FORUMS
Remove All Ads from XDA

[Discussion] Direct access to e-MMC to fix bricked KF (HD 8.9 version)

49 posts
Thanks Meter: 85
 
By kurohyou, Member on 23rd December 2013, 04:50 AM
Post Reply Email Thread
Hello my brothers from the KF HD 8.9" forum! I come from over yonder at the KF2 forum with some useful information. Several months ago, I started this thread about "hacking" a KF2 in order to restore it from hardbrick. Well, thanks to a generous donation from @v0id7, I've finished the first steps of the process for 8.9" devices ! Unfortunately, as I do not have a spare 8.9" sitting around, all I can do is provide the pinout for continuing the process (although, v0id7 has mentioned to me that he is going to test it out on his device).

I have most of the process for the KF2 outlined over on this guide (minus the software part for now), but if you don't want to read that or the other post, here's a short rundown: You solder to a few points on the motherboard, allowing you to bypass the KF's processor and directly access the information on the eMMC. This allows you to reflash whatever it was that you flashed in the first place to kill said KF.

Once I have word from v0id7 that this does indeed work on the 8.9" (which I can't foresee it not working), I'll probably set up a guide specifically for the 8.9", as well.

I'm also in the process of prototyping something that would allow access without soldering. Hopefully I'll have the prototype done in the next few days here.

Let me know if you have any questions/comments/concerns.


...and now that I've blathered on for a while, here's the pinout:



The Following 14 Users Say Thank You to kurohyou For This Useful Post: [ View ] Gift kurohyou Ad-Free
24th December 2013, 05:25 PM |#2  
JonnyLawless's Avatar
Junior Member
Flag Michigan City
Thanks Meter: 2
 
More
kurohyou, You are the King of all that is Kindle! you are an evil genius my friend.
The Following User Says Thank You to JonnyLawless For This Useful Post: [ View ] Gift JonnyLawless Ad-Free
24th December 2013, 10:25 PM |#3  
Member
Thanks Meter: 10
 
More
Thanks kurohyou for your efforts.

I tried to put all this together but unfortunately without success. Linux cannot open the block device reporting "No medium found". Full dmesg output is available upon request but in general the kernel usb driver keeps resetting the usb device and the usb reader led keeps flashing.

I also observed the following. When VccQ is disconnected I can measure a steady Vcc voltage of 3.12V being passed to the board. When I connect the VccQ as show in the picture, the Vcc (and VccQ) drops to 0V just like being shortened. Not being an hardware expert I suspect that VccQ input point may be incorrect.

Also I'm not very sure I get the exact Vcc soldering point from the picture posted. Even when I zoom it is not very clear where to solder to. I soldered Vcc to the right connection of a very small component (not sure resistor or capacitor) that sits between two relatively larger components above and below. Is this correct?
The Following User Says Thank You to v0id7 For This Useful Post: [ View ] Gift v0id7 Ad-Free
25th December 2013, 01:19 AM |#4  
OP Member
Flag Chicago
Thanks Meter: 85
 
More
Quote:
Originally Posted by v0id7

Thanks kurohyou for your efforts.

No, thank you for your donation and continuing the work!


Quote:
Originally Posted by v0id7

I tried to put all this together but unfortunately without success. Linux cannot open the block device reporting "No medium found". Full dmesg output is available upon request but in general the kernel usb driver keeps resetting the usb device and the usb reader led keeps flashing.

I also observed the following. When VccQ is disconnected I can measure a steady Vcc voltage of 3.12V being passed to the board. When I connect the VccQ as show in the picture, the Vcc (and VccQ) drops to 0V just like being shortened. Not being an hardware expert I suspect that VccQ input point may be incorrect.

That's a bit odd. I rechecked everything and it's all correct. What happens if you connect VccQ and leave Vcc disconnected?

Quote:
Originally Posted by v0id7

Also I'm not very sure I get the exact Vcc soldering point from the picture posted. Even when I zoom it is not very clear where to solder to. I soldered Vcc to the right connection of a very small component (not sure resistor or capacitor) that sits between two relatively larger components above and below. Is this correct?

Yes, you are correct. Vcc as labelled in the photo above is the small component between the two larger components, the side opposite of the heat shield mount (or as looking at the board as above, the right side). Since it's not working with the current setup, though, hopefully that means we don't even need the Vcc point (fingers crossed).


Also, while waiting for your response, I'm going to take some time to apply voltage to the VccQ point and see if I get a voltage measurement at the Vcc pins on the eMMC mount pins. I might also take a moment to look at the data sheet for the eMMC itself if I can find it, too. I'll post again when I have some info.
25th December 2013, 03:36 AM |#5  
Member
Thanks Meter: 10
 
More
It works!
it works like a charm!

Here are my partitions (cat /proc/partitions) where sdb is the USB card reader:

major minor #blocks name

8 0 625131864 sda
8 1 102400 sda1
8 2 625027072 sda2
11 0 695600 sr0
7 0 547860 loop0
8 16 30535680 sdb
8 17 128 sdb1
8 18 256 sdb2
8 19 64 sdb3
8 20 16 sdb4
8 21 2 sdb5
8 22 10240 sdb6
8 23 65536 sdb7
8 24 16384 sdb8
8 25 8192 sdb9
8 26 8192 sdb10
8 27 907264 sdb11
8 28 665600 sdb12
8 29 28853248 sdb13
8 32 3834912 sdc
8 33 3785472 sdc1
Sorry for my previous post. It was my fault incorrectly tweaking CD_SW.
Tomorrow I'll reflash the boot partition sdb10 and I'll post the results here.

Great job kurohyou!
The Following 2 Users Say Thank You to v0id7 For This Useful Post: [ View ] Gift v0id7 Ad-Free
25th December 2013, 02:44 PM |#6  
Member
Thanks Meter: 10
 
More
Quote:
Originally Posted by v0id7

Tomorrow I'll reflash the boot partition sdb10 and I'll post the results here.

Ups and downs!

I flashed boot and recovery partitions but the Kindle still doesn't show any signs of life.
Before the flashing, when powered on it was at least detected for a second as OMAP device. Now its absolutely quiet.

What I did is flashing freedom-boot-8.4.6 to partition 10 and twrp-2.6.3.1-recovery to partition 9.

dd if=kfhd8-freedom-boot-8.4.6.img of=/dev/sdb10
dd if=kfhd8-twrp-2.6.3.1-recovery.img of=/dev/sdb9

Correct me if I'm wrong but IMO even just the boot patition should be sufficient to get control in fastboot mode.
Any ideas how to continue from here?

And two more questions:
  1. What behavior should I expect when connecting just the board with its USB cable to the USB port of a computer (no battery, no wifi board, no display, no power/volume controls).
  2. Is it mandatory to disconnect all soldered wires from the board to the USB reader when powering the motherboard on?
25th December 2013, 03:30 PM |#7  
OP Member
Flag Chicago
Thanks Meter: 85
 
More
Quote:
Originally Posted by v0id7

Ups and downs!

I flashed boot and recovery partitions but the Kindle still doesn't show any signs of life.
Before the flashing, when powered on it was at least detected for a second as OMAP device. Now its absolutely quiet.

What I did is flashing freedom-boot-8.4.6 to partition 10 and twrp-2.6.3.1-recovery to partition 9.

dd if=kfhd8-freedom-boot-8.4.6.img of=/dev/sdb10
dd if=kfhd8-twrp-2.6.3.1-recovery.img of=/dev/sdb9

Correct me if I'm wrong but IMO even just the boot patition should be sufficient to get control in fastboot mode.
Any ideas how to continue from here?

Try flashing it back to stock and seeing if there is any difference. Also, you might have to let it charge for a while. I think hard-bricking discharges the battery. I can't remember if I got anything when I first plugged it in or not.

If flashing to stock doesn't work, try passing bs=1 when you use dd. That somehow made all the difference for someone on the original KF2 thread.

Also, keep in mind, if you're putting the motherboard back in the case to hook it up, you need to shield the contacts on the bottom from the case. A quick measure with my DMM showed that the inside of the back case is conductive!


Only semi-related: I was trying to find the partition layout for the 8.9", but a quick search didn't yield anything. Do you happen to have a link to it? I'd like it for reference and to place on the website I'm making.

Quote:
Originally Posted by v0id7

What behavior should I expect when connecting just the board with its USB cable to the USB port of a computer (no battery, no wifi board, no display, no power/volume controls).

I honestly don't know. I never really thought to try. My only guess would be that bootup would probably fail because the motherboard couldn't recognize its devices? I must admit that I'm not particularly familiar with the boot process, so it's just a shot in the dark.

Quote:
Originally Posted by v0id7

Is it mandatory to disconnect all soldered wires from the board to the USB reader when powering the motherboard on?

I never tried it any other way. My concern with leaving them connected is that you're now passing power back to the SD card reader, so it could result in some funny business. If you're concerned about having to resolder to the motherboard multiple times, I suppose a safer alternative would be to desolder all the wires from the SD card reader and keep them from shorting. You also might be able to get away with just desoldering the supply wires (Vcc and VccQ) and keeping them insulated from contacting anything (including each other).
25th December 2013, 03:45 PM |#8  
Member
Thanks Meter: 10
 
More
Quote:
Originally Posted by kurohyou

Try flashing it back to stock and seeing if there is any difference. Also, you might have to let it charge for a while. I think hard-bricking discharges the battery. I can't remember if I got anything when I first plugged it in or not.

If flashing to stock doesn't work, try passing bs=1 when you use dd. That somehow made all the difference for someone on the original KF2 thread.

I'm on it. Luckily I have stock backup.

Quote:
Originally Posted by kurohyou

I was trying to find the partition layout for the 8.9", but a quick search didn't yield anything. Do you happen to have a link to it? I'd like it for reference and to place on the website I'm making.

Taken from stock firmware:
mmcblk0p1 xloader
mmcblk0p2 bootloader
mmcblk0p3 idme
mmcblk0p4 crypto
mmcblk0p5 misc
mmcblk0p6 dkernel
mmcblk0p7 dfs
mmcblk0p8 efs
mmcblk0p9 recovery
mmcblk0p10 boot
mmcblk0p11 system
mmcblk0p12 cache
mmcblk0p13 userdata
The Following 2 Users Say Thank You to v0id7 For This Useful Post: [ View ] Gift v0id7 Ad-Free
25th December 2013, 04:57 PM |#9  
OP Member
Flag Chicago
Thanks Meter: 85
 
More
What did you do that hardbricked it in the first place? I may be mistaken, but I thought that overwriting boot wasn't an issue, it was bootloader that generally did it?
26th December 2013, 04:54 PM |#10  
Member
Thanks Meter: 10
 
More
All,

I think I have to stop here. Yesterday while soldering the wires for second time I caused unrecoverable damage to the board – the CLOCK pad got torn off of the PCB. I guess I have overheated the pad.

Anyway, I do believe that the approach of unbricking kfhd89 with directly flashing the eMMC will work! The pinout provided by @kurohyou proved to be correct – I successfully got access to the flash partitions. I just thoroughly sorry that during my first attempt I flashed the boot partition instead of the bootloader (which was actually the faulty one).

Quote:
Originally Posted by kurohyou

What did you do that hardbricked it in the first place? I may be mistaken, but I thought that overwriting boot wasn't an issue, it was bootloader that generally did it?

I bricked my Kindle by flashing bootloader with incomplete download. I was happily running CM10.1 for quite a long time but decided to upgrade TWRP and didn’t check the md5s .

I hope there will be someone with "brave heart" and bricked Kindle to continue this project as we are only a step away from marking it as confirmed.
26th December 2013, 05:15 PM |#11  
OP Member
Flag Chicago
Thanks Meter: 85
 
More
Quote:
Originally Posted by v0id7

All,

I think I have to stop here. Yesterday while soldering the wires for second time I caused unrecoverable damage to the board – the CLOCK pad got torn off of the PCB. I guess I have overheated the pad.

Ouch. I hate when that happens. I can't say I haven't been there before, too, though. There may still be some hope for repairing it. I'll track down another point. If you don't want to mess with soldering again, you can always send it to me once I finish this solderless access device. I'm just waiting for UPS to deliver a pair of Loc Line pliers (I was supposed to get them on Tuesday) so I can finish drilling some holes in these nozzles to feed the wire. I hope to have it completed and tested (with pictures) by the beginning of next week. If you want a general idea of what it will look like, take a look at this and imagine spring-loaded contact probes in place of the alligator clips.

Also, JohnnyLawless is in my neck of the woods and needs his device repaired, so we're planning to meet up and make it happen. At that time, I'm planning on taking pictures and screenshots for a guide.
Post Reply Subscribe to Thread

Tags
emmc, hard-bricked, kindle fire 8.9, repair, soldering

Guest Quick Reply (no urls or BBcode)
Message:
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes