Reversing Amlogic BL2

Efforts to reverse-engineer Amlogic's proprietary BL2

Check https://moin.vitali64.duckdns.org/AmlogicBL2 for notes.

This repository contains the following files for each SoC family being reverse-engineered:

bl2.txt: Disassembly of bl2.bin
bl2.c: Decompiled bl2.bin

You can import either ones to Ghidra, it's up to you.

Progress

Support for all SoCs in U-Boot SPL is still very much a work-in-progress! This is especially true for anything newer than GXBB/S905. Detailed progress

GXBB: Done
GXL: Mostly
AXG: TODO (no AXG board, but very similar to GXL)
G12B: WIP
SM1: TODO

Why are there lots of unnamed functions?

These functions could be unnamed because:

I'm not interested in them; or
I haven't figured out yet what they do.

I'm mostly interested in DDR init, so look for functions starting with ddr_. Those, along with all functions they make use of, will most likely have names and comments.

Naming scheme

This is mostly specific to bl2.c. Names of functions/variables are kept as close to old sources as possible, but there are some exceptions:

Functions ending with _new are new functions added after Amlogic's obfuscation;
Functions ending with __notsure are functions where I'm not sure about the name;
ddrs is __ddr_setting;
ddrt is __ddr_timming;
plls is __pll_setting;
Variables declared in functions may not have the name they have in the old sources.

Legal

I think it's perfectly legal to host a disassembly of bl2.bin; it's not mentionned in the license that I don't have the right to do that, but if you think otherwise/would like to take this down please contact me first.