The Treo 650 Bootloader
From ShadoWiki
Contents |
The Treo 650 Bootloader
A bootloader is a program that is located at a certian part of the Treo 650's memory that is designated as the default boot point. Its function is to control various functions of PXA270 processor, such as loading sectors of memory to start the palm OS and write protecting vital memory sections called the rom. More information on the rom can be found in Custom Roms And Rom Hacking. The bootloader itself appears to be one formerly used with PPC phones. Palm seems to have modified it slightly to suit the palm OS needs.
Running the Bootloader and Using Commands
This information was taken from the bootloader. In it we find the exact name of the bootloader and the valid commands with a brief description. A word of caution: The command flashtest writes over every address in the flash memory, overwriting the bootloader and rom. This can be fatal to the phone if the test becomes interrupted. Unless you are trying to diagnose a dead memory adress fault in the flash memory, then the good folks at www.shadowmite.com higly recommend against ever using this command.
Bootload Start
pmsys =0xA171A808
HTC Sausalito Bootloader Version : BOOTLOAD V0.24 Built on Apr 14 2005 at 15: Copyright (c) 2003 High Tech Computer Corporation
++Check BT Router
>>? Available monitor commands are: ? [command]
h [command]
mb [StartAddr [Count [Filler]]] --- Display/Set memory
mh [StartAddr [Count [Filler]]] --- Display/Set memory
mw [StartAddr [Count [Filler]]] --- Display/Set memory
l [pathname] --- Start a BIN file download via MTTY
lr [pathname] --- Same as above, but run it when complete
tftp --- Start a BIN file download via tFtp
flashtest --- This appears to try writing to every byte of memory, it will kill a phone!
jump [addr] --- Jump to a memory address
touch --- Touch Screen Test
touchssp --- Touch SSPx panel test??
idle --- Put the CPU into idle state
sense --- Put the CPU into sense state
standby --- Put the CPU into standby state
sleep --- Put the CPU into sleep state
deepsleep --- Put the CPU into deepsleep state
fcs [CLKCFG] --- Alter the CPU freq.
keytest --- Keypad test
pi2ctest --- Power I2C bus tests
debug
flashtype 0 (or 1)
rdoc 0(IPL)/1(SPL)/2(XIPKERNEL)/3(BINFS)
os
upload [addr] [size] --- Upload memory to terminal - writes binary to your connection!
pwr [0:normal; 1:idle; 2:standby; 3:sleep; 5:sense;
wpdoc [0/1] KEY
usb --- USB debug mode enable
led [1:LED1; 2:LED2; 3:LED3 ]
r2sd [command]
sd2r
rtask [Type[Value]]
rroute
rtest
rimgdata
jmptoos
pwm
audio
btrouter
vibratortest
audiogsm
audiocdma
dsdoc 1 or 0
gsm460
hwt
gsmdl
Hidden Commands
The HTC Sausalito Bootloader bootloader was originally meant for use with PPC's and seems to be hacked by palm employee's for the Treo 650. Some commands have been found to be invalid, some functions look for a PPC rom file format. There are some commands that have been added that arent in the list of commands specified by the bootloader.
New Commands:
ruu
gettoken
settoken
IPL and SPL
The Bootloader references two programs, the IPL (The Sausalito Bootloader) and the SPL (The Palm Loader). The IPL is the Initial Program Loader, the part of the bootloader that resides on the phones internal memory. It is what allows the bootloader to function on the phone, and establish an interface protocol with a pc. The IPL loads the SPL, the Secondary Program Loader, in the case of the Treo 650 it is the palm OS 5.4 Loader.
Potential Applications of the Bootloader
By understanding the bootloader, we hope to be able to repair phones with improperly flashed roms. Another application would be to port a linux based OS on the Treo 650.
