how do I find HA and AAA shared keys? - Nexus S Q&A, Help & Troubleshooting

ha and aaa for frofile 1 and profile 0. after sending spc in qxdm and running "06:18:32.773 requestnvitemread ds_mip_ss_user_prof 0" i get all zeros in return for both secrets and both profiles. also need help with um tether nai and um user id in ppp config(see jpg attchment). will donate 10 or more for a working solution getting my 3g back
06:18:32.898 DIAG RX item:
06:18:32.898 index = 0
06:18:32.898 mn_ha_shared_secret_length = 0x00
06:18:32.898 mn_ha_shared_secret[0] = 0x00
06:18:32.898 mn_ha_shared_secret[1] = 0x00
06:18:32.898 mn_ha_shared_secret[2] = 0x00
06:18:32.898 mn_ha_shared_secret[3] = 0x00
06:18:32.898 mn_ha_shared_secret[4] = 0x00
06:18:32.898 mn_ha_shared_secret[5] = 0x00
06:18:32.898 mn_ha_shared_secret[6] = 0x00
06:18:32.898 mn_ha_shared_secret[7] = 0x00
06:18:32.898 mn_ha_shared_secret[8] = 0x00
06:18:32.898 mn_ha_shared_secret[9] = 0x00
06:18:32.898 mn_ha_shared_secret[10] = 0x00
06:18:32.898 mn_ha_shared_secret[11] = 0x00
06:18:32.898 mn_ha_shared_secret[12] = 0x00
06:18:32.898 mn_ha_shared_secret[13] = 0x00
06:18:32.898 mn_ha_shared_secret[14] = 0x00
06:18:32.898 mn_ha_shared_secret[15] = 0x00
06:18:32.898 mn_aaa_shared_secret_length = 0x00
06:18:32.898 mn_aaa_shared_secret[0] = 0x00
06:18:32.898 mn_aaa_shared_secret[1] = 0x00
06:18:32.898 mn_aaa_shared_secret[2] = 0x00
06:18:32.898 mn_aaa_shared_secret[3] = 0x00
06:18:32.898 mn_aaa_shared_secret[4] = 0x00
06:18:32.898 mn_aaa_shared_secret[5] = 0x00
06:18:32.898 mn_aaa_shared_secret[6] = 0x00
06:18:32.898 mn_aaa_shared_secret[7] = 0x00
06:18:32.898 mn_aaa_shared_secret[8] = 0x00
06:18:32.898 mn_aaa_shared_secret[9] = 0x00
06:18:32.898 mn_aaa_shared_secret[10] = 0x00
06:18:32.898 mn_aaa_shared_secret[11] = 0x00
06:18:32.898 mn_aaa_shared_secret[12] = 0x00
06:18:32.898 mn_aaa_shared_secret[13] = 0x00
06:18:32.898 mn_aaa_shared_secret[14] = 0x00
06:18:32.898 mn_aaa_shared_secret[15] = 0x00
ugggg. cant get my data working.

Related

Strace for Android

Everybody loves strace !
So am I, thats why I compiled a static one you can use on any Android or even.. any ARM Linux system
It's unmodified, compiled with buildroot.
Download it here:
http://project-voodoo.org/downloads/dev-tools/debug/strace.tar.gz
Sample output:
Code:
$ strace ls
execve("/system/bin/ls", ["ls"], [/* 13 vars */]) = 0
set_tls(0xb00182ec, 0, 0xbedd3d14, 0xc, 0xb000c448) = 0
getpid() = 6712
sigaction(SIGILL, {0xb0003441, [], SA_RESTART}, {SIG_DFL, , 0xb000c448) = 0
sigaction(SIGABRT, {0xb0003441, [], SA_RESTART}, {SIG_DFL, , 0) = 0
sigaction(SIGBUS, {0xb0003441, [], SA_RESTART}, {SIG_DFL, , 0) = 0
sigaction(SIGFPE, {0xb0003441, [], SA_RESTART}, {SIG_DFL, , 0) = 0
sigaction(SIGSEGV, {0xb0003441, [], SA_RESTART}, {SIG_DFL, , 0) = 0
sigaction(SIGSTKFLT, {0xb0003441, [], SA_RESTART}, {SIG_DFL, , 0) = 0
sigaction(SIGPIPE, {0xb0003441, [], SA_RESTART}, {SIG_DFL, , 0) = 0
getuid32() = 0
geteuid32() = 0
getgid32() = 2000
getegid32() = 2000
stat64("/system/lib/liblog.so", {st_mode=S_IFREG|0644, st_size=13524, ...}) = 0
open("/system/lib/liblog.so", O_RDONLY|O_LARGEFILE) = 3
lseek(3, 10, SEEK_SET) = 0
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\[email protected]\17\0\0004\0\0\0$"..., 4096) = 4096
lseek(3, 10, SEEK_END) = 13516
read(3, "\0\0\240\257PRE "..., 8) = 8
mmap2(0xafa00000, 16384, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xafa00000
mmap2(0xafa00000, 10716, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED, 3, 0) = 0xafa00000
mprotect(0xafa00000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC) = 0
mmap2(0xafa03000, 372, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0x3) = 0xafa03000
close(3) = 0
stat64("/system/lib/libc.so", {st_mode=S_IFREG|0644, st_size=278276, ...}) = 0
open("/system/lib/libc.so", O_RDONLY|O_LARGEFILE) = 3
lseek(3, 10, SEEK_SET) = 0
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0p\266\0\0004\0\0\0<"..., 4096) = 4096
lseek(3, 10, SEEK_END) = 278268
read(3, "\0\0\320\257PRE "..., 8) = 8
mmap2(0xafd00000, 323584, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xafd00000
mmap2(0xafd00000, 265380, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED, 3, 0) = 0xafd00000
mprotect(0xafd00000, 266240, PROT_READ|PROT_WRITE|PROT_EXEC) = 0
mmap2(0xafd41000, 10028, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0x41) = 0xafd41000
mmap2(0xafd44000, 43648, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xafd44000
close(3) = 0
mprotect(0xafd00000, 266240, PROT_READ|PROT_EXEC) = 0
getuid32() = 0
geteuid32() = 0
getgid32() = 2000
getegid32() = 2000
gettid() = 6712
set_tls(0xafd4a86c, 0xafd4a830, 0, 0x40, 0xafd42328) = 0
mmap2(NULL, 32768, PROT_READ, MAP_SHARED, 9, 0) = 0x40000000
open("/dev/urandom", O_RDONLY|O_LARGEFILE) = 3
read(3, "\301%\364\320"..., 4) = 4
close(3) = 0
stat64("/system/lib/libstdc++.so", {st_mode=S_IFREG|0644, st_size=5272, ...}) = 0
open("/system/lib/libstdc++.so", O_RDONLY|O_LARGEFILE) = 3
lseek(3, 10, SEEK_SET) = 0
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0X\10\0\0004\0\0\0\350"..., 4096) = 4096
lseek(3, 10, SEEK_END) = 5264
read(3, "\0\0\300\257PRE "..., 8) = 8
mmap2(0xafc00000, 8192, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xafc00000
mmap2(0xafc00000, 2864, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED, 3, 0) = 0xafc00000
mprotect(0xafc00000, 4096, PROT_READ|PROT_WRITE|PROT_EXEC) = 0
mmap2(0xafc01000, 232, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0x1) = 0xafc01000
close(3) = 0
mprotect(0xafc00000, 4096, PROT_READ|PROT_EXEC) = 0
getuid32() = 0
geteuid32() = 0
getgid32() = 2000
getegid32() = 2000
stat64("/system/lib/libm.so", {st_mode=S_IFREG|0644, st_size=91088, ...}) = 0
open("/system/lib/libm.so", O_RDONLY|O_LARGEFILE) = 3
lseek(3, 10, SEEK_SET) = 0
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0\250\34\0\0004\0\0\0p"..., 4096) = 4096
lseek(3, 10, SEEK_END) = 91080
read(3, "\0\0\260\257PRE "..., 8) = 8
mmap2(0xafb00000, 94208, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xafb00000
mmap2(0xafb00000, 87548, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED, 3, 0) = 0xafb00000
mprotect(0xafb00000, 90112, PROT_READ|PROT_WRITE|PROT_EXEC) = 0
mmap2(0xafb16000, 208, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0x16) = 0xafb16000
close(3) = 0
mprotect(0xafb00000, 90112, PROT_READ|PROT_EXEC) = 0
getuid32() = 0
geteuid32() = 0
getgid32() = 2000
getegid32() = 2000
mprotect(0xafa00000, 12288, PROT_READ|PROT_EXEC) = 0
getuid32() = 0
geteuid32() = 0
getgid32() = 2000
getegid32() = 2000
stat64("/system/lib/libcutils.so", {st_mode=S_IFREG|0644, st_size=59364, ...}) = 0
open("/system/lib/libcutils.so", O_RDONLY|O_LARGEFILE) = 3
lseek(3, 10, SEEK_SET) = 0
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0d1\0\0004\0\0\0\f"..., 4096) = 4096
lseek(3, 10, SEEK_END) = 59356
read(3, "\0\0\220\257PRE "..., 8) = 8
mmap2(0xaf900000, 122880, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xaf900000
mmap2(0xaf900000, 55296, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED, 3, 0) = 0xaf900000
mprotect(0xaf900000, 57344, PROT_READ|PROT_WRITE|PROT_EXEC) = 0
mmap2(0xaf90e000, 1100, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0xe) = 0xaf90e000
mmap2(0xaf90f000, 57764, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xaf90f000
close(3) = 0
mprotect(0xaf900000, 57344, PROT_READ|PROT_EXEC) = 0
getuid32() = 0
geteuid32() = 0
getgid32() = 2000
getegid32() = 2000
mprotect(0x8000, 77824, PROT_READ|PROT_EXEC) = 0
getuid32() = 0
geteuid32() = 0
getgid32() = 2000
getegid32() = 2000
lstat64(".", {st_mode=S_IFDIR|0755, st_size=0, ...}) = 0
brk(0) = 0x20000
brk(0x20000) = 0x20000
brk(0x22000) = 0x22000
open(".", O_RDONLY|O_LARGEFILE|O_DIRECTORY) = 3
getdents64(3, /* d_reclen == 0, problem here *//* 1 entries */, 4200) = 904
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40008000
mprotect(0x40008000, 4096, PROT_READ) = 0
fstat64(1, {st_mode=S_IFCHR|0600, st_rdev=makedev(136, 1), ...}) = 0
mprotect(0x40008000, 4096, PROT_READ|PROT_WRITE) = 0
mprotect(0x40008000, 4096, PROT_READ) = 0
ioctl(1, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon echo ...}) = 0
write(1, "config\n"..., 7config
) = 7
write(1, "efs\n"..., 4efs
) = 4
write(1, "sdcard\n"..., 7sdcard
) = 7
write(1, "acct\n"..., 5acct
) = 5
write(1, "mnt\n"..., 4mnt
) = 4
write(1, "d\n"..., 2d
) = 2
write(1, "etc\n"..., 4etc
) = 4
write(1, "default.prop\n"..., 13default.prop
) = 13
write(1, "dbdata\n"..., 7dbdata
) = 7
write(1, "cache\n"..., 6cache
) = 6
write(1, "init.smdkc110.rc\n"..., 17init.smdkc110.rc
) = 17
write(1, "lib\n"..., 4lib
) = 4
write(1, "usr\n"..., 4usr
) = 4
write(1, "data\n"..., 5data
) = 5
write(1, "res\n"..., 4res
) = 4
write(1, "modules\n"..., 8modules
) = 8
write(1, "sbin\n"..., 5sbin
) = 5
write(1, "bin\n"..., 4bin
) = 4
write(1, "init.goldfish.rc\n"..., 17init.goldfish.rc
) = 17
write(1, "sys\n"..., 4sys
) = 4
write(1, "init\n"..., 5init
) = 5
write(1, "init_samsung\n"..., 13init_samsung
) = 13
write(1, "recovery.rc\n"..., 12recovery.rc
) = 12
write(1, "dev\n"..., 4dev
) = 4
write(1, "init.rc\n"..., 8init.rc
) = 8
write(1, "voodoo\n"..., 7voodoo
) = 7
write(1, "fota.rc\n"..., 8fota.rc
) = 8
write(1, "lpm.rc\n"..., 7lpm.rc
) = 7
write(1, "proc\n"..., 5proc
) = 5
write(1, "system\n"..., 7system
) = 7
getdents64(3, 0x20018, 4200out of memory
) = 0
close(3) = 0
mprotect(0x40008000, 4096, PROT_READ|PROT_WRITE) = 0
mprotect(0x40008000, 4096, PROT_READ) = 0
munmap(0x40008000, 4096) = 0
exit_group(0) = ?
PS: Sorry if this was done before, i didn't found one easily.
