Hi all.
I spent some time on reversing the mc9620. I have almost found the jtag interface (I say almost because it is not reliable, and I cannot use it to stop and debug the processor) Nevertheless, I managed to dump the firmware of the tetrapol 55522d chipset, an Atmel arm7tdmi that share some design with old at91 chips
I found some stuff (message queue, state machine, gui).
But what is important and that I would like to share with you is that I found some info on how it interfaces to the Texas C54 dsp, and that I was able to extract the dsp firmware, where surely all the undocumented things happen (voice and encryption).
I am know focusing on reversing the dsp firmware (not an easy task). If anybody is interested in helping, don't hesitate !
Best
Hi, surely we are interested. C54 DSP can be emulated with Code Composer Studio v3.3, which is downloadable from TI web.
Regards SysOp.
On 2020-09-24 16:33, Xilokar wrote:
Hi all.
I spent some time on reversing the mc9620. I have almost found the jtag interface (I say almost because it is not reliable, and I cannot use it to stop and debug the processor) Nevertheless, I managed to dump the firmware of the tetrapol 55522d chipset, an Atmel arm7tdmi that share some design with old at91 chips
I found some stuff (message queue, state machine, gui).
But what is important and that I would like to share with you is that I found some info on how it interfaces to the Texas C54 dsp, and that I was able to extract the dsp firmware, where surely all the undocumented things happen (voice and encryption).
I am know focusing on reversing the dsp firmware (not an easy task). If anybody is interested in helping, don't hesitate !
Best
Hi,
Yes, CCS is one of the tool I am using to understand the dsp code. (However it does not understand well the idle instruction). But we must first understand how the structure of the messages sent to the dsp by the arm7 core before simulating
I am also writing ghidra support for the c54, but it is not that easy, since the C54 does not "match" very well (general purpose registers are addressable either with direct instruction or memory-mapped access, and memory access are dependent on status registers, so the same instruction is either stack-related or global offset. This confuse the ghidra decompiler)
Regards, Xilokar
Le 25/09/2020 à 00:31, SysOp a écrit :
Hi, surely we are interested. C54 DSP can be emulated with Code Composer Studio v3.3, which is downloadable from TI web.
Regards SysOp.
On 2020-09-24 16:33, Xilokar wrote:
Hi all.
I spent some time on reversing the mc9620. I have almost found the jtag interface (I say almost because it is not reliable, and I cannot use it to stop and debug the processor) Nevertheless, I managed to dump the firmware of the tetrapol 55522d chipset, an Atmel arm7tdmi that share some design with old at91 chips
I found some stuff (message queue, state machine, gui).
But what is important and that I would like to share with you is that I found some info on how it interfaces to the Texas C54 dsp, and that I was able to extract the dsp firmware, where surely all the undocumented things happen (voice and encryption).
I am know focusing on reversing the dsp firmware (not an easy task). If anybody is interested in helping, don't hesitate !
Best
-
SysOp -
Xilokar