Related
Hi there boys and girls ... for those interested ....
QC BQS Ana*lyzer 3.0
What is it ?
-----------
Let's call it the ultimate BQS / QC swiss knife and very special Crypto Tool (RSA Signature Calc can be used for any mobile):
BQS only :
----------
1. Load AMSS to extract files or useful infos
(EF81, E81C, EF91, SXG75, EF82, SF71, SL91, M7 or similiar ones)
Features :
Extract Infos from AMSS : USBID, Product.Nr., SVN, SwBuild, Mobiletype
Extract internal filesystem (mif,bar,sig etc. files)
Extract certificates
Extract all BMPs,GIFs,PNGs, JPGs
Extract AMSS signature bytes (if production key)
Show all file references used by mobile
2. Sim_Secure extraction/decryption (non-public)
3. Master-/Usercode/Unlock extraction and direct unlock (non-public)
All QC :
--------
1. Load Partition File to get overview about NAND/NOR structure
2. Make usage of QCs Diag Interface .... to do nice things
(Useful for any QC mobile in the world)
Standard Features :
-------------------
- Send standard diag commands or any hexadecimal command you want (database included)
- Read out all NVItems (range given)
(all that exist, more than QPST normally extracts)
- Backup and Restore all NVItems
- Read out and Dump Firmware in Memory (IRam)
- Read out complete EFS
- Switch to FTM Mode (or anything else you want)
- Get infos about phone ..... etc ..... a lot more functions
- Generate SimSecure Command to write to SimSecure using given file (may brick your phone when used without knowledge)
Bootloader / DownloadMode Features :
-------------------------------------
- Load any file to mobile at any address and execute (bootloader f.e.)
- Read out complete NAND Memory using bootloader (range given) with included MSM6250/A bootloader or any given bootloader
Usage : Take out battery, put in battery, press ON # to enter emergency mode, Execute Loader
or (with SL91,SF71 f.e.) enable FTM mode, Execute Loader
- Use any Download Mode or Bootloader Command to experiment
- Read application memory of newer Diag Ver 6 in Download Mode
- Show complete infos about used NAND after loading of Bootloader
Flasher Features :
-----------------
Flash any QC mobile (OBL Multiboot) with given bootloader
- Flash PBL (dangerous), QCSBL, QCSBL Header and Config Bits, Partition, OEMSBL, OEMSBL Header, AMSS, AMSS Header and EFS
3. Crypto Function :
-----------------
- Calculate CRC-30, SHA1 and MD4 of any file
- Bruteforce bytes to fit CRC-30 needed when qcsblhd_cfgdata.mbn was edited
- Decrypt any RSA-Message, including ASN-1 / SHA Signatures.
- Check firmware signature given Modulus and Exponent
4. Sim_Secure extraction/decryption (non-public)
5. Full Feature JTAG Interface (non-public)
Although it is still a bit buggy and things have to be speeded up ...
it is the successor of AMSS Analyzer .... but more reliable and even much faster
Planned in future :
-----------------
1. Bugfixes
2. Tooltips showing real addresses in graphical window
3. EFS2 Directory Browsing
4. Elimination of extracted files in amss.mbn for better understanding
5. Simple NVItems Editor
6. Porting NVM hack already working with JTAG to COM/USB
7. AMSS signature hack, Exploit for Signature (this will be a tough task)
8. Read out SMS / Addressbook via Diag Interface
NO UNLOCKING ! PLEASE DO NOT REQUEST. THIS PROJECT IS FOR EDUCATIONAL PURPOSES ONLY, NOT TO HARM COMPANIES FOR THEIR EFFORTS.
What we need :
----------------
- Any contribution to the project is welcome.
- Donations for new hardware and software for further development of this tool.
- We need support in programming and documentation XD
Link to the project files :
------------------------
Version 3.00 Fruit Assassin (Major Release)
http://code.google.com/p/qcbqsanalyzer/downloads/list
Cya and keep on reversing,
Viper BJK
For full source, see project homepage.
If you think my tool is useful and you would like to donate some money for further development, feel free to do so :
http://viperbjk.beepworld.de/
great stuff, I admire your work, this has been used to partially unbrick a htc titan (work in progress still, as it crashes on some bit of code in init god knows why).
Hi.
New Version supports MSM7200.
Maybe take an look.
Code:
New version 3.42 out
--------------------
What's new ?
-------------
- Find public keys in HTC SPL.nb via Cryptosearch
- Added Public Keys for [B]HTC[/B] Firmware (Diamond, Kaiser, Raphael)
- Exponent bugfixes
- New RSA Decryption interface
Feedback are welcome.
Thanx.
Best Regards
Forbidden
Your client does not have permission to get URL /p/qcbqsanalyzer/downloads/list from this server.
bad link
Link to the project files :
------------------------
Version 3.00 Fruit Assassin (Major Release)
http://code.google.com/p/qcbqsanalyzer/downloads/list
Does this software works on new phones, or is there any similar software?
I was going through another site & came across a Terminology Guide. I couldn’t find something similar here so just wanted to take it upon myself to create a well organized post providing abbreviations & terminology so that any one, Master or Newbie, can have a quick reference guide to all things droid. I myself do not know everything but I do know some things & I believe with some help from the moderators & contributing members of xda-developers, we can throw together a one-stop-shop for all the droid info.
[FONT="]A special thanks to [/FONT][FONT="]Sam Fisher [/FONT][FONT="]at[/FONT][FONT="] droidforums [/FONT][FONT="]for the inspiration[/FONT][FONT="]!![/FONT]
Thanks to My_Immortal, OmegaRED^ & Spaarc for their suggestions & information shared!
________________
ADK: Android Development Kit, What people use to develop anything for the Android such as ROM's
The ADK (Android development kit) is divided into 3 parts
1. Android SDK (Software development Kit): used to make easy programs which only require touch & some sensors , e.g. Games
2. Android NDK ( Native Development Kit): this is used to Create apps which require Hardware or Use the native binaries & libraries of Android , eg. Camera , CyanogenMod Settings, Oxygen Settings , etc.
3. Android PDK ( Platform Development Kit): As the name suggests this is the main kit which allows to make all ".mk" files (eg. Android.mk, etc) & most of the files found on github
Basically Dev's like FXP , Z , Achotjan , kxhawkins , etc. Use the PDK to make AOSP/CM7 ROMs from source
& Also use NDK to edit the system apk's etc. to make it stable
adb: Android Debug Bridge, a command-line debugging application included with the SDK. It provides tools to browse the device, copy tools on the device, & forward ports for debugging. If you are developing in Eclipse using the ADT Plugin, adb is integrated into your development environment.
AOSP: Android Open System Project, usually you will see this term when referring to a program or ROM. This will mean that the program or ROM was taken from Google & does not contain any modifications done by the phone Manufacturer or the phone service provider. This is Android the way Google intended.
Application Programming Interface (API): An interface used by applications to communicate with each other. An API is a library that may include specification for routines, data structures, object classes, and variables. APIs are particularly useful in extending a platform.
Apps2SD: A method of storing items and Cache on the device’s microSD card, allowing you to run apps on external memory.
Boot Animation: A term for a graphical representation of the boot process of the OS. Boot animation can be a simple visualization of the scrolling boot messages in the console, or it can present graphics or some combination of both. Boot animation is not necessarily designed for marketing purposes, but can enhance the experience of the user as eye candy, or provide the user with messages to diagnose the state of the system.
Baseband or Radio: In communications & signal processing, the baseband describes signals & systems whose range of the frequencies measured from close to 0 hertz to a cut-off frequency, a maximum bandwidth or highest signal frequency; it is sometimes used to describe frequencies starting close to zero
Boot Loader/SPL: In literal terms, boot loader is code that is executed before any Operating System starts to run. The concept of boot loaders is universal to virtually all Operating systems that include operating systems on your PC, laptop, Smartphone, & other such devices. Boot loaders basically package the instructions to boot operating system kernel & most of them also have their own debugging or modification environment. As the boot loader kicks off before any piece of software on your device, it makes it extremely processor specific & every motherboard has its own boot loader.
Boot Loader/SPL (Unlocked): A locked or unlocked boot loader is what gives you access to “root.” “Root” is another big word in the Android community. If you “root” a device, it means you have “super user” access or “administrator” access to the operating system that runs on your phone. Root access of your Android device gives you the ability to flash ROMs.
One of the most popular ROMs was created by a team called the CyanogenMod(CM), & their current rom is CM7, which is built on Android 2.3 Gingerbread. What this means is that if you have a phone that has an unlocked boot loader & root access, you can flash the CM7 ROM to your phone with a couple more steps. This also means that you can get access to most of the features in the latest version of Android that is commercially available, without having to wait for your manufacturer or carrier to give you an official update.
Boot Loop: Simply means something is preventing the phone from completing it's boot cycle & is stuck between the boot animation & the unlock screen, creating a looped animation. This is often fixed by either reloading a NAndroid, or Reflashing a ROM from the xRecovery/ClockworkMod Recovery/Flashtool.
Brick or Bricked: Jargon for a completely unrecoverable device, (no more than a brick or paperweight)
Note: It is my understanding that radio will boot first, followed by other systems. So it is IMPORTANT that your radio image/version will work with your SPL image/version. This is the one & only reason for phones being bricked. You cannot brick your phone by flashing a ROM or Boot image or recovery image. Once you flash the wrong radio for the SPL, the only known method of recovery is to send the phone back into SE for repair.
How do I know the phone is hard-bricked? A hard-bricked phone cannot boot into boot loader, recovery, or into normal operation modes. You cannot connect to a hard-bricked phone via adb or fastboot. You can only see one screen on the phone & it will be the first splash screen.
Bug or Software Bug: An Error or flaw in software that produces a failure or unexpected/unwanted result. Typically created from incorrect code, this is why some ROMs are better & smoother running than others because developers have taken the time to input "perfect" code (read put in a lot of hours & hard work)
Busybox: A single multicall binary that packages the functionality of most widely used standard Unix tools, BusyBox provides a fairly complete environment for any small or embedded system.
Canvas: A drawing surface that handles compositing of the actual bits against a Bitmap or Surface object. It has methods for standard computer drawing of bitmaps, lines, circles, rectangles, text, and so on, and is bound to a Bitmap or Surface. Canvas is the simplest, easiest way to draw 2D objects on the screen. However, it does not support hardware acceleration, as OpenGL ES does. The base class is Canvas.
COMPCACHE: (compressed caching) is, in short, virtual swap, setting aside a certain percentage (usually 25%) of your RAM as 'compressed' swap. Compcache compresses the data that would normally go to swap, then moves it back into RAM, and reverses the process when moving it out of the 'compressed' swap. However, this is a classic space-time trade-off. You effectively get more RAM from the compression, but it is slower than 'normal' RAM due to the CPU time required to compress and decompress the swapped pages.
ClockworkMod: A recovery program that is often used to apply updates, ROMs, or create a back up or restore a backup file
Custom ROM: A custom ROM can range in definition from some custom code modifications to make Android run better on a device, all the way to changing the homescreen, background services, and default software.
Many software experts collaborate together in communities to build the fastest or most feature filled ROM’s. The most popular today are CyanogenMod (which supports over 70 devices!), AOKP (a lightweight ROM with plenty of customization options), and Android Revolution, a heavyweight ROM which often focusses on looking great. Just because these Android builds are made by ‘ordinary people’ and not highly paid developers at HTC or Samsung doesn’t mean they are full of bugs or risky to use. In most cases the software built by communities is ten times better. Release cycles are much shorter, fun features can be put in, and anyone can contribute an idea to the development.
DALVIK: An open source, register-based virtual machine (VM) that’s part of the Android OS. The Dalvik VM executes files in the Dalvik Executable (.dex) format, a format that is optimized for efficient storage and memory-mappable execution & relies on the Linux kernel for additional functionality like threading & low-level memory management. The virtual machine is register-based, and it can run classes compiled by a Java language compiler that have been transformed into its native format using the included "dx" tool. The Dalvik core class library is intended to provide a familiar development base for those used to programming with Java Standard Edition, but it is geared specifically to the needs of a small mobile device.
Dalvik Cache: A program cache area for the program Dalvik. Dalvik is a java based virtual machine that is the basis for running your programs (the ones that have the .apk extension). In order to make access times faster (because there's not JIT (just in time) compiler installed by default), the dalvik-cache is the result of dalvik doing a optimization of the running program. It's similar to the prefetch files in Windows.
DDMS: Dalvik Debug Monitor Service, a GUI debugging application included with the SDK. It provides screen capture, log dump, and process examination capabilities. If you are developing in Eclipse using the ADT Plugin, DDMS is integrated into your development environment.
Deep Sleep: A state when the CPU is off, display dark, device is waiting for external input.
Density-Independent pixels (dp): A virtual pixel unit equivalent to one physical pixel on an average, “medium” density 160 dpi screen. On higher ppi screens, dp’s are scaled to retain a constant size (px = dp * (dpi/160)). For example, on a 200 dpi screen, the dp would take up 1.25 physical pixels.
Dots per inch (DPI, or dpi) is a measure of spatial video dot density, in particular the number of individual dots that can be placed in a line within the span of 1 inch (2.54 cm).
De-odex: Apk files have respective odexes that devs use to supposedly save space. Deodexing means you convert it back to a .dex file & put it back inside the apk. This allows you to easily replace files (not having to worry about odexes), but the main point was to deodex services.jar so that you can change all text to different colors (such as the clock color to white) & to deodex services.jar, you need to deodex everything.
Dev. or Developer: An individual that creates, or alters a file in such a manner as to advance the program
Drawable: A compiled visual resource that can be used as a background, title, or other part of the screen. A drawable is typically loaded into another UI element, for example as a background image. A drawable is not able to receive events, but does assign various other properties such as "state" and scheduling, to enable subclasses such as animation objects or image libraries. Many drawable objects are loaded from drawable resource files — xml or bitmap files that describe the image. Drawable resources are compiled into subclasses of android.graphics.drawable.
Fastboot: Protocol used to update the flash file system in Android devices from a host over USB. It allows flashing of unsigned partition images.
FC/FC’s: Short for “force close,” meaning an app that has crashed.
Flash: Rewrite the software/firmware on your phone using a computer to "flash" or completely rewrite the memory (ROM) of your phone. This is done using ODIN.
Flash Memory: a program technology that can be electrically erased & reprogrammed
Flashtool: It is a S1 flashing software that works for all Sony phones from X10 to Xperia Z Ultra. They all use the S1 protocol for flashing firmwares.
This program was originally made to flash sin files downloaded by SEUS or PCC. From time to time, sin files have been bundled into what is now well known FTF (Flash Tool Firmwares). That is the core of Flashtool and the reason of its name.
Flashtool can also easily unlock the bootloader of the phone using the BLU icon as far as the bootloader of your phone is unlockable.
Flashing: The ROM memory used in smartphones and tablets etc. is often same as flash memory found in SD Cards and USB flash drives, simply optimized for better speed and performance while running the operating system.
Hard Reset: The act of resetting your phone to its “factory” state. A hard reset erases all user data, logins, and passwords. This process may or may not erase the contents of the internal storage and/or microSD card as well.
JIT: The Just-in-Time Compiler, released with Android 2.2, it’s a method of greatly speeding up apps in Android. The JIT compiler analyzes an app’s code and converts it, allowing the app to run faster. It does all this while the application is running, hence “just in time.” The JIT compiler for Android functions with a very short “warm up” time; it doesn’t take very long to analyze the code before it starts working.
Kernel: The main component of Android operating system.
It is a bridge between applications & the actual data processing done at the hardware level.
The kernel's responsibilities include managing the system's resources (the communication between hardware & software components).
[Usually as a basic component of an operating system, a kernel can provide the lowest-level abstraction layer for the resources
(especially processors & I/O devices) that application software must control to perform its function.
It typically makes these facilities available to application processes through inter-process communication mechanisms & system calls.
Operating system tasks are done differently by different kernels, depending on their design & implementation.]
Launcher: Collectively, the part of the Android UI on the home screen that allows you to launch apps, make phone calls, etc. It is built into Android, or can be purchased in the Android Market.
Manifest File: An XML file that each application must define, to describe the application's package name, version, components (activities, intent filters, services), imported libraries, and describes the various activities, and so on. See The AndroidManifest.xml File for complete information.
Nine-patch / 9-patch / Ninepatch image: A re-sizeable bitmap resource that can be used for backgrounds or other images on the device.
Nandroid or Nandroid Backup: A file typically created in the custom recovery program, such as xRecovery, that is a carbon copy of whatever state your phone is in before a drastic change is made. The file then can be moved onto or off of the SD card for later use in case something should go wrong in the ROM or Update, or a Boot Loop occurs
ODIN: It is the program you can use to flash phones.
e.g. : 'Odin Multi-Downloader v3.95' is used to flash the Samsung Galaxy. It's usually included in firmware packs.
OEM: Original Equipment Manufacturer, the people who actually put together electronic hardware. Also refers to any equipment original to the phone, or produced by the company for the phone
OpenGL ES: A cross-platform API for full-function 2D and 3D graphics on embedded systems. Android provides OpenGL ES libraries that you can use for fast, complex 3D images. It is harder to use than a Canvas object, but better for 3D objects. The android.opengl and javax.microedition.khronos.opengles packages expose OpenGL ES functionality.
OS: Operating system, I.E. Windows Vista, LINUX or MAC or Android
OTA: Over-the-Air; method T-Mobile, & some other phone companies, uses to update Android phones. The new versions of Android are developed by Google & then released to OEM's, Sony Ericsson in our case. The OEM then writes drivers that enable the new software to work on the phone's hardware. They also develop any specialized UI (user interface), like Timescape & Mediascape, or other software they want to include. Once this is complete, they turn it over to the cell phone company, (e.g.)Tmobile, who then have to do the final checks to make sure the update works, & then distributes it over there data network using their cell transmitters.
Overclocking (OC): Speeding up the CPU past the factory presets to achieve a faster & more responsive device (prolonged run can be injurious to your device, so be careful.
Partition: The phone’s internal memory (not the SD Card) is solid-state (flash) memory. It can be partitioned much like a normal hard drive can be partitioned. On an Android device, the Bootloader exists in its own partition. Recovery is another partition; radio, system, Cache, etc. are all partitions.
Here are the standard partitions on an Android phone:
/misc – miscellaneous…
/boot – bootloader, kernel
/recovery – holds the recovery program (either clockworkmod or RA recovery for a rooted Evo)
/system – operating system goes here: Android, etc.
/cache – cached data from OS usage
/data – user applications, data, settings, etc.
The below partitions are not Android-specific. They are tied to the hardware of the phone, but the kernel may have code allowing Android to interact with said hardware.
/radio – the phone’s radio firmware, controls cellular, data, GPS, bluetooth.
/wimax – firmware for Sprint’s flavor of 4G, WiMax.
Recovery Mode: A small separate operating mode you can boost your device into, used for device administration. Two popular custom recovery modes for our device are xRecovery and ClockworkMod.
ROM: Read Only Memory, a program used to make changes to anything from the look of the home screen to icons to custom boot animation.
Root: Common word associated with giving a user "super user" access to their phones programming & other various aspects that would normally not be possible, also known as "Jailbroken" for iPhone's, "Administrator Rights" in Windows OS.
Shell or SSH: The shell is the layer of programming that understands & executes the commands a user enters. In some systems, the shell is called a command interpreter. A shell usually implies an interface with a command syntax (think of the DOS operating system & its "C:>" prompts & user commands such as "dir" & "edit"). secure shell or ssh is a network protocol that allows data to be exchanged using a secure channel between two networked devices
Soft Reset: The act of rebooting your phone, whether intentionally or otherwise, same effect as when you remove and replace the battery.
SQLite: An embedded relational database management system contained in a relatively small (~275 kB) C programming library. It is multitasking concerning reads. Writes can be done only one-at-a-time. It is a popular choice for local/client storage on web browsers. It has many bindings to programming languages. It is arguably the most widely used database engine, as it is used today by several widespread browsers, operating systems, embedded systems among others
Stock: Simply means an unaltered state, such as when you first purchase your phone from Verizon/Your Service Provider or when you repair your phone using PC Companion or SE Update Service(SEUS)
SU: "Super user", or root permissions
SWAP: is, in short, virtual RAM. With swap, a small portion of the hard drive is set aside and used like RAM. The computer will attempt to keep as much information as possible in RAM until the RAM is full. At that point, the computer will begin moving inactive blocks of memory (called pages) to the hard disk, freeing up RAM for active processes. If one of the pages on the hard disk needs to be accessed again, it will be moved back into RAM, and a different inactive page in RAM will be moved onto the hard disk ('swapped'). The trade off is disks and SD cards are considerably slower than physical RAM, so when something needs to be swapped, there is a noticeable performance hit.
Unlike traditional swap, Android's Memory Manager kills inactive processes to free up memory. Android signals to the process, then the process will usually write out a small bit of specific information about its state (for example, Google Maps may write out the map view coordinates; Browser might write the URL of the page being viewed) and then the process exits. When you next access that application, it is restarted: the application is loaded from storage, and retrieves the state information that it saved when it last closed. In some applications, this makes it seem as if the application never closed at all. This is not much different from traditional swap, except that Android apps are specially programmed to write out very specific information, making Android's Memory Manager more efficient that swap.
Theme: A set of icons, backgrounds & app trays that change the aesthetics of the overall look of the Android & its applications. It has a set of properties (text size, background color, and so on) bundled together to define various default display settings. Android provides a few standard themes, listed in R.style (starting with "Theme_").
TWRP: TeamWin Recovery Project – or TWRP for short – is a fully touch-based custom recovery that was initially developed for Nexus devices, but has since been made available for countless other smartphones and tablets as well, in form of both official and third-party builds.
TUN/TAP: Refers to a network TUNnel, operates within layer 3 packets, or ip packets. Packets sent by a system via a TUN/TAP device are delivered to a user-space program that attaches itself to the device. A user space program may also pass packets into a TUN/TAP device. In this case TUN/TAP device delivers (or "injects") these packets to the operating system's network stack thus emulating their reception from an external source.
Underclocking(UC): Slowing down the CPU mainly to limit battery usage
Undervolting(UV): Basically keeping the clock speed same (or overclocking it) & reduce the voltage at each cpu cycle.
Updater Script: A scripting language called Edify for all Android OS since “Donut.” Updater Script is used with recovery mode, to perform a wide range of functions on files and permissions.
xRecovery: A recovery program based on the ClockworkMod Recovery sources used to apply updates, ROMs, or create a back up or restore a backup file
Zipalign: An archive alignment tool that optimizes the way a .apk is packaged. Doing so enables the Android operating system to interact with the application more efficiently, and hence has the potential to make the application and system much faster. Execution time is minimized for zipaligned applications, resulting is less RAM consumption when running the .apk.
File Types:
.dex: Compiled Android application code file. Android programs are compiled into .dex (Dalvik Executable) files, which are in turn zipped into a single .apk file on the device. .dex files can be created by automatically translating compiled applications written in the Java programming language.
.sbf: Summation Briefcase File
.apk or APK's: An .apk file extension denotes an Android Package (APK) file, an .apk file can be opened & inspected using common archive tools. Each Android application is compiled and packaged in a single file that includes all of the application's code (.dex files), resources, assets, and manifest file. The application package file can have any name but must use the .apk extension. For example: myExampleAppname.apk. For convenience, an application package file is often referred to as an ".apk".
.tar: Similar to a zip file(derived from tape archive), a tar file archives multiple files into one file
.tgz: TGZ files (gnu-zipped .tar file) are commonly used as install packages for Slackware Linux.
pheeeeww!!This took sometime!!
Well this is all I can think of off the top of my head but as I think of more I will edit them in here & I encourage the mods to put things that I either forgot or just simply am not aware of. Also I request fellow user to suggest any terms frequently used & not added or any discrepancies found, kindly PM me!!
Thank you & happy hacking/flashing!!
_____________________________________
X10 LED States:-
--------------------------------------
W-LOD: White LED of DEATH.
--------------------------------------
Sometimes a R-LOD is similar to a W-LOD but the LED is red instead.
Usually results in a Reboot, or a Freeze or a Crash
-------------------------------
Flashing R-L: Red LED.
-------------------------------
Led flashes RED 3 times.
Indicates Requirement for Charge
--------------------------------
G-LS: Green LED Steady.
--------------------------------
LED goes Steady GREEN while USB is plugged in.
Flash Mode Entered/Fully Charged.
CPU : -
----------------------------------------
Central Processing Unit: -
----------------------------------------
It's pretty much the heart of your device pumping data through & from all the attached devices the Kernel & Modules is its soul & it's OS is it's skin & flesh.
-----------------------
Core Clock Speed: -
-----------------------
It is the actual clock speed that the CPU is running at. "Not the multiplied speed."
It's good to remember a CPU's performance is also effected by its memory's speed.
Similar rules exist for the GPU (Graphics Processing Unit).
Nice effort! Thanks!
Although, you got the Kernel thing wrong:
kloud_ said:
Kernel: The govenor of the CPU usage and Battery output, one can upload certain Kernals to achieve greater performance speed of their device at the cost of some battery life
Click to expand...
Click to collapse
Kernel: It's the main component of Android operating system.
It is a bridge between applications and the actual data processing done at the hardware level.
The kernel's responsibilities include managing the system's resources (the communication between hardware and software components).
[Usually as a basic component of an operating system, a kernel can provide the lowest-level abstraction layer for the resources
(especially processors and I/O devices) that application software must control to perform its function.
It typically makes these facilities available to application processes through inter-process communication mechanisms and system calls.
Operating system tasks are done differently by different kernels, depending on their design and implementation.]
My_Immortal said:
Nice effort! Thanks!
Although, you got the Kernel thing really wrong:
Kernel: It's the main component of Android operating system.
It is a bridge between applications and the actual data processing done at the hardware level.
The kernel's responsibilities include managing the system's resources (the communication between hardware and software components).
[Usually as a basic component of an operating system, a kernel can provide the lowest-level abstraction layer for the resources
(especially processors and I/O devices) that application software must control to perform its function.
It typically makes these facilities available to application processes through inter-process communication mechanisms and system calls.
Operating system tasks are done differently by different kernels, depending on their design and implementation.]
Click to expand...
Click to collapse
Thanks for correcting me... got a bit distracted and thus the blunder. My bad.
Have edited the term
Good work thaks
Sent from my GT-I9000 using Tapatalk
Brilliant. Prefect for newbies. I wish there was something like this when i started lol.
Sent from my X10 TripNMiUI-1.8.19 using XDA App
kylec said:
Brilliant. Prefect for newbies. I wish there was something like this when i started lol.
Sent from my X10 TripNMiUI-1.8.19 using XDA App
Click to expand...
Click to collapse
better late than never!!
Nice work Bro, great idea, wants a sticky
colossus said:
Nice work Bro, great idea, wants a sticky
Click to expand...
Click to collapse
thanks Smarts or Colossus!
vERY nice guide
The ADK (android development kit) is divided into 3 parts
1.Android SDK (Software development Kit) : used to make easy programs which only require touch and some sensors , eg. Games
2.Android NDK ( Native Development Kit) : this is used to Create apps which require Hardware or Use the native binaries and libraries of Android , eg. Camera , CyanogenMod Settings , Oxygen Settings , etc.
3.Android PDK ( Platform Development Kit) : As the name suggests this is the main kit which allows to make all ".mk" files (eg. Android.mk , etc) and most of the files found on github
Basically Dev's like FXP , Z , Achotjan , kxhawkins , etc. Use the PDK to make AOSP/CM7 ROMs from source
And Also use NDK to edit the system apk's etc.. to make it stable
That's some knowledge from my side
spaarc said:
vERY nice guide
The ADK (android development kit) is divided into 3 parts
1.Android SDK (Software development Kit) : used to make easy programs which only require touch and some sensors , eg. Games
2.Android NDK ( Native Development Kit) : this is used to Create apps which require Hardware or Use the native binaries and libraries of Android , eg. Camera , CyanogenMod Settings , Oxygen Settings , etc.
3.Android PDK ( Platform Development Kit) : As the name suggests this is the main kit which allows to make all ".mk" files (eg. Android.mk , etc) and most of the files found on github
Basically Dev's like FXP , Z , Achotjan , kxhawkins , etc. Use the PDK to make AOSP/CM7 ROMs from source
And Also use NDK to edit the system apk's etc.. to make it stable
That's some knowledge from my side
Click to expand...
Click to collapse
Thanks Spaarc.
Will add it right away! Thanks once again
This could be called "AndroidDictionary for noobs"
Infinity Ytinifni S. Sent from Xperia X10i-modded.
X10 Led States:-
----------------------
W-Lod: White LED of DOOM.
--------------------------------------
Sometimes a R-lod is similar to a W-lod but the LED is red instead.
Usually results in a Reboot, or a Freeze or a Crash
R-R-L: Red Rolling LED.
-------------------------------
Led flashes RED 3 times.
Indicates Requirement for Charge
G-LS: Green LED Steady.
--------------------------------
LED goes Steady GREEN while usb is plugged in.
Flash Mode Entered and or Fully Charged.
Cpu's. Central Processing Unit:-
----------------------------------------
It's pretty much the heart of your device pumping data through and from all the attached devices the Kernel and Modules is it's soul and it's OS is it's skin and flesh.
Core Clock Speed:Is the actual clock speed that the CPU is running at. "not the multiplied speed."
It's good to remember a CPU's performance is also effected by it's memory's speed.
Similar rules exist for the GPU.
This place was so color less i figured i would bring some.
haha
thanks for the post OmegaRED^
thanx pretty usefull info out there.!!
Definetly a Sticky. Thanks very much!
Now I know what a "WLOD" is. I had no idea before.
Karl
i though WLOD is stand for White LED of death....just like blue screen of death for windows (but who cares...it still got same meaning anyway )
anyway...nice thread....should request for sticky
Arnold.Alexius said:
i though WLOD is stand for White LED of death....just like blue screen of death for windows (but who cares...it still got same meaning anyway )
anyway...nice thread....should request for sticky
Click to expand...
Click to collapse
Thanks... it stands for death but I liked the way it sounds so didn't change what OmegaRED^ had suggested!
A few corrections.
OTA: Over The Air.
tar: Tape ARchive - archive consisting of multiple files that has not been compressed.
tgz: compressed tarbol (tape archive) usually with gzip.
shell: the standard command language interpreter.
ssh: secure shell - provides secure encrypted communications between two untrusted hosts over an insecure network.
This was an easy explanation for all noobs, like me. Thanks
ynkamat said:
This was an easy explanation for all noobs, like me. Thanks
Click to expand...
Click to collapse
You're welcome!
Warm Regards
kLouD
Sent from my X10i on J's CM7 & DooM's v4 kernel using XDA Premium App
Hey geeks,
you might know my hardware hacking thread already:
http://forum.xda-developers.com/showthread.php?t=1199450
Some time ago i started thinking about starting with an open bootloader for Archos Gen8.
So i started from scratch and made use of external boot mode to completely start from external MicroSD and leave the internal memory alone.
Remark: This is a geek project, there's no GUI or something. So don't expect anything useful right now.
At the moment you'll need some hardware hacking, because you'll need a serial console over uart3.
Unfortunately you'll also need a dirty hack to power up the MicroSD permanently.
Don't hesitate to ask for details about it.
So this is for the weird ones out there...
Right now there's work in progress, because stock kernel stucks at some point in the boot process.
Maybe there's some setup missing in the bootcode (it's very basic at the moment) or stock kernel relies heavily on avboot at some point.
I will work on this issue whenever i'll find some time.
Anyway it might be still an interesting project for at least a very few of you, so here's the source code:
- x-loader-archos
- u-boot-2011.09-archos
As pointed out the Archos implementation is very basic at the moment, but the code itself works very well and had been tested on A101IT Gen8.
To further devices, e.g. A70S Gen8, the machine id had to be included in the board file, the rest of the setup in early stage should be very similar.
The code bases:
- x-loader (https://gitorious.org/x-loader/x-loader)
- u-boot (taken from this archive: http://www.technexion.com/images/downloads/ARM_CPU_Modules/TDM-3730/linux-2.6.32-tdm3730.tar.xz)
I'd like to switch to official u-boot release 2011.09 as a base soon.
To start playing with it:
- open your case and start hacking, to get serial console working
- tweak the hardware to power the MicroSD slot permanently
- create a bootable MicroSD for OMAP systems
- place the binaries on your card
- insert the card and use vitalifs kernel module to reboot your device in external bootmode
Please refer to these posts from vitalif (thanks a lot for contributing!!!):
http://forum.xda-developers.com/showpost.php?p=22719203&postcount=105
http://forum.xda-developers.com/showpost.php?p=22765441&postcount=108
You might start digging in the source code and create your own loader:
- use a linux machine with a recent distribution
- setup a cross environment with ARM cross compiler suitable for ARMV7
- extract the sources to directory of your choice
- to compile x-load:
Code:
cd ./x-loader-archos
make archos_config
make
- to compile u-boot-2011.09-archos:
Code:
cd ./u-boot-2011.09-archos
make a101it_config
make
It might be required to tweak the top-level Makefiles to point at your toolchain.
I used my ready to work toolchain (for 32-bit linux only) here:
http://forum.xda-developers.com/showthread.php?t=1328027
Unfortunately i haven't found some time to create a project page at gitorious,
but hopefully i'll manage to do so in the next weeks...
I know this is a very very special project, but anyway if there's some interest, this might lead to something useful in the end.
If the bootcode is working very nice some day, it might also be possible to replace stock loader, but that's fiction yet.
You might ask what for...
I say... it's just for fun!
cheers,
scholbert
Boot console output... so far
Hey,
it had been posted already but her again for completeness...
The console log on UART3 starting custom kernel configured with stock config:
Code:
Texas Instruments X-Loader 1.5.1 (Mar 26 2012 - 20:41:11)
Found 0256 MB
Archos Gen8
Reading boot sector
Loading u-boot.bin from mmc
Done!
U-Boot 2011.09 (Mar 23 2012 - 18:53:39)
OMAP3630/3730-GP ES1.2, CPU-OPP2, L3-165MHz, Max CPU Clock 1 Ghz
Archos 101IT Gen8 + LPDDR/MMC
I2C: ready
DRAM: 256 MiB
MMC: OMAP SD/MMC: 0
Using default environment
In: serial
Out: serial
Err: serial
Die ID #144800029ff800000160a4bb18027009
Hit any key to stop autoboot: 0
reading boot.scr
** Unable to read "boot.scr" from mmc 0:1 **
reading uImage
2987000 bytes read
Booting from mmc ...
## Booting kernel from Legacy Image at 82000000 ...
Image Name: Linux-2.6.29-omap1
Image Type: ARM Linux Kernel Image (uncompressed)
Data Size: 2986936 Bytes = 2.8 MiB
Load Address: 80008000
Entry Point: 80008000
Verifying Checksum ... OK
Loading Kernel Image ... OK
OK
Starting kernel ...
Uncompressing Linux.............................................................
................................................................................
..................................................... done, booting the kernel.
<6>Initializing cgroup subsys cpu
<5>Linux version 2.6.29-omap1 ([email protected]) (gcc version 4.4.1 (GCC) ) #1
PREEMPT Thu Mar 22 23:59:34 CET 2012
CPU: ARMv7 Processor [413fc082] revision 2 (ARMv7), cr=10c5387f
CPU: VIPT nonaliasing data cache, VIPT nonaliasing instruction cache
Machine: Archos A101IT board
fixup_archos: [console=ttyS2,115200n8 androidboot.console=ttyGS0 init=/linuxrc d
ebug omapdss.debug=0 vram=4915200 omapfb.vram=0:4915200 omapfb.debug=0 mmc_block
.split=0.0001:512M]
Memory policy: ECC disabled, Data cache writeback
<7>On node 0 totalpages: 65536
<7>free_area_init_node: node 0, pgdat c05fd368, node_mem_map c06a5000
<7> Normal zone: 512 pages used for memmap
<7> Normal zone: 0 pages reserved
<7> Normal zone: 65024 pages, LIFO batch:15
<4>L2 CACHE is enabled in bootloader
<6>OMAP3630 ES1.2
<6>DIE ID: 144800029FF800000160A4BB18027009
<6>FEATURE_STATUS: 00000c00
<6>SRAM: Mapped pa 0x40200000 to va 0xfc800000 size: 0x100000
<6>Reserving 4915200 bytes SDRAM for VRAM
Built 1 zonelists in Zone order, mobility grouping on. Total pages: 65024
<5>Kernel command line: console=ttyS2,115200n8 androidboot.console=ttyGS0 init=/
linuxrc debug omapdss.debug=0 vram=4915200 omapfb.vram=0:4915200 omapfb.debug=0
mmc_block.split=0.0001:512M
<3>Unknown boot option `androidboot.console=ttyGS0': ignoring
<3>Unknown boot option `omapdss.debug=0': ignoring
<6>Clocking rate (Crystal/DPLL/ARM core): 26.0/332/600 MHz
BTW, i extracted the function from Archos loader setup up PLL and MPU stuff.
Need some time to extract the stock setup for PLL at early stage.
Maybe this will give some answers.
One of my next plans is, to build some kind of bare bone kernel (console only), which may be used for recovery and debug purpose.
Maybe this gives it a kick and things start up to a login shell
TBC
Have fun!
scholbert
One of my next plans is, to build some kind of bare bone kernel (console only), which may be used for recovery and debug purpose.
Maybe this gives it a kick and things start up to a login shell.
Click to expand...
Click to collapse
Seems like an internal monologue... but i like to point out that i stopped this project for a while.
So don't expect anything like a brick recovery tool or similar.
If others will join in it might be possible that it would led to something,
but as long as no one even starts hacking the hardware this is just for me...
Happy days!
scholbert
scholbert said:
Seems like an internal monologue... but i like to point out that i stopped this project for a while.
So don't expect anything like a brick recovery tool or similar.
If others will join in it might be possible that it would led to something,
but as long as no one even starts hacking the hardware this is just for me...
Happy days!
scholbert
Click to expand...
Click to collapse
Shame you stopped your efforts for now, I always followed your posts with much interest. However I can understand it is frustrating being on your own.
Thanks for what you did this far and for posting your info .
divx118
Sorry to read that, this was a very very interesting reading.
But I don't have the knowledge to make the necessary hardware hack, and above all, my wife would kill me if she saw me opening the tab
Thanks again for all that amazing information scholbert
Hey,
first off all thanks for your interest and your replies
Some words on your comments though...
divx118 said:
Shame you stopped your efforts for now, I always followed your posts with much interest. However I can understand it is frustrating being on your own.
Click to expand...
Click to collapse
I did not want to sound frustrated, because i'm not.
All i do with the device and all that hacking stuff is fun and mostly for educational purpose
Maybe i'll continue working with this stuff, but for now i wanted to point out to not expect too much.
Some guys out there, bricked their devices and were looking for a solution.
That's why i wrote it down.
Basically it should be possible to recover bricks by using external boot procedure, but it's still far from a simple solution.
grim-a101 said:
Sorry to read that, this was a very very interesting reading.
But I don't have the knowledge to make the necessary hardware hack, and above all, my wife would kill me if she saw me opening the tab
Click to expand...
Click to collapse
Yeah that's a good point, the barrier for this kind of hacking is little high.
Unfortunately you'll have to tweak the hardware, to gain access to the serial debugging port and cheat the power management of the MicroSD slot.
Most of you simply want to use the device and do some less harder tweaks at system level.
Anyway, there are some other possibilities as well (e.g. using USB and TI Flash) to access the platform. Maybe i'll do some research here as well.
Thanks again for appreciation!!!
Regards,
scholbert
i found this in xperia x10 general section maybe we should have the same thread in our general section
[source] xperia x10 general section from kloud_
I was going through another site & came across a Terminology Guide. I couldn’t find something similar here so just wanted to take it upon myself to create a well organized post providing abbreviations & terminology so that any one, Master or Newbie, can have a quick reference guide to all things droid. I myself do not know everything but I do know some things & I believe with some help from the moderators & contributing members of xda-developers, we can throw together a one-stop-shop for all the droid info.
A special thanks to Sam Fisher at droidforums for the inspiration!!
Thanks to My_Immortal, OmegaRED^ & Spaarc for their suggestions & information shared!
________________
ADK: Android Development Kit, What people use to develop anything for the Android such as ROM's
The ADK (Android development kit) is divided into 3 parts
1. Android SDK (Software development Kit): used to make easy programs which only require touch & some sensors , e.g. Games
2. Android NDK ( Native Development Kit): this is used to Create apps which require Hardware or Use the native binaries & libraries of Android , eg. Camera , CyanogenMod Settings, Oxygen Settings , etc.
3. Android PDK ( Platform Development Kit): As the name suggests this is the main kit which allows to make all ".mk" files (eg. Android.mk , etc) & most of the files found on github
Basically Dev's like FXP , Z , Achotjan , kxhawkins , etc. Use the PDK to make AOSP/CM7 ROMs from source
& Also use NDK to edit the system apk's etc.. to make it stable
adb: Android Debug Bridge, a command-line debugging application included with the SDK. It provides tools to browse the device, copy tools on the device, & forward ports for debugging. If you are developing in Eclipse using the ADT Plugin, adb is integrated into your development environment.
AOSP: Android Open System Project, usually you will see this term when referring to a program or ROM. This will mean that the program or ROM was taken from Google & does not contain any modifications done by the phone Manufacturer or the phone service provider. This is Android the way Google intended.
Baseband or Radio: In communications & signal processing, the baseband describes signals & systems whose range of the frequencies measured from close to 0 hertz to a cut-off frequency, a maximum bandwidth or highest signal frequency; it is sometimes used to describe frequencies starting close to zero
Boot Loader/SPL: In literal terms, boot loader is code that is executed before any Operating System starts to run. The concept of boot loaders is universal to virtually all Operating systems that includes operating systems on your PC, laptop, Smartphone, & other such devices. Boot loaders basically package the instructions to boot operating system kernel & most of them also have their own debugging or modification environment. As the boot loader kicks off before any piece of software on your device, it makes it extremely processor specific & every motherboard has its own boot loader.
Boot Loader/SPL (Unlocked): A locked or unlocked boot loader is what gives you access to “root.” “Root” is another big word in the Android community. If you “root” a device, it means you have “super user” access or “administrator” access to the operating system that runs on your phone. Root access of your Android device gives you the ability to flash ROMs.
