pcmhacking.net

Posted: **Sat Jun 14, 2025 11:33 pm**

I've put up a pull request that re-instates the C Kernel support and configures it to be used for P12. This should solve the problems reported with the asm kernel for P12.

https://github.com/PcmHammer/PcmHammer/pull/10

If you have a github account you can pull down the compiled artifact from github here for further testing https://github.com/PcmHammer/PcmHammer/ ... 5652498306

At the moment, I believe we are down the the following issues outstanding:

E54 cant do a recovery flash (normal read and write is fine). This is not necessarily a blocker for PCMHammer 2.
P04 is allowed to cross flash between intel and amd P04s of the same generation and flash size, but the P04 intel OS does not work on P04 AMD and vice versa. We need to add protection against this. This creates a soft brick that requires BDM hardware to recover from.

EG - its close!

Posted: **Sun Jun 15, 2025 7:14 pm**

No comments on the above code review, confidence is high and I wanted to keep moving this weekend, so I merged the C kernels and have a new one up that adds service number as data to pcminfo to lay the groundwork for the ability to prevent cross flash between incompatible P04s (assuming we can figure out what is what in the P04 world. P04 early and P04 late are already blocked as they needed different kernels, and I think the AMD / Intel versions are both 512Kbit flash types. @darkman if you have any details on what P04 service numbers are Intel and which are AMD that will be helpful for the next part.

https://github.com/PcmHammer/PcmHammer/pull/11

I just checked the two I have on my bench as a starting point:

P04 Service number 12583827 is AMD
P04 Service number 09380717 is Intel

Posted: **Mon Jun 16, 2025 3:06 am**

antus wrote: ↑Sun Jun 15, 2025 7:14 pm No comments on the above code review, confidence is high and I wanted to keep moving this weekend, so I merged the C kernels and have a new one up that adds service number as data to pcminfo to lay the groundwork for the ability to prevent cross flash between incompatible P04s (assuming we can figure out what is what in the P04 world. P04 early and P04 late are already blocked as they needed different kernels, and I think the AMD / Intel versions are both 512Kbit flash types. @darkman if you have any details on what P04 service numbers are Intel and which are AMD that will be helpful for the next part.

https://github.com/PcmHammer/PcmHammer/pull/11

I just checked the two I have on my bench as a starting point:

P04 Service number 12583827 is AMD
P04 Service number 09380717 is Intel

I will see what I can dig up Antus.

Posted: **Mon Jun 16, 2025 1:59 pm**

So I've gotten it down to this so far. Need help from anyone who has a any of the service numbers where I don't have a Flash brand mentioned. Or a P04 where I dont have the service number listed. I'll start going through the logs on the site and update this post as I go. Once we know what intel and what is amd on the 512K units (or if anyone finds an intel 256k unit, but I don't think they exist) then I can put some protection against cross flash in.

Code: Select all

Service Number,Flash Brand,Flash Size
16207326,Intel,256KBit
16227797,Intel,512KBit
12583827,AMD,512KBit
9374997,,512KBit
9380717,Intel,512KBit
12209624,,512KBit
12578554,,512KBit
12583826,,512KBit
12583827,,512KBit
16236757,,512KBit

I'm pretty sure 9374997, 9380717, 12209624, 12578554, 16236757 are going to be Intel.
The most likely unknown service number to be AMD is 12583827.

But need someone who can do a read with pcmhammer preview and tell me what flash chip it reports at the beginning of the read process for PCMs with these service numbers.

Other option will be to look in the bins and see if there is a way to check if they have AMD or Intel specific code and if so can look at some bins on disk to figure it out from there.

Posted: **Mon Jun 16, 2025 3:50 pm**

I did the decompile and came up with:

30 BC 50 50 30 BC 20 20 30 BC D0 D0 30 BC 70 70
- intel specific flash code
24 7C 00 00 0A AA 26 7C 00 00 05 54
- is AMD specific flash code

And used this to search the collection of P04 bins shared elsewhere for those patterns. I found all the early ones only had the intel pattern. 2004 bins had either Intel or Both, 2005 always had Both.
That doesn't shed a whole lot of new light on the problem. Especially as I found intel code on my AMD P04 and vice versa yet no bricks here. So the problem may not be cross flashing but something else.

Code: Select all

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <dirent.h>
#include <sys/stat.h>
#include <unistd.h>

#define INTEL_LEN 16
#define AMD_LEN 12

unsigned char intel_pattern[INTEL_LEN] = { 0x30, 0xBC, 0x50, 0x50, 0x30, 0xBC, 0x20, 0x20, 0x30, 0xBC, 0xD0, 0xD0, 0x30, 0xBC, 0x70, 0x70  };
unsigned char amd_pattern[AMD_LEN] = { 0x24, 0x7C, 0x00, 0x00, 0x0A, 0xAA, 0x26, 0x7C, 0x00, 0x00, 0x05, 0x54 };

// Search for a byte pattern in a file
int contains_pattern(const char *filepath, const unsigned char *pattern, size_t pattern_len) {
    FILE *f = fopen(filepath, "rb");
    if (!f) return 0;

    unsigned char buffer[4096];
    size_t bytesRead;
    int found = 0;

    while ((bytesRead = fread(buffer, 1, sizeof(buffer), f)) > 0) {
        for (size_t i = 0; i + pattern_len <= bytesRead; i++) {
            if (memcmp(buffer + i, pattern, pattern_len) == 0) {
                found = 1;
                break;
            }
        }

        if (found)
            break;

        if (bytesRead > pattern_len)
            fseek(f, -(long)(pattern_len - 1), SEEK_CUR);
    }

    fclose(f);
    return found;
}

int ends_with_bin(const char *filename) {
    size_t len = strlen(filename);
    return len >= 4 && strcmp(filename + len - 4, ".bin") == 0;
}

void scan_directory(const char *path) {
    DIR *dir = opendir(path);
    if (!dir) return;

    struct dirent *entry;
    char fullpath[4096];

    while ((entry = readdir(dir)) != NULL) {
        if (strcmp(entry->d_name, ".") == 0 || strcmp(entry->d_name, "..") == 0)
            continue;

        snprintf(fullpath, sizeof(fullpath), "%s/%s", path, entry->d_name);

        struct stat st;
        if (stat(fullpath, &st) == -1) continue;

        if (S_ISDIR(st.st_mode)) {
            scan_directory(fullpath);
        } else if (S_ISREG(st.st_mode) && ends_with_bin(entry->d_name)) {
            int has_intel = contains_pattern(fullpath, intel_pattern, INTEL_LEN);
            int has_amd = contains_pattern(fullpath, amd_pattern, AMD_LEN);

            if (has_intel && has_amd)
                printf("%s Both\n", fullpath);
            else if (has_intel)
                printf("%s intel\n", fullpath);
            else if (has_amd)
                printf("%s AMD\n", fullpath);
        }
    }

    closedir(dir);
}

int main(void) {
    scan_directory(".");
    return 0;
}

pcmhacking.net

PCM Hammer 2 Preview

Re: PCM Hammer 2 Preview

Re: PCM Hammer 2 Preview

Re: PCM Hammer 2 Preview

Re: PCM Hammer 2 Preview

Re: PCM Hammer 2 Preview