Mbm

From MILEDROPEDIA
Jump to: navigation, search

mbm (also known as RAMLD or ramloader).

Versions of mbm

Milestone (A853)

Milestone XT701

Milestone XT720

Droid

Droid X

Droid 2

Booting errors

Error code What does this error mean
E000 wrong security type
B655 EDDC EB security version error
DBE7 11E1 83 ramloader: wrong address
D000 ramloader: security checking error
FEBE ramloader: integrity checking error
CAA5 6CCF error: none pds pages
C0FF CABE E1 ramloader: loading error
C0FF 1CCC E1
C0FF 1CCC 8B error: wrong jump address (null)
DAA5 19ED 83 error: wrong jump address
C0FF CABE 8B error: wrong jump address
CAA5 6CCF
1337 AB6B 83
1337 510B 83 invalid address
C0FF BBD6
C0FF 32DF D5
C0FF CABE D5
C0FF A430 83
C0FF 11E1 83
1337 11E1 83
DEA1
DEA1 8D security checking error
C089 security checking error
C0FF CABE error when executing BIN command
DAA5 1D23 83 wrong ramloader
C0FF 200B usb error
C0FF 2190 usb error
C0FF 1AB4 usb error
C0FF 1FFF usb error
C0FF 101F usb error
C0FF 21FF usb error
C0FF 3001 usb error
B655 XXXX fastboot errors


Interfacing over pc

it can talk with pc over usb. It have this commands:

  1. cmd_ADDR         EQU 1
  2. cmd_BIN          EQU 2
  3. cmd_START        EQU 3
  4. cmd_HSYNC        EQU 4
  5. cmd_POWER_DOWN   EQU 5
  6. cmd_RQHW         EQU 7
  7. cmd_RQRC         EQU 8
  8. cmd_RQUID        EQU 0xA
  9. cmd_RQVN         EQU 0xB
  10. cmd_JUMP         EQU 0xC
  11. cmd_RESTART      EQU 0xE
  12. cmd_RQSW         EQU 0x12
  13. cmd_READ         EQU 0x15
  14. cmd_RQINFO       EQU 0x17
  15. cmd_FL_RESTART   EQU 0x18

USB command syntax is 0x02, commandbuf, 0x03. command buf contains command string and each argument (if any) seperated by 0x1e, for example:

  1. "\x02JUMP\x03" // no arguments
  2. "\x02RQUID\xe10000\x03" // one argument

And this is a section inside mbm which parse this commands:

  1. struct command {
  2. 	int code;
  3. 	char* str;
  4. };
  5.  
  6. struct command* cmdlist;
  7.  
  8. // arg_count can be argument, only if count of arguments == 1
  9. // e.g. for ADDR and BIN commands
  10. signed int cmd_handler(int cmd, int arg_count, char** arg_array)
  11. {
  12.   uint8_t i = 0;
  13.   uint8_t cmd_code;
  14.   int sec_type;
  15.   signed int result;
  16.   char* buf;
  17.  
  18.   cmd_code = 26; 
  19.   sec_type = security_check_type();
  20.   while ( !standard_strcmp(cmdlist[i].str, cmd) ) {
  21.     i++
  22.     if ( i >= 0xF )
  23.       goto parse_CMD;
  24.   }
  25.   cmd_code = cmdlist[i].code;
  26. parse_CMD:
  27.   result = cmd_security_check(cmd_code, arg_count, cmd);
  28.   if ( result != 35 ) {
  29.     if ( cmd_code < 0x19 ) {
  30.       switch ( cmd_code ) {
  31.         case 1:
  32.           if ( *(uint8_t)0x8F32D150 == 1 ) {
  33.             result = cmd_handler_ADDR(arg_count);
  34.           } else {
  35.             buf[0] = 119;
  36.             result = usb_send("ERR", buf);
  37.           }
  38.           return result;
  39.         case 2:
  40.           return cmd_handler_BIN(arg_count, arg_array);
  41.         case 5:
  42.           cmd_handler_POWEROFF();
  43.           return result;
  44.         case 14:
  45.           cmd_handler_RESET();
  46.           return result;
  47.         case 21:
  48.           return cmd_handler_READ(arg_count);
  49.         case 7:
  50.           if ( *(uint8_t)0x8F32D18C == 240 || *(uint8_t)0x8F32D3A9 != 1 || sec_type != 49153 && sec_type != 43806 ) {
  51.             result = cmd_handler_RQHW();
  52.           } else {
  53.             *(uint8_t)0x8F32D3A9 = 0;
  54.             buf[0] = *(uint8_t)0x8F32D18C;
  55.             result = usb_send("ERR", buf);
  56.           }
  57.           return result;
  58.         case 10:
  59.           return cmd_handler_RQUID(arg_count);
  60.         case 11:
  61.           return cmd_handler_RQVN();
  62.         case 8:
  63.           return cmd_handler_RQRC(arg_count);
  64.         case 23:
  65.           return cmd_handler_RQINFO();
  66.         case 18:
  67.           return cmd_handler_RQSW();
  68.         case 12:
  69.           return cmd_handler_JUMP(arg_count);
  70.         case 24:
  71.           cmd_handler_FL_RE(arg_count);
  72.           return result;
  73.         case 0:
  74.         case 3:
  75.         case 4:
  76.         case 6:
  77.         case 9:
  78.         case 13:
  79.         case 15:
  80.         case 16:
  81.         case 17:
  82.         case 19:
  83.         case 20:
  84.         case 22:
  85.           break;
  86.       }
  87.     }
  88.     buf[0] = 133;
  89.     result = usb_send("ERR", buf);
  90.   }
  91.   return result;
  92. }