Related
Hi I've been working on adding support for usb host support in backtrack 5 running on a chroot session.
The ultimate goal is to be able to use a usb wifi adapter for pentesting, as the interal wifi doesnt support layer-2 or packet injection.
i created the usb host cable,by jumping pin 4 to 5, and was able to power my device by splicing in DC power to the cable.
i'm having issues with busybox in the chroot session. i have ver 1.9 running on the android OS but it seems like there are missing modules in backtrack. NO LSUSB!! grr
i just cant get it to give me any output what so ever
#lsusb
#
. But i know the chroot session reads the host device (OTG). running dmesg (full output attached):
[ 3881.112070] max8997_muic_usb_cb: usb mode=3
[ 3881.112087] otg_power_cb: otg power = 1
--
[ 3881.114323] usb usb cable = 3
[ 3881.114348] usb Enable usb LDO.
[ 3881.114396] max8997-charger max8997-charger: max8997_disable_charging: disable charging
[ 3881.114536] usb check ldo vcc_d(192)
[ 3881.114704] usb check ldo vcc_a(192)
[ 3881.114889] otg_dbg: in s5pc110_otg_drv_probe()::00075
[ 3881.114900] => s3c_otg_drv_probe
[ 3881.115115] otg_host_phy_int : USBPHYCTL=0x1,PHYPWR=0xa40,PHYCLK=0x7,PHYTUNE=0x819b3,USBCFG=0x0
[ 3881.266334] s3c_otghcd s3c_otghcd: S3C OTGHCD
[ 3881.266406] s3c_otghcd s3c_otghcd: new USB bus registered, assigned bus number 2
[ 3881.266463] s3c_otghcd s3c_otghcd: irq 135, io mem 0x12480000
[ 3881.268360] max8922-charger max8922-charger: max8922_enable_charging: disable charging,TA
[ 3881.496575] hub 2-0:1.0: USB hub found
[ 3881.496598] hub 2-0:1.0: 1 port detected
[ 3881.496618] otg_dbg: in root_hub_feature()::00477
[ 3881.496625] => case SetPortFeature -USB_PORT_FEAT_POWER
[ 3881.497347] otg_dbg: in s5pc110_otg_drv_probe()::00175
[ 3881.497358] => OTG HCD Initialized HCD, bus=C110 OTG Controller, usbbus=2
[ 3881.498518] usb otg host : registered
[ 3881.498530] host_notify: ndev name=usb_otg: from state=0 -> to state=1
[ 3881.499742] usb change mode ret=0
--
[ 3883.372113] otg_dbg: in root_hub_feature()::00483
[ 3883.372126] => case SetPortFeature -USB_PORT_FEAT_RESET
[ 3883.432171] otg_dbg: in otg_handle_interrupt()::00087
[ 3883.432182] => Port Interrupt
[ 3883.432192] otg_dbg: in process_port_intr()::00271
[ 3883.432203] => port enable/disable changed
[ 3883.502695] usb 2-1: new high speed USB device using s3c_otghcd and address 2
[ 3883.522370] svn usbdev_open, skip usb_autoresume_device
[ 3883.522488] svn usbdev_open, skip usb_autosuspend_device
[ 3883.524055] hub 2-1:1.0: USB hub found
[ 3883.524407] hub 2-1:1.0: 4 ports detected
[ 3883.534375] max8922-charger max8922-charger: max8922_is_charging: charging state = 0x1
[ 3883.762482] usb 2-1.1: new high speed USB device using s3c_otghcd and address 3
[ 3883.784996] usb 2-1.1: device v0bda p8187 is not supported
[ 3883.785068] host_notify: ndev name=s3c_otghcd: from state=0 -> to state=5
[ 3883.805674] hub 2-1:1.0: unable to enumerate USB device on port 1
--
[ 3932.353319] usb_port_resume = 1283, 4
--
[ 5492.343091] usbsvn_request_resume:run time resume
[ 5492.343107] Host USB : Resume
[ 5492.422261] usb_port_resume = 1283, 4
[ 5492.422906] usb 1-2: svn L0 p.s=1
i have the driver for the device (alfa network ,AWUS036h) and it is supported in linux.
i was able to build the driver in the chroot session, but since it is an ARM distro, will the driver even work.
any help would be awesome.
Some success!
I finally got lsusb to recognize the devices. after many many recompilation of busybox,turns out it was a binding problem between the android and the chroot session.
i ran in terminal emulator: ($mnt = the chroot mount point)
#mkdir -p $mnt/dev/bus/usb
#mount -o bind /dev/bus/usb /$mnt/dev/bus/usb
and now in the chroot session:
[email protected]:/#lsusb
Bus 002 Device 002: ID 05e3:0608 Genesys Logic, inc USB-2.0 4-port HUB
Bus 002 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 001 Device 002: ID 1519:0020
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
as you can see i plugged in a usb hub to power the device, just to test.
i'm going to be working on compiling the driver.
hopefully beaple to use the aircrack suite soon on my phone.
Two cheers for you mate. Hope you bring in something soon.
Sent from my GT-I9100 using XDA Premium App
Driver
I'm trying to compile the RTL8187 driver for the ARM architecture . I've never done this sort of thing, so any advice on kernel modules would be greatly appreciated.
i'm using the ARM toolchain from :
http://www.codesourcery.com/sgpp/lite/arm/portal/[email protected]=lite
compiling with the i19100 kernel source compiled by XDA members (not the tar files from samsung).
If anyone has any experience with Cross compiling, any help would be awesome.
Holy crap i hope u get this running.
I would love to have bt4 on my phone
I hope u make a full how to guide once u r done
Great work
Boom! Awesome stuff
Zionator said:
Holy crap i hope u get this running.
I would love to have bt4 on my phone
I hope u make a full how to guide once u r done
Great work
Click to expand...
Click to collapse
bt5 is already avalible for i9100
http://forum.xda-developers.com/showthread.php?t=1162662
more good stuff
i've finally got the driver compiled for ARM without it spewing Piles of errors.
now i've actually got to test them.
2 modules:
ieee80211.ko
rtl8187.ko
these would either be loaded in android OS with "insmod" in the init.rc file, so it's loaded on boot. Or in the backtrack 5 chroot session.
now i've got LSUSB working and displaying Some connected devices, however devices such as usb keyboards and My Wifi card are not displayed (the Usb host port is displayyed though)
From the reading i've done i'm pretty sure this is due to a vendor permissions issue.
in a file simmilar to this:
/etc/udev/rules.d/50-android.rules
now i havnt been able to find this file on my phone. or simmilar.
this file allows the types of vendors allowed to connect.
an example command to be added:
Code:
SUBSYSTEM=="usb_device", SYSFS{idVendor}=="0bb4", MODE="0666", NAME=="android"
When i run lsusb on my ubuntu virtual machine, with the card plugged in i get:
Bus 002 Device 002: ID 0bda:8187 Realtek Semiconductor Corp. RTL8187 Wireless Adapter
so i'd have to add a line like this :
Code:
SUBSYSTEM=="usb_device", SYSFS{idVendor}=="0bda", MODE="0666", NAME=="Realtek"
so in short, If ANYBODY knows where a vendors permission file resides, please post something.
sweet thanks
HUGE!
O MAN i had no IDEA i'd get this far, i've never even used linux that much untill i got this phone!
so as it turns out the permission issue with pretty well ALL devices is very prevalent
you have to allow android OS to connect to specific vendors, i've tested it woth sevral keyboards.
the vendor codes can be found here
HTML:
http://developer.android.com/guide/developing/device.html
but here they are
Code:
Company USB Vendor ID
Acer 0502
ASUS 0b05
Dell 413c
Foxconn 0489
Garmin-Asus 091E
Google 18d1
HTC 0bb4
Huawei 12d1
K-Touch 24e3
KT Tech 2116
Kyocera 0482
Lenevo 17EF
LG 1004
Motorola 22b8
NEC 0409
Nook 2080
Nvidia 0955
OTGV 2257
Pantech 10A9
Philips 0471
PMC-Sierra 04da
Qualcomm 05c6
SK Telesys 1f53
Samsung 04e8
Sharp 04dd
Sony Ericsson 0fce
Toshiba 0930
ZTE 19D2
so an example of this.
i have a lenovo usb keyboard that i want to use.
so log in as root, create file /etc/udev/rules.d/51-android.rules, and add these line:
SUBSYSTEM=="usb_device", SYSFS{idVendor}=="17EF", MODE "0666", NAME=="lenovo"
so in bash:
Code:
su
mount -o remount,rw system /system
mkdir -p /etc/udev/rules.d/
cd /etc/udev/rules.d/
echo SUBSYSTEM=="usb_device", SYSFS{idVendor}=="17EF", MODE "0666", NAME=="lenovo" > 51-android.rules
THIS can be applied to any usb device, so far as i;ve tested. if you cant find the vendor codes in the table, you can get them by plugging the device into a linux box and running lsusb and it's the first set of digits so
bus ### dev ###: ID <this one>:blah "some company"
i'll put together a full tutorial up since NO ONE HAS PUT ONE UP AS FAR AS I"VE SEEN. this would add support for pretty well android devices with OTG host mode!!
Any news on this ?
So ****tiest week ever
my galaxy s2 stopped working, put it in to charge and it wont turn on. no lights no nothing.
i've tried a usb jig.
no dice.
i phoned samsung to get it repaired to replaced.
i sent it in a week ago and i just got it Rushed back from them saying that since it's not a canadian phone; they cant service it.
turns out it was bought in chile.
i have a 700$ paperweight. isnt that awesome
JDouce said he managed to compile a driver successfully
Damn, that's worst news I heard all day. Any ideas how it happened?
Sorry to hear that ... there must be a way to fix your phone without sending it to Chile
Td8f4, huge thanks for posting your findings.
I compiled kernel modules for my ralink3070, which is the . I even had them loaded with insmod. But it didn't work. dmesg says "this device is not supported".
Any news on this, is this manual written some place?
I tried writing this udev rule, but with no effect so far. I am also running on Galaxy S2, with Lite'ning ROM 6.1 (Android 2.3.4, Kernel 2.6.35-11 ninphetamine 2.0.5+).
Edit: I did not see page 2 of this thread... sorry for your phone Td8f4... but then trying to get the warranty when you re-flashed it... and overclocked it, you have little chances. Good luck anyway.
If anyone get the USB device to actually appear in lsusb, give me a sign, I only get flashdrives and hubs to appear, a serial2usb won't.
I now figured out that the problem was due to CONFIG_SEC_WHITELIST and driver/usb/core/sec_whitelist.h One or the other has to be modified, both have been tested to be working. With the default falues, devices other than a few defined one (HID, cameras, mass storage, hub) won't be connected at all and will not appear in lsusb or dmesg.
The next step once they appear in lsusb and dmesg with a line "usb 2-1: device v0403 p6001 is not supported" is to find which driver is needed and either compile it within the kernel, or compile it as a module and insmod it manually. You have succeeded that step when you get a new line in dmesg from your device driver.
The next step again is to find an application using the driven device (I am at that step now, for a usbserial device)
Hi,
I am currently trying to get the usbserial-module working on Siyah-kernel.
In fact, usbserial and ftdi_sio both load (the same device works fine with those modules on a desktop. Yes, I have compiled them for ARM agains Siyah-Kernel and not just copied them from desktop ;-) ), but s3c_otghcd 'snatches' away the device before I can get a hold of it.
Have a look at my post here:
http://forum.xda-developers.com/showpost.php?p=18299539&postcount=3712
If you can give me any further leads (should "CONFIG_SEC_WHITELIST=n" be enough, and does it break other things, like mouse / hub support?), that would be very much appreciated .
EDIT: Got it working with an external DIGITIZER, I can now watch analog signals with 5 GS/s on my phone... oscilloscope to go!
So "CONFIG_SEC_WHITELIST=n" breaks nothing (thumbdrives still work), but enables a whole world of possibilities.
EDIT2: A nice picture can be seen here:
http://forum.xda-developers.com/showpost.php?p=18328481&postcount=4032
watching this thread with great interest, if the OP has a donate link to go towards a new phone i'm sure plenty of people might contribute
Td8f4 said:
So ****tiest week ever
my galaxy s2 stopped working, put it in to charge and it wont turn on. no lights no nothing.
i've tried a usb jig.
no dice.
i phoned samsung to get it repaired to replaced.
i sent it in a week ago and i just got it Rushed back from them saying that since it's not a canadian phone; they cant service it.
turns out it was bought in chile.
i have a 700$ paperweight. isnt that awesome
JDouce said he managed to compile a driver successfully
Click to expand...
Click to collapse
Depending on how far you want to go to repair it, you can always unbrick your phone. Search for Jtag repair. You can reflash through the built in testing ports.
some new?? galaxy S2 LIVE???
Hi Guys,
I've been researching about this topic now for quite a while, but i am still not certain, whether if the eMMC of my DZ is fried..
Story is as follows:
Just rooted my newly bought DZ (lost my old one )using downgrade, then gfree, everything went fine so far.
After that i went to recovery, flashed virtuous affinity and rebooted. I gave it time to boot, but it got stuck on the "loading initial setup" screen (waited patiently about 20 mins or so). I thought it would be no big deal to pull the battery and let it boot again (Did this with my previous DZ numerous times and all was fine)
On second boot nothing happened, so i checked recovery and saw that the /data and /cache were obviously corrupt. Formatting was not possible by any means, neither by the tools in recovery, nor through flashing superwipe.
I can confirm that my eMMC is one of those possible faulty M4G2DE, see: http://forum.xda-developers.com/showthread.php?t=1039504&highlight=can+t+format&page=3
But it is mentioned in the thread, that it could be either a faulty chip or a defective partition table, which should be possible to rebuild either with a RUU or by adb shell:
Code:
mke2fs -t -ext3 /dev/block/mmcblk0p27
It was also mentioned to check whether
Code:
cat /proc/kmsg | grep mmc0
would say anything about an initialization error, which is not the case for me:
Code:
cat /proc/kmsg | grep mmc0
<3>[ 7.565124] mmc0: No card detect facilities available
<6>[ 7.565765] mmc0: Qualcomm MSM SDCC at 0x00000000a0500000 irq 98,0 dma 7
<6>[ 7.565917] mmc0: Platform slot type: MMC
<6>[ 7.566162] mmc0: 4 bit data mode disabled
<6>[ 7.566284] mmc0: 8 bit data mode enabled
<6>[ 7.566528] mmc0: MMC clock 144000 -> 50000000 Hz, PCLK 96000000 Hz
<6>[ 7.566680] mmc0: Slot eject status = 0
<6>[ 7.566802] mmc0: Power save feature enable = 1
<6>[ 7.567077] mmc0: DM non-cached buffer at ffa0c000, dma_addr 0x2a924000
<6>[ 7.567199] mmc0: DM cmd busaddr 0x2a924000, cmdptr busaddr 0x2a924300
<6>[ 7.723022] mmc0: new high speed MMC card at address 0001
<6>[ 7.724884] mmcblk0: mmc0:0001 M4G2DE 2.10 GiB
I know, from this point, being unable to do a RUU, nor flash a PC10IMG.zio via fastboot, nor recreate partitions in any other way, would suggest that the eMMC is fried and i should see that i send it in for repair.
BUT
I came across this:
http://tjworld.net/wiki/Android/HTC/Vision/EmmcPartitioning
Basically he is saying, that the hboot is trying to create an extended partition on the end of the blocks, if unallocated blocks are still available this should do no harm. But if the disk is fully partitioned, it simply overflows and creates the partittion at the beginning of the disk. According to that, this causes the usual tools to be unable to reformat the disk, because they get stuck in the same overflow.
He mentions a way to fix this, by unallocating the last partition, but i am not sure how this could be done.
Can the hboot be the problem? The new DZ runs eng hboot 84.2000, on my old one i used to have the normal pvt ship (see sig)
Maybe some of you would like to help me think
And maybe we can find a solution for some of the fried eMMC's
Hi Xadro
unfortunatly i have currently exactly the same problem. I can't manage to format the system partition (mmcblk0p25) and the cache partition (mmcblk0p27).
Do got any solution for it?
Thx in advance
Chris
Small update:
I managed to format each in 4EXT with tools formating to use ext3. Now my info is showing me the attatched screeni. Before that he crashed everytime when I opend that view and system and cache was ext4 but also without size values.
Kind of an awkward way of thinking, but... I see that you have a 32GB Sd Card.
Could that have any link to your problem?
Mhh dont know. Shouldn't as i never had problems before.
My target was to use Android Revolution HD 7.0.2 and I may should add the whole story in short form:
followed http://forum.xda-developers.com/showthread.php?t=1178912 to do a downgrade -> worked perfectly
followed the rest of http://forum.xda-developers.com/wiki/HTC_Vision#Rooting_the_Vision_.28G2.2FDZ.29_and_DHD to gain perm root until step 7. -> worked perfectly
used http://forum.xda-developers.com/showthread.php?t=1493404 to gain a new rom
it was written to use 4EXT -> so installed what worked and also the info was displaying the correct sizes
applied ZIP and restarted -> waited 30min but only boot animation was displayed and after some time it restarted -> boot loop
applied the ZIP again -> same result
found in http://forum.xda-developers.com/showthread.php?t=840040 to load SuperWipe...what i did and it reformated worked with out error
applied ZIP again
didn't started anymore -> stucked there
During all the restartings it can be that i may interrupt some important "reallocating" of partitions...but not sure.
But I can try replace the SD with the original one. But not thinking that it is a problem, cause it is normal accessable :/
Any way big thanks for trying to help me!
try a fastboot wipe, cleaner than even your best superwipe - then when you pick a rom to flash pick an old tried and true like the stable cm7 or miui.us
Hi,
unfortunatly that didn't worked
if I start "fastboot erase system -w" (i think you ment that) he just writing "erasing 'system'..." and just stops there. my phone is displaying the whole time the fastboot white screen, but i can't do anything there anymore (vol up/down...). I waitet 2h...only could remove battery
I realy appresiate any other recommendation :/
Update:
Also this hangs:
Code:
./fastboot -w
erasing 'userdata'...
ERROR: usb_read failed with status e00002ed
FAILED (status read failed (No such file or directory))
finished. total time: 3627.265s
Phone needs to be in flashboot usb, and when you open cmd on your comp you need to open it to where you have fastboot stored or change directories to it. Or you can add it to your variables and open it anywhere.
Sent from my HTC Desire Z using xda premium
Sorry for answering a bit late, but was in weekend holidays
Of course i did it in the fastboot folder and my phone was in fastboot usb (red blinking on phone screen). Otherwise i would get "<waiting for device>". Just got that error message posted above. Any ideas left? Otherwise it seams to be a broken eMMC
So when conected phone displayedfastboot usb in red? If so when you typed fastboot devices did it display one?
Sent from my T-Mobile G2 using xda premium
Yepp, it does show serial and "recovery".
And if you try to flash the hboot/spl now what happens?
Sent from my T-Mobile G2 using xda premium
Hi again,
I tried to flash the hboot while in fastboot with following message:
Code:
C:\android-sdk-windows\platform-tools\rom_26>fastboot flash hboot hboot_7230_Vision_HEP_0.85.0005_101011.nb0
sending 'hboot' (1024 KB)...
OKAY [ 0.183s]
writing 'hboot'...
FAILED (remote: image update error)
finished. total time: 2.904s
Also tried to do it with "dd" what seem to work but as soon as i restart the phone it still says it is in an "VISION PVT ENG S-OFF" while i was flashing a non-ENG hboot...and the version also not matching "HBOOT-0.84.2000" while flashing 0.85.0005
I also tried to put a newer (2.42.405.2) PC10IMG.zip from RUU on SD Card but it fails with message "BOOTLOADER - Fail-PU" and "Partition update fail! Update Fail!"
I realy think the eMMC got bricked...If you do not have any advices anymore i will look for a replacement from somewhere.
I still searched around and found that post: http://forum.xda-developers.com/showthread.php?t=1039504&page=6#post14645519
Its exactly my situation with same outputs and also the "bad" eMMC. I will try to send it in. Reading all that i have to admit that i already had before trying rooting it, i couldn't do a normal restart (just had a black screen after splash screen). It must have been connected to USB to be able to do a restart. So I think i didn't done anything wrong...just have a hardware issue
Sorry for not answering you chrisdeath, was busy with other stuff lately, so i hadn't had the time to stop by here. Have you been sending in your phone already? Telling from the stuff you wrote earlier, it is very likely a fried emmc. There is a way to confirm this, using two shells. With one shell, you need to display the log using
Cat /proc/kmsg ¦ grep emmc0
With the other shell, try to do any kind of write access (e.g. format partition or dd anywhere)
If there are any errors in the log referring to the write fail, your chip is bricked.
It will probably get fixed free of charge, even if the phone is rooted, others have told me that they got it new without payment. If your new one has the same chip, you should if by any means possible, never pull the battery during operation, as this seems to be the main cause for bricking the chip.
Sent from my HTC Vision using XDA
Hello all,
I hope anyone can assist with this problem I'm having with my nexus 10. I have looked in the forum but could not find anyone with similar issue.
My device
Nexus 10 running KitKat 4.4.2 build KOT49H
Problem
When I'm charging my device using the pogo cable, if I turn the device to sleep (pressing the power button once), leaving it in sleep mode anywhere from 5 seconds to 1 minute, it sometimes doesn't want to turn on. The problem happens randomly not all the time. At times, I can just unplugged the pogo cable and it would immediately turn on. Other times, the device would restart by itself or I would have to long press the power button until it restarts itself.
I also noticed that if I turn on the "Screen lock sound" under "Sound", at random times it would make a humming noise before it restarts itself and the screen would flicker.
What I have tried
1) If I use the micro usb cable, this works fine. No crashes/restart/weird humming noise i.e. works normally when I charge with the micro usb
2) Flash the roms from 4.2.2 to the latest version 4.4.2 via Factory Images for Nexus Devices page on Google Developers. All versions have this issue except for maybe 4.3 (tried to do the sleep / wake up tests a few times it works fine).
3) I cannot figure out how to give the log output just before the device restarts itself. The log would reset itself (I'm using ADT). Maybe someone can shed some light on how to do this.
Is my pogo cable damage? To be honest I haven't noticed this issue until about a month ago. Hope anyone can help me out with this. Thanks!
mnemonics said:
Hello all,
I hope anyone can assist with this problem I'm having with my nexus 10. I have looked in the forum but could not find anyone with similar issue.
My device
Nexus 10 running KitKat 4.4.2 build KOT49H
Problem
When I'm charging my device using the pogo cable, if I turn the device to sleep (pressing the power button once), leaving it in sleep mode anywhere from 5 seconds to 1 minute, it sometimes doesn't want to turn on. The problem happens randomly not all the time. At times, I can just unplugged the pogo cable and it would immediately turn on. Other times, the device would restart by itself or I would have to long press the power button until it restarts itself.
I also noticed that if I turn on the "Screen lock sound" under "Sound", at random times it would make a humming noise before it restarts itself and the screen would flicker.
What I have tried
1) If I use the micro usb cable, this works fine. No crashes/restart/weird humming noise i.e. works normally when I charge with the micro usb
2) Flash the roms from 4.2.2 to the latest version 4.4.2 via Factory Images for Nexus Devices page on Google Developers. All versions have this issue except for maybe 4.3 (tried to do the sleep / wake up tests a few times it works fine).
3) I cannot figure out how to give the log output just before the device restarts itself. The log would reset itself (I'm using ADT). Maybe someone can shed some light on how to do this.
Is my pogo cable damage? To be honest I haven't noticed this issue until about a month ago. Hope anyone can help me out with this. Thanks!
Click to expand...
Click to collapse
After it will not turn on for you, let it do its thing, than once you get it to turn on, power it off and let it boot back into rom, once there run
This from command prompt.. on your PC
Code:
adb shell cat /proc/last_kmsg > kmsg.txt
and that will write it to your current working directory on your PC
Post this so I can take a look
THx Josh
lj50036 said:
After it will not turn on for you, let it do its thing, than once you get it to turn on, power it off and let it boot back into rom, once there run
This from command prompt.. on your PC
Code:
adb shell cat /proc/last_kmsg > kmsg.txt
and that will write it to your current working directory on your PC
Post this so I can take a look
THx Josh
Click to expand...
Click to collapse
EDIT: Does my device need to be rooted to do this?
Attached are the files. Interestingly the last_kmesg file has this:
[ 144.113910] Kernel panic - not syncing: Watchdog detected hard LOCKUP on cpu 0
[ 144.114092] Backtrace:
[ 144.114295] [<c0012bf8>] (dump_backtrace+0x0/0x10c) from [<c062f240>] (dump_stack+0x18/0x1c)
[ 144.114392] r6:de85c000 r5:c0868f80 r4:c08db980 r3:00000001
[ 144.114844] [<c062f228>] (dump_stack+0x0/0x1c) from [<c062f388>] (panic+0x90/0x1e0)
[ 144.115019] [<c062f2f8>] (panic+0x0/0x1e0) from [<c00a1044>] (watchdog_timer_fn+0x2bc/0x304)
[ 144.115115] r3:00000001 r2:01266000 r1:00000000 r0:c076d558
[ 144.115608] r7:c0868f80
[ 144.115792] [<c00a0d88>] (watchdog_timer_fn+0x0/0x304) from [<c0057008>] (__run_hrtimer+0x70/0x23c)
[ 144.115962] [<c0056f98>] (__run_hrtimer+0x0/0x23c) from [<c0057ff0>] (hrtimer_interrupt+0x128/0x2c4)
[ 144.116140] [<c0057ec8>] (hrtimer_interrupt+0x0/0x2c4) from [<c0023b90>] (exynos4_mct_tick_isr+0x48/0x68)
[ 144.116316] [<c0023b48>] (exynos4_mct_tick_isr+0x0/0x68) from [<c00a1c68>] (handle_irq_event_percpu+0x64/0x2b0)
[ 144.116481] r5:c084d510 r4:c0879d80
[ 144.116747] [<c00a1c04>] (handle_irq_event_percpu+0x0/0x2b0) from [<c00a1ef8>] (handle_irq_event+0x44/0x64)
[ 144.116920] [<c00a1eb4>] (handle_irq_event+0x0/0x64) from [<c00a4920>] (handle_fasteoi_irq+0xa0/0x160)
[ 144.117085] r6:de85c000 r5:c084d510 r4:c084d4c0 r3:00000000
[ 144.117527] [<c00a4880>] (handle_fasteoi_irq+0x0/0x160) from [<c00a1568>] (generic_handle_irq+0x2c/0x40)
[ 144.117692] r5:c08432a4 r4:c0868f80
[ 144.117965] [<c00a153c>] (generic_handle_irq+0x0/0x40) from [<c000f7f4>] (handle_IRQ+0x54/0xb8)
[ 144.118135] [<c000f7a0>] (handle_IRQ+0x0/0xb8) from [<c0008520>] (gic_handle_irq+0x2c/0x60)
[ 144.118295] r8:00000001 r7:de85dedc r6:de85dea8 r5:c0868460 r4:f8810000
[ 144.118718] r3:c0075f5c
[ 144.118977] [<c00084f4>] (gic_handle_irq+0x0/0x60) from [<c000eb00>] (__irq_svc+0x40/0x70)
[ 144.119072] Exception stack(0xde85dea8 to 0xde85def0)
[ 144.119242] dea0: 3b9ac9ff 534afc23 00c4a919 000312a4 c1aaf370 00000000
[ 144.119343] dec0: c1aaf370 c041afe0 00000001 c0878aa8 c0992fb4 de85df14 534afc23 de85def0
[ 144.119511] dee0: c0075f5c c0022cd0 200e0013 ffffffff
[ 144.119672] r6:ffffffff r5:200e0013 r4:c0022cd0 r3:c0075f5c
[ 144.120108] [<c0022c9c>] (exynos_enter_idle+0x0/0x68) from [<c041affc>] (cpuidle_enter+0x1c/0x20)
[ 144.120272] r5:00000021 r4:8d5446a1
[ 144.120537] [<c041afe0>] (cpuidle_enter+0x0/0x20) from [<c041b708>] (cpuidle_wrap_enter+0x3c/0x9c)
[ 144.120705] [<c041b6cc>] (cpuidle_wrap_enter+0x0/0x9c) from [<c041b018>] (cpuidle_enter_tk+0x18/0x1c)
[ 144.120868] r7:c08c6c90 r6:c1aaf370 r5:00000000 r4:c1aaf370
[ 144.121301] [<c041b000>] (cpuidle_enter_tk+0x0/0x1c) from [<c041b280>] (cpuidle_enter_state+0x1c/0x78)
[ 144.121473] [<c041b264>] (cpuidle_enter_state+0x0/0x78) from [<c041b3bc>] (cpuidle_idle_call+0xe0/0x31c)
[ 144.121638] r6:de85c000 r5:00000000 r4:c1aaf370 r3:0000004c
[ 144.122080] [<c041b2dc>] (cpuidle_idle_call+0x0/0x31c) from [<c000fe5c>] (cpu_idle+0xa4/0x10c)
[ 144.122257] [<c000fdb8>] (cpu_idle+0x0/0x10c) from [<c062c454>] (secondary_start_kernel+0x124/0x144)
[ 144.122430] [<c062c330>] (secondary_start_kernel+0x0/0x144) from [<4062be14>] (0x4062be14)
[ 144.122592] r5:00000015 r4:5e84806a
[ 144.122858] CPU0: stopping
[ 144.122947] Backtrace:
[ 144.123191] [<c0012bf8>] (dump_backtrace+0x0/0x10c) from [<c062f240>] (dump_stack+0x18/0x1c)
[ 144.123282] r6:c0868f80 r5:c0868460 r4:00000000 r3:c088d4ac
[ 144.123693] [<c062f228>] (dump_stack+0x0/0x1c) from [<c0015454>] (handle_IPI+0x190/0x1c4)
[ 144.123852] [<c00152c4>] (handle_IPI+0x0/0x1c4) from [<c000854c>] (gic_handle_irq+0x58/0x60)
[ 144.123948] [<c00084f4>] (gic_handle_irq+0x0/0x60) from [<c000ecc0>] (__irq_usr+0x40/0x60)
[ 144.124100] Exception stack(0xdd119fb0 to 0xdd119ff8)
[ 144.124186] 9fa0: 75f286b0 00000022 6d627f70 00000007
[ 144.124341] 9fc0: 6e59b164 6d4858a0 4151b408 000010f8 41539cc0 41979458 6d48588c 419a9bc8
[ 144.124499] 9fe0: 000000f8 be93b638 00000000 4153dae4 200b0010 ffffffff
[ 144.124585] r6:ffffffff r5:200b0010 r4:4153dae4 r3:75f286b0
[ 144.125053] CPU1 DBGPCSR: ffffffff
[ 144.125139] CPU1 PC: <fffffffa> 0xfffffffa
[ 144.125288] Rebooting in 5 seconds..
[ 149.115359] Restarting Linux version 3.4.39-g5b5c8df ([email protected]) (gcc version 4.7 (GCC) ) #1 SMP PREEMPT Wed Nov 20 15:12:05 PST 2013
[ 149.115370]
No errors detected
Last reset was software reset (RST_STAT=0x20000000)
Click to expand...
Click to collapse
mnemonics said:
EDIT: Does my device need to be rooted to do this?
Attached are the files. Interestingly the last_kmesg file has this:
Click to expand...
Click to collapse
Anyone?
There is an updated thread now for rooting the AFTV2 that supports both 5.0.3.1 and 5.0.4 and maybe others in the future, see http://forum.xda-developers.com/fire-tv/general/root-amazon-fire-tv-2-updated-t3277556. The new method is simpler than this method and requires less to download and less steps to run.
To be safe run checkver.py every time you handshake since 5.0.4 is starting to roll out! Checkout the 5.0.3.1 tag in order to use this older method.
If you were able to root your AFTV2 we'd appropriate if you report your success on the poll located here.
NOTE: Root was obtained a few weeks ago so... this procedure is not the most time efficient, but it is just a few simple steps that anyone with a technical background can follow. There are ideas and some work in progress to make it easier. It depends also on serial port stability, which is somewhat random luck. Linux experience will be beneficial. The usual disclaimers apply, which means this rooting procedure comes with some risks and the scripts involved haven't been tested in all environments. Any harm that may come from rooting your device using this procedure is at your own risk and I assume no responsibility for any damage it may cause. I will do my best to help you get through it and recover if possible.
Root the Device
It's taken quite a bit of effort, but I've finally managed to create a pre-rooted system image (as well as backup the original) and provide a semi-efficient way to flash the rooted system image. Before attempting any of the steps listed below YOU MUST BE RUNNING 5.0.3.1. You should also have a unmodified/pristine system partition. You would probably know if you had any modifications and at this point that would be uncommon. If the patching fails for some reason just power off the device, reboot your computer (resets the serial port buffer), start the handshake script, then turn on the device. Once the handshake completes run the patching command again. There is no harm running the patching command two or more times. If it keeps hanging try a different computer.
To get started you will need a system that meets the following requirements:
Linux (Mac OS X or Windows w/ changes)
Python 3.x
PySerial
sudo yum install python3-pyserial # Fedora or RedHat
sudo apt-get install python3-serial # Ubuntu or Debian
USB Male A to Male A cable
R/W access to /dev/ttyACM0 (or use sudo)
ADB USB access (optional, but helpful)
Stop ModemManager (if you have it setup, which blocks handshaking)
Now run the following sequence of commands:
Code:
git clone --branch 5.0.3.1 https://gitlab.com/zeroepoch/aftv2-tools.git
cd aftv2-tools
wget http://download.zeroepoch.com/aftv2/5.0.3.1/system.root.img.gz
wget http://download.zeroepoch.com/aftv2/5.0.3.1/system.diff.gz
gunzip system.root.img.gz
gunzip system.diff.gz
adb reboot ; ./handshake.py # or restart but run ./handshake.py first
./checkver.py # STOP if it reports NO!
./patch_mmc.hs 0x00000000058e0000 system.root.img system.diff # takes ~2 hours
# last address is 0x50dce600
For Macs (see post #115, thanks @ians325) to satisfy the requirements above you will need to install python 3.5.0 for Mac OS X from python.org then run "sudo pip3 install pyserial" to install pyserial. Instead of "wget $URL" use "curl -O $URL".
Windows is working now, but it's constantly improving to make it easier for novice users. The bash script has been ported to a batch file (no cygwin needed) and the serial port has some auto-detection built in now. The files needed for Windows have already been added to the repo but the README is constantly evolving. @ImCoKeMaN (big thanks) and myself are working to improve the process and make it easier for Windows users.
Anyone interested in rooting using an Ubuntu VM should watch the YouTube video by @ultimate_spy_binns, https://www.youtube.com/watch?v=CZQqLoO6ojM. There is also a script to help automate the process if you are doing this on an Ubuntu live CD/USB found here (by @BagiMT).
To test that root is working you should first connect to adb shell and then run the command "su". You will need to accept a prompt on the screen (HDMI port) at least once. The shell should change from a dollar-sign ($) prompt to a hash (#) prompt.
If you would like to disable updates after rooting you can use the following commands:
Code:
adb shell
su
pm disable com.amazon.device.software.ota
To go back to stock in case you want to update or for whatever other reason:
Code:
wget http://download.zeroepoch.com/aftv2/5.0.3.1/system.orig.img.gz
gunzip system.orig.img.gz
adb push system.orig.img /data/local/tmp
adb shell
su
pm enable com.amazon.device.software.ota
dd if=/data/local/tmp/system.orig.img of=/dev/block/platform/mtk-msdc.0/by-name/system bs=1m
sync
reboot
I don't always have the best luck transferring large files over ADB so another option is to copy the uncompressed image file to a microSD card and changing the path to /storage/sdcard1/system.orig.img. Be extremely careful that you have the right path, that the file you are reading exists, and that the file is around 1.2 GB in size. Otherwise you may potentially trash your system.
Background Info
This root method works by rebooting the device and halting the boot process at the MediaTek preloader. Once halted at the preloader we can use the preloader binary API to send a series of MMC commands to the flash chip which allows 512 byte blocks to be read and written using a simple FIFO. Since we have both the original and modified system images we can generate a list of blocks that are different between the two images and only patch those blocks. This means we need to write less than 10 MB instead of 1.2 GB. If we had to send the entire system image at the speeds the preloader is limited to it would take about 2 weeks. If for some reason the system partition becomes unbootable that would be your only option to recover right now. By sending just the differences the patching only takes about 2 hours. There are ways to speed this up (about 5-10 minutes instead), but you'd need to obtain limited root access first using a much much more complicated procedure. I choose to provide instead a slower but much simpler series of commands.
The MT preloader is a process that runs before the regular bootloader (lk/fastboot) and of course before the kernel boots. It only shows up for about 3 seconds. Unfortunately the preloader is writable and could potentially be updated. The entire boot chain is cryptographically signed from what I've been able to inspect including the preloader. An unlocked bootloader would most likely be needed to flash a custom kernel (no kexec built-in of course, but modules/device drivers can be loaded) and create ROMs not based on stock. @rbox has been working on getting kexec working as a module but no ETA yet. So in conclusion the tools here allow you to modify the flash contents and using these facilities we have add SuperSU binaries to the system partition.
Anyone interested in how root was obtained should look at the history starting with this post. You should also read the README file from the aftv2-tools git repo. Also feel free to PM me if you have any questions.
Tips
If you want to disable the pop-up message when becoming root you can change notify=1 to notify=0 in /data/data/eu.chainfire.supersu/files/supersu.cfg. You need to reboot the device after making this change. It's also suggested to make the file read-only because it seems to get reset sometimes. (Thanks @ultimate_spy_binns)
Special Thanks
@qwertytical
@budokaiboy
great news
i never powered on my unit - awaiting root
can we have a 5.0.3.1 image to safely flash before root
otherwise the system might update to different version
now that rooting is out
amazon might be quick ...
reiteravi said:
great news
i never powered on my unit - awaiting root
can we have a 5.0.3.1 image to safely flash before root
otherwise the system might update to different version
now that rooting is out
amazon might be quick ...
Click to expand...
Click to collapse
Yeah, mine pre-ordered one is still in a box so I'd need to update it too. I guess I can do that tonight before a new version comes out.
reiteravi said:
great news
i never powered on my unit - awaiting root
can we have a 5.0.3.1 image to safely flash before root
otherwise the system might update to different version
now that rooting is out
amazon might be quick ...
Click to expand...
Click to collapse
Unfortunately you will need to do a normal update first before patching the system partition. It just takes too long to flash a full system image, original or modified, using the methods we have available to us now. Also the boot partition and other partitions are updated with each OTA. I hope we can continue to provide rooted versions of updated system images, but as you know there is no guarantee of that. I'd update now before there is any new updates and then root it. We could in theory root the older versions as well and even before first boot, but without the OTA updates and applying them in reverse I can't go back and patch the older releases. I strongly think the method used to write the system partition can not be fixed since I believe the preloader code is in a ROM.
Mac Update
A few notes for Mac users willing to experiment a little:
I installed python 3.5.0 for Mac OS X from python.org and then ran "sudo pip3 install pyserial" to install pyserial for python 3.x. The final change I needed to make was to change PORT in handshake.py and read_mmc.py/write_mmc.py (only tested reading the boot partition, but everything else should work). In my case the PORT was /dev/cu.usbmodem1430. The device filename seems to be based on the USB port it's connected to. I'm not sure if there is an easier way to find the device filename besides scanning /dev and looking for new devices matching a given pattern. Maybe others on this forum have some better ideas. The final caveat was I need to unplug and replug the USB cable after the handshake completed otherwise the read_mmc.py script would hang on the first read.
I succeeded in rooting mine! For comparison purposes, here's the md5sums of my partitions:
Code:
0e450c032ddce170667ba3ddc26cb960 DKB
a3ad800f012a153953b403ef1fa36e14 EXPDB
d693da95eb68b40e4315333bcf74918b KB
50f24ce4c7ac388b33310bff6f79636a LOGO
59071590099d21dd439896592338bf95 MISC
f9b5ef697fde92c42bbbec35e5a6cad4 PRO_INFO
8a9d058f87711c2e8ccc698647f5026b TEE1
eda2733e1d0214873d9cb9d78c68425f TEE2
97a2ccdb7a02838b26b9a57e4f31d51d boot
fbd20aa58cd63c07392080cad7627e18 lk
74f0bac463bae8141acf20594987a559 recovery
a06c3d6a8c73923ed5c38b479c4410d3 system
So my DKB, KB, and system partitions are different from yours.
NaturalBornHaxor said:
I succeeded in rooting mine! For comparison purposes, here's the md5sums of my partitions:
Code:
0e450c032ddce170667ba3ddc26cb960 DKB
a3ad800f012a153953b403ef1fa36e14 EXPDB
d693da95eb68b40e4315333bcf74918b KB
50f24ce4c7ac388b33310bff6f79636a LOGO
59071590099d21dd439896592338bf95 MISC
f9b5ef697fde92c42bbbec35e5a6cad4 PRO_INFO
8a9d058f87711c2e8ccc698647f5026b TEE1
eda2733e1d0214873d9cb9d78c68425f TEE2
97a2ccdb7a02838b26b9a57e4f31d51d boot
fbd20aa58cd63c07392080cad7627e18 lk
74f0bac463bae8141acf20594987a559 recovery
a06c3d6a8c73923ed5c38b479c4410d3 system
So my DKB, KB, and system partitions are different from yours.
Click to expand...
Click to collapse
That is awesome news! The first confirmed case I've heard of someone else repeating my success
About the DKB and KB partitions being different it makes me wonder what those partitions are for? I didn't include cache and userdata in the MD5SUM of course, which you noticed, because those change all the time. NVRAM when I looked inside appeared to have a few things that looked to be device specific. The system partition being different is actually expected because I found every time I rebooted my system partition changed checksums. Also that is the MD5SUM of the unmodified system partition. I noticed this weird MD5SUM behavior when I was first gaining root and doing some sanity checks. It happens right after daemonsu is started. My best guess is that the SuperSU tools mount the system r/w quickly and that causes the last mounted timestamp to change. Don't know for sure what causes it, but don't worry that's not unexpected. The main reason I kept those hashes in the repo was so when the next version comes out I know which partitions were changed and need to be updated by users who wish to maintain root.
------------------SOLVED-----------------
Please read on if you have problems with handshake script looping forever...
-----------------------------------------------
Hi zeroepoch,
meanwhile I received my Fire TV 2 and tried your scripts but unfortunately without success.
As far as I can see, there are 2 problems:
- The /dev/ttyACM0 device appears on rebooting the Fire TV, but only for some 100th of a second, then it disconnects again.
- If I give it another try, the device will appear as /dev/ttyACM1, next time /dev/ttyACM2, aso.. So I either have to update the handshake script for every try or reboot my computer (then it starts with /dev/ttyACM0 again).
When I first tried it, the handshake-script ran forever, it just missed the short time of availability of /dev/ttyACM0. So I reduced the sleep-timeout in the script from 0.25 to 0.001. Now the handshake script detects the serial device but runs into an I/O Error during one of the next steps (each time different, seems to be a "race condition").
Can you offer any advice? Could my Laptop be too slow somehow or is there some trick to make the Fire TV keep the port open for a longer time?
Greetings, Christian
Code:
shell:
[email protected]:~/aftv2-tools# adb reboot ; ./handshake.py
* daemon not running. starting it now on port 5037 *
* daemon started successfully *
Traceback (most recent call last):
File "./handshake.py", line 17, in <module>
dev = serial.Serial(PORT, BAUD)
File "/usr/lib/python3/dist-packages/serial/serialutil.py", line 261, in __init__
self.open()
File "/usr/lib/python3/dist-packages/serial/serialposix.py", line 282, in open
self._reconfigurePort()
File "/usr/lib/python3/dist-packages/serial/serialposix.py", line 413, in _reconfigurePor t
termios.tcsetattr(self.fd, TERMIOS.TCSANOW, [iflag, oflag, cflag, lflag, ispeed, ospeed , cc])
termios.error: (5, 'Input/output error')
Code:
/var/log/syslog;
Nov 11 11:25:41 DeepThought systemd[1111]: Reached target Default.
Nov 11 11:25:41 DeepThought systemd[1111]: Startup finished in 15ms.
Nov 11 11:27:28 DeepThought kernel: [ 217.460463] usb 8-2: USB disconnect, device number 2
Nov 11 11:27:31 DeepThought kernel: [ 220.608049] usb 8-2: new high-speed USB device number 3 using ehci-pci
Nov 11 11:27:31 DeepThought kernel: [ 220.741857] usb 8-2: New USB device found, idVendor=0e8d, idProduct=2000
Nov 11 11:27:31 DeepThought kernel: [ 220.741860] usb 8-2: New USB device strings: Mfr=1, Product=2, SerialNumber=0
Nov 11 11:27:31 DeepThought kernel: [ 220.741862] usb 8-2: Product: MT65xx Preloader
Nov 11 11:27:31 DeepThought kernel: [ 220.741864] usb 8-2: Manufacturer: MediaTek
Nov 11 11:27:31 DeepThought mtp-probe: checking bus 8, device 3: "/sys/devices/pci0000:00/0000:00:1d.7/usb8/8-2"
Nov 11 11:27:31 DeepThought mtp-probe: bus: 8, device: 3 was not an MTP device
Nov 11 11:27:31 DeepThought kernel: [ 220.855737] cdc_acm 8-2:1.1: ttyACM0: USB ACM device
Nov 11 11:27:31 DeepThought kernel: [ 220.884047] usbcore: registered new interface driver cdc_acm
Nov 11 11:27:31 DeepThought kernel: [ 220.884050] cdc_acm: USB Abstract Control Model driver for USB modems and ISDN adapters
Nov 11 11:27:31 DeepThought kernel: [ 220.924931] usb 8-2: USB disconnect, device number 3
Nov 11 11:27:31 DeepThought ModemManager[511]: <warn> (ttyACM0): tcgetattr() error: 5
Nov 11 11:27:31 DeepThought ModemManager[511]: <warn> (ttyACM0): port attributes not fully set
Nov 11 11:27:31 DeepThought kernel: [ 220.928861] cdc_acm 8-2:1.1: failed to set dtr/rts
Nov 11 11:27:31 DeepThought ModemManager[511]: <info> (tty/ttyACM0): released by modem /sys/devices/pci0000:00/0000:00:1d.7/usb8/8-2
Nov 11 11:27:31 DeepThought ModemManager[511]: <warn> (Plugin Manager) (Cinterion) [ttyACM0] error when checking support: '(Cinterion) Missing port probe for port (tty/ttyACM0)'
Nov 11 11:27:31 DeepThought ModemManager[511]: <warn> (Plugin Manager) (Nokia) [ttyACM0] error when checking support: '(Nokia) Missing port probe for port (tty/ttyACM0)'
Nov 11 11:27:31 DeepThought ModemManager[511]: <warn> (Plugin Manager) (Iridium) [ttyACM0] error when checking support: '(Iridium) Missing port probe for port (tty/ttyACM0)'
Nov 11 11:27:31 DeepThought ModemManager[511]: <warn> (Plugin Manager) (Generic) [ttyACM0] error when checking support: '(Generic) Missing port probe for port (tty/ttyACM0)'
Nov 11 11:27:33 DeepThought ModemManager[511]: <warn> Couldn't find support for device at '/sys/devices/pci0000:00/0000:00:1d.7/usb8/8-2': not supported by any plugin
Nov 11 11:27:35 DeepThought wpa_supplicant[837]: nl80211: send_and_recv->nl_recvmsgs failed: -33
Nov 11 11:27:36 DeepThought kernel: [ 226.092142] usb 8-2: new high-speed USB device number 4 using ehci-pci
Nov 11 11:27:37 DeepThought kernel: [ 226.225936] usb 8-2: New USB device found, idVendor=1949, idProduct=0241
Nov 11 11:27:37 DeepThought kernel: [ 226.225945] usb 8-2: New USB device strings: Mfr=2, Product=3, SerialNumber=4
Nov 11 11:27:37 DeepThought kernel: [ 226.225951] usb 8-2: Product: FireTV
Nov 11 11:27:37 DeepThought kernel: [ 226.225956] usb 8-2: Manufacturer: Amazon
Nov 11 11:27:37 DeepThought kernel: [ 226.225961] usb 8-2: SerialNumber: G070GV05544205DE
Nov 11 11:27:37 DeepThought mtp-probe: checking bus 8, device 4: "/sys/devices/pci0000:00/0000:00:1d.7/usb8/8-2"
Nov 11 11:27:37 DeepThought mtp-probe: bus: 8, device: 4 was an MTP device
After taking a closer look at my syslog and doing some research on problems with /dev/ttyACM0, I finally found the problem. It's the modemmanager. That service immmediately "grabs" the device and tries to do some invalid settings, which leads to an near immediate disconnect.
After I uninstalled the modemmanger (which seemed preinstalled in debian jessie, at least I never installed it on purpose) with
Code:
apt-get remove modemmanager
both of my problems were gone. The device stayed up for 3 seconds and after reboot of the Fire TV it had the same devicename /dev/ttyACM0 again. So I could undo my changes to the handshake script and had instant success with it.
Now I'll try rooting. WHOOT!
Thank you very much for your efforts!
I'd just like to check my understanding - are the instructions you posted comprehensive to obtaining root from absolute scratch?
I know soldering of eMMC and such things were used in development, but that is not needed now after you've done the hard work, correct?
I can just follow your steps above and root the FTV2?
gu3stZA said:
Thank you very much for your efforts!
I'd just like to check my understanding - are the instructions you posted comprehensive to obtaining root from absolute scratch?
I know soldering of eMMC and such things were used in development, but that is not needed now after you've done the hard work, correct?
I can just follow your steps above and root the FTV2?
Click to expand...
Click to collapse
Yes, you're right. No need to solder anything. You just need the tools stated in the instructions.
Hardware:
- a computer running Linux (or something very close)
- a A to A USB cable
Software:
- python3 and python3-serial packages
- adb package (not necessary but recommended)
- zeroepochs scripts and patchfiles
That said, a certain amount of base knowledge regarding Linux doesn't hurt .
Thanks! I've played around with Linux but would definitely classify myself as a beginner. I guess we'll see how user-friendly the instructions are
This is good news, definitely progress, could this be integrated into ADBFire for windows
Jay794 said:
This is good news, definitely progress, could this be integrated into ADBFire for windows
Click to expand...
Click to collapse
This would be perfect. Or even adb. I've just never used Linux
zeroepoch said:
It has only been tested on a US device and I don't know at this point if non US devices are different, maybe not.
Click to expand...
Click to collapse
Hi zeroepoch,
I just used your rooting scripts successfully on a non US (in my case German) version of the Fire TV 2!
Greets,
Christian
skyball2 said:
Hi zeroepoch,
I just used your rooting scripts successfully on a non US (in my case German) version of the Fire TV 2!
Greets,
Christian
Click to expand...
Click to collapse
Thanks for the feedback. Glad to hear it worked!
Successful root under arch Linux! Thanks for your hard work.
By any chance does this root work for the original fire TV ?
Sent from my SM-N910F using Tapatalk
Savage13 said:
By any chance does this root work for the original fire TV ?
Click to expand...
Click to collapse
No. It's MediaTek specific. It may work on most MediaTek devices though.
how can u tell handshake is ok and start patching ?
reiteravi said:
how can u tell handshake is ok and start patching ?
Click to expand...
Click to collapse
It will print "Handshake Complete". Also the serial device will remain present rather than disappear after a few seconds.
EDIT: The files have now reappeared on B&N's servers. For safety and convenience I've attached the Nook-1.3.0 and Nook-1.3.1 Delta files here in one Zip file. Hope this helps someone else. I'm off to try patching this kernel.
Hi all!
Does anyone have a copy of the source code for the 2013 Glowlight? The links on B&N's site aren't working. I've tried hunting around on XDA, but it doesn't seem as though anyone has ever uploaded them here.
Nook OS version on my GL 2013 is 1.3.2, but I'm guessing 1.3.0 and 1.3.1 aren't that different and would be better than nothing.
Thank you!
Alex
Found them! B&N must have fixed their site, because the links are working again. I've attached them here in one Zip file just in case they go missing again. I've also popped them on the Wayback Machine.
I've managed to build the kernel using the Sourcery G++ Lite 2010q1-202 toolchain. There was a tiny tweak needed to get it to work with newer versions of Perl, but otherwise it's compiled without a problem. I've tried with a couple of later Linaro toolchain builds, but they failed.
Patch-wise I'm trying to get features as close to the NST modded kernels as possible. The kernel on my old NST has the smartassv2 CPU governor and the SIO scheduler, so I've found patches for those and added them.
I have a few other patches, but no success so far. FastMode needs quite a few tweaks for the patch to work. USB Host Mode compiles fine but does nothing, with no chipset shown in Renate's USB Mode Utility. Finally, I can't work out how to overclock to 1000 MHz.
I'm sure a lot of these issues are solved somewhere in this forum, or there are at least clues (the "Hacking the New Nook Glowlight" thread has certainly helped). I haven't found the answers yet. It's not an urgent project - my NST is still hanging on for dear life - so I'm just working on it when I have a few minutes or feel inspired to do so.
I'll post updates here as I work things out. If anyone has any tips or can offer any help, please do reply to this thread.
albrow said:
USB Host Mode compiles fine but does nothing, with no chipset shown in Renate's USB Mode Utility.
Click to expand...
Click to collapse
The old driver(s) exposed:
Code:
/sys/devices/platform/musb_hdrc/mode
/sys/devices/platform/musb_hdrc/vbus
/sys/devices/platform/i2c_omap.1/i2c-adapter/i2c-1/1-0048/twl4030_usb/vbus
/sys/devices/virtual/sec/switch/adc
/sys/devices/platform/bq24073/regulator/regulator.5/state
/sys/devices/platform/bq24073/force_current
I've uploaded what I've done so far to GitHub.
GitHub - PocketNerdIO/nook-kernel-1.3.1: Kernel for the Nook Glowlight 1 (BNRV500), based on B&N's stock kernel (nook-1.3.1, Android 2.1, Linux 2.6.29-omap1) with some extra patches.
Kernel for the Nook Glowlight 1 (BNRV500), based on B&N's stock kernel (nook-1.3.1, Android 2.1, Linux 2.6.29-omap1) with some extra patches. - GitHub - PocketNerdIO/nook-kernel-1.3.1: Kern...
github.com
Currently the only changes from stock are adding SIO and smartassv2. I've attached the uImage and .config files, should you want to give them a go yourself.
I don't know how many NG1 users are still out there, but hopefully someone will find this useful.
Sidenote: I'm a Linux user. If you run ADB in Linux first, Renate's ADBGRAB runs perfectly in Wine. See the screenshot below.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
I'll try look into it.
I thought I should add that I've already adjusted the partition table. My NG1 currently has a uRamdIsk that mounts /sdcard as a simlink, but some apps really don't like this. I think I'm going to repurpose "reserve" as /sdcard instead.
Code:
NAME FSTYPE FSVER LABEL SIZE
sdb
├─sdb1 vfat FAT32 boot 76M
├─sdb2 vfat FAT32 rom 16M
├─sdb3 ext2 1.0 factory 190M
├─sdb4
├─sdb5 ext2 1.0 288M
├─sdb6 vfat FAT32 NOOK 2.5G
├─sdb7 ext3 1.0 cache 239M
├─sdb8 ext3 1.0 reserve 15M
└─sdb9 ext3 1.0 userdata 300M
albrow said:
Renate's ADBGRAB runs perfectly in Wine.
Click to expand...
Click to collapse
Gosh! Glad to hear it.
Don't forget that for a simple grab give it a filename:
Code:
adbgrab grab.png /o90
Rotate works on this (but not Scale /s)
For interactive:
Code:
adbgrab /s.5
Rotate & Scale work.
Mouse clicks and most keys work on this (but slowly due to Android "input" command which does it in Java).
Renate NST said:
Don't forget that for a simple grab give it a filename:
Code:
adbgrab grab.png /o90
Rotate works on this (but not Scale /s)
For interactive:
Code:
adbgrab /s.5
Rotate & Scale work.
Mouse clicks and most keys work on this (but slowly due to Android "input" command which does it in Java).
Click to expand...
Click to collapse
Thank you! I'm going to try running a few more of your tools with Wine in the next few days. I'm especially interested in patching the Reader using MergeSmali, as well as swapping versions (seeing if the one in 1.2.1/1.2.2 is better than the one in 1.3.1).
I added some compilation tweaks to the code so that it aimed at Cortex-8 rather than a generic ARMv7 build. The changes are on Github and will be part of the next binary I release.
I've been wondering if it's worth trying to find some other patches for this old kernel to give it a speed boost, or maybe more battery savings. I'm guessing it's not worth trying to get it running with a newer kernel (2.6.32/35/36). To be honest I don't know much about kernel hacking beyond some beginner-level C and adding patches. For now I'd like to get things like multitouch and FastMode running, which shouldn't be too tough.
With a quick tweak to the code, the kernel now compiles and boots with Linaro 2012-08 (gcc 4.7.2). I'll push the change to Github later.
I was also able to compile it with Linaro's gcc 4.9.4, but unfortunately the NG1 wouldn't boot. I probably need to work out how to look at u-boot and kernel logs to see if it's fixable, but it's not as important as getting the other patches working.
I'm slowly going through Guevor's old patch file (v4) for the NST. I've added the option for Veno TCP congestion control to the kernel. The change is up on Github. Plus, here's my latest kernel compiled with Linaro gcc 4.7.2, along with the config. To recap, here's the changelog from the stock Nook 1.3.1 kernel (2.6.29):
Compiles (and boots) with Linaro gcc 4.7.2
Fixed to compile with modern versions of Perl
Use SIO I/O Scheduler as default
Use smartassv2 as default
Add Veno TCP congestion and set as default
Not a huge number of changes from stock, but hopefully still some improvements. Next up are FastMode, Multitouch and USB Host. There are also the overclocking settings, but I'm less sure about whether they're all that worthwhile.
EDIT: Realised that I'd uploaded a kernel compiled with the Sourcery toolchain, so I've just uploaded one compiled with Sourcery and one with Linaro gcc 4.7.2. Feel free to test both.
In other news (cc @Renate NST), the stock Reader on my device really doesn't like files loaded using the Temblast Library, which is a massive shame as it's my preferred library app. It takes a long time to load the file, and then has no indexing whatsoever: "Content" does nothing, "go to" shows "Page 3 of 0", and highlighting a word crashes the reader. It's not the end of the world as I can use the stock Library, although I don't know if it's going to read the files in /sdcard. Further research required.
Also, this version of the stock reader REALLY dislikes Button Savior drawing over the top of it. This is most noticeable when the trigger fades out. It will try to refresh the screen at every gradient of change, sometimes making the device unresponsive for up to 30 seconds. I thought there was a way of turning off the fade-out, but I can't find it. One workaround is to close the Button Savior panel, press home, wait for the button to fade, then go back to the reader. It's times like this when I actually miss the "n" button bar on the NST. I can live without physical buttons if the virtual ones do the job well enough.
Think my next task will be to rearrange the partitions so that there's a proper /sdcard rather than a symlink.
albrow said:
The stock Reader on my device really doesn't like files loaded using the Temblast Library...
Click to expand...
Click to collapse
That's very strange. If it opens the intended book then it should be ok from there.
In my world the reader gets the last reading point by itself.
Maybe your reader is expecting something extra in the intent and it isn't handling the lack gracefully?
Does it always go to page 1 even if you've read further?
albrow said:
Also, this version of the stock reader REALLY dislikes Button Savior...
Click to expand...
Click to collapse
Mmm, I dislike those things too.
I was looking at the Onyx Boox Poke 3. It has only a power button, no home, no anything.
It has this arc of icons that follows your finger, a bit like Button Savior.
It's great hardware but I'd have to do a bunch of work to make it clean.
Renate NST said:
Maybe your reader is expecting something extra in the intent and it isn't handling the lack gracefully?
Click to expand...
Click to collapse
I'm certain you're right on this, but I have no idea how to monitor that.
Renate NST said:
Does it always go to page 1 even if you've read further?
Click to expand...
Click to collapse
Yes, unless you're re-opening the same book that is currently open (i.e. Reader is already running in the background with that book.
I've just noticed something with this Reader. It NEVER does a refresh on a page turn, nor when the bottom menu appears or disappears. It sometimes does a refresh when it first loads a book, but not always. But if something tries to draw over the top of it (Button Savior, the Android volume HUD), it refreshes on every change to the screen.
I have a theory on this. When trying to apply the FastMode patches, I noticed that the nook 1.3.1 kernel has more functionality than the one from 1.2.x. I've attached them both here, along with a diff of the two files. Could it be that this newer Reader uses a "new" (given the device is 8 years old) screen drawing method that the NG1 is switching in and out of when something draws over the top of Reader?
I might compile another kernel with the old kernel driver to see what it does.
Renate NST said:
I was looking at the Onyx Boox Poke 3. It has only a power button, no home, no anything.
It has this arc of icons that follows your finger, a bit like Button Savior.
It's great hardware but I'd have to do a bunch of work to make it clean.
Click to expand...
Click to collapse
Oh, don't tempt me! Hacking around with Android 2.1 does feel futile in 2021, but I'm not sure if I want to spend $189 on an ereader right now.
So, a quick update. I've managed to get the OTG patch on and enable the right kernel options (thanks to guevor's old NST .config file). It can now see devices!
Unfortunately, even though I've enabled block devices and SCSI, no new devices are showing in /dev. I'm sure I'm just missing some kernel options.
I found a later version of Linaro's gcc, specifically 4.7.3 from April 2013, which creates a bootable kernel. I think this is the latest version of gcc that will work properly with this code - any later and I just get a freeze at boot, not even a bootloop. It would've been nice (for me) to run a 64 bit compiler, but this works for now so I'll stick with it.
Latest amendments are on Github. I'm not at my laptop at the moment so I don't have a copy of the uImage or .config, but I'll add them when I'm next about.
Finally, I was wondering how easy it would be to "backport" this kernel to work on the NST or NST/G. It might just require an old .config file such as guevor's one. I don't know how useful that would be for anyone, especially as it doesn't have multitouch or FastMode, but it might provide some better screen writing code. I guess it could be a good experiment.
Hmm, it's interesting that it's not showing any interfaces or endpoints.
Are you using UsbMode-2.2.apk?
What does dmesg say when you plug it in?
Does a keyboard or something else work fine?
I think I've only got 2.1 on there actually - an old copy from when I was setting up my NST many years ago. I'll download 2.2 and get the dmesg log tonight. I don't have the USB stick or an OTG cable with me.
Do I need usbhostd as well, or is that only for the KitKat Nooks?
albrow said:
Do I need usbhostd as well, or is that only for the KitKat Nooks?
Click to expand...
Click to collapse
No, that's only for Glow2/3/4
I couldn't get UsbMode 2.2 to install on the NST or the NG1, but 2.1 runs fine on both. I've tried my Microsoft Ergonomic Keyboard on the NG1. It's showing in UsbMode, but dmesg comes up with this:
Code:
<6>[ 283.243438] usb 1-1: new low speed USB device using musb_hdrc and address 7
<3>[ 283.445098] usb 1-1: device v045e p00db is not supported
<6>[ 283.452697] usb 1-1: configuration #1 chosen from 1 choice
For the Sandisk OTG memory stick I get the following (of course, this could just be the stick asking for too much current):
Code:
<6>[ 589.997344] usb 1-1: new high speed USB device using musb_hdrc and address 9
<3>[ 590.163635] usb 1-1: device v0bda p0109 is not supported
<6>[ 590.171295] usb 1-1: rejected 1 configuration due to insufficient available bus power
<4>[ 590.179595] usb 1-1: no configuration chosen from 1 choice
Here's an Apple Mighty Mouse:
Code:
<6>[ 666.583343] usb 1-1: new low speed USB device using musb_hdrc and address 10
<3>[ 666.771850] usb 1-1: device v05ac p0304 is not supported
<6>[ 666.779510] usb 1-1: configuration #1 chosen from 1 choice
And for a laugh I thought I'd plug my NST into the NG1:
Code:
<6>[ 1193.856811] usb 1-1: new high speed USB device using musb_hdrc and address 21
<3>[ 1194.021789] usb 1-1: device v2080 p0003 is not supported
<6>[ 1194.029296] usb 1-1: rejected 1 configuration due to insufficient available bus power
<4>[ 1194.037597] usb 1-1: no configuration chosen from 1 choice
I'm sure I've just not enabled something in the kernel, but right now I'm not sure what.
OK, here's an interesting thing.
I thought I'd try plugging in an unpowered USB 2.0 Hub, which was recognised:
Code:
<6>[ 1858.059326] usb 1-1: new high speed USB device using musb_hdrc and address 25
<6>[ 1858.222869] usb 1-1: configuration #1 chosen from 1 choice
<6>[ 1858.229644] hub 1-1:1.0: USB hub found
<6>[ 1858.233978] hub 1-1:1.0: 4 ports detected
And then I plugged in the USB stick into the hub... which also worked and created /dev/block/sda and sda1!
Code:
<6>[ 2031.161499] usb 1-1: reset high speed USB device using musb_hdrc and address 25
<6>[ 2031.968811] usb 1-1.3: new high speed USB device using musb_hdrc and address 26
<3>[ 2032.104217] usb 1-1.3: device v0bda p0109 is not supported
<6>[ 2032.111999] usb 1-1.3: configuration #1 chosen from 1 choice
<6>[ 2032.130249] scsi0 : SCSI emulation for USB Mass Storage devices
<7>[ 2032.139739] usb-storage: device found at 26
<7>[ 2032.144134] usb-storage: waiting for device to settle before scanning
<5>[ 2037.149627] scsi 0:0:0:0: Direct-Access Generic- SD/MMC 1.00 PQ: 0 ANSI: 0 CCS
<6>[ 2037.273895] usb 1-1.3: reset high speed USB device using musb_hdrc and address 26
Unfortunately the Apple Mighty Mouse did what it did before, although it showed as being plugged in to the hub.
Code:
<6>[ 79.115997] usb 1-1.2: new low speed USB device using musb_hdrc and address 3
<3>[ 79.238891] usb 1-1.2: device v05ac p0304 is not supported
<6>[ 79.246276] usb 1-1.2: configuration #1 chosen from 1 choice
albrow said:
I couldn't get UsbMode 2.2 to install on the NST or the NG1.
Click to expand...
Click to collapse
Well, it looks like someone has to do some regression testing.
Edit: @albrow 2.2 works fine on my NST. I don't have a BNRV500.
If the logcat tells you something could you post it?
albrow said:
Code:
<6>[ 590.171295] usb 1-1: rejected 1 configuration due to insufficient available bus power
You should always test questionable USB OTG things using a powered hub.
After you get it working you can try flying solo.
Click to expand...
Click to collapse