Guest badger1729 Posted August 14, 2015 Report Share Posted August 14, 2015 (edited) Yep - Half of the connectors hinge up and then you can pull the cable out. The shielding cans just pull off too - they're attached via clips. The QSPI flash is on the side of the board nearest the screen. You don't have to solder directly to that device because the pins are brought out to test points which are pretty easy to solder to. You'll need some decent thin (kynar) mod wire though. You'll also need to get a ground connection from somewhere. I used one of the test points from the group on the same side. Photo attached. I tried a soic-8 spring clip but there's not enough space. As someone noted previously, ther hudl kernel sources do not contain a .config file. They're also missing some drivers - there are some broken symlinks in the drivers folder. Googling "external_drivers" - where the broken symlinks are - brings up some that look promising on line but I struggled with those for a bit and failed to get a working kernel built with them. In terms of what you need to do to program it, I used a beaglebone with an Adafruit 3.3 to 1.8v level shifter. Any 1.8v SPI programmer should be OK though. This is covered well in the teclast blog links I referenced before. Driver support in the OSs I've booted (ubuntu and fedlet) is not very good. Wifi and touchscreen don't work as well as some other bits (I forget exactly what else). I managed to build and boot a 4.1 mainline linux kernel and a minimal initram fs though. I can't boot from a micro sd card but can boot from a USB device (including a micro sd card in a USB adapter). I haven't tried installing to the eMMC. Re /dev/mem - I think there may be a couple of issues there. Firstly, I believe the kernel needs to be built with /dev/mem support. Also I think the baytrail can disable write access to the SPI rom. Edited August 14, 2015 by badger1729 Link to comment Share on other sites More sharing options...
Guest dennissingh99 Posted August 14, 2015 Report Share Posted August 14, 2015 (edited) Yep - Half of the connectors hinge up and then you can pull the cable out. The shielding cans just pull off too - they're attached via clips. The QSPI flash is on the side of the board nearest the screen. You don't have to solder directly to that device because the pins are brought out to test points which are pretty easy to solder to. You'll need some decent thin (kynar) mod wire though. You'll also need to get a ground connection from somewhere. I used one of the test points from the group on the same side. Photo attached. I tried a soic-8 spring clip but there's not enough space. As someone noted previously, ther hudl kernel sources do not contain a .config file. They're also missing some drivers - there are some broken symlinks in the drivers folder. Googling "external_drivers" - where the broken symlinks are - brings up some that look promising on line but I struggled with those for a bit and failed to get a working kernel built with them. In terms of what you need to do to program it, I used a beaglebone with an Adafruit 3.3 to 1.8v level shifter. Any 1.8v SPI programmer should be OK though. This is covered well in the teclast blog links I referenced before. Driver support in the OSs I've booted (ubuntu and fedlet) is not very good. Wifi and touchscreen don't work as well as some other bits (I forget exactly what else). I managed to build and boot a 4.1 mainline linux kernel and a minimal initram fs though. I can't boot from a micro sd card but can boot from a USB device (including a micro sd card in a USB adapter). I haven't tried installing to the eMMC. Re /dev/mem - I think there may be a couple of issues there. Firstly, I believe the kernel needs to be built with /dev/mem support. Also I think the baytrail can disable write access to the SPI rom. could I just use a test clip rather than soldering onto the board and also could you give me some tips on how to use that logic level shifter thing. Also could I just use a raspberry pi rather than the beaglebone Edited August 14, 2015 by dennissingh99 Link to comment Share on other sites More sharing options...
Guest badger1729 Posted August 14, 2015 Report Share Posted August 14, 2015 I think this is the one I used: https://www.adafruit.com/products/757 Connect the LV to the VSPI test point and HV to 3.3V (or whatever the voltage of the SPI programmer is). Connect the pins from the programmer to the HV size and connect the LV side to the hudl board. A Pi should work fine - it has a SPI interface and there's bound to be loads of info on how to use it online. As I said in the last post, I tried a test clip but there wasn't enough room around the IC. The small resistors near the pads meant it didn't stay on. Link to comment Share on other sites More sharing options...
Guest dennissingh99 Posted August 14, 2015 Report Share Posted August 14, 2015 (edited) I think this is the one I used: https://www.adafruit.com/products/757 Connect the LV to the VSPI test point and HV to 3.3V (or whatever the voltage of the SPI programmer is). Connect the pins from the programmer to the HV size and connect the LV side to the hudl board. A Pi should work fine - it has a SPI interface and there's bound to be loads of info on how to use it online. As I said in the last post, I tried a test clip but there wasn't enough room around the IC. The small resistors near the pads meant it didn't stay on.im a little scared to solder cuz I got no experience. Also have u tried to run android l on the Hudl 2 Edited August 14, 2015 by dennissingh99 Link to comment Share on other sites More sharing options...
Guest badger1729 Posted August 14, 2015 Report Share Posted August 14, 2015 No the only Android I've run is the stock image, everything else has been Linux. If you've never soldered before, I'd at least watch some tutorials, read up and practice for a while before trying it on your hudl! Link to comment Share on other sites More sharing options...
Guest TheSeth Posted August 14, 2015 Report Share Posted August 14, 2015 Hi badger1729, I just wanted to say thanks for the work you're doing on this device. Some hardware hacking never hurt anyone :-)How do you find the hudl2 as a Linux device? Any chance you've got a list of the unsupported devices? I'm thinking of getting one in order to run a real distro on, it'd make a decent netbook size device with one of those Bluetooth keyboard cases.As for the SPI level converter, that one you linked looks like it's entirely passive, how reliable was the ROM dump?Thanks again Link to comment Share on other sites More sharing options...
Guest mole62 Posted August 16, 2015 Report Share Posted August 16, 2015 Thanks Badger1729 for the info... will order a Pi and a logic level converter and see how it goes. As the driver support isn't there with a Linux system I'll probably try custom kernels under Android, though it may be possible to run a modified Hudl2 kernel in a GNU userland system if the progress this article predicted has been made now http://www.zdnet.com/article/android-and-linux-re-merge-into-one-operating-system/ ...but if I can run fully customised Android I'm not sure what advantage it would give.Reading up on the android kernel, there's no .config file - the configs are described as being in the .android directory instead, and the Hudl2 kernel download seems to have the config in two files in the android/configs directory: android-base.cfg and android-recommended.cfg, where CONFIG_MODULES is not set as expected.Anyway, will go away for a week or two and see if I have a working modified Hudl2 or a brick.... :-) Link to comment Share on other sites More sharing options...
Guest badger1729 Posted August 16, 2015 Report Share Posted August 16, 2015 Hi badger1729, I just wanted to say thanks for the work you're doing on this device. Some hardware hacking never hurt anyone :-)How do you find the hudl2 as a Linux device? Any chance you've got a list of the unsupported devices? I'm thinking of getting one in order to run a real distro on, it'd make a decent netbook size device with one of those Bluetooth keyboard cases.As for the SPI level converter, that one you linked looks like it's entirely passive, how reliable was the ROM dump?Thanks againNone of the available distros (ubuntu, fedlet) make it usable as an actual tablet. Some work is definately needed to build a kernel with better support for the hardware. I didn't make a list of what worked and what did not but I can remember: The Wifi, battery level, bluetooth, touchscreen and camera didn't work. There was a problem with a MTD driver too. The screen worked (but backlight was on 100%). USB OTG works so I connected an external wifi dongle, wireless keyboard etc. through a hub on OTG. That level shifter is active - the three pin components are FETs. Before committing to flashing the image back I read the flash a few times (~10) and it retrieved the same image each time so signal integrity seems to be good enough. Thanks Badger1729 for the info... will order a Pi and a logic level converter and see how it goes. As the driver support isn't there with a Linux system I'll probably try custom kernels under Android, though it may be possible to run a modified Hudl2 kernel in a GNU userland system if the progress this article predicted has been made now http://www.zdnet.com/article/android-and-linux-re-merge-into-one-operating-system/ ...but if I can run fully customised Android I'm not sure what advantage it would give.Reading up on the android kernel, there's no .config file - the configs are described as being in the .android directory instead, and the Hudl2 kernel download seems to have the config in two files in the android/configs directory: android-base.cfg and android-recommended.cfg, where CONFIG_MODULES is not set as expected.Anyway, will go away for a week or two and see if I have a working modified Hudl2 or a brick.... :-)If the worst happens, You can pick up a huld2 for <£20 on ebay with a cracked screen and swap the PCBs over.I think those .cfg files you mention can be used to create a base .config file to build the kernel against. This can then be modified with menuconfig. Beacase Tesco didn't release their .config file, we don't know exactly how the official kernel was configured. There's also the problem of the missing "external_drivers" - finding these or hacking the Kconfig files is needed to build the kernel at the moment. Link to comment Share on other sites More sharing options...
