I am trying to connect my phone to a device with the phone acting as the host (using the OTG USB cable).
Once connected, I have new entry "usb0" when I do ifconfig.
I assigned 192.168.3.100 to the phone and 192.168.3.99 to the device.
When I do a tcpdump, I saw that the arp request from the phone got to the device correctly, the device answered corrected but by the time it gets to the phone, it is no longer correct. I suspect that this is the problem within the u_ether driver/gadget.
When the device reply to the ARP request, tcpdump on the device gives:
2 0.000091 5a:65:6b:1b:de:37 62:18:d4:57:77:6c ARP 42 192.168.3.99 is at 5a:65:6b:1b:de:37
Frame 2: 42 bytes on wire (336 bits), 42 bytes captured (336 bits)
Ethernet II, Src: 5a:65:6b:1b:de:37 (5a:65:6b:1b:de:37), Dst: 62:18:d4:57:77:6c (62:18:d4:57:77:6c)
0000 62 18 d4 57 77 6c 5a 65 6b 1b de 37 08 06 00 01 b..WwlZe k..7....
0010 08 00 06 04 00 02 5a 65 6b 1b de 37 c0 a8 03 63 ......Ze k..7...c
0020 62 18 d4 57 77 6c c0 a8 03 64 b..Wwl.. .d
Which is correct. However, tcpdump on the phone gives:
2 0.000030 CatenaNe_65:6b:1b AvlabTec_00:06:04 0xde37 28 Ethernet II
Frame 2: 28 bytes on wire (224 bits), 28 bytes captured (224 bits)
Ethernet II, Src: CatenaNe_65:6b:1b (00:02:5a:65:6b:1b), Dst: AvlabTec_00:06:04 (00:01:08:00:06:04)
0000 00 01 08 00 06 04 00 02 5a 65 6b 1b de 37 c0 a8 ........ Zek..7..
0010 03 63 62 18 d4 57 77 6c c0 a8 03 64 .cb..Wwl ...d
From the look of it, the section "62 18 d4 57 77 6c 5a 65 6b 1b de 37 08 06" is missing from the frame.
I suspected that I have to make changes to "drivers/usb/gadget/u_ether.c" and/or "drivers/net/usb/cdc_ether.c" but I am not so sure. Do you know where is the good place to start tackling this problem? I tried to put printk statements everywhere in those files but it proved fruitless.
I have tried to do "ethernet over usb" with a Windows machine (RNDIS) and that worked properly.
Thank you.
bug in usbnet driver
The problem I found out was that there were two consecutive calls to "remove header" in the driver.
» OMAPFlash v4.15 (Aug 12 2011)
» -v
» Entering parameter file:Targets\Projects\espresso\omap4430hs_1200MHZ.txt at li
ne: 1
» -omap 4
» -t 36000
» -p OMAP4430_8G_HS
» -2
» chip_download EMMC Targets\Projects\espresso\MLO.hs
» chip_download EMMC Targets\Projects\espresso\Sbl.bin
» command cold_sw_reset
» Leaving parameter file:Targets\Projects\espresso\omap4430hs_1200MHZ.txt
» @targets\Projects\espresso\omap4430hs_1200MHZ.txt
» Looking for device (omap usb)
» Please turn on device
» Waiting for device (omap usb)
» Found device (omap usb)
» Requesting ASIC id
» AsicId items 05
» AsicId id 01 05 01 44 30 07 04
» AsicId secure_mode 13 02 01 00
» AsicId public_id 12 15 01 3F A1 B4 41 92 B4 47 75 9B F2 C3 7C D7 FA 21
CA A6 EF DF 17
» AsicId root_key_hash 14 21 01 49 D3 8A 83 CA 2D EF 29 0B DF 4E 54 67 2D 6F
EA 08 9C 39 8F 6F 86 A3 4D D3 0C 74 77 B7 A4 54 1D
» AsicId checksum 15 09 01 9C 66 9A D9 68 2A DC CF
» Searching 2nd for: OMAP4430_8G_HS 443007 04 HS
» Loading second file Targets\2nd-Downloaders\dnld_startup_omap4_hs_4g_es2.s2.si
gned.2nd.hs
» Entering parameter filemapflash2nd.txt at line: 45
» -pheriphalboot_reopen
» Reading board configuration file Targets\Configurations\configuration_omap4430
_8g.txt
» Reading definition file .\targets\definitions\definitions_omap4.txt
» -board_config Targets\Configurations\configuration_omap4430_8g.txt
» Leaving parameter filemapflash2nd.txt
» Sending size of second file (0x00006E60 bytes)
» Transferring second file to target (0x6E60 bytes)
» Closing boot connection
» Found device (omap usb)
» Waiting for 2nd
» Found 2nd
» Looking for a driver for 'EMMC'
» chip_driver EMMC Targets\Flash-Drivers\emmc_drv.bin sid 1 width 4 delay 9 rpap
i_base 0x00028400
» Downloading driver
» Downloading 'Targets\Flash-Drivers\emmc_drv.bin'
» Sending data (47160 bytes) :::::::::::::::::::: [47160]
Interface 'OMAPFLASH DRIVER v6'
Driver 'eMMC JESD84-A43'
Driver configuration: sid = 0x00000001
Driver configuration: width = 0x00000004
Driver configuration: delay = 0x00000009
Driver configuration: rpapi_base = 0x00028400
MMC sid = 0x01
MMC mmc_volt = 0x01
MMC data_width = 0x04
MMC card_rca = 0x04
MMC card_type = 0x03
MMC data_width_support = 0x08
MMC transfer_clk_max = 0xBB80
MMC card_size = 0x1D5A000
eMMC CID MID = 0x15 // Manufacturer ID
eMMC CID CBX = 0x01 // Card/BGA
eMMC CID OID = 0x00 // OEM/Application ID
eMMC CID PNM = 0x9B4100009E1B // Product name
eMMC CID PRV = 0x19 // Product revision
eMMC CID PSN = 0x00009E1B // Product serial numbe
r
eMMC CID MDT = 0x9E // Manufacturing date
eMMC CID CRC = 0x0D // CRC7 checksum
eMMC CSD CSD_STRUCTURE = 0x03 // CSD structure
eMMC CSD SPEC_VERS = 0x04 // System specification
version
eMMC CSD TAAC = 0x27 // Data read access-tim
e 1
eMMC CSD NSAC = 0x01 // Data read access-tim
e 2 in CLK cycles (NSAC*100)
eMMC CSD TRAN_SPEED = 0x32 // Max. bus clock frequ
ency
eMMC CSD CCC = 0x00F5 // Card command classes
eMMC CSD READ_BL_LEN = 0x09 // Max. read data block
length
eMMC CSD READ_BL_PARTIAL = 0x00 // Partial blocks for r
ead allowed
eMMC CSD WRITE_BLK_MISALIGN = 0x00 // Write block misalign
ment
eMMC CSD READ_BLK_MISALIGN = 0x00 // Read block misalignm
ent
eMMC CSD DSR_IMP = 0x00 // DSR implemented
eMMC CSD C_SIZE = 0x00FF // Device size
eMMC CSD VDD_R_CURR_MIN = 0x06 // Max. read current @
VDD min
eMMC CSD VDD_R_CURR_MAX = 0x06 // Max. read current @
VDD max
eMMC CSD VDD_W_CURR_MIN = 0x06 // Max. write current @
VDD min
eMMC CSD VDD_W_CURR_MAX = 0x06 // Max. write current @
VDD max
eMMC CSD C_SIZE_MULT = 0x01 // Device size multipli
er
eMMC CSD ERASE_GRP_SIZE = 0x1F // Erase group size
eMMC CSD ERASE_GRP_MULT = 0x1F // Erase group size mul
tiplier
eMMC CSD WP_GRP_SIZE = 0x0F // Write protect group
size
eMMC CSD WP_GRP_ENABLE = 0x01 // Write protect group
enable
eMMC CSD DEFAULT_ECC = 0x00 // Manufacturer default
ECC
eMMC CSD R2W_FACTOR = 0x02 // Write speed factor
eMMC CSD WRITE_BL_LEN = 0x09 // Max. write data bloc
k length
eMMC CSD WRITE_BL_PARTIAL = 0x00 // Partial blocks for w
rite allowed
eMMC CSD CONTENT_PROT_APP = 0x00 // Content protection a
pplication
eMMC CSD FILE_FORMAT_GRP = 0x00 // File format group
eMMC CSD COPY = 0x01 // Copy flag (OTP)
eMMC CSD PERM_WRITE_PROTECT = 0x00 // Permanent write prot
ection
eMMC CSD TMP_WRITE_PROTECT = 0x00 // Temporary write prot
ection
eMMC CSD FILE_FORMAT = 0x00 // File format
eMMC CSD ECC = 0x00 // ECC code
eMMC CSD CRC = 0x33 // CRC
eMMC EXT_CSD S_CMD_SET = 0x00 // Supported Command Se
ts
eMMC EXT_CSD BOOT_INFO = 0x15 // Boot information
eMMC EXT_CSD BOOT_SIZE_MULTI = 0x0A // Boot partition size
eMMC EXT_CSD ACC_SIZE = 0x07 // Access size
eMMC EXT_CSD HC_ERASE_GRP_SIZE = 0x00 // High-capacity erase
unit size
eMMC EXT_CSD ERASE_TIMEOUT_MULT = 0x04 // High-capacity erase
timeout
eMMC EXT_CSD REL_WR_SEC_C = 0x07 // Reliable write secto
r count
eMMC EXT_CSD HC_WP_GRP_SIZE = 0x01 // High-capacity write
protect group size
eMMC EXT_CSD S_C_VCC = 0x01 // Sleep current (VCC)
eMMC EXT_CSD S_C_VCCQ = 0x01 // Sleep current (VCCQ)
eMMC EXT_CSD S_A_TIMEOUT = 0x07 // Sleep/awake timeout
eMMC EXT_CSD SEC_COUNT = 0x01D5A000 // Sector Count
eMMC EXT_CSD MIN_PERF_W_8_52 = 0xA0 // Minimum Write Perfor
mance for 8bit at 52MHz
eMMC EXT_CSD MIN_PERF_R_8_52 = 0x00 // Minimum Read Perform
ance for 8bit at 52MHz
eMMC EXT_CSD MIN_PERF_W_8_26_4_52 = 0x00 // Minimum Write Perfor
mance for 8bit at 26MHz, for 4bit at 52MHz
eMMC EXT_CSD MIN_PERF_R_8_26_4_52 = 0x00 // Minimum Read Perform
ance for 8bit at 26MHz, for 4bit at 52MHz
eMMC EXT_CSD MIN_PERF_W_4_26 = 0x00 // Minimum Write Perfor
mance for 4bit at 26MHz
eMMC EXT_CSD MIN_PERF_R_4_26 = 0x00 // Minimum Read Perform
ance for 4bit at 26MHz
eMMC EXT_CSD PWR_CL_26_360 = 0x00 // Power class for 26MH
z at 3.6V
eMMC EXT_CSD PWR_CL_52_360 = 0x00 // Power class for 52MH
z at 3.6V
eMMC EXT_CSD PWR_CL_26_195 = 0x00 // Power class for 26MH
z at 1.95V
eMMC EXT_CSD PWR_CL_52_195 = 0x00 // Power class for 52MH
z at 1.95V
eMMC EXT_CSD CARD_TYPE = 0x01 // Card type
eMMC EXT_CSD CSD_STRUCTURE = 0x00 // CSD structure versio
n
eMMC EXT_CSD EXT_CSD_REV = 0x00 // Extended CSD revisio
n
eMMC EXT_CSD CMD_SET = 0x02 // Command set
eMMC EXT_CSD CMD_SET_REV = 0x05 // Command set revision
eMMC EXT_CSD POWER_CLASS = 0x00 // Power class
eMMC EXT_CSD HS_TIMING = 0x00 // High-speed interface
timing
eMMC EXT_CSD BUS_WIDTH = 0x00 // Bus width mode
eMMC EXT_CSD ERASED_MEM_CONT = 0x00 // Erased memory conten
t
eMMC EXT_CSD BOOT_CONFIG = 0x00 // Boot configuration
eMMC EXT_CSD BOOT_BUS_WIDTH = 0x00 // Boot bus width1
eMMC EXT_CSD ERASE_GROUP_DEF = 0x00 // High-density erase g
roup definition
EMMC eMMC DRIVER INIT COMPLETE
» Downloading complete
» Elapsed time: 0:00.452 (104336 bytes/s)
» End loading driver
» Downloading
» Downloading 'Targets\Projects\espresso\MLO.hs'
» Sending data (262144 bytes) :::::............... [65536]
Please someone help me.My phone is dead since one month
ME too
nirmalece19 said:
» OMAPFlash v4.15 (Aug 12 2011)
» -v
» Entering parameter file:Targets\Projects\espresso\omap4430hs_1200MHZ.txt at li
ne: 1
» -omap 4
» -t 36000
» -p OMAP4430_8G_HS
» -2
» chip_download EMMC Targets\Projects\espresso\MLO.hs
