THIS THREAD IS UNDER CONSTRUCTION
ATTN: Proceed at your own risk. The following procedures could not only physically damage your device but also could damage the software rendering the device useless. I assume no responsibility
At this time you will be required to remove the rear casing of your wear24, which involves removing Tri-point screws as well as heating the casing to soften the adhesive. I am also in the process of developing a method that would not require you to remove the rear case but instead puncture it 4 times. More info to come
THIS THREAD IS UNDER CONSTRUCTION
Building usb connection device
The first step is to build a device, to connect to the usb pinout on the WEAR24 circuit board.
Simply take a standard usb 2.0 or 3.0 cable, strip the ends to reveal 4 separate colors, consisting of RED WHITE Green and Black
Then take 4 standard male to male breadboard jumper cables, solder the ends of the usb cable to each jumper cable.
Paying attention to the colors associated with the usb end of the cable. line the non-soldered ends in the following order and wrap electrical tape around the black plastic connector to keep the pins in the correct order and sturdy.
Red-TP1
Green-TP2
White-TP3
Black-TP4
You should then have a usb cable attached to 4 prong fork looking connector.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
THIS THREAD IS UNDER CONSTRUCTION
Removing rear cover of watch
This part can result in permanent damage to your watch casing. Be careful as the plastic cover is very fragile
You will need
Y000 Tri-point bit for the back plate.
Suction-Cup
Tweezers
Guitar pick or other thin plastic tool for prying
Heat Gun
Start by using the tri-point bit to remove the 4 screws located on the back plate. You may need to utilize tweezers in order to remove the screws.
Once the screws have been removed. Utilize the low setting and heat the back casing around the edges with the heat gun for approximately 2 - 3 minutes, making sure to keep the heat gun nozzle approximately 3-4 inches from the plate. Avoid heating the straps as they contain your antennas for your LTE, WIFI, and BT.
Immediately, use the suction cup on the rear cover to try and pull up on the cover.
A small gap should form between the cover and the watch.
Slide the guitar pick in between this gap.
Use the guitar pick to help separate the cover from the watch
NOTE: Do not try and separate the cover using the screw holes or the speaker holes. Nor by prying the edge without forming the gap first, you will damage the plastic if you try. It's very fragile
Using the guitar pick, carefully separate the wireless charging coil from the rear of the watch. Do not remove it. Simply separate and allow it to bend out of the way.
Carefully peel back the tape and foil covering the SIM card.
I lightly scored the tape with a utility knife and peeled it away.
On the board itself, there should be a small black rectangular tape.
Using tweezers, peel away the black tape exposing 4 round gold contact point on the board.
TP1 TP2 TP3 TP4 should be listed next to each of the round gold contact points
Software Installation
You will need the following:
ADB & FASTBOOT from Android SDK
Prior knowledge of ADB and FASTBOOT on the O/S of your choice
TWRP RECOVERY IMG
SuperUser installer zip
The make-shift USB connector you created earlier
Patience
Make sure your watch is up to date with system and play store updates.
Go into Settings, System, About, and click on the Build number 5 times to enable developer options.
Go into Settings, Developer Options, and make sure ADB debugging and debug over Wifi are both enabled.
Download the TWRP Recovery img from TeamWin @
https://teamw.in/quanta/verizonwear24.html
Download SuperSU with busybox YDS included at the bottom of this post
Place both files in the same directory as ADB and FASTBOOT on your O/S
Plug the make-shift usb connector into your computer.
Open command prompt on host computer over wifi with ADB
Code:
adb connect 192.168.0.xxx
On Watch accept the remote connection.
On command prompt on host computer over wifi with ADB
Code:
adb reboot bootloader
The watch should boot into bootloader mode
On command prompt on host computer with ADB
Code:
fastboot oem unlock
Using the make-shift usb connector touch the following pin colors to the gold contact pins on the back of the watch
Red-TP1
Green-TP2
White-TP3
Black-TP4
Click OK on Watch screen to Unlock (NOTE: this will factory wipe your watch!)
Once the watch reboots, proceed with setting up your watch for the first time.
Note: The initial bootup on the watch will take longer than normal, do not be alarmed
Make sure your watch is up to date with system and play store updates.
Go into Settings, System, About, and click on the Build number 5 times to enable developer options.
Go into Settings, Developer Options, and make sure ADB debugging and debug over Wifi are both enabled.
Open command prompt on host computer over wifi with ADB
Code:
adb connect 192.168.0.xxx
On Watch accept the remote connection.
Download SuperSU with busybox YDS included from the bottom of this post and move it to watch with adb push to /sdcard
Code:
adb push nameofzip.zip /sdcard/
Open command prompt on host computer over wifi with ADB
Code:
adb reboot bootloader
On command prompt on host computer with ADB
Code:
fastboot flash recovery twrp.img
Using the make-shift usb connector touch the following pin colors to the gold contact pins on the back of the watch
Red-TP1
Green-TP2
White-TP3
Black-TP4
On Watch click Allow Modifications
On Watch click Install
On Watch select SuperSu file uploaded prior
On Watch slide confirm
On Watch wipe davlik/cache
Reboot to system
Note: The initial bootup on the watch will take longer than normal, do not be alarmed
Install apps that require root for testing
Once the watch has successfully booted, download the Advance Settings app from the play store.
Once the app is installed, if upon opening the app you experience no errors, you have successfully installed TWRP and rooted your watch.
You can now use the Advanced Settings app to reboot the watch directly into recovery and access TWRP
Thanks for the way directions
Could you please post the superSu zip the link you posted is dead.
Stern.m33 said:
Could you please post the superSu zip the link you posted is dead.
Click to expand...
Click to collapse
Certainly! I updated the post to contain the su zip file. Thank you for bringing it to my attention.
Could you ask a mod to move / tag your thread so it appears here?
yochananmarqos said:
Could you ask a mod to move / tag your thread so it appears here?
Click to expand...
Click to collapse
I am not aware of any mods that I could contact. I would love to have it listed there though. I updated my tag to reflect those listed there.
Undergroundstudents said:
I am not aware of any mods that I could contact. I would love to have it listed there though. I updated my tag to reflect those listed there.
Click to expand...
Click to collapse
At the top of every sub-forum there's a Moderators button that lists mods assigned to that particular sub-forum. I would PM SacredDeviL666, he's cool.
Undergroundstudents said:
Make sure your watch is up to date with system and play store updates.
Go into Settings, System, About, and click on the Build number 5 times to enable developer options.
Click to expand...
Click to collapse
Thanks for the write up!
I just got my watch (haven't opened it yet) and want to confirm, I should go ahead and update it to the latest firmware before I even attempt to take the back off?
I wasn't sure if the bootloader was only unlockable on AW 1.0
bkkzak said:
Thanks for the write up!
I just got my watch (haven't opened it yet) and want to confirm, I should go ahead and update it to the latest firmware before I even attempt to take the back off?
I wasn't sure if the bootloader was only unlockable on AW 1.0
Click to expand...
Click to collapse
Yes. Update it completely to the latest firmware and AW version
OMG, did you really managed to get them rooted? I`ll definitely try that, not a big risk for a $50 watch
vandal_ said:
OMG, did you really managed to get them rooted? I`ll definitely try that, not a big risk for a $50 watch
Click to expand...
