As you all know, 3gs has new cpu.
the main difference for us is that new cpu support thumb2 instructions set, and 2g/3g cpu doesnt support it

binaries for 2g/3g has cpu subtype = 6, 3gs - cpu subtype = 9

3gs can run both binaries, 2g/3g only with subtype=6, you can edit cpu subtype with this app - hte.sf.net , then fix signature with ldid, for example compass app runs, but crashes trying to access compass

3 important instructions from thumb2 which are used in 3gs binaries is - CBZ, CBNZ, IT


that's why no need expect voice control on 2g/3g anytime soon.

So the old 3G has no If/Then assembly instruction, and no Compare and Branch if Zero/Non-Zero.. fun.

I haven't played with disassembling much, but is it possible? (disassemble, replace missing instructions with ones supported on both architectures...)

__________________
Latest iPhone Tool File Mirrors (Pwnage Tool, Redsn0w, Black Ra1n, etc): http://g.appleguru.org/

FREE, EASY 3.1.2 Tethering Tutorial

Just thinking outloud... we can replace CBZ and CBNZ with code that compares to zero (cmp) and then branches if equal/not equal (bne, beq)... One caveat is that doing this will change the condition flags, and CBZ/CBNZ do not. Maybe need to push cond flags to the stack and pop off after branching?

IT can be similarly replicated with cmps and standard conditional branch commands.

This is all hypothetical though; we'd still need to be able to disassemble for this to be at all useful... And the only thing it really helps us get without serious re-coding would be voice control, which probably wouldn't run very well due to memory constraints on the 3G anyways. Boo!

__________________
Latest iPhone Tool File Mirrors (Pwnage Tool, Redsn0w, Black Ra1n, etc): http://g.appleguru.org/

FREE, EASY 3.1.2 Tethering Tutorial

cmp then branch is two instructions, 4 bytes in thumb mode
cb/cbnz is just 2 bytes

u cant fit it

Turbo made an userspace sse3 emu for osx86(cathing unknown opcode interrupt and etc), i think it can be ported to iphone to emulate those instr

Interesting Don't suppose the source is anywhere to play with? Also, is it really a userspace app? I'd have thought you'd need to run in kernel mode to intercept/handle opcodes/instructions directly...

__________________
Latest iPhone Tool File Mirrors (Pwnage Tool, Redsn0w, Black Ra1n, etc): http://g.appleguru.org/

FREE, EASY 3.1.2 Tethering Tutorial

Except that the Voice Control was developed originally on a 2G iPhone so it's not necessarily likely they compiled to use any 3GS specific instructions.

Kermit Woodall
Managing Editor
GadgetNutz.com

You're comment doesn't make much sense; apple doesn't do much coding in assembly; most of it is objective C and c++...In this case, they did indeed target the 3gs's subtype 9 arm processor when they compiled. It is up to the compiler to decide what machine language to translate it into, and as such if there's a block of code that translates best into a cbz or an IT the compiler will (should) choose it over less efficient legacy code to accomplish the same thing.

Your comment could be re-written for macs to read something like "Except that Calculator.app was developed originally on a PPC mac so it's not necessarily likely they compiled to use any Intel specific instructions."

In my analogy, the "Calculator.app" in question would have been written on a PPC mac, but compiled with x86 as the build target. (IE, not a universal binary). Such an app would indeed only run on an intel mac

__________________
Latest iPhone Tool File Mirrors (Pwnage Tool, Redsn0w, Black Ra1n, etc): http://g.appleguru.org/

FREE, EASY 3.1.2 Tethering Tutorial

Theorically, to run Voice Control (for example) in 2G, needs a source code for it, and recompiling using build instructions for 2G/3G arch (and including a instructions emulator like old SSE3 emus for SSE2 processors).

Time to haz a reunion of dev-team and osx86 hackers?

__________________
"the truth is out there"

hack1 = Mac OS X Snow Leopard 10.6.2 Build 10C531
hack2 = Mac OS X Server Snow Leopard 10.6.1 Build 10C504
iBook G3 DualUSB = Mac OS X Jaguar 10.2.8 Build 6R73
MacBook 403LL/A = Mac OS X Snow Leopard 10.6.2 Build 10C531
iPhone 3G = iPhone OS 3.1.2 Build 7D11 Baseband 05.11.07 Bootloader 05.09 [G2M3S2] ClaroBR 5.0

That's precisely my point. They would have to deliberately compile for the 3GS. Has anyone actually checked Voice Control and Video Recording to see if they're using the 3GS specific instructions? That would end this discussion. However it wouldn't change the fact that Voice Control and Video Recording were not originally developed for or on the 3GS processor and could be offered on all iPhones if Apple wasn't artificially restricting them to the 3GS.

Kermit Woodall
Managing Editor
GadgetNutz.com

I did a tiny bit of programming on game trainers in the past. "We" had this method called "code injection".

basicly what you do is take an instruction you want to replace with more code.
replace it with a JMP to a memory location with your injection code. Then JMP back to the original flow. But you'd have to find some "code caves" (locations that are filled with NOPs) that are big enough to place your injection code. if you push the memory location you came from to the stack, you can re-use the code to replace all CBZ/CBNZ by POP'ing the memory location off the stack again, and JMP'ing back.

Not sure if this is at all possible, but just thought I'd share.