[mc1322x] Access to LQI
Clive Stubbings
cstl at xentech.co.uk
Thu Jun 10 19:13:39 EDT 2010
Mar,
Thats a big help.
Got the function disassembled, and those params all tie up with the code..
Just got to get my head into thumb mode!
0x004001d4 is
4001d4: 09 00 00 00 07 00 00 00 1e 00 00 00 2d 00 00 00
Apart from (which I can't see how it wont fail):
0: b570 push {r4, r5, r6, lr}
2: b480 push {r7}
4: 272e movs r7, #46
6: f3f2 f805 bl 0x3f2014
a: bc80 pop {r7}
It all looks benign. But it does look to access something around 8000_9494 which
is probably the key :-)
Should be an fairly easy 'convert'..
Cheers
Clive
On Thu, 10 Jun 2010, Mariano Alvira wrote:
> On Thu, Jun 10, 2010 at 10:37:29PM +0100, Clive Stubbings wrote:
>> Hi Mar,
>>
>> That didn't work. I'm guessing that the rom call isn't compatible with
>> your wireless code - or the address is wrong, or the call in the s/w
>> build I have is different from the one into ROm... or whatever..
>>
>> Not done any RE for a long time... Is there a dis listing that people are
>> working on somewhere? I'm presuming the ws-dis and mc..img are ram only.
>
> Here are some more clues:
>
> Googling PhyPlmeGetLQI finds:
>
> http://read.pudn.com/downloads155/sourcecode/embed/687920/My%20Solution/fallsensor/SMAC/Drivers/LibInterface/Rom_Phy.h__.htm
>
> which has:
>
> typedef struct{
> int32_t calFactor;
> int32_t lnaMinGain;
> int32_t lnaMaxGain;
> int32_t ifaMaxGain;
> } LQIParams_t;
>
>
> And I also know the following:
>
> .global PhyPlmeGetLQI
> .type PhyPlmeGetLQI, %function
> .thumb_set PhyPlmeGetLQI, 0x0000e04c
>
> .global LQIParams
> .type LQIParams, %object
> .set LQIParams, 0x004001d4
>
> This is probably the reason it isn't working for you... You need the
> LQIParams struct at 0x4001d4. Then maybe that struct will be populated
> if you call PhyPlmeGetLQI at 0xe04c... or maybe you need to fill
> LQIParams and then do the call... in fact, those params match a bunch
> of terms in the equation you gave.
>
> -Mar.
>
>
>
More information about the mc1322x
mailing list