abrasive
Where to find crom files
I'm not sure exactly if the CROM files are in the second segment of each IPL on all firmwares, or just mine. If they are, could the extraction of the CROMs be handled in the rcx_unpacker?
Also, do you know of any tool that is able to disassemble the epson IPL code? The CROM on mine looks to be ARM32.
My printer is a WF-3620 series, but these tools appear to work for it.
That's a good question. In my case, IPL 0 seg 1 contains a bunch of stuff including a CROM, whilst IPL 1 seg 1 is a CROM with a tiny header.
The IPL is indeed little-endian ARM. I have done a lot of digging in mine (specifically with an eye to the bootloader/flashing commands accepted in IPL mode) and have an IDA database, but that's a commercial tool of course. On the open source side, radare2 or Ghidra should be quite capable -- the latter depending how you feel about the NSA, of course...
It would be interesting to see how similar the early stage boot code is between printers.
I'm yet to find where the code is that is booted on the Xtensa cores.
Can you see a partition table of any sort in the first blob? It'd be nice if we could unpack them systematically.
I haven't found a partition table yet. I used IDA to decompile the CROM portions. I assumed the rest of the IPL was xtensa, but I was wrong and they also appear to be ARM.
For me, IPL 0 seg 1 has a CROM at offset 0x6514. It also had a second signature of CROM1 at 0x4018a4. IPL 1 seg 1 has three CROMs. One at 0x40000, 0x5a0000, and 0x6f0000 respectively.