"Secret Codes" and Hidden Features
Hacking for "Secret Codes" and other hidden phone features.
Skill Level: Easy
Posting
==================================================
Do NOT post general questions/requests on how to do
this or that, they will not be answered, simply
because we don't know yet. Rather try to find out
by yourself and share your results.
==================================================
Purpose
To find all "Secret Codes", special properties and other hidden phone features
and settings, used in the GT-I9300. The secret codes are not so secret, but
are often used to activate and manipulate many settings, such as debug modes,
network connections, factory test modes etc. It is an unfortunate choice of
words but we will stick to this definition nonetheless for simplicity, since
it is also used in the source code by Samsung and AOS. Do not confuse secret
codes with VSC (Vertical Service Codes), USSD (Unstructured Supplementary
Service Data) or other MMI (Man Machine Interface) codes.
Although there are many "standard" codes common to many Samsung phones, they
do vary to some extent. This is because their functionality often depend on
the particular hardware, in particular the baseband processor (aka radio, DSP,
BP or CP) and the multiplexer chips that switches the various internal USB
paths, for example between MHL, BP and AP.
This is an informative reference thread on these features. If you have
relevant additional information you'd like to share, please post it here.
Background
From the Samsung Galaxy S2 experience we have gained the following
understanding when it come to the Factory/Service Mode menus and the
PhoneUtils applications. We are still to work out if this is still true for
the SGS3.
But first it is worth to note, that due to the more complicated, but better
organized phone applications in ICS, the way to enter secret codes have
changed from GB versions. Now all secret codes have to be prefixed with
"*#*#", followed by <code> and post fixed with "#*#*". [Note-1] However,
according to the GT-I9300 Service Manual, there are two codes that should work
without post- and pre-fixes. They are *#1234# (version) and *2767*3855#
(Factory reset! It will wipe your phone instantly, NO warnings, no going back,
no way to cancel.) [Note-2]
==================================================
Newbie Practice Box
Go to your phone dialer and "dial" the following string:
*#*#197328640#*#*
This will trigger the Service Menu.
==================================================This same effect can be accomplished directly on the command line, with a
direct URI broadcast call to the application receiver via:
Code:
[SIZE=2]am broadcast -a android.provider.Telephony.SECRET_CODE -d android_secret_code://1111[/SIZE]
Second, it is essential to know that the actual program code (read
assembly/machine code) for the Engineering / Service Mode menu, is actually
located in the baseband processor firmware. What you actually see when you
enter this menu, is just a java based wrapper application, that make direct
function calls through various entry points, in the baseband kernel/firmware.
What does it mean? When you enter a specific "secret code", the wrapper
application (e.g. ServiceMenu.App) deciphers the code to a particular menu
entry in the baseband processor, where it is executed and whose result is
output to the wrapper application.
Third. Apart from hardware differences, because of the baseband firmware
dependance, the set of working secret codes will differ somewhat from your
location, depending on:
Your Modem firmware
Your AOS version (ICS 4.0.1, 4.0.4 etc.)
Your CSC version (Regional codes)
Special Notes
[Note-1] This can be seen in the handleSecretCode() function in the SpecialCh****quenceMgr.java code.
[Note-2] These need testing and confirmation since they clearly contradict [Note-1].
[Note-3] Apparently the Samsung Galaxy S3 will come in at least two versions:
The GT-I9300 (FCC-ID: A3LGTI9300 )
The SCH-I939 (FCC-ID: A3LSCHI939 ) [Possibly the LTE version]
References
[1] "[GUIDE] Noobs guide to extract Galaxy S3 stock firmware(.img)"
[2] "[All Stock Firmwares] I9300XXALE8 (4.0.4) - Kenya (OJV) [19-05-12]"
[3] "[HOW TO][Windows]Extract Deodex Sign and Zipalign an official ROM"
[4] "[GUIDE] dsixda's Android Kitchen - Now with SGS2 support (Windows/Linux/Mac)"
[5] "[REF] Unpacking and repacking stock rom .img files"
[6] "[Tool] Yaffey - Utility for reading, editing and writing YAFFS2 images" (code is here)
[7] "[TOOL] Auto Bloat Remover Tool For GS III!"
[8] "[GUIDE][TOOL] Guide To Create You're Own De-Bloat Tool/APK Installer/For Any Device"
Keywords: Secret, Codes, Hidden, Service, Factory, UART
HOW TO (find new stuff)
So how do you find new codes?
Well Google it! Then consider getting the following tools:
Get jd-gui (Often crashes)
Get jad (doesn't crash, but is cmdline based)
Get sgs2toext4 (and here)
Get Disk Internals Linux Reader
Get a disk image with deodexed Apps (see below)
Then what to do?
The brief version. (For full version, see "References" in OP above.)
Download all the tools shown above.
Download the deodexed firmware images (see post#3)
(If in Windows) Double click the sgs2toext4.
Drag and drop the system.img file to the sgs2toext4 "drop window".
You will now have a system.img.ext4 file, open this file with the LinuxReader tool.
Save entire filesystem (from 5) in a new folder. Close.
Go to the folder containing the *.apk(s) of interest.
Make sure dex2jar.bat (win) is in your path and run it on your interesting.apk like this, for example:
Code:
./path/to/dex2jar.bat Samsungservice.apk
This produces a new file: Samsungservice_dex2jar.jar
Extract (7zip) this file in a new folder.
Go to that folder in command line and enter the appropriate "jad" commands. For example, to decompile all class files globbed by Phone*.class and put the decompiled sources in the "src" sub-directory, do:
Code:
jad -o -r -sjava -dsrc Phone*.class
Go to the source directory (../src) you just created.
Enjoy your *.java files!
Alternatively you can deodex on your own...but don't ask me how to do it.
A few other Tools
http://www.sable.mcgill.ca/soot/
http://jdec.sourceforge.net/
http://stackoverflow.com/questions/647116/how-to-decompile-a-whole-jar-file
http://askubuntu.com/questions/129305/how-can-i-open-binary-image-files-img
The Secret Codes
The information for this post was obtained by decompiling the
deodexed system image of the firmware shown below.
I9300XXALE8
Base Firmware: I9300XXALE8 (4.0.4)
Modem: XXLE8
CSC: OJVALE7
The latest GT-I9300 Stock Firmwares can be found here.
Here are the codes as found in:
serviceModeApp.apk: ServiceModeApp.class
Code:
[SIZE=2]
Code Description JavaCall
----------------------------------------------------------------------------------------------------------------------
197328640 || 2684 Start Service Mode / Enter SM Main Menu SendData('\001', '\001', '\000', '\000', '\000');
1111 FTA SW Version SendData('\001', '\001', '\u1002', '\000', '\000');[/SIZE] [SIZE=2]
2222 FTA HW Version SendData('\001', '\001', '\u1003', '\000', '\000');
8888 SendData('\001', '\001', '\u1003', '\000', '\000');
2886 SendData('\001', '\001', ' ', '\000', '\000');
6984125* SendData('\001', '\001', ' ', '\000', '\000');
2767*2878 ? Factory reset (complete erase & format) SendData('\001', '\001', '!', '\000', '\000');
0228 ADC Reading SendData('\001', '\001', '\005', '\000', '\000');[/SIZE] [SIZE=2]
0599 SendData('\001', '\001', '\024', '\000', '\000');
1575 SendData('\001', '\001', '\025', '\000', '\000');
2263 RF Band Selection SendData('\001', '\001', '\026', '\000', '\000');
2580 SendData('\001', '\001', '\007', '\000', '\000');
301279 || 279301 SendData('\001', '\001', '\024', '\000', '\000');
32489 Ciphering Info SendData('\001', '\001', '\006', '\000', '\000');
4238378 SendData('\001', '\001', '\027', '\000', '\000');
4387264636 SendData('\001', '\001', '\037', '\000', '\000');
7284 PhoneUtil: USB/UART I2C Mode Control SendData('\001', '\001', '\023', '\000', '\000');
738767633 SendData('\001', '\001', '\034', '\000', '\000');
73876766 SendData('\001', '\001', '\033', '\000', '\000');
7387677763 SendData('\001', '\001', '\036', '\000', '\000');
7387678378 SendData('\001', '\001', '\035', '\000', '\000');
9090 Diagnostic Configuration SendData('\001', '\001', '\023', '\000', '\000');
0011 SendData('\001', '\004', '\000', '\000', '\000');[/SIZE] [SIZE=2]
123456 SendData('\001', '\004', '\001', '\000', '\000');
<na> End Service Mode 1 () SendData('\002', '\004', '\000', '\000', '\000');
<na> End Service Mode 2 () SendData('\002', '\001', '\000', '\000', '\000');
[/SIZE]
NOTE: In the table above, I have replaced printed UTF-8 (U+NNNN) characters with '\uNNNN'.
As you can see in the table above, most of the hidden codes are just shortcuts
into various sub-menus (third parameter) of Service Mode application. However,
this does not exclude the use of other hidden codes, that can be used or detected
in other applications.
From a different file we have a some additional codes.
(Not including already covered or overlapping codes.)
serviceModeApp.apk: SecKeystringBroadcastReceiver.class
Code:
[SIZE=2]0000
147852 TestApnSettings: putExtra("testBed", "Suwon");[/SIZE] [SIZE=2]
1478963 TestApnSettings: putExtra("testBed", "Open_market");
22558463 Reset Total Call Time
232331
232332
232337
3214789650
369852 TestApnSettings: putExtra("testBed", "Gumi");
3698741 TestApnSettings: putExtra("testBed", "Delete_DB");
-------------------------------------------------------------------------------
03 NAND Flash S/N (NandFlashHeaderRead)
745 RIL Dump Menu
746 Debug Dump Menu
0228 Battery Status
1111 IF SalesCode="CTC" THEN: TerminalMode
2222 IF SalesCode="CTC" THEN: TerminalMode
2263
8888
9900 || 0514 System Dump
279301
301279
3214789 GCF Mode Settings
5337632 NFC Test
22553767 Call Drop Log View
6335623
TESTMODE
[/SIZE]
These may not always work, since some of them depend on certain "Sales Codes"
or factory IMSI numbers, through statements like:
Code:
if ((mSalesCode.equals("CHM")) && (str.equals("827828868378")))
But these were only codes found in two files.
So there are probably many more codes to be found!
Other Stuff
Here are some unknown functions from: TerminalMode.class
Code:
[SIZE=2]DEBUG_SCR SendData('\001', '\004', '\000', 0, '\000');
EI_DEBUG_SCR SendData('\001', '\006', '\000', 0, '\000');
DATA_ADV SendData('\001', '\003', '\003', 0, '\000');
NAMBASIC SendData('\001', '\003', '\001', 0, '\000');
TESTMODE SendData('\001', '\001', '\000', 0, '\000');
NAMSIMPLE SendData('\001', '\003', '\002', 0, '\000');
TEST_CALL SendData('\004', '\007', c, 0, '\000');
[/SIZE]
Here is a list of all the OEM Commands used in the Service Mode App.
Code:
[SIZE=2]-------------------------------------------------------------------------------
private class OemCommands (ServiceModeApp) value hex
-------------------------------------------------------------------------------
char OEM_SERVM_FUNCTAG = '\001';
OEM_SM_ACTION = '\000'; 00
OEM_SM_DUMMY = '\000'; 00
OEM_SM_END_MODE_MESSAGE = '\002'; 02
OEM_SM_ENTER_MODE_MESSAGE = '\001'; 01
OEM_SM_GET_DISPLAY_DATA_MESSAGE = '\004'; 04
OEM_SM_PROCESS_KEY_MESSAGE = '\003'; 03
OEM_SM_QUERY = '\001'; 01
OEM_SM_TYPE_MONITOR = '\004'; 04
OEM_SM_TYPE_MONITOR_SKT = '\001'; 01
OEM_SM_TYPE_NAM_EDIT = '\003'; 03
OEM_SM_TYPE_PHONE_TEST = '\005'; 05
OEM_SM_TYPE_SUB_ALL_VERSION_ENTER = '\004'; 04
OEM_SM_TYPE_SUB_BAND_SEL_ENTER = '\026'; 16
OEM_SM_TYPE_SUB_BATTERY_INFO_ENTER = '\005'; 05
OEM_SM_TYPE_SUB_BLUETOOTH_TEST_ENTER = '\t'; 09
OEM_SM_TYPE_SUB_CIPHERING_PROTECTION_ENTER = '\006'; 06
OEM_SM_TYPE_SUB_ENTER = '\000'; 00
OEM_SM_TYPE_SUB_FACTORY_PRECONFIG_ENTER = '\016'; 0e
OEM_SM_TYPE_SUB_FACTORY_RESET_ENTER = '\r'; od
OEM_SM_TYPE_SUB_FACTORY_VF_TEST_ENTER = '\031'; 19
OEM_SM_TYPE_SUB_FTA_HW_VERSION_ENTER = '\003'; 03
OEM_SM_TYPE_SUB_FTA_SW_VERSION_ENTER = '\002'; 02
OEM_SM_TYPE_SUB_GCF_TESTMODE_ENTER = '\027'; 17
OEM_SM_TYPE_SUB_GET_SELLOUT_SMS_INFO_ENTER = '\037'; 1f
OEM_SM_TYPE_SUB_GPSONE_SS_TEST_ENTER = '\025'; 15
OEM_SM_TYPE_SUB_GSM_FACTORY_AUDIO_LB_ENTER = '\030'; 18
OEM_SM_TYPE_SUB_IMEI_READ_ENTER = '\b'; 08
OEM_SM_TYPE_SUB_INTEGRITY_PROTECTION_ENTER = '\007'; 07
OEM_SM_TYPE_SUB_MELODY_TEST_ENTER = '\013'; 0b
OEM_SM_TYPE_SUB_MP3_TEST_ENTER = '\f'; oc
OEM_SM_TYPE_SUB_RRC_VERSION_ENTER = '\024'; 14
OEM_SM_TYPE_SUB_RSC_FILE_VERSION_ENTER = '\021'; 11
OEM_SM_TYPE_SUB_SELLOUT_SMS_DISABLE_ENTER = '\034'; 1c
OEM_SM_TYPE_SUB_SELLOUT_SMS_ENABLE_ENTER = '\033'; 1b
OEM_SM_TYPE_SUB_SELLOUT_SMS_PRODUCT_MODE_ON = '\036'; 1e
OEM_SM_TYPE_SUB_SELLOUT_SMS_TEST_MODE_ON = '\035'; 1d
OEM_SM_TYPE_SUB_SW_VERSION_ENTER = '\001'; 01
OEM_SM_TYPE_SUB_TFS4_EXPLORE_ENTER = '\017'; 0f
OEM_SM_TYPE_SUB_TOTAL_CALL_TIME_INFO_ENTER = '\032'; 1a
OEM_SM_TYPE_SUB_TST_AUTO_ANSWER_ENTER = ' '; 20
OEM_SM_TYPE_SUB_TST_FTA_HW_VERSION_ENTER = ----> # UTF-8: U+1003: e1 80 83 MYANMAR LETTER GHA
OEM_SM_TYPE_SUB_TST_FTA_SW_VERSION_ENTER = ----> # UTF-8: U+1002: e1 80 82 MYANMAR LETTER GA
OEM_SM_TYPE_SUB_TST_NV_RESET_ENTER = '!'; 21
OEM_SM_TYPE_SUB_USB_DRIVER_ENTER = '\022'; 12
OEM_SM_TYPE_SUB_USB_UART_DIAG_CONTROL_ENTER = '\023'; 13
OEM_SM_TYPE_SUB_VIBRATOR_TEST_ENTER = '\n'; 0a
OEM_SM_TYPE_TEST_AUTO = '\002'; 02
OEM_SM_TYPE_TEST_MANUAL = '\001'; 01
-------------------------------------------------------------------------------
private class OemCommands (TerminalMode)
-------------------------------------------------------------------------------
OEM_HIDDEN_FUNCTAG = 'Q';
OEM_HM_END_TEST_CALL_MESSAGE = '\t';
OEM_HM_TEST_CALL_MESSAGE = '\004';
OEM_HM_TYPE_TEST_CALL = '\007';
OEM_SERVM_FUNCTAG = '\001';
-------------------------------------------------------------------------------
private class OemCommands (SysDump:)
-------------------------------------------------------------------------------
OEM_DBG_STATE_GET = 6;
OEM_DEL_RIL_LOG = 13;
OEM_DPRAM_DUMP = 14;
OEM_DUMPSTATE = 3;
OEM_DUMPSTATE_ALL = 20;
OEM_ENABLE_LOG = 7;
OEM_GCF_MODE_GET = 15;
OEM_GCF_MODE_SET = 16;
OEM_IPC_DUMP_BIN = 9;
OEM_IPC_DUMP_LOG = 8;
OEM_KERNEL_LOG = 4;
OEM_LOGCAT_CLEAR = 5;
OEM_LOGCAT_MAIN = 1;
OEM_LOGCAT_RADIO = 2;
OEM_MODEM_FORCE_CRASH_EXIT = 23;
OEM_MODEM_LOG = 18;
OEM_NV_DATA_BACKUP = 17;
OEM_OEM_DUMPSTATE_MODEM_LOG_AUTO_START = 19;
OEM_RAMDUMP_MODE = 10;
OEM_RAMDUMP_STATE_GET = 11;
OEM_START_RIL_LOG = 12;
OEM_SYSDUMP_FUNCTAG = 7;
OEM_TCPDUMP_START = 21;
OEM_TCPDUMP_STOP = 22;
-------------------------------------------------------------------------------
[/SIZE]
Enjoy!
Special Properties
Next we'll have a look at some interesting (or not?) system "properties".
For now, I'll just list some of those I found more interesting and potentially useful.
Code:
[SIZE=2]Property Setting/String Source Description[/SIZE]
[SIZE=2]----------------------------------------------------------------------------------------------------------------------[/SIZE]
[SIZE=2]dev.silentlog.on On SysDump: [/SIZE]
[SIZE=2]gsm.operator.numeric 45001 Sec_Ril_Dump: [RIL::FD] Samsung Testbed[/SIZE]
[SIZE=2]gsm.default.sidmode ? UART[/SIZE]
[SIZE=2]net.tcpdumping On SysDump: ?[/SIZE]
[SIZE=2]nfc.trace.mode On Enable NFC Trace Mode [/SIZE]
[SIZE=2]ril.FTM_MODE ? "FTM_MODE_KEY"[/SIZE]
[SIZE=2]ril.FS true PhoneUtils: updateRAFT() Activates RAFT (???) updates[/SIZE]
[SIZE=2]ril.OTPAuth SysDump: OTP Authentication [/SIZE]
[SIZE=2]ril.cdma.inecmmode true Is phone in ECM mode?[/SIZE]
[SIZE=2]ril.unique_number The RIL Unique Number (UN)[/SIZE]
[SIZE=2]ril.sms.gcf-mode On ? SMS "GCF" mode[/SIZE]
[SIZE=2]persist.log.seclevel On Switchable Log level?[/SIZE]
[SIZE=2]persist.sys.country [/SIZE]
[SIZE=2]ro.build.type eng SysDump: [/SIZE]
[SIZE=2]ro.debuggable On Enable Debug / DBG_ENG / Engineering Mode??[/SIZE]
[SIZE=2]----------------------------------------------------------------------------------------------------------------------[/SIZE]
[SIZE=2]Country/Region Specific[/SIZE]
[SIZE=2]----------------------------------------------------------------------------------------------------------------------[/SIZE]
[SIZE=2]ro.board.platform [/SIZE]
[SIZE=2]ro.build.characteristics [/SIZE]
[SIZE=2]ro.csc.sales_code SKT | KIT | LGT PhoneFeature: makeFeatureForKor() [/SIZE]
[SIZE=2]ro.product.name espressorf | espresso10rf PhoneFeature: checkDBGLevel() [/SIZE]
[SIZE=2] aegis2vzw PhoneFeature: makeFeatureForKor() [/SIZE]
[SIZE=2] jaguars | jaguark | jaguarl [/SIZE]
A particularly fun string is the following, found in the featureForKor() function:
Code:
[SIZE=2]mFeatureList.put("emergency_for_cyber_terror", boolean2);[/SIZE]
I'd really like to know what this does!
Special Files
As we know from other Samsung Galaxy class phones, there are a number
of files that can be created or modified in order to activate certain
functions. Here we list those found to date. Please post if you know
of other ones!
Apparently setting the "SubscriberID" (IMSI) to "999999999999999" also
activates certain test features. A sim with this IMSI is also known as
a "Factory SIM". However, if the SIM IMSI starts with either "45001" or
"00101" it is a "Test SIM".
[See: ServiceModeApp.apkhoneUtils.java:isFactoryMode() or
FactoryTest.apk:ModuleCommon.java:isFactorySim()]
Code:
[SIZE=2]File FileContent Description[/SIZE]
[SIZE=2]-------------------------------------------------------------------------------[/SIZE]
[SIZE=2]/efs/FactoryApp/factorymode ON Enable Factory Mode[/SIZE]
[SIZE=2]/efs/FactoryApp/keystr ON Blocked (hidden code?) Key String(s)[/SIZE]
[SIZE=2]/efs/imei/mps_code.dat ? ?[/SIZE]
[SIZE=2]/efs/root/ERR ? Error Log[/SIZE]
[SIZE=2]/data/.psm.info ? WiFi Power Save Mode [/SIZE]
[SIZE=2]---------------------------------------[/SIZE]
[SIZE=2]Various Log Files:[/SIZE]
[SIZE=2]---------------------------------------[/SIZE]
[SIZE=2]/data/log/CallDropInfoLog.txt ? Dropped Calls Log[/SIZE]
[SIZE=2]/data/log/lucky_ril.log ? ?[/SIZE]
[SIZE=2]/data/log/dumpState_*.log ? ? System Dump Log[/SIZE]
[SIZE=2]/data/log/main_*.log ? ? [/SIZE]
[SIZE=2]/data/anr/traces.txt ? ? [/SIZE]
[SIZE=2]/data/log/err ? ? Error Log[/SIZE]
[SIZE=2]/data/log/err/AENEAS_TRACE_###.bin RF Aeneas Trace Log[/SIZE]
[SIZE=2]/data/log/err/MA_TRACE_###.bin RF MA Trace Log[/SIZE]
[SIZE=2]/mnt/sdcard/log ? ?[/SIZE]
[SIZE=2]---------------------------------------[/SIZE]
[SIZE=2]System Files [/SIZE]
[SIZE=2]---------------------------------------[/SIZE]
[SIZE=2]/sys/class/sec/switch/adc [/SIZE]
(Note: Some of these paths need to be verified, as they may be relative...)
Finally, we have two NVpasswords, that is used for uploading or dumping NVram, AFAIK. They are:
873283
3352225
and they can be found in Sec_Ril_Dump.class.
DISCALIMER:
As I do not have access to a GT-I9300, I have not been able to verify
any of the information in this thread! I apologize if there is any erroneous
information here. Please let me know and post new information here as
it become available. Also make sure you make a complete backup, before
attempting any of the codes or other trickery above!
Great post Buddy. But..........
But I didn't Understand Anything, lol better to say Nothing......... Too complicate for my simple mind.
This is some list! Great job!
Very good info there .. how about programming the sim with that IMSI will it have any effect.
Sent from my GT-I9300
tids2k said:
Very good info there .. how about programming the sim with that IMSI will it have any effect.
Click to expand...
Click to collapse
It certainly will, but you will have to find a SIM that is programmable!
You can buy programmable SIM cards from the Sysmocom website, but you need the tools to do so. Sysmocom is ran by some of the GSM security researchers and open source baseband developers...
Here is tutorial on how to clone a SIM card. However, this may be highly illegal in some countries, even for your own! Check your local laws.
(In addition it is a border-line topic on what we are allowed to post here on XDA.)
But Apple proposed, (and here) already some years ago, to have programmable SIM cards built into their devices. This would make perfect sense, since the whole idea about using SIM cards have been neglected and forgotten in the first place. (The original idea, was that it should be extremely easy to switch SIM cards, so that you could easily just borrow someone else's phone, put you card in and make a phone call. Even on designated SIM-holder enabled pay-phones! This has become forgotten and circumvented and damn hard to do with embedded sim cards deep inside your phone.) In addition most cellular providers have lobbied against it...
Definately would look at it. Here is the link for the time being ...
http://www.jaycar.com.au/productView.asp?ID=KC5361
I remember when Dejan found the binary hack way back in 2006 for BB5 Nokia phones, he posted files on his website on how to clone a simcard. But those times only 16bit chips were used.
Here is the scheme tics for the reader if any one interested.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
via Flying Daggers
tids2k said:
how about programming the sim with that IMSI will it have any effect.
Click to expand...
Click to collapse
No need to program a sim, there is a service code (*#46744674#) which will set your IMSI to 9999..., well it does on the SGS2 anyway.
Does it look like there are any menus where you can disable Fast Dormancy? *#9900# does not allow you to do this on the S3
Code:
Samsung Galaxy S3 .. Secret Codes found by tids2k
Thanks to E:V:A for his information and knowledge
HOW TO RUN THESE COMMANDS :
Connect your phone into debug mode .. Settings -> USB Debugging [] Enable it.
Then in MS-DOS C:\ type
am broadcast -a android.provider.Telephony.SECRET_CODE -d android_secret_code://****
where **** is the secret code :-) So let us begin
Secret Codes **** Function
2684 or 197328640 DEBUG MENU
0000 CSC SPECIFIC
827828868378 CSC SPECIFIC
2684 SERVICE MODE ( WATCHDOG/DUMPS/LOGS OPTIONS)
0011 CONNECTION STATUS
123456 CONNECTION STATUS
22558463 RESETS TOTAL TALK TIME
32489 CIPHERING INFO
2580 NON-SUPPORT
232337 BLUETOOTH ADAPTER ADDRESS
232331 BLUETOOTH RF TEST
232332 ??
9090 DIAG CONFIG (MODEM)
73876766 SELLOUT SMS ENABBLE
738767633 SELLOUT SMS DISABLE
7387678378 SELLOUT SELF SET TEST MODE
7387677763 SELLOUT SMS SET PRODUCT MODE
4238378 GCF SETTINGS
4387264636 SELLOUT SMS MAIN
1575 GPS SETTINGS
6984125 ????
2886 ??
2767*2878 ??
745 RIL COMMANDS ( NICE ONE )
746 ANOTHER DUMP TOOL ( NICE ONE )
9900 or 0514 SYSDUMP
1111 FTA SW VERSION
2222 or 8888 FTA HW VERSION
301279 or 279301 RRC ( HSPA ) CONTROL
2263 BAND SELECTION
5337632 SOME KIND OF SOUND
0228 BATTERY STATUS
03 NAND FLASH UNIQUE NO.
3214789 GCF MODE ENABLE/DISABLE
6335623 WIFI HIDDEN MENU
NOW FACTORY SETTINGS
06 IMEI
0589 LIGHT SENSOR TEST
80 TOUCH NOISE TEST
251 WAKELOCK ON
250 WAKELOCK OFF
350 REBOOT
5238973 LCD TYPE
4327 HDCP INFO
22235 ACCELEROMETER SENSOR INFO
0782 RCT CLOCK
86824 TOUCH KEY SENSTIVITY
0842 VIBRATION TEST
0673 SPEAKER/HEADPHONE/HEADSET TEST
0289 MELODY TEST
2663 TOUCH FIRMWARE UPDATE
2664 POINTER LOCATION
0588 PROXIMITY TEST
3264 RAM CHECK
7780 MASTER RESET
7769 PROXIMITY SENSOR TEST
87976633 FACTORY RESET
9999*3288 QWERTY COUNTER
767*2878 QWERTY COUNTER RESET
0283 LOOPBACK TEST
7328735824 LOT ID
three new tablets in work ... lol
if ((str1.startsWith("GT-P31")) || (str1.startsWith("GT-P51")) || (str1.startsWith("SCH-i705")));
tids2k said:
Code:
Samsung Galaxy S3 .. Secret Codes found by tids2k
Thanks to E:V:A for his information and knowledge
HOW TO RUN THESE COMMANDS :
Connect your phone into debug mode .. Settings -> USB Debugging [] Enable it.
Then in MS-DOS C:\ type
am broadcast -a android.provider.Telephony.SECRET_CODE -d android_secret_code://****
where **** is the secret code :-) So let us begin
Secret Codes **** Function
2684 or 197328640 DEBUG MENU
0000 CSC SPECIFIC
827828868378 CSC SPECIFIC
2684 SERVICE MODE ( WATCHDOG/DUMPS/LOGS OPTIONS)
0011 CONNECTION STATUS
123456 CONNECTION STATUS
22558463 RESETS TOTAL TALK TIME
32489 CIPHERING INFO
2580 NON-SUPPORT
232337 BLUETOOTH ADAPTER ADDRESS
232331 BLUETOOTH RF TEST
232332 ??
9090 DIAG CONFIG (MODEM)
73876766 SELLOUT SMS ENABBLE
738767633 SELLOUT SMS DISABLE
7387678378 SELLOUT SELF SET TEST MODE
7387677763 SELLOUT SMS SET PRODUCT MODE
4238378 GCF SETTINGS
4387264636 SELLOUT SMS MAIN
1575 GPS SETTINGS
6984125 ????
2886 ??
2767*2878 ??
745 RIL COMMANDS ( NICE ONE )
746 ANOTHER DUMP TOOL ( NICE ONE )
9900 or 0514 SYSDUMP
1111 FTA SW VERSION
2222 or 8888 FTA HW VERSION
301279 or 279301 RRC ( HSPA ) CONTROL
2263 BAND SELECTION
5337632 SOME KIND OF SOUND
0228 BATTERY STATUS
03 NAND FLASH UNIQUE NO.
3214789 GCF MODE ENABLE/DISABLE
6335623 WIFI HIDDEN MENU
NOW FACTORY SETTINGS
06 IMEI
0589 LIGHT SENSOR TEST
80 TOUCH NOISE TEST
251 WAKELOCK ON
250 WAKELOCK OFF
350 REBOOT
5238973 LCD TYPE
4327 HDCP INFO
22235 ACCELEROMETER SENSOR INFO
0782 RCT CLOCK
86824 TOUCH KEY SENSTIVITY
0842 VIBRATION TEST
0673 SPEAKER/HEADPHONE/HEADSET TEST
0289 MELODY TEST
2663 TOUCH FIRMWARE UPDATE
2664 POINTER LOCATION
0588 PROXIMITY TEST
3264 RAM CHECK
7780 MASTER RESET
7769 PROXIMITY SENSOR TEST
87976633 FACTORY RESET
9999*3288 QWERTY COUNTER
767*2878 QWERTY COUNTER RESET
0283 LOOPBACK TEST
7328735824 LOT ID
Click to expand...
Click to collapse
Untested, here; nevertheless - thanks for this info guys!!
Sent from my GT-I9300 using xda premium
This should all work. Didnt had much time to look for other commands, will do in a day or so.
Sent from my GT-I9300 using XDA Premium HD app
Odia said:
No need to program a sim, there is a service code (*#46744674#) which will set your IMSI to 9999..., well it does on the SGS2 anyway.
Click to expand...
Click to collapse
Thanks! Probably very useful, but
1) Is that temporary? (How to get back original after having use this code?)
2) Where is it located? (What App + class files?)
Odia said:
No need to program a sim, there is a service code (*#46744674#) which will set your IMSI to 9999..., well it does on the SGS2 anyway.
Click to expand...
Click to collapse
doesnt work on sgs III
Hi all,
a couple of month ago I build an app with shortcuts for the "secret" dialer codes within the galaxy S2, because I could not remember them all ...This app is special tailored for the galaxy S2, but should work on all SAMSUNG devices with TOUCHWIZ ... Not all codes will work on all devices, but a lot these codes work on other samsung touchwiz devices.
I tested the App with my GS3 and a lot of these codes still working ....
You could also add your own codes and ussd codes to an app internal database ... and some users even uses this database as hidden phone book
Check it out: https://play.google.com/store/apps/details?id=com.widgapp.HiddenFeaturesFREE
(Important: These codes will NOT work on most custom roms, Nexus S, Galaxy Nexus, HTC, Sony, Motorolla etc. ...I´m a little bit annoyed by comments like: Not working on my HTC, Sony, Nexus S, Samsung XYZ with custom rom zyx .... ...without Touchwiz, there is no possibility to use touchwiz firmware functions!)
SAMSUNG GALAXY S3 CODES SECRETS
*#06# Show IMEI number
*#0*# LCD Test Menu
*#*#4636#*#* user statistics and Phone Info
*#0011# Displays status information for the GSM
*#1234# View SW Version PDA, CSC, MODEM
*#12580*369# SW & HW Info
*#197328640# Service Mode
*#0228# ADC Reading
*#32489# (Ciphering Info)
*#232337# Bluetooth Address
*#232331# Bluetooth Test Mode
*#232338# WLAN MAC Address
*#232339# WLAN Test Mode
*#0842# Vibra Motor Test Mode
*#0782# Real Time Clock Test
*#0673# Audio Test Mode
*#0*# General Test Mode
*#2263# RF Band Selection
*#9090# Diagnostic ConfiguratioN
*#7284# USB I2C Mode Control
*#872564# USB Logging Control
*#4238378# GCF Configuration
*#0283# Audio Loopback Control
*#1575# GPS Control Menu
*#3214789650# LBS Test Mode
*#745# RIL Dump Menu
*#746# Debug Dump Menu
*#9900# System Dump Mode
*#44336# Sofware Version Info
*#7780# Factory Reset
*2767*3855# Full Factory Reset
*#0289# Melody Test Mode
*#2663# TSP / TSK firmware update
*#03# NAND Flash S/N
*#0589# Light Sensor Test Mode
*#0588# Proximity Sensor Test Mode
*#273283*255*3282*# Data Create Menu
*#273283*255*663282*# Data Create SD Card
*#3282*727336*# Data Usage Status
*#7594# Remap Shutdown to End Call TSK
*#34971539# Camera Firmware Update
*#526# WLAN Engineering Mode
*#528# WLAN Engineering Mode
*#7412365# Camera Firmware Menu
*#07# Test History
*#3214789# GCF Mode Status
*#272886# Auto Answer Selection
*#8736364# OTA Update Menu
*#301279# HSDPA/HSUPA Control Menu
*#7353# Quick Test Menu
*2767*4387264636# Sellout SMS / PCODE view
*#7465625# View Phone Lock Status
*7465625*638*# Configure Network Lock MCC/MNC
#7465625*638*# Insert Network Lock Keycode
*7465625*782*# Configure Network Lock NSP
#7465625*782*# Insert Partitial Network Lock Keycode
*7465625*77*# Insert Network Lock Keycode SP
#7465625*77*# Insert Operator Lock Keycode
*7465625*27*# Insert Network Lock Keycode NSP/CP
#7465625*27*# Insert Content Provider Keycode
*#272*IMEI# then we will get buyer code (For samsung galaxy sIII csc code)
*#*#7780#*#* Factory data reset - Clears Google-account data, system and program settings and installed programs. system will not be deleted, and OEM programs, as well as My Documents (pictures, music, videos)
ascsa said:
I tested the App with my GS3 and a lot of these codes still working ....
