The Droid Charge Development Platform. AKA UnBrickable Mod

Search This thread
By:
Advanced…
AdamOutler

AdamOutler

Retired Senior Recognized Developer
Feb 18, 2011
5,224
9,827
Miami, Fl̨̞̲̟̦̀̈̃͛҃҅͟orida
If anyone would like to move this along, we could use a program to talk to the UART device. This would be on COM* for windows or /dev/ttyUSB* for Linux. If someone would be so kind as to begin on this program, we can move along development with a full open source stack.

This method would work like this:
Device---UART-to-USB---computer

The UART-to-USB controller can be any device out there which can perform the communications. Some of the recommended devices would be "The Bus Pirate", "Android ADK"or "Arduino Mega". Both of these devices are capable of communicating over UART and both follow the "Open Hardware/Open Source" standards.


Here's what we need for a basic UART resurrector program.
Do wait for AA on com device
Send AA
loop1:
Do wait for AA or CC.
If AA send AA. Goto loop1
If CC send CC followed by 4 length bytes.
If get another CC send CC followed by 4 length bytes.
Then follow it with lots of 0x00
Click to expand...
Click to collapse

A complete UART program would work the same, however it would bit-bang Rebello's HIBL into the serial device instead of 0's, then wait for 5 seconds and bit-bang a modified SBL into the COM Port. Or... just bitbang the modified SBL into the COM Port.


Of course we have all the details for USB-OTG, so if we can find the USB-OTG device, we can do it with existing methods. The problem is that we don't know where the USB-OTG device enumerates. So, the next best option is to use some open-hardware, open-source, cheap UART converters to upload software.
 
Last edited:
AdamOutler

AdamOutler

Retired Senior Recognized Developer
Feb 18, 2011
5,224
9,827
Miami, Fl̨̞̲̟̦̀̈̃͛҃҅͟orida
Just to clarify, UART is not the ultimate goal. It is a option which brings DIY recovery of a device from $200~ for a RIFF JTAG box (Including locating firmware and special skills) down to $30 for a multi-purpose open-hardware device where we have the details worked out.

I just wanted everyone to know that the development wont stop at UART, but it's dooable right now with some software and $30 of hardware.
 
H

hdb_3

Member
Oct 24, 2010
49
7
So can this mod currently get my Charge into download mode as it is now, or do we have to wait until the firmware gets finished?
And if so what would that process be in laymans terms? I read the op and the KIT-S5PC110 manual and didn't see the steps.
 
Last edited:
AdamOutler

AdamOutler

Retired Senior Recognized Developer
Feb 18, 2011
5,224
9,827
Miami, Fl̨̞̲̟̦̀̈̃͛҃҅͟orida
hdb_3 said:
So can this mod currently get my Charge into download mode as it is now, or do we have to wait until the firmware gets finished?
And if so what would that process be in laymans terms? I read the op and the KIT-S5PC110 manual and didn't see the steps.
Click to expand...
Click to collapse

The firmware is finished. We need to figure out how to get the Droid charge to take it. The USB OTG controller wont enumerate. There may be a button combo or a couple of pins that need to be shorted. I could use another doner board (water damaged or broken) to move this along because I returned the first one already.
 
connexion2005

connexion2005

Senior Member
Feb 27, 2009
1,021
718
Texas
www.mobiletechvideos.com
Ronbo85 said:
Thanks Adam!

I got to tell anyone here between Adam and www.[B]MobileTechVideos.com [/B] you are in good hands here! Great service, help you name it! Most certainly the Droid Charge "Go To" guys if you have a problem.
Click to expand...
Click to collapse

Thanks a lot for the opportunity to produce a world's first repair I hope you enjoy your newly restored device! And soon I know we will have a second form of repair when UBMOD ressurector for the charge is fully finished...

Sent from my GT-I9100 using xda premium
 
Ronbo85

Ronbo85

Senior Member
Dec 5, 2010
127
10
Ft Lauderdale
Well guys she is unbricked but wont activate. I did the usual vzw online procedure and swapped sim cards using the IMEI number and it vzw accepted it but no vzw network communication, there is a small x over the network signal bar.

I highly suspect its due to the missing MEID (all zeros) When 1st got the phone back I couldnt add my google account I kept getting data connection error even tho I could surf the net fine. So I reflashed the phone to the latest humble rom and then had no trouble adding my google account and setting up my apps after that. I still noticed an x above the network signal and it seems this device is different than my T-bolt which has different radios you can flash(correct me here if I am wrong).

What next? Phone works fine otherwise

PS: Hope the BBQ was good
 
Last edited:
C

caesus

Member
Apr 1, 2009
43
2
I have a non-booting phone with no USB functionality due to a bad ODIN flash. The phone cannot be detected by Odin or Heimdall. Will this mod rescue my phone?
 
Ronbo85

Ronbo85

Senior Member
Dec 5, 2010
127
10
Ft Lauderdale
OK Adam, you know my device has the mod.

When I connect the usb and insert the battery doing nothing else I get the battery charge status on the phone screen and "no device found or detected" in mode detect.

When I hold both the vol keys and insert the battery my phone goes into download mode and mode detect still says "no device found or detected"
 
AdamOutler

AdamOutler

Retired Senior Recognized Developer
Feb 18, 2011
5,224
9,827
Miami, Fl̨̞̲̟̦̀̈̃͛҃҅͟orida
Ronbo85 said:
OK Adam, you know my device has the mod.

When I connect the usb and insert the battery doing nothing else I get the battery charge status on the phone screen and "no device found or detected" in mode detect.

When I hold both the vol keys and insert the battery my phone goes into download mode and mode detect still says "no device found or detected"
Click to expand...
Click to collapse

By my calculations... there's 64 possible combinations including all buttons and USB cable.... you did 2.
 
Ronbo85

Ronbo85

Senior Member
Dec 5, 2010
127
10
Ft Lauderdale
Im up to 25 combinations so far, nothing yet and making notes. I have other things going on so I will keep at it as I can. One note, even normally booted "mode detect" dont see this phone. Also I recon with 7 buttons seems like there are way more than 64 combinations. Will keep you posted esp if i hit on something
 
AdamOutler

AdamOutler

Retired Senior Recognized Developer
Feb 18, 2011
5,224
9,827
Miami, Fl̨̞̲̟̦̀̈̃͛҃҅͟orida
Ronbo85 said:
Im up to 25 combinations so far, nothing yet and making notes. I have other things going on so I will keep at it as I can. One note, even normally booted "mode detect" dont see this phone. Also I recon with 7 buttons seems like there are way more than 64 combinations. Will keep you posted esp if i hit on something
Click to expand...
Click to collapse
If I remember correctly, the device can be hard-rebooted with home and power. this means the home button is wired directly to either the processor or the Power Management IC(PMIC). Now we have to figure out the combinations.

It's likely the other buttons are also wired in a similar manner.

Here's something else to throw in the mix.. the middle battery pin is something worthy of attention. it's directly wired to the PMIC. Try covering that middle pin with a piece of paper or something and try some combinations with that.. I know there's something here. Just gotta find out how it's supposed to work.

These devices are modeled after their development platform counterparts. I refuse to believe that Samsung screwed this part up in porting from the KIT-S5PC110 SOC Dev platform to the Droid Charge. Especially when it's made so ruggedly and well.. Samsung is good at replicating the finer details. There IS a combination somewhere.. just gotta find it.

btw.. I was kinda short earlier because I was at the state fair with my family.
 
I

iwasaperson

Senior Member
Aug 31, 2010
339
110
The phone is hard rebooted by holding power until it reboots, nothing else.
Home, volume up, and power triggers recovery.

Sent from my SCH-I510 using XDA App
 
You must log in or register to reply here.

Similar threads

bash_array
  • Locked
[ROM][EE4][ODIN] Humble 1.62 9-23-2011
Replies
3K
Views
205K
haza12d
haza12d
poloboogie
Screenshots from your droid charge
Replies
1K
Views
161K
J
jdawg334
imnuts
[RECOVERY][3-2-12]Clockwork Mod Recovery
Replies
598
Views
193K
mattkilla420
mattkilla420
bash_array
  • Locked
[ROM][ODIN][CWR][EP4P] Humble 5.0 RC2 Gingerbread 2.3.6 11-9-2011
Replies
2K
Views
246K
C
Cilraaz
S
  • Sticky
HOW TO: Flash ROMs with Odin3 v1.82 UNDER CONSTRUCTION
Replies
120
Views
267K
I
Ieeeeat2

Top Liked Posts

24 Hours All time
  • There are no posts matching your filters.
  • 9
    AdamOutler
    AdamOutler
    This modification will go like this: http://xdaforums.com/showthread.php?t=1206216

    After that, unbricking your Droid Charge will be like this...

    See here for full instructions:
    http://xdaforums.com/showthread.php?t=1242466

    Of course I don't OWN a droid charge, so I will need to work with someone who does.



    introduction
    I'm not kidding when I say UnBrickable. Modifying the OM pins means you can boot from USB, UART or MMC. This makes the phone quite UNBRICKABLE. There is nothing you can do software wise to prevent the device from booting into this mode. We are communicating with the unrewritable, efused IROM on the processor. It's the thing that makes the system on a chip into a "system on a chip".I am here now to tell you how to turn your Samsung Droid Charge into a KIT-S5PC110 development board. The KIT-S5PC110 development board is the platform used to develop our phones. There are some differences between this mod and the official development platform. The S5PC110 has a removable internal SDCard and no touchscreen.

    Why would you want to do this? When you plug in the battery and connect it to the computer in "off" mode, it will become an S5PC110 board awaiting download of a program to run. This occurs long before anything like software or firmware enters the processor. This is the IROM of the device awaiting commands or a power on signal.

    Because it is accepting a memory flash, anything may be put onto the device to perform a boot sequence..... Apple iOS (iPhone4 has the same processor) WP7 (mango supports this processor).

    This will be a replacement for JTAG once we are able to make some firmware. How could it possibly be better then JTAG? Let's count the ways....
    1. The only part required is a wire.
    2. No shipping time.
    3. No cost for a box to interface the computer.
    4. Permanent.
    5. Can be done as a preventive measure.
    6. Gives the ability to test new Bootloaders temporarily.
    7. Allows development of the entire system.
    8. Removes worry about flashing and acts as a backup.

    After performing this mod:
    Remove the battery, replace the battery, your phone will connect to the computer via USB and await commands. Otherwise it will pretty much act like a Droid Charge. See the Special Instructions section.

    Modification

    You will need:
    1. Get someone who knows what they're doing with a soldering iron. If they don't know what flux is, then they don't know what they're doing. You can also speak to myself(my username @gmail.com) or Connexion2005(aka MobileTechVideos.com)
    2. soldering iron - make sure it's sharp, if it's not sharp, then sharpen it, flux it and retin it.
    3. flux
    4. solder
    5. tweezers
    6. A relay (possibly- for the wire within to use as a bridge)


    performing the modification:
    1. tear apart your phone... Make sure to take out your SIM and external SDCard before you do this.
    1A. Remove the screws.
    1B. Separate the top case from the bottom case
    1C. disconnect the display connector and free the camera and button assemblies from the case.
    1D. Remove the mainboard

    Mainboard picture (HUGE):http://i56.tinypic.com/2945i5d.jpg
    Processor Picture(HUGE): http://i52.tinypic.com/2m4rvv9.jpg

    2. Perform the mod in one of the following ways:

    The Proper Way:
    2a. Move the xOM5 resistor from the top to the bottom position
    2nvtrp.png


    --or--

    The Easy Way:
    2b. Remove the xOM5 resistor and bridge it to one of the resistors next to it.
    2m5lds2.png

    thanks to Clarkkent434 for the board.


    3. reassemble the phone.


    Special Instructions

    • This replaces the battery charging sequence. The normal battery charging sequence can be activated by holding power for 4 seconds.
    • To turn on the device, and operate in normal mode, you must hold the power button for 5 seconds.
    • 3 button Download mode works as usual, however you must not have the S5PC110 drivers installed on the computer. You can use your custom rom menu option, adb reboot download, or use a terminal to "reboot download". 301Kohm Factory Mode JIGs work as well, but you must press power to bypass the S5PC110 mode.


    Conclusion

    Congratulations. You now have a device which works like a KIT-S5PC110 with an OM Value of 29. Now get to developing some serious custom software. See here for setting up the UART output http://xdaforums.com/showthread.php?t=1235219

    reading material
    Creating your own Samsung Bootloaders: http://xdaforums.com/showthread.php?t=1233273
    KIT-S5PC110 manual: http://www.mediafire.com/?94krzvvxksvmuxh
    how to use DNW: http://tinyurl.com/dnw-how-to
    Flash using openOCD and DNW: http://www.arm9board.net/wiki/index.php?title=Flash_using_OpenOCD_and_DNW
    another DNW example: http://www.boardset.com/products/mv6410.php
    ODroid dev center: http://dev.odroid.com/projects/uboot/wiki/#s-7.2


    drivers and utilities
    This will be an ever expanding list
    Windows Drivers http://xdaforums.com/attachment.php?attachmentid=678937&d=1312590673
    Windows Download Tool DNW: http://xdaforums.com/attachment.php?attachmentid=678938&d=1312590673
    Windows Command Line Download Tool: http://xdaforums.com/showpost.php?p=17202523&postcount=27
    Linux DNW Utility: http://dev.odroid.com/projects/uboot/wiki/#s-7.2

    firmware
    One-Click Resurrector: http://xdaforums.com/attachment.php?attachmentid=705515&d=1314762609
    Bootloader Hello World by Rebellos http://xdaforums.com/attachment.php?attachmentid=698077&d=1314105521
    View
    2
    R
    Rebellos
    Printing message
    IROM e-fused version.
    Click to expand...
    Click to collapse
    or
    IROM non e-fused version.
    Click to expand...
    Click to collapse
    depends on, accordingly not-null or null e-fuse SECKEY registers, stored in CPU. They seem to be the equal (not-null) for all S5PC110 chips (it has been confirmed that IBL signed with the same key works on SGS, Captivate, Odroid and so on).

    Printing it is kinda easy, it is in C code:
    int a,b,c,d;
    a=read32(SECKEY+0x18);
    b=read32(SECKEY+0x1C);
    c=read32(SECKEY+0x20);
    d=read32(SECKEY+0x24);
    if(a!=NULL||b!=NULL||c!=NULL||d!=NULL)
    printf("IROM e-fused");
    else
    printf("IROM non e-fused");
    Click to expand...
    Click to collapse
    Message text may slighty vary depends on SBL revision and model.
    I've never seen message "non e-fused". However on this level of booting it is only informative debug message, probably was used on first S5PC110 prototypes, which were non-secure.

    All possible internal schemas of Charge, like service manuals of L3 and L4 are welcome in solving this mystery. Thanks in advance.
    View
    1
    AdamOutler
    AdamOutler
    Ronbo85 said:
    Hi, thank you for your valuable information.

    Just for clarification, in post #1 it starts out with "the modification will go like this" and a link to another thread with some circuit mods on another samsung mobo.

    Then under that in the same post there is a video for the "Ultimate Unbricker"

    Then below that again in the same post there is another video for the teardown of a Charge and below that another mobo circuit mod.

    Is there more than one circuit mod for the Charge or is only the one within post #1 needed for the unbrick?
    Click to expand...
    Click to collapse
    Just one circuit mod. Like I said, they're like switches. the xOM5 value must be switched from a low to a high and that's it. It's easy. Much easier then the Captivate. You could do it with a crappy radio shack soldering iron in about 5 minutes.

    Just bridge xOM5 to a resistor on either side. Or heck, have me do it. I can't believe this has been around for a week and noone has done it. It's simple, free and convenient.

    Anyone got a broken Droid Charge? I'll fix it for free and make it UnBrickable. I also have two RIFF JTAG boxes within arm's reach of this computer as a backup. Christ... I pulled the processor off a very generous person's droid charge to get the details mapped out for this mod and I'll be damned if his contribution goes to waste.

    Ya'll need to get on this and start real development instead of this fooling around in the "Droid Charge Android Development" forum. Make your devices into real development phones with no boundries.. Flash some Nexus S bootloaders without worry and port Ubuntu to the device, then flash back to stock when you're done.
    View
    1
    Ronbo85
    Ronbo85
    Thanks Adam!

    I got to tell anyone here between Adam and www.[B]MobileTechVideos.com [/B] you are in good hands here! Great service, help you name it! Most certainly the Droid Charge "Go To" guys if you have a problem.
    View
    1
    AdamOutler
    AdamOutler
    Alright, I sent this Droid Charge to MobileTechVideos.com for JTAG. This allows me to verify all theory up to this point. Let's go over the UART debugging output... I'll break it down into chunks and explain the important parts.

    This boot sequence is a totally stock Droid Charge booting into it's power off battery charging sequence... not rooted, not running a custom ROM, just USB plugged into a device which is off.

    Ok.. So, UART is hooked up and I press the power button for less then 4 seconds. The device will attempt to boot after 4 seconds of holding the power button...
    Code: 
    ��������������������������������������������������������������������������������
Uart negotiation Error

Insert an OTG cable into the connector!
    Ok, so I inserted the cable into the connector
    Code: 
    ��������������������������������������������������������������������������������
Uart negotiation Error
    At this point it should enumerate on the USB port, but it does not.... I have some more stuff to try.. some FSA9040 chip foolery may prove useful.. This will come later.
    Code: 
    Enumeration TimeOut Error
    After 2 seconds of trying to enumerate with the computer it gives up and starts booting.. It does not enumerate on USB for some unknown reason
    Code: 
    1
    This piece lets you know that the iROM has executed. This binary 0010, and number 1 tells you that the device is attempting to boot into the PBL.
    Code: 
    -----------------------------------------------------------
   Samsung Primitive Bootloader (PBL) v3.0
   Copyright (C) Samsung Electronics Co., Ltd. 2006-2010
-----------------------------------------------------------

+n1stVPN       3456 
+nPgsPerBlk    64 
+n1stVPN       3776 
+nPgsPerBlk    64 
PBL found bootable SBL: Partition(4).


    So, at this point, the PBL calls the SBL. The SBL is technicallyp/i] an operating system on it's own. it's capable of reading and writing to the OneNAND, Download Mode, setting registers in the power management IC, and other parts of the system.
    Code: 
    Set cpu clk. from 400MHz to 800MHz.
OM=0x29, device=OnenandMux(Audi)
IROM e-fused version.

                                                                                
-----------------------------------------------------------                     
   Samsung Secondary Bootloader (SBL) v3.0                                      
   Copyright (C) Samsung Electronics Co., Ltd. 2006-2010                        
                                                                                
   Board Name: ARIES REV 02                                                     
   Build On: May 27 2011 01:21:27                                               
-----------------------------------------------------------                     
                                                                                
Re_partition: magic code(0x0)                                                   
[PAM:   ] ++FSR_PAM_Init                                                        
[PAM:   ]   OneNAND physical base address       : 0xb0000000                    
[PAM:   ]   OneNAND virtual  base address       : 0xb0000000                    
[PAM:   ]   OneNAND nMID=0xec : nDID=0x50                                       
[PAM:   ] --FSR_PAM_Init
    The OM=0x29 says that the device's boot command has been set up properly.. UART>USB>OneNAND(normal boot). SO we're not experiencing problems here


    Now, here's something tricky... The IROM is efused. I'm not sure if this is preventing boot from USB or if this fuse can be bypassed. Either way, the enumeration should occur before this mesage.

    I will ask Rebellos for information on the IROM e-fused version message. He's disassembled the SBL and knows the inner workings well.

    The SBL has been initialized and it has made memory space to begin loading the rest of the system.

    It will now check the OneNAND's partitions for entries which it should load.
    Code: 
    fsr_bml_load_partition: pi->nNumOfPartEntry = 13                                
partitions loading success                                                      
board partition information update.. source: 0x0                                
.Done.                                                                          
read 1 units.                                                                   
==== PARTITION INFORMATION ====                                                 
 ID         : IBL+PBL (0x0)                                                     
 ATTR       : RO SLC (0x1002)                                                   
 FIRST_UNIT : 0                                                                 
 NO_UNITS   : 1                                                                 
===============================                                                 
 ID         : PIT (0x1)                                                         
 ATTR       : RO SLC (0x1002)                                                   
 FIRST_UNIT : 1                                                                 
 NO_UNITS   : 1                                                                 
===============================                                                 
 ID         : EFS (0x14)                                                        
 ATTR       : RW STL SLC (0x1101)                                               
 FIRST_UNIT : 2                                                                 
 NO_UNITS   : 40                                                                
===============================                                                 
 ID         : EFS2 (0xd)                                                        
 ATTR       : RW SLC (0x1001)                                                   
 FIRST_UNIT : 42                                                                
 NO_UNITS   : 12                                                                
===============================                                                 
 ID         : SBL (0x3)                                                         
 ATTR       : RO SLC (0x1002)                                                   
 FIRST_UNIT : 54                                                                
 NO_UNITS   : 5                                                                 
===============================                                                 
 ID         : SBL2 (0x4)                                                        
 ATTR       : RO SLC (0x1002)                                                   
 FIRST_UNIT : 59                                                                
 NO_UNITS   : 5                                                                 
===============================                                                 
 ID         : PARAM (0x15)                                                      
 ATTR       : RW STL SLC (0x1101)                                               
 FIRST_UNIT : 64                                                                
 NO_UNITS   : 20                                                                
===============================                                                 
 ID         : KERNEL (0x6)                                                      
 ATTR       : RO SLC (0x1002)                                                   
 FIRST_UNIT : 84                                                                
 NO_UNITS   : 30                                                                
===============================                                                 
 ID         : RECOVERY (0x7)                                                    
 ATTR       : RO SLC (0x1002)                                                   
 FIRST_UNIT : 114                                                               
 NO_UNITS   : 30                                                                
===============================                                                 
 ID         : FACTORYFS (0x16)                                                  
 ATTR       : RW STL SLC (0x1101)                                               
 FIRST_UNIT : 144                                                               
 NO_UNITS   : 1380                                                              
===============================                                                 
 ID         : DBDATAFS (0x17)                                                   
 ATTR       : RW STL SLC (0x1101)                                               
 FIRST_UNIT : 1524                                                              
 NO_UNITS   : 430                                                               
===============================                                                 
 ID         : LTEMODEM (0xb)                                                    
 ATTR       : RO SLC (0x1002)                                                   
 FIRST_UNIT : 1954                                                              
 NO_UNITS   : 48                                                                
===============================                                                 
 ID         : CPMODEM (0xc)                                                     
 ATTR       : RO SLC (0x1002)                                                   
 FIRST_UNIT : 2002                                                              
 NO_UNITS   : 2                                                                 
===============================
    The SBL begins setting parameters for booting..
    Code: 
    loke_init: j4fs_open success..                                                  
load_lfs_parameters valid magic code and version.                               
load_debug_level reading debug level from file successfully(0x574f4c44).        
init_fuel_gauge: vcell = 3522mV, soc = 4                                        
reading nps status file is successfully!.                                       
nps status=0x504d4f43                                                           
PMIC_IRQ1    = 0x28                                                             
PMIC_IRQ2    = 0x0                                                              
PMIC_IRQ3    = 0x0                                                              
PMIC_IRQ4    = 0x0                                                              
PMIC_STATUS1 = 0x40                                                             
PMIC_STATUS2 = 0x20                                                             
get_debug_level current debug level is 0x574f4c44.                              
aries_process_platform: Debug Level Low                                         
hwrev:a                                                                         
keypad_scan: key value = 0x0                                                    
volup 00: 1                                                                     
volup 0102: 1                                                                   
volup 00DV: 1                                                                   
volup prep1: 0                                                                  
DISPLAY_PATH_SEL[MDNIE 0x1]is on                                                
get_debug_level current debug level is 0x574f4c44.                              
get_debug_level current debug level is 0x574f4c44.                              
MDNIE setting Init start!!                                                      
vsync interrupt is off                                                          
video interrupt is off                                                          
[fb0] turn on                                                                   
MDNIE setting Init end!!                                                        
LCD ID - 0xa1                                                                   
LCD ID - 0x12                                                                   
LCD ID - 0x11                                                                   
set_boot_mode: boot mode = 1                                                    
aries_process_platform: final s1 booting mode = 1                               
                                                                                

Autoboot (0 seconds) in progress, press any key to stop
    at this point, the boot sequence can be stopped by pressing "Enter" on the keyboard via UART. It will bring up the SBL> Prompt which allows you to manually edit configuration
    Code: 
    get_debug_level current debug level is 0x574f4c44.                              
get_debug_level current debug level is 0x574f4c44.                              
boot_kernel: Debug Level Low                                                    
..............................done                                              
Kernel read success from kernel partition no.6, idx.7.                          
setting param.serialnr=0x343373b0 0xf43900ec                                    
setting param.board_rev=0xa                                                     
setting param.cmdline=androidboot.mode=unknown s3cfb_tl2796.lcd_type=2 console=0
                                                                                
Starting kernel at 0x32000000...
    the parameters for booting the kernel have been set and now the kernel will boot
    Code: 
    Uncompressing Linux.............................................................
[    0.086247] KERNEL:kernel_sec_get_debug_level_from_boot=0x574f4c44           
[    0.090984] KERNEL:magic_number=0x0 DEBUG LEVEL low!!                        
[    0.095995] (kernel_sec_set_upload_cause) : upload_cause set 0               
sh: can't access tty; job control turned off                                    
#
    note the last line shows a root shell prompt... it can be useful for grabbing the stock ROM and PARAMS off a unit without rooting before first boot.

    Ok.. so no new information.. We've verified that the OM5 pin has been brought high with this modification, but we still need to enumerate on USB. The mod was done properly so far, but something is wired differently with the power management chip or the USB chip.
    View

New posts