Search results

  1. O

    Post The OnePlus 2 Ask for an Invite Roll Up Thread

    I'd like to get an invite, thanks!
  2. O

    Post [List][Closed!]XDA-Exclusive Invite List

    I would like to thank guitarhero2 for sharing me an invite, and timmaaa for operating this list. Thanks guys, great work!
  3. O

    Post [List][Closed!]XDA-Exclusive Invite List

    I'd like to join the list please. I have read the whole OP and agree with terms. Thanks!
  4. O

    Post eMMC sudden death research

    Cool... Did it fix SDS though? If the smart report wasn't changed I worry that it doesn't fix SDS.
  5. O

    Post eMMC sudden death research

    Yep. It even resets write protection lock if there's any... Huh. Sent from my GT-I9300 using xda app-developers app
  6. O

    Post eMMC sudden death research

    If you're feeling adventurous, you can try a command (I found during the firmware reversing) which should low level format your chip: CMD62 (ARG: 0xEFAC62EC) CMD62 (ARG: 0xFAC0021) Note that it will delete all the chip metadata (incl. wear leveling state and bad block info) and probably...
  7. O

    Post [CM11][4.4.2][i9300][ROM][KERNEL][FEB26] temasek's UNOFFICIAL Build - V50

    Awesome, thanks! :) Sent from my GT-I9300 using xda app-developers app
  8. O

    Post [CM11][4.4.2][i9300][ROM][KERNEL][FEB26] temasek's UNOFFICIAL Build - V50

    Strange. I tested both CM kernel and yours now, and the drive mounts after turning on USB storage in the "USB connected. Touch to copy files" notification. Does it show up on your device? (It's a separate notification than the regular USB notification...)
  9. O

    Post [CM11][4.4.2][i9300][ROM][KERNEL][FEB26] temasek's UNOFFICIAL Build - V50

    temasek I've used it for a couple of days now, and it seems to be working great. Note however that I'm using Devil kernel.
  10. O

    Post [CM11][4.4.2][i9300][ROM][KERNEL][FEB26] temasek's UNOFFICIAL Build - V50

    temasek - Again with my UMS patches. I just can't get along with MTP ;) I merged the patches into CM11 and tested them for a little bit. I will test them over the next few days if you want to be assured they're robust. Attached the patches - the first is for frameworks_base, the second is for...
  11. O

    Post [CM11][4.4.2][i9300][ROM][KERNEL][FEB26] temasek's UNOFFICIAL Build - V50

    I don't use Active Display personally, but I noticed that many of you experience the red-eye bug with pocket mode. @temasek, the problem is this commit is insufficient. In the same file (ActiveDisplayView.java), line 770: if (mProximitySensor != null)Should be if (mProximtySensor != null ||...
  12. O

    Post [CM11][4.4.2][i9300][ROM][KERNEL][FEB26] temasek's UNOFFICIAL Build - V50

    I didn't understand, you want to remove the "Show action overflow" option? In AOSP the logic says "show action overflow if and only if you have a navbar"; the extra checkbox allows us more control (e.g. action overflow without a navbar)...
  13. O

    Post [CM11][4.4.2][i9300][ROM][KERNEL][FEB26] temasek's UNOFFICIAL Build - V50

    Thanks! On a second thought, I don't know what the desired behavior is. With my patch, if you enable a navbar then you'll always have the 3-dot overflow button (even if it's unchecked)... If the desired behavior is that the button never shows if it's unchecked (even if there's a navbar), then...
  14. O

    Post [CM11][4.4.2][i9300][ROM][KERNEL][FEB26] temasek's UNOFFICIAL Build - V50

    temasek, the "show action overflow" feature isn't working. There is a logic error in ViewConfiguration.java (in repository android_frameworks_base). I've attached a patch to fix this problem, can you merge it please? P.S. I haven't forgotten my UMS patches, I'll take a look at them later ;)
  15. O

    Post [CM11][4.4.2][i9300][ROM][KERNEL][FEB26] temasek's UNOFFICIAL Build - V50

    Disable DAC Direct in your Boeffla / Wolfson interface.
  16. O

    Post [CM11][4.4.2][i9300][ROM][KERNEL][FEB26] temasek's UNOFFICIAL Build - V50

    I love this firmware - the compilation of features makes it wonderful. However, I absolutely prefer UMS over MTP. I once sent some patches to CM to make it work (jellybean branch): http://review.cyanogenmod.org/#/c/25814/ http://review.cyanogenmod.org/#/c/25813/...
  17. O

    Thread [MOD][ICS/JB][XPOSED] DitheredHoloBackground: no more color banding

    Inspired by this, I've decided to write a simple Xposed plugin that replaces the default Holo Dark background with a dithered one. It means no more annoying color banding. You need Xposed version 2.1 and up. Source code: https://github.com/Oranav/DitheredHoloBackground Thanks rovo89 for all of...
  18. O

    Post eMMC sudden death research

    Yes, I'm 100% sure. This is a pseudo-code of MMC_READ_SINGLE_BLOCK command handler after you issue CMD62(0xEFAC62EC) CMD62(0x0000CCEE): void __fastcall f_smart_report_send(mmc_command *cmd) { uint32_t arg; // [email protected] int arg_high_byte; // [email protected] int arg_low_byte; // [email protected] ... arg = cmd->arg...
  19. O

    Post eMMC sudden death research

    No, this documentation is irrelevant. As I said before on this thread, there are 2 vendor-specific MMC commands Samsung has implemented: CMD60 and CMD62. It's their own implementation, you won't see any documentation for it unless you sign an NDA. I have reversed most of the CMD60 and CMD62...
  20. O

    Post eMMC sudden death research

    Just a quick update: thanks to a kernel compiled by AndreiLux, and thanks to artesea for doing an eMMC RAM dump on his device, we've got the 0xf7 firmware! It seems that it is runnable on the same hardware. It means that we can probably field upgrade I9300 devices, just as Samsung does with...
  21. O

    Post eMMC sudden death research

    E:V:A, this is just awesome; this code is rather new I suppose (I haven't seen any JB SGS2 source before). Samsung actually field upgrades eMMC firmwares. It uses mostly vendor-specific and undocumented MMC commands, but we already knew much of this information thanks to the reversing process...
  22. O

    Post eMMC sudden death research

    AndreiLux - no problem. However, note that: 1. I didn't test the "other" part (quirk mechanism) thoroughly. After I test it enough, I'll submit it to CM. There might be some changes, so maybe you'd like to pull it instead of using the one I've attached. Besides that, I saw that the SGS2 brickbug...
  23. O

    Post eMMC sudden death research

    WARNING: The attached patch is dangerous as it sends low-level commands to your eMMC chip. Please, use it ONLY if you know what you're doing. I'm not responsible for anything! I've attached a kernel patch which allows you to read the eMMC RAM. Usage: # cat /proc/devices | grep mmcram 248...
  24. O

    Post eMMC sudden death research

    Actually, to be more precise, it used to be: void *val; set_val_and_return_whether_succeeded(&val); crater_the_chip_if_val_is_null(val); Now it is: void *val; if (!set_val_and_return_whether_succeeded(&val)) halt(); crater_the_chip_if_val_is_null(val); The Movi's BootROM is small enough...
  25. O

    Post Xposed - Legacy thread. Don't panic, Xposed is still here.

    I see. To be honest, I'm really not a Java expert; I just thought that it might confuse the SecurityManager's logic, but I see now that Android doesn't even use one. Great, thanks. :) I think that it should follow Android's logging system, i.e. use volatile logging. Maybe developers can have a...
  26. O

    Post Xposed - Legacy thread. Don't panic, Xposed is still here.

    This is just plain awesome! I actually thought about writing something similar myself (I come from the iOS world, where we have MobileSubstrate), but I'm not that much familiar with Dalvik, and this is much beyond my expectations. Thanks a lot! I have a couple of questions though: Why did you...
  27. O

    Post eMMC sudden death research

    It doesn't seem like an integer overflow, at least not a straightforward one. This is the function they patch: int __fastcall f_to_be_patched_function(_DWORD *out, int val) { int ret; // [email protected] ret = 0; if ( *off_5FC60 == val ) { *out = off_5FC60; return 1; } if ( *off_5FC64...
  28. O

    Post eMMC sudden death research

    I think it is possible to update the firmware. Except for CMD62, there are 2 more vendor specific commands (CMD60 and CMD64). I think I saw somewhere a command which updates the firmware on the NAND; I'm not sure now but I'll check it later. The BootROM is also very small so it's easy to find...
  29. O

    Post eMMC sudden death research

    Lime isn't relevant here, since the CPU's RAM and the MoviNAND's RAM aren't shared; they aren't even mapped to the same memory space. In order to read the MoviNAND's RAM, we have to send vendor-specific eMMC commands and read eMMC data...
  30. O

    Post eMMC sudden death research

    I have a Hex-Rays license. I actually reverse most of the time using it; I posted assembly code since it's easier to understand with these short snippets (in my point of view). I won't post a RAM dump since it contains (probably?) licensed code. I can however post the memory map: 0x00000000 -...
  31. O

    Post eMMC sudden death research

    I'm reversing sboot to see what have changed (no "VTU00M" string doesn't mean there's no fix). It should be very easy since we have kernel sources (we know how to communicate with the eMMC controller - MMIO addresses etc.). * If someone has a BinDiff license and wants to help, it'd be great...
  32. O

    Post eMMC sudden death research

    Download mode has nothing in common with the recovery partition. It is implemented in sboot (the device's bootloader). It has its own implementation of hardware drivers. If it doesn't patch the eMMC RAM, then it isn't safe! However, I haven't checked it enough yet to conclude whether it's safe...
  33. O

    Post eMMC sudden death research

    Absolutely yes. Sent from my GT-I9300 using xda app-developers app
  34. O

    Post eMMC sudden death research

    As far is it seems right now, it isn't caused by flash wear or anything like that. It seems that it's caused by a bug which is triggered in a very specific case. Then, it causes the device to corrupt its inner structures or its firmware - I'm not sure which one yet. The specific bug is that...
  35. O

    Post eMMC sudden death research

    I tried to simulate an eMMC freeze (by forcing it to go into an infinite loop). It behaves exactly as you describe - the phone works for a second, then becomes totally unresponsive. Seems like there is no watchdog. Rebellos, I enabled the private messaging system for me. I do have the faulty...
  36. O

    Post eMMC sudden death research

    Okay, got a RAM dump :) I won't post it here (or anywhere else for that matter) because I don't want to get sued by Samsung. I might release a kernel which allows you to dump the RAM yourself if there's enough demand, but I don't want to right now, because: 1. The code is ugly as hell, not...
  37. O

    Post eMMC sudden death research

    The problem is that there are too many theories imaginable, but I can't think of no way to prove them but to reverse engineer the MoviNAND firmware. Certainly not. Watchdogs are slow, drivers running on a Cortex-A9 are blazing fast. But I do think Linux's MMC driver can handle device restarts...
  38. O

    Post eMMC sudden death research

    Right, haven't spotted this. Thanks for the observation. Self preservation sounds possible. This could be possible - this patch looks like a quick and dirty fix, so maybe they didn't have the time to properly fix this. Instead, they just avoid the bug absolutely (with the cost of data...
  39. O

    Post eMMC sudden death research

    So I decided to do a small RAM dump after all. Before the patch, 0x5C7EA reads FD F7 C2 FA, which is "BL 0x59D72". As I thought, they replace a function call to the new one. I will dump function 0x59D72 later this week.
  40. O

    Post [Important] Sudden Death (SDS) - Don't use older than Android 4.1.2 or CWM 6.0.3.x

    I've patched Siyah 1.8.7 to export movi_ops via sysfs, so you can know whether your device is affected or not. Flash the attached kernel, then do "cat /sys/class/block/mmcblk0/device/movi_ops". 2 means affected, 0 means not, other values mean my code has a bug. :) Re-flash your everyday kernel...
  41. O

    Post [Important] Sudden Death (SDS) - Don't use older than Android 4.1.2 or CWM 6.0.3.x

    http://forum.xda-developers.com/showthread.php?t=2096045 Short answer: The code that fetches the firmware date is the code for getting a "Smart Report"; it can't be used to read the eMMC RAM. However, I found other code that can dump the eMMC RAM. I'm just afraid to run it on my device since I...
  42. O

    Post [Important] Sudden Death (SDS) - Don't use older than Android 4.1.2 or CWM 6.0.3.x

    Yes, they only patch eMMC chips with F/W date 2012/04/13. It may indicate that other chips are okay. This date resides in the moviNAND Smart Report page, and it can't be read using normal MMC commands - but only by special vendor-specific moviNAND commands. So option 1 is a no-go here. Option 2...
  43. O

    Thread eMMC sudden death research

    Update from Feb 17th: Samsung has started to upgrade eMMC firmwares on the field - only for GT-I9100 for now. See post #79 for additional details. Update from Feb 13th: If you want to dump the eMMC's RAM yourself, go ahead to post #72. I'm looking for a dump of firmware revision 0xf7 if you've...
  44. O

    Post [Important] Sudden Death (SDS) - Don't use older than Android 4.1.2 or CWM 6.0.3.x

    Download mode is implemented in sboot. Sounds reasonable. The question is whether the MMC device is being suspended or not...
  45. O

    Post [Important] Sudden Death (SDS) - Don't use older than Android 4.1.2 or CWM 6.0.3.x

    Well, if there really isn't a patch in the latest bootloader (which we don't know yet for sure!), the only thing we can assume is that all bootloaders are dangerous and that we shouldn't use download mode at all. While it may be true, if it really is a NAND problem, it's probably because: A...
  46. O

    Post [Important] Sudden Death (SDS) - Don't use older than Android 4.1.2 or CWM 6.0.3.x

    I did a little reversing of XXELLA's bootloader (sboot.bin). I didn't found any trace of eMMC firmware patching; This is a bit strange, since the bootloader does have its own machinery for handling eMMC writes (e.g. download mode or T32 fuse to download from SD card to eMMC). Note that there...
  47. O

    Post [Important] Sudden Death (SDS) - Don't use older than Android 4.1.2 or CWM 6.0.3.x

    This is not decompiling (binary -> pseudo-code), this is disassembling (binary -> assembly). I'm using IDA Pro.
  48. O

    Post [Important] Sudden Death (SDS) - Don't use older than Android 4.1.2 or CWM 6.0.3.x

    A few insights about the alleged fix: - As far as I know, only 16GB models have died. This seems to be an indication that it is indeed a problem with the eMMC chip. - According to the moviNAND specs, they issue a vendor-specific MMC command to enter debug mode, then they patch its RAM. - They...
  49. O

    Post [KIES]I9300XXELLC[4.1.2]<- Jan.11,2013 w/ExynosBugFix

    Has anyone BinDiff'ed the bootloaders to see what has changed? If they had fixed the sudden death issue, it might pop up easily.
  50. O

    Post [GT-I9300] CyanogenMod 10 Discussion Thread

    I've actually patched vold to support the FUSE exFAT implementation on my device, and it works (aside from a few minor issues). However, I don't even bother to submit the patch, because it would never get approved; exFAT is highly patented by Microsoft and the legality of the GPL implementation...