I've seen for other devices a factory mode cable, it's how I rooted kindle fire. http://forum.xda-developers.com/showthread.php?t=1392693
I was looking at LG's kernel source and seen this
/g3-kernel/arch/arm/mach-msm/lge/devices_lge.c
Code:
static enum lge_boot_mode_type lge_boot_mode = LGE_BOOT_MODE_NORMAL;
int __init lge_boot_mode_init(char *s)
{
if (!strcmp(s, "charger"))
lge_boot_mode = LGE_BOOT_MODE_CHARGER;
else if (!strcmp(s, "chargerlogo"))
lge_boot_mode = LGE_BOOT_MODE_CHARGERLOGO;
else if (!strcmp(s, "qem_130k") || !strcmp(s, "factory"))
lge_boot_mode = LGE_BOOT_MODE_FACTORY;
else if (!strcmp(s, "qem_56k") || !strcmp(s, "factory2"))
lge_boot_mode = LGE_BOOT_MODE_FACTORY2;
else if (!strcmp(s, "qem_910k"))
lge_boot_mode = LGE_BOOT_MODE_FACTORY3;
else if (!strcmp(s, "pif_130k") || !strcmp(s, "pifboot"))
lge_boot_mode = LGE_BOOT_MODE_PIFBOOT;
else if (!strcmp(s, "pif_56k") || !strcmp(s, "pifboot2"))
lge_boot_mode = LGE_BOOT_MODE_PIFBOOT2;
else if (!strcmp(s, "pif_910k"))
lge_boot_mode = LGE_BOOT_MODE_PIFBOOT3;
printk("ANDROID BOOT MODE : %d %s\n", lge_boot_mode, s);
/* */
This is about ID pin in the usb connector. The 56k, 130k, 910k, I believe are resistance value. No idea what qem or pif are.
Anyone want to give it a shot and build some cables?
The original Fires were a ***** to root without the cables...I did a bunch of them, but had to use the "short circuit the board" method, with a piece of wire each time to get into fastboot mode, then followed with a Linux script. A dedicated cable would make it much simpler.
Related
Hey,
a few months ago I read somewhere that android stores the wifi passwords in plain text (seems to be known since 2010: http://forum.xda-developers.com/showthread.php?t=794555 but no one cares?!)
Because I don't want my wifi password to be stored that way, I searched for a way to store the wpa passphrase. This wasn't difficult, because android usese wpa_supplicant, means I just had to find out my passphrase and replace the plain key in /data/misc/wifi/wpa_supplicant.conf with it. Everything still works fine and my phone is able to connect to wifi.
Now my question is: is there a way to store every new wifi password this way? It's annoying to have to edit the wpa_supplicant.conf file manually...
One problem is, that it seems like android doesn't have the wpa_passphrase binary included, even if the source code seems to exist in the wpa_supplicant repository ( https://android.googlesource.com/platform/external/wpa_supplicant_6/ ).
If someone could tell me, how to build the code (I'm not familiar with the ndk), I could try writing an app, which replaces all plain text passwords with the passphrases.
But it would be awesome, if it were possible to integrate this feature in a custom rom, so no more passwords are stored plain text.
Best regards,
David
Finally, I was able to build CarbonRom from source and found a way to integrate this in the rom! On my device, no wifi password is stored in plain text anymore It took a long time to figure out what file I have to change but finally, I got it
If you are interested, I could create a patch and post it here but I don't know how to submit patches to github.
The only thing that confuses me: I found out, that the SSID I use to generate the password hash is quoted. Means, ThisIsASSID is stored as "ThisIsASSID". But actually the password hash should be wrong because it doesn't use ThisIsASSID. Anyway, it works And the password in wpa_supplicant.conf is hashed.
Edit: Cheered too soon... The wpa_supplicant.conf is probably just read at boot time. After a reboot I couldn't connect to my wifi anymore... But if I change the hash in the wpa_supplicant.conf file manually to the right one it works, so now I have to solve the quoting thing. But that shouldn't be difficult.
So, all problems solved now
Here is a patch I created, if anyone is interested:
PHP:
--- original/external/wpa_supplicant_8/wpa_supplicant/config_file.c 2013-08-15 00:12:50.000000000 +0200
+++ carbon/external/wpa_supplicant_8/wpa_supplicant/config_file.c 2013-08-15 01:09:21.876028461 +0200
@@ -19,6 +19,7 @@
#include "p2p/p2p.h"
#include "eap_peer/eap_methods.h"
#include "eap_peer/eap.h"
+#include "crypto/sha1.h"
static int newline_terminated(const char *buf, size_t buflen)
@@ -483,10 +484,36 @@
static void write_psk(FILE *f, struct wpa_ssid *ssid)
{
+ unsigned char psk[32];
char *value = wpa_config_get(ssid, "psk");
- if (value == NULL)
+ char *s = wpa_config_get(ssid, "ssid");
+ if(value == NULL || s == NULL)
return;
- fprintf(f, "\tpsk=%s\n", value);
+ int slen = os_strlen(s);
+ int plen = os_strlen(value);
+ int pskquoted = (value[0] == '"' && value[plen - 1] == '"') ? 1 : 0;
+ int i;
+ //if passphrase length is 64 it's already hashed as well as hashed passphrases aren't quoted
+ if( pskquoted == 1 || plen < 64){
+ //Check for quotes and remove if necessary
+ if(s[slen - 1] == '"' && s[0] == '"') {
+ s[slen - 1] = '\0';
+ s++;
+ }
+ if(pskquoted == 1) {
+ value[plen - 1] = '\0';
+ value++;
+ }
+ //Hash passphrase
+ pbkdf2_sha1(value, (u8 *) s, os_strlen(s), 4096, psk, 32);
+ fprintf(f, "\tpsk=");
+ for (i = 0; i < 32; i++)
+ fprintf(f, "%02x", psk[i]);
+ fprintf(f, "\n");
+ } else {
+ fprintf(f, "\tpsk=%s\n", value);
+ }
+ os_free(s);
os_free(value);
}
I didn't found a place in the java code so I directly edited the c code of wpa_supplicant
I have a program that writes out numbers in roman numerals. I need help writing a loop that repeats the program unless I enter -1 it will stop the program from repeating
Code:
#include <iostream>
using namespace std;
int main()
{
double num;
int intnum, m, d, c, l, x, v, i, n;
cout << "Enter a year (1000-3000) enter -1 to exit: ";
cin >> num;
intnum = (int)num;
m = intnum / 1000;
d = ((intnum%1000) / 500);
c = ((intnum%500) / 100);
l = ((intnum%100) / 50);
x = ((intnum%50) / 10);
v = ((intnum%10) / 5);
i = (intnum%5);
n = m + d + c + l + x + v + i;
while (n > 0)
{
cout << "";
{
for (m; m>0; m--)
cout << "M";
}
{
for (d; d>0; d--)
cout << "D";
}
{
for (c; c>0; c--)
cout << "C";
}
{
for (l; l>0; l--)
cout << "L";
}
{
for (x; x>0; x--)
cout << "X";
}
{
for (v; v>0; v--)
cout << "V";
}
{
for (i; i>0; i--)
cout << "I";
}
n--;
}
return 0;
}
I think you want to put your code into another loop, like this:
while (1) {
cin >> num;
if (num == -1) break;
// process num here
}
cycad said:
I think you want to put your code into another loop, like this:
while (1) {
cin >> num;
if (num == -1) break;
// process num here
}
Click to expand...
Click to collapse
It doesn't allow me to quit unless I input -1 which is good BUT it does not repeat the process. After it gives me a roman numeral it just stays there and does nothing until I press -1
I need it to ask me again to enter a year and it will output a roman numeral.
You need to break this down into functions so it's more readable. If something is confusing keep breaking it down.
