ProudSkibidiTolietAryan
kiwifarms.net
- Joined
- Apr 18, 2025
This is by far the worst explanation in this series
Current boot process is this
- Register PCI registers. These are custom coded implementation of intercepting and responding when it attempts to READ a register. These control IMPORTANT stuff but not as important as the other one
- Register PCIXIO registers. These are custom coded implementation of intercepting and responding when it attempts to READ a register in this zone that belongs to PCIXIO, these mostly control the NAND and how the bootloader/linux/whatever is ran communicates with it.
- Register the UART for it.
- Register the KSEG for the pcixio/NAND. these are just a FASTER way to access things that the system software on this TV uses sometimes.
- All these HAVE to be designed accounting for WHAT the software wants, We can't change it only design it around the hardware and what would happen on a REAL machine
- Finally we can start SETTING UP everything by running instructions in the machine. We need to do a FEW things BEFORE we pass things to the TVS bootloader and have it run. It expects a few things. This is why I coded a "PREbootloader"
- start in PREBOOTLOADER mode, this is MY setup that sets everything up for it to well CONTINUE to the ACTUAL SONY tv bootloader
- TAKE THE PFLASH. take all its bytes and REMOVE the OOB bytes so we can just get the PURE instructions.
- Move that into ram
- then after that DO THE SAME THING BUT without removing the OOB bytes. We are not going to be executing instructions here this is just where the NORMAL NAND is suppose to go that the TV accesses. Yes the bootloader is stored in the NAND and its reading itself, however the bootloader is being executed in RAM where the OOB bytes are removed and where it handles stuff using the other MAIN copy as a way to access things.
- FINALLY start at ram starting the First stage Sony bootloader. executing the FIRST tv instructions.
Any confusion you have from this is my fault as a explainer rather than your fault as a reader. Take that as note.
Now normally the BOOTLOADER is not the FIRST thing that happens rather there is a separate chip that acts as a BIOS(not a fancy menu one just one that sets everything up) and THEN jumps to the bootloader.
Now because we ALREADY set everything up this is USELESS in our case but ill reverse engineer it just for curiosity.
Its stored on a EPPROM that get this. Is not mips assembly. Ill give you three guesses what it is because not even I KNEW.. Remember 2009-2010 tv one of the VERY LAST non smart tvs ever produced.
Its 8051 assembly for the 8051 like PROCESSOR. from the EXACT year of 1980.
Yeah bet you did not guess that
Very good question. Its because there is a SECOND processor that does the operations and sets everything up and THEN runs the MAIN BIG BOY mips PNX8543 processor.
It appears to start here
SUPRISNGLY enough this is NOT written in hand assembly but rather this code is 100% made by a C like compiler. I can tell by the way the functions are non humanly structured that this is NOT written by man.
OK so do not ask me to explain this but ill give my best GUESS
Its most likely CLEARING everything for execution, setting the 8501s processor values to nothing and then MOVING the contents of FLASH into ram by reading the MAIN area much like what WERE doing in QEMU...(Chatgpt ALSO appears to agree with my explanation and i made sure NOT to tell it what I think before asking)
Hmm. the 8502 assembly code is apparently NEWER than the vmlinux AND is NEWER than the bootloader? intresting.g
Intresting these are NEVER referenced or called... Maybe there unused or maybe the bootloader READS The epprom to use it.
SO WAIT. why would these be here if under normal execution from the start it NEVER reaches this?
WAIT is there a ENTIRE second program in here? Like a normal bios and then a OTHER program within it?
That would.... explain a lot acutally.
(EDIT NO)
SO wait if this is a STANDBY program? Why is the BOOTLOADER waiting for a power on button? Wouldn't that be handled by well the program labeled STANDBY PROGRAM? Well rather my theory is that the 8051 SETS up the PNX-8543 mips cpu and the CPU goes into bootloader mode waiting for a RAM address to be changed.
Than the 8051 processor HANDLES when the remote is pressed and CHANGES a value in ram when it gets pushed. Allowing it to run seperately not not have the Mips CPU scan remote buttons after EVERY instruction.
This aligns with the bootloader just WAITING there doing a timer interrupt waiting 1ms every time in a loop
Anyways lets view more in this EPPROM
It also appears to run alongside the MIPS cpu as we established but also it checks POWER issues and can shut off the TV in the event of a POWER issue
If your interested in this and want view it yourself go ahead ill send you the files msg me.
Attachments
Last edited:
