Uid and permissions - XPERIA X10 Android Development
Hi,
Quick question, as root shouldn't I have. UID 0? I'm worried that something's wrong, I appear to have full access to files etc but not true root. My UID in the root shell is 10143 and even if that gives access to most stuff Im still not rooted.
Any ideas?
Cheers
Sent from my SO-01B using XDA App
ddewbofh said:
Hi,
Quick question, as root shouldn't I have. UID 0? I'm worried that something's wrong, I appear to have full access to files etc but not true root. My UID in the root shell is 10143 and even if that gives access to most stuff Im still not rooted.
Any ideas?
Cheers
Sent from my SO-01B using XDA App
Click to expand...
Click to collapse
Scratching my head currently to figure out the same
well it seems that this method of root messes with the sh binary installed under /system/bin/ so that it launches as user root. It doesn't seem to be the case like a normal linux box you would expect.
Also wondering whats the purpose of the su binary installed at step 4. Most probably to be able to run any command with super user privileges... but doesn't seem to work that way.
For example when I execute su /system/bin/sh, I get:
/system/bin/sh: 1: Syntax error: word unexpected (expecting ")")
Still trying to figure out whats going on...
j4mm3r said:
Scratching my head currently to figure out the same
well it seems that this method of root messes with the sh binary installed under /system/bin/ so that it launches as user root. It doesn't seem to be the case like a normal linux box you would expect.
Also wondering whats the purpose of the su binary installed at step 4. Most probably to be able to run any command with super user privileges... but doesn't seem to work that way.
For example when I execute su /system/bin/sh, I get:
/system/bin/sh: 1: Syntax error: word unexpected (expecting ")")
Still trying to figure out whats going on...
Click to expand...
Click to collapse
In my case not having UID 0 wrecks havoc with some apps.
I'll try reflashing one more time but so far it looks more like the system's been modified to appear rooted rather than actually being rooted.
ddewbofh said:
In my case not having UID 0 wrecks havoc with some apps.
I'll try reflashing one more time but so far it looks more like the system's been modified to appear rooted rather than actually being rooted.
Click to expand...
Click to collapse
oh no its rooted allright... otherwise there is no way that you could write to the /system file system.
Its just that its rather unconventional. Further more I'm beginning to get concerned about controlling the root access. I mean there are references to Superuser Whitelist applications which can alert when an app tries to request root access.
Till now my attempt to download an install "Superuser Whitelist" from the market has failed because that wants to install itself with the same user id as Android System, but its apk isnt signed with the same signature, so the system rejects the installation.
Trying to find alternatives... any help guys?
j4mm3r said:
oh no its rooted allright... otherwise there is no way that you could write to the /system file system.
Its just that its rather unconventional. Further more I'm beginning to get concerned about controlling the root access. I mean there are references to Superuser Whitelist applications which can alert when an app tries to request root access.
Till now my attempt to download an install "Superuser Whitelist" from the market has failed because that wants to install itself with the same user id as Android System, but its apk isnt signed with the same signature, so the system rejects the installation.
Trying to find alternatives... any help guys?
Click to expand...
Click to collapse
It's not rooted, it's been compromised. Only if you have a proper root (aka UID 0) you can call it rooted.
And the fun continues, if I start up the adb shell I'm still logged on as the shell user with an uid of 2000. Egad!
Yeah, it's definite. We're not rooted. We have better access to system files but it's not a root, not by a long shot.
Same here. Could it be an issue with busybox?
same with mine.. so does this mean that some of us don't have it rooted? or that the original devs were wrong when they said they rooted it?
if it's the first, i'll just try again..
instigator008 said:
Same here. Could it be an issue with busybox?
Click to expand...
Click to collapse
I have no idea, but it's annoying to not have access to the init scripts. :/
ddewbofh said:
I have no idea, but it's annoying to not have access to the init scripts. :/
Click to expand...
Click to collapse
errr... why not the init scripts? you can modify any file that you want. I'm still checking the issue with the id.
I ran strace on a binary and basically its the egid which is 0 so.
Code:
# strace id
strace id
execve("/system/bin/id", ["id"], [/* 8 vars */]) = 0
syscall_983045(0x700189fc, 0, 0x7ee18da4, 0x1, 0x700189fc, 0x7ee18da0, 0x70010448, 0xf0005, 0, 0, 0, 0, 0, 0x7ee18d48, 0x700016e9, 0x7000222c, 0x10, 0x700189fc, 0, 0, 0xc764, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0) = 0
getpid() = 6507
sigaction(SIGILL, {0x70001c95, [], SA_RESTART}, {SIG_DFL}, 0) = 0
sigaction(SIGABRT, {0x70001c95, [], SA_RESTART}, {SIG_DFL}, 0) = 0
sigaction(SIGBUS, {0x70001c95, [], SA_RESTART}, {SIG_DFL}, 0) = 0
sigaction(SIGFPE, {0x70001c95, [], SA_RESTART}, {SIG_DFL}, 0) = 0
sigaction(SIGSEGV, {0x70001c95, [], SA_RESTART}, {SIG_DFL}, 0) = 0
sigaction(SIGSTKFLT, {0x70001c95, [], SA_RESTART}, {SIG_DFL}, 0) = 0
sigaction(SIGPIPE, {0x70001c95, [], SA_RESTART}, {SIG_DFL}, 0) = 0
stat64("/system/lib/liblog.so", {st_mode=S_IFREG|0644, st_size=13488, ...}) = 0
open("/system/lib/liblog.so", O_RDONLY|O_LARGEFILE) = 3
lseek(3, 0, SEEK_SET) = 0
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0\f\20\0\000"..., 4096) = 4096
lseek(3, -8, SEEK_END) = 13480
read(3, "\0\0\274oPRE ", 8) = 8
mmap2(0x6fbc0000, 16384, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x6fbc0000
mmap2(0x6fbc0000, 10724, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED, 3, 0) = 0x6fbc0000
mprotect(0x6fbc0000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC) = 0
mmap2(0x6fbc3000, 368, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0x3) = 0x6fbc3000
close(3) = 0
stat64("/system/lib/libc.so", {st_mode=S_IFREG|0644, st_size=243988, ...}) = 0
open("/system/lib/libc.so", O_RDONLY|O_LARGEFILE) = 3
lseek(3, 0, SEEK_SET) = 0
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0\320\242"..., 4096) = 4096
lseek(3, -8, SEEK_END) = 243980
read(3, "\0\0\340oPRE ", 8) = 8
mmap2(0x6fe00000, 290816, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x6fe00000
mmap2(0x6fe00000, 230024, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED, 3, 0) = 0x6fe00000
mprotect(0x6fe00000, 233472, PROT_READ|PROT_WRITE|PROT_EXEC) = 0
mmap2(0x6fe39000, 8544, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0x39) = 0x6fe39000
mmap2(0x6fe3c000, 42280, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x6fe3c000
close(3) = 0
mprotect(0x6fe00000, 233472, PROT_READ|PROT_EXEC) = 0
getuid32() = 2000
geteuid32() = 0
open("/dev/null", O_RDWR|O_LARGEFILE) = 3
fcntl64(0, F_GETFL) = 0x2 (flags O_RDWR)
fcntl64(1, F_GETFL) = 0x2 (flags O_RDWR)
fcntl64(2, F_GETFL) = 0x2 (flags O_RDWR)
close(3) = 0
gettid() = 6507
syscall_983045(0x6fe43b10, 0, 0x40, 0, 0x6fe43c10, 0x7edf9000, 0x7ee18ba0, 0xf0005, 0, 0, 0, 0, 0, 0x7ee18b88, 0x6fe1fdc3, 0x6fe0d34c, 0x60000010, 0x6fe43b10, 0, 0, 0xc764, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0) = 0
mmap2(NULL, 131072, PROT_READ, MAP_SHARED, 9, 0) = 0x2aaab000
open("/dev/urandom", O_RDONLY|O_LARGEFILE) = 3
read(3, "\345\347\3004", 4) = 4
close(3) = 0
stat64("/system/lib/libstdc++.so", {st_mode=S_IFREG|0644, st_size=5124, ...}) = 0
open("/system/lib/libstdc++.so", O_RDONLY|O_LARGEFILE) = 3
lseek(3, 0, SEEK_SET) = 0
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0\234\10\0"..., 4096) = 4096
lseek(3, -8, SEEK_END) = 5116
read(3, "\0\0\320oPRE ", 8) = 8
mmap2(0x6fd00000, 8192, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x6fd00000
mmap2(0x6fd00000, 2860, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED, 3, 0) = 0x6fd00000
mprotect(0x6fd00000, 4096, PROT_READ|PROT_WRITE|PROT_EXEC) = 0
mmap2(0x6fd01000, 232, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0x1) = 0x6fd01000
close(3) = 0
mprotect(0x6fd00000, 4096, PROT_READ|PROT_EXEC) = 0
getuid32() = 2000
geteuid32() = 0
open("/dev/null", O_RDWR|O_LARGEFILE) = 3
fcntl64(0, F_GETFL) = 0x2 (flags O_RDWR)
fcntl64(1, F_GETFL) = 0x2 (flags O_RDWR)
fcntl64(2, F_GETFL) = 0x2 (flags O_RDWR)
close(3) = 0
stat64("/system/lib/libm.so", {st_mode=S_IFREG|0644, st_size=91056, ...}) = 0
open("/system/lib/libm.so", O_RDONLY|O_LARGEFILE) = 3
lseek(3, 0, SEEK_SET) = 0
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0\240\34\0"..., 4096) = 4096
lseek(3, -8, SEEK_END) = 91048
read(3, "\0\0\300oPRE ", 8) = 8
mmap2(0x6fc00000, 94208, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x6fc00000
mmap2(0x6fc00000, 88856, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED, 3, 0) = 0x6fc00000
mprotect(0x6fc00000, 90112, PROT_READ|PROT_WRITE|PROT_EXEC) = 0
mmap2(0x6fc16000, 204, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0x16) = 0x6fc16000
close(3) = 0
mprotect(0x6fc00000, 90112, PROT_READ|PROT_EXEC) = 0
getuid32() = 2000
geteuid32() = 0
open("/dev/null", O_RDWR|O_LARGEFILE) = 3
fcntl64(0, F_GETFL) = 0x2 (flags O_RDWR)
fcntl64(1, F_GETFL) = 0x2 (flags O_RDWR)
fcntl64(2, F_GETFL) = 0x2 (flags O_RDWR)
close(3) = 0
mprotect(0x6fbc0000, 12288, PROT_READ|PROT_EXEC) = 0
getuid32() = 2000
geteuid32() = 0
open("/dev/null", O_RDWR|O_LARGEFILE) = 3
fcntl64(0, F_GETFL) = 0x2 (flags O_RDWR)
fcntl64(1, F_GETFL) = 0x2 (flags O_RDWR)
fcntl64(2, F_GETFL) = 0x2 (flags O_RDWR)
close(3) = 0
stat64("/system/lib/libcutils.so", {st_mode=S_IFREG|0644, st_size=59308, ...}) = 0
open("/system/lib/libcutils.so", O_RDONLY|O_LARGEFILE) = 3
lseek(3, 0, SEEK_SET) = 0
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0\0001\0\000"..., 4096) = 4096
lseek(3, -8, SEEK_END) = 59300
read(3, "\0\0\260oPRE ", 8) = 8
mmap2(0x6fb00000, 122880, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x6fb00000
mmap2(0x6fb00000, 53584, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED, 3, 0) = 0x6fb00000
mprotect(0x6fb00000, 57344, PROT_READ|PROT_WRITE|PROT_EXEC) = 0
mmap2(0x6fb0e000, 1076, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0xe) = 0x6fb0e000
mmap2(0x6fb0f000, 57732, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x6fb0f000
close(3) = 0
mprotect(0x6fb00000, 57344, PROT_READ|PROT_EXEC) = 0
getuid32() = 2000
geteuid32() = 0
open("/dev/null", O_RDWR|O_LARGEFILE) = 3
fcntl64(0, F_GETFL) = 0x2 (flags O_RDWR)
fcntl64(1, F_GETFL) = 0x2 (flags O_RDWR)
fcntl64(2, F_GETFL) = 0x2 (flags O_RDWR)
close(3) = 0
mprotect(0x8000, 69632, PROT_READ|PROT_EXEC) = 0
getuid32() = 2000
geteuid32() = 0
open("/dev/null", O_RDWR|O_LARGEFILE) = 3
fcntl64(0, F_GETFL) = 0x2 (flags O_RDWR)
fcntl64(1, F_GETFL) = 0x2 (flags O_RDWR)
fcntl64(2, F_GETFL) = 0x2 (flags O_RDWR)
close(3) = 0
getgroups32(64, [1003, 1004, 1007, 1011, 1015, 3001, 3002, 3003]) = 8
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2aacb000
mprotect(0x2aacb000, 4096, PROT_READ) = 0
fstat64(1, {st_mode=S_IFCHR|0600, st_rdev=makedev(136, 1), ...}) = 0
brk(0) = 0x1e000
brk(0x1e000) = 0x1e000
brk(0x1f000) = 0x1f000
mprotect(0x2aacb000, 4096, PROT_READ|PROT_WRITE) = 0
mprotect(0x2aacb000, 4096, PROT_READ) = 0
ioctl(1, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon echo ...}) = 0
getuid32() = 2000
getgid32() = 2000
write(1, "uid=2000(shell) gid=2000(shell) "..., 145uid=2000(shell) gid=2000(shell) groups=1003(graphics),1004(input),1007(log),1011(adb),1015(sdcard_rw),3001(net_bt_admin),3002(net_bt),3003(inet)
) = 145
mprotect(0x2aacb000, 4096, PROT_READ|PROT_WRITE) = 0
mprotect(0x2aacb000, 4096, PROT_READ) = 0
munmap(0x2aacb000, 4096) = 0
exit_group(0) = ?
Process 6507 detached
#
Oh wow, so much fail.
OK first of all, the image is modded to allow your shell to be root. Running 'whoami' will (should) say uid 0 and you should have the # beside cursor.
If (like me) for some reason you ran this and your root apps don't work,
1) Connect to the phone with adb
2) mount the filesystem as R/W
3) install su to /system/bin chmod it to 6755
4) Download busybox from the market
5) type su
6) type whoami (should be unknown uid 0)
all "root" apps will use the su binary to become root so as long as what I said works then all root apps should work.
Yeah, I 've done that a few times already. Any other tips?
Sent from my SO-01B using XDA App
edude03 said:
Oh wow, so much fail.
OK first of all, the image is modded to allow your shell to be root. Running 'whoami' will (should) say uid 0 and you should have the # beside cursor.
If (like me) for some reason you ran this and your root apps don't work,
1) Connect to the phone with adb
2) mount the filesystem as R/W
3) install su to /system/bin chmod it to 6755
4) Download busybox from the market
5) type su
6) type whoami (should be unknown uid 0)
all "root" apps will use the su binary to become root so as long as what I said works then all root apps should work.
Click to expand...
Click to collapse
before saying all this, can I enquire if you have tried these steps on an X10 rooted using the method in question here. I mean I fully understand what "su" means and what "busybox" is for. So your point is?
Tried a third time, to really make sure I didn't rush anything. But even with a rooted system my uid is 10143. Rather odd since I can remount /system etc.
I'll get some sleep and take a fresh look later.
Sent from my SO-01B using XDA App
I though it was evident from the "(like me)" part that I had the same issue.
Yes this is what I did on my X10 rooted using the method outlined in the other thread.
edude03 said:
I though it was evident from the "(like me)" part that I had the same issue.
Yes this is what I did on my X10 rooted using the method outlined in the other thread.
Click to expand...
Click to collapse
And I thought the "I've tried that already" bit was self explanatory.
Sent from my SO-01B using XDA App
edude03 said:
I though it was evident from the "(like me)" part that I had the same issue.
Yes this is what I did on my X10 rooted using the method outlined in the other thread.
Click to expand...
Click to collapse
ok buddy, maybe I missed the (like me) part... but both ddewbofh and me have done essentially that. And our milage varies.
lrwxr-xr-x 1 0 2000 7 Feb 21 02:48 wipe -> toolbox
-rwxr-xr-x 1 0 2000 5592 Feb 21 02:48 wiperiface
-rwxr-xr-x 1 0 2000 5432 Feb 21 02:48 wlan_tool
-rwxr-xr-x 1 0 2000 61748 Feb 21 02:48 wmiconfig
-rwxr-xr-x 1 0 2000 205288 Feb 21 02:48 wpa_supplicant
lrwxrwxrwx 1 0 0 19 Jun 28 02:29 xargs -> /system/bin/busybox
lrwxrwxrwx 1 0 0 19 Jun 28 02:29 yes -> /system/bin/busybox
lrwxrwxrwx 1 0 0 19 Jun 28 02:29 zcat -> /system/bin/busybox
lrwxrwxrwx 1 0 0 19 Jun 28 02:29 zcip -> /system/bin/busybox
lrwxrwxrwx 1 0 0 7 Jun 28 00:40 zip -> busybox
#
#
# su
su
# whoami
whoami
whoami: unknown uid 2000
#
Click to expand...
Click to collapse
j4mm3r said:
ok buddy, maybe I missed the (like me) part... but both ddewbofh and me have done essentially that. And our milage varies.
Click to expand...
Click to collapse
my uid comes up as 10330 - I thought that this was strange...
My windows cmd skills are weak (linux only user for years...) but, well, here some quick instructions:
0. Download busybox (free) from Market (newer version than in root files)
1. download su-2.1-cd-unsecure-signed.zip from h t t p : / / f o r u m.xda-developers.com/showthread.php?t=682828
2. extract it into folder of your choosing
3. open up cmd (Win+R -> enter 'cmd')
4. Enter the following:
Code:
cd the-path-to-where-you-extracted-the-root-files/ROOT/Step4
adb install the-path-to-where-you-extracted-the-su-file\system\app\Superuser.apk
adb shell mount -o remount,rw -t yaffs2 /dev/block/mtdblock2 /system
adb push the-path-to-where-you-extracted-the-su-file\system\app\Superuser.apk /sdcard/Superuser.apk
adb push the-path-to-where-you-extracted-the-su-file\system\bin\su /sdcard/su
adb shell dd if=/sdcard/su of=/system/bin/su
adb shell dd if=/sdcard/Superuser.apk of=/system/app/Superuser.apk
adb shell reboot
After the phone rebooted, check if it worked (it did for me):
Code:
adb shell
whoami
su
whoami
the first whoami should give you a random number (10k something, I think?) when using su, you'll have to confirm the program to be allowed root access on your phone (something should pop up) and the second whoami should put out uid 0
hope that helps someone
Yeah root is in unconventional way atm, thats because it acts like this.
Will be fixed
Regards
Related
[Q] Rip adb binary out of CM9 (or the like)
Hi, I want't adb on my desire. I use Leedroid and there is no adb binary. So I downloaded CM9 (and other) to rip it out. But all I get if I try to start the binary on my device is: permission denied (also with su) Any advice?
Try switching to superuser (su) and then type: Code: chmod +x /bin/adb I'm presuming it's an issue with permissions, that should sort it.
I did and get the following: [1] + Stopped (signal) ./adb and after one enter [1] Segmentation fault ./adb I have also tried to set chmod to 777.
htzeh said: I did and get the following: [1] + Stopped (signal) ./adb and after one enter [1] Segmentation fault ./adb I have also tried to set chmod to 777. Click to expand... Click to collapse Okay, try doing the same operation using adb on a computer. If this doesn't work, rm the adb file using adb shell, and push your own to the same directory.
On the pc adb works, I can push, shell etc. cyr0s said: ... rm the adb file using adb shell, and push your own to the same directory. Click to expand... Click to collapse with the adb from the android-sdk (on pc): 1: Syntax error: "(" unexpected I'm feeling like :silly: Nobody there who has the adb binary on their phone? Maybe the strace output can help (not for me ) adb3 is the "new" from pc, adb2 is the binary from CM9 Code: adb shell "strace /system/sd/adb3" execve("/system/sd/adb3", ["/system/sd/adb3"], [/* 13 vars */]) = -1 ENOEXEC (Exec format error) write(2, "strace: exec", 12strace: exec) = 12 write(2, ": ", 2: ) = 2 write(2, "Exec format error", 17Exec format error) = 17 write(2, "\n", 1 ) = 1 SYS_248(0x1, 0xafd3af7f, 0xf73b60f4, 0xf73b60f4, 0x1 <unfinished ... exit status 1> Code: adb shell "strace /system/sd/adb2" execve("/system/sd/adb2", ["/system/sd/adb2"], [/* 13 vars */]) = 0 syscall_983045(0xb0011a4c, 0x1, 0xb0012574, 0, 0xb0010d90, 0xb0009468, 0xbebfeb80, 0xf0005, 0xbebfeb8c, 0xb0007268, 0xb000726f, 0xb0007280, 0, 0xbebfeb20, 0xb0004e21, 0xb000121c, 0x80000010, 0xb0011a4c, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0) = 0 getpid() = 9707 sigaction(SIGILL, {0xb000586d, [], SA_RESTART}, {SIG_DFL}, 0xb0009468) = 0 sigaction(SIGABRT, {0xb000586d, [], SA_RESTART}, {SIG_DFL}, 0) = 0 sigaction(SIGBUS, {0xb000586d, [], SA_RESTART}, {SIG_DFL}, 0) = 0 sigaction(SIGFPE, {0xb000586d, [], SA_RESTART}, {SIG_DFL}, 0) = 0 sigaction(SIGSEGV, {0xb000586d, [], SA_RESTART}, {SIG_DFL}, 0) = 0 sigaction(SIGSTKFLT, {0xb000586d, [], SA_RESTART}, {SIG_DFL}, 0) = 0 sigaction(SIGPIPE, {0xb000586d, [], SA_RESTART}, {SIG_DFL}, 0) = 0 getuid32() = 0 geteuid32() = 0 getgid32() = 0 getegid32() = 0 --- SIGSEGV (Segmentation fault) @ 0 (15d58) --- sigaction(SIGUSR1, {SIG_IGN}, {SIG_DFL}, 0) = 0 SYS_224(0, 0xbebfe7c0, 0xbebfe7c0, 0) = 9707 socket(PF_UNIX, SOCK_STREAM, 0) = 3 connect(3, {sa_family=AF_UNIX, [email protected]:debuggerd}, 20) = 0 write(3, "�%\0\0", 4) = 4 --- SIGCONT (Continue) @ 0 (0) --- read(3, "", 1) = 0 close(3) = 0 sigaction(SIGSEGV, {SIG_IGN}, {0xb000586d, [], SA_RESTART}, 0) = 0 sigreturn() = ? (mask now []) --- SIGSEGV (Segmentation fault) @ 0 (15d58) --- +++ killed by SIGSEGV +++
[Q] Can anyone tell me what i did wrong
I was porting Lewa os to karbon titanium s5. well it didnt go so well and is currently in bootLoops here is the cat- Code: E/ ( 6811): Qint android::get_number_of_cameras(): E E/BandwidthController( 6812): runIpxtablesCmd ipv6 res =256 V/AudioHardwareMSM76XXA( 6811): constructed (0 SND endpoints) V/AudioHardwareMSM76XXA( 6811): cnt = 0 ept->name = NONE ept->id = 0 V/AudioHardwareMSM76XXA( 6811): cnt = 1 ept->name = HANDSET_SPKR ept->id = 1 V/AudioHardwareMSM76XXA( 6811): cnt = 2 ept->name = HANDSET_MIC ept->id = 2 V/AudioHardwareMSM76XXA( 6811): cnt = 3 ept->name = HEADSET_MIC ept->id = 3 V/AudioHardwareMSM76XXA( 6811): cnt = 4 ept->name = HEADSET_SPKR_MONO ept->id = 4 V/AudioHardwareMSM76XXA( 6811): cnt = 5 ept->name = HEADSET_SPKR_STEREO ept->id = 5 V/AudioHardwareMSM76XXA( 6811): cnt = 6 ept->name = SPEAKER_PHONE_MIC ept->id = 6 V/AudioHardwareMSM76XXA( 6811): cnt = 7 ept->name = SPEAKER_PHONE_MONO ept->id = 7 V/AudioHardwareMSM76XXA( 6811): cnt = 8 ept->name = SPEAKER_PHONE_STEREO ept->id = 8 V/AudioHardwareMSM76XXA( 6811): cnt = 9 ept->name = BT_SCO_MIC ept->id = 9 V/AudioHardwareMSM76XXA( 6811): cnt = 10 ept->name = BT_SCO_SPKR ept->id = 10 V/AudioHardwareMSM76XXA( 6811): cnt = 11 ept->name = BT_A2DP_SPKR ept->id = 11 V/AudioHardwareMSM76XXA( 6811): cnt = 12 ept->name = TTY_HEADSET_MIC ept->id = 1 2 V/AudioHardwareMSM76XXA( 6811): cnt = 13 ept->name = TTY_HEADSET_SPKR ept->id = 13 V/AudioHardwareMSM76XXA( 6811): cnt = 14 ept->name = HEADSET_STEREO_PLUS_SPKR_MO NO_RX ept->id = 19 V/AudioHardwareMSM76XXA( 6811): cnt = 15 ept->name = LP_FM_HEADSET_SPKR_STEREO_R X ept->id = 25 V/AudioHardwareMSM76XXA( 6811): cnt = 16 ept->name = I2S_RX ept->id = 26 V/AudioHardwareMSM76XXA( 6811): cnt = 17 ept->name = SPEAKER_PHONE_MIC_ENDFIRE e pt->id = 45 V/AudioHardwareMSM76XXA( 6811): cnt = 18 ept->name = HANDSET_MIC_ENDFIRE ept->id = 46 V/AudioHardwareMSM76XXA( 6811): cnt = 19 ept->name = I2S_TX ept->id = 48 V/AudioHardwareMSM76XXA( 6811): cnt = 20 ept->name = LP_FM_HEADSET_SPKR_STEREO_P LUS_HEADSET_SPKR_STEREO_RX ept->id = 57 V/AudioHardwareMSM76XXA( 6811): cnt = 21 ept->name = FM_DIGITAL_HEADSET_SPKR_STE REO ept->id = 65 V/AudioHardwareMSM76XXA( 6811): cnt = 22 ept->name = FM_DIGITAL_SPEAKER_PHONE_MO NO ept->id = 67 V/AudioHardwareMSM76XXA( 6811): cnt = 23 ept->name = FM_DIGITAL_SPEAKER_PHONE_MI C ept->id = 68 V/AudioHardwareMSM76XXA( 6811): cnt = 24 ept->name = FM_DIGITAL_BT_A2DP_SPKR ept ->id = 69 V/AudioHardwareMSM76XXA( 6811): cnt = 25 ept->name = TY_HEADSET_SPKR ept->id = 7 0 V/AudioHardwareMSM76XXA( 6811): cnt = 26 ept->name = TY_HEADSET_MIC ept->id = 71 V/AudioHardwareMSM76XXA( 6811): cnt = 27 ept->name = MAX ept->id = 80 E/ ( 6811): libaudcal: acph_init() - Allocated memory for acph_main_buffe r!! E/Diag_Lib( 6811): actp_diag_init: call diag init function with 4006C33D V/AudioHardwareMSM76XXA( 6811): Fluence dualmic feature Enabled E/AudioHardwareMSM76XXA( 6811): AudioStreamOutMSM72xx: Setting up correct values V/AudioHardwareMSM76XXA( 6811): AudioStreamOutMSM72xx::getParameters() voip_flag = E/AudioMixer( 6811): unable to find downmix effect W/SRS_Proc( 6811): SRS: QDSP hook registered. W/SRS_Proc( 6811): SRS: QDSP hook registered. W/SRS_ProcWS( 6811): SRS_Processing - SourceOutAdd - No Available Slot for 0x415 ca008 W/AudioFlinger( 6811): Thread AudioOut_2 cannot connect to the power manager ser vice V/AudioHardwareMSM76XXA( 6811): AudioStreamOutMSM72xx::setParameters() routing=2 V/AudioHardwareMSM76XXA( 6811): set output routing 2 E/AudioHardwareMSM76XXA( 6811): TYDRV xiang add start read file E/AudioHardwareMSM76XXA( 6811): TYDRV xiang read success (48,21) W/AudioHardwareMSM76XXA( 6811): rpc_snd_set_device(6, 1, 1) V/AudioHardwareMSM76XXA( 6811): In SPEAKER W/AudioHardwareMSM76XXA( 6811): rpc_snd_set_device(7, 6, 1, 1) E/mediaserver( 6811): Error Loading libmpqstobinder E/mediaserver( 6811): Error: Cannot load library: load_library[1093]: Library 'l ibmpqstobinder.so' not found E/GestureDeviceService( 6811): Could not load gesture HAL module E/BandwidthController( 6812): runIptablesCmd(): failed /system/bin/iptables -t r aw -N bw_raw_PREROUTING res=256 E/BandwidthController( 6812): runIptablesCmd(): failed /system/bin/ip6tables -t raw -N bw_raw_PREROUTING res=256 E/BandwidthController( 6812): runIpxtablesCmd ipv6 res =256 E/BandwidthController( 6812): runIptablesCmd(): failed /system/bin/iptables -t m angle -N bw_mangle_POSTROUTING res=256 E/BandwidthController( 6812): runIptablesCmd(): failed /system/bin/ip6tables -t mangle -N bw_mangle_POSTROUTING res=256 E/BandwidthController( 6812): runIpxtablesCmd ipv6 res =256 E/TY_PC_DRIVER( 208): get_mounts_dev_dir :arg=/storage/sdcard0 E/TY_PC_DRIVER( 208): get_mounts_dev_dir :arg=/storage/sdcard0 E/TY_PC_DRIVER( 208): get_mounts_dev_dir :arg=/storage/sdcard0 E/TY_PC_DRIVER( 208): get_mounts_dev_dir :arg=/storage/sdcard0 E/TY_PC_DRIVER( 208): get_mounts_dev_dir :arg=/storage/sdcard0 E/dalvikvm( 6937): ERROR: couldn't find native method E/dalvikvm( 6937): Requested: Landroid/bluetooth/BluetoothSocket;.setAmpPolicyNa tive:(I)V E/JNIHelp ( 6937): RegisterNatives failed for 'android/bluetooth/BluetoothSocket ', aborting F/libc ( 6937): Fatal signal 11 (SIGSEGV) at 0xdeadbaad (code=1), thread 6937 (zygote) F/libc ( 6937): Unable to open connection to debuggerd: Connection refused E/BandwidthController( 6943): runIpxtablesCmd ipv6 res =256 W/SRS_QDSP_Adapter( 6942): Not creating SRS DSP thread. E/BandwidthController( 6943): runIpxtablesCmd ipv6 res =256 E/BandwidthController( 6943): runIpxtablesCmd ipv6 res =256 E/TY_PC_DRIVER( 208): get_mounts_dev_dir :arg=/storage/sdcard0 E/ ( 6942): Qint android::get_number_of_cameras(): E E/BandwidthController( 6943): runIpxtablesCmd ipv6 res =256 V/AudioHardwareMSM76XXA( 6942): constructed (0 SND endpoints) V/AudioHardwareMSM76XXA( 6942): cnt = 0 ept->name = NONE ept->id = 0 V/AudioHardwareMSM76XXA( 6942): cnt = 1 ept->name = HANDSET_SPKR ept->id = 1 V/AudioHardwareMSM76XXA( 6942): cnt = 2 ept->name = HANDSET_MIC ept->id = 2 V/AudioHardwareMSM76XXA( 6942): cnt = 3 ept->name = HEADSET_MIC ept->id = 3 V/AudioHardwareMSM76XXA( 6942): cnt = 4 ept->name = HEADSET_SPKR_MONO ept->id = 4 V/AudioHardwareMSM76XXA( 6942): cnt = 5 ept->name = HEADSET_SPKR_STEREO ept->id = 5 V/AudioHardwareMSM76XXA( 6942): cnt = 6 ept->name = SPEAKER_PHONE_MIC ept->id = 6 V/AudioHardwareMSM76XXA( 6942): cnt = 7 ept->name = SPEAKER_PHONE_MONO ept->id = 7 V/AudioHardwareMSM76XXA( 6942): cnt = 8 ept->name = SPEAKER_PHONE_STEREO ept->id = 8 V/AudioHardwareMSM76XXA( 6942): cnt = 9 ept->name = BT_SCO_MIC ept->id = 9 V/AudioHardwareMSM76XXA( 6942): cnt = 10 ept->name = BT_SCO_SPKR ept->id = 10 V/AudioHardwareMSM76XXA( 6942): cnt = 11 ept->name = BT_A2DP_SPKR ept->id = 11 V/AudioHardwareMSM76XXA( 6942): cnt = 12 ept->name = TTY_HEADSET_MIC ept->id = 1 2 V/AudioHardwareMSM76XXA( 6942): cnt = 13 ept->name = TTY_HEADSET_SPKR ept->id = 13 V/AudioHardwareMSM76XXA( 6942): cnt = 14 ept->name = HEADSET_STEREO_PLUS_SPKR_MO NO_RX ept->id = 19 V/AudioHardwareMSM76XXA( 6942): cnt = 15 ept->name = LP_FM_HEADSET_SPKR_STEREO_R X ept->id = 25 V/AudioHardwareMSM76XXA( 6942): cnt = 16 ept->name = I2S_RX ept->id = 26 V/AudioHardwareMSM76XXA( 6942): cnt = 17 ept->name = SPEAKER_PHONE_MIC_ENDFIRE e pt->id = 45 V/AudioHardwareMSM76XXA( 6942): cnt = 18 ept->name = HANDSET_MIC_ENDFIRE ept->id = 46 V/AudioHardwareMSM76XXA( 6942): cnt = 19 ept->name = I2S_TX ept->id = 48 V/AudioHardwareMSM76XXA( 6942): cnt = 20 ept->name = LP_FM_HEADSET_SPKR_STEREO_P LUS_HEADSET_SPKR_STEREO_RX ept->id = 57 V/AudioHardwareMSM76XXA( 6942): cnt = 21 ept->name = FM_DIGITAL_HEADSET_SPKR_STE REO ept->id = 65 V/AudioHardwareMSM76XXA( 6942): cnt = 22 ept->name = FM_DIGITAL_SPEAKER_PHONE_MO NO ept->id = 67 V/AudioHardwareMSM76XXA( 6942): cnt = 23 ept->name = FM_DIGITAL_SPEAKER_PHONE_MI C ept->id = 68 V/AudioHardwareMSM76XXA( 6942): cnt = 24 ept->name = FM_DIGITAL_BT_A2DP_SPKR ept ->id = 69 V/AudioHardwareMSM76XXA( 6942): cnt = 25 ept->name = TY_HEADSET_SPKR ept->id = 7 0 V/AudioHardwareMSM76XXA( 6942): cnt = 26 ept->name = TY_HEADSET_MIC ept->id = 71 V/AudioHardwareMSM76XXA( 6942): cnt = 27 ept->name = MAX ept->id = 80 E/ ( 6942): libaudcal: acph_init() - Allocated memory for acph_main_buffe r!! E/Diag_Lib( 6942): actp_diag_init: call diag init function with 4029633D V/AudioHardwareMSM76XXA( 6942): Fluence dualmic feature Enabled E/AudioHardwareMSM76XXA( 6942): AudioStreamOutMSM72xx: Setting up correct values V/AudioHardwareMSM76XXA( 6942): AudioStreamOutMSM72xx::getParameters() voip_flag = E/AudioMixer( 6942): unable to find downmix effect W/SRS_Proc( 6942): SRS: QDSP hook registered. W/SRS_ProcWS( 6942): SRS_Processing - SourceOutAdd - No Available Slot for 0x413 c4008 W/SRS_Proc( 6942): SRS: QDSP hook registered. W/AudioFlinger( 6942): Thread AudioOut_2 cannot connect to the power manager ser vice W/AudioFlinger( 6942): Thread AudioOut_2 cannot connect to the power manager ser vice V/AudioHardwareMSM76XXA( 6942): AudioStreamOutMSM72xx::setParameters() routing=2 V/AudioHardwareMSM76XXA( 6942): set output routing 2 E/AudioHardwareMSM76XXA( 6942): TYDRV xiang add start read file E/AudioHardwareMSM76XXA( 6942): TYDRV xiang read success (48,21) W/AudioHardwareMSM76XXA( 6942): rpc_snd_set_device(6, 1, 1) V/AudioHardwareMSM76XXA( 6942): In SPEAKER W/AudioHardwareMSM76XXA( 6942): rpc_snd_set_device(7, 6, 1, 1) E/mediaserver( 6942): Error Loading libmpqstobinder E/mediaserver( 6942): Error: Cannot load library: load_library[1093]: Library 'l ibmpqstobinder.so' not found E/GestureDeviceService( 6942): Could not load gesture HAL module E/BandwidthController( 6943): runIptablesCmd(): failed /system/bin/iptables -t r aw -N bw_raw_PREROUTING res=256 E/BandwidthController( 6943): runIptablesCmd(): failed /system/bin/ip6tables -t raw -N bw_raw_PREROUTING res=256 E/BandwidthController( 6943): runIpxtablesCmd ipv6 res =256 E/BandwidthController( 6943): runIptablesCmd(): failed /system/bin/iptables -t m angle -N bw_mangle_POSTROUTING res=256 E/BandwidthController( 6943): runIptablesCmd(): failed /system/bin/ip6tables -t mangle -N bw_mangle_POSTROUTING res=256 E/BandwidthController( 6943): runIpxtablesCmd ipv6 res =256 E/TY_PC_DRIVER( 208): get_mounts_dev_dir :arg=/storage/sdcard0 E/TY_PC_DRIVER( 208): get_mounts_dev_dir :arg=/storage/sdcard0 E/TY_PC_DRIVER( 208): get_mounts_dev_dir :arg=/storage/sdcard0 E/TY_PC_DRIVER( 208): get_mounts_dev_dir :arg=/storage/sdcard0 E/TY_PC_DRIVER( 208): get_mounts_dev_dir :arg=/storage/sdcard0 E/dalvikvm( 7068): ERROR: couldn't find native method E/dalvikvm( 7068): Requested: Landroid/bluetooth/BluetoothSocket;.setAmpPolicyNa tive:(I)V E/JNIHelp ( 7068): RegisterNatives failed for 'android/bluetooth/BluetoothSocket ', aborting F/libc ( 7068): Fatal signal 11 (SIGSEGV) at 0xdeadbaad (code=1), thread 7068 (zygote) F/libc ( 7068): Unable to open connection to debuggerd: Connection refused E/BandwidthController( 7074): runIpxtablesCmd ipv6 res =256 W/SRS_QDSP_Adapter( 7073): Not creating SRS DSP thread. E/BandwidthController( 7074): runIpxtablesCmd ipv6 res =256 E/BandwidthController( 7074): runIpxtablesCmd ipv6 res =256 E/ ( 7073): Qint android::get_number_of_cameras(): E V/AudioHardwareMSM76XXA( 7073): constructed (0 SND endpoints) V/AudioHardwareMSM76XXA( 7073): cnt = 0 ept->name = NONE ept->id = 0 V/AudioHardwareMSM76XXA( 7073): cnt = 1 ept->name = HANDSET_SPKR ept->id = 1 V/AudioHardwareMSM76XXA( 7073): cnt = 2 ept->name = HANDSET_MIC ept->id = 2 V/AudioHardwareMSM76XXA( 7073): cnt = 3 ept->name = HEADSET_MIC ept->id = 3 V/AudioHardwareMSM76XXA( 7073): cnt = 4 ept->name = HEADSET_SPKR_MONO ept->id = 4 V/AudioHardwareMSM76XXA( 7073): cnt = 5 ept->name = HEADSET_SPKR_STEREO ept->id = 5 V/AudioHardwareMSM76XXA( 7073): cnt = 6 ept->name = SPEAKER_PHONE_MIC ept->id = 6 V/AudioHardwareMSM76XXA( 7073): cnt = 7 ept->name = SPEAKER_PHONE_MONO ept->id = 7 V/AudioHardwareMSM76XXA( 7073): cnt = 8 ept->name = SPEAKER_PHONE_STEREO ept->id = 8 V/AudioHardwareMSM76XXA( 7073): cnt = 9 ept->name = BT_SCO_MIC ept->id = 9 V/AudioHardwareMSM76XXA( 7073): cnt = 10 ept->name = BT_SCO_SPKR ept->id = 10 V/AudioHardwareMSM76XXA( 7073): cnt = 11 ept->name = BT_A2DP_SPKR ept->id = 11 V/AudioHardwareMSM76XXA( 7073): cnt = 12 ept->name = TTY_HEADSET_MIC ept->id = 1 2 V/AudioHardwareMSM76XXA( 7073): cnt = 13 ept->name = TTY_HEADSET_SPKR ept->id = 13 V/AudioHardwareMSM76XXA( 7073): cnt = 14 ept->name = HEADSET_STEREO_PLUS_SPKR_MO NO_RX ept->id = 19 V/AudioHardwareMSM76XXA( 7073): cnt = 15 ept->name = LP_FM_HEADSET_SPKR_STEREO_R X ept->id = 25 V/AudioHardwareMSM76XXA( 7073): cnt = 16 ept->name = I2S_RX ept->id = 26 V/AudioHardwareMSM76XXA( 7073): cnt = 17 ept->name = SPEAKER_PHONE_MIC_ENDFIRE e pt->id = 45 V/AudioHardwareMSM76XXA( 7073): cnt = 18 ept->name = HANDSET_MIC_ENDFIRE ept->id = 46 V/AudioHardwareMSM76XXA( 7073): cnt = 19 ept->name = I2S_TX ept->id = 48 V/AudioHardwareMSM76XXA( 7073): cnt = 20 ept->name = LP_FM_HEADSET_SPKR_STEREO_P LUS_HEADSET_SPKR_STEREO_RX ept->id = 57 V/AudioHardwareMSM76XXA( 7073): cnt = 21 ept->name = FM_DIGITAL_HEADSET_SPKR_STE REO ept->id = 65 V/AudioHardwareMSM76XXA( 7073): cnt = 22 ept->name = FM_DIGITAL_SPEAKER_PHONE_MO NO ept->id = 67 V/AudioHardwareMSM76XXA( 7073): cnt = 23 ept->name = FM_DIGITAL_SPEAKER_PHONE_MI C ept->id = 68 V/AudioHardwareMSM76XXA( 7073): cnt = 24 ept->name = FM_DIGITAL_BT_A2DP_SPKR ept ->id = 69 V/AudioHardwareMSM76XXA( 7073): cnt = 25 ept->name = TY_HEADSET_SPKR ept->id = 7 0 V/AudioHardwareMSM76XXA( 7073): cnt = 26 ept->name = TY_HEADSET_MIC ept->id = 71 V/AudioHardwareMSM76XXA( 7073): cnt = 27 ept->name = MAX ept->id = 80 E/ ( 7073): libaudcal: acph_init() - Allocated memory for acph_main_buffe r!! E/Diag_Lib( 7073): actp_diag_init: call diag init function with 4003533D V/AudioHardwareMSM76XXA( 7073): Fluence dualmic feature Enabled E/AudioHardwareMSM76XXA( 7073): AudioStreamOutMSM72xx: Setting up correct values V/AudioHardwareMSM76XXA( 7073): AudioStreamOutMSM72xx::getParameters() voip_flag = E/BandwidthController( 7074): runIpxtablesCmd ipv6 res =256 E/AudioMixer( 7073): unable to find downmix effect W/SRS_Proc( 7073): SRS: QDSP hook registered. W/SRS_Proc( 7073): SRS: QDSP hook registered. W/SRS_ProcWS( 7073): SRS_Processing - SourceOutAdd - No Available Slot for 0x416 81008 W/AudioFlinger( 7073): Thread AudioOut_2 cannot connect to the power manager ser vice V/AudioHardwareMSM76XXA( 7073): AudioStreamOutMSM72xx::setParameters() routing=2 V/AudioHardwareMSM76XXA( 7073): set output routing 2 E/AudioHardwareMSM76XXA( 7073): TYDRV xiang add start read file E/AudioHardwareMSM76XXA( 7073): TYDRV xiang read success (48,21) W/AudioHardwareMSM76XXA( 7073): rpc_snd_set_device(6, 1, 1) V/AudioHardwareMSM76XXA( 7073): In SPEAKER W/AudioHardwareMSM76XXA( 7073): rpc_snd_set_device(7, 6, 1, 1) E/mediaserver( 7073): Error Loading libmpqstobinder E/mediaserver( 7073): Error: Cannot load library: load_library[1093]: Library 'l ibmpqstobinder.so' not found E/GestureDeviceService( 7073): Could not load gesture HAL module E/BandwidthController( 7074): runIptablesCmd(): failed /system/bin/iptables -t r aw -N bw_raw_PREROUTING res=256 E/BandwidthController( 7074): runIptablesCmd(): failed /system/bin/ip6tables -t raw -N bw_raw_PREROUTING res=256 E/BandwidthController( 7074): runIpxtablesCmd ipv6 res =256 E/BandwidthController( 7074): runIptablesCmd(): failed /system/bin/iptables -t m angle -N bw_mangle_POSTROUTING res=256 E/BandwidthController( 7074): runIptablesCmd(): failed /system/bin/ip6tables -t mangle -N bw_mangle_POSTROUTING res=256 E/BandwidthController( 7074): runIpxtablesCmd ipv6 res =256 E/TY_PC_DRIVER( 208): get_mounts_dev_dir :arg=/storage/sdcard0 E/TY_PC_DRIVER( 208): get_mounts_dev_dir :arg=/storage/sdcard0 E/TY_PC_DRIVER( 208): get_mounts_dev_dir :arg=/storage/sdcard0
Code: E/BandwidthController(24134): runIpxtablesCmd ipv6 res =256 E/BandwidthController(24134): runIpxtablesCmd ipv6 res =256 E/ (24133): Qint android::get_number_of_cameras(): E V/AudioHardwareMSM76XXA(24133): constructed (0 SND endpoints) V/AudioHardwareMSM76XXA(24133): cnt = 0 ept->name = NONE ept->id = 0 V/AudioHardwareMSM76XXA(24133): cnt = 1 ept->name = HANDSET_SPKR ept->id = 1 V/AudioHardwareMSM76XXA(24133): cnt = 2 ept->name = HANDSET_MIC ept->id = 2 V/AudioHardwareMSM76XXA(24133): cnt = 3 ept->name = HEADSET_MIC ept->id = 3 V/AudioHardwareMSM76XXA(24133): cnt = 4 ept->name = HEADSET_SPKR_MONO ept->id = 4 V/AudioHardwareMSM76XXA(24133): cnt = 5 ept->name = HEADSET_SPKR_STEREO ept->id = 5 V/AudioHardwareMSM76XXA(24133): cnt = 6 ept->name = SPEAKER_PHONE_MIC ept->id = 6 V/AudioHardwareMSM76XXA(24133): cnt = 7 ept->name = SPEAKER_PHONE_MONO ept->id = 7 V/AudioHardwareMSM76XXA(24133): cnt = 8 ept->name = SPEAKER_PHONE_STEREO ept->id = 8 V/AudioHardwareMSM76XXA(24133): cnt = 9 ept->name = BT_SCO_MIC ept->id = 9 V/AudioHardwareMSM76XXA(24133): cnt = 10 ept->name = BT_SCO_SPKR ept->id = 10 V/AudioHardwareMSM76XXA(24133): cnt = 11 ept->name = BT_A2DP_SPKR ept->id = 11 V/AudioHardwareMSM76XXA(24133): cnt = 12 ept->name = TTY_HEADSET_MIC ept->id = 1 2 V/AudioHardwareMSM76XXA(24133): cnt = 13 ept->name = TTY_HEADSET_SPKR ept->id = 13 V/AudioHardwareMSM76XXA(24133): cnt = 14 ept->name = HEADSET_STEREO_PLUS_SPKR_MO NO_RX ept->id = 19 V/AudioHardwareMSM76XXA(24133): cnt = 15 ept->name = LP_FM_HEADSET_SPKR_STEREO_R X ept->id = 25 V/AudioHardwareMSM76XXA(24133): cnt = 16 ept->name = I2S_RX ept->id = 26 V/AudioHardwareMSM76XXA(24133): cnt = 17 ept->name = SPEAKER_PHONE_MIC_ENDFIRE e pt->id = 45 V/AudioHardwareMSM76XXA(24133): cnt = 18 ept->name = HANDSET_MIC_ENDFIRE ept->id = 46 V/AudioHardwareMSM76XXA(24133): cnt = 19 ept->name = I2S_TX ept->id = 48 V/AudioHardwareMSM76XXA(24133): cnt = 20 ept->name = LP_FM_HEADSET_SPKR_STEREO_P LUS_HEADSET_SPKR_STEREO_RX ept->id = 57 V/AudioHardwareMSM76XXA(24133): cnt = 21 ept->name = FM_DIGITAL_HEADSET_SPKR_STE REO ept->id = 65 V/AudioHardwareMSM76XXA(24133): cnt = 22 ept->name = FM_DIGITAL_SPEAKER_PHONE_MO NO ept->id = 67 V/AudioHardwareMSM76XXA(24133): cnt = 23 ept->name = FM_DIGITAL_SPEAKER_PHONE_MI C ept->id = 68 V/AudioHardwareMSM76XXA(24133): cnt = 24 ept->name = FM_DIGITAL_BT_A2DP_SPKR ept ->id = 69 V/AudioHardwareMSM76XXA(24133): cnt = 25 ept->name = TY_HEADSET_SPKR ept->id = 7 0 V/AudioHardwareMSM76XXA(24133): cnt = 26 ept->name = TY_HEADSET_MIC ept->id = 71 V/AudioHardwareMSM76XXA(24133): cnt = 27 ept->name = MAX ept->id = 80 E/ (24133): libaudcal: acph_init() - Allocated memory for acph_main_buffe r!! E/Diag_Lib(24133): actp_diag_init: call diag init function with 4010B33D V/AudioHardwareMSM76XXA(24133): Fluence dualmic feature Enabled E/AudioHardwareMSM76XXA(24133): AudioStreamOutMSM72xx: Setting up correct values V/AudioHardwareMSM76XXA(24133): AudioStreamOutMSM72xx::getParameters() voip_flag = E/BandwidthController(24134): runIpxtablesCmd ipv6 res =256 E/AudioMixer(24133): unable to find downmix effect W/SRS_Proc(24133): SRS: QDSP hook registered. W/SRS_Proc(24133): SRS: QDSP hook registered. W/SRS_ProcWS(24133): SRS_Processing - SourceOutAdd - No Available Slot for 0x406 1a008 W/AudioFlinger(24133): Thread AudioOut_2 cannot connect to the power manager ser vice W/AudioFlinger(24133): Thread AudioOut_2 cannot connect to the power manager ser vice V/AudioHardwareMSM76XXA(24133): AudioStreamOutMSM72xx::setParameters() routing=2 V/AudioHardwareMSM76XXA(24133): set output routing 2 E/AudioHardwareMSM76XXA(24133): TYDRV xiang add start read file E/AudioHardwareMSM76XXA(24133): TYDRV xiang read success (48,5) W/AudioHardwareMSM76XXA(24133): rpc_snd_set_device(6, 1, 1) V/AudioHardwareMSM76XXA(24133): In SPEAKER W/AudioHardwareMSM76XXA(24133): rpc_snd_set_device(7, 6, 1, 1) E/BandwidthController(24134): runIpxtablesCmd ipv6 res =256 E/mediaserver(24133): Error Loading libmpqstobinder E/mediaserver(24133): Error: Cannot load library: load_library[1093]: Library 'l ibmpqstobinder.so' not found E/GestureDeviceService(24133): Could not load gesture HAL module E/BandwidthController(24134): runIptablesCmd(): failed /system/bin/iptables -t r aw -N bw_raw_PREROUTING res=256 E/BandwidthController(24134): runIptablesCmd(): failed /system/bin/ip6tables -t raw -N bw_raw_PREROUTING res=256 E/BandwidthController(24134): runIpxtablesCmd ipv6 res =256 E/BandwidthController(24134): runIptablesCmd(): failed /system/bin/iptables -t m angle -N bw_mangle_POSTROUTING res=256 E/BandwidthController(24134): runIptablesCmd(): failed /system/bin/ip6tables -t mangle -N bw_mangle_POSTROUTING res=256 E/BandwidthController(24134): runIpxtablesCmd ipv6 res =256 I/rmt_storage( 216): rmt_storage write event I/rmt_storage( 216): event->handle = 2 I/rmt_storage( 216): client->shrd_mem=0x400fb698 I/rmt_storage( 216): rmt_storage events processing done I/rmt_storage( 216): unblock rmt_storage client thread E/rmt_storage( 216): Begin remote fs read/write I/rmt_storage( 216): rmt_storage fop(1): bytes transferred = 3145216 I/rmt_storage( 216): rmt_storage fop(1): bytes transferred = 512 E/rmt_storage( 216): End remote fs read/write E/dalvikvm(24259): ERROR: couldn't find native method E/dalvikvm(24259): Requested: Landroid/bluetooth/BluetoothSocket;.setAmpPolicyNa tive:(I)V E/JNIHelp (24259): RegisterNatives failed for 'android/bluetooth/BluetoothSocket ', aborting F/libc (24259): Fatal signal 11 (SIGSEGV) at 0xdeadbaad (code=1), thread 2425 9 (zygote) F/libc (24259): Unable to open connection to debuggerd: Connection refused W/SRS_QDSP_Adapter(24264): Not creating SRS DSP thread. E/BandwidthController(24265): runIpxtablesCmd ipv6 res =256 E/BandwidthController(24265): runIpxtablesCmd ipv6 res =256 E/ (24264): Qint android::get_number_of_cameras(): E V/AudioHardwareMSM76XXA(24264): constructed (0 SND endpoints) V/AudioHardwareMSM76XXA(24264): cnt = 0 ept->name = NONE ept->id = 0 V/AudioHardwareMSM76XXA(24264): cnt = 1 ept->name = HANDSET_SPKR ept->id = 1 V/AudioHardwareMSM76XXA(24264): cnt = 2 ept->name = HANDSET_MIC ept->id = 2 V/AudioHardwareMSM76XXA(24264): cnt = 3 ept->name = HEADSET_MIC ept->id = 3 V/AudioHardwareMSM76XXA(24264): cnt = 4 ept->name = HEADSET_SPKR_MONO ept->id = 4 V/AudioHardwareMSM76XXA(24264): cnt = 5 ept->name = HEADSET_SPKR_STEREO ept->id = 5 V/AudioHardwareMSM76XXA(24264): cnt = 6 ept->name = SPEAKER_PHONE_MIC ept->id = 6 V/AudioHardwareMSM76XXA(24264): cnt = 7 ept->name = SPEAKER_PHONE_MONO ept->id = 7 V/AudioHardwareMSM76XXA(24264): cnt = 8 ept->name = SPEAKER_PHONE_STEREO ept->id = 8 V/AudioHardwareMSM76XXA(24264): cnt = 9 ept->name = BT_SCO_MIC ept->id = 9 V/AudioHardwareMSM76XXA(24264): cnt = 10 ept->name = BT_SCO_SPKR ept->id = 10 V/AudioHardwareMSM76XXA(24264): cnt = 11 ept->name = BT_A2DP_SPKR ept->id = 11 V/AudioHardwareMSM76XXA(24264): cnt = 12 ept->name = TTY_HEADSET_MIC ept->id = 1 2 V/AudioHardwareMSM76XXA(24264): cnt = 13 ept->name = TTY_HEADSET_SPKR ept->id = 13 V/AudioHardwareMSM76XXA(24264): cnt = 14 ept->name = HEADSET_STEREO_PLUS_SPKR_MO NO_RX ept->id = 19 V/AudioHardwareMSM76XXA(24264): cnt = 15 ept->name = LP_FM_HEADSET_SPKR_STEREO_R X ept->id = 25 V/AudioHardwareMSM76XXA(24264): cnt = 16 ept->name = I2S_RX ept->id = 26 V/AudioHardwareMSM76XXA(24264): cnt = 17 ept->name = SPEAKER_PHONE_MIC_ENDFIRE e pt->id = 45 V/AudioHardwareMSM76XXA(24264): cnt = 18 ept->name = HANDSET_MIC_ENDFIRE ept->id = 46 V/AudioHardwareMSM76XXA(24264): cnt = 19 ept->name = I2S_TX ept->id = 48 V/AudioHardwareMSM76XXA(24264): cnt = 20 ept->name = LP_FM_HEADSET_SPKR_STEREO_P LUS_HEADSET_SPKR_STEREO_RX ept->id = 57 V/AudioHardwareMSM76XXA(24264): cnt = 21 ept->name = FM_DIGITAL_HEADSET_SPKR_STE REO ept->id = 65 V/AudioHardwareMSM76XXA(24264): cnt = 22 ept->name = FM_DIGITAL_SPEAKER_PHONE_MO NO ept->id = 67 V/AudioHardwareMSM76XXA(24264): cnt = 23 ept->name = FM_DIGITAL_SPEAKER_PHONE_MI C ept->id = 68 V/AudioHardwareMSM76XXA(24264): cnt = 24 ept->name = FM_DIGITAL_BT_A2DP_SPKR ept ->id = 69 V/AudioHardwareMSM76XXA(24264): cnt = 25 ept->name = TY_HEADSET_SPKR ept->id = 7 0 V/AudioHardwareMSM76XXA(24264): cnt = 26 ept->name = TY_HEADSET_MIC ept->id = 71 V/AudioHardwareMSM76XXA(24264): cnt = 27 ept->name = MAX ept->id = 80 E/ (24264): libaudcal: acph_init() - Allocated memory for acph_main_buffe r!! E/Diag_Lib(24264): actp_diag_init: call diag init function with 4000233D V/AudioHardwareMSM76XXA(24264): Fluence dualmic feature Enabled E/AudioHardwareMSM76XXA(24264): AudioStreamOutMSM72xx: Setting up correct values V/AudioHardwareMSM76XXA(24264): AudioStreamOutMSM72xx::getParameters() voip_flag = E/AudioMixer(24264): unable to find downmix effect W/SRS_Proc(24264): SRS: QDSP hook registered. W/SRS_Proc(24264): SRS: QDSP hook registered. W/SRS_ProcWS(24264): SRS_Processing - SourceOutAdd - No Available Slot for 0x417 6f008 E/BandwidthController(24265): runIpxtablesCmd ipv6 res =256 W/AudioFlinger(24264): Thread AudioOut_2 cannot connect to the power manager ser vice V/AudioHardwareMSM76XXA(24264): AudioStreamOutMSM72xx::setParameters() routing=2 V/AudioHardwareMSM76XXA(24264): set output routing 2 E/AudioHardwareMSM76XXA(24264): TYDRV xiang add start read file E/AudioHardwareMSM76XXA(24264): TYDRV xiang read success (48,149) W/AudioHardwareMSM76XXA(24264): rpc_snd_set_device(6, 1, 1) V/AudioHardwareMSM76XXA(24264): In SPEAKER W/AudioHardwareMSM76XXA(24264): rpc_snd_set_device(7, 6, 1, 1) E/mediaserver(24264): Error Loading libmpqstobinder E/mediaserver(24264): Error: Cannot load library: load_library[1093]: Library 'l ibmpqstobinder.so' not found E/GestureDeviceService(24264): Could not load gesture HAL module E/BandwidthController(24265): runIpxtablesCmd ipv6 res =256 E/BandwidthController(24265): runIptablesCmd(): failed /system/bin/iptables -t r aw -N bw_raw_PREROUTING res=256 E/BandwidthController(24265): runIptablesCmd(): failed /system/bin/ip6tables -t raw -N bw_raw_PREROUTING res=256 E/BandwidthController(24265): runIpxtablesCmd ipv6 res =256 E/BandwidthController(24265): runIptablesCmd(): failed /system/bin/iptables -t m angle -N bw_mangle_POSTROUTING res=256 E/BandwidthController(24265): runIptablesCmd(): failed /system/bin/ip6tables -t mangle -N bw_mangle_POSTROUTING res=256 E/BandwidthController(24265): runIpxtablesCmd ipv6 res =256 E/dalvikvm(24390): ERROR: couldn't find native method E/dalvikvm(24390): Requested: Landroid/bluetooth/BluetoothSocket;.setAmpPolicyNa tive:(I)V E/JNIHelp (24390): RegisterNatives failed for 'android/bluetooth/BluetoothSocket ', aborting F/libc (24390): Fatal signal 11 (SIGSEGV) at 0xdeadbaad (code=1), thread 2439 0 (zygote) F/libc (24390): Unable to open connection to debuggerd: Connection refused E/BandwidthController(24396): runIpxtablesCmd ipv6 res =256 W/SRS_QDSP_Adapter(24395): Not creating SRS DSP thread. E/BandwidthController(24396): runIpxtablesCmd ipv6 res =256 E/ (24395): Qint android::get_number_of_cameras(): E E/BandwidthController(24396): runIpxtablesCmd ipv6 res =256 V/AudioHardwareMSM76XXA(24395): constructed (0 SND endpoints) V/AudioHardwareMSM76XXA(24395): cnt = 0 ept->name = NONE ept->id = 0 V/AudioHardwareMSM76XXA(24395): cnt = 1 ept->name = HANDSET_SPKR ept->id = 1 V/AudioHardwareMSM76XXA(24395): cnt = 2 ept->name = HANDSET_MIC ept->id = 2 V/AudioHardwareMSM76XXA(24395): cnt = 3 ept->name = HEADSET_MIC ept->id = 3 V/AudioHardwareMSM76XXA(24395): cnt = 4 ept->name = HEADSET_SPKR_MONO ept->id = 4 V/AudioHardwareMSM76XXA(24395): cnt = 5 ept->name = HEADSET_SPKR_STEREO ept->id = 5 V/AudioHardwareMSM76XXA(24395): cnt = 6 ept->name = SPEAKER_PHONE_MIC ept->id = 6 V/AudioHardwareMSM76XXA(24395): cnt = 7 ept->name = SPEAKER_PHONE_MONO ept->id = 7 V/AudioHardwareMSM76XXA(24395): cnt = 8 ept->name = SPEAKER_PHONE_STEREO ept->id = 8 V/AudioHardwareMSM76XXA(24395): cnt = 9 ept->name = BT_SCO_MIC ept->id = 9 V/AudioHardwareMSM76XXA(24395): cnt = 10 ept->name = BT_SCO_SPKR ept->id = 10 V/AudioHardwareMSM76XXA(24395): cnt = 11 ept->name = BT_A2DP_SPKR ept->id = 11 V/AudioHardwareMSM76XXA(24395): cnt = 12 ept->name = TTY_HEADSET_MIC ept->id = 1 2 V/AudioHardwareMSM76XXA(24395): cnt = 13 ept->name = TTY_HEADSET_SPKR ept->id = 13 V/AudioHardwareMSM76XXA(24395): cnt = 14 ept->name = HEADSET_STEREO_PLUS_SPKR_MO NO_RX ept->id = 19 V/AudioHardwareMSM76XXA(24395): cnt = 15 ept->name = LP_FM_HEADSET_SPKR_STEREO_R X ept->id = 25 V/AudioHardwareMSM76XXA(24395): cnt = 16 ept->name = I2S_RX ept->id = 26 V/AudioHardwareMSM76XXA(24395): cnt = 17 ept->name = SPEAKER_PHONE_MIC_ENDFIRE e pt->id = 45 V/AudioHardwareMSM76XXA(24395): cnt = 18 ept->name = HANDSET_MIC_ENDFIRE ept->id = 46 V/AudioHardwareMSM76XXA(24395): cnt = 19 ept->name = I2S_TX ept->id = 48 V/AudioHardwareMSM76XXA(24395): cnt = 20 ept->name = LP_FM_HEADSET_SPKR_STEREO_P LUS_HEADSET_SPKR_STEREO_RX ept->id = 57 V/AudioHardwareMSM76XXA(24395): cnt = 21 ept->name = FM_DIGITAL_HEADSET_SPKR_STE REO ept->id = 65 V/AudioHardwareMSM76XXA(24395): cnt = 22 ept->name = FM_DIGITAL_SPEAKER_PHONE_MO NO ept->id = 67 V/AudioHardwareMSM76XXA(24395): cnt = 23 ept->name = FM_DIGITAL_SPEAKER_PHONE_MI C ept->id = 68 V/AudioHardwareMSM76XXA(24395): cnt = 24 ept->name = FM_DIGITAL_BT_A2DP_SPKR ept ->id = 69 V/AudioHardwareMSM76XXA(24395): cnt = 25 ept->name = TY_HEADSET_SPKR ept->id = 7 0 V/AudioHardwareMSM76XXA(24395): cnt = 26 ept->name = TY_HEADSET_MIC ept->id = 71 V/AudioHardwareMSM76XXA(24395): cnt = 27 ept->name = MAX ept->id = 80 E/ (24395): libaudcal: acph_init() - Allocated memory for acph_main_buffe r!! E/Diag_Lib(24395): actp_diag_init: call diag init function with 4003B33D V/AudioHardwareMSM76XXA(24395): Fluence dualmic feature Enabled E/AudioHardwareMSM76XXA(24395): AudioStreamOutMSM72xx: Setting up correct values V/AudioHardwareMSM76XXA(24395): AudioStreamOutMSM72xx::getParameters() voip_flag = E/BandwidthController(24396): runIpxtablesCmd ipv6 res =256 E/AudioMixer(24395): unable to find downmix effect W/SRS_Proc(24395): SRS: QDSP hook registered. W/SRS_Proc(24395): SRS: QDSP hook registered. W/SRS_ProcWS(24395): SRS_Processing - SourceOutAdd - No Available Slot for 0x416 4a008 W/AudioFlinger(24395): Thread AudioOut_2 cannot connect to the power manager ser vice W/AudioFlinger(24395): Thread AudioOut_2 cannot connect to the power manager ser vice V/AudioHardwareMSM76XXA(24395): AudioStreamOutMSM72xx::setParameters() routing=2 V/AudioHardwareMSM76XXA(24395): set output routing 2 E/AudioHardwareMSM76XXA(24395): TYDRV xiang add start read file E/AudioHardwareMSM76XXA(24395): TYDRV xiang read success (48,37) W/AudioHardwareMSM76XXA(24395): rpc_snd_set_device(6, 1, 1) V/AudioHardwareMSM76XXA(24395): In SPEAKER W/AudioHardwareMSM76XXA(24395): rpc_snd_set_device(7, 6, 1, 1) E/mediaserver(24395): Error Loading libmpqstobinder E/mediaserver(24395): Error: Cannot load library: load_library[1093]: Library 'l ibmpqstobinder.so' not found E/GestureDeviceService(24395): Could not load gesture HAL module E/BandwidthController(24396): runIptablesCmd(): failed /system/bin/iptables -t r aw -N bw_raw_PREROUTING res=256 E/BandwidthController(24396): runIptablesCmd(): failed /system/bin/ip6tables -t raw -N bw_raw_PREROUTING res=256 E/BandwidthController(24396): runIpxtablesCmd ipv6 res =256 E/BandwidthController(24396): runIptablesCmd(): failed /system/bin/iptables -t m angle -N bw_mangle_POSTROUTING res=256 E/BandwidthController(24396): runIptablesCmd(): failed /system/bin/ip6tables -t mangle -N bw_mangle_POSTROUTING res=256 E/BandwidthController(24396): runIpxtablesCmd ipv6 res =256
Were you able to solve this problem?
[Q] Locating task_struct::cred
Hi. I develop an exploit for a public vulnerability. When executing in kernel mode I have to locate task_struct and cred struct and modify user ids. I take pointer to thread_info from stack, then extract pointer to task_struct, search task_struct for process name (comm field). There should be cred struct pointer before the field. Code: Code: int f() //executed in kernel mode { unsigned int *p; unsigned int *p3; //struct task_struct unsigned int *cred; //struct cred char *pc1, *pc2; int i; register unsigned long sp asm ("sp"); p = sp; p = (int)p & ~(THREAD_SIZE - 1); //p points to thread_info initial = p; p3 = (int *)(p[3]); task = p3; //p3 points to task_struct state = task[0]; stack = task[1]; flags = task[3]; pc2 = (char *)p3 + 2056; pc1 = (char *)p3 + 8; //Now scan task_struct for comm field for (; pc1 != pc2;) { if (pc1[0] == 'N' && pc1[1] == 'a' && pc1[2] == 'm' && pc1[3] == 'e') { pc2 = pc1; break; } pc1++; } if (pc1 != pc2) { return -2; } cred = *(int **)(pc1 - 8); //cred points to struct cred now ... } The problem is that assumed cred pointer points to some strange structre. It contains uid but doesn't contain cred's magic and so on. Printing a few dword from cred pointer I see: 7, 7d0, 7d0, 7d0, 7d0, 0, 0. 0x7D0 is uid of the current process. I also dumped the task struct and it looks legit: Code: 0 //runnable da32a000 //stack 2 //usage 400000 //flags 0 0 1 1 78 78 78 0 c0808d2c 0 400 400000 1 d99cc3c0 0 d99cc3cc c4123b84 1 3fb39b63 3f7 895ebf 0 c43e10f3 f2 895ebf 0 0 0 0 c4123708 0 0 d99ce710 d99ce710 0 a 4 0 0 c4123790 0 0 0 f 0 0 d99ce748 d99ce748 0 c0f41344 d99ce3d4 8c d99ce760 d99ce760 d99ce768 d99ce768 dc585a40 dc585a40 1 3a 28 8 0 0 0 11 0 10000 800000 1 163a //pid 163a //tgid b9dfb57 d99ce300 d99ce300 d99ce7bc d99ce7bc d99ce43c d99ce43c d99ce680 d99ce7d0 d99ce7d0 d99ce7d8 d99ce7d8 0 db51ad08 db51ad00 0 db51ad0c db51ad00 d99ce478 db51af90 db51af80 d99ce804 d99ce804 0 0 0 0 1 0 1 0 0 0 3 11 1108 1a915a67 1108 1a915a67 ac 0 0 0 0 0 0 d99ce868 d99ce868 d99ce870 d99ce870 d99ce878 d99ce878 da456a00 //cred? da456a00 //cred? 0 //?? 65616d4e //'Name' Any ideas what is this structure and where is cred? Sorry for posting here, I can't post to development forum. Thanks.
Ok, I didn't notice that magic is included only when CONFIG_DEBUG_CREDENTIALS is defined. So, there may be no magic.
Keycode_HOME don't work in custom ROM
I have a STB Android with a custom android ROM in which the virtual home key (keycode_HOME) don't work. These are the traces of logcat 03-30 23:37:28.872 D / WindowManager (3694): keycode = 3 interceptKeyTq screenIsOn keyguardActive = true = false = 2000000 policyFlags isWakeKey = false 03-30 23:37:28.872 I / WindowManager (3694): mapkey no map key list 03-30 23:37:28.872 D / WindowManager (3694): interceptKeyTi keyCode = 3 down = false repeatCount = 0 mHomePressed keyguardOn = true = true = false Canceled 03-30 23:37:28.872 W / ContextImpl (3694): Calling a method in the system without a qualified user process: android.app.ContextImpl.sendBroadcast: 1067 com.android.internal.policy.impl.PhoneWindowManager.interceptKeyBeforeDispatching: com.android.server.wm.InputMonitor.interceptKeyBeforeDispatching 1939 352 com.android.server.input.InputManagerService.interceptKeyBeforeDispatching: 1408 dalvik.system.NativeStart.run: -2 I do not have the source code of the kernel. Any ideas?
Allwinner A23 Tablet: Launching Camera App freezes Tablet.
Hello i changed the Rom on my Tablet to : PH_A76h_android4.4_v2.0_800x480-auto-gc2035-gc0308-wifi5990p-20141211a.img Everything works okay, but not the Camera. The Tablet has 2 Cameras Front and Back with 0,3 Mpixels each. The are on the same Cable going from the Mainboard to the FrontCam and then to the Back Camera. When i launch the App the Tablet freezes.. Sometimes it resets itself after an Minute or so (not always) BTW: I have saved the Data of the Nand-Partitions with the old Firmware (if you need some infos/settings/config from them) I also have changed the script0.bin from the old Firmware to fex and changed everything in DragonFaces SystemConfiguration like it was in the Script0.bin from the original Firmware. Here is the Block i Changed in System-Editor: Code: ;-------------------------------------------------------------------------------- ;vip (video input port) configuration ;vip_used: 0:disable 1:enable ;vip_mode: 0:sample one interface to one buffer 1:sample two interface to one buffer ;vip_dev_qty: The quantity of devices linked to capture bus ;vip_dev(x)_isp_used 0: not use isp 1:use isp ;vip_dev(x)_fmt: 0:yuv 1:bayer raw rgb ;vip_dev(x)_stby_mode: 0:not shut down power at standby 1:shut down power at standby ;vip_dev(x)_vflip: flip in vertical direction 0:disable 1:enable ;vip_dev(x)_hflip: flip in horizontal direction 0:disable 1:enable ;vip_dev(x)_iovdd: camera module io power handle string, pmu power supply ;vip_dev(x)_iovdd_vol: camera module io power voltage, pmu power supply ;vip_dev(x)_avdd: camera module analog power handle string, pmu power supply ;vip_dev(x)_avdd_vol: camera module analog power voltage, pmu power supply ;vip_dev(x)_dvdd: camera module core power handle string, pmu power supply ;vip_dev(x)_dvdd_vol: camera module core power voltage, pmu power supply ;vip_dev(x)_afvdd: camera module vcm power handle string, pmu power supply ;vip_dev(x)_afvdd_vol: camera module vcm power voltage, pmu power supply ;x indicates the index of the devices which are linked to the same capture bus ;fill voltage in uV, e.g. iovdd = 2.8V, vip_devx_iovdd_vol = 2800000 ;fill handle string as below: ;axp22_eldo3 ;axp22_dldo4 ;axp22_eldo2 ;fill handle string "" when not using any pmu power supply ;-------------------------------------------------------------------------------- [csi0] vip_used = 1 vip_mode = 0 vip_dev_qty = 2 vip_csi_pck = port:PE00<2><default><default><default> vip_csi_mck = port:PE01<2><default><default><default> vip_csi_hsync = port:PE02<2><default><default><default> vip_csi_vsync = port:PE03<2><default><default><default> vip_csi_d0 = port:PE04<2><default><default><default> vip_csi_d1 = port:PE05<2><default><default><default> vip_csi_d2 = port:PE06<2><default><default><default> vip_csi_d3 = port:PE07<2><default><default><default> vip_csi_d4 = port:PE08<2><default><default><default> vip_csi_d5 = port:PE09<2><default><default><default> vip_csi_d6 = port:PE10<2><default><default><default> vip_csi_d7 = port:PE11<2><default><default><default> vip_dev0_mname = "siv121d" vip_dev0_lane = 1 vip_dev0_twi_id = 2 vip_dev0_twi_addr = 102 vip_dev0_isp_used = 0 vip_dev0_fmt = 0 vip_dev0_stby_mode = 0 vip_dev0_vflip = 0 vip_dev0_hflip = 0 vip_dev0_iovdd = "axp22_dldo3" vip_dev0_iovdd_vol = 2800000 vip_dev0_avdd = "axp22_ldoio0" vip_dev0_avdd_vol = 2800000 vip_dev0_dvdd = "axp22_eldo2" vip_dev0_dvdd_vol = 1800000 vip_dev0_afvdd = "" vip_dev0_afvdd_vol = 2800000 vip_dev0_power_en = vip_dev0_reset = port:PE14<1><default><default><0> vip_dev0_pwdn = port:PE15<1><default><default><1> vip_dev0_flash_en = port:PB00<1><default><default><0> vip_dev0_flash_mode = vip_dev0_af_pwdn = vip_dev1_mname = "siv121d" vip_dev1_lane = 1 vip_dev1_twi_id = 2 vip_dev1_twi_addr = 102 vip_dev1_isp_used = 0 vip_dev1_fmt = 0 vip_dev1_stby_mode = 0 vip_dev1_vflip = 0 vip_dev1_hflip = 0 vip_dev1_iovdd = "axp22_dldo3" vip_dev1_iovdd_vol = 2800000 vip_dev1_avdd = "axp22_ldoio0" vip_dev1_avdd_vol = 2800000 vip_dev1_dvdd = "axp22_eldo2" vip_dev1_dvdd_vol = 1800000 vip_dev1_afvdd = "" vip_dev1_afvdd_vol = 2800000 vip_dev1_power_en = vip_dev1_reset = port:PE16<1><default><default><0> vip_dev1_pwdn = port:PE17<1><default><default><1> vip_dev1_flash_en = port:PB00<1><default><default><0> vip_dev1_flash_mode = vip_dev1_af_pwdn = [camera_list_para] camera_list_para_used = 0 ov7670 = 0 gc0308 = 1 gt2005 = 0 hi704 = 0 sp0838 = 0 mt9m112 = 0 mt9m113 = 0 gc2035 = 1 ov2655 = 0 hi253 = 1 gc0307 = 0 mt9d112 = 0 ov5640 = 0 ov5647 = 0 gc2015 = 0 ov2643 = 0 gc0329 = 0 gc0309 = 0 s5k4ec = 0 siv121d = 0 siv120d = 0 I also copied camera.cfg from the old /system/etc to the new installation. But still freezes don't know what to do now. Please help.