Jump to content

The San Diego hacking topic - root progress etc.

Guest PaulOBrien

By Guest PaulOBrien
in Orange San Diego Development

 Share

Recommended Posts

  • Replies 1.7k
  • Created
  • Last Reply

Popular Days

Popular Days

Popular Posts

Guest PaulOBrien
Guest PaulOBrien

OK folks, so here's a round up of my findings on hacking the San Diego so far (with a view to getting root and perhaps ICS). If you have anything to add, please post below! Updated By Ricky Wy

Guest Rem1x
Guest Rem1x

Oh, it'll run ICS impressively. But don't take getting VID/PID as getting close, that's just like reading the back of your orange juice and finding out the oranges were made in Florida :P

Guest glossywhite
Guest glossywhite

Is that ORANGE part supposed to rub our faces in it? haha! :D

Posted Images

Guest ben1066

Guest ben1066

Posted
Posted (edited)

We don't yet have kernel source do we?

Also in the fstab:


/sdcard1	   vfat	 /dev/block/mmcblk1p1	  /dev/block/mmcblk1		-1

Would you look at that :) I guess -1 disables it.

This has a really strange structure. As far as I can tell there is no "boot.img", only boot.bin which appears to be the zImage, the rest seems to be only changable from recovery unless there's something I'm missing. The fstab is updated via borqs.modify_partition("etc/recovery_new.fstab", 5);. Borqs appear to have created the firmware for this device, there are references to them in the repo manifest and when trying to login to there gerrit it identifies itself as "Borqs gerrit code review".

Edited by ben1066
Guest kabirsaini2011

Guest kabirsaini2011

Posted
Posted (edited)

We don't yet have kernel source do we?

Also in the fstab:


/sdcard1       vfat     /dev/block/mmcblk1p1      /dev/block/mmcblk1        -1

Would you look at that :) I guess -1 disables it.

We dont have sources ... but will be available soon

Edited by kabirsaini2011
Guest ben1066

Guest ben1066

Posted
Posted

Can someone just run mount on the device, no arguments.

Guest rickywyatt

Guest rickywyatt

Posted
Posted

iv tryed every file from the ics leak but still get [FAILURE] IFWI flash failure

Guest ben1066

Guest ben1066

Posted
Posted

Could you run mount on the device either through adb or a terminal emulator?

Guest

Guest

Posted
Posted

Could you run mount on the device either through adb or a terminal emulator?

post-796032-0-83315200-1343585797_thumb.

Guest ben1066

Guest ben1066

Posted
Posted

Feel free not to if this is too much, but could you run

dd if=/dev/block/mmcblk0p1 of=/sdcard/mmcblk0p1.img

replacing both instances of mmcblk0p1 with each of:

/dev/block/mmcblk0p1

/dev/block/mmcblk0p3

/dev/block/mmcblk0p4

/dev/block/mmcblk0p6

/dev/block/mmcblk0p7

and posting the 5 resulting files. I'm trying to work out how this device is laid out.

Guest ben1066

Guest ben1066

Posted
Posted (edited)

does anyone understand this http://www.scribd.co...SP-SOP-Tom-v1-0

Yep, and I even know the ip of their current git repo, I can't use it however due to a lack of credentials :) I also just emailed orange, intel and xolo about linux source for the device.

Edited by ben1066
Guest

Guest

Posted
Posted

Feel free not to if this is too much, but could you run

dd if=/dev/block/mmcblk0p1 of=/sdcard/mmcblk0p1.img

replacing both instances of mmcblk0p1 with each of:

/dev/block/mmcblk0p1

/dev/block/mmcblk0p3

/dev/block/mmcblk0p4

/dev/block/mmcblk0p6

/dev/block/mmcblk0p7

and posting the 5 resulting files. I'm trying to work out how this device is laid out.

I get permission denied?

Guest rickywyatt

Guest rickywyatt

Posted
Posted

hmmmm i got a bit further this time



07/29/12 19:29:52.911    INFO : Please select a flash file...

07/29/12 19:29:55.880    INFO : Flash file OK (C:/mflash/Leos-flash.xml)

07/29/12 19:30:24.062    0/0/8   #0: New device detected - SN : 324B076AA1D1B3E9

07/29/12 19:30:24.068    0/0/8   #0: IFW flash started - SN : 324B076AA1D1B3E9

07/29/12 19:30:29.867    0/0/8   #0: IFW flash failed - SN : 324B076AA1D1B3E9

07/29/12 19:30:29.868    0/0/8   #0: [FAILURE] IFWI flash failure

[/CODE]
Guest ben1066

Guest ben1066

Posted
Posted

Change your Leos-flash.xml to


<?xml version="1.0" ?><flashfile>    <id>K800_1_S_2_162_0054_120717</id> <comments>Racer-A windows download</comments> <platform>PVT1</platform> <code_group name="BOOTLOADER">   <file TYPE="KBOOT">    <name>kboot.bin</name>    <version>KBOOT_VERSION</version>    <offset></offset>    <fixed_size></fixed_size>    <checksum></checksum>   </file>  </code_group>	    <code_group name="KERNEL">   <file TYPE="KERNEL">    <name>boot.bin</name>    <cmdline></cmdline>    <version>KERNEL_VERSION</version>    <offset></offset>    <fixed_size></fixed_size>    <checksum></checksum>   </file>	    </code_group>	    <code_group name="SYSTEM">   <file TYPE="SYSTEM">    <name>system.tar.gz</name>    <version>SYSTEM_VERSION</version>    <offset></offset>    <fixed_size></fixed_size>    <checksum></checksum>   </file>  </code_group>	    <code_group name="MODEM">   <file TYPE="MODEM">    <name>SUNRISE_SMB_REV30_V2_1223.B_signed_MIPI_HSI_USIF_V2.21.fls</name>    <version>MODEM_VERSION</version>    <checksum></checksum>    <model>MODEM_MODEL</model>    <revision>MODEM_REVISION</revision>    <cmdline>MODEM_CMD_LINE</cmdline>   </file>	    </code_group> </code_groups>  <code_group name="USERDATAT"> <file TYPE="USERDATA">  <name>userdata.tar.gz</name>  <version>0</version>  <checksum></checksum>   <model></model>   <revision></revision>   <cmdline></cmdline>  </file>  </code_group></flashfile>

It shouldn't try to flash the phones firmware now, which shouldn't need flashing anyway. I'm fairly sure that it's android version agnostic.

Guest ben1066

Guest ben1066

Posted
Posted

I get permission denied?

Damn it, it needs root then :(

Guest

Guest

Posted
Posted (edited)

Damn it, it needs root then :(

Or I did something wrong, not to good at commands with fastboot or terminal emulators.

post-796032-0-18530000-1343587195_thumb.

Edited by Guest
Guest ben1066

Guest ben1066

Posted
Posted

Not quite what I meant, I meant replace the /dev/mmcblk0p1 in the first command, each time, not just the /dev/mmcblk0pX. But the first permission denied shows it needs root.

Guest

Guest

Posted
Posted (edited)

Not quite what I meant, I meant replace the /dev/mmcblk0p1 in the first command, each time, not just the /dev/mmcblk0pX. But the first permission denied shows it needs root.

Lol as I said, I not to good with these things, if you explain exactly, I can follow and learn at same time.

Oh I see, so I done it wrong but kind of done it right as it revealed the answer lol

Edited by Guest
Guest rickywyatt

Guest rickywyatt

Posted
Posted

Change your Leos-flash.xml to



<?xml version="1.0" ?><flashfile>    <id>K800_1_S_2_162_0054_120717</id> <comments>Racer-A windows download</comments> <platform>PVT1</platform> <code_group name="BOOTLOADER">   <file TYPE="KBOOT">    <name>kboot.bin</name>    <version>KBOOT_VERSION</version>    <offset></offset>    <fixed_size></fixed_size>    <checksum></checksum>   </file>  </code_group>        <code_group name="KERNEL">   <file TYPE="KERNEL">    <name>boot.bin</name>    <cmdline></cmdline>    <version>KERNEL_VERSION</version>    <offset></offset>    <fixed_size></fixed_size>    <checksum></checksum>   </file>        </code_group>        <code_group name="SYSTEM">   <file TYPE="SYSTEM">    <name>system.tar.gz</name>    <version>SYSTEM_VERSION</version>    <offset></offset>    <fixed_size></fixed_size>    <checksum></checksum>   </file>  </code_group>        <code_group name="MODEM">   <file TYPE="MODEM">    <name>SUNRISE_SMB_REV30_V2_1223.B_signed_MIPI_HSI_USIF_V2.21.fls</name>    <version>MODEM_VERSION</version>    <checksum></checksum>    <model>MODEM_MODEL</model>    <revision>MODEM_REVISION</revision>    <cmdline>MODEM_CMD_LINE</cmdline>   </file>        </code_group> </code_groups>  <code_group name="USERDATAT"> <file TYPE="USERDATA">  <name>userdata.tar.gz</name>  <version>0</version>  <checksum></checksum>   <model></model>   <revision></revision>   <cmdline></cmdline>  </file>  </code_group></flashfile>

[/CODE]



It shouldn't try to flash the phones firmware now, which shouldn't need flashing anyway. I'm fairly sure that it's android version agnostic.



it says its a bad file
Guest rickywyatt

Guest rickywyatt

Posted
Posted

yeah lol can you make it then upload it

Guest ben1066

Guest ben1066

Posted
Posted (edited) 


<?xml version="1.0" ?>

<flashfile>

<id>K800_1_S_2_162_0054_120717</id>

<comments>Racer-A windows download</comments>

<platform>PVT1</platform>

<code_groups>

  <code_group name="BOOTLOADER">

   <file TYPE="KBOOT">

	<name>kboot.bin</name>

	<version>KBOOT_VERSION</version>

	<offset></offset>

	<fixed_size></fixed_size>

	<checksum></checksum>

   </file>

  </code_group>

  <code_group name="KERNEL">

   <file TYPE="KERNEL">

	<name>boot.bin</name>

	<cmdline></cmdline>

	<version>KERNEL_VERSION</version>

	<offset></offset>

	<fixed_size></fixed_size>

	<checksum></checksum>

   </file>

  </code_group>

  <code_group name="SYSTEM">

   <file TYPE="SYSTEM">

	<name>system.tar.gz</name>

	<version>SYSTEM_VERSION</version>

	<offset></offset>

	<fixed_size></fixed_size>

	<checksum></checksum>

   </file>

  </code_group>

</code_groups>

<code_group name="USERDATAT">

  <file TYPE="USERDATA">

   <name>userdata.tar.gz</name>

   <version>0</version>

   <checksum></checksum>

   <model></model>

   <revision></revision>

   <cmdline></cmdline>

  </file>

</code_group>

</flashfile>

I had accidently chopped off a tag.

EDIT:

Just removed modem, again, shouldn't need re-flashing. This should now be just a rom+bootloader flash.

Edited by ben1066
Guest Frankish

Guest Frankish

Posted
Posted (edited)

Think Paul won't be checking in too much while he is in Italy.

Edited by Frankish
Guest

Guest

Posted
Posted (edited)

Hopefully he will return to modaco to a pleasant surprise, it looks like rickywyatt & ben1066 are really on to something here.

Edited by Guest
Guest ben1066

Guest ben1066

Posted
Posted (edited)

Just waiting for rickywyatt to report back. I really don't see why this shouldn't work to be honest :) Some of the buttons may not work and the like, but it should at least boot. People have done more ridiculous ports, these two are pretty much the same phone. The only falling point may be at the kernel, but if that happens we just need to flash the kernel from our leak.

Edited by ben1066
Guest kabirsaini2011

Guest kabirsaini2011

Posted
Posted

Now this is something real hacking ... i will be back to business tomorrow as i will b using pc

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
 Share
Go to topic listing
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.

  I accept