sphaleronThe board has a very convenient 4-pin connector for the UART interface. With a multimeter I've managed to figure out the pinout.
4-pins: VCC(5V), TX, RX, GND
To interface with a computer I've used an FTDI FT232 based USB-UART adapter, the cheap Chinese ones on eBay are more than adequate. The cable should be arranged to connect the ground pins and cross-over TX and RX pins. Do not connect to the VCC pin. It is important to ensure your UART adapter is set to 3.3V mode (this SoC operates on 3.3V logic).
Open your favorite terminal application (I use picocom for Linux) and set the baudrate to 115200. Power on the board and you will see the following output in the terminal:
UART_115200
AC_FLOW
[23456789A][23456789A][3456789AB][3456789AB]-6677
BST-OK_RAM[AT][MB][start ub][677]
U-Boot 2011.06-svn565 (Mar 01 2018 - 21:27:50) MBOT-1106-0.8.KANO_TEE_NAND.a1
DRAM: 256 MiB
Hello U-Boot
Stack Pointer at: 87E52E00
mem initial, start 0x86DD0180, len 0x420000
msIR_Initialize
[MIU INFO] miu opencreate instance at 86FE7288 with private size 80 bytes at 86FE72D0
SPI: Flash is detected (0x0C05, 0xC8, 0x40, 0x18)
MDrv_SERFLASH_GetInfo()
u32AccessWidth = 1
u32TotalSize = 16777216
u32SecNum = 256
u32SecSize = 65536
create instance at 86FE7328 with private size 48 bytes at 86FE7370
uboot held at [8F000000~90000000]
Now running in RAM - U-Boot at: 871F0180
*** Warning - bad CRC, using default environment
In: serial
Out: serial
Err: serial
Net: No ethernet found.
Set MAC default
MAC: 0x0: 0x30: 0x1B: 0xBA:0x2: 0xDB
Hit any key to stop autoboot: 0
offset 0x2E0000, size 0x10000
Flash is detected (0x0C05, 0xC8, 0x40, 0x18)
initialization done!
ERR>Invalid Ldr Sign
ERR>Reading LDR sign from backup
offset 0x80000, size 0x10000
**********************LOADER_INFO*********************
@DF.0 #1.0 $1.0 ^1.5 *17
************************************************************
SSS eLOADER 21:28:06 Mar 1 2018
************************************************************
CPS SZE[1740]
MAIN.C 2484> Checking for key sequence...
enInvokemode:0
M.c 712> USB_(0)
Check USB port[0]:
[USB] usb_lowlevel_init++
[USB] USB EHCI LIB VER: 2014.10.02
[USB] Port 0 is Enabled
[USB] TV_usb_init (UTMI Init) ++
[USB] UTMI Base BF207500
[USB] UHC Base BF204800
[USB] USBC Base BF200E00
[USB] BC Base BF240A00
[USB] TV_usb_init--
[USB] Usb_host_Init++
[USB] Async base addr: 0xA7E1A100
[USB] Reg 0x28: 0xA100 0xA7E1
[USB] disable run
[USB] Host Speed:2
[USB] enable aynch
[USB] Usb_host_Init--
[USB] FAILED
[USB] usb_lowlevel_init--[0]
scanning bus for devices... [USB] control1 max:40
[USB] interface[0] conf:1 value FF:
1 USB Device(s) found
M.c 716>USB_0_Init_Success
offset 0xDC0000, size 0x10000
Marker read success
Marker [0xFFFFFFFF] mode[0]
Jumping to Application...
MsBoot.c E-1174>APP CRC Check..!!
offset 0x2E8000, size 0x8000
offset 0x300000, size 0x4B29FC
APP CRC Success...
Decompression OK!
MSBOOT.C 1196-E> Decompression OK[Go]
disable interrupts
## Starting application at 0x80000224 ...
Beyond this output the interface goes silent and the unit begins the application boot process.
You will notice this unit is using the U-boot bootloader. In fact, this is M-boot, a proprietary version for MStar chipsets that combines U-boot with a first stage bootloader called S-boot (more on this later). More information on M-boot can be found a the following link (https://mstar.fandom.com/wiki/MBoot). I've also found source code and documentation for a version of M-boot at the following GitHub, (https://github.com/neuschaefer/mstar-mboot/tree/master), although unlikely this is the exact version we are using here.
You will notice the following line:
Hit any key to stop autoboot: 0
This implies we can interrupt the boot process and get a U-boot shell. The make this happen, power cycle the unit and continuously press a keyboard key, you will quickly get the bootloader finishing on a shell prompt:
UART_115200
AC_FLOW
[23456789A][23456789A][3456789AB][3456789AB]-6677
BST-OK_RAM[AT][MB][start ub][677]
U-Boot 2011.06-svn565 (Mar 01 2018 - 21:27:50) MBOT-1106-0.8.KANO_TEE_NAND.a1
DRAM: 256 MiB
Hello U-Boot
Stack Pointer at: 87E52E00
mem initial, start 0x86DD0180, len 0x420000
msIR_Initialize
[MIU INFO] miu opencreate instance at 86FE7288 with private size 80 bytes at 86FE72D0
SPI: Flash is detected (0x0C05, 0xC8, 0x40, 0x18)
MDrv_SERFLASH_GetInfo()
u32AccessWidth = 1
u32TotalSize = 16777216
u32SecNum = 256
u32SecSize = 65536
create instance at 86FE7328 with private size 48 bytes at 86FE7370
uboot held at [8F000000~90000000]
Now running in RAM - U-Boot at: 871F0180
*** Warning - bad CRC, using default environment
In: serial
Out: serial
Err: serial
Net: No ethernet found.
Set MAC default
MAC: 0x0: 0x30: 0x1B: 0xBA:0x2: 0xDB
Hit any key to stop autoboot: 0
kiwi#
Updated 27th October 2023
Discussions
Become a Hackaday.io Member
Create an account to leave a comment. Already have an account? Log In.