Related
I am working on finalizing a dual-boot method that should work on any android phone. This will allow you to run 2 seperate ROMS quick and easy. It can also be changed to allow for more ROM's if needed. This will not require a different recovery and will be ran completely from the phone
I need some testers so I can test it out on multiple phones. Please leave a post on here on who is willing to test it out and I need one person to also post the printout from this command..
Make sure your phone is plugged in to your computer
Code:
adb shell cat /proc/iomem
If it doesn't return anything please post the print out for this..
Code:
adb shell ls /proc
hey man sounds cool so id love to try!
after typing this:
Code:
adb shell ls /proc
Code:
C:\AndroidSDK\tools>adb shell ls /proc
adb server is out of date. killing...
* daemon started successfully *
1 210 3080 calibration msm_pm_stats
10 22 36 cgroups mtd
108 2223 37 cmdline net
109 2237 38 config.gz pagetypeinfo
11 23 382 cpu partitions
12 2408 4 cpuinfo self
13 2413 45 crypto slabinfo
14 2427 47 devices softirqs
15 2444 48 diskstats stat
16 25 49 driver swaps
169 2647 5 execdomains sys
17 2654 50 fb sysrq-trigger
170 2663 51 filesystems timer_list
171 2672 52 fs timer_stats
172 2683 53 interrupts tiwlan
173 2690 54 iomem tty
174 2699 55 ioports uid_stat
175 2724 57 irq uptime
176 278 58 kallsyms version
177 282 59 kmsg vmallocinfo
178 289 6 kpagecount vmstat
179 2899 60 kpageflags wakelocks
18 291 655 last_kmsg wifidbg
181 2935 7 loadavg yaffs
19 3 8 locks yaffs_stats
1940 3005 811 meminfo zoneinfo
2 3037 9 misc
20 305 buddyinfo modules
21 3079 bus mounts
C:\AndroidSDK\tools>
Also this for first one worked after tried again:
Code:
C:\AndroidSDK\tools>adb shell
adb server is out of date. killing...
* daemon started successfully *
# cat /proc/iomem
cat /proc/iomem
00000000-006fffff : smi
00700000-0079afff : msm_panel.0
007a0000-007bffff : ram_console
19200000-257fffff : System RAM
19226000-19608fff : Kernel text
19626000-19709eb7 : Kernel data
25800000-25ffffff : ebi
a0000000-a00fffff : regs
a0200000-a0200fff : msm_serial_hs.0
a0400000-a0400fff : msm_sdcc.1
a0500000-a0500fff : msm_sdcc.2
a0800000-a0800fff : msm_hsusb
a9900000-a9900fff : msm_i2c.0
a9900000-a9900fff : msm_i2c
a9a00000-a9a00fff : msm_serial.0
a9a00000-a9a00fff : msm_serial
a9c00000-a9c00fff : msm_serial.2
a9c00000-a9c00fff : msm_serial
aa200000-aa2effff : mdp
aa600000-aa600fff : msm_mddi.0
fa000010-fa000017 : leds-cpld
#
hope it helps
I would love to test it out.
I would also love to try this out assuming there is a reasonable chance that it won't break my phone.
Sent from my HTC Magic using XDA App
Code:
# cat /proc/iomem
00000000-006fffff : smi
00700000-0079afff : msm_panel.0
007a0000-007bffff : ram_console
19200000-257fffff : System RAM
1922a000-19625fff : Kernel text
19626000-1979475b : Kernel data
25800000-25ffffff : ebi
a0000000-a00fffff : regs
a0200000-a0200fff : msm_serial_hs.0
a0400000-a0400fff : msm_sdcc.1
a0500000-a0500fff : msm_sdcc.2
a0800000-a0801000 : msm_hsusb
a9900000-a9900fff : msm_i2c.0
a9900000-a9900fff : msm_i2c
a9c00000-a9c00fff : msm_serial.2
a9c00000-a9c00fff : msm_serial
aa200000-aa2effff : mdp
aa600000-aa600fff : msm_mddi.0
e8100010-e8100017 : leds-cpld
Thanks guys..
I should have this finished by Sunday. It makes it so much easier to do everything from the computer, because of all the tools available. There was no way to resign a .zip after it was modified so I had to go a different route.
I have 2 released right now. Untested Here is the link > unCoRrUpTeD Dual Boot
If yours isn't listed please send me a pm with a printout of
Code:
adb shell cat /proc/iomem
. I will update when I get the base address
Used the g1 version on my HTC magic and it works great... pretty much
Sent from my T-Mobile myTouch 3G using XDA App
Mental_Atom said:
Used the g1 version on my HTC magic and it works great... pretty much
Sent from my T-Mobile myTouch 3G using XDA App
Click to expand...
Click to collapse
Thats great! Im looking into running both system's on the phone and data on the sd or 1 system on the phone 1 system on the sd and sharing data. That last one is the tricky one.
I say mostly as I have had a few problems such as being stuck on the SD rom, the phone rom not booting, random fastboot USB booting!? no idea why it did that. Seems to work fine assuming you don't keep switching between them too often or you get random errors. Pretty much fine though and all of those things were easily fixed by flashing the nandroid back as the SD rom works beautifully. if you want some logs just ask and I'll see what I can do
I'm working on some more scripts to help troubleshoot since I'm trying to incorporate as many devices as possible and I only have Sheri to test on
Sent from my HERO running CM6 off the sdcard
If you need any more help just pop me a pm. Despite what this app says I'm on a HTC magic.
Sent from my T-Mobile myTouch 3G using XDA App
Someone over in the Main Android Software Dev. forum is working on a Dual-Boot script.
I'm posting this here b/c me and a fellow DINC user are haveing a issue with the command
Code:
adb shell cat /proc/iomem
it keeps repeating
Code:
3fe00000-3fffffff : msm_tv.0
3fe00000-3fffffff : msm_tv.0
3fe00000-3fffffff : msm_tv.0
3fe00000-3fffffff : msm_tv.0
Maybe someone can shed some light on the problem.
EDIT: Ok I figured it out.
Code:
F:\Android\sdk\tools>adb shell
# head /proc/iomem
head /proc/iomem
03700000-039fffff : kgsl_phys_memory
03700000-039fffff : kgsl
03a00000-03a3ffff : ram_console
03b00000-03dfffff : msm_panel.0
20000000-2e7fffff : System RAM
20027000-20414fff : Kernel text
20434000-2057245b : Kernel data
30000000-3bdfffff : System RAM
3fe00000-3fffffff : msm_tv.0
3fe00000-3fffffff : msm_tv.0
Hey, currenltly I trying to implement wifi real mac reading but nand driver we use for all android nand builds not read whole nand. Ok, I added small patch to nand driver (see attachment) to add an virtual partition to nand with full nand size and it is initiated ok, but, after reading nand with nanddump tool I could not read offsets before ~0x4xx0000 so I need your sugestions and help how to do it. I tried many diferent nand driver codes and I see curent nand driver used in all nand android builds for hd2 after patching can read only first ~0x1000000 and after ~0x4xx0000 but butes readed from first 0x1000000 is not correct (it's corupted). After patching nand driver I have 7 partitions (one is "fullnand" with size 0x20000000 and all other is from magldr), so question is why data is not accessible begin 0x4xx0000 (io errors from kernel side about oob and badblocks)... so it means current nand driver could not detect bad blocks propertly and obb table is not good? Htc nand driver is temporary hacked for leo to get nand android booting and is not full finished?
Is someone interested here to help me?
