I noticed that the community has not successfully made a Kernel thats works without doing a boot-loop. Could it be possible that there is E-Fusish type security measure, like the Droid 2 and X, that prevents users from loading custom kernels that Verizon implemented? Thats the only explanation I can think of why we are having issues with our Galaxy versus other carrier's versions.
Sent from my SCH-I500 using XDA App
Samsung gave us a BUNK defconfig
the bootloader's not locked, kernel isn't signed
I've got a working kernel that boots, but the accelerometer is screwed up
jt1134 said:
Samsung gave us a BUNK defconfig
the bootloader's not locked, kernel isn't signed
I've got a working kernel that boots, but the accelerometer is screwed up
Click to expand...
Click to collapse
Sorry for my next noobish question but has anybody sent an email to Samsung about getting a fixed source code or is it pointless until 2.2 drops?
Sent from my SCH-I500 using XDA App
pointless? I guess that depends on who you ask. But yes, Samsung has received much electronic mail from smartphone enthusiasts over the past few weeks.
jt1134 said:
pointless? I guess that depends on who you ask. But yes, Samsung has received much electronic mail from smartphone enthusiasts over the past few weeks.
Click to expand...
Click to collapse
I will talk to my Samsung rep to see if there is anybody I could escalate this to in their North America branch to get this fixed but highly unlikely thou.
Sent from my SCH-I500 using XDA App
@Jt
I will be back on irc tommorow, but I have the accelerometer fixed on my kernel just no wifi, bluetooth or sound still. Have you found a fix for any of these, or are you still using my config?
AFAICT everything works now. I started with your config as a base
jt1134 said:
AFAICT everything works now. I started with your config as a base
Click to expand...
Click to collapse
This is good news, no?
Very nice gang.. I will block off some time for sure to stop in and see what's shakin' this evening..
Dirrk.. what initramfs are you using? I was able to compile with yamaha_b5 and your ramdisk, then I got the no sound/orientation/etc.. However it seems when JT compiles, he uses koush's ramdisk, and gets sound (orientation still off).
If I compile with b5_yamah + koush ramdisk (from his git), Odin fails to flash every time. If I switch back to your ramdisk, odin flashes, kernel boots, etc..
Sounds like you guys are making some good progress. Thanks for your hard work. Can't wait to be able to overclock this sucker.
jt1134 said:
AFAICT everything works now. I started with your config as a base
Click to expand...
Click to collapse
Are you using a different ramdisk to get it fixed as mentioned below v
namebrandon said:
Very nice gang.. I will block off some time for sure to stop in and see what's shakin' this evening..
Dirrk.. what initramfs are you using? I was able to compile with yamaha_b5 and your ramdisk, then I got the no sound/orientation/etc.. However it seems when JT compiles, he uses koush's ramdisk, and gets sound (orientation still off).
If I compile with b5_yamah + koush ramdisk (from his git), Odin fails to flash every time. If I switch back to your ramdisk, odin flashes, kernel boots, etc..
Click to expand...
Click to collapse
Can you send me koush's ramdisk. I have been out of town working for the past few days
Dirrk said:
Can you send me koush's ramdisk. I have been out of town working for the past few days
Click to expand...
Click to collapse
Maybe JT or someone at a linux box can tar it up if you need it as an archive.. I don't have any git software here at work..
http://github.com/koush/fascinate_initramfs
namebrandon said:
Maybe JT or someone at a linux box can tar it up if you need it as an archive.. I don't have any git software here at work..
http://github.com/koush/fascinate_initramfs
Click to expand...
Click to collapse
Thanks man wow after rereading ur op it says its on koush's git lol
Quick question, i've gotten rom building down with CWM and Amon Ra but now I want to dabble in kernel modding but I want to get a general preference on where everybody started at.
Sent from my SCH-I500 using XDA App
Related
Presenting bmlunlock. Unlocks bml7 for writing to it via dd.
http://github.com/CyanogenMod/android_device_samsung_bmlunlock
Nice! Thanks Koush.. it's about time you did some actual work around here..
lol brandon. you know better. he pushed out 2 updates to CWM for us in less than ten minutes last night!
