Hallo, I found source code (tocparser) and compiled it and got it a try, but I found more than from what I expected! Tool is abble to dump and write from/to low level things in Xperia phone! Here is tool and simple info about what I tested and what I found.
Warning:
I am not responsible for everything related to using this tool! You can try but on your own risk!!! You can hard brick your device using this tool!!! I tested only "read only mode" and never tried to write to low level memory, so you using this tool on your own risk!
Usage:
Usage:
tocparser [-h] [-dD devicename] [-l] [-gG partition] [-rw partition:filename
or
tocparser -p partition -f filename
-h Print this help.
-d devicename Open device as read-only (default).
-D devicename Open device as read-write.
-l List all partition and image entries.
-g partition Get information for image inside partition.
-G partition Get information for partition.
-r partition:filename Read content of partition into file.
-w partition:filename Write content of file into partition.
-p partition -f filename Write content of file into partition.
By default tocparser will open /dev/block/mmcblk0 as read-only.
If -p and -f are used then /dev/block/mmcblk0 will be opened as read-write.
Click to expand...
Click to collapse
I got dumped some infos:
tocparser -l
Printing TOC at 20000
Offset Size Flags Align LoadAddr ID
0x00000200 0x0000556c 0xffffffff 0xffffffff 0xffffffff "ISSW"
0x00017e00 0x00008150 0xffffffff 0xffffffff 0xffffffff "BKP_PRCMU_1"
0x0000576c 0x00021854 0xffffffff 0xffffffff 0xffffffff "X-LOADER"
0x00046fc0 0x00006408 0xffffffff 0xffffffff 0xffffffff "BKP_MINIT_1"
0x00100000 0x00008150 0xffffffff 0xffffffff 0xffffffff "PWR_MGT"
0x00108150 0x00007eb0 0xffffffff 0xffffffff 0xffffffff "MEM_INIT"
Click to expand...
Click to collapse
Got dumped these partitions to the internal sdcard by using command:
~ # tocparser -r ISSW:/mnt/sdcard/ISSW
tocparser -r ISSW:/mnt/sdcard/ISSW
~ # tocparser -r BKP_PRCMU_1:/mnt/sdcard/BKP_PRCMU_1
tocparser -r BKP_PRCMU_1:/mnt/sdcard/BKP_PRCMU_1
~ # tocparser -r X-LOADER:/mnt/sdcard/X-LOADER
tocparser -r X-LOADER:/mnt/sdcard/X-LOADER
~ # tocparser -r BKP_MINIT_1:/mnt/sdcard/BKP_MINIT_1
tocparser -r BKP_MINIT_1:/mnt/sdcard/BKP_MINIT_1
~ # tocparser -r PWR_MGT:/mnt/sdcard/PWR_MGT
tocparser -r PWR_MGT:/mnt/sdcard/PWR_MGT
~ # tocparser -r MEM_INIT:/mnt/sdcard/MEM_INIT
tocparser -r MEM_INIT:/mnt/sdcard/MEM_INIT
Click to expand...
Click to collapse
Hope this tool will be usefull for example reverse enginering first stage bootloader, maybe secu flag... etc!?? Enjoy in reverse enginering!
Source code is in: snowball-android-staging-20120201.tar.gz
munjeni arrived with a new tool...... thanks for this...... hope this will help some devs.....
R: Tool for low level flashing !
Wouldn't this be able to dump DRM keys before unlocking bootloader?
Sent from my Xperia S using xda app-developers app
mirhl said:
Wouldn't this be able to dump DRM keys before unlocking bootloader?
Sent from my Xperia S using xda app-developers app
Click to expand...
Click to collapse
Lol, No
Sent from my LT22i using Tapatalk 2
Anyone know how to decompile this?
Men what is this file needed to? what will he change? I ask for the response and I apologise for my English
XperianPro said:
Anyone know how to decompile this?
Click to expand...
Click to collapse
Decompile? Why you need to decompile that when you can see source code on http://igloocommunity.org/support/Android_Getting_started_with_GB
mirhl said:
Wouldn't this be able to dump DRM keys before unlocking bootloader?
Sent from my Xperia S using xda app-developers app
Click to expand...
Click to collapse
Good question! If you have ideas than for example you can reguest dump from users with locked bootloader and post it here so some one get it compare... etc!
kamileoo92 said:
Men what is this file needed to? what will he change? I ask for the response and I apologise for my English
Click to expand...
Click to collapse
If you not understand what this tool is than do not try! If you try that without knownledge than there is 90% possibility for hard bricking your phone!
munjeni said:
Decompile? Why you need to decompile that when you can see source code on http://igloocommunity.org/support/Android_Getting_started_with_GB
Click to expand...
Click to collapse
I meant files from phones memory.
For me can somebody answer?
I got some decompiled but I an unable to decompile x-loader still not know what is loading offset! But I am sure something must be interesting there! Its first stage bootloader, but where is seccond stage? Is it u-boot or... ?
munjeni said:
I got some decompiled but I an unable to decompile x-loader still not know what is loading offset! But I am sure something must be interesting there! Its first stage bootloader, but where is seccond stage? Is it u-boot or... ?
Click to expand...
Click to collapse
Im not sure but I think first one loads hardware and second one while second one checks is everything signed.
Not sure but I think its something like this.
want to find where is fastboot and dump all fastboot functions...etc, allso want to try something with dedicating recovery, allso secu flag...etc... have no time now for trying, but I have idea, want to lock my bootloader and research for secu flag!
In x-loader there is something like:
Code:
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
00012690 00 00 00 00 52 44 48 53 50 01 00 01 02 00 00 00 ....RDHSP.......
000126A0 01 00 00 00 02 00 00 00 01 00 00 00 00 00 00 00 ................
000126B0 00 80 00 00 00 00 00 00 FF FF FF FF FF FF FF FF .€......˙˙˙˙˙˙˙˙
But maybe there is for example 0x01 for secu flag or something... need to compare dump from loocked/unlocked bootloader...need to dump u-boot (if exist), need to dump radio... need to dump part of memory with contained fastboot... did you know where lies u-boot?
Great news
Enviado desde mi ST25a usando Tapatalk 2
Nice..will try it
Sent From Heaven ST25i
Related
hello ther every one seeking for help with the ht 1100 neon from japan
i try to dump the rom with a niki kitchen
and also try to backup the spl with spl backup kit,thanks to jocky...
i dont know if i did it well ?
looking for someone that can guide me what to do ??
and to tell if what i do is usefull ?? can we do with it something ??
and how to make what i did to a flashebl rom??
what i do with the nikikitchen are based on a neon300
here are the links for what i did please look at it.
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
C:\orgad>pdocread.exe -l
211.13M (0xd320000) FLASHDR
| 3.12M (0x31f000) Part00
| 3.75M (0x3c0000) Part01
| 85.38M (0x5560000) Part02
| 118.88M (0x76e0000) Part03
1.83G (0x75400000) DSK1:
| 1.83G (0x753eee00) Part00
STRG handles:
handle c74f0f7a 1.83G (0x753eee00)
handle 4741ad4e118.88M (0x76e0000)
handle 6748c356 85.38M (0x5560000)
handle 6748c332 3.75M (0x3c0000)
handle 2748c06e 3.12M (0x31f000)
disk c74f0f7a
0 partitions, 0 binary partitions
customerid=00000000 uniqueid= 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
disk 4741ad4e
0 partitions, 0 binary partitions
customerid=00000000 uniqueid= 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
disk 6748c356
0 partitions, 0 binary partitions
customerid=00000000 uniqueid= 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
disk 6748c332
0 partitions, 0 binary partitions
customerid=00000000 uniqueid= 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
disk 2748c06e
0 partitions, 0 binary partitions
customerid=00000000 uniqueid= 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
C:\orgad>pdocread -w -d FLASHDR -b 0x800 -p Part00 0 0x31f000 Part00.raw
CopyTFFSToFile(0x0, 0x31f000, Part00.raw)
C:\orgad>pdocread -w -d FLASHDR -b 0x800 -p Part01 0 0x3c0000 Part01.raw
CopyTFFSToFile(0x0, 0x3c0000, Part01.raw)
C:\orgad>pdocread -w -d FLASHDR -b 0x800 -p Part02 0 0x5560000 Part02.raw
CopyTFFSToFile(0x0, 0x5560000, Part02.raw)
C:\orgad>pdocread -w -d FLASHDR -b 0x800 -p Part03 0 0x76e0000 Part03.raw
CopyTFFSToFile(0x0, 0x76e0000, Part03.raw)
ERROR: ITReadDisk: outbuf==NULL
- 確立された接続がホスト コンピュータのソウトウェアによって中止されました。
C:\orgad>pdocread -w -d FLASHDR -b 0x800 -p Part03 0 0x76e0000 Part03.raw
CopyTFFSToFile(0x0, 0x76e0000, Part03.raw)
http://www.megaupload.com/?d=WHUK14XW
http://www.megaupload.com/?d=VQXMHUSG
http://www.megaupload.com/?d=HJ6LXD1J
http://www.megaupload.com/?d=7ZXIPD8V
wating for more instruction,and your opinion.
best regards
I've got part01.raw and part02.raw dumped using "Dump My Phone". I'm trying to get a flashable exe of this stupid japanese rom
Now I need to find a kitchen and compile an XIP? Any suggestions?
