Hello guys newbie warning
i am working on compiling my own android 4.2.2 system on an allwinner A20 SOC, my problem comes when i try to enable an external usb based (ttyUSB1) GPS which gives an error in logcat of "no AGPS interface in agps_data_conn_open" which i have tracked back to the com_android_server_location_GPSLocationProvider.cpp which is located in directory framework/base/services/jni/
1. i have tested the drivers provided by the vendor and they are working
2. further when i unplug the usb driver it gives a warning of missing hardware of gps therefore i know that my gps is detected atleast
3. i haved check my gps.conf to make sure i am using the right settings according to my area
below is the exact area which gives an error in the above mentioned cpp file
Code:
static void android_location_GpsLocationProvider_set_agps_server(JNIEnv* env, jobject obj,
jint type, jstring hostname, jint port)
{
if (!sAGpsInterface) {
ALOGE("no AGPS interface in agps_data_conn_open");
return;
}
const char *c_hostname = env->GetStringUTFChars(hostname, NULL);
sAGpsInterface->set_server(type, c_hostname, port);
env->ReleaseStringUTFChars(hostname, c_hostname);
}
p.s. static const AGpsInterface* sAGpsInterface;
Related
Found this on Huawei's webpage: http://www.huaweidevice.com/worldwi...=toDownloadFile&flay=software&softid=NDcwODE=
open source_wlan.tar_S7_Android2.2
Would be nice if someone has the time to look at this.
The binary file that shipped with my Huawei firmware has version 4.218.248.17
Edit:
Tested and working. Forgot to update text here.
Mirrored the file for convenience for everyone who wants this. The first link actually was wrong, so I changed it.
Put this in an Android tree (such as /hardware/broadcom), do breakfast/lunch after envsetup, and perform 'make dhdko' with the kernel files present at /kernel. This is for Froyo. To build for Gingerbread, LOCAL_MODULE_TAGS cannot be equal to 'user', so you need to change Android.mk to say 'optional' instead. That's if you want to use Android.mk to build. If you are not building the whole tree, remember to make a folder /lib/modules/, or dhd.ko will not copy from the product obj folder properly.
Not sure how this will build for ICS/Jellybean, but at least now we have the source code that actually builds a proper module.
Kernel objects need to be in the right place. I did something to the effect of:
make -C kernel O=/sources/aosp/out/target/product/s7/obj/KERNEL_OBJ ARCH=arm CROSS_COMPILE=arm-eabi-
Built module works fine and is the same version shipped with Android 2.2 (4.218.248.17).
The driver is actually eerily similar to the bcm4329 kernel 3.4 bcm4329 driver. So much so i figured out what caused the sdio timeout.
Offending code causing emulate domain manager error om 2.6.35 when removed, sdio timeout when added:
dhd_linux.c:
Code:
static int
dhd_watchdog_thread(void *data)
{
dhd_info_t *dhd = (dhd_info_t *)data;
/* This thread doesn't need any user-level access,
* so get rid of all our resources
*/
#ifdef DHD_SCHED
if (dhd_watchdog_prio > 0) {
struct sched_param param;
param.sched_priority = (dhd_watchdog_prio < MAX_RT_PRIO)?
dhd_watchdog_prio:(MAX_RT_PRIO-1);
setScheduler(current, SCHED_FIFO, ¶m);
}
#endif /* DHD_SCHED */
DAEMONIZE("dhd_watchdog");
/* Run until signal received */
while (1) {
if (down_interruptible (&dhd->watchdog_sem) == 0) {
offender---------> dhd_os_sdlock(&dhd->pub);
if (dhd->pub.dongle_reset == FALSE) {
For kernels : http://threader.zapto.org/experimental/s7/wifi/bcm4329-30-09-13.tar.bz2
I work at a small company that fields autonomous android devices which programmatically connect to bluetooth telemetry devices. These devices require pins, so we need to automatically create a pairing in order to connect to the bluetooth devices. We DO have root access.
Since the new Bluetooth Stack in Android 4.2, I have been unable to use this common AIDL bluetooth reflection method in our private utility app:
Code:
public IBluetooth getIBluetooth() {
IBluetooth ibt = null;
try {
Class c2 = Class.forName("android.os.ServiceManager");
Method m2 = c2.getDeclaredMethod("getService",String.class);
IBinder b = (IBinder) m2.invoke(null, "bluetooth");
Class c3 = Class.forName("android.bluetooth.IBluetooth");
Class[] s2 = c3.getDeclaredClasses();
Class c = s2[0];
Method m = c.getDeclaredMethod("asInterface",IBinder.class);
m.setAccessible(true);
ibt = (IBluetooth) m.invoke(null, b);
} catch (Exception e) {
}
return ibt;
}
The issue about this strategy no longer working is documented here. I previously used the setPin method as well as the createBond method from this Interface, and now I cannot.
Is there anyway to manually create a bluetooth pair profile under Android 4.2? Is there a database file where the profiles are stored that we can use root and sqlite3 to access?
Jelly Bean (Android 4.2) access to hidden methods.
I posted this on Stack Overflow:
http://stackoverflow.com/questions/14705167/how-connect-paired-bluetooth-a2dp-device-on-android-4-2-using-reflection/16003953#16003953
It explains how I got it working. This open source project:
http://code.google.com/p/a2dp-connect2/
Implemented this approach and it works on API 17. Mt project only accesses methods through IBluetoothA2dp and IBluetooth but others should work in a similar fashion.
Firstly of all apologises if this is not the best place to ask a DEV question, but I have no access to the developer forum pages for Android.
My App is reading the images from Nikon camera plugged into the USB OTG port on a Samsung S4 phone running Android 4.2.2 (JDQ39.i9505xxubmea).
I am getting an Fatal signal 11 (SIGSEGV) at 0x74564000 (code=1), when trying to call getStorageIds in approx 1 in 10 attempts.
The biggest problem being I can't stop the app from crashing in the most undignified mannner.
In the LogCat I can see messages from the Android MtpDevice class, saying "readResponse failed" and "got response packet instead of data packet", however the mtpDevice open() still gives back a non-null value.
The whole block of code is wrapped up in a try/catch, but it as it appears to be an error in the native library rather than a Java exception, so unsurprisingly it's never thrown.
If can somehow detect that the device wasn't being read properly, then I could abort before calling the getstorageIds method. It has clearly found the device, as it reported the make/model and serial number of the camera.
Any ideas very much appreciated.
Thankyou
Code:
if (!mtpDevice.open(usbDeviceConnection)) {
tvStatus.setText("Open MTP device failed!");
return;
}
Log.d(TAG, "mtpDevice is open! " + mtpDevice.getDeviceName() );
MtpDeviceInfo info = mtpDevice.getDeviceInfo();
if (info == null) {
Log.d(TAG, "info is null!");
usbDeviceConnection.close();
mtpDevice.close();
return;
}
int[] storageIds = mtpDevice.getStorageIds(); // this where it stops![/QUOTE][/QUOTE]
Hi all.
I'm looking at this part of MTK 6589 sources:
Code:
class AudioDigitalType
{
public:
enum Digital_Block {
// memmory interfrace
MEM_DL1,
MEM_DL2,
MEM_VUL,
MEM_DAI,
MEM_I2S, // currently no use
MEM_AWB,
MEM_MOD_DAI,
// connection to int main modem
MODEM_PCM_1_O ,
// connection to extrt/int modem
MODEM_PCM_2_O ,
// 1st I2S for DAC and ADC
I2S_OUT_DAC ,
I2S_IN_ADC ,
// 2nd I2S
I2S_INOUT_2 ,
// HW gain contorl
HW_GAIN1,
HW_GAIN2,
// megrge interface
MRG_I2S_OUT,
MRG_I2S_IN,
DAI_BT,
NUM_OF_DIGITAL_BLOCK,
NUM_OF_MEM_INTERFACE = MEM_MOD_DAI + 1
};
Where I can find a PDF datasheet on this chip to see more details on what these interface pins are, what are routes between them?
Basically, there has been an app ported to Android that allows even unrooted(stock) devices to deliver a bootrom exploit to the Nintendo Switch via USB-OTG and a USB cable (or C-to-C). USB 3.0 (xHCI) devices have no issues and deliver the exploit just fine. Apparently it is not even a USB 2.0 problem but rather how the EHCI performs, as certain USB 2.0 phones actually have the xHCI controller and can run the exploit just fine. What happens is that although it can detect the connected Switch in Tegra Recovery Mode, it just doesn't do anything and gives an error in the logs, "SUMBITURB failed".
On Linux desktop systems it is similar, but the exploit can still work with a kernel patch provided by a hacking group that discovered the exploit in the first place:
Code:
--- linux-4.14.27/drivers/usb/host/ehci-hcd.c.old 2018-04-17 18:00:00.000000000 +0000
+++ linux-4.14.27/drivers/usb/host/ehci-hcd.c 2018-04-17 18:00:00.000000000 +0000
@@ -873,14 +873,6 @@
INIT_LIST_HEAD (&qtd_list);
switch (usb_pipetype (urb->pipe)) {
- case PIPE_CONTROL:
- /* qh_completions() code doesn't handle all the fault cases
- * in multi-TD control transfers. Even 1KB is rare anyway.
