Bootloader Cracking : Devs only

Status
Not open for further replies.
Search This thread

goroh_kun

Senior Member
Apr 24, 2010
85
162
Tokyo,Japan or HongKong
hi, biktor_gj, jerpelea

I don't know in detail how SPL works in xperia.
just I wrote a kernel module to dump, modify and boot specific area :)
you can modify the source code, I hope it can help your analyze.

thanks info about it.
I'll try to analyze how SPL works.
 
Last edited:

goroh_kun

Senior Member
Apr 24, 2010
85
162
Tokyo,Japan or HongKong
hi, jerpelea

I dumped from 0x100000, and checked the image.
the area for 0x100000 seems used
as SMD(Shared memory device) information area.
you mean, therea is the bootloader code at 0x100000
and SMD info overwrite the bootloader image?

yep is full

thanks goroh
but dump seems to be wrong
after 0x3000 is padding
next block is at 0x100000

@kexec we need to somehow patch it to load the loader
 

Bin4ry

Inactive Recognized Developer
Nov 14, 2008
2,007
5,906
Berlin
my dump is like the others full of checks, lets look what we can do :)

Thanks for the great work goroh :)

Regards
Bin4ry
 

Bin4ry

Inactive Recognized Developer
Nov 14, 2008
2,007
5,906
Berlin
Here is my spl Dump.
Just for info and comparision :)
 

Attachments

  • spldump.zip
    67.2 KB · Views: 97

jerpelea

Senior Recognized Developer
Nov 7, 2006
7,474
40,176
Lund
sites.google.com
loader dump is wrong

latest used adress is 7fff0
so i think that
#define SPLSIZE 0x0007fff0 is corect value

i mofified the dumper to this new adress
(spl is same size as nexus one)
 
Last edited:

goroh_kun

Senior Member
Apr 24, 2010
85
162
Tokyo,Japan or HongKong
usbloader(fastboot host)

Hi, all

I ported the fastboot capable bootloader from Aurora Project.

http://hotfile.com/dl/54453419/cb34f87/splboot_4.zip.html

you can boot your kernel with the fastboot command.

This is test version. I disabled NAND erase/flash function.
:)

the zip file I uploaded includes source code, you can rebuild,
and customize. I'll next try to imprement auto boot function.

see you soon.

on xperia terminal.
Code:
insmod splboot.ko
cat usbloader > /proc/splboot/image
echo > /proc/splboot/boot

your PC command terminal.
Code:
>fastboot devices
?       fastboot

>fastboot getvar product
product: ES209RA

>fastboot boot /path/to/your/boot.img

Reference
https://www.codeaurora.org/gitweb/q....git;a=tree;h=refs/heads/chromium;hb=chromium

https://www.codeaurora.org/gitweb/quic/chrome/?p=qcom/qsd8250_ffa.git;a=summary
 

biktor_gj

Senior Member
Jan 25, 2008
1,408
7,007
Am i right that if i flash this Bootloader i will be able to boot from USB ONLY right now?
Anyways great work!

You cant flash it yet, just soft boot. And no, after bootloader is flashed you'll be abe to use jerpelea's recovery images or fastboot to flash whatever you want. Nice, huh? :)

Sent from my X10i using XDA App
 

jerpelea

Senior Recognized Developer
Nov 7, 2006
7,474
40,176
Lund
sites.google.com
please Stop filing this thread with junk
we are tring to do something for you
but is hard to follow progress if you post junk

also please don't "quote" posts just to say thanks
if you have something to coment about an release just mention user
otherwise there will be several large posts hard to follow

@progress
cyanogen6 is ready (alpha stage with many things to fix,bt,wifi,phone,power management,gps)
if we release it now 1 of 100 will be able to boot it just to see that it boots (but is useless because not even phone is working)
bootloader is not stable and can not be autobooted or flashed now



thanks
 
Last edited:

biktor_gj

Senior Member
Jan 25, 2008
1,408
7,007
MTD sort-of-working :)
About booting, almost there.
We know what happens, just need to fix it :p
Will post back with more progress when there is more progress!
 

biktor_gj

Senior Member
Jan 25, 2008
1,408
7,007
just a question.... then, the only issue left facing on, is the automatic booting?

