Related
I've tried cooking a new WM2003 ROM several times with some software add-ons selected, but when i reflash it to my SX56, its not there.
This is what I selected on http://lumpistefan.dyndns.org:
WM 2003 Final
A.30.09 ENG Siemens
No AutoConfig data
Add software and modify ROM
create 'System Tools' subfolder under 'Programs'
Notification Clear Fix
Frequency Tuner
Olive Tree BibleReader
Olivers ActionPack
Peters GameBox
Today Screen
Windows Mobile Southpark
Lock all keys except power button while off
Remove 'stk.lnk' from Startup folder
zipped NK.nb1 (SD-card flashing)
I attached the log (if you think it might help).
Any ideas? Am I missing a step somewhere?
I even tried downgrading to PPC2002 first, but that didn't make a difference. Do I need to go back and add other software afterwards? If so, where can I get other software?
Any help is appreciated.
Thanks,
Kyle Chenier
kylechenier-at-hotmail-com
Hmm. it worked for me...
Getting following log:
Code:
write xip block starting at 81720000, with 7 files
write xip block starting at 81bc0000, with 13 files
write xip block starting at 80160000, with 3 files
write xip block starting at 80650000, with 3 files
write xip block starting at 81030000, with 6 files
this rom seems to be A.30.09 ENG 2004-01-01 Siemens WM2003
this bootloader seems to be V5.22 2003-05-15 17:46:55
no operator rom found
80000000 - 80040000 -- bootloader 0 files 1 modules
80040000 - 8015e640 9 XIPKERNEL 5 files 5 modules
80160000 - 8017fe30 12 XDA_DEVELOPERS3 3 files 0 modules
80180000 - 80375f08 8 KERNEL 11 files 14 modules
80380000 - 8064b430 7 OS 20 files 36 modules
80650000 - 8066fdec 13 XDA_DEVELOPERS4 3 files 0 modules
80670000 - 80be4348 6 SHELL 107 files 88 modules
80c00000 - 8102fea4 5 BROWSING 11 files 36 modules
81030000 - 8104ffc0 14 XDA_DEVELOPERS5 6 files 0 modules
81050000 - 813f0cac 4 COREAPPS 95 files 44 modules
81400000 - 815d3090 3 EXAPPS 34 files 7 modules
815f0000 - 8171cdc0 2 PHONE 57 files 19 modules
81720000 - 8177ffbc 10 XDA_DEVELOPERS1 7 files 0 modules
81780000 - 817823e4 -- xip chain 14 xip entries
817c0000 - 81bbb518 1 MISC 136 files 42 modules
81bc0000 - 81c87004 11 XDA_DEVELOPERS2 13 files 0 modules
81ec0000 - 81ee5800 -- bitmap : ffffffff .. ffffffff
adding: NK.nb1 (deflated 45%)
Try this ROM:
ftp://xda:[email protected]/Uploads/NK.nb1.zip
Stefan
Stefan,
I managed to add the software after flashing the ROM (except the games). After I resync everything to my desktop, I'll try that one.
Thanks for your help!
Kyle
I upgraded my XDA Exec with the new ROM 1.30.162 WWE and Activesync 4.1 but each time I sync, I get a "bad_pool_header" error on a blue background which crashes my machine.
I installed Activesync 4.1 on another laptop to check if this problem was due to drivers etc on my main laptop, and discovered that the device syncs with no problems. There is, therefore, a conflict between the new Activesync 4.1 or the new ROM, and something on my main laptop.
Has anyone come across this problem?
Thanks
The problem is definitely on your PC. Reinstall motherboard drivers, reflash bios, remove antivirus, reinstall windows, etc.
Thanks - pretty drastic...!
Is there a short cut? ie reinstalling drivers one by one? If so, which are likely to be the main culprits? Motherboard? Broadband modem? etc
The error code after reboot of the laptop is:
BC code 19 BCP1:00000020 BCP2: 89A76000 BCP3: 89A766C0 BCP4: 0AD8000
OS Ver 5_1_2600 SP: 2_0 Product 256_1
\WER22c7.dir00\Mini052506-06.dmp
\WER22c7.dir00\sysdata.xml
Does this reveal anything that could explain which driver?
Thanks
10860 said:
Does this reveal anything that could explain which driver?
Click to expand...
Click to collapse
no.
You should create a complete crash dump, and use microsoft debugging tools to find faulting driver. Or better reinstall windows.
I looked at the minidump file and used MS debugger, the readout is below. I am not sure if I did the debugging ok, or how to interpret it. Anything useful in the readout?
Thanks
Loading Dump File [C:\Mini052406-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: C:\WINDOWS\Symbols
Executable search path is:
Unable to load image ntoskrnl.exe, Win32 error 2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
Windows XP Kernel Version 2600 (Service Pack 2) UP Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055a420
Debug session time: Wed May 24 20:25:34.038 2006 (GMT+1)
System Uptime: 0 days 0:52:32.633
Unable to load image ntoskrnl.exe, Win32 error 2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
Loading Kernel Symbols
.......................................................................................................................................................................................................
Loading User Symbols
Loading unloaded module list
.................................
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 19, {20, 88187000, 881876c0, ad80000}
Probably caused by : Unknown_Image ( nt!KeBugCheck2+4d4 )
Followup: MachineOwner
---------
kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
BAD_POOL_HEADER (19)
The pool is already corrupt at the time of the current request.
This may or may not be due to the caller.
The internal pool links must be walked to figure out a possible cause of
the problem, and then special pool applied to the suspect tags or the driver
verifier to a suspect driver.
Arguments:
Arg1: 00000020, a pool block header size is corrupt.
Arg2: 88187000, The pool entry we were looking for within the page.
Arg3: 881876c0, The next pool entry.
Arg4: 0ad80000, (reserved)
Debugging Details:
------------------
BUGCHECK_STR: 0x19_20
POOL_ADDRESS: 88187000
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: DRIVER_FAULT
LAST_CONTROL_TRANSFER: from 00000000 to 8053331e
STACK_TEXT:
f78cab74 00000000 00000000 00000000 00000000 nt!KeBugCheck2+0x4d4
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!KeBugCheck2+4d4
8053331e ?? ???
FAULTING_SOURCE_CODE:
FOLLOWUP_NAME: MachineOwner
SYMBOL_NAME: nt!KeBugCheck2+4d4
IMAGE_NAME: Unknown_Image
DEBUG_FLR_IMAGE_TIMESTAMP: 0
BUCKET_ID: ZEROED_STACK
MODULE_NAME: Unknown_Module
Followup: MachineOwner
---------
Nothing useful, minidump does not have enough information
It is very difficult to debug pool corruptions.
Hello people,
Are there any tools for viewing and editing the amss.bin?
HEX Editor...
IDA...
Brain.
Best Regards
adfree said:
HEX Editor...
IDA...
Brain.
Best Regards
Click to expand...
Click to collapse
with revskill i got this with amss.bin
#define UNLOADED_FILE 1
#include <idc.idc>
static main() {
MakeName(0x00079B70, "Memcmp");
MakeName(0x00062160, "Memcpy");
MakeName(0x0022E924, "Memcpy");
MakeName(0x0006216B, "Memcpy_Generic");
MakeName(0x0022E92F, "Memcpy_Generic");
MakeName(0x000621D0, "__rt_udiv");
MakeName(0x00079F8C, "__rt_udiv");
MakeName(0x00062334, "strlen");
MakeName(0x0007A2C4, "strlen");
MakeName(0x00070DB2, "diag_sp");
MakeName(0x00062298, "strcmp");
MakeName(0x0007A1D8, "strcmp");
MakeName(0x0007A360, "strncpy");
MakeName(0x00072502, "diag_pkt");
MakeName(0x00062F00, "__rt_div0");
MakeName(0x0007D324, "__rt_div0");
MakeName(0x00062F10, "__32__rt_raise");
MakeName(0x0007F1F8, "__32__rt_raise");
MakeName(0x00ACC3A8, "rex_int_lock_32");
MakeName(0x00072330, "subsys_getid");
MakeName(0x0007A548, "vsprintf");
MakeName(0x00062004, "MemClr");
MakeName(0x0022E7C8, "MemClr");
MakeName(0x000725CC, "diag_subsystem");
MakeName(0x0006EC72, "diag_hdlr");
MakeName(0x000726D2, "diag_hdlr");
MakeName(0x00083D86, "diag_hdlr");
MakeName(0x00085432, "diag_hdlr");
}
What about it ?
@Tigrouzen, no segment found at 0x00079B70 etc
amss it's regular elf with a bunch of segments
Code:
Name : LOAD
Start : 0x001E7000
End : 0x001EE000
Length: 0x00007000
----------------------
Name : LOAD
Start : 0x001F0000
End : 0x001F1000
Length: 0x00001000
----------------------
Name : LOAD
Start : 0x001F2000
End : 0x005D8000
Length: 0x003E6000
----------------------
Name : LOAD
Start : 0x005D8000
End : 0x00CDB000
Length: 0x00703000
----------------------
Name : LOAD
Start : 0x00CDB000
End : 0x00D11000
Length: 0x00036000
----------------------
Name : LOAD
Start : 0x00D11000
End : 0x00DAF000
Length: 0x0009E000
----------------------
Name : LOAD
Start : 0x00DAF000
End : 0x00DB9000
Length: 0x0000A000
----------------------
Name : LOAD
Start : 0x00DB9000
End : 0x00E9B000
Length: 0x000E2000
----------------------
Name : LOAD
Start : 0x00E9C000
End : 0x01BF9000
Length: 0x00D5D000
----------------------
Name : LOAD
Start : 0x01BF9000
End : 0x01D05000
Length: 0x0010C000
----------------------
Name : LOAD
Start : 0x01FF0000
End : 0x01FF006C
Length: 0x0000006C
----------------------
Name : LOAD
Start : 0xB0000000
End : 0xB0010CE7
Length: 0x00010CE7
----------------------
Name : LOAD
Start : 0xB0040000
End : 0xB0057000
Length: 0x00017000
----------------------
Name : LOAD
Start : 0xB0100000
End : 0xB0107207
Length: 0x00007207
----------------------
Name : LOAD
Start : 0xB0140000
End : 0xB01401B8
Length: 0x000001B8
----------------------
Name : LOAD
Start : 0xB0200000
End : 0xB0208CF3
Length: 0x00008CF3
----------------------
Name : LOAD
Start : 0xB0240000
End : 0xB024028C
Length: 0x0000028C
----------------------
Name : LOAD
Start : 0xB0400000
End : 0xB040DBE8
Length: 0x0000DBE8
----------------------
Name : LOAD
Start : 0xB0600000
End : 0xB0602000
Length: 0x00002000
----------------------
Name : LOAD
Start : 0xB0602000
End : 0xB0604000
Length: 0x00002000
----------------------
Name : LOAD
Start : 0xF0000000
End : 0xF001F878
Length: 0x0001F878
----------------------
Name : LOAD
Start : 0xF0020000
End : 0xF0026000
Length: 0x00006000
load amss.bin with TriX, dump decoded stage (elf format) and analyze with disassembler (e.g. IDA)
Ok guys i extract certificate from Amss S8530 XEJL2, bootloader segments full info fsbl sbl...
