Database Users

[Heimdall] Repartitioning Problem. C++ Developers required. Offering UnBrickable Mod.

I'm here to recruit help from XDA-Developers for open-source development. I can offer UnBrickable Mod to any Developer who thinks they can help with this C++ issue. This will allow you to play with Loki (the device's side of Odin/Heimdall) and not worry about it.
The only thing keeping the Linux and Mac platforms from being better then Windows at developing ROMs and other firmware is Heimdall's ability to repartition. Once this barrier is broken down, we will have an entire open source chain for developing and Linux will be the premeire platform for developing on Samsung devices. There will be no reason to use Closed Source Windows, Odin, or Samsung Drivers... This is the last barrier.
I am offering debug logs which show the UART output during the flashing of Heimdall and Odin.
here are Heimdall logs/uart logs: http://pastebin.com/srhG7yJA
here are Odin Uart Logs: http://pastebin.com/AiKspmxR UART coming soon.
Here are both Heimdall and Odin USB logs via Wireshark.
http://www.mediafire.com/file/2wccdcuf87q2i3l/odinheimdallUSBLog.zip
Benjamin Dobell has set up code for Heimdall here: https://github.com/Benjamin-Dobell/Heimdall/
This is not a bounty thread. It is an open source development/improvement thread. I have spoken to Benjamin Dobell, the creator of Heimdall, and he is too busy with a new job and working loads of overtime hours. He has approved of this action. Fixing this issue with Heimdall will allow the entire Samsung community to utilize Heimdall as a total replacement for Odin on all platforms.
What's my role/interest in this? I want Linux to be as good or better then Windows.. I'm an Open Source guy. I'm also not good at C++ programming language. I understand the headers, but not the CPP files. I can provide debugging and beta testing though. I've created the cross-platform Heimdall One-Click . I brought UnBrickable Mod to the Captivate and the only thing left in the entire open-source chain of software from complete destruction of data on the device to completely stock is getting Heimdall to repartition.
Once this final hurdle in Heimdall is completed, we've got a full open-source stack of cross-platform, community-based software by XDA-Developers for XDA-Developers and users. Open-Source software will be able to provide more then closed source software, and once again XDA-Developers will prove that we can do things better then the Manufacturers.

There is an issue tracking system here: https://github.com/Benjamin-Dobell/Heimdall/issues
I believe the underlying cause of all 3 of the existing issues in the Heimdall Repostiory lies with Heimdall's ability to repartition.
issue 21: "Failed to confirm end of file transfer sequence!" signifies that the information sent overran the partition area and therefore it never responded that the end was confirmed.
Issue 19: "Could not find end of file or end of file transfer, something similar." Likely the same as issue 21.
Issue 14: "Expected file part index" again, dealing with partition tables. "ERROR: Expected file part index: 0 Received: 1"
I believe all three of these issues could be worked into a single "Heimdall Repartitioning" issue for the reasons stated above.

I got some experience in C++ and Java...
once I get home ill take a look at the heimdall source, and give it a shot.

Smasher816 said:
I got some experience in C++ and Java...
once I get home ill take a look at the heimdall source, and give it a shot.
Click to expand...
Click to collapse
Hey great.. I have a special test setup with UART output.
First I totally thrashed my partition table by uploading the Bada OS SBL.. This SBL rewites partition tables. Then I used the HIBL to unbrick my phone and load a proper SBL. This is the UART during booting up to "Download Mode".
Code:
-------------------------------------------------------------
Hummingbird Interceptor Boot Loader (HIBL) v1.0
Copyright (C) Rebellos 2011
-------------------------------------------------------------
Calling IBL Stage2 ...OK
Testing DRAM1 ...OK
iRAM reinit ...OK
cleaning OTG context ...OK
Chain of Trust has been successfully compromised.
Begin unsecure download now...
0x00000000BL3 EP: 0x40244000
Download complete, hold download mode key combination.
Starting BL3 in...
Set cpu clk. from 400MHz to 800MHz.
IROM e-fused - Non Secure Boot Version.
-----------------------------------------------------------
Samsung Secondary Bootloader (SBL) v3.0
Copyright (C) Samsung Electronics Co., Modified by Rebell
Build On: Jun 8 2011 21:44:47
-----------------------------------------------------------
Re_partition: magic code(0xffffffff)
[PAM: ] ++FSR_PAM_Init
[PAM: ] OneNAND physical base address : 0xb0000000
[PAM: ] OneNAND virtual base address : 0xb0000000
[PAM: ] OneNAND nMID=0xec : nDID=0x50
[PAM: ] --FSR_PAM_Init
fsr_bml_load_partition: pi->nNumOfPartEntry = 7
partitions loading success
board partition information update.. source: 0x0
.Done.
read 1 units.
==== PARTITION INFORMATION ====
ID : *unknown id* (0x9)
ATTR : RO SLC (0x1002)
FIRST_UNIT : 0
NO_UNITS : 1
===============================
ID : *unknown id* (0x0)
ATTR : RO SLC (0x1002)
FIRST_UNIT : 1
NO_UNITS : 7
===============================
ID : *unknown id* (0x1)
ATTR : RW SLC (0x1001)
FIRST_UNIT : 8
NO_UNITS : 796
===============================
ID : *unknown id* (0x14)
ATTR : RW STL SLC (0x1101)
FIRST_UNIT : 804
NO_UNITS : 716
===============================
ID : *unknown id* (0x15)
ATTR : RW STL SLC (0x1101)
FIRST_UNIT : 1520
NO_UNITS : 372
===============================
ID : *unknown id* (0x17)
ATTR : RW STL SLC (0x1101)
FIRST_UNIT : 1892
NO_UNITS : 56
===============================
ID : *unknown id* (0x18)
ATTR : RW SLC (0x1001)
FIRST_UNIT : 1948
NO_UNITS : 56
===============================
FlashDevOpen 232: Error(nErr=0x80000002)
j4fs_open 136: Error(nErr=0x40000000)
loke_init: j4fs_open failed..
init_fuel_gauge: vcell = 4051mV, soc = 82
check_quick_start_condition_with_charger- Voltage: 4051.25000, Linearized[55/70/85], Capacity: 85
init_fuel_gauge: vcell = 4051mV, soc = 82, rcomp = d01f
FlashDevRead 63: Error(offset,length,j4fs_end,nErr)=(0x40000,0x1000,0xffffffff,0x80040001)
nps status file does not exist..
nps status is incorrect!! set default status.(completed)
nps status=0x504d4f43
PMIC_IRQ1 = 0x3c
PMIC_IRQ2 = 0x0
PMIC_IRQ3 = 0x0
PMIC_IRQ4 = 0x0
PMIC_STATUS1 = 0x40
PMIC_STATUS2 = 0x2c
get_debug_level current debug level is 0x0.
get_debug_level current debug level is 0x0.
get_debug_level current debug level is 0x0.
aries_process_platform: Debug Level Invalid
keypad_scan: key value ----------------->= 0x0
CONFIG_ARIES_REV:48 , CONFIG_ARIES_REV03:48
FlashDevRead 63: Error(offset,length,j4fs_end,nErr)=(0x40000,0x1000,0xffffffff,0x80040001)
nps status file does not exist..
nps status is incorrect!! set default status.(completed)
nps status=0x504d4f43
==> Welcome to ARIES!
==> Entering usb download mode..
DISPLAY_PATH_SEL[MDNIE 0x1]is on
MDNIE setting Init start!!
vsync interrupt is off
video interrupt is off
[fb0] turn on
MDNIE setting Init end!!
Error : Current Mode is Host
EP2: 0, 2, 0; len=7
EP2: 0, 2, 0; len=7
sug: IN EP asserted
I gave the command in Heimdall to repartition and flash the boot.bin to partition 1.
Code:
heimdall flash --repartition --pit ./part.pit --1 ./boot.bin
At this point it should have downloaded the partition, saved it, and then heimdall should request the partition back and use that as its guide.
The boot.bin is only 1 block long so this log is short.
Code:
- Odin is connected!
FlashDevRead 63: Error(offset,length,j4fs_end,nErr)=(0x40000,0x1000,0xffffffff,0x80040001)
j4fs_write_file_bootloader 192: Error(nErr=0x40000000)
process_packet: request id(100), data id(0)
process_rqt_init: platform number(0x0), revision(0x0)
process_packet: request id(100), data id(1)
process_packet: request id(100), data id(2)
process_packet: request id(103), data id(0)
process_rqt_close: xmit completed!
FlashDevRead 63: Error(offset,length,j4fs_end,nErr)=(0x40000,0x1000,0xffffffff,0x80040001)
j4fs_write_file_bootloader 192: Error(nErr=0x40000000)
process_packet: request id(103), data id(1)
process_rqt_close: target reset!
ARIES MAGIC_ADDR=0x0 / INFORM5=0x12345678
and this is the log from Heimdall
Code:
Initialising connection...
Detecting device...
Claiming interface...
Attempt failed. Detaching driver...
Claiming interface again...
Setting up interface...
Beginning session...
Handshaking with Loke...
Ending session...
Rebooting device...
Re-attaching kernel driver...
At this point the device "resets" and attempts to boot from the bootloader.
If you need any testing let me know. I can compile source, I can get UART logs. I can repartition the heck out of this device as it is UnBrickable and my test phone.

I believe the device uses the SBL> prompt when it is in download mode.. You can see from this UART log that the device attempted to "saveenv" but it could not. http://code.google.com/p/badadroid/...ompare_logs/SBL_mode_help.txt?spec=svn61&r=57
It also returned the same "FlashDevRead 63 error)
The final action the device needs to do is "savepart" if the partition tables were saved after the pit were uploaded then it would be good to go. There are several other commands as well.. "addpart" and "removepart".. If it comes to using this, let me know. I've worked with Benjamin Dobell's libpit before and I can help out greatly with repartitioning as I've worked extensively in the SBL prompt.
I'm not sure how the Download Mode works exactly, but if it uses the SBL prompt, then I can write pseudocode of how it should work.

This probably isn't going to help much, but it may be a start.
I figured the best way to solve this would be to find the differences between a successful Odin flash and an unsuccessful Heimdall flash. So I delved right in to the wireshark dumps. It seems likely that Heimdall is missing a step.
I do not understand the protocol (yet), but I can see the raw data in the stream. In the Heimdall process, there is some protocol traffic, then the entire PIT file is sent, then some more protocol traffic, then the kernel data is sent. But in the Odin process, there is some protocol traffic, then the entire PIT file is sent, then some more protocol traffic, then the PIT file is sent again in 512 byte chunks, then some protocol traffic (more than usual), and then the kernel data is sent.
At the moment, I can't be sure if this is functionally equivalent or not. I'll need to do quite a bit of deciphering on the protocol to get up to speed on what's really going on. Unfortunately, this is the sort of thing that's easiest if one can watch the action in real time, but as I only have my one phone that I need for work, that's not really an option for me at this time.
Hopefully, I'll return with more info after I've absorbed the communication layer details to see what the non-data chatter actually is.

Could that extra protocol data possibly be Odin commanding delete partitions and add partitions? I'm hypothesizing... nothing more. I see some similarities to the UART logs during SBL> prompt and Odin, so I'm thinking that maybe the SBL prompt is used, or at least some of the methods... In this thread you can see all of the SBL commands http://forum.xda-developers.com/showthread.php?t=1209288
Sure it's from an Infuse, but they're all based on i9000 which is like the mother of our entire generation of devices. The SBLs are interchangeable with different entry points for each "version".

AdamOutler said:
Could that extra protocol data possibly be Odin commanding delete partitions and add partitions? I'm hypothesizing... nothing more. I see some similarities to the UART logs during SBL> prompt and Odin, so I'm thinking that maybe the SBL prompt is used, or at least some of the methods... In this thread you can see all of the SBL commands http://forum.xda-developers.com/showthread.php?t=1209288
Sure it's from an Infuse, but they're all based on i9000 which is like the mother of our entire generation of devices. The SBLs are interchangeable with different entry points for each "version".
Click to expand...
Click to collapse
I have a feeling that it is using the SBL prompt somehow after the flash because everything else seems pretty much identical (besides the timing). If anyone needs to understand the protocol then I recommend just looking at Heimdall's source code, in particular the packet header files store all the constants that are sent and received over USB.

Found the problem - the End Transfer packet is missing. There is also some additional strangeness, though.
Heimdall:
Packet 1: 65 00 00 00 (Init pit transfer)
Packet 2: 65 00 00 00 02 00 00 00 D0 06 00 00 (Want to send 1744 bytes)
Packet 3: [full contents of pit]
Packet 4: 66 00 00 00 (Init file transfer - probably starting the kernel send)​
Odin:
Packet 1: 65 00 00 00 (Init pit transfer)
Packet 2: 65 00 00 00 02 00 00 00 D0 06 00 00 (Want to send 1744 bytes)
Packet 3: [full contents of pit]
Packet 4: 65 00 00 00 03 00 00 00 D0 06 00 00 (Finished sending 1744 bytes)​
The odd part is what odin does next, after the "finished sending":
Packet 5: 65 00 00 00 01 00 00 00 (Dump pit file)
Packet 6: 65 00 00 00 02 00 00 00 00 00 00 00 (Sending chunk 0)
Packet 7: [first 512 bytes of pit]
Packet 8: 65 00 00 00 02 00 00 00 01 00 00 00 (Sending chunk 1)
Packet 9: [next 512 bytes of pit]
Packet 10: 65 00 00 00 02 00 00 00 02 00 00 00 (Sending chunk 2)
Packet 11: [next 512 bytes of pit]
Packet 12: 65 00 00 00 02 00 00 00 03 00 00 00 (Sending chunk 3)
Packet 13: [next 512 bytes of pit]
- repeat for 8 chunks - data past the end of the actual pit file is sent as zeroes -
Packet 22: 65 00 00 00 03 00 00 00 (Done)
Packet 23: 66 00 00 00 (Init file transfer - probably kernel)​
I couldn't begin to tell you why any of this exists at all, but my strong suspicion is that duplicating the Odin behavior will make Heimdall work properly.

So, Adam, the first thing I would try would be to simply add the "finished sending" packet. Try recompiling with this replacement for BridgeManager.cpp and this additional file EndPitFilePacket.h in the project.

psych0phobia said:
So, Adam, the first thing I would try would be to simply add the "finished sending" packet. Try recompiling with this replacement for BridgeManager.cpp and this additional file EndPitFilePacket.h in the project.
Click to expand...
Click to collapse
That did it! Problem solved!
1.I uploaded the Bada bootloaders to my device in order to totally destroy my partition tables.
2.I tried to flash with heimdall 1.3 and it did not work to restore
3.I compiled and installed the new 1.3modified version
4.I flashed with heimdall 1.3modified and it worked
to be sure I repeated the Bada bootloaders once again. The only thing wrong with my device now is that it has no /efs/ partition... which is understandable because bada turned the OneNAND into it's *****.
Great job psych0phobia If you need anything from me just let me know. I mean anything ...
Let me know when you can spare your device so I can modify it. Please push this change upstream.

