== General Info ==
Hello, and welcome to my usb uart guide - aka, how to totally f' your phone up, if you don't think first!
Really though, read everything before attempting anything!
USB Uart is not new news. There are many great people whom have come before me to make what I am documenting here possible. But I am putting this here because I keep getting PM'd about getting help with USB Uart, and figured it would be good to start a thread that documents what you need and how to get going.
So up front, I need to list some credits.
I gained a lot of knowledge from these people:
TheBeano - Fun with resistors (home/car dock mode + more)
UberPenguin - Galaxy S UART JIG & Debugging Connector
AdamOutler - UART Output / Bootloader Hacking / Kernel Debuging
E:V:A - The Samsung Anyway Jig
I'm sure there is more... let me know if you think you need to be in this list. I'll be happy to update it!
== WARNING ==
I am not responsible for anything you do to your device! If you follow my guide and it results from anything like your phone not working or ending the world, I cannot be held accountable for what you do!
This guide will show you how to use the usb uart on most galaxy s phones (with the FSA9480 USB port accessory detector and switch)
It helps to have Unbrickable Mod. There are some commands you can run from the SBL that will wipe your bootloaders!
You must be VERY CAREFUL!
== Requirements ==
First off, you will need some hardware to connect to your computer. It helps. Below is a list of things I use and they are common and cheap. The links to the items below are what I have. Its what works for me.
mini-usb cable - http://www.sparkfun.com/products/598
bus pirate or arduino (I only cover bus pirate here... for now.) - http://www.seeedstudio.com/depot/bus-pirate-v3-assembled-p-609.html?cPath=174
In my guide i use the bus pirate probe kit - http://www.seeedstudio.com/depot/bus-pirate-probe-kit-p-526.html?cPath=178_180
I used a tape printer to label the test clips.
breadboard (optional, if you rather just solder the resistor to the micro-usb break-out board. more later...) - http://www.sparkfun.com/products/112
USB MicroB Plug Breakout Board - http://www.sparkfun.com/products/10031
some jumper wire - http://www.sparkfun.com/products/124
150k, 523k, 619k resistor (ymmv. AdamOutler and others told me to try 523k or 619k, but I was able to get all the output I need with 150k)
guts - priceless
Also, I use minicom on Linux and Mac OS X (use homebrew to install minicom), but you should be able to use any serial console program you like (i.e. kermit, cu, etc...)
I highly suggest getting to know your bus pirate, but this guide assumes you have read manuals and updated firmware. Any of the other uart modes should also work this way, but I currently don't cover that here... yet.
== Getting Started ==
When we connect to the usb port on the bus pirate(bp), you can find the version info by typing i at the high impedance mode (HiZ>) prompt. Change to this mode when your modifying connections or cable argments.
Code:
HiZ>i
Bus Pirate v3b
Firmware v6.0 r1625 Bootloader v4.4
DEVID:0x0447 REVID:0x3043 (24FJ64GA002 B5)
http://dangerousprototypes.com
Disconnect the bp and lets connect everything from the micro usb port connecting to your phone backwards to the bp. I use a breadboard for things that I might work on later or things I'll re-arrange a lot. You may also decide to solder the resistor directly to the GND/ID pins, but you will need a little lead on the GND. Connect MOSI to D+ and MISO to D-.
Another warning!
You can also fry the ftdi on the bus pirate, if you mess with the connections while the bus pirate is in any mode besides HiZ (Hi Impedance) or unplugged. Usually, I'm in uart bridge mode, so you can't go back to HiZ. You just have to unplug the usb cable.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Solder some jumper wire to the micro usb breakout board. I use about an inch.
I usually start at a1 on the breadboard with vcc and a4 and a5 for ID and GND (respectively). In these images, I'm at the opposite end of the board to make it easier to have the phone next to and above my mouse so it is easy for me to work with the phone.
Put the resistor on b4 and b5 - which is where I connect GND on the bp.
Now that you have the bp connected to the circut, lets move forward and plug in the micro usb cable into the bp and then into your computer.
To change into UART mode on the buspirate, type 'm' at the HiZ> prompt:
Code:
HiZ>m
1. HiZ
2. 1-WIRE
3. UART
4. I2C
5. SPI
6. 2WIRE
7. 3WIRE
8. LCD
x. exit(without change)
(1)>3
Set serial port speed: (bps)
1. 300
2. 1200
3. 2400
4. 4800
5. 9600
6. 19200
7. 38400
8. 57600
9. 115200
10. BRG raw value
(1)>9
Data bits and parity:
1. 8, NONE *default
2. 8, EVEN
3. 8, ODD
4. 9, NONE
(1)>1
Stop bits:
1. 1 *default
2. 2
(1)>1
Receive polarity:
1. Idle 1 *default
2. Idle 0
(1)>1
Select output type:
1. Open drain (H=Hi-Z, L=GND)
2. Normal (H=3.3V, L=GND)
(1)>2
Ready
UART>(3)
UART bridge
Reset to exit
Are you sure? y
After you get into UART Bridge mode, you will have to unplug the usb port from your computer to reset the bus pirate.
This is where experimenting with different resistors on the GND/ID pins make a difference. Using 619k resistance, I just plug the phone in and it boots up. During boot up, I can see the PBL output like the output you will see in the rest of this document. Using 150k resistance, the phone doesn't automatically turn on.
Also, you may have different usability of the console depending on if you set the output type to Open drain or Normal drain.
With Open drain, I am able to see the uart output, but I am not able to break into the SBL prompt like I am with Normal drain.
Interestingly, with 619k on my SGH-T959V, I don't see all of the kernel console output. I still haven't figured out exactly why yet. With 150k resistance, I don't see the PBL output, but I can still break into the SBL prompt (with normal drain) and get full kernel console output.
When you get to this point, the mode light should now be green. When you plug your phone into the micro usb adapter (again 619k in these examples), you should see everything from the pbl in to the kernel starting:
Code:
1
-----------------------------------------------------------
Samsung Primitive Bootloader (PBL) v3.0
Copyright (C) Samsung Electronics Co., Ltd. 2006-2010
-----------------------------------------------------------
+n1stVPN 2688
+nPgsPerBlk 64
+n1stVPN 3008
+nPgsPerBlk 64
PBL found bootable SBL: Partition(4).
Set cpu clk. from 400MHz to 800MHz.
OM=0x29, device=OnenandMux(Audi)
IROM e-fused - Non Secure Boot Version.
-----------------------------------------------------------
Samsung Secondary Bootloader (SBL) v3.0
Copyright (C) Samsung Electronics Co., Ltd. 2006-2010
Board Name: ARIES REV 03
Build On: Oct 28 2011 15:45:50
-----------------------------------------------------------
Re_partition: magic code(0x0)
[PAM: ] ++FSR_PAM_Init
[PAM: ] OneNAND physical base address : 0xb0000000
[PAM: ] OneNAND virtual base address : 0xb0000000
[PAM: ] OneNAND nMID=0xec : nDID=0x60
[PAM: ] --FSR_PAM_Init
fsr_bml_load_partition: pi->nNumOfPartEntry = 12
partitions loading success
board partition information update.. source: 0x0
.Done.
read 1 units.
==== PARTITION INFORMATION ====
ID : IBL+PBL (0x0)
ATTR : RO SLC (0x1002)
FIRST_UNIT : 0
NO_UNITS : 1
===============================
ID : PIT (0x1)
ATTR : RO SLC (0x1002)
FIRST_UNIT : 1
NO_UNITS : 1
===============================
ID : EFS (0x14)
ATTR : RW STL SLC (0x1101)
FIRST_UNIT : 2
NO_UNITS : 40
===============================
ID : SBL (0x3)
ATTR : RO SLC (0x1002)
FIRST_UNIT : 42
NO_UNITS : 5
===============================
ID : SBL2 (0x4)
ATTR : RO SLC (0x1002)
FIRST_UNIT : 47
NO_UNITS : 5
===============================
ID : PARAM (0x15)
ATTR : RW STL SLC (0x1101)
FIRST_UNIT : 52
NO_UNITS : 20
===============================
ID : KERNEL (0x6)
ATTR : RO SLC (0x1002)
FIRST_UNIT : 72
NO_UNITS : 30
===============================
ID : RECOVERY (0x7)
ATTR : RO SLC (0x1002)
FIRST_UNIT : 102
NO_UNITS : 30
===============================
ID : FACTORYFS (0x16)
ATTR : RW STL SLC (0x1101)
FIRST_UNIT : 132
NO_UNITS : 1540
===============================
ID : DATAFS (0x17)
ATTR : RW STL SLC (0x1101)
FIRST_UNIT : 1672
NO_UNITS : 2120
===============================
ID : CACHE (0x18)
ATTR : RW STL SLC (0x1101)
FIRST_UNIT : 3792
NO_UNITS : 160
===============================
ID : MODEM (0xb)
ATTR : RO SLC (0x1002)
FIRST_UNIT : 3952
NO_UNITS : 60
===============================
loke_init: j4fs_open success..
load_lfs_parameters valid magic code and version.
reading nps status file is successfully!.
nps status=0x504d4f43
load_debug_level reading debug level from file successfully(0x574f4c44).
init_fuel_gauge: vcell = 4013mV, soc = 86
check_quick_start_condition- Voltage: 4013.75000, Linearized[74/89/100], Capacity: 89
init_fuel_gauge: vcell = 4013mV, soc = 86, rcomp = d000
reading nps status file is successfully!.
nps status=0x504d4f43
PMIC_IRQ1 = 0x20
PMIC_IRQ2 = 0x0
PMIC_IRQ3 = 0x0
PMIC_IRQ4 = 0x0
PMIC_STATUS1 = 0x40
PMIC_STATUS2 = 0x0
get_debug_level current debug level is 0x574f4c44.
aries_process_platform: Debug Level Low
keypad_scan: key value ----------------->= 0x0
CONFIG_ARIES_REV:48 , CONFIG_ARIES_REV03:48
check_download: micorusb_status1 = 400, key_value = 0
aries_process_platform: final s1 booting mode = 0
DISPLAY_PATH_SEL[MDNIE 0x1]is on
MDNIE setting Init start!!
vsync interrupt is off
video interrupt is off
[fb0] turn on
MDNIE setting Init end!!
Autoboot (0 seconds) in progress, press any key to stop
get_debug_level current debug level is 0x574f4c44.
get_debug_level current debug level is 0x574f4c44.
boot_kernel: Debug Level Low
FOTA Check Bit
Read BML page=, NumPgs=
FOTA Check Bit (0xffffffff)
Load Partion idx = (6)
..............................done
Kernel read success from kernel partition no.6, idx.6.
setting param.serialnr=0x3733b898 0x1ffc00ec
setting param.board_rev=0x30
setting param.cmdline=console=ttySAC2,115200 loglevel=4
Starting kernel at 0x32000000...
== The SBL (Secondary BootLoader) ==
The most interesting line out of all of that was:
Code:
Autoboot (0 seconds) in progress, press any key to stop
If you happen to hold down the Enter/Return key while booting the phone you will get into the "SBL>" prompt.
The Secondary BootLoader is essentially like u-boot.
Code:
...
DISPLAY_PATH_SEL[MDNIE 0x1]is on
MDNIE setting Init start!!
vsync interrupt is off
video interrupt is off
[fb0] turn on
MDNIE setting Init end!!
Autoboot (0 seconds) in progress, press any key to stop Autoboot aborted..
SBL>
If we type help, we will get some commands you can run. Some of these commands are affected by what is set in the environment.
Code:
SBL> help
Following commands are supported:
* setenv
* saveenv
* printenv
* help
* reset
* boot
* kernel
* format
* open
* close
* erasepart
* eraseall
* loadkernel
* showpart
* addpart
* delpart
* savepart
* nkernel
* nramdisk
* nandread
* nandwrite
* usb
* mmctest
* keyread
* readadc
* usb_read
* usb_write
* fuelgauge
* pmic_read
* pmic_write
To get commands help, Type "help <command>"
SBL>
You can get some minimal help for each command:
Code:
SBL> help loadkernel
* Help : loadkernel
* Usage : loadkernel
load kernel image
- loadkernel 0x80A00000 from kernel partition
Another set of intersting commands here are the ones that manipulate the environment:
setenv
saveenv
printenv
Code:
SBL> help setenv
* Help : setenv
* Usage : setenv [name] [value] . .
Modify current environment info on ram
SBL> help saveenv
* Help : saveenv
* Usage : saveenv
Save cuurent environment info to flash
SBL> help printenv
* Help : printenv
* Usage : printenv
Print current environment info on ram
printenv is probably the safest of them to run, so lets try this first.
Code:
SBL> printenv
PARAM Rev 1.3
SERIAL_SPEED : 7
LOAD_RAMDISK : 0
BOOT_DELAY : 0
LCD_LEVEL : 97
SWITCH_SEL : 1
PHONE_DEBUG_ON : 0
LCD_DIM_LEVEL : 0
LCD_DIM_TIME : 6
MELODY_MODE : 1
REBOOT_MODE : 0
NATION_SEL : 0
LANGUAGE_SEL : 0
SET_DEFAULT_PARAM : 0
CUST_KERNEL_DL_COUNT : 0
KERNEL_BINARY_TYPE : 0
VERSION : I9000XXIL
CMDLINE : console=ttySAC2,115200 loglevel=4
DELTA_LOCATION : /mnt/rsv
PARAM_STR_3 :
PARAM_STR_4 :
I'm not fully sure what all of these options are, but the ones I know about are SWITCH_SEL and PHONE_DEBUG_ON.
I usually turn SWITCH_SEL to 765431. If I turn 2 on, I don't get anything. It would be worthy to test each number in SWITCH_SEL to figure out what number changes what. That maybe specific to the device I have.
Setting at least 6543 in SWITCH_SEL will give you kernel log output:
Code:
setenv SWITCH_SEL 6543
saveenv
I also set PHONE_DEBUG_ON to 1:
Code:
setenv PHONE_DEBUG_ON 1
saveenv
When I set this, I get some extended battery statistics like:
Code:
[BAT] CHR(0) CAS(0) CHS(3) DCR(0) ACP(2) BAT(81,0,0) TE(31) HE(1) VO(3926) ED(1000) RC(0) CC(0) VF(591) LO(0)
You must remember that after running setenv, you must then run saveenv at least once at the end to save the environment. I believe this environment info is saved to either an offset on the sbl partition or on the param.lfs. It would be useful to find this out, because u-boot has a userspace utility (that you can use from within linux userspace) to modify the u-boot environment. It may be handy to use a tool like that to modify the CMDLINE option during rom flashing time.
Also, instead of powering your phone off then on again to put the new settings in place, just run reset from the sbl prompt to reboot the phone with the new settings.
Anyways, This is what I have so far. I will be adding more to this as time goes on.
Enjoy!
-Bryan
Very nice and clear guide!
Also check out my Anyway thread on more details about JIG resistances etc. Soon I hope there will be more added to that about building your own Samsung Test Jig...
Setenv switch sel 1234567
Phone debug on 1
This gives you some kernel debugging.
bhundven said:
I usually turn SWITCH_SEL to 765431. If I turn 2 on, I don't get anything. It would be worthy to test each number in SWITCH_SEL to figure out what number changes what.
Click to expand...
Click to collapse
AdamOutler said:
Setenv switch sel 1234567
Phone debug on 1
This gives you some kernel debugging.
Click to expand...
Click to collapse
Yup. I've got that in there.
It's interesting to note that not all bootloaders are created equal. My results are on SGH-T959V.
Any chance that it will work witch Galaxy Ace too?
dragonnn said:
Any chance that it will work witch Galaxy Ace too?
Click to expand...
Click to collapse
I'm not sure. The GT-i9001 and the SGH-i717 (at&t galaxy note) also both have the FSA9480 chip, but use Qualcomm chips. I can only get some bootloader output from the SGH-i717:
Code:
Android Bootloader - UART_DM Initialized!!!
[VIBETONZ] ENABLE
[VIBETONZ] DISABLE
HW_REV = 12
mipi_init : status = 1
HW_REV = 12
start init_charger
smb328a_init_charger : is_reboot_mode = 0, vcell = 3975
check valid dcin (0x33) = 0x0
no dcin, skip init_charger
fuelguage : soc = 80%, vcell = 3975mV
fuelguage : rcomp(0xd01f) ==?? 0xd0d0
HW_REV = 12
VReset : 0x8c
Hibernation mode : 0x0
8340 = ( 397500 - 334350 ) * 13207 / 100000
HW_REV = 12
reboot_mode = 0xb6cef249
do key check
enter normal booting mode
AST_POWERON
usable ddi data.
HW_REV = 12
HW_REV = 12
E.V.A. said that it might be some debugging setting in the kernel that might have disabled the kernel log output.
It would be helpful to get some MSM developers here to help us out with that!
bhundven said:
I'm not sure. The GT-i9001 and the SGH-i717 (at&t galaxy note) also both have the FSA9480 chip, but use Qualcomm chips. I can only get some bootloader output from the SGH-i717:
Click to expand...
Click to collapse
I looked in the kernel source and it have ./drivers/i2c/chips/fsa9280.c and the driver is included in the build kernel:good:. As far I understand we can using this method recovery the phone from hard brick? That will be really nice, my friend bricked his Ace, maybe he can use this method.
dragonnn said:
I looked in the kernel source and it have ./drivers/i2c/chips/fsa9280.c and the driver is included in the build kernel:good:. As far I understand we can using this method recovery the phone from hard brick? That will be really nice, my friend bricked his Ace, maybe he can use this method.
Click to expand...
Click to collapse
Currently, I only know this method to work on SGS( not sgs2 or sgs3 ) phones with the FSA9480.
bhundven said:
Yup. I've got that in there.
It's interesting to note that not all bootloaders are created equal. My results are on SGH-T959V.
Click to expand...
Click to collapse
The switches are messages from levels 1-7. Turn on more to get more messages.
AdamOutler said:
The switches are messages from levels 1-7. Turn on more to get more messages.
Click to expand...
Click to collapse
That makes sense, but what doesn't is if I set SWITCH_SEL to 1234567 or any combination with 2, I get no output. As long as I don't have 2 in there, it works fine. Must just be this device.
Memory Architecture
Of course each device will have a different Memory Map. Each carrier designs their varient based on what they want and need to function. The MM is sectioned off in the ROM. Any user or modifiable area is stored in RAM so remember we are working in an area that is not supposed to touched (ROM).
Bootloaders are tricky beasts, have never developed a flashing algorithm so I don't know. Usually BLs are not updated after release ( atleast in my field) only sw/fw is.
Either way, excellent ideas, but there is always a way in!
Fly-n-High said:
Of course each device will have a different Memory Map. Each carrier designs their varient based on what they want and need to function. The MM is sectioned off in the ROM. Any user or modifiable area is stored in RAM so remember we are working in an area that is not supposed to touched (ROM).
Bootloaders are tricky beasts, have never developed a flashing algorithm so I don't know. Usually BLs are not updated after release ( atleast in my field) only sw/fw is.
Either way, excellent ideas, but there is always a way in!
Click to expand...
Click to collapse
huh?
Good post
Nice...!!
Thanks you~
can't get SBL or PBL logs on uart in galaxy-y (GT-S5360)
Hello sir,
Thanks for your great tutorial .
I Tried to get uart on galaxy-y (GT-S5360) . I got a working uart but can't see any PBL or SBL logs during the boot. The only log I see during the booting is
Code:
AST_POWERON..
BOOTING COMPLETED
After booting, uart works fine and i can use a shell via serial using command
(on phone)
Code:
busybox sh</dev/ttyS0 >/dev/ttyS0
and on PC
Code:
microcom -s 115200 -p /dev/ttyS0
ttyS0 settings of the phone is
Code:
speed 115200 baud; line = 0;
intr = ^C; quit = ^\; erase = ^?; kill = ^U; eof = ^D; eol = <undef>;
eol2 = <undef>; swtch = <undef>; start = ^Q; stop = ^S; susp = ^Z; rprnt = ^R;
werase = ^W; lnext = ^V; flush = ^O; min = 1; time = 0;
-parenb -parodd cs8 hupcl -cstopb cread clocal -crtscts
-ignbrk -brkint -ignpar -parmrk -inpck -istrip -inlcr -igncr icrnl ixon -ixoff
-iuclc -ixany -imaxbel -iutf8
opost -olcuc -ocrnl onlcr -onocr -onlret -ofill -ofdel nl0 cr0 tab0 bs0 vt0 ff0
isig icanon iexten echo echoe echok -echonl -noflsh -xcase -tostop -echoprt
echoctl echoke
And that of PC is
Code:
speed 115200 baud; rows 0; columns 0; line = 0;
intr = ^C; quit = ^\; erase = ^?; kill = ^U; eof = ^D; eol = <undef>;
eol2 = <undef>; swtch = <undef>; start = ^Q; stop = ^S; susp = ^Z; rprnt = ^R;
werase = ^W; lnext = ^V; flush = ^O; min = 1; time = 0;
-parenb -parodd cs8 hupcl -cstopb cread clocal -crtscts
ignbrk -brkint -ignpar -parmrk -inpck -istrip -inlcr -igncr -icrnl -ixon -ixoff
-iuclc -ixany -imaxbel -iutf8
opost -olcuc -ocrnl -onlcr -onocr -onlret -ofill -ofdel nl0 cr0 tab0 bs0 vt0 ff0
isig -icanon iexten -echo echoe echok -echonl -noflsh -xcase -tostop -echoprt
-echoctl echoke
cat /proc/cmdline of phone is
Code:
console=ttyS0,115200n8 mem=362M kmemleak=off root=/dev/ram0 rw androidboot.console=ttyS0 mtdparts=bcm_umi-nand:[email protected](bcm_boot)ro,[email protected](loke)ro,[email protected](loke_bk)ro,[email protected](systemdata)ro,[email protected](modem)ro,[email protected](param_lfs)rw,[email protected](boot)ro,[email protected](boot_backup)ro,[email protected](system)rw,[email protected](cache)rw,[email protected](userdata)rw,[email protected](efs)rw,[email protected](sysparm_dep)ro,[email protected](umts_cal)ro,[email protected](cal)r BOOT_MODE=0 loglevel=0 BOOT_FOTA=0 DEBUG_LEVEL=LOW
Circuit diagram is attached below
any one please help
harish2704 said:
I Tried to get uart on galaxy-y (GT-S5360) . I got a working uart but can't see any PBL or SBL logs during the boot. The only log I see during the booting is
Code:
AST_POWERON..
BOOTING COMPLETED
Click to expand...
Click to collapse
I get something similar on a Samsung Rugby Smart (SGH-I847). I think they have tweaked the UART stuff on the newer devices that post date the Galaxy S devices. They might share the UART chip, but it seems as if they changed the loader implementation which is causing the newer devices to not see the PBL and SBL information during boot.
harish2704 said:
Circuit diagram is attached below
Click to expand...
Click to collapse
Have you tried a 150k or 619k resistor instead of the 523k? I was able to get output with both a 150k and 619k, but the output was very similar to what you have posted. Likely a long shot, but worth a try.
harish2704 said:
cat /proc/cmdline of phone is
Code:
console=ttyS0,115200n8 mem=362M kmemleak=off root=/dev/ram0 rw androidboot.console=ttyS0 mtdparts=bcm_umi-nand:[email protected](bcm_boot)ro,[email protected](loke)ro,[email protected](loke_bk)ro,[email protected](systemdata)ro,[email protected](modem)ro,[email protected](param_lfs)rw,[email protected](boot)ro,[email protected](boot_backup)ro,[email protected](system)rw,[email protected](cache)rw,[email protected](userdata)rw,[email protected](efs)rw,[email protected](sysparm_dep)ro,[email protected](umts_cal)ro,[email protected](cal)r BOOT_MODE=0 loglevel=0 BOOT_FOTA=0 DEBUG_LEVEL=LOW
Click to expand...
Click to collapse
Do you have any control over this? It might be the case that ttyS0 isn't setup during early-boot and you need to use a different tty to get it to output over the FSA chip.
Have you tried a 150k or 619k resistor instead of the 523k?
Click to expand...
Click to collapse
yes I tried I didn't feel any difference b/w 619k & 523k when tried. And with 150k, I couldn't get uart active ()
Do you have any control over this? It might be the case that ttyS0 isn't setup during early-boot and you need to use a different tty to get it to output over the FSA chip
Click to expand...
Click to collapse
.
What you mean by control? You mean, can i change this parameters? yes its possible by reflashing (update.zip methode)
Or
you mean do i have control on ttyS0 device? yes I could change that by
Code:
busybox stty -F /dev/ttyS0 ..........
command
Sorry for my language
harish2704 said:
What you mean by control? You mean, can i change this parameters? yes its possible by reflashing (update.zip methode)
Click to expand...
Click to collapse
This is the method I was referring to. If you tweak the parameters you might be able to get the kernel log over serial.
Sent from my SAMSUNG-SGH-I547 using Tapatalk 2
Can you please describe about the tweaks i have to do...
in my knowledge, kernel param
Code:
console=ttyS0,115200n8
is enough for that....
So please specify the tweaks...
harish2704 said:
Can you please describe about the tweaks i have to do...
in my knowledge, kernel param
Code:
console=ttyS0,115200n8
is enough for that....
So please specify the tweaks...
Click to expand...
Click to collapse
If you can interact with ttyS0 post-boot I'd expect it to work. Is there maybe anther serial device such as ttyHS0 or similar that you can interact with? If so, that might be something to try.
You need to change that ttyS0 to ttySAC2 in the boot parameters. Use the abootimg tool on Ubuntu. Apt-get install abootimg.
Related
Hi there,
maybe not a XDA specific Question but maybe s.o. could still help me.
I've got a SIEMENS emem ES75 GSM Modem wich I wanted to use as a SMS receiver for my Party next month (receive sms and project them onto a wall )
But I have some trouble controlling it using the AT-Commandset.
For example: the AT+GMM Command which should give me the name of the Manufacturer) Sometimes AT+ Commands are working, sometimes not.
As it works, I printed out the current settings using AT&V:
Code:
ACTIVE PROFILE:
E0 Q0 V1 X4 &C1 &D2 &S0 \Q0 \V1
S0:000 S3:013 S4:010 S5:008 S6:000 S7:060 S8:000 S10:002 S18:000
+CR: 0
+CRC: 0
+CMGF: 1
+CSDH: 0
+CNMI: 0,0,0,0,1
+ICF: 3
+IFC: 0,0
+ILRR: 0
+IPR: 115200
+CMEE: 0
^SMGO: 0,0
+CSMS: 0,1,1,1
^SACM: 0,"000000","FFFFFF"
^SLCC: 0
^SCKS: 0,1
^SSET: 0
+CREG: 0,1
+CLIP: 0,2
+CAOC: 0
+COPS: "T-MOBILE D"
+CGSMS: 3
Remember: it says "CURRENT PROFILE"
Then I used the AT&V Command when it did not work:
Code:
Current Settings............
E0 H0 Q0 V1
&C0 &D0 &P1 &R0 &S0
S00=000 S01=000 S02=043 S03=013 S04=010 S05=008 S06=000 S07=030
S08=000 S09=000 S10=000 S11=000 S12=050 S13=000 S14=000 S15=000
S16=000 S17=000 S18=000 S19=000 S20=000 S21=000 S22=000 S23=000
S24=000 S25=005 S26=001 S27=000 S28=000 S29=000 S30=000 S31=000
S32=000 S33=001 S34=000 S35=000 S36=000
#0 :
#1 :
#2 :
#3 :
#4 :
#5 :
#6 :
#7 :
#8 :
#9 :
Why does it output the "CURRENT SETTING" instead of the "CURRENT PROFILE"? And why can't I read the SMS? With this Setting it does not accept most of the AT+(..) commands. (AT+GMM, ...)
I sniffed the serial port communication from working applications and used the same commands and init-strings, but nothing
Any advice?
Nothing?
Hey guys, I set up my Arduino Mega to communicate via UART with my Infuse4g.
The UART output comes out of the USB port at 115200kbps on the D+ and D- lines when you connect a 619kOhm resistor to USB Pins 4 and 5. It can be used for kernel debugging or general hacking around.
Here's some pics of my setup.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
This emulates the "Test Board" from the KIT-S5PC110 which is used to develop the Aeries platform
You can make it do all kinds of crazy stuff....
Typical boot with battery just inserted.
Code:
1
-----------------------------------------------------------
Samsung Primitive Bootloader (PBL) v3.0
Copyright (C) Samsung Electronics Co., Ltd. 2006-2010
-----------------------------------------------------------
+n1stVPN 2688
+nPgsPerBlk 64
PBL found bootable SBL: Partition(3).
MAX8893_REG_ONOFF return val 1
MAX8893_REG_DISCHARGE return val ff
MAX8893_REG_LSTIME return val 8
MAX8893_REG_DVSRAMP return val 9
MAX8893_REG_BUCK return val 4
MAX8893_REG_LDO1 return val e
MAX8893_REG_LDO1 new val e
MAX8893_REG_LDO2 return val 10
MAX8893_REG_LDO2 new val 10
MAX8893_REG_ONOFF return val 1
MAX8893_REG_ONOFF new val 21
MAX8893_REG_ONOFF return val 21
MAX8893_REG_ONOFF new val 31
Set cpu clk. from 400MHz to 800MHz.
OM=0x9, device=OnenandMux(Audi)
IROM e-fused - Non Secure Boot Version.
-----------------------------------------------------------
Samsung Secondary Bootloader (SBL) v3.0
Copyright (C) Samsung Electronics Co., Ltd. 2006-2010
Board Name: ARIES REV 03
Build On: May 19 2011 22:17:14
-----------------------------------------------------------
Re_partition: magic code(0x0)
[PAM: ] ++FSR_PAM_Init
[PAM: ] OneNAND physical base address : 0xb0000000
[PAM: ] OneNAND virtual base address : 0xb0000000
[PAM: ] OneNAND nMID=0xec : nDID=0x50
[PAM: ] --FSR_PAM_Init
fsr_bml_load_partition: pi->nNumOfPartEntry = 12
partitions loading success
board partition information update.. source: 0x0
Now Read Images - ID : 1
.Done.
read 1 units.
