Hidden menu: Pointer placement mode

[Ursadon]

Finally, i found the routine above in my 7M2T-14C026 firmware at 0x590A:

ida-pro_sub_590A.png

Code: Select all

void __fastcall sub_590A(int a1)
{
  int v1; // r0

  v1 = sub_5892(a1);
  if ( sub_1BCB0(v1) )
  {
    sub_AD04();
    if ( (unsigned int)(sub_AD3C(9) - 180) <= 75 )
    {
      if ( sub_1BCF2() )
      {
        sub_1A858();
        sub_5860(94);
      }
      else
      {
        sub_1BBCC();
        sub_5860(93);
      }
    }
  }
  JUMPOUT(&loc_588C);
}

Your offsets is wrong.

1.png

To enter to debug mode you need to:
1. Reset via reset pin
2. short-circuit right button ladder contacts

2.png

3, pull PE12 up

3.png

it remains only to find out what this contact is connected with

[Go4IT]

What offset is wrong? I loaded Firmware from 0x0000. I think the position varies from type of firmware.

What do you think PE12 is used for?

[Go4IT]

Hmm, i found the menu in the pristine AG version of preFL firmware, can set PC to get menu drawn but can't get it stable as it directly leads into a reset. I guess it's watchdog which makes trouble. By i for shure use the wrong entry point.

[Stevebe]

1.png

To enter to debug mode you need to:
1. Reset via reset pin
2. short-circuit right button ladder contacts
2.png
3, pull PE12 up
3.png

3.png

it remains only to find out what this contact is connected with

pull point PE12 can be found on this via

pe12 via.jpg

[Go4IT]

Nice picts, but what will you tell us? Where PE12 is?