Yeah, I was just kidding. What really makes this useful is this bmunlock and the updated adb access via recovery. Very slick.
BHey would it be possible to use this to flash the kernel of a facinate from a mac? If so could you guys give a quick explanation of how. Us mac users are itching to get ready for roms.
If someone can do the terminal write up for the bmunlock kernel flash on windows we can probably figure out how to do it on our macs..... anyone? Please.
Well first somebody needs to cross-compile that .c source from github for android.
I don't have the tools to do that ATM, but I'll work on that.
From the README on koush's github it looks like you just run the bmunlock executable on the device, which unlocks the partition and then use dd to flash the kernel zImage contained within the tar.zip posted here: forum.xda-developers.com/showthread.php?t=787168
I'll work on this on my Fasc and post clearer instructions if I'm successful.
You rule Koush! Missing your work since i switched from the Droid to Fascinate. Thanks a lot keep it up!
I'm sorry, but what exactly is this?
If you don't know, you don't need it.
It allows devs to flash kernels directly.
adrynalyne said:
If you don't know, you don't need it.
It allows devs to flash kernels directly.
Click to expand...
Click to collapse
Well... guess I don't need it. LMFAO! ... Moving on.
The fascinate needs it.
Sent from my SCH-I500 using XDA App
keith.mcintyre26 said:
The fascinate needs it.
Sent from my SCH-I500 using XDA App
Click to expand...
Click to collapse
Redbend works as well.
Sent from my SCH-I500 using XDA App
adrynalyne said:
If you don't know, you don't need it.
It allows devs to flash kernels directly.
Click to expand...
Click to collapse
Ah. Then I don't need it. I appreciate the work Koush, but I don't know a thing about programming and I'm not a dev.
How do I compile it for the GB kernel? Do I just need to use the cross compiler?
We have an issue with the Pop Plus (GT-S5570I) flashing kernels via zip files. Sometime they do not flash at all. Others they do. It is a real pain in the butt.
Miche1asso said:
How do I compile it for the GB kernel? Do I just need to use the cross compiler?
We have an issue with the Pop Plus (GT-S5570I) flashing kernels via zip files. Sometime they do not flash at all. Others they do. It is a real pain in the butt.
Click to expand...
Click to collapse
Look at the date of the last response... 2010...
For gingerbread, you can use bmlwrite instead of redbend:
https://github.com/CyanogenMod/andr...s-common/blob/gingerbread/bmlutils/bmlwrite.c
bhundven said:
Look at the date of the last response... 2010...
For gingerbread, you can use bmlwrite instead of redbend:
https://gist.github.com/CyanogenMod...s-common/blob/gingerbread/bmlutils/bmlwrite.c
Click to expand...
Click to collapse
I know… But that is what we have in our custom ROMs and I was hoping someone could still answer, as you did.
I'll check bmlwrite. Thanks!!
https://opensource.samsung.com/rece...hod=reception_search&searchValue=SGH-I777_ATT
this is awesome , this means we can have a rooted kernel on launch day!!!!
AT&T Galaxy S II Sub-Forum?
Where is the love for our own forum since we now have the kernel?
Edit: Well, it just happened this morning. Cool, our own forum.
The AT&T version is close enough to the international version that maybe they should keep the same forum? Or just have a sub forum for the dev board like i9003 on the i9000 board.
anilkuj said:
https://opensource.samsung.com/rece...hod=reception_search&searchValue=SGH-I777_ATT
this is awesome , this means we can have a rooted kernel on launch day!!!!
Click to expand...
Click to collapse
Hope the devs can find something they may be able to use on our version of this great phone.
I uploaded the file here also in case site goes down or anything
http://www.multiupload.com/R7CG8ZR085
Wow. Samsung releases something ahead of hardware and a carrier to boot. More reason to boot atnt.
I voided my warranty and your mum.
anilkuj said:
https://opensource.samsung.com/rece...hod=reception_search&searchValue=SGH-I777_ATT
this is awesome , this means we can have a rooted kernel on launch day!!!!
Click to expand...
Click to collapse
Nice head start for the devs
pukemon said:
Wow. Samsung releases something ahead of hardware and a carrier to boot. More reason to boot atnt.
I voided my warranty and your mum.
Click to expand...
Click to collapse
Awesome sig sir.
sent from my stock Infuse at Tranquility Base.
Looking forward to this... but I hear Sammy has been really good with the stock ROMs for this model. Great starting points for our amazing devs
Sure hope a custom ROM gets put up soon after launch. I'm sure the stock one will suffice for a few days. Not looking for anything fancy, just want some good 'ol root access.
bigblue95z said:
Sure hope a custom ROM gets put up soon after launch. I'm sure the stock one will suffice for a few days. Not looking for anything fancy, just want some good 'ol root access.
Click to expand...
Click to collapse
I'm sure you will be able to root it pretty quick. A custom kernel may take a few days... a good one will take a few weeks, if someone is able to dedicate some real time to it. Sure you will get some quick ROMs that are basically stock with a custom theme and bloatware removed, but I digress.
I THINK I read that DG already has something SETUP for the ATT version and just waiting to ha e it in hand to test it. Would be awesome to get some tentative roms set up before launch day so I can flash the same day
Sent from My KickAss Captivated CM7 OC'd 1.5Ghz/Undervolted
RockRatt said:
I THINK I read that DG already has something SETUP for the ATT version and just waiting to ha e it in hand to test it. Would be awesome to get some tentative roms set up before launch day so I can flash the same day
Sent from My KickAss Captivated CM7 OC'd 1.5Ghz/Undervolted
Click to expand...
Click to collapse
Heck yeah! Where'd you read that?
RockRatt said:
I THINK I read that DG already has something SETUP for the ATT version and just waiting to ha e it in hand to test it. Would be awesome to get some tentative roms set up before launch day so I can flash the same day
Sent from My KickAss Captivated CM7 OC'd 1.5Ghz/Undervolted
Click to expand...
Click to collapse
Yep He will be developing the same ROMs for both phones although the Kernel will have to be reoriented due to the button on the international version like the i9000 was re the Captivate. I believe ROMS will be interchangeable but not kernels.
anilkuj said:
https://opensource.samsung.com/rece...hod=reception_search&searchValue=SGH-I777_ATT
this is awesome , this means we can have a rooted kernel on launch day!!!!
Click to expand...
Click to collapse
Depends on how different the initramfs is - fortunately it probably won't be significantly different.
Here's a recommendation I have from my experience with the Infuse community - I'm on the fence about upgrading Sunday, but since the AT&T GSII variant has a smaller screen and no Wolfson I'm likely to stick with the Infuse:
On launch day, have some people on IRC coordinating. Once a root kernel is developed, don't immediately post it here. Pick a handful of people to flash and test. Once they have root, their first order of business should be getting a clean stock system dump.
Once you have a system dump you can make an Odin/Heimdall-flashable system image with root - have someone who did NOT flash the root-injection kernel flash THAT in order to get a dump of the stock kernel. Without that you'll be flying blind as far as initramfs.
A few tips:
http://forum.xda-developers.com/showpost.php?p=17777056&postcount=42 - my initial tips for the Epic 4G Touch crew
http://forum.xda-developers.com/showthread.php?t=1081239 - You'll need this to make a Heimdall-flashable image from your system dump
https://github.com/mistadman/Extract-Kernel-Initramfs - Once you've dumped a stock kernel image, use that script to extract the initramfs. Put that up on github ASAP.
Also, I strongly recommend putting a straight unmodified source tarball up on github, and then work on getting it to a compilable state from there. That way the process of "cleaning up" the Samsung source is documented in git commits. See the early commits from LinuxBozo at https://github.com/Entropy512/linux_kernel_sgh-i997r/commits/master?page=2 as an example
If all goes well, I will have my GS2 Sunday morning, and be on IRC as well, ready to test flash the rooted kernel for you guys.
Hmm, I get bored @ SGS2.
If someone can post stock initramfs, aka "adb pull /"
Remove /data and /cache from the local files on your computer and then zip it up and post it here, you have root
netchip said:
Hmm, I get bored @ SGS2.
If someone can post stock initramfs, aka "adb pull /"
Remove /data and /cache from the local files on your computer and then zip it up and post it here, you have root
Click to expand...