==== PARTITION INFORMATION ====
ID : IBL+PBL (0x0)
ATTR : RO SLC (0x1002)
FIRST_UNIT : 0
NO_UNITS : 1
===============================
ID : PIT (0x1)
ATTR : RO SLC (0x1002)
FIRST_UNIT : 1
NO_UNITS : 1
===============================
ID : EFS (0x14)
ATTR : RW STL SLC (0x1101)
FIRST_UNIT : 2
NO_UNITS : 40
===============================
ID : SBL (0x3)
ATTR : RO SLC (0x1002)
FIRST_UNIT : 42
NO_UNITS : 5
===============================
ID : SBL2 (0x4)
ATTR : RO SLC (0x1002)
FIRST_UNIT : 47
NO_UNITS : 5
===============================
ID : PARAM (0x15)
ATTR : RW STL SLC (0x1101)
FIRST_UNIT : 52
NO_UNITS : 20
===============================
ID : KERNEL (0x6)
ATTR : RO SLC (0x1002)
FIRST_UNIT : 72
NO_UNITS : 30
===============================
ID : RECOVERY (0x7)
ATTR : RO SLC (0x1002)
FIRST_UNIT : 102
NO_UNITS : 30
===============================
ID : FACTORYFS (0x16)
ATTR : RW STL SLC (0x1101)
FIRST_UNIT : 132
NO_UNITS : 1146
===============================
ID : DBDATAFS (0x17)
ATTR : RW STL SLC (0x1101)
FIRST_UNIT : 1278
NO_UNITS : 536
===============================
ID : CACHE (0x18)
ATTR : RW STL SLC (0x1101)
FIRST_UNIT : 1814
NO_UNITS : 130
===============================
ID : MODEM (0xb)
ATTR : RO SLC (0x1002)
FIRST_UNIT : 1944
NO_UNITS : 60
===============================
loke_init: j4fs_open success..
load_lfs_parameters valid magic code and version.
reading nps status file is successfully!.
nps status=0x504d4f43
load_debug_level reading debug level from file successfully(0x574f4c44).
init_fuel_gauge: vcell = 3797mV, soc = 57
check_quick_start_condition- Voltage: 3797.50000, Linearized[45/60/75], Capacity: 59
init_fuel_gauge: vcell = 3797mV, soc = 57, rcomp = d01f
reading nps status file is successfully!.
nps status=0x504d4f43
PMIC_IRQ1 = 0x20
PMIC_IRQ2 = 0x0
PMIC_IRQ3 = 0x0
PMIC_IRQ4 = 0x0
PMIC_STATUS1 = 0x40
PMIC_STATUS2 = 0x0
get_debug_level current debug level is 0x574f4c44.
aries_process_platform: Debug Level Low
keypad_scan: key value ----------------->= 0x0
CONFIG_ARIES_REV:48 , CONFIG_ARIES_REV03:48
check_download: micorusb_status1 = 400, key_value = 0
aries_process_platform: final s1 booting mode = 0
DISPLAY_PATH_SEL[MDNIE 0x1]is on
MDNIE setting Init start!!
vsync interrupt is off
video interrupt is off
[fb0] turn on
MDNIE setting Init end!!
lcd_power_on_ld9040
s6e63m0_c110_spi_read_byte-------------------------: 86
DA lcd ID1 = 86
s6e63m0_c110_spi_read_byte-------------------------: 48
DB lcd ID2 = 48
s6e63m0_c110_spi_read_byte-------------------------: 44
DC lcd ID3 = 44
LCD_ID == 3
Autoboot (0 seconds) in progress, press any key to stop
get_debug_level current debug level is 0x574f4c44.
get_debug_level current debug level is 0x574f4c44.
boot_kernel: Debug Level Low
FOTA Check Bit
Read BML page=, NumPgs=
FOTA Check Bit (0xffffffff)
Load Partion idx = (6)
..............................done
Kernel read success from kernel partition no.6, idx.6.
setting param.serialnr=hex value hex value
setting param.board_rev=0x30
setting param.cmdline=console=ttySAC2,115200 loglevel=4
Starting kernel at 0x32000000...
0xF8
AST_POWERON
BOOTING COMPLETED
held enter while booting UART
Code:
Copyright (C) Samsung Electronics Co., Ltd. 2006-2010
-----------------------------------------------------------
+n1stVPN 2688
+nPgsPerBlk 64
PBL found bootable SBL: Partition(3).
MAX8893_REG_ONOFF return val 1
MAX8893_REG_DISCHARGE return val ff
MAX8893_REG_LSTIME return val 8
MAX8893_REG_DVSRAMP return val 9
MAX8893_REG_BUCK return val 2
MAX8893_REG_LDO1 return val 2
MAX8893_REG_LDO1 new val e
MAX8893_REG_LDO2 return val e
MAX8893_REG_LDO2 new val 10
MAX8893_REG_ONOFF return val 1
MAX8893_REG_ONOFF new val 21
MAX8893_REG_ONOFF return val 21
MAX8893_REG_ONOFF new val 31
Set cpu clk. from 400MHz to 800MHz.
OM=0x9, device=OnenandMux(Audi)
IROM e-fused - Non Secure Boot Version.
-----------------------------------------------------------
Samsung Secondary Bootloader (SBL) v3.0
Copyright (C) Samsung Electronics Co., Ltd. 2006-2010
Board Name: ARIES REV 03
Build On: May 19 2011 22:17:14
-----------------------------------------------------------
Re_partition: magic code(0x0)
[PAM: ] ++FSR_PAM_Init
[PAM: ] OneNAND physical base address : 0xb0000000
[PAM: ] OneNAND virtual base address : 0xb0000000
[PAM: ] OneNAND nMID=0xec : nDID=0x50
[PAM: ] --FSR_PAM_Init
fsr_bml_load_partition: pi->nNumOfPartEntry = 12
partitions loading success
board partition information update.. source: 0x0
Now Read Images - ID : 1
.Done.
read 1 units.
==== PARTITION INFORMATION ====
ID : IBL+PBL (0x0)
ATTR : RO SLC (0x1002)
FIRST_UNIT : 0
NO_UNITS : 1
===============================
ID : PIT (0x1)
ATTR : RO SLC (0x1002)
FIRST_UNIT : 1
NO_UNITS : 1
===============================
ID : EFS (0x14)
ATTR : RW STL SLC (0x1101)
FIRST_UNIT : 2
NO_UNITS : 40
===============================
ID : SBL (0x3)
ATTR : RO SLC (0x1002)
FIRST_UNIT : 42
NO_UNITS : 5
===============================
ID : SBL2 (0x4)
ATTR : RO SLC (0x1002)
FIRST_UNIT : 47
NO_UNITS : 5
===============================
ID : PARAM (0x15)
ATTR : RW STL SLC (0x1101)
FIRST_UNIT : 52
NO_UNITS : 20
===============================
ID : KERNEL (0x6)
ATTR : RO SLC (0x1002)
FIRST_UNIT : 72
NO_UNITS : 30
===============================
ID : RECOVERY (0x7)
ATTR : RO SLC (0x1002)
FIRST_UNIT : 102
NO_UNITS : 30
===============================
ID : FACTORYFS (0x16)
ATTR : RW STL SLC (0x1101)
FIRST_UNIT : 132
NO_UNITS : 1146
===============================
ID : DBDATAFS (0x17)
ATTR : RW STL SLC (0x1101)
FIRST_UNIT : 1278
NO_UNITS : 536
===============================
ID : CACHE (0x18)
ATTR : RW STL SLC (0x1101)
FIRST_UNIT : 1814
NO_UNITS : 130
===============================
ID : MODEM (0xb)
ATTR : RO SLC (0x1002)
FIRST_UNIT : 1944
NO_UNITS : 60
===============================
loke_init: j4fs_open success..
load_lfs_parameters valid magic code and version.
reading nps status file is successfully!.
nps status=0x504d4f43
load_debug_level reading debug level from file successfully(0x574f4c44).
init_fuel_gauge: vcell = 3777mV, soc = 48
check_quick_start_condition- Voltage: 3777.50000, Linearized[41/56/71], Capacity: 49
init_fuel_gauge: vcell = 3777mV, soc = 48, rcomp = d01f
reading nps status file is successfully!.
nps status=0x504d4f43
PMIC_IRQ1 = 0x30
PMIC_IRQ2 = 0x0
PMIC_IRQ3 = 0x0
PMIC_IRQ4 = 0x0
PMIC_STATUS1 = 0x40
PMIC_STATUS2 = 0x0
get_debug_level current debug level is 0x574f4c44.
aries_process_platform: Debug Level Low
keypad_scan: key value ----------------->= 0x0
CONFIG_ARIES_REV:48 , CONFIG_ARIES_REV03:48
check_download: micorusb_status1 = 400, key_value = 0
aries_process_platform: final s1 booting mode = 0
DISPLAY_PATH_SEL[MDNIE 0x1]is on
MDNIE setting Init start!!
vsync interrupt is off
video interrupt is off
[fb0] turn on
MDNIE setting Init end!!
lcd_power_on_ld9040
s6e63m0_c110_spi_read_byte-------------------------: 86
DA lcd ID1 = 86
s6e63m0_c110_spi_read_byte-------------------------: 48
DB lcd ID2 = 48
s6e63m0_c110_spi_read_byte-------------------------: 44
DC lcd ID3 = 44
LCD_ID == 3
Autoboot (0 seconds) in progress, press any key to stop Autoboot aborted..
SBL>
SBL>
SBL>
SBL>
SBL>
SBL>
SBL>
SBL>
SBL>
SBL>
SBL>
SBL Prompt
Code:
SBL> printenv
PARAM Rev 1.3
SERIAL_SPEED : 7
LOAD_RAMDISK : 0
BOOT_DELAY : 0
LCD_LEVEL : 97
SWITCH_SEL : 65
PHONE_DEBUG_ON : 0
LCD_DIM_LEVEL : 0
LCD_DIM_TIME : 6
MELODY_MODE : 1
REBOOT_MODE : 0
NATION_SEL : 0
LANGUAGE_SEL : 0
SET_DEFAULT_PARAM : 0
PARAM_INT_13 : 0
PARAM_INT_14 : 0
VERSION : I9000XXIL
CMDLINE : console=ttySAC2,115200 loglevel=4
DELTA_LOCATION : /mnt/rsv
PARAM_STR_3 :
PARAM_STR_4 :
SBL> setenv SWITCH_SEL 6543
argv[0] : setenv
argv[1] : SWITCH_SEL
argv[2] : 6543
value : 6543
SBL> reboot
command_loop: parse command error! (reboot)
SBL> reset
Rebooting...
SB1
-----------------------------------------------------------
Samsung Primitive Bootloader (PBL) v3.0
Copyright (C) Samsung Electronics Co., Ltd. 2006-2010
-----------------------------------------------------------
+n1stVPN 2688
+nPgsPerBlk 64
PBL found bootable SBL: Partition(3).
MAX8893_REG_ONOFF return val 31
MAX8893_REG_DISCHARGE return val ff
MAX8893_REG_LSTIME return val 8
MAX8893_REG_DVSRAMP return val 9
MAX8893_REG_BUCK return val 2
MAX8893_REG_LDO1 return val e
MAX8893_REG_LDO1 new val e
MAX8893_REG_LDO2 return val 10
MAX8893_REG_LDO2 new val 10
MAX8893_REG_ONOFF return val 31
MAX8893_REG_ONOFF new val 31
MAX8893_REG_ONOFF return val 31
MAX8893_REG_ONOFF new val 31
Set cpu clk. from 400MHz to 800MHz.
OM=0x9, device=OnenandMux(Audi)
IROM e-fused - Non Secure Boot Version.
-----------------------------------------------------------
Samsung Secondary Bootloader (SBL) v3.0
Copyright (C) Samsung Electronics Co., Ltd. 2006-2010
Board Name: ARIES REV 03
Build On: May 19 2011 22:17:14
-----------------------------------------------------------
Re_partition: magic code(0x0)
[PAM: ] ++FSR_PAM_Init
[PAM: ] OneNAND physical base address : 0xb0000000
[PAM: ] OneNAND virtual base address : 0xb0000000
[PAM: ] OneNAND nMID=0xec : nDID=0x50
[PAM: ] --FSR_PAM_Init
fsr_bml_load_partition: pi->nNumOfPartEntry = 12
partitions loading success
board partition information update.. source: 0x0
Now Read Images - ID : 1
.Done.
read 1 units.
==== PARTITION INFORMATION ====
ID : IBL+PBL (0x0)
ATTR : RO SLC (0x1002)
FIRST_UNIT : 0
NO_UNITS : 1
===============================
ID : PIT (0x1)
ATTR : RO SLC (0x1002)
FIRST_UNIT : 1
NO_UNITS : 1
===============================
ID : EFS (0x14)
ATTR : RW STL SLC (0x1101)
FIRST_UNIT : 2
NO_UNITS : 40
===============================
ID : SBL (0x3)
ATTR : RO SLC (0x1002)
FIRST_UNIT : 42
NO_UNITS : 5
===============================
ID : SBL2 (0x4)
ATTR : RO SLC (0x1002)
FIRST_UNIT : 47
NO_UNITS : 5
===============================
ID : PARAM (0x15)
ATTR : RW STL SLC (0x1101)
FIRST_UNIT : 52
NO_UNITS : 20
===============================
ID : KERNEL (0x6)
ATTR : RO SLC (0x1002)
FIRST_UNIT : 72
NO_UNITS : 30
===============================
ID : RECOVERY (0x7)
ATTR : RO SLC (0x1002)
FIRST_UNIT : 102
NO_UNITS : 30
===============================
ID : FACTORYFS (0x16)
ATTR : RW STL SLC (0x1101)
FIRST_UNIT : 132
NO_UNITS : 1146
===============================
ID : DBDATAFS (0x17)
ATTR : RW STL SLC (0x1101)
FIRST_UNIT : 1278
NO_UNITS : 536
===============================
ID : CACHE (0x18)
ATTR : RW STL SLC (0x1101)
FIRST_UNIT : 1814
NO_UNITS : 130
===============================
ID : MODEM (0xb)
ATTR : RO SLC (0x1002)
FIRST_UNIT : 1944
NO_UNITS : 60
===============================
loke_init: j4fs_open success..
load_lfs_parameters valid magic code and version.
reading nps status file is successfully!.
nps status=0x504d4f43
load_debug_level reading debug level from file successfully(0x574f4c44).
init_fuel_gauge: vcell = 3768mV, soc = 48
check_quick_start_condition- Voltage: 3768.75000, Linearized[40/55/70], Capacity: 49
init_fuel_gauge: vcell = 3768mV, soc = 48, rcomp = d01f
reading nps status file is successfully!.
nps status=0x504d4f43
PMIC_IRQ1 = 0x0
PMIC_IRQ2 = 0x0
PMIC_IRQ3 = 0x0
PMIC_IRQ4 = 0x0
PMIC_STATUS1 = 0x40
PMIC_STATUS2 = 0x0
get_debug_level current debug level is 0x574f4c44.
aries_process_platform: Debug Level Low
keypad_scan: key value ----------------->= 0x0
CONFIG_ARIES_REV:48 , CONFIG_ARIES_REV03:48
check_download: micorusb_status1 = 400, key_value = 0
aries_process_platform: final s1 booting mode = 0
DISPLAY_PATH_SEL[MDNIE 0x1]is on
MDNIE setting Init start!!
vsync interrupt is off
video interrupt is off
[fb0] turn on
MDNIE setting Init end!!
lcd_power_on_ld9040
s6e63m0_c110_spi_read_byte-------------------------: 86
DA lcd ID1 = 86
s6e63m0_c110_spi_read_byte-------------------------: 48
DB lcd ID2 = 48
s6e63m0_c110_spi_read_byte-------------------------: 44
DC lcd ID3 = 44
LCD_ID == 3
Autoboot (0 seconds) in progress, press any key to stop
get_debug_level current debug level is 0x574f4c44.
get_debug_level current debug level is 0x574f4c44.
boot_kernel: Debug Level Low
FOTA Check Bit
Read BML page=, NumPgs=
FOTA Check Bit (0xffffffff)
Load Partion idx = (6)
..............................done
Kernel read success from kernel partition no.6, idx.6.
setting param.serialnr=serial number.....
setting param.board_rev=0x30
setting param.cmdline=console=ttySAC2,115200 loglevel=4
Starting kernel at 0x32000000...
0xF8
AST_POWERON
BOOTING COMPLETED
All commands available at SBL Prompt.
Code:
SBL> help
Following commands are supported:
* setenv
* saveenv
* printenv
* help
* reset
* boot
* kernel
* format
* open
* close
* erasepart
* eraseall
* loadkernel
* showpart
* addpart
* delpart
* savepart
* nkernel
* nramdisk
* nandread
* nandwrite
* usb
* mmctest
* keyread
* readadc
* usb_read
* usb_write
* fuelgauge
* pmic_read
* pmic_write
To get commands help, Type "help <command>"
SBL> help setenv
* Help : setenv
* Usage : setenv [name] [value] . .
Modify current environment info on ram
SBL> help saveenv
* Help : saveenv
* Usage : saveenv
Save cuurent environment info to flash
SBL> help printenv
* Help : printenv
* Usage : printenv
Print current environment info on ram
SBL> help reset
* Help : reset
* Usage : reboot
Reboot system
SBL> help boot
* Help : boot
* Usage : boot [kernel options]
Boot Linux with optional kernel options
SBL> help kernel
* Help : kernel
* Usage : kernel hex_adr
Change the Linux kernel base
SBL> help format
* Help : format
* Usage : format
format device
SBL> help open
* Help : open
* Usage : open
open device
SBL> help close
* Help : close
* Usage : close
close device
SBL> help erasepart
* Help : erasepart
* Usage : erasepart partition_id
erase part of units
- ex) erase 0x9(temp partition)
SBL> help eraseall
* Help : eraseall
* Usage : eraseall
erase all units
SBL> help loadkernel
* Help : loadkernel
* Usage : loadkernel
load kernel image
- loadkernel 0x80A00000 from kernel partition
SBL> help showpart
* Help : showpart
* Usage : showpart
show partition information
SBL> help addpart
* Help : addpart
* Usage : addpart <id> <attr> <unit>
add partition information
- ex) addpart 0x(id) 0x1(attr) 0x10(units)
SBL> help delpart
* Help : delpart
* Usage : delpart
delete last partition information
SBL> help savepart
* Help : savepart
* Usage : savepart
save partition information
SBL> help nkernel
* Help : nkernel
* Usage : nkernel command
* Usage : nkernel
read kernel from flash to DDR
SBL> help nramdisk
* Help : nramdisk
* Usage : nramdisk command
* Usage : nramdisk
read ramdisk from flash to DDR
SBL> help nandread
* Help : nandread
* Usage : * Usage : nandread <PARTID> <SIZE>
read partition from flash to SDRAM(0x80000000)
SBL> help nandwrite
* Help : nandwrite
* Usage : * Usage: nandwrite <PARTID> <SIZE>
write partition from SDRAM(0x80000000) to flash
SBL> help usb
* Help : usb
* Usage : usb download command
SBL> help mmctest
* Help : mmctest
* Usage : *Usage : mmctest
SBL> help keyread
* Help : keyread
* Usage : *Usage : keyread
SBL> help readadc
* Help : readadc
* Usage : *Usage : readadc <channel>
SBL> help usb_read
* Help : usb_read
* Usage : usb_read reg
Read the usb ic register
SBL> help usb_write
* Help : usb_write
* Usage : usb_write reg, val
Read the usb ic register
SBL> help fuelgauge
* Help : fuelgauge
* Usage : *usage : fuelgauge
SBL> help pmic_read
* Help : pmic_read
* Usage : pmic_read reg
Read the pmic register
SBL> help pmic_write
* Help : pmic_write
* Usage : pmic_write reg, val
Read the pmic register
SBL> printenv
PARAM Rev 1.3
SERIAL_SPEED : 7
LOAD_RAMDISK : 0
BOOT_DELAY : 0
LCD_LEVEL : 97
SWITCH_SEL : 65
PHONE_DEBUG_ON : 0
LCD_DIM_LEVEL : 0
LCD_DIM_TIME : 6
MELODY_MODE : 1
REBOOT_MODE : 0
NATION_SEL : 0
LANGUAGE_SEL : 0
SET_DEFAULT_PARAM : 0
PARAM_INT_13 : 0
PARAM_INT_14 : 0
VERSION : I9000XXIL
CMDLINE : console=ttySAC2,115200 loglevel=4
DELTA_LOCATION : /mnt/rsv
PARAM_STR_3 :
PARAM_STR_4 :
SBL> showpart
board partition information update.. source: 0x0
Now Read Images - ID : 1
.Done.
read 1 units.
==== PARTITION INFORMATION ====
ID : IBL+PBL (0x0)
ATTR : RO SLC (0x1002)
FIRST_UNIT : 0
NO_UNITS : 1
===============================
ID : PIT (0x1)
ATTR : RO SLC (0x1002)
FIRST_UNIT : 1
NO_UNITS : 1
===============================
ID : EFS (0x14)
ATTR : RW STL SLC (0x1101)
FIRST_UNIT : 2
NO_UNITS : 40
===============================
ID : SBL (0x3)
ATTR : RO SLC (0x1002)
FIRST_UNIT : 42
NO_UNITS : 5
===============================
ID : SBL2 (0x4)
ATTR : RO SLC (0x1002)
FIRST_UNIT : 47
NO_UNITS : 5
===============================
ID : PARAM (0x15)
ATTR : RW STL SLC (0x1101)
FIRST_UNIT : 52
NO_UNITS : 20
===============================
ID : KERNEL (0x6)
ATTR : RO SLC (0x1002)
FIRST_UNIT : 72
NO_UNITS : 30
===============================
ID : RECOVERY (0x7)
ATTR : RO SLC (0x1002)
FIRST_UNIT : 102
NO_UNITS : 30
===============================
ID : FACTORYFS (0x16)
ATTR : RW STL SLC (0x1101)
FIRST_UNIT : 132
NO_UNITS : 1146
===============================
ID : DBDATAFS (0x17)
ATTR : RW STL SLC (0x1101)
FIRST_UNIT : 1278
NO_UNITS : 536
===============================
ID : CACHE (0x18)
ATTR : RW STL SLC (0x1101)
FIRST_UNIT : 1814
NO_UNITS : 130
===============================
ID : MODEM (0xb)
ATTR : RO SLC (0x1002)
FIRST_UNIT : 1944
NO_UNITS : 60
===============================
SBL> mmctest
Enable Movinand
[set_mmc_ocr] Sector Mode
[hsmmc_init] MMC card is detected
Product Name : MAG4FA
<display_card_info:935> ext_csd
<display_card_info:937>card_size: 15264
Total Card Size: 15265 MByte
SBL> keyread
keyread: row(0) col(0) read key value = 0x1
keyread: row(1) col(0) read key value = 0x2
SBL> pmic_read
---------read pmic register : multiple
(0x0 : 0x0), (0x1 : 0x0), (0x2 : 0x0), (0x3 : 0x0),
(0x4 : 0x0), (0x5 : 0xf0), (0x6 : 0x0), (0x7 : 0x0),
(0x8 : 0x40), (0x9 : 0x0), (0xa : 0xff), (0xb : 0xff),
(0xc : 0xa), (0xd : 0x80), (0xe : 0xff), (0xf : 0xff),
(0x10 : 0x3f), (0x11 : 0xef), (0x12 : 0x78), (0x13 : 0x10),
(0x14 : 0xbb), (0x15 : 0x12), (0x16 : 0x12), (0x17 : 0x12),
(0x18 : 0x12), (0x19 : 0xe), (0x1a : 0xe), (0x1b : 0x2),
(0x1c : 0x4), (0x1d : 0x86), (0x1e : 0x11), (0x1f : 0xc),
(0x20 : 0x2), (0x21 : 0x2), (0x22 : 0x30), (0x23 : 0xac),
(0x24 : 0x4), (0x25 : 0x14), (0x26 : 0x6), (0x27 : 0x10),
(0x28 : 0x2), (0x29 : 0xe), (0x2a : 0x31), (0x2b : 0x17),
This is what happens when you go into download mode... this occurs near the end of the SBL.
Code:
SBL> usb
reading nps status file is successfully!.
nps status=0x504d4f43
==> Welcome to ARIES!
==> Entering usb download mode..
DISPLAY_PATH_SEL[MDNIE 0x1]is on
MDNIE setting Init start!!
vsync interrupt is off
video interrupt is off
[fb0] turn on
MDNIE setting Init end!!
lcd_power_on_ld9040
s6e63m0_c110_spi_read_byte-------------------------: 86
DA lcd ID1 = 86
s6e63m0_c110_spi_read_byte-------------------------: 48
DB lcd ID2 = 48
s6e63m0_c110_spi_read_byte-------------------------: 44
DC lcd ID3 = 44
LCD_ID == 3
Really man...have you already taken this thing apart?
Sent from my SGH-I897 using XDA Premium App
and here's the kernel debugging.... in case the kernel locks up during boot and Android will not function correctly, it provides a shell. Authorize ahead of time so that you can use Super User.
The settings in SBL prompt are
Code:
setenv SWITCH_SEL 6543
setenv PHONE_DEBUG_ON 1
saveenv
This can be very useful for kernel devlopers
Code:
Starting kernel at 0x32000000...
Uncompressing Linux...................................................................................................................................................................................
[ 0.000000] copy: bad source 0
[ 0.000000] mout_audss: bad source 0
[ 0.090142] KERNEL:kernel_sec_get_debug_level_from_boot=0x574f4c44
[ 0.094877] KERNEL:magic_number=0x0 DEBUG LEVEL low!!
[ 0.099895] (kernel_sec_set_upload_cause) : upload_cause set 0
[ 5.833835] init: cannot find '/system/etc/install-recovery.sh', disabling 'flash_recovery'
sh: can't access tty; job control turned off
$ [ 11.433364] init: no such service 'bootanim'
[ 24.851663] init: sys_prop: permission denied uid:1000 name:wifi.interface
[ 35.227503] init: no such service 'bootanim'
[ 38.484304] init: sys_prop: permission denied uid:1000 name:dpm.allowcamera
su
sh: can't access tty; job control turned off
# dmesg|tail
<4>[ 47.443068] [email protected]
<4>[ 51.363390] mook - wm8994 TTY Off
<4>[ 51.666438] eth0: SIOCSIWSCAN : ISCAN
<4>[ 51.667822] +++: Set Broadcast ISCAN
<4>[ 53.013468] [email protected]
<4>[ 54.447852] Send Event ISCAN complete
<4>[ 54.448053] eth0 wl_iw_iscan_get_scan buflen_from_user 8192:
<4>[ 54.448067] eth0: SIOCGIWSCAN GET broadcast results
<4>[ 54.448111] wl_iw_iscan_get_scan return to WE 803 bytes APs=3
<4>[ 84.445803] wl_iw_set_ss_cache_timer_flag called
#
Looks like samsung has an autorun to reflash the recovery partition at /system/etc/install-recovery.sh
bulletproof1013 said:
Really man...have you already taken this thing apart?
Sent from my SGH-I897 using XDA Premium App
Click to expand...
Click to collapse
No, and I don't plan on it unless I have a problem that requires me to take it apart. Apparently this phone does not have bricking problems with people porting bootloaders from other devices.
I can see this being very handy indeed. Running kernels blind, having to get to at least ADB is a real pain. At least we now know this method works for the Infuse.
No bricking problems? Really?
Sent from my SGH-I897 using XDA Premium App
AdamOutler said:
No, and I don't plan on it unless I have a problem that requires me to take it apart. Apparently this phone does not have bricking problems with people porting bootloaders from other devices.
Click to expand...
Click to collapse
No bricking problems b/c we can't flash bootloaders haha. Well actually there is a way, but the only person to try said way bricked.
That's because the bootloaders are lock. well not motorola lock. I've read some where in the Galaxy tab 10.1 forum that Samsung had to lock the bootloaders because of copyright issues with media hub. if thats true Roger infuse don't offer media hub and the bootloaders for that phone are not lock. we got an update for the tab 10.1 that lock the bootloaders and the tab offer media hub could be true since Samsung are not known for locking them. I could be wrong.
Sent from my SAMSUNG-SGH-I997 using XDA Premium App
gtg465x said:
No bricking problems b/c we can't flash bootloaders haha. Well actually there is a way, but the only person to try said way bricked.
Click to expand...
Click to collapse
*raises hand* hehe
But I'm wondering if accessing the phone via UART would work with a device that's hardbricked as bad as that was? Too late to test now, it's already in the mail. ... unless I were to try flashing bootloaders like we did before? hehe
Aou said:
*raises hand* hehe
But I'm wondering if accessing the phone via UART would work with a device that's hardbricked as bad as that was? Too late to test now, it's already in the mail. ... unless I were to try flashing bootloaders like we did before? hehe
Click to expand...
Click to collapse
I have JTAG capabilities if you want to test.
You can get into download mode as long as you have SBL.
I've worked on and developed a way to turn Captivate into KIT-S5PC110 (the aeries development platform)... http://forum.xda-developers.com/showthread.php?t=1206216 It may be possible on this device.... I'm still working on my captivate.
AdamOutler said:
I have JTAG capabilities if you want to test.
You can get into download mode as long as you have SBL.
I've worked on and developed a way to turn Captivate into KIT-S5PC110 (the aeries development platform)... http://forum.xda-developers.com/showthread.php?t=1206216 It may be possible on this device.... I'm still working on my captivate.
Click to expand...
Click to collapse
Thanks, but the dead phone is gone and in the mail. I'd rather not void a warranty on this device by using JTAG. That device would not even go to download mode when using a JIG. Even the battery charging screen was gone. It was a hard brick.
AdamOutler said:
I have JTAG capabilities if you want to test.
You can get into download mode as long as you have SBL.
I've worked on and developed a way to turn Captivate into KIT-S5PC110 (the aeries development platform)... http://forum.xda-developers.com/showthread.php?t=1206216 It may be possible on this device.... I'm still working on my captivate.
Click to expand...
Click to collapse
Since you have JTAG capabilities there should be no risk of bricking. Maybe you can experiment with bootloader flashing on this phone. I can link you to gb bootloaders and custom bmlwriter flashing program if you're interested.
gtg465x said:
Since you have JTAG capabilities there should be no risk of bricking. Maybe you can experiment with bootloader flashing on this phone. I can link you to gb bootloaders and custom bmlwriter flashing program if you're interested.
Click to expand...
Click to collapse
Did you ever get a copy of BML5 from a Rogers device?
Aou said:
Did you ever get a copy of BML5 from a Rogers device?
Click to expand...
Click to collapse
Yes, but there's a bit of a problem with that. The dump of bml5 was blank. We aren't entirely sure what's going on with our bootloaders, thus the need for someone with a JTAG to test crazy ass shiz.
edit: Although it's not a pressing issue now that we have a kernel workaround for no GB bootloaders.
gtg465x said:
Since you have JTAG capabilities there should be no risk of bricking. Maybe you can experiment with bootloader flashing on this phone. I can link you to gb bootloaders and custom bmlwriter flashing program if you're interested.
Click to expand...
Click to collapse
I just gave you 1001 thanks! lol.
Just because you have a JTAG writer does not mean it's easy to JTAG a device. I would test with bootloaders if something required it, however it's not a good idea to go flashing random bootloaders ever... Only if required.
The proper way is to rework the kernel like you did.
Well, thanks to your original post, I was able to get something from the UART on my Infuse. Unfortunately, it's all garbage. Are you using a standard RS-232 connection, or TTL 5v connection? If using TTL 5v, would it be possible to use a TTL 3.3v? This is what I'm getting in putty:
½^ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZÚ¯¿¿¿Y=%#1¿_¿{!!'!=7/¿¯y*¿Y=%#1¿u'59¿y!£§¿g7£¿¥ë奥¥¥¥¥¥¥¥¥¥¥¥¥¥¥¥¥¥¥¥¥¥¥¥¥¥¥¥¥¥¥¥¥¥¥¥¥¥¥¥¥¥¥¥¥¥¥¥¥¥¥¥¥¥¥¥¥¥ëåëåj¤t4õ5ý¿¿¿¿¿¿¿ëåj¤Ê_5')¿¿¿¿¿ëåµ--!#¯*£ëåßg
(repeats). I get a whole new set of garbage when I put int he battery. It all looks like your video on youtube with the captivate, but it's just all garbage. I tracked down another forum post where you were getting garbage also, but then never posted the resolution.
Any help would be awesome. Thanks!
gtg465x said:
Since you have JTAG capabilities there should be no risk of bricking. Maybe you can experiment with bootloader flashing on this phone. I can link you to gb bootloaders and custom bmlwriter flashing program if you're interested.
Click to expand...
Click to collapse
I don't think he's got JTAG capabilities on the phone yet, and probably won't until he REALLY needs them.
Getting JTAG capability requires soldering a connector to the board permanently or semi-permanently, or soldering individual wires to the board only for the flash process. No one has been able to figure out any compression-spring/pogo-pin contact approach, the connector pad pitch is just too damn small.
Otherwise I'd probably have JTAG capability too. If not for the connector issue I'd be experimenting with a Bus Blaster v2.
Entropy512 said:
I don't think he's got JTAG capabilities on the phone yet, and probably won't until he REALLY needs them.
Getting JTAG capability requires soldering a connector to the board permanently or semi-permanently, or soldering individual wires to the board only for the flash process. No one has been able to figure out any compression-spring/pogo-pin contact approach, the connector pad pitch is just too damn small.
Otherwise I'd probably have JTAG capability too. If not for the connector issue I'd be experimenting with a Bus Blaster v2.
Click to expand...
Click to collapse
I can put the connector on.. assuming its 12 pin plus 4 mounting pads? I have them in stock. Its not a problem for me to solder them. I can do it.
Does anyone have some tech porn of this board, or disassembly instructions?
Hey guys, I've been interested in getting AOSP running on the Captivate, just like the NexusS. Since I now have an UnBrickable Phone, I figured I'd flash the firmware, but it didn't work. I need a new partition table. I found that the partitions are hidden within the bootloader image, so that didn't work... There is no direct upload without proper partitioning and the partition tables are not in the same format. I was talking to Rebellos and he said it would be possible... Then he came up with the mod out of the blue.
The linux commands used were as follows, the sleep is added so you can copy and paste.
Code:
sudo smdk-usbdl -f ./HIBL.bin -a D0020000
sleep 3
sudo smdk-usbdl -f ./nexus_sbl.bin -a 33040000
which loads the HIBL to memory address 0xD0020000 and the SBL to memory Address 0x33040000. At this point it is executed by the HIBL and....
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
All buttons worked properly! this means there is no work for volume+ volume - or power... There will probly be something else though.
I asked Rebellos to explain here so we can all learn something. I'm attaching the HIBL and the SBL to this post.
Warning: Since unlocking NexusS requires format of the MoviNAND and SDCard be prepaired to format all information on your phone, including EFS. Have a backup of all critical information.
Some general (and less-general) stuff about bootloaders analyse:
How to extract SBL from fused image?
(as the one in Nexus S, where IBL, PBL and SBL are together in bootloader.img)
Bootloaders are usually aligned to memory blocks of size like 4, 8, 16, 32KBs. The gaps between them are filled with 0x00 bytes.
SBL is the largest bootloader, so the thing is to open file in hex editor (personally I prefer XVI32), find the largest solid block of data and erase everything before first non-zero byte block. This way you've got Sbl.bin image.
Why is correct entry point (EP) of bootloader so important?
It comes out from ARM specification. Enough to say is that in most of cases code is non-relocatable
More info: http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.faqs/ka3698.html
How to find correct bootloader EP?
In all SGS series SBLs I've seen so far EP is always written on 0x20 offset of SBL image, 32bit int in Little Endian notation.
Taking as example Nexus S SBL, in hex editor following bytes are:
Code:
00 00 04 33
So correct EP = 0x33040000
Way more complicated thing is when (as we can see in Samsung Waves) SBL (BL3) does not have entrypoint in file. Then it's mainly matter of correct analyse and some guessing.
Most of string pointers are stored and used in ARM assembly this way:
Code:
<code>
LDR R4, [some_string_ptr] ;this means LoaD Register (or Load Data Register) from given address, which means we are loading address of some_string
<code>
some_string_ptr DW some_string
some_string DB "string_example"
some_string_ptr will be valid pointer only when code is loaded into valid location (data stored under some_string_ptr doesn't change)
The fastest way is to load such code into any address in IDA disassembler, find few string pointers and see on which address are these pointing. Remember that LDR are also used to obtain CPU SFRs (Special Function Registers) addresses and constant data (this is matter of practice). Example:
We have loaded code under 0x10000000, some random LDRs taken from code:
LDR R0, 0x43000204
LDR R3, 0x12345678 ;looks like magic-const
LDR R8, 0xABCDABCD ;this one also
LDR R1, 0xFFFFFFFF ;looks like error return value or bit mask
LDR R1, 0xE0010000 ;doesn't match the rest, SFR probably (always keep CPU reference manual opened)
LDR R2, 0x43122508
LDR R0, 0x4311270A
LDR R0, 0x430F0100
The rest of LDR are in 0x43****** area, code entrypoint is usually aligned, as I said before, so first entrypoint try would be 0x43000000. You'll recognize you've got valid entrypoint by IDA properly matching strings X-refs to LDR instructions.
Example of code with invalid entrypoint:
Code:
TEXT:4148EA20 LDR R1, =0x42593D59
TEXT:4148EA24 MOV R0, R4
The same code, with valid entrypoint:
Code:
TEXT:4248EA20 LDR R1, =pSecBootFixedSeedKey ; "Fixed one for Samsung 3G platform. This"...
TEXT:4248EA24 MOV R0, R4
Got any more questions? Suggestions? Problems? Feel free to ask here or PM me.
First.
Pls post a bit more detailed instructns... would love 2 try this out wen my unbrickable cappy gets here n Monday.
Sent from my Transformer TF101 using XDA Premium App
psycho2097 where did you send yours to have it done at?
BloodSkin said:
psycho2097 where did you send yours to have it done at?
Click to expand...
Click to collapse
To me. You can also pm Connexion2005. He's done the mod as well.
Apparently the Nexus S works with odin, but it's not flashing for some reason... I was able to get the partition table here.. see attached file: http://forum.xda-developers.com/attachment.php?attachmentid=709328&stc=1&d=1315096743
Boot the nexus S bootloader as above, while holding VOL+ and VOL-, then use heimdall to download the part.pit.
AdamOutler said:
To me. You can also pm Connexion2005. He's done the mod as well. I'm still working with it..
Apparently the Nexus S works with odin, but it's not flashing for some reason... I was able to get the partition table here.. see attached file: http://forum.xda-developers.com/attachment.php?attachmentid=709328&stc=1&d=1315096743
Boot the nexus S bootloader as above, while holding VOL+ and VOL-, then use heimdall to download the part.pit.
Click to expand...
Click to collapse
Why not try Heimdall? Or have you already?
Kyuta Syuko said:
Why not try Heimdall? Or have you already?
Click to expand...
Click to collapse
I tried. read above.. I used heimdall to download the partition table... however there is a problem with heimdall's repartitioning ability.
Awesome, I love that someone is working on this and that AdamOutler is one of the ones leading the pack. You have done some great things on the development side of the Captivate and I know you actually work on these things instead of bringing the idea to light but never really going anywhere with it. I am very excited to watch the progress on this. Good luck.
AdamOutler said:
I tried. read above.. I used heimdall to download the partition table... however there is a problem with heimdall's repartitioning ability.
Click to expand...
Click to collapse
Guess I missed that last part. What kinda problem?
Kyuta Syuko said:
Guess I missed that last part. What kinda problem?
Click to expand...
Click to collapse
Not quite sure.. it seems to not be able to set the partition in stone. I contacted Benjamin Dobell about it. Its a problem with heimdall
This is a bit different though.. even Odin fails in this case. I am still working with it.
AdamOutler said:
Not quite sure.. it seems to not be able to set the partition in stone. I contacted Benjamin Dobell about it. Its a problem with heimdall
This is a bit different though.. even Odin fails in this case. I am still working with it.
Click to expand...
Click to collapse
I only asked because I personally prefer to use Heimdall over Odin. It's how I flash back to stock and how I flashed from 2.2 to 2.3 =|
Is it just the Windows version of Heimdall that has this problem or is it all variations? I use it on my laptop running Kubuntu since it likes to detect my phone better.
Kyuta Syuko said:
I only asked because I personally prefer to use Heimdall over Odin. It's how I flash back to stock and how I flashed from 2.2 to 2.3 =|
Is it just the Windows version of Heimdall that has this problem or is it all variations? I use it on my laptop running Kubuntu since it likes to detect my phone better.
Click to expand...
Click to collapse
I run Ubuntu primarily and I have all other platforms in virtual machines. It's a problem with Heimdall's ability to repartition.
AdamOutler said:
I run Ubuntu primarily and I have all other platforms in virtual machines. It's a problem with Heimdall's ability to repartition.
Click to expand...
Click to collapse
I figured you ran some Linux Distro =| Well at least I'm not experiencing any issues with my phone currently... Hope he gets that fixed soon. Sorry to derail the topic =/
I'm trying to flash some Nexus S firmware. Odin does not seem to work, it fails at repartitioning even with the part.pit I downloaded using Heimdall.... So I did some research and found that the device requires fastboot unlock or upload of firmware before I can unlock it for use with Odin...
To get Fastboot, i followed instrutctions on the Nexus S forums.... Instead of pushing power on, I simply held the proper key combination (Power + Volume up) while uploading the SBL.
I've never used fastboot and I can't quite figure out why it's not working. I see "FASTBOOT MODE" on my screen.
Here's what I see in my UART Debug window
Code:
��������������������������������������������������������������������������������
Uart negotiation Error
-------------------------------------------------------------
Hummingbird Interceptor Boot Loader (HIBL) v1.0
Copyright (C) Rebellos 2011
-------------------------------------------------------------
Calling IBL Stage2 ...OK
Testing DRAM1 ...OK
iRAM reinit ...OK
cleaning OTG context ...OK
Chain of Trust has been successfully compromised.
Begin unsecure download now...
0x00000000BL3 EP: 0x33040000
Download complete, hold download mode key combination.
Starting BL3 in...
Set cpu clk. from 400MHz to 800MHz.
IROM e-fused - Secure Boot Version.
-----------------------------------------------------------
Samsung Secondary Bootloader (SBL) v3.0
Copyright (C) Samsung Electronics Co., Ltd. 2006-2010
Board Name: HERRING REV 03 (JTAG)
Build On: Jan 20 2011 17:19:41
-----------------------------------------------------------
MMC MAG8DE 15264 MB
Re_partition: magic code(0xffffffff)
Muxed OneNAND 512MB (0x50) Sync
Scanning Bad Block .......
Bad Block 2047 (0)
Partitions loading success
Read image(PARAM) from flash .......
Done
init_fuel_gauge: vcell = 4193mV, soc = 100
PMIC_IRQ1 = 0xe8
PMIC_IRQ2 = 0x0
PMIC_IRQ3 = 0x1
PMIC_IRQ4 = 0x0
PMIC_STATUS1 = 0xc0
PMIC_STATUS2 = 0x2c
PMIC_STATUS3 = 0xff
PMIC_STATUS4 = 0xff
PMIC_STATUS5 = 0xff
PMIC_SMPL = 0x80
Key scan = 0x50
keypad_scan: handler name = fastboot
Check Power Key ... Skip!
BOOT_MODE_FASTBOOT (HW_RST(0x00000001), INFORM(0x00000000))
So that says I just booted into fastboot
I see this in the linux "lsusb" command
Code:
Bus 001 Device 122: ID 18d1:4e20 Google Inc.
Device Descriptor:
bLength 18
bDescriptorType 1
bcdUSB 2.00
bDeviceClass 0 (Defined at Interface level)
bDeviceSubClass 0
bDeviceProtocol 0
bMaxPacketSize0 64
idVendor 0x18d1 Google Inc.
idProduct 0x4e20
bcdDevice 1.00
iManufacturer 1 Google, Inc
iProduct 2 Android 1.0
iSerial 3 30325181F24700EC
bNumConfigurations 1
Configuration Descriptor:
bLength 9
bDescriptorType 2
wTotalLength 32
bNumInterfaces 1
bConfigurationValue 1
iConfiguration 0
bmAttributes 0xc0
Self Powered
MaxPower 50mA
Interface Descriptor:
bLength 9
bDescriptorType 4
bInterfaceNumber 0
bAlternateSetting 0
bNumEndpoints 2
bInterfaceClass 255 Vendor Specific Class
bInterfaceSubClass 66
bInterfaceProtocol 3
iInterface 0
Endpoint Descriptor:
bLength 7
bDescriptorType 5
bEndpointAddress 0x81 EP 1 IN
bmAttributes 2
Transfer Type Bulk
Synch Type None
Usage Type Data
wMaxPacketSize 0x0200 1x 512 bytes
bInterval 0
Endpoint Descriptor:
bLength 7
bDescriptorType 5
bEndpointAddress 0x02 EP 2 OUT
bmAttributes 2
Transfer Type Bulk
Synch Type None
Usage Type Data
wMaxPacketSize 0x0200 1x 512 bytes
bInterval 0
Device Qualifier (for other device speed):
bLength 10
bDescriptorType 6
bcdUSB 2.00
bDeviceClass 255 Vendor Specific Class
bDeviceSubClass 66
bDeviceProtocol 3
bMaxPacketSize0 64
bNumConfigurations 1
can't get debug descriptor: Connection timed out
Device Status: 0x0001
Self Powered
So obviously, it's detecting as a Google device now..
however...
Code:
[email protected]:~/Desktop/nexus firmware$ fastboot oem unlock
< waiting for device >
I can't seem to do the fastboot commands with this. Any ideas?
Dang just lost internet at work. I'm no pro but I saw a topic on the nexus section that seemed to indicate people had problems with this command in LiNux but running it in windows fixed the problem for about 3 people. Best of luck!
edit :internet back! here was the topic: http://forum.xda-developers.com/showthread.php?t=685449
Sent from my GT-I9000 using Tapatalk
The waiting for device command typically means it's not being seen correctly. Type fastboot devices and see if you see anything. Fastboot is what I'll be playing with when I return from the trip. Nexus S firmware is the purest Android experience possible on any phone. This would be a major breakthrough and more importantly, make the Captivate the first in line for Android updates just as the Nexus S is.
Also if fastboot works, it's very easy to make a one click Nexus S firmware installer with the flash all command fastboot has.
Awesome stuff.
Sent from my SGH-I897 using XDA Premium App
And now im back on stock
Sent from my SAMSUNG-SGH-I897 using xda premium
If you get the unbrickable mod to work on your phone then wouldn't you be able to flash a sense rom that has the same resolution as the galaxy s.
Sent from my GT-I9000 using XDA Premium App
ameedi600 said:
If you get the unbrickable mod to work on your phone then wouldn't you be able to flash a sense rom that has the same resolution as the galaxy s.
Sent from my GT-I9000 using XDA Premium App
Click to expand...
Click to collapse
Endless capabilities
Sent from my SAMSUNG-SGH-I897 using xda premium
I'm here to recruit help from XDA-Developers for open-source development. I can offer UnBrickable Mod to any Developer who thinks they can help with this C++ issue. This will allow you to play with Loki (the device's side of Odin/Heimdall) and not worry about it.
The only thing keeping the Linux and Mac platforms from being better then Windows at developing ROMs and other firmware is Heimdall's ability to repartition. Once this barrier is broken down, we will have an entire open source chain for developing and Linux will be the premeire platform for developing on Samsung devices. There will be no reason to use Closed Source Windows, Odin, or Samsung Drivers... This is the last barrier.
I am offering debug logs which show the UART output during the flashing of Heimdall and Odin.
here are Heimdall logs/uart logs: http://pastebin.com/srhG7yJA
here are Odin Uart Logs: http://pastebin.com/AiKspmxR UART coming soon.
Here are both Heimdall and Odin USB logs via Wireshark.
http://www.mediafire.com/file/2wccdcuf87q2i3l/odinheimdallUSBLog.zip
Benjamin Dobell has set up code for Heimdall here: https://github.com/Benjamin-Dobell/Heimdall/
This is not a bounty thread. It is an open source development/improvement thread. I have spoken to Benjamin Dobell, the creator of Heimdall, and he is too busy with a new job and working loads of overtime hours. He has approved of this action. Fixing this issue with Heimdall will allow the entire Samsung community to utilize Heimdall as a total replacement for Odin on all platforms.
