Hi!
Can I join this thread as an interested party?
Thanks to burakkucat, I am the legal guardian of a 2Wire 2700HGV and a 2701HGV-C. Currently, both devices, being locked to BT, are lounging about doing nothing, but hopefully that will change.
I have pulled the PCBs out of the devices to identify the board components. The component lists for the 2700 and the 2701 are very similar. Below is some background to them..
Both the 2700 and the 2701 are powered by the 2Wire "Ares" processor. This is a re-branded Philips (NXP) PNX15xx CPU [1]. These are relatively unusual processors that are recognised for their high performance in media applications. The CPUs are more common in video processing equipment. Their use by 2Wire in broadband access equipment may be unique.
The 2Wire "Ares" processor is probably a PNX1502. This processor has a Trimedia 3260 VLIW core. VLIW stands for Very Long Instruction Word.
In a VLIW core, each processor instruction has five or even seven 32-bit "issues" (also known as slots). Each of those slots can perform a different operation in a single clock cycle. So the Trimedia can potentially execute five operations simultaneously. This is known as Instruction Level Parallelism or ILP. ILP is at the heart of VLIW architectures.
Theoretically, this is a great idea. But it comes at a cost. It requires extra support hardware - more RAM and more flash since each instruction is "very long" (160+ bits, in fact).
And when you can't fill every instruction slot with a useful operation (because one slot awaits the result from another) then you must fill those slots with NOPs (no operation opcodes). That is very wasteful and costly in terms of RAM and flash memory. So that hardware overhead is the key disadvantage of VLIW.
Building code for the Trimedia core isn't straightforward, either. It requires a dedicated VLIW C compiler that has the extensions needed to utilise the instruction slots efficiently.
And there's only one compiler available to do that. It's called tmcc, the Trimedia C compiler, and it's a commercial product. There are no alternatives to tmcc. And with no competition, the price has careered out of control. The tmcc compiler sells today for a staggering..... drum roll.... $2500...
Now here's where I get mad.. The compiler should probably be free since it is based on a modified version of the GPL'ed (open source) GNU c compiler. So that should be the subject of a case file @ gpl-violations.org...
And it's not just the rip-off compiler. The bill for a would-be Trimedia developer keeps on growing bigger..
To download your (very expensively) compiled code to the flash memory on a Trimedia board requires an obscure JTAG programmer which costs another $1500-$2000. Normally, a JTAG programmer in its simplest form cost just £2. So this is lucrative business.
It is the cost of this development kit, and the relative obscurity of the Trimedia architecture which has meant that the 2Wire devices have remained off-limits for curious hackers.
Sadly(?) this may be the end of the era for Trimedia cores in 2Wire kit. In 2010, Pace bought out 2Wire. The British-based Pace tends to favour the ARM platform, so the Trimedia products could face the axe.
A small library of documents relating to the Trimedia and the 2Wire devices that use them is taking form. Burakkucat kindly started this off with some manuals and official documentation from 2Wire and British Telecom. And datasheets, and a few Trimedia development manuals that have leaked into the wild have been added.
If anyone happens to read this who has worked on the Trimedia, and still has the Nexperia Development Kit (NDK) or the SDE knocking around, please say hullo!
Of great interest would be a glimpse at the source code for the Trimedia JTAG tools, especially a file called cw.c. This file apparently contains the "secret" JTAG register definitions and such like for the Trimedia. Get this.. .for such a costly development application, and this may seem hard to believe, but that JTAG programming code is so old, it will only run in 16-bit MSDOS mode!.. So that's what you get for $2500?!
Anyway.. Below is the link to the docs on the 2Wire and the Trimedia.[2] There are quite a few more documents that need properly cataloguing and adding to the collection.
One avenue for hacking these device could be through understanding the firmware format: identifying how the firmware image files are composed, their fields, types and the authentication methods used to protect firmware content from modification (or not)........
A preliminary start on this task has been made, and collaboration would be welcomed..
This could attract interest beyond British shores. 2Wires devices are very popular in the USA where under the "U-Verse" model range they have been standard CPE for AT&T subscribers for many years.
Some of the latest 2Wire models that are based on the Trimedia core, such as the 3800, do support VDSL2, so could theoretically be used for FTTC in the UK, assuming the E.U. and the U.S. share the same VDSL2 specs, and the U-Verse devices support the same VDSL profiles that are used over here.
cheers,
asbokid
[1]
http://www.datasheetcatalog.org/datasheet/philips/PNX15XX_SER_N_2.pdf[2]
https://docs.google.com/leaf?id=0B6wW18mYskvBNjQ0OGFjM2UtM2ZjMi00YTY1LWE4MGUtNzQ1Mjg5ODhjNDRk&hl=en_US
