Post Reply

The Captivate Development Platform mod AKA UnBrickable Mod

OP AdamOutler

7th August 2011, 12:30 AM   |  #1  
Background
First off, big thanks to TheBeano and Midas5 for teaching me about UART, decompiling bootloaders and figuring out how the OM values work. Their initial work and dedication in "Lets Save Some Bricks" inspired me greatly. Since the work started we've analyzed UART outputs, hacked the heck out of the SBL prompt, obtained both decompiled and source for bootloaders, and generally learned a **** ton about our devices... Mind you, that's a Metric **** ton, not the Imperial **** ton, which is equivalent to nearly 2000 assloads. The reason I'm branching this operation at the current point is because this modification is specific to our device. The proper modifications for other Samsung devices have not been identified yet. We're first! Yay! We need to focus on Captivate firmware development now. The firmware may encompass all GalaxyS models as well, but this modification will only work on the Captivate.

introduction
I'm not kidding when I say UnBrickable. Modifying the OM pins means you can boot from USB, UART or MMC. This makes the phone quite UNBRICKABLE. There is nothing you can do software wise to prevent the device from booting into this mode. We are communicating with the unrewritable, efused IROM on the processor. It's the thing that makes the system on a chip into a "system on a chip".I am here now to tell you how to turn your Samsung Captivate into a KIT-S5PC110 development board. The KIT-S5PC110 development board is the platform used to develop our phones. There are some differences between this mod and the official development platform. The S5PC110 has a removable internal SDCard and no touchscreen.

Why would you want to do this? When you plug in the battery and connect it to the computer in "off" mode, it will become an S5PC110 board awaiting download of a program to run. This occurs long before anything like software or firmware enters the processor. This is the IROM of the device awaiting commands or a power on signal.

Because it is accepting a memory flash, anything may be put onto the device to perform a boot sequence..... Apple iOS (iPhone4 has the same processor) WP7 (mango supports this processor).

This will be a replacement for JTAG once we are able to make some firmware. How could it possibly be better then JTAG? Let's count the ways....
1. The only part required is a wire.
2. No shipping time.
3. No cost for a box to interface the computer.
4. Permanent.
5. Can be done as a preventive measure.
6. Gives the ability to test new Bootloaders temporarily.
7. Allows development of the entire system.
8. Removes worry about flashing and acts as a backup.

After performing this mod:
Remove the battery, replace the battery, your phone will connect to the computer via USB and await commands. Otherwise it will pretty much act like a captivate. See the Special Instructions section.

Modification

You will need:
1. Get someone who knows what they're doing with a soldering iron. If they don't know what flux is, then they don't know what they're doing. You can send me a PM(my username @gmail.com) or Connexion2005(aka MobileTechVideos.com). Note: I do not work for/with mobiletechvideos.com.
2. soldering iron - make sure it's sharp, if it's not sharp, then sharpen it, flux it and retin it.
3. flux
4. solder
5. tweezers
6. A relay (for the wire contained within)

getting started:
You will need a very small peice of wire. Tear apart the relay unravel the coil within and grab about 12cm~ of wire. The fact that it comes from a relay is important because relays generally have very small wire which are individually treated with a non-conductive coating.

Take the 12cm~ wire from the relay and tin the very edge of it. No more then 1/32". If you tin more then 1mm, cut off the excess. It is desirable to have a slight bit of excess solder on the tip of this wire.

performing the modification:
1. tear apart your phone... remove 6 #0 phillips screws from the back. Two of them are under the battery slide flap. The slide flap must be up on one end and down on the other in order to get to these screws... Don't LIFT the slide flap, just rotate it at an angle. Once the 6 screws are out, then you can separate the back from the front. Make sure to take out your SIM and external SDCard before you do this.



2. remove the mainboard... there's a single screw and 5 connectors which require removal. Remove them. Pull the board out and place it on your workspace




3. remove the EM shield from the processor side.



4. remove the OM5 resistor in the picture below. It's coated in glue. I've found the best thing is to just coat the area in flux and let it do the work while prodding with the iron to move the resistor out of place.



5. Connect the active side of xOM0 resistor to the active pad on OM5's resistor pads.
http://i51.tinypic.com/160zmty.jpg








6. reassemble the phone.


Special Instructions
  • This replaces the battery charging sequence. The normal battery charging sequence can be activated by holding power for 4 seconds.
  • To turn on the device, and operate in normal mode, you must hold the power button for 5 seconds.
  • 3 button Download mode works as usual, however you must not have the S5PC110 drivers installed on the computer. You can use your custom rom menu option, adb reboot download, or use a terminal to "reboot download". 301Kohm Factory Mode JIGs work as well, but you must press power to bypass the S5PC110 mode.


Conclusion

Congratulations. You now have a device which works like a KIT-S5PC110 with an OM Value of 29. Now get to developing some serious custom software. See here for setting up the UART output http://forum.xda-developers.com/show....php?t=1235219

reading material
Creating your own Samsung Bootloaders: http://forum.xda-developers.com/show....php?t=1233273
KIT-S5PC110 manual: http://www.mediafire.com/?94krzvvxksvmuxh
how to use DNW: http://tinyurl.com/dnw-how-to
Flash using openOCD and DNW: http://www.arm9board.net/wiki/index....penOCD_and_DNW
another DNW example: http://www.boardset.com/products/mv6410.php
ODroid dev center: http://dev.odroid.com/projects/uboot/wiki/#s-7.2


drivers and utilities
This will be an ever expanding list
Windows Drivers http://forum.xda-developers.com/atta...7&d=1312590673
Windows Download Tool DNW: http://forum.xda-developers.com/atta...8&d=1312590673
Windows Command Line tool: http://forum.xda-developers.com/show...3&postcount=27
Linux DNW Utility: http://dev.odroid.com/projects/uboot/wiki/#s-7.2
Linux Detector tool: http://forum.xda-developers.com/show....php?t=1257434
Linux Automated UnBricker:http://forum.xda-developers.com/show....php?t=1242466

firmware
Bootloader Hello World by Rebellos http://forum.xda-developers.com/atta...7&d=1314105521
UnBrick tool http://forum.xda-developers.com/show....php?t=1242466
Attached Thumbnails
Click image for larger version

Name:	CaptivateDoneAgainForSpecialNoob.jpg
Views:	116090
Size:	66.5 KB
ID:	710233  
Last edited by AdamOutler; 7th October 2011 at 03:08 PM.
The Following 74 Users Say Thank You to AdamOutler For This Useful Post: [ View ]
7th August 2011, 12:48 AM   |  #2  
Smasher816's Avatar
Senior Member
Flag Missouri
Thanks Meter: 166
 
389 posts
Join Date:Joined: Jan 2011
Donate to Me
More
Great work adam. cant wait to see this used to reflash bootloaders or something.
The Following User Says Thank You to Smasher816 For This Useful Post: [ View ]
7th August 2011, 12:54 AM   |  #3  
bulletproof1013's Avatar
Senior Member
Thanks Meter: 83
 
907 posts
Join Date:Joined: Dec 2008
Donate to Me
now we need firmware... i figured adam would have flashed something already , and thought about getting back from that flash later :P
The Following User Says Thank You to bulletproof1013 For This Useful Post: [ View ]
7th August 2011, 02:27 AM   |  #4  
Kaik541's Avatar
Senior Member
Flag Cedar Park, TX
Thanks Meter: 879
 
1,906 posts
Join Date:Joined: Jun 2010
Donate to Me
More
https://github.com/teamhacksung/uBoot

possibility of uBoot on our devices... so much nicer than our current bootloaders. initial work has been done by codeworkx for compatibility with our boards, but (obviously) hasn't been tested
The Following 3 Users Say Thank You to Kaik541 For This Useful Post: [ View ]
7th August 2011, 03:12 AM   |  #5  
Member
Thanks Meter: 19
 
78 posts
Join Date:Joined: May 2011
COOOL


:P

looks good
The Following User Says Thank You to samvillian For This Useful Post: [ View ]
7th August 2011, 04:44 AM   |  #6  
snowake's Avatar
Member
Flag Athens, GA
Thanks Meter: 7
 
96 posts
Join Date:Joined: Jan 2011
More
Very exciting work y'all! Any plans on using it to dual boot Andbuntu/iOS?
The Following User Says Thank You to snowake For This Useful Post: [ View ]
7th August 2011, 04:51 AM   |  #7  
Senior Member
Thanks Meter: 7
 
108 posts
Join Date:Joined: Sep 2010
Wow dude, you do some great work. Keep us posted!

Now if it only was a light sabor too....
7th August 2011, 05:26 AM   |  #8  
Smasher816's Avatar
Senior Member
Flag Missouri
Thanks Meter: 166
 
389 posts
Join Date:Joined: Jan 2011
Donate to Me
More
i did a little bit of reading and definitly agree it would be cool to get uboot on our phones,
along with unbicking devices.
I would love to help sadly I have no knowledge of this low level stuff, or soldering skills.
I will watch this thread closely. Good luck guys.

http://www.linuxfordevices.com/c/a/L...ce-bootloader/
Last edited by Smasher816; 7th August 2011 at 05:33 AM.
The Following 2 Users Say Thank You to Smasher816 For This Useful Post: [ View ]
8th August 2011, 06:56 AM   |  #9  
I was attempting to see what i could "upload" from my daily phone. I messed up my daily phone while performing this modification. I was trying to remove the xOM5 resistor and got impatient. I broke it off, it took the pad with it and I and was left with only a .001mm wire on the board. I attempted to solder it for about 6 hours straight and after a while I swiped off 5 resistors in a line. I'm sure I could repair it, but I just went and bought another phone.

Lesson: Take your time, and don't try to force anything. That glue is tough and it acts as a heat sink. Remove the glue from one side of the resistor, heat the entire resistor up and let it slide off. Don't try to speed it up.

Once you perform this modification everything works just fine. No problems. It's a risky procedure though.

I still have not tested any firmware sucessfully. I tried a few precompiled uboots, but I did not yet try the uboot mentioned above.
Last edited by AdamOutler; 8th August 2011 at 07:00 AM.
The Following User Says Thank You to AdamOutler For This Useful Post: [ View ]
8th August 2011, 11:49 AM   |  #10  
Member
Flag Navarre
Thanks Meter: 8
 
33 posts
Join Date:Joined: Dec 2010
Donate to Me
More
This looks awesome, although I'm hesitant to do it, because there's always that chance that I will need to RMA. Sorry about your phone Adam, I think everyone in the forum is probably in love with you now though!

Sent from my SAMSUNG SGH-I897 using XDA Premium App

Post Reply Subscribe to Thread
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes


Top Threads in Captivate Android Development by ThreadRank