%s:%08X, Format String Attacks, Secret Code - Windows Phone 8 Development and Hacking

This is really more of a question but since it pertains to code I posted in Development and Hacking. Been seeing this %s:%08x in my 928 .dll and .sys files. Googled it and got results on format string attacks and even secret or hidden codes. How is it used or is it even useful as an exploit? Sample code
Code:
\ ? ? \ C : \ D P P \ N o k i a \ S e n s o r s \ A C C _ K I O N I X _ K X T N K 1 0 0 0 . b i n KXTNReadCalibrationData: KIONIX ACC calibration file not found: %#X %S
KXTNReadCalibrationData: KIONIX ACC calibration data read failure: %#X
KXTNReadCalibrationData: KIONIX ACC calibration data corrupted (size): %#X
KIONIX KXTNReadCalibrationData: KIONIX ACC calibration data corrupted (manufacturer): %#X
KXTNK-1000 KXTNReadCalibrationData: KIONIX ACC calibration data corrupted (model): %#X
ACC Calibration offsets updated X = %s%d.%04d Y = %s%d.%04d Z = %s%d.%04d
+KXTNInitializeHardware
KXTNInitializeHardware ERROR! Can't read WHO_AM_I. %#x
KXTNInitializeHardware Detected Kionix
KXTNInitializeHardware Detected ST
KXTNInitializeHardware ERROR! Invalid WHO_AM_I: 0x%02X.
KXTNInitializeHardware: Warning! Failed to read Info registers: %#X
KXTNInitializeHardware: INFO1 register = %x, INFO2 register = %x.
KXTNInitializeHardware Error! failed to read configuration registers. %#X
KXTNInitializeHardware Error! failed to read factory calibration data. %#X
-KXTNInitializeHardware:%s:%08X

If you can see the %<STUFF> part, it's not vulnerable. I'm sorry, but this is something that really belongs in Q&A or General. Even a completely elementary C programmer could tell you about format strings.
Format string attacks are possible only when the code treats a user-specified string as a format string. When the format string is hardcoded, there's nothing you can really do to attack it. There have been format string vulns in smartphone OSes before - things like the raw SMS processing code being vulnerable, so sending a message with a format specifier (% followed by certain characters) in it could crash or exploit the messaging code. Testing for this is pretty standard now, though, and it's an easy bug to avoid.

My apologies...feel free to move, delete, or burn this thread.

Related

Some console commands for P3300.

Below are some commands for Artemis.
For the moment still did not find a command to backup existing ROM.
There are some interesting ones related to debug and use of TFTP.
Commands are case sensitive.
Looks like battery is charging while in bootloader mode. It was not a case with Prophet.
regards,
fdp24
*******************************************
Cmd>fm
Wrong parameters of FM Command!!
Usage:
fm [command] [frequency]
where:
if[command] = i Initialize FM.
if[command] = o Power on FM.
if[command] = f Power off FM.
if[command] = t Tune FM channel to [frequency].
if[command] = a FM auto seek test.
if[command] = m Mono(1) or Stereo(0).
if[command] = v Volume (0x00 - 0x0F).
if[command] = u Mute(0)
if[command] = g AGC(1)
if[command] = h Set seek threshold (0x00 - 0xFF).
if[command] = s Seek Up(1) or Down(0).
if[command] = r Get RSSI (0x00 - 0xFF).
if[command] = c Get current channel [frequency].
if[command] = d Get RDS data (1 - 10 groups of data).
*******************************************
Cmd>cpldver
xsvfExecute - CpldType=1
SUCCESS - Completed XSVF execution.
CPLD Ver[0]=1
CPLD Ver[1]=FC
CPLD Ver[2]=26
CPLD Ver[3]=5
Unknown yet.
*******************************************
Cmd>SetDsbDBGMSGT
Unknown yet.
*******************************************
Cmd>ReadExtROM
Dump Ext ROM to MTTY terminal
*******************************************
Cmd>WLANReset
Usage:
WLANReset 1(or0)
set SDIO: 0-WLAN ;1-SDMC.
Cmd>WLANReset 0
WLANReset(FALSE)
Cmd>WLANReset 1
WLANReset(TRUE)
*******************************************
Cmd>SDSelect
Usage:
SDSelect 1(or0)
set SDIO: 0-WLAN ;1-SDMC.
Cmd>SDSelect 1
Select SD Card
*******************************************
Cmd>emapiWlanMac
Notice: This MAC address takes effect only when your platform is EEPRON-less configuration. Please use (emapiTest) to verify it !
Copying GSM DATA image to SDRAM:00004000
Wlan data header ++++++++++++++++++++
Signature : 0xEE1250
UpdateStatus : 0x2
UpdateCount : 0xA
BodyLength : 0x1A1
BodyCRC : 0x4349311B
Wlan data header --------------------------
0x00000000
0x00000009
0x0000002D
0x000000D2
0x000000D5
0x000000FB
*******************************************
Cmd>emapiTest
+emapiTest
1. Power on WLAN
2. Reset WLAN
3. Switch MUX to WLAN
4. Enable WLAN clock
5. Init WLAN SDIO interface
6. DeviceID Test
DeviceID = 403xxxx
EEPROMless configuration!
-emapiTest
*******************************************
Cmd>emapiPwrDwn
*******************************************
Cmd>emapiRead
Parameter Wrong!!
*******************************************
Cmd>getdevinfo
Need password!
*******************************************
Cmd>wdata
Usage:
wdata [StartAddr Len]
Write data to memory(if write to ROM, need erase first).
StartAddr : Start address of memory.
Len : How many bytes will be written.
Length must not more than 0x10000 bytes(buffer limitation).
Write to RAM: 4 bytes(CRC checksum limitation).
1 byte(in user mode).
Write to ROM: 4 bytes(CRC checksum limitation).
2(16-bit)/4(32-bit) bytes(in user mode).
Write to ROM(16-bit data bus): 32 bytes(writebuffer mode).
Write to ROM(32-bit data bus): 64 bytes(writebuffer mode).
Length must be 4 bytes boundary(CRC checksum) if not in user mode.
After command execute, then send out the data to terminal.
Data format: HTCS(4 bytes)+DATA+checksum(4 bytes, if not in user mode)+HTCE(4 bytes).
*******************************************
Cmd>password
Usage:
password [String]
Enter the password string to enable wdata, erase and rbmc functions.
*******************************************
Cmd>set
Usage:
set [Type Value]
Set control flags.
Type(hex) : Control function types.
Value(hex) : Setting values for types.
Type 1(Operation mode): 1(auto) and 0(user).
Type 2(Back color on/off): 1(on) and 0(off).
Type 4(Front color value): 16 bits data
Type 5(Background color value): 16 bits data
Type 6(Set color of screen): Fill color to whole screen one time.
Current flag settings:
Type 1(Operation mode flag): g_cOpModeFlag=(0x0).
Type 2(Back color flag): cBackColorShowFlag=(0x0).
Type 4(Front color): g_dwFColor24bit=(0x0).
Type 5(Background color): g_dwBColor24bit=(0xFFFFFF).
Type 6(Set color of screen): None.
Type 32: Unlock Flash Command
Set control flags.
*******************************************
Cmd>SetDebugMethod
Copying GSM DATA image to SDRAM:00004000
Default DebugTransport Value =00000000
Current Usage:
0 No Debug
A UART MTTY Output Debug Message
B USB MTTY Output Debug Message
*******************************************
Cmd>checksum
Usage:
checksum addr len
Return CRC checksum of memory.
In user mode: Show 4 bytes of CRC checksum value on display of terminal.
In auto mode: Send 4 bytes of CRC checksum value to terminal with data format.
*******************************************
Cmd>ResetDevice
no comments
*******************************************
**When CID is locked.
Cmd>ls
clean up the image temp buffer at 0x8C100000 Length 0x03A00000
BOOTLOAD_PAGE_TABLE_BASE_C_VIRTUAL= 0x8C080000
Clear image temp buffer done .
MTTYDownloadImage
Not allow operation!
Error : DownloadImage return error (code = 0xFFFFFFFF)
**When CID is locked.
*******************************************
**When CID unlocked
Cmd>ls
clean up the image temp buffer at 0x8C100000 Length 0x03A00000
BOOTLOAD_PAGE_TABLE_BASE_C_VIRTUAL= 0x8C080000
Clear image temp buffer done .
MTTYDownloadImage
start download
==CreateFile err==
**When CID unlocked
*******************************************
Cmd>GPSRouting
Dump code to mtty console.
*******************************************
Cmd>BTRouting
Dump code to mtty console.
*******************************************
Cmd>BTRouting
+GSM_Modem_Init : include DAGON
Copying GSM DATA image to SDRAM:00004000
GSM - dwSize = 3479D
GSM Page0
GSM - dwSize = 45457
GSM Page1
GSM - dwSize = 4B768
GSM Page2
GSM - dwSize = 4E0A9
GSM Page3
GSM - dwSize = 4B4C4
GSM Page4
GSM - dwSize = 4C71F
GSM Page5
GSM - dwSize = 2958E
GSM Page6
GSM - dwSize = E8D8
GSM Page7
Copying GSM CODE image to SDRAM:00000000
ARMBOOT = 1 --> boot from CS3
Reset ARM 7 -- ok
Please close MTTY USB connection and open BT Testing program...
*******************************************
Wow.. Very VERY nice!
Wow fdp24
Please how did you found out all those comands ?
I'm curious and in the need of unbricking some.
can we use any of therse comands to make the SimLockTool_Artemis_Excalibur tool work

Key Info on bricked Artemis/Orbit

Got an XDA orbit two days back and it won't boot. Once when booted, it got stuck in the splash screen saying O2 and showed the protocols:
IPL:1.25.001
SPL:1.25.000
GSM:2.67.90
OS:1.25.00
Click to expand...
Click to collapse
It didn't go past this screen and a 4-sec press on power button switched it off. Any number of soft resets wouldn't solve the issue and there was this peculiar problem of the screen going dull and then fully dark, but u can see that the device is not off coz the screen is letting out a dull glow. Resetting switched off the phone.
Thinking it might be a battery issue, plugged in the USB power, but then there was no indication that it was charging. After sometime tried switching on and the unit was dead. Pulled out the battery and reinserted after
arnd 10 mins and did a hard reset. (Pulling battery out and reinserting was done so many times that I'd from now on refer to it as BOutReIn-10min;10min being the time it stayed out)Booted after the hard reset and it
started showing charge indication-orange, green n all.Then after setting the preferences, worked for abt 2 mins and the same problem of screen going dull and black gradually. Soft resets, hard resets, trying bootloader mode - nothing works. Just a brick with a nice thumbdial and trackball.DEAD.
Downloaded the Original O2 Uk ROM Image ARTEIMG.nbh
BOutReIn-30min and tried flashing the ROM from PC.75% and the same
dimming of the screen, but in another pattern of going up from the bottom.
BOutReIn-5min and tried flashing from SD card.
After the "Reading from Sd card" message, while installing first OS, it showed same problem.
Finding that the timing of the problem is connected to the time the battery is out (or the time the unit is not being used), BOutReIn-6hrs and tried SD card flashing which went successful, but when the unit reset after the process, it got stuck in bootloader.Oh Oh! More problematic? Donno..Another reset, still BL.One more, still in BL, but the the screen went dull after 2-3 secs. It hasn't come out of the BL since then.
Possible reasons
1.Corrupt OS(most probable)
2.corrupt bootloader(less probable, but not impossible.the fact that it shows bootloader means it is intact,i think)
3.Mainboard problem(least probable, but seeing the way things go, i had started to suspect this, especially coz of the screen dimming)
Click to expand...
Click to collapse
Gotta be something inside which gets heated up or cuts out. So opened it up and cleaned the whole interior and this guide, alongwith commonsense, came handy.
Then i found a small button cell soldered to the board. The presence of this really caught my attention coz i have had bad experiences with such things in older mobile phones and GPS units. My eTrex Vista went bad after some days of non-use and I found a leaking internal rechargeable cell just like this(3.3v), soldered to the board and it served the purpose of powering the memory where the system settings are saved. That GPS unit didn't come with a flash memory; tho Garmin learnt it fast and switched to Flashroms. Actually the only way of saving such things in GPS units is keeping operational batteries in the unit always and checking them frequently.
A quick check gave the cell voltage as 0.65v which is too low for such chemistry. Then connected the USB charger to the board and measured at the terminals and it was the same. it showed that it is not getting any
supply. Also, there was slight corrosion on the button cell body, which indicated that it might start leaking anytime, if not already. Cleaned up the body, brushed the whole area clean of any impurities and recharged it
using 2 duracells connected to the +/_ terminals and the voltage climbed to 1.7v. Kept it like that for sometime and checked the voltage once more, which showed 1.5v. This showed rapid voltage falling and that is not good news. The battery surely is on its last leg.
Not wanting to give up, and to test really whether the cell contributes to the system settings (otherwise, what is it there for?), connected everything rt back and did an SD card flashing which was successful and the unit booted after reset and started charging and everything was going smooth. Showed splash screen and when it was about to get into the customization phase, the screen began to dim.....
Sad, but I think that's at least some point to start. The board is having problems and that's why it doesn't charge the internal cell and the Artemis worked while the cell still had charge. When kept on working, the internal cell has discharged enough and more and that can be the beginning of so many problems which show up in bricked units (mostly Artemis).
No power
No charging
Stuck on bootloader
unit hanging when using
Now I don't think I can service the board successfully myself.Even professional servicing would be very costly. An alternative would be to replace the board.
Now i would like to know if such an internal rechargeable cell is there in other HTC devices. If so, then it is the culprit. If this is there in only Artemis-based PDAs having GPS, then it may or may not be the problem as it might be there just for the GPS, just like in older Garmins. Also, if that is the case, new GPS PDAs won't be having that cell too, after learning from such a mistake.
Let the discussion begin!!!
Hi-Res pics are here:
Internal Rechargeable cell
Close-up of the cell
Artemis Bootloader Commands
While researching on the problem and its possible solutions, I stumbled upon this information on a Trinity discussion board. This is very valuable information (read last resort) to those out there like me whose Orbits are not stable/dead. (No pun intended )Giving due credit to its author, fdp24, I am posting it here.
The actual thread is here.
fdp24 said:
rbmc is not in spl in Artemis device. On Trinity probably too.
These are some commands for Artemis:
Could be similarity for Trinity
CASE SENSITIVE!
Cmd>fm
Wrong parameters of FM Command!!
Usage:
fm [command] [frequency]
where:
if[command] = i Initialize FM.
if[command] = o Power on FM.
if[command] = f Power off FM.
if[command] = t Tune FM channel to [frequency].
if[command] = a FM auto seek test.
if[command] = m Mono(1) or Stereo(0).
if[command] = v Volume (0x00 - 0x0F).
if[command] = u Mute(0)
if[command] = g AGC(1)
if[command] = h Set seek threshold (0x00 - 0xFF).
if[command] = s Seek Up(1) or Down(0).
if[command] = r Get RSSI (0x00 - 0xFF).
if[command] = c Get current channel [frequency].
if[command] = d Get RDS data (1 - 10 groups of data).
************************************************** ************************************************** *
Cmd>cpldver
xsvfExecute - CpldType=1
SUCCESS - Completed XSVF execution.
CPLD Ver[0]=1
CPLD Ver[1]=FC
CPLD Ver[2]=26
CPLD Ver[3]=5
SetDsbDBGMSGT
Unknown yet.
************************************************** ************************************************** *
Cmd>ReadExtROM
Dump Ext ROM to MTTY terminal
************************************************** ************************************************** *
Cmd>WLANReset
Usage:
WLANReset 1(or0)
set SDIO: 0-WLAN ;1-SDMC.
Cmd>WLANReset 0
WLANReset(FALSE)
Cmd>WLANReset 1
WLANReset(TRUE)
************************************************** ************************************************** *
Cmd>SDSelect
Usage:
SDSelect 1(or0)
set SDIO: 0-WLAN ;1-SDMC.
Cmd>SDSelect 1
Select SD Card
************************************************** ************************************************** *
Cmd>emapiWlanMac
Notice: This MAC address takes effect only when your platform is EEPRON-less configuration. Please use (emapiTest) to verify it !
Copying GSM DATA image to SDRAM:00004000
Wlan data header ++++++++++++++++++++
Signature : 0xEE1250
UpdateStatus : 0x2
UpdateCount : 0xA
BodyLength : 0x1A1
BodyCRC : 0x4349311B
Wlan data header --------------------------
0x00000000
0x00000009
0x0000002D
0x000000D2
0x000000D5
0x000000FB
************************************************** ************************************************** *
Cmd>emapiTest
+emapiTest
1. Power on WLAN
2. Reset WLAN
3. Switch MUX to WLAN
4. Enable WLAN clock
5. Init WLAN SDIO interface
6. DeviceID Test
DeviceID = 4030xxx
EEPROMless configuration!
-emapiTest
************************************************** ************************************************** *
Cmd>emapiPwrDwn
************************************************** ************************************************** *
Cmd>emapiRead
Parameter Wrong!!
************************************************** ************************************************** *
Cmd>getdevinfo
Need password!
************************************************** ************************************************** *
Cmd>wdata
Usage:
wdata [StartAddr Len]
Write data to memory(if write to ROM, need erase first).
StartAddr : Start address of memory.
Len : How many bytes will be written.
Length must not more than 0x10000 bytes(buffer limitation).
Write to RAM: 4 bytes(CRC checksum limitation).
1 byte(in user mode).
Write to ROM: 4 bytes(CRC checksum limitation).
2(16-bit)/4(32-bit) bytes(in user mode).
Write to ROM(16-bit data bus): 32 bytes(writebuffer mode).
Write to ROM(32-bit data bus): 64 bytes(writebuffer mode).
Length must be 4 bytes boundary(CRC checksum) if not in user mode.
After command execute, then send out the data to terminal.
Data format: HTCS(4 bytes)+DATA+checksum(4 bytes, if not in user mode)+HTCE(4 bytes).
************************************************** ************************************************** *
Cmd>password
Usage:
password [String]
Enter the password string to enable wdata, erase and rbmc functions.
************************************************** ************************************************** *
Cmd>set
Usage:
set [Type Value]
Set control flags.
Type(hex) : Control function types.
Value(hex) : Setting values for types.
Type 1(Operation mode): 1(auto) and 0(user).
Type 2(Back color on/off): 1(on) and 0(off).
Type 4(Front color value): 16 bits data
Type 5(Background color value): 16 bits data
Type 6(Set color of screen): Fill color to whole screen one time.
Current flag settings:
Type 1(Operation mode flag): g_cOpModeFlag=(0x0).
Type 2(Back color flag): cBackColorShowFlag=(0x0).
Type 4(Front color): g_dwFColor24bit=(0x0).
Type 5(Background color): g_dwBColor24bit=(0xFFFFFF).
Type 6(Set color of screen): None.
Type 32: Unlock Flash Command
Set control flags.
************************************************** ************************************************** *
Cmd>SetDebugMethod
Copying GSM DATA image to SDRAM:00004000
Default DebugTransport Value =00000000
Current Usage:
0 No Debug
A UART MTTY Output Debug Message
B USB MTTY Output Debug Message
************************************************** ************************************************** *
Cmd>checksum
Usage:
checksum addr len
Return CRC checksum of memory.
In user mode: Show 4 bytes of CRC checksum value on display of terminal.
In auto mode: Send 4 bytes of CRC checksum value to terminal with data format.
************************************************** ************************************************** *
Cmd>ResetDevice
no comments
************************************************** ************************************************** *
**When CID is locked.
Cmd>ls
clean up the image temp buffer at 0x8C100000 Length 0x03A00000
BOOTLOAD_PAGE_TABLE_BASE_C_VIRTUAL= 0x8C080000
Clear image temp buffer done .
MTTYDownloadImage
Not allow operation!
Error : DownloadImage return error (code = 0xFFFFFFFF)
**When CID is locked.
************************************************** ************************************************** *
**When CID unlocked
Cmd>ls
clean up the image temp buffer at 0x8C100000 Length 0x03A00000
BOOTLOAD_PAGE_TABLE_BASE_C_VIRTUAL= 0x8C080000
Clear image temp buffer done .
MTTYDownloadImage
start download
==CreateFile err==
**When CID unlocked
************************************************** ************************************************** *
Cmd>GPSRouting
Dump code to mtty console.
************************************************** ************************************************** *
Cmd>BTRouting
Dump code to mtty console.
************************************************** ************************************************** *
Cmd>BTRouting
+GSM_Modem_Init : include DAGON
Copying GSM DATA image to SDRAM:00004000
GSM - dwSize = 3479D
GSM Page0
GSM - dwSize = 45457
GSM Page1
GSM - dwSize = 4B768
GSM Page2
GSM - dwSize = 4E0A9
GSM Page3
GSM - dwSize = 4B4C4
GSM Page4
GSM - dwSize = 4C71F
GSM Page5
GSM - dwSize = 2958E
GSM Page6
GSM - dwSize = E8D8
GSM Page7
Copying GSM CODE image to SDRAM:00000000
ARMBOOT = 1 --> boot from CS3
Reset ARM 7 -- ok
Please close MTTY USB connection and open BT Testing program...
************************************************** ************************************************** *
************************************************** ************************************************** *
************************************************** ************************************************** *
************************************************** ************************************************** *
************************************************** ************************************************** *
************************************************** ************************************************** *
password BsaD5SeoA - this is static password used during flashing device. (USB sniffer)
battery seems to be charging during bootloader.
If you stuck at bootloader during manipulations with commands, try this:
password BsaD5SeoA
ruurun 0
Alternatively, you can run rom flasher even on CID locked device. It will give you error message about Device ID or something, but your device will be back to normal and boot normally.
Click to expand...
Click to collapse
SOLVED!!!
The Orbit unit is up and running now....!!!!!WOOOOOOOOOOHOOOOOOOOOO!!!
I'll post what all i did to get it up.
now i really think the internal rechargeable cell is the culprit.
But for now, I'm one happy person, even if the Orbit in question is not mine.
GSM-working
GPS-working
Bluetooth-working
IR-working
USB charging
camera-working
sd card-working
fm radio-working
mouse ball and thumbwheel-working
Wifi-not turning on(need to investigate on this)
htc 3300 error 300
no waaaaawwwwooooooooooooo iii
htc p3300 briked with error 300 help help:mad
hellllllllllllllllllllllllllllllllllllps boys pof pof
newwws newwws
what happend this forum can be help us my artelis blocked error 300 in
all rom

[Request] Chinese sort&search in contacts&dial up

for us use chinese, is there anybody can help to fix to sort&search Chinese in contacts&dial up on Nexus one or Android 2.1 ?
HTC, can search contact when input number in dial up. CM Rom can not .
http://www.androidin.net/bbs/thread-49607-1-1.html
http://www.androidin.net/bbs/viewthread.php?tid=46916&highlight=
yungjoe said:
http://www.androidin.net/bbs/viewthread.php?tid=46916&highlight=
Click to expand...
Click to collapse
thanks a lot. and i made this post, not perfect ^_^
http://www.androidin.net/bbs/thread-49607-1-1.html
but i meet some problem that i can not search chiese name by english alphabet. HTC Hero's contacts is good, any one ported ?
*** link deleted ***
hengsin said:
http://www.tigersw.cn/soft15633.html
Click to expand...
Click to collapse
please remove the link or prepared to be banned
Sorry to go off-topic, but why will he be banned because of the link? Non-English?
by replace the libsqlite.so libcudata.so can display sorted chinese contact .
below is the way to add function search by name, but it is for android 1.6. I found the contacts.db is different from Android 2.1.
no "pepole persons contact_methods" tables
only "contacts name_lookup phone_lookup"
i did not understand the co-relation beside these tables, some guy can help to change below scripts on Android 2.1 ??
Thanks very much.
Android 2.1 contacts2.db
PHP:
sqlite> .tables
.tables
_sync_state status_updates
_sync_state_metadata v1_settings
activities view_contacts
agg_exceptions view_contacts_restricted
android_metadata view_data
calls view_data_restricted
contact_entities_view view_groups
contact_entities_view_restricted view_raw_contacts
contacts view_raw_contacts_restricted
data view_v1_contact_methods
groups view_v1_extensions
mimetypes view_v1_group_membership
name_lookup view_v1_groups
nickname_lookup view_v1_organizations
packages view_v1_people
phone_lookup view_v1_phones
raw_contacts view_v1_photos
settings
sqlite> .schema contacts
.schema contacts
CREATE TABLE contacts (_id INTEGER PRIMARY KEY AUTOINCREMENT,display_name TEXT,p
hoto_id INTEGER REFERENCES data(_id),custom_ringtone TEXT,send_to_voicemail INTE
GER NOT NULL DEFAULT 0,times_contacted INTEGER NOT NULL DEFAULT 0,last_time_cont
acted INTEGER,starred INTEGER NOT NULL DEFAULT 0,in_visible_group INTEGER NOT NU
LL DEFAULT 1,has_phone_number INTEGER NOT NULL DEFAULT 0,lookup TEXT,status_upda
te_id INTEGER REFERENCES data(_id),single_is_restricted INTEGER NOT NULL DEFAULT
0);
CREATE INDEX contacts_has_phone_index ON contacts (has_phone_number);
CREATE INDEX contacts_restricted_index ON contacts (single_is_restricted);
CREATE INDEX contacts_visible_index ON contacts (in_visible_group,display_name C
OLLATE LOCALIZED);
CREATE TRIGGER contacts_times_contacted UPDATE OF last_time_contacted ON contact
s BEGIN UPDATE contacts SET times_contacted = (new.times_contacted + 1) WHERE _i
d = new._id;END;
sqlite> .schema name_lookup
.schema name_lookup
CREATE TABLE name_lookup (data_id INTEGER REFERENCES data(_id) NOT NULL,raw_cont
act_id INTEGER REFERENCES raw_contacts(_id) NOT NULL,normalized_name TEXT NOT NU
LL,name_type INTEGER NOT NULL,PRIMARY KEY (data_id, normalized_name, name_type))
;
CREATE INDEX name_lookup_index ON name_lookup (normalized_name,name_type, raw_co
ntact_id);
CREATE INDEX name_lookup_raw_contact_id_index ON name_lookup (raw_contact_id);
sqlite> .schema phone_lookup
.schema phone_lookup
CREATE TABLE phone_lookup (data_id INTEGER PRIMARY KEY REFERENCES data(_id) NOT
NULL,raw_contact_id INTEGER REFERENCES raw_contacts(_id) NOT NULL,normalized_num
ber TEXT NOT NULL);
CREATE INDEX phone_lookup_index ON phone_lookup (normalized_number,raw_contact_i
d,data_id);
PHP:
echo 'Phase 1: Creating triggers...'
#Replace the offical trigger to index email address
sqlite3 contacts.db "DROP TRIGGER IF EXISTS peopleLookup_update;"
sqlite3 contacts.db \
"CREATE TRIGGER peopleLookup_update \
UPDATE OF name ON people \
BEGIN\
DELETE FROM peopleLookup WHERE source = new._id;\
SELECT _TOKENIZE('peopleLookup', new._id, new.name, ' ');\
SELECT _TOKENIZE('peopleLookup', new._id, data, '')\
FROM contact_methods\
WHERE person=new._id AND kind=1; \
END"
# Trig the peopleLookup_updats trigger
sqlite3 contacts.db "DROP TRIGGER IF EXISTS sunner_email_update;"
sqlite3 contacts.db \
"CREATE TRIGGER IF NOT EXISTS sunner_email_update \
AFTER UPDATE OF data ON contact_methods \
WHEN new.kind=1 \
BEGIN \
UPDATE people SET name=\`name\` WHERE _id=new.person; \
END"
sqlite3 contacts.db \
"CREATE TRIGGER IF NOT EXISTS sunner_email_insert \
AFTER INSERT ON contact_methods \
WHEN new.kind=1 \
BEGIN \
SELECT _TOKENIZE('peopleLookup', new.person, new.data, ''); \
END"

Single quote in database

Can't get rid of this error:
android.database.sqlite.SQLiteException: near "s": syntax error: , while compiling:
Select correct from answers where correct = 'Between the airplane's climb angle and the horizon.'
Obviously, it's finding the single quote in ( airplane's ) and considering that the end of the statement.
I've tried:
correct.replaceAll(" ' ", " ''' "); //replace 1 with 3
correct.replaceAll(" ' ", " '' "); // replace 1 with 2
correct.replaceAll(" ' ", " "); // replace 1 with space
(NOTE: the spaces are NOT in the code, I just did that to make it readable)
I have no idea what's going on, IMO, it should work. Maybe I need to try:
String single = "'"; // single '
String double = "''" // double ''
correct.replaceAll(single, double); // ????
Everything I"ve read about sqlite3 is to replace one with two....
TIA,
Roots
\'
\ is the escape character for most languages
so airplane's would be airplane\'s
Also, are you binding your queries with the "question mark" bind?
I'll try the escape and post back later. There are 1,000 rows in the database and I"m pulling a random subset of that, so it's not that often I get one of those situations.
I'm not sure what you mean by "binding with ?" Isn't that what you use for bind variable unknown at runtime? I know my bind variables and just use it in my dbquery. Please enlighten me...always happy to learn something new
Sample code...answerOne would contain the single quote that's killing me
Code:
Cursor c;
c = myDataBase.rawQuery("Select correct from answers where correct = '" + answerOne + "'", null);
if(c.moveToFirst())
answer = "1";
c.close();
binding with question marks should take care of escaping for you.
Basically the question mark is a place holder for a variable in the query.
What you are doing is manually creating the query string. This is considered bad practice these days especially with regards to security. Mostly because it opens up the DB to a SQL injection attack.
So instead of using the rawQuery just use query and you can put a ? in and android will substitute the value for you, all properly escaped:
Code:
String tableName = "answers";
String selectArgs = "correct=[COLOR="Red"]?[/COLOR]";
// if answerOne is string dont need String.valueOf
String[] selectVals = { String.valueOf ( answerOne ) };
String[] columnsProjection= new String[] {"correct" };
Cursor c = db.query(tableName, columnsProjection, selectArgs,selectVals,null);
So in that code the OS will replace the ? in selectArgs with the values in selectVals
This may seem like more writing at first but once you get in the habit it will be easy, reliable and more secure. It also allows you to bind multiple variables to mutiple question marks. It just binds then in the order it gets them.
so something like this:
Code:
String answerOne= "one";
String selectArgs = "correct=? AND age=? AND smiling=?";
String[] selectVals = { answerOne, "21", "yes" };
Ok, I'll try it. There are about 50 different queries in this program...for some reason I just decided to do a rawQuery on this one. I'll change it to "db.query(table name, new String[] {}....yada, yada).
Because, it just crashed and I decided to come back here and check for a solution.
Thank you very much!!!
Roots
Glad to be of help, just remember to hit the thanks booton ya Rooster
Still getting the error
Example: column is in table as text. Say it's equal to:
The driver's last name
Error comes back as "syntax error near 's' when compiling select correct from answers where correct = 'The driver's last name'
That single quote in driver's is killing my SQL.

[INFO/DEV] A500 ICS Bootloader (plus unlocked patched version)

Info about A500 ICS bootloader (and only ICS Bootloader, HC bootloader files don't have that - it was partly discussed in leak thread):
What we know so far:
- ICS bootloader has fastboot
- ICS bootloader is built as unlockable and relockable; however this right now doesn't work on A500/A100, it's confirmed to work on A200
Currently I don't know if the "unlock process" can be done "manually" - that is whether it's not forcibly disabled or just "not yet implemented" (It's just a leak, so keep that in mind). Lock command looks like to be fully in effect. On the other hand, old bootloader and itsmagic will do just fine, at least for now (for A500/A501).
Fastboot has these variables:
Code:
version-bootloader
version-baseband
version
secure
serialno
mid
product
(serialno will probably be your UID)
Fastboot OEM commands are:
Code:
fastboot oem debug on
fastboot oem debug off
fastboot oem lock
fastboot oem unlock
If you try to relock locked device, you'll get:
Code:
Fastboot: Device is already locked! Abort ...
Unlocked BL also supports these commands:
Code:
flash
boot
download
erase
(normal FB commands: so if you screw up your boot / recovery image, you can quite easily restore it).
PATCHED BOOTLOADER - !!!TO BE FLASHED WITH NVFLASH!!!
- overriden GetUnlockMode to return 1 (=Unlocked)
- overriden SetUnlockMode to return 0 (=Error)
- when booting to recovery it won't add the update command
- fastboot oem lock / fastboot oem unlock commands removed
DL: http://forum.xda-developers.com/attachment.php?attachmentid=919618&d=1330199867
In V2 there is additionally
- says "Custom Mode" instead of "Unlock Mode"
- fastboot variable secure: no
- boot command works (for some reason tight to secure variable)
- booting recovery manually with VOL_Down is like booting it via "adb reboot recovery": i.e won't erase cache etc.
DL: http://forum.xda-developers.com/attachment.php?attachmentid=922059&d=1330348851
Also fastboot is buggy (sometimes failed flashing recovery), but flashing boot.img works for instance. And yeah you won't have to use itsmagic for this one. Also, I flashed the stock ICS leak, and wasn't testing how it goes with HC.
CWM for ICS bootloader: http://forum.xda-developers.com/showpost.php?p=22978118&postcount=49
CLASSIC STUFF - YOU DO EVERYTHING AT YOUR OWN RISK!!!
This guy seems to have been around a very long time . I am not a DEV but this might be worth someone to take a look at . Here is the Link to his post.. He claims he if i read right repacked ics rom . guessing self signed and flashed with FAST BOOT.
or im lame and misread
http://www.acertabletforum.com/forum/acer-a200-general-discussions/3649-how-unlock-boot-loader.html
check the link
Hope this helps you.
erica_renee said:
This guy seems to have been around a very long time . I am not a DEV but this might be worth someone to take a look at . Here is the Link to his post.. He claims he if i read right repacked ics rom . guessing self signed and flashed with FAST BOOT.
or im lame and misread
http://www.acertabletforum.com/forum/acer-a200-general-discussions/3649-how-unlock-boot-loader.html
check the link
Hope this helps you.
Click to expand...
Click to collapse
Makes sense. I had to use fastboot to unlock the bootloader, flash recovery, and then flash a new system/boot/data img to my Galaxy Nexus for the first time. It seemed the unlock process wiped the operating system, so it was required to push the files from my computer to the phone manually in order to restore it.
Yeah, fastboot erases literally everything for security reasons IIRC.
Well reading that post on the other forum, it seems that they get the option to unlock like on the Google nexus devices, although it seems that screen doesn't appear on the a500 when trying this method.
Sent from my Desire HD using xda premium
heres a text file containing some more info. I ripped apart the bootloader update in a hex editor.
starts at 88640
Code:
AKBMSCLock switched
vendor/nvidia/tegra/prebuilt_t20/../core/system/fastboot/acer_funcs.cVOL_DOWN key pressed
VOL_UP key pressed
FastbootModeFOTAFactoryResetrecovery
--update_package=SDCARD:update.zip
Erasing Cache before SD update...
CACSD update cmd: %s
Error: Data not start yet!
whole-file signature verified against key %d
failed to verify whole-file signature
Error: Not enough buffer!!!
buffer & signature cannot be NULL!ANDROID!LNX%s: No boot image found!%s: Verify failed! Please redownload official image from Acer and try again!SOS%s: No recovery image found!Please flash official system.img and try againError: System.img is not official
Please flash official flexrom.img and try againError: flexrom.img is not official
%s: LockMode verified ok!
%s: LockMode verified failed
Magic value mismatch: %c%c%c%c%c%c%c%c
%s
Failed to setup warmboot args %x
Failed to set shmoo boot argument
Critical failure: Unable to start kernel.
Load OS now via JTAG backdoor....
Failed to initialize Aboot
Platform Pre Boot configuration...
Entering OS Download mode
LockUnlockFastboot: Device is now in %s mode
Bootloader Version %s (Unlock Mode)0.03.11-ICS
Bootloader version: %s
HW version 0x%x
NOYESIs Wifi Only? %s
EB2Unable to parse odmdata for wait input
Checking for android ota recovery
Erasing Userdata...
UDAErasing Cache...
Booting recovery kernel image
Recovery Verified!
Recovery verified failed ...(UnlockMode)Bootloader v%s%s: Starting Fastboot USB download protocol
No CAC partitions found
getvar:version-bootloaderOKAY%sversion-basebandOKAYversionOKAY0.4secureOKAYyesOKAYnoserialnoOKAYKal-El001midOKAY001productdownload:Fastboot: Not support the command in Lock modeDATA%08x
Insufficient memory
Staging partition size is not big enough
bootrebootRebooting the device ...continueflash:bootloaderrecoverysystemflexuserdataFastboot: Not support!No %s partition found
Not enough space in %s partitionFastboot: Official system image checked passed!
Fastboot: Official flex image checked passed!
Fastboot: Official system image checked failed!
Fastboot: Official flex image checked failed!
erase:StorMgr Formatting %s
Erasing %s
oem debug ondebug offlockFastboot: Device is already locked! Abort ...
Fastboot: Please use left key (VOL_DOWN) to choose, and use right key (VOL_UP) to select
Please wait ...Fastboot: Device locked!!!Please reboot the device to take affect!Fastboot: Failed to set lock modeFastboot: Cancelled by user or timeoutunlockFAIL(%08x)Failed to process command %s error(0x%x)
Boot Verified!
Boot verified failed ...Unrecoverable bootloader error (0x%08x).
vendor/nvidia/tegra/prebuilt_t20/../core/system/fastboot/main_acer.cmiscAPPcachestagingUSPbcttableBCTEBTubuntuUBNmbrMBRFLXUse scroll wheel or keyboard for movement and selection
Neither Scroll Wheel nor Keyboard are detected ...Booting OS
Checking for RCK.. press <Enter> in 5 sec to enter RCK
Press <Enter> to select, Arrow key (Left, Right) for selection move
Key driver not found.. Booting OS
Checking for RCK.. press key <Menu> in 5 sec to enter RCK
Press <Menu> to select, Home(Left) and Back(Right) for selection move
Picasso2Picasso_MPicasso_EPicassoVangoghMayaChecking for RCK.. press any key in 5 sec to enter RCK
Press scroll wheel to select, Scroll for selection move
Scroll wheel not found.. Booting OS
Press <Wake> to select, Home(Left) and Back(Right) for selection move
Checking for RCK.. press key <Volume Down> in 5 sec to enter RCK
Press <Volume Down> to select, <Volume Up> for selection move
tegraid=%x.%x.%x.%x.%x.%s mem=%[email protected]%uM vmalloc=%uM androidboot.serialno=%08x%08x video=tegrafb console=ttyS0,115200n8 debug_uartport=lsport console=none debug_uartport=hsport usbcore.old_scheme_first=1 lp0_vec=%[email protected]%x tegra_fbmem=%[email protected]%x brand=acer target_product=%s a500_ww_gen1max_cpu_cur_ma=%d core_edp_mv=%d pmuboard=0x%04x:0x%04x:0x%02x:0x%02x:0x%02x displayboard=0x%04x:0x%04x:0x%02x:0x%02x:0x%02x power_supply=Adapter power_supply=Battery audio_codec=%s cameraboard=0x%04x:0x%04x:0x%02x:0x%02x:0x%02x upnosmp usbroot=/dev/nfs ip=:::::usb%c:on rw netdevwait ethroot=/dev/nfs ip=:::::eth%c:on rw netdevwait sdroot=/dev/sd%c%c rw rootwait mmchdroot=/dev/mmchd%c%c%c rw rootwait mtdblockroot=/dev/mtdblock%c rw rootwait mmcblkroot=/dev/mmcblk%c%c%c rw rootwait Unrecognized root device: %s
root=/dev/sda1 rw rootwait tegraboot=nand tegraboot=nor tegraboot=emmc tegraboot=sdmmc mtdparts=tegra_nand:mtdparts=tegra_nor:%[email protected]%uK(%s),tegrapart=gpt_sector=%d Unable to query partition %s
%s:%x:%x:%x%cmodem_id=%d androidboot.carrier=wifi-only bootloader_ver=%s gpt %s: Fail set unlock mode!
%s: Successfully %s the device!
%s: Error occured while %s the device ...
%s: Error e = 0x%x
Do not support in ACER T20 Projects
MSM-RADIO-UPDATE
Unsupported binary in blob
Start Updating %s
failed-update-%s
End Updating %s
failed-updateboot-recoverySignature length wrong!!!! %d
data length wrong!!!! %d
Clearing useless bytes ...
Not legal!!!!!!! abort
Warning: The blob package is not official ~ Abort!
blob update failed
vendor/nvidia/tegra/prebuilt_t20/../core/system/nvaboot/nvaboot.cPassedFailedClearSBKTest: %s
LockSSKTest: SSK = Zero
LockSSKTest: LockSSK %s
Jumping to kernel at:%d ms
EFI PARTFastboot: Unlock mode, Clear SSK!!!
SetPartitionToVerify failed. NvError %u NvStatus %u
GetSecondaryBootDevice failed. NvError %u NvStatus %u
LoadPartitionTable failed. NvError %u NvStatus %u
AllocateState failed. NvError %u NvStatus %u
nverror:0x%x (0x%x)
GetBct failed. NvError %u NvStatus %u
DownloadBct failed. NvError %u NvStatus %u
SetBlHash failed. NvError %u NvStatus %u
UpdateBct failed. NvError %u NvStatus %u
SetDevice failed. NvError %u NvStatus %u
StartPartitionConfiguration failed. NvError %u NvStatus %u
EndPartitionConfiguration failed. NvError %u NvStatus %u
FormatPartition failed. NvError %u NvStatus %u
Start Downloading %s
UpdateBlInfo failed. NvError %u NvStatus %u
End Downloading %s
QueryPartition failed. NvError %u NvStatus %u
CreatePartition failed. NvError %u NvStatus %u
ReadPartition failed. NvError %u NvStatus %u
RawReadPartition failed. NvError %u NvStatus %u
RawWritePartition failed. NvError %u NvStatus %u
SetBootPartition failed. NvError %u NvStatus %u
ReadPartitionTable failed. NvError %u NvStatus %u
DeleteAll failed. NvError %u NvStatus %u
Obliterate failed. NvError %u NvStatus %u
OdmOptions failed. NvError %u NvStatus %u
Error in memory allocation
FuelGaugeFwUpgrade failed. NvError %u NvStatus %u
sdram validation can not be done at bootloader level
OdmCommand failed. NvError %u NvStatus %u
Sync failed. NvError %u NvStatus %u
VerifySignature failed. NvError %u NvStatus %u
ReadVerifyData failed. NvError %u NvStatus %u
VerifyPartition failed. NvError %u NvStatus %u
SetTime failed. NvError %u NvStatus %u
DownloadPartition failed. NvError %u NvStatus %u
FormatAll failed. NvError %u NvStatus %u
LocatePartitionToVerify failed. NvError %u NvStatus %u
Error PT partition format sector start=%d, count=%d
Format partition %s PT%s: Error BCT handle!
%s: Version = %x
%s: Version = 0x%x
Bct read verify failed
Error Bct Verify: NO valid Bct found lost+foundNvDdkDispSetWindowSurface/ controller: %d window: %d count: %d
surface: 0
tiledpitchsurface width: %d height: %d Bpp: %d layout: %s
NvDdkDispSetMode/ controller: %d
width: %d height: %d bpp: %d refresh: %d frequency: %d flags: 0x%x
NvDdkDispSetMode/ null mode
NTSC/PAL1WIN3WIN_AC2WIN_A2WIN_Cdisplay %d isn't clocked
Error when writing data
Error on clock en!!! Set to Tx_only mode!!!
ByPassHdmiDll/sys/firmware/fuse/kfuse_rawlibnvodm_hdmiNvOdmDispHdmiI2cTransactionNvOdmDispHdmiI2cOpenNvOdmDispHdmiI2cCloseNvOdmDispHdcpIsRevokedKsvlibnvodm_tvoNvOdmDispTvoGetGlobNvOdmDispTvoReleaseGlobNo SmartDimmer activity has been recorded.
Constant Values:
SD_LUT = R_LUT G_LUT B_LUT
%d: 0x%02x 0x%02x 0x%02x
SD_BL_TF = PT_0 PT_1 PT_2 PT_3
%d: 0x%02x 0x%02x 0x%02x 0x%02x
Total SD3 activities count: %d
Entry(%d) Info:
SD_CONTROL = 0x%08X
SD_BL_CONTROL = 0x%08X
SD_CSC_COEFF = 0x%08X
SD_FLICKER_CONTROL = 0x%08X
SD_PIXEL_COUNT = 0x%08X
SD_BL_PARAMETERS = 0x%08X
SD_HW_K_VALUES = 0x%08x
SD_HISTOGRAM = BIN_0 BIN_1 BIN_2 BIN_3
Input Backlight Intensity = %d
Output Backlight Intensity = %d
PWM frequence = %4.2f, SD percentage = %4.2f
JEDEC
Calling simple log2 with value which is not power of 2
Failed Ddk Rd. Bad block
Failed Ddk Wr. Bad block
Failed Ddk Erase. Bad block
Failed Ddk Cpybk. Bad block
Failed Ddk unknown Operation. Bad block Error code=0x%x at chip=%d,block=%d
DDK_Ers:dev = %d, number of blks = %d
Chip: %d, Page = %d, blk = %d
NandRead Error: Number of Pages=%d < interleave count=%d
Ecc.Err pgoffset: %d, status: 0x%x
Ecc.Err in Tag pgoffset: %d, status: 0x%x
Chip: %d, Page = %d
-MAINTAG
DDK_Rd:dev = %d, %s + %s, number_of_pages = %d
DDK_Cpbk:Srcdev = %d, Dstdev = %d, number_of_pages = %d
SrcChip: %d, Page = %d, blk = %d
DstChip: %d, Page = %d, blk = %d
DDK_Write:device = %d, %s + %s, number_of_pages = %d
Factory Bad block: Chip%u Block=%u
Runtime Bad block: Chip%u Block=%u,RTB=0x%x
Scan for Region table blocks: Chip=%u, Block=%u Bad
Marking Runtime Bad block: Chip%u Block=%u
Block driver mark bad failed at Chip=%d, Block=%d
Erase Partition Error: failed to erase block chip=%d,blk=%d
Nand block driver: Write Error = 0x%x, PartId=%u, , Write: start=0x%x, sector count=0x%x
Nand block driver: Read Error = 0x%x, PartId=%u, Read: start=0x%x, sector count=0x%x
Possible forced region table load
Region Table copy at CurrBlockNum %u is probably corrupt
Device Bad block table:
{%u, %d},
Device has %d bad blocks
Error Nand block driver Load Region table call failed for part-id=%d, error code=%d
Global Nand Interleave count = %u
Error: NandUtilGetRegionEntry failed for part Id=%d
Partitions in region table: Id=%d
FTL open for partition=%d failed,code=%d
Nand Block dev open failed error 0x%x
Physical Rd/Wr on block error: req=%d,actual=%d
Bad block during Rd/Wr physical found at: Chip=%d, Block=%d
Block dev Physical Ioctl failed. Marking Chip=%d,Blk=%d
Unable to Erase Nand starting block 0x%x
Nand Block driver map logical2physical failed BlockNum=%d, DeviceNum=%d, CurrPhysBlk=%d
Error: Failed to map logical block=%d in entire Nand.
Error: As Region table is bigger than 1 sector size. Need to change Load Region table logic
Unable to Erase Nand chip=%d,block=%d
Partition %d - number of physical blocks = %d
Error: Unable to find requested blocks on Nand: req=%d,found=%d
Invalid value for PercentReserved = %d [should not exceed]%d, setting PercentReserved = %d
Insufficient space, cannot create partition
PartId %u: LB[%u %u] PB[%u %u] IL%u LS[%u %u]
Abs PartId %u: LB[%u %u] PB[%u %u] IL%u
Last Abs PartId %u: LS[%u %u] PartId %u: LB[%u %u] PB[%u %u] IL%u
Abs ** PartId %u: LS[%u %u]
Data mismatch in Copy of Region Table at BlockNum %d
Erase failed. Get Physical Sectors failed for logical start=%d,stop=%d
Erase Partition part-id=%d: Start=%d,End=%d NvDdkBlockDevIoctlType_DisableCacheNvDdkBlockDevIoctlType_EraseLogicalSectorsNvDdkBlockDevIoctlType_QueryFirstBootNvDdkBlockDevIoctlType_DefineSubRegionNvDdkBlockDevIoctlType_WriteVerifyModeSelectNvDdkBlockDevIoctlType_AllocatePartitionNvDdkBlockDevIoctlType_PartitionOperationNvDdkBlockDevIoctlType_ReadPhysicalSectorNvDdkBlockDevIoctlType_WritePhysicalSectorNvDdkBlockDevIoctlType_QueryPhysicalBlockStatusNvDdkBlockDevIoctlType_ErasePhysicalBlockNvDdkBlockDevIoctlType_LockRegionNvDdkBlockDevIoctlType_MapLogicalToPhysicalSectorNvDdkBlockDevIoctlType_FormatDeviceNvDdkBlockDevIoctlType_GetPartitionPhysicalSectorsNvDdkBlockDevIoctlType_IsGoodBlockNvDdkBlockDevIoctlType_UnprotectAllSectorsNvDdkBlockDevIoctlType_ProtectSectors
Nand Block dev ioctl opcode=%s error 0x%x
Save Region Table copy %u at CurrBlockNum %u
ftllite mark bad: chip=%d blk=%d
ftllite mark bad erase fail error=0x%x : chip=%d blk=%d
Ftl Lite bad block mark failed at Chip=%d, Block=%d
EraseAllBlocks: GetBlockInfo error=0x%x @ chip=%d,blk=%d
EraseAllBlocks: factory bad block @ chip=%d,blk=%d
EraseAllBlocks: runtime bad block @ chip=%d,blk=%d
Bad block in pba2lba ftlite map: chip=%d, blk=%d
Fatal error in pba2lba ftllite: line%d,lba=%d, startlba=%d chip=%d blk=%d
sparebuf[0]=0x%x, factory good=%d
Erasing block at chip=%d, blk=%d
continuing mapping erased blk
Erase partition error: start arg=%d, start log blk=%d
Erase partition error: count arg=%d, erase size=%d
Ftllite erase logical failed: blk start=%d,end=%d
Replace block=%d in chip=%d for read failure
New Block at: chip=%d,block=%d
Partition sequential read type: read failure at chip=%d, blk=%d
Error in FtlLitePrivCreatePba2LbaMapping: e=0x%x
Write called without PBA mapping info: chip=%d,lba=%d
Data area read verification failed in FTL Lite at Chip=%d,Blk=%d,Pg=%d
FTL Lite Read Verify error code=0x%x
Wr Error: 0x%x, Replace ftl lite bad block, PbaIndex=%d,Chip=%d,Block=%d,StartPg=%d,PgCount=%d
Rd verify error: 0x%x, Replace ftl lite bad block, PbaIndex=%d,Chip=%d,Block=%d,StartPg=%d,PgCount=%d
Replaced mapped block for lba=%d: old=%d new pba=%d
Factory bad block at chip=%d blk=%d:
Runtime bad block at chip=%d blk=%d:
Error: exhausted spare blocks toreplace lba=%d
finished remapping till index=%d out of total blocks=%d
used spare blocks=%d
Error: Unable to replace blocks with spare blocks for %d blocks
Error in FTL Lite write
RETURNING ERROR FROM NvNandWriteSector TL error=%u,Sector Start=0x%x,Count=0x%x
RETURNING ERROR FROM NvNandReadSector TL error=%u,Sector Start=0x%x,Count=0x%x
RETURNING ERROR FROM NvNandOpen
Error: trying cached read past page limits
512B Read: Page=%d, within page sector in page=%d, sector count=%d
Error: 512B buffer allocate failed earlier
Error: trying cached write past page limits
Error: failed to allocate buffer for 512B sector support
Alloc memory failed
TLvalidate FAIL1 sector offset=0x%x,count=0x%x,sectorsPerRow=%u
TLvalidate FAIL2, Interleave bank Pgs[ %d ]
TLvalidate FAIL3
TLvalidate FAIL4
TLvalidate FAIL5 page[0]=0x%x,Reqd rows=0x%x
TLEraseAll fail BtlGetPba: Chip=%d,Block=%d
GetBlock info failed: Chip=%d, Blk=%d
Marking Bad block failed forChip=%d Block=%d
Found Bad block Chip=%d Block=%d
Factory Bad: 0x%x, Run-time bad marker: 0x%x
Interleave2PhysicalPg fail1: illegal page
Interleave2PhysPg fail2: illegal device
Ddk Read error code=0x%x
In NandTLGetBlockInfo Error = 0x%x
NandTL_INVALID_ARGUMENT3
NandTL_INVALID_ARGUMENT4
NandTL_INVALID_ARGUMENT5
NandTL_INVALID_ARGUMENT6
Error: No free Blk, Region[%d]=%d
Strategy Handle Error failed in Wr Status:%d,
TL write error=%u,sector start=0x%x,count=0x%x
NandTL_INVALID_ARGUMENT1
NandTL_INVALID_ARGUMENT2
TlRead failed Status:%d,
TL read error=%u,sector start=0x%x,count=0x%x
Region=%d SD Erase start 512B-sector=%d,512B-sector-num=%d
LCM of %d and %d =%d
Part-id=%d size from %d sectors by %d sectors
SD Alloc Partid=%d, start sector=%d,num=%d NvDdkBlockDevIoctlType_ErasePartitionNvDdkBlockDevIoctlType_VerifyCriticalPartitionsUnknownIoctl
Inst=%d, SD ioctl %s failed: error code=0x%x SPIF ERROR: SpifOpen failed..
SPIF ERROR: Trying to read more than SPI flash device size..
SPIF ERROR: Trying to program more than SPI flash device size..
SPIF ERROR: Trying to erase more than chipsize NumberOfSectors[0x%x] TotalBlocks[0x%x]
SPIF ERROR: Trying to erase more than chipsize NumberOfBlocks[0x%x] TotalBlocks[0x%x]
SPIF ERROR: Illegal block driver Ioctl..
SPIF ERROR: SpifBlockDevIoctl failed error[0x%x]..
Inst=%d, SPI Flash ioctl %s failed: error code=0x%x Trying to close driver without open
SPIF ERROR: NvDdkSpifBlockDevInit failed error[0x%x]..
Error SD clear skip blocks - sector=%d
Skipping SD erase of prefix %d blocks from %d
Skipping SD erase of suffix %d blocks from %d
Hsmmc Erase start sector=%d,num=%d
Hsmmc Alloc Partid=%d, start sector=%d,num=%d
NvNandHandle: FtlStartLba=%d, FtlEndLba=%d FtlStartPba=%d, FtlEndPba=%d pBlocks[%d ] prevBlocks[]
TrackLba[%d]: lba=%d, %s
Misc start
NumOfBanksOnBoard = %d
NoOfILBanks = %d
PhysBlksPerBank = %d
ZonesPerBank = %d
PhysBlksPerZone = %d
PhysBlksPerLogicalBlock = %d
TotalLogicalBlocks = %d
TotEraseBlks = %d
NumOfBlksForTT = %d
PgsRegForTT = %d
TtPagesRequiredPerZone = %d
NumOfBlksForTAT = %d
BlksRequiredForTT = %d
PgsAlloctdForTT = %d
ExtraPagesForTTMgmt = %d
LastTTPageUsed = %d
CurrentTatLBInUse = %d
bsc4PgsPerBlk = %d
Misc end
TAT Handler start
tatBlocks[%d] bank = %d, block = %d
ttBlocks[%d] bank = %d, block = %d
tat Block bank = %d, block = %d
TtAllocBlk[%d] bank = %d, block = %d
lastUsedTTBlock bank = %d, block = %d
TAT Handler end
++++++++++++++++++
TT 32-bit entry format in dump :
=============
Region: b31-b30
BlockNotUsed: b29
BlockGood: b28
DataReserved: b27
SystemReserved: b26
TatReserved: b25
TtReserved: b24
PhysBlkNum: b23-b0
============
Dumping page %d
**SuperBlock %d
*0x%08X [%d] [SYS-RSVD]
*0x%08X [%d] [ ^^^ FREE BLK ] Region%d
*0x%08X [%d] [ USED BLK ] Region%d
*0x%08X [%d] [*** BAD BLK ***]
Total=%u,Free=%u,Bad=%u,Reserve Data=%u,System=%u,Tat=%u,Tt=%u,Illegal=%u,Region0=%u,Region1=%u,Region2=%u,Region3=%u
No free blocks Available- find out the reason, bank = %d
[Strategy] Erase Failed
Bad Block found at LBA %d
Marked blk bad bank = %d, block = %d Rev = %d lba = %d
TAT write failed page = %d, bank = %d, block = %d Rev = %d lba = %d WriteOnlyHeader = %d
NO FREE TAT BLOCKS AVAILABLE
writing to TAT blocks failedInvalid percent reserved value = %d, should not exceed%d, setting it to %d
[Nand_Strategy] Failed to mark PBAs BAD
**** Fail: Invalid Case ****
Not Expected to come here
NvError_NandNoFreeBlock1
Error: NandStrategyGetSectorPageToWrite InTracking case, No Page
Error: NandStrategyGetSectorPageToWrite GetPBA case, No Page
NvError_NandNoFreeBlock2
GetNewPBA failed Sts: 0x%x in GetSectorPage2Write #2
Error: NandStrategyGetSectorPageToWrite PBA assigned already case, No Page Crypto Engine Disabled, Returning IOCTL
AES DDK Unsupported IOCTL COMMAND
Invalidate-only cache maint not supported in NvOs
NVRM Initialized shmoo database
NVRM Got shmoo boot argument (at 0x%x)
ActiveIdleAutoHwRM power state before suspend: %s (%d)
Active Module: 0x%x*** Wakeup from LP0 ***
*** Wakeup from LP1 ***
*** Wakeup after Skipped LP0 ***
DTT: TMON initialization failed
DTT: T = %d, Range = %d (%d : %d)
DVFS set core at %dmV
Clock control balance failed for module %d, instance %d
ADJUSTED CLOCKS:
MC clock is set to %6d KHz
EMC clock is set to %6d KHz (DDR clock is at %6d KHz)
PLLX0 clock is set to %6d KHz
PLLC0 clock is set to %6d KHz
CPU clock is set to %6d KHz
System and AVP clock is set to %6d KHz
GraphicsHost clock is set to %6d KHz
3D clock is set to %6d KHz
2D clock is set to %6d KHz
Epp clock is set to %6d KHz
Mpe clock is set to %6d KHz
Vde clock is set to %6d KHz
NVRM CLOCKS: PLLX0: %d Khz
NVRM CLOCKS: PLLM0: %d Khz
NVRM CLOCKS: PLLC0: %d Khz
NVRM CLOCKS: PLLP0: %d Khz
NVRM CLOCKS: PLLA0: %d Khz
NVRM CLOCKS: CPU: %d Khz
NVRM CLOCKS: AVP: %d Khz
NVRM CLOCKS: System Bus: %d Khz
NVRM CLOCKS: Memory Controller: %d
NVRM CLOCKS: External Memory Controller: %d
ODM CPU freq request beyond SOC limit
GPUHandheldBrChipsCrushMCPCkVaioHandheld SOCSimulation Chip: 0x%x
FPGAQuickTurnEmulation (%s) Chip: 0x%x Netlist: 0x%x Patch: 0x%x
Chip Id: 0x%x (%s) Major: 0x%x Minor: 0x%x SKU: 0x%x
pNV_CFG_RMC_FILENV_CFG_CHIPLIBNV_CFG_CHIPLIB_ARGSSECURITY_VIOLATION DecErrAddress=0x%x SECURITY_VIOLATION DecErrStatus=0x%x EMEM DecErrAddress=0x%x EMEM DecErrStatus=0x%x GART DecErrAddress=0x%x GART DecErrStatus=0x%x DTT: Invalid Range = %d
Err in I2c transfer: Controller Status 0x%08x
AP20 Master I2c Isr got unwanted interrupt IntStatus 0x%08x
I2c slave rx buffer filled
%s(): Slave is not started
%s(): No space in Tx fifo
%s(): Slave is already started
I2cSlaveIsr(): Illegal transfer at this point
AP20 Slave I2c Isr got unwanted interrupt IntStatus 0x%08x
ARB EMEM Interrupt occurredSMMU DecErrAddress=0x%x SMMU DecErrStatus=0x%x QueryIface_CQueryIfacebogusOBS bus modID 0x%x index 0x%x = value 0x%xLLC Client %d Count: 0x%.8X, %u
LLC Client %d Clocks: 0x%.8X, %u
Client %.3d Count: 0x%.8X, %u
Total MC Clocks: 0x%.8X, %u
AXI DecErrAddress=0x%x AXI DecErrStatus=0x%x NvRmChannelSubmit failed (err = %d, SyncPointValue = %d)
Output FIFO does not refill, context read is stuck.Error> DSI Panel Initialization Failed
Error> DSI Panel Suspend Failed
ERROR: GPIO_PCF50626_I2cWrite8() failed.
Thanks gh123man.
Can you also try to extract the strings in the original bootloader that itsmagic works on for comparison?
namely the cmdline part which is this from the ics one
Code:
tegraid=%x.%x.%x.%x.%x.%s mem=%[email protected]%uM vmalloc=%uM androidboot.serialno=%08x%08x video=tegrafb console=ttyS0,115200n8 debug_uartport=lsport console=none debug_uartport=hsport usbcore.old_scheme_first=1 lp0_vec=%[email protected]%x tegra_fbmem=%[email protected]%x brand=acer target_product=%s a500_ww_gen1max_cpu_cur_ma=%d core_edp_mv=%d pmuboard=0x%04x:0x%04x:0x%02x:0x%02x:0x%02x displayboard=0x%04x:0x%04x:0x%02x:0x%02x:0x%02x power_supply=Adapter power_supply=Battery audio_codec=%s cameraboard=0x%04x:0x%04x:0x%02x:0x%02x:0x%02x upnosmp usbroot=/dev/nfs ip=:::::usb%c:on rw netdevwait ethroot=/dev/nfs ip=:::::eth%c:on rw netdevwait sdroot=/dev/sd%c%c rw rootwait mmchdroot=/dev/mmchd%c%c%c rw rootwait mtdblockroot=/dev/mtdblock%c rw rootwait mmcblkroot=/dev/mmcblk%c%c%c rw rootwait Unrecognized root device: %s
root=/dev/sda1 rw rootwait tegraboot=nand tegraboot=nor tegraboot=emmc tegraboot=sdmmc mtdparts=tegra_nand:mtdparts=tegra_nor:%[email protected]%uK(%s),tegrapart=gpt_sector=%d Unable to query partition %s
%s:%x:%x:%x%cmodem_id=%d androidboot.carrier=wifi-only bootloader_ver=%s gpt %s: Fail
drellisdee said:
Thanks gh123man.
Can you also try to extract the strings in the original bootloader that itsmagic works on for comparison?
namely the cmdline part which is this from the ics one
Code:
tegraid=%x.%x.%x.%x.%x.%s mem=%[email protected]%uM vmalloc=%uM androidboot.serialno=%08x%08x video=tegrafb console=ttyS0,115200n8 debug_uartport=lsport console=none debug_uartport=hsport usbcore.old_scheme_first=1 lp0_vec=%[email protected]%x tegra_fbmem=%[email protected]%x brand=acer target_product=%s a500_ww_gen1max_cpu_cur_ma=%d core_edp_mv=%d pmuboard=0x%04x:0x%04x:0x%02x:0x%02x:0x%02x displayboard=0x%04x:0x%04x:0x%02x:0x%02x:0x%02x power_supply=Adapter power_supply=Battery audio_codec=%s cameraboard=0x%04x:0x%04x:0x%02x:0x%02x:0x%02x upnosmp usbroot=/dev/nfs ip=:::::usb%c:on rw netdevwait ethroot=/dev/nfs ip=:::::eth%c:on rw netdevwait sdroot=/dev/sd%c%c rw rootwait mmchdroot=/dev/mmchd%c%c%c rw rootwait mtdblockroot=/dev/mtdblock%c rw rootwait mmcblkroot=/dev/mmcblk%c%c%c rw rootwait Unrecognized root device: %s
root=/dev/sda1 rw rootwait tegraboot=nand tegraboot=nor tegraboot=emmc tegraboot=sdmmc mtdparts=tegra_nand:mtdparts=tegra_nor:%[email protected]%uK(%s),tegrapart=gpt_sector=%d Unable to query partition %s
%s:%x:%x:%x%cmodem_id=%d androidboot.carrier=wifi-only bootloader_ver=%s gpt %s: Fail
Click to expand...
Click to collapse
sure ill have it up asap
Edit:
up. see next post
I have uploaded the archive with nvflash and some instructions on using it with A500. This is only intended for hardcore geeks who know how ARM boots. Be careful - while you can't really brick tegra2 (since it has a minimal usb-capable bootloader in the OTP area), you can screw up things and it will be quite hard to force the tablet to boot in some cases due to stupid security checks.
You can use this to download any bootloader/recovery/linux you want. That will help us with porting uboot. Someone may even write an automated tool for reflashing bootloaders and unbricking tablets..
http://www.mediafire.com/?pp97x9aahs58hzp
Let me just copy-paste the README from the archive here.
1. First, generate your sbk with http://vache-android.com/v1/index.php?site=sbk
2. Then, get a hold of mmcblk0 start sectors (at least 4KB) and copy it to mmcblk0_start
3. run the ./rip_bct.sh script and supply it with your SBK to rip BCT (boot config table. contains ram timings among other things)
4. run ./download.sh to connect nvflash to iconia (do it in APX mode). Note that you also need to supply your SBK here, but not as a long single number, but as it is displayed on the website
5. You can now play with nvflash - for example, read partitions, partition table and write your own flash_ic.cfg with partition layout
6. If you flash linux/recovery, make sure to update the magic values (like itsmagic does).
To do it, first download the 12th partition (AKB)
then, in the akb.bin, at address 0x84, replace 4 16-byte entries with the same pattern
"00 FB 30 94 99 01 4F 97 2E 4C 2B A5 18 6B DD 06"
ok, you need to patch the file once and can use it in further flashing. Just upload it to the device (like sign.sh does)
POTENTIAL PITFALLS. Listen up, I ain't gonna help you if you eff up here.
1. You must use BCT from your device. Otherwise, the bootloader will not boot.
You will still be able to use NVFLASH, but until you dump your own BCT and use it
with NVFLASH, the device will not be booting again
2. If you use the ./iconia_boot.bin that differs from the bootloader on your
device, the device will get stuck in the APX mode after a reboot. If you do it,
flash the new ./iconia_boot.bin to the device (to the partition 4).
The archive contains several bootloaders to play with - ./iconia_boot.bin is from
Honeycomb, iirc, ./ics_boot.bin is from ICS, obviously and ./tf101_boot.bin is
from transformer tf101
---------- Post added at 11:56 PM ---------- Previous post was at 11:42 PM ----------
Sorry for another off-topic post. If any of the devs is interested
Here is the uboot binary http://www.mediafire.com/?1zb2zc163tla8cj
And here is the linux kernel version 3.0 in the uboot image format http://www.mediafire.com/?j8fddkbm5fdsuu4
You can create vfat partition on the micro sd (/dev/mmcblk1p1) and copy the uImage there
The bootloader only supports booting from microsd now. The precompiled kernel tries to mount ubuntu rootfs on /dev/mmcblk1p2 and boot it.
drellisdee said:
Thanks gh123man.
Can you also try to extract the strings in the original bootloader that itsmagic works on for comparison?
namely the cmdline part which is this from the ics one
Code:
tegraid=%x.%x.%x.%x.%x.%s mem=%[email protected]%uM vmalloc=%uM androidboot.serialno=%08x%08x video=tegrafb console=ttyS0,115200n8 debug_uartport=lsport console=none debug_uartport=hsport usbcore.old_scheme_first=1 lp0_vec=%[email protected]%x tegra_fbmem=%[email protected]%x brand=acer target_product=%s a500_ww_gen1max_cpu_cur_ma=%d core_edp_mv=%d pmuboard=0x%04x:0x%04x:0x%02x:0x%02x:0x%02x displayboard=0x%04x:0x%04x:0x%02x:0x%02x:0x%02x power_supply=Adapter power_supply=Battery audio_codec=%s cameraboard=0x%04x:0x%04x:0x%02x:0x%02x:0x%02x upnosmp usbroot=/dev/nfs ip=:::::usb%c:on rw netdevwait ethroot=/dev/nfs ip=:::::eth%c:on rw netdevwait sdroot=/dev/sd%c%c rw rootwait mmchdroot=/dev/mmchd%c%c%c rw rootwait mtdblockroot=/dev/mtdblock%c rw rootwait mmcblkroot=/dev/mmcblk%c%c%c rw rootwait Unrecognized root device: %s
root=/dev/sda1 rw rootwait tegraboot=nand tegraboot=nor tegraboot=emmc tegraboot=sdmmc mtdparts=tegra_nand:mtdparts=tegra_nor:%[email protected]%uK(%s),tegrapart=gpt_sector=%d Unable to query partition %s
%s:%x:%x:%x%cmodem_id=%d androidboot.carrier=wifi-only bootloader_ver=%s gpt %s: Fail
Click to expand...
Click to collapse
here is the string section of the original bootloader. puled from the tar.gz thanks to sp3dev
Code:
UnknownChecking for RCK.. press any key in 5 sec
HarmonyTangoWhistlerVentana
Assert on %s:%d: %s
Assert on %s:%d
Signal %d raised!
vendor/nvidia/proprietary_src/prebuilt/../core/utils/nvos/aos/nvap/nvos_aos_gcc.cvendor/nvidia/proprietary_src/prebuilt/../core/utils/nvos/aos/nvap/nvos_aos_libc.c0123456789abcdefghijklmnopqrstuvwxyz**********Aos DebugSemiHosting Initialized*******
GetSkuId ************ * ************* ************* * * * * * * * * * * ** ** * * * * ** ** ************ * * * * *********** *********** ************ ************ * ************* ************ ************ * * * * * * * * * * * * * * * * * * ************** **************recovery
--update_package=SDCARD:update.zip
Erasing Cache before SD update...
CACMSCSD update cmd:%s
[%s] read gpio OK, a6=%d b5=%d a3=%d
[%s] read gpio FAIL, a6=%d b5=%d a3=%d
AKBANDROID!vendor/nvidia/proprietary_src/prebuilt/../core/system/fastboot/main.cMagic value mismatch: %c%c%c%c%c%c%c%c
%s
Failed to setup warmboot args %x
Failed to set shmoo boot argument
HarmonyVentanaCritical failure: Unable to start kernel.
Load OS now via JTAG backdoor....
TEGRA_PMC_BASE::PMC_CNTRL_0 = 0x%x
FIX TEGRA_PMC_BASE::PMC_CNTRL_0 = 0x%x
Entering Acer Download Mode
LNXFactoryResetErasing Userdata...
UDAErasing Cache...
FOTAVolume up pressed.
Volume down pressed.
SOSBooting recovery kernel image
Unrecoverable bootloader error (0x%08x).
miscrecoverybootsystemAPPcachestagingUSPuserdatabcttableBCTbootloaderEBTubuntuUBNmbrMBRUse scroll wheel or keyboard for movement and selection
Neither Scroll Wheel nor Keyboard are detected ...Booting OS
Checking for RCK.. press <Enter> in 5 sec to enter RCK
Press <Enter> to select, Arrow key (Left, Right) for selection move
Key driver not found.. Booting OS
Checking for RCK.. press key <Menu> in 5 sec to enter RCK
Press <Menu> to select, Home(Left) and Back(Right) for selection move
Checking for RCK.. press any key in 5 sec to enter RCK
Press scroll wheel to select, Scroll for selection move
Scroll wheel not found.. Booting OS
Press <Wake> to select, Home(Left) and Back(Right) for selection move
nvmem=%[email protected]%uM mem=%[email protected] vmalloc=%uM video=tegrafb console=ttyS0,115200n8 console=none usbcore.old_scheme_first=1 lp0_vec=%[email protected]%x upnosmp usbroot=/dev/nfs ip=:::::usb%c:on rw ethroot=/dev/nfs ip=:::::eth%c:on rw sdroot=/dev/sd%c%c rw rootdelay=15 mmchdroot=/dev/mmchd%c%c%c rw rootdelay=1 mtdblockroot=/dev/mtdblock%c rw rootdelay=15 mmcblkroot=/dev/mmcblk%c%c%c rw rootdelay=15 Unrecognized root device: %s
root=/dev/sda1 rw rootdelay=15 tegraboot=nand tegraboot=emmc tegraboot=sdmmc board_info=%x:%x:%x:%x:%x mtdparts=tegra_nand:%[email protected]%uK(%s),tegrapart=%s:%x:%x:%x%cUnable to query partition %s
gpt MSM-RADIO-UPDATEboot-recoveryupdatefailed-updateinvalid-updatefailed-update-%sokayWQ02824SATMA1278vendor/nvidia/proprietary_src/prebuilt/../core/system/nvaboot/nvaboot.cEFI PARTakb4820110311jeqNULLSecure boot: image %s checksum fail!nverror:0x%x (0x%x)
Error PT partition format sector start=%d, count=%d
Format partition %s PT
Bct read verify failed
Error Bct Verify: NO valid Bct found lost+foundNvDdkDispSetWindowSurface/ controller: %d window: %d count: %d
surface: 0
tiledpitchsurface width: %d height: %d Bpp: %d layout: %s
NvDdkDispSetMode/ controller: %d
width: %d height: %d bpp: %d refresh: %d frequency: %d flags: 0x%x
NvDdkDispSetMode/ null mode
NTSC/PAL1WIN3WIN_AC2WIN_A2WIN_Cdisplay %d isn't clocked
ByPassHdmiDlllibnvodm_hdmiNvOdmDispHdmiI2cTransactionNvOdmDispHdmiI2cOpenNvOdmDispHdmiI2cCloseNvOdmDispHdcpIsRevokedKsvlibnvodm_tvoNvOdmDispTvoGetGlobNvOdmDispTvoReleaseGlob====== Register Dump Start =========
Start command count=0x%x
NAND_COMMAND = 0x%8.8x
NAND_STATUS = 0x%8.8x
NAND_ISR = 0x%8.8x
NAND_IER = 0x%8.8x
NAND_CONFIG = 0x%8.8x
NAND_TIMING = 0x%8.8x
NAND_RESP = 0x%8.8x
NAND_TIMING2 = 0x%8.8x
NAND_CMD_REG1 = 0x%8.8x
NAND_CMD_REG2 = 0x%8.8x
NAND_ADDR_REG1 = 0x%8.8x
NAND_ADDR_REG2 = 0x%8.8x
NAND_DMA_MST_CTRL = 0x%8.8x
NAND_DMA_CFG.A = 0x%8.8x
NAND_DMA_CFG.B = 0x%8.8x
NAND_FIFO_CTRL = 0x%8.8x
NAND_DATA_BLOCK_PTR = 0x%8.8x
NAND_TAG_PTR = 0x%8.8x
NAND_ECC_PTR = 0x%8.8x
NAND_DEC_STATUS = 0x%8.8x
NAND_HWSTATUS_CMD = 0x%8.8x
NAND_HWSTATUS_MASK = 0x%8.8x
NAND_LL_CONFIG = 0x%8.8x
NAND_LL_PTR = 0x%8.8x
NAND_LL_STATUS = 0x%8.8x
====== Register Dump End ===========
Calling simple log2 with value which is not power of 2
Failed Ddk Rd. Bad block
Failed Ddk Wr. Bad block
Failed Ddk Erase. Bad block
Failed Ddk Cpybk. Bad block
Failed Ddk unknown Operation. Bad block Error code=0x%x at chip=%d,block=%d
NandRead Error: Number of Pages=%d < interleave count=%d
Ecc.Err pgoffset: %d, status: 0x%x
Ecc.Err in Tag pgoffset: %d, status: 0x%x
Chip: %d, Page = %d
-MAINTAG
DDK_Rd:dev = %d, %s + %s, number_of_pages = %d
Chip: %d, Page = %d, blk = %d
DDK_Cpbk:Srcdev = %d, Dstdev = %d, number_of_pages = %d
SrcChip: %d, Page = %d, blk = %d
DstChip: %d, Page = %d, blk = %d
DDK_Write:device = %d, %s + %s, number_of_pages = %d
DDK_Ers:dev = %d, number of blks = %d
Factory Bad block: Chip%u Block=%u
Runtime Bad block: Chip%u Block=%u,RTB=0x%x
Scan for Region table blocks: Chip=%u, Block=%u Bad
Marking Runtime Bad block: Chip%u Block=%u
Block driver mark bad failed at Chip=%d, Block=%d
Erase Partition Error: failed to erase block chip=%d,blk=%d
Nand block driver: Write Error = 0x%x, PartId=%u, , Write: start=0x%x, sector count=0x%x
Nand block driver: Read Error = 0x%x, PartId=%u, Read: start=0x%x, sector count=0x%x
Possible forced region table load
Region Table copy at CurrBlockNum %u is probably corrupt
Device Bad block table:
{%u, %d},
Device has %d bad blocks
Error Nand block driver Load Region table call failed for part-id=%d, error code=%d
Global Nand Interleave count = %u
Error: NandUtilGetRegionEntry failed for part Id=%d
Partitions in region table: Id=%d
FTL open for partition=%d failed,code=%d
Nand Block dev open failed error 0x%x
Physical Rd/Wr on block error: req=%d,actual=%d
Bad block during Rd/Wr physical found at: Chip=%d, Block=%d
Block dev Physical Ioctl failed. Marking Chip=%d,Blk=%d
Unable to Erase Nand starting block 0x%x
Nand Block driver map logical2physical failed BlockNum=%d, DeviceNum=%d, CurrPhysBlk=%d
Error: Failed to map logical block=%d in entire Nand.
Error: As Region table is bigger than 1 sector size. Need to change Load Region table logic
Unable to Erase Nand chip=%d,block=%d
Partition %d - number of physical blocks = %d
Chip%d Block=%d bad
Error: Unable to find requested blocks on Nand: req=%d,found=%d
Invalid value for PercentReserved = %d [should not exceed]%d, setting PercentReserved = %d
Insufficient space, cannot create partition
PartId %u: LB[%u %u] PB[%u %u] IL%u LS[%u %u]
Abs PartId %u: LB[%u %u] PB[%u %u] IL%u
Last Abs PartId %u: LS[%u %u] PartId %u: LB[%u %u] PB[%u %u] IL%u
Abs ** PartId %u: LS[%u %u]
Data mismatch in Copy of Region Table at BlockNum %d
Erase failed. Get Physical Sectors failed for logical start=%d,stop=%d
Erase Partition part-id=%d: Start=%d,End=%d NvDdkBlockDevIoctlType_DisableCacheNvDdkBlockDevIoctlType_EraseLogicalSectorsNvDdkBlockDevIoctlType_QueryFirstBootNvDdkBlockDevIoctlType_DefineSubRegionNvDdkBlockDevIoctlType_WriteVerifyModeSelectNvDdkBlockDevIoctlType_AllocatePartitionNvDdkBlockDevIoctlType_PartitionOperationNvDdkBlockDevIoctlType_ReadPhysicalSectorNvDdkBlockDevIoctlType_WritePhysicalSectorNvDdkBlockDevIoctlType_QueryPhysicalBlockStatusNvDdkBlockDevIoctlType_ErasePhysicalBlockNvDdkBlockDevIoctlType_LockRegionNvDdkBlockDevIoctlType_MapLogicalToPhysicalSectorNvDdkBlockDevIoctlType_FormatDeviceNvDdkBlockDevIoctlType_GetPartitionPhysicalSectorsNvDdkBlockDevIoctlType_IsGoodBlock
Nand Block dev ioctl opcode=%s error 0x%x
Save Region Table copy %u at CurrBlockNum %u
Ftl Lite bad block mark failed at Chip=%d, Block=%d
New Block at: chip=%d,block=%d
Replace block=%d in chip=%d for read failure
Data area read verification failed in FTL Lite at Chip=%d,Blk=%d,Pg=%d
FTL Lite Read Verify error code=0x%x
Wr Error: 0x%x, Replace ftl lite bad block, PbaIndex=%d,Chip=%d,Block=%d,StartPg=%d,PgCount=%d
Rd verify error: 0x%x, Replace ftl lite bad block, PbaIndex=%d,Chip=%d,Block=%d,StartPg=%d,PgCount=%d
Error in FTL Lite write
RETURNING ERROR FROM NvNandWriteSector TL error=%u,Sector Start=0x%x,Count=0x%x
RETURNING ERROR FROM NvNandReadSector TL error=%u,Sector Start=0x%x,Count=0x%x
RETURNING ERROR FROM NvNandOpen
Error: trying cached read past page limits
512B Read: Page=%d, within page sector in page=%d, sector count=%d
Error: 512B buffer allocate failed earlier
Error: trying cached write past page limits
Error: failed to allocate buffer for 512B sector support
Alloc memory failed
TLvalidate FAIL1 sector offset=0x%x,count=0x%x,sectorsPerRow=%u
TLvalidate FAIL2, Interleave bank Pgs[ %d ]
TLvalidate FAIL3
TLvalidate FAIL4
TLvalidate FAIL5 page[0]=0x%x,Reqd rows=0x%x
TLEraseAll fail BtlGetPba: Chip=%d,Block=%d
GetBlock info failed: Chip=%d, Blk=%d
Marking Bad block failed forChip=%d Block=%d
Found Bad block Chip=%d Block=%d
Factory Bad: 0x%x, Run-time bad marker: 0x%x
Interleave2PhysicalPg fail1: illegal page
Interleave2PhysPg fail2: illegal device
Ddk Read error code=0x%x
In NandTLGetBlockInfo Error = 0x%x
NandTL_INVALID_ARGUMENT3
NandTL_INVALID_ARGUMENT4
NandTL_INVALID_ARGUMENT5
NandTL_INVALID_ARGUMENT6
Error: No free Blk, Region[%d]=%d
Strategy Handle Error failed in Wr Status:%d,
TL write error=%u,sector start=0x%x,count=0x%x
