Hi folks,
I have a hardware/software project that I'm building on a Galaxy Nexus phone and I would like to exert full control over the FSA9480 chip that switches the phone's pogo pins and micro-USB port between the USB and charging circuits.
The overall goal is to have a USB accessory plugged into the phone at all times, including in a pogo-pin based charging dock. Since the default "auto" switching mode keeps the phone in USB-host mode as long as the OTG cable is plugged in, the phone will not currently charge in the pogo dock.
Thanks to Adam's great thread on the FSA chip, I've been able to control the FSA chip via the i2c interface, using the i2c tools in his hack pack. (Heading to those threads to leave my thanks as soon as I get this FP in).
Even though I can check the registers and in fact see that the switches inside the FSA chip are in the modes I specify, the phone doesn't do the things I expect it to, like charge or enter USB accessory mode. I suspect this is because I've unloaded the FSA kernel module in order to access the i2c device. I was hoping that merely connecting the wires to the right places via the FSA would do things like enable the USB connection or allow the device to charge. Alas, that does not seem to be the case.
Since Google has declined to share the source for this phone, I've been poking around and assuming that their driver is similar to this code and this header. I love that fsa9480_SetManualSW is exported, but I have no idea how I might access that method, if it is in fact in the Nexus code. I'm searching through the lib/*.so files now to see if there's anything FSA related there, but so far no luck.
So that's where I am - I can control the device, but that doesn't appear to be enough to do the things I want to do. I'm not sure where to go next - I don't think I should have to write my own kernel driver, but I'll be damned if I know what to try next.
Does anyone have any ideas how I might exert software control over this FSA chip, or barring that, what else I need to fool with on the i2c bus so that the phone charges or enters the proper USB mode when I set the FSA mode manually?
Many thanks in advance and I hope this is the right place for this question (Q&A section did not seem like the place for this type of question).
Peter
You're taking an interesting approach to this. However, there are a couple of things you need to explain and understand better.
1) What are these "pogo-pins" you're talking about? [There is no such thing well defined, please be specific and use correct terms for whatever it is you're trying to describe.]
2) What make you believe there is a FSA9480 in your Nexus? [There probably isn't! I know the driver is called so, but that chip probably never existed in production.]
3) Obviously (!) you cannot charge your phone and have it play (OTG) host at the same time. Why? Because charging means to short D+ and D-.
4a) You say you can "control the chip" with I2C, can you give some examples of this? But I don't know what you're actually controlling, as it doesn't make sense the way you have explained it.
4b) You also say you have unloaded the Kernel module... How did you do that?
5) It seem that you're confusing the chip signal directions. I.e. whether certain pins are designated as input or output signals...
6) There are more switches/multiplexers built into your phone. It's of essence to understand which ones you're actually controlling.
E:V:A said:
You're taking an interesting approach to this. However, there are a couple of things you need to explain and understand better.
Click to expand...
Click to collapse
Certainly happy to explain as much as I can... let's see:
1) What are these "pogo-pins" you're talking about? [There is no such thing well defined, please be specific and use correct terms for whatever it is you're trying to describe.]
Click to expand...
Click to collapse
I got the term "pogo pins" from this thread. They are three tiny pins on the side of the Galaxy Nexus. They allow for car and desktop docks. They provide charging through the outermost pins and a digital signal of some kind (don't care about that one for this project) on the center.
2) What make you believe there is a FSA9480 in your Nexus? [There probably isn't! I know the driver is called so, but that chip probably never existed in production.]
Click to expand...
Click to collapse
I've simply assumed from the kernel messages and from screwing around via the i2c bus (as explained before). It may not be there, it may be something completely different, but from the software side, it behaves exactly like I'd expect the 9480 to...
3) Obviously (!) you cannot charge your phone and have it play (OTG) host at the same time. Why? Because charging means to short D+ and D-.
Click to expand...
Click to collapse
Yes, I glossed over that fact. Expansion: We've got a USB accessory that we would prefer to never disconnect from the phone. Since even having just the OTG cable connected drains the battery, our app is already managing power by binding/unbinding the fsa9480 driver. When unbound, the driver leaves the phone pins in (afaik) a floating state and the accessory/OTG cable does not draw current. When we want to poll the accessory, our app binds the fsa9480 driver, which results in the USB system seeing the OTG cable and connecting everything up nicely. When it's done, it unbinds the driver again and saves battery.
Since we don't want to/can't disconnect the accessory from the micro usb port, charging is an issue. So we'd like to charge the phone via the side pins (what I perhaps erroneously called the "pogo pins"). Since we're only polling for short periods, we'd like to be able to switch from USB host mode to charging mode during the period in which we are not accessing the device.
Now, I had forgotten that dedicated chargers short D+/D-. My hope was that by controlling the fsa9480, I could connect the +5V and GND pins to the battery and charge the phone, while keeping the USB accessory offline. I'm afraid I'm so tired and burnt out this may not be making sense, so please tell me what's confusing!
4a) You say you can "control the chip" with I2C, can you give some examples of this? But I don't know what you're actually controlling, as it doesn't make sense the way you have explained it.
4b) You also say you have unloaded the Kernel module... How did you do that?
Click to expand...
Click to collapse
Sure! Where to start...
OK, so based on Adam's thread "Build Your Own Music Dock", linked above, I grabbed the spec sheet for the fsa9280a, which he claims is "functionally the same" as the 9480.
As you can see in the datasheet, the chip is controlled via the i2c bus. Looking at the file layout of the Nexus, I figured out the address of the chip on the bus and started plugging in commands outlined in the datasheet.
for example, setting the "Manual Switch 1" register on my Nexus is done by the command
Code:
i2cset 4 37 19 <your value>
(4 being the bus where the chip is located, 37 (0x25) being the address of the device, and 19 (0x13) being the address of the register)
The datasheet outlines all the register addresses, default values, values under certain conditions, etc. I assured myself that the datasheet was valid and I was communicating with the device I thought I was by setting and observing registers.
That "Manual Switch 1" register controls where the different wires are connected and is very important to me, as far as I know.
this is the block diagram from the spec sheet in Adam's thread above. I should have linked directly to the spec sheet, sorry.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
And this is the register description from the same document
So... let's simplify my goals and say that I want to charge the phone from the micro usb port without connecting the USB host device (USB HS in the block diagram) to the micro USB connector: I'd want DP_CON and DM_CON floating and Vbus_in (on the micro connector) connected to Vbus_out (on the blue CHARGER IC in the upper left). I set the proper registers to do that, and things "should just work", right? (this is assuming I do things like initing the device, etc in the proper order, which I think I am)
They don't. Because I'm confident that the proper registers are set on the FSA, I'm assuming that the internal connections are all as I expect. Thus, my suspicion is that I need to do something more to get Android to start charging off the current coming in through Vbus_in...
Oh, and before I forget: unless I unbind/unload the driver for the FSA9480, I can't write to its address via the i2c tools because the driver already owns that address. I think of this driver as a kernel module, maybe that's incorrect or imprecise. Apologies.
5) It seem that you're confusing the chip signal directions. I.e. whether certain pins are designated as input or output signals...
Click to expand...
Click to collapse
I hope the block diagram cleared this up. I too was confused by the Vbus_in/Vbus_out thing. I really should have linked that datasheet.
6) There are more switches/multiplexers built into your phone. It's of essence to understand which ones you're actually controlling.
Click to expand...
Click to collapse
Agreed.
With that massive clarification, does that help? I'm starting to think this is something hovering right at the intersection of hardware and software. Maybe it's time I looked at writing my own device driver, or expanding the existing one?
E:V:A said:
3) Obviously (!) you cannot charge your phone and have it play (OTG) host at the same time. Why? Because charging means to short D+ and D-.
Click to expand...
Click to collapse
You had better explain that slowly to my Nook, because it's sitting beside me here charging and connected to two keyboards and a USB audio adapter.
Shorting D+ and D- is a convention to tell the device that it can draw a lot of current.
Even without the data lines shorted, a device can charge.
Moreover, if you tell your device in software to do a high current charge, it can.
Solution: use host mode and charge at the same time.
One connector does it all.
One thing I noticed while playing with the FSA chip was some of the registers would not change. They may be overridden by resistor values.
To put the device in host mode, short pin 4-5. To put it in charging mode short 3-4. It may be possible to change the host mode to charge the battery over i2c.
This may or may not be possible.
The main problem I was having was in the SBL most registers would stay static.
Playing with I2C sounds like fun, but all that stuff already has drivers.
The drivers that I've seen already have user hooks in the file system to get things done.
For example:
Code:
echo 1500000 > /sys/devices/platform/bq24073/force_current
Sets the charging current on a Nook touch to maximum.
(Your device probably uses something different.)
@Renate NST: Yes, I should have been more careful with my words. I meant charging as operating as a high current Dedicated Charging Port (DCP). But then again thebeerbaron already understood this.
@thebeerbaron: Here are your "pogo-pins" (right side is towards the top of the phone):
The pins and their function is loosely described in this thread, and very nicely used in this thread, so it seem that the following is true:
Code:
[SIZE=2]P1 +5V
P2 Signal: 1-wire interface, using MFM encoding
P3 GND[/SIZE]
(check these!)
I don't have the Samsung parts list of the GT-I9250 so I still don't know what those chips are. But U601 is a Fairchild chip and could be another type of switch. On the other side of this board you find the multiplexers U809 and U810 configured like this:
So how did you unbind/unload that "driver"? [I'm curious to see what driver/Kernel module this is.]
And here is another relevant hack for a wireless charger, But the interesting part is the Kernel hack mentioned:
For those of you wanting to charge at AC speeds instead of USB, Fast Charge Mod is here!
1) Install Franco Kernel (Milestone 1)
2) Run this script to activate it from the terminal (minus quotes):
Code:
echo 1 > /sys/kernel/fast_charge/force_fast_charge
and the UI Mode Manager code over here.
E:V:A said:
I meant charging as operating as a high current Dedicated Charging Port (DCP).
Click to expand...
Click to collapse
Ok, but I can still pump 1.5 Amps into my Nook while using host mode.
I'm not sure how you are differentiating things here.
Renate NST said:
Ok, but I can still pump 1.5 Amps into my Nook while using host mode.
I'm not sure how you are differentiating things here.
Click to expand...
Click to collapse
Well, Samsung try to conform to the "Battery Charging 1.1" standards, and that's how DCP is defined in there. The limitations are then also present in the chips and/or in the one or more PMIC Kernel drivers. So your NST is either not conforming to any standards or just have a hell-of-a-hacked Kernel, or both.
This project is interesting because it's exploring some hybrid between kernel hacking and hardware tweaking, and not just building a regular charger, which we all know how to do. If you are interested in knowing what kind of crazy hardware is included in a Galaxy class Samsung phone, you can have a look here.
Generally speaking, as far as standards go, you're not supposed to even try to charge something while it's in host mode.
Still, it's a useful thing to do if you want to use your device docked.
The kernel on my Nook is stock. I'm just giving commands to control the charge current.
Renate NST said:
Ok, but I can still pump 1.5 Amps into my Nook while using host mode.
I'm not sure how you are differentiating things here.
Click to expand...
Click to collapse
I don't know about the NST, but my Nook Tablet has several additional pins dedicated to charging the device, it's not a true USB port.
What's going on here is trying to convince the USB port to go into host mode, where it natively supplies 5VDC, but instead reverse it, use the 5V line to charge the device and supply 5V from an external source.
While the NT has a dedicated charging circuit, this device repurposes its usb pins based on input conditions. So here's what I see being required
1. Ground USB pin 4 to activate HOST mode.
2. shut off 5V power supply from FSA chip
3. set registers in FSA to charging mode.
Renate NST said:
Generally speaking, as far as standards go, you're not supposed to even try to charge something while it's in host mode.
Click to expand...
Click to collapse
It's pointless to discuss standards of what should and should not happen unless we are on the same page. Here are the specs.
Sorry.
/me wanders off elsewhere.
Sorry for the slow reply folks, I appreciate the input, but got sidetracked onto another project today. Wearing many hats means making a lot of context switches!
Renate NST said:
Shorting D+ and D- is a convention to tell the device that it can draw a lot of current...Solution: use host mode and charge at the same time.
One connector does it all.
Click to expand...
Click to collapse
I haven't tried charging during host mode, as we were trying to keep the external wiring changes to a minimum. Based on what I found last night though, we may go with a completely external solution...
AdamOutler said:
To put the device in host mode, short pin 4-5. To put it in charging mode short 3-4. It may be possible to change the host mode to charge the battery over i2c.
This may or may not be possible.
The main problem I was having was in the SBL most registers would stay static.
Click to expand...
Click to collapse
If we go with the external wiring solution, this will be what we do. When I set the FSA to various modes over i2c, it did not charge or connect the USB device as it should. This is very likely because the kernel is listening to the FSA for state changes and telling other devices how to behave based on those states. That's sad.
What is the SBL?
Renate NST said:
Playing with I2C sounds like fun, but all that stuff already has drivers.
The drivers that I've seen already have user hooks in the file system to get things done.
For example:
Code:
echo 1500000 > /sys/devices/platform/bq24073/force_current
Sets the charging current on a Nook touch to maximum.
(Your device probably uses something different.)
Click to expand...
Click to collapse
Yes, this is how things should behave. Unfortunately, the Samsung engineers who wrote this device driver were rather short sighted.
If you wade through this mailing list discussion (sorry, I apparently can't link until 8 posts... https://lkml.org/lkml/2011/6/29/124), you'll see the engineers need several attempts to get their code approved. The most interesting part to note (for me), is that they create the device file /sys/bus/i2c/devices/.../switch, which accepts input from userspace and sets the FSA9480 "manual switch 1" register appropriately. Unfortunately for me, they only coded a small portion of the possible states for this register and will not accept arbitrary values. UGH!
I sat down with the GN last night and tried using the /sys/bus/i2c/devices/.../switch device to set the manual mode. What I discovered is that even though this obviously passes values into the driver module (it prints a kernel message when I set a bogus value), the values don't "stick". In the driver code (I'm still not 100% sure I have the right source, but I think I'm close.. again, sorry for lack of clickability: https://bitbucket.org/franciscofranco/android-tuna-omap/src/388ae9aa9b26/drivers/misc/fsa9480.c), it has a _detected function, which gets called whenever the cable changes and overrides any manual settings I put in. For example, I set the "switch" file to "AUDIO", yet the phone remained in USB accessory mode, and plugging/unplugging did nothing. Sigh.
The lesson is, apparently, that I need to write my own driver module, which can replace this fsa9480.c transparently and allow me to ignore cable change detections and provide me with a way of setting the FSA state manually (with more flexibility than the Samsung engineers allowed). We're thinking about a different approach, but this may yet get done...
E:V:A said:
So how did you unbind/unload that "driver"? [I'm curious to see what driver/Kernel module this is.]
Click to expand...
Click to collapse
Some great background info in here, thanks! I'll have to sit down and process this another day.
To unbind the fsa9480 driver, I do:
Code:
echo -n "4-0025" > /sys/bus/i2c/drivers/fsa9480/unbind
And to bind it, I do:
Code:
echo -n "4-0025" > /sys/bus/i2c/drivers/fsa9480/bind
E:V:A said:
This project is interesting because it's exploring some hybrid between kernel hacking and hardware tweaking, and not just building a regular charger, which we all know how to do.
Click to expand...
Click to collapse
Yep, that's what's interesting and what's making this difficult. It's kind of a gray area of where the topic experts are and what I need to learn...
Thanks for your input all... maybe something will come along that'll save me from writing a kernel module... fingers crossed!
I am very interested in the outcome of this project. I purchased the GNex thinking I could charge it while at the same time, connecting an SSD (via SATA->USB converter) to the phone for media playback. Thanks for your hacking skills!
Renate NST said:
Generally speaking, as far as standards go, you're not supposed to even try to charge something while it's in host mode.
Still, it's a useful thing to do if you want to use your device docked.
The kernel on my Nook is stock. I'm just giving commands to control the charge current.
Click to expand...
Click to collapse
Not true. https://github.com/CyanogenMod/andr...mmit/c7016a2513abfd522b02633b79d2f21bcb99d4e2 - The USB charging standard defines an Accessory Charger Adapter. It's signaled with a particular resistor value (36k if the code comments are correct...) on the ID pin.
Although while I thought the I9100/I777/N7000 used an FSA9480, it looks like the MAX8997 handles the task on these devices... hmm... The FSA might support this mode though, so instead of trying to force-override it, look to see if there's a particular resistor value you can hijack or, in this case, a resistor value that is standardized to provide the function you want.
I hate when I only have access to github's web interface and not the ability to grep my hard drive at home.
Related
I have not seen anything in the Captivate forums about UART, I2C, or really anything other then Download Mode/Recovery Mode. We could use some developers to help with this project. It's an interesting combination of hardware, software, and inter-chip communications protocols...
I think everyone knows about the 301Kohm resistor between pins 4 and 5. Did you know about the 150Kohm or the 619Kohm resistors? How about the middle battery pin?
Watch this video.
Resources
Users
One-Click Unbrick was relesed This will unbrick softbricked phones http://forum.xda-developers.com/showthread.php?t=1153310
Kernel developers
UART Kernel debug log AND shell terminal (like adb shell without adb active) On the captivate you can get into the SBL prompt, then type
Code:
printenv
setenv SWITCH_SEL 6543
printenv
saveenv
This changes the SWITCH_SEL value from 65 to 6543 and enables extra output. This will give you a kernel debug output and drop you into a shell prompt.
Developers
bootloader source code For a simlilar samsung device: http://forum.xda-developers.com/showthread.php?t=1018862&page=68
here is the iROM,: I've rehosted it here: http://teamkomin.googlecode.com/svn-history/r75/branches/IROMcode/bootdumps.rar
here: http://www.mediafire.com/file/c9bg6gyk1cuapsz/bootdumps.rar
and here: ftp://adamoutler.dyndns.org/bootdumps.rar
we need help deciphering it. We think the annotations may be wrong. This is the unchangable code in the first few blocks of memory. There must be a way to communicate with this.
Hardware guys
S5PC110 processor datasheethttp://www.mediafire.com/file/3znisgfm3amxgpj/S5PC110_EVT1_UM10.pdf This is the processor in our phones. This documents everything which is capable natively with the processor. It is 2425 pages long.. I read through it and added some notes here.. This is the meat of the manual: http://forum.xda-developers.com/showthread.php?t=1018862&page=51
FSA9280A datasheet http://www.mediafire.com/?d4e21efhuktctcb This is the first time we've had access to this manual. Our phones use the FSA9480A chip, this chip is functionally the same. The datasheet here describes all functions available to the USB switching device. From the FSA9280 datasheet we've located all resistor values. http://forum.xda-developers.com/showpost.php?p=14408452&postcount=62
All
The All-In-One GalaxyS HackPack hardware, software and documentation on our phones http://forum.xda-developers.com/showthread.php?t=1111866
It has been revealed from a source which is not to be mentioned that the OM pins/registers are fixed and cannot be changed on the processor without removing the processor from the device or making some hardware modifications.
Here's some must read threads.
Fun with resistors:http://forum.xda-developers.com/showthread.php?t=820275 This thread shows all known resistor values
Lets save some bricks:http://forum.xda-developers.com/showthread.php?t=1018862 This thread deals with ways to revive phones from the dead. We are hacking the heck out of them in here.
Development platform booting from MMC http://hi.baidu.com/j2h3344/blog/item/85740dfc0be35951d7887dd5.html This is the platform used to develop our phones. We need to find these OM bits, or access them somehow.
the middle battery pin http://forum.xda-developers.com/showpost.php?p=13448859&postcount=253 This may be the answer. We could use some help in this area.
Download the GalaxyS Hack Pack here: http://forum.xda-developers.com/show....php?t=1111866
Known Causes of hard Bricking
1. PBL(Primitive bootloader) and SBL(secondary bootloader) were not designed for the phone
2. Mismatched PBL/SBL combination
3. SBL does not fit in the Partition information table, or location does not match Partition Information Table
4. Bad USB cables
5. power loss
6. Damaged PBL/SBL
--Theoretical--
7. Something known as Secondary Bootloader Rotation may be to blame for improper bootloaders sometimes. Apparently when flashing, the SBL and SBL2 blocks may switch places. In this case you may have the proper PBL, but the SBL is not proper for the device.
Hardware Used
If you're looking to help, you'll need some development hardware. I use an Arduino Mega. http://www.bizoner.com/arduino-atme...e-p-180.html?zenid=9mg23h688slfjgh88910o5jfd2 This is a programmable interface. You can use this code to talk to the phone. http://forum.xda-developers.com/showpost.php?p=13351363&postcount=223
Here's some plans for a communications adapter http://forum.xda-developers.com/showthread.php?t=925034
The plan
If we can get into a bricked phone via UART or the i2C bus, or the USB bus, or any other method available to U301, we can corrupt the PBL(boot.bin) in the OneNand which will cause the processor to search for a PBL and SBL on USB, UART and MMC.
If we can locate an additional communications port somewhere on the phone we can change or corrupt the code running in memory and then cause the processor to reboot into USB or UART mode.
So far we know of UART only and have eliminated that as a solution on it's own.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Using SBL, it is very likely possiblity that Windows7 phone or iOS, or ubuntu could be ported over.... Basically, full control.
Why you should help
We've been working on ways to recover these phones for months now. We're comming to an end. We need massive amounts of testing to figure out this last bit.
This is a call to duty. Every developer who has ever released a boot.bin, SBL.bin, param.ifs or a PIT with their release needs to be a part of this. Every member who has ever bricked a phone while using one of the many tools which are designed to upgrade your phone can help. Anyone who wants to feel secure while flashing their phone should put some effort into this because it's expensive and requires superhuman soldering to JTAG these phones. If you've even thought about using Odin3, we need your help.
Update: UnBrickable Captivate http://forum.xda-developers.com/showthread.php?t=1206216
Seems interesting / promising, unfortunately I can't help BC I moved back to Morocco (Africa) and only brought 1 captivate with me. Good luck that is all I can say.
Sent from my SGH-I897 using XDA Premium App
Really interesting and very cool.
But I have a fully bricked captivate which I still have cause it was a friends who just went onto the Inspire. Always have wondered if I could recover the hard brick.
Wish I could help but I'm pretty useless with Soldering and taking apart my phone. But if development moves along with this I'd love to support. The idea of porting those OS and helping everyone saving hard bricked phones would be great.
Good Luck!
Sent from my SGH-I897 using XDA App
im bookmarking this. i can only help in fabrication. im not a super genius dev. but threads/projects like this do interest me.
Middle battery pin? Reminds me of the battery jig trick on the original PSP.
All-in-all, this looks promising, I'll be following it.
Posted up the iROM in the first post. this is the code which we hope to establish communications...
Keep in mind, this could be over the USB port, the Middle battery terminal, or even the headphone port.
But I have a fully bricked captivate which I still have cause it was a friends who just went onto the Inspire. Always have wondered if I could recover the hard brick.
Click to expand...
Click to collapse
I'M GETTING ONE OF THOSE IN THE AM!!!!!
i have a fully bricked cappy that i bricked lastnight. i was able to recover from the phone..!..pc icon but then failed @95% via odin3 v1.00.
i will mail you the cappy if you can fix it and use it as a test mule for future brick\unbrick attempts...... the outer glass is broken thanks to a fall from my lap to the concrete
I think I actually discussed this with you before. I ran twice into some instance where no action would make difference on the phone, no response to key combos, no response to charger or USB. But, download mode was still accessible via USB Jig.
What could've happened there?
cumanzor said:
I think I actually discussed this with you before. I ran twice into some instance where no action would make difference on the phone, no response to key combos, no response to charger or USB. But, download mode was still accessible via USB Jig.
What could've happened there?
Click to expand...
Click to collapse
Not really positive at this point, id suspect corrupted pbl.bin or param.lfs partitions. I've seen some weird stuff with the pbl. One phone would only output uart when volume + was held for 5 seconds.
Basically from my understanding... The IROM loads into the processor. This is the first 40000 bytes and it's protected memory. The iROM brings up basic functionality for the processor, including the initial factory UART/MMC load of PBL & SBL. The IROM then instructs the phone to load the IBL/PBL(Initial Boot Loader/Primitive Boot Loader). The IBL initializes memory for the SBL(Secondary Boot Loader) , then the PBL loads Params(a partition on the OneNAND) and checks the pins on the processor for commands. The PBL then makes more memory available for applications, then locates and and loads the SBL. The SBL initializes other functions and then locates and loads the kernel.
The SBL is responsible for Download Mode and the SBL prompt. it is basically the system's "BIOS" for lack of a better word. I'm not sure of the steps which can be skipped for sucessful download mode.
The iRom download it broken.
Ill look at it once your reupload
Some kid reported the iROM code as being in violation of the terms of agreement of the hosting website... It must have been a kid because Samsung would not do that. Just as we have a right to use tools to disassemble our phones, take pictures, annotate those pictures and post them on the internet, we have the same right to the IROM. It's not hurting Samsung's sales, nor is it intellectual property of Samsung. We bought the phones and it came with this. The only intellectual property in this document belongs to the person who disassembled and annotated this code.
I've rehosted it here: http://teamkomin.googlecode.com/svn-history/r75/branches/IROMcode/bootdumps.rar
here: http://www.mediafire.com/file/c9bg6gyk1cuapsz/bootdumps.rar
and here: ftp://[email protected]/bootdumps.rar username xda password developers
Lets not be childish and hinder progress anymore by clicking buttons. I've removed that ability.
I think this is a wonderfull bunch of work that is being done here and if i can offer any assistance please let me know. If you would like a private IRC channel to discuss your work in with other developers I would be more than happy to provide to a quiet private place to do so. Just shoot me a pm if i can be of any assistance.
We can really use some SGS folks to help. Check out the lets save some bricks thread mentioned in the first post.
Two quick questions:
1. How would you manage to get these files? First, aren't they burned into the nand? Secondly, wouldn't they be assembled already? How do you disassemble them?
2. Do you have any good links/books on how to learn arm assembly? I know some x86, but I've never found a good link to arm based stuff (or any sort of dev platform, for that matter).
Sorry about being semi-offtopic.
Subscribed, and very interested in following progress on this.
Also: Sending PM.
Nothing revolutionary to add just yet.
However, I just finished adding a JTAG breakout to my collection. This is what my current test setup looks like:
We could use some more DIYer's on this project. The biggest thing to have is an Arduino and a microUSB breakout board. We need to figure out how to get this phone to boot from MMC, USB, or UART... and we know Samsung does this to bricks.
this looks interesting.. gonna keep my eye on it
AdamOutler said:
Nothing revolutionary to add just yet.
We could use some more DIYer's on this project. The biggest thing to have is an Arduino and a microUSB breakout board. We need to figure out how to get this phone to boot from MMC, USB, or UART... and we know Samsung does this to bricks.
Click to expand...
Click to collapse
i can build anything, the purchase of and arduino and making the breakout board are easy but i would have no idea what to do with it afterwards.
it is funny the time you posted this because my friend found out about a club that works with arduino boards making all sorts of things and asked me if i wanted to go to there meetings. this thread popped up the next day.
well i may buy an arduino board or 2 but im not sure if even then i can be helpful
Well, a pretty much unexplored area of the phone is the middle battery terminal. The middle battery terminal is a ADC(analog to digital converter) pin. We know for a fact that it triggers something called EXT-I2C (External Inter-Integrated Circuit). EXT-I2C can be used to communicate with any chip on the I2C bus. The I2C bus connects with everything on the phone... Call Processor, OneNand, Memory and Application Processor. Using the EXT-I2C, we would have full control over the phone.
I know the middle battery terminal has something to do with it because I managed to get my phone to boot-loop with the pin disconnected and I saw messages about EXT-I2C NACK( EXT-I2C not acknowledged) when playing with resistance values and watching the UART output on my Arduino MEGA.
The unanswered questions are,
How to reproduce that EXT-I2C message?
What are the Addresses on the I2C bus?
Which pins control the I2C bus?
Here's some of the possible I2C bus connections:
USB VCC
USB Ground
USB D+
USB D-
Batt+ (when powered on USB)
Batt- (when powered on USB)
BSI (Battery Signal Indicator - middle battery pin)
Headphone Left Audio
Headphone Right Audio
Headphone Video
Headphone Ground
all External-SDCard (MMC) connections
all SIM connections
This is something you can bring to the table at that Arduino club. You can also read up on this hackaday article http://hackaday.com/2011/05/11/i2c-101/
If anyone has a good idea of which pins may be OM pins here, let me know..
Side facing LCD screen
Side facing back of unit
Before you start on actually modifying your hardware, you must know what it is you're after. Don't just go using your finely tuned soldering iron without doing some research first... http://twitpic.com/75maxq
I wanted to share some tricks I use when locating UnBrickable Mod on various devices because it has been requested many times. Overall, the methods I'm going to talk about can be called "reverse engineering", "hacking", or "circuit bending".
Each device is different so different methods may be used. I'll start with what I feel is the best method to use and move my way on through less accurate and more destructive/difficult methods. The methods I'm using here can be used on nearly ANY device for nearly ANY purpose, not just locating boot modes. Using the techniques I'm laying out here, you can locate any physical memory register on any chip.
For the purposes of this familiarization guide, we will be locating the xOM5 resistor which changes the S5PC110 boot mode from "boot from OneNAND" to "Boot from USB, then OneNAND". Other modes are available such as booting from SDCard or MMC but these modes do not allow dual booting into the standard OneNAND boot so they are not practical unless you have a NAND failure.
By reading the S5PC110 processor manual, we can see on page 6-8, this is achieved by setting the xOM bits to 101001 (hex value 29). These binary values correspond to pins on the processor. These pins can be set high or low, and they ARE set high and low on the development board for the S5PC110 development boards. On other processors like OMAP4460, or Exynos, different pins are used but the functionality is the same.
All binaries and reading materials used are availabe in the GalaxyS hack pack: http://forum.xda-developers.com/showthread.php?t=1111866
For installation of binaries, you can use the market app "mount rw/ro" and drop the binaries in your /system/bin folder. See here for more information on direct access to Linux and installing binaries: http://forum.xda-developers.com/showthread.php?t=1030107
For the purposes of this thread we will be using a S5PC110 chip which is what the entire GalaxyS series of device is based upon.
With this knolwedge in hand, lets continue into HOW we can locate these pins.
how to locate the xOM resistor cluster
If you orient the S5PC110 processor with the PIN-0 dot at the lower left corner, you will find the xOM cluster at the lower right corner. These resistors will always be near this location because the pins on the board are near this location. It's never a good idea to have "runs" on a board longer than necessary. Therefore, these resistors will always be near this corner.
NOTE: You need not remove the processor. This is only for illustration.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
For other devices, see the pinouts on the processor manual.
Methods for locating modificaton
Monitoring memory locations in real-time
You will need:
viewmem installed in /system/bin
bash installed in /system/bin
Market App: QuickSSHD allows you to terminal into the device.
