[HOW-TO]Set up a Captivate for Samsung Bootloader Development
OK, there's been quite a few unanswered questions on bootloader development.. I didn't want to clutter the Make your Own Bootloader thread with hardware stuff. I didn't want to clutter up the UnBrickable Mod thread with Bootloader development setup stuff. UnBrickable mod will be a one-stop shop thread for the Captivate eventually.
Introduction
This thread will get you started with bootloader development speciffic to the captivate, however the same techniques work on all GalaxyS devices with an adjustment to the RX/TX locations
We need to delve into the hardware, remove a resistor, attach a wire, and bring two wires outside of the phone. This is quite a bit more difficult then the typical UART over USB connection which we have used in the past. For bootloader development the UART Output described in this video will not work..
The external UART output with a 619Kohm jig between pins 4 and 5, monitoring 115200 8N1 serial output between pins 2 and 3 will not work because the USB hardware is initialised by the bootloaders. In order to test the bootloaders you are developing, you must go to a lower level.
Note:While the UART output in the video will not work for Bootloader development, itis absolutely unbeatable for Kernel level debug on nearly all Samsung devices.
2. Next we need to connect a relay wire to the internal JTAG UART points. We cannot use the external UART via USB as we have seen in the past for writing bootloaders because the chip which handles switching for UART has not been initialized yet. We need to go directly to the source off of the processor. You can connect to the internal JTAG UART RX and TX lines here on the JTAG pads:
They can be connected directly, or you can use a board from a guy named "K-WW" on the Hackaday.com forums
Here is a picture of my JTAG connector... This is optional and you will likely want to run wires directly for this project.
Alternately you can get these same points here, next to the processor:
3. Once you have the wires connected to the board, technically you're done and you can now connect up to your Android using your UART Device of choice. I decided to go the extra step and run those small wires to some solid core wire I bent and melted into the phone's case.
The further one is RX and the closer one is TX. Using this low point allows me to close up the device properly and I can still use my SDCard slot.
4. To do some debugging you can connect your Arduino at 8N1 using the same code from the video above...
Code:
void setup() {
// initialize both serial ports:
Serial.begin(115200);
Serial1.begin(115200);
}
void loop() {
// read from port 1, send to port 0:
if (Serial1.available()) {
int inByte = Serial1.read();
Serial.print(inByte, BYTE);
}
// read from port 0, send to port 1:
if (Serial.available()) {
int inByte = Serial.read();
Serial1.print(inByte, BYTE);
}
}
Or connect the Bus Pirate up to the device using the following options in a terminal:
Code:
HiZ>m
1. HiZ
2. 1-WIRE
3. UART
4. I2C
5. SPI
6. 2WIRE
7. 3WIRE
8. LCD
9. DIO
x. exit(without change)
(1)>3
Set serial port speed: (bps)
1. 300
2. 1200
3. 2400
4. 4800
5. 9600
6. 19200
7. 38400
8. 57600
9. 115200
10. BRG raw value
(1)>9
Data bits and parity:
1. 8, NONE *default
2. 8, EVEN
3. 8, ODD
4. 9, NONE
(1)>1
Stop bits:
1. 1 *default
2. 2
(1)>1
Receive polarity:
1. Idle 1 *default
2. Idle 0
(1)>1
Select output type:
1. Open drain (H=Hi-Z, L=GND)
2. Normal (H=3.3V, L=GND)
(1)>2
Ready
UART>
6. To prepare the phone for debug, remove the battery, insert the battery attach USB and run the following program in a new terminal (not the one you are monitoring USB Output)
sudo ~/Desktop/dltool/smdk-usbdl -f ~/Desktop/dltool/s5pc110_test/s5pc110_sbl_loader.bin -a D0020000
you will see this in the same window
Code:
SMDK42XX,S3C64XX USB Download Tool
Version 0.20 (c) 2004,2005,2006 Ben Dooks <ben-linux@fluff.org>
S3C64XX Detected!
=> found device: bus 002, dev 011
=> loaded 24576 bytes from /home/adam/Desktop/dltool/s5pc110_test/s5pc110_sbl_loader.bin
=> Downloading 24586 bytes to 0xd0020000
=> Data checksum ffb7
=> usb_bulk_write() returned 24586
adam@Adam-Desktop:~$
And upon upload of the primitive bootloader, you will see this in the UART window
Code:
Welcome to the S5PC110 resurrector by Rebellos!
Calling SGS IBL Stage2, pray so it wont hang...
DONE!
Testing if BL3 area is R/W
DONE!
Please prepare USB dltool with BL3 (SBL)
Starting downloader in...
9
8
7
6
5
4
3
2
1
0
7. Unplug the USB cable. As soon as the USB cable is removed all executing commands stop and the device awaits you to push the power on button.
Some notes:
PBL execution automatically occurs at 0xD002000 (this is with a 0x10 signature in front so the actual code begins at 0xD002010)
SBL is in DRAM at 0x40244000
Conclusion
So, there you have it. This is how to set up your Captivate to be a bootloader development kit. You don't have to develop a bootloader to load it up using this method.. You can simply stop at step 1 of this guide, UnBrickable mod, and be able to test results without UART output.
If anyone would like to give me one of the following devices' mainboard I will make a UnBrickable Mod/Development Platform for each device.
Samsung Devices: I9000 S8500, S8530, SGH-897, SGH-i896, SGH-i997, T959, SGH-T849, GT-P1000, GT-i9010, GT-i8350, GT-I917
Google Nexus S, Odroid T,
Apple iPhone4
Any new Samsung WP7
I ignore PMs with questions that could be answered by searching. If you PM me, I probly won't respond.
Check out my developer pages. Add me to your circles on Google Plus.
We've got it much easier when it comes to the JTAG header. As you can see in the picture below, the header is already attached to the PCB, and all we need is the connector board from "K-WW".
The large metallic thing on the left is the SIM card slot. The connector for the display (at the bottom of the picture) might be in the way. If it isn't we'll be able to connect to the JTAG and UART2 ports without doing any soldering or even disconnecting a single cable on the device.
We need someone to donate an Infuse to AdamOutler. He needs to remove the processor from the PCB to be able to find the xOM5 pad. This means destroying the phone, so it doesn't matter what the condition is. If it's bricked with a smashed screen and water damage, it doesn't matter! If you can help us with this, please speak up on this thead: http://forum.xda-developers.com/show....php?t=1221064
You don't NEED the board. The receptical itself with wires attached will attach to the header and you could close up the device with it attached. With the socket breakout board, the device would need to remain open. I would be searching for alternate UART points as well so the JTAG header would remain available.
Like I said.... I need device mainboards... they need not work. I'm not gaining anything directly from this except fruits of firmware development.... alternate OSs and open source bootloaders
I ignore PMs with questions that could be answered by searching. If you PM me, I probly won't respond.
Check out my developer pages. Add me to your circles on Google Plus.
Or, try to find 5 OM resistors while phone is being powered up.
3 should be 100.3kOhm resistance and connected to GND
2 should be ~10.1kOhm resistance and connected to VCC PDA (most likely exactly 2.8V, but 1.8V and similiar is also possible option)
These should be in row, or close to itselves. Then all whats left is guessing which one of the 3 is OM5. By some dangerous tests most likely, but with much smaller risk of damaging the board, comparing to complete CPU teardown.
Or, try to find 5 OM resistors while phone is being powered up.
3 should be 100.3kOhm resistance and connected to GND
2 should be ~10.1kOhm resistance and connected to VCC PDA (most likely exactly 2.8V, but 1.8V and similiar is also possible option)
These should be in row, or close to itselves. Then all whats left is guessing which one of the 3 is OM5. By some dangerous tests most likely, but with much smaller risk of damaging the board, comparing to complete CPU teardown.
On my device, all resistors are 100.3kohm.
I ignore PMs with questions that could be answered by searching. If you PM me, I probly won't respond.
Check out my developer pages. Add me to your circles on Google Plus.
I've been staring at this document, the picture of the infuse and the sgh-t959v pictures from ifixit for a while and finally got the gumption to try finding the internal uart. Big thanks for this picture:
Quote:
Originally Posted by AdamOutler
You can connect to the internal JTAG UART RX and TX lines here on the JTAG pads:
XDA Developers was founded by developers, for developers. It is now a valuable resource for people who want to make the most of their mobile devices, from customizing the look and feel to adding new functionality. Are you a developer?
Introducing XDA:DevCon – A Conference For Developers By Developers
>
[HOW-TO]Set up a Captivate for Samsung Bootloader Development
Print
Email
[HOW-TO]Set up a Captivate for Samsung Bootloader Development
View Profile
View Forum Posts
Follow on Twitter
Follow on Google+
View GitHub profile
Visit Homepage
Linear Mode