One of the most popular ROMs was created by a team called the CyanogenMod(CM), & their current rom is CM7, which is built on Android 2.3 Gingerbread. What this means is that if you have a phone that has an unlocked boot loader & root access, you can flash the CM7 ROM to your phone with a couple more steps. This also means that you can get access to most of the features in the latest version of Android that is commercially available, without having to wait for your manufacturer or carrier to give you an official update.
Boot Loop: Simply means something is preventing the phone from completing it's boot cycle & is stuck between the boot animation & the unlock screen, creating a looped animation. This is often fixed by either reloading a NAndroid, or Reflashing a ROM from the xRecovery/ClockworkMod Recovery/Flashtool.
Brick or Bricked: Jargon for a completely unrecoverable device, (no more than a brick or paperweight)
Note: It is my understanding that radio will boot first, followed by other systems. So it is IMPORTANT that your radio image/version will work with your SPL image/version. This is the one & only reason for phones being bricked. You cannot brick your phone by flashing a ROM or Boot image or recovery image. Once you flash the wrong radio for the SPL, the only known method of recovery is to send the phone back into SE for repair.
How do I know the phone is hard-bricked? A hard-bricked phone cannot boot into boot loader, recovery, or into normal operation modes. You cannot connect to a hard-bricked phone via adb or fastboot. You can only see one screen on the phone & it will be the first splash screen.
Bug or Software Bug: An Error or flaw in software that produces a failure or unexpected/unwanted result. Typically created from incorrect code, this is why some ROMs are better & smoother running than others because developers have taken the time to input "perfect" code (read put in a lot of hours & hard work)
Busybox: A single multicall binary that packages the functionality of most widely used standard Unix tools, BusyBox provides a fairly complete environment for any small or embedded system.
COMPCACHE: (compressed caching) is, in short, virtual swap, setting aside a certain percentage (usually 25%) of your RAM as 'compressed' swap. Compcache compresses the data that would normally go to swap, then moves it back into RAM, and reverses the process when moving it out of the 'compressed' swap. However, this is a classic space-time tradeoff. You effectively get more RAM from the compression, but it is slower than 'normal' RAM due to the CPU time required to compress and decompress the swapped pages.
ClockworkMod: A recovery program that is often used to apply updates, ROMs, or create a back up or restore a backup file
Dalvik: An open source, register-based virtual machine (VM) that’s part of the Android OS. The Dalvik VM executes files in the Dalvik Executable (.dex) format & relies on the Linux kernel for additional functionality like threading & low-level memory management. The virtual machine is register-based, and it can run classes compiled by a Java language compiler that have been transformed into its native format using the included "dx" tool.
Dalvik Cache: A program cache area for the program Dalvik. Dalvik is a java based virtual machine that is the basis for running your programs (the ones that have the .apk extension). In order to make access times faster (because there's not JIT (just in time) compiler installed by default), the dalvik-cache is the result of dalvik doing a optimization of the running program. It's similar to the prefetch files in Windows.
DDMS: Dalvik Debug Monitor Service, a GUI debugging application included with the SDK. It provides screen capture, log dump, and process examination capabilities. If you are developing in Eclipse using the ADT Plugin, DDMS is integrated into your development environment.
Deep Sleep: A state when the CPU is off, display dark, device is waiting for external input.
De-odex: Apk files have respective odexes that devs use to supposedly save space. Deodexing means you convert it back to a .dex file & put it back inside the apk. This allows you to easily replace files (not having to worry about odexes), but the main point was to deodex services.jar so that you can change all text to different colors (such as the clock color to white) & to deodex services.jar, you need to deodex everything.
Dev. or Developer: An individual that creates, or alters a file in such a manner as to advance the program
Drawable: A compiled visual resource that can be used as a background, title, or other part of the screen. A drawable is typically loaded into another UI element, for example as a background image. A drawable is not able to receive events, but does assign various other properties such as "state" and scheduling, to enable subclasses such as animation objects or image libraries. Many drawable objects are loaded from drawable resource files — xml or bitmap files that describe the image. Drawable resources are compiled into subclasses of android.graphics.drawable. For more information about drawables and other resources.
Fastboot: Protocol used to update the flash file system in Android devices from a host over USB. It allows flashing of unsigned partition images.
Flash: Rewrite the software/firmware on your phone using a computer to "flash" or completely rewrite the memory (ROM) of your phone. This is done using ODIN.
Flash Memory: a program technology that can be electrically erased & reprogrammed
Kernel: The main component of Android operating system.
It is a bridge between applications & the actual data processing done at the hardware level.
The kernel's responsibilities include managing the system's resources (the communication between hardware & software components).
[Usually as a basic component of an operating system, a kernel can provide the lowest-level abstraction layer for the resources
(especially processors & I/O devices) that application software must control to perform its function.
It typically makes these facilities available to application processes through inter-process communication mechanisms & system calls.
Operating system tasks are done differently by different kernels, depending on their design & implementation.]
Manifest File: An XML file that each application must define, to describe the application's package name, version, components (activities, intent filters, services), imported libraries, and describes the various activities, and so on. See The AndroidManifest.xml File for complete information.
Nine-patch / 9-patch / Ninepatch image
A re-sizeable bitmap resource that can be used for backgrounds or other images on the device.
Nandroid or Nandroid Backup: A file typically created in the custom recovery program, such as xRecovery, that is a carbon copy of whatever state your phone is in before a drastic change is made. The file then can be moved onto or off of the SD card for later use in case something should go wrong in the ROM or Update, or a Boot Loop occurs
ODIN: It is the program you can use to flash phones.
e.g. : 'Odin Multi-Downloader v3.95' is used to flash the Samsung Galaxy. It's usually included in firmware packs.
OEM: Original Equipment Manufacturer, the people who actually put together electronic hardware. Also refers to any equipment original to the phone, or produced by the company for the phone
OpenGL ES: Android provides OpenGL ES libraries that you can use for fast, complex 3D images. It is harder to use than a Canvas object, but better for 3D objects. The android.opengl and javax.microedition.khronos.opengles packages expose OpenGL ES functionality.
OS: Operating system, I.E. Windows Vista, LINUX or MAC or Android
OTA: Over-the-Air; method T-Mobile, & some other phone companies, uses to update Android phones. The new versions of Android are developed by Google & then released to OEM's, Sony Ericsson in our case. The OEM then writes drivers that enable the new software to work on the phone's hardware. They also develop any specialized UI (user interface), like Timescape & Mediascape, or other software they want to include. Once this is complete, they turn it over to the cell phone company, (e.g.)Tmobile, who then have to do the final checks to make sure the update works, & then distributes it over there data network using their cell transmitters.
Overclocking (OC): Speeding up the CPU past the factory presets to achieve a faster & more responsive device (prolonged run can be injurious to your device, so be careful.)
ROM: Read Only Memory, a program used to make changes to anything from the look of the home screen to icons to custom boot animation
Root: Common word associated with giving a user "super user" access to their phones programming & other various aspects that would normally not be possible, also known as "Jailbroken" for iPhone's, "Administrator Rights" in Windows OS.
Shell or SSH: The shell is the layer of programming that understands & executes the commands a user enters. In some systems, the shell is called a command interpreter. A shell usually implies an interface with a command syntax (think of the DOS operating system & its "C:>" prompts & user commands such as "dir" & "edit"). secure shell or ssh is a network protocol that allows data to be exchanged using a secure channel between two networked devices
SQLite: An embedded relational database management system contained in a relatively small (~275 kB) C programming library. It is multitasking concerning reads. Writes can be done only one-at-a-time. It is a popular choice for local/client storage on web browsers. It has many bindings to programming languages. It is arguably the most widely used database engine, as it is used today by several widespread browsers, operating systems, embedded systems among others
Stock: Simply means an unaltered state, such as when you first purchase your phone fromVerizon/Your Service Provider or when you repair your phone using PC Companion or SE Update Service(SEUS)
SU: "Super user", or root permissions
SWAP: is, in short, virtual RAM. With swap, a small portion of the hard drive is set aside and used like RAM. The computer will attempt to keep as much information as possible in RAM until the RAM is full. At that point, the computer will begin moving inactive blocks of memory (called pages) to the hard disk, freeing up RAM for active processes. If one of the pages on the hard disk needs to be accessed again, it will be moved back into RAM, and a different inactive page in RAM will be moved onto the hard disk ('swapped'). The trade off is disks and SD cards are considerably slower than physical RAM, so when something needs to be swapped, there is a noticeable performance hit.
Unlike traditional swap, Android's Memory Manager kills inactive processes to free up memory. Android signals to the process, then the process will usually write out a small bit of specific information about its state (for example, Google Maps may write out the map view coordinates; Browser might write the URL of the page being viewed) and then the process exits. When you next access that application, it is restarted: the application is loaded from storage, and retrieves the state information that it saved when it last closed. In some applications, this makes it seem as if the application never closed at all. This is not much different from traditional swap, except that Android apps are specially programed to write out very specific information, making Android's Memory Manager more efficient that swap.
Theme: A set of icons, backgrounds & app trays that change the aesthetics of the overall look of the Android & its applications. It has a set of properties (text size, background color, and so on) bundled together to define various default display settings. Android provides a few standard themes, listed in R.style (starting with "Theme_").
TUN/TAP: Refers to a network TUNnel, operates within layer 3 packets, or ip packets. Packets sent by a system via a TUN/TAP device are delivered to a user-space program that attaches itself to the device. A user space program may also pass packets into a TUN/TAP device. In this case TUN/TAP device delivers (or "injects") these packets to the operating system's network stack thus emulating their reception from an external source.
Underclocking(UC): Slowing down the CPU mainly to limit battery usage
Undervolting(UV): Basically keeping the clock speed same (or overclocking it) & reduce the voltage at each cpu cycle.
xRecovery: A recovery program based on the ClockworkMod Recovery sources used to apply updates, ROMs, or create a back up or restore a backup file
File Types:
.dex: Compiled Android application code file. Android programs are compiled into .dex (Dalvik Executable) files, which are in turn zipped into a single .apk file on the device. .dex files can be created by automatically translating compiled applications written in the Java programming language.
.sbf: Summation Briefcase File
.apk or APK's: An .apk file extension denotes an Android Package (APK) file, an .apk file can be opened & inspected using common archive tools. Each Android application is compiled and packaged in a single file that includes all of the application's code (.dex files), resources, assets, and manifest file. The application package file can have any name but must use the .apk extension. For example: myExampleAppname.apk. For convenience, an application package file is often referred to as an ".apk".
.tar: Similar to a zip file(derived from tape archive), a tar file archives multiple files into one file
.tgz: TGZ files (gnu-zipped .tar file) are commonly used as install packages for Slackware Linux.
pheeeeww!!This took sometime!!
