FORUMS

[GUIDE][ARM] How to Decode LCM for Mediatek Devices

472 posts
Thanks Meter: 274
 
By RendyAK, Senior Member on 2nd May 2017, 03:43 AM
Post Reply Email Thread
1. Introduction
As we all know, many vendor that using mediatek chipset is being closed source for kernel... Well, we can also boot other kernel source to our device, but.. how do we make LCM (or LCD) works? Let me explain it to you.
For how to build kernel, see this thread

Video tutorial in case someone didnt understand

Note: NOT ALL LCM CAN BE DECODED WITH THIS WAY.
Tested: HX8394D

2. Requirements
1. A PC. (Windows recommended)
2. IDA Pro (Paid app)
3. Notepad++ (or something like that)
4. LCM Driver from other device.
5. your lk.bin from stock rom
If you're running in Linux environment, you need wine to do this.

3. How to decode.
1. Open IDA Pro (32-Bit)
2. Click "new"



3. Select your lk.bin and click "Open"



4. Set processor type as ARM Little-Endian and click Set, and then OK.



5. Just click OK if there is another prompt.
6. Wait until its finish decoding the lk.bin
7. Go to Search > Text (or ALT+T)



8. Find lcm_init and check "Find all occurences"



9. Select "sym lcm_init start\n"



10. Go to the top of that function, and press P, the output will be like this.



11. Press F5 and wait for the result.



12. Open your LCM driver with Notepad++
13. Go back to IDA

Explaination on the crappy code:
For example:
Code:
 v4A4D4(1);
  v4A4E4(10);
  v4A4D4(0);
  v4A4E4(20);
  v4A4D4(1);
  v4A4E4(120);
  v2 = 276738;
  v3 = -1803288647;
  v4A500(&v2, 2, 1);
  v4A4E4(10);
  v3 = 8614586;
  v2 = 211202;
  v4A500(&v2, 2, 1);
  v4A4E4(3);
v4A4D4 here is SET_RESET_PIN
v4A4E4 here is MDELAY
v4A500(&v2, here is dsi_set_cmdq(&data_array,
v2 and v3, and so on is the main LCM Init!
And the weird number, we should change it as hexadecimal!
How to change it? Just right click on the weird number, and click "Hexadecimal"

Note: if the Hexadecimal isn't in 8 Digit, add 0 on it!
Example:
0x43902 this will be 0x00043902

So, if we decode it, it should be looks like this.
Code:
  SET_RESET_PIN(1);
  MDELAY(10);
  set_reset_pin(0);
  MDELAY(20);
  SET_RESET_PIN(1);
  MDELAY(120);
  v2 = 0x00043902;
  v3 = 0x9483FFB9;
  dsi_set_cmdq(&data_array,, 2, 1);
  MDELAY(10);
  v3 = 0x008372BA;
  v2 = 0x00033902;
  dsi_set_cmdq(&data_array,, 2, 1);
  MDELAY(3);
And so on...
And then put it on your LCM driver! and now you should already have your LCM decoded!
About lcm_get_params? See next post!

Credits:
@I.nfraR.ed for the inspiration!
remind me if I forgot someone

If the image is not show up, please blame XDA for it jk XDA plz dont ban me
The Following 11 Users Say Thank You to RendyAK For This Useful Post: [ View ] Gift RendyAK Ad-Free
2nd May 2017, 03:43 AM |#2  
RendyAK's Avatar
OP Senior Member
Flag Depok
Thanks Meter: 274
 
Donate to Me
More
Getting lcm_get_params
This method works on:
- nt35521
- hx8394d

1. Requirements
1. lcm_drv.h from your source
2. lk.bin from stock rom
And same as above ^^

2. Getting
1. Same as the first post, until No.6
2. Find your LCD resolution, and then change it to Hexadecimal
Quote:

Example:
1280x720, it translates to 0x500 and 0x2D0
We only take one of it!

3. Go to Search > Text
4. Search for 0x<blah>
Replace <blah> with the hexadecimal.
5. You'll see so much result, only choose both hexadecimal that are avaible in 2 lines! check the screenshot below.



6. Then go to the top of that function, and press P



7. Press F5
8. Go to Options > Compiler
9. Select GNU C++ and click OK



10. Press CTRL + F9 and select your lcm_drv.h
11. Right click on v1, in third line, and click set lvar name



12. Input LCM_PARAMS* and click OK
13. Now click on LCM_PARAMS on line 3 and press N
14. Input params and click OK.
Your new code will be more and less looks like this:



15. Now put them in your driver file. Just copy and paste after "sub_<blabla>();" and before "return result;"
Quote:

Note: If you have something like

Code:
LOBYTE
BYTE
Add
Code:
#if !defined(LOBYTE)
#define LOBYTE(w)           ((unsigned char)(w))
#endif
#if !defined(HIBYTE)
#define HIBYTE(w)           ((unsigned char)(((unsigned short)(w) >> 8) & 0xFF))
#endif
#define BYTE0(x) (unsigned char)(x)
#define BYTE1(x) (unsigned char)((x) >> 8)
#define BYTE2(x) (unsigned char)((x) >> 16)
#define BYTE3(x) (unsigned char)((x) >> 24)
And for DWORD, Just remove it.

And you're now good to go!
The Following 8 Users Say Thank You to RendyAK For This Useful Post: [ View ] Gift RendyAK Ad-Free
2nd May 2017, 07:52 AM |#4  
DheaApriandi's Avatar
Member
Flag Cirebon
Thanks Meter: 52
 
Donate to Me
More
Quote:
Originally Posted by RendyAK

1. Introduction
As we all know, many vendor that using mediatek chipset is being closed source for kernel... Well, we can also boot other kernel source to our device, but.. how do we make LCM (or LCD) works? Let me explain it to you.
For how to build kernel, see this thread

Video tutorial in case someone didnt understand

Note: NOT ALL LCM CAN BE DECODED WITH THIS WAY.
Tested: HX8394D

2. Requirements
1. A PC. (Windows recommended)
2. IDA Pro (Paid app)
3. Notepad++ (or something like that)
4. LCM Driver from other device.
5. your lk.bin from stock rom
If you're running in Linux environment, you need wine to do this.

3. How to decode.
1. Open IDA Pro (32-Bit)
2. Click "new"



3. Select your lk.bin and click "Open"



4. Set processor type as ARM Little-Endian and click Set, and then OK.



5. Just click OK if there is another prompt.
6. Wait until its finish decoding the lk.bin
7. Go to Search > Text (or ALT+T)



8. Find lcm_init and check "Find all occurences"



9. Select "sym lcm_init start\n"



10. Go to the top of that function, and press P, the output will be like this.



11. Press F5 and wait for the result.



12. Open your LCM driver with Notepad++
13. Go back to IDA

Explaination on the crappy code:
For example:
Code:
 v4A4D4(1);
  v4A4E4(10);
  v4A4D4(0);
  v4A4E4(20);
  v4A4D4(1);
  v4A4E4(120);
  v2 = 276738;
  v3 = -1803288647;
  v4A500(&v2, 2, 1);
  v4A4E4(10);
  v3 = 8614586;
  v2 = 211202;
  v4A500(&v2, 2, 1);
  v4A4E4(3);
v4A4D4 here is SET_RESET_PIN
v4A4E4 here is MDELAY
v4A500(&v2, here is dsi_set_cmdq(&data_array,
v2 and v3, and so on is the main LCM Init!
And the weird number, we should change it as hexadecimal!
How to change it? Just right click on the weird number, and click "Hexadecimal"

Note: if the Hexadecimal isn't in 8 Digit, add 0 on it!
Example:
0x43902 this will be 0x00043902

So, if we decode it, it should be looks like this.
Code:
  SET_RESET_PIN(1);
  MDELAY(10);
  set_reset_pin(0);
  MDELAY(20);
  SET_RESET_PIN(1);
  MDELAY(120);
  v2 = 0x00043902;
  v3 = 0x9483FFB9;
  dsi_set_cmdq(&data_array,, 2, 1);
  MDELAY(10);
  v3 = 0x008372BA;
  v2 = 0x00033902;
  dsi_set_cmdq(&data_array,, 2, 1);
  MDELAY(3);
And so on...
And then put it on your LCM driver! and now you should already have your LCM decoded!
About lcm_get_params? See next post!

Credits:
@I.nfraR.ed for the inspiration!
remind me if I forgot someone

If the image is not show up, please blame XDA for it jk XDA plz dont ban me

Nice usefull guide! Good work
The Following User Says Thank You to DheaApriandi For This Useful Post: [ View ] Gift DheaApriandi Ad-Free
2nd May 2017, 08:03 AM |#5  
RendyAK's Avatar
OP Senior Member
Flag Depok
Thanks Meter: 274
 
Donate to Me
More
Quote:
Originally Posted by Ahmed.Rajib

Thanks


Quote:
Originally Posted by DheaApriandi

Nice usefull guide! Good work


Thank you guys! And please dont quote the whole thread :3
2nd May 2017, 01:32 PM |#6  
iykeDROID™'s Avatar
Senior Member
Flag Accra
Thanks Meter: 290
 
Donate to Me
More
Keep It Up
2nd May 2017, 01:37 PM |#7  
RendyAK's Avatar
OP Senior Member
Flag Depok
Thanks Meter: 274
 
Donate to Me
More
Quote:
Originally Posted by iykeDROID™

Keep It Up

thank you!

Also, Post updated. Added tut for getting lcm_get_params!
The Following User Says Thank You to RendyAK For This Useful Post: [ View ] Gift RendyAK Ad-Free
2nd May 2017, 01:51 PM |#8  
iykeDROID™'s Avatar
Senior Member
Flag Accra
Thanks Meter: 290
 
Donate to Me
More
Its been two weeks now, working on ARM64 kernel source as am porting, a whole lot of brain storming.... Sleepless nights, though my target hasn't been reached yet.

USING IDA to work , IDA is a good tool/software [ thumbs up for the Developers. ]
••••√•••••
Hoping to share my Experience on ARM64 when successful on what I have already started.
4th May 2017, 04:42 AM |#9  
RendyAK's Avatar
OP Senior Member
Flag Depok
Thanks Meter: 274
 
Donate to Me
More
Update on lcm_get_params post.
1st June 2017, 06:04 PM |#10  
ntouris3's Avatar
Member
Thanks Meter: 4
 
More
Quote:
Originally Posted by RendyAK

1. Introduction
As we all know, many vendor that using mediatek chipset is being closed source for kernel... Well, we can also boot other kernel source to our device, but.. how do we make LCM (or LCD) works? Let me explain it to you.
For how to build kernel, see this thread

Video tutorial in case someone didnt understand

Note: NOT ALL LCM CAN BE DECODED WITH THIS WAY.
Tested: HX8394D

2. Requirements
1. A PC. (Windows recommended)
2. IDA Pro (Paid app)
3. Notepad++ (or something like that)
4. LCM Driver from other device.
5. your lk.bin from stock rom
If you're running in Linux environment, you need wine to do this.

3. How to decode.
1. Open IDA Pro (32-Bit)
2. Click "new"



3. Select your lk.bin and click "Open"



4. Set processor type as ARM Little-Endian and click Set, and then OK.



5. Just click OK if there is another prompt.
6. Wait until its finish decoding the lk.bin
7. Go to Search > Text (or ALT+T)



8. Find lcm_init and check "Find all occurences"



9. Select "sym lcm_init start\n"



10. Go to the top of that function, and press P, the output will be like this.



11. Press F5 and wait for the result.



12. Open your LCM driver with Notepad++
13. Go back to IDA

Explaination on the crappy code:
For example:
Code:
 v4A4D4(1);
  v4A4E4(10);
  v4A4D4(0);
  v4A4E4(20);
  v4A4D4(1);
  v4A4E4(120);
  v2 = 276738;
  v3 = -1803288647;
  v4A500(&v2, 2, 1);
  v4A4E4(10);
  v3 = 8614586;
  v2 = 211202;
  v4A500(&v2, 2, 1);
  v4A4E4(3);
v4A4D4 here is SET_RESET_PIN
v4A4E4 here is MDELAY
v4A500(&v2, here is dsi_set_cmdq(&data_array,
v2 and v3, and so on is the main LCM Init!
And the weird number, we should change it as hexadecimal!
How to change it? Just right click on the weird number, and click "Hexadecimal"

Note: if the Hexadecimal isn't in 8 Digit, add 0 on it!
Example:
0x43902 this will be 0x00043902

So, if we decode it, it should be looks like this.
Code:
  SET_RESET_PIN(1);
  MDELAY(10);
  set_reset_pin(0);
  MDELAY(20);
  SET_RESET_PIN(1);
  MDELAY(120);
  v2 = 0x00043902;
  v3 = 0x9483FFB9;
  dsi_set_cmdq(&data_array,, 2, 1);
  MDELAY(10);
  v3 = 0x008372BA;
  v2 = 0x00033902;
  dsi_set_cmdq(&data_array,, 2, 1);
  MDELAY(3);
And so on...
And then put it on your LCM driver! and now you should already have your LCM decoded!
About lcm_get_params? See next post!

Credits:
@I.nfraR.ed for the inspiration!
remind me if I forgot someone

If the image is not show up, please blame XDA for it jk XDA plz dont ban me

Hey man thanks for this awesome guide!!! But i can't find anything when i search lcm_init. My driver is nt35521_cmi_hd720_5p5_xld_s2609_dg. Can you plz tell me if you know how to do it or if there is an already decoded driver?
10th July 2017, 11:09 AM |#11  
Senior Member
Flag Vijayawada
Thanks Meter: 86
 
More
Thanks for the tutorial man. But i can't find anything when i search lcm_init. My driver is r61318_hd720_dsi_vdo_yushun but here is he twist my manufacturer shipped my device with 2 lcms one is this one and the other one is otm1284_hd720_dsi_vdo_boyi. So makes sense that lcm_init didn't find any results. Luckily after some searching I found the code but everything is v1.

Here is the code and is providing basic info.
signed int __fastcall sub_1FD3C(int a1)
{
int v1; // [email protected]
signed int result; // [email protected]

v1 = a1;
sub_1D698();
*(_DWORD *)(v1 + 32) = 217352;
*(_DWORD *)(v1 + 28) = 217352;
result = 1;
*(_DWORD *)v1 = 2;
*(_DWORD *)(v1 + 352) = 2;
*(_DWORD *)(v1 + 360) = 2;
*(_DWORD *)(v1 + 372) = 2;
*(_DWORD *)(v1 + 24) = 217360;
*(_DWORD *)(v1 + 376) = 13;
*(_DWORD *)(v1 + 380) = 17;
*(_DWORD *)(v1 + 388) = 8;
*(_DWORD *)(v1 + 392) = 40;
*(_DWORD *)(v1 + 552) = 62;
*(_DWORD *)(v1 + 36) = "720*1280";
*(_DWORD *)(v1 + 396) = 80;
*(_DWORD *)(v1 + 12) = 720;
*(_DWORD *)(v1 + 16) = 1280;
*(_DWORD *)(v1 + 556) = 110;
*(_DWORD *)(v1 + 320) = 1;
*(_DWORD *)(v1 + 336) = 4;
*(_BYTE *)(v1 + 444) = 1;
*(_DWORD *)(v1 + 384) = 1280;
*(_DWORD *)(v1 + 404) = 720;
*(_DWORD *)(v1 + 492) = 220;
return result;
Where do you think I can find v2 and v3 maybe should dig little deeper right? Thanks in advance
The Following User Says Thank You to M.A.P For This Useful Post: [ View ] Gift M.A.P Ad-Free
Post Reply Subscribe to Thread

Tags
android, kernel, lcm, mediatek

Guest Quick Reply (no urls or BBcode)
Message:
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes