The parts with the firm patches and the arm11 hach are not correctly decompliled. There is a lot of work to do on this file.
Before starting to learn Reverse Engineering you should have good programming skills and a knowledge of ASM. To be very good at debugging is a big help, you cold ask to some frinds of yous to study som c code with strange bugs and try to find where they are (boring? .. yes it is, but RE is worst.)
My testbook for starting RE many yeasr ago was the +ORC tutorials "How to crack". Tools used are no longer available (winice was my first love) so you can't test many of the thing explained, but it's a good starting point if you don't know someone that can train you directly.Don't know if there ara more recent tutorials so well explained, maybe some younger dev can give you a hint.
But don't expect RE is an easy matter.
I'm close to the solution, but my progress on boot.bin are very slow, I can't loose too many hours of sleep if I don't want to be a zomby at work. At the moment I know what's not working and found that someone else studied and solved the same problem (
look here or
here). I'm porting this solution to the boot.bin, but I cant only make a copy and paste, mostly because xerpi to lauch the linux image needs only a CPU interrupt hooked, but for booting the firmware you need to make jump both CPU to the FIRM boot entrypoint at the same moment.
Attahed you can find a cleaned version of boot.bit. It isn't so much better, just removed not useful code to speed up the arm11 hack and should make a little more probable that the arm11 interrupt is hooked before the CPU hangs. Really, it's not the solution.
@
RedColoredStars:
