ROM:8F3165EA
ROM:8F3165EA                 error                                             ; CODE XREF: cmd_handler+64�j
ROM:8F3165EA 028 77 20                       MOVS    R0, #0x77                 ; Rd = Op2
ROM:8F3165EC 028 69 46                       MOV     R1, SP                    ; Rd = Op2
ROM:8F3165EE 028 8D F8 00 00                 STRB.W  R0, [SP,#0x28+var_28]     ; Store to Memory
ROM:8F3165F2 028 00 20                       MOVS    R0, #0                    ; Rd = Op2
ROM:8F3165F4 028 8D F8 01 00                 STRB.W  R0, [SP,#0x28+var_27]     ; Store to Memory
ROM:8F3165F8 028 D6 48                       LDR     R0, =ANSWER_ERR           ; "ERR"
ROM:8F3165FA 028 FF F7 67 FF                 BL      usb_send                  ; Branch with Link
ROM:8F3165FE
ROM:8F3165FE                 exit                                              ; CODE XREF: cmd_handler+3A�j
ROM:8F3165FE 028 BD E8 F8 8F                 POP.W   {R3-R11,PC}               ; Pop registers
ROM:8F316602                 ; ---------------------------------------------------------------------------
ROM:8F316602
ROM:8F316602                 is_BIN                                            ; CODE XREF: cmd_handler:CMD_choise�j
ROM:8F316602 028 51 46                       MOV     R1, R10                   ; jumptable 8F3165BA case 2
ROM:8F316604 028 48 46                       MOV     R0, R9                    ; Rd = Op2
ROM:8F316606 028 BD E8 F8 4F                 POP.W   {R3-R11,LR}               ; Pop registers
ROM:8F31660A 000 FC F7 7A BC                 B.W     cmd_handler_BIN           ; Branch
ROM:8F31660E                 ; ---------------------------------------------------------------------------
ROM:8F31660E
ROM:8F31660E                 is_POWER_DOWN                                     ; CODE XREF: cmd_handler:CMD_choise�j
ROM:8F31660E 028 48 46                       MOV     R0, R9                    ; jumptable 8F3165BA case 5
ROM:8F316610 028 BD E8 F8 4F                 POP.W   {R3-R11,LR}               ; Pop registers
ROM:8F316614 000 FC F7 63 BF                 B.W     cmd_handler_POWEROFF      ; Branch
ROM:8F316618                 ; ---------------------------------------------------------------------------
ROM:8F316618
ROM:8F316618                 is_RESTART                                        ; CODE XREF: cmd_handler:CMD_choise�j
ROM:8F316618 028 48 46                       MOV     R0, R9                    ; jumptable 8F3165BA case 14
ROM:8F31661A 028 BD E8 F8 4F                 POP.W   {R3-R11,LR}               ; Pop registers
ROM:8F31661E 000 FC F7 87 BF                 B.W     cmd_handler_RESET         ; Branch
ROM:8F316622                 ; ---------------------------------------------------------------------------
ROM:8F316622
ROM:8F316622                 is_READ                                           ; CODE XREF: cmd_handler:CMD_choise�j
ROM:8F316622 028 48 46                       MOV     R0, R9                    ; jumptable 8F3165BA case 21
ROM:8F316624 028 BD E8 F8 4F                 POP.W   {R3-R11,LR}               ; Pop registers
ROM:8F316628 000 FC F7 D3 BF                 B.W     cmd_handler_READ          ; Branch
ROM:8F31662C                 ; ---------------------------------------------------------------------------
ROM:8F31662C
ROM:8F31662C                 is_RQ_type                                        ; CODE XREF: cmd_handler:CMD_choise�j
ROM:8F31662C 028 CC 48                       LDR     R0, =byte_8F32D18C        ; jumptable 8F3165BA case 7
ROM:8F31662E 028 00 78                       LDRB    R0, [R0]                  ; Load from Memory
ROM:8F316630 028 F0 28                       CMP     R0, #0xF0                 ; Set cond. codes on Op1 - Op2
ROM:8F316632 028 19 D0                       BEQ     is_RQHW                   ; Branch
ROM:8F316634 028 C8 49                       LDR     R1, =cmds_list            ; Load from Memory
ROM:8F316636 028 91 F8 79 20                 LDRB.W  R2, [R1,#0x79]            ; Load from Memory
ROM:8F31663A 028 01 2A                       CMP     R2, #1                    ; Set cond. codes on Op1 - Op2
ROM:8F31663C 028 14 D1                       BNE     is_RQHW                   ; Branch
ROM:8F31663E 028 4C F2 01 02                 MOVW    R2, #0xC001               ; Rd = Op2
ROM:8F316642 028 97 42                       CMP     R7, R2                    ; Set cond. codes on Op1 - Op2
ROM:8F316644 028 03 D0                       BEQ     return_RQ_error           ; Branch
ROM:8F316646 028 A7 F5 2B 42                 SUB.W   R2, R7, #0xAB00           ; Rd = Op1 - Op2
ROM:8F31664A 028 1E 3A                       SUBS    R2, #0x1E                 ; Rd = Op1 - Op2
ROM:8F31664C 028 0C D1                       BNE     is_RQHW                   ; Branch
ROM:8F31664E
ROM:8F31664E                 return_RQ_error                                   ; CODE XREF: cmd_handler+CA�j
ROM:8F31664E 028 00 22                       MOVS    R2, #0                    ; Rd = Op2
ROM:8F316650 028 81 F8 79 20                 STRB.W  R2, [R1,#0x79]            ; Store to Memory
ROM:8F316654 028 69 46                       MOV     R1, SP                    ; Rd = Op2
ROM:8F316656 028 8D F8 00 00                 STRB.W  R0, [SP,#0x28+var_28]     ; Store to Memory
ROM:8F31665A 028 BE 48                       LDR     R0, =ANSWER_ERR           ; "ERR"
ROM:8F31665C 028 8D F8 01 20                 STRB.W  R2, [SP,#0x28+var_27]     ; Store to Memory
ROM:8F316660 028 FF F7 34 FF                 BL      usb_send                  ; Branch with Link
ROM:8F316664 028 BD E8 F8 8F                 POP.W   {R3-R11,PC}               ; Pop registers
ROM:8F316668                 ; ---------------------------------------------------------------------------
ROM:8F316668
ROM:8F316668                 is_RQHW                                           ; CODE XREF: cmd_handler+B8�j
ROM:8F316668                                                                   ; cmd_handler+C2�j ...