» chip_download EMMC Targets\Projects\espresso\Sbl.bin
» command cold_sw_reset
» Leaving parameter file:Targets\Projects\espresso\omap4430hs_1200MHZ.txt
» @targets\Projects\espresso\omap4430hs_1200MHZ.txt
» Looking for device (omap usb)
» Please turn on device
» Waiting for device (omap usb)
» Found device (omap usb)
» Requesting ASIC id
» AsicId items 05
» AsicId id 01 05 01 44 30 07 04
» AsicId secure_mode 13 02 01 00
» AsicId public_id 12 15 01 3F A1 B4 41 92 B4 47 75 9B F2 C3 7C D7 FA 21
CA A6 EF DF 17
» AsicId root_key_hash 14 21 01 49 D3 8A 83 CA 2D EF 29 0B DF 4E 54 67 2D 6F
EA 08 9C 39 8F 6F 86 A3 4D D3 0C 74 77 B7 A4 54 1D
» AsicId checksum 15 09 01 9C 66 9A D9 68 2A DC CF
» Searching 2nd for: OMAP4430_8G_HS 443007 04 HS
» Loading second file Targets\2nd-Downloaders\dnld_startup_omap4_hs_4g_es2.s2.si
gned.2nd.hs
» Entering parameter filemapflash2nd.txt at line: 45
» -pheriphalboot_reopen
» Reading board configuration file Targets\Configurations\configuration_omap4430
_8g.txt
» Reading definition file .\targets\definitions\definitions_omap4.txt
» -board_config Targets\Configurations\configuration_omap4430_8g.txt
» Leaving parameter filemapflash2nd.txt
» Sending size of second file (0x00006E60 bytes)
» Transferring second file to target (0x6E60 bytes)
» Closing boot connection
» Found device (omap usb)
» Waiting for 2nd
» Found 2nd
» Looking for a driver for 'EMMC'
» chip_driver EMMC Targets\Flash-Drivers\emmc_drv.bin sid 1 width 4 delay 9 rpap
i_base 0x00028400
» Downloading driver
» Downloading 'Targets\Flash-Drivers\emmc_drv.bin'
» Sending data (47160 bytes) :::::::::::::::::::: [47160]
Interface 'OMAPFLASH DRIVER v6'
Driver 'eMMC JESD84-A43'
Driver configuration: sid = 0x00000001
Driver configuration: width = 0x00000004
Driver configuration: delay = 0x00000009
Driver configuration: rpapi_base = 0x00028400
MMC sid = 0x01
MMC mmc_volt = 0x01
MMC data_width = 0x04
MMC card_rca = 0x04
MMC card_type = 0x03
MMC data_width_support = 0x08
MMC transfer_clk_max = 0xBB80
MMC card_size = 0x1D5A000
eMMC CID MID = 0x15 // Manufacturer ID
eMMC CID CBX = 0x01 // Card/BGA
eMMC CID OID = 0x00 // OEM/Application ID
eMMC CID PNM = 0x9B4100009E1B // Product name
eMMC CID PRV = 0x19 // Product revision
eMMC CID PSN = 0x00009E1B // Product serial numbe
r
eMMC CID MDT = 0x9E // Manufacturing date
eMMC CID CRC = 0x0D // CRC7 checksum
eMMC CSD CSD_STRUCTURE = 0x03 // CSD structure
eMMC CSD SPEC_VERS = 0x04 // System specification
version
eMMC CSD TAAC = 0x27 // Data read access-tim
e 1
eMMC CSD NSAC = 0x01 // Data read access-tim
e 2 in CLK cycles (NSAC*100)
eMMC CSD TRAN_SPEED = 0x32 // Max. bus clock frequ
ency
eMMC CSD CCC = 0x00F5 // Card command classes
eMMC CSD READ_BL_LEN = 0x09 // Max. read data block
length
eMMC CSD READ_BL_PARTIAL = 0x00 // Partial blocks for r
ead allowed
eMMC CSD WRITE_BLK_MISALIGN = 0x00 // Write block misalign
ment
eMMC CSD READ_BLK_MISALIGN = 0x00 // Read block misalignm
ent
eMMC CSD DSR_IMP = 0x00 // DSR implemented
eMMC CSD C_SIZE = 0x00FF // Device size
eMMC CSD VDD_R_CURR_MIN = 0x06 // Max. read current @
VDD min
eMMC CSD VDD_R_CURR_MAX = 0x06 // Max. read current @
VDD max
eMMC CSD VDD_W_CURR_MIN = 0x06 // Max. write current @
VDD min
eMMC CSD VDD_W_CURR_MAX = 0x06 // Max. write current @
VDD max
eMMC CSD C_SIZE_MULT = 0x01 // Device size multipli
er
eMMC CSD ERASE_GRP_SIZE = 0x1F // Erase group size
eMMC CSD ERASE_GRP_MULT = 0x1F // Erase group size mul
tiplier
eMMC CSD WP_GRP_SIZE = 0x0F // Write protect group
size
eMMC CSD WP_GRP_ENABLE = 0x01 // Write protect group
enable
eMMC CSD DEFAULT_ECC = 0x00 // Manufacturer default
ECC
eMMC CSD R2W_FACTOR = 0x02 // Write speed factor
eMMC CSD WRITE_BL_LEN = 0x09 // Max. write data bloc
k length
eMMC CSD WRITE_BL_PARTIAL = 0x00 // Partial blocks for w
rite allowed
eMMC CSD CONTENT_PROT_APP = 0x00 // Content protection a
pplication
eMMC CSD FILE_FORMAT_GRP = 0x00 // File format group
eMMC CSD COPY = 0x01 // Copy flag (OTP)
eMMC CSD PERM_WRITE_PROTECT = 0x00 // Permanent write prot
ection
eMMC CSD TMP_WRITE_PROTECT = 0x00 // Temporary write prot
ection
eMMC CSD FILE_FORMAT = 0x00 // File format
eMMC CSD ECC = 0x00 // ECC code
eMMC CSD CRC = 0x33 // CRC
eMMC EXT_CSD S_CMD_SET = 0x00 // Supported Command Se
ts
eMMC EXT_CSD BOOT_INFO = 0x15 // Boot information
eMMC EXT_CSD BOOT_SIZE_MULTI = 0x0A // Boot partition size
eMMC EXT_CSD ACC_SIZE = 0x07 // Access size
eMMC EXT_CSD HC_ERASE_GRP_SIZE = 0x00 // High-capacity erase
unit size
eMMC EXT_CSD ERASE_TIMEOUT_MULT = 0x04 // High-capacity erase
timeout
eMMC EXT_CSD REL_WR_SEC_C = 0x07 // Reliable write secto
r count
eMMC EXT_CSD HC_WP_GRP_SIZE = 0x01 // High-capacity write
protect group size
eMMC EXT_CSD S_C_VCC = 0x01 // Sleep current (VCC)
eMMC EXT_CSD S_C_VCCQ = 0x01 // Sleep current (VCCQ)
eMMC EXT_CSD S_A_TIMEOUT = 0x07 // Sleep/awake timeout
eMMC EXT_CSD SEC_COUNT = 0x01D5A000 // Sector Count
eMMC EXT_CSD MIN_PERF_W_8_52 = 0xA0 // Minimum Write Perfor
mance for 8bit at 52MHz
eMMC EXT_CSD MIN_PERF_R_8_52 = 0x00 // Minimum Read Perform
ance for 8bit at 52MHz
eMMC EXT_CSD MIN_PERF_W_8_26_4_52 = 0x00 // Minimum Write Perfor
mance for 8bit at 26MHz, for 4bit at 52MHz
eMMC EXT_CSD MIN_PERF_R_8_26_4_52 = 0x00 // Minimum Read Perform
ance for 8bit at 26MHz, for 4bit at 52MHz
eMMC EXT_CSD MIN_PERF_W_4_26 = 0x00 // Minimum Write Perfor
mance for 4bit at 26MHz
eMMC EXT_CSD MIN_PERF_R_4_26 = 0x00 // Minimum Read Perform
ance for 4bit at 26MHz
eMMC EXT_CSD PWR_CL_26_360 = 0x00 // Power class for 26MH
z at 3.6V
eMMC EXT_CSD PWR_CL_52_360 = 0x00 // Power class for 52MH
z at 3.6V
eMMC EXT_CSD PWR_CL_26_195 = 0x00 // Power class for 26MH
z at 1.95V
eMMC EXT_CSD PWR_CL_52_195 = 0x00 // Power class for 52MH
z at 1.95V
eMMC EXT_CSD CARD_TYPE = 0x01 // Card type
eMMC EXT_CSD CSD_STRUCTURE = 0x00 // CSD structure versio
n
eMMC EXT_CSD EXT_CSD_REV = 0x00 // Extended CSD revisio
n
eMMC EXT_CSD CMD_SET = 0x02 // Command set
eMMC EXT_CSD CMD_SET_REV = 0x05 // Command set revision
eMMC EXT_CSD POWER_CLASS = 0x00 // Power class
eMMC EXT_CSD HS_TIMING = 0x00 // High-speed interface
timing
eMMC EXT_CSD BUS_WIDTH = 0x00 // Bus width mode
eMMC EXT_CSD ERASED_MEM_CONT = 0x00 // Erased memory conten
t
eMMC EXT_CSD BOOT_CONFIG = 0x00 // Boot configuration
eMMC EXT_CSD BOOT_BUS_WIDTH = 0x00 // Boot bus width1
eMMC EXT_CSD ERASE_GROUP_DEF = 0x00 // High-density erase g
roup definition
EMMC eMMC DRIVER INIT COMPLETE
» Downloading complete
» Elapsed time: 0:00.452 (104336 bytes/s)
» End loading driver
» Downloading
» Downloading 'Targets\Projects\espresso\MLO.hs'
» Sending data (262144 bytes) :::::............... [65536]
Please someone help me.My phone is dead since one month
Click to expand...
Click to collapse
i think NAND error , cannot get into recovery mode, but get into dowload mode, flash via odin error
» OMAPFlash v4.15 (Aug 12 2011)
» -v
» Entering parameter file:Targets\Projects\espresso\omap4430hs_1200MHZ.txt at li
ne: 1
» -omap 4
» -t 36000
» -p OMAP4430_8G_HS
» -2
» chip_download EMMC Targets\Projects\espresso\MLO.hs
» chip_download EMMC Targets\Projects\espresso\Sbl.bin
» command cold_sw_reset
» Leaving parameter file:Targets\Projects\espresso\omap4430hs_1200MHZ.txt
» @targets\Projects\espresso\omap4430hs_1200MHZ.txt
» Looking for device (omap usb)
» Please turn off device
» Please turn on device
» Waiting for device (omap usb)
» Found device (omap usb)
» Requesting ASIC id
» AsicId items 05
» AsicId id 01 05 01 44 30 07 04
» AsicId secure_mode 13 02 01 00
» AsicId public_id 12 15 01 3F A1 B4 41 92 B4 47 75 9B F2 C3 7C D7 FA 21
CA A6 EF DF 17
» AsicId root_key_hash 14 21 01 49 D3 8A 83 CA 2D EF 29 0B DF 4E 54 67 2D 6F
EA 08 9C 39 8F 6F 86 A3 4D D3 0C 74 77 B7 A4 54 1D
» AsicId checksum 15 09 01 9C 66 9A D9 68 2A DC CF
» Searching 2nd for: OMAP4430_8G_HS 443007 04 HS
» Loading second file Targets\2nd-Downloaders\dnld_startup_omap4_hs_4g_es2.s2.si
gned.2nd.hs
» Entering parameter filemapflash2nd.txt at line: 45
» -pheriphalboot_reopen
» Reading board configuration file Targets\Configurations\configuration_omap4430
_8g.txt
» Reading definition file .\targets\definitions\definitions_omap4.txt
» -board_config Targets\Configurations\configuration_omap4430_8g.txt
» Leaving parameter filemapflash2nd.txt
» Sending size of second file (0x00006E60 bytes)
» Transferring second file to target (0x6E60 bytes)
» Closing boot connection
» Found device (omap usb)
» Waiting for 2nd
» Found 2nd
» Looking for a driver for 'EMMC'
» chip_driver EMMC Targets\Flash-Drivers\emmc_drv.bin sid 1 width 4 delay 9 rpap
i_base 0x00028400
» Downloading driver
» Downloading 'Targets\Flash-Drivers\emmc_drv.bin'
» Sending data (47160 bytes) :::::::::::::::::::: [47160]
Interface 'OMAPFLASH DRIVER v6'
Driver 'eMMC JESD84-A43'
Driver configuration: sid = 0x00000001
Driver configuration: width = 0x00000004
Driver configuration: delay = 0x00000009
Driver configuration: rpapi_base = 0x00028400
MMC sid = 0x01
MMC mmc_volt = 0x01
MMC data_width = 0x04
MMC card_rca = 0x04
MMC card_type = 0x03
MMC data_width_support = 0x08
MMC transfer_clk_max = 0xBB80
MMC card_size = 0x1D5A000
eMMC CID MID = 0x15 // Manufacturer ID
