Has anyone started on such a project or would like to? We just need to figure
out to get the specs from IBM I think such support would be good.
Shawn.
>
> Has anyone started on such a project or would like to? We
> just need to figure
> out to get the specs from IBM I think such support would be good.
>
> Shawn.
> -
I believe I have emailed IBM about 20 times about this, and have sent emails
to the people from IBM Research and the same guys that did the Security chip
Encryption project for Linux and they tried looking into it, but never heard
really anything back. Maybe now that they are with Lenovo, they probably
could release some more specs...
- Alejandro
On Thu, 2005-04-14 at 16:58 -0400, Shawn Starr wrote:
> We just need to figure
> out to get the specs from IBM
Best bet is probably reverse engineering it...
Lee
On Thu, 14 Apr 2005 17:15:16 -0400, Lee Revell wrote
> On Thu, 2005-04-14 at 16:58 -0400, Shawn Starr wrote:
> > We just need to figure
> > out to get the specs from IBM
>
> Best bet is probably reverse engineering it...
Lee,
I know this is far from easy... but, What do we need to do this? I haven't
seen such a cooler feature in a Thinkpad like the HDAPS. (Well, maybe the
fingerprint reader) But, how can we / I help, if this is ever done?
> Lee
>
- Alejandro
On Thu, 2005-04-14 at 18:46 -0400, abonilla wrote:
> On Thu, 14 Apr 2005 17:15:16 -0400, Lee Revell wrote
> > On Thu, 2005-04-14 at 16:58 -0400, Shawn Starr wrote:
> > > We just need to figure
> > > out to get the specs from IBM
> >
> > Best bet is probably reverse engineering it...
>
> Lee,
>
> I know this is far from easy... but, What do we need to do this? I haven't
> seen such a cooler feature in a Thinkpad like the HDAPS. (Well, maybe the
> fingerprint reader) But, how can we / I help, if this is ever done?
>
Please see:
http://dxr3.sourceforge.net/re.html
I have discovered several previously unknown emu10k1 hardware features
using this procedure to reverse engineer the Windows drivers, including
a per channel half loop interrupt, and added support to the Linux driver
for some of them.
It may be much easier to find the read and write register subroutines
than in the above guide. The Windows driver I was working with had
exactly one subroutine that used the inb, inl, inw, outb, outw, outl
instructions, so it was trivial to set breakpoints to log all the port
I/O. I later found it was even easier, the version of SoftIce I was
using allows you to set I/O breakpoints, so all you need to start
logging the register activity is the port.
I had a little trouble loading the IDA symbols into SoftICE at first,
just because the first few scripts I found on the net didn't work.
Some devices use memory mapped IO, I have no idea how you would RE
these. Maybe someone else has some pointers?
Lee
05-04-14 at 16:58 -0400, Shawn Starr wrote:
>>>>We just need to figure
>>>>out to get the specs from IBM
>>>>
>>>>
>>>Best bet is probably reverse engineering it...
>>>
>>>
>>
>>Lee,
>>
>>I know this is far from easy... but, What do we need to do this? I haven't
>>seen such a cooler feature in a Thinkpad like the HDAPS. (Well, maybe the
>>fingerprint reader) But, how can we / I help, if this is ever done?
>>
>>
>>
>
>Please see:
>
>http://dxr3.sourceforge.net/re.html
>
>I have discovered several previously unknown emu10k1 hardware features
>using this procedure to reverse engineer the Windows drivers, including
>a per channel half loop interrupt, and added support to the Linux driver
>for some of them.
>
>It may be much easier to find the read and write register subroutines
>than in the above guide. The Windows driver I was working with had
>exactly one subroutine that used the inb, inl, inw, outb, outw, outl
>instructions, so it was trivial to set breakpoints to log all the port
>I/O. I later found it was even easier, the version of SoftIce I was
>using allows you to set I/O breakpoints, so all you need to start
>logging the register activity is the port.
>
>I had a little trouble loading the IDA symbols into SoftICE at first,
>just because the first few scripts I found on the net didn't work.
>
>Some devices use memory mapped IO, I have no idea how you would RE
>these. Maybe someone else has some pointers?
>
>Lee
>
>
The only thing I got back from IBM was:
Please be advised, that the e-mail forum you
have reached is provided for non-technical
support and web registration issues of IBM.
ave reached is provided for non-technical
Please send your research proposal to IBM at
T.J Watson Research Center at 914-945-3167.
I don't think I'm l33t enough like to call there and discuss for what we
are looking for. Also they will probably tell me, " Ahh, well we
currenly don't want to release anything because of legal issue" (Like I
was already told)
- Alejandro