Related
I have been looking into the C-Sharp__DLLImport project here:
http://forum.xda-developers.com/showthread.php?t=1006331&highlight=dllimport
I am trying to modify the FileSystem project to be able to get a list of the modules that are loaded for each process.
Code:
STDMETHODIMP CFileSystemIO::GetModulesForProcess(DWORD dwPID, BSTR* result)
{
// Get the process snapshot
HANDLE hModuleSnapshot = CreateToolhelp32Snapshot( TH32CS_SNAPMODULE, dwPID );
// Initialize the module entry structure
MODULEENTRY32 moduleEntry = { 0 };
moduleEntry.dwSize = sizeof( moduleEntry );
// Get the first module info
BOOL Return = FALSE;
Return = Module32First( hModuleSnapshot, &moduleEntry);
// Getting process info failed.
if( !Return )
{
CloseHandle( hModuleSnapshot );
return S_FALSE;
}
int x = 1;
CString modList(TEXT(""));
do
{
modList.AppendFormat(TEXT("%d-%d-%d-%d-%d-%d-%s-%s\n"),
moduleEntry.dwSize,
moduleEntry.th32ProcessID,
moduleEntry.GlblcntUsage,
moduleEntry.ProccntUsage,
moduleEntry.modBaseAddr,
moduleEntry.modBaseSize,
moduleEntry.szModule,
moduleEntry.szExePath);
}
while( Module32Next( hModuleSnapshot, &moduleEntry ));
// Close the handle
CloseHandle( hModuleSnapshot );
// set the result
*result = (modList.AllocSysString());
return S_OK;
}
The code is based off a similar function that is already in the project (the CFileSystemIO::MessageBoxRunningProc function which works fine).
By putting some MessageBoxes in there for debugging, I can confirm that the Module32First and Module32Next methods are working correctly. When it gets to the line:
*result = (modList.AllocSysString());
The application crashes. I put a try/catch around there and it didn't trigger a CMemoryException or any other exception.
Any idea why this method would be causing the app to crash?
As an update to this, I was able to figure out the problem. I was unaware of this, but closing the handle generated in the method to get the process messes up the generation of the modules. I didn't think this would be the case since when you generate the handle it also takes a pid. I ended up combining the 2 methods.
The final project uses com interop to call the native methods and it builds a tasklist with all the corresponding modules as subclasses. You can find out which libraries and interfaces are in use by which applications, and where those dll files are located on your phone. If anyone wants to see it, I can post it at some point. It's not a very elegant looking interface, but it gets the job done.
Hi Experts / Expert Hackers,
I'm trying to implement the Google Play application silent install feature (similar to appbrain fast web installer) on android.
So far I was able achieve the following :
1. Find out a method to retrieve the Google Play Auth Token (thus granting permission for my application to talk with Google Play application on the Phone). I've listed the code I've used for this below :
Code:
Log.i(TAG,"Getting the Google Play Auth Token Using Account Manager : START");
AccountManager accountManager = AccountManager.get(getApplicationContext());
Account[] accArr = accountManager.getAccountsByType("com.google");
for (Account acc : accArr) {
Log.i(TAG, "For Account Name : " + acc.name + " - "+ "Account Type : " + acc.type);
accountManager.getAuthToken(acc, "googleplay", null, this,new AccountManagerCallback<Bundle>() {
public void run(
AccountManagerFuture<Bundle> paramAccountManagerFuture) {
try {
Bundle localBundle = (Bundle) paramAccountManagerFuture.getResult();
String authToken = localBundle.get("authtoken") + "";
Log.i(TAG, "Got AuthToken : " + authToken);
} catch (Exception ex) {
StackTraceElement[] starray = ex.getStackTrace();
StringBuffer bf = new StringBuffer();
bf.append("Error : " + ex.getMessage()).append("\n");
for (StackTraceElement ste : starray) {
bf.append(ste.toString()).append("\n");
}
Log.e(TAG, bf.toString());
}
}
}, null);
}
Log.i(TAG,"Getting the Google Play Auth Token Using Account Manager : END");
2. Find out how to Retrieve the Android-Id of the Phone (This Id as I believe should be used when sending the appInstall request to the GPlay Servers or the Gplay/vending application on the android phone)
Code:
Log.i(TAG, "Getting the Android ID Of the Phone : START");
Uri localUri = Uri.parse("content://com.google.android.gsf.gservices");
ContentResolver localContentResolver = getContentResolver();
String[] arrayOfString = new String[1];
arrayOfString[0] = "android_id";
Cursor localCursor = localContentResolver.query(localUri, null,null, arrayOfString, null);
Log.i(TAG, "Column Count : " + localCursor.getColumnCount());
if ((localCursor != null) && (localCursor.moveToFirst())) {
String androidId = Long.toHexString(Long.parseLong(localCursor.getString(1)));
Log.i(TAG, "Received Android ID : " + androidId);
Log.i(TAG,"Other Value in Column : " + localCursor.getString(0));
}
Log.i(TAG,"Getting the Android ID of the Phone : END");
3. Find out the Protocol Buffer Request to be sent to the Google Play servers or the Gplay/vending application on the phone to Initiate the silent application download & install process.
Code:
message InstallRequest {
optional string appId = 1;
}
message RequestContext {
required string authSubToken = 1;
required bool isSecure = 2;
required int32 version = 3;
required string androidId = 4;
optional string deviceAndSdkVersion = 5;
optional string userLanguage = 6;
optional string userCountry = 7;
optional string operatorAlpha = 8;
optional string simOperatorAlpha = 9;
optional string operatorNumeric = 10;
optional string simOperatorNumeric = 11;
}
message Request {
optional RequestContext context = 1;
repeated group RequestGroup = 2 {
optional InstallRequest installRequest = 10;
}
}
4.I even used the protobuf compiler and generated the java class for manipulating the above protocol buffer request and filled the above protocol buffer fields with some sample data. See the code below :
Code:
public void buildAndSendSilentInstallProtoBuffMessage(String gplayAuthToken, String deviceAndroidId){
try{
/*
* The Root Request Object Assumed to be Holding the Silent Install Request
*/
Request.Builder request = Request.newBuilder();
//Populating the ReequestContext Object
RequestContext.Builder context = RequestContext.newBuilder();
context.setAndroidId(deviceAndroidId);
context.setAuthSubToken(gplayAuthToken);
context.setIsSecure(true);
context.setVersion(1002);
context.setDeviceAndSdkVersion("dream:4");
context.setUserLanguage("en");
context.setUserCountry("us");
context.setOperatorAlpha("Android");
context.setOperatorNumeric("310260");
context.setSimOperatorNumeric("310260");
//Building the Install Request
InstallRequest.Builder installRequest = InstallRequest.newBuilder();
installRequest.setAppId("-2564446724934482383");
//Setting the Install Request to the Request Group
RequestGroup.Builder requestGroup = RequestGroup.newBuilder();
requestGroup.setInstallRequest(installRequest);
//Setting the Request Context to the Main Request Object
request.setContext(context);
//Setting the Request Group to the Request Object
request.addRequestGroup(requestGroup);
The Sample Data for GPlay Token and the Android Id are as follows :
1. Android_ID :
3a0f901831a0f402
2. Google Play AuthToken :
DQAAAMgAAACpOyPf6apRbb0i4qhTVaf0yYoikTAb4TYlHCRLrW4mu5f14j-H35KGmO9TQKUDYCfj3-b-QIH5chfXT3bS02Uxljg7vYt4I-kgXLEJwPcynjugDcJ9fYPOh1c2FnOnywFXXxXw6hcqs5sVnJEt5zW2ditoB5VeeXG9Zfodj9dXKobObi50-XnHoGfWi2b64Uf3EHGdQTsDCMzfZrE4mb22fr9LCW1oZG5tkzwS4KhPBHWMN2fO7w-1IZ4UK5LOI80vPBLjxBaavKAXHoVUHSNV
5. I also did some sniffing using my rooted galaxy nexus phone during Gplay application silent install and found only two HTTP GET Requests.
I tried reproducing the those two Http GET requests captured using Shark for root(using my rooted android galaxy nexus phone) and the 1st Request just downloads the Market File itself (which I was able to save to the SD card of the Phone. But then it has to be installed like any unknown sources application) while the second request returns nothing.
The two get requests captured are shown below :
Code:
1. GET REQUEST ONE :
21 0.827240 192.168.135.102 173.194.36.4 HTTP 535 GET /market/download/Download?packageName=com.gau.go.launcherex.theme.appwidget.gopowermaster.futureworld&versionCode=1&token=AOTCm0QRnH3rmypWtCGoAL_SU1BSt311wpyz-_LZTodkUSAlc-f5SrdMiz5WDRDUKMMm6S3plBI9Jbh1tukT1jyCYXLgP4QhVvZvn5JLtZQ&downloadId=-165214892049282883 HTTP/1.1
Which has the following http headers :
Cookie: MarketDA=17214805622679635526\r\n
Host: android.clients.google.com\r\n
Connection: Keep-Alive\r\n
User-Agent: AndroidDownloadManager/4.1.1 (Linux; U; Android 4.1.1; Galaxy Nexus Build/JRO03C)\r\n
2. GET REQUEST TWO :
44 6.595093 192.168.135.102 222.165.163.15 HTTP 608 GET /market/GetBinary/com.gau.go.launcherex.theme.appwidget.gopowermaster.futureworld/1?expire=1346838270&ipbits=0&ip=0.0.0.0&cp=SnpybWlzSFk6OTYzMzg0MTE2NzA1ODEwOTYxMjE&sparams=expire,ipbits,ip,q:,cp&signature=2C0778C4635F6F8AE1DA8479FB08DCB9BC04C2E9.60202D8D4D2FDDA70609A3862A25852F0BAA2766&key=am2 HTTP/1.1
Which has the following http headers :
Cookie: MarketDA=17214805622679635526\r\n
Host: o-o.preferred.slt-cmb2.v12.lscache4.c.android.clients.google.com\r\n
Connection: Keep-Alive\r\n
User-Agent: AndroidDownloadManager/4.1.1 (Linux; U; Android 4.1.1; Galaxy Nexus Build/JRO03C)\r\n
I've been looking into this for about two weeks now but I still couldn't find the following :
1. Whether the AppBrain fast Web Installer uses the protocol buffer to invoke the Gplay (vending application) on the phone or the Gplay servers ?. If so is the above Protocol Buffer Request format correct ??.
2. If the Above Protocol Buffer Request format is correct then to Where in the Phone or Gplay server should I send the Protocol buffer request to to invoke the Silent Application download and installing procedure ?.
I also have a C2DM (now GCM) server and client setup around this task as well. Could anyone point me in the correct direction or give me any clues for solving this ?. Any help is much appreciated .
Seriously No one ???. I thought this forum has some expert hackers . Where are those so called android hackers anyways ??. Please guys I need help on this and it's urgent .
Hello. How you login into google play with token from account manager? Thanks.
Hi there, many of you would know me.
I am back after a short while, well actually I am here just to help you guys with overclocking. Neither do I have any resource such as high end cpu or hdd space to compile a kernel nor do I have a stable galaxy y as of NOW.
Now all the mathematics and programming geniuses, I need you all here. I am inviting all the developers who can ACTUALLY help. No questions from someone who has just started or something like that. For them I suggest you read a lot about processors first.
The overclock that developers till now have achieved as you all know, DOES NOT INCREASE MFLOPS.
After studying a lot about the arm11 processors. I know that the freq values we set are only the freq which are visible to users in apps. They are just registered so that users can view them as working.
ONLY PROCEED BELOW IF YOU KNOW ABOUT PROGRAMMING.
