Tytung UNIMAC kernel debugging

---

Hello all,

I'm working on the mac address problem inherent to HD2.

For now under Magldr, it is more or less unique (more than less) ;)

Other boot method I can't test is haret/wimo

It seems that my patch modifying the NAND(magldr) boot affects the SD boot.

I can't figure it without precise reports. I need you to use "adb" to report me some info.


Here is how to do it:
cd your/android-sdk-linux/platform-tools/
fbourdonnec@ntkiller2:> ./adb shell


# uname -a
Linux localhost 2.6.32-ics_tytung_HWA_r2.3-uniMAC #7 PREEMPT Tue May 22 02:13:09 CEST 2012 armv7l GNU/Linux

# dmesg |grep -i mac
<4>[ 0.000000] Machine: htcleo
<6>[ 1.439056] Device Bluetooth MAC Address: 00:23:76:32:16:be
<6>[ 2.989105] rndis_function_bind_config MAC: 00:00:00:00:00:00
<6>[ 2.989593] usb0: MAC 36:b0:0d:af:76:1d
<6>[ 2.989624] usb0: HOST MAC ca:50:bc:14:ad:79
<6>[ 3.444152] Device Wifi Mac Address: 00:23:76:be:16:32


Tips
-shell into your hd2 asap, while in the boot animation !

-do it with both kernels HWA_r2.3-uniMAC and previous functionnal

Please other Magldr users, post here the macaddress you have.
This is just to eval 'dispersion' (collision avoidance) with actual patch.

Franck

ok, good news,

Saw the mistake in the kernel code.

function() call to guess a mac was inadvertandly removed for SD boot method!

Fixed in R4

This thread still must be filled with MAC address for NAND and SD kernel version to evaluate collision avoidance.

Meanwhile I'm working on reading on interesting NAND block with something ressembling a MAC in it.

Will need more testers to check it is a unique MAC ;)

Hello All,

How many of you users with hd2 will be able to compile a custom kernel with a patched htcleo_nand.c ?

This is to validate my guess of finding two unique macadress writed in block 505 of the NAND.

To definitly get rid of this problem.


Franck

Code:

diff --git a/drivers/mtd/devices/htcleo_nand.c b/drivers/mtd/devices/htcleo_nand.c
index 2150bcc..bfbcbad 100755
--- a/drivers/mtd/devices/htcleo_nand.c
+++ b/drivers/mtd/devices/htcleo_nand.c
@@ -1827,6 +1827,116 @@ static int param_get_page_size(char *buffer, struct kernel_param *kp)
 }
 module_param_call(pagesize, NULL, param_get_page_size, NULL, S_IRUGO);
 
