path: root/README.md

# Reversing Amlogic BL2

*Efforts to reverse-engineer Amlogic's proprietary BL2*

Check <https://moin.vitali64.duckdns.org/AmlogicBL2> for notes.

This repository contains the following files for each SoC family being 
reverse-engineered:

* `bl2.txt`: Disassembly of bl2.bin
* `bl2.c`: Decompiled bl2.bin

You can import either ones to Ghidra, it's up to you.

## Progress

**Support for all SoCs in [U-Boot SPL](https://git.vitali64.duckdns.org/misc/u-boot-kii-pro.git/tree/?h=wip/spl)
is still very much a work-in-progress!** This is especially true for anything 
newer than GXBB/S905. [Detailed progress](https://moin.vitali64.duckdns.org/AmlogicBL2)

* GXBB: **Done**
* GXL: **Mostly**
* AXG: **TODO** (no AXG board, but very similar to GXL)
* G12B: **WIP**
* SM1: **TODO**

## Why are there lots of unnamed functions?

These functions could be unnamed because:

* I'm not interested in them; or
* I haven't figured out yet what they do.

I'm mostly interested in DDR init, so look for functions starting with `ddr_`.
Those, along with all functions they make use of, will most likely have names 
and comments.

## Naming scheme

This is mostly specific to `bl2.c`. Names of functions/variables are kept as 
close to old sources as possible, but there are some exceptions:

* Functions ending with `_new` are new functions added after Amlogic's 
  obfuscation;
* Functions ending with `__notsure` are functions where I'm not sure about the 
  name;
* `ddrs` is `__ddr_setting`;
* `ddrt` is `__ddr_timming`;
* `plls` is `__pll_setting`;
* Variables declared in functions may not have the name they have in the old 
  sources.

## Legal

I think it's perfectly legal to host a disassembly of `bl2.bin`; it's not 
mentionned in the license that I don't have the right to do that, but if you 
think otherwise/would like to take this down please [contact me first](https://vitali64.duckdns.org/).