The Segmentation Fault error is fixed on LineageOS. It will be fixed progressively in any other ROM in the upcoming updates.
Infinite thanks to @wzedlare, and the other persons and devs that helped us. Im gonna request to mods to close this thread
And over again thanks to all! I'm so happy now!
On certain devices a series of binaries, shell/ADB commands are not working correctly.
Most of the time when one of these binaries I invoked the crash with a "Segmentation fault" error (SIGEGV 11). If the command/binarie is executed multiple times, at some point it works without the error. (1 of 30 times approximately).
These commands/binaries are very important for Root applications, but are not limited to them.
As a result many applications that need ROOT work very sporadically, and some not root apps are affected too.
If you are suffering the same problem, please share your logcats, the app or the command affected, and your device model, in order to get more information about the problem to help the devs and other users.
Affected ROMs and Devices
So far all customs ROMs for Cedric are affected. It appears to be related to a Cedric variant with Dual SIM, removable battery and 3GB of RAM. Mostly sold in Europe trough Amazon.
Known affected apps and Workarrounds:
SuperSu and MagikSU(all versions): Devices rooted with Magisk or SuperSu, suffer from the error almost every time that SU binarir is invoked. The visible symptom is that although according the info provided by the application (Magisk manager says that the device is correctly rooted), the requests to get root permission will not popup because the binarie is crash almost 29 to 30 times. As a result these options for root are almost useless.
LineageOS SU By itself works correctly, the binarie will not crash, but the other commands still will be affected. Is the most funtional root option for affected devices!!
Secure Settings, BetterBattery stats, AutoTools ADB commands to Grant permissions can be executed multiple times. Once authorized, they work correctly.
Super Doze To change doze settings you need to press apply button multiple times. There is no way to know when the change was actually applied except using ADB.
Nap Time it's useless to change doze settings, but force doze is working.
Greenify, Servicely The will pop out an error every time that trying to stop every single app. In short they are useles.
Titanium BackUp and Link2SD To freeze or unfreeze an app you must tap multiples times until it work.
Disable Services Tap multiple times until it work.
LiveBoot After installed it will work only 1/30 reboots (Useless)
Known affected binaries
pm
am
settings
adb backup
Magisk Su, and Super Su
Disclaimer:
I'm not a developer. I created this topic to help other users, to find a workarounds to the error. I'm not a developer. I created this topic to help other users, to find a way to dodge the error.
In addition I hope to raise awareness about this problem and help the devs with the information that is recopiled.
Screenshots Examples and Logcats of the error
Logcat: http://cloud.tapatalk.com/s/59...279dd2/2017-07-25-12-12-33.txt
Series of post in LineageOS Thread talking about the issue: https://forum.xda-developers.com/g5/development/7-1-x-lineageos-14-1-moto-g5-t3611973/page48
Tipical Crash message after invoking a command:
Code:
08-23 19:04:28.670 12408 12408 I chatty : uid=0(root) app_process expire 847 lines
08-23 19:04:28.694 11748 11748 W Atfwd_Sendcmd: AtCmdFwd service not published, waiting... retryCnt : 4
08-23 19:04:28.715 12408 12408 F libc : Fatal signal 11 (SIGSEGV), code 1, fault addr 0x9c in tid 12408 (app_process)
08-23 19:04:28.716 402 402 I chatty : uid=0(root) /system/bin/debuggerd expire 2 lines
08-23 19:04:28.777 12410 12410 F DEBUG : *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
08-23 19:04:28.778 12410 12410 F DEBUG : LineageOS Version: '14.1-20170811-UNOFFICIAL-cedric'
08-23 19:04:28.778 12410 12410 F DEBUG : Build fingerprint: 'motorola/lineage_cedric/cedric:7.1.2/NJH47F/43d07c81c5:userdebug/test-keys'
08-23 19:04:28.778 12410 12410 F DEBUG : Revision: '0'
08-23 19:04:28.778 12410 12410 F DEBUG : ABI: 'arm'
08-23 19:04:28.778 12410 12410 F DEBUG : pid: 12408, tid: 12408, name: app_process >>> app_process
[/Quote]
Click to expand...
Click to collapse
Great thread! My device is also affected and matches the mentioned specs.
I've got the recommended LineageSU method installed but normally don't use ADB. The only application I did try to use is Liveboot, where the test mode fails to start quite often. Transferring files via USB won't work on the first try, but I don't know how to tell if that is related. My device also is the European G5 with triple slot, 16GB and removable battery, type XT1676 or M2675. Currently running the unofficial LineageOS 14.1 build by @wzedlare from August, 2017.
ektus said:
I've got the recommended LineageSU method installed but normally don't use ADB. The only application I did try to use is Liveboot, where the test mode fails to start quite often. Transferring files via USB won't work on the first try, but I don't know how to tell if that is related. My device also is the European G5 with triple slot, 16GB and removable battery, type XT1676 or M2675. Currently running the unofficial LineageOS 14.1 build by @wzedlare from August, 2017.
Click to expand...
Click to collapse
The easiest way to check if a problem is caused by the segmentation fault is open a terminal emulator session (you can install any terminal emulator from the Playstore), and write:
su
logcat | grep "signal 11 (SIGSEGV)"
It will filter the logcat showing the Segmentation Fault errors. If you get new errors when performing an certain action, or opening certain app, it's affected by the error.
Enviado desde mi Moto G5 mediante Tapatalk
The easiest way to check if a problem is caused by the segmentation fault is open a terminal emulator session (you can install any terminal emulator from the Playstore), and write:
su
logcat | grep "signal 11 (SIGSEGV)"
Click to expand...
Click to collapse
That one shows quite a number of results, at a first glance most with
Code:
signal 11 (SIGSEGV), code 1 (SEGV_MAPPER), fault addr 0x9c in tid xxxxx (zygote)
and one of each with
Code:
(app_process)
and
Code:
(Downloadmanager)
The fault addr is always the same except for the Downloadmanager where it's
Code:
code 2 (SEGV_ACCERR), fault addr 0x200006464
.
Regards
Ektus.
Just for reference and to add to the discussion started in the Moto G5 TWRP thread, I never had any such issuess. My model is the 3GB dual sim version, bought at Amazon Germany. LineageOS with root addon.
Don't know if it is of importance but it never got to boot a clean system with changed filesystem. Tried to change /data to ext4, also tried it with /system as f2fs but nothing worked. This also happened with the new TWRP 3.1.1.
I also tried to flash phh supersu with noverity. But could only boot to bootloader which gave me an error.
Just wanted to share my attempts. I have limited knowledge of the fundamentals of segmentation so I just tried whatever I could find.
floydburgermcdahm said:
Just for reference and to add to the discussion started in the Moto G5 TWRP thread, I never had any such issuess. My model is the 3GB dual sim version, bought at Amazon Germany. LineageOS with root addon.
Click to expand...
Click to collapse
F***! what will be the difference between your device and mine?
Did you ever use the rooted stock ROM?
Can you please, share these numbers from the sticker behind your battery, to know your exact device variant:
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Thanks for your help!
Enviado desde mi Moto G5 mediante Tapatalk
Anyone affected with segmentation fault error, o with a device with Dual SIM, please share these numbers.
A picture is not necessary, just the numbers. It's behind the battery
Enviado desde mi Moto G5 mediante Tapatalk
Here is mine.
Edit: if picture is too small, it is the same phone as yours...
Just for reference my phone doesn't have any issues with root function
XT1675
2+16gb
All other numbers are the same
The FCC ID is the registration code for the United States
Federal Communications Commission
First three letters are grantee code - the rest is product code
I think the type relates to the battery size
mrfrantastic said:
Here is mine.
Edit: if picture is too small, it is the same phone as yours...
Click to expand...
Click to collapse
Let's see if @floydburgermcdahm has exactly the same device. Perhaps there is more than one 3gb Dual SIM Variant.
floydburgermcdahm said:
I never had any such issuess. My model is the 3GB dual sim version, bought at Amazon Germany. LineageOS with root addon.
Click to expand...
Click to collapse
Enviado desde mi Moto G5 mediante Tapatalk
andyro2008 said:
Let's see if @floydburgermcdahm has exactly the same device. Perhaps there is more than one 3gb Dual SIM Variant.
Click to expand...
Click to collapse
Mine is: XT1676, 3+16GB, FCC ID: IHDT56VF4, Type: M2675
So, no idea what the difference between our devices might be. I did use the stock ROM briefly, but never rooted it. Went straight to LOS with root addon.
Yeah and thanks for reminding me that the bloody case is a ***** to open!
floydburgermcdahm said:
Mine is: XT1676, 3+16GB, FCC ID: IHDT56VF4, Type: M2675
So, no idea what the difference between our devices might be. I did use the stock ROM briefly, but never rooted it. Went straight to LOS with root addon.
Yeah and thanks for reminding me that the bloody case is a ***** to open!
Click to expand...
Click to collapse
So if you type "pm" in a terminal you don't get a segmentation fault?
TheFixItMan said:
Just for reference my phone doesn't have any issues with root function
XT1675
2+16gb
All other numbers are the same
The FCC ID is the registration code for the United States
Federal Communications Commission
First three letters are grantee code - the rest is product code
I think the type relates to the battery size
Click to expand...
Click to collapse
I tried a strace with the command "pm". Something of this can be useful? Can it be something related to libraries? Those "No such file or directory" are weird. The full log files, one from a successfull pm and another for a failed one, are attached. Thanks for your atention, i hope you could help us.
Code:
openat(AT_FDCWD, "/system/lib/libart.so", O_RDONLY|O_LARGEFILE) = 5
fstat64(5, {st_mode=0, st_size=1, ...}) = 0
read(5, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0\0\0\0\0004\0\0\0"..., 4096) = 4096
_llseek(5, 5888928, [5888928], SEEK_SET) = 0
read(5, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 4096) = 1320
_llseek(5, 4584364, [4584364], SEEK_SET) = 0
read(5, "\0.symtab\0.strtab\0.shstrtab\0.inte"..., 4096) = 4096
_llseek(5, 4584348, [4584348], SEEK_SET) = 0
read(5, "libart.so\0\0\0\21\r\350\370\0.symtab\0.strtab"..., 4096) = 4096
close(5) = 0
openat(AT_FDCWD, "/system/lib/.debug/libart.so", O_RDONLY|O_LARGEFILE) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/lib/debug/system/lib/libart.so", O_RDONLY|O_LARGEFILE) = -1 ENOENT (No such file or directory)
clock_gettime(CLOCK_MONOTONIC, {7390, 135831818}) = 0
openat(AT_FDCWD, "/system/lib/libandroid_runtime.so", O_RDONLY|O_LARGEFILE) = 5
fstat64(5, {st_mode=0, st_size=1, ...}) = 0
mmap2(NULL, 1075276, PROT_READ, MAP_PRIVATE, 5, 0) = 0xaaada000
close(5) = 0
openat(AT_FDCWD, "/system/lib/libandroid_runtime.so", O_RDONLY|O_LARGEFILE) = 5
fstat64(5, {st_mode=0, st_size=1, ...}) = 0
read(5, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0\0\0\0\0004\0\0\0"..., 4096) = 4096
_llseek(5, 1074116, [1074116], SEEK_SET) = 0
read(5, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 4096) = 1160
_llseek(5, 1073810, [1073810], SEEK_SET) = 0
read(5, "\0.shstrtab\0.interp\0.note.android"..., 4096) = 1466
_llseek(5, 1073782, [1073782], SEEK_SET) = 0
read(5, "libandroid_runtime.so\0\0\0o\223i\206\0.sh"..., 4096) = 1494
close(5) = 0
openat(AT_FDCWD, "/system/lib/libandroid_runtime.so", O_RDONLY|O_LARGEFILE) = 5
fstat64(5, {st_mode=0, st_size=1, ...}) = 0
read(5, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0\0\0\0\0004\0\0\0"..., 4096) = 4096
_llseek(5, 1074116, [1074116], SEEK_SET) = 0
read(5, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 4096) = 1160
_llseek(5, 1073810, [1073810], SEEK_SET) = 0
read(5, "\0.shstrtab\0.interp\0.note.android"..., 4096) = 1466
_llseek(5, 1073782, [1073782], SEEK_SET) = 0
read(5, "libandroid_runtime.so\0\0\0o\223i\206\0.sh"..., 4096) = 1494
close(5) = 0
openat(AT_FDCWD, "/system/lib/.debug/libandroid_runtime.so", O_RDONLY|O_LARGEFILE) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/lib/debug/system/lib/libandroid_runtime.so", O_RDONLY|O_LARGEFILE) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/system/bin/app_process32", O_RDONLY|O_LARGEFILE) = 5
fstat64(5, {st_mode=0, st_size=1, ...}) = 0
Sorry repeated post
andyro2008 said:
I tried a strace with the command "pm". Something of this can be useful? Can it be something related to libraries? Those "No such file or directory" are weird. The full log files, one from a successfull pm and another for a failed one, are attached. Thanks for your atention, i hope you could help us.
