freecalypso-reveng: mpffs/Description annotate

annotate mpffs/Description @ 251:6d9a6627b085

pirelli/fw-disasm: continuing Switch_ON() analysis

author	Mychaela Falconia <falcon@freecalypso.org>
date	Sun, 24 Dec 2017 18:03:25 +0000
parents	86a494a5f2b0
children

rev	line source
27 343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	1 This is a description, based on reverse engineering, of the flash file system
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	2 (FFS) implemented in Pirelli's original firmware for the DP-L10 GSM/WiFi dual
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	3 mode mobile phone, and in the Closedmoko GTA0x modem firmware. Not knowing the
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	4 "proper" name for this FFS, and needing _some_ identifier to refer to it, I
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	5 have named it Mokopir-FFS, from "Moko" and "Pirelli" - sometimes abbreviated
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	6 further to MPFFS.
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	7
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	8 (I have previously called the FFS in question MysteryFFS; but now that I've
41 86a494a5f2b0 MPFFS description: documented relocated chunks and the journal file Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 28 diff changeset	9 successfully reverse-engineered it, it isn't as much of a mystery any more :-)
27 343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	10
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	11 At a high functional level, Mokopir-FFS presents the following features:
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	12
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	13 * Has a directory tree structure like UNIX file systems;
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	14
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	15 * The file system API that must be implemented inside the proprietary firmware
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	16 appears to use UNIX-style pathnames; doing strings on firmware images reveals
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	17 pathname strings like these:
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	18
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	19 /var/dbg/dar
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	20 /gsm/l3/rr_white_list
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	21 /gsm/l3/rr_medium_rxlev_thr
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	22 /gsm/l3/rr_upper_rxlev_thr
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	23 /gsm/l3/shield
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	24
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	25 Parsing the corresponding FFS image with tools included in the present
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	26 package has confirmed that the directory structure implied by these pathnames
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	27 does indeed exist in the FFS.
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	28
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	29 * Absolutely no DOS-ish semantics seen anywhere: no 8.3 filenames and no
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	30 colon-separated device names (seen in the TSM30 file system source, for
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	31 example) are visible in the Closedmoko/Pirelli FFS.
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	32
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	33 * File contents are stored uncompressed, but not necessarily contiguous: one
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	34 could probably store a file in FFS which is bigger than the flash sector
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	35 size, it which case it can never be contiguous in a writable FFS (see below),
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	36 and the firmware implementation seems to limit chunk sizes to a fairly small
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	37 number: on the Pirelli phones all largish files are divided into chunks of
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	38 8 KiB each, and on my GTA02 the largest observed chunk size is only 2 KiB.
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	39
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	40 The smaller files, like the IMEI and the firmware ID strings in my GTA02 FFS,
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	41 are contiguous.
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	42
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	43 * The FFS structure is such that the length of "user" payload data stored in
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	44 each chunk (and consequently, in each file) can be known exactly in bytes,
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	45 with the files/chunks able to contain arbitrary binary data. (This property
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	46 may seem obvious or trivial, as all familiar UNIX and DOS file systems have
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	47 it, but contrast with RT-11 for example.)
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	48
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	49 * The flash file system is a writable one: the running firmware can create,
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	50 delete and overwrite files (and possibly directories too) in the live FFS;
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	51 thus the FFS design is such that allows these operations to be performed
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	52 within the physical constraints of NOR flash write operations.
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	53
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	54 I have reverse-engineered this Mokopir-FFS on a read-only level. What it means
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	55 is that I, or anyone else who can read this document and the accompanying
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	56 source for the listing/extraction utilities, can take a Mokopir-FFS image read
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	57 out of a device and see/extract its full content: the complete directory tree
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	58 and the exact binary byte content of all files contained therein.
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	59
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	60 However, the knowledge possessed by the present hacker (and conveyed in this
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	61 document and the accompanying source code) is NOT sufficient for constructing a
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	62 valid Mokopir-FFS image "in vitro" given a tree of directories and files, or
28 c9f7a4afccc9 Mokopir-FFS: verbal description finished Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 27 diff changeset	63 for making modifications to the file or directory content of an existing image
27 343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	64 and producing a content-modified image that is also valid; valid as in suitable
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	65 for the original proprietary firmware to make its normal read and write
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	66 operations without noticing anything amiss.
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	67
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	68 Constructing "de novo" Mokopir-FFS images or modifying existing images in such
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	69 a way that they remain 100% valid for all read and write operations of the
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	70 original proprietary firmware would, at the very minimum, require an
28 c9f7a4afccc9 Mokopir-FFS: verbal description finished Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 27 diff changeset	71 understanding of the meaning of all fields of the on-media FFS format. Some
27 343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	72 of these fields are still left as "non-understood" for now though: a read-only
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	73 implementation can get away with simply ignoring them, but a writer/generator
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	74 would have to put something in those fields.
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	75
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	76 As you read the "read-only" description of the Mokopir-FFS on-media format in
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	77 the remainder of this document, it should become fairly obvious which pieces
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	78 are missing before our understanding of this FFS can be elevated to a
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	79 "writable" level.
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	80
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	81 However, when it comes to writing new code to run on the two Calypso phones in
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	82 question (Closedmoko and Pirelli), it seems, at least to the present hacker,
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	83 that a read-only understanding of Mokopir-FFS should be sufficient:
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	84
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	85 * In the case of Closedmoko GTA0x modems, the FFS is seen to contain the IMEI
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	86 and the RF calibration data. The format of the former is obvious; the latter
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	87 not so much - but in any case, the information of interest is clearly of a
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	88 read-only nature. It's difficult to tell (or rather, I haven't bothered to
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	89 experiment enough) whether the Closedmoko firmware does any writes to FFS or
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	90 if the FFS is treated as read-only outside of the production line environment,
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	91 but in any case, it seems to me that for any 3rd party replacement firmware,
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	92 the best strategy would be to treat the FFS as a read-only source of IMEI and
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	93 RF calibration data, and nothing more.
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	94
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	95 * In the case of Pirelli phones, the FFS is used to store user data: sent and
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	96 received SMS (and MMS/email/whatever), call history, UI settings, pictures
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	97 taken with the camera, and whatever else. It also stores a ton of files
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	98 which I can only presume were meant to be immutable except at the time of
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	99 firmware updates: graphics for the UI, ringtones, i18n UI strings, and even
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	100 "helper" firmware images for the WiFi and VoIP processors. However, no IMEI
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	101 or RF calibration data are anywhere to be found in the FFS - instead this
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	102 information appears to be stored in the "factory block" at the end of the
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	103 flash (in its own sector) outside of the FFS.
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	104
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	105 Being able to parse FFS images extracted out of Pirelli phones "in vitro"
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	106 allows us to steal some of these helper files (UI artwork, ringtones,
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	107 WiFi/VoIP helpers), and some of these might even come useful to firmware
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	108 replacement projects, but it seems to me that a replacement firmware would
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	109 be better off using its own FFS design for storing user data, and as to
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	110 retrieving the original IMEI and RF calibration data, the original FFS isn't
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	111 of any use for that anyway.
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	112
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	113 =======================
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	114 Moko/Pirelli FFS format
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	115 =======================
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	116
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	117 OK, now that I'm done with the introduction, we can get to the actual
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	118 Mokopir-FFS format.
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	119
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	120 * On the GTA0x modem (or at least on my GTA02; my sample size is 1) the FFS
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	121 occupies 7 flash sectors of 64 KiB each at offsets 0x380000 through 0x3E0000,
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	122 inclusive.
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	123
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	124 (The 4 MiB NOR flash chip used by Closedmoko has an independent R/W bank
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	125 division between the first 3 MiB and the last 1 MiB. The first 3 MiB are used
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	126 to hold the field-flashable closed firmware images distributed as *.m0 files;
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	127 the independent last megabyte holds the FFS, and thus the FW could be
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	128 implemented to do FFS writes while running from flash in the main bank.
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	129 Less than half of that last megabyte appears to be used for the FFS though;
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	130 the rest appears to be unused - blank flash observed.)
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	131
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	132 * On the Pirelli the FFS occupies 18 sectors of 256 KiB each at offsets 0
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	133 through 0x440000 (inclusive) of the 2nd flash chip select, the one wired to
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	134 nCS3 on the Calypso.
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	135
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	136 Each flash sector allocated to FFS begins with the following signature:
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	137
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	138 00000000: 46 66 73 23 10 02 xx yy zz FF FF FF FF FF FF FF Ffs#............
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	139
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	140 The bytes shown as xx and yy above serve a non-understood purpose; as a guess,
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	141 they may hold some info for the flash wear leveling algorithm: in a "virgin"
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	142 FFS image like that found in my GTA02 (which never had a SIM card in it and
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	143 never made or received a call) or read out of a "virgin" Pirelli phone that
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	144 hasn't seen any active use yet, both of these bytes are FFs, but when I look at
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	145 FFS images read out of the Pirelli which I currently use as my everyday-use
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	146 cellphone, I see other values in sectors which must have been erased and
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	147 rewritten. A read-only implementation can ignore these bytes, as mine does.
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	148
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	149 The byte shown as zz is more important though, even to a read-only
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	150 implementation. The 3 values I've encountered in this byte so far are AB, BD
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	151 and BF. Per my current understanding, in a "healthy" FFS exactly one sector
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	152 will have AB in its header, exactly one will have BF, and the rest will have
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	153 BD. The meanings are (or appear to be):
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	154
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	155 AB: the sector holds a vital data structure which I have called the active
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	156 index block;
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	157 BD: the sector holds regular data;
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	158 BF: the sector is blank except for the header, can be turned into a new AB or
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	159 BD.
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	160
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	161 (Note that a flash program operation, which can turn 1s into 0s but not the
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	162 other way around, can turn BF into either AB or BD - but neither AB nor BD can
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	163 be turned into any other valid value.)
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	164
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	165 In a "virgin" FFS image (as explained above) the first FFS sector is AB, the
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	166 last one is BF, and the ones in between are BDs.
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	167
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	168 An FFS read operation (a search for a given pathname, or a listing of all
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	169 present directories and files) needs to start with locating the active index
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	170 block - the FFS sector with AB in the header. Following this header, which is
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	171 treated as being 16 bytes long (almost everything in Mokopir-FFS is aligned on
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	172 16-byte boundaries), the active index block contains a linear array of 16-byte
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	173 records, each record describing an FFS object: directory, file or file
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	174 continuation chunk.
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	175
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	176 Here is my current understanding of the 16-byte index block record structure:
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	177
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	178 2 bytes: Length of the described chunk in bytes
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	179 1 byte: Purpose/meaning not understood, ignored by my current code
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	180 1 byte: Object type
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	181 2 bytes: Descendant pointer
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	182 2 bytes: Sibling pointer
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	183 4 bytes: Data pointer
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	184 4 bytes: Purpose/meaning not understood, ignored by my current code
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	185
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	186 (On the Calypso phones of interest, all multibyte fields are in the native
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	187 little-endian byte order of the ARM7TDMI processor.)
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	188
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	189 The active index block gets filled with these records as objects are created;
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	190 the first record goes right after the 'Ffs#'...AB header (padded to 16 bytes);
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	191 the last record (at any given moment) is followed by blank flash for the
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	192 remainder of the sector. Records thus appear in the order in which they are
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	193 created, which bears no direct relation to the directory tree structure.
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	194
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	195 The objects, each described by a record in the index block, are organized into
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	196 a tree structure by the descendant and sibling pointers, plus the object type
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	197 indicator byte. Let's start with the latter; the following objtype byte values
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	198 have been observed:
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	199
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	200 00: deleted object - a read-only implementation should ignore everything except
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	201 the descendant and sibling pointers. (A write-capable implementation would
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	202 need more care - it would need a way of reclaiming dirty flash space taken
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	203 up by deleted/overwritten files.)
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	204
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	205 E1: a special file - see the description of the /.journal file further down
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	206 F1: a regular file (head chunk thereof)
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	207 F2: a directory
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	208 F4: file continuation chunk (explained below)
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	209
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	210 Each record in the index block has an associated chunk in one of the data
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	211 sectors; the index record contains fields giving the address and length of this
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	212 chunk. The length of a chunk is always a nonzero multiple of 16 bytes, and is
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	213 stored (as a number in bytes) in the first 16-bit field of the 16-byte index
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	214 entry. The address of each chunk is given by the data pointer field of the
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	215 index record, and it is reckoned in 16-byte units (thereby 16-byte alignment is
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	216 required) from the beginning of the FFS sector group in the flash address space.
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	217
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	218 For objects of type F1 and F2 (regular files and directories) the just-described
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	219 chunk begins with the name of the file or subdirectory as a NUL-terminated ASCII
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	220 string. This name is just for the current level of the directory tree, just
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	221 like in UNIX directories, thus one will have chunk names like gsm, l3, eplmn
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	222 etc, rather than /gsm/l3/eplmn. One practical effect is that one can't readily
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	223 see pathnames or any of the directory structure by looking at an FFS image as a
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	224 raw hex dump; the structure is only revealed when one uses a parsing program
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	225 like those which accompany this document.
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	226
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	227 In the case of directories, the "chunk" part of the object contains only the
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	228 name of the directory itself, padded with FFs to a 16-byte boundary. For
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	229 example, an FFS directory named /gsm would be represented by an object
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	230 consisting of two flash writes: a 16-byte entry in the active index block, with
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	231 the object type byte set to F2, and a corresponding 16-byte chunk in one of the
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	232 data sectors, with the 16 bytes containing "gsm", a terminating NUL byte, and
28 c9f7a4afccc9 Mokopir-FFS: verbal description finished Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 27 diff changeset	233 12 FF bytes to pad up to 16. In the case of files, this name may be followed
27 343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	234 by the first chunk of file data content, as explained further down.
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	235
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	236 In order to parse the FFS directory tree (whether the objective is to dump the
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	237 whole thing recursively or to find a specific file given a pathname), one needs
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	238 to first (well, after finding the active AB block) find the root directory node.
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	239 The root directory object is similar to other directory objects: it has a type
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	240 of F2, and an associated chunk of 16 bytes in one of the data sectors. The
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	241 latter contains the name of the root node: on the Pirelli it is "/", whereas on
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	242 my GTA02 it is "/ffs-root".
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	243
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	244 The astute reader should notice that it really makes no sense to store a name
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	245 for the root node, and indeed, this name plays no part in the traversal of the
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	246 directory tree given an absolute pathname. But instead this name, or rather
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	247 its first character, appears to be used for the purpose of locating the root
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	248 node itself. At first I had assumed that the index record for the root node is
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	249 always the first record in the active index block right after the signature
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	250 header - that is how it is in "virgin" FFS images, and also in some quite non-
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	251 virgin ones I have pulled from my daily-use Pirelli. Naturally my first version
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	252 of the Mokopir-FFS (then called MysteryFFS) extraction utility expected the root
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	253 node to always be at index #1. But then I got some additional Pirelli phones,
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	254 and discovered that in certain cases, index record #1 is a deleted object (the
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	255 original root node which has been deleted), and the new active root node is
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	256 somewhere in the middle of the index!
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	257
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	258 Thus it appears that in order to find the active root node, one needs to scan
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	259 the active index block linearly from the beginning (disregarding the tree
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	260 structure pointers in this initial pass), looking for a non-deleted object of
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	261 type F2 (a directory) whose corresponding name chunk sports a name beginning
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	262 with the '/' character. (Anyone who's been raised in UNIX will immediately
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	263 know that the path separator character '/' is the only character other than NUL
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	264 that's absolutely forbidden in the individual filenames - so this special
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	265 "root node name" is the only case of a '/' character appearing in what would
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	266 otherwise be a regular filename.)
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	267
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	268 [What causes the root node to be somewhere other than at index #1? I assume it
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	269 has to do with the dirty space reclamation / data movement algorithm. In a
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	270 "virgin" FFS image the very first sector is the active index block, and the
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	271 following sector is the first to hold chunks, beginning with the name chunk of
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	272 the root node. Now what happens if all data in that sector aside from the
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	273 root node name and some other mostly-static directory names becomes dirty,
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	274 i.e., belonging to deleted or overwritten files? How would that flash space
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	275 get reclaimed? I assume that the FFS firmware algorithm moves all still-active
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	276 chunks to a new flash sector, invalidating the old copies - turning the latter
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	277 into deleted objects. The root node will be among them. Then at some point
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	278 the active index block is going to fill up too, and will need to be rewritten
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	279 into a new sector - at which point the previously-deleted index entries are
343b6b2f178b beginning of Mokopir-FFS verbal description Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: diff changeset	280 omitted and the root node becomes #1 again...]
28 c9f7a4afccc9 Mokopir-FFS: verbal description finished Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 27 diff changeset	281
c9f7a4afccc9 Mokopir-FFS: verbal description finished Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 27 diff changeset	282 Tree structure
c9f7a4afccc9 Mokopir-FFS: verbal description finished Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 27 diff changeset	283
c9f7a4afccc9 Mokopir-FFS: verbal description finished Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 27 diff changeset	284 Once the root node has been found, the descendant and sibling pointers are used
c9f7a4afccc9 Mokopir-FFS: verbal description finished Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 27 diff changeset	285 to traverse the tree structure. For each directory object, including the root
c9f7a4afccc9 Mokopir-FFS: verbal description finished Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 27 diff changeset	286 node, the descendant pointer points to the first child object of this directory:
c9f7a4afccc9 Mokopir-FFS: verbal description finished Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 27 diff changeset	287 the first file or subdirectory contained therein. (Descendant and sibling
c9f7a4afccc9 Mokopir-FFS: verbal description finished Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 27 diff changeset	288 pointers take the form of index numbers in the active index block. A "nil"
c9f7a4afccc9 Mokopir-FFS: verbal description finished Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 27 diff changeset	289 pointer is indicated by all 1s (FFFF) - the usual all-0s NULL pointer convention
c9f7a4afccc9 Mokopir-FFS: verbal description finished Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 27 diff changeset	290 couldn't be used because it's flash, where the blank state is all 1s.) If the
c9f7a4afccc9 Mokopir-FFS: verbal description finished Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 27 diff changeset	291 descendant pointer of a directory object is nil, that means an empty directory.
c9f7a4afccc9 Mokopir-FFS: verbal description finished Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 27 diff changeset	292 The sibling pointer of each file or directory points to its next sibling, i.e.,
c9f7a4afccc9 Mokopir-FFS: verbal description finished Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 27 diff changeset	293 the next member of the same parent directory. The sibling pointer of the root
c9f7a4afccc9 Mokopir-FFS: verbal description finished Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 27 diff changeset	294 node is nil.
c9f7a4afccc9 Mokopir-FFS: verbal description finished Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 27 diff changeset	295
c9f7a4afccc9 Mokopir-FFS: verbal description finished Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 27 diff changeset	296 Data content of files
c9f7a4afccc9 Mokopir-FFS: verbal description finished Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 27 diff changeset	297
c9f7a4afccc9 Mokopir-FFS: verbal description finished Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 27 diff changeset	298 Objects of type F1 are the head chunks of files. Each file has a head chunk,
c9f7a4afccc9 Mokopir-FFS: verbal description finished Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 27 diff changeset	299 and may or may not have continuation chunks. More precisely, the head chunk
c9f7a4afccc9 Mokopir-FFS: verbal description finished Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 27 diff changeset	300 may contain only the name (or viewed alternatively, 0 bytes of data), or it may
c9f7a4afccc9 Mokopir-FFS: verbal description finished Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 27 diff changeset	301 contain a nonzero number of payload bytes; orthogonally to this variability,
c9f7a4afccc9 Mokopir-FFS: verbal description finished Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 27 diff changeset	302 there may or may not be continuation chunk(s) present.
c9f7a4afccc9 Mokopir-FFS: verbal description finished Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 27 diff changeset	303
c9f7a4afccc9 Mokopir-FFS: verbal description finished Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 27 diff changeset	304 Continuation chunks
c9f7a4afccc9 Mokopir-FFS: verbal description finished Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 27 diff changeset	305
c9f7a4afccc9 Mokopir-FFS: verbal description finished Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 27 diff changeset	306 The descendant pointer of each file head object (the object of type F1, the one
c9f7a4afccc9 Mokopir-FFS: verbal description finished Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 27 diff changeset	307 reached by traversing the directory tree) indicates whether or not there are
c9f7a4afccc9 Mokopir-FFS: verbal description finished Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 27 diff changeset	308 any continuation chunks present. If this descendant pointer is nil, there are
c9f7a4afccc9 Mokopir-FFS: verbal description finished Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 27 diff changeset	309 no continuation chunks; otherwise it points to the first continuation chunk
c9f7a4afccc9 Mokopir-FFS: verbal description finished Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 27 diff changeset	310 object. File continuation objects have type F4, don't have any siblings (the
41 86a494a5f2b0 MPFFS description: documented relocated chunks and the journal file Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 28 diff changeset	311 sibling pointer is nil - but see below regarding relocated chunks), and the
86a494a5f2b0 MPFFS description: documented relocated chunks and the journal file Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 28 diff changeset	312 descendant pointer of each continuation object points to the next continuation
86a494a5f2b0 MPFFS description: documented relocated chunks and the journal file Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 28 diff changeset	313 object, if there is one - nil otherwise.
28 c9f7a4afccc9 Mokopir-FFS: verbal description finished Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 27 diff changeset	314
c9f7a4afccc9 Mokopir-FFS: verbal description finished Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 27 diff changeset	315 Payload data delineation
c9f7a4afccc9 Mokopir-FFS: verbal description finished Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 27 diff changeset	316
c9f7a4afccc9 Mokopir-FFS: verbal description finished Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 27 diff changeset	317 Each chunk, whether head or continuation, always has a length that is a nonzero
c9f7a4afccc9 Mokopir-FFS: verbal description finished Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 27 diff changeset	318 multiple of 16 bytes. The length of the chunk here means the amount of flash
c9f7a4afccc9 Mokopir-FFS: verbal description finished Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 27 diff changeset	319 space it occupies in its data sector - which is NOT equal to the payload data
c9f7a4afccc9 Mokopir-FFS: verbal description finished Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 27 diff changeset	320 length.
c9f7a4afccc9 Mokopir-FFS: verbal description finished Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 27 diff changeset	321
c9f7a4afccc9 Mokopir-FFS: verbal description finished Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 27 diff changeset	322 The head chunk of each file begins with the filename, terminated by a NUL byte.
c9f7a4afccc9 Mokopir-FFS: verbal description finished Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 27 diff changeset	323 If there are any payload data bytes present in this head chunk (I'll explain
c9f7a4afccc9 Mokopir-FFS: verbal description finished Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 27 diff changeset	324 momentarily how you would tell), the byte immediately after the NUL that
c9f7a4afccc9 Mokopir-FFS: verbal description finished Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 27 diff changeset	325 terminates the filename is the first byte of the payload. In the case of a
c9f7a4afccc9 Mokopir-FFS: verbal description finished Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 27 diff changeset	326 continuation chunk, there is no filename and the first byte of the chunk is the
c9f7a4afccc9 Mokopir-FFS: verbal description finished Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 27 diff changeset	327 first byte of that chunk's portion of the user data payload.
c9f7a4afccc9 Mokopir-FFS: verbal description finished Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 27 diff changeset	328
c9f7a4afccc9 Mokopir-FFS: verbal description finished Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 27 diff changeset	329 Each data-containing chunk (head or continuation) has the following termination
c9f7a4afccc9 Mokopir-FFS: verbal description finished Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 27 diff changeset	330 after the last byte of that chunk's payload data: one byte of 00, followed by
c9f7a4afccc9 Mokopir-FFS: verbal description finished Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 27 diff changeset	331 however many bytes are needed ([0,15] range) of FFs to pad to a 16-byte
c9f7a4afccc9 Mokopir-FFS: verbal description finished Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 27 diff changeset	332 boundary. A file head chunk that has no payload data has the same format as a
c9f7a4afccc9 Mokopir-FFS: verbal description finished Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 27 diff changeset	333 directory name chunk: filename followed by its terminating NUL followed by
c9f7a4afccc9 Mokopir-FFS: verbal description finished Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 27 diff changeset	334 [0,15] bytes of FFs to pad to the next 16-byte boundary.
c9f7a4afccc9 Mokopir-FFS: verbal description finished Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 27 diff changeset	335
c9f7a4afccc9 Mokopir-FFS: verbal description finished Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 27 diff changeset	336 When working with a head chunk, find the beginning of possible payload data (1
c9f7a4afccc9 Mokopir-FFS: verbal description finished Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 27 diff changeset	337 byte after the filename terminating NUL) and find the end per the standard
c9f7a4afccc9 Mokopir-FFS: verbal description finished Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 27 diff changeset	338 termination logic: scanning from the end of the chunk, skip FFs until 00 is
c9f7a4afccc9 Mokopir-FFS: verbal description finished Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 27 diff changeset	339 found (encountering anything else is an error). If the head chunk has no data,
c9f7a4afccc9 Mokopir-FFS: verbal description finished Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 27 diff changeset	340 the effective data length (end_pointer - start_pointer) will be 0 or -1. (The
c9f7a4afccc9 Mokopir-FFS: verbal description finished Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 27 diff changeset	341 latter possibility is the most likely, as there will normally be a "shared" 00
c9f7a4afccc9 Mokopir-FFS: verbal description finished Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 27 diff changeset	342 byte, serving as both the filename terminator and the 00 before the padding
c9f7a4afccc9 Mokopir-FFS: verbal description finished Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 27 diff changeset	343 FF bytes.)
c9f7a4afccc9 Mokopir-FFS: verbal description finished Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 27 diff changeset	344
41 86a494a5f2b0 MPFFS description: documented relocated chunks and the journal file Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 28 diff changeset	345 Relocated chunks
86a494a5f2b0 MPFFS description: documented relocated chunks and the journal file Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 28 diff changeset	346
86a494a5f2b0 MPFFS description: documented relocated chunks and the journal file Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 28 diff changeset	347 Let's go back to the scenario in which a particular data sector is full (no more
86a494a5f2b0 MPFFS description: documented relocated chunks and the journal file Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 28 diff changeset	348 usable free space left) and contains a mixture of active and dirty (deleted or
86a494a5f2b0 MPFFS description: documented relocated chunks and the journal file Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 28 diff changeset	349 invalidated) data. How does the dirty flash space get reclaimed, so that the
86a494a5f2b0 MPFFS description: documented relocated chunks and the journal file Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 28 diff changeset	350 amount of available space (blank flash ready to hold new data) becomes equal to
86a494a5f2b0 MPFFS description: documented relocated chunks and the journal file Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 28 diff changeset	351 the total FFS size minus the total size of active files and overhead? It can
86a494a5f2b0 MPFFS description: documented relocated chunks and the journal file Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 28 diff changeset	352 only be done by relocating the still-active objects from the full sector to a
86a494a5f2b0 MPFFS description: documented relocated chunks and the journal file Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 28 diff changeset	353 new one, invalidating the old copies, and once the old sector consists of
86a494a5f2b0 MPFFS description: documented relocated chunks and the journal file Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 28 diff changeset	354 nothing but invalidated data, subjecting it to flash erasure.
86a494a5f2b0 MPFFS description: documented relocated chunks and the journal file Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 28 diff changeset	355
86a494a5f2b0 MPFFS description: documented relocated chunks and the journal file Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 28 diff changeset	356 So how do the active FFS objects get relocated from a "condemned" sector to a
86a494a5f2b0 MPFFS description: documented relocated chunks and the journal file Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 28 diff changeset	357 new one? If the object is a directory, a new index entry is created, pointing
86a494a5f2b0 MPFFS description: documented relocated chunks and the journal file Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 28 diff changeset	358 to the newly relocated name chunk, but it is then made to fit into the old tree
86a494a5f2b0 MPFFS description: documented relocated chunks and the journal file Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 28 diff changeset	359 structure without disrupting the latter: the new index entry is added at the
86a494a5f2b0 MPFFS description: documented relocated chunks and the journal file Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 28 diff changeset	360 tail of the sibling-chain of the parent directory's descendants, the old index
86a494a5f2b0 MPFFS description: documented relocated chunks and the journal file Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 28 diff changeset	361 entry for the same directory is invalidated (as if the directory were rmdir'ed),
86a494a5f2b0 MPFFS description: documented relocated chunks and the journal file Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 28 diff changeset	362 and the descendant pointer of the newly written index entry is set to a copy of
86a494a5f2b0 MPFFS description: documented relocated chunks and the journal file Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 28 diff changeset	363 the descendant pointer from the old index entry for the same directory. The
86a494a5f2b0 MPFFS description: documented relocated chunks and the journal file Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 28 diff changeset	364 same approach is used when the head chunk of a file needs to be relocated; in
86a494a5f2b0 MPFFS description: documented relocated chunks and the journal file Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 28 diff changeset	365 both cases a read-only FFS implementation doesn't need to do anything special to
86a494a5f2b0 MPFFS description: documented relocated chunks and the journal file Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 28 diff changeset	366 support reading file and directory objects that have been relocated in this
86a494a5f2b0 MPFFS description: documented relocated chunks and the journal file Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 28 diff changeset	367 manner.
86a494a5f2b0 MPFFS description: documented relocated chunks and the journal file Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 28 diff changeset	368
86a494a5f2b0 MPFFS description: documented relocated chunks and the journal file Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 28 diff changeset	369 However, if the relocated object is a file continuation chunk, then the manner
86a494a5f2b0 MPFFS description: documented relocated chunks and the journal file Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 28 diff changeset	370 in which such objects get relocated does affect file reading code. What if a
86a494a5f2b0 MPFFS description: documented relocated chunks and the journal file Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 28 diff changeset	371 chunk in the middle of a chain linked by "descend" pointers needs to be moved?
86a494a5f2b0 MPFFS description: documented relocated chunks and the journal file Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 28 diff changeset	372 What happens in this case is that the old copy of the chunk gets invalidated
86a494a5f2b0 MPFFS description: documented relocated chunks and the journal file Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 28 diff changeset	373 (the object type byte turned to 00) like in the other object relocating cases,
86a494a5f2b0 MPFFS description: documented relocated chunks and the journal file Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 28 diff changeset	374 and the sibling pointer of that old index entry (which was originally FFFF as
86a494a5f2b0 MPFFS description: documented relocated chunks and the journal file Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 28 diff changeset	375 continuation objects have no siblings) is set to point to the new index entry
86a494a5f2b0 MPFFS description: documented relocated chunks and the journal file Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 28 diff changeset	376 for the same chunk. The "descend" pointer in the new index entry is a copy of
86a494a5f2b0 MPFFS description: documented relocated chunks and the journal file Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 28 diff changeset	377 that pointer from the old index entry.
86a494a5f2b0 MPFFS description: documented relocated chunks and the journal file Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 28 diff changeset	378
86a494a5f2b0 MPFFS description: documented relocated chunks and the journal file Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 28 diff changeset	379 The manner of chunk relocation just described has been observed in the FFS
86a494a5f2b0 MPFFS description: documented relocated chunks and the journal file Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 28 diff changeset	380 images read out of my most recent batch of Pirelli phones - the same ones in
86a494a5f2b0 MPFFS description: documented relocated chunks and the journal file Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 28 diff changeset	381 which the root directory object is not at index #1. Thinking about it as I
86a494a5f2b0 MPFFS description: documented relocated chunks and the journal file Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 28 diff changeset	382 write this, I've realized that the way in which continuation objects get
86a494a5f2b0 MPFFS description: documented relocated chunks and the journal file Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 28 diff changeset	383 relocated is exactly the same as for other object types - thus the compaction
86a494a5f2b0 MPFFS description: documented relocated chunks and the journal file Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 28 diff changeset	384 code in the firmware doesn't need to examine what object type it is moving.
86a494a5f2b0 MPFFS description: documented relocated chunks and the journal file Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 28 diff changeset	385 However, the case of continuation chunk relocation deserves special attention
86a494a5f2b0 MPFFS description: documented relocated chunks and the journal file Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 28 diff changeset	386 because it affects a read-only implementation like ours - the utilities whose
86a494a5f2b0 MPFFS description: documented relocated chunks and the journal file Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 28 diff changeset	387 source accompanies this document used to fail on these FFS images until I
86a494a5f2b0 MPFFS description: documented relocated chunks and the journal file Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 28 diff changeset	388 implemented the following additional handling:
86a494a5f2b0 MPFFS description: documented relocated chunks and the journal file Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 28 diff changeset	389
86a494a5f2b0 MPFFS description: documented relocated chunks and the journal file Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 28 diff changeset	390 When following the chunk chain of a file, normally the only object type that's
86a494a5f2b0 MPFFS description: documented relocated chunks and the journal file Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 28 diff changeset	391 expected is F4 - any other object type is an error. However, as a result of
86a494a5f2b0 MPFFS description: documented relocated chunks and the journal file Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 28 diff changeset	392 chunk relocation, one can also encounter deleted objects, i.e., type == 00.
86a494a5f2b0 MPFFS description: documented relocated chunks and the journal file Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 28 diff changeset	393 If such a deleted object is encountered, follow its sibling pointer, which must
86a494a5f2b0 MPFFS description: documented relocated chunks and the journal file Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 28 diff changeset	394 be non-nil.
86a494a5f2b0 MPFFS description: documented relocated chunks and the journal file Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 28 diff changeset	395
86a494a5f2b0 MPFFS description: documented relocated chunks and the journal file Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 28 diff changeset	396 Journal file
86a494a5f2b0 MPFFS description: documented relocated chunks and the journal file Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 28 diff changeset	397
86a494a5f2b0 MPFFS description: documented relocated chunks and the journal file Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 28 diff changeset	398 Every Mokopir-FFS image I've seen so far contains a special file named
86a494a5f2b0 MPFFS description: documented relocated chunks and the journal file Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 28 diff changeset	399 /.journal; this file is special in the following ways:
86a494a5f2b0 MPFFS description: documented relocated chunks and the journal file Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 28 diff changeset	400
86a494a5f2b0 MPFFS description: documented relocated chunks and the journal file Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 28 diff changeset	401 * The object type byte is E1 instead of F1;
86a494a5f2b0 MPFFS description: documented relocated chunks and the journal file Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 28 diff changeset	402 * Unlike regular files, this special file is internally-writable.
86a494a5f2b0 MPFFS description: documented relocated chunks and the journal file Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 28 diff changeset	403
86a494a5f2b0 MPFFS description: documented relocated chunks and the journal file Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 28 diff changeset	404 What I mean by the above is that regular files are mostly immutable: once a
86a494a5f2b0 MPFFS description: documented relocated chunks and the journal file Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 28 diff changeset	405 file has been created with some data content in the head chunk, it can only be
86a494a5f2b0 MPFFS description: documented relocated chunks and the journal file Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 28 diff changeset	406 either appended to (one or more continuation chunks added), or overwritten by
86a494a5f2b0 MPFFS description: documented relocated chunks and the journal file Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 28 diff changeset	407 creating a new file with the same name at the same level in the tree hierarchy
86a494a5f2b0 MPFFS description: documented relocated chunks and the journal file Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 28 diff changeset	408 and invalidating the old one. But the special /.journal file is different: I
86a494a5f2b0 MPFFS description: documented relocated chunks and the journal file Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 28 diff changeset	409 have never observed it to consist of more than the head chunk, and this head
86a494a5f2b0 MPFFS description: documented relocated chunks and the journal file Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 28 diff changeset	410 chunk is pre-allocated with some largish and apparently fixed length (4 KiB on
86a494a5f2b0 MPFFS description: documented relocated chunks and the journal file Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 28 diff changeset	411 my GTA02, 16 KiB on the Pirelli). This pre-allocated chunk contains what look
86a494a5f2b0 MPFFS description: documented relocated chunks and the journal file Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 28 diff changeset	412 like 16-byte records at the beginning (on the first 4-byte boundary after the
86a494a5f2b0 MPFFS description: documented relocated chunks and the journal file Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 28 diff changeset	413 NUL terminating the ".journal" name), followed by blank flash for the remainder
86a494a5f2b0 MPFFS description: documented relocated chunks and the journal file Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 28 diff changeset	414 of the pre-allocated chunk - so it surely looks like new flash writes happen
86a494a5f2b0 MPFFS description: documented relocated chunks and the journal file Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 28 diff changeset	415 within this chunk.
