Better Mobile App

x8 have kexec tool for loading new kernel

Open cmd
go to adb folder
type adb shell
cd /system/bin/
kexec-tool
you willl see commands for loading Zimage to kernel or loading new kernel

Yes but it has been already told that we have to find root partition... without it we can't do anything... Bin4ry has already posted modded kexec tool too..

blagus said:
Yes but it has been already told that we have to find root partition... without it we can't do anything... Bin4ry has already posted modded kexec tool too..
Click to expand...
Click to collapse
Im looking for it

in init.delta.rc I found the text
sevice kexec-tool /system/bin/kexec-tool -p /system/xbin/capk --initrd=/system/xbin/capk_root
and the source code is config file
in /kernel/arch/arm/configs/semc_shakira_capk_defconfig
I did not compile it
there are errors during compilation
If, after compilation will file capk_root. can try to run it on the phone !?
sorry for my english

That kexec command is made to load new kernel in case of kernel panic. So maybe we can load new kernel with that -p option and produce kernel panic so new kernel would be loaded... Would that work?

blagus said:
That kexec command is made to load new kernel in case of kernel panic. So maybe we can load new kernel with that -p option and produce kernel panic so new kernel would be loaded... Would that work?
Click to expand...
Click to collapse
Dontpanic folder is located in data folder.
Maybe will work try some panic kernel andvif mobile will not turn on that mean you did it.
Sent from my E15i using XDA App

blagus said:
That kexec command is made to load new kernel in case of kernel panic. So maybe we can load new kernel with that -p option and produce kernel panic so new kernel would be loaded... Would that work?
Click to expand...
Click to collapse
try flashing x10s kernel.sin that will probably produce kernel panic

That wouldn't work because phone would be off - we need working turned on system, where we load new kernel and then produce kernel panic... unfortunately, when I have to, I don't know how, but when I "had" to crash Ubuntu installation, it was very easy

blagus said:
That wouldn't work because phone would be off - we need working turned on system, where we load new kernel and then produce kernel panic... unfortunately, when I have to, I don't know how, but when I "had" to crash Ubuntu installation, it was very easy
Click to expand...
Click to collapse
Change modules.
Sent from my E15i using XDA App

Tried this. Used capk_root and capk with kexec, triggered kernel panic.
Nothing special happens. Devices just hangs.

here what happen while trying kexec-tool -p
# kexec-tool -p /data/dontpanic/zImage
kexec-tool -p /data/dontpanic/zImage
200000- d8fffff : System RAM
22b000- 6e3fff : Kernel text
6e4000- 813733 : Kernel data
2900000- 2afffff : kgsl_phys_memory
d200000- d8fffff : Crash kernel
d9e0000- d9fffff : ram_console
a0000000-a001ffff : kgsl_reg_memory
a0000000-a001ffff : kgsl
a0200000-a0200fff : msm_serial_hs.0
a0400000-a0400fff : msm_sdcc.1
a0500000-a0500fff : TIWLAN_SDIO.2
a0800000-a08003ff : msm_hsusb
a0800000-a08003ff : msm_hsusb_periphera
a0800000-a08003ff : msm_hsusb_host.0
a0800000-a08003ff : msm_hsusb_otg
a0800000-a08003ff : msm_otg
a0a00000-a0a007ff : msm_nand_phys
a9900000-a9900fff : msm_i2c.0
a9900000-a9900fff : msm_i2c
a9c00000-a9c00fff : msm_serial.2
a9c00000-a9c00fff : msm_serial
aa200000-aa2effff : mdp
aa300000-aa300fff : tssc
aa600000-aa600fff : pmdh
CRASH MEMORY RANGES
200000- d1fffff
Created elf header segment at 0xd8fc000
Command line after adding elfcorehdr
elfcorehdr=222192K

---UP------

[TOOLS] kernel_dump and kernel_make

Tools for Sony Xperia:
- kernel_dump
- kernel_make
====================
1. kernel_dump
====================
This is Android tool for dumping boot partition to an location,
than automatically extract zImage, initrd.gz and cmdline.
Tool is designed to run only on Android.
Sintax usage:
---------------------------------------------------------------------------------
./kernel_dump /storage/sdcard1/bb /dev/block/mmcblk0p9
Sony kernel dumper by Munjeni @ XDA 2013
Created ouput folder /storage/sdcard1/bb
32768+0 records in
32768+0 records out
16777216 bytes transferred in 2.817 secs (5955703 bytes/sec)
Dumped boot.img(/dev/block/mmcblk0p9) to /storage/sdcard1/bb
opening /storage/sdcard1/bb/boot.img
ELF magic found
Entry point : 0x00008000
Program Header start : 0x34
Program Header size : 32
Program Header count : 4
-> PH[0], type=1, offset=00001000, virtual=00008000, phy=00008000, size=3339296(0x0032F420)
-> PH[1], type=1, offset=00330420, virtual=01000000, phy=01000000, size=4712404(0x0047E7D4)
-> PH[2], type=4, offset=007AEBF4, virtual=00000000, phy=00000000, size=332(0x0000014C)
-> PH[3], type=558778707, offset=000000B4, virtual=00000000, phy=00000000, size=1072(0x00000430)
...dumping to /storage/sdcard1/bb/zImage
...dumping to /storage/sdcard1/bb/initrd.gz
...dumping to /storage/sdcard1/bb/cmdline
...dumping to /storage/sdcard1/bb/certificate
-----------------------------------------------------------------------------------
==============================
2. kernel_make
==============================
Tool for patching existing boot.img after making some changes to the ramdisk (initrd.gz).
usage:
------------------------------------------
Sony dual kernel flasher v 0.1 by LeTama
Sony dual kernel flasher v 0.1 modified by munjeni
Syntax: make_kernel PATH_TO/zImage PATH_TO/initrd.gz PATH_TO/cmdline PATH_TO_EXISTING/boot.img
---------------------------------------------
===================================
3.How to install:
===================================
Install them to whatewer location you want, but give 755 permissions! Enjoy!
Source code is provided in seccond attachment.

@munjeni, bro I'm having problems with the kernel_dump. I placed these tools to /system/bin and set permissions 755.
When I use kernel_dump to dump it in a non existing folder, it says "FAILURE to create output folder /sdcard/dump! Pllease try another folder!"
If I use a existing folder it says "FAILURE to dump boot.img to /sdcard/Download! Pllease try another folder!"
What am I doing wrong ?

NoobCoder said:
@munjeni, bro I'm having problems with the kernel_dump. I placed these tools to /system/bin and set permissions 755.
When I use kernel_dump to dump it in a non existing folder, it says "FAILURE to create output folder /sdcard/dump! Pllease try another folder!"
If I use a existing folder it says "FAILURE to dump boot.img to /sdcard/Download! Pllease try another folder!"
What am I doing wrong ?
Click to expand...
Click to collapse
Same thing happened to me. Any solutions?

jackie099 said:
Same thing happened to me. Any solutions?
Click to expand...
Click to collapse
we have to use new version of these tools. download from here http://forum.xda-developers.com/showpost.php?p=45001014&postcount=64

What is the meaning of the error - cmdline out of range!

I have the same same problem with new tools. Any other solution?

Porting kexec hardboot to LG L1 II

Hi,
I've read the porting kexec hardboot wiki: https://github.com/Tasssadar/multirom/wiki/Porting-kexec-hardboot and, in particular, the following step:
Hard-reboot in arch/arm/kernel/relocate_kernel.S
Can be found here in the patch for mako. This can often be the hardest thing to find out. Try to look for restart.c or reboot.c or something like that in your device's arch/arm/mach-xxx folder and port the restart sequence from that file to assembler. If you are using Tegra 2/3 or MSM SoC, chances are reboot methods currently (or very similar to them) in the patch will work.
Click to expand...
Click to collapse
So, the porting guide says the restart sequence should be ported from restart.c to relocate_kernel.S.
Exactly, what function I've to port from restart.c? Any ideas?

Ok, I've ported the restart sequence into relocate_kernel.S. The patch just needs the following changes:
Code:
#elif defined(CONFIG_ARCH_MSM7X27)
#include <mach/msm_iomap.h>
Code:
#elif defined(CONFIG_ARCH_MSM7X27)
/* Restart using the PMIC chip, see mach-msm/restart.c */
mov r0, #3
ldr r1, =0x00100000
str r0, [r1]
ldr r0, =0x77665501
str r0, [r1, #0x08]
mov r0, #0
str r0, [r1, #0x0C]
mov r0, #1
ldr r1, =0xc0100418
str r0, [r1]
loop: b loop
Many thanks to a msm dev guy for the help and explanations, which I've translated into assembly code shown above :good:
Now, the next part of the porting kexec hardboot wiki says:
Reserving memory for kexec-hardboot page
Can be found here in the patch for mako. You need to find a place where reserving memory is safe, typicaly somewhere around where memory for ram_console is reserved. It probably will be in the board's file. I usually register the page just before the ram_console, which is before the end of the first memory bank.
Click to expand...
Click to collapse
So, my question is: what board's file is the porting guide pointing to? Any ideas?

