Related
Hello,
I try to receive 8-Bit-Formaten System-SMS with my MDA now.
In the RIL.H there is the beginn of an description for the RAW-Format of a SMS. I think, there's missing some fields. Has someone of you an idea, which attributes should be add else? (MessageTyp is Hex 0x0800002)
My target is to read the SMS-Basics (all 256 Bytes) - independet from the type etc.
Greetings from hannovre,
Andreas )
If you are talking about the sample application using RIL (TSTRIL.exe) then it outputs the message in PDU Format..... You need to convert it into text format to understand..... The link that describes it is
http://www.dreamfabric.com/sms/
In the case of the example only the Message (in Hex form) is output'ed.
I have a C implementation of this algorithm.Please tell me if you need it...
I hope this is what you were asking......
Imran Arshad
Dear All,
I heard that the device support of SDHC is not hardware-base but software. And someone said that hx4700 would support SDHC after flashing the WM6.1 ROM.
It is correct, depends, or totally not correct ?
It not, any suggestion or driver to enhance the SDHC support of hx4700 ?
Ball Ball
---------------------
hx4700 with 128mb @ vivi's 20764 1.1.1 ROM
4G SD, 8G CF
http://msdn.microsoft.com/en-us/library/ee486295.aspx
Applies to Windows Embedded CE 6.0 R2:
The new SD bus driver implements version 2.0 of the SD Card Physical Layer Specification. For more information, see Secure Digital Card Bus Driver. Usually, no changes will be necessary to the SD card host controller driver when using the new SD bus driver. However, it is possible that some existing SD card host controller drivers will not work with the new SD bus. One of the most common problems found regards the new commands supported in version 2.0 of the SD Card Physical Layer Specification that use Response 7. The Response 7 case must be addressed when bus requests are submitted to the SD card host controller or the request will fail with SD_API_STATUS_INVALID_PARAMETER. Handling this issue may involve introducing a new enum for the command response in the SD card host controller driver. For more information, see the following code excerpt.
Click to expand...
Click to collapse
Code:
SD_API_STATUS
CSDHCSlotBase::SubmitBusRequestHandler( PSD_BUS_REQUEST pRequest)
{
…
// bypass CMD12 if AutoCMD12 was done by hardware
…
// initialize command register with command code
wRegCommand = (pRequest->CommandCode << CMD_INDEX_SHIFT) & CMD_INDEX_MASK;
// check for a response
switch (pRequest->CommandResponse.ResponseType) {
case NoResponse:
break;
case ResponseR2:
wRegCommand |= CMD_RESPONSE_R2;
break;
case ResponseR3:
case ResponseR4:
wRegCommand |= CMD_RESPONSE_R3_R4;
break;
case ResponseR1:
case ResponseR5:
case ResponseR6:
case ResponseR7:
wRegCommand |= CMD_RESPONSE_R1_R5_R6_R7;
break;
case ResponseR1b:
wRegCommand |= CMD_RESPONSE_R1B_R5B;
break;
default:
status = SD_API_STATUS_INVALID_PARAMETER;
goto EXIT;
}
…
}
http://msdn.microsoft.com/en-us/library/ee482478.aspx
When you are building a new image you need to set the image flag IMGSDBUS2 equal to 1 in order to use the new bus (sdbus2.dll) and map the 2.0 bits to the OEMDrivers package. When IMGSDBUS2 is set to 1, the sdbus2.dll is picked up during the makeimg process and is renamed to sdbus.dll in the generated image. You can map the 2.0 bits to the package by adding the following line to the oem.cpm.csv file: CE_MODULES_SDBUS2, OEMDrivers
Click to expand...
Click to collapse
SecretKey.key
Any idea what this is for?
Searched little bit through folder Security...
Found in S8500XPKJ1.
Best Regards
For quick insight:
Main function is SpkiDispatch , it does create this file by calling SpkiSaveMasterSecretKey, together with that key it does create directories
"/Security/Log/"
"/Security/Log/Cert/"
"/Security/CM"
SpkiSaveMasterSecretKey does use functions
SecFrameGetIMEI
SpkiBase64Decode
SecCrDecodeRSAPublicKeyEx
Whole "Spki" functions family seems to be related with OS certificate manager. And yeah, looks like it is based on IMEI, or does include IMEI itself.
