Bootloader Cracking : Devs only

Status
Not open for further replies.
Search This thread

MrHassell

Senior Member
Dec 10, 2010
393
249
Melbourne
innertech.com.au
TL (Tender Loins)

probable that this vuln. may not be present in X10.
+1 - the_laser is expert in this - OMAP secure bootrom - afik setool is the_laser's project (correct me if I'm mistaken) would be great if this applied to the Xperia - as thankfully pointed out - I really appreciate it ;)

Confirm this with root explorer! look in - /system/build.prop - view as text and scroll to bottom;

Code:
ro.drm.active.3=marlin,1

The Elgamal signature scheme was precursor to DSA and variants including Schnorr and Pointcheval-Stern. "Digital signature" is nice reading but my favorite a paperback by Steven Levy called Crypto - great writing could be a movie!
 
Last edited:

MrHassell

Senior Member
Dec 10, 2010
393
249
Melbourne
innertech.com.au
somebody has to explain me this function for mathematica:

http://www.linkpdf.com/ebook-viewer.php?url=http://wan.khudri.com/my_files/icici2005/paper_ICICI_2005.pdf - Matlab / same deal..

Stas Fomin - made a Mathmatica 2.2 function to share for download from his homepage :) Diggin the design :p http://www.oocities.org/stas_fomin/math.htm

Find signature by Elgamal signature scheme for plain text message P=823 with public key (p,r,b)=(2657,3,801), private key a=211, and where the integer k=101 is selected to construct the signature. Show how the signature is verified.

Signature: (m,n) where
m = r^k mod p
= 3^101 mod 2657
= 2022 mod 2657

n = k^(-1) (P - am) mod (p-1)
= 101^(-1) * (823 - 211 * 2022) mod 2656
= 973 * 1797 mod 2656, via 973 * 101 - 37 * 2656 = 1.
= 833 mod 2656.

Verification: Show that b^m * m^n = r^P mod p.

Compute
b^m * m^n = 801^2022 * 2022^833 mod 2657
2157 * 228 = 1014 mod 2657.

r^P = 3^823 mod 2657
= 1014 mod 2657

UNIVERSITY OF RUHUNA - DEPARTMENT OF MATHEMATICS

Bachelor of Science (General) Degree (Level III)
Applied Mathematics / Industrial Mathematics
MAM 3213: Applied Algebra (Coding Theory)

Lab Assignment No: 08

ElGamal Scheme

Discrete Logarithm problem

Given p, g, and y, the discrete logarithm problem is to find x such that g x = y mod p, or
written another way, calculate x = logg,p y. It is easy to compute y from p, g, and x, but no
efficient way of calculating x from p, g, and y is known.
The naive way to calculate the discrete logarithm is simply to calculate g, g 2 , g 3 , . . . until
y is found.

This is inefficient since the time taken is proportional to p.

1. Implement a function to find a, given ax mod p.
The baby-step / giant-step algorithm

An improvement over the naive algorithm is to first calculate y, y.g, y.g 2 , y.g 3 , . . . , y.g a , where √ 2
a = ⌈ p⌉, and put the values in a hash table.

Then calculate g a , g 2a , g 3a , . . . , g a , and look in the table for a collision. In the case of a collision, g i .y = g ja gives y = g ja−i . The time taken √ is proportional to p.

2. Implement this procedure using Mathematica.

3. Plot log x and discrete log functions for given n.

ElGamal Public Key scheme

Step 1. Global elements: p a large prime, g primitive root of p.
Step 2. Decryption key: x - private, calculate a ≡ g x mod p.
Publish (p, g, a). (User A)
Step 3. Encryption: s message, 0 < s < p. Choose y - private, 0 < y < p.
Compute b ≡ g y mod p.
c ≡ say mod p.
Send (b, c). (User B)
Step 4. Decryption: Compute bx mod p ≡ ay .
then s ≡ (ay )−1 c mod p. (User A)

4. Implement ElGamal scheme using Mathematica.
 
Last edited:

qwer23

Senior Member
Jan 6, 2010
1,375
290
Realm of Württemberg
i think it isn't cracket its only ignored
Sent from my X8 using XDA App

Resulting in exactly the same --> custom ROMs. And if it's really true (god I hope it is ;)) I think he (and all that contributed) should get the reward that was promised for "cracking the bootloader".

btw. Bin4ry, since Touchscreen is working, can you already tell what works right now and what doesn't?

Cheers and a big f***ing thx to all of you!
qwer23
 
Last edited:

MrHassell

Senior Member
Dec 10, 2010
393
249
Melbourne
innertech.com.au
:)

Version 03 Touchscreen working, started again from scratch.

Please test and work with me. :)

Attached a log from the reboot which was very interesting!

[WARNING] CPU: ARMv7 Processor [510f00f2] revision 2 (ARMv7), cr=10c5387f
[WARNING] CPU: VIPT nonaliasing data cache, VIVT ASID tagged instruction cache
[WARNING] Machine: ES209RA
[INFORMATION] Partition (from atag) appslog -- Offset:1fde Size:22
[INFORMATION] Partition (from atag) cache -- Offset:1c64 Size:37a
[INFORMATION] Partition (from atag) system -- Offset:2d7 Size:b05
[INFORMATION] Partition (from atag) userdata -- Offset:ddc Size:e8
[WARNING] Memory policy: ECC disabled, Data cache writeback
[DEBUG] On node 0 totalpages: 91904
[DEBUG] free_area_init_node: node 0, pgdat c04e9130, node_mem_map c05d8000
[DEBUG] Normal zone: 766 pages used for memmap
[DEBUG] Normal zone: 0 pages reserved
[DEBUG] Normal zone: 91138 pages, LIFO batch:3
[INFORMATION] allocating 163840 bytes at c0900000 (20900000 physical) for kernel ebi1 pmem arena
[INFORMATION] allocating 29954048 bytes at c0928000 (20928000 physical) for mdp pmem arena
[INFORMATION] allocating 35217408 bytes at c40d8000 (240d8000 physical) for adsp pmem aren
[INFORMATION] using 5242880 bytes of SMI at 2b00000 physical for fb
[INFORMATION] allocating 524288 bytes at c626e000 (2626e000 physical) for audio
[INFORMATION] KDUMP: Reserved Crashk Memory
[WARNING] Built 1 zonelists in Zone order, mobility grouping on. Total pages: 91138
[NOTICE] Kernel command line: androidboot.hardware=es209ra vmalloc=256M g_android.product_id=0x312E console=ttyMSM0 semcandroidboot.serialno=CD777GODOX semcandroidboot.startup=0x00000038 semcandroidboot.000008A2=5831306
[ERROR] Unknown boot option `androidboot.hardware=es209ra': ignoring
[INFORMATION] USB serial number: CD777GODOX
[ERROR] Unknown boot option `semcandroidboot.000008A2=58313061': ignoring
[WARNING] PID hash table entries: 2048 (order: 11, 8192 bytes)
[WARNING] Console: colour dummy device 80x30
[INFORMATION] Dentry cache hash table entries: 65536 (order: 6, 262144 bytes)
[INFORMATION] Inode-cache hash table entries: 32768 (order: 5, 131072 bytes)
[INFORMATION] Memory: 232MB 127MB = 359MB total
[NOTICE] Memory: 285696KB available (4636K code, 1161K data, 140K init)
[INFORMATION] Calibrating delay loop... 255.59 BogoMIPS (lpj=1277952)
[WARNING] Mount-cache hash table entries: 512
[INFORMATION] CPU: Testing write buffer coherency: ok
[INFORMATION] net_namespace: 716 bytes
[INFORMATION] NET: Registered protocol family 16
[INFORMATION] Waiting for Modem...
[INFORMATION] socinfo_init: v3, id=30, ver=0.0, raw_id=0, raw_ver=0, hw_plat=
[INFORMATION] es209ra_init: startup_reason: 0x00000038
[ERROR] PVR0F2: 0
[ERROR] PVR0F2: 1
[INFORMATION] Max ACPU freq from efuse data is 998400 KHz
03/22/2011 00:58:56 [INFORMATION] ACPU running at 384000 KHz
03/22/2011 00:58:56 [INFORMATION] 5 scaling frequencies supported.
03/22/2011 00:58:56 [DEBUG] Bluetooth power switch initialized
03/22/2011 00:58:56 [DEBUG] msm_mddi_tmd_fwvga_display_device_init
03/22/2011 00:58:56 [WARNING] bio: create slab <bio-0> at 0
03/22/2011 00:58:56 [NOTICE] SCSI subsystem initialized
03/22/2011 00:58:56 [INFORMATION] usbcore: registered new interface driver usbfs
03/22/2011 00:58:56 [INFORMATION] usbcore: registered new interface driver hub
03/22/2011 00:58:56 [INFORMATION] usbcore: registered new device driver usb
03/22/2011 00:58:56 [INFORMATION] msm_i2c_probe
03/22/2011 00:58:56 [INFORMATION] msm_i2c_probe: clk_ctl 316, 384000 Hz
03/22/2011 00:58:56 [INFORMATION] msm_i2c_gpio_config: es209ra has only primary I2C.
03/22/2011 00:58:56 [INFORMATION] Bluetooth: Core ver 2.15
03/22/2011 00:58:56 [INFORMATION] NET: Registered protocol family 31
03/22/2011 00:58:56 [INFORMATION] Bluetooth: HCI device and connection manager initialized
03/22/2011 00:58:56 [INFORMATION] Bluetooth: HCI socket layer initialized
03/22/2011 00:58:56 [INFORMATION] cfg80211: Calling CRDA to update world regulatory domain
03/22/2011 00:58:56 [ERROR] cfg80211: calling CRDA failed - unable to update world regulatory domain, using static definition
03/22/2011 00:58:56 [INFORMATION] NET: Registered protocol family 2
03/22/2011 00:58:56 [INFORMATION] IP route cache hash table entries: 4096 (order: 2, 16384 bytes)
03/22/2011 00:58:56 [INFORMATION] TCP established hash table entries: 16384 (order: 5, 131072 bytes)
03/22/2011 00:58:56 [INFORMATION] TCP bind hash table entries: 16384 (order: 4, 65536 bytes)
03/22/2011 00:58:56 [INFORMATION] TCP: Hash tables configured (established 16384 bind 16384)
03/22/2011 00:58:56 [INFORMATION] TCP reno registered
03/22/2011 00:58:56 [INFORMATION] NET: Registered protocol family 1
03/22/2011 00:58:56 [INFORMATION] checking if image is initramfs...<7>Switched to high resolution mode on CPU 0
03/22/2011 00:58:56 [WARNING] it is

Very good!
 

Attachments

  • greatrun.txt
    31 KB · Views: 47
  • Like
Reactions: Tjawz

break1

Senior Member
Oct 29, 2010
429
40
33
Berlin
forum.xda-developers.com
Attached a log from the reboot which was very interesting!

[WARNING] CPU: ARMv7 Processor [510f00f2] revision 2 (ARMv7), cr=10c5387f
[WARNING] CPU: VIPT nonaliasing data cache, VIVT ASID tagged instruction cache
[WARNING] Machine: ES209RA
[INFORMATION] Partition (from atag) appslog -- Offset:1fde Size:22
[INFORMATION] Partition (from atag) cache -- Offset:1c64 Size:37a
[INFORMATION] Partition (from atag) system -- Offset:2d7 Size:b05
[INFORMATION] Partition (from atag) userdata -- Offset:ddc Size:e8
[WARNING] Memory policy: ECC disabled, Data cache writeback
[DEBUG] On node 0 totalpages: 91904
[DEBUG] free_area_init_node: node 0, pgdat c04e9130, node_mem_map c05d8000
[DEBUG] Normal zone: 766 pages used for memmap
[DEBUG] Normal zone: 0 pages reserved
[DEBUG] Normal zone: 91138 pages, LIFO batch:3
[INFORMATION] allocating 163840 bytes at c0900000 (20900000 physical) for kernel ebi1 pmem arena
[INFORMATION] allocating 29954048 bytes at c0928000 (20928000 physical) for mdp pmem arena
[INFORMATION] allocating 35217408 bytes at c40d8000 (240d8000 physical) for adsp pmem aren
[INFORMATION] using 5242880 bytes of SMI at 2b00000 physical for fb
[INFORMATION] allocating 524288 bytes at c626e000 (2626e000 physical) for audio
[INFORMATION] KDUMP: Reserved Crashk Memory
[WARNING] Built 1 zonelists in Zone order, mobility grouping on. Total pages: 91138
[NOTICE] Kernel command line: androidboot.hardware=es209ra vmalloc=256M g_android.product_id=0x312E console=ttyMSM0 semcandroidboot.serialno=CD777GODOX semcandroidboot.startup=0x00000038 semcandroidboot.000008A2=5831306
[ERROR] Unknown boot option `androidboot.hardware=es209ra': ignoring
[INFORMATION] USB serial number: CD777GODOX
[ERROR] Unknown boot option `semcandroidboot.000008A2=58313061': ignoring
[WARNING] PID hash table entries: 2048 (order: 11, 8192 bytes)
[WARNING] Console: colour dummy device 80x30
[INFORMATION] Dentry cache hash table entries: 65536 (order: 6, 262144 bytes)
[INFORMATION] Inode-cache hash table entries: 32768 (order: 5, 131072 bytes)
[INFORMATION] Memory: 232MB 127MB = 359MB total
[NOTICE] Memory: 285696KB available (4636K code, 1161K data, 140K init)
[INFORMATION] Calibrating delay loop... 255.59 BogoMIPS (lpj=1277952)
[WARNING] Mount-cache hash table entries: 512
[INFORMATION] CPU: Testing write buffer coherency: ok
[INFORMATION] net_namespace: 716 bytes
[INFORMATION] NET: Registered protocol family 16
[INFORMATION] Waiting for Modem...
[INFORMATION] socinfo_init: v3, id=30, ver=0.0, raw_id=0, raw_ver=0, hw_plat=
[INFORMATION] es209ra_init: startup_reason: 0x00000038
[ERROR] PVR0F2: 0
[ERROR] PVR0F2: 1
[INFORMATION] Max ACPU freq from efuse data is 998400 KHz
03/22/2011 00:58:56 [INFORMATION] ACPU running at 384000 KHz
03/22/2011 00:58:56 [INFORMATION] 5 scaling frequencies supported.
03/22/2011 00:58:56 [DEBUG] Bluetooth power switch initialized
03/22/2011 00:58:56 [DEBUG] msm_mddi_tmd_fwvga_display_device_init
03/22/2011 00:58:56 [WARNING] bio: create slab <bio-0> at 0
03/22/2011 00:58:56 [NOTICE] SCSI subsystem initialized
03/22/2011 00:58:56 [INFORMATION] usbcore: registered new interface driver usbfs
03/22/2011 00:58:56 [INFORMATION] usbcore: registered new interface driver hub
03/22/2011 00:58:56 [INFORMATION] usbcore: registered new device driver usb
03/22/2011 00:58:56 [INFORMATION] msm_i2c_probe
03/22/2011 00:58:56 [INFORMATION] msm_i2c_probe: clk_ctl 316, 384000 Hz
03/22/2011 00:58:56 [INFORMATION] msm_i2c_gpio_config: es209ra has only primary I2C.
03/22/2011 00:58:56 [INFORMATION] Bluetooth: Core ver 2.15
03/22/2011 00:58:56 [INFORMATION] NET: Registered protocol family 31
03/22/2011 00:58:56 [INFORMATION] Bluetooth: HCI device and connection manager initialized
03/22/2011 00:58:56 [INFORMATION] Bluetooth: HCI socket layer initialized
03/22/2011 00:58:56 [INFORMATION] cfg80211: Calling CRDA to update world regulatory domain
03/22/2011 00:58:56 [ERROR] cfg80211: calling CRDA failed - unable to update world regulatory domain, using static definition
03/22/2011 00:58:56 [INFORMATION] NET: Registered protocol family 2
03/22/2011 00:58:56 [INFORMATION] IP route cache hash table entries: 4096 (order: 2, 16384 bytes)
03/22/2011 00:58:56 [INFORMATION] TCP established hash table entries: 16384 (order: 5, 131072 bytes)
03/22/2011 00:58:56 [INFORMATION] TCP bind hash table entries: 16384 (order: 4, 65536 bytes)
03/22/2011 00:58:56 [INFORMATION] TCP: Hash tables configured (established 16384 bind 16384)
03/22/2011 00:58:56 [INFORMATION] TCP reno registered
03/22/2011 00:58:56 [INFORMATION] NET: Registered protocol family 1
03/22/2011 00:58:56 [INFORMATION] checking if image is initramfs...<7>Switched to high resolution mode on CPU 0
03/22/2011 00:58:56 [WARNING] it is

Very good!

That means? :p

Sent from my X10i using XDA App
 

mad-murdock

Retired Recognized Developer
Oct 11, 2010
2,373
1,670
Detmold
This is relevant :) Thanks for this, excellent post! Have to wait until I have more thanks credits as I just spilled them all on Bin4ry for the damn hot files being forked out.. this is killer!

Attached something -bmight be of interest... need to confirm this private key... have a look!

too bad my post a month back suggesting the same was ignored
 

Bin4ry

Inactive Recognized Developer
Nov 14, 2008
2,007
5,906
Berlin
Attached a log from the reboot which was very interesting!

[WARNING] CPU: ARMv7 Processor [510f00f2] revision 2 (ARMv7), cr=10c5387f
[WARNING] CPU: VIPT nonaliasing data cache, VIVT ASID tagged instruction cache
[WARNING] Machine: ES209RA
[INFORMATION] Partition (from atag) appslog -- Offset:1fde Size:22
[INFORMATION] Partition (from atag) cache -- Offset:1c64 Size:37a
[INFORMATION] Partition (from atag) system -- Offset:2d7 Size:b05
[INFORMATION] Partition (from atag) userdata -- Offset:ddc Size:e8
[WARNING] Memory policy: ECC disabled, Data cache writeback
[DEBUG] On node 0 totalpages: 91904
[DEBUG] free_area_init_node: node 0, pgdat c04e9130, node_mem_map c05d8000
[DEBUG] Normal zone: 766 pages used for memmap
[DEBUG] Normal zone: 0 pages reserved
[DEBUG] Normal zone: 91138 pages, LIFO batch:3
[INFORMATION] allocating 163840 bytes at c0900000 (20900000 physical) for kernel ebi1 pmem arena
[INFORMATION] allocating 29954048 bytes at c0928000 (20928000 physical) for mdp pmem arena
[INFORMATION] allocating 35217408 bytes at c40d8000 (240d8000 physical) for adsp pmem aren
[INFORMATION] using 5242880 bytes of SMI at 2b00000 physical for fb
[INFORMATION] allocating 524288 bytes at c626e000 (2626e000 physical) for audio
[INFORMATION] KDUMP: Reserved Crashk Memory
[WARNING] Built 1 zonelists in Zone order, mobility grouping on. Total pages: 91138
[NOTICE] Kernel command line: androidboot.hardware=es209ra vmalloc=256M g_android.product_id=0x312E console=ttyMSM0 semcandroidboot.serialno=CD777GODOX semcandroidboot.startup=0x00000038 semcandroidboot.000008A2=5831306
[ERROR] Unknown boot option `androidboot.hardware=es209ra': ignoring
[INFORMATION] USB serial number: CD777GODOX
[ERROR] Unknown boot option `semcandroidboot.000008A2=58313061': ignoring
[WARNING] PID hash table entries: 2048 (order: 11, 8192 bytes)
[WARNING] Console: colour dummy device 80x30
[INFORMATION] Dentry cache hash table entries: 65536 (order: 6, 262144 bytes)
[INFORMATION] Inode-cache hash table entries: 32768 (order: 5, 131072 bytes)
[INFORMATION] Memory: 232MB 127MB = 359MB total
[NOTICE] Memory: 285696KB available (4636K code, 1161K data, 140K init)
[INFORMATION] Calibrating delay loop... 255.59 BogoMIPS (lpj=1277952)
[WARNING] Mount-cache hash table entries: 512
[INFORMATION] CPU: Testing write buffer coherency: ok
[INFORMATION] net_namespace: 716 bytes
[INFORMATION] NET: Registered protocol family 16
[INFORMATION] Waiting for Modem...
[INFORMATION] socinfo_init: v3, id=30, ver=0.0, raw_id=0, raw_ver=0, hw_plat=
[INFORMATION] es209ra_init: startup_reason: 0x00000038
[ERROR] PVR0F2: 0
[ERROR] PVR0F2: 1
[INFORMATION] Max ACPU freq from efuse data is 998400 KHz
03/22/2011 00:58:56 [INFORMATION] ACPU running at 384000 KHz
03/22/2011 00:58:56 [INFORMATION] 5 scaling frequencies supported.
03/22/2011 00:58:56 [DEBUG] Bluetooth power switch initialized
03/22/2011 00:58:56 [DEBUG] msm_mddi_tmd_fwvga_display_device_init
03/22/2011 00:58:56 [WARNING] bio: create slab <bio-0> at 0
03/22/2011 00:58:56 [NOTICE] SCSI subsystem initialized
03/22/2011 00:58:56 [INFORMATION] usbcore: registered new interface driver usbfs
03/22/2011 00:58:56 [INFORMATION] usbcore: registered new interface driver hub
03/22/2011 00:58:56 [INFORMATION] usbcore: registered new device driver usb
03/22/2011 00:58:56 [INFORMATION] msm_i2c_probe
03/22/2011 00:58:56 [INFORMATION] msm_i2c_probe: clk_ctl 316, 384000 Hz
03/22/2011 00:58:56 [INFORMATION] msm_i2c_gpio_config: es209ra has only primary I2C.
03/22/2011 00:58:56 [INFORMATION] Bluetooth: Core ver 2.15
03/22/2011 00:58:56 [INFORMATION] NET: Registered protocol family 31
03/22/2011 00:58:56 [INFORMATION] Bluetooth: HCI device and connection manager initialized
03/22/2011 00:58:56 [INFORMATION] Bluetooth: HCI socket layer initialized
03/22/2011 00:58:56 [INFORMATION] cfg80211: Calling CRDA to update world regulatory domain
03/22/2011 00:58:56 [ERROR] cfg80211: calling CRDA failed - unable to update world regulatory domain, using static definition
03/22/2011 00:58:56 [INFORMATION] NET: Registered protocol family 2
03/22/2011 00:58:56 [INFORMATION] IP route cache hash table entries: 4096 (order: 2, 16384 bytes)
03/22/2011 00:58:56 [INFORMATION] TCP established hash table entries: 16384 (order: 5, 131072 bytes)
03/22/2011 00:58:56 [INFORMATION] TCP bind hash table entries: 16384 (order: 4, 65536 bytes)
03/22/2011 00:58:56 [INFORMATION] TCP: Hash tables configured (established 16384 bind 16384)
03/22/2011 00:58:56 [INFORMATION] TCP reno registered
03/22/2011 00:58:56 [INFORMATION] NET: Registered protocol family 1
03/22/2011 00:58:56 [INFORMATION] checking if image is initramfs...<7>Switched to high resolution mode on CPU 0
03/22/2011 00:58:56 [WARNING] it is

Very good!

VERY GOOD!
Thanks for testing. When does it reboot? On Which Rom are you testing? Which baseband?
Do you had radio working?

Regards
 

MrHassell

Senior Member
Dec 10, 2010
393
249
Melbourne
innertech.com.au
VERY GOOD!
Thanks for testing. When does it reboot? On Which Rom are you testing? Which baseband?
Do you had radio working?

Regards

Band 2.1.54 - Build 2.1.A.0.435 - Radio working.. everything working. I'm going to do it again and pump back the complete log after commands issued via adb shell

$ su
# chmod 06755 run.sh
# ./run.sh
failed
failed

adb exits - tiny screen text - rat with the golden mask - xda developers - orange led - quickly to red led - quickly to blue(white) led and hangs there for a while.. blacks out, reboots back to original eclair build - all working;

EDIT: THIS time... I'll run the sh script via terminal with su and no usb attached.. one sec - Result... same - need to use donut?
 

Attachments

  • eclair435.54bb.txt
    39.8 KB · Views: 37
Last edited:

Aeny

Senior Member
Dec 6, 2009
83
43
Belgium
Using usb adb:
C:\Users\Aeny\AppData\Local\Android\android-sdk\platform-tools>adb shell
# cd /data/local/tmp
cd /data/local/tmp
# ./run.sh
./run.sh
umount: can't umount /mnt/sdcard: Device or resource busy
umount: can't umount /cdrom: No such file or directory
umount: can't umount /data/DxDrm/fuse: Invalid argument
killall: DxDrmServerIpc: no process killed
-> tiny texy -> deformed tux -> XDA logo -> android_ logo -> freezes on android_ logo -> reboot (dies to soon to logcat)

Using Terminal emulator:
reboot when entering ./run.sh command

X10 | 2.3.3 | Baseband 2.0.52 | J's Cyanogenmod 7 RC2 v10a | latest kexec kit

I hope this is helpful :eek:
~Aeny

EDIT: when using Terminal Emulator and adb logcat I can see it do all kinda stuff (killing and starting in processes) but it hangs on
"cannot become context manager (Device or resource busy)" (logcat) and then the phone reboots.
 
Last edited:

Bin4ry

Inactive Recognized Developer
Nov 14, 2008
2,007
5,906
Berlin
Can you try to run it on chargemon script instead of xRec?
So that we can run it at the very beginning of boot process. Maybe this is a solution!
This should work in the chargemon script:
exec /data/local/tmp/run.sh

WARNING!
JUST TRY THIS IF YOU KNOW WHAT YOU ARE DOING !

Regards
 
Status
Not open for further replies.

Top Liked Posts

  • There are no posts matching your filters.
  • 161
    Bootloader is broken/bypassed!
    Big bad huge font to avoid confusion =)


    @Goroh_kun:

    Buddy, I know you're still reading this forums so... I just want you to know that you are absolutely BRILLIANT. You're a STAR.

    BIG thanks for all your contributions into this project! Nothing, and I mean NOTHING would happen without you.



    @devs:

    devicez.png
    device2o.png




    @SE: lads, it's your turn now - please unlock it already. I promise we won't brick our phones :)

    @all: DON'T ask for details. I will post here when I'm ready to do so. Today (I guess?) is the Arc release date and stuff, I don't want to mess around...


    Still busy working abroad,

    Cheers,
    z
    144
    Ok, here we go. It wasn't the April Fool thingy :)

    The bootloader has been bypassed using the kexec/miniloader method

    We are able to boot custom kernels now!


    I'll keep it short as I'm quite busy today... I haven't had much luck with disabling MPU nor resetting a MCPU - it failed no matter what I did. Same thing with porting shutdown procedures into miniloader. But when I found out that the custom kernel doesn't reboot on baseband 52, I switched to the .504 sources and restarted the work. Using the debugfs tips by Goroh, I realised some stuff I'd rather to keep in between the developers here... And then *poof* - the green USB led appeared and I knew I was getting there!

    Anyway... this is the first release of the fully working custom kernel (flashable via xRecovery). I haven't had much time to work on it so it's kind of proof-of-concept. Tested for 48h without any problem (not even a reboot).


    FreeKernel-alpha1:

    http://www.mediafire.com/?d8v914keiqsmc3n

    This is the alpha version of custom 2.6.29 kernel based on the SE sources. I do not plan to work on this release anymore - it is just for testing purpose. From today on I'll start to port SE stuff to the latest (GBread) kernel.


    Changes:

    - removed 32 fps cap
    - implemented netfilter (Droid wall, native USB/wifi tethering etc.)
    - undervolted to 0.950mV to save battery
    - don't remember what else I did, I bet something nasty :)
    - super ugly boot logo!


    Requirements:

    - baseband .52 + the relevant kernel
    - clean 2.1 ROM, compatibile with .52 baseband (e.g. .504)
    - working xRecovery


    Please note I am not responsible for any damage this software may cause to your device! Use it at your own risk!

    There is absolutely no support for this alpha release!


    Big thanks to (no particular order): Goroh_kun, Jerpelea, Bin4ry, Maxrfon, Biktor_gj and everybody else who contributed into X10 custom kernel development.


    At first the relevant kernel patches/sources will be delivered to the recognised X10 developers. Later on everything will be released as it's obviously Open Sourced.


    Please refrain from posting comments in this thread - it's for developers only. Spamming will only make our task harder to accomplish!


    Cheers,
    z
    88
    Great job!

    Hi, long time no see.
    It's goroh.

    > zdzihu.
    I'd like to say, Your strong effort and indefatigableness achieve this brilliant work!

    I have parted with my X10a, but I'm looking forward to see development goes on.
    :)
    35
    cm7 boots with custom kernel
    31
    Ok Thread Cleaned and j.Anderson banned