Dingoo A320 ⇒ Dingoo

Patch ILI9338.DL(支援ILI9340)


雖然丁果官方並沒有釋出Dingoo原始碼,加上司徒換屏的ILI9340型號也不在官方支援的清單中,於是激起司徒再度使用逆向工程的手法,讓Dingoo系統也可以支援ILI9349,不然,如果只有Dingux、OpenDingux系統可以使用的話,似乎有點遺撼,因為七夜這款遊戲也無法在這兩個系統上執行。

使用者如果有燒錄過Dingoo系統,應該有發現需要ILI93xx.DL、A320.HXF這兩個檔案,其中ILI93xx.DL就是初始化相關硬體的程式碼,格式不像一般的ELF檔案:

根據Dingoo SDK的說明檔案,這種檔案名稱為CCDL並且會有如下幾種Header:

CCDL, IMPT, EXPT, RAWD, [ERPT], [<null>]

每個Header的長度為32 Bytes且格式如下:

char     name[4]; // 4-byte ASCII chunk name
uint32_t ident;   // Chunk identifer
uint32_t offset;  // Offset of this chunks data area in the file.
uint32_t size;    // Size of this chunks data area in the file (usually padded to 16-bytes).

經由上面的格式,可以知道PRAW位置的Offset是0x2b0(size=0x2788),因此可以使用如下指令取出Binary並且反組譯:

$ dd if=ILI9338.DL of=ILI9338.bin bs=1 skip=696
$ mipsel-linux-objdump -b binary -m mips -D ILI9338.bin > ILI9338.dis

根據Dingux的驅動程式(drivers/video/jz4740_slcd.h),ILI9338的LCD初使化片段指令如下:

Mcupanel_Command(0x11);
mdelay(100);
Mcupanel_Command(0xCB);
Mcupanel_Data(0x01);
Mcupanel_Command(0xC0);
Mcupanel_Data(0x26);
Mcupanel_Data(0x01);
...

經由上面的初使化程式,可以找到如下反組譯的位置:

// Mcupanel_Command(0x11);
c64:  11000424   li  a0,17
c68:  1c00bfaf   sw  ra,28(sp)
c6c:  1800bcaf   sw  gp,24(sp)
c70:  6023998f   lw  t9,9056(gp)
c74:  09f82003   jalr  t9
c78:  00000000   nop
// mdelay(100);
c7c:  1000bc8f   lw  gp,16(sp)
c80:  64000424   li  a0,100
c84:  8c23998f   lw  t9,9100(gp)
c88:  09f82003   jalr  t9
c8c:  00000000   nop
// Mcupanel_Command(0xCB);
c90:  1000bc8f   lw  gp,16(sp)
c94:  cb000424   li  a0,203
c98:  6023998f   lw  t9,9056(gp)
c9c:  09f82003   jalr  t9
ca0:  00000000   nop
// Mcupanel_Data(0x01);
ca4:  1000bc8f   lw  gp,16(sp)
ca8:  01000424   li  a0,1
cac:  0024998f   lw  t9,9216(gp)
cb0:  09f82003   jalr  t9
cb4:  00000000   nop
// Mcupanel_Command(0xC0);
cb8:  1000bc8f   lw  gp,16(sp)
cbc:  c0000424   li  a0,192
cc0:  6023998f   lw  t9,9056(gp)
cc4:  09f82003   jalr  t9
cc8:  00000000   nop
// Mcupanel_Data(0x26);
ccc:  1000bc8f   lw  gp,16(sp)
cd0:  26000424   li  a0,38
cd4:  0024998f   lw  t9,9216(gp)
cd8:  09f82003   jalr  t9
cdc:  00000000   nop
// Mcupanel_Data(0x01);
ce0:  1000bc8f   lw  gp,16(sp)
ce4:  01000424   li  a0,1
ce8:  0024998f   lw  t9,9216(gp)
cec:  09f82003   jalr  t9
cf0:  00000000   nop
...

因為使用到Binary Patch的方式,通常需要考慮到是否空間不足的問題,幸運地,司徒發現只需修改幾行指令就可以點亮ILI9340,沒有遇到需要額外找尋空間的問題:

/* Black magic */
Mcupanel_Command(0x11);
mdelay(100);
Mcupanel_Command(0xCB);
Mcupanel_Data(0x01);

Mcupanel_Command(0xC0);
//Mcupanel_Data(0x26);
//Mcupanel_Data(0x01);
Mcupanel_Data(0X27); // patch it
Mcupanel_Data(0X09); // patch it

Mcupanel_Command(0xC1);
Mcupanel_Data(0x10);

//Mcupanel_Command(0xC5);
//Mcupanel_Data(0x10);
//Mcupanel_Data(0x52);
Mcupanel_Command(0xB6); // patch it
Mcupanel_Data(0X0A);    // patch it
Mcupanel_Data(0X02);    // patch it

Mcupanel_Command(0x26);
Mcupanel_Data(0x01);
Mcupanel_Command(0xE0);
//Mcupanel_Data(0x10);
//Mcupanel_Data(0x10);
//Mcupanel_Data(0x10);
//Mcupanel_Data(0x08);
//Mcupanel_Data(0x0E);
//Mcupanel_Data(0x06);
//Mcupanel_Data(0x42);
//Mcupanel_Data(0x28);
//Mcupanel_Data(0x36);
//Mcupanel_Data(0x03);
//Mcupanel_Data(0x0E);
//Mcupanel_Data(0x04);
//Mcupanel_Data(0x13);
//Mcupanel_Data(0x0E);
//Mcupanel_Data(0x0C);
Mcupanel_Data(0x0f); // patch it
Mcupanel_Data(0x3f); // patch it
Mcupanel_Data(0x3f); // patch it
Mcupanel_Data(0x02); // patch it
Mcupanel_Data(0x04); // patch it
Mcupanel_Data(0x05); // patch it
Mcupanel_Data(0x49); // patch it
Mcupanel_Data(0x75); // patch it
Mcupanel_Data(0x20); // patch it
Mcupanel_Data(0x08); // patch it
Mcupanel_Data(0x14); // patch it
Mcupanel_Data(0x0c); // patch it
Mcupanel_Data(0x15); // patch it
Mcupanel_Data(0x0e); // patch it
Mcupanel_Data(0x00); // patch it

Mcupanel_Command(0XE1);
//Mcupanel_Data(0x0C);
//Mcupanel_Data(0x23);
//Mcupanel_Data(0x26);
//Mcupanel_Data(0x04);
//Mcupanel_Data(0x0C);
//Mcupanel_Data(0x04);
//Mcupanel_Data(0x39);
//Mcupanel_Data(0x24);
//Mcupanel_Data(0x4B);
//Mcupanel_Data(0x03);
//Mcupanel_Data(0x0B);
//Mcupanel_Data(0x0B);
//Mcupanel_Data(0x33);
//Mcupanel_Data(0x37);
//Mcupanel_Data(0x0F);
Mcupanel_Data(0x00); // patch it
Mcupanel_Data(0x00); // patch it
Mcupanel_Data(0x00); // patch it
Mcupanel_Data(0x0c); // patch it
Mcupanel_Data(0x1a); // patch it
Mcupanel_Data(0x0d); // patch it
Mcupanel_Data(0x3a); // patch it
Mcupanel_Data(0x8a); // patch it
Mcupanel_Data(0x40); // patch it
Mcupanel_Data(0x08); // patch it
Mcupanel_Data(0x11); // patch it
Mcupanel_Data(0x0f); // patch it
Mcupanel_Data(0x3f); // patch it
Mcupanel_Data(0x3f); // patch it
Mcupanel_Data(0x0f); // patch it

Mcupanel_Command(0x2a);
Mcupanel_Data(0x00);
Mcupanel_Data(0x00);
Mcupanel_Data(0x01);
Mcupanel_Data(0x3f);
Mcupanel_Command(0x2b);
Mcupanel_Data(0x00);
Mcupanel_Data(0x00);
Mcupanel_Data(0x00);
Mcupanel_Data(0xef);
Mcupanel_Command(0x36);
Mcupanel_Data(0xe8);
Mcupanel_Command(0x3A);
Mcupanel_Data(0x05);
Mcupanel_Command(0x29);
Mcupanel_Command(0x2c);

需要Patch蠻多地方,不過,幸好只有內容需要更改,不然真的很麻煩,Patch後的Bnary片段如下:

0001cc0: c0000424 6023998f 09f82003 00000000  ...$`#.... .....
0001cd0: 1000bc8f 27000424 0024998f 09f82003  ....'..$.$.... .
0001ce0: 00000000 1000bc8f 09000424 0024998f  ...........$.$..
0001cf0: 09f82003 00000000 1000bc8f c1000424  .. ............$
0001d00: 6023998f 09f82003 00000000 1000bc8f  `#.... .........
0001d10: 10000424 0024998f 09f82003 00000000  ...$.$.... .....
0001d20: 1000bc8f b6000424 6023998f 09f82003  .......$`#.... .
0001d30: 00000000 1000bc8f 0a000424 0024998f  ...........$.$..
0001d40: 09f82003 00000000 1000bc8f 02000424  .. ............$
0001d50: 0024998f 09f82003 00000000 1000bc8f  .$.... .........
0001d60: 26000424 6023998f 09f82003 00000000  &..$`#.... .....
0001d70: 1000bc8f 01000424 0024998f 09f82003  .......$.$.... .
0001d80: 00000000 1000bc8f e0000424 6023998f  ...........$`#..
0001d90: 09f82003 00000000 1000bc8f 0f000424  .. ............$
0001da0: 0024998f 09f82003 00000000 1000bc8f  .$.... .........
0001db0: 3f000424 0024998f 09f82003 00000000  ?..$.$.... .....
0001dc0: 1000bc8f 3f000424 0024998f 09f82003  ....?..$.$.... .
0001dd0: 00000000 1000bc8f 02000424 0024998f  ...........$.$..
0001de0: 09f82003 00000000 1000bc8f 04000424  .. ............$
0001df0: 0024998f 09f82003 00000000 1000bc8f  .$.... .........
0001e00: 05000424 0024998f 09f82003 00000000  ...$.$.... .....
0001e10: 1000bc8f 49000424 0024998f 09f82003  ....I..$.$.... .
0001e20: 00000000 1000bc8f 75000424 0024998f  ........u..$.$..
0001e30: 09f82003 00000000 1000bc8f 20000424  .. ......... ..$
0001e40: 0024998f 09f82003 00000000 1000bc8f  .$.... .........
0001e50: 08000424 0024998f 09f82003 00000000  ...$.$.... .....
0001e60: 1000bc8f 14000424 0024998f 09f82003  .......$.$.... .
0001e70: 00000000 1000bc8f 0c000424 0024998f  ...........$.$..
0001e80: 09f82003 00000000 1000bc8f 15000424  .. ............$
0001e90: 0024998f 09f82003 00000000 1000bc8f  .$.... .........
0001ea0: 0e000424 0024998f 09f82003 00000000  ...$.$.... .....
0001eb0: 1000bc8f 00000424 0024998f 09f82003  .......$.$.... .
0001ec0: 00000000 1000bc8f e1000424 6023998f  ...........$`#..
0001ed0: 09f82003 00000000 1000bc8f 00000424  .. ............$
0001ee0: 0024998f 09f82003 00000000 1000bc8f  .$.... .........
0001ef0: 00000424 0024998f 09f82003 00000000  ...$.$.... .....
0001f00: 1000bc8f 00000424 0024998f 09f82003  .......$.$.... .
0001f10: 00000000 1000bc8f 0c000424 0024998f  ...........$.$..
0001f20: 09f82003 00000000 1000bc8f 1a000424  .. ............$
0001f30: 0024998f 09f82003 00000000 1000bc8f  .$.... .........
0001f40: 0d000424 0024998f 09f82003 00000000  ...$.$.... .....
0001f50: 1000bc8f 3a000424 0024998f 09f82003  ....:..$.$.... .
0001f60: 00000000 1000bc8f 8a000424 0024998f  ...........$.$..
0001f70: 09f82003 00000000 1000bc8f 40000424  .. .........@..$
0001f80: 0024998f 09f82003 00000000 1000bc8f  .$.... .........
0001f90: 08000424 0024998f 09f82003 00000000  ...$.$.... .....
0001fa0: 1000bc8f 11000424 0024998f 09f82003  .......$.$.... .
0001fb0: 00000000 1000bc8f 0f000424 0024998f  ...........$.$..
0001fc0: 09f82003 00000000 1000bc8f 3f000424  .. .........?..$
0001fd0: 0024998f 09f82003 00000000 1000bc8f  .$.... .........
0001fe0: 3f000424 0024998f 09f82003 00000000  ?..$.$.... .....
0001ff0: 1000bc8f 0f000424 0024998f 09f82003  .......$.$.... .

最後,使用Patch過後的ILI9340.DL和A320.HXF,就可以點亮換完屛的A320


返回上一頁