FORUMS
Remove All Ads from XDA

SUCCESS! De-Bricking Dreams - Complete JTAG Testpoints! UPDATE! 04/07/10

59 posts
Thanks Meter: 21
 
By BinaryDroid, Member on 27th November 2009, 11:26 PM
Post Reply Email Thread
15th April 2010, 07:23 PM |#491  
ezterry's Avatar
Retired Recognized Developer
Flag Asheville, NC
Thanks Meter: 1,005
 
Donate to Me
More
Quote:
Originally Posted by Aaron!

I just had an idea in regards to de-bricking Magics using a serial cable...

IF the security can be bypassed using a goldcard, would that make it possible to run the necessary commands via serial/usb to reflash a Magic without attaching a JTAG?

Thus far I see no indication that the radio reads the sd card.. so sounds unlikely to solve bricks.

The gold card as we know today in the most recent perfected spls only seems to bypass the cid id (provider) check.. not any signatures or version checks. If some other type of bypass based on the sd card exists I do not know.

However if you see the unlocked commands in oemspl while using a goldcard do let us know.
16th April 2010, 05:18 AM |#492  
Member
Thanks Meter: 0
 
More
Quote:
Originally Posted by scholbert

Hey dudes,

i must have gone completely mad, but i just finished a more or less detailed overview with all testpoints of the bare main PCB.

In fact i'm refering to this post....

... so we once more act like a team
I would like to thank ulissescg for the excellent high resolution pics.
So these were the base for my editing....

EDIT:
You may wonder why some of the testpoints are not assigned like it is shown in the first post.
The answer is easy... i only marked the ones that are confirmed as correct during extensive experiments/measurements on the board.
Should be easy to check the remaining for functionality too.

EDIT:
Maybe it's not the best idea to put it all here for public access....
So i just decided to remove the files, because they contain confidential data that were collected from different sources in the web.
Some are not easy to find and maybe it's better to keep some secrets.
Best regards to Qualcomm and HTC

Please send me PM!

Have fun!

scholbert

Why remove them ? if they are available on the internet, its pretty much in the public domain? unless the information was disclosed under agreement or obtained though channels which were perhaps not totally legit ?
16th April 2010, 10:06 AM |#493  
Senior Member
Thanks Meter: 809
 
More
Quote:
Originally Posted by gymmy

Why remove them ? if they are available on the internet, its pretty much in the public domain? unless the information was disclosed under agreement or obtained though channels which were perhaps not totally legit ?

To make a long story short:
I'm little afraid and maybe something like paranoid, that some of the guys building the phones come along and have a look what happens here.
Apart from that there's google that's make searching easy....

Now what we are doing here is reverse engineering.... these pics are the detailed result of it. So it's as simple as: i don't want them to know what i know

There's even more behind it... but i promised a short story.

Send me PM

scholbert
17th April 2010, 01:57 PM |#494  
Member
Thanks Meter: 0
 
More
Well RevENG isnt new but i do understand where your coming from.

These company's all RevENG , this is how they produce clones to the "iphone" so quickly ... Well from a hardware perspective.

But really, there isnt anything on here that is how should we put it.... non standard or using methods which are "new" ... difference is is that we do it for free and release it to the general public... i know Qualcom doesn't particularly want all of the AT commands and what they do released publicly as people will be able to misuse their phones on the networks , but its like people who find vulnerabilities in OS, if they are found and corrected its makes everything more safe !

G
17th April 2010, 03:51 PM |#495  
Account currently disabled
Thanks Meter: 100
 
More
Quote:
Originally Posted by gymmy

Well RevENG isnt new but i do understand where your coming from.

These company's all RevENG , this is how they produce clones to the "iphone" so quickly ... Well from a hardware perspective.

But really, there isnt anything on here that is how should we put it.... non standard or using methods which are "new" ... difference is is that we do it for free and release it to the general public... i know Qualcom doesn't particularly want all of the AT commands and what they do released publicly as people will be able to misuse their phones on the networks , but its like people who find vulnerabilities in OS, if they are found and corrected its makes everything more safe !

G

Actually, fruit clones do NOT involve any kind of reverse engineering AT ALL. They are actually NOT clones. They're just look-alikes. They use entirely different hardware, which they package into a physical form that physically appears the same as that fruity junk. They also use a totally different operating system that is SKINNED TO LOOK LIKE fruit.
r3s-rt
19th April 2010, 10:19 AM |#496  
Guest
Thanks Meter: 0
 
More
Quote:
Originally Posted by lbcoder

Actually, fruit clones do NOT involve any kind of reverse engineering AT ALL. They are actually NOT clones. They're just look-alikes. They use entirely different hardware, which they package into a physical form that physically appears the same as that fruity junk. They also use a totally different operating system that is SKINNED TO LOOK LIKE fruit.

Yup.

Quote:
Originally Posted by gymmy

Well RevENG isnt new but i do understand where your coming from.

These company's all RevENG , this is how they produce clones to the "iphone" so quickly ... Well from a hardware perspective.

But really, there isnt anything on here that is how should we put it.... non standard or using methods which are "new" ... difference is is that we do it for free and release it to the general public... i know Qualcom doesn't particularly want all of the AT commands and what they do released publicly as people will be able to misuse their phones on the networks , but its like people who find vulnerabilities in OS, if they are found and corrected its makes everything more safe !

G

You should go watch some of these "clones" in action. Some of the OS look almost just like android and lack touch screen support. Much less, a notification bar that even pulls down. That's just OS side, though. As for the looks, yea. Its just pretty plastic. Metal if you're lucky. I mean, honestly, you can probably find one that blows the g1 out of the water, but most are just horrible and a laughable experience for anyone who's ever actually owned one of the phones its cloning.
19th April 2010, 04:31 PM |#497  
Account currently disabled
Thanks Meter: 100
 
More
Quote:
Originally Posted by r3s-rt

Yup.



You should go watch some of these "clones" in action. Some of the OS look almost just like android and lack touch screen support. Much less, a notification bar that even pulls down. That's just OS side, though. As for the looks, yea. Its just pretty plastic. Metal if you're lucky. I mean, honestly, you can probably find one that blows the g1 out of the water, but most are just horrible and a laughable experience for anyone who's ever actually owned one of the phones its cloning.

...interesting thing about android.... the "clones" are actually becoming *not*-clones. Why use incompatible trash when you can load the REAL ANDROID onto your device? CECT for example "sciphone","hiphone" -- probably the biggest cloner -- now uses GENUINE ANDROID on several models including n12, n16, n17, n19, n21.
19th April 2010, 06:31 PM |#498  
xaueious's Avatar
Senior Member
Flag Toronto
Thanks Meter: 179
 
More
I wanted to ask for an update for JTAG progress on the HTC Magic. It's been a while since the JTAG points have been discovered, but I'm wondering any of you guys got a Magic to play with now.




Shanzhai Android
Oh and off topic, but I think Android handsets have not been cloned directly because the cost of cloning the device makes the device more expensive than what most Chinese consumers would pay, as the cost of components makes the new Shanzai phones equal in cost to the gray market refurbished phones. The few that have come out actually are more expensive than used HTC phones brand new, and suffer from a range of quality issues.

This is my own term, but gray market refurbs refer to phones that contain parts from different physical phones, and will have unmatching IMEI numbers between the physical components. Look-a-likes, which typically run MTK OS and have much slower hardware specifications where the manufacturers are cutting corners to make money and to bring down the cost of the handset. Typical cost for look-alikes are around $1000RMB, where as refurbs cost a similar amount of money as used units ($1800 and up RMB) since there is no distinguishable difference between a genuine and a refurb to most. I'd imagine that the production efficiency of HTC and other real manufacturers make up for what even the Shanzhai manufacturers try to pull off.

In any case, those look-alike clone phones are physically different than HTC phones all the time. I have yet to see Shanzhai cellphone clones that are actually replicas. They usually just clone the looks, then downgrade the hardware significantly and slap MTKOS with an iPhone skin on it.
19th April 2010, 10:41 PM |#499  
ezterry's Avatar
Retired Recognized Developer
Flag Asheville, NC
Thanks Meter: 1,005
 
Donate to Me
More
Quote:
Originally Posted by xaueious

I wanted to ask for an update for JTAG progress on the HTC Magic. It's been a while since the JTAG points have been discovered, but I'm wondering any of you guys got a Magic to play with now.

bart9984 sounds close to attempting a de-brick from a SPL/radio flash boot mode 3 brick.


Otherwise regarding the rogrers magic phones I'm still waiting for a phone to poke; http://forum.xda-developers.com/show...&postcount=137

One person has indicated interest in providing a test phone.. but we have yet to find a mutual time to link up.


Since my debrick and re-root I'm not sure I've heard of other attempts... successful or otherwise;

Unless we count (a) commercial products posting in as many places as possible to increase google results. (b) the fact I've repeated the process a few times now..
20th April 2010, 05:11 AM |#500  
Member
Thanks Meter: 0
 
More
im still working on debricking the Magic with serial interface, have managered to be able to write to the NVRAM with a utility so i hope (fingers crossed) that ill be able to get a NVdump from phone that is operating so i can see if there are many differences between the 2 and look at changing these.

Does anyone have one ?

G.
20th April 2010, 12:54 PM |#501  
Member
Thanks Meter: 3
 
More
Hey All,

Apologies for putting some more Magic info in here, I know the JTAG points have been posted for the 32A, just took some pictures of my 32B and trying to confirm theyre the same - Couple of pictures below, same thing in both just not sure which is easier to view.

The red are the ones I'm assuming are the same as the 32A hardware however the green/blue I'm not sure which is the correct point? I think it's green given the proximity to the upper side of my picture when compared to the points outlined over here http://www.omnia-repair.com/forum/to...2a-jtag-pinout

The other question I have is trying to find a 2.6vref off the magic's internals.

I haven't looked yet as I'm waiting on the parts for the serial cable etc to arrive before taking it any further.

If anyone has any further info on the Magic I'd love to know

Thanks
Attached Thumbnails
Click image for larger version

Name:	P1000035.jpg
Views:	223
Size:	94.9 KB
ID:	312834   Click image for larger version

Name:	P1000038.jpg
Views:	184
Size:	86.6 KB
ID:	312835  
Post Reply Subscribe to Thread

Tags
jtag

Guest Quick Reply (no urls or BBcode)
Message:
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes