[REF] GT-I9100 PIT and Flash Analysis

Odia · May 31, 2011

The structure of the PIT is defined below:-

Code:

Based on PIT u1_02_20110310_emmc_EXT4.pit

Partition Name	LEN		LEN in BLK	OS Partition	Physical Partition

GANG		00000000	0000				0
BOOT		00000000	0000				1
EFS		013FFFFF	00A0		0p1		4
SBL1		0013FFFF	000A		0p2		2
SBL2		0013FFFF	000A		0p3		3
PARAM		007FFFFF	0040		0p4		5
KERNEL		007FFFFF	0040		0p5		6
RECOVERY	007FFFFF	0040		0p6		7
CACHE		063FFFFF	0320		0p7		8
MODEM		00FFFFFF	0080		0p8		9
FACTORYFS	1FFFFFFF	1000		0p9		a
DATAFS		7FFFFFFF	4000		0p10		b
UMS		2E07FFFFF	1704000		0p11		c
HIDDEN		1FFFFFFF	1000		0p12		d

The offsets in the flash are as follows:-

Code:

Partition Name	START

GANG		0x0000000000000000
BOOT		0x0000000000000000
PIT		0x0000000000004400
EFS		0x0000000000400000
SBL1		0x0000000001800000
SBL2		0x0000000001A00000
PARAM		0x0000000001c00000
KERNEL		0x0000000002400000
RECOVERY	0x0000000002C00000
CACHE		0x0000000003400000
MODEM		0x0000000009800000
FACTORYFS	0x000000000A800000
DATAFS		0x000000002A800000
UMS		0x00000000AA800000
HIDDEN		0x000000038B000000

SBL1 v SBL2 Explanation

The system (SBL) when downloading checks which SBL is active, this is done via a marker, in the GT-I9100 this is SNBL (GT-I9000 was OFNI, INFO in correct endian) and the SBL being downloaded is flashed to the opposite SBL partition, this is a safe guard and is how the 301k resistor on the ID pin can still enter DLM, it does not care which SBL is active, just some SBL can be executed.

Boot Sequence

iRBL > EBL > IBL > PBL > SBL

iRBL = iROM Bootloader (0x02000000)
EBL = Encrypted Bootloader (0x02021400)
IBL = Initial Bootloader (0x02023400)
PBL = Primitive Bootloader (0x4D300000)
SBL = Secondary Bootloader (0x4D400000)

zoneking · Jun 1, 2011

thank you for share~~

tamas970 · Jun 19, 2011

hi Odia,

Many thanks for sharing, I can just blame myself not checking this tread before: I formatted my mmcblk0p2 partition->result: bricked phone, doesn't even show the galaxy or battery logo. On top of that, no download or factory reset mode.

What you are writing here gives me hope, that a JIG can help... I don't understand, why SBL2 doesn't come out with a button combination (or in normal download mode). Is there a documentation on SBL2 somewhere?

Odia · Jun 19, 2011

tamas970 said:
hi Odia,

Many thanks for sharing, I can just blame myself not checking this tread before: I formatted my mmcblk0p2 partition->result: bricked phone, doesn't even show the galaxy or battery logo. On top of that, no download or factory reset mode.

What you are writing here gives me hope, that a JIG can help... I don't understand, why SBL2 doesn't come out with a button combination (or in normal download mode). Is there a documentation on SBL2 somewhere?

Ouch, I hope you have at least updated the firmware once on your phone, if its from new and never flashed then 0p3 will also be empty and that is bad news for you. There is no real documentation on the SBLs, but I understand them, what are you thinking?

tamas970 · Jun 19, 2011

Odia said:
Ouch, I hope you have at least updated the firmware once on your phone, if its from new and never flashed then 0p3 will also be empty and that is bad news for you. There is no real documentation on the SBLs, but I understand them, what are you thinking?

Oucha. Only the kernel was flashed for rooting, I am heading to the local repair service, I hope they have a jtag.

on documentation I meant only infos, such as you mentioned, if the backup partition is populated with the right stuff or not...

Odia · Jun 19, 2011

tamas970 said:
on documentation I meant only infos, such as you mentioned, if the backup partition is populated with the right stuff or not...

The backup partition will be populated if you have updated the firmware at least once, but flashing just a kernel does not count.

tamas970 · Jun 19, 2011

Odia said:
The backup partition will be populated if you have updated the firmware at least once, but flashing just a kernel does not count.

Sad... I was hoping, that doing something in download mode already initiated the backup. I guess in the factory they directly flashed KE2 on it, but let's see what the service says...

I see the recovery (0p6) is also empty.

Thanks anyway!

Odia · Jun 19, 2011

tamas970 said:
I see the recovery (0p6) is also empty.

Yes, it seems not to be used at the moment.

tamas970 · Jun 19, 2011

Just a weird idea: is it possible, to put a bootloader on the microSD and boot from there?

Odia · Jun 19, 2011

tamas970 said:
Just a weird idea: is it possible, to put a bootloader on the microSD and boot from there?

Thats not as weird as you may think

tamas970 · Jun 19, 2011

Odia said:
Thats not as weird as you may think

I remember I had something similar with my old HTC Kaiser.

The question is how to convince the phone to look for bootloader elswhere
and how should the "rescue microSD" look like (is the bootloader enough or does it need a specific kernel/partitioning/file system).

Where does the external SD fit in your partition table?

Odia · Jun 19, 2011

tamas970 said:
Where does the external SD fit in your partition table?

External SD does not get referenced in the PIT so it was not written here, but you can find him @ 1p

tamas970 · Jun 19, 2011

Odia said:
External SD does not get referenced in the PIT so it was not written here, but you can find him @ 1p

I did some additional research, the JIG specifications say, that a "standard" 301kOhm USB JIG puts the booting procedure in "Factory mode 1", which hopefully means that the device looks for bootloaders on all partitions, incl microSD. I'll see soon...

Mackzen · Jun 24, 2011

I hope this is the right thread to post this.

What is data.img for file? It seem it make an hard reset if you flash it.

It contains most zeros.

Odia · Jun 24, 2011

Mackzen said:
I hope this is the right thread to post this.

What is data.img for file? It seem it make an hard reset if you flash it.

It contains most zeros.

Probably is the wrong place for your post, but I will try to help anyway.

Need some more information, like where did you get this file from?

Mackzen · Jun 24, 2011

Odia said:
Probably is the wrong place for your post, but I will try to help anyway.

Need some more information, like where did you get this file from?

it's from any "user_low_ship" rom from pda.tar .
http://xdaforums.com/showpost.php?p=15009318&postcount=37
(this package even include an efs_xxxxx.tar) ?

I wrote it here because I thought we need an PIT file for Re-Partition.

Odia · Jun 25, 2011

Mackzen said:
it's from any "user_low_ship" rom from pda.tar .
http://xdaforums.com/showpost.php?p=15009318&postcount=37
(this package even include an efs_xxxxx.tar) ?

I wrote it here because I thought we need an PIT file for Re-Partition.

Since the low packages are AKA a clean factory image they contain some empty filesystems which will erase the named partition e.g. data in this case, another example is cache.img in the CODE/PDA file bundle.

mimstyle · Jul 20, 2011

I can put a KE7 pit on my android 2.3.4 with KG2?

Where i can find it?

Because there are some lag in home screen.

Hacre · Jul 20, 2011

mimstyle said:
I can put a KE7 pit on my android 2.3.4 with KG2?

Where i can find it?

Because there are some lag in home screen.

My car is getting lousy fuel economy, can someone tell me how to fit a new radio antenna to fix please?

mimstyle · Jul 20, 2011

Hacre said:
My car is getting lousy fuel economy, can someone tell me how to fit a new radio antenna to fix please?

LoL

Not possible to optimize this laggy home screen @!#£ ?

[REF] GT-I9100 PIT and Flash Analysis

Guest

Member

Senior Member

Guest

Senior Member

Guest

Senior Member

Guest

Senior Member

Guest

Senior Member

Guest

Senior Member

Senior Member

Attachments

Guest

Senior Member

Guest

Senior Member

Retired Senior Recognized Developer

Senior Member

Similar threads

Top Liked Posts