Page 2 of 2
Re: TODO: Pointer placement mode
Posted: 09 Mar 2020, 09:57
by Ursadon
Go4IT wrote: ↑23 Dec 2019, 21:08
Finally, i found the routine above in my 7M2T-14C026 firmware at 0x590A:
ida-pro_sub_590A.png
Code: Select all
void __fastcall sub_590A(int a1)
{
int v1; // r0
v1 = sub_5892(a1);
if ( sub_1BCB0(v1) )
{
sub_AD04();
if ( (unsigned int)(sub_AD3C(9) - 180) <= 75 )
{
if ( sub_1BCF2() )
{
sub_1A858();
sub_5860(94);
}
else
{
sub_1BBCC();
sub_5860(93);
}
}
}
JUMPOUT(&loc_588C);
}
Your offsets is wrong.
1.png
To enter to debug mode you need to:
1. Reset via reset pin
2. short-circuit right button ladder contacts
2.png
3, pull PE12 up
3.png
it remains only to find out what this contact is connected with
Re: [MK4] TODO: Pointer placement mode
Posted: 10 Mar 2020, 21:43
by Go4IT
What offset is wrong? I loaded Firmware from 0x0000. I think the position varies from type of firmware.
What do you think PE12 is used for?
Re: [MK4] TODO: Pointer placement mode
Posted: 01 Nov 2021, 19:37
by Go4IT
Hmm, i found the menu in the pristine AG version of preFL firmware, can set PC to get menu drawn but can't get it stable as it directly leads into a reset. I guess it's watchdog which makes trouble. By i for shure use the wrong entry point.
Re: TODO: Pointer placement mode
Posted: 02 Nov 2021, 23:37
by Stevebe
Ursadon wrote: ↑09 Mar 2020, 09:57
Go4IT wrote: ↑23 Dec 2019, 21:08
1.png
To enter to debug mode you need to:
1. Reset via reset pin
2. short-circuit right button ladder contacts
2.png
3, pull PE12 up
3.png
3.png
it remains only to find out what this contact is connected with
pull point PE12 can be found on this via
pe12 via.jpg
Re: [MK4] TODO: Pointer placement mode
Posted: 03 Nov 2021, 06:54
by Go4IT
Nice picts, but what will you tell us? Where PE12 is?