|
JP1 Remotes
|
View previous topic :: View next topic |
Author |
Message |
3FG Expert
Joined: 19 May 2009 Posts: 3367
|
Posted: Tue Jan 19, 2010 6:07 pm Post subject: |
|
|
My company makes equipment that uses 8 bit micros, for which we write the firmware. We have absolutely no reaon to think that anyone would want knowledge our the firmware. Yet, we protect the ROM (or more recently the flash). Why? Because the micros and our C compilers are set up that way by default, and we don't change away from the default. Less chance of error.
Now if we had even an inkling that our firmware had value to a competitor, we'd be doggone sure to protect it. Protecting it is easy and has no downside for us because we don't need to read the contents of the micro memory-- we wrote the code and we know what's inside.
So protection doesn't need a strong rationale--it's the easy way out. |
|
Back to top |
|
|
The Robman Site Owner
Joined: 01 Aug 2003 Posts: 21238 Location: Chicago, IL |
Posted: Tue Jan 19, 2010 6:27 pm Post subject: |
|
|
vda wrote: | The reason I asked to see the code of IR.exe is to learn more about JP1 stuff. There are tons of howto's and FAQ's on this forum and on the net, but unfortunately the majority of them are not up-to-date and confusing. As a programmer I always find the source code the best "documentation" or "specification" to read - supposed that the software works, certainly.
And for the same reason, there is no better way to understand how a remote control works, at least for me, than by looking at its code. That's why I would like to extract the ROM. |
This is the part that I'm really having a hard time understanding. We've got over 10,000 members here, most of whom understand the documentation and get up and running with JP1 without even asking any questions, yet you say that you would need to read the source code to understand it because the documentation isn't clear. It seems to me that if you're smart enough to read source code, surely you must be smart enough to understand the docs that 10,000 other people have been able to understand.
And as for wanting to read an assembler dump of a remote rather than read the user manual, that one's really mind boggling. If you simply want to know what secret functionality is in your remote, just ask, because we've already figured it out.
Do you even have a JP1 remote? _________________ Rob
www.hifi-remote.com
Please don't PM me with remote questions, post them in the forums so all the experts can help! |
|
Back to top |
|
|
johnsfine Site Admin
Joined: 10 Aug 2003 Posts: 4766 Location: Bedford, MA |
Posted: Tue Jan 19, 2010 7:22 pm Post subject: |
|
|
vda wrote: | Well, then I would like to hear from John Fine about this if he is around: "John has been a One For All remote enthusiast for many years. He painstakingly went through all the codes in his Cinema 6 using an oscilloscope documenting what the signals looked like." -- from http://www.hifi-remote.com/jp1/history.shtml
Maybe John was lucky enough to not trigger the scrambler? |
1) That is a bit of an exaggeration of my activities. I went through a lot of EFC numbers for each of very few setup codes in order to deduce the way that EFC numbers are a crude encryption of OBC numbers. Going through a lot of EFC numbers in one setup code does not trigger any scrambler that I know of.
I did not go through a lot of setup codes, which I think is the thing that triggers the scrambler.
I used a lot of original remotes with that oscilloscope, rather than a lot of OFA setup codes to learn a wide variety of IR protocols, in order to learn about how information is encoded in IR.
2) Irrelevant because I never tried long batches of setup codes in a Cinema 6, but I don't think it has that scrambler behavior. Many other models do. I'm not sure which others don't. |
|
Back to top |
|
|
vda
Joined: 11 Jan 2010 Posts: 11
|
Posted: Wed Jan 20, 2010 10:08 am Post subject: |
|
|
The Robman wrote: | This is the part that I'm really having a hard time understanding. We've got over 10,000 members here, most of whom understand the documentation and get up and running with JP1 without even asking any questions, yet you say that you would need to read the source code to understand it because the documentation isn't clear. It seems to me that if you're smart enough to read source code, surely you must be smart enough to understand the docs that 10,000 other people have been able to understand.
And as for wanting to read an assembler dump of a remote rather than read the user manual, that one's really mind boggling. If you simply want to know what secret functionality is in your remote, just ask, because we've already figured it out.
Do you even have a JP1 remote? |
Sorry if I did not make myself clear. I had no problem using JP1 to play around with my remote. However I am not satisfied with only being able to follow the instructions. I'd like to understand how things work. It is just like going to cinema to watch a movie. 10,000 other people would go home after watching but I would try to get in the engine-room to see how the projector works. Of course, it it my fault.
Here is my JP1 remote.
|
|
Back to top |
|
|
mdavej Expert
Joined: 08 Oct 2003 Posts: 4501
|
Posted: Wed Jan 20, 2010 10:21 am Post subject: |
|
|
I think you need to play around in IR in the RAW tab, and many things will become clear. If you turn on highlighting, you'll see exactly where all the data is stored for upgrades, key moves, device codes, etc. You can also set a baseline and change some data to see how it changes in the memory. This is really all we need to know to make JP1 work. We don't need to know the inner workings of the ROM. We typically get all these address boundaries by trial and error, changing something on the remote, and seeing what changes in the raw data. |
|
Back to top |
|
|
The Robman Site Owner
Joined: 01 Aug 2003 Posts: 21238 Location: Chicago, IL |
Posted: Wed Jan 20, 2010 10:47 am Post subject: |
|
|
Dave's suggestion is a good one. When we started this project, all we had was a dump of the EEPROM then it was up to me to figure out what all the bits and bytes were for. The guy who did the first E2 dump (HW Hackr) figured out a lot of it, then it was my turn to sort out some of the finer points.
A lot of the early work is documented here:
http://www.hifi-remote.com/hack/index2.shtml
We figured out how to format device upgrades fairly early but the protocol upgrades took longer because we didn't know which assembler language was being used. We originally thought it was Zilog before the penny dropped that it was really S3C8.
If you want to do things in the E2 that IR.exe won't let you do, just remove your RDF from the RDF folder and work in raw mode. But unless you have a newer remote that we haven't completely sorted out yet, we've already done all that and the reason that IR won't let you do it is because the remote won't let you do it either. _________________ Rob
www.hifi-remote.com
Please don't PM me with remote questions, post them in the forums so all the experts can help! |
|
Back to top |
|
|
Barf Expert
Joined: 24 Oct 2008 Posts: 1415 Location: Munich, Germany |
Posted: Wed Jan 20, 2010 1:18 pm Post subject: |
|
|
vda, if you are interested in leaning how embedded systems work, there are better ways than studying (uncommented) rom dumps, at least if you are not already an expert. Here is an open source project writing an "operating system" for an advanced remote (unfortunately in German).
The Remotemaster sources may also be of interest. |
|
Back to top |
|
|
Kevin Timmerman Expert
Joined: 09 Jan 2007 Posts: 142 Location: West Michigan |
Posted: Wed Jan 20, 2010 4:35 pm Post subject: |
|
|
vda wrote: | And for the same reason, there is no better way to understand how a remote control works, at least for me, than by looking at its code. That's why I would like to extract the ROM.
|
If you really want to do that, get a Harmony remote. You can read (and write) the firmware using Concordance. Most Harmony remotes use a Microchip PIC18 series microcontroller. |
|
Back to top |
|
|
vda
Joined: 11 Jan 2010 Posts: 11
|
Posted: Thu Jan 21, 2010 7:20 am Post subject: |
|
|
Thank you guys for all your helps. I don't speak German so I could leave the BettyHacks forum. For the Harmony, it sounds good... until I find this:
http://www.techdesign.be/projects/011/011.htm
vda |
|
Back to top |
|
|
AndyJackman
Joined: 27 Jun 2004 Posts: 30 Location: Wiltshire, UK |
Posted: Sun Feb 14, 2010 4:17 pm Post subject: |
|
|
vda,
If you're interested in using a remote as a general microcontroller then I recall I posted the src for an entire operating system for the JP1.2 remotes (e.g. the URC7555). The OS completely wiped the chip (of course), but then it leaves you in control as to how you make you remote work - or to use the remote as a general microcontroller (perhaps not so useful!) |
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
Powered by phpBB © 2001, 2005 phpBB Group
|