//edit:
Oh yes, string which is hardcoded into APPS and is being decoded by Base64 during runtime (probably kind of init state of the key) is
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDKyA2m2/PTRbsv9Y+39R6wroIniRv3nAUcOPH6dhg/9+2sCoWk0BgDtmfNMtUpueEzAr1OmAtxIfxt+gcaaFGDTr2NiY4ML9NhIv0frmlEsE8CLZFcMLYnCaeo7IMpDhnkUJA/aFhm42hmHM//e9sW2zOeN/oFrZ6wH7BEJmVEpQIDAQAB
Click to expand...
Click to collapse
from the looks of that string - I think you're looking at ... ahem wait for it ... a secret key -- or perhaps one half of a public/private key pair. Something that AES128 would be perfect for... good luck cracking that one.
Compared between S8500 and S8530... both on KJ1:
Code:
535730310093C300064D4F42494C45C5000431303234C60080
Something human readable like this:
Code:
SW01 MOBILEÅ 1024
So first 25 Bytes are for header...
Then 128 Bytes...
Hmmm... 128 Bytes could be RSA 1024 encrypted...
Best Regards
Factory Production Mode
This seems interesting... for me...
Tested on XXJEB...
If I play with Developer Commands... for instance:
Code:
> *> cmd="[B]CheckFPM[/B]"
> DevGetHomeDLFlag : Address(0x1dcc0000) flag(0xffffffff)
> RbmCHCheckHomeDLFlag : FLAG value=0x8,result=0
> *> return value = -1 (0xFFFFFFFF)
Code:
> *> cmd="[B]EnableFPM[/B]"
> DevGetHomeDLFlag : Address(0x1dcc0000) flag(0xffffffff)
> DevSetHomeDLFlag : Address(0x1dcc0000) flag(0x0000fff7)
> DevGetHomeDLFlag : Address(0x1dcc0000) flag(0x0000fff7)
> RbmCHEnableHomeDLFlag : FLAG value=0xfff7,result=1
> *> return value = 1 (0x00000001)
and...
Result is, after next Boot Wave starts with this funny Screen blue, then green... known by wrong key combination...
If I have changed to Qualcomm before... I can also write NV items via QPST...
Maybe here are more funny Flags possible... Check in JTAG dump at 0x1DCC0000...
Best Regards
I have found reason, how Wave checks "valid" apps_compressed.bin... also Boot...
Multiloader or every Flashing action writes own 512 Byte Info Block...
You can find them in 512 MB Full dump... from JTAG or from Ram Dump eXtractor:
http://forum.xda-developers.com/showpost.php?p=39658811&postcount=23
Search for this HEX value...
Code:
3412CDAB02000000
Now you can see your PC name... and your Country too...
your own IP address is also stored...
The other data are from last 1024 Bytes from boot_loader.mbn and apps_compressed.bin... parts of it... later more...
Sometimes I can see this... no idea yet why... or what:
Code:
Init Case 2
or
Code:
C#O#D#E Set
Hmmm... if I see this about Code... searching for and I find this in Boot...
Code:
Samsung:UNLOCK-KEY:/Security/Disabled
Fixed one for Samsung 3G platform. This string should be long ecnough maximum length is 128 bytes
[B]A#D#D#R[/B] Set C#O#D#E Set
Hmmm, will try later...
Anyway, with this I have solved my BIG problem after M210S Firmware...
For now only with JTAG possible, but maybe later other solution... for instance via FOTA...
Best Regards
Code:
gHostInfo.pComputerName =
gHostInfo.pIP =
gHostInfo.pLocation = Germany
gHostInfo.pToolVer =
gHostInfo.uDatePC =
Nand Read ECC count 0, Retry total count 0
=================================
BootDebugBuffNandWrite
=================================
Taken from S8000 Jet dump...
Here more clear what Multiloader writes from your private data...
Best Regards
I'm trying to remove this from MultiLoader V5.67.exe...
Found in .exe
Code:
GetLocaleInfo
GetComputerName
Leads to kernel32.dll ...
Maybe I can find something else...
GetDateFormat crashes Multiloader...
Also
GetCalendarInfoA
To change into Set... I think its dangerous not to kill my Windows...
Best Regards
Edit 1.
GetComputerNameW for Unicode instead GetComputerNameA
Now Multiloader only writes first Character of your Computername... :angel:
Back to the Info Block with 512 Byte....
