Huck's Wiki

LeapFrog Epic: Difference between revisions

Page Discussion

LeapFrog Epic (edit)

Revision as of 07:38, 10 March 2024

316 bytes added ,  10 March
→‎Rockchip hardware revision (EPICv4; 2021)
No edit summary
Line 98: Line 98:


VTech did their homework with the device and locked out most if not all entry points for hacking, such as ADB and development settings. Bizarrely enough they also dropped Bluetooth, replacing the wireless module with an obscure AltoBeam ATBM6011 wireless LAN controller. Ripping the firmware may also prove to be a challenge as the uboot binary that came with the device came with a deterrent which corrupts the dumped images past a certain point. To be fair this is hardly even unique to LeapFrog as the implementation by Rockchip themselves [https://gitlab.com/pgwipeout/u-boot-rockchip/-/blob/1b01cf5590f8d0b2270ffff5a656e38c5e3930ee/cmd/rockusb.c#L28 has this] until the [https://gitlab.com/pgwipeout/u-boot-rockchip/-/blob/6336d2324985831ed766031f91d410d0e587dbc8/cmd/rockusb.c latest commit]. It may be possible to patch out the offending instructions from the uboot binary though. Fortunately, it is possible to unbrick the LeapPad by forcing it to run in MASKROM mode through shorting two conveniently-located test points on the logic board just beside the eMMC chip; this however assumes that you have a ROM backup at hand.
VTech did their homework with the device and locked out most if not all entry points for hacking, such as ADB and development settings. Bizarrely enough they also dropped Bluetooth, replacing the wireless module with an obscure AltoBeam ATBM6011 wireless LAN controller. Ripping the firmware may also prove to be a challenge as the uboot binary that came with the device came with a deterrent which corrupts the dumped images past a certain point. To be fair this is hardly even unique to LeapFrog as the implementation by Rockchip themselves [https://gitlab.com/pgwipeout/u-boot-rockchip/-/blob/1b01cf5590f8d0b2270ffff5a656e38c5e3930ee/cmd/rockusb.c#L28 has this] until the [https://gitlab.com/pgwipeout/u-boot-rockchip/-/blob/6336d2324985831ed766031f91d410d0e587dbc8/cmd/rockusb.c latest commit]. It may be possible to patch out the offending instructions from the uboot binary though. Fortunately, it is possible to unbrick the LeapPad by forcing it to run in MASKROM mode through shorting two conveniently-located test points on the logic board just beside the eMMC chip; this however assumes that you have a ROM backup at hand.
Fortunately it is apparently possible to boot from an SD card with a firmware image flashed onto it. Performance with such a setup would be unsurprisingly bad compared to a ROM flashed into internal storage, but it should be fine for testing if the firmware dump works fine or for recovering from a bricked tablet.


====Gallery====
====Gallery====
Retrieved from ‘https://huckjones.strawberryforum.org/wiki/Special:MobileDiff/1177