Database Info

Strace for Android

Everybody loves strace !
So am I, thats why I compiled a static one you can use on any Android or even.. any ARM Linux system
It's unmodified, compiled with buildroot.
Download it here:
http://project-voodoo.org/downloads/dev-tools/debug/strace.tar.gz
Sample output:
Code:
$ strace ls
execve("/system/bin/ls", ["ls"], [/* 13 vars */]) = 0
set_tls(0xb00182ec, 0, 0xbedd3d14, 0xc, 0xb000c448) = 0
getpid() = 6712
sigaction(SIGILL, {0xb0003441, [], SA_RESTART}, {SIG_DFL, , 0xb000c448) = 0
sigaction(SIGABRT, {0xb0003441, [], SA_RESTART}, {SIG_DFL, , 0) = 0
sigaction(SIGBUS, {0xb0003441, [], SA_RESTART}, {SIG_DFL, , 0) = 0
sigaction(SIGFPE, {0xb0003441, [], SA_RESTART}, {SIG_DFL, , 0) = 0
sigaction(SIGSEGV, {0xb0003441, [], SA_RESTART}, {SIG_DFL, , 0) = 0
sigaction(SIGSTKFLT, {0xb0003441, [], SA_RESTART}, {SIG_DFL, , 0) = 0
sigaction(SIGPIPE, {0xb0003441, [], SA_RESTART}, {SIG_DFL, , 0) = 0
getuid32() = 0
geteuid32() = 0
getgid32() = 2000
getegid32() = 2000
stat64("/system/lib/liblog.so", {st_mode=S_IFREG|0644, st_size=13524, ...}) = 0
open("/system/lib/liblog.so", O_RDONLY|O_LARGEFILE) = 3
lseek(3, 10, SEEK_SET) = 0
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\[email protected]\17\0\0004\0\0\0$"..., 4096) = 4096
lseek(3, 10, SEEK_END) = 13516
read(3, "\0\0\240\257PRE "..., 8) = 8
mmap2(0xafa00000, 16384, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xafa00000
mmap2(0xafa00000, 10716, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED, 3, 0) = 0xafa00000
mprotect(0xafa00000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC) = 0
mmap2(0xafa03000, 372, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0x3) = 0xafa03000
close(3) = 0
stat64("/system/lib/libc.so", {st_mode=S_IFREG|0644, st_size=278276, ...}) = 0
open("/system/lib/libc.so", O_RDONLY|O_LARGEFILE) = 3
lseek(3, 10, SEEK_SET) = 0
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0p\266\0\0004\0\0\0<"..., 4096) = 4096
lseek(3, 10, SEEK_END) = 278268
read(3, "\0\0\320\257PRE "..., 8) = 8
mmap2(0xafd00000, 323584, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xafd00000
mmap2(0xafd00000, 265380, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED, 3, 0) = 0xafd00000
mprotect(0xafd00000, 266240, PROT_READ|PROT_WRITE|PROT_EXEC) = 0
mmap2(0xafd41000, 10028, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0x41) = 0xafd41000
mmap2(0xafd44000, 43648, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xafd44000
close(3) = 0
mprotect(0xafd00000, 266240, PROT_READ|PROT_EXEC) = 0
getuid32() = 0
geteuid32() = 0
getgid32() = 2000
getegid32() = 2000
gettid() = 6712
set_tls(0xafd4a86c, 0xafd4a830, 0, 0x40, 0xafd42328) = 0
mmap2(NULL, 32768, PROT_READ, MAP_SHARED, 9, 0) = 0x40000000
open("/dev/urandom", O_RDONLY|O_LARGEFILE) = 3
read(3, "\301%\364\320"..., 4) = 4
close(3) = 0
stat64("/system/lib/libstdc++.so", {st_mode=S_IFREG|0644, st_size=5272, ...}) = 0
open("/system/lib/libstdc++.so", O_RDONLY|O_LARGEFILE) = 3
lseek(3, 10, SEEK_SET) = 0
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0X\10\0\0004\0\0\0\350"..., 4096) = 4096
lseek(3, 10, SEEK_END) = 5264
read(3, "\0\0\300\257PRE "..., 8) = 8
mmap2(0xafc00000, 8192, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xafc00000
mmap2(0xafc00000, 2864, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED, 3, 0) = 0xafc00000
mprotect(0xafc00000, 4096, PROT_READ|PROT_WRITE|PROT_EXEC) = 0
mmap2(0xafc01000, 232, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0x1) = 0xafc01000
close(3) = 0
mprotect(0xafc00000, 4096, PROT_READ|PROT_EXEC) = 0
getuid32() = 0
geteuid32() = 0
getgid32() = 2000
getegid32() = 2000
stat64("/system/lib/libm.so", {st_mode=S_IFREG|0644, st_size=91088, ...}) = 0
open("/system/lib/libm.so", O_RDONLY|O_LARGEFILE) = 3
lseek(3, 10, SEEK_SET) = 0
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0\250\34\0\0004\0\0\0p"..., 4096) = 4096
lseek(3, 10, SEEK_END) = 91080
read(3, "\0\0\260\257PRE "..., 8) = 8
mmap2(0xafb00000, 94208, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xafb00000
mmap2(0xafb00000, 87548, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED, 3, 0) = 0xafb00000
mprotect(0xafb00000, 90112, PROT_READ|PROT_WRITE|PROT_EXEC) = 0
mmap2(0xafb16000, 208, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0x16) = 0xafb16000
close(3) = 0
mprotect(0xafb00000, 90112, PROT_READ|PROT_EXEC) = 0
getuid32() = 0
geteuid32() = 0
getgid32() = 2000
getegid32() = 2000
mprotect(0xafa00000, 12288, PROT_READ|PROT_EXEC) = 0
getuid32() = 0
geteuid32() = 0
getgid32() = 2000
getegid32() = 2000
stat64("/system/lib/libcutils.so", {st_mode=S_IFREG|0644, st_size=59364, ...}) = 0
open("/system/lib/libcutils.so", O_RDONLY|O_LARGEFILE) = 3
lseek(3, 10, SEEK_SET) = 0
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0d1\0\0004\0\0\0\f"..., 4096) = 4096
lseek(3, 10, SEEK_END) = 59356
read(3, "\0\0\220\257PRE "..., 8) = 8
mmap2(0xaf900000, 122880, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xaf900000
mmap2(0xaf900000, 55296, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED, 3, 0) = 0xaf900000
mprotect(0xaf900000, 57344, PROT_READ|PROT_WRITE|PROT_EXEC) = 0
mmap2(0xaf90e000, 1100, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0xe) = 0xaf90e000
mmap2(0xaf90f000, 57764, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xaf90f000
close(3) = 0
mprotect(0xaf900000, 57344, PROT_READ|PROT_EXEC) = 0
getuid32() = 0
geteuid32() = 0
getgid32() = 2000
getegid32() = 2000
mprotect(0x8000, 77824, PROT_READ|PROT_EXEC) = 0
getuid32() = 0
geteuid32() = 0
getgid32() = 2000
getegid32() = 2000
lstat64(".", {st_mode=S_IFDIR|0755, st_size=0, ...}) = 0
brk(0) = 0x20000
brk(0x20000) = 0x20000
brk(0x22000) = 0x22000
open(".", O_RDONLY|O_LARGEFILE|O_DIRECTORY) = 3
getdents64(3, /* d_reclen == 0, problem here *//* 1 entries */, 4200) = 904
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40008000
mprotect(0x40008000, 4096, PROT_READ) = 0
fstat64(1, {st_mode=S_IFCHR|0600, st_rdev=makedev(136, 1), ...}) = 0
mprotect(0x40008000, 4096, PROT_READ|PROT_WRITE) = 0
mprotect(0x40008000, 4096, PROT_READ) = 0
ioctl(1, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon echo ...}) = 0
write(1, "config\n"..., 7config
) = 7
write(1, "efs\n"..., 4efs
) = 4
write(1, "sdcard\n"..., 7sdcard
) = 7
write(1, "acct\n"..., 5acct
) = 5
write(1, "mnt\n"..., 4mnt
) = 4
write(1, "d\n"..., 2d
) = 2
write(1, "etc\n"..., 4etc
) = 4
write(1, "default.prop\n"..., 13default.prop
) = 13
write(1, "dbdata\n"..., 7dbdata
) = 7
write(1, "cache\n"..., 6cache
) = 6
write(1, "init.smdkc110.rc\n"..., 17init.smdkc110.rc
) = 17
write(1, "lib\n"..., 4lib
) = 4
write(1, "usr\n"..., 4usr
) = 4
write(1, "data\n"..., 5data
) = 5
write(1, "res\n"..., 4res
) = 4
write(1, "modules\n"..., 8modules
) = 8
write(1, "sbin\n"..., 5sbin
) = 5
write(1, "bin\n"..., 4bin
) = 4
write(1, "init.goldfish.rc\n"..., 17init.goldfish.rc
) = 17
write(1, "sys\n"..., 4sys
) = 4
write(1, "init\n"..., 5init
) = 5
write(1, "init_samsung\n"..., 13init_samsung
) = 13
write(1, "recovery.rc\n"..., 12recovery.rc
) = 12
write(1, "dev\n"..., 4dev
) = 4
write(1, "init.rc\n"..., 8init.rc
) = 8
write(1, "voodoo\n"..., 7voodoo
) = 7
write(1, "fota.rc\n"..., 8fota.rc
) = 8
write(1, "lpm.rc\n"..., 7lpm.rc
) = 7
write(1, "proc\n"..., 5proc
) = 5
write(1, "system\n"..., 7system
) = 7
getdents64(3, 0x20018, 4200out of memory
) = 0
close(3) = 0
mprotect(0x40008000, 4096, PROT_READ|PROT_WRITE) = 0
mprotect(0x40008000, 4096, PROT_READ) = 0
munmap(0x40008000, 4096) = 0
exit_group(0) = ?
PS: Sorry if this was done before, i didn't found one easily.

