M9 after upgrade... Auto-answering? (after 2 rings) - Sprint HTC One (M9)

Hi, have this unusual issue... (ive seen in some other Sprint phones). It is about auto answering... after 2 rings, phone just auto-answer. No matter what app I have to manage call settings, always 2 rings and it auto answers. Any suggestion? Phone have bad boys rom, it is working great... just that
Thanks for your opinions/suggestions/answers!!

tramuyo said:
Hi, have this unusual issue... (ive seen in some other Sprint phones). It is about auto answering... after 2 rings, phone just auto-answer. No matter what app I have to manage call settings, always 2 rings and it auto answers. Any suggestion? Phone have bad boys rom, it is working great... just that
Thanks for your opinions/suggestions/answers!!
Click to expand...
Click to collapse
Did you fixed it? i have same problem

4bigana said:
Did you fixed it? i have same problem
Click to expand...
Click to collapse
ive readed by flashing some kind of GSM firmware. Ill keep you updated

okay thanks I'm waiting your updates

4bigana said:
okay thanks I'm waiting your updates
Click to expand...
Click to collapse
got another M9 with same issue. Time to play with it again since older M9s got lost

tramuyo said:
got another M9 with same issue. Time to play with it again since older M9s got lost
Click to expand...
Click to collapse
That's so bad... which rom you are using? viperone?

Have you found the way to fix the issue yet?? My phone keeps answering, so annoying

By installing a cooked rom, problem is partially solved (at least)
Enviado desde mi iPhone utilizando Tapatalk

tramuyo said:
By installing a cooked rom, problem is partially solved (at least)
Enviado desde mi iPhone utilizando Tapatalk
Click to expand...
Click to collapse
Yes, I have tried flashing Viper, ICE and LeeDroid but nothing changed
Is it because of the firmware or something else?? I'm on 0PJAIMG_Sprint_4.27.651.4_firmware

newfull said:
Yes, I have tried flashing Viper, ICE and LeeDroid but nothing changed
Is it because of the firmware or something else?? I'm on 0PJAIMG_Sprint_4.27.651.4_firmware
Click to expand...
Click to collapse
same problem tooo.
PEOPLE HOW TO CURE THIS?????
Now on badboys 3.2, but problem appears on stick sprint rom too

well, seems by installing viperrom w/ magisk contacts+phonebook from htc10 problem is *partially* corrected. not at all but at least is a good try

tramuyo said:
ive readed by flashing some kind of GSM firmware. Ill keep you updated
Click to expand...
Click to collapse
tramuyo said:
By installing a cooked rom, problem is partially solved (at least)
Enviado desde mi iPhone utilizando Tapatalk
Click to expand...
Click to collapse
tramuyo said:
well, seems by installing viperrom w/ magisk contacts+phonebook from htc10 problem is *partially* corrected. not at all but at least is a good try
Click to expand...
Click to collapse
can not make to work any viper rom. 4.2, 5.2, 6.2 none of this will boot. Only stock sprint rom works or badboys 3.2 for this moment

I have found solution myself
nvitem 0074 was wrong.
Restored nvitem 0074 from another sprint M9 and now it is OK
just need any simple NVitem reader-writer app for windows and also need SPC-code for your phone (to enter DIAG mode type ##3424# from dialer)
Thanks to autoprime for this thread
BAD 0074 NVitem
00074 (0x004A) - OK
01 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
GOOD 0074 NVitem
00074 (0x004A) - OK
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................

nick_fc said:
I have found solution myself
nvitem 0074 was wrong.
Restored nvitem 0074 from another sprint M9 and now it is OK
just need any simple NVitem reader-writer app for windows and also need SPC-code for your phone (to enter DIAG mode type ##3424# from dialer)
Thanks to autoprime for this thread
BAD 0074 NVitem
00074 (0x004A) - OK
01 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
GOOD 0074 NVitem
00074 (0x004A) - OK
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
Click to expand...
Click to collapse
And how you can write this sir, dont understand much, can you explain a proccess for doing this. thak you

Oh no thank you very much, I figured out

nick_fc said:
I have found solution myself
nvitem 0074 was wrong.
Restored nvitem 0074 from another sprint M9 and now it is OK
just need any simple NVitem reader-writer app for windows and also need SPC-code for your phone (to enter DIAG mode type ##3424# from dialer)
Thanks to autoprime for this thread
BAD 0074 NVitem
00074 (0x004A) - OK
01 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
GOOD 0074 NVitem
00074 (0x004A) - OK
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
Click to expand...
Click to collapse
bro tkz for colaborations
need steeps please how to repair or as writhe and read nviten 0074 tkz and excuses my ignorancy
br
treo29

Open the software, search in device manager the COM port number of your device and select it on software, click connect, on Range (DEC) put 0074 and then click write and select 0074_OK.txt, when finish close software and dont click on reset, restrat your device and you are done

tkz my friends is good repair sucesfully
tkz
tkz
tkz
tkz
br
treo29

Thank you!

ernestico911 said:
Open the software, search in device manager the COM port number of your device and select it on software, click connect, on Range (DEC) put 0074 and then click write and select 0074_OK.txt, when finish close software and dont click on reset, restrat your device and you are done
Click to expand...
Click to collapse
I connected to HTC One M9 via USB (transfer files, not charging) to my PC (Windows 7 Pro)
I opened Device Manager on my PC > Portable Devices > HTC One M9 > Location: Port_#0002.Hub_#0007
I have downloaded and extracted the program, and saved the .txt file. I don't know what to do next. I can't find the "connect" interface. Can anyone help me take the next steps? I'm not sure if "software" means the PC, or the smartphone.

Related

RUU_Hermes_QTEK_DAN_2.11.253.1_102_6275_1.38.00.10 _108_Ship

THought i would upload it for the ppl who dont have access to qtek.se
http://rapidshare.com/files/27550822/895179-tytn_den_upgrade.zip.html
Tnx to Abubasim for heads up on this
can u upload this file again
Please, can you upload this rom again and pm me or just post it here bro? i needed badly as my herm200 is CID locked and flashed so now im stucked with DOPOD screen (never boots-just stays DOPOD) and bootloader Herm 200 IPL-1.00 Herm200 SPL 2.03. i need an original rom so i can bypass cid then hard SPL it.PLEASE
armendkasa said:
Please, can you upload this rom again and pm me or just post it here bro? i needed badly as my herm200 is CID locked and flashed so now im stucked with DOPOD screen (never boots-just stays DOPOD) and bootloader Herm 200 IPL-1.00 Herm200 SPL 2.03. i need an original rom so i can bypass cid then hard SPL it.PLEASE
Click to expand...
Click to collapse
go to here, maybe you can find it
THANK YOU
i really appreciate your effort uploading the ROM for me. i really do, but,trying to flash my bricked herm200 with this ROM it restarts on 1 %.
the way i bricked my phone was weird. i have a friend that offered to put some customization to my Hermes 200 and he tried to flash it by unlocking SIM only (maybe was afraid to CID unlock it). when i got the phone it had a "German like" language which i didn't understand so i thought WHY NOT. it asked my friend to press "YA" so he did (while SIM unlocking it). NOW-i know my Hermes 200 originally had danish ROM since i read allot to fix this problem i have and so i found out (by mtty and USB monitoring) that i have
00000000 48 54 43 53 48 00 45 00 52 00 4D 00 32 00 30 00 30 00 00 00 00 00 00 00 00 00 00 HTCSH.E.R.M.2.0.0..........
0000001B 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ...........................
00000036 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ...........................
00000051 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ...........................
0000006C 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ...........................
00000087 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ...........................
000000A2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ...........................
000000BD 00 00 00 00 00 00 00 51 54 45 4B 5F 46 30 38 00 00 00 00 00 00 00 00 00 00 00 00 .......QTEK_F08............
000000D8 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ...........................
000000F3 00 00 00 00 00 00 00 00 00 00 00 00 00 .............
Click to expand...
Click to collapse
QTEK_F08 CID LOCK. This is the only ROM on the table of ROM's at
http://forum.xda-developers.com/wiki/index.php?title=Hermes_Upgrades
that is actually CID Locked by
Danish QTEK_F08
Click to expand...
Click to collapse
Danish DOPOD ROM.
i tried ALL the tips, ALMOST (i say almost because i still have hope) ALL METHODS to unbrick my herm200. NOW since i know that the only way to unbrick my herm200 is to flash its own ROM originally sold with I HAVE HOPES.
if by any chance, you have a back up of this ROM (Danish with CID LOCK QTEK_F08) or ANYONE in this World i would be MORE THAN THANKFUL and will try to repay my dept to the one who finds the original ROM with CID QTEK_F08 Lock in any way possible.
THANK YOU in advance.
--------------------------------------------------------------------------------------------------------------------------------------------------------
Edit-FIXED it!!!
Found a danish rom for dopod and it flashed it without a problem. I found a solution by finding the original rom using mtty tool and usb monitor to find out what CID is the phone locked in to and then flashed it with the original rom then super CID it and then happily flashed a sweet looking manila 2d rom.
THANK YOU EVERYONE on XDA WONDERFUL FAMILY. THANKS TO ALL OF YOU I MANAGED TO FIND A SOLUTION.
THANK YOU AGAIN.
Maybe someone was in his personal archive this file.
armendkasa said:
Edit-FIXED it!!!
Found a danish rom for dopod and it flashed it without a problem. I found a solution by finding the original rom using mtty tool and usb monitor to find out what CID is the phone locked in to and then flashed it with the original rom then super CID it and then happily flashed a sweet looking manila 2d rom.
THANK YOU EVERYONE on XDA WONDERFUL FAMILY. THANKS TO ALL OF YOU I MANAGED TO FIND A SOLUTION.
THANK YOU AGAIN.
Click to expand...
Click to collapse
Maybe someone was in his personal archive this file RUU_Hermes_QTEK_DAN_2.11.253.1_102_6275_1.38.00.10 _108_Ship
Put please to something. I would be very grateful to you. This is the only chance to save the brick.

[Q] What is "simlock.ta" file?

I found that file in a firmware when going to do a bundle with flashtool. What is this file for? Is it necessary? Will it lock my simcard or phone?
what is in there??
timotuithof said:
what is in there??
Click to expand...
Click to collapse
If opened with notepad, it shows this:
Code:
// [SIMLOCK S1]
02
000007DA 013B 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 02 00 05 0A 02 00 00 00 0A 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 02 00 00 00 0A 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 47 4F 50
5F 49 44 3D 22 34 34 36 36 22 3B 4F 50 5F 4E 41
4D 45 3D 22 43 75 73 74 6F 6D 69 7A 65 64 20 49
42 45 22 3B 43 44 41 5F 4E 52 3D 22 31 32 33 38
2D 33 37 36 30 22 3B 43 44 41 5F 52 45 56 3D 22
52 32 41 22 3B 00 00 00 09 00 07 30 30 31 30 31
2D 2A 00 00 00 00 00 00 00 00 00 00 00 00 02 00
00 00 0A 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 02 00 00 00 0A 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 02 00 00 00 0A 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00
0A 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 14 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00
_SpAiK_ said:
I found that file in a firmware when going to do a bundle with flashtool. What is this file for? Is it necessary? Will it lock my simcard or phone?
Click to expand...
Click to collapse
im not sure on this but i thibk its related to stk.apk after build
rendeiro2005 said:
im not sure on this but i thibk its related to stk.apk after build
Click to expand...
Click to collapse
As far as I now stk.apk is the Sim Toolkit, wich is an interface or something like that between the sim and the phone, isn't it? So I think it is necessary, don't you think that?
_SpAiK_ said:
As far as I now stk.apk is the Sim Toolkit, wich is an interface or something like that between the sim and the phone, isn't it? So I think it is necessary, don't you think that?
Click to expand...
Click to collapse
yes you`re right about sim toolkit but i always delete that
but...
when i made all those baseband that you can find on my sig i always include that file, but like i said...don`t really know what`s that for
Finally I flashed all the stuff. Anyway my problem isn't fixed, you can see it in this threat. Maybe you have an idea of what is happening.
i not really have idea but i mix my original rom whitch other simlock.ta file and my phone work fine. which my sim-card...
simlock.ta unlock
simlock.ta, ta means TRIM AREA i guess... maybe someone could modify this file so we can have free unlock...
Delete this
_SpAiK_ said:
If opened with notepad, it shows this:
Code:
// [SIMLOCK S1]
02
000007DA 013B
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 02 00 05 0A 02 00 00 00 0A 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 02 00 00 00 0A 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 47 4F 50
5F 49 44 3D 22 34 34 36 36 22 3B 4F 50 5F 4E 41
4D 45 3D 22 43 75 73 74 6F 6D 69 7A 65 64 20 49
42 45 22 3B 43 44 41 5F 4E 52 3D 22 31 32 33 38
2D 33 37 36 30 22 3B 43 44 41 5F 52 45 56 3D 22
52 32 41 22 3B 00 00 00 09 00 07 30 30 31 30 31
2D 2A 00 00 00 00 00 00 00 00 00 00 00 00 02 00
00 00 0A 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 02 00 00 00 0A 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 02 00 00 00 0A 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00
0A 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 14 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00
Click to expand...
Click to collapse
mine is:
Code:
// [SIMLOCK S1]
02
000007DA 013C
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 02 00 05 0A 02 00 00 00 0A 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 02 00 00 00 0A 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 48 4F 50
5F 49 44 3D 22 31 30 35 22 3B 4F 50 5F 4E 41 4D
45 3D 22 43 75 73 74 6F 6D 69 7A 65 64 22 3B 43
44 41 5F 4E 52 3D 22 31 32 35 37 2D 35 34 39 39
22 3B 52 4F 4F 54 49 4E 47 5F 41 4C 4C 4F 57 45
44 3D 22 31 22 3B 00 00 00 09 00 07 30 30 31 30
31 2D 2A 00 00 00 00 00 00 00 00 00 00 00 00 02
00 00 00 0A 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 02 00 00 00 0A 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 02 00 00 00 0A 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00
00 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 14 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00
plasmid09 said:
mine is:
Code:
// [SIMLOCK S1]
02
000007DA 013C
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 02 00 05 0A 02 00 00 00 0A 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 02 00 00 00 0A 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 48 4F 50
5F 49 44 3D 22 31 30 35 22 3B 4F 50 5F 4E 41 4D
45 3D 22 43 75 73 74 6F 6D 69 7A 65 64 22 3B 43
44 41 5F 4E 52 3D 22 31 32 35 37 2D 35 34 39 39
22 3B 52 4F 4F 54 49 4E 47 5F 41 4C 4C 4F 57 45
44 3D 22 31 22 3B 00 00 00 09 00 07 30 30 31 30
31 2D 2A 00 00 00 00 00 00 00 00 00 00 00 00 02
00 00 00 0A 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 02 00 00 00 0A 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 02 00 00 00 0A 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00
00 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 14 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00
Click to expand...
Click to collapse
it will be
��Ú<?����������������?�����
���
���?����������������?�����
���������?�������������HOP?_ID="105";OP_NAM?E="Customized";C?DA_NR="1257-5499?";ROOTING_ALLOWE?D="1";��� �0010?1-*������������?���
������������?������������
��?����������������?������
��������?���������������?�
��������������?����������������?���������������?������������
and
second
��Ú<?����������������?�����
��Ú;?����������������?�����
���
���?����������������?�����
���������?�������������GOP?_ID="4466";OP_NA?ME="Customized I?BE";CDA_NR="1238?-3760";CDA_REV="?R2A";��� �00101?-*�������������?��
�������������?�����������
���?����������������?�����
���������?���������������?
���������������?����������������?���������������?�����������
i think is possible to reset code for writing unlock network code by this but im not sure someone look at it i got hardlocked lt26i and need to unlock network
On flashtool, try clicking "Exclude TA" and see how that goes.
Kill it with fire.

[Q] U-boot for Gen 8

Has anybody just worked on getting U-boot working on the Gen 8's without all the crap from Archos?
omappedia.org/wiki/Bootloader_Project
omappedia.org/wiki/Zoom_Flashing
And then just using Debian\Fedora or other ARM Linux distro working again without all the stinking .AOS, Archos permissions and signature checking?
Is there an in circuit flasher for the firmware flash for firmware development and recovery? Did they leave the JTAG pins accessible?
2ShedsJackson said:
Has anybody just worked on getting U-boot working on the Gen 8's without all the crap from Archos?
omappedia.org/wiki/Bootloader_Project
omappedia.org/wiki/Zoom_Flashing
And then just using Debian\Fedora or other ARM Linux distro working again without all the stinking .AOS, Archos permissions and signature checking?
Is there an in circuit flasher for the firmware flash for firmware development and recovery? Did they leave the JTAG pins accessible?
Click to expand...
Click to collapse
I don't think anybody's really bothered to. With the SDE, you can flash anything you want without any AOS or signature interference.
Archos gave us a developer boot loader, so why replace it? I know there are some benefits to custom ones, especially MagLDR, but you could just make a bootloader that runs through Developer mode anyways.
Ah, I must have been misinformed. Is there a working kernel config somehwere for the Gen 8 (omap3360) ?
2ShedsJackson said:
Ah, I must have been misinformed. Is there a working kernel config somehwere for the Gen 8 (omap3360) ?
Click to expand...
Click to collapse
Here's the kernel git repositories from Archos: http://gitorious.org/archos/archos-gpl-gen8-kernel
Here's the master repository: http://gitorious.org/archos/archos-gpl-gen8-kernel
There's also alot of google code pages and git repositories by independent devs. Google "gen8 git" and "gen8 google code" to find them.
By the way, why are you called Two Sheds when you only have one shed, Arthur?
Thanks! I noticed all the custom kernels in other posts. Not many post their configs.
I'll still need to look into u-boot for the gen8's since I'd like to be able to see all the source for the bootloader for security reasons.
2ShedsJackson said:
Thanks! I noticed all the custom kernels in other posts. Not many post their configs.
I'll still need to look into u-boot for the gen8's since I'd like to be able to see all the source for the bootloader for security reasons.
Click to expand...
Click to collapse
Technically, I think the source code for the Archos bootloader is buried in that repository I linked, if it helps.
msticninja said:
Technically, I think the source code for the Archos bootloader is buried in that repository I linked, if it helps.
Click to expand...
Click to collapse
I haven't found a bootloader in there yet.
My desire is to just replace what Archos used with u-boot
lists.denx.de/pipermail/u-boot/2010-June/073167.html
Plus have a resore util to resore the flash back to factory new.
Then you won't have to worry about the signature checking
forum.xda-developers.com/showthread.php?t=1018260&highlight=signature+check
The current firmware is a train wreck IMHO. Why does it have to be so clumsy to multiboot or install a new OS or UrukDroid?
2ShedsJackson said:
I haven't found a bootloader in there yet.
My desire is to just replace what Archos used with u-boot
lists.denx.de/pipermail/u-boot/2010-June/073167.html
Plus have a resore util to resore the flash back to factory new.
Then you won't have to worry about the signature checking
forum.xda-developers.com/showthread.php?t=1018260&highlight=signature+check
The current firmware is a train wreck IMHO. Why does it have to be so clumsy to multiboot or install a new OS or UrukDroid?
Click to expand...
Click to collapse
Well, that's Archos' style, and we don't have good enough android developers here to make the corrections.
The Recovery Menu in Urukdroid 1.1RC1 is pretty damn good, but it's obviously a second layer bootloader, and all the multi-boot OSes must use the same kernel. Backup/Restore has everything I need though.
"Archos gen8 boots using OMAP boot ROM from internal eMMC card. Primary bootloader ("boot0") is in 0x20000 bytes after the first sector of internal flash (i.e. at 0x200) and secondary bootloader is written into rawfs, /mnt/rawfs/avboot. boot0 contains image size and loading address in first 8 bytes."
Here's the thread on unlocking it:
http://forum.xda-developers.com/showthread.php?t=1018260&
msticninja said:
"Archos gen8 boots using OMAP boot ROM from internal eMMC card. Primary bootloader ("boot0") is in 0x20000 bytes after the first sector of internal flash (i.e. at 0x200) and secondary bootloader is written into rawfs, /mnt/rawfs/avboot. boot0 contains image size and loading address in first 8 bytes."
[/URL]
Click to expand...
Click to collapse
Anyone know what hardware/flash device they used for the internal eMMC?
I found this interesting as well:
omappedia.org/wiki/E-MMC_boot
You can boot omap3630 without x-loader
Step-1 : Copy the following settings(512+8 bytes) in front of u-boot.bin file;
This is the TOC settings for Clock and SDRAM. And say new file name as u-boot.bin.ift
A0 00 00 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 43 48 53 45 54 54 49 4E 47 53 00 00
F0 00 00 00 5C 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 43 48 52 41 4D 00 00 00 00 00 00 00
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
C1 C0 C0 C0 01 01 00 00 FD 01 00 05 40 00 00 00 03 00 00 00 02 00 00 00 0A 13 00 00 15 00 00 00
07 00 37 00 00 00 00 00 00 0C C8 08 11 00 00 00 00 00 00 00 0C B0 41 04 09 00 00 00 37 00 00 00
00 00 00 00 0C 2C 11 00 01 00 00 00 00 00 00 00 C2 C0 C0 C0 01 00 00 00 00 00 02 00 00 01 00 00
0A 00 00 00 00 00 00 00 85 00 00 00 03 00 00 00 99 80 58 03 32 00 00 00 00 00 00 00 C6 B4 E1 A2
1C 13 02 00 01 E6 05 00 03 00 00 00 99 80 58 03 32 00 00 00 00 00 00 00 C6 B4 E1 A2 1C 13 02 00
01 E6 05 00 00 00 00 00 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
C0 D5 02 00 00 00 E8 80
----------- -----------
4-byte-size 4byteLoadAddr
====> Step-1 can be done automatically using the http://code.google.com/p/omap-u-boot-utils/ utility.
a. Download the code (git tree)
b. make
c. copy the u-boot.bin in same location.
d. ./gpsign -c configs/sample-3630.cfg -l 80000000 -f u-boot.bin
e. output file u-boot.bin.ift
Step-2: Copy the image(say, u-boot.bin.ift) in MMC/SD card
Step-3: Boot from MMC/SD card and follow the steps as below to flush image in eMMC
#mmcinit 0
#mmcinit 1
#fatload mmc 0 90000000 u-boot.bin.ift
#mmc write.i 1 90000000 0 ${filesize}
Step-4: Remove the MMC/SD card and reboot the system.
[Change the dipswitch settings for SDP only for eMMC boot.]
Too much info there for me to absorb. But the UART pins were just posted on openaos if you want to get serial access. I know it can access the upstream kernel, not sure what else.
http://www.openaos.org/archives/692
Yes. We've been using the serial debug using a FTDI 3V serial to USB adapter. The firmware actually outputs to serial from pretty early on. I just need to be able to recover the flash via jtag or other method in-circuit flasher etc
http://wiki.meego.com/ARM/N900/Install/U-Boot_from_scratch
The Nokia N900 uses a similar OMAP 3430 ARM Cortex A8 to the Gen8 omap3630.
Once I get a working flash util (or find one) u-boot should come together pretty quickly. We just need a way to recover from broken firmware.
coreboot is also just coming up on ARM. So far it's working in qemu for the ARM versatile platform.
flashrom is also being ported to ARM.
So it's possible that we will have u-boot, coreboot and flashrom support soon.
This would be really cool!
2ShedsJackson said:
http://wiki.meego.com/ARM/N900/Install/U-Boot_from_scratch
The Nokia N900 uses a similar OMAP 3430 ARM Cortex A8 to the Gen8 omap3630.
Once I get a working flash util (or find one) u-boot should come together pretty quickly. We just need a way to recover from broken firmware.
coreboot is also just coming up on ARM. So far it's working in qemu for the ARM versatile platform.
flashrom is also being ported to ARM.
So it's possible that we will have u-boot, coreboot and flashrom support soon.
Click to expand...
Click to collapse
I have alot of experience with modules, kernel building, and scripting. And big gaps in my knowledge too. Especially in this low-level stuff you're working on. Even so, please let me know if there is a way I can help.
I'm working on getting kexec to work on the sde kernel. If I can get it working, I'm just going to try to chainload uboot. I feel that replacing the stock bootloader may not benefit the community, because they will brick their device if something goes wrong.
To recover from bad firmware, usb booting is close to working. https://github.com/swetland/omap4boot and https://patchwork.kernel.org/patch/10718/
https://www.droid-developers.org/wiki/Main_Page has lots of bootloader and recovery info for the omaps as well.
They also have a forum on XDA Motorola Droid and Milestone
http://forum.xda-developers.com/forumdisplay.php?f=667
brick recovery...
Any progress...
Just bought a bricked A101.
There's no response from the system anymore and no boot messages over UART. The eMMC structure seems completely borked
I guess i'll need some code to start the device from external sdcard and reflash the eMMC from scratch. At least that's the plan so far.
So i already did some investigations on the mainboard and it seems archos made a quite straight design for the A101. So it seems quite easy to tweak the hardware. I will open a new thread with my findings the next days.
Right now my starting point is the x-loader mainline repository.
Look here: http://gitorious.org/x-load-omap3/
I use the overo configuration as a base, because it's very similar to the things Archos put on the A101.
So any thoughts about it?
Anyone who started something related?
BTW, anyone who got dumps from boot0 and avboot of the gen8 devices?
Would be very helpful...
Best regards,
scholbert
Hi,
i know this is an old thread, but there's some news
So i thought it would be nice to leave a message here as well...
Made some progress on porting u-boot to Gen8, especially A101IT:
http://forum.xda-developers.com/showpost.php?p=23813784&postcount=117
Happy hacking
scholbert

[Q] MTK6582 repartition help

Hello @ all xda-developers user & team
I have an MTK6582 based phone with internal store size of 0,98GB and phone store of 1,78GB
internal it should be 2.5 GB
is there a way to change the stor size like on the MTK6589??
i search for an easy way like the meteos-mtk6589-rom-edit app / tool
but nothing...
now i read about changing the ebr1 hex, but the example what i found is for mtk6589 and my ebr1 looks a little bit different...
thats how is looks like
000001C0 00 00 83 00 00 00 00 E8 01 00 00 E0 15 00 00 00
000001D0 00 00 83 00 00 00 00 C8 17 00 00 F0 03 00 00 00
000001E0 00 00 83 00 00 00 00 B8 1B 00 00 00 20 00 00 00
000001F0 00 00 05 00 00 00 00 94 01 00 FF FF FF FF 55 AA
if some one could help me I would be very happy
greetings TO
theoverfiend said:
Hello @ all xda-developers user & team
I have an MTK6582 based phone with internal store size of 0,98GB and phone store of 1,78GB
internal it should be 2.5 GB
is there a way to change the stor size like on the MTK6589??
i search for an easy way like the meteos-mtk6589-rom-edit app / tool
but nothing...
now i read about changing the ebr1 hex, but the example what i found is for mtk6589 and my ebr1 looks a little bit different...
thats how is looks like
000001C0 00 00 83 00 00 00 00 E8 01 00 00 E0 15 00 00 00
000001D0 00 00 83 00 00 00 00 C8 17 00 00 F0 03 00 00 00
000001E0 00 00 83 00 00 00 00 B8 1B 00 00 00 20 00 00 00
000001F0 00 00 05 00 00 00 00 94 01 00 FF FF FF FF 55 AA
if some one could help me I would be very happy
greetings TO
Click to expand...
Click to collapse
Hello. I have a THL W100S. The processor is also MTK6582. I made a stupidity, trying to make repartition with meteos-mtk6589 and now my phone is dead
I did not even install CWM
Now I do not know if I can revive it. I tried with SP Flash Tool, but no reaction... Is there any solution to solve this problem?
1. Do a full backup of the current firmware in recovery
2. Install the application, run (on request Root rights answer - YES \ grant)
3. Choose the size of data partition (2.5GB or 2.77GB)
4. Select in the program restarts in recovery
5. Do wipe data
6. Restoring the backup firmware
7. Boot the system
I set 2.77GB, can this be a problem, maybe it was better to choose 2.5GB? After point 5 phone has rebooted and then show only one. This - gifti.me/i/6ylSuEc.gif
theoverfiend said:
Hello @ all xda-developers user & team
I have an MTK6582 based phone with internal store size of 0,98GB and phone store of 1,78GB
internal it should be 2.5 GB
is there a way to change the stor size like on the MTK6589??
i search for an easy way like the meteos-mtk6589-rom-edit app / tool
but nothing...
now i read about changing the ebr1 hex, but the example what i found is for mtk6589 and my ebr1 looks a little bit different...
thats how is looks like
000001C0 00 00 83 00 00 00 00 E8 01 00 00 E0 15 00 00 00
000001D0 00 00 83 00 00 00 00 C8 17 00 00 F0 03 00 00 00
000001E0 00 00 83 00 00 00 00 B8 1B 00 00 00 20 00 00 00
000001F0 00 00 05 00 00 00 00 94 01 00 FF FF FF FF 55 AA
if some one could help me I would be very happy
greetings TO
Click to expand...
Click to collapse
I have the same problem. My phone is a W450 mtk6582.
Many thanks
My phone is an Star W450 to...
@hat3ck
my first try was the meteos-mtk6589 but i have a cwm installed.. ... and the phone didn't boot at least
I fix it by flash all options without preloader
and it's like it was
try to flash again.
greetz TO
theoverfiend said:
My phone is an Star W450 to...
@hat3ck
my first try was the meteos-mtk6589 but i have a cwm installed.. ... and the phone didn't boot at least
I fix it by flash all options without preloader
and it's like it was
try to flash again.
greetz TO
Click to expand...
Click to collapse
Thanks for reply! I tried flashing, but nothing, maybe I don't have the need drivers? Can you make a screenshot of window manage without conected phone? Or how I can verify if my laptop sees the phone...
@hat3ck
try this Tutorial 4 Driver install
(under the red ATTENTION text)
http://forum.xda-developers.com/showthread.php?t=2160490
p.s. whats your home country / language?
Greetz TO
theoverfiend said:
@hat3ck
try this Tutorial 4 Driver install
(under the red ATTENTION text)
http://forum.xda-developers.com/showthread.php?t=2160490
p.s. whats your home country / language?
Greetz TO
Click to expand...
Click to collapse
Thanks, I will try now. Language Romanian, but I can understand and Russian.
okay i dont understand Romanian and Russian. it's like for me. :laugh:
if you run Windows 8 it's a little bit tricky to install the drivers.
Instructions for Win8:
1) Windows Key + X -> Start command prompt (administrator).
2) C: \ Windows \ System32 \ shutdown.exe / r / o
3) Select Troubleshooting
4) Advanced Options
5) Start Settings
6) Restart
7)Disable Driver Signature Enforcement.
Greetz TO
theoverfiend said:
Hello @ all xda-developers user & team
I have an MTK6582 based phone with internal store size of 0,98GB and phone store of 1,78GB
internal it should be 2.5 GB
is there a way to change the stor size like on the MTK6589??
i search for an easy way like the meteos-mtk6589-rom-edit app / tool
but nothing...
now i read about changing the ebr1 hex, but the example what i found is for mtk6589 and my ebr1 looks a little bit different...
thats how is looks like
000001C0 00 00 83 00 00 00 00 E8 01 00 00 E0 15 00 00 00
000001D0 00 00 83 00 00 00 00 C8 17 00 00 F0 03 00 00 00
000001E0 00 00 83 00 00 00 00 B8 1B 00 00 00 20 00 00 00
000001F0 00 00 05 00 00 00 00 94 01 00 FF FF FF FF 55 AA
if some one could help me I would be very happy
greetings TO
Click to expand...
Click to collapse
Hi, you must modify EBR1 and EBR2 like this:
1. EBR1 from:
00 00 83 00 00 00 00 E9 01 00 00 E0 15 00 00 00 00 00 83 00 00 00 00 C9 17 00 00 F0 03 00 00 00 00 00 83 00 00 00 00 B9 1B 00 00 00 20 00 00 00 00 00 05 00 00 00 00 95 01 00 FF FF FF FF 55 AA
to
00 00 83 00 00 00 00 E9 01 00 00 E0 15 00 00 00 00 00 83 00 00 00 00 C9 17 00 00 F0 03 00 00 00 00 00 83 00 00 00 00 B9 1B 00 00 00 50 00 00 00 00 00 05 00 00 00 00 95 01 00 FF FF FF FF 55 AA
2. EBR2 from:
00 00 83 00 00 00 00 24 3A 00 FF 46 C4 FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA
to
00 00 83 00 00 00 00 24 6A 00 FF 46 C4 FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA
Flash the files with SPFlashTool. Please make a backup before!! If something go wrong just reflash old EBR1 and EBR2.
Thanks!
mircam said:
Hi, you must modify EBR1 and EBR2 like this:
1. EBR1 from:
00 00 83 00 00 00 00 E9 01 00 00 E0 15 00 00 00 00 00 83 00 00 00 00 C9 17 00 00 F0 03 00 00 00 00 00 83 00 00 00 00 B9 1B 00 00 00 20 00 00 00 00 00 05 00 00 00 00 95 01 00 FF FF FF FF 55 AA
to
00 00 83 00 00 00 00 E9 01 00 00 E0 15 00 00 00 00 00 83 00 00 00 00 C9 17 00 00 F0 03 00 00 00 00 00 83 00 00 00 00 B9 1B 00 00 00 50 00 00 00 00 00 05 00 00 00 00 95 01 00 FF FF FF FF 55 AA
2. EBR2 from:
00 00 83 00 00 00 00 24 3A 00 FF 46 C4 FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA
to
00 00 83 00 00 00 00 24 6A 00 FF 46 C4 FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA
Flash the files with SPFlashTool. Please make a backup before!! If something go wrong just reflash old EBR1 and EBR2.
Thanks!
Click to expand...
Click to collapse
so, is it successfull? can you report it and make a n00b tutorial here? thx a lot!
I have a Thl W100S but I can't root it a 100% ! Framaroot says success but after reboot no root access, other software don't root a 100% any suggestions guys? Its the 2nd day I have it latter I will try again, thanks in advance
Sent from my W100 using XDA Premium 4 mobile app
matrix0807 said:
so, is it successfull? can you report it and make a n00b tutorial here? thx a lot!
Click to expand...
Click to collapse
Hi
My ebr1 and ebr2 matches this. I will definintly try this and let you know the result.
My phone is Symphony W128.
Can u root symphony w128
Sent from my Symphony W128 using xda premium
can you post edited files?
Was repartitioning for MTK6582 successful?
Sent from my NOA H42 using Tapatalk
Sargos76 said:
I have a Thl W100S but I can't root it a 100% ! Framaroot says success but after reboot no root access, other software don't root a 100% any suggestions guys? Its the 2nd day I have it latter I will try again, thanks in advance
Sent from my W100 using XDA Premium 4 mobile app
Click to expand...
Click to collapse
Hi
try kingroot this version rooted my mtk6582

Help me get Heart Rate data [OpenFit: Open source Gear Fit application]

Hello everyone, I am the developer of OpenFit a alternative to the Gear Fit Manager as it doesnt run officially on non-samsung roms. I have implemented various features (see the original post for feature list) and I am at the point where I want to attempt getting heart rate data. I am on CM and cannot use S Health. I was wondering for those who have used S Health with touchwiz, does the app show you heart rate? and pedometer etc? If it does I think I may be able to reverse engineer it, I just need the raw BT data. for this I would need someone who is able to run S Health and log BT data. In CM its under Settings>Developer Options>Enable Bluetooth HCI snoop log . This will capture all the BT traffic between the phone and gear fit.
If anyone is able to do this, please comment below. I would like to reverse engineer this and have it able to sync with google fit, and other fitness apps.
Requirements?:
Stock Samsung Rom with S Health
Root?
Please check out my app and my progress of OpenFit. Download available: http://forum.xda-developers.com/gear-fit/themes-apps/openfit-source-gear-fit-application-t3005697
I am also thinking of releasing it on the Google play store. thoughts?
I have access to a galaxy s5 mini with stock rom,shealth, gearfit and adb. Might worth a try?
see PM for my log file from a samsung s5 mini
Perhaps this is something usefull? syncing GF steps with S-Health. It will synchronise to 185 steps, 0.13km, 6kcal (i am not lazy, its a development GF)
Phone:
0000 0b ff 15 01 02 05 00 00 00 00 0f 00 00 00 86
GF:
0000 09 ff c3 01 02 5c 00 00 00 04 00 00 00 10 00 00
0010 00 ff 04 01 00 00 00 f0 39 cb 55 1a 00 00 00 5b
0020 8f 8a 41 c2 f5 68 3f 00 01 00 00 00 45 b5 c8 55
0030 23 00 00 00 00 00 2a 43 00 00 82 42 35 e6 02 00
0040 cd 7f cf 12 f1 49 02 00 d1 fb 01 00 11 98 02 00
0050 22 bf 02 00 01 01 00 00 00 cf 3b cb 55 10 27 00
0060 00 00 00 00 00 5c
Phone:
0000 0b ff 62 01 01 02 ac 00 00 00 02 10 00 00 00 ff
0010 08 00 00 00 32 00 00 00 00 00 00 00 00 00 00 00
0020 00 ed a2 e1 21 4f 01 00 00 ff ff ff ff 00 00 00
0030 00 00 00 00 00 ff ff ff ff ff ff ff ff ff 00 00
0040 00 00 00 00 00 00 0a 00 00 00 02 00 00 00 c0 b7
0050 c8 55 00 00 00 00 0a 00 00 00 00 00 00 00 00 00
0060 3b 40 00 00 00 00 48 3c cb 55 00 00 00 00 aa 00
0070 00 00 00 00 00 00 00 40 5f 40 00 00 00 00 01 00
0080 00 00 46 b5 c8 55 10 27 00 00 00 00 00 00 45 b5
0090 c8 55 23 00 00 00 00 00 2a 43 00 00 82 42 35 e6
00a0 02 00 f1 49 02 00 d1 fb 01 00 11 98 02 00 22 bf
00b0 02 00 cd 7f cf 12 86
GF:
0000 02 0c 20 16 00 12 00 44 00 09 ff 1b 01 02 08 00
0010 00 00 03 00 00 00 10 00 00 00 5c
Thank you @thijsnl I will look at this data once I get home and have access to wireshark. Im hoping It contains good data
After looking trough the log, i found a message with the text, "HELLOCUP". Im wondering if this is some way to "authenticate" with the gear fit saying it is indeed a samsung phone. Im also seeing a pattern, or a Heart beart the app is sending to the gear fit, each with its number incrementing, shown below:
02050000000001000000
// seems to send the same command here lets call it getData command
02050000000002000000
// getData
02050000000003000000
// getData
etc...
Im wondering if this a way the App tells gear fit to perform an operation. @thijsnl was the data you sent me for heart rate or pedometer? or some other function? thanks!
Sorry, the HELLOCUP was actually a little app i wrote with the cups library. It shows up in 'App Connect'. The 4 packets i posted are for pedometer sync i believe.. I did like start bluetooth hci snoop, switch back to shealth, hit the sync button... Synced, en then adb pulled the hci log.
Sent from my D5803 using XDA Free mobile app
I don't think I ever used the S Health feature, so I do not know what to expect on your behalf. One thing I would test, Is turning on exercise mode, like walking or running which dont seem to need the phone, but, and I know cycling/ hiking wants gps. All this data would be helpful to see what is going on.
Is there a way to get Heart rate and pedometer displayed on the phone? If so, could you re-run these few more tests and capture the log as well?
Based on the log provided above, I was able to send the gear fit to what i think is a fitness sync, and got overwhelming amounts of data. Its a big mess and its going to be near impossible to parse 13384 bytes of information. Not looking forward to this. maybe i got some other information.
Haha, 13K to notice a heart rate value (Uint8? as >256 bpm would be insane) is finding a needle in a haystack.
I checked the hexfile from the firmware update, and wingtip_in.bin showed up some test functions. Another post on xdadev showed an
UART mode, which may can get handy to see dataflow, commands, etc when enabled.
I will keep you updated
i just got some minor results.
Somehow i set my Gf in kind of debug mode HIGH with uart to PDA mode?
However i managed to install the Samsung Serial port driver for the CDC device connecting.
It allows me to enter AT commands
Not support
AT
OK
At+help
The AT Cmd is Error!
AT+VERSNAME
+CME Error:NA
OK
AT+VERSNAME?
+CME Error:NA
OK
AT+VERSNAME=?
+CME Error:NA
OK
AT+VERSNAME=1,1,0
+VERSNAME:1,MP 0.800
OK
I see some AT commands showing up in wingtip_ex.bin (from the firmware). so i might be able to enable a higer debug mode.
Mathijs
I'm also able to mount my GF as two partitions in windows and able to grab data, and log files from the GF
[ 45.414] [ _MUX_SEND_] ^ 49208 1677969760 Sending... 18 bytes
[ 45.417] [ BTU] ^ 49212 1685040424 Sended completed : 18 bytes.
[ 45.420] [ BTU] ^ 49214 1685040424 pop OK. current size : 0 bytes
[ 45.421] [ UI_Task] ^ 49217 268466020 [APP][StatusManager] SendData: 11
[ 45.423] [ UI_Task] ^ 49218 268466020 [APP][StatusDataExchanger] SendData, datatype = 11
[ 45.424] [ UI_Task] [CM]1[12:37:57]>>>> GetConnectionState state(11) (3)
[ 45.424] [ UI_Task] ^ 49220 268466020 channel 4 sending 3 bytes.
[ 45.426] [ _MUX_SEND_] ^ 49221 1677969760 Sending... 8 bytes
[ 45.429] [ BTU] ^ 49224 1685040424 Sended completed : 8 bytes.
[ 45.432] [ BTU] ^ 49227 1685040424 pop OK. current size : 0 bytes
[ 45.434] [ UI_Task] ^ 49230 268466020 [APP][StatusManager] SendData: 4
[ 45.436] [ UI_Task] ^ 49231 268466020 [APP][StatusDataExchanger] SendData, datatype = 4
Perhaps this is usefull when debugging?
wow, I didn't know you had access to such low level info. Though it may be helpful to see what data is sends out when a sync request is being made. I am also thinking the reason I have 13k bytes was because I have history for yesterday exercise which was 1.5hr of using the running feature, and if it saves the heart rate, gps, for each minute or so I can see how this data adds up. But I'm still uncertain what that data is. Maybe its not even related to fitness, but I'm almost certain it is based on the first byte of the message which is '02'(HEX) and all the other commands related to fitness also start with '02'(HEX), which is why I assume its fitness data. What I will try to do is clear my history and have a very small sample set. no more than 1 minute of exercise, and see what data that returns. I'm hoping to see much less data, If i don't then these suspicions go out the door.
@thijsnl
in the data set you sent me, was the only data sync'd
185 steps, 0.13km, 6kcal
or was there more data? This will help me try to decipher the raw packets.
This is what snhealth showed up. I got a brilliant idea yesterday while running.. I can access the fit data files inside the gear fit. I think they must be quite the same when syncing, so if i can pass you these files and the bt hci log while syncing, there may be better chancesnto get the right data out.. Weel keep you updated
Sent from my D5803 using XDA Free mobile app
Here is some more data attached from my GF
A log file, and some other health related files i guess.
Good luck
Clear is that the GF uses embOS from SEGGER (RTOS) and that the embUSB support is built in (for mass storage device and terminal)
EDIT: hehe.. too much private information in the files .
Awesome. I'll take a look tomorrow. Can't wait
Sent from my SCH-I545 using XDA Free mobile app
jareddlc said:
Awesome. I'll take a look tomorrow. Can't wait
Sent from my SCH-I545 using XDA Free mobile app
Click to expand...
Click to collapse
I did some quick lookup on pedo_info.dat. There seem to be a kind of pattern, at offset 38d, every 20 bytes:
Code:
[[email protected]]$ ./stats 38
01 00 00 00 B8 C2 C5 55 07 00 00 00 F6 28 94 40 1F 85 6B 3E
02 00 00 00 C0 C9 C5 55 5F 00 00 00 1F 85 8D 42 3E 0A 57 40
03 00 00 00 18 CC C5 55 07 00 00 00 66 66 AE 40 00 00 80 3E
04 00 00 00 70 CE C5 55 5A 00 00 00 47 61 84 42 3D 0A 47 40
05 00 00 00 C8 D0 C5 55 08 00 00 00 8F C2 ED 40 9A 99 99 3E
06 00 00 00 80 DC C5 55 51 00 00 00 B8 1E 73 42 66 66 36 40
07 00 00 00 D8 DE C5 55 09 00 00 00 8F C2 B5 40 0A D7 A3 3E
08 00 00 00 38 E8 C5 55 4C 00 00 00 CD CC 76 42 1F 85 3B 40
09 00 00 00 90 EA C5 55 40 00 00 00 14 AE 4C 42 0A D7 13 40
0A 00 00 00 E8 EC C5 55 5A 02 00 00 12 2E E5 43 87 5C CF 41
0B 00 00 00 40 EF C5 55 86 02 00 00 AE 6E 00 44 D0 EB D9 41
0C 00 00 00 98 F1 C5 55 90 03 00 00 1C 15 33 44 CB 8F 18 42
0D 00 00 00 F0 F3 C5 55 6A 02 00 00 89 6B EB 43 65 D7 C7 41
0E 00 00 00 48 F6 C5 55 4D 00 00 00 D6 A3 5C 42 40 E1 4A 40
0F 00 00 00 A0 F8 C5 55 1F 01 00 00 B0 87 50 43 37 0A 3B 41
10 00 00 00 F8 FA C5 55 15 02 00 00 38 93 C6 43 06 29 B0 41
11 00 00 00 58 04 C6 55 24 00 00 00 F6 28 C6 41 5C 8F C2 3F
12 00 00 00 B0 06 C6 55 23 03 00 00 01 B0 02 44 00 00 03 42
13 00 00 00 08 09 C6 55 65 01 00 00 5B 4F 6A 43 98 99 69 41
14 00 00 00 60 0B C6 55 78 00 00 00 14 2E A3 42 29 5C 9F 40
the counter in the first byte and the C5 55 pattern in the middle...
Regards,
Mathijs
Ok, i decided to figure out how the StopWatchDB file works.
Not that this information is very useful, but it is more predictable than others.
So i start my stopwatch, and pressed the white button at 1s, then wait 2s, then wait 3 sec, wait 4sec, wait 5 sec, wait 6 and press stop.
I made a picture of it, it is in Dutch, but you get the point.
I analysed the code and see some repeating patterns, and even a number indicator:
Code:
52 33 35 30 58 58 55 30 42 4F 41 32 00 00 00 01
00 00 00 33 05 00 00 01 00 00 00 31 0D 00 00 01
00 00 00 CB 18 00 00 01 00 00 00 D9 27 00 00 01
00 00 00 1C 3C 00 00 01 00 00 00 E2 18 00 00 01
00 00 00 82 1A 00 00 01 00 00 00 7C 1B 00 00 01
00 00 00 DB 1C 00 00 01 00 00 00 39 1E 00 00 01
00 00 00 DA 1F 00 00 01 00 00 00 BD 21 00 00 01
00 00 00 0B 23 00 00 01 00 00 00 E4 23 00 00 01
00 00 00 9B 24 00 00 01 00 00 00 6E 26 00 00 01
00 00 00 79 27 00 00 01 00 00 00 62 28 00 00 01
00 00 00 7E 29 00 00 01 00 00 00 89 2A 00 00 01
00 00 00 2A 2C 00 00 01 00 00 00 44 2D 00 00 01
00 00 00 2F 2E 00 00 01 00 00 00 3E 2F 00 00 01
00 00 00 45 30 00 00 01 00 00 00 5F 31 00 00 01
00 00 00 2E 34 00 00 01 00 00 00 00 36 00 00 01
00 00 00 D1 37 00 00 01 00 00 00 95 39 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01
00 00 00 A2 52 00 00 01 00 00 00 05 00 00 00
Then i made a simple c program to decompile it:
[[email protected] gf]$ ./stop
DB Length: 831
Firmware: R350XXU0BOA2
Number of records: 5
Record 0: 00 00 01 00 00 00 33 05 Estimated time is 1331
Record 1: 00 00 01 00 00 00 31 0D Estimated time is 3377
Record 2: 00 00 01 00 00 00 CB 18 Estimated time is 6347
Record 3: 00 00 01 00 00 00 D9 27 Estimated time is 10201
Record 4: 00 00 01 00 00 00 1C 3C Estimated time is 15388
End time: 21154
Voila! 21.154 seconds.
The quick n dirty code is:
Code:
#include <stdio.h>
#include <stdlib.h>
#include <fcntl.h>
int main(int argc,char * argv[])
{
int fd;
unsigned char data[16*1024];
int x;
int i;
int a=13;
int len=0;
int numrec=0;
int time=0;
int endtime=0;
if (argc>1) { a=atoi(argv[1]); }
fd = open("stop5.dat",O_RDONLY);
len = read(fd,data,1024*128);
if (len == 0) { return 0; }
numrec = data[len-4] + 256*data[len-3] + 256*256*data[len-2] + 256*256*256*data[len-1];
printf("DB Length: %d\n",len);
printf("Firmware: %s\n",data);
printf("Number of records: %d\n",numrec);
for (i=0;i<numrec;i++)
{
printf("Record %d: ",i);
for(x=0;x<8;x++)
{
printf("%02X ",data[a++]);
}
time = data[a-2] + data[a-1]*256;
printf("Estimated time is %d",time);
printf("\n");
if (data[a+2] != 0x01) { break; }
}
endtime = data[len-12] + 256 * data[len-11] + 256*256*data[len-10] + 256*256*256*data[len-9];
printf("End time: %d\n",endtime);
return 0;
}
Lets see what other file's hide from us.
@jareddlc: I think more data is coming over when sync:
- sleep
- heartbeat
- pedometer
- stopwatch
- excercise
awesome work!
I also got some hopefully promising data. I ran the running mode yesterday for about 1 minute, but I don't get things like GPS etc so alot of info is blank, with exception of heart rate.
Here are my findings:
My watch reported back with: should be: Monday Aug 17 8:34 pm, running, 01:02 time, 0.00 km,0 cal, avg speed, 0.0kmh, max speed, 0.0kmh, avg pace - --km, max pace, - --, avg heart 88bpm, max 93 bpm so i found most time stamps, and now im looking for 88 (58 in HEX) and 93 (5D in HEX) seems i found the "summary" report.
Code:
5807D255 = Monday, August 17, 2015 9:10:00 AM
A8000000AE070F439A99D140
1013D255 = Monday, August 17, 2015 10:00:00 AM : 1439830800
CC0000000AD71743703DE240
D025D255 = Monday, August 17, 2015 11:20:00 AM : 1439835600
0901000046E14743F7281441
E033D255 = Monday, August 17, 2015 12:20:00 PM : 1439839200
//...
10A9D255 = Monday, August 17, 2015 8:40:00 PM : 1439869200
39000000CCCC3042D7A300400901000000D89FDF3E4F01000000000000000000000000000000000000040000000C01000000
D7A7D255 = Monday, August 17, 2015 8:34:47 PM : 1439868887
3E00000000000000 5800000000000000 0153460000000000 0000000000000000 00000000 00 5D00000000000000 000000000001000000 = 88bpm : 58 HEX 93bpm : 5D HEX
45B5C855 = Your time zone: Monday, August 10, 2015 7:29:25 AM : 1439216965
2300000000002A430000824235E60200CD7FCF12F1490200D1FB01001198020022BF02000101000000
A5AAD255 = Monday, August 17, 2015 8:46:45 PM : 1439869605
1027000000000000

Categories

Resources