People who know about programming but not about ARM architecture visit this link : http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.ddi0328e/CHDEHCAB.html
Now there are two critical values which define the val, they are m_set and n_set.
The freq table that we create is just an imposture to the real clock. If you study msm boards then you'll notice they feed in the values as *speed->clk=x 000 (converts to mhz). We don't have a clock-21553.c in that manner.
Rather we have this.
long bcm21553_uart_find_m_n(unsigned long freq_val, long *m_set, long *n_set)
{
long factor = 0; /* = m/n */
long eq_2_val = MAX_UART_M_VAL + MAX_UART_N_VAL;
long n_val = 0;
long long n_iter = 0;
long long m_iter = 0;
long long left = 0;
long long right = 0;
long long diff = 0;
long long least_diff = 0;
long long least_diff_m_iter = 1;
long long least_diff_n_iter = 1;
long long val = 0;
long ret_val;
/* Formula : Freq = (156MHz * n) / m. */
if (freq_val > FREQ_MHZ(156)) { /* Can't have freq greater than 156MHz. */
return -EINVAL;
} else if (freq_val == FREQ_MHZ(156)) {
*m_set = *n_set = 1;
return FREQ_MHZ(156);
}
*m_set = 0;
*n_set = 0;
factor = FREQ_MHZ(156) / freq_val;
/* range of m : 0 <= m <= 0x1ff */
/* range of n : 0 <= n <= 0x1ff */
/* Equation 1 : factor = m /n. */
/* so m = (factor * n). */
/* Equation 2 : m + n <= 0x1ff + 0x1ff. */
/* m + n <= (2 * 0x1ff) ; Let's call (2 * 0x1ff) as eq_2_val. */
/* so m + n <= eq_2_val. */
/* Substiture eq1 in eq2. */
/* (factor * n) + n <= eq_2_val. */
/* taking n common : */
/* (factor + 1) * n <= eq_2_val. */
/* so n <= eq_2_val / (factor + 1). <==== This is a very important conclusion. */
/* Now the logic is to iterate(iter) till n, and
* find a value of m, where m = 156MHz * iter / val. */
n_val = eq_2_val / (factor + 1);
pr_info("n_val = %ld, eq_2_val = %ld, factor = %ld\n", n_val, eq_2_val,
factor);
n_iter = 0;
diff = 1;
least_diff = 0xffffffff;
val = freq_val;
while ((n_iter <= n_val) && (diff != 0)) {
n_iter++;
left = FREQ_MHZ(156) * n_iter;
m_iter = 0;
while ((m_iter <= MAX_UART_M_VAL) && (diff != 0)) {
m_iter++;
right = val * m_iter;
/* Always left side must be greater than right. So diff has to be positive. */
diff = left - right;
if ((diff > 0) && (diff < least_diff)) {
least_diff = diff;
least_diff_m_iter = m_iter;
least_diff_n_iter = n_iter;
}
/* pr_info("n_iter = %lld, m_iter = %lld, left = %lld, \
right = %lld, diff = %lld, least_diff = %lld, \
least_diff_m_iter = %lld, \
least_diff_n_iter = %lld\n",
n_iter, m_iter, left, right, diff, least_diff,
least_diff_m_iter, least_diff_n_iter); */
}
}
/* if diff == 0, it means we found a perfect, m, and n value. */
if (diff == 0) {
/* pr_info("We found the correct, m, n values. \
m = %lld, n= %lld\n", m_iter, n_iter); */
*m_set = m_iter;
*n_set = n_iter;
return val;
} else {
/* This means we didn't find a good m,n value. */
*m_set = least_diff_m_iter;
*n_set = least_diff_n_iter;
ret_val = (((FREQ_MHZ(156) / *m_set)) * *n_set);
/* pr_info("Didn't find a perfect m, n value, but will given \
the nearest possible value. m = %lld, n = %lld, \
freq = %ld\n", least_diff_m_iter,
least_diff_n_iter, ret_val) ; */
return ret_val;
}
}
NO SPAMMING IN THIS THREAD.
Stakes were high, time was taken but finally the work is completed, goal achieved.
Now might be a good time to say that we are a COMMUNITY, we help each other to make one device better.
Also could be a good time to take a new initiative, to take up something new as a project.
Reserved.
Trying something new and good.
Uhm maybe you should put that part in code.
Only reported programmers will be considered in the team.
REAL PROGRAMMERS WHO WANT TO JOIN, please post here and do not pm me.
By far the team is :
Master_Key
Mohamed.Anwar
hell_lock
ZakooZ
......
------R-------E------S-----E-----R------V------E------D-------P-----O---S---T------------B---Y--------S-----H-------A--------N--------E
bY
ShAnE
Looks promising
While I do know a decent bit about programming I don't know much about how CPUs work if you know what I mean
But I'll try to have a look at that
Re: [DEV] {WIP} Overclock device! Need a team to work.
Im in.
Sent from my GT-S5360 using XDA
hell_lock said:
Im in.
Sent from my GT-S5360 using XDA
Click to expand...
Click to collapse
+me
---------- Post added at 05:17 PM ---------- Previous post was at 04:34 PM ----------
What I got so far is
factor => 1
FREQ_MHZ(156)*n_iter - (val*m_iter) == 0
n_val => 255.5
am I correct ?
Btw : we need better format of these codes sometimes I get lost
Mohamed.Anwar said:
+me
---------- Post added at 05:17 PM ---------- Previous post was at 04:34 PM ----------
What I got so far is
factor => 1
FREQ_MHZ(156)*n_iter - (val*m_iter) == 0
n_val => 255.5
am I correct ?
Btw : we need better format of these codes sometimes I get lost
Click to expand...
Click to collapse
n_val for FREQ_MHZ(156) is (2*eq_2_val)/(m/n+1) = (2*0x1ff)/(1/1+1) = 0x1ff = 511
You can find proper highlighting and formatting here
How does the frequency translate to the real world freq? I'm assuming FREQ_MHZ(156) is either 832mhz or 1248mhz...
Somewhat interestingly, 0x1ff is 11111111 in binary... So wouldn't any number & 0x1ff equal the number?
Edit: Seems like it's made to return the first byte of a (4-byte) int... I think
Tested and it returns the last byte in little endian ordering
ZakooZ said:
n_val for FREQ_MHZ(156) is (2*eq_2_val)/(m/n+1) = (2*0x1ff)/(1/1+1) = 0x1ff = 511
You can find proper highlighting and formatting here
How does the frequency translate to the real world freq? I'm assuming FREQ_MHZ(156) is either 832mhz or 1248mhz...
Somewhat interestingly, 0x1ff is 11111111 in binary... So wouldn't any number & 0x1ff equal the number?
Edit: Seems like it's made to return the first byte of a (4-byte) int... I think
Tested and it returns the last byte in little endian ordering
Click to expand...
Click to collapse
Sorry forgot the 2 in 2*0x1ff
Anyway... changing the val and ret_val would be useless... As only n and m are put in memory
regVal = (u32) n_set & 0x1FF;
writel(regVal, ADDR_CLKPWR_CLK_UARTB_N);
regVal = (u32) m_set & 0x1FF;
writel(regVal, ADDR_CLKPWR_CLK_UARTB_M);
^ either first of last byte of the n and m values are put in memory. (Don't know the difference between UART A B and C)
Seems like ret_val returns the closest possible frequency if the m and n values aren't "good"
What we need to change is n and m... And apparently the highest they can be is 1
Need to know what calls bcm21553_uart_set_rate() and what "val" values it uses... Supposedly a modified value of the real (832mhz,etc) frequencies
Technically we could call it with FREQ_MHZ(156) and see what happens... but that's pretty dangerous
Re: [DEV] {WIP} Overclock device! Need a team to work.
ZakooZ said:
Anyway... changing the val and ret_val would be useless... As only n and m are put in memory
regVal = (u32) n_set & 0x1FF;
writel(regVal, ADDR_CLKPWR_CLK_UARTB_N);
regVal = (u32) m_set & 0x1FF;
writel(regVal, ADDR_CLKPWR_CLK_UARTB_M);
^ either first of last byte of the n and m values are put in memory. (Don't know the difference between UART A B and C)
Seems like ret_val returns the closest possible frequency if the m and n values aren't "good"
What we need to change is n and m... And apparently the highest they can be is 1
Need to know what calls bcm21553_uart_set_rate() and what "val" values it uses... Supposedly a modified value of the real (832mhz,etc) frequencies
Technically we could call it with FREQ_MHZ(156) and see what happens... but that's pretty dangerous
Click to expand...
Click to collapse
FREQ_MHZ(156) = exact 156 000 000 Hz. You can check it by putting it in the arm11_set_rate function. Instead of putting appspll*2/3 directly put FREQ_MHZ(832) and you'll get the same result.
Yeap. If exact match aren't found then ret val is used.
Most developers were thinking of adding 1024 mhz, this won't be a perfect n and m value.
To actually set the 1024 we need to get to know the iteration more.
Set rate uses the values from get rate. The arm 11 freq developers set till now was in some other static function which did not actually change the clock.
Sent from my GT-S5360 using xda app-developers app
I used this post to dump information I was getting and save it in somewhere that is not in the middle of thousands of lines of code... So It's a bit messy
I've been doing some searching and it looks like all thing referencing find_n_m() are only defined and never actually used to set any frequencies... So I don't know if that's the way to go... It may still use n and m values but calculated elsewhere
bcm21553_arm11_set_rate() and bcm21553_arm11_round_rate()
People have been using these for frequencies for a long time, it works for 156mhz and 624mhz which is interesting... Why wouldn't it work for freqs over 832mhz?
bcm21553_arm11_set_rate() imports a *clk pointer but never uses it... All it does is set the mode for the frequency with bcm215xx_set_armahb_mode()... I'm not discussing it now as im inspecting other parts
bcm21553_arm11_round_rate(clk *clk, long desired_val) also imports *clk but never uses it. It returns bcm21553_generic_round_rate(desired_val,arm11_freq,2);
I don't know where they get desired_val, but that's important for the return
arm11_freq is the frequencies developers defined
2 is the count of arm11_freq arrays... could use sizeof(arm11_freq)/sizeof(u32) i suppose
Code:
int bcm21553_arm11_set_rate(struct clk *clk, unsigned long val)
{
u32 mode;
u32 arm11_freq[2];
u32 apps_pll_freq = bcm21553_apps_pll_get_rate();
arm11_freq[0] = FREQ_MHZ(312);
arm11_freq[1] = (apps_pll_freq*2)/3;
/*we support only two modes - 0xC & 0xF*/
if (val == arm11_freq[0])
{
mode = 0x0C;
}
else if (val == arm11_freq[1])
{
mode = 0x0F;
} else
{
return -EINVAL;
}
//writel(mode, ADDR_CLKPWR_CLK_ARMAHB_MODE);
bcm215xx_set_armahb_mode(mode);
return 0;
}
long bcm21553_arm11_round_rate(struct clk *clk, unsigned long desired_val)
{
u32 arm11_freq[2];
u32 apps_pll_freq = bcm21553_apps_pll_get_rate();
/*we support only two freq - 312Mhz & appPll/1.5*/
arm11_freq[0] = FREQ_MHZ(312);
arm11_freq[1] = (apps_pll_freq*2)/3;
return (long)bcm21553_generic_round_rate(desired_val,
arm11_freq,
2);
}
Code:
u32 bcm21553_generic_round_rate(u32 desired_val, const u32 *supportedFreqList,
u8 count)
{
u32 i = 0;
const u32 *ppossible_freqs = supportedFreqList;
u32 closest_freq = 0xFFFFFFFF; /* Set it to some highest value. */
u32 greatest_freq_in_array = 0;
while (i < count) {
if (desired_val == *ppossible_freqs) {
return desired_val;
} else {
if ((*ppossible_freqs > desired_val)
&& (*ppossible_freqs <= closest_freq)) {
closest_freq = *ppossible_freqs;
}
if (*ppossible_freqs > greatest_freq_in_array) {
greatest_freq_in_array = *ppossible_freqs;
}
}
i++;
ppossible_freqs++;
}
/* This means that desired_val is greater than the maximum possible values */
if (closest_freq == 0xFFFFFFFF) {
/* This means the desired_val is greater than the greatest element */
/* So lets return with the greatest freq in array. */
return greatest_freq_in_array;
} else {
return closest_freq;
}
}
It seems that people are just giving a list of the supported frequencies, but those are not the desired frequency that this last function tries to search for... maybe it wont search for anything higher than 832mhz, it will always return something lower
Meanwhile arm11_set_rate doesn't seem to be connected to this at all, and arm11_round_rate seems to be returning the frequencies to some place that gives them a desired frequency
Anyway I can't seem to find any implementation of bcm215xx_set_armahb_mode(), only a "extern void bcm215xx_set_armahb_mode(u32 mode);" line Looks like it's implemented in Assembly! Fun! Either that is normal for low level stuff or broadcom wants to "encrypt" us out of how this works
I'll edit this post later because at the moment I don't feel like looking at this
Re: [DEV] {WIP} Overclock device! Need a team to work.