With Command PrtSecBoot
Code:
> SecBoot : slot num(2), mass production(0), verSecurity(2), slot age(3)
> SecBoot : invalid binary key detected
> SecBoot : slot age(3) Usb Version("S8530+XX+LA1"), usb age(1), Usb Creation time stamp "42/01/05 10:05"
> SecBoot : Code Version(""), code age(1), Code Creation time stamp ""
> SecBoot : Code Download device time("00/01/01 00:00:GMT"), host PC time("43/06/06 15:23:GMT")
> SecBoot : Used Downloading Tool is FastMultiLoader 0 5.6.7
> SecBoot : Download hostname("[COLOR="Red"][B]yourPCname[/B][/COLOR]"), location("Germany"), ip(1x3.1x3.9.xx)
> SecBoot : SysInfo change device time("00/01/01 00:00:GMT"), host PC time("00/01/01 00:00:GMT"), tool ver(""), change Method(0), age(0)
In this Info Block are stored 2 RSA 512 Signatures from Boot and 1 from apps_compressed.bin... from apps_c the second RSA 512 Sig... see here:
http://forum.xda-developers.com/showpost.php?p=38088383&postcount=68
I was able to try few things...
I can manipulate
verSecurity(2), slot age(3)
Click to expand...
Click to collapse
But tried to find
mass production(0)
Click to expand...
Click to collapse
tool ver("")
Click to expand...
Click to collapse
Here I can see Init Case 2... so this should be position for ... also:
C#O#D#E Set
I think this is set, if Unlock via Code... in theory...
A#D#D#R
No idea yet...
Maybe in this Info Block it is possible to complete disable Security check...
Best Regards
Little progress...
I am able to erase/overwrite address in 512 MB OneNAND manually via sending Commands...
http://forum.xda-developers.com/showpost.php?p=42919458&postcount=31
For now only 2000+ Bytes in FOTA area tested...
Code:
7E02EE[B]00005009[/B]8000...
7E00DD[B]00005009[/B]0008...
0x9500000 from XXLA1 S8530...
Later I hope I can erase this damn Info Block to repair my S8530 with M210S Firmware... without JTAG...
Best Regards
1.
How to find IMEI in JTAG dump?
1.1
Where is EFS address ...
2.
Contains sysinfo IMEI ?
2.1
How to find sysinfo in JTAG dump?
bada 1.x if Wave alive... in Security folder...
Then it is possible to search for in dump...
But it seems not on every Firmware on same position...
sysinfo is 6560 Bytes (19A0 HEX ) ...
Will do few tests with XXJL2... maybe laaaaaater I can identify IMEI and/or sysinfo in strange unkown JTAG dumps...
Best Regards
Edit 1.
For study maybe this:
S8500_Full512MB_IMEI_38178104728484_NandEC50_Alive
Test 1.
Search by text + Unicode... (if IMEI is correct in name...)
14 Digits instead 15...
Test 2.
Converting into NV item 550 Format...
083A...
Edit 2.
Maybe little progress... to find sysinfo in dump...
Found Header before... but there is no unique Header... with Joker between 3000 or 0 hits...
Different positions maybe "randomly" or apps_compressed Version specific...
To be sure I'm now downloading XXJF5 to compare with dump...
Strange...
I have remove sysinfo from my own JTAG dump, written back dump...
sysinfo restored or rebuild or copied from somewhere else?
Because 1:1 same...
Next attempt, to remove "Info Block" from 1FFC5000...
This is so strange...
Best Regards
http://forum.xda-developers.com/showpost.php?p=43436279&postcount=6
I'm using now this as template...
Changed only at 1FFC5000...
Then flash complete XXJL2 for compare...
Result is working S8500...
sysinfo is generated different...
And Imiation_IMEI.dat file is different...
Now will try to check few "INFO Blocks"... and compare results...
if sysinfo and/or Imiation_IMEI.dat will be different..
Best Regards
1.
How to find IMEI in JTAG dump?
1.1
Where is EFS address ...
Click to expand...
Click to collapse
Sometimes my brain works slooow...
1.
IMEI is stored in Format used in QC handsets 15 + years...
Near "MP" ... Hardwareversion...
1.1
Header of EFS seems:
Code:
ABEFCDAB
So address is:
0x1E700000
In older Firmware where Hardwareversion is PV... instead MP 2.000 or MP 1.000
Here I will check later again with open eyes... to find IMEI.
For now I will do some tests with replace ... to fully start foreign JTAG dumps to learn more about sysinfo...
Best Regards
Tested with S8500 and S8530 JTAG dumps... (on S8500)...
Attached PFS contain sysinfo and Imiation_IMEI.dat...
This force apps_compressed.bin to start with IM.. not active...
If NAND/Header Info at 0x1FFC5000 will be removed/deleted...
With RIFF JTAG for instance erase 0x1FFC 0000 to end...
For repair and educational purpose... only.
How to decrypt sysinfo?
Whole file ?
Parts of it ?
Best Regards
Little progress...
https://code.google.com/p/badadroid/source/browse/trunk/FOTA
100 years later I am able to compile these examples...
Easy under Windows 7 tested with FASMARM:
http://forum.xda-developers.com/showpost.php?p=46788023&postcount=35
I have tried with XXJEE Boot... because I need bada 1 for find sysinfo for my studies...
Very interesting.
In syssec.uniqueKey.bin I have found now S/N ...
S/N is also on Label under battery... before Samsung killed Service via Kies. It was also helpfull to download Firmware...
I was ever wondering, why I am not able to find S/N...
Anyway. These FOTA examples helps me to increase my little brain.
For now tested only these:
Code:
[B]dump[/B]_netlock_info.fota
[B]dump[/B]_unique_keys.fota
nv_[B]dump[/B].fota
Next will be write_netlock_info.ASM...
Maybe this is what I think...
Yes, I know about FLOCK. But I need this for my JTAG Fullflash journey ... and for my little brain to understand how this work...
Btw.
I have no device here with SIM or Netlock...
To look into decrypted sysinfo and see the SHA1 Hashes is also possible via these FOTAs...
Thanx.
Best Regards
Few tests later...
It seems I have to play with DEcrypted sysinfo...
http://forum.xda-developers.com/showpost.php?p=47851350&postcount=49
First test failed with write_netlock_info.ASM before...
I have used DEcrypted Version, but nothing happens...
Maybe again my fault... anyway... tiny little step forward.
1 Goal is to identify sysinfo in JTAG dump... but here I need encrypted sysinfo...
Best Regards
Aha...
The reason is not only IMEI, because normally you can find IMEI in JTAG dump, but it seems Wave can not find anymore correct sysinfo... if fulldump from other Wave is flashed via JTAG.
http://forum.xda-developers.com/showpost.php?p=47851350&postcount=49
Result is working handset without IMEI... but this no problem...
Will check if now S/N is my or also gone with the other FOTAs...
But now I can flash 512 MB Fulldump WITHOUT modification of this file...
Then restore/rebuild sysinfo via bterm + correct FOTA...
Later more.
Best Regards
"Strange"...
sysinfo contain more then 1 or 2 SHA1 Hashes...
The others looks like "not available/not active" or something...
I have no handset with Lock...
I have only compared few DEcrypted sysinfo...
Simple copy and Paste not activate the Locks...
Later more...
Best Regards
Interesting...
Unique Key known from Header Info...
Stored in 512 MB OneNAND...
Is written into MBR (512 Byte) of moviNAND...
http://forum.xda-developers.com/showpost.php?p=49989727&postcount=68
If OneNAND is full erased, by JTAG RIFF for instance... Then text instead number:
Code:
PRODUCTCODEINVALID
Hmmmm, maybe this helps me later to restore sysinfo from JTAG dumps...
Best Regards
Hi all.
This thread only for developers! Only! No questions - when?!!!!!!!
This is my attempt to porting android on S8600.
I wrote custom bootloader - emmcboot, based on codeaurora LK-bootloader.
Bootloader is successfully start, work and trying to load android kernel from internal
microsd card.
Now is unsuccessfully,after type message "Uncompressing Linux... done, booting the kernel." device rebooted or stopped.
[370] Panel is power on
[370] Display initialized
[370] Display logo
[370] Waiting for modem+++
[370] Waiting for modem: Done
[370] smem ram ptable found: ver: 0 len: 6
[370] scratch: 0x8000000
[370] Starting in SD mode!
[370] SD_DETECT pin : 0x0
[380] Initializing MMC host data structure and clock!
[380] Error No. 2: Failure Initializing MMC Card!
