How to compile and run custom firmware for ALI M3801 and other chips from tuners?

And isn't it enough to give a header like in my iterate.cpp? CRC we can already count. I'm talking about the maincode partition. I need to check with mips decompiler if there are normally commands after this header.

One would still need to know where to RAM the bootloader loads the application from these partitions in flash. As if knowing this would be enough in the SDK to change the address where the code is and maybe just add the appropriate header. CRC actually we already know how to count. The application is not compressed?

Do you mean the excerpt from un7zip?

So far I have not been able to reproduce this in my C program. I did, however, find another clue - the test_rsa_ram function

Added after 11 [minutes]:

Here is the LZMA library used: https://github.com/erwinbsbqq/PDK_GoDroid/blo...65fd0ff291e9a3263f95/uboot/lib/lzma/LzmaDec.c

@maciej_333 any progress?

For my part I am putting together an emulator for Ali, my Hello World bin is already displaying text:

First via the printf hook and then normally already - reading from the register to send via the UART.

I also managed to pass the first bootloader, the C pseudocode:

It copies the data to RAM at address 81e8e170 and then performs functions there:

I supposedly use the off-the-shelf CPU engine but it has a lot messed up and I have to manually handle the instructions:


I don't know how functional this will be, time will tell.

p.kaczmarek2 wrote:

You mean the part with un7zip?

Yes, that's what I was thinking of.

p.kaczmarek2 wrote:

@maciej_333 any progress?

Unfortunately I haven't dealt with it since then.

Congratulations on the great progress on Ali.

I still tried at the time to copy these unzip to my project and call on the flash dump, but it didn't work.

As for trying to make an emulator, I encountered another surprise. Here are mixed 32 and 16 bit commands. E.g:

And a moment later: