Related
Hey guys, I set up my Arduino Mega to communicate via UART with my Infuse4g.
The UART output comes out of the USB port at 115200kbps on the D+ and D- lines when you connect a 619kOhm resistor to USB Pins 4 and 5. It can be used for kernel debugging or general hacking around.
Here's some pics of my setup.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
This emulates the "Test Board" from the KIT-S5PC110 which is used to develop the Aeries platform
You can make it do all kinds of crazy stuff....
Typical boot with battery just inserted.
Code:
1
-----------------------------------------------------------
Samsung Primitive Bootloader (PBL) v3.0
Copyright (C) Samsung Electronics Co., Ltd. 2006-2010
-----------------------------------------------------------
+n1stVPN 2688
+nPgsPerBlk 64
PBL found bootable SBL: Partition(3).
MAX8893_REG_ONOFF return val 1
MAX8893_REG_DISCHARGE return val ff
MAX8893_REG_LSTIME return val 8
MAX8893_REG_DVSRAMP return val 9
MAX8893_REG_BUCK return val 4
MAX8893_REG_LDO1 return val e
MAX8893_REG_LDO1 new val e
MAX8893_REG_LDO2 return val 10
MAX8893_REG_LDO2 new val 10
MAX8893_REG_ONOFF return val 1
MAX8893_REG_ONOFF new val 21
MAX8893_REG_ONOFF return val 21
MAX8893_REG_ONOFF new val 31
Set cpu clk. from 400MHz to 800MHz.
OM=0x9, device=OnenandMux(Audi)
IROM e-fused - Non Secure Boot Version.
-----------------------------------------------------------
Samsung Secondary Bootloader (SBL) v3.0
Copyright (C) Samsung Electronics Co., Ltd. 2006-2010
Board Name: ARIES REV 03
Build On: May 19 2011 22:17:14
-----------------------------------------------------------
Re_partition: magic code(0x0)
[PAM: ] ++FSR_PAM_Init
[PAM: ] OneNAND physical base address : 0xb0000000
[PAM: ] OneNAND virtual base address : 0xb0000000
[PAM: ] OneNAND nMID=0xec : nDID=0x50
[PAM: ] --FSR_PAM_Init
fsr_bml_load_partition: pi->nNumOfPartEntry = 12
partitions loading success
board partition information update.. source: 0x0
Now Read Images - ID : 1
.Done.
read 1 units.
==== PARTITION INFORMATION ====
ID : IBL+PBL (0x0)
ATTR : RO SLC (0x1002)
FIRST_UNIT : 0
NO_UNITS : 1
===============================
ID : PIT (0x1)
ATTR : RO SLC (0x1002)
FIRST_UNIT : 1
NO_UNITS : 1
===============================
ID : EFS (0x14)
ATTR : RW STL SLC (0x1101)
FIRST_UNIT : 2
NO_UNITS : 40
===============================
ID : SBL (0x3)
ATTR : RO SLC (0x1002)
FIRST_UNIT : 42
NO_UNITS : 5
===============================
ID : SBL2 (0x4)
ATTR : RO SLC (0x1002)
FIRST_UNIT : 47
NO_UNITS : 5
===============================
ID : PARAM (0x15)
ATTR : RW STL SLC (0x1101)
FIRST_UNIT : 52
NO_UNITS : 20
===============================
ID : KERNEL (0x6)
ATTR : RO SLC (0x1002)
FIRST_UNIT : 72
NO_UNITS : 30
===============================
ID : RECOVERY (0x7)
ATTR : RO SLC (0x1002)
FIRST_UNIT : 102
NO_UNITS : 30
===============================
ID : FACTORYFS (0x16)
ATTR : RW STL SLC (0x1101)
FIRST_UNIT : 132
NO_UNITS : 1146
===============================
ID : DBDATAFS (0x17)
ATTR : RW STL SLC (0x1101)
FIRST_UNIT : 1278
NO_UNITS : 536
===============================
ID : CACHE (0x18)
ATTR : RW STL SLC (0x1101)
FIRST_UNIT : 1814
NO_UNITS : 130
===============================
ID : MODEM (0xb)
ATTR : RO SLC (0x1002)
FIRST_UNIT : 1944
NO_UNITS : 60
===============================
loke_init: j4fs_open success..
load_lfs_parameters valid magic code and version.
reading nps status file is successfully!.
nps status=0x504d4f43
load_debug_level reading debug level from file successfully(0x574f4c44).
init_fuel_gauge: vcell = 3797mV, soc = 57
check_quick_start_condition- Voltage: 3797.50000, Linearized[45/60/75], Capacity: 59
init_fuel_gauge: vcell = 3797mV, soc = 57, rcomp = d01f
reading nps status file is successfully!.
nps status=0x504d4f43
PMIC_IRQ1 = 0x20
PMIC_IRQ2 = 0x0
PMIC_IRQ3 = 0x0
PMIC_IRQ4 = 0x0
PMIC_STATUS1 = 0x40
PMIC_STATUS2 = 0x0
get_debug_level current debug level is 0x574f4c44.
aries_process_platform: Debug Level Low
keypad_scan: key value ----------------->= 0x0
CONFIG_ARIES_REV:48 , CONFIG_ARIES_REV03:48
check_download: micorusb_status1 = 400, key_value = 0
aries_process_platform: final s1 booting mode = 0
DISPLAY_PATH_SEL[MDNIE 0x1]is on
MDNIE setting Init start!!
vsync interrupt is off
video interrupt is off
[fb0] turn on
MDNIE setting Init end!!
lcd_power_on_ld9040
s6e63m0_c110_spi_read_byte-------------------------: 86
DA lcd ID1 = 86
s6e63m0_c110_spi_read_byte-------------------------: 48
DB lcd ID2 = 48
s6e63m0_c110_spi_read_byte-------------------------: 44
DC lcd ID3 = 44
LCD_ID == 3
Autoboot (0 seconds) in progress, press any key to stop
get_debug_level current debug level is 0x574f4c44.
get_debug_level current debug level is 0x574f4c44.
boot_kernel: Debug Level Low
FOTA Check Bit
Read BML page=, NumPgs=
FOTA Check Bit (0xffffffff)
Load Partion idx = (6)
..............................done
Kernel read success from kernel partition no.6, idx.6.
setting param.serialnr=hex value hex value
setting param.board_rev=0x30
setting param.cmdline=console=ttySAC2,115200 loglevel=4
Starting kernel at 0x32000000...
0xF8
AST_POWERON
BOOTING COMPLETED
held enter while booting UART
Code:
Copyright (C) Samsung Electronics Co., Ltd. 2006-2010
-----------------------------------------------------------
+n1stVPN 2688
+nPgsPerBlk 64
PBL found bootable SBL: Partition(3).
MAX8893_REG_ONOFF return val 1
MAX8893_REG_DISCHARGE return val ff
MAX8893_REG_LSTIME return val 8
MAX8893_REG_DVSRAMP return val 9
MAX8893_REG_BUCK return val 2
MAX8893_REG_LDO1 return val 2
MAX8893_REG_LDO1 new val e
MAX8893_REG_LDO2 return val e
MAX8893_REG_LDO2 new val 10
MAX8893_REG_ONOFF return val 1
MAX8893_REG_ONOFF new val 21
MAX8893_REG_ONOFF return val 21
MAX8893_REG_ONOFF new val 31
Set cpu clk. from 400MHz to 800MHz.
OM=0x9, device=OnenandMux(Audi)
IROM e-fused - Non Secure Boot Version.
-----------------------------------------------------------
Samsung Secondary Bootloader (SBL) v3.0
Copyright (C) Samsung Electronics Co., Ltd. 2006-2010
Board Name: ARIES REV 03
Build On: May 19 2011 22:17:14
-----------------------------------------------------------
Re_partition: magic code(0x0)
[PAM: ] ++FSR_PAM_Init
[PAM: ] OneNAND physical base address : 0xb0000000
[PAM: ] OneNAND virtual base address : 0xb0000000
[PAM: ] OneNAND nMID=0xec : nDID=0x50
[PAM: ] --FSR_PAM_Init
fsr_bml_load_partition: pi->nNumOfPartEntry = 12
partitions loading success
board partition information update.. source: 0x0
Now Read Images - ID : 1
.Done.
read 1 units.
==== PARTITION INFORMATION ====
ID : IBL+PBL (0x0)
ATTR : RO SLC (0x1002)
FIRST_UNIT : 0
NO_UNITS : 1
===============================
ID : PIT (0x1)
ATTR : RO SLC (0x1002)
FIRST_UNIT : 1
NO_UNITS : 1
===============================
ID : EFS (0x14)
ATTR : RW STL SLC (0x1101)
FIRST_UNIT : 2
NO_UNITS : 40
===============================
ID : SBL (0x3)
ATTR : RO SLC (0x1002)
FIRST_UNIT : 42
NO_UNITS : 5
===============================
ID : SBL2 (0x4)
ATTR : RO SLC (0x1002)
FIRST_UNIT : 47
NO_UNITS : 5
===============================
ID : PARAM (0x15)
ATTR : RW STL SLC (0x1101)
FIRST_UNIT : 52
NO_UNITS : 20
===============================
ID : KERNEL (0x6)
ATTR : RO SLC (0x1002)
FIRST_UNIT : 72
NO_UNITS : 30
===============================
ID : RECOVERY (0x7)
ATTR : RO SLC (0x1002)
FIRST_UNIT : 102
NO_UNITS : 30
===============================
ID : FACTORYFS (0x16)
ATTR : RW STL SLC (0x1101)
FIRST_UNIT : 132
NO_UNITS : 1146
===============================
ID : DBDATAFS (0x17)
ATTR : RW STL SLC (0x1101)
FIRST_UNIT : 1278
NO_UNITS : 536
===============================
ID : CACHE (0x18)
ATTR : RW STL SLC (0x1101)
FIRST_UNIT : 1814
NO_UNITS : 130
===============================
ID : MODEM (0xb)
ATTR : RO SLC (0x1002)
FIRST_UNIT : 1944
NO_UNITS : 60
===============================
loke_init: j4fs_open success..
load_lfs_parameters valid magic code and version.
reading nps status file is successfully!.
nps status=0x504d4f43
load_debug_level reading debug level from file successfully(0x574f4c44).
init_fuel_gauge: vcell = 3777mV, soc = 48
check_quick_start_condition- Voltage: 3777.50000, Linearized[41/56/71], Capacity: 49
init_fuel_gauge: vcell = 3777mV, soc = 48, rcomp = d01f
reading nps status file is successfully!.
nps status=0x504d4f43
PMIC_IRQ1 = 0x30
PMIC_IRQ2 = 0x0
PMIC_IRQ3 = 0x0
PMIC_IRQ4 = 0x0
PMIC_STATUS1 = 0x40
PMIC_STATUS2 = 0x0
get_debug_level current debug level is 0x574f4c44.
aries_process_platform: Debug Level Low
keypad_scan: key value ----------------->= 0x0
CONFIG_ARIES_REV:48 , CONFIG_ARIES_REV03:48
check_download: micorusb_status1 = 400, key_value = 0
aries_process_platform: final s1 booting mode = 0
DISPLAY_PATH_SEL[MDNIE 0x1]is on
MDNIE setting Init start!!
vsync interrupt is off
video interrupt is off
[fb0] turn on
MDNIE setting Init end!!
lcd_power_on_ld9040
s6e63m0_c110_spi_read_byte-------------------------: 86
DA lcd ID1 = 86
s6e63m0_c110_spi_read_byte-------------------------: 48
DB lcd ID2 = 48
s6e63m0_c110_spi_read_byte-------------------------: 44
DC lcd ID3 = 44
LCD_ID == 3
Autoboot (0 seconds) in progress, press any key to stop Autoboot aborted..
SBL>
SBL>
SBL>
SBL>
SBL>
SBL>
SBL>
SBL>
SBL>
SBL>
SBL>
SBL Prompt
Code:
SBL> printenv
PARAM Rev 1.3
SERIAL_SPEED : 7
LOAD_RAMDISK : 0
BOOT_DELAY : 0
LCD_LEVEL : 97
SWITCH_SEL : 65
PHONE_DEBUG_ON : 0
LCD_DIM_LEVEL : 0
LCD_DIM_TIME : 6
MELODY_MODE : 1
REBOOT_MODE : 0
NATION_SEL : 0
LANGUAGE_SEL : 0
SET_DEFAULT_PARAM : 0
PARAM_INT_13 : 0
PARAM_INT_14 : 0
VERSION : I9000XXIL
CMDLINE : console=ttySAC2,115200 loglevel=4
DELTA_LOCATION : /mnt/rsv
PARAM_STR_3 :
PARAM_STR_4 :
SBL> setenv SWITCH_SEL 6543
argv[0] : setenv
argv[1] : SWITCH_SEL
argv[2] : 6543
value : 6543
SBL> reboot
command_loop: parse command error! (reboot)
SBL> reset
Rebooting...
SB1
-----------------------------------------------------------
Samsung Primitive Bootloader (PBL) v3.0
Copyright (C) Samsung Electronics Co., Ltd. 2006-2010
-----------------------------------------------------------
+n1stVPN 2688
+nPgsPerBlk 64
PBL found bootable SBL: Partition(3).
MAX8893_REG_ONOFF return val 31
MAX8893_REG_DISCHARGE return val ff
MAX8893_REG_LSTIME return val 8
MAX8893_REG_DVSRAMP return val 9
MAX8893_REG_BUCK return val 2
MAX8893_REG_LDO1 return val e
MAX8893_REG_LDO1 new val e
MAX8893_REG_LDO2 return val 10
MAX8893_REG_LDO2 new val 10
MAX8893_REG_ONOFF return val 31
MAX8893_REG_ONOFF new val 31
MAX8893_REG_ONOFF return val 31
MAX8893_REG_ONOFF new val 31
Set cpu clk. from 400MHz to 800MHz.
OM=0x9, device=OnenandMux(Audi)
IROM e-fused - Non Secure Boot Version.
-----------------------------------------------------------
Samsung Secondary Bootloader (SBL) v3.0
Copyright (C) Samsung Electronics Co., Ltd. 2006-2010
Board Name: ARIES REV 03
Build On: May 19 2011 22:17:14
-----------------------------------------------------------
Re_partition: magic code(0x0)
[PAM: ] ++FSR_PAM_Init
[PAM: ] OneNAND physical base address : 0xb0000000
[PAM: ] OneNAND virtual base address : 0xb0000000
[PAM: ] OneNAND nMID=0xec : nDID=0x50
[PAM: ] --FSR_PAM_Init
fsr_bml_load_partition: pi->nNumOfPartEntry = 12
partitions loading success
board partition information update.. source: 0x0
Now Read Images - ID : 1
.Done.
read 1 units.
==== PARTITION INFORMATION ====
ID : IBL+PBL (0x0)
ATTR : RO SLC (0x1002)
FIRST_UNIT : 0
NO_UNITS : 1
===============================
ID : PIT (0x1)
ATTR : RO SLC (0x1002)
FIRST_UNIT : 1
NO_UNITS : 1
===============================
ID : EFS (0x14)
ATTR : RW STL SLC (0x1101)
FIRST_UNIT : 2
NO_UNITS : 40
===============================
ID : SBL (0x3)
ATTR : RO SLC (0x1002)
FIRST_UNIT : 42
NO_UNITS : 5
===============================
ID : SBL2 (0x4)
ATTR : RO SLC (0x1002)
FIRST_UNIT : 47
NO_UNITS : 5
===============================
ID : PARAM (0x15)
ATTR : RW STL SLC (0x1101)
FIRST_UNIT : 52
NO_UNITS : 20
===============================
ID : KERNEL (0x6)
ATTR : RO SLC (0x1002)
FIRST_UNIT : 72
NO_UNITS : 30
===============================
ID : RECOVERY (0x7)
ATTR : RO SLC (0x1002)
FIRST_UNIT : 102
NO_UNITS : 30
===============================
ID : FACTORYFS (0x16)
ATTR : RW STL SLC (0x1101)
FIRST_UNIT : 132
NO_UNITS : 1146
===============================
ID : DBDATAFS (0x17)
ATTR : RW STL SLC (0x1101)
FIRST_UNIT : 1278
NO_UNITS : 536
===============================
ID : CACHE (0x18)
ATTR : RW STL SLC (0x1101)
FIRST_UNIT : 1814
NO_UNITS : 130
===============================
ID : MODEM (0xb)
ATTR : RO SLC (0x1002)
FIRST_UNIT : 1944
NO_UNITS : 60
===============================
loke_init: j4fs_open success..
load_lfs_parameters valid magic code and version.
reading nps status file is successfully!.
nps status=0x504d4f43
load_debug_level reading debug level from file successfully(0x574f4c44).
init_fuel_gauge: vcell = 3768mV, soc = 48
check_quick_start_condition- Voltage: 3768.75000, Linearized[40/55/70], Capacity: 49
init_fuel_gauge: vcell = 3768mV, soc = 48, rcomp = d01f
reading nps status file is successfully!.
nps status=0x504d4f43
PMIC_IRQ1 = 0x0
PMIC_IRQ2 = 0x0
PMIC_IRQ3 = 0x0
PMIC_IRQ4 = 0x0
PMIC_STATUS1 = 0x40
PMIC_STATUS2 = 0x0
get_debug_level current debug level is 0x574f4c44.
aries_process_platform: Debug Level Low
keypad_scan: key value ----------------->= 0x0
CONFIG_ARIES_REV:48 , CONFIG_ARIES_REV03:48
check_download: micorusb_status1 = 400, key_value = 0
aries_process_platform: final s1 booting mode = 0
DISPLAY_PATH_SEL[MDNIE 0x1]is on
MDNIE setting Init start!!
vsync interrupt is off
video interrupt is off
[fb0] turn on
MDNIE setting Init end!!
lcd_power_on_ld9040
s6e63m0_c110_spi_read_byte-------------------------: 86
DA lcd ID1 = 86
s6e63m0_c110_spi_read_byte-------------------------: 48
DB lcd ID2 = 48
s6e63m0_c110_spi_read_byte-------------------------: 44
DC lcd ID3 = 44
LCD_ID == 3
Autoboot (0 seconds) in progress, press any key to stop
get_debug_level current debug level is 0x574f4c44.
get_debug_level current debug level is 0x574f4c44.
boot_kernel: Debug Level Low
FOTA Check Bit
Read BML page=, NumPgs=
FOTA Check Bit (0xffffffff)
Load Partion idx = (6)
..............................done
Kernel read success from kernel partition no.6, idx.6.
setting param.serialnr=serial number.....
setting param.board_rev=0x30
setting param.cmdline=console=ttySAC2,115200 loglevel=4
Starting kernel at 0x32000000...
0xF8
AST_POWERON
BOOTING COMPLETED
All commands available at SBL Prompt.
Code:
SBL> help
Following commands are supported:
* setenv
* saveenv
* printenv
* help
* reset
* boot
* kernel
* format
* open
* close
* erasepart
* eraseall
* loadkernel
* showpart
* addpart
* delpart
* savepart
* nkernel
* nramdisk
* nandread
* nandwrite
* usb
* mmctest
* keyread
* readadc
* usb_read
* usb_write
* fuelgauge
* pmic_read
* pmic_write
To get commands help, Type "help <command>"
SBL> help setenv
* Help : setenv
* Usage : setenv [name] [value] . .
Modify current environment info on ram
SBL> help saveenv
* Help : saveenv
* Usage : saveenv
Save cuurent environment info to flash
SBL> help printenv
* Help : printenv
* Usage : printenv
Print current environment info on ram
SBL> help reset
* Help : reset
* Usage : reboot
Reboot system
SBL> help boot
* Help : boot
* Usage : boot [kernel options]
Boot Linux with optional kernel options
SBL> help kernel
* Help : kernel
* Usage : kernel hex_adr
Change the Linux kernel base
SBL> help format
* Help : format
* Usage : format
format device
SBL> help open
* Help : open
* Usage : open
open device
SBL> help close
* Help : close
* Usage : close
close device
SBL> help erasepart
* Help : erasepart
* Usage : erasepart partition_id
erase part of units
- ex) erase 0x9(temp partition)
SBL> help eraseall
* Help : eraseall
* Usage : eraseall
erase all units
SBL> help loadkernel
* Help : loadkernel
* Usage : loadkernel
load kernel image
- loadkernel 0x80A00000 from kernel partition
SBL> help showpart
* Help : showpart
* Usage : showpart
show partition information
SBL> help addpart
* Help : addpart
* Usage : addpart <id> <attr> <unit>
add partition information
- ex) addpart 0x(id) 0x1(attr) 0x10(units)
SBL> help delpart
* Help : delpart
* Usage : delpart
delete last partition information
SBL> help savepart
* Help : savepart
* Usage : savepart
save partition information
SBL> help nkernel
* Help : nkernel
* Usage : nkernel command
* Usage : nkernel
read kernel from flash to DDR
SBL> help nramdisk
* Help : nramdisk
* Usage : nramdisk command
* Usage : nramdisk
read ramdisk from flash to DDR
SBL> help nandread
* Help : nandread
* Usage : * Usage : nandread <PARTID> <SIZE>
read partition from flash to SDRAM(0x80000000)
SBL> help nandwrite
* Help : nandwrite
* Usage : * Usage: nandwrite <PARTID> <SIZE>
write partition from SDRAM(0x80000000) to flash
SBL> help usb
* Help : usb
* Usage : usb download command
SBL> help mmctest
* Help : mmctest
* Usage : *Usage : mmctest
SBL> help keyread
* Help : keyread
* Usage : *Usage : keyread
SBL> help readadc
* Help : readadc
* Usage : *Usage : readadc <channel>
SBL> help usb_read
* Help : usb_read
* Usage : usb_read reg
Read the usb ic register
SBL> help usb_write
* Help : usb_write
* Usage : usb_write reg, val
Read the usb ic register
SBL> help fuelgauge
* Help : fuelgauge
* Usage : *usage : fuelgauge
SBL> help pmic_read
* Help : pmic_read
* Usage : pmic_read reg
Read the pmic register
SBL> help pmic_write
* Help : pmic_write
* Usage : pmic_write reg, val
Read the pmic register
SBL> printenv
PARAM Rev 1.3
SERIAL_SPEED : 7
LOAD_RAMDISK : 0
BOOT_DELAY : 0
LCD_LEVEL : 97
SWITCH_SEL : 65
PHONE_DEBUG_ON : 0
LCD_DIM_LEVEL : 0
LCD_DIM_TIME : 6
MELODY_MODE : 1
REBOOT_MODE : 0
NATION_SEL : 0
LANGUAGE_SEL : 0
SET_DEFAULT_PARAM : 0
PARAM_INT_13 : 0
PARAM_INT_14 : 0
VERSION : I9000XXIL
CMDLINE : console=ttySAC2,115200 loglevel=4
DELTA_LOCATION : /mnt/rsv
PARAM_STR_3 :
PARAM_STR_4 :
SBL> showpart
board partition information update.. source: 0x0
Now Read Images - ID : 1
.Done.
read 1 units.
==== PARTITION INFORMATION ====
ID : IBL+PBL (0x0)
ATTR : RO SLC (0x1002)
FIRST_UNIT : 0
NO_UNITS : 1
===============================
ID : PIT (0x1)
ATTR : RO SLC (0x1002)
FIRST_UNIT : 1
NO_UNITS : 1
===============================
ID : EFS (0x14)
ATTR : RW STL SLC (0x1101)
FIRST_UNIT : 2
NO_UNITS : 40
===============================
ID : SBL (0x3)
ATTR : RO SLC (0x1002)
FIRST_UNIT : 42
NO_UNITS : 5
===============================
ID : SBL2 (0x4)
ATTR : RO SLC (0x1002)
FIRST_UNIT : 47
NO_UNITS : 5
===============================
ID : PARAM (0x15)
ATTR : RW STL SLC (0x1101)
FIRST_UNIT : 52
NO_UNITS : 20
===============================
ID : KERNEL (0x6)
ATTR : RO SLC (0x1002)
FIRST_UNIT : 72
NO_UNITS : 30
===============================
ID : RECOVERY (0x7)
ATTR : RO SLC (0x1002)
FIRST_UNIT : 102
NO_UNITS : 30
===============================
ID : FACTORYFS (0x16)
ATTR : RW STL SLC (0x1101)
FIRST_UNIT : 132
NO_UNITS : 1146
===============================
ID : DBDATAFS (0x17)
ATTR : RW STL SLC (0x1101)
FIRST_UNIT : 1278
NO_UNITS : 536
===============================
ID : CACHE (0x18)
ATTR : RW STL SLC (0x1101)
FIRST_UNIT : 1814
NO_UNITS : 130
===============================
ID : MODEM (0xb)
ATTR : RO SLC (0x1002)
FIRST_UNIT : 1944
NO_UNITS : 60
===============================
SBL> mmctest
Enable Movinand
[set_mmc_ocr] Sector Mode
[hsmmc_init] MMC card is detected
Product Name : MAG4FA
<display_card_info:935> ext_csd
<display_card_info:937>card_size: 15264
Total Card Size: 15265 MByte
SBL> keyread
keyread: row(0) col(0) read key value = 0x1
keyread: row(1) col(0) read key value = 0x2
SBL> pmic_read
---------read pmic register : multiple
(0x0 : 0x0), (0x1 : 0x0), (0x2 : 0x0), (0x3 : 0x0),
(0x4 : 0x0), (0x5 : 0xf0), (0x6 : 0x0), (0x7 : 0x0),
(0x8 : 0x40), (0x9 : 0x0), (0xa : 0xff), (0xb : 0xff),
(0xc : 0xa), (0xd : 0x80), (0xe : 0xff), (0xf : 0xff),
(0x10 : 0x3f), (0x11 : 0xef), (0x12 : 0x78), (0x13 : 0x10),
(0x14 : 0xbb), (0x15 : 0x12), (0x16 : 0x12), (0x17 : 0x12),
(0x18 : 0x12), (0x19 : 0xe), (0x1a : 0xe), (0x1b : 0x2),
(0x1c : 0x4), (0x1d : 0x86), (0x1e : 0x11), (0x1f : 0xc),
(0x20 : 0x2), (0x21 : 0x2), (0x22 : 0x30), (0x23 : 0xac),
(0x24 : 0x4), (0x25 : 0x14), (0x26 : 0x6), (0x27 : 0x10),
(0x28 : 0x2), (0x29 : 0xe), (0x2a : 0x31), (0x2b : 0x17),
This is what happens when you go into download mode... this occurs near the end of the SBL.
Code:
SBL> usb
reading nps status file is successfully!.
nps status=0x504d4f43
==> Welcome to ARIES!
==> Entering usb download mode..
DISPLAY_PATH_SEL[MDNIE 0x1]is on
MDNIE setting Init start!!
vsync interrupt is off
video interrupt is off
[fb0] turn on
MDNIE setting Init end!!
lcd_power_on_ld9040
s6e63m0_c110_spi_read_byte-------------------------: 86
DA lcd ID1 = 86
s6e63m0_c110_spi_read_byte-------------------------: 48
DB lcd ID2 = 48
s6e63m0_c110_spi_read_byte-------------------------: 44
DC lcd ID3 = 44
LCD_ID == 3
Really man...have you already taken this thing apart?
Sent from my SGH-I897 using XDA Premium App
and here's the kernel debugging.... in case the kernel locks up during boot and Android will not function correctly, it provides a shell. Authorize ahead of time so that you can use Super User.
The settings in SBL prompt are
Code:
setenv SWITCH_SEL 6543
setenv PHONE_DEBUG_ON 1
saveenv
This can be very useful for kernel devlopers
Code:
Starting kernel at 0x32000000...
Uncompressing Linux...................................................................................................................................................................................
[ 0.000000] copy: bad source 0
[ 0.000000] mout_audss: bad source 0
[ 0.090142] KERNEL:kernel_sec_get_debug_level_from_boot=0x574f4c44
[ 0.094877] KERNEL:magic_number=0x0 DEBUG LEVEL low!!
[ 0.099895] (kernel_sec_set_upload_cause) : upload_cause set 0
[ 5.833835] init: cannot find '/system/etc/install-recovery.sh', disabling 'flash_recovery'
sh: can't access tty; job control turned off
$ [ 11.433364] init: no such service 'bootanim'
[ 24.851663] init: sys_prop: permission denied uid:1000 name:wifi.interface
[ 35.227503] init: no such service 'bootanim'
[ 38.484304] init: sys_prop: permission denied uid:1000 name:dpm.allowcamera
su
sh: can't access tty; job control turned off
# dmesg|tail
<4>[ 47.443068] [email protected]
<4>[ 51.363390] mook - wm8994 TTY Off
<4>[ 51.666438] eth0: SIOCSIWSCAN : ISCAN
<4>[ 51.667822] +++: Set Broadcast ISCAN
<4>[ 53.013468] [email protected]
<4>[ 54.447852] Send Event ISCAN complete
<4>[ 54.448053] eth0 wl_iw_iscan_get_scan buflen_from_user 8192:
<4>[ 54.448067] eth0: SIOCGIWSCAN GET broadcast results
<4>[ 54.448111] wl_iw_iscan_get_scan return to WE 803 bytes APs=3
<4>[ 84.445803] wl_iw_set_ss_cache_timer_flag called
#
Looks like samsung has an autorun to reflash the recovery partition at /system/etc/install-recovery.sh
bulletproof1013 said:
Really man...have you already taken this thing apart?
Sent from my SGH-I897 using XDA Premium App
Click to expand...
Click to collapse
No, and I don't plan on it unless I have a problem that requires me to take it apart. Apparently this phone does not have bricking problems with people porting bootloaders from other devices.
I can see this being very handy indeed. Running kernels blind, having to get to at least ADB is a real pain. At least we now know this method works for the Infuse.
No bricking problems? Really?
Sent from my SGH-I897 using XDA Premium App
AdamOutler said:
No, and I don't plan on it unless I have a problem that requires me to take it apart. Apparently this phone does not have bricking problems with people porting bootloaders from other devices.
Click to expand...
Click to collapse
No bricking problems b/c we can't flash bootloaders haha. Well actually there is a way, but the only person to try said way bricked.
That's because the bootloaders are lock. well not motorola lock. I've read some where in the Galaxy tab 10.1 forum that Samsung had to lock the bootloaders because of copyright issues with media hub. if thats true Roger infuse don't offer media hub and the bootloaders for that phone are not lock. we got an update for the tab 10.1 that lock the bootloaders and the tab offer media hub could be true since Samsung are not known for locking them. I could be wrong.
Sent from my SAMSUNG-SGH-I997 using XDA Premium App
gtg465x said:
No bricking problems b/c we can't flash bootloaders haha. Well actually there is a way, but the only person to try said way bricked.
Click to expand...
Click to collapse
*raises hand* hehe
But I'm wondering if accessing the phone via UART would work with a device that's hardbricked as bad as that was? Too late to test now, it's already in the mail. ... unless I were to try flashing bootloaders like we did before? hehe
Aou said:
*raises hand* hehe
But I'm wondering if accessing the phone via UART would work with a device that's hardbricked as bad as that was? Too late to test now, it's already in the mail. ... unless I were to try flashing bootloaders like we did before? hehe
Click to expand...
Click to collapse
I have JTAG capabilities if you want to test.
You can get into download mode as long as you have SBL.
I've worked on and developed a way to turn Captivate into KIT-S5PC110 (the aeries development platform)... http://forum.xda-developers.com/showthread.php?t=1206216 It may be possible on this device.... I'm still working on my captivate.
AdamOutler said:
I have JTAG capabilities if you want to test.
You can get into download mode as long as you have SBL.
I've worked on and developed a way to turn Captivate into KIT-S5PC110 (the aeries development platform)... http://forum.xda-developers.com/showthread.php?t=1206216 It may be possible on this device.... I'm still working on my captivate.
Click to expand...
Click to collapse
Thanks, but the dead phone is gone and in the mail. I'd rather not void a warranty on this device by using JTAG. That device would not even go to download mode when using a JIG. Even the battery charging screen was gone. It was a hard brick.
AdamOutler said:
I have JTAG capabilities if you want to test.
You can get into download mode as long as you have SBL.
I've worked on and developed a way to turn Captivate into KIT-S5PC110 (the aeries development platform)... http://forum.xda-developers.com/showthread.php?t=1206216 It may be possible on this device.... I'm still working on my captivate.
Click to expand...
Click to collapse
Since you have JTAG capabilities there should be no risk of bricking. Maybe you can experiment with bootloader flashing on this phone. I can link you to gb bootloaders and custom bmlwriter flashing program if you're interested.
gtg465x said:
Since you have JTAG capabilities there should be no risk of bricking. Maybe you can experiment with bootloader flashing on this phone. I can link you to gb bootloaders and custom bmlwriter flashing program if you're interested.
Click to expand...
Click to collapse
Did you ever get a copy of BML5 from a Rogers device?
Aou said:
Did you ever get a copy of BML5 from a Rogers device?
Click to expand...
Click to collapse
Yes, but there's a bit of a problem with that. The dump of bml5 was blank. We aren't entirely sure what's going on with our bootloaders, thus the need for someone with a JTAG to test crazy ass shiz.
edit: Although it's not a pressing issue now that we have a kernel workaround for no GB bootloaders.
gtg465x said:
Since you have JTAG capabilities there should be no risk of bricking. Maybe you can experiment with bootloader flashing on this phone. I can link you to gb bootloaders and custom bmlwriter flashing program if you're interested.
Click to expand...
Click to collapse
I just gave you 1001 thanks! lol.
Just because you have a JTAG writer does not mean it's easy to JTAG a device. I would test with bootloaders if something required it, however it's not a good idea to go flashing random bootloaders ever... Only if required.
The proper way is to rework the kernel like you did.
Well, thanks to your original post, I was able to get something from the UART on my Infuse. Unfortunately, it's all garbage. Are you using a standard RS-232 connection, or TTL 5v connection? If using TTL 5v, would it be possible to use a TTL 3.3v? This is what I'm getting in putty:
½^ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZÚ¯¿¿¿Y=%#1¿_¿{!!'!=7/¿¯y*¿Y=%#1¿u'59¿y!£§¿g7£¿¥ë奥¥¥¥¥¥¥¥¥¥¥¥¥¥¥¥¥¥¥¥¥¥¥¥¥¥¥¥¥¥¥¥¥¥¥¥¥¥¥¥¥¥¥¥¥¥¥¥¥¥¥¥¥¥¥¥¥¥ëåëåj¤t4õ5ý¿¿¿¿¿¿¿ëåj¤Ê_5')¿¿¿¿¿ëåµ--!#¯*£ëåßg
(repeats). I get a whole new set of garbage when I put int he battery. It all looks like your video on youtube with the captivate, but it's just all garbage. I tracked down another forum post where you were getting garbage also, but then never posted the resolution.
Any help would be awesome. Thanks!
gtg465x said:
Since you have JTAG capabilities there should be no risk of bricking. Maybe you can experiment with bootloader flashing on this phone. I can link you to gb bootloaders and custom bmlwriter flashing program if you're interested.
Click to expand...
Click to collapse
I don't think he's got JTAG capabilities on the phone yet, and probably won't until he REALLY needs them.
Getting JTAG capability requires soldering a connector to the board permanently or semi-permanently, or soldering individual wires to the board only for the flash process. No one has been able to figure out any compression-spring/pogo-pin contact approach, the connector pad pitch is just too damn small.
Otherwise I'd probably have JTAG capability too. If not for the connector issue I'd be experimenting with a Bus Blaster v2.
Entropy512 said:
I don't think he's got JTAG capabilities on the phone yet, and probably won't until he REALLY needs them.
Getting JTAG capability requires soldering a connector to the board permanently or semi-permanently, or soldering individual wires to the board only for the flash process. No one has been able to figure out any compression-spring/pogo-pin contact approach, the connector pad pitch is just too damn small.
Otherwise I'd probably have JTAG capability too. If not for the connector issue I'd be experimenting with a Bus Blaster v2.
Click to expand...
Click to collapse
I can put the connector on.. assuming its 12 pin plus 4 mounting pads? I have them in stock. Its not a problem for me to solder them. I can do it.
Does anyone have some tech porn of this board, or disassembly instructions?
I'm here to recruit help from XDA-Developers for open-source development. I can offer UnBrickable Mod to any Developer who thinks they can help with this C++ issue. This will allow you to play with Loki (the device's side of Odin/Heimdall) and not worry about it.
The only thing keeping the Linux and Mac platforms from being better then Windows at developing ROMs and other firmware is Heimdall's ability to repartition. Once this barrier is broken down, we will have an entire open source chain for developing and Linux will be the premeire platform for developing on Samsung devices. There will be no reason to use Closed Source Windows, Odin, or Samsung Drivers... This is the last barrier.
I am offering debug logs which show the UART output during the flashing of Heimdall and Odin.
here are Heimdall logs/uart logs: http://pastebin.com/srhG7yJA
here are Odin Uart Logs: http://pastebin.com/AiKspmxR UART coming soon.
Here are both Heimdall and Odin USB logs via Wireshark.
http://www.mediafire.com/file/2wccdcuf87q2i3l/odinheimdallUSBLog.zip
Benjamin Dobell has set up code for Heimdall here: https://github.com/Benjamin-Dobell/Heimdall/
This is not a bounty thread. It is an open source development/improvement thread. I have spoken to Benjamin Dobell, the creator of Heimdall, and he is too busy with a new job and working loads of overtime hours. He has approved of this action. Fixing this issue with Heimdall will allow the entire Samsung community to utilize Heimdall as a total replacement for Odin on all platforms.
What's my role/interest in this? I want Linux to be as good or better then Windows.. I'm an Open Source guy. I'm also not good at C++ programming language. I understand the headers, but not the CPP files. I can provide debugging and beta testing though. I've created the cross-platform Heimdall One-Click . I brought UnBrickable Mod to the Captivate and the only thing left in the entire open-source chain of software from complete destruction of data on the device to completely stock is getting Heimdall to repartition.
Once this final hurdle in Heimdall is completed, we've got a full open-source stack of cross-platform, community-based software by XDA-Developers for XDA-Developers and users. Open-Source software will be able to provide more then closed source software, and once again XDA-Developers will prove that we can do things better then the Manufacturers.
There is an issue tracking system here: https://github.com/Benjamin-Dobell/Heimdall/issues
I believe the underlying cause of all 3 of the existing issues in the Heimdall Repostiory lies with Heimdall's ability to repartition.
issue 21: "Failed to confirm end of file transfer sequence!" signifies that the information sent overran the partition area and therefore it never responded that the end was confirmed.
Issue 19: "Could not find end of file or end of file transfer, something similar." Likely the same as issue 21.
Issue 14: "Expected file part index" again, dealing with partition tables. "ERROR: Expected file part index: 0 Received: 1"
I believe all three of these issues could be worked into a single "Heimdall Repartitioning" issue for the reasons stated above.
I got some experience in C++ and Java...
once I get home ill take a look at the heimdall source, and give it a shot.
Smasher816 said:
I got some experience in C++ and Java...
once I get home ill take a look at the heimdall source, and give it a shot.
Click to expand...
Click to collapse
Hey great.. I have a special test setup with UART output.
First I totally thrashed my partition table by uploading the Bada OS SBL.. This SBL rewites partition tables. Then I used the HIBL to unbrick my phone and load a proper SBL. This is the UART during booting up to "Download Mode".
Code:
-------------------------------------------------------------
Hummingbird Interceptor Boot Loader (HIBL) v1.0
Copyright (C) Rebellos 2011
-------------------------------------------------------------
Calling IBL Stage2 ...OK
Testing DRAM1 ...OK
iRAM reinit ...OK
cleaning OTG context ...OK
Chain of Trust has been successfully compromised.
Begin unsecure download now...
0x00000000BL3 EP: 0x40244000
Download complete, hold download mode key combination.
Starting BL3 in...
Set cpu clk. from 400MHz to 800MHz.
IROM e-fused - Non Secure Boot Version.
-----------------------------------------------------------
Samsung Secondary Bootloader (SBL) v3.0
Copyright (C) Samsung Electronics Co., Modified by Rebell
Build On: Jun 8 2011 21:44:47
-----------------------------------------------------------
Re_partition: magic code(0xffffffff)
[PAM: ] ++FSR_PAM_Init
[PAM: ] OneNAND physical base address : 0xb0000000
[PAM: ] OneNAND virtual base address : 0xb0000000
[PAM: ] OneNAND nMID=0xec : nDID=0x50
[PAM: ] --FSR_PAM_Init
fsr_bml_load_partition: pi->nNumOfPartEntry = 7
partitions loading success
board partition information update.. source: 0x0
.Done.
read 1 units.
==== PARTITION INFORMATION ====
ID : *unknown id* (0x9)
ATTR : RO SLC (0x1002)
FIRST_UNIT : 0
NO_UNITS : 1
===============================
ID : *unknown id* (0x0)
ATTR : RO SLC (0x1002)
FIRST_UNIT : 1
NO_UNITS : 7
===============================
ID : *unknown id* (0x1)
ATTR : RW SLC (0x1001)
FIRST_UNIT : 8
NO_UNITS : 796
===============================
ID : *unknown id* (0x14)
ATTR : RW STL SLC (0x1101)
FIRST_UNIT : 804
NO_UNITS : 716
===============================
ID : *unknown id* (0x15)
ATTR : RW STL SLC (0x1101)
FIRST_UNIT : 1520
NO_UNITS : 372
===============================
ID : *unknown id* (0x17)
ATTR : RW STL SLC (0x1101)
FIRST_UNIT : 1892
NO_UNITS : 56
===============================
ID : *unknown id* (0x18)
ATTR : RW SLC (0x1001)
FIRST_UNIT : 1948
NO_UNITS : 56
===============================
FlashDevOpen 232: Error(nErr=0x80000002)
j4fs_open 136: Error(nErr=0x40000000)
loke_init: j4fs_open failed..
init_fuel_gauge: vcell = 4051mV, soc = 82
check_quick_start_condition_with_charger- Voltage: 4051.25000, Linearized[55/70/85], Capacity: 85
init_fuel_gauge: vcell = 4051mV, soc = 82, rcomp = d01f
FlashDevRead 63: Error(offset,length,j4fs_end,nErr)=(0x40000,0x1000,0xffffffff,0x80040001)
nps status file does not exist..
nps status is incorrect!! set default status.(completed)
nps status=0x504d4f43
PMIC_IRQ1 = 0x3c
PMIC_IRQ2 = 0x0
PMIC_IRQ3 = 0x0
PMIC_IRQ4 = 0x0
PMIC_STATUS1 = 0x40
PMIC_STATUS2 = 0x2c
get_debug_level current debug level is 0x0.
get_debug_level current debug level is 0x0.
get_debug_level current debug level is 0x0.
aries_process_platform: Debug Level Invalid
keypad_scan: key value ----------------->= 0x0
CONFIG_ARIES_REV:48 , CONFIG_ARIES_REV03:48
FlashDevRead 63: Error(offset,length,j4fs_end,nErr)=(0x40000,0x1000,0xffffffff,0x80040001)
nps status file does not exist..
nps status is incorrect!! set default status.(completed)
nps status=0x504d4f43
==> Welcome to ARIES!
==> Entering usb download mode..
DISPLAY_PATH_SEL[MDNIE 0x1]is on
MDNIE setting Init start!!
vsync interrupt is off
video interrupt is off
[fb0] turn on
MDNIE setting Init end!!
Error : Current Mode is Host
EP2: 0, 2, 0; len=7
EP2: 0, 2, 0; len=7
sug: IN EP asserted
I gave the command in Heimdall to repartition and flash the boot.bin to partition 1.
Code:
heimdall flash --repartition --pit ./part.pit --1 ./boot.bin
At this point it should have downloaded the partition, saved it, and then heimdall should request the partition back and use that as its guide.
The boot.bin is only 1 block long so this log is short.
Code:
- Odin is connected!
FlashDevRead 63: Error(offset,length,j4fs_end,nErr)=(0x40000,0x1000,0xffffffff,0x80040001)
j4fs_write_file_bootloader 192: Error(nErr=0x40000000)
process_packet: request id(100), data id(0)
process_rqt_init: platform number(0x0), revision(0x0)
process_packet: request id(100), data id(1)
process_packet: request id(100), data id(2)
process_packet: request id(103), data id(0)
process_rqt_close: xmit completed!
FlashDevRead 63: Error(offset,length,j4fs_end,nErr)=(0x40000,0x1000,0xffffffff,0x80040001)
j4fs_write_file_bootloader 192: Error(nErr=0x40000000)
process_packet: request id(103), data id(1)
process_rqt_close: target reset!
ARIES MAGIC_ADDR=0x0 / INFORM5=0x12345678
and this is the log from Heimdall
Code:
Initialising connection...
Detecting device...
Claiming interface...
Attempt failed. Detaching driver...
Claiming interface again...
Setting up interface...
Beginning session...
Handshaking with Loke...
Ending session...
Rebooting device...
Re-attaching kernel driver...
At this point the device "resets" and attempts to boot from the bootloader.
If you need any testing let me know. I can compile source, I can get UART logs. I can repartition the heck out of this device as it is UnBrickable and my test phone.
I believe the device uses the SBL> prompt when it is in download mode.. You can see from this UART log that the device attempted to "saveenv" but it could not. http://code.google.com/p/badadroid/...ompare_logs/SBL_mode_help.txt?spec=svn61&r=57
It also returned the same "FlashDevRead 63 error)
The final action the device needs to do is "savepart" if the partition tables were saved after the pit were uploaded then it would be good to go. There are several other commands as well.. "addpart" and "removepart".. If it comes to using this, let me know. I've worked with Benjamin Dobell's libpit before and I can help out greatly with repartitioning as I've worked extensively in the SBL prompt.
I'm not sure how the Download Mode works exactly, but if it uses the SBL prompt, then I can write pseudocode of how it should work.
This probably isn't going to help much, but it may be a start.
I figured the best way to solve this would be to find the differences between a successful Odin flash and an unsuccessful Heimdall flash. So I delved right in to the wireshark dumps. It seems likely that Heimdall is missing a step.
I do not understand the protocol (yet), but I can see the raw data in the stream. In the Heimdall process, there is some protocol traffic, then the entire PIT file is sent, then some more protocol traffic, then the kernel data is sent. But in the Odin process, there is some protocol traffic, then the entire PIT file is sent, then some more protocol traffic, then the PIT file is sent again in 512 byte chunks, then some protocol traffic (more than usual), and then the kernel data is sent.
At the moment, I can't be sure if this is functionally equivalent or not. I'll need to do quite a bit of deciphering on the protocol to get up to speed on what's really going on. Unfortunately, this is the sort of thing that's easiest if one can watch the action in real time, but as I only have my one phone that I need for work, that's not really an option for me at this time.
Hopefully, I'll return with more info after I've absorbed the communication layer details to see what the non-data chatter actually is.
Could that extra protocol data possibly be Odin commanding delete partitions and add partitions? I'm hypothesizing... nothing more. I see some similarities to the UART logs during SBL> prompt and Odin, so I'm thinking that maybe the SBL prompt is used, or at least some of the methods... In this thread you can see all of the SBL commands http://forum.xda-developers.com/showthread.php?t=1209288
Sure it's from an Infuse, but they're all based on i9000 which is like the mother of our entire generation of devices. The SBLs are interchangeable with different entry points for each "version".
AdamOutler said:
Could that extra protocol data possibly be Odin commanding delete partitions and add partitions? I'm hypothesizing... nothing more. I see some similarities to the UART logs during SBL> prompt and Odin, so I'm thinking that maybe the SBL prompt is used, or at least some of the methods... In this thread you can see all of the SBL commands http://forum.xda-developers.com/showthread.php?t=1209288
Sure it's from an Infuse, but they're all based on i9000 which is like the mother of our entire generation of devices. The SBLs are interchangeable with different entry points for each "version".
Click to expand...
Click to collapse
I have a feeling that it is using the SBL prompt somehow after the flash because everything else seems pretty much identical (besides the timing). If anyone needs to understand the protocol then I recommend just looking at Heimdall's source code, in particular the packet header files store all the constants that are sent and received over USB.
Found the problem - the End Transfer packet is missing. There is also some additional strangeness, though.
Heimdall:
Packet 1: 65 00 00 00 (Init pit transfer)
Packet 2: 65 00 00 00 02 00 00 00 D0 06 00 00 (Want to send 1744 bytes)
Packet 3: [full contents of pit]
Packet 4: 66 00 00 00 (Init file transfer - probably starting the kernel send)
Odin:
Packet 1: 65 00 00 00 (Init pit transfer)
Packet 2: 65 00 00 00 02 00 00 00 D0 06 00 00 (Want to send 1744 bytes)
Packet 3: [full contents of pit]
Packet 4: 65 00 00 00 03 00 00 00 D0 06 00 00 (Finished sending 1744 bytes)
The odd part is what odin does next, after the "finished sending":
Packet 5: 65 00 00 00 01 00 00 00 (Dump pit file)
Packet 6: 65 00 00 00 02 00 00 00 00 00 00 00 (Sending chunk 0)
Packet 7: [first 512 bytes of pit]
Packet 8: 65 00 00 00 02 00 00 00 01 00 00 00 (Sending chunk 1)
Packet 9: [next 512 bytes of pit]
Packet 10: 65 00 00 00 02 00 00 00 02 00 00 00 (Sending chunk 2)
Packet 11: [next 512 bytes of pit]
Packet 12: 65 00 00 00 02 00 00 00 03 00 00 00 (Sending chunk 3)
Packet 13: [next 512 bytes of pit]
- repeat for 8 chunks - data past the end of the actual pit file is sent as zeroes -
Packet 22: 65 00 00 00 03 00 00 00 (Done)
Packet 23: 66 00 00 00 (Init file transfer - probably kernel)
I couldn't begin to tell you why any of this exists at all, but my strong suspicion is that duplicating the Odin behavior will make Heimdall work properly.
So, Adam, the first thing I would try would be to simply add the "finished sending" packet. Try recompiling with this replacement for BridgeManager.cpp and this additional file EndPitFilePacket.h in the project.
psych0phobia said:
So, Adam, the first thing I would try would be to simply add the "finished sending" packet. Try recompiling with this replacement for BridgeManager.cpp and this additional file EndPitFilePacket.h in the project.
Click to expand...
Click to collapse
That did it! Problem solved!
1.I uploaded the Bada bootloaders to my device in order to totally destroy my partition tables.
2.I tried to flash with heimdall 1.3 and it did not work to restore
3.I compiled and installed the new 1.3modified version
4.I flashed with heimdall 1.3modified and it worked
to be sure I repeated the Bada bootloaders once again. The only thing wrong with my device now is that it has no /efs/ partition... which is understandable because bada turned the OneNAND into it's *****.
Great job psych0phobia If you need anything from me just let me know. I mean anything ...
Let me know when you can spare your device so I can modify it. Please push this change upstream.
Here's the UART log
Code:
[���������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������
Uart negotiation Error
-------------------------------------------------------------
Hummingbird Interceptor Boot Loader (HIBL) v1.0
Copyright (C) Rebellos 2011
-------------------------------------------------------------
Calling IBL Stage2 ...OK
Testing DRAM1 ...OK
iRAM reinit ...OK
cleaning OTG context ...OK
Chain of Trust has been successfully compromised.
Begin unsecure download now...
0x00000000BL3 EP: 0x40244000
Download complete, hold download mode key combination.
Starting BL3 in...
Set cpu clk. from 400MHz to 800MHz.
IROM e-fused - Non Secure Boot Version.
-----------------------------------------------------------
Samsung Secondary Bootloader (SBL) v3.0
Copyright (C) Samsung Electronics Co., Modified by Rebell
Build On: Jun 8 2011 21:44:47
-----------------------------------------------------------
Re_partition: magic code(0x0)
[PAM: ] ++FSR_PAM_Init
[PAM: ] OneNAND physical base address : 0xb0000000
[PAM: ] OneNAND virtual base address : 0xb0000000
[PAM: ] OneNAND nMID=0xec : nDID=0x50
[PAM: ] --FSR_PAM_Init
fsr_bml_load_partition: pi->nNumOfPartEntry = 12
partitions loading success
board partition information update.. source: 0x0
.Done.
read 1 units.
==== PARTITION INFORMATION ====
ID : IBL+PBL (0x0)
ATTR : RO SLC (0x1002)
FIRST_UNIT : 0
NO_UNITS : 1
===============================
ID : PIT (0x1)
ATTR : RO SLC (0x1002)
FIRST_UNIT : 1
NO_UNITS : 1
===============================
ID : EFS (0x14)
ATTR : RW STL SLC (0x1101)
FIRST_UNIT : 2
NO_UNITS : 40
===============================
ID : SBL (0x3)
ATTR : RO SLC (0x1002)
FIRST_UNIT : 42
NO_UNITS : 5
===============================
ID : SBL2 (0x4)
ATTR : RO SLC (0x1002)
FIRST_UNIT : 47
NO_UNITS : 5
===============================
ID : PARAM (0x15)
ATTR : RW STL SLC (0x1101)
FIRST_UNIT : 52
NO_UNITS : 20
===============================
ID : KERNEL (0x6)
ATTR : RO SLC (0x1002)
FIRST_UNIT : 72
NO_UNITS : 30
===============================
ID : RECOVERY (0x7)
ATTR : RO SLC (0x1002)
FIRST_UNIT : 102
NO_UNITS : 30
===============================
ID : FACTORYFS (0x16)
ATTR : RW STL SLC (0x1101)
FIRST_UNIT : 132
NO_UNITS : 1146
===============================
ID : DBDATAFS (0x17)
ATTR : RW STL SLC (0x1101)
FIRST_UNIT : 1278
NO_UNITS : 536
===============================
ID : CACHE (0x18)
ATTR : RW STL SLC (0x1101)
FIRST_UNIT : 1814
NO_UNITS : 140
===============================
ID : MODEM (0xb)
ATTR : RO SLC (0x1002)
FIRST_UNIT : 1954
NO_UNITS : 50
===============================
loke_init: j4fs_open success..
load_lfs_parameters valid magic code and version.
reading nps status file is successfully!.
nps status=0x504d4f43
load_debug_level reading debug level from file successfully(0x574f4c44).
init_fuel_gauge: vcell = 4192mV, soc = 90
check_quick_start_condition_with_charger- Voltage: 4192.50000, Linearized[77/92/100], Capacity: 94
init_fuel_gauge: vcell = 4192mV, soc = 90, rcomp = d01f
reading nps status file is successfully!.
nps status=0x504d4f43
PMIC_IRQ1 = 0x28
PMIC_IRQ2 = 0x0
PMIC_IRQ3 = 0x0
PMIC_IRQ4 = 0x0
PMIC_STATUS1 = 0x40
PMIC_STATUS2 = 0x2c
get_debug_level current debug level is 0x574f4c44.
aries_process_platform: Debug Level Low
keypad_scan: key value ----------------->= 0x0
CONFIG_ARIES_REV:48 , CONFIG_ARIES_REV03:48
reading nps status file is successfully!.
nps status=0x504d4f43
==> Welcome to ARIES!
==> Entering usb download mode..
DISPLAY_PATH_SEL[MDNIE 0x1]is on
MDNIE setting Init start!!
vsync interrupt is off
video interrupt is off
[fb0] turn on
MDNIE setting Init end!!
Error : Current Mode is Host
EP2: 0, 2, 0; len=7
EP2: 0, 2, 0; len=7
sug: IN EP asserted
- Odin is connected!
set_nps_update_start: set nps start flag successfully.
process_packet: request id(100), data id(0)
process_rqt_init: platform number(0x0), revision(0x0)
process_packet: request id(100), data id(1)
process_packet: request id(100), data id(2)
process_packet: request id(101), data id(0)
process_packet: request id(101), data id(2)
process_packet: request id(101), data id(3)
[FNW: ] STL read to partition ID: 20
Done.
read 25 units.
partition_backup: efs. meta data=3(units), real size=6553600
.....Done.
read 5 units.
partition_backup: sbl. buf=0x46e00000, size=1310720(bytes)
.....Done.
read 5 units.
partition_backup: sbl2. buf=0x46f40000, size=1310720(bytes)
fsr_bml_format_device start
set_dynamic_partition: pit magic code=0x12349876
bbm format success
bbm_erase_all: step 1. Start unit=1, End unit=2.
.
bbm_erase_all: step 1. Start unit=52, End unit=2004.
..............................................................................................................................................................................................................................................
bbm eraseall success.
fsr_bml_load_partition: pi->nNumOfPartEntry = 12
partitions loading success
Erasing: 1 to 2
.
bbm erase part success
.Done.
Written 1 units.
current percent: 0 (1/1110)
board partition information update.. source: 0x403ee838
Erasing: 2 to 42
........................................
bbm erase part success
[FNW: ] STL formatted (partition ID: 20)
[FNW:INF] nVol : 0, partition_id : 20, stSTLInfo.nTotalLogScts : 12800, buf :0x46400000
TotalLogSct : 12800, size : 6553600
Done.
Written 25 units.
current percent: 2 (26/1110)
Erasing: 42 to 47
.....
bbm erase part success
.....Done.
Written 5 units.
current percent: 2 (31/1110)
Erasing: 47 to 52
.....
bbm erase part success
.....Done.
Written 5 units.
current percent: 3 (36/1110)
process_packet: request id(102), data id(0)
process_packet: request id(102), data id(2)
process_packet: request id(102), data id(3)
process_rqt_xmit: size(5445016), id(6), final(1)
Save Image (KERNEL) to flash ......
Erasing: 72 to 102
..............................
bbm erase part success
.....................Done.
Written 21 units.
current percent: 5 (57/1110)
current write_count=1
process_packet: request id(102), data id(0)
process_packet: request id(102), data id(2)
process_packet: request id(102), data id(3)
process_rqt_xmit: size(12582912), efs_clear(0), boot_update(0), final(1)
xmit_complete_phone: cp partition found!(11)
Save Image (MODEM) to flash ......
Erasing: 1954 to 2004
..................................................
bbm erase part success
................................................Done.
Written 48 units.
current percent: 9 (105/1110)
current write_count=1
process_packet: request id(102), data id(0)
process_packet: request id(102), data id(2)
process_packet: request id(102), data id(3)
process_rqt_xmit: size(104857600), id(22), final(0)
Save Image (FACTORYFS) to flash ......
Erasing: 132 to 1278
..............................................................................................................................................................................................................................................
bbm erase part success
[FNW: ] STL formatted (partition ID: 22)
[FNW:INF] nVol : 0, partition_id : 22, stSTLInfo.nTotalLogScts : 569344, buf :0x46400000
TotalLogSct : 204800, size : 104857600
Done.
Written 394 units.
current percent: 45 (505/1110)
current write_count=1
process_packet: request id(102), data id(2)
process_packet: request id(102), data id(3)
process_rqt_xmit: size(104857600), id(22), final(0)
Save Image (FACTORYFS) to flash ......
[FNW:INF] nVol : 0, partition_id : 22, stSTLInfo.nTotalLogScts : 569344, buf :0x46400000
TotalLogSct : 204800, size : 104857600
Done.
Written 394 units.
current percent: 81 (905/1110)
current write_count=2
process_packet: request id(102), data id(2)
process_packet: request id(102), data id(3)
process_rqt_xmit: size(58163200), id(22), final(1)
Save Image (FACTORYFS) to flash ......
[FNW:INF] nVol : 0, partition_id : 22, stSTLInfo.nTotalLogScts : 569344, buf :0x46400000
TotalLogSct : 113600, size : 58163200
Done.
Written 219 units.
current percent: 101 (1127/1110)
current write_count=3
process_packet: request id(102), data id(0)
process_packet: request id(102), data id(2)
process_packet: request id(102), data id(3)
process_rqt_xmit: size(1376256), id(23), final(1)
Save Image (DBDATAFS) to flash ......
Erasing: 1278 to 1814
..............................................................................................................................................................................................................................................
bbm erase part success
[FNW: ] STL formatted (partition ID: 23)
[FNW:INF] nVol : 0, partition_id : 23, stSTLInfo.nTotalLogScts : 263168, buf :0x46400000
TotalLogSct : 2688, size : 1376256
Done.
Written 6 units.
current percent: 102 (1133/1110)
current write_count=1
process_packet: request id(102), data id(0)
process_packet: request id(102), data id(2)
process_packet: request id(102), data id(3)
process_rqt_xmit: size(1245184), id(24), final(1)
Save Image (CACHE) to flash ......
Erasing: 1814 to 1954
............................................................................................................................................
bbm erase part success
[FNW: ] STL formatted (partition ID: 24)
[FNW:INF] nVol : 0, partition_id : 24, stSTLInfo.nTotalLogScts : 64000, buf :0x46400000
TotalLogSct : 2432, size : 1245184
Done.
Written 5 units.
current percent: 102 (1138/1110)
current write_count=1
save param.blk, size: 5268
FlashDevRead 63: Error(offset,length,j4fs_end,nErr)=(0x40000,0x1000,0xfffff,0x80040001)
j4fs_write_file_bootloader 192: Error(nErr=0x40000000)
process_packet: request id(102), data id(0)
process_packet: request id(102), data id(2)
process_packet: request id(102), data id(3)
process_rqt_xmit: size(262144), id(0), final(1)
Save Image (IBL+PBL) to flash ......
binary version: EVT1.
boot.bin is the one-binary.
relocate & fusing continue..
completed.
Erasing: 0 to 1
.
bbm erase part success
.Done.
Written 1 units.
current percent: 102 (1139/1110)
current write_count=1
process_packet: request id(102), data id(0)
process_packet: request id(102), data id(2)
process_packet: request id(102), data id(3)
process_rqt_xmit: size(1310720), id(3), final(1)
Save Image (SBL) to flash ......
=== SBL signature information ===
File Size : 677052
=================================
read part info
id = 0x3
attr = 0x1002
first unin = 0x2a
number units = 0x5
pages per unit = 0x40
n1st page = 0xa80, page offset = 0x13f, len = 0x48
read part info
id = 0x4
attr = 0x1002
first unin = 0x2f
number units = 0x5
pages per unit = 0x40
n1st page = 0xbc0, page offset = 0x13f, len = 0x48
Found bootable SBL ID: 4
save SBL partition id: 3
Erasing: 42 to 47
.....
bbm erase part success
.....Done.
Written 5 units.
current percent: 103 (1144/1110)
current write_count=1
save sbl id: 3 / erase sbl id: 4
.
process_packet: request id(102), data id(0)
process_packet: request id(102), data id(2)
process_packet: request id(102), data id(3)
process_rqt_xmit: size(872448), id(21), final(1)
Save Image (PARAM) to flash ......
FlashDevClose 262: Error(nErr=0x80040001)
Erasing: 52 to 72
....................
bbm erase part success
[FNW: ] STL formatted (partition ID: 21)
[FNW:INF] nVol : 0, partition_id : 21, stSTLInfo.nTotalLogScts : 2560, buf :0x46400000
TotalLogSct : 1704, size : 872448
Done.
Written 4 units.
current percent: 103 (1148/1110)
current write_count=1
set_nps_update_start: set nps start flag successfully.
process_packet: request id(103), data id(0)
process_rqt_close: xmit completed!
set_nps_update_completed: set nps completed flag successfully.
process_packet: request id(103), data id(1)
process_rqt_close: target reset!
ARIES MAGIC_ADDR=0x0 / INFORM5=0x12345678
1
-----------------------------------------------------------
Samsung Primitive Bootloader (PBL) v3.0
Copyright (C) Samsung Electronics Co., Ltd. 2006-2010
-----------------------------------------------------------
+n1stVPN 2688
+nPgsPerBlk 64
PBL found bootable SBL: Partition(3).
Set cpu clk. from 400MHz to 800MHz.
IROM e-fused - Non Secure Boot Version.
-----------------------------------------------------------
Samsung Secondary Bootloader (SBL) v3.0
Copyright (C) Samsung Electronics Co., Ltd. 2006-2010
Board Name: ARIES REV 03
Build On: Jun 8 2011 21:44:47
-----------------------------------------------------------
Re_partition: magic code(0x0)
[PAM: ] ++FSR_PAM_Init
[PAM: ] OneNAND physical base address : 0xb0000000
[PAM: ] OneNAND virtual base address : 0xb0000000
[PAM: ] OneNAND nMID=0xec : nDID=0x50
[PAM: ] --FSR_PAM_Init
fsr_bml_load_partition: pi->nNumOfPartEntry = 12
......... everything after this is standard data... just included this far to show it booted.
Everything worked..
Would you like WireShark to verify things?
As far as logging, the only thing I could see is this:
Code:
FlashDevRead 63: Error(offset,length,j4fs_end,nErr)=(0x40000,0x1000,0xfffff,0x80040001)
j4fs_write_file_bootloader 192: Error(nErr=0x40000000)
which means it tried to read some garbage from the OneNAND and failed.
AdamOutler said:
That did it! Problem solved!
1.I uploaded the Bada bootloaders to my device in order to totally destroy my partition tables.
2.I tried to flash with heimdall 1.3 and it did not work to restore
3.I compiled and installed the new 1.3modified version
4.I flashed with heimdall 1.3modified and it worked
to be sure I repeated the Bada bootloaders once again. The only thing wrong with my device now is that it has no /efs/ partition... which is understandable because bada turned the OneNAND into it's *****.
Great job psych0phobia If you need anything from me just let me know. I mean anything ...
Let me know when you can spare your device so I can modify it. Please push this change upstream.
Click to expand...
Click to collapse
Yay for a properly working Heimdall! Once this fix gets officially implemented I'll update my Heimdall =D
How much do you charge to make the Captivate Unbrickable? X3
I have a darn huge iq... Classified as genius level... Yet, try as I might, cannot make head or tail of Adams post...
Sent from my cell phone. DUH.
psycho2097 said:
I have a darn huge iq... Classified as genius level... Yet, try as I might, cannot make head or tail of Adams post...
Sent from my cell phone. DUH.
Click to expand...
Click to collapse
Don't give me credit... this is the real genius here...
psych0phobia said:
So, Adam, the first thing I would try would be to simply add the "finished sending" packet. Try recompiling with this replacement for BridgeManager.cpp and this additional file EndPitFilePacket.h in the project.
Click to expand...
Click to collapse
Basically, heimdall could not repartition the OneNAND. I identifed the problem, provided detailed debug level information and asked for help. psych0phobia looked at the Odin/Loki protocol, learned it, found the differences between Odin and Heimdall based on the output of both programs and then wrote the fix. Make sure you thank him. Thank Benjamin Dobell as well, he wrote Heimdall in the first place.
now... if you want to compile it under Linux... open a terminal and copy-pasta.
Code:
sudo apt-get install build-essential curl git
mkdir heimdall
cd heimdall
git clone https://github.com/Benjamin-Dobell/Heimdall.git
cd Heimdall/heimdall
curl http://android.merseine.us/BridgeManager.cpp> ./BridgeManger.cpp
curl http://android.merseine.us/EndPitFilePacket.h >./EndPitFilePacket.h
cd ..
cd ..
cd libpit
./configure
make
cd ..
cd heimdall
./configure
make
sudo make install
This will give Heimdall the ability to fully recover a bad partition table.
NOTE: This should only be used until a version greater then Heimdall 1.3.0 is released.
Yea, kinda got that part.... So my understanding would be now we can successfully flash nexus s. Firmware without screwing everything up... Right? In layman-geek's terms, not super-duper-mega-geek terms....
Sent from my cell phone. DUH.
psycho2097 said:
Yea, kinda got that part.... So my understanding would be now we can successfully flash nexus s. Firmware without screwing everything up... Right? In layman-geek's terms, not super-duper-mega-geek terms....
Sent from my cell phone. DUH.
Click to expand...
Click to collapse
I wont say anything about nexus s just yet... We have a 100% open-source, DIY, and free method of restoring a device to stock. Linux, UnBrickable Mod and heimdall.
In other words....
In yo face jtag
whiteguypl said:
In other words....
In yo face jtag
Click to expand...
Click to collapse
Hell yeah! 3 cheers 4 the unbrickable mod!
Sent from my cell phone. DUH.
Just thought I should let you guys know that I've pushed the source for the 1.3.1 updates to Github and it includes a fix, thanks psych0phobia! 1.3.1 also includes substantially improved no-reboot functionality that allows Heimdall to detect and use an existing session (i.e. previous operation with the --no-reboot parameter). Basically this means that you can do things like dump your PIT and then flash your phone without rebooting in between.
I should note that I kind of forgot to update the make files So it won't actually build on Linux/OS X until I do that when I get home (at work now). Windows users can give it whirl though.
Hello, sorry when i post a new Thread i think that many users have the same Problem but my english is not so good that i can find the right Thread ... I have Flash :
I9505_Omega_v2.0_GUEUBMG8_Android_4.3_md5_830353DC5EB14151A017C340C1285E51
Now i have flash a other Rom:
aokp_i9505_unofficial_2013-05-19
and that:
I9505XXUAMDM_I9505OXAAMDM_I9505XXUAMDM_HOME.tar
Now i dont have Sound anymore (micro and Sound are Dissable) Now i have read, that i have make a Bootloader Downgrade and have shoot i up my Bootloader with that :S
What can i doo that Sound works again !? Thanks for Help
wolfsstolz said:
Hello, sorry when i post a new Thread i think that many users have the same Problem but my english is not so good that i can find the right Thread ... I have Flash :
I9505_Omega_v2.0_GUEUBMG8_Android_4.3_md5_830353DC5EB14151A017C340C1285E51
Now i have flash a other Rom:
aokp_i9505_unofficial_2013-05-19
and that:
I9505XXUAMDM_I9505OXAAMDM_I9505XXUAMDM_HOME.tar
Now i dont have Sound anymore (micro and Sound are Dissable) Now i have read, that i have make a Bootloader Downgrade and have shoot i up my Bootloader with that :S
What can i doo that Sound works again !? Thanks for Help
Click to expand...
Click to collapse
wipe data and cache.
if not, reflash your stock firmware, wipe data and cache, reboot
no, that dosnt work, that is a buck in bootloader (4.3 downgrade) i have do flash all roms (wipe too) i have flash a pit rom too but this PRoblem with Bootloader brick is the same. I have Read that many German Users have the same Problem when they flash a higher rom and downgrade it then.I think i must wait for a Developer who have the same Problem :S
When another User Have the same Problem it Please write it here to see that is a big problem for other Users too
Sorry but with Apple i dont have this PRoblem maybe i go back XD
wolfsstolz said:
no, that dosnt work, that is a buck in bootloader (4.3 downgrade) i have do flash all roms (wipe too) i have flash a pit rom too but this PRoblem with Bootloader brick is the same. I have Read that many German Users have the same Problem when they flash a higher rom and downgrade it then.I think i must wait for a Developer who have the same Problem :S
Click to expand...
Click to collapse
why dont you flash MH8 or 5 firmware, it contains the newer bootloader
Edit: please take a look here http://forum.xda-developers.com/showthread.php?t=2436368
when i flash that Sound dont go anymore too. the Problem is a bug in botloader in the newer FW when i have read that correctly
Sorry, i have read that not right .....
Can you give me a link from Rom ?! I only found a rom
forum.xda-developers.com/showthread.php?t=2299087
but this is only without new Bootloader and i think i need that with bootloader or works that too !?
Thansk for Help
Push Thread Too ....
I have Problem with Sound(Downgrade to Stock Rom from Omega Rom)
Now i have Read that i must install fallow Roms:
Factory_Firmware_Full_Wipe_I9505XXUBMGA_I9505OXXBM G3_NEE
and that:
GT-I9505-Factory-Firmware-Full-Wipe-DBT
Basis I9505XXUBMF8_I9505OXABMF8_I9505XXUBMF8
This Roms are in Forum but Theme is Close and Files only on **** hoster (Hotfile)
Who can upload that to another hoster (Hotfile is very slow in Germany 30 kb and 1 gb download go of :S ) like upoaded.to or mega.co.nz ?!
Who can help me for Sound come back please help. I have do all what i have read in Forum but nothing works for me.
Thanks for Help.
No People have a Idea !????
I have make a Photo from logger, it was nice when a dev can look ...
Who can tell me from that Folder:
My Android Folder:
1. i have more "mnt" Folder (mnt + mnt_1)
2. On Storage Folder i can see: USBDriveA ,USBDriveB, USBDrive ..... looks folfer i can see: ExtSdCard - sdcard_3
3. I have a folder named: Firmware + Firmware-mdm
4. ALL Files in : sys/fs/selinux are empty, 0kb , Subfolder too
5. In mnt_1 sys/fs/ext4 Folder are too mutch Folders !? looks on mmcblk0p10 + 16+18+26+29 with same Files
and many more .... Please , who can look on his Machine to this Folders, is that the same !?
Here Are Photos from logger that my Sound dosnt work:
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
I cant believe that no People can help me to bring back my Sound ....
Here a logcat answer from Sound .....
D/ALSADevice(10225): No valid input device: 0
V/ALSADevice(10225): switchDevice,rxDev:Speaker, txDevnull), curRxDev:None, curTxDev:None
D/alsa_ucm(10225): snd_use_case_set(): uc_mgr 0x40f97fb0 identifier _enadev value Speaker
E/alsa_ucm(10225): Invalid current verb value: Inactive - -1
E/alsa_ucm(10225): No valid device Speaker found
D/ALSADevice(10225): switchDevice: mCurTxUCMDevivce None mCurRxDevDevice Speaker inCallDevSwitch = 0
V/ALSADevice(10225): switchDevice Done
D/alsa_ucm(10225): snd_use_case_set(): uc_mgr 0x40f97fb0 identifier _verb value HiFi
E/alsa_ucm(10225): Control device not initialized
E/alsa_ucm(10225): Control device not initialized
W/alsa_ucm(10225): error snd_use_case_apply_mixer_controls
D/ALSADevice(10225): close: handle 0x40026d40 h 0x0
D/ALSADevice(10225): open: handle 0x40026d40, format 0x2
V/ALSADevice(10225): Music case
D/ALSADevice(10225): Device value returned is hw:0,0
V/ALSADevice(10225): flags 0, devName hw:0,0
E/alsa_pcm(10225): cannot open device '/dev/snd/pcmC0D0p', errno 2
V/ALSADevice(10225): pcm_open returned fd -1
E/ALSADevice(10225): open: Failed to initialize ALSA device 'hw:0,0'
E/AudioHardwareALSA(10225): Device open failed
I/audio_a2dp_hw(10225): adev_open: adev_open in A2dp_hw module
I/AudioFlinger(10225): loadHwModule() Loaded a2dp audio interface from A2DP Audio HW HAL (audio) handle 3
I/AudioFlinger(10225): loadHwModule() Loaded usb audio interface from SEC USB audio HW HAL (audio) handle 4
D/tms_audio_hw/AudioTmsIpc(10225): adev_open : Enter
D/tms_audio_hw/AudioTmsIpc(10225): AudioTmsInitSilenceFrames : Enter
D/tms_audio_hw/AudioTmsIpc(10225): AudioTmsInitSilenceFrames : Exit
D/tms_audio_hw/AudioTmsIpc(10225): AudioTmsServerInit :Enter
D/tms_audio_hw/AudioTmsIpc(10225): AudioTmsServerInit: thread started with name =TerminalModeAudioServer and id = 1073900584
D/tms_audio_hw/AudioTmsIpc(10225): AudioTmsServerInit exit
D/tms_audio_hw/AudioTmsIpc(10225): AudioTmsClientSetup : Enter
D/tms_audio_hw/AudioTmsIpc(10225): AudioTmsServerListen :Enter
D/tms_audio_hw/AudioTmsIpc(10225): initMutex: AudioClientSocketMutex Mutex Created
D/tms_audio_hw/AudioTmsIpc(10225): AudioTmsClientSetup : Exit
D/tms_audio_hw/AudioTmsIpc(10225): AudioTmsClientInit :Enter
D/tms_audio_hw/AudioTmsIpc(10225): AudioTmsClientInit: thread started with name =TerminalModeAudioClient and id = 1073900664
D/tms_audio_hw/AudioTmsIpc(10225): AudioTmsClientInit exit
D/tms_audio_hw/AudioTmsIpc(10225): adev_open : Exit
D/tms_audio_hw/AudioTmsIpc(10225): adev_init_check : Enter
D/tms_audio_hw/AudioTmsIpc(10225): adev_set_master_volume : Enter 1.000000
I/AudioFlinger(10225): loadHwModule() Loaded tms audio interface from TMS Audio HW HAL (audio) handle 5
E/AudioPolicyManagerBase(10225): Not output found for attached devices 00000003
E/AudioPolicyManagerBase(10225): Failed to open primary output
E/AudioPolicyManagerBase(10225): getDeviceForStrategy() speaker device not found
E/AudioPolicyManagerBase(10225): getDeviceForStrategy() speaker device not found
E/AudioPolicyManagerBase(10225): getDeviceForStrategy() speaker device not found
D/tms_audio_hw/AudioTmsIpc(10225): AudioTmsServerListen Socket Success Name /data/TMAudioSocketServer
E/AudioPolicyService(10225): couldn't init_check the audio policy (No such device)
D/tms_audio_hw/AudioTmsIpc(10225): AudioTmsServerListen Bind Success gAudioServerLocalSockFd 20
D/tms_audio_hw/AudioTmsIpc(10225): AudioTmsServerListen Listen Done gAudioServerLocalSockFd 20 ret 0
D/tms_audio_hw/AudioTmsIpc(10225): AudioTmsServerListen PLATFORM_AUDIO_CMD SIZE 16
D/tms_audio_hw/AudioTmsIpc(10225): AudioTmsServerListen PLATFORM_AUDIO_DATA SIZE 24
D/tms_audio_hw/AudioTmsIpc(10225): AudioTmsServerListen PLATFORM_AUDIO_META_DATA SIZE 20
D/tms_audio_hw/AudioTmsIpc(10225): AudioTmsServerListen SizeInBytes 12288
D/tms_audio_hw/AudioTmsIpc(10225): AudioTmsServerListen : Givimg Permission 0777 mode , 0 ret
D/tms_audio_hw/AudioTmsIpc(10225): AudioTmsServerListen accept Start len 110 gAudioServerLocalSockFd 20
V/TranscoderService(10225): TranscoderService created
D/tms_audio_hw/AudioTmsIpc(10225): AudioTmsClientListen :Enter
D/tms_audio_hw/AudioTmsIpc(10225): AudioTmsClientListen Socket Success Name /data/TMAudioSocketClient
D/tms_audio_hw/AudioTmsIpc(10225): AudioTmsClientListen Bind Success gAudioClientLocalSockFd 23
D/tms_audio_hw/AudioTmsIpc(10225): AudioTmsClientListen Listen Done gAudioClientLocalSockFd 23 ret 0
D/tms_audio_hw/AudioTmsIpc(10225): AudioTmsClientListen PLATFORM_AUDIO_CMD SIZE 16
D/tms_audio_hw/AudioTmsIpc(10225): AudioTmsClientListen PLATFORM_AUDIO_DATA SIZE 24
D/tms_audio_hw/AudioTmsIpc(10225): AudioTmsClientListen PLATFORM_AUDIO_META_DATA SIZE 20
D/tms_audio_hw/AudioTmsIpc(10225): AudioTmsClientListen accept Start len 110 gAudioClientLocalSockFd 23
D/tms_audio_hw/AudioTmsIpc(10225): AudioTmsServerListen : Givimg Permission 0777 mode , 0 ret
I/power ( 5291): *** release_dvfs_lock : lockType : 1
D/CustomFrequencyManagerService( 5291): releaseDVFSLockLocked : Getting Lock type frm List : DVFS_MIN_LIMIT frequency : 1566000 uid : 10135 pid : 8603 tag : [email protected]
flash this firmware, wipe data and cache after, reboot http://www.hotfile.com/dl/243289856/5f90db9/I9505XXUDMH8_I9505OXXDMHA_BTU.zip.html
Flash stock kernel again and you would be good.
I had this issue too and found it hard way that it's custom kernel causing this issue.
You can also try this.
Switch off your phone (not restart) and wait for 15-20 secs. And turn it back on. Some users are saying, this will get back your sound.
I have flash that many Times but i will test that again .... Thanks for Help.
Is that the same Rom ? :
I9505XXUDMH8_I9505OXXDMHA_I9505XXUDMH8_HOME.tar.md5
ok, i have Flash now the Rom again, have 3 Times make a Factory Reset + Cache Wipe
Then i have Flash the Kernel only and power of for 20 Seconds my Galaxy then i have Reboot that but no Sound again
Then i have make a LogCat and the Same here: (No Speaker found)
D/ALSADevice( 6355): No valid input device: 0
V/ALSADevice( 6355): switchDevice,rxDev:Speaker, txDevnull), curRxDev:None, curTxDev:None
D/alsa_ucm( 6355): snd_use_case_set(): uc_mgr 0x407ba2f8 identifier _enadev value Speaker
E/alsa_ucm( 6355): Invalid current verb value: Inactive - -1
E/alsa_ucm( 6355): No valid device Speaker found
D/ALSADevice( 6355): switchDevice: mCurTxUCMDevivce None mCurRxDevDevice Speaker inCallDevSwitch = 0
V/ALSADevice( 6355): switchDevice Done
D/alsa_ucm( 6355): snd_use_case_set(): uc_mgr 0x407ba2f8 identifier _verb value HiFi
E/alsa_ucm( 6355): Control device not initialized
E/alsa_ucm( 6355): Control device not initialized
W/alsa_ucm( 6355): error snd_use_case_apply_mixer_controls
D/ALSADevice( 6355): close: handle 0x43d4ad40 h 0x0
D/ALSADevice( 6355): open: handle 0x43d4ad40, format 0x2
V/ALSADevice( 6355): Music case
D/ALSADevice( 6355): Device value returned is hw:0,0
V/ALSADevice( 6355): flags 0, devName hw:0,0
E/alsa_pcm( 6355): cannot open device '/dev/snd/pcmC0D0p', errno 2
V/ALSADevice( 6355): pcm_open returned fd -1
E/ALSADevice( 6355): open: Failed to initialize ALSA device 'hw:0,0'
E/AudioHardwareALSA( 6355): Device open failed
I/audio_a2dp_hw( 6355): adev_open: adev_open in A2dp_hw module
I/AudioFlinger( 6355): loadHwModule() Loaded a2dp audio interface from A2DP Audio HW HAL (audio) handle 3
I/AudioFlinger( 6355): loadHwModule() Loaded usb audio interface from SEC USB audio HW HAL (audio) handle 4
D/tms_audio_hw/AudioTmsIpc( 6355): adev_open : Enter
D/tms_audio_hw/AudioTmsIpc( 6355): AudioTmsInitSilenceFrames : Enter
D/tms_audio_hw/AudioTmsIpc( 6355): AudioTmsInitSilenceFrames : Exit
D/tms_audio_hw/AudioTmsIpc( 6355): AudioTmsServerInit :Enter
D/tms_audio_hw/AudioTmsIpc( 6355): AudioTmsServerInit: thread started with name =TerminalModeAudioServer and id = 1138011176
D/tms_audio_hw/AudioTmsIpc( 6355): AudioTmsServerInit exit
D/tms_audio_hw/AudioTmsIpc( 6355): AudioTmsServerListen :Enter
D/tms_audio_hw/AudioTmsIpc( 6355): AudioTmsClientSetup : Enter
D/tms_audio_hw/AudioTmsIpc( 6355): initMutex: AudioClientSocketMutex Mutex Created
D/tms_audio_hw/AudioTmsIpc( 6355): AudioTmsClientSetup : Exit
D/tms_audio_hw/AudioTmsIpc( 6355): AudioTmsClientInit :Enter
D/tms_audio_hw/AudioTmsIpc( 6355): AudioTmsClientInit: thread started with name =TerminalModeAudioClient and id = 1138011256
D/tms_audio_hw/AudioTmsIpc( 6355): AudioTmsClientInit exit
D/tms_audio_hw/AudioTmsIpc( 6355): adev_open : Exit
D/tms_audio_hw/AudioTmsIpc( 6355): adev_init_check : Enter
D/tms_audio_hw/AudioTmsIpc( 6355): adev_set_master_volume : Enter 1.000000
I/AudioFlinger( 6355): loadHwModule() Loaded tms audio interface from TMS Audio HW HAL (audio) handle 5
E/AudioPolicyManagerBase( 6355): Not output found for attached devices 00000003
E/AudioPolicyManagerBase( 6355): Failed to open primary output
E/AudioPolicyManagerBase( 6355): getDeviceForStrategy() speaker device not found
E/AudioPolicyManagerBase( 6355): getDeviceForStrategy() speaker device not found
E/AudioPolicyManagerBase( 6355): getDeviceForStrategy() speaker device not found
E/AudioPolicyService( 6355): couldn't init_check the audio policy (No such device)
V/TranscoderService( 6355): TranscoderService created
D/tms_audio_hw/AudioTmsIpc( 6355): AudioTmsClientListen :Enter
D/tms_audio_hw/AudioTmsIpc( 6355): AudioTmsClientListen Socket Success Name /data/TMAudioSocketClient
D/tms_audio_hw/AudioTmsIpc( 6355): AudioTmsClientListen Bind Success gAudioClientLocalSockFd 21
D/tms_audio_hw/AudioTmsIpc( 6355): AudioTmsClientListen Listen Done gAudioClientLocalSockFd 21 ret 0
D/tms_audio_hw/AudioTmsIpc( 6355): AudioTmsServerListen Socket Success Name /data/TMAudioSocketServer
D/tms_audio_hw/AudioTmsIpc( 6355): AudioTmsServerListen Bind Success gAudioServerLocalSockFd 22
D/tms_audio_hw/AudioTmsIpc( 6355): AudioTmsClientListen PLATFORM_AUDIO_CMD SIZE 16
D/tms_audio_hw/AudioTmsIpc( 6355): AudioTmsServerListen Listen Done gAudioServerLocalSockFd 22 ret 0
D/tms_audio_hw/AudioTmsIpc( 6355): AudioTmsServerListen PLATFORM_AUDIO_CMD SIZE 16
D/tms_audio_hw/AudioTmsIpc( 6355): AudioTmsServerListen PLATFORM_AUDIO_DATA SIZE 24
D/tms_audio_hw/AudioTmsIpc( 6355): AudioTmsServerListen PLATFORM_AUDIO_META_DATA SIZE 20
D/tms_audio_hw/AudioTmsIpc( 6355): AudioTmsServerListen SizeInBytes 12288
D/tms_audio_hw/AudioTmsIpc( 6355): AudioTmsServerListen : Givimg Permission 0777 mode , 0 ret
D/tms_audio_hw/AudioTmsIpc( 6355): AudioTmsServerListen accept Start len 110 gAudioServerLocalSockFd 22
D/tms_audio_hw/AudioTmsIpc( 6355): AudioTmsClientListen PLATFORM_AUDIO_DATA SIZE 24
D/tms_audio_hw/AudioTmsIpc( 6355): AudioTmsClientListen PLATFORM_AUDIO_META_DATA SIZE 20
D/tms_audio_hw/AudioTmsIpc( 6355): AudioTmsClientListen accept Start len 110 gAudioClientLocalSockFd 21
D/tms_audio_hw/AudioTmsIpc( 6355): AudioTmsServerListen : Givimg Permission 0777 mode , 0 ret
W/ActivityManager( 764): Launch timeout has expired, giving up wake lock!
it maybe a hardware issue.
dial *#7353# and make test
I have a Pit Rom here
Factory_Firmware_Full_Wipe_I9505XXUBMGA_I9505OXXBMG3_NEE
and:
GT-I9505-Factory-Firmware-Full-Wipe-DBT I9505OXABMF8
But when i load that in Odin , i will become a error , invalid .....
Same is with that Rom (one File Rom)
I9505XXUBMEA_I9505OXABMEA_I9505XXUBMEA_HOME.tar.md5 is invalid
I can only flash 1 File Roms
<OSM> MD5 hash value is invalid
<OSM> PDA_I9505XXUBMF8_I9505OXABMF8_I9505XXUBMF8.tar.md5 is invalid.
<OSM> End...
no sound here too , here are log Files:
E/Encryption( 187): created DirEncryptionManager
D/Vold ( 187): Volume sdcard state changing -1 (Initializing) -> 0 (No-Media)
D/Encryption( 187): enable android secure container 'sdcard'
D/Vold ( 187): Volume sda state changing -1 (Initializing) -> 0 (No-Media)
D/Vold ( 187): Volume sdb state changing -1 (Initializing) -> 0 (No-Media)
D/Vold ( 187): Volume sdc state changing -1 (Initializing) -> 0 (No-Media)
D/Vold ( 187): Volume sdd state changing -1 (Initializing) -> 0 (No-Media)
D/Vold ( 187): Volume sde state changing -1 (Initializing) -> 0 (No-Media)
D/Vold ( 187): Volume sdf state changing -1 (Initializing) -> 0 (No-Media)
D/Vold ( 187): '/dev/block/mmcblk0' : disk_size (15758000128)
D/DirectVolume( 187): DirectVolume::readId -> path '/sys/devices/platform/msm_sdcc.2/mmc_host/mmc2/mmc2:e624/block/mmcblk1/device/cid'
D/DirectVolume( 187): DirectVolume::readId -> id '035344535530384780303189d800cab0'
D/DirectVolume( 187): DirectVolume::handleDiskAdded -> mDiskMajor 179, mDiskMinor 32, NPARTS:1
D/Vold ( 187): Volume sdcard state changing 0 (No-Media) -> 2 (Pending)
W/PackageManager( 766): Unknown permission com.sec.android.permission.VIDEOHUB in package com.sec.android.app.videoplayer
W/PackageManager( 766): Unknown permission android.permission.SYSTEM_ALERT in package com.sec.android.app.videoplayer
I have upload the LogFile, when you have time for that, you can look on that. Thanks
http://ul.to/k34sopfp
wolfsstolz said:
I have a Pit Rom here
Factory_Firmware_Full_Wipe_I9505XXUBMGA_I9505OXXBMG3_NEE
and:
GT-I9505-Factory-Firmware-Full-Wipe-DBT I9505OXABMF8
But when i load that in Odin , i will become a error , invalid .....
Same is with that Rom (one File Rom)
I9505XXUBMEA_I9505OXABMEA_I9505XXUBMEA_HOME.tar.md5 is invalid
I can only flash 1 File Roms
<OSM> MD5 hash value is invalid
<OSM> PDA_I9505XXUBMF8_I9505OXABMF8_I9505XXUBMF8.tar.md5 is invalid.
<OSM> End...
no sound here too , here are log Files:
E/Encryption( 187): created DirEncryptionManager
D/Vold ( 187): Volume sdcard state changing -1 (Initializing) -> 0 (No-Media)
D/Encryption( 187): enable android secure container 'sdcard'
D/Vold ( 187): Volume sda state changing -1 (Initializing) -> 0 (No-Media)
D/Vold ( 187): Volume sdb state changing -1 (Initializing) -> 0 (No-Media)
D/Vold ( 187): Volume sdc state changing -1 (Initializing) -> 0 (No-Media)
D/Vold ( 187): Volume sdd state changing -1 (Initializing) -> 0 (No-Media)
D/Vold ( 187): Volume sde state changing -1 (Initializing) -> 0 (No-Media)
D/Vold ( 187): Volume sdf state changing -1 (Initializing) -> 0 (No-Media)
D/Vold ( 187): '/dev/block/mmcblk0' : disk_size (15758000128)
D/DirectVolume( 187): DirectVolume::readId -> path '/sys/devices/platform/msm_sdcc.2/mmc_host/mmc2/mmc2:e624/block/mmcblk1/device/cid'
D/DirectVolume( 187): DirectVolume::readId -> id '035344535530384780303189d800cab0'
D/DirectVolume( 187): DirectVolume::handleDiskAdded -> mDiskMajor 179, mDiskMinor 32, NPARTS:1
D/Vold ( 187): Volume sdcard state changing 0 (No-Media) -> 2 (Pending)
W/PackageManager( 766): Unknown permission com.sec.android.permission.VIDEOHUB in package com.sec.android.app.videoplayer
W/PackageManager( 766): Unknown permission android.permission.SYSTEM_ALERT in package com.sec.android.app.videoplayer
I have upload the LogFile, when you have time for that, you can look on that. Thanks
http://ul.to/k34sopfp
Click to expand...
Click to collapse
sound wont work with older firmware even with the pit. you have to flash official updated firmware hard reset your device.also make sure its your phones official firmware.if that don't work try kies emergency firmware upgrade. hope this helps.
The Segmentation Fault error is fixed on LineageOS. It will be fixed progressively in any other ROM in the upcoming updates.
Infinite thanks to @wzedlare, and the other persons and devs that helped us. Im gonna request to mods to close this thread
And over again thanks to all! I'm so happy now!
On certain devices a series of binaries, shell/ADB commands are not working correctly.
Most of the time when one of these binaries I invoked the crash with a "Segmentation fault" error (SIGEGV 11). If the command/binarie is executed multiple times, at some point it works without the error. (1 of 30 times approximately).
These commands/binaries are very important for Root applications, but are not limited to them.
As a result many applications that need ROOT work very sporadically, and some not root apps are affected too.
If you are suffering the same problem, please share your logcats, the app or the command affected, and your device model, in order to get more information about the problem to help the devs and other users.
Affected ROMs and Devices
So far all customs ROMs for Cedric are affected. It appears to be related to a Cedric variant with Dual SIM, removable battery and 3GB of RAM. Mostly sold in Europe trough Amazon.
Known affected apps and Workarrounds:
SuperSu and MagikSU(all versions): Devices rooted with Magisk or SuperSu, suffer from the error almost every time that SU binarir is invoked. The visible symptom is that although according the info provided by the application (Magisk manager says that the device is correctly rooted), the requests to get root permission will not popup because the binarie is crash almost 29 to 30 times. As a result these options for root are almost useless.
LineageOS SU By itself works correctly, the binarie will not crash, but the other commands still will be affected. Is the most funtional root option for affected devices!!
Secure Settings, BetterBattery stats, AutoTools ADB commands to Grant permissions can be executed multiple times. Once authorized, they work correctly.
Super Doze To change doze settings you need to press apply button multiple times. There is no way to know when the change was actually applied except using ADB.
Nap Time it's useless to change doze settings, but force doze is working.
Greenify, Servicely The will pop out an error every time that trying to stop every single app. In short they are useles.
Titanium BackUp and Link2SD To freeze or unfreeze an app you must tap multiples times until it work.
Disable Services Tap multiple times until it work.
LiveBoot After installed it will work only 1/30 reboots (Useless)
Known affected binaries
pm
am
settings
adb backup
Magisk Su, and Super Su
Disclaimer:
I'm not a developer. I created this topic to help other users, to find a workarounds to the error. I'm not a developer. I created this topic to help other users, to find a way to dodge the error.
In addition I hope to raise awareness about this problem and help the devs with the information that is recopiled.
Screenshots Examples and Logcats of the error
Logcat: http://cloud.tapatalk.com/s/59...279dd2/2017-07-25-12-12-33.txt
Series of post in LineageOS Thread talking about the issue: https://forum.xda-developers.com/g5/development/7-1-x-lineageos-14-1-moto-g5-t3611973/page48
Tipical Crash message after invoking a command:
Code:
08-23 19:04:28.670 12408 12408 I chatty : uid=0(root) app_process expire 847 lines
08-23 19:04:28.694 11748 11748 W Atfwd_Sendcmd: AtCmdFwd service not published, waiting... retryCnt : 4
08-23 19:04:28.715 12408 12408 F libc : Fatal signal 11 (SIGSEGV), code 1, fault addr 0x9c in tid 12408 (app_process)
08-23 19:04:28.716 402 402 I chatty : uid=0(root) /system/bin/debuggerd expire 2 lines
08-23 19:04:28.777 12410 12410 F DEBUG : *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
08-23 19:04:28.778 12410 12410 F DEBUG : LineageOS Version: '14.1-20170811-UNOFFICIAL-cedric'
08-23 19:04:28.778 12410 12410 F DEBUG : Build fingerprint: 'motorola/lineage_cedric/cedric:7.1.2/NJH47F/43d07c81c5:userdebug/test-keys'
08-23 19:04:28.778 12410 12410 F DEBUG : Revision: '0'
08-23 19:04:28.778 12410 12410 F DEBUG : ABI: 'arm'
08-23 19:04:28.778 12410 12410 F DEBUG : pid: 12408, tid: 12408, name: app_process >>> app_process
[/Quote]
Click to expand...
Click to collapse
Great thread! My device is also affected and matches the mentioned specs.
I've got the recommended LineageSU method installed but normally don't use ADB. The only application I did try to use is Liveboot, where the test mode fails to start quite often. Transferring files via USB won't work on the first try, but I don't know how to tell if that is related. My device also is the European G5 with triple slot, 16GB and removable battery, type XT1676 or M2675. Currently running the unofficial LineageOS 14.1 build by @wzedlare from August, 2017.
ektus said:
I've got the recommended LineageSU method installed but normally don't use ADB. The only application I did try to use is Liveboot, where the test mode fails to start quite often. Transferring files via USB won't work on the first try, but I don't know how to tell if that is related. My device also is the European G5 with triple slot, 16GB and removable battery, type XT1676 or M2675. Currently running the unofficial LineageOS 14.1 build by @wzedlare from August, 2017.
Click to expand...
Click to collapse
The easiest way to check if a problem is caused by the segmentation fault is open a terminal emulator session (you can install any terminal emulator from the Playstore), and write:
su
logcat | grep "signal 11 (SIGSEGV)"
It will filter the logcat showing the Segmentation Fault errors. If you get new errors when performing an certain action, or opening certain app, it's affected by the error.
Enviado desde mi Moto G5 mediante Tapatalk
The easiest way to check if a problem is caused by the segmentation fault is open a terminal emulator session (you can install any terminal emulator from the Playstore), and write:
su
logcat | grep "signal 11 (SIGSEGV)"
Click to expand...
Click to collapse
That one shows quite a number of results, at a first glance most with
Code:
signal 11 (SIGSEGV), code 1 (SEGV_MAPPER), fault addr 0x9c in tid xxxxx (zygote)
and one of each with
Code:
(app_process)
and
Code:
(Downloadmanager)
The fault addr is always the same except for the Downloadmanager where it's
Code:
code 2 (SEGV_ACCERR), fault addr 0x200006464
.
Regards
Ektus.
Just for reference and to add to the discussion started in the Moto G5 TWRP thread, I never had any such issuess. My model is the 3GB dual sim version, bought at Amazon Germany. LineageOS with root addon.
Don't know if it is of importance but it never got to boot a clean system with changed filesystem. Tried to change /data to ext4, also tried it with /system as f2fs but nothing worked. This also happened with the new TWRP 3.1.1.
I also tried to flash phh supersu with noverity. But could only boot to bootloader which gave me an error.
Just wanted to share my attempts. I have limited knowledge of the fundamentals of segmentation so I just tried whatever I could find.
floydburgermcdahm said:
Just for reference and to add to the discussion started in the Moto G5 TWRP thread, I never had any such issuess. My model is the 3GB dual sim version, bought at Amazon Germany. LineageOS with root addon.
Click to expand...
Click to collapse
F***! what will be the difference between your device and mine?
Did you ever use the rooted stock ROM?
Can you please, share these numbers from the sticker behind your battery, to know your exact device variant:
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Thanks for your help!
Enviado desde mi Moto G5 mediante Tapatalk
Anyone affected with segmentation fault error, o with a device with Dual SIM, please share these numbers.
A picture is not necessary, just the numbers. It's behind the battery
Enviado desde mi Moto G5 mediante Tapatalk
Here is mine.
Edit: if picture is too small, it is the same phone as yours...
Just for reference my phone doesn't have any issues with root function
XT1675
2+16gb
All other numbers are the same
The FCC ID is the registration code for the United States
Federal Communications Commission
First three letters are grantee code - the rest is product code
I think the type relates to the battery size
mrfrantastic said:
Here is mine.
Edit: if picture is too small, it is the same phone as yours...
Click to expand...
Click to collapse
Let's see if @floydburgermcdahm has exactly the same device. Perhaps there is more than one 3gb Dual SIM Variant.
floydburgermcdahm said:
I never had any such issuess. My model is the 3GB dual sim version, bought at Amazon Germany. LineageOS with root addon.
Click to expand...
Click to collapse
Enviado desde mi Moto G5 mediante Tapatalk
andyro2008 said:
Let's see if @floydburgermcdahm has exactly the same device. Perhaps there is more than one 3gb Dual SIM Variant.
Click to expand...
Click to collapse
Mine is: XT1676, 3+16GB, FCC ID: IHDT56VF4, Type: M2675
So, no idea what the difference between our devices might be. I did use the stock ROM briefly, but never rooted it. Went straight to LOS with root addon.
Yeah and thanks for reminding me that the bloody case is a ***** to open!
floydburgermcdahm said:
Mine is: XT1676, 3+16GB, FCC ID: IHDT56VF4, Type: M2675
So, no idea what the difference between our devices might be. I did use the stock ROM briefly, but never rooted it. Went straight to LOS with root addon.
Yeah and thanks for reminding me that the bloody case is a ***** to open!
Click to expand...
Click to collapse
So if you type "pm" in a terminal you don't get a segmentation fault?
