Hi!
Has anyone luck with the TyTN and Linux? Have tried the synce package with synce-kde (raki) but there was no success.
There is a new eth dev unsing the rndis driver, and there is an ip connection between 169.254.2.1 <> 169.254.2.2 but nothing more
Any success on mounting as a mass storage dev?
There used to be a problem syncing with WM6. But recently I've been able to do it using the old usbserial method and the ipaq module. I haven't tried the GUI stuff, but the basic synce tools work fine. Mass storage mounting also works.
I'm in the same problem with synce and raki... my tytn don't understand my ubuntu?
I've searched a lot about this and doesn't works.
The only solution that works for me at the moment (may be the worst) is install a winXP in a VirtualBox but I know that it's not the better solution, and the "seamless" option of virtualbox last edition doesn't works for me...
Anybody has more info about linux, activesync and Hermes (wm5 o 6) ...
Please help!!
Well, as I've said, it works fine here with Gentoo and WM6.
- on the Hermes under Connections -> USB to PC, disable the advanced functionality.
- get synce and odccm
- in the kernel, enable usbserial and ipaq
Then your Hermes should be recognized as something like /dev/tts/USB0
I just use a little script like this:
Code:
synce-serial-config /dev/tts/USB0 192.168.0.101:192.168.0.102
sleep 1
odccm
sleep 1
synce-serial-start
If it works, you should see something like this:
Code:
0:192.168.0.101:192.168.0.102
You can now run synce-serial-start to start a serial connection.
Serial connection established.
Using interface ppp0
Connect: ppp0 <--> /dev/tts/USB0
local IP address 192.168.0.101
remote IP address 192.168.0.102
And then the basic synce tools like pls, pcp, etc., should work.
To get this working on Ubuntu you have to compile the whole synCE set of software (synce, rapi, odccm etc.) from SVN. This is done in this Guide:
http://ubuntuforums.org/showthread.php?t=345176
Just use that guide for instructions on how to compile from SVN, ignore the kernel patching and usb drivers and so on unless you're feeling masochistic.
For feisty, you can still use ipaq as demonstrated here, just stop after you have compiled and installed the synce packages. After that the aforementioned guide tries to compile the new drivers which requires kernel patching, pain, and suffering.
So, after compiling the newer synce, switch over to xor's instructions.
I've made a little Sync-with-Linux page for the Hermes Wiki. Feel free to contribute.
gentoo packages
Hi _xor,
I'm trying to get my Prophet WM6-upgraded PDA connected to my 2.6.23-tuxonice-r6 powered Gentoo Linux but couldn't make it work. I'm trying to use it as a GPRS modem and to sync it too (priority 2 actually).
How did you get odccm installed? app-pda/synce-dccm doesn't have it and there is no odccm at all.
Or yet better, what packages did you install? (I'm using KDE as my window manager as you do).
BTW, the links on the wiki are no longer valid and couldn't get to them through google too.
EDIT: I could make it work!!!!!
The problem was somehow related to the PPP connection not establishing the IP address correctly:
Jan 27 14:29:45 RJZ-LNX usb 2-2: new full speed USB device using uhci_hcd and address 23
Jan 27 14:29:45 RJZ-LNX usb 2-2: configuration #1 chosen from 1 choice
Jan 27 14:29:45 RJZ-LNX ipaq 2-2:1.0: PocketPC PDA converter detected
Jan 27 14:29:45 RJZ-LNX usb 2-2: PocketPC PDA converter now attached to ttyUSB0
Jan 27 14:29:51 RJZ-LNX synce-serial-start: Executing '/usr/sbin/pppd call synce-device'
Jan 27 14:29:51 RJZ-LNX pppd[28592]: pppd 2.4.4 started by root, uid 0
Jan 27 14:29:53 RJZ-LNX pppd[28592]: Serial connection established.
Jan 27 14:29:53 RJZ-LNX pppd[28592]: using channel 13
Jan 27 14:29:53 RJZ-LNX pppd[28592]: Using interface ppp0
Jan 27 14:29:53 RJZ-LNX pppd[28592]: Connect: ppp0 <--> /dev/ttyUSB0
Jan 27 14:29:53 RJZ-LNX odccm[28560]: DEBUG: _odccm_interface_address: waiting for IP address on ppp0
Jan 27 14:29:54 RJZ-LNX odccm[28560]: DEBUG: _odccm_interface_address: waiting for IP address on ppp0
Jan 27 14:29:54 RJZ-LNX pppd[28592]: sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x1ce61ea3> <pcomp> <accomp>]
Jan 27 14:29:55 RJZ-LNX odccm[28560]: DEBUG: _odccm_interface_address: waiting for IP address on ppp0
Jan 27 14:29:56 RJZ-LNX odccm[28560]: DEBUG: _odccm_interface_address: waiting for IP address on ppp0
Jan 27 14:29:57 RJZ-LNX odccm[28560]: DEBUG: _odccm_interface_address: waiting for IP address on ppp0
Jan 27 14:29:57 RJZ-LNX pppd[28592]: sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x1ce61ea3> <pcomp> <accomp>]
Jan 27 14:30:00 RJZ-LNX pppd[28592]: sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x1ce61ea3> <pcomp> <accomp>]
Jan 27 14:30:03 RJZ-LNX pppd[28592]: sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x1ce61ea3> <pcomp> <accomp>]
Jan 27 14:30:06 RJZ-LNX pppd[28592]: sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x1ce61ea3> <pcomp> <accomp>]
Jan 27 14:30:09 RJZ-LNX pppd[28592]: sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x1ce61ea3> <pcomp> <accomp>]
Jan 27 14:30:12 RJZ-LNX pppd[28592]: sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x1ce61ea3> <pcomp> <accomp>]
Jan 27 14:30:15 RJZ-LNX pppd[28592]: sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x1ce61ea3> <pcomp> <accomp>]
Jan 27 14:30:18 RJZ-LNX pppd[28592]: sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x1ce61ea3> <pcomp> <accomp>]
Jan 27 14:30:21 RJZ-LNX pppd[28592]: sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x1ce61ea3> <pcomp> <accomp>]
Jan 27 14:30:24 RJZ-LNX pppd[28592]: LCP: timeout sending Config-Requests
Jan 27 14:30:24 RJZ-LNX pppd[28592]: Connection terminated.
Jan 27 14:30:24 RJZ-LNX pppd[28592]: Modem hangup
Jan 27 14:30:24 RJZ-LNX pppd[28592]: Exit.
I just re-enabled and disabled again the "enable advanced network functionality" on the PDA while it was connected to my PC and it started to work:
Jan 27 14:42:09 RJZ-LNX usb 2-2: new full speed USB device using uhci_hcd and address 27
Jan 27 14:42:09 RJZ-LNX usb 2-2: configuration #1 chosen from 1 choice
Jan 27 14:42:09 RJZ-LNX ipaq 2-2:1.0: PocketPC PDA converter detected
Jan 27 14:42:09 RJZ-LNX usb 2-2: PocketPC PDA converter now attached to ttyUSB0
Jan 27 14:42:32 RJZ-LNX synce-serial-start: Executing '/usr/sbin/pppd call synce-device'
Jan 27 14:42:32 RJZ-LNX pppd[30637]: pppd 2.4.4 started by root, uid 0
Jan 27 14:42:35 RJZ-LNX pppd[30637]: Serial connection established.
Jan 27 14:42:35 RJZ-LNX odccm[28560]: DEBUG: _odccm_interface_address: waiting for IP address on ppp0
Jan 27 14:42:35 RJZ-LNX pppd[30637]: Using interface ppp0
Jan 27 14:42:35 RJZ-LNX pppd[30637]: Connect: ppp0 <--> /dev/ttyUSB0
Jan 27 14:42:35 RJZ-LNX pppd[30637]: local IP address 192.168.131.102
Jan 27 14:42:35 RJZ-LNX pppd[30637]: remote IP address 192.168.131.201
Jan 27 14:42:36 RJZ-LNX odccm[28560]: DEBUG: _odccm_interface_address: found matching interface
Jan 27 14:42:36 RJZ-LNX odccm[28560]: DEBUG: PDA network interface discovered! udi='/devices/virtual/net/ppp0'
Jan 27 14:42:40 RJZ-LNX odccm[28560]: DEBUG: device_info_received
Jan 27 14:42:40 RJZ-LNX odccm[28560]: DEBUG: f1 ea 81 50 c4 44 98 68 41 c3 2e e3 1d ef d0 5f 05 00 00 00 02 00 00 00 0b 00 00 00 57 00 4d 00 5f 00 7a 00 61 00 70 00 70 00 61 00 63 00 6f 00 72 00 00 00 05 02 74 07 11 0a 00 00 05 00 00 00 2d 6e cb 62 00 00 00 00 0f 00 00 00 50 6f 63 6b 65 74 50 43 00 53 53 44 4b 00 00 07 00 00 00 57 49 5a 41 32 30 30 00 02 00 00 00 05 00 00 00 02 00 00 00 05 00 00 00 02 00 00 00 00 00 00 00 10 00 00 00 0c 00 00 00 5d 00 00 00 01 00 00 00
Jan 27 14:42:40 RJZ-LNX odccm[28560]: DEBUG: extradata:
Jan 27 14:42:40 RJZ-LNX odccm[28560]: DEBUG: 10 00 00 00 0c 00 00 00 5d 00 00 00 01 00 00 00
Jan 27 14:42:40 RJZ-LNX odccm[28560]: Message: device_info_received: registering object path '/org/synce/odccm/Device/_5081EAF1_44C4_6898_41C3_2EE31DEFD05F_'
I'll try later some cool apps, if any...
Related
Hi,
I seem to have lost the ability to activate wifi. Neither the "Comm Manager" nor the 'Wireless LAN" applications are able to turn wifi on. Also, the wifi details are not shown under the "Wireless" Today panel.
The device has been flashed quite a lot recently. I have tried reflashing the original phones roms, the v3 unlock radio rom, and the 2.05 & 2.11 HTC roms; none of these seem to have solved the problem.
Also, possibly the cause, I ran an 'erase 80000000 d80000' & 'erase 0x80100000 0x20000' (radio(?) & radio bootloader(?) from wiki.
Would reflashing the data that was deleted by the above two erases help? (in case a normal re-flash doesn't touch these areas).
I have searched through the forums and the wiki but I'm unable to find a similar problem, so if anyone has any ideas that would be appreciated.
thanks
rob-ix
WHOOPS just saw http://forum.xda-developers.com/showthread.php?t=295211 so this post my not have been required. But, I gotta read it first, so put this on hold for a few mins
Booting using Platform Builder gives the following possible answer for the problem:
20161 PID:239ceb52 TID:23862ede CertVerify: TIACXWLN.dll trust = 2
20179 PID:2375059e TID:23862ede no EEPROM no WLAN!!
I've tried, changing via HTweakC, to allow non-trusted apps to be used but this hasn't changed things.
If anyone can answer these questions or point me in the right direction to answer/fix them it would be appreciated:
1, Is the 'no EEPROM no WLAN' error being caused by 'trust = 2' on the above dll or is in fact caused by having no wlan EEPROM?
2, Is this EEPROM a real one or one simulated via the flash/NAND?
3, Can this data be re-written/flashed?
thanks
Rob-ix
rob-ix said:
1, Is the 'no EEPROM no WLAN' are being caused by 'trust = 2' on the above dll or is in fact caused by having no wlan eeprom?
Click to expand...
Click to collapse
By having EEPROM erased or corrupted.
2, Is this EEPROM a real one or one simulated via the flash/NAND?
Click to expand...
Click to collapse
I think it is inside the MSM6275 chip.
3, Can this data be re-written/flashed?
Click to expand...
Click to collapse
No that i know of.
pof said:
By having EEPROM erased or corrupted.
Click to expand...
Click to collapse
I ran these commands via the BL at one point to try to clear the radio, could these have been responsibile?
erase 80000000 d80000
erase 80100000 20000
thanks
rob-ix
not sure, let me check if i can get a dump of that...
did you actually use 'erase' from bootloader, or 'rerase' from radio bootloader?
where you successfully authenticated to the bootloader/radio bootloader when you did that?
Pof,
pof said:
not sure, let me check if i can get a dump of that...
Click to expand...
Click to collapse
Great. Then I should be able to compare the two dumps.
did you actually use 'erase' from bootloader, or 'rerase' from radio bootloader? where you successfully authenticated to the bootloader/radio bootloader when you did that?
Click to expand...
Click to collapse
I used 'erase' from the bootloader, and I believe I was authenticated at the time.
thanks
Rob
rob-ix said:
Then I should be able to compare the two dumps.
Click to expand...
Click to collapse
bootloader command 'rbmc' dumps nothing on that addreses
go into bootloader, type these commands:
Code:
task 32
task 37 ff
tell me the output of the second
task 37 ff - output
pof said:
go into bootloader, type these commands:
Code:
task 32
task 37 ff
tell me the output of the second
Click to expand...
Click to collapse
Please see attached.
thanks
Rob
Seems that you have erased the EEPROM:
Code:
03/24/2007 23:53:25 [K :: KERNEL] HTC Nand Read!
03/24/2007 23:53:25 [K :: KERNEL] Kernel: EEPROM signature=FF FF FF FF FF
03/24/2007 23:53:25 [K :: KERNEL] HTC Nand Read!
03/24/2007 23:53:25 [K :: KERNEL] Kernel: EEPROM signature Old=FF FF FF FF FF
[...]
CertVerify: TIACXWLN.dll trust = 2
no EEPROM no WLAN!!
On a normal hermes this looks like this:
Code:
05/01/2006 00:00:00 [K :: KERNEL] HTC Nand Read!
05/01/2006 00:00:00 [K :: KERNEL] Kernel: EEPROM signature=50 12 EE 0 2
05/01/2006 00:00:00 [K :: KERNEL] Kernel: EEPROM1 Checksum=0xbd4ccc54
05/01/2006 00:00:00 [K :: KERNEL] HTC Nand Read!
05/01/2006 00:00:00 [K :: KERNEL] Kernel: EEPROM signature Old=50 12 EE 0 2
05/01/2006 00:00:00 [K :: KERNEL] Kernel: EEPROM2 Checksum=0xbd4ccc54
If I find anything for you to try I'll let you know.
Pof,
pof said:
Seems that you have erased the EEPROM:
Click to expand...
Click to collapse
That makes sense. Do you know if it's a real EEPROM or just some flash pretending to be EEPROM? Would GNU Haret be able to dump/reload the information?
thanks
Rob
would HTC have to replace the entire mainboard for this to be fixed, or do they have a tool that could reflash the EEPROM with a new mac adress and such
In theory, should be possible to reflash via bootloader EMAPI commands, but we don't know how to use them, sure HTC knows... but in service centre they most probably will replace the mainboard for that.
pof said:
In theory, should be possible to reflash via bootloader EMAPI commands, but we don't know how to use them, sure HTC knows... but in service centre they most probably will replace the mainboard for that.
Click to expand...
Click to collapse
... thats not good, how much do you think that would cost? over $300?
is there anyway to emulate the EEPROM or put the MAC address in the registry?
task 37 ff output
Output of task 37 ff scrolls way too much overflowing the screen buffer. I don't see a log option in the mtty I downloaded from wiki pages. What's the method to capture large output like that?
TIA
@cjchriscj: no
@aarman: type "task 37 ff" and pull out the USB cable before the buffer grows too big.
Is it possible that people having this problem have flashed _too big_ a OS.nb file using MFG bootloader before having the problem?
I have the feeling that WLAN EEPROM is read from NAND flash, if we manage to find the right offset we can probably rbmc to read it and reflash it with lnb.
I have the same problem
05/23/2006 23:57:46 [K :: KERNEL] HTC Nand Read!
05/23/2006 23:57:46 [K :: KERNEL] Kernel: EEPROM signature=FF FF FF FF FF
05/23/2006 23:57:46 [K :: KERNEL] HTC Nand Read!
05/23/2006 23:57:46 [K :: KERNEL] Kernel: EEPROM signature Old=FF FF FF FF FF
05/23/2006 23:57:46 [K :: KERNEL]
If i understand that pof say for resolve my probleme i need the lnb wifi ?
The offset is not 0xb6d00000 0x20000000 ?
working on it
ok, good news for those who have ****ed up wlan EEPROM...
I was able to rbmc the right place where the WLAN eeprom is stored, as a proof of concept:
This is my MAC address: 00:09:2d:f1:f2:d3
This is the EEPROM signature reported by "task 32 ff": 50 12 EE 0 2
Code:
[B][COLOR="DarkGreen"]50 12 EE 00 02[/COLOR][/B] 00 00 00 06 00 00 00 A1 01 00 00 P.î.........¡...
43 50 AA 80 00 00 00 00 00 00 00 00 00 00 00 00 CPª?............
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
02 11 56 05 1B 06 00 11 31 01 00 01 09 56 12 00 ..V.....1....V..
00 00 01 0D 56 71 00 00 00 02 6D 54 [B][COLOR="DarkRed"]D3 F2 F1 2D[/COLOR][/B] ....Vq..........
[B][COLOR="DarkRed"]09 00[/COLOR][/B] 00 00 01 05 5A 64 00 00 00 01 09 5A 00 00 ......Zd.....Z..
00 00 01 0D 5A 00 00 00 00 01 01 0C 03 00 00 00 ....Z...........
01 01 5A 00 00 00 00 01 55 09 01 00 00 00 01 E5 ..Z.....U......å
58 02 00 00 00 01 F1 58 08 00 00 00 01 D5 58 10 X.....ñX.....ÕX.
00 00 00 01 B1 58 04 00 00 00 00 00 00 00 00 00 ....±X..........
00 0C 00 8B 00 C6 00 D0 00 DC 00 EE 00 0C 01 15 ...?.Æ.Ð.Ü.î....
01 17 01 2D 01 67 01 77 01 7F 01 01 39 00 00 11 ...-.g.w...9...
00 04 01 01 01 00 05 01 06 00 02 01 02 01 02 1E ................
00 0A 00 02 05 02 04 11 22 44 03 06 41 20 30 31 ........"D..A 01
32 40 04 09 54 49 20 41 43 58 31 30 30 05 07 54 [email protected] ACX100..T
49 20 54 65 73 74 01 08 00 00 00 00 00 00 00 00 I Test..........
05 02 00 00 3B 00 81 00 C5 00 1F 01 04 04 44 10 ....;..Å.....D.
00 00 45 10 00 00 18 5A 40 00 14 5A 20 00 02 0E [email protected] ...
A0 01 F7 00 08 01 7E 02 78 00 B2 01 8A 09 80 00 .÷...~.x.².?.?.
F7 00 08 01 79 02 78 00 A4 01 8A 09 01 07 00 01 ÷...y.x.¤.?.....
40 00 00 00 01 00 00 05 04 00 01 01 00 00 00 00 @...............
FF FF FF FF FD FD FD FD FB FB FB FB FB 0E 04 09 ÿÿÿÿýýýýûûûûû...
09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 ................
09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 ................
09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 ................
09 09 09 09 09 09 09 0E 01 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 03 02 D4 08 D4 08 07 00 01 .........Ô.Ô....
This is on NAND, around offset 0x500CD800 (after SPL and before MainSplash).
Probably this can be overwriten with 'lnb' command on MFG bootloader, i'm investigating this with Olipro right now.
If anyone wants to serve as a guinea pig, let us know
I am trying to connect my phone to a device with the phone acting as the host (using the OTG USB cable).
Once connected, I have new entry "usb0" when I do ifconfig.
I assigned 192.168.3.100 to the phone and 192.168.3.99 to the device.
When I do a tcpdump, I saw that the arp request from the phone got to the device correctly, the device answered corrected but by the time it gets to the phone, it is no longer correct. I suspect that this is the problem within the u_ether driver/gadget.
When the device reply to the ARP request, tcpdump on the device gives:
2 0.000091 5a:65:6b:1b:de:37 62:18:d4:57:77:6c ARP 42 192.168.3.99 is at 5a:65:6b:1b:de:37
Frame 2: 42 bytes on wire (336 bits), 42 bytes captured (336 bits)
Ethernet II, Src: 5a:65:6b:1b:de:37 (5a:65:6b:1b:de:37), Dst: 62:18:d4:57:77:6c (62:18:d4:57:77:6c)
0000 62 18 d4 57 77 6c 5a 65 6b 1b de 37 08 06 00 01 b..WwlZe k..7....
0010 08 00 06 04 00 02 5a 65 6b 1b de 37 c0 a8 03 63 ......Ze k..7...c
0020 62 18 d4 57 77 6c c0 a8 03 64 b..Wwl.. .d
Which is correct. However, tcpdump on the phone gives:
2 0.000030 CatenaNe_65:6b:1b AvlabTec_00:06:04 0xde37 28 Ethernet II
Frame 2: 28 bytes on wire (224 bits), 28 bytes captured (224 bits)
Ethernet II, Src: CatenaNe_65:6b:1b (00:02:5a:65:6b:1b), Dst: AvlabTec_00:06:04 (00:01:08:00:06:04)
0000 00 01 08 00 06 04 00 02 5a 65 6b 1b de 37 c0 a8 ........ Zek..7..
0010 03 63 62 18 d4 57 77 6c c0 a8 03 64 .cb..Wwl ...d
From the look of it, the section "62 18 d4 57 77 6c 5a 65 6b 1b de 37 08 06" is missing from the frame.
I suspected that I have to make changes to "drivers/usb/gadget/u_ether.c" and/or "drivers/net/usb/cdc_ether.c" but I am not so sure. Do you know where is the good place to start tackling this problem? I tried to put printk statements everywhere in those files but it proved fruitless.
I have tried to do "ethernet over usb" with a Windows machine (RNDIS) and that worked properly.
Thank you.
bug in usbnet driver
The problem I found out was that there were two consecutive calls to "remove header" in the driver.
Hallo, I found that every custom boot image for Xperia GO is not property packed, have wrong kernel base and wrong initrd base address and cause big battery drain so I generated proper boot image with right base adress and with included all 3 files inside (kernel, ramdisk and elf.3) like stock, unsecured and in SIN format + my version of the CWM recovery! Here is tutorial how to propertly root your Xperia Go!
Before you going to install this "pack" you need to unlock your bootloader!
After unlocking bootloader procedure for installing boot image and root tools is:
install boot image:
fastboot flash boot kernel.sin
install root tools:
adb remount
adb push su /system/xbin/
adb push busybox /system/xbin/
adb install Superuser.apk
adb shell
cd /system/xbin
chmod 6755 su
chmod 6755 busybox
/system/xbin/busybox --install -s /system/xbin/
Than you are done! Just last step you need to do:
establish internet connection on your phone
go to aplications
run superuser
under superuser menu click to "tap to ckeck for updates" (see picture http://img52.imageshack.us/img52/2097/screenshot201209151603.png) and update your super user... make sure to give and "remember" permision for superuser app!
Done! Enjoy!
Kernel source:
I have no source! I used prebuilt stock kernel from firmware 6.0.B.3.184CE
Tip and tricks for my CWM version:
Did you know about our CWM that you can change menu and text colors, backgrounds? Yes you can do it by puting menu.txt into ramdisk /res/images folder by writing to menu.txt for example:
122,122,122,255,255,255
First 3 numbers is rgb color for menu and seccond 3 numbers is rgb color for text !!!
Here is some creative skins done to my HTC HD2 recovery by mlkjuggalo:
http://forum.xda-developers.com/attachment.php?attachmentid=873816&d=1327602621
http://forum.xda-developers.com/attachment.php?attachmentid=918464&d=1330133568
http://forum.xda-developers.com/attachment.php?attachmentid=919565&d=1330197024
http://forum.xda-developers.com/attachment.php?attachmentid=920011&d=1330223710
http://forum.xda-developers.com/attachment.php?attachmentid=922328&d=1330363561
http://forum.xda-developers.com/attachment.php?attachmentid=922789&d=1330384481
http://forum.xda-developers.com/attachment.php?attachmentid=923476&d=1330430278
http://forum.xda-developers.com/attachment.php?attachmentid=925079&d=1330523453
http://forum.xda-developers.com/attachment.php?attachmentid=925252&d=1330533287
http://forum.xda-developers.com/attachment.php?attachmentid=925800&d=1330560509
I will integrate tool in sony menu for "one click" skins modification soon! Let me know if you want these option!