Click to expand...
Click to collapse
Hi! Thanks for your effort, but your post risk confusing people and corrupting this thread, because the red application functions (as shown in your table) only show that your app is not able to use those codes, and not that they do not work with SGS3.
TO ALL:
DO not post new codes here, unless you have either:
a) personally tested the codes on a GT-I9300
b) found and documented references in the source code, that can be independently verified.
Thanks!
El Grande Partition Table Reference
This is a development thread whose main purpose is to catalog and document
the various partition tables used by our manufacturers in our loved Androids.
Thread Difficulty: Medium (some risk of bricking)
When people get a bad flash and soft-brick their devices, one of the first
things that need to be done, is finding out on what partition that flash went
bad. This information can be extremely valuable since it could very well make
the difference between loosing or keeping all your data.
In addition, it will help clarify much of the partitioning confusion that has
arisen because of the many different partitioning schemes used in different
devices and by different hardware manufacturers.
Thus you can help by providing your complete partition tables in this thread
in one post. In order for this information to be useful, you will have to
provide and specify the following:
Code:
General Device Name: Samsung Galaxy S2
Manufacturer Product Name: GT-I9100
Processor: Exynos 4210
AOS version: Android GB 2.3.4
Radio FW version: XXKI1
System FW version: XXKE4
Service Provider/ Branding: T-mobile
Country: Germany
<< output of parted >>
<< output of fdisk >>
<< output of gdisk >>
<< Any additional info you'd like to share. See text.>>
Additional information that could be useful, include:
Code:
a) The alternative commands shown in post#2 below.
b) Other hardware info that can often be found in the PDA database.
c) A link to a text paste site with the output from:
1. dmesg (directly after reboot)
2.
How To Post Here
To make your post compact and stylish, post using the "Go Advanced"
and put your command output in "CODE" tags and choose: "Sizes" ==> 2.
If you know how to, also replace all tabs (\t) with spaces. If your output
is excessively large, please use paste site (pastebin, pastie etc.) instead
of multiple posts.
Also, please search the thread for previous devices before posting
your own results, unless they differ significantly.
==================================================
This is a development thread. Do not ask for help with this or that,
this is not a support thread! Make sure that any question you might
have, is directly related to the benefit of this thread and on-topic.
If not your post will be removed.
==================================================
The goal here is to obtain as detailed information about your device
partitions as possible. The most important information are (with example):
Code:
- Partition Number 2
- Partition Name mmcblk0p2
- Partition Type EXT4
- Partition MBR ID 83
- Partition GPT ID 8300 /
- Partition Label SBL1
- Partition Description Secondary Bootloader 1
- Start block (hex/dec) 0x1000
- End block (hex/dec) 0x1fff
- Partiton Size (hex/dec) 0x1000
- Partition Content Qualcomm SBL1 bootloader image (sbl1.img)
As a good example of a fairly complete partition table is that of the
Verizon Samsung Galaxy S3 (SCH-I535), as shown in post#3, although it is
still missing some relevant data, it was completed using the commands
shown in post#2.
Thanks in advance for wanting to help to make this thread an awesome
and great partition table reference.
Click to expand...
Click to collapse
So far we have the following devices in our list:
Code:
[SIZE=2]Samsung Galaxy S3 (SCH-I535) [URL="http://forum.xda-developers.com/showpost.php?p=33358998&postcount=3"]Post#3[/URL]
Samsung Galaxy Note (SHV-E160L) [URL="http://forum.xda-developers.com/showpost.php?p=33568941&postcount=7"]Post#7[/URL]
HTC One X LTE [US AT&T, Verizon, etc] [URL="http://forum.xda-developers.com/showpost.php?p=34063606&postcount=8"]Post#8[/URL]
Samsung LED TV ES-5700 (UE40ES5700SXXH) [URL="http://forum.xda-developers.com/showpost.php?p=34065570&postcount=9"]Post#9[/URL]
Samsung Galaxy Camera (EK-GC100) [URL="http://forum.xda-developers.com/showpost.php?p=34841863&postcount=10"]Post#10[/URL]
Samsung GT-I8150 [URL="http://forum.xda-developers.com/showpost.php?p=35130021&postcount=11"]Post#11[/URL]
Samsung SHV-E160L [URL="http://forum.xda-developers.com/showpost.php?p=36019312&postcount=13"]Post#13[/URL]
LG Optimus G (LS970) [Sprint] [URL="http://forum.xda-developers.com/showpost.php?p=38362505&postcount=16"]Post#16[/URL]
LG Motion (MS770/LW770) [URL="http://forum.xda-developers.com/showpost.php?p=40890468&postcount=20"]Post#20[/URL]
Samsung Galaxy S Plus [URL="http://forum.xda-developers.com/showpost.php?p=41499110&postcount=21"]Post#21[/URL]
Samsung GT-I8160 [URL="http://forum.xda-developers.com/showpost.php?p=42096782&postcount=22"]Post#22[/URL]
Samsung GT-N7000 (16GB) [URL="http://forum.xda-developers.com/showpost.php?p=42744917&postcount=24"]Post#24[/URL]
LG G2 (D-800) [AT&T, Verizon] [URL="http://forum.xda-developers.com/showpost.php?p=45574215&postcount=25"]Post#25[/URL]
[/SIZE]
Here is another thread I strongly recommend reading, before posting here.
It has an excellent explanation of the linux file permissions and how to make
backups of the most important partitions.
[GUIDE] Making Dump Files Out of Android Device Partitions
<< To Be Continued.. >>
How to obtain your partition table?
Although the way to obtain your complete partition table layout varies from
device to device, there are some standard tools and methods to do this. The
most important thing to know, especially if you're used to the old-school
Windows/Linux Master Boot Record (MBR) type file systems, is that most modern
Android smartphones now make heavy use of the GUID Partition Table (GPT)
structure (formatting). Thus you will need some slightly different tools, to
obtain the proper information from your device. Different tools give different
information, as we shall see.
NOTE: You have to be rooted to use these tools!Example-1: (Partition Tables for the Samsung Galaxy S2 GT-I9100)
Here we get our partition table using three different tools:
fdisk
parted
gdisk (aka gptfdisk)
And the results will differ quite dramatically.
1. Using fdisk:
Code:
[SIZE=2]/ # fdisk -l /dev/block/mmcblk0[/SIZE]
[SIZE=2] Disk /dev/block/mmcblk0: 15.7 GB, 15756951552 bytes[/SIZE]
[SIZE=2] 1 heads, 16 sectors/track, 1923456 cylinders[/SIZE]
[SIZE=2] Units = cylinders of 16 * 512 = 8192 bytes[/SIZE]
[SIZE=2] Device Boot Start End Blocks Id System[/SIZE]
[SIZE=2] /dev/block/mmcblk0p1 1 1923456 15387647+ ee EFI GPT[/SIZE]
[SIZE=2] Partition 1 does not end on cylinder boundary[/SIZE]
2. Using parted:
Code:
[SIZE=2]/ # parted /dev/block/mmcblk0[/SIZE]
[SIZE=2] GNU Parted 1.8.8.1.179-aef3[/SIZE]
[SIZE=2] Using /dev/block/mmcblk0[/SIZE]
[SIZE=2] Welcome to GNU Parted! Type 'help' to view a list of commands.[/SIZE]
[SIZE=2] (parted) p[/SIZE]
[SIZE=2] p[/SIZE]
[SIZE=2] Model: MMC VYL00M (sd/mmc)[/SIZE]
[SIZE=2] Disk /dev/block/mmcblk0: 15.8GB[/SIZE]
[SIZE=2] Sector size (logical/physical): 512B/512B[/SIZE]
[SIZE=2] Partition Table: gpt[/SIZE]
[SIZE=2] Number Start End Size File system Name Flags[/SIZE]
[SIZE=2] 1 4194kB 25.2MB 21.0MB ext4 EFS[/SIZE]
[SIZE=2] 2 25.2MB 26.5MB 1311kB SBL1[/SIZE]
[SIZE=2] 3 27.3MB 28.6MB 1311kB SBL2[/SIZE]
[SIZE=2] 4 29.4MB 37.7MB 8389kB PARAM[/SIZE]
[SIZE=2] 5 37.7MB 46.1MB 8389kB KERNEL[/SIZE]
[SIZE=2] 6 46.1MB 54.5MB 8389kB RECOVERY[/SIZE]
[SIZE=2] 7 54.5MB 159MB 105MB ext4 CACHE[/SIZE]
[SIZE=2] 8 159MB 176MB 16.8MB MODEM[/SIZE]
[SIZE=2] 9 176MB 713MB 537MB ext4 FACTORYFS[/SIZE]
[SIZE=2] 10 713MB 2861MB 2147MB ext4 DATAFS[/SIZE]
[SIZE=2] 11 2861MB 15.2GB 12.4GB fat32 UMS[/SIZE]
[SIZE=2] 12 15.2GB 15.8GB 537MB ext4 HIDDEN[/SIZE]
3. Using gdisk:
Code:
[SIZE=2]/ # gdisk -l /dev/block/mmcblk0[/SIZE]
[SIZE=2] GPT fdisk (gdisk) version 0.8.4[/SIZE]
[SIZE=2] Partition table scan:[/SIZE]
[SIZE=2] MBR: protective[/SIZE]
[SIZE=2] BSD: not present[/SIZE]
[SIZE=2] APM: not present[/SIZE]
[SIZE=2] GPT: present[/SIZE]
[SIZE=2] Found valid GPT with protective MBR; using GPT.[/SIZE]
[SIZE=2] Disk /dev/block/mmcblk0: 30775296 sectors, 14.7 GiB[/SIZE]
[SIZE=2] Logical sector size: 512 bytes[/SIZE]
[SIZE=2] Disk identifier (GUID): 52444E41-494F-2044-4D4D-43204449534B[/SIZE]
[SIZE=2] Partition table holds up to 128 entries[/SIZE]
[SIZE=2] First usable sector is 34, last usable sector is 30775262[/SIZE]
[SIZE=2] Partitions will be aligned on 2048-sector boundaries[/SIZE]
[SIZE=2] Total free space is 17341 sectors (8.5 MiB)[/SIZE]
[SIZE=2] Number Start (sector) End (sector) Size Code Name[/SIZE]
[SIZE=2] 1 8192 49151 20.0 MiB 0700 EFS[/SIZE]
[SIZE=2] 2 49152 51711 1.2 MiB 0700 SBL1[/SIZE]
[SIZE=2] 3 53248 55807 1.2 MiB 0700 SBL2[/SIZE]
[SIZE=2] 4 57344 73727 8.0 MiB 0700 PARAM[/SIZE]
[SIZE=2] 5 73728 90111 8.0 MiB 0700 KERNEL[/SIZE]
[SIZE=2] 6 90112 106495 8.0 MiB 0700 RECOVERY[/SIZE]
[SIZE=2] 7 106496 311295 100.0 MiB 0700 CACHE[/SIZE]
[SIZE=2] 8 311296 344063 16.0 MiB 0700 MODEM[/SIZE]
[SIZE=2] 9 344064 1392639 512.0 MiB 0700 FACTORYFS[/SIZE]
[SIZE=2] 10 1392640 5586943 2.0 GiB 0700 DATAFS[/SIZE]
[SIZE=2] 11 5586944 29720575 11.5 GiB 0700 UMS[/SIZE]
[SIZE=2] 12 29720576 30769151 512.0 MiB 0700 HIDDEN[/SIZE]
Example-2: (Using built-in system tools.)
Code:
[SIZE=2]/ # mount
rootfs / rootfs ro,relatime 0 0
tmpfs /dev tmpfs rw,relatime,mode=111 0 0
devpts /dev/pts devpts rw,relatime,mode=600 0 0
proc /proc proc rw,relatime 0 0
sysfs /sys sysfs rw,relatime 0 0
none /acct cgroup rw,relatime,cpuacct 0 0
tmpfs /mnt/asec tmpfs rw,relatime,mode=755,gid=1000 0 0
tmpfs /mnt/obb tmpfs rw,relatime,mode=755,gid=1000 0 0
tmpfs /mnt/usb tmpfs rw,relatime,mode=755,gid=1000 0 0
tmpfs /app-cache tmpfs rw,relatime,size=7168k 0 0
none /dev/cpuctl cgroup rw,relatime,cpu 0 0
/dev/block/mmcblk0p9 /system ext4 ro,relatime,barrier=1,data=ordered 0 0
/dev/block/mmcblk0p7 /cache ext4 rw,nosuid,nodev,noatime,barrier=1,data=ordered 0 0
/dev/block/mmcblk0p1 /efs ext4 rw,nosuid,nodev,noatime,barrier=1,data=ordered 0 0
nil /sys/kernel/debug debugfs rw,relatime 0 0
/dev/block/mmcblk0p10 /data ext4 rw,nosuid,nodev,noatime,barrier=1,data=ordered,noauto_da_alloc,discard 0 0
/dev/block/mmcblk0p4 /mnt/.lfs j4fs rw,relatime 0 0
/dev/block/vold/179:11 /mnt/sdcard vfat rw,dirsync,nosuid,nodev,noexec,noatime,nodiratime,uid=1000,gid=1015,fmask=0002,dmask=0002,allow_utime=0020,codepage=cp437,iocharset=iso8859-1,shortname=mixed,utf8,errors=remount-ro,discard 0 0
/ # busybox cat /proc/partitions
major minor #blocks name
179 0 15387648 mmcblk0
179 1 20480 mmcblk0p1
179 2 1280 mmcblk0p2
179 3 1280 mmcblk0p3
179 4 8192 mmcblk0p4
179 5 8192 mmcblk0p5
179 6 8192 mmcblk0p6
179 7 102400 mmcblk0p7
179 8 16384 mmcblk0p8
179 9 524288 mmcblk0p9
179 10 2097152 mmcblk0p10
179 11 12066816 mmcblk0p11
179 12 524288 mmcblk0p12
[/SIZE]
Download These Partition Tools
I have collected the above three tools into one ZIP package
that you can download HERE. << WIP TBA >>
Download the ZIP containing parted HERE.
(Do not use/push/install anything else than "parted", as they may
already be present on your system, or in Busybox.)
The gptfdisk binary is rather large (~1.5 MB) as it is statically compiled.
It would be nice if someone could create an NDK based dynamic binary.
Download the binary HERE. (SourceForge, Info)
darkspr1te have collected even more (statically compiled) tools in his
post #13, that can be downloaded HERE.
! WARNING !
Be careful with parted, make sure you tell it to "Ignore" any errors it might
find. Also you have to type "quit" to get it to exit from interactive mode.
Similarly, you'll probably also get various scary warnings when using gdisk.
Same thing here. Make sure to ignore, never attempt to repair, unless you know
exactly what you're doing!
You may get other warnings as well, but should always be ignored. This is due
to the fact that many devices are using some kind of hybrid proprietary
MBR/GPT partitioning with accompanying tables. This is especially true for
Qualcomm based devices from Samsung and HTC.
Click to expand...
Click to collapse
Collecting Alternative Information
There are several system commands and files that you can use, that contain
partitioning information. The most common ones are:
Code:
mount
cat /proc/mtd
cat /proc/mounts
cat /proc/partitions
cat /proc/emmc
busybox fdisk -l /dev/block/mmcblk0
parted -l /dev/block/mmcblk0
gdisk -l /dev/block/mmcblk0
[You will probably need to modify these to suit your particular storage device.]
Another useful place for info is in the Kernel and debug messages output.
However, these commands need to be performed as soon as possible after a
reboot, since the message log is a ring-buffer of only 4K. (Meaning it will soon
overwrite itself.)
Code:
dmesg |grep "mmc"
dmesg |grep "partition"
cat /proc/kmesg >/path-to-your-writeable-area/kmesg.log
Collecting Partition Tables while Flashing
(Root not required)
You can also collect very detailed partition table layout while flashing new firmware (using Windows).
Thanks to attentive users: @IGGYVIP and @Antagonist42 we show in Post#51 and beyond, how you
can use SysInternals DebugView tool, to collect interesting debug information while flashing.
Partition Table: Samsung Galaxy S3 (SCH-I535)
So to be a good example, let me start to post the complete partition table
for the US Verizon, Samsung Galaxy S3 (SCH-I535). It was probably obtained
from a screenshot of one of Samsung's internal documents, not available for
public scrutiny. I then had to add additional information from other peoples
devices to complete the details. Still, it is likely there will be some
variations due to hardware and updated firmware etc. But it does serve as a
great and informative example of a top-of-the-line Android partition table.
So to follow my own instructions:
Code:
[SIZE=2]General Device Name: Samsung Galaxy S3
[SIZE=2]Manufacturer[/SIZE] Product Name: SCH-I535
Processor: Qualcomm Snapdragon 4S+ (MSM8960)
AOS version: Android GB 4.0.4
Radio FW version: <na>
System FW version: <na>
Service Provider/ Branding: Verizon
Country: USA
[/SIZE]
One guy listed the output of parted as:
Code:
[SIZE=2]Disk /dev/block/mmcblk0: 31268536320B
Sector size (logical/physical): 512B/512B
Partition Table: gpt
-------------------------------------------------------------------------------
Number Start End Size FS-Type Name Flags
-------------------------------------------------------------------------------
1 4194304B 67108863B 62914560B modem
2 67108864B 67239935B 131072B sbl1
3 67239936B 67502079B 262144B sbl2
4 67502080B 68026367B 524288B sbl3
5 68026368B 70123519B 2097152B aboot
6 70123520B 70647807B 524288B rpm
7 70647808B 81133567B 10485760B boot
8 81133568B 81657855B 524288B tz
9 81657856B 82182143B 524288B pad
10 82182144B 92667903B 10485760B param
11 92667904B 106954751B 14286848B ext4 efs
12 106954752B 110100479B 3145728B modemst1
13 110100480B 113246207B 3145728B modemst2
14 113246208B 1686110207B 1572864000B ext4 system
15 1686110208B 30337400831B 28651290624B ext4 userdata
16 30337400832B 30345789439B 8388608B ext4 persist
17 30345789440B 31226593279B 880803840B ext4 cache
18 31226593280B 31237079039B 10485760B recovery
19 31237079040B 31247564799B 10485760B fota
20 31247564800B 31253856255B 6291456B backup
21 31253856256B 31257001983B 3145728B fsg
22 31257001984B 31257010175B 8192B ssd
23 31257010176B 31262253055B 5242880B grow
[/SIZE]
But according to the anonymous Samsung document image, we have:
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
[Converted to text using the free online OCR tool.]
From this I constructed the following partition table:
Code:
[SIZE=2]Part# Name Type Flag Start(hex) Start(dec) Length(dec) Length(hex) Size Description
-------------------------------------------------------------------------------------------------------------------------------------------
0 GPT 00000000 0 34 0000022 0 GUID Partition Table
1 MODEM FAT32X pr 00002000 8,192 122,880 001E000 60 CP Binary
2 SBL1 *pr 00020000 131,072 256 0000100 .1 Secondary Bootloader 1
3 SBL2 pr 00020100 131,328 512 0000200 .3 Secondary Bootloader 2
4 SBL3 pr 00020300 131,840 1024 0000400 .5 Secondary Bootloader 3
5 ABOOT r 00020700 132,864 4096 0001000 2 AP Bootloader
6 RPM r 00021700 136,960 1024 0000400 .5 Resource and Power Manager
7 BOOT r 00021800 137,984 20,480 0005000 10 Kernel + Ramisk
8 TZ r 00026800 158,464 1024 0000400 .5 Trust Zone
9 PIT 00026F00 159,488 1024 0000400 .5 Partition Information Table
10 PARAM 00027300 160,512 20,480 0005000 10 Parameter Block
11 EFS EXT4 0002C300 180,992 27,904 0006D00 13.6 EFS Partition
12 MODEMST1 00033000 208,896 6,144 0001800 3 Modem Storage 1 (NV data)
13 MODEMST2 00034800 215,040 6,144 0001800 3 Modem Storage 2 (NV data)
14 SYSTEM EXT4 00036000 221,184 3,072,000 02EE000 1500 Android Platform
15 USERDATA EXT4 00324000 3,293,184 55,959,552 355E000 27324 Application & User Data
16 PERSIST EXT4 03882000 59,252,736 16,384 0004000 8 Persist
17 CACHE EXT4 03886000 59,269,120 1,720,320 01A4000 840 Cache
18 RECOVERY r 03A2A000 60,989,440 20,480 0005000 10 Recovery
19 FOTA 03A2F000 61,009,920 20,480 0005000 10 FOTA backup partition
20 BACKUP 03A34000 61,030,400 12,288 0003000 6 NV data backup partition
21 FSG 03A37000 61,042,688 6,144 0001800 3 Modem Storage "Golden Copy"
22 SSD 03A38800 61,048,832 16 0000010 0 Secure Software Download
23 GROW 03A38810 61,048,848 5 0000005 0 Grow
-------------------------------------------------------------------------------------------------------------------------------------------
Part : Is the eMMC partition number and mounted under "mmcblk0<#>"
Type : Partition Type (By Name or by ID (hex) if unknown. See list below.)
Flag : Special partition flags, such as: boot (*), read only (r), primary partition (p).
Length: Number of blocks (sectors) in partition
Size : Approximate partition size in MB
[B]NOTE[/B]: The block size is 512 bytes.
[/SIZE]
What does it all mean?
Here I give a general description to the various partitions. Most of them have
been determined, but some still remain somewhat mysterious. But there are
Terabytes written about various partition schemes and file systems etc, but
some good sources for our purpose are found on Wikipedia and Microsoft.
But the most important thing to understand, is that most of the technical
ingredients (as show in the previous post) is hardware dependent. Thus the
Android partition schemes depend on the processor / modem combination and
their firmware, and thus also the kernel, to some extent.
Some key info can be found here:
http://en.wikipedia.org/wiki/GUID_Partition_Table
http://en.wikipedia.org/wiki/Master_boot_record
http://en.wikipedia.org/wiki/Extended_Boot_Record
http://en.wikipedia.org/wiki/Host_Protected_Area
Trouble shooting Disks and Filesystems (Microsoft)
Using GPT Drives (Microsoft)
General Android Partition Description (Qualcomm MSM8960)
The function and content of many of the partitions are not very well
described, nor easily found in one place. Here are some further details,
that apply primarily to Qualcomm Snapdragon S4/+ based Android devices.
However, Windows Phones using these these SoC's should have a very similar
partition structures, but with different names.
For details about: RPM (PBL), SBL1, SBL2, SBL3, TZ and ABOOT (APPSBL), please
see this and this thread, where they are extensively discussed and described.
GPT: See section on PIT and GPT "partitions" below.
BACKUP: This partition should contain a copy of MODEMST2. Whether it does or
not, is described in the PARAM partition.
BOOT: This is the partition that enables the phone to boot, as the name
suggests. It includes the kernel and the ramdisk. Without this partition, the
device will simply not be able to boot. Wiping this partition from recovery
should only be done if absolutely required and once done, the device must NOT
be rebooted before installing a new one, which can be done by installing a ROM
that includes a /boot partition.
CACHE: Contain the firmware update package which is downloaded from server,
and the recovery log file. Other uses include storage for frequently accessed
data and application components. Wiping the cache doesn’t effect your personal
data but simply gets rid of the existing data there, which gets automatically
rebuilt as you continue using the device.
DATA / USERDATA: This partition contains the user's data – this is where your
contacts, messages, settings and apps that you have installed go. Wiping this
partition essentially performs a factory reset on your device, restoring it to
the way it was when you first booted it, or the way it was after the last
official or custom ROM installation. When you perform a wipe data/factory
reset from recovery, it is this partition that you are wiping.
EFS: The Android EFS partition stores all your phones important, but
accessible, hardware data, such as WiFi/BlueTooth MAC's, IMEI (or ESN for a
CDMA based device) and some others.
FOTA: Is the Firmware Over The Air partition. After the update package has
been downloaded from the server it is saved into the CACHE partition. After
that the userspace application that does the download writes a special cookie
into the FOTA partition. This cookie tells the bootloaders to take the
necessary steps to boot into recovery mode
FSG: Probably stands for File System (FS) "Golden". According to Samsung
documentation, this partition is a "Golden Copy". This is partially confirmed
by RE of the PARAM partition, which indicate that this partition should contain
a copy of MODEMST1. As such it is a backup of the current EFS2 filesystem.
The creation of a FSG is not supported on flash devices and the internal (QMI)
DIAG request "EFS2_DIAG_MAKE_GOLDEN_COPY", can only be used to
create a backup one time over the life of the device. [80-V1294-11]
GROW: << unknown >>
MISC: This partition contains miscellaneous system settings in form of on/off
switches. These settings may include CID (Carrier or Region ID), USB
configuration and certain hardware settings etc. This is an important
partition and if it is corrupt or missing, several of the device’s features
will will not function normally. Not all devices have this partition.
PARAM: This is the Parameter partition which contains a number of parameters,
variables and settings of the hardware. Apparently it has an 88 byte header
structure that tell us if the MODEMST1 and MODEMST2 have been backed up to the
FSG and BACKUP partitions, respectively. Furthermore it contain all the debug
settings (DLOW/DMID/DHIG etc), the "triangle" status of whether or not you have
flashed custom ROMs and the flash count (0x3FFE00). Current boot mode in use,
and much more. The info about this partition could easily occupy a book by
itself.
PERSIST: << unknown >> The use of this partition is unknown and apparently
only exists on Qualcomm based devices.
PIT: See below.
RECOVERY: Holds the recovery boot image. When updating the system we boot
into recovery mode by using the boot image stored in this partition. It lets
you boot the device into a recovery console for performing advanced recovery
and maintenance operations on it.
SSD: "Secure Software Download" is a memory based file system (RAMFS) for
secure storage, used to download and store "who knows what" on the eMMC. It is
a referenced part in the Remote Storage RPC Client of the MSM kernel.
SYSTEM: This partition basically contains the entire operating system, other
than the kernel and the ramdisk. This includes the Android user interface as
well as all the system applications that come pre-installed on the device.
Wiping this partition will remove Android from the device without rendering it
unbootable, and you will still be able to put the phone into recovery or
bootloader mode to install a new ROM.Older Types of Qualcomm Partitions
Code:
DBL Device Boot Loader (loads OSBL)
OSBL Operating System Boot Loader (loads AMSS)
AMSS Advanced Mobile Subscriber Software (Qualcomm CP FW)
EMMCBOOT Embedded MMC (eMMC) boot (loads EMMCBOOT)
ADSP AP (Application Processor) DSP (Qualcomm DSP FW)
Qualcomm Partition Type Cross Reference
When inspecting the partitioning of the eMMC's used by Qualcomm Snapdragon based
hardware, we see that they tend to use different partition types, for their
different partitions depending on their function. For example, for the MSM8960
SoC/PoP, we often find the following partition ID's, when inspected by
mounting the device with on linux PC. This seem to remain fairly consistent across
all their Snapdragon class/based devices.
Code:
[SIZE=2]ID Type Label oldLabels Filename(s) Description
-----------------------------------------------------------------------
05 EXT -- -- -- Extended partition
0C FAT32X MODEM FAT non-hlos.bin
45 SBL3 sbl3.mbn
46 TZ OEMSBL tz.mbn, osbl.mbn
47 RPM rpm.mbn
48 BOOT boot.img
4A MODEM_ST1 --
4B MODEM_ST2 --
4C ABOOT emmc_appsboot.mbn
4D Boot SBL1 CFG_DATA sbl1.mbn, dbl.mbn
51 SBL2 sbl2.mbn
58 FSG --
5D ??HTC
60 RECOVERY recovery.img
64 ?BOOT1 --
65 "misc" misc.img
83 EXT4 [1] // // Native Linux
-----------------------------------------------------------------------
[1] This is a standard linux partition of any EXT2/3/4 type, thus there
are many different labels used here.
[/SIZE]
Some additional partition IDs found from their CodeAurora sources in
[kernel/msm][arch/arm/mach-msm/rmt_storage_client.c]:
Code:
4A /boot/modem_fs1 RAMFS_MODEMSTORAGE_ID
4B /boot/modem_fs2 "
58 /boot/modem_fsg "
59 q6_fs1 RAMFS_MDM_STORAGE_ID
5A q6_fs2 "
5B q6_fsg "
5D ssd RAMFS_SSD_STORAGE_ID
Thus we can conclude that most of the standard (but outdated) MBR definitions
of partition type ID's are no longer valid, but used as an identifier for
various sub-system software.
From another document [80-VP120-1 Rev.K] the Secure Boot 3.0 based devices use MBR partition types as shown below:
However, this document is from 2010 and may not be up-to-date with what you have.
Check your kernel sources!
Additional eMMC types:
Code:
0x0b - FAT32
0x0c - FAT32L
0x0e - FAT16
The PIT & GPT "partitions"
<< WIP >>
Your (signed) 32 GB PIT file can be extracted with:
Code:
dd if=/dev/block/mmcblk0 of=/sdcard/out.pit bs=8 count=481 skip=2176
And the GPT with:
Code:
dd if=/dev/block/mmcblk0 of=/sdcard/gpt.bin bs=8 count=2176
That is, 0x200 bytes for the protective MBR, 0x200 bytes for the GPT header,
and 128 x 128 bytes GPT partition headers = 0x4400 bytes for the full GPT block.
The PIT file contains partition names (BOOT), the names of the files that go
in them (boot.img), the size of each partition, the partition ID (7), and any flags (RO).
The GPT contains the physical layout for the partitions in memory and reads all the info from the PIT to fill in the blanks.
<< To Be Continued... >>
eMMC/SSD A Brief Introduction
I find it useful to understand, that from the low-level point of view, an eMMC and SSD are essentially
the same. An SSD is basically a huge eMMC, but where the NAND chips are used in parallel, similar to
a Raid-0 configuration, but with an added DRAM cache buffer and a SATA interface operating at 5V.
So, apart from the more advanced microcontroller, the wear-leveling etc. works in the same way.
The most important and relevant documents are those of the JEDEC standard.
However, our device conforms to (JESD84) v4.41 and not v4.51, AFAIK.
"JEDEC: Embedded MultiMediaCard(eMMC) Product Standard..." (JESD84-A441)
"JEDEC: Embedded MultiMediaCard(eMMC) Electrical Standard" (JESD84-B451)
"eMMC v4.41 and v4.5" (JDEC presentation by Victor Tsai)
DataLight on Bad Block Management (BBM)
"Bad block management (BBM) is a critical component of NAND flash drivers to
improve the reliability and endurance of the flash. NAND is shipped from the
factory with 'mostly good' cells, meaning there are some cells that are
non-functional even when the flash is new. Blocks can also go bad over time,
causing loss of data stored in the flash memory or even a bricked device."
NAND Flash Longvity
"Flash life is limited to the number of erase cycles for which your part is
rated. By distributing write/erase cycles evenly throughout the flash, a
properly executed wear-leveling algorithm can more than double the life of
your product. FlashFX Pro uses both static and dynamic wear-leveling to
achieve 133% longer life than MSFlash, the flash manager found in Windows CE
and WindowsMobile. The charts below show a test comparison between a FlashFX
Pro disk and one using MSFlash. Flash disks read and write data in a grid of
erase blocks. Once a block reaches its maximum rated erase count, the flash is
at risk of lost or corrupted data, becoming a "broken" device. For this test,
we recorded the erase counts by block and applied a heat map ranging from
white (lowest use) to green (medium use), to black (highest use). As the
heatmap shows, the MSFlash disk contains many blocks that are well over their
rated lifespan, while other blocks are barely used. The FlashFX Pro disk shows
what happens when proper wear-leveling algorithms are employed. All blocks are
evenly worn and within a tight range of erase counts, making your handheld
last more than twice as long, and protecting the reputation for durability
you've worked hard for."
Read-Write Operation [from Linaro site]
"Flash parts are commonly divided into partitions, which allows multiple
operations to occur simultaneously (erasing one partition while reading from
another). Partitions are further divided into blocks (commonly 64KB or 128KB
in size). The only Write operation permitted on a flash memory device is to
change a bit from a one to a zero. If the reverse operation is needed, then
the block must be erased (to reset all bits to the one state). NOR flash
memory can typically be programmed a byte at a time, whereas NAND flash memory
must be programmed in multi-byte bursts (typically, 512 bytes)"
Basic Wear Leveling
MLC devices typically support fewer than 10,000 program/erase (PE) cycles. So
if you erased and reprogrammed a block every minute, you would exceed the 10K
cycling limit in just 7 days!
Code:
60 × 24 × 7 = 10,080 (cycles/block)
So rather than cycling (re-programming) the same block, wear-leveling moves
data around to other blocks so that blocks are more evenly cycled.
Example: An 8GB eMMC MLC-based device
This device has 4096 independent blocks. So if we took the previous example
and distributed the cycles over all 4,096 blocks, each block would have been
programmed fewer than three times. (10,000/4096 = 2.44 [cycles/block/per
week]) (versus the 10,800 cycles when you cycle the same block)
So if we cycle some block once every minute, we have:
Code:
1 [cycles/min] × 60 [min/hr] × 24 [hr/day] × 365 [day/year] = 525,600 [cycles/year]
But with the new block cycling restraint (mechanism), we have that each data block:
Code:
Max data block-cycles =
4096 [blocks] × 10,000 [cycles/block] = 40,960,000 [cycles]
So that the total time to use up all cycles is:
Code:
40,960,000 [cycles] / 525,600 [cycles/year] = 77.9 [years]
So if we have perfect wear leveling on a 4,096 block device, we could could
erase and program a block every minute, every day, for 77 years.
[Examples taken from Cooke WinHEC presentation.]
Mooore
However, this is far from what can be expected. For example, the guaranteed
cycle count may apply only to block zero (as is the case with TSOP NAND
devices). And accrding to WikiPedia, "MLC NAND flash used to be rated at about
5–10K cycles (Samsung K9G8G08U0M) but is now typically 1–3K cycles"
According to THIS very informative page, "34nm MLC NAND is good for 5,000
write cycles, while 25nm MLC NAND lasts for only 3,000 write cycles."
Then there is the possibility of "read disturb", The method used to read NAND
flash memory can cause nearby cells to change over time if the surrounding
cells of the block are not rewritten. This is generally on the order of ~100K
reads without a rewrite of those cells. The error does not appear when reading
the original cell, but shows up when finally reading one of the surrounding
cells.
Then there is Write Amplification (WA): [for SSD but also applicable to us]
"An undesirable phenomenon associated with flash memory and solid-state drives
(SSDs) where the actual amount of physical information written is a multiple
of the logical amount intended to be written. Because flash memory must be
erased before it can be rewritten, the process to perform these operations
results in moving (or rewriting) user data and metadata more than once. This
multiplying effect increases the number of writes required over the life of
the SSD which shortens the time it can reliably operate. The increased writes
also consume bandwidth to the flash memory which mainly reduces random write
performance to the SSD."
Write amplification is typically measured by the ratio of writes coming from
the host system and the writes going to the flash memory. A lower write
amplification is more desirable, as it corresponds to a reduced number of P/E
cycles on the flash memory and thereby to an increased NAND life,
Then there is Over-provisioning (OP), which is the difference between the
physical capacity of the flash memory and the logical capacity presented through
the operating system as available for the user. During the garbage collection,
wear-leveling, and bad block mapping operations on the SSD, the additional space
from over-provisioning helps lower the write amplification when the controller
writes to the flash memory.
Vocabulary:
MLC = Multi Level Cell: NAND stores four states per memory cell and enables two bits programmed/read per memory cell
SLC = Single Level Cell: NAND stores two states per memory cell and enables one bit programmed/read per memory cellenables cell
What does all this mean?
Well, it means a lot! Here are just a few things:
We have to use host-based disk encryption to ensure we don't leave private data on eMMC/SSD.
(Re-formatting and erasure just doesn't work, as ensured by internal wear-leveling, unless
secure erase is enabled permanently. But this is not yet supported in older JEDEC!)
We should always choose the largest available memory device to maximize life.
We should have the source code and eMMC specifications to verify device specifications
and the proper handling and quick resolution of future bugs.
Cheers!
Samsung Galaxy Note (SHV-E160L)
Thanks to the excellent work of darkspr1te in this thread and post,
we have both full partition-table info and bootloader-level recovery.
Code:
[SIZE=2]General Device Name: Samsung Galaxy Note LTE
[SIZE=2]Manufacturer Product Name: SHV-E160L
[/SIZE]Processor: Qualcomm Snapdragon 4S+ (MSM8960) ?
AOS version: ICS 4.0.4 ?
Radio FW version: <na>
System FW version: <na>
Radio Service: CDMA/LTE ?
Network / Carrier: LGU+
Country: Korea
Similar Device: Samsung Galaxy Note SCH-I717 (Verizon)
[/SIZE]
Then the following partition table was constructed from fdisk output and various other info:
Code:
[SIZE=2]Device Boot Start End Blocks FS_id FS-type Name ImageName
-----------------------------------------------------------------------------------------------------------------------
/dev/sdc1 1 204800 102400 c W95 FAT32 (LBA) SMD_HDR smd_header.mbn
/dev/sdc2 * 204801 205800 500 4d QNX4.x SBL1 sbl1.mbn
/dev/sdc3 205801 208800 1500 51 OnTrackDM6Aux1 SBL2 sbl2.mbn
/dev/sdc4 208801 208801 0 5 Extended EXT ebr.mbn
/dev/sdc5 212992 213991 500 47 Unknown RPM rpm.mbn
/dev/sdc6 221184 225279 2048 45 Unknown SBL3 sbl3.mbn
/dev/sdc7 229376 234375 2500 4c Unknown ABOOT aboot.mbn
/dev/sdc8 237568 258047 10240 48 Unknown BOOT boot.img
/dev/sdc9 262144 263143 500 46 Unknown TZ tz.mbn
/dev/sdc10 270336 271335 500 5d Unknown SSD
/dev/sdc11 278528 279527 500 91 Unknown PIT Shv-e160l.pit
/dev/sdc12 286720 307199 10240 93 Amoeba PARAM param.lfs
/dev/sdc13 311296 511999 100352 c W95 FAT32(LBA) MODEM amms.bin
/dev/sdc14 516096 522239 3072 4a Unknown MSM_ST1 efs.img
/dev/sdc15 524288 530431 3072 4b Unknown MSM_ST2
/dev/sdc16 532480 538623 3072 58 Unknown MSM_FSG
/dev/sdc17 540672 741375 100352 8f Unknown MDM mdm.bin
/dev/sdc18 745472 751615 3072 59 Unknown M9K_EFS1 efsclear1.bin
/dev/sdc19 753664 759807 3072 5a Unknown M9K_EFS2 efsclear2.bin
/dev/sdc20 761856 767999 3072 5b Unknown M9K_FSG
/dev/sdc21 770048 790527 10240 ab Darwin boot DEVENC enc.img.ext4
/dev/sdc22 794624 815103 10240 60 Unknown RECOVERY recovery.img
/dev/sdc23 819200 839679 10240 94 Amoeba BBT FOTA
/dev/sdc24 843776 3911679 1533952 a5 FreeBSD SYSTEM system.img.ext4
/dev/sdc25 3915776 8114175 2099200 a6 OpenBSD USERDATA userdata.img.ext4
/dev/sdc26 8118272 8736767 309248 a8 Darwin UFS CACHE cache.img.ext4
/dev/sdc27 8740864 9005055 132096 a9 NetBSD TOMBSTONES tomb.img.ext4
/dev/sdc28 9011200 10035199 512000 95 Unknown HIDDEN hidden.img.ext4
/dev/sdc29 10035200 30777343 10371072 90 Unknown UMS ums.rfs
[/SIZE]
Note: This table has not yet been fully verified.
HTC One X LTE (US AT&T, Verizon, et.al.)
Most of the following is based on the information given by "Its Reh" in this post.
Code:
General Device Name: HTC One X LTE (US) [aka "HOXL"]
Manufacturer Product Name: HTC One X LTE
Processor: Qualcomm Snapdragon 4S+ (MSM8960)
AOS version: ICS 4.0.4 ?
Radio FW version: <na>
System FW version: <na>
Radio Service: CDMA/LTE ?
Network / Carrier: AT&T, Verizon, + others
Country: US
Similar Device: unknown, possibly HTC One S (US)
But much information have been collected from many other sources, as well. Why all this difficulty?
Because of the many OEM custom modifications of the filesystems used in the
HTC devices, many of the standard partition commands fails to provide complete
and correct information. Thus a combination of the various command output in
addition to other external info, can help us construct a more complete picture
of the (US) HOXL partition table.
It is very important to know that the US HTC One X LTE (HOXL) is very
different from the Chinese HTC One X and the One XL, in the common idiotic
spirit of HTC using the same name for completely different hardware. (There
are probably even more devices in other countries.)
Since the US HOXL is using an older version of the bootloader build-tool we
get the most reliable partition information from the fdisk command. We can
draw this conclusion, based on three observations. (1) Because fdisk complain
that the first 4 (primary) partitions "doesn't end on a cylinder boundary", is
a typical indication of using sparse disk images for partitions p1-4, and the
fact that (2) this partition scheme is still suffering from the HTC
partitioning-loop bug. Which mean you can ignore all partitions >36. Finally
(3), they seem to use it to format a native GPT based (?) eMMC device, using
an MBR-like structure and related tools. This causes gdisk to fail recognizing
the MBR style FS-types and erroneously marks them as a "Linux filesystem"
(8300).
We can also use some of the fastboot commands to show the nature of the eMMC
primary partitions. The command format from (windows) CMD prompt is:
fastboot oem <command>
Code:
[SIZE=2]Command Description
-----------------------------------
list_partition_emmc --> List the primary eMMC partitions (index, type, start, num)
check_emmc_mid --> Check eMMC Manufacterer ID
get_wp_info_emmc --> Show eMMC write protection group size (in blocks?)
get_sector_info_emmc --> Show available eMMC Sectors (free or start?)[/SIZE]
For example, for our device we have:
Code:
[SIZE=2]
C:\adb>fastboot oem get_wp_info_emmc
INFO eMMC write protection group size = 65536[/SIZE] [SIZE=2]
C:\adb>fastboot oem list_partition_emmc[/SIZE] [SIZE=2]
---------------------------------------------------------
(bootloader) index, type, start, num
---------------------------------------------------------
(bootloader) 0, 4D, 1, 100
(bootloader) 1, 51, 101, 200
(bootloader) 2, 5D, 301, 3FCDE
(bootloader) 3, 5, 3FFDF, 1CDF020
---------------------------------------------------------[/SIZE]
The partition table:
Code:
[SIZE=2]# [B]busybox fdisk -l dev/block/mmcblk0[/B]
[output slightly edited, nothing removed]
-------------------------------------------------------------------------------
Warning: deleting partitions after 60
Disk dev/block/mmcblk0: 15.6 GB, 15634268160 bytes
1 heads, 16 sectors/track, 1908480 cylinders
Units = cylinders of 16 * 512 = 8192 bytes
p# Boot Start End Blocks Id System QCname Image
--------------------------------------------------------------------------------------
1 * E! 1 17 128 4d Unknown SBL1 sbl1-x.img
2 E! 17 49 256 51 Unknown SBL2 sbl2.img
3 E! 49 16382 130671 5d Unknown
4 E! 16382 1908480 15136784 5 Extended EXT --
5 16383 16384 16 5a Unknown
6 16385 16417 256 73 Unknown
7 16417 18364 15577+ 5b Unknown
8 18364 18396 256 5c Unknown
9 18396 18524 1024 45 Unknown SBL3 sbl3.img
10 18524 18556 256 47 Unknown
11 18556 18812 2048 46 Unknown TZ tz.img
12 18812 18940 1024 4c Unknown HBOOT hboot_8960_X_Y_Z.img
13 18940 18944 32 0 Empty
14 18944 19712 6144 34 Unknown SPLASH splash1.nb0
15 19712 19840 1024 36 Unknown
16 19840 19968 1024 0 Empty "dsps"
17 19968 25728 46080 77 Unknown radio.img
18 25729 27008 10240 7a Unknown adsp.img
19 27009 27649 5120 0 Empty wcnss.img
20 27649 28672 8190+ 74 Unknown "radio_config"
21 28673 30720 16384 48 Unknown "boot"
22 30721 32768 16383+ 71 Unknown recovery_signed.img
23 32769 32896 1022+ 76 Unknown "misc"
24 32896 33408 4096 4a Unknown MODEMST1 "modem_st1"
25 33409 33920 4096 4b Unknown MODEMST2 "modem_st2"
26 33921 36481 20480 19 Unknown "devlog"
27 36481 36481 4 0 Empty
28 36481 36513 256 23 Unknown "pdata"
29 36513 36515 16 0 Empty
30 36515 36675 1280+ 0 Empty "local"
31 36675 36683 64 0 Empty "extra"
32 36684 49152 99752 0 Empty
33 49153 262144 1703935 83 Linux SYSTEM "system"
34 262145 294912 262143+ 83 Linux CACHE "cache"
35 294913 606208 2490367+ 83 Linux "userdata"
36 606209 1908480 10418176 c FAT32(LBA) "fat"
...
-------------------------------------------------------------------------------
Where:
"p#" = dev/block/mmcblk0p#
"E!" = Partition X does not end on cylinder boundary.
"X" = HBOOT version
"Y" = HBOOT date
"Z" = HBOOT "signed" + build
-------------------------------------------------------------------------------
[/SIZE]
This is still to be verified and considered WIP...
Samsung LED TV ES-5700 (5/6 Series) (EU)
Partition tables are not only reserved to PCs and Smartphones,
here's a great example of a modern TV set, that runs on an ARM
processor and a Samsung modified Linux based OS, called VDLinux.
Most of these devices also run applications that can be downloaded,
and hacked...
Code:
Model: [COLOR=Navy][B]UE40ES5700[/B][/COLOR]SXXH
Panel Code: BN41-01812A
Panel Type: 40A6AF0E
SW: T-MST10PDEUC-[B]1027.1[/B]
Hub FW: T-INFOLINK2012-1008
Processor: MStar X10P, 900 MHz (ARM core)
Linux base: 2.6.35.11
VDLinux Kernel: 0064
VDLinux Patch: 0716
Code branch: DEU_BRANCH
The partition table layout is auto generated in the partition.txt file
(accompanied in the Firmware update image.)
Here is an edited (for readability) version:
Code:
[SIZE=2]
pID device_name size image_name type upgrade partition_map mount_path block_size
------------------------------------------------------------------------------------------------------------------
0 /dev/mmcblk0p0 524288 onboot.bin MLC NONE BOOTLOADER0 -- 1048576
1 /dev/mmcblk0p1 524288 u-boot.bin MLC NONE BOOTLOADER1 -- 1048576
2 /dev/mmcblk0p2 6291456 uImage MLC USER KERNEL0 -- 1048576
3 /dev/mmcblk0p3 4718592 rootfs.img MLC USER RFS0 -- 1048576
4 /dev/mmcblk0p4 0 ex_partition MLC NONE -- -- 1048576
5 /dev/mmcblk0p5 6291456 uImage MLC USER KERNEL1 -- 1048576
6 /dev/mmcblk0p6 4718592 rootfs.img MLC USER RFS1 -- 1048576
7 /dev/mmcblk0p7 8192 sign0.bin MLC NONE SECUREMAC0 -- 1048576
8 /dev/mmcblk0p8 8192 sign1.bin MLC NONE SECUREMAC1 -- 1048576
9 /dev/mmcblk0p9 8192 VD-HEADER MLC NONE -- -- 1048576
10 /dev/mmcblk0p10 3145728 -- MLC NONE -- mtd_drmregion_a 1048576
11 /dev/mmcblk0p11 3145728 -- MLC NONE -- mtd_drmregion_b 1048576
12 /dev/mmcblk0p12 73400320 -- MLC NONE -- mtd_rwarea 1048576
13 /dev/mmcblk0p13 125829120 exe.img MLC USER EXE0 mtd_exe 1048576
14 /dev/mmcblk0p14 125829120 exe.img MLC USER EXE1 mtd_exe 1048576
15 /dev/mmcblk0p15 83886080 appext.img MLC USER APP_DATA0 mtd_appext 1048576
16 /dev/mmcblk0p16 83886080 appext.img MLC USER APP_DATA1 mtd_appext 1048576
17 /dev/mmcblk0p17 262144000 rocommon.img MLC OTHER CONTENT0 mtd_rocommon 1048576
18 /dev/mmcblk0p18 104857600 emanual.img MLC OTHER CONTENT1 mtd_emanual 1048576
19 /dev/mmcblk0p19 52428800 -- MLC NONE -- mtd_contents 1048576
20 /dev/mmcblk0p20 10485760 -- MLC NONE -- mtd_swu 1048576
21 /dev/mmcblk0p21 1049075712 rwcommon.img MLC NONE -- mtd_rwcommon 1048576
------------------------------------------------------------------------------------------------------------------
[/SIZE]
To print partitions using debug service interface:
Code:
[SIZE=2][TOP Debug Menu]
--> (2) "Platform Print Setting" --> [Platform Debug List]
--> (1) "Basic Platform" --> [BP Debug Module]
--> (92) "System Debug" --> [System Debug Menu]
--> (4) "Check Total File System"
[/SIZE]
Then you'll get this:
Code:
[SIZE=2]-------------------------------------------------------------------
File system Type Total Used Avail Use% Mounted on
-------------------------------------------------------------------
rootfs rootfs 4208K 4208K 0K 100.00% /
/dev/root squashfs 4208K 4208K 0K 100.00% /
proc proc 0K 0K 0K 0.00% /proc
sysfs sysfs 0K 0K 0K 0.00% /sys
tmpfs tmpfs 248M 8K 248M 0.00% /dev/shm
tmpfs tmpfs 40960K 12K 40948K 0.03% /dtv
tmpfs tmpfs 36864K 8K 36856K 0.02% /tmp
tmpfs tmpfs 12288K 0K 12288K 0.00% /dsm
tmpfs tmpfs 30720K 0K 30720K 0.00% /core
/dev/mmcblk0p13 squashfs 96256K 96256K 0K 100.00% /mtd_exe
none cgroup 0K 0K 0K 0.00% /sys/fs/cgroup
/dev/mmcblk0p12 rfs 70824K 4548K 66276K 6.42% /mtd_rwarea
/dev/mmcblk0p10 rfs 2872K 170K 2702K 5.92% /mtd_drmregion_a
/dev/mmcblk0p11 rfs 2872K 170K 2702K 5.92% /mtd_drmregion_b
/dev/mmcblk0p15 squashfs 45568K 45568K 0K 100.00% /mtd_appext
/dev/mmcblk0p17 squashfs 110M 110M 0K 100.00% /mtd_rocommon
/dev/mmcblk0p19 rfs 49992K 32K 49960K 0.06% /mtd_contents
/dev/mmcblk0p21 rfs 927M 313M 614M 33.80% /mtd_rwcommon
/dev/mmcblk0p18 rfs 98M 84096K 17024K 83.16% /mtd_emanual
/dev/mmcblk0p20 rfs 9896K 4K 9892K 0.04% /mtd_swu
none usbfs 0K 0K 0K 0.00% /proc/bus/usb
-------------------------------------------------------------------
Unit : B=1024^0, K=1024^1, M=1024^2, G=1024^3, T=1024^4
[/SIZE]
[See SamyGo for all the juicy details of how to hack your Samsung TV!]
Samsung Galaxy Camera (EK-GC100)
Preliminary partition table from this post.
Code:
[SIZE=2]
p# ID Att FOTA Size Count Name Filename
-------------------------------------------------------------------------------
#0 80 2 1 0 1734 BOOTLOADER sboot.bin
#1 81 5 1 1734 312 TZSW tz.img
#2 70 5 1 34 16 PIT camera.pit
#3 71 5 1 50 2048 MD5HDR md5.img
#4 1 5 1 8192 8192 BOTA0 -
#5 2 5 1 16384 8192 BOTA1 -
#6 3 5 5 24576 40960 EFS efs.img
#7 4 5 1 65536 16384 PARAM param.bin
#8 5 5 1 81920 16384 BOOT boot.img
#9 6 5 1 98304 16384 RECOVERY recovery.img
#10 7 5 1 114688 65536 RADIO modem.bin
#11 8 5 5 180224 2097152 CACHE cache.img
#12 9 5 5 2277376 3145728 SYSTEM system.img
#13 10 5 5 5423104 737280 HIDDEN hidden.img
#14 11 5 1 6160384 16384 OTA -
#15 12 5 5 6176768 409600 TDATA -
#16 13 5 5 6586368 0 USERDATA userdata.img
-------------------------------------------------------------------------------
ID: partition identifier
Att: "2" = STL Read-Only, "5" = Read/Write
FOTA: Update (1 = ??, 5 = ??)
Size: Block size ?
Count: Block Count ?
Name: Samsung partition name
-------------------------------------------------------------------------------
[/SIZE]
The p# is not necessarily that found on your device. This is preliminary info, not verified or checked.
this is partition table of Galaxy Wonder GT-i8150 (ancora)
Code:
Number Start (sector) End (sector) Size Code Name
1 1 212991 104.0 MiB 0700 Microsoft basic data
2 212992 213991 500.0 KiB 8300 Linux filesystem
3 213992 221183 3.5 MiB 8300 Linux filesystem
5 229376 239615 5.0 MiB 8300 Linux filesystem
6 245760 285759 19.5 MiB 8300 Linux filesystem
7 286720 292863 3.0 MiB 8300 Linux filesystem
8 294912 306175 5.5 MiB 8300 Linux filesystem
9 311296 324271 6.3 MiB 8300 Linux filesystem
10 327680 333823 3.0 MiB 8300 Linux filesystem
11 335872 342015 3.0 MiB 8300 Linux filesystem
12 344064 360447 8.0 MiB 8300 Linux filesystem
13 360448 375807 7.5 MiB 8300 Linux filesystem
14 376832 387071 5.0 MiB 8300 Linux filesystem
15 393216 1488895 535.0 MiB 8300 Linux filesystem
16 1490944 1613823 60.0 MiB 8300 Linux filesystem
17 1613824 3887103 1.1 GiB 8300 Linux filesystem
18 3891200 3993599 50.0 MiB 8300 Linux filesystem
19 3997696 3998695 500.0 KiB 8300 Linux filesystem
20 4005888 4013079 3.5 MiB 8300 Linux filesystem
21 4014080 4024319 5.0 MiB 8300 Linux filesystem
22 4030464 4070463 19.5 MiB 8300 Linux filesystem
23 4071424 4081663 5.0 MiB 8300 Linux filesystem
24 4087808 4101807 6.8 MiB 8300 Linux filesystem
25 4104192 4114431 5.0 MiB 8300 Linux filesystem
26 4120576 4130815 5.0 MiB 8300 Linux filesystem
27 4136960 4147199 5.0 MiB 8300 Linux filesystem
28 4153344 7733247 1.7 GiB 8300 Linux filesystem
may i ask? why is it named Linux filesystem not EFS or etc?
hadidjapri said:
may i ask? why is it named Linux filesystem not EFS or etc?
Click to expand...
Click to collapse
That is the partition type, as determined by the ID 83 or 8300. The actual filesystem in use on those partitions is not shown, as well as the names or descriptions such as system, data, boot, recovery, etc...
Reread the op, 2nd and 3rd posts for more ways to find additional info, like:
Code:
cat /system/proc/mounts
-SLS-
For the Posted SHV-E160L based MSM8660 device, there is a hexdump of the original parition0.bin
Code:
[email protected]:~/Desktop/Samsung/brixfix/partition_load_pt$ hexdump shv-e160l-partition0.bin
0000000 0000 0000 0000 0000 0000 0000 0000 0000
*
00001c0 0000 0092 0000 0001 0000 2000 0003 0080
00001d0 0000 004d 0000 2001 0003 03e8 0000 0000
00001e0 0000 0051 0000 23e9 0003 0bb8 0000 0000
00001f0 0000 0005 0000 2fa1 0003 705f 01d2 aa55
0000200 0000 0000 0000 0000 0000 0000 0000 0000
*
00003c0 0000 0047 0000 105f 0000 03e8 0000 0000
00003d0 0000 0005 0000 0001 0000 0001 0000 0000
00003e0 0000 0000 0000 0000 0000 0000 0000 0000
00003f0 0000 0000 0000 0000 0000 0000 0000 aa55
0000400 0000 0000 0000 0000 0000 0000 0000 0000
*
00005c0 0000 0045 0000 305e 0000 1000 0000 0000
00005d0 0000 0005 0000 0002 0000 0001 0000 0000
00005e0 0000 0000 0000 0000 0000 0000 0000 0000
00005f0 0000 0000 0000 0000 0000 0000 0000 aa55
0000600 0000 0000 0000 0000 0000 0000 0000 0000
*
00007c0 0000 004c 0000 505d 0000 1388 0000 0000
00007d0 0000 0005 0000 0003 0000 0001 0000 0000
00007e0 0000 0000 0000 0000 0000 0000 0000 0000
00007f0 0000 0000 0000 0000 0000 0000 0000 aa55
0000800 0000 0000 0000 0000 0000 0000 0000 0000
*
00009c0 0000 0048 0000 705c 0000 5000 0000 0000
00009d0 0000 0005 0000 0004 0000 0001 0000 0000
00009e0 0000 0000 0000 0000 0000 0000 0000 0000
00009f0 0000 0000 0000 0000 0000 0000 0000 aa55
0000a00 0000 0000 0000 0000 0000 0000 0000 0000
*
0000bc0 0000 0046 0000 d05b 0000 03e8 0000 0000
0000bd0 0000 0005 0000 0005 0000 0001 0000 0000
0000be0 0000 0000 0000 0000 0000 0000 0000 0000
0000bf0 0000 0000 0000 0000 0000 0000 0000 aa55
0000c00 0000 0000 0000 0000 0000 0000 0000 0000
*
0000dc0 0000 005d 0000 f05a 0000 03e8 0000 0000
0000dd0 0000 0005 0000 0006 0000 0001 0000 0000
0000de0 0000 0000 0000 0000 0000 0000 0000 0000
0000df0 0000 0000 0000 0000 0000 0000 0000 aa55
0000e00 0000 0000 0000 0000 0000 0000 0000 0000
*
0000fc0 0000 0091 0000 1059 0001 03e8 0000 0000
0000fd0 0000 0005 0000 0007 0000 0001 0000 0000
0000fe0 0000 0000 0000 0000 0000 0000 0000 0000
0000ff0 0000 0000 0000 0000 0000 0000 0000 aa55
0001000 0000 0000 0000 0000 0000 0000 0000 0000
*
00011c0 0000 0093 0000 3058 0001 5000 0000 0000
00011d0 0000 0005 0000 0008 0000 0001 0000 0000
00011e0 0000 0000 0000 0000 0000 0000 0000 0000
00011f0 0000 0000 0000 0000 0000 0000 0000 aa55
0001200 0000 0000 0000 0000 0000 0000 0000 0000
*
00013c0 0000 000c 0000 9057 0001 1000 0003 0000
00013d0 0000 0005 0000 0009 0000 0001 0000 0000
00013e0 0000 0000 0000 0000 0000 0000 0000 0000
00013f0 0000 0000 0000 0000 0000 0000 0000 aa55
0001400 0000 0000 0000 0000 0000 0000 0000 0000
*
00015c0 0000 004a 0000 b056 0004 1800 0000 0000
00015d0 0000 0005 0000 000a 0000 0001 0000 0000
00015e0 0000 0000 0000 0000 0000 0000 0000 0000
00015f0 0000 0000 0000 0000 0000 0000 0000 aa55
0001600 0000 0000 0000 0000 0000 0000 0000 0000
*
00017c0 0000 004b 0000 d055 0004 1800 0000 0000
00017d0 0000 0005 0000 000b 0000 0001 0000 0000
00017e0 0000 0000 0000 0000 0000 0000 0000 0000
00017f0 0000 0000 0000 0000 0000 0000 0000 aa55
0001800 0000 0000 0000 0000 0000 0000 0000 0000
*
00019c0 0000 0058 0000 f054 0004 1800 0000 0000
00019d0 0000 0005 0000 000c 0000 0001 0000 0000
00019e0 0000 0000 0000 0000 0000 0000 0000 0000
00019f0 0000 0000 0000 0000 0000 0000 0000 aa55
0001a00 0000 0000 0000 0000 0000 0000 0000 0000
*
0001bc0 0000 008f 0000 1053 0005 1000 0003 0000
0001bd0 0000 0005 0000 000d 0000 0001 0000 0000
0001be0 0000 0000 0000 0000 0000 0000 0000 0000
0001bf0 0000 0000 0000 0000 0000 0000 0000 aa55
0001c00 0000 0000 0000 0000 0000 0000 0000 0000
*
0001dc0 0000 0059 0000 3052 0008 1800 0000 0000
0001dd0 0000 0005 0000 000e 0000 0001 0000 0000
0001de0 0000 0000 0000 0000 0000 0000 0000 0000
0001df0 0000 0000 0000 0000 0000 0000 0000 aa55
0001e00 0000 0000 0000 0000 0000 0000 0000 0000
*
0001fc0 0000 005a 0000 5051 0008 1800 0000 0000
0001fd0 0000 0005 0000 000f 0000 0001 0000 0000
0001fe0 0000 0000 0000 0000 0000 0000 0000 0000
0001ff0 0000 0000 0000 0000 0000 0000 0000 aa55
0002000 0000 0000 0000 0000 0000 0000 0000 0000
*
00021c0 0000 005b 0000 7050 0008 1800 0000 0000
00021d0 0000 0005 0000 0010 0000 0001 0000 0000
00021e0 0000 0000 0000 0000 0000 0000 0000 0000
00021f0 0000 0000 0000 0000 0000 0000 0000 aa55
0002200 0000 0000 0000 0000 0000 0000 0000 0000
*
00023c0 0000 00ab 0000 904f 0008 5000 0000 0000
00023d0 0000 0005 0000 0011 0000 0001 0000 0000
00023e0 0000 0000 0000 0000 0000 0000 0000 0000
00023f0 0000 0000 0000 0000 0000 0000 0000 aa55
0002400 0000 0000 0000 0000 0000 0000 0000 0000
*
00025c0 0000 0060 0000 f04e 0008 5000 0000 0000
00025d0 0000 0005 0000 0012 0000 0001 0000 0000
00025e0 0000 0000 0000 0000 0000 0000 0000 0000
00025f0 0000 0000 0000 0000 0000 0000 0000 aa55
0002600 0000 0000 0000 0000 0000 0000 0000 0000
*
00027c0 0000 0094 0000 504d 0009 5000 0000 0000
00027d0 0000 0005 0000 0013 0000 0001 0000 0000
00027e0 0000 0000 0000 0000 0000 0000 0000 0000
00027f0 0000 0000 0000 0000 0000 0000 0000 aa55
0002800 0000 0000 0000 0000 0000 0000 0000 0000
*
00029c0 0000 00a5 0000 b04c 0009 d000 002e 0000
00029d0 0000 0005 0000 0014 0000 0001 0000 0000
00029e0 0000 0000 0000 0000 0000 0000 0000 0000
00029f0 0000 0000 0000 0000 0000 0000 0000 aa55
0002a00 0000 0000 0000 0000 0000 0000 0000 0000
*
0002bc0 0000 00a6 0000 904b 0038 1000 0040 0000
0002bd0 0000 0005 0000 0015 0000 0001 0000 0000
0002be0 0000 0000 0000 0000 0000 0000 0000 0000
0002bf0 0000 0000 0000 0000 0000 0000 0000 aa55
0002c00 0000 0000 0000 0000 0000 0000 0000 0000
*
0002dc0 0000 00a8 0000 b04a 0078 7000 0009 0000
0002dd0 0000 0005 0000 0016 0000 0001 0000 0000
0002de0 0000 0000 0000 0000 0000 0000 0000 0000
0002df0 0000 0000 0000 0000 0000 0000 0000 aa55
0002e00 0000 0000 0000 0000 0000 0000 0000 0000
*
0002fc0 0000 00a9 0000 3049 0082 0800 0004 0000
0002fd0 0000 0005 0000 0017 0000 0001 0000 0000
0002fe0 0000 0000 0000 0000 0000 0000 0000 0000
0002ff0 0000 0000 0000 0000 0000 0000 0000 aa55
0003000 0000 0000 0000 0000 0000 0000 0000 0000
*
00031c0 0000 0095 0000 5048 0086 a000 000f 0000
00031d0 0000 0005 0000 0018 0000 0001 0000 0000
00031e0 0000 0000 0000 0000 0000 0000 0000 0000
00031f0 0000 0000 0000 0000 0000 0000 0000 aa55
0003200 0000 0000 0000 0000 0000 0000 0000 0000
*
00033c0 0000 0090 0000 f047 0095 [COLOR="red"][B]8000 013c[/B][/COLOR] 0000
00033d0 0000 0000 0000 0000 0000 0000 0000 0000
*
00033f0 0000 0000 0000 0000 0000 0000 0000 aa55
0003400
And this is the output from the Parsebinarypartitionfile.pl when run on the same file.
Code:
[email protected]:~/Desktop/Samsung/brixfix/partition_load_pt$ perl perl/ParseBinaryPartitionFile.pl shv-e160l-partition0.bin
----------------------------------------------------------
Parsing shv-e160l-partition0.bin ------------------
1 0x00 0x92 0x00000001 (000001) 0x00032000 (204800) (100.00MB)
2 0x80 0x4D 0x00032001 (204801) 0x000003E8 (001000) (0.49MB)
3 0x00 0x51 0x000323E9 (205801) 0x00000BB8 (003000) (1.46MB)
0x00 0x05 0x00032FA1 (208801) 0x01D2705F (30568543) (14926.05MB) - EXT PARTITION (Type=0x05) - not counted as a partition
$ExtendedPartitionBeginsAt=208801
4 0x00 0x47 0x0000105F (004191) 0x000003E8 (001000) (0.49MB) 4MB boundary #26 (sector 212992)
0x00 0x05 0x00000001 (000001) 0x00000001 (000001)
0x00 0x00 0x00000000 (000000) 0x00000000 (000000)
0x00 0x00 0x00000000 (000000) 0x00000000 (000000)
5 0x00 0x45 0x0000305E (012382) 0x00001000 (004096) (2.00MB) 4MB boundary #27 (sector 221184)
0x00 0x05 0x00000002 (000002) 0x00000001 (000001)
0x00 0x00 0x00000000 (000000) 0x00000000 (000000)
0x00 0x00 0x00000000 (000000) 0x00000000 (000000)
6 0x00 0x4C 0x0000505D (020573) 0x00001388 (005000) (2.44MB) 4MB boundary #28 (sector 229376)
0x00 0x05 0x00000003 (000003) 0x00000001 (000001)
0x00 0x00 0x00000000 (000000) 0x00000000 (000000)
0x00 0x00 0x00000000 (000000) 0x00000000 (000000)
7 0x00 0x48 0x0000705C (028764) 0x00005000 (020480) (10.00MB) 4MB boundary #29 (sector 237568)
0x00 0x05 0x00000004 (000004) 0x00000001 (000001)
0x00 0x00 0x00000000 (000000) 0x00000000 (000000)
0x00 0x00 0x00000000 (000000) 0x00000000 (000000)
8 0x00 0x46 0x0000D05B (053339) 0x000003E8 (001000) (0.49MB) 4MB boundary #32 (sector 262144)
0x00 0x05 0x00000005 (000005) 0x00000001 (000001)
0x00 0x00 0x00000000 (000000) 0x00000000 (000000)
0x00 0x00 0x00000000 (000000) 0x00000000 (000000)
9 0x00 0x5D 0x0000F05A (061530) 0x000003E8 (001000) (0.49MB) 4MB boundary #33 (sector 270336)
0x00 0x05 0x00000006 (000006) 0x00000001 (000001)
0x00 0x00 0x00000000 (000000) 0x00000000 (000000)
0x00 0x00 0x00000000 (000000) 0x00000000 (000000)
10 0x00 0x91 0x00011059 (069721) 0x000003E8 (001000) (0.49MB) 4MB boundary #34 (sector 278528)
0x00 0x05 0x00000007 (000007) 0x00000001 (000001)
0x00 0x00 0x00000000 (000000) 0x00000000 (000000)
0x00 0x00 0x00000000 (000000) 0x00000000 (000000)
11 0x00 0x93 0x00013058 (077912) 0x00005000 (020480) (10.00MB) 4MB boundary #35 (sector 286720)
0x00 0x05 0x00000008 (000008) 0x00000001 (000001)
0x00 0x00 0x00000000 (000000) 0x00000000 (000000)
0x00 0x00 0x00000000 (000000) 0x00000000 (000000)
12 0x00 0x0C 0x00019057 (102487) 0x00031000 (200704) (98.00MB) 4MB boundary #38 (sector 311296)
0x00 0x05 0x00000009 (000009) 0x00000001 (000001)
0x00 0x00 0x00000000 (000000) 0x00000000 (000000)
0x00 0x00 0x00000000 (000000) 0x00000000 (000000)
13 0x00 0x4A 0x0004B056 (307286) 0x00001800 (006144) (3.00MB) 4MB boundary #63 (sector 516096)
0x00 0x05 0x0000000A (000010) 0x00000001 (000001)
0x00 0x00 0x00000000 (000000) 0x00000000 (000000)
0x00 0x00 0x00000000 (000000) 0x00000000 (000000)
14 0x00 0x4B 0x0004D055 (315477) 0x00001800 (006144) (3.00MB) 4MB boundary #64 (sector 524288)
0x00 0x05 0x0000000B (000011) 0x00000001 (000001)
0x00 0x00 0x00000000 (000000) 0x00000000 (000000)
0x00 0x00 0x00000000 (000000) 0x00000000 (000000)
15 0x00 0x58 0x0004F054 (323668) 0x00001800 (006144) (3.00MB) 4MB boundary #65 (sector 532480)
0x00 0x05 0x0000000C (000012) 0x00000001 (000001)
0x00 0x00 0x00000000 (000000) 0x00000000 (000000)
0x00 0x00 0x00000000 (000000) 0x00000000 (000000)
16 0x00 0x8F 0x00051053 (331859) 0x00031000 (200704) (98.00MB) 4MB boundary #66 (sector 540672)
0x00 0x05 0x0000000D (000013) 0x00000001 (000001)
0x00 0x00 0x00000000 (000000) 0x00000000 (000000)
0x00 0x00 0x00000000 (000000) 0x00000000 (000000)
17 0x00 0x59 0x00083052 (536658) 0x00001800 (006144) (3.00MB) 4MB boundary #91 (sector 745472)
0x00 0x05 0x0000000E (000014) 0x00000001 (000001)
0x00 0x00 0x00000000 (000000) 0x00000000 (000000)
0x00 0x00 0x00000000 (000000) 0x00000000 (000000)
18 0x00 0x5A 0x00085051 (544849) 0x00001800 (006144) (3.00MB) 4MB boundary #92 (sector 753664)
0x00 0x05 0x0000000F (000015) 0x00000001 (000001)
0x00 0x00 0x00000000 (000000) 0x00000000 (000000)
0x00 0x00 0x00000000 (000000) 0x00000000 (000000)
19 0x00 0x5B 0x00087050 (553040) 0x00001800 (006144) (3.00MB) 4MB boundary #93 (sector 761856)
0x00 0x05 0x00000010 (000016) 0x00000001 (000001)
0x00 0x00 0x00000000 (000000) 0x00000000 (000000)
0x00 0x00 0x00000000 (000000) 0x00000000 (000000)
20 0x00 0xAB 0x0008904F (561231) 0x00005000 (020480) (10.00MB) 4MB boundary #94 (sector 770048)
0x00 0x05 0x00000011 (000017) 0x00000001 (000001)
0x00 0x00 0x00000000 (000000) 0x00000000 (000000)
0x00 0x00 0x00000000 (000000) 0x00000000 (000000)
21 0x00 0x60 0x0008F04E (585806) 0x00005000 (020480) (10.00MB) 4MB boundary #97 (sector 794624)
0x00 0x05 0x00000012 (000018) 0x00000001 (000001)
0x00 0x00 0x00000000 (000000) 0x00000000 (000000)
0x00 0x00 0x00000000 (000000) 0x00000000 (000000)
22 0x00 0x94 0x0009504D (610381) 0x00005000 (020480) (10.00MB) 4MB boundary #100 (sector 819200)
0x00 0x05 0x00000013 (000019) 0x00000001 (000001)
0x00 0x00 0x00000000 (000000) 0x00000000 (000000)
0x00 0x00 0x00000000 (000000) 0x00000000 (000000)
23 0x00 0xA5 0x0009B04C (634956) 0x002ED000 (3067904) (1498.00MB) 4MB boundary #103 (sector 843776)
0x00 0x05 0x00000014 (000020) 0x00000001 (000001)
0x00 0x00 0x00000000 (000000) 0x00000000 (000000)
0x00 0x00 0x00000000 (000000) 0x00000000 (000000)
24 0x00 0xA6 0x0038904B (3706955) 0x00401000 (4198400) (2050.00MB) 4MB boundary #478 (sector 3915776)
0x00 0x05 0x00000015 (000021) 0x00000001 (000001)
0x00 0x00 0x00000000 (000000) 0x00000000 (000000)
0x00 0x00 0x00000000 (000000) 0x00000000 (000000)
25 0x00 0xA8 0x0078B04A (7909450) 0x00097000 (618496) (302.00MB) 4MB boundary #991 (sector 8118272)
0x00 0x05 0x00000016 (000022) 0x00000001 (000001)
0x00 0x00 0x00000000 (000000) 0x00000000 (000000)
0x00 0x00 0x00000000 (000000) 0x00000000 (000000)
26 0x00 0xA9 0x00823049 (8532041) 0x00040800 (264192) (129.00MB) 4MB boundary #1067 (sector 8740864)
0x00 0x05 0x00000017 (000023) 0x00000001 (000001)
0x00 0x00 0x00000000 (000000) 0x00000000 (000000)
0x00 0x00 0x00000000 (000000) 0x00000000 (000000)
27 0x00 0x95 0x00865048 (8802376) 0x000FA000 (1024000) (500.00MB) 4MB boundary #1100 (sector 9011200)
0x00 0x05 0x00000018 (000024) 0x00000001 (000001)
0x00 0x00 0x00000000 (000000) 0x00000000 (000000)
0x00 0x00 0x00000000 (000000) 0x00000000 (000000)
28 0x00 0x90 0x0095F047 (9826375) [COLOR="Red"][B]0x013C8000[/B][/COLOR] (20742144) (10128.00MB) 4MB boundary #1225 (sector 10035200)
0x00 0x00 0x00000000 (000000) 0x00000000 (000000)
0x00 0x00 0x00000000 (000000) 0x00000000 (000000)
0x00 0x00 0x00000000 (000000) 0x00000000 (000000)
This partition table has 28 usable partitions (29 parititions if you count the EXT which Linux does)
I've highlighted in red two sections showing how the file is stored on disk and interpreted in terms on endiness.
Now this if you refer back to http://forum.xda-developers.com/showpost.php?p=33359011&postcount=4 and cross reference to
partition_parser.h in kernel sources (this one is from a copy of moboot http://code.google.com/r/geauxlsu20....h?r=dfd2d6b446d5c86640accd8843d9cdea40159507 )
We can confirm that partition type id is used to to build the partition table in terms of which file goes where
Code:
#define MBR_EBR_TYPE 0x05
#define MBR_MODEM_TYPE 0x06
#define MBR_MODEM_TYPE2 0x0C
#define MBR_SBL1_TYPE 0x4D
#define MBR_SBL2_TYPE 0x51
#define MBR_SBL3_TYPE 0x45
#define MBR_RPM_TYPE 0x47
#define MBR_TZ_TYPE 0x46
#define MBR_MODEM_ST1_TYPE 0x4A
#define MBR_MODEM_ST2_TYPE 0x4B
#define MBR_EFS2_TYPE 0x4E
#define MBR_ABOOT_TYPE 0x4C
#define MBR_BOOT_TYPE 0x48
#define MBR_SYSTEM_TYPE 0x82
#define MBR_USERDATA_TYPE 0x83
#define MBR_RECOVERY_TYPE 0x60
#define MBR_MISC_TYPE 0x63
#define MBR_PROTECTED_TYPE 0xEE
and a excerpt from partition.xml for compiling a .mbn boot image
Code:
<?xml version="1.0"?>
<image>
<physical_partition number="0">
<primary order="1" type="c" bootable="false" label="MODEM" size="10" readonly="true">
</primary>
<primary order="2" type="4d" bootable="true" label="SBL1" size="256" readonly="true">
<file name="sbl1.mbn" offset="0"/>
</primary>
<primary order="3" type="51" bootable="false" label="SBL2" size="512" readonly="true">
<file name="sbl2.mbn" offset="0"/>
</primary>
<primary order="4" type="5" bootable="false" label="EXT" size="1000000">
<extended order="1" type="47" label="RPM" size="256" readonly="true">
<file name="rpm.mbn" offset="0"/>
</extended>
<extended order="2" type="45" label="SBL3" size="2048" readonly="true">
<file name="sbl3.mbn" offset="0"/>
</extended>
<extended order="3" type="46" label="TZ" size="256" readonly="true">
<file name="tz.mbn" offset="0"/>
</extended>
</primary>
</physical_partition>
[B]<parser_instructions>
WRITE_PROTECT_BOUNDARY_IN_KB = 0
GROW_LAST_PARTITION_TO_FILL_DISK=false
ALIGN_ALL_LOGICAL_PARTITIONS_TO_WP_BOUNDARY=false
</parser_instructions>[/B]
</image>
The above file has additional commands contained within highlighted in bold, these are parsed by ptool.py which creates the need rawprogram.xml ( xml without instructions for creating mbr/ebr files ) it also creates the files for blanking emmc(optional) and it's new partition tables in the form of mbr0.bin/ebr0.bin
here is the output when run on the above file
Code:
[email protected]:~/Desktop/Samsung/brixfix/partition_load_pt/python$ python ./ptool.py -x ../xml/singleimage_partition_8660.xml -t ./
CWD: /home/darkspr1te/Desktop/Samsung/brixfix/partition_load_pt/python
OutputFolder= ./
XMLFile= ../xml/singleimage_partition_8660.xml
OutputFolder= ./
OutputToCreate None
PhysicalPartitionNumber 0
verbose False
Looking for ../xml/singleimage_partition_8660.xml
----------------------------------------
Searching /home/darkspr1te/Desktop/Samsung/brixfix/partition_load_pt/python
**Found ../xml/singleimage_partition_8660.xml (1208 bytes)
Found a physical_partition, NumPhyPartitions=1
len(PhyPartition)=0
Testing if GUID= c
GUID does not match regular expression
LABEL: MODEM
========================================
storing at 0
Adding PartitionCollection to "PhyPartition" of size 0
Testing if GUID= 4d
GUID does not match regular expression
LABEL: SBL1
========================================
storing at 0
Adding PartitionCollection to "PhyPartition" of size 0
Testing if GUID= 51
GUID does not match regular expression
LABEL: SBL2
========================================
storing at 0
Adding PartitionCollection to "PhyPartition" of size 0
LABEL: EXT
Testing if GUID= 5
GUID does not match regular expression
LABEL: RPM
Testing if GUID= 47
GUID does not match regular expression
========================================
storing at 0
Adding PartitionCollection to "PhyPartition" of size 0
LABEL: SBL3
Testing if GUID= 45
GUID does not match regular expression
========================================
storing at 0
Adding PartitionCollection to "PhyPartition" of size 0
LABEL: TZ
Testing if GUID= 46
GUID does not match regular expression
========================================
storing at 0
Adding PartitionCollection to "PhyPartition" of size 0
HashInstructions['WRITE_PROTECT_BOUNDARY_IN_KB'] =0
HashInstructions['ALIGN_BOUNDARY_IN_KB'] =0
HashInstructions['GROW_LAST_PARTITION_TO_FILL_DISK']=False
HashInstructions['DISK_SIGNATURE']=0x0
len(PhyPartition)= 1
LABEL: 'MODEM' with 2 sectors
LABEL: 'SBL1' with 150 sectors
LABEL: 'SBL2' with 220 sectors
LABEL: 'RPM' with 232 sectors
LABEL: 'SBL3' with 1200 sectors
LABEL: 'TZ' with 208 sectors
MinSectorsNeeded=2016
==============================================================================
MBR type discovered in XML file, Output will be MBR
==============================================================================
==============================================================================
OutputToCreate ===> 'mbr'
==============================================================================
On PHY Partition 0 that has 6 partitions
------------
For PHY Partition 0
We will need an MBR and 3 EBRs
Inside CreateMasterBootRecord(3) -------------------------------------
1 of 6 "MODEM" (readonly=true) and size=1KB (0.00MB or 2 sectors)
2 of 6 "SBL1" (readonly=true) and size=75KB (0.07MB or 150 sectors)
3 of 6 "SBL2" (readonly=true) and size=110KB (0.11MB or 220 sectors)
About to make EBR, FirstLBA=373, LastLBA=373
Inside CreateExtendedBootRecords(3) -----------------------------------------
EBROffset= 0
Extended Partition begins at FirstLBA=373, size is 1643
FirstLBA now equals 376 since NumEBRPartitions=3
4 of 6 "RPM" (readonly=true) and size=116KB (0.11MB or 232 sectors)
FirstLBA=376 (with size 232 sectors) and LastLBA=376
PhyPartition[k][j]['align']= false
SectorsTillNextBoundary= 0
FirstLBA (376) is *not* covered by the end of the WP region (0),
it needs to be moved to be aligned to 376
FirstLBA=376, LastLBA=608, PartitionSectorSize=232
LastLBA is currently 608 sectors
Card size of at least 0.3MB needed (608 sectors)
5 of 6 "SBL3" (readonly=true) and size=600KB (0.59MB or 1200 sectors)
FirstLBA=608 (with size 1200 sectors) and LastLBA=608
PhyPartition[k][j]['align']= false
SectorsTillNextBoundary= 0
FirstLBA (608) is *not* covered by the end of the WP region (0),
it needs to be moved to be aligned to 608
FirstLBA=608, LastLBA=1808, PartitionSectorSize=1200
LastLBA is currently 1808 sectors
Card size of at least 0.9MB needed (1808 sectors)
6 of 6 "TZ" (readonly=true) and size=104KB (0.10MB or 208 sectors)
FirstLBA=1808 (with size 208 sectors) and LastLBA=1808
THIS IS THE LAST PARTITION
It cannot be marked as read-only, it is now set to writeable
PhyPartition[k][j]['align']= false
SectorsTillNextBoundary= 0
This partition is *NOT* readonly (or does not have align='true')
FirstLBA=1808, LastLBA=2016, PartitionSectorSize=208
LastLBA is currently 2016 sectors
Card size of at least 1.0MB needed (2016 sectors)
------------------------------------------------------------------------------
LastLBA is currently 2016 sectors
Card size of at least 1.0MB needed (2016 sectors)
------------------------------------------------------------------------------
ptool.py is running from CWD: /home/darkspr1te/Desktop/Samsung/brixfix/partition_load_pt/python
Created "./partition0.bin"
Created "./MBR0.bin"
Created "./EBR0.bin"
Created "./rawprogram0.xml"
Created "./patch0.xml"
Created "./emmc_lock_regions.xml"
Use msp tool to write this information to SD/eMMC card
i.e.
sudo python msp.py rawprogram0.xml /dev/sdb <---- where /dev/sdb is assumed to be your SD/eMMC card
sudo python msp.py patch0.xml /dev/sdb <---- where /dev/sdb is assumed to be your SD/eMMC card
Created "zeros_1sector.bin" <-- full of binary zeros - used by "wipe" rawprogram files
Created "zeros_33sectors.bin" <-- full of binary zeros - used by "wipe" rawprogram files
Created "./wipe_rawprogram_PHY0.xml" <-- Used to *wipe/erase* partition information
Created "./wipe_rawprogram_PHY1.xml" <-- Used to *wipe/erase* partition information
Created "./wipe_rawprogram_PHY2.xml" <-- Used to *wipe/erase* partition information
Created "./wipe_rawprogram_PHY4.xml" <-- Used to *wipe/erase* partition information
Created "./wipe_rawprogram_PHY5.xml" <-- Used to *wipe/erase* partition information
Created "./wipe_rawprogram_PHY6.xml" <-- Used to *wipe/erase* partition information
Created "./wipe_rawprogram_PHY7.xml" <-- Used to *wipe/erase* partition information
[email protected]:~/Desktop/Samsung/brixfix/partition_load_pt/python$
now in partition.xml before it's parsed by ptool.py it is as the following with partition size as SIZE
Code:
<primary order="1" type="c" bootable="false" label="MODEM" size="10" readonly="true">
</primary>
<primary order="2" type="4d" bootable="true" label="SBL1" size="256" readonly="true">
<file name="sbl1.mbn" offset="0"/>
but after parsing it's in sectors and offsets
Code:
program SECTOR_SIZE_IN_BYTES="512" file_sector_offset="0" filename="" label="MODEM" num_partition_sectors="2" physical_partition_number="0" size_in_KB="1.0" sparse="false" start_byte_hex="0x200" start_sector="1"/>
<program SECTOR_SIZE_IN_BYTES="512" file_sector_offset="0" filename="sbl1.mbn" label="SBL1" num_partition_sectors="150" physical_partition_number="0" size_in_KB="75.0" sparse="false" start_byte_hex="0x600" start_sector="3"/>
A group of Partition Tools compiled static from original (open) sources -
http://www.sendspace.com/file/4g1atr aimed at mbr/ebr only
sfdisk
lsblk
partx
blkid
Click to expand...
Click to collapse
http://www.sendspace.com/file/5b3jdc inclusive of mbr tools plus GPT tools
blkid
fdisk
gdisk
lsblk
partx
sfdisk
sgdisk
Click to expand...
Click to collapse
Wow! Thanks!!
But what compilation flags did you use? (ARCH, CPU, etc etc)
They could be very useful for other devices as well...
HAPPY NEW YEAR!
E:V:A said:
Wow! Thanks!!
But what compilation flags did you use? (ARCH, CPU, etc etc)
They could be very useful for other devices as well...
HAPPY NEW YEAR!
Click to expand...
Click to collapse
You want details here, pm for restructure into [dev] guide ?
I can repurpose this post anyway, more info , lots more info to post
Happy new year from +2:00 hrs GMT !!!! to All
Device: Sprint Optimus G
Model: LG LS970
CPU: Qualcomm Snapdragon S4 Pro (APQ8064)
Total Number of Partitions Found: 37
Partition: MODEM at 0x000000800000
Partition: SBL1 at 0x000004800000
Partition: SBL2 at 0x000004880000
Partition: SBL3 at 0x000004900000
Partition: ABOOT at 0x000004B00000
Partition: RPM at 0x000004B80000
Partition: BOOT at 0x000005000000
Partition: TZ at 0x000006800000
Partition: PAD at 0x000006880000
Partition: MODEMST1 at 0x000006880400
Partition: MODEMST2 at 0x000006B80400
Partition: M9KEFS1 at 0x000007000000
Partition: M9KEFS2 at 0x0000070C3000
Partition: M9KEFS3 at 0x000007186000
Partition: DRM at 0x000007800000
Partition: SNS at 0x000008000000
Partition: SSD at 0x000008800000
Partition: MISC at 0x000008802000
Partition: FACTORY at 0x000009802000
Partition: BNR at 0x00000A802000
Partition: ENCRYPT at 0x00000B002000
Partition: EKSST at 0x00000B082000
Partition: SYSTEM at 0x00000B800000
Partition: CACHE at 0x00006A800000
Partition: USERDATA at 0x00009C800000
Partition: PERSIST at 0x0000FB000000
Partition: TOMBSTONES at 0x0000FB800000
Partition: RECOVERY at 0x00000B800000
Partition: FSG at 0x00000D000000
Partition: DDR at 0x00000D300000
Partition: FOTA at 0x00000D800000
Partition: MPT at 0x00000F800000
Partition: TZBAK at 0x000011800000
Partition: RPMBAK at 0x000011880000
Partition: CARRIER at 0x000011900000
Partition: RESERVED at 0x000012D00000
Partition: GROW at 0x000013D00000
Click to expand...
Click to collapse
Code:
General Device Name: Samsung Galaxy Note 1
Manufacturer Product Name: GT-N7000
Processor: Samsung Exynos 4210 ( 1.400 MHz )
AOS version: Android ICS 4.0.4
Radio FW version: XXLRK
System FW version: XXLRT
Service Provider/ Branding: Mobilcom-Debitel / -
Country: Germany
(emmc brick chip)
[B]<< output of parted >>[/B]
# parted /dev/block/mmcblk0
GNU Parted 1.8.8.1.179-aef3
Using /dev/block/mmcblk0
Welcome to GNU Parted! Type 'help' to view a list of commands.
(parted) print all
print all
Model: MMC VYL00M (sd/mmc)
Disk /dev/block/mmcblk0: 15.8GB
Sector size (logical/physical): 512B/512B
Partition Table: gpt
Number Start End Size File system Name Flags
1 4194kB 25.2MB 21.0MB ext4 EFS
2 25.2MB 26.5MB 1311kB SBL1
3 27.3MB 28.6MB 1311kB SBL2
4 29.4MB 37.7MB 8389kB PARAM
5 37.7MB 46.1MB 8389kB KERNEL
6 46.1MB 54.5MB 8389kB RECOVERY
7 54.5MB 264MB 210MB ext4 CACHE
8 264MB 281MB 16.8MB MODEM
9 281MB 1174MB 893MB ext4 FACTORYFS
10 1174MB 3322MB 2147MB ext4 DATAFS
11 3322MB 15.2GB 11.9GB fat32 UMS
12 15.2GB 15.8GB 537MB ext4 HIDDEN
(parted) quit
quit
# busybox cat /proc/partitions <
major minor #blocks name
7 0 4190 loop0
7 1 43691 loop1
7 2 3150 loop2
7 3 6269 loop3
7 4 15624 loop4
7 5 30177 loop5
7 6 41612 loop6
7 7 9387 loop7
179 0 15388672 mmcblk0
179 1 20480 mmcblk0p1
179 2 1280 mmcblk0p2
179 3 1280 mmcblk0p3
179 4 8192 mmcblk0p4
179 5 8192 mmcblk0p5
179 6 8192 mmcblk0p6
179 7 204800 mmcblk0p7
259 0 16384 mmcblk0p8
259 1 872448 mmcblk0p9
259 2 2097152 mmcblk0p10
259 3 11616256 mmcblk0p11
259 4 524288 mmcblk0p12
179 8 30657536 mmcblk1
179 9 30653440 mmcblk1p1
254 0 4189 dm-0
254 1 43690 dm-1
254 2 3150 dm-2
254 3 6268 dm-3
254 4 15624 dm-4
254 5 30177 dm-5
254 6 41611 dm-6
254 7 9387 dm-7
7 8 4190 loop8
254 8 4189 dm-8
7 9 8348 loop9
254 9 8347 dm-9
7 10 3150 loop10
254 10 3150 dm-10
7 11 6269 loop11
254 11 6268 dm-11
7 12 3150 loop12
254 12 3150 dm-12
7 13 17703 loop13
254 13 17703 dm-13
7 14 30177 loop14
254 14 30177 dm-14
7 15 2111 loop15
254 15 2110 dm-15
7 16 11466 loop16
254 16 11466 dm-16
7 17 4190 loop17
254 17 4189 dm-17
7 18 2111 loop18
254 18 2110 dm-18
7 19 22901 loop19
254 19 22900 dm-19
7 20 2111 loop20
254 20 2110 dm-20
7 21 19782 loop21
254 21 19782 dm-21
7 22 21861 loop22
254 22 21861 dm-22
7 23 3150 loop23
254 23 3150 dm-23
7 24 5229 loop24
254 24 5229 dm-24
7 25 16664 loop25
254 25 16663 dm-25
7 26 3150 loop26
254 26 3150 dm-26
7 27 7308 loop27
254 27 7308 dm-27
7 28 63473 loop28
254 28 63472 dm-28
7 29 14585 loop29
254 29 14584 dm-29
7 30 3150 loop30
254 30 3150 dm-30
7 31 7308 loop31
254 31 7308 dm-31
7 32 6269 loop32
254 32 6268 dm-32
7 33 4190 loop33
254 33 4189 dm-33
7 34 59283 loop34
254 34 59283 dm-34
7 35 36414 loop35
254 35 36414 dm-35
7 36 4190 loop36
254 36 4189 dm-36
7 37 2111 loop37
254 37 2110 dm-37
7 38 4190 loop38
254 38 4189 dm-38
7 39 6269 loop39
254 39 6268 dm-39
7 40 18743 loop40
254 40 18742 dm-40
7 41 2111 loop41
254 41 2110 dm-41
7 42 19782 loop42
254 42 19782 dm-42
7 43 5229 loop43
254 43 5229 dm-43
7 44 17703 loop44
254 44 17703 dm-44
7 45 14585 loop45
254 45 14584 dm-45
7 46 16664 loop46
254 46 16663 dm-46
7 47 2111 loop47
254 47 2110 dm-47
7 48 3150 loop48
254 48 3150 dm-48
7 49 9387 loop49
254 49 9387 dm-49
# mount
rootfs on / type rootfs (ro,relatime)
tmpfs on /dev type tmpfs (rw,nosuid,relatime,mode=755)
devpts on /dev/pts type devpts (rw,relatime,mode=600)
proc on /proc type proc (rw,relatime)
sysfs on /sys type sysfs (rw,relatime)
none on /acct type cgroup (rw,relatime,cpuacct)
tmpfs on /mnt/asec type tmpfs (rw,relatime,mode=755,gid=1000)
tmpfs on /mnt/obb type tmpfs (rw,relatime,mode=755,gid=1000)
none on /dev/cpuctl type cgroup (rw,relatime,cpu)
/dev/block/mmcblk0p9 on /system type ext4 (ro,noatime,barrier=1,data=ordered)
/dev/block/mmcblk0p7 on /cache type ext4 (rw,nosuid,nodev,noatime,barrier=1,data=ordered)
/dev/block/mmcblk0p1 on /efs type ext4 (rw,nosuid,nodev,noatime,barrier=1,data=ordered)
/dev/block/mmcblk0p10 on /data type ext4 (rw,nosuid,nodev,noatime,barrier=1,data=ordered,noauto_da_alloc)
/dev/block/mmcblk0p4 on /mnt/.lfs type j4fs (rw,relatime)
/sys/kernel/debug on /sys/kernel/debug type debugfs (rw,relatime)
/dev/block/vold/259:3 on /mnt/sdcard type vfat (rw,dirsync,nosuid,nodev,noexec,noatime,nodiratime,uid=1000,gid=1015,fmask=0002,dmask=0002,allow_utime=0020,codepage=cp437,iocharset=iso8859-1,shortname=mixed,utf8,errors=remount-ro,discard)
tmpfs on /mnt/sdcard/external_sd type tmpfs (rw,dirsync,nosuid,nodev,noexec,noatime,nodiratime,size=0k,mode=755,gid=1000)
tmpfs on /mnt/sdcard/usbStorage type tmpfs (rw,dirsync,nosuid,nodev,noexec,noatime,nodiratime,size=0k,mode=755,gid=1000)
/dev/block/vold/179:9 on /mnt/sdcard/external_sd type vfat (rw,dirsync,nosuid,nodev,noexec,noatime,nodiratime,uid=1000,gid=1023,fmask=0002,dmask=0002,allow_utime=0020,codepage=cp437,iocharset=iso8859-1,shortname=mixed,utf8,errors=remount-ro)
/dev/block/vold/179:9 on /mnt/secure/asec type vfat (rw,dirsync,nosuid,nodev,noexec,noatime,nodiratime,uid=1000,gid=1023,fmask=0002,dmask=0002,allow_utime=0020,codepage=cp437,iocharset=iso8859-1,shortname=mixed,utf8,errors=remount-ro)
tmpfs on /mnt/sdcard/external_sd/.android_secure type tmpfs (ro,relatime,size=0k,mode=000)
without /dev/block/dm-xx
[B]<< output of fdisk >>[/B]
# fdisk -l /dev/block/mmcblk0
Disk /dev/block/mmcblk0: 15.7 GB, 15758000128 bytes
1 heads, 16 sectors/track, 1923584 cylinders
Units = cylinders of 16 * 512 = 8192 bytes
Device Boot Start End Blocks Id System
/dev/block/mmcblk0p1 1 1923584 15388671+ ee EFI GPT
Partition 1 does not end on cylinder boundary
#
[B]<< output of gdisk >>[/B]
sh: gdisk: not found
<< Any additional info you'd like to share. See text.>>
Friedbert said:
Code:
General Device Name: Samsung Galaxy Note 1
Manufacturer Product Name: GT-N7000
...
[B]<< output of gdisk >>[/B]
sh: gdisk: not found
[/QUOTE]
If you wanna use [I]gdisk[/I], you need to push it over and install it first! Thanks.
Click to expand...
Click to collapse
I can confirm that the smd_HDR.mbn/bin partition contains md5 checksums for the partitions. Still analysing the first untainted copy, it lists all partitions followed by a md5 sum, but that just strings output. Hex next, will update when I have further info.
Here is the strings in the file.
Code:
Q8x60M2K_EMMC_Va
./ptn/partit
5BB1C1F589363704E8D3F6912377685F
./bin/sbl1.m
C8FB1F17A8C9289BDD2CC35FAD1D8847
./bin/sbl2.m
9FBC53EDBF4CD41AFC9E1D1DB0EE0249
./bin/rpm.mb
8AEDC483EC145A6ADF54FEF6CA433052
./bin/sbl3.mt]
B148EC810189A31175E2743065C8F43F
./bin/aboot.
C9A02863C90339AE308655177429F86F
./bin/boot.i
B2D9A1A62A51DF0A75AF3570DC3F7B65
./bin/[email protected]
62DD4F0024B6732E86C058C3127612AB
./ptn/quincy
457E023513146DF9A237700058D31AE8
./cnst/param
9EA248A486EDE412D0B5247474CE2FEF
./bin/amss.b
54D32EC124B24E055919D4564CB24912
./bin/mdm.bi
8512BCE3D102A19C568DD2895A12C279
recovery.img
662DA0A40017670CD82ABF9D23BD823D
system.img
]EA28643C20DD75852E06E99C5EF1E096
cache.img
42A51E87086CC329561EB262AA38E8B4
tombstone.im
8A8B2BF56C4A455686B3678BE9D41AA4
hidden.img
03F06021375A57297E472F787EE46932
F58997D29D80F232F4818FF0D5F25B78KMKZS000VM(E160K)
F99D
05B9
And ive attached the actual file for anyone who wants to dissect it .
The rest of the file is empty. just '0's
Sent from my A210 using Tapatalk 2
Device: LG Motion
Model: LG MS770/LW770
CPU: Qualcomm Snapdragon S4 Plus (MSM8960L)
Partition: MODEM at 0x000000800000
Partition: SBL1 at 0x000004800000
Partition: SBL2 at 0x000004880000
Partition: SBL3 at 0x000004900000
Partition: ABOOT at 0x000004A00000
Partition: RPM at 0x000004A80000
Partition: TZ at 0x000006000000
Partition: PAD at 0x000006080000
Partition: MODEMST1 at 0x000006080400
Partition: MODEMST2 at 0x000006380400
Partition: SNS at 0x000006800000
Partition: MISC at 0x000007000000
Partition: SYSTEM at 0x000008000000
Partition: USERDATA at 0x000048000000
Partition: PERSIST at 0x0001B3C00000
Partition: CACHE at 0x0001B4400000
Partition: TOMBSTONES at 0x0001C5000000
Partition: RECOVERY at 0x0001C9800000
Partition: FSG at 0x0001CA400000
Partition: SSD at 0x0001CA700000
Partition: DRM at 0x0001CA800000
Partition: FOTA at 0x0001CB000000
Partition: MPT at 0x0001CD000000
Partition: TZBAK at 0x0001CF000000
Partition: RPMBAK at 0x0001CF080000
Partition: ENCRYPT at 0x0001CF100000
Partition: RESERVED at 0x0001CF800000
Partition: GROW at 0x0001D0800000
Click to expand...
Click to collapse