how do I find HA and AAA shared keys? - Nexus S Q&A, Help & Troubleshooting
ha and aaa for frofile 1 and profile 0. after sending spc in qxdm and running "06:18:32.773 requestnvitemread ds_mip_ss_user_prof 0" i get all zeros in return for both secrets and both profiles. also need help with um tether nai and um user id in ppp config(see jpg attchment). will donate 10 or more for a working solution getting my 3g back
06:18:32.898 DIAG RX item:
06:18:32.898 index = 0
06:18:32.898 mn_ha_shared_secret_length = 0x00
06:18:32.898 mn_ha_shared_secret[0] = 0x00
06:18:32.898 mn_ha_shared_secret[1] = 0x00
06:18:32.898 mn_ha_shared_secret[2] = 0x00
06:18:32.898 mn_ha_shared_secret[3] = 0x00
06:18:32.898 mn_ha_shared_secret[4] = 0x00
06:18:32.898 mn_ha_shared_secret[5] = 0x00
06:18:32.898 mn_ha_shared_secret[6] = 0x00
06:18:32.898 mn_ha_shared_secret[7] = 0x00
06:18:32.898 mn_ha_shared_secret[8] = 0x00
06:18:32.898 mn_ha_shared_secret[9] = 0x00
06:18:32.898 mn_ha_shared_secret[10] = 0x00
06:18:32.898 mn_ha_shared_secret[11] = 0x00
06:18:32.898 mn_ha_shared_secret[12] = 0x00
06:18:32.898 mn_ha_shared_secret[13] = 0x00
06:18:32.898 mn_ha_shared_secret[14] = 0x00
06:18:32.898 mn_ha_shared_secret[15] = 0x00
06:18:32.898 mn_aaa_shared_secret_length = 0x00
06:18:32.898 mn_aaa_shared_secret[0] = 0x00
06:18:32.898 mn_aaa_shared_secret[1] = 0x00
06:18:32.898 mn_aaa_shared_secret[2] = 0x00
06:18:32.898 mn_aaa_shared_secret[3] = 0x00
06:18:32.898 mn_aaa_shared_secret[4] = 0x00
06:18:32.898 mn_aaa_shared_secret[5] = 0x00
06:18:32.898 mn_aaa_shared_secret[6] = 0x00
06:18:32.898 mn_aaa_shared_secret[7] = 0x00
06:18:32.898 mn_aaa_shared_secret[8] = 0x00
06:18:32.898 mn_aaa_shared_secret[9] = 0x00
06:18:32.898 mn_aaa_shared_secret[10] = 0x00
06:18:32.898 mn_aaa_shared_secret[11] = 0x00
06:18:32.898 mn_aaa_shared_secret[12] = 0x00
06:18:32.898 mn_aaa_shared_secret[13] = 0x00
06:18:32.898 mn_aaa_shared_secret[14] = 0x00
06:18:32.898 mn_aaa_shared_secret[15] = 0x00
ugggg. cant get my data working.
Related
Strace for Android
Everybody loves strace !
So am I, thats why I compiled a static one you can use on any Android or even.. any ARM Linux system
It's unmodified, compiled with buildroot.
Download it here:
http://project-voodoo.org/downloads/dev-tools/debug/strace.tar.gz
Sample output:
Code:
$ strace ls
execve("/system/bin/ls", ["ls"], [/* 13 vars */]) = 0
set_tls(0xb00182ec, 0, 0xbedd3d14, 0xc, 0xb000c448) = 0
getpid() = 6712
sigaction(SIGILL, {0xb0003441, [], SA_RESTART}, {SIG_DFL, , 0xb000c448) = 0
sigaction(SIGABRT, {0xb0003441, [], SA_RESTART}, {SIG_DFL, , 0) = 0
sigaction(SIGBUS, {0xb0003441, [], SA_RESTART}, {SIG_DFL, , 0) = 0
sigaction(SIGFPE, {0xb0003441, [], SA_RESTART}, {SIG_DFL, , 0) = 0
sigaction(SIGSEGV, {0xb0003441, [], SA_RESTART}, {SIG_DFL, , 0) = 0
sigaction(SIGSTKFLT, {0xb0003441, [], SA_RESTART}, {SIG_DFL, , 0) = 0
sigaction(SIGPIPE, {0xb0003441, [], SA_RESTART}, {SIG_DFL, , 0) = 0
getuid32() = 0
geteuid32() = 0
getgid32() = 2000
getegid32() = 2000
stat64("/system/lib/liblog.so", {st_mode=S_IFREG|0644, st_size=13524, ...}) = 0
open("/system/lib/liblog.so", O_RDONLY|O_LARGEFILE) = 3
lseek(3, 10, SEEK_SET) = 0
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\[email protected]\17\0\0004\0\0\0$"..., 4096) = 4096
lseek(3, 10, SEEK_END) = 13516
read(3, "\0\0\240\257PRE "..., 8) = 8
mmap2(0xafa00000, 16384, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xafa00000
mmap2(0xafa00000, 10716, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED, 3, 0) = 0xafa00000
mprotect(0xafa00000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC) = 0
mmap2(0xafa03000, 372, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0x3) = 0xafa03000
close(3) = 0
stat64("/system/lib/libc.so", {st_mode=S_IFREG|0644, st_size=278276, ...}) = 0
open("/system/lib/libc.so", O_RDONLY|O_LARGEFILE) = 3
lseek(3, 10, SEEK_SET) = 0
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0p\266\0\0004\0\0\0<"..., 4096) = 4096
lseek(3, 10, SEEK_END) = 278268
read(3, "\0\0\320\257PRE "..., 8) = 8
mmap2(0xafd00000, 323584, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xafd00000
mmap2(0xafd00000, 265380, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED, 3, 0) = 0xafd00000
mprotect(0xafd00000, 266240, PROT_READ|PROT_WRITE|PROT_EXEC) = 0
mmap2(0xafd41000, 10028, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0x41) = 0xafd41000
mmap2(0xafd44000, 43648, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xafd44000
close(3) = 0
mprotect(0xafd00000, 266240, PROT_READ|PROT_EXEC) = 0
getuid32() = 0
geteuid32() = 0
getgid32() = 2000
getegid32() = 2000
gettid() = 6712
set_tls(0xafd4a86c, 0xafd4a830, 0, 0x40, 0xafd42328) = 0
mmap2(NULL, 32768, PROT_READ, MAP_SHARED, 9, 0) = 0x40000000
open("/dev/urandom", O_RDONLY|O_LARGEFILE) = 3
read(3, "\301%\364\320"..., 4) = 4
close(3) = 0
stat64("/system/lib/libstdc++.so", {st_mode=S_IFREG|0644, st_size=5272, ...}) = 0
open("/system/lib/libstdc++.so", O_RDONLY|O_LARGEFILE) = 3
lseek(3, 10, SEEK_SET) = 0
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0X\10\0\0004\0\0\0\350"..., 4096) = 4096
lseek(3, 10, SEEK_END) = 5264
read(3, "\0\0\300\257PRE "..., 8) = 8
mmap2(0xafc00000, 8192, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xafc00000
mmap2(0xafc00000, 2864, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED, 3, 0) = 0xafc00000
mprotect(0xafc00000, 4096, PROT_READ|PROT_WRITE|PROT_EXEC) = 0
mmap2(0xafc01000, 232, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0x1) = 0xafc01000
close(3) = 0
mprotect(0xafc00000, 4096, PROT_READ|PROT_EXEC) = 0
getuid32() = 0
geteuid32() = 0
getgid32() = 2000
getegid32() = 2000
stat64("/system/lib/libm.so", {st_mode=S_IFREG|0644, st_size=91088, ...}) = 0
open("/system/lib/libm.so", O_RDONLY|O_LARGEFILE) = 3
lseek(3, 10, SEEK_SET) = 0
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0\250\34\0\0004\0\0\0p"..., 4096) = 4096
lseek(3, 10, SEEK_END) = 91080
read(3, "\0\0\260\257PRE "..., 8) = 8
mmap2(0xafb00000, 94208, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xafb00000
mmap2(0xafb00000, 87548, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED, 3, 0) = 0xafb00000
mprotect(0xafb00000, 90112, PROT_READ|PROT_WRITE|PROT_EXEC) = 0
mmap2(0xafb16000, 208, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0x16) = 0xafb16000
close(3) = 0
mprotect(0xafb00000, 90112, PROT_READ|PROT_EXEC) = 0
getuid32() = 0
geteuid32() = 0
getgid32() = 2000
getegid32() = 2000
mprotect(0xafa00000, 12288, PROT_READ|PROT_EXEC) = 0
getuid32() = 0
geteuid32() = 0
getgid32() = 2000
getegid32() = 2000
stat64("/system/lib/libcutils.so", {st_mode=S_IFREG|0644, st_size=59364, ...}) = 0
open("/system/lib/libcutils.so", O_RDONLY|O_LARGEFILE) = 3
lseek(3, 10, SEEK_SET) = 0
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0d1\0\0004\0\0\0\f"..., 4096) = 4096
lseek(3, 10, SEEK_END) = 59356
read(3, "\0\0\220\257PRE "..., 8) = 8
mmap2(0xaf900000, 122880, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xaf900000
mmap2(0xaf900000, 55296, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED, 3, 0) = 0xaf900000
mprotect(0xaf900000, 57344, PROT_READ|PROT_WRITE|PROT_EXEC) = 0
mmap2(0xaf90e000, 1100, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0xe) = 0xaf90e000
mmap2(0xaf90f000, 57764, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xaf90f000
close(3) = 0
mprotect(0xaf900000, 57344, PROT_READ|PROT_EXEC) = 0
getuid32() = 0
geteuid32() = 0
getgid32() = 2000
getegid32() = 2000
mprotect(0x8000, 77824, PROT_READ|PROT_EXEC) = 0
getuid32() = 0
geteuid32() = 0
getgid32() = 2000
getegid32() = 2000
lstat64(".", {st_mode=S_IFDIR|0755, st_size=0, ...}) = 0
brk(0) = 0x20000
brk(0x20000) = 0x20000
brk(0x22000) = 0x22000
open(".", O_RDONLY|O_LARGEFILE|O_DIRECTORY) = 3
getdents64(3, /* d_reclen == 0, problem here *//* 1 entries */, 4200) = 904
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40008000
mprotect(0x40008000, 4096, PROT_READ) = 0
fstat64(1, {st_mode=S_IFCHR|0600, st_rdev=makedev(136, 1), ...}) = 0
mprotect(0x40008000, 4096, PROT_READ|PROT_WRITE) = 0
mprotect(0x40008000, 4096, PROT_READ) = 0
ioctl(1, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon echo ...}) = 0
write(1, "config\n"..., 7config
) = 7
write(1, "efs\n"..., 4efs
) = 4
write(1, "sdcard\n"..., 7sdcard
) = 7
write(1, "acct\n"..., 5acct
) = 5
write(1, "mnt\n"..., 4mnt
) = 4
write(1, "d\n"..., 2d
) = 2
write(1, "etc\n"..., 4etc
) = 4
write(1, "default.prop\n"..., 13default.prop
) = 13
write(1, "dbdata\n"..., 7dbdata
) = 7
write(1, "cache\n"..., 6cache
) = 6
write(1, "init.smdkc110.rc\n"..., 17init.smdkc110.rc
) = 17
write(1, "lib\n"..., 4lib
) = 4
write(1, "usr\n"..., 4usr
) = 4
write(1, "data\n"..., 5data
) = 5
write(1, "res\n"..., 4res
) = 4
write(1, "modules\n"..., 8modules
) = 8
write(1, "sbin\n"..., 5sbin
) = 5
write(1, "bin\n"..., 4bin
) = 4
write(1, "init.goldfish.rc\n"..., 17init.goldfish.rc
) = 17
write(1, "sys\n"..., 4sys
) = 4
write(1, "init\n"..., 5init
) = 5
write(1, "init_samsung\n"..., 13init_samsung
) = 13
write(1, "recovery.rc\n"..., 12recovery.rc
) = 12
write(1, "dev\n"..., 4dev
) = 4
write(1, "init.rc\n"..., 8init.rc
) = 8
write(1, "voodoo\n"..., 7voodoo
) = 7
write(1, "fota.rc\n"..., 8fota.rc
) = 8
write(1, "lpm.rc\n"..., 7lpm.rc
) = 7
write(1, "proc\n"..., 5proc
) = 5
write(1, "system\n"..., 7system
) = 7
getdents64(3, 0x20018, 4200out of memory
) = 0
close(3) = 0
mprotect(0x40008000, 4096, PROT_READ|PROT_WRITE) = 0
mprotect(0x40008000, 4096, PROT_READ) = 0
munmap(0x40008000, 4096) = 0
exit_group(0) = ?
PS: Sorry if this was done before, i didn't found one easily.
Thanks! strace is a usefull debug tool! bwt, i compiled strace (4.6) too
lovetide said: Thanks! strace is a usefull debug tool! bwt, i compiled strace (4.6) too Click to expand... Click to collapse Hello, the link is now dead, do you recent version 4.6 or 4.7 statically linked?
[UTILITY] STrace 4.8 - Ultimate debugging utility now ported to Android !
about Strace
Android provides Logcat for tracing and debugging Apps , Logcat provides too short information and limited apps also programs has to support logcat or there wo'nt be any log ! this makes Android logcar be completely un-useful in large/advanced programs .
strace is a debugging utility to monitor a program system calls or signals it receives . strace is used while we want to find the reason a program crashes or finding out what causes a process not to work as expected .
strace is much more powerful than Android Logcat . unlike logcat , any process may be monitored by strace also there is no need to rewrite a program for support of strace
usage & downloading
I have ported strace to Android and it works without any bugs
download the lastest binary from this post , move it to /system/bin and set permissions to 755 .
strace has a lot of options you can find by running it using :
Code:
strace --help
most common functions are :
1- using strace to monitor a command :
Code:
strace echo hello
2- using strace to monitor an App/process :
Code:
strace -p 123
(123 is a example , use any other PID you wish )
here is an example of running strace with hello command :
Code:
ALIREZA | strace echo hello
execve("/system/xbin/echo", ["echo", "hello"], [/* 26 vars */]) = 0
mprotect(0x4005d000, 75164, PROT_READ|PROT_WRITE|PROT_EXEC) = 0
mprotect(0x4005d000, 77824, PROT_READ|PROT_EXEC) = 0
mprotect(0x40070000, 4096, PROT_READ) = 0
gettid() = 31648
set_tls(0x40080f6c, 0x40080f30, 0x40081068, 0x40, 0x40080f30) = 0
getpid() = 31648
sigaction(SIGILL, {0x40062ba1, [], SA_RESTART|SA_SIGINFO}, NULL, 0x397a4) = 0
sigaction(SIGABRT, {0x40062ba1, [], SA_RESTART|SA_SIGINFO}, NULL, 0x397a4) = 0
sigaction(SIGBUS, {0x40062ba1, [], SA_RESTART|SA_SIGINFO}, NULL, 0x397a4) = 0
sigaction(SIGFPE, {0x40062ba1, [], SA_RESTART|SA_SIGINFO}, NULL, 0x397a4) = 0
sigaction(SIGSEGV, {0x40062ba1, [], SA_RESTART|SA_SIGINFO}, NULL, 0x397a4) = 0
sigaction(SIGSTKFLT, {0x40062ba1, [], SA_RESTART|SA_SIGINFO}, NULL, 0x397a4) = 0
sigaction(SIGPIPE, {0x40062ba1, [], SA_RESTART|SA_SIGINFO}, NULL, 0x397a4) = 0
mprotect(0x8000, 500100, PROT_READ|PROT_WRITE|PROT_EXEC) = 0
stat64("/vendor/lib/libc.so", 0xbea736b8) = -1 ENOENT (No such file or directory)
stat64("/system/lib/libc.so", {st_mode=S_IFREG|0644, st_size=286596, ...}) = 0
open("/system/lib/libc.so", O_RDONLY) = 7
lseek(7, 0, SEEK_SET) = 0
read(7, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0\0\0\0\0004\0\0\0"..., 4096) = 4096
lseek(7, -8, SEEK_END) = 286588
read(7, "\1\0\0\0\0\0\0\0", 8) = 8
mmap2(NULL, 331776, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x400f7000
madvise(0x400f7000, 331776, 0xc /* MADV_??? */) = 0
mmap2(0x400f7000, 271932, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED, 7, 0) = 0x400f7000
madvise(0x400f7000, 271932, 0xc /* MADV_??? */) = 0
mprotect(0x400f7000, 274432, PROT_READ|PROT_WRITE|PROT_EXEC) = 0
mmap2(0x4013a000, 10344, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 7, 0x43) = 0x4013a000
madvise(0x4013a000, 10344, 0xc /* MADV_??? */) = 0
mmap2(0x4013d000, 45051, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x4013d000
madvise(0x4013d000, 45051, 0xc /* MADV_??? */) = 0
close(7) = 0
mprotect(0x400f7000, 274432, PROT_READ|PROT_EXEC) = 0
stat64("/vendor/lib/liblog.so", 0xbea736b8) = -1 ENOENT (No such file or directory)
stat64("/system/lib/liblog.so", {st_mode=S_IFREG|0644, st_size=13536, ...}) = 0
open("/system/lib/liblog.so", O_RDONLY) = 7
lseek(7, 0, SEEK_SET) = 0
read(7, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0\0\0\0\0004\0\0\0"..., 4096) = 4096
lseek(7, -8, SEEK_END) = 13528
read(7, "\1\0\0\0\0\0\0\0", 8) = 8
mmap2(NULL, 20480, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x4000d000
madvise(0x4000d000, 20480, 0xc /* MADV_??? */) = 0
mmap2(0x4000d000, 11235, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED, 7, 0) = 0x4000d000
madvise(0x4000d000, 11235, 0xc /* MADV_??? */) = 0
mprotect(0x4000d000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC) = 0
mmap2(0x40010000, 4116, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 7, 0x2) = 0x40010000
madvise(0x40010000, 4116, 0xc /* MADV_??? */) = 0
close(7) = 0
stat64("/vendor/lib/libstdc++.so", 0xbea73618) = -1 ENOENT (No such file or directory)
stat64("/system/lib/libstdc++.so", {st_mode=S_IFREG|0644, st_size=5336, ...}) = 0
open("/system/lib/libstdc++.so", O_RDONLY) = 7
lseek(7, 0, SEEK_SET) = 0
read(7, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0\0\0\0\0004\0\0\0"..., 4096) = 4096
lseek(7, -8, SEEK_END) = 5328
read(7, "\1\0\0\0\0\0\0\0", 8) = 8
mmap2(NULL, 12288, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40082000
madvise(0x40082000, 12288, 0xc /* MADV_??? */) = 0
mmap2(0x40082000, 2656, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED, 7, 0) = 0x40082000
madvise(0x40082000, 2656, 0xc /* MADV_??? */) = 0
mprotect(0x40082000, 4096, PROT_READ|PROT_WRITE|PROT_EXEC) = 0
mmap2(0x40083000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 7, 0) = 0x40083000
madvise(0x40083000, 4096, 0xc /* MADV_??? */) = 0
mmap2(0x40084000, 16, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x40084000
madvise(0x40084000, 16, 0xc /* MADV_??? */) = 0
close(7) = 0
mprotect(0x40082000, 4096, PROT_READ|PROT_EXEC) = 0
mprotect(0x40083000, 4096, PROT_READ) = 0
stat64("/vendor/lib/libm.so", 0xbea73618) = -1 ENOENT (No such file or directory)
stat64("/system/lib/libm.so", {st_mode=S_IFREG|0644, st_size=91288, ...}) = 0
open("/system/lib/libm.so", O_RDONLY) = 7
lseek(7, 0, SEEK_SET) = 0
read(7, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0\0\0\0\0004\0\0\0"..., 4096) = 4096
lseek(7, -8, SEEK_END) = 91280
read(7, "\1\0\0\0\0\0\0\0", 8) = 8
mmap2(NULL, 98304, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x400d8000
madvise(0x400d8000, 98304, 0xc /* MADV_??? */) = 0
mmap2(0x400d8000, 85924, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED, 7, 0) = 0x400d8000
madvise(0x400d8000, 85924, 0xc /* MADV_??? */) = 0
mprotect(0x400d8000, 86016, PROT_READ|PROT_WRITE|PROT_EXEC) = 0
mmap2(0x400ee000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 7, 0x15) = 0x400ee000
madvise(0x400ee000, 4096, 0xc /* MADV_??? */) = 0
mmap2(0x400ef000, 32, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x400ef000
madvise(0x400ef000, 32, 0xc /* MADV_??? */) = 0
close(7) = 0
mprotect(0x400d8000, 86016, PROT_READ|PROT_EXEC) = 0
mprotect(0x400ee000, 4096, PROT_READ) = 0
mprotect(0x4000d000, 12288, PROT_READ|PROT_EXEC) = 0
mprotect(0x40010000, 4096, PROT_READ) = 0
stat64("/vendor/lib/libcutils.so", 0xbea736b8) = -1 ENOENT (No such file or directory)
stat64("/system/lib/libcutils.so", {st_mode=S_IFREG|0644, st_size=63252, ...}) = 0
open("/system/lib/libcutils.so", O_RDONLY) = 7
lseek(7, 0, SEEK_SET) = 0
read(7, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0\0\0\0\0004\0\0\0"..., 4096) = 4096
lseek(7, -8, SEEK_END) = 63244
read(7, "\1\0\0\0\0\0\0\0", 8) = 8
mmap2(NULL, 126976, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40148000
madvise(0x40148000, 126976, 0xc /* MADV_??? */) = 0
mmap2(0x40148000, 58972, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED, 7, 0) = 0x40148000
madvise(0x40148000, 58972, 0xc /* MADV_??? */) = 0
mprotect(0x40148000, 61440, PROT_READ|PROT_WRITE|PROT_EXEC) = 0
mmap2(0x40157000, 4620, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 7, 0xe) = 0x40157000
madvise(0x40157000, 4620, 0xc /* MADV_??? */) = 0
mmap2(0x40159000, 57096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x40159000
madvise(0x40159000, 57096, 0xc /* MADV_??? */) = 0
close(7) = 0
mprotect(0x40148000, 61440, PROT_READ|PROT_EXEC) = 0
mprotect(0x40157000, 4096, PROT_READ) = 0
mprotect(0x8000, 503808, PROT_READ|PROT_EXEC) = 0
mmap2(NULL, 49152, PROT_READ, MAP_SHARED, 8, 0) = 0x400a4000
futex(0x40140734, FUTEX_WAKE_PRIVATE, 2147483647) = 0
open("/dev/urandom", O_RDONLY) = 7
read(7, "@\236", 4) = 4
close(7) = 0
clock_gettime(CLOCK_MONOTONIC, {29544, 299349465}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40167000
madvise(0x40167000, 4096, 0xc /* MADV_??? */) = 0
mprotect(0x40167000, 4096, PROT_READ) = 0
getuid32() = 0
brk(0) = 0xf0d000
brk(0xf0d000) = 0xf0d000
brk(0xf0e000) = 0xf0e000
write(1, "hello\n", 6hello
) = 6
mprotect(0x40167000, 4096, PROT_READ|PROT_WRITE) = 0
mprotect(0x40167000, 4096, PROT_READ) = 0
futex(0x4014072c, FUTEX_WAKE_PRIVATE, 2147483647) = 0
munmap(0x40167000, 4096) = 0
exit_group(0) = ?
and now lastest download link :
Download Strace 4.8 from here
license
strace is a free software, you may download source of strace from here
Only 4 downloads ?!
Segfault any attemp to use it! Running on LG P500 (ARMv6) cm-10.2 OK, guess what? Already have it on /system/xbin and that does work.
Very nice tool/utility man..... will try it to solve issues on my roms... thanks man :good: regards, abhi922.
abhi922 said: Very nice tool/utility man..... will try it to solve issues on my roms... thanks man :good: regards, abhi922. Click to expand... Click to collapse Dido, I needed such a tool too. Thanks
Would like to try it, but the download link requires me to sign up for an account. Can't you make this available some other way?
you dont need an account to download. Between the 2 ads is the download button
SVLAN said: you dont need an account to download. Between the 2 ads is the download button Click to expand... Click to collapse Thanks, I got it! I really hate these purposely misleading download sites.
Once i run strace -p 123 it will come back Code: strace: attach: ptrace(PTRACE_ATTACH, ...): Operation not permitted
SVLAN said: Once i run strace -p 123 it will come back Code: strace: attach: ptrace(PTRACE_ATTACH, ...): Operation not permitted Click to expand... Click to collapse I said : (123 is a example , use any other PID you wish ) Click to expand... Click to collapse You must use the a valid PID , 123 is an example . For getting PID of an APP/Process , use the this command in terminal : Code: ps | grep "abc" instead of abc , write the process name you want ! for example : Code: ps | grep "com.android.acore" then search for PID in the output and use it with strace !
SVLAN said: Once i run strace -p 123 it will come back Code: strace: attach: ptrace(PTRACE_ATTACH, ...): Operation not permitted Click to expand... Click to collapse You need to be root to attach to already running processes. I also find the "-f" option useful for more complex executables (which fork new processes). "-o" to write the output to a file can be useful if there is much output.
@alireza7991 Can I use this in the tool in my signature please?
Lgrootnoob said: @alireza7991 Can I use this in the tool in my signature please? Click to expand... Click to collapse This is a free software , You must accept the GNU Public Licence v2 ( or higher ) terms ; after that , you are allowed to use it .
alireza7991 said: This is a free software , You must accept the GNU Public Licence v2 ( or higher ) terms ; after that , you are allowed to use it . Click to expand... Click to collapse Sweet!
Huh? It's a well-known, standard unix utility, being a part of Android distribution since Android 1.6 (although, only in debug builds)... See https://android.googlesource.com/platform/external/strace/ (note all the branches on the left) It's good to make people aware of it, though, as it's a very useful tool for debugging some kinds of issues.
tom3q said: Huh? It's a well-known, standard unix utility, being a part of Android distribution since Android 1.6 (although, only in debug builds)... See https://android.googlesource.com/platform/external/strace/ (note all the branches on the left) It's good to make people aware of it, though, as it's a very useful tool for debugging some kinds of issues. Click to expand... Click to collapse I haven't seen it, but its just in android sources and only in debug builds for debugging the android but This is a standalone build of latest STrace suitable for developers to debug their APPs . Developers will not download and compile whole android for just having a dynamicly linked strace . Another thing , why most of you are saying its a well-known/popular linux utility ... , did I say it is not ????
Segfaults on Razr i (intel atom x86).
alireza7991 said: I haven't seen it, but its just in android sources and only in debug builds for debugging the android but This is a standalone build of latest STrace suitable for developers to debug their APPs . Developers will not download and compile whole android for just having a dynamicly linked strace . Another thing , why most of you are saying its a well-known/popular linux utility ... , did I say it is not ???? Click to expand... Click to collapse But that's something that's popular to do here, a lot of people download the sources and compile the ROMs they run from source. Additionally, this is probably included in every custom ROM out there. My CM10.2 install has the utility built in. There's no need to be defensive, the RD that's replying to you is just providing links for more reading. The better informed the users of this site are, the more cool stuff we'll see in the future. Thanks for your strace build!
r3tr0g4m3r said: Segfaults on Razr i (intel atom x86). Click to expand... Click to collapse This does not work on X86 based platforms.
There're quite a few blog posts on the net about compiling strace from source. Eg. http://discuz-android.blogspot.com/2008/01/create-google-android-strace-tool.html I've created a precompiled tgz package that you can extract into the root of your filesystem and it'll put strace into /data/local (i.e. /data/local/bin/strace). http://muzso.hu/node/4869 I prefer my utilities in /data/local.
[Completed] [Q] Rooting Nobis (Digiin) NB7850S?
This tablet has a 7.85" 1024x768 screen, front and rear cameras. It's different from the other Nobis tablets with 7" or 9" screens. Staples has been selling tons of them. Quite a nice tablet with aluminum housing. Here's a dump from CPU-Z http://valid.canardpc.com/a/p5fcu9
Galane said: This tablet has a 7.85" 1024x768 screen, front and rear cameras. It's different from the other Nobis tablets with 7" or 9" screens. Staples has been selling tons of them. Quite a nice tablet with aluminum housing. Here's a dump from CPU-Z http://valid.canardpc.com/a/p5fcu9 Click to expand... Click to collapse Sorry ... nothing found for your device on xda. You can check the most popular/common rooting methods, e.g.: How to Root Any Device How To Root Any Android Device [UNIVERSAL GUIDE] Root Any Android Device Manually ! Root any Android device (without pc n in one click) [TOOL] Rootx 2.2 (Rev 3 )- Root almost all android devices ... Good luck !
No dice so far. Nothing can find it through USB. Yes, I have USB Debugging enabled and unknown locations on too. Here's what USBview shows. Code: [Port1] : USB Composite Device Device Power State: PowerDeviceD0 ---===>Device Information<===--- English product name: "Android" ConnectionStatus: Current Config Value: 0x01 -> Device Bus Speed: High Device Address: 0x02 Open Pipes: 5 ===>Device Descriptor<=== bLength: 0x12 bDescriptorType: 0x01 bcdUSB: 0x0200 bDeviceClass: 0x00 -> This is an Interface Class Defined Device bDeviceSubClass: 0x00 bDeviceProtocol: 0x00 bMaxPacketSize0: 0x40 = (64) Bytes idVendor: 0x2922 = Vendor ID not listed with USB.org as of 02-15-2012 idProduct: 0x0007 bcdDevice: 0x0233 iManufacturer: 0x02 English (United States) "USB Developer" iProduct: 0x03 English (United States) "Android" iSerialNumber: 0x04 English (United States) "51804e43d4676840d08" bNumConfigurations: 0x01 ---===>Open Pipes<===--- ===>Endpoint Descriptor<=== bLength: 0x07 bDescriptorType: 0x05 bEndpointAddress: 0x81 -> Direction: IN - EndpointID: 1 bmAttributes: 0x02 -> Bulk Transfer Type wMaxPacketSize: 0x0200 = 0x200 max bytes bInterval: 0x00 ===>Endpoint Descriptor<=== bLength: 0x07 bDescriptorType: 0x05 bEndpointAddress: 0x01 -> Direction: OUT - EndpointID: 1 bmAttributes: 0x02 -> Bulk Transfer Type wMaxPacketSize: 0x0200 = 0x200 max bytes bInterval: 0x00 ===>Endpoint Descriptor<=== bLength: 0x07 bDescriptorType: 0x05 bEndpointAddress: 0x84 -> Direction: IN - EndpointID: 4 bmAttributes: 0x03 -> Interrupt Transfer Type wMaxPacketSize: 0x001C = 1 transactions per microframe, 0x1C max bytes bInterval: 0x06 ===>Endpoint Descriptor<=== bLength: 0x07 bDescriptorType: 0x05 bEndpointAddress: 0x82 -> Direction: IN - EndpointID: 2 bmAttributes: 0x02 -> Bulk Transfer Type wMaxPacketSize: 0x0200 = 0x200 max bytes bInterval: 0x00 ===>Endpoint Descriptor<=== bLength: 0x07 bDescriptorType: 0x05 bEndpointAddress: 0x02 -> Direction: OUT - EndpointID: 2 bmAttributes: 0x02 -> Bulk Transfer Type wMaxPacketSize: 0x0200 = 0x200 max bytes bInterval: 0x00 ---===>Full Configuration Descriptor<===--- ===>Configuration Descriptor<=== bLength: 0x09 bDescriptorType: 0x02 wTotalLength: 0x003E -> Validated bNumInterfaces: 0x02 bConfigurationValue: 0x01 iConfiguration: 0x00 bmAttributes: 0xC0 -> Self Powered MaxPower: 0xFA = 500 mA ===>Interface Descriptor<=== bLength: 0x09 bDescriptorType: 0x04 bInterfaceNumber: 0x00 bAlternateSetting: 0x00 bNumEndpoints: 0x03 bInterfaceClass: 0xFF -> Interface Class Unknown to USBView bInterfaceSubClass: 0xFF bInterfaceProtocol: 0x00 iInterface: 0x05 English (United States) "MTP" ===>Endpoint Descriptor<=== bLength: 0x07 bDescriptorType: 0x05 bEndpointAddress: 0x81 -> Direction: IN - EndpointID: 1 bmAttributes: 0x02 -> Bulk Transfer Type wMaxPacketSize: 0x0200 = 0x200 max bytes bInterval: 0x00 ===>Endpoint Descriptor<=== bLength: 0x07 bDescriptorType: 0x05 bEndpointAddress: 0x01 -> Direction: OUT - EndpointID: 1 bmAttributes: 0x02 -> Bulk Transfer Type wMaxPacketSize: 0x0200 = 0x200 max bytes bInterval: 0x00 ===>Endpoint Descriptor<=== bLength: 0x07 bDescriptorType: 0x05 bEndpointAddress: 0x84 -> Direction: IN - EndpointID: 4 bmAttributes: 0x03 -> Interrupt Transfer Type wMaxPacketSize: 0x001C = 1 transactions per microframe, 0x1C max bytes bInterval: 0x06 ===>Interface Descriptor<=== bLength: 0x09 bDescriptorType: 0x04 bInterfaceNumber: 0x01 bAlternateSetting: 0x00 bNumEndpoints: 0x02 bInterfaceClass: 0xFF -> Interface Class Unknown to USBView bInterfaceSubClass: 0x42 bInterfaceProtocol: 0x01 iInterface: 0x00 ===>Endpoint Descriptor<=== bLength: 0x07 bDescriptorType: 0x05 bEndpointAddress: 0x82 -> Direction: IN - EndpointID: 2 bmAttributes: 0x02 -> Bulk Transfer Type wMaxPacketSize: 0x0200 = 0x200 max bytes bInterval: 0x00 ===>Endpoint Descriptor<=== bLength: 0x07 bDescriptorType: 0x05 bEndpointAddress: 0x02 -> Direction: OUT - EndpointID: 2 bmAttributes: 0x02 -> Bulk Transfer Type wMaxPacketSize: 0x0200 = 0x200 max bytes bInterval: 0x00
Galane said: No dice so far. Nothing can find it through USB. Yes, I have USB Debugging enabled and unknown locations on too. Here's what USBview shows. Code: [Port1] : USB Composite Device Device Power State: PowerDeviceD0 ---===>Device Information<===--- English product name: "Android" ConnectionStatus: Current Config Value: 0x01 -> Device Bus Speed: High Device Address: 0x02 Open Pipes: 5 ===>Device Descriptor<=== bLength: 0x12 bDescriptorType: 0x01 bcdUSB: 0x0200 bDeviceClass: 0x00 -> This is an Interface Class Defined Device bDeviceSubClass: 0x00 bDeviceProtocol: 0x00 bMaxPacketSize0: 0x40 = (64) Bytes idVendor: 0x2922 = Vendor ID not listed with USB.org as of 02-15-2012 idProduct: 0x0007 bcdDevice: 0x0233 iManufacturer: 0x02 English (United States) "USB Developer" iProduct: 0x03 English (United States) "Android" iSerialNumber: 0x04 English (United States) "51804e43d4676840d08" bNumConfigurations: 0x01 ---===>Open Pipes<===--- ===>Endpoint Descriptor<=== bLength: 0x07 bDescriptorType: 0x05 bEndpointAddress: 0x81 -> Direction: IN - EndpointID: 1 bmAttributes: 0x02 -> Bulk Transfer Type wMaxPacketSize: 0x0200 = 0x200 max bytes bInterval: 0x00 ===>Endpoint Descriptor<=== bLength: 0x07 bDescriptorType: 0x05 bEndpointAddress: 0x01 -> Direction: OUT - EndpointID: 1 bmAttributes: 0x02 -> Bulk Transfer Type wMaxPacketSize: 0x0200 = 0x200 max bytes bInterval: 0x00 ===>Endpoint Descriptor<=== bLength: 0x07 bDescriptorType: 0x05 bEndpointAddress: 0x84 -> Direction: IN - EndpointID: 4 bmAttributes: 0x03 -> Interrupt Transfer Type wMaxPacketSize: 0x001C = 1 transactions per microframe, 0x1C max bytes bInterval: 0x06 ===>Endpoint Descriptor<=== bLength: 0x07 bDescriptorType: 0x05 bEndpointAddress: 0x82 -> Direction: IN - EndpointID: 2 bmAttributes: 0x02 -> Bulk Transfer Type wMaxPacketSize: 0x0200 = 0x200 max bytes bInterval: 0x00 ===>Endpoint Descriptor<=== bLength: 0x07 bDescriptorType: 0x05 bEndpointAddress: 0x02 -> Direction: OUT - EndpointID: 2 bmAttributes: 0x02 -> Bulk Transfer Type wMaxPacketSize: 0x0200 = 0x200 max bytes bInterval: 0x00 ---===>Full Configuration Descriptor<===--- ===>Configuration Descriptor<=== bLength: 0x09 bDescriptorType: 0x02 wTotalLength: 0x003E -> Validated bNumInterfaces: 0x02 bConfigurationValue: 0x01 iConfiguration: 0x00 bmAttributes: 0xC0 -> Self Powered MaxPower: 0xFA = 500 mA ===>Interface Descriptor<=== bLength: 0x09 bDescriptorType: 0x04 bInterfaceNumber: 0x00 bAlternateSetting: 0x00 bNumEndpoints: 0x03 bInterfaceClass: 0xFF -> Interface Class Unknown to USBView bInterfaceSubClass: 0xFF bInterfaceProtocol: 0x00 iInterface: 0x05 English (United States) "MTP" ===>Endpoint Descriptor<=== bLength: 0x07 bDescriptorType: 0x05 bEndpointAddress: 0x81 -> Direction: IN - EndpointID: 1 bmAttributes: 0x02 -> Bulk Transfer Type wMaxPacketSize: 0x0200 = 0x200 max bytes bInterval: 0x00 ===>Endpoint Descriptor<=== bLength: 0x07 bDescriptorType: 0x05 bEndpointAddress: 0x01 -> Direction: OUT - EndpointID: 1 bmAttributes: 0x02 -> Bulk Transfer Type wMaxPacketSize: 0x0200 = 0x200 max bytes bInterval: 0x00 ===>Endpoint Descriptor<=== bLength: 0x07 bDescriptorType: 0x05 bEndpointAddress: 0x84 -> Direction: IN - EndpointID: 4 bmAttributes: 0x03 -> Interrupt Transfer Type wMaxPacketSize: 0x001C = 1 transactions per microframe, 0x1C max bytes bInterval: 0x06 ===>Interface Descriptor<=== bLength: 0x09 bDescriptorType: 0x04 bInterfaceNumber: 0x01 bAlternateSetting: 0x00 bNumEndpoints: 0x02 bInterfaceClass: 0xFF -> Interface Class Unknown to USBView bInterfaceSubClass: 0x42 bInterfaceProtocol: 0x01 iInterface: 0x00 ===>Endpoint Descriptor<=== bLength: 0x07 bDescriptorType: 0x05 bEndpointAddress: 0x82 -> Direction: IN - EndpointID: 2 bmAttributes: 0x02 -> Bulk Transfer Type wMaxPacketSize: 0x0200 = 0x200 max bytes bInterval: 0x00 ===>Endpoint Descriptor<=== bLength: 0x07 bDescriptorType: 0x05 bEndpointAddress: 0x02 -> Direction: OUT - EndpointID: 2 bmAttributes: 0x02 -> Bulk Transfer Type wMaxPacketSize: 0x0200 = 0x200 max bytes bInterval: 0x00 Click to expand... Click to collapse Sorry to hear this. But you can ask in the General discussion > Questions and Answers forum. Maybe there someone has a good idea.
Thread closed and thank you.
[Q] Rooting Nobis (Digiin) NB7850S?
This is a 7.85" 1024x768 tablet running Android 4.4. That's 4.4.nothing. It's not the 7" or the 9" Nobis tablet. Staples has sold a bajillion of these nice aluminum cased tablets and so far it looks like nobody has done anything towards rooting this model. Web searches get "You *really* meant this *other* Nobis 7" or 9" tablet, right?" or "helpful" suggestions that I meant rooting some completely different Android device. (Web search engines are rapidly becoming nearly useless for finding obscure data.) Tried framaroot 1.9.3, Cydia Impactor, RootX and TowelRoot. Negative result all around. Yes, I did have USB debugging and unknown locations checked on the tablet. Nothing can find it via ADB, even after installing the Android dev kit on x64 Win 7 and manually starting the ADB server. CPU-Z dump http://valid.canardpc.com/a/p5fcu9 From USBview Code: [Port1] : USB Composite Device Device Power State: PowerDeviceD0 ---===>Device Information<===--- English product name: "Android" ConnectionStatus: Current Config Value: 0x01 -> Device Bus Speed: High Device Address: 0x02 Open Pipes: 5 ===>Device Descriptor<=== bLength: 0x12 bDescriptorType: 0x01 bcdUSB: 0x0200 bDeviceClass: 0x00 -> This is an Interface Class Defined Device bDeviceSubClass: 0x00 bDeviceProtocol: 0x00 bMaxPacketSize0: 0x40 = (64) Bytes idVendor: 0x2922 = Vendor ID not listed with USB.org as of 02-15-2012 idProduct: 0x0007 bcdDevice: 0x0233 iManufacturer: 0x02 English (United States) "USB Developer" iProduct: 0x03 English (United States) "Android" iSerialNumber: 0x04 English (United States) "51804e43d4676840d08" bNumConfigurations: 0x01 ---===>Open Pipes<===--- ===>Endpoint Descriptor<=== bLength: 0x07 bDescriptorType: 0x05 bEndpointAddress: 0x81 -> Direction: IN - EndpointID: 1 bmAttributes: 0x02 -> Bulk Transfer Type wMaxPacketSize: 0x0200 = 0x200 max bytes bInterval: 0x00 ===>Endpoint Descriptor<=== bLength: 0x07 bDescriptorType: 0x05 bEndpointAddress: 0x01 -> Direction: OUT - EndpointID: 1 bmAttributes: 0x02 -> Bulk Transfer Type wMaxPacketSize: 0x0200 = 0x200 max bytes bInterval: 0x00 ===>Endpoint Descriptor<=== bLength: 0x07 bDescriptorType: 0x05 bEndpointAddress: 0x84 -> Direction: IN - EndpointID: 4 bmAttributes: 0x03 -> Interrupt Transfer Type wMaxPacketSize: 0x001C = 1 transactions per microframe, 0x1C max bytes bInterval: 0x06 ===>Endpoint Descriptor<=== bLength: 0x07 bDescriptorType: 0x05 bEndpointAddress: 0x82 -> Direction: IN - EndpointID: 2 bmAttributes: 0x02 -> Bulk Transfer Type wMaxPacketSize: 0x0200 = 0x200 max bytes bInterval: 0x00 ===>Endpoint Descriptor<=== bLength: 0x07 bDescriptorType: 0x05 bEndpointAddress: 0x02 -> Direction: OUT - EndpointID: 2 bmAttributes: 0x02 -> Bulk Transfer Type wMaxPacketSize: 0x0200 = 0x200 max bytes bInterval: 0x00 ---===>Full Configuration Descriptor<===--- ===>Configuration Descriptor<=== bLength: 0x09 bDescriptorType: 0x02 wTotalLength: 0x003E -> Validated bNumInterfaces: 0x02 bConfigurationValue: 0x01 iConfiguration: 0x00 bmAttributes: 0xC0 -> Self Powered MaxPower: 0xFA = 500 mA ===>Interface Descriptor<=== bLength: 0x09 bDescriptorType: 0x04 bInterfaceNumber: 0x00 bAlternateSetting: 0x00 bNumEndpoints: 0x03 bInterfaceClass: 0xFF -> Interface Class Unknown to USBView bInterfaceSubClass: 0xFF bInterfaceProtocol: 0x00 iInterface: 0x05 English (United States) "MTP" ===>Endpoint Descriptor<=== bLength: 0x07 bDescriptorType: 0x05 bEndpointAddress: 0x81 -> Direction: IN - EndpointID: 1 bmAttributes: 0x02 -> Bulk Transfer Type wMaxPacketSize: 0x0200 = 0x200 max bytes bInterval: 0x00 ===>Endpoint Descriptor<=== bLength: 0x07 bDescriptorType: 0x05 bEndpointAddress: 0x01 -> Direction: OUT - EndpointID: 1 bmAttributes: 0x02 -> Bulk Transfer Type wMaxPacketSize: 0x0200 = 0x200 max bytes bInterval: 0x00 ===>Endpoint Descriptor<=== bLength: 0x07 bDescriptorType: 0x05 bEndpointAddress: 0x84 -> Direction: IN - EndpointID: 4 bmAttributes: 0x03 -> Interrupt Transfer Type wMaxPacketSize: 0x001C = 1 transactions per microframe, 0x1C max bytes bInterval: 0x06 ===>Interface Descriptor<=== bLength: 0x09 bDescriptorType: 0x04 bInterfaceNumber: 0x01 bAlternateSetting: 0x00 bNumEndpoints: 0x02 bInterfaceClass: 0xFF -> Interface Class Unknown to USBView bInterfaceSubClass: 0x42 bInterfaceProtocol: 0x01 iInterface: 0x00 ===>Endpoint Descriptor<=== bLength: 0x07 bDescriptorType: 0x05 bEndpointAddress: 0x82 -> Direction: IN - EndpointID: 2 bmAttributes: 0x02 -> Bulk Transfer Type wMaxPacketSize: 0x0200 = 0x200 max bytes bInterval: 0x00 ===>Endpoint Descriptor<=== bLength: 0x07 bDescriptorType: 0x05 bEndpointAddress: 0x02 -> Direction: OUT - EndpointID: 2 bmAttributes: 0x02 -> Bulk Transfer Type wMaxPacketSize: 0x0200 = 0x200 max bytes bInterval: 0x00
If I can get a guarantee that I'll get the tablet back, I'll send it to someone to root it. Or I'll sell it at a good price. Such a shame that this sturdy, good performing and extremely plentiful tablet has been totally ignored by the Android dev and hacking community.
Possible solution for "ERROR: S_NOT_ENOUGH_STORAGE_SPACE (1011)"
ERROR: S_NOT_ENOUGH_STORAGE_SPACE (1011) If you get an error "ERROR: S_NOT_ENOUGH_STORAGE_SPACE (1011)" while trying to flash the phone, try the following steps: 1) Make a complete (all checkboxes selected) memory test on the "Memory Test" tab, in my case the test produced the following data: ============ Memory Detection Report =========== Internal RAM: External RAM: Type = DRAM Size = 0x20000000 (512MB / 4096Mb) NAND Flash: ERROR: NAND Flash was not detected! EMMC: EMMC_PART_BOOT1 Size = 0x0000000000200000 (2MB) EMMC_PART_BOOT2 Size = 0x0000000000200000 (2MB) EMMC_PART_RPMB Size = 0x0000000000080000 (0MB) EMMC_PART_GP1 Size = 0x0000000000000000 (0MB) EMMC_PART_GP2 Size = 0x0000000000000000 (0MB) EMMC_PART_GP3 Size = 0x0000000000000000 (0MB) EMMC_PART_GP4 Size = 0x0000000000000000 (0MB) EMMC_PART_USER Size = 0x00000000ec000000 (3776MB) UFS: ERROR: UFS was not detected! ============ RAM Test ============ Data Bus Test: [D0] [D1] [D2] [D3] [D4] [D5] [D6] [D7] [D8] [D9] [D10] [D11] [D12] [D13] [D14] [D15] [D16] [D17] [D18] [D19] [D20] [D21] [D22] [D23] [D24] [D25] [D26] [D27] [D28] [D29] [D30] [D31] OK !! Address Bus Test: [A1] [A2] [A3] [A4] [A5] [A6] [A7] [A8] [A9] [A10] [A11] [A12] [A13] [A14] [A15] [A16] [A17] [A18] [A19] [A20] [A21] [A22] [A23] [A24] [A25] [A26] [A27] [A28] OK !! RAM Pattern Test: Writing ... 0x44332211, 0xA5A5A5A5, 0xA5A5A500, 0xA500A500, 0xA5000000, 0x00000000, 0xFFFF0000, 0xFFFFFFFF, OK !! Increment / Decrement Test: Writing ... OK !! ============================================ The line with the maximum address "EMMC_PART_USER Size = 0x00000000ec000000 (3776MB)" is important here, for correct understanding, the leading zeros are deleted by translating to the normal form "0xEC000000", if there are several blocks with start addresses greater than "0xEC000000" in the file "scatter" "SP Flash Tool" produces the message "ERROR: S_NOT_ENOUGH_STORAGE_SPACE (1011)" and does not allow to flash. 2) Open the file "scatter" in a text editor (preferably in Notepad ++) and look for all the blocks "partition_index:" with "linear_start_addr:" more than "0xEC000000" and remove these blocks, except the "partition_name: BMTPOOL" block if it is not deleted it is possible to restore IMEI through the engineering menu. In my case at the end of the "scatter" there were two blocks with addresses greater than "0xEC000000": - partition_index: SYS21 partition_name: RSV_OTP file_name: NONE is_download: false type: NONE linear_start_addr: 0xFFFF0200 physical_start_addr: 0xFEFF0200 partition_size: 0x2B00000 region: EMMC_USER storage: HW_STORAGE_EMMC boundary_check: true is_reserved: false operation_type: INVISIBLE reserve: 0x00 - partition_index: SYS22 partition_name: BMTPOOL file_name: NONE is_download: false type: NONE linear_start_addr: 0xFFFF00A8 physical_start_addr: 0xFFFF00A8 partition_size: 0x1500000 region: EMMC_USER storage: HW_STORAGE_EMMC boundary_check: false is_reserved: true operation_type: RESERVED reserve: 0x00 ============================================= 3) I only deleted the "partition_name: RSV_OTP" block (although I do not know what it is for), I saved the file, rebooted it in the "SP Flash Tool" and sewed it (If necessary with the "Format All + Download" option selected). At me all was made, after the firmware at once it was loaded in "Recovery" Made all the "Wipe" and rebooted, after the load, it rebuilt IMEI through the engineering menu, checked everything seems to work. Special thanks to sterbin29 for the tip on the problem.