Guest PaulOBrien Posted August 10, 2012 Report Share Posted August 10, 2012 Just reading through the (!) 60 pages of topic (i'm up to 35), once i'm caught up i'll interject anywhere I can help and maybe suggest some new things to look at. rickywyatt has both the very latest ICS leak and the very oldest engineering leak I sourced (the one with the (possibly) Engineering kboot) so hopefully that's helpful. P Link to comment Share on other sites More sharing options...
Guest PaulOBrien Posted August 10, 2012 Report Share Posted August 10, 2012 Alright! Up to date on this thread! A few thoughts / replies... 07/29/12 22:02:32.153 INFO : Please select a flash file... 07/29/12 22:03:13.701 INFO : Flash file OK (C:/mflash/Leos-flash.xml) 07/29/12 22:03:14.398 0/0/8 #0: New device detected - SN : 324B076AA1D1B3E9 07/29/12 22:03:14.404 0/0/8 #0: IFW flash started - SN : 324B076AA1D1B3E9 07/29/12 22:03:21.108 0/0/8 #0: IFW flash success - SN : 324B076AA1D1B3E9 07/29/12 22:04:04.934 0/0/8 #0: Flashing OS 07/29/12 22:04:04.935 0/0/8 #0: fastboot -s 324B076AA1D1B3E9 oem system /sbin/PartitionDisk.sh /dev/mmcblk0 07/29/12 22:04:15.139 0/0/8 #0: [FAILURE] OS flash failure 07/29/12 22:04:15.140 INFO : Flash failure 0/1 (success/total) (Enumeration failure(s): 0) [/CODE] Nobody seems to have talked about this very much, but this looks to me like a way to run scripts from fastboot. I suspect (but can't check without a OSD) that PartitionDisk.sh is either in /sbin in the recovery image or (less likely) the main boot image. Can we do 'fastboot oem system ls /' and see what the response is? There could be a possibility to do a system mount / copy su binary and chmod this way provided the installed system partition isn't signature checked? DEFINITELY worth investigating. i got this some thing strange sdcard1 is -1 [CODE] #mount point fstype device device2 size hint flags and options... /reserved hidden /dev/block/mmcblk0_none none 100 /factory ext4 /dev/block/mmcblk0p1 none 256 /system ext4 /dev/block/mmcblk0p2 none 767 rw noatime /reserved raw /dev/block/mmcblk0p3 none 1 /config ext4 /dev/block/mmcblk0p5 none 16 ro /panic raw /dev/block/mmcblk0p6 none 2 /sdcard vfat /dev/block/mmcblk0p7 none 0 /data ext4 /dev/block/mmcblk0p8 none 2048 nosuid nodev fsck data=ordered,nodelalloc /cache ext4 /dev/block/mmcblk0p9 none 1024 nosuid nodev fsck data=ordered,nodelalloc /sdcard1 vfat /dev/block/mmcblk1p1 /dev/block/mmcblk1 -1 There's not really anything mysterious around /sdcard1... it's just not mounting it. As soon as we have root we can mount the external SD. Righto, hello guys. I've been speaking to someone who actually develops the firmware for the device, and he can't tell me any more but he has told me that: 1) The IFWI is the modem firmware for the device 2) The K800 and OSD use the same Intel CPU but a different modem so their IFWI is not compatible 3) Their user builds are labelled similarly to the leak we have, however instead of eng.release it's something like supk_user.release.mfld_pr2.BKB4OUK.devr3.i284 4) They do not use the tool to flash engineering firmware Shame we can't get more out of this source... does he have access to any ICS supk_user.release.mfld_pr2 builds? Are there any user builds with the su binary onboard? If we can get access to a super-early user release maybe we can use an old exploit. If you ask me the xolo 2.3.7 rom don't even give you access to data/local/tmp with the orange rom I had access to /data/local/tmp and /data/fota I've seen this on a number of new ROMs from manufacturers, it's like a recommendation for tightening up tmp has come from Google / AOSP. Ics was ready on 1st may ....they are spending months in patching I have access to ~5 build servers for the device and new test / engineering ROMs drop several times a week! P Link to comment Share on other sites More sharing options...
Guest Konstipated Kiwi Posted August 10, 2012 Report Share Posted August 10, 2012 Just a heads up, Orange has reduced the San Diego to £179.99 + £10 top up... Also, you can get £45 cashback via Quidco on Orange PAYG phones over £140 (although the offer expires in two days). Link to comment Share on other sites More sharing options...
Guest rickywyatt Posted August 10, 2012 Report Share Posted August 10, 2012 I can flash the Engineering ifwi and Engineering dnx but still lost when it came to the Engineering bootloader I found out there are 2 different Intel phones pr2 and pr3 Intel must have are flasher as it seems the Chinese have a different fastboot to ares I can also flash the Chinese ifwi and dnx witch I think is security software Link to comment Share on other sites More sharing options...
Guest rickywyatt Posted August 10, 2012 Report Share Posted August 10, 2012 Fastboot oem system ls / FAILED remote : unknown reason also if i add this fastboot -s 324B076AA1D1B3E9 oem system ls / waiting for device Link to comment Share on other sites More sharing options...
Guest rickywyatt Posted August 10, 2012 Report Share Posted August 10, 2012 in the chinese flasher there is new fastboot so you dont have to enter fastboot -i 0x8087 every time Link to comment Share on other sites More sharing options...
Guest PaulOBrien Posted August 10, 2012 Report Share Posted August 10, 2012 Fastboot oem system ls / FAILED remote : unknown reason also if i add this fastboot -s 324B076AA1D1B3E9 oem system ls / waiting for device In 'Leos-flash.xml' there's no fastboot commands right? In 'fastboot devices' does the serial number match? P Link to comment Share on other sites More sharing options...
Guest rickywyatt Posted August 10, 2012 Report Share Posted August 10, 2012 In 'Leos-flash.xml' there's no fastboot commands right? In 'fastboot devices' does the serial number match? P 'Leos-flash.xml dont say anything about fastboot C:\adb\flasher>fastboot devices C:\adb\ Link to comment Share on other sites More sharing options...
Guest kabirsaini2011 Posted August 10, 2012 Report Share Posted August 10, 2012 Paul u seen the bootloader patch ??? Link to comment Share on other sites More sharing options...
Guest PaulOBrien Posted August 10, 2012 Report Share Posted August 10, 2012 That's not even seeing your device then! :/ P Link to comment Share on other sites More sharing options...
Guest kabirsaini2011 Posted August 10, 2012 Report Share Posted August 10, 2012 That's not even seeing your device then! :/ P Lol i mean this https://patchwork.kernel.org/patch/1133431/ Link to comment Share on other sites More sharing options...
Guest rickywyatt Posted August 10, 2012 Report Share Posted August 10, 2012 one min C:\adb>fastboot devices 0123456789ABCDEF fastboot Link to comment Share on other sites More sharing options...
Guest rickywyatt Posted August 10, 2012 Report Share Posted August 10, 2012 C:\adb>fastboot -s 0123456789ABCDEF oem system ls / ... FAILED (remote: unknown reason) finished. total time: -0.000s Link to comment Share on other sites More sharing options...
Guest PaulOBrien Posted August 10, 2012 Report Share Posted August 10, 2012 C:\adb>fastboot -s 0123456789ABCDEF oem system ls / ... FAILED (remote: unknown reason) finished. total time: -0.000s Hah, nice serial number. :P OK, so the 'oem system' command either doesn't work, or doesn't work unless the device is in a 'special fastboot mode'... Does fastboot see the device when in 'medfield driver' mode? P Link to comment Share on other sites More sharing options...
Guest rickywyatt Posted August 10, 2012 Report Share Posted August 10, 2012 with medfield i get C:\adb>fastboot -s 0123456789ABCDEF oem system < waiting for device > Link to comment Share on other sites More sharing options...
Guest PaulOBrien Posted August 10, 2012 Report Share Posted August 10, 2012 And in 'fastboot devices'? P Link to comment Share on other sites More sharing options...
Guest rickywyatt Posted August 10, 2012 Report Share Posted August 10, 2012 dose this mean anything to you paul found it in /d/osip/decode and in the setup.sh you gave me EADER: sig = 0x24534f24 header_size = 0x68 header_rev_minor = 0x0 header_rev_major = 0x1 header_checksum = 0x74 num_pointers = 0x3 num_images = 0x1 image0 os_rev = 0x0 os_rev = 0x0 logical_start_block = 0x9c41 ddr_load_address = 0x1100000 entry_point = 0x1101000 size_of_os_image = 0x3163 attribute = 0x00 reserved = 000000 image1 os_rev = 0x0 os_rev = 0x0 logical_start_block = 0x1000 ddr_load_address = 0x1100000 entry_point = 0x1101000 size_of_os_image = 0x5001 attribute = 0x10 reserved = 000000 image2 os_rev = 0x0 os_rev = 0x2 logical_start_block = 0x1 ddr_load_address = 0x0 entry_point = 0x0 size_of_os_image = 0xda attribute = 0x04 reserved = 000000 [/CODE] Link to comment Share on other sites More sharing options...
Guest rickywyatt Posted August 10, 2012 Report Share Posted August 10, 2012 this is what the Leos-flash.xml looks like <?xml version="1.0" ?><flashfile> <id>K800_1_S_2_162_0054_120717</id> <comments>Racer-A windows download</comments> <platform>PVT1</platform> <code_groups> <code_group name="FIRMWARE"> <file TYPE="IFWI"> <name>IFWI_WW16_LE_PVT_ICS.bin</name> <version>IFWI_VERSION</version> <checksum></checksum> </file> <file TYPE="FW_DNX"> <name>CLAK3signed_D1_FwDnX_FD.03.bin</name> <version>FW_DNX_VERSION</version> <checksum></checksum> </file> <file TYPE="OS_DNX"> <name>CLAK3signed_PNWD1OSDnX_OD.02.bin</name> <version>OS_DNX_VERSION</version> <checksum></checksum> </file> </code_group> <code_group name="BOOTLOADER"> <file TYPE="KBOOT"> <name>kboot.bin</name> <version>KBOOT_VERSION</version> <offset></offset> <fixed_size></fixed_size> <checksum></checksum> </file> </code_group> <code_group name="KERNEL"> <file TYPE="KERNEL"> <name>boot.bin</name> <cmdline></cmdline> <version>KERNEL_VERSION</version> <offset></offset> <fixed_size></fixed_size> <checksum></checksum> </file> </code_group> <code_group name="SYSTEM"> <file TYPE="SYSTEM"> <name>system.tar.gz</name> <version>SYSTEM_VERSION</version> <offset></offset> <fixed_size></fixed_size> <checksum></checksum> </file> </code_group> <code_group name="MODEM"> <file TYPE="MODEM"> <name>SUNRISE_SMB_REV30_V2_1223.B_signed_MIPI_HSI_USIF_V2.21.fls</name> <version>MODEM_VERSION</version> <checksum></checksum> <model>MODEM_MODEL</model> <revision>MODEM_REVISION</revision> <cmdline>MODEM_CMD_LINE</cmdline> </file> </code_group> </code_groups> <code_group name="USERDATAT"> <file TYPE="USERDATA"> <name>userdata.tar.gz</name> <version>0</version> <checksum></checksum> <model></model> <revision></revision> <cmdline></cmdline> </file> </code_group></flashfile> [/CODE] Link to comment Share on other sites More sharing options...
Guest PaulOBrien Posted August 10, 2012 Report Share Posted August 10, 2012 Nothing useful there really. Can you check 'fastboot devices' when in medfield mode? The flasher is clearly doing stuff by fastboot, so it must be accessible somehow and looks promising. If you look at that shell script, kboot is being updated by 'update_osip --update 1 --image', the boot image by 'update_osip --update 0 --image'. I assume this runs on device and doesn't run without root though. P Link to comment Share on other sites More sharing options...
Guest rickywyatt Posted August 10, 2012 Report Share Posted August 10, 2012 I booted into medfield mode C://adb/ fastboot devices C://adb Link to comment Share on other sites More sharing options...
Guest ben1066 Posted August 10, 2012 Report Share Posted August 10, 2012 (edited) Sorry, regarding the previous source. They are working for a company called "borqs" that appear to develop the ROM for this device. I'm fairly sure he has said builds though he would like to keep his job. Edited August 10, 2012 by ben1066 Link to comment Share on other sites More sharing options...
Guest brit07 Posted August 11, 2012 Report Share Posted August 11, 2012 Looks like things have Direct off Link to comment Share on other sites More sharing options...
Guest domenico lamberti Posted August 11, 2012 Report Share Posted August 11, 2012 i have no idea what is going on in this thread anymore (way too complicated for my simple mind to understand) but i keep hitting F5 every few minutes, i dont even own an SD lol, thats how interested i am Link to comment Share on other sites More sharing options...
Guest punjabi Posted August 11, 2012 Report Share Posted August 11, 2012 i have no idea what is going on in this thread anymore (way too complicated for my simple mind to understand) but i keep hitting F5 every few minutes, i dont even own an SD lol, thats how interested i am You're not alone! Haha. Link to comment Share on other sites More sharing options...
Guest zodh Posted August 11, 2012 Report Share Posted August 11, 2012 (edited) did you try this: http://linux-attitud...st/root-android me yes but no result. permission denied each manipulation has Edited August 11, 2012 by zodh Link to comment Share on other sites More sharing options...
Recommended Posts
Please sign in to comment
You will be able to leave a comment after signing in
Sign In Now