I would like to play with an oscilloscope and a broken camera, and test all the ports to see if I can find something useful. For example, the lens motors, USB wires, and so on.
I looked at the LED blinker source code, to see how it works, and noticed this code:
#define LED_AF 0xc0220080
#define LED_PR 0xc0220084
void led_on()
{
volatile long *p=(void*)LED_PR;
*p=0x46;
}
void led_off()
{
volatile long *p=(void*)LED_PR;
*p=0x44;
}
I am not interested by the rest of the blinker application, for my purpose.
Now, the address for the LED looks pretty random, and most likely hardware dependent.
What I have in mind is to write a program that tries every memory location (above where the code is), and connect an oscilloscope to each output, then run the program and notice if anything changes. Obviously, this way I can't detect the memory location, only if a hardware port can be controlled by a memory location. Then I would need to find some way to stop the program execution when the signal happens, and somehow dump the memory location. For that, I guess I would need an 'in' port, which I need to constantly monitor, and a microcontroller.
Anyway, do you find any problems with this strategy? Please note that I don't care too much about damaging the camera, since I plan to buy a broken camera anyway.
And another question, how was the location of the first LED that was used to blink the firmware found? Is there any logic behind the hardware address?