Skip to content
/ qemu-ipod-nano Public
forked from devos50/qemu-ios

An attempt at rehosting iPod Nano 3G (and possibly others) in QEMU. Originally a fork of Devos50's QEMU fork which had work for the iPod Touch 1G which I used as a starting point.

License

Unknown and 2 other licenses found

Licenses found

Unknown
LICENSE
GPL-2.0
COPYING
LGPL-2.1
COPYING.LIB
23 stars 5.7k forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

lemonjesus/qemu-ipod-nano

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

92,593 Commits
accel
accel
 
 
audio
audio
 
 
authz
authz
 
 
backends
backends
 
 
block
block
 
 
bsd-user
bsd-user
 
 
capstone @ f8b1b83
capstone @ f8b1b83
 
 
chardev
chardev
 
 
common-user
common-user
 
 
configs
configs
 
 
contrib
contrib
 
 
crypto
crypto
 
 
data
data
 
 
disas
disas
 
 
docs
docs
 
 
dtc @ b6910be
dtc @ b6910be
 
 
dump
dump
 
 
ebpf
ebpf
 
 
fpu
fpu
 
 
fsdev
fsdev
 
 
gdb-xml
gdb-xml
 
 
hw
hw
 
 
include
include
 
 
io
io
 
 
ipod
ipod
 
 
libdecnumber
libdecnumber
 
 
linux-headers
linux-headers
 
 
linux-user
linux-user
 
 
meson @ 12f9f04
meson @ 12f9f04
 
 
migration
migration
 
 
monitor
monitor
 
 
nbd
nbd
 
 
net
net
 
 
pc-bios
pc-bios
 
 
plugins
plugins
 
 
po
po
 
 
python
python
 
 
qapi
qapi
 
 
qga
qga
 
 
qobject
qobject
 
 
qom
qom
 
 
replay
replay
 
 
roms
roms
 
 
scripts
scripts
 
 
scsi
scsi
 
 
semihosting
semihosting
 
 
slirp @ a88d9ac
slirp @ a88d9ac
 
 
softmmu
softmmu
 
 
storage-daemon
storage-daemon
 
 
stubs
stubs
 
 
subprojects/libvhost-user
subprojects/libvhost-user
 
 
target
target
 
 
tcg
tcg
 
 
tests
tests
 
 
tools
tools
 
 
trace
trace
 
 
ui
ui
 
 
util
util
 
 
.cirrus.yml
.cirrus.yml
 
 
.dir-locals.el
.dir-locals.el
 
 
.editorconfig
.editorconfig
 
 
.exrc
.exrc
 
 
.gdbinit
.gdbinit
 
 
.gitattributes
.gitattributes
 
 
.gitignore
.gitignore
 
 
.gitlab-ci.yml
.gitlab-ci.yml
 
 
.gitmodules
.gitmodules
 
 
.gitpublish
.gitpublish
 
 
.mailmap
.mailmap
 
 
.patchew.yml
.patchew.yml
 
 
.readthedocs.yml
.readthedocs.yml
 
 
.travis.yml
.travis.yml
 
 
COPYING
COPYING
 
 
COPYING.LIB
COPYING.LIB
 
 
Kconfig
Kconfig
 
 
Kconfig.host
Kconfig.host
 
 
LICENSE
LICENSE
 
 
MAINTAINERS
MAINTAINERS
 
 
Makefile
Makefile
 
 
QEMU-README.rst
QEMU-README.rst
 
 
Readme.md
Readme.md
 
 
VERSION
VERSION
 
 
block.c
block.c
 
 
blockdev-nbd.c
blockdev-nbd.c
 
 
blockdev.c
blockdev.c
 
 
blockjob.c
blockjob.c
 
 
build_nor.sh
build_nor.sh
 
 
configure
configure
 
 
cpu.c
cpu.c
 
 
cpus-common.c
cpus-common.c
 
 
disas.c
disas.c
 
 
gdbstub.c
gdbstub.c
 
 
gitdm.config
gitdm.config
 
 
hmp-commands-info.hx
hmp-commands-info.hx
 
 
hmp-commands.hx
hmp-commands.hx
 
 
iothread.c
iothread.c
 
 
job-qmp.c
job-qmp.c
 
 
job.c
job.c
 
 
memory_ldst.c.inc
memory_ldst.c.inc
 
 
meson.build
meson.build
 
 

Repository files navigation

iPod Nano 3G Emulator

This project is an attempt at rehosting the entirety of the 3rd Generation iPod Nano. It is currently a work in progress, and is not yet functional. The goal is to be able to run the iPod Nano 3G's firmware in a QEMU emulator.

This work is based on devos50's work emulating the iPhone 1G and the iTouch 2G. See the repo this is forked from for more information.

Before I started this, I started a more bespoke emulator based on Unicorn. Check that out here, but it's by no means as far along as this project.

What works

  • SPI NOR flash
  • I2C communications probably work, but the PMU is currently a dummy device
  • The LCD screen
  • Hardware JPEG decoding (it's good enough for now, but it isn't perfect)

Currently, the iPod Nano 3G emulator is able to boot partially into the EFI. At some point, it decides it can't actually boot, so it displays the Red X image.

Below this, the README is a work in progress.

Building

Configure it with:

mkdir build
cd build
../configure --enable-sdl --disable-cocoa --target-list=arm-softmmu --disable-capstone --disable-pie --disable-slirp --disable-werror --extra-cflags="-g" --extra-ldflags='-lcrypto'
make -j12

How to get the files required to run the emulator:

The emulator requires files that I probably shouldn't share. Luckily, if you have an iPod Nano 3G, you can dump and decrypt these files yourself. More complete instructions will be added later. For now, these instructions are incomplete.

BOOTROM

Simply dump this with wInd3x from a real iPod Nano 3G. The emulator will make the required patches to get around the bootrom's security checks. The SHA1 of the bootrom is 6de08ee9e89d5a4ef59b629c903d4ceb828030f0.

NOR and EFI Bootloader

Given a full NOR dump and a decrypted EFI image, you can use:

./build_nor.sh nor_dump.bin /home/tucker/Development/n3g-emulator/efi.bin nor_image.bin

NAND

TODO

Other Notes

Run it with:

./arm-softmmu/qemu-system-arm -M iPod-Touch,bootrom=/home/tucker/Development/qemu-ipod-nano/build/s5l8702-bootrom.bin,iboot=/home/tucker/Development/qemu-ipod-nano/build/iboot_204_n45ap.bin,nand=/home/tucker/Development/qemu-ipod-nano/build/nand -serial mon:stdio -cpu max -m 1G -d unimp -pflash /home/tucker/Development/qemu-ipod-nano/build/nor_image.bin

About

An attempt at rehosting iPod Nano 3G (and possibly others) in QEMU. Originally a fork of Devos50's QEMU fork which had work for the iPod Touch 1G which I used as a starting point.

Resources

Readme

License

Unknown and 2 other licenses found

Licenses found

Unknown
LICENSE
GPL-2.0
COPYING
LGPL-2.1
COPYING.LIB
Activity

Stars

23 stars

Watchers

1 watching

Forks

1 fork
Report repository

Releases

303 tags

Packages

No packages published

Languages

  • C 79.3%
  • C++ 13.2%
  • Python 3.8%
  • Shell 1.7%
  • Assembly 0.5%
  • Meson 0.4%
  • Other 1.1%