[WIP] GL Enabled CM9 ICS - Nexus One Android Development

I am posting here because I do not have permission to post in the android dev forum. Thanks to j00m who helped post my ROM earlier in the dev forum, but I thought I should build up my posts to be able to post stuff myself too Here is another smaller system.img file that should work with stock hboot or blackrose (not tested) and has the home button working. The ROM should be considered alpha quality at best as is with other CM9 ROMs.
(system.img)
http://www.mediafire.com/?9lcz59qq8s1qgvb
boot.img (if you have one from drewis' alphas, you do not need to flash this.)
http://www.mediafire.com/?kilz59rjc8kug1m
Be sure to wipe data/cache before reboot. You should be able to use the google apps from userdata.img from one of drewis's alphas.
The ROM is built from CM9, with my changes to make use of the adreno GL drivers. Credits are due to the CM team and all whose code is included in CM9. There should be many to name and I do not want to miss out anyone who deserves credit.
Will post code changes soon. Need to clean it up. Hence the delay.
I hope that when I have enough posts to be privileged, this thread can be moved into the dev forum.
Enjoy!!

Here is the source patch.
diff --git a/frameworks/base/libs/gui/SurfaceTexture.cpp b/frameworks/base/libs/gui/SurfaceTexture.cpp
index c72a45b..9e425e3 100644
--- a/libs/gui/SurfaceTexture.cpp
+++ b/libs/gui/SurfaceTexture.cpp
@@ -246,6 +246,8 @@ status_t SurfaceTexture::requestBuffer(int slot, sp<GraphicBuffer>* buf) {
return NO_ERROR;
}
+#define MAX_SLEEPTIMEOUTS (5)
+
status_t SurfaceTexture::dequeueBuffer(int *outBuf, uint32_t w, uint32_t h,
uint32_t format, uint32_t usage) {
ST_LOGV("SurfaceTexture::dequeueBuffer");
@@ -262,6 +264,9 @@ status_t SurfaceTexture::dequeueBuffer(int *outBuf, uint32_t w, uint32_t h,
int found, foundSync;
int dequeuedCount = 0;
bool tryAgain = true;
+ int sleepTimeouts = 0;
+ bool eglWorkAround = true;
+
while (tryAgain) {
if (mAbandoned) {
ST_LOGE("dequeueBuffer: SurfaceTexture has been abandoned!");
@@ -342,6 +347,21 @@ status_t SurfaceTexture::dequeueBuffer(int *outBuf, uint32_t w, uint32_t h,
// clients are not allowed to dequeue more than one buffer
// if they didn't set a buffer count.
if (!mClientBufferCount && dequeuedCount) {
+ LOGV("SurfaceTexture::dequeue: Not allowed to dequeue more than a "
+ "buffer\n");
+ if (eglWorkAround) {
+ if (sleepTimeouts++ < MAX_SLEEPTIMEOUTS) {
+ LOGD("SurfaceTexture::dequeue: Not allowed to dequeue more "
+ "than a buffer SLEEPING\n");
+ usleep(100000);
+ } else {
+ mClientBufferCount = mServerBufferCount;
+ LOGD("SurfaceTexture::dequeue: Not allowed to dequeue more "
+ "than a buffer RETRY mBufferCount:%d mServerBufferCount:%d\n",
+ mBufferCount, mServerBufferCount);
+ }
+ continue;
+ }
return -EINVAL;
}
@@ -353,6 +373,13 @@ status_t SurfaceTexture::dequeueBuffer(int *outBuf, uint32_t w, uint32_t h,
// than allowed.
const int avail = mBufferCount - (dequeuedCount+1);
if (avail < (MIN_UNDEQUEUED_BUFFERS-int(mSynchronousMode))) {
+ if (eglWorkAround && mClientBufferCount != 0) {
+ mBufferCount++;
+ mClientBufferCount = mServerBufferCount = mBufferCount;
+ LOGD("SurfaceTexture::dequeuebuffer: MIN EXCEEDED "
+ "mBuffer:%d bumped\n", mBufferCount);
+ continue;
+ }
ST_LOGE("dequeueBuffer: MIN_UNDEQUEUED_BUFFERS=%d exceeded "
"(dequeued=%d)",
MIN_UNDEQUEUED_BUFFERS-int(mSynchronousMode),
@@ -700,8 +727,8 @@ status_t SurfaceTexture::updateTexImage() {
ST_LOGW("updateTexImage: clearing GL error: %#04x", error);
}
- glBindTexture(mTexTarget, mTexName);
- glEGLImageTargetTexture2DOES(mTexTarget, (GLeglImageOES)image);
+ glBindTexture(getCurrentTextureTarget(), mTexName);
+ glEGLImageTargetTexture2DOES(getCurrentTextureTarget(), (GLeglImageOES)image);
bool failed = false;
while ((error = glGetError()) != GL_NO_ERROR) {
@@ -736,7 +763,7 @@ status_t SurfaceTexture::updateTexImage() {
mDequeueCondition.signal();
} else {
// We always bind the texture even if we don't update its contents.
- glBindTexture(mTexTarget, mTexName);
+ glBindTexture(getCurrentTextureTarget(), mTexName);
}
return OK;
@@ -762,6 +789,9 @@ bool SurfaceTexture::isExternalFormat(uint32_t format)
}
GLenum SurfaceTexture::getCurrentTextureTarget() const {
+ if (mTexTarget == GL_TEXTURE_EXTERNAL_OES) {
+ return GL_TEXTURE_2D;
+ }
return mTexTarget;
}
diff --git a/frameworks/base/services/surfaceflinger/Layer.cpp b/frameworks/base/services/surfaceflinger/Layer.cpp
index 317cc3b..9e92e81 100644
--- a/services/surfaceflinger/Layer.cpp
+++ b/services/surfaceflinger/Layer.cpp
@@ -40,6 +40,8 @@
#include "SurfaceTextureLayer.h"
#define DEBUG_RESIZE 0
+#define GL_TEXTURE_EXTERNAL_OES GL_TEXTURE_2D
+
namespace android {
diff --git a/device/htc/passion-common/BoardConfigCommon.mk b/device/htc/passion-common/BoardConfigCommon.mk
index b86c580..e17da36 100644
--- a/BoardConfigCommon.mk
+++ b/BoardConfigCommon.mk
@@ -73,7 +73,7 @@ BOARD_VENDOR_USE_AKMD := akm8973
## Hardware rendering
## doesn't actually work until we have hwcomposer
-USE_OPENGL_RENDERER := true
+USE_OPENGL_RENDERER := false
BOARD_EGL_CFG := device/htc/passion-common/egl.cfg
## for rmcc egl hack
COMMON_GLOBAL_CFLAGS += \
On Media fire:
http://www.mediafire.com/?dxzyyfzzp9m6fu8
It works with OPENGL_RENDERER := true as well, but is quite slow and crashes often, with OPENGL_RENDERER := false things are much more stable and usable as is the ROM posted above.
Thanks.

Good job guy.Keep it up ,waiting for next version

mori90 said:
Good job guy.Keep it up ,waiting for next version
Click to expand...
Click to collapse
+1 Agreed. Cant wait to see what you and texasice does next.

Confirm it is working with blackrose. But what i noticed:
-Superuser crashes when trying to update the su binary.
-My USM App is corrupted. Filesize is 12 kb, instead of 38. When trying to use it (activate UMS) it prompts a toast saying "Superuser permission denied", but it doesn't even promt the request popup before; though there is no entry in the Superuser App list.
EDIT: After rm Superuser.apk and flashing the signed Superuser zip via recovery, using su works now.
That made it possible to use the UMS App again and also to use Titanium to restore all Gapps (incl. Account Setup).

Could you check the permissions on the actual su binary itself?

rapmv78 said:
Could you check the permissions on the actual su binary itself?
Click to expand...
Click to collapse
not any longer. :/ (see edited post above) btw: did you made any changes to my ums app? noticed the smaller file size and seems like some notifications are not there any longer!?

Most likely that the permission got fixed when you flashed the Superuser zip file. Good to know it is resolved. Have you seen any other issues pertaining to graphics? I am just curious to know how GL works for others

rapmv78 said:
Have you seen any other issues pertaining to graphics? I am just curious to know how GL works for others
Click to expand...
Click to collapse
So far not. Everything is fine. Played a few videos with diefferent formats without any issues amd now i'm populating the system with apps and restoring settings.. One thing (not gl related) i'm struggeling with, is to get the market running. for whatever reason every version i installed opens fine, let me connect to my google account but then says network error (in wifi and also mobile data mode). Same error with Maps.. I'll post updates as soon as i have some. But beside this, everything looks really good. Meanwhile i can offer a system report if that helps you to get any information: http://www.nahklick.de/user/stephan/android_report.html

Bexton said:
So far not. Everything is fine. Played a few videos with diefferent formats without any issues amd now i'm populating the system with apps and restoring settings.. One thing (not gl related) i'm struggeling with, is to get the market running. for whatever reason every version i installed opens fine, let me connect to my google account but then says network error (in wifi and also mobile data mode). Same error with Maps.. I'll post updates as soon as i have some. But beside this, everything looks really good. Meanwhile i can offer a system report if that helps you to get any information: http://www.nahklick.de/user/stephan/android_report.html
Click to expand...
Click to collapse
Regarding the market, did you try clearing the cache for the app and reboot (the usual method iirc) ? System report looks fine. Thanks.

rapmv78 said:
Regarding the market, did you try clearing the cache for the app and reboot (the usual method iirc) ?
Click to expand...
Click to collapse
yep, didn't solved it!? but stopped trying now.
at the moment i'm watching spiderman 3 in 720p x264 mkv format. trailer worked fine. full movie judderes a bit from time to time but it is running for 15 minutes now without hanging up or whatever.
edit: 1080p also works but is really slow and the judder effect is much bigger.

Thread moved to dev section and link to mediafire ok

What's working and what's not?

imfloflo said:
Thread moved to dev section and link to mediafire ok
Click to expand...
Click to collapse
second post, the link to media fire is not ok!

@j00m Fix

Thread moved in General Section to allow OP to respond for the moment

This ROM enables hardware acceleration for most of the tasks as used to be in gingerbread. Am interested in knowing the experience of others using this mod.
Thanks.

Trackball wakeup will have next next... version,right ???
Why this ver. is working perfect on wifi(Static IP) but texasice version is not ??

I am not sure about the difference with static IP working in this ROM v/s texas ice's. Also since I posted the source code and is in CM9, you should just be able to get more features out of the other ROMs than you would from me This ROM was more of a proof of concept to see if openGL acceleration patch was usable and looks like it does. Thanks for your help in testing it. I do not have any plans to release new ROMs, as all I would be doing is pull the code and compiling it, without any value add from my side (now that the code has already been merged).
The mod can actually close this thread if need be.
Thanks.

what's working and what's not?

Related

[Q] Need help hijacking/hooking/wrapping kernel function

I've made some modifications to drivers/usb/otg/msm_otg.c in order to support usb host mode for the Nexus 4: http://forum.xda-developers.com/showthread.php?t=2181820
So far, I've been building off Franco's sources, since I was using his kernel anyway. But this has its problems. I'm not looking to have to constantly keep up with Franco's nightlies. A good amount of posts from people are asking if I could compile a different kernel with the otg modifications, or if they could flash a different kernel on top. Franco's been getting requests to implement the modifications, and I didn't mean to put any onus on him.
I've been trying to do some research on creating a kernel module that could somehow hijack/hook/wrap the static functions I've made changes to in msm_otg.c. This is all way, way over my head though, and I could really use some help here. I've done some reading so far, but it hasn't gotten me anywhere. I got some good help on IRC, but am stuck again.
To get things rolling, I've manually found the address from /proc/kallsyms of static function msm_chg_detect_work to be 0xc03b4950. I'm trying to make a jump from here to my own function. I was provided make_jump_op for this purpose, although I have no understanding of how it works. Here is more or less what I've got so far (relevant bits..):
Code:
// max distance: 0x02000000
unsigned int make_jump_op(unsigned int src, unsigned int dst) {
unsigned int o;
int distance;
distance = (int)( ((long long)dst) - (((long long)src) + 8) );
if (distance > 32*1024*1024 || distance < -32*1024*1024) {
printk(KERN_ERR "distance too big!\n");
return 0; // crash, BOOOOM!
}
distance = distance / 4; // read: ">>2"
o = *((unsigned int *)(&distance)); // is there a proper way to do this, too?
o = (o & 0x00ffffff) + 0xea000000;
return o;
}
static void msm_chg_detect_work_MOD(struct work_struct *w) {
printk(KERN_INFO "TEST\n");
}
static int ziddey_otg_init(void) {
unsigned int *origcall;
printk(KERN_INFO "Loading kernel module '%s'\n", MODULE_NAME);
// 0xc03b4950: msm_chg_detect_work
origcall = (unsigned int *) 0xc03b4950;
preempt_disable();
*origcall = make_jump_op(0xc03b4950, (unsigned int)(void*)msm_chg_detect_work_MOD);
preempt_enable();
printk(KERN_INFO "Loaded kernel module '%s'\n", MODULE_NAME);
return 0;
}
Can anyone make sense of this? I get an Oops error and kernel panic.
Thank you
Code:
$ grep msm_chg_detect_work /proc/kallsyms
c03b4950 t msm_chg_detect_work

