Attend XDA's Second Annual Developer Conference, XDA:DevCon 2014!
5,737,452 Members 42,732 Now Online
XDA Developers Android and Mobile Development Forum

[REF] GT-I9100 PIT and Flash Analysis

Tip us?
 
Odia
Old
(Last edited by Odia; 30th June 2012 at 10:10 AM.) Reason: TABLES - Removed redundant data making it easier to read
#1  
Guest - OP
Thanks Meter 761
Posts: 662
Join Date: Jan 2009
Post [REF] GT-I9100 PIT and Flash Analysis

The structure of the PIT is defined below:-

Code:
Select Code
Based on PIT u1_02_20110310_emmc_EXT4.pit

Partition Name	LEN		LEN in BLK	OS Partition	Physical Partition

GANG		00000000	0000				0
BOOT		00000000	0000				1
EFS		013FFFFF	00A0		0p1		4
SBL1		0013FFFF	000A		0p2		2
SBL2		0013FFFF	000A		0p3		3
PARAM		007FFFFF	0040		0p4		5
KERNEL		007FFFFF	0040		0p5		6
RECOVERY	007FFFFF	0040		0p6		7
CACHE		063FFFFF	0320		0p7		8
MODEM		00FFFFFF	0080		0p8		9
FACTORYFS	1FFFFFFF	1000		0p9		a
DATAFS		7FFFFFFF	4000		0p10		b
UMS		2E07FFFFF	1704000		0p11		c
HIDDEN		1FFFFFFF	1000		0p12		d

The offsets in the flash are as follows:-

Code:
Select Code
Partition Name	START

GANG		0x0000000000000000
BOOT		0x0000000000000000
PIT		0x0000000000004400
EFS		0x0000000000400000
SBL1		0x0000000001800000
SBL2		0x0000000001A00000
PARAM		0x0000000001c00000
KERNEL		0x0000000002400000
RECOVERY	0x0000000002C00000
CACHE		0x0000000003400000
MODEM		0x0000000009800000
FACTORYFS	0x000000000A800000
DATAFS		0x000000002A800000
UMS		0x00000000AA800000
HIDDEN		0x000000038B000000
SBL1 v SBL2 Explanation

The system (SBL) when downloading checks which SBL is active, this is done via a marker, in the GT-I9100 this is SNBL (GT-I9000 was OFNI, INFO in correct endian) and the SBL being downloaded is flashed to the opposite SBL partition, this is a safe guard and is how the 301k resistor on the ID pin can still enter DLM, it does not care which SBL is active, just some SBL can be executed.

Boot Sequence

iRBL > EBL > IBL > PBL > SBL

iRBL = iROM Bootloader (0x02000000)
EBL = Encrypted Bootloader (0x02021400)
IBL = Initial Bootloader (0x02023400)
PBL = Primitive Bootloader (0x4D300000)
SBL = Secondary Bootloader (0x4D400000)
The Following 47 Users Say Thank You to Odia For This Useful Post: [ Click to Expand ]
 
zoneking
Old
#2  
Junior Member
Thanks Meter 6
Posts: 24
Join Date: Apr 2008
thank you for share~~
 
tamas970
Old
#3  
Member
Thanks Meter 1
Posts: 69
Join Date: Jan 2010
hi Odia,

Many thanks for sharing, I can just blame myself not checking this tread before: I formatted my mmcblk0p2 partition->result: bricked phone, doesn't even show the galaxy or battery logo. On top of that, no download or factory reset mode.

What you are writing here gives me hope, that a JIG can help... I don't understand, why SBL2 doesn't come out with a button combination (or in normal download mode). Is there a documentation on SBL2 somewhere?
 
Odia
Old
#4  
Guest - OP
Thanks Meter 761
Posts: 662
Join Date: Jan 2009
Quote:
Originally Posted by tamas970 View Post
hi Odia,

Many thanks for sharing, I can just blame myself not checking this tread before: I formatted my mmcblk0p2 partition->result: bricked phone, doesn't even show the galaxy or battery logo. On top of that, no download or factory reset mode.

What you are writing here gives me hope, that a JIG can help... I don't understand, why SBL2 doesn't come out with a button combination (or in normal download mode). Is there a documentation on SBL2 somewhere?
Ouch, I hope you have at least updated the firmware once on your phone, if its from new and never flashed then 0p3 will also be empty and that is bad news for you. There is no real documentation on the SBLs, but I understand them, what are you thinking?
The Following User Says Thank You to Odia For This Useful Post: [ Click to Expand ]
 
tamas970
Old
#5  
Member
Thanks Meter 1
Posts: 69
Join Date: Jan 2010
Quote:
Originally Posted by Odia View Post
Ouch, I hope you have at least updated the firmware once on your phone, if its from new and never flashed then 0p3 will also be empty and that is bad news for you. There is no real documentation on the SBLs, but I understand them, what are you thinking?
Oucha. Only the kernel was flashed for rooting, I am heading to the local repair service, I hope they have a jtag.

on documentation I meant only infos, such as you mentioned, if the backup partition is populated with the right stuff or not...
 
Odia
Old
#6  
Guest - OP
Thanks Meter 761
Posts: 662
Join Date: Jan 2009
Quote:
Originally Posted by tamas970 View Post
on documentation I meant only infos, such as you mentioned, if the backup partition is populated with the right stuff or not...
The backup partition will be populated if you have updated the firmware at least once, but flashing just a kernel does not count.
The Following 2 Users Say Thank You to Odia For This Useful Post: [ Click to Expand ]
 
tamas970
Old
(Last edited by tamas970; 19th June 2011 at 10:02 AM.)
#7  
Member
Thanks Meter 1
Posts: 69
Join Date: Jan 2010
Quote:
Originally Posted by Odia View Post
The backup partition will be populated if you have updated the firmware at least once, but flashing just a kernel does not count.
Sad... I was hoping, that doing something in download mode already initiated the backup. I guess in the factory they directly flashed KE2 on it, but let's see what the service says...

I see the recovery (0p6) is also empty.

Thanks anyway!
 
Odia
Old
#8  
Guest - OP
Thanks Meter 761
Posts: 662
Join Date: Jan 2009
Quote:
Originally Posted by tamas970 View Post
I see the recovery (0p6) is also empty.
Yes, it seems not to be used at the moment.
The Following User Says Thank You to Odia For This Useful Post: [ Click to Expand ]
 
tamas970
Old
#9  
Member
Thanks Meter 1
Posts: 69
Join Date: Jan 2010
Just a weird idea: is it possible, to put a bootloader on the microSD and boot from there?
 
Odia
Old
#10  
Guest - OP
Thanks Meter 761
Posts: 662
Join Date: Jan 2009
Quote:
Originally Posted by tamas970 View Post
Just a weird idea: is it possible, to put a bootloader on the microSD and boot from there?
Thats not as weird as you may think

The Following 2 Users Say Thank You to Odia For This Useful Post: [ Click to Expand ]
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes