FORUMS
Remove All Ads from XDA

UART Output/ Bootloader hacking/ Kernel Debugging on AT&T SGS2

5,226 posts
Thanks Meter: 9,887
 
By AdamOutler, Inactive Recognized Developer on 21st October 2011, 04:08 PM
Post Reply Email Thread
Hey, one of my buddies got a SGS2. I was able to play with it for a bit. I sterilized the Serial numbers. This was recorded on Linux, then transfered to Windows, so the formatting was off. I had to use some Microsoft Word Regex in order to get it to format right.

here's the full UART Logs
http://pastebin.ubuntu.com/715171/
http://pastebin.ubuntu.com/715182/

Here's a single boot log
Code:
Welcome to Samsung Primitive Bootloader.
build time: Aug 27 2011 04:53:51
current time: f4/f/4 3f:69:11
[set_mmc_ocr] Sector Mode
[hsmmc_init] MMC card is detected
Product Name : VYL00M
<display_card_info:1009> ext_csd
<display_card_info:1011>card_size: 15028
 Total Card Size: 15029 MByte
mmc_init: card initialization completed!
pbl found bootable sbl in #49152.
jump to sbl 0x4d400000.

Secondary Bootloader v3.1 version.
Copyright (C) 2011 System S/W Group. Samsung Electronics Co., Ltd.
Board: C1 REV 02 / Aug 27 2011 04:53:57
current time: f4/f/4 3f:69:11
booting code=0x0
[set_mmc_ocr] Sector Mode
[hsmmc_init] MMC card is detected
Product Name : VYL00M
CID:150100 56594c30 304d1926 b2473a8e
<display_card_info:1040> ext_csd
<display_card_info:1042>card_size: 15028
 Total Card Size: 15029 MByte
 Total Sector Count: 30777344
MoviNand Initialization Complete!

===== PARTITION INFORMATION =====
 ID         : GANG (0x0)
 DEVICE     : MMC
 FIRST UNIT : 0
 NO. UNITS  : 0
=================================
 ID         : BOOT (0x1)
 DEVICE     : MMC
 FIRST UNIT : 0
 NO. UNITS  : 0
=================================
 ID         : EFS (0x4)
 DEVICE     : MMC
 FIRST UNIT : 8192
 NO. UNITS  : 40960
=================================
 ID         : SBL1 (0x2)
 DEVICE     : MMC
 FIRST UNIT : 49152
 NO. UNITS  : 2560
=================================
 ID         : SBL2 (0x3)
 DEVICE     : MMC
 FIRST UNIT : 53248
 NO. UNITS  : 2560
=================================
 ID         : PARAM (0x5)
 DEVICE     : MMC
 FIRST UNIT : 57344
 NO. UNITS  : 16384
=================================
 ID         : KERNEL (0x6)
 DEVICE     : MMC
 FIRST UNIT : 73728
 NO. UNITS  : 16384
=================================
 ID         : RECOVERY (0x7)
 DEVICE     : MMC
 FIRST UNIT : 90112
 NO. UNITS  : 16384
=================================
 ID         : CACHE (0x8)
 DEVICE     : MMC
 FIRST UNIT : 106496
 NO. UNITS  : 512000
=================================
 ID         : MODEM (0x9)
 DEVICE     : MMC
 FIRST UNIT : 618496
 NO. UNITS  : 32768
=================================
 ID         : FACTORYFS (0xa)
 DEVICE     : MMC
 FIRST UNIT : 651264
 NO. UNITS  : 1048576
=================================
 ID         : DATAFS (0xb)
 DEVICE     : MMC
 FIRST UNIT : 1699840
 NO. UNITS  : 4194304
=================================
 ID         : UMS (0xc)
 DEVICE     : MMC
 FIRST UNIT : 5894144
 NO. UNITS  : 23826432
=================================
 ID         : HIDDEN (0xd)
 DEVICE     : MMC
 FIRST UNIT : 29720576
 NO. UNITS  : 1048576
=================================
loke_init: j4fs_open..success
<start_checksum:1033>CHECKSUM_HEADER_SECTOR :42
<start_checksum:1035>offset:42, size:1024
Not Need Movinand Checksum
load_lfs_parameters valid magic code and version.
switch_sel_str='6543 '
load_debug_level: read debug level successfully(0x574f4c44)...LOW
init_ddi_data: usable ddi data.
init_fuel_gauge : not por status
fuel_gauge_get_version: [1]=0, [0]=92
init_fuel_gauge: vcell = 3848 mV, vfocv = 3915 mV, soc = 66 
init_fuel_gauge : check s/w reset (20000000) : use wide tolerance
microusb_get_attached_device: STATUS1:0x3d, 2:0x40
6308 = (382800 - 337808)*14022/100000
[3] 388426 = (6308 * 100000) / 11164 + 331923
init_microusb_ic: MUIC: CONTROL1:0x1b
init_microusb_ic: MUIC: CONTROL1:0x1b
init_microusb_ic: MUIC: CONTROL2:0x3a
init_microusb_ic: MUIC: CONTROL2:0x3a
reading nps status file is successfully!.
nps status=0x504d4f43
PMIC_IRQSRC  = 0x2 
PMIC_IRQ1    = 0x33 
PMIC_IRQ2    = 0x1b 
PMIC_IRQ3    = 0x3 
PMIC_IRQ4    = 0x11 
PMIC_STATUS1 = 0x2 
PMIC_STATUS2 = 0x17 
PMIC_STATUS3 = 0x3 
PMIC_STATUS4 = 0x2 
bootloader base address=0x4d400000
LPDDR0 1st. cached=0x40000000, size=0xe400000
LPDDR0 non-cached=0x4e400000, size=0xa00000
LPDDR0 2nd. cached=0x4ee00000, size=0x1200000
RST_STAT = 0x20000000
get_hwrev() = 14
board_process_platform: MAGIC 0 at 40000000!
microusb_get_attached_device: STATUS1:0x3d, 2:0x40
microusb_get_attached_device: STATUS1:0x3d, 2:0x40
microusb_get_attached_device: STATUS1:0x3d, 2:0x40
microusb_get_attached_device: STATUS1:0x3d, 2:0x40
hw_pm_status: jig_status = 1, chg_status = 0
DISPLAY_PATH_SEL[MDNIE 0x1]is on
div:2, FB_SOURCE_CLOCK:667000000, FB_PIXEL_CLOCK:25067520
MDNIE setting Init start!!
vsync interrupt is off
video interrupt is off
[fb0] turn on
MDNIE setting Init end!!
Autoboot (0 seconds) in progress, press any key to stop 
boot_kernel: debug level low!
checkbit: find RECOVERY
checkbit (0)
......ATAG_CORE: 5 54410001 0 0 0
MEMCONFIG: 20e01323 20e01323
ATAG_MEM: 4 54410002 10000000 40000000
ATAG_MEM: 4 54410002 10000000 50000000
ATAG_MEM: 4 54410002 10000000 60000000
ATAG_MEM: 4 54410002 10000000 70000000
ATAG_SERIAL: 
ATAG_REVISION: 3 54410007 e
ATAG_CMDLINE: 39 54410009 'loglevel=4 console=ttySAC2,115200 sec_debug.enable=0 sec_debug.enable_user=0 c1_watchd                                                                                                                                        ATAG_NONE: 0 0
Starting kernel at 0x40008000...
Uncompressing Linux... done, booting the kernel.
[    0.000000] s3c_register_clksrc: clock armclk has no registers set
[    0.000000] mout_audss: bad source 0
[    0.000000] mem infor: bank0 start-> 0x40000000, bank0 size-> 0x10000000[30;89H[    0.000000] bank1 start-> 0x50000000, bank1 size-> 0x10000000
[    0.000000] CMA reserve : pmem, addr is 0x4fc00000, size is 0x400000
[    0.000000] CMA reserve : pmem_gpu1, addr is 0x4f800000, size is 0x400000
[    0.000000] CMA reserve : pmem_adsp, addr is 0x4f47c000, size is 0x384000
[    0.000000] CMA reserve : fimd, addr is 0x4f17c000, size is 0x300000
[    0.000000] CMA reserve : mfc0, addr is 0x4cd7c000, size is 0x2400000
[    0.000000] CMA reserve : mfc1, addr is 0x4a97c000, size is 0x2400000
[    0.000000] CMA reserve : fimc0, addr is 0x4a47c000, size is 0x500000
[    0.000000] CMA reserve : fimc1, addr is 0x4967c000, size is 0xe00000
[    0.000000] CMA reserve : fimc2, addr is 0x47e7c000, size is 0x1800000
[    0.000000] CMA reserve : fimc3, addr is 0x4777c000, size is 0x700000
[    0.000000] CMA reserve : srp, addr is 0x4767c000, size is 0x100000
[    0.000000] CMA reserve : jpeg, addr is 0x4627c000, size is 0x1400000
[    0.000000] CMA reserve : fimg2d, addr is 0x45a7c000, size is 0x800000
[    0.000000] CMA reserve : (null), addr is 0x45a7c000, size is 0x0
[    0.000000] (sec_debug_set_upload_magic) 66262564
[    0.000000] (sec_debug_set_upload_cause) cafebabe
[    0.121650] s5pv310_subrev: 1
[    0.166379] ram_console: invalid start 0 or end 0
[    0.251103] max8997 5-0066: max8997_irq_init: fail to read PMIC ID(-6)
[    0.648050] [TSP] family = 0x81, variant = 0x1, version = 0x10, build = 170
The Following 13 Users Say Thank You to AdamOutler For This Useful Post: [ View ] Gift AdamOutler Ad-Free
 
 
21st October 2011, 04:09 PM |#2  
Partition information
Code:
===== PARTITION INFORMATION =====
 ID         : GANG (0x0)
 DEVICE     : MMC
 FIRST UNIT : 0
 NO. UNITS  : 0
=================================
 ID         : BOOT (0x1)
 DEVICE     : MMC
 FIRST UNIT : 0
 NO. UNITS  : 0
=================================
 ID         : EFS (0x4)
 DEVICE     : MMC
 FIRST UNIT : 8192
 NO. UNITS  : 40960
=================================
 ID         : SBL1 (0x2)
 DEVICE     : MMC
 FIRST UNIT : 49152
 NO. UNITS  : 2560
=================================
 ID         : SBL2 (0x3)
 DEVICE     : MMC
 FIRST UNIT : 53248
 NO. UNITS  : 2560
=================================
 ID         : PARAM (0x5)
 DEVICE     : MMC
 FIRST UNIT : 57344
 NO. UNITS  : 16384
=================================
 ID         : KERNEL (0x6)
 DEVICE     : MMC
 FIRST UNIT : 73728
 NO. UNITS  : 16384
=================================
 ID         : RECOVERY (0x7)
 DEVICE     : MMC
 FIRST UNIT : 90112
 NO. UNITS  : 16384
=================================
 ID         : CACHE (0x8)
 DEVICE     : MMC
 FIRST UNIT : 106496
 NO. UNITS  : 512000
=================================
 ID         : MODEM (0x9)
 DEVICE     : MMC
 FIRST UNIT : 618496
 NO. UNITS  : 32768
=================================
 ID         : FACTORYFS (0xa)
 DEVICE     : MMC
 FIRST UNIT : 651264
 NO. UNITS  : 1048576
=================================
 ID         : DATAFS (0xb)
 DEVICE     : MMC
 FIRST UNIT : 1699840
 NO. UNITS  : 4194304
=================================
 ID         : UMS (0xc)
 DEVICE     : MMC
 FIRST UNIT : 5894144
 NO. UNITS  : 23826432
=================================
 ID         : HIDDEN (0xd)
 DEVICE     : MMC
 FIRST UNIT : 29720576
 NO. UNITS  : 1048576
=================================
The Following 4 Users Say Thank You to AdamOutler For This Useful Post: [ View ] Gift AdamOutler Ad-Free
21st October 2011, 04:11 PM |#3  
SBL Commands
Code:
Following commands are supported:
* movichk
* setenv
* saveenv
* printenv
* help
* reset
* boot
* kernel
* loadpart
* loadkernel
* erasepart
* format
* open
* close
* eraseall
* showpart
* addpart
* delpart
* savepart
* nkernel
* nandread
* nandwrite
* usb
* crc
* log
* sud
* upload
* emmc
* keyread
* readadc
* mmctest
* usb_read
* usb_write
* fuelgauge

There's some new ones in this 3.1 version of Samsung SBL

* crc
* log
* sud
* upload
* emmc

I think Upload allows a dump of all partitions. Also, Keyread allows testing of button presses, Volume - =0 Volume + = 1, Power = 2
The Following 5 Users Say Thank You to AdamOutler For This Useful Post: [ View ] Gift AdamOutler Ad-Free
21st October 2011, 04:12 PM |#4  
I couldn't get a FULL debug log in the time I had, but I managed to get some kernel output.

Code:
Starting kernel at 0x40008000...
Uncompressing Linux... done, booting the kernel.
[    0.000000] s3c_register_clksrc: clock armclk has no registers set
[    0.000000] mout_audss: bad source 0
[    0.000000] mem infor: bank0 start-> 0x40000000, bank0 size-> 0x10000000[30;89H[    0.000000] bank1 start-> 0x50000000, bank1 size-> 0x10000000
[    0.000000] CMA reserve : pmem, addr is 0x4fc00000, size is 0x400000
[    0.000000] CMA reserve : pmem_gpu1, addr is 0x4f800000, size is 0x400000
[    0.000000] CMA reserve : pmem_adsp, addr is 0x4f47c000, size is 0x384000
[    0.000000] CMA reserve : fimd, addr is 0x4f17c000, size is 0x300000
[    0.000000] CMA reserve : mfc0, addr is 0x4cd7c000, size is 0x2400000
[    0.000000] CMA reserve : mfc1, addr is 0x4a97c000, size is 0x2400000
[    0.000000] CMA reserve : fimc0, addr is 0x4a47c000, size is 0x500000
[    0.000000] CMA reserve : fimc1, addr is 0x4967c000, size is 0xe00000
[    0.000000] CMA reserve : fimc2, addr is 0x47e7c000, size is 0x1800000
[    0.000000] CMA reserve : fimc3, addr is 0x4777c000, size is 0x700000
[    0.000000] CMA reserve : srp, addr is 0x4767c000, size is 0x100000
[    0.000000] CMA reserve : jpeg, addr is 0x4627c000, size is 0x1400000
[    0.000000] CMA reserve : fimg2d, addr is 0x45a7c000, size is 0x800000
[    0.000000] CMA reserve : (null), addr is 0x45a7c000, size is 0x0
[    0.000000] (sec_debug_set_upload_magic) 66262564
[    0.000000] (sec_debug_set_upload_cause) cafebabe
[    0.121650] s5pv310_subrev: 1
[    0.166379] ram_console: invalid start 0 or end 0
[    0.251103] max8997 5-0066: max8997_irq_init: fail to read PMIC ID(-6)
[    0.648050] [TSP] family = 0x81, variant = 0x1, version = 0x10, build = 170
The Following 3 Users Say Thank You to AdamOutler For This Useful Post: [ View ] Gift AdamOutler Ad-Free
21st October 2011, 04:14 PM |#5  
othermark's Avatar
Senior Member
Flag WA
Thanks Meter: 87
 
More
Would be interesting to see the logs from a boot with the flash counter incremented (yellow triangle) to see if it's logged and what it's keying on.
21st October 2011, 04:14 PM |#6  
Senior Member
Flag jersey city
Thanks Meter: 32
 
Donate to Me
More
Hi Adam,

Nice to see u here on this forum , hope to see some of your great work here on S II.
21st October 2011, 04:15 PM |#8  
Quote:
Originally Posted by othermark

Would be interesting to see the logs from a boot with the flash counter incremented (yellow triangle) to see if it's logged and what it's keying on.

You can reset the counter via UART
The Following User Says Thank You to AdamOutler For This Useful Post: [ View ] Gift AdamOutler Ad-Free
21st October 2011, 05:09 PM |#9  
Senior Member
Flag La Grange, KY
Thanks Meter: 101
 
More
What ROM did you dump JH7/KJ1/KJ2 ?
21st October 2011, 07:30 PM |#10  
Senior Recognized Developer
Flag Owego, NY
Thanks Meter: 25,476
 
Donate to Me
More
Quote:
Originally Posted by AdamOutler

You can reset the counter via UART

Jig will reset it too - or will UART reset it even on the J2 bootloaders?
The Following User Says Thank You to Entropy512 For This Useful Post: [ View ]
21st October 2011, 07:47 PM |#11  
Senior Member
Flag Austin
Thanks Meter: 398
 
More
Quote:
Originally Posted by Entropy512

Jig will reset it too - or will UART reset it even on the J2 bootloaders?

Can you flash back the J1 bootloader with ODIN? I'm willing to try this.
Post Reply Subscribe to Thread

Guest Quick Reply (no urls or BBcode)
Message:
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes