06:49 <Sarayan> damned, the databases have fixed links

06:50 <Sarayan> Gonna have to push nodes around

07:03 <Sarayan> oh damn it's going to be more complicated than I expected

07:13 <Sarayan> ok, gonna wing it and fixup after

12:45 <Sarayan> hmmm, the mlabs are having a hard time making sense

12:46 <Sarayan> oh, I see, they magicked some stuff

12:49 <Sarayan> and they dropped the local interconnect

12:49 <Sarayan> in fact labs and mlabs are amusingly different

12:50 <Sarayan> oh *DUH*, I'm mixing mlab and m10k

12:50 <Sarayan> no wonder it's different

15:10 <Lofty> Sarayan: woops :P

20:55 <jevinskie[m]> Womp, womp. The target bitstream of interest has all 0s in the m4k blocks. No secret bootrom :(

20:57 <Lofty> That sucks

21:04 <daveshah> Unless it is a small secret bootrom using LUTs as ROM?

21:14 <Sarayan> Phew, 702014 routes done out of 2263706, it's a start

21:15 <Sarayan> (one route = one wire, its connections, and all the associated firmware bits, turned into a small piece of code instead of a giant table)

21:16 <Sarayan> plus understanding what wires connects to what BEL when appropriate

22:00 <chipb> jevinskie[m]: bootrom for?

22:05 <chipb> oh, for a specific target board.

22:07 <chipb> it wouldn't especially surprise me if your bitstream stores key material in LUTs.

22:07 <jevinskie[m]> Yes a console dev kit

22:09 <jevinskie[m]> Yes another theory is that it decrypts the bootloader in place in some shared SRAM. So next step will be trying to dump the LUTs to search for sboxes or high entropy data that might be a key

22:10 <chipb> what arch is the cpu? is it the console's native or custom?

22:11 <chipb> got a link to info on the board?

22:11 <sorear> watch as it turns out to be something like "xor each byte with 42"

22:11 <chipb> yeah. that's also at the back of my mind. heh.

22:12 <chipb> they probably chain in a counter or xor the address with it at least. :-P

22:19 <jevinskie[m]> The MIPS SoC for PSP https://playstationdev.wiki/pspdevwiki/index.php?title=KBOOTI

22:25 <chipb> and the cpu's in the soft logic of your cyclone part?

22:32 <jevinskie[m]> Cyclone part is labeled for “shared memory” and we aren’t entirely clear what it does. CPU is in a Sony SoC. There is a coprocessor called tachyon in the SoC that might decrypt the kbooti, that’s the only other theory if the FPGA isn’t doing it

22:34 <sorear> the PSP has a FPGA?

22:34 <Lofty> I think it's the PSP's dev kit by the sounds of it

22:35 <Lofty> I know the PS2 dev kit also used an FPGA as a bridge chip between buses

22:40 <jevinskie[m]> Yes, IIRC another cyclone. Ps3 dev kits and later switched to xilinx

23:14 <Lofty> jevinskie[m]: no, it's a Xilinx chip on the PS2 TOOL

23:14 <Lofty> XC3000 IIRC

23:21 <Lofty> mwk: the Xilinx naming system is wonderful

23:21 <mwk> which one

23:21 <Lofty> You can abbreviate the XC3000 as XC3K and end up with an entirely different chip

23:21 <mwk> the wonderful thing is there are so many of them

23:22 <mwk> ... there is no xc3k as far as I know; xc7k on the other hand...