I can see real mac using nanddump -s 0x3f20000 -l 0x20000 -f /mnt/sdcard/mtd6 /dev/mtd/mtd6 (offset for mac is 0x3F20028-0x3F2002d) but when add to iomap (io.c) MSM_SPLHOOD_BASE :
Code:
static struct map_desc msm_io_desc[] __initdata = {
MSM_DEVICE(VIC),
MSM_DEVICE(CSR),
#ifdef CONFIG_ARCH_MSM7X30
MSM_DEVICE(TMR),
#else
MSM_DEVICE(GPT),
#endif
MSM_DEVICE(DMOV),
MSM_DEVICE(GPIO1),
MSM_DEVICE(GPIO2),
MSM_DEVICE(CLK_CTL),
#ifdef CONFIG_ARCH_MSM7X30
MSM_DEVICE(CLK_CTL_SH2),
#endif
#ifdef CONFIG_ARCH_MSM7227
MSM_DEVICE(TGPIO1),
#endif
#ifdef CONFIG_ARCH_QSD8X50
MSM_DEVICE(SIRC),
MSM_DEVICE(SCPLL),
#endif
MSM_DEVICE(AD5),
MSM_DEVICE(MDC),
#ifdef CONFIG_ARCH_MSM7X30
MSM_DEVICE(ACC),
MSM_DEVICE(SAW),
MSM_DEVICE(GCC),
MSM_DEVICE(TCSR),
#endif
MSM_DEVICE(TS),
MSM_DEVICE(SSBI),
MSM_DEVICE(TSSC),
MSM_DEVICE(RAM_CONSOLE),
{
.virtual = (unsigned long) MSM_SHARED_RAM_BASE,
.pfn = __phys_to_pfn(MSM_SHARED_RAM_PHYS),
.length = MSM_SHARED_RAM_SIZE,
.type = MT_DEVICE,
},
#ifdef CONFIG_MSM_DEBUG_UART
MSM_DEVICE(DEBUG_UART),
#endif
#ifdef CONFIG_ARCH_QSD8X50
MSM_DEVICE(TCSR),
#endif
#ifdef CONFIG_CACHE_L2X0
{
.virtual = (unsigned long) MSM_L2CC_BASE,
.pfn = __phys_to_pfn(MSM_L2CC_PHYS),
.length = MSM_L2CC_SIZE,
.type = MT_DEVICE,
},
#endif
{
.virtual = (unsigned long) MSM_SPLHOOD_BASE,
.pfn = __phys_to_pfn(MSM_SPLHOOD_PHYS),
.length = MSM_SPLHOOD_SIZE,
.type = MT_DEVICE,
},
MSM_DEVICE(SDC2),
};
and to msm_iomap-8x50.h
Code:
// For reading the real WiFi MAC address
#define MSM_SPLHOOD_BASE IOMEM(0xF9200000)
#define MSM_SPLHOOD_PHYS 0x0
#define MSM_SPLHOOD_SIZE 0x00120000
and use code (add to leo_wifi_nvs) to dump 0x20000 butes from 0x3f20000 offset (mac things starting affter 0x100000 butes "after SPL + 0x80000 == 0x0 + SPL 0x80000 + 0x80000"):
Code:
uint32_t rr;
uint32_t from = 0x100000;
for (rr=0x0; rr<0x20000; rr++)
printk("%2x", readb(MSM_SPLHOOD_BASE + from + rr));
I can see totaly confused and not usable hex dump so it mean something I doing wrong. How to add an real mtd phys offset to iomap?
other things:
Definitely ecc layout is wrong! For example see diffs from my jtag dump (from offset 0x4240000 len 0x20000) and my nanddump (from offset 0x4240000 len 0x20000) Why ecc butes (0x40 len) thereby move the NAND parts 0x40 butes forward? I think it is not so good. Allso please see difference between sd and nand speed here -> http://forum.xda-developers.com/showthread.php?p=20134343#post20134343 is not that a bit strange that the sd is faster than NAND?
I want to add real mac to all nand builds, but can not do it becouse current nand driver is uncopleted!
And here is some changes to tytung kernel I use for now:
munjeni said:
And here is some changes to tytung kernel I use for now:
Click to expand...
Click to collapse
interesting ... i want to format nand as ext4 for a long time. but I even don't know how to get into. i'll keep this thread in mind.
but I'm really hope you can finish it in someday, and hope have someone who has the skill can help you do this work.
Maybe create localy an ext4.img and than using nandwrite back img to nand but I do not know if it will work (not tried) and you need to edit mbr and you need to do all manually... but it's good idea I will try with userdata ext4
munjeni said:
Maybe create localy an ext4.img and than using nandwrite back img to nand but I do not know if it will work (not tried) and you need to edit mbr and you need to do all manually...
Click to expand...
Click to collapse
well, I haven't thinking about this , sound like a good idea ... but, seems will be a very hard work.
I not have experience with mbr record, allso not know is here an android.ext4 image runing on other devices?
munjeni said:
And here is some changes to tytung kernel I use for now:
Click to expand...
Click to collapse
Hi i want to test your changes,
Can you please tell me what they change for better side, and what you gained by adding this changes to kernel.
Thanks allot.
If you can please PM me when you can.
Thanks.
---------- Post added at 06:58 PM ---------- Previous post was at 06:53 PM ----------
munjeni said:
I not have experience with mbr record, allso not know is here an android.ext4 image runing on other devices?
Click to expand...
Click to collapse
yes there is, not on hd2, but on every new device, they use ext4 for internal storage and system + data.
but thing is that this storage is already MMC! and not raw nand, so no problem at all to make it ext 2 ,3 ,4
and we stuck with raw nand
but your idea with creating image can work!
but will it speed the write speed, or we will still get the same results, as it's still NAND and not block device.
Ok, about kernel changes, I used it for my work with htc hd mini and all is from my git so I applied it to tytungs kernel (for example smd fix, netfilter "hd mini inbound connection fix", added an nand partition "full nand size", ...etc).
About nand hmm, only option is trying and seeing how will be read/write speed using ext4... for example I will create userdata with fixed size and an partition "last partition" that I will try to convert to ext4 and try to mount it first, if it will be mounted than try to create userdata as ext4...
Question. Why nanddump can not dump whole nand, is there an protection or nand driver is not ok? Allso when dump ussing jtag and nandump I see big diff between 2 dumps, so why? Did you have experience about it?
Hey, what you think about -> http://forum.xda-developers.com/showthread.php?t=1390085
You don't need to touch your source, here is compiled kernel+modules if you want to try. Note, kernel is comiled without cross compiler, it's compiled directly in hd2 (gcc version 4.3.2 (Debian 4.3.2-1.1)) and I think it's smoother than compiled trought cross copilers... please try and let me know
Forgot to say: thanks tytung for great source and all who worked on it! And please lets back to problem with nand driver! What's your opinions about?
munjeni said:
Ok, about kernel changes, I used it for my work with htc hd mini and all is from my git so I applied it to tytungs kernel (for example smd fix, netfilter "hd mini inbound connection fix", added an nand partition "full nand size", ...etc).
About nand hmm, only option is trying and seeing how will be read/write speed using ext4... for example I will create userdata with fixed size and an partition "last partition" that I will try to convert to ext4 and try to mount it first, if it will be mounted than try to create userdata as ext4...
Question. Why nanddump can not dump whole nand, is there an protection or nand driver is not ok? Allso when dump ussing jtag and nandump I see big diff between 2 dumps, so why? Did you have experience about it?
Click to expand...
Click to collapse
sorry i am not code dev i cant help you find the answer,
but i will try your changed kernel,
and use your patch.
thanks allot for fixing some oldest bugs.
keep the search, answers can be found.
Sent from my HD2
munjeni said:
Hey, what you think about -> http://forum.xda-developers.com/showthread.php?t=1390085
Click to expand...
Click to collapse
this we can use but as install on active hd2 recovery.
they not make one with hd2 kernel.
so when you install the recovery on our recovery its works one time until reboot,
and we dont get option to format nand to ext4 only sd, so still no go.
Sent from my HD2
munjeni said:
You don't need to touch your source, here is compiled kernel+modules if you want to try. Note, kernel is comiled without cross compiler, it's compiled directly in hd2 (gcc version 4.3.2 (Debian 4.3.2-1.1)) and I think it's smoother than compiled trought cross copilers... please try and let me know
Forgot to say: thanks tytung for great source and all who worked on it! And please lets back to problem with nand driver! What's your opinions about?
Click to expand...
Click to collapse
thanks for this, i will try and report back, so its should give us bigger nand and fix some system bugs?
anyway thanks for every fix you made, there are not much devs left that still work on 2.6.32.x kernel.
Sent from my HD2
munjeni said:
I not have experience with mbr record, allso not know is here an android.ext4 image runing on other devices?
Click to expand...
Click to collapse
I remember that there is some of the android devices with ext4 partition in nand I just cant remember which one
dorimanx said:
this we can use but as install on active hd2 recovery.
they not make one with hd2 kernel.
so when you install the recovery on our recovery its works one time until reboot,
and we dont get option to format nand to ext4 only sd, so still no go.
Sent from my HD2
Click to expand...
Click to collapse
Hi, how you installed that?
I'm going now to play with "fortest" partition... will report here any progress if sucess menage something about ext4, maybe all we get an idea
Managed to mount one partition as ext2 but need mkfs.ext4 (if someone found it on net, please post it here!) to try to mount as a ext4.