eMMC CID CBX = 0x01 // Card/BGA
eMMC CID OID = 0x00 // OEM/Application ID
eMMC CID PNM = 0x9B4100009E1B // Product name
eMMC CID PRV = 0x19 // Product revision
eMMC CID PSN = 0x00009E1B // Product serial numbe
r
eMMC CID MDT = 0x9E // Manufacturing date
eMMC CID CRC = 0x0D // CRC7 checksum
eMMC CSD CSD_STRUCTURE = 0x03 // CSD structure
eMMC CSD SPEC_VERS = 0x04 // System specification
version
eMMC CSD TAAC = 0x27 // Data read access-tim
e 1
eMMC CSD NSAC = 0x01 // Data read access-tim
e 2 in CLK cycles (NSAC*100)
eMMC CSD TRAN_SPEED = 0x32 // Max. bus clock frequ
ency
eMMC CSD CCC = 0x00F5 // Card command classes
eMMC CSD READ_BL_LEN = 0x09 // Max. read data block
length
eMMC CSD READ_BL_PARTIAL = 0x00 // Partial blocks for r
ead allowed
eMMC CSD WRITE_BLK_MISALIGN = 0x00 // Write block misalign
ment
eMMC CSD READ_BLK_MISALIGN = 0x00 // Read block misalignm
ent
eMMC CSD DSR_IMP = 0x00 // DSR implemented
eMMC CSD C_SIZE = 0x00FF // Device size
eMMC CSD VDD_R_CURR_MIN = 0x06 // Max. read current @
VDD min
eMMC CSD VDD_R_CURR_MAX = 0x06 // Max. read current @
VDD max
eMMC CSD VDD_W_CURR_MIN = 0x06 // Max. write current @
VDD min
eMMC CSD VDD_W_CURR_MAX = 0x06 // Max. write current @
VDD max
eMMC CSD C_SIZE_MULT = 0x01 // Device size multipli
er
eMMC CSD ERASE_GRP_SIZE = 0x1F // Erase group size
eMMC CSD ERASE_GRP_MULT = 0x1F // Erase group size mul
tiplier
eMMC CSD WP_GRP_SIZE = 0x0F // Write protect group
size
eMMC CSD WP_GRP_ENABLE = 0x01 // Write protect group
enable
eMMC CSD DEFAULT_ECC = 0x00 // Manufacturer default
ECC
eMMC CSD R2W_FACTOR = 0x02 // Write speed factor
eMMC CSD WRITE_BL_LEN = 0x09 // Max. write data bloc
k length
eMMC CSD WRITE_BL_PARTIAL = 0x00 // Partial blocks for w
rite allowed
eMMC CSD CONTENT_PROT_APP = 0x00 // Content protection a
pplication
eMMC CSD FILE_FORMAT_GRP = 0x00 // File format group
eMMC CSD COPY = 0x01 // Copy flag (OTP)
eMMC CSD PERM_WRITE_PROTECT = 0x00 // Permanent write prot
ection
eMMC CSD TMP_WRITE_PROTECT = 0x00 // Temporary write prot
ection
eMMC CSD FILE_FORMAT = 0x00 // File format
eMMC CSD ECC = 0x00 // ECC code
eMMC CSD CRC = 0x33 // CRC
eMMC EXT_CSD S_CMD_SET = 0x00 // Supported Command Se
ts
eMMC EXT_CSD BOOT_INFO = 0x15 // Boot information
eMMC EXT_CSD BOOT_SIZE_MULTI = 0x0A // Boot partition size
eMMC EXT_CSD ACC_SIZE = 0x07 // Access size
eMMC EXT_CSD HC_ERASE_GRP_SIZE = 0x00 // High-capacity erase
unit size
eMMC EXT_CSD ERASE_TIMEOUT_MULT = 0x04 // High-capacity erase
timeout
eMMC EXT_CSD REL_WR_SEC_C = 0x07 // Reliable write secto
r count
eMMC EXT_CSD HC_WP_GRP_SIZE = 0x01 // High-capacity write
protect group size
eMMC EXT_CSD S_C_VCC = 0x01 // Sleep current (VCC)
eMMC EXT_CSD S_C_VCCQ = 0x01 // Sleep current (VCCQ)
eMMC EXT_CSD S_A_TIMEOUT = 0x07 // Sleep/awake timeout
eMMC EXT_CSD SEC_COUNT = 0x01D5A000 // Sector Count
eMMC EXT_CSD MIN_PERF_W_8_52 = 0xA0 // Minimum Write Perfor
mance for 8bit at 52MHz
eMMC EXT_CSD MIN_PERF_R_8_52 = 0x00 // Minimum Read Perform
ance for 8bit at 52MHz
eMMC EXT_CSD MIN_PERF_W_8_26_4_52 = 0x00 // Minimum Write Perfor
mance for 8bit at 26MHz, for 4bit at 52MHz
eMMC EXT_CSD MIN_PERF_R_8_26_4_52 = 0x00 // Minimum Read Perform
ance for 8bit at 26MHz, for 4bit at 52MHz
eMMC EXT_CSD MIN_PERF_W_4_26 = 0x00 // Minimum Write Perfor
mance for 4bit at 26MHz
eMMC EXT_CSD MIN_PERF_R_4_26 = 0x00 // Minimum Read Perform
ance for 4bit at 26MHz
eMMC EXT_CSD PWR_CL_26_360 = 0x00 // Power class for 26MH
z at 3.6V
eMMC EXT_CSD PWR_CL_52_360 = 0x00 // Power class for 52MH
z at 3.6V
eMMC EXT_CSD PWR_CL_26_195 = 0x00 // Power class for 26MH
z at 1.95V
eMMC EXT_CSD PWR_CL_52_195 = 0x00 // Power class for 52MH
z at 1.95V
eMMC EXT_CSD CARD_TYPE = 0x01 // Card type
eMMC EXT_CSD CSD_STRUCTURE = 0x00 // CSD structure versio
n
eMMC EXT_CSD EXT_CSD_REV = 0x00 // Extended CSD revisio
n
eMMC EXT_CSD CMD_SET = 0x02 // Command set
eMMC EXT_CSD CMD_SET_REV = 0x05 // Command set revision
eMMC EXT_CSD POWER_CLASS = 0x00 // Power class
eMMC EXT_CSD HS_TIMING = 0x00 // High-speed interface
timing
eMMC EXT_CSD BUS_WIDTH = 0x00 // Bus width mode
eMMC EXT_CSD ERASED_MEM_CONT = 0x00 // Erased memory conten
t
eMMC EXT_CSD BOOT_CONFIG = 0x00 // Boot configuration
eMMC EXT_CSD BOOT_BUS_WIDTH = 0x00 // Boot bus width1
eMMC EXT_CSD ERASE_GROUP_DEF = 0x00 // High-density erase g
roup definition
EMMC eMMC DRIVER INIT COMPLETE
» Downloading complete
» Elapsed time: 0:00.580 (81310 bytes/s)
» End loading driver
» Downloading
» Downloading 'Targets\Projects\espresso\MLO.hs'
» Sending data (262144 bytes) :::::............... [65536]
I have this Gnex that was bricked few years ago..
And i need help unbricking this one..
Tried omapflash, but shows up these errors
Code:
» OMAPFlash v4.15 (Aug 12 2011)
» -v
» Entering parameter file:Targets\Projects\tuna\omap4460_tuna_hs_pro.txt at line
: 1
» -omap 4
» -t 36000
» -p OMAP4460_TUNA_8G_HS_PRO
» -2
» chip_download EMMC Targets\Projects\tuna\MLO_4460_HS_PRO
» chip_download EMMC Targets\Projects\tuna\sbl.img
» command cold_sw_reset
» Leaving parameter file:Targets\Projects\tuna\omap4460_tuna_hs_pro.txt
» @Targets\Projects\tuna\omap4460_tuna_hs_pro.txt
» Looking for device (omap usb)
» Please turn off device
» Please turn on device
» Waiting for device (omap usb)
» Found device (omap usb)
» Requesting ASIC id
» AsicId items 05
» AsicId id 01 05 01 44 40 07 01
» AsicId secure_mode 13 02 01 00
» AsicId public_id 12 15 01 EE AD 48 C3 BD 1D D5 E8 F5 FC 6C 9A 18 33 90
B8 41 73 F6 FF
» AsicId root_key_hash 14 21 01 67 98 9B 35 54 CC 86 B4 67 32 47 05 36 74 E2
25 F0 9D A3 5C F4 59 B9 C9 3A 13 E0 B9 58 1E 5A BC
» AsicId checksum 15 09 01 22 9E 85 BA DC 58 74 BC
» Searching 2nd for: OMAP4460_TUNA_8G_HS_PRO 444007 01 HS
» Loading second file Targets/2nd-Downloaders/dnld_startup_omap4_hs_8g_es2.s2.si
gned.2nd.hs_pro
» Entering parameter file:omapflash2nd.txt at line: 46
» -pheriphalboot_reopen
» Reading board configuration file Targets\Configurations\configuration_omap4460
_tuna_8g.txt
» Reading definition file .\targets\definitions\definitions_omap4.txt
» -board_config Targets\Configurations\configuration_omap4460_tuna_8g.txt
» Leaving parameter file:omapflash2nd.txt
» Sending size of second file (0x000071B0 bytes)
» Transferring second file to target (0x71B0 bytes)
» Closing boot connection
» Found device (omap usb)
» Waiting for 2nd
» Found 2nd
» Looking for a driver for 'EMMC'
» chip_driver EMMC Targets\Flash-Drivers\emmc_drv.bin sid 0 width 4 delay 9 rpap
i_base 0x00030400
» Downloading driver
» Downloading 'Targets\Flash-Drivers\emmc_drv.bin'
» Sending data (47160 bytes) :::::::::::::::::::: [47160]
Interface 'OMAPFLASH DRIVER v6'
Driver 'eMMC JESD84-A43'
Driver configuration: sid = 0x00000000
Driver configuration: width = 0x00000004
Driver configuration: delay = 0x00000009
Driver configuration: rpapi_base = 0x00030400
MMC sid = 0x00
MMC mmc_volt = 0x01
MMC data_width = 0x04
MMC card_rca = 0x00
MMC card_type = 0x00
MMC data_width_support = 0x00
MMC transfer_clk_max = 0x00
MMC card_size = 0x00
MMC mmc_config return 0xF2055006
EMMC eMMC DRIVER DEINIT COMPLETE
» Download failed (final data response error): Remote: : Driver init error 0xF20
55006 - MMC CONFIG FAILURE
» Elapsed time: 0:05.415 (8730 bytes/s)
» Operation FAILED (Remote: : Driver init error 0xF2055006 - MMC CONFIG FAILURE)
» Elapsed time: 0:17.588
Press any key to continue . . .
please help
Thanks in advance
Hi all,
I have a Redmi Note 3 Special Edition (KATE) using MIUI 8 global 7.1.19 | Beta (6.0.1 MMB29M)
and I'm trying to unlock it using the official metod but, as I see it on a loot of cases, it is stuck at 50%.
I tried to follow a lot of threads (including unofficial method), but nothing works.
Now I'm using a USB sniffer (h**p://freeusbanalyzer.com/) (this is a free one, but any usb sniffing tool could be enough) and I watch what happen between MiUnlock tool (MiFlashUnlock_1.1.0317.1_en) and my phone.
this is the log:
Code:
000000: PnP Event: Device Connected (UP), 2017-02-05 09:50:43,9853586 (1. Device: Android Bootloader Interface)
The USB device has just been connected to the system.
000001: Get Descriptor Request (DOWN), 2017-02-05 09:50:54,4340120 +10,4486485 (1. Device: Android Bootloader Interface)
Descriptor Type: String
Descriptor Index: 0x3
Transfer Buffer Size: 0x40 bytes
LanguageId: 0x409
000002: Control Transfer (UP), 2017-02-05 09:50:54,4352269 +0,0012149. (1. Device: Android Bootloader Interface) Status: 0x00000000
Pipe Handle: Control Pipe
12 03 63 00 38 00 37 00 63 00 31 00 34 00 37 00 ..c.8.7.c.1.4.7.
34 00 4.
Setup Packet
80 06 03 03 09 04 40 00 €[email protected]
Recipient: Device
Request Type: Standard
Direction: Device->Host
Request: 0x6 (GET_DESCRIPTOR)
Value: 0x303
Index: 0x409
Length: 0x40
000003: Bulk or Interrupt Transfer (DOWN), 2017-02-05 09:50:54,4353628 +0,0001359 (1. Device: Android Bootloader Interface)
Pipe Handle: 0x9feaba34 (Endpoint Address: 0x1)
Send 0xe bytes to the device
67 65 74 76 61 72 3A 70 72 6F 64 75 63 74 getvar:product
000006: Bulk or Interrupt Transfer (UP), 2017-02-05 09:50:54,4362125 +0,0006771. (1. Device: Android Bootloader Interface) Status: 0x00000000
Pipe Handle: 0x9feaba14 (Endpoint Address: 0x81)
Get 0x8 bytes from the device
4F 4B 41 59 6B 61 74 65 OKAYkate
000007: Get Descriptor Request (DOWN), 2017-02-05 09:50:54,5170053 +0,0807928 (1. Device: Android Bootloader Interface)
Descriptor Type: String
Descriptor Index: 0x3
Transfer Buffer Size: 0x40 bytes
LanguageId: 0x409
000008: Control Transfer (UP), 2017-02-05 09:50:54,5182476 +0,0012423. (1. Device: Android Bootloader Interface) Status: 0x00000000
Pipe Handle: Control Pipe
12 03 63 00 38 00 37 00 63 00 31 00 34 00 37 00 ..c.8.7.c.1.4.7.
34 00 4.
Setup Packet
80 06 03 03 09 04 40 00 €[email protected]
Recipient: Device
Request Type: Standard
Direction: Device->Host
Request: 0x6 (GET_DESCRIPTOR)
Value: 0x303
Index: 0x409
Length: 0x40
000009: Bulk or Interrupt Transfer (DOWN), 2017-02-05 09:50:54,5183864 +0,0001388 (1. Device: Android Bootloader Interface)
Pipe Handle: 0x9feaba34 (Endpoint Address: 0x1)
Send 0xd bytes to the device
67 65 74 76 61 72 3A 73 6F 63 2D 69 64 getvar:soc-id
000012: Bulk or Interrupt Transfer (UP), 2017-02-05 09:50:54,5192327 +0,0005505. (1. Device: Android Bootloader Interface) Status: 0x00000000
Pipe Handle: 0x9feaba14 (Endpoint Address: 0x81)
Get 0x4 bytes from the device
4F 4B 41 59 OKAY
000013: Get Descriptor Request (DOWN), 2017-02-05 09:50:54,5861826 +0,0669499 (1. Device: Android Bootloader Interface)
Descriptor Type: String
Descriptor Index: 0x3
Transfer Buffer Size: 0x40 bytes
LanguageId: 0x409
000014: Control Transfer (UP), 2017-02-05 09:50:54,5873706 +0,0011880. (1. Device: Android Bootloader Interface) Status: 0x00000000
Pipe Handle: Control Pipe
12 03 63 00 38 00 37 00 63 00 31 00 34 00 37 00 ..c.8.7.c.1.4.7.
34 00 4.
Setup Packet
80 06 03 03 09 04 40 00 €[email protected]
Recipient: Device
Request Type: Standard
Direction: Device->Host
Request: 0x6 (GET_DESCRIPTOR)
Value: 0x303
Index: 0x409
Length: 0x40
000015: Bulk or Interrupt Transfer (DOWN), 2017-02-05 09:50:54,5875075 +0,0001369 (1. Device: Android Bootloader Interface)
Pipe Handle: 0x9feaba34 (Endpoint Address: 0x1)
Send 0xd bytes to the device
67 65 74 76 61 72 3A 73 6F 63 5F 69 64 getvar:soc_id
000018: Bulk or Interrupt Transfer (UP), 2017-02-05 09:50:54,5883543 +0,0006893. (1. Device: Android Bootloader Interface) Status: 0x00000000
Pipe Handle: 0x9feaba14 (Endpoint Address: 0x81)
Get 0x4 bytes from the device
4F 4B 41 59 OKAY
000019: Get Descriptor Request (DOWN), 2017-02-05 09:50:54,6663795 +0,0780252 (1. Device: Android Bootloader Interface)
Descriptor Type: String
Descriptor Index: 0x3
Transfer Buffer Size: 0x40 bytes
LanguageId: 0x409
000020: Control Transfer (UP), 2017-02-05 09:50:54,6676384 +0,0012589. (1. Device: Android Bootloader Interface) Status: 0x00000000
Pipe Handle: Control Pipe
12 03 63 00 38 00 37 00 63 00 31 00 34 00 37 00 ..c.8.7.c.1.4.7.
34 00 4.
Setup Packet
80 06 03 03 09 04 40 00 €[email protected]
Recipient: Device
Request Type: Standard
Direction: Device->Host
Request: 0x6 (GET_DESCRIPTOR)
Value: 0x303
Index: 0x409
Length: 0x40
000021: Bulk or Interrupt Transfer (DOWN), 2017-02-05 09:50:54,6677675 +0,0001291 (1. Device: Android Bootloader Interface)
Pipe Handle: 0x9feaba34 (Endpoint Address: 0x1)
Send 0x14 bytes to the device
67 65 74 76 61 72 3A 62 6F 61 72 64 5F 76 65 72 getvar:board_ver
73 69 6F 6E sion
000024: Bulk or Interrupt Transfer (UP), 2017-02-05 09:50:54,6686480 +0,0007040. (1. Device: Android Bootloader Interface) Status: 0x00000000
Pipe Handle: 0x9feaba14 (Endpoint Address: 0x81)
Get 0x4 bytes from the device
4F 4B 41 59 OKAY
000025: Get Descriptor Request (DOWN), 2017-02-05 09:51:54,3349831 +59,6663351 (1. Device: Android Bootloader Interface)
Descriptor Type: String
Descriptor Index: 0x3
Transfer Buffer Size: 0x40 bytes
LanguageId: 0x409
000026: Control Transfer (UP), 2017-02-05 09:51:54,3362591 +0,0012760. (1. Device: Android Bootloader Interface) Status: 0x00000000
Pipe Handle: Control Pipe
12 03 63 00 38 00 37 00 63 00 31 00 34 00 37 00 ..c.8.7.c.1.4.7.
34 00 4.
Setup Packet
80 06 03 03 09 04 40 00 €[email protected]
Recipient: Device
Request Type: Standard
Direction: Device->Host
Request: 0x6 (GET_DESCRIPTOR)
Value: 0x303
Index: 0x409
Length: 0x40
000027: Bulk or Interrupt Transfer (DOWN), 2017-02-05 09:51:54,3366136 +0,0003545 (1. Device: Android Bootloader Interface)
Pipe Handle: 0x9feaba34 (Endpoint Address: 0x1)
Send 0x7 bytes to the device
6F 65 6D 20 6C 6B 73 oem lks
000030: Bulk or Interrupt Transfer (UP), 2017-02-05 09:51:54,3374902 +0,0001624. (1. Device: Android Bootloader Interface) Status: 0x00000000
Pipe Handle: 0x9feaba14 (Endpoint Address: 0x81)
Get 0x13 bytes from the device
46 41 49 4C 75 6E 6B 6E 6F 77 6E 20 63 6F 6D 6D FAILunknown comm
61 6E 64 and
000031: Get Descriptor Request (DOWN), 2017-02-05 09:51:54,4131364 +0,0756462 (1. Device: Android Bootloader Interface)
Descriptor Type: String
Descriptor Index: 0x3
Transfer Buffer Size: 0x40 bytes
LanguageId: 0x409
000032: Control Transfer (UP), 2017-02-05 09:51:54,4143474 +0,0012110. (1. Device: Android Bootloader Interface) Status: 0x00000000
Pipe Handle: Control Pipe
12 03 63 00 38 00 37 00 63 00 31 00 34 00 37 00 ..c.8.7.c.1.4.7.
34 00 4.
Setup Packet
80 06 03 03 09 04 40 00 €[email protected]
Recipient: Device
Request Type: Standard
Direction: Device->Host
Request: 0x6 (GET_DESCRIPTOR)
Value: 0x303
Index: 0x409
Length: 0x40
000033: Bulk or Interrupt Transfer (DOWN), 2017-02-05 09:51:54,4144867 +0,0001393 (1. Device: Android Bootloader Interface)
Pipe Handle: 0x9feaba34 (Endpoint Address: 0x1)
Send 0xf bytes to the device
6F 65 6D 20 64 65 76 69 63 65 2D 69 6E 66 6F oem device-info
000036: Bulk or Interrupt Transfer (UP), 2017-02-05 09:51:54,4153437 +0,0006957. (1. Device: Android Bootloader Interface) Status: 0x00000000
Pipe Handle: 0x9feaba14 (Endpoint Address: 0x81)
Get 0x1b bytes from the device
49 4E 46 4F 09 44 65 76 69 63 65 20 74 61 6D 70 INFO.Device tamp
65 72 65 64 3A 20 66 61 6C 73 65 ered: false
000038: Bulk or Interrupt Transfer (UP), 2017-02-05 09:51:54,4163381 +0,0009279. (1. Device: Android Bootloader Interface) Status: 0x00000000
Pipe Handle: 0x9feaba14 (Endpoint Address: 0x81)
Get 0x1b bytes from the device
49 4E 46 4F 09 44 65 76 69 63 65 20 75 6E 6C 6F INFO.Device unlo
63 6B 65 64 3A 20 66 61 6C 73 65 cked: false
000040: Bulk or Interrupt Transfer (UP), 2017-02-05 09:51:54,4173369 +0,0009572. (1. Device: Android Bootloader Interface) Status: 0x00000000
Pipe Handle: 0x9feaba14 (Endpoint Address: 0x81)
Get 0x24 bytes from the device
49 4E 46 4F 09 44 65 76 69 63 65 20 63 72 69 74 INFO.Device crit
69 63 61 6C 20 75 6E 6C 6F 63 6B 65 64 3A 20 66 ical unlocked: f
61 6C 73 65 alse
000042: Bulk or Interrupt Transfer (UP), 2017-02-05 09:51:54,4183362 +0,0009577. (1. Device: Android Bootloader Interface) Status: 0x00000000
Pipe Handle: 0x9feaba14 (Endpoint Address: 0x81)
Get 0x21 bytes from the device
49 4E 46 4F 09 43 68 61 72 67 65 72 20 73 63 72 INFO.Charger scr
65 65 6E 20 65 6E 61 62 6C 65 64 3A 20 74 72 75 een enabled: tru
65 e
000044: Bulk or Interrupt Transfer (UP), 2017-02-05 09:51:54,4193375 +0,0009602. (1. Device: Android Bootloader Interface) Status: 0x00000000
Pipe Handle: 0x9feaba14 (Endpoint Address: 0x81)
Get 0x14 bytes from the device
49 4E 46 4F 09 44 69 73 70 6C 61 79 20 70 61 6E INFO.Display pan
65 6C 3A 20 el:
000046: Bulk or Interrupt Transfer (UP), 2017-02-05 09:51:54,4203363 +0,0009568. (1. Device: Android Bootloader Interface) Status: 0x00000000
Pipe Handle: 0x9feaba14 (Endpoint Address: 0x81)
Get 0x4 bytes from the device
4F 4B 41 59 OKAY
000047: Get Descriptor Request (DOWN), 2017-02-05 09:51:54,4849557 +0,0646194 (1. Device: Android Bootloader Interface)
Descriptor Type: String
Descriptor Index: 0x3
Transfer Buffer Size: 0x40 bytes
LanguageId: 0x409
000048: Control Transfer (UP), 2017-02-05 09:51:54,4861066 +0,0011509. (1. Device: Android Bootloader Interface) Status: 0x00000000
Pipe Handle: Control Pipe
12 03 63 00 38 00 37 00 63 00 31 00 34 00 37 00 ..c.8.7.c.1.4.7.
34 00 4.
Setup Packet
80 06 03 03 09 04 40 00 €[email protected]
Recipient: Device
Request Type: Standard
Direction: Device->Host
Request: 0x6 (GET_DESCRIPTOR)
Value: 0x303
Index: 0x409
Length: 0x40
000049: Bulk or Interrupt Transfer (DOWN), 2017-02-05 09:51:54,4862122 +0,0001056 (1. Device: Android Bootloader Interface)
Pipe Handle: 0x9feaba34 (Endpoint Address: 0x1)
Send 0xc bytes to the device
67 65 74 76 61 72 3A 74 6F 6B 65 6E getvar:token
000052: Bulk or Interrupt Transfer (UP), 2017-02-05 09:51:54,4870975 +0,0006893. (1. Device: Android Bootloader Interface) Status: 0x00000000
Pipe Handle: 0x9feaba14 (Endpoint Address: 0x81)
Get 0x1c bytes from the device
4F 4B 41 59 45 44 71 49 31 37 50 42 51 6F 7A 4B OKAYEDqI17PBQozK
74 50 61 6B 77 7A 36 38 42 41 59 6F tPakwz68BAYo
Now I see that the oem lks command is failing with unknown command
6F 65 6D 20 6C 6B 73 oem lks
000030: Bulk or Interrupt Transfer (UP), 2017-02-05 09:51:54,3374902 +0,0001624. (1. Device: Android Bootloader Interface) Status: 0x00000000
Pipe Handle: 0x9feaba14 (Endpoint Address: 0x81)
Get 0x13 bytes from the device
46 41 49 4C 75 6E 6B 6E 6F 77 6E 20 63 6F 6D 6D FAILunknown comm
Is somebody else who tried to sniff the USB communication between Mi Unlock tool and the phone?
If your OFFICIAL unlock process is working, can you please post a log of your sniff? Maybe we can find the true commands that can unlock the phone without any permissions/ rights.
Do you know what the oem lks command is doing?