TheFixItMan said:
Just for reference my phone doesn't have any issues with root function
XT1675
2+16gb
All other numbers are the same
The FCC ID is the registration code for the United States
Federal Communications Commission
First three letters are grantee code - the rest is product code
I think the type relates to the battery size
Click to expand...
Click to collapse
I tried a strace with the command "pm". Something of this can be useful? Can it be something related to libraries? Those "No such file or directory" are weird. The full log files, one from a successfull pm and another for a failed one, are attached. Thanks for your atention, i hope you could help us.
Code:
openat(AT_FDCWD, "/system/lib/libart.so", O_RDONLY|O_LARGEFILE) = 5
fstat64(5, {st_mode=0, st_size=1, ...}) = 0
read(5, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0\0\0\0\0004\0\0\0"..., 4096) = 4096
_llseek(5, 5888928, [5888928], SEEK_SET) = 0
read(5, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 4096) = 1320
_llseek(5, 4584364, [4584364], SEEK_SET) = 0
read(5, "\0.symtab\0.strtab\0.shstrtab\0.inte"..., 4096) = 4096
_llseek(5, 4584348, [4584348], SEEK_SET) = 0
read(5, "libart.so\0\0\0\21\r\350\370\0.symtab\0.strtab"..., 4096) = 4096
close(5) = 0
openat(AT_FDCWD, "/system/lib/.debug/libart.so", O_RDONLY|O_LARGEFILE) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/lib/debug/system/lib/libart.so", O_RDONLY|O_LARGEFILE) = -1 ENOENT (No such file or directory)
clock_gettime(CLOCK_MONOTONIC, {7390, 135831818}) = 0
openat(AT_FDCWD, "/system/lib/libandroid_runtime.so", O_RDONLY|O_LARGEFILE) = 5
fstat64(5, {st_mode=0, st_size=1, ...}) = 0
mmap2(NULL, 1075276, PROT_READ, MAP_PRIVATE, 5, 0) = 0xaaada000
close(5) = 0
openat(AT_FDCWD, "/system/lib/libandroid_runtime.so", O_RDONLY|O_LARGEFILE) = 5
fstat64(5, {st_mode=0, st_size=1, ...}) = 0
read(5, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0\0\0\0\0004\0\0\0"..., 4096) = 4096
_llseek(5, 1074116, [1074116], SEEK_SET) = 0
read(5, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 4096) = 1160
_llseek(5, 1073810, [1073810], SEEK_SET) = 0
read(5, "\0.shstrtab\0.interp\0.note.android"..., 4096) = 1466
_llseek(5, 1073782, [1073782], SEEK_SET) = 0
read(5, "libandroid_runtime.so\0\0\0o\223i\206\0.sh"..., 4096) = 1494
close(5) = 0
openat(AT_FDCWD, "/system/lib/libandroid_runtime.so", O_RDONLY|O_LARGEFILE) = 5
fstat64(5, {st_mode=0, st_size=1, ...}) = 0
read(5, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0\0\0\0\0004\0\0\0"..., 4096) = 4096
_llseek(5, 1074116, [1074116], SEEK_SET) = 0
read(5, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 4096) = 1160
_llseek(5, 1073810, [1073810], SEEK_SET) = 0
read(5, "\0.shstrtab\0.interp\0.note.android"..., 4096) = 1466
_llseek(5, 1073782, [1073782], SEEK_SET) = 0
read(5, "libandroid_runtime.so\0\0\0o\223i\206\0.sh"..., 4096) = 1494
close(5) = 0
openat(AT_FDCWD, "/system/lib/.debug/libandroid_runtime.so", O_RDONLY|O_LARGEFILE) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/lib/debug/system/lib/libandroid_runtime.so", O_RDONLY|O_LARGEFILE) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/system/bin/app_process32", O_RDONLY|O_LARGEFILE) = 5
fstat64(5, {st_mode=0, st_size=1, ...}) = 0
Sorry repeated post
andyro2008 said:
I tried a strace with the command "pm". Something of this can be useful? Can it be something related to libraries? Those "No such file or directory" are weird. The full log files, one from a successfull pm and another for a failed one, are attached. Thanks for your atention, i hope you could help us.
Code:
openat(AT_FDCWD, "/system/lib/libart.so", O_RDONLY|O_LARGEFILE) = 5
fstat64(5, {st_mode=0, st_size=1, ...}) = 0
read(5, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0\0\0\0\0004\0\0\0"..., 4096) = 4096
_llseek(5, 5888928, [5888928], SEEK_SET) = 0
read(5, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 4096) = 1320
_llseek(5, 4584364, [4584364], SEEK_SET) = 0
read(5, "\0.symtab\0.strtab\0.shstrtab\0.inte"..., 4096) = 4096
_llseek(5, 4584348, [4584348], SEEK_SET) = 0
read(5, "libart.so\0\0\0\21\r\350\370\0.symtab\0.strtab"..., 4096) = 4096
close(5) = 0
openat(AT_FDCWD, "/system/lib/.debug/libart.so", O_RDONLY|O_LARGEFILE) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/lib/debug/system/lib/libart.so", O_RDONLY|O_LARGEFILE) = -1 ENOENT (No such file or directory)
clock_gettime(CLOCK_MONOTONIC, {7390, 135831818}) = 0
openat(AT_FDCWD, "/system/lib/libandroid_runtime.so", O_RDONLY|O_LARGEFILE) = 5
fstat64(5, {st_mode=0, st_size=1, ...}) = 0
mmap2(NULL, 1075276, PROT_READ, MAP_PRIVATE, 5, 0) = 0xaaada000
close(5) = 0
openat(AT_FDCWD, "/system/lib/libandroid_runtime.so", O_RDONLY|O_LARGEFILE) = 5
fstat64(5, {st_mode=0, st_size=1, ...}) = 0
read(5, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0\0\0\0\0004\0\0\0"..., 4096) = 4096
_llseek(5, 1074116, [1074116], SEEK_SET) = 0
read(5, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 4096) = 1160
_llseek(5, 1073810, [1073810], SEEK_SET) = 0
read(5, "\0.shstrtab\0.interp\0.note.android"..., 4096) = 1466
_llseek(5, 1073782, [1073782], SEEK_SET) = 0
read(5, "libandroid_runtime.so\0\0\0o\223i\206\0.sh"..., 4096) = 1494
close(5) = 0
openat(AT_FDCWD, "/system/lib/libandroid_runtime.so", O_RDONLY|O_LARGEFILE) = 5
fstat64(5, {st_mode=0, st_size=1, ...}) = 0
read(5, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0\0\0\0\0004\0\0\0"..., 4096) = 4096
_llseek(5, 1074116, [1074116], SEEK_SET) = 0
read(5, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 4096) = 1160
_llseek(5, 1073810, [1073810], SEEK_SET) = 0
read(5, "\0.shstrtab\0.interp\0.note.android"..., 4096) = 1466
_llseek(5, 1073782, [1073782], SEEK_SET) = 0
read(5, "libandroid_runtime.so\0\0\0o\223i\206\0.sh"..., 4096) = 1494
close(5) = 0
openat(AT_FDCWD, "/system/lib/.debug/libandroid_runtime.so", O_RDONLY|O_LARGEFILE) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/lib/debug/system/lib/libandroid_runtime.so", O_RDONLY|O_LARGEFILE) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/system/bin/app_process32", O_RDONLY|O_LARGEFILE) = 5
fstat64(5, {st_mode=0, st_size=1, ...}) = 0
Click to expand...
Click to collapse
Both them lib files are present in system/lib
I don't have any knowledge of coding to be of assistance
mrfrantastic said:
So if you type "pm" in a terminal you don't get a segmentation fault?
Click to expand...
Click to collapse
Nope.
Since we only have a very small number of affected devices it is obviously difficult to extrapolate general statements. But for now(!) it seems(!) that there are models which are not affected by the fault although they match (on first glance) OP's and my phone's specs. On the other hand there are (again: for now) only devices with above mentioned serial number affected by the fault.
Since we tried different ROMS with different sources could it be kernel related? I am assuming that all ROMS at least partially share the same kernel. And if so, how do we get someone to try to fix the kernel?
The next common denominator might be either TWRP or SU...
At least Xposed is NOT affected in any way by the Segmentation fault error, so you can use it without problem.
Enviado desde mi Moto G5 mediante Tapatalk
I would like to share my experience from the weekend to help others.
At first let me explain the situation:
I got my A5X Max+ 64GB eMMC preinstalled with Android 8.1 but I thought that the latest firmware available on the net can maybe make a positive difference to the shipped one.
Seraching the web I found 3 different firmware version I thoght it would be good to give it a try.
An A5X MAX+ Android 8.1 firmware
An A5X MAX+ Android 7 firmware
An A5X MAX Android 9 firmware (non "+" uses a dirfferent WiFi Chipset,....)
Next Step folowing the firmware upgrade guides:
1. Trying to directly flash a new firmware via a SD card and SD_Firmware_Tool_v146_eng_AndroidPC failed
2. Trying to flash with a computer using RK_Batch_tool_v1_8_AndroidPC in combination with Rockchip_DriverAssitant_v4.4 is working
Ok no difference to the preinstalled one so next step flashing a different firmware.
The most interesting was the Android 9.0 firmware even when I know that it is for the non "+" version using a slightly different peripheral hardware.
So I use the Batch tool again and start flashing. ==> Do not flash similar firmware on any device.
The flash process abort after flashing only parts of the whole image.
My Box is not starting anymore, and there is no video output when booting and it is not recognized by my computer anymore via USB
My process to debrick my Device:
My luck when starting into Recovery it is still recognized via USB
Also there a dedicated test pins marked with TX, GND and RX so I connect a Serial to USB converter and check if I can find the problem.
I could not find out what kind of baud rate the serial is using neither Start/Stop Bit configuration.
A oscilloscope (Red Pitaya) helped a lot to see that the serial interface is working at a abnormal high baud rate: ~1350000 baud per second / 8N1
find here the current bootloop log:
normal boot
Code:
Wed Oct 31 06:28:55 UTC 2018 aarch64)
INF [0x0] TEE-CORE:init_primary_helper:338: Release version: 1.4
INF [0x0] TEE-CORE:init_teecore:83: teecore inits done
INFO: BL31: Preparing for EL3 exit to normal world
INFO: Entry point address = 0x200000
INFO: SPSR = 0x3c9
U-Boot 2017.09-02211-gd8ce1d0-dirty (Nov 27 2018 - 09:57:42 +0800)
Model: Rockchip RK3328 EVB
DRAM: 4 GiB
Relocation Offset is: fcbda000
Using default environment
[email protected]: 1, [email protected]: 0
Card did not respond to voltage select!
mmc_init: -95, time 10
switch to partitions #0, OK
mmc0(part 0) is current device
boot mode: normal
bad resource image magic: oint (current EL)
DTB: rk-kernel.dtb
bad resource image magic: oint (current EL)
Can't find file:rk-kernel.dtb
init_kernel_dtb dtb in resource read fail
In: serial
Out: serial
Err: serial
Model: Rockchip RK3328 EVB
rockchip_set_serialno: could not find efuse device
CLK: apll 400000000 Hz
dpll 664000000 Hz
cpll 1200000000 Hz
gpll 491009999 Hz
npll 600000000 Hz
armclk 600000000 Hz
aclk_bus 150000000 Hz
hclk_bus 75000000 Hz
pclk_bus 75000000 Hz
aclk_peri 150000000 Hz
hclk_peri 75000000 Hz
pclk_peri 75000000 Hz
Net: Net Initialization Skipped
No ethernet found.
Hit any key to stop autoboot: 0
ca head not found
ANDROID: reboot reason: "(none)"
get share memory, arg0=0x0 arg1=0x9e08000 arg2=0x3f8000 arg3=0x1
read_is_device_unlocked() ops returned that device is UNLOCKED
avb_slot_verify.c:637: ERROR: vbmeta: Error verifying vbmeta image: OK_NOT_SIGNE D
get share memory, arg0=0x0 arg1=0x9e08000 arg2=0x3f8000 arg3=0x1
DDR version 1.13 20180428
ID:0x805 N
In
DDR3
333MHz
Bus Width=32 Col=11 Bank=8 Row=16 CS=1 Die Bus-Width=16 Size=4096MB
ddrconfig:3
OUT
Boot1 Release Time: Sep 7 2018 15:49:55, version: 2.49
ChipType = 0x11, 193
mmc2:cmd19,100
SdmmcInit=2 0
BootCapSize=2000
UserCapSize=59640MB
FwPartOffset=2000 , 2000
SdmmcInit=0 NOT PRESENT
StorageInit ok = 286281
Raw SecureMode = 0
SecureInit read PBA: 0x4
SecureInit read PBA: 0x404
SecureInit read PBA: 0x804
SecureInit read PBA: 0xc04
SecureInit read PBA: 0x1004
SecureInit ret = 0, SecureMode = 0
GPT part: 0, name: uboot, start:0x4000, size:0x2000
GPT part: 1, name: trust, start:0x6000, size:0x2000
GPT part: 2, name: misc, start:0x8000, size:0x2000
GPT part: 3, name: baseparameter, start:0xa000, size:0x800
GPT part: 4, name: resource, start:0xa800, size:0x8000
GPT part: 5, name: kernel, start:0x12800, size:0x10000
GPT part: 6, name: dtb, start:0x22800, size:0x2000
GPT part: 7, name: dtbo, start:0x24800, size:0x2000
GPT part: 8, name: logo, start:0x26800, size:0x8000
GPT part: 9, name: vbmeta, start:0x2e800, size:0x800
GPT part: 10, name: boot, start:0x2f000, size:0x10000
GPT part: 11, name: recovery, start:0x3f000, size:0x20000
GPT part: 12, name: backup, start:0x5f000, size:0x8000
GPT part: 13, name: cache, start:0x67000, size:0x80000
GPT part: 14, name: system, start:0xe7000, size:0x400000
GPT part: 15, name: metadata, start:0x4e7000, size:0x8000
GPT part: 16, name: vendor, start:0x4ef000, size:0x60000
GPT part: 17, name: oem, start:0x54f000, size:0x20000
GPT part: 18, name: frp, start:0x56f000, size:0x400
GPT part: 19, name: security, start:0x56f400, size:0x1000
GPT part: 20, name: userdata, start:0x570400, size:0x6f0bbdf
find partition:uboot OK. first_lba:0x4000.
find partition:trust OK. first_lba:0x6000.
LoadTrust Addr:0x6000
No find bl30.bin
HashBits:256, HashData:
6cf28742
2df532aa
1ea29e7b
85e4e128
9675b550
859f84c1
c47158c4
9373e8ea
CalcHash:
2a0cacfb
655bd8b6
09989b08
c0ff4464
9d525d13
47eb7212
89197119
20d1a938
bl31.bin_0:CheckImage Fail!
LoadTrust Addr:0x6400
LoadTrust Addr:0x6800
LoadTrust Addr:0x6c00
LoadTrust Addr:0x7000
No find bl30.bin
Load uboot, ReadLba = 4000
hdr 000000000337a380 + 0x0:0x50,0x41,0x52,0x4d,0x66,0x03,0x00,0x00,0x46,0x49,0x52,0x4d,0x57,0x41,0x52,0x45,
Load OK, addr=0x200000, size=0xeb934
RunBL31 0x10000
NOTICE: BL31: v1.3(debug):9d3f591
NOTICE: BL31: Built : 14:39:02, Jan 17 2018
NOTICE: BL31:Rockchip release version: v1.3
INFO: ARM GICv2 driver initialized
INFO: Using opteed sec cpu_context!
INFO: boot cpu mask: 1
INFO: plat_rockchip_pmu_init: pd status 0xe
INFO: BL31: Initializing runtime services
INFO: BL31: Initializing BL32
ERR [0x0] TEE-CORE:atags_get_tag:146: atags_get_tag: find unknown magic(d7f5f65b)
INF [0x0] TEE-CORE:init_primary_helper:337: Initializing (1.1.0-187-g3f0aafa6 #9 Wed Oct 31 06:28:55 UTC 2018 aarch64)
pressing and holding reset (without connecting to USB)
Code:
Wed Oct 31 06:28:55 UTC 2018 aarch64)
INF [0x0] TEE-CORE:init_primary_helper:338: Release version: 1.4
INF [0x0] TEE-CORE:init_teecore:83: teecore inits done
INFO: BL31: Preparing for EL3 exit to normal world
INFO: Entry point address = 0x200000
INFO: SPSR = 0x3c9
U-Boot 2017.09-02211-gd8ce1d0-dirty (Nov 27 2018 - 09:57:42 +0800)
Model: Rockchip RK3328 EVB
DRAM: 4 GiB
Relocation Offset is: fcbda000
Using default environment
[email protected]: 1, [email protected]: 0
Card did not respond to voltage select!
mmc_init: -95, time 10
switch to partitions #0, OK
mmc0(part 0) is current device
boot mode: normal
bad resource image magic: oint (current EL)
DTB: rk-kernel.dtb
bad resource image magic: oint (current EL)
Can't find file:rk-kernel.dtb
init_kernel_dtb dtb in resource read fail
In: serial
Out: serial
Err: serial
Model: Rockchip RK3328 EVB
rockchip_set_serialno: could not find efuse device
CLK: apll 400000000 Hz
dpll 664000000 Hz
cpll 1200000000 Hz
gpll 491009999 Hz
npll 600000000 Hz
armclk 600000000 Hz
aclk_bus 150000000 Hz
hclk_bus 75000000 Hz
pclk_bus 75000000 Hz
aclk_peri 150000000 Hz
hclk_peri 75000000 Hz
pclk_peri 75000000 Hz
Net: Net Initialization Skipped
No ethernet found.