I tried rebuilding the rom dump last night with a raphael kitchen.... epic fail.
Here is a link to the raw dump if anyone is a wizard at rebuilding roms.
http://www.smithforest.com/DoCoMo_HT1100-Raw_Dump.zip
arasarn said:
I tried rebuilding the rom dump last night with a raphael kitchen.... epic fail.
Here is a link to the raw dump if anyone is a wizard at rebuilding roms.
http://www.smithforest.com/DoCoMo_HT1100-Raw_Dump.zip
Click to expand...
Click to collapse
EDIT: Updated post with model info but the file & readme still show 'unknown'. I will update that once someone tests this & let's us know if it works or not.
OK I rebuilt a rom from your dump files & can post it up but someone needs to be brave enough to test it. I followed the same procedure I used when rebuilding the WWE stock rom (which definitely works) so it SHOULD work but I don't want to be responsible if you brick your phone or overwrite a good rom you can't get back so don't say you haven't been warned!
The Rom is from the NTT DoCoMo Foma HT1100 device ID: Neon100 Japanese language NEON but I have no idea what ROM version this is so assuming it works then we should be able to get ROM version from Device Info once someone flashes it on their phone.
OK here's the good stuff: (I will update this post as more information arrives)
Rebuild Release date: 12/09/09
Thread: http://forum.xda-developers.com/showthread.php?t=520711
Download: http://www.megaupload.com/?d=TB0045FR
PASSWORD: neon
HTC Touch Dual NEON100 NTT DoCoMo Foma HT1100 'stock' (straight rebuild from original dump with no intentional changes made)
ROM: Unknown
ROM date: Unknown
Radio: NOT INCLUDED (Stock was Radio: Unknown Protocol: Unknown)
IMPORTANT: Since this is not true stock rom your NEON *MUST* have hardSPL. I use OliPro's Hard-SPL (Thanks!):
http://forum.xda-developers.com/showthread.php?t=377260
WARNING!! DO NOT INSTALL ON A NIKI! THIS IS *UNTESTED* so use at your own risk! DO NOT flash this ROM unless you are comfortable trying to recover your phone and understand the risks! Check the thread for updated info.
Either way the standard disclaimer applies: USE AT YOUR OWN RISK & be sure to check out the thread to see other's experiences.
Note: Even though I made no changes to the ROM it seems rebuilding it (in particular ImgfsToNb's bigstorage mode) should give more storage available than true stock.
Storage:
Total: ?? MB
In use: ?? MB
Free: ?? MB
Program
Total: ?? MB
In use: ?? MB
Free: ?? MB
Thanks to NetrunnerAT for the NIKI Kitchen I used as a base: http://forum.xda-developers.com/showthread.php?p=1837580
Thanks to seth2006 for NIKICustomRUU.exe from SETHS V3 FINAL Neon_V3: http://forum.xda-developers.com/showthread.php?t=419892
Super thanks goes out to all those who contributed NEON/NIKI info, those who made possible all the kitchens & related tools I used to get this ROM built.
Obviously if HTC would ever get their act together & release a RUU of a true stock rom this will be obsolete but until then this is the best bet for anyone looking for as close to stock for the NEON100 TOUCH DUAL NTT DoCoMo Foma HT1100.
Please share your results so I can update the post & hopefully others find this rebuild useful.
Bill
The Rom is from the NTT DoCoMo Foma HT1100
device ID: Neon100
I succesfully flashed the stock telstra rom (WWE) to input the SIM unlock code, now I am hoping this rom will work to put the phone back into japanese.
Unfortunately the phone now thinks it has 20 keys on the hardware keyboard instead of 16, so at this point my text entry with the phone is no good.
arasarn said:
The Rom is from the NTT DoCoMo Foma HT1100
device ID: Neon100
I succesfully flashed the stock telstra rom (WWE) to input the SIM unlock code, now I am hoping this rom will work to put the phone back into japanese.
Unfortunately the phone now thinks it has 20 keys on the hardware keyboard instead of 16, so at this point my text entry with the phone is no good.
Click to expand...
Click to collapse
Ok thanks arasarn, I'll get the post & readme updated but won't upload a new version until we've had people test the one posted.
Bill
bill rules
worked like a charm!
Now this thing is SIM unlocked and back to the original software.
Bill is the man.
grabbed some of the info off the rom we were looking for. bold and red
Windows mobile build 18553.0.7.6
bill48105 said:
HTC Touch Dual NEON100 NTT DoCoMo Foma HT1100 'stock' (straight rebuild from original dump with no intentional changes made)
ROM: 1.26.731.01
ROM date: 05/06/08
Radio: NOT INCLUDED (Stock was Radio: Unknown Protocol: Unknown)
IMPORTANT: Since this is not true stock rom your NEON *MUST* have hardSPL. I use OliPro's Hard-SPL (Thanks!):
http://forum.xda-developers.com/showthread.php?t=377260
WARNING!! DO NOT INSTALL ON A NIKI! THIS IS *UNTESTED* so use at your own risk! DO NOT flash this ROM unless you are comfortable trying to recover your phone and understand the risks! Check the thread for updated info.
Either way the standard disclaimer applies: USE AT YOUR OWN RISK & be sure to check out the thread to see other's experiences.
Note: Even though I made no changes to the ROM it seems rebuilding it (in particular ImgfsToNb's bigstorage mode) should give more storage available than true stock.
Storage:
Total: 126.29 MB
In use: 33.90 MB
Free: 92.39 MB
Program
Total: 100.83 MB
In use: 34.14 MB
Free: 66.69 MB
Obviously if HTC would ever get their act together & release a RUU of a true stock rom this will be obsolete but until then this is the best bet for anyone looking for as close to stock for the NEON100 TOUCH DUAL NTT DoCoMo Foma HT1100.
Please share your results so I can update the post & hopefully others find this rebuild useful.
Bill
Click to expand...
Click to collapse
arasarn said:
worked like a charm!
Now this thing is SIM unlocked and back to the original software.
Bill is the man.
Click to expand...
Click to collapse
arasarn said:
grabbed some of the info off the rom we were looking for. bold and red
Click to expand...
Click to collapse
That is GREAT NEWS! I'm glad it worked!
Thanks, I'll get the post upated with the info and hopefully other people will test it & I'll repackage the rar.
Bill
Hi,
I'd like to get this Japanese ROM working on my Neon 200 (Aus).
I tried it, and it got through the screen alignment and customising, but it got stuck on the boot screen after that.
Would anyone be able to help me with this?
Thanks!
Is the link for the flashable rom broken now?
Thanks.
RElease soon.Have a look here
http://www.youtube.com/watch?v=-BafG8GS_TI
---------------------------------------------------------------------------------------
How to dump/backup original ROM
Microsoft Windows [Version 6.1.7100]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
E:\PocketPC\ROMs\its>pdocread -l
Copying E:\PocketPC\ROMs\its\itsutils.dll to WCE:\windows\itsutils.dll
410.75M (0x19ac0000) DSK1:
| 1.62M (0x19f000) Part00
| 3.25M (0x340000) Part01
| 90.63M (0x5aa0000) Part02
| 315.25M (0x13b40000) Part03
7.61G (0x1e6e00000) DSK2:
| 7.60G (0x1e6a00000) Part00
STRG handles:
handle cd904882 7.60G (0x1e6a00000)
handle 4f634f6e315.25M (0x13b40000)
handle 2f6aeea6 90.63M (0x5aa0000)
handle 4f6aee82 3.25M (0x340000)
handle 8f6aee3a 1.62M (0x19f000)
disk cd904882
0 partitions, 0 binary partitions
customerid=00000000 uniqueid= 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
disk 4f634f6e
0 partitions, 0 binary partitions
customerid=00000000 uniqueid= 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
disk 2f6aeea6
0 partitions, 0 binary partitions
customerid=00000000 uniqueid= 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
disk 4f6aee82
0 partitions, 0 binary partitions
customerid=00000000 uniqueid= 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
disk 8f6aee3a
0 partitions, 0 binary partitions
customerid=00000000 uniqueid= 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Dump :
pdocread -w -d DSK1: -b 0x800 -p Part00 0 0x19f000 Part00.raw
pdocread -w -d DSK1: -b 0x800 -p Part01 0 0x340000 Part01.raw
pdocread -w -d DSK1: -b 0x800 -p Part02 0 0x5aa0000 Part02.raw - imgfs
pdocread -w -d DSK1: -b 0x800 0x19ac0000 OS.nb
-------------------------------------------------------------------------------------------------------------------------------------------------
dl link
http://rapidshare.com/files/304417770/EUUs_Acer_S200_23506_WWE.7z
Thanks to : Deadman2k, xplode, stark wong, cmonex, fabio and all other friends here
I hope this will be usful
How to flash :
1) Unzip using 7zip.
2) it works on vista and windows 7, but i recommend xp service pack 2 with net cf 20. sp2.0
3)Important step : After unzip, look for a text file called as verion.txt.Edit it as per your device version, and then flash.
4) Follow the instructions and wait for, finish.Allow EXT ROM to install, but one can stop it by pressing camera button.
Known Issues :
SMS Fix.cab is attached as well.PLs install, next release i will integrate it in ext rom
Pls report any other if u face.
TF3D can be installed externally and cab is available here on the forum.Pls search
Kitchen info :
I will also release my scripts, so that anyone can cook their own versions.Pls bear for 2-3days for that
-------------------------------------------------------------------------------------------------------------------------
kitchen info :
How to cook own versions :
I have some scrip of my batch files.Pls follow and make your own kitchen.Please note that, one has to use EXTReloc for reallocation of modules, from deadman2k.I also atach the procedure to use EXTReloc.
@ECHO Off
TOOLS\BuildOS.exe
pause
ECHO Reloc MOdules
EXTReloc.exe
pause
copy flash.bin temp\flash.bin
copy xip_out.bin temp\xip.bin
cd temp
..\TOOLS\osnbtool -sp flash.bin
..\TOOLS\osnbtool -sp flash.bin.bin.nb0
..\TOOLS\osnbtool -d flash.bin.bin.nb0.os.nb 2 imgfs.bin
..\TOOLS\imgfsfromdump imgfs.bin imgfs-new.bin
..\TOOLS\osnbtool -c flash.bin.bin.nb0.os.nb 2 imgfs-new.bin
..\TOOLS\osnbtool -c flash.bin.bin.nb0.os.nb.new 1 xip.bin
..\TOOLS\osnbtool -extra flash.bin.bin.nb0.os.nb.new.new
..\TOOLS\osnbtool -2bin flash.bin.bin.nb0.os.nb.new.new.exa 0x00121200 -cutheader
copy /b /y flash.bin.header+flash.bin.bin.nb0.os.nb.new.new.exa.bin flash_new.bin
pause
How to use EXT Reloc
Hello in first place in some folder with extreloc xipport and xip bit, make a old kitchen style
\oem
\rom
\rom\xip <--- to this folder place a flat xip dump, you can dump it trought dumprom, is need only for build registry
\sys
start packagetoolsbuildos from ervious, make with it flat dump (his create it in \temp\dump)
now you can need to make new xip, dump original and donor xip with xipport (press dump button, after this make pkg (in example in orig folder you got original xip in donor folder you got donor xip) make out folder, move to this folder all files and modules except MSxip* and you got somesing like that
\out\romhdr.txt
\out\parthdr.txt
\out\files\OEMXIPKernel\*.* <---files
\out\modules\OEMXIPKernel\*.* <--modules
now move all files and modules except OEM and romhdr.txt parthdr.txt from donor xip
after this in xipport press undo button to got flatdump of new xip
now start extreloc, goto setting page in imgfs path, point it to \temp\dump set apporitate nk.exe type (wm6.1 or wm6.5) all other setting you can use but default
now goto work page, press import xipport and xipport start, press ReallocV in extreloc, goto xipport and press realoc P, after this press write map in xipport, goto extreloc and dublclick on physlast number, press realloc nk.exe gsiir ... button, goto xipport and press realloc P again. xip ported
in extreloc drag the vertical white line to the left and press realloc imgfs, close extreloc
in xipport press Build xip_out.bin this is is new xip
use imgfsfromdump to make new imgfs from \temp\dump folder
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
How to dump/rebuild EXTROM.bin
Once again stark wong has created a wonderful tool to dump and he;lp us create our own ext rom.Attached is the link to programe
usage : f1extromtool extrom.bin -> dump the cabs and other files
f1extromtool /b extrom.bin [your version] -> builds the extrom.bin with the files in the extrom folder which u dumped recently
How to add replace cab file names for customisation
- AFter dumping EXTROM.bin, open the folder and look for the file " CABPIACB.pil"
- open it in hex editor and change the names by editing it.Save the file.Make a backup of original CABPIACB.pil in case to be used for making original EXTROM.bin
dl link : http://www.studiokuma.com/tools/?section=misc-e
That's good news. Can't wait to flash. I use to be a TouchPro flashaholic and now I feel sic
ohhhh!
doesn Acer allow flashing WWE roms on region specific devices? I have a german ROM so...btw. A German 6.5.1 would be tres sexy
anyhow, looks great, looking forward to enjoying your work!
Great, I can't wait till this comes out. Please keep us informed here
What is the expected release for this?
Woot nice to know il have custom roms for my acer f1 =], now you just need to port a leo rom with manila 2.6, shoulndt be that hard, since the xperia has leo roms, which is not a htc branded phone, just htc manufactured, ask one of the cookers over at xperia they should give you an idea, that is if you dont have the knowledge but from what i've seen that you have already ported and cooked a rom for the acer f1 i bet you do, anyways good luck mate.
rafyvitto
Looks awesome!!!
Nice to see a custom rom developing so quickly. Good work hdubli.
Looks wicked, congrats hdubli : )
wow....that's great..
thanks for the good work hdubli....
will you consider releasing a kitchen for neo touch? i want to cook a chinese version rom for neo touch.
That means you also have a Hard SPL for the F1 ??????
Can't wait the French version
hdubli, you are the man! can't wait. i was hoping this would happen. all we need is good hardware, and the great cookers will take care of the rest!
Damn! I just watch that again (with polarized glasses), and that is just a sweet program. Thanks for all the work. I can't wait to try it out!
I don't know if I can wait to try this out. I'm out of town most of next week, so I hope I have it to play with while I'm gone. If not, It better be ready by the time I get back ;p
Nice work, releasing kitchen would be a good step.
Thank you my friend, can't wait to flash your rom. Only one question:which version of manila do you use? Is it 2.1?
tsourisg said:
Thank you my friend, can't wait to flash your rom. Only one question:which version of manila do you use? Is it 2.1?
Click to expand...
Click to collapse
manila 2.5 90% working.Just trying 2.6 if i can.
hdubli said:
manila 2.5 90% working.Just trying 2.6 if i can.
Click to expand...
Click to collapse
Exciting news hdubli, keep up the good work
hdubli said:
manila 2.5 90% working.Just trying 2.6 if i can.
Click to expand...
Click to collapse
You are my hero
woa great news!
the current shipping roms are not available to reflash them if needed, right?
also, if you are willing to make a German ROM, I could do a romdump on mine, if you tell me what to do
it would be nice if we had original acer roms to flash if needed.
thanks a lot for your work, will donate 100%!
very true bommel. Having the orignal rom for waranty purposes is pretty important I believe.
From the video, i can see acer f1 can run manila 2.5.
i think your f1 should have an opengl drivers(ES 1.1? ES 2.0 ? ) for running.
i have search many post, but it seem f1 with original rom don't come with the drivers.
can you give me the drivers ?
btw the newer builds would also be great, like 23502.
hdubli, no paypal account for donations?
I ran the following command while ssh'ed into my Atrix 4G and do not understand why it contains only ff's or 00's for entire partition (no executable code)???
dd if=/dev/block/mmcblk0p1 of=bootloader_mmcblk0p1.img
/mnt/sdcard-ext/root_recovery_orig # uname -a
Linux localhost 2.6.32.9 #3 SMP PREEMPT Thu Sep 22 10:52:13 CST 2011 armv7l GNU/Linux
/mnt/sdcard-ext/root_recovery_orig # ls -al
total 40193
----rwxr-x 1 system sdcard_r 3670016 Nov 30 10:37 bootloader_mmcblk0p1.img
scp'ed bootloader_mmcblk0p1.img to my linux box and ran the following commands:
# hexdump -C bootloader_mmcblk0p1.img
00000000 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff |................|
*
00000800 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
*
00380000
# strings bootloader_mmcblk0p1.img
NO Strings found because entire partition only contains ff or 00
Follows is the strings command on the dd'ed boot.img for a sanity check.
# strings boot.img | less
ANDROID!p
-- System halted
ran out of input data
Malloc error
Out of memory
incomplete literal tree
incomplete distance tree
bad gzip magic numbers
internal error, invalid method
Input is encrypted
Multi part input
Input has invalid flags
invalid compressed format (err=1)
invalid compressed format (err=2)
out of memory
invalid compressed format (other)
crc error
length error
Uncompressing Linux...
done, booting the kernel.
NOTE: remainder of strings command output not shown.....
Questions:
/dev/block/mmcblk0p1 is the bootloader partition?
If so, why does it appear to not have any executable code?
Is dd being tricked in some way and NOT actually getting the content of partition 1?
If so, is there anyway to dd the actual content of partition 1?
Somewhat off topic but related questions:
Assuming the bootloader is signed where is the PKI public key/Digital Certificate/Digital Signature/hashing algorithm stored on the phone? How are they protected?
Is there a pre-bootloader that checks the Digital Signature of the bootloader partition? If so, where is the pre-bootloader located? How is it protected from tampering?
Regards, Ron
Is the bootloader available via busybox dd from the phone?
I sure would like to examine/backup the content of the Motorola Atrix 4g delivered bootloader code. Is there any way of getting a copy of it from the phone using DD (or any other method from a rooted/NOT unlocked phone)?? I thought at least part of the bootloader was in partition 1 of the on board EMMC NAND flash /dev/block/mmcblk0p1?? It appears the bootloader code is either NOT in partition 1 or DD is NOT allowed to access the code. I am basically trying to understand what happens in the VERY first stages of the boot process after power on (in detail).
Signed Confused, Ron
PS, I assume some of the developers (with great knowledge) views this forum from time to time?
Hi, the title told you what I want to do, i'm under froyo with Telus I root them with Superoneclick and it work my phone is root. I have BusyBox install too but I cant unlock with Galaxsim unlock or SGS Unlock Tool, I'm lost I'm not a pro to do that and I lost time to look for program
Pleazzzz helpppp :crying:
no one?
Looking for the same thing
zeniizenii said:
Hi, the title told you what I want to do, i'm under froyo with Telus I root them with Superoneclick and it work my phone is root. I have BusyBox install too but I cant unlock with Galaxsim unlock or SGS Unlock Tool, I'm lost I'm not a pro to do that and I lost time to look for program
Pleazzzz helpppp :crying:
Click to expand...
Click to collapse
Will post if I find anything good.
---------- Post added at 11:47 AM ---------- Previous post was at 11:42 AM ----------
Netscr1be said:
Will post if I find anything good.
Click to expand...
Click to collapse
http://forum.xda-developers.com/showthread.php?t=1163843
ok there is 2 ways of doing this
first way..................................................
unlock the Telus Galaxy S Fascinate 4G SGH-T959P
First root the device with SuperOneClick and reboot. Then using adb shell,
su
cat /efs/root/afs/settings/nv_data.bin >> /sdcard/nv_data.bin
Use a Hex editor on nv_data.bin. I used xvi32.
Jump to line 1463 (Or just Ctrl+F "01" hex, it's the first set)
Change "FF 01 00 01 00 00 30" to "FF 00 00 00 00 00 30" <<<<<< IMPORTANT USE THESE TOO FIND CODE!!!!!
rm /efs/root/afs/settings/nv_data.bin
cat /sdcard/nv_data.bin >> /efs/root/afs/settings/nv_data.bin
chmod 755 /efs/root/afs/settings/nv_data.bin
chown radio.radio /efs/root/afs/settings/nv_data.bin || chown 1001.1001 /efs/root/afs/settings/nv_data.bin
reboot
Second way.......................... follow instructions on this link http://forum.xda-developers.com/showthread.php?t=1335548
i use method 2 myself easy just follow instructions and use these in hex editor to find your code .........>>>>>>>>>> "FF 01 00 01 00 00 30" or use "FF 00 00 00 00 00 30" <<<<<<<<<<<NOT THE ONE IN LINK this is proper hex string for this phone.....use one or other to find your code
both will work .....
Hi
I just changed some stuff like images in a kernel using Android Kernel Kitchen 0.3.1.
Now I wanna test my changes.
My questions is->
What are worst case scenarios possible?
I am ready to go for boot loops and etc. but are there any consequences that may cause real hard brick of my phone? (Like---> it will never start again! or you need to take it to service center for repair!)?
Jaskaran498 said:
Hi
I just changed some stuff like images in a kernel using Android Kernel Kitchen 0.3.1.
Now I wanna test my changes.
My questions is->
What are worst case scenarios possible?
I am ready to go for boot loops and etc. but are there any consequences that may cause real hard brick of my phone? (Like---> it will never start again! or you need to take it to service center for repair!)?
Click to expand...
Click to collapse
What you can expect are boot loops, inability to get even see the boot splash, non-working wifi/ USB / touch / camera/ anything that needs a driver, random reboots. Personal experience: yesterday I was playing with changing part of the initramfs without changing the whole boot.img. It turns out that I needed to update the header size and checksum. Without this, it would hang for some seconds and then reboot (or not start at all). This was all fixable from recovery.
What can happen if you are not careful is a brick because you flash the wrong partition. Otherwise, you can always enter recovery mode and flash the kernel (for the i9300, it is mmcblk0p5). If you are not sure, look for the magic ANDROID! header:
Code:
# dd bs=64 count=1 if=/dev/block/mmcblk0p5 2>/dev/null | hexdump -C
00000000 41 4e 44 52 4f 49 44 21 80 bc 44 00 00 80 00 40 |[email protected]|
00000010 2e 1e 05 00 00 00 00 41 00 00 00 00 00 00 f0 40 |[email protected]|
00000020 00 01 00 40 00 08 00 00 00 00 00 00 00 00 00 00 |[email protected]|
00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000040
So, the absolute worst-case scenario is when you accidentally flash the wrong partition. If you picked your EFS partition and do not have a backup, then your IMEI and stuff are gone.
Note: be sure not to wipe your recovery partition (mmcblk0p6), that requires you restore the recovery using download mode (I have not experienced this yet).
Lekensteyn said:
What you can expect are boot loops, inability to get even see the boot splash, non-working wifi/ USB / touch / camera/ anything that needs a driver, random reboots. Personal experience: yesterday I was playing with changing part of the initramfs without changing the whole boot.img. It turns out that I needed to update the header size and checksum. Without this, it would hang for some seconds and then reboot (or not start at all). This was all fixable from recovery.
What can happen if you are not careful is a brick because you flash the wrong partition. Otherwise, you can always enter recovery mode and flash the kernel (for the i9300, it is mmcblk0p5). If you are not sure, look for the magic ANDROID! header:
Code:
# dd bs=64 count=1 if=/dev/block/mmcblk0p5 2>/dev/null | hexdump -C
00000000 41 4e 44 52 4f 49 44 21 80 bc 44 00 00 80 00 40 |[email protected]|
00000010 2e 1e 05 00 00 00 00 41 00 00 00 00 00 00 f0 40 |[email protected]|
00000020 00 01 00 40 00 08 00 00 00 00 00 00 00 00 00 00 |[email protected]|
00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000040
So, the absolute worst-case scenario is when you accidentally flash the wrong partition. If you picked your EFS partition and do not have a backup, then your IMEI and stuff are gone.
Note: be sure not to wipe your recovery partition (mmcblk0p6), that requires you restore the recovery using download mode (I have not experienced this yet).
Click to expand...
Click to collapse
Kk, thanks.
But what do i do if it does not start at all like u said (what i want is that it should at least be able start in recovery or download if possible).
Since its my first time messing with kernel, i am total n00b then
If it cannot proceed to the "normal" boot, then get into recovery by holding Volume Up + Power + Home for ten seconds while booting (I usually do that when I see the Samsung logo end release when it has restarted, showing the logo again (about ten seconds).
From there, use Install from zip (if you have a "update zip" that contains boot.img and some metadata) or (what I do) use adb push to put the image in /tmp/. Then use dd to write the boot image. Example (I use Linux):
Code:
laptop$ adb push boot-new.img /tmp/boot.img
laptop$ adb shell
# cat /tmp/boot.img > /dev/block/mmcblk0p5
Just in case of hardware failure, I also verify the md5sum:
Code:
laptop$ md5sum boot-new.img
laptop$ du -b boot-new.img # determine file size, say 1234
(android) # dd if=/dev/block/mmcblk0p5 bs=1234 count=1 | md5sum
The two outputs must match, otherwise something went wrong (unlikely, but still).
Lekensteyn said:
If it cannot proceed to the "normal" boot, then get into recovery by holding Volume Up + Power + Home for ten seconds while booting (I usually do that when I see the Samsung logo end release when it has restarted, showing the logo again (about ten seconds).
From there, use Install from zip (if you have a "update zip" that contains boot.img and some metadata) or (what I do) use adb push to put the image in /tmp/. Then use dd to write the boot image. Example (I use Linux):
Code:
laptop$ adb push boot-new.img /tmp/boot.img
laptop$ adb shell
# cat /tmp/boot.img > /dev/block/mmcblk0p5
Just in case of hardware failure, I also verify the md5sum:
Code:
laptop$ md5sum boot-new.img
laptop$ du -b boot-new.img # determine file size, say 1234
(android) # dd if=/dev/block/mmcblk0p5 bs=1234 count=1 | md5sum
The two outputs must match, otherwise something went wrong (unlikely, but still).
Click to expand...
Click to collapse
I know all this but what i m saying is that can there be conditions where neither i will be able to boot recovery nor download (even by volume+power+home method)?
Unless you do really stupid things like overwriting /dev/block/mmcblk0 or other partitions on http://cleanimport.xda/index.php?threads/2362743/, you will be safe.
Jaskaran498 said:
I know all this but what i m saying is that can there be conditions where neither i will be able to boot recovery nor download (even by volume+power+home method)?
Click to expand...
Click to collapse
Recovery has it's own kernel. It doesn't use the one you're modifying
-----------------------
Sent via tapatalk.
I do NOT reply to support queries over PM. Please keep support queries to the Q&A section, so that others may benefit