Click to collapse
Hmm - good point, I don't think anything in initramfs has permissions set such that a non-root ADB user can't read it.
Entropy512 said:
Hmm - good point, I don't think anything in initramfs has permissions set such that a non-root ADB user can't read it.
Click to expand...
Click to collapse
Sorry, miss understand.
It is not required to have root, I am now testing with my SGS2.
netchip said:
Sorry, miss understand.
It is not required to have root, I am now testing with my SGS2.
Click to expand...
Click to collapse
That's what I meant - Previously I was assuming that to get a "good" initramfs dump, root would be required. However, after reading your post I realized that all of the relevant files in the initramfs SHOULD be readable by any user, even without root permissions.
Still it's ideal to get a direct initramfs extract from the kernel zImage as soon as possible.
Entropy512 said:
That's what I meant - Previously I was assuming that to get a "good" initramfs dump, root would be required. However, after reading your post I realized that all of the relevant files in the initramfs SHOULD be readable by any user, even without root permissions.
Still it's ideal to get a direct initramfs extract from the kernel zImage as soon as possible.
Click to expand...
Click to collapse
Yeah, I know.
But I will give you root kernel if you give me: /lib, /res, all *.rc files, /vendor and /sbin.
I'm planning on getting this device shortly & was wondering if the stock kernel will work with most of the roms developed here? I'm just trying to do my homework so I can be ready when I have it in hand. I'm so ready to ditch the g2x.
Sent from my LG-P999 using xda premium
TBH I haven't seen a stock kernel NOT work with a Custom ROM. The only thing is some of the features i.e. Wifi Calling may not work. So it's always best to flash the recommended to avoid boot loops or bugs.
I just looked at four of the most popular ROMs, and in less than five minutes read that only one of them said stock kernel was ok. The other three say to flash either faux's kernel, xboarder's newest kernel, or the included boot.img in the download.
But yes the stock kernel will work but like just mentioned it will have limited functionality. In my opinion, read what the dev says in their OP and throughout their thread, but a whole thread on this isn't necessary.
I don't mean to be rude, just saying it like it is. Welcome!
Sent from my HTC_Amaze_4G using XDA App
Thanks for ur replys guy's. I have always used the stock kernel with every rom on every device I've used. I'm new to flashing kernels & every time I tried flashing a kernel I've always had issues. Thanks again for ur answers.
Sent from my LG-P999 using xda premium
I wonder how this thread's topic relates to development...
Okay let me clarify the whole kernel thing.
We have three types kernels to chose from.
The stock OTA kernel. That's what your phone comes with. It is secured which means it will not allow scripts to auto-start (which means that init.d is worthless) and does not default with superuser access from adb or terminal. You can still get root access but you always need to do "su" command.
The unsecured kernel. This is the kernel that comes with your rom. This is commonly found in the zip file of the custom rom that you download. The custom rom DOES NOT (which also means DOESN'T, WON'T, WILL NOT, CAN'T and CAN NOT) update the kernel by recovery like almost all the other phones do. We believe this is because we have bootloaders with S-ON. When or IF we get s-off we may be capable of flashing a kernel by recovery.
Faux123's kernel.
Refer to [Kernel]HTC Stock[2.6.35.13](v0.0.7)OC~1.73/UV/CIFS+UTF-8[Dec-30]
Q&A
But can't we flash Faux's kernel by recovery?
Yes and no. I developed a workaround to make that work however it doesn't directly flash the kernel from the recovery. It flashes the kernel after the phone has already booted which is why a second reboot is required.
Well... why not? I don't understand.
Unfortunately since the phone MUST come to a complete boot from a kernel that initiats init.d scripts (unsecured kernel as described above), we cannot use the above method going from a pure rooted OTA rom or when going from SenseUI 3.0 to SenseUI 3.5 or ICS roms. Let me know if you're confused by this.
Alright... so can you tell me more about Faux's kernel?
Well since I'm not Faux123 I'll try to answer this.
It's a slightly modified version of the unsecured kernel (capable of executing init.d scripts) that has been tweaked to allow slight over clocking and control over the voltage going to the CPU and RAM of the phone. This can help you or hurt you. You can push your processor harder and faster to increase performance but you may lose stability and drain your battery faster. Alternatively you can reduce the voltage and preserve battery life. At this time the kernel is NOT complete due to HTC not releasing the full source of their TI drivers. It would appear that since it is not technically their drivers, they don't have to release it.
So... what's the problem making the kernel?
Faux123 tried to make the kernel from source, unfortunately without the full source attempting to do so will lose wifi and wireless tethering abilities. Again... blame HTC for that. Until they release the full source we're stuck with this limitation.
So all this talking about kernels you still haven't explain how to flash it?
This part is easy.
Use this: [Guide][Tool] Kernel Flasher 2 Step/Kernel Restore Tool||Noob Proof||V3 released || or whatever directions are included with the ROM or kernel that you're interested in flashing. If you're skilled enough you can just use the fastboot commands.
From bootloader:
fastboot flash boot c:\directorytoboot\boot.img
(replace c:\directorytoboot with actual directory)
So in conclusion... as soon as HTC releases s-off for our devices as well as the full kernel source code we can have some really kick @$$ phones! Until then... we have to [email protected]$$ everything such as fastboot flashing our half-a$$ modified kernels. It's not the rom or kernel developers fault... it's HTC's.
Felinos11 said:
I wonder how this thread's topic relates to development...
Click to expand...
Click to collapse
Yeah yeah... I'll move it.
Thank you binary for your excellent explanation. I posted it here because the people with the knowledge frequent this board & hope they would see it. I apologize if I posted this in the wrong place.
Sent from my LG-P999 using xda premium
Binary100100 said:
Yeah yeah... I'll move it.
Click to expand...
Click to collapse
so how do I go back to stock kernel binary!!!!! i kid, i kid!!!
Stock kernel works fine.
seansk said:
so how do I go back to stock kernel binary!!!!! i kid, i kid!!!
Click to expand...
Click to collapse
Go choke on some nitrous.
Binary100100 said:
Go choke on some nitrous.
Click to expand...
Click to collapse
I love nitrous oxide, we had to try in in school, you should try it sometimes, we use it on kids, and some adults unfortunately that act like kids on the dental chair
seansk said:
I love nitrous oxide, we had to try in in school, you should try it sometimes, we use it on kids, and some adults unfortunately that act like kids on the dental chair
Click to expand...
Click to collapse
I'll try it while at the range. The range masters should love that.
Binary100100 said:
I'll try it while at the range. The range masters should love that.
Click to expand...
Click to collapse
Hmm...I don't know if those two will mix well!!!
Folks,
While I was reading the Safestrap discussion thread in the Developement area, I came across this post from Hashcode:
http://forum.xda-developers.com/showpost.php?p=46202168&postcount=430
He indicated that he needs help getting around the kernel module verification system for possibility of Kexec. I thought I would bring this up here in case anyone that knows about the S4 kernels may not be frequenting the Safestrap threads. If ANYONE can help Hashcode, please let him know. I know if I had the knowledge for kernels, I would be all over this helping him.
I thought this was a good place to get this seen as some may not have seen his post buried in the dev. thread for SS.
Thanks!!!
roboots21 said:
Folks,
While I was reading the Safestrap discussion thread in the Developement area, I came across this post from Hashcode:
http://forum.xda-developers.com/showpost.php?p=46202168&postcount=430
He indicated that he needs help getting around the kernel module verification system for possibility of Kexec. I thought I would bring this up here in case anyone that knows about the S4 kernels may not be frequenting the Safestrap threads. If ANYONE can help Hashcode, please let him know. I know if I had the knowledge for kernels, I would be all over this helping him.
I thought this was a good place to get this seen as some may not have seen his post buried in the dev. thread for SS.
Thanks!!!
Click to expand...
Click to collapse
Im taking the stock developer edition kernel apart now, I don't know how Hash's kexec works is he trying to hijack the kernel, load before the kernel or load after? I know how the s4 kernels work but I guess in my mind I assume Hash already knows anything that I do.
Surge1223 said:
Im taking the stock developer edition kernel apart now, I don't know how Hash's kexec works is he trying to hijack the kernel, load before the kernel or load after? I know how the s4 kernels work but I guess in my mind I assume Hash already knows anything that I do.
Click to expand...
Click to collapse
To be clear, I can work on the kexec stuff. I need a bypass for the module sha1sum check in the stock kernel. Can't load the kexec modules with that in place.
Hashcode
Keep up by the good work.
I don't know much about the kernel stuff, but maybe you could disguise the kexec module as the original sha1 sum. Basically tricking the system into thinking everything is normal?
Sent from my GT-I9505G using xda app-developers app
Hashcode let me know if there is anything I can help with. Im going to download the kernel source and see if I can find anything
Sent from my GT-N5110 using XDA Premium 4 mobile app
Jraider44 said:
I don't know much about the kernel stuff, but maybe you could disguise the kexec module as the original sha1 sum. Basically tricking the system into thinking everything is normal?
Click to expand...
Click to collapse
The SHA-1 hash attached to the module is a keyed hash. It uses a private key that Samsung owns and hopefully carefully protects. That key is used to sign the module. The resulting hash demonstrates both that the file comes from Samsung and that it hasn't been tampered with.
You could try to figure out a way to alter the new binary so that the hash still verifies, but that's a very difficult thing to do, where "very difficult" means firing up a few million computers for thousands of years to try to find a collision.
That's why hashcode is looking for a way to bypass the signature verification. That's much more likely to be practical.
Hashcode said:
To be clear, I can work on the kexec stuff. I need a bypass for the module sha1sum check in the stock kernel. Can't load the kexec modules with that in place.
Click to expand...
Click to collapse
Hash to be clear, you essentially need a entire boot.img bypass exploit since aboot checks both the ramdisk and the zimage correct? And are you planning to use the boot.img linux kernel and not the recovery kernel or both?
Sent from my SCH-I545 using xda app-developers app
Surge1223 said:
Hash to be clear, you essentially need a entire boot.img bypass exploit since aboot checks both the ramdisk and the zimage correct? And are you planning to use the boot.img linux kernel and not the recovery kernel or both?
Sent from my SCH-I545 using xda app-developers app
Click to expand...
Click to collapse
That would work (ie, loki) or a kernel memory overwrite vulnerability is needed to patch the verification function.
jeboo said:
That would work (ie, loki) or a kernel memory overwrite vulnerability is needed to patch the verification function.
Click to expand...
Click to collapse
What if we just brute forced samsung's signing key. I know that would take A LONG TIME to try and crack that algorithm, but I bet we all can donate CPU cycles for the project. I have about 3 computers running that can help.
(well, that depends if it's possible to bruteforce a SHA1 check.)
tommydrum said:
What if we just brute forced samsung's signing key. I know that would take A LONG TIME to try and crack that algorithm, but I bet we all can donate CPU cycles for the project. I have about 3 computers running that can help.
(well, that depends if it's possible to bruteforce a SHA1 check.)
Click to expand...
Click to collapse
I've temporarily gotten the Dev. recovery to flash but haven't been able to repeat the the procedure as of yet. Hopefully I wasn’t hallucinating. Have been trying to repeat the result for the last 3 days...
Surge1223 said:
I've temporarily gotten the Dev. recovery to flash but haven't been able to repeat the the procedure as of yet. Hopefully I wasn’t hallucinating. Have been trying to repeat the result for the last 3 days...
Click to expand...
Click to collapse
Oh I hope you wernt hallucinating either.. that would be really cool if that worked
tommydrum said:
Oh I hope you wernt hallucinating either.. that would be really cool if that worked
Click to expand...
Click to collapse
It would be way more than cool, if you have any idea of the implications it would have.
Sent from my SCH-I545 using xda app-developers app
jeboo said:
That would work (ie, loki) or a kernel memory overwrite vulnerability is needed to patch the verification function.
Click to expand...
Click to collapse
Yep, I was thinking of a kernel memory exploit to overwrite the verification function or the keyed hash memory.
Hashcode said:
Yep, I was thinking of a kernel memory exploit to overwrite the verification function or the keyed hash memory.
Click to expand...
Click to collapse
That'll work
Just keep in mind, a few of us are willing to donate computer power on cracking that sum if you ever want to hack up a small program/script to work on that.
Again, good work on safestrap, very "outside the box" thinking there
tommydrum said:
That'll work
Just keep in mind, a few of us are willing to donate computer power on cracking that sum if you ever want to hack up a small program/script to work on that.
Again, good work on safestrap, very "outside the box" thinking there
Click to expand...
Click to collapse
I am more than willing to donate SEVERAL computers worth of power...happy to help in any way I can.
Dollyllama said:
I am more than willing to donate SEVERAL computers worth of power...happy to help in any way I can.
Click to expand...
Click to collapse
Ill be more then willing to do the same.
Sent from my SCH-I545 using xda app-developers app
You know what would actually help? If we had people post what they had reverse engineered from the kernels so far. All this stuff is so tedious
Sent from my cm_tenderloin using xda app-developers app
Surge1223 said:
You know what would actually help? If we had people post what they had reverse engineered from the kernels so far. All this stuff is so tedious
Sent from my cm_tenderloin using xda app-developers app
Click to expand...
Click to collapse
Well, the kernel is open src, so exploits can be found there. I guess if you're trying to find a vuln in a driver, then you would need to do some reverse engineering.
Sent from my SAMSUNG-SGH-I337 using xda app-developers app
jeboo said:
Well, the kernel is open src, so exploits can be found there. I guess if you're trying to find a vuln in a driver, then you would need to do some reverse engineering.
Sent from my SAMSUNG-SGH-I337 using xda app-developers app
Click to expand...
Click to collapse
Trying to see if there are any locations calling the kernel that can be exploited. im not a pro with ida either so it usually takes me awhile to get useful info out of it.
Sent from my SCH-I545 using xda app-developers app
jeboo said:
Well, the kernel is open src, so exploits can be found there. I guess if you're trying to find a vuln in a driver, then you would need to do some reverse engineering.
Sent from my SAMSUNG-SGH-I337 using xda app-developers app
Click to expand...
Click to collapse
Basically what hash is trying to do is find some exploit to get away installing a modified kernel with his kexec mod... the exploit will lay in the verifications the bootloader (SHA1 checks) on the kernel. Hash specifically wants to find a glitch before the kernel checks, to be able to modify the outcome of the check. He wants it to always impersonate a legit kernel, even if it's not.
Hi! I am rebel1699. I have done work on the S4 i337 (root for 4.4.2). Recently, I bought an SCH-R960 for something to do. After messing with it for a while, I have discovered that custom roms are indeed possible, but with some things that need work. Here is my current configuration
SlimKat 4.4.4
Philz Touch Recovery
As you may know, the touch recoveries do not respond to touch on this model. However, the vol +/- and power for select still work fine. After getting this ironed out, it was time to experiment. I downloaded SlimKat, and made a few modifications. Booted to recovery and made my nandroid. Then, on to wipes and install. Results---
Upon reboot, I was greeted with the "Warranty bit:kernel" on the top of the sceen. I didnt care. Warranty was long gone anyways. But, it booted into SlimKat just fine. Heres where the dev needs to begin. There is NO TOUCH. I even made a flashable of the stock 4.4.2 kernel modules, but still no help. Not unexpected, considering the recoveries do the same. Using my otg, I connected a mouse for navigation. It is indeed the custom kernel. WiFi, bt, and everything else seem to work fine. I cannot test cellular operation as I am not a US Cellular customer. So, there is another issue. I guess it could be possible to flash a correct radio. Not sure.
First things first---We need touch drivers working on this to go any further. We get that, and sky is the limit.
You probably have to backported the input drivers for your model
Just pull official kernel sources from samsung open modify the drivers of cm kernel
Sent from my HTC D816w using XDA Free mobile app
Grarak said:
You probably have to backported the input drivers for your model
Just pull official kernel sources from samsung open modify the drivers of cm kernel
Sent from my HTC D816w using XDA Free mobile app
Click to expand...
Click to collapse
Same as I was thinking. Sound is also out, but I fully expected that to be the case. Pulling the sammy input drivers should also allow for a custom touch recovery to be modified for the device. TWRP 2.7.0.1, preferrably. I will see what I can do over the next few days. Just started using a new laptop, so I have to get the time to sit down and set up a new dev environment. But again, I wont be able to test cellular radio compatibility. I use AT&T, so nno good for that.
Personally, Im buying the i9200 intl for my own use. But ill do what I can to help these US Cellular folks. They have not seen any development at all. Craigslist is littered with this SCH-R960. I understand why.
Why
Why are you saying that the touch recovery's don't work on this model. I flashed philz on mine and used it to gain root. Worked just fine for me!
MeatHammer311 said:
Why are you saying that the touch recovery's don't work on this model. I flashed philz on mine and used it to gain root. Worked just fine for me!
Click to expand...
Click to collapse
Because after flashing both philz touch and twrp 2.7.1.0 meliusltexxx recoveries, touch works on neither. The boot image does not contain the touch input drivers for the SCH-R960. Manual navigation is still operable
I guess you only have to enable some options in defconfig
Sent from my HTC D816w using XDA Free mobile app
Grarak said:
I guess you only have to enable some options in defconfig
Sent from my HTC D816w using XDA Free mobile app
Click to expand...
Click to collapse
Good to hear. I just got a new laltop and have been getting my enviro set back up and going.
Grarak said:
I guess you only have to enable some options in defconfig
Sent from my HTC D816w using XDA Free mobile app
Click to expand...
Click to collapse
These options your talking about, are they options to enable touch on these recovery's??
MeatHammer311 said:
These options your talking about, are they options to enable touch on these recovery's??
Click to expand...
Click to collapse
The recoveries, and the roms. All either is lacking are those thing within thier perspective kernels. Roms will still need more work, eg...audio. And as I said, I cannot comment on the celluler end of it since I do not have US Cellular service.
Some of the roms need an edit to thier updater script to install. Others do not. They just have to be checked first. Just edit out anything that call to Format "0". I cant remember the mmcblk #
Any more progress with this? I have a sch-r960 and I would gladly help test roms or do what I can.
Cheers
helpfull
statikrage said:
Any more progress with this? I have a sch-r960 and I would gladly help test roms or do what I can.
Cheers
Click to expand...
Click to collapse
I just bought one of these as well... have nandroid and stock... attempting to build up first rom/port.... we shall see... so device tree anywhere... tried to flash meliusltexx roms, but always get error 7
so cm 11 installed... shows lte... no touch... not sure where to go from here.... new to this... always just been a flasher..... never tried to port....
antimidas said:
I just bought one of these as well... have nandroid and stock... attempting to build up first rom/port.... we shall see... so device tree anywhere... tried to flash meliusltexx roms, but always get error 7
Click to expand...
Click to collapse
Did you edit the rom updater script before installing?
hmmmmm
not sure what to change other than specific model... it points to /system/xbin/touch, but there is no file there... yet in deodexedf stock rom the updater-script points to /system/bin/touch... which also is not in that zip either. gonna try to compile aosp then pull my touch file from phone i guess..... a bt difficult to find specific info at this point
antimidas said:
not sure what to change other than specific model... it points to /system/xbin/touch, but there is no file there... yet in deodexedf stock rom the updater-script points to /system/bin/touch... which also is not in that zip either. gonna try to compile aosp then pull my touch file from phone i guess..... a bt difficult to find specific info at this point
Click to expand...
Click to collapse
I would help more, but sadly I do not have the phone anymore. Anything more from me would be no more than wild speculation, lol.
rebel1699 said:
I would help more, but sadly I do not have the phone anymore. Anything more from me would be no more than wild speculation, lol.
Click to expand...
Click to collapse
i need idea of what to edit.... just changing model names doesnt seem like it would work... but maybe im wrong... hardware is the same as meliusxx.... so i just dont get it... just gonna experiment i guess.... gonna go in and change all reference i see.... also may try to remove the part that lists the touch... maybe if it isn't flashed the orig firmware i lay over top of will keep driver intact.... i dunno, just gonna keep at it.... cant seem to get help anywhere. at least you responded!!! Thank You for that. /bow
R960 vs I9205
What is the difference. Appear exactly the same in specs. Only difference appears to be the cellular provider. Has anyone tried to flash a I9205 to an R960 Mega 6.3 to see what happens? If so, what was the result??