Bootloader Cracking : Devs only

goroh_kun · Jul 11, 2010

boot your custom SPL(Soft SPL)

hi, all

here is kernel module to boot your custom spl image.

you can try to boot soft spl.

fixed version
http://hotfile.com/dl/53988785/10acd7f/splboot_2.zip.html

Code:

insmod splboot.ko
cat /path/to/your/splimage > /proc/splboot/image
echo > /proc/splboot/boot

goroh_kun · Jul 11, 2010

hi, biktor_gj, jerpelea

I don't know in detail how SPL works in xperia.
just I wrote a kernel module to dump, modify and boot specific area

you can modify the source code, I hope it can help your analyze.

thanks info about it.
I'll try to analyze how SPL works.

goroh_kun · Jul 11, 2010

hi, jerpelea

I dumped from 0x100000, and checked the image.
the area for 0x100000 seems used
as SMD(Shared memory device) information area.
you mean, therea is the bootloader code at 0x100000
and SMD info overwrite the bootloader image?

jerpelea said:
yep is full

thanks goroh
but dump seems to be wrong
after 0x3000 is padding
next block is at 0x100000

@kexec we need to somehow patch it to load the loader

goroh_kun · Jul 11, 2010

goroh_kun said:
hi, all

here is kernel module to boot your custom spl image.

you can try to boot soft spl.

fixed version
http://hotfile.com/dl/53988785/10acd7f/splboot_2.zip.html

Code:

insmod splboot.ko cat /path/to/your/splimage > /proc/splboot/image echo > /proc/splboot/boot

I uploaded fixed version.
I forgot to copy custom image at addr 0x100000- before reboot.

Bin4ry · Jul 11, 2010

my dump is like the others full of checks, lets look what we can do

Thanks for the great work goroh

Regards
Bin4ry

goroh_kun · Jul 11, 2010

goroh_kun said:
I uploaded fixed version.
I forgot to copy custom image at addr 0x100000- before reboot.

http://hotfile.com/dl/54055119/1a8816f/splboot_3.zip.html
I modified the splboot module to user able to choice spl start address and splsize.

like this

Code:

insmod splboot.ko spladdr=0x00000000 splsize=0x00100000

thanks.

Bin4ry · Jul 11, 2010

Here is my spl Dump.
Just for info and comparision

jerpelea · Jul 11, 2010

try to load nexus spl wich is qualcom spl
maybe we are lucky and se did not modify adresses
will look into it

Bin4ry · Jul 11, 2010

N1 does not boot like it is

jerpelea and me tested

Regards

Vilam · Jul 12, 2010

ddewbofh said:
Hehe, "just". You make it sound so easy. Modifying a binary bootloader is seriously tricky business, without source it's nigh impossible.

Binary ? Can I have a look at the stuff ?

Sent from my rooted x10i using Xda app

jerpelea · Jul 12, 2010

loader dump is wrong

latest used adress is 7fff0
so i think that
#define SPLSIZE 0x0007fff0 is corect value

i mofified the dumper to this new adress
(spl is same size as nexus one)

goroh_kun · Jul 12, 2010

usbloader(fastboot host)

Hi, all

I ported the fastboot capable bootloader from Aurora Project.

http://hotfile.com/dl/54453419/cb34f87/splboot_4.zip.html

you can boot your kernel with the fastboot command.

This is test version. I disabled NAND erase/flash function.

the zip file I uploaded includes source code, you can rebuild,
and customize. I'll next try to imprement auto boot function.

see you soon.

on xperia terminal.

Code:

insmod splboot.ko
cat usbloader > /proc/splboot/image
echo > /proc/splboot/boot

your PC command terminal.

Code:

>fastboot devices
?       fastboot

>fastboot getvar product
product: ES209RA

>fastboot boot /path/to/your/boot.img

Reference
https://www.codeaurora.org/gitweb/q....git;a=tree;h=refs/heads/chromium;hb=chromium

https://www.codeaurora.org/gitweb/quic/chrome/?p=qcom/qsd8250_ffa.git;a=summary

biktor_gj · Jul 13, 2010

hehe, just where I was going, nice goroh

I was trying LK though, legacy bootloader is nice too

goroh_kun said:
Hi, all

I ported the fastboot capable bootloader from Aurora Project.

biktor_gj · Jul 13, 2010

sim-value said:
Am i right that if i flash this Bootloader i will be able to boot from USB ONLY right now?
Anyways great work!

You cant flash it yet, just soft boot. And no, after bootloader is flashed you'll be abe to use jerpelea's recovery images or fastboot to flash whatever you want. Nice, huh?

Sent from my X10i using XDA App

jerpelea · Jul 13, 2010

please Stop filing this thread with junk
we are tring to do something for you
but is hard to follow progress if you post junk

also please don't "quote" posts just to say thanks
if you have something to coment about an release just mention user
otherwise there will be several large posts hard to follow

@progress
cyanogen6 is ready (alpha stage with many things to fix,bt,wifi,phone,power management,gps)
if we release it now 1 of 100 will be able to boot it just to see that it boots (but is useless because not even phone is working)
bootloader is not stable and can not be autobooted or flashed now

thanks

biktor_gj · Jul 13, 2010

MTD sort-of-working

About booting, almost there.
We know what happens, just need to fix it

Will post back with more progress when there is more progress!

biktor_gj · Jul 14, 2010

lqbweb said:
just a question.... then, the only issue left facing on, is the automatic booting?

Autoboot is just a matter of seting a variable to 1 on the bootloader. The probem is flashing without breaking anything, and the fact youll loose warranty and seus compatibility forever (which btw, for me, is a feature

)
Good thing is youll be able to boot to recovery at will
Btw, keypad working: )

Sent from my X10i using XDA App

jerpelea · Jul 14, 2010

zephyrix said:
I said I could get it to automatically boot into another kernel. I don't have a working kernel though.

here you go
an recovery to test it boots properly

1 is for se bl
1 is for qc bl

test with both

biktor_gj · Jul 14, 2010

sim-value said:
But will Flash-tool still be able to reflash original Firmware?

Nope, s1 loader goes to hell, so flash tool wont find the phone, and will need to use fastboot to flash, or do it from recovery....

Sent from my X10i using XDA App

jerpelea · Jul 14, 2010

biktor_gj said:
Nope, s1 loader goes to hell, so flash tool wont find the phone, and will need to use fastboot to flash, or do it from recovery....

Sent from my X10i using XDA App

or flash back s1_loader with an special tool then flash with regular flash tool

Bootloader Cracking : Devs only

Senior Member

Senior Member

Senior Member

Senior Member

Inactive Recognized Developer

Senior Member

Inactive Recognized Developer

Attachments

Senior Recognized Developer

Inactive Recognized Developer

Senior Member

Senior Recognized Developer

Senior Member

Senior Member

Senior Member

Senior Recognized Developer

Senior Member

Senior Member

Senior Recognized Developer

Attachments

Senior Member

Senior Recognized Developer

Similar threads

Top Liked Posts