Try including <string> and then using this prototype:
string ConvertToRomanNumeral(int n);
Also use this prototype:
int GetInput();
Once you create those functions, then you can do something like this in your main function:
while (1) {
num = GetInput();if (num == -1) break;string roman_numerals = ConvertToRomanNumeral(num);cout << roman_numerals << endl;}
It's a lot easier to read this way.
As a side note, you can input values 1 to 3999 for your algorithm to handle them correctly. Twice as much at no extra cost!
daniel-s said:
As a side note, you can input values up to 3999 for you algorithm to handle them correctly. 33% bonus at no extra cost!
Click to expand...
Click to collapse
Actually this really only works for values up to 3. 4 comes out as IIII which is only right for clocks.
cycad said:
You need to break this down into functions so it's more readable. If something is confusing keep breaking it down.
Try including <string> and then using this prototype:
string ConvertToRomanNumeral(int n);
Also use this prototype:
int GetInput();
Once you create those functions, then you can do something like this in your main function:
while (1) {
num = GetInput();if (num == -1) break;string roman_numerals = ConvertToRomanNumeral(num);cout << roman_numerals << endl;}
It's a lot easier to read this way.
Click to expand...
Click to collapse
Thanks got it to work.
I have another question about another code. When I run it is suppose to give me the answer to the quadratic equation but it doesn't it gives me "No roots available. How can I fix to make it work properly so when I type in 3 numbers it gives me the answer to the quadratic equation and if there is any roots.
Code:
#include <iostream>
#include <cmath>
using namespace std;
double discriminant(double n1, double n2, double n3);
double pos(double n1, double n2, double n3);
double neg(double n1, double n2, double n3);
int main()
{
double a;
double b;
double c;
double discrimi;
double sqr1;
double sqr2;
cout << "Enter the first number in the quadratic equation: ";
cin >> a;
cout << "Enter the second number in the quadratic equation: ";
cin >> b;
cout << "Enter the third number in the quadratic equation: ";
cin >> c;
cout.setf(ios::fixed);
cout.setf(ios::showpoint);
cout.precision(2);
discrimi = discriminant (a,b,c);
if(discrimi > 0 && a != 0) {
sqr1 = pos(a,b,c);
sqr2 = neg(a,b,c);
cout << "In the equation " <<a <<" + "<< b <<" x + "<< c <<" = 0 ";
cout << "Roots of the equation are " << sqr2 <<" & " << sqr2 << endl;
}
else
cout << "No roots availible in the equation. ";
return (0);
}
double discriminant(double a,
double b,
double c){
double discrim;
discrim = pow(b,2) - 4 * a *c;
return(discrim);
}
double pos(double a,
double b,
double c){
double sqr_1;
sqr_1 = (-b + sqrt(pow(b,2) - 4 * a * c)) / (2 * a);
return(sqr_1);
}
double neg(double a,
double b,
double c){
double sqr_2;
sqr_2 = (-b - sqrt(pow(b,2) - 4 * a * c)) / (2 * a);
return(sqr_2);
}
what is this
If these are parts of an exercise or a homework assignment, then the whole point is for you to debug these issues on your own.
You're asking for some very basic debugging. Let me assure you, it's bad practice to run to the forum the first minute your code breaks. Debugging code that you have authored yourself is something that you must master if you want to become any good. And if you're not interested in becoming good, why are you doing this in the first place?
Hello guys. i have been trying to compile cwm recovery for my phone. its using msm7627a board. am using the prebuilt kernel. i succeded compiling but when i flash its not displaying anything. i tried to see whats wrong , from the recovery log i found the frame buffer /dev/graphics is not available. Everything else works i can do a backup from ROM manager, even keystrokes work..adb shell works .. just the display not working..any ideas. ????
i also realise some other devices are not loaded.
how can i make the fb0 graphics loaded or any other fix.. ???
for those who have access to the source code ..