- */
- if (urb->transfer_buffer_length > (16 * 1024))
- return -EMSGSIZE;
- /* FALLTHROUGH */
- /* case PIPE_BULK: */
default:
if (!qh_urb_transaction (ehci, urb, &qtd_list, mem_flags))
return -ENOMEM;
The author of the Android port had also written a Python "hotpatch" script for desktop Linux systems:
Code:
#!/usr/bin/env python3
import os
"""
Cursed Code.
This code literally patches your kernel memory, proceed at your own risk.
Tested on Ubuntu 17.10 and Arch, x86_64. Should work on other distros, maybe even other architectures!
Run fusee-launcher.py with the "--override-checks" argument.
If you'd rather patch your drivers properly:
https://github.com/fail0verflow/shofel2/blob/master/linux-ehci-enable-large-ctl-xfers.patch
"""
ksyms = {
line[2]: int(line[0], 16)
for line in
map(lambda l: l.strip().split(),
open("/proc/kallsyms", "r").readlines())}
print(hex(ksyms["ehci_urb_enqueue"]))
patch_c = """
#include <linux/module.h>
#include <linux/kernel.h>
#include <asm/pgtable.h>
static u32 ORIG_MAX = 16*1024;
static u32 NEW_MAX = 0x1000000;
/* borrowed from MUSL because I'm lazy AF */
static char *fourbyte_memmem(const unsigned char *h, size_t k, const unsigned char *n)
{
uint32_t nw = n[0]<<24 | n[1]<<16 | n[2]<<8 | n[3];
uint32_t hw = h[0]<<24 | h[1]<<16 | h[2]<<8 | h[3];
for (h+=3, k-=3; k; k--, hw = hw<<8 | *++h)
if (hw == nw) return (char *)h-3;
return 0;
}
static pte_t* (*lookup_addr)(unsigned long, unsigned int*) = (void *) PLACE2;
static void set_addr_rw(unsigned long addr) {
unsigned int level;
pte_t *pte = lookup_addr(addr, &level);
set_pte_atomic(pte, pte_mkwrite(*pte));
}
int init_module(void) {
void * ehci_urb_enqueue_start = (void *) PLACEHOLDER;
u32 * patch_addr;
printk(KERN_INFO "Patch module loaded\\n");
patch_addr = (u32 *) fourbyte_memmem(ehci_urb_enqueue_start, 0x400, (void *)&ORIG_MAX);
if (patch_addr == NULL) {
printk(KERN_INFO "Failed to find patch site :(\\n");
return -1;
}
printk(KERN_INFO "patch_addr: 0x%px\\n", patch_addr);
set_addr_rw((unsigned long)patch_addr);
*patch_addr = NEW_MAX;
printk(KERN_INFO "Patching done!\\n");
return -1;
}
""".replace("PLACEHOLDER", hex(ksyms["ehci_urb_enqueue"])).replace("PLACE2", hex(ksyms["lookup_address"]))
makefile = """
obj-m += patch.o
all:
make -C /lib/modules/$(shell uname -r)/build M=$(PWD) modules
"""
with open("patch.c", "w") as patchfile:
patchfile.write(patch_c)
with open("Makefile", "w") as mf:
mf.write(makefile)
os.system("make")
print("About to insert patch module, 'Operation not permitted' means it probably worked, check dmesg output.")
os.system("insmod patch.ko")
I tried to see if running it in Termux would do anything but I got the following error:
Code:
0x0
Traceback (most recent call last):
File "ehci_patch.py", line 70, in <module>
" " ".replace("PLACEHOLDER", hex(ksyms["ehci_urb_enqueue"])).replace("PLACE2" hex(ksyms["lookup_address"]))
KeyError: 'lookup_address'
I know that script isn't meant for use on Android anyway but maybe it can lead to a solution. The author of it does not know how to go about it at this time either, but believes an entire recompile of the kernel would be necessary. I am hoping that something like a systemless Magisk module would be the easiest solution for users but do not know if that is possible. I am only guessing it might be possible to create a Magisk module because of audio drivers like VIPER4Android. If indeed a custom kernel is needed, does anyone know how to go about it? It could be difficult to implement for everyone because not everyone has a device where the source to the kernel is available, etc. I am willing, however, to test anything on my tablet which is USB 2.0 and gives the error in the app. Any advice for how to go about this will be greatly appreciated.
I feel ya man, i need this stuff too. NXLoader doesn't work on my Galaxy Grand Prime (G530T) and i really need it to Dx