Develop Bugs

HTC Kernel I2C

Hi, right been looking at the Hero CDMA Kernel trying to get direct access to the light sensor.
I know its part of I2C, and have found some documentation, but its completely over my head! Anyone smarter than me know what this means/how to use it?
Thanks
Usually, i2c devices are controlled by a kernel driver. But it is also
possible to access all devices on an adapter from userspace, through
the /dev interface. You need to load module i2c-dev for this.
Each registered i2c adapter gets a number, counting from 0. You can
examine /sys/class/i2c-dev/ to see what number corresponds to which adapter.
I2C device files are character device files with major device number 89
and a minor device number corresponding to the number assigned as
explained above. They should be called "i2c-%d" (i2c-0, i2c-1, ...,
i2c-10, ...). All 256 minor device numbers are reserved for i2c.
C example
=========
So let's say you want to access an i2c adapter from a C program. The
first thing to do is "#include <linux/i2c-dev.h>". Please note that
there are two files named "i2c-dev.h" out there, one is distributed
with the Linux kernel and is meant to be included from kernel
driver code, the other one is distributed with lm_sensors and is
meant to be included from user-space programs. You obviously want
the second one here.
Now, you have to decide which adapter you want to access. You should
inspect /sys/class/i2c-dev/ to decide this. Adapter numbers are assigned
somewhat dynamically, so you can not even assume /dev/i2c-0 is the
first adapter.
Next thing, open the device file, as follows:
int file;
int adapter_nr = 2; /* probably dynamically determined */
char filename[20];
sprintf(filename,"/dev/i2c-%d",adapter_nr);
if ((file = open(filename,O_RDWR)) < 0) {
/* ERROR HANDLING; you can check errno to see what went wrong */
exit(1);
}
When you have opened the device, you must specify with what device
address you want to communicate:
int addr = 0x40; /* The I2C address */
if (ioctl(file,I2C_SLAVE,addr) < 0) {
/* ERROR HANDLING; you can check errno to see what went wrong */
exit(1);
}
Well, you are all set up now. You can now use SMBus commands or plain
I2C to communicate with your device. SMBus commands are preferred if
the device supports them. Both are illustrated below.
__u8 register = 0x10; /* Device register to access */
__s32 res;
char buf[10];
/* Using SMBus commands */
res = i2c_smbus_read_word_data(file,register);
if (res < 0) {
/* ERROR HANDLING: i2c transaction failed */
} else {
/* res contains the read word */
}
/* Using I2C Write, equivalent of
i2c_smbus_write_word_data(file,register,0x6543) */
buf[0] = register;
buf[1] = 0x43;
buf[2] = 0x65;
if ( write(file,buf,3) != 3) {
/* ERROR HANDLING: i2c transaction failed */
}
/* Using I2C Read, equivalent of i2c_smbus_read_byte(file) */
if (read(file,buf,1) != 1) {
/* ERROR HANDLING: i2c transaction failed */
} else {
/* buf[0] contains the read byte */
}
IMPORTANT: because of the use of inline functions, you *have* to use
'-O' or some variation when you compile your program!
Full interface description
==========================
The following IOCTLs are defined and fully supported
(see also i2c-dev.h):
ioctl(file,I2C_SLAVE,long addr)
Change slave address. The address is passed in the 7 lower bits of the
argument (except for 10 bit addresses, passed in the 10 lower bits in this
case).
ioctl(file,I2C_TENBIT,long select)
Selects ten bit addresses if select not equals 0, selects normal 7 bit
addresses if select equals 0. Default 0. This request is only valid
if the adapter has I2C_FUNC_10BIT_ADDR.
ioctl(file,I2C_PEC,long select)
Selects SMBus PEC (packet error checking) generation and verification
if select not equals 0, disables if select equals 0. Default 0.
Used only for SMBus transactions. This request only has an effect if the
the adapter has I2C_FUNC_SMBUS_PEC; it is still safe if not, it just
doesn't have any effect.
ioctl(file,I2C_FUNCS,unsigned long *funcs)
Gets the adapter functionality and puts it in *funcs.
ioctl(file,I2C_RDWR,struct i2c_rdwr_ioctl_data *msgset)
Do combined read/write transaction without stop in between.
Only valid if the adapter has I2C_FUNC_I2C. The argument is
a pointer to a
struct i2c_rdwr_ioctl_data {
struct i2c_msg *msgs; /* ptr to array of simple messages */
int nmsgs; /* number of messages to exchange */
}
The msgs[] themselves contain further pointers into data buffers.
The function will write or read data to or from that buffers depending
on whether the I2C_M_RD flag is set in a particular message or not.
The slave address and whether to use ten bit address mode has to be
set in each message, overriding the values set with the above ioctl's.
Other values are NOT supported at this moment, except for I2C_SMBUS,
which you should never directly call; instead, use the access functions
below.
You can do plain i2c transactions by using read(2) and write(2) calls.
You do not need to pass the address byte; instead, set it through
ioctl I2C_SLAVE before you try to access the device.
You can do SMBus level transactions (see documentation file smbus-protocol
for details) through the following functions:
__s32 i2c_smbus_write_quick(int file, __u8 value);
__s32 i2c_smbus_read_byte(int file);
__s32 i2c_smbus_write_byte(int file, __u8 value);
__s32 i2c_smbus_read_byte_data(int file, __u8 command);
__s32 i2c_smbus_write_byte_data(int file, __u8 command, __u8 value);
__s32 i2c_smbus_read_word_data(int file, __u8 command);
__s32 i2c_smbus_write_word_data(int file, __u8 command, __u16 value);
__s32 i2c_smbus_process_call(int file, __u8 command, __u16 value);
__s32 i2c_smbus_read_block_data(int file, __u8 command, __u8 *values);
__s32 i2c_smbus_write_block_data(int file, __u8 command, __u8 length,
__u8 *values);
All these transactions return -1 on failure; you can read errno to see
what happened. The 'write' transactions return 0 on success; the
'read' transactions return the read value, except for read_block, which
returns the number of values read. The block buffers need not be longer
than 32 bytes.
The above functions are all macros, that resolve to calls to the
i2c_smbus_access function, that on its turn calls a specific ioctl
with the data in a specific format. Read the source code if you
want to know what happens behind the screens.
Click to expand...
Click to collapse

Surely if you want to use the light sensor in an application, the correct path is via API calls, or do you have other intentions?
Regards,
Dave

Ideally yes, but when you use the API to get the light sensor values, you get the accelerometer values instead! Interesting its similar on the Samsung Moment, asking for the light sensor values returns the compass values!
Seems neither HTC or Samsung know what they are doing!

BCM21553 files of vodafone samrt II

the Vodafone Smart II have the same spec as our y
and 2.3.7 gb is pre-installed with it
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
[/SIZE][/B][/CENTER]
Here is the Unpacked system.img from the stock Italian ROM
http://www.mediafire.com/?khpdey37edwvzlv
and custom rom of it
http://forum.cyanogenmod.com/topic/...el-v860-ota-update2-integrated-rom-with-root/
Click to expand...
Click to collapse
Features
OS Android OS, v2.3.7 (Gingerbread)
Chipset BCM21553
CPU 832 MHz ARMv6
Click to expand...
Click to collapse

Is, that cm7?
sent by my Y using jelly blast rom frm XDA Premium

rmp07 said:
Is, that cm7?
sent by my Y using jelly blast rom frm XDA Premium
Click to expand...
Click to collapse
It should be 2.3.7 AOSP cause no manufacture release CM Rom

We can take drivers from here!!
Sent from my GT-S5360 using XDA

hell_lock said:
We can take drivers from here!!
Sent from my GT-S5360 using XDA
Click to expand...
Click to collapse
yeah ! that's what I attached in 1st post I think
also please have a lokk at this
See the 2 image file , look like our present graphics ​
Click to expand...
Click to collapse
in that vt file
Code:
# RADVISION H.323/3G-324M Stack Configuration File
#
# Value encodings:
# '' - String (and asciiz is not appended)
# \"\" - BMP string of ASCII characters
# [] - Hex octet string
# <> - IP
# {} - Object ID
# % - Bit string
# Other - Integer
1 ApplicationConfig = 0
+ AutoAnswer = 0
UseWnsrp = 1
UseACP = 0
UseMONA = 0
UseAEC = 0
mpcMediaTypes = 4 #0:Unknown 1:AMR 2:AMRWB 3:H264 4:MPEG4 5:H263
UseMPCRxOnly = 0
AcpAudioEntry = 0
AcpVideoEntry = 0
MultipleH245Messages = 1
AutoAcceptChannels = 1
AutoEarlyMES = 0
muxLevel = 3 # Rv3G324mCallMuxLevel2
AutoCaps = 1 # it will be modified to TRUE
AutoCapsReplayMedia = 0
AutoOpenChannels = 1
autoChannel_Audio_Use = 1
autoChannel_Audio_rate = 31
autoChannel_Audio_name = 'amr'
autoChannel_Audio_alConfig = 'AL2 WithSequenceNumber'
autoChannel_Video_Use = 1
autoChannel_Video_rate = 224
autoChannel_Video_name = 'mpeg4'
autoChannel_Video_alConfig = 'AL2 WithSequenceNumber'
autoChannel_Video_bNullData = 0
autoChannel_Video_bIsDuplex = 0
VideoChannelBufferNum = 40
VideoChannelBufferFreeNum = 20
AudioChannelBufferNum = 15
TransportWriteInterval = 20 # loop interval of read/write thread in transport module, 20ms, 40ms..., maximum is 100ms
TransportDoFlowControl = 1 # if transport thread do flow control
LogStreamBuffers = 0
LogStreamBufferSize = 2097152 #2*1024*1024
ReflectTransportBuffers = 1
isdnBufferCorrectionSize = 0 #16
LogMode = 1 # 0:None,1:Screen,2:File, 3:Memory
LogMemorySize = 1048576 # 1024K
LogFileName = '/data/vt/3gapp.log'
LogFileSize = 524288 #512K
LogLevelInfo = 127
LogLevelDebug = 1
LogLevelError = 1
LogModule = 7 # 1:Application, 2:Transport, 4:Stack, 8:AudioEnc, 16:AudioDec, 32:VideoEnc, 64:VideoDec
VideoFastUpdatePicture = 1
VideoEncodeIntraInterval = 32
VideoEncodeFrameRate = 15
VideoEncodeTargetBitRate = 48000
VideoEncodeDelayTime = 200
VideoDecodeStreamMode = 0
VendorIdentificationMes = 1
VendorIdent-CountryCode = 97
VendorIdent-Extension = 0
VendorIdent-ManufacturerCode = 0
VendorIdent-ProductNumber = 'SK-700'
VendorIdent-VersionNumber = 'SKT 14 v1.37'
VendorIdent-Match = '3GApp'
LipSyncTime = 0
SendThreadPriority = 80
RecvThreadPriority = -1
CameraRate = 8
RingDelayTime = 2000 # ms
BlockVideoDelay = 500 #ms
AutoDropTimeout = 20 #s
CallDurationLimitation = 0 #second
MuxLevelSyncTimeout = 10000;
1 3g324mSystem = 0
+ maxCalls = 4
maxTransmittingChannels = 4
maxReceivingChannels = 4
allocations = 0
+ controlBufferSize = 120
controlNumOfBuffers = 40
logicalChannelBufferSize = 2000
logicalChannelNumOfBuffers = 100
alxmBufferSize = 4000
alxmNumOfBuffers = 40
alxmInterleavingBufferSize = 4000
alxmInterleavingNumOfBuffers = 10
maxAsn1BufferSize = 6000
ach245NumOfBuffers = 15
- h223Params = 0
+ sendQueueSizePerChannel = 70
srpTimer = 2000
nsrpTimer = 200
al3RetransmissionTimer = 2000
numOfAlSduSaved = 100
n400Counter = 30
n402Counter = 5
2 watchdog
+ interval = 10
1 h245 = 0
2 masterSlave = 0
+ terminalType = 130
timeout = 1000
2 capabilities = 0
+ terminalCapabilitySet = 0
+ sequenceNumber = 1
protocolIdentifier = [00]
multiplexCapability = 0
+ h223Capability = 0
+ transportWithI-frames = 0
videoWithAL1 = 0
videoWithAL2 = 1
videoWithAL3 = 1
audioWithAL1 = 0
audioWithAL2 = 1
audioWithAL3 = 0
dataWithAL1 = 0
dataWithAL2 = 0
dataWithAL3 = 0
maximumAl2SDUSize = 512
maximumAl3SDUSize = 512
maximumDelayJitter = 10
h223MultiplexTableCapability = 0
+ basic = 0
- maxMUXPDUSizeCapability = 1
nsrpSupport = 1
mobileOperationTransmitCapability = 0
+ modeChangeCapability = 0
h223AnnexA = 1
h223AnnexADoubleFlag = 1
h223AnnexB = 1
h223AnnexBwithHeader = 1
4 capabilityTable = 0
#############################
# Video Codecs
#############################
# MPEG
5 * = 0 # Sequence
+ capabilityTableEntryNumber = 4
capability = 0
+ receiveAndTransmitVideoCapability = 1
+ genericVideoCapability = 0
+ capabilityIdentifier = 0
+ standard = {itu-t recommendation h 245 1 0 0}
- maxBitRate = 400
nonCollapsing = 1
10 * = 0
+ parameterIdentifier = 0
+ standard = 0
- parameterValue = 0
+ unsignedMax = 8
10 * = 0
+ parameterIdentifier = 0
+ standard = 1
- parameterValue = 0
+ unsignedMax = 1
# H.263
5 * = 0
+ capabilityTableEntryNumber = 3
capability = 0
+ receiveAndTransmitVideoCapability = 1
+ h263VideoCapability = 0
+ qcifMPI = 2
maxBitRate = 400
unrestrictedVector = 0
arithmeticCoding = 0
advancedPrediction = 0
pbFrames = 0
temporalSpatialTradeOffCapability = 1
#############################
# Audio Codecs
#############################
# AMR
5 * = 0
+ capabilityTableEntryNumber = 1
capability = 0
+ receiveAndTransmitAudioCapability = 1
+ genericAudioCapability = 0
+ capabilityIdentifier =
+ standard = {itu-t recommendation h 245 1 1 1}
- maxBitRate = 122
#define maxsdu
collapsing = 1
10 * = 0
+ parameterIdentifier = 0
+ standard = 0
- parameterValue = 0
+ unsignedMin = 1
# g.723.1
5 * = 0
+ capabilityTableEntryNumber = 2
capability = 0
+ receiveAudioCapability = 0
+ g7231 = 0
+ maxAl-sduAudioFrames = 6
silenceSuppression = 0
4 capabilityDescriptors = 0
+ * = 0
+ capabilityDescriptorNumber = 0
simultaneousCapabilities = 0
+ * = 0
+ * = 3
* = 4
- * = 0
+ * = 1
* = 2
3 timeout = 100
- channels = 0
3 * = 0
+ name = 'amr'
dataType = 0
+ audioData = 0
+ genericAudioCapability = 0
+ capabilityIdentifier = 0
+ standard = { itu-t(0) recommendation(0) h(8) 245 generic-capabilities(1) audio(1) amr(1) }
- maxBitRate = 122
collapsing = 0
+ * = 0
+ parameterIdentifier = 0
+ standard = 0
- parameterValue = 0
+ unsignedMin = 1
3 * = 0
+ name = 'mpeg4'
dataType = 0
+ videoData = 0
+ genericVideoCapability = 0
+ capabilityIdentifier = 0
+ standard = { itu-t(0) recommendation(0) h(8) 245 generic-capabilities(1) video(0) ISO-IEC14496-2(0) }
- maxBitRate = 400
nonCollapsing
8 * = 0
+ parameterIdentifier = 0
+ standard = 0
- parameterValue = 0
+ unsignedMax = 8
8 * = 0
+ parameterIdentifier = 0
+ standard = 1
- parameterValue = 0
+ unsignedMax = 1
8 * = 0
+ parameterIdentifier = 0
+ standard = 2
- parameterValue = 0
+ octetString = [000001b008000001b509000001000000012000844014282c2090a31f]
3 * = 0
+ name = 'h263'
dataType = 0
+ videoData = 0
+ h263VideoCapability = 0
+ qcifMPI = 2
maxBitRate = 400
unrestrictedVector = 0
arithmeticCoding = 0
advancedPrediction = 0
pbFrames = 0
temporalSpatialTradeOffCapability = 0
errorCompensation = 0

Code:
[CENTER][B][FONT="Arial Black"][SIZE="4"]in modules folder [/SIZE][/FONT][/B][/CENTER]
bcm_headsetsw.ko
brcm_switch.ko
dhd.ko
gememalloc.ko
h6270enc.ko
hx170dec.ko
Code:
[CENTER][B][FONT="Arial Black"][SIZE="4"]in HW folder [/SIZE][/FONT][/B][/CENTER]
acoustics.default.so
alsa.default.so
gps.bcm21553.so
gralloc.default.so
lights.bcm21553.so
sensors.default.so
Code:
[CENTER][B][FONT="Arial Black"][SIZE="4"]in egl folder [/SIZE][/FONT][/B][/CENTER]
egl.cfg
libGLES_android.so
libGLES_hgl.so

So the phone is same like ours but does it have any development on it such as aosp,cm etc. If yes then post the link.. We can try our luck on it
Sent from my GT-S5360 using XDA

try this
2.3.7 AOSP based ROM
http://forum.cyanogenmod.com/topic/57455-vodafone-smart-aka-alcatel-v860-ota-update2-integrated-rom-with-root/
or
stock rom
http://www.mediafire.com/?khpdey37edwvzlv

amal das said:
the Vodafone Smart II have the same spec as our y
and 2.3.7 gb is pre-installed with it
[/SIZE][/B][/CENTER]
Click to expand...
Click to collapse
pre-compiled modules won't help

Well they can work for us! I have an idea...
Sent from my GT-S5360 using XDA

hell_lock said:
Well they can work for us! I have an idea...
Sent from my GT-S5360 using XDA
Click to expand...
Click to collapse
I am listening

Will report if it works out... I dont want u guys to soft brick ur phone.. alot of testing is needed in this process...

there are some files missing in stock rom
like framework-res.apk also some bin files even build.prop toooo
you better download the rom from cyanogen form
http://forum.cyanogenmod.com/topic/...el-v860-ota-update2-integrated-rom-with-root/

hell_lock said:
Will report if it works out... I dont want u guys to soft brick ur phone.. alot of testing is needed in this process...
Click to expand...
Click to collapse
well I am not going to test it on my device for sure. Just wanted to know what is your idea.
Bricking word hurts me a lot terrible experience.

I will play with the drivers... First I will test the drivers on my stock rom. If they work, I will try the aosp drivers on stock rom, if they still work then I will put them in cm7 and test it. It will surely work.
Sent from my GT-S5360 using XDA

hell_lock said:
I will play with the drivers... First I will test the drivers on my stock rom. If they work, I will try the aosp drivers on stock rom, if they still work then I will put them in cm7 and test it. It will surely work.
Sent from my GT-S5360 using XDA
Click to expand...
Click to collapse
Almost identical specs so is worth try porting.
therefore work has began :fingers-crossed:

Zackconsole said:
Almost identical specs so is worth try porting.
therefore work has began :fingers-crossed:
Click to expand...
Click to collapse
U doin it or should i try messing it up?
Sent from my GT-S5360 using XDA

hell_lock said:
U doin it or should i try messing it up?
Sent from my GT-S5360 using XDA
Click to expand...
Click to collapse
Doing it hope no anyone come and disturb me..or else i got to get myself lock into another room again!

Zackconsole said:
Doing it hope no anyone come and disturb me..or else i got to get myself lock into another room again!
Click to expand...
Click to collapse
will wait for your ported test version !

amal das said:
will wait for your ported test version !
Click to expand...
Click to collapse
Checkout your inbox 30min/1 hour depent on my internet connection man.
It's malaysia.Famous for slow internet (RM150 Internet = Get rm30 Internet) :crying:

GT-S8500 Restarting ITSELF EVERY 30MIN

Hey Bada Users
I own Samsung GT-S8500, great phone, fast, smooth, nice camera, expecialy HD 720p VIDEO.
But my phone keeps restarting every 20-30MIN itself, while i doing something, like browsing internet, playing music etc....
I have installed few ROM, BADA 2.0, BADA 1.2, but allways the same problem.. restarting..
Can solutio be getting '' android '' on my device or something code that can fix this?
And which android ROM doesnt have '' modem '' bug and fully working network?
Thanks

It is a problem with the power module. Also my father's wave have this problem. (Not every 30 min but every 1-2 hours)
Sent from my GT-I9500 using Tapatalk 4 Beta

how to fix it?

If warranty is still valid use it. If not, you can't do anything. Is an hardware problem
Sent from my GT-I9500 using Tapatalk 4 Beta

Alberto96 said:
If warranty is still valid use it. If not, you can't do anything. Is an hardware problem
Sent from my GT-I9500 using Tapatalk 4 Beta
Click to expand...
Click to collapse
no warranty, i really need some fix, software or anything,,,,

No software fix available. The only solution is a new motherboard
Sent from my GT-I9500 using Tapatalk 4 Beta

i can get motherboard for 10$, but theres no samsung care center in my country, and its to expensive... why i need complet motherboard, when the problem is only in power modul?

You could try to find hint about your problem.
Set Debug Level to High...
Enter:
*#33284*#
Post Bluescreen here...
To leave Screen Upload data to pc. Press and hold END Key for few seconds... or use this Tool:
http://forum.xda-developers.com/showthread.php?t=1176189
RAM dump eXtractor
Best Regards

adfree said:
You could try to find hint about your problem.
Set Debug Level to High...
Enter:
*#33284*#
Post Bluescreen here...
To leave Screen Upload data to pc. Press and hold END Key for few seconds... or use this Tool:
http://forum.xda-developers.com/showthread.php?t=1176189
RAM dump eXtractor
Best Regards
Click to expand...
Click to collapse
Well i get blue screen, but i cant upload it to PC!
So addfree, what do you thing i suggest to do now? ( no warranty, no samsung care center )
Can i solve this by opening phone myself, or some software or code ( like setting low debug mode ) to fix this?
Could maybe android NaND or FnF solve this problem?
If i send you bluescreen INF, can you tell me whats wrong with my phone, and send me a fix or?

If i send you bluescreen INF, can you tell me whats wrong with my phone, and send me a fix or?
Click to expand...
Click to collapse
Without Screenshot/Photo or RamDump_Information(BS_DoubleFault).txt I have NO idea...
Sometimes it is possible, that Ram Dump eXtractor not detect handset...
But if, then it is easier... example:
Code:
Modem:Q6270B-KPRBL-1.5.45T
SHP:VPP R5 2.1.1
Build Host:S1-AGENT01
BuildAt:2010/05/12 01:04:23
App Debug Level : 0
ASSERTION_ASSERT:0 failed. (fi
le SysSecureBoot.c, line 3868)
BoAn3868
<Callstack information>
PC = 4010B063 OemDumpRegister
LR = 4010B067 OemDumpRegister
<Mocha Task Callstack>
_SysAssertReport
__SysSecBootReadNetLockInfoFro
mFile
If IMEI is not set...
What shows your Bluescreen?
Best Regards

adfree said:
Without Screenshot/Photo or RamDump_Information(BS_DoubleFault).txt I have NO idea...
Sometimes it is possible, that Ram Dump eXtractor not detect handset...
But if, then it is easier... example:
Code:
Modem:Q6270B-KPRBL-1.5.45T
SHP:VPP R5 2.1.1
Build Host:S1-AGENT01
BuildAt:2010/05/12 01:04:23
App Debug Level : 0
ASSERTION_ASSERT:0 failed. (fi
le SysSecureBoot.c, line 3868)
BoAn3868
<Callstack information>
PC = 4010B063 OemDumpRegister
LR = 4010B067 OemDumpRegister
<Mocha Task Callstack>
_SysAssertReport
__SysSecBootReadNetLockInfoFro
mFile
If IMEI is not set...
What shows your Bluescreen?
Best Regards
Click to expand...
Click to collapse
S/W version: S8530+BO+LD1
Modem: Q6270B-KPRBL-1.5. 45T
SHP: VPP R5 2. 1. 1
Build Host: S1-AGENT08
BuildAt: 2013/03/05 17:19:24
App Debug Level: 0
ASSERTI ON_ASSERT: FALSE failed
( file SysECOM c, line 81 )
Ecom V2 Assert : Allocated App
( symbol size [ EventMgr: 100 ] is
lesser than Given Symb [ 146:
Wml sEventHandl er Valid ] n
< Callstack information>
PC = 4031B42B OemDupmRegister
LR = 4031B42F OemDumpRegister
<Mocha tast callstack>
_ SysAssertReport
This i write manually, and theres 7 more pages, should i write them all? ( This is the 1st page that i write )
And why S/W version is: s8530+BO+LD1 when my device is s8500 wave?
And yes, now i have Bada 2.0, Turko SF latest version, and now its not rebooting so often like on other softwares, why's that?

As Template...
Code:
ALL HW Information:
HW VERSION : S8500_REV07
IMEI VERSION : Not Active
RF CAL DATE : Not Active
Bad Block Information:
nNumBMPs : 0
nAge : 0
Run Time Bad Block Occurred :
Init BMPs = [COLOR="Red"][B]1[/B][/COLOR], Current BMPs =
0
You could check if your OneNAND memory is okay, or have damaged blocks...
No need to post more infos.
For now I have no real idea... need to investigate for SysECOM.
Best Regards

adfree said:
As Template...
Code:
ALL HW Information:
HW VERSION : S8500_REV07
IMEI VERSION : Not Active
RF CAL DATE : Not Active
Bad Block Information:
nNumBMPs : 0
nAge : 0
Run Time Bad Block Occurred :
Init BMPs = [COLOR="Red"][B]1[/B][/COLOR], Current BMPs =
0
You could check if your OneNAND memory is okay, or have damaged blocks...
No need to post more infos.
For now I have no real idea... need to investigate for SysECOM.
Best Regards
Click to expand...
Click to collapse
Can you suggest me what to do?
how to chech OneNAND or damaged blocks?
whats with SysECOM, you are only one who can help me now.

...and theres 7 more pages...
Click to expand...
Click to collapse
Navigate with Keys on left side... + or -
HOLD +
Otherwise you jump between 2 pages... Then check again for this request:
http://forum.xda-developers.com/showpost.php?p=41853793&postcount=12
About SysECOM.c ... you can find it in apps_compressed.bin... or Google result:
SysEcom.h from GT-S5230_S5233_S5600.zip
Code:
/*
* Samsung Handset Platform
* Copyright (c) 2000 Software Center, Samsung Electronics, Inc.
* All rights reserved.
*
* This software is the confidential and proprietary information
* of Samsung Electronics, Inc. ("Confidential Information"). You
* shall not disclose such Confidential Information and shall use
* it only in accordance with the terms of the license agreement
* you entered into with Samsung Electronics.
*/
/*:Associate with "Embedded COM" */
#ifndef _SYS_ECOM_H_
#define _SYS_ECOM_H_
#ifdef __cplusplus
extern "C" {
#endif /* __cplusplus */
#include "ShpTypes.h"
typedef UINT32 ECOMCLSID;
#define ECOM_VTBL(name) name
#define ECOM_INTERFACE(name) \
struct _##name {\
struct ECOM_VTBL(name)* pVtbl;\
};\
typedef struct ECOM_VTBL(name) ECOM_VTBL(name);\
struct ECOM_VTBL(name)
typedef BOOL (*EcomDispatch)(UINT32 action, ULONG param1, ULONG param2, void* pParam3);
#define DECLARE_EBASE() \
UINT32 (*AddRef) (void);\
UINT32 (*Release) (void);\
BOOL (*Dispatch)(UINT32 action, ULONG param1, ULONG param2, void* pParam3);
#define DECLARE_ECOM_VTBL(name) name* pVtbl##name; \
ADDR sb;
typedef struct
{
void* pClass;
ADDR sb;
} EcomType;
#define GET_ECOM_PVTBL(p, name) ((struct _##name*)p)->pVtbl
#define SysGetVtbl(compID, compName) (((T##compName*)(pDllBaseEcomFactory[compID-CID_BASE].pClass))->pVtblE##compName)
#define SysGetSb(compID) (((EcomType*)(pDllBaseEcomFactory[compID-CID_BASE].pClass))->sb)
#define INIT_ECOM_VTBL(p, name, vt) (GET_ECOM_PVTBL(p, name) = (ECOM_VTBL(name)*)&vt)
/*
* EBase Definition
*/
ECOM_INTERFACE(EBase)
{
DECLARE_EBASE()
};
#define EBaseAddRef(p) GET_ECOM_PVTBL(p, EBase)->AddRef()
#define EBaseRelease(p) GET_ECOM_PVTBL(p, EBase)->Release()
/*
* EComp Interface
*/
ECOM_INTERFACE(EComp)
{
DECLARE_EBASE()
BOOL (*Create)(EComp* pEComp, ECOMCLSID clsID, void** ppObj);
void (*Destroy)(EComp* pEComp);
};
#define ECompAddRef(p) GET_ECOM_PVTBL(p, EComp)->AddRef()
#define ECompRelease(p) GET_ECOM_PVTBL(p, EComp)->Release()
#define ECompCreate(p,id,ppo) GET_ECOM_PVTBL(p, EComp)->Create(id,ppo)
#define ECompDestroy(p) GET_ECOM_PVTBL(p, EComp)->Destroy()
typedef struct _EcomClass EcomClass;
struct _EcomClass
{
void* pData; // Private data
EcomClass* pNextObj; // Pointer to next class in the list
ECOMCLSID clsID; // Class information
};
typedef struct _EcomComp
{
DECLARE_ECOM_VTBL(EComp)
UINT32 refCount;
EcomClass* pObjList;
BOOL (*Create)(EComp* pEComp, ECOMCLSID clsID, void** ppObj);
void (*Destroy)(EComp* pEComp);
} EcomComp;
typedef struct
{
ECOMCLSID clsID;
void* pClass;
} EcomFactory;
extern EcomFactory* pDllBaseEcomFactory;
extern ADDR dllBaseSb;
#ifdef __cplusplus
}
#endif /* __cplusplus */
#endif // _SYS_ECOM_H_
Hmmm...
Is your Wave used or bought from used condition...
Is your Wave repaired or Unlocked by some magic box ?
Best Regards
Edit 1.
Google result...
http://forum.xda-developers.com/showpost.php?p=40393606&postcount=6
Here I can see 2 damaged blocks...
Btw... Check to remove your SIM Card... maybe then more then 30 minutes stable...
Edit 2.
http://forum.xda-developers.com/showpost.php?p=19496159&postcount=31
Okay, seems features of SysECOM.c wide range... Embedded COM

adfree said:
Navigate with Keys on left side... + or -
HOLD +
Otherwise you jump between 2 pages... Then check again for this request:
http://forum.xda-developers.com/showpost.php?p=41853793&postcount=12
About SysECOM.c ... you can find it in apps_compressed.bin... or Google result:
SysEcom.h from GT-S5230_S5233_S5600.zip
Code:
/*
* Samsung Handset Platform
* Copyright (c) 2000 Software Center, Samsung Electronics, Inc.
* All rights reserved.
*
* This software is the confidential and proprietary information
* of Samsung Electronics, Inc. ("Confidential Information"). You
* shall not disclose such Confidential Information and shall use
* it only in accordance with the terms of the license agreement
* you entered into with Samsung Electronics.
*/
/*:Associate with "Embedded COM" */
#ifndef _SYS_ECOM_H_
#define _SYS_ECOM_H_
#ifdef __cplusplus
extern "C" {
#endif /* __cplusplus */
#include "ShpTypes.h"
typedef UINT32 ECOMCLSID;
#define ECOM_VTBL(name) name
#define ECOM_INTERFACE(name) \
struct _##name {\
struct ECOM_VTBL(name)* pVtbl;\
};\
typedef struct ECOM_VTBL(name) ECOM_VTBL(name);\
struct ECOM_VTBL(name)
typedef BOOL (*EcomDispatch)(UINT32 action, ULONG param1, ULONG param2, void* pParam3);
#define DECLARE_EBASE() \
UINT32 (*AddRef) (void);\
UINT32 (*Release) (void);\
BOOL (*Dispatch)(UINT32 action, ULONG param1, ULONG param2, void* pParam3);
#define DECLARE_ECOM_VTBL(name) name* pVtbl##name; \
ADDR sb;
typedef struct
{
void* pClass;
ADDR sb;
} EcomType;
#define GET_ECOM_PVTBL(p, name) ((struct _##name*)p)->pVtbl
#define SysGetVtbl(compID, compName) (((T##compName*)(pDllBaseEcomFactory[compID-CID_BASE].pClass))->pVtblE##compName)
#define SysGetSb(compID) (((EcomType*)(pDllBaseEcomFactory[compID-CID_BASE].pClass))->sb)
#define INIT_ECOM_VTBL(p, name, vt) (GET_ECOM_PVTBL(p, name) = (ECOM_VTBL(name)*)&vt)
/*
* EBase Definition
*/
ECOM_INTERFACE(EBase)
{
DECLARE_EBASE()
};
#define EBaseAddRef(p) GET_ECOM_PVTBL(p, EBase)->AddRef()
#define EBaseRelease(p) GET_ECOM_PVTBL(p, EBase)->Release()
/*
* EComp Interface
*/
ECOM_INTERFACE(EComp)
{
DECLARE_EBASE()
BOOL (*Create)(EComp* pEComp, ECOMCLSID clsID, void** ppObj);
void (*Destroy)(EComp* pEComp);
};
#define ECompAddRef(p) GET_ECOM_PVTBL(p, EComp)->AddRef()
#define ECompRelease(p) GET_ECOM_PVTBL(p, EComp)->Release()
#define ECompCreate(p,id,ppo) GET_ECOM_PVTBL(p, EComp)->Create(id,ppo)
#define ECompDestroy(p) GET_ECOM_PVTBL(p, EComp)->Destroy()
typedef struct _EcomClass EcomClass;
struct _EcomClass
{
void* pData; // Private data
EcomClass* pNextObj; // Pointer to next class in the list
ECOMCLSID clsID; // Class information
};
typedef struct _EcomComp
{
DECLARE_ECOM_VTBL(EComp)
UINT32 refCount;
EcomClass* pObjList;
BOOL (*Create)(EComp* pEComp, ECOMCLSID clsID, void** ppObj);
void (*Destroy)(EComp* pEComp);
} EcomComp;
typedef struct
{
ECOMCLSID clsID;
void* pClass;
} EcomFactory;
extern EcomFactory* pDllBaseEcomFactory;
extern ADDR dllBaseSb;
#ifdef __cplusplus
}
#endif /* __cplusplus */
#endif // _SYS_ECOM_H_
Hmmm...
Is your Wave used or bought from used condition...
Is your Wave repaired or Unlocked by some magic box ?
Best Regards
Edit 1.
Google result...
http://forum.xda-developers.com/showpost.php?p=40393606&postcount=6
Here I can see 2 damaged blocks...
Btw... Check to remove your SIM Card... maybe then more then 30 minutes stable...
Edit 2.
http://forum.xda-developers.com/showpost.php?p=19496159&postcount=31
Okay, seems features of SysECOM.c wide range... Embedded COM
Click to expand...
Click to collapse
What can i do, how can i fix it?
Best Regards

Can i solve this by opening phone myself, or some software or code ( like setting low debug mode ) to fix this?
Could maybe android NaND or FnF solve this problem?
Click to expand...
Click to collapse
You can only try to identify problem... then maybe cheap solution.
Maybe it is Hardware, maybe it is Software problem...
Bluescreen message about SysECOM.c ...
I have NO idea, what exactly this means abour your Wave...
You could try to install Android...
http://forum.xda-developers.com/showthread.php?t=1851818
If it also restart/shut down... then 88,88 % Hardwaretrouble...
Again, your Wave shows damaged blocks?
Yes or no ?
Easy task.
http://forum.xda-developers.com/showpost.php?p=41853793&postcount=12
Next Bluescreen, navigate to site/page 2 and read info...
Best Regards

adfree said:
You can only try to identify problem... then maybe cheap solution.
Maybe it is Hardware, maybe it is Software problem...
Bluescreen message about SysECOM.c ...
I have NO idea, what exactly this means abour your Wave...
You could try to install Android...
http://forum.xda-developers.com/showthread.php?t=1851818
If it also restart/shut down... then 88,88 % Hardwaretrouble...
Again, your Wave shows damaged blocks?
Yes or no ?
Easy task.
http://forum.xda-developers.com/showpost.php?p=41853793&postcount=12
Next Bluescreen, navigate to site/page 2 and read info...
Best Regards
Click to expand...
Click to collapse
Again im set high debug level, and yes, i get bad block information.
Bad Block Information:
nNumBMPs: 0
nAge: 0
Run Time Bas Block Occurred:
I ni t BMPs = 2, Currect BMPs= 0
What does this mean?

What does this mean?
Click to expand...
Click to collapse
Good Question...
0 bada blocks could be 100 % perfect.
My S8500 test device with broken Display and attached with soldered wires to my RIFF JTAG Box works with some minor problems...
Not all things tested/used... because my SIM Cards are not active...
So no Calls, SMS etc...
http://forum.xda-developers.com/showpost.php?p=13582911&postcount=13
With JTAG I can see the address where the bad block is located...
Here my Thread about bad blocks...
http://forum.xda-developers.com/showthread.php?p=42030607#post42030607
Maybe if more users could check about bada blocks and problems of their Waves...
Its like defect clusters in PC world...
If your Harddisk is damaged... with bad clusters...
A.
You can try to """Low Level Format"""... but this ""dangerous""...
Risk of data loss sooon or in future is much higher...
B.
Replace HD by new one...
Same for your Wave... maybe the 2 bad blocks are ignorable...
But maybe this is one more sign, that your Hardware is not 100 % okay...
One more scenario...
I have NO idea about your country... nor about your Wave, if it is from Operator... Branding...
With Serial Number S/N under your battery you can check with Kies, which Firmware is exactly for your Wave...
Because it seems few Differences for different countries and mixed Firmware can cause in some sideeffects/problems...
http://forum.xda-developers.com/showpost.php?p=36482821&postcount=315
Check Firmware from Kies...
Best Regards

adfree said:
Good Question...
0 bada blocks could be 100 % perfect.
My S8500 test device with broken Display and attached with soldered wires to my RIFF JTAG Box works with some minor problems...
Not all things tested/used... because my SIM Cards are not active...
So no Calls, SMS etc...
http://forum.xda-developers.com/showpost.php?p=13582911&postcount=13
With JTAG I can see the address where the bad block is located...
Here my Thread about bad blocks...
http://forum.xda-developers.com/showthread.php?p=42030607#post42030607
Maybe if more users could check about bada blocks and problems of their Waves...
Its like defect clusters in PC world...
If your Harddisk is damaged... with bad clusters...
A.
You can try to """Low Level Format"""... but this ""dangerous""...
Risk of data loss sooon or in future is much higher...
B.
Replace HD by new one...
Same for your Wave... maybe the 2 bad blocks are ignorable...
But maybe this is one more sign, that your Hardware is not 100 % okay...
One more scenario...
I have NO idea about your country... nor about your Wave, if it is from Operator... Branding...
With Serial Number S/N under your battery you can check with Kies, which Firmware is exactly for your Wave...
Because it seems few Differences for different countries and mixed Firmware can cause in some sideeffects/problems...
http://forum.xda-developers.com/showpost.php?p=36482821&postcount=315
Check Firmware from Kies...
Best Regards
Click to expand...
Click to collapse
A.
How to do Low Level Format, guide?
B.
How can i replace HD by new one?
C.
My country is Bosnia And Hercegovina, not from operator, i bought it from used condition. I will try this.

Galaxy3HELL said:
A.
How to do Low Level Format, guide?
B.
How can i replace HD by new one?
C.
My country is Bosnia And Hercegovina, not from operator, i bought it from used condition. I will try this.
Click to expand...
Click to collapse
Brate,sto jednostavno ne probas android,ako i tamo zeza,onda je harver upitanju..

[ROM][UNOFFICIAL][Android 11]LineageOS 18.1 for Moto E5 Play (James)

{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Please read this entire post before attempting to install!!
This ROM is built for and tested on a moto e5 play "james" XT1921-1 (Comcast). I think it will work on the other "james" variants. If you're asking about hannah or pettyl or another e5 variant...don't. I build for my own phone, because I feel like it.
Code:
/*
* Your warranty is now void.
*
* I am not responsible for bricked devices, dead SD cards,
* thermonuclear war, or you getting fired because the alarm app failed. Please
* do some research if you have any concerns about features included in this ROM
* before flashing it! YOU are choosing to make these modifications, and if
* you get upset at me for messing up your device, I will feel bad and go away.
*
*/
LineageOS is based on the Android Open Source Project with extra contributions from many people within the Android community. It can be used without any need to have any Google application installed. Linked below is a package that has come from another Android project that restores the Google parts. LineageOS does still include various hardware-specific code, which is also slowly being open-sourced anyway.
Instructions:
Follow Instructions Carefully - installation will fail otherwise :
WARNING: There doesn't seem to be a way to back up and restore using the 64 bit TWRP (probably due to forced encryption). Your data is toast if you install this, and toast again if you mess up a later installation. YOU HAVE BEEN WARNED!
Download TWRP for james from whodat711's Lineage 17.1 thread, linked below.
fastboot boot twrp-james-bootonly.img (ONLY BOOT IT!! TOO BIG TO FLASH!)
-- then --
Wipe -> ADVANCED -- select system + vendor -> SWIPE TO WIPE
reboot bootloader
fastboot boot recovery again
-- then --
Format data, Wipe cache & dalvik-cache
Flash ROM, Gapps 11 arm64 together (Download Gapps from downloads section)
Done-Reboot Now
Wait...and wait... the first boot takes 8 minutes (with gapps).
What's working:
WiFi
Camera and Camcorder
Bluetooth
Fingerprint
GPS
Sensors
Video Playback
Audio
RIL (Calls, sms/mms, VoLTE)
SELinux: Enforcing
Known issues:
Trust complains about the build being signed with a public key. This is an unofficial build, so it is slightly less secure. The warning can be turned off in settings.
Downloads:
ROM Download
Recovery
MindTheGApps for arm64 (optional)
Reporting Bugs
I guess just post them to this thread. I probably can't help, but maybe somebody else can.
Thanks to:
@whodat711 for bringing Lineage 17.1 to james.
@JarlPenguin for maintaining the kernel, vendor, and common-device trees.
(Note: If either of you want to build 18.1 for james, I will gladly run your builds and stop posting my own.)
The LineageOS team
Changelogs:
Code:
2021-06-13:
Initial 18.1 release.
2021-07-14:
Video recording sync issue is fixed.
Fix some SELinux denials.
July security patch.
2021-08-08:
August security patch.
Remove unneeded camera libs.
2021-10-10:
October security patch.
Source code:
ROM source: http://github.com/LineageOS
Common device tree: https://github.com/musical-chairs/android_device_motorola_msm8937-common
Device tree: https://github.com/musical-chairs/android_device_motorola_james
Kernel: https://github.com/musical-chairs/android_kernel_motorola_msm8953
Vendor: https://github.com/musical-chairs/proprietary_vendor_motorola

i love you man

i can test and report bugs if you need more precise testing, just send me a pm for my telegram username

just flashed it now , everything going fine, not a bug seen

Ayoseun said:
just flashed it now , everything going fine, not a bug seen
Click to expand...
Click to collapse
Great! Thanks for the feedback.

Thanks for uploading this!

Almost 5days as a daily driver ,ROM is buttery smooth, no random reboot, no system failure , camera works 100% fine no failure whatsoever.

Good job

Hello, phone switches off when playing video from speakers, don't know if this is only me

Ayoseun said:
Hello, phone switches off when playing video from speakers, don't know if this is only me
Click to expand...
Click to collapse
What type of video are you playing? What kind of speakers (bluetooth, wired, etc)? And does it lock the screen, or does it crash and reboot?

Here I am, asking for help in my own thread...
Video camera is not using the correct clock source. Immediately on bootup, videos record properly. If the device sleeps, video will be later than audio by the sleep time. Audio plays at the beginning of the video (image is frozen), and moving video is at the end.
Logcat is showing the following error:
Code:
12-13 19:17:45.520 0 0 E [ 1.514286,1] /soc/qcom,cam_smmu/msm_cam_smmu_cb1: could not get #iommu-cells for /soc/qcom,[email protected]
12-13 19:17:45.520 0 0 E : [ 1.514895,1] CAM-SMMU cam_populate_smmu_context_banks:1586 Invalid pointer of ctx : vfe_secure rc = -517
12-13 19:17:45.520 0 0 E : [ 1.514903,1] CAM-SMMU cam_smmu_probe:1636 Error: populating context banks
12-13 19:17:45.520 0 0 W [ 1.514917,1] msm_cam_smmu: probe of soc:qcom,cam_smmu:msm_cam_smmu_cb2 failed with error -12
12-13 19:17:45.520 0 0 E [ 1.514949,1] /soc/qcom,cam_smmu/msm_cam_smmu_cb3: could not get #iommu-cells for /soc/qcom,[email protected]
12-13 19:17:45.520 0 0 E [ 1.515237,1] /soc/qcom,cam_smmu/msm_cam_smmu_cb4: could not get #iommu-cells for /soc/qcom,[email protected]
12-13 19:17:45.520 0 0 E : [ 1.516102,1] CAM-SMMU cam_populate_smmu_context_banks:1586 Invalid pointer of ctx : vfe_secure rc = -517
12-13 19:17:45.520 0 0 E : [ 1.516109,1] CAM-SMMU cam_smmu_probe:1636 Error: populating context banks
12-13 19:17:45.520 0 0 W [ 1.516121,1] msm_cam_smmu: probe of soc:qcom,cam_smmu:msm_cam_smmu_cb2 failed with error -12
12-13 19:17:45.520 0 0 E [ 1.517721,1] msm_camera_get_dt_vreg_data: 1201 number of entries is 0 or not present in dts
12-13 19:17:45.520 0 0 E [ 1.519965,1] msm_camera_get_dt_vreg_data: 1201 number of entries is 0 or not present in dts
12-13 19:17:45.520 0 0 E [ 1.520298,1] msm_camera_get_dt_vreg_data: 1201 number of entries is 0 or not present in dts
12-13 19:17:45.520 0 0 E [ 1.521149,1] msm_camera_get_dt_vreg_data: 1201 number of entries is 0 or not present in dts
12-13 19:17:45.520 0 0 E [ 1.521409,1] msm_camera_get_dt_vreg_data: 1201 number of entries is 0 or not present in dts
12-13 19:17:45.520 0 0 E [ 1.521657,1] msm_camera_get_dt_vreg_data: 1201 number of entries is 0 or not present in dts
12-13 19:17:45.520 0 0 I [ 1.522825,1] msm_actuator_platform_probe: 2088 No valid actuator GPIOs data
12-13 19:17:45.520 0 0 E : [ 1.523701,1] msm_eeprom_platform_probe failed 2192
12-13 19:17:45.520 0 0 E : [ 1.524066,1] msm_eeprom_platform_probe failed 2192
12-13 19:17:45.520 0 0 E [ 1.525104,1] msm_flash_get_pmic_source_info: 989 alternate current: read failed
12-13 19:17:45.520 0 0 E [ 1.525113,1] msm_flash_get_pmic_source_info: 1009 alternate max-current: read failed
12-13 19:17:45.520 0 0 E [ 1.525120,1] msm_flash_get_pmic_source_info: 1029 alternate duration: read failed
12-13 19:17:45.520 0 0 E [ 1.525130,1] msm_flash_get_pmic_source_info: 989 alternate current: read failed
12-13 19:17:45.520 0 0 E [ 1.525136,1] msm_flash_get_pmic_source_info: 1009 alternate max-current: read failed
12-13 19:17:45.520 0 0 E [ 1.525143,1] msm_flash_get_pmic_source_info: 1029 alternate duration: read failed
12-13 19:17:45.520 0 0 E [ 1.525155,1] msm_flash_get_pmic_source_info: 1099 alternate current: read failed
12-13 19:17:45.520 0 0 E [ 1.525162,1] msm_flash_get_pmic_source_info: 1119 alternate current: read failed
12-13 19:17:45.520 0 0 E [ 1.525172,1] msm_flash_get_pmic_source_info: 1099 alternate current: read failed
12-13 19:17:45.520 0 0 E [ 1.525178,1] msm_flash_get_pmic_source_info: 1119 alternate current: read failed
12-13 19:17:45.520 0 0 I [ 1.525186,1] msm_flash_get_dt_data: 1192 No valid flash GPIOs data
12-13 19:17:45.520 0 0 E [ 1.525192,1] msm_camera_get_dt_vreg_data: 1201 number of entries is 0 or not present in dts
12-13 19:17:45.520 0 0 E : [ 1.526443,1] adp1660 i2c_add_driver success
12-13 19:17:45.520 0 0 E : [ 1.528211,1] msm_camera_get_dt_gpio_set_tbl failed 794
12-13 19:17:45.520 0 0 E : [ 1.528527,1] msm_camera_get_dt_gpio_set_tbl failed 794
12-13 19:17:45.520 0 0 W : [ 1.531600,1] ------------[ cut here ]------------
12-13 19:17:45.520 0 0 W [ 1.531614,1] WARNING: CPU: 1 PID: 1 at /media/Data/android/LOS18/kernel/motorola/msm8953/drivers/clk/msm/clock-local2.c:234 rcg_clk_enable+0x98/0x9c()
12-13 19:17:45.520 0 0 W : [ 1.531620,1] Attempting to prepare camss_top_ahb_clk_src before setting its rate. Set the rate first!
12-13 19:17:45.520 0 0 W : [ 1.531626,1] Modules linked in:
12-13 19:17:45.520 0 0 W [ 1.531636,1] CPU: 1 PID: 1 Comm: swapper/0 Not tainted 3.18.140-perf-g7dcd956f3beb #2
12-13 19:17:45.520 0 0 W : [ 1.531641,1] Hardware name: james (DT)
12-13 19:17:45.520 0 0 F : [ 1.531646,1] Call trace:
12-13 19:17:45.520 0 0 W : [ 1.531655,1] [<ffffffc00008b8fc>] dump_backtrace+0x0/0x2d0
12-13 19:17:45.520 0 0 W : [ 1.531662,1] [<ffffffc00008b8f4>] show_stack+0x14/0x1c
12-13 19:17:45.520 0 0 W : [ 1.531670,1] [<ffffffc00039f7e8>] dump_stack+0xac/0xe4
12-13 19:17:45.520 0 0 W : [ 1.531678,1] [<ffffffc0000aa15c>] warn_slowpath_common+0xa0/0xe4
12-13 19:17:45.520 0 0 W : [ 1.531685,1] [<ffffffc0000aa098>] warn_slowpath_fmt+0x50/0x74
12-13 19:17:45.520 0 0 W : [ 1.531692,1] [<ffffffc000ac3590>] rcg_clk_enable+0x98/0x9c
12-13 19:17:45.520 0 0 W : [ 1.531699,1] [<ffffffc000ac0284>] clk_enable+0x180/0x1bc
12-13 19:17:45.520 0 0 W : [ 1.531706,1] [<ffffffc000ac019c>] clk_enable+0x98/0x1bc
12-13 19:17:45.520 0 0 W : [ 1.531715,1] [<ffffffc0008723f4>] msm_camera_clk_enable+0xd4/0x238
12-13 19:17:45.520 0 0 W : [ 1.531722,1] [<ffffffc00089c000>] cpp_init_hardware+0x7c/0x4bc
12-13 19:17:45.520 0 0 W : [ 1.531729,1] [<ffffffc00089bae8>] cpp_probe+0x318/0x670
12-13 19:17:45.520 0 0 W : [ 1.531737,1] [<ffffffc0005c73f4>] platform_drv_probe+0x3c/0x88
12-13 19:17:45.520 0 0 W : [ 1.531744,1] [<ffffffc0005c4f7c>] driver_probe_device+0xc8/0x1f8
12-13 19:17:45.520 0 0 W : [ 1.531750,1] [<ffffffc0005c52b8>] __driver_attach+0x64/0x90
12-13 19:17:45.520 0 0 W : [ 1.531759,1] [<ffffffc0005c34dc>] bus_for_each_dev+0x80/0xc8
12-13 19:17:45.520 0 0 W : [ 1.531765,1] [<ffffffc0005c524c>] driver_attach+0x20/0x28
12-13 19:17:45.520 0 0 W : [ 1.531772,1] [<ffffffc0005c3c8c>] bus_add_driver+0x118/0x1e0
12-13 19:17:45.520 0 0 W : [ 1.531778,1] [<ffffffc0005c6074>] driver_register+0x8c/0xd8
12-13 19:17:45.520 0 0 W : [ 1.531785,1] [<ffffffc0005c73b0>] __platform_driver_register+0x5c/0x64
12-13 19:17:45.520 0 0 W : [ 1.531793,1] [<ffffffc0014f9610>] msm_cpp_init_module+0x18/0x20
12-13 19:17:45.520 0 0 W : [ 1.531800,1] [<ffffffc000082b78>] do_one_initcall+0xd8/0x1b0
12-13 19:17:45.520 0 0 W : [ 1.531808,1] [<ffffffc0014b7bc0>] kernel_init_freeable+0x144/0x1d4
12-13 19:17:45.520 0 0 W : [ 1.531816,1] [<ffffffc000de2c64>] kernel_init+0x10/0x124
12-13 19:17:45.520 0 0 W : [ 1.531840,1] ---[ end trace 3c7185295746ec5f ]---
I appreciate any help or suggestions anyone can give me!

Hi musical_chairs,
first thank you for this custom ROM.
It's working fine except :
-the videorecorder (same issue you have sound first image at the end)
-GPS not working
I have xt1921-1, just flashed the rom (no gapps and no root).
Will post the logcat for GPS soon.

Gps now working after installing F-droid and installing Location map viewer.

GPS works on Rom for me

Does Gps find your current location on this website? www.viamichelin.com

Thanks musical_chair for making this ROM. I am trying to build it on my own but it seems that I am hitting a wall.
First here is my .repo/local_manifests/roomservice.xml: (let me know if I am missing anything, I suspect that this is the root of my issues)
Code:
<?xml version="1.0" encoding="UTF-8"?>
<manifest>
<project path="device/motorola/james" remote="github" name="musical-chairs/android_device_motorola_james" />
<project path="device/motorola/msm8937-common" remote="github" name="musical-chairs/android_device_motorola_msm8937-common" />
<project path="kernel/motorola/msm8953" remote="github" name="musical-chairs/android_kernel_motorola_msm8953" />
<project path="vendor/motorola" remote="github" name="musical-chairs/proprietary_vendor_motorola" revision="lineage-18.1-james"/>
</manifest>
The issue is that whenever I run james/extract-files.sh I am getting:
Code:
$DEVICE must be set before including this script!
Spoiler: wrong
I added echo "$1" to extract-utils.sh and it is really blank, and removed all if blocks in msm8937-common/extract-files.sh that dont have setup_vendor "${DEVICE}", and I could not figure out where is it getting called from.
it is happening because "${BOARD_COMMON}" is blank, where is it supposed to be setup?
any help from your side would be greatly appreciated.
Update:
if I set BOARD_COMMON=msm8937-common [same as in hannah-common] the scripts starts pulling alot of files from lib64, which don't exit in a 32 bit device. This is telling me that BOARD_COMMON is supposed to be blank, but if that is the case, then why is the script always failing?
Update2: so I decided to build lineage os 17.1 for james from @whodat711 and it completed successfully. It is most likely that some of the paths in my manifest are wrong/not compatible with each other.

m3dteam said:
The issue is that whenever I run james/extract-files.sh I am getting:
Code:
$DEVICE must be set before including this script!
Click to expand...
Click to collapse
It's probably happening because I haven't given extract-files.sh any attention; I'm not used to working that way - I just build from the vendor tree. So something is probably messed up there. I just lunch and make bacon.
You'll want to switch the vendor tree to the lineage-18.1-james2 branch as I did my best to unify my vendor tree to JarlPenguin's, to keep it in sync with his device tree. I don't think the build will boot without doing that.
I have some updates to push as soon as I get a chance. I fixed the error I posted earlier, also fixed some camera-related SELinux denials. Unfortunately, video record sync is still borked. Once I get a few minutes to clean everything up, I'll push my latest changes to github and then try to get a new build up.

Ok, so I can just do the following:
Code:
repo init -u https://github.com/LineageOS/android.git -b lineage-18.1
repo sync
croot
lunch james-userdebug
make bacon
And that should be enough to build the rom, right?
Also, how did you make the vendor tree (in case if I have a different device )? did you just copy everything from /vendor/ & /system/ from your stock phone?
oh, also, this the mainfist you used, right?
Code:
<manifest>
<project path="device/motorola/james" remote="github" name="musical-chairs/android_device_motorola_james" />
<project path="device/motorola/msm8937-common" remote="github" name="musical-chairs/android_device_motorola_msm8937-common" />
<project path="kernel/motorola/msm8953" remote="github" name="musical-chairs/android_kernel_motorola_msm8953" />
<project path="vendor/motorola" remote="github" name="musical-chairs/proprietary_vendor_motorola" revision="lineage-18.1-james2"/>
</manifest>
Many thanks for your help, this is my first build.

m3dteam said:
Ok, so I can just do the following:
Code:
repo init -u https://github.com/LineageOS/android.git -b lineage-18.1
repo sync
croot
lunch james-userdebug
make bacon
And that should be enough to build the rom, right?
Click to expand...
Click to collapse
Something like that. I do
Code:
source build/envsetup.sh
instead of croot, but maybe my way is outdated.
m3dteam said:
Also, how did you make the vendor tree (in case if I have a different device )? did you just copy everything from /vendor/ & /system/ from your stock phone?
Click to expand...
Click to collapse
I fork other people's vendor trees and use them as a base. For james, I used https://github.com/moto-msm8937/proprietary_vendor_motorola and https://github.com/HyperTeam/proprietary_vendor_motorola. I've never tried to start from scratch on a new device. I'm not quite on that level.
m3dteam said:
oh, also, this the mainfist you used, right?
Code:
<manifest>
<project path="device/motorola/james" remote="github" name="musical-chairs/android_device_motorola_james" />
<project path="device/motorola/msm8937-common" remote="github" name="musical-chairs/android_device_motorola_msm8937-common" />
<project path="kernel/motorola/msm8953" remote="github" name="musical-chairs/android_kernel_motorola_msm8953" />
<project path="vendor/motorola" remote="github" name="musical-chairs/proprietary_vendor_motorola" revision="lineage-18.1-james2"/>
</manifest>
Many thanks for your help, this is my first build.
Click to expand...
Click to collapse
Yup, that's what I'm working with. I believe I had to add
Code:
<!--Dependencies-->
<project path="external/bson" name="LineageOS/android_external_bson" />
<project path="system/qcom" name="LineageOS/android_system_qcom" />
to get it to build successfully.
You're welcome! Hopefully it is a pleasant learning experience for you!

Many thanks, I will update the manifest, use your method and report back.
Also, I noticed that @whodat711 used msm8937 kernel while you are using msm8953? I am guessing it is because 17.1 vs 18.1

[THEAD ARCHIVED]

UPDATE: I am marking this thread as archived as the original purpose of it was fulfilled.

That's not how emtoken works haha. Each token is always unique based on the DID. There's no such thing as a token that works for every single device of one certain model, let alone one token file that works for ANY model

iBowToAndroid said:
That's not how emtoken works haha. Each token is always unique based on the DID. There's no such thing as a token that works for every single device of one certain model, let alone one token file that works for ANY model
Click to expand...
Click to collapse
You misunderstand. I know there's no such thing as a global emtoken. I wanted a valid emtoken for an random DID. I didn't need one for any specific phone.
It was for research. I found what i needed anyway.

iBowToAndroid said:
That's not how emtoken works haha. Each token is always unique based on the DID. There's no such thing as a token that works for every single device of one certain model, let alone one token file that works for ANY model
Click to expand...
Click to collapse
Dear iBowToAndroid,
I am badly need a Samsung certificate (Dev CA/Root CA) to sign the steady.bin file, let me know if it's available somewhere...
Regards,
xe

_guru_ said:
You misunderstand. I know there's no such thing as a global emtoken. I wanted a valid emtoken for an random DID. I didn't need one for any specific phone.
It was for research. I found what i needed anyway.
Click to expand...
Click to collapse
tokens.zip
drive.google.com

kalexander7 said:
tokens.zip
drive.google.com
Click to expand...
Click to collapse
Thank you!

kalexander7 said:
tokens.zip
drive.google.com
Click to expand...
Click to collapse
This is for whixh device's and which bit?

Maybe somebody can help me... work together.
A
On GW4 it seems "possible" by accident/luckypunch to reach Allow FAC...
Device is Android 11... User told some fail on FOTA update and maybe Bootloader unlocked...
See Photo... DID removed with Paint...
B
Few stupid tests with parts of Combination Firmware... after patched vbmeta and Root via Magisk...
I am able to use boot.img and recovery.img by simple text edit:
instead fac... I change to mrk...
Tested only on SM-R870... GW4...
C
My steady.bin looks "weired"... no idea if because Knox 1...
I am scared to erase it... for stupid tests...
D
I am at the moment not smart enough to disable Security check in vbmeta_system.img
To play with super.img
Only as info.
And thanx for steady examples.
I was only able to see this Youtube Video before:
Only as info.
Best Regards
Edit 1.
My dumped steady.bin is 4 MB and contain 32 Byte bla bla... for MD5 first 00 seems wrong...
And human readable I see:
DEL
Maybe DELeted?
I have nothing to compare yet...

Short looked into token examples...
I see cer Cert... at end of file... so public key is visible inside...
Model Name is human readable in Cert...
SM-G960F1
Its "only" RSA 2048...
No idea if meanwhile somebody can compute this at home...
All 6 steady are from SM-G960... no idea why first 1 shorter in length...
And funny... I see DASEUL...
Boah so long ago I had this Tool...
Best Regards
Edit 1.
Example attached... if you know Cert *.cer begins with:
3082 HEX
You can find in these steady.bin...
I saw 1 Base64 encoded crap... could be MD5 from lengths... 32 Byte...

Meanwhile I have my second GW4 rooted. SM-R875F...
So I was able to compare steady.bin... dumped via ADB
Text String DEL is same...
32 Byte Block differ...
Hmmm...
No idea how this Steady looks before Root... before Knox 1...
Also no idea what happens if I erase steady or write steady.bin via Odin...
Best Regards

Aha...
Code:
#define EM_MAGIC_TOKEN "TOKE"
#define EM_MAGIC_TOKEN_VALIDATE "VALI"
#define EM_MAGIC_TOKEN_MODE "MODE"
#define EM_MAGIC_TOKEN_ISSUER "ISSU"
#define EM_MAGIC_TOKEN_DEVICE "DEVI"
#define EM_MAGIC_TOKEN_INTEGRITY "INTE"
#define EM_MAGIC_TOKEN_MODB "MODB"
#define EM_MAGIC_HEADER_PREFIX "ENG"
#define EM_MAGIC_HEADER_TYPE_REQ "REQ"
#define EM_MAGIC_HEADER_TYPE_TRQ "TRQ"
#define EM_MAGIC_HEADER_TYPE_RES "RES"
#define EM_MAGIC_HEADER_TYPE_ACK "ACK"
#define EM_MAGIC_HEADER_TYPE_ERR "ERR"
#define EM_MAGIC_LTS_INSTALLED "INS"
#define EM_MAGIC_LTS_DELETED "DEL"
#define EM_MAGIC_LTS_BROKEN "BRK"
#define EM_MAGIC_LTS_EXPIRED "EXP"
#define EM_MAGIC_LTS_UNKNOWN "UKN"
#define EM_MAGIC_OK "OK"
#define EM_MAGIC_NOK "NOK"
#define EM_MAGIC_USER_FUSE "11"
#define EM_MAGIC_GET_MODE_TOKENINZER ","
#define EM_MAGIC_GET_MODE_FROM_TOKEN "TOK"
#define EM_MAGIC_GET_MODE_FROM_DEV "DEV"
#define EM_MAGIC_GET_MODE_NO_TOKEN "NO_TOKEN"
Some changelog...
Code:
* Version history.
*
* 30.0.0 - (20.08.25) [SWD] Initial commit(Support R OS)
* 30.0.1 - (20.08.26) [SWD] Fix check provisioning return value
* Add logic about checking core all zero
* 30.0.2 - (20.08.31) [SWD] Fix return value of rpmb read function (Qualcomm)
* 30.0.3 - (20.08.31) [SWD] Recovery error because parameter of making key function isn't normal
* 30.0.4 - (20.08.31) [SWD] Add 'System' permission for Qualcomm
* 30.0.5 - (20.09.02) [SWD] If esi isn't updated, return success without flag
* 30.0.6 - (20.09.07) [SWD] Error value is duplicated
* 30.0.7 - (20.09.07) [SWD] Add flag for recovery esi
* 30.0.8 - (20.09.08) [SWD] Fixed logic coverting 'string UID' to 'integer UID'
* 30.0.9 - (20.09.09) [SWD] Add missing file for 30.0.7
* 30.0.10 - (20.09.16) [SWD] Enable kernel log for qualcomm
* 30.0.11 - (20.09.28) [SWD] Change sign_run_type of engmode TA
* 30.0.12 - (20.10.19) [SWD] Add condition for esi remove
* 30.0.13 - (20.10.20) [SWD] Add kernel log for debugging
* 30.0.14 - (20.10.20) [SWD] 1. Add logic to restore ESI using recovery counter in BL.
* 2. Change to sharing state only from emservice
* 3. Add logic to change DID
* 4. prevent issue
* 5. bootloader build error
* 30.0.15 - (20.10.20) [SWD] Fix return value of get modes bit function (if mode is more than 32, incorrect value is returned)
* 30.0.16 - (20.10.20) [SWD] DID of ESI isn't updated when DID is updated in BL
* 30.0.17 - (20.10.21) [SWD] Support AT+ENGMODES=0,0,3,0 (Delete token - offline)
* 30.0.18 - (20.10.21) [SWD] 1. Prevent issue
* 2. issue : token id is mismatched when fac token is installed
* 3. token isn't recognized when the DID is changed via em get modes bit
* 30.0.19 - (20.10.23) [SWD] Support init core
* 30.0.20 - (20.10.23) [SWD] 1. Apply EM TSTATE property
* 2. incorrect Get modes bit value
* 30.0.21 - (20.10.23) [SWD] Prevent issue(critical)
* 30.0.22 - (20.10.26) [SWD] Prevent issue(major)
* 30.0.23 - (20.11.02) [SWD] Re-arrange codes for LSI LK
* 30.0.24 - (20.11.02) [SWD] prevent issue (BL)
* 30.0.25 - (20.11.02) [SWD] Fixed build error on R-OS QC projects
* 30.0.26 - (20.11.02) [SWD] To prevent integer overflow when parsing token information
* 30.0.27 - (20.11.02) [SWD] Change the context for parameters of all commands
* 30.0.28 - (20.11.03) [SWD] Modify code by LSI LK checkpatch rule
* 30.0.29 - (20.11.03) [SWD] Kinibi TA porting(9810)
* 30.0.30 - (20.11.04) [SWD] For prevent overflow
* 30.0.31 - (20.11.04) [SWD] Add missing files for 30.0.30
* 30.0.32 - (20.11.04) [SWD] Reduce unnecessary writing esi
* (When tuc table isn't updated, em data(esi, core) won't be updated)
* 30.0.33 - (20.11.04) [SWD] prevent issue (BL)
* 30.0.34 - (20.11.05) [SWD] Add new command to FILE type token names of installed token.
* 30.0.35 - (20.11.05) [SWD] Add new command to get infomation of token
* 30.0.36 - (20.11.09) [SWD] Add the debugging log for BL
* 30.0.37 - (20.11.10) [SWD] Set dafult model and issuer whitin EM_CMD_GET_INFO's response
* 30.0.38 - (20.11.10) [SWD] prevent issue (BL)
* 30.0.39 - (20.11.10) [SWD] Fix checkpatch issue (LSI BL)
* 30.0.40 - (20.11.10) [SWD] Change the error value of the ESS command
* 30.0.41 - (20.11.11) [SWD] Delete unuse define value
* 30.1.00 - (20.11.11) [SWD] Write em core after all operations are done
* 30.2.00 - (20.11.11) [SWD] Fixed recovery error when RPMB is not provisioned
* 30.2.01 - (20.11.13) [SWD] Fixed checkpatch issue (LSI BL)
* Fixed some bugs on bootloader
* 30.2.02 - (20.11.16) [SWD] Not set esi version on em_token_get_status
* 30.2.03 - (20.11.16) [SWD] If server tuc == 0 && this mode isn't related to tuc,
* then application can't recognized tuc of this mode
* 30.2.04 - (20.11.17) [SWD] Memory leak when free esi item
* 30.2.05 - (20.11.17) [SWD] Not set RETURN_TOKEN_REMOVE flag when parsing token is failed
* 30.2.06 - (20.11.17) [SWD] Fix low/major prevent issue
* 30.3.00 - (20.11.19) [SWD] 1. Added local variable to pass paremeter for LSI BL
* 2. Not check TUC if NO_COUNT flag is set (bug fix)
* 3. Add EM_TYPE_ESI_ITEM_RECOVERY_COUNTER_BL for recovering ESI by BL
* 4. Delete the logic clearing IIN in the ESI from the SHARED status (bug fix)
* 5. Increase size of buffer of priority date (9 -> 26)
* 30.3.01 - (20.11.19) [SWD] 1. Fix checkpath issue(LSI BL)
* 2. Not set RETURN_TOKEN_REMOVE flag setting or getting expiry date without token
* 30.3.02 - (20.11.20) [SWD] Enable engmode TA for MTK
* 30.3.03 - (20.11.24) [SWD] Changed correct LTI type for recoverying ESI
* 30.3.04 - (20.11.24) [SWD] ADD ESI meta check logic
* 30.3.05 - (20.11.25) [SWD] Support lsec tok feature
* 30.3.06 - (20.11.25) [SWD] Add LTS flag logic for BL
* 30.3.07 - (20.11.25) [SWD] Change to MTK RPMB USER ID (9->10)
* 30.3.08 - (20.11.30) [SWD] Update RPMB static lib for MTK
* 30.3.09 - (20.12.02) [SWD] Arrange the code
* 30.3.10 - (20.12.02) [SWD] Add log for analysis
* 30.3.11 - (20.12.07) [SWD] MTK patch(Change to rpmb static lib)
* 30.3.12 - (20.12.08) [SWD] MTK patch(Change to rpmb static lib)
* 30.3.13 - (20.12.08) [SWD] MTK patch(Change to rpmb static lib)
* 30.3.14 - (20.12.15) [SWD] MTK patch(Add to rpmb static lib for A32 LTE)
* 30.3.15 - (20.12.23) [SWD] Store core data backup on RPMB
* 30.4.00 - (21.01.06) [SWD] Refactoring codes (Remove alignment(1) of the structure)
* 30.4.01 - (21.01.08) [SWD] Add the core init flag
* 30.4.02 - (21.01.13) [SWD] 1. Add the shared esi counter item in ESI
* 2. Add init flag in core if init flag isn't set in core
* 30.5.00 - (21.01.13) [SWD] Enhanced EM Token Certificate Validation
* 30.5.01 - (21.01.15) [SWD] Enhanced EM Token Certificate Validation-2
* 30.5.02 - (21.01.18) [SWD] stack buffer overflow when printing char array without '\0'
* 30.5.03 - (21.01.18) [SWD] EM ta porting for BSP build chipset(SDM670)
* 30.5.04 - (21.02.05) [SWD] 1. Add new error code for Teegris RPMB driver unavailable (since Teegris 4.2)
* 2. Add sync count to improve debugging
* 30.5.05 - (21.03.17) [SWD] Fixed the wrong response for no token device
* 30.6.00 - (21.04.13) [SWD/DAEMON] Increase buffer max size for ENGMODES command (10K -> 50K)
* 30.6.01 - (21.04.23) [SWD] Move em_client_manager to common code
* 30.6.02 - (21.06.01) [SWD] Apply common scrypto lib of confidential (CL#21865329)
* 30.6.03 - (21.06.01) [SWD(QSEE)] Add linkflag for deterministic QSEE TA build
* 30.8.00 - (21.06.08) [SWD/DAEMON] Support EM lite (Disable em core & esi)
* 30.8.01 - (21.06.09) [SWD] Update did compare logic

More DASEUL "hints"...
Bootloader unlock GALAXY A13 5G
Greetings, I'm really frustrated trying different methods online to show the hidden "OEM unlock" in developers menu, but without avail. Anyone can help to root this mobile? VERSION: AP: A136WVLU1AUK9 CP: A136WVLU1AUK9 CSC: A136WOYV1AUK9 MODEL...
forum.xda-developers.com
hello guys. i have an mkopa samsung galaxy a13, -current binary Samsung official -KG state Active (01) -OEM lock On(L) -Eng mode Factory bin allowed (DASEUL) -Eng mode Atcmd allowed(DASEUL).............is it possible to flash its software....?????????? bootloader also locked
Click to expand...
Click to collapse
7 yearS old example how Tool DASEUL looks like...

adfree said:
Meanwhile I have my second GW4 rooted. SM-R875F...
So I was able to compare steady.bin... dumped via ADB
Text String DEL is same...
32 Byte Block differ...
Hmmm...
No idea how this Steady looks before Root... before Knox 1...
Also no idea what happens if I erase steady or write steady.bin via Odin...
Best Regards
Click to expand...
Click to collapse
i read steady partition before writing etoken via jtag.
its empty.
Model S21

I have just for fun used for other DID eToken with my SM-R875F ... USB cable + Odin...
Code:
<ID:0/004> Added!!
<ID:0/004> Odin engine v(ID:3.1401)..
<ID:0/004> File analysis..
<ID:0/004> Total Binary size: 0 M
<ID:0/004> SetupConnection..
<ID:0/004> Initialzation..
<ID:0/004> Get PIT for mapping..
<ID:0/004> Firmware update start..
<ID:0/004> NAND Write Start!!
<ID:0/004> SingleDownload.
<ID:0/004> steady.bin
<ID:0/004> RQT_CLOSE !!
<ID:0/004>
<ID:0/004> Complete(Write) operation failed.
<OSM> All threads completed. (succeed 0 / failed 1)
On SM-R875F I see this text:
DOWNLOADING TOKEN...
Failed to install : (0xf....)
bl_install_token error
After holding few seconds both Keys... I am in Upload Mode... becuae I set before Debug to HIGH...
Now dumping files with RDX and later will check if steady.bin I know changed...
Or only used to write data to RPMB partition...
For now I hope this was good idea....
Best Regards

Tried other steady from this thread...
Code:
#define EM_ERR_EM_CRYPTO_GET_SUBJECT_LEN 0xF01B0013
I tried this:
200412335F326711_MODE_ENG_KERNEL,MODE_CUSTOM_KERNEL,MODE_FACTORY_BIN.tar
So sboot spit Error Codes... which I can find...
Interesting.
At the moment my SM-R875F still alive...
steady partition not changed... 1:1 same like before stupid attempts...
Best Regards

Few stupid attempts later...
netOdin not work for me with SM-R875F...
Code:
<ID:0/001> 192.168.49.1
<ID:0/001> Odin engine v(ID:1.0000)..
<ID:0/001> File analysis..
<ID:0/001> SetupConnection..
<ID:0/001> Initialzation..
<ID:0/001> Get PIT for mapping..
<ID:0/001> Get PIT Transmission
<ID:0/001> Firmware update start..
<ID:0/001> SingleDownload.
<ID:0/001> steady.bin
<ID:0/001> __XmitData_Write
<ID:0/001> XmitData
<ID:0/001> Complete(Write) operation failed.
<ID:0/001> Removed!!
<OSM> All threads completed. (succeed 0 / failed 1)
<ID:0/001> 192.168.49.1
Strange... with Original Filenames like:
Code:
200412335F326711_MODE_ENG_KERNEL,MODE_CUSTOM_KERNEL,MODE_FACTORY_BIN.tar
netOdin crashes... if I rename I can try...
netOdin nothing shows on SM-R875F... like I saw with cable and Odin...
So I tried to "erase" steady partition... just for fun...
Code:
D:\Android\ADBnew>adb push steady_empty00_v1.bin /sdcard
steady_empty00_v1.bin: 1 file pushed, 0 skipped. 136.4 MB/s (4194304 bytes in 0.029s)
D:\Android\ADBnew>adb shell
freshul:/ $ su
freshul:/ # dd if=/sdcard/steady_empty00_v1.bin of=/dev/block/mmcblk0p3
8192+0 records in
8192+0 records out
4194304 bytes (4.0 M) copied, 1.625481 s, 2.4 M/s
freshul:/ # dd if=/dev/block/mmcblk0p3 of=/sdcard/steady_dump2.bin
8192+0 records in
8192+0 records out
4194304 bytes (4.0 M) copied, 0.138186 s, 29 M/s
freshul:/ # exit
freshul:/ $ exit
D:\Android\ADBnew>adb pull /sdcard/steady_dump2.bin .\etoken
/sdcard/steady_dump2.bin: 1 file pulled, 0 skipped. 1.2 MB/s (4194304 bytes in 3.208s)
D:\Android\ADBnew>adb shell
freshul:/ $ su
freshul:/ # reboot
D:\Android\ADBnew>adb shell
freshul:/ $ su
freshul:/ # dd if=/dev/block/mmcblk0p3 of=/sdcard/steady_dump3.bin
8192+0 records in
8192+0 records out
4194304 bytes (4.0 M) copied, 0.193254 s, 21 M/s
freshul:/ # exit
freshul:/ $ exit
D:\Android\ADBnew>adb pull /sdcard/steady_dump3.bin .\etoken
/sdcard/steady_dump3.bin: 1 file pulled, 0 skipped. 2.1 MB/s (4194304 bytes in 1.918s)
SM-R875F still allive... I can not see sideeffects... steady still empty... all 00 Zeros...
Now I have setup with Phone...
Will check if steady still untouched...
Best Regards

New day... new stupid attempt...
Code:
freshul:/ # dd if=/dev/block/mmcblk0p3 of=/sdcard/steady_dump.bin
8192+0 records in
8192+0 records out
4194304 bytes (4.0 M) copied, 0.138186 s, 29 M/s
From this dd dump I made steady,bin TAR and flashed with USB cable + Odin...
Code:
<ID:0/004> Added!!
<ID:0/004> Odin engine v(ID:3.1401)..
<ID:0/004> File analysis..
<ID:0/004> Total Binary size: 4 M
<ID:0/004> SetupConnection..
<ID:0/004> Initialzation..
<ID:0/004> Get PIT for mapping..
<ID:0/004> Firmware update start..
<ID:0/004> NAND Write Start!!
<ID:0/004> SingleDownload.
<ID:0/004> steady.bin
<ID:0/004> RQT_CLOSE !!
<ID:0/004>
<ID:0/004> Complete(Write) operation failed.
<OSM> All threads completed. (succeed 0 / failed 1)
On the SM-R875F I see this:
Code:
TOKEN size is too big 4194304
4194304 seems exact filesize...
If we search in So.rce... for steady.bin... I can only find 1 file...
Code:
#endif
}
}
if (!strcmp(ppi->filename, "steady.bin")) {
if (filesize > EM_LEN_TOKEN) {
lpr_err_dual("TOKEN size is too big %ld\n", filesize);
decon_string_update();
mdelay(1000);
return DN_FAIL_TOKEN_SIZE_BIG;
}
}
#endif
Text String I can find in sboot.bin from SM-R875F...
So 4 MB is too big for steady...
Steady examples from here are much smaller...
Will Check if Steady is 1 MB or less...
Only for my tiny brain...
Best Regards
Edit 1.
Few stupid Flash attempts later... reserved space for steady seems between 64 KB and 100 KB...
My last attempt with 65536 Byte... maybe this is allready maximum...
Too lazy to check again with + 1
Edit 2.
Max. steady size is between 69 KB and 70 KB...
Edit 3.
69999 Byte is still too big...

For SM-R875F maximum steady.bin size is:
69632 Bytes
For my tiny brain... 0x10FFF

Now trying to understand the Cert/RSA part...
Strange A
2 Certs found... but they are the same...
So only 1 Cert...
Strange B
It seems this RSA 2048 is used for few different Models...
So human readable text string SM-G960F inside steady.bin NOT tell us from which device taken...
I have now the 256 Byte Signature... IMHO
And from Cert I can take Public Key...
For now I have 270 Byte... I have to cut the ASN part and Modulus blabla...
For me it is few years ago... to play with RSA 2048...
More then 10 years since EF81, SXG75... BREW...
Best Regards
Edit 1.
270 Byte Copy and Paste from Cert - 9 Byte ASN Header...
Code:
3082010A0282010100
= 261 Byte...
- last 5 Byte
Code:
0203010001
Here IMHO Modulus inside... Little Endian...
So I have the 256 Byte public key... to decrypt 256 Sig... IMHO
Edit 2.
Looks like no additonal data info inside Signature... only the 32 Byte SHA256...
Sorry for mixed Modulus Exponent blabla... it is really long time ago...

Now need some time to find the part what is exactly signed with SHA256...
I will try before text string INTE...
Code:
#define EM_MAGIC_TOKEN_INTEGRITY "INTE"