Code:
openat(AT_FDCWD, "/system/lib/libart.so", O_RDONLY|O_LARGEFILE) = 5
fstat64(5, {st_mode=0, st_size=1, ...}) = 0
read(5, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0\0\0\0\0004\0\0\0"..., 4096) = 4096
_llseek(5, 5888928, [5888928], SEEK_SET) = 0
read(5, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 4096) = 1320
_llseek(5, 4584364, [4584364], SEEK_SET) = 0
read(5, "\0.symtab\0.strtab\0.shstrtab\0.inte"..., 4096) = 4096
_llseek(5, 4584348, [4584348], SEEK_SET) = 0
read(5, "libart.so\0\0\0\21\r\350\370\0.symtab\0.strtab"..., 4096) = 4096
close(5) = 0
openat(AT_FDCWD, "/system/lib/.debug/libart.so", O_RDONLY|O_LARGEFILE) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/lib/debug/system/lib/libart.so", O_RDONLY|O_LARGEFILE) = -1 ENOENT (No such file or directory)
clock_gettime(CLOCK_MONOTONIC, {7390, 135831818}) = 0
openat(AT_FDCWD, "/system/lib/libandroid_runtime.so", O_RDONLY|O_LARGEFILE) = 5
fstat64(5, {st_mode=0, st_size=1, ...}) = 0
mmap2(NULL, 1075276, PROT_READ, MAP_PRIVATE, 5, 0) = 0xaaada000
close(5) = 0
openat(AT_FDCWD, "/system/lib/libandroid_runtime.so", O_RDONLY|O_LARGEFILE) = 5
fstat64(5, {st_mode=0, st_size=1, ...}) = 0
read(5, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0\0\0\0\0004\0\0\0"..., 4096) = 4096
_llseek(5, 1074116, [1074116], SEEK_SET) = 0
read(5, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 4096) = 1160
_llseek(5, 1073810, [1073810], SEEK_SET) = 0
read(5, "\0.shstrtab\0.interp\0.note.android"..., 4096) = 1466
_llseek(5, 1073782, [1073782], SEEK_SET) = 0
read(5, "libandroid_runtime.so\0\0\0o\223i\206\0.sh"..., 4096) = 1494
close(5) = 0
openat(AT_FDCWD, "/system/lib/libandroid_runtime.so", O_RDONLY|O_LARGEFILE) = 5
fstat64(5, {st_mode=0, st_size=1, ...}) = 0
read(5, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0\0\0\0\0004\0\0\0"..., 4096) = 4096
_llseek(5, 1074116, [1074116], SEEK_SET) = 0
read(5, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 4096) = 1160
_llseek(5, 1073810, [1073810], SEEK_SET) = 0
read(5, "\0.shstrtab\0.interp\0.note.android"..., 4096) = 1466
_llseek(5, 1073782, [1073782], SEEK_SET) = 0
read(5, "libandroid_runtime.so\0\0\0o\223i\206\0.sh"..., 4096) = 1494
close(5) = 0
openat(AT_FDCWD, "/system/lib/.debug/libandroid_runtime.so", O_RDONLY|O_LARGEFILE) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/lib/debug/system/lib/libandroid_runtime.so", O_RDONLY|O_LARGEFILE) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/system/bin/app_process32", O_RDONLY|O_LARGEFILE) = 5
fstat64(5, {st_mode=0, st_size=1, ...}) = 0
Click to expand...
Click to collapse
Both them lib files are present in system/lib
I don't have any knowledge of coding to be of assistance
mrfrantastic said:
So if you type "pm" in a terminal you don't get a segmentation fault?
Click to expand...
Click to collapse
Nope.
Since we only have a very small number of affected devices it is obviously difficult to extrapolate general statements. But for now(!) it seems(!) that there are models which are not affected by the fault although they match (on first glance) OP's and my phone's specs. On the other hand there are (again: for now) only devices with above mentioned serial number affected by the fault.
Since we tried different ROMS with different sources could it be kernel related? I am assuming that all ROMS at least partially share the same kernel. And if so, how do we get someone to try to fix the kernel?
The next common denominator might be either TWRP or SU...
At least Xposed is NOT affected in any way by the Segmentation fault error, so you can use it without problem.
Enviado desde mi Moto G5 mediante Tapatalk
Related
I ran the latest version 0.36 on my Mio8390 which is using a PXA262 processor
running smartphone 2003.
When I started haret I've got an error message :
EXCEPTION reading coprocessor 15 register 0
twice.
And the detected cpu type is unknown
Anyway i could start the application and open a tcp port
Here is the result of dump cp(0) :
c00: ffffffd2 | c08: ffffffd2
c01: ffffffd2 | c09: ffffffd2
c02: ffffffd2 | c10: ffffffd2
c03: ffffffd2 | c11: ffffffd2
c04: ffffffd2 | c12: ffffffd2
c05: ffffffd2 | c13: ffffffd2
c06: ffffffd2 | c14: ffffffd2
c07: ffffffd2 | c15: ffffffd2
And here is the result of dump mmu:
----- Virtual address map -----
Descriptor flags legend:
C: Cacheable
B: Bufferable
0..3: Access Permissions (for up to 4 slices):
0: Supervisor mode Read
1: Supervisor mode Read/Write
2: User mode Read
3: User mode Read/Write
Error: EXCEPTION reading coprocessor 15 register 2
MMU 1st level descriptor table is at FFFFC000
Virtual | Physical | Descr | Description
address | address | flags |
----------+----------+---------+-----------------------------
Error: EXCEPTION CAUGHT AT MEGABYTE 0!
ffffffff | | | End of virtual address space
It seems that haret is having problem trying to read the CPU registeries,
what could be the problem?
So it means that I have to patch the source of haret before I can use it on a smartphone?
Or is it because of smartphone security policies? something about user-mode, kernel-mode in
wince?
I'm quite a nub but I think I have to know what to read first before I start reading books. Any info or help is appreciated.
aybabtu said:
I ran the latest version 0.36 on my Mio8390 which is using a PXA262 processor
running smartphone 2003.
When I started haret I've got an error message :
EXCEPTION reading coprocessor 15 register 0
...
Any info or help is appreciated.
Click to expand...
Click to collapse
You can try to add this code the the assembler file
and call the functions directly. Worked for
me with wince2.11, where i also had problems:
export |cp15_0|
|cp15_0| proc
mrc p15, 0, r0, c0, c0, 0
mov pc, lr
endp
export |cp15_2|
|cp15_2| proc
mrc p15, 0, r0, c2, c0, 0
mov pc, lr
endp
export |cp15_13|
|cp15_13| proc
mrc p15, 0, r0, c13, c0, 0
mov pc, lr
endp
aybabtu said:
I ran the latest version 0.36 on my Mio8390 which is using a PXA262 processor
running smartphone 2003.
Click to expand...
Click to collapse
Don't forget to post at least the 'dump gpio', FB address,
'dump mmu' and 'pd 0x41300004 4' here when
haret works
cr2 said:
... 'dump gpio', FB address,
'dump mmu' and 'pd 0x41300004 4'
Click to expand...
Click to collapse
Thank you for your help.
I signed the code with a privileged certification, then dump gpio and
physical address worked.
Code:
#dump gpio :
GPIO# D S A INTER | GPIO# D S A INTER | GPIO# D S A INTER | GPIO# D S A INTER
------------------+-------------------+-------------------+------------------
0 I 0 0 FE | 21 I 0 0 | 42 I 1 1 | 63 I 1 0 FE
1 I 0 0 RE FE | 22 O 1 0 | 43 O 1 2 | 64 O 1 0
2 I 0 0 RE | 23 O 0 0 | 44 I 1 1 | 65 O 1 0
3 I 0 0 RE FE | 24 O 0 0 | 45 O 1 2 | 66 O 1 0
4 I 0 0 RE | 25 O 0 0 | 46 I 1 2 | 67 I 1 0 FE
5 I 1 0 FE | 26 I 1 0 | 47 O 1 1 | 68 I 1 0
6 O 0 1 | 27 I 1 0 | 48 I 1 0 | 69 I 0 0
7 I 1 0 | 28 I 1 1 | 49 O 1 2 | 70 I 1 0
8 O 1 1 | 29 I 0 1 | 50 O 1 0 | 71 I 1 0
9 I 1 0 | 30 O 0 2 | 51 O 0 0 | 72 I 1 0 FE
10 I 1 0 FE | 31 O 0 2 | 52 I 1 0 | 73 O 1 0
11 I 1 0 | 32 I 1 0 | 53 I 1 0 | 74 O 0 0
12 I 1 0 RE FE | 33 O 1 2 | 54 O 0 0 | 75 O 1 0
13 I 0 0 RE FE | 34 I 1 1 | 55 O 1 0 | 76 O 0 0
14 I 0 0 RE FE | 35 I 0 1 | 56 O 0 0 | 77 O 0 0
15 O 1 2 | 36 I 0 0 | 57 I 1 0 | 78 O 1 2
16 I 1 0 | 37 I 0 1 | 58 O 0 0 | 79 I 1 2
17 O 1 2 | 38 I 0 0 | 59 O 0 0 | 80 O 1 2
18 I 1 1 | 39 O 1 2 | 60 O 1 0 | 81 I 1 1
19 O 1 0 | 40 O 0 0 | 61 O 1 0 | 82 O 1 1
20 O 1 0 | 41 O 0 0 | 62 O 1 0 | 83 I 1 2
#pd 0x41300004 4 :
41300004 | 00017bef | .{..
(What is so special about these four bytes?)
Then I tried to apply your code, but i don't know where should I call those fumctions, I tried calling them right before cpuDetect() or put it inside cpu-pxa.cpp and call them before cpuGetCP(), same effect.
The error message box doesn't show up but there is no message in the wince side console (detected cpu type),
then the same exception show up when I telnet it and when I dump any cp other then cp0.
phrack #63 - Hacking Windows CE said:
...
; SetProcessorMode.s
AREA |.text|, CODE, ARM
EXPORT |SetProcessorMode|
|SetProcessorMode| PROC
mov r1, lr ; different modes use different lr - save it
msr cpsr_c, r0 ; assign control bits of CPSR
mov pc, r1 ; return
END
...
Most of Pocket PC ROMs were builded with Enable Full Kernel Mode option, so all applications appear to run in kernel mode. The first 5 bits of the Psr register is 0x1F when debugging, that means the ARM processor runs in system mode. This value defined in nkarm.h:
// ARM processor modes
#define USER_MODE 0x10 // 0b10000
#define FIQ_MODE 0x11 // 0b10001
#define IRQ_MODE 0x12 // 0b10010
#define SVC_MODE 0x13 // 0b10011
#define ABORT_MODE 0x17 // 0b10111
#define UNDEF_MODE 0x1b // 0b11011
#define SYSTEM_MODE 0x1f // 0b11111
...
Click to expand...
Click to collapse
I guess smartphone is a little bit different from pocketpc?
Oh, btw I have to specify the address 0x81a00000 when I dumped the
rom using itsme's pmemdump, so it means that 0x81a00000 is mapped to 0x0?
I'd better start reading the ARM reference manual.
aybabtu said:
(What is so special about these four bytes?)
Click to expand...
Click to collapse
This is a ClocKENable (CKEN) register, so you have:
LCD,I2C,ICP,MMC,USB,NSSP,I2S,BTUART,FFUART,STUART,
SSP,AC97,PWM1,PWM0
enabled.
Then I tried to apply your code, but i don't know where should I call those fumctions
Click to expand...
Click to collapse
Add them to the wince/asmstuff.asm file,
and modify the cpuGetCP function in
wince/s-cpu.cpp to
Code:
uint32 cpuGetCP (uint cp, uint regno)
{
uint32 result=0xffffffff;
int ok=0;
if (cp > 15)
return 0xffffffff;
if (cp==15)
{
ok=1;
SetKMode (TRUE);
cli ();
switch (regno)
{
case 0:
result=cp15_0();
break;
case 2:
result=cp15_2();
break;
case 13:
result=cp15_13();
break;
default:
ok=0;
break;
}
sti ();
SetKMode (FALSE);
}
if (!ok) Output (L"Invalid register read cp=%d regno=%d\n",cp,regno);
return result;
uint32 value;
selfmod [0] = 0xee100010 | (cp << 8) | (regno << 16);
if (!FlushSelfMod ("read"))
return 0xffffffff;
__try
{
value = ((uint32 (*) ())&selfmod) ();
}
__except (EXCEPTION_EXECUTE_HANDLER)
{
Complain (C_ERROR ("EXCEPTION reading coprocessor %d register %d"), cp, regno);
value = 0xffffffff;
}
return value;
Oh, btw I have to specify the address 0x81a00000 when I dumped the
rom using itsme's pmemdump, so it means that 0x81a00000 is mapped to 0x0?
Click to expand...
Click to collapse
Maybe, but how did you come to using this address ?
The 'dump gpio' shows that the phone is not using the
builtin LCD pins. Then there must be a
video chipset in the phone. Interesting,
because even HTC is saving money on that.
I tried adding SetKMode to the original function, it worked without
calling your functions.
would there be any possible problem?
Maybe, but how did you come to using this address ?
Click to expand...
Click to collapse
Well I got a leaked dump out rom and tried to extract it with itsme's tool.
and i got something similar to these:
Code:
img 00000000 : hdr=81d5352c base=81a00000 commandlineoffset=81a00000
img 00640000 : hdr=82c40878 base=81a00000 commandlineoffset=81a00000
img 01300000 : hdr=82d02dd8 base=81a00000 commandlineoffset=81a00000
img 01380000 : hdr=8356d204 base=81a00000 commandlineoffset=81a00000
there must be a video chipset in the phone
Click to expand...
Click to collapse
There is a MediaQ MQ2100-JBE chipset inside, i'll look for info for this chipset later. And yes this phone is interesting, low price for it's high specification compared to other same generation phones but crappy customer service .
I'll post the result of dump mmu to the point it crash a little bit later.
aybabtu said:
I tried adding SetKMode to the original function, it worked without
calling your functions.
would there be any possible problem?
Click to expand...
Click to collapse
Unlikely.
Well I got a leaked dump
Click to expand...
Click to collapse
Then you can just lookup the static remapping
table.
There is a MediaQ MQ2100-JBE chipset inside, i'll look for info for this chipset later.
Click to expand...
Click to collapse
The datasheet is available here
www.handhelds.org/platforms/hp/ipaq-h22xx/mq-lcd-interface-appnote.pdf
And the mapping table dumped out using itsme's pmemmap:
Code:
v81a00000-83a00000 -> p00000000-02000000
v86000000-86100000 -> pe0000000-e0100000
v86100000-86200000 -> p48000000-48100000
v86200000-88200000 -> p40000000-42000000
v8c000000-8e000000 -> pa0000000-a2000000
v9a300000-9a400000 -> p04000000-04100000
v9c300000-9c400000 -> p08000000-08100000
v9f600000-9f700000 -> p0c000000-0c100000
v9f800000-9f900000 -> p14000000-14100000
Dumped it out and i can only tell that the first 32MB is my rom data.
And many info you gave me which I don't fully understand, guess I have to
read much more before I can thtink about running linux on this phone,
at least I know what to read now.
On a side note, it jumps to 1000h at the beginning of the rom likes the others
wince devices, but starting from 1000h, the content matches the dumped out
NK.exe kernel without the PE header(?).
Wasn't there supposed to be a 256K bootloader?
And at the end of the rom, there are 2 copies of 256K code, in which I found
strings of the bootloader in it, and the second copy is 1 byte different from
the first one, 1:0x00 2:0x01, in the middle of the code.