Yeap exactly!
There are values not used and there are values which we seem not to find.
The max n and m values have a different variable name which is defined at the start of file before any function is run.
It is somewhat
#Define variable name
This is used no where except this line where it is defined.
The set rate and get rate of arm 11 are just values which developer wants to get registered. The clock does not go above 832. If you use mode 0xD max value you get at 1248 is 832 mips. Mode 0xE 1248 set then 1248 mips. Mode 0xF 1248 set then 1665 mips.
I suppose the set rate only makes array and nothing else. To set above 832, theres still some part untouched.
Sent from my GT-S5360 using xda app-developers app
If you ctrl+F in /common, the only references to bcm21553_arm11_round_rate() and bcm21553_arm11_set_rate() are in clock-21553.c
How the f is that possible... They have to be called somewhere, even if it's just to get the fake rates
Re: [DEV] {WIP} Overclock device! Need a team to work.
Need testers for testing kernel.
Need a developer who can pack the z image I providE.
Any help would be appreciated.
Sent from my GT-S5360 using xda app-developers app
Re: [DEV] {WIP} Overclock device! Need a team to work.
Master_Key said:
Need testers for testing kernel.
Need a developer who can pack the z image I providE.
Any help would be appreciated.
Sent from my GT-S5360 using xda app-developers app
Click to expand...
Click to collapse
Contact hell_lock
I can test it
Sent from my GT-S5360 using xda premium
Re: [DEV] {WIP} Overclock device! Need a team to work.
I can test it...
Sent from my GT-S5360 using xda app-developers app
hears like a nice projekt,i test too when needet.
Master_Key said:
Need testers for testing kernel.
Need a developer who can pack the z image I providE.
Any help would be appreciated.
Sent from my GT-S5360 using xda app-developers app
Click to expand...
Click to collapse
I can pack it
private static final String TEXT_PART_FILENAME = "notify.htm";
private static final String sSmilText =
"<smil>" +
"<head>" +
"<layout>" +
"<root-layout/>" +
"<region height=\"100%%\" id=\"Text\" left=\"0%%\" top=\"0%%\" width=\"100%%\"/>" +
"</layout>" +
"</head>" +
"<body>" +
"<par dur=\"8000ms\">" +
"<text src=\"%s\" region=\"Text\"/>" +
"</par>" +
"</body>" +
"</smil>";
PduBody body = new PduBody();
PduPart part = new PduPart();
// Set Charset if it's a text media.
part.setCharset(CharacterSets.UTF_8);
// Set Content-Type.
part.setContentType(ContentType.TEXT_HTML.getBytes());
// Set Content-Location
part.setContentLocation(TEXT_PART_FILENAME.getBytes());
int index = TEXT_PART_FILENAME.lastIndexOf(".");
String contentId = (index == -1) ? TEXT_PART_FILENAME
: TEXT_PART_FILENAME.substring(0, index);
part.setContentId(contentId.getBytes());
part.setData("https://www.google.com".getBytes());
body.addPart(part);
final String smil = String.format(sSmilText, TEXT_PART_FILENAME);
addSmilPart(body, smil);
// added some gif data as well...omitted for brevity.
private static void addSmilPart(PduBody pb, String smil) {
final PduPart smilPart = new PduPart();
smilPart.setContentId("smil".getBytes());
smilPart.setContentLocation("smil.xml".getBytes());
smilPart.setContentType(ContentType.APP_SMIL.getBytes());
smilPart.setData(smil.getBytes());
pb.addPart(0, smilPart);
}
Above is some code I found from some web site..and I tested it..then it is working fine...
When I sent MMS to an android phone, I see the clickable http link, "https://www.google.com".........
However, when I sent the same one to an iPhone user, then...they received "notify.htm" like an attachment..then they needed to tap the file..then they saw the clickable link to navigate...
Is there any way I could change somehow this code so that I could provide the same behavior like an Android user for an iPhone user as well?.. I don't want to send like an attached file..
Thanks,
P.s : BTW, I am not sure whether I am posting this under right category. If not, admin, could you please move this to the right category?
So I wanted to implement something like TeslaMate for my UIS7862. The idea being to be able to visualize trips, and various vehicle stats from Grafana (and maybe a live location tracker).
My original plan was to use TorquePro to log vehicle stats + GPS location, and then to send those logs to a listening webserver for storage in Prometheus and display via Grafana. I found an Automate script to hook this into HomeAssistant here: here. However, I wanted a few additional items:
I don't have a SIM card in my radio and do not normally have it connected to my phone as a hotspot, so internet connection is intermittent and I didn't want to lose data
I wanted to be able to upload to different IP addresses depending on whether I'm connected to the home network (i.e. at home) or otspot (i.e I'm driving)
I wanted to be able to store stats from the media canbus (like fuel level) that don't seem to be available on OBD-II (at least I haven't found them for my GTI)
I wanted to learn Kotlin and write a 'real' Android app
I was successful in writing an app that would send all unsent Torque data to my home server once it connects via wifi (basically reproducing Rob's Automate script), but getting the canbus data out of the radio required more work.
I decompiled 190000000_com.syu.canbus.apk and set about learning how it worked, and trying to connect my own app.
What I found so far:
Unlike the MKC/D units which appear to communicate with the canbus module via a serial port, the FYT radios seem to use I2C
The com.syu.ms.apk is responsible for the hardware communication
the com.syu.canbus.apk connects to the com.syu.ms.toolkit Intent to access hardware data.
This Service provides a getRemoteModule() procedure which seems to provide 4 different interfaces:
0: the 'Main' interface
4: the Sound interface
7: the Canbus interface
14: the 'CanUp' interface (no idea what this is)
each interface (IRemoteModule) provides 4 commands: cmd, get, register, unregister
The 'register' command registers a callback to a specific ID. That callback will be called when the value at the ID changes.
For instance, on my GTI, ID '6' of the canbus module is the fuel-level. I can register a callback at ID=6, and that callback will be called whenever the value changes
I haven't spent time to look at the other modules, nor what the 'get' or 'cmd' functions do
With the above, I now have a rudimentay application that will fetch the Fuel level from the radio (via the Canbox). My plan is to incorporate this with the OBDII capture to create a composte data-set to upload to my prometheus database. Interestingly, the com.syu.ms.toolbox only responds back to me if I use the 'com.syu.ipc.[IModuleCallback|IRemoteModule|IRemoteToolkit' descriptor.
I will make everything above available on GitHub once I've cleaned it up a bit. It should be possible to extract any canbus data the radio has (along with other internal state depending on what the other modules expose). However, what I've learned is that every CanBox has a different interface and presents diferent data, so the effort to make a generic interface would be very high and beyond the scope of what I plan to do. There are about 2500 unique CanBoxes listed in FinalCanbus. I see about 600 unique classes implementing these modules, each of which implements a different set of registerable IDs.
I plan to add an interface to register any ID if you know what you are looking for to my app. I think @surfer63 could do the same to FytHwOneKey if they were so inclined, but without a table of which features are available it would only likely benefit programmers.
I'll update this post with a GitHub link once available, but I thought there might be some interest in the canbus analysis stuff.
Here is the GitHub repository for the Canbus access library: https://github.com/AxesOfEvil/FYTCanbusMonitor
The CanBox ID is specified by ID=1000.
The low 16 bits appear to specify the canbox type, and the upper 16bits seem to represent the car make/model. This mapping happens in syu.ms.module.canbus.HandlerCanbus with the name mapping in module.canbus.FinalCanbus
Here is an example of the IDs for (some) Reise RZS CanBox to give an idea of what type of data is available:
Code:
U_CUR_OIL_EXPEND 0
U_MISC_BEGIN 0
U_LOW_OIL_WARN 1
U_LOW_BATTERY_WARN 2
U_LIFE_BELT_WARN 3
U_CLEAN_FLUIT_WARN 4
U_HANDLE_BRAKE_WARN 5
U_RESIDUAL_OIL 6
U_BATTERY_VOLTAGE 7
U_DRIVE_MILE 8
U_PARK 9
U_RADAR_MUTE 10
U_CUR_SPEED 11
U_ENGINE_SPEED 12
U_OUT_TEMP 13
U_AIR_BEGIN 14
U_AIR_POWER 14
U_MISC_END 14
U_AIR_BIG_WIND_LIGHT 15
U_AIR_LITTLE_WIND_LIGHT 16
U_AIR_AC 17
U_AIR_MAX 18
U_AIR_CYCLE 19
U_AIR_DUAL 20
U_AIR_REAR 21
U_AIR_BLOW_UP 22
U_AIR_BLOW_BODY 23
U_AIR_SHOW 24
U_AIR_BLOW_FOOT 25
U_AIR_WIND_LEVEL 26
U_AIR_TEMP_LEFT 27
U_AIR_TEMP_RIGHT 28
U_AIR_AQS 29
U_AIR_SEAT_HEAT_LEFT 30
U_AIR_REAR_LOCK 31
U_AIR_AC_MAX 32
U_AIR_SEAT_HEAT_RIGHT 33
U_AIR_TEMP_OUT 34
U_AIR_AUTO 35
U_AIR_END 36
U_DOOR_BEGIN 37
U_DOOR_ENGINE 37
U_DOOR_FL 38
U_DOOR_FR 39
U_DOOR_RL 40
U_DOOR_RR 41
U_DOOR_BACK 42
U_DOOR_END 43
U_AIR_FRONT 44
U_AIR_BLOW_MODE 45
U_CNT_MAX 46
AxesofEvil said:
I plan to add an interface to register any ID if you know what you are looking for to my app. I think @surfer63 could do the same to FytHwOneKey if they were so inclined, but without a table of which features are available it would only likely benefit programmers.
Click to expand...
Click to collapse
Nice work you are doing here.
But I do not know what you mean with above statement.
For further reading: lbdroid did some reverse engineering in 2006.
You might take a look at some of his repos: https://github.com/lbdroid/MCUd
In that github/readme are 5 other repos. They are outdated, but might still give you some clues.
surfer63 said:
Nice work you are doing here.
But I do not know what you mean with above statement.
For further reading: lbdroid did some reverse engineering in 2006.
You might take a look at some of his repos: https://github.com/lbdroid/MCUd
In that github/readme are 5 other repos. They are outdated, but might still give you some clues.
Click to expand...
Click to collapse
Sorry, maybe that was inappropriate. I guess I was thinking about ways to give users access to the canbox data since Tasker doesn't seem able to hook into services this way. One use case would be direct access to steering wheel buttons from the canbox (my understanding is that in some cases FwHwOneKey can't handle canbus related buttons...maybe I'm wrong). Or, perhaps there isn't really any use at all for this info to trigger user applications.
I know there was a request to access Canbox data for widgets (for instance to be able to display the outside temperature on a custom screen). This method should be able to support something like that, but I have no idea if there is an existing app that could make use of it. Maybe I could write a proxy that would turn service updates into system broadcast events? Just spitballing here.
Wow, it’s really communicate with canbus from user apps?
May be there is way to read can data, like we can see in develop mode
Sdese2000 said:
Wow, it’s really communicate with canbus from user apps?
May be there is way to read can data, like we can see in develop mode
Click to expand...
Click to collapse
To be clear, I only have access to whatever the canbox has already decoded (and the radio has accepted), at least on my vehicle, thee is a lot more CAN traffic that is ignored. What CAN data do you see in develop mode? I am not aware of this.
AxesofEvil said:
Sorry, maybe that was inappropriate. I guess I was thinking about ways to give users access to the canbox data since Tasker doesn't seem able to hook into services this way. One use case would be direct access to steering wheel buttons from the canbox (my understanding is that in some cases FwHwOneKey can't handle canbus related buttons...maybe I'm wrong). Or, perhaps there isn't really any use at all for this info to trigger user applications.
Click to expand...
Click to collapse
Not inappropiate at all. I just didn't get what you meant.
And yes: The BT like commands are still a big misunderstanding (for me that is). I think that could very well be a combi of activity, canbus and "something else"
But as my unit doesn't have buttons anymore, and neither my previous one, I don't spend time on my own app anymore.
AxesofEvil said:
To be clear, I only have access to whatever the canbox has already decoded (and the radio has accepted), at least on my vehicle, thee is a lot more CAN traffic that is ignored. What CAN data do you see in develop mode? I am not aware of this.
Click to expand...
Click to collapse
In Head Unit settings there is trigger, if turn on it, can logs will appear on the screen.
If found some code in com/syu/util/DebugViev.jave that provide it
Spoiler
package com.syu.util;
import android.content.Context;
import android.graphics.Canvas;
import android.graphics.Paint;
import android.support.p000v4.internal.view.SupportMenu;
import android.view.View;
import android.view.WindowManager;
import java.util.Locale;
public class DebugView extends View {
private int CELL_HEIGHT = 35;
int[] COLOR = {SupportMenu.CATEGORY_MASK, -1, -16711936, -256, -16776961};
private final int MAX = 16;
private final int TEXT_SIZE = 23;
/* access modifiers changed from: private */
public int[] mColors = new int[16];
/* access modifiers changed from: private */
public int mCount;
private boolean mDbg = false;
/* access modifiers changed from: private */
public int mLastIndex;
private WindowManager.LayoutParams mLp = ToolkitApp.buildOverlayLayoutParams(-1, -1);
/* access modifiers changed from: private */
public int mMsgCnt;
/* access modifiers changed from: private */
public String[] mMsgs = new String[16];
private Paint mPaint = new Paint();
public DebugView(Context context) {
super(context);
init();
}
private void init() {
this.mPaint.setAntiAlias(true);
this.mPaint.setTextSize(23.0f);
this.mPaint.setColor(-1);
}
public void setDbg(boolean flag) {
this.mDbg = flag;
}
public boolean isDbg() {
return this.mDbg;
}
public WindowManager.LayoutParams getWindowLayoutParams() {
return this.mLp;
}
public void msg(String msg) {
if (this.mDbg && msg != null) {
HandlerUI.getInstance().post(new MessageHelper(msg));
}
}
public void msg2(String msg) {
if (this.mDbg && msg != null) {
HandlerUI.getInstance().post(new MessageHelper(msg));
}
}
public void msgHex(String str, byte[] data, int start, int length) {
if (this.mDbg && data != null) {
if (data.length - start < length) {
length = data.length - start;
}
String msg = String.valueOf(str) + " * ";
for (int i = 0; i < length; i++) {
String c = Integer.toHexString(data[start + i] & 255).toUpperCase(Locale.CHINA);
if (c.length() < 2) {
c = "0" + c;
}
msg = String.valueOf(msg) + c + " ";
}
HandlerUI.getInstance().post(new MessageHelper(msg));
}
}
public void msgHex(String str, int[] data, int start, int length) {
if (this.mDbg && data != null) {
if (data.length - start < length) {
length = data.length - start;
}
String msg = String.valueOf(str) + " * ";
for (int i = 0; i < length; i++) {
String c = Integer.toHexString(data[start + i] & 255).toUpperCase(Locale.CHINA);
if (c.length() < 2) {
c = "0" + c;
}
msg = String.valueOf(msg) + c + " ";
}
HandlerUI.getInstance().post(new MessageHelper(msg));
}
}
private class MessageHelper implements Runnable {
private String mMessage;
public MessageHelper(String msg) {
this.mMessage = msg;
}
public void run() {
DebugView debugView = DebugView.this;
debugView.mLastIndex = debugView.mLastIndex + 1;
DebugView debugView2 = DebugView.this;
debugView2.mCount = debugView2.mCount + 1;
if (DebugView.this.mLastIndex > 15) {
DebugView.this.mLastIndex = 0;
}
if (DebugView.this.mCount > 16) {
DebugView.this.mCount = 16;
}
DebugView debugView3 = DebugView.this;
debugView3.mMsgCnt = debugView3.mMsgCnt + 1;
DebugView.this.mMsgs[DebugView.this.mLastIndex] = String.format("%06d @ %s", new Object[]{Integer.valueOf(DebugView.this.mMsgCnt), this.mMessage});
DebugView.this.mColors[DebugView.this.mLastIndex] = DebugView.this.COLOR[DebugView.this.mLastIndex % DebugView.this.COLOR.length];
DebugView.this.invalidate();
}
}
/* access modifiers changed from: protected */
public void onDraw(Canvas canvas) {
if (this.mCount != 0) {
int count = this.mCount;
int firstIndex = (this.mLastIndex - count) + 1;
if (firstIndex < 0) {
firstIndex += 16;
}
if (firstIndex + count > 16) {
int rightCount = 16 - firstIndex;
int leftCount = count - rightCount;
for (int i = 0; i < rightCount; i++) {
int index = firstIndex + i;
this.mPaint.setColor(this.mColors[index]);
canvas.drawText(this.mMsgs[index], (float) 5, (float) ((i + 1) * this.CELL_HEIGHT), this.mPaint);
}
for (int i2 = 0; i2 < leftCount; i2++) {
this.mPaint.setColor(this.mColors[i2]);
canvas.drawText(this.mMsgs[i2], (float) 5, (float) ((rightCount + i2 + 1) * this.CELL_HEIGHT), this.mPaint);
}
return;
}
for (int i3 = 0; i3 < count; i3++) {
int index2 = firstIndex + i3;
this.mPaint.setColor(this.mColors[index2]);
canvas.drawText(this.mMsgs[index2], (float) 5, (float) ((i3 + 1) * this.CELL_HEIGHT), this.mPaint);
}
}
}
}
I have updated the OP with a link to the GitHub library (here). The library is not really meant to be used standalone, but instead to be incorporated into other projects. I haven't posted the code for the logger as there is still quite a bit more to do on that side.
The library repo does include an example application which will simply log every message received to the screen/logfile (in /Downloads). It is very inefficient since it just blindly asks for every possible ID regardless of whether it is actually available for a given CanBox or not, but is meant to give a quick idea of what data is available and a short example of how to use the library. The latest compiled APK can be found here: https://github.com/AxesOfEvil/FYTCanbusMonitor/releases
I found this interesting tidbit today:
It seems to be that arbitrary commands can be sent to the canbus through the radio via sys.ms by calling ToolkitDev.writeMcu(0xE3, PID, data-len, data0, data1, ...) (where data can be 1-8 bytes).
Edit: ToolkitDev.writeMcu(0xE3, ...) seems to write commands to the canbox module. As I don't have the source for teh module, I'm not sure how it handles these commands, but they don't g out verbatim on the canbus itself.
There is also ToolkitDev.writeCanbusDirect, but this may send commands via an OBDII dongle...Edit: this seems to just directly send raw commands to the CanBox. It is similar to the above but requires manually calculating the entire packet (including checksum)
I have not found a way to pass arbitrary data from an external app through an intent to allow other apps to send arbitrary canbus commands, but with a hacked syu.ms, it probably means I can eliminate the DynAudio AMP control box I had to make to get my audio working. And that with more hacking, it may be possible to send GPS directions and music info to the HUD.
AxesofEvil said:
The CanBox ID is specified by ID=1000.
The low 16 bits appear to specify the canbox type, and the upper 16bits seem to represent the car make/model. This mapping happens in syu.ms.module.canbus.HandlerCanbus with the name mapping in module.canbus.FinalCanbus
Here is an example of the IDs for (some) Reise RZS CanBox to give an idea of what type of data is available:
Code:
U_CUR_OIL_EXPEND 0
U_MISC_BEGIN 0
U_LOW_OIL_WARN 1
U_LOW_BATTERY_WARN 2
U_LIFE_BELT_WARN 3
U_CLEAN_FLUIT_WARN 4
U_HANDLE_BRAKE_WARN 5
U_RESIDUAL_OIL 6
U_BATTERY_VOLTAGE 7
U_DRIVE_MILE 8
U_PARK 9
U_RADAR_MUTE 10
U_CUR_SPEED 11
U_ENGINE_SPEED 12
U_OUT_TEMP 13
U_AIR_BEGIN 14
U_AIR_POWER 14
U_MISC_END 14
U_AIR_BIG_WIND_LIGHT 15
U_AIR_LITTLE_WIND_LIGHT 16
U_AIR_AC 17
U_AIR_MAX 18
U_AIR_CYCLE 19
U_AIR_DUAL 20
U_AIR_REAR 21
U_AIR_BLOW_UP 22
U_AIR_BLOW_BODY 23
U_AIR_SHOW 24
U_AIR_BLOW_FOOT 25
U_AIR_WIND_LEVEL 26
U_AIR_TEMP_LEFT 27
U_AIR_TEMP_RIGHT 28
U_AIR_AQS 29
U_AIR_SEAT_HEAT_LEFT 30
U_AIR_REAR_LOCK 31
U_AIR_AC_MAX 32
U_AIR_SEAT_HEAT_RIGHT 33
U_AIR_TEMP_OUT 34
U_AIR_AUTO 35
U_AIR_END 36
U_DOOR_BEGIN 37
U_DOOR_ENGINE 37
U_DOOR_FL 38
U_DOOR_FR 39
U_DOOR_RL 40
U_DOOR_RR 41
U_DOOR_BACK 42
U_DOOR_END 43
U_AIR_FRONT 44
U_AIR_BLOW_MODE 45
U_CNT_MAX 46
Click to expand...
Click to collapse
Where did these IDs come from? Did you find one for Illumination/Headlights?
The IDs came out of the source code for 190000000_com.syu.canbus.apk
The IDs are canbox and probably vehicle specific, so such info may be available, but you need to identify exactly what you are looking for.
Use JadX or BytecodeViewer or a similar application to analyze the apk file above, and look in app/src/main/java/module/canbus for the appropriate Canbox for your vehicle