New way of enabling debug mode

Preface:

Thanks to MHC's genius, now there is another way of enabling the debug mode.

As usual, please note: You are responsible for whatever modifications you do to your box, including modifications described in this manual.
I am not responsible for any damage that might occur.





Basics:

A Dbox2 that is not in debug mode has a big problem: it only executes signed software.
The other methods of enabling the debug mode circumvent this problem by using the kernel that is in flash memory (Short circuit method) or booting a kernel from an old BR version ( method without short circuit)
The MHC method does not require this.
This method interrupts the boot process at the right time and modifies the bootloader using its own functions.

Bitte Please read this howto completely before you start (same goes for the other howtos)
Do not start before you understood the whole process!

Styles:

Commands you have to enter are bold.
Keystrokes are bold and in brackets: [Enter]



Preparation:

First, localize the spots for Flash-Reset and Write protect.
Do it beforehand; you are likely to break something if you have to look for the right spots last minute.

The Dbox has to be connected to the PC via a Nullmodem.
The serial line speed (Verbindungsgeschwindigkeit) in the boot manager or any other com-terminal has to be set to 9600.
(In the boot manager, remember to press "Start")
The serial line has to be configured as is shown here.


Now reset the Dbox by pressing the up-arrow and standby button simultaneously, then releasing only the standby button.
Hold the up-arrow button until there's a bunch of numbers in the LCD.
This should look something like this: 01DD10081 161608

Explanation:

01: mID (Nokia here)
DD: feID (Frontend)
10: Bmon Version (1.0 here)
081: FPrev. Software-Revision of the Front processor (Bmon 1.0 labels it SWRev)
16: Ram intern (16MB here)
16: Ram extern (16MB here)
08: Flash (8MB here)

Most important is the version of the Bmon. If you happen to own a Nokia with 2 Intel flash chips and Bmon 1.0, this method is not going to work, because the Bmon 1.0 does not implement the needed setenv command.
These boxes can be dealt with using a ppcboot file, but that procedure is much more complicated.



The procedure

Start the box via reset (up-arrow and standby button) and hold the up-arrow key until the numbers show up in the LCD.

Now the spot for Flashreset is connected to GND.

This connection has to persist until the Dbox's self test is done.

Nokias then display 5 bars in between the numbers, other boxes display 1 bar.
Now the box should display the boot loader prompt.

Release the connection of the flash reset spot now.

Because the box is still not in debug mode, you will not get any response to the commands you type. Nevertheless it is possible to enter commands.
All input described below is entered in the com-terminal. Do not worry if there is no output yet, the first output will be the response to icache

Requested info: the boot manager's com-terminal is labeled "com-terminal" in the tab to the left.
If you get a "timeout", it is not the com-terminal but the RSH-Client.

Take extreme care that you type all the commands correctly!
A typo can make your box a weird paper weight.



For testing, type icache [Enter]

The response should be icache is on
If this works, you may continue.

If this is a box with 2xAMD or 1xIntel flash, you have to disable the write protection now.
If it is a 2xIntel-Box, this has already been done during the flash reset.

Now type
setenv product? 0 [Enter]

this command generates no response; this is absolutely normal.
Wait 3-5 secs and then release the connection to the write protect spot (if required) and reset the box.

If you have executed setenv product? 0 without disabling the write protection first, the boot loader hangs now.
If this is the case, just do a flash reset, so it is possible to enter input again, and then disable the write protection.

Sagem and Philips boxes can be reset by typing reset [Enter] and Nokias by typing go 10000100 [Enter]
Now the box should display the debug mode output in the LCD.


Continue as usual:

Create an image of the original software and extract the ucodes

After that, you can flash a linux image, one from Dboxupdate for example.






Feedback

This method was hacked by MHC
E-Mail

Further Assistance

If you have problems, consult the forum
or visit the IRC channel #dbox2 using, for example, irc.freenet.de as IRC server.

Copyright

Copyright (c) 2002 by Dietmar Hölscher


Home