I'm not sure these are Mitac only layout, just put it here in case anyone
knows.
Oh and there is a Atmel MEGA16L-8MI Microcontroller inside,
don't know what it exactly does but I found strings related to this
in the 'bootloader portion'.
aybabtu said:
And the mapping table dumped out using itsme's pmemmap:
Click to expand...
Click to collapse
v81a00000-83a00000 -> p00000000-02000000
32MB ROM
v86000000-86100000 -> pe0000000-e0100000
Weird.
v86100000-86200000 -> p48000000-48100000
PXA26x Memory Controller
v86200000-88200000 -> p40000000-42000000
PXA26x Peripherals
v8c000000-8e000000 -> pa0000000-a2000000
32MB SDRAM
v9a300000-9a400000 -> p04000000-04100000
v9c300000-9c400000 -> p08000000-08100000
v9f600000-9f700000 -> p0c000000-0c100000
v9f800000-9f900000 -> p14000000-14100000
mmaped devices.
And many info you gave me which I don't fully understand, guess I have to
read much more before I can thtink about running linux on this phone
Click to expand...
Click to collapse
You can also dump/decode the registry and identify the
use of the serial ports.
Your GPIO table suggests that the PXA MMC
controller is used.
Looks good
aybabtu said:
Oh and there is a Atmel MEGA16L-8MI Microcontroller inside,
don't know what it exactly does but I found strings related to this
in the 'bootloader portion'.
Click to expand...
Click to collapse
Battery monitoring or something like that,
maybe keyboard controller.
aybabtu said:
On a side note, it jumps to 1000h at the beginning of the rom likes the others
wince devices, but starting from 1000h, the content matches the dumped out
NK.exe kernel without the PE header(?).
Wasn't there supposed to be a 256K bootloader?
Click to expand...
Click to collapse
Not all wince devices have a bootloader,
wince2.11 and wince2005 un universal for example.
You can also look with 'strings -el' for
other useful strings.
v86000000-86100000 -> pe0000000-e0100000
Weird.
Click to expand...
Click to collapse
Seems to be that 16MB PXA26X NAND Flash ROM
aybabtu said:
v86000000-86100000 -> pe0000000-e0100000
Weird.
Click to expand...
Click to collapse
Seems to be that 16MB PXA26X NAND Flash ROM
Click to expand...
Click to collapse
Built-in ? BTW, does this device support SD cards or only MMC ?
Built-in ? BTW, does this device support SD cards or only MMC ?
Click to expand...
Click to collapse
Built-in, It should be the M-System DiskOnChip MD3831-D16-V3Q18-T inside.
Support both.
And this phone does not support bluetooth, but the clock to BTUART is
enabled :?:
aybabtu said:
And this phone does not support bluetooth, but the clock to BTUART is
enabled :?:
Click to expand...
Click to collapse
It is a normal UART, not blue at all , Himalaya
uses it for the serial cable.
That's not exactly the datasheet of
mq2100...
archive.org show that this was available
for downloads.. oh well
Put the list of all components and the known
information to wiki. That can help other people.
== General Info ==
Hello, and welcome to my usb uart guide - aka, how to totally f' your phone up, if you don't think first!
Really though, read everything before attempting anything!
USB Uart is not new news. There are many great people whom have come before me to make what I am documenting here possible. But I am putting this here because I keep getting PM'd about getting help with USB Uart, and figured it would be good to start a thread that documents what you need and how to get going.
So up front, I need to list some credits.
I gained a lot of knowledge from these people:
TheBeano - Fun with resistors (home/car dock mode + more)
UberPenguin - Galaxy S UART JIG & Debugging Connector
AdamOutler - UART Output / Bootloader Hacking / Kernel Debuging
E:V:A - The Samsung Anyway Jig
I'm sure there is more... let me know if you think you need to be in this list. I'll be happy to update it!
== WARNING ==
I am not responsible for anything you do to your device! If you follow my guide and it results from anything like your phone not working or ending the world, I cannot be held accountable for what you do!
This guide will show you how to use the usb uart on most galaxy s phones (with the FSA9480 USB port accessory detector and switch)
It helps to have Unbrickable Mod. There are some commands you can run from the SBL that will wipe your bootloaders!
You must be VERY CAREFUL!
== Requirements ==
First off, you will need some hardware to connect to your computer. It helps. Below is a list of things I use and they are common and cheap. The links to the items below are what I have. Its what works for me.
mini-usb cable - http://www.sparkfun.com/products/598
bus pirate or arduino (I only cover bus pirate here... for now.) - http://www.seeedstudio.com/depot/bus-pirate-v3-assembled-p-609.html?cPath=174
In my guide i use the bus pirate probe kit - http://www.seeedstudio.com/depot/bus-pirate-probe-kit-p-526.html?cPath=178_180
I used a tape printer to label the test clips.
breadboard (optional, if you rather just solder the resistor to the micro-usb break-out board. more later...) - http://www.sparkfun.com/products/112
USB MicroB Plug Breakout Board - http://www.sparkfun.com/products/10031
some jumper wire - http://www.sparkfun.com/products/124
150k, 523k, 619k resistor (ymmv. AdamOutler and others told me to try 523k or 619k, but I was able to get all the output I need with 150k)
guts - priceless
Also, I use minicom on Linux and Mac OS X (use homebrew to install minicom), but you should be able to use any serial console program you like (i.e. kermit, cu, etc...)
I highly suggest getting to know your bus pirate, but this guide assumes you have read manuals and updated firmware. Any of the other uart modes should also work this way, but I currently don't cover that here... yet.
== Getting Started ==
When we connect to the usb port on the bus pirate(bp), you can find the version info by typing i at the high impedance mode (HiZ>) prompt. Change to this mode when your modifying connections or cable argments.
Code:
HiZ>i
Bus Pirate v3b
Firmware v6.0 r1625 Bootloader v4.4
DEVID:0x0447 REVID:0x3043 (24FJ64GA002 B5)
http://dangerousprototypes.com
Disconnect the bp and lets connect everything from the micro usb port connecting to your phone backwards to the bp. I use a breadboard for things that I might work on later or things I'll re-arrange a lot. You may also decide to solder the resistor directly to the GND/ID pins, but you will need a little lead on the GND. Connect MOSI to D+ and MISO to D-.
Another warning!
You can also fry the ftdi on the bus pirate, if you mess with the connections while the bus pirate is in any mode besides HiZ (Hi Impedance) or unplugged. Usually, I'm in uart bridge mode, so you can't go back to HiZ. You just have to unplug the usb cable.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Solder some jumper wire to the micro usb breakout board. I use about an inch.
I usually start at a1 on the breadboard with vcc and a4 and a5 for ID and GND (respectively). In these images, I'm at the opposite end of the board to make it easier to have the phone next to and above my mouse so it is easy for me to work with the phone.
Put the resistor on b4 and b5 - which is where I connect GND on the bp.
Now that you have the bp connected to the circut, lets move forward and plug in the micro usb cable into the bp and then into your computer.
To change into UART mode on the buspirate, type 'm' at the HiZ> prompt:
Code:
HiZ>m
1. HiZ
2. 1-WIRE
3. UART
4. I2C
5. SPI
6. 2WIRE
7. 3WIRE
8. LCD
x. exit(without change)
(1)>3
Set serial port speed: (bps)
1. 300
2. 1200
3. 2400
4. 4800
5. 9600
6. 19200
7. 38400
8. 57600
9. 115200
10. BRG raw value
(1)>9
Data bits and parity:
1. 8, NONE *default
2. 8, EVEN
3. 8, ODD
4. 9, NONE
(1)>1
Stop bits:
1. 1 *default
2. 2
(1)>1
Receive polarity:
1. Idle 1 *default
2. Idle 0
(1)>1
Select output type:
1. Open drain (H=Hi-Z, L=GND)
2. Normal (H=3.3V, L=GND)
(1)>2
Ready
UART>(3)
UART bridge
Reset to exit
Are you sure? y
After you get into UART Bridge mode, you will have to unplug the usb port from your computer to reset the bus pirate.
This is where experimenting with different resistors on the GND/ID pins make a difference. Using 619k resistance, I just plug the phone in and it boots up. During boot up, I can see the PBL output like the output you will see in the rest of this document. Using 150k resistance, the phone doesn't automatically turn on.
Also, you may have different usability of the console depending on if you set the output type to Open drain or Normal drain.
With Open drain, I am able to see the uart output, but I am not able to break into the SBL prompt like I am with Normal drain.
Interestingly, with 619k on my SGH-T959V, I don't see all of the kernel console output. I still haven't figured out exactly why yet. With 150k resistance, I don't see the PBL output, but I can still break into the SBL prompt (with normal drain) and get full kernel console output.
When you get to this point, the mode light should now be green. When you plug your phone into the micro usb adapter (again 619k in these examples), you should see everything from the pbl in to the kernel starting:
Code:
1
-----------------------------------------------------------
Samsung Primitive Bootloader (PBL) v3.0
Copyright (C) Samsung Electronics Co., Ltd. 2006-2010
-----------------------------------------------------------
+n1stVPN 2688
+nPgsPerBlk 64
+n1stVPN 3008
+nPgsPerBlk 64
PBL found bootable SBL: Partition(4).
Set cpu clk. from 400MHz to 800MHz.
OM=0x29, device=OnenandMux(Audi)
IROM e-fused - Non Secure Boot Version.
-----------------------------------------------------------
Samsung Secondary Bootloader (SBL) v3.0
Copyright (C) Samsung Electronics Co., Ltd. 2006-2010
Board Name: ARIES REV 03
Build On: Oct 28 2011 15:45:50
-----------------------------------------------------------
Re_partition: magic code(0x0)
[PAM: ] ++FSR_PAM_Init
[PAM: ] OneNAND physical base address : 0xb0000000
[PAM: ] OneNAND virtual base address : 0xb0000000
[PAM: ] OneNAND nMID=0xec : nDID=0x60
[PAM: ] --FSR_PAM_Init
fsr_bml_load_partition: pi->nNumOfPartEntry = 12
partitions loading success
board partition information update.. source: 0x0
.Done.
read 1 units.
==== PARTITION INFORMATION ====
ID : IBL+PBL (0x0)
ATTR : RO SLC (0x1002)
FIRST_UNIT : 0
NO_UNITS : 1
===============================
ID : PIT (0x1)
ATTR : RO SLC (0x1002)
FIRST_UNIT : 1
NO_UNITS : 1
===============================
ID : EFS (0x14)
ATTR : RW STL SLC (0x1101)
FIRST_UNIT : 2
NO_UNITS : 40
===============================
ID : SBL (0x3)
ATTR : RO SLC (0x1002)
FIRST_UNIT : 42
NO_UNITS : 5
===============================
ID : SBL2 (0x4)
ATTR : RO SLC (0x1002)
FIRST_UNIT : 47
NO_UNITS : 5
===============================
ID : PARAM (0x15)
ATTR : RW STL SLC (0x1101)
FIRST_UNIT : 52
NO_UNITS : 20
===============================
ID : KERNEL (0x6)
ATTR : RO SLC (0x1002)
FIRST_UNIT : 72
NO_UNITS : 30
===============================
ID : RECOVERY (0x7)
ATTR : RO SLC (0x1002)
FIRST_UNIT : 102
NO_UNITS : 30
===============================
ID : FACTORYFS (0x16)
ATTR : RW STL SLC (0x1101)
FIRST_UNIT : 132
NO_UNITS : 1540
===============================
ID : DATAFS (0x17)
ATTR : RW STL SLC (0x1101)
FIRST_UNIT : 1672
NO_UNITS : 2120
===============================
ID : CACHE (0x18)
ATTR : RW STL SLC (0x1101)
FIRST_UNIT : 3792
NO_UNITS : 160
===============================
ID : MODEM (0xb)
ATTR : RO SLC (0x1002)
FIRST_UNIT : 3952
NO_UNITS : 60
===============================
loke_init: j4fs_open success..
load_lfs_parameters valid magic code and version.
reading nps status file is successfully!.
nps status=0x504d4f43
load_debug_level reading debug level from file successfully(0x574f4c44).
init_fuel_gauge: vcell = 4013mV, soc = 86
check_quick_start_condition- Voltage: 4013.75000, Linearized[74/89/100], Capacity: 89
init_fuel_gauge: vcell = 4013mV, soc = 86, rcomp = d000
reading nps status file is successfully!.
nps status=0x504d4f43
PMIC_IRQ1 = 0x20
PMIC_IRQ2 = 0x0
PMIC_IRQ3 = 0x0
PMIC_IRQ4 = 0x0
PMIC_STATUS1 = 0x40
PMIC_STATUS2 = 0x0
get_debug_level current debug level is 0x574f4c44.
aries_process_platform: Debug Level Low
keypad_scan: key value ----------------->= 0x0
CONFIG_ARIES_REV:48 , CONFIG_ARIES_REV03:48
check_download: micorusb_status1 = 400, key_value = 0
aries_process_platform: final s1 booting mode = 0
DISPLAY_PATH_SEL[MDNIE 0x1]is on
MDNIE setting Init start!!
vsync interrupt is off
video interrupt is off
[fb0] turn on
MDNIE setting Init end!!
Autoboot (0 seconds) in progress, press any key to stop
get_debug_level current debug level is 0x574f4c44.
get_debug_level current debug level is 0x574f4c44.
boot_kernel: Debug Level Low
FOTA Check Bit
Read BML page=, NumPgs=
FOTA Check Bit (0xffffffff)
Load Partion idx = (6)
..............................done
Kernel read success from kernel partition no.6, idx.6.
setting param.serialnr=0x3733b898 0x1ffc00ec
setting param.board_rev=0x30
setting param.cmdline=console=ttySAC2,115200 loglevel=4
Starting kernel at 0x32000000...
== The SBL (Secondary BootLoader) ==
The most interesting line out of all of that was:
Code:
Autoboot (0 seconds) in progress, press any key to stop
If you happen to hold down the Enter/Return key while booting the phone you will get into the "SBL>" prompt.
The Secondary BootLoader is essentially like u-boot.
Code:
...
DISPLAY_PATH_SEL[MDNIE 0x1]is on
MDNIE setting Init start!!
vsync interrupt is off
video interrupt is off
[fb0] turn on
MDNIE setting Init end!!
Autoboot (0 seconds) in progress, press any key to stop Autoboot aborted..
SBL>
If we type help, we will get some commands you can run. Some of these commands are affected by what is set in the environment.
Code:
SBL> help
Following commands are supported:
* setenv
* saveenv
* printenv
* help
* reset
* boot
* kernel
* format
* open
* close
* erasepart
* eraseall
* loadkernel
* showpart
* addpart
* delpart
* savepart
* nkernel
* nramdisk
* nandread
* nandwrite
* usb
* mmctest
* keyread
* readadc
* usb_read
* usb_write
* fuelgauge
* pmic_read
* pmic_write
To get commands help, Type "help <command>"
SBL>
You can get some minimal help for each command:
Code:
SBL> help loadkernel
* Help : loadkernel
* Usage : loadkernel
load kernel image
- loadkernel 0x80A00000 from kernel partition
Another set of intersting commands here are the ones that manipulate the environment:
setenv
saveenv
printenv
Code:
SBL> help setenv
* Help : setenv
* Usage : setenv [name] [value] . .
Modify current environment info on ram
SBL> help saveenv
* Help : saveenv
* Usage : saveenv
Save cuurent environment info to flash
SBL> help printenv
* Help : printenv
* Usage : printenv
Print current environment info on ram
printenv is probably the safest of them to run, so lets try this first.
Code:
SBL> printenv
PARAM Rev 1.3
SERIAL_SPEED : 7
LOAD_RAMDISK : 0
BOOT_DELAY : 0
LCD_LEVEL : 97
SWITCH_SEL : 1
PHONE_DEBUG_ON : 0
LCD_DIM_LEVEL : 0
LCD_DIM_TIME : 6
MELODY_MODE : 1
REBOOT_MODE : 0
NATION_SEL : 0
LANGUAGE_SEL : 0
SET_DEFAULT_PARAM : 0
CUST_KERNEL_DL_COUNT : 0
KERNEL_BINARY_TYPE : 0
VERSION : I9000XXIL
CMDLINE : console=ttySAC2,115200 loglevel=4
DELTA_LOCATION : /mnt/rsv
PARAM_STR_3 :
PARAM_STR_4 :
I'm not fully sure what all of these options are, but the ones I know about are SWITCH_SEL and PHONE_DEBUG_ON.
I usually turn SWITCH_SEL to 765431. If I turn 2 on, I don't get anything. It would be worthy to test each number in SWITCH_SEL to figure out what number changes what. That maybe specific to the device I have.
Setting at least 6543 in SWITCH_SEL will give you kernel log output:
Code:
setenv SWITCH_SEL 6543
saveenv
I also set PHONE_DEBUG_ON to 1:
Code:
setenv PHONE_DEBUG_ON 1
saveenv
When I set this, I get some extended battery statistics like:
Code:
[BAT] CHR(0) CAS(0) CHS(3) DCR(0) ACP(2) BAT(81,0,0) TE(31) HE(1) VO(3926) ED(1000) RC(0) CC(0) VF(591) LO(0)
You must remember that after running setenv, you must then run saveenv at least once at the end to save the environment. I believe this environment info is saved to either an offset on the sbl partition or on the param.lfs. It would be useful to find this out, because u-boot has a userspace utility (that you can use from within linux userspace) to modify the u-boot environment. It may be handy to use a tool like that to modify the CMDLINE option during rom flashing time.
Also, instead of powering your phone off then on again to put the new settings in place, just run reset from the sbl prompt to reboot the phone with the new settings.
Anyways, This is what I have so far. I will be adding more to this as time goes on.
Enjoy!
-Bryan
Very nice and clear guide!
Also check out my Anyway thread on more details about JIG resistances etc. Soon I hope there will be more added to that about building your own Samsung Test Jig...
Setenv switch sel 1234567
Phone debug on 1
This gives you some kernel debugging.
bhundven said:
I usually turn SWITCH_SEL to 765431. If I turn 2 on, I don't get anything. It would be worthy to test each number in SWITCH_SEL to figure out what number changes what.
Click to expand...
Click to collapse
AdamOutler said:
Setenv switch sel 1234567
Phone debug on 1
This gives you some kernel debugging.
Click to expand...
Click to collapse
Yup. I've got that in there.
It's interesting to note that not all bootloaders are created equal. My results are on SGH-T959V.
Any chance that it will work witch Galaxy Ace too?
dragonnn said:
Any chance that it will work witch Galaxy Ace too?
Click to expand...
Click to collapse
I'm not sure. The GT-i9001 and the SGH-i717 (at&t galaxy note) also both have the FSA9480 chip, but use Qualcomm chips. I can only get some bootloader output from the SGH-i717:
Code:
Android Bootloader - UART_DM Initialized!!!
[VIBETONZ] ENABLE
[VIBETONZ] DISABLE
HW_REV = 12
mipi_init : status = 1
HW_REV = 12
start init_charger
smb328a_init_charger : is_reboot_mode = 0, vcell = 3975
check valid dcin (0x33) = 0x0
no dcin, skip init_charger
fuelguage : soc = 80%, vcell = 3975mV
fuelguage : rcomp(0xd01f) ==?? 0xd0d0
HW_REV = 12
VReset : 0x8c
Hibernation mode : 0x0
8340 = ( 397500 - 334350 ) * 13207 / 100000
HW_REV = 12
reboot_mode = 0xb6cef249
do key check
enter normal booting mode
AST_POWERON
usable ddi data.
HW_REV = 12
HW_REV = 12
E.V.A. said that it might be some debugging setting in the kernel that might have disabled the kernel log output.
It would be helpful to get some MSM developers here to help us out with that!
bhundven said:
I'm not sure. The GT-i9001 and the SGH-i717 (at&t galaxy note) also both have the FSA9480 chip, but use Qualcomm chips. I can only get some bootloader output from the SGH-i717:
Click to expand...
Click to collapse
I looked in the kernel source and it have ./drivers/i2c/chips/fsa9280.c and the driver is included in the build kernel:good:. As far I understand we can using this method recovery the phone from hard brick? That will be really nice, my friend bricked his Ace, maybe he can use this method.
dragonnn said:
I looked in the kernel source and it have ./drivers/i2c/chips/fsa9280.c and the driver is included in the build kernel:good:. As far I understand we can using this method recovery the phone from hard brick? That will be really nice, my friend bricked his Ace, maybe he can use this method.
Click to expand...
Click to collapse
Currently, I only know this method to work on SGS( not sgs2 or sgs3 ) phones with the FSA9480.
bhundven said:
Yup. I've got that in there.
It's interesting to note that not all bootloaders are created equal. My results are on SGH-T959V.
Click to expand...
Click to collapse
The switches are messages from levels 1-7. Turn on more to get more messages.
AdamOutler said:
The switches are messages from levels 1-7. Turn on more to get more messages.
Click to expand...
Click to collapse
That makes sense, but what doesn't is if I set SWITCH_SEL to 1234567 or any combination with 2, I get no output. As long as I don't have 2 in there, it works fine. Must just be this device.
Memory Architecture
Of course each device will have a different Memory Map. Each carrier designs their varient based on what they want and need to function. The MM is sectioned off in the ROM. Any user or modifiable area is stored in RAM so remember we are working in an area that is not supposed to touched (ROM).
Bootloaders are tricky beasts, have never developed a flashing algorithm so I don't know. Usually BLs are not updated after release ( atleast in my field) only sw/fw is.
Either way, excellent ideas, but there is always a way in!
Fly-n-High said:
Of course each device will have a different Memory Map. Each carrier designs their varient based on what they want and need to function. The MM is sectioned off in the ROM. Any user or modifiable area is stored in RAM so remember we are working in an area that is not supposed to touched (ROM).
Bootloaders are tricky beasts, have never developed a flashing algorithm so I don't know. Usually BLs are not updated after release ( atleast in my field) only sw/fw is.
Either way, excellent ideas, but there is always a way in!
Click to expand...
Click to collapse
huh?
Good post
Nice...!!
Thanks you~
can't get SBL or PBL logs on uart in galaxy-y (GT-S5360)
Hello sir,
Thanks for your great tutorial .
I Tried to get uart on galaxy-y (GT-S5360) . I got a working uart but can't see any PBL or SBL logs during the boot. The only log I see during the booting is
Code:
AST_POWERON..
BOOTING COMPLETED
After booting, uart works fine and i can use a shell via serial using command
(on phone)
Code:
busybox sh</dev/ttyS0 >/dev/ttyS0
and on PC
Code:
microcom -s 115200 -p /dev/ttyS0
ttyS0 settings of the phone is
Code:
speed 115200 baud; line = 0;
intr = ^C; quit = ^\; erase = ^?; kill = ^U; eof = ^D; eol = <undef>;
eol2 = <undef>; swtch = <undef>; start = ^Q; stop = ^S; susp = ^Z; rprnt = ^R;
werase = ^W; lnext = ^V; flush = ^O; min = 1; time = 0;
-parenb -parodd cs8 hupcl -cstopb cread clocal -crtscts
-ignbrk -brkint -ignpar -parmrk -inpck -istrip -inlcr -igncr icrnl ixon -ixoff
-iuclc -ixany -imaxbel -iutf8
opost -olcuc -ocrnl onlcr -onocr -onlret -ofill -ofdel nl0 cr0 tab0 bs0 vt0 ff0
isig icanon iexten echo echoe echok -echonl -noflsh -xcase -tostop -echoprt
echoctl echoke
And that of PC is
Code:
speed 115200 baud; rows 0; columns 0; line = 0;
intr = ^C; quit = ^\; erase = ^?; kill = ^U; eof = ^D; eol = <undef>;
eol2 = <undef>; swtch = <undef>; start = ^Q; stop = ^S; susp = ^Z; rprnt = ^R;
werase = ^W; lnext = ^V; flush = ^O; min = 1; time = 0;
-parenb -parodd cs8 hupcl -cstopb cread clocal -crtscts
ignbrk -brkint -ignpar -parmrk -inpck -istrip -inlcr -igncr -icrnl -ixon -ixoff
-iuclc -ixany -imaxbel -iutf8
opost -olcuc -ocrnl -onlcr -onocr -onlret -ofill -ofdel nl0 cr0 tab0 bs0 vt0 ff0
isig -icanon iexten -echo echoe echok -echonl -noflsh -xcase -tostop -echoprt
-echoctl echoke
cat /proc/cmdline of phone is
Code:
console=ttyS0,115200n8 mem=362M kmemleak=off root=/dev/ram0 rw androidboot.console=ttyS0 mtdparts=bcm_umi-nand:[email protected](bcm_boot)ro,[email protected](loke)ro,[email protected](loke_bk)ro,[email protected](systemdata)ro,[email protected](modem)ro,[email protected](param_lfs)rw,[email protected](boot)ro,[email protected](boot_backup)ro,[email protected](system)rw,[email protected](cache)rw,[email protected](userdata)rw,[email protected](efs)rw,[email protected](sysparm_dep)ro,[email protected](umts_cal)ro,[email protected](cal)r BOOT_MODE=0 loglevel=0 BOOT_FOTA=0 DEBUG_LEVEL=LOW
Circuit diagram is attached below
any one please help
harish2704 said:
I Tried to get uart on galaxy-y (GT-S5360) . I got a working uart but can't see any PBL or SBL logs during the boot. The only log I see during the booting is
Code:
AST_POWERON..
BOOTING COMPLETED
Click to expand...
Click to collapse
I get something similar on a Samsung Rugby Smart (SGH-I847). I think they have tweaked the UART stuff on the newer devices that post date the Galaxy S devices. They might share the UART chip, but it seems as if they changed the loader implementation which is causing the newer devices to not see the PBL and SBL information during boot.
harish2704 said:
Circuit diagram is attached below
Click to expand...
Click to collapse
Have you tried a 150k or 619k resistor instead of the 523k? I was able to get output with both a 150k and 619k, but the output was very similar to what you have posted. Likely a long shot, but worth a try.
harish2704 said:
cat /proc/cmdline of phone is
Code:
console=ttyS0,115200n8 mem=362M kmemleak=off root=/dev/ram0 rw androidboot.console=ttyS0 mtdparts=bcm_umi-nand:[email protected](bcm_boot)ro,[email protected](loke)ro,[email protected](loke_bk)ro,[email protected](systemdata)ro,[email protected](modem)ro,[email protected](param_lfs)rw,[email protected](boot)ro,[email protected](boot_backup)ro,[email protected](system)rw,[email protected](cache)rw,[email protected](userdata)rw,[email protected](efs)rw,[email protected](sysparm_dep)ro,[email protected](umts_cal)ro,[email protected](cal)r BOOT_MODE=0 loglevel=0 BOOT_FOTA=0 DEBUG_LEVEL=LOW
Click to expand...
Click to collapse
Do you have any control over this? It might be the case that ttyS0 isn't setup during early-boot and you need to use a different tty to get it to output over the FSA chip.
Have you tried a 150k or 619k resistor instead of the 523k?
Click to expand...
Click to collapse
yes I tried I didn't feel any difference b/w 619k & 523k when tried. And with 150k, I couldn't get uart active ()
Do you have any control over this? It might be the case that ttyS0 isn't setup during early-boot and you need to use a different tty to get it to output over the FSA chip
Click to expand...
Click to collapse
.
What you mean by control? You mean, can i change this parameters? yes its possible by reflashing (update.zip methode)
Or
you mean do i have control on ttyS0 device? yes I could change that by
Code:
busybox stty -F /dev/ttyS0 ..........
command
Sorry for my language
harish2704 said:
What you mean by control? You mean, can i change this parameters? yes its possible by reflashing (update.zip methode)
Click to expand...
Click to collapse
This is the method I was referring to. If you tweak the parameters you might be able to get the kernel log over serial.
Sent from my SAMSUNG-SGH-I547 using Tapatalk 2
Can you please describe about the tweaks i have to do...
in my knowledge, kernel param
Code:
console=ttyS0,115200n8
is enough for that....
So please specify the tweaks...
harish2704 said:
Can you please describe about the tweaks i have to do...
in my knowledge, kernel param
Code:
console=ttyS0,115200n8
is enough for that....
So please specify the tweaks...
Click to expand...
