I am ecstatic about the activity this thread has been getting lately. Such knowledgeable people working to help.. keep up the good work guys!
Technical Think Tank for Bricked G1's
- Thread starter d474rpr
- Start date
- Status
I know this has been posted before, if not by myself than at least by someone else working on this project.
If anyone has any information on locating the following document, it would be greatly appreciated and will help to figure out a solution much much quicker:
JTAG Setup Procedure on MSM7500/MSM7200
(80-V9038-13)
File Format: .pdf
Thanks in advance!
*edit
I added this cry for help to my blog to reach a few more eyes.
http://r3nrut.com/?p=172
If anyone has any information on locating the following document, it would be greatly appreciated and will help to figure out a solution much much quicker:
JTAG Setup Procedure on MSM7500/MSM7200
(80-V9038-13)
File Format: .pdf
Thanks in advance!
*edit
I added this cry for help to my blog to reach a few more eyes.
http://r3nrut.com/?p=172
Last edited:
I tried this
I tried this and once i tried to boot into bootloader from blue light the light when out and now i cant even get the device to the G1 screen. anyone want the phone for testing?
I tried this and once i tried to boot into bootloader from blue light the light when out and now i cant even get the device to the G1 screen. anyone want the phone for testing?
I could use it for testing the JTag solution on a device that is already bricked.....currently i'm trying to interface with my working phone. but i wouldnt want the whole phone, only the mainboard, keep everything else for spares or something. only if its the famous blue light mode brick though.
ok
what do you mean by that? i dont know much about circut boards. i got the phone fore free primarily because the plastic around the touch screen of my working G1 is cracking and the screen is coming out. i need to know if i can switch out the sliding touch screen and how. if you know where i can find instructions to do so it would help. as for the brick upon removing my SIM and SD card the phone will boot into the G1 splash screen but still no recovery or bootloader. if you can help that would be awesome. PM me or text at 17758152442 and we can sort out how i can get you the main board if you want it.
what do you mean by that? i dont know much about circut boards. i got the phone fore free primarily because the plastic around the touch screen of my working G1 is cracking and the screen is coming out. i need to know if i can switch out the sliding touch screen and how. if you know where i can find instructions to do so it would help. as for the brick upon removing my SIM and SD card the phone will boot into the G1 splash screen but still no recovery or bootloader. if you can help that would be awesome. PM me or text at 17758152442 and we can sort out how i can get you the main board if you want it.
danny and brios. what is your spl and radio? for brios sounds like you didnt finish your spl flash and you are on the edge of brick. danny, connecting the phone to the computer with cmd prompt open and boot the phone now type
adb shell reboot fastboot
hit enter now your computer should say "waiting for device"
now unplug your phone and take the battery out, now put the batt back in and connect the phone while its still saying waiting for device and boot it. see if it takes you to fastboot.
adb shell reboot fastboot
hit enter now your computer should say "waiting for device"
now unplug your phone and take the battery out, now put the batt back in and connect the phone while its still saying waiting for device and boot it. see if it takes you to fastboot.
ok thankz for the response i knew i should of put that info in my sig well its
dream100 pvt 32b
hspl 10.95.3000
cpld-4
radio 2.22.19.26I
i am on
CM 4.1.9999
(iwas trying to flash the MLING hero rom and it said error line 80 like xbin/system <~~~ some thing like that
so i went to put back CM and there we go stuck i had recovery 1.4 but i manage to flash RA recovery trew recovery so i can try wiping ext patition and i did so but im still stuck i tryed the HRDSPL again but not sure if i did it rigth
dream100 pvt 32b
hspl 10.95.3000
cpld-4
radio 2.22.19.26I
i am on
CM 4.1.9999
(iwas trying to flash the MLING hero rom and it said error line 80 like xbin/system <~~~ some thing like that
so i went to put back CM and there we go stuck i had recovery 1.4 but i manage to flash RA recovery trew recovery so i can try wiping ext patition and i did so but im still stuck i tryed the HRDSPL again but not sure if i did it rigth
Last edited:
Bad news is that the primary JTAG port is unusable, it either has a burned Qfuse or the disable debug pin is shorted out from the factory(Logic Probe confirms this as well), that only leaves the secondary interface which is a pain in the butt to attach wires too. going to do that test tonight and report back. I could really use that missing documentation though. Their has got to be a way to get this working without those documents.
has anyone tried
Has anyone tried accessing the phone with the Blue LED using a Terminal program (something like Procomm Plus) and a bluetooth connection as a modem/serial-connection. I'd imagine using VT-100 or Wyse 50 terminal emulation, 9600 Baud 8-N-1. Seems like it's supposed to be some kind of debugging mode of sorts. My phone isn't bricked, but for giggles, I rebooted my phone holding the scroll down. If you can access this way there may some UART commands to flash the hardware back to system defaults.
(btw, I skipped about 15 pages of posts before this idea popped into my head, so this may have already been covered).
Has anyone tried accessing the phone with the Blue LED using a Terminal program (something like Procomm Plus) and a bluetooth connection as a modem/serial-connection. I'd imagine using VT-100 or Wyse 50 terminal emulation, 9600 Baud 8-N-1. Seems like it's supposed to be some kind of debugging mode of sorts. My phone isn't bricked, but for giggles, I rebooted my phone holding the scroll down. If you can access this way there may some UART commands to flash the hardware back to system defaults.
(btw, I skipped about 15 pages of posts before this idea popped into my head, so this may have already been covered).
Was worth a try...
Thanks for your effort, Binary. It's unfortunate that the primary is no good, but even a functioning secondary will be better than nothing for those of us brave (or desperate) enough to try it. Still better than a brick, right?
Keep us posted.
Thanks for your effort, Binary. It's unfortunate that the primary is no good, but even a functioning secondary will be better than nothing for those of us brave (or desperate) enough to try it. Still better than a brick, right?
Keep us posted.
plz help me revive my android
my g1 will automatically boot me into recovery mode and it wont let me use any commands
it says E:cant open /cache/recovery/command
home+back doesn't function
alt+L does
alt+s doesn't
alt+w doesn't
alt+x doesn't
it wont let me even get to the camera+end function so that i can revert to rc29
is there anything i can do?
my g1 will automatically boot me into recovery mode and it wont let me use any commands
it says E:cant open /cache/recovery/command
home+back doesn't function
alt+L does
alt+s doesn't
alt+w doesn't
alt+x doesn't
it wont let me even get to the camera+end function so that i can revert to rc29
is there anything i can do?
Serial UART debug access to flash ROM's?
Has anyone tried plugging into the serial UART on a bricked phone? Qualcomm has an application (QPST) that can flash system images, etc, through the serial port connection.
If anyone has one of those HTC 11pin miniUSB breakout boards and a TTL level converter, it would be interesting to see if you can gain debug access on a bricked phone. I would assume that would be how the factory technicians do it, since there is no physical JTAG connector on the mainboard.
Has anyone tried plugging into the serial UART on a bricked phone? Qualcomm has an application (QPST) that can flash system images, etc, through the serial port connection.
If anyone has one of those HTC 11pin miniUSB breakout boards and a TTL level converter, it would be interesting to see if you can gain debug access on a bricked phone. I would assume that would be how the factory technicians do it, since there is no physical JTAG connector on the mainboard.
From what BinaryDroid said, it looks like there is a physical JTAG port (not an actual connector, but testpoints), but that it's disabled in the CPU. During manufacture, the machines producing the boards can connect to these testpoints and program the CPU with bootloaders, then blow the Qfuse to disable the JTAG port.
By the looks of the HTC service manual, they never reprogram boards -- if the bootloader is broken, they just replace the board. It's entirely possible that we'll be faced with the same choice.
I can think of one alternative: other than the boot code that is built directly into the CPU (and, according to Qualcomm's docs, aren't programmable by the carrier), all code is read from external NAND flash. It would be a pain in the ass, but we could reprogram that flash chip. With such a small chip and so many pins, it would be nearly impossible to do without specialized equipment. I'm thinking an IC test clip would be needed.
By the looks of the HTC service manual, they never reprogram boards -- if the bootloader is broken, they just replace the board. It's entirely possible that we'll be faced with the same choice.
I can think of one alternative: other than the boot code that is built directly into the CPU (and, according to Qualcomm's docs, aren't programmable by the carrier), all code is read from external NAND flash. It would be a pain in the ass, but we could reprogram that flash chip. With such a small chip and so many pins, it would be nearly impossible to do without specialized equipment. I'm thinking an IC test clip would be needed.
If you can get into recovery, you should be able to get into the bootloader. Can you get into the bootloader? If so, you should be able to replace the recovery, ROM, and everything else. It's probably jumping directly to the recovery because it detects the regular ROM is bad.
Have you tried getting into that "blue light" mode (power on while holding in the trackball)? It does seem like a strange mode for the phone to enter and I also think it may have some bearing on debugging. Perhaps this affects the disable debugging pin?
Also, are you able to trace that disable debug pin? If we can find out if it's shorted and where it's shorted, it may be as simple as cutting a trace or desoldering a resistor -- common fix for modding consoles.
Another possible complication
Without the right docs, it's hard to know for sure, but many systems will require some sort of authentication or other special code before they will enter a debugging mode. Sometimes this is as simple as an undocumented opcode, but for other devices entire authentication sequences with passwords may be employed. Perhaps this is why the primary JTAG port appears dead -- we haven't activated the correct sequence to enable it.
I don't know enough about JTAG to know if it has an authentication mechanism built in or not. Even if not, Qualcomm could have added its own mechanism.
Without the right docs, it's hard to know for sure, but many systems will require some sort of authentication or other special code before they will enter a debugging mode. Sometimes this is as simple as an undocumented opcode, but for other devices entire authentication sequences with passwords may be employed. Perhaps this is why the primary JTAG port appears dead -- we haven't activated the correct sequence to enable it.
I don't know enough about JTAG to know if it has an authentication mechanism built in or not. Even if not, Qualcomm could have added its own mechanism.
- Status
Similar threads
Top Liked Posts
-
There are no posts matching your filters.
-
1
What he means is, pull the bat out. Put the bat back in, don't press any buttons. Plug in the charger, don't press any buttons. What color is the led.
Also are u using wall charger or usb? Does the comp see it at all?