Hit any key to stop autoboot: 0
ca head not found
ANDROID: reboot reason: "(none)"
get share memory, arg0=0x0 arg1=0x9e08000 arg2=0x3f8000 arg3=0x1
read_is_device_unlocked() ops returned that device is UNLOCKED
avb_slot_verify.c:637: ERROR: vbmeta: Error verifying vbmeta image: OK_NOT_SIGNE D
get share memory, arg0=0x0 arg1=0x9e08000 arg2=0x3f8000 arg3=0x1
DDR version 1.13 20180428
ID:0x805 N
In
DDR3
333MHz
Bus Width=32 Col=11 Bank=8 Row=16 CS=1 Die Bus-Width=16 Size=4096MB
ddrconfig:3
OUT
Boot1 Release Time: Sep 7 2018 15:49:55, version: 2.49
ChipType = 0x11, 193
mmc2:cmd19,100
SdmmcInit=2 0
BootCapSize=2000
UserCapSize=59640MB
FwPartOffset=2000 , 2000
SdmmcInit=0 NOT PRESENT
StorageInit ok = 286281
Raw SecureMode = 0
SecureInit read PBA: 0x4
SecureInit read PBA: 0x404
SecureInit read PBA: 0x804
SecureInit read PBA: 0xc04
SecureInit read PBA: 0x1004
SecureInit ret = 0, SecureMode = 0
GPT part: 0, name: uboot, start:0x4000, size:0x2000
GPT part: 1, name: trust, start:0x6000, size:0x2000
GPT part: 2, name: misc, start:0x8000, size:0x2000
GPT part: 3, name: baseparameter, start:0xa000, size:0x800
GPT part: 4, name: resource, start:0xa800, size:0x8000
GPT part: 5, name: kernel, start:0x12800, size:0x10000
GPT part: 6, name: dtb, start:0x22800, size:0x2000
GPT part: 7, name: dtbo, start:0x24800, size:0x2000
GPT part: 8, name: logo, start:0x26800, size:0x8000
GPT part: 9, name: vbmeta, start:0x2e800, size:0x800
GPT part: 10, name: boot, start:0x2f000, size:0x10000
GPT part: 11, name: recovery, start:0x3f000, size:0x20000
GPT part: 12, name: backup, start:0x5f000, size:0x8000
GPT part: 13, name: cache, start:0x67000, size:0x80000
GPT part: 14, name: system, start:0xe7000, size:0x400000
GPT part: 15, name: metadata, start:0x4e7000, size:0x8000
GPT part: 16, name: vendor, start:0x4ef000, size:0x60000
GPT part: 17, name: oem, start:0x54f000, size:0x20000
GPT part: 18, name: frp, start:0x56f000, size:0x400
GPT part: 19, name: security, start:0x56f400, size:0x1000
GPT part: 20, name: userdata, start:0x570400, size:0x6f0bbdf
find partition:uboot OK. first_lba:0x4000.
find partition:trust OK. first_lba:0x6000.
LoadTrust Addr:0x6000
No find bl30.bin
HashBits:256, HashData:
6cf28742
2df532aa
1ea29e7b
85e4e128
9675b550
859f84c1
c47158c4
9373e8ea
CalcHash:
2a0cacfb
655bd8b6
09989b08
c0ff4464
9d525d13
47eb7212
89197119
20d1a938
bl31.bin_0:CheckImage Fail!
LoadTrust Addr:0x6400
LoadTrust Addr:0x6800
LoadTrust Addr:0x6c00
LoadTrust Addr:0x7000
No find bl30.bin
Load uboot, ReadLba = 4000
hdr 000000000337a380 + 0x0:0x50,0x41,0x52,0x4d,0x66,0x03,0x00,0x00,0x46,0x49,0x52,0x4d,0x57,0x41,0x52,0x45,
Load OK, addr=0x200000, size=0xeb934
RunBL31 0x10000
NOTICE: BL31: v1.3(debug):9d3f591
NOTICE: BL31: Built : 14:39:02, Jan 17 2018
NOTICE: BL31:Rockchip release version: v1.3
INFO: ARM GICv2 driver initialized
INFO: Using opteed sec cpu_context!
INFO: boot cpu mask: 1
INFO: plat_rockchip_pmu_init: pd status 0xe
INFO: BL31: Initializing runtime services
INFO: BL31: Initializing BL32
ERR [0x0] TEE-CORE:atags_get_tag:146: atags_get_tag: find unknown magic(d7f5f65b)
INF [0x0] TEE-CORE:init_primary_helper:337: Initializing (1.1.0-187-g3f0aafa6 #9 Wed Oct 31 06:28:55 UTC 2018 aarch64)
INF [0x0] TEE-CORE:init_primary_helper:338: Release version: 1.4
INF [0x0] TEE-CORE:init_teecore:83: teecore inits done
INFO: BL31: Preparing for EL3 exit to normal world
INFO: Entry point address = 0x200000
INFO: SPSR = 0x3c9
U-Boot 2017.09-02211-gd8ce1d0-dirty (Nov 27 2018 - 09:57:42 +0800)
Model: Rockchip RK3328 EVB
DRAM: 4 GiB
Relocation Offset is: fcbda000
Using default environment
[email protected]: 1, [email protected]: 0
Card did not respond to voltage select!
mmc_init: -95, time 9
switch to partitions #0, OK
mmc0(part 0) is current device
boot mode: None
bad resource image magic: oint (current EL)
DTB: rk-kernel.dtb
bad resource image magic: oint (current EL)
Can't find file:rk-kernel.dtb
init_kernel_dtb dtb in resource read fail
In: serial
Out: serial
Err: serial
Model: Rockchip RK3328 EVB
rockchip_set_serialno: could not find efuse device
CLK: apll 400000000 Hz
dpll 664000000 Hz
cpll 1200000000 Hz
gpll 491009999 Hz
npll 600000000 Hz
armclk 600000000 Hz
aclk_bus 150000000 Hz
hclk_bus 75000000 Hz
pclk_bus 75000000 Hz
aclk_peri 150000000 Hz
hclk_peri 75000000 Hz
pclk_peri 75000000 Hz
Net: Net Initialization Skipped
No ethernet found.
Hit any key to stop autoboot: 0
ca head not found
ANDROID: reboot reason: "(none)"
get share memory, arg0=0x0 arg1=0x9e08000 arg2=0x3f8000 arg3=0x1
read_is_device_unlocked() ops returned that device is UNLOCKED
avb_slot_verify.c:637: ERROR: vbmeta: Error verifying vbmeta image: OK_NOT_SIGNED
get share memory, arg0=0x0 arg1=0x9e08000 arg2=0x3f8000 arg3=0x1
Booting kernel at 0x207f800 with fdt at f4dcfca0...
## Booting Android Image at 0x0207f800 ...
Kernel load addr 0x02080000 size 19005 KiB
## Flattened Device Tree blob at f4dcfca0
Booting using the fdt blob at 0xf4dcfca0
XIP Kernel Image ... OK
Loading Device Tree to 00000000081fb000, end 00000000081ff0f8 ... OK
Adding bank: 0x00200000 - 0x08400000 (size: 0x08200000)
Adding bank: 0x0a200000 - 0xff000000 (size: 0xf4e00000)
Starting kernel ...
"Synchronous Abort" handler, esr 0x02000000
* Relocate offset = 00000000fcbda000
* ELR(PC) = ffffffff064c6000
* LR = 0000000000201f00
* SP = 00000000f4dcf2a0
* ESR_EL2 = 0000000002000000
EC[31:26] == 000000, Exception with an unknown reason
IL[25] == 1, 32-bit instruction trapped
* DAIF = 00000000000003c0
D[9] == 1, DBG masked
A[8] == 1, ABORT masked
I[7] == 1, IRQ masked
F[6] == 1, FIQ masked
* SPSR_EL2 = 00000000600003c9
D[9] == 1, DBG masked
A[8] == 1, ABORT masked
I[7] == 1, IRQ masked
F[6] == 1, FIQ masked
M[4] == 0, Exception taken from AArch64
M[3:0] == 1001, EL2h
* SCTLR_EL2 = 0000000030c50830
I[12] == 0, Icache disabled
C[2] == 0, Dcache disabled
M[0] == 0, MMU disabled
* HCR_EL2 = 0000000000000002
* VBAR_EL2 = 00000000fcdda800
* TTBR0_EL2 = 00000000feff0000
x0 : 00000000081fb000 x1 : 0000000000000000
x2 : 0000000000000000 x3 : 0000000000000000
x4 : 0000000002080000 x5 : 0000000000000001
x6 : 0000000000000008 x7 : 0000000000000000
x8 : 00000000f4dcf320 x9 : 0000000001008000
x10: 000000000a200023 x11: 0000000000000002
x12: 0000000000000002 x13: 00000000f4dcf36c
x14: 00000000081fb000 x15: 00000000fcddb5a8
x16: 0000000000000002 x17: 00000000081ff0f9
x18: 00000000f4dd1da0 x19: 0000000000000400
x20: 00000000fcec52e0 x21: 0000000000000000
x22: 0000000000000003 x23: 00000000f4dcf630
x24: 0000000000000000 x25: 0000000002080000
x26: 00000000fcddbea4 x27: 0000000000000400
x28: 0000000002080000 x29: 00000000f4dcf480
SP:
f4dcf2a0: 00000000 00000000 00000000 00000000
f4dcf2b0: 00000000 00000000 fcea3759 00000000
f4dcf2c0: 00000000 00000000 00000000 00000000
f4dcf2d0: fcea37a0 00000000 fcea37c6 00000000
f4dcf2e0: fcea3813 00000000 fcea3860 00000000
f4dcf2f0: fcea38a0 00000000 fcea38e0 00000000
f4dcf300: fcea391d 00000000 00000000 00000000
f4dcf310: 00000000 00000000 fcea395a 00000000
f4dcf320: f4dcf480 00000000 fcddaa0c 00000000
f4dcf330: 00000400 00000000 fce9d415 00000000
f4dcf340: feff0000 00000000 00000002 00000000
f4dcf350: 30c50830 00000000 f4dcf2a0 00000000
f4dcf360: 600003c9 00000000 fcdda800 00000000
f4dcf370: 000003c0 00000000 02000000 00000000
f4dcf380: 030a0000 00000000 081fb000 00000000
f4dcf390: 00000000 00000000 00000000 00000000
Resetting CPU ...
WARN: PSCI sysreset is disabled
DDR version 1.13 20180428
ID:0x805 N
In
SRX
DDR3
333MHz
Bus Width=32 Col=11 Bank=8 Row=16 CS=1 Die Bus-Width=16 Size=4096MB
ddrconfig:3
OUT
Boot1 Release Time: Sep 7 2018 15:49:55, version: 2.49
ChipType = 0x11, 261
mmc2:cmd19,100
SdmmcInit=2 0
BootCapSize=2000
UserCapSize=59640MB
FwPartOffset=2000 , 2000
SdmmcInit=0 NOT PRESENT
StorageInit ok = 285008
Raw SecureMode = 0
SecureInit read PBA: 0x4
SecureInit read PBA: 0x404
SecureInit read PBA: 0x804
SecureInit read PBA: 0xc04
SecureInit read PBA: 0x1004
SecureInit ret = 0, SecureMode = 0
GPT part: 0, name: uboot, start:0x4000, size:0x2000
GPT part: 1, name: trust, start:0x6000, size:0x2000
GPT part: 2, name: misc, start:0x8000, size:0x2000
GPT part: 3, name: baseparameter, start:0xa000, size:0x800
GPT part: 4, name: resource, start:0xa800, size:0x8000
GPT part: 5, name: kernel, start:0x12800, size:0x10000
GPT part: 6, name: dtb, start:0x22800, size:0x2000
GPT part: 7, name: dtbo, start:0x24800, size:0x2000
GPT part: 8, name: logo, start:0x26800, size:0x8000
GPT part: 9, name: vbmeta, start:0x2e800, size:0x800
GPT part: 10, name: boot, start:0x2f000, size:0x10000
GPT part: 11, name: recovery, start:0x3f000, size:0x20000
GPT part: 12, name: backup, start:0x5f000, size:0x8000
GPT part: 13, name: cache, start:0x67000, size:0x80000
GPT part: 14, name: system, start:0xe7000, size:0x400000
GPT part: 15, name: metadata, start:0x4e7000, size:0x8000
GPT part: 16, name: vendor, start:0x4ef000, size:0x60000
GPT part: 17, name: oem, start:0x54f000, size:0x20000
GPT part: 18, name: frp, start:0x56f000, size:0x400
GPT part: 19, name: security, start:0x56f400, size:0x1000
GPT part: 20, name: userdata, start:0x570400, size:0x6f0bbdf
find partition:uboot OK. first_lba:0x4000.
find partition:trust OK. first_lba:0x6000.
LoadTrust Addr:0x6000
No find bl30.bin
HashBits:256, HashData:
6cf28742
2df532aa
1ea29e7b
85e4e128
9675b550
859f84c1
c47158c4
9373e8ea
CalcHash:
2a0cacfb
655bd8b6
09989b08
c0ff4464
9d525d13
47eb7212
89197119
20d1a938
bl31.bin_0:CheckImage Fail!
LoadTrust Addr:0x6400
LoadTrust Addr:0x6800
LoadTrust Addr:0x6c00
LoadTrust Addr:0x7000
No find bl30.bin
Load uboot, ReadLba = 4000
hdr 000000000337a380 + 0x0:0x50,0x41,0x52,0x4d,0x66,0x03,0x00,0x00,0x46,0x49,0x52,0x4d,0x57,0x41,0x52,0x45,
Load OK, addr=0x200000, size=0xeb934
RunBL31 0x10000
NOTICE: BL31: v1.3(debug):9d3f591
NOTICE: BL31: Built : 14:39:02, Jan 17 2018
NOTICE: BL31:Rockchip release version: v1.3
INFO: ARM GICv2 driver initialized
INFO: Using opteed sec cpu_context!
INFO: boot cpu mask: 1
INFO: plat_rockchip_pmu_init: pd status 0xe
INFO: BL31: Initializing runtime services
INFO: BL31: Initializing BL32
INF [0x0] TEE-CORE:init_primary_helper:337: Initializing (1.1.0-187-g3f0aafa6 #9 Wed Oct 31 06:28:55 UTC 2018 aarch64)
When connecting USB for flashing the Log shows the detection and do not loop anymore, it is waiting for the process to be initiated by the computer
I try to flash the Android 8.1 firmware without luck because the automatic checks stopped the process before starting
So I tried to flash with Factory Tool 1.6 but also without success, it is checking also before starting the flash process
Searching all over the web I found different versions of these tools and test newer ones but also without success.
After a while I found a Tool called Rockchip Android Tool 2.1 for Rockchip based single board computers.
This tool has much more options to check and flash a Rockchip board over USB.
Most of the checks failed and I figured out that a normal flashing process will always reboot the board into Maskrom mode
It seems that my device is not able to go into Maskrom Mode anymore because after starting the flash process it is reseting and booting normal (bootloop) instead of switching to Maskrom Mode.
A bit of evaluation tells me that the Maskrom Mode can also be achieved by shorting the Flash CLK to ground during boot. (I know a similar process for my Fire HD8 Tablet)
I checked if I can find the CLK line on the board but it seems that it is not accessably from the surface of the PCB.
After minutes of reaserch I figured out that there are also newer version of the Android Tool available and I tested all I can find.
Also Device drivers shall be updated due to a problem report of an Rockchip device singel board computer owner that has also some difficulties working with the tools.
My luck I found RKDevTool 2.52 (The new name of the Android Tool), in this tool a few of the tests for Rockchip devices are working and I was able to flash Android 8.1 and enter the Maskrom Mode sucessfully.
Now that my Device is back alive I will also post some logs and pictures of my device to help others when trying to debrick/reacticate from an unexpected state.
@sandman01
Try this
thanks for your post.
I think I was a bit to euphoric because my box is working again and I only want to share my experiance for others runnign in the same Situation.
It was hard to get all the Information out of the web, from multiple places.
sandman01 said:
thanks for your post.
I think I was a bit to euphoric because my box is working again and I only want to share my experiance for others runnign in the same Situation.
It was hard to get all the Information out of the web, from multiple places.
Click to expand...
Click to collapse
Ok no probs
Can't find those files on Drive anymore, can you please share them? Can't find a place to download RKDevtool
Thanks in advance