NV Read not working after updating single NV item - Hardware Hacking General

Hi,
I had two Samsung S10+ phones: SM-G975U1 (US Unlocked version) and SM-G9750 (China HK version).
Both are running the same Qualcomm Snapdragon chipset.
I wanted to enable additional bands on SM-G9750 to make it fully in sync with SM-G975U1.
What I did was the following:
1) Installed QXDM tool
2) Read the following NVs: 00441, 00442, 00946, 01877, 02954, 06828.
3) Noticed that the only difference is on the 1877 (CDMA config) and 6828 (LTE config)
4) Updated the 1877 and 6828 to be exactly the same as the values from SM-G975U1.
5) Rebooted phone
Everything was working. After rebooting the phone I connected again and was able to read the values I wrote and they were showing correct (written values).
Then I decided to be "smarter". I noticed that even though my SM-G9750 has now values from SM-G975U1, when I compare the bits from what was on SM-G9750 before and what is now (config I took from SM-G975U1) there is still one bit that was set for SM-G9750 and now was reset by the new configuration from SM-G975U1.
So I decided to make "OR" and set this bit.
After saving the values, everything went well. I was able to save it and read it back.
Then I rebooted the phone.
Phone works after reboot, connects and everything but now there was an interesting issue...
When I connected it to the QXDM I cannot read *ANY* NV values. Even for other slots. I am getting invalid command all the time.
DFS Qualcomm tool that used to work also does not work.
Looks like the USB is listening but not accepting any commands.
What could have happened? And how do I revert it back?
Phone in general is working, just cannot read or modify any NV values via USB, as if the software working there on phone that was serving USB requests got disabled, crashed, or blocked.
Thoughts?
----------------------------
For reference, those are the original values from both phones:
USA/CHINA: 441:
0
0xFFFF
USA/CHINA: 442:
0
0x00FF
USA/CHINA: 946:
0
0xBFFF
USA: 1877: CDMA:
562950069306247
0010 0000 0000 0000 0000 0000 0110 1110 1000 0100 0011 1000 0111
CHINA: 1877: CDMA:
562950069289859
0010 0000 0000 0000 0000 0000 0110 1110 1000 0000 0011 1000 0011
USA/CHINA: 2954:
0
4294967295 (or 0xFFFFFFFF)
USA: 6828: LTE:
288795388680222943
0
0000 0100 0000 0010 0000 0001 1110 0000 0011 1011 0000 1110 0011 1000 1101 1111
CHINA: 6828: LTE:
600196850264287
0
0000 0000 0000 0010 0010 0001 1110 0000 0011 1000 0000 1110 0010 1000 1101 1111

Related

CABs in Extended ROM

I was wondering what each CAB in the extended ROM does?? I didn't install all of them (I soft reseted before they were auto-installed), and only installed the camera app for now, the device works just fine, can someone complete this description list? :
The device is Imate with 1.52.00WWE
Default_Broadcast.CAB -
Default_Caller.CAB - IA Caller ID (doesn't really work since it dies all the time)
Default_Camera.CAB - Camera Application
Default_Driver.CAB -
Default_Imate.cab -
Default_MIDI.CAB -
Default_MMS.CAB - MMS composer
Default_OEM5.CAB -
Default_Version.CAB -
Hi,
I posted a desricption of the T-Mobile NL ext ROM in this thread:
http://forum.xda-developers.com/viewtopic.php?t=5522
It's easy to guess from the names which cabs correspond to the ones I mention.
I wrote a perl script to decode the contents of a cab file.
first you have to extract the files using a decompression utility that understands cab files.
then run
perl cabdump.pl custom~1.000
( where custom~1.000 is the name of the first file in the cab file )
updated the cabdump script a bit, now directly processes cab files.
here is the result on all cabs in the extended rom ( don't know which version, some t-mobile )
Processing file VideoMMS.sa.CAB
processor=0 versions: 3.00 .. 4.20
application=Tools provider=Customization
platforms: JUPITER, HPC
unknown: 0 0 1 0 0
[files]
1: 1 2 0000 0CESetup.001 %CE1%\Tools\CESetup.dll
2: 6 2 0000 CHECKF~1.002 Windows\CheckFile.exe
3: 5 2 0000 PLATFO~1.003 Windows\Platformxxx.reg
4: 4 2 0000 CUSTOM~1.004 Windows\Customize.lst
5: 2 2 0000 VIDEOM~1.005 Windows\Video MMS.exe
6: 3 2 0000 VIDEOM~1.006 %CE11%\Video MMS.lnk
[registry]
1: 0 [HKCU\Software\HTC\Customize] Ver='1.0'
[shortcuts]
Processing file Broadcast_WWE.sa.CAB
processor=0 versions: 3.00 .. 4.20
application=Tools provider=Customization
platforms: JUPITER, HPC
unknown: 0 0 1 0 0
[files]
1: 1 2 0000 0CESetup.001 %CE1%\Tools\CESetup.dll
2: 4 2 0000 CHECKF~1.002 Windows\CheckFile.exe
3: 3 2 0000 PLATFO~1.003 Windows\Platformxxx.reg
4: 2 2 0000 CUSTOM~1.004 Windows\Customize.lst
[registry]
1: 0 [HKCU\Software\HTC\Customize] Ver='1.0'
[shortcuts]
Processing file CameraRC131_WWE_1.5.sa.CAB
processor=0 versions: 3.00 .. 4.20
application=Tools provider=Customization
platforms: JUPITER, HPC
unknown: 0 0 1 0 0
[files]
1: 1 2 0000 0CESetup.001 %CE1%\Tools\CESetup.dll
2: 50 2 0000 CHECKF~1.002 Windows\CheckFile.exe
3: 49 2 0000 PLATFO~1.003 Windows\Platformxxx.reg
4: 48 2 0000 CUSTOM~1.004 Windows\Customize.lst
5: 47 2 0000 STRMPL~1.005 Windows\strmplayer_middlelayer.dll
6: 46 2 0000 RTSP_S~1.006 Windows\rtsp_stack.dll
7: 45 2 0000 RTP_ST~1.007 Windows\rtp_stack.dll
8: 44 2 0000 ABSTRA~1.008 Windows\abstraction.dll
9: 41 2 0000 CAMERA~1.009 Windows\CameraWizard_(ht).htm
10: 40 2 0000 00000tma.010 Windows\tma.exe
11: 39 2 0000 ZOOM-I~1.011 Windows\Zoom-Indicator.bmp
12: 38 2 0000 VIDEO-~1.012 Windows\Video-Capture.bmp
13: 37 2 0000 THUMBN~1.013 Windows\Thumbnail-view.bmp
14: 36 2 0000 REMAIN~2.014 Windows\Remaining-video-time.bmp
15: 35 2 0000 REMAIN~1.015 Windows\Remaining-images.bmp
16: 34 2 0000 IMAGE-~1.016 Windows\Image-Capture.bmp
17: 33 2 0000 CONFIR~4.017 Windows\Confirm-Send.bmp
18: 32 2 0000 CONFIR~3.018 Windows\Confirm-Detailed-View.bmp
19: 31 2 0000 CONFIR~2.019 Windows\Confirm-Delete.bmp
20: 30 2 0000 CONFIR~1.020 Windows\Confirm-Back.bmp
21: 29 2 0000 COMPOS~1.021 Windows\Composition-Capture.bmp
22: 28 2 0000 CAPTUR~2.022 Windows\Capture-Size.bmp
23: 27 2 0000 CAPTUR~1.023 Windows\Capture-Indicator.bmp
24: 26 2 0000 CAMERA~1.024 Windows\Camera-Settings.bmp
25: 25 2 0000 AMBIEN~3.025 Windows\Ambience-Incandescent.bmp
26: 24 2 0000 AMBIEN~2.026 Windows\Ambience-Fluorescent.bmp
27: 23 2 0000 AMBIEN~1.027 Windows\Ambience-Daylight.bmp
28: 22 2 0000 POCKET~1.028 Windows\Pocket-PC-buttons.bmp
29: 17 2 0000 00ptspat.029 Windows\ptspat
30: 16 2 0000 00ptsdat.030 Windows\ptsdat
31: 15 2 0000 00amedat.031 Windows\amedat
32: 14 2 0000 00pwipat.032 Windows\pwipat.dat
33: 13 2 0000 0MidiLib.033 Windows\MidiLib.dll
34: 12 2 0000 MPEG4S~1.034 Windows\MPEG4SPVIDEOENC.dll
35: 11 2 0000 MP4WRI~1.035 Windows\MP4Writer.dll
36: 10 2 0000 0mp4spvd.036 Windows\mp4spvd.dll
37: 9 2 0000 MP4_RE~1.037 Windows\MP4_READER.dll
38: 8 2 0000 H263VI~1.038 Windows\H263VIDEOENC.dll
39: 7 2 0000 GSMAMR~2.039 Windows\gsmamrenc.dll
40: 6 2 0000 GSMAMR~1.040 Windows\GSMAMRDLL.dll
41: 5 2 0000 COLORC~1.041 Windows\colorConvScaling.dll
42: 4 2 0000 00AACDLL.042 Windows\AACDLL.dll
43: 3 2 0000 000Album.043 Windows\Album.exe
44: 2 2 0000 00Camera.044 Windows\Camera.exe
45: 19 2 0000 00Camera.045 %CE11%\Camera.lnk
46: 18 2 0000 000Album.046 %CE11%\Album.lnk
47: 20 2 0000 00Camera.047 Windows\AppButtons\Camera.lnk
48: 21 2 0000 00Camera.048 Windows\Help\Camera.lnk
49: 43 2 0000 000Totem.049 My Documents\Templates\Totem.gif
50: 42 2 0000 magazine.050 My Documents\Templates\magazine.gif
[registry]
1: 0 [HKCU\Software\HTC\Customize] Ver='1.0'
[shortcuts]
Processing file CallerIDRC11_WWE_1.5.sa.CAB
processor=0 versions: 3.00 .. 4.20
application=Tools provider=Customization
platforms: JUPITER, HPC
unknown: 0 0 1 0 0
[files]
1: 1 2 0000 0CESetup.001 %CE1%\Tools\CESetup.dll
2: 24 2 0000 CHECKF~1.002 Windows\CheckFile.exe
3: 23 2 0000 PLATFO~1.003 Windows\Platformxxx.reg
4: 22 2 0000 CUSTOM~1.004 Windows\Customize.lst
5: 21 2 0000 CALLER~1.005 Windows\Caller_ID_(ht).htm
6: 8 2 0000 IA_P_A~1.006 Windows\IA_P_AssignP.dll
7: 7 2 0000 IA_P_P~2.007 Windows\IA_P_PhotoV.dll
8: 6 2 0000 IA_P_P~1.008 Windows\IA_P_PhotoC.dll
9: 5 2 0000 IA_P_D~1.009 Windows\IA_P_DspCID.dll
10: 4 2 0000 IA_P_C~1.010 Windows\IA_P_Contacts.exe
11: 3 2 0000 IA_P_C~1.011 Windows\IA_P_Contacts.dll
12: 2 2 0000 IA_CAL~1.012 Windows\IA_Caller_ID.exe
13: 9 2 0000 PHOTOC~1.013 %CE11%\Photo Contacts.lnk
14: 10 2 0000 PHOTOC~1.014 Windows\Help\Photo Contacts.lnk
15: 16 2 0000 P-ABST~1.015 My Documents\Templates\P-Abstraction.pit
16: 15 2 0000 L-Soccer.016 My Documents\Templates\L-Soccer.pit
17: 14 2 0000 L-Heart2.017 My Documents\Templates\L-Heart2.pit
18: 13 2 0000 L-FRUI~2.018 My Documents\Templates\L-Fruit05.pit
19: 12 2 0000 L-FRUI~1.019 My Documents\Templates\L-Fruit04.pit
20: 11 2 0000 L-Dancer.020 My Documents\Templates\L-Dancer.pit
21: 19 2 0000 0unknown.021 My Documents\IA Caller ID Photos\unknown.DEF
22: 18 2 0000 notfound.022 My Documents\IA Caller ID Photos\notfound.DEF
23: 17 2 0000 CONTACTS.023 My Documents\IA Caller ID Photos\CONTACTS.DEF
24: 20 2 0000 IA_CAL~1.024 %CE4%\IA_Caller_ID.lnk
[registry]
1: 0 [HKCU\Software\HTC\Customize] Ver='1.0'
[shortcuts]
Processing file ClearVue_WWE.sa.CAB
processor=0 versions: 3.00 .. 4.20
application=Tools provider=Customization
platforms: JUPITER, HPC
unknown: 0 0 1 0 0
[files]
1: 1 2 0000 0CESetup.001 %CE1%\Tools\CESetup.dll
2: 4 2 0000 PPTVIE~1.002 %CE11%\ClearVue PPT.lnk
3: 2 2 0000 PDFVIE~1.003 %CE11%\ClearVue PDF.lnk
4: 5 2 0000 PPTVIE~1.004 Windows\Help\ClearVue PPT.lnk
5: 3 2 0000 PDFVIE~1.005 Windows\Help\ClearVue PDF.lnk
6: 38 2 0000 CHECKF~1.006 Windows\CheckFile.exe
7: 37 2 0000 PLATFO~1.007 Windows\Platformxxx.reg
8: 36 2 0000 CUSTOM~1.008 Windows\Customize.lst
9: 33 2 0000 00WTZlib.009 Windows\WTZlib.dll
10: 32 2 0000 WTXLSUtl.010 Windows\WTXLSUtl.dll
11: 31 2 0000 WTWDSExe.011 Windows\WTWDSExe.exe
12: 30 2 0000 0WTUImgr.012 Windows\WTUImgr.dll
13: 29 2 0000 000WTSho.013 Windows\WTSho.dll
14: 28 2 0000 WTRtfRdr.014 Windows\WTRtfRdr.dll
15: 27 2 0000 WTPPView.015 Windows\WTPPView.dll
16: 26 2 0000 WTPPUtil.016 Windows\WTPPUtil.dll
17: 25 2 0000 000WTPng.017 Windows\WTPng.dll
18: 24 2 0000 WTPicStm.018 Windows\WTPicStm.dll
19: 23 2 0000 WTPDFRdr.019 Windows\WTPDFRdr.dll
20: 22 2 0000 0WTMfdll.020 Windows\WTMfdll.dll
21: 21 2 0000 00WTJpeg.021 Windows\WTJpeg.dll
22: 20 2 0000 0WTImage.022 Windows\WTImage.dll
23: 19 2 0000 WTEcdJpg.023 Windows\WTEcdJpg.dll
24: 18 2 0000 00WTDraw.024 Windows\WTDraw.dll
25: 17 2 0000 WTDocUtl.025 Windows\WTDocUtl.dll
26: 16 2 0000 WTDocRdr.026 Windows\WTDocRdr.dll
27: 15 2 0000 WTDcdPng.027 Windows\WTDcdPng.dll
28: 14 2 0000 0WTdcdmz.028 Windows\WTdcdmz.dll
29: 13 2 0000 WTDcdJpg.029 Windows\WTDcdJpg.dll
30: 12 2 0000 0WTCVRes.030 Windows\WTCVRes.dll
31: 11 2 0000 WTCVPres.031 Windows\WTCVPres.htm
32: 10 2 0000 WTCVPres.032 Windows\WTCVPres.exe
33: 9 2 0000 WTCVPDFV.033 Windows\WTCVPDFV.htm
34: 8 2 0000 WTCVPDFV.034 Windows\WTCVPDFV.exe
35: 7 2 0000 0WTChart.035 Windows\WTChart.dll
36: 6 2 0000 WTAutoSh.036 Windows\WTAutoSh.dll
37: 35 2 0000 WESTTE~1.037 My Documents\WESTTEK Native Office Viewers.ppt
38: 34 2 0000 WESTTE~1.038 My Documents\WESTTEK-Product Info.pdf
[registry]
1: 0 [HKCU\Software\HTC\Customize] Ver='1.0'
[shortcuts]
Processing file GPRSMonitor_WWE.sa.CAB
processor=0 versions: 3.00 .. 4.20
application=Tools provider=Customization
platforms: JUPITER, HPC
unknown: 0 0 1 0 0
[files]
1: 1 2 0000 0CESetup.001 %CE1%\Tools\CESetup.dll
2: 8 2 0000 GPRSTO~1.002 Program files\GPRSMonitor\GPRSToday_en.txt
3: 7 2 0000 GPRSNO~1.003 Program files\GPRSMonitor\GPRSNotify_en.txt
4: 6 2 0000 GPRSMO~1.004 Program files\GPRSMonitor\GPRSMonitor_en.txt
5: 5 2 0000 0000skin.005 Program files\GPRSMonitor\skin.gif
6: 4 2 0000 GPRSTO~1.006 Program files\GPRSMonitor\GPRSToday.dll
7: 3 2 0000 GPRSNO~1.007 Program files\GPRSMonitor\GPRSNotify.exe
8: 2 2 0000 GPRSMO~1.008 Program files\GPRSMonitor\GPRSMonitor.exe
9: 22 2 0000 CHECKF~1.009 Windows\CheckFile.exe
10: 21 2 0000 PLATFO~1.010 Windows\Platformxxx.reg
11: 20 2 0000 CUSTOM~1.011 Windows\Customize.lst
12: 19 2 0000 000Setup.012 Windows\Setup.dll
13: 15 2 0000 GPRSMO~1.013 Windows\gprsmonitor_icon.2bp
14: 14 2 0000 CH280A~1.014 Windows\chart_traffic_monthly.2bp
15: 13 2 0000 CHART_~4.015 Windows\chart_traffic_hourly.2bp
16: 12 2 0000 CHART_~3.016 Windows\chart_traffic_daily.2bp
17: 11 2 0000 CHART_~2.017 Windows\chart_traffic.2bp
18: 10 2 0000 CHART_~1.018 Windows\chart_money.2bp
19: 9 2 0000 GPRSMO~1.019 Windows\gprsmonitor.htm
20: 16 2 0000 GPRSMO~1.020 Windows\Help\GPRS Monitor.lnk
21: 17 2 0000 GPRSNO~1.021 %CE4%\GPRS Notify.lnk
22: 18 2 0000 GPRSMO~1.022 %CE11%\GPRS Monitor.lnk
[registry]
1: 0 [HKCU\Software\HTC\Customize] Ver='1.0'
[shortcuts]
Processing file MIDI56.sa.CAB
processor=0 versions: 3.00 .. 4.20
application=Tools provider=Customization
platforms: JUPITER, HPC
unknown: 0 0 1 0 0
[files]
1: 1 2 0000 0CESetup.001 %CE1%\Tools\CESetup.dll
2: 5 2 0000 CHECKF~1.002 Windows\CheckFile.exe
3: 4 2 0000 PLATFO~1.003 Windows\Platformxxx.reg
4: 3 2 0000 CUSTOM~1.004 Windows\Customize.lst
5: 2 2 0000 RTPlugIn.005 Windows\RTPlugIn.dll
[registry]
1: 0 [HKCU\Software\HTC\Customize] Ver='1.0'
[shortcuts]
Processing file MMS1507_WWE.sa.CAB
processor=0 versions: 3.00 .. 4.20
application=Tools provider=Customization
platforms: JUPITER, HPC
unknown: 0 0 1 0 0
[files]
1: 1 2 0000 0CESetup.001 %CE1%\Tools\CESetup.dll
2: 8 2 0000 RECBKM~1.002 Program files\ArcSoft\ArcSoft MMS UA\RecBkMusic.wav
3: 7 2 0000 000RcDll.003 Program files\ArcSoft\ArcSoft MMS UA\RcDll.dll
4: 6 2 0000 MMSCOM~1.004 Program files\ArcSoft\ArcSoft MMS UA\MMS Composer.exe
5: 5 2 0000 000MMReg.005 Program files\ArcSoft\ArcSoft MMS UA\MMReg.exe
6: 4 2 0000 CANNED~1.006 Program files\ArcSoft\ArcSoft MMS UA\CannedText.txt
7: 3 2 0000 00000Amr.007 Program files\ArcSoft\ArcSoft MMS UA\Amr.enc
8: 2 2 0000 00000Amr.008 Program files\ArcSoft\ArcSoft MMS UA\Amr.dec
9: 11 2 0000 0Dogbark.009 My Documents\Dogbark.wav
10: 10 2 0000 0000ding.010 My Documents\ding.amr
11: 9 2 0000 Alouette.011 My Documents\Alouette.mid
12: 25 2 0000 CHECKF~1.012 Windows\CheckFile.exe
13: 24 2 0000 PLATFO~1.013 Windows\Platformxxx.reg
14: 23 2 0000 CUSTOM~1.014 Windows\Customize.lst
15: 22 2 0000 PLAYER~1.015 Windows\player_middlelayer.dll
16: 16 2 0000 MMSCOM~1.016 Windows\MMS Composer.htm
17: 12 2 0000 ARCSOF~1.017 Windows\ArcSoftTodayScreen.dll
18: 13 2 0000 MMSCOM~1.018 Windows\Help\MMS Composer.lnk
19: 14 2 0000 000MMReg.019 %CE4%\MMReg.lnk
20: 15 2 0000 MMSCOM~1.020 %CE11%\MMS Composer.lnk
21: 21 2 0000 0000Utah.021 My Documents\My Pictures\Utah.png
22: 20 2 0000 0000Pond.022 My Documents\My Pictures\Pond.jpg
23: 19 2 0000 000Photo.023 My Documents\My Pictures\Photo.gif
24: 18 2 0000 000Heart.024 My Documents\My Pictures\Heart.gif
25: 17 2 0000 BIRTHD~1.025 My Documents\My Pictures\Birthday_gift.gif
[registry]
1: 0 [HKCU\Software\HTC\Customize] Ver='1.0'
[shortcuts]
Processing file OEM_AKU1_WWE_4AP.sa.CAB
processor=0 versions: 3.00 .. 4.20
application=Tools provider=Customization
platforms: JUPITER, HPC
unknown: 0 0 1 0 0
[files]
1: 1 2 0000 0CESetup.001 %CE1%\Tools\CESetup.dll
2: 5 2 0000 GPRSAU~1.002 Temp\_GPRSAuthentication.exe
3: 4 2 0000 BTSETT~1.003 Temp\_BTSetting.exe
4: 3 2 0000 00000STK.004 Temp\_STK.exe
5: 2 2 0000 00WModem.005 Temp\_WModem.exe
6: 9 2 0000 CHECKF~1.006 Windows\CheckFile.exe
7: 8 2 0000 PLATFO~1.007 Windows\Platformxxx.reg
8: 7 2 0000 CUSTOM~1.008 Windows\Customize.lst
9: 6 2 0000 _MOVEF~1.009 Windows\_MoveFileList.txt
[registry]
1: 0 [HKCU\Software\HTC\Customize] Ver='1.0'
[shortcuts]
Processing file OEM_WWE_03120301.sa.CAB
processor=0 versions: 3.00 .. 4.20
application=Tools provider=Customization
platforms: JUPITER, HPC
unknown: 0 0 1 0 0
[files]
1: 1 2 0000 0CESetup.001 %CE1%\Tools\CESetup.dll
2: 6 2 0000 0Wavedev.002 temp\_Wavedev.dll
3: 5 2 0000 0Serial3.003 temp\_Serial3.dll
4: 4 2 0000 00rilgsm.004 temp\_rilgsm.dll
5: 3 2 0000 BTHASP~1.005 temp\_BthASPlugIn.dll
6: 2 2 0000 0AudioGW.006 temp\_AudioGW.dll
7: 10 2 0000 CHECKF~1.007 Windows\CheckFile.exe
8: 9 2 0000 PLATFO~1.008 Windows\Platformxxx.reg
9: 8 2 0000 CUSTOM~1.009 Windows\Customize.lst
10: 7 2 0000 _MOVEF~1.010 Windows\_MoveFileList.txt
[registry]
1: 0 [HKCU\Software\HTC\Customize] Ver='1.0'
[shortcuts]
Processing file TM_phone_class10.CAB
processor=0 versions: 3.00 .. 4.20
application=Tools provider=Customization
platforms: JUPITER, HPC
unknown: 0 0 1 0 0
[files]
1: 1 2 0000 0CESetup.001 %CE1%\Tools\CESetup.dll
2: 4 2 0000 CHECKF~1.002 Windows\CheckFile.exe
3: 3 2 0000 PLATFO~1.003 Windows\Platformxxx.reg
4: 2 2 0000 CUSTOM~1.004 Windows\Customize.lst
[registry]
1: 0 [HKCU\Software\HTC\Customize] Ver='1.0'
[shortcuts]
Processing file TMCOMREG.sa.CAB
processor=0 versions: 3.00 .. 4.20
application=Tools provider=Customization
platforms: JUPITER, HPC
unknown: 0 0 1 0 0
[files]
1: 1 2 0000 0CESetup.001 %CE1%\Tools\CESetup.dll
2: 4 2 0000 CHECKF~1.002 Windows\CheckFile.exe
3: 3 2 0000 PLATFO~1.003 Windows\Platformxxx.reg
4: 2 2 0000 CUSTOM~1.004 Windows\Customize.lst
[registry]
1: 0 [HKCU\Software\HTC\Customize] Ver='1.0'
[shortcuts]
Processing file TMD_AP_NL.sa.CAB
processor=0 versions: 3.00 .. 4.20
application=Tools provider=Customization
platforms: JUPITER, HPC
unknown: 0 0 1 0 0
[files]
1: 1 2 0000 0CESetup.001 %CE1%\Tools\CESetup.dll
2: 2 2 0000 0000skin.002 Program files\GPRSMonitor\skin.gif
3: 5 2 0000 CHECKF~1.003 Windows\CheckFile.exe
4: 4 2 0000 PLATFO~1.004 Windows\Platformxxx.reg
5: 3 2 0000 CUSTOM~1.005 Windows\Customize.lst
[registry]
1: 0 [HKCU\Software\HTC\Customize] Ver='1.0'
[shortcuts]
Processing file TMD_NL.sa.CAB
processor=0 versions: 3.00 .. 4.20
application=Tools provider=Customization
platforms: JUPITER, HPC
unknown: 0 0 1 0 0
[files]
1: 1 2 0000 0CESetup.001 %CE1%\Tools\CESetup.dll
2: 4 2 0000 CHECKF~1.002 Windows\CheckFile.exe
3: 3 2 0000 PLATFO~1.003 Windows\Platformxxx.reg
4: 2 2 0000 CUSTOM~1.004 Windows\Customize.lst
[registry]
1: 0 [HKCU\Software\HTC\Customize] Ver='1.0'
[shortcuts]
Processing file TMDNLCustomize.sa.CAB
processor=0 versions: 3.00 .. 4.20
application=Tools provider=Customization
platforms: JUPITER, HPC
unknown: 0 0 1 0 0
[files]
1: 1 2 0000 0CESetup.001 %CE1%\Tools\CESetup.dll
2: 32 2 0000 CHECKF~1.002 Windows\CheckFile.exe
3: 31 2 0000 PLATFO~1.003 Windows\Platformxxx.reg
4: 30 2 0000 CUSTOM~1.004 Windows\Customize.lst
5: 10 2 0000 _MOVEF~1.005 Windows\_MoveFileList.txt
6: 7 2 0000 0default.006 Windows\_default.htm
7: 6 2 0000 CM_ENT~1.007 Windows\CM_Entries.xml
8: 4 2 0000 T-MOBI~1.008 Windows\T-Mobile_Theme.tsk
9: 3 2 0000 0Splash2.009 Windows\Splash2.nb
10: 2 2 0000 0Splash1.010 Windows\Splash1.nb
11: 5 2 0000 RINGTO~1.011 Windows\Rings\RINGTONE 2.wav
12: 8 2 0000 T-MOBI~1.012 Windows\Favorites\T-Mobile PDA portal.url
13: 29 2 0000 0TapRes1.013 Temp\_TapRes1.dll
14: 28 2 0000 0default.014 Temp\_default.htm
15: 27 2 0000 0spd_lst.015 Temp\_spd_lst.gif
16: 26 2 0000 SPD_DL~1.016 Temp\_spd_dlrbtn.gif
17: 25 2 0000 SND_DL~2.017 Temp\_snd_dlrbtnd.gif
18: 24 2 0000 SND_DL~1.018 Temp\_snd_dlrbtn.gif
19: 23 2 0000 HLD_DL~2.019 Temp\_hld_dlrbtnd.gif
20: 22 2 0000 HLD_DL~1.020 Temp\_hld_dlrbtn.gif
21: 21 2 0000 ENDING~1.021 Temp\_ending_dlrbtn.gif
22: 20 2 0000 END_DL~2.022 Temp\_end_dlrbtnd.gif
23: 19 2 0000 END_DL~1.023 Temp\_end_dlrbtn.gif
24: 18 2 0000 0dlrclrd.024 Temp\_dlrclrd.gif
25: 17 2 0000 00dlrclr.025 Temp\_dlrclr.gif
26: 16 2 0000 00000dlr.026 Temp\_dlr.gif
27: 15 2 0000 0clg_out.027 Temp\_clg_out.gif
28: 14 2 0000 clg_miss.028 Temp\_clg_miss.gif
29: 13 2 0000 00clg_in.029 Temp\_clg_in.gif
30: 12 2 0000 CLG_DL~2.030 Temp\_clg_dlrbtnd.gif
31: 11 2 0000 CLG_DL~1.031 Temp\_clg_dlrbtn.gif
32: 9 2 0000 T-MOBI~1.032 Temp\_T-Mobile_banner.gif
[registry]
1: 0 [HKCU\Software\HTC\Customize] Ver='1.0'
[shortcuts]
Processing file Version_AKU1.sa.CAB
processor=0 versions: 3.00 .. 4.20
application=Tools provider=Customization
platforms: JUPITER, HPC
unknown: 0 0 1 0 0
[files]
1: 1 2 0000 0CESetup.001 %CE1%\Tools\CESetup.dll
2: 4 2 0000 CHECKF~1.002 Windows\CheckFile.exe
3: 3 2 0000 PLATFO~1.003 Windows\Platformxxx.reg
4: 2 2 0000 CUSTOM~1.004 Windows\Customize.lst
[registry]
1: 0 [HKCU\Software\HTC\Customize] Ver='1.0'
[shortcuts]
Processing file t-mobile_shortcuts_only(UK).PPC2002_ARM.CAB
processor=2577 versions: 3.00 .. 100.00
application=Web Enhancement provider=T-Mobile
platforms: HPC, JUPITER, PALM PC2
unknown: 0 0 1 0 0
[files]
1: 1 0 1000 TMOBIL~2.001 %CE2%\TMobileWebToday.dll
2: 2 0 0000 T-MOBI~1.002 %CE2%\T-Mobile Setup.dll
3: 3 0 0000 T-MOBI~2.003 %CE2%\T-Mobile PIE Launcher.exe
4: 4 0 0000 T-MOBI~3.004 %CE2%\T-Mobile Resetter.exe
[registry]
1: 0 [HKLM\Software\Microsoft\Today\Items\T-Mobile Homepage Plugin] Type=dword:00000004
2: 0 [HKLM\Software\Microsoft\Today\Items\T-Mobile Homepage Plugin] Enabled=dword:00000001
3: 0 [HKLM\Software\Microsoft\Today\Items\T-Mobile Homepage Plugin] Options=dword:00000000
4: 0 [HKLM\Software\Microsoft\Today\Items\T-Mobile Homepage Plugin] DLL=multisz:'\Windows\TMobileWebToday.dll'
5: 0 [HKLM\Software\DAT Enterprises Ltd.\TMobile Today Web] WebDisplayText='t-zones'
6: 0 [HKLM\Software\DAT Enterprises Ltd.\TMobile Today Web] WebURL='www.t-zones.co.uk'
[shortcuts]
1: 0 1 2 %CE17%\t-zones.lnk = %CE2%\T-Mobile PIE Launcher.exe
Itsme rulezzz !!

radare with haret backend

I have been playing a bit with haret and decided to write a io backend plugin for radare.
The current state is a bit slow, unstable and buggy. But it's just a first commit.
radare will allow in a near future to assemble/disassemble directly via tcp to the physical memory of the wm device using haret as IO proxy.
Would be tricky to implement scripts for radare to remotely debug applications or hooking process functions, interpret memory structures, etc..
ATM it's just a proof of concept, so follow the git -devel branch.
Code:
[email protected]~/prg/radare.git/src$ ./radare -u haret://192.168.1.83
;-- Welcome, this is HaRET pre-0.4.8-20070401_144835 running on WindowsCE v5.
;--
;-- Minimal virtual address: 00010000, maximal virtual address: 7FFFFFF
;--
;-- Detected machine 'Hermes' (Plat='PocketPC' OEM='HERM200'
;--
;-- CPU is ARM ARM arch 4T stepping 0 running in system mod
;--
;-- Enter 'HELP' for a short command summary
;--
open ro haret://192.168.1.83
[0x00000000000000]> x
offset 0 1 2 3 4 5 6 7 8 9 A B C D E F 0 1 2 3 0123456789ABCDEF0123
.---------------+--------------------------------------------------+---------------------.
0x00000000000000 7d00 00ea 0d00 00ea fcff ffea fbff ffea faff ffea }...................
0x00000000000014 f9ff ffea f8ff ffea 1100 00ea 4845 524d 3130 3020 ............HERM100
0x00000000000028 4950 4c20 4456 5400 312e 3030 0000 0000 0000 0000 IPL DVT.1.00........
0x0000000000003C 0000 0000 0010 80e5 0030 82e5 0050 84e5 feff ffea .........0...P......
0x00000000000050 4029 a0e3 c025 82e2 02f0 a0e1 0000 a0e1 0000 a0e1 @)...%..............
0x00000000000064 0000 a0e1 5604 a0e3 8010 90e5 7018 c1e3 6018 81e3 ....V.......p...`...
0x00000000000078 8010 80e5 5c13 9fe5 0410 80e5 5823 9fe5 0020 80e5 ....\.......X#... ..
0x0000000000008C c81f a0e3 1410 80e5 4c23 9fe5 1020 80e5 4833 9fe5 ........L#... ..H3..
0x000000000000A0 1830 80e5 0110 a0e3 2410 80e5 3c23 9fe5 2020 80e5 .0......$...<#.. ..

differences in bootloader img vs zip

So I watched this video...
http://www.youtube.com/watch?v=eAkBeJ3_8uQ
It had two links.
1) https://dl.dropbox.com/u/40447234/Nexus 7/JZO54K_bootloader.zip
2) http://forum.xda-developers.com/showthread.php?t=1929270
If I download the zip from the 1st link and unzip it I see a bootloader.raw file
Compared to the 3.41 img file linked to from the 2nd link they are almost exactly the same.
The .raw file from the zip has an extra 76 bytes at the beginning of the file.
The remaining 2,142,784 bytes are exactly the same.
Can someone explain the difference between the .raw file in the flashable zip and the .img file that is used with fastboot?
This is a hexdump of the first 76 bytes. Any clue why they're different?
0000000 534d 2d4d 4152 4944 2d4f 5055 4144 4554
0000010 0000 0001 003c 0000 003c 0000 0001 0000
0000020 0000 0000 0000 0000 0000 0000 0000 0000
0000030 0000 0000 0000 0000 0000 0000 4245 0054
0000040 004c 0000 b240 0020 0001 0000
Thanks,
~Eric
bump.... anyone?

[DEV][REF] El Grande Partition Table Reference

El Grande Partition Table Reference
This is a development thread whose main purpose is to catalog and document
the various partition tables used by our manufacturers in our loved Androids.
Thread Difficulty: Medium (some risk of bricking)
When people get a bad flash and soft-brick their devices, one of the first
things that need to be done, is finding out on what partition that flash went
bad. This information can be extremely valuable since it could very well make
the difference between loosing or keeping all your data.
In addition, it will help clarify much of the partitioning confusion that has
arisen because of the many different partitioning schemes used in different
devices and by different hardware manufacturers.
Thus you can help by providing your complete partition tables in this thread
in one post. In order for this information to be useful, you will have to
provide and specify the following:
Code:
General Device Name: Samsung Galaxy S2
Manufacturer Product Name: GT-I9100
Processor: Exynos 4210
AOS version: Android GB 2.3.4
Radio FW version: XXKI1
System FW version: XXKE4
Service Provider/ Branding: T-mobile
Country: Germany
<< output of parted >>
<< output of fdisk >>
<< output of gdisk >>
<< Any additional info you'd like to share. See text.>>
Additional information that could be useful, include:
Code:
a) The alternative commands shown in post#2 below.
b) Other hardware info that can often be found in the PDA database.
c) A link to a text paste site with the output from:
1. dmesg (directly after reboot)
2.
How To Post Here
To make your post compact and stylish, post using the "Go Advanced"
and put your command output in "CODE" tags and choose: "Sizes" ==> 2.
If you know how to, also replace all tabs (\t) with spaces. If your output
is excessively large, please use paste site (pastebin, pastie etc.) instead
of multiple posts.
Also, please search the thread for previous devices before posting
your own results, unless they differ significantly.
==================================================
This is a development thread. Do not ask for help with this or that,
this is not a support thread! Make sure that any question you might
have, is directly related to the benefit of this thread and on-topic.
If not your post will be removed.
==================================================
The goal here is to obtain as detailed information about your device
partitions as possible. The most important information are (with example):
Code:
- Partition Number 2
- Partition Name mmcblk0p2
- Partition Type EXT4
- Partition MBR ID 83
- Partition GPT ID 8300 /
- Partition Label SBL1
- Partition Description Secondary Bootloader 1
- Start block (hex/dec) 0x1000
- End block (hex/dec) 0x1fff
- Partiton Size (hex/dec) 0x1000
- Partition Content Qualcomm SBL1 bootloader image (sbl1.img)
As a good example of a fairly complete partition table is that of the
Verizon Samsung Galaxy S3 (SCH-I535), as shown in post#3, although it is
still missing some relevant data, it was completed using the commands
shown in post#2.
Thanks in advance for wanting to help to make this thread an awesome
and great partition table reference.
Click to expand...
Click to collapse
So far we have the following devices in our list:
Code:
[SIZE=2]Samsung Galaxy S3 (SCH-I535) [URL="http://forum.xda-developers.com/showpost.php?p=33358998&postcount=3"]Post#3[/URL]
Samsung Galaxy Note (SHV-E160L) [URL="http://forum.xda-developers.com/showpost.php?p=33568941&postcount=7"]Post#7[/URL]
HTC One X LTE [US AT&T, Verizon, etc] [URL="http://forum.xda-developers.com/showpost.php?p=34063606&postcount=8"]Post#8[/URL]
Samsung LED TV ES-5700 (UE40ES5700SXXH) [URL="http://forum.xda-developers.com/showpost.php?p=34065570&postcount=9"]Post#9[/URL]
Samsung Galaxy Camera (EK-GC100) [URL="http://forum.xda-developers.com/showpost.php?p=34841863&postcount=10"]Post#10[/URL]
Samsung GT-I8150 [URL="http://forum.xda-developers.com/showpost.php?p=35130021&postcount=11"]Post#11[/URL]
Samsung SHV-E160L [URL="http://forum.xda-developers.com/showpost.php?p=36019312&postcount=13"]Post#13[/URL]
LG Optimus G (LS970) [Sprint] [URL="http://forum.xda-developers.com/showpost.php?p=38362505&postcount=16"]Post#16[/URL]
LG Motion (MS770/LW770) [URL="http://forum.xda-developers.com/showpost.php?p=40890468&postcount=20"]Post#20[/URL]
Samsung Galaxy S Plus [URL="http://forum.xda-developers.com/showpost.php?p=41499110&postcount=21"]Post#21[/URL]
Samsung GT-I8160 [URL="http://forum.xda-developers.com/showpost.php?p=42096782&postcount=22"]Post#22[/URL]
Samsung GT-N7000 (16GB) [URL="http://forum.xda-developers.com/showpost.php?p=42744917&postcount=24"]Post#24[/URL]
LG G2 (D-800) [AT&T, Verizon] [URL="http://forum.xda-developers.com/showpost.php?p=45574215&postcount=25"]Post#25[/URL]
[/SIZE]
Here is another thread I strongly recommend reading, before posting here.
It has an excellent explanation of the linux file permissions and how to make
backups of the most important partitions.
[GUIDE] Making Dump Files Out of Android Device Partitions
<< To Be Continued.. >>
How to obtain your partition table?
Although the way to obtain your complete partition table layout varies from
device to device, there are some standard tools and methods to do this. The
most important thing to know, especially if you're used to the old-school
Windows/Linux Master Boot Record (MBR) type file systems, is that most modern
Android smartphones now make heavy use of the GUID Partition Table (GPT)
structure (formatting). Thus you will need some slightly different tools, to
obtain the proper information from your device. Different tools give different
information, as we shall see.
NOTE: You have to be rooted to use these tools!Example-1: (Partition Tables for the Samsung Galaxy S2 GT-I9100)
Here we get our partition table using three different tools:
fdisk
parted
gdisk (aka gptfdisk)
And the results will differ quite dramatically.
1. Using fdisk:
Code:
[SIZE=2]/ # fdisk -l /dev/block/mmcblk0[/SIZE]
[SIZE=2] Disk /dev/block/mmcblk0: 15.7 GB, 15756951552 bytes[/SIZE]
[SIZE=2] 1 heads, 16 sectors/track, 1923456 cylinders[/SIZE]
[SIZE=2] Units = cylinders of 16 * 512 = 8192 bytes[/SIZE]
[SIZE=2] Device Boot Start End Blocks Id System[/SIZE]
[SIZE=2] /dev/block/mmcblk0p1 1 1923456 15387647+ ee EFI GPT[/SIZE]
[SIZE=2] Partition 1 does not end on cylinder boundary[/SIZE]
2. Using parted:
Code:
[SIZE=2]/ # parted /dev/block/mmcblk0[/SIZE]
[SIZE=2] GNU Parted 1.8.8.1.179-aef3[/SIZE]
[SIZE=2] Using /dev/block/mmcblk0[/SIZE]
[SIZE=2] Welcome to GNU Parted! Type 'help' to view a list of commands.[/SIZE]
[SIZE=2] (parted) p[/SIZE]
[SIZE=2] p[/SIZE]
[SIZE=2] Model: MMC VYL00M (sd/mmc)[/SIZE]
[SIZE=2] Disk /dev/block/mmcblk0: 15.8GB[/SIZE]
[SIZE=2] Sector size (logical/physical): 512B/512B[/SIZE]
[SIZE=2] Partition Table: gpt[/SIZE]
[SIZE=2] Number Start End Size File system Name Flags[/SIZE]
[SIZE=2] 1 4194kB 25.2MB 21.0MB ext4 EFS[/SIZE]
[SIZE=2] 2 25.2MB 26.5MB 1311kB SBL1[/SIZE]
[SIZE=2] 3 27.3MB 28.6MB 1311kB SBL2[/SIZE]
[SIZE=2] 4 29.4MB 37.7MB 8389kB PARAM[/SIZE]
[SIZE=2] 5 37.7MB 46.1MB 8389kB KERNEL[/SIZE]
[SIZE=2] 6 46.1MB 54.5MB 8389kB RECOVERY[/SIZE]
[SIZE=2] 7 54.5MB 159MB 105MB ext4 CACHE[/SIZE]
[SIZE=2] 8 159MB 176MB 16.8MB MODEM[/SIZE]
[SIZE=2] 9 176MB 713MB 537MB ext4 FACTORYFS[/SIZE]
[SIZE=2] 10 713MB 2861MB 2147MB ext4 DATAFS[/SIZE]
[SIZE=2] 11 2861MB 15.2GB 12.4GB fat32 UMS[/SIZE]
[SIZE=2] 12 15.2GB 15.8GB 537MB ext4 HIDDEN[/SIZE]
3. Using gdisk:
Code:
[SIZE=2]/ # gdisk -l /dev/block/mmcblk0[/SIZE]
[SIZE=2] GPT fdisk (gdisk) version 0.8.4[/SIZE]
[SIZE=2] Partition table scan:[/SIZE]
[SIZE=2] MBR: protective[/SIZE]
[SIZE=2] BSD: not present[/SIZE]
[SIZE=2] APM: not present[/SIZE]
[SIZE=2] GPT: present[/SIZE]
[SIZE=2] Found valid GPT with protective MBR; using GPT.[/SIZE]
[SIZE=2] Disk /dev/block/mmcblk0: 30775296 sectors, 14.7 GiB[/SIZE]
[SIZE=2] Logical sector size: 512 bytes[/SIZE]
[SIZE=2] Disk identifier (GUID): 52444E41-494F-2044-4D4D-43204449534B[/SIZE]
[SIZE=2] Partition table holds up to 128 entries[/SIZE]
[SIZE=2] First usable sector is 34, last usable sector is 30775262[/SIZE]
[SIZE=2] Partitions will be aligned on 2048-sector boundaries[/SIZE]
[SIZE=2] Total free space is 17341 sectors (8.5 MiB)[/SIZE]
[SIZE=2] Number Start (sector) End (sector) Size Code Name[/SIZE]
[SIZE=2] 1 8192 49151 20.0 MiB 0700 EFS[/SIZE]
[SIZE=2] 2 49152 51711 1.2 MiB 0700 SBL1[/SIZE]
[SIZE=2] 3 53248 55807 1.2 MiB 0700 SBL2[/SIZE]
[SIZE=2] 4 57344 73727 8.0 MiB 0700 PARAM[/SIZE]
[SIZE=2] 5 73728 90111 8.0 MiB 0700 KERNEL[/SIZE]
[SIZE=2] 6 90112 106495 8.0 MiB 0700 RECOVERY[/SIZE]
[SIZE=2] 7 106496 311295 100.0 MiB 0700 CACHE[/SIZE]
[SIZE=2] 8 311296 344063 16.0 MiB 0700 MODEM[/SIZE]
[SIZE=2] 9 344064 1392639 512.0 MiB 0700 FACTORYFS[/SIZE]
[SIZE=2] 10 1392640 5586943 2.0 GiB 0700 DATAFS[/SIZE]
[SIZE=2] 11 5586944 29720575 11.5 GiB 0700 UMS[/SIZE]
[SIZE=2] 12 29720576 30769151 512.0 MiB 0700 HIDDEN[/SIZE]
Example-2: (Using built-in system tools.)
Code:
[SIZE=2]/ # mount
rootfs / rootfs ro,relatime 0 0
tmpfs /dev tmpfs rw,relatime,mode=111 0 0
devpts /dev/pts devpts rw,relatime,mode=600 0 0
proc /proc proc rw,relatime 0 0
sysfs /sys sysfs rw,relatime 0 0
none /acct cgroup rw,relatime,cpuacct 0 0
tmpfs /mnt/asec tmpfs rw,relatime,mode=755,gid=1000 0 0
tmpfs /mnt/obb tmpfs rw,relatime,mode=755,gid=1000 0 0
tmpfs /mnt/usb tmpfs rw,relatime,mode=755,gid=1000 0 0
tmpfs /app-cache tmpfs rw,relatime,size=7168k 0 0
none /dev/cpuctl cgroup rw,relatime,cpu 0 0
/dev/block/mmcblk0p9 /system ext4 ro,relatime,barrier=1,data=ordered 0 0
/dev/block/mmcblk0p7 /cache ext4 rw,nosuid,nodev,noatime,barrier=1,data=ordered 0 0
/dev/block/mmcblk0p1 /efs ext4 rw,nosuid,nodev,noatime,barrier=1,data=ordered 0 0
nil /sys/kernel/debug debugfs rw,relatime 0 0
/dev/block/mmcblk0p10 /data ext4 rw,nosuid,nodev,noatime,barrier=1,data=ordered,noauto_da_alloc,discard 0 0
/dev/block/mmcblk0p4 /mnt/.lfs j4fs rw,relatime 0 0
/dev/block/vold/179:11 /mnt/sdcard vfat rw,dirsync,nosuid,nodev,noexec,noatime,nodiratime,uid=1000,gid=1015,fmask=0002,dmask=0002,allow_utime=0020,codepage=cp437,iocharset=iso8859-1,shortname=mixed,utf8,errors=remount-ro,discard 0 0
/ # busybox cat /proc/partitions
major minor #blocks name
179 0 15387648 mmcblk0
179 1 20480 mmcblk0p1
179 2 1280 mmcblk0p2
179 3 1280 mmcblk0p3
179 4 8192 mmcblk0p4
179 5 8192 mmcblk0p5
179 6 8192 mmcblk0p6
179 7 102400 mmcblk0p7
179 8 16384 mmcblk0p8
179 9 524288 mmcblk0p9
179 10 2097152 mmcblk0p10
179 11 12066816 mmcblk0p11
179 12 524288 mmcblk0p12
[/SIZE]
Download These Partition Tools
I have collected the above three tools into one ZIP package
that you can download HERE. << WIP TBA >>
Download the ZIP containing parted HERE.
(Do not use/push/install anything else than "parted", as they may
already be present on your system, or in Busybox.)
The gptfdisk binary is rather large (~1.5 MB) as it is statically compiled.
It would be nice if someone could create an NDK based dynamic binary.
Download the binary HERE. (SourceForge, Info)
darkspr1te have collected even more (statically compiled) tools in his
post #13, that can be downloaded HERE.
! WARNING !
Be careful with parted, make sure you tell it to "Ignore" any errors it might
find. Also you have to type "quit" to get it to exit from interactive mode.
Similarly, you'll probably also get various scary warnings when using gdisk.
Same thing here. Make sure to ignore, never attempt to repair, unless you know
exactly what you're doing!
You may get other warnings as well, but should always be ignored. This is due
to the fact that many devices are using some kind of hybrid proprietary
MBR/GPT partitioning with accompanying tables. This is especially true for
Qualcomm based devices from Samsung and HTC.
Click to expand...
Click to collapse
Collecting Alternative Information
There are several system commands and files that you can use, that contain
partitioning information. The most common ones are:
Code:
mount
cat /proc/mtd
cat /proc/mounts
cat /proc/partitions
cat /proc/emmc
busybox fdisk -l /dev/block/mmcblk0
parted -l /dev/block/mmcblk0
gdisk -l /dev/block/mmcblk0
[You will probably need to modify these to suit your particular storage device.]
Another useful place for info is in the Kernel and debug messages output.
However, these commands need to be performed as soon as possible after a
reboot, since the message log is a ring-buffer of only 4K. (Meaning it will soon
overwrite itself.)
Code:
dmesg |grep "mmc"
dmesg |grep "partition"
cat /proc/kmesg >/path-to-your-writeable-area/kmesg.log
Collecting Partition Tables while Flashing
(Root not required)
You can also collect very detailed partition table layout while flashing new firmware (using Windows).
Thanks to attentive users: @IGGYVIP and @Antagonist42 we show in Post#51 and beyond, how you
can use SysInternals DebugView tool, to collect interesting debug information while flashing.
Partition Table: Samsung Galaxy S3 (SCH-I535)
So to be a good example, let me start to post the complete partition table
for the US Verizon, Samsung Galaxy S3 (SCH-I535). It was probably obtained
from a screenshot of one of Samsung's internal documents, not available for
public scrutiny. I then had to add additional information from other peoples
devices to complete the details. Still, it is likely there will be some
variations due to hardware and updated firmware etc. But it does serve as a
great and informative example of a top-of-the-line Android partition table.
So to follow my own instructions:
Code:
[SIZE=2]General Device Name: Samsung Galaxy S3
[SIZE=2]Manufacturer[/SIZE] Product Name: SCH-I535
Processor: Qualcomm Snapdragon 4S+ (MSM8960)
AOS version: Android GB 4.0.4
Radio FW version: <na>
System FW version: <na>
Service Provider/ Branding: Verizon
Country: USA
[/SIZE]
One guy listed the output of parted as:
Code:
[SIZE=2]Disk /dev/block/mmcblk0: 31268536320B
Sector size (logical/physical): 512B/512B
Partition Table: gpt
-------------------------------------------------------------------------------
Number Start End Size FS-Type Name Flags
-------------------------------------------------------------------------------
1 4194304B 67108863B 62914560B modem
2 67108864B 67239935B 131072B sbl1
3 67239936B 67502079B 262144B sbl2
4 67502080B 68026367B 524288B sbl3
5 68026368B 70123519B 2097152B aboot
6 70123520B 70647807B 524288B rpm
7 70647808B 81133567B 10485760B boot
8 81133568B 81657855B 524288B tz
9 81657856B 82182143B 524288B pad
10 82182144B 92667903B 10485760B param
11 92667904B 106954751B 14286848B ext4 efs
12 106954752B 110100479B 3145728B modemst1
13 110100480B 113246207B 3145728B modemst2
14 113246208B 1686110207B 1572864000B ext4 system
15 1686110208B 30337400831B 28651290624B ext4 userdata
16 30337400832B 30345789439B 8388608B ext4 persist
17 30345789440B 31226593279B 880803840B ext4 cache
18 31226593280B 31237079039B 10485760B recovery
19 31237079040B 31247564799B 10485760B fota
20 31247564800B 31253856255B 6291456B backup
21 31253856256B 31257001983B 3145728B fsg
22 31257001984B 31257010175B 8192B ssd
23 31257010176B 31262253055B 5242880B grow
[/SIZE]
But according to the anonymous Samsung document image, we have:
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
[Converted to text using the free online OCR tool.]
From this I constructed the following partition table:
Code:
[SIZE=2]Part# Name Type Flag Start(hex) Start(dec) Length(dec) Length(hex) Size Description
-------------------------------------------------------------------------------------------------------------------------------------------
0 GPT 00000000 0 34 0000022 0 GUID Partition Table
1 MODEM FAT32X pr 00002000 8,192 122,880 001E000 60 CP Binary
2 SBL1 *pr 00020000 131,072 256 0000100 .1 Secondary Bootloader 1
3 SBL2 pr 00020100 131,328 512 0000200 .3 Secondary Bootloader 2
4 SBL3 pr 00020300 131,840 1024 0000400 .5 Secondary Bootloader 3
5 ABOOT r 00020700 132,864 4096 0001000 2 AP Bootloader
6 RPM r 00021700 136,960 1024 0000400 .5 Resource and Power Manager
7 BOOT r 00021800 137,984 20,480 0005000 10 Kernel + Ramisk
8 TZ r 00026800 158,464 1024 0000400 .5 Trust Zone
9 PIT 00026F00 159,488 1024 0000400 .5 Partition Information Table
10 PARAM 00027300 160,512 20,480 0005000 10 Parameter Block
11 EFS EXT4 0002C300 180,992 27,904 0006D00 13.6 EFS Partition
12 MODEMST1 00033000 208,896 6,144 0001800 3 Modem Storage 1 (NV data)
13 MODEMST2 00034800 215,040 6,144 0001800 3 Modem Storage 2 (NV data)
14 SYSTEM EXT4 00036000 221,184 3,072,000 02EE000 1500 Android Platform
15 USERDATA EXT4 00324000 3,293,184 55,959,552 355E000 27324 Application & User Data
16 PERSIST EXT4 03882000 59,252,736 16,384 0004000 8 Persist
17 CACHE EXT4 03886000 59,269,120 1,720,320 01A4000 840 Cache
18 RECOVERY r 03A2A000 60,989,440 20,480 0005000 10 Recovery
19 FOTA 03A2F000 61,009,920 20,480 0005000 10 FOTA backup partition
20 BACKUP 03A34000 61,030,400 12,288 0003000 6 NV data backup partition
21 FSG 03A37000 61,042,688 6,144 0001800 3 Modem Storage "Golden Copy"
22 SSD 03A38800 61,048,832 16 0000010 0 Secure Software Download
23 GROW 03A38810 61,048,848 5 0000005 0 Grow
-------------------------------------------------------------------------------------------------------------------------------------------
Part : Is the eMMC partition number and mounted under "mmcblk0<#>"
Type : Partition Type (By Name or by ID (hex) if unknown. See list below.)
Flag : Special partition flags, such as: boot (*), read only (r), primary partition (p).
Length: Number of blocks (sectors) in partition
Size : Approximate partition size in MB
[B]NOTE[/B]: The block size is 512 bytes.
[/SIZE]
What does it all mean?
Here I give a general description to the various partitions. Most of them have
been determined, but some still remain somewhat mysterious. But there are
Terabytes written about various partition schemes and file systems etc, but
some good sources for our purpose are found on Wikipedia and Microsoft.
But the most important thing to understand, is that most of the technical
ingredients (as show in the previous post) is hardware dependent. Thus the
Android partition schemes depend on the processor / modem combination and
their firmware, and thus also the kernel, to some extent.
Some key info can be found here:
http://en.wikipedia.org/wiki/GUID_Partition_Table
http://en.wikipedia.org/wiki/Master_boot_record
http://en.wikipedia.org/wiki/Extended_Boot_Record
http://en.wikipedia.org/wiki/Host_Protected_Area
Trouble shooting Disks and Filesystems (Microsoft)
Using GPT Drives (Microsoft)​
General Android Partition Description (Qualcomm MSM8960)
The function and content of many of the partitions are not very well
described, nor easily found in one place. Here are some further details,
that apply primarily to Qualcomm Snapdragon S4/+ based Android devices.
However, Windows Phones using these these SoC's should have a very similar
partition structures, but with different names.
For details about: RPM (PBL), SBL1, SBL2, SBL3, TZ and ABOOT (APPSBL), please
see this and this thread, where they are extensively discussed and described.
GPT: See section on PIT and GPT "partitions" below.
BACKUP: This partition should contain a copy of MODEMST2. Whether it does or
not, is described in the PARAM partition.
BOOT: This is the partition that enables the phone to boot, as the name
suggests. It includes the kernel and the ramdisk. Without this partition, the
device will simply not be able to boot. Wiping this partition from recovery
should only be done if absolutely required and once done, the device must NOT
be rebooted before installing a new one, which can be done by installing a ROM
that includes a /boot partition.
CACHE: Contain the firmware update package which is downloaded from server,
and the recovery log file. Other uses include storage for frequently accessed
data and application components. Wiping the cache doesn’t effect your personal
data but simply gets rid of the existing data there, which gets automatically
rebuilt as you continue using the device.
DATA / USERDATA: This partition contains the user's data – this is where your
contacts, messages, settings and apps that you have installed go. Wiping this
partition essentially performs a factory reset on your device, restoring it to
the way it was when you first booted it, or the way it was after the last
official or custom ROM installation. When you perform a wipe data/factory
reset from recovery, it is this partition that you are wiping.
EFS: The Android EFS partition stores all your phones important, but
accessible, hardware data, such as WiFi/BlueTooth MAC's, IMEI (or ESN for a
CDMA based device) and some others.
FOTA: Is the Firmware Over The Air partition. After the update package has
been downloaded from the server it is saved into the CACHE partition. After
that the userspace application that does the download writes a special cookie
into the FOTA partition. This cookie tells the bootloaders to take the
necessary steps to boot into recovery mode
FSG: Probably stands for File System (FS) "Golden". According to Samsung
documentation, this partition is a "Golden Copy". This is partially confirmed
by RE of the PARAM partition, which indicate that this partition should contain
a copy of MODEMST1. As such it is a backup of the current EFS2 filesystem.
The creation of a FSG is not supported on flash devices and the internal (QMI)
DIAG request "EFS2_DIAG_MAKE_GOLDEN_COPY", can only be used to
create a backup one time over the life of the device. [80-V1294-11]
GROW: << unknown >>
MISC: This partition contains miscellaneous system settings in form of on/off
switches. These settings may include CID (Carrier or Region ID), USB
configuration and certain hardware settings etc. This is an important
partition and if it is corrupt or missing, several of the device’s features
will will not function normally. Not all devices have this partition.
PARAM: This is the Parameter partition which contains a number of parameters,
variables and settings of the hardware. Apparently it has an 88 byte header
structure that tell us if the MODEMST1 and MODEMST2 have been backed up to the
FSG and BACKUP partitions, respectively. Furthermore it contain all the debug
settings (DLOW/DMID/DHIG etc), the "triangle" status of whether or not you have
flashed custom ROMs and the flash count (0x3FFE00). Current boot mode in use,
and much more. The info about this partition could easily occupy a book by
itself.
PERSIST: << unknown >> The use of this partition is unknown and apparently
only exists on Qualcomm based devices.
PIT: See below.
RECOVERY: Holds the recovery boot image. When updating the system we boot
into recovery mode by using the boot image stored in this partition. It lets
you boot the device into a recovery console for performing advanced recovery
and maintenance operations on it.
SSD: "Secure Software Download" is a memory based file system (RAMFS) for
secure storage, used to download and store "who knows what" on the eMMC. It is
a referenced part in the Remote Storage RPC Client of the MSM kernel.
SYSTEM: This partition basically contains the entire operating system, other
than the kernel and the ramdisk. This includes the Android user interface as
well as all the system applications that come pre-installed on the device.
Wiping this partition will remove Android from the device without rendering it
unbootable, and you will still be able to put the phone into recovery or
bootloader mode to install a new ROM.​Older Types of Qualcomm Partitions
Code:
DBL Device Boot Loader (loads OSBL)
OSBL Operating System Boot Loader (loads AMSS)
AMSS Advanced Mobile Subscriber Software (Qualcomm CP FW)
EMMCBOOT Embedded MMC (eMMC) boot (loads EMMCBOOT)
ADSP AP (Application Processor) DSP (Qualcomm DSP FW)
Qualcomm Partition Type Cross Reference
When inspecting the partitioning of the eMMC's used by Qualcomm Snapdragon based
hardware, we see that they tend to use different partition types, for their
different partitions depending on their function. For example, for the MSM8960
SoC/PoP, we often find the following partition ID's, when inspected by
mounting the device with on linux PC. This seem to remain fairly consistent across
all their Snapdragon class/based devices.
Code:
[SIZE=2]ID Type Label oldLabels Filename(s) Description
-----------------------------------------------------------------------
05 EXT -- -- -- Extended partition
0C FAT32X MODEM FAT non-hlos.bin
45 SBL3 sbl3.mbn
46 TZ OEMSBL tz.mbn, osbl.mbn
47 RPM rpm.mbn
48 BOOT boot.img
4A MODEM_ST1 --
4B MODEM_ST2 --
4C ABOOT emmc_appsboot.mbn
4D Boot SBL1 CFG_DATA sbl1.mbn, dbl.mbn
51 SBL2 sbl2.mbn
58 FSG --
5D ??HTC
60 RECOVERY recovery.img
64 ?BOOT1 --
65 "misc" misc.img
83 EXT4 [1] // // Native Linux
-----------------------------------------------------------------------
[1] This is a standard linux partition of any EXT2/3/4 type, thus there
are many different labels used here.
[/SIZE]
Some additional partition IDs found from their CodeAurora sources in
[kernel/msm][arch/arm/mach-msm/rmt_storage_client.c]:
Code:
4A /boot/modem_fs1 RAMFS_MODEMSTORAGE_ID
4B /boot/modem_fs2 "
58 /boot/modem_fsg "
59 q6_fs1 RAMFS_MDM_STORAGE_ID
5A q6_fs2 "
5B q6_fsg "
5D ssd RAMFS_SSD_STORAGE_ID
Thus we can conclude that most of the standard (but outdated) MBR definitions
of partition type ID's are no longer valid, but used as an identifier for
various sub-system software.
From another document [80-VP120-1 Rev.K] the Secure Boot 3.0 based devices use MBR partition types as shown below:
However, this document is from 2010 and may not be up-to-date with what you have.
Check your kernel sources!
Additional eMMC types:
Code:
0x0b - FAT32
0x0c - FAT32L
0x0e - FAT16
The PIT & GPT "partitions"
<< WIP >>
Your (signed) 32 GB PIT file can be extracted with:
Code:
dd if=/dev/block/mmcblk0 of=/sdcard/out.pit bs=8 count=481 skip=2176
And the GPT with:
Code:
dd if=/dev/block/mmcblk0 of=/sdcard/gpt.bin bs=8 count=2176
That is, 0x200 bytes for the protective MBR, 0x200 bytes for the GPT header,
and 128 x 128 bytes GPT partition headers = 0x4400 bytes for the full GPT block.
The PIT file contains partition names (BOOT), the names of the files that go
in them (boot.img), the size of each partition, the partition ID (7), and any flags (RO).
The GPT contains the physical layout for the partitions in memory and reads all the info from the PIT to fill in the blanks.
<< To Be Continued... >>
eMMC/SSD A Brief Introduction
I find it useful to understand, that from the low-level point of view, an eMMC and SSD are essentially
the same. An SSD is basically a huge eMMC, but where the NAND chips are used in parallel, similar to
a Raid-0 configuration, but with an added DRAM cache buffer and a SATA interface operating at 5V.
So, apart from the more advanced microcontroller, the wear-leveling etc. works in the same way.
The most important and relevant documents are those of the JEDEC standard.
However, our device conforms to (JESD84) v4.41 and not v4.51, AFAIK.
"JEDEC: Embedded MultiMediaCard(eMMC) Product Standard..." (JESD84-A441)
"JEDEC: Embedded MultiMediaCard(eMMC) Electrical Standard" (JESD84-B451)
"eMMC v4.41 and v4.5" (JDEC presentation by Victor Tsai)
DataLight on Bad Block Management (BBM)
"Bad block management (BBM) is a critical component of NAND flash drivers to
improve the reliability and endurance of the flash. NAND is shipped from the
factory with 'mostly good' cells, meaning there are some cells that are
non-functional even when the flash is new. Blocks can also go bad over time,
causing loss of data stored in the flash memory or even a bricked device."
NAND Flash Longvity
"Flash life is limited to the number of erase cycles for which your part is
rated. By distributing write/erase cycles evenly throughout the flash, a
properly executed wear-leveling algorithm can more than double the life of
your product. FlashFX Pro uses both static and dynamic wear-leveling to
achieve 133% longer life than MSFlash, the flash manager found in Windows CE
and WindowsMobile. The charts below show a test comparison between a FlashFX
Pro disk and one using MSFlash. Flash disks read and write data in a grid of
erase blocks. Once a block reaches its maximum rated erase count, the flash is
at risk of lost or corrupted data, becoming a "broken" device. For this test,
we recorded the erase counts by block and applied a heat map ranging from
white (lowest use) to green (medium use), to black (highest use). As the
heatmap shows, the MSFlash disk contains many blocks that are well over their
rated lifespan, while other blocks are barely used. The FlashFX Pro disk shows
what happens when proper wear-leveling algorithms are employed. All blocks are
evenly worn and within a tight range of erase counts, making your handheld
last more than twice as long, and protecting the reputation for durability
you've worked hard for."
Read-Write Operation [from Linaro site]
"Flash parts are commonly divided into partitions, which allows multiple
operations to occur simultaneously (erasing one partition while reading from
another). Partitions are further divided into blocks (commonly 64KB or 128KB
in size). The only Write operation permitted on a flash memory device is to
change a bit from a one to a zero. If the reverse operation is needed, then
the block must be erased (to reset all bits to the one state). NOR flash
memory can typically be programmed a byte at a time, whereas NAND flash memory
must be programmed in multi-byte bursts (typically, 512 bytes)"
Basic Wear Leveling
MLC devices typically support fewer than 10,000 program/erase (PE) cycles. So
if you erased and reprogrammed a block every minute, you would exceed the 10K
cycling limit in just 7 days!
Code:
60 × 24 × 7 = 10,080 (cycles/block)
So rather than cycling (re-programming) the same block, wear-leveling moves
data around to other blocks so that blocks are more evenly cycled.
Example: An 8GB eMMC MLC-based device
This device has 4096 independent blocks. So if we took the previous example
and distributed the cycles over all 4,096 blocks, each block would have been
programmed fewer than three times. (10,000/4096 = 2.44 [cycles/block/per
week]) (versus the 10,800 cycles when you cycle the same block)
So if we cycle some block once every minute, we have:
Code:
1 [cycles/min] × 60 [min/hr] × 24 [hr/day] × 365 [day/year] = 525,600 [cycles/year]
But with the new block cycling restraint (mechanism), we have that each data block:
Code:
Max data block-cycles =
4096 [blocks] × 10,000 [cycles/block] = 40,960,000 [cycles]
So that the total time to use up all cycles is:
Code:
40,960,000 [cycles] / 525,600 [cycles/year] = 77.9 [years]
So if we have perfect wear leveling on a 4,096 block device, we could could
erase and program a block every minute, every day, for 77 years.
[Examples taken from Cooke WinHEC presentation.]
Mooore
However, this is far from what can be expected. For example, the guaranteed
cycle count may apply only to block zero (as is the case with TSOP NAND
devices). And accrding to WikiPedia, "MLC NAND flash used to be rated at about
5–10K cycles (Samsung K9G8G08U0M) but is now typically 1–3K cycles"
According to THIS very informative page, "34nm MLC NAND is good for 5,000
write cycles, while 25nm MLC NAND lasts for only 3,000 write cycles."
Then there is the possibility of "read disturb", The method used to read NAND
flash memory can cause nearby cells to change over time if the surrounding
cells of the block are not rewritten. This is generally on the order of ~100K
reads without a rewrite of those cells. The error does not appear when reading
the original cell, but shows up when finally reading one of the surrounding
cells.
Then there is Write Amplification (WA): [for SSD but also applicable to us]
"An undesirable phenomenon associated with flash memory and solid-state drives
(SSDs) where the actual amount of physical information written is a multiple
of the logical amount intended to be written. Because flash memory must be
erased before it can be rewritten, the process to perform these operations
results in moving (or rewriting) user data and metadata more than once. This
multiplying effect increases the number of writes required over the life of
the SSD which shortens the time it can reliably operate. The increased writes
also consume bandwidth to the flash memory which mainly reduces random write
performance to the SSD."
Write amplification is typically measured by the ratio of writes coming from
the host system and the writes going to the flash memory. A lower write
amplification is more desirable, as it corresponds to a reduced number of P/E
cycles on the flash memory and thereby to an increased NAND life,
Then there is Over-provisioning (OP), which is the difference between the
physical capacity of the flash memory and the logical capacity presented through
the operating system as available for the user. During the garbage collection,
wear-leveling, and bad block mapping operations on the SSD, the additional space
from over-provisioning helps lower the write amplification when the controller
writes to the flash memory.
Vocabulary:
MLC = Multi Level Cell: NAND stores four states per memory cell and enables two bits programmed/read per memory cell
SLC = Single Level Cell: NAND stores two states per memory cell and enables one bit programmed/read per memory cellenables cell
What does all this mean?
Well, it means a lot! Here are just a few things:
We have to use host-based disk encryption to ensure we don't leave private data on eMMC/SSD.
(Re-formatting and erasure just doesn't work, as ensured by internal wear-leveling, unless
secure erase is enabled permanently. But this is not yet supported in older JEDEC!)
We should always choose the largest available memory device to maximize life.
We should have the source code and eMMC specifications to verify device specifications
and the proper handling and quick resolution of future bugs.
Cheers!
Samsung Galaxy Note (SHV-E160L)
Thanks to the excellent work of darkspr1te in this thread and post,
we have both full partition-table info and bootloader-level recovery.
Code:
[SIZE=2]General Device Name: Samsung Galaxy Note LTE
[SIZE=2]Manufacturer Product Name: SHV-E160L
[/SIZE]Processor: Qualcomm Snapdragon 4S+ (MSM8960) ?
AOS version: ICS 4.0.4 ?
Radio FW version: <na>
System FW version: <na>
Radio Service: CDMA/LTE ?
Network / Carrier: LGU+
Country: Korea
Similar Device: Samsung Galaxy Note SCH-I717 (Verizon)
[/SIZE]
Then the following partition table was constructed from fdisk output and various other info:
Code:
[SIZE=2]Device Boot Start End Blocks FS_id FS-type Name ImageName
-----------------------------------------------------------------------------------------------------------------------
/dev/sdc1 1 204800 102400 c W95 FAT32 (LBA) SMD_HDR smd_header.mbn
/dev/sdc2 * 204801 205800 500 4d QNX4.x SBL1 sbl1.mbn
/dev/sdc3 205801 208800 1500 51 OnTrackDM6Aux1 SBL2 sbl2.mbn
/dev/sdc4 208801 208801 0 5 Extended EXT ebr.mbn
/dev/sdc5 212992 213991 500 47 Unknown RPM rpm.mbn
/dev/sdc6 221184 225279 2048 45 Unknown SBL3 sbl3.mbn
/dev/sdc7 229376 234375 2500 4c Unknown ABOOT aboot.mbn
/dev/sdc8 237568 258047 10240 48 Unknown BOOT boot.img
/dev/sdc9 262144 263143 500 46 Unknown TZ tz.mbn
/dev/sdc10 270336 271335 500 5d Unknown SSD
/dev/sdc11 278528 279527 500 91 Unknown PIT Shv-e160l.pit
/dev/sdc12 286720 307199 10240 93 Amoeba PARAM param.lfs
/dev/sdc13 311296 511999 100352 c W95 FAT32(LBA) MODEM amms.bin
/dev/sdc14 516096 522239 3072 4a Unknown MSM_ST1 efs.img
/dev/sdc15 524288 530431 3072 4b Unknown MSM_ST2
/dev/sdc16 532480 538623 3072 58 Unknown MSM_FSG
/dev/sdc17 540672 741375 100352 8f Unknown MDM mdm.bin
/dev/sdc18 745472 751615 3072 59 Unknown M9K_EFS1 efsclear1.bin
/dev/sdc19 753664 759807 3072 5a Unknown M9K_EFS2 efsclear2.bin
/dev/sdc20 761856 767999 3072 5b Unknown M9K_FSG
/dev/sdc21 770048 790527 10240 ab Darwin boot DEVENC enc.img.ext4
/dev/sdc22 794624 815103 10240 60 Unknown RECOVERY recovery.img
/dev/sdc23 819200 839679 10240 94 Amoeba BBT FOTA
/dev/sdc24 843776 3911679 1533952 a5 FreeBSD SYSTEM system.img.ext4
/dev/sdc25 3915776 8114175 2099200 a6 OpenBSD USERDATA userdata.img.ext4
/dev/sdc26 8118272 8736767 309248 a8 Darwin UFS CACHE cache.img.ext4
/dev/sdc27 8740864 9005055 132096 a9 NetBSD TOMBSTONES tomb.img.ext4
/dev/sdc28 9011200 10035199 512000 95 Unknown HIDDEN hidden.img.ext4
/dev/sdc29 10035200 30777343 10371072 90 Unknown UMS ums.rfs
[/SIZE]
Note: This table has not yet been fully verified.
HTC One X LTE (US AT&T, Verizon, et.al.)
Most of the following is based on the information given by "Its Reh" in this post.
Code:
General Device Name: HTC One X LTE (US) [aka "HOXL"]
Manufacturer Product Name: HTC One X LTE
Processor: Qualcomm Snapdragon 4S+ (MSM8960)
AOS version: ICS 4.0.4 ?
Radio FW version: <na>
System FW version: <na>
Radio Service: CDMA/LTE ?
Network / Carrier: AT&T, Verizon, + others
Country: US
Similar Device: unknown, possibly HTC One S (US)
But much information have been collected from many other sources, as well. Why all this difficulty?
Because of the many OEM custom modifications of the filesystems used in the
HTC devices, many of the standard partition commands fails to provide complete
and correct information. Thus a combination of the various command output in
addition to other external info, can help us construct a more complete picture
of the (US) HOXL partition table.
It is very important to know that the US HTC One X LTE (HOXL) is very
different from the Chinese HTC One X and the One XL, in the common idiotic
spirit of HTC using the same name for completely different hardware. (There
are probably even more devices in other countries.)
Since the US HOXL is using an older version of the bootloader build-tool we
get the most reliable partition information from the fdisk command. We can
draw this conclusion, based on three observations. (1) Because fdisk complain
that the first 4 (primary) partitions "doesn't end on a cylinder boundary", is
a typical indication of using sparse disk images for partitions p1-4, and the
fact that (2) this partition scheme is still suffering from the HTC
partitioning-loop bug. Which mean you can ignore all partitions >36. Finally
(3), they seem to use it to format a native GPT based (?) eMMC device, using
an MBR-like structure and related tools. This causes gdisk to fail recognizing
the MBR style FS-types and erroneously marks them as a "Linux filesystem"
(8300).
We can also use some of the fastboot commands to show the nature of the eMMC
primary partitions. The command format from (windows) CMD prompt is:
fastboot oem <command>
Code:
[SIZE=2]Command Description
-----------------------------------
list_partition_emmc --> List the primary eMMC partitions (index, type, start, num)
check_emmc_mid --> Check eMMC Manufacterer ID
get_wp_info_emmc --> Show eMMC write protection group size (in blocks?)
get_sector_info_emmc --> Show available eMMC Sectors (free or start?)[/SIZE]
For example, for our device we have:
Code:
[SIZE=2]
C:\adb>fastboot oem get_wp_info_emmc
INFO eMMC write protection group size = 65536[/SIZE] [SIZE=2]
C:\adb>fastboot oem list_partition_emmc[/SIZE] [SIZE=2]
---------------------------------------------------------
(bootloader) index, type, start, num
---------------------------------------------------------
(bootloader) 0, 4D, 1, 100
(bootloader) 1, 51, 101, 200
(bootloader) 2, 5D, 301, 3FCDE
(bootloader) 3, 5, 3FFDF, 1CDF020
---------------------------------------------------------[/SIZE]
The partition table:
Code:
[SIZE=2]# [B]busybox fdisk -l dev/block/mmcblk0[/B]
[output slightly edited, nothing removed]
-------------------------------------------------------------------------------
Warning: deleting partitions after 60
Disk dev/block/mmcblk0: 15.6 GB, 15634268160 bytes
1 heads, 16 sectors/track, 1908480 cylinders
Units = cylinders of 16 * 512 = 8192 bytes
p# Boot Start End Blocks Id System QCname Image
--------------------------------------------------------------------------------------
1 * E! 1 17 128 4d Unknown SBL1 sbl1-x.img
2 E! 17 49 256 51 Unknown SBL2 sbl2.img
3 E! 49 16382 130671 5d Unknown
4 E! 16382 1908480 15136784 5 Extended EXT --
5 16383 16384 16 5a Unknown
6 16385 16417 256 73 Unknown
7 16417 18364 15577+ 5b Unknown
8 18364 18396 256 5c Unknown
9 18396 18524 1024 45 Unknown SBL3 sbl3.img
10 18524 18556 256 47 Unknown
11 18556 18812 2048 46 Unknown TZ tz.img
12 18812 18940 1024 4c Unknown HBOOT hboot_8960_X_Y_Z.img
13 18940 18944 32 0 Empty
14 18944 19712 6144 34 Unknown SPLASH splash1.nb0
15 19712 19840 1024 36 Unknown
16 19840 19968 1024 0 Empty "dsps"
17 19968 25728 46080 77 Unknown radio.img
18 25729 27008 10240 7a Unknown adsp.img
19 27009 27649 5120 0 Empty wcnss.img
20 27649 28672 8190+ 74 Unknown "radio_config"
21 28673 30720 16384 48 Unknown "boot"
22 30721 32768 16383+ 71 Unknown recovery_signed.img
23 32769 32896 1022+ 76 Unknown "misc"
24 32896 33408 4096 4a Unknown MODEMST1 "modem_st1"
25 33409 33920 4096 4b Unknown MODEMST2 "modem_st2"
26 33921 36481 20480 19 Unknown "devlog"
27 36481 36481 4 0 Empty
28 36481 36513 256 23 Unknown "pdata"
29 36513 36515 16 0 Empty
30 36515 36675 1280+ 0 Empty "local"
31 36675 36683 64 0 Empty "extra"
32 36684 49152 99752 0 Empty
33 49153 262144 1703935 83 Linux SYSTEM "system"
34 262145 294912 262143+ 83 Linux CACHE "cache"
35 294913 606208 2490367+ 83 Linux "userdata"
36 606209 1908480 10418176 c FAT32(LBA) "fat"
...
-------------------------------------------------------------------------------
Where:
"p#" = dev/block/mmcblk0p#
"E!" = Partition X does not end on cylinder boundary.
"X" = HBOOT version
"Y" = HBOOT date
"Z" = HBOOT "signed" + build
-------------------------------------------------------------------------------
[/SIZE]
This is still to be verified and considered WIP...
Samsung LED TV ES-5700 (5/6 Series) (EU)
Partition tables are not only reserved to PCs and Smartphones,
here's a great example of a modern TV set, that runs on an ARM
processor and a Samsung modified Linux based OS, called VDLinux.
Most of these devices also run applications that can be downloaded,
and hacked...
Code:
Model: [COLOR=Navy][B]UE40ES5700[/B][/COLOR]SXXH
Panel Code: BN41-01812A
Panel Type: 40A6AF0E
SW: T-MST10PDEUC-[B]1027.1[/B]
Hub FW: T-INFOLINK2012-1008
Processor: MStar X10P, 900 MHz (ARM core)
Linux base: 2.6.35.11
VDLinux Kernel: 0064
VDLinux Patch: 0716
Code branch: DEU_BRANCH
The partition table layout is auto generated in the partition.txt file
(accompanied in the Firmware update image.)
Here is an edited (for readability) version:
Code:
[SIZE=2]
pID device_name size image_name type upgrade partition_map mount_path block_size
------------------------------------------------------------------------------------------------------------------
0 /dev/mmcblk0p0 524288 onboot.bin MLC NONE BOOTLOADER0 -- 1048576
1 /dev/mmcblk0p1 524288 u-boot.bin MLC NONE BOOTLOADER1 -- 1048576
2 /dev/mmcblk0p2 6291456 uImage MLC USER KERNEL0 -- 1048576
3 /dev/mmcblk0p3 4718592 rootfs.img MLC USER RFS0 -- 1048576
4 /dev/mmcblk0p4 0 ex_partition MLC NONE -- -- 1048576
5 /dev/mmcblk0p5 6291456 uImage MLC USER KERNEL1 -- 1048576
6 /dev/mmcblk0p6 4718592 rootfs.img MLC USER RFS1 -- 1048576
7 /dev/mmcblk0p7 8192 sign0.bin MLC NONE SECUREMAC0 -- 1048576
8 /dev/mmcblk0p8 8192 sign1.bin MLC NONE SECUREMAC1 -- 1048576
9 /dev/mmcblk0p9 8192 VD-HEADER MLC NONE -- -- 1048576
10 /dev/mmcblk0p10 3145728 -- MLC NONE -- mtd_drmregion_a 1048576
11 /dev/mmcblk0p11 3145728 -- MLC NONE -- mtd_drmregion_b 1048576
12 /dev/mmcblk0p12 73400320 -- MLC NONE -- mtd_rwarea 1048576
13 /dev/mmcblk0p13 125829120 exe.img MLC USER EXE0 mtd_exe 1048576
14 /dev/mmcblk0p14 125829120 exe.img MLC USER EXE1 mtd_exe 1048576
15 /dev/mmcblk0p15 83886080 appext.img MLC USER APP_DATA0 mtd_appext 1048576
16 /dev/mmcblk0p16 83886080 appext.img MLC USER APP_DATA1 mtd_appext 1048576
17 /dev/mmcblk0p17 262144000 rocommon.img MLC OTHER CONTENT0 mtd_rocommon 1048576
18 /dev/mmcblk0p18 104857600 emanual.img MLC OTHER CONTENT1 mtd_emanual 1048576
19 /dev/mmcblk0p19 52428800 -- MLC NONE -- mtd_contents 1048576
20 /dev/mmcblk0p20 10485760 -- MLC NONE -- mtd_swu 1048576
21 /dev/mmcblk0p21 1049075712 rwcommon.img MLC NONE -- mtd_rwcommon 1048576
------------------------------------------------------------------------------------------------------------------
[/SIZE]
To print partitions using debug service interface:
Code:
[SIZE=2][TOP Debug Menu]
--> (2) "Platform Print Setting" --> [Platform Debug List]
--> (1) "Basic Platform" --> [BP Debug Module]
--> (92) "System Debug" --> [System Debug Menu]
--> (4) "Check Total File System"
[/SIZE]
Then you'll get this:
Code:
[SIZE=2]-------------------------------------------------------------------
File system Type Total Used Avail Use% Mounted on
-------------------------------------------------------------------
rootfs rootfs 4208K 4208K 0K 100.00% /
/dev/root squashfs 4208K 4208K 0K 100.00% /
proc proc 0K 0K 0K 0.00% /proc
sysfs sysfs 0K 0K 0K 0.00% /sys
tmpfs tmpfs 248M 8K 248M 0.00% /dev/shm
tmpfs tmpfs 40960K 12K 40948K 0.03% /dtv
tmpfs tmpfs 36864K 8K 36856K 0.02% /tmp
tmpfs tmpfs 12288K 0K 12288K 0.00% /dsm
tmpfs tmpfs 30720K 0K 30720K 0.00% /core
/dev/mmcblk0p13 squashfs 96256K 96256K 0K 100.00% /mtd_exe
none cgroup 0K 0K 0K 0.00% /sys/fs/cgroup
/dev/mmcblk0p12 rfs 70824K 4548K 66276K 6.42% /mtd_rwarea
/dev/mmcblk0p10 rfs 2872K 170K 2702K 5.92% /mtd_drmregion_a
/dev/mmcblk0p11 rfs 2872K 170K 2702K 5.92% /mtd_drmregion_b
/dev/mmcblk0p15 squashfs 45568K 45568K 0K 100.00% /mtd_appext
/dev/mmcblk0p17 squashfs 110M 110M 0K 100.00% /mtd_rocommon
/dev/mmcblk0p19 rfs 49992K 32K 49960K 0.06% /mtd_contents
/dev/mmcblk0p21 rfs 927M 313M 614M 33.80% /mtd_rwcommon
/dev/mmcblk0p18 rfs 98M 84096K 17024K 83.16% /mtd_emanual
/dev/mmcblk0p20 rfs 9896K 4K 9892K 0.04% /mtd_swu
none usbfs 0K 0K 0K 0.00% /proc/bus/usb
-------------------------------------------------------------------
Unit : B=1024^0, K=1024^1, M=1024^2, G=1024^3, T=1024^4
[/SIZE]
[See SamyGo for all the juicy details of how to hack your Samsung TV!]
Samsung Galaxy Camera (EK-GC100)
Preliminary partition table from this post.
Code:
[SIZE=2]
p# ID Att FOTA Size Count Name Filename
-------------------------------------------------------------------------------
#0 80 2 1 0 1734 BOOTLOADER sboot.bin
#1 81 5 1 1734 312 TZSW tz.img
#2 70 5 1 34 16 PIT camera.pit
#3 71 5 1 50 2048 MD5HDR md5.img
#4 1 5 1 8192 8192 BOTA0 -
#5 2 5 1 16384 8192 BOTA1 -
#6 3 5 5 24576 40960 EFS efs.img
#7 4 5 1 65536 16384 PARAM param.bin
#8 5 5 1 81920 16384 BOOT boot.img
#9 6 5 1 98304 16384 RECOVERY recovery.img
#10 7 5 1 114688 65536 RADIO modem.bin
#11 8 5 5 180224 2097152 CACHE cache.img
#12 9 5 5 2277376 3145728 SYSTEM system.img
#13 10 5 5 5423104 737280 HIDDEN hidden.img
#14 11 5 1 6160384 16384 OTA -
#15 12 5 5 6176768 409600 TDATA -
#16 13 5 5 6586368 0 USERDATA userdata.img
-------------------------------------------------------------------------------
ID: partition identifier
Att: "2" = STL Read-Only, "5" = Read/Write
FOTA: Update (1 = ??, 5 = ??)
Size: Block size ?
Count: Block Count ?
Name: Samsung partition name
-------------------------------------------------------------------------------
[/SIZE]
The p# is not necessarily that found on your device. This is preliminary info, not verified or checked.
this is partition table of Galaxy Wonder GT-i8150 (ancora)
Code:
Number Start (sector) End (sector) Size Code Name
1 1 212991 104.0 MiB 0700 Microsoft basic data
2 212992 213991 500.0 KiB 8300 Linux filesystem
3 213992 221183 3.5 MiB 8300 Linux filesystem
5 229376 239615 5.0 MiB 8300 Linux filesystem
6 245760 285759 19.5 MiB 8300 Linux filesystem
7 286720 292863 3.0 MiB 8300 Linux filesystem
8 294912 306175 5.5 MiB 8300 Linux filesystem
9 311296 324271 6.3 MiB 8300 Linux filesystem
10 327680 333823 3.0 MiB 8300 Linux filesystem
11 335872 342015 3.0 MiB 8300 Linux filesystem
12 344064 360447 8.0 MiB 8300 Linux filesystem
13 360448 375807 7.5 MiB 8300 Linux filesystem
14 376832 387071 5.0 MiB 8300 Linux filesystem
15 393216 1488895 535.0 MiB 8300 Linux filesystem
16 1490944 1613823 60.0 MiB 8300 Linux filesystem
17 1613824 3887103 1.1 GiB 8300 Linux filesystem
18 3891200 3993599 50.0 MiB 8300 Linux filesystem
19 3997696 3998695 500.0 KiB 8300 Linux filesystem
20 4005888 4013079 3.5 MiB 8300 Linux filesystem
21 4014080 4024319 5.0 MiB 8300 Linux filesystem
22 4030464 4070463 19.5 MiB 8300 Linux filesystem
23 4071424 4081663 5.0 MiB 8300 Linux filesystem
24 4087808 4101807 6.8 MiB 8300 Linux filesystem
25 4104192 4114431 5.0 MiB 8300 Linux filesystem
26 4120576 4130815 5.0 MiB 8300 Linux filesystem
27 4136960 4147199 5.0 MiB 8300 Linux filesystem
28 4153344 7733247 1.7 GiB 8300 Linux filesystem
may i ask? why is it named Linux filesystem not EFS or etc?
hadidjapri said:
may i ask? why is it named Linux filesystem not EFS or etc?
Click to expand...
Click to collapse
That is the partition type, as determined by the ID 83 or 8300. The actual filesystem in use on those partitions is not shown, as well as the names or descriptions such as system, data, boot, recovery, etc...
Reread the op, 2nd and 3rd posts for more ways to find additional info, like:
Code:
cat /system/proc/mounts
-SLS-
For the Posted SHV-E160L based MSM8660 device, there is a hexdump of the original parition0.bin
Code:
[email protected]:~/Desktop/Samsung/brixfix/partition_load_pt$ hexdump shv-e160l-partition0.bin
0000000 0000 0000 0000 0000 0000 0000 0000 0000
*
00001c0 0000 0092 0000 0001 0000 2000 0003 0080
00001d0 0000 004d 0000 2001 0003 03e8 0000 0000
00001e0 0000 0051 0000 23e9 0003 0bb8 0000 0000
00001f0 0000 0005 0000 2fa1 0003 705f 01d2 aa55
0000200 0000 0000 0000 0000 0000 0000 0000 0000
*
00003c0 0000 0047 0000 105f 0000 03e8 0000 0000
00003d0 0000 0005 0000 0001 0000 0001 0000 0000
00003e0 0000 0000 0000 0000 0000 0000 0000 0000
00003f0 0000 0000 0000 0000 0000 0000 0000 aa55
0000400 0000 0000 0000 0000 0000 0000 0000 0000
*
00005c0 0000 0045 0000 305e 0000 1000 0000 0000
00005d0 0000 0005 0000 0002 0000 0001 0000 0000
00005e0 0000 0000 0000 0000 0000 0000 0000 0000
00005f0 0000 0000 0000 0000 0000 0000 0000 aa55
0000600 0000 0000 0000 0000 0000 0000 0000 0000
*
00007c0 0000 004c 0000 505d 0000 1388 0000 0000
00007d0 0000 0005 0000 0003 0000 0001 0000 0000
00007e0 0000 0000 0000 0000 0000 0000 0000 0000
00007f0 0000 0000 0000 0000 0000 0000 0000 aa55
0000800 0000 0000 0000 0000 0000 0000 0000 0000
*
00009c0 0000 0048 0000 705c 0000 5000 0000 0000
00009d0 0000 0005 0000 0004 0000 0001 0000 0000
00009e0 0000 0000 0000 0000 0000 0000 0000 0000
00009f0 0000 0000 0000 0000 0000 0000 0000 aa55
0000a00 0000 0000 0000 0000 0000 0000 0000 0000
*
0000bc0 0000 0046 0000 d05b 0000 03e8 0000 0000
0000bd0 0000 0005 0000 0005 0000 0001 0000 0000
0000be0 0000 0000 0000 0000 0000 0000 0000 0000
0000bf0 0000 0000 0000 0000 0000 0000 0000 aa55
0000c00 0000 0000 0000 0000 0000 0000 0000 0000
*
0000dc0 0000 005d 0000 f05a 0000 03e8 0000 0000
0000dd0 0000 0005 0000 0006 0000 0001 0000 0000
0000de0 0000 0000 0000 0000 0000 0000 0000 0000
0000df0 0000 0000 0000 0000 0000 0000 0000 aa55
0000e00 0000 0000 0000 0000 0000 0000 0000 0000
*
0000fc0 0000 0091 0000 1059 0001 03e8 0000 0000
0000fd0 0000 0005 0000 0007 0000 0001 0000 0000
0000fe0 0000 0000 0000 0000 0000 0000 0000 0000
0000ff0 0000 0000 0000 0000 0000 0000 0000 aa55
0001000 0000 0000 0000 0000 0000 0000 0000 0000
*
00011c0 0000 0093 0000 3058 0001 5000 0000 0000
00011d0 0000 0005 0000 0008 0000 0001 0000 0000
00011e0 0000 0000 0000 0000 0000 0000 0000 0000
00011f0 0000 0000 0000 0000 0000 0000 0000 aa55
0001200 0000 0000 0000 0000 0000 0000 0000 0000
*
00013c0 0000 000c 0000 9057 0001 1000 0003 0000
00013d0 0000 0005 0000 0009 0000 0001 0000 0000
00013e0 0000 0000 0000 0000 0000 0000 0000 0000
00013f0 0000 0000 0000 0000 0000 0000 0000 aa55
0001400 0000 0000 0000 0000 0000 0000 0000 0000
*
00015c0 0000 004a 0000 b056 0004 1800 0000 0000
00015d0 0000 0005 0000 000a 0000 0001 0000 0000
00015e0 0000 0000 0000 0000 0000 0000 0000 0000
00015f0 0000 0000 0000 0000 0000 0000 0000 aa55
0001600 0000 0000 0000 0000 0000 0000 0000 0000
*
00017c0 0000 004b 0000 d055 0004 1800 0000 0000
00017d0 0000 0005 0000 000b 0000 0001 0000 0000
00017e0 0000 0000 0000 0000 0000 0000 0000 0000
00017f0 0000 0000 0000 0000 0000 0000 0000 aa55
0001800 0000 0000 0000 0000 0000 0000 0000 0000
*
00019c0 0000 0058 0000 f054 0004 1800 0000 0000
00019d0 0000 0005 0000 000c 0000 0001 0000 0000
00019e0 0000 0000 0000 0000 0000 0000 0000 0000
00019f0 0000 0000 0000 0000 0000 0000 0000 aa55
0001a00 0000 0000 0000 0000 0000 0000 0000 0000
*
0001bc0 0000 008f 0000 1053 0005 1000 0003 0000
0001bd0 0000 0005 0000 000d 0000 0001 0000 0000
0001be0 0000 0000 0000 0000 0000 0000 0000 0000
0001bf0 0000 0000 0000 0000 0000 0000 0000 aa55
0001c00 0000 0000 0000 0000 0000 0000 0000 0000
*
0001dc0 0000 0059 0000 3052 0008 1800 0000 0000
0001dd0 0000 0005 0000 000e 0000 0001 0000 0000
0001de0 0000 0000 0000 0000 0000 0000 0000 0000
0001df0 0000 0000 0000 0000 0000 0000 0000 aa55
0001e00 0000 0000 0000 0000 0000 0000 0000 0000
*
0001fc0 0000 005a 0000 5051 0008 1800 0000 0000
0001fd0 0000 0005 0000 000f 0000 0001 0000 0000
0001fe0 0000 0000 0000 0000 0000 0000 0000 0000
0001ff0 0000 0000 0000 0000 0000 0000 0000 aa55
0002000 0000 0000 0000 0000 0000 0000 0000 0000
*
00021c0 0000 005b 0000 7050 0008 1800 0000 0000
00021d0 0000 0005 0000 0010 0000 0001 0000 0000
00021e0 0000 0000 0000 0000 0000 0000 0000 0000
00021f0 0000 0000 0000 0000 0000 0000 0000 aa55
0002200 0000 0000 0000 0000 0000 0000 0000 0000
*
00023c0 0000 00ab 0000 904f 0008 5000 0000 0000
00023d0 0000 0005 0000 0011 0000 0001 0000 0000
00023e0 0000 0000 0000 0000 0000 0000 0000 0000
00023f0 0000 0000 0000 0000 0000 0000 0000 aa55
0002400 0000 0000 0000 0000 0000 0000 0000 0000
*
00025c0 0000 0060 0000 f04e 0008 5000 0000 0000
00025d0 0000 0005 0000 0012 0000 0001 0000 0000
00025e0 0000 0000 0000 0000 0000 0000 0000 0000
00025f0 0000 0000 0000 0000 0000 0000 0000 aa55
0002600 0000 0000 0000 0000 0000 0000 0000 0000
*
00027c0 0000 0094 0000 504d 0009 5000 0000 0000
00027d0 0000 0005 0000 0013 0000 0001 0000 0000
00027e0 0000 0000 0000 0000 0000 0000 0000 0000
00027f0 0000 0000 0000 0000 0000 0000 0000 aa55
0002800 0000 0000 0000 0000 0000 0000 0000 0000
*
00029c0 0000 00a5 0000 b04c 0009 d000 002e 0000
00029d0 0000 0005 0000 0014 0000 0001 0000 0000
00029e0 0000 0000 0000 0000 0000 0000 0000 0000
00029f0 0000 0000 0000 0000 0000 0000 0000 aa55
0002a00 0000 0000 0000 0000 0000 0000 0000 0000
*
0002bc0 0000 00a6 0000 904b 0038 1000 0040 0000
0002bd0 0000 0005 0000 0015 0000 0001 0000 0000
0002be0 0000 0000 0000 0000 0000 0000 0000 0000
0002bf0 0000 0000 0000 0000 0000 0000 0000 aa55
0002c00 0000 0000 0000 0000 0000 0000 0000 0000
*
0002dc0 0000 00a8 0000 b04a 0078 7000 0009 0000
0002dd0 0000 0005 0000 0016 0000 0001 0000 0000
0002de0 0000 0000 0000 0000 0000 0000 0000 0000
0002df0 0000 0000 0000 0000 0000 0000 0000 aa55
0002e00 0000 0000 0000 0000 0000 0000 0000 0000
*
0002fc0 0000 00a9 0000 3049 0082 0800 0004 0000
0002fd0 0000 0005 0000 0017 0000 0001 0000 0000
0002fe0 0000 0000 0000 0000 0000 0000 0000 0000
0002ff0 0000 0000 0000 0000 0000 0000 0000 aa55
0003000 0000 0000 0000 0000 0000 0000 0000 0000
*
00031c0 0000 0095 0000 5048 0086 a000 000f 0000
00031d0 0000 0005 0000 0018 0000 0001 0000 0000
00031e0 0000 0000 0000 0000 0000 0000 0000 0000
00031f0 0000 0000 0000 0000 0000 0000 0000 aa55
0003200 0000 0000 0000 0000 0000 0000 0000 0000
*
00033c0 0000 0090 0000 f047 0095 [COLOR="red"][B]8000 013c[/B][/COLOR] 0000
00033d0 0000 0000 0000 0000 0000 0000 0000 0000
*
00033f0 0000 0000 0000 0000 0000 0000 0000 aa55
0003400
And this is the output from the Parsebinarypartitionfile.pl when run on the same file.
Code:
[email protected]:~/Desktop/Samsung/brixfix/partition_load_pt$ perl perl/ParseBinaryPartitionFile.pl shv-e160l-partition0.bin
----------------------------------------------------------
Parsing shv-e160l-partition0.bin ------------------
1 0x00 0x92 0x00000001 (000001) 0x00032000 (204800) (100.00MB)
2 0x80 0x4D 0x00032001 (204801) 0x000003E8 (001000) (0.49MB)
3 0x00 0x51 0x000323E9 (205801) 0x00000BB8 (003000) (1.46MB)
0x00 0x05 0x00032FA1 (208801) 0x01D2705F (30568543) (14926.05MB) - EXT PARTITION (Type=0x05) - not counted as a partition
$ExtendedPartitionBeginsAt=208801
4 0x00 0x47 0x0000105F (004191) 0x000003E8 (001000) (0.49MB) 4MB boundary #26 (sector 212992)
0x00 0x05 0x00000001 (000001) 0x00000001 (000001)
0x00 0x00 0x00000000 (000000) 0x00000000 (000000)
0x00 0x00 0x00000000 (000000) 0x00000000 (000000)
5 0x00 0x45 0x0000305E (012382) 0x00001000 (004096) (2.00MB) 4MB boundary #27 (sector 221184)
0x00 0x05 0x00000002 (000002) 0x00000001 (000001)
0x00 0x00 0x00000000 (000000) 0x00000000 (000000)
0x00 0x00 0x00000000 (000000) 0x00000000 (000000)
6 0x00 0x4C 0x0000505D (020573) 0x00001388 (005000) (2.44MB) 4MB boundary #28 (sector 229376)
0x00 0x05 0x00000003 (000003) 0x00000001 (000001)
0x00 0x00 0x00000000 (000000) 0x00000000 (000000)
0x00 0x00 0x00000000 (000000) 0x00000000 (000000)
7 0x00 0x48 0x0000705C (028764) 0x00005000 (020480) (10.00MB) 4MB boundary #29 (sector 237568)
0x00 0x05 0x00000004 (000004) 0x00000001 (000001)
0x00 0x00 0x00000000 (000000) 0x00000000 (000000)
0x00 0x00 0x00000000 (000000) 0x00000000 (000000)
8 0x00 0x46 0x0000D05B (053339) 0x000003E8 (001000) (0.49MB) 4MB boundary #32 (sector 262144)
0x00 0x05 0x00000005 (000005) 0x00000001 (000001)
0x00 0x00 0x00000000 (000000) 0x00000000 (000000)
0x00 0x00 0x00000000 (000000) 0x00000000 (000000)
9 0x00 0x5D 0x0000F05A (061530) 0x000003E8 (001000) (0.49MB) 4MB boundary #33 (sector 270336)
0x00 0x05 0x00000006 (000006) 0x00000001 (000001)
0x00 0x00 0x00000000 (000000) 0x00000000 (000000)
0x00 0x00 0x00000000 (000000) 0x00000000 (000000)
10 0x00 0x91 0x00011059 (069721) 0x000003E8 (001000) (0.49MB) 4MB boundary #34 (sector 278528)
0x00 0x05 0x00000007 (000007) 0x00000001 (000001)
0x00 0x00 0x00000000 (000000) 0x00000000 (000000)
0x00 0x00 0x00000000 (000000) 0x00000000 (000000)
11 0x00 0x93 0x00013058 (077912) 0x00005000 (020480) (10.00MB) 4MB boundary #35 (sector 286720)
0x00 0x05 0x00000008 (000008) 0x00000001 (000001)
0x00 0x00 0x00000000 (000000) 0x00000000 (000000)
0x00 0x00 0x00000000 (000000) 0x00000000 (000000)
12 0x00 0x0C 0x00019057 (102487) 0x00031000 (200704) (98.00MB) 4MB boundary #38 (sector 311296)
0x00 0x05 0x00000009 (000009) 0x00000001 (000001)
0x00 0x00 0x00000000 (000000) 0x00000000 (000000)
0x00 0x00 0x00000000 (000000) 0x00000000 (000000)
13 0x00 0x4A 0x0004B056 (307286) 0x00001800 (006144) (3.00MB) 4MB boundary #63 (sector 516096)
0x00 0x05 0x0000000A (000010) 0x00000001 (000001)
0x00 0x00 0x00000000 (000000) 0x00000000 (000000)
0x00 0x00 0x00000000 (000000) 0x00000000 (000000)
14 0x00 0x4B 0x0004D055 (315477) 0x00001800 (006144) (3.00MB) 4MB boundary #64 (sector 524288)
0x00 0x05 0x0000000B (000011) 0x00000001 (000001)
0x00 0x00 0x00000000 (000000) 0x00000000 (000000)
0x00 0x00 0x00000000 (000000) 0x00000000 (000000)
15 0x00 0x58 0x0004F054 (323668) 0x00001800 (006144) (3.00MB) 4MB boundary #65 (sector 532480)
0x00 0x05 0x0000000C (000012) 0x00000001 (000001)
0x00 0x00 0x00000000 (000000) 0x00000000 (000000)
0x00 0x00 0x00000000 (000000) 0x00000000 (000000)
16 0x00 0x8F 0x00051053 (331859) 0x00031000 (200704) (98.00MB) 4MB boundary #66 (sector 540672)
0x00 0x05 0x0000000D (000013) 0x00000001 (000001)
0x00 0x00 0x00000000 (000000) 0x00000000 (000000)
0x00 0x00 0x00000000 (000000) 0x00000000 (000000)
17 0x00 0x59 0x00083052 (536658) 0x00001800 (006144) (3.00MB) 4MB boundary #91 (sector 745472)
0x00 0x05 0x0000000E (000014) 0x00000001 (000001)
0x00 0x00 0x00000000 (000000) 0x00000000 (000000)
0x00 0x00 0x00000000 (000000) 0x00000000 (000000)
18 0x00 0x5A 0x00085051 (544849) 0x00001800 (006144) (3.00MB) 4MB boundary #92 (sector 753664)
0x00 0x05 0x0000000F (000015) 0x00000001 (000001)
0x00 0x00 0x00000000 (000000) 0x00000000 (000000)
0x00 0x00 0x00000000 (000000) 0x00000000 (000000)
19 0x00 0x5B 0x00087050 (553040) 0x00001800 (006144) (3.00MB) 4MB boundary #93 (sector 761856)
0x00 0x05 0x00000010 (000016) 0x00000001 (000001)
0x00 0x00 0x00000000 (000000) 0x00000000 (000000)
0x00 0x00 0x00000000 (000000) 0x00000000 (000000)
20 0x00 0xAB 0x0008904F (561231) 0x00005000 (020480) (10.00MB) 4MB boundary #94 (sector 770048)
0x00 0x05 0x00000011 (000017) 0x00000001 (000001)
0x00 0x00 0x00000000 (000000) 0x00000000 (000000)
0x00 0x00 0x00000000 (000000) 0x00000000 (000000)
21 0x00 0x60 0x0008F04E (585806) 0x00005000 (020480) (10.00MB) 4MB boundary #97 (sector 794624)
0x00 0x05 0x00000012 (000018) 0x00000001 (000001)
0x00 0x00 0x00000000 (000000) 0x00000000 (000000)
0x00 0x00 0x00000000 (000000) 0x00000000 (000000)
22 0x00 0x94 0x0009504D (610381) 0x00005000 (020480) (10.00MB) 4MB boundary #100 (sector 819200)
0x00 0x05 0x00000013 (000019) 0x00000001 (000001)
0x00 0x00 0x00000000 (000000) 0x00000000 (000000)
0x00 0x00 0x00000000 (000000) 0x00000000 (000000)
23 0x00 0xA5 0x0009B04C (634956) 0x002ED000 (3067904) (1498.00MB) 4MB boundary #103 (sector 843776)
0x00 0x05 0x00000014 (000020) 0x00000001 (000001)
0x00 0x00 0x00000000 (000000) 0x00000000 (000000)
0x00 0x00 0x00000000 (000000) 0x00000000 (000000)
24 0x00 0xA6 0x0038904B (3706955) 0x00401000 (4198400) (2050.00MB) 4MB boundary #478 (sector 3915776)
0x00 0x05 0x00000015 (000021) 0x00000001 (000001)
0x00 0x00 0x00000000 (000000) 0x00000000 (000000)
0x00 0x00 0x00000000 (000000) 0x00000000 (000000)
25 0x00 0xA8 0x0078B04A (7909450) 0x00097000 (618496) (302.00MB) 4MB boundary #991 (sector 8118272)
0x00 0x05 0x00000016 (000022) 0x00000001 (000001)
0x00 0x00 0x00000000 (000000) 0x00000000 (000000)
0x00 0x00 0x00000000 (000000) 0x00000000 (000000)
26 0x00 0xA9 0x00823049 (8532041) 0x00040800 (264192) (129.00MB) 4MB boundary #1067 (sector 8740864)
0x00 0x05 0x00000017 (000023) 0x00000001 (000001)
0x00 0x00 0x00000000 (000000) 0x00000000 (000000)
0x00 0x00 0x00000000 (000000) 0x00000000 (000000)
27 0x00 0x95 0x00865048 (8802376) 0x000FA000 (1024000) (500.00MB) 4MB boundary #1100 (sector 9011200)
0x00 0x05 0x00000018 (000024) 0x00000001 (000001)
0x00 0x00 0x00000000 (000000) 0x00000000 (000000)
0x00 0x00 0x00000000 (000000) 0x00000000 (000000)
28 0x00 0x90 0x0095F047 (9826375) [COLOR="Red"][B]0x013C8000[/B][/COLOR] (20742144) (10128.00MB) 4MB boundary #1225 (sector 10035200)
0x00 0x00 0x00000000 (000000) 0x00000000 (000000)
0x00 0x00 0x00000000 (000000) 0x00000000 (000000)
0x00 0x00 0x00000000 (000000) 0x00000000 (000000)
This partition table has 28 usable partitions (29 parititions if you count the EXT which Linux does)
I've highlighted in red two sections showing how the file is stored on disk and interpreted in terms on endiness.
Now this if you refer back to http://forum.xda-developers.com/showpost.php?p=33359011&postcount=4 and cross reference to
partition_parser.h in kernel sources (this one is from a copy of moboot http://code.google.com/r/geauxlsu20....h?r=dfd2d6b446d5c86640accd8843d9cdea40159507 )
We can confirm that partition type id is used to to build the partition table in terms of which file goes where
Code:
#define MBR_EBR_TYPE 0x05
#define MBR_MODEM_TYPE 0x06
#define MBR_MODEM_TYPE2 0x0C
#define MBR_SBL1_TYPE 0x4D
#define MBR_SBL2_TYPE 0x51
#define MBR_SBL3_TYPE 0x45
#define MBR_RPM_TYPE 0x47
#define MBR_TZ_TYPE 0x46
#define MBR_MODEM_ST1_TYPE 0x4A
#define MBR_MODEM_ST2_TYPE 0x4B
#define MBR_EFS2_TYPE 0x4E
#define MBR_ABOOT_TYPE 0x4C
#define MBR_BOOT_TYPE 0x48
#define MBR_SYSTEM_TYPE 0x82
#define MBR_USERDATA_TYPE 0x83
#define MBR_RECOVERY_TYPE 0x60
#define MBR_MISC_TYPE 0x63
#define MBR_PROTECTED_TYPE 0xEE
and a excerpt from partition.xml for compiling a .mbn boot image
Code:
<?xml version="1.0"?>
<image>
<physical_partition number="0">
<primary order="1" type="c" bootable="false" label="MODEM" size="10" readonly="true">
</primary>
<primary order="2" type="4d" bootable="true" label="SBL1" size="256" readonly="true">
<file name="sbl1.mbn" offset="0"/>
</primary>
<primary order="3" type="51" bootable="false" label="SBL2" size="512" readonly="true">
<file name="sbl2.mbn" offset="0"/>
</primary>
<primary order="4" type="5" bootable="false" label="EXT" size="1000000">
<extended order="1" type="47" label="RPM" size="256" readonly="true">
<file name="rpm.mbn" offset="0"/>
</extended>
<extended order="2" type="45" label="SBL3" size="2048" readonly="true">
<file name="sbl3.mbn" offset="0"/>
</extended>
<extended order="3" type="46" label="TZ" size="256" readonly="true">
<file name="tz.mbn" offset="0"/>
</extended>
</primary>
</physical_partition>
[B]<parser_instructions>
WRITE_PROTECT_BOUNDARY_IN_KB = 0
GROW_LAST_PARTITION_TO_FILL_DISK=false
ALIGN_ALL_LOGICAL_PARTITIONS_TO_WP_BOUNDARY=false
</parser_instructions>[/B]
</image>
The above file has additional commands contained within highlighted in bold, these are parsed by ptool.py which creates the need rawprogram.xml ( xml without instructions for creating mbr/ebr files ) it also creates the files for blanking emmc(optional) and it's new partition tables in the form of mbr0.bin/ebr0.bin
here is the output when run on the above file
Code:
[email protected]:~/Desktop/Samsung/brixfix/partition_load_pt/python$ python ./ptool.py -x ../xml/singleimage_partition_8660.xml -t ./
CWD: /home/darkspr1te/Desktop/Samsung/brixfix/partition_load_pt/python
OutputFolder= ./
XMLFile= ../xml/singleimage_partition_8660.xml
OutputFolder= ./
OutputToCreate None
PhysicalPartitionNumber 0
verbose False
Looking for ../xml/singleimage_partition_8660.xml
----------------------------------------
Searching /home/darkspr1te/Desktop/Samsung/brixfix/partition_load_pt/python
**Found ../xml/singleimage_partition_8660.xml (1208 bytes)
Found a physical_partition, NumPhyPartitions=1
len(PhyPartition)=0
Testing if GUID= c
GUID does not match regular expression
LABEL: MODEM
========================================
storing at 0
Adding PartitionCollection to "PhyPartition" of size 0
Testing if GUID= 4d
GUID does not match regular expression
LABEL: SBL1
========================================
storing at 0
Adding PartitionCollection to "PhyPartition" of size 0
Testing if GUID= 51
GUID does not match regular expression
LABEL: SBL2
========================================
storing at 0
Adding PartitionCollection to "PhyPartition" of size 0
LABEL: EXT
Testing if GUID= 5
GUID does not match regular expression
LABEL: RPM
Testing if GUID= 47
GUID does not match regular expression
========================================
storing at 0
Adding PartitionCollection to "PhyPartition" of size 0
LABEL: SBL3
Testing if GUID= 45
GUID does not match regular expression
========================================
storing at 0
Adding PartitionCollection to "PhyPartition" of size 0
LABEL: TZ
Testing if GUID= 46
GUID does not match regular expression
========================================
storing at 0
Adding PartitionCollection to "PhyPartition" of size 0
HashInstructions['WRITE_PROTECT_BOUNDARY_IN_KB'] =0
HashInstructions['ALIGN_BOUNDARY_IN_KB'] =0
HashInstructions['GROW_LAST_PARTITION_TO_FILL_DISK']=False
HashInstructions['DISK_SIGNATURE']=0x0
len(PhyPartition)= 1
LABEL: 'MODEM' with 2 sectors
LABEL: 'SBL1' with 150 sectors
LABEL: 'SBL2' with 220 sectors
LABEL: 'RPM' with 232 sectors
LABEL: 'SBL3' with 1200 sectors
LABEL: 'TZ' with 208 sectors
MinSectorsNeeded=2016
==============================================================================
MBR type discovered in XML file, Output will be MBR
==============================================================================
==============================================================================
OutputToCreate ===> 'mbr'
==============================================================================
On PHY Partition 0 that has 6 partitions
------------
For PHY Partition 0
We will need an MBR and 3 EBRs
Inside CreateMasterBootRecord(3) -------------------------------------
1 of 6 "MODEM" (readonly=true) and size=1KB (0.00MB or 2 sectors)
2 of 6 "SBL1" (readonly=true) and size=75KB (0.07MB or 150 sectors)
3 of 6 "SBL2" (readonly=true) and size=110KB (0.11MB or 220 sectors)
About to make EBR, FirstLBA=373, LastLBA=373
Inside CreateExtendedBootRecords(3) -----------------------------------------
EBROffset= 0
Extended Partition begins at FirstLBA=373, size is 1643
FirstLBA now equals 376 since NumEBRPartitions=3
4 of 6 "RPM" (readonly=true) and size=116KB (0.11MB or 232 sectors)
FirstLBA=376 (with size 232 sectors) and LastLBA=376
PhyPartition[k][j]['align']= false
SectorsTillNextBoundary= 0
FirstLBA (376) is *not* covered by the end of the WP region (0),
it needs to be moved to be aligned to 376
FirstLBA=376, LastLBA=608, PartitionSectorSize=232
LastLBA is currently 608 sectors
Card size of at least 0.3MB needed (608 sectors)
5 of 6 "SBL3" (readonly=true) and size=600KB (0.59MB or 1200 sectors)
FirstLBA=608 (with size 1200 sectors) and LastLBA=608
PhyPartition[k][j]['align']= false
SectorsTillNextBoundary= 0
FirstLBA (608) is *not* covered by the end of the WP region (0),
it needs to be moved to be aligned to 608
FirstLBA=608, LastLBA=1808, PartitionSectorSize=1200
LastLBA is currently 1808 sectors
Card size of at least 0.9MB needed (1808 sectors)
6 of 6 "TZ" (readonly=true) and size=104KB (0.10MB or 208 sectors)
FirstLBA=1808 (with size 208 sectors) and LastLBA=1808
THIS IS THE LAST PARTITION
It cannot be marked as read-only, it is now set to writeable
PhyPartition[k][j]['align']= false
SectorsTillNextBoundary= 0
This partition is *NOT* readonly (or does not have align='true')
FirstLBA=1808, LastLBA=2016, PartitionSectorSize=208
LastLBA is currently 2016 sectors
Card size of at least 1.0MB needed (2016 sectors)
------------------------------------------------------------------------------
LastLBA is currently 2016 sectors
Card size of at least 1.0MB needed (2016 sectors)
------------------------------------------------------------------------------
ptool.py is running from CWD: /home/darkspr1te/Desktop/Samsung/brixfix/partition_load_pt/python
Created "./partition0.bin"
Created "./MBR0.bin"
Created "./EBR0.bin"
Created "./rawprogram0.xml"
Created "./patch0.xml"
Created "./emmc_lock_regions.xml"
Use msp tool to write this information to SD/eMMC card
i.e.
sudo python msp.py rawprogram0.xml /dev/sdb <---- where /dev/sdb is assumed to be your SD/eMMC card
sudo python msp.py patch0.xml /dev/sdb <---- where /dev/sdb is assumed to be your SD/eMMC card
Created "zeros_1sector.bin" <-- full of binary zeros - used by "wipe" rawprogram files
Created "zeros_33sectors.bin" <-- full of binary zeros - used by "wipe" rawprogram files
Created "./wipe_rawprogram_PHY0.xml" <-- Used to *wipe/erase* partition information
Created "./wipe_rawprogram_PHY1.xml" <-- Used to *wipe/erase* partition information
Created "./wipe_rawprogram_PHY2.xml" <-- Used to *wipe/erase* partition information
Created "./wipe_rawprogram_PHY4.xml" <-- Used to *wipe/erase* partition information
Created "./wipe_rawprogram_PHY5.xml" <-- Used to *wipe/erase* partition information
Created "./wipe_rawprogram_PHY6.xml" <-- Used to *wipe/erase* partition information
Created "./wipe_rawprogram_PHY7.xml" <-- Used to *wipe/erase* partition information
[email protected]:~/Desktop/Samsung/brixfix/partition_load_pt/python$
now in partition.xml before it's parsed by ptool.py it is as the following with partition size as SIZE
Code:
<primary order="1" type="c" bootable="false" label="MODEM" size="10" readonly="true">
</primary>
<primary order="2" type="4d" bootable="true" label="SBL1" size="256" readonly="true">
<file name="sbl1.mbn" offset="0"/>
but after parsing it's in sectors and offsets
Code:
program SECTOR_SIZE_IN_BYTES="512" file_sector_offset="0" filename="" label="MODEM" num_partition_sectors="2" physical_partition_number="0" size_in_KB="1.0" sparse="false" start_byte_hex="0x200" start_sector="1"/>
<program SECTOR_SIZE_IN_BYTES="512" file_sector_offset="0" filename="sbl1.mbn" label="SBL1" num_partition_sectors="150" physical_partition_number="0" size_in_KB="75.0" sparse="false" start_byte_hex="0x600" start_sector="3"/>
A group of Partition Tools compiled static from original (open) sources -
http://www.sendspace.com/file/4g1atr aimed at mbr/ebr only
sfdisk
lsblk
partx
blkid
Click to expand...
Click to collapse
http://www.sendspace.com/file/5b3jdc inclusive of mbr tools plus GPT tools
blkid
fdisk
gdisk
lsblk
partx
sfdisk
sgdisk
Click to expand...
Click to collapse
Wow! Thanks!!
But what compilation flags did you use? (ARCH, CPU, etc etc)
They could be very useful for other devices as well...
HAPPY NEW YEAR!
E:V:A said:
Wow! Thanks!!
But what compilation flags did you use? (ARCH, CPU, etc etc)
They could be very useful for other devices as well...
HAPPY NEW YEAR!
Click to expand...
Click to collapse
You want details here, pm for restructure into [dev] guide ?