What's my role/interest in this? I want Linux to be as good or better then Windows.. I'm an Open Source guy. I'm also not good at C++ programming language. I understand the headers, but not the CPP files. I can provide debugging and beta testing though. I've created the cross-platform Heimdall One-Click . I brought UnBrickable Mod to the Captivate and the only thing left in the entire open-source chain of software from complete destruction of data on the device to completely stock is getting Heimdall to repartition.
Once this final hurdle in Heimdall is completed, we've got a full open-source stack of cross-platform, community-based software by XDA-Developers for XDA-Developers and users. Open-Source software will be able to provide more then closed source software, and once again XDA-Developers will prove that we can do things better then the Manufacturers.
There is an issue tracking system here: https://github.com/Benjamin-Dobell/Heimdall/issues
I believe the underlying cause of all 3 of the existing issues in the Heimdall Repostiory lies with Heimdall's ability to repartition.
issue 21: "Failed to confirm end of file transfer sequence!" signifies that the information sent overran the partition area and therefore it never responded that the end was confirmed.
Issue 19: "Could not find end of file or end of file transfer, something similar." Likely the same as issue 21.
Issue 14: "Expected file part index" again, dealing with partition tables. "ERROR: Expected file part index: 0 Received: 1"
I believe all three of these issues could be worked into a single "Heimdall Repartitioning" issue for the reasons stated above.
I got some experience in C++ and Java...
once I get home ill take a look at the heimdall source, and give it a shot.
Smasher816 said:
I got some experience in C++ and Java...
once I get home ill take a look at the heimdall source, and give it a shot.
Click to expand...
Click to collapse
Hey great.. I have a special test setup with UART output.
First I totally thrashed my partition table by uploading the Bada OS SBL.. This SBL rewites partition tables. Then I used the HIBL to unbrick my phone and load a proper SBL. This is the UART during booting up to "Download Mode".
Code:
-------------------------------------------------------------
Hummingbird Interceptor Boot Loader (HIBL) v1.0
Copyright (C) Rebellos 2011
-------------------------------------------------------------
Calling IBL Stage2 ...OK
Testing DRAM1 ...OK
iRAM reinit ...OK
cleaning OTG context ...OK
Chain of Trust has been successfully compromised.
Begin unsecure download now...
0x00000000BL3 EP: 0x40244000
Download complete, hold download mode key combination.
Starting BL3 in...
Set cpu clk. from 400MHz to 800MHz.
IROM e-fused - Non Secure Boot Version.
-----------------------------------------------------------
Samsung Secondary Bootloader (SBL) v3.0
Copyright (C) Samsung Electronics Co., Modified by Rebell
Build On: Jun 8 2011 21:44:47
-----------------------------------------------------------
Re_partition: magic code(0xffffffff)
[PAM: ] ++FSR_PAM_Init
[PAM: ] OneNAND physical base address : 0xb0000000
[PAM: ] OneNAND virtual base address : 0xb0000000
[PAM: ] OneNAND nMID=0xec : nDID=0x50
[PAM: ] --FSR_PAM_Init
fsr_bml_load_partition: pi->nNumOfPartEntry = 7
partitions loading success
board partition information update.. source: 0x0
.Done.
read 1 units.
==== PARTITION INFORMATION ====
ID : *unknown id* (0x9)
ATTR : RO SLC (0x1002)
FIRST_UNIT : 0
NO_UNITS : 1
===============================
ID : *unknown id* (0x0)
ATTR : RO SLC (0x1002)
FIRST_UNIT : 1
NO_UNITS : 7
===============================
ID : *unknown id* (0x1)
ATTR : RW SLC (0x1001)
FIRST_UNIT : 8
NO_UNITS : 796
===============================
ID : *unknown id* (0x14)
ATTR : RW STL SLC (0x1101)
FIRST_UNIT : 804
NO_UNITS : 716
===============================
ID : *unknown id* (0x15)
ATTR : RW STL SLC (0x1101)
FIRST_UNIT : 1520
NO_UNITS : 372
===============================
ID : *unknown id* (0x17)
ATTR : RW STL SLC (0x1101)
FIRST_UNIT : 1892
NO_UNITS : 56
===============================
ID : *unknown id* (0x18)
ATTR : RW SLC (0x1001)
FIRST_UNIT : 1948
NO_UNITS : 56
===============================
FlashDevOpen 232: Error(nErr=0x80000002)
j4fs_open 136: Error(nErr=0x40000000)
loke_init: j4fs_open failed..
init_fuel_gauge: vcell = 4051mV, soc = 82
check_quick_start_condition_with_charger- Voltage: 4051.25000, Linearized[55/70/85], Capacity: 85
init_fuel_gauge: vcell = 4051mV, soc = 82, rcomp = d01f
FlashDevRead 63: Error(offset,length,j4fs_end,nErr)=(0x40000,0x1000,0xffffffff,0x80040001)
nps status file does not exist..
nps status is incorrect!! set default status.(completed)
nps status=0x504d4f43
PMIC_IRQ1 = 0x3c
PMIC_IRQ2 = 0x0
PMIC_IRQ3 = 0x0
PMIC_IRQ4 = 0x0
PMIC_STATUS1 = 0x40
PMIC_STATUS2 = 0x2c
get_debug_level current debug level is 0x0.
get_debug_level current debug level is 0x0.
get_debug_level current debug level is 0x0.
aries_process_platform: Debug Level Invalid
keypad_scan: key value ----------------->= 0x0
CONFIG_ARIES_REV:48 , CONFIG_ARIES_REV03:48
FlashDevRead 63: Error(offset,length,j4fs_end,nErr)=(0x40000,0x1000,0xffffffff,0x80040001)
nps status file does not exist..
nps status is incorrect!! set default status.(completed)
nps status=0x504d4f43
==> Welcome to ARIES!
==> Entering usb download mode..
DISPLAY_PATH_SEL[MDNIE 0x1]is on
MDNIE setting Init start!!
vsync interrupt is off
video interrupt is off
[fb0] turn on
MDNIE setting Init end!!
Error : Current Mode is Host
EP2: 0, 2, 0; len=7
EP2: 0, 2, 0; len=7
sug: IN EP asserted
I gave the command in Heimdall to repartition and flash the boot.bin to partition 1.
Code:
heimdall flash --repartition --pit ./part.pit --1 ./boot.bin
At this point it should have downloaded the partition, saved it, and then heimdall should request the partition back and use that as its guide.
The boot.bin is only 1 block long so this log is short.
Code:
- Odin is connected!
FlashDevRead 63: Error(offset,length,j4fs_end,nErr)=(0x40000,0x1000,0xffffffff,0x80040001)
j4fs_write_file_bootloader 192: Error(nErr=0x40000000)
process_packet: request id(100), data id(0)
process_rqt_init: platform number(0x0), revision(0x0)
process_packet: request id(100), data id(1)
process_packet: request id(100), data id(2)
process_packet: request id(103), data id(0)
process_rqt_close: xmit completed!
FlashDevRead 63: Error(offset,length,j4fs_end,nErr)=(0x40000,0x1000,0xffffffff,0x80040001)
j4fs_write_file_bootloader 192: Error(nErr=0x40000000)
process_packet: request id(103), data id(1)
process_rqt_close: target reset!
ARIES MAGIC_ADDR=0x0 / INFORM5=0x12345678
and this is the log from Heimdall
Code:
Initialising connection...
Detecting device...
Claiming interface...
Attempt failed. Detaching driver...
Claiming interface again...
Setting up interface...
Beginning session...
Handshaking with Loke...
Ending session...
Rebooting device...
Re-attaching kernel driver...
At this point the device "resets" and attempts to boot from the bootloader.
If you need any testing let me know. I can compile source, I can get UART logs. I can repartition the heck out of this device as it is UnBrickable and my test phone.
I believe the device uses the SBL> prompt when it is in download mode.. You can see from this UART log that the device attempted to "saveenv" but it could not. http://code.google.com/p/badadroid/...ompare_logs/SBL_mode_help.txt?spec=svn61&r=57
It also returned the same "FlashDevRead 63 error)
The final action the device needs to do is "savepart" if the partition tables were saved after the pit were uploaded then it would be good to go. There are several other commands as well.. "addpart" and "removepart".. If it comes to using this, let me know. I've worked with Benjamin Dobell's libpit before and I can help out greatly with repartitioning as I've worked extensively in the SBL prompt.
I'm not sure how the Download Mode works exactly, but if it uses the SBL prompt, then I can write pseudocode of how it should work.
This probably isn't going to help much, but it may be a start.
I figured the best way to solve this would be to find the differences between a successful Odin flash and an unsuccessful Heimdall flash. So I delved right in to the wireshark dumps. It seems likely that Heimdall is missing a step.
I do not understand the protocol (yet), but I can see the raw data in the stream. In the Heimdall process, there is some protocol traffic, then the entire PIT file is sent, then some more protocol traffic, then the kernel data is sent. But in the Odin process, there is some protocol traffic, then the entire PIT file is sent, then some more protocol traffic, then the PIT file is sent again in 512 byte chunks, then some protocol traffic (more than usual), and then the kernel data is sent.
At the moment, I can't be sure if this is functionally equivalent or not. I'll need to do quite a bit of deciphering on the protocol to get up to speed on what's really going on. Unfortunately, this is the sort of thing that's easiest if one can watch the action in real time, but as I only have my one phone that I need for work, that's not really an option for me at this time.
Hopefully, I'll return with more info after I've absorbed the communication layer details to see what the non-data chatter actually is.
Could that extra protocol data possibly be Odin commanding delete partitions and add partitions? I'm hypothesizing... nothing more. I see some similarities to the UART logs during SBL> prompt and Odin, so I'm thinking that maybe the SBL prompt is used, or at least some of the methods... In this thread you can see all of the SBL commands http://forum.xda-developers.com/showthread.php?t=1209288
Sure it's from an Infuse, but they're all based on i9000 which is like the mother of our entire generation of devices. The SBLs are interchangeable with different entry points for each "version".
AdamOutler said:
Could that extra protocol data possibly be Odin commanding delete partitions and add partitions? I'm hypothesizing... nothing more. I see some similarities to the UART logs during SBL> prompt and Odin, so I'm thinking that maybe the SBL prompt is used, or at least some of the methods... In this thread you can see all of the SBL commands http://forum.xda-developers.com/showthread.php?t=1209288
Sure it's from an Infuse, but they're all based on i9000 which is like the mother of our entire generation of devices. The SBLs are interchangeable with different entry points for each "version".
Click to expand...
Click to collapse
I have a feeling that it is using the SBL prompt somehow after the flash because everything else seems pretty much identical (besides the timing). If anyone needs to understand the protocol then I recommend just looking at Heimdall's source code, in particular the packet header files store all the constants that are sent and received over USB.
Found the problem - the End Transfer packet is missing. There is also some additional strangeness, though.
Heimdall:
Packet 1: 65 00 00 00 (Init pit transfer)
Packet 2: 65 00 00 00 02 00 00 00 D0 06 00 00 (Want to send 1744 bytes)
Packet 3: [full contents of pit]
Packet 4: 66 00 00 00 (Init file transfer - probably starting the kernel send)
Odin:
Packet 1: 65 00 00 00 (Init pit transfer)
Packet 2: 65 00 00 00 02 00 00 00 D0 06 00 00 (Want to send 1744 bytes)
Packet 3: [full contents of pit]
Packet 4: 65 00 00 00 03 00 00 00 D0 06 00 00 (Finished sending 1744 bytes)
The odd part is what odin does next, after the "finished sending":
Packet 5: 65 00 00 00 01 00 00 00 (Dump pit file)
Packet 6: 65 00 00 00 02 00 00 00 00 00 00 00 (Sending chunk 0)
Packet 7: [first 512 bytes of pit]
Packet 8: 65 00 00 00 02 00 00 00 01 00 00 00 (Sending chunk 1)
Packet 9: [next 512 bytes of pit]
Packet 10: 65 00 00 00 02 00 00 00 02 00 00 00 (Sending chunk 2)
Packet 11: [next 512 bytes of pit]
Packet 12: 65 00 00 00 02 00 00 00 03 00 00 00 (Sending chunk 3)
Packet 13: [next 512 bytes of pit]
- repeat for 8 chunks - data past the end of the actual pit file is sent as zeroes -
Packet 22: 65 00 00 00 03 00 00 00 (Done)
Packet 23: 66 00 00 00 (Init file transfer - probably kernel)
I couldn't begin to tell you why any of this exists at all, but my strong suspicion is that duplicating the Odin behavior will make Heimdall work properly.
So, Adam, the first thing I would try would be to simply add the "finished sending" packet. Try recompiling with this replacement for BridgeManager.cpp and this additional file EndPitFilePacket.h in the project.
psych0phobia said:
So, Adam, the first thing I would try would be to simply add the "finished sending" packet. Try recompiling with this replacement for BridgeManager.cpp and this additional file EndPitFilePacket.h in the project.
Click to expand...
Click to collapse
That did it! Problem solved!
1.I uploaded the Bada bootloaders to my device in order to totally destroy my partition tables.
2.I tried to flash with heimdall 1.3 and it did not work to restore
3.I compiled and installed the new 1.3modified version
4.I flashed with heimdall 1.3modified and it worked
to be sure I repeated the Bada bootloaders once again. The only thing wrong with my device now is that it has no /efs/ partition... which is understandable because bada turned the OneNAND into it's *****.
Great job psych0phobia If you need anything from me just let me know. I mean anything ...
Let me know when you can spare your device so I can modify it. Please push this change upstream.
Here's the UART log
Code:
[���������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������
Uart negotiation Error
-------------------------------------------------------------
Hummingbird Interceptor Boot Loader (HIBL) v1.0
Copyright (C) Rebellos 2011
-------------------------------------------------------------
Calling IBL Stage2 ...OK
Testing DRAM1 ...OK
iRAM reinit ...OK
cleaning OTG context ...OK
Chain of Trust has been successfully compromised.
Begin unsecure download now...
0x00000000BL3 EP: 0x40244000
Download complete, hold download mode key combination.
Starting BL3 in...
Set cpu clk. from 400MHz to 800MHz.
IROM e-fused - Non Secure Boot Version.
-----------------------------------------------------------
Samsung Secondary Bootloader (SBL) v3.0
Copyright (C) Samsung Electronics Co., Modified by Rebell
Build On: Jun 8 2011 21:44:47
-----------------------------------------------------------
Re_partition: magic code(0x0)
[PAM: ] ++FSR_PAM_Init
[PAM: ] OneNAND physical base address : 0xb0000000
[PAM: ] OneNAND virtual base address : 0xb0000000
[PAM: ] OneNAND nMID=0xec : nDID=0x50
[PAM: ] --FSR_PAM_Init
fsr_bml_load_partition: pi->nNumOfPartEntry = 12
partitions loading success
board partition information update.. source: 0x0
.Done.
read 1 units.