[400] Decoded CID fields:
[400] Manufacturer ID: 27
[400] OEM ID: 0x5048
[400] Product Name: SD16G
[400] Product revision: 3.0
[400] Product serial number: 7C88FF04
[400] Manufacturing date: 2 2012
[410] Serial number -[410] serial number:
[410] partition misc doesn't exist
[410] error in emmc_recovery_init
[580]
kernel @ 208000 (4132528 bytes)
[580] ramdisk @ 1200000 (175204 bytes)
[580] cmdline = 'console=null androidboot.hardware=qcom user_debug=31'
[580]
Booting Linux
[580] smem ram ptable found: ver: 0 len: 6
[580] booting linux @ 0x208000, ramdisk @ 0x1200000 (175204)
[590] cmdline: console=null androidboot.hardware=qcom user_debug=31
Uncompressing Linux... done, booting the kernel.
source code for lk-bootloader for S8600:
https://github.com/Oleg-k/LK_BOOT_S8600
To build for S8600, type: "make -j4 s8600 EMMC_BOOT=1"
Also, i got memory dump, stage - after load oemsbl and before loading my bootloader.
as we see, oemsbl decompress and load apps_compressed.bin into memory,
starting at 0x200000.
https://www.dropbox.com/s/5wf6dp5gfgudkdc/MEM_DUMP_128MB.rar
And for for understanding boot process on MSM7x30, read this:
http://tjworld.net/wiki/Android/HTC/Vision/BootProcess#BootProcess
Welcome back my friend ))
If you able to port,I 100% will buy S8600
Good Luck
I was actually going to ask you what happened to the wave 3 port. Anyway Welcome back . But a question why don't you help rebellos and volk in the wave and wave II porting ? So the porting can be a bit more better. Just my question. :good:
Sounds interesting.
1.
You found ELF files for S8600 Boot ?
2.
You found way without JTAG, or JTAG is needed to write your Boot?
Thanx in advance.
Best Regards
CONFIG_DEBUG_LL
and
CONFIG_EARLY_PRINTK
plx <3
it's my current config for my kernel:
adfree said:
Sounds interesting.
1.
You found ELF files for S8600 Boot ?
2.
You found way without JTAG, or JTAG is needed to write your Boot?
Thanx in advance.
Best Regards
Click to expand...
Click to collapse
No, don't ELF files for S8600, i wrote new bootloader for boot linux kernel.
Now i use JTAG, but if we find a way to cript my bootloader,like appsboot.mbn,we will use regular multiloader
So cool!
http://forum.xda-developers.com/showthread.php?t=1443575
Blowfish encryption
Click to expand...
Click to collapse
Maybe PlatformDownloader_S8600_KI5.exe maybe have unsecured Boot...
But I can't flash nor I have connected my S8600 with RIFF...
TPs seems to small for my big Fingers...
Best Regards
oleg_k said:
it's my current config for my kernel:
Click to expand...
Click to collapse
Thanks. I'd check debug macros and debug uart configuration. There's few UART ports in it, and maybe kernel is printing to the wrong one... though this wouldn't explain why kernel unpacker is printing something (Uncompressing and booting comes already from zImage) - this would indicate that debug port number is correct. Are you sure that kernel and ATAGs location is correct, and RAM is set up properly by LK? Maybe something bad happens when kernel proceeds to enabling MMU and caches... I'm pretty clueless. :<
I collected some links I found useful in this article: http://xda-university.com/as-a-developer/porting-android-to-non-android-devices
Especially interesting for you might be last link in "Custom bootloader" section.
No, don't ELF files for S8600, i wrote new bootloader for boot linux kernel.
Now i use JTAG, but if we find a way to cript my bootloader,like appsboot.mbn,we will use regular multiloader
Click to expand...
Click to collapse
For S8500 I found way to write direct into OneNAND at:
Code:
0x0010 0001
No need to encrypt something...
With Multiloader... choose ETC.
http://forum.xda-developers.com/showpost.php?p=37229969&postcount=37
S8600 not tested...
This is far far away from perfect... but maybe helpfull.
Need someone who is able to remove restriction from ML to use lower adresses then 0x10000...
I was only able to change text strings... in ML...
Best Regards
On first page i posted bootloader source and memory dump, stage - after load oemsbl and before loading my bootloader.
To Adfree,
S8600 don't use OneNAND, used EMMC flash memory (like sd-card).
Today I've found S8600XXKI9.zip
I have forgotten this Firmware... but I have now short compared with Bootfiles from XXKJC... BIG differences... So I think this should be nearly identical with PlatformDownloader_S8600_KI5.exe
Still unsolved to decrypt or extract content of:
PlatformDownloader_S8600_KI5.exe
and
PlatformDownloader_S8600_KJ7.exe
Best Regards
Not my S8600... but user tried PlatformDownloader_S8600_KJ7.exe
It seems it was wrong Partition Table aka partition.bin...
Code:
Boot Binary Download Start Ch[0]
Appsboot 338.7KB OK[1.1s]
OemSbl 1757.7KB OK[1.8s]
ERR : NAK_FLASH_ERROR 0
Error : [B]partition Write[/B] [0.2s]
ERR : NAK_FLASH_ERROR 0
Download Start Ch[0]
Amss 16654.3KB OK[15.6s]
Apps 29622.3KB OK[54.1s]
_Open_Europe_Common 40370.2KB OK[73.5s]
(Low) 2980.3KB OK[1.9s]
ERR : NAK_INVALID_CONTENT 0
ERR : _Open_Europe_Common Erase
Now S8600 ask for QHSUSB_DLOAD
My first idea is Qualcomm QPST now...
Or maybe if Driver used, then Multiloader will work again... for second attempt..
Found only 64 Bit Driver yet... not tested nor Thread... only attachment...
http://forum.xda-developers.com/attachment.php?attachmentid=631288&d=1308601930
Will check also QPST to check what is needed...
Best Regards
Edit 1.
More Driver...
http://forum.xda-developers.com/showpost.php?p=21911621&postcount=2
Okay...
It seems for QPST fsbl.mbn is missing...
I can remember from old MSM6250 handsets it is mandatory to have all files for QPST... because otherwise you need JTAG...
Important...
Qualcomm not use Encryption for QPST files...
This is Samsung thingie + "end.bin" last 1024 Byte...
So decrypt all Bootfiles and cut last 1024 Byte...
For fsbl.mbn I will check JTAG dump from S8600...
Best Regards
Edit 1.
http://forum.xda-developers.com/showthread.php?t=1367055
downgrade_WM6_boot.zip contain fsbl.mbn ... maybe as example...
http://forum.gsmhosting.com/vbb/f634/htc-desire-s-qhsusb_dload-driver-1436354/
Found this...
Here is also fsbl.mbn maybe not available... or...
But maybe if we can attach such S8600 we can see few infos...
Best Regards
Edit 1.
About QPST Version contain this eMMC...
Code:
4. RELEASE NOTES
...
10/27/11 QPST [B]2.7.378[/B]
1) Add support for QSC11x5 CDMA only (4073) and CDMA+GSM (4074).
2) Fix problem with eMMC Software Download not correctly patching addresses > 8 GB.
10/13/11 QPST 2.7.377
1) Fix crash when QPSTServer.config are NULs (bad format).
2) Add model ID 4072 = "APQ8064". Apps processor only, no service programming.
3) Change flash programmer name from nprg9615.hex to nprg9x15.hex.
4) Add emergency download support for user partitions.
5) Fix case where user partition download fails if the flash programmer is on a file share.
6) Fix error case when add port is used but no port is specified.
7) Fix case where restoring an EFS file doesn't work if the file was modified by QXDM.
8) In Service Programming BC SMS fix case where if user enters 32 as the service type it get written to NV as 4096.
9) Fix case where a phone will stay in "no phone" state if the phone takes > 20 seconds to reboot.
10) Take care of cases in eMMC Software Download where we try to lock the disk volume but the drive letter isn't available.
11) Fix "server busy" issue when a device connects but it's modem isn't running.
12) Insert more status message in Memory Debug app so that we can see why fast unframed dump failed.
8/17/11 QPST 2.7.375
1) Add support for MDM9615 (model 4070). Rename model 4068 to 7627A-ANDROID from SURF7627A.
Add model 4071 (7627A-WinMob). Add 1x/UMTS service programming to 4068 and 4071.
2) eMMC Software Download: Don't try to lock volume if drive letter not present.
Devices that use GPT will not mount and get a drive letter assigned.
7/22/11 QPST 2.7.374
1) Added missing file to installer to fix Service Programming problem in 2.7.373.
2) For eMMC Software Download, abort the download if a sparse="true" directive is present.
Sparse files cannot be downloaded with QPST, only with fastboot.
3) Began the process of moving QPST application and server settings from registry to
configuration files.
4) Added more error checking to EFS Explorer file drop code.
7/5/11 QPST 2.7.373
1) Add support for SURF8960 model ID 4069.
2) Fix issue with Port Enable/Disable for IP Ports.
3) NAND Software Download: Correct flash programmer descriptions for 7225A, 7625A, 7227A, and 7627A.
4) Roaming List Editor: Added two new bands LTE 24 and LTE 25.
5) eMMC Software Download:
- Fix problem where some file names print as "(null)".
- Add support for Meta Build contents.xml file ("Build Contents"). The contents file will provide the path for the
rawprogram and patch files, extra search paths, and names of flash programmer and boot image files.
- Ignore unexpected elements in schema.
- Support zeroout directive to zero parts of partitions.
- Allow usage by app of "orderly" as well as surprise removal storage devices.
- Add support for computations in the <patch> (CRC32 for GPT support), <program>, and <zeroout> directives.
6) EfsExplorer:
- Enable reset button in Efs Explorer even if target not in offline mode.
- More text description in Mode column for Efs Explorer
- Modify the list context menu of Efs-Explorer.
- If the proposed item file size copy is > 2048 bytes, warn the user and bail out.
...
Adfree,
link pls for founded S8600XXKI9.zip
link pls for founded S8600XXKI9.zip
Click to expand...
Click to collapse
http://hotfile.com/dl/145796951/79ecec6/S8600XXKI9.zip.html?lang=de
Try this. If not then I search again...
About fsbl.mbn...
I have searched for fsbl_hw.c string in 4 GB JTAG dump SAMSUNG_GTS8600_FullFlash.bin...
Can not find so I think fsbl is not or in other area...
About your Memory Dump FROM_MEM_0_128MB.bin
I am not 100 % sure but maybe read problems...
Short tried to extract Cert, but string Qualcomm is not written correct...
Q5alcomm1
qualcoem.com
Click to expand...
Click to collapse
Best Regards
I try to read again memory dump )
thanks for links...
Also,
i find,what samsung used OKL4 Microkernel 3.0 (maybe 4.0)
http://wiki.ok-labs.com/Release/3.0
About ver 4.0 --
The OKL4 Microvisor is designed from the ground up as a high-performance mobile virtualization platform. It is a microkernel-based embedded hypervisor - called a Microvisor, with a small footprint and the right combination of performance and hardware support to target mobile telephony use. The OKL4 Microvisor 4.0 is distinguished by supporting mobile virtualization, componentization, and security, enabling a new generation of applications and capabilities with impact across the mobile ecosystem.
OKL4(with Qualcomm RTOS) also used in modem AMSS
http://forum.xda-developers.com/showthread.php?t=1829915
Need overview/list with Firmware packages with Bootfiles included...
Here this is what I have...
Later I will compare if difference...
Code:
XXKI9
XXKJC
S8600BOKJ1_TPLKJ1.rar
S8600BOKK6_S8500TPLKK7_T-Mobile.rar
S8600JPKK2_S8500OJPKK2_OJP.rar
S8600ZCLA1.7z
S8600NAKL1_S8600EPLKL1
Best Regards
This is how pattern for GUID is listen in my xml schema file.
Code:
<xs:simpleType name="GUID">
<xs:restriction base="xs:string">
<xs:pattern value="([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12})|(\{[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}\})"/>
</xs:restriction>
</xs:simpleType>
And this works if GUID is in the following format: D04992F8-1D4D-46E4-AB4A-B1A276473DA5
However, originally my GUID is in this format: D04992F8.1D4D.46E4.AB4A.B1A276473DA5
How can specify this pattern (dots instead of dashes) in my xml schema file instead? I tried to modify <xs: pattern value="................"/> but I never was able to get the result that I want.
I have tried to use this in my xs:attern
Code:
<xs:pattern value="([0-9a-fA-F]{8}\.[0-9a-fA-F]{4}\.[0-9a-fA-F]{4}\.[0-9a-fA-F]{4}\.[0-9a-fA-F]{12})|(\{[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}\})"/>
and
Code:
<xs:pattern value="([0-9a-fA-F]{8}\.[0-9a-fA-F]{4}\.[0-9a-fA-F]{4}\.[0-9a-fA-F]{4}\.[0-9a-fA-F]{12})|(\{[0-9a-fA-F]{8}\.[0-9a-fA-F]{4}\.[0-9a-fA-F]{4}\.[0-9a-fA-F]{4}\.[0-9a-fA-F]{12}\})"/>
But none worked. I did try to search using this regular expression in a text file and it works, but Windows Mobile doesn't picks it up as GUID.