86a494a5f2b0 MPFFS description: documented relocated chunks and the journal file Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 28 diff changeset	416
86a494a5f2b0 MPFFS description: documented relocated chunks and the journal file Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 28 diff changeset	417 I do not currently know the purpose of this /.journal file or the meaning of the
86a494a5f2b0 MPFFS description: documented relocated chunks and the journal file Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 28 diff changeset	418 records it seems to contain. This understanding would surely be needed if one
86a494a5f2b0 MPFFS description: documented relocated chunks and the journal file Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 28 diff changeset	419 wanted to create FFS images from scratch or to implement FFS write operations,
86a494a5f2b0 MPFFS description: documented relocated chunks and the journal file Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 28 diff changeset	420 but I reason that a read-only implementation can get away with simply ignoring
86a494a5f2b0 MPFFS description: documented relocated chunks and the journal file Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 28 diff changeset	421 this file. I reason that this file can't be necessary in order to parse an FFS
86a494a5f2b0 MPFFS description: documented relocated chunks and the journal file Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 28 diff changeset	422 image for reading because one needs to parse the tree structure first in order
86a494a5f2b0 MPFFS description: documented relocated chunks and the journal file Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 28 diff changeset	423 to locate this journal file itself.
86a494a5f2b0 MPFFS description: documented relocated chunks and the journal file Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 28 diff changeset	424
28 c9f7a4afccc9 Mokopir-FFS: verbal description finished Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 27 diff changeset	425 -------------------------------------------------------------------------------
c9f7a4afccc9 Mokopir-FFS: verbal description finished Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 27 diff changeset	426
c9f7a4afccc9 Mokopir-FFS: verbal description finished Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 27 diff changeset	427 That's all I can think of right now. If anything is unclear, see the
c9f7a4afccc9 Mokopir-FFS: verbal description finished Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 27 diff changeset	428 accompanying source code for the listing/extraction utilities: with the general
c9f7a4afccc9 Mokopir-FFS: verbal description finished Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 27 diff changeset	429 explanation given by this document, it should be clear what my code does and
c9f7a4afccc9 Mokopir-FFS: verbal description finished Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 27 diff changeset	430 why. And if a given piece of knowledge is found neither in this document nor
c9f7a4afccc9 Mokopir-FFS: verbal description finished Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 27 diff changeset	431 in my source code, then I don't know it myself either, and my read-only
c9f7a4afccc9 Mokopir-FFS: verbal description finished Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 27 diff changeset	432 Mokopir-FFS implementation makes do without it.
c9f7a4afccc9 Mokopir-FFS: verbal description finished Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 27 diff changeset	433
c9f7a4afccc9 Mokopir-FFS: verbal description finished Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 27 diff changeset	434 All knowledge contained herein has been recovered by reverse engineering.
c9f7a4afccc9 Mokopir-FFS: verbal description finished Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 27 diff changeset	435 Believe it or not, I have figured it out by staring at the hex dump of FFS
c9f7a4afccc9 Mokopir-FFS: verbal description finished Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 27 diff changeset	436 sectors, reasoning about how one could possibly implement an FFS given the
c9f7a4afccc9 Mokopir-FFS: verbal description finished Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 27 diff changeset	437 requirement of dynamic writability and the physical constraints of flash memory,
c9f7a4afccc9 Mokopir-FFS: verbal description finished Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 27 diff changeset	438 and writing listing/extraction test code iteratively until I got something that
c9f7a4afccc9 Mokopir-FFS: verbal description finished Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 27 diff changeset	439 appears to correctly parse all FFS images available to me - the result is the
c9f7a4afccc9 Mokopir-FFS: verbal description finished Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 27 diff changeset	440 code in this package.
c9f7a4afccc9 Mokopir-FFS: verbal description finished Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 27 diff changeset	441
c9f7a4afccc9 Mokopir-FFS: verbal description finished Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 27 diff changeset	442 I never got as far as attempting to locate the FFS implementation routines
41 86a494a5f2b0 MPFFS description: documented relocated chunks and the journal file Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 28 diff changeset	443 within the proprietary firmware binary code images, and I haven't found an
86a494a5f2b0 MPFFS description: documented relocated chunks and the journal file Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 28 diff changeset	444 implementation of this particular FFS in any of the leaked sources yet either.
86a494a5f2b0 MPFFS description: documented relocated chunks and the journal file Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 28 diff changeset	445 The TSM30 code doesn't seem to be of any use as its FFS appears to be totally
86a494a5f2b0 MPFFS description: documented relocated chunks and the journal file Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 28 diff changeset	446 different. As to the more recently found LoCosto code leak, I found that one a
86a494a5f2b0 MPFFS description: documented relocated chunks and the journal file Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 28 diff changeset	447 few days after I got the Moko/Pirelli "MysteryFFS" reverse-engineered on my
86a494a5f2b0 MPFFS description: documented relocated chunks and the journal file Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 28 diff changeset	448 own, and when I did look at the FFS in the LoCosto code later, I saw what seems
86a494a5f2b0 MPFFS description: documented relocated chunks and the journal file Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 28 diff changeset	449 to be a different FFS as well.
28 c9f7a4afccc9 Mokopir-FFS: verbal description finished Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 27 diff changeset	450
c9f7a4afccc9 Mokopir-FFS: verbal description finished Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 27 diff changeset	451 Michael Spacefalcon
41 86a494a5f2b0 MPFFS description: documented relocated chunks and the journal file Michael Spacefalcon <msokolov@ivan.Harhan.ORG> parents: 28 diff changeset	452 SE 52 Mes 16

FreeCalypso > hg > freecalypso-reveng

annotate mpffs/Description @ 251:6d9a6627b085