Click to collapse
Yes they are rooted. Although someone needs to manage to compile a rom to enable nfc. I have all the files needed to do so, I just dont have the knowledge to compile roms
Wear24 watch owner here. Is the watch still waterproof after taking it apart and ruining the adhesive? I use it a lot in the shower, pools, down the river so that's important to me. Thanks
GameheadBrock said:
Wear24 watch owner here. Is the watch still waterproof after taking it apart and ruining the adhesive? I use it a lot in the shower, pools, down the river so that's important to me. Thanks
Click to expand...
Click to collapse
Technically the watch has never been waterproof, it is however water resistant. Also it depends on how carefully you take it apart, and if you replace the adhesive when you put it back together. If using my method and also using a watch cover pry tool to remove the back, as long as there is no damage. you should be able to peel the old adhesive off, replace it with new adhesive, and it should be water resistant again.
Now my Wear24 bootloader unlocked and rooted, thanks. Installed Network Signal Guru apk - this watch has only LTE B13 and WCDMA 1900/850. I dont know how we can add another bands.
And how we can unlock bluetooth microphone for voice on watch calling?
Pretty cool app (Network Signal Guru). However I don't think this will UNLOCK additional bands, but allow you to lock currently available bands. You'll have to use those Qualcomm QPST tools with a USB connection, like here (https://forums.oneplus.com/threads/...-qualcomm-devices-oneplus-one-edition.193610/).
Let me know if you have any luck.
Undergroundstudents said:
you should be able to peel the old adhesive off, replace it with new adhesive, and it should be water resistant again.
Click to expand...
Click to collapse
Do you have any idea what kind of adhesive it is?
And would it still be water resistant if I just keep the old adhesive on there but be sure to spread it around before resealing?
bensdeals said:
Pretty cool app (Network Signal Guru). However I don't think this will UNLOCK additional bands, but allow you to lock currently available bands. You'll have to use those Qualcomm QPST tools with a USB connection, like here (https://forums.oneplus.com/threads/...-qualcomm-devices-oneplus-one-edition.193610/).
Let me know if you have any luck.
Click to expand...
Click to collapse
Did
echo 1 > /sys/devices/virtual/android_usb/android0/f_diag/func_en
Click to expand...
Click to collapse
and now my computer recognize watch as "Qualcomm HS-USB Diagnostics 9092" (COM32), but QPST says 'No phone" on target port. Tried many different drivers. I think if I could connect in Diag - it will allow to unlock another bands. Becase it working with many phones at same msm8909 chip.
P.S. Played with TWRP backup and restore - received TWRP bootlop. Fix:
adb shell dd if=/dev/zero of=/dev/block/platform/soc/7824900.sdhci/by-name/misc count=1 bs=32
Click to expand...
Click to collapse
Related
Got my Moto 360 2015 today and quickly realized that the main block to us getting any development on this is that we don't have a way to access it with a computer. I did a partial [very partial] tear down and noticed several pins that could be a usb interface. My question is what would be the most logical way of figuring out what pins do what?
P.S. I know there is a lot of talk about if there is a hidden speaker or not, while I wasn't able to get the watch apart enough to answer definitively it does look like the slot on the side corresponds to a hole under the plastic back... hopefully we'll know more soon.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Posting this image for smartphone. Couldn't get it posted on his account.
I can't find the pins,,can you find it?
Hey,
Do you have some more information about the pinout? I have the same watch and I want to try connect it to USB, because I can't switch it on, and maybe with USB I can start some recovery mode or something like this.
I also found other "test pads" below the plastic cover with antenna. I found some pins, that I am sure about function. Below I wrote two links to images (I can't add attachment to post - just remove the spaces from the address below):
menuet. no-ip. biz/ images/ moto_360_2015_pinout_back.png
menuet. no-ip. biz/ images/ moto_360_2015_pinout.png
Here is description of pins on the images:
1-Power switch; 2-?; 3-?; 4-Battery; 5-?; 6-GND;
A1-?; A2-?; A3-Antenna; A4-?; A5-USB5V; A6-GND
Maybe you have some other info how to switch on this watch?
Best regards,
menuet
I know this is so old... but maybe someone that is passionate about electronics could find a way to connect usb cable...
There must be a way... The bootloader says this..
I was thinking that in @menuet pictures, A1, A2, A5, A6 could be the 4 wires that should connect to a usb cable
If you're looking to send adb commands to the watch why not use Bluetooth debugging?
https://developer.android.com/training/wearables/apps/bt-debugging.html
I know that... I was hoping to find a way to make a usb cable like for the first generation, and in this way to unlock the bootloader, root...etc...
The 1st gen had pogo pins -- have you checked the corresponding location of the second gen? I'm interested to find out if the layout is the same (although completely enclosed by the case).
stevemw said:
The 1st gen had pogo pins -- have you checked the corresponding location of the second gen? I'm interested to find out if the layout is the same (although completely enclosed by the case).
Click to expand...
Click to collapse
No, didn't checked yet... I don't want to disaasembly my watch yet.. I just added some comments, maybe someone has already an old/broken watch an can check the pins...
@icysea and @SmartphoneER and @menuet posted some pictures that might be helpful...
I don't know electronics. I am just a programmer. BUt I asked one of my colleagues that knows, and he told me that doesn't recognize the new look of the wires...
I think that they made a special cable to access the bootloader...
P.S. I attached, @menuet 's pictures...
Thank you....
UPDATE:
found the full disassembly process: http://it.sohu.com/20160126/n435898447.shtml. It has more technical details...
I remember the white latex-covered finger tips. I came across this teardown a while ago but couldn't find it again.
hei... let's work together and find those PINS... Maybe someone has a broken watch that can use to find out where are the pins for an USB cable...
Motorola did a great job with hiding the pins, but everything that is done by human can be hacked by human....
Some more research done by me:
Maybe we can use some pogo pins (like those attached) to make contact on that golden contacts bands (numbered A5 -A6 etc.) . Now, @menuet found the 5V as A5, and the ground as A6. WE still have 3 more tries (A1, A2, A4) for the data+ and data- from the SUB scheme. I don't know if something will break if we don't guess from the first time the right arrangement, (and we switch data- with data+ ).
And we can make something to hold those pogo pins stabilized (see that sketch made in paint)
Maybe this will be helpful for someone with a broken watch or already disassembled watch
found one more disassembly:
http://www.btspeaker.cn/thread-7582-1-1.html
UPDATE:
Also, seems like swapping the D+ and D- from the USB scheme, doesn't do any harm. Maybe someone can try this. I would have tried on my watch, but I am from Romania and my watch was bought from US. So, no warranty. And it's still functional, and working great....
See here for more details:
http://electronics.stackexchange.com/questions/73295/in-a-usb-cable-is-it-ok-to-swap-the-d-and-d-wires
This is going to sound weird but I have the second gen and it does appear to have an unlocked bootloader. I noticed because I bought this watch used and I couldn't update. The thing is the guy I bought it from didn't do it. The plastic ring is still on the watch so I don't understand how this was done unless they accessed the pins. Can you even do that over Bluetooth?
I'm posting here because I would need help in regards to this. Otherwise I'm screwed I guess.
You cannot enter fastboot commands through bluetooth... So, the only plausible reason will be that someone, somehow made an interface and unlocked the device..
P.S.
And this will be a very good information... I am waiting for so long for this to happen..
eltigre4jc said:
Some more research done by me:
Maybe we can use some pogo pins (like those attached) to make contact on that golden contacts bands (numbered A5 -A6 etc.) . Now, @menuet found the 5V as A5, and the ground as A6. WE still have 3 more tries (A1, A2, A4) for the data+ and data- from the SUB scheme. I don't know if something will break if we don't guess from the first time the right arrangement, (and we switch data- with data+ ).
And we can make something to hold those pogo pins stabilized (see that sketch made in paint)
Maybe this will be helpful for someone with a broken watch or already disassembled watch
Click to expand...
Click to collapse
I am almost completely sure that the interface cable has to be built, upon those golden contacts.. If the original poster still has the watch or someone else, that has a broken watch., maybe can try to make an interface..
P.S. a link with another teardown, this time for Moto Sport http://imgur.com/a/yFb4s
eltigre4jc said:
Some more research done by me:
Maybe we can use some pogo pins (like those attached) to make contact on that golden contacts bands (numbered A5 -A6 etc.) . Now, @menuet found the 5V as A5, and the ground as A6. WE still have 3 more tries (A1, A2, A4) for the data+ and data- from the SUB scheme. I don't know if something will break if we don't guess from the first time the right arrangement, (and we switch data- with data+ ).
And we can make something to hold those pogo pins stabilized (see that sketch made in paint)
Maybe this will be helpful for someone with a broken watch or already disassembled watch
Click to expand...
Click to collapse
https://forum.xda-developers.com/attachment.php?attachmentid=3965954&d=1481526286
These may in fact serve as the pogo pins found on the 1 gen watch.
stevemw said:
https://forum.xda-developers.com/attachment.php?attachmentid=3965954&d=1481526286
These may in fact serve as the pogo pins found on the 1 gen watch.
Click to expand...
Click to collapse
Gosh, this is awkward. Well guys, i contacted Motorola and gave them pictures of my watch and they say I got a Prototype Watch.
My bootloader is already unlocked on this watch but there is very old user-build firmware installed. I would like to flash the latest one, but as i read this here, its not possible without an USB connection right?
Edit: my watch is also rooted! I debugged it with bluetooth and tried to shell it. I tried ls the /system dir which failed. But after i su'd it listed me the system directory and all files in it.
I removed the plastic ring from my watch so i am able to see the golden contacts now, and I am ready to try to create an interface if someone teaches me how to do that.
My aim is to flash a custom recovery to it like twrp. I noticed there is a moto 360 twrp recovery, so i guess it shouldnt be to hard to port this to the second edition right?
Edit: I am going to create an interface cable with that 4 pins..
Two pins I know, GND and 5V. The other two pins i will need to find out, but basically, if i found the correct ones and they are connected to the watch and the watch is in bootloader, and i do fastboot devices i should see the watch as fastboot device right? (To make sure the interface works ofc.)
I built an interface, but its not recognizing USB. It says unknown device, error while getting device descriptor or something like that. But I only get that device popping up in device manager when i am using pin A1 (no matter Data+ or data-). If i use A2 and a4 for example, then this device doesnt even pop up in device manager. So i guess A1 is for sure either data+ or data-
When it comes to driver stuff now i have no clue. I tried updating the driver and navigated to google usb driver located in android_sdk\extras\google but it said best fitting drivers were already installed...
So i got no clue what to do next now..
Yothri said:
I built an interface, but its not recognizing USB. It says unknown device, error while getting device descriptor or something like that. But I only get that device popping up in device manager when i am using pin A1 (no matter Data+ or data-). If i use A2 and a4 for example, then this device doesnt even pop up in device manager. So i guess A1 is for sure either data+ or data-
When it comes to driver stuff now i have no clue. I tried updating the driver and navigated to google usb driver located in android_sdk\extras\google but it said best fitting drivers were already installed...
So i got no clue what to do next now..
Click to expand...
Click to collapse
Thank for trying.. Now, can you, put a picture of the interface you built? And also, can you try to attach the watch through USB to a fresh system, that has no previously installed drivers?
Maybe you can look for drivers for the version one of the watch....
Introduction
When it comes to Android TV sticks, I'm a bit of a seasoned veteran. I still own a Uhost1 and was the first person in the UK to own a Uhost2 (in fact, the fourth in the entire world) thanks to some connections I had to Smallart, the company behind that device. I really do believe that these little devices have the potential to be something a tad special, if done right of course. That brings me onto this little device:
The Transpeed MK809V, also known as the CX939. Let's be honest, the numbering/naming is completely irrelevant nowadays, because there are different versions of the same named device, which all contain different chipsets and functionality. I was able to get this one in the 11/11 AliExpress sale for just £15 (http://www.aliexpress.com/snapshot/7084183665.html?orderId=70864234952489)
Specification
CPU: Quad-Core RK3128
Android: 4.4.2 (yet the ROM says 4.4.4?)
GPU: Embedded 3D GPU Mali 400, High frequency 500Mhz, Support OpenGL ES 1.1/2.0
RAM: 1GB
NAND: 8GB
Photos
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
In The Box
Transpeed Android TV Stick
2A USB Wall Charger, UK Plug (yes, that's right a UK plug)
Female to Male HDMI Extension Cable
Micro USB Cable
OTG USB Cable
Instruction Manual
There's probably £5 worth of cables and bits and bobs in the box, bringing the actual cost of the dongle down to about £10-£11. Crazy.
First Impressions
The device is about the size of a Chromecast v1. It doesn't weigh much at all, I'd have no problem sticking this directly into a HDMI port (but I'll use the extension just to be safe). There is a red slide bar on top of the device with absolutely no explanation of what it actually does. The instructions are borderline unreadable, so they're not much use. On the bottom of the device is a sort of vent and what looks like a pin hole in one of the corners. There is a full size USB port, and two mini USB Ports respectively. It is not clear exactly which is the power source. There is a pin hole next to one of the sockets on the side, so I've assumed this is most likely the power source.
The device boots pretty quick actually, for a cheap device. The interface is slick and smooth, buttery as they say. It's running some sort of Lollipop launcher (not sure if it's Now Launcher), which feels smooth but the app switcher takes me back a year or two (horizontal slide thing). It comes with Kodi and Show Box pre-installed along with a few other apps and Google Play Services. The firmware is very AOSP with almost nothing in the way of customized launchers etc.
There are a few little issues I've noticed, the AOSP keyboard seems to sometimes double play the sound when you click a key. It has a really tough time coping with my IR remote, I think this is to do with the Rockchip issue I speak about below. Still, the plan is to install Droidmote.
Connectivity
The one thing that often lets these little devices down, is the Wi-Fi, but so far, the Wi-Fi on this has been very very solid. I've not done a speed test yet, but I will when I get chance.
I was also pleasantly surprised to see Bluetooth with a fully functioning stack which includes file transfer, I tried this and it works well.
Disassembly
Taking this device apart is probably as easy as you could hope for. There are 8 clips spread evenly around the device. Pop the top ones nearest the HDMI port (either side) first and then work your way down and it falls apart. These clips do break pretty easy so I imagine a few of these will be held together with tape soon enough.
BE CAREFUL, the WiFi antenna is soldered directly onto the motherboard and is stuck onto the casing.
So interestingly, the red slide bar does absolutely nothing. It's not connected to anything, and it's certainly not doing anything, which is a shame considering what you'll read about the pin hole later.
Rockchip board, very similar to the FireFly FirePrime.
Soldering is a tad iffy on the Wi-Fi antenna.
Underside of the board.
Rear vent case.
Scratch on a chip, plus the poxy recovery button is also damaged slightly. Read why further down.
Disassembly also reveals the pin hole on the back leads to absolutely nothing, which might be misleading for some. Do not stick your pin in there as you'll simply scratch your circuit board.
Rooting
Rooting this device took all of about 2 minutes. Although SuperSu detects root, it is unable to install its own root binaries. However, KingRoot (http://www.kingroot.net) has absolutely no problem and roots it in under 2 minutes. I will probably replace the KingRoot binaries with SuperSu binaries, but for the moment, this will do.
Recovery/Flashing
WARNING: Please read the Problems/Issues section regarding the pin hole.
To access the recovery (which from the factory is just a standard Android 'no command' recovery) press pin hole while plugging in power from wall socket, keep hold until you see Android Recovery on your TV/Monitor.
To access RK flashing mode, you MUST install the drivers first using the DriverAssist tool. I will include all of this stuff as attachments to this post. Once the drivers are installed, press the pin while plugging into your computer, Rockchip class devices should appear. You can now flash using BatchTool or AndroidTool.
Problems/Issues
- Build quality. While the device itself runs nicely and works okay, the build quality leaves a lot to be desired in my opinion. I suppose you pay for what you get. The case doesn't fit quite as well as other TV sticks, but I'm willing to turn a blind eye.
- Pin hole. What I'm not willing to turn a blind eye to is this disasterous implementation. On the Uhost (and Uhost2), Smallart simply put a small case button above the little SMD switch, easy as pie to use. This device simply has a pin hole on the case, and you're required to put a pin through. The problem is the circuit board doesn't sit perfectly inside the case (most of these cases are universal anyway), therefore you'll often find yourself poking around inside this little device desperately trying to find the switch. Luckily, I don't think there's anything you can really damage, however looking at my photos above, you can see where I actually scratched the top of a chip and also chipped the switch as well. I now only operate that switch after disassembling the device, although at a push, you could use a small screwdriver designed for mobile phones as these are usually small enough to get through the hole but bigger than a pin. Why didn't they just use that slide? It would have been so easy to implement a switch.
- Droidmote. Rockchip have this thing about messing up the input to Android, this means Droidmote doesn't really work properly without some changes. However, the issue is that changing the lib file in my case caused a soft brick. It's possible to fix this in external keyboard helper, but will need to do some investigation on this.
- USB. The USB implementation is a bit iffy for some reason. It has no problem with my IR remote and also had no issues with a USB keyboard, however I plugged a USB mouse in and actually soft bricked the device. I had to flash the firmware to fix this.
Firmware/ROMs
Stock Firmware -
4.4.2 (labelled as 4.4.4) - https://mega.nz/#!C45iTKKQ!bQaow8xVpjKb1nYZbIe_mQx1R8B574Ikt1kZA9J44VU
Mods
TODO
Development
It's rare that any kind of development can take off for these devices, but this little thing shares the same chip and hardware as a very popular dev board called the Firefly FirePrime (http://wiki.t-firefly.com/index.php/FirePrime/en). Not only does this board share almost identical hardware, they have uploaded the source for a 5.1 Lollipop build. Now, I've compiled this but I'm yet to flash it yet. I am wary about going ahead and flashing before I do some research into exactly what is going to happen. However I may flash the kernel.img, resource.img and system.img as a test to see if I can get anything to happen. I imagine to begin with, it'll be completely broken, but there's no reason that with some effort I can't make this work.
Status:
CWM - In Progress
Lollipop - Alpha (http://forum.xda-developers.com/showpost.php?p=64253545&postcount=4)
Working: Audio, Video (needs further testing), USB, SD Card, Reboot
Broken: WiFi, Bluetooth, HDMI Mode, HDMI Scaling, Sleep, Shutdown, Others?
CyanogenMod(?) - In Progress
Hopefully others with this device can talk about it and share their experiences.
I actually used one of these with a lot of pleasure for quite some time before I moved to a full sized box. I'll be watching this thread carefully as I still have the stick lying around and have been wondering whether I should do something with it. So much potential shouldnt go wasted
Sent from my Nexus 7 using Tapatalk
Glad to see I'm not the only one using this cheery little device.
Incredibly, after just three attempts and a few changes to the code (nothing major), I've been able to get it to successfully boot lollipop. Has to be the fastest port I've ever done. It's pretty alpha, wifi is broken, Bluetooth is broken and there's no way to scale the screen or change the hdmi mode, so it's stuck in 720p mode right now. Still, it's all proof I need that this device can handle lollipop. Those features can be sorted pretty easily. The interface is seriously slick. Very fast and smooth.
I tried to upload some photos but the xda app isn't working for me lol.
Sent from my GT-I9505 using XDA Free mobile app
Photos of lollipop 5.1.1 working. Are there any Android tv sticks out there that actually run lollipop or is this the first?
It's certainly the first that cost less than £15
Sent from my GT-I9505 using XDA Free mobile app
Wow! This looks really promising! I just bought the same one as well. Will probably take a month before I receive it though.
horizophon said:
Wow! This looks really promising! I just bought the same one as well. Will probably take a month before I receive it though.
Click to expand...
Click to collapse
Mine didn't take too long to come. About 2 weeks I think. It's a decent enough device right out the box, Kodi is fully loaded with goodies and Show Box works well, but I think with all the potential it has, it would be a waste not to at least explore some sort of Lollipop ROM. We all know that the manufacturer is unlikely to put out another ROM anyway. They tend to get a single ROM bug free then quit while they're ahead.
Interestingly, my USB Mouse now doesn't soft brick the device. Clearly something is up with the stock firmware and that mouse. Anyway, I'm going to spend today investing the WiFi and how to get it working.
Good luck!
Building a new image, hopefully the Wifi and bluetooth should work with this image. That's half the fun of course. One of the biggest issues I'm having is it appears to be impossible to flash a singlee partition image to this device, otherwise you soft brick it. Pain in the arse.
Some more work today, let's see if I can get this WiFi working.
Here we go, first boot of the new Lollipop build built by me with the correct connectivity chipsets etc. Will WiFi be working, or will it be broken still ?
Edit:
In fact, will it even boot
Yep, it boots. WiFi now causes reboot lol
2nd Edit:
Pretty obvious looking at logcat why it's not working.... Android still thinks it's using the Firefly AP6212 Wi-Fi. Need to work out why that is.
Still working on the WiFi, might not be as easy as I first thought to get this WiFi fixed. No SDK whatsoever for it, so I'm using an SDK for a similar chipset that is publicly available. I have a .ko file which should work but it won't insmod for some reason.
The funs of building from other peoples code. The .mk files are a complete mess. Still, looks like I'm slowly getting there.
Sounds like a challenge, good luck!
Sent from my Nexus 7 using Tapatalk
Finally got it to build using this RealTek SDK from t'interweb. Did require some changes though and I had to find a few libraries that seemingly aren't really used anymore, plus a few hacks thrown in there to make those libs work, so I really don't know what's going to happen here. Currently on the Android boot screen. It might boot, it might crash, it might boot-loop, I really don't know.
At an educated guess, I Imagine it'll boot but I fully expect it to fail when switching on WiFi.
Edit: Boots OK. Few BT force closes, might have to freeze BT for the moment. WiFi still dead. Let's try get some logs shall we
Quick update, feel as though I've hit a bit of a brick wall with this WiFi implementation. Can't get it it to insmod the modules from 4.4 (no surprise) but don't have the source to build newer 5.1.1 modules. The source I do have doesn't seem to work, so either I am missing something or there's a configuration issue. I will continue over the next few days but can see this being a real ballache. I may investigate whether we can use a USB wifi, at least temporarily while I work out a way in which we can use the inbuilt Wi-Fi. With so few people owning this hardware, that also makes it difficult as it's a one man project
On a side note though, I have been able to get it to run Ubuntu lol! It's a trimmed down version but it runs surprisingly nicely. Audio is broken, so is WiFi but USB Ethernet works well and was browsing and even installed Kodi onto it.
Who'da thunk it ?
Received mine today! Took me three minutes to brick it. :good: Couldn't stop myself from trying ART. Now i can't make the drivers work with W10. In fact it doesn't even show up as an unknown device... :silly: Will try with Ubuntu in the morning.
horizophon said:
Received mine today! Took me three minutes to brick it. :good: Couldn't stop myself from trying ART. Now i can't make the drivers work with W10. In fact it doesn't even show up as an unknown device... :silly: Will try with Ubuntu in the morning.
Click to expand...
Click to collapse
It won't be hard bricked.
Sent from my GT-I9505 using XDA Free mobile app
To access RK flashing mode, you MUST install the drivers first using the DriverAssist tool. I will include all of this stuff as attachments to this post. Once the drivers are installed, press the pin while plugging into your computer, Rockchip class devices should appear. You can now flash using BatchTool or AndroidTool.
Click to expand...
Click to collapse
And where ?
@skezza Do you have any update? I have this TV stick, but it has a fake 1080p (upscalled from 720p). Do you have another kernel for this tv stick or maybe a kernel sources ? (I have found about 4 firmwares for this stick, but all of the has a fake 1080p)
Anyone notice video playback in Kodi stutters badly. (Mkv and Mp4 ..especially 1080p)
Sometimes after few mins, but shows up immediately if, along the time line bar, jump back and fort, once or twice.
Easily seen at movie end credits.
Tried few different firmwares all have same issue.
To add to my previous post, my Rk3128 board looks this.
http://www.cnx-software.com/2015/12...ith-512mb-ram-8gb-storage-sell-for-15-and-up/
FirePrime Lollipop works fine, but no WiFi.
Surprisingly snappy for a 512MB DDR board.
I have two Mi Boxes. Both have lousy WiFi reception. I finally decided to open one up and see if I could re-position the antenna or replace it. To my surprise, there was no antenna. I opened my other Mi Box and it didn't have an antenna either. There is a little plug for the antenna, but the antenna itself is missing.
The antenna plug is the same one found in most laptops and WiFi cards, variously called an IPX, IPEX, or U.FL plug. You can buy antennas with this plug on ebay or Amazon for about $2. They come as little flags you can stick down or little pcb boards which can have 5dbi or more gain.
I got a couple of 8dbi gain pcb antennas. The can be positioned inside the Mi Box case, but I drilled a small hole and ran them outside where they are clear of the electronics and big steel heatsink and can be aimed at the router. No soldering, just open the Mi Box, take out the four screws that hold the motherboard. Slowly pull off the motherboard which is stuck to the heatsink, and then plug in the antenna. Simple.
My WiFi download speed has almost tripled from less than 10mbs to almost 30mbs. I get 20mbs even through my VPN. I now can stream 1080 HD movies on Netflix without stuttering or buffering.
Spend $2 and 15 minutes work and you won't hate your Mi Box anymore.
Make sure the antenna will do 5ghz
I almost forgot, make sure you get an antenna that will work for both 2.4ghz and 5ghz.
Sound intressting ... maybe you upload a photo of the antenna ? wich type ?
Thanks in advance Dr Vega
Greetings Phil from Belgium
Pilsor said:
Sound intressting ... maybe you upload a photo of the antenna ? wich type ?
Thanks in advance Dr Vega
Greetings Phil from Belgium
Click to expand...
Click to collapse
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Thanks for opening this up man!! Trying to make this thing last a bit longer, this will help. We will also have Oreo anyday now as more screen shots are being posted.
Could you show me the way to open the case, does it need heating or something else?
Opening the Mi Box case
hhai93 said:
Could you show me the way to open the case, does it need heating or something else?
Click to expand...
Click to collapse
Yeah, it can be tough to open. There're no screws or anything, just the clips all around the edge. I started with a sharp knife to open a crack and then slid in a credit card and ran that around the edge to release the clips. One of those plastic thingies to open cell phones works even better than a credit card.
dr_vega said:
Yeah, it can be tough to open. There're no screws or anything, just the clips all around the edge. I started with a sharp knife to open a crack and then slid in a credit card and ran that around the edge to release the clips. One of those plastic thingies to open cell phones works even better than a credit card.
Click to expand...
Click to collapse
Link the the antenna that you've bought please? I searched on ebay but there are many kinds of ipex connector
hhai93 said:
Link the the antenna that you've bought please? I searched on ebay but there are many kinds of ipex connector
Click to expand...
Click to collapse
Something like this should work.
https://www.ebay.com/itm/2-4G-5G-5-...862018?hash=item3d60e89bc2:g:Zc8AAOSwAXZa2AJD
dr_vega said:
Something like this should work.
https://www.ebay.com/itm/2-4G-5G-5-...862018?hash=item3d60e89bc2:g:Zc8AAOSwAXZa2AJD
Click to expand...
Click to collapse
Thank you! Just bought one, will be arrived at the end of May :fingers-crossed:
dr_vega said:
I have two Mi Boxes. Both have lousy WiFi reception. I finally decided to open one up and see if I could re-position the antenna or replace it. To my surprise, there was no antenna. I opened my other Mi Box and it didn't have an antenna either. There is a little plug for the antenna, but the antenna itself is missing.
The antenna plug is the same one found in most laptops and WiFi cards, variously called an IPX, IPEX, or U.FL plug. You can buy antennas with this plug on ebay or Amazon for about $2. They come as little flags you can stick down or little pcb boards which can have 5dbi or more gain.
I got a couple of 8dbi gain pcb antennas. The can be positioned inside the Mi Box case, but I drilled a small hole and ran them outside where they are clear of the electronics and big steel heatsink and can be aimed at the router. No soldering, just open the Mi Box, take out the four screws that hold the motherboard. Slowly pull off the motherboard which is stuck to the heatsink, and then plug in the antenna. Simple.
My WiFi download speed has almost tripled from less than 10mbs to almost 30mbs. I get 20mbs even through my VPN. I now can stream 1080 HD movies on Netflix without stuttering or buffering.
Spend $2 and 15 minutes work and you won't hate your Mi Box anymore.
Click to expand...
Click to collapse
Hi.
I have two MiBox and the connector is not the standard that is used for antennas. It is a Hirose MS-156C, usually used as a test point, so it is not possible to connect antennas with an IPEX connector.
Can you detail how you did it?
Thank you.
diruix said:
Hi.
I have two MiBox and the connector is not the standard that is used for antennas. It is a Hirose MS-156C, usually used as a test point, so it is not possible to connect antennas with an IPEX connector.
Can you detail how you did it?
Thank you.
Click to expand...
Click to collapse
That may be true, but IPEX worked for me. I bought a couple of the antennas in the picture. One was hard to press onto the connector and I used a needle nose pliers to apply pressure. The other one snapped on with just fingers.
diruix said:
Hi.
I have two MiBox and the connector is not the standard that is used for antennas. It is a Hirose MS-156C, usually used as a test point, so it is not possible to connect antennas with an IPEX connector.
Can you detail how you did it?
Thank you.
Click to expand...
Click to collapse
I confirm that the Ipex connector is compatible.
I tried to insert the antenna into the connector for 5 minutes pressing it with my fingers, but then I decided to use a screwdriver handle for this, I pushed harder, and I was able to connect the antenna.
Toliyn said:
I confirm that the Ipex connector is compatible.
I tried to insert the antenna into the connector for 5 minutes pressing it with my fingers, but then I decided to use a screwdriver handle for this, I pushed harder, and I was able to connect the antenna.
Click to expand...
Click to collapse
The most important question is "After you forced the connection, did you see a performance increase?" Hopefully, something more than placebo...
Sent from my Pixel 2 using Tapatalk
Mr.BungIe said:
The most important question is "After you forced the connection, did you see a performance increase?" Hopefully, something more than placebo...
Click to expand...
Click to collapse
To begin with, I was unpleasantly surprised with the reception quality of the mi box.
I have a noname Chinese tv box with which there are enough problems, but none of them related with receiving a wi-fi signal.
When I turned on mi box for the first time without an external antenna connected, the device was able to connect to wi-fi and start downloading updates, but the online video playback and TV playback over ott playlist did not work. I even rebooted the mi box several times to make sure that the problem is not related with the updates.
Then I put the antenna all worked as expected.
So I think so. There is a noticeable difference when using an external antenna.
isn't there any android tool that mesure the wifi strength signal ?
If yes it would be nice to have some results before/after
but of course your feedback is very nice.
I had too issues, i fixed them by moving my wifi extender (my wifi router is at 1st floor and on the roof i have an extender to make sure that I have enought signal at both floor. but as the mibox whas having difficulties I moved the extender from one room to very close to the mibox) and since them streaming 1080p video is no more any issue.
But of course installing an antenna would be nice ... or maybe an ethernet usb hub ....
Indeed I may start looking at 4k movies end of the year, and plan to use the mibox (hoping that it will have enougth power)
Did anyone ever confirm if this is an antenna port or not
I just tested this out myself using the same aerial linked earlier, and I found it made no difference to signal strength or throughput. This was determined using the IP tools app and some file transfers.
In fact even though the connector seemed to be a good fit, I found that the middle pin wasn't actually making any contact. I verified this using one of the solder pads next to the connector which has a direct connection to the middle pin socket on the PCB.
I figured this may be why I saw no difference in signal so I cut the plug off the aerial and soldered the wires directly to the mibox and made sure the connections were good, and guess what - still no difference.
As I don't have anything to probe that connector with to see exactly what if anything is coming out I can't verify what it is supposed to do. But I wouldn't waste your time trying to connect an aerial to it.
Lemonato said:
I just tested this out myself using the same aerial linked earlier, and I found it made no difference to signal strength or throughput. This was determined using the IP tools app and some file transfers.
In fact even though the connector seemed to be a good fit, I found that the middle pin wasn't actually making any contact. I verified this using one of the solder pads next to the connector which has a direct connection to the middle pin socket on the PCB.
I figured this may be why I saw no difference in signal so I cut the plug off the aerial and soldered the wires directly to the mibox and made sure the connections were good, and guess what - still no difference.
As I don't have anything to probe that connector with to see exactly what if anything is coming out I can't verify what it is supposed to do. But I wouldn't waste your time trying to connect an aerial to it.
Click to expand...
Click to collapse
I did it too and "Lemonato" is right, there is no change on the wifi reception.
** sorry... don't know why the pics is not showing
anyone tried using this mod?
https://youtu.be/Nk-nj_BwoBE?t=5m30s
Hi guys, i am looking for some help as my Realme GT2 Pro is dead bricked (ie. no response to buttons + usb)
I was able to open the back cover but i am not sure which are the correct test points for EDL mode.
Below is the picture of the motherboard. Would someone be able to help?
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Normally EDL test points are a pair of contacts, sometimes conspicuous, sometimes not.
I would not generally recommend just shorting any two points, it would be possible to short and destroy something.
Do you have any resistors? 200 ohm to 3000 ohm would be ok. Higher might work, lower might harm something.
If you have a voltmeter you can check first. One point should register ~1.8V the other should be basically 0V.
The pair of test points near the white coax and the pair of test point alongside the black coax seem like candidates.
This is a Qualcomm thing, yes?
In worst case you can try to defeat the flash memory, but that's another subject.
Renate said:
Normally EDL test points are a pair of contacts, sometimes conspicuous, sometimes not.
I would not generally recommend just shorting any two points, it would be possible to short and destroy something.
Do you have any resistors? 200 ohm to 3000 ohm would be ok. Higher might work, lower might harm something.
If you have a voltmeter you can check first. One point should register ~1.8V the other should be basically 0V.
The pair of test points near the white coax and the pair of test point alongside the black coax seem like candidates.
This is a Qualcomm thing, yes?
In worst case you can try to defeat the flash memory, but that's another subject.
Click to expand...
Click to collapse
Thank you for the detailed guide. Yes this is qualcomm chip.
I tried short connecting the pairs near the white coax and black coax but they are not giving me any signal.
I tried short connecting 2 of the 6 pins in the middle and it is responding. "usb descriptor failed" shows up in the device manager. However this seems to reserve short my pc usb ports at the same time. My bluetooth dongle got disconnected right away after recognizing "usb descriptor failed".
I will try to get the voltmeter to find out which one registers 1.8v and 0v
When you short the points you have to do a LONG power press. (You did know that?)
USB descriptor failed is usually when the USB block wasn't initialized and your host had problems getting the device descriptor.
You should just hook up your USB hardware protocol analyzer. What? You don't have one?
It could be that they were very sneaky with the test points. If you can't find somebody who has done this on this model you could be in for a search.
I do recall that some EDL points are hidden under the "mezzanine" connectors. (Those are the four connector you pull up with your fingernails.)
Renate said:
When you short the points you have to do a LONG power press. (You did know that?)
USB descriptor failed is usually when the USB block wasn't initialized and your host had problems getting the device descriptor.
You should just hook up your USB hardware protocol analyzer. What? You don't have one?
It could be that they were very sneaky with the test points. If you can't find somebody who has done this on this model you could be in for a search.
I do recall that some EDL points are hidden under the "mezzanine" connectors. (Those are the four connector you pull up with your fingernails.)
Click to expand...
Click to collapse
wait, LONG power press? i only plug usb c while shorting...
and i don't have USB hardware protocol analyzer
Okay... maybe i should wait a bit more... this device is relatively new and like you said, EDL points may be hidden
No, leave the USB cord plugged in. Connect your test point. LONG power press, maybe 5-10 seconds until something changes.
If you're in Windows it should bong. Under Windows it can be difficult if the driver isn't/hasn't been loaded.
The stuff with "EDL cables" and plugging in cables is dependent on what/whether the OEM put the option in the XBL/SBL1.
Heck, are you sure that it's not in EDL mode anyway? If the bootloaders are very corrupt it will just go there by itself.
You need to look in Device Manager, or get UsbView.exe and make sure if it's presenting as anything.
When you remove/insert the USB cable does it bong? Or just "bad descriptor"?
Renate said:
No, leave the USB cord plugged in. Connect your test point. LONG power press, maybe 5-10 seconds until something changes.
If you're in Windows it should bong. Under Windows it can be difficult if the driver isn't/hasn't been loaded.
The stuff with "EDL cables" and plugging in cables is dependent on what/whether the OEM put the option in the XBL/SBL1.
Heck, are you sure that it's not in EDL mode anyway? If the bootloaders are very corrupt it will just go there by itself.
You need to look in Device Manager, or get UsbView.exe and make sure if it's presenting as anything.
When you remove/insert the USB cable does it bong? Or just "bad descriptor"?
Click to expand...
Click to collapse
i actually found the test points and booted into 9008!!! YES!!
You reminded that their test points could be hidden, which is indeed the case for this device... OMG!
They are hidden underneath the micro camera!!
Now i just need msm tool to flash the device.
Thank you so much
For anyone who needs help with finding the edl test points, here you are:
Great sleuthing!
For your next steps maybe look at this post/thread: https://forum.xda-developers.com/t/...bootloader-and-fastboot.4471601/post-87186739
Thank you so much.
I will keep this in my back pocket as someone just helped me flashed the device...
Again, much appreciated your valuable knowledge!
henryhan123 said:
Thank you so much.
I will keep this in my back pocket as someone just helped me flashed the device...
Again, much appreciated your valuable knowledge!
Click to expand...
Click to collapse
Hello. I have a disassembled Realme Q3S smartphone. I can only connect to Edl Mode. Please tell me how you unbricked your smartphone? Which program? Who helped you?
henryhan123 said:
For anyone who needs help with finding the edl test points, here you are:View attachment 5666449
Click to expand...
Click to collapse
hey man, Im having the same problem as you, 0 reponse from the phone, buttons and usb do nothing. I opened it and tried shorting the 2 pins you show but still nothing happens. holding the power button I see nothing on windows. installed the qualcomm drivers, but they dont show up on device manager. do you have any ideas what could be? how do I know its on edl without MSM login?
Did you short the test point while doing a long power button reset?
You can UsbView.exe https://www.ftdichip.com/Support/Utilities.htm#MicrosoftUSBView to look for a device that is 05c6/9008
You should be able to find it there if you have no driver, the Qualcomm driver or the generic WinUSB driver.
Do you see some random COM port under Device Manager? That's the Qualcomm driver.
dick_vigarista said:
hey man, Im having the same problem as you, 0 reponse from the phone, buttons and usb do nothing. I opened it and tried shorting the 2 pins you show but still nothing happens. holding the power button I see nothing on windows. installed the qualcomm drivers, but they dont show up on device manager. do you have any ideas what could be? how do I know its on edl without MSM login?
Click to expand...
Click to collapse
not sure what happened to your device but the photo has helped a few ppl already. Make sure you are shorting the correct pins. They are hidden beneath the smallest camera, which means you have to remove the camera.
1. unplug usb cable
2. disconnect the battery ribbon and remove the smallest camera
3. install Qualcomm 9008 driver
3. start shorting the 2 pins
4. keep holding on the short and then plug usb cable
5. after 5 sec, you should hear a sound from your windows, and your device manager should show the 9008 device.
6. flash stock rom via MSM
I'm still unclear about this whole business about plugging in the USB cable.
It seems to me that that is all dependent on the higher software.
The EDL test points are a 1.8V source and a GPIO pin with a pull-down resistor.
On my SDM636 it's GPIO57. On a rooted sytem I can write "57" to /sys/class/gpio/export then read /sys/class/gpio/gpio57/value
Code:
Poke3:/sys/class/gpio # echo 57 > export
Poke3:/sys/class/gpio # ls -l
...
lrwxrwxrwx 1 root root 0 2022-09-11 06:45 gpio57 -> ../../devices/soc/3000000.pinctrl/gpio/gpio57
...
Poke3:/sys/class/gpio # cat gpio57/value
0
Poke3:/sys/class/gpio # cat gpio57/value
1
Running a normal Android system I can play with the GPIO and plug/unplug the USB all day long without anything happening.
This is not to say that maybe fastboot or recovery or aboot or a different kernel doesn't keep an eye out for these conditions.
What is clear is that the ROM bootloader which runs at full reset does check the GPIO.
Moreover, that is entirely independent of any software.
Therefore I recommend leaving the cable in and do a long power button reset.
Also, I'm too uncoordinated to plug in a cable while shorting test points.
Renate said:
I'm still unclear about this whole business about plugging in the USB cable.
It seems to me that that is all dependent on the higher software.
The EDL test points are a 1.8V source and a GPIO pin with a pull-down resistor.
On my SDM636 it's GPIO57. On a rooted sytem I can write "57" to /sys/class/gpio/export then read /sys/class/gpio/gpio57/value
Code:
Poke3:/sys/class/gpio # echo 57 > export
Poke3:/sys/class/gpio # ls -l
...
lrwxrwxrwx 1 root root 0 2022-09-11 06:45 gpio57 -> ../../devices/soc/3000000.pinctrl/gpio/gpio57
...
Poke3:/sys/class/gpio # cat gpio57/value
0
Poke3:/sys/class/gpio # cat gpio57/value
1
Running a normal Android system I can play with the GPIO and plug/unplug the USB all day long without anything happening.
This is not to say that maybe fastboot or recovery or aboot or a different kernel doesn't keep an eye out for these conditions.
What is clear is that the ROM bootloader which runs at full reset does check the GPIO.
Moreover, that is entirely independent of any software.
Therefore I recommend leaving the cable in and do a long power button reset.
Also, I'm too uncoordinated to plug in a cable while shorting test points.
Click to expand...
Click to collapse
yah... this realme gt2 pro is awkward. It completely freezes everything, and becomes unresponsive to any buttons if the phone detects damaged boot image files (or maybe infinite boot loop...).
Though I am not sure if usb is needed in order to enter EDL... The only behavior i noticed for my phone is that if i stop shorting the pins, the phone automatically exits EDL mode within few sec, and then re-enter into the hard bricked mode. This is why i have the step of shorting pins and connecting usb to a PC so that MSM tool can be used on the PC.
henryhan123 said:
The only behavior i noticed for my phone is that if i stop shorting the pins, the phone automatically exits EDL mode within few sec...
Click to expand...
Click to collapse
Wait, so when you are actually using EDL mode to do something you have to keep the test points shorted???
I have a few (4?) Qualcomm devices and when you get them in EDL mode (by shorting test points) they will sit there patiently forever (with open test points).
I've been working with EDL sometimes, forget about it and it's still active hours later.
I was helping somebody with a wrecked system and when it was in EDL it rebooted every 5 seconds back to EDL.
I never figured out what was going on, but if you could get your task done in time it worked out fine.
If I had the device in hand I might have figured it out.
Maybe another watchdog?
Are you sure that your device isn't resetting every n seconds and the (still) shorted test points gets you a new EDL session?
Hi guys, tried, tried and tried. And after trying a bunch of times it finally worked, now I have 9008 showing on device manager, thanks to you guys. Now I just need to find someone to go on MSM hehe, if you guys know someone pls let me know.... thank you guys for all the tips. It worked with cable plugged holding the power button and shorting.... but for some reason Had to try a bunch of times to finally work.
It can be tricky sometimes to make a good connection across the test points.
If it wackles for the millisecond that the processor is checking then it won't work.
I've never even seen the MSM tool, I prefer to just do it all myself.
Renate said:
It can be tricky sometimes to make a good connection across the test points.
If it wackles for the millisecond that the processor is checking then it won't work.
I've never even seen the MSM tool, I prefer to just do it all myself.
Click to expand...
Click to collapse
is it possible to do myself? I did not know. I would rather not have a stranger connecting on my computer too. can you give me some direction on how to do myself? thanks
This is a Summary of how I managed to Brick my DualScreen case by Deleting the Firmware on the dual-screen chip. (and Possibly, How it can be fixed)
I was trying to make a Mod for the dual-screen case to be able to use it with other android or windows devices as a type-c display, Using a Type-C extension cable.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
I did a lot of googling and found THIS, apart from that I found nothing useful about the dual-screen case and how it works, so I had to do some digging of my own.I started by extracting all the APKs on my LG G8X that were related to the dual screen case And found an MCU (Microcontroller unit) named “STM32” mentioned inside the “dualscreenfirmware.apk” .dex file, After doing some googling I found that this type of MCU is used in chips like Arduino and other development chips.
Now I had some Basic idea of how the dual-screen case worked, after that, I had to figure out why the dual screen only works with the LG8X and not with the other devices,( yes of course it's because of the software inside the G8X), Again doing some googling brought me to this TEARDOWN video of the dual screen case, in the video I noticed that LG has used a lot of Magnets in the case. Now I did some experiments on my device and found THIS. LG uses these Magnets as the Trigger for the dual-screen case, When you insert the phone inside the dual-screen case the PHONE’s magnet sensor detects the case and activates the USB-C PD (Power Delivery) mode, and starts the Second display function. It also uses a specific type of type-C connection with VCONN, so it does not work when the phone is flipped.
You can go to the Hidden menu on the LG G8X by typing this on the dialer app *#546368#*850# Here I found the Cover Display firmware update option and various other settings. The version of my Dual screen is PIC. There I found the Firmware file name ending with .dfu Again after doing some googling, I found that the STM32 MCU goes to DFU (Device Firmware Update) mode/protocol while updating or flashing the firmware.
I was sure that I can now download and edit or make a firmware file of my own to use the Dual screen case on any device. So I Installed this APP (StmDfuUsb) on my G8X from the play store hoping that I will be able to download/extract the firmware file from the Case itself. I was yet to figure out how the Dual-screen goes to DFU mode for it to be detected on this App. After a lot of Googling and trying to figure it out for a while, I accidentally found it, I went to the Hidden menu and pressed the update cover display option, but this time a pop-up comes up saying open with this app(StmDfuUsb), so I click on it and voila, Now my dual-screen was in DFU mode and it was connected to the app,(as excited as I was) without thinking I tried to download the firmware file to the phone, but I ended up pressing the Erase Flash option instead, Bam... the dual screen went off right in front of me. (Not realizing what I just did) dual-screen was still connected in DFU mode (but stupid me) I removed my phone from the case and Re-Inserted it, but this time it only Connected to my phone as a USB, and changing the USB configuration did nothing but it reattached the USB connection. I went back to the hidden menu to put the dual screen back on DFU mode, and to update the firmware, It showed THIS ERROR, as the dual screen was not detected by the phone as a USB Device the phone was not able to get control of it, also the Buttons on the Case did not work,(At this point I realize that I F**dup) I Started downloading different Apps for USB and STM devices but found it all useless. Also, it does not get detected in windows pc as a USB connection, tried both on a USB A 3.0 port and Type- C port with a USB C extension cable.
After trying for a couple of days, I decided to take the device to the Service Center. I explained the problem to the LG technician “I accidentally deleted the firmware while working on an Arduino chip via OTG”, (of course I’m not gonna tell him that I was trying to modify it.) He tries to diagnose the issue and he told me that the problem was with the USB port on the case and it needs to be replaced, (He thought there was no firmware inside the Dual-scree case, I was Infuriated) After a few minutes of arguing with him, I told him to order the part, as he told me that they won't charge me anything if it didn't work even after the replacement ( the Type-C port was ₹1600 approx), and there, I return after two days to get the port replaced, and as expected the Dual-screen still in the same condition after USB port replacement (I told you so moment), So the technician now believes me and calls his senior management on phone, and now he does not understand the problem, he told me that they do not have the firmware seperately for the Dual-screen and they do not have the authority to access the firmware, they just replace parts, he said they can replace the PCB inside the dual-Screen, Now I know that will solve my problem as the new PCB will come with the Firmware built in, but it was not the solution I was looking for, I told the technician to place the order for the part (which costs around ₹1500), then I return home.
Now, I did not want to spend ₹1500 for a thing that can be fixed with the software. Thinking about this problem got me to blame LG for hiding the information and resources about the Dual screen, so I Emailed LG Service India Head and LG CEO office from the LG India website. Meanwhile, I also asked for High res pics of the PCB/Motherboard, from the same guy who did the TEARDOWN video and got it HERE. I also got the .DFU Firmware file from a guy with a Rooted G8X (The file is stored inside the phone under system files).
Now I know this problem can be fixed easily if LG reveals the information about the Dual screen and provides the Repair guide and relevant resources (Still Emailing them to escalate this Issue #RightToRepair). Also, I’m relying on the LG community and its developers that can help me get my dual screen working again. I have provided all the Information and resources that I think can solve this issue, if I’ve missed something please let me know.
My guess for possible solutions are-
An App can detect the USB device and put it in a different connection mode. (Possibly to DFU mode)
These Pins/contact points on the PCB can be used to put the device on bootloader/ DFU mode like on an Arduino chip. (I need to find the right jumper pins.)
Using the 3 Buttons on the case to put it in Bootloader/DFU mode. (I have tried a few combinations, but No luck)
-SDK
Go look at this post also
[LG TOOLS] LG-KDZ-dll-Tool/LGUP_UI-fixer/LG-Kdz-downloader
Please, do not share elsewhere as I want to be able to update if necessary ! LG-KDZ-dll-Tool/KDZ dll extractor (=old version) : this message actually, scroll down a bit... LGUP_UI-fixer LG-Kdz-downloader Share this thread or my blog instead...
forum.xda-developers.com
Hi. I stepped upon this thread looking for disassembly method due to broken hinge. Case is using STM32F411 chip to create HID device (aka touchscreen and buttons support) along with power management. STM32 can enter FW download mode (aka DFU) with Boot0 pin connected to VCC before RCC performs initial reset sequence. That being said, procedure is:
1. Disconnect case from phone (or PC, as I believe it can be done using PC too)
2. Short 3.3V_MCU_VDD to BOOT_DOWNLOAD pin
3. With these pins shorted together, connect case to phone or pc
4. Verify connection in DFU app (or STM32CubeProg if you are using PC)
5. Upload firmware
@enkidu.eu
Hi. I tried your method and sucess upload the firmware for my bricked dualscreen.
My phone is LG V50s and my dual screen firmware version is LMV515N-V30a_00.dfu
Sadly my dual screen touch is ok, but nothing show up. I mean it's like screen brightness is set to zero. All other functionality is fine.
Do you have any idea why?
Is my dualscreen broken or the firmware problem.