QUOTE(TheSpecialist @ Dec 6 2005, 05:41 PM)
You can't realtime debug it like a program on your PC, code is much harder to read since there are no API calls like in windows code and you have to findout yourself what the different sections are (what's code and what's not). So basically all you can do is start 'single stepping' through it, starting with the reset vector ... I thought firmware hacking would be fun, but this kinda sucks
BTW, did you try this software:
http://www.fstsoftware.com/index.html ?
No, it's not like just hitting CTRL-D and seeing what pops up with commented kernal/sys calls
But there are other ways too and it can be LOADS of fun
Even worse you don't know where the memory mapped I/O devices or registers are, what they control, or how to control them. Then there are the MPU I/O pins, (P1,P2 etc) where do they go and what do they control? Some explicit knowledge of the hardware is gonna be required. This might involve tracing some things out, drawing some sketches, nothing impossible. Maybe you don't need to understand the system COMPLETELY to hack it. You will have to know somthing though, a hex editor wont cut it here. Often port pins can be easily traced. For starters, find the one that controls the LED. Search for code that affects that pin. Same for eject button and others. Comment the disassembly as you learn. Look at the ATA command set, can you identify the routine that parses commands? Are they all standard? Which ones are unusual? Try to figure out what low level routines do . Can you ID any of the peripheral IC's? Can you get a pinout for the MPU? More and more pieces will start to fit together. First you need get a toehold. It's like solving a puzzle.
Now imagine:
You don't even know the opcode/instruction set for sure!! The MPU is connected to internal peripherals, external ports, and LSI registers that are custom silicon and completely undocumented. You don't know where they are let alone what bit controls what function. There is no documented memory map. There is no pinout for any of the ICs. The "reset vector" is unknown so you can't find the front door. The bios code is encrypted, and can only be decoded by the bootloader (INSIDE the LSI) unique to each unit. The CPU has hardware security and is WAAAY more complicated than a single tasking 8 bit microcontroller. I'm sure it has TONS of control registers, that are also undocumented. No doubt there is also an MMU that also has these similar challenges.
That's the 360!! Who's gonna crack it? Once you fully understand what is involved you begin to realize, probably no one.