==== PARTITION INFORMATION ====
ID : IBL+PBL (0x0)
ATTR : RO SLC (0x1002)
FIRST_UNIT : 0
NO_UNITS : 1
===============================
ID : PIT (0x1)
ATTR : RO SLC (0x1002)
FIRST_UNIT : 1
NO_UNITS : 1
===============================
ID : EFS (0x14)
ATTR : RW STL SLC (0x1101)
FIRST_UNIT : 2
NO_UNITS : 40
===============================
ID : SBL (0x3)
ATTR : RO SLC (0x1002)
FIRST_UNIT : 42
NO_UNITS : 5
===============================
ID : SBL2 (0x4)
ATTR : RO SLC (0x1002)
FIRST_UNIT : 47
NO_UNITS : 5
===============================
ID : PARAM (0x15)
ATTR : RW STL SLC (0x1101)
FIRST_UNIT : 52
NO_UNITS : 20
===============================
ID : KERNEL (0x6)
ATTR : RO SLC (0x1002)
FIRST_UNIT : 72
NO_UNITS : 30
===============================
ID : RECOVERY (0x7)
ATTR : RO SLC (0x1002)
FIRST_UNIT : 102
NO_UNITS : 30
===============================
ID : FACTORYFS (0x16)
ATTR : RW STL SLC (0x1101)
FIRST_UNIT : 132
NO_UNITS : 1146
===============================
ID : DBDATAFS (0x17)
ATTR : RW STL SLC (0x1101)
FIRST_UNIT : 1278
NO_UNITS : 536
===============================
ID : CACHE (0x18)
ATTR : RW STL SLC (0x1101)
FIRST_UNIT : 1814
NO_UNITS : 140
===============================
ID : MODEM (0xb)
ATTR : RO SLC (0x1002)
FIRST_UNIT : 1954
NO_UNITS : 50
===============================
loke_init: j4fs_open success..
load_lfs_parameters valid magic code and version.
reading nps status file is successfully!.
nps status=0x504d4f43
load_debug_level reading debug level from file successfully(0x574f4c44).
init_fuel_gauge: vcell = 4192mV, soc = 90
check_quick_start_condition_with_charger- Voltage: 4192.50000, Linearized[77/92/100], Capacity: 94
init_fuel_gauge: vcell = 4192mV, soc = 90, rcomp = d01f
reading nps status file is successfully!.
nps status=0x504d4f43
PMIC_IRQ1 = 0x28
PMIC_IRQ2 = 0x0
PMIC_IRQ3 = 0x0
PMIC_IRQ4 = 0x0
PMIC_STATUS1 = 0x40
PMIC_STATUS2 = 0x2c
get_debug_level current debug level is 0x574f4c44.
aries_process_platform: Debug Level Low
keypad_scan: key value ----------------->= 0x0
CONFIG_ARIES_REV:48 , CONFIG_ARIES_REV03:48
reading nps status file is successfully!.
nps status=0x504d4f43
==> Welcome to ARIES!
==> Entering usb download mode..
DISPLAY_PATH_SEL[MDNIE 0x1]is on
MDNIE setting Init start!!
vsync interrupt is off
video interrupt is off
[fb0] turn on
MDNIE setting Init end!!
Error : Current Mode is Host
EP2: 0, 2, 0; len=7
EP2: 0, 2, 0; len=7
sug: IN EP asserted
- Odin is connected!
set_nps_update_start: set nps start flag successfully.
process_packet: request id(100), data id(0)
process_rqt_init: platform number(0x0), revision(0x0)
process_packet: request id(100), data id(1)
process_packet: request id(100), data id(2)
process_packet: request id(101), data id(0)
process_packet: request id(101), data id(2)
process_packet: request id(101), data id(3)
[FNW: ] STL read to partition ID: 20
Done.
read 25 units.
partition_backup: efs. meta data=3(units), real size=6553600
.....Done.
read 5 units.
partition_backup: sbl. buf=0x46e00000, size=1310720(bytes)
.....Done.
read 5 units.
partition_backup: sbl2. buf=0x46f40000, size=1310720(bytes)
fsr_bml_format_device start
set_dynamic_partition: pit magic code=0x12349876
bbm format success
bbm_erase_all: step 1. Start unit=1, End unit=2.
.
bbm_erase_all: step 1. Start unit=52, End unit=2004.
..............................................................................................................................................................................................................................................
bbm eraseall success.
fsr_bml_load_partition: pi->nNumOfPartEntry = 12
partitions loading success
Erasing: 1 to 2
.
bbm erase part success
.Done.
Written 1 units.
current percent: 0 (1/1110)
board partition information update.. source: 0x403ee838
Erasing: 2 to 42
........................................
bbm erase part success
[FNW: ] STL formatted (partition ID: 20)
[FNW:INF] nVol : 0, partition_id : 20, stSTLInfo.nTotalLogScts : 12800, buf :0x46400000
TotalLogSct : 12800, size : 6553600
Done.
Written 25 units.
current percent: 2 (26/1110)
Erasing: 42 to 47
.....
bbm erase part success
.....Done.
Written 5 units.
current percent: 2 (31/1110)
Erasing: 47 to 52
.....
bbm erase part success
.....Done.
Written 5 units.
current percent: 3 (36/1110)
process_packet: request id(102), data id(0)
process_packet: request id(102), data id(2)
process_packet: request id(102), data id(3)
process_rqt_xmit: size(5445016), id(6), final(1)
Save Image (KERNEL) to flash ......
Erasing: 72 to 102
..............................
bbm erase part success
.....................Done.
Written 21 units.
current percent: 5 (57/1110)
current write_count=1
process_packet: request id(102), data id(0)
process_packet: request id(102), data id(2)
process_packet: request id(102), data id(3)
process_rqt_xmit: size(12582912), efs_clear(0), boot_update(0), final(1)
xmit_complete_phone: cp partition found!(11)
Save Image (MODEM) to flash ......
Erasing: 1954 to 2004
..................................................
bbm erase part success
................................................Done.
Written 48 units.
current percent: 9 (105/1110)
current write_count=1
process_packet: request id(102), data id(0)
process_packet: request id(102), data id(2)
process_packet: request id(102), data id(3)
process_rqt_xmit: size(104857600), id(22), final(0)
Save Image (FACTORYFS) to flash ......
Erasing: 132 to 1278
..............................................................................................................................................................................................................................................
bbm erase part success
[FNW: ] STL formatted (partition ID: 22)
[FNW:INF] nVol : 0, partition_id : 22, stSTLInfo.nTotalLogScts : 569344, buf :0x46400000
TotalLogSct : 204800, size : 104857600
Done.
Written 394 units.
current percent: 45 (505/1110)
current write_count=1
process_packet: request id(102), data id(2)
process_packet: request id(102), data id(3)
process_rqt_xmit: size(104857600), id(22), final(0)
Save Image (FACTORYFS) to flash ......
[FNW:INF] nVol : 0, partition_id : 22, stSTLInfo.nTotalLogScts : 569344, buf :0x46400000
TotalLogSct : 204800, size : 104857600
Done.
Written 394 units.
current percent: 81 (905/1110)
current write_count=2
process_packet: request id(102), data id(2)
process_packet: request id(102), data id(3)
process_rqt_xmit: size(58163200), id(22), final(1)
Save Image (FACTORYFS) to flash ......
[FNW:INF] nVol : 0, partition_id : 22, stSTLInfo.nTotalLogScts : 569344, buf :0x46400000
TotalLogSct : 113600, size : 58163200
Done.
Written 219 units.
current percent: 101 (1127/1110)
current write_count=3
process_packet: request id(102), data id(0)
process_packet: request id(102), data id(2)
process_packet: request id(102), data id(3)
process_rqt_xmit: size(1376256), id(23), final(1)
Save Image (DBDATAFS) to flash ......
Erasing: 1278 to 1814
..............................................................................................................................................................................................................................................
bbm erase part success
[FNW: ] STL formatted (partition ID: 23)
[FNW:INF] nVol : 0, partition_id : 23, stSTLInfo.nTotalLogScts : 263168, buf :0x46400000
TotalLogSct : 2688, size : 1376256
Done.
Written 6 units.
current percent: 102 (1133/1110)
current write_count=1
process_packet: request id(102), data id(0)
process_packet: request id(102), data id(2)
process_packet: request id(102), data id(3)
process_rqt_xmit: size(1245184), id(24), final(1)
Save Image (CACHE) to flash ......
Erasing: 1814 to 1954
............................................................................................................................................
bbm erase part success
[FNW: ] STL formatted (partition ID: 24)
[FNW:INF] nVol : 0, partition_id : 24, stSTLInfo.nTotalLogScts : 64000, buf :0x46400000
TotalLogSct : 2432, size : 1245184
Done.
Written 5 units.
current percent: 102 (1138/1110)
current write_count=1
save param.blk, size: 5268
FlashDevRead 63: Error(offset,length,j4fs_end,nErr)=(0x40000,0x1000,0xfffff,0x80040001)
j4fs_write_file_bootloader 192: Error(nErr=0x40000000)
process_packet: request id(102), data id(0)
process_packet: request id(102), data id(2)
process_packet: request id(102), data id(3)
process_rqt_xmit: size(262144), id(0), final(1)
Save Image (IBL+PBL) to flash ......
binary version: EVT1.
boot.bin is the one-binary.
relocate & fusing continue..
completed.
Erasing: 0 to 1
.
bbm erase part success
.Done.
Written 1 units.
current percent: 102 (1139/1110)
current write_count=1
process_packet: request id(102), data id(0)
process_packet: request id(102), data id(2)
process_packet: request id(102), data id(3)
process_rqt_xmit: size(1310720), id(3), final(1)
Save Image (SBL) to flash ......
=== SBL signature information ===
File Size : 677052
=================================
read part info
id = 0x3
attr = 0x1002
first unin = 0x2a
number units = 0x5
pages per unit = 0x40
n1st page = 0xa80, page offset = 0x13f, len = 0x48
read part info
id = 0x4
attr = 0x1002
first unin = 0x2f
number units = 0x5
pages per unit = 0x40
n1st page = 0xbc0, page offset = 0x13f, len = 0x48
Found bootable SBL ID: 4
save SBL partition id: 3
Erasing: 42 to 47
.....
bbm erase part success
.....Done.
Written 5 units.
current percent: 103 (1144/1110)
current write_count=1
save sbl id: 3 / erase sbl id: 4
.
process_packet: request id(102), data id(0)
process_packet: request id(102), data id(2)
process_packet: request id(102), data id(3)
process_rqt_xmit: size(872448), id(21), final(1)
Save Image (PARAM) to flash ......
FlashDevClose 262: Error(nErr=0x80040001)
Erasing: 52 to 72
....................
bbm erase part success
[FNW: ] STL formatted (partition ID: 21)
[FNW:INF] nVol : 0, partition_id : 21, stSTLInfo.nTotalLogScts : 2560, buf :0x46400000
TotalLogSct : 1704, size : 872448
Done.
Written 4 units.
current percent: 103 (1148/1110)
current write_count=1
set_nps_update_start: set nps start flag successfully.
process_packet: request id(103), data id(0)
process_rqt_close: xmit completed!
set_nps_update_completed: set nps completed flag successfully.
process_packet: request id(103), data id(1)
process_rqt_close: target reset!
ARIES MAGIC_ADDR=0x0 / INFORM5=0x12345678
1
-----------------------------------------------------------
Samsung Primitive Bootloader (PBL) v3.0
Copyright (C) Samsung Electronics Co., Ltd. 2006-2010
-----------------------------------------------------------
+n1stVPN 2688
+nPgsPerBlk 64
PBL found bootable SBL: Partition(3).
Set cpu clk. from 400MHz to 800MHz.
IROM e-fused - Non Secure Boot Version.
-----------------------------------------------------------
Samsung Secondary Bootloader (SBL) v3.0
Copyright (C) Samsung Electronics Co., Ltd. 2006-2010
Board Name: ARIES REV 03
Build On: Jun 8 2011 21:44:47
-----------------------------------------------------------
Re_partition: magic code(0x0)
[PAM: ] ++FSR_PAM_Init
[PAM: ] OneNAND physical base address : 0xb0000000
[PAM: ] OneNAND virtual base address : 0xb0000000
[PAM: ] OneNAND nMID=0xec : nDID=0x50
[PAM: ] --FSR_PAM_Init
fsr_bml_load_partition: pi->nNumOfPartEntry = 12
......... everything after this is standard data... just included this far to show it booted.
Everything worked..
Would you like WireShark to verify things?
As far as logging, the only thing I could see is this:
Code:
FlashDevRead 63: Error(offset,length,j4fs_end,nErr)=(0x40000,0x1000,0xfffff,0x80040001)
j4fs_write_file_bootloader 192: Error(nErr=0x40000000)
which means it tried to read some garbage from the OneNAND and failed.
AdamOutler said:
That did it! Problem solved!
1.I uploaded the Bada bootloaders to my device in order to totally destroy my partition tables.
2.I tried to flash with heimdall 1.3 and it did not work to restore
3.I compiled and installed the new 1.3modified version
4.I flashed with heimdall 1.3modified and it worked
to be sure I repeated the Bada bootloaders once again. The only thing wrong with my device now is that it has no /efs/ partition... which is understandable because bada turned the OneNAND into it's *****.
Great job psych0phobia If you need anything from me just let me know. I mean anything ...
Let me know when you can spare your device so I can modify it. Please push this change upstream.
Click to expand...
Click to collapse
Yay for a properly working Heimdall! Once this fix gets officially implemented I'll update my Heimdall =D
How much do you charge to make the Captivate Unbrickable? X3
I have a darn huge iq... Classified as genius level... Yet, try as I might, cannot make head or tail of Adams post...
Sent from my cell phone. DUH.
psycho2097 said:
I have a darn huge iq... Classified as genius level... Yet, try as I might, cannot make head or tail of Adams post...
Sent from my cell phone. DUH.
Click to expand...
Click to collapse
Don't give me credit... this is the real genius here...
psych0phobia said:
So, Adam, the first thing I would try would be to simply add the "finished sending" packet. Try recompiling with this replacement for BridgeManager.cpp and this additional file EndPitFilePacket.h in the project.
Click to expand...
Click to collapse
Basically, heimdall could not repartition the OneNAND. I identifed the problem, provided detailed debug level information and asked for help. psych0phobia looked at the Odin/Loki protocol, learned it, found the differences between Odin and Heimdall based on the output of both programs and then wrote the fix. Make sure you thank him. Thank Benjamin Dobell as well, he wrote Heimdall in the first place.
now... if you want to compile it under Linux... open a terminal and copy-pasta.
Code:
sudo apt-get install build-essential curl git
mkdir heimdall
cd heimdall
git clone https://github.com/Benjamin-Dobell/Heimdall.git
cd Heimdall/heimdall
curl http://android.merseine.us/BridgeManager.cpp> ./BridgeManger.cpp
curl http://android.merseine.us/EndPitFilePacket.h >./EndPitFilePacket.h
cd ..
cd ..
cd libpit
./configure
make
cd ..
cd heimdall
./configure
make
sudo make install
This will give Heimdall the ability to fully recover a bad partition table.
NOTE: This should only be used until a version greater then Heimdall 1.3.0 is released.
Yea, kinda got that part.... So my understanding would be now we can successfully flash nexus s. Firmware without screwing everything up... Right? In layman-geek's terms, not super-duper-mega-geek terms....
Sent from my cell phone. DUH.
psycho2097 said:
Yea, kinda got that part.... So my understanding would be now we can successfully flash nexus s. Firmware without screwing everything up... Right? In layman-geek's terms, not super-duper-mega-geek terms....
Sent from my cell phone. DUH.
Click to expand...
Click to collapse
I wont say anything about nexus s just yet... We have a 100% open-source, DIY, and free method of restoring a device to stock. Linux, UnBrickable Mod and heimdall.
In other words....
In yo face jtag
whiteguypl said:
In other words....
In yo face jtag
Click to expand...
Click to collapse
Hell yeah! 3 cheers 4 the unbrickable mod!
Sent from my cell phone. DUH.
Just thought I should let you guys know that I've pushed the source for the 1.3.1 updates to Github and it includes a fix, thanks psych0phobia! 1.3.1 also includes substantially improved no-reboot functionality that allows Heimdall to detect and use an existing session (i.e. previous operation with the --no-reboot parameter). Basically this means that you can do things like dump your PIT and then flash your phone without rebooting in between.
I should note that I kind of forgot to update the make files So it won't actually build on Linux/OS X until I do that when I get home (at work now). Windows users can give it whirl though.
I wish to post this information so that I will be helpful for all the developers.
Device Information
Board - s5p6442
CPU - armeabi-v6 / armeabi / armv6-vfp / arm1176jzf-s
GPU - FIMG-3DSE (rev. 1.5.3)
Audio - wolfson microelectronics wm8994
Touchscreen - ATMEL mXT224(AT42QT602240)
TFT LCD PANEL - Samsung S6D04D1
Camera - s5k4ca
Compass / Magnetometer Sensor - AK8973B
Accelerometer Sensor - BMA020
Proximity sensor - GP2A
WiFi - bcm4329
Bluetooth - bcm4329
FM Radio - si4709
USB switch - FSA9480
LCD controller - ???
PMIC chip(s) - MAX8998
Modem - ???
Click to expand...
Click to collapse
Mount Points
Code:
kernel /dev/block/bml5
modem /dev/block/bml10
/cache /dev/block/stl8
/data /dev/block/stl7
/system /dev/block/stl6
/sdcard /dev/block/mmcblk0p1 and /dev/block/mmcblk0
Partition Layout
==== PARTITION INFORMATION ====
ID : IBL & PBL (0x0)
MOUNT POINT : N/A
ATTR : RO SLC PREWRITING (0x9002)
FIRST_UNIT : 0
NO_UNITS : 1
POSITION : 0x00000000-0x00040000
SIZE : 0x00040000
===============================
ID : SBL (0x1)
MOUNT POINT : N/A
ATTR : RO ENTRYPOINT SLC BOOTLOADING PREWRITING (0xd402)
FIRST_UNIT : 1
NO_UNITS : 5
POSITION : 0x00040000-0x00180000
SIZE : 0x00140000
===============================
ID : PARAM (0x2)
MOUNT POINT : N/A
ATTR : RW SLC (0x1001)
FIRST_UNIT : 6
NO_UNITS : 2
POSITION : 0x00180000-0x00200000
SIZE : 0x00080000
===============================
ID : EFS (0x18)
MOUNT POINT : /dev/block/stl4
ATTR : RW STL SLC (0x1101)
FIRST_UNIT : 8
NO_UNITS : 32
POSITION : 0x00200000-0x00a00000
SIZE : 0x00800000
===============================
ID : KERNEL (0x4)
MOUNT POINT : /dev/block/bml5
ATTR : RO SLC PREWRITING (0x9002)
FIRST_UNIT : 40
NO_UNITS : 30
POSITION : 0x00a00000-0x01180000
SIZE : 0x00780000
===============================
ID : FACTORYFS (0x15)
MOUNT POINT : /dev/block/stl6
ATTR : RW STL SLC (0x1101)
FIRST_UNIT : 70
NO_UNITS : 880
POSITION : 0x01180000-0x0ed80000
SIZE : 0x0dc00000
===============================
ID : DATAFS (0x16)
MOUNT POINT : /dev/block/stl7
ATTR : RW STL SLC (0x1101)
FIRST_UNIT : 950
NO_UNITS : 810
POSITION : 0x0ed80000-0x1b800000
SIZE : 0x0ca80000
===============================
ID : CACHE (0x17)
MOUNT POINT : /dev/block/stl8
ATTR : RW STL SLC (0x1101)
FIRST_UNIT : 1760
NO_UNITS : 152 (*mismatch* 152 should be 150)
POSITION : 0x1b800000-0x1de00000
SIZE : 0x02600000
===============================
ID : TEMP (0x3)
MOUNT POINT : N/A
ATTR : RW SLC (0x1001)
FIRST_UNIT : 1912
NO_UNITS : 28 (*mismatch* 28 should be 30)
POSITION : 0x1de00000-0x1e500000
SIZE : 0x00700000
===============================
ID : MODEM (0x5)
MOUNT POINT : /dev/block/bml10
ATTR : RO SLC PREWRITING (0x9002)
FIRST_UNIT : 1940
NO_UNITS : 64
POSITION : 0x1e500000-0x1f500000
SIZE : 0x01000000
===============================
Click to expand...
Click to collapse
I also request all developers to contribute for the missing information. If devs like to add some more information please let me know, I will add it.
Hope this also helps all developers.
Thanks in advance for the support.
camera : s5k4ca
sensors : akm8973
Got first reply from the creator. Thank you very much marcellusbe.
Updated first post.
marcellusbe said:
camera : s5k4ca
sensors : akm8973
Click to expand...
Click to collapse
What about the sound chip? WM8994 DAC
Maybe that belongs to be on your list.
Wiggierip said:
What about the sound chip? WM8442 DAC
Maybe that belongs to be on your list.
Click to expand...
Click to collapse
it's wolfson microelectronics wm8994
marcellusbe said:
it's wolfson microelectronics wm8994
Click to expand...
Click to collapse
I edited my post allready acctually , Thanks anyway
Run the voodoo report app by supercurio to get some more info
https://play.google.com/store/apps/details?id=org.projectvoodoo.report
Also, /dev/block/bml5 is the kernel, and modem's bml10
A partition table (without the entries for the first and second stage bootloader, param and efs partitions is available here :
https://github.com/chirayudesai/cd.kernel-apollo/blob/cd-2.6.32/drivers/mtd/onenand/samsung_apollo.h
The GPU is called FIMG-3DSE (rev. 1.5.3), so maybe it's better to use this name in the first post.
I would also add information about USB switch - FSA9480 and try to find the model of LCD controller, PMIC chip(s), modem and other sensors (akm8973 is only the compass/magnetometer).
For partition table, there should be a file in /proc listing the complete partition map with exact offsets and sizes, in case of Spica it's /proc/rfs/bmlinfo.
tom3q said:
The GPU is called FIMG-3DSE (rev. 1.5.3), so maybe it's better to use this name in the first post.
I would also add information about USB switch - FSA9480 and try to find the model of LCD controller, PMIC chip(s), modem and other sensors (akm8973 is only the compass/magnetometer).
For partition table, there should be a file in /proc listing the complete partition map with exact offsets and sizes, in case of Spica it's /proc/rfs/bmlinfo.
Click to expand...
Click to collapse
Or you can just go through /proc/last_kmsg
You did post a boot log sometime back, layout's this :
Code:
==== PARTITION INFORMATION ====
ID : IBL & PBL (0x0)
ATTR : RO SLC PREWRITING (0x9002)
FIRST_UNIT : 0
NO_UNITS : 1
===============================
ID : SBL (0x1)
ATTR : RO ENTRYPOINT SLC BOOTLOADING PREWRITING (0xd402)
FIRST_UNIT : 1
NO_UNITS : 5
===============================
ID : PARAM (0x2)
ATTR : RW SLC (0x1001)
FIRST_UNIT : 6
NO_UNITS : 2
===============================
ID : EFS (0x18)
ATTR : RW STL SLC (0x1101)
FIRST_UNIT : 8
NO_UNITS : 32
===============================
ID : KERNEL (0x4)
ATTR : RO SLC PREWRITING (0x9002)
FIRST_UNIT : 40
NO_UNITS : 30
===============================
ID : FACTORYFS (0x15)
ATTR : RW STL SLC (0x1101)
FIRST_UNIT : 70
NO_UNITS : 880
===============================
ID : DATAFS (0x16)
ATTR : RW STL SLC (0x1101)
FIRST_UNIT : 950
NO_UNITS : 810
===============================
ID : CACHE (0x17)
ATTR : RW STL SLC (0x1101)
FIRST_UNIT : 1760
NO_UNITS : 152 (*mismatch* 152 should be 150)
===============================
ID : TEMP (0x3)
ATTR : RW SLC (0x1001)
FIRST_UNIT : 1912
NO_UNITS : 28 (*mismatch* 28 should be 30)
===============================
ID : MODEM (0x5)
ATTR : RO SLC PREWRITING (0x9002)
FIRST_UNIT : 1940
NO_UNITS : 64
===============================
You should change the title itns GT-I5800(1) not G3
Sent from my GT-I5800 using xda premium
All changes updated. I got some information from #cat /proc/LinuStoreIII/bmlinfo . Please confirm the information's are correct. Please provide me the missing info. Once I got all the information I will update the main post.
# cat proc/LinuStoreIII/bmlinfo
FSR VERSION: FSR_1.2.1p1_b129_RTM
minor position size units id name
1: 0x00000000-0x00040000 0x00040000 1 0
2: 0x00040000-0x00180000 0x00140000 5 1
3: 0x00180000-0x00200000 0x00080000 2 2
4: 0x00200000-0x00a00000 0x00800000 32 24
5: 0x00a00000-0x01180000 0x00780000 30 4
6: 0x01180000-0x0ed80000 0x0dc00000 880 21
7: 0x0ed80000-0x1b800000 0x0ca80000 810 22
8: 0x1b800000-0x1de00000 0x02600000 152 23
9: 0x1de00000-0x1e500000 0x00700000 28 3
10: 0x1e500000-0x1f500000 0x01000000 64 5
==== PARTITION INFORMATION ====
ID : IBL & PBL (0x0)
MOUNT POINT : ?????
ATTR : RO SLC PREWRITING (0x9002)
FIRST_UNIT : 0
NO_UNITS : 1
POSITION : 0x00000000-0x00040000
SIZE : 0x00040000
===============================
ID : SBL (0x1)
MOUNT POINT : ????
ATTR : RO ENTRYPOINT SLC BOOTLOADING PREWRITING (0xd402)
FIRST_UNIT : 1
NO_UNITS : 5
POSITION : 0x00040000-0x00180000
SIZE : 0x00140000
===============================
ID : PARAM (0x2)
MOUNT POINT : ????
ATTR : RW SLC (0x1001)
FIRST_UNIT : 6
NO_UNITS : 2
POSITION : 0x00180000-0x00200000
SIZE : 0x00080000
===============================
ID : EFS (0x18)
MOUNT POINT : /dev/block/stl4
ATTR : RW STL SLC (0x1101)
FIRST_UNIT : 8
NO_UNITS : 32
POSITION : 0x00200000-0x00a00000
SIZE : 0x00800000
===============================
ID : KERNEL (0x4)
MOUNT POINT : /dev/block/bml5
ATTR : RO SLC PREWRITING (0x9002)
FIRST_UNIT : 40
NO_UNITS : 30
POSITION : 0x00a00000-0x01180000
SIZE : 0x00780000
===============================
ID : FACTORYFS (0x15)
MOUNT POINT : /dev/block/stl6
ATTR : RW STL SLC (0x1101)
FIRST_UNIT : 70
NO_UNITS : 880
POSITION : 0x01180000-0x0ed80000
SIZE : 0x0dc00000
===============================
ID : DATAFS (0x16)
MOUNT POINT : /dev/block/stl7
ATTR : RW STL SLC (0x1101)
FIRST_UNIT : 950
NO_UNITS : 810
POSITION : 0x0ed80000-0x1b800000
SIZE : 0x0ca80000
===============================
ID : CACHE (0x17)
MOUNT POINT : /dev/block/stl8
ATTR : RW STL SLC (0x1101)
FIRST_UNIT : 1760
NO_UNITS : 152 (*mismatch* 152 should be 150)
POSITION : 0x1b800000-0x1de00000
SIZE : 0x02600000
===============================
ID : TEMP (0x3)
MOUNT POINT : ????
ATTR : RW SLC (0x1001)
FIRST_UNIT : 1912
NO_UNITS : 28 (*mismatch* 28 should be 30)
POSITION : 0x1de00000-0x1e500000
SIZE : 0x00700000
===============================
ID : MODEM (0x5)
MOUNT POINT : /dev/block/bml10
ATTR : RO SLC PREWRITING (0x9002)
FIRST_UNIT : 1940
NO_UNITS : 64
POSITION : 0x1e500000-0x1f500000
SIZE : 0x01000000
===============================
Click to expand...
Click to collapse
pmanian said:
All changes updated. I got some information from #cat /proc/LinuStoreIII/bmlinfo . Please confirm the information's are correct. Please provide me the missing info. Once I got all the information I will update the main post.
Click to expand...
Click to collapse
It is indeed the correct, and the partitions you've marked as ??? (for the mount points) aren't mounted in the android system, they contain the Samsung bootloaders which are used only to initialize the phone and then load the kernel, and then complete control is passed to the kernel
Also, might wanna remove the / in front of kernel and modem in the first post, as they are directly accessed from the block device's location
Updated the main post. Thanks for the information. Thanks you very much.
cdesai said:
It is indeed the correct, and the partitions you've marked as ??? (for the mount points) aren't mounted in the android system, they contain the Samsung bootloaders which are used only to initialize the phone and then load the kernel, and then complete control is passed to the kernel
Also, might wanna remove the / in front of kernel and modem in the first post, as they are directly accessed from the block device's location
Click to expand...
Click to collapse
TFT LCD PANEL: Samsung S6D04D1
ALL THE INFO U NEED! dharam made this thread long back..... keep scrolling down... info on our devices hardware and software....
we owe u dharam
http://forum.xda-developers.com/showthread.php?t=1156243
I am not aware of that, So I created this thread. Thanks for the info.
unreal3000 said:
TFT LCD PANEL: Samsung S6D04D1
ALL THE INFO U NEED! dharam made this thread long back..... keep scrolling down... info on our devices hardware and software....
we owe u dharam
http://forum.xda-developers.com/showthread.php?t=1156243
Click to expand...
Click to collapse
unreal3000 said:
TFT LCD PANEL: Samsung S6D04D1
ALL THE INFO U NEED! dharam made this thread long back..... keep scrolling down... info on our devices hardware and software....
we owe u dharam
http://forum.xda-developers.com/showthread.php?t=1156243
Click to expand...
Click to collapse
S6D04D is the LCD controller chip inside the LCD module. The exact manufacturer and model of the screen itself might vary, but it doesn't matter, because the chip handles it itself.
Modem is a Qualcomm.
Not sure which.
hillbeast said:
Modem is a Qualcomm.
Not sure which.
Click to expand...
Click to collapse
oh yeah... i saw somewhere.... time for a bit of research...
---------- Post added at 03:36 AM ---------- Previous post was at 03:06 AM ----------
found it.... modem- QSC6270
datasheet- http://pdf1.alldatasheet.com/datasheet-pdf/view/186573/QUALCOMM/QSC6270.html
pic of the inside of the phone-
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
anyone recognize the other chips?
1 more useful link-
http://forum.xda-developers.com/showthread.php?t=1260551
unreal3000 said:
oh yeah... i saw somewhere.... time for a bit of research...
---------- Post added at 03:36 AM ---------- Previous post was at 03:06 AM ----------
found it.... modem- QSC6270
datasheet- http://pdf1.alldatasheet.com/datasheet-pdf/view/186573/QUALCOMM/QSC6270.html
pic of the inside of the phone-
anyone recognize the other chips?
1 more useful link-
http://forum.xda-developers.com/showthread.php?t=1260551
Click to expand...
Click to collapse
Just pulled my phone apart. I'll tell you what all the chips are:
The big one with SAMSUNG on it is the CPU. The black one to the right is the MAX8998 chip. Below it the big one is the modem (Qualcomm QSC6270), and to the right of that is the WM8998 audio codec. Still trying to find the USB switch chip...
EDIT: The one in the bottom right corner is the FM radio.
hillbeast said:
Just pulled my phone apart. I'll tell you what all the chips are:
The big one with SAMSUNG on it is the CPU. The black one to the right is the MAX8998 chip. Below it the big one is the modem (Qualcomm QSC6270), and to the right of that is the WM8998 audio codec. Still trying to find the USB switch chip...
EDIT: The one in the bottom right corner is the FM radio.
Click to expand...
Click to collapse
Now that you've popped your phone apart, could you take some HD pics and upload somewhere?
I talked to AdamOutler once about getting the unbrickable mod working on our devices, HD pics of the board would help with that