1. we locate the xOM registers on the device. According to the processor manual
OM_STAT 0xE010_E100 R OM status register 0x0000_0000
Click to expand...
Click to collapse
the OM registers are at 0xE010E100. So we know where to look in memory to monitor changes.
2. ssh into your device. See QuickSSHD for more information. Once you are in, assume super-user, get into a bash terminal, and use the viewmem utility.
Code:
$ su
# bash
bash-4.1#viewmem 0xE010E100 0x4|hexdump
[INFO] Reading 4 bytes at 0xe010e100...
0000000 0009 0000
0000004
3. Short and test. While shorting the high value to the active side, NOT THE VISIBLY GROUNDED SIDE, monitor output from the terminal.
The PullUp resistors are 10Kohm and the Pulldown resistors are 100Kohm. This means there's 10x more force behind a digital high than a digital low, in other words, you can short any low value high without a problem...
Code:
viewmem 0xE010E100 0x4|hexdump
[INFO] Reading 4 bytes at 0xe010e100...
0000000 0029 0000
0000004
the 29 signifies that the device is modded properly. A value of 0x9 is a standard production device. When you see 0029, you've located the proper resistor for the modification.
Using overlays
Take a picture of the board, then use an annotated pinout to locate the proper pins on the processor. This allows for a visual of the device as though the processor were removed.
here's a picture of my own annotated overlay. Use this and we'll walk through overlay logic.
Now, with a xOM value of 0x9, that's a binary value of 001001, use your calculator in "programmer" or "scientiffic" mode if you don't believe me.
Broken Down:
xOM5=0
xOM4=0
xOM3=1
xOM2=0
xOM1=0
xOM0=1
xOM 3 and 1 are both high values, all the rest are low. We can use this to our advantage. We can see that 4 resistors are connected to ground on one side and 2 are not. Those two are obviously xOM3 and xOM1.
If we look at the processor pinout, we can see that if xOM3 and xOM1 resistors were swapped, one would be very much longer than the other so there's only one logical solution.
Moving on to the shortest ones, xOM4 and xOM2 would obviously be closest to the top of the resistor cluster, and it's also obvious wich one would be which.
Now that leaves two resistors in the middle. One is high and one is low. by drawing it out you can see that if xOM5 were on the right, then xOM1 would be very much longer than xOM5, so xOM5 must be on the left.
So, we've located all xOM values with this method.
Using relative positioning
This method is not nearly as scientiffic... Since there are now 10 guides made for modifying xOM5 on different boards, a resistor may be picked and chosen as though it were from anothe board. See here for various modifications: http://forum.xda-developers.com/showthread.php?t=1236273
Verification from this method may be made using UART. you would be expecting an output like this over the UART on your device.
See here for info on UART: http://forum.xda-developers.com/showthread.php?t=1235219
If the modification was sucessful, UART will output a line which states OM=0x29.
Using a multimeter
You can remove the processor from a device and trace out the pins manually. This method is only appropriate for a broken device.
conclusion
So, these are my methods for hacking hardware and making it do what I want. I'd like to hear others. Lets hack up some hardware and talk about it here.
+1
Good that every chip component is configureable on lowest level by set of external passive elements - opens big possibilities to change any hardware into something different.
Worth to add - always think twice, or even once more before short circuiting anything. If between some V line and another there is positive voltage, like +1V, it still doesn't mean that second one is GND. First one can be +2V and second one +1V. READ carefully all datasheets and documentation. Don't connect any power line straight to another without resistor - this will cause high current go through some component and probably damage it.
Example of bad test - there are some capacitors on the left of Adam's needle when testing resistor. It's highly possible that these capacitors are ARM_CORE stabilisers, which is 1.2V and can handle up to about 1.4V. Adam is operating with 1.8 or 2.8V from other V line - accidentally touching the capacitor with needle can damage CPU core.
If you never been doing any hardware mods but feels like you want to start - prepare for some victims in your electronic devices. That's all of my experiences for now.
//Damn me and my bad habit of reserving posts in Adam's thread. Sorry. :d
very informative
Excellent and authoritative article! Though I'm personally too scared to do anything like this on my phone!
I've gotten replies from people that removing a BGA chip is almost impossible. A tutorial on how to unsolder one would be helpful for aspiring hardware hackers.
Master Melab said:
I've gotten replies from people that removing a BGA chip is almost impossible. A tutorial on how to unsolder one would be helpful for aspiring hardware hackers.
Click to expand...
Click to collapse
It IS almost impossible. It's rediculously difficult. You'll end up pulling a pad or two off the board. You must heat up the entire chip with a heat gun or a hot air station, then pull it off... Meaning you're heating up the entire chip to the point where the solder melts. It takes a multi-thousand dollar professional setup in order to make sure no damage is done. I use a digital temperature controlled heat gun. It works, but it's not accurate.
If you could replace the pads with a socket or something like that you'll be set to go.
we need to get you a better camera
elmanortega said:
we need to get you a better camera
Click to expand...
Click to collapse
HAHHAHHAHHA. funny story about that...
You see, my 6 year old tried to do unbrickable mod on that today..
I no longer have a dedicated camera
I wish i could try it, but i am sure i wont be able to, lol
Thank you very much for this guide.
Could you also describe what tools (soldering iron etc) do you use?
I use a Radio Shack digital soldering iron. It's nothing special but it's temperature controlled and has a fine point.
I made some more overlays
here is Exynos4210
This is from OMAP 4460, but I'm pretty sure it applies to OMAP 4430 as well
verry intresting, soon i try
Seriously this guys work is awsome, learnt quite abit from your work, thank you very much!
Sent from my Desire HD using XDA App
cdesai said:
I wish i could try it, but i am sure i wont be able to, lol
Click to expand...
Click to collapse
Same here but why dont giveit a try... just encourage
AdamOutler said:
... It takes a multi-thousand dollar professional setup in order to make sure no damage is done. I use a digital temperature controlled heat gun. It works, but it's not accurate.
Click to expand...
Click to collapse
Sorry Adam, you have a great writeup, but this is really a BS statement!
-- You can easily unsolder a BGA chip with a $5 micro-blow-torch! You just have to make sure you shield the surrounding components from the excessive heat. Put a small piece of copper (a penny?) on top of the chip, then put a piece of low-temperature (lead-free) solder on top of the coin, so you can get an idea when you have enough heat. Continue 10-20 seconds. Very carefully try to jam a few sharp toothpicks under any space between chip and PCB. Never bend!
This technique is well known and well demonstrated on YouTube, ever since the HP/Nvidia scandal of video chips falling of the MOBO after dust blocking the fan intake with (purposely) under-dimensioned and faulty heat-sink design.
The problem is getting it back ON! Then you need to invest in a professional heat plate and re-balling grid.
excuse me mister, i have done it, n my tab turn back on, now i have another problem, the screen is black and the bottom light is on, could you help me?
^^ good idea! I've always used a high power and small heat gun. It works for 99% of the pads, but I always lose 1 or 2. I never intend to put them back on.
apram75 said:
excuse me mister, i have done it, n my tab turn back on, now i have another problem, the screen is black and the bottom light is on, could you help me?
Click to expand...
Click to collapse
This is the wrong place to post that. And it does not really make sense that you did this in context.
Unsoldering a BGA is easy.
Doing it without causing unrecoverable damage is a different story. Same for resoldering it back on.
However it is getting easier nowadays - temp-controlled hot air rework stations have dropped drastically in price - http://www.amazon.com/Updated-Aoyue-Digital-Soldering-absorber/dp/B006FA481G/ref=pd_cp_hi_3
Also, reflowing a BGA without removing it (such as for Xbox360 RRoD fixes) is a LOT easier than remove-and-replace.
Also - my personal favorite deal in terms of soldering irons is http://www.amazon.com/Aoyue-937-Dig...ref=sr_1_1?s=hi&ie=UTF8&qid=1331244730&sr=1-1 - The Aoyue 937 is amazing considering it is <$50.
Ok, so i'm ordering a replacement digitizer and I figure this would be a good time to try this out.
As you all know, we Kindle Fire owners have neither expandable storage or bluetooth. Hashcode's new 3.0 kernel has the proper kernel modules/support for USB hosting. Instead of having to plug things in every time I need/want extra storage I figure that i'll try and hook up the stuff inside.
So here's what I figure i'll do when I get all the materials:
I already have a mini bluetooth USB dongle that i've disassembled.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
And i'll be getting a mini USB microsd adapter that I can tear apart down to the same type of thing as the bluetooth dongle.
Now, the easy part is finding space to put them, there are a few gaps/spaces that I found for the bluetooth dongle, and placing the microsd adapter should be just as easy.
The hard part is getting the wiring all wired up on the inside, and this is where I need advice/input. Trying to solder the wires to the pins on the charge/USB port would be too hard and risky since they're so close.
I took apart one of my extra mini-b USB cables to use the pins to try and hook them up like that some way, but I don't have everything I need yet, so it's just a thought.
Ideas, advice, thoughts and/or comments?
Also, I will be documenting what i'm doing so that I can post a tutorial if I succeed.
I've also posted this in the Hardware Hacking subsection of the General board to see if they can give me any insight. http://forum.xda-developers.com/showthread.php?p=25212394
Many microSD slots have something like a contact that closes only if the microSD is inserted in, activating the reader. You can check this or buy a microSD slot that have this switch built in.
alan110112 said:
Many microSD slots have something like a contact that closes only if the microSD is inserted in, activating the reader. You can check this or buy a microSD slot that have this switch built in.
Click to expand...
Click to collapse
Are you referring on what the poster said in the other thread I made about the reader needing to be plugged in after the sd is inserted?
If so i'm not 100% sure that will be an issue. The sd will already be in when the Kindle starts up. If it is an issue I might use a small switch of some sort, but i'm hoping for a more elegant solution if the problem arises.
If u do this and open ur kindle than it will look scratched from sides
Sent From my Kindle Fire
Setupetails are Below
Cm7 Barebones+Raven's Kernel
Minimum:300 Higher 1200mhz
Go launcher Ex With MIUI Theme
Games:MC3,Fifa 2012,Real Racing 2,Stick Cricket,Gangster Rio....
Apps:Mx Video Player,JetVid,Titanium Backup,Opera Mobile,Dolphin HD,Adobe Reader
ma.da.ladla said:
If u do this and open ur kindle than it will look scratched from sides
Click to expand...
Click to collapse
I've already opened it and put it back together like 5 times and I haven't scratched it. You just need the correct tools and a little experience opening devices.
aaricchavez said:
I've already opened it and put it back together like 5 times and I haven't scratched it. You just need the correct tools and a little experience opening devices.
Click to expand...
Click to collapse
Then I will too if u succeeded.are u planning to solder SD slot to the pins of data cable/charging pins
Sent From my Kindle Fire
Setupetails are Below
Cm7 Barebones+Raven's Kernel
Minimum:300 Higher 1200mhz
Go launcher Ex With MIUI Theme
Games:MC3,Fifa 2012,Real Racing 2,Stick Cricket,Gangster Rio....
Apps:Mx Video Player,JetVid,Titanium Backup,Opera Mobile,Dolphin HD,Adobe Reader
ma.da.ladla said:
Then I will too if u succeeded.are u planning to solder SD slot to the pins of data cable/charging pins
Click to expand...
Click to collapse
That's the issue i'm trying to solve. The charge port fits snuggly in a little slot. To solve that i'll probably have to grind that part back some to make a little space for the wires. I will probably use the pins from a USB cable and put some solder on the tip of each one to get them to stay. Then i'll connect some thin wires to the pins, and to the adapter.
I ordered them, but I don't have any more spare USB cables or the sd adapter yet, so I can't do a ton as of this moment.
I'm about to do a little experimenting, if I find a solution i'll take a pic to post.
Which why I'm thinking giving my kindle to my wife and buy a full pack tablet., although might be interesting to see if it work, or just buy those cheap made table with lower specs and which those micro SD card slot etc,... old smart phone would be a nice to get all your parts needed...anyway good luck to your project..
Hey, I'm tring to do this to my Galaxy Nexus as well, minus the bluetooth dongle. If you were able to solder the wires to the usb port, do you think you would be able to get the kindle to see the micro sd?
Are you not concerned that this will affect charging?
brizey said:
Are you not concerned that this will affect charging?
Click to expand...
Click to collapse
Charging wouldn't bother me too much as I can easily pick up another battery with an external charger. Now for the kindle, that might be a different story...
from my experience if you tap onto those pins and short 4&5 together, it would indeed mount on reboot!
but have you thought that if the usb port is in permanent otg mode how will you charge/use adb/and mount usb to pc?
for that i think you will need a switch to separate the otg short.
also at the minute i don't know if there would be enough power to be able to operate the flash drive tapping onto the out pins is the same as plugging in a otg cable/adaptor and as of yet most (if not all) flashdrives need additional power source.
that being said someone mentioned that linux double the safety limit for the max power draw, so i think that maybe some dev-god (hash) would need to alter something in the kernel to lower the safety threshold.
as you pointed out in previous post where to put all those wires
and switch?
not sure but the bluetooth could work but probably with the same issues as above .
hope this helps (i'm not trying to burst your bubble as i like a little hardware Modding myself) but i think you should put your efforts & skills into a slim useable adaptor or something, which pack's all those goodies but 1.can be removable and 2. if you f$+k up your soldering as i have lots on my otg adaptors then its not good bye mr kindle
Sent from my Amazon Kindle Fire using xda premium
I must have missed the email notification of replies :/
Muddog7998 said:
Hey, I'm tring to do this to my Galaxy Nexus as well, minus the bluetooth dongle. If you were able to solder the wires to the usb port, do you think you would be able to get the kindle to see the micro sd?
Click to expand...
Click to collapse
Yeah, as long as USB host is working.
brizey said:
Are you not concerned that this will affect charging?
Click to expand...
Click to collapse
I've tested it and so far it does not affect charging.
Muddog7998 said:
Charging wouldn't bother me too much as I can easily pick up another battery with an external charger. Now for the kindle, that might be a different story...
Click to expand...
Click to collapse
Read above.
lovejoy777 said:
from my experience if you tap onto those pins and short 4&5 together, it would indeed mount on reboot!
but have you thought that if the usb port is in permanent otg mode how will you charge/use adb/and mount usb to pc?
for that i think you will need a switch to separate the otg short.
also at the minute i don't know if there would be enough power to be able to operate the flash drive tapping onto the out pins is the same as plugging in a otg cable/adaptor and as of yet most (if not all) flashdrives need additional power source.
that being said someone mentioned that linux double the safety limit for the max power draw, so i think that maybe some dev-god (hash) would need to alter something in the kernel to lower the safety threshold.
as you pointed out in previous post where to put all those wires
and switch?
not sure but the bluetooth could work but probably with the same issues as above .
hope this helps (i'm not trying to burst your bubble as i like a little hardware Modding myself) but i think you should put your efforts & skills into a slim useable adaptor or something, which pack's all those goodies but 1.can be removable and 2. if you f$+k up your soldering as i have lots on my otg adaptors then its not good bye mr kindle
Sent from my Amazon Kindle Fire using xda premium
Click to expand...
Click to collapse
I've got the wires soldered onto the pins no problem, I just can't get USB host to work at all, I haven't tested since build #6(I think)(I used some modules someone posted that they compiled) of Hashcode's kernel though. I know I didn't mess up soldering cause USB still works as well as charging, and I get a reading on a multimeter when I test the + & - leads.
I've thought of a solution for turning off USB host easily, all it requires is a magnet and a reed switch/s. Read below.
Also, my main goal is to get storage working, after that I might try bluetooth and/or gps over UART(read below)I've ordered about 10 different microsd adapters, some of which claim to need no power(confused me at first lol, I think they meant no external power), anyways, my point is microsd cards require very little power to run, so I think they'll work. If power is an issue I can just take a couple of resistors and such and power the adapter straight from the battery.
Other thread was created here, just want to keep all the threads up to date: http://forum.xda-developers.com/showthread.php?t=1632277
aaricchavez said:
The UART modules are only an idea, the main problem with going that direction instead of USB host is the drivers the modules would need(They all usually come with generic ones, but they would need to be customized for Android). I have very limited code/coding knowledge so I would need alot of help or soeone to do that part completely. I was going to pm Hashcode for help if I decided to try out the UART modules. Also, i'm unsure if more than one module can be used at the same time.
Like I just posted in the thread i'm still waiting on some stuff to arrive to actually get started on the USB host attempt. I have the wires soldered to the USB/Charge port pins, but since I don't have the microsd adapter or any more spare cords to rip apart I can't go further. I ordered about 10 different mini microsd adapters to take apart and see which works out the best.
Other people have USB host working, so shouldn't be difficult. I've just never used USB host before so i'm not real sure of what to expect.
The only downside is that there needs to be a switch of some sort somewhere to disable USB host so that adb/storage will work. I'm trying to think of something a little more elegant that having a huge hole in the case with a switch protruding out of the side. I'm going to go searching for some solutions and a super small switch.
All the UART GPS modules I found when searching "uart gps module" on Google are mostly from India and are between $30-50ish, the receivers look to be about the size of a quarter.
*http://robokits.co.in/shop/index.php?main_page=product_info&products_id=289
*http://robosapiensindia.com/robomar...n=com_virtuemart&Itemid=64&vmcchk=1&Itemid=64
*http://robosapiensindia.com/robosap...ategory_id=27&option=com_virtuemart&Itemid=64
I decided to look on Sparkfun and adafruit and i'm glad I did, it looks like they both have some modules, but I haven't looked around and dug through them yet.
*http://www.sparkfun.com/categories/4
*http://www.adafruit.com/category/35_58
All the optimism aside i'm not all too sure that we could get the GPS UART module to work. From what I see (First picture: http://forum.xda-developers.com/showthread.php?t=1471813) the UART output that Hashcode put into use only has two GNDs a TX and RX. The modules that I found all look like they need 8 connections. Adafruit has a nice pic of the connections labeled here: http://www.adafruit.com/products/746
If you're talking about microsd UART modules, as mentioned in the thread I created, someone made the point that it wouldn't make much sense because speeds would be way too low.
Click to expand...
Click to collapse
aaricchavez said:
I hate to double post, but I found the perfect solution for the switch. A reed switch or two plus a small magnet will work wonders
http://www.sparkfun.com/products/8642
Edit: Here are the switches that I am buying, they're the cheapest spdt reed switches I could find: http://www.newark.com/hamlin/mdrr-dt-15-20-f/switch-reed-spdt-co-1-5a-175vdc/dp/24C6463
This will allow USB host to be activated constantly and then deactivated easily with a neodymium magnet to use adb, USB storage and whatnot.
I'm pleased that I found such an elegant solution, no need to mess up the housing to put in a switch
Click to expand...
Click to collapse
Hi folks,
after some years of extensive usage my Milestone needs a companion
I'm new to the xperia 2011 platform and bought myself a Xperia Pro some days ago.
Right now i'm in the process of fixing the backlight, but in a few days i'm ready to rock...
I really like devices with a hardware keyboard and it's a shame that these devices leave the scene (even more in the EU).
Anyway enough talking...
I'm not the guy who ignores the search function, but i got some specific questions and hopefully someone will put some light on that.
I know as well that we are nearly in the year 2013 and these devices are not up to date, but it's O.K. for me.
In fact there are enough features on this phone and i don't need a heater in my pocket
SoC:
As i looked everywhere there's still no datasheet or register manual floating around...
Apart from the architecture is the MSM8255 comparable to the old MSM7200 if you look at the basic function?
In short:
- memory map ?
- booting scenario: arm9 boots first then armV7 comes up?
EDIT:
It seems these questions are little bit to deep... just asked for curiosity though.
I guess i'll step through kernel code and compare some of the offsets with MSM7200 (we got register manual here).
The background is that i'd like to check some register contents for debugging at a later point...
CWM:
If i got it right there's no true CWM recovery.img for the Pro, if i got it right the CWM is part of the system and loaded to RAM by helpers.
Right or wrong?
How does the partition scheme look like?
Kernel 3.x:
I realized there'd been some attempts to get a 3.x kernels running on these devices, as far as i could conclude from what i read, the situation is as follows...
- SE left the path of standard kernel API, that's why some proprietary libs will always be required (and won't fit 3.x kernel). Right or wrong?
- HDMI part seems to be a problem... but what exactely... kernel driver is missing parts or system lib?
EDIT:
O.K. no answer here from the experts right now...
BTW, just saw the FreeXperia team has opened up a new project for porting 3.4 kernel to 2011 devices
See:
http://forum.xda-developers.com/showthread.php?t=2044262
Guess i'll ask some techie stuff over there :angel:
USB host function:
AFAIK there's no 5V power at the the OTG, but there are drivers for mouse and keyboard etc.
Just in short how does it work?
External Hub?
EDIT:
O.k. i missed some thing... datasheet of BQ24185 (connected to MicroUSB VBUS signal) gave the answer:
Code:
VBUS A1, A2 I/O Charger Input Voltage. Connect to an input supply up to 16V. Bypass VBUS to PGND with a 1μF ceramic
capacitor. [I][B]During boost mode, VBUS is regulated to 5V at up to 300mA to power USB OTG peripherals[/B][/I].
In other words, while in OTG host mode the charger is run in boost mode (could be found in the kernel board file as well).
For the peripheral drivers...
http://forum.xda-developers.com/showthread.php?t=1224676
Debug UART3:
Does anyone know anything about UART3 testpoints on the mainboard?
Code:
static struct msm_gpio uart3_config_data[] = {
{GPIO_CFG(53, 1, GPIO_CFG_INPUT, GPIO_CFG_PULL_UP, GPIO_CFG_2MA),
"UART3_Rx"},
{GPIO_CFG(54, 1, GPIO_CFG_OUTPUT, GPIO_CFG_NO_PULL, GPIO_CFG_4MA),
"UART3_Tx"},
};
EDIT:
Mmmmh still unsolved... though that these signals were routed to the testpoint area as well.
After doing some measurements this could not be confirmed right now.
Background here:
Would be nice to get serial console with a nice little adaptor for low level kernel debugging.
If someone knows...
ROMs:
Same as usual... but maybe you could give some advice...
I'd like to try a stripped down stock ICS first... don't need all these visual effects but a stable system and using the HDMI would be nice as well.
Any suggestions here?
EDIT:
O.k. i'm little impatient... so i need to look for a light ROM myself
O.k. that might be it at the first sight. I guess i'll need to play around with the device a little bit, when it's functional again.
Thank's a lot for your patience and have fun!
scholbert
Hello, first of all, first of all, thank you in advance if someone can give me a cable... I bought an 8.8" android screen for my audi a5 8t 2015, it worked perfectly but I asked the seller if he had a new update or improvements and he sent me latest version available...
Well, nothing started to perform the update in principle "No problem" and when it restarts I get a black screen with a message "Check UART" and "No Signal" and nothing, what is the android system does not seem to work anymore. Now only the native "Audi" menu and reversing camera work.
I contact the seller and he does not give me a solution, he does not know how to access the recovery menu, try to flash again or anything.
I have tried more or less everything, but I can't find a solution to go back to the previous version (I only have an update.zip)
I think that the error itself of the update, jump to missing a file that did include the previous version called "Factoryconfig.xml"
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Let's see if any charitable soul who knows about it or has something more of an idea can give me a cable.
I have tried to connect via Usb to my laptop but it does not detect it, in any of the ports that the screen has.
Attached photos of the board and the screen itself.
PS: sorry for telling the whole story haha
Does anyone know about it? No, can someone help me... As always thanks in advance
PS: I would be willing to donate to solve this problem
Well, it says to check UART.
Is this the UART? It seems to be normal "TTL" levels. Don't connect the +5V to anything.
You do have a USB UART?
Renate said:
Well, it says to check UART.
Is this the UART? It seems to be normal "TTL" levels. Don't connect the +5V to anything.
You do have a USB UART?
Click to expand...
Click to collapse
Thanks for your answer. Well, I don't have one, but can I make one for myself? Or does it have to be special and I need to buy it... On the other hand, in that connection once I have the "TTL" connected there, what would I have to do?
PS: Excuse my ignorance in this I am not very put, although I do manage well
I've got 3 or 4 hanging on my wall, but I don't think that you're local.
They are sold everywhere on the internet, but probably not locally available.
This is not an endorsement of Amazon. This model is nice because it will work with all the usual voltages.
You don't particularly need it now but you might need the lower voltages for a different device.
https://www.amazon.com/DSD-TECH-SH-U09C5-Converter-Support/dp/B07WX2DSVB
You can probably find something for half this price that will work for your head unit.
When you connect it you'll probably have a console. It's like an ADB shell.
You have to see what you have and what the problem is and fix it.
I don't want you to get over your head, but I usually solder in a connector.
You could also solder in just plain header pins if you liked.
It's a 4 pin JST XH connector. Like here:
Renate said:
I've got 3 or 4 hanging on my wall, but I don't think that you're local.
They are sold everywhere on the internet, but probably not locally available.
This is not an endorsement of Amazon. This model is nice because it will work with all the usual voltages.
You don't particularly need it now but you might need the lower voltages for a different device.
https://www.amazon.com/DSD-TECH-SH-U09C5-Converter-Support/dp/B07WX2DSVB
You can probably find something for half this price that will work for your head unit.
When you connect it you'll probably have a console. It's like an ADB shell.
You have to see what you have and what the problem is and fix it.
Click to expand...
Click to collapse
Okay then I'll buy it and then we'll try to see where the problem is...
Because a way to force the screen to turn on automatically in "Recovery mode" ? to be able to plug in the usb and try to load the other previous ROM...
Finally, what about the connector is to avoid having to solder directly to the board?
If you have a console there you should be able to "reboot recovery" or "reboot fastboot" or maybe even "reboot edl".
Renate said:
If you have a console there you should be able to "reboot recovery" or "reboot fastboot" or maybe even "reboot edl".
Click to expand...
Click to collapse
Ok but, I mean now without connecting TTL etc. Simply by doing a pinout or something else, there would be no way to activate that recovery mode?
Renate said:
If you have a console there you should be able to "reboot recovery" or "reboot fastboot" or maybe even "reboot edl".
Click to expand...
Click to collapse
Console? I don't know what you mean here... Before buying the TTL or after?
A console is the Linux-like command line that you can get from Android over ADB, over a UART or in a "terminal" app.
If Android didn't start at all you might get a console to talk to u-boot.
I don't think you can do anything until you get a console.
You need a USB UART unless you have a PC with a 9 pin com port and enough parts to build a level shifter.
You don't have to solder to the board. I'd advise you not to if you're not a good solderer.
You can stick pins or wires in the holes and tape them down so that there is a little sideways pressure.
That's good enough to get things working.
If you're always using this you probably want a connector.
There are probably "secret" ways like holding some number of buttons and doing a reset.
Renate said:
I've been fighting with this thing. I can't toggle the preview button without it giving me an error.
A console is the Linux-like command line that you can get from Android over ADB, over a UART or in a "terminal" app.
If Android didn't start at all you might get a console to talk to u-boot.
I don't think you can do anything until you get a console.
You need a USB UART unless you have a PC with a 9 pin com port and enough parts to build a level shifter.
You don't have to solder to the board. I'd advise you not to if you're not a good solderer.
You can stick pins or wires in the holes and tape them down so that there is a little sideways pressure.
That's good enough to get things working.
If you're always using this you probably want a connector.
There are probably "secret" ways like holding some number of buttons and doing a reset.
Click to expand...
Click to collapse
Ok, all understood.
Regarding the latter, that's what I was mainly asking from the beginning, if anyone had dealt with a similar "motherboard" and knew the "Secret"
Renate said:
A console is the Linux-like command line that you can get from Android over ADB, over a UART or in a "terminal" app.
If Android didn't start at all you might get a console to talk to u-boot.
I don't think you can do anything until you get a console.
You need a USB UART unless you have a PC with a 9 pin com port and enough parts to build a level shifter.
You don't have to solder to the board. I'd advise you not to if you're not a good solderer.
You can stick pins or wires in the holes and tape them down so that there is a little sideways pressure.
That's good enough to get things working.
If you're always using this you probably want a connector.
There are probably "secret" ways like holding some number of buttons and doing a reset.
Click to expand...
Click to collapse
I already have the usb ttl, but I am doing something wrong or it does not detect the board, I am attaching some photos so you can see the connections as I have made them. I don't know what procedure I have to follow to detect or access the console...
Ah, you're killing me! I don't have the connection or the data plan to download 100 Megs of photos.
Could you just paste text please? You can wrap it in [code] and [/code]
https://www.putty.org/ is the standard terminal program for Windows.
Most things use a speed of 115200, 8 bits, 1 stop bit, no parity.
I'm sorry, it was because I could enlarge the photos well and thus see it better...
Renate said:
https://www.putty.org/ is the standard terminal program for Windows.
Most things use a speed of 115200, 8 bits, 1 stop bit, no parity.
Click to expand...
Click to collapse
I have already connected putty But it does not read anything, although the rxd light does blink, but it does not receive information on the console.
I have way first to check the uart ttl converter works fine
You can use the USB UART all by itself.
Connect TX to RX and twiddle some keys. (Not connected to your Android at all.)
You should be typing to yourself.
Try rebooting and see if it spits out any text.
Are you sure that you have the direction correct?
TX on a device is RX on the USB UART.
Renate said:
You can use the USB UART all by itself.
Connect TX to RX and twiddle some keys. (Not connected to your Android at all.)
You should be typing to yourself.
Try rebooting and see if it spits out any text.
Are you sure that you have the direction correct?
TX on a device is RX on the USB UART.
Click to expand...
Click to collapse
ok I have already tested the operation of the usb uart and correct.
Next, I have carried out the test with another "UART" connection that I have seen of the chip that mounts my "SC600Y-EM" screen and it seems that I do not receive a good response either, only number 7. I enclose screenshots.
thanks
https://www.quectel.com/wp-content/uploads/2021/03/Quectel_SC600YSC600TWithout_PMI_Hardware_Design_V1.1.pdf
Ok, when you try to type something, do you get more squiggly boxes?
Is there cause and effect between typing and seeing something on the screen?
Try all the different baud rates in Putty, 57600, 38400, 19200, 9600
Do you have a voltmeter? Check the voltage on the TX and RX pads of the module without anything connected.
That documentation is a bit ambiguous. It's also not clear if level shifters are on the motherboard.
Renate said:
Ok, when you try to type something, do you get more squiggly boxes?
Is there cause and effect between typing and seeing something on the screen?
Try all the different baud rates in Putty, 57600, 38400, 19200, 9600
Do you have a voltmeter? Check the voltage on the TX and RX pads of the module without anything connected.
That documentation is a bit ambiguous. It's also not clear if level shifters are on the motherboard.
Click to expand...
Click to collapse
ok, typing I don't get any response, no more green boxes are marked...
I've tried all speeds but it does the same thing.
Voltmeter check: "Without anything" connected where I sent you the photo in the supposed "UART" connection that you told me at the beginning with your photo, 3.5v in TX and RX.
In the connection where the "UART" connection is supposed to be on the direct chip, between 1.5v and 1.8v it varies, it goes up and down and down to 0v.