Ok, I've reserved memory for kexec-hardboot page. This part can be done if board-msm7x27a_v1.c board's file (located into arch/arm/mach-msm/lge/v1 directory) is changed as follows:
Code:
static void __init msm7x27a_reserve(void)
{
reserve_info = &msm7x27a_reserve_info;
msm_reserve();
#ifdef CONFIG_KEXEC_HARDBOOT
// Reserve space for hardboot page, just before the ram_console
struct membank* bank = &meminfo.bank[0];
phys_addr_t start = bank->start + bank->size - SZ_1M - SZ_1M;
int ret = memblock_remove(start, SZ_1M);
if(!ret)
pr_info("Hardboot page reserved at 0x%X\n", start);
else
pr_err("Failed to reserve space for hardboot page at 0x%X!\n", start);
#endif
}
Now, the next part of the porting kexec hardboot wiki says:
Setting KEXEC_HB_PAGE_ADDR
Can be found here in the patch for mako. This is highly device-specific. Either apply the patch without this value (-> set it to beggining of the System RAM) and grep dmesg for the value you printk in memory reservation ("Hardboot page reserved at 0x%X") or look into /proc/iomem to see where the first bank of System RAM ends, substract size of ram_console ram and size of the hardboot page from that and you should get the right address.
Click to expand...
Click to collapse
This is my /proc/iomem:
Code:
00200000-0fefffff : System RAM
00208000-0098207b : Kernel code
009b2000-00c03f87 : Kernel data
0ff3e000-0ff3efff : crash_log
20000000-2b4fffff : System RAM
98000000-9807ffff : lcd01
9c000000-9c07ffff : lcd02
a0000000-a001ffff : kgsl_3d0_reg_memory
a0000000-a001ffff : kgsl-3d0
a0200000-a0200fff : msm_serial_hs.0
a0300000-a0300fff : uartdm_resource
a0400000-a0400fff : msm_sdcc.1
a0500000-a0500fff : msm_sdcc.2
a0600000-a0600fff : msm_sdcc.3
a0800000-a08003ff : msm_hsusb_host.0
a0800000-a08003ff : msm_hsusb
a0800000-a08003ff : msm_otg
a0d00000-a0d00fff : base
a0e00000-a0e00fff : pbus_phys_addr
a0f00000-a0ffffff : csic
a0f00000-a0ffffff : msm_csic
a1000000-a10fffff : csic
a1000000-a10fffff : msm_csic
a1200000-a1200fff : gsbi_qup_i2c_addr
a1200000-a1200fff : qup_i2c
a1280000-a1280fff : qup_phys_addr
a1280000-a1280fff : qup_i2c
a1300000-a1300fff : gsbi_qup_i2c_addr
a1300000-a1300fff : qup_i2c
a1380000-a1380fff : qup_phys_addr
a1380000-a1380fff : qup_i2c
a8600000-a8600fff : clk_ctl
a9700000-a9700fff : msm_dmov
a9a00000-a9a00fff : msm_serial.0
a9a00000-a9a00fff : msm_serial
aa200000-aa2f1007 : mdp
c0400000-c0400fff : pl310_erp
In particular, line related to the first bank of System RAM says:
Code:
00200000-0fefffff : System RAM
So, should I subtract size of ram_console ram and size of the hardboot page from 0fefffff in order to get the right value for KEXEC_HB_PAGE_ADDR? And, should I use SZ_1M for the size of hardboot page? Any ideas?

Ok, I've set KEXEC_HB_PAGE_ADDR. Briefly, I've subtracted size of the hardboot page (SZ_1M) and size of ram_console (LGE_RAM_CONSOLE_SIZE) from the end address of the System RAM first bank (0ff00000 = 0fefffff + 1). This part can be done if memory.h (located into arch/arm/mach-msm/include/mach directory) is changed as follows:
Code:
#if defined(CONFIG_KEXEC_HARDBOOT)
#if defined(CONFIG_MACH_MSM7X25A_V1)
#define KEXEC_HB_PAGE_ADDR UL(0x0FDC2000)
#else
#error "Adress for kexec hardboot page not defined"
#endif
#endif
Now, the next part of the porting kexec hardboot wiki says:
Setting kexec_hardboot_hook
Can be found here in the patch for mako. This method should contain some device-specific code which needs to be executed during the reboot sequence. Again, can be found in restart.c or reboot.c or something like that in your device's arch/arm/mach-xxx. Chances are you don't need to set anything in here.
Click to expand...
Click to collapse
So, what device-specific code (which needs to be executed during the reboot sequence) should this method contain, in my particular case? Can I just use only pm8xxx_reset_pwr_off function, as in the patch for mako? Any ideas?

Recovery image unpack problem

Hello Everyone,
I'm porting twrp recovery for GFive 77A. but facing the below problem to unpack original recovery.img using carliv. how do i solve that problem? please find recovery.img-ramdisk.gz
Code:
Your image: recoveryold.img
Create the recoveryold folder.
Printing information for "recovery.img"
Unpack image utility by [email protected]
[!] This image has a MTK header
Header:
Magic : ANDROID!
Magic offset : 0
Page size : 2048 (0x00000800)
Base address : 0x10000000
Kernel address : 0x10008000
Kernel size : 3983464 (0x003cc868)
Kernel offset : 0x00008000
>> kernel written to 'recoveryold/recovery.img-kernel' (3982952 bytes)
Ramdisk address : 0x11000000
Ramdisk size : 1145048 (0x001178d8)
Ramdisk offset : 0x01000000
>> ramdisk written to 'recoveryold/recovery.img-ramdisk.gz' (1144536 bytes)
Second address : 0x10f00000
Tags address : 0x10000100
Tags offset : 0x00000100
Compression used: gz
Unpacking the ramdisk....
../recovery.img-ramdisk.gz:
gzip: ../recovery.img-ramdisk.gz: unexpected end of file
cpio: premature end of file
Your ramdisk archive is corrupt or unknown format. Exit script.

SONIM XP7700 I need a QCN file or EFS backup please(I include manual how to do it)

Greetings, I have a problem with this phone, when repairing the IMEI does not appear on the screen, although in the software it appears, in the reading of the software used.
-- Found
-- MODAL : XP7700
-- MANUFUCTURER : Sonim
-- ANDROID VERSION : 5.1.1
-- CPU : armeabi-v7a
-- MMC STORAGE : 0 Bytes
-- HARDWARE : qcom
-- BOARD : MSM8226
-- BOOTLODER : unknown
-- USB CONFIG : mtp,adb
-- USER : jenkins
-- BASEBAND : MPSS.DI.2.0.1.c1-00017-12-05-161202-16
-- DISPLAY ID : 7A.0.2-09-5.1.1-12.01.12
-- BUILD ID : LMY47V
-- REGION : US
-- LANGUAGE : en
-- SIM STAT. : NOT_READY
-- BUILD DATE : Sat Dec 3 14:17:27 IST 2016
-- BUILD TAGS : release-keys
-- NETWORK TYPE : Unknown
-- SIM OPERATOR :
-- LCD DENSITY : 240
-- IMEI 1 :
-- ROOT STATUS
-- Superuser.Apk : Installed
-- BusyBox : Not Installed
-- Su Binararies : kingo 14
-- Root Status : ROOTED
Begin Reading Info Imei
COM Port number : COM99
Checking if phone is connected ... in 20 second(s)
Checking for phone connection at : COM99
IMEI1 : 356081093490333
IMEI2 : 000000000000000
MEID : 35608109349020
ESN : 80677FFF
Baseband Version : MPSS.DI.2.0.1.c1-00017-
Read Device Info Completed
-- Elapsed Time : 0 minutes - 5 seconds
The easiest method to read the QCN file, is using the software PSTTool1_725, using the Developer Mode option, with the password: 123456.
And with this programming code *#*#248#*#*
, you will have a menu in view, but you enter the USBMODE TEST line, and select TEST_MODE, with that operation you can activate the diagnostic port.
With the PSTTool1_725 in the system manager tab you will find the way to read and restore a QCN file, then images.
include the link to download the PSTTool1.7 setup software together with the USB drivers Sonim Smart Phone USB Driver Diag_1.4.
https://drive.google.com/file/d/1Cj_VclFRmepXA_cr_h9gDuXZord9Cxlv/view?usp=sharing