I can repurpose this post anyway, more info , lots more info to post
Happy new year from +2:00 hrs GMT !!!! to All
Device: Sprint Optimus G
Model: LG LS970
CPU: Qualcomm Snapdragon S4 Pro (APQ8064)
Total Number of Partitions Found: 37
Partition: MODEM at 0x000000800000
Partition: SBL1 at 0x000004800000
Partition: SBL2 at 0x000004880000
Partition: SBL3 at 0x000004900000
Partition: ABOOT at 0x000004B00000
Partition: RPM at 0x000004B80000
Partition: BOOT at 0x000005000000
Partition: TZ at 0x000006800000
Partition: PAD at 0x000006880000
Partition: MODEMST1 at 0x000006880400
Partition: MODEMST2 at 0x000006B80400
Partition: M9KEFS1 at 0x000007000000
Partition: M9KEFS2 at 0x0000070C3000
Partition: M9KEFS3 at 0x000007186000
Partition: DRM at 0x000007800000
Partition: SNS at 0x000008000000
Partition: SSD at 0x000008800000
Partition: MISC at 0x000008802000
Partition: FACTORY at 0x000009802000
Partition: BNR at 0x00000A802000
Partition: ENCRYPT at 0x00000B002000
Partition: EKSST at 0x00000B082000
Partition: SYSTEM at 0x00000B800000
Partition: CACHE at 0x00006A800000
Partition: USERDATA at 0x00009C800000
Partition: PERSIST at 0x0000FB000000
Partition: TOMBSTONES at 0x0000FB800000
Partition: RECOVERY at 0x00000B800000
Partition: FSG at 0x00000D000000
Partition: DDR at 0x00000D300000
Partition: FOTA at 0x00000D800000
Partition: MPT at 0x00000F800000
Partition: TZBAK at 0x000011800000
Partition: RPMBAK at 0x000011880000
Partition: CARRIER at 0x000011900000
Partition: RESERVED at 0x000012D00000
Partition: GROW at 0x000013D00000
Click to expand...
Click to collapse
Code:
General Device Name: Samsung Galaxy Note 1
Manufacturer Product Name: GT-N7000
Processor: Samsung Exynos 4210 ( 1.400 MHz )
AOS version: Android ICS 4.0.4
Radio FW version: XXLRK
System FW version: XXLRT
Service Provider/ Branding: Mobilcom-Debitel / -
Country: Germany
(emmc brick chip)
[B]<< output of parted >>[/B]
# parted /dev/block/mmcblk0
GNU Parted 1.8.8.1.179-aef3
Using /dev/block/mmcblk0
Welcome to GNU Parted! Type 'help' to view a list of commands.
(parted) print all
print all
Model: MMC VYL00M (sd/mmc)
Disk /dev/block/mmcblk0: 15.8GB
Sector size (logical/physical): 512B/512B
Partition Table: gpt
Number Start End Size File system Name Flags
1 4194kB 25.2MB 21.0MB ext4 EFS
2 25.2MB 26.5MB 1311kB SBL1
3 27.3MB 28.6MB 1311kB SBL2
4 29.4MB 37.7MB 8389kB PARAM
5 37.7MB 46.1MB 8389kB KERNEL
6 46.1MB 54.5MB 8389kB RECOVERY
7 54.5MB 264MB 210MB ext4 CACHE
8 264MB 281MB 16.8MB MODEM
9 281MB 1174MB 893MB ext4 FACTORYFS
10 1174MB 3322MB 2147MB ext4 DATAFS
11 3322MB 15.2GB 11.9GB fat32 UMS
12 15.2GB 15.8GB 537MB ext4 HIDDEN
(parted) quit
quit
# busybox cat /proc/partitions <
major minor #blocks name
7 0 4190 loop0
7 1 43691 loop1
7 2 3150 loop2
7 3 6269 loop3
7 4 15624 loop4
7 5 30177 loop5
7 6 41612 loop6
7 7 9387 loop7
179 0 15388672 mmcblk0
179 1 20480 mmcblk0p1
179 2 1280 mmcblk0p2
179 3 1280 mmcblk0p3
179 4 8192 mmcblk0p4
179 5 8192 mmcblk0p5
179 6 8192 mmcblk0p6
179 7 204800 mmcblk0p7
259 0 16384 mmcblk0p8
259 1 872448 mmcblk0p9
259 2 2097152 mmcblk0p10
259 3 11616256 mmcblk0p11
259 4 524288 mmcblk0p12
179 8 30657536 mmcblk1
179 9 30653440 mmcblk1p1
254 0 4189 dm-0
254 1 43690 dm-1
254 2 3150 dm-2
254 3 6268 dm-3
254 4 15624 dm-4
254 5 30177 dm-5
254 6 41611 dm-6
254 7 9387 dm-7
7 8 4190 loop8
254 8 4189 dm-8
7 9 8348 loop9
254 9 8347 dm-9
7 10 3150 loop10
254 10 3150 dm-10
7 11 6269 loop11
254 11 6268 dm-11
7 12 3150 loop12
254 12 3150 dm-12
7 13 17703 loop13
254 13 17703 dm-13
7 14 30177 loop14
254 14 30177 dm-14
7 15 2111 loop15
254 15 2110 dm-15
7 16 11466 loop16
254 16 11466 dm-16
7 17 4190 loop17
254 17 4189 dm-17
7 18 2111 loop18
254 18 2110 dm-18
7 19 22901 loop19
254 19 22900 dm-19
7 20 2111 loop20
254 20 2110 dm-20
7 21 19782 loop21
254 21 19782 dm-21
7 22 21861 loop22
254 22 21861 dm-22
7 23 3150 loop23
254 23 3150 dm-23
7 24 5229 loop24
254 24 5229 dm-24
7 25 16664 loop25
254 25 16663 dm-25
7 26 3150 loop26
254 26 3150 dm-26
7 27 7308 loop27
254 27 7308 dm-27
7 28 63473 loop28
254 28 63472 dm-28
7 29 14585 loop29
254 29 14584 dm-29
7 30 3150 loop30
254 30 3150 dm-30
7 31 7308 loop31
254 31 7308 dm-31
7 32 6269 loop32
254 32 6268 dm-32
7 33 4190 loop33
254 33 4189 dm-33
7 34 59283 loop34
254 34 59283 dm-34
7 35 36414 loop35
254 35 36414 dm-35
7 36 4190 loop36
254 36 4189 dm-36
7 37 2111 loop37
254 37 2110 dm-37
7 38 4190 loop38
254 38 4189 dm-38
7 39 6269 loop39
254 39 6268 dm-39
7 40 18743 loop40
254 40 18742 dm-40
7 41 2111 loop41
254 41 2110 dm-41
7 42 19782 loop42
254 42 19782 dm-42
7 43 5229 loop43
254 43 5229 dm-43
7 44 17703 loop44
254 44 17703 dm-44
7 45 14585 loop45
254 45 14584 dm-45
7 46 16664 loop46
254 46 16663 dm-46
7 47 2111 loop47
254 47 2110 dm-47
7 48 3150 loop48
254 48 3150 dm-48
7 49 9387 loop49
254 49 9387 dm-49
# mount
rootfs on / type rootfs (ro,relatime)
tmpfs on /dev type tmpfs (rw,nosuid,relatime,mode=755)
devpts on /dev/pts type devpts (rw,relatime,mode=600)
proc on /proc type proc (rw,relatime)
sysfs on /sys type sysfs (rw,relatime)
none on /acct type cgroup (rw,relatime,cpuacct)
tmpfs on /mnt/asec type tmpfs (rw,relatime,mode=755,gid=1000)
tmpfs on /mnt/obb type tmpfs (rw,relatime,mode=755,gid=1000)
none on /dev/cpuctl type cgroup (rw,relatime,cpu)
/dev/block/mmcblk0p9 on /system type ext4 (ro,noatime,barrier=1,data=ordered)
/dev/block/mmcblk0p7 on /cache type ext4 (rw,nosuid,nodev,noatime,barrier=1,data=ordered)
/dev/block/mmcblk0p1 on /efs type ext4 (rw,nosuid,nodev,noatime,barrier=1,data=ordered)
/dev/block/mmcblk0p10 on /data type ext4 (rw,nosuid,nodev,noatime,barrier=1,data=ordered,noauto_da_alloc)
/dev/block/mmcblk0p4 on /mnt/.lfs type j4fs (rw,relatime)
/sys/kernel/debug on /sys/kernel/debug type debugfs (rw,relatime)
/dev/block/vold/259:3 on /mnt/sdcard type vfat (rw,dirsync,nosuid,nodev,noexec,noatime,nodiratime,uid=1000,gid=1015,fmask=0002,dmask=0002,allow_utime=0020,codepage=cp437,iocharset=iso8859-1,shortname=mixed,utf8,errors=remount-ro,discard)
tmpfs on /mnt/sdcard/external_sd type tmpfs (rw,dirsync,nosuid,nodev,noexec,noatime,nodiratime,size=0k,mode=755,gid=1000)
tmpfs on /mnt/sdcard/usbStorage type tmpfs (rw,dirsync,nosuid,nodev,noexec,noatime,nodiratime,size=0k,mode=755,gid=1000)
/dev/block/vold/179:9 on /mnt/sdcard/external_sd type vfat (rw,dirsync,nosuid,nodev,noexec,noatime,nodiratime,uid=1000,gid=1023,fmask=0002,dmask=0002,allow_utime=0020,codepage=cp437,iocharset=iso8859-1,shortname=mixed,utf8,errors=remount-ro)
/dev/block/vold/179:9 on /mnt/secure/asec type vfat (rw,dirsync,nosuid,nodev,noexec,noatime,nodiratime,uid=1000,gid=1023,fmask=0002,dmask=0002,allow_utime=0020,codepage=cp437,iocharset=iso8859-1,shortname=mixed,utf8,errors=remount-ro)
tmpfs on /mnt/sdcard/external_sd/.android_secure type tmpfs (ro,relatime,size=0k,mode=000)
without /dev/block/dm-xx
[B]<< output of fdisk >>[/B]
# fdisk -l /dev/block/mmcblk0
Disk /dev/block/mmcblk0: 15.7 GB, 15758000128 bytes
1 heads, 16 sectors/track, 1923584 cylinders
Units = cylinders of 16 * 512 = 8192 bytes
Device Boot Start End Blocks Id System
/dev/block/mmcblk0p1 1 1923584 15388671+ ee EFI GPT
Partition 1 does not end on cylinder boundary
#
[B]<< output of gdisk >>[/B]
sh: gdisk: not found
<< Any additional info you'd like to share. See text.>>
Friedbert said:
Code:
General Device Name: Samsung Galaxy Note 1
Manufacturer Product Name: GT-N7000
...
[B]<< output of gdisk >>[/B]
sh: gdisk: not found
[/QUOTE]
If you wanna use [I]gdisk[/I], you need to push it over and install it first! Thanks.
Click to expand...
Click to collapse
I can confirm that the smd_HDR.mbn/bin partition contains md5 checksums for the partitions. Still analysing the first untainted copy, it lists all partitions followed by a md5 sum, but that just strings output. Hex next, will update when I have further info.
Here is the strings in the file.
Code:
Q8x60M2K_EMMC_Va
./ptn/partit
5BB1C1F589363704E8D3F6912377685F
./bin/sbl1.m
C8FB1F17A8C9289BDD2CC35FAD1D8847
./bin/sbl2.m
9FBC53EDBF4CD41AFC9E1D1DB0EE0249
./bin/rpm.mb
8AEDC483EC145A6ADF54FEF6CA433052
./bin/sbl3.mt]
B148EC810189A31175E2743065C8F43F
./bin/aboot.
C9A02863C90339AE308655177429F86F
./bin/boot.i
B2D9A1A62A51DF0A75AF3570DC3F7B65
./bin/[email protected]
62DD4F0024B6732E86C058C3127612AB
./ptn/quincy
457E023513146DF9A237700058D31AE8
./cnst/param
9EA248A486EDE412D0B5247474CE2FEF
./bin/amss.b
54D32EC124B24E055919D4564CB24912
./bin/mdm.bi
8512BCE3D102A19C568DD2895A12C279
recovery.img
662DA0A40017670CD82ABF9D23BD823D
system.img
]EA28643C20DD75852E06E99C5EF1E096
cache.img
42A51E87086CC329561EB262AA38E8B4
tombstone.im
8A8B2BF56C4A455686B3678BE9D41AA4
hidden.img
03F06021375A57297E472F787EE46932
F58997D29D80F232F4818FF0D5F25B78KMKZS000VM(E160K)
F99D
05B9
And ive attached the actual file for anyone who wants to dissect it .
The rest of the file is empty. just '0's
Sent from my A210 using Tapatalk 2
Device: LG Motion
Model: LG MS770/LW770
CPU: Qualcomm Snapdragon S4 Plus (MSM8960L)
Partition: MODEM at 0x000000800000
Partition: SBL1 at 0x000004800000
Partition: SBL2 at 0x000004880000
Partition: SBL3 at 0x000004900000
Partition: ABOOT at 0x000004A00000
Partition: RPM at 0x000004A80000
Partition: TZ at 0x000006000000
Partition: PAD at 0x000006080000
Partition: MODEMST1 at 0x000006080400
Partition: MODEMST2 at 0x000006380400
Partition: SNS at 0x000006800000
Partition: MISC at 0x000007000000
Partition: SYSTEM at 0x000008000000
Partition: USERDATA at 0x000048000000
Partition: PERSIST at 0x0001B3C00000
Partition: CACHE at 0x0001B4400000
Partition: TOMBSTONES at 0x0001C5000000
Partition: RECOVERY at 0x0001C9800000
Partition: FSG at 0x0001CA400000
Partition: SSD at 0x0001CA700000
Partition: DRM at 0x0001CA800000
Partition: FOTA at 0x0001CB000000
Partition: MPT at 0x0001CD000000
Partition: TZBAK at 0x0001CF000000
Partition: RPMBAK at 0x0001CF080000
Partition: ENCRYPT at 0x0001CF100000
Partition: RESERVED at 0x0001CF800000
Partition: GROW at 0x0001D0800000
Click to expand...
Click to collapse

[NOT CONFIRMED] How to enable addtional LTE bands

This is just my investigation and did not confirmed yet in real life.
I have read that people with Motorola Photon Q 4G LTE tried to find a way to enable additional LTE bands support on their phones. And I decided to elaborate is it possible to enable additional LTE bands on Moto X 2014. That I have found by the moment:
Looked at NV item 6828 [NV_LTE_BC_CONFIG_I] with QPST and found that on Pure with Android 4.4.4 it is equal to 0a000100, however on Android 5.0 it is 5e000100. Only the first 4 bytes are important here, as the bands are encoded in 32bits. If we convert these numbers to binary we will have the following picture
Android 4.4.4:
Band (1st digit)--->0000 0000 1110 1111 2111
number (2nd digit)->4321 8765 2109 6543 0987
0a000100 (binary)-> 1010 0000 0000 0000 0001 0000 0000 0000
Android 5.0:
Band (1st digit)--->0000 0000 1110 1111 2111
number (2nd digit)->4321 8765 2109 6543 0987
5e000100 (binary)-> 1110 0101 0000 0000 0001 0000 0000 0000
You can see that some bits are set, which would correspond to the supported bands.
As we know on 4.4.4 LTE bands are supported: 2,4,17. And we can see that three bits are set.
For 5.0 we have 6 bits set - this corresponds to LTE bands 2,3,4,5,7,17.
It's likely that if we set additional bits in LTE NV item 6828 we can get additional LTE bands supported. If someone wants to experiment with getting the modem to use the other LTE-bands please follow stargo's recommendations:
Start with a fresh modem-config: fastboot erase modemst1 && fastboot erase modemst2 (this resets all NV-items and restores files in EFS)
Use QPST to delete /nv/item_files/modem/mmode/lte_bandpref in EFS (or maybe modify it, seems as it is like nv-item 6828)
Use any method to change nv-item 6828 to enable more bands
If you do this, the modem can crash when trying to switch LTE bands. In this case maybe additional changes to EFS/NV are needed...
And if you want to get a stable working modem back, just run fastboot erase modemst1 && fastboot erase modemst2 again.
Al936 said:
This is just my investigation and did not confirmed yet in real life.
I have read that people with Motorola Photon Q 4G LTE tried to find a way to enable additional LTE bands support on their phones. And I decided to elaborate is it possible to enable additional LTE bands on Moto X 2014. That I have found by the moment:
Looked at NV item 6828 [NV_LTE_BC_CONFIG_I] with QPST and found that on Pure with Android 4.4.4 it is equal to 0a000100, however on Android 5.0 it is 5e000100. Only the first 4 bytes are important here, as the bands are encoded in 32bits. If we convert these numbers to binary we will have the following picture
Android 4.4.4:
Band (1st digit)--->0000 0000 1110 1111 2111
number (2nd digit)->4321 8765 2109 6543 0987
0a000100 (binary)-> 1010 0000 0000 0000 0001 0000 0000 0000
Android 5.0:
Band (1st digit)--->0000 0000 1110 1111 2111
number (2nd digit)->4321 8765 2109 6543 0987
5e000100 (binary)-> 1110 0101 0000 0000 0001 0000 0000 0000
You can see that some bits are set, which would correspond to the supported bands.
As we know on 4.4.4 LTE bands are supported: 2,4,17. And we can see that three bits are set.
For 5.0 we have 6 bits set - this corresponds to LTE bands 2,3,4,5,7,17.
It's likely that if we set additional bits in LTE NV item 6828 we can get additional LTE bands supported. If someone wants to experiment with getting the modem to use the other LTE-bands please follow stargo's recommendations:
Start with a fresh modem-config: fastboot erase modemst1 && fastboot erase modemst2 (this resets all NV-items and restores files in EFS)
Use QPST to delete /nv/item_files/modem/mmode/lte_bandpref in EFS (or maybe modify it, seems as it is like nv-item 6828)
Use any method to change nv-item 6828 to enable more bands
If you do this, the modem can crash when trying to switch LTE bands. In this case maybe additional changes to EFS/NV are needed...
And if you want to get a stable working modem back, just run fastboot erase modemst1 && fastboot erase modemst2 again.
Click to expand...
Click to collapse
Try the app Qualcomm NV Calculator?
Would be cool...

Categories

Resources