Piezos and bootloaders and iPods, oh my.

Posted by: tfabris

Piezos and bootloaders and iPods, oh my. - 02/03/2005 21:52

http://www.newscientist.com/article.ns?id=dn7085

The article is written in a layman's style, I'd love to learn more about what they did from a technical standpoint.

What I don't understand is...

A. Why there wasn't another, easier way to get the bootloader code?

B. How they got the bootloader code to "Play" out from the piezo buzzer?

C. Why the piezo buzzer hack is easier than just soldering an I2C interface (or whatever) onto the flash ram and reading it directly?

D. If they could only get the bootloader code out through the piezo buzzer, then how the heck did they get their modified bootloader back into the player?

Posted by: tman

Re: Piezos and bootloaders and iPods, oh my. - 02/03/2005 22:18

If you can upload your own program which reads the bootloader and then clicks it out via the piezo then you can also do one which just displays it on the perfectly good LCD.

Failing that, the PortalPlayer chip inside must have JTAG capability so he could have opened it up and just read out the flash in a couple of minutes at most.

Sounds like something he did just because he could, not that it was practical. You can read more about it on the iPod Linux wiki.

Posted by: tfabris

Re: Piezos and bootloaders and iPods, oh my. - 02/03/2005 22:29

Quote:
If you can upload your own program which reads the bootloader and then clicks it out via the piezo then you can also do one which just displays it on the perfectly good LCD.

Well, I can see how the piezo would be useful there. Would take a lot more work to optically sample the LCD than to use an audio sample to decode what's coming out of the buzzer. And it would be even more work to hand-transcribe from the LCD.

What I'm wondering is why, if they know how to get executable code onto the player already, why they couldn't just turn around and send the bootloader code back out through that same interface. What is it about the player design which allows you to upload code to the player, but not be able to control the interface that you uploaded the code with?

Posted by: tman

Re: Piezos and bootloaders and iPods, oh my. - 02/03/2005 22:37

Quote:
What I'm wondering is why, if they know how to get executable code onto the player already, why they couldn't just turn around and send the bootloader code back out through that same interface. What is it about the player design which allows you to upload code to the player, but not be able to control the interface that you uploaded the code with?

It seems you "upload" the code by actually writing it to a partition on the iPod. As to why you can't just write it to another file *shrug*

Get some donations and get a sacrificial iPod. Open it up, dump the flash and then work out what is wired to what. Did it with the NSLU2 and all of the hardware has been worked out now.

Posted by: frog51

Re: Piezos and bootloaders and iPods, oh my. - 03/03/2005 10:05

Seems like there is a limitation on apps gaining access to the bootloader, but the piezo driver has no such restrictions so it can be told to walk through the code.

Posted by: tfabris

Re: Piezos and bootloaders and iPods, oh my. - 03/03/2005 15:34

Quote:
Seems like there is a limitation on apps gaining access to the bootloader,

But if the piezo app can walk through those memory locations, then no such limitation exists.

The limitation must have been in knowing how to work the firewire interface for downloading and uploading files. Perhaps that's the thing they don't know how to do yet.

I just find it strange that they can load up an application that controls some of the player's hardware, yet not be able to get any data off the player without jumping through that strange hoop.

Posted by: matthew_k

Re: Piezos and bootloaders and iPods, oh my. - 03/03/2005 16:15

Quote:
But if the piezo app can walk through those memory locations, then no such limitation exists.

Not necessarily true. While I never expect the ipod to run a real OS, it's very possible it does run something real enough to have permission levels for hardware access. If, as Rory said, the clicker driver can access the bootloader memory but the rest of the "user" code can not, then it makes perfect sense. So perhaps he has the ability to say "click out the contents of this address" but not "read the contents of this address".

If you look at it from the software/hardware perspective, this guy was obviously a software guy. Software people don't like building hardware when they can solve the problem with software. The only hardware required was an insulated box and a microphone.

Matthew

Posted by: altman

Re: Piezos and bootloaders and iPods, oh my. - 06/03/2005 11:17

What was particularly silly about that is that there's a perfectly good serial port on the headphone connector of the iPod. Rather a lot easier, though less interesting to read about

Hugo