Click to collapse
If you can interact with ttyS0 post-boot I'd expect it to work. Is there maybe anther serial device such as ttyHS0 or similar that you can interact with? If so, that might be something to try.
You need to change that ttyS0 to ttySAC2 in the boot parameters. Use the abootimg tool on Ubuntu. Apt-get install abootimg.
Hello, sorry when i post a new Thread i think that many users have the same Problem but my english is not so good that i can find the right Thread ... I have Flash :
I9505_Omega_v2.0_GUEUBMG8_Android_4.3_md5_830353DC5EB14151A017C340C1285E51
Now i have flash a other Rom:
aokp_i9505_unofficial_2013-05-19
and that:
I9505XXUAMDM_I9505OXAAMDM_I9505XXUAMDM_HOME.tar
Now i dont have Sound anymore (micro and Sound are Dissable) Now i have read, that i have make a Bootloader Downgrade and have shoot i up my Bootloader with that :S
What can i doo that Sound works again !? Thanks for Help
wolfsstolz said:
Hello, sorry when i post a new Thread i think that many users have the same Problem but my english is not so good that i can find the right Thread ... I have Flash :
I9505_Omega_v2.0_GUEUBMG8_Android_4.3_md5_830353DC5EB14151A017C340C1285E51
Now i have flash a other Rom:
aokp_i9505_unofficial_2013-05-19
and that:
I9505XXUAMDM_I9505OXAAMDM_I9505XXUAMDM_HOME.tar
Now i dont have Sound anymore (micro and Sound are Dissable) Now i have read, that i have make a Bootloader Downgrade and have shoot i up my Bootloader with that :S
What can i doo that Sound works again !? Thanks for Help
Click to expand...
Click to collapse
wipe data and cache.
if not, reflash your stock firmware, wipe data and cache, reboot
no, that dosnt work, that is a buck in bootloader (4.3 downgrade) i have do flash all roms (wipe too) i have flash a pit rom too but this PRoblem with Bootloader brick is the same. I have Read that many German Users have the same Problem when they flash a higher rom and downgrade it then.I think i must wait for a Developer who have the same Problem :S
When another User Have the same Problem it Please write it here to see that is a big problem for other Users too
Sorry but with Apple i dont have this PRoblem maybe i go back XD
wolfsstolz said:
no, that dosnt work, that is a buck in bootloader (4.3 downgrade) i have do flash all roms (wipe too) i have flash a pit rom too but this PRoblem with Bootloader brick is the same. I have Read that many German Users have the same Problem when they flash a higher rom and downgrade it then.I think i must wait for a Developer who have the same Problem :S
Click to expand...
Click to collapse
why dont you flash MH8 or 5 firmware, it contains the newer bootloader
Edit: please take a look here http://forum.xda-developers.com/showthread.php?t=2436368
when i flash that Sound dont go anymore too. the Problem is a bug in botloader in the newer FW when i have read that correctly
Sorry, i have read that not right .....
Can you give me a link from Rom ?! I only found a rom
forum.xda-developers.com/showthread.php?t=2299087
but this is only without new Bootloader and i think i need that with bootloader or works that too !?
Thansk for Help
Push Thread Too ....
I have Problem with Sound(Downgrade to Stock Rom from Omega Rom)
Now i have Read that i must install fallow Roms:
Factory_Firmware_Full_Wipe_I9505XXUBMGA_I9505OXXBM G3_NEE
and that:
GT-I9505-Factory-Firmware-Full-Wipe-DBT
Basis I9505XXUBMF8_I9505OXABMF8_I9505XXUBMF8
This Roms are in Forum but Theme is Close and Files only on **** hoster (Hotfile)
Who can upload that to another hoster (Hotfile is very slow in Germany 30 kb and 1 gb download go of :S ) like upoaded.to or mega.co.nz ?!
Who can help me for Sound come back please help. I have do all what i have read in Forum but nothing works for me.
Thanks for Help.
No People have a Idea !????
I have make a Photo from logger, it was nice when a dev can look ...
Who can tell me from that Folder:
My Android Folder:
1. i have more "mnt" Folder (mnt + mnt_1)
2. On Storage Folder i can see: USBDriveA ,USBDriveB, USBDrive ..... looks folfer i can see: ExtSdCard - sdcard_3
3. I have a folder named: Firmware + Firmware-mdm
4. ALL Files in : sys/fs/selinux are empty, 0kb , Subfolder too
5. In mnt_1 sys/fs/ext4 Folder are too mutch Folders !? looks on mmcblk0p10 + 16+18+26+29 with same Files
and many more .... Please , who can look on his Machine to this Folders, is that the same !?
Here Are Photos from logger that my Sound dosnt work:
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
I cant believe that no People can help me to bring back my Sound ....
Here a logcat answer from Sound .....
D/ALSADevice(10225): No valid input device: 0
V/ALSADevice(10225): switchDevice,rxDev:Speaker, txDevnull), curRxDev:None, curTxDev:None
D/alsa_ucm(10225): snd_use_case_set(): uc_mgr 0x40f97fb0 identifier _enadev value Speaker
E/alsa_ucm(10225): Invalid current verb value: Inactive - -1
E/alsa_ucm(10225): No valid device Speaker found
D/ALSADevice(10225): switchDevice: mCurTxUCMDevivce None mCurRxDevDevice Speaker inCallDevSwitch = 0
V/ALSADevice(10225): switchDevice Done
D/alsa_ucm(10225): snd_use_case_set(): uc_mgr 0x40f97fb0 identifier _verb value HiFi
E/alsa_ucm(10225): Control device not initialized
E/alsa_ucm(10225): Control device not initialized
W/alsa_ucm(10225): error snd_use_case_apply_mixer_controls
D/ALSADevice(10225): close: handle 0x40026d40 h 0x0
D/ALSADevice(10225): open: handle 0x40026d40, format 0x2
V/ALSADevice(10225): Music case
D/ALSADevice(10225): Device value returned is hw:0,0
V/ALSADevice(10225): flags 0, devName hw:0,0
E/alsa_pcm(10225): cannot open device '/dev/snd/pcmC0D0p', errno 2
V/ALSADevice(10225): pcm_open returned fd -1
E/ALSADevice(10225): open: Failed to initialize ALSA device 'hw:0,0'
E/AudioHardwareALSA(10225): Device open failed
I/audio_a2dp_hw(10225): adev_open: adev_open in A2dp_hw module
I/AudioFlinger(10225): loadHwModule() Loaded a2dp audio interface from A2DP Audio HW HAL (audio) handle 3
I/AudioFlinger(10225): loadHwModule() Loaded usb audio interface from SEC USB audio HW HAL (audio) handle 4
D/tms_audio_hw/AudioTmsIpc(10225): adev_open : Enter
D/tms_audio_hw/AudioTmsIpc(10225): AudioTmsInitSilenceFrames : Enter
D/tms_audio_hw/AudioTmsIpc(10225): AudioTmsInitSilenceFrames : Exit
D/tms_audio_hw/AudioTmsIpc(10225): AudioTmsServerInit :Enter
D/tms_audio_hw/AudioTmsIpc(10225): AudioTmsServerInit: thread started with name =TerminalModeAudioServer and id = 1073900584
D/tms_audio_hw/AudioTmsIpc(10225): AudioTmsServerInit exit
D/tms_audio_hw/AudioTmsIpc(10225): AudioTmsClientSetup : Enter
D/tms_audio_hw/AudioTmsIpc(10225): AudioTmsServerListen :Enter
D/tms_audio_hw/AudioTmsIpc(10225): initMutex: AudioClientSocketMutex Mutex Created
D/tms_audio_hw/AudioTmsIpc(10225): AudioTmsClientSetup : Exit
D/tms_audio_hw/AudioTmsIpc(10225): AudioTmsClientInit :Enter
D/tms_audio_hw/AudioTmsIpc(10225): AudioTmsClientInit: thread started with name =TerminalModeAudioClient and id = 1073900664
D/tms_audio_hw/AudioTmsIpc(10225): AudioTmsClientInit exit
D/tms_audio_hw/AudioTmsIpc(10225): adev_open : Exit
D/tms_audio_hw/AudioTmsIpc(10225): adev_init_check : Enter
D/tms_audio_hw/AudioTmsIpc(10225): adev_set_master_volume : Enter 1.000000
I/AudioFlinger(10225): loadHwModule() Loaded tms audio interface from TMS Audio HW HAL (audio) handle 5
E/AudioPolicyManagerBase(10225): Not output found for attached devices 00000003
E/AudioPolicyManagerBase(10225): Failed to open primary output
E/AudioPolicyManagerBase(10225): getDeviceForStrategy() speaker device not found
E/AudioPolicyManagerBase(10225): getDeviceForStrategy() speaker device not found
E/AudioPolicyManagerBase(10225): getDeviceForStrategy() speaker device not found
D/tms_audio_hw/AudioTmsIpc(10225): AudioTmsServerListen Socket Success Name /data/TMAudioSocketServer
E/AudioPolicyService(10225): couldn't init_check the audio policy (No such device)
D/tms_audio_hw/AudioTmsIpc(10225): AudioTmsServerListen Bind Success gAudioServerLocalSockFd 20
D/tms_audio_hw/AudioTmsIpc(10225): AudioTmsServerListen Listen Done gAudioServerLocalSockFd 20 ret 0
D/tms_audio_hw/AudioTmsIpc(10225): AudioTmsServerListen PLATFORM_AUDIO_CMD SIZE 16
D/tms_audio_hw/AudioTmsIpc(10225): AudioTmsServerListen PLATFORM_AUDIO_DATA SIZE 24
D/tms_audio_hw/AudioTmsIpc(10225): AudioTmsServerListen PLATFORM_AUDIO_META_DATA SIZE 20
D/tms_audio_hw/AudioTmsIpc(10225): AudioTmsServerListen SizeInBytes 12288
D/tms_audio_hw/AudioTmsIpc(10225): AudioTmsServerListen : Givimg Permission 0777 mode , 0 ret
D/tms_audio_hw/AudioTmsIpc(10225): AudioTmsServerListen accept Start len 110 gAudioServerLocalSockFd 20
V/TranscoderService(10225): TranscoderService created
D/tms_audio_hw/AudioTmsIpc(10225): AudioTmsClientListen :Enter
D/tms_audio_hw/AudioTmsIpc(10225): AudioTmsClientListen Socket Success Name /data/TMAudioSocketClient
D/tms_audio_hw/AudioTmsIpc(10225): AudioTmsClientListen Bind Success gAudioClientLocalSockFd 23
D/tms_audio_hw/AudioTmsIpc(10225): AudioTmsClientListen Listen Done gAudioClientLocalSockFd 23 ret 0
D/tms_audio_hw/AudioTmsIpc(10225): AudioTmsClientListen PLATFORM_AUDIO_CMD SIZE 16
D/tms_audio_hw/AudioTmsIpc(10225): AudioTmsClientListen PLATFORM_AUDIO_DATA SIZE 24
D/tms_audio_hw/AudioTmsIpc(10225): AudioTmsClientListen PLATFORM_AUDIO_META_DATA SIZE 20
D/tms_audio_hw/AudioTmsIpc(10225): AudioTmsClientListen accept Start len 110 gAudioClientLocalSockFd 23
D/tms_audio_hw/AudioTmsIpc(10225): AudioTmsServerListen : Givimg Permission 0777 mode , 0 ret
I/power ( 5291): *** release_dvfs_lock : lockType : 1
D/CustomFrequencyManagerService( 5291): releaseDVFSLockLocked : Getting Lock type frm List : DVFS_MIN_LIMIT frequency : 1566000 uid : 10135 pid : 8603 tag : [email protected]
flash this firmware, wipe data and cache after, reboot http://www.hotfile.com/dl/243289856/5f90db9/I9505XXUDMH8_I9505OXXDMHA_BTU.zip.html
Flash stock kernel again and you would be good.
I had this issue too and found it hard way that it's custom kernel causing this issue.
You can also try this.
Switch off your phone (not restart) and wait for 15-20 secs. And turn it back on. Some users are saying, this will get back your sound.
I have flash that many Times but i will test that again .... Thanks for Help.
