In the last days, I've been (again) trying to compile and run a myriad of different kernels and experimenting with Code Aurora Forum. And reading, reading, reading... So today I found out about "Qualcomm DLOAD mode" and though of it as a new hope to debug the kernel without having to open the device and look for serial ports
I'm still not there yet, but now I can read the phone in that mode with the help of the Sahara project (https://github.com/openpst/sahara
), which is aimed at talking with the phone when in this mode, offering the possibility of a recover even in case of a hard brick
. More on this later.
I often fall into this "DLOAD mode" when I flash a new kernel which doesn't work. All I get is the phone almost dead with a blue led turned on and this device showing up:
Bus 003 Device 071: ID 05c6:900e Qualcomm, Inc.
I found out the driver which can handle these devices is qcserial
, so I "modprobed" it just to find out it had no support for this specific device:vendor (strangely enough it shows up sometimes as 05c6:900e and sometimes as 05c6:901d). A new journey started then in order to make qcserial recognize my device as well. I did it this way:
Step 1: Editing and compiling qcserial
1.1 As we're going to compile the module, it will generally need to be signed before the kernel can load it, so we need some tools to sign it. This will create MOK.priv and MOK.der files (more info here: https://gorka.eguileor.com/vbox-vmwa...ureboot-linux/
openssl req -new -x509 -newkey rsa:2048 -keyout MOK.priv -outform DER -out MOK.der -nodes -days 36500 -subj "/CN=Akrog/"
sudo mokutil --import ../MOK.der
Now we have to reboot the machine to make this MOK authorized. For me, a screen showed up upon reboot with some questions I had to answer.
1.2 Stopping ModemManager, so it doesn't interfere with the device, since it will be recognized as a modem:
sudo systemctl stop ModemManager
1.3 Getting the Ubuntu Kernel source for my distro.
sudo apt install linux-source
tar jxf /usr/src/linux-source-4.15.0/linux-source-4.15.0.tar.bz2
1.4 Copying my current .config and Modules.symvers and changing what's necessary.
cp /lib/modules/4.15.0-65-generic/build/.config ./
cp /lib/modules/4.15.0-65-generic/build/Module.symvers ./
Go to Device Drivers > USB support > USB Serial Converter support and unmark all options but:
[*] USB Generic Serial Driver
<M> USB Qualcomm Auxiliary Serial Port Driver
<M> USB Qualcomm Serial modem
Save and Exit.
1.5 Compile the module
This is my uname:
$ uname -a
Linux xps13 4.15.0-65-generic #74-Ubuntu SMP Tue Sep 17 17:06:04 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux
Note my kernel version is '4.15.0-65-generic', which means:
VERSION = 4
PATCHLEVEL = 15
SUBLEVEL = 0
EXTRAVERSION = -65-generic
But my Makefile says my kernel SUBLEVEL=18 and has no EXTRAVERSION defined. If I compile things like this, the module will complain about version mismatch, so I compiled the modules with two extra parameters:
make SUBLEVEL=0 EXTRAVERSION=-65-generic modules_prepare
Then I edited drivers/usb/serial/qcserial.c to add the vendor : product combination to the driver and compiled the module:
1.6 Sign the module.
sudo ./scripts/sign-file sha256 ../MOK.priv ../MOK.der ./drivers/usb/serial/qcserial.ko
We can verify the module is signed with
1.7 Load dependency and the module itself:
sudo modprobe usb_wwan
sudo insmod ./drivers/usb/serial/qcserial.ko
At this point, dmesg shows the module was loaded and, as my phone was already in DLOAD mode, it was recognized and had ttyUSB0 associated to it.
Step 2: Accessing the device with Sahara
[ 2842.969892] usbserial: USB Serial support registered for Qualcomm USB modem
[ 2842.969969] qcserial 3-1:1.0: Qualcomm USB modem converter detected
[ 2842.970212] usb 3-1: Qualcomm USB modem converter now attached to ttyUSB0
After having the module loaded and the serial port associated, I downloaded, compiled and run Sahara. It appears that the way you get into DLOAD mode matters for Sahara. When I tried to boot the kernel and it entered DLOAD mode, Sahara immediately asked me to download the memory contents. Otherwise, when entering DLOAD mode by turning the device on with volume up + volume down pressed, Sahara asked me to upload a firmware.
Up to now, I'm able to download any part of the phone's memory, but no logs as of yet.
And of course, no progress in building a more recent ROM. But I'm getting to know this phone (and Android itself) as deep as I never thought I would.
The hope is not dead yet.
This link was very useful: https://gorka.eguileor.com/vbox-vmwa...ureboot-linux/