Re: Re: Re: Getting JTAG working on the iPAQ h2210...

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> Why would HP CRL not be able to unbrick the 2200? They do produce the
> device!
Just because they produce it, does not mean thta they have the ability to
remove it. They have only the tools that we have in terms of JTAG.. really,
they're not holding out on us. They can't unbrick it for the same reason that
we can't (yet) - nobody's written the tools.

> If this is true we might want to stick with our original idea since
> there won't be any "doctor" to send it to. Once HP CRL has a way of
> debricking them then I would be more willing to work with JTAG and
> messing with taking out the HTC timebomb.
I'm not certain what you're thinking about doing with JTAG... JTAG is the only
way to debrick a bricked device - if you have JTAG in there yourself, then
that is your answer.

> If this is true it also makes the JTAG and erasing HTC scenarios all the
> more risky. Not having bootblock at this point is BAD news.
See above

> Like I said before if you can find a way to program a specific section
> of ROM then try that and work your way to bigger fish but just remember
> it's at your own risk. (sorry if I'm saying this to much, I just don't
> want to see someone lose there PDA)
I've killed an h1910 before JTAGing it (or, semikilled.) I got the erase code
perfect... but as to my write code... man I broke out in a cold sweat when
that didn't work right :) (Likewise boy was I relieved when I got the write
code working, hit reset, and wince came up! Never thought I'd be glad to see
WinCE!)

> Another solution is to try contacting HTC (High Tech Computer Corp.) to
> see if they would debrick a bricked 2200 (they did build the device).
> If they say they can then all the more power to you with the JTAG
> programming.
HTC doesn't talk to anyone :)

Jamey has repeatedly emailed HTC on my behalf in an attempt to get the
information for the write protect pins for NAND flash on h1910, unfortunately
with not so much as a response. Remember that CRL folk are pretty much in the
same boat as us, only they're paid to do it. ;) They mostly share whatever
they can with us.

If you are looking to get started writing a JTAG tool, check out module
debrick from CVS. It has code from Spyro and I that would be useful for
debricking trashed devices. (He has bsrflash - boundary scan, which is
probably unhelpful to you, as NAND isn't hooked directly to your CPU, but
with some hacking, you could probably make it talk through the HAMCOP, and
I've got fastjtag, a client-side set of utilities that allows you to load
4kbytes of code into the device's instruction cache as long as you have a
stub on there already.)

> David E. Waybright
> David_at_IXIMD.COM
> Certified CompTIA A+ & NET+ Technician
Joshua A. Wise
joshua_at_joshuawise.com
Certified Person Who Makes Fun Of Other People's Qualifications Although He
Lacks Any Himself ;)

- --
Joshua Wise | www.joshuawise.com
GPG Key | 0xEA80E0B3
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)

iD8DBQFAffsDPn9tWOqA4LMRAt/hAJ9JRVdOacJV62xsIVHSFIxGv5bHLACghU+0
frTMd2I+nMMGmUmp38PLO80=
=ZQqc
-----END PGP SIGNATURE-----
Received on Thu Apr 15 2004 - 03:01:24 EDT