Has anyone been able to extract amss.bin from radio.img? Or the efs filesystem (Not the same as /efs btw.)?
Would anyone be interested in helping me rip apart a radio image?
I've googled around looking for any instances of extracting the radio firmware from radio.img and have come up with nothing.
More information for those who know less about the baseband:
What is it?
AMSS is the name Qualcomm gives the software that runs the phones modem. When the modem software is compiled, it is encrypted and stored in a file called amss.bin. There is a small entry point in amss.bin which decrypts the image into the phones memory during boot and then executes it.
What does it do?
Its job is to find, connect, and decode cell phone signals and convert them to usable data. In most older cell phones the phones operating system was a part of this as well, but with android the modem runs along side android (Question: Is it a separate processor for the baseband? or is it somehow multiplexed with android on the main CPU?)
This software reads settings that were set either by the phone itself (2G/3G or 4G data, PRL on cdma, APN settings, and other radio related things.) or by the carrier/manufacturer (NVRAM) and changes its behavior accordingly.
It then accepts commands and gives responses to another piece of software (In this case android) which does something useful with the phones modem. (Dials a phone number, connects to a data service, etc) and lets the software know when events happen (Text messages, incoming calls, etc)
The modem firmware (amss.bin) is inside radio.img for the nexus s 4g, This much should be blatantly obvious. However, the phones EFS filesystem (FAT12 IIRC) is also located here as well. radio.img may be encrypted or compressed, (Why it takes so long to flash a radio update to the nexus s 4g)
Why?
With access to amss.bin it can be decrypted and disassembled to show the phones true inner workings, and I may be able to develop a solution to the absolutely terrible data speeds for the nexus s 4g (No matter where I go, with 3 different D720's now, I get 56k dialup speeds and once in a great while it will go up to 3g, unless I'm sitting right next to my airave.) or at least have an insight as to why this phones data is so slow.
How do you know all of this?
I originally tried to get android running on a Samsung Eternity, I was able to decode the first part of AMSS.BIN but then realized that writing the radio interface layer for android was going to be a real challenge, not to mention that the phones hardware was barely capable of running 1.5 (And by barely I mean not really capable at all). But I learned an awful lot about the internals of Qualcomm phones along the way, and even wrote a small utility to edit the boot images and EFS filesystem (In this case, EFS also held the OS itself, not just the radio stuff)
Great read. I have no experience in this, nor any worthwhile software experience so I doubt i can help you, but if you think I can just let me know. I havn't experienced any particular issues on my GSM Nexus though. It's not like I get to use data very often anyway considering how little data i have and the state of Vodas current data network.
Question: Is it a separate processor for the baseband? or is it somehow multiplexed with android on the main CPU?
Answer: On phones like the Nexus S where the "Sleep" state (and even "Deep Idle" state) shuts off the CPU entirely, there must be a seperate low-power processor just for decoding and sorting through cell signals. This, in turn, will wake up the main CPU when something happens (call, text message, push notification, etc). That should clear a little up for you.
If I had skills required I would gladly help you, But I don't. It seems like you have done your homework, and done this before, so what exactly do you need help with? Re-writing it?
By the way that was a very interesting read!
Sent from my Nexus S 4G using XDA App
Very good read, and useful info. Have you tried mounting the radio.img in Linux, yet? I don't know exactly how to do it, but you should be able to. I run Linux dual booted with Windows, and have mounted the system.img no problem. I tried with the recovery.img, but no luck. I think you have to mount it as another filesystem.
mabry said:
Very good read, and useful info. Have you tried mounting the radio.img in Linux, yet? I don't know exactly how to do it, but you should be able to. I run Linux dual booted with Windows, and have mounted the system.img no problem. I tried with the recovery.img, but no luck. I think you have to mount it as another filesystem.
Click to expand...
Click to collapse
I doubt that radio.img would mount, Android is based on linux and uses linux filesystems. The radio is different, its more the same class as a bootloader (or rather, somewhere between). It does have a filesystem in that radio.img, but its likely encrypted.
Code:
Mar 15 17:45:28 localhost kernel: EXT3-fs (loop0): error: can't find ext3 filesystem on dev loop0.
Mar 15 17:45:28 localhost kernel: EXT2-fs (loop0): error: can't find an ext2 filesystem on dev loop0.
Mar 15 17:45:28 localhost kernel: EXT4-fs (loop0): VFS: Can't find ext4 filesystem
Mar 15 17:45:28 localhost kernel: SQUASHFS error: Can't find a SQUASHFS superblock on loop0
Mar 15 17:45:28 localhost kernel: FAT-fs (loop0): bogus number of reserved sectors
Mar 15 17:45:28 localhost kernel: FAT-fs (loop0): Can't find a valid FAT filesystem
Mar 15 17:45:28 localhost kernel: FAT-fs (loop0): bogus number of reserved sectors
Mar 15 17:45:28 localhost kernel: FAT-fs (loop0): Can't find a valid FAT filesystem
Mar 15 17:45:28 localhost kernel: ISOFS: Unable to identify CD-ROM format.
Mar 15 17:45:28 localhost kernel: hfs: unable to find HFS+ superblock
Mar 15 17:45:28 localhost kernel: hfs: can't find a HFS filesystem on dev loop0.
Mar 15 17:45:28 localhost kernel: ufs was compiled with read-only support, can't be mounted as read-write
Mar 15 17:45:28 localhost kernel: UDF-fs: warning (device loop0): udf_load_vrs: No VRS found
Mar 15 17:45:28 localhost kernel: UDF-fs: Rescanning with blocksize 2048
Mar 15 17:45:28 localhost kernel: UDF-fs: warning (device loop0): udf_load_vrs: No VRS found
Mar 15 17:45:28 localhost kernel: UDF-fs: warning (device loop0): udf_fill_super: No partition found (1)
NS4G.John said:
If I had skills required I would gladly help you, But I don't. It seems like you have done your homework, and done this before, so what exactly do you need help with? Re-writing it?
By the way that was a very interesting read!
Sent from my Nexus S 4G using XDA App
Click to expand...
Click to collapse
I need help getting amss.bin out of radio.img. I know how to deal with amss.bin once I have it, but I cannot find it in radio.img by signature (And indeed it would be hard to find anyway, due to how many signatures there are, and the length of the file is unknown.)
I mean, to clarify, I know I'm looking right at it, and I know when I'm in the middle of it. but I don't get where it starts and ends. And that is the important part.
A string dump of radio.img makes it appear as though the radio is un-encrypted. I could be wrong.
Stuff that makes me think its unencrypted:
Code:
desktop crespo4g # strings radio.img | grep amss
amss_start = 0x%x, amss_size = 0x%x
Code:
desktop crespo4g # strings radio.img | grep AMSS
0:AMSS
0:AMSS
0:AMSS
0:AMSS
0:AMSS
0:AMSS
AMSS
AMSS
AMSS_BOOT
AMSS_FILL_PAD_1
AMSS_EMPTY_PAD_1
AMSS_ZI_REGION
AMSS_EMPTY_PAD_2
AMSS_AUTOGENERATED_CODE_1
AMSS_AUTOGENERATED_CODE_2
AMSS_MODEM_CODE_1
AMSS_FILL_PAD_2
AMSS_MODEM_DATA_2
AMSS_MODEM_DATA_1
AMSS_APP_RAM
AMSS_FILL_PAD_3
AMSS_INTERNAL_BOOT_RAM_1
AMSS_INTERNAL_BOOT_RAM_2
AMSS_FILL_PAD_4
AMSS_MAIN_APP_2
AMSS_MAIN_APP_3
AMSS_MAIN_APP_4
AMSS_MAIN_APP_4_REDBEND
AMSS_FILL_PAD_5
AMSS_MAIN_APP_DATA_1
AMSS_FILL_PAD_6
AMSS_SHARED_RAM
AMSS_EMPTY_PAD_3
AMSS_UNINIT_RAM
AMSS_EMPTY_PAD_4
Harbb said:
Great read. I have no experience in this, nor any worthwhile software experience so I doubt i can help you, but if you think I can just let me know. I havn't experienced any particular issues on my GSM Nexus though. It's not like I get to use data very often anyway considering how little data i have and the state of Vodas current data network.
Question: Is it a separate processor for the baseband? or is it somehow multiplexed with android on the main CPU?
Answer: On phones like the Nexus S where the "Sleep" state (and even "Deep Idle" state) shuts off the CPU entirely, there must be a seperate low-power processor just for decoding and sorting through cell signals. This, in turn, will wake up the main CPU when something happens (call, text message, push notification, etc). That should clear a little up for you.
Click to expand...
Click to collapse
If you look at things like XEN, it would be entirely possible that the host os (radio, in this case) is trapping and preventing CPU halting. As a matter of fact I believe that the evidence points in the opposite direction due to the fact that "Deep Idle" produces no measurable battery savings. Its entirely possible, and perhaps likely, that the radio acts as a sort of, hypervisor, that controls Android's access to the underlying hardware. I don't know if this type of virtualization is available on ARM though. It really could go either way. And even in a halt state, interrupts are usually still possible, So the radio may be running inside of a timer even.
The crespo/d720/Nexus S 4G/Whatever else you'd like to call it, has severe issues regarding data speeds. Sprint pretends the issue doesn't exist, Samsung pretends the issues doesn't exist, Google is mostly powerless because its a radio issue that Sprint and Samsung are responsible for fixing. Hacking this radio may be the solution, but I've gotta get amss.bin out of radio.img. Until I do, there is nothing I can do either.
Quick update
Pouring over radio.img I came across the following string
Code:
NICTOKL4 - (provider: Open Kernel Labs) built on May 19 2009 00:21:02 using
gcc version 3.4.4.
What does this mean?
It mean's that AMSS Runs on the same CPU as android, and that it runs as a Hypervisor (Microvisor as Open Kernel Labs calls it). It has control over what the android kernel has access to. This is pure speculation, but I would guess this is why Deep Idle doesn't provide any real tangible benefit when it really should.
Thanks for the informative read. D
plaguethenet said:
If you look at things like XEN, it would be entirely possible that the host os (radio, in this case) is trapping and preventing CPU halting. As a matter of fact I believe that the evidence points in the opposite direction due to the fact that "Deep Idle" produces no measurable battery savings. Its entirely possible, and perhaps likely, that the radio acts as a sort of, hypervisor, that controls Android's access to the underlying hardware. I don't know if this type of virtualization is available on ARM though. It really could go either way. And even in a halt state, interrupts are usually still possible, So the radio may be running inside of a timer even.
The crespo/d720/Nexus S 4G/Whatever else you'd like to call it, has severe issues regarding data speeds. Sprint pretends the issue doesn't exist, Samsung pretends the issues doesn't exist, Google is mostly powerless because its a radio issue that Sprint and Samsung are responsible for fixing. Hacking this radio may be the solution, but I've gotta get amss.bin out of radio.img. Until I do, there is nothing I can do either.
Click to expand...
Click to collapse
Unfortunately a lot of your work is out of my league. However, Deep Idle (and the Sleep state, and even the idle state) all have proven benefits in various ways. Deep Idle shuts off the processor for, generally (for music), 19ms out of 20ms if i remember correctly. Idle would clock the processor at zero in much the same way, however i don't understand exactly what benefit (or process) there is to it aside from effectively minimizing power consumption (estimating CPU power consumption relies on the frequency, turning this to 0 in a perfect system would eliminate power use with the processor "on".. in theory). Either way, even Idle has shown power savings - while idle is used there is a far lower power draw. Without it, the results are much more believable and expected for the frequency, showing that it saves power by clocking the cpu to 0.
Further, i havn't tried this myself, but isn't Android perfectly capable to run without a radio at all? Because of this i highly doubt the radio is a hypervisor of any sort aside from anything radio-specific. I'm fairly certain the Radio acts more like a WoL chip, invoking the rest of the system as soon as it is triggered. Some reading material, maybe those two links add some insight too.
There is evidence of my argument here. Maybe you have confused Deep Idle and Sleep, but either way the two have proven benefits.
