# Reversing Amlogic BL2 *Efforts to reverse-engineer Amlogic's proprietary BL2* Check for notes. This repository contains the following files for each SoC family being reverse-engineered: * `bl2.txt`: Disassembly of bl2.bin * `bl2.c`: Decompiled bl2.bin You can import either ones to Ghidra, it's up to you. ## Progress **Support for all SoCs in [U-Boot SPL](https://git.vitali64.duckdns.org/misc/u-boot-kii-pro.git/tree/?h=wip/spl) is still very much a work-in-progress!** This is especially true for anything newer than GXBB/S905. [Detailed progress](https://moin.vitali64.duckdns.org/AmlogicBL2) * GXBB: **Done** * GXL: **Mostly** * AXG: **TODO** (no AXG board, but very similar to GXL) * G12B: **WIP** * SM1: **TODO** ## Why are there lots of unnamed functions? These functions could be unnamed because: * I'm not interested in them; or * I haven't figured out yet what they do. I'm mostly interested in DDR init, so look for functions starting with `ddr_`. Those, along with all functions they make use of, will most likely have names and comments. ## Naming scheme This is mostly specific to `bl2.c`. Names of functions/variables are kept as close to old sources as possible, but there are some exceptions: * Functions ending with `_new` are new functions added after Amlogic's obfuscation; * Functions ending with `__notsure` are functions where I'm not sure about the name; * `ddrs` is `__ddr_setting`; * `ddrt` is `__ddr_timming`; * `plls` is `__pll_setting`; * Variables declared in functions may not have the name they have in the old sources. ## Legal I think it's perfectly legal to host a disassembly of `bl2.bin`; it's not mentionned in the license that I don't have the right to do that, but if you think otherwise/would like to take this down please [contact me first](https://vitali64.duckdns.org/).