[Q] prevent android from storing plain text wifi passwords [solved]

Hey,
a few months ago I read somewhere that android stores the wifi passwords in plain text (seems to be known since 2010: http://forum.xda-developers.com/showthread.php?t=794555 but no one cares?!)
Because I don't want my wifi password to be stored that way, I searched for a way to store the wpa passphrase. This wasn't difficult, because android usese wpa_supplicant, means I just had to find out my passphrase and replace the plain key in /data/misc/wifi/wpa_supplicant.conf with it. Everything still works fine and my phone is able to connect to wifi.
Now my question is: is there a way to store every new wifi password this way? It's annoying to have to edit the wpa_supplicant.conf file manually...
One problem is, that it seems like android doesn't have the wpa_passphrase binary included, even if the source code seems to exist in the wpa_supplicant repository ( https://android.googlesource.com/platform/external/wpa_supplicant_6/ ).
If someone could tell me, how to build the code (I'm not familiar with the ndk), I could try writing an app, which replaces all plain text passwords with the passphrases.
But it would be awesome, if it were possible to integrate this feature in a custom rom, so no more passwords are stored plain text.
Best regards,
David
Finally, I was able to build CarbonRom from source and found a way to integrate this in the rom! On my device, no wifi password is stored in plain text anymore It took a long time to figure out what file I have to change but finally, I got it
If you are interested, I could create a patch and post it here but I don't know how to submit patches to github.
The only thing that confuses me: I found out, that the SSID I use to generate the password hash is quoted. Means, ThisIsASSID is stored as "ThisIsASSID". But actually the password hash should be wrong because it doesn't use ThisIsASSID. Anyway, it works And the password in wpa_supplicant.conf is hashed.
Edit: Cheered too soon... The wpa_supplicant.conf is probably just read at boot time. After a reboot I couldn't connect to my wifi anymore... But if I change the hash in the wpa_supplicant.conf file manually to the right one it works, so now I have to solve the quoting thing. But that shouldn't be difficult.
So, all problems solved now
Here is a patch I created, if anyone is interested:
PHP:
--- original/external/wpa_supplicant_8/wpa_supplicant/config_file.c 2013-08-15 00:12:50.000000000 +0200
+++ carbon/external/wpa_supplicant_8/wpa_supplicant/config_file.c 2013-08-15 01:09:21.876028461 +0200
@@ -19,6 +19,7 @@
#include "p2p/p2p.h"
#include "eap_peer/eap_methods.h"
#include "eap_peer/eap.h"
+#include "crypto/sha1.h"
static int newline_terminated(const char *buf, size_t buflen)
@@ -483,10 +484,36 @@
static void write_psk(FILE *f, struct wpa_ssid *ssid)
{
+ unsigned char psk[32];
char *value = wpa_config_get(ssid, "psk");
- if (value == NULL)
+ char *s = wpa_config_get(ssid, "ssid");
+ if(value == NULL || s == NULL)
return;
- fprintf(f, "\tpsk=%s\n", value);
+ int slen = os_strlen(s);
+ int plen = os_strlen(value);
+ int pskquoted = (value[0] == '"' && value[plen - 1] == '"') ? 1 : 0;
+ int i;
+ //if passphrase length is 64 it's already hashed as well as hashed passphrases aren't quoted
+ if( pskquoted == 1 || plen < 64){
+ //Check for quotes and remove if necessary
+ if(s[slen - 1] == '"' && s[0] == '"') {
+ s[slen - 1] = '\0';
+ s++;
+ }
+ if(pskquoted == 1) {
+ value[plen - 1] = '\0';
+ value++;
+ }
+ //Hash passphrase
+ pbkdf2_sha1(value, (u8 *) s, os_strlen(s), 4096, psk, 32);
+ fprintf(f, "\tpsk=");
+ for (i = 0; i < 32; i++)
+ fprintf(f, "%02x", psk[i]);
+ fprintf(f, "\n");
+ } else {
+ fprintf(f, "\tpsk=%s\n", value);
+ }
+ os_free(s);
os_free(value);
}
I didn't found a place in the java code so I directly edited the c code of wpa_supplicant

[MOD][KK][XPOSED] KitKat SD Card Full Access

This module fixing external SD card write issue on Android 4.4 KitKat. Module does not have any setting activity. Just enable it in Module tab and restart your phone.
No need to patch platform.xml file.
http://repo.xposed.info/module/kz.virtex.android.sdcardfix
Can be downloaded in Xposed Download tab.
HOW IT WORKS and WHAT FOR?
KitKat No SD card access
If SD card write access not enabled, then no any application without root permission can operate with files on SD Card.
KitKat WITH SD Card access
Once mod is enabled - any application without root access can operate with files on SD, including move, copy, delete.
Source code for other developers
Code:
/*
The MIT License (MIT)
Copyright (c) 2014 by Nurlan Mukhanov aka Falseclock
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in
all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
THE SOFTWARE.
*/
package kz.virtex.android.sdcardfix;
import de.robv.android.xposed.IXposedHookZygoteInit;
import de.robv.android.xposed.XC_MethodHook;
import de.robv.android.xposed.XposedHelpers;
public class XMain implements IXposedHookZygoteInit
{
@Override
public void initZygote(StartupParam startupParam) throws Throwable
{
final Class<?> pms = XposedHelpers.findClass("com.android.server.pm.PackageManagerService", null);
XposedHelpers.findAndHookMethod(pms, "readPermission", "org.xmlpull.v1.XmlPullParser", "java.lang.String", new XC_MethodHook()
{
protected void afterHookedMethod(MethodHookParam param) throws Throwable
{
String permission = (String) param.args[1];
if (permission.equals("android.permission.WRITE_EXTERNAL_STORAGE")) {
Class<?> process = XposedHelpers.findClass("android.os.Process", null);
int gid = (Integer) XposedHelpers.callStaticMethod(process, "getGidForName", "media_rw");
Object mSettings = XposedHelpers.getObjectField(param.thisObject, "mSettings");
Object mPermissions = XposedHelpers.getObjectField(mSettings, "mPermissions");
Object bp = XposedHelpers.callMethod(mPermissions, "get", permission);
int[] bp_gids = (int[]) XposedHelpers.getObjectField(bp, "gids");
XposedHelpers.setObjectField(bp, "gids", appendInt(bp_gids, gid));
}
}
});
}
private static int[] appendInt(int[] cur, int val)
{
if (cur == null) {
return new int[]
{ val };
}
final int N = cur.length;
for (int i = 0; i < N; i++) {
if (cur[i] == val) {
return cur;
}
}
int[] ret = new int[N + 1];
System.arraycopy(cur, 0, ret, 0, N);
ret[N] = val;
return ret;
}
}
Advantage against HandleExternalStorage: http://forum.xda-developers.com/xposed/modules/app-handleexternalstorage-t2693521 ?
Did not know that there was already such a fix available. Just found this one and since it is activated I have much less lags. Seems there were many apps trying to access Sdcard causing lags. Awesome!
Sent from my GT-I9300 using XDA Premium 4 mobile app
Can you share source code?
pyler said:
Can you share source code?
Click to expand...
Click to collapse
yep!
see first post
defim said:
Advantage against HandleExternalStorage: http://forum.xda-developers.com/xposed/modules/app-handleexternalstorage-t2693521 ?
Click to expand...
Click to collapse
oops. tried to search something with "SD" word in repository and didn't find anything.
thought nobody still implemented such mod.
Just downloaded module, decompiled and compared with my version.
I think my method works much more correct and less battery power consumptive. I only hooking internal android packages at startup, while module above doing this with every application.
Falseclock said:
oops. tried to search something with "SD" word in repository and didn't find anything.
thought nobody still implemented such mod.
Just downloaded module, decompiled and compared with my version.
I think my method works much more correct and less battery power consumptive. I only hooking internal android packages at startup, while module above doing this with every application.
Click to expand...
Click to collapse
Awesome! Thanks for source!
Falseclock said:
I think my method works much more correct and less battery power consumptive. I only hooking internal android packages at startup, while module above doing this with every application.
Click to expand...
Click to collapse
No. Mine gives extra battery power
The funny thing is that both are 99% the same, the only difference is appendInt()
defim said:
No. Mine gives extra battery power
The funny thing is that both are 99% the same, the only difference is appendInt()
Click to expand...
Click to collapse
That's good if so! :good:
do you know alternative to com.android.internal.util.ArrayUtils? Not to use internal API...
pyler said:
do you know alternative to com.android.internal.util.ArrayUtils? Not to use internal API...
Click to expand...
Click to collapse
Code:
public static int[] appendInt(int[] cur, int val) {
if (cur == null) {
return new int[] { val };
}
final int N = cur.length;
for (int i = 0; i < N; i++) {
if (cur[i] == val) {
return cur;
}
}
int[] ret = new int[N + 1];
System.arraycopy(cur, 0, ret, 0, N);
ret[N] = val;
return ret;
}
Is this module necessary for CM11 too? Sorry for noob question
Edit: Got it. Its not needed
Does this also fix the option of deleting SD files through regular file explorers and apps?
Abu-7abash said:
Does this also fix the option of deleting SD files through regular file explorers and apps?
Click to expand...
Click to collapse
12k downloads and no any complain
Just bought a sd card 64 gb samsung EVO , and i have no problem with full acces , copy/erase/moving apps , without installing this module , so , for what is useful this mod ???
Doesn't work for me :^(
Neither this nor the other xposed app mentioned in this thread work for me. Installed the app, marked it active, rebooted (just like I do with any xposed module) and still my apps can't touch the SD space.
Any thoughts or ideas anyone?
Samsung Galaxy Note 10.1 (2014 Edition)
SM-P600
Android 4.4.2
Build KOT49H.P600UEUCND2
i face also the same problem. Xperia Z2 here (latest version, Rooted), i have installed / reboot the module, but doesn't let me to move apps to my SD.
Is there any viable solution?
Ty in advance
Doesn't work on Note 3 AT&T.
Sent from the Phantom Drive on Krypton.
What exactly does this module do?
HunterNIU said:
Neither this nor the other xposed app mentioned in this thread work for me. Installed the app, marked it active, rebooted......
Click to expand...
Click to collapse
@Falseclock, same here.....using Xolo Q3000 device with Stock Rooted Android v4.4.2. used this app. (i just hope this is not deemed off-topic here....)
i'm trying to use onandroid v9.51 to create nandroid backups while the device is running. see pics of command output and also platform.xml.
i even tried making changes to /mnt/media_rw like in the pic below (right). still, no go!
any idea why the file system remains read-only? please suggest a workaround or alternate methods. i'm not knowledgeable enough.
many thanks in advance. :fingers-crossed:

i9305 not wokring 2G network in Android 5.1

Hi,
I have a problem with 2G (edge, I didn`t try GPRS) networks on my i9305 in Android 5.1. I can connect to 3G and 4G without problem, but for 2G I get only an exclamation mark on the side of the signal icon and no connection. I tried several ROMs, which I found here and my own cm12.1 build (I actually started with that one) - all with the same result:
AOSP-5.1.1-20150605-i9305-rodman01.zip
BlissPop-v4.0.3-i9305-UNOFFICIAL-20151011-2232.zip
LS-LP-v4.1-2015-10-23-liquid_i9305.zip
Sammy_Resurrection-Remix-LP-v5.5.9-20151122-i9305.zip
cm-12.1-20151201-UNOFFICIAL-i9305.zip (from winxuser)
I did some debugging and discovered that the problem is in wrong data coming from rild. I described it with more details here: forum.cyanogenmod.org/topic/118467-how-to-debug-non-working-2g-network I even found on the web some logs with the same wrong value and posts describing similar or the same behavior. I also found some posts saying, that it is fixed, but I can`t find any ROM, where it is working.
As you can see in my post on cyanogenmod forum, I have a solution, but not a nice one. It is a hack. So I want to ask – is there someone who had the same problem and fixed it? Or some who has the same phone and not this problem? If yes, how did you fix it? Exactly which ROM, prorietary files did you use?
Thank you
Pavel
OK, I am giving up. I tried several more ROMs:
Slim-i9305-5.1.1.beta.0.9-UNOFFICIAL-20151024-2015.zip
aicp_i9305_lp-10.0-NIGHTLY-20151128.zip
cm-12.1-20151202-UNOFFICIAL-i9305.zip
nameless-5.1.1-20151019-i9305-NIGHTLY.zip
The result is still the same. Maybe it has something to do with carrier operator (but I don`t have this problem in cm 11). I found fix similar to mine, which I described in cyanogenmod forum, so I`ll use that. See here github.com/CyanogenMod/android_device_samsung_jf-common/blob/cm-12.1/ril/telephony/java/com/android/internal/telephony/jflteRIL.java if you are interested. Specifically method responseVoiceDataRegistrationState. It replaces the wrong rild data in the same way.
I have the same problem @p.a.n.
Please tell me how I fix it, even if it´s a hack... Thanks
Hi,
here is the final diff I use:
Code:
project device/samsung/smdk4412-qcom-common/
diff --git a/ril/telephony/java/com/android/internal/telephony/smdk4x12QComRIL.java b/ril/telephony/java/com/android/internal/telephony/smdk4x12QComRIL.java
index 0e8d798..619be34 100644
--- a/ril/telephony/java/com/android/internal/telephony/smdk4x12QComRIL.java
+++ b/ril/telephony/java/com/android/internal/telephony/smdk4x12QComRIL.java
@@ -409,8 +409,8 @@ public class smdk4x12QComRIL extends RIL implements CommandsInterface {
case RIL_REQUEST_UDUB: ret = responseVoid(p); break;
case RIL_REQUEST_LAST_CALL_FAIL_CAUSE: ret = responseInts(p); break;
case RIL_REQUEST_SIGNAL_STRENGTH: ret = responseSignalStrength(p); break;
- case RIL_REQUEST_VOICE_REGISTRATION_STATE: ret = responseVoiceDataRegistrationState(p); break;
- case RIL_REQUEST_DATA_REGISTRATION_STATE: ret = responseVoiceDataRegistrationState(p); break;
+ case RIL_REQUEST_VOICE_REGISTRATION_STATE: ret = responseVoiceDataRegistrationState(p,false); break;
+ case RIL_REQUEST_DATA_REGISTRATION_STATE: ret = responseVoiceDataRegistrationState(p,true); break;
case RIL_REQUEST_OPERATOR: ret = operatorCheck(p); break;
case RIL_REQUEST_RADIO_POWER: ret = responseVoid(p); break;
case RIL_REQUEST_DTMF: ret = responseVoid(p); break;
@@ -580,9 +580,16 @@ public class smdk4x12QComRIL extends RIL implements CommandsInterface {
}
private Object
- responseVoiceDataRegistrationState(Parcel p) {
+ responseVoiceDataRegistrationState(Parcel p, boolean data) {
String response[] = (String[])responseStrings(p);
if (isGSM){
+ if(data &&
+ response.length > 4 &&
+ response[0] != null && response[0].equals("1") &&
+ response[3] != null && response[3].equals("102")){
+ riljLog("responseVoiceDataRegistrationState overriding 102 -> 2");
+ response[3]="2";
+ }
return response;
}
if (response.length>=10){
Or you can try replace /system/framework/telephony-common.jar with attached telephony-common.jar, but be careful with that (make backup), I can`t guarantee that it will work with the rest of your system.

How to go about patching the kernel to get EHCI(USB 2.0) devices to behave like xHCI?

Basically, there has been an app ported to Android that allows even unrooted(stock) devices to deliver a bootrom exploit to the Nintendo Switch via USB-OTG and a USB cable (or C-to-C). USB 3.0 (xHCI) devices have no issues and deliver the exploit just fine. Apparently it is not even a USB 2.0 problem but rather how the EHCI performs, as certain USB 2.0 phones actually have the xHCI controller and can run the exploit just fine. What happens is that although it can detect the connected Switch in Tegra Recovery Mode, it just doesn't do anything and gives an error in the logs, "SUMBITURB failed".
On Linux desktop systems it is similar, but the exploit can still work with a kernel patch provided by a hacking group that discovered the exploit in the first place:
Code:
--- linux-4.14.27/drivers/usb/host/ehci-hcd.c.old 2018-04-17 18:00:00.000000000 +0000
+++ linux-4.14.27/drivers/usb/host/ehci-hcd.c 2018-04-17 18:00:00.000000000 +0000
@@ -873,14 +873,6 @@
INIT_LIST_HEAD (&qtd_list);
switch (usb_pipetype (urb->pipe)) {
- case PIPE_CONTROL:
- /* qh_completions() code doesn't handle all the fault cases
- * in multi-TD control transfers. Even 1KB is rare anyway.
- */
- if (urb->transfer_buffer_length > (16 * 1024))
- return -EMSGSIZE;
- /* FALLTHROUGH */
- /* case PIPE_BULK: */
default:
if (!qh_urb_transaction (ehci, urb, &qtd_list, mem_flags))
return -ENOMEM;
The author of the Android port had also written a Python "hotpatch" script for desktop Linux systems:
Code:
#!/usr/bin/env python3
import os
"""
Cursed Code.
This code literally patches your kernel memory, proceed at your own risk.
Tested on Ubuntu 17.10 and Arch, x86_64. Should work on other distros, maybe even other architectures!
Run fusee-launcher.py with the "--override-checks" argument.
If you'd rather patch your drivers properly:
https://github.com/fail0verflow/shofel2/blob/master/linux-ehci-enable-large-ctl-xfers.patch
"""
ksyms = {
line[2]: int(line[0], 16)
for line in
map(lambda l: l.strip().split(),
open("/proc/kallsyms", "r").readlines())}
print(hex(ksyms["ehci_urb_enqueue"]))
patch_c = """
#include <linux/module.h>
#include <linux/kernel.h>
#include <asm/pgtable.h>
static u32 ORIG_MAX = 16*1024;
static u32 NEW_MAX = 0x1000000;
/* borrowed from MUSL because I'm lazy AF */
static char *fourbyte_memmem(const unsigned char *h, size_t k, const unsigned char *n)
{
uint32_t nw = n[0]<<24 | n[1]<<16 | n[2]<<8 | n[3];
uint32_t hw = h[0]<<24 | h[1]<<16 | h[2]<<8 | h[3];
for (h+=3, k-=3; k; k--, hw = hw<<8 | *++h)
if (hw == nw) return (char *)h-3;
return 0;
}
static pte_t* (*lookup_addr)(unsigned long, unsigned int*) = (void *) PLACE2;
static void set_addr_rw(unsigned long addr) {
unsigned int level;
pte_t *pte = lookup_addr(addr, &level);
set_pte_atomic(pte, pte_mkwrite(*pte));
}
int init_module(void) {
void * ehci_urb_enqueue_start = (void *) PLACEHOLDER;
u32 * patch_addr;
printk(KERN_INFO "Patch module loaded\\n");
patch_addr = (u32 *) fourbyte_memmem(ehci_urb_enqueue_start, 0x400, (void *)&ORIG_MAX);
if (patch_addr == NULL) {
printk(KERN_INFO "Failed to find patch site :(\\n");
return -1;
}
printk(KERN_INFO "patch_addr: 0x%px\\n", patch_addr);
set_addr_rw((unsigned long)patch_addr);
*patch_addr = NEW_MAX;
printk(KERN_INFO "Patching done!\\n");
return -1;
}
""".replace("PLACEHOLDER", hex(ksyms["ehci_urb_enqueue"])).replace("PLACE2", hex(ksyms["lookup_address"]))
makefile = """
obj-m += patch.o
all:
make -C /lib/modules/$(shell uname -r)/build M=$(PWD) modules
"""
with open("patch.c", "w") as patchfile:
patchfile.write(patch_c)
with open("Makefile", "w") as mf:
mf.write(makefile)
os.system("make")
print("About to insert patch module, 'Operation not permitted' means it probably worked, check dmesg output.")
os.system("insmod patch.ko")
I tried to see if running it in Termux would do anything but I got the following error:
Code:
0x0
Traceback (most recent call last):
File "ehci_patch.py", line 70, in <module>
" " ".replace("PLACEHOLDER", hex(ksyms["ehci_urb_enqueue"])).replace("PLACE2" hex(ksyms["lookup_address"]))
KeyError: 'lookup_address'
I know that script isn't meant for use on Android anyway but maybe it can lead to a solution. The author of it does not know how to go about it at this time either, but believes an entire recompile of the kernel would be necessary. I am hoping that something like a systemless Magisk module would be the easiest solution for users but do not know if that is possible. I am only guessing it might be possible to create a Magisk module because of audio drivers like VIPER4Android. If indeed a custom kernel is needed, does anyone know how to go about it? It could be difficult to implement for everyone because not everyone has a device where the source to the kernel is available, etc. I am willing, however, to test anything on my tablet which is USB 2.0 and gives the error in the app. Any advice for how to go about this will be greatly appreciated.
I feel ya man, i need this stuff too. NXLoader doesn't work on my Galaxy Grand Prime (G530T) and i really need it to Dx

Categories

Resources