Main > Main Forum
GAMEBOX Multi-Game Platform TV Video Game Console -MAME-
shanghaiguide:
Got quite far last night before sleep got the better of me - basically passed out in front of the computer, woke up, went to bed! (ok, not uncommon for me, but still...)
I emailed the guy doing some of the work at zonaeuropas, and he emailed back with a dump from the Gamebox. That was a huge help, as I now had 2 dumps to compare.
I need to wait for a response from him as to whether his is NREAD_RAW or NREAD dumped, but I think they got some stuff wrong (they put wrong file sizes to things).
If I use mine, his dump makes more sense, so i think I'm correct. Need to get a reply from them before I can see though, as it might just be bad translation for both of us (we're google translating to talk!).
Looks like my dump stuff is turning out to be correct.
I compared raw dump and non raw dump, and the data looks correct for both (although the raw_dump is obviously larger due to OOB block stuff thats not used by us).
Page 61, and Page 62 in MINIOS are important - those contain the flash size.
If your settings are wrong, thats wrong.
I got this, which is correct for my hardware.
USBBoot :> nreadraw 61 24 0 0
Reading RAW from No.0 device No.0 flash....
0x00000000 :00 20 00 00 c0 01 00 00 00 01 00 00
00 20 00 00 = 8192 PAGE SIZE
c0 01 00 00 = 448 OOBSIZE
00 01 00 00 = 256 PAGE PER BLOCK
My hardware NAND chip details:
USBBoot :> nquery 0 0
ID of No.0 device No.0 flash:
Vendor ID :0xad
Product ID :0xd7
Chip ID :0x94
Page ID :0x9a
Plane ID :0x74
Operation status: Success!
I know that the first 8k of the NAND is the chipset bootloader, as thats in the data sheet for the chipset in stone.
This is what I found so far for my dumps
--- Quote ---0x00000 -> 0x02000 = NAND Boot code (NAND.BIN) 8K
0x00A00 -> 0x01200 = Next bit of code (CODE_1.BIN) 2K BYTE / Pattern 21 20 00 02 00 16 93 92
0x01200 -> 0x01600 = Next bit of code (CODE_2.BIN) 1K
0x01600 -> 0x02000 = MINIOS_BOOT.BIN / FE FF 87 14...
0x02000 -> 0x1EA00 = ?? 34 bytes, then empty. / FF FF FF D0 1E 6F B7 F5 52 DD 5E CD 10 76 AB 5D A0 3C 77 08 8C A3 DD 0F 7B 74 34 A3 CF FB B5 D0 3D 41 0C 43 91 8A E4 8C 1F 2E 00 00 00 00 00 00 00 00 00 00 00 00 00
0x1EA00 -> 0x1EA0B = 12 bytes Page 61 NAND size
0x1F000 -> 0x1F1FF = ?? unsure, but data bytes. FF FF FF E2 4E 7B A3 3C 2D 49 89 8B 9A BB 30 F0 04 4B FC 3D 82 D2 DE 48 13 CC C7 83 37 04 4B FC 3D 82 D2 DE 48 13 CC C7 83 37 04 4B FC 3D 82 D2 DE 48 13 CC C7 83 37 D7 5A FE A9 26 then FF..FF
0x1F200 -> 0x1F204 = 12 bytes Page 62 NAND size
0x1F800 -> 0x1F9FF = ?? same as previous unsure sequence, repeated twice, so must be significant..
