Related
If you switch to QC and install correct drivers you have access.
Tested successfully few Tools:
PSAS
QPST
QXDM
NV items are possible to backup.
Read/write NV also possible...
SPC is 000 000
Security Password seems FFFFFFFFFFFFFFFF
I tested in PSAS... other SP leads to restart.
But Memory access is blocked.
Download Mode uses only Samsung Driver, not QC...
Goal would be to access/dump memory via Bootloader...
Best Regards
Samsung locked down the Wave more so than there android offering due to the proprietary nature of Bada, to be honest i really dont know how to solve that issue? is there any other folk with Jtag boxes that might give us there two cents?
Maybe we should play with Qualcomm stuff. To log something like GPIO.
HWTP for instance, but shows at this time only for older models...
see Screenshot from EF81... you can save to Text file...
Other usefull Tool could be QXDM.
I was able once to log something from S8500, but I have forgotten how...
Best Regards
HWTP can make Text output... here only from EF81, but:
GPIO 13 LCD_BCKLT_PWM
GPIO 84 FUEL_GAUGE_TXD
and more...
As HWTP is based on QXDM, I think QXDM is able to do this also... for S8500.
Question is only how.
Best Regards
Edit 1.
I've changed in Settings.Ini from HWTP MSM Identifier to:
0x4015E0E
Now I have access to the menu...
But I think its not correct... as GPIO is handled in GPIONameList.ini
Attached is from S8500 too, but again, this could be crap.
WARNING: according to changes in this file phones' id can change.
Click to expand...
Click to collapse
Also Limit is 98... no idea how many GPIOs are in modern handset...
QXDM Logging work... with S8500.
Code:
MSG Factory Test Mode/High
15:31:24.222 QMochaBattery_fuel_gauge.c 01512
[B]Fuel Gauge[/B] SOC I2C Read Sucess, reg 0x4
Best Regards
Maybe soon we have more skilled QC users with S8600.
Welcome.
Best Regards
have you got FTM program for FTM mode ?
https://rapidshare.com/files/3344313793/qpst_ftm_eval_6.10_818.rar
QPST I found 2.7.368
QXDM 3.12.714
Both untested with S8600...
have you got FTM program for FTM mode ?
Click to expand...
Click to collapse
I think this is older stuff, removed from QPST... since 2006 or something like this.
Thanx.
Best Regards
QPST saved my little Bu..
I've lost all my NV items and was not able to restore Full dump via JTAG...
But step by step my S8500 is now alive again.
I can confirm, that all NV items are restoreable, which I have backuped via QPST.
Around 306...
Maybe it depend if full erased like my handset... if writeprotected or something like this...
Best Regards
What will happen with network lock if i change imei to all zeros with this tools? Is it calculated in real time and it depends from imei or it is just in some protected part of phone? Is any other way for unlocking with this tools?
Adfree I know that you don't support unlocking, but I have my phone more than 12 months, I don't have warranty any more and i want to start using custom firmwares and to learn something new. Unlocking is to expensive for me.
Please help me if you can, i would be very grateful, off course i'm respecting your work and your attitude very much and i will delete my post immediately if you want.
Many thanks.
hi adfree,
i have a problem with my phone, Kies doesnt recognize my phone's firmware and says my device is not supported for firmware upgrades even i have the official Bada 1.2 firmware for Philippines.
My previous firmware is S8500XXKL6 Bada 2.0 but since there's a lot of bugs on this firmware, ive switched back to the official Bada 1.2 firmware from Ph.
First, ive flashed to DXKE1 full firmware (CSC is Open Asia) then i flashed to DXKF1 with a CSC of XTC (one of the CSC for Philippines).
Ive checked my Product Code but my product code in Kies registry is S8500BAAKOR.
What's wrong with my phone that's why Kies doesnt recognized my firmware? Is that because of the wrong Product Code?
Can i modify the product code in Kies registry in change KOR to XTC?
Pls advise.
Thanks
Can i answer please ?
Thank you
Go to this topic : http://forum.xda-developers.com/showthread.php?t=1333956&highlight=hack
It is Adfree Tutorial so don't worry
Best Regards
Please, can someone confirm.
How to set S8600 to work in Qualcomm Mode?
Thanx in advance.
Sorry, I can't try self... no S8600.
Best Regards
According to this...
http://forum.xda-developers.com/showpost.php?p=24208953&postcount=56
I was able to set my S8500 to Test Mode...
No idea yet. For what it is...
Simple... WinComm shows:
Code:
__OemNvGetStringModem: ModemNv Item id is 10071, return GT-S8600HKAXEF
__OemNvGetIntModem: ModemNv Item id is 10072, return 65535
So I have used RevSkills to set NV item 2758 to 01...
Before it was 00
Maybe 02 is also Mode? No idea yet.
But first succes for me. Now my S8500 can work again with Kies.
If I used faked S8600 apps_compressed...
Before my F. Kies not connected on 2 PCs if I have changed my apps_compressed...
Best Regards
At the moment I am playing with Jet S8000...
Here it is possible to access EFS via QPST...
Best Regards
About S8600...
I have NOT found way or Code to set S8600 in Qualcomm Mode...
Maybe someone else have an idea...
Thanx in advance.
Best Regards
Edit 1.
http://forum.xda-developers.com/showpost.php?p=30900694&postcount=222
QPST Build 378 ...
Found for S8600... later more...
Best Regards
Edit 1.
Code:
*#8720#
AP USB / CP USB.
:good:
Taken from here:
http://www.mysamsungwave.com/index.php?topic=85.0
Now I was able to backup NV items...
In "alternate Mode" EFS Explorer shows all folders on S8600...
Also short tested QXDM... but with old Version...
Best Regards
Related with adfree post in other thread about bluetooth in S8530 investigation I come to this one I have installed QXDM and tested. I have just ubuntu; QXDM tested in WinXP over VirtualBox
Steps in S8500:
-*#8720# to activate "Qualcomm mode" (again to return to normal mode)
-Qualcomm drivers from this thread (Files.rar attachment)
-Looking for NV items related with bluetooth, found this
http://forum.xda-developers.com/showthread.php?p=33233244&highlight=bluetooth#post33233244
2839^"Bluetooth Active"^"Factory*"
2840^"Bluetooth Visible"^"Factory*"
2841^"Bluetooth SAP Enable"^"Factory*
4525^"Bluetooth Disabled"^"Debug*"
But they seem not active in S8500: QXDM Read button says "NV Status Error Received: Item Inactive". BlueTooth logs shows no info, not even mac address.
So Bluetooth in S8500 seem just managed by bcm4329 chip.
Maybe with QXDM we can get some "other processor logs" related with Bluetooth operations, but I am not very confident about that
NV Status Error Received: Item Inactive
Click to expand...
Click to collapse
Caution!
QXDM shows you little overview about "standard" NV items...
OEMs like Samsung can do their own stuff...
But since 2001 I think, really Standard NV items are:
NV item 447 for Bluetooth address
and IMEI
NV item 550
This is also working for S8500 + S8530 and many other handsets in year 2013... Qualcomm based.
If you activate an inactive NV item. Then you could do bad things to your handset...
Because few items then brick your handset... Bootcycle for instance...
It is really hard to erase or change few NV items, because WRITE Protection and few other ugly Security thingies... remember IMEI...
You can backup few NV items with QPST... as QCN file... with Tool Software Download BACKUP
Result looks like this:
Code:
File Version: Major 2, Minor 0, Revision 0
File Summary:
Phone Model: 19 [QSC6270/QSC6240], Configuration Name: default, Total NV Item Count: 305
Phone Model 19 [QSC6270/QSC6240] Configurations:
Configuration Name: default
Mobile Properties:
ESN: 0xDEADD00D
Phone Model: 19 [QSC6270/QSC6240]
NV Major: 0
NV Minor: 0
SW Version: Q6270B-KPUBL-1.5.45072S
Client Name: QPST Software Download 2.7.0.348
Feature Mask:
Bit 9: F_PREFERRED_ROAMING_BIT
Bit 11: F_DIAG_ORIG_CALL_BIT
Bit 46: F_UI_SHOW_DROP_CALL_BIT
Bit 48: F_UI_PWR_KEY_ALT_BIT
Bit 81: F_DS_BIT
Bit 91: F_UI_PRL_VER_BIT
Bit 94: F_MULTIPLE_RINGER_TYPES_BIT
Bit 109: F_MC_TIMER_FIX_BIT
Bit 150: F_LPM_BIT
Bit 171: F_IS683A_PRL_BIT
Bit 200: F_NV_TWO_NAMS_RL_SMALL_BIT
Bit 206: F_ODIE_FONT_BIT
Bit 216: F_EVRC_BIT
Bit 269: F_TCXO_CLOCK_BIT
Bit 281: F_UART_POWERDOWN_BIT
Bit 283: F_FAST_WARMUP_BIT
Bit 296: F_SBI_BIT
Bit 300: F_EVRC_ADSP_BIT
Bit 301: F_VOCODER_MANAGER_BIT
Bit 335: F_AUTOBAUD_BIT
Bit 336: F_512KBYTE_RAM_BIT
Bit 340: F_UI_ANIMATE_CHARGE_BIT
Bit 341: F_NSOTASP_BIT
Bit 350: F_UI_DL_ROAM_MSG_BIT
Bit 358: F_MINIBROWSER_BIT
Bit 363: Unknown
Bit 367: Unknown
Bit 371: Unknown
Bit 375: Unknown
Bit 376: Unknown
Bit 377: Unknown
Bit 379: Unknown
Bit 380: Unknown
Bit 381: Unknown
Bit 387: Unknown
Bit 390: Unknown
Bit 391: Unknown
Bit 423: Unknown
Bit 424: Unknown
Total Set Bits: 39 of 432
Roaming Lists:
NV Items:
NV item: 10 [NV_PREF_MODE_I], index 0
NV_PREF_MODE_I 0: 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00
NV_PREF_MODE_I 1: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
NV_PREF_MODE_I 2: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
NV_PREF_MODE_I 3: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
NV_PREF_MODE_I 4: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
NV_PREF_MODE_I 5: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
NV_PREF_MODE_I 6: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
NV_PREF_MODE_I 7: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
NV item: 256 [NV_PRL_ENABLED_I], index 0
NV_PRL_ENABLED_I 0: 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00
NV_PRL_ENABLED_I 1: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
I have no idea, how good XP work in Virtual machine...
Its dangerous to have accident during read/write access to NV...
For instance I can only repair few mistakes with JTAG...
Best Regards
Hi guys,
i started some research a while ago on the internal structure of flash memory on the G9 series.
Especially the parts that are involved to tell the kernel how to behave on different models.
I am talking about the FTAG section, a.k.a tags.
To get a better idea on how this file is organized, i need to compare different tags files from the rawfs section of our devices.
This is where i need your help.
Please copy the file /mnt/rawfs/tags and post it here.
It's only 512 bytes in size, so you might rename it to tags_model.bin and post it here.
I mostly would need the tags from the turbo models:
- A80G9 turbo
- A101G9 turbo
RAM size does'nt matter but would be nice to mark it, if you got a 1GByte device.
EDIT:
Here's what i tried to figure out so far (A80G9 with 8GB)...
EDIT2:
now with the turbo flag and other additional flags...
Code:
05 00 00 00
01 00 00 00
34 12 A0 FE FEATURE_LIST_MAGIC=0xFEA01234
01 00 00 00 FEATURE_LIST_REV=0x00000001
feature_tag_header
00 00 00 00 size=0x0
13 00 00 00 tag=0x00000013
02 00 00 00 41 38 30 53 FTAG_PRODUCT_NAME=A80G
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00
A8 13 00 00 id=0x000013A8=5032
06 00 00 00 FTAG_PRODUCT_ZONE
03 00 00 00 FTAG_PRODUCT_SERIAL_NUMBER
67 12 00 00 00 00 00 00 serial=0x00001267=4711
00 00 00 00 00 00 00 00
04 00 00 00
04 00 00 00 FTAG_PRODUCT_MAC_ADDRESS
11 12 13 14 15 11 00 00 addr=11 12 13 14 15 11
03 00 00 00 ???
10 00 00 00 FTAG_BOARD_PCB_REVISION
05 00 00 00 revision=0x5
1A 00 00 00
12 00 00 00 FTAG_SDRAM
65 6C 70 69 vendor=elpida
64 61 00 00 00 00 00 00 00 00 00 00
45 44 42 34 product=EDB4064B2PB
30 36 34 42 32 50 42 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 type=0x0
00 00 00 00 revision=0x0
00 00 00 00 flags=0x0
90 01 00 00 clock=0x00000190=400
00 00 00 00 param_0
00 00 00 00 param_1
00 00 00 00 param_2
00 00 00 00 param_3
00 00 00 00 param_4
00 00 00 00 param_5
00 00 00 00 param_6
00 00 00 00 param_7
03 00 00 00 ???
13 00 00 00 FTAG_PMIC
01 00 00 00 FTAG_PMIC_TPS62361
04 00 00 00 flags=0x00000004
20 00 00 00 FTAG_SERIAL_PORT
01 00 00 00 uart_id=0x00000001
40 42 0F 00 speed=0x000F4240=1000000
05 00 00 00 ???
01 00 01 00 FTAG_HAS_GPIO_VOLUME_KEYS
2B 00 00 00 gpio_vol_up=0x0000002B
2C 00 00 00 gpio_vol_down=0x0000002C
00 00 00 00 flags=0x0
0F 00 00 00
18 00 01 00 FTAG_SCREEN
43 4D 49 00 00 00 00 00 00 00 00 00 vendor=CMI
00 00 00 00
00 00 00 00 type=0x0
00 00 00 00 revision=0x0
00 00 00 00 vcom=0x0
C8 00 00 00 backlight=0x000000C8=200
00 00 00 00 00 00 00 00 00 00 00 00 reserved
00 00 00 00 00 00 00 00
03 00 00 00 ???
14 00 00 00 FTAG_TURBO
01 00 00 00 flag=0x1
07 00 00 00 ???
06 00 00 00 ???
30 00 00 00 ??? ;set to 0x31 on A101S
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
As i said the file is 512 Bytes in size and i tried to group the FTAGS based on the header from the kernel (/arch/arm/include/asm/feature_list.h).
Some entries make no sense yet... but if you post some of your files.
BTW, as you might see there's no turbo flag on my device yet
Thanks a lot in advance!
Regards,
scholbert
Hi!
Here's the tag file of my archos:
Model: Archos 80G9 1.5GHz 1GByte RAM 16GByte
hmm
remote object '/mnt/rawfs/tags' does not exist
Shano56 said:
hmm
remote object '/mnt/rawfs/tags' does not exist
Click to expand...
Click to collapse
su ftw
I'll provide A101s tags file (512 MB 1 GHz) tomorrow
BTW- max cpu clock is determined by cpu microcode, kernel checks this AFAIK
Sent from my Archos Gen9 101
Psh I hate that android needs su to copy a file scholbert I might flash rooted firmware later, do you need A80G9 omap4460, 1gb ram, 8gb flash?
Shano56 said:
Psh I hate that android needs su to copy a file
Click to expand...
Click to collapse
This is not user accessible location after all
Tags file attached
...coooool !!!
Hey,
thanks a lot for the feedback and the tags files.
Of course you need root access to access /mnt/rawfs.
I forgot to mention that obviously...
gen_scheisskopf said:
BTW- max cpu clock is determined by cpu microcode, kernel checks this AFAIK
Click to expand...
Click to collapse
Yupp that's how it mainly works out... but there's also an effect of the FTAG_TURBO on stock kernel, if we speak about clocking.
That's why i started this investigations.
Those device that came equipped with OMAP4430 high perforamnce version but got standard 1GHz could be easily transformed to turbo version by exchanging the flags file, i guess. No need to use a custom kernel, here.
Root access would be required though.
I'll check that out in the next days and describe the procedure here, if there's some interest.
Quallenauge said:
Here's the tag file of my archos:
Model: Archos 80G9 1.5GHz 1GByte RAM 16GByte
Click to expand...
Click to collapse
Thanks a lot for this file.
As you see in the attached pic, your device got the turbo flag set.
On the left it's my 1GHz device, on the right it's your 1.5GHz.
BTW, which processor is inside your device?
I guess it's a 4460, isn't it?
Anyway the arrangement of the turbo flag was, what i looked for in the first place.
There are other settings which could be interesting as well...
Stay tuned!
scholbert
scholbert said:
I guess it's a 4460, isn't it?
Click to expand...
Click to collapse
It has to be- 4430 Turbo models were clocked at 1.2GHz (and had 512MB ram)
Here is my contribution to your research.
This comes from a 101G9 1.5ghz Turbo with 512mb ram. It says board version A101S-V5 (T1) and omap version 4460 ES1.1 if that helps.
gen_scheisskopf said:
It has to be- 4430 Turbo models were clocked at 1.2GHz (and had 512MB ram)
Click to expand...
Click to collapse
Yes, indeed! It is a 4460 ES1.1 CPU.
DIY turbo tablet
Hey,
good news everyone. I was able to replace my standard tags file with a turbo one
It just worked...
Now my standard device is clocked at 1.2GHz right away, even with stock kernel
It's a little bit tricky though and if you like your device tuned up most please follow surdu_petru's way and use his overclock kernel.
First i found out that the tags file varies a little bit even on devices of the same series.
Seems to be related to the avboot version used on the pad.
Anyway, tags file is located in the 771st block of mmcblk0.
All steps could be done using Android terminal program. You'll need root access.
The rawfs partition should be unmounted first, to not confuse the kernel in any way.
Afterwards there's only 512bytes to be replaced and voilà
If you like more info please tell me, but beware... if something goes wrong you might easily brick your tablet.
EDIT:
The device now shows up as A80S-V5 (T1) in Settings->About tablet->Board version.
I guess this stands for turbo version 1 ([email protected], 512MB RAM)
Could anyone confirm this on a "real" turbo device?
What other versions are known?
Cheers,
scholbert
scholbert said:
Hey,
good news everyone. I was able to replace my standard tags file with a turbo one
It just worked...
Now my standard device is clocked at 1.2GHz right away, even with stock kernel
It's a little bit tricky though and if you like your device tuned up most please follow surdu_petru's way and use his overclock kernel.
First i found out that the tags file varies a little bit even on devices of the same series.
Seems to be related to the avboot version used on the pad.
Anyway, tags file is located in the 771st block of mmcblk0.
All steps could be done using Android terminal program. You'll need root access.
The rawfs partition should be unmounted first, to not confuse the kernel in any way.
Afterwards there's only 512bytes to be replaced and voilà
If you like more info please tell me, but beware... if something goes wrong you might easily brick your tablet.
EDIT:
The device now shows up as A80S-V5 (T1) in Settings->About tablet->Board version.
I guess this stands for turbo version 1 ([email protected], 512MB RAM)
Could anyone confirm this on a "real" turbo device?
What other versions are known?
Cheers,
scholbert
Click to expand...
Click to collapse
Did you have a chance to compare A101S tags files?
Sent from my Archos Gen9 101
Hi gen_scheisskopf!
gen_scheisskopf said:
Did you have a chance to compare A101S tags files?
Click to expand...
Click to collapse
Basically no problem it's the same thing for the A101S.
As you posted a tags file from a A101S, i guess it's from your tablet.
Problem is this:
http://forum.xda-developers.com/showpost.php?p=27648801&postcount=17
Especially the second part related to the A101...
I supsect the missing core regulator being the cause for some instabilities on some A101S, while overclocking.
So if we tweak your tags file to identify the board as turbo, it will boot with 1.2GHz as well. If this fails, you're in a boot loop which would be hard to fix...
Have you tried surdu_petru's overclock kernel already?
Is your tablet stable at 1.2GHz?
If it runs stable at 1.2GHz we could try tweaking tags...
Regards,
scholbert
scholbert said:
Problem is this:
http://forum.xda-developers.com/showpost.php?p=27648801&postcount=17
Especially the second part related to the A101...
Click to expand...
Click to collapse
Yes, I've seen this.
Is there a possibility to determine onboard hardware (power regulator) using board revision (V5 in my case) or it is the same for all devices?
I didn't check if .aos updates make changes to tags file (they can change params file for sure- plugins)
scholbert said:
I supsect the missing core regulator being the cause for some instabilities on some A101S, while overclocking.
So if we tweak your tags file to identify the board as turbo, it will boot with 1.2GHz as well. If this fails, you're in a boot loop which would be hard to fix...
Click to expand...
Click to collapse
That's why I'm asking before doing anything
scholbert said:
Have you tried surdu_petru's overclock kernel already?
Is your tablet stable at 1.2GHz?
If it runs stable at 1.2GHz we could try tweaking tags...
Regards,
scholbert
Click to expand...
Click to collapse
I still use 3.2.80 firmware, my Gen9 doesn't "like" ICS/3.x kernel (runs much hotter than on 2.6.3x, random system hangs and last but not least- vibrator support not included). And TBH I don't need overclocking but if there would be an option to underclock it without SetCPU/No Frills CPU Control....
scholbert said:
The device now shows up as A80S-V5 (T1) in Settings->About tablet->Board version.
I guess this stands for turbo version 1 ([email protected], 512MB RAM)
Could anyone confirm this on a "real" turbo device?
What other versions are known?
Cheers,
scholbert
Click to expand...
Click to collapse
Yes, mine is A80S-V5 (T1) aka "80 G9 250GB hdd".
DragosP2010 said:
Yes, mine is A80S-V5 (T1) aka "80 G9 250GB hdd".
Click to expand...
Click to collapse
Nice... little strange though... HDD version should be a A80H-V5 (T1)
Is it a turbo version?
Which processor?
Would you mind posting the tags file?
See first posts.
Regards,
scholbert
gen_scheisskopf said:
Yes, I've seen this.
Is there a possibility to determine onboard hardware (power regulator) using board revision (V5 in my case) or it is the same for all devices?
Click to expand...
Click to collapse
To be honest, i'm not sure if the board revision truly indicates, which parts are soldered on the mainboard.
AFAIK V5 boards are very common... and as far as i can tell A80S and A101S mainboards are nearly the same.
The TPS62361B is controlled by I2C, so maybe you find something in kernel messages or sysfs.
You can tell for sure if you got your device dismantled
gen_scheisskopf said:
I didn't check if .aos updates make changes to tags file (they can change params file for sure- plugins)
Click to expand...
Click to collapse
AFAIK the tags file is left untouched during updates.
It is set by factory and scholbert only
gen_scheisskopf said:
I still use 3.2.80 firmware, my Gen9 doesn't "like" ICS/3.x kernel (runs much hotter than on 2.6.3x, random system hangs and last but not least- vibrator support not included). And TBH I don't need overclocking but if there would be an option to underclock it without SetCPU/No Frills CPU Control....
Click to expand...
Click to collapse
Mmmh strange stuff... maybe it's not the best hardware.
For underclocking the tags file should be left untouched...
Regards,
scholbert
scholbert said:
To be honest, i'm not sure if the board revision truly indicates, which parts are soldered on the mainboard.
AFAIK V5 boards are very common... and as far as i can tell A80S and A101S mainboards are nearly the same.
The TPS62361B is controlled by I2C, so maybe you find something in kernel messages or sysfs.
You can tell for sure if you got your device dismantled
Click to expand...
Click to collapse
I can't do it now- charger died and I don't know if RMA will require charger only or charger AND tablet...
/sysfs/devices/i2c/1-0048/name says twl6030.
scholbert said:
Mmmh strange stuff... maybe it's not the best hardware.
Click to expand...
Click to collapse
Or kernel was made primarily for omap4460 (honeycomb seems to be made for omap4430 judging by defconfigs)
A80S-V5 (T1)
Using the Archos 80G9 Turbo 1,5ghz and 1gb ram
scholbert said:
Nice... little strange though... HDD version should be a A80H-V5 (T1)
Is it a turbo version?
Which processor?
Click to expand...
Click to collapse
Sorry, sorry... Yes, it's turbo, it's hdd AND it's A80H
Would you mind posting the tags file?
See first posts.
Regards,
scholbert
Click to expand...
Click to collapse
Maybe on the evening or tomorrow.
Hi everydbody,
i'm working on a software to change oem and channel id for windows store (8.0, maybe 8.1...)
i've managed to see surface pick, or lenovo pick on my asus vivotab, but i don't know other oem channel ID.
in order o make a database, i need help !
could you go to: (win+R)
%localappdata%\Packages\WinStore_cw5n1h2txyewy\AC\Microsoft\Windows Store\Cache\0
and post in reply this file with your pc model in comment :
0-Channel-https∺∯∯next-services.apps.microsoft.com∯browse∯6.2.9200-1∯670∯Channel.dat
this file doesnt contain any personal data, juste channel and Oem ID
thanks!
feherneoh said:
09 AA 98 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Lenovo B560
Click to expand...
Click to collapse
Hi ferneoh
thank you, if you replace 09 AA 98 by 97 C5 98 for exemple you willhave access to samsung picks.... but i can't download from oem store for now...
My Surface RT only have file "0-Channel-https∺∯∯next-services.apps.microsoft.com∯browse∯6.2.9200-1∯670∯Channel∯Surface%20RT.dat"
ฺู™ � 0 0 0 0 1 0 9 8 9 4
That all from it.
That file is a binary data file. Opening it notepad doesnt represent the actual data (although it does attempt to parse it as plain text anyway).
I'd love to be able to use this to install Nokia's proprietary apps onto my Surface... please make this happen!
Anyone looked into this, yet?
Hi just wondering if there is anything I could do to make this card expiry date longer?
It expired on Tuesday. Anything I could do?
** TagInfo scan (version 2.00) 2014-04-13 14:07:30 **
-- INFO ------------------------------
# IC manufacturer:
NXP Semiconductors
# IC type:
MIFARE DESFire EV1 (MF3ICD41)
# DESFire Applications:
ITSO public transport application
Provision of citizen services #0
* UK National Smartcard Project
Provision of citizen services #1
* UK National Smartcard Project
Provision of citizen services #2
* UK National Smartcard Project
Provision of citizen services #3
* UK National Smartcard Project
Provision of citizen services #4
* UK National Smartcard Project
-- NDEF ------------------------------
# NFC data set storage not present:
Maximum NDEF storage size after format: 4094 bytes
-- EXTRA ------------------------------
# Memory information:
Size: 4 kB
Available: 2.2 kB
# IC detailed information:
Capacitance: 17 pF
# Version information:
Vendor ID: NXP
Hardware info:
* Type/subtype: 0x01/0x01
* Version: 1.0
* Storage size: 4096 bytes
* Protocol: ISO/IEC 14443-2 and -3
Software info:
* Type/subtype: 0x01/0x01
* Version: 1.4
* Storage size: 4096 bytes
* Protocol: ISO/IEC 14443-3 and -4
Batch no: 0xBA44D7C6C0
Production date: week 38, 2013
# Authentication information:
Default PICC master key
-- TECH ------------------------------
# Technologies supported:
ISO/IEC 7816-4 compatible
Native DESFire APDU framing
ISO/IEC 14443-4 (Type A) compatible
ISO/IEC 14443-3 (Type A) compatible
ISO/IEC 14443-2 (Type A) compatible
# Android technology information:
Tag description:
* TAG: Tech [android.nfc.tech.IsoDep, android.nfc.tech.NfcA, android.nfc.tech.NdefFormatable]
android.nfc.tech.NdefFormatable
android.nfc.tech.IsoDep
* Maximum transceive length: 261 bytes
* Default maximum transceive time-out: 6000 ms
* Extended length APDUs supported
android.nfc.tech.NfcA
* Maximum transceive length: 253 bytes
* Default maximum transceive time-out: 6000 ms
MIFARE Classic support present in Android
# Detailed protocol information:
ID: 04:81:68:7A:62:36:80
ATQA: 0x4403
SAK: 0x20
ATS: 0x067577810280
* Max. accepted frame size: 64 bytes (FSCI: 5)
* Supported receive rates:
- 106, 212, 424, 848 kbit/s (DR: 1, 2, 4, 8)
* Supported send rates:
- 106, 212, 424, 848 kbit/s (DS: 1, 2, 4, 8)
* Different send and receive rates supported
* SFGT: 604.1 us (SFGI: 1)
* FWT: 77.33 ms (FWI: 8)
* NAD not supported
* CID supported
* Historical bytes: 0x80 |.|
# Memory content:
PICC level (Application ID 0x000000)
* Default PICC master key
* PICC key configuration:
- PICC key changeable
- PICC key required for:
~ directory list access: no
~ create/delete applications: no
- Configuration changeable
- PICC key version: 0
Application ID 0xA00216 (ITSO public transport application)
* Default master key
* Key configuration:
- 2 (3)DES keys
- Master key changeable
- Master key required for:
~ directory list access: no
~ create/delete files: no
- Configuration changeable
- Master key required for changing a key
* 16 files present
- File ID 0x00: Backup data, 64 bytes
~ Communication: with MAC
~ Read key: free access
~ Write key: key #1
~ Read/Write key: key #1
~ Change key: blocked
~ Contents:
[0000] 00 21 7D 00 40 80 00 01 FE C3 58 A9 00 00 00 00 |.!}[email protected]|
[0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
[0020] 00 00 00 00 00 88 8A A2 62 42 8F 00 00 08 00 00 |........bB......|
[0030] 00 08 00 03 F8 2D 68 29 2A 9E 24 2C A3 3A BF 00 |.....-h)*.$,.:..|
- File ID 0x01: Backup data, 192 bytes
~ Communication: with MAC
~ Read key: free access
~ Write key: key #1
~ Read/Write key: key #1
~ Change key: blocked
~ Contents:
[0000] 1C 01 00 F0 8A A2 62 00 00 00 10 00 FF 00 00 00 |......b.........|
[0010] 00 00 00 02 D1 00 00 1F FF F0 01 00 00 FF 02 72 |...............r|
[0020] BD 00 00 46 1C 2B 6D 39 E9 0E 19 4C 00 00 00 00 |...F.+m9...L....|
[0030] 1C 01 00 F0 8A 9E 7F 00 00 00 10 00 FF 00 00 00 |................|
[0040] 00 00 00 02 D1 00 00 1F FF F0 10 00 00 FF 02 71 |...............q|
[0050] 6F 00 00 5C 44 E0 F5 CF E5 28 41 4B 00 00 00 00 |o..\D....(AK....|
[0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
[0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
[0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
[0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
[00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
[00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
- File ID 0x02: Backup data, 64 bytes
~ Communication: with MAC
~ Read key: free access
~ Write key: key #1
~ Read/Write key: key #1
~ Change key: blocked
~ Contents:
[0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
[0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
[0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
[0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
- File ID 0x03: Backup data, 64 bytes
~ Communication: with MAC
~ Read key: free access
~ Write key: key #1
~ Read/Write key: key #1
~ Change key: blocked
~ Contents:
[0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
[0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
[0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
[0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
- File ID 0x04: Backup data, 64 bytes
~ Communication: with MAC
~ Read key: free access
~ Write key: key #1
~ Read/Write key: key #1
~ Change key: blocked
~ Contents:
[0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
[0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
[0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
[0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
- File ID 0x05: Backup data, 64 bytes
~ Communication: with MAC
~ Read key: free access
~ Write key: key #1
~ Read/Write key: key #1
~ Change key: blocked
~ Contents:
[0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
[0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
[0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
[0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
- File ID 0x06: Backup data, 64 bytes
~ Communication: with MAC
~ Read key: free access
~ Write key: key #1
~ Read/Write key: key #1
~ Change key: blocked
~ Contents:
[0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
[0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
[0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
[0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
- File ID 0x07: Backup data, 64 bytes
~ Communication: with MAC
~ Read key: free access
~ Write key: key #1
~ Read/Write key: key #1
~ Change key: blocked
~ Contents:
[0000] 23 09 00 00 88 B4 2F 03 F8 29 C8 00 00 00 00 00 |#...../..)......|
[0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
[0020] 00 FA 00 31 A7 00 35 00 F7 87 A1 DB 89 65 EF AC |...1..5......e..|
[0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
- File ID 0x08: Standard data, 64 bytes
~ Communication: with MAC
~ Read key: free access
~ Write key: key #1
~ Read/Write key: key #1
~ Change key: blocked
~ Contents:
[0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
[0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
[0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
[0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
- File ID 0x09: Standard data, 64 bytes
~ Communication: with MAC
~ Read key: free access
~ Write key: key #1
~ Read/Write key: key #1
~ Change key: blocked
~ Contents:
[0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
[0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
[0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
[0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
- File ID 0x0A: Standard data, 64 bytes
~ Communication: with MAC
~ Read key: free access
~ Write key: key #1
~ Read/Write key: key #1
~ Change key: blocked
~ Contents:
[0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
[0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
[0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
[0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
- File ID 0x0B: Standard data, 64 bytes
~ Communication: with MAC
~ Read key: free access
~ Write key: key #1
~ Read/Write key: key #1
~ Change key: blocked
~ Contents:
[0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
[0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
[0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
[0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
- File ID 0x0C: Standard data, 64 bytes
~ Communication: with MAC
~ Read key: free access
~ Write key: key #1
~ Read/Write key: key #1
~ Change key: blocked
~ Contents:
[0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
[0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
[0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
[0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
- File ID 0x0D: Standard data, 64 bytes
~ Communication: with MAC
~ Read key: free access
~ Write key: key #1
~ Read/Write key: key #1
~ Change key: blocked
~ Contents:
[0000] 21 11 00 00 7F FE 40 02 62 6A CF 80 00 8A 8F 40 |[email protected]@|
[0010] 00 FF 00 00 00 00 04 1A 10 00 14 84 00 63 35 97 |.............c5.|
[0020] 00 03 F8 2D 69 00 00 07 32 E0 A5 26 84 E7 BE 4F |...-i...2..&...O|
[0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
- File ID 0x0E: Standard data, 64 bytes
~ Communication: with MAC
~ Read key: free access
~ Write key: key #1
~ Read/Write key: key #1
~ Change key: blocked
~ Contents:
[0000] 18 01 FF 00 7F 00 00 00 00 00 00 00 00 00 00 00 |................|
[0010] 00 00 00 00 00 00 00 00 00 FA 00 31 A7 00 35 01 |...........1..5.|
[0020] 34 8F B7 B5 63 93 CE 08 00 00 00 00 00 00 00 00 |4...c...........|
[0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
- File ID 0x0F: Standard data, 32 bytes
~ Communication: plain
~ Read key: free access
~ Write key: key #1
~ Read/Write key: key #1
~ Change key: blocked
~ Contents:
[0000] 18 11 63 35 97 01 27 02 02 56 04 07 04 01 00 00 |..c5..'..V......|
[0010] 40 10 08 07 00 00 54 FD 00 00 00 00 00 00 00 00 |@.....T.........|
Application ID 0xF40110
* Default master key
* Key configuration:
- 3 (3)DES keys
- Master key changeable
- Master key required for:
~ directory list access: no
~ create/delete files: yes
- Configuration changeable
- Master key required for changing a key
* No files present
Application ID 0xF40111
* Default master key
* Key configuration:
- 3 (3)DES keys
- Master key changeable
- Master key required for:
~ directory list access: no
~ create/delete files: yes
- Configuration changeable
- Master key required for changing a key
* No files present
Application ID 0xF40112
* Default master key
* Key configuration:
- 3 (3)DES keys
- Master key changeable
- Master key required for:
~ directory list access: no
~ create/delete files: yes
- Configuration changeable
- Master key required for changing a key
* No files present
Application ID 0xF40113
* Default master key
* Key configuration:
- 3 (3)DES keys
- Master key changeable
- Master key required for:
~ directory list access: no
~ create/delete files: yes
- Configuration changeable
- Master key required for changing a key
* No files present
Application ID 0xF40114
* Default master key
* Key configuration:
- 3 (3)DES keys
- Master key changeable
- Master key required for:
~ directory list access: no
~ create/delete files: yes
- Configuration changeable
- Master key required for changing a key
* No files present
--------------------------------------
Click to expand...
Click to collapse
Thx
Sent from my C6833 using Tapatalk
This would be considered fraud which is not accepted here on XDA. You're on your own, mate, both in finding the solution to this and in the cell after you get caught.
Cheers!
Thats seriously illegal my friend.
Sent from my SAMSUNG-SGH-I337 using XDA Premium 4 mobile app
Thats seriously illegal my friend.
Click to expand...
Click to collapse
+1 to this .
Thank u
Sent from my SAMSUNG-SGH-I337 using XDA Premium 4 mobile app
How can i get this files from my bus card ? i have phone with nfc and rooted. whic program actually thx
GT-I9500 cihazımdan Tapatalk kullanılarak gönderildi
It is illegal, you know ? We can't help you, but let me give you some tips: you should find a timestamp on the ticket. Find it, find out how it's calculated, and you're on your way (as long as the part containing the timestamp isn't write-protected).
Once you find the problem, I highly suggest you to report the problem to those concerned by the vulnerability, so that they can fix the problem, and maybe reward you somehow
I have already worked in this very field, it is a rather fascinating one !
Edit:
How can i get this files from my bus card ? i have phone with nfc and rooted. whic program actually thx
Click to expand...
Click to collapse
@ahmetozgur I just published an app on here called UltraManager. If your bus card is a Mifare Ultralight tag, you can use my app for the purpose. Otherwise, there are some good apps on Google Play, just look for "NFC tag reader"
How did you get such a detailed information about that card?
Diogo Recharte said:
How did you get such a detailed information about that card?
Click to expand...
Click to collapse
omg so many people asking such simple questions
HEY OP
What card is that ??
im interested in people disposing of beatiful desfire cards xD
i wonder if i can wipe it..
Diogo Recharte said:
How did you get such a detailed information about that card?
Click to expand...
Click to collapse
The application used to capture this card information was TagInfo by NXP. It is available from the Play Store here: https://play.google.com/store/apps/details?id=com.nxp.taginfolite&hl=en
Hello . I live in Madrid (Spain), and I have a transportation voucher. I would like "hack" it, but I would like know for where I can start haha I saw _darkjoker_ said : "you should find a timestamp on the ticket" . How can I do it? I downloaded the program TagInfo by NXP but I need an app where I can change the information of the chip. Is there an app? Because when you buy another month the store clerk swipes the card through a machine NFC ...
If anyone knows anything about this, comment it
Thanks
Hello. Quick question about a ISO 14443-3A id card. Does it support GPS? In other words can it be tracked by GPS? May be a dumb question, but I am not familiar with how the technology works and I'm trying to figure out capabilities. Thanks in advance
GadgetMonger said:
Hello. Quick question about a ISO 14443-3A id card. Does it support GPS? In other words can it be tracked by GPS? May be a dumb question, but I am not familiar with how the technology works and I'm trying to figure out capabilities. Thanks in advance
Click to expand...
Click to collapse
nfc is near field communication, the way it works is there is an antenna/coil inside the tag/card that when next to a tag reader gets a charge from it, giving power to the ic on the card. so the card cannot be directly tracked by gps. BUT, it is possible to have gps enabled tag readers which could track you every time you get close enough to one.
Hello,
Most bus pass technology uses desfire cards with two logical addresses one is public for all the world to see and the other is private , the private sector is encrypted and is updated everytime you put money on it or use it. Also as a duel layer defence most implementations of this technology uses back to base system which means everytime you tap it the card is used to query a database to verify that there is money for the trip and to check if the card is currently being used for a trip.
In NSW Australia we have opal cards they work by storing the balance information and activity in public storage so you can check it through a NFC enabled device and then storing the cards sensitive information in private storage that only the readers at stations and in top up locations can use. Every time we tap on the balance on the card is checked with a database and updated locally when needed then at the end of the trip the cards balance is updated from the central database to the card.
So I don't believe you can simply add more time ( or money) to most bus pass cards.
MRCaratacus said:
Hello,
Most bus pass technology uses desfire cards with two logical addresses one is public for all the world to see and the other is private , the private sector is encrypted and is updated everytime you put money on it or use it. Also as a duel layer defence most implementations of this technology uses back to base system which means everytime you tap it the card is used to query a database to verify that there is money for the trip and to check if the card is currently being used for a trip.
In NSW Australia we have opal cards they work by storing the balance information and activity in public storage so you can check it through a NFC enabled device and then storing the cards sensitive information in private storage that only the readers at stations and in top up locations can use. Every time we tap on the balance on the card is checked with a database and updated locally when needed then at the end of the trip the cards balance is updated from the central database to the card.
So I don't believe you can simply add more time ( or money) to most bus pass cards.
Click to expand...
Click to collapse
Did you ever work out a way to add money to the card? Im in nsw too and i have a school opal card so i dont have to pay anyway but im interested.
Unfortunately no , unless you hack into the database and locate your cards identifier then add money from the central DB , there is no way you can "hack" more money on the card , and even if you could the moment you tapped on it would always take the databases values as correct and either adjust your cards balance or detect the fraud and lock the card down.
Might have a solution but...
buckofive said:
The application used to capture this card information was TagInfo by NXP. It is available from the Play Store here:]https://play.google.com/store/apps/details?id=com.nxp.taginfolite&hl=en
Click to expand...
Click to collapse
It's illegal and we cannot help you in doing what you want.
In theory if you use an app like Mifare classic tool, that has a tool to compare dumps, you can get what changed like time, money or whatever. But that must be done if its with testing nfc cards and just for getting knowledge, not money.
hello
i have nfc card which i use it in university restaurant to pay a lunch could i hack it and but more money
pls help me
can't he overwrite the hex for the date, e.g. Production date: week 38, 2013 -> Week 38, 2018 ?
abood.456 said:
hello
i have nfc card which i use it in university restaurant to pay a lunch could i hack it and but more money
pls help me
Click to expand...
Click to collapse
thats fraud.
You can customize your Boot Splash Picture
(This is the first picture you see when you boot up your device, before the boot animation starts. The one you also see before booting into recovery.)
I have done this for every device I owned so far, plus a few I did't own. Until now they have all been HTC devices. Today I added the Xiaomi 9T Pro / K20 Pro.
If you have your bootloader unlocked and have a custom recovery (tested only on twrp-3.3.1-15-raphael), you can create you own custom boot splash using this Boot Splash Creator tool.
How to do it:
Upload a picture to the online boot splash zip generator (http://jobiwan.net:81/bootsplash-9tpro). (If your picture is not 1080x2340 it will be resized while retaining proportions.)
It generates and downloads a flashable .zip file,
Flash the resulting .zip file in recovery.
Alternatively, you can take the logo.img file from the cache directory inside the .zip file and flash it in fastboot:
fastboot flash logo logo.img
Disclaimer:
You have unlocked and rooted your device, and flashed custom recoveries, so by now you should know that you have nobody to blame but yourself.
Anyway: This tool is provided as is, with no warranty whatsoever. If you brick your device, I will feel sad for you but I will not be responsible.
How it works:
I took the logo.img file from a firmware zip. This is a 24M file that contains 4 bitmaps:
The MI logo
The fastboot logo
The MI logo with unlocked at the bottom
System has been destroyed logo
Each one is 1080x1920, 24bpp.
This tool converts your picture into a 1080x2340 bitmap and replaces the raw image data in the original logo.img file with the raw image data from your picture.
It replaces bitmaps 1 and 3, the MI and MI unlocked logo's. Fastboot and Destroyed logo's remain original.
Then it puts this patched logo.img file into a zip with an updater script that puts it into the logo partition. This .zip file gets sent back to your browser.
Back to stock:
The attached .zip files are recovery flashable. They contain the stock boot splashes for raphael and raphaelin respectively. (I put the original logo.img files in them.) So if you ever want the stock splash back, you can flash this.
('extracted-bitmaps.zip' is not flashable. It contains the original logo's as .bmp files.)
Share & Enjoy!
If you create any cool splashes, that others might like, please post them in this thread with a pictures and zips.
-Jobo
Update Oct. 16, 2019: Online tool now generates 1080x2340 plash images.
Nice
Can I use this on K20 Pro Raphaelin?
Anonda said:
Can I use this on K20 Pro Raphaelin?
Click to expand...
Click to collapse
[edit:]Yes you can. See post below this one.[/edit]
I can not say for 100% sure, because I do not own a raphaelin device to test with.
However, I strongly believe that you can do it. Here is why:
I looked at the logo.img files from a raphael and raphaelin firmware zip.
They are not the same: They have the bitmaps at different offsets. But the structure is the same. They both have the signature and index at the same offset (0x4000 or 16k) and the addresses of the bitmaps are int he same place in the index.
This is from V10.3.3.0.PFKEUXM:
Code:
00004000 4c 4f 47 4f 21 21 21 21 05 00 00 00 ef 05 00 00 |LOGO!!!!........|
00004010 f4 05 00 00 ef 05 00 00 e3 0b 00 00 ef 05 00 00 |................|
00004020 d2 11 00 00 ef 05 00 00 00 00 00 00 00 00 00 00 |................|
00004030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
It has the bitmaps at 0x0005000, 0x05f4000, 0x0be3000, 0x11d2000
This is from V10.3.5.0.PFKINXM:
Code:
00004000 4c 4f 47 4f 21 21 21 21 05 00 00 00 3b 07 00 00 |LOGO!!!!....;...|
00004010 40 07 00 00 ef 05 00 00 2f 0d 00 00 3b 07 00 00 |@......./...;...|
00004020 6a 14 00 00 ef 05 00 00 00 00 00 00 00 00 00 00 |j...............|
00004030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
It has the bitmaps at 0x0005000, 0x0740000, 0x0d2f000, 0x146a000
After confirming this, I felt confident / brave / stupid enough to flash the logo.img from the raphaelin firmware into my raphael. When I rebooted, it showed the Redmi logo and everything was fine.
So since flashing the raphaelin logo in a raphael device is safe and works fine, I would think that the reverse is also true.
If you or anyone with an Indian K20 have done this, please report back.
-Jobo
touch of jobo said:
I can not say for 100% sure, because I do not own a raphaelin device to test with.
However, I strongly believe that you can do it. Here is why:
I looked at the logo.img files from a raphael and raphaelin firmware zip.
They are not the same: They have the bitmaps at different offsets. But the structure is the same. They both have the signature and index at the same offset (0x4000 or 16k) and the addresses of the bitmaps are int he same place in the index.
This is from V10.3.3.0.PFKEUXM:
Code:
00004000 4c 4f 47 4f 21 21 21 21 05 00 00 00 ef 05 00 00 |LOGO!!!!........|
00004010 f4 05 00 00 ef 05 00 00 e3 0b 00 00 ef 05 00 00 |................|
00004020 d2 11 00 00 ef 05 00 00 00 00 00 00 00 00 00 00 |................|
00004030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
It has the bitmaps at 0x0005000, 0x05f4000, 0x0be3000, 0x11d2000
This is from V10.3.5.0.PFKINXM:
Code:
00004000 4c 4f 47 4f 21 21 21 21 05 00 00 00 3b 07 00 00 |LOGO!!!!....;...|
00004010 40 07 00 00 ef 05 00 00 2f 0d 00 00 3b 07 00 00 |@......./...;...|
00004020 6a 14 00 00 ef 05 00 00 00 00 00 00 00 00 00 00 |j...............|
00004030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
It has the bitmaps at 0x0005000, 0x0740000, 0x0d2f000, 0x146a000
After confirming this, I felt confident / brave / stupid enough to flash the logo.img from the raphaelin firmware into my raphael. When I rebooted, it showed the Redmi logo and everything was fine.
So since flashing the raphaelin logo in a raphael device is safe and works fine, I would think that the reverse is also true.
If you or anyone with an Indian K20 have done this, please report back.
-Jobo
Click to expand...
Click to collapse
Raphael logos work on raphaelin without any issues!
Regards,
acervenky
acervenky said:
Raphael logos work on raphaelin without any issues!
Click to expand...
Click to collapse
Thanks for confirming. That's good to know.
I have added a zip with the stock logo for raphaelin to the original post.
-Jobo
Here is a boot splash plus boot animation that go well together.
They are the same style and the first (and last) frame of the animation is the same as the splash.
The boot animation is not recovery flashable. You have to manually copy it to /system/media/
-Jobo
Do you have the raw files of the 4 bitmaps inside the original logo.img of K20 Pro? Because I can't extract it and I want to get the original bitmaps/stock logos and start edit on it. Thanks
ispiyaakoe said:
Do you have the raw files of the 4 bitmaps inside the original logo.img
Click to expand...
Click to collapse
Yes. I have added them as an attachment to the first post, in 'extracted-bitmaps.zip'.
Inside the .zip are 8 .bmp files. euX.bmp are from European firmware, inX.bmp are from Indian firmware.
Interestingly, the bitmaps in the Indian firmware are not all the same size.
The 'normal' logo's are 1080x2340 while the 'fastboot' and 'destroyed' logo's are 1080x1920.
I think I will change my online tool to generate 1080x2340 splashes instead of 1080x1920.
Edit: Done. Online tool now generates 1080x2340 plash images.
Thank you very much! You are awesome.
There is a crop up and down at 1080p images. Other than that is working properly!!! Thx!
pikachukaki said:
There is a crop up and down at 1080p images. Other than that is working properly!!! Thx!
Click to expand...
Click to collapse
I have updated the online tool to generate 1080x2340 images instead of 1080x1920. This fills the entire screen.
(It also no longer distorts the image when stretching. It now scales the image proportionally for best fit and puts it on a 1080x2340 black background.)
Originally I made them 1080x1920 because that's how they are in the PFKEUXM firmware.
Only after looking into the Indian K20 Pro firmware did I find out that it also works with full 1080x2340 bitmaps.
Here is Google black boot logo + black android 10 bootanimation. Bootanimation is only for AOSP ROMs.
Thanks and credit to @touch of jobo for his tool.
Xiaomi Bunny pics
I took the images from this set: http://vkclub.su/en/stickers/xiaomi/
..and converted them to boot splash zips.
(On that site, it says the Author / Illustrator is 'Xiaomi'...)
It is the same creature that we have on our stock fastboot logo. I think they were originally meant as emoticons. Some of them have some text (in what seems to be Russian) in very dark grey. I first overlaid the images on this same dark grey color and then turned that dark grey into black. This gets rid of the text.
Attached to this post are:
The 16 images where I put the original pictures on a black background,
The original pictures in originals.zip
The flashable bootsplash zips are inside zips-000-007.zip and zips-008-015.zip
I put the 16 bootsplash zips inside 2 new zips to get around the 20 attachments per post limit.
This means they are fairly large. You can also just download individual pictures and run those through the tool.
(So just to clarify: Those 2 large zips are not flashable. They each contain 8 other zips that are flashable.)
gianton said:
Here is Google black boot logo + black android 10 bootanimation.
Thanks and credit to @touch of jobo for his tool.
Click to expand...
Click to collapse
Bootanimation does not work. Tested on my K20 pro
omkar1997 said:
Bootanimation does not work. Tested on my K20 pro
Click to expand...
Click to collapse
Forgot to mention bootanimation is only for AOSP ROMs.
IdrisMC said:
Can you flash both on LOS 17?
Does the splash also include the google bootloader image?
Click to expand...
Click to collapse
Yes that's what I'm using with LOS 17. Flash both in recovery (mount system first).
Silhouette of trees against winter evening sky
I took this picture about 10 years ago. Since then I have used it as a wallpaper on every computer and phone I used. I think it goes really well with a dark theme.
Now I made a boot splash and boot animation based on this picture. They are the original 9T-Pro splash and animation, but with this photo as the background.
By default, the lock screen takes the center of the wallpaper (when you select 'Apply Both'), which is the same cut-out I use as the background for the splash and boot animation.
Attachments:
bootsplash-9tpro-trees.zip
This is a recovery flashable zip that replaces your boot splash.
bootanimation.zip
This zip is not flashable You have to put it in /system/media/
(This is an external link, not an attachment. The file was too large to attach.)
trees-wall.jpg.zip
This is the full resolution wallpaper 3120x2340 (zipped)
trees-boot.jpg
This is a picture of the boot splash.
trees-small.jpg
This is a small, lower quality version of the picture inside trees-wall-jpg.zip. Just as a preview.
Enjoy,
-Jobo
Thanks for this tool, it's amazing
Sent from my raphael using XDA Labs
What are the odds of working on Mi 9T (Davinci)?
PS. Tested and it works like a charm S2