Also i can dump complete NAND and find segment and algorith for RC1 too
This is appscompressed.bin algorythme
0x01ca7750 RIPEMD128+160+MD4
0x01ca7750 SEAL+MD4 key
appcomp hash :
SHA1 : EB55C6690ACAF40BB2F845313F58BFE9C3BC529D
SHA224 : AAC3E2B65CC9F33BB7EDDA3DEB541CA9E8919422CC179B4D2B49F39BAE008F00
SHA256 : 580D3DB21E41A9FE588AE544266040FABA8AF044E739971E77F2B1272323D0B6
SHA256-HTC : A44BC029D7F952750003D9695ED7B464E446D34EEF5BD9665487E4C2BF81F669
MD4 : B3BD8310FF2C4C05E2044FD491814792
MD5 : 7220779D1094C5F7789094DC75BA4E9E
CRC16 (0x1189) : F4EA
CRC30 (Block: 0x1000, Page: 0x200) : 0BD214AA
CRC30 (Block: 0x2000, Page: 0x400) : 0A28A17A
CRC32 (0xEDB88320) : 313F4EF2
CRC32 (0x04C11DB7) : 90B01704
CRC32 HTC (0xEDB88320) : B55B60A7
ECC Reed Solomon (parity 10) : 43702DA1FDAC4DB2023B
ECC BCH Micron 3 byte : 818144
ECC Hamming Toshiba (8 bit - 0x200 bytes) : C00FC3
ECC Hamming (8 bit - 0x200 bytes) : FF3CF3
ECC Hamming (16 bit - 0x200 bytes) : 3FCFFC
Amss algo :
0x0007fce0 CRC-16 norm
0x0007fee0 CRC-16 inv
0x0007f8e0 CRC-30
0x0007eb50 CRC30 Function
0x00b66194 CRC-32
0x00b66394 CRC32 Function
0x000800e0 CRC-32 Xilinx
0x0007eb58 CRC32 Xilinx Function
0x000800e4 CRC32 Xilinx Function
0x00c3c490 DES RAW Spbox
0x00c39381 RSA PKCS SHA1/RIPEND Digest
0x00c39390 MD2 S
0x00463548 SHA2 table
0x008fcc88 SHA2 table
0x00b6eb14 ZDeflate
0x0041a28c SHA1+MD4+MD5 init
0x008fcb08 SHA1+MD4+MD5 init
0x00c3d7f8 SHA1+MD4+MD5 init
0x0041a29c SHA1+MD4+MD5 key1
0x008fcb18 SHA1+MD4+MD5 key1
0x00c3d808 SHA1+MD4+MD5 key1
0x001a9844 SHA1+MD4+MD5 key2
0x0041ac1c SHA1+MD4+MD5 key2
0x008fcb1c SHA1+MD4+MD5 key2
0x001a9848 SHA1+MD4+MD5 key3
0x0041ac20 SHA1+MD4+MD5 key3
0x008fcb20 SHA1+MD4+MD5 key3
0x00463648 SHA2 init table
0x008fcd88 SHA2 init table
0x00c3d80c SHA2 init table
0x0046364c SHA2 init table
0x008fcd8c SHA2 init table
0x00c3d810 SHA2 init table
0x00419980 RIPEMD128+160+MD4
0x008fcaf8 RIPEMD128+160+MD4
0x00bdcca0 RIPEMD128+160+MD4
0x001a9844 MD5
0x0041ac1c MD5
0x008fcb1c MD5
0x00419980 SEAL+MD4 key
0x008fcaf8 SEAL+MD4 key
0x00bdcca0 SEAL+MD4 key
0x004fc7af HTC PUBLIC KEY
E9079DBB2452104990982132470BA20B7C795D1B4690B718B62FCD38D71D4E458FAF320374B89D5236C79BD57D2BA2D3508A4A605B0D48CB8CA5478BFE4D7D32AB0AE072BC367A9615F002D5023A617B422FEC1EF8DAD772D75E9C4F06EF624B864699A3F080D1B8E192B921D159852B2DC798F752B4F1FA529FF123D9963F73
0x00708134 Sober 128
0x00c3cd90 Sober 128 SBox
Possible algos little endian: 45
0x00315f6c AES te
Possible algos big endian: 1
Amss hash :
SHA1 : C59C5785E823E5E1CA9BE05DB6F55F8C8AC1BBA3
SHA224 : 5F50CED13C1204068E443919706B53D866271DAB1CFB5A9CB07A953CAE008F00
SHA256 : D86C7634FE07806D3B87701EC7F72F25DAAFAC7C40CA1D370C1ABA5840C091C0
SHA256-HTC : 120F70AECE78B8DCF69DCD79F020AB00AE17572123BA21274D6F6EE280774A09
MD4 : 7703DF5B1074392D4B91ECA23BAC9D92
MD5 : 22197F8AAD6A2CB4394E1B4E63EB843C
CRC16 (0x1189) : FAC5
CRC30 (Block: 0x1000, Page: 0x200) : 311AE4C7
CRC30 (Block: 0x2000, Page: 0x400) : 295DFC29
CRC32 (0xEDB88320) : 8DB21A34
CRC32 (0x04C11DB7) : 7B94B6A4
CRC32 HTC (0xEDB88320) : 08450BBC
ECC Reed Solomon (parity 10) : A04D69B134A126F3FD15
ECC BCH Micron 3 byte : 000000
ECC Hamming Toshiba (8 bit - 0x200 bytes) : FFFFFF
ECC Hamming (8 bit - 0x200 bytes) : FFFFFF
ECC Hamming (16 bit - 0x200 bytes) : FFFFFF
Amms certificat :
https://rapidshare.com/files/3061245812/1.cer
Well, the main idea was ..., to get some tools with which the amss.bin for bada v1.2 and v2 can be modified to work for the American/Australian version of the wave. Looks like there are some hardware differences and this file is containing information needed for the RF module.
Looks like there are some hardware differences and this file is containing information needed for the RF module
Click to expand...
Click to collapse
No idea if Hardware differences, but I'm pretty sure there are different Config/Calibration data...
Check out NV items... AMSS + NV items = Qualcomm related part...
http://www.samsunguniverse.com/forum/s8500-can-work-with-qualcomm-tools-t199.html
You could take an look on FCC documents for maybe Hardware check...
Best Regards
I think gambal refers to UMTS bands, Europe is different than in America.
UMTS bands in America are 850 - 1900
UMTS bands in Europe are 2100
bada 1.2 and above only works with Euro bands (these updates hasn't oficially released in America), so as we know the file "amss.bin" contains the parameters that define which bands to work, would be good to try to edit the information to compile a new "amss.bin" to work with American bands ..
Many Americans would be happy!
...would be good to try to edit the information to compile a new "amss.bin" to work with American bands ...
Click to expand...
Click to collapse
But you are really sure that not NV items differ?
Maybe easier to compare NV items...
Best Regards
You mean to compare amss NV items from a 1.0 American firmware and another 1.2 European firmware?
I was import to a .Qcn file a list of NV items of my mobile (bada 1.0 american), i will compare with another one of 1.2.
It's posible to create more NV items if is necesary?
sorry for double post.
i've compared NV items of my phone, first with a 1.0 american firmware then with a 1.2 European firmware..
EDIT: thought that there were no differences because the file size was identical, but looking more attentively i find some, i will continue researching,
You tried QPST or which Tool?
And are sure there are no differences?
I have 2x S8500... with QPST difference 10 NV items + one S8500 has 10 more
Content not checked... too lazy at this time.
Best Regards
Edit 1.
File Summary:
Phone Model: 19 [QSC6270/QSC6240], Configuration Name: default, Total NV Item Count: 305
Click to expand...
Click to collapse
File Summary:
Phone Model: 19 [QSC6270/QSC6240], Configuration Name: default, Total NV Item Count: 319
Click to expand...
Click to collapse
And these are only the "official" NV items... and not the hidden one...
Example...
Code:
NV item: [B]2608[/B] [NV_GSM_850_AMPM_MASTER_TBL_SEG8_F1_I], index 0
NV_GSM_850_AMPM_MASTER_TBL_SEG8_F1_I 0: 12 3d fc ff 9c 3c fc ff 26 3c fc ff b0 3b fc ff
NV_GSM_850_AMPM_MASTER_TBL_SEG8_F1_I 1: 34 3b fc ff af 3a fc ff 2a 3a fc ff a6 39 fc ff
NV_GSM_850_AMPM_MASTER_TBL_SEG8_F1_I 2: 22 39 fc ff 9f 38 fc ff 0c 38 fc ff 65 37 fc ff
NV_GSM_850_AMPM_MASTER_TBL_SEG8_F1_I 3: be 36 fc ff 18 36 fc ff 73 35 fc ff ce 34 fc ff
NV_GSM_850_AMPM_MASTER_TBL_SEG8_F1_I 4: 2a 34 fc ff 87 33 fc ff e5 32 fc ff 43 32 fc ff
NV_GSM_850_AMPM_MASTER_TBL_SEG8_F1_I 5: a2 31 fc ff 01 31 fc ff 61 30 fc ff c2 2f fc ff
NV_GSM_850_AMPM_MASTER_TBL_SEG8_F1_I 6: 23 2f fc ff 85 2e fc ff 85 2e fc ff 85 2e fc ff
NV_GSM_850_AMPM_MASTER_TBL_SEG8_F1_I 7: 85 2e fc ff 85 2e fc ff 85 2e fc ff 85 2e fc ff
sorry for my english, I mean to say that i find some differences..
between 2 firmwares, I find 40 differents NV items using "RF NV items Manager" program.
Example:
European 1.2 Firm:
Code:
NV item: 5059 [NV_WCDMA_2100_TX_LIN_MASTER_0_ENH_I], index 0
NV item: 5061 [NV_WCDMA_900_TX_PDM_LIN_0_ENH_I], index 0
American 1.0 Firm:
Code:
NV item: 5064 [NV_WCDMA_1900_TX_PDM_LIN_0_ENH_I], index 0
NV item: 5060 [NV_WCDMA_800_TX_PDM_LIN_0_ENH_I], index 0
(it's look like these items manage the umts network)
This are 2 items of 40 that I find.. So, I imported all 40 1.0 American Firmware Nv Items to the 1.2 Euro Firmwared Phone, (using previous modified .QCN file) then, i restart the device, but nothing happen, still no find UMTS network... But i want believe that we are close to find the solution
If I use PSAS to Display the new added NV items, these appear as "inactive item" and those already on the phone appears lile "bad parameter"
not know what else I can try...
Even if NV items count is different. Dump of NV area will be always the same in size. Area in oneNAND reserved for NV data is constant, and in most it's just empty space, filled with zeros.
Is it possible to dump whole NV items list using QPST? Can you guys do that and send dumps to me?
If not please search for following NV items and send me values you get (if you get any)
Int id 556
Int id 5
Int id 7
Int id 1403
String id 254
String id 387
String id 388
String id 256
String id 197
I want to prove some theory just taken from Bada kernel and need few different values to compare. These should contain Timezone, Locale and SimBlock settings. (If these NV items are even available)
Please send me PMs with dumps if you get any. Thanks in advance.
Tell me when you are ready "amms.bin" to "bada 2.0" so I can put it on my phone. I'm from Argentina. Thank you very much!
Rebellos said:
Int id 556
Int id 5
Int id 7
Int id 1403
Click to expand...
Click to collapse
With "PSAS" display "Inactive Item", and with "RV NV item manager" i don't these id's..
@adfree
Hey, if I wrote in phone (with "RV NV item manager") some NV items, is not take any effect... does exist another step to "activate" these items or some? maybe in Stune have to add any parameter? or maybe the "QPST Service program" tool..
I have fear of breaking the handset really... I just wan't to calibrate the UMTS bands, need these:
WCDMA_II_PCS_1900
WCDMA_V_850
http://forum.xda-developers.com/showpost.php?p=12436452&postcount=1
Other way to access NV items.
Now you can backup with sTune for instance... folders:
Code:
[B]NV
nvm[/B]
EXTREME Caution!
Some IDs are protected... so you can maybe write/activate, but not easily remove change = brick...
Best Regards
a little question..
there is a firmware of S8530 which has bada 1.2 and 850/900/2100Mhz 3g bands capable... there are firmwares prepared for Brazil and Australia.
it's posible to flash that amss.bin in a S8500 with bada 1.2?
I tried this, but the bootloader says "error erase amms"
amss.bin in a S8500 with bada 1.2?
Click to expand...
Click to collapse
If I remember correct, then yes...
Maybe not all combinations...
BUT check Multiloader ... adresses are different...
So you have to edit...
Later more.
Maybe give Link to this S8530 Firmware, so I can take an look or try for you...
Best Regards
Hi all.
This thread only for developers! Only! No questions - when?!!!!!!!
This is my attempt to porting android on S8600.
I wrote custom bootloader - emmcboot, based on codeaurora LK-bootloader.
Bootloader is successfully start, work and trying to load android kernel from internal
microsd card.
Now is unsuccessfully,after type message "Uncompressing Linux... done, booting the kernel." device rebooted or stopped.
[370] Panel is power on
[370] Display initialized
[370] Display logo
[370] Waiting for modem+++
[370] Waiting for modem: Done
[370] smem ram ptable found: ver: 0 len: 6
[370] scratch: 0x8000000
[370] Starting in SD mode!
[370] SD_DETECT pin : 0x0
[380] Initializing MMC host data structure and clock!
[380] Error No. 2: Failure Initializing MMC Card!
[400] Decoded CID fields:
[400] Manufacturer ID: 27
[400] OEM ID: 0x5048
[400] Product Name: SD16G
[400] Product revision: 3.0
[400] Product serial number: 7C88FF04
[400] Manufacturing date: 2 2012
[410] Serial number -[410] serial number:
[410] partition misc doesn't exist
[410] error in emmc_recovery_init
[580]
kernel @ 208000 (4132528 bytes)
[580] ramdisk @ 1200000 (175204 bytes)
[580] cmdline = 'console=null androidboot.hardware=qcom user_debug=31'
[580]
Booting Linux
[580] smem ram ptable found: ver: 0 len: 6
[580] booting linux @ 0x208000, ramdisk @ 0x1200000 (175204)
[590] cmdline: console=null androidboot.hardware=qcom user_debug=31
Uncompressing Linux... done, booting the kernel.
source code for lk-bootloader for S8600:
https://github.com/Oleg-k/LK_BOOT_S8600
To build for S8600, type: "make -j4 s8600 EMMC_BOOT=1"
Also, i got memory dump, stage - after load oemsbl and before loading my bootloader.
as we see, oemsbl decompress and load apps_compressed.bin into memory,
starting at 0x200000.
https://www.dropbox.com/s/5wf6dp5gfgudkdc/MEM_DUMP_128MB.rar
And for for understanding boot process on MSM7x30, read this:
http://tjworld.net/wiki/Android/HTC/Vision/BootProcess#BootProcess
Welcome back my friend ))
If you able to port,I 100% will buy S8600
Good Luck
I was actually going to ask you what happened to the wave 3 port. Anyway Welcome back . But a question why don't you help rebellos and volk in the wave and wave II porting ? So the porting can be a bit more better. Just my question. :good:
Sounds interesting.
1.
You found ELF files for S8600 Boot ?
2.
You found way without JTAG, or JTAG is needed to write your Boot?
Thanx in advance.
Best Regards
CONFIG_DEBUG_LL
and
CONFIG_EARLY_PRINTK
plx <3
it's my current config for my kernel:
adfree said:
Sounds interesting.
1.
You found ELF files for S8600 Boot ?
2.
You found way without JTAG, or JTAG is needed to write your Boot?
Thanx in advance.
Best Regards
Click to expand...
Click to collapse
No, don't ELF files for S8600, i wrote new bootloader for boot linux kernel.
Now i use JTAG, but if we find a way to cript my bootloader,like appsboot.mbn,we will use regular multiloader
So cool!
http://forum.xda-developers.com/showthread.php?t=1443575
Blowfish encryption
Click to expand...
Click to collapse
Maybe PlatformDownloader_S8600_KI5.exe maybe have unsecured Boot...
But I can't flash nor I have connected my S8600 with RIFF...
TPs seems to small for my big Fingers...
Best Regards
oleg_k said:
it's my current config for my kernel:
Click to expand...
Click to collapse
Thanks. I'd check debug macros and debug uart configuration. There's few UART ports in it, and maybe kernel is printing to the wrong one... though this wouldn't explain why kernel unpacker is printing something (Uncompressing and booting comes already from zImage) - this would indicate that debug port number is correct. Are you sure that kernel and ATAGs location is correct, and RAM is set up properly by LK? Maybe something bad happens when kernel proceeds to enabling MMU and caches... I'm pretty clueless. :<
I collected some links I found useful in this article: http://xda-university.com/as-a-developer/porting-android-to-non-android-devices
Especially interesting for you might be last link in "Custom bootloader" section.
No, don't ELF files for S8600, i wrote new bootloader for boot linux kernel.
Now i use JTAG, but if we find a way to cript my bootloader,like appsboot.mbn,we will use regular multiloader
Click to expand...
Click to collapse
For S8500 I found way to write direct into OneNAND at:
Code:
0x0010 0001
No need to encrypt something...
With Multiloader... choose ETC.
http://forum.xda-developers.com/showpost.php?p=37229969&postcount=37
S8600 not tested...
This is far far away from perfect... but maybe helpfull.
Need someone who is able to remove restriction from ML to use lower adresses then 0x10000...
I was only able to change text strings... in ML...
Best Regards
On first page i posted bootloader source and memory dump, stage - after load oemsbl and before loading my bootloader.
To Adfree,
S8600 don't use OneNAND, used EMMC flash memory (like sd-card).
Today I've found S8600XXKI9.zip
I have forgotten this Firmware... but I have now short compared with Bootfiles from XXKJC... BIG differences... So I think this should be nearly identical with PlatformDownloader_S8600_KI5.exe
Still unsolved to decrypt or extract content of:
PlatformDownloader_S8600_KI5.exe
and
PlatformDownloader_S8600_KJ7.exe
Best Regards
Not my S8600... but user tried PlatformDownloader_S8600_KJ7.exe
It seems it was wrong Partition Table aka partition.bin...
Code:
Boot Binary Download Start Ch[0]
Appsboot 338.7KB OK[1.1s]
OemSbl 1757.7KB OK[1.8s]
ERR : NAK_FLASH_ERROR 0
Error : [B]partition Write[/B] [0.2s]
ERR : NAK_FLASH_ERROR 0
Download Start Ch[0]
Amss 16654.3KB OK[15.6s]
Apps 29622.3KB OK[54.1s]
_Open_Europe_Common 40370.2KB OK[73.5s]
(Low) 2980.3KB OK[1.9s]
ERR : NAK_INVALID_CONTENT 0
ERR : _Open_Europe_Common Erase
Now S8600 ask for QHSUSB_DLOAD
My first idea is Qualcomm QPST now...
Or maybe if Driver used, then Multiloader will work again... for second attempt..
Found only 64 Bit Driver yet... not tested nor Thread... only attachment...
http://forum.xda-developers.com/attachment.php?attachmentid=631288&d=1308601930
Will check also QPST to check what is needed...
Best Regards
Edit 1.
More Driver...
http://forum.xda-developers.com/showpost.php?p=21911621&postcount=2
Okay...
It seems for QPST fsbl.mbn is missing...
I can remember from old MSM6250 handsets it is mandatory to have all files for QPST... because otherwise you need JTAG...
Important...
Qualcomm not use Encryption for QPST files...
This is Samsung thingie + "end.bin" last 1024 Byte...
So decrypt all Bootfiles and cut last 1024 Byte...
For fsbl.mbn I will check JTAG dump from S8600...
Best Regards
Edit 1.
http://forum.xda-developers.com/showthread.php?t=1367055
downgrade_WM6_boot.zip contain fsbl.mbn ... maybe as example...
http://forum.gsmhosting.com/vbb/f634/htc-desire-s-qhsusb_dload-driver-1436354/
Found this...
Here is also fsbl.mbn maybe not available... or...
But maybe if we can attach such S8600 we can see few infos...
Best Regards
Edit 1.
About QPST Version contain this eMMC...
Code:
4. RELEASE NOTES
...
10/27/11 QPST [B]2.7.378[/B]
1) Add support for QSC11x5 CDMA only (4073) and CDMA+GSM (4074).
2) Fix problem with eMMC Software Download not correctly patching addresses > 8 GB.
10/13/11 QPST 2.7.377
1) Fix crash when QPSTServer.config are NULs (bad format).
2) Add model ID 4072 = "APQ8064". Apps processor only, no service programming.
3) Change flash programmer name from nprg9615.hex to nprg9x15.hex.
4) Add emergency download support for user partitions.
5) Fix case where user partition download fails if the flash programmer is on a file share.
6) Fix error case when add port is used but no port is specified.
7) Fix case where restoring an EFS file doesn't work if the file was modified by QXDM.
8) In Service Programming BC SMS fix case where if user enters 32 as the service type it get written to NV as 4096.
9) Fix case where a phone will stay in "no phone" state if the phone takes > 20 seconds to reboot.
10) Take care of cases in eMMC Software Download where we try to lock the disk volume but the drive letter isn't available.
11) Fix "server busy" issue when a device connects but it's modem isn't running.
12) Insert more status message in Memory Debug app so that we can see why fast unframed dump failed.
8/17/11 QPST 2.7.375
1) Add support for MDM9615 (model 4070). Rename model 4068 to 7627A-ANDROID from SURF7627A.
Add model 4071 (7627A-WinMob). Add 1x/UMTS service programming to 4068 and 4071.
2) eMMC Software Download: Don't try to lock volume if drive letter not present.
Devices that use GPT will not mount and get a drive letter assigned.
7/22/11 QPST 2.7.374
1) Added missing file to installer to fix Service Programming problem in 2.7.373.
2) For eMMC Software Download, abort the download if a sparse="true" directive is present.
Sparse files cannot be downloaded with QPST, only with fastboot.
3) Began the process of moving QPST application and server settings from registry to
configuration files.
4) Added more error checking to EFS Explorer file drop code.
7/5/11 QPST 2.7.373
1) Add support for SURF8960 model ID 4069.
2) Fix issue with Port Enable/Disable for IP Ports.
3) NAND Software Download: Correct flash programmer descriptions for 7225A, 7625A, 7227A, and 7627A.
4) Roaming List Editor: Added two new bands LTE 24 and LTE 25.
5) eMMC Software Download:
- Fix problem where some file names print as "(null)".
- Add support for Meta Build contents.xml file ("Build Contents"). The contents file will provide the path for the
rawprogram and patch files, extra search paths, and names of flash programmer and boot image files.
- Ignore unexpected elements in schema.
- Support zeroout directive to zero parts of partitions.
- Allow usage by app of "orderly" as well as surprise removal storage devices.
- Add support for computations in the <patch> (CRC32 for GPT support), <program>, and <zeroout> directives.
6) EfsExplorer:
- Enable reset button in Efs Explorer even if target not in offline mode.
- More text description in Mode column for Efs Explorer
- Modify the list context menu of Efs-Explorer.
- If the proposed item file size copy is > 2048 bytes, warn the user and bail out.
...
Adfree,
link pls for founded S8600XXKI9.zip
link pls for founded S8600XXKI9.zip
Click to expand...
Click to collapse
http://hotfile.com/dl/145796951/79ecec6/S8600XXKI9.zip.html?lang=de
Try this. If not then I search again...
About fsbl.mbn...
I have searched for fsbl_hw.c string in 4 GB JTAG dump SAMSUNG_GTS8600_FullFlash.bin...
Can not find so I think fsbl is not or in other area...
About your Memory Dump FROM_MEM_0_128MB.bin
I am not 100 % sure but maybe read problems...
Short tried to extract Cert, but string Qualcomm is not written correct...
Q5alcomm1
qualcoem.com
Click to expand...
Click to collapse
Best Regards
I try to read again memory dump )
thanks for links...
Also,
i find,what samsung used OKL4 Microkernel 3.0 (maybe 4.0)
http://wiki.ok-labs.com/Release/3.0
About ver 4.0 --
The OKL4 Microvisor is designed from the ground up as a high-performance mobile virtualization platform. It is a microkernel-based embedded hypervisor - called a Microvisor, with a small footprint and the right combination of performance and hardware support to target mobile telephony use. The OKL4 Microvisor 4.0 is distinguished by supporting mobile virtualization, componentization, and security, enabling a new generation of applications and capabilities with impact across the mobile ecosystem.
OKL4(with Qualcomm RTOS) also used in modem AMSS
http://forum.xda-developers.com/showthread.php?t=1829915
Need overview/list with Firmware packages with Bootfiles included...
Here this is what I have...
Later I will compare if difference...
Code:
XXKI9
XXKJC
S8600BOKJ1_TPLKJ1.rar
S8600BOKK6_S8500TPLKK7_T-Mobile.rar
S8600JPKK2_S8500OJPKK2_OJP.rar
S8600ZCLA1.7z
S8600NAKL1_S8600EPLKL1
Best Regards
Hi,
i have unlocked bootloader and flashed official twrp, everything works, but i wanted to try some GSI so flashed havoc os 2.0 pie and got a bootloop with this error:
Code:
--------- beginning of system
04-16 11:44:38.751 596 596 I vold : Vold 3.0 (the awakening) firing up
04-16 11:44:38.752 596 596 V vold : Detected support for: exfat ext4 ntfs vfat
04-16 11:44:38.757 596 596 D vold : Tearing down stale mount /mnt/phh
04-16 11:44:38.758 596 596 W vold : Failed to LOOP_GET_STATUS64 /dev/block/loop3: No such device or address
04-16 11:44:38.758 596 596 W vold : Failed to LOOP_GET_STATUS64 /dev/block/loop0: No such device or address
04-16 11:44:38.758 596 596 W vold : Failed to LOOP_GET_STATUS64 /dev/block/loop7: No such device or address
04-16 11:44:38.758 596 596 W vold : Failed to LOOP_GET_STATUS64 /dev/block/loop1: No such device or address
04-16 11:44:38.758 596 596 W vold : Failed to LOOP_GET_STATUS64 /dev/block/loop2: No such device or address
04-16 11:44:38.758 596 596 W vold : Failed to LOOP_GET_STATUS64 /dev/block/loop6: No such device or address
04-16 11:44:38.758 596 596 W vold : Failed to LOOP_GET_STATUS64 /dev/block/loop4: No such device or address
04-16 11:44:38.758 596 596 W vold : Failed to LOOP_GET_STATUS64 /dev/block/loop5: No such device or address
04-16 11:44:38.759 596 596 I vold : [libfs_mgr]dt_fstab: Skip disabled entry for partition system
04-16 11:44:38.762 596 596 D vold : VoldNativeService::start() completed OK
04-16 11:44:38.763 596 600 D vold : e4crypt_init_user0
04-16 11:44:38.764 596 600 D vold : e4crypt_prepare_user_storage for volume null, user 0, serial 0, flags 1
04-16 11:44:38.764 596 600 D vold : Preparing: /data/vendor_de
04-16 11:44:38.764 596 600 E cutils : Failed to mkdir(/data/vendor_de): Read-only file system
04-16 11:44:38.764 596 600 E vold : Failed to prepare /data/vendor_de: Read-only file system
04-16 11:44:38.764 596 600 D vold : Preparing: /data/system/users/0
04-16 11:44:38.764 596 600 E cutils : Failed to mkdir(/data/system/users/0): No such file or directory
04-16 11:44:38.764 596 600 E vold : Failed to prepare /data/system/users/0: No such file or directory
04-16 11:44:38.764 596 600 E vold : Failed to prepare user 0 storage
04-16 11:44:38.780 601 601 I /system/bin/tzdatacheck: timezone distro dir /data/misc/zoneinfo/current does not exist. No action required.
04-16 11:44:38.784 596 599 I vold : Found disk at /devices/soc/7864900.sdhci/mmc_host/mmc1/mmc1:aaaa/block/mmcblk1 but delaying scan due to secure keyguard
04-16 11:44:38.985 610 610 I BOOT : MSM target '', SoC 'QRD', HwID '293', SoC ver '65536'
04-16 11:44:38.998 611 611 W DRM_BOOT: file: '/sys/module/drm/parameters/vblankoffdelay' or perms doesn't exist
04-16 11:44:39.542 675 675 I ServiceManagement: Removing namespace from process name [email protected] to [email protected]
--------- beginning of crash
04-16 11:44:39.630 701 701 F linker : CANNOT LINK EXECUTABLE "/vendor/bin/hw/[email protected]": library "[email protected]" not found
04-16 11:44:39.631 714 714 E getcolorid: tp info = 31373201d1533101
04-16 11:44:39.631 714 714 E getcolorid:
04-16 11:44:39.631 714 714 E getcolorid: colorid = 32
04-16 11:44:39.644 676 676 I [email protected]/: [email protected]/backup: Hal starting main loop...
04-16 11:44:39.645 676 676 I [email protected]/: [email protected]/backup Hal is starting up...
04-16 11:44:39.647 717 717 I lowmemorykiller: Using in-kernel low memory killer interface
04-16 11:44:39.652 676 676 W ServiceManagement: Can't efficiently wait for [email protected]::IHealth/default, because we are called from the only binder thread in this process.
04-16 11:44:39.659 707 707 I irsc_util: Starting irsc tool
04-16 11:44:39.660 708 708 I rmt_storage: Shared memory initialised successfully.
04-16 11:44:39.660 708 708 I rmt_storage: Registering modemst1: 0x4a /boot/modem_fs1
04-16 11:44:39.660 708 708 I rmt_storage: Registering modemst2: 0x4b /boot/modem_fs2
04-16 11:44:39.660 708 708 I rmt_storage: Registering fsc: 0xff /boot/modem_fsc
04-16 11:44:39.660 708 708 I rmt_storage: Registering fsg: 0x58 /boot/modem_fsg
04-16 11:44:39.660 708 708 I rmt_storage: 4 GPT partitions found
04-16 11:44:39.661 708 708 I rmt_storage: Capset success!
04-16 11:44:39.666 707 707 I irsc_util: Num of entries:292
04-16 11:44:39.668 676 676 I ServiceManagement: getService: Trying again for [email protected]::IHealth/default...
04-16 11:44:39.668 707 707 I irsc_util: Ending irsc tool
04-16 11:44:39.669 676 676 W ServiceManagement: Waiting one second for [email protected]::IHealth/default
04-16 11:44:39.676 712 712 D PcbaConfigSet: Before, get, [ro.boot.hwversion=], [ro.boot.hwc=], [ro.boot.hwlevel=], [ro.product.cert=], [ro.product.name=treble_arm64_bvN]
Patched boot din't worked.
So, i reflashed with ./flash_all and tried again, flashing also magisk, this time asked me for password, hitted cancel and then selected factory reset.. stuck in twrp
Tried other combos with always flashing stock rom but nothing worked, every time i got bootscreen i get bootloop with the error above(tried also pixel experience, same issue).
This is my first device with treble so maybe i'm a bit noob, someone could help me?
Have you tried the GSI ROM posted in this forum? Also try to flash the stock ROM and see if you didn't broke something.
Does havok has A/B partition support?
SnoopDoggyStyleDogg said:
Have you tried the GSI ROM posted in this forum?
Click to expand...
Click to collapse
Yes, ive tried also pixel experience P because a thread said it's totally compatible.
SnoopDoggyStyleDogg said:
Also try to flash the stock ROM and see if you didn't broke something.
Click to expand...
Click to collapse
After doing exactly the same operation?
I've tried to switch slot(to the one that contain stock) but I got bootloop, so yes, I think the process I've done broke something.
SnoopDoggyStyleDogg said:
Does havok has A/B partition support?
Click to expand...
Click to collapse
Yes, I've downloaded arm64 a/b
Ok, i've managed to install havoc waiting some minutes and ignoring the error, these are the issues i've found:
-camera don't work(even with magisk mi a2 camera)
-torch don't work
-notch not recognised
-internal storage showed as 8 gb
These are common to all GSI or only to havoc?
mac12m99 said:
Ok, i've managed to install havoc waiting some minutes and ignoring the error, these are the issues i've found:
-camera don't work(even with magisk mi a2 camera)
-torch don't work
-notch not recognised
These are common to all GSI or only to havoc?
Click to expand...
Click to collapse
try and enable all permision for the camera app from settings if the error says can't connect to camera
yes notch is an issue on all GSI I've been trying so far, I've been unable to find a way to add a padding to the statusbar so the icon gets cut on the corner,
Jordan~Kurniawan said:
try and enable all permision for the camera app from settings if the error says can't connect to camera
Click to expand...
Click to collapse
Tried but nothing, i have black screen btw, no error is displayed
Jordan~Kurniawan said:
yes notch is an issue on all GSI I've been trying so far, I've been unable to find a way to add a padding to the statusbar so the icon gets cut on the corner,
Click to expand...
Click to collapse
As i've read, notch info is inside build.prop, so maybe copying notch info from stock do the trick
Do you know some 9.0 gsi that are mostly working?
mac12m99 said:
Tried but nothing, i have black screen btw, no error is displayed
As i've read, notch info is inside build.prop, so maybe copying notch info from stock do the trick
Do you know some 9.0 gsi that are mostly working?
Click to expand...
Click to collapse
maybe, for what I've understand we need to manually edit the system ui apk
I'm only trying the 8.1 GSI because i think that what would work the most
I'll try to look into that notch thing and ask some devs
because i haven't read anyone talk about it
Jordan~Kurniawan said:
maybe, for what I've understand we need to manually edit the system ui apk
Click to expand...
Click to collapse
ah ok
Jordan~Kurniawan said:
I'm only trying the 8.1 GSI because i think that what would work the most
Click to expand...
Click to collapse
trying RR Oreo..
Jordan~Kurniawan said:
I'll try to look into that notch thing and ask some devs
because i haven't read anyone talk about it
Click to expand...
Click to collapse
Ok thanks:good:
What about internal storage space issue?
PS
i've found that wiping data from twrp or fastboot cause always a bootloop, the right way is to flash userdata.img from stock rom.
After trying some roms i've understood that:
-only P roms support notch correctly, but all P roms have camera and torch not working(and probably wrong storage space)
-O roms work perfectly but notch is not recognised at all, it's like to have a fullscreen device
I don't know how, but 1 time i managed to get havoc os camera working, unfortunally i wanted to flash twrp to get gapps but i've messed up...
Maybe security patch matter when installing gsi? I'm not sure but i think i was on september update.
mac12m99 said:
After trying some roms i've understood that:
-only P roms support notch correctly, but all P roms have camera and torch not working(and probably wrong storage space)
-O roms work perfectly but notch is not recognised at all, it's like to have a fullscreen device
I don't know how, but 1 time i managed to get havoc os camera working, unfortunally i wanted to flash twrp to get gapps but i've messed up...
Maybe security patch matter when installing gsi? I'm not sure but i think i was on september update.
Click to expand...
Click to collapse
i read somewhere that we need to set SElinux to permissive to make the camera work (idk why) gonna try this soon, you can test this if you have the time
Jordan~Kurniawan said:
i read somewhere that we need to set SElinux to permissive to make the camera work (idk why) gonna try this soon, you can test this if you have the time
Click to expand...
Click to collapse
In fact i Remember to have launched "setenforce 0"
I Will try in the weekend because in these days i dont have much time.
Please tell me if you Will try first
mac12m99 said:
In fact i Remember to have launched "setenforce 0"
I Will try in the weekend because in these days i dont have much time.
Please tell me if you Will try first
Click to expand...
Click to collapse
do you have any idea about vendor partition?
because some say that not every vendor put everything in there, something crucial like camera lib can still be put on system by the vendor (in this case its Xiaomi) thats why when we flash gsi somethings may not work
because the vendor partition (sometimes) does not contain everything we need
edit:
I've been reading few articles about treble and gsi.
apparently, we won't be able to use camera and maybe other things on android 9.0 if we don't have the source for it. it would take a serious hacking involved to make android 9.0 work with 8.1 vendor image.
so our only option is to wait for a developer to work on 9.0 gsi and patch for our device
but it's maybe a waste of time because our device are promised to have at least 2 major android updates
android 9 and 10 and devs probably would be better off using the official firmware and extract blobs from it rather than hacking an oreo libs to work with android 9
Jordan~Kurniawan said:
do you have any idea about vendor partition?
because some say that not every vendor put everything in there, something crucial like camera lib can still be put on system by the vendor (in this case its Xiaomi) thats why when we flash gsi somethings may not work
because the vendor partition (sometimes) does not contain everything we need
Click to expand...
Click to collapse
Can be, i will look into this weekend, but oreo gsi works so i don't think.
Jordan~Kurniawan said:
I've been reading few articles about treble and gsi.
apparently, we won't be able to use camera and maybe other things on android 9.0 if we don't have the source for it. it would take a serious hacking involved to make android 9.0 work with 8.1 vendor image.
so our only option is to wait for a developer to work on 9.0 gsi and patch for our device
but it's maybe a waste of time because our device are promised to have at least 2 major android updates
android 9 and 10 and devs probably would be better off using the official firmware and extract blobs from it rather than hacking an oreo libs to work with android 9
Click to expand...
Click to collapse
Consider that in this thread a lot of people reported that camera work(and someone that don't).
I think all depends on phh patches version that the build use, but thats the first treble device i own so i don't know much about treble, sorry .