Autoboot is just a matter of seting a variable to 1 on the bootloader. The probem is flashing without breaking anything, and the fact youll loose warranty and seus compatibility forever (which btw, for me, is a feature :D )
Good thing is youll be able to boot to recovery at will
Btw, keypad working: )

Sent from my X10i using XDA App
 
Status
Not open for further replies.

Top Liked Posts

  • There are no posts matching your filters.
  • 161
    Bootloader is broken/bypassed!
    Big bad huge font to avoid confusion =)


    @Goroh_kun:

    Buddy, I know you're still reading this forums so... I just want you to know that you are absolutely BRILLIANT. You're a STAR.

    BIG thanks for all your contributions into this project! Nothing, and I mean NOTHING would happen without you.



    @devs:

    devicez.png
    device2o.png




    @SE: lads, it's your turn now - please unlock it already. I promise we won't brick our phones :)

    @all: DON'T ask for details. I will post here when I'm ready to do so. Today (I guess?) is the Arc release date and stuff, I don't want to mess around...


    Still busy working abroad,

    Cheers,
    z
    144
    Ok, here we go. It wasn't the April Fool thingy :)

    The bootloader has been bypassed using the kexec/miniloader method

    We are able to boot custom kernels now!


    I'll keep it short as I'm quite busy today... I haven't had much luck with disabling MPU nor resetting a MCPU - it failed no matter what I did. Same thing with porting shutdown procedures into miniloader. But when I found out that the custom kernel doesn't reboot on baseband 52, I switched to the .504 sources and restarted the work. Using the debugfs tips by Goroh, I realised some stuff I'd rather to keep in between the developers here... And then *poof* - the green USB led appeared and I knew I was getting there!

    Anyway... this is the first release of the fully working custom kernel (flashable via xRecovery). I haven't had much time to work on it so it's kind of proof-of-concept. Tested for 48h without any problem (not even a reboot).


    FreeKernel-alpha1:

    http://www.mediafire.com/?d8v914keiqsmc3n

    This is the alpha version of custom 2.6.29 kernel based on the SE sources. I do not plan to work on this release anymore - it is just for testing purpose. From today on I'll start to port SE stuff to the latest (GBread) kernel.


    Changes:

    - removed 32 fps cap
    - implemented netfilter (Droid wall, native USB/wifi tethering etc.)
    - undervolted to 0.950mV to save battery
    - don't remember what else I did, I bet something nasty :)
    - super ugly boot logo!


    Requirements:

    - baseband .52 + the relevant kernel
    - clean 2.1 ROM, compatibile with .52 baseband (e.g. .504)
    - working xRecovery


    Please note I am not responsible for any damage this software may cause to your device! Use it at your own risk!

    There is absolutely no support for this alpha release!


    Big thanks to (no particular order): Goroh_kun, Jerpelea, Bin4ry, Maxrfon, Biktor_gj and everybody else who contributed into X10 custom kernel development.


    At first the relevant kernel patches/sources will be delivered to the recognised X10 developers. Later on everything will be released as it's obviously Open Sourced.


    Please refrain from posting comments in this thread - it's for developers only. Spamming will only make our task harder to accomplish!


    Cheers,
    z
    88
    Great job!

    Hi, long time no see.
    It's goroh.

    > zdzihu.
    I'd like to say, Your strong effort and indefatigableness achieve this brilliant work!

    I have parted with my X10a, but I'm looking forward to see development goes on.
    :)
    35
    cm7 boots with custom kernel
    31
    Ok Thread Cleaned and j.Anderson banned