One thing to note, all of this is done on GSM Nexus S'. It could very well be different for the 4G CDMA radio, and even for the i9020A variant (i have the i9023 and think bedalus has a i9020T - ONLY difference is the screen). I have no experience with either the i9020A or 4G so it's all hearsay if it comes from me.
Harbb said:
Unfortunately a lot of your work is out of my league. However, Deep Idle (and the Sleep state, and even the idle state) all have proven benefits in various ways. Deep Idle shuts off the processor for, generally (for music), 19ms out of 20ms if i remember correctly. Idle would clock the processor at zero in much the same way, however i don't understand exactly what benefit (or process) there is to it aside from effectively minimizing power consumption (estimating CPU power consumption relies on the frequency, turning this to 0 in a perfect system would eliminate power use with the processor "on".. in theory). Either way, even Idle has shown power savings - while idle is used there is a far lower power draw. Without it, the results are much more believable and expected for the frequency, showing that it saves power by clocking the cpu to 0.
Further, i havn't tried this myself, but isn't Android perfectly capable to run without a radio at all? Because of this i highly doubt the radio is a hypervisor of any sort aside from anything radio-specific. I'm fairly certain the Radio acts more like a WoL chip, invoking the rest of the system as soon as it is triggered. Some reading material, maybe those two links add some insight too.
There is evidence of my argument here. Maybe you have confused Deep Idle and Sleep, but either way the two have proven benefits.
One thing to note, all of this is done on GSM Nexus S'. It could very well be different for the 4G CDMA radio, and even for the i9020A variant (i have the i9023 and think bedalus has a i9020T - ONLY difference is the screen). I have no experience with either the i9020A or 4G so it's all hearsay if it comes from me.
Click to expand...
Click to collapse
Quite the opposite, I was saying that because android and the RTOS (Real time os, for the radio) run under a "Microvisor" which is much like XEN, Android can halt the CPU all it wants, but the underlying OS that is virtualizing android wont really allow it. There are others that say the opposite of deep idle. I myself have noticed no benefit from it.
This is the results of a real study about battery life, specifically stating that deep idle does nothing, and indeed, as I noted above, I myself have also noticed no benefit. (But it SHOULD give a MAJOR benefit, which is why its so puzzling)
You can read it here.
I'll go into a bit more detail to clarify:
The phones basic startup process is:
Hardcoded Cryptographically secure bootloader -> NICTOKL4 (OS Hypervisor, or as OKL calls it, Microvisor)
NICTOKL4 Starts up the RTOS, and FASTBOOT
Fastboot then loads either the battery charging screen, Android, or Recovery (Or boots into fastboot mode) depending on the state of the phone.
(I could be wrong about what launches what, and may be missing, but I know that RTOS and Androids boot code are started at the same time by the microvisor)
RTOS Is running at all times after the phone is first powered on after having the battery removed, However it will disconnect from the cell network and sleep if told to, or if it has nothing to talk to. (Airplane mode and "off")
This is very similar to say, Linode. Where BIOS/EFI Loads an OS (The hypervisor Dom-0) and that OS Launches multiple guest OS's (Dom-U)
NICTOKL4 Is the only part of the phone that has true access to the hardware, and marshalls requests (usually blocking requests) to modify other OS Memory space, or access hardware.
The radio itself is actually just another guest OS, running under NICTOKL4. Android is entirely capable of running without a radio, but not on a phone without replacing the radio with android boot code.
Back to Deep Idle and Sleep. Sleep can be done and should provide benefit, because the microvisor can sleep too. Guest Sleeps, Microvisor sees all guests sleeping, so it sleeps too.
However, the radio software absolutely requires realtime communication with the hardware and network, or else synchronization would be lost. So halting the CPU (As deep idle does) cannot be allowed by the radio, and therefore cannot be allowed by the microvisor.
The information about the microvisor is fact by the way, I've found it in the radio.img for both my phone, and the i90xx radios.
I'm not trying to outright reject what you're saying Harbb, I just feel like I'm having trouble translating what I know into words others can understand.
You can learn more about the microvisor and its capabilities here
plaguethenet said:
Quite the opposite, I was saying that because android and the RTOS (Real time os, for the radio) run under a "Microvisor" which is much like XEN, Android can halt the CPU all it wants, but the underlying OS that is virtualizing android wont really allow it. There are others that say the opposite of deep idle. I myself have noticed no benefit from it.
This is the results of a real study about battery life, specifically stating that deep idle does nothing, and indeed, as I noted above, I myself have also noticed no benefit. (But it SHOULD give a MAJOR benefit, which is why its so puzzling)
You can read it here.
Click to expand...
Click to collapse
That battery life Portal post was a preliminary finding, which now is FOR deep idle, not against it. The thread that is linked to in it actually takes you to the same thread that i posted above proving my argument on deep idle. Go through the first 5 or so posts in the thread it links to, you'll find my own findings and bedalus' findings, and now even nathanson666's findings which is basically a deep idle experiment under a 1kHz ampmeter which provides proof to the millisecond level (which is where deep idle works). The larger problem with deep idle is that there is very little besides music that can truly benefit from deep idle, aside from it helping the surrounding OS very slightly while awake with the screen off.
Also, do you mind clarifying the bolded part a bit more?
plaguethenet said:
I'll go into a bit more detail to clarify:
The phones basic startup process is:
Hardcoded Cryptographically secure bootloader -> NICTOKL4 (OS Hypervisor, or as OKL calls it, Microvisor)
NICTOKL4 Starts up the RTOS, and FASTBOOT
Fastboot then loads either the battery charging screen, Android, or Recovery (Or boots into fastboot mode) depending on the state of the phone.
(I could be wrong about what launches what, and may be missing, but I know that RTOS and Androids boot code are started at the same time by the microvisor)
RTOS Is running at all times after the phone is first powered on after having the battery removed, However it will disconnect from the cell network and sleep if told to, or if it has nothing to talk to. (Airplane mode and "off")
This is very similar to say, Linode. Where BIOS/EFI Loads an OS (The hypervisor Dom-0) and that OS Launches multiple guest OS's (Dom-U)
NICTOKL4 Is the only part of the phone that has true access to the hardware, and marshalls requests (usually blocking requests) to modify other OS Memory space, or access hardware.
The radio itself is actually just another guest OS, running under NICTOKL4. Android is entirely capable of running without a radio, but not on a phone without replacing the radio with android boot code.
Back to Deep Idle and Sleep. Sleep can be done and should provide benefit, because the microvisor can sleep too. Guest Sleeps, Microvisor sees all guests sleeping, so it sleeps too.
However, the radio software absolutely requires realtime communication with the hardware and network, or else synchronization would be lost. So halting the CPU (As deep idle does) cannot be allowed by the radio, and therefore cannot be allowed by the microvisor.
The information about the microvisor is fact by the way, I've found it in the radio.img for both my phone, and the i90xx radios.
I'm not trying to outright reject what you're saying Harbb, I just feel like I'm having trouble translating what I know into words others can understand.
You can learn more about the microvisor and its capabilities here
Click to expand...
Click to collapse
I am doing much the same, only friendly discussion here I don't have time at the moment but i'll get to reading some more on this soon.
Anyway. I can guarantee that the main CPU can entirely halt and effectively freeze EVERYTHING in the phone so long as the screen is off and nothing is keeping it awake, and likely the exact same thing happens with Deep Idle but while processing something (this runs on the race-to-idle principle, even if slightly lower clocks may be more efficient here - hurry the hell up so i can shut down the CPU). If such a thing can happen, how can you conclude that the CPU must stay awake? This is why i've narrowed it down to another chip that must be aiding the radio.
I'd write more but i must get going. Keen to see where this takes us.
Harbb said:
That battery life Portal post was a preliminary finding, which now is FOR deep idle, not against it. The thread that is linked to in it actually takes you to the same thread that i posted above proving my argument on deep idle. Go through the first 5 or so posts in the thread it links to, you'll find my own findings and bedalus' findings, and now even nathanson666's findings which is basically a deep idle experiment under a 1kHz ampmeter which provides proof to the millisecond level (which is where deep idle works). The larger problem with deep idle is that there is very little besides music that can truly benefit from deep idle, aside from it helping the surrounding OS very slightly while awake with the screen off.
Also, do you mind clarifying the bolded part a bit more?
Click to expand...
Click to collapse
The radio is a real time operating system. I'd imagine that halting the CPU and bringing it back up is too costly for the radio, and therefore would be prevented by the radio. As far as WoL like functionality, I don't see any chip on the board that could provide that for the radio (or indeed anything for that matter). The only thing that has any radio capability is the main Application Processor, which has to be shared.
Harbb said:
I am doing much the same, only friendly discussion here I don't have time at the moment but i'll get to reading some more on this soon.
Click to expand...
Click to collapse
I get a bit excited and tend to get very technical and often miss things or seem like I'm trying to argue when i'm not. I just wanted to clarify that it wasn't intended as such.
Harbb said:
Anyway. I can guarantee that the main CPU can entirely halt and effectively freeze EVERYTHING in the phone so long as the screen is off and nothing is keeping it awake, and likely the exact same thing happens with Deep Idle but while processing something (this runs on the race-to-idle principle, even if slightly lower clocks may be more efficient here - hurry the hell up so i can shut down the CPU). If such a thing can happen, how can you conclude that the CPU must stay awake? This is why i've narrowed it down to another chip that must be aiding the radio.
I'd write more but i must get going. Keen to see where this takes us.
Click to expand...
Click to collapse
The freezing may only be for android though, You can independenly suspened/halt and resume virtualized applications (Either at their request, or preemptively). So its entirly possible for Deep Idle to behave properly in android, but not have the overall effect that one would think it would have. The processor would have much less to do and as such it likely does have some effect but the allowing an OS to execute such a disruptive instruction defeats the purpose of virtualization, if that makes any sense. Indeed the virtualized machine is halted, and nothing else is executing in the virtualized instance during this time. But the radio and Microvisor are very much alive during this. (You wouldn't be able to get an incoming call if they weren't.)
So in summary my argument is this:
Android cannot completely disable the CPU, this would cause NUMEROUS issues with the underlying radio software. WoL/WoR like functionality would be implemented in the radio software, From a development standpoint the complications FAR outweigh the benefits of such a design, It would not be fiscally responsible to design radio software in this way. If the processor were truly off, the microvisor would be unable to run and it would defeat the purpose of having said microvisor in the first place.
It would appear to android that the CPU Was off, and everything would halt (for android only). This should produce some battery savings (As even when idle an android system as some upkeep to do), but no where near the kind of savings you'd see with a truly halted CPU (that is woken by external interrupts). I will admit I was unaware additional testing was done.
If the system was truly halted for any period of time, When it was woken, the radio would be disconnected and would have to reconnect. You'd lose the ability to get notified of an incoming call or text (and to the cell network, your phone would be offline). You'd know if the cpu was TRULY frozen/halted/suspended.
Now, I'm not saying that the CPU Can't be put into a stopped state, just that android itself cannot make this happen. The microvisor would need permission from the radio, and the microvisor itself, would also need to be set to sleep as well. The radio is unlikely to give permisison, and as long as the microvisor, any of its children, or server processes, require the CPU, it will not actually happen. But the OS that halted itself will enter a fake halted state. (In reality, the hyper/microvisor would replace a HLT with a NOOP and stop executing the child. To the child this seems like being halted, but other things are still at work here.)
Another quick thought on deep idle. Perhaps the radio spends alot of time sleeping. Ideally it would know how often to wake up the delay may be as large as 50ms, which would explain the battery savings.
I don't know how often the phone would be polling the tower so can't comment on how often the radio would be sleeping, however i can say that i've had averages of around 50-60ms of deep idle time and possibly more. This is of course with the radio active.
I did try to erase the radio in fastboot, and BOOM! an error. It won't let me erase it to see how far it would boot. I'd rather not flash a bad file purposely, so i can't give any hard evidence on the radio being a primary boot initiator or kernel of sorts.