Here's the UART log
Code:
[���������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������
Uart negotiation Error
-------------------------------------------------------------
Hummingbird Interceptor Boot Loader (HIBL) v1.0
Copyright (C) Rebellos 2011
-------------------------------------------------------------
Calling IBL Stage2 ...OK
Testing DRAM1 ...OK
iRAM reinit ...OK
cleaning OTG context ...OK
Chain of Trust has been successfully compromised.
Begin unsecure download now...
0x00000000BL3 EP: 0x40244000
Download complete, hold download mode key combination.
Starting BL3 in...
Set cpu clk. from 400MHz to 800MHz.
IROM e-fused - Non Secure Boot Version.
-----------------------------------------------------------
Samsung Secondary Bootloader (SBL) v3.0
Copyright (C) Samsung Electronics Co., Modified by Rebell
Build On: Jun 8 2011 21:44:47
-----------------------------------------------------------
Re_partition: magic code(0x0)
[PAM: ] ++FSR_PAM_Init
[PAM: ] OneNAND physical base address : 0xb0000000
[PAM: ] OneNAND virtual base address : 0xb0000000
[PAM: ] OneNAND nMID=0xec : nDID=0x50
[PAM: ] --FSR_PAM_Init
fsr_bml_load_partition: pi->nNumOfPartEntry = 12
partitions loading success
board partition information update.. source: 0x0
.Done.
read 1 units.
==== PARTITION INFORMATION ====
ID : IBL+PBL (0x0)
ATTR : RO SLC (0x1002)
FIRST_UNIT : 0
NO_UNITS : 1
===============================
ID : PIT (0x1)
ATTR : RO SLC (0x1002)
FIRST_UNIT : 1
NO_UNITS : 1
===============================
ID : EFS (0x14)
ATTR : RW STL SLC (0x1101)
FIRST_UNIT : 2
NO_UNITS : 40
===============================
ID : SBL (0x3)
ATTR : RO SLC (0x1002)
FIRST_UNIT : 42
NO_UNITS : 5
===============================
ID : SBL2 (0x4)
ATTR : RO SLC (0x1002)
FIRST_UNIT : 47
NO_UNITS : 5
===============================
ID : PARAM (0x15)
ATTR : RW STL SLC (0x1101)
FIRST_UNIT : 52
NO_UNITS : 20
===============================
ID : KERNEL (0x6)
ATTR : RO SLC (0x1002)
FIRST_UNIT : 72
NO_UNITS : 30
===============================
ID : RECOVERY (0x7)
ATTR : RO SLC (0x1002)
FIRST_UNIT : 102
NO_UNITS : 30
===============================
ID : FACTORYFS (0x16)
ATTR : RW STL SLC (0x1101)
FIRST_UNIT : 132
NO_UNITS : 1146
===============================
ID : DBDATAFS (0x17)
ATTR : RW STL SLC (0x1101)
FIRST_UNIT : 1278
NO_UNITS : 536
===============================
ID : CACHE (0x18)
ATTR : RW STL SLC (0x1101)
FIRST_UNIT : 1814
NO_UNITS : 140
===============================
ID : MODEM (0xb)
ATTR : RO SLC (0x1002)
FIRST_UNIT : 1954
NO_UNITS : 50
===============================
loke_init: j4fs_open success..
load_lfs_parameters valid magic code and version.
reading nps status file is successfully!.
nps status=0x504d4f43
load_debug_level reading debug level from file successfully(0x574f4c44).
init_fuel_gauge: vcell = 4192mV, soc = 90
check_quick_start_condition_with_charger- Voltage: 4192.50000, Linearized[77/92/100], Capacity: 94
init_fuel_gauge: vcell = 4192mV, soc = 90, rcomp = d01f
reading nps status file is successfully!.
nps status=0x504d4f43
PMIC_IRQ1 = 0x28
PMIC_IRQ2 = 0x0
PMIC_IRQ3 = 0x0
PMIC_IRQ4 = 0x0
PMIC_STATUS1 = 0x40
PMIC_STATUS2 = 0x2c
get_debug_level current debug level is 0x574f4c44.
aries_process_platform: Debug Level Low
keypad_scan: key value ----------------->= 0x0
CONFIG_ARIES_REV:48 , CONFIG_ARIES_REV03:48
reading nps status file is successfully!.
nps status=0x504d4f43
==> Welcome to ARIES!
==> Entering usb download mode..
DISPLAY_PATH_SEL[MDNIE 0x1]is on
MDNIE setting Init start!!
vsync interrupt is off
video interrupt is off
[fb0] turn on
MDNIE setting Init end!!
Error : Current Mode is Host
EP2: 0, 2, 0; len=7
EP2: 0, 2, 0; len=7
sug: IN EP asserted
- Odin is connected!
set_nps_update_start: set nps start flag successfully.
process_packet: request id(100), data id(0)
process_rqt_init: platform number(0x0), revision(0x0)
process_packet: request id(100), data id(1)
process_packet: request id(100), data id(2)
process_packet: request id(101), data id(0)
process_packet: request id(101), data id(2)
process_packet: request id(101), data id(3)
[FNW: ] STL read to partition ID: 20
Done.
read 25 units.
partition_backup: efs. meta data=3(units), real size=6553600
.....Done.
read 5 units.
partition_backup: sbl. buf=0x46e00000, size=1310720(bytes)
.....Done.
read 5 units.
partition_backup: sbl2. buf=0x46f40000, size=1310720(bytes)
fsr_bml_format_device start
set_dynamic_partition: pit magic code=0x12349876
bbm format success
bbm_erase_all: step 1. Start unit=1, End unit=2.
.
bbm_erase_all: step 1. Start unit=52, End unit=2004.
..............................................................................................................................................................................................................................................
bbm eraseall success.
fsr_bml_load_partition: pi->nNumOfPartEntry = 12
partitions loading success
Erasing: 1 to 2
.
bbm erase part success
.Done.
Written 1 units.
current percent: 0 (1/1110)
board partition information update.. source: 0x403ee838
Erasing: 2 to 42
........................................
bbm erase part success
[FNW: ] STL formatted (partition ID: 20)
[FNW:INF] nVol : 0, partition_id : 20, stSTLInfo.nTotalLogScts : 12800, buf :0x46400000
TotalLogSct : 12800, size : 6553600
Done.
Written 25 units.
current percent: 2 (26/1110)
Erasing: 42 to 47
.....
bbm erase part success
.....Done.
Written 5 units.
current percent: 2 (31/1110)
Erasing: 47 to 52
.....
bbm erase part success
.....Done.
Written 5 units.
current percent: 3 (36/1110)
process_packet: request id(102), data id(0)
process_packet: request id(102), data id(2)
process_packet: request id(102), data id(3)
process_rqt_xmit: size(5445016), id(6), final(1)
Save Image (KERNEL) to flash ......
Erasing: 72 to 102
..............................
bbm erase part success
.....................Done.
Written 21 units.
current percent: 5 (57/1110)
current write_count=1
process_packet: request id(102), data id(0)
process_packet: request id(102), data id(2)
process_packet: request id(102), data id(3)
process_rqt_xmit: size(12582912), efs_clear(0), boot_update(0), final(1)
xmit_complete_phone: cp partition found!(11)
Save Image (MODEM) to flash ......
Erasing: 1954 to 2004
..................................................
bbm erase part success
................................................Done.
Written 48 units.
current percent: 9 (105/1110)
current write_count=1
process_packet: request id(102), data id(0)
process_packet: request id(102), data id(2)
process_packet: request id(102), data id(3)
process_rqt_xmit: size(104857600), id(22), final(0)
Save Image (FACTORYFS) to flash ......
Erasing: 132 to 1278
..............................................................................................................................................................................................................................................
bbm erase part success
[FNW: ] STL formatted (partition ID: 22)
[FNW:INF] nVol : 0, partition_id : 22, stSTLInfo.nTotalLogScts : 569344, buf :0x46400000
TotalLogSct : 204800, size : 104857600
Done.
Written 394 units.
current percent: 45 (505/1110)
current write_count=1
process_packet: request id(102), data id(2)
process_packet: request id(102), data id(3)
process_rqt_xmit: size(104857600), id(22), final(0)
Save Image (FACTORYFS) to flash ......
[FNW:INF] nVol : 0, partition_id : 22, stSTLInfo.nTotalLogScts : 569344, buf :0x46400000
TotalLogSct : 204800, size : 104857600
Done.
Written 394 units.
current percent: 81 (905/1110)
current write_count=2
process_packet: request id(102), data id(2)
process_packet: request id(102), data id(3)
process_rqt_xmit: size(58163200), id(22), final(1)
Save Image (FACTORYFS) to flash ......
[FNW:INF] nVol : 0, partition_id : 22, stSTLInfo.nTotalLogScts : 569344, buf :0x46400000
TotalLogSct : 113600, size : 58163200
Done.
Written 219 units.
current percent: 101 (1127/1110)
current write_count=3
process_packet: request id(102), data id(0)
process_packet: request id(102), data id(2)
process_packet: request id(102), data id(3)
process_rqt_xmit: size(1376256), id(23), final(1)
Save Image (DBDATAFS) to flash ......
Erasing: 1278 to 1814
..............................................................................................................................................................................................................................................
bbm erase part success
[FNW: ] STL formatted (partition ID: 23)
[FNW:INF] nVol : 0, partition_id : 23, stSTLInfo.nTotalLogScts : 263168, buf :0x46400000
TotalLogSct : 2688, size : 1376256
Done.
Written 6 units.
current percent: 102 (1133/1110)
current write_count=1
process_packet: request id(102), data id(0)
process_packet: request id(102), data id(2)
process_packet: request id(102), data id(3)
process_rqt_xmit: size(1245184), id(24), final(1)
Save Image (CACHE) to flash ......
Erasing: 1814 to 1954
............................................................................................................................................
bbm erase part success
[FNW: ] STL formatted (partition ID: 24)
[FNW:INF] nVol : 0, partition_id : 24, stSTLInfo.nTotalLogScts : 64000, buf :0x46400000
TotalLogSct : 2432, size : 1245184
Done.
Written 5 units.
current percent: 102 (1138/1110)
current write_count=1
save param.blk, size: 5268
FlashDevRead 63: Error(offset,length,j4fs_end,nErr)=(0x40000,0x1000,0xfffff,0x80040001)
j4fs_write_file_bootloader 192: Error(nErr=0x40000000)
process_packet: request id(102), data id(0)
process_packet: request id(102), data id(2)
process_packet: request id(102), data id(3)
process_rqt_xmit: size(262144), id(0), final(1)
Save Image (IBL+PBL) to flash ......
binary version: EVT1.
boot.bin is the one-binary.
relocate & fusing continue..
completed.
Erasing: 0 to 1
.
bbm erase part success
.Done.
Written 1 units.
current percent: 102 (1139/1110)
current write_count=1
process_packet: request id(102), data id(0)
process_packet: request id(102), data id(2)
process_packet: request id(102), data id(3)
process_rqt_xmit: size(1310720), id(3), final(1)
Save Image (SBL) to flash ......
=== SBL signature information ===
File Size : 677052
=================================
read part info
id = 0x3
attr = 0x1002
first unin = 0x2a
number units = 0x5
pages per unit = 0x40
n1st page = 0xa80, page offset = 0x13f, len = 0x48
read part info
id = 0x4
attr = 0x1002
first unin = 0x2f
number units = 0x5
pages per unit = 0x40
n1st page = 0xbc0, page offset = 0x13f, len = 0x48
Found bootable SBL ID: 4
save SBL partition id: 3
Erasing: 42 to 47
.....
bbm erase part success
.....Done.
Written 5 units.
current percent: 103 (1144/1110)
current write_count=1
save sbl id: 3 / erase sbl id: 4
.
process_packet: request id(102), data id(0)
process_packet: request id(102), data id(2)
process_packet: request id(102), data id(3)
process_rqt_xmit: size(872448), id(21), final(1)
Save Image (PARAM) to flash ......
FlashDevClose 262: Error(nErr=0x80040001)
Erasing: 52 to 72
....................
bbm erase part success
[FNW: ] STL formatted (partition ID: 21)
[FNW:INF] nVol : 0, partition_id : 21, stSTLInfo.nTotalLogScts : 2560, buf :0x46400000
TotalLogSct : 1704, size : 872448
Done.
Written 4 units.
current percent: 103 (1148/1110)
current write_count=1
set_nps_update_start: set nps start flag successfully.
process_packet: request id(103), data id(0)
process_rqt_close: xmit completed!
set_nps_update_completed: set nps completed flag successfully.
process_packet: request id(103), data id(1)
process_rqt_close: target reset!
ARIES MAGIC_ADDR=0x0 / INFORM5=0x12345678
1
-----------------------------------------------------------
Samsung Primitive Bootloader (PBL) v3.0
Copyright (C) Samsung Electronics Co., Ltd. 2006-2010
-----------------------------------------------------------
+n1stVPN 2688
+nPgsPerBlk 64
PBL found bootable SBL: Partition(3).
Set cpu clk. from 400MHz to 800MHz.
IROM e-fused - Non Secure Boot Version.
-----------------------------------------------------------
Samsung Secondary Bootloader (SBL) v3.0
Copyright (C) Samsung Electronics Co., Ltd. 2006-2010
Board Name: ARIES REV 03
Build On: Jun 8 2011 21:44:47
-----------------------------------------------------------
Re_partition: magic code(0x0)
[PAM: ] ++FSR_PAM_Init
[PAM: ] OneNAND physical base address : 0xb0000000
[PAM: ] OneNAND virtual base address : 0xb0000000
[PAM: ] OneNAND nMID=0xec : nDID=0x50
[PAM: ] --FSR_PAM_Init
fsr_bml_load_partition: pi->nNumOfPartEntry = 12
......... everything after this is standard data... just included this far to show it booted.
Everything worked..
Would you like WireShark to verify things?
As far as logging, the only thing I could see is this:
Code:
FlashDevRead 63: Error(offset,length,j4fs_end,nErr)=(0x40000,0x1000,0xfffff,0x80040001)
j4fs_write_file_bootloader 192: Error(nErr=0x40000000)
which means it tried to read some garbage from the OneNAND and failed.

AdamOutler said:
That did it! Problem solved!
1.I uploaded the Bada bootloaders to my device in order to totally destroy my partition tables.
2.I tried to flash with heimdall 1.3 and it did not work to restore
3.I compiled and installed the new 1.3modified version
4.I flashed with heimdall 1.3modified and it worked
to be sure I repeated the Bada bootloaders once again. The only thing wrong with my device now is that it has no /efs/ partition... which is understandable because bada turned the OneNAND into it's *****.
Great job psych0phobia If you need anything from me just let me know. I mean anything ...
Let me know when you can spare your device so I can modify it. Please push this change upstream.
Click to expand...
Click to collapse
Yay for a properly working Heimdall! Once this fix gets officially implemented I'll update my Heimdall =D
How much do you charge to make the Captivate Unbrickable? X3

I have a darn huge iq... Classified as genius level... Yet, try as I might, cannot make head or tail of Adams post...
Sent from my cell phone. DUH.

psycho2097 said:
I have a darn huge iq... Classified as genius level... Yet, try as I might, cannot make head or tail of Adams post...
Sent from my cell phone. DUH.
Click to expand...
Click to collapse
Don't give me credit... this is the real genius here...
psych0phobia said:
So, Adam, the first thing I would try would be to simply add the "finished sending" packet. Try recompiling with this replacement for BridgeManager.cpp and this additional file EndPitFilePacket.h in the project.
Click to expand...
Click to collapse
Basically, heimdall could not repartition the OneNAND. I identifed the problem, provided detailed debug level information and asked for help. psych0phobia looked at the Odin/Loki protocol, learned it, found the differences between Odin and Heimdall based on the output of both programs and then wrote the fix. Make sure you thank him. Thank Benjamin Dobell as well, he wrote Heimdall in the first place.
now... if you want to compile it under Linux... open a terminal and copy-pasta.
Code:
sudo apt-get install build-essential curl git
mkdir heimdall
cd heimdall
git clone https://github.com/Benjamin-Dobell/Heimdall.git
cd Heimdall/heimdall
curl http://android.merseine.us/BridgeManager.cpp> ./BridgeManger.cpp
curl http://android.merseine.us/EndPitFilePacket.h >./EndPitFilePacket.h
cd ..
cd ..
cd libpit
./configure
make
cd ..
cd heimdall
./configure
make
sudo make install
This will give Heimdall the ability to fully recover a bad partition table.
NOTE: This should only be used until a version greater then Heimdall 1.3.0 is released.

Yea, kinda got that part.... So my understanding would be now we can successfully flash nexus s. Firmware without screwing everything up... Right? In layman-geek's terms, not super-duper-mega-geek terms....
Sent from my cell phone. DUH.

psycho2097 said:
Yea, kinda got that part.... So my understanding would be now we can successfully flash nexus s. Firmware without screwing everything up... Right? In layman-geek's terms, not super-duper-mega-geek terms....
Sent from my cell phone. DUH.
Click to expand...
Click to collapse
I wont say anything about nexus s just yet... We have a 100% open-source, DIY, and free method of restoring a device to stock. Linux, UnBrickable Mod and heimdall.

In other words....
In yo face jtag

whiteguypl said:
In other words....
In yo face jtag
Click to expand...
Click to collapse
Hell yeah! 3 cheers 4 the unbrickable mod!
Sent from my cell phone. DUH.

Just thought I should let you guys know that I've pushed the source for the 1.3.1 updates to Github and it includes a fix, thanks psych0phobia! 1.3.1 also includes substantially improved no-reboot functionality that allows Heimdall to detect and use an existing session (i.e. previous operation with the --no-reboot parameter). Basically this means that you can do things like dump your PIT and then flash your phone without rebooting in between.
I should note that I kind of forgot to update the make files So it won't actually build on Linux/OS X until I do that when I get home (at work now). Windows users can give it whirl though.

GT-I5800/GT-I5801 Apollo Device Information

I wish to post this information so that I will be helpful for all the developers.
Device Information
Board - s5p6442
CPU - armeabi-v6 / armeabi / armv6-vfp / arm1176jzf-s
GPU - FIMG-3DSE (rev. 1.5.3)
Audio - wolfson microelectronics wm8994
Touchscreen - ATMEL mXT224(AT42QT602240)
TFT LCD PANEL - Samsung S6D04D1
Camera - s5k4ca
Compass / Magnetometer Sensor - AK8973B
Accelerometer Sensor - BMA020
Proximity sensor - GP2A
WiFi - bcm4329
Bluetooth - bcm4329
FM Radio - si4709
USB switch - FSA9480
LCD controller - ???
PMIC chip(s) - MAX8998
Modem - ???
Click to expand...
Click to collapse
Mount Points
Code:
kernel /dev/block/bml5
modem /dev/block/bml10
/cache /dev/block/stl8
/data /dev/block/stl7
/system /dev/block/stl6
/sdcard /dev/block/mmcblk0p1 and /dev/block/mmcblk0
Partition Layout
==== PARTITION INFORMATION ====
ID : IBL & PBL (0x0)
MOUNT POINT : N/A
ATTR : RO SLC PREWRITING (0x9002)
FIRST_UNIT : 0
NO_UNITS : 1
POSITION : 0x00000000-0x00040000
SIZE : 0x00040000
===============================
ID : SBL (0x1)
MOUNT POINT : N/A
ATTR : RO ENTRYPOINT SLC BOOTLOADING PREWRITING (0xd402)
FIRST_UNIT : 1
NO_UNITS : 5
POSITION : 0x00040000-0x00180000
SIZE : 0x00140000
===============================
ID : PARAM (0x2)
MOUNT POINT : N/A
ATTR : RW SLC (0x1001)
FIRST_UNIT : 6
NO_UNITS : 2
POSITION : 0x00180000-0x00200000
SIZE : 0x00080000
===============================
ID : EFS (0x18)
MOUNT POINT : /dev/block/stl4
ATTR : RW STL SLC (0x1101)
FIRST_UNIT : 8
NO_UNITS : 32
POSITION : 0x00200000-0x00a00000
SIZE : 0x00800000
===============================
ID : KERNEL (0x4)
MOUNT POINT : /dev/block/bml5
ATTR : RO SLC PREWRITING (0x9002)
FIRST_UNIT : 40
NO_UNITS : 30
POSITION : 0x00a00000-0x01180000
SIZE : 0x00780000
===============================
ID : FACTORYFS (0x15)
MOUNT POINT : /dev/block/stl6
ATTR : RW STL SLC (0x1101)
FIRST_UNIT : 70
NO_UNITS : 880
POSITION : 0x01180000-0x0ed80000
SIZE : 0x0dc00000
===============================
ID : DATAFS (0x16)
MOUNT POINT : /dev/block/stl7
ATTR : RW STL SLC (0x1101)
FIRST_UNIT : 950
NO_UNITS : 810
POSITION : 0x0ed80000-0x1b800000
SIZE : 0x0ca80000
===============================
ID : CACHE (0x17)
MOUNT POINT : /dev/block/stl8
ATTR : RW STL SLC (0x1101)
FIRST_UNIT : 1760
NO_UNITS : 152 (*mismatch* 152 should be 150)
POSITION : 0x1b800000-0x1de00000
SIZE : 0x02600000
===============================
ID : TEMP (0x3)
MOUNT POINT : N/A
ATTR : RW SLC (0x1001)
FIRST_UNIT : 1912
NO_UNITS : 28 (*mismatch* 28 should be 30)
POSITION : 0x1de00000-0x1e500000
SIZE : 0x00700000
===============================
ID : MODEM (0x5)
MOUNT POINT : /dev/block/bml10
ATTR : RO SLC PREWRITING (0x9002)
FIRST_UNIT : 1940
NO_UNITS : 64
POSITION : 0x1e500000-0x1f500000
SIZE : 0x01000000
===============================
Click to expand...
Click to collapse
I also request all developers to contribute for the missing information. If devs like to add some more information please let me know, I will add it.
Hope this also helps all developers.
Thanks in advance for the support.

camera : s5k4ca
sensors : akm8973

Got first reply from the creator. Thank you very much marcellusbe.
Updated first post.
marcellusbe said:
camera : s5k4ca
sensors : akm8973
Click to expand...
Click to collapse

What about the sound chip? WM8994 DAC
Maybe that belongs to be on your list.

Wiggierip said:
What about the sound chip? WM8442 DAC
Maybe that belongs to be on your list.
Click to expand...
Click to collapse
it's wolfson microelectronics wm8994

marcellusbe said:
it's wolfson microelectronics wm8994
Click to expand...
Click to collapse
I edited my post allready acctually , Thanks anyway

Run the voodoo report app by supercurio to get some more info
https://play.google.com/store/apps/details?id=org.projectvoodoo.report
Also, /dev/block/bml5 is the kernel, and modem's bml10
A partition table (without the entries for the first and second stage bootloader, param and efs partitions is available here :
https://github.com/chirayudesai/cd.kernel-apollo/blob/cd-2.6.32/drivers/mtd/onenand/samsung_apollo.h

The GPU is called FIMG-3DSE (rev. 1.5.3), so maybe it's better to use this name in the first post.
I would also add information about USB switch - FSA9480 and try to find the model of LCD controller, PMIC chip(s), modem and other sensors (akm8973 is only the compass/magnetometer).
For partition table, there should be a file in /proc listing the complete partition map with exact offsets and sizes, in case of Spica it's /proc/rfs/bmlinfo.

tom3q said:
The GPU is called FIMG-3DSE (rev. 1.5.3), so maybe it's better to use this name in the first post.
I would also add information about USB switch - FSA9480 and try to find the model of LCD controller, PMIC chip(s), modem and other sensors (akm8973 is only the compass/magnetometer).
For partition table, there should be a file in /proc listing the complete partition map with exact offsets and sizes, in case of Spica it's /proc/rfs/bmlinfo.
Click to expand...
Click to collapse
Or you can just go through /proc/last_kmsg
You did post a boot log sometime back, layout's this :
Code:
==== PARTITION INFORMATION ====
ID : IBL & PBL (0x0)
ATTR : RO SLC PREWRITING (0x9002)
FIRST_UNIT : 0
NO_UNITS : 1
===============================
ID : SBL (0x1)
ATTR : RO ENTRYPOINT SLC BOOTLOADING PREWRITING (0xd402)
FIRST_UNIT : 1
NO_UNITS : 5
===============================
ID : PARAM (0x2)
ATTR : RW SLC (0x1001)
FIRST_UNIT : 6
NO_UNITS : 2
===============================
ID : EFS (0x18)
ATTR : RW STL SLC (0x1101)
FIRST_UNIT : 8
NO_UNITS : 32
===============================
ID : KERNEL (0x4)
ATTR : RO SLC PREWRITING (0x9002)
FIRST_UNIT : 40
NO_UNITS : 30
===============================
ID : FACTORYFS (0x15)
ATTR : RW STL SLC (0x1101)
FIRST_UNIT : 70
NO_UNITS : 880
===============================
ID : DATAFS (0x16)
ATTR : RW STL SLC (0x1101)
FIRST_UNIT : 950
NO_UNITS : 810
===============================
ID : CACHE (0x17)
ATTR : RW STL SLC (0x1101)
FIRST_UNIT : 1760
NO_UNITS : 152 (*mismatch* 152 should be 150)
===============================
ID : TEMP (0x3)
ATTR : RW SLC (0x1001)
FIRST_UNIT : 1912
NO_UNITS : 28 (*mismatch* 28 should be 30)
===============================
ID : MODEM (0x5)
ATTR : RO SLC PREWRITING (0x9002)
FIRST_UNIT : 1940
NO_UNITS : 64
===============================

You should change the title itns GT-I5800(1) not G3
Sent from my GT-I5800 using xda premium

All changes updated. I got some information from #cat /proc/LinuStoreIII/bmlinfo . Please confirm the information's are correct. Please provide me the missing info. Once I got all the information I will update the main post.
# cat proc/LinuStoreIII/bmlinfo
FSR VERSION: FSR_1.2.1p1_b129_RTM
minor position size units id name
1: 0x00000000-0x00040000 0x00040000 1 0
2: 0x00040000-0x00180000 0x00140000 5 1
3: 0x00180000-0x00200000 0x00080000 2 2
4: 0x00200000-0x00a00000 0x00800000 32 24
5: 0x00a00000-0x01180000 0x00780000 30 4
6: 0x01180000-0x0ed80000 0x0dc00000 880 21
7: 0x0ed80000-0x1b800000 0x0ca80000 810 22
8: 0x1b800000-0x1de00000 0x02600000 152 23
9: 0x1de00000-0x1e500000 0x00700000 28 3
10: 0x1e500000-0x1f500000 0x01000000 64 5
==== PARTITION INFORMATION ====
ID : IBL & PBL (0x0)
MOUNT POINT : ?????
ATTR : RO SLC PREWRITING (0x9002)
FIRST_UNIT : 0
NO_UNITS : 1
POSITION : 0x00000000-0x00040000
SIZE : 0x00040000
===============================
ID : SBL (0x1)
MOUNT POINT : ????
ATTR : RO ENTRYPOINT SLC BOOTLOADING PREWRITING (0xd402)
FIRST_UNIT : 1
NO_UNITS : 5
POSITION : 0x00040000-0x00180000
SIZE : 0x00140000
===============================
ID : PARAM (0x2)
MOUNT POINT : ????
ATTR : RW SLC (0x1001)
FIRST_UNIT : 6
NO_UNITS : 2
POSITION : 0x00180000-0x00200000
SIZE : 0x00080000
===============================
ID : EFS (0x18)
MOUNT POINT : /dev/block/stl4
ATTR : RW STL SLC (0x1101)
FIRST_UNIT : 8
NO_UNITS : 32
POSITION : 0x00200000-0x00a00000
SIZE : 0x00800000
===============================
ID : KERNEL (0x4)
MOUNT POINT : /dev/block/bml5
ATTR : RO SLC PREWRITING (0x9002)
FIRST_UNIT : 40
NO_UNITS : 30
POSITION : 0x00a00000-0x01180000
SIZE : 0x00780000
===============================
ID : FACTORYFS (0x15)
MOUNT POINT : /dev/block/stl6
ATTR : RW STL SLC (0x1101)
FIRST_UNIT : 70
NO_UNITS : 880
POSITION : 0x01180000-0x0ed80000
SIZE : 0x0dc00000
===============================
ID : DATAFS (0x16)
MOUNT POINT : /dev/block/stl7
ATTR : RW STL SLC (0x1101)
FIRST_UNIT : 950
NO_UNITS : 810
POSITION : 0x0ed80000-0x1b800000
SIZE : 0x0ca80000
===============================
ID : CACHE (0x17)
MOUNT POINT : /dev/block/stl8
ATTR : RW STL SLC (0x1101)
FIRST_UNIT : 1760
NO_UNITS : 152 (*mismatch* 152 should be 150)
POSITION : 0x1b800000-0x1de00000
SIZE : 0x02600000
===============================
ID : TEMP (0x3)
MOUNT POINT : ????
ATTR : RW SLC (0x1001)
FIRST_UNIT : 1912
NO_UNITS : 28 (*mismatch* 28 should be 30)
POSITION : 0x1de00000-0x1e500000
SIZE : 0x00700000
===============================
ID : MODEM (0x5)
MOUNT POINT : /dev/block/bml10
ATTR : RO SLC PREWRITING (0x9002)
FIRST_UNIT : 1940
NO_UNITS : 64
POSITION : 0x1e500000-0x1f500000
SIZE : 0x01000000
===============================
Click to expand...
Click to collapse

pmanian said:
All changes updated. I got some information from #cat /proc/LinuStoreIII/bmlinfo . Please confirm the information's are correct. Please provide me the missing info. Once I got all the information I will update the main post.
Click to expand...
Click to collapse
It is indeed the correct, and the partitions you've marked as ??? (for the mount points) aren't mounted in the android system, they contain the Samsung bootloaders which are used only to initialize the phone and then load the kernel, and then complete control is passed to the kernel
Also, might wanna remove the / in front of kernel and modem in the first post, as they are directly accessed from the block device's location

Updated the main post. Thanks for the information. Thanks you very much.
cdesai said:
It is indeed the correct, and the partitions you've marked as ??? (for the mount points) aren't mounted in the android system, they contain the Samsung bootloaders which are used only to initialize the phone and then load the kernel, and then complete control is passed to the kernel
Also, might wanna remove the / in front of kernel and modem in the first post, as they are directly accessed from the block device's location
Click to expand...
Click to collapse

TFT LCD PANEL: Samsung S6D04D1
ALL THE INFO U NEED! dharam made this thread long back..... keep scrolling down... info on our devices hardware and software....
we owe u dharam
http://forum.xda-developers.com/showthread.php?t=1156243

I am not aware of that, So I created this thread. Thanks for the info.
unreal3000 said:
TFT LCD PANEL: Samsung S6D04D1
ALL THE INFO U NEED! dharam made this thread long back..... keep scrolling down... info on our devices hardware and software....
we owe u dharam
http://forum.xda-developers.com/showthread.php?t=1156243
Click to expand...
Click to collapse

unreal3000 said:
TFT LCD PANEL: Samsung S6D04D1
ALL THE INFO U NEED! dharam made this thread long back..... keep scrolling down... info on our devices hardware and software....
we owe u dharam
http://forum.xda-developers.com/showthread.php?t=1156243
Click to expand...
Click to collapse
S6D04D is the LCD controller chip inside the LCD module. The exact manufacturer and model of the screen itself might vary, but it doesn't matter, because the chip handles it itself.

Modem is a Qualcomm.
Not sure which.

hillbeast said:
Modem is a Qualcomm.
Not sure which.
Click to expand...
Click to collapse
oh yeah... i saw somewhere.... time for a bit of research...
---------- Post added at 03:36 AM ---------- Previous post was at 03:06 AM ----------
found it.... modem- QSC6270
datasheet- http://pdf1.alldatasheet.com/datasheet-pdf/view/186573/QUALCOMM/QSC6270.html
pic of the inside of the phone-
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
anyone recognize the other chips?
1 more useful link-
http://forum.xda-developers.com/showthread.php?t=1260551

unreal3000 said:
oh yeah... i saw somewhere.... time for a bit of research...
---------- Post added at 03:36 AM ---------- Previous post was at 03:06 AM ----------
found it.... modem- QSC6270
datasheet- http://pdf1.alldatasheet.com/datasheet-pdf/view/186573/QUALCOMM/QSC6270.html
pic of the inside of the phone-
anyone recognize the other chips?
1 more useful link-
http://forum.xda-developers.com/showthread.php?t=1260551
Click to expand...
Click to collapse
Just pulled my phone apart. I'll tell you what all the chips are:
The big one with SAMSUNG on it is the CPU. The black one to the right is the MAX8998 chip. Below it the big one is the modem (Qualcomm QSC6270), and to the right of that is the WM8998 audio codec. Still trying to find the USB switch chip...
EDIT: The one in the bottom right corner is the FM radio.

hillbeast said:
Just pulled my phone apart. I'll tell you what all the chips are:
The big one with SAMSUNG on it is the CPU. The black one to the right is the MAX8998 chip. Below it the big one is the modem (Qualcomm QSC6270), and to the right of that is the WM8998 audio codec. Still trying to find the USB switch chip...
EDIT: The one in the bottom right corner is the FM radio.
Click to expand...
Click to collapse
Now that you've popped your phone apart, could you take some HD pics and upload somewhere?
I talked to AdamOutler once about getting the unbrickable mod working on our devices, HD pics of the board would help with that

[GUIDE] USB Uart on Galaxy S devices [2012/09/25]

== General Info ==
Hello, and welcome to my usb uart guide - aka, how to totally f' your phone up, if you don't think first!
Really though, read everything before attempting anything!
USB Uart is not new news. There are many great people whom have come before me to make what I am documenting here possible. But I am putting this here because I keep getting PM'd about getting help with USB Uart, and figured it would be good to start a thread that documents what you need and how to get going.
So up front, I need to list some credits.
I gained a lot of knowledge from these people:
TheBeano - Fun with resistors (home/car dock mode + more)
UberPenguin - Galaxy S UART JIG & Debugging Connector
AdamOutler - UART Output / Bootloader Hacking / Kernel Debuging
E:V:A - The Samsung Anyway Jig
I'm sure there is more... let me know if you think you need to be in this list. I'll be happy to update it!
== WARNING ==
I am not responsible for anything you do to your device! If you follow my guide and it results from anything like your phone not working or ending the world, I cannot be held accountable for what you do!
This guide will show you how to use the usb uart on most galaxy s phones (with the FSA9480 USB port accessory detector and switch)
It helps to have Unbrickable Mod. There are some commands you can run from the SBL that will wipe your bootloaders!
You must be VERY CAREFUL!
== Requirements ==
First off, you will need some hardware to connect to your computer. It helps. Below is a list of things I use and they are common and cheap. The links to the items below are what I have. Its what works for me.
mini-usb cable - http://www.sparkfun.com/products/598
bus pirate or arduino (I only cover bus pirate here... for now.) - http://www.seeedstudio.com/depot/bus-pirate-v3-assembled-p-609.html?cPath=174
In my guide i use the bus pirate probe kit - http://www.seeedstudio.com/depot/bus-pirate-probe-kit-p-526.html?cPath=178_180
I used a tape printer to label the test clips.
breadboard (optional, if you rather just solder the resistor to the micro-usb break-out board. more later...) - http://www.sparkfun.com/products/112
USB MicroB Plug Breakout Board - http://www.sparkfun.com/products/10031
some jumper wire - http://www.sparkfun.com/products/124
150k, 523k, 619k resistor (ymmv. AdamOutler and others told me to try 523k or 619k, but I was able to get all the output I need with 150k)
guts - priceless
Also, I use minicom on Linux and Mac OS X (use homebrew to install minicom), but you should be able to use any serial console program you like (i.e. kermit, cu, etc...)
I highly suggest getting to know your bus pirate, but this guide assumes you have read manuals and updated firmware. Any of the other uart modes should also work this way, but I currently don't cover that here... yet.
== Getting Started ==
When we connect to the usb port on the bus pirate(bp), you can find the version info by typing i at the high impedance mode (HiZ>) prompt. Change to this mode when your modifying connections or cable argments.
Code:
HiZ>i
Bus Pirate v3b
Firmware v6.0 r1625 Bootloader v4.4
DEVID:0x0447 REVID:0x3043 (24FJ64GA002 B5)
http://dangerousprototypes.com
Disconnect the bp and lets connect everything from the micro usb port connecting to your phone backwards to the bp. I use a breadboard for things that I might work on later or things I'll re-arrange a lot. You may also decide to solder the resistor directly to the GND/ID pins, but you will need a little lead on the GND. Connect MOSI to D+ and MISO to D-.
Another warning!
You can also fry the ftdi on the bus pirate, if you mess with the connections while the bus pirate is in any mode besides HiZ (Hi Impedance) or unplugged. Usually, I'm in uart bridge mode, so you can't go back to HiZ. You just have to unplug the usb cable.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Solder some jumper wire to the micro usb breakout board. I use about an inch.
I usually start at a1 on the breadboard with vcc and a4 and a5 for ID and GND (respectively). In these images, I'm at the opposite end of the board to make it easier to have the phone next to and above my mouse so it is easy for me to work with the phone.
Put the resistor on b4 and b5 - which is where I connect GND on the bp.
Now that you have the bp connected to the circut, lets move forward and plug in the micro usb cable into the bp and then into your computer.
To change into UART mode on the buspirate, type 'm' at the HiZ> prompt:
Code:
HiZ>m
1. HiZ
2. 1-WIRE
3. UART
4. I2C
5. SPI
6. 2WIRE
7. 3WIRE
8. LCD
x. exit(without change)
(1)>3
Set serial port speed: (bps)
1. 300
2. 1200
3. 2400
4. 4800
5. 9600
6. 19200
7. 38400
8. 57600
9. 115200
10. BRG raw value
(1)>9
Data bits and parity:
1. 8, NONE *default
2. 8, EVEN
3. 8, ODD
4. 9, NONE
(1)>1
Stop bits:
1. 1 *default
2. 2
(1)>1
Receive polarity:
1. Idle 1 *default
2. Idle 0
(1)>1
Select output type:
1. Open drain (H=Hi-Z, L=GND)
2. Normal (H=3.3V, L=GND)
(1)>2
Ready
UART>(3)
UART bridge
Reset to exit
Are you sure? y
After you get into UART Bridge mode, you will have to unplug the usb port from your computer to reset the bus pirate.
This is where experimenting with different resistors on the GND/ID pins make a difference. Using 619k resistance, I just plug the phone in and it boots up. During boot up, I can see the PBL output like the output you will see in the rest of this document. Using 150k resistance, the phone doesn't automatically turn on.
Also, you may have different usability of the console depending on if you set the output type to Open drain or Normal drain.
With Open drain, I am able to see the uart output, but I am not able to break into the SBL prompt like I am with Normal drain.
Interestingly, with 619k on my SGH-T959V, I don't see all of the kernel console output. I still haven't figured out exactly why yet. With 150k resistance, I don't see the PBL output, but I can still break into the SBL prompt (with normal drain) and get full kernel console output.
When you get to this point, the mode light should now be green. When you plug your phone into the micro usb adapter (again 619k in these examples), you should see everything from the pbl in to the kernel starting:
Code:
1
-----------------------------------------------------------
Samsung Primitive Bootloader (PBL) v3.0
Copyright (C) Samsung Electronics Co., Ltd. 2006-2010
-----------------------------------------------------------
+n1stVPN 2688
+nPgsPerBlk 64
+n1stVPN 3008
+nPgsPerBlk 64
PBL found bootable SBL: Partition(4).
Set cpu clk. from 400MHz to 800MHz.
OM=0x29, device=OnenandMux(Audi)
IROM e-fused - Non Secure Boot Version.
-----------------------------------------------------------
Samsung Secondary Bootloader (SBL) v3.0
Copyright (C) Samsung Electronics Co., Ltd. 2006-2010
Board Name: ARIES REV 03
Build On: Oct 28 2011 15:45:50
-----------------------------------------------------------
Re_partition: magic code(0x0)
[PAM: ] ++FSR_PAM_Init
[PAM: ] OneNAND physical base address : 0xb0000000
[PAM: ] OneNAND virtual base address : 0xb0000000
[PAM: ] OneNAND nMID=0xec : nDID=0x60
[PAM: ] --FSR_PAM_Init
fsr_bml_load_partition: pi->nNumOfPartEntry = 12
partitions loading success
board partition information update.. source: 0x0
.Done.
read 1 units.
==== PARTITION INFORMATION ====
ID : IBL+PBL (0x0)
ATTR : RO SLC (0x1002)
FIRST_UNIT : 0
NO_UNITS : 1
===============================
ID : PIT (0x1)
ATTR : RO SLC (0x1002)
FIRST_UNIT : 1
NO_UNITS : 1
===============================
ID : EFS (0x14)
ATTR : RW STL SLC (0x1101)
FIRST_UNIT : 2
NO_UNITS : 40
===============================
ID : SBL (0x3)
ATTR : RO SLC (0x1002)
FIRST_UNIT : 42
NO_UNITS : 5
===============================
ID : SBL2 (0x4)
ATTR : RO SLC (0x1002)
FIRST_UNIT : 47
NO_UNITS : 5
===============================
ID : PARAM (0x15)
ATTR : RW STL SLC (0x1101)
FIRST_UNIT : 52
NO_UNITS : 20
===============================
ID : KERNEL (0x6)
ATTR : RO SLC (0x1002)
FIRST_UNIT : 72
NO_UNITS : 30
===============================
ID : RECOVERY (0x7)
ATTR : RO SLC (0x1002)
FIRST_UNIT : 102
NO_UNITS : 30
===============================
ID : FACTORYFS (0x16)
ATTR : RW STL SLC (0x1101)
FIRST_UNIT : 132
NO_UNITS : 1540
===============================
ID : DATAFS (0x17)
ATTR : RW STL SLC (0x1101)
FIRST_UNIT : 1672
NO_UNITS : 2120
===============================
ID : CACHE (0x18)
ATTR : RW STL SLC (0x1101)
FIRST_UNIT : 3792
NO_UNITS : 160
===============================
ID : MODEM (0xb)
ATTR : RO SLC (0x1002)
FIRST_UNIT : 3952
NO_UNITS : 60
===============================
loke_init: j4fs_open success..
load_lfs_parameters valid magic code and version.
reading nps status file is successfully!.
nps status=0x504d4f43
load_debug_level reading debug level from file successfully(0x574f4c44).
init_fuel_gauge: vcell = 4013mV, soc = 86
check_quick_start_condition- Voltage: 4013.75000, Linearized[74/89/100], Capacity: 89
init_fuel_gauge: vcell = 4013mV, soc = 86, rcomp = d000
reading nps status file is successfully!.
nps status=0x504d4f43
PMIC_IRQ1 = 0x20
PMIC_IRQ2 = 0x0
PMIC_IRQ3 = 0x0
PMIC_IRQ4 = 0x0
PMIC_STATUS1 = 0x40
PMIC_STATUS2 = 0x0
get_debug_level current debug level is 0x574f4c44.
aries_process_platform: Debug Level Low
keypad_scan: key value ----------------->= 0x0
CONFIG_ARIES_REV:48 , CONFIG_ARIES_REV03:48
check_download: micorusb_status1 = 400, key_value = 0
aries_process_platform: final s1 booting mode = 0
DISPLAY_PATH_SEL[MDNIE 0x1]is on
MDNIE setting Init start!!
vsync interrupt is off
video interrupt is off
[fb0] turn on
MDNIE setting Init end!!
Autoboot (0 seconds) in progress, press any key to stop
get_debug_level current debug level is 0x574f4c44.
get_debug_level current debug level is 0x574f4c44.
boot_kernel: Debug Level Low
FOTA Check Bit
Read BML page=, NumPgs=
FOTA Check Bit (0xffffffff)
Load Partion idx = (6)
..............................done
Kernel read success from kernel partition no.6, idx.6.
setting param.serialnr=0x3733b898 0x1ffc00ec
setting param.board_rev=0x30
setting param.cmdline=console=ttySAC2,115200 loglevel=4
Starting kernel at 0x32000000...
== The SBL (Secondary BootLoader) ==
The most interesting line out of all of that was:
Code:
Autoboot (0 seconds) in progress, press any key to stop
If you happen to hold down the Enter/Return key while booting the phone you will get into the "SBL>" prompt.
The Secondary BootLoader is essentially like u-boot.
Code:
...
DISPLAY_PATH_SEL[MDNIE 0x1]is on
MDNIE setting Init start!!
vsync interrupt is off
video interrupt is off
[fb0] turn on
MDNIE setting Init end!!
Autoboot (0 seconds) in progress, press any key to stop Autoboot aborted..
SBL>
If we type help, we will get some commands you can run. Some of these commands are affected by what is set in the environment.
Code:
SBL> help
Following commands are supported:
* setenv
* saveenv
* printenv
* help
* reset
* boot
* kernel
* format
* open
* close
* erasepart
* eraseall
* loadkernel
* showpart
* addpart
* delpart
* savepart
* nkernel
* nramdisk
* nandread
* nandwrite
* usb
* mmctest
* keyread
* readadc
* usb_read
* usb_write
* fuelgauge
* pmic_read
* pmic_write
To get commands help, Type "help <command>"
SBL>
You can get some minimal help for each command:
Code:
SBL> help loadkernel
* Help : loadkernel
* Usage : loadkernel
load kernel image
- loadkernel 0x80A00000 from kernel partition
Another set of intersting commands here are the ones that manipulate the environment:
setenv
saveenv
printenv
Code:
SBL> help setenv
* Help : setenv
* Usage : setenv [name] [value] . .
Modify current environment info on ram
SBL> help saveenv
* Help : saveenv
* Usage : saveenv
Save cuurent environment info to flash
SBL> help printenv
* Help : printenv
* Usage : printenv
Print current environment info on ram
printenv is probably the safest of them to run, so lets try this first.
Code:
SBL> printenv
PARAM Rev 1.3
SERIAL_SPEED : 7
LOAD_RAMDISK : 0
BOOT_DELAY : 0
LCD_LEVEL : 97
SWITCH_SEL : 1
PHONE_DEBUG_ON : 0
LCD_DIM_LEVEL : 0
LCD_DIM_TIME : 6
MELODY_MODE : 1
REBOOT_MODE : 0
NATION_SEL : 0
LANGUAGE_SEL : 0
SET_DEFAULT_PARAM : 0
CUST_KERNEL_DL_COUNT : 0
KERNEL_BINARY_TYPE : 0
VERSION : I9000XXIL
CMDLINE : console=ttySAC2,115200 loglevel=4
DELTA_LOCATION : /mnt/rsv
PARAM_STR_3 :
PARAM_STR_4 :
I'm not fully sure what all of these options are, but the ones I know about are SWITCH_SEL and PHONE_DEBUG_ON.
I usually turn SWITCH_SEL to 765431. If I turn 2 on, I don't get anything. It would be worthy to test each number in SWITCH_SEL to figure out what number changes what. That maybe specific to the device I have.
Setting at least 6543 in SWITCH_SEL will give you kernel log output:
Code:
setenv SWITCH_SEL 6543
saveenv
I also set PHONE_DEBUG_ON to 1:
Code:
setenv PHONE_DEBUG_ON 1
saveenv
When I set this, I get some extended battery statistics like:
Code:
[BAT] CHR(0) CAS(0) CHS(3) DCR(0) ACP(2) BAT(81,0,0) TE(31) HE(1) VO(3926) ED(1000) RC(0) CC(0) VF(591) LO(0)
You must remember that after running setenv, you must then run saveenv at least once at the end to save the environment. I believe this environment info is saved to either an offset on the sbl partition or on the param.lfs. It would be useful to find this out, because u-boot has a userspace utility (that you can use from within linux userspace) to modify the u-boot environment. It may be handy to use a tool like that to modify the CMDLINE option during rom flashing time.
Also, instead of powering your phone off then on again to put the new settings in place, just run reset from the sbl prompt to reboot the phone with the new settings.
Anyways, This is what I have so far. I will be adding more to this as time goes on.
Enjoy!
-Bryan

Very nice and clear guide!
Also check out my Anyway thread on more details about JIG resistances etc. Soon I hope there will be more added to that about building your own Samsung Test Jig...

Setenv switch sel 1234567
Phone debug on 1
This gives you some kernel debugging.

bhundven said:
I usually turn SWITCH_SEL to 765431. If I turn 2 on, I don't get anything. It would be worthy to test each number in SWITCH_SEL to figure out what number changes what.
Click to expand...
Click to collapse
AdamOutler said:
Setenv switch sel 1234567
Phone debug on 1
This gives you some kernel debugging.
Click to expand...
Click to collapse
Yup. I've got that in there.
It's interesting to note that not all bootloaders are created equal. My results are on SGH-T959V.

Any chance that it will work witch Galaxy Ace too?

dragonnn said:
Any chance that it will work witch Galaxy Ace too?
Click to expand...
Click to collapse
I'm not sure. The GT-i9001 and the SGH-i717 (at&t galaxy note) also both have the FSA9480 chip, but use Qualcomm chips. I can only get some bootloader output from the SGH-i717:
Code:
Android Bootloader - UART_DM Initialized!!!
[VIBETONZ] ENABLE
[VIBETONZ] DISABLE
HW_REV = 12
mipi_init : status = 1
HW_REV = 12
start init_charger
smb328a_init_charger : is_reboot_mode = 0, vcell = 3975
check valid dcin (0x33) = 0x0
no dcin, skip init_charger
fuelguage : soc = 80%, vcell = 3975mV
fuelguage : rcomp(0xd01f) ==?? 0xd0d0
HW_REV = 12
VReset : 0x8c
Hibernation mode : 0x0
8340 = ( 397500 - 334350 ) * 13207 / 100000
HW_REV = 12
reboot_mode = 0xb6cef249
do key check
enter normal booting mode
AST_POWERON
usable ddi data.
HW_REV = 12
HW_REV = 12
E.V.A. said that it might be some debugging setting in the kernel that might have disabled the kernel log output.
It would be helpful to get some MSM developers here to help us out with that!

bhundven said:
I'm not sure. The GT-i9001 and the SGH-i717 (at&t galaxy note) also both have the FSA9480 chip, but use Qualcomm chips. I can only get some bootloader output from the SGH-i717:
Click to expand...
Click to collapse
I looked in the kernel source and it have ./drivers/i2c/chips/fsa9280.c and the driver is included in the build kernel:good:. As far I understand we can using this method recovery the phone from hard brick? That will be really nice, my friend bricked his Ace, maybe he can use this method.

dragonnn said:
I looked in the kernel source and it have ./drivers/i2c/chips/fsa9280.c and the driver is included in the build kernel:good:. As far I understand we can using this method recovery the phone from hard brick? That will be really nice, my friend bricked his Ace, maybe he can use this method.
Click to expand...
Click to collapse
Currently, I only know this method to work on SGS( not sgs2 or sgs3 ) phones with the FSA9480.

bhundven said:
Yup. I've got that in there.
It's interesting to note that not all bootloaders are created equal. My results are on SGH-T959V.
Click to expand...
Click to collapse
The switches are messages from levels 1-7. Turn on more to get more messages.

AdamOutler said:
The switches are messages from levels 1-7. Turn on more to get more messages.
Click to expand...
Click to collapse
That makes sense, but what doesn't is if I set SWITCH_SEL to 1234567 or any combination with 2, I get no output. As long as I don't have 2 in there, it works fine. Must just be this device.

Memory Architecture
Of course each device will have a different Memory Map. Each carrier designs their varient based on what they want and need to function. The MM is sectioned off in the ROM. Any user or modifiable area is stored in RAM so remember we are working in an area that is not supposed to touched (ROM).
Bootloaders are tricky beasts, have never developed a flashing algorithm so I don't know. Usually BLs are not updated after release ( atleast in my field) only sw/fw is.
Either way, excellent ideas, but there is always a way in!

Fly-n-High said:
Of course each device will have a different Memory Map. Each carrier designs their varient based on what they want and need to function. The MM is sectioned off in the ROM. Any user or modifiable area is stored in RAM so remember we are working in an area that is not supposed to touched (ROM).
Bootloaders are tricky beasts, have never developed a flashing algorithm so I don't know. Usually BLs are not updated after release ( atleast in my field) only sw/fw is.
Either way, excellent ideas, but there is always a way in!
Click to expand...
Click to collapse
huh?

Good post
Nice...!!
Thanks you~

can't get SBL or PBL logs on uart in galaxy-y (GT-S5360)
Hello sir,
Thanks for your great tutorial .
I Tried to get uart on galaxy-y (GT-S5360) . I got a working uart but can't see any PBL or SBL logs during the boot. The only log I see during the booting is
Code:
AST_POWERON..
BOOTING COMPLETED
After booting, uart works fine and i can use a shell via serial using command
(on phone)
Code:
busybox sh</dev/ttyS0 >/dev/ttyS0
and on PC
Code:
microcom -s 115200 -p /dev/ttyS0
ttyS0 settings of the phone is
Code:
speed 115200 baud; line = 0;
intr = ^C; quit = ^\; erase = ^?; kill = ^U; eof = ^D; eol = <undef>;
eol2 = <undef>; swtch = <undef>; start = ^Q; stop = ^S; susp = ^Z; rprnt = ^R;
werase = ^W; lnext = ^V; flush = ^O; min = 1; time = 0;
-parenb -parodd cs8 hupcl -cstopb cread clocal -crtscts
-ignbrk -brkint -ignpar -parmrk -inpck -istrip -inlcr -igncr icrnl ixon -ixoff
-iuclc -ixany -imaxbel -iutf8
opost -olcuc -ocrnl onlcr -onocr -onlret -ofill -ofdel nl0 cr0 tab0 bs0 vt0 ff0
isig icanon iexten echo echoe echok -echonl -noflsh -xcase -tostop -echoprt
echoctl echoke
And that of PC is
Code:
speed 115200 baud; rows 0; columns 0; line = 0;
intr = ^C; quit = ^\; erase = ^?; kill = ^U; eof = ^D; eol = <undef>;
eol2 = <undef>; swtch = <undef>; start = ^Q; stop = ^S; susp = ^Z; rprnt = ^R;
werase = ^W; lnext = ^V; flush = ^O; min = 1; time = 0;
-parenb -parodd cs8 hupcl -cstopb cread clocal -crtscts
ignbrk -brkint -ignpar -parmrk -inpck -istrip -inlcr -igncr -icrnl -ixon -ixoff
-iuclc -ixany -imaxbel -iutf8
opost -olcuc -ocrnl -onlcr -onocr -onlret -ofill -ofdel nl0 cr0 tab0 bs0 vt0 ff0
isig -icanon iexten -echo echoe echok -echonl -noflsh -xcase -tostop -echoprt
-echoctl echoke
cat /proc/cmdline of phone is
Code:
console=ttyS0,115200n8 mem=362M kmemleak=off root=/dev/ram0 rw androidboot.console=ttyS0 mtdparts=bcm_umi-nand:[email protected](bcm_boot)ro,[email protected](loke)ro,[email protected](loke_bk)ro,[email protected](systemdata)ro,[email protected](modem)ro,[email protected](param_lfs)rw,[email protected](boot)ro,[email protected](boot_backup)ro,[email protected](system)rw,[email protected](cache)rw,[email protected](userdata)rw,[email protected](efs)rw,[email protected](sysparm_dep)ro,[email protected](umts_cal)ro,[email protected](cal)r BOOT_MODE=0 loglevel=0 BOOT_FOTA=0 DEBUG_LEVEL=LOW
Circuit diagram is attached below
any one please help

harish2704 said:
I Tried to get uart on galaxy-y (GT-S5360) . I got a working uart but can't see any PBL or SBL logs during the boot. The only log I see during the booting is
Code:
AST_POWERON..
BOOTING COMPLETED
Click to expand...
Click to collapse
I get something similar on a Samsung Rugby Smart (SGH-I847). I think they have tweaked the UART stuff on the newer devices that post date the Galaxy S devices. They might share the UART chip, but it seems as if they changed the loader implementation which is causing the newer devices to not see the PBL and SBL information during boot.
harish2704 said:
Circuit diagram is attached below
Click to expand...
Click to collapse
Have you tried a 150k or 619k resistor instead of the 523k? I was able to get output with both a 150k and 619k, but the output was very similar to what you have posted. Likely a long shot, but worth a try.
harish2704 said:
cat /proc/cmdline of phone is
Code:
console=ttyS0,115200n8 mem=362M kmemleak=off root=/dev/ram0 rw androidboot.console=ttyS0 mtdparts=bcm_umi-nand:[email protected](bcm_boot)ro,[email protected](loke)ro,[email protected](loke_bk)ro,[email protected](systemdata)ro,[email protected](modem)ro,[email protected](param_lfs)rw,[email protected](boot)ro,[email protected](boot_backup)ro,[email protected](system)rw,[email protected](cache)rw,[email protected](userdata)rw,[email protected](efs)rw,[email protected](sysparm_dep)ro,[email protected](umts_cal)ro,[email protected](cal)r BOOT_MODE=0 loglevel=0 BOOT_FOTA=0 DEBUG_LEVEL=LOW
Click to expand...
Click to collapse
Do you have any control over this? It might be the case that ttyS0 isn't setup during early-boot and you need to use a different tty to get it to output over the FSA chip.

Have you tried a 150k or 619k resistor instead of the 523k?
Click to expand...
Click to collapse
yes I tried I didn't feel any difference b/w 619k & 523k when tried. And with 150k, I couldn't get uart active ()
Do you have any control over this? It might be the case that ttyS0 isn't setup during early-boot and you need to use a different tty to get it to output over the FSA chip
Click to expand...
Click to collapse
.
What you mean by control? You mean, can i change this parameters? yes its possible by reflashing (update.zip methode)
Or
you mean do i have control on ttyS0 device? yes I could change that by
Code:
busybox stty -F /dev/ttyS0 ..........
command
Sorry for my language

harish2704 said:
What you mean by control? You mean, can i change this parameters? yes its possible by reflashing (update.zip methode)
Click to expand...
Click to collapse
This is the method I was referring to. If you tweak the parameters you might be able to get the kernel log over serial.
Sent from my SAMSUNG-SGH-I547 using Tapatalk 2

Can you please describe about the tweaks i have to do...
in my knowledge, kernel param
Code:
console=ttyS0,115200n8
is enough for that....
So please specify the tweaks...

harish2704 said:
Can you please describe about the tweaks i have to do...
in my knowledge, kernel param
Code:
console=ttyS0,115200n8
is enough for that....
So please specify the tweaks...
Click to expand...
Click to collapse
If you can interact with ttyS0 post-boot I'd expect it to work. Is there maybe anther serial device such as ttyHS0 or similar that you can interact with? If so, that might be something to try.

You need to change that ttyS0 to ttySAC2 in the boot parameters. Use the abootimg tool on Ubuntu. Apt-get install abootimg.

Flash Counter not resetting itself!?

Hi, I had recently flashed the jellybean leak Ota for my tab(it's p3100), I had then flashed cwm. Now I tried resetting my flash counter but after rebooting it still stuck at 1 count. What should I do?
Sent from my GT-P3100 using XDA Premium HD app

Help anyone?
Sent from my GT-P3100 using XDA Premium HD app

Maybe flash back to ics. And reset the counter
Sent from my GT-I9100 using Tapatalk 2

Aditya16 said:
Hi, I had recently flashed the jellybean leak Ota for my tab(it's p3100), I had then flashed cwm. Now I tried resetting my flash counter but after rebooting it still stuck at 1 count. What should I do?
Sent from my GT-P3100 using XDA Premium HD app
Click to expand...
Click to collapse
have you tried "Triangule Away" ?
you can installed it from google play
but you need to root your device first

sapiterbang said:
have you tried "Triangle Away" ?
you can installed it from google play
but you need to root your device first
Click to expand...
Click to collapse
I resetted it with that only. Is it some bug in jb?
Sent from my GT-P3100 using XDA Premium HD app

Alvin Lai said:
Maybe flash back to ics. And reset the counter
Sent from my GT-I9100 using Tapatalk 2
Click to expand...
Click to collapse
Will try that.
Sent from my GT-P3100 using XDA Premium HD app

May be try installing supersu ( not superuser) from google play and give permissions to triangle away
Install latest version 1.95 of triangle away
Sent from Galaxy S2 or Galaxy Tab2

I confirm Triangle Away and SuperSU combination still work in JB.

So after rebooting and going to the download mode, even for me it is zero, but after exiting and booting back it goes back to 1 count.
Sent from my GT-P3100 using XDA Premium HD app

Aditya16 said:
So after rebooting and going to the download mode, even for me it is zero, but after exiting and booting back it goes back to 1 count.
Sent from my GT-P3100 using XDA Premium HD app
Click to expand...
Click to collapse
Post your issue in Triangle Away thread. Maybe someone can help you...
---------- Post added at 05:06 PM ---------- Previous post was at 05:06 PM ----------
Aditya16 said:
So after rebooting and going to the download mode, even for me it is zero, but after exiting and booting back it goes back to 1 count.
Sent from my GT-P3100 using XDA Premium HD app
Click to expand...
Click to collapse
Post your issue in Triangle Away thread. Maybe someone could help you

Waw... Back from recovery I got +1. This is not because JB but Sbl.bin updated (download mode in potrait position now). The second boot loader checkbit RECOVERY partition:
Code:
Secondary Bootloader v3.1 version.
Copyright (C) 2011 System S/W Group. Samsung Electronics Co., Ltd.
Board: GT-P3100 REV 04-REAL / Sep 17 2012 13:37:57
booting code=0x0
===== PARTITION INFORMATION =====
ID : X-loader (0x1)
DEVICE : MMC
FIRST UNIT : 0
NO. UNITS : 0
=================================
ID : EFS (0x4)
DEVICE : MMC
FIRST UNIT : 8192
NO. UNITS : 40960
=================================
ID : SBL1 (0x2)
DEVICE : MMC
FIRST UNIT : 49152
NO. UNITS : 4096
=================================
ID : SBL2 (0x3)
DEVICE : MMC
FIRST UNIT : 53248
NO. UNITS : 4096
=================================
ID : PARAM (0x5)
DEVICE : MMC
FIRST UNIT : 57344
NO. UNITS : 16384
=================================
ID : KERNEL (0x6)
DEVICE : MMC
FIRST UNIT : 73728
NO. UNITS : 16384
=================================
ID : RECOVERY (0x7)
DEVICE : MMC
FIRST UNIT : 90112
NO. UNITS : 16384
=================================
ID : CACHE (0x8)
DEVICE : MMC
FIRST UNIT : 106496
NO. UNITS : 1433600
=================================
ID : MODEM (0x9)
DEVICE : MMC
FIRST UNIT : 1540096
NO. UNITS : 40960
=================================
ID : FACTORYFS (0xa)
DEVICE : MMC
FIRST UNIT : 1581056
NO. UNITS : 2867200
=================================
ID : DATAFS (0xb)
DEVICE : MMC
FIRST UNIT : 4448256
NO. UNITS : 25280478
=================================
ID : HIDDEN (0xd)
DEVICE : MMC
FIRST UNIT : 29728734
NO. UNITS : 1048576
=================================
ID : GANG (0x0)
DEVICE : MMC
FIRST UNIT : 0
NO. UNITS : 0
=================================
loke_init: j4fs_open..success
<start_checksum:310>CHECKSUM_HEADER_SECTOR :42
<start_checksum:313>offset:42, size:1024
Not Need Movinand Checksum
load_lfs_parameters valid magic code and version.
switch_sel_str='1'
switch_sel_int='1'
load_debug_level: read debug level successfully(0x574f4c44)...LOW
init_ddi_data: usable ddi data.
Set charging current TA
omap_max17042_read_temp: FG Temp raw_data : 0x2723
read_temp_adc:adc_data : 772
read_temp_adc:adc_data : 763
read_temp_adc:adc_data : 765
read_temp_adc:adc_data : 759
read_temp_adc:adc_data : 758
check_battery_type: fg temp : 39136, adc_temp : 420
check_battery_type: Set BATTERY_TYPE_SDI
omap_max17042_set_model_data : Already fuel gauge initialized !!
max17042_compensate_soc: vcell(3840), rep_soc(43)
calculate_table_soc: charging status : 2, vcell(3840), table_soc(52)
[SBL] VFOCV MSB : 0xc0, LSB : 0x7
[SBL_CHARGER] SOC : 43, VCELL : 3840, VFSOC : 42, VFOCV : 3840
save param.blk, size: 5268
save param.blk successfully.
save switch_sel(1)...ok
reading nps status file is successfully!.
nps status=0x504d4f43
g_nRebootReason = 0x1
set_lcd_panel_id: panel_adc=142
*** ltn070nl01_power_on ***
lcd_pannel_id=2
Autoboot (1 seconds) in progress, press any key to stop .
boot_kernel: debug level low!
checkbit: find RECOVERY
checkbit (f55f0aa0)
Kernel @ 81808000 (0x3f715c bytes)
Ramdisk @ 82800000 (0x880aa bytes)
Starting kernel at 0x81808000...
Now I need Sbl.bin backup from ICS!

ketut.kumajaya said:
Waw... Back from recovery I got +1. This is not because JB but Sbl.bin updated (download mode in potrait position now). The second boot loader checkbit RECOVERY partition:
Code:
Secondary Bootloader v3.1 version.
Copyright (C) 2011 System S/W Group. Samsung Electronics Co., Ltd.
Board: GT-P3100 REV 04-REAL / Sep 17 2012 13:37:57
booting code=0x0
===== PARTITION INFORMATION =====
ID : X-loader (0x1)
DEVICE : MMC
FIRST UNIT : 0
NO. UNITS : 0
=================================
ID : EFS (0x4)
DEVICE : MMC
FIRST UNIT : 8192
NO. UNITS : 40960
=================================
ID : SBL1 (0x2)
DEVICE : MMC
FIRST UNIT : 49152
NO. UNITS : 4096
=================================
ID : SBL2 (0x3)
DEVICE : MMC
FIRST UNIT : 53248
NO. UNITS : 4096
=================================
ID : PARAM (0x5)
DEVICE : MMC
FIRST UNIT : 57344
NO. UNITS : 16384
=================================
ID : KERNEL (0x6)
DEVICE : MMC
FIRST UNIT : 73728
NO. UNITS : 16384
=================================
ID : RECOVERY (0x7)
DEVICE : MMC
FIRST UNIT : 90112
NO. UNITS : 16384
=================================
ID : CACHE (0x8)
DEVICE : MMC
FIRST UNIT : 106496
NO. UNITS : 1433600
=================================
ID : MODEM (0x9)
DEVICE : MMC
FIRST UNIT : 1540096
NO. UNITS : 40960
=================================
ID : FACTORYFS (0xa)
DEVICE : MMC
FIRST UNIT : 1581056
NO. UNITS : 2867200
=================================
ID : DATAFS (0xb)
DEVICE : MMC
FIRST UNIT : 4448256
NO. UNITS : 25280478
=================================
ID : HIDDEN (0xd)
DEVICE : MMC
FIRST UNIT : 29728734
NO. UNITS : 1048576
=================================
ID : GANG (0x0)
DEVICE : MMC
FIRST UNIT : 0
NO. UNITS : 0
=================================
loke_init: j4fs_open..success
<start_checksum:310>CHECKSUM_HEADER_SECTOR :42
<start_checksum:313>offset:42, size:1024
Not Need Movinand Checksum
load_lfs_parameters valid magic code and version.
switch_sel_str='1'
switch_sel_int='1'
load_debug_level: read debug level successfully(0x574f4c44)...LOW
init_ddi_data: usable ddi data.
Set charging current TA
omap_max17042_read_temp: FG Temp raw_data : 0x2723
read_temp_adc:adc_data : 772
read_temp_adc:adc_data : 763
read_temp_adc:adc_data : 765
read_temp_adc:adc_data : 759
read_temp_adc:adc_data : 758
check_battery_type: fg temp : 39136, adc_temp : 420
check_battery_type: Set BATTERY_TYPE_SDI
omap_max17042_set_model_data : Already fuel gauge initialized !!
max17042_compensate_soc: vcell(3840), rep_soc(43)
calculate_table_soc: charging status : 2, vcell(3840), table_soc(52)
[SBL] VFOCV MSB : 0xc0, LSB : 0x7
[SBL_CHARGER] SOC : 43, VCELL : 3840, VFSOC : 42, VFOCV : 3840
save param.blk, size: 5268
save param.blk successfully.
save switch_sel(1)...ok
reading nps status file is successfully!.
nps status=0x504d4f43
g_nRebootReason = 0x1
set_lcd_panel_id: panel_adc=142
*** ltn070nl01_power_on ***
lcd_pannel_id=2
Autoboot (1 seconds) in progress, press any key to stop .
boot_kernel: debug level low!
checkbit: find RECOVERY
checkbit (f55f0aa0)
Kernel @ 81808000 (0x3f715c bytes)
Ramdisk @ 82800000 (0x880aa bytes)
Starting kernel at 0x81808000...
Now I need Sbl.bin backup from ICS!
Click to expand...
Click to collapse
How will i get this sbl.bin file from?

Aditya16 said:
How will i get this sbl.bin file from?
Click to expand...
Click to collapse
From /dev/block/mmcblk0p2 and /dev/block/mmcblk0p3. Be careful, this is a critical part of boot process.

I really do not not know how to do it advice please?
Sent from my GT-P3100 using XDA Premium HD app

News update guy's. Chainfire pm'ed me saying that he will look into the matter. Now all we can do is cross our finger and wait.
Oh and also this download mode does not show +1 when I replaced CWM with stock recovery. I wonder why?
Sent from my GT-P3100 using XDA Premium HD app

UPDATE:
No warning when boot to stock JB XXCLI5 recovery:
Code:
g_nRebootReason = 0x2
set_lcd_panel_id: panel_adc=143
*** ltn070nl01_power_on ***
lcd_pannel_id=2
Autoboot (1 seconds) in progress, press any key to stop .
boot_kernel: debug level low!
checkbit: find RECOVERY
checkbit (f55f0aa0)
Kernel @ 81808000 (0x3f715c bytes)
Ramdisk @ 82800000 (0x135b4d bytes)
save param.blk, size: 5268
save param.blk successfully.
save switch_sel(1)...ok
Starting kernel at 0x81808000...
More investigation needed, when boot to unofficial recovery:
Code:
g_nRebootReason = 0x2
set_lcd_panel_id: panel_adc=143
*** ltn070nl01_power_on ***
lcd_pannel_id=2
Autoboot (1 seconds) in progress, press any key to stop .
boot_kernel: debug level low!
checkbit: find RECOVERY
checkbit (f55f0aa0)
Kernel @ 81808000 (0x39a7b0 bytes)
Ramdisk @ 82800000 (0x1e4fc6 bytes)
[WARNING] Current kernel is NOT official binary!!!
save param.blk, size: 5268
save param.blk successfully.
save switch_sel(1)...ok
Starting kernel at 0x81808000...
Normal boot to stock JB XXCLI5 kernel:
Code:
g_nRebootReason = 0x1
set_lcd_panel_id: panel_adc=142
*** ltn070nl01_power_on ***
lcd_pannel_id=2
Autoboot (1 seconds) in progress, press any key to stop .
boot_kernel: debug level low!
checkbit: find RECOVERY
checkbit (f55f0aa0)
Kernel @ 81808000 (0x3f715c bytes)
Ramdisk @ 82800000 (0x880aa bytes)
Starting kernel at 0x81808000...
Parsed above value from /proc/last_kmsg. From last_kmsg value (second boot loader message?), I can confirm my boot logo hack is safe. Sbl successfuly mount param.lfs:
Code:
loke_init: j4fs_open..success
<start_checksum:310>CHECKSUM_HEADER_SECTOR :42
<start_checksum:313>offset:42, size:1024
Not Need Movinand Checksum
load_lfs_parameters valid magic code and version.

[GUIDE] Build AOSP for zerofltexx by Astrubale

DELETED

but there is some aosp build usable ( incall micro working on fine ) for galaxy s 6?
thanks for the guide Master

supera3 said:
but there is some aosp build usable ( incall micro working on fine ) for galaxy s 6?
thanks for the guide Master
Click to expand...
Click to collapse
Depend on what source zero-common, zerofltexx and kernel are based.

Very cool guide, I'll have to give this a shot later just for fun! Sorry for doubting you before.

If there are new commits, before ". build/envsetup.sh" tipe "repo sync" for upgrade.

Hi @Astrubale,
I tried to build cm-13.0 with your tutorial, but build fails non-stop on:
Code:
target SharedLib: libexpat (/home/sebek/android/system/out/target/product/zerofltexx/obj/SHARED_LIBRARIES/libexpat_intermediates/LINKED/libexpat.so)
/home/sebek/android/system/out/target/product/zerofltexx/obj/SHARED_LIBRARIES/libexpat_intermediates/lib/xmlparse.o: file not recognized: File format not recognized
collect2: error: ld returned 1 exit status
build/core/shared_library_internal.mk:80: recipe for target '/home/sebek/android/system/out/target/product/zerofltexx/obj/SHARED_LIBRARIES/libexpat_intermediates/LINKED/libexpat.so' failed
make: *** [/home/sebek/android/system/out/target/product/zerofltexx/obj/SHARED_LIBRARIES/libexpat_intermediates/LINKED/libexpat.so] Error 1
make: *** Waiting for unfinished jobs....
make[3]: Nothing to be done for 'dtbs'.
or
Code:
/home/sebek/android/system/out/target/product/zerofltexx/obj/SHARED_LIBRARIES/libcrypto_intermediates/android_compat_hacks.o: file not recognized: File format not recognized
collect2: error: ld returned 1 exit status
build/core/shared_library_internal.mk:80: recipe for target '/home/sebek/android/system/out/target/product/zerofltexx/obj/SHARED_LIBRARIES/libcrypto_intermediates/LINKED/libcrypto.so' failed
make: *** [/home/sebek/android/system/out/target/product/zerofltexx/obj/SHARED_LIBRARIES/libcrypto_intermediates/LINKED/libcrypto.so] Error 1
make: *** Waiting for unfinished jobs....
make: Leaving directory '/home/sebek/android/system'
The solution is to remove xmlparse.o or android_compat_hacks.o and I guess it continues the build. Almost at the end of compilation (I presume) it throws out that very error and after a while I get:
Code:
/home/sebek/android/system/kernel/samsung/exynos7420/scripts/Makefile.fwinst:45: target '/lib/firmware/tsp_stm/stm_z1.fw' given more than once in the same rule
/home/sebek/android/system/kernel/samsung/exynos7420/scripts/Makefile.fwinst:45: target '/lib/firmware/abov/abov_valley.fw' given more than once in the same rule
make[1]: Leaving directory '/home/sebek/android/system/kernel/samsung/exynos7420'
make[1]: Entering directory '/home/sebek/android/system/kernel/samsung/exynos7420'
INSTALL net/ipv4/tcp_htcp.ko
INSTALL net/ipv4/tcp_westwood.ko
/home/sebek/android/system/kernel/samsung/exynos7420/scripts/Makefile.fwinst:45: target '../../system/lib/firmware/tsp_stm/stm_z1.fw' given more than once in the same rule
/home/sebek/android/system/kernel/samsung/exynos7420/scripts/Makefile.fwinst:45: target '../../system/lib/firmware/abov/abov_valley.fw' given more than once in the same rule
DEPMOD 3.10.61
make[1]: Leaving directory '/home/sebek/android/system/kernel/samsung/exynos7420'
make: Leaving directory '/home/sebek/android/system'
#### make failed to build some targets (26:29 (mm:ss)) ####
Maybe you'd be willing to give me some advice on how I could finish this build ? I am building on Ubuntu 16.04, dl'd the newest kernel from Brandon's git repo.
My best

djseban2 said:
Hi @Astrubale,
I tried to build cm-13.0 with your tutorial, but build fails non-stop on:
Code:
target SharedLib: libexpat (/home/sebek/android/system/out/target/product/zerofltexx/obj/SHARED_LIBRARIES/libexpat_intermediates/LINKED/libexpat.so)
/home/sebek/android/system/out/target/product/zerofltexx/obj/SHARED_LIBRARIES/libexpat_intermediates/lib/xmlparse.o: file not recognized: File format not recognized
collect2: error: ld returned 1 exit status
build/core/shared_library_internal.mk:80: recipe for target '/home/sebek/android/system/out/target/product/zerofltexx/obj/SHARED_LIBRARIES/libexpat_intermediates/LINKED/libexpat.so' failed
make: *** [/home/sebek/android/system/out/target/product/zerofltexx/obj/SHARED_LIBRARIES/libexpat_intermediates/LINKED/libexpat.so] Error 1
make: *** Waiting for unfinished jobs....
make[3]: Nothing to be done for 'dtbs'.
or
Code:
/home/sebek/android/system/out/target/product/zerofltexx/obj/SHARED_LIBRARIES/libcrypto_intermediates/android_compat_hacks.o: file not recognized: File format not recognized
collect2: error: ld returned 1 exit status
build/core/shared_library_internal.mk:80: recipe for target '/home/sebek/android/system/out/target/product/zerofltexx/obj/SHARED_LIBRARIES/libcrypto_intermediates/LINKED/libcrypto.so' failed
make: *** [/home/sebek/android/system/out/target/product/zerofltexx/obj/SHARED_LIBRARIES/libcrypto_intermediates/LINKED/libcrypto.so] Error 1
make: *** Waiting for unfinished jobs....
make: Leaving directory '/home/sebek/android/system'
The solution is to remove xmlparse.o or android_compat_hacks.o and I guess it continues the build. Almost at the end of compilation (I presume) it throws out that very error and after a while I get:
Code:
/home/sebek/android/system/kernel/samsung/exynos7420/scripts/Makefile.fwinst:45: target '/lib/firmware/tsp_stm/stm_z1.fw' given more than once in the same rule
/home/sebek/android/system/kernel/samsung/exynos7420/scripts/Makefile.fwinst:45: target '/lib/firmware/abov/abov_valley.fw' given more than once in the same rule
make[1]: Leaving directory '/home/sebek/android/system/kernel/samsung/exynos7420'
make[1]: Entering directory '/home/sebek/android/system/kernel/samsung/exynos7420'
INSTALL net/ipv4/tcp_htcp.ko
INSTALL net/ipv4/tcp_westwood.ko
/home/sebek/android/system/kernel/samsung/exynos7420/scripts/Makefile.fwinst:45: target '../../system/lib/firmware/tsp_stm/stm_z1.fw' given more than once in the same rule
/home/sebek/android/system/kernel/samsung/exynos7420/scripts/Makefile.fwinst:45: target '../../system/lib/firmware/abov/abov_valley.fw' given more than once in the same rule
DEPMOD 3.10.61
make[1]: Leaving directory '/home/sebek/android/system/kernel/samsung/exynos7420'
make: Leaving directory '/home/sebek/android/system'
#### make failed to build some targets (26:29 (mm:ss)) ####
Maybe you'd be willing to give me some advice on how I could finish this build ? I am building on Ubuntu 16.04, dl'd the newest kernel from Brandon's git repo.
My best
Click to expand...
Click to collapse
Can you send me a screen of /android/system/kernel/samsung/exynos7420/ ?

Astrubale said:
Can you send me a screen of /android/system/kernel/samsung/exynos7420/ ?
Click to expand...
Click to collapse
Sure, it looks like this:
hxxp://imgur.com/M5sAjIo
@edit: I deleted exynos7420 dir and unzipped it (dl'd zip from github) once again, this time through Terminal. Turned out it was something wrong with that, therefore I succeded with building the ROM, but my S6 hangs on "Kernel is not seandroid enforcing", after flashing the ROM (tough luck, I guess). What's more I tried flahyboy's ROM, to see if it's maybe something wrong with my S6 - well, you can say flahyboy's ROM starts instantly, but in-call mic is not working. I'd be grateful for any hints on what might be wrong. One and only thing I noticed is flahyboy's ROM is slightly greater in size (~40MB) that mine.. maybe the build solution did not add something to my zip.. Anyway - great tutorial, thanks for that. Installing AOSP just made me even more anxious to wait for making this system stable :good:

djseban2 said:
Sure, it looks like this:
hxxp://imgur.com/M5sAjIo
@edit: I deleted exynos7420 dir and unzipped it (dl'd zip from github) once again, this time through Terminal. Turned out it was something wrong with that, therefore I succeded with building the ROM, but my S6 hangs on "Kernel is not seandroid enforcing", after flashing the ROM (tough luck, I guess). What's more I tried flahyboy's ROM, to see if it's maybe something wrong with my S6 - well, you can say flahyboy's ROM starts instantly, but in-call mic is not working. I'd be grateful for any hints on what might be wrong. One and only thing I noticed is flahyboy's ROM is slightly greater in size (~40MB) that mine.. maybe the build solution did not add something to my zip.. Anyway - great tutorial, thanks for that. Installing AOSP just made me even more anxious to wait for making this system stable :good:
Click to expand...
Click to collapse
Thank, but can you compile now?

Astrubale said:
Thank, but can you compile now?
Click to expand...
Click to collapse
Yeah, I compiled it at last, but if i flash the zip from out folder, then the phone hangs on first bootsplash ("Galaxy S6") with "Kernel is not seandroid enforcing"

djseban2 said:
Yeah, I compiled it at last, but if i flash the zip from out folder, then the phone hangs on first bootsplash ("Galaxy S6") with "Kernel is not seandroid enforcing"
Click to expand...
Click to collapse
Search for errors inside /proc/last_kmsg

Wow cool clean and easy Guide. Thanks for this.
Weil try myself on that.