Used partition "fortest" that have size 80 blocks. Procedure trought adb was:
First, you nandtools to install to your device (see post 1) "/system/bin"!
WARNING: do not perform these commands if you have not exatly the same mtd parts! I will not be responsible if you brick your device or if you delete your data using this tutorial!
Code:
cat /proc/mtd
dev: size erasesize name
mtd0: 00100000 00020000 "misc"
mtd1: 00500000 00020000 "recovery"
mtd2: 00500000 00020000 "boot"
mtd3: 09600000 00020000 "system"
mtd4: 00500000 00020000 "cache"
mtd5: 09600000 00020000 "userdata"
mtd6: 00a00000 00020000 "fortest"
mtd7: 05ee0000 00020000 "othersize"
mtd8: 20000000 00020000 "fullnand"
than errased mtd6 device:
Code:
# /system/bin/flash_erase /dev/mtd/mtd6 0 80
/system/bin/flash_erase /dev/mtd/mtd6 0 80
Erase Total 80 Units
Performing Flash Erase of length 131072 at offset 0x9e0000 done
than mounted mtdblock6 to loop6 and performed dd and mkfs.ext2:
Code:
losetup /dev/block/loop6 /dev/block/mtdblock6
# dd if=dev/zero of=/dev/block/loop6 bs=131072 count=80
dd if=dev/zero of=/dev/block/loop6 bs=131072 count=80
80+0 records in
80+0 records out
10485760 bytes transferred in 0.127 secs (82565039 bytes/sec)
# mkfs.ext2 /dev/block/loop6
mkfs.ext2 /dev/block/loop6
Filesystem label=
OS type: Linux
Block size=1024 (log=0)
Fragment size=1024 (log=0)
2560 inodes, 10240 blocks
512 blocks (5%) reserved for the super user
First data block=1
Maximum filesystem blocks=262144
2 block groups
8192 blocks per group, 8192 fragments per group
1280 inodes per group
Superblock backups stored on blocks:
8193
than created an folder "ext2" to / and mounted loop6 to that folder:
Code:
# mount -t ext2 -o rw /dev/block/loop6 /ext2
after ls /ext2 I see:
Code:
# ls /ext2
ls /ext2
lost+found
after mount I see:
Code:
/dev/block/loop6 on /ext2 type ext2 (rw,relatime,errors=continue)
after adb push somefile I see:
Code:
C:\Documents and Settings\user\Desktop\adb>adb push cm_zImage.2.6.35.rar /ext2
2058 KB/s (1909935 bytes in 0.906s)
after ls again I see:
Code:
# ls /ext2
ls /ext2
cm_zImage.2.6.35.rar lost+found
#
So it mean ext2 working! Need mkfs.ext4 tool compiled to run under android to try ext4!
I'll upload mkfs.ext4 here later
Sent from my HTC Desire HD A9191 using XDA App
Ok. Is it compiled to run in android?
munjeni said:
Ok. Is it compiled to run in android?
Click to expand...
Click to collapse
yes! i'm using it for my a2sd build to format sdcard ext
i must say you really did it! have you try the speed? I must update my io tester to add more accurate calculation asap to suited new generational!
== General Info ==
Hello, and welcome to my usb uart guide - aka, how to totally f' your phone up, if you don't think first!
Really though, read everything before attempting anything!
USB Uart is not new news. There are many great people whom have come before me to make what I am documenting here possible. But I am putting this here because I keep getting PM'd about getting help with USB Uart, and figured it would be good to start a thread that documents what you need and how to get going.
So up front, I need to list some credits.
I gained a lot of knowledge from these people:
TheBeano - Fun with resistors (home/car dock mode + more)
UberPenguin - Galaxy S UART JIG & Debugging Connector
AdamOutler - UART Output / Bootloader Hacking / Kernel Debuging
E:V:A - The Samsung Anyway Jig
I'm sure there is more... let me know if you think you need to be in this list. I'll be happy to update it!
== WARNING ==
I am not responsible for anything you do to your device! If you follow my guide and it results from anything like your phone not working or ending the world, I cannot be held accountable for what you do!
This guide will show you how to use the usb uart on most galaxy s phones (with the FSA9480 USB port accessory detector and switch)
It helps to have Unbrickable Mod. There are some commands you can run from the SBL that will wipe your bootloaders!
You must be VERY CAREFUL!
== Requirements ==
First off, you will need some hardware to connect to your computer. It helps. Below is a list of things I use and they are common and cheap. The links to the items below are what I have. Its what works for me.
mini-usb cable - http://www.sparkfun.com/products/598
bus pirate or arduino (I only cover bus pirate here... for now.) - http://www.seeedstudio.com/depot/bus-pirate-v3-assembled-p-609.html?cPath=174
In my guide i use the bus pirate probe kit - http://www.seeedstudio.com/depot/bus-pirate-probe-kit-p-526.html?cPath=178_180
I used a tape printer to label the test clips.
breadboard (optional, if you rather just solder the resistor to the micro-usb break-out board. more later...) - http://www.sparkfun.com/products/112
USB MicroB Plug Breakout Board - http://www.sparkfun.com/products/10031
some jumper wire - http://www.sparkfun.com/products/124
150k, 523k, 619k resistor (ymmv. AdamOutler and others told me to try 523k or 619k, but I was able to get all the output I need with 150k)
guts - priceless
Also, I use minicom on Linux and Mac OS X (use homebrew to install minicom), but you should be able to use any serial console program you like (i.e. kermit, cu, etc...)
I highly suggest getting to know your bus pirate, but this guide assumes you have read manuals and updated firmware. Any of the other uart modes should also work this way, but I currently don't cover that here... yet.
== Getting Started ==
When we connect to the usb port on the bus pirate(bp), you can find the version info by typing i at the high impedance mode (HiZ>) prompt. Change to this mode when your modifying connections or cable argments.
Code:
HiZ>i
Bus Pirate v3b
Firmware v6.0 r1625 Bootloader v4.4
DEVID:0x0447 REVID:0x3043 (24FJ64GA002 B5)
http://dangerousprototypes.com
Disconnect the bp and lets connect everything from the micro usb port connecting to your phone backwards to the bp. I use a breadboard for things that I might work on later or things I'll re-arrange a lot. You may also decide to solder the resistor directly to the GND/ID pins, but you will need a little lead on the GND. Connect MOSI to D+ and MISO to D-.
Another warning!
You can also fry the ftdi on the bus pirate, if you mess with the connections while the bus pirate is in any mode besides HiZ (Hi Impedance) or unplugged. Usually, I'm in uart bridge mode, so you can't go back to HiZ. You just have to unplug the usb cable.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Solder some jumper wire to the micro usb breakout board. I use about an inch.
I usually start at a1 on the breadboard with vcc and a4 and a5 for ID and GND (respectively). In these images, I'm at the opposite end of the board to make it easier to have the phone next to and above my mouse so it is easy for me to work with the phone.
Put the resistor on b4 and b5 - which is where I connect GND on the bp.
Now that you have the bp connected to the circut, lets move forward and plug in the micro usb cable into the bp and then into your computer.
To change into UART mode on the buspirate, type 'm' at the HiZ> prompt:
Code:
HiZ>m
1. HiZ
2. 1-WIRE
3. UART
4. I2C
5. SPI
6. 2WIRE
7. 3WIRE
8. LCD
x. exit(without change)
(1)>3
Set serial port speed: (bps)
1. 300
2. 1200
3. 2400
4. 4800
5. 9600
6. 19200
7. 38400
8. 57600
9. 115200
10. BRG raw value
(1)>9
Data bits and parity:
1. 8, NONE *default
2. 8, EVEN
3. 8, ODD
4. 9, NONE
(1)>1
Stop bits:
1. 1 *default
2. 2
(1)>1
Receive polarity:
1. Idle 1 *default
2. Idle 0
(1)>1
Select output type:
1. Open drain (H=Hi-Z, L=GND)
2. Normal (H=3.3V, L=GND)
(1)>2
Ready
UART>(3)
UART bridge
Reset to exit
Are you sure? y
After you get into UART Bridge mode, you will have to unplug the usb port from your computer to reset the bus pirate.
This is where experimenting with different resistors on the GND/ID pins make a difference. Using 619k resistance, I just plug the phone in and it boots up. During boot up, I can see the PBL output like the output you will see in the rest of this document. Using 150k resistance, the phone doesn't automatically turn on.