Thanks! strace is a usefull debug tool!
bwt, i compiled strace (4.6) too
lovetide said:
Thanks! strace is a usefull debug tool!
bwt, i compiled strace (4.6) too
Click to expand...
Click to collapse
Hello, the link is now dead, do you recent version 4.6 or 4.7 statically linked?

[UTILITY] STrace 4.8 - Ultimate debugging utility now ported to Android !

about Strace
Android provides Logcat for tracing and debugging Apps , Logcat provides too short information and limited apps also programs has to support logcat or there wo'nt be any log ! this makes Android logcar be completely un-useful in large/advanced programs .
strace is a debugging utility to monitor a program system calls or signals it receives . strace is used while we want to find the reason a program crashes or finding out what causes a process not to work as expected .
strace is much more powerful than Android Logcat . unlike logcat , any process may be monitored by strace also there is no need to rewrite a program for support of strace
usage & downloading
I have ported strace to Android and it works without any bugs
download the lastest binary from this post , move it to /system/bin and set permissions to 755 .
strace has a lot of options you can find by running it using :
Code:
strace --help
most common functions are :
1- using strace to monitor a command :
Code:
strace echo hello
2- using strace to monitor an App/process :
Code:
strace -p 123
(123 is a example , use any other PID you wish )
here is an example of running strace with hello command :
Code:
ALIREZA | strace echo hello
execve("/system/xbin/echo", ["echo", "hello"], [/* 26 vars */]) = 0
mprotect(0x4005d000, 75164, PROT_READ|PROT_WRITE|PROT_EXEC) = 0
mprotect(0x4005d000, 77824, PROT_READ|PROT_EXEC) = 0
mprotect(0x40070000, 4096, PROT_READ) = 0
gettid() = 31648
set_tls(0x40080f6c, 0x40080f30, 0x40081068, 0x40, 0x40080f30) = 0
getpid() = 31648
sigaction(SIGILL, {0x40062ba1, [], SA_RESTART|SA_SIGINFO}, NULL, 0x397a4) = 0
sigaction(SIGABRT, {0x40062ba1, [], SA_RESTART|SA_SIGINFO}, NULL, 0x397a4) = 0
sigaction(SIGBUS, {0x40062ba1, [], SA_RESTART|SA_SIGINFO}, NULL, 0x397a4) = 0
sigaction(SIGFPE, {0x40062ba1, [], SA_RESTART|SA_SIGINFO}, NULL, 0x397a4) = 0
sigaction(SIGSEGV, {0x40062ba1, [], SA_RESTART|SA_SIGINFO}, NULL, 0x397a4) = 0
sigaction(SIGSTKFLT, {0x40062ba1, [], SA_RESTART|SA_SIGINFO}, NULL, 0x397a4) = 0
sigaction(SIGPIPE, {0x40062ba1, [], SA_RESTART|SA_SIGINFO}, NULL, 0x397a4) = 0
mprotect(0x8000, 500100, PROT_READ|PROT_WRITE|PROT_EXEC) = 0
stat64("/vendor/lib/libc.so", 0xbea736b8) = -1 ENOENT (No such file or directory)
stat64("/system/lib/libc.so", {st_mode=S_IFREG|0644, st_size=286596, ...}) = 0
open("/system/lib/libc.so", O_RDONLY) = 7
lseek(7, 0, SEEK_SET) = 0
read(7, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0\0\0\0\0004\0\0\0"..., 4096) = 4096
lseek(7, -8, SEEK_END) = 286588
read(7, "\1\0\0\0\0\0\0\0", 8) = 8
mmap2(NULL, 331776, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x400f7000
madvise(0x400f7000, 331776, 0xc /* MADV_??? */) = 0
mmap2(0x400f7000, 271932, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED, 7, 0) = 0x400f7000
madvise(0x400f7000, 271932, 0xc /* MADV_??? */) = 0
mprotect(0x400f7000, 274432, PROT_READ|PROT_WRITE|PROT_EXEC) = 0
mmap2(0x4013a000, 10344, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 7, 0x43) = 0x4013a000
madvise(0x4013a000, 10344, 0xc /* MADV_??? */) = 0
mmap2(0x4013d000, 45051, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x4013d000
madvise(0x4013d000, 45051, 0xc /* MADV_??? */) = 0
close(7) = 0
mprotect(0x400f7000, 274432, PROT_READ|PROT_EXEC) = 0
stat64("/vendor/lib/liblog.so", 0xbea736b8) = -1 ENOENT (No such file or directory)
stat64("/system/lib/liblog.so", {st_mode=S_IFREG|0644, st_size=13536, ...}) = 0
open("/system/lib/liblog.so", O_RDONLY) = 7
lseek(7, 0, SEEK_SET) = 0
read(7, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0\0\0\0\0004\0\0\0"..., 4096) = 4096
lseek(7, -8, SEEK_END) = 13528
read(7, "\1\0\0\0\0\0\0\0", 8) = 8
mmap2(NULL, 20480, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x4000d000
madvise(0x4000d000, 20480, 0xc /* MADV_??? */) = 0
mmap2(0x4000d000, 11235, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED, 7, 0) = 0x4000d000
madvise(0x4000d000, 11235, 0xc /* MADV_??? */) = 0
mprotect(0x4000d000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC) = 0
mmap2(0x40010000, 4116, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 7, 0x2) = 0x40010000
madvise(0x40010000, 4116, 0xc /* MADV_??? */) = 0
close(7) = 0
stat64("/vendor/lib/libstdc++.so", 0xbea73618) = -1 ENOENT (No such file or directory)
stat64("/system/lib/libstdc++.so", {st_mode=S_IFREG|0644, st_size=5336, ...}) = 0
open("/system/lib/libstdc++.so", O_RDONLY) = 7
lseek(7, 0, SEEK_SET) = 0
read(7, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0\0\0\0\0004\0\0\0"..., 4096) = 4096
lseek(7, -8, SEEK_END) = 5328
read(7, "\1\0\0\0\0\0\0\0", 8) = 8
mmap2(NULL, 12288, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40082000
madvise(0x40082000, 12288, 0xc /* MADV_??? */) = 0
mmap2(0x40082000, 2656, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED, 7, 0) = 0x40082000
madvise(0x40082000, 2656, 0xc /* MADV_??? */) = 0
mprotect(0x40082000, 4096, PROT_READ|PROT_WRITE|PROT_EXEC) = 0
mmap2(0x40083000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 7, 0) = 0x40083000
madvise(0x40083000, 4096, 0xc /* MADV_??? */) = 0
mmap2(0x40084000, 16, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x40084000
madvise(0x40084000, 16, 0xc /* MADV_??? */) = 0
close(7) = 0
mprotect(0x40082000, 4096, PROT_READ|PROT_EXEC) = 0
mprotect(0x40083000, 4096, PROT_READ) = 0
stat64("/vendor/lib/libm.so", 0xbea73618) = -1 ENOENT (No such file or directory)
stat64("/system/lib/libm.so", {st_mode=S_IFREG|0644, st_size=91288, ...}) = 0
open("/system/lib/libm.so", O_RDONLY) = 7
lseek(7, 0, SEEK_SET) = 0
read(7, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0\0\0\0\0004\0\0\0"..., 4096) = 4096
lseek(7, -8, SEEK_END) = 91280
read(7, "\1\0\0\0\0\0\0\0", 8) = 8
mmap2(NULL, 98304, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x400d8000
madvise(0x400d8000, 98304, 0xc /* MADV_??? */) = 0
mmap2(0x400d8000, 85924, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED, 7, 0) = 0x400d8000
madvise(0x400d8000, 85924, 0xc /* MADV_??? */) = 0
mprotect(0x400d8000, 86016, PROT_READ|PROT_WRITE|PROT_EXEC) = 0
mmap2(0x400ee000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 7, 0x15) = 0x400ee000
madvise(0x400ee000, 4096, 0xc /* MADV_??? */) = 0
mmap2(0x400ef000, 32, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x400ef000
madvise(0x400ef000, 32, 0xc /* MADV_??? */) = 0
close(7) = 0
mprotect(0x400d8000, 86016, PROT_READ|PROT_EXEC) = 0
mprotect(0x400ee000, 4096, PROT_READ) = 0
mprotect(0x4000d000, 12288, PROT_READ|PROT_EXEC) = 0
mprotect(0x40010000, 4096, PROT_READ) = 0
stat64("/vendor/lib/libcutils.so", 0xbea736b8) = -1 ENOENT (No such file or directory)
stat64("/system/lib/libcutils.so", {st_mode=S_IFREG|0644, st_size=63252, ...}) = 0
open("/system/lib/libcutils.so", O_RDONLY) = 7
lseek(7, 0, SEEK_SET) = 0
read(7, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0\0\0\0\0004\0\0\0"..., 4096) = 4096
lseek(7, -8, SEEK_END) = 63244
read(7, "\1\0\0\0\0\0\0\0", 8) = 8
mmap2(NULL, 126976, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40148000
madvise(0x40148000, 126976, 0xc /* MADV_??? */) = 0
mmap2(0x40148000, 58972, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED, 7, 0) = 0x40148000
madvise(0x40148000, 58972, 0xc /* MADV_??? */) = 0
mprotect(0x40148000, 61440, PROT_READ|PROT_WRITE|PROT_EXEC) = 0
mmap2(0x40157000, 4620, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 7, 0xe) = 0x40157000
madvise(0x40157000, 4620, 0xc /* MADV_??? */) = 0
mmap2(0x40159000, 57096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x40159000
madvise(0x40159000, 57096, 0xc /* MADV_??? */) = 0
close(7) = 0
mprotect(0x40148000, 61440, PROT_READ|PROT_EXEC) = 0
mprotect(0x40157000, 4096, PROT_READ) = 0
mprotect(0x8000, 503808, PROT_READ|PROT_EXEC) = 0
mmap2(NULL, 49152, PROT_READ, MAP_SHARED, 8, 0) = 0x400a4000
futex(0x40140734, FUTEX_WAKE_PRIVATE, 2147483647) = 0
open("/dev/urandom", O_RDONLY) = 7
read(7, "@\236", 4) = 4
close(7) = 0
clock_gettime(CLOCK_MONOTONIC, {29544, 299349465}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40167000
madvise(0x40167000, 4096, 0xc /* MADV_??? */) = 0
mprotect(0x40167000, 4096, PROT_READ) = 0
getuid32() = 0
brk(0) = 0xf0d000
brk(0xf0d000) = 0xf0d000
brk(0xf0e000) = 0xf0e000
write(1, "hello\n", 6hello
) = 6
mprotect(0x40167000, 4096, PROT_READ|PROT_WRITE) = 0
mprotect(0x40167000, 4096, PROT_READ) = 0
futex(0x4014072c, FUTEX_WAKE_PRIVATE, 2147483647) = 0
munmap(0x40167000, 4096) = 0
exit_group(0) = ?
and now lastest download link :
Download Strace 4.8 from here
license
strace is a free software, you may download source of strace from here
Only 4 downloads ?!
Segfault any attemp to use it!
Running on LG P500 (ARMv6) cm-10.2
OK, guess what? Already have it on /system/xbin and that does work.
Very nice tool/utility man.....
will try it to solve issues on my roms...
thanks man :good:
regards,
abhi922.
abhi922 said:
Very nice tool/utility man.....
will try it to solve issues on my roms...
thanks man :good:
regards,
abhi922.
Click to expand...
Click to collapse
Dido, I needed such a tool too.
Thanks
Would like to try it, but the download link requires me to sign up for an account. Can't you make this available some other way?
you dont need an account to download. Between the 2 ads is the download button
SVLAN said:
you dont need an account to download. Between the 2 ads is the download button
Click to expand...
Click to collapse
Thanks, I got it! I really hate these purposely misleading download sites.
Once i run strace -p 123 it will come back
Code:
strace: attach: ptrace(PTRACE_ATTACH, ...): Operation not permitted
SVLAN said:
Once i run strace -p 123 it will come back
Code:
strace: attach: ptrace(PTRACE_ATTACH, ...): Operation not permitted
Click to expand...
Click to collapse
I said :
(123 is a example , use any other PID you wish )
Click to expand...
Click to collapse
You must use the a valid PID , 123 is an example .
For getting PID of an APP/Process , use the this command in terminal :
Code:
ps | grep "abc"
instead of abc , write the process name you want ! for example :
Code:
ps | grep "com.android.acore"
then search for PID in the output and use it with strace !
SVLAN said:
Once i run strace -p 123 it will come back
Code:
strace: attach: ptrace(PTRACE_ATTACH, ...): Operation not permitted
Click to expand...
Click to collapse
You need to be root to attach to already running processes.
I also find the "-f" option useful for more complex executables (which fork new processes). "-o" to write the output to a file can be useful if there is much output.
@alireza7991
Can I use this in the tool in my signature please?
Lgrootnoob said:
@alireza7991
Can I use this in the tool in my signature please?
Click to expand...
Click to collapse
This is a free software , You must accept the GNU Public Licence v2 ( or higher ) terms ; after that , you are allowed to use it .
alireza7991 said:
This is a free software , You must accept the GNU Public Licence v2 ( or higher ) terms ; after that , you are allowed to use it .
Click to expand...
Click to collapse
Sweet!
Huh? It's a well-known, standard unix utility, being a part of Android distribution since Android 1.6 (although, only in debug builds)...
See https://android.googlesource.com/platform/external/strace/ (note all the branches on the left)
It's good to make people aware of it, though, as it's a very useful tool for debugging some kinds of issues.
tom3q said:
Huh? It's a well-known, standard unix utility, being a part of Android distribution since Android 1.6 (although, only in debug builds)...
See https://android.googlesource.com/platform/external/strace/ (note all the branches on the left)
It's good to make people aware of it, though, as it's a very useful tool for debugging some kinds of issues.
Click to expand...
Click to collapse
I haven't seen it, but its just in android sources and only in debug builds for debugging the android but This is a standalone build of latest STrace suitable for developers to debug their APPs . Developers will not download and compile whole android for just having a dynamicly linked strace .
Another thing , why most of you are saying its a well-known/popular linux utility ... , did I say it is not ????
Segfaults on Razr i (intel atom x86).
alireza7991 said:
I haven't seen it, but its just in android sources and only in debug builds for debugging the android but This is a standalone build of latest STrace suitable for developers to debug their APPs . Developers will not download and compile whole android for just having a dynamicly linked strace .
Another thing , why most of you are saying its a well-known/popular linux utility ... , did I say it is not ????
Click to expand...
Click to collapse
But that's something that's popular to do here, a lot of people download the sources and compile the ROMs they run from source. Additionally, this is probably included in every custom ROM out there. My CM10.2 install has the utility built in.
There's no need to be defensive, the RD that's replying to you is just providing links for more reading. The better informed the users of this site are, the more cool stuff we'll see in the future.
Thanks for your strace build!
r3tr0g4m3r said:
Segfaults on Razr i (intel atom x86).
Click to expand...
Click to collapse
This does not work on X86 based platforms.
There're quite a few blog posts on the net about compiling strace from source.
Eg. http://discuz-android.blogspot.com/2008/01/create-google-android-strace-tool.html
I've created a precompiled tgz package that you can extract into the root of your filesystem and it'll put strace into /data/local (i.e. /data/local/bin/strace).
http://muzso.hu/node/4869
I prefer my utilities in /data/local.

[Completed] [Q] Rooting Nobis (Digiin) NB7850S?

This tablet has a 7.85" 1024x768 screen, front and rear cameras. It's different from the other Nobis tablets with 7" or 9" screens. Staples has been selling tons of them. Quite a nice tablet with aluminum housing.
Here's a dump from CPU-Z http://valid.canardpc.com/a/p5fcu9
Galane said:
This tablet has a 7.85" 1024x768 screen, front and rear cameras. It's different from the other Nobis tablets with 7" or 9" screens. Staples has been selling tons of them. Quite a nice tablet with aluminum housing.
Here's a dump from CPU-Z http://valid.canardpc.com/a/p5fcu9
Click to expand...
Click to collapse
Sorry ... nothing found for your device on xda.
You can check the most popular/common rooting methods, e.g.:
How to Root Any Device
How To Root Any Android Device
[UNIVERSAL GUIDE] Root Any Android Device Manually !
Root any Android device (without pc n in one click)
[TOOL] Rootx 2.2 (Rev 3 )- Root almost all android devices
...
Good luck !
No dice so far. Nothing can find it through USB. Yes, I have USB Debugging enabled and unknown locations on too. Here's what USBview shows.
Code:
[Port1] : USB Composite Device
Device Power State: PowerDeviceD0
---===>Device Information<===---
English product name: "Android"
ConnectionStatus:
Current Config Value: 0x01 -> Device Bus Speed: High
Device Address: 0x02
Open Pipes: 5
===>Device Descriptor<===
bLength: 0x12
bDescriptorType: 0x01
bcdUSB: 0x0200
bDeviceClass: 0x00 -> This is an Interface Class Defined Device
bDeviceSubClass: 0x00
bDeviceProtocol: 0x00
bMaxPacketSize0: 0x40 = (64) Bytes
idVendor: 0x2922 = Vendor ID not listed with USB.org as of 02-15-2012
idProduct: 0x0007
bcdDevice: 0x0233
iManufacturer: 0x02
English (United States) "USB Developer"
iProduct: 0x03
English (United States) "Android"
iSerialNumber: 0x04
English (United States) "51804e43d4676840d08"
bNumConfigurations: 0x01
---===>Open Pipes<===---
===>Endpoint Descriptor<===
bLength: 0x07
bDescriptorType: 0x05
bEndpointAddress: 0x81 -> Direction: IN - EndpointID: 1
bmAttributes: 0x02 -> Bulk Transfer Type
wMaxPacketSize: 0x0200 = 0x200 max bytes
bInterval: 0x00
===>Endpoint Descriptor<===
bLength: 0x07
bDescriptorType: 0x05
bEndpointAddress: 0x01 -> Direction: OUT - EndpointID: 1
bmAttributes: 0x02 -> Bulk Transfer Type
wMaxPacketSize: 0x0200 = 0x200 max bytes
bInterval: 0x00
===>Endpoint Descriptor<===
bLength: 0x07
bDescriptorType: 0x05
bEndpointAddress: 0x84 -> Direction: IN - EndpointID: 4
bmAttributes: 0x03 -> Interrupt Transfer Type
wMaxPacketSize: 0x001C = 1 transactions per microframe, 0x1C max bytes
bInterval: 0x06
===>Endpoint Descriptor<===
bLength: 0x07
bDescriptorType: 0x05
bEndpointAddress: 0x82 -> Direction: IN - EndpointID: 2
bmAttributes: 0x02 -> Bulk Transfer Type
wMaxPacketSize: 0x0200 = 0x200 max bytes
bInterval: 0x00
===>Endpoint Descriptor<===
bLength: 0x07
bDescriptorType: 0x05
bEndpointAddress: 0x02 -> Direction: OUT - EndpointID: 2
bmAttributes: 0x02 -> Bulk Transfer Type
wMaxPacketSize: 0x0200 = 0x200 max bytes
bInterval: 0x00
---===>Full Configuration Descriptor<===---
===>Configuration Descriptor<===
bLength: 0x09
bDescriptorType: 0x02
wTotalLength: 0x003E -> Validated
bNumInterfaces: 0x02
bConfigurationValue: 0x01
iConfiguration: 0x00
bmAttributes: 0xC0 -> Self Powered
MaxPower: 0xFA = 500 mA
===>Interface Descriptor<===
bLength: 0x09
bDescriptorType: 0x04
bInterfaceNumber: 0x00
bAlternateSetting: 0x00
bNumEndpoints: 0x03
bInterfaceClass: 0xFF -> Interface Class Unknown to USBView
bInterfaceSubClass: 0xFF
bInterfaceProtocol: 0x00
iInterface: 0x05
English (United States) "MTP"
===>Endpoint Descriptor<===
bLength: 0x07
bDescriptorType: 0x05
bEndpointAddress: 0x81 -> Direction: IN - EndpointID: 1
bmAttributes: 0x02 -> Bulk Transfer Type
wMaxPacketSize: 0x0200 = 0x200 max bytes
bInterval: 0x00
===>Endpoint Descriptor<===
bLength: 0x07
bDescriptorType: 0x05
bEndpointAddress: 0x01 -> Direction: OUT - EndpointID: 1
bmAttributes: 0x02 -> Bulk Transfer Type
wMaxPacketSize: 0x0200 = 0x200 max bytes
bInterval: 0x00
===>Endpoint Descriptor<===
bLength: 0x07
bDescriptorType: 0x05
bEndpointAddress: 0x84 -> Direction: IN - EndpointID: 4
bmAttributes: 0x03 -> Interrupt Transfer Type
wMaxPacketSize: 0x001C = 1 transactions per microframe, 0x1C max bytes
bInterval: 0x06
===>Interface Descriptor<===
bLength: 0x09
bDescriptorType: 0x04
bInterfaceNumber: 0x01
bAlternateSetting: 0x00
bNumEndpoints: 0x02
bInterfaceClass: 0xFF -> Interface Class Unknown to USBView
bInterfaceSubClass: 0x42
bInterfaceProtocol: 0x01
iInterface: 0x00
===>Endpoint Descriptor<===
bLength: 0x07
bDescriptorType: 0x05
bEndpointAddress: 0x82 -> Direction: IN - EndpointID: 2
bmAttributes: 0x02 -> Bulk Transfer Type
wMaxPacketSize: 0x0200 = 0x200 max bytes
bInterval: 0x00
===>Endpoint Descriptor<===
bLength: 0x07
bDescriptorType: 0x05
bEndpointAddress: 0x02 -> Direction: OUT - EndpointID: 2
bmAttributes: 0x02 -> Bulk Transfer Type
wMaxPacketSize: 0x0200 = 0x200 max bytes
bInterval: 0x00
Galane said:
No dice so far. Nothing can find it through USB. Yes, I have USB Debugging enabled and unknown locations on too. Here's what USBview shows.
Code:
[Port1] : USB Composite Device
Device Power State: PowerDeviceD0
---===>Device Information<===---
English product name: "Android"
ConnectionStatus:
Current Config Value: 0x01 -> Device Bus Speed: High
Device Address: 0x02
Open Pipes: 5
===>Device Descriptor<===
bLength: 0x12
bDescriptorType: 0x01
bcdUSB: 0x0200
bDeviceClass: 0x00 -> This is an Interface Class Defined Device
bDeviceSubClass: 0x00
bDeviceProtocol: 0x00
bMaxPacketSize0: 0x40 = (64) Bytes
idVendor: 0x2922 = Vendor ID not listed with USB.org as of 02-15-2012
idProduct: 0x0007
bcdDevice: 0x0233
iManufacturer: 0x02
English (United States) "USB Developer"
iProduct: 0x03
English (United States) "Android"
iSerialNumber: 0x04
English (United States) "51804e43d4676840d08"
bNumConfigurations: 0x01
---===>Open Pipes<===---
===>Endpoint Descriptor<===
bLength: 0x07
bDescriptorType: 0x05
bEndpointAddress: 0x81 -> Direction: IN - EndpointID: 1
bmAttributes: 0x02 -> Bulk Transfer Type
wMaxPacketSize: 0x0200 = 0x200 max bytes
bInterval: 0x00
===>Endpoint Descriptor<===
bLength: 0x07
bDescriptorType: 0x05
bEndpointAddress: 0x01 -> Direction: OUT - EndpointID: 1
bmAttributes: 0x02 -> Bulk Transfer Type
wMaxPacketSize: 0x0200 = 0x200 max bytes
bInterval: 0x00
===>Endpoint Descriptor<===
bLength: 0x07
bDescriptorType: 0x05
bEndpointAddress: 0x84 -> Direction: IN - EndpointID: 4
bmAttributes: 0x03 -> Interrupt Transfer Type
wMaxPacketSize: 0x001C = 1 transactions per microframe, 0x1C max bytes
bInterval: 0x06
===>Endpoint Descriptor<===
bLength: 0x07
bDescriptorType: 0x05
bEndpointAddress: 0x82 -> Direction: IN - EndpointID: 2
bmAttributes: 0x02 -> Bulk Transfer Type
wMaxPacketSize: 0x0200 = 0x200 max bytes
bInterval: 0x00
===>Endpoint Descriptor<===
bLength: 0x07
bDescriptorType: 0x05
bEndpointAddress: 0x02 -> Direction: OUT - EndpointID: 2
bmAttributes: 0x02 -> Bulk Transfer Type
wMaxPacketSize: 0x0200 = 0x200 max bytes
bInterval: 0x00
---===>Full Configuration Descriptor<===---
===>Configuration Descriptor<===
bLength: 0x09
bDescriptorType: 0x02
wTotalLength: 0x003E -> Validated
bNumInterfaces: 0x02
bConfigurationValue: 0x01
iConfiguration: 0x00
bmAttributes: 0xC0 -> Self Powered
MaxPower: 0xFA = 500 mA
===>Interface Descriptor<===
bLength: 0x09
bDescriptorType: 0x04
bInterfaceNumber: 0x00
bAlternateSetting: 0x00
bNumEndpoints: 0x03
bInterfaceClass: 0xFF -> Interface Class Unknown to USBView
bInterfaceSubClass: 0xFF
bInterfaceProtocol: 0x00
iInterface: 0x05
English (United States) "MTP"
===>Endpoint Descriptor<===
bLength: 0x07
bDescriptorType: 0x05
bEndpointAddress: 0x81 -> Direction: IN - EndpointID: 1
bmAttributes: 0x02 -> Bulk Transfer Type
wMaxPacketSize: 0x0200 = 0x200 max bytes
bInterval: 0x00
===>Endpoint Descriptor<===
bLength: 0x07
bDescriptorType: 0x05
bEndpointAddress: 0x01 -> Direction: OUT - EndpointID: 1
bmAttributes: 0x02 -> Bulk Transfer Type
wMaxPacketSize: 0x0200 = 0x200 max bytes
bInterval: 0x00
===>Endpoint Descriptor<===
bLength: 0x07
bDescriptorType: 0x05
bEndpointAddress: 0x84 -> Direction: IN - EndpointID: 4
bmAttributes: 0x03 -> Interrupt Transfer Type
wMaxPacketSize: 0x001C = 1 transactions per microframe, 0x1C max bytes
bInterval: 0x06
===>Interface Descriptor<===
bLength: 0x09
bDescriptorType: 0x04
bInterfaceNumber: 0x01
bAlternateSetting: 0x00
bNumEndpoints: 0x02
bInterfaceClass: 0xFF -> Interface Class Unknown to USBView
bInterfaceSubClass: 0x42
bInterfaceProtocol: 0x01
iInterface: 0x00
===>Endpoint Descriptor<===
bLength: 0x07
bDescriptorType: 0x05
bEndpointAddress: 0x82 -> Direction: IN - EndpointID: 2
bmAttributes: 0x02 -> Bulk Transfer Type
wMaxPacketSize: 0x0200 = 0x200 max bytes
bInterval: 0x00
===>Endpoint Descriptor<===
bLength: 0x07
bDescriptorType: 0x05
bEndpointAddress: 0x02 -> Direction: OUT - EndpointID: 2
bmAttributes: 0x02 -> Bulk Transfer Type
wMaxPacketSize: 0x0200 = 0x200 max bytes
bInterval: 0x00
Click to expand...
Click to collapse
Sorry to hear this.
But you can ask in the General discussion > Questions and Answers forum. Maybe there someone has a good idea.
Thread closed and thank you.

[Q] Rooting Nobis (Digiin) NB7850S?

This is a 7.85" 1024x768 tablet running Android 4.4. That's 4.4.nothing. It's not the 7" or the 9" Nobis tablet. Staples has sold a bajillion of these nice aluminum cased tablets and so far it looks like nobody has done anything towards rooting this model. Web searches get "You *really* meant this *other* Nobis 7" or 9" tablet, right?" or "helpful" suggestions that I meant rooting some completely different Android device. (Web search engines are rapidly becoming nearly useless for finding obscure data.)
Tried framaroot 1.9.3, Cydia Impactor, RootX and TowelRoot. Negative result all around. Yes, I did have USB debugging and unknown locations checked on the tablet. Nothing can find it via ADB, even after installing the Android dev kit on x64 Win 7 and manually starting the ADB server.
CPU-Z dump http://valid.canardpc.com/a/p5fcu9
From USBview
Code:
[Port1] : USB Composite Device
Device Power State: PowerDeviceD0
---===>Device Information<===---
English product name: "Android"
ConnectionStatus:
Current Config Value: 0x01 -> Device Bus Speed: High
Device Address: 0x02
Open Pipes: 5
===>Device Descriptor<===
bLength: 0x12
bDescriptorType: 0x01
bcdUSB: 0x0200
bDeviceClass: 0x00 -> This is an Interface Class Defined Device
bDeviceSubClass: 0x00
bDeviceProtocol: 0x00
bMaxPacketSize0: 0x40 = (64) Bytes
idVendor: 0x2922 = Vendor ID not listed with USB.org as of 02-15-2012
idProduct: 0x0007
bcdDevice: 0x0233
iManufacturer: 0x02
English (United States) "USB Developer"
iProduct: 0x03
English (United States) "Android"
iSerialNumber: 0x04
English (United States) "51804e43d4676840d08"
bNumConfigurations: 0x01
---===>Open Pipes<===---
===>Endpoint Descriptor<===
bLength: 0x07
bDescriptorType: 0x05
bEndpointAddress: 0x81 -> Direction: IN - EndpointID: 1
bmAttributes: 0x02 -> Bulk Transfer Type
wMaxPacketSize: 0x0200 = 0x200 max bytes
bInterval: 0x00
===>Endpoint Descriptor<===
bLength: 0x07
bDescriptorType: 0x05
bEndpointAddress: 0x01 -> Direction: OUT - EndpointID: 1
bmAttributes: 0x02 -> Bulk Transfer Type
wMaxPacketSize: 0x0200 = 0x200 max bytes
bInterval: 0x00
===>Endpoint Descriptor<===
bLength: 0x07
bDescriptorType: 0x05
bEndpointAddress: 0x84 -> Direction: IN - EndpointID: 4
bmAttributes: 0x03 -> Interrupt Transfer Type
wMaxPacketSize: 0x001C = 1 transactions per microframe, 0x1C max bytes
bInterval: 0x06
===>Endpoint Descriptor<===
bLength: 0x07
bDescriptorType: 0x05
bEndpointAddress: 0x82 -> Direction: IN - EndpointID: 2
bmAttributes: 0x02 -> Bulk Transfer Type
wMaxPacketSize: 0x0200 = 0x200 max bytes
bInterval: 0x00
===>Endpoint Descriptor<===
bLength: 0x07
bDescriptorType: 0x05
bEndpointAddress: 0x02 -> Direction: OUT - EndpointID: 2
bmAttributes: 0x02 -> Bulk Transfer Type
wMaxPacketSize: 0x0200 = 0x200 max bytes
bInterval: 0x00
---===>Full Configuration Descriptor<===---
===>Configuration Descriptor<===
bLength: 0x09
bDescriptorType: 0x02
wTotalLength: 0x003E -> Validated
bNumInterfaces: 0x02
bConfigurationValue: 0x01
iConfiguration: 0x00
bmAttributes: 0xC0 -> Self Powered
MaxPower: 0xFA = 500 mA
===>Interface Descriptor<===
bLength: 0x09
bDescriptorType: 0x04
bInterfaceNumber: 0x00
bAlternateSetting: 0x00
bNumEndpoints: 0x03
bInterfaceClass: 0xFF -> Interface Class Unknown to USBView
bInterfaceSubClass: 0xFF
bInterfaceProtocol: 0x00
iInterface: 0x05
English (United States) "MTP"
===>Endpoint Descriptor<===
bLength: 0x07
bDescriptorType: 0x05
bEndpointAddress: 0x81 -> Direction: IN - EndpointID: 1
bmAttributes: 0x02 -> Bulk Transfer Type
wMaxPacketSize: 0x0200 = 0x200 max bytes
bInterval: 0x00
===>Endpoint Descriptor<===
bLength: 0x07
bDescriptorType: 0x05
bEndpointAddress: 0x01 -> Direction: OUT - EndpointID: 1
bmAttributes: 0x02 -> Bulk Transfer Type
wMaxPacketSize: 0x0200 = 0x200 max bytes
bInterval: 0x00
===>Endpoint Descriptor<===
bLength: 0x07
bDescriptorType: 0x05
bEndpointAddress: 0x84 -> Direction: IN - EndpointID: 4
bmAttributes: 0x03 -> Interrupt Transfer Type
wMaxPacketSize: 0x001C = 1 transactions per microframe, 0x1C max bytes
bInterval: 0x06
===>Interface Descriptor<===
bLength: 0x09
bDescriptorType: 0x04
bInterfaceNumber: 0x01
bAlternateSetting: 0x00
bNumEndpoints: 0x02
bInterfaceClass: 0xFF -> Interface Class Unknown to USBView
bInterfaceSubClass: 0x42
bInterfaceProtocol: 0x01
iInterface: 0x00
===>Endpoint Descriptor<===
bLength: 0x07
bDescriptorType: 0x05
bEndpointAddress: 0x82 -> Direction: IN - EndpointID: 2
bmAttributes: 0x02 -> Bulk Transfer Type
wMaxPacketSize: 0x0200 = 0x200 max bytes
bInterval: 0x00
===>Endpoint Descriptor<===
bLength: 0x07
bDescriptorType: 0x05
bEndpointAddress: 0x02 -> Direction: OUT - EndpointID: 2
bmAttributes: 0x02 -> Bulk Transfer Type
wMaxPacketSize: 0x0200 = 0x200 max bytes
bInterval: 0x00
If I can get a guarantee that I'll get the tablet back, I'll send it to someone to root it. Or I'll sell it at a good price. Such a shame that this sturdy, good performing and extremely plentiful tablet has been totally ignored by the Android dev and hacking community.

Possible solution for "ERROR: S_NOT_ENOUGH_STORAGE_SPACE (1011)"

ERROR: S_NOT_ENOUGH_STORAGE_SPACE (1011)
If you get an error "ERROR: S_NOT_ENOUGH_STORAGE_SPACE (1011)" while trying to flash the phone, try the following steps:
1) Make a complete (all checkboxes selected) memory test on the "Memory Test" tab, in my case the test produced the following data:
============ Memory Detection Report ===========
Internal RAM:
External RAM:
Type = DRAM
Size = 0x20000000 (512MB / 4096Mb)
NAND Flash:
ERROR: NAND Flash was not detected!
EMMC:
EMMC_PART_BOOT1 Size = 0x0000000000200000 (2MB)
EMMC_PART_BOOT2 Size = 0x0000000000200000 (2MB)
EMMC_PART_RPMB Size = 0x0000000000080000 (0MB)
EMMC_PART_GP1 Size = 0x0000000000000000 (0MB)
EMMC_PART_GP2 Size = 0x0000000000000000 (0MB)
EMMC_PART_GP3 Size = 0x0000000000000000 (0MB)
EMMC_PART_GP4 Size = 0x0000000000000000 (0MB)
EMMC_PART_USER Size = 0x00000000ec000000 (3776MB)
UFS:
ERROR: UFS was not detected!
============ RAM Test ============
Data Bus Test:
[D0]
[D1]
[D2]
[D3]
[D4]
[D5]
[D6]
[D7]
[D8]
[D9]
[D10]
[D11]
[D12]
[D13]
[D14]
[D15]
[D16]
[D17]
[D18]
[D19]
[D20]
[D21]
[D22]
[D23]
[D24]
[D25]
[D26]
[D27]
[D28]
[D29]
[D30]
[D31]
OK !!
Address Bus Test:
[A1]
[A2]
[A3]
[A4]
[A5]
[A6]
[A7]
[A8]
[A9]
[A10]
[A11]
[A12]
[A13]
[A14]
[A15]
[A16]
[A17]
[A18]
[A19]
[A20]
[A21]
[A22]
[A23]
[A24]
[A25]
[A26]
[A27]
[A28]
OK !!
RAM Pattern Test:
Writing ...
0x44332211,
0xA5A5A5A5,
0xA5A5A500,
0xA500A500,
0xA5000000,
0x00000000,
0xFFFF0000,
0xFFFFFFFF,
OK !!
Increment / Decrement Test:
Writing ...
OK !!
============================================
The line with the maximum address "EMMC_PART_USER Size = 0x00000000ec000000 (3776MB)" is important here, for correct understanding, the leading zeros are deleted by translating to the normal form "0xEC000000", if there are several blocks with start addresses greater than "0xEC000000" in the file "scatter" "SP Flash Tool" produces the message "ERROR: S_NOT_ENOUGH_STORAGE_SPACE (1011)" and does not allow to flash.
2) Open the file "scatter" in a text editor (preferably in Notepad ++) and look for all the blocks "partition_index:" with "linear_start_addr:" more than "0xEC000000" and remove these blocks, except the "partition_name: BMTPOOL" block if it is not deleted it is possible to restore IMEI through the engineering menu. In my case at the end of the "scatter" there were two blocks with addresses greater than "0xEC000000":
- partition_index: SYS21
partition_name: RSV_OTP
file_name: NONE
is_download: false
type: NONE
linear_start_addr: 0xFFFF0200
physical_start_addr: 0xFEFF0200
partition_size: 0x2B00000
region: EMMC_USER
storage: HW_STORAGE_EMMC
boundary_check: true
is_reserved: false
operation_type: INVISIBLE
reserve: 0x00
- partition_index: SYS22
partition_name: BMTPOOL
file_name: NONE
is_download: false
type: NONE
linear_start_addr: 0xFFFF00A8
physical_start_addr: 0xFFFF00A8
partition_size: 0x1500000
region: EMMC_USER
storage: HW_STORAGE_EMMC
boundary_check: false
is_reserved: true
operation_type: RESERVED
reserve: 0x00
=============================================
3) I only deleted the "partition_name: RSV_OTP" block (although I do not know what it is for), I saved the file, rebooted it in the "SP Flash Tool" and sewed it
(If necessary with the "Format All + Download" option selected). At me all was made, after the firmware at once it was loaded in "Recovery"
Made all the "Wipe" and rebooted, after the load, it rebuilt IMEI through the engineering menu, checked everything seems to work.
Special thanks to sterbin29 for the tip on the problem.

Categories

Resources