RIFF JTAG – RIFF JTAG Manager v1.49, RIFF Box Firmware v1.35 released (Cortex-A15, Cortex-A5)

24.04.2013   RIFF JTAG – RIFF JTAG Manager v1.49, RIFF Box Firmware v1.35 released (Cortex-A15, Cortex-A5)

Whats new:

RIFF Box Firmware v1.35

  •   Added support for Cortex-A15 and Cortex-A5 cores.
  •   Fixed emergency script issue for multi-cored Cortex MCUs: it was executed after first core was halted.

Now it is executed after all core(s) (if specified by reset strategy) are processed (halted).

 

RIFF JTAG Manager v1.49

  •   Added support for Cortex-A15 and Cortex-A5 cores.
  •   New Popup balloon is added with hints about ‘Dead Body ID is wrong’ error.
  •   Added Windows 8 support.
  •   Added “RIFFBOX on the Network” button (BOX Service Page).
    User can easily visit some main RIFFBOX’s internet locations.
  •   Some new IDCODES added to the search engine (CTRL+F)

.

riff-network

RIFF JTAG – Samsung SGH-T679 Exhibit II 4G (Samsung Ancora) Unbrick – Dead Boot repair supported

04.05.2012 RIFF JTAG – Samsung SGH-T679 Exhibit II 4G (Samsung Ancora) Unbrick – Dead Boot repair supported

Repairing bricked Samsung T679 is easy with the RIFF Box. Phone is auto powered on with USB Data Cable connected to the PC while battery is connected.
Please note, MSM8255T is multi-core chipset – it has ARM11 and Qualcomm Scorpion cores. During power on sequence only ARM11 core is visible on the JTAG chain. If boots are not completely damaged and it comes up to initializing of the Scorpion core then Scorpion core appears on the JTAG chain too. This will shift ARM11 from TAP0 into TAP1 position on the chain, while current resurrector has the ARM11 core hardcoded at TAP0 position. Thus make sure to establish JTAG connection in the time range while Scorpion core is not visible yet.

To resurrect Samsung T679:

  •  Solder JTAG cable to Samsung T679 JTAG pads;
  •  Make sure Samsung T679 is selected in the list of models;
  •  Insert battery and connect USB Data cable;
  •  If you use only battery, press Power On key;
  •  Click Resurrect button;
  •  Wait till software signals a successful operation completion;
  •  Disconnect power supply, de-solder JTAG wires;

Now phone is in bootable condition, that is, even if it does not start up normally you can flash it using known flashing methods.

To enter download mode:

  •  Disconnect PC cable;
  •  Insert battery;
  •  Hold ‘Volume Down’ key and press ‘Power ON’ button.

.

RIFF JTAG – JTAG Manager v1.41, RIFF Box firmware v1.31 released

14.03.2012   RIFF JTAG – JTAG Manager v1.41, RIFF Box firmware v1.31 released

Whats new:

 

  • RIFF Box firmware v1.31

    APQ8060, MSM8260, MSM8660 (3rd generation Qualcomm chipsets) support is added.
    – Fixed ARM7 bug: exit from debug state into THUMB mode was corrupted.
    – Added after-halt “Emergency” script execution for ARM7 cores. 
  • RIFF JTAG Manager v1.41

    APQ8060, MSM8260, MSM8660 (3rd generation Qualcomm chipsets) support is added.
    – Fixed SettingsCode bug which was spawned after we’ve transfered to 12-digit wide 64-bit hex numbers representation.
  •  RIFF Direct JTAG Access plugin v1.03

    – Added chipsets APQ8060, MSM8260, MSM8660
    – Added APQ8060 eMMC controllers #1..5 support
    – Added MSM8260 eMMC controllers #1..5 support
    – Added MSM8660 eMMC controllers #1..5 support

     

RIFF JTAG – Samsung Wave 3 GT-S8600 Unbrick – Boot repair supported, World First ! ! !

29.02.2012    Samsung Wave 3 GT-S8600 Unbrick – Boot repair supported, World First !  !  !

Resurrecting Samsung S8600 is easy. Phone is auto powered on with USB Data Cable connected to the PC while battery is connected.
Please note, MSM8255T is dual core chipset – it has ARM11 and Qualcomm Scorpion cores. During power on sequence only ARM11 core is visible on the JTAG chain. If boots are not completely damaged and it comes up to initializing of the Scorpion core then Scorpion core appears on the JTAG chain too. This will shift ARM11 from TAP0 into TAP1 position on the chain, while current resurrector has the ARM11 core hardcoded at TAP0 position. Thus make sure to establish JTAG connection in the time range while Scorpion core is not visible yet.

To resurrect Samsung S8600:

  •  Solder JTAG cable to Samsung S8600 JTAG pads;
  •  Make sure Samsung S8600 is selected in the list of models;
  •  Insert battery and connect USB Data cable;
  •  If you use only battery, press Power On key;
  •  Click Resurrect button;
  •  Wait till software signals a successful operation completion;
  •  Disconnect power supply, de-solder JTAG wires;

Now phone is in bootable condition, that is, even if it does not start up normally you can flash it using known flashing methods.

To enter download mode:

  •  Disconnect PC cable;
  •  Insert battery;
  •  Hold both ‘Volume Down’ and ‘Menu’ keys and press ‘Power ON’ button.

.

RIFF JTAG – Samsung GT-i8150 Galaxy W (Samsung Ancora) Unbrick – Boot repair supported

10.01.2012   Samsung GT-i8150 Galaxy W (Samsung Ancora) Unbrick – Boot repair supported

Resurrecting Samsung I8150 is easy. Phone is auto powered on with USB Data Cable connected to the PC while battery is connected.
Please note, MSM8255T is dual core chipset – it has ARM11 and Qualcomm Scorpion cores. During power on sequence only ARM11 core is visible on the JTAG chain. If boots are not completely damaged and it comes up to initializing of the Scorpion core then Scorpion core appears on the JTAG chain too. This will shift ARM11 from TAP0 into TAP1 position on the chain, while current resurrector has the ARM11 core hardcoded at TAP0 position. Thus make sure to establish JTAG connection in the time range while Scorpion core is not visible yet.
To resurrect Samsung I8150:

  •  Solder JTAG cable to Samsung I8150 JTAG pads;
  •  Make sure Samsung I8150 is selected in the list of models;
  •  Insert battery and connect USB Data cable;
  •  If you use only battery, press Power On key;
  •  Click Resurrect button;
  •  Wait till software signals a successful operation completion;
  •  Disconnect power supply, de-solder JTAG wires;

Now phone is in bootable condition, that is, even if it does not start up normally you can flash it using known flashing methods.

To enter download mode:

  •  Disconnect PC cable;
  •  Insert battery;
  •  Hold ‘Volume Down’ key and press ‘Power ON’ button.

_

RIFF JTAG – Direct JTAG Access to Flash Memory Plugin v1.01, TEGRA2 eMMC Supported

28.12.2011   Direct JTAG Access to Flash Memory Plugin v1.01, TEGRA2 eMMC Supported
Whats new:

 

  •  Added MSM6500
  •  Added TEGRA2 eMMC controller #2 support
  •  Added partition access selection for eMMC devices
  • Fixed AutoFlash Size bug for eMMC devices

Important info:

TEGRA 2 can be connected via CORTEX or ARM7 cores. In some cases, where CORTEX core is in sleep mode, it’s only possible to access ARM7 core, thus allowing access to shared memory space. Restoring Boot partitions via ARM7 core will enable access to CORTEX core after power reset.

Sample:

RIFF JTAG – Samsung Galaxy S Plus Unbrick, boot repair supported

26.10.2011  Samsung Galaxy S Plus (i9001) Unbrick, boot repair supported

Resurrecting Samsung I9001 is easy. Phone is auto powered on with USB Data Cable connected to the PC while battery is connected.
Please note, MSM8255T is dual core chipset – it has ARM11 and Qualcomm Scorpion cores. During power on sequence only ARM11 core is visible on the JTAG chain. If boots are not completely damaged and it comes up to initializing of the Scorpion core then Scorpion core appears on the JTAG chain too. This will shift ARM11 from TAP0 into TAP1 position on the chain, while current resurrector has the ARM11 core hardcoded at TAP0 position. Thus make sure to establish JTAG connection in the time range while Scorpion core is not visible yet.

To resurrect Samsung I9001:

  •  Solder JTAG cable to Samsung I9001 JTAG pads;
  •  Make sure Samsung I9001 is selected in the list of models;
  •  Insert battery and connect USB Data cable;
  •  If you use only battery, press Power On key;
  •  Click Resurrect button;
  •  Wait till software signals a successful operation completion;
  •  Disconnect power supply, de-solder JTAG wires;

Now phone is in bootable condition, that is, even if it does not start up normally you can flash it using known flashing methods.

To enter download mode:

  •  Disconnect PC cable;
  •  Insert battery;
  •  Hold ‘Volume Down’ key and press ‘Power ON’ button.

RIFF JTAG – JTAG Manager v1.34, RIFF Box firmware v1.26 – Cortex-A9 Dual core support added ! GDB Server v1.04 Released

29.07.2011  JTAG Manager v1.34, RIFF Box firmware v1.26 – Cortex-A9 Dual core support added ! GDB Server v1.04

Whats new :

RIFF JTAG Manager v1.34:

  •  JTAG Manager Project has been migrated into UNICODE.

Main advantage of this – GUI (captions of buttons, labels, etc) can now support all international characters, for example chinese
WARNING!!! Due to UNICODE migration old plugin DLLs are not compatible with JTAG Manager 1.34
Simply download new set of plugins which are unicode compatible now.

  •  Multilanguage GUI is implemented (and due to migration to UNICODE even chinese language can be fully supported)

You need to download language pack dll, for example Russian.dll. After installation go to BOX SERVICE page and there will
be available language selection.
Following items are translated into selected language by the language DLL:
1. JTAG Manager interface – labels, captions, etc.
2. JTAG Manager messages which are shown during active operation.
3. Most of messages shown by resurrector DLLs
4. Some of Resurrection Manuals (if current version of language pack does not have translated version of Resurrection Manual, then an original, English version will be shown)

  • A dded warning window which will appear on DCC Read/Write page in case user tries to flash full dump with wrong settings.

So user can check what he does wrong and thus avoid losing time and making mistakes.

  •  ARM Core Cortex-A9 (Single and MPCore) and Chipset OMAP4430 (Dual-core Cortex-A9) are addred to the supported cores list;
  •  Cortex-A9 core added to the CMM Script Engine: Example: SYSTEM.CPU CORTEXA9
  •  OMAP4430 core added to the CMM Script Engine: Example: SYSTEM.CPU OMAP4430
  •  Multicore control is added to the CMM Script Engine (Use CORE.SELECT instructions to switch between cores in multicore targets)

For example CORE.SELECT 0 will select core0, CORE.SELECT 3 will select core3

  •  Added access (32-bit Read/Write) to the APB bus of CoreSight-compatible targets (Cortex-A8, Cortex-A9, etc.)

through the CMM Script Engine (‘APB’ segment specifier added)
Thus, for example instruction: &Resp=data.long(APB:0x12345678) – will read dword from APB bus at address 0x12345678

  • Added SYSTEM.CONFIG.RESETTIMEOUT variable to the CMM Script Engine, thus it’s now possible to customise reset type and timeout

by setting this variable prior SYSTEM.UP command.

  •  Fixed bug which caused saving trash after read operaions on DCC Read/Write page in these cases:

a) reading was stopped by user
b) after JTAG Manager exe restart

  •  DCC Read/Write Page operations now allow 64-bit addressing, thus user can have full access to memory devices which size exceeds 0xFFFFFFFF bytes range.

For this, the Address and Length fields have now 10 digits instead of old 8 digits. Be carefull entering values there.
UNEXPERIENED USERS PLEASE NOTE: For example 8 digit hex value 0x12345678 entered into 10 digit field IS NOT 0x1234567800 (!!!!!) CORRECT IS 0x0012345678

  •  TGauge64 component was implemented in order to support full 64-bit range of progress indications (while old progress bars were limited to 31-bit maximum value)
  •  Fixed bug with incorrect display of scrollbars during scroling through Model and Manufacturer Lists
  • Fixed bug during erase:
    If bad block happened, and user choosed Ignore method and checked ‘Remember selection’ – software  would again popup selection dialog on next bad block.
  •  JTAG I/O Voltage (for Custom Target Settings) now has voltages from 1.6V upto 3.30V with resolution 0.05V
  •  Just for convenience added button “Target Continue” to the JTAG Read/Write page.
    This just allows to resume target running from current PC value without need to enter it explicitly into “Address” field as is needed for the “Target GO” button
RIFF Box firmware v1.26 :
  • Added support for Cortex-A9 single processor core;
  • Added support for Cortex-A9 multiprocessor cores. Multicore handling rules are following:1. After target reset (NRST=1-0-1) the Core0 is automatically selected;

    2. HALT operation halts only currently selected core (by default core0 is selected); Thus in order to halt other core user has to select required core and then execute halt operation.

    3. Reset operation can accept different strategies of reset and halt:

    – Reset, then halt all cores at the very first instruction (for now only for OMAP MCUs)
    – Reset, than halt only core0 at the very first instruction (for now only for OMAP MCUs)
    – Reset, pause, then halt all cores
    – Reset, pause, than halt only core0

    4. RUN operation starts only currently selected core.

Thus in order to start other core user has to select required core and then execute run operation.

For example, if target has 4 cores (Quad-core MCU), then after HALT operation only Core0 is halted.
To halt Core2 user has to write script:
CORE.SELECT 2
BREAK

For example, to run Core3 user has to write script:
CORE.SELECT 3
GO

  • Added H/W script (*.has) instruction which enables selection of core for multiprocessor targets;
  • Added script (CMM/HAS) access (32-bit Read/Write) to the APB bus of CoreSight-compatible targets (Cortex-A8, Cortex-A9, etc.)
  • Added support for OMAP4430 Dual-core Cortex-A9 MCU
RIFF GDB Server v1.04 :
  • Fixed bug with reset timeout – erroneously value in Edit field was taken as HEX not decimal, Now is ok
  • Added few more GDB commands for compatibility with IDA 6.1 remote debugging.
  • Added Thumb2 instruction TBB and TBW for single stepping
  • Fixed bug in Thumb/Thumb2 when stepping out of sub when POP {RegList, PC} is used (In Thumb mode return PC address is 0x01 ORed)
Please click “Check For Updates” button in order to download and apply new files. Closing all running application before starting update process is recommended.

RIFF JTAG – JTAG Manager v1.31, RIFF Box Firmware v1.23 released

20.04.2011 JTAG Manager v1.31, RIFF Box Firmware v1.23 released

Whats new :

JTAG Manager 1.31

  • “RUN/STOP” Loaders functionality is added (and alternative to the DCC Loaders)

This is required for some ARM7 cores when Debug Communication Channel (DCC) to/from core is not functional (like in MSM6000)

Firmware 1.23

  • Added 8/16/32-bit bus read/write access rotuines for ARM7 core
  • ARM7 debug is now available in ARM/Thumb modes (use the GDBServer for this);

 

Please click “Check For Updates” button in order to download and apply new files. Closing all running application before starting update process is recommended.

RIFF Box JTAG Manager v1.23, RIFF Box Firmware v1.17 released

07.02.2011 RIFF Box JTAG Manager v1.23, RIFF Box firmware v1.17

Firmware 1.17
—————————

* Optimized DCC transfers (debugger-to-target) for ARM9 cores (~64,3% speed increase)
* Added RX-polling feature (debugger-to-target) for ARM9 DCC transfers.

RIFF BOX firmware is able now to wait (if resurrector DLL will request so) for ARM9 target to be ready to accept next packet over DCC: this feature slows down a little the JTAG-to-ARM9 DCC transfers but guaranties no packets loss for slow clocked targets;

JTAG Manager 1.23
—————————

* Improved DCC flashing functionality (for DCC Loaders that work in targets with a small RAM capacity);
* Added 4 very low RTCK Sampling frequencies (20kHz, 40kHz, 60kHz and 80kHz) for some extreme cases
* Fixed another bug in the optimized DLL loading scheme;
* Increased ERASE waiting timeout (for slow NOR flash chips) so now erase operation for such chips will go successully and will not result in erase timeout
* Added “Usefull plugins” page;

“Usefull Plugins” will be new feature, we hope to release first one during this week. So stay tuned.

As usually, click the “Check for Updates” button to obtain latest files.