Astrubale said:
Search for errors inside /proc/last_kmsg
Click to expand...
Click to collapse
Code:
Samsung S-Boot 4.0 for SM-G920F (Apr 22 2016 - 16:59:51)
EXYNOS7420 EVT 1.3 (Base on ARM CortexA53)
3048MB / 0MB / Rev 11 / G920FXXU3DPDP / (PKG_ID 0x0) / LOT_ID N3N1P / RST_STAT (0x10000)
__if_pmic_rev_init - MUIC API is not ready!
MON: 0x8(1)
MON[0] = (1)[0x1c, 0x7a]
MON[1] = (2)[0x1a, 0x56]
MON[2] = (3)[0x1a, 0x3d]
MON[3] = (4)[0x1c, 0x4e]
MON[4] = (5)[0x1a, 0x39]
MON[5] = (6)[0x1a, 0x30]
MON[6] = (7)[0x15, 0x44]
MON[7] = (0)[0x0c, 0x07]
pmic_asv_init
(ASV_TBL_BASE+0x00)[11:0] bigcpu_asv_group = 2184
(ASV_TBL_BASE+0x00)[15:12] bigcpu_ssa0 = 0
(ASV_TBL_BASE+0x00)[27:16] littlecpu_asv_group = 2457
(ASV_TBL_BASE+0x00)[31:28] littlecpu_ssa0 = 0
(ASV_TBL_BASE+0x04)[11:0] g3d_asv_group = 2184
(ASV_TBL_BASE+0x04)[15:12] g3d_ssa0 = 0
(ASV_TBL_BASE+0x04)[27:16] mif_asv_group = 2184
(ASV_TBL_BASE+0x04)[31:28] mif_ssa0 = 0
(ASV_TBL_BASE+0x08)[11:0] int_asv_group = 3276
(ASV_TBL_BASE+0x08)[15:12] int_ssa0 = 6
(ASV_TBL_BASE+0x08)[27:16] cam_disp_asv_group = 2184
(ASV_TBL_BASE+0x08)[31:28] cam_disp_ssa0 = 0
(ASV_TBL_BASE+0x0C)[3:0] dvfs_asv_table_version = 15
(ASV_TBL_BASE+0x0C)[4] asv_group_type = 0
(ASV_TBL_BASE+0x0C)[7:5] reserved01 = 0
(ASV_TBL_BASE+0x0C)[8] shift_type = 0
(ASV_TBL_BASE+0x0C)[9] ssa1_enable = 0
(ASV_TBL_BASE+0x0C)[10] ssa0_enable = 1
(ASV_TBL_BASE+0x0C)[15:11] reserved02 = 0
(ASV_TBL_BASE+0x0C)[16] asv_method = 1
(ASV_TBL_BASE+0x0C)[31:17] reserved03 = 0
(ASV_TBL_BASE+0x10)[3:0] main_asv_group = 0
(ASV_TBL_BASE+0x10)[7:4] main_asv_ssa = 0
(ASV_TBL_BASE+0x10)[11:8] bigcpu_ssa1 = 0
(ASV_TBL_BASE+0x10)[15:12] littlecpu_ssa1 = 0
(ASV_TBL_BASE+0x10)[19:16] g3d_ssa1 = 0
(ASV_TBL_BASE+0x10)[23:20] mif_ssa1 = 0
(ASV_TBL_BASE+0x10)[27:24] int_ssa1 = 0
(ASV_TBL_BASE+0x10)[31:28] cam_disp_ssa1 = 0
(ASV_TBL_BASE+0x14)[8:0] bigcpu_ssa_ema = 0
(ASV_TBL_BASE+0x14)[17:9] littlecpu_ssa_ema = 0
(ASV_TBL_BASE+0x14)[26:18] g3d_ssa_ema = 0
(ASV_TBL_BASE+0x14)[31:27] reserved04 = 0
chip_status = f, bin2_efuse = 0
muic_register_max77843_apis
muic_is_max77843 chip_id:0x43 muic_id:0xb5 -> matched.
MUIC rev = MAX77843(181)
init_multi_microusb_ic Active MUIC 0xb5
max77843_init_microusb_ic: MUIC: CDETCTRL:0x2d
max77843_init_microusb_ic: MUIC: CONTROL1:0x00
max77843_init_microusb_ic: MUIC: CONTROL2:0x3b
max77843_muic_get_adc_value: STATUS1:0x1f
max77843_muic_get_adc_value: ADC:0x1f
max77843_muic_get_adc_value: STATUS1:0x1f
max77843_muic_get_adc_value: ADC:0x1f
max77843_muic_get_chg_typ: STATUS2:0x00
max77843_muic_get_chg_typ: CHGTYP:0x00
max77843_muic_get_adc_value: STATUS1:0x1f
max77843_muic_get_adc_value: ADC:0x1f
max77843_muic_get_chg_typ: STATUS2:0x00
max77843_muic_get_chg_typ: CHGTYP:0x00
load Secure Payload done.
Chip ID : 060f4d16dd28 / 0x00007700
EL3 monitor information => Built : 16:48:28, Jan 18 2016
bConfigDescrLock: 1
sw_lock success
sw_lock success
sw_lock success
SCSI CMD : 55 11 00 00 00 00 00 00 14 00
SCSI Response(01) : Target Failure
SCSI Status(02) : max77843_set_muic_uart_early: MUIC: CONTROL1: 0x00
max77843_muic_get_adc_value: STATUS1:0x1f
max77843_muic_get_adc_value: ADC:0x1f
[Debug Info.]
S-BOOT : VERSION_-+F0
SecureOS : 20 (MB)
- read_bl1
blk_bread_bootsector: LUN 1, from 0x0, size 0x10, buffer 0x45708000
Verify_Binary_Signature 0x45720120 [email protected], [email protected]
pit_check_signature (PIT) valid.
PARAM ENV VERSION: v1.0..
blk_bread_bootsector: LUN 1, from 0xffe, size 0x1, buffer 0x441204c0
initialize_ddi_data: usable! (3:0xf), warranty reason : (0x0303)
MAGIC_RAM_BASE: 4000000, MAGIC_RAM_BASE2: 100001, ompin: 2000a
[ldfw] Pass LDFW partition!
[ldfw] read whole CM partition from the storage
ldfw: 0th ldfw's version 0x20151027 name : CryptoManagerV20
ldfw: 1th ldfw's version 0x20151203 name : fmp_fw
ldfw: init ldfw(s). whole ldfws size 0x204110
[ldfw] try to init 2 ldfw(s). except 0 ldfw 2 ldfw(s) have been inited done.
[mobi_drv] add: 0x43e71940, size: 11401
MobiCore IDLE flag = 0
MobiCore Driver loaded and RTM IDLE!
[OTP] 27 bit read: 0x5
[OTP] 22 bit read: 0x0
[OTP] 21 bit read: 0x0
[OTP] 23 bit read: 0x1
[OTP] 26 bit read: 0x1
[OTP] NANTIRBK0 bit reading: start
[OTP] NANTIRBK0: 3 bit
[OTP] 28 bit read: 0x1
[OTP] 29 bit read: 0x0
[OTP] 30 bit read: 0x1
[OTP] 25 bit read: 0x1
[OTP] ETC value: 0
[EFUSE] SMC Read the 0x0 ...
[EFUSE] SMC Read Count value: 3
[EFUSE] SMC Read the 0x1 ...
[EFUSE] SMC Read Count value: 1
[EFUSE] SMC Read the 0x2 ...
[EFUSE] SMC Read Count value: 0
[EFUSE] SMC Read the 0x3 ...
[EFUSE] SMC Read Count value: 1
(1,5) vs (1,5)
[EFUSE] This is commercial device.
set_tzpc_secureport: successfully protected 0
eSE Protection!!
Authenticated data read request (Swapped)
Authenticated data read response (Swapped)
RPMB: get hmac value: success
HMAC compare success !!
update_rpmb_version skip.
initialize_secdata_rpmb: usable! (0x52504d42)
DDR SIZE: 3G (0xc0000000)
LPDDR4 manufacturer : Micron
bin2_efuse = 0
[TMU] 52, 53, 51, 51
UFS vendor: SAMSUNG
FW rev : 0200
product : KLUBG4G1BD-E0B1
UFS size (GB) : 32
UFS ID : XXXXXXXXXXXXXXXX
lun:196 Query Response : 0xfc
lun:196 Query Response : 0xfc
lun:196 Query Response : 0xfc
lun:196 Query Response : 0xfc
dNumAllocUnits error at LU7 0 0
PROVISION : FAIL
PROVISION : FAIL
max77843_muic_api_print_init_regs: INTMASK[1:0x00, 2:0x00, 3:0x00]
max77843_muic_api_print_init_regs: MUIC: CDETCTRL:0x2d
max77843_muic_api_print_init_regs: MUIC: CONTROL1:0x00
max77843_muic_api_print_init_regs: MUIC: CONTROL2:0x3b
max77843_muic_api_print_init_regs: MUIC: CONTROL3:0x00
max77843_muic_api_print_init_regs: MUIC: CONTROL4[0x16]:0xb2
init_ific : MAX77843(0)
init_ific : MAX77843(0)
set_float_voltage: max77843 battery cv voltage 0x9c
set_charger_state: buck(1), chg(1), reg(0x05)
max77843_get_charger_status: Invalid charger
set_auto_current: get_charger_status(0)
max77843_muic_get_adc_value: STATUS1:0x1f
max77843_muic_get_adc_value: ADC:0x1f
max77843_muic_get_chg_typ: STATUS2:0x00
max77843_muic_get_chg_typ: CHGTYP:0x00
max77843_muic_get_adc_value: STATUS1:0x1f
max77843_muic_get_adc_value: ADC:0x1f
max77843_muic_get_chg_typ: STATUS2:0x00
max77843_muic_get_chg_typ: CHGTYP:0x00
get_wireless_charger_detect: wireless check 0
get_wireless_charger_detect : CHG_DTLS(0x00)
set_auto_current: unknown_state, curr(475)
max77843_get_charger_status: Invalid charger
get_wireless_charger_detect: wireless check 0
get_wireless_charger_detect : CHG_DTLS(0x00)
set_charger_current: chg curr(137), in curr(0)
max77843_get_charger_status: Invalid charger
get_wireless_charger_detect: wireless check 0
get_wireless_charger_detect : CHG_DTLS(0x00)
fuelguage : wpc_status(0)
set_charger_state: buck(1), chg(0), reg(0x04)
init_fuel_gauge: Start!!
init_fuel_gauge : MAX77843(0)
max77843_muic_get_adc_value: STATUS1:0x1f
max77843_muic_get_adc_value: ADC:0x1f
adc_read_temp temp_adc = 1852
init_fuel_gauge temp = 25
init_fuel_gauge : MAX77843(0)
init_fuel_gauge: Battery type : SDI, capacity: 5177, status: 128
init_fuel_gauge: Already initialized (0x1439, SDI type)
check_validation_with_tablesoc: Start!!
fuel_gauge_read_soc: SOC(32), data(0x209a)
fuel_gauge_read_ocv: VFOCV(3774), data(0xbcba)
calculate_table_soc : low(0) high(6) mid(7) table_soc(0)
calculate_table_soc : low(4) high(6) mid(3) table_soc(0)
calculate_table_soc : low(6) high(6) mid(5) table_soc(0)
calculate_table_soc : low(7) high(6) mid(6) table_soc(0)
calculate_table_soc: vcell [3774] table_soc [31]
differ(1), table_soc(31), RepSOC(32)
max77843_muic_get_adc_value: STATUS1:0x1f
max77843_muic_get_adc_value: ADC:0x1f
max77843_muic_get_chg_typ: STATUS2:0x00
max77843_muic_get_chg_typ: CHGTYP:0x00
fuel_gauge_read_vcell: VCELL(3716), data(0xb9d8)
vcell(3716),soc_diff_limit(50), low_temp_reset(0)
fuel_gauge_read_ocv: VFOCV(3774), data(0xbcba)
fuel_gauge_read_vcell: VCELL(3716), data(0xb9d8)
fuel_gauge_read_soc: SOC(32), data(0x209a)
fuel_gauge_read_vfsoc: VFSOC(30), data(0x1ef3)
init_fuel_gauge : OCV(3774), VCELL(3716), SOC(32), VFSOC(30)
AP_PMIC_SDA = 1
PMIC_ID = 0x12
OTP:0x78 PWR_SEQ:1 G3D_OCP:1 PSoff:1 INT_Volt:1
PMIC_STATUS1 = 0x2f PWRON JIGONB ACOKB MR2B PWRON1S
PMIC_STATUS2 = 0x11 RTC60SE RTC1SE
PMIC_PWRONSRC = 0x08 MRST
PMIC_OFFSRC = 0x00
PMIC_INT1 = 0xc3 PWRONF PWRONR PWRON1S MRB
PMIC_INT2 = 0x11 RTC60S RTC1S
PMIC_INT3 = 0x80 RSVD
PMIC_RTC_CTRL = 0x02
PMIC_RTC_SMPL = 0x83
RTC TIME: 2016-08-13 07:27:29(0x40)AM
s5p_check_keypad: 0x10110000
s5p_check_keypad: recovery mode
set_oneshot_recovery: recovery mode set! sys_bootm=0x80000
s5p_check_reboot_mode: INFORM3 = 0 ... skip
ATLAS_PLL = 1200MHz APOLLO_PLL = 1200MHz MIF_PLL = 3104MHz
MFC_PLL = 468MHz CCI_PLL = 532MHz
BUS0_PLL = 1600MHz BUS1_PLL = 668MHz
board_uart_rustproof ifc_sense: 0
-user build & not FAC
-rustproof mode Enabled
s5p_check_upload: MAGIC(0x4000000), RST_STAT(0x10000)
max77843_muic_get_adc_value: STATUS1:0x1f
max77843_muic_get_adc_value: ADC:0x1f
s5p_check_upload: debug level is LO! (mask: 0x220)
max77843_ific_set_mrstb: TOPSYS: MAINCTRL1[0x02]: [0x07]+[0x07]->[0x07]
s5p_check_upload: disable dump_gpr
max77843_muic_get_adc_value: STATUS1:0x1f
max77843_muic_get_adc_value: ADC:0x1f
s5p_check_download: 0
max77843_muic_get_adc_value: STATUS1:0x1f
max77843_muic_get_adc_value: ADC:0x1f
max77843_get_charger_status: Invalid charger
get_wireless_charger_detect: wireless check 0
get_wireless_charger_detect : CHG_DTLS(0x00)
check_pm_status: charger is not detected
fuel_gauge_read_vcell: VCELL(3718), data(0xb9ea)
check_pm_status: voltage(3718) is ok
check_pm_status: 7 sec reset, continue.
scr_draw_image: draw 'logo.jpg'...
read 'logo.jpg'(112504) completed.
board_set_dev_pm: s2mpb02 enable for display
42, 0, 13, 0x420013
DETECTED LCD TYPE : S6E3HA2
mipi-dsi driver(CMD mode) has been probed.
decon-int: ver0, max win7, command mode, hw trigger
single dsi mode
decon0 registered successfully
afw flag is Unknown [afw flag : 00 00 00 00]
secure info base: 45720000 and SMC Num = 0x83000013
secure smc success!!! [ret = 0]
Set debug level to low(4f4c)
DMV: Successfully informed TZ of boot mode: Recovery
load_kernel: loading boot image from 139264..
kernel size = 0x114f000, ramdisk size = 0x5fc000
dt_size:1454080, dt_actual:1454080
Verify_Binary_Signature 0x45720120 [email protected], [email protected]
Kernel Image
Verify_Binary_Signature: failed.(-18022398)
pit_check_signature (RECOVERY) invalid.
[TIMA trusted boot]: SEANDROID ENFORCING
Set invalid sign flag
No need to update kernel type.
[EFUSE] warranty bit is already set.
ace_hash_sha_digest: passed.(0)
tboot ctx base: 45720248
SMC Num = 0x83000001
mobismc success!!! [ret = 0]
SMC Num = 0x83000007
mobismc for tima info success!!! [ret = 0]
Pass. DTBH size is smaller than a page.
<dtbh_header Info>
magic:0x48425444, version:0x00000002, num_entries:0x00000008
<device info>
chip_id: 0x00001cfc
platform_id: 0x000050a6
subtype_id: 0x217584da
hw_rev: 0x0000000b
dt_entry[06]
chip_id: 0x00001cfc
platform_id: 0x000050a6
subtype_id: 0x217584da
hw_rev: 0x0000000a
hw_rev_end: 0x0000000b
offset: 0x0010a000
dtb size: 0x0002c800
Selected entry hw_ver : 11
dt_entry of hw_rev 10 is loaded at 0x4a000000.(182272 Bytes)
[EFUSE] RB count: device(0x3), binary(0x3)
[OTP] SW LOCK Success
DDI value :0x0000000f
sw_lock success
sw_lock success
Forced Enable KAP
Warranty Bit Set - Blowing KAP_VIOLATION_FUSE
KAP status = 5afe0003
ATAG_CORE: 5 54410001 0 0 0
ATAG_MEM: 4 54410002 20000000 40000000
ATAG_MEM: 4 54410002 20000000 60000000
ATAG_MEM: 4 54410002 20000000 80000000
ATAG_MEM: 4 54410002 20000000 A0000000
ATAG_MEM: 4 54410002 20000000 C0000000
ATAG_MEM: 4 54410002 1E800000 E0000000
ATAG_SERIAL: 4 54410006 XXXXXXXX XXXXXXXX
ATAG_INITRD2: 4 54420005 43000000 5fbd8f
ATAG_REVISION: 3 54410007 b
check_rustproof [0,0] On
ucs flag is Unknown
ucs flag : 00 00 00 00
ATAG_CMDLINE: f0 54410009 'console=ram loglevel=4 bootmode=2 sec_debug.level=0 sec_watchdog.sec_pet=5 androidboot.hardware=samsungexynos7420 androidboot.debug_level=0x4f4c ess_setup=0x46000000 [email protected] [email protected] charging_mode=0x3000 s3cfb.bootloaderfb=0xe2a00000 sysscope=0x6b090719 lcdtype=4325395 consoleblank=0 lpj=239616 sec_debug.reset_reason=5 ehci_hcd.park=3 oops=panic pmic_info=35 cordon=c34c0eba5576148dc662cf43a6352c3b connie=SM-G920F_OPEN_EUR_c3811d70601ea690b7b0b2afca80be2c fg_reset=0 androidboot.emmc_checksum=3 androidboot.boot_salescode= androidboot.odin_download=1 androidboot.bootloader=G920FXXU3DPDP androidboot.selinux=enforcing androidboot.security_mode=1526595585 androidboot.ucs_mode=0 androidboot.hw_rev=11 androidboot.warranty_bit=1 androidboot.hmac_mismatch=0 androidboot.sec_atd.tty=/dev/ttySAC1 androidboot.serialno=XXXXXXXXXXXXXXXX snd_soc_core.pmdown_time=1000 zero_sdchg_ic=0 androidboot.fmp_config=0'
ATAG_NONE: 0 0
pack_atags: ramdisk size start 0x43000000, size 0x5fbd8f
Updating device tree @0x4a000000: done
Starting kernel at 0x40205000...
SWITCH_SEL(3)
BOOTING TIME : 2895
Here it is, mate. I can't seem to find anything suspicious besides
Code:
dNumAllocUnits error at LU7 0 0
PROVISION : FAIL
PROVISION : FAIL
but I can only guess

Hi I am having problems compiling due to the kernel. Which kernel source should I use? How should I configure it? Help pleaase

Added "extract files" guide.

Whenever I try to download the CyanogenMod repo, I get this error:
error: Exited sync due to fetch errors
I've tried using: repo sync -f and: repo sync --force-sync
I'm trying to download the CM13 repo.
I've also followed the steps exactly as they were written.

I'm trying to build cm-14.0. Fails at
HTML:
Starting build with ninja
ninja: Entering directory `.'
ninja: error: '/home/julian/android/system/out/target/product/zerofltexx/obj_arm/SHARED_LIBRARIES/libsecril-client_intermediates/export_includes', needed by '/home/julian/android/system/out/target/product/zerofltexx/obj_arm/SHARED_LIBRARIES/audio.primary.universal7420_intermediates/import_includes', missing and no known rule to make it
build/core/ninja.mk:151: recipe for target 'ninja_wrapper' failed
make: *** [ninja_wrapper] Error 1
make: Leaving directory '/home/julian/android/system'
.
Any ideas what could be wrong?
/android/system/kernel/samsung/exynos7420 contains github.com/CyanogenMod/android_kernel_samsung_exynos7420 cm-14.0.
Thanks for the great guide anyway