Project Blacksphere Intro Hardware Nokia OS FBUS Pkt types (auto) Pkt types (ddi) Pkt types (local) Pkt types (special) DSP (0xF4) RPC (0xD1) Debug tracing Tasks Software Glossary of Terms Todo Credits Forum Guestbook

Special *BUS packet type 0xD1

Packet anatomy:
  [payload+0] command 
    0x00...0x67 : see frame_d1_call_table below
  [payload+1] return type
    0x00 [1b] command [1b] this value
    0x01 [1b] command [1b] this value [1b] byte R0
    0x02 [1b] command [1b] this value [2b] halfword R0
    0x03 [1b] command [1b] this value [string] R0
    0x04... sized data block @ R0
         [1b] command [1b] this value [data block] R0
  [payload+2] parameter type
    0x00 just call
    0x01 R0 byte [data+0]
    0x02 R0 halfword [data+0]
    0x03 just call
    0x04 R0 byte [data+0], R1 byte [data+1]
    0x05 R0 byte [data+0], R1 halfword [data+1]
    0x06 R0 byte [data+0], R1 data pointer @ data+1
    0x07 R0 halfword [data+0], R1 byte [data+2]
    0x08 R0 halfword [data+0], R1 byte [data+2], R2 byte [data+3]
    0x09 R0 halfword [data+0], R1 data pointer @ data+2
    0x0A R0 AsciiZ string [data+0], R1 byte [data+strlen(R0)+1]
    0x0B R0 AsciiZ string [data+0], R1 halfword [data+strlen(R0)+1]
    0x0C R0 AsciiZ string [data+0], R1 data pointer @ data+strlen(R0)+1
  [payload+3] data

frame_d1_call_table: (addresses are for 3310 firmware 5.87)
0x00 version_read+1
0x01 io_write+1
0x02 io_read+1
0x03 fiq8_clear_flags+1
0x04 mcu_reset_dsp+1
0x05 pwron_get_reason+1
0x06 devio_read_keymatrix+1 ; silence?
0x07 init_keypad+1
0x08 reset_counter_get+1
0x09 handle_fiq+1
0x0a handle_irq+1
0x0b devio_update_screen+1
0x0c screen_clear+1
0x0d in_flash_range+1
0x0e loc_2EF5EC+1
0x0f loc_2E41AC+1
0x10 loc_2E40FA+1
0x11 init_os_2+1
0x12 service_IRQ_6+1
0x13 service_IRQ_5+1
0x14 screen_off+1
0x15 write_cobba_1+1
0x16 msnd_irda_send+1
0x17 mdircv_enable+1
0x18 dsp_write_command+1
0x19 ad_read+1
0x1a devio_send_1b+1 (sw reboot)
0x1b get_sw_reboot_reason+1
0x1c playtone+1
0x1d ccont_write+1
0x1e ccont_read+1
0x1f eeprom_write+1
0x20 eeprom_read+1
0x21 enter_lock_5+1
0x22 terminate+1
0x23 ccont_iets+1
0x24 clock_raarheid+1 (doet nix)
0x25 error_fatal+1
0x26 ccont_0702_onoff+1
0x27 ccont_0702_enable+1
0x28 rtc_read_seconds+1
0x29 rtc_set_alarm+1
0x2a rtc_read_alarm+1
0x2b rtc_set_alarm2+1
0x2c ccont_read_11f0+1
0x2d ccont_write_11f0+1
0x2e ccont_write_0fff+1
0x2f ccont_read_0fff+1
0x30 ccont_clear_8c3f+1
0x31 vibro_inner+1
0x32 0
0x33 tone_set_unk+1
0x34 sub_2AE094+1
0x35 sub_2AE0AC+1
0x36 sub_2AE0FC+1
0x37 sub_2AE124+1
0x38 sub_2AE0CC+1
0x39 sub_2AE0E4+1
0x3a sub_2AE4D4+1
0x3b sub_2AE4F0+1
0x3c sub_2AE458+1
0x3d sub_2AE4A8+1
0x3e tone_play+1
0x3f tone_play_2+1 (maakt geen geluid?)
0x40 tone_silence+1
0x41 loc_2ADD96+1
0x42 0
0x43 devio_send_06+1 (reboot)
0x44 devio_get_key+1
0x45 sub_29DA3A+1
0x46 key_pressed+1
0x47 key_released+1
0x48 gsm_get_channel+1
0x49 0
0x4a loc_2D1870+1 (kutbeep)
0x4b 0
0x4c 0
0x4d 0
0x4e 0
0x4f 0
0x50 init_rm_data+1
0x51 sub_2D744A+1 (iets met RM)
0x52 sub_2D741E+1
0x53 sub_2D740A+1
0x54 ad_read_calc_7+1
0x55 ad_read_calc_5+1
0x56 sub_2D73C8+1
0x57 sub_2D713A+1
0x58 sub_2D7038+1
0x59 loc_2D7500+1
0x5a rm_send_43+1
0x5b rm_send_44+1
0x5c sub_2D754A+1
0x5d sub_2D75E0+1
0x5e sub_2D7554+1
0x5f rm_get_voltage+1
0x60 sub_2D75AC+1
0x61 loc_2D759A+1
0x62 battery_get_strength+1
0x63 loc_2D75DC+1
0x64 0
0x65 0
0x66 port20024_read_bit1_2+1
0x67 0

Last updated: 2005-02-21 14:19

This site is the result of a great deal of assembly code reading, research, countless (mostly futile) searches for data sheets, cross-referencing and analysing. If you use this information in any way please mention wumpus <blacksphere@goliath.darktech.org> (and others in the credits section) in the credits of your program/document. And tell me :) If you have more information please contribute. If you just copy this, stick your name on it and call it yours I hope you get your genitals bitten off by a three headed monkey. Have a nice day.

No mobile phones were harmed in the production of this site.