HaRET
Handheld Reverse Engineering Tool
HaRET is a very useful tool for both end users and developers. Its purpose is two-fold:
-
It is a Linux bootloader which works from Windows CE environment (a-la loadlin for DOS or older Linexec tool for Windows CE)
-
It is a tool for accessing the hardware internals of a Windows CE handheld to help get Linux up and running on it.
HaRET was created by ![[WWW]](/web/20090617235848im_/http://www.handhelds.org/moin/handhelds/img/moin-www.png){kind=small}
Andrew Zabolotny. Current maintainers are Kevin O'Connor and Paul Sokolovsky.
Device Support Matrix
| Device | CPU | Status | Notes |
| Acer n50 | pxa272 | Ok | |
| h1940 | s3c2410 | Ok | Works well with 0.5.x, and older 0.3.6 if mtype and ramaddr specified manually. Problems were detected with 0.4.5. |
| h2200 | Ok | ||
| h3900 | Ok | Tested with WM2003 | |
| h4000 | Ok | ||
| h63xx | omap1510 | Ok | Tested with image from the HpIpaqH6315 port |
| hx2000 | Partial |
There were reports of random problems. WM2005 known to cause problems. mail1, mail2 |
|
| hx4700 | pxa27x | Ok |
WM2003: Boots OK. (Version 4.21.1088 Build 15045.2.6.0 - 2 report) WM2005: needs tetsing with 0.4. 0.3 required " mem=64M" to be added to CMDLINE in startup.txt. Boots OK otherwise. (Version 5.1.70 Build 14406.1.1.1 - 2 reports) |
| rx3000 | s3c2440 | Ok | |
| HTC Alpine | pxa27x | Ok | |
| HTC Athena | pxa27x | Ok | |
| HTC Apache | pxa27x | Ok | |
| HTC Beetles | pxa27x | Ok | |
| HTC Blueangel | pxa263 | Ok | some pxa27x-specific features are not available. |
| HTC Magician | pxa27x | Ok | |
| HTC Universal | pxa27x | Ok | |
| Dell Axim X50/X51 | pxa27x | Ok | |
| HTC Titan | msm7500 | Ok | processor type now detected in Kevin's build from 08/01/07 |
FAQ
Q: Where's the tux boot logo?! What "tux" the Q's below talk about?A: In 0.3 series, there was a nice fullscreen boot logo picturing Linux Tux. Due to considerable rewriting of HaRET's boot mechanisms, this functionality was lost. It will be re-added with later releases. In the meantime, you will see either previous screen contents during boot, or random data on your screen during boot.
Q: I tried running haret.exe but nothing happens.
A: If running haret.exe causes a wince error, or you don't see the haret application start at all, then the following steps may help. On haret 0.5.x, there is an ability to turn on logging very early in the startup. To do so, create a file "earlyharetlog.txt" in the same directory as "haret.exe". Then run haret.exe - a file "haretlog.txt" should be created in the same directory. Send this file to the mailing list below.
Q: How much time it takes to boot Linux using HaRET?
A: Some 10 seconds till kernel starts to execute. Maybe somewhat longer if you have really big initrd. And no, if it stays longer than 1 minute with screen stuck on the tux picture, or with screen with a random pixel pattern, or with fading out screen - it doesn't load, it hangs. Follow to the next questions.
Q: I tried booting linux from HaRET, but it is still stuck on the tux image.
A: Try to start haret.exe and boot linux right after a hard reset.
Q: I tried to boot linux from HaRET as fast as possible after the hard reset, but it is still stuck at the tux image.
A: Unfortunately, HaRET still does not support all devices perfectly. For some devices, trial and error approach is required. See device support matrix above. So, in the case you see problems, it is recommended to retry several times (10 should be enough to make sure if doesn't work at all). Please be assured that HaRET does work on the supported devices, and works well. To extend supported base, we need more testing as described, and reports on the results.
Q: I want really detailed hardware information and more advanced trace functions.
A: That's what 0.5 series offer, after merging many great gnu-haret features. "HELP" and "HELP DUMP" will provide you with more information about the hardware debug functions. Merging is still in progress, so if you miss something, you can try 0.3.6-gnu version in the meantime.
Q: I see colored lines on the display when I boot Linux. What does it means ?
A: Because the preloader and hardware shutdown can be complicated, HaRET will try to write a status indicator to the video screen to indicate its progress. This can be used to help diagnose failures during the boot. A green line is written after disabling interrupts, a magenta line is written after disabling hardware, a blue line after starting the preloader function, a red line after copying the "linux tags" structure, a cyan line after copying the kernel, a yellow line after copying the initrd (if any), and finally a black line right before jumping to the kernel. If CRC checking is enabled (via the variable KERNELCRC) then the kernel and CRC are checked between the yellow and black lines (about 20s) - a red line is written if the kernel crc mismatches and a magenta line is written if the initrd crc mismatches.
Documentation and Support
The latest version of documentation is avilable at HaRET Documentation. Also see the CVS file WHATSNEW
HaRET questions and discussion can be directed to the Mailing list.
Several developers are present on IRC in the #htc-linux channel of irc.freenode.net
Download
Binary
0.5.x series
HaRET 0.5 is the newest development branch, which revamps many functional areas and merges features from gnu-haret. These are supported and recommended versions. 0.3 versions are deprecated and provided only for regression comparison.
0.3.x series (deprecated)
-
0.3.6, compiled by ArjanSchrijver
-
0.3.6-gnu-pxa (Considered specific to PXA27x CPU and some other devices. Has many bugfixes and advanced hardware tracing functions)
-
0.3.6-gnu-sa11x0 (Specific to SrongArm devices)
-
0.3.6-signed signed for use with WM2005, and patched with hx2000 support
Source
The source is available from CVS:cvs -d :pserver:anoncvs@anoncvs.handhelds.org:/cvs login CVS password: anoncvs cvs -d :pserver:anoncvs@anoncvs.handhelds.org:/cvs co haretSend patches to
HaRET mailing list The source (gnu-pxa) is available from CVS:
cvs -d:pserver:anonymous@xanadux.cvs.sourceforge.net:/cvsroot/xanadux login CVS password: (nothing just type enter) cvs -z3 -d:pserver:anonymous@xanadux.cvs.sourceforge.net:/cvsroot/xanadux co -P haretThe source (gnu-sa11x0) is available from CVS:
cvs -d :pserver:anoncvs@jornada820.cvs.sourceforge.net:/cvs login CVS password: anoncvs cvs -d :pserver:anoncvs@jornada820.cvs.sourceforge.net:/cvs co haret
Patches for WM2005 & hx2000 support: http://pn.org/files/
Developers' Section
Extra features of "gnu-pxa" version
The "gnu-pxa" version can dump and decode almost all the PXA27x and ASIC3 registers (DUMP PXA27X*, DUMP ASIC3*), monitor your batter(ies) (POWERMON), control wince nLEDs (NLED*), does not crash on DUMP MMU, dumps process and "modules" list (DUMP PS; DUMP MODULES), can hook the wince irq handler and trace the virtual memory accesses (WI;TRACE*;INSN*), can watch addresses/registers/CPU/ASIC3 (WADDR, WREG*, WASIC3*), helps debugging the virtual and physical memory allocator (KMALLOC, VMALLOC, WMALLOC) and so on.Compiling HaRET
We use GCC port maintained by CeGCC project. Please read INSTALL for more details on the version you need to use, etc.