Thanks! strace is a usefull debug tool!
bwt, i compiled strace (4.6) too

lovetide said:
Thanks! strace is a usefull debug tool!
bwt, i compiled strace (4.6) too
Click to expand...
Click to collapse
Hello, the link is now dead, do you recent version 4.6 or 4.7 statically linked?

[UTILITY] STrace 4.8 - Ultimate debugging utility now ported to Android !

about Strace
Android provides Logcat for tracing and debugging Apps , Logcat provides too short information and limited apps also programs has to support logcat or there wo'nt be any log ! this makes Android logcar be completely un-useful in large/advanced programs .
strace is a debugging utility to monitor a program system calls or signals it receives . strace is used while we want to find the reason a program crashes or finding out what causes a process not to work as expected .
strace is much more powerful than Android Logcat . unlike logcat , any process may be monitored by strace also there is no need to rewrite a program for support of strace
usage & downloading
I have ported strace to Android and it works without any bugs
download the lastest binary from this post , move it to /system/bin and set permissions to 755 .
strace has a lot of options you can find by running it using :
Code:
strace --help
most common functions are :
1- using strace to monitor a command :
Code:
strace echo hello
2- using strace to monitor an App/process :
Code:
strace -p 123
(123 is a example , use any other PID you wish )
here is an example of running strace with hello command :
Code:
ALIREZA | strace echo hello
execve("/system/xbin/echo", ["echo", "hello"], [/* 26 vars */]) = 0
mprotect(0x4005d000, 75164, PROT_READ|PROT_WRITE|PROT_EXEC) = 0
mprotect(0x4005d000, 77824, PROT_READ|PROT_EXEC) = 0
mprotect(0x40070000, 4096, PROT_READ) = 0
gettid() = 31648
set_tls(0x40080f6c, 0x40080f30, 0x40081068, 0x40, 0x40080f30) = 0
getpid() = 31648
sigaction(SIGILL, {0x40062ba1, [], SA_RESTART|SA_SIGINFO}, NULL, 0x397a4) = 0
sigaction(SIGABRT, {0x40062ba1, [], SA_RESTART|SA_SIGINFO}, NULL, 0x397a4) = 0
sigaction(SIGBUS, {0x40062ba1, [], SA_RESTART|SA_SIGINFO}, NULL, 0x397a4) = 0
sigaction(SIGFPE, {0x40062ba1, [], SA_RESTART|SA_SIGINFO}, NULL, 0x397a4) = 0
sigaction(SIGSEGV, {0x40062ba1, [], SA_RESTART|SA_SIGINFO}, NULL, 0x397a4) = 0
sigaction(SIGSTKFLT, {0x40062ba1, [], SA_RESTART|SA_SIGINFO}, NULL, 0x397a4) = 0
sigaction(SIGPIPE, {0x40062ba1, [], SA_RESTART|SA_SIGINFO}, NULL, 0x397a4) = 0
mprotect(0x8000, 500100, PROT_READ|PROT_WRITE|PROT