Code:
.................................................................................part of the concerned ui code..........................................................
int gr_init(void)
{
gglInit(&gr_context);
GGLContext *gl = gr_context;
gr_init_font();
gr_vt_fd = open("/dev/tty0", O_RDWR | O_SYNC);
if (gr_vt_fd < 0) {
// This is non-fatal; post-Cupcake kernels don't have tty0.
perror("can't open /dev/tty0");
}
else
{
if (ioctl(gr_vt_fd, KDSETMODE, (void*) KD_GRAPHICS)) {
// However, if we do open tty0, we expect the ioctl to work.
perror("failed KDSETMODE to KD_GRAPHICS on tty0");
gr_exit();
return -1;
}
}
gr_fb_fd = get_framebuffer(gr_framebuffer); // this is the call that fails because it tries opening /dev/graphics/fb0 which does then exists
if (gr_fb_fd < 0) {
gr_exit();
perror("cant get framebuffer");
return -1;
}
get_memory_surface(&gr_mem_surface);
fprintf(stderr, "framebuffer: fd %d (%d x %d)\n",
gr_fb_fd, gr_framebuffer[0].width, gr_framebuffer[0].height);
/* start with 0 as front (displayed) and 1 as back (drawing) */
gr_active_fb = 0;
set_active_framebuffer(0);
gl->colorBuffer(gl, &gr_mem_surface);
gl->activeTexture(gl, 0);
gl->enable(gl, GGL_BLEND);
gl->blendFunc(gl, GGL_SRC_ALPHA, GGL_ONE_MINUS_SRC_ALPHA);
gr_fb_blank(true);
gr_fb_blank(false);
return 0;
}
............................................................code,.........................................................
Hi,
I have a problem with 2G (edge, I didn`t try GPRS) networks on my i9305 in Android 5.1. I can connect to 3G and 4G without problem, but for 2G I get only an exclamation mark on the side of the signal icon and no connection. I tried several ROMs, which I found here and my own cm12.1 build (I actually started with that one) - all with the same result:
AOSP-5.1.1-20150605-i9305-rodman01.zip
BlissPop-v4.0.3-i9305-UNOFFICIAL-20151011-2232.zip
LS-LP-v4.1-2015-10-23-liquid_i9305.zip
Sammy_Resurrection-Remix-LP-v5.5.9-20151122-i9305.zip
cm-12.1-20151201-UNOFFICIAL-i9305.zip (from winxuser)
I did some debugging and discovered that the problem is in wrong data coming from rild. I described it with more details here: forum.cyanogenmod.org/topic/118467-how-to-debug-non-working-2g-network I even found on the web some logs with the same wrong value and posts describing similar or the same behavior. I also found some posts saying, that it is fixed, but I can`t find any ROM, where it is working.
As you can see in my post on cyanogenmod forum, I have a solution, but not a nice one. It is a hack. So I want to ask – is there someone who had the same problem and fixed it? Or some who has the same phone and not this problem? If yes, how did you fix it? Exactly which ROM, prorietary files did you use?
Thank you
Pavel
OK, I am giving up. I tried several more ROMs:
Slim-i9305-5.1.1.beta.0.9-UNOFFICIAL-20151024-2015.zip
aicp_i9305_lp-10.0-NIGHTLY-20151128.zip
cm-12.1-20151202-UNOFFICIAL-i9305.zip
nameless-5.1.1-20151019-i9305-NIGHTLY.zip
The result is still the same. Maybe it has something to do with carrier operator (but I don`t have this problem in cm 11). I found fix similar to mine, which I described in cyanogenmod forum, so I`ll use that. See here github.com/CyanogenMod/android_device_samsung_jf-common/blob/cm-12.1/ril/telephony/java/com/android/internal/telephony/jflteRIL.java if you are interested. Specifically method responseVoiceDataRegistrationState. It replaces the wrong rild data in the same way.
I have the same problem @p.a.n.
Please tell me how I fix it, even if it´s a hack... Thanks
Hi,
here is the final diff I use:
Code:
project device/samsung/smdk4412-qcom-common/
diff --git a/ril/telephony/java/com/android/internal/telephony/smdk4x12QComRIL.java b/ril/telephony/java/com/android/internal/telephony/smdk4x12QComRIL.java
index 0e8d798..619be34 100644
--- a/ril/telephony/java/com/android/internal/telephony/smdk4x12QComRIL.java
+++ b/ril/telephony/java/com/android/internal/telephony/smdk4x12QComRIL.java
@@ -409,8 +409,8 @@ public class smdk4x12QComRIL extends RIL implements CommandsInterface {
case RIL_REQUEST_UDUB: ret = responseVoid(p); break;
case RIL_REQUEST_LAST_CALL_FAIL_CAUSE: ret = responseInts(p); break;
case RIL_REQUEST_SIGNAL_STRENGTH: ret = responseSignalStrength(p); break;
- case RIL_REQUEST_VOICE_REGISTRATION_STATE: ret = responseVoiceDataRegistrationState(p); break;
- case RIL_REQUEST_DATA_REGISTRATION_STATE: ret = responseVoiceDataRegistrationState(p); break;
+ case RIL_REQUEST_VOICE_REGISTRATION_STATE: ret = responseVoiceDataRegistrationState(p,false); break;
+ case RIL_REQUEST_DATA_REGISTRATION_STATE: ret = responseVoiceDataRegistrationState(p,true); break;
case RIL_REQUEST_OPERATOR: ret = operatorCheck(p); break;
case RIL_REQUEST_RADIO_POWER: ret = responseVoid(p); break;
case RIL_REQUEST_DTMF: ret = responseVoid(p); break;
@@ -580,9 +580,16 @@ public class smdk4x12QComRIL extends RIL implements CommandsInterface {
}
private Object
- responseVoiceDataRegistrationState(Parcel p) {
+ responseVoiceDataRegistrationState(Parcel p, boolean data) {
String response[] = (String[])responseStrings(p);
if (isGSM){
+ if(data &&
+ response.length > 4 &&
+ response[0] != null && response[0].equals("1") &&
+ response[3] != null && response[3].equals("102")){
+ riljLog("responseVoiceDataRegistrationState overriding 102 -> 2");
+ response[3]="2";
+ }
return response;
}
if (response.length>=10){
Or you can try replace /system/framework/telephony-common.jar with attached telephony-common.jar, but be careful with that (make backup), I can`t guarantee that it will work with the rest of your system.
Basically, there has been an app ported to Android that allows even unrooted(stock) devices to deliver a bootrom exploit to the Nintendo Switch via USB-OTG and a USB cable (or C-to-C). USB 3.0 (xHCI) devices have no issues and deliver the exploit just fine. Apparently it is not even a USB 2.0 problem but rather how the EHCI performs, as certain USB 2.0 phones actually have the xHCI controller and can run the exploit just fine. What happens is that although it can detect the connected Switch in Tegra Recovery Mode, it just doesn't do anything and gives an error in the logs, "SUMBITURB failed".
On Linux desktop systems it is similar, but the exploit can still work with a kernel patch provided by a hacking group that discovered the exploit in the first place:
Code:
--- linux-4.14.27/drivers/usb/host/ehci-hcd.c.old 2018-04-17 18:00:00.000000000 +0000
+++ linux-4.14.27/drivers/usb/host/ehci-hcd.c 2018-04-17 18:00:00.000000000 +0000
@@ -873,14 +873,6 @@
INIT_LIST_HEAD (&qtd_list);
switch (usb_pipetype (urb->pipe)) {
- case PIPE_CONTROL:
- /* qh_completions() code doesn't handle all the fault cases
- * in multi-TD control transfers. Even 1KB is rare anyway.
- */
- if (urb->transfer_buffer_length > (16 * 1024))
- return -EMSGSIZE;
- /* FALLTHROUGH */
- /* case PIPE_BULK: */
default:
if (!qh_urb_transaction (ehci, urb, &qtd_list, mem_flags))
return -ENOMEM;
The author of the Android port had also written a Python "hotpatch" script for desktop Linux systems:
Code:
#!/usr/bin/env python3
import os
"""
Cursed Code.
This code literally patches your kernel memory, proceed at your own risk.
Tested on Ubuntu 17.10 and Arch, x86_64. Should work on other distros, maybe even other architectures!
Run fusee-launcher.py with the "--override-checks" argument.
If you'd rather patch your drivers properly:
https://github.com/fail0verflow/shofel2/blob/master/linux-ehci-enable-large-ctl-xfers.patch
"""
ksyms = {
line[2]: int(line[0], 16)
for line in
map(lambda l: l.strip().split(),
open("/proc/kallsyms", "r").readlines())}
print(hex(ksyms["ehci_urb_enqueue"]))
patch_c = """
#include <linux/module.h>
#include <linux/kernel.h>
#include <asm/pgtable.h>
static u32 ORIG_MAX = 16*1024;
static u32 NEW_MAX = 0x1000000;
/* borrowed from MUSL because I'm lazy AF */
static char *fourbyte_memmem(const unsigned char *h, size_t k, const unsigned char *n)
{
uint32_t nw = n[0]<<24 | n[1]<<16 | n[2]<<8 | n[3];
uint32_t hw = h[0]<<24 | h[1]<<16 | h[2]<<8 | h[3];
for (h+=3, k-=3; k; k--, hw = hw<<8 | *++h)
if (hw == nw) return (char *)h-3;
return 0;
}
static pte_t* (*lookup_addr)(unsigned long, unsigned int*) = (void *) PLACE2;
static void set_addr_rw(unsigned long addr) {
unsigned int level;
pte_t *pte = lookup_addr(addr, &level);
set_pte_atomic(pte, pte_mkwrite(*pte));
}
int init_module(void) {
void * ehci_urb_enqueue_start = (void *) PLACEHOLDER;
u32 * patch_addr;
printk(KERN_INFO "Patch module loaded\\n");
patch_addr = (u32 *) fourbyte_memmem(ehci_urb_enqueue_start, 0x400, (void *)&ORIG_MAX);
if (patch_addr == NULL) {
printk(KERN_INFO "Failed to find patch site :(\\n");
return -1;
}
printk(KERN_INFO "patch_addr: 0x%px\\n", patch_addr);
set_addr_rw((unsigned long)patch_addr);
*patch_addr = NEW_MAX;
printk(KERN_INFO "Patching done!\\n");
return -1;
}
""".replace("PLACEHOLDER", hex(ksyms["ehci_urb_enqueue"])).replace("PLACE2", hex(ksyms["lookup_address"]))
makefile = """
obj-m += patch.o
all:
make -C /lib/modules/$(shell uname -r)/build M=$(PWD) modules
"""
with open("patch.c", "w") as patchfile:
patchfile.write(patch_c)
with open("Makefile", "w") as mf:
mf.write(makefile)
os.system("make")
print("About to insert patch module, 'Operation not permitted' means it probably worked, check dmesg output.")
os.system("insmod patch.ko")
I tried to see if running it in Termux would do anything but I got the following error:
Code:
0x0
Traceback (most recent call last):
File "ehci_patch.py", line 70, in <module>
" " ".replace("PLACEHOLDER", hex(ksyms["ehci_urb_enqueue"])).replace("PLACE2" hex(ksyms["lookup_address"]))
KeyError: 'lookup_address'
I know that script isn't meant for use on Android anyway but maybe it can lead to a solution. The author of it does not know how to go about it at this time either, but believes an entire recompile of the kernel would be necessary. I am hoping that something like a systemless Magisk module would be the easiest solution for users but do not know if that is possible. I am only guessing it might be possible to create a Magisk module because of audio drivers like VIPER4Android. If indeed a custom kernel is needed, does anyone know how to go about it? It could be difficult to implement for everyone because not everyone has a device where the source to the kernel is available, etc. I am willing, however, to test anything on my tablet which is USB 2.0 and gives the error in the app. Any advice for how to go about this will be greatly appreciated.
I feel ya man, i need this stuff too. NXLoader doesn't work on my Galaxy Grand Prime (G530T) and i really need it to Dx