+int is_htc_mac (int pattern)
+{
+		/* HTC blocks to find :
+		00:09:2D
+		00:23:76
+		18:87:76
+		1C:B0:94
+		38:E7:D8
+		64:A7:69
+		7C:61:93
+		90:21:55
+		A0:F4:50
+		A8:26:D9
+		D4:20:6D
+		D8:B3:77
+		E8:99:C4
+		F8:DB:F7 */
+    static int nums[] = {
+    0x00092D,0x2D0900,
+    0x002376,0x762300,
+    0x188776,0x768718,
+    0x1CB094,0x94B01C,
+    0x38E7D8,0xD8E738,
+    0x64A769,0x69A764,
+    0x7C6193,0x93617C,
+    0x902155,0x552190,
+    0xA0F450,0x50F4A0,
+    0xA826D9,0xD926A8,
+    0xD4206D,0x6D20D4,
+    0xD8B377,0x77B3D8,
+    0xE899C4,0xC499E8,
+    0xF8DBF7,0xF7DBF8};
+    int i;
+    for (i=0; i< (sizeof(nums)/sizeof(nums[0])); i++)
+    {
+	if (nums[i] == pattern) return 1;
+    }
+    return 0;
+}
+void scanmac(struct mtd_info *mtd)
+{
+	unsigned char *iobuf;
+	int ret;
+	loff_t addr;
+	struct mtd_oob_ops ops;
+	int i,j,k;
+
+	iobuf = kmalloc(2048/*mtd->erasesize*/, GFP_KERNEL);
+	if (!iobuf) {
+		/*ret = -ENOMEM;*/
+		printk("%s: error: cannot allocate memory\n",__func__);
+		return;
+	}
+
+	ops.mode = MTD_OOB_PLACE;
+	ops.len = 2048;
+	ops.datbuf = iobuf;
+	ops.ooblen = 0;
+	ops.oobbuf = NULL;
+	ops.retlen = 0;
+
+	/* bloc 505 page 6 contains as good candidate */
+	addr = ((loff_t) 505*0x20000 + 6*2048);
+	ret = msm_nand_read_oob(mtd, addr, &ops);
+
+	if (ret == -EUCLEAN)
+		ret = 0;
+	if (ret || ops.retlen != 2048 ) {
+		printk("%s: error: read(%d) failed at %#llx\n",__func__,ops.retlen, addr);
+		goto out;
+	}
+
+	printk("%s: Prefered candidate mac=%02x:%02x:%02x:%02x:%02x:%02x\n",__func__,
+		iobuf[5],iobuf[4],iobuf[3],iobuf[2],iobuf[1],iobuf[0]);
+
+	/* now lets walk looking for HTC mac in the first reserved blocks of NAND   */
+	/* NUM_PROTECTED_BLOCKS=0x212 but Parttiontable starts at 0x219             */
+	/* I think 400 is ok, I have already eliminated 0 - 157 with false positive */
+	/* If my guess is correct, only 505 will match ;)                          */
+	for (i=158; i<0x219; i++) {
+	    for (j=0; j<64; j++) {
+		addr = ((loff_t) i*0x20000 + j*2048);
+		ret = msm_nand_read_oob(mtd, addr, &ops);
+
+		if (ret == -EUCLEAN)
+		    ret = 0;
+		if (ret || ops.retlen != 2048 ) {
+			printk("%s: error: read(%d) failed at %#llx\n",__func__,ops.retlen, addr);
+			break;
+		}
+		/* check */
+		for (k=0; k<2045; k++) {
+		    if (is_htc_mac( (iobuf[k+0]<<16) + (iobuf[k+1]<<8) + iobuf[k+2])) {
+			printk("Mac candidate at block:%d page:%d offset:%d:\n",i,j,k);
+			k >>= 4;
+			k <<= 4;
+			print_hex_dump_bytes("", DUMP_PREFIX_OFFSET, &iobuf[k], 16);
+			k += 16;
+		    }
+		}
+	    }/*j*/
+	}/*i*/
+	ret = 0;
+out:
+	kfree(iobuf);
+	if (ret)
+		printk("Find MAc Error %d occurred\n", ret);
+	return;
+}
+
 /**
 * msm_nand_scan - [msm_nand Interface] Scan for the msm_nand device
 * @param mtd	   MTD device structure
@@ -1992,6 +2102,8 @@ int msm_nand_scan(struct mtd_info *mtd, int maxchips)
 	/* msm_nand_unlock_all(mtd); */
 
 	/* return this->scan_bbt(mtd); */
+	scanmac(mtd);
+
 
 #if VERBOSE
 	for (i=0;i<nand_info->block_count;i++)

my findings are on five HD2 are:

Frk
Mac candidate at block:505 page:0 offset:40:
00000000: 00 00 00 00 30 00 00 00 38 e7 d8 e6 38 fc 00 00 ....0...8...8...
Mac candidate at block:505 page:6 offset:3:
00000000: 80 1c e2 d8 e7 38 ff ff ff ff ff ff ff ff ff ff .....8..........
wifi mac 38 e7 d8 e6 38 fcunder WIMO


Bad
Mac candidate at block:505 page:0 offset:40:
00000000: 00 00 00 00 30 00 00 00 00 23 76 5d fb 08 00 00 ....0....#v]....
Mac candidate at block:505 page:6 offset:3:
00000000: df 20 74 76 23 00 ff ff ff ff ff ff ff ff ff ff . tv#...........

Frk2
Mac candidate at block:505 page:0 offset:40:
00000000: 00 00 00 00 30 00 00 00 00 23 76 d7 ea 13 00 00 ....0....#v.....
Mac candidate at block:505 page:6 offset:3:
00000000: 80 5b e5 76 23 00 ff ff ff ff ff ff ff ff ff ff .[.v#...........

Val
Mac candidate at block:505 page:0 offset:40:
00000000: 00 00 00 00 30 00 00 00 00 23 76 89 09 c0 00 00 ....0....#v.....
Mac candidate at block:505 page:6 offset:3:
00000000: 46 da 6d 76 23 00 ff ff ff ff ff ff ff ff ff ff F.mv#...........

Flo
Mac candidate at block:505 page:0 offset:40:
00000000: 00 00 00 00 30 00 00 00 00 23 76 8c a4 a6 00 00 ....0....#v.....
Mac candidate at block:505 page:6 offset:3:
00000000: 3d 48 6f 76 23 00 ff ff ff ff ff ff ff ff ff ff =Hov#...........

Flo after full task29+reinstall
Mac candidate at block:505 page:0 offset:40:
00000000: 00 00 00 00 30 00 00 00 00 23 76 8c a4 a6 00 00 ....0....#v.....
Mac candidate at block:505 page:6 offset:3:
00000000: 3d 48 6f 76 23 00 ff ff ff ff ff ff ff ff ff ff =Hov#...........

I think you nailed it,

My device's bluetooth mac id under windows: 00:23:76:78:70:78
My device's wireless mac id under windows: 00:23:76:96:1B:F9

Code:

<4>[    1.325286] scanmac: Prefered candidate mac=00:23:76:78:70:78
<4>[   22.797302] Mac candidate at block:505 page:0 offset:40:
<7>[   22.797332] 00000000: 00 00 00 00 10 00 00 00 00 23 76 96 1b f9 00 00
<4>[   22.803070] Mac candidate at block:505 page:6 offset:3:
<7>[   22.803100] 00000000: 78 70 78 76 23 00 ff ff ff ff ff ff ff ff ff ff

Although there was another candidate,

Code:

<4>[   24.686889] Mac candidate at block:536 page:5 offset:443:
<7>[   24.686950] 00000000: bf 03 1e ad ba 9d 4a 6f a4 e1 89 7c 61 93 67 d9

But this one is totally wrong, block:536 is after the bootloader(clk in this case) and is part of the config table

As i said in the email, you should only scan till block 530 (0x212)

EDIT: modified your code a bit,

Code:

<4>[    1.325347] scanmac: candidate for wifi mac=00:23:76:96:1b:f9
<4>[    1.325622] scanmac: candidate for bluetooth mac=00:23:76:78:70:78

Code:

diff --git a/drivers/mtd/devices/htcleo_nand.c b/drivers/mtd/devices/htcleo_nand.c
index e4e347e..27aa6e8 100755
--- a/drivers/mtd/devices/htcleo_nand.c
+++ b/drivers/mtd/devices/htcleo_nand.c
@@ -1835,6 +1835,54 @@ static int param_get_page_size(char *buffer, struct kernel_param *kp)
 }
 module_param_call(pagesize, NULL, param_get_page_size, NULL, S_IRUGO);
 
+void scanmac(struct mtd_info *mtd)
+{
+	unsigned char *iobuf;
+	int ret;
+	loff_t addr;
+	struct mtd_oob_ops ops;
+
+	iobuf = kmalloc(2048/*mtd->erasesize*/, GFP_KERNEL);
+	if (!iobuf) {
+		printk("%s: error: cannot allocate memory\n",__func__);
+		return;
+	}
+
+	ops.mode   = MTD_OOB_PLACE;
+	ops.len    = 2048;
+	ops.datbuf = iobuf;
+	ops.ooblen = 0;
+	ops.oobbuf = NULL;
+	ops.retlen = 0;
+
+	addr = ((loff_t) 505*0x20000);
+	ret = msm_nand_read_oob(mtd, addr, &ops);
+	if (ret == -EUCLEAN)
+		ret = 0;
+	if (ret || ops.retlen != 2048 ) {
+		printk("%s: error: read(%d) failed at %#llx\n",__func__,ops.retlen, addr);
+		goto out;
+	}
+	printk("%s: candidate for wifi mac=%02x:%02x:%02x:%02x:%02x:%02x\n",__func__,
+		iobuf[40],iobuf[41],iobuf[42],iobuf[43],iobuf[44],iobuf[45]);
+
+	addr = ((loff_t) 505*0x20000 + 6*0x800);
+	ret = msm_nand_read_oob(mtd, addr, &ops);
+	if (ret == -EUCLEAN)
+		ret = 0;
+	if (ret || ops.retlen != 2048 ) {
+		printk("%s: error: read(%d) failed at %#llx\n",__func__,ops.retlen, addr);
+		goto out;
+	}
+	printk("%s: candidate for bluetooth mac=%02x:%02x:%02x:%02x:%02x:%02x\n",__func__,
+		iobuf[5],iobuf[4],iobuf[3],iobuf[2],iobuf[1],iobuf[0]);
+	ret = 0;
+out:
+	kfree(iobuf);
+	if (ret) printk("Find MAC Error %d occurred\n", ret);
+	return;
+}
+
 /**
 * msm_nand_scan - [msm_nand Interface] Scan for the msm_nand device
 * @param mtd	   MTD device structure
@@ -2000,6 +2048,7 @@ int msm_nand_scan(struct mtd_info *mtd, int maxchips)
 	/* msm_nand_unlock_all(mtd); */
 
 	/* return this->scan_bbt(mtd); */
+	scanmac(mtd);
 
 #if VERBOSE
 	for (i=0;i<nand_info->block_count;i++)

Great job.

I've implemented the mac address reading in my kernel. You can see the commit here:
https://github.com/marc1706/desire_k...38f0920b4dc7c5

edit:
My mac addresses, now both with Windows Mobile and with Android:

Code:

Wifi Mac:	00:23:76:8A:40:B9
BT Mac:		00:23:76:6E:4B:C6

well, I'l sure now that the offset [40...45] have a macaddress.

problem is how is it unique....

If you read this code you will see that when the Nand is blank, a default macaddress of 00:90:4C:C5:00:34 is created.

Code:

ROM:95043CC8 @ =============== S U B R O U T I N E =======================================
ROM:95043CC8
ROM:95043CC8 @ 1 initdata
ROM:95043CC8 @ 0 displaydata
ROM:95043CC8
ROM:95043CC8 eMapiCheckWlanDataValidity:             @ CODE XREF: StartupSequence+3Cp
ROM:95043CC8                                         @ Emapitest:loc_9502020Cp
ROM:95043CC8                                         @ DATA XREF: ...
ROM:95043CC8
ROM:95043CC8 var_30          = -0x30
ROM:95043CC8 var_2C          = -0x2C
ROM:95043CC8 var_28          = -0x28
ROM:95043CC8
ROM:95043CC8                 STMFD   SP!, {R4-R11,LR}
ROM:95043CCC                 SUB     SP, SP, #0xC
ROM:95043CD0                 MOV     R4, R0
ROM:95043CD4                 LDR     R0, =WlanBlock
ROM:95043CD8                 MOV     R5, #0
ROM:95043CDC                 BL      GetWLANblock
ROM:95043CE0                 BL      CheckSignature
ROM:95043CE4                 LDR     R7, =0xEE4329
ROM:95043CE8                 MOV     R6, R0
ROM:95043CEC                 CMP     R4, #0
ROM:95043CF0                 BNE     _InitData
ROM:95043CF4                 LDR     R3, [R6]
ROM:95043CF8                 CMP     R3, R7
ROM:95043CFC                 BNE     _InitData
ROM:95043D00                 LDR     R3, [R6,#4]
ROM:95043D04                 CMP     R3, #0
ROM:95043D08                 BEQ     _err_invalid_update
ROM:95043D0C                 LDR     R3, [R6,#8]
ROM:95043D10                 CMP     R3, #0
ROM:95043D14                 BEQ     _err_invalid_update
ROM:95043D18                 LDR     R2, [R6,#0xC]
ROM:95043D1C                 CMP     R2, #0x7C0
ROM:95043D20                 BLS     loc_95043D30
ROM:95043D24
ROM:95043D24 _err_invalid_body_size:                 @ "[eMapiCheckWlanDataValidity] Invalid bo"...
ROM:95043D24                 LDR     R0, =aEmapicheckwlan
ROM:95043D28                 BL      print
ROM:95043D2C                 B       _end
ROM:95043D30 @ ---------------------------------------------------------------------------
ROM:95043D30
ROM:95043D30 loc_95043D30:                           @ CODE XREF: eMapiCheckWlanDataValidity+58j
ROM:95043D30                 AND     R3, R2, #3
ROM:95043D34                 SUB     R3, R2, R3
ROM:95043D38                 ADD     R1, R3, #4
ROM:95043D3C                 MOV     R2, #0
ROM:95043D40                 ADD     R0, R6, #0x40
ROM:95043D44                 BL      GetRamCrc
ROM:95043D48                 LDR     R3, [R6,#0x10]
ROM:95043D4C                 CMP     R0, R3
ROM:95043D50                 BEQ     _DisplayData
ROM:95043D54
ROM:95043D54 _err_checsum_invalid:                   @ "[eMapiCheckWlanDataValidity] CheckSum e"...
ROM:95043D54                 LDR     R0, =aEmapicheckwl_0
ROM:95043D58                 BL      print
ROM:95043D5C                 B       _end
ROM:95043D60 @ ---------------------------------------------------------------------------
ROM:95043D60
ROM:95043D60 _DisplayData:                           @ CODE XREF: eMapiCheckWlanDataValidity+88j
ROM:95043D60                 LDR     R0, =aWlanDataHeader @ "Wlan data header ++++++++++++++++++++\n"
ROM:95043D64                 BL      print
ROM:95043D68                 LDR     R1, [R6]
ROM:95043D6C                 LDR     R0, =aSignature0xX @ "Signature : 0x%x\n"
ROM:95043D70                 BL      printf
ROM:95043D74                 LDR     R1, [R6,#4]
ROM:95043D78                 LDR     R0, =aUpdatestatus0x @ "UpdateStatus : 0x%x\n"
ROM:95043D7C                 BL      printf
ROM:95043D80                 LDR     R1, [R6,#8]
ROM:95043D84                 LDR     R0, =aUpdatecount0xX @ "UpdateCount : 0x%x\n"
ROM:95043D88                 BL      printf
ROM:95043D8C                 LDR     R1, [R6,#0xC]
ROM:95043D90                 LDR     R0, =aBodylength0xX @ "BodyLength : 0x%x\n"
ROM:95043D94                 BL      printf
ROM:95043D98                 LDR     R1, [R6,#0x10]
ROM:95043D9C                 LDR     R0, =aBodycrc0xX @ "BodyCRC : 0x%x\n"
ROM:95043DA0                 BL      printf
ROM:95043DA4                 LDR     R1, [R6,#0x14]
ROM:95043DA8                 LDR     R0, =aAdieid00xX @ "aDieId(0) : 0x%x\n"
ROM:95043DAC                 BL      printf
ROM:95043DB0                 LDR     R1, [R6,#0x18]
ROM:95043DB4                 LDR     R0, =aAdieid10xX @ "aDieId(1) : 0x%x\n"
ROM:95043DB8                 BL      printf
ROM:95043DBC                 LDR     R1, [R6,#0x1C]
ROM:95043DC0                 LDR     R0, =aAdieid20xX @ "aDieId(2) : 0x%x\n"
ROM:95043DC4                 BL      printf
ROM:95043DC8                 LDR     R1, [R6,#0x20]
ROM:95043DCC                 LDR     R0, =aAdieid30xX @ "aDieId(3) : 0x%x\n"
ROM:95043DD0                 BL      printf
ROM:95043DD4                 LDR     R1, [R6,#0x24]
ROM:95043DD8                 LDR     R0, =aCountryid0xX @ "countryID : 0x%x\n"
ROM:95043DDC                 BL      printf
ROM:95043DE0                 LDRB    LR, [R6,#45]
ROM:95043DE4                 LDRB    R4, [R6,#44]
ROM:95043DE8                 LDRB    R5, [R6,#43]
ROM:95043DEC                 LDRB    R3, [R6,#42]
ROM:95043DF0                 LDRB    R2, [R6,#41]
ROM:95043DF4                 LDRB    R1, [R6,#40]
ROM:95043DF8                 LDR     R0, =aMacBBBBBB @ "MAC= %B %B %B %B %B %B\r\n "
ROM:95043DFC                 STR     LR, [SP,#0x30+var_28]
ROM:95043E00                 STR     R4, [SP,#0x30+var_2C]
ROM:95043E04                 STR     R5, [SP,#0x30+var_30]
ROM:95043E08                 BL      printf
ROM:95043E0C                 LDR     R0, =aWlanDataHead_0 @ "Wlan data header ----------------------"...
ROM:95043E10
ROM:95043E10 _ok:                                    @ CODE XREF: eMapiCheckWlanDataValidity+1F4j
ROM:95043E10                 BL      print
ROM:95043E14                 MOV     R5, #1
ROM:95043E18                 B       _end
ROM:95043E1C @ ---------------------------------------------------------------------------
ROM:95043E1C
ROM:95043E1C _err_invalid_update:                    @ CODE XREF: eMapiCheckWlanDataValidity+40j
ROM:95043E1C                                         @ eMapiCheckWlanDataValidity+4Cj
ROM:95043E1C                 LDR     R0, =aEmapicheckwl_1 @ "[eMapiCheckWlanDataValidity] Invalid up"...
ROM:95043E20                 BL      print
ROM:95043E24                 B       _end
ROM:95043E28 @ ---------------------------------------------------------------------------
ROM:95043E28
ROM:95043E28 _InitData:                              @ CODE XREF: eMapiCheckWlanDataValidity+28j
ROM:95043E28                                         @ eMapiCheckWlanDataValidity+34j
ROM:95043E28                 MOV     R2, #0x800      @ Count
ROM:95043E2C                 MOV     R1, #0          @ char
ROM:95043E30                 MOV     R0, R6          @ int
ROM:95043E34                 BL      fillchar
ROM:95043E38
ROM:95043E38
ROM:95043E38                 MOV     R3, #0x238
ROM:95043E3C                 LDR     R1, =unk_97901318
ROM:95043E40                 ORR     R3, R3, #2
ROM:95043E44                 MOV     R5, #0x10
ROM:95043E48                 MOV     R8, #0x90 @ '�'
ROM:95043E4C                 MOV     R9, #0x4C @ 'L'
ROM:95043E50                 MOV     R10, #0xC5 @ '+'
ROM:95043E54                 MOV     R11, #0x34 @ '4'
ROM:95043E58                 MOV     LR, #1
ROM:95043E5C                 MOV     R4, #0
ROM:95043E60                 MOV     R2, R3
ROM:95043E64                 ADD     R0, R6, #0x40
ROM:95043E68                 STMIA   R6, {R7,LR}
ROM:95043E6C                 STR     LR, [R6,#8]
ROM:95043E70                 STR     R3, [R6,#0xC]
ROM:95043E74                 STR     R5, [R6,#0x24]
ROM:95043E78                 STRB    R4, [R6,#0x28]
ROM:95043E7C                 STRB    R8, [R6,#0x29]
ROM:95043E80                 STRB    R9, [R6,#0x2A]
ROM:95043E84                 STRB    R10, [R6,#0x2B]
ROM:95043E88                 STRB    R4, [R6,#0x2C]
ROM:95043E8C                 STRB    R11, [R6,#0x2D]
ROM:95043E90                 BL      memcpy
ROM:95043E94                 MOV     R2, #0
ROM:95043E98                 MOV     R1, #0x23C
ROM:95043E9C                 ADD     R0, R6, #0x40
ROM:95043EA0                 BL      GetRamCrc
ROM:95043EA4                 MOV     R3, R0
ROM:95043EA8                 MOV     R0, R6
ROM:95043EAC                 STR     R3, [R6,#0x10]
ROM:95043EB0                 BL      callNAND_WriteConfig
ROM:95043EB4                 CMP     R0, #0
ROM:95043EB8                 LDRNE   R0, =aInitializeWlan @ "Initialize wlan data success\n"
ROM:95043EBC                 BNE     _ok
ROM:95043EC0
ROM:95043EC0 _err_init_failed:                       @ "Initialize wlan data fail\n\n"
ROM:95043EC0                 LDR     R0, =aInitializeWl_0
ROM:95043EC4                 BL      print
ROM:95043EC8                 MOV     R5, #0
ROM:95043ECC
ROM:95043ECC _end:                                   @ CODE XREF: eMapiCheckWlanDataValidity+64j
ROM:95043ECC                                         @ eMapiCheckWlanDataValidity+94j ...
ROM:95043ECC                 MOV     R0, R5
ROM:95043ED0                 ADD     SP, SP, #0xC
ROM:95043ED4                 LDMFD   SP!, {R4-R11,LR}
ROM:95043ED8                 BX      LR

Is that from a ROM? If yes then I'm guessing that it maybe creates a "default" mac before the actual mac address is parsed from SPL.
I've done a task29 and installed a (close to) stock windows mobile ROM before checking my real wifi and bt mac addresses.

And they are the same as the ones this code returns.

Quote:

Originally Posted by marc1706

Is that from a ROM? If yes then I'm guessing that it maybe creates a "default" mac before the actual mac address is parsed from SPL.
I've done a task29 and installed a (close to) stock windows mobile ROM before checking my real wifi and bt mac addresses.

And they are the same as the ones this code returns.

It is from SPL, But since nand config data is never erased and is written in factory, i think it should be fine using this as a source, since we know there weren't any mac collisions under windows mobile as far as i know.

Add another htc-hd2 I got

Directly installed with Tytung kernel hwa v2.3 (jun 2012), macaddress:

wifi : 00:23:76:89:1F:B2
bluetooth : 00:23:76:6D:E3:FF

are unique

Franck

Quote:

Originally Posted by Franck78

Add another htc-hd2 I got

Directly installed with Tytung kernel hwa v2.3 (jun 2012), macaddress:

wifi : 00:23:76:89:1F:B2
bluetooth : 00:23:76:6D:E3:FF

are unique

Franck

I've confirmed this fix with 4 different HD2 devices - all are unique, and show the same MAC from WinMo65 Thanks a ton for your work!!!