Is that the same Rom ? :
I9505XXUDMH8_I9505OXXDMHA_I9505XXUDMH8_HOME.tar.md5
ok, i have Flash now the Rom again, have 3 Times make a Factory Reset + Cache Wipe
Then i have Flash the Kernel only and power of for 20 Seconds my Galaxy then i have Reboot that but no Sound again
Then i have make a LogCat and the Same here: (No Speaker found)
D/ALSADevice( 6355): No valid input device: 0
V/ALSADevice( 6355): switchDevice,rxDev:Speaker, txDevnull), curRxDev:None, curTxDev:None
D/alsa_ucm( 6355): snd_use_case_set(): uc_mgr 0x407ba2f8 identifier _enadev value Speaker
E/alsa_ucm( 6355): Invalid current verb value: Inactive - -1
E/alsa_ucm( 6355): No valid device Speaker found
D/ALSADevice( 6355): switchDevice: mCurTxUCMDevivce None mCurRxDevDevice Speaker inCallDevSwitch = 0
V/ALSADevice( 6355): switchDevice Done
D/alsa_ucm( 6355): snd_use_case_set(): uc_mgr 0x407ba2f8 identifier _verb value HiFi
E/alsa_ucm( 6355): Control device not initialized
E/alsa_ucm( 6355): Control device not initialized
W/alsa_ucm( 6355): error snd_use_case_apply_mixer_controls
D/ALSADevice( 6355): close: handle 0x43d4ad40 h 0x0
D/ALSADevice( 6355): open: handle 0x43d4ad40, format 0x2
V/ALSADevice( 6355): Music case
D/ALSADevice( 6355): Device value returned is hw:0,0
V/ALSADevice( 6355): flags 0, devName hw:0,0
E/alsa_pcm( 6355): cannot open device '/dev/snd/pcmC0D0p', errno 2
V/ALSADevice( 6355): pcm_open returned fd -1
E/ALSADevice( 6355): open: Failed to initialize ALSA device 'hw:0,0'
E/AudioHardwareALSA( 6355): Device open failed
I/audio_a2dp_hw( 6355): adev_open: adev_open in A2dp_hw module
I/AudioFlinger( 6355): loadHwModule() Loaded a2dp audio interface from A2DP Audio HW HAL (audio) handle 3
I/AudioFlinger( 6355): loadHwModule() Loaded usb audio interface from SEC USB audio HW HAL (audio) handle 4
D/tms_audio_hw/AudioTmsIpc( 6355): adev_open : Enter
D/tms_audio_hw/AudioTmsIpc( 6355): AudioTmsInitSilenceFrames : Enter
D/tms_audio_hw/AudioTmsIpc( 6355): AudioTmsInitSilenceFrames : Exit
D/tms_audio_hw/AudioTmsIpc( 6355): AudioTmsServerInit :Enter
D/tms_audio_hw/AudioTmsIpc( 6355): AudioTmsServerInit: thread started with name =TerminalModeAudioServer and id = 1138011176
D/tms_audio_hw/AudioTmsIpc( 6355): AudioTmsServerInit exit
D/tms_audio_hw/AudioTmsIpc( 6355): AudioTmsServerListen :Enter
D/tms_audio_hw/AudioTmsIpc( 6355): AudioTmsClientSetup : Enter
D/tms_audio_hw/AudioTmsIpc( 6355): initMutex: AudioClientSocketMutex Mutex Created
D/tms_audio_hw/AudioTmsIpc( 6355): AudioTmsClientSetup : Exit
D/tms_audio_hw/AudioTmsIpc( 6355): AudioTmsClientInit :Enter
D/tms_audio_hw/AudioTmsIpc( 6355): AudioTmsClientInit: thread started with name =TerminalModeAudioClient and id = 1138011256
D/tms_audio_hw/AudioTmsIpc( 6355): AudioTmsClientInit exit
D/tms_audio_hw/AudioTmsIpc( 6355): adev_open : Exit
D/tms_audio_hw/AudioTmsIpc( 6355): adev_init_check : Enter
D/tms_audio_hw/AudioTmsIpc( 6355): adev_set_master_volume : Enter 1.000000
I/AudioFlinger( 6355): loadHwModule() Loaded tms audio interface from TMS Audio HW HAL (audio) handle 5
E/AudioPolicyManagerBase( 6355): Not output found for attached devices 00000003
E/AudioPolicyManagerBase( 6355): Failed to open primary output
E/AudioPolicyManagerBase( 6355): getDeviceForStrategy() speaker device not found
E/AudioPolicyManagerBase( 6355): getDeviceForStrategy() speaker device not found
E/AudioPolicyManagerBase( 6355): getDeviceForStrategy() speaker device not found
E/AudioPolicyService( 6355): couldn't init_check the audio policy (No such device)
V/TranscoderService( 6355): TranscoderService created
D/tms_audio_hw/AudioTmsIpc( 6355): AudioTmsClientListen :Enter
D/tms_audio_hw/AudioTmsIpc( 6355): AudioTmsClientListen Socket Success Name /data/TMAudioSocketClient
D/tms_audio_hw/AudioTmsIpc( 6355): AudioTmsClientListen Bind Success gAudioClientLocalSockFd 21
D/tms_audio_hw/AudioTmsIpc( 6355): AudioTmsClientListen Listen Done gAudioClientLocalSockFd 21 ret 0
D/tms_audio_hw/AudioTmsIpc( 6355): AudioTmsServerListen Socket Success Name /data/TMAudioSocketServer
D/tms_audio_hw/AudioTmsIpc( 6355): AudioTmsServerListen Bind Success gAudioServerLocalSockFd 22
D/tms_audio_hw/AudioTmsIpc( 6355): AudioTmsClientListen PLATFORM_AUDIO_CMD SIZE 16
D/tms_audio_hw/AudioTmsIpc( 6355): AudioTmsServerListen Listen Done gAudioServerLocalSockFd 22 ret 0
D/tms_audio_hw/AudioTmsIpc( 6355): AudioTmsServerListen PLATFORM_AUDIO_CMD SIZE 16
D/tms_audio_hw/AudioTmsIpc( 6355): AudioTmsServerListen PLATFORM_AUDIO_DATA SIZE 24
D/tms_audio_hw/AudioTmsIpc( 6355): AudioTmsServerListen PLATFORM_AUDIO_META_DATA SIZE 20
D/tms_audio_hw/AudioTmsIpc( 6355): AudioTmsServerListen SizeInBytes 12288
D/tms_audio_hw/AudioTmsIpc( 6355): AudioTmsServerListen : Givimg Permission 0777 mode , 0 ret
D/tms_audio_hw/AudioTmsIpc( 6355): AudioTmsServerListen accept Start len 110 gAudioServerLocalSockFd 22
D/tms_audio_hw/AudioTmsIpc( 6355): AudioTmsClientListen PLATFORM_AUDIO_DATA SIZE 24
D/tms_audio_hw/AudioTmsIpc( 6355): AudioTmsClientListen PLATFORM_AUDIO_META_DATA SIZE 20
D/tms_audio_hw/AudioTmsIpc( 6355): AudioTmsClientListen accept Start len 110 gAudioClientLocalSockFd 21
D/tms_audio_hw/AudioTmsIpc( 6355): AudioTmsServerListen : Givimg Permission 0777 mode , 0 ret
W/ActivityManager( 764): Launch timeout has expired, giving up wake lock!
it maybe a hardware issue.
dial *#7353# and make test
I have a Pit Rom here
Factory_Firmware_Full_Wipe_I9505XXUBMGA_I9505OXXBMG3_NEE
and:
GT-I9505-Factory-Firmware-Full-Wipe-DBT I9505OXABMF8
But when i load that in Odin , i will become a error , invalid .....
Same is with that Rom (one File Rom)
I9505XXUBMEA_I9505OXABMEA_I9505XXUBMEA_HOME.tar.md5 is invalid
I can only flash 1 File Roms
<OSM> MD5 hash value is invalid
<OSM> PDA_I9505XXUBMF8_I9505OXABMF8_I9505XXUBMF8.tar.md5 is invalid.
<OSM> End...
no sound here too , here are log Files:
E/Encryption( 187): created DirEncryptionManager
D/Vold ( 187): Volume sdcard state changing -1 (Initializing) -> 0 (No-Media)
D/Encryption( 187): enable android secure container 'sdcard'
D/Vold ( 187): Volume sda state changing -1 (Initializing) -> 0 (No-Media)
D/Vold ( 187): Volume sdb state changing -1 (Initializing) -> 0 (No-Media)
D/Vold ( 187): Volume sdc state changing -1 (Initializing) -> 0 (No-Media)
D/Vold ( 187): Volume sdd state changing -1 (Initializing) -> 0 (No-Media)
D/Vold ( 187): Volume sde state changing -1 (Initializing) -> 0 (No-Media)
D/Vold ( 187): Volume sdf state changing -1 (Initializing) -> 0 (No-Media)
D/Vold ( 187): '/dev/block/mmcblk0' : disk_size (15758000128)
D/DirectVolume( 187): DirectVolume::readId -> path '/sys/devices/platform/msm_sdcc.2/mmc_host/mmc2/mmc2:e624/block/mmcblk1/device/cid'
D/DirectVolume( 187): DirectVolume::readId -> id '035344535530384780303189d800cab0'
D/DirectVolume( 187): DirectVolume::handleDiskAdded -> mDiskMajor 179, mDiskMinor 32, NPARTS:1
D/Vold ( 187): Volume sdcard state changing 0 (No-Media) -> 2 (Pending)
W/PackageManager( 766): Unknown permission com.sec.android.permission.VIDEOHUB in package com.sec.android.app.videoplayer
W/PackageManager( 766): Unknown permission android.permission.SYSTEM_ALERT in package com.sec.android.app.videoplayer
I have upload the LogFile, when you have time for that, you can look on that. Thanks
http://ul.to/k34sopfp
wolfsstolz said:
I have a Pit Rom here
Factory_Firmware_Full_Wipe_I9505XXUBMGA_I9505OXXBMG3_NEE
and:
GT-I9505-Factory-Firmware-Full-Wipe-DBT I9505OXABMF8
But when i load that in Odin , i will become a error , invalid .....
Same is with that Rom (one File Rom)
I9505XXUBMEA_I9505OXABMEA_I9505XXUBMEA_HOME.tar.md5 is invalid
I can only flash 1 File Roms
<OSM> MD5 hash value is invalid
<OSM> PDA_I9505XXUBMF8_I9505OXABMF8_I9505XXUBMF8.tar.md5 is invalid.
<OSM> End...
no sound here too , here are log Files:
E/Encryption( 187): created DirEncryptionManager
D/Vold ( 187): Volume sdcard state changing -1 (Initializing) -> 0 (No-Media)
D/Encryption( 187): enable android secure container 'sdcard'
D/Vold ( 187): Volume sda state changing -1 (Initializing) -> 0 (No-Media)
D/Vold ( 187): Volume sdb state changing -1 (Initializing) -> 0 (No-Media)
D/Vold ( 187): Volume sdc state changing -1 (Initializing) -> 0 (No-Media)
D/Vold ( 187): Volume sdd state changing -1 (Initializing) -> 0 (No-Media)
D/Vold ( 187): Volume sde state changing -1 (Initializing) -> 0 (No-Media)
D/Vold ( 187): Volume sdf state changing -1 (Initializing) -> 0 (No-Media)
D/Vold ( 187): '/dev/block/mmcblk0' : disk_size (15758000128)
D/DirectVolume( 187): DirectVolume::readId -> path '/sys/devices/platform/msm_sdcc.2/mmc_host/mmc2/mmc2:e624/block/mmcblk1/device/cid'
D/DirectVolume( 187): DirectVolume::readId -> id '035344535530384780303189d800cab0'
D/DirectVolume( 187): DirectVolume::handleDiskAdded -> mDiskMajor 179, mDiskMinor 32, NPARTS:1
D/Vold ( 187): Volume sdcard state changing 0 (No-Media) -> 2 (Pending)
W/PackageManager( 766): Unknown permission com.sec.android.permission.VIDEOHUB in package com.sec.android.app.videoplayer
W/PackageManager( 766): Unknown permission android.permission.SYSTEM_ALERT in package com.sec.android.app.videoplayer
I have upload the LogFile, when you have time for that, you can look on that. Thanks
http://ul.to/k34sopfp
Click to expand...
Click to collapse
sound wont work with older firmware even with the pit. you have to flash official updated firmware hard reset your device.also make sure its your phones official firmware.if that don't work try kies emergency firmware upgrade. hope this helps.
Hi,
I have a problem with the GPS not activating.
logcat shows:
Code:
D/gpsd ( 6282): main()
D/gpsd ( 6282): argv[0] = '/system/bin/glgps'
D/gpsd ( 6282): argv[1] = '-c'
D/gpsd ( 6282): argv[2] = '/system/etc/gps/gpsconfig.xml'
E/gpslogd ( 6282): Process is already running, the second instance will not be started!
However, ps|grep gps doesn't show anything.
I tried googling but nothing showed up, any thoughts?
Thanks.
Update: This comes up on a fresh CM installation with data wiped completely.
strace showed something interesting:
Code:
open("/data/gps/.gpsd.lock", O_WRONLY|O_CREAT, 0666) = -1 ENOENT (No such file or directory)
mprotect(0x40013000, 4096, PROT_READ|PROT_WRITE) = 0
mprotect(0x40013000, 4096, PROT_READ) = 0
write(2, "Process is already running, the "..., 68Process is already running, the second instance will not be started!) = 68
After creating the /data/gps directory it is now fine. Very strange..
I created /data/gps with permissions drwxrwx--x
However, still not getting gps, strace shows:
Code:
open("/data/gps/.gpsd.lock", O_WRONLY|O_CREAT, 0666) = 10
fcntl64(10, F_GETFL) = 0x20001 (flags O_WRONLY)
fcntl64(10, F_SETFL, O_WRONLY) = 0
fcntl64(10, F_SETLK, {type=F_WRLCK, whence=SEEK_SET, start=0, len=1}) = -1 EAGAIN (Try again)
Any thoughts?
---------- Post added at 10:57 AM ---------- Previous post was at 10:23 AM ----------
I recreated the directory as root:
Code:
su
cd /data
mkdir gps
Then I changed the permissions and ownership of the folder
Code:
chown gps:system gps
chmod 751 gps
Reboot.
Working
DELETED
but there is some aosp build usable ( incall micro working on fine ) for galaxy s 6?
thanks for the guide Master
supera3 said:
but there is some aosp build usable ( incall micro working on fine ) for galaxy s 6?
thanks for the guide Master
Click to expand...
Click to collapse
Depend on what source zero-common, zerofltexx and kernel are based.
Very cool guide, I'll have to give this a shot later just for fun! Sorry for doubting you before.
If there are new commits, before ". build/envsetup.sh" tipe "repo sync" for upgrade.
Hi @Astrubale,
I tried to build cm-13.0 with your tutorial, but build fails non-stop on:
Code:
target SharedLib: libexpat (/home/sebek/android/system/out/target/product/zerofltexx/obj/SHARED_LIBRARIES/libexpat_intermediates/LINKED/libexpat.so)
/home/sebek/android/system/out/target/product/zerofltexx/obj/SHARED_LIBRARIES/libexpat_intermediates/lib/xmlparse.o: file not recognized: File format not recognized
collect2: error: ld returned 1 exit status
build/core/shared_library_internal.mk:80: recipe for target '/home/sebek/android/system/out/target/product/zerofltexx/obj/SHARED_LIBRARIES/libexpat_intermediates/LINKED/libexpat.so' failed
make: *** [/home/sebek/android/system/out/target/product/zerofltexx/obj/SHARED_LIBRARIES/libexpat_intermediates/LINKED/libexpat.so] Error 1
make: *** Waiting for unfinished jobs....
make[3]: Nothing to be done for 'dtbs'.
or
Code:
/home/sebek/android/system/out/target/product/zerofltexx/obj/SHARED_LIBRARIES/libcrypto_intermediates/android_compat_hacks.o: file not recognized: File format not recognized
collect2: error: ld returned 1 exit status
build/core/shared_library_internal.mk:80: recipe for target '/home/sebek/android/system/out/target/product/zerofltexx/obj/SHARED_LIBRARIES/libcrypto_intermediates/LINKED/libcrypto.so' failed
make: *** [/home/sebek/android/system/out/target/product/zerofltexx/obj/SHARED_LIBRARIES/libcrypto_intermediates/LINKED/libcrypto.so] Error 1
make: *** Waiting for unfinished jobs....
make: Leaving directory '/home/sebek/android/system'
The solution is to remove xmlparse.o or android_compat_hacks.o and I guess it continues the build. Almost at the end of compilation (I presume) it throws out that very error and after a while I get:
Code:
/home/sebek/android/system/kernel/samsung/exynos7420/scripts/Makefile.fwinst:45: target '/lib/firmware/tsp_stm/stm_z1.fw' given more than once in the same rule
/home/sebek/android/system/kernel/samsung/exynos7420/scripts/Makefile.fwinst:45: target '/lib/firmware/abov/abov_valley.fw' given more than once in the same rule
make[1]: Leaving directory '/home/sebek/android/system/kernel/samsung/exynos7420'
make[1]: Entering directory '/home/sebek/android/system/kernel/samsung/exynos7420'
INSTALL net/ipv4/tcp_htcp.ko
INSTALL net/ipv4/tcp_westwood.ko
/home/sebek/android/system/kernel/samsung/exynos7420/scripts/Makefile.fwinst:45: target '../../system/lib/firmware/tsp_stm/stm_z1.fw' given more than once in the same rule
/home/sebek/android/system/kernel/samsung/exynos7420/scripts/Makefile.fwinst:45: target '../../system/lib/firmware/abov/abov_valley.fw' given more than once in the same rule
DEPMOD 3.10.61
make[1]: Leaving directory '/home/sebek/android/system/kernel/samsung/exynos7420'
make: Leaving directory '/home/sebek/android/system'
#### make failed to build some targets (26:29 (mm:ss)) ####
Maybe you'd be willing to give me some advice on how I could finish this build ? I am building on Ubuntu 16.04, dl'd the newest kernel from Brandon's git repo.
My best
djseban2 said:
Hi @Astrubale,
I tried to build cm-13.0 with your tutorial, but build fails non-stop on:
Code:
target SharedLib: libexpat (/home/sebek/android/system/out/target/product/zerofltexx/obj/SHARED_LIBRARIES/libexpat_intermediates/LINKED/libexpat.so)
/home/sebek/android/system/out/target/product/zerofltexx/obj/SHARED_LIBRARIES/libexpat_intermediates/lib/xmlparse.o: file not recognized: File format not recognized
collect2: error: ld returned 1 exit status
build/core/shared_library_internal.mk:80: recipe for target '/home/sebek/android/system/out/target/product/zerofltexx/obj/SHARED_LIBRARIES/libexpat_intermediates/LINKED/libexpat.so' failed
make: *** [/home/sebek/android/system/out/target/product/zerofltexx/obj/SHARED_LIBRARIES/libexpat_intermediates/LINKED/libexpat.so] Error 1
make: *** Waiting for unfinished jobs....
make[3]: Nothing to be done for 'dtbs'.
or
Code:
/home/sebek/android/system/out/target/product/zerofltexx/obj/SHARED_LIBRARIES/libcrypto_intermediates/android_compat_hacks.o: file not recognized: File format not recognized
collect2: error: ld returned 1 exit status
build/core/shared_library_internal.mk:80: recipe for target '/home/sebek/android/system/out/target/product/zerofltexx/obj/SHARED_LIBRARIES/libcrypto_intermediates/LINKED/libcrypto.so' failed
make: *** [/home/sebek/android/system/out/target/product/zerofltexx/obj/SHARED_LIBRARIES/libcrypto_intermediates/LINKED/libcrypto.so] Error 1
make: *** Waiting for unfinished jobs....
make: Leaving directory '/home/sebek/android/system'
The solution is to remove xmlparse.o or android_compat_hacks.o and I guess it continues the build. Almost at the end of compilation (I presume) it throws out that very error and after a while I get:
Code:
/home/sebek/android/system/kernel/samsung/exynos7420/scripts/Makefile.fwinst:45: target '/lib/firmware/tsp_stm/stm_z1.fw' given more than once in the same rule
/home/sebek/android/system/kernel/samsung/exynos7420/scripts/Makefile.fwinst:45: target '/lib/firmware/abov/abov_valley.fw' given more than once in the same rule
make[1]: Leaving directory '/home/sebek/android/system/kernel/samsung/exynos7420'
make[1]: Entering directory '/home/sebek/android/system/kernel/samsung/exynos7420'
INSTALL net/ipv4/tcp_htcp.ko
INSTALL net/ipv4/tcp_westwood.ko
/home/sebek/android/system/kernel/samsung/exynos7420/scripts/Makefile.fwinst:45: target '../../system/lib/firmware/tsp_stm/stm_z1.fw' given more than once in the same rule
/home/sebek/android/system/kernel/samsung/exynos7420/scripts/Makefile.fwinst:45: target '../../system/lib/firmware/abov/abov_valley.fw' given more than once in the same rule
DEPMOD 3.10.61
make[1]: Leaving directory '/home/sebek/android/system/kernel/samsung/exynos7420'
make: Leaving directory '/home/sebek/android/system'
#### make failed to build some targets (26:29 (mm:ss)) ####
Maybe you'd be willing to give me some advice on how I could finish this build ? I am building on Ubuntu 16.04, dl'd the newest kernel from Brandon's git repo.
My best
Click to expand...
Click to collapse
Can you send me a screen of /android/system/kernel/samsung/exynos7420/ ?
Astrubale said:
Can you send me a screen of /android/system/kernel/samsung/exynos7420/ ?
Click to expand...
Click to collapse
Sure, it looks like this:
hxxp://imgur.com/M5sAjIo
@edit: I deleted exynos7420 dir and unzipped it (dl'd zip from github) once again, this time through Terminal. Turned out it was something wrong with that, therefore I succeded with building the ROM, but my S6 hangs on "Kernel is not seandroid enforcing", after flashing the ROM (tough luck, I guess). What's more I tried flahyboy's ROM, to see if it's maybe something wrong with my S6 - well, you can say flahyboy's ROM starts instantly, but in-call mic is not working. I'd be grateful for any hints on what might be wrong. One and only thing I noticed is flahyboy's ROM is slightly greater in size (~40MB) that mine.. maybe the build solution did not add something to my zip.. Anyway - great tutorial, thanks for that. Installing AOSP just made me even more anxious to wait for making this system stable :good:
djseban2 said:
Sure, it looks like this:
hxxp://imgur.com/M5sAjIo
@edit: I deleted exynos7420 dir and unzipped it (dl'd zip from github) once again, this time through Terminal. Turned out it was something wrong with that, therefore I succeded with building the ROM, but my S6 hangs on "Kernel is not seandroid enforcing", after flashing the ROM (tough luck, I guess). What's more I tried flahyboy's ROM, to see if it's maybe something wrong with my S6 - well, you can say flahyboy's ROM starts instantly, but in-call mic is not working. I'd be grateful for any hints on what might be wrong. One and only thing I noticed is flahyboy's ROM is slightly greater in size (~40MB) that mine.. maybe the build solution did not add something to my zip.. Anyway - great tutorial, thanks for that. Installing AOSP just made me even more anxious to wait for making this system stable :good:
Click to expand...
Click to collapse
Thank, but can you compile now?
Astrubale said:
Thank, but can you compile now?
Click to expand...
Click to collapse
Yeah, I compiled it at last, but if i flash the zip from out folder, then the phone hangs on first bootsplash ("Galaxy S6") with "Kernel is not seandroid enforcing"
djseban2 said:
Yeah, I compiled it at last, but if i flash the zip from out folder, then the phone hangs on first bootsplash ("Galaxy S6") with "Kernel is not seandroid enforcing"
Click to expand...
Click to collapse
Search for errors inside /proc/last_kmsg
Wow cool clean and easy Guide. Thanks for this.
Weil try myself on that.
Astrubale said:
Search for errors inside /proc/last_kmsg
Click to expand...
Click to collapse
Code:
Samsung S-Boot 4.0 for SM-G920F (Apr 22 2016 - 16:59:51)
EXYNOS7420 EVT 1.3 (Base on ARM CortexA53)
3048MB / 0MB / Rev 11 / G920FXXU3DPDP / (PKG_ID 0x0) / LOT_ID N3N1P / RST_STAT (0x10000)
__if_pmic_rev_init - MUIC API is not ready!
MON: 0x8(1)
MON[0] = (1)[0x1c, 0x7a]
MON[1] = (2)[0x1a, 0x56]
MON[2] = (3)[0x1a, 0x3d]
MON[3] = (4)[0x1c, 0x4e]
MON[4] = (5)[0x1a, 0x39]
MON[5] = (6)[0x1a, 0x30]
MON[6] = (7)[0x15, 0x44]
MON[7] = (0)[0x0c, 0x07]
pmic_asv_init
(ASV_TBL_BASE+0x00)[11:0] bigcpu_asv_group = 2184
(ASV_TBL_BASE+0x00)[15:12] bigcpu_ssa0 = 0
(ASV_TBL_BASE+0x00)[27:16] littlecpu_asv_group = 2457
(ASV_TBL_BASE+0x00)[31:28] littlecpu_ssa0 = 0
(ASV_TBL_BASE+0x04)[11:0] g3d_asv_group = 2184
(ASV_TBL_BASE+0x04)[15:12] g3d_ssa0 = 0
(ASV_TBL_BASE+0x04)[27:16] mif_asv_group = 2184
(ASV_TBL_BASE+0x04)[31:28] mif_ssa0 = 0
(ASV_TBL_BASE+0x08)[11:0] int_asv_group = 3276
(ASV_TBL_BASE+0x08)[15:12] int_ssa0 = 6
(ASV_TBL_BASE+0x08)[27:16] cam_disp_asv_group = 2184
(ASV_TBL_BASE+0x08)[31:28] cam_disp_ssa0 = 0
(ASV_TBL_BASE+0x0C)[3:0] dvfs_asv_table_version = 15
(ASV_TBL_BASE+0x0C)[4] asv_group_type = 0
(ASV_TBL_BASE+0x0C)[7:5] reserved01 = 0
(ASV_TBL_BASE+0x0C)[8] shift_type = 0
(ASV_TBL_BASE+0x0C)[9] ssa1_enable = 0
(ASV_TBL_BASE+0x0C)[10] ssa0_enable = 1
(ASV_TBL_BASE+0x0C)[15:11] reserved02 = 0
(ASV_TBL_BASE+0x0C)[16] asv_method = 1
(ASV_TBL_BASE+0x0C)[31:17] reserved03 = 0
(ASV_TBL_BASE+0x10)[3:0] main_asv_group = 0
(ASV_TBL_BASE+0x10)[7:4] main_asv_ssa = 0
(ASV_TBL_BASE+0x10)[11:8] bigcpu_ssa1 = 0
(ASV_TBL_BASE+0x10)[15:12] littlecpu_ssa1 = 0
(ASV_TBL_BASE+0x10)[19:16] g3d_ssa1 = 0
(ASV_TBL_BASE+0x10)[23:20] mif_ssa1 = 0
(ASV_TBL_BASE+0x10)[27:24] int_ssa1 = 0
(ASV_TBL_BASE+0x10)[31:28] cam_disp_ssa1 = 0
(ASV_TBL_BASE+0x14)[8:0] bigcpu_ssa_ema = 0
(ASV_TBL_BASE+0x14)[17:9] littlecpu_ssa_ema = 0
(ASV_TBL_BASE+0x14)[26:18] g3d_ssa_ema = 0
(ASV_TBL_BASE+0x14)[31:27] reserved04 = 0
chip_status = f, bin2_efuse = 0
muic_register_max77843_apis
muic_is_max77843 chip_id:0x43 muic_id:0xb5 -> matched.
MUIC rev = MAX77843(181)
init_multi_microusb_ic Active MUIC 0xb5
max77843_init_microusb_ic: MUIC: CDETCTRL:0x2d
max77843_init_microusb_ic: MUIC: CONTROL1:0x00
max77843_init_microusb_ic: MUIC: CONTROL2:0x3b
max77843_muic_get_adc_value: STATUS1:0x1f
max77843_muic_get_adc_value: ADC:0x1f
max77843_muic_get_adc_value: STATUS1:0x1f
max77843_muic_get_adc_value: ADC:0x1f
max77843_muic_get_chg_typ: STATUS2:0x00
max77843_muic_get_chg_typ: CHGTYP:0x00
max77843_muic_get_adc_value: STATUS1:0x1f
max77843_muic_get_adc_value: ADC:0x1f
max77843_muic_get_chg_typ: STATUS2:0x00
max77843_muic_get_chg_typ: CHGTYP:0x00
load Secure Payload done.
Chip ID : 060f4d16dd28 / 0x00007700
EL3 monitor information => Built : 16:48:28, Jan 18 2016
bConfigDescrLock: 1
sw_lock success
sw_lock success
sw_lock success
SCSI CMD : 55 11 00 00 00 00 00 00 14 00
SCSI Response(01) : Target Failure
SCSI Status(02) : max77843_set_muic_uart_early: MUIC: CONTROL1: 0x00
max77843_muic_get_adc_value: STATUS1:0x1f
max77843_muic_get_adc_value: ADC:0x1f
[Debug Info.]
S-BOOT : VERSION_-+F0
SecureOS : 20 (MB)
- read_bl1
blk_bread_bootsector: LUN 1, from 0x0, size 0x10, buffer 0x45708000
Verify_Binary_Signature 0x45720120 [email protected], [email protected]
pit_check_signature (PIT) valid.
PARAM ENV VERSION: v1.0..
blk_bread_bootsector: LUN 1, from 0xffe, size 0x1, buffer 0x441204c0
initialize_ddi_data: usable! (3:0xf), warranty reason : (0x0303)
MAGIC_RAM_BASE: 4000000, MAGIC_RAM_BASE2: 100001, ompin: 2000a
[ldfw] Pass LDFW partition!
[ldfw] read whole CM partition from the storage
ldfw: 0th ldfw's version 0x20151027 name : CryptoManagerV20
ldfw: 1th ldfw's version 0x20151203 name : fmp_fw
ldfw: init ldfw(s). whole ldfws size 0x204110
[ldfw] try to init 2 ldfw(s). except 0 ldfw 2 ldfw(s) have been inited done.
[mobi_drv] add: 0x43e71940, size: 11401
MobiCore IDLE flag = 0
MobiCore Driver loaded and RTM IDLE!
[OTP] 27 bit read: 0x5
[OTP] 22 bit read: 0x0
[OTP] 21 bit read: 0x0
[OTP] 23 bit read: 0x1
[OTP] 26 bit read: 0x1
[OTP] NANTIRBK0 bit reading: start
[OTP] NANTIRBK0: 3 bit
[OTP] 28 bit read: 0x1
[OTP] 29 bit read: 0x0
[OTP] 30 bit read: 0x1
[OTP] 25 bit read: 0x1
[OTP] ETC value: 0
[EFUSE] SMC Read the 0x0 ...
[EFUSE] SMC Read Count value: 3
[EFUSE] SMC Read the 0x1 ...
[EFUSE] SMC Read Count value: 1
[EFUSE] SMC Read the 0x2 ...
[EFUSE] SMC Read Count value: 0
[EFUSE] SMC Read the 0x3 ...
[EFUSE] SMC Read Count value: 1
(1,5) vs (1,5)
[EFUSE] This is commercial device.
set_tzpc_secureport: successfully protected 0
eSE Protection!!
Authenticated data read request (Swapped)
Authenticated data read response (Swapped)
RPMB: get hmac value: success
HMAC compare success !!
update_rpmb_version skip.
initialize_secdata_rpmb: usable! (0x52504d42)
DDR SIZE: 3G (0xc0000000)
LPDDR4 manufacturer : Micron
bin2_efuse = 0
[TMU] 52, 53, 51, 51
UFS vendor: SAMSUNG
FW rev : 0200
product : KLUBG4G1BD-E0B1
UFS size (GB) : 32
UFS ID : XXXXXXXXXXXXXXXX
lun:196 Query Response : 0xfc
lun:196 Query Response : 0xfc
lun:196 Query Response : 0xfc
lun:196 Query Response : 0xfc
dNumAllocUnits error at LU7 0 0
PROVISION : FAIL
PROVISION : FAIL
max77843_muic_api_print_init_regs: INTMASK[1:0x00, 2:0x00, 3:0x00]
max77843_muic_api_print_init_regs: MUIC: CDETCTRL:0x2d
max77843_muic_api_print_init_regs: MUIC: CONTROL1:0x00
max77843_muic_api_print_init_regs: MUIC: CONTROL2:0x3b
max77843_muic_api_print_init_regs: MUIC: CONTROL3:0x00
max77843_muic_api_print_init_regs: MUIC: CONTROL4[0x16]:0xb2
init_ific : MAX77843(0)
init_ific : MAX77843(0)
set_float_voltage: max77843 battery cv voltage 0x9c
set_charger_state: buck(1), chg(1), reg(0x05)
max77843_get_charger_status: Invalid charger
set_auto_current: get_charger_status(0)
max77843_muic_get_adc_value: STATUS1:0x1f
max77843_muic_get_adc_value: ADC:0x1f
max77843_muic_get_chg_typ: STATUS2:0x00
max77843_muic_get_chg_typ: CHGTYP:0x00
max77843_muic_get_adc_value: STATUS1:0x1f
max77843_muic_get_adc_value: ADC:0x1f
max77843_muic_get_chg_typ: STATUS2:0x00
max77843_muic_get_chg_typ: CHGTYP:0x00
get_wireless_charger_detect: wireless check 0
get_wireless_charger_detect : CHG_DTLS(0x00)
set_auto_current: unknown_state, curr(475)
max77843_get_charger_status: Invalid charger
get_wireless_charger_detect: wireless check 0
get_wireless_charger_detect : CHG_DTLS(0x00)
set_charger_current: chg curr(137), in curr(0)
max77843_get_charger_status: Invalid charger
get_wireless_charger_detect: wireless check 0
get_wireless_charger_detect : CHG_DTLS(0x00)
fuelguage : wpc_status(0)
set_charger_state: buck(1), chg(0), reg(0x04)
init_fuel_gauge: Start!!
init_fuel_gauge : MAX77843(0)
max77843_muic_get_adc_value: STATUS1:0x1f
max77843_muic_get_adc_value: ADC:0x1f
adc_read_temp temp_adc = 1852
init_fuel_gauge temp = 25
init_fuel_gauge : MAX77843(0)
init_fuel_gauge: Battery type : SDI, capacity: 5177, status: 128
init_fuel_gauge: Already initialized (0x1439, SDI type)
check_validation_with_tablesoc: Start!!
fuel_gauge_read_soc: SOC(32), data(0x209a)
fuel_gauge_read_ocv: VFOCV(3774), data(0xbcba)
calculate_table_soc : low(0) high(6) mid(7) table_soc(0)
calculate_table_soc : low(4) high(6) mid(3) table_soc(0)
calculate_table_soc : low(6) high(6) mid(5) table_soc(0)
calculate_table_soc : low(7) high(6) mid(6) table_soc(0)
calculate_table_soc: vcell [3774] table_soc [31]
differ(1), table_soc(31), RepSOC(32)
max77843_muic_get_adc_value: STATUS1:0x1f
max77843_muic_get_adc_value: ADC:0x1f
max77843_muic_get_chg_typ: STATUS2:0x00
max77843_muic_get_chg_typ: CHGTYP:0x00
fuel_gauge_read_vcell: VCELL(3716), data(0xb9d8)
vcell(3716),soc_diff_limit(50), low_temp_reset(0)
fuel_gauge_read_ocv: VFOCV(3774), data(0xbcba)
fuel_gauge_read_vcell: VCELL(3716), data(0xb9d8)
fuel_gauge_read_soc: SOC(32), data(0x209a)
fuel_gauge_read_vfsoc: VFSOC(30), data(0x1ef3)
init_fuel_gauge : OCV(3774), VCELL(3716), SOC(32), VFSOC(30)
AP_PMIC_SDA = 1
PMIC_ID = 0x12
OTP:0x78 PWR_SEQ:1 G3D_OCP:1 PSoff:1 INT_Volt:1
PMIC_STATUS1 = 0x2f PWRON JIGONB ACOKB MR2B PWRON1S
PMIC_STATUS2 = 0x11 RTC60SE RTC1SE
PMIC_PWRONSRC = 0x08 MRST
PMIC_OFFSRC = 0x00
PMIC_INT1 = 0xc3 PWRONF PWRONR PWRON1S MRB
PMIC_INT2 = 0x11 RTC60S RTC1S
PMIC_INT3 = 0x80 RSVD
PMIC_RTC_CTRL = 0x02
PMIC_RTC_SMPL = 0x83
RTC TIME: 2016-08-13 07:27:29(0x40)AM
s5p_check_keypad: 0x10110000
s5p_check_keypad: recovery mode
set_oneshot_recovery: recovery mode set! sys_bootm=0x80000
s5p_check_reboot_mode: INFORM3 = 0 ... skip
ATLAS_PLL = 1200MHz APOLLO_PLL = 1200MHz MIF_PLL = 3104MHz
MFC_PLL = 468MHz CCI_PLL = 532MHz
BUS0_PLL = 1600MHz BUS1_PLL = 668MHz
board_uart_rustproof ifc_sense: 0
-user build & not FAC
-rustproof mode Enabled
s5p_check_upload: MAGIC(0x4000000), RST_STAT(0x10000)
max77843_muic_get_adc_value: STATUS1:0x1f
max77843_muic_get_adc_value: ADC:0x1f
s5p_check_upload: debug level is LO! (mask: 0x220)
max77843_ific_set_mrstb: TOPSYS: MAINCTRL1[0x02]: [0x07]+[0x07]->[0x07]
s5p_check_upload: disable dump_gpr
max77843_muic_get_adc_value: STATUS1:0x1f
max77843_muic_get_adc_value: ADC:0x1f
s5p_check_download: 0
max77843_muic_get_adc_value: STATUS1:0x1f
max77843_muic_get_adc_value: ADC:0x1f
max77843_get_charger_status: Invalid charger
get_wireless_charger_detect: wireless check 0
get_wireless_charger_detect : CHG_DTLS(0x00)
check_pm_status: charger is not detected
fuel_gauge_read_vcell: VCELL(3718), data(0xb9ea)
check_pm_status: voltage(3718) is ok
check_pm_status: 7 sec reset, continue.
scr_draw_image: draw 'logo.jpg'...
read 'logo.jpg'(112504) completed.
board_set_dev_pm: s2mpb02 enable for display
42, 0, 13, 0x420013
DETECTED LCD TYPE : S6E3HA2
mipi-dsi driver(CMD mode) has been probed.
decon-int: ver0, max win7, command mode, hw trigger
single dsi mode
decon0 registered successfully
afw flag is Unknown [afw flag : 00 00 00 00]
secure info base: 45720000 and SMC Num = 0x83000013
secure smc success!!! [ret = 0]
Set debug level to low(4f4c)
DMV: Successfully informed TZ of boot mode: Recovery
load_kernel: loading boot image from 139264..
kernel size = 0x114f000, ramdisk size = 0x5fc000
dt_size:1454080, dt_actual:1454080
Verify_Binary_Signature 0x45720120 [email protected], [email protected]
Kernel Image
Verify_Binary_Signature: failed.(-18022398)
pit_check_signature (RECOVERY) invalid.
[TIMA trusted boot]: SEANDROID ENFORCING
Set invalid sign flag
No need to update kernel type.
[EFUSE] warranty bit is already set.
ace_hash_sha_digest: passed.(0)
tboot ctx base: 45720248
SMC Num = 0x83000001
mobismc success!!! [ret = 0]
SMC Num = 0x83000007
mobismc for tima info success!!! [ret = 0]
Pass. DTBH size is smaller than a page.
<dtbh_header Info>
magic:0x48425444, version:0x00000002, num_entries:0x00000008
<device info>
chip_id: 0x00001cfc
platform_id: 0x000050a6
subtype_id: 0x217584da
hw_rev: 0x0000000b
dt_entry[06]
chip_id: 0x00001cfc
platform_id: 0x000050a6
subtype_id: 0x217584da
hw_rev: 0x0000000a
hw_rev_end: 0x0000000b
offset: 0x0010a000
dtb size: 0x0002c800
Selected entry hw_ver : 11
dt_entry of hw_rev 10 is loaded at 0x4a000000.(182272 Bytes)
[EFUSE] RB count: device(0x3), binary(0x3)
[OTP] SW LOCK Success
DDI value :0x0000000f
sw_lock success
sw_lock success
Forced Enable KAP
Warranty Bit Set - Blowing KAP_VIOLATION_FUSE
KAP status = 5afe0003
ATAG_CORE: 5 54410001 0 0 0
ATAG_MEM: 4 54410002 20000000 40000000
ATAG_MEM: 4 54410002 20000000 60000000
ATAG_MEM: 4 54410002 20000000 80000000
ATAG_MEM: 4 54410002 20000000 A0000000
ATAG_MEM: 4 54410002 20000000 C0000000
ATAG_MEM: 4 54410002 1E800000 E0000000
ATAG_SERIAL: 4 54410006 XXXXXXXX XXXXXXXX
ATAG_INITRD2: 4 54420005 43000000 5fbd8f
ATAG_REVISION: 3 54410007 b
check_rustproof [0,0] On
ucs flag is Unknown
ucs flag : 00 00 00 00
ATAG_CMDLINE: f0 54410009 'console=ram loglevel=4 bootmode=2 sec_debug.level=0 sec_watchdog.sec_pet=5 androidboot.hardware=samsungexynos7420 androidboot.debug_level=0x4f4c ess_setup=0x46000000 [email protected] [email protected] charging_mode=0x3000 s3cfb.bootloaderfb=0xe2a00000 sysscope=0x6b090719 lcdtype=4325395 consoleblank=0 lpj=239616 sec_debug.reset_reason=5 ehci_hcd.park=3 oops=panic pmic_info=35 cordon=c34c0eba5576148dc662cf43a6352c3b connie=SM-G920F_OPEN_EUR_c3811d70601ea690b7b0b2afca80be2c fg_reset=0 androidboot.emmc_checksum=3 androidboot.boot_salescode= androidboot.odin_download=1 androidboot.bootloader=G920FXXU3DPDP androidboot.selinux=enforcing androidboot.security_mode=1526595585 androidboot.ucs_mode=0 androidboot.hw_rev=11 androidboot.warranty_bit=1 androidboot.hmac_mismatch=0 androidboot.sec_atd.tty=/dev/ttySAC1 androidboot.serialno=XXXXXXXXXXXXXXXX snd_soc_core.pmdown_time=1000 zero_sdchg_ic=0 androidboot.fmp_config=0'
ATAG_NONE: 0 0
pack_atags: ramdisk size start 0x43000000, size 0x5fbd8f
Updating device tree @0x4a000000: done
Starting kernel at 0x40205000...
SWITCH_SEL(3)
BOOTING TIME : 2895
Here it is, mate. I can't seem to find anything suspicious besides
Code:
dNumAllocUnits error at LU7 0 0
PROVISION : FAIL
PROVISION : FAIL
but I can only guess
Hi I am having problems compiling due to the kernel. Which kernel source should I use? How should I configure it? Help pleaase
Added "extract files" guide.
Whenever I try to download the CyanogenMod repo, I get this error:
error: Exited sync due to fetch errors
I've tried using: repo sync -f and: repo sync --force-sync
I'm trying to download the CM13 repo.
I've also followed the steps exactly as they were written.
I'm trying to build cm-14.0. Fails at
HTML:
Starting build with ninja
ninja: Entering directory `.'
ninja: error: '/home/julian/android/system/out/target/product/zerofltexx/obj_arm/SHARED_LIBRARIES/libsecril-client_intermediates/export_includes', needed by '/home/julian/android/system/out/target/product/zerofltexx/obj_arm/SHARED_LIBRARIES/audio.primary.universal7420_intermediates/import_includes', missing and no known rule to make it
build/core/ninja.mk:151: recipe for target 'ninja_wrapper' failed
make: *** [ninja_wrapper] Error 1
make: Leaving directory '/home/julian/android/system'
.
Any ideas what could be wrong?
/android/system/kernel/samsung/exynos7420 contains github.com/CyanogenMod/android_kernel_samsung_exynos7420 cm-14.0.
Thanks for the great guide anyway