0x1FA00 -> 0x1FA0F = 10 bytes of 0
0x1FE00 -> 0x1FE3F = 40 bytes Start/ End is similar to our unsure, looks like probably code? Need to run through mips decompiler to check i think - FF FF FF D0 1E 6F B7 F5 1D 2A 39 E5 6E 72 DE C4 7E A9 EF 73 D0 83 AE 10 94 06 D4 E0 1C D7 5A FE A9 26 83 AE 10 94 06 D4 E0 1C D7 5A FE A9 26 83 AE 10 94 06 D4 E0 1C D7 5A FE A9 26 FFFFFFFF
0x80200 - 0x8c7ff? (probably to 0x80200+64kb) = 0xc600 bytes MINIOS? see i2c and chipset stuff in that. (called it i2c_nand - I think dump should probably be 64kb, but rest of data is FF's so can pad out if you want)
0x100200 - Filesystem :)
--- End quote ---
Files found in there so far:
mobile_tv.bin
desktop.bin
udc_battery.bin
sysconfig.bin
toolsbox.bin
calendar.bin
ebook.bin
worldclock.bin
russblock.bin
fmradio.bin
recorder.bin
mp3_compress.bin
viewer.bin
jpgdec.bin
pngdec.bin
bmpdec.bin
gifdec.bin
AudioTag.bin <-- significant, means case sensitive
vplayer.bin
fplayer.bin
aplayer.bin
video.bin
alarm.bin
gameplay.bin
gba_lib.bin
nes_lib.bin
snes_lib.bin
md_lib.bin
ticru_lib.bin
dcDecoder.bin
dvEncoder.bin
dcdv.bin
mpcodecs_ad_liba52.bin
mpcodecs_ad_hwac3.bin
ffmpeg64.bin
ffmpeg_vd_mpegmisc.bin
ffmpeg_vd_mpegmisc2.bin
ffpmeg_vd_mpegvideo.bin
mpcodecs_vs_libmpeg2.bin
ffmpeg_vd_svq3.bin
mpcodecs_vd_realvid.bin
aux_task.bin
I need to see what the FS is, but it looks like I'm at the point where I can definitely extract stuff from the firmware and write back to it. (Or fairly soon at that point). I've already dumped out parts to separate files now, and am giving those a look.
Quite happy, as this is good progress.
I also did some reading up on the Chrontel side of things (eg our video out, as no LCD vs other Dingoo's or similar), should be fairly easy to use - you send it messages over i2c bus to initialise basically, and then the BSP stuff just assumes its an LCD.
I have sample code for that already, untested.
I should be able to get linux on it if I want soonish also :)
First I need to test out some theories - eg extract a file, change, rewrite to nand, and see if the firmware still works, or I need to do some crc stuff. Looking good though.
emphatic:
Cool progress, shanghaiguide. :cheers:
shanghaiguide:
Thanks Emphatic -
Are people interested in seeing more posts on this here?
The previous 2 posts are rather negative.
I have got my own blog where i can put this, but it did seem pertinent to the flow of the thread to me.
Guess I'll gather up what I've written here, and stick it somewhere else if people are unhappy.
IG-88:
I'm thrilled to see your progress so far shanghaiguide. Please keep the posts coming!! I'm not quite sure what the hell the other guys problem is.
Maybe most of this stuff is a little over my head but I know that I'm learning and there are other people from other forums following this well as I've seen it mentioned on them.
It is nice to have this documented here.
shanghaiguide:
--- Quote ---I don't know how nicer to say your posts lack justification and are in the wrong thread.
--- End quote ---
This thread is about the Gamebox (originally). Thats an embedded MIPS JZ4755 board. Which is pretty much the same as this board here.
The gamebox people were interested in reverse engineering to add features...
--- Quote ---And in return you ignored my question and wasted my time with unnecessary information.
--- End quote ---
I answered your questions, you went off on a tangent about MAME for some reason.
--
--- Quote ---So how does you board compare, and why do you think anyone should choose it over, say:
- $10 bucks 1GHz PC?
- $24 bucks Raspberry Pi?
http://www.raspberrypi.org/
- $49 bucks Android PC?
http://apc.io/
--- End quote ---
Do any of those have JAMMA?
This board is designed from the outset to be used in an arcade machine.
It has a Standard Jamma interface. It runs off of the 5v/12v PSU inside an arcade machine.
It also has USB to access NAND storage.
It also has VGA out.
Its not "my" board, its a readily available board that a few people have. Usually called the 188 in 1 or the King of Game or Kung fu King or similar.
You're really rather antagonistic to be honest.