Well this is all I can think of off the top of my head but as I think of more I will edit them in here & I encourage the mods to put things that I either forgot or just simply am not aware of. Also I request fellow user to suggest any terms frequently used & not added or any discrepancies found, kindly PM me!!
Thank you & happy hacking/flashing!!
_____________________________________
X10 LED States:-
--------------------------------------
W-LOD: White LED of DEATH.
--------------------------------------
Sometimes a R-LOD is similar to a W-LOD but the LED is red instead.
Usually results in a Reboot, or a Freeze or a Crash
-------------------------------
Flashing R-L: Red LED.
-------------------------------
Led flashes RED 3 times.
Indicates Requirement for Charge
--------------------------------
G-LS: Green LED Steady.
--------------------------------
LED goes Steady GREEN while USB is plugged in.
Flash Mode Entered/Fully Charged.
CPU : -
----------------------------------------
Central Processing Unit: -
----------------------------------------
It's pretty much the heart of your device pumping data through & from all the attached devices the Kernel & Modules is its soul & it's OS is it's skin & flesh.
-----------------------
Core Clock Speed: -
-----------------------
It is the actual clock speed that the CPU is running at. "Not the multiplied speed."
It's good to remember a CPU's performance is also effected by its memory's speed.
Similar rules exist for the GPU (Graphics Processing Unit).
Tnx for the info. This very useful specially to us noobs....
Sent from my E15i using xda premium
Everyone browse this forum must read this at least one time!!!!!!!!!!
Sent from my X8 using xda premium
AOSP: Android Open System Project, usually you will see this term when referring to a program or ROM.
Click to expand...
Click to collapse
AOSP is Android Open Source Project
posted via Tapatalk 2 Beta
Thanks for sharing.
Sent from my E15i using Tapatalk
I know that there are many guides about unlocking bootloader and things have been posted a million times.
From what i've learned from various sources all over the web there's still a lot of confusion,
if and how a device could be unlocked and what is really happening under the hood.
In fact i didn't want to create yet another unlocking bootloader thread, but hopefully a collection of facts,
already known about the process and if it's safe or could be done this way or the other.
Another thing i'd like to put some light on, are some details about the boot process in general.
Please refer to this older thread as well:
http://forum.xda-developers.com/showthread.php?t=1429038
Noob's posting will never end, unless we lift some secrets and make more clear how the processes are basically working.
This should as well cover some basics on how the bootloader/kernel are protected by the manufacturers.
Would be better to use the term security locked/unlocked bootloader anyway.
See this nice page (also referenced in the thread above), which describes the whole boot process on Qualcomm CPU's:
http://www.anyclub.org/2012/02/android-board-bring-up.html
You'll find a link to the original document in the 2 post.
Please prepare for some boring technical details, but as well for some essential guidelines,
how to proceed with your device. Anyway, consider this as a starter...
Enough talking, let's define some headlines or topics to be discussed.
Bootmodes and Protocols
Just to sum up three known modes residing in different stages of bootcode:
- QDL
(PBL loader, lowest level, entered by powering up without battery and testpoint pulled to GND)
- QHUSB_LOAD
(a.k.a. SEMC USB Flash, a.k.a green LED mode, entered by powering up with back button pressed)
- FASTBOOT
(a.k.a blue LED mode, entered by powering up with menu button pressed)
unlocking security vs. SIM-lock
Description:
Locked/unlocked security of the bootloader and SIM-lock are different tracks,
though there's an important dependency between them.
Your device is SIM-locked if service menu gives "bootloader unlockable: no"
or simply refuses SIM-cards from another carrier.
What we know:
- fastboot is disabled on SIM-locked phones
- without removing the SIM-lock there's no way to unlock these phones for free
- normally you may purchase SIM unlock code from your provider
- removing the SIM-lock seems to give access to the fastboot option (confirmed by gen_scheisskopf, thanks!!)
- some devices seem to have restrictions here, result: no fastboot even after removing SIM-lock (this was pointed out once in another thread)
What we need to know:
Please confirm, if bootloader unlock is working after SIM-lock is removed!
In other words will you get fastboot feature after removing SIM-lock?
See the feedback from gen_scheisskopf:
http://forum.xda-developers.com/showpost.php?p=36783582&postcount=8
Result:
As long as you're able to remove the SIM-lock and your phone is old security you would be able to unlock bootloader as well!
old security vs. new security
Description:
Old/new security is independent of the EROM version (e.g. 1241-3656 R9B031) but relates to certain manufacturing dates,
or better the CPU types.
I got trustworthy reports about R9B031 getting unlocked with s1tool.
This date code may vary between the device models, but it seems to be proven,
that devices manufactured in Q2 2012 and later (~12W11..12W16) are new security.
I found out as well, that the manufacturing date of the device and the mainboard may be different.
This might explain why there are some diverging reports for devices in this period.
From what i got so far, the chain of trust includes the secondary bootloader (SBL) on all devices.
In other words SBL is signed code in any case.
At least the fuse setup for this feature is common on most of the Xperia 2011 series.
On a new security device patching or replacing the SBL (s1boot) will fail because OTP ROM could not be cheated.
If you got the "qcreceivepacket" error, your device is new security or at least not supported by s1tool (e.g. MSM8255T models seem not to work).
Only known method to unlock new security is Sony official method (grey market may work as well...).
What we know:
- testpoint method does not work on new security
- it should be safe to try the testpoint method because it won't break anything (if it is done correctly)
- right now there's only one way to check for new security (try and error)
- breaking new security would take ages or is impossible
What we need to know:
Perhaps someone needs to confirm that official Sony method works without flaws on new security.
Result:
Testpoint method should not result in a bricked device.
Official method should do it in these cases.
SEMC patch (testpoint method) vs. Sony official (oem key method)
Description (need some feedback though):
Sony official method to unlock security in the bootloader is done by flashing a generated key to a certain region of NAND.
The keys are device specific and the IMEI is part of the key generation (maybe serial number as well).
The fastboot command oem with the valid key certifies the unlock process and device specific key gets written in the TA section.
Unpatched SBL (s1boot) will always scan for a valid key in this section of NAND.
If there's a valid key, routine will report success and security checks of kernel code will be overriden.
The testpoint method seemse to make use of a bug inside the chips primary bootloader (OTP PBL).
It had been found out that this bug existed in the early Xperia 2011 series and could be used to rewrite parts of NAND flash.
This opened the door to patch parts of the NAND bootcode (s1boot) or even replace the bootloader code.
As a result, the bootloader leaves further security checks aside and continues booting even with an unsigned kernel.
So how could we apply a patch to the bootloader?
By setting the testpoint to GND (force WE# of NAND to GND) external NAND is blocked and the phone gets started on the bare metal.
Only PBL is running at that point.
Though the procedure is not 100% understood, it is for sure that a tiny loader is transfered to the SoC's IRAM and gets executed.
This loader then allows to overwrite first blocks of external NAND memory and replace or at least patch the bootloader.
What we know:
Sony way:
- Sony official method works well with fastboot enabled devices
- DRM get's lost with Sony official method and could not be reverted (it's gone... and yes: no way back!!!)
- If using Sony official method, bootloaders could be re-locked by deleting the key
S1tool way:
- testpoint method does not work on new security (and will never work!)
- By pressing the restore button in S1tool everything is virgin again
- OS is not aware of the patched bootloader
- FOTA will cause bricks
What we need to know:
Basically we need so more details about bootloaders on Xperia 2011 from the cracks here...
Result:
Better understanding of "black box" procedures.
Debugging features at boot level
Description:
Parts of the boot code could still be dumped from memory with Android up and running.
We could dump the specific memory areas by reading the content with tools, such as viewmem.
The areas of interest are accessible in RAM area at:
Code:
0x00000000 - ~0x000023a0
0x00090300 - ~0x000ab190
By disassembling these dumped areas or simply extracting the strings of that region you may get a clue of the bootloaders secrets.
For the geeks and kernel developers its even more interesting to follow the startup procedure of the bootloader and early kernel inits,
with a console hooked up on a serial interface.
In fact we got this debug UART on most of the Xperia 2011.
This interface is present as dev/ttyMSM2 in the Android base system as well and is attached to UART3 of the MSM8255 SoC.
See this post for details:
http://forum.xda-developers.com/showpost.php?p=37660319&postcount=76
The debug UART was at least identified on the MK16i mainboard.
If you need more details, please ask!
We got the testpoints confirmed to be working on lt18i as well.
See here for the location:
http://forum.xda-developers.com/showpost.php?p=37701777&postcount=82
... and the logs:
http://forum.xda-developers.com/showpost.php?p=37983019&postcount=109
Thanks a lot for contribution!
See this beautiful hack for the X8/10 as well:
http://forum.xda-developers.com/showthread.php?t=2064108
What we know:
- parts of NAND could only be accessed with some "evil" tricks (e.g. kexec method)
- there are extensive debugging features available in our bootcode
What we need to know:
It would be nice to find a way to activate a cmdline interface at bootlevel.
Result:
Get some insights of the implemented functions in bootcode.
O.k. i'll stop writing for now.
If this thread will draw some attention, i'll continue
You're always welcome to correct me or leave a comment here.
If you like more technical reading tell me as well.
Opinions and discussion welcome!!!
P.S:
If anyone could point me to some code to write a NAND mtd mapper for 2.6.32-9 stock kernel, you're welcome!
Background: I'd like to get mtdblock4 & 5 access on rooted but security locked device.
CREDITS (no particular order):
Dilesh Perera (for s1tool logs, which helped a lot to draw some conclusions)
gen_scheisskopf (for very useful discussion all over this thread)
hillbeast (for confirmation of UART3 testpoints on LT18i and logs)
...all others who helped to get a better understanding of the fuse registers!
Hugh thanks!!!
TBC
Cheers,
scholbert
Hi,
in the meantime i was able to identify some of the OTP registers used on MSM8255(T), a.k.a. fuse registers.
There's another interesting factory register which identifies the type of CPU.
Though it seems that of "old" and "new" security chip could not directly identified using these registers, it is a nice journey to the internals.
We need a tool to dump these values from userland.
Check out viewmem:
http://blog.maurus.be/index.php/2011/01/samsung-i9000-irom-dump/
Grab the viewmem tool from http://blog.maurus.be/wp-content/uploads/viewmem
Copy to /data/local on your device and execute the tool as root.
HW_REVISION_NUMBER
I started some investigation again and made some dumps using this tool.
./viewmem 0xabc00270 0x4 | hexdump -C
As an example given my device got this ID:
HW_REVISION_NUMBER 0xabc00270 = 0x205720e1
This equals to the JTAG Core ID of the Qualcomm chip.
The other one used for JTAG is the TAP ID = 0x27B360E1
I found these Core ID values of derivates in the web:
CPU: Qualcomm MSM8255
Core ID: 0x205700E1
and
Core ID: 0x205720E1
There's this one as well:
CPU: Qualcomm MSM8255T
Core ID: 0x2057A0E1
If someone likes to contribute, please run the viewmem command given above and post it here.
This way we might get an idea which chip revisions are floating around.
MSM_TCSR_CONF_FUSE
I stumbled over the MSM_TCSR register set by looking into bootloaders and disassembled parts of s1_boot as well.
These gave the same offset in some code snippets.
So here we go...
Code:
MSM_TCSR_PHYS 0xab600000
TCSR_CONF_FUSE_0 0xab60005c // TCSR_CONF_FUSE_0 register (base security setup)
TCSR_CONF_FUSE_1 0xab600060 // TCSR_CONF_FUSE_1 register (enhanced debug)
TCSR_CONF_FUSE_2 0xab600064 // TCSR_CONF_FUSE_2 register (feature setup)
TCSR_CONF_FUSE_3 0xab600068 // TCSR_CONF_FUSE_3 register (unique serial#)
TCSR_CONF_FUSE_4 0xab60006c // TCSR_CONF_FUSE_4 register (L1&L2 clocking)
TCSR_CONF_FUSE_5 0xab600070 // TCSR_CONF_FUSE_5 register (not used)
These are the values i dumped from my device:
Code:
0xab60005c = 0x00716d4b
0xab600060 = 0xc8041447
0xab600064 = 0x28040815
0xab600068 = 0x695888c0 (unique serial number of CPU)
0xab60006c = 0x200001b0
0xab600070 = 0x00000000
MSM8255 based:
Xperia pro (MK16)
FUSE(0-5): 00716d4b c8041447 28040815 695888c0 200001b0 00000000
Which looks very similar to these (found on the web over various forums):
MSM8255 based:
Xperia arc (LT15)
FUSE(0-5): 00716d4b c8041447 28040815 fe53ed80 200001b0 00000000
MSM8255 based (according to GSM forum this is a new security device):
Sony Walkman (WT19i)
FUSE(0-5): 00714b6d c8041447 28040815 14b248a0 200001b0 00000000
MSM8255 based (security unknown):
Xperia neo V (MT11)
FUSE(0-5): 00714b6d c8041447 28040815 13789bc0 200001b0 00000000
MSM8255T based (security unknown):
Xperia arc S (LT18)
FUSE(0-5): 00714b6d e8041447 28040815 e99f59a0 200001b0 00000000
MSM8255T based (new security):
Xperia arc S (LT18)
FUSE(0-5): 00714b6d c8041447 28040815 c25cf0a0 200001b0 00000000
MSM8655 based (security unknown):
Xperia acro (IS11S)
FUSE(0-5): 00714b6d 08041447 28000816 5244e280 200001b0 00000000
We need to confirm if this is true...
Copy viewmem to /data/local on your device and execute the tool as root.
Read out the value of TCSR_CONF_FUSE_0:
./viewmem 0xab60005c 0x4 | hexdump -C
result: 4b 6d 71 00
which is LSB first so please rearrange to get MSB first...
result: 00 71 6d 4b
This is one of the things that still need some clarification:
value = 0x00716d4b old and newsecurity
value = 0x00714b6d definitely new security
This is not proven and maybe it's not the correct register to look at.
Anyway this will be mostly guessing because i'm missing documents.
It's still unknown at which position the trusted boot bit is located and if it play a role for "old" vs "new" security setup.
I will need some more dumps of these registers. So i really would appreciate any help here...
At least dumping that register of:
one device successfully unlocked with s1tool
and
one from a device giving that packet error.
EDIT:
There's no difference here... as far as we got it right now.
How to participate?
First i need information about your device:
- model
- manufacturing date form the sticker under the battery
Second you need root, busyboy installed (with hexdump feature) viewmem tool (see 2nd post) and Android terminal or working adb.
- grab viewmem from the link in 2nd post
- put the viewmem binary on your device in /data/local
- type:
cd /data/local
chmod 0755 ./viewmem
- post the output of your Hardware ID, type:
./viewmem 0xabc00270 0x4 | hexdump -C
- post the output of your TCSR_CONF_FUSE_0..5
./viewmem 0xab60005c 0x14 | hexdump -C
Additionally you might give some details if you already tried to unlock with s1tool and if you got the paket error.
Thanks for all the fish :laugh: !!
MARM_ANY_MODE_DEBUG_DISABLE
Apart from the location of the trusted boot bit this is another very interesting fuse bit.
More to come on this topic soon!
Any help would be appreciated to shed some light on this!
Please join in :victory:
To get a better idea of all this stuff you might have a brief look into the application note attached to this post.
To the admins:
I know that some confidential data could be found all over in this forum, but please tell me if you see conflicts with the forum rules.
Geek stuff link collection:
If you like engineer stuff, check out this comprehensive thread:
http://forum.xda-developers.com/showthread.php?t=1856327
This as well:
http://www.anyclub.org/2012/05/qpst-emergency-download-support.html
EDIT:
This document will give you a good idea what happens on bootup and how parts interact with each other:
http://dl.dropbox.com/u/69550833/Android_Board_Bringup - 80-VM984-1-B.pdf
Hugh thanks to Antagonist42 for this beautiful document collection!!
I may add some referals to the parts used on the Xperia 2011 series...
I will clean up here from time to time and write down conclusions in the first post.
TBC
Regards,
scholbert
Nice post, would put a few more spaces between sentences to make for easier reading though.
Sent from myushi
i dont understank
Thanks for this. It would be good if you could add info on how device owners can determine whether they have a device with "old security" or "new security".
Kris-lam said:
i dont understank
Click to expand...
Click to collapse
What?
Whole world?
Life?
... or the reason why i wrote this thread?
pelago said:
Thanks for this. It would be good if you could add info on how device owners can determine whether they have a device with "old security" or "new security".
Click to expand...
Click to collapse
That would be on of the goals... see my comment in the first post again:
We need the register offset for the security efuse bank on MSM7x30 (MSM8255 as well) devices!
Click to expand...
Click to collapse
Once we got the offset, we may try to dump this region and look for different bits on same models.
If my conclusions are correct, old & new security hardware differ by a single efuse bit and as a result using different signatures and stuff inside NAND.
EDIT:
As an example, here's a driver implementation for LG device using APQ8064:
https://android.googlesource.com/ke...f6e/arch/arm/mach-msm/lge/lge_qfprom_access.c
These are the values on that platform:
Code:
...
#define QFPROM_HW_KEY_STATUS 0x702050
#define QFPROM_SECURE_BOOT_ENABLE 0x700310
#define QFPROM_OEM_CONFIG 0x700230
#define QFPROM_DEBUG_ENABLE 0x700220
#define QFPROM_SECONDARY_HW_KEY 0x7002A0
#define QFPROM_READ_PERMISSION 0x7000A8
#define QFPROM_WRITE_PERMISSION 0x7000B0
#define QFPROM_OVERRIDE_REG 0x7060C0
#define QFPROM_CHECK_HW_KEY 0x123456
...
Little further in that code...
Code:
...
/* addr LSB MSB */
//{ QFPROM_SECURE_BOOT_ENABLE, 0x00000020, 0x00000000}, /* SECURE ENABLE */
//{ QFPROM_OEM_CONFIG, 0x00000031, 0x00000000}, /* OEM ID */
//{ QFPROM_DEBUG_ENABLE, 0xC1000000, 0x0000006F}, /* JTAG DISABLE */
//{ QFPROM_CHECK_HW_KEY, 0x0, 0x0},
//{ QFPROM_READ_PERMISSION, 0x0C000000, 0x00000000}, /* READ PERMISSION */
//{ QFPROM_WRITE_PERMISSION, 0x54100000, 0x00000000}, /* WRITE PERMISSION */
...
Regards,
scholbert
Hi again,
though this thread is drawing less attention, i'd like to inform you about my process.
In the meantime i reviewed some low level code for the MSM7x30 (e.g. AMSS bootcode, moboot bootloader repository) to get a hint how to identify security level on the Xperia 2011 platforms.
As far as i got it the MSM7x30 is the base for the MSM8255 devices as well and i assume that most register offsets and peripheral I/O maps are equal.
First i found an interesting offset definition in the moboot bootloader:
Code:
#define HW_REVISION_NUMBER 0xABC00270
I compiled a little tool for my Xperia, which could be used to read back the content from memory mapped registers (a.k.a. memdump).
By addressing 0xabc00270 some mechanism got triggered and my device rebooted immediately.
My guess is that this is offset belongs to the security area and accessing this area is simply prevented by causing a reboot.
No output here at Android userland...
Next i had a look into the AMSS sources for the Hisense TS7008 development platform.
This seems to be reference code for the modem bootloader (baseband processor) which is a previous step before we boot the oem bootloader ( application processor) in our phones.
Anyway, the interesting part is, that i found another offset address, which is included in the moboot sources as well:
Code:
#define MSM_CRYPTO_BASE 0xA8400000
There are many references to this address and the related registers inside the routines for the crypto stuff (e.g. validate hash values).
I'm gonna try to read some content in this area this afternoon.
EDIT:
O.K. just tried to access these areas... seems like a no go from userland.
My phone freezes, after a while something like a watchdog timeout comes in and resets the device.
This is different to accessing the HW_REVISION_NUMBER, which caused an immediate reset.
Anyway, i guess i give up on this issue...
No discusssion, less interest, no comments from the cracks... the_laser is far away as well...
Cheers,
scholbert
scholbert said:
What we need to know:
Please confirm, if bootloader unlock is working after SIM-lock is removed!
In other words will you get fastboot feature after removing SIM-lock?
Click to expand...
Click to collapse
Yes, bootloader unlock is working after removing SIM-lock.
My ArcS was SIM-locked and I had to remove the lock in order to use the phone. Unlock was done using a code generator. I didn't touch the bootloader in case phone is somehow damaged (bought it as "unused second-hand")
Later I unlocked the bootloader using Wotan server (testpoint method)- no problems during the process, phone works fine.
One question regarding s1boot comes to my mind- how it manages partitioning (and would it be possible co create custom partition layout)?
Flashing official ICS using flashtool changed default (Gingerbread) partition sizes
Hey gen_scheisskopf,
it's a pleasure to meet you again over here :highfive:
How are things rollin' ?
gen_scheisskopf said:
Yes, bootloader unlock is working after removing SIM-lock.
Click to expand...
Click to collapse
Thanks for the feedback.
Just to make it clearer, after applying removing the SIM-lock, the fastboot feature got available... is this right?
gen_scheisskopf said:
My ArcS was SIM-locked and I had to remove the lock in order to use the phone. Unlock was done using a code generator. I didn't touch the bootloader in case phone is somehow damaged (bought it as "unused second-hand")
Later I unlocked the bootloader using Wotan server (testpoint method)- no problems during the process, phone works fine.
Click to expand...
Click to collapse
Mmmh, do you know what's behind this Wotan server method?
Is the bootloader patched as well (real bypass like s1tool) or is there a key generated and flashed to the phone (like official method)?
Just for the statistics... could you please tell me the date code of your phone?
gen_scheisskopf said:
One question regarding s1boot comes to my mind- how it manages partitioning (and would it be possible co create custom partition layout)?
Flashing official ICS using flashtool changed default (Gingerbread) partition sizes
Click to expand...
Click to collapse
This is very interesting indeed and i guess it's possible... someone should spend some time on investigating.
Will require to tweak TA sections or something. BTW i'm not sure if the TA parts are covered by certificates or something.
Anyway it would be required to get a good understanding of this process, otherwise this would cause bricks
Best regards,
scholbert
scholbert said:
Hey gen_scheisskopf,
it's a pleasure to meet you again over here :highfive:
How are things rollin' ?
Click to expand...
Click to collapse
Thanks, everything is OK. Still messing around with my devices (tweaking Toshiba ac100 Froyo now, got usb gamepad+GamepadIME working without any need for chmod-ing )
scholbert said:
Thanks for the feedback.
Just to make it clearer, after applying removing the SIM-lock, the fastboot feature got available... is this right?
Click to expand...
Click to collapse
Honestly I didn't check fastboot availability before removing SIM-lock. For sure it worked after removing the lock
scholbert said:
Mmmh, do you know what's behind this Wotan server method?
Is the bootloader patched as well (real bypass like s1tool) or is there a key generated and flashed to the phone (like official method)?
Click to expand...
Click to collapse
I'm not sure but it's possible that it flashed a patched bootloader- some files were downloaded in order to make the unlock but I didn't investigate what's inside. Client software was "unpack when executed then clean up" exe.
scholbert said:
Just for the statistics... could you please tell me the date code of your phone?
Click to expand...
Click to collapse
11W51 (December 2011?)
scholbert said:
This is very interesting indeed and i guess it's possible... someone should spend some time on investigating.
Will require to tweak TA sections or something. BTW i'm not sure if the TA parts are covered by certificates or something.
Click to expand...
Click to collapse
For sure we can investigate tft files themselves (GB vs ICS). Maybe for repartitioning it would be enough to prepare and flash custom .sin images? Official update seems to work this way, it was reported to work also for Arc using ArcS files
EDIT:
Correction- loader.sin flashing is also required for partition layout modification- original topic
However loader.sin provided in the mod is the same file as the one found in ArcS's baseband 70 and 72
gen_scheisskopf said:
Thanks, everything is OK. Still messing around with my devices (tweaking Toshiba ac100 Froyo now, got usb gamepad+GamepadIME working without any need for chmod-ing )
Click to expand...
Click to collapse
Cool!!
Once thought to buy one, there are many cool hacks floating around.
... off-topic though
gen_scheisskopf said:
Honestly I didn't check fastboot availability before removing SIM-lock. For sure it worked after removing the lock
Click to expand...
Click to collapse
Again thanks for this feedback, will add it to the first post soon...
gen_scheisskopf said:
I'm not sure but it's possible that it flashed a patched bootloader- some files were downloaded in order to make the unlock but I didn't investigate what's inside. Client software was "unpack when executed then clean up" exe.
Click to expand...
Click to collapse
O.k. it's not that important... i'd really like to know a little more about this low level stuff of the unlocking procedure on Xperia 2011, that's why i asked.
gen_scheisskopf said:
11W51 (December 2011?)
Click to expand...
Click to collapse
So s1tool would have worked as well...
gen_scheisskopf said:
For sure we can investigate tft files themselves (GB vs ICS). Maybe for repartitioning it would be enough to prepare and flash custom .sin images? Official update seems to work this way, it was reported to work also for Arc using ArcS files
EDIT:
Correction- loader.sin flashing is also required for partition layout modification- original topic
However loader.sin provided in the mod is the same file as the one found in ArcS's baseband 70 and 72
Click to expand...
Click to collapse
Great, thanks a lot for the link... i'll have a look what's up with it.
Regards,
scholbert
fuse register dump
Hey geeks,
still not giving up... i have a clue now
Just to remember...
I am looking for a way to identify "old" and "new" security chipsets on the Xperia 2011 series.
Few days ago i posted that i could not read the some parts of the internal
register space.
Seemed to be an issue with the tool i used (perhaps wrong flags) which caused system resets.
EDIT:
Updated second post http://forum.xda-developers.com/showpost.php?p=36264032&postcount=2
I'd really find some indication for security level...
If you need some explanation, please ask...
Cheers,
scholbert
My result: 0x00716d4b
Arc S 11w51, unlocked using Wotan server (tespoint method, most likely s1tool-like)
I'll check other registers tomorrow
scholbert said:
Please i need some help here...
At least dumping that register of:
one device successfully unlocked with s1tool
and
one from a device giving that packet error.
Would be very helpful to shed some light on this!
Please join in :victory:
If you need some explanation, please ask...
Cheers,
scholbert
Click to expand...
Click to collapse
Sadly, I have an Arc S 12W16 (edit: Sorry, I was mistaken: it was 12W14 and I'm unlocked via testpoint today), so S1 doesn't work AFAIK (and I read that people that can unlock with SETool doesn't touch any 12W16, so I didn't checked the unlock possibilities/prices). Anyway, I dunno if I did it right but, here's a screen: http://s1.postimage.org/wujbqrs5r/2013_01_25_14_50_41.png - looks like the result is 4b 6d 71 00
Amazing work, btw. I always asked to myself if there was a way to check the type of security (old X new).
Hi,
just to make it clear again... right now i'm still trying to sort things out, that's why i need little help :fingers-crossed:
gen_scheisskopf said:
My result: 0x00716d4b
Arc S 11w51, unlocked using Wotan server (tespoint method, most likely s1tool-like)
I'll check other registers tomorrow
Click to expand...
Click to collapse
Thanks!
So i guess we could definitely mark this as old security fuse setting.
The other values should be similar to the ones i already listed (apart form your unique serial of course).
panda0 said:
Sadly, I have an Arc S 12W16, so S1 doesn't work AFAIK (and I read that people that can unlock with SETool doesn't touch any 12W16, so I didn't checked the unlock possibilities/prices). Anyway, I dunno if I did it right but, here's a screen: http://s1.postimage.org/wujbqrs5r/2013_01_25_14_50_41.png - looks like the result is 4b 6d 71 00
Amazing work, btw. I always asked to myself if there was a way to check the type of security (old X new).
Click to expand...
Click to collapse
Thanks as well... looks O.K. for me. So this is the same value.
Did you try the testpoint method already?
If my assumption is correct, then you might be lucky and got old security as well. BTW, i don't want to be responsible for bricked devices
At least this was my intention to get a real indicator for old security and give a clear statement:
Yes, it's safe to try the testpoint method.
So maybe you just be a little patient...
Some words on the production date:
I found out that the sticker on the back gives the production date of your phone.
There's another one on the processor under the shield on the mainboard.
This one is more related to the series of processors used for your mainboard.
My device is marked as 12W11 (sticker under the battery), while the sticker on the processor states 11W44.
See the pic attached.
In other words, they produced an amount of mainboards back in 2011, but the phone itself got assembled in 2012.
Thanks a lot for helping out, i really appreciate this!
Regards,
scholbert
hi i have a arc s 12w28 i i tryed to execute the viewmem but got nothing
Code:
[email protected]:/data/local # ./viewmem 0xab60005c 0x4 | hexdump -C
sh: hexdump: not found
[INFO] Reading 4 bytes at 0xab60005c...
am i doing something wrong ??
scholbert said:
Hi,
just to make it clear again... right now i'm still trying to sort things out, that's why i need little help :fingers-crossed:
Click to expand...
Click to collapse
:fingers-crossed:
scholbert said:
Thanks as well... looks O.K. for me. So this is the same value.
Did you try the testpoint method already?
If my assumption is correct, then you might be lucky and got old security as well. BTW, i don't want to be responsible for bricked devices
Click to expand...
Click to collapse
Not yet. But if everything works as we're expecting, indeed, I might be a lucky one. I'll see this question ASAP to give some feedback.
Re: [REF]Booting/Unlocking Xperia 2011 series: What's under the hood?
danielgek said:
hi i have a arc s 12w28 i i tryed to execute the viewmem but got nothing
Code:
[email protected]:/data/local # ./viewmem 0xab60005c 0x4 | hexdump -C
sh: hexdump: not found
[INFO] Reading 4 bytes at 0xab60005c...
am i doing something wrong ??
Click to expand...
Click to collapse
Partly... the tool hexdump is used to get a formatted output for console.
You'll need at least a version of busybox with the hexdump feature installed.
Maybe your missing some symbolic links.
Try again with this command:
./viewmem 0xab60005c 0x4 | busybox hexdump -C
If the error persists, your version of busybox is missing that feature.
Would be very interesting to get your output though...
Good luck,
scholbert
scholbert said:
Partly... the tool hexdump is used to get a formatted output for console.
You'll need at least a version of busybox with the hexdump feature installed.
Maybe your missing some symbolic links.
Try again with this command:
./viewmem 0xab60005c 0x4 | busybox hexdump -C
If the error persists, your version of busybox is missing that feature.
Would be very interesting to get your output though...
Good luck,
scholbert
Click to expand...
Click to collapse
Code:
[email protected]:/data/local # ./viewmem 0xab60005c 0x4 | busybox hexdump -C
[INFO] Reading 4 bytes at 0xab60005c...
00000000 4b 6d 71 00 |Kmq.|
00000004
its an arc s 12w18 loked bootloader and sim loked
Re: [REF]Booting/Unlocking Xperia 2011 series: What's under the hood?
danielgek said:
Code:
[email protected]:/data/local # ./viewmem 0xab60005c 0x4 | busybox hexdump -C
[INFO] Reading 4 bytes at 0xab60005c...
00000000 4b 6d 71 00 |Kmq.|
00000004
its an arc s 12w18 loked bootloader and sim loked
Click to expand...
Click to collapse
Mmmh, still the same value... if we trust the statements about date code i would say that this should be new security...
but as i tried to point out already, this could not be taken for granted.
Anyway, locked or unlocked doesn't matter, because i'm looking for security bit in fuse registers.
Did you ever try testpoint method on your device?
Guess we need someone, who already tried the s1tool procedure and got the paket error with his device.
If this phone would give different value on FUSE0 register, it would prove that i'm on the right way.
Thanks for contributing!
Regards,
scholbert