Also, you may have different usability of the console depending on if you set the output type to Open drain or Normal drain.
With Open drain, I am able to see the uart output, but I am not able to break into the SBL prompt like I am with Normal drain.
Interestingly, with 619k on my SGH-T959V, I don't see all of the kernel console output. I still haven't figured out exactly why yet. With 150k resistance, I don't see the PBL output, but I can still break into the SBL prompt (with normal drain) and get full kernel console output.
When you get to this point, the mode light should now be green. When you plug your phone into the micro usb adapter (again 619k in these examples), you should see everything from the pbl in to the kernel starting:
Code:
1
-----------------------------------------------------------
Samsung Primitive Bootloader (PBL) v3.0
Copyright (C) Samsung Electronics Co., Ltd. 2006-2010
-----------------------------------------------------------
+n1stVPN 2688
+nPgsPerBlk 64
+n1stVPN 3008
+nPgsPerBlk 64
PBL found bootable SBL: Partition(4).
Set cpu clk. from 400MHz to 800MHz.
OM=0x29, device=OnenandMux(Audi)
IROM e-fused - Non Secure Boot Version.
-----------------------------------------------------------
Samsung Secondary Bootloader (SBL) v3.0
Copyright (C) Samsung Electronics Co., Ltd. 2006-2010
Board Name: ARIES REV 03
Build On: Oct 28 2011 15:45:50
-----------------------------------------------------------
Re_partition: magic code(0x0)
[PAM: ] ++FSR_PAM_Init
[PAM: ] OneNAND physical base address : 0xb0000000
[PAM: ] OneNAND virtual base address : 0xb0000000
[PAM: ] OneNAND nMID=0xec : nDID=0x60
[PAM: ] --FSR_PAM_Init
fsr_bml_load_partition: pi->nNumOfPartEntry = 12
partitions loading success
board partition information update.. source: 0x0
.Done.
read 1 units.
==== PARTITION INFORMATION ====
ID : IBL+PBL (0x0)
ATTR : RO SLC (0x1002)
FIRST_UNIT : 0
NO_UNITS : 1
===============================
ID : PIT (0x1)
ATTR : RO SLC (0x1002)
FIRST_UNIT : 1
NO_UNITS : 1
===============================
ID : EFS (0x14)
ATTR : RW STL SLC (0x1101)
FIRST_UNIT : 2
NO_UNITS : 40
===============================
ID : SBL (0x3)
ATTR : RO SLC (0x1002)
FIRST_UNIT : 42
NO_UNITS : 5
===============================
ID : SBL2 (0x4)
ATTR : RO SLC (0x1002)
FIRST_UNIT : 47
NO_UNITS : 5
===============================
ID : PARAM (0x15)
ATTR : RW STL SLC (0x1101)
FIRST_UNIT : 52
NO_UNITS : 20
===============================
ID : KERNEL (0x6)
ATTR : RO SLC (0x1002)
FIRST_UNIT : 72
NO_UNITS : 30
===============================
ID : RECOVERY (0x7)
ATTR : RO SLC (0x1002)
FIRST_UNIT : 102
NO_UNITS : 30
===============================
ID : FACTORYFS (0x16)
ATTR : RW STL SLC (0x1101)
FIRST_UNIT : 132
NO_UNITS : 1540
===============================
ID : DATAFS (0x17)
ATTR : RW STL SLC (0x1101)
FIRST_UNIT : 1672
NO_UNITS : 2120
===============================
ID : CACHE (0x18)
ATTR : RW STL SLC (0x1101)
FIRST_UNIT : 3792
NO_UNITS : 160
===============================
ID : MODEM (0xb)
ATTR : RO SLC (0x1002)
FIRST_UNIT : 3952
NO_UNITS : 60
===============================
loke_init: j4fs_open success..
load_lfs_parameters valid magic code and version.
reading nps status file is successfully!.
nps status=0x504d4f43
load_debug_level reading debug level from file successfully(0x574f4c44).
init_fuel_gauge: vcell = 4013mV, soc = 86
check_quick_start_condition- Voltage: 4013.75000, Linearized[74/89/100], Capacity: 89
init_fuel_gauge: vcell = 4013mV, soc = 86, rcomp = d000
reading nps status file is successfully!.
nps status=0x504d4f43
PMIC_IRQ1 = 0x20
PMIC_IRQ2 = 0x0
PMIC_IRQ3 = 0x0
PMIC_IRQ4 = 0x0
PMIC_STATUS1 = 0x40
PMIC_STATUS2 = 0x0
get_debug_level current debug level is 0x574f4c44.
aries_process_platform: Debug Level Low
keypad_scan: key value ----------------->= 0x0
CONFIG_ARIES_REV:48 , CONFIG_ARIES_REV03:48
check_download: micorusb_status1 = 400, key_value = 0
aries_process_platform: final s1 booting mode = 0
DISPLAY_PATH_SEL[MDNIE 0x1]is on
MDNIE setting Init start!!
vsync interrupt is off
video interrupt is off
[fb0] turn on
MDNIE setting Init end!!
Autoboot (0 seconds) in progress, press any key to stop
get_debug_level current debug level is 0x574f4c44.
get_debug_level current debug level is 0x574f4c44.
boot_kernel: Debug Level Low
FOTA Check Bit
Read BML page=, NumPgs=
FOTA Check Bit (0xffffffff)
Load Partion idx = (6)
..............................done
Kernel read success from kernel partition no.6, idx.6.
setting param.serialnr=0x3733b898 0x1ffc00ec
setting param.board_rev=0x30
setting param.cmdline=console=ttySAC2,115200 loglevel=4
Starting kernel at 0x32000000...
== The SBL (Secondary BootLoader) ==
The most interesting line out of all of that was:
Code:
Autoboot (0 seconds) in progress, press any key to stop
If you happen to hold down the Enter/Return key while booting the phone you will get into the "SBL>" prompt.
The Secondary BootLoader is essentially like u-boot.
Code:
...
DISPLAY_PATH_SEL[MDNIE 0x1]is on
MDNIE setting Init start!!
vsync interrupt is off
video interrupt is off
[fb0] turn on
MDNIE setting Init end!!
Autoboot (0 seconds) in progress, press any key to stop Autoboot aborted..
SBL>
If we type help, we will get some commands you can run. Some of these commands are affected by what is set in the environment.
Code:
SBL> help
Following commands are supported:
* setenv
* saveenv
* printenv
* help
* reset
* boot
* kernel
* format
* open
* close
* erasepart
* eraseall
* loadkernel
* showpart
* addpart
* delpart
* savepart
* nkernel
* nramdisk
* nandread
* nandwrite
* usb
* mmctest
* keyread
* readadc
* usb_read
* usb_write
* fuelgauge
* pmic_read
* pmic_write
To get commands help, Type "help <command>"
SBL>
You can get some minimal help for each command:
Code:
SBL> help loadkernel
* Help : loadkernel
* Usage : loadkernel
load kernel image
- loadkernel 0x80A00000 from kernel partition
Another set of intersting commands here are the ones that manipulate the environment:
setenv
saveenv
printenv
Code:
SBL> help setenv
* Help : setenv
* Usage : setenv [name] [value] . .
Modify current environment info on ram
SBL> help saveenv
* Help : saveenv
* Usage : saveenv
Save cuurent environment info to flash
SBL> help printenv
* Help : printenv
* Usage : printenv
Print current environment info on ram
printenv is probably the safest of them to run, so lets try this first.
Code:
SBL> printenv
PARAM Rev 1.3
SERIAL_SPEED : 7
LOAD_RAMDISK : 0
BOOT_DELAY : 0
LCD_LEVEL : 97
SWITCH_SEL : 1
PHONE_DEBUG_ON : 0
LCD_DIM_LEVEL : 0
LCD_DIM_TIME : 6
MELODY_MODE : 1
REBOOT_MODE : 0
NATION_SEL : 0
LANGUAGE_SEL : 0
SET_DEFAULT_PARAM : 0
CUST_KERNEL_DL_COUNT : 0
KERNEL_BINARY_TYPE : 0
VERSION : I9000XXIL
CMDLINE : console=ttySAC2,115200 loglevel=4
DELTA_LOCATION : /mnt/rsv
PARAM_STR_3 :
PARAM_STR_4 :
I'm not fully sure what all of these options are, but the ones I know about are SWITCH_SEL and PHONE_DEBUG_ON.
I usually turn SWITCH_SEL to 765431. If I turn 2 on, I don't get anything. It would be worthy to test each number in SWITCH_SEL to figure out what number changes what. That maybe specific to the device I have.
Setting at least 6543 in SWITCH_SEL will give you kernel log output:
Code:
setenv SWITCH_SEL 6543
saveenv
I also set PHONE_DEBUG_ON to 1:
Code:
setenv PHONE_DEBUG_ON 1
saveenv
When I set this, I get some extended battery statistics like:
Code:
[BAT] CHR(0) CAS(0) CHS(3) DCR(0) ACP(2) BAT(81,0,0) TE(31) HE(1) VO(3926) ED(1000) RC(0) CC(0) VF(591) LO(0)
You must remember that after running setenv, you must then run saveenv at least once at the end to save the environment. I believe this environment info is saved to either an offset on the sbl partition or on the param.lfs. It would be useful to find this out, because u-boot has a userspace utility (that you can use from within linux userspace) to modify the u-boot environment. It may be handy to use a tool like that to modify the CMDLINE option during rom flashing time.
Also, instead of powering your phone off then on again to put the new settings in place, just run reset from the sbl prompt to reboot the phone with the new settings.
Anyways, This is what I have so far. I will be adding more to this as time goes on.
Enjoy!
-Bryan
Very nice and clear guide!
Also check out my Anyway thread on more details about JIG resistances etc. Soon I hope there will be more added to that about building your own Samsung Test Jig...
Setenv switch sel 1234567
Phone debug on 1
This gives you some kernel debugging.
bhundven said:
I usually turn SWITCH_SEL to 765431. If I turn 2 on, I don't get anything. It would be worthy to test each number in SWITCH_SEL to figure out what number changes what.
Click to expand...
Click to collapse
AdamOutler said:
Setenv switch sel 1234567
Phone debug on 1
This gives you some kernel debugging.
Click to expand...
Click to collapse
Yup. I've got that in there.
It's interesting to note that not all bootloaders are created equal. My results are on SGH-T959V.
Any chance that it will work witch Galaxy Ace too?
dragonnn said:
Any chance that it will work witch Galaxy Ace too?
Click to expand...
Click to collapse
I'm not sure. The GT-i9001 and the SGH-i717 (at&t galaxy note) also both have the FSA9480 chip, but use Qualcomm chips. I can only get some bootloader output from the SGH-i717:
Code:
Android Bootloader - UART_DM Initialized!!!
[VIBETONZ] ENABLE
[VIBETONZ] DISABLE
HW_REV = 12
mipi_init : status = 1
HW_REV = 12
start init_charger
smb328a_init_charger : is_reboot_mode = 0, vcell = 3975
check valid dcin (0x33) = 0x0
no dcin, skip init_charger
fuelguage : soc = 80%, vcell = 3975mV
fuelguage : rcomp(0xd01f) ==?? 0xd0d0
HW_REV = 12
VReset : 0x8c
Hibernation mode : 0x0
8340 = ( 397500 - 334350 ) * 13207 / 100000
HW_REV = 12
reboot_mode = 0xb6cef249
do key check
enter normal booting mode
AST_POWERON
usable ddi data.
HW_REV = 12
HW_REV = 12
E.V.A. said that it might be some debugging setting in the kernel that might have disabled the kernel log output.
It would be helpful to get some MSM developers here to help us out with that!
bhundven said:
I'm not sure. The GT-i9001 and the SGH-i717 (at&t galaxy note) also both have the FSA9480 chip, but use Qualcomm chips. I can only get some bootloader output from the SGH-i717:
Click to expand...
Click to collapse
I looked in the kernel source and it have ./drivers/i2c/chips/fsa9280.c and the driver is included in the build kernel:good:. As far I understand we can using this method recovery the phone from hard brick? That will be really nice, my friend bricked his Ace, maybe he can use this method.
dragonnn said:
I looked in the kernel source and it have ./drivers/i2c/chips/fsa9280.c and the driver is included in the build kernel:good:. As far I understand we can using this method recovery the phone from hard brick? That will be really nice, my friend bricked his Ace, maybe he can use this method.
Click to expand...
Click to collapse
Currently, I only know this method to work on SGS( not sgs2 or sgs3 ) phones with the FSA9480.
bhundven said:
Yup. I've got that in there.
It's interesting to note that not all bootloaders are created equal. My results are on SGH-T959V.
Click to expand...
Click to collapse
The switches are messages from levels 1-7. Turn on more to get more messages.
AdamOutler said:
The switches are messages from levels 1-7. Turn on more to get more messages.
Click to expand...
Click to collapse
That makes sense, but what doesn't is if I set SWITCH_SEL to 1234567 or any combination with 2, I get no output. As long as I don't have 2 in there, it works fine. Must just be this device.
Memory Architecture
Of course each device will have a different Memory Map. Each carrier designs their varient based on what they want and need to function. The MM is sectioned off in the ROM. Any user or modifiable area is stored in RAM so remember we are working in an area that is not supposed to touched (ROM).
Bootloaders are tricky beasts, have never developed a flashing algorithm so I don't know. Usually BLs are not updated after release ( atleast in my field) only sw/fw is.
Either way, excellent ideas, but there is always a way in!
Fly-n-High said:
Of course each device will have a different Memory Map. Each carrier designs their varient based on what they want and need to function. The MM is sectioned off in the ROM. Any user or modifiable area is stored in RAM so remember we are working in an area that is not supposed to touched (ROM).
Bootloaders are tricky beasts, have never developed a flashing algorithm so I don't know. Usually BLs are not updated after release ( atleast in my field) only sw/fw is.
Either way, excellent ideas, but there is always a way in!
Click to expand...
Click to collapse
huh?
Good post
Nice...!!
Thanks you~
can't get SBL or PBL logs on uart in galaxy-y (GT-S5360)
Hello sir,
Thanks for your great tutorial .
I Tried to get uart on galaxy-y (GT-S5360) . I got a working uart but can't see any PBL or SBL logs during the boot. The only log I see during the booting is
Code:
AST_POWERON..
BOOTING COMPLETED
After booting, uart works fine and i can use a shell via serial using command
(on phone)
Code:
busybox sh</dev/ttyS0 >/dev/ttyS0
and on PC
Code:
microcom -s 115200 -p /dev/ttyS0
ttyS0 settings of the phone is
Code:
speed 115200 baud; line = 0;
intr = ^C; quit = ^\; erase = ^?; kill = ^U; eof = ^D; eol = <undef>;
eol2 = <undef>; swtch = <undef>; start = ^Q; stop = ^S; susp = ^Z; rprnt = ^R;
werase = ^W; lnext = ^V; flush = ^O; min = 1; time = 0;
-parenb -parodd cs8 hupcl -cstopb cread clocal -crtscts
-ignbrk -brkint -ignpar -parmrk -inpck -istrip -inlcr -igncr icrnl ixon -ixoff
-iuclc -ixany -imaxbel -iutf8
opost -olcuc -ocrnl onlcr -onocr -onlret -ofill -ofdel nl0 cr0 tab0 bs0 vt0 ff0
isig icanon iexten echo echoe echok -echonl -noflsh -xcase -tostop -echoprt
echoctl echoke
And that of PC is
Code:
speed 115200 baud; rows 0; columns 0; line = 0;
intr = ^C; quit = ^\; erase = ^?; kill = ^U; eof = ^D; eol = <undef>;
eol2 = <undef>; swtch = <undef>; start = ^Q; stop = ^S; susp = ^Z; rprnt = ^R;
werase = ^W; lnext = ^V; flush = ^O; min = 1; time = 0;
-parenb -parodd cs8 hupcl -cstopb cread clocal -crtscts
ignbrk -brkint -ignpar -parmrk -inpck -istrip -inlcr -igncr -icrnl -ixon -ixoff
-iuclc -ixany -imaxbel -iutf8
opost -olcuc -ocrnl -onlcr -onocr -onlret -ofill -ofdel nl0 cr0 tab0 bs0 vt0 ff0
isig -icanon iexten -echo echoe echok -echonl -noflsh -xcase -tostop -echoprt
-echoctl echoke
cat /proc/cmdline of phone is
Code:
console=ttyS0,115200n8 mem=362M kmemleak=off root=/dev/ram0 rw androidboot.console=ttyS0 mtdparts=bcm_umi-nand:[email protected](bcm_boot)ro,[email protected](loke)ro,[email protected](loke_bk)ro,[email protected](systemdata)ro,[email protected](modem)ro,[email protected](param_lfs)rw,[email protected](boot)ro,[email protected](boot_backup)ro,[email protected](system)rw,[email protected](cache)rw,[email protected](userdata)rw,[email protected](efs)rw,[email protected](sysparm_dep)ro,[email protected](umts_cal)ro,[email protected](cal)r BOOT_MODE=0 loglevel=0 BOOT_FOTA=0 DEBUG_LEVEL=LOW
Circuit diagram is attached below
any one please help
harish2704 said:
I Tried to get uart on galaxy-y (GT-S5360) . I got a working uart but can't see any PBL or SBL logs during the boot. The only log I see during the booting is
Code:
AST_POWERON..
BOOTING COMPLETED
Click to expand...
Click to collapse
I get something similar on a Samsung Rugby Smart (SGH-I847). I think they have tweaked the UART stuff on the newer devices that post date the Galaxy S devices. They might share the UART chip, but it seems as if they changed the loader implementation which is causing the newer devices to not see the PBL and SBL information during boot.
harish2704 said:
Circuit diagram is attached below
Click to expand...
Click to collapse
Have you tried a 150k or 619k resistor instead of the 523k? I was able to get output with both a 150k and 619k, but the output was very similar to what you have posted. Likely a long shot, but worth a try.
harish2704 said:
cat /proc/cmdline of phone is
Code:
console=ttyS0,115200n8 mem=362M kmemleak=off root=/dev/ram0 rw androidboot.console=ttyS0 mtdparts=bcm_umi-nand:[email protected](bcm_boot)ro,[email protected](loke)ro,[email protected](loke_bk)ro,[email protected](systemdata)ro,[email protected](modem)ro,[email protected](param_lfs)rw,[email protected](boot)ro,[email protected](boot_backup)ro,[email protected](system)rw,[email protected](cache)rw,[email protected](userdata)rw,[email protected](efs)rw,[email protected](sysparm_dep)ro,[email protected](umts_cal)ro,[email protected](cal)r BOOT_MODE=0 loglevel=0 BOOT_FOTA=0 DEBUG_LEVEL=LOW
Click to expand...
Click to collapse
Do you have any control over this? It might be the case that ttyS0 isn't setup during early-boot and you need to use a different tty to get it to output over the FSA chip.
Have you tried a 150k or 619k resistor instead of the 523k?
Click to expand...
Click to collapse
yes I tried I didn't feel any difference b/w 619k & 523k when tried. And with 150k, I couldn't get uart active ()
Do you have any control over this? It might be the case that ttyS0 isn't setup during early-boot and you need to use a different tty to get it to output over the FSA chip
Click to expand...
Click to collapse
.
What you mean by control? You mean, can i change this parameters? yes its possible by reflashing (update.zip methode)
Or
you mean do i have control on ttyS0 device? yes I could change that by
Code:
busybox stty -F /dev/ttyS0 ..........
command
Sorry for my language
harish2704 said:
What you mean by control? You mean, can i change this parameters? yes its possible by reflashing (update.zip methode)
Click to expand...
Click to collapse
This is the method I was referring to. If you tweak the parameters you might be able to get the kernel log over serial.
Sent from my SAMSUNG-SGH-I547 using Tapatalk 2
Can you please describe about the tweaks i have to do...
in my knowledge, kernel param
Code:
console=ttyS0,115200n8
is enough for that....
So please specify the tweaks...
harish2704 said:
Can you please describe about the tweaks i have to do...
in my knowledge, kernel param
Code:
console=ttyS0,115200n8
is enough for that....
So please specify the tweaks...
Click to expand...
Click to collapse
If you can interact with ttyS0 post-boot I'd expect it to work. Is there maybe anther serial device such as ttyHS0 or similar that you can interact with? If so, that might be something to try.
You need to change that ttyS0 to ttySAC2 in the boot parameters. Use the abootimg tool on Ubuntu. Apt-get install abootimg.
Mstar Android TV firmware toolsPhython 3.4+ required.
Currently available tools:
unpack.py - unpack MStar bin firmware
pack.py - pack MStar bin firmware
extract_keys.py - extract AES and RSA-public keys from MBOOT binary
secure_partition.py - encrypt image and generate signature file
Unpack MStar bin firmware files
Code:
Usage: unpack.py <firmware> <output folder [default: ./unpacked/]>
<firmware> - MStar bin firmware to unpack
<output folder> - directory to store unpacked stuff. Default value: ./unpacked/
Pack MStar bin firmware
Usage: pack.py <config file>
Code:
Example: pack.py configs/letv-x355pro-full.ini
<config file> - Configuration file. The config file structure will be described later.
For now you can take a look at configs/letv-x355pro-full.ini
and use it as an example
Extract keys from MBOOT
That tool is used to get AES and public RSA keys from the MBOOT. AES keys are needed to encrypt/decrypt boot.img and recovery.img images. aescrypt2 tool is used.
Code:
Usage: extract_keys.py <path to mboot> [<folder to store keys>] [<key bank offset>] [<key bank size>]
Defaults:
<folder to store keys> keys
<key bank offset> 0x168e00
<key bank size> 0x450
Example: extract_keys.py ./unpacked/MBOOT.img
Example: extract_keys.py ./unpacked/MBOOT.img ./keys 0x169e00 0x450
Encrypt partition and generate signature
All new MStar builds have SECURE_BOOT option enabled. In that case boot.img and recovery.img is encrypted (AES) and signed with RSA priv keys. That script is used to encrypt image and generate sign file.
To manually encrypt|decrypt image use aescrypt tool from bin folder. AES key can be extracted from MBOOT with extract_keys.py script.
Code:
Usage: secure_partition.py <file to encrypt> <AES key file> <RSA private key file> <RSA public key file> <output encrypted file> <output signature file>
Example: secure_partition.py ./pack/boot.img ./keys/AESbootKey ./keys/RSAboot_priv.txt ./keys/RSAboot_pub.txt ./pack/boot.img.aes ./pack/bootSign
Download tools:
https://github.com/dipcore/mstar-bin-tool
reserved
hi how to backup mstar tv partition including tee.img and sboot.bin?
is there any way to backup them?
i cant find my specific firmware for my mstar CV628H_B42 32SX250 (32EX250F) ctvupgrade.bin
bamster89 said:
hi how to backup mstar tv partition including tee.img and sboot.bin?
is there any way to backup them?
i cant find my specific firmware for my mstar CV628H_B42 32SX250 (32EX250F) ctvupgrade.bin
Click to expand...
Click to collapse
You can use dd tool and create needed images. All what you need is here: /dev/block/platform/mstar_mci.0/by-name/ root is required.
Another way to do so is to create a back up of whole emmc device and then using any hex editor just slice it on required partitions (emmc header structure is pretty straightforward).
You can do it via mboot console (uart acces is required) or you can flash specially prepared firmware bin (look at https://github.com/dipcore/mstar-bin-tool/blob/master/configs/letv-emmc2usb.ini as an example). Basically that bin will just run couple mboot commands to start copying emmc to usb device.
PS You can access to debugging uart via VGA port on the TV. Use 12 and 15 pins (see attachment). 99% of mstar based TV have uart routed to those unused pins on VGA port. So no need to open TV and solder something.
Take a look on this:
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
dipcore said:
You can do it via mboot console (uart acces is required) or you can flash specially prepared firmware bin (look at https://github.com/dipcore/mstar-bin-tool/blob/master/configs/letv-emmc2usb.ini as an example). Basically that bin will just run couple mboot commands to start copying emmc to usb device.
Click to expand...
Click to collapse
i modify this 2 lines in configs/letv-emmc2usb.ini
FirmwareFileName=CtvUpgrade.bin
......
#emmcbin 0 to emmcbin 0
.......
setenv CtvUpgrade_complete 1
and pack after that ,,
i upgrade my mstar in factory menu Source +2580 ..,, and it reboot instantly and there is no partition save in USB.,
this is my MBOOT.img
https://mega.nz/#!LBgQjZbZ!ZirBzDOwbJrz6q-wD7gnikeNPGnVXfD8nGyKiaVkPls
bamster89 said:
i upgrade my mstar in factory menu Source +2580 ..,, and it reboot instantly and there is no partition save in USB
Click to expand...
Click to collapse
Its two step process.
1. EMMC backup. Prepare and flash 1st bin file:
Code:
[Main]
FirmwareFileName=CtvUpgrade.bin
ProjectFolder=./pack
useHexValuesPrefix=false
SCRIPT_FIRMWARE_FILE_NAME=${FirmwareFileName}
DRAM_BUF_ADDR=20200000
MAGIC_FOOTER=12345678
HEADER_SIZE=16KB
[HeaderScript]
Prefix:
mmc dd mmc2usb 0
Suffix:
# Nothing here
It will take some time to copy it to usb drive (in my case it was like 25 minutes)
2. Restore normal boot process. Pack and flash 2-nd bin:
Code:
[Main]
FirmwareFileName=CtvUpgrade.bin
ProjectFolder=./pack
useHexValuesPrefix=false
SCRIPT_FIRMWARE_FILE_NAME=${FirmwareFileName}
DRAM_BUF_ADDR=20200000
MAGIC_FOOTER=12345678
HEADER_SIZE=16KB
[HeaderScript]
Prefix:
setenv MstarUpgrade_complete 1
setenv ForcePowerOn 0
saveenv
Suffix:
# Nothing here
After flasing it will restore normal boot process.
One more thing, in the line
mmc dd mmc2usb 0
it uses usb port #0 in the TV. I do not know where is it located in your TV. You may try all usb ports. If that did not worked then just change it to
mmc dd mmc2usb 1 etc
dipcore said:
One more thing, in the line
mmc dd mmc2usb 0
it uses usb port #0 in the TV. I do not know where is it located in your TV. You may try all usb ports. If that did not worked then just change it to
mmc dd mmc2usb 1 etc
Click to expand...
Click to collapse
i already did changing 0-3 and try to put 3 usb on each port each usb have CtvUpgrade.bin same thing happens no partition created on usb ithink my MBOOT does not allow me to use mmc dd mmc2usb and emmcbin
all i did is to manually backup using dd in terminal
this is my fstab.madison
HTML:
[email protected]_caixun_international:/ # cat fstab.madison
# Android fstab file.
#<src> <mnt_point> <type> <mnt_flags> <fs_mgr_flags>
# The filesystem that contains the filesystem checker binary (typically /system) cannot
# specify MF_CHECK, and must come before any filesystems that do specify MF_CHECK
/dev/block/platform/mstar_mci.0/by-name/system /system ext4 ro wait
/dev/block/platform/mstar_mci.0/by-name/cache /cache ext4 noatime,nosuid,nodev wait,block_validity,nodiscard,data=ordered,journal_checksum
/dev/block/platform/mstar_mci.0/by-name/userdata /data ext4 noatime,nosuid,nodev wait,block_validity,nodiscard,data=ordered,journal_checksum
/dev/block/platform/mstar_mci.0/by-name/tvservice /tvservice ext4 ro wait
/dev/block/platform/mstar_mci.0/by-name/tvconfig /tvconfig ext4 noatime,nosuid,nodev wait,block_validity,nodiscard,data=ordered,journal_checksum
/dev/block/platform/mstar_mci.0/by-name/tvdatabase /tvdatabase ext4 noatime,nosuid,nodev wait,block_validity,nodiscard,data=ordered,journal_checksum
/dev/block/platform/mstar_mci.0/by-name/tvcustomer /tvcustomer ext4 noatime,nosuid,nodev wait,block_validity,nodiscard,data=ordered,journal_checksum
/dev/block/platform/mstar_mci.0/by-name/usersdcard /usersdcard vfat noatime,nosuid,nodev wait,block_validity,nodiscard,data=ordered,journal_checksum
/dev/block/platform/mstar_mci.0/by-name/factory /factory ext4 noatime,nosuid,nodev wait,block_validity,nodiscard,data=ordered,journal_checksum
/dev/block/zram0 none swap defaults zramsize=104857600
/dev/block/mmcblk0boot0 /boot1 emmc defaults defaults
/dev/block/mmcblk0boot1 /boot2 emmc defaults defaults
/dev/block/platform/mstar_mci.0/by-name/MBOOT /MBOOT emmc defaults defaults
/dev/block/platform/mstar_mci.0/by-name/MPOOL /MPOOL emmc defaults defaults
/dev/block/platform/mstar_mci.0/by-name/misc /misc emmc defaults defaults
/dev/block/platform/mstar_mci.0/by-name/recovery /recovery emmc defaults defaults
/dev/block/platform/mstar_mci.0/by-name/boot /boot emmc defaults defaults
/dev/block/platform/mstar_mci.0/by-name/RTPM /RTPM ext4 defaults defaults
HTML:
dd if=/dev/block/platform/mstar_mci.0/by-name/system of=/mnt/usb/sda1/DUMP/system.img
dd if=/dev/block/platform/mstar_mci.0/by-name/cache of=/mnt/usb/sda1/DUMP/cache.img
dd if=/dev/block/platform/mstar_mci.0/by-name/userdata of=/mnt/usb/sda1/DUMP/userdata.img
dd if=/dev/block/platform/mstar_mci.0/by-name/tvservice of=/mnt/usb/sda1/DUMP/tvservice.img
dd if=/dev/block/platform/mstar_mci.0/by-name/tvconfig of=/mnt/usb/sda1/DUMP/tvconfig.img
dd if=/dev/block/platform/mstar_mci.0/by-name/tvdatabase of=/mnt/usb/sda1/DUMP/tvdatabase.img
dd if=/dev/block/platform/mstar_mci.0/by-name/tvcustomer of=/mnt/usb/sda1/DUMP/tvcustomer.img
dd if=/dev/block/platform/mstar_mci.0/by-name/usersdcard of=/mnt/usb/sda1/DUMP/usersdcard.img
dd if=/dev/block/platform/mstar_mci.0/by-name/factory of=/mnt/usb/sda1/DUMP/factory.img
dd if=/dev/block/mmcblk0boot0 of=/mnt/usb/sda1/DUMP/boot1.bin
dd if=/dev/block/mmcblk0boot1 of=/mnt/usb/sda1/DUMP/boot2.bin
dd if=/dev/block/platform/mstar_mci.0/by-name/MBOOT of=/mnt/usb/sda1/DUMP/MBOOT.img
dd if=/dev/block/platform/mstar_mci.0/by-name/MPOOL of=/mnt/usb/sda1/DUMP/MPOOL.img
dd if=/dev/block/platform/mstar_mci.0/by-name/misc of=/mnt/usb/sda1/DUMP/misc.img
dd if=/dev/block/platform/mstar_mci.0/by-name/recovery of=/mnt/usb/sda1/DUMP/recovery.img
dd if=/dev/block/platform/mstar_mci.0/by-name/boot of=/mnt/usb/sda1/DUMP/boot.img
dd if=/dev/block/platform/mstar_mci.0/by-name/RTPM of=/mnt/usb/sda1/DUMP/RTPM.img
HTML:
[email protected]_caixun_international:/ # ls /dev/block/platform/mstar_mci.0/by-name/
MBOOT
MPOOL
RTPM
boot
cache
factory
misc
recovery
system
tvconfig
tvcustomer
tvdatabase
tvservice
userdata
usersdcard
ifound this on my MBOOT
HTML:
sar sar Command: (0-base, SAR0~SAR5)
sar <ch#> : ex: sar 0 // read sar channel 0
panel_pre_init - init panel by panel.ini
command: panel_pre_init [option]
-s : static init : panel init para from uboot
-d : dynamic init : panel init para from SN panel_init - init panel by panel.ini
command: panel_init [option]
-s : static init : panel init para from uboot
-d : dynamic init : panel init para from SN panel_post_init backligth on - backlight on
command: backlight_on
mmcinfo display MMC info mmcreg mmcreg show ext-csd <dev num>
- device number of the device to dislay info of
bin2emmc bin2emmc - read bin file and restore it to emmc
command: bin2emmc [usbportnum] [pad] [binname] [offset/partitionname]
emmcbootbin emmcbootbin - dump emmc boot partition and write it to fat usb disk
command: emmcbootbin [usbportnum] [partitionname]
emmcbin emmcbin - dump emmc and restore it to fat usb disk
command: emmcbin [usbportnum] [pad] [binname] [offset/partitionname] [dumpsize]
mmcbininfo mmcbininfo - Valid block num in each partition
command: mmcbininfo [usbportnum]
read[.boot|.gp] [bootpart|gppart] addr blk# size
mmc write[.boot|.gp] [bootpart|gppart] addr blk# size [empty_skip:0-disable,1-enable]
mmc readall - read all blocks for device internal ecc check
mmc crcall - read all blocks and calculate crc32
mmc read.p addr partition_name size
mmc read.p.continue addr partition_name offset size
mmc write.p addr partition_name size [empty_skip:0-disable,1-enable]
mmc write.p.continue addr partition_name offset size [empty_skip:0-disable,1-enable]
mmc rescan
mmc part[.gp] - lists available [GP] partition on current mmc device
mmc look [name] - lists specific partition info on mmc
mmc dev [dev] [part] - show or set current mmc device [partition]
mmc list - lists available devices
mmc create [name] [size]- create/change mmc partition [name]
mmc create.gp part_no size enh_attr ext_attr relwr_attr - create/change eMMC GP partition No.[part_no(0~3)] with size and enhance/extended/reliable_write attribute
mmc create.enhusr start_addr size enha_attr relwr_atrr - create/change eMMC enhance user partition(slc mode) from start_addr with size and enhance/reliable_write attribute
mmc create.complete - complete eMMC gp, enhance user, reliable write partition setting
Note: enh_attr = 0: no slc mode 1: using slc mode, ext_attr = 0: no attr 1: system code 2: Non-persisent, relwr_attr = 0: disable 1: enable reliable write
mmc remove [name] - remove mmc partition [name]
mmc rmgpt - clean all mmc partition table
mmc slc size relwr - set slc in the front of user area, 0xffffffff means max slc size
mmc ecsd - print ecsd register of emmc
mmc setecsd num mask value - set value to num of ecsd according to mask
mmc size - print the mmc size info
mmc slcchk - check the slc/mlc mode of emmc
mmc relwrchk - check the reliable write configuration of emmc
mmc slcrelwrchk - check the slc/mlc mode and reliable write configuration of emmc
mmc unlzo Src_Address Src_Length Partition_Name [empty_skip:0-disable,1-enable]- decompress lzo file and write to mmc partition
mmc erase[.boot] bootpart [blk#] [size]
mmc erase.p partition_name
mmc erase - erase all blocks in device
mmc dd mmc2usb/usb2mmc [portnum] [pad] - dump/restore emmc raw data
mmc alignsize - check the alignment size of slc partition
mmc trim_test [chunk_size] [loop_count] - test read/write performance after trim enabled
eMMC sub system emmc info - lists CSD & ExtCSD on eMMC
emmc init count - reset & init eMMC for count loops
emmc test count - verify eMMC & board signals for count loops
emmc speed [mode]- show eMMC speed sdr or ddr mode @ driver layer
emmc t_table [hs200/ddr] build - build timing table
emmc mode - ddr or sdr
emmc clk - set ClkRegVal
emmc cis - check or erase
emmc pwr_cut init [addr][start block] - eMMC Power Cut Init
emmc pwr_cut test [addr][start block] - eMMC Power Cut Test
emmc reset [0/1] - toggle eMMC reset pin
Maybe this is heplful
MSTAR ROOT_BOOT volume production
https://mega.nz/#!jQIyQJKT!PAnuBXZOPuPvOkoWkhpvk_ZCiHR1UJqAu9IobbemuTU
you do not need to play with bin files, if dd works for you.
bamster89 said:
Maybe this is heplful
MSTAR ROOT_BOOT volume production
https://mega.nz/#!jQIyQJKT!PAnuBXZOPuPvOkoWkhpvk_ZCiHR1UJqAu9IobbemuTU
Click to expand...
Click to collapse
Yes I read it, I used it to create that bin file configs.
Here are more docs: https://github.com/dipcore/Madsion/tree/master/MBoot_Madison_TVOS/doc
My Mstar semi conductor tv stuck on boot animation
plz help
what i am doing now
---------- Post added at 03:33 PM ---------- Previous post was at 03:30 PM ----------
Plz Help my tv stuck on boot animation
I changed the boot animation after my tv is not booting plz help
how to tv in pc and any other solution plz help me someone
---------- Post added at 03:34 PM ---------- Previous post was at 03:33 PM ----------
MStar Semiconductor, Inc. MStar Android TV
MStar Android TV (full.cv6a628h_international)
---------- Post added at 03:37 PM ---------- Previous post was at 03:34 PM ----------
last i doing in tv permission in platform.xml
i thing going wrong in this
and other is boot animation change in media zip file
plz help what i am dong now .............any link of tv firmware to download in tv
thanks in advance
masifkalam said:
plz help
Click to expand...
Click to collapse
1. If you have stock bin or zip firmware just flash it.
2. If you do not have a firmware file, just connect to debugging UART and revert all your changes using console.
dipcore said:
1. If you have stock bin or zip firmware just flash it.
2. If you do not have a firmware file, just connect to debugging UART and revert all your changes using console.
Click to expand...
Click to collapse
dont have stock bin and how connect to pc plz some brief
---------- Post added at 04:58 PM ---------- Previous post was at 04:48 PM ----------
dipcore said:
1. If you have stock bin or zip firmware just flash it.
2. If you do not have a firmware file, just connect to debugging UART and revert all your changes using console.
Click to expand...
Click to collapse
plz some brief for debugging UART i will do
thanks fro reply
masifkalam said:
plz some brief for debugging UART i will do
thanks fro reply
Click to expand...
Click to collapse
look at my post #4 https://forum.xda-developers.com/showpost.php?p=71294095&postcount=4
use VGA port
dipcore said:
look at my post #4 https://forum.xda-developers.com/showpost.php?p=71294095&postcount=4
use VGA port
Click to expand...
Click to collapse
and how console used for revert changes
some examples
thanks dear i will understand these things
---------- Post added at 05:49 PM ---------- Previous post was at 05:25 PM ----------
masifkalam said:
and how console used for revert changes
some examples
thanks dear i will understand these things
Click to expand...
Click to collapse
any other solution for revert changes through pc or recovery mode
masifkalam said:
and how console used for revert changes
some examples
thanks dear i will understand these things
Click to expand...
Click to collapse
It's just shell console with root privileges. Use it as you would use any shell console. I.e. using the sell copy needed files to usb drive then do changes on the PC and copy them back to TV.
dipcore said:
It's just shell console with root privileges. Use it as you would use any shell console. I.e. using the sell copy needed files to usb drive then do changes on the PC and copy them back to TV.
Click to expand...
Click to collapse
shell console with root privileges????? root???
and why copy files to usb first
just revert files from pc through deb uart
debugging uart this cable
http://www.96boards.org/wp-content/uploads/2015/06/uart-to-usb-cable.jpg
masifkalam said:
shell console with root privileges????? root???
and why copy files to usb first
just revert files from pc through deb uart
debugging uart this cable
http://www.96boards.org/wp-content/uploads/2015/06/uart-to-usb-cable.jpg
Click to expand...
Click to collapse
1. Yes ROOT, ROOOT, ROOOOT. It's by default for mstar based TV. So you should get root shell via UART debugging port, of course If your TV vendor did not change that.
2. Yes, you can update it directly from PC. I just provided an example of how to do it. Having shell access you can do a lot of stuff in a many different ways.
3. You can use any cable with usb-uart converter, for instance on pl2303 chip. I'm using similar to this one: https://www.aliexpress.com/item/Fre...lgo_pvid=d98f45a8-1c26-4a5e-bac3-39fdef513502
dipcore said:
1. Yes ROOT, ROOOT, ROOOOT. It's by default for mstar based TV. So you should get root shell via UART debugging port, of course If your TV vendor did not change that.
2. Yes, you can update it directly from PC. I just provided an example of how to do it. Having shell access you can do a lot of stuff in a many different ways.
3. You can use any cable with usb-uart converter, for instance on pl2303 chip. I'm using similar to this one: https://www.aliexpress.com/item/Fre...lgo_pvid=d98f45a8-1c26-4a5e-bac3-39fdef513502
Click to expand...
Click to collapse
thanks dear
i will purchased this and connect to later in this platform
thanks for your time
---------- Post added at 06:41 PM ---------- Previous post was at 06:30 PM ----------
masifkalam said:
thanks dear
i will purchased this and connect to later in this platform
thanks for your time
Click to expand...
Click to collapse
just one thing more
debugging uart connect to tv in stand by position just red light , uart working because my tv automatically restart and off in boot animation
thanks ..............thanks.,,,,,,,,,,,,,,,,,,,,,,thanks...........................dear for your time