If alquez says it's a hard task. It must be too difficult for many of us to comprehend.
I've just taken a look at the sources of the mtd driver in the kernel, but haven't actually found a lot that would be of interest to us. The actual communication with the NAND seems not to take place here. It's probably handled by an even lower level, perhaps some I/O layer that sits beneath, don't know. The kernel is simply too huge, this will turn into a search for a needle in the haystack.
Well, if there is no other way, and we have to pin it down, then we either have to look through the kernel or the radio. If we do the radio, and find secu_flag then we have a "pure" S-OFF, if we do the kernel, I suspect it will take longer and we will have a "patchwork" S-OFF. At least we will have S-OFF. But we also need to think timewise. Don't want to finish this when this phone is not sold anymore and when we are the only people left. By the way, Samsung Android phones have a "Download Mode". I've used it many times. Also, once you are in download mode, you use a GUI program called ODIN, like a RUU, it assists you in "downloading" the file to the phone and flashing it.
Sent from my HTC Wildfire S A510e using XDA
Well sooner or later it will be available for almost anything. They said they will support "all devices with a newer chipset than Google Nexus One". That would even include the WFS. I think the Nexus One is still on a QSDxxxx chip. The MSM7227 of the WFS is a real powerhorse against what the Nexus One is using lol!
In order to do either we need to be able to write to the nand so both will need us to **** with the kernal in the hope it works. Nbh what would we be looking for in general? We might have some luck if get a small army of us to go hunting through it.
sent from my android powered beast!
The Nexus One's QSD8250 is much more powerful than MSM7227. Both have Adreno 200 graphics and are Snapdragon S1s but QSD has a Scorpion (Cortex A8) core with 1GHz native clock, vs MSM7227s ARM11 w 600MHz native clock. I wouldn't hold my breath for official CM9 on WFS sadly.
https://developer.qualcomm.com/sites/default/files/snapdragon-specs.pdf
Also, once you are in download mode, you use a GUI program called ODIN, like a RUU, it assists you in "downloading" the file to the phone and flashing it.
Sent from my HTC Wildfire S A510e using XDA
@nhb A thought just occurred to me.......if you're trying to boot a linux kernel.......why not try it via a different linux based OS on the phone......Tizen for example?????
I've also had an idea, have we tried to do this to an s-off device? I know it sounds strange but it would hopefully yeild some useful information. Like if it works with no arguments then we would know that the s-on is still ****ing with us and that the kernals works. Just an idea
sent from my android powered beast!
I've also had an idea, have we tried to do this to an s-off device? I know it sounds strange but it would hopefully yeild some useful information. Like if it works with no arguments then we would know that the s-on is still ****ing with us and that the kernals works. Just an idea
sent from my android powered beast!
It's not proven the exploit works as we hope to. and we know nothing of the side effects that may come up using this exploit on an s-off phone.
from this...The Forward Indicator Bits (FIBs) and Backward Indicator Bits (BIBs) are used for retransmissions. Under normal conditions (no link errors), the FIB and BIB have the same value. As illustrated in Figure 4-9, the field length is 1 bit; therefore, only two values are possible: 0 or 1.
Hi all,
Just for information.
Use this to ROOT my phone a couple of days ago and all work fine.
Last night stupidly there was OTA update that I installed and now I also have the 'Hellions with BLUE flames !' problem.
The update was something like 1.013.flex sorry did not write down and that is all I can remember.
Keep up the good work Doomlord
Phone: Acer E320-orange
Android version: 2.3.4
Baseband: C6-1.013.00
Kernel: 2.6.35.7
Build: Acer_E320_1.013.00_EMEA_ORGUK
I hope this helps
I will look at back rev'ing when I have time and post my results.
Found a Russian rooted rom for this device but would still like a way to root the original rom.
Also invited. Ps guys, I have an idea. Can someone decompile the stock recovery. I have an idea but don't have hex arrays or anything of the such
Sent from my HTC_A510c using Tapatalk 2
Well I basically did a lot of of low-level (mostly hardware) stuff to the phone recently, not so much actual development. I found out how to configure OpenOCD (don't know whether the configuration is any good, since lots of values are more "good guesses" than actual knowledge but at least it's a starting point). I found how to get the board to boot without being attached to the Lithium cell which is not important for getting JTAG access (because this works as long as the board has power supply, being booted is not neccessary for JTAG to work) but will later be needed for tracing through the boot code, since the phone won't boot without what it thinks is a Lithium cell. However, I didn't get the debugger running yet. I suspect that the processor's logic level might be too low for the JTAG equipment. I don't really have an idea how to work around that yet, I might need to build a circuit that boosts the processor's JTAG signal to the appropriate voltage level (a so-called "level-shifter").
Apart from that munjeni and Antagonist42 also seem to make progress, but I must admit that I wasn't really able to keep track of all the things that they were doing recently. So basically we're now down at the actual physical layer and messing around with the electrical stuff that's going on on the phone's board and trying to find a way of actually talking to the processor to get the on-chip debugging working.
The far goal will be getting a patched HBOOT that has signature verification removed loaded into the device's memory via JTAG, then flash a patched HBOOT image via Fastboot. If this works it will be the first S-OFF GSM WFS that's neither shipped S-OFF nor turned S-OFF via xtc-clip, but this might still be a long long way.
.... Files and Documents Scavenged from the net for our use .. enjoy ....
Please message me if you require the docs and HAVE 10 "relevant" / "DEV-MOD" postings as "10 and in" to satisfy postings and links requirements will be ignored.
Great! How you got it? Trought fastboot boot command?? Maybe I can help? If this can working there will be a lot off s-off devices using your method!If you no want to risk I will test your code on my aria!
~ # cat /proc/mtd
dev: size erasesize name
mtd0: 00100000 00040000 "misc"
mtd1: 00500000 00040000 "recovery"
mtd2: 00340000 00040000 "boot"
mtd3: 10400000 00040000 "system"
mtd4: 02300000 00040000 "cache"
mtd5: 09600000 00040000 "userdata"
mtd6: 00a00000 00040000 "devlog"
mtd7: 02fc0000 00040000 "radio"
~ #
~ # cat /dev/mtd/mtd7 > /sdcard/radio.img