Guest enjoliveur Posted October 19, 2015 Report Share Posted October 19, 2015 (edited) Quite a while without news on this thread. Really interesting work I'd like to spend some time on. Not that I have time ):Has anyone tried soldering the SPI ROM like did badger1729? I'd like to try it but I'm hesitating.As for these missing drivers needed in building a working kernel, they must be available as files somewhere in the actual Hudl.Could we not use them as they are and make a kernel with them? Edited October 19, 2015 by enjoliveur bold text; can't get rid of it Link to comment Share on other sites More sharing options...
Guest oimster Posted November 1, 2015 Report Share Posted November 1, 2015 Has anyone reached out to the now ex android hudl guy who has just left them?or indeed maybe a crowdsourced campaign to bombard tesco with demands for boot loader unlock? Maybe there is a "legal " case for those who have just bought a hudl2 and have suddenly found themselves without support. Opening up the bootloader would be the decent thing Link to comment Share on other sites More sharing options...
Guest vampirefo Posted November 2, 2015 Report Share Posted November 2, 2015 Has anyone reached out to the now ex android hudl guy who has just left them?or indeed maybe a crowdsourced campaign to bombard tesco with demands for boot loader unlock? Maybe there is a "legal " case for those who have just bought a hudl2 and have suddenly found themselves without support. Opening up the bootloader would be the decent thingTesco has made it clear the are not going to unlock the bootloader, several people have written them and have received a response back, the response is they have no plans on unlocking the bootloader.I can't speak for your country but in USA there is no requirement for a company to unlock the bootloader, most do cause of sales.Locked bootloaders usually hurt a companies sales, in this case Tesco is ending the hudl2 so they don't care about sales. Link to comment Share on other sites More sharing options...
Guest nybor Posted November 2, 2015 Report Share Posted November 2, 2015 Has anyone reached out to the now ex android hudl guy who has just left them?or indeed maybe a crowdsourced campaign to bombard tesco with demands for boot loader unlock? Maybe there is a "legal " case for those who have just bought a hudl2 and have suddenly found themselves without support. Opening up the bootloader would be the decent thingAs someone has already suggested, for all we know Tesco's contract with Pegatron may legally bind them not to unlock. Link to comment Share on other sites More sharing options...
Guest vampirefo Posted November 2, 2015 Report Share Posted November 2, 2015 As someone has already suggested, for all we know Tesco's contract with Pegatron may legally bind them not to unlock.I doubt that, no reseller would in their right mind sign such a contract, my guess Tesco is going to release something else and wants hudl2 to die off unlocking the bootloader extends the life of a product. Link to comment Share on other sites More sharing options...
Guest nybor Posted November 2, 2015 Report Share Posted November 2, 2015 I doubt that, no reseller would in their right mind sign such a contractWhy not? The evidence we have suggests that all Tesco ever did was "Tesco-ise" the Hudl, i.e. add bloatware, and they got given Android ready to run from Pegatron. In those circumstances Pegatron would be keen to establish the limits of their liability, particularly for support and returns. The level of returns (or attempted returns) goes much higher when hobbyists are bricking the devices. And where is the downside for Tesco in signing such a contract?And if you think Tesco is going to release something else, I recommend you read the corporate accounts and the market analysts' view of the company. Tesco has lost its way financially, They are desperate to shed non-core business and stop the grocery core losing market share, and as yet they are a long way from achieving the latter. There will be no more excursions into markets where they lack core expertise. Link to comment Share on other sites More sharing options...
Guest TheSeth Posted March 1, 2016 Report Share Posted March 1, 2016 (edited) Hello, I've had some success with reading the SPI rom from my hudl using: - Bus Pirate - The sparkfun logic level converter badger1729 suggested - an adjustable voltage regulator These bits are all available on amazon or ebay. The soldering is fiddly but ok if you have a steady hand. Here's a photo of my setup. I did try to build a jig with spring loaded test pins, but it was fiddly and tedious. Tesco have discontinued the hudl line so no point trying to keep the board pristine :-) The ROM is still downloading right now, so I'll have more of a fiddle with it once I've got the whole thing. Here's what flashrom does under linux while reading: Edited March 1, 2016 by TheSeth Link to comment Share on other sites More sharing options...
Guest TheSeth Posted March 1, 2016 Report Share Posted March 1, 2016 (edited) What flashrom does: $ flashrom -p buspirate_spi:dev=/dev/ttyUSB0,spispeed=1M --read hudl2-bios.bin flashrom v0.9.7-r1782 on Linux 3.16.0-4-amd64 (x86_64) flashrom is free software, get the source code at http://www.flashrom.org Calibrating delay loop... OK. Found Winbond flash chip "W25Q64.W" (8192 kB, SPI) on buspirate_spi. Reading flash... done. sha256sum of the resulting file, people may wish to compare: d167b026a5689898cea24983cbab1317cbbcb81fe103fa08b3c7310e98ed0752 hudl2-bios.bin Edited March 1, 2016 by TheSeth Link to comment Share on other sites More sharing options...
Guest enjoliveur Posted March 2, 2016 Report Share Posted March 2, 2016 Hey man that's cool. Are you gonna flip that bit and make it boot stock Android? Link to comment Share on other sites More sharing options...
Guest TheSeth Posted March 2, 2016 Report Share Posted March 2, 2016 (edited) That's the idea. I also want to use it as a normal linux machine, however I'm having some issues with flashrom. The image that I managed to dump off the wrong contained nothing but garbage, and re-running flashrom with -V (verbose) gave a worrying error message: $ flashrom -p buspirate_spi:pullups=off,dev=/dev/ttyUSB0,spispeed=1M -V --read hudl2-bios4.bin flashrom v0.9.7-r1782 on Linux 3.16.0-4-amd64 (x86_64) flashrom is free software, get the source code at http://www.flashrom.org flashrom was built with libpci 3.2.1, GCC 4.8.2, little endian Command line (5 args): flashrom -p buspirate_spi:pullups=off,dev=/dev/ttyUSB0,spispeed=1M -V --read hudl2-bios4.bin Calibrating delay loop... OS timer resolution is 1 usecs, 3725M loops per second, 10 myus = 9 us, 100 myus = 100 us, 1000 myus = 959 us, 10000 myus = 9571 us, 4 myus = 6 us, OK. Initializing buspirate_spi programmer Baud rate is 115200 now. Detected Bus Pirate hardware v3a Detected Bus Pirate firmware 5.10 Using SPI command set v2. SPI speed is 1MHz Raw bitbang mode version 1 Raw SPI mode version 1 The following protocols are supported: SPI. <list of flash chips removed> Probing for Generic unknown SPI chip (REMS), 0 kB: probe_spi_rems: id1 0xef, id2 0xff Found Winbond flash chip "W25Q64.W" (8192 kB, SPI). This chip may contain one-time programmable memory. flashrom cannot read and may never be able to write it, hence it may not be able to completely clone the contents of this chip (see man page for details). Reading flash... done. Raw bitbang mode version 1 Bus Pirate shutdown completed. "One time programmable memory" I don't like the sound of that... badger1729, if you're still around, did you run into this issue with flashrom? Or anyone else who did this hardware hack. I know my setup works as I tested it on an SPI ROM chip from an old motherboard. I guess there could be some kind of weird issue, though. Every time I run flashrom I get slightly different garbage read from the ROM: b3d548f78bc9d63fe319b20736a944fc4bdfb7e5 hudl2-bios2.bin 46259912bfece6624e26daaa3ddaca0a0faa4bd5 hudl2-bios3.bin 32050cbb29239c20370f0d2fad27858c93ce7a15 hudl2-bios4.bin 80e24684a4cef34d86b11982d5f1885c87bcec44 hudl2-bios.bin I've tried different SPI speeds with similar results. Edited March 2, 2016 by TheSeth Link to comment Share on other sites More sharing options...
Guest unferium Posted August 12, 2016 Report Share Posted August 12, 2016 (edited) Hi all, I'm new around here. Been looking for an unlocked BIOS for the hudl 2. Noted this topic has been on and off over time so I decided to continue with some input to help anyone here that maybe still trying. I have recently got from a boot sale a boot-looping HUDL2 for a few quid, So I didn't mind using it as a sacrificial lamb. I desoldered the flash-ROM, read it using a multi-programmer tool and verified it several times. Here is the BIOS image I extracted and here is the tool I used to read the ROM. The BIOS ROM is not OTP (One time programmable). TheSeth, there maybe noise getting into your circuit, however I don't mind trying any mods out you or anyone else comes up with as I now have a backup of the entire BIOS if anything goes wrong. I reflowed the chip back to the board and checked the Hudl still boot-loops to ensure I didn't fry a BGA chip (They're insanely easy to kill). Is the NVRAM template in the BIOS checked (signed)? If not then it is as simple as flipping a bit to disable secureboot, reflashing and leaving the battery disconnected for a while. P.S. anyone got a link to the forum rules? Cannot find them Edited August 12, 2016 by unferium Link to comment Share on other sites More sharing options...
Guest oimster Posted August 12, 2016 Report Share Posted August 12, 2016 (edited) hi. thanks for the info. lots of people would be over the moon to get the bootloader unlocked. i posted on the "found hudl2 compatible flash tool via fastboot" thread since they also mentioned this approach on there too. Edited August 12, 2016 by oimster Link to comment Share on other sites More sharing options...
Guest TheSeth Posted August 12, 2016 Report Share Posted August 12, 2016 (edited) @unferium That BIOS image looks similar to the ones I managed to pull off before my bodge-y attempt pulled off one of the test pads. I'll give it another go and post my results. Edited August 12, 2016 by TheSeth Link to comment Share on other sites More sharing options...
Guest Garsay Posted February 24, 2019 Report Share Posted February 24, 2019 Hello, we found this thread. I got a Tesco Hudl 2 tablet with a broken screen that I do not even have. I wanted to try to replace the android, but secure boot did not allow me. I read eeprom programmer CH341 with 1.8V voltage converter. In UEFI I have modified 2 bits - secure boot and secure boot enforce. I did it for the first time, but I'm easy to orientate myself. Then UEFI flashnul back and the tablet works. In addition, the secure boot is turned off because it reads data from an external drive longer, but then the jam loads, I do not know what's going on, as I do not have the display and it does not show anything on HDMI before the graphics driver loads. I would like to have someone try it and in return send back photos of what it does and how it goes, what could I enter blindly? I also found the part where the key to Windows 8.1 is stored in UEFI and I also pulled the PK, KEK and DB certificates, which are included in the archive and we also managed them in hex. editor to do standard certificates in my own way. And we still have a little bit of time to break the start by blinking the ESC key, but it may be blocked, but UEFI is ready for it. TAB Tesco Hudl 2.7z Link to comment Share on other sites More sharing options...
Guest dazmatic Posted April 15, 2019 Report Share Posted April 15, 2019 Have you got the original flash dump from before you edited it? I'm in the process of setting up an ft2232 to 1.8v spi adapter to read off a couple of dead boards. I know 1 flash chip works as it'll boot into android so I hope to get a working image off that and I've got 1 flash chip I think is dead which I'm going to try and read first. I have no problems soldering and my soldering skills are pretty good. I've got some bga stencils on order as I'd like to see if I can read off the emmc chip and get the partition details, looks like the Samsung emmc flash that Tesco used in the Hudl 2 is known to be problematic as I believe certain Sony phones have the same boot loop/crappy emmc issue. Would be great to get a working android image zip to flash to an emmc to try on the boards. On 2/24/2019 at 11:08 PM, Garsay said: Hello, we found this thread. I got a Tesco Hudl 2 tablet with a broken screen that I do not even have. I wanted to try to replace the android, but secure boot did not allow me. I read eeprom programmer CH341 with 1.8V voltage converter. In UEFI I have modified 2 bits - secure boot and secure boot enforce. I did it for the first time, but I'm easy to orientate myself. Then UEFI flashnul back and the tablet works. In addition, the secure boot is turned off because it reads data from an external drive longer, but then the jam loads, I do not know what's going on, as I do not have the display and it does not show anything on HDMI before the graphics driver loads. I would like to have someone try it and in return send back photos of what it does and how it goes, what could I enter blindly? I also found the part where the key to Windows 8.1 is stored in UEFI and I also pulled the PK, KEK and DB certificates, which are included in the archive and we also managed them in hex. editor to do standard certificates in my own way. And we still have a little bit of time to break the start by blinking the ESC key, but it may be blocked, but UEFI is ready for it. TAB Tesco Hudl 2.7z Link to comment Share on other sites More sharing options...
Guest Garsay Posted April 15, 2019 Report Share Posted April 15, 2019 1 hour ago, dazmatic said: Have you got the original flash dump from before you edited it? I'm in the process of setting up an ft2232 to 1.8v spi adapter to read off a couple of dead boards. I know 1 flash chip works as it'll boot into android so I hope to get a working image off that and I've got 1 flash chip I think is dead which I'm going to try and read first. I have no problems soldering and my soldering skills are pretty good. I've got some bga stencils on order as I'd like to see if I can read off the emmc chip and get the partition details, looks like the Samsung emmc flash that Tesco used in the Hudl 2 is known to be problematic as I believe certain Sony phones have the same boot loop/crappy emmc issue. Would be great to get a working android image zip to flash to an emmc to try on the boards. Hi, I do not have a copy of flash memory, because I could not create it, so I actually have, but only a few sections, the most important. Would you like to share them? It's almost 4GB, the system was working. I've already started Linux Ubuntu on it and runs smoothly, booting directly from internal flash memory. It really works, Secure Boot is off! I can't boot Windows (7, 8.1, 10 - x86 / x64), it actually boot, but then it crashes. I don't have a functional display, I don't see what's going on there and it only works on HDMI when loading a Linux-based OS, or after an iGPU driver. Even so, I am very happy for success, it was my first shutdown of SecureBoot. And I'm glad that someone has visited this thread PS: In the appendix, I attach a photo from SPI memory programming and Linux Ubuntu testing. Link to comment Share on other sites More sharing options...
Guest dazmatic Posted April 15, 2019 Report Share Posted April 15, 2019 Thanks so much for your helpful insight. I'm not having much luck reading off the flash chip with my FT2232 adapter. I've tested software in windows and ubuntu but the flash doesn't respond so I may have to get a programmer like yours, the CH341 and 1.8V adapter. At least then it's purpose built for doing this job! All I want to do is to be able to unlock the bootloader and flash a fresh android image to the emmc Link to comment Share on other sites More sharing options...
Recommended Posts
Please sign in to comment
You will be able to leave a comment after signing in
Sign In Now