NandTL_INVALID_ARGUMENT1
NandTL_INVALID_ARGUMENT2
TlRead failed Status:%d,
TL read error=%u,sector start=0x%x,count=0x%x
Region=%d SD Erase start 512B-sector=%d,512B-sector-num=%d
LCM of %d and %d =%d
Part-id=%d size from %d sectors by %d sectors
SD Alloc Partid=%d, start sector=%d,num=%d NvDdkBlockDevIoctlType_ErasePartitionNvDdkBlockDevIoctlType_VerifyCriticalPartitionsUnknownIoctl
Inst=%d, SD ioctl %s failed: error code=0x%x SPIF ERROR: SpifOpen failed..
SPIF ERROR: Trying to read more than SPI flash device size..
SPIF ERROR: Trying to program more than SPI flash device size..
SPIF ERROR: Trying to erase more than chipsize NumberOfSectors[0x%x] TotalBlocks[0x%x]
SPIF ERROR: Trying to erase more than chipsize NumberOfBlocks[0x%x] TotalBlocks[0x%x]
SPIF ERROR: Illegal block driver Ioctl..
SPIF ERROR: SpifBlockDevIoctl failed error[0x%x]..
Inst=%d, SPI Flash ioctl %s failed: error code=0x%x Trying to close driver without open
SPIF ERROR: NvDdkSpifBlockDevInit failed error[0x%x]..
Error SD clear skip blocks - sector=%d
Skipping SD erase of prefix %d blocks from %d
Skipping SD erase of suffix %d blocks from %d
Hsmmc Erase start sector=%d,num=%d
Hsmmc Alloc Partid=%d, start sector=%d,num=%d
NvNandHandle: FtlStartLba=%d, FtlEndLba=%d FtlStartPba=%d, FtlEndPba=%d pBlocks[%d ] prevBlocks[]
TrackLba[%d]: lba=%d, %s
Misc start
NumOfBanksOnBoard = %d
NoOfILBanks = %d
PhysBlksPerBank = %d
ZonesPerBank = %d
PhysBlksPerZone = %d
PhysBlksPerLogicalBlock = %d
TotalLogicalBlocks = %d
TotEraseBlks = %d
NumOfBlksForTT = %d
PgsRegForTT = %d
TtPagesRequiredPerZone = %d
NumOfBlksForTAT = %d
BlksRequiredForTT = %d
PgsAlloctdForTT = %d
ExtraPagesForTTMgmt = %d
LastTTPageUsed = %d
CurrentTatLBInUse = %d
bsc4PgsPerBlk = %d
Misc end
TAT Handler start
tatBlocks[%d] bank = %d, block = %d
ttBlocks[%d] bank = %d, block = %d
tat Block bank = %d, block = %d
TtAllocBlk[%d] bank = %d, block = %d
lastUsedTTBlock bank = %d, block = %d
TAT Handler end
++++++++++++++++++
TT 32-bit entry format in dump :
=============
Region: b31-b30
BlockNotUsed: b29
BlockGood: b28
DataReserved: b27
SystemReserved: b26
TatReserved: b25
TtReserved: b24
PhysBlkNum: b23-b0
============
Dumping page %d
**SuperBlock %d
*0x%08X [%d] [SYS-RSVD]
*0x%08X [%d] [ ^^^ FREE BLK ] Region%d
*0x%08X [%d] [ USED BLK ] Region%d
*0x%08X [%d] [*** BAD BLK ***]
Total=%u,Free=%u,Bad=%u,Reserve Data=%u,System=%u,Tat=%u,Tt=%u,Illegal=%u,Region0=%u,Region1=%u,Region2=%u,Region3=%u
No free blocks Available- find out the reason, bank = %d
[Strategy] Erase Failed
Bad Block found at LBA %d
Marked blk bad bank = %d, block = %d Rev = %d lba = %d
TAT write failed page = %d, bank = %d, block = %d Rev = %d lba = %d WriteOnlyHeader = %d
NO FREE TAT BLOCKS AVAILABLE
writing to TAT blocks failedInvalid percent reserved value = %d, should not exceed%d, setting it to %d
[Nand_Strategy] Failed to mark PBAs BAD
**** Fail: Invalid Case ****
Not Expected to come here
NvError_NandNoFreeBlock1
Error: NandStrategyGetSectorPageToWrite InTracking case, No Page
Error: NandStrategyGetSectorPageToWrite GetPBA case, No Page
NvError_NandNoFreeBlock2
GetNewPBA failed Sts: 0x%x in GetSectorPage2Write #2
Error: NandStrategyGetSectorPageToWrite PBA assigned already case, No Page Crypto Engine Disabled, Returning IOCTL
AES DDK Unsupported IOCTL COMMAND
AES Engine[%d] Disabled - EngineStatus[%d]
MemMap failed.
.NVRM Initialized shmoo database
NVRM Got shmoo boot argument (at 0x%x)
ActiveIdleAutoHwRM power state before suspend: %s (%d)
Active Module: 0x%x*** Wakeup from LP0 ***
*** Wakeup from LP1 ***
*** Wakeup after Skipped LP0 ***
DTT: TMON initialization failed
DTT: T = %d, Range = %d (%d : %d)
DVFS set core at %dmV
Clock control balance failed for module %d, instance %d
ADJUSTED CLOCKS:
MC clock is set to %6d KHz
EMC clock is set to %6d KHz (DDR clock is at %6d KHz)
PLLX0 clock is set to %6d KHz
PLLC0 clock is set to %6d KHz
CPU clock is set to %6d KHz
System and AVP clock is set to %6d KHz
GraphicsHost clock is set to %6d KHz
3D clock is set to %6d KHz
2D clock is set to %6d KHz
Epp clock is set to %6d KHz
Mpe clock is set to %6d KHz
Vde clock is set to %6d KHz
NVRM CLOCKS: PLLX0: %d Khz
NVRM CLOCKS: PLLM0: %d Khz
NVRM CLOCKS: PLLC0: %d Khz
NVRM CLOCKS: PLLP0: %d Khz
NVRM CLOCKS: PLLA0: %d Khz
NVRM CLOCKS: CPU: %d Khz
NVRM CLOCKS: AVP: %d Khz
NVRM CLOCKS: System Bus: %d Khz
NVRM CLOCKS: Memory Controller: %d
NVRM CLOCKS: External Memory Controller: %d
GPUHandheldBrChipsCrushMCPCkVaioHandheld SOCSimulation Chip: 0x%x
FPGAQuickTurnEmulation (%s) Chip: 0x%x Netlist: 0x%x Patch: 0x%x
Chip Id: 0x%x (%s) Major: 0x%x Minor: 0x%x SKU: 0x%x
NV_CFG_RMC_FILENV_CFG_CHIPLIBNV_CFG_CHIPLIB_ARGSSECURITY_VIOLATION DecErrAddress=0x%x SECURITY_VIOLATION DecErrStatus=0x%x EMEM DecErrAddress=0x%x EMEM DecErrStatus=0x%x GART DecErrAddress=0x%x GART DecErrStatus=0x%x DTT: Invalid Range = %d
Err in I2c transfer: Controller Status 0x%08x
AP20 I2c Isr got unwanted interrupt IntStatus 0x%08x
QueryIface_CQueryIfacebogusOBS bus modID 0x%x index 0x%x = value 0x%xLLC Client %d Count: 0x%.8X, %u
LLC Client %d Clocks: 0x%.8X, %u
Client %.3d Count: 0x%.8X, %u
Total MC Clocks: 0x%.8X, %u
AXI DecErrAddress=0x%x AXI DecErrStatus=0x%x Output FIFO does not refill, context read is stuck.Error> DSI Panel Initialization Failed
Error> DSI Panel Suspend Failed
Max8907bRtcCountWrite() error. Max8907bRtcCountRead() error. ERROR: GPIO_PCF50626_I2cWrite8() failed.
Sorry for spamming this thread, just wanted to show off some cool pics and vids
http://img404.imageshack.us/img404/4427/20120224235839.jpg
http://www.youtube.com/watch?v=moflp1BDCpA
sp3dev said:
Sorry for spamming this thread, just wanted to show off some cool pics and vids
http://img404.imageshack.us/img404/4427/20120224235839.jpg
http://www.youtube.com/watch?v=moflp1BDCpA
Click to expand...
Click to collapse
I would not call that spam. Thats AMAZING. cant wait to see more!
edit:
so did you completely replace acers bootloader on the tab with uboot?
gh123man said:
I would not call that spam. Thats AMAZING. cant wait to see more!
edit:
so did you completely replace the bootloader on the tab with uboot?
Click to expand...
Click to collapse
Yes, but..
1. Right now it does not support the tegra's partition layout - no luck with reading emmc partitions. Probably need to port tegrapart to uboot or figure out how to use EFI partition table (possibly needs hacking GPT offset)
2. Uboot doesn't support Android's boot images. The support can be added, but it may be easier to just repack kernel and initrd to uImage.
3. There's no USB client driver, so one will need to use microsd or usb stick to flash kernel/recovery for the first time.
So. I didn't have much time to play with it, but I'll look into it further
sp3dev said:
Yes, but..
1. Right now it does not support the tegra's partition layout - no luck with reading emmc partitions. Probably need to port tegrapart to uboot or figure out how to use EFI partition table (possibly needs hacking GPT offset)
2. Uboot doesn't support Android's boot images. The support can be added, but it may be easier to just repack kernel and initrd to uImage.
3. There's no USB client driver, so one will need to use microsd or usb stick to flash kernel/recovery for the first time.
So. I didn't have much time to play with it, but I'll look into it further
Click to expand...
Click to collapse
thanks... extremely interesting... keep us updated with progress, im sure im not the only one interested in this.
sp3dev said:
I have uploaded the archive with nvflash and some instructions on using it with A500. This is only intended for hardcore geeks who know how ARM boots. Be careful - while you can't really brick tegra2 (since it has a minimal usb-capable bootloader in the OTP area), you can screw up things and it will be quite hard to force the tablet to boot in some cases due to stupid security checks.
Click to expand...
Click to collapse
Just curious, you are using 0x300d8011 as odmdata, when EUU's are using 0xb00d8011.
My understanding is that LPSTATE=LP0 with yours (instead of LP1).
Any reason/consequences ?
wlk0 said:
Just curious, you are using 0x300d8011 as odmdata, when EUU's are using 0xb00d8011.
My understanding is that LPSTATE=LP0 with yours (instead of LP1).
Any reason/consequences ?
Click to expand...
Click to collapse
Actually you should use the value from the BCT (it's around the end of it). As far as I understand, there are several SoC revisions, and one of them is iirc A03p, which supports LP0, and the other one is A03, which does not. I think I had a file somewhere describing ODM value
In tegra devkit here
145 /// Soc low power state
146 #define TEGRA_DEVKIT_BCT_CUSTOPT_0_LPSTATE_RANGE 31:31
147 #define TEGRA_DEVKIT_BCT_CUSTOPT_0_LPSTATE_LP0 0x0UL
148 #define TEGRA_DEVKIT_BCT_CUSTOPT_0_LPSTATE_LP1 0x1UL
Other than mmcblk0 p1-8 what other hidden partitions are there? I can write the detection for mmc as I have it for recovery just haven't set the debugging to find the dtypes for iconia as I've been lazy and defined them. Can you list any partitions after p8 or hidden ones related to nvflash etc I have the usual boot, data, cache, misc, recovery, system etc please id any new ones as well.
sp3dev said:
I have uploaded the archive with nvflash and some instructions on using it with A500 ...
Click to expand...
Click to collapse
Oh, so the bootloader is actually unsigned - or I missed something? So what prevents me to patch the ICS BL and force unlock mode? I see I am a bit desoriented on Acer scene.
Back to the stock ICS BL, the unlock info is stored to BCT.
Skrilax_CZ said:
Oh, so the bootloader is actually unsigned - or I missed something? So what prevents me to patch the ICS BL and force unlock mode (so ppl can use fastboot)? I see I am a bit desoriented on Acer scene.
Back to the stock ICS BL, the unlock info is stored to BCT.
Click to expand...
Click to collapse
correct me if im wrong. now since we can generate the sbk we have full access to nvflash which gives us direct access to flash anything we want. including a new bootloader (weather its signed or not). its like a layer above the bootloader. sp3dev could explain it better...

Categories

Resources