Credits:
full credits to author of the Clockworkmod Recovery
LeTama for great sin2raw tool
every other who helped and tested our recovery
Please read this Simple diference between Gingerbread and ICS boot+CWM
Download V6:
http://d-h.st/aPJ
New version for 6.0.B.3.184 is out.. Clockwork Recovery included!
Play with recovery on your own risk... I am not responsible if you lose your data!
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
21.Sep.2012:
Changelog:
added my own modified version of the Clockwork Recovery
Recovery:
adb fixed - you need to restart adb trought menu and wait 30 sec until adb is reinited
battery indicator (icon) in real time
leds indicator in real time
button backlight enabled
you can mount internal sd card
you can mount external sd card
you can backup/restore from/to internal sd card
you can backup/restore from/to external sd card
23.Sep.2012:
Changelog:
Recovery:
new menu and tool (Big thanks Letama for great tool!!!) -> my modification to his tool is: backported to arm, backported to recovery, created easy sin to tar packer. This recovery tool is for easilly "in one click" repacking upcoming ICS firmwares! Just place your system.sin into internal sd card, reboot to recovery, under menu click to sony tools, and you will get your system.sin unpacked to system.tar... enjoy!
removed adb fix, now adbd is auto enabled on boot... (you just need to wait ~30 seconds until adb and mass storage mode is inited!)
27.Oct.2012:
Changelog:
Recovery V2:
all features backported from my ICS bassed CWM but only not kernel and not touch, all other features is the same like in ICS CWM!
30.Oct.2012:
Changelog:
Recovery V3:
forgot to include patch for assert board detection in updater-script, it's fixed now!
31.Oct.2012:
Changelog:
Recovery V5 (final version, no supporting anymore, sorry):
init.d support (you need to create init.d folder in /system/etc !)
Please do not create mirored links!
Thank you. can you tell me what rom work whit go whit this? Are you tryed Cyanogenmod or any other mod ?
kala123 said:
Thank you. can you tell me what rom work whit go whit this? Are you tryed Cyanogenmod or any other mod ?
Click to expand...
Click to collapse
This is for ST27i_6.0.B.3.184_CE.ftf ...other rooms I not tried! Curently I waiting oficial ICS from Sony so than I will play with CM source ... I spent whole day to get this CWM full working so enjoy! If something missing please let me know! Comming features soon!
Thanks. The GO should get an own forum here.
Sola, p, u, got but the sxgo not.
New recovery is out...see changelog in seccond post! You can easilly unpack an ICS system.sin (encrypted ext4 image) and convert it to tar archive + log file about files,folders,uids,gids permissions that was in these image, so you can easilly create recovery compatible zip for flashing trought recovery. Enjoy!
P.S. Moderators, please give us dedicated forum space for Xperia Go like all other 2012 Xperia models... thank you!!!
What you think about this CM9 sources?
https://github.com/CyanogenMod/sony-kernel-u8500
https://github.com/CyanogenMod/android_device_sony_nypon
https://github.com/CyanogenMod/android_device_sony_montblanc-common
...I think these sources will be good start point for our Xperia Go ?
No battery improvement
munjeni said:
Hallo, I found that every custom boot image for Xperia GO is not property packed, have wrong defined memory offset for unpacking to memory and cause big battery drain
Click to expand...
Click to collapse
Hello munjeni,
I have installed this kernel and monitored its battery consumption, but I'm afraid I cannot confirm your positive findings. Battery drain* is exactly as with other kernels, for instance Krachlatte's one here (which also includes additional perks like more governors and iptables support):
http://forum.xda-developers.com/showthread.php?t=1839865
So the battery drain you've experienced with other kernels might be unrelated to any wrongly defined memory offsets.
* This means that after disabling a lot of Sony and Google bloatware, battery life is satisfactory (around 3 to 4 days with very light use). The only flaky component seems to be WiFi - when it is on, battery consumption is inconsistent (which is OK so far and known to happen). Trouble is that even after disabling WiFi, its processes sometimes (not always) seem to remain active, generating lots of kernel wakelocks and eating into battery life. This behaviour unfortunately persists with this kernel too.
Nonetheless it's a good thing if you've managed to correct an error that has been made by devs who provided previous kernels. Thanks for your work!
Lebenita
Ok, but I tried two versions but all had that battery drain so I analysed stock kernel by disasembling him and found these things was wrong in custom boot images... So right command for generating boot image is:
python mkelf.py -o kernel.elf [email protected]00008000 [email protected],ramdisk
than you need to hex edit generated boot image:
Code:
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
00000000 7F 45 4C 46 01 01 01 61 00 00 00 00 00 00 00 00 .ELF...a........
00000010 02 00 28 00 01 00 00 00 00 80 00 00 34 00 00 00 ..(......€..4...
00000020 00 00 00 00 00 00 00 00 34 00 20 00 [COLOR="Red"]02[/COLOR] 00 00 00 ........4. .....
0x02 mean 2 parts so to include third part (elf.3) you need to change 0x02 to 0x03
than you need to inject elf.3 by hex editing and implementing these elf.3 between 0x70 and 0x4d0 offset, final kernel.elf looks like:
Code:
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
00000000 7F 45 4C 46 01 01 01 61 00 00 00 00 00 00 00 00 .ELF...a........
00000010 02 00 28 00 01 00 00 00 00 80 00 00 34 00 00 00 ..(......€..4...
00000020 00 00 00 00 00 00 00 00 34 00 20 00 [COLOR="Red"]03[/COLOR] 00 00 00 ........4. .....
00000030 00 00 00 00 01 00 00 00 00 10 00 00 00 80 00 00 .............€..
00000040 00 80 00 00 D4 D8 3A 00 D4 D8 3A 00 00 00 00 00 .€..ÔŘ:.ÔŘ:.....
00000050 00 00 00 00 01 00 00 00 D4 E8 3A 00 00 00 00 01 ........Ôč:.....
00000060 00 00 00 01 CB 58 23 00 CB 58 23 00 00 00 00 80 ....ËX#.ËX#....€
00000070 [COLOR="Red"]00 00 00 00 53 49 4E 21 94 00 00 00 00 00 00 00 ....SIN!”.......
00000080 00 00 00 00 30 04 00 00 30 04 00 00 04 00 00 00 ....0...0.......
00000090 04 00 00 00 02 00 00 00 04 2D 01 00 00 00 00 00 .........-......
000000A0 00 00 52 00 00 00 00 00 00 00 94 20 F1 77 14 10 ..R.......” ńw..
000000B0 CF 4B CB EE F8 6C 64 9C F3 CC B3 8D 6C 24 C1 D6 ĎKËîřldśóĚłŤl$ÁÖ
000000C0 6B 6F 68 B2 9B 23 A4 3B CF C1 52 39 00 00 04 C4 koh˛›#¤;ĎÁR9...Ä
000000D0 00 49 84 EC 20 D9 C4 BB 73 4F EF C1 32 58 AF 09 .I„ě ŮÄ»sOďÁ2XŻ.
000000E0 7F 35 E4 A1 3B 5A 24 AA ED 25 0E AD 1C 00 FA D9 .5äˇ;Z$Şí%.*..úŮ
000000F0 63 CB 77 9F 09 00 00 03 C8 00 01 02 C1 02 BF 30 cËwź....Č...Á.ż0
00000100 82 02 BB 30 82 01 A3 A0 03 02 01 02 02 01 02 30 ‚.»0‚.Ł .......0
00000110 0D 06 09 2A 86 48 86 F7 0D 01 01 0B 05 00 30 17 ...*†H†÷......0.
00000120 31 15 30 13 06 03 55 04 03 14 0C 53 31 5F 52 6F 1.0...U....S1_Ro
00000130 6F 74 5F 33 30 36 35 30 1E 17 0D 31 31 31 31 31 ot_30650...11111
00000140 38 31 33 33 39 33 33 5A 17 0D 33 31 31 31 32 30 8133933Z..311120
00000150 31 33 33 39 33 33 5A 30 10 31 0E 30 0C 06 03 55 133933Z0.1.0...U
00000160 04 03 14 05 53 31 5F 53 57 30 82 01 22 30 0D 06 ....S1_SW0‚."0..
00000170 09 2A 86 48 86 F7 0D 01 01 01 05 00 03 82 01 0F .*†H†÷.......‚..
00000180 00 30 82 01 0A 02 82 01 01 00 B4 2A 22 EE 88 E3 .0‚...‚...´*"î.ă
00000190 29 19 99 6E B8 2E 7D F5 5D 79 70 1C 80 1C 0E B7 ).™n¸.}ő]yp.€..·
000001A0 42 45 E8 23 45 9D 66 45 6E 88 50 B6 11 DF 6C 55 BEč#EťfEn.P¶.ßlU
000001B0 73 29 F3 E1 32 03 0F F0 92 EE F3 3D 0B 82 5D 51 s)óá2..đ’îó=.‚]Q
000001C0 5C 9D 8E 61 35 42 B7 EE FF 5B AB 70 B8 36 1A A9 \ťŽa5B·î˙[«p¸6.©
000001D0 55 42 B8 9C 9B EE CB 33 5D 7F FC BA 3E CA 8D 0B UB¸ś›îË3].üş>ĘŤ.
000001E0 A6 60 8D 81 82 B7 53 AD 91 66 5B 70 B7 B0 AE 12 ¦`Ť.‚·S*‘f[p·°®.
000001F0 FC A8 EC C1 34 58 7F 23 22 50 57 84 E4 81 C9 A0 ü¨ěÁ4X.#"PW„ä.É
00000200 0B 30 D9 F0 18 73 57 6B AC 64 51 61 DA 2E 55 48 .0Ůđ.sWk¬dQaÚ.UH
00000210 2C 0F A3 85 28 B1 01 D3 0E 1B DA C6 29 40 77 8A ,.Ł…(±.Ó..ÚĆ)@wŠ
00000220 36 0E 50 8F 48 1E F4 3D 73 60 14 52 C7 A6 73 56 6.PŹH.ô=s`.RǦsV
00000230 78 56 58 E8 2F B0 12 76 20 FD C3 E7 D3 A6 E5 5B xVXč/°.v ýĂçÓ¦ĺ[
00000240 2B 84 1F 9C 9C E1 1D 9F 3A 58 07 BA C2 96 08 97 +„.śśá.ź:X.şÂ–.—
00000250 00 54 76 7F A3 1B AE 33 6A FE BF 58 CC 3A E0 23 .Tv.Ł.®3jţżXĚ:ŕ#
00000260 B0 C2 C0 8E 42 D7 AF A5 56 D9 66 23 A4 B1 2B C7 °ÂŔŽBׯĄVŮf#¤±+Ç
00000270 BF 44 FA 91 37 A8 24 09 E8 0F 65 6B 8C 50 DB CC żDú‘7¨$.č.ekŚPŰĚ
00000280 0F B4 A5 F6 83 DB 5A 26 FF 6F 02 03 01 00 01 A3 .´Ąö.ŰZ&˙o.....Ł
00000290 19 30 17 30 0A 06 03 55 04 05 04 03 02 01 01 30 .0.0...U.......0
000002A0 09 06 03 55 1D 13 04 02 30 00 30 0D 06 09 2A 86 ...U....0.0...*†
000002B0 48 86 F7 0D 01 01 0B 05 00 03 82 01 01 00 A5 C7 H†÷.......‚...ĄÇ
000002C0 B1 A5 30 75 EA 27 57 DB 23 55 34 1C E9 1A 50 BD ±Ą0uę'WŰ#U4.é.P˝
000002D0 64 B0 53 9F 86 BC 72 C5 89 9F 5F DD 1A C0 4C ED d°Sź†Ľrʼnź_Ý.ŔLí
000002E0 81 A7 B3 9C D8 89 F7 0A 7C 26 7E F6 67 8E F1 C0 .§łśŘ‰÷.|&~ögŽńŔ
000002F0 E9 A0 63 0E 42 32 F9 C6 FF C2 4B 4C 93 7E 4A 27 é c.B2ůĆ˙ÂKL“~J'
00000300 EF 5B CF 22 04 B8 31 28 C5 B7 73 5E 36 BC D0 A3 ď[Ď".¸1(Ĺ·s^6ĽĐŁ
00000310 CB 53 C2 D8 88 5B 7F 78 1B E6 B2 F5 9B 9B 25 9E ËSÂŘ.[.x.ć˛ő››%ž
00000320 F5 93 B5 92 13 44 D5 C0 30 7D B7 4B 4A 00 4E CB ő“µ’.DŐŔ0}·KJ.NË
00000330 12 4A 91 AE 79 F1 64 64 51 8A D7 A3 89 5A AC AC .J‘®yńddQŠ×Ł‰Z¬¬
00000340 BD EC 82 62 7B 26 48 AB FC 54 CB EC D0 8D C9 E2 ˝ě‚b{&H«üTËěĐŤÉâ
00000350 A5 D0 FF 9A ED E0 36 5F 71 25 E5 6D 3B 65 ED D9 ĄĐ˙šíŕ6_q%ĺm;eíŮ
00000360 35 FB D8 94 E6 DD 14 C8 DA 97 08 C7 B7 93 2F EC 5űŘ”ćÝ.ČÚ—.Ç·“/ě
00000370 C4 8C DA 30 59 68 14 8B EF DA E0 34 5C E1 24 41 ÄŚÚ0Yh.‹ďÚŕ4\á$A
00000380 3A 40 7C 51 60 C3 6B B6 A3 F4 DE 39 D3 D4 F5 60 :@|Q`Ăk¶ŁôŢ9ÓÔő`
00000390 C9 EB 09 64 36 5E 12 71 ED 6C C0 53 BF 58 28 8E Éë.d6^.qílŔSżX(Ž
000003A0 16 D5 68 24 1C 48 F8 A9 11 FF C6 0A 41 3A 02 23 .Őh$.Hř©.˙Ć.A:.#
000003B0 37 A9 E7 9F C5 61 2E B5 49 D3 B4 B5 73 A9 02 01 7©çźĹa.µIÓ´µs©..
000003C0 00 51 0B DB 77 B1 72 81 F9 B4 04 74 EE DE 1C 32 .Q.Űw±r.ů´.tîŢ.2
000003D0 CD 98 22 05 27 35 83 0D 50 61 B3 34 3A 04 AB CF Í.".'5..Pał4:.«Ď
000003E0 25 CD 25 76 86 A9 4F EA AA D6 5A 83 3A 77 09 9B %Í%v†©OęŞÖZ.:w.›
000003F0 F7 D0 E5 27 28 83 20 4A A1 DD 88 E4 3C 69 12 CE ÷Đĺ'(. JˇÝ.ä<i.Î
00000400 1E C1 69 24 92 C7 91 C9 2F 12 56 98 B4 05 4A B2 .Ái$’Ç‘É/.V.´.J˛
00000410 38 E0 9A C2 EC ED 4C CB F6 9C 53 F7 4E 3F D0 F6 8ŕšÂěíLËöśS÷N?Đö
00000420 CB EF D2 7C B1 C8 A3 AC B1 5D 65 DA AE 8E 50 15 ËďŇ|±ČŁ¬±]eÚ®ŽP.
00000430 31 13 7C 78 56 5C 3E FC 3F 3D ED EF 12 24 20 A4 1.|xV\>ü?=íď.$ ¤
00000440 FF C6 76 21 D7 03 D7 85 5A EE 0D 53 D7 CD 0A 02 ˙Ćv!×.×…Zî.S×Í..
00000450 E7 0A F0 8D DB CC 58 8B 51 CD 85 A2 18 A3 90 D2 ç.đŤŰĚX‹QÍ…˘.Ł.Ň
00000460 5F 93 7A 71 81 B0 14 C5 B5 B4 77 CC BD D8 65 F2 _“zq.°.ŵ´wĚ˝Řeň
00000470 4C B8 4E D7 ED FA 01 C4 C2 D1 39 5D 95 D1 26 C5 L¸N×íú.ÄÂŃ9]•Ń&Ĺ
00000480 4E EB 22 48 03 BE 05 42 F6 48 46 8D E9 85 D6 1A Në"H.ľ.BöHFŤé…Ö.
00000490 12 0B E6 8B 33 85 7B CD F2 AA 6E 5E 21 84 27 12 ..ć‹3…{ÍňŞn^!„'.
000004A0 4F F3 F7 55 FE 4F 33 1D BE C2 15 61 D7 F5 00 E0 Oó÷UţO3.ľÂ.a×ő.ŕ
000004B0 D6 8B 55 61 6B AA B6 C8 7D 23 4F 73 05 92 3C 6F Ö‹Uak޶Č}#Os.’<o
000004C0 AD D2 F1 06 11 8B 00 00 00 00 00 00 00 00 00 00 *Ňń..‹..........[/COLOR]
000004D0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Than you can hex compare stock kernel.elf and generated kernel.elf and you can see its ~the_same
And finaly revert these elf to sin by command:
./bin2sin kernel.elf 030000002200000000D0000000800000
The files in the first post have been corrected whit battery drain issue?
Yes, its generated propertly!
Hi,
could you please tell me were exactly you see the battery drain with ALL Custom Kernels you are revering too?
You are the first to complain about battery drains with my kernel.....
further it would mean that the championswimmer Android Kernel Kitchen would be wrong, this would have a impact on Xperia U/P/Go when generating the elf files whit the mkelf script from Sony, this would imply that all Xperia phones have that battery drain you are talking about....
python mkelf.py -o kernel.elf [email protected] [email protected],ramdisk
taken from here:
https://github.com/championswimmer/kernel-tools/blob/master/edit-kernel/elf/mk/P-gb
could you comment....?
and if there is really a battery drain issue why don't you get in touch with the makers of the Custom kernel, so that i would be able to fix it for all who are using this Custom Kernel?
many thanks, waiting for you feedback..
munjeni said:
Hallo, I found that every custom boot image for Xperia GO is not property packed, have wrong defined memory offset for unpacking to memory and cause big battery drain so I generated proper boot image with right memory offset for unpacking with included all 3 files inside (kernel, ramdisk and elf.3), unsecured and in SIN format + my version of the CWM recovery! Here is tutorial how to propertly root your Xperia Go!
Before you going to install this "pack" you need to unlock your bootloader!
After unlocking bootloader procedure for installing boot image and root tools is:
install boot image:
fastboot flash boot kernel.sin
install root tools:
adb remount
adb push su /system/xbin/
adb push busybox /system/xbin/
adb install Superuser.apk
adb shell
cd /system/xbin
chmod 6755 su
chmod 6755 busybox
/system/xbin/busybox --install -s /system/xbin/
Than you are done! Just last step you need to do:
establish internet connection on your phone
go to aplications
run superuser
under superuser menu click to "tap to ckeck for updates" (see picture http://img52.imageshack.us/img52/2097/screenshot201209151603.png) and update your super user... make sure to give and "remember" permision for superuser app!
Done! Enjoy!
Kernel source:
I have no source! I used prebuilt stock kernel from firmware 6.0.B.3.184CE
Click to expand...
Click to collapse
krachlatte said:
You are the first to complain about battery drains with my kernel.....
python mkelf.py -o kernel.elf [email protected] [email protected],ramdisk
taken from here:
https://github.com/championswimmer/kernel-tools/blob/master/edit-kernel/elf/mk/P-gb
could you comment....?
Click to expand...
Click to collapse
I not complain sorry, thats my experience using your boot image... trust me!
python mkelf.py -o kernel.elf [email protected] [email protected],ramdisk
is wrong! Right command is:
python mkelf.py -o kernel.elf [email protected] [email protected],ramdisk
Read here tutorial how to pack propertly your boot image -> http://forum.xda-developers.com/showpost.php?p=31954337&postcount=9 if you not trusting me than realy sorry! Kernel base is not 0x00200000, kernel base is 0x8000... disasemble stock bootimage and you will see! And yes, his kernel kitchen is wrong! You can let him?
You can allso unpack stock kernel and repack it back using right command + my tutorial provided here and you will see in hex comparation thats the same, so its 100% right!
Hallo,
I followed krachlattes root tutorial and have no battery drainage problem.
Greetings
I have 2 xperia go phones, and first I flashed kernel whit krachlatte tutorial. and batary dident last long. now I flashed munjeni kernel and my batary lives longer I can confirm. I have 2 xperia go phones, and it realy works!
olkawe said:
Hallo,
I followed krachlattes root tutorial and have no battery drainage problem.
Greetings
Click to expand...
Click to collapse
Well, charge your phone tonight to 90% for example, type this in your phone number #*#*4636*#*# ,go to battery menu, remebmer battery voltage in mV, than do not touch your phone untill morning, than use your phone and see battery voltage in mV? If battery voltage is the same like yesterday than all is ok, if not than there is battery drain! Than install boot image provided in my post and do the same tests and let me know diference! Again, I am not here to complain! I am here to help! I'm not here for competing with anyone, I am here to share my things with you! If this CWM recovery is usefull to all you than you guys can press thanks, if not than nothing. If you have some questions about recovery, if you found some tests, if you found some bugs... than please let me know! This thread is not for complaining, this thread is for all your experiences about my CWM recovery! Kernel is stock Sony kernel so kernel is not important at this moment, I need only your experience about CWM ! New features in recovery coming soon so I waiting more tests from you and your experience!
What tool you need in next recovery? Give me idea!
Hallo,
I can not confirm battery drain. Yesterday at 9pm 4094mV, this morning 6am 4096mV.
I don't know what this means to you and krachlatte.
Greetings
ok, maybe you have no battery drain but I can confirm I had battery drain and Kala123 had allso... I don't know why you have no battery drain or why Kala123 and me had... but please, this is not theme, please lets back to the recovery... thanks!
munjeni said:
ok, maybe you have no battery drain but I can confirm I had battery drain and Kala123 had allso... I don't know why you have no battery drain or why Kala123 and me had... but please, this is not theme, please lets back to the recovery... thanks!
Click to expand...
Click to collapse
I dont need to check any settings to confirm battery drain, i can see it in %, but tbh i think it is a problem with how the governor smartass v2 runs on the phone and not stock settings and governor.
munjeni said:
Kernel is stock Sony kernel so kernel is not important at this moment, I need only your experience about CWM !
Click to expand...
Click to collapse
I would love to give your CWM a go, but I'm afraid I need the features that Krachlatte's kernel provides over yours, particularly iptables support and (not a must, but nice to have) additional governors (smartass2).
So my first request would be to provide a possibility of installing your recovery without your kernel (if that's possible at all).
Thanks a bunch!
Lebenita
Hello guys,
Since yesterday my g5 is blocked:
a message that the system was corompu appeared, so I wanted to put my re G5 zero except that it is not recognized by LGUP while he is detect by LG MOBILE SUPPORT TOOL and LG Bridge which does not start a recovery.
Do you have an idea ?
PS: I am french and translation through google sorry for spelling.
There's a reason of this bootlop and corrupted system?
Install the right driver for LGUP, it seems impossible that it's not recognized.
Erario said:
There's a reason of this bootlop and corrupted system?
Install the right driver for LGUP, it seems impossible that it's not recognized.
Click to expand...
Click to collapse
The reason comes from the fact bootloop of modifying the build.prop; I have yet resataure the file via a backup that I had done beforehand.
Since the message of corompu system over any access TWRP it was replaced by the original one.
Normally all the drivers are installed jai installed:
LGH850_DLL.msi
LGUP_Lab_Frame_Ver_1_11.msi
LGMobileDriver_WHQL_Ver_4.0.4.exe
LOG LG UP
[12:19:32] Start Find Available USB Port
[12:19:32] Find 0 Port de communication (COM1)
[12:19:32] Find 1 LGE AndroidNet USB Serial Port (COM41)
[12:19:32] CBasicComControl:pen, the port(COM 41) is constructed successfully => HANDLE : 0x2bc
[12:19:32] CPort:penPort() Success. Port number is 41
[12:19:32] [T000003] 41 54 0D AT.
[12:19:33] CBasicCom::SendRecvPacket, PACKET_ERROR code = 1460 Msg => [12:19:33] [T000005] EF 00 16 65 7E ...e.
[12:19:34] [R000007] EF 00 00 05 00 AD 7E .......
[12:19:34] ---------------------------------------------------------------------------------
[12:19:34] SubProcess Name : NoOperationCmd
[12:19:34] [T000004] 06 4E 95 7E .N..
[12:19:35] [R000004] 02 6A D3 7E .j..
[12:19:35] [T000005] EF 00 16 65 7E ...e.
[12:19:36] [R000007] EF 00 00 05 00 AD 7E .......
[12:19:36] [T000005] EF A0 1C C0 7E .....
[12:19:37] [R000150] EF A0 00 00 00 00 00 4C 47 2D 48 38 35 30 00 00 00 55 6E 6B 6E 6F 77 6E 00 00 00 00 00 00 00 00 .......LG-H850...Unknown........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 33 35 37 36 35 37 30 37 31 31 36 36 38 34 33 00 ................357657071166843.
00 00 00 00 64 1E 41 6E 64 72 6F 69 64 00 00 00 55 6E 6B 6E 6F 77 6E 00 00 00 00 00 00 00 00 00 ....d.Android...Unknown.........
00 00 00 00 00 00 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 31 63 6F 6D 6D ...........................1comm
6F 6E 00 00 77 4F 50 45 30 00 00 00 00 00 00 00 00 00 00 0F 40 7E [email protected]
[12:19:37] CComPort::ClosePort, Closed Port Successfully for COM 41
[12:19:37] CBasicComControl::Close, the port(COM41) is closed successfully
[12:19:37] ==> COM41 is detected
[12:19:37] ModelListManager is initialized
[12:19:52] CBasicComControl::IsConnected, the port(COM41) connection is not detected
Click to expand...
Click to collapse
Hi all,
I have a Redmi Note 3 Special Edition (KATE) using MIUI 8 global 7.1.19 | Beta (6.0.1 MMB29M)
and I'm trying to unlock it using the official metod but, as I see it on a loot of cases, it is stuck at 50%.
I tried to follow a lot of threads (including unofficial method), but nothing works.
Now I'm using a USB sniffer (h**p://freeusbanalyzer.com/) (this is a free one, but any usb sniffing tool could be enough) and I watch what happen between MiUnlock tool (MiFlashUnlock_1.1.0317.1_en) and my phone.
this is the log:
Code:
000000: PnP Event: Device Connected (UP), 2017-02-05 09:50:43,9853586 (1. Device: Android Bootloader Interface)
The USB device has just been connected to the system.
000001: Get Descriptor Request (DOWN), 2017-02-05 09:50:54,4340120 +10,4486485 (1. Device: Android Bootloader Interface)
Descriptor Type: String
Descriptor Index: 0x3
Transfer Buffer Size: 0x40 bytes
LanguageId: 0x409
000002: Control Transfer (UP), 2017-02-05 09:50:54,4352269 +0,0012149. (1. Device: Android Bootloader Interface) Status: 0x00000000
Pipe Handle: Control Pipe
12 03 63 00 38 00 37 00 63 00 31 00 34 00 37 00 ..c.8.7.c.1.4.7.
34 00 4.
Setup Packet
80 06 03 03 09 04 40 00 €[email protected]
Recipient: Device
Request Type: Standard
Direction: Device->Host
Request: 0x6 (GET_DESCRIPTOR)
Value: 0x303
Index: 0x409
Length: 0x40
000003: Bulk or Interrupt Transfer (DOWN), 2017-02-05 09:50:54,4353628 +0,0001359 (1. Device: Android Bootloader Interface)
Pipe Handle: 0x9feaba34 (Endpoint Address: 0x1)
Send 0xe bytes to the device
67 65 74 76 61 72 3A 70 72 6F 64 75 63 74 getvar:product
000006: Bulk or Interrupt Transfer (UP), 2017-02-05 09:50:54,4362125 +0,0006771. (1. Device: Android Bootloader Interface) Status: 0x00000000
Pipe Handle: 0x9feaba14 (Endpoint Address: 0x81)
Get 0x8 bytes from the device
4F 4B 41 59 6B 61 74 65 OKAYkate
000007: Get Descriptor Request (DOWN), 2017-02-05 09:50:54,5170053 +0,0807928 (1. Device: Android Bootloader Interface)
Descriptor Type: String
Descriptor Index: 0x3
Transfer Buffer Size: 0x40 bytes
LanguageId: 0x409
000008: Control Transfer (UP), 2017-02-05 09:50:54,5182476 +0,0012423. (1. Device: Android Bootloader Interface) Status: 0x00000000
Pipe Handle: Control Pipe
12 03 63 00 38 00 37 00 63 00 31 00 34 00 37 00 ..c.8.7.c.1.4.7.
34 00 4.
Setup Packet
80 06 03 03 09 04 40 00 €[email protected]
Recipient: Device
Request Type: Standard
Direction: Device->Host
Request: 0x6 (GET_DESCRIPTOR)
Value: 0x303
Index: 0x409
Length: 0x40
000009: Bulk or Interrupt Transfer (DOWN), 2017-02-05 09:50:54,5183864 +0,0001388 (1. Device: Android Bootloader Interface)
Pipe Handle: 0x9feaba34 (Endpoint Address: 0x1)
Send 0xd bytes to the device
67 65 74 76 61 72 3A 73 6F 63 2D 69 64 getvar:soc-id
000012: Bulk or Interrupt Transfer (UP), 2017-02-05 09:50:54,5192327 +0,0005505. (1. Device: Android Bootloader Interface) Status: 0x00000000
Pipe Handle: 0x9feaba14 (Endpoint Address: 0x81)
Get 0x4 bytes from the device
4F 4B 41 59 OKAY
000013: Get Descriptor Request (DOWN), 2017-02-05 09:50:54,5861826 +0,0669499 (1. Device: Android Bootloader Interface)
Descriptor Type: String
Descriptor Index: 0x3
Transfer Buffer Size: 0x40 bytes
LanguageId: 0x409
000014: Control Transfer (UP), 2017-02-05 09:50:54,5873706 +0,0011880. (1. Device: Android Bootloader Interface) Status: 0x00000000
Pipe Handle: Control Pipe
12 03 63 00 38 00 37 00 63 00 31 00 34 00 37 00 ..c.8.7.c.1.4.7.
34 00 4.
Setup Packet
80 06 03 03 09 04 40 00 €[email protected]
Recipient: Device
Request Type: Standard
Direction: Device->Host
Request: 0x6 (GET_DESCRIPTOR)
Value: 0x303
Index: 0x409
Length: 0x40
000015: Bulk or Interrupt Transfer (DOWN), 2017-02-05 09:50:54,5875075 +0,0001369 (1. Device: Android Bootloader Interface)
Pipe Handle: 0x9feaba34 (Endpoint Address: 0x1)
Send 0xd bytes to the device
67 65 74 76 61 72 3A 73 6F 63 5F 69 64 getvar:soc_id
000018: Bulk or Interrupt Transfer (UP), 2017-02-05 09:50:54,5883543 +0,0006893. (1. Device: Android Bootloader Interface) Status: 0x00000000
Pipe Handle: 0x9feaba14 (Endpoint Address: 0x81)
Get 0x4 bytes from the device
4F 4B 41 59 OKAY
000019: Get Descriptor Request (DOWN), 2017-02-05 09:50:54,6663795 +0,0780252 (1. Device: Android Bootloader Interface)
Descriptor Type: String
Descriptor Index: 0x3
Transfer Buffer Size: 0x40 bytes
LanguageId: 0x409
000020: Control Transfer (UP), 2017-02-05 09:50:54,6676384 +0,0012589. (1. Device: Android Bootloader Interface) Status: 0x00000000
Pipe Handle: Control Pipe
12 03 63 00 38 00 37 00 63 00 31 00 34 00 37 00 ..c.8.7.c.1.4.7.
34 00 4.
Setup Packet
80 06 03 03 09 04 40 00 €[email protected]
Recipient: Device
Request Type: Standard
Direction: Device->Host
Request: 0x6 (GET_DESCRIPTOR)
Value: 0x303
Index: 0x409
Length: 0x40
000021: Bulk or Interrupt Transfer (DOWN), 2017-02-05 09:50:54,6677675 +0,0001291 (1. Device: Android Bootloader Interface)
Pipe Handle: 0x9feaba34 (Endpoint Address: 0x1)
Send 0x14 bytes to the device
67 65 74 76 61 72 3A 62 6F 61 72 64 5F 76 65 72 getvar:board_ver
73 69 6F 6E sion
000024: Bulk or Interrupt Transfer (UP), 2017-02-05 09:50:54,6686480 +0,0007040. (1. Device: Android Bootloader Interface) Status: 0x00000000
Pipe Handle: 0x9feaba14 (Endpoint Address: 0x81)
Get 0x4 bytes from the device
4F 4B 41 59 OKAY
000025: Get Descriptor Request (DOWN), 2017-02-05 09:51:54,3349831 +59,6663351 (1. Device: Android Bootloader Interface)
Descriptor Type: String
Descriptor Index: 0x3
Transfer Buffer Size: 0x40 bytes
LanguageId: 0x409
000026: Control Transfer (UP), 2017-02-05 09:51:54,3362591 +0,0012760. (1. Device: Android Bootloader Interface) Status: 0x00000000
Pipe Handle: Control Pipe
12 03 63 00 38 00 37 00 63 00 31 00 34 00 37 00 ..c.8.7.c.1.4.7.
34 00 4.
Setup Packet
80 06 03 03 09 04 40 00 €[email protected]
Recipient: Device
Request Type: Standard
Direction: Device->Host
Request: 0x6 (GET_DESCRIPTOR)
Value: 0x303
Index: 0x409
Length: 0x40
000027: Bulk or Interrupt Transfer (DOWN), 2017-02-05 09:51:54,3366136 +0,0003545 (1. Device: Android Bootloader Interface)
Pipe Handle: 0x9feaba34 (Endpoint Address: 0x1)
Send 0x7 bytes to the device
6F 65 6D 20 6C 6B 73 oem lks
000030: Bulk or Interrupt Transfer (UP), 2017-02-05 09:51:54,3374902 +0,0001624. (1. Device: Android Bootloader Interface) Status: 0x00000000
Pipe Handle: 0x9feaba14 (Endpoint Address: 0x81)
Get 0x13 bytes from the device
46 41 49 4C 75 6E 6B 6E 6F 77 6E 20 63 6F 6D 6D FAILunknown comm
61 6E 64 and
000031: Get Descriptor Request (DOWN), 2017-02-05 09:51:54,4131364 +0,0756462 (1. Device: Android Bootloader Interface)
Descriptor Type: String
Descriptor Index: 0x3
Transfer Buffer Size: 0x40 bytes
LanguageId: 0x409
000032: Control Transfer (UP), 2017-02-05 09:51:54,4143474 +0,0012110. (1. Device: Android Bootloader Interface) Status: 0x00000000
Pipe Handle: Control Pipe
12 03 63 00 38 00 37 00 63 00 31 00 34 00 37 00 ..c.8.7.c.1.4.7.
34 00 4.
Setup Packet
80 06 03 03 09 04 40 00 €[email protected]
Recipient: Device
Request Type: Standard
Direction: Device->Host
Request: 0x6 (GET_DESCRIPTOR)
Value: 0x303
Index: 0x409
Length: 0x40
000033: Bulk or Interrupt Transfer (DOWN), 2017-02-05 09:51:54,4144867 +0,0001393 (1. Device: Android Bootloader Interface)
Pipe Handle: 0x9feaba34 (Endpoint Address: 0x1)
Send 0xf bytes to the device
6F 65 6D 20 64 65 76 69 63 65 2D 69 6E 66 6F oem device-info
000036: Bulk or Interrupt Transfer (UP), 2017-02-05 09:51:54,4153437 +0,0006957. (1. Device: Android Bootloader Interface) Status: 0x00000000
Pipe Handle: 0x9feaba14 (Endpoint Address: 0x81)
Get 0x1b bytes from the device
49 4E 46 4F 09 44 65 76 69 63 65 20 74 61 6D 70 INFO.Device tamp
65 72 65 64 3A 20 66 61 6C 73 65 ered: false
000038: Bulk or Interrupt Transfer (UP), 2017-02-05 09:51:54,4163381 +0,0009279. (1. Device: Android Bootloader Interface) Status: 0x00000000
Pipe Handle: 0x9feaba14 (Endpoint Address: 0x81)
Get 0x1b bytes from the device
49 4E 46 4F 09 44 65 76 69 63 65 20 75 6E 6C 6F INFO.Device unlo
63 6B 65 64 3A 20 66 61 6C 73 65 cked: false
000040: Bulk or Interrupt Transfer (UP), 2017-02-05 09:51:54,4173369 +0,0009572. (1. Device: Android Bootloader Interface) Status: 0x00000000
Pipe Handle: 0x9feaba14 (Endpoint Address: 0x81)
Get 0x24 bytes from the device
49 4E 46 4F 09 44 65 76 69 63 65 20 63 72 69 74 INFO.Device crit
69 63 61 6C 20 75 6E 6C 6F 63 6B 65 64 3A 20 66 ical unlocked: f
61 6C 73 65 alse
000042: Bulk or Interrupt Transfer (UP), 2017-02-05 09:51:54,4183362 +0,0009577. (1. Device: Android Bootloader Interface) Status: 0x00000000
Pipe Handle: 0x9feaba14 (Endpoint Address: 0x81)
Get 0x21 bytes from the device
49 4E 46 4F 09 43 68 61 72 67 65 72 20 73 63 72 INFO.Charger scr
65 65 6E 20 65 6E 61 62 6C 65 64 3A 20 74 72 75 een enabled: tru
65 e
000044: Bulk or Interrupt Transfer (UP), 2017-02-05 09:51:54,4193375 +0,0009602. (1. Device: Android Bootloader Interface) Status: 0x00000000
Pipe Handle: 0x9feaba14 (Endpoint Address: 0x81)
Get 0x14 bytes from the device
49 4E 46 4F 09 44 69 73 70 6C 61 79 20 70 61 6E INFO.Display pan
65 6C 3A 20 el:
000046: Bulk or Interrupt Transfer (UP), 2017-02-05 09:51:54,4203363 +0,0009568. (1. Device: Android Bootloader Interface) Status: 0x00000000
Pipe Handle: 0x9feaba14 (Endpoint Address: 0x81)
Get 0x4 bytes from the device
4F 4B 41 59 OKAY
000047: Get Descriptor Request (DOWN), 2017-02-05 09:51:54,4849557 +0,0646194 (1. Device: Android Bootloader Interface)
Descriptor Type: String
Descriptor Index: 0x3
Transfer Buffer Size: 0x40 bytes
LanguageId: 0x409
000048: Control Transfer (UP), 2017-02-05 09:51:54,4861066 +0,0011509. (1. Device: Android Bootloader Interface) Status: 0x00000000
Pipe Handle: Control Pipe
12 03 63 00 38 00 37 00 63 00 31 00 34 00 37 00 ..c.8.7.c.1.4.7.
34 00 4.
Setup Packet
80 06 03 03 09 04 40 00 €[email protected]
Recipient: Device
Request Type: Standard
Direction: Device->Host
Request: 0x6 (GET_DESCRIPTOR)
Value: 0x303
Index: 0x409
Length: 0x40
000049: Bulk or Interrupt Transfer (DOWN), 2017-02-05 09:51:54,4862122 +0,0001056 (1. Device: Android Bootloader Interface)
Pipe Handle: 0x9feaba34 (Endpoint Address: 0x1)
Send 0xc bytes to the device
67 65 74 76 61 72 3A 74 6F 6B 65 6E getvar:token
000052: Bulk or Interrupt Transfer (UP), 2017-02-05 09:51:54,4870975 +0,0006893. (1. Device: Android Bootloader Interface) Status: 0x00000000
Pipe Handle: 0x9feaba14 (Endpoint Address: 0x81)
Get 0x1c bytes from the device
4F 4B 41 59 45 44 71 49 31 37 50 42 51 6F 7A 4B OKAYEDqI17PBQozK
74 50 61 6B 77 7A 36 38 42 41 59 6F tPakwz68BAYo
Now I see that the oem lks command is failing with unknown command
6F 65 6D 20 6C 6B 73 oem lks
000030: Bulk or Interrupt Transfer (UP), 2017-02-05 09:51:54,3374902 +0,0001624. (1. Device: Android Bootloader Interface) Status: 0x00000000
Pipe Handle: 0x9feaba14 (Endpoint Address: 0x81)
Get 0x13 bytes from the device
46 41 49 4C 75 6E 6B 6E 6F 77 6E 20 63 6F 6D 6D FAILunknown comm
Is somebody else who tried to sniff the USB communication between Mi Unlock tool and the phone?
If your OFFICIAL unlock process is working, can you please post a log of your sniff? Maybe we can find the true commands that can unlock the phone without any permissions/ rights.
Do you know what the oem lks command is doing?