note: all infomations provided here are from observation and reverse-engineering, i.e only suppositions

====== FARADAY ======
  * ARM V4 based micro-controller macro FA526

  * openocd was used to break the arm at boot and make a memory dump

dumped memory is already an elf

TODO: 4 bytes PC counter in openocd needs fix for target FA526

<code>
arm-objcopy -I binary -O elf32-littlearm -B arm\
--rename-section .data=.text,readonly,code,load,contents,alloc\
--redefine-sym _binary_cs3516_0x_bin_start=main\
--redefine-sym _binary_cs3516_0x_bin_end=_end\
--redefine-sym _binary_cs3516_0x_bin_size=_size cs3516_0x.bin\
bootrom.elf

arm-objdump -x bootrom.elf 

arm-objdump -m arm -D bootrom.elf > bootrom.s
</code>
==== various notes ====

=== openocd.git  ===
<code>
git clone git://openocd.git.sourceforge.net/gitroot/openocd/openocd openocd.git
cd openocd.git
./bootstrap 
./configure --enable-maintainer-mode --enable-parport --enable-ft2232_libftdi 
make
</code>
=== openocd  ===
grab 0.2 source from http://developer.berlios.de/projects/openocd
<code>
wget http://download.berlios.de/openocd/openocd-0.4.0.tar.bz2
tar xjvf openocd-0.4.0.tar.bz2
cd openocd-0.4.0/
./configure --enable-parport; make; sudo make install
</code>

openocd -f openocd_920.cfg 
<code>
Open On-Chip Debugger 0.4.0 (2010-07-31-15:56)
Licensed under GNU GPL v2
For bug reports, read
	http://openocd.berlios.de/doc/doxygen/bugs.html
parport port = 0x0
trst_and_srst separate srst_gates_jtag trst_push_pull srst_open_drain
dcc downloads are enabled
Info : clock speed 500 kHz
Info : JTAG tap: cs351x.cpu tap/device found: 0x00526fa1 (mfg: 0x7d0, part: 0x0526, ver: 0x0)
Info : Embedded ICE version 2
Info : cs351x.cpu: hardware has 2 breakpoint/watchpoint units
</code>
telnet localhost 4444
<code>
reset run
halt
resume
</code>
=== insight ===

grab insight-6.8-1.tar.bz2 from http://sourceware.org/insight/downloads.php
<code>
./configure   --program-prefix=arm- --target=arm-elf --disable-werror
make -j2
make install
arm-insight arch/arm/boot/compressed/vmlinux</code> 
'File | Target Settings', set the Connections to: 'Target: Remote/TCP', 'Hostname: localhost' and 'Port: 3333'

* arm reset from insight gdb console : 'monitor reset' or monitor 'soft_reset_halt'
=== gdb ===
<code>
(gdb) target remote myhost:3333
(gdb) mon targets
    TargetName         Type       Endian TapName            State       
--  ------------------ ---------- ------ ------------------ ------------
 0* cs351x.cpu         fa526      little cs351x.cpu         halted
(gdb) x/128 0x68000000
0x68000000:	0x01000010	0x00000001	0x00000006	0x00000000
0x68000010:	0x00080b00	0x00001000	0x00000000	0x00000000
...................
</code>