PC2000 downgrade or MP900 experiment

If you have either a MP900 (not MP900c) or a downgraded MP900c to PC2000, try the following (at your own risk as far as possible data loss) :

In Control Panel, under MobilPro settings, enable the LCD/Suspend function under battery for closing the cover. Operate the unit on battery.

With the unit on, close the cover for 10 seconds, say.

Open the cover.

Press the Off key.

Press the On key. Press it again if nothing happens.

Normally, cycling the On/OFF key will alternately suspend and unsuspend the unit.

Here however, pressing the ON key the first time only blinks the green charge LED on the front of the unit.

Then, the second press will soft reset the unit.

Also, using Resinfo, it is possible to tell that the closing of the cover never suspended the unit, as it should have, although the backlight was turned off.

Any experience or results?

Thanks, Don

How did you discover that ?

this is a known thing with hpc2000kernel+cenet bootloader.

if you wait until the unit autosuspends (lid closed already), this reset will not happen.

or if you power it off before closing the lid, no problem again.

if you do a full downgrade to hpc2000 bootloader, no problems.

no problems with original unflashed 900 (hpc2000) either.

i think this is neat though, no need to hunt for reset button...

i'm planning to do more reversing of the bootloader and kernels to see what causes this.

Edited by cmonex 2007-09-11 5:18 AM

ok i looked in the hpc2000 and cenet bootloader for a few mins.

i've fixed the issue. and, *maybe* now i can do reliable soft reset via software on a 900c (and probably 900 too) without having to press reset button.

now testing..



update: ok i've confirmed it. the thing is that the bootloaders (any version, 900, 900c) check for a specific flag (actually two) in ram when booting up and this happens before resuming CE. if the flags have a specific combination then it will change its mind about the resume and will enter reset mode. it will believe it is hard resetting but before last real check on whether soft reset or hard reset, the bootloaders check for a specific signature in ram (my hunch right now is it is not NEC specific but CE kernel related), and if the sig is there the "hard reset" will change to a soft reset. (CE kernel itself also checks this sig later.) if it is corrupt it will be a hard reset even if it was a soft reset in reality. (i've tested that now too )

the problem is: the hpc2000 bootloader checks for the first flags in a different place than the cenet bootloaders. thats ok most of the time because usually the bootloader sets the flags, and the kernel (or a driver) should not do anything with them.

but something in the hpc2000 kernel (or a driver? lets say kernel for now) touches a memory location that happens to be the one that the cenet bootloader stores one of its flags into. it has to be #2 to not modify the reset controller value, i.e. let it continue resuming CE instead of rebooting CE. the kernel seems to write a #0 into it when you close-open the lid without suspending.. actually it must happen only when you reopen it because if you let it suspend while closed there will be no reset, also this is more logical.

if i write #2 back into it before pressing power button after the lid close-open, it will be able to properly resume.

then..i can make this the other way around write #0 into it before suspend and it will reset one more press of the power button will complete the soft reset ...might find a way to make it into only one. for some reason the bootloader goes into sleep instead of continuing boot, thats why you need to press it twice.

right now, the fix for downgraded 900c's needs to be coded in a user friendly way. best way is to find what the kernel does and mod that. anyway proof of concept for now

of course making the soft reset app is easier it would be nicer though if it didnt require an extra button press so will look into that. (can do the suspend itself from software so that's no problem)

note: this #0 flag works right only on 4.10 bootloader (but works reliably!!). it will hard reset with 4.5.1-6, will check this later.



if anyone wants to try, the address and the flags:

0xa001e868
if #0: reboot
if #2: dont change value of reset controller status register (so if resume was in progress it will remain a resume)

you can use test_com attached here to play.
usage:
to reboot with cenet 4.10 bootloader only (please be aware this hard resets if the bootloader version is 4.5.1-6):
w a001e868 0
to resume on a downgraded 900c after opening lid but before pressing power off button (with cenet bootloader):
w a001e868 2

Edited by cmonex 2007-09-11 8:09 AM




Attachments
----------------
test_com.exe (5KB - 2 downloads)

Cmonex,

That's impressive, but wouldn't it be even easier to stimulate a hard reset as well with software withoout having to pull the batteries? I would think that you can deliberately cause any degree of corruption that pulling the batteries can.

Regards, Don

you can do that too with bootloader 4.10,

two commands then:

w a001e838 1
w a001e868 0




or do you mean just randomly corrupting the ram will cause a hard reset? no, not always, especially if you want to do a hard reset in the proper way, i.e. kernel and OS boots up properly.

the above flags are supported by NEC, they were deliberately implemented (meaning it should do the reset properly). just undocumented

Edited by cmonex 2007-09-11 8:37 AM

Cmonex,

Can you please more broadly indicate how, and in what context, to use test_com?

Is there a unit configuration requirement?

Does the execution of test_com ask for address and data for the memory writes?

Where can test_com be executed from?

BTW, I found that my 3rd unit, the one with your version 1 installed, has no cover switch (presumably broken off in the distant past).

OT: Why do the OK and other buttons (in resinfo, for example), look so reflective in your version 1?

OT2: Is having and maintaining a downgraded PC2000 MP900 version worth the trouble, especially given your version 2 to come? Presumably this is a question of a broader range of runable software, but is it really worthwhile?

Thanks, Don

test_com is just a commandline app that you just click on to run, cmd.exe will open (no worries, nothing else will be executed on starting it). then type the command(s) in exactly as shown. test_com itself does offer a help too, to see command syntax.
and, you can copy test_com anywhere, its just a program really.
then, after typing them in, exit cmd. then power off button...

what do you mean by reflective? can you elaborate on that?

about the last question, i don't know. it really depends on the user, everyone is free to choose that's why it is good to have the choices of flashing these images. back in 2005, there was no way to do this..

Edited by cmonex 2007-09-11 2:00 PM

cmonex,

Thanks.

"what do you mean by reflective? can you elaborate on that?"

Actually they're colored and appear more 3D, and look to be reflecting a light source. Maybe the ResInfo version you included (is this true?)
is different or configured differently.

Regards, Don

you mean they are different in resinfo from other apps?

I don't know, that's the only application that jumps out at me.

I'll edit this if I see anything else.

Regards, Don

ok.

anyway update: i realized the point in the flag check was checking for the value of #2. if it is not 2, but not 0, it can still reboot.

with #1, it is a normal soft reset with bootloader 4.10 (terminal reports normal reboot instead of when it is #0), and you do not need to press the power button twice

i.e. command is:

w a001e868 1

this will be in rom v2 probably



still hard resets 4.5.1-6, still didnt read its disassembly, it uses different flags probably

Edited by cmonex 2007-09-11 4:52 PM

for cmonex -

EDit :

Most/All applications.

Typically any of the small windows that can be opened in Control Panel have a bright red background for the X button. Not true for standard 900c as shipped.

Regards, Don

oh, thats part of the skin i put in the rom image.

Cmonex,

I tried test_com on the downgraded PC2000 machine because it was convenient and it worked fine. Hard and both 1 and 2 button press soft resets as described.

Thanks, Don