ROM:8F316668 028 48 46                       MOV     R0, R9                    ; Rd = Op2
ROM:8F31666A 028 BD E8 F8 4F                 POP.W   {R3-R11,LR}               ; Pop registers
ROM:8F31666E 000 FC F7 9C BC                 B.W     cmd_handler_RQHW          ; Branch
ROM:8F316672                 ; ---------------------------------------------------------------------------
ROM:8F316672
ROM:8F316672                 is_RQUID                                          ; CODE XREF: cmd_handler:CMD_choise�j
ROM:8F316672 028 48 46                       MOV     R0, R9                    ; jumptable 8F3165BA case 10
ROM:8F316674 028 BD E8 F8 4F                 POP.W   {R3-R11,LR}               ; Pop registers
ROM:8F316678 000 FC F7 A6 BC                 B.W     cmd_handler_RQUID         ; Branch
ROM:8F31667C                 ; ---------------------------------------------------------------------------
ROM:8F31667C
ROM:8F31667C                 is_RQVN                                           ; CODE XREF: cmd_handler:CMD_choise�j
ROM:8F31667C 028 48 46                       MOV     R0, R9                    ; jumptable 8F3165BA case 11
ROM:8F31667E 028 BD E8 F8 4F                 POP.W   {R3-R11,LR}               ; Pop registers
ROM:8F316682 000 FC F7 D4 BE                 B.W     cmd_handler_RQVN          ; Branch
ROM:8F316686                 ; ---------------------------------------------------------------------------
ROM:8F316686
ROM:8F316686                 is_RQRC                                           ; CODE XREF: cmd_handler:CMD_choise�j
ROM:8F316686 028 48 46                       MOV     R0, R9                    ; jumptable 8F3165BA case 8
ROM:8F316688 028 BD E8 F8 4F                 POP.W   {R3-R11,LR}               ; Pop registers
ROM:8F31668C 000 FC F7 F0 BB                 B.W     cmd_handler_RQRC          ; Branch
ROM:8F316690                 ; ---------------------------------------------------------------------------
ROM:8F316690
ROM:8F316690                 is_RQINFO                                         ; CODE XREF: cmd_handler:CMD_choise�j
ROM:8F316690 028 48 46                       MOV     R0, R9                    ; jumptable 8F3165BA case 23
ROM:8F316692 028 BD E8 F8 4F                 POP.W   {R3-R11,LR}               ; Pop registers
ROM:8F316696 000 FC F7 4E BD                 B.W     cmd_handler_RQINFO        ; Branch
ROM:8F31669A                 ; ---------------------------------------------------------------------------
ROM:8F31669A
ROM:8F31669A                 is_RQSW                                           ; CODE XREF: cmd_handler:CMD_choise�j
ROM:8F31669A 028 48 46                       MOV     R0, R9                    ; jumptable 8F3165BA case 18
ROM:8F31669C 028 BD E8 F8 4F                 POP.W   {R3-R11,LR}               ; Pop registers
ROM:8F3166A0 000 FC F7 71 BF                 B.W     cmd_handler_RQSW          ; Branch
ROM:8F3166A4                 ; ---------------------------------------------------------------------------
ROM:8F3166A4
ROM:8F3166A4                 is_JUMP                                           ; CODE XREF: cmd_handler:CMD_choise�j
ROM:8F3166A4 028 48 46                       MOV     R0, R9                    ; jumptable 8F3165BA case 12
ROM:8F3166A6 028 BD E8 F8 4F                 POP.W   {R3-R11,LR}               ; Pop registers
ROM:8F3166AA 000 FC F7 22 BF                 B.W     cmd_handler_JUMP          ; Branch
ROM:8F3166AE                 ; ---------------------------------------------------------------------------
ROM:8F3166AE
ROM:8F3166AE                 is_FL_RE                                          ; CODE XREF: cmd_handler:CMD_choise�j
ROM:8F3166AE 028 48 46                       MOV     R0, R9                    ; jumptable 8F3165BA case 24
ROM:8F3166B0 028 BD E8 F8 4F                 POP.W   {R3-R11,LR}               ; Pop registers
ROM:8F3166B4 000 00 E0                       B       cmd_handler_FL_RE         ; Branch
ROM:8F3166B6                 ; ---------------------------------------------------------------------------
ROM:8F3166B6
ROM:8F3166B6                 if_other                                          ; CODE XREF: cmd_handler+3E�j
ROM:8F3166B6 028 01 E0                       B       print_error_msg           ; default
ROM:8F3166B6                 ; End of function cmd_handler
ROM:8F3166B6