The San Diego hacking topic - root progress etc.

[Guest]

@rickywyatt, it is installed.

[Guest rickywyatt]

@ jikobutsu check pm

[Guest ben1066]

Looking at the updater-script fairly sure the IFWI is the whole IFWI.zip

intel.write_IFWI_BIN("Firmware/IFWI.zip", 3);

intel.wipe_partition("/logs");

As far as I can see the IFWI seems to be the bootloader or something, if we can flash the engineering IFWI we may be able to get around the brick on flash issue. That said the radio has some references to security, so the wall could be there, and we don't have the engineering radio:

---------------------------DESCRIPTION OF DEFINES-----------------------------

------------------NOT WHAT THE CODE IS ACTUALLY COMPILED WITH-----------------


DEFAULT_UNLOCKED                  # Initial state of sec layer is unlocked

FULL_DOWNLOAD_HASH_CHECK          # Perform full hash check after download

EEP_DOWNLOAD_HASH_CHECK           # Also check hash of static eep

SECURITY_EPOCH_CHECK_ON           # Must test security epoch

SEC_ENABLED                       # Enable the security layer

ALLOW_SKIP_VERSION_CHECK          # Allow skip of version check

UPDATE_WITH_SAME_VERSION_ALLOWED  # Allow reprogramming of same version

EBL_SEC_VERSION=1           # Define version (epoch) of the security layer

IFX_KEYS                          # Use Infineon keys

CUST_KEYS                         # Use Customer keys


#platform related defines


XGOLD618                           # Platform

UTA_PLATFORM_XMM6180               # UTA platform

SERIAL_USIF1                       # Only compile with USIF support

BOOTCORE                           #

EBL_RAM                            # Target is EBL

CRYPTO_SGOLD_SW                    # Use software crypto 

CRYPTO_SGOLD_HW                    # Use hardware crypto 

C_DEFINES += CHIP_REV_ES2          # Used to switch between ES1 and ES2 hw



EBL_MAJOR_VER=10         # Ebl major version

EBL_MINOR_VER=0             # Ebl minor version     


-------------------------------------------------------------------------------

-------------------------------------------------------------------------------





-D __HWREG_INLINE__="static __inline" --cpu ARM1176JZ-S --apcs /interwork -c -g --bss_threshold=0 --enum_is_int -O0 --unix_depend_format

-D PSI_ENHANCED_RPSI_PROTOCOL

-D SECURITY_LEVEL_CERTIFICATE

-D SEC_ENABLED

-D EXTRAM_SELFTEST

-D Nymonyx_LPDDR_SDRAM_256

-D RAM_EBU_CLK_195M_ASYNC

-D ROM_Nymonyx_Flash_ADMUX_512

-D ROM_Nymonyx_Flash_AADMUX_512

-D ROM_Spansion_Flash_AADMUX_S29XS256R

-D ROM_Samsung_Flash_ADMUX_512

-D XGOLD626

-D PROJECTNAME=OCEAN

-D BOARD_OCEAN

-D UTA_PLATFORM_XMM6260

-D BOARD_OCEAN_MODEM

-D BOOT_INTERFACE_NOR

-D BOOTCORE

-D ALLOW_SKIP_VERSION_CHECK

-D UPDATE_WITH_SAME_VERSION_ALLOWED

-D EBL_SEC_VERSION=1

-D SEC_PACK_VALIDATION

-D EBL_RAM

-D IFX_KEYS

-D EBL_DEBUG

-D EPOCH=1

-D EBL_MAJOR_VER=20

-D EBL_MINOR_VER=21

-D PROJECT_VERSION_NAME=SUNRISE

-D EBL_RAM

-D INCLUDE_EBU_SETUP_DATA

-D INCLUDE_CFI_SETUP_DATA

-D SEC_ENABLED

-D PCL_EBU_MUX_PRESENT

-D SEC_PACK_VALIDATION

-D SERIAL_MIPI_HSI

-D SERIAL_USIF1

-D SERIAL_USIF2

-D SERIAL_USIF3

-D FEAT_POW_EBU_MAX_FREQ_195

-D NVM_BOOT_READER

-D NVM_ON_NOR

-D _512MBIT_FLASH

-D NVM_XMM6260

Edited July 29, 2012 by ben1066

[Guest i am not a hacker]

You know the X900 update what does it do? Do it debrand the phone from orange. How do i do it and will i still be able to make call and texts on orange?

You will be able to do all of the tasks such as texting and browsing, but this ROM is stock android from the Lava Xolo X900. So you can call and text on orange.

[Guest]

@rickywyatt, 80% downloaded lol, nearly there.

[Guest rickywyatt]

ok thanks

[Guest ben1066]

It's damn slow to download from 115.com in the UK. 150KB/s.

Edited July 29, 2012 by ben1066

[Guest]

It's damn slow to download from 115.com in the UK. 150KB/s.

yep, I been downloading for at least an hour now, your lucky, I am not getting above 100KB/s, on average I getting 30KB/s :lol:

[Guest rickywyatt]

i was getting 10kbs lol

[Guest]

In fact I thin your stealing my bandwidth, I am down to around 20KB/s average :lol:

Normally I would just give up at that speed, but 92% complete, just got to keep going.

It seems paul is away, that is what I gather from twitter.

Edited July 29, 2012 by Guest

[Guest rickywyatt]

I looked up all of the specs and it looks the same as are's apart from the bigger screen I was thinking as we have now got the xolo 2.3.7 we could try to flash just the boot.bin from the ics and see if it boots if it don't we can flash the xolo 2.3.7 boot.bin

[Guest rickywyatt]

Looking at the updater-script fairly sure the IFWI is the whole IFWI.zip

intel.write_IFWI_BIN("Firmware/IFWI.zip", 3);

intel.wipe_partition("/logs");

[/CODE]




As far as I can see the IFWI seems to be the bootloader or something, if we can flash the engineering IFWI we may be able to get around the brick on flash issue. That said the radio has some references to security, so the wall could be there, and we don't have the engineering radio:

[CODE]


---------------------------DESCRIPTION OF DEFINES-----------------------------

------------------NOT WHAT THE CODE IS ACTUALLY COMPILED WITH-----------------


DEFAULT_UNLOCKED                  # Initial state of sec layer is unlocked

FULL_DOWNLOAD_HASH_CHECK          # Perform full hash check after download

EEP_DOWNLOAD_HASH_CHECK           # Also check hash of static eep

SECURITY_EPOCH_CHECK_ON           # Must test security epoch

SEC_ENABLED                       # Enable the security layer

ALLOW_SKIP_VERSION_CHECK          # Allow skip of version check

UPDATE_WITH_SAME_VERSION_ALLOWED  # Allow reprogramming of same version

EBL_SEC_VERSION=1           # Define version (epoch) of the security layer

IFX_KEYS                          # Use Infineon keys

CUST_KEYS                         # Use Customer keys


#platform related defines


XGOLD618                           # Platform

UTA_PLATFORM_XMM6180               # UTA platform

SERIAL_USIF1                       # Only compile with USIF support

BOOTCORE                           #

EBL_RAM                            # Target is EBL

CRYPTO_SGOLD_SW                    # Use software crypto 

CRYPTO_SGOLD_HW                    # Use hardware crypto 

C_DEFINES += CHIP_REV_ES2          # Used to switch between ES1 and ES2 hw



EBL_MAJOR_VER=10         # Ebl major version

EBL_MINOR_VER=0             # Ebl minor version     


-------------------------------------------------------------------------------

-------------------------------------------------------------------------------





-D __HWREG_INLINE__="static __inline" --cpu ARM1176JZ-S --apcs /interwork -c -g --bss_threshold=0 --enum_is_int -O0 --unix_depend_format

-D PSI_ENHANCED_RPSI_PROTOCOL

-D SECURITY_LEVEL_CERTIFICATE

-D SEC_ENABLED

-D EXTRAM_SELFTEST

-D Nymonyx_LPDDR_SDRAM_256

-D RAM_EBU_CLK_195M_ASYNC

-D ROM_Nymonyx_Flash_ADMUX_512

-D ROM_Nymonyx_Flash_AADMUX_512

-D ROM_Spansion_Flash_AADMUX_S29XS256R

-D ROM_Samsung_Flash_ADMUX_512

-D XGOLD626

-D PROJECTNAME=OCEAN

-D BOARD_OCEAN

-D UTA_PLATFORM_XMM6260

-D BOARD_OCEAN_MODEM

-D BOOT_INTERFACE_NOR

-D BOOTCORE

-D ALLOW_SKIP_VERSION_CHECK

-D UPDATE_WITH_SAME_VERSION_ALLOWED

-D EBL_SEC_VERSION=1

-D SEC_PACK_VALIDATION

-D EBL_RAM

-D IFX_KEYS

-D EBL_DEBUG

-D EPOCH=1

-D EBL_MAJOR_VER=20

-D EBL_MINOR_VER=21

-D PROJECT_VERSION_NAME=SUNRISE

-D EBL_RAM

-D INCLUDE_EBU_SETUP_DATA

-D INCLUDE_CFI_SETUP_DATA

-D SEC_ENABLED

-D PCL_EBU_MUX_PRESENT

-D SEC_PACK_VALIDATION

-D SERIAL_MIPI_HSI

-D SERIAL_USIF1

-D SERIAL_USIF2

-D SERIAL_USIF3

-D FEAT_POW_EBU_MAX_FREQ_195

-D NVM_BOOT_READER

-D NVM_ON_NOR

-D _512MBIT_FLASH

-D NVM_XMM6260

what paul was satiny that kboot.bin is the bootloader

[Guest]

I suspected it would be the same, intel have used the same working model, why change what works right.

[Guest ben1066]

Hm, fair enough then, back to wondering what the hell IFWI is, Intel Firmware W(something) Image? The radio certainly seems to handle some of the security functions though.

[Guest rickywyatt]

what I worry about is the k800 has a bigger screen so if I flash the boot.bin what will it do to are screen lol

[Guest rickywyatt]

one more thing I think that the flasher will be able to flash a bricked phone say if I flashed an unsigned recovery.bin

[Guest ben1066]

Hmm, comparing the files from the K800 and the OSD, they are very similar. For example SUNRISE_SMB_REV30_V2_1223.B_signed_MIPI_HSI_USIF_V2.21.fls from the Lenovo and radio.bin appear to be equivalent, and also with the same defines, indicating that at least they should be compatible.

ifwi_firmware_PR33_DV15_DV2.bin appears to be very close to the Lenovo IFWI for the D1 device (indicated by strings). The other two are for the C0 device, I am not sure which the OSD is. The same seems to apply to the DNX files.

The build.prop files also go further to indicate that they are underneath damn near identical. They both have ro.build.product=mfld_pr2. ro.build.description=mfld_pr2-eng 4.0.4 AZ210A_ICS_01.01I eng.svnadmin.20120425.072556 test-keys as in the OSD and ro.build.description=mfld_pr2-user 4.0.4 IMM76D K800_1_S_2_162_0054_120717 release-keys as in the Lenovo are also very similar. Interestingly the Lenovo leak is actually a regular ROM and not an engineering build.

Edited July 29, 2012 by ben1066

[Guest]

what I worry about is the k800 has a bigger screen so if I flash the boot.bin what will it do to are screen lol

Screen size does not matter if resolution is same, what is resolution of k800?

edit: 720x1280 so yeah different

Edited July 29, 2012 by Guest

[Guest rickywyatt]

720 x 1280 pixels,

[Guest rickywyatt]

one more thing by the looks of it that have there sdcard enabled to

[Guest]

Ok ricky, uploading.......

Ah s***, I have free account, the file is too big, anyone know where I can upload large file free?

Edited July 29, 2012 by Guest

[Guest rickywyatt]

ok thanks sorry it took so long lol

[Guest ben1066]

Hmm, comparing the files from the K800 and the OSD, they are very similar. For example SUNRISE_SMB_REV30_V2_1223.B_signed_MIPI_HSI_USIF_V2.21.fls from the Lenovo and radio.bin appear to be equivalent, and also with the same defines, indicating that at least they should be compatible.

ifwi_firmware_PR33_DV15_DV2.bin appears to be very close to the Lenovo IFWI for the D1 device (indicated by strings). The other two are for the C0 device, I am not sure which the OSD is. The same seems to apply to the DNX files.

The build.prop files also go further to indicate that they are underneath damn near identical. They both have ro.build.product=mfld_pr2. ro.build.description=mfld_pr2-eng 4.0.4 AZ210A_ICS_01.01I eng.svnadmin.20120425.072556 test-keys as in the OSD and ro.build.description=mfld_pr2-user 4.0.4 IMM76D K800_1_S_2_162_0054_120717 release-keys as in the Lenovo are also very similar. Interestingly the Lenovo leak is actually a regular ROM and not an engineering build.

Reposting because I edited my previous post :)

[Guest rickywyatt]

Ok ricky, uploading.......

Ah s***, I have free account, the file is too big, anyone know where I can upload large file free?

split the file in to with winrar

[Guest]

It ok, rapidshare is taking it.