The minimum frequency of the CPU is 100mhz to my knowledge. Anything below this will likely get more and more inefficient and potentially useless. This is why on the Tegra 3's we now have a quad core main CPU + a little, much weaker (and much more efficient) core dedicated to low loads and the ability to rapidly switch between any setup you can imagine. Couldn't such interfaces such as WoL/WoR be entirely integrated into the radio chip?
Maybe i'm entirely deluded here, but i've yet to find hard evidence on either side and i'm leaning toward the ability to entirely shut off the CPU so far. Right now though, anything's possible.
Harbb said:
I don't know how often the phone would be polling the tower so can't comment on how often the radio would be sleeping, however i can say that i've had averages of around 50-60ms of deep idle time and possibly more. This is of course with the radio active.
I did try to erase the radio in fastboot, and BOOM! an error. It won't let me erase it to see how far it would boot. I'd rather not flash a bad file purposely, so i can't give any hard evidence on the radio being a primary boot initiator or kernel of sorts.
The minimum frequency of the CPU is 100mhz to my knowledge. Anything below this will likely get more and more inefficient and potentially useless. This is why on the Tegra 3's we now have a quad core main CPU + a little, much weaker (and much more efficient) core dedicated to low loads and the ability to rapidly switch between any setup you can imagine. Couldn't such interfaces such as WoL/WoR be entirely integrated into the radio chip?
Maybe i'm entirely deluded here, but i've yet to find hard evidence on either side and i'm leaning toward the ability to entirely shut off the CPU so far. Right now though, anything's possible.
Click to expand...
Click to collapse
I cant comment on tegra's design, I've never played with anything with a Tegra chipset. What I am speaking of is Qualcomm specific, its not a general truth for all phones. The problem with WoR/WoL in the radio chip, is all the radio chip does is pass demodulated data to the radio software, and modulate data thats going out on a requested frequency. ie, the radio hardware is dumb, and does exactly what its name implies, its a radio. It may be possible for it to say "Hey, I have data" but that would happen so frequently it would be pointless.
Erasing the radio would require JTAG to get the phone booted again, At least, I am 90% sure. The flash software for the radio also verifies the cryptographic signature and CRC's, so you won't be able to flash a "bad" radio at all. Only way to simulate this would be to yank the battery during a radio flash. But I believe there are also systems in place to prevent this from bricking the phone as well. If someone has a phone to sacrifice, this would be an interesting experiment and would yield some clues as to the boot process.
Also, On the tegra's, they may use a dedicated baseband processor instead of virtualizing it on the main CPU like the MSM chipsets do. If you want to point me to some tegra radio flash images I can give you some insight.
plaguethenet said:
I cant comment on tegra's design, I've never played with anything with a Tegra chipset. What I am speaking of is Qualcomm specific, its not a general truth for all phones. The problem with WoR/WoL in the radio chip, is all the radio chip does is pass demodulated data to the radio software, and modulate data thats going out on a requested frequency. ie, the radio hardware is dumb, and does exactly what its name implies, its a radio. It may be possible for it to say "Hey, I have data" but that would happen so frequently it would be pointless.
Erasing the radio would require JTAG to get the phone booted again, At least, I am 90% sure. The flash software for the radio also verifies the cryptographic signature and CRC's, so you won't be able to flash a "bad" radio at all. Only way to simulate this would be to yank the battery during a radio flash. But I believe there are also systems in place to prevent this from bricking the phone as well. If someone has a phone to sacrifice, this would be an interesting experiment and would yield some clues as to the boot process.
Also, On the tegra's, they may use a dedicated baseband processor instead of virtualizing it on the main CPU like the MSM chipsets do. If you want to point me to some tegra radio flash images I can give you some insight.
Click to expand...
Click to collapse
Good thing my phones smarter than me then, but it would've made a damn pretty paperweight
By the way, my suspicions seem to be correct, The Nexus S does have an integrated Baseband Processor, it can be found in step 10 of that page. Courtesy of iFixIt, of course.
After a quick look i couldn't find a radio for the Tegra 3s but i'm sure they'll pop up soon in the HTC One forums soon, even though it may not mean much now.
Harbb said:
Good thing my phones smarter than me then, but it would've made a damn pretty paperweight
By the way, my suspicions seem to be correct, The Nexus S does have an integrated Baseband Processor, it can be found in step 10 of that page. Courtesy of iFixIt, of course.
After a quick look i couldn't find a radio for the Tegra 3s but i'm sure they'll pop up soon in the HTC One forums soon, even though it may not mean much now.
Click to expand...
Click to collapse
Thats not a processor, Its an antenna selector and noise filter. SPI is too slow to handle GSM/UMTS/CDMA traffic.
Its purpose is to select the frequency band, detect if there is a signal, and select an antenna (Low gain, hi gain, etc) and connect the antenna to something else with the correct frequency. Thats all it really does.
You can see for yourself in the functional diagram located in this PDF: http://www.skyworksinc.com/uploads/documents/201206b.pdf
The radio of the Tegra would me most interesting to me, and but certainly not relevant to this project.
EDIT: Apologies, I missed the Infineon chip. I'll have to see if i can find a data sheet for it to see what it can do. I'll get back to you as soon as I know more.
EDIT2:
I found this PCI-Express card that uses the same baseband processor, The PDF has a pinout of the same baseband chip.
http://module.amod.com.tw/files/Product/2012215113150.pdf
It seems to me that this does most of the protocol/baseband processing, and makes me curious as to why they multiplex the application CPU At all in this case? This makes no sense to me. I mean, I know they do, and I know AMSS.BIN is supposed to run the radio, but it seems like it may be more of a driver between RIL and that chip in this case. Question is, why not write the RIL to use the chip directly using GPIO pins on the CPU? Puzzling...
More questions than answers. But in this case, WoL/WoR functionality is possible at least on GSM Models. Although it's more likely a hardware event (Interrupt) that would wake the processor anyway. Perhaps the seperate modem software is to implement extra AT commands for the modem, and hide the interrupts from Android's RIL? I wonder if we can send random AT Commands to that chip... I'll see what I can figure out with my phone.
Good luck mate. Let us know your progress.
Reading this conversation is quite intriguing.
Where can I find more information to feebly attempt to gain knowledge of what I've just read (besides Google )?
Related
Edit 31/07/2011
Updated diff files for gingerbread kernels (HTC and AOSP), and a module for the more recent HTC kernel (2.6.35.10-g308ba26) can be found later in the thread Here.
The current issue...
Note: This isn't related to the sleep mode wifi disconnections caused by MAC addresses that don't begin 00, so far as i'm aware that's been patched for a while now. Wifi remains connected fine in standby mode, but the throughput is only suitable for very light traffic.
Since compiling the cifs module for the HTC official 2.2 kernel on monday i hit a pretty massive problem when listening to music over wifi from a network share - when the screen enters standby, bandwidth drops massively, well below 100kbps. This makes music you're playing from a cifs share over wifi stutter and cut out and basically become pointless.
A little googling and searching these forums i came to find this has been a fairly massive bugbear of the nexus one and htc desire? Any kind of normal bandwidth streaming over wifi is practically useless once that screen goes into standby. Ditto for high speed transfer of large files.
That means difficult VOIP calls, and no internet radio at a decent bitrate, or cifs access to your music library.
Finding a solution...
As luck would have it, the HTC Incredible 2.6.32.15 source code was released on tuesday, and as it's basically the non-GSM variant of the Desire, i was fairly certain the HTC customised bcm4329 source code was the same as the Desire's, and it seems like it is. So armed with HTC's customised bcm4329 module sourcecode and the output of dmesg when the phone was in various states, i had a poke around.
First of all i tried editing the DTIM update interval, so the phone would wait fewer beacons to collect incoming packets while the wifi was in sleep mode, and this improved the situation, barely. In the end i just locked out the phone's deepest wifi sleep mode, PM_MAX, in favour of PM_FAST, the low power mode for wifi used when the screen is active but the phone is relying on the battery alone (There is a third mode, PM_OFF, used when the phone is powered by a usb connection, but as the name implies, all power management is disabled by it, so forget that one).
PM_MAX appears to have a very fixed latency depending upon the DTIM update interval (300ms with DTIM as the default 3), and severely limited bandwidth. PM_FAST appears to be a listen mode or active rx mode, with latency scaling to the bandwidth used. An initial ping at idle will be up to 1000ms (or even no reply) before steadying at 100-300ms. During light streaming it's more of a steady 50-70ms, and during a file transfer it's a very low 5ms. So it looks like PM_FAST keeps the wifi receiver powered up to some extent, and only powers up the transmitter when needed.
You can guess the edit i've made: Essentially my new kernel module tells the phone to keep wifi in low power mode when the screen is switched off, rather than in a full sleep mode.
Just give me the damn kernel module...
Downloads are attached to the bottom of this post.
Files are unsigned, and install with clockworkmod recovery's 'Install zip from sd card' option.
Your wifi driver must match your phone's kernel version. To check your kernel version go to Settings - About Phone - Software Information and look at Kernel version.
Files including _N_ in the name have wifi mode N support for HTC kernels (non HTC kernel versions should include mode N by default).
If you don't see a version of the module that matches your kernel version, post a request in this thread.
The results..
Well obviously now the wifi bandwidth when the screen sleeps is the same as when the screen is active, so streaming data during sleep mode is perfect, wonderful even! However, i was a little concerned with the effect on battery usage when the connection is alive but fully or partially idle.
So i just did some practical testing. Note i'm connected using 802.11g, my router doesn't support mode n, and my signal is a less than ideal -80dBm so i'm probably using a little extra power.
With the original HTC wifi module, my phone lost about 1% charge an hour with wifi permanently enabled, push gmail enabled, and sync for weather and contacts every 15 minutes.
With the new wifi module, and the same conditions (wifi always on, gmail push, sync 15 mins), i lose around 1% an hour still. Excellent, no difference.
60 minutes of 200kbit VBR mp3 playback through the speaker with the screen off used about 8% of my battery.
60 minutes of 800kbit FLAC playback through the speaker with the screen off used up 10% of my battery.
volume was set at roughly 75% for both tests.
I didn't do any testing with the earphones, but i suspect they'd be marginally lower on the power usage.
To conclude, from my brief testing this afternoon i couldn't discern a difference in battery usage when the wifi connection is left on but mostly idle, and when data is streaming it doesn't eat the entire battery charge in minutes.
Note to ROM authors
Any rom authors using 2.6.32.15 who would like to include this module in their rom, you're quite welcome to. You don't need to credit me either, although it would be nice.
This looks like it could be interesting, but I downloaded and tried to install the b/g/n version and Clockwork spits it out, aborting it as a bad zip.
Anyone else succeed in applying this mod?
Quist said:
This looks like it could be interesting, but I downloaded and tried to install the b/g/n version and Clockwork spits it out, aborting it as a bad zip.
Anyone else succeed in applying this mod?
Click to expand...
Click to collapse
Disable sign check?
xmoo said:
Disable sign check?
Click to expand...
Click to collapse
Signature check was disabled. I'm running an unsigned version of Paul's v8 WIP rom (lightning fast by the way).
Anyway, double checked and manually toggled the sign check on and off again, still same results:
Can't open...
(bad)
Installation aborted.
I just downloaded the b/g/n file and rebooted to clockworkmod and it applied without error.
Possibly you have a bad download? does the zip file open on your computer?
I'd recommend you download again, open the zip on your pc to check it downloaded properly, then copy it to your phone. Let me know how you get on.
Edit:
Just reuploaded without the signature (and erroneous boot.img stuffed in each zip by Kitchen), i downloaded and installed both versions to be sure they work. Links are updated in first post.
Works great.
I use "Twonky Server" to view pictures on my TV and the connection was lost as soon as the phone went to sleep mode. No problem now!
Thanks.
Anymore information about g or n mode?
Im still unsure if it would be good to enable n mode... there were some reports about significant higher battery drain.
Can someone compare the g and n versions running on a stock-near rom?
Thanks in advance!
Myshkinbob said:
I just downloaded the b/g/n file and rebooted to clockworkmod and it applied without error.
Possibly you have a bad download? does the zip file open on your computer?
I'd recommend you download again, open the zip on your pc to check it downloaded properly, then copy it to your phone. Let me know how you get on.
Edit:
Just reuploaded without the signature (and erroneous boot.img stuffed in each zip by Kitchen), i downloaded and installed both versions to be sure they work. Links are updated in first post.
Click to expand...
Click to collapse
Before you re-uploaded it, I noticed that when I downloaded it directly to the phone, it was clipping it at 47 kb (both the standard browser and Dolphin). Apparently Rapidshare is doing something strange through the phone browsers.
Anyway, it worked fine even before you re-uploaded. Good one!
Now I just have to figure out why I keep dropping the wifi connection after a while (didn't do that before).
May I ask you such you are using to have those incredible values for battery?
1% with WiFi and Sync (over 3g?)is a dream for me !
Thanks.
Sent from my HTC Desire using XDA App
sjauquet said:
May I ask you such you are using to have those incredible values for battery?
1% with WiFi and Sync (over 3g?)is a dream for me !
Thanks.
Sent from my HTC Desire using XDA App
Click to expand...
Click to collapse
The wifi signal is only -80dBm, but barely used at idle. My cell signal is amazing though (the cell tower is 100 yards from my flat), and i run the phone in 2G mode with no mobile data. My sync is done over the wifi, not the cell network.
Nice. This is exactly what I want.
Have you looked at 2.6.34.1 kernel by the way? It is the one that most AOSP ROMs in this forum build on and I do not think I have met the latency problems with those ROMs.
tested and works great my friend
A bit more info on the battery usage in this wifi power mode...
I've been out all day and took my other phone, i left the Desire on the desk, 2G 5 bar signal, wifi always on, sync enabled for gmail and weather. Battery was charged to 100 then unplugged.
After 16 hours, battery is at 93, and battery usage breaks down to:
cell standby: 34%
wifi: 33%
phone idle: 33%
That's roughly 2.5% battery usage over 16 hours, from an idling wifi always on connection just doing 15 minute syncs all day, on a fairly poor -80dBm wireless-g network.
I think it's safe to say the power usage differences are negligable compared to the stock wifi module.
Regarding the 2.6.34.2 kernels, i'm not entirely sure if i'd look at them, since they don't include HTC's own kernel changes, i'm a little wary of them working properly with all the features. Part of it is i like the sense-ui too, it seems responsive, and i'm not lacking for free ram, so i'm not sure why people dislike it so much?
I just tried to reproduce the initial effect with the original WiFi module and some music streams. Switching off the screen actually sets my ROM into powersave mode at 245MHz only. Still, I did get smooth streaming without any problems.
Is there any good way to recreate and test this issue? I simply seem not to have it.
Thanks!
I don't suppose this will work on 2.6.34 kernels, will it? I'm trying to find a fix for OpenDesire (CM6 based)...
bemymonkey said:
I don't suppose this will work on 2.6.34 kernels, will it? I'm trying to find a fix for OpenDesire (CM6 based)...
Click to expand...
Click to collapse
I'm afraid not, since the module kernel version has to match the running kernel version.
The HTC roms also use a modified wifi driver with some of their own custom code added for VoIP and a few other things, so i'm not entirely sure the sleep functions are the same in the stock bcm4329 (wifi chipset) driver.
I'll check out the opendesire kernel source and post a patch file to apply to the source if it's possible though.
Myshkinbob said:
I'll check out the opendesire kernel source and post a patch file to apply to the source if it's possible though.
Click to expand...
Click to collapse
That would be AWESOME. Might as well patch Cyanogenmod as you're at it, as all the other AOSP ROMs (including OpenDesire) will receive those changes down the line
I should warn you though: My request has already been met with resistance... some people seem to think that this is actually the way WiFi should work in standby (i.e. it should be connected, but shouldn't actually be able to do anything ). Is a toggle setting (between PSP and CAM) in any way possible?
I thought about a toggle when i first made the patch, but then i'd have to learn to add a /proc interface to the driver to do that. I'm far from a kernel guru, and hadn't touched kernel code in years till i got my Desire last month.
I had trouble locating the new git for opendesire, the old one appears to be closed. So i got hold of the teamdesire 2.6.34.5 CM6 source instead, i expect the two are identical or very close to being so.
While i was looking for the opendesire kernel source git in the rom thread, i noticed the hostility toward altering the wifi power management mode, but at least for the HTC-modified driver it's not a problem. I leave my wifi connected whenever i'm at home, and my results for overnight standby are hard to tell apart. I lose between 5-8% battery over 12 hours of standby depending on txts and pushed emails received.
Here's a patch for the CM6 stock bcm4329 driver. It's power management code is a little different to the HTC-written driver, but it should work fine. I don't really want to wipe my phone to test it on opendesire, so one thing you'll want to test is standby battery usage. I get 6-8mA standby according to CurrentWidget.
To apply it, cd into <kernel source root dir>/drivers/net/wireless/ and copy the .diff there, then do
Code:
patch -p0 < bcm4329_pmfast.diff
then it just needs a make modules with the crosscompile toolchain etc.
Let me know how you get on.
Myshkinbob said:
Here's a patch for the CM6 stock bcm4329 driver. It's power management code is a little different to the HTC-written driver, but it should work fine. I don't really want to wipe my phone to test it on opendesire, so one thing you'll want to test is standby battery usage. I get 6-8mA standby according to CurrentWidget.
To apply it, cd into <kernel source root dir>/drivers/net/wireless/ and copy the .diff there, then do
Code:
patch -p0 < bcm4329_pmfast.diff
then it just needs a make modules with the crosscompile toolchain etc.
Let me know how you get on.
Click to expand...
Click to collapse
I guess I didn't read your previous post carefully enough - thought you were talking about just posting a patch in the form of an update.zip, or a replacement driver file to push via ADB in Recovery...
I think this is a bit over my head . You may not be a kernel guru, but you're talking to an average Windows user here
Let's see if I understood this correctly: This actually patches the source code of the wireless driver by adding/removing code, before compilation? Hmmm, I'd need to learn how to compile Android first, I guess (my experience with compilation is limited to hitting the "Compile & Run" button in Visual Studio)...
Thanks for the hard work though. I'll hit up AdamG and Kali and see if they feel like integrating this...
Oh, sorry
if you're familiar with adb, do an adb shell and then in the console do...
Code:
cat /proc/config.gz > /sdcard/config.gz
then attach that to a reply here. I need the 2.6.34 config to build the module here, then i can just post a zip to apply in the recovery console.
High Level Symptoms:
- I notice battery has drained very quickly in a short time even when I have not been using phone (i.e. idle with display off)
- Phone feels noticeably warm/hot even when I have not been using phone (e.g. like it does while charging)
- Issue only seems to happen when running in 4G LTE mode
- I have gathered detailed usage statistics and do not believe there are any miss-behaving apps or system processes responsible
- I have noticed issue start most often near my office (in midtown NYC)
Note: This is where I use the phone on battery the most, so it may just be sampling bias
- I can temporarily stop the rapid power burn by switching out of 4G LTE mode (i.e. to 3G mode, or disabling radio)
- I have not found a way to stop the issue in 4G LTE mode once it starts except by restarting phone
(things I tried without success: toggling airplane mode, switching to 3G and back to 4G, radio off/on, and moving to different location/tower; rapid burn starts back up again as soon as 4G LTE mode is re-enabled)
Power Burn Rate:
- Data captured using Battery Monitor Widget which I have set to sample/log battery available % and usage every minute (this is a great app!)
- Available % dropping at a rate of about 20% / hour while phone is idle w/ screen off (my normal is about 5% / hour)
- Usage shows a very flat baseline of about 1000 mW / 250 mA (normal baseline is more like 100 mW / 40 mA)
(by baseline I mean many samples are equal to that baseline value with the rest being spikes up to greater values; no observed values are less than the baseline)
Background Info:
- My phone is unrooted and running stock firmware w/ the Verizon OTA upgrade (installed ~2011-05-19)
- I have noticed this issue many times since first getting the phone (~2011-04-12), and this issue is still present even with the newest LTE radio FW in the OTA update
- I am new to Android (~2 months in) but I am diving in deep with all the amazing tools both built-in and via add-on apps; I have collected a range of data/observations from numerous sources that are detailed in this post
My hypothesis is that the LTE radio hardware is responsible for this power burn. Most likely due to a software/firmware bug, but I'm not sure how to confirm that.
I wonder how common this issue is. I remember reading other posts on the forum that sound like the same thing. For example: http://forum.xda-developers.com/showthread.php?t=1008761
Can anyone else confirm they have seen this issue? If this issue is wide spread, I think it may be a contributing factor to the wide spread reports of 4G LTE a lot of battery.
I do not think this is the only factor that causes 4G LTE to use more power than 3G. I have read the reports, and personaly seen, higher 4G LTE power consumption when in low signal areas. However, I belive that to be independant from the burn issue I am describing here. The worst case power consumption I've seen that I think was "low LTE signal" related was only about 500 mW / 130 mA. The burn issue I'm refering too consumes power at about twice that rate and happened when I had strong signal. I had three to four of four possible bars. Also, I grabbed more detailed information:
----------
Phone info
reached using "LTE OnOff" app, "Network" app, or by dialing *#*#4636#*#* -> Phone information
Signal strength: -67 dBm to -80 dBm, 3 to 4 asu
Location: BID = 39b SID = 16 NID = 4
LAT = 7fffffff LONG = 7fffffff
Network Type: CDMA + LTE/EvDo auto
I believe this is good signal (e.g. issue not due to a low signal condition)
==================
Usage Data Capture
I briefly connected to power to reset the statistics after noticing the issue had started and and captured about an hours worth of data. My understanding of the data is that the display was off for almost all the time, and no apps or system processes are listed as using any significant amount of CPU/sensors in comparison to the hour data collection window.
-----------
Battery Use
reached using Settings -> About Phone -> Battery Use, or Battery Monitor Widget -> Usage
When last unplugged for 57m 12s
Display 30%
* Time on 1m 11s
* Auto Brightness
Cell Standby 21%
* Time on 57m 12s
Phone idle 19%
* Time on 56m 1s
Foursquare 11%
* CPU total 8s
* CPU foreground 6s
* GPS 26s
* Data sent 13.59 KB
* Data received 379.93 KB
Android System 7%
* CPU total 41s
* CPU foreground 2s
* Data sent 12.09 KB
* Data received 20.27 KB
Android OS 6%
* CPU total 39s
* Data sent 20.11 KB
* Data received 136.25 KB
Pandora 6%
* CPU total 35s
* Data sent 1.83 KB
* Data received 27.16 KB
---------------
Battery History
reached using Battery Monitor Widget -> Statistics, or by dialing *#*#4636#*#* -> Battery history
since last unplugged
CPU usage
* Android System (Total time:39s)
* Pandora (Total time:35s)
* suspend (Total time:31s)
* Foursquare (Total time:7s)
... (Note: more apps listed but with smaller total times)
Sensor usage
* Android System 29m 47s
* AccuWeather.com 28m 36s
(Note: after this capture I uninstalled AccuWeather.com app and retested. It wasn't listed anymore, but power drain behavior was unaltered)
Partial wake usage
* K-9 Mail 7m14s
* Android System 5m 4s
* Seesmic 9s
... (Note: more apps listed but with smaller times)
Other Usage
* Running (27.6%)
* Screen on (2.1%)
-------------------
CPU Spy v0.3.0 beta
Note: timers reset at begining of measurement interval
Time in state
1024 MHz 4:21 7%
768 MHz 0:54 1%
368 MHz 0:35 0%
245 MHz 12:11 20%
Deep Sleep 41:34 69%
This is a typical distribution I see when the phone is mostly idle (CPU sleeping for most of the time).
=================
Variation testing
After the data capture I systematicly tried several methods to see what it took to stop the abnormal drain in 4G LTE mode. In the end only rebooting the phone did it.
Set preferred network type: "CDMA auto (PRL)" (i.e. 3G mode) -> normal power usage (5:00pm-5:18pm)
Set preferred network type: "CDMA + LTE/EvDo auto" (i.e. 4G mode) -> abnormally high power usage (5:18pm to 5:43pm)
Set airplane mode (i.e. radio off) -> very low power usage (5:43pm to 6:54pm)
Turned off airplane mode (i.e. 4G mode) -> abnormally high power usage
Set preferred network type: "LTE mode" (i.e. ONLY 4G mode) -> abnormally high power usage
Set preferred network type: "CDMA + LTE/EvDo auto" (i.e. 4G mode) -> abnormally high power usage
Moved to a new place:
Signal strength: -65 dBm 4 asu
Location: BID = 23c SID = 16 NID = 4
LAT = 7fffffff LONG = 7fffffff
-> abnormally high power usage
Phone info "Turn off radio" button -> very low power usage
Phone info "Turn on radio" button -> abnormally high power usage
Restart phone -> normal power usage
I experience the same problem. My guess is that the radio firmware gets into a bad state when you are in an area with bad coverage.
I have been in a state where disabling data didn't stp the battery drain, only entering airplane mode would stop it.
crpalmer said:
I experience the same problem. My guess is that the radio firmware gets into a bad state when you are in an area with bad coverage.
I have been in a state where disabling data didn't stp the battery drain, only
entering airplane mode would stop it.
Click to expand...
Click to collapse
I originally thought the same thing about the issue starting while in poor coverage, but since I have seen it occur multiple times in a good coverage area I began to doubt that was the case. The extra power consumption I usually get while in poor coverage is less in magnitude, and varies much more, and goes away when I have good coverage again. This issue feels distinctly different to me.
When you say disabling data didn't stop the drain you experienced, do you mean turning off Settings -> Wireless & networks -> Mobile networks? I haven't tried playing with that option. I'll give it a try next time I see the issue too.
You said entering airplane mode would stop it. Did you have the same experience that when you turned airplane mode off that the drain started back up again until you restarted?
Thanks
Excellent post, I would venture a guess that your background is in one the sciences.
One thing I noticed you didn't try was connecting through wifi. I believe this will render the 4g radio on but not in use. If the issue persists, it could help narrow down the cause.
As far as attempting to fix it, you can factory reset it or go to verizon for a replacement.. but that doesn't do much for others with this problem.
I have been having the same issue, both on stock and BAMF 1.6. Thanks for looking so thoroughly at this problem. It appears not everyone is affected. Can someone confirm? If so, exchanging the could be the solution.
Sent from my ADR6400L using XDA App
To test your hypothesis, I'd recommend turning off LTE somehow. My suggestion for non-rooted phone:
Dial ##778#
Chose edit mode, password: 000000
You should be able to turn off LTE in Modem Settings->Preferred Mode
Please let us know your finding.
Nice work on the research!
The scenario you described happened to me yesterday.
I was in a building where I didn't get any reception at all. I noticed the phone started to warm up. By the time I got outside and the phone re-established a connection with the 4g network, it was extremely warm and the phone was at 7% life begging to be charged.
This has happened to me on two other occasions but I don't recall being in an area of zero to poor reception.
My bolt is also rooted running the BAMF Remix 1.6.
agdaniels said:
Excellent post, I would venture a guess that your background is in one the sciences.
One thing I noticed you didn't try was connecting through wifi. I believe this will render the 4g radio on but not in use. If the issue persists, it could help narrow down the cause.
As far as attempting to fix it, you can factory reset it or go to verizon for a replacement.. but that doesn't do much for others with this problem.
Click to expand...
Click to collapse
Thank you. Your guess is spot on; I did my Ph. D. in computer science.
I have not tried switching to WiFi. Next time I see the issue I will put that to the test. I find I haven't been using WiFi much with this phone since I have lower standby power consumption in 3G mode when I don't need the speed. When I do want more speed, I find here in NYC 4G LTE is actually significantly faster than either my home or work Internet connection (Cable and DSL respectively) (Crazy!). Also, here in NYC the 2.4 GHz band is VERY crowded so WiFi can slow down at times even on a good wired Internet connection. I wish this phone was 5 GHz WiFi capable to help avoid this particular issue.
My intuition is that this is a radio firmware issue so I have my doubts that a factory reset or even a replacement would fix anything. Factory reset would help if there were misbehaving apps or screwed up settings on my phone, but this seems unlikely. I'll probably need to root my phone so I can back it up before I try a factory reset. A replacement would only help if there was a hardware fault. Part of the purpose of this thread is to help gauge if many other people have this problem. The more that do, the less likely it is an abnormal HW fault with only my phone, and more likely a bug or other HW errata issue that hasn't been worked around correctly.
I think it is still too early in the game to make the call that it is not fixable in FW. I was aware that this LTE network/chipset is quite new and this phone was likely to have some rough spots at the start. Verizon/HTC/Qualcomm have only made one OTA release so far, and even that release has major bugs that were not present in the original stock FW (e.g. the frequent spontaneous rebooting when in 3G mode). Forums like this seem like great places for us users to publicly characterize issues we encounter. I hope it helps the engineers involved in making fixes and that we get updates not too far down the line.
cuguy said:
To test your hypothesis, I'd recommend turning off LTE somehow. My suggestion for non-rooted phone:
Dial ##778#
Chose edit mode, password: 000000
You should be able to turn off LTE in Modem Settings->Preferred Mode
Please let us know your finding.
Click to expand...
Click to collapse
Thanks for the suggestion.
If you look at the last part of my post under the "Variation Testing" heading, I believe I did try a number of configurations with LTE off. Each case where LTE was off I saw normal or low power consumption. This is why I grew to suspect the LTE radio in the first place.
The technique I used for switching between 3G and 4G modes was actually the "Set prefered network type" drop down on the "Phone info" menu that can be reached using "LTE OnOff" app, "Network" app, or by dialing *#*#4636#*#* and selecting "Phone Information".
I have used the dial ##778# to get the ESPT menu before, but that was to modify the "Rev. A" setting from "eHRPD" to "Enable" as a work around to re-enable 3G EVDO during the few days of nation wide 4G LTE & 3G SVDO outage we had a month or so ago. BTW, it looks like I had by phone set to the non-stock "Enable" setting rather than "eHRPD" for the original data capture. I switched this back to "eHRPD" and I'll report if I have the issue again. I was last playing with this setting to see if had any effect on the random reboots after the OTA while on 3G, but it did not.
In the ESPT -> Modem Settings -> Preferred Mode drop down I only see the options for:
- Automatic
- HDR Only
- Digital Only
- CDMA Only (selected by default)
- CDMA HDR Only
There is also a a Preferred Mode(9k) drop down that has these options:
- Automatic
- HDR Only
- LTE Only
- HDR LTE only (selected by default)
I believe that these are settings for the voice radio and the data radio respectively. See the third page of the excellent Anandtech review of the HTC Thunderbolt: <Sorry, I am a new xda-developers forum member so it won't let me post external links yet.>
Do you have suggestions on how to set these? I am unfamiliar with the HDR acronym and haven't turned up anything that seems relevant in my Google searches.
I had another instance of the 4G LTE power burn issue today. I tried a few of the above suggestions.
I enabled WiFi and logged on to an access point. This did not stop the abnormally high power burn. Instead it went up slightly; I assume this was the extra power for the WiFi radio.
I also tried turning off Settings -> Wireless & networks -> Mobile networks. That resulted in the 4G LTE icon going away but the signal bars were still showing. I couldn't use the Internet but a SMS came through in this mode. This mode did not stop the power burn either.
The burn stopped only when I rebooted.
The reboot happened when I dialed ##778# to get the ESPT menu and switched the "Rev. A" setting from "Enable" to "eHRPD" and this time remembered to commit the changes (forgot to when I posted above). Committing the changes auto-rebooted the phone, which returned me to normal power consumption. I will report if I have the problem again now that I have confirmed I am back in the stock eHRPD mode.
Most of today I was in very good signal conditions, judging by the time the drain started, I could have been out on a errand in the neighborhood. So I can't 100% guarantee that the 4G signal was high the whole time.
Does anyone know of an app that works on the Thunderbolt that can log signal strength over time and preferably graph it too (e.g. similar to Battery Monitor Widget). I have tried to download and use a few without success including: Open Signal Maps, Network Signal Info, RF Signal Tracker, and Signal Finder. Some of these apps didn't work at all (I suspect 4G signal is reported a bit differently and this confuses some of them). Some work in general but I can't seem to get the logging I'm looking for.
Thanks!
OdinGuru said:
I originally thought the same thing about the issue starting while in poor coverage, but since I have seen it occur multiple times in a good coverage area I began to doubt that was the case. The extra power consumption I usually get while in poor coverage is less in magnitude, and varies much more, and goes away when I have good coverage again. This issue feels distinctly different to me.
When you say disabling data didn't stop the drain you experienced, do you mean turning off Settings -> Wireless & networks -> Mobile networks? I haven't tried playing with that option. I'll give it a try next time I see the issue too.
You said entering airplane mode would stop it. Did you have the same experience that when you turned airplane mode off that the drain started back up again until you restarted?
Thanks
Click to expand...
Click to collapse
By disabling data, I was actually using the notification tools in most rooted roms. That should be equivalent to what you said.
Toggling airplane mode toggled the battery drain problem until it failed to enter airplane mode and I had to reboot.
I see the same thing
Where I live at home we only have 3G at work I have 4G. The phone will get itself into some kind of mode at work and burn through the battery in 4-5 hours. So I keep it charging on my desk all day. If I didn't, some days it wouldn't make it till lunch.
OdinGuru said:
Thank you. Your guess is spot on; I did my Ph. D. in computer science.
I have not tried switching to WiFi. Next time I see the issue I will put that to the test. I find I haven't been using WiFi much with this phone since I have lower standby power consumption in 3G mode when I don't need the speed. When I do want more speed, I find here in NYC 4G LTE is actually significantly faster than either my home or work Internet connection (Cable and DSL respectively) (Crazy!). Also, here in NYC the 2.4 GHz band is VERY crowded so WiFi can slow down at times even on a good wired Internet connection. I wish this phone was 5 GHz WiFi capable to help avoid this particular issue.
My intuition is that this is a radio firmware issue so I have my doubts that a factory reset or even a replacement would fix anything. Factory reset would help if there were misbehaving apps or screwed up settings on my phone, but this seems unlikely. I'll probably need to root my phone so I can back it up before I try a factory reset. A replacement would only help if there was a hardware fault. Part of the purpose of this thread is to help gauge if many other people have this problem. The more that do, the less likely it is an abnormal HW fault with only my phone, and more likely a bug or other HW errata issue that hasn't been worked around correctly.
I think it is still too early in the game to make the call that it is not fixable in FW. I was aware that this LTE network/chipset is quite new and this phone was likely to have some rough spots at the start. Verizon/HTC/Qualcomm have only made one OTA release so far, and even that release has major bugs that were not present in the original stock FW (e.g. the frequent spontaneous rebooting when in 3G mode). Forums like this seem like great places for us users to publicly characterize issues we encounter. I hope it helps the engineers involved in making fixes and that we get updates not too far down the line.
Click to expand...
Click to collapse
You are absolutely correct on all three points, my main focus with the two suggestions were background data for the factory reset and faulty hardware for the replacement.
If you have the ability to disable all background data syncing while on 4g- on the application side, sense ui side, and the android side you could completely rule out software being the cause. My thoughts with this are some background service is keeping the radio active, causing the burn.
The replacement device would help to narrow down whether the issue lies on the device side, or if its more related to the towers/the way lte functions. The latter is bad news for you. My thoughts on this are that some people report no issues running lte, while others are having similar problems as you have reported; I doubt that it is faulty phone hardware, but its possible.
I share your conclusion that this is a firmware(baseband) issue. Actually going in and manipulating it would require root, a considerable understanding of how the interaction between hardware and software works, and the abilty to make tweaks and test them. I will also contact some people more knowledgable then myself and see if they want to chime in on the matter.
crpalmer said:
By disabling data, I was actually using the notification tools in most rooted roms. That should be equivalent to what you said.
Toggling airplane mode toggled the battery drain problem until it failed to enter airplane mode and I had to reboot.
Click to expand...
Click to collapse
Excellent idea. I then I was able to execute the test you suggested yesterday when I re-encountered the issue. I saw the exact same behavior you reported: even though I disable applications data over LTE, the drain did not stop. This is strong supporting evidence that it is not an issue with some kind of rouge app / sync settings.
Drain toggling with airplane mode is the exactly consistent with my observations as well. Sounds like we have confirmed you having the exact same burn issue.
Thank you for the feedback and confirmation.
mcargil05 said:
Where I live at home we only have 3G at work I have 4G. The phone will get itself into some kind of mode at work and burn through the battery in 4-5 hours. So I keep it charging on my desk all day. If I didn't, some days it wouldn't make it till lunch.
Click to expand...
Click to collapse
This is consistent with my observations of the burn issue. The baseline power consumption I observed is about 20% of the battery per hour while phone is idle with screen off. That would correspond to the phone burning through a full charge in 5 hours even if you didn't use it at all. Add any extra actual usage on top of that and 4-5 hours of life sounds very plausible. That assumes you have the problem right away though (the worst case).
I typically see a variable amount of time of normal consumption before the issue starts. For instance, let's say I've been running normally for 3 hours and am at 80% before the issue starts. Then I'd quickly burn through the last 80% in 4 hours or less. In that case I'd get less than 7 hours of total battery life (e.g. not making it through the day). If my normal usage had continued, it should be more like 15 hours (e.g. more than enough for a long day and needs charging every night).
There is still the question if this issue is related or not to 4G signal levels. What do you normally see in the office? Number of bars is useful, and also the more detailed dBm number can be found in Settings -> About Phone -> Network.
Thank you for your report.
agdaniels said:
You are absolutely correct on all three points, my main focus with the two suggestions were background data for the factory reset and faulty hardware for the replacement.
If you have the ability to disable all background data syncing while on 4g- on the application side, sense ui side, and the android side you could completely rule out software being the cause. My thoughts with this are some background service is keeping the radio active, causing the burn.
The replacement device would help to narrow down whether the issue lies on the device side, or if its more related to the towers/the way lte functions. The latter is bad news for you. My thoughts on this are that some people report no issues running lte, while others are having similar problems as you have reported; I doubt that it is faulty phone hardware, but its possible.
I share your conclusion that this is a firmware(baseband) issue. Actually going in and manipulating it would require root, a considerable understanding of how the interaction between hardware and software works, and the abilty to make tweaks and test them. I will also contact some people more knowledgable then myself and see if they want to chime in on the matter.
Click to expand...
Click to collapse
In the most recent test I disabled "Mobile Networks" which effectively shutdown data service. I also tested switching to WiFi which should have redirected all data away from the 4G LTE radio. Neither one of these stopped the power burn. Do you agree this is sufficient enough to rule out apps/services?
I noticed on the Phone info screen there are some counters for number of bytes sent over the radio. Next time I have the issue perhaps I'll keep track of how those change when I'm having the issue vs not.
I agree that trying replacement HW would be a useful data point to help identify if the issue is inherent or tower related. I'm not quite ready to jump through all the hoops with Verizon to do it myself yet. I'd want to root first to create a backup of my current setup first to reduce the pain of the procedure. And I'll probably give them the benefit of the doubt and wait for the next OTA to give them another shot at fixing the issue with FW.
Part of our questions would be answered if there was indeed a user out there that runs 4G LTE and can document that they do not have this issue. Does anyone out there run Battery Monitor Widget or similar and can say they have never seen the tell-tail pattern of power burn I am talking about?
I really wish Android had a built in screen capture feature. I need to get adb installed and setup on my computer so I can post examples of what the graphs look like; I think that would help other users to identify the issue as it happens so they know when to re-boot to save what is left of their battery.
I agree there is very little we as users can do to fix the issue if it is in the radio FW. As you say, it would indeed take very detailed knowledge of the HW. Also, I think it would be impossible without the radio FW source code. Although I haven't looked through the HTC released code, I would be very surprised if this was included. It wouldn't be covered under the Android or Linux open source licenses as it likely originally came from Qualcomm and is considered proprietary. Without that, we can only hope that Qualcomm/HTC/Verizon work together to get it figured out. The good news is that they all have a good business case to do so. This LTE chipset is likely to be used in several phones so they need these issues resolved before it affects their whole lineup.
Anyone know if the new Samsung Droid Charge has this issue too?
After experiencing all the same issues myself, I have noticed that this seems to have been addressed in the leaked Gingerbread radio. Might be worthwhile to repeat testing using that radio and then somehow compare code.
Sent from my ADR6400L using XDA Premium App
I would have to agree you've sufficiently ruled out software, the point about the gingerbread build not having issues is worth noting though. Can someone confirm the 2.3 release has new radio firmware? It wouldn't be difficult at all to pull it out and flash it if it does
My thunderbolt will be in hand Monday, I don't have the phd you have in c.s (mines just a bs) but I've been in the business long enough to throw some graphs together. We'll compare notes then if we don't find resolution sooner.
I experience the same problem in North Phoenix when running 4GLTE in a weak 4g signal area. It doesn't happen too often if I'm in a heavily blanketed 4g area.
EDIT. I'm running rooted. OC to usually 1400 mhz. I'm constantly being synced with the Exchange Server. My phone gets super hot when running navigation plus 4GLTE. Temperature gets up to around 110 degrees Fahrenheit.
When I notice my phone heating up, I'll switch to CDMA prl and immediately my battery temperature starts dropping to normal levels, ie. 86 degrees Fahrenheit.
At the time I was running on different radio combinations. Such as, CDMA. 6 and lte. 7 radio combo. I have recently switched to Gingerbread so more testing is needed.
Had a spare minute to look up the radio, looks like its bricking certain devices after flashing. Not completely ruling it out, maybe you can flash it, test it, then flash it back, but there is some risk involved.
Whatever the case, its reassuring to know updates are coming eventually.
Here is a link for reference:
http://forum.xda-developers.com/showthread.php?t=1098363&page=70
I noticed that on pretty much any phone, no matter the strength of the data or wifi connection, transfers on the playstore are usually always speedy. I dont know what particular part of code, or driver command, or even what exactly makes that happen, but i wonder if it could somehow be implemented or activated (or however it would be used) system wide to speed up any data or wifi communication. I obviously dont understand enough about this area of phones and would like some education on it if anyone has the time, thanks!
OK, so I know M7 isn't the latest CM build, but it's the latest one without issues with GPS, so that's what I'm on since I use GPS a lot.
So last week I replaced my home router. This of course means reconfiguring all the wifi devices around the house, including my wifi thermostat. The unique thing about the thermostat is that to configure it, you connect a laptop/phone/tablet to the thermostat's ad-hoc wifi network, tell it which infrastructure ssid to connect to, verify a pin from the thermostat's screen (so nobody can hijack your t-stat from outside the house), and that's it.
thing is, when you use Cyanogenmod (at least on the relay) to connect to an adhoc network, it breaks wifi. what happens is you can't connect to any other wifi networks, and can't even scan to see available networks till you reboot. sometimes it doesn't work even after a reboot. strangely, the tethering/hotspot still works fine. you just can't connect the phone to a hotspot whether it's at home or work or anywhere.
i'd been having other issues and general slowness with the phone, so i decided to backup a few apps with TiBu and do a factory reset. that worked... till i tried connecting to the thermostat again, and it broke wifi completely this time.
solution? go to /data/misc/wifi/ and rename wpa_supplicant.conf to wpa_supplicant.conf.old (or whatever, as long as it's a different name) and reboot. the system will automatically create a new conf file. boom - wifi fixed.
obviously this requires root, but that's not an issue in CM. I doubt it matters, but i used ES file explorer since it's got a good root filesystem browser and mounting / or system as RW is a simple matter of a checkbox in the settings.
when i compared the newly created wpa_supplicant.conf with the one i'd renamed (.old) the only real difference i could see was the saved networks at the bottom. so you might be able to get away with simply deleting the offending network={ blah blah } section instead of completely renaming the conf file. the advantage here would be if you have a bunch of saved networks that you don't want to get rid of, it will keep those saved networks. the conf file is a plaintext file so it's easy enough to understand what you're looking at, and modify appropriately.
MODS: I apologize if this is in the wrong forum. I figured since it probably only applies to CM, I should post it in the dev forum rather than the general one. If it needs to be moved, I don't be offended.
Gibson99 said:
OK, so I know M7 isn't the latest CM build, but it's the latest one without issues with GPS, so that's what I'm on since I use GPS a lot.
So last week I replaced my home router. This of course means reconfiguring all the wifi devices around the house, including my wifi thermostat. The unique thing about the thermostat is that to configure it, you connect a laptop/phone/tablet to the thermostat's ad-hoc wifi network, tell it which infrastructure ssid to connect to, verify a pin from the thermostat's screen (so nobody can hijack your t-stat from outside the house), and that's it.
thing is, when you use Cyanogenmod (at least on the relay) to connect to an adhoc network, it breaks wifi. what happens is you can't connect to any other wifi networks, and can't even scan to see available networks till you reboot. sometimes it doesn't work even after a reboot. strangely, the tethering/hotspot still works fine. you just can't connect the phone to a hotspot whether it's at home or work or anywhere.
i'd been having other issues and general slowness with the phone, so i decided to backup a few apps with TiBu and do a factory reset. that worked... till i tried connecting to the thermostat again, and it broke wifi completely this time.
solution? go to /data/misc/wifi/ and rename wpa_supplicant.conf to wpa_supplicant.conf.old (or whatever, as long as it's a different name) and reboot. the system will automatically create a new conf file. boom - wifi fixed.
obviously this requires root, but that's not an issue in CM. I doubt it matters, but i used ES file explorer since it's got a good root filesystem browser and mounting / or system as RW is a simple matter of a checkbox in the settings.
when i compared the newly created wpa_supplicant.conf with the one i'd renamed (.old) the only real difference i could see was the saved networks at the bottom. so you might be able to get away with simply deleting the offending network={ blah blah } section instead of completely renaming the conf file. the advantage here would be if you have a bunch of saved networks that you don't want to get rid of, it will keep those saved networks. the conf file is a plaintext file so it's easy enough to understand what you're looking at, and modify appropriately.
MODS: I apologize if this is in the wrong forum. I figured since it probably only applies to CM, I should post it in the dev forum rather than the general one. If it needs to be moved, I don't be offended.
Click to expand...
Click to collapse
It does belong in q&a...but my lollipop validus has working gps
REV3NT3CH said:
It does belong in q&a...but my lollipop validus has working gps
Click to expand...
Click to collapse
As does FatToad. However, I do know that the privacy bit in the GPS can be flipped with the drivers we're using in FT. There's an old thread with a post from nard about how to fix that.
Magamo said:
As does FatToad. However, I do know that the privacy bit in the GPS can be flipped with the drivers we're using in FT. There's an old thread with a post from nard about how to fix that.
Click to expand...
Click to collapse
Do you understand more about this "privacy bit", what call in the API flips it, or can give me any other pointers about it? The poster previous to you indicates that GPS works with M7. I thought I had it working with M8, but can't really guarantee that, any more. The post from nard was quite an onerous process, including what looked like reflashing the baseband.
It seems to me that if we really understood this problem, the fix would be quite simple, and could be done by a root-access app. I've done more digging, and see that it seems to be common to many models of Samsung Galaxy phones, and some of the fixes involve doing potentially horrible things to the NVRAM. (like clearing it completely - what could possibly go wrong?)
It seems that the GPS is done in the baseband processor, along with the other radio stuff, but so far I haven't been able to find it. The transceiver chip is just a transceiver, no baseband processor. It looks like the baseband processor might be on the Snapdragon main processor chip, though they don't enumerate it well. In addition they mention a "gpsOne engine" without describing exactly what it is.
I'm still relatively ignorant about Android, a year after getting one. (not enough time) I'm better versed on hardware, but this problem seems to be in the cracks between.
Come to think of it, a simple question... Is there documentation on the communications between Android and the baseband processor?
Gibson99 said:
OK, so I know M7 isn't the latest CM build, but it's the latest one without issues with GPS, so that's what I'm on since I use GPS a lot.
Click to expand...
Click to collapse
I just took my wife's phone outside and tested it. GPS works on M8 from last summer, as does wifi. AFAIK the only thing that doesn't work on M8 is the video camera. (Stills on the camera work.)
This was an older phone than mine, purchased after mine. With mine I didn't need the radio or bootloader updates, my wife's did. I bought the phone for her, used it briefly with my PureTalkUSA SIM card to make sure it was really unlocked. Then I put CM11 on it.
phred14 said:
I just took my wife's phone outside and tested it. GPS works on M8 from last summer, as does wifi. AFAIK the only thing that doesn't work on M8 is the video camera. (Stills on the camera work.)
This was an older phone than mine, purchased after mine. With mine I didn't need the radio or bootloader updates, my wife's did. I bought the phone for her, used it briefly with my PureTalkUSA SIM card to make sure it was really unlocked. Then I put CM11 on it.
Click to expand...
Click to collapse
no idea how old mine actually is; i bought it "like new" from a tmobile reseller here in town and i actually use tmobile for service.
right now i'm on fattoad and once i stepped down my paranoia (i turned on privacy guard for everything including all system apps. hint: don't do that ) it seems good so far. nova launcher has an issue with flickering or disappearing icons, and everything is huge (i need to adjust the dpi) but so far no issues with gps or wifi (though i havent needed to connect to an adhoc network yet).
Do be careful with Privacy Guard. I didn't mention, but although Privacy Guard out of the box tends to make it so that most system apps are unable to be tuned, TeamApexQ likes the option of being able to tune everything in that regard, so we removed the safeguard. (For example, when PG was first ported to CM12, you could tune the settings of the 'Settings' app. Then at our next internal testing build, it was suddenly coming up empty, because CM made a change to exclude tuning for it. We restored full capability because we liked it. But that does mean you can more easily 'shoot yourself in the foot'.
Magamo said:
Do be careful with Privacy Guard. I didn't mention, but although Privacy Guard out of the box tends to make it so that most system apps are unable to be tuned, TeamApexQ likes the option of being able to tune everything in that regard, so we removed the safeguard. (For example, when PG was first ported to CM12, you could tune the settings of the 'Settings' app. Then at our next internal testing build, it was suddenly coming up empty, because CM made a change to exclude tuning for it. We restored full capability because we liked it. But that does mean you can more easily 'shoot yourself in the foot'.
Click to expand...
Click to collapse
I've recently begun to wonder if Privacy Guard might be partially responsible for reduced battery life. I'm under the impression that it lies to apps, providing false information when they have insufficient authority for the real information. Some of those permissions in Privacy Guard are to turn radios on and off. If an app thinks it's turned a radio on, and is trying to communicate based on faked (Really, it's going to look like a failure, at this point.) returns, it may spend more time continuing to try instead of just staying asleep. My battery life comes an goes, but I've noticed that on a "bad day" there are quite a few wakeups in the middle of nowhen, when the phone was sitting there in airplane mode with all radios off.
Of course I may be all wet on this - radio control may be one area where it can say, "You're in Airplane Mode, no program can turn the radio on."
good theory, and like you said, it depends on the app and how pg implements each block.
personally i'm having great battery life in L. i have a 5000mah battery, but usually by this point in the day i'm at about 60%. right now i'm still at 83%. i like how it projects your estimated remaining battery time. first time i looked at the battery chart, i lol'd - it was projecting 4.5 days before it died. i can probably get 2 no sweat even with regular usage, but i'd have to turn off sync and really cut back to make it 4 days.
I've had very good results with some simple rules with Privacy Guard. Generally the only thing I've turned off is the ability for Google Play Services and the Google App (Google Now) to wake up my device and to keep it awake. With those turned off, my battery life has gotten to be pretty damned nice... Though it makes Google Play Services FC once maybe every 24 hours. It restarts just fine, no harm no foul.
My battery life seems to be "bimodal". It either barely makes it 24 hours - basically needs recharging every night, or it lasts on the order of three or four days on a charge.
It seems to be somehow wifi-related, if I were guessing, and in an odd way. If wifi is largely off, but occasionally on, the battery life seems shorter. After wifi has been left off for "a while" (quantity not yet determined) it seems to go into long-battery-life mode. If I keep wifi largely on, and occasionally off (basically between known/trusted wifi places) the battery life comes out somewhere in between, consistent with wifi itself taking some power.
It's been really tough to detect any sort of pattern, but this is the best I've been able to come up with so far. I haven't done rigorous testing, or at least attempts at rigor so far have yielded inconsistent results. I've looked at what the Settings->Battery has available for power diagnostics, and one thing I noted was a lot of spurious wakeups when all radios were turned off. That's what led me to tentatively finger Privacy Guard.
I just saw the setting to show "built-in" apps on PG. I see two different entries for google.services and google.services.framework. The former has scads of wakeups - thanks for the tip. The latter has many, but a much smaller number. Did you block wakeups for both? I presume "built-in" are also "system" that others have said shouldn't be bulk-denied in PG. Are there guidelines anywhere about which are OK, which are useful, etc? (Like this case, and perhaps battery life.)
phred14 said:
My battery life seems to be "bimodal". It either barely makes it 24 hours - basically needs recharging every night, or it lasts on the order of three or four days on a charge.
It seems to be somehow wifi-related, if I were guessing, and in an odd way. If wifi is largely off, but occasionally on, the battery life seems shorter. After wifi has been left off for "a while" (quantity not yet determined) it seems to go into long-battery-life mode. If I keep wifi largely on, and occasionally off (basically between known/trusted wifi places) the battery life comes out somewhere in between, consistent with wifi itself taking some power.
It's been really tough to detect any sort of pattern, but this is the best I've been able to come up with so far. I haven't done rigorous testing, or at least attempts at rigor so far have yielded inconsistent results. I've looked at what the Settings->Battery has available for power diagnostics, and one thing I noted was a lot of spurious wakeups when all radios were turned off. That's what led me to tentatively finger Privacy Guard.
I just saw the setting to show "built-in" apps on PG. I see two different entries for google.services and google.services.framework. The former has scads of wakeups - thanks for the tip. The latter has many, but a much smaller number. Did you block wakeups for both? I presume "built-in" are also "system" that others have said shouldn't be bulk-denied in PG. Are there guidelines anywhere about which are OK, which are useful, etc? (Like this case, and perhaps battery life.)
Click to expand...
Click to collapse
It's difficult to give tips for this, because everyones' usage is different. Get 'WakeLock Detector' and keep an eye on that when your power drain seems more intense. Disable things that make sense to disable based on that.
I know this isn't really the topic, but just because you get a new router doesn't mean you have to reconfigure everything. Why couldn't you just configure the new router with the SSID and password from the old one?
slartibartfast42 said:
I know this isn't really the topic, but just because you get a new router doesn't mean you have to reconfigure everything. Why couldn't you just configure the new router with the SSID and password from the old one?
Click to expand...
Click to collapse
believe me, i tried that. it's stupidly tedious to enter a long keyphrase via the remote control on our tivos and only slightly less tedious on the roku (its remote is much more responsive). laptops and phones aren't as bad since they have keyboards. apparently the devices are smart enough to notice a different MAC behind the BSSID. which if you think about it, is actually a GOOD thing in terms of security, since it makes spoofing a little more difficult. granted, you'd also have to know the wpa key to successfully spoof, but it's a simple check to implement for security's sake, and i'm glad they did.
by the way, do you like fjords?
Magamo said:
It's difficult to give tips for this, because everyones' usage is different. Get 'WakeLock Detector' and keep an eye on that when your power drain seems more intense. Disable things that make sense to disable based on that.
Click to expand...
Click to collapse
"Wakelock Detector" has certainly been enlightening. "Google Fit", which makes sense, once you think about it. But the other aspect that was even more important, I just happened to see when one of the other forums popped up on some sort of search result or other.
You have to boot your Android device on battery. If the kernel starts up on charger, it never gets into the deepest power-saving states. When I first started using Wakelock Detector, my phone showed up as being awake something like 97% of the time. Google Fit was the biggest user, but not that big. After seeing that advice I've been careful to boot on battery, and now most of the time is spent asleep. Google Fit still uses wakes as much, but when it's not, the phone is really sleeping. My normal battery life has moved out to two or three days, sometimes into a fourth. As long as I consider Google Fit worth having around, this battery life is good enough for me - there is always a decent window to recharge.
phred14 said:
You have to boot your Android device on battery. If the kernel starts up on charger, it never gets into the deepest power-saving states.
Click to expand...
Click to collapse
So much for that theory. A day or two back, after good battery life since this post, I noticed it draining faster. Today I looked, and sure enough, it's not going into deep sleep. I tried rebooting with all four states of wifi and cell service, and nothing has gotten deep sleep back. I think I'm going to try charging tonight, booting while charging, then rebooting after disconnecting. It would be good to have an exact and repeatable set of circumstances that cause both good and bad battery life.
Two weeks felt like two years when my phone suddenly started acting odd. High CPU usage, 2x battery drain compared to before, phone heating up while doing simple tasks drove me insane. I thought there might be something wrong with the phone but couldn't find anything so I sent it to the customer service center. All they did was factory reset, installed the latest stock OS, and sent it back which didn't solve my issue.
So I rooted the phone, installed a custom ROM and the problem was still there. I lost the tiny bit of hope I had left and concluded that it's a hardware issue and I might have to buy a new device. Two days later I installed the Better Battery Stats app and kept my phone idle overnight with wifi on.
The next day I finally found out what's been eating my battery. In BBS under Kernel wake-locks, I saw qcom_rx_wakelock was on for 8 straight hours, as long as my wifi was on. Checked the CPU states on the FK Kernel manager and found out the phone never went to deep sleep, not for a second! Also, there was that idle wifi usage.
So I downloaded the Network Log app and kept logging on the next night. 9 hours passed, none of my apps used the internet but the kernel used almost 500 mbs in 9 hours! So that's where my wakelock was coming from.
I went to my friend's house and used his wifi for a few hours to identify what's going on and I was surprised to see there was no battery drain, low CPU usage, and zero idle wifi usage. For a moment there everything seemed to went back to normal. When I came back to the school dormitory the nightmare started again.
I started scouring on the internet and I found this which led me to this terrific post!
This comment explains everything!
To summarize, the phone was going crazy because of wifi multicast, and arp flooding. I couldn't do anything about it as I was in the university's public wifi. You can disable multicast by going to the router page and turning off wifi multicast from IGMP snooping setting. But it was impossible for me cause school won't allow me to change anything and even if I complain they won't care.
So I decided to fix it by adding some of the Pixel 3's WCNSS_qcom_cfg.ini properties to my phone's WCNSS_qcom_cfg.ini which I located in the vendor/etc/wifi/ as r/skanadian recommended in the second post which took my qcom_rx wakelock to 19%, way less compared to 86% before.
This is a step-by-step guide to reducing battery drain -
• Backup your phone's WCNSS_qcom_cfg.ini in case something go wrong. I found it in system/vendor/etc/wifi/here
It might be different for you depending on what Rom or device you are using. The filename will be the same but the location might be different.
• Get a text editor. Mixplorer is recommended as it helps to search properties quickly with its find feature.
• Open your devices WCNSS_qcom_cfg.ini using Mixplorer and keep it open. Alternatively, you can copy it to a different folder on your phone. I suggest the second one cause it's better than directly editing the file from the system.
• Go to this page
• Go to your browser option and select find in page to search. Search for the word "offload" on that page.
• Copy all the lines related to offload one by one and replace them on your devices WCNSS_qcom_cfg.ini that you opened using Mixplorer.
• If there isn't anything to replace simply add those lines. Don't forget to hit the save button while doing that.
• After that, search for these properties on your WCNSS_qcom_cfg.ini and set them as I did below
RoamRssiDiff=3
g11dSupportEnabled=0
gEnablePowerSaveOffload=5
gRuntimePM=1
RTSThreshold=1048576
gMCAddrListEnable=1
gActiveMaxChannelTime=40
gActiveMinChannelTime=20
gMaxConcurrentActiveSessions=2
If you don't see one of these to replace in your WCNSS_qcom_cfg.ini you should add it.
• Now reboot your phone, give it some time and see if the battery improves. If everything remains the same then go to WCNSS_qcom_cfg.ini using Mixplorer again, find BandCapability, and set it like this -
BandCapability=1
It will disable 5ghz from your phone. I found out most companies release their phones with bad wifi drivers which don't handle the 5ghz wifi band appropriately. Lack of power-saving and not blocking multicast requests properly leads to higher CPU usage and bad battery life.
Again you can set the BandCapability=2 if you want to use 5ghz mode only. If you have a good wifi driver, the battery drain might come from switching between 2.5 and 5ghz so keeping on one of them helps.
• Why qcom_rx wakelock and what is the best fix?
It can occur for several reasons.
- Wifi multicasting. Multicasting can be disabled from IGMP snooping on router settings. You don't need multicasting in your home network at all. But when you're on office wifi or school wifi, it does improve the speed slightly by reducing data loss and interference. It also can be solved the same way but if your school management is like mine, then they might not care if your laptop or phone burns.
- DHCP timers
- A software bug from server-side
- Band switching
- Even interference, if you have a public network with a lot of phones and PCs
There are some more reasons I can not remember now. The best way to fix it is to build a custom kernel with WLAN and qcom_rx blockers/limiters e.g. Franko Kernel.
But sadly a lot of us will never have that unless we make a kernel for ourselves. So as of now, this is the solution I could come up with.
My knowledge of this sector is very little. It would be great if you all could help me get rid of this problem.
I would love it if there was a feature built-in on Android OS to block some kernel wake-locks.
OnePlus phones allow you to turn off multicasting from Developer Options but that makes little to no difference depending on what wifi you are using.
• Very Important :
Depending on you wifi, you can try setting hostArpOffload=0 and hostNsOffload=0
or you can try setting both to 1. Use whichever improves the battery backup. Don't forget to reboot after changing anything.
If you are an expert, please help us. Cause these wakelocks aren't going anywhere. They will give some of us many more sleepless nights.
Thank you for reading. Have a good day!
For those who don't want to change settings they don't understand:
RoamRssiDiff: The difference in signal strength required before phone will switch to a new Access Point. Measured in -dbs. 3 means it will switch APs if the signal strength is 3dbs better than the one in use.
g11dSupportEnabled: WIFI 802.11d
gEnablePowerSaveOffload: Level of Powersave
gRuntimePM: Runtime Powermanagement
RTSThreshold: How long to wait before asking to send wifi packets. Should be as high as possible, only lowered if you have wifi dropouts.
gMCAddrListEnable=1: Drops all Multicast frames except for ARP. You don't want to disable ARP entirely or your internet will break, so don't lower this to 0.
gActiveMaxChannelTime: Time spent scanning.
gActiveMinChannelTime: Ditto
gMaxConcurrentActiveSessions: Self-explanatory
While looking this up I also found gNeighborLookupThreshold or RoamLowRssiThreshold: The signal strength at which the phone starts looking for a new AP (the step before RoamRssiDiff becomes relevant). Typical values are 65-80. Changing this might help too if your phone is switching AP too often or not often enough.
Thanks for this, my device was also affected by this (though not as badly as yours) I've just disabled Multicast from my router.
TrenchFullOfSlime said:
For those who don't want to change settings they don't understand:
RoamRssiDiff: The difference in signal strength required before phone will switch to a new Access Point. Measured in -dbs. 3 means it will switch APs if the signal strength is 3dbs better than the one in use.
g11dSupportEnabled: WIFI 802.11d
gEnablePowerSaveOffload: Level of Powersave
gRuntimePM: Runtime Powermanagement
RTSThreshold: How long to wait before asking to send wifi packets. Should be as high as possible, only lowered if you have wifi dropouts.
gMCAddrListEnable=1: Drops all Multicast frames except for ARP. You don't want to disable ARP entirely or your internet will break, so don't lower this to 0.
gActiveMaxChannelTime: Time spent scanning.
gActiveMinChannelTime: Ditto
gMaxConcurrentActiveSessions: Self-explanatory
While looking this up I also found gNeighborLookupThreshold or RoamLowRssiThreshold: The signal strength at which the phone starts looking for a new AP (the step before RoamRssiDiff becomes relevant). Typical values are 65-80. Changing this might help too if your phone is switching AP too often or not often enough.
Click to expand...
Click to collapse
Cool!
There are some other wakelocks that's bothering me more than qcom_rx and I have no idea what they are!
Could you please tell?
Mario3DS said:
Thanks for this, my device was also affected by this (though not as badly as yours) I've just disabled Multicast from my router.
Click to expand...
Click to collapse
Sadly I'm on school wifi and can't do anything about it!
lpass is a Qualcomm audio subsystem for things like voice based wakeup, and IPCRTR (inter-process communication router) is just how different processes on your phone communicate with each other.
Others have reported these wakelocks too, almost always when they have a wifi/cell connection. Maybe it has to do with voice assistants communicating with their home servers?
TrenchFullOfSlime said:
lpass is a Qualcomm audio subsystem for things like voice based wakeup, and IPCRTR (inter-process communication router) is just how different processes on your phone communicate with each other.
Others have reported these wakelocks too, almost always when they have a wifi/cell connection. Maybe it has to do with voice assistants communicating with their home servers?
Click to expand...
Click to collapse
Well
I asked a kernel dev and he gave exactly the same explanation you gave me. He also said these are necessary and doesn't drain battery too much.
I am on a custom kernel now and wlan, qcom_rx wls are gone.
Thanks for the help
With the new kernel, I'm not seeing Lpass wakelocks much. They are there but limited.
TrenchFullOfSlime said:
lpass is a Qualcomm audio subsystem for things like voice based wakeup, and IPCRTR (inter-process communication router) is just how different processes on your phone communicate with each other.
Others have reported these wakelocks too, almost always when they have a wifi/cell connection. Maybe it has to do with voice assistants communicating with their home servers?
Click to expand...
Click to collapse
I see you've gained quite some knowledge regarding wakelocks. Your explanation was simple and easy to grasp. Could you please guide me to a thread where I can learn more about it?
Thank you so much
I just googled all the terms. Qualcomm publishes some of its stuff (source code and .ini files) with comments, others were referenced in AOSP sources.
Thanks for posting this, with my pixel 4a setting "hostArpOffload" to 0 solved it. NETLINK wakelok are much less and no battery drain.
Although on onePlus 7 pro which I've rooted few days ago none of this is working and NETLINK wakelok is draining battery at 2-3% per hr.
I'll try flashing a different ROM and If found any fix will post it here.
Device1 : Pixel 4a | LineageOS 18.1 | microG
Device2 : OnePlus 7pro | LineageOS 18.1 | microG
Edit : There are many multicast requests and NETBIOS requests too and looks like NETBIOS requests are coming from all the windows machines which are connected via Access point.
Edit:
Tried packet capture and Router is just flooding network with Multicast and ARP traffic.
I'm in the same situation as you since I live in University Campus so no router access, Have no idea how to solve this now.
A viable option is maybe buy your own router then use it as an extender and block all these garbage requests but no idea in extender mode will you be able to block stuff or not.
seated_singer said:
Thanks for posting this, with my pixel 4a setting "hostArpOffload" to 0 solved it. NETLINK wakelok are much less and no battery drain.
Although on onePlus 7 pro which I've rooted few days ago none of this is working and NETLINK wakelok is draining battery at 2-3% per hr.
I'll try flashing a different ROM and If found any fix will post it here.
Device1 : Pixel 4a | LineageOS 18.1 | microG
Device2 : OnePlus 7pro | LineageOS 18.1 | microG
Edit : There are many multicast requests and NETBIOS requests too and looks like NETBIOS requests are coming from all the windows machines which are connected via Access point.
Edit:
Tried packet capture and Router is just flooding network with Multicast and ARP traffic.
I'm in the same situation as you since I live in University Campus so no router access, Have no idea how to solve this now.
A viable option is maybe buy your own router then use it as an extender and block all these garbage requests but no idea in extender mode will you be able to block stuff or not.
Click to expand...
Click to collapse
OP 7 pro is the device you mentioned? I think it has custom kernels with bult in wakelock blockers that automatically blocks wlan, netlink and qcom rx.
Edit: Netlink can be blocked by using Custom kernel others wakelocks are due to ARP network flood. Turning it off from WCNSS_qcom_cfg or blocking introduces another problem of few seconds delay in connection ( due to ARP Resolving issue ) when switching from one access point to another ( only when automatic ) and since I do it quite often when roaming my University campus it's a hassle.
One way to mitigate this ( if you need to keep ARP offloading off ) is by using static IP, worked for me and my roommate too, but not viable since you need root. Finally I have set up my own router, checked and there were no wakelock.
Few of my friends are also facing this battery drain issue not on all Access points but some maybe after complaining authority will fix this.
Note : Netlink is only showing on Android 11/12 with other versions there are other wakelocks.
seated_singer said:
Netlink can't be blocked nor does it show since It's a part of kernel itself, here now about other two they are due to ARP network flood. Turning it off from WCNSS_qcom_cfg or blocking introduces another problem of few seconds delay in connection ( due to ARP Resolving issue ) when switching from one access point to another ( only when automatic ) and since I do it quite often when roaming my University campus it's a hassle.
One way to mitigate this ( if you need to keep ARP offloading off ) is by using static IP, worked for me and my roommate too, but not viable since you need root. Finally I have set up my own router, checked and there were no wakelock.
Few of my friends are also facing this battery drain issue not on all Access points but some maybe after complaining authority will fix this.
Note : Netlink is only showing on Android 11/12 with other versions there are other wakelocks.
Click to expand...
Click to collapse
I have NetLink blocked from kernel.
Some of this problems are impossible to fix from phone. So I contacted school management. They didn't believe me at first then I went to the head office and showed them with Network Log app that records every single packet.
A week later they fixed it. Contact your authority and see if it helps.
Thanks for the info mate, edited. Never thought I have to deal with this stupid WiFi problem.
RyanCr7 said:
Two weeks felt like two years when my phone suddenly started acting odd. High CPU usage, 2x battery drain compared to before, phone heating up while doing simple tasks drove me insane. I thought there might be something wrong with the phone but couldn't find anything so I sent it to the customer service center. All they did was factory reset, installed the latest stock OS, and sent it back which didn't solve my issue.
Thank you for reading. Have a good day!
Click to expand...
Click to collapse
Thanks for sharing, same thing happened to me..
Reading this post and turning off Multicast on both my wifi APs worked!
Just wanted to say that following this advice with all the Offload parameters, my wifi wakelocks have pretty much vanished so far on my nexus 4, i was getting something like 14000 wakelocks in battery guru. Thank you.
I can't understand why they don't specify what commands work for what Qualcomm chipset, since even though that is a newer phone, they still work on an older WiFi chipset, I've been mixing and matching for years.
KitsuneFoxy said:
Just wanted to say that following this advice with all the Offload parameters, my wifi wakelocks have pretty much vanished so far on my nexus 4, i was getting something like 14000 wakelocks in battery guru. Thank you.
I can't understand why they don't specify what commands work for what Qualcomm chipset, since even though that is a newer phone, they still work on an older WiFi chipset, I've been mixing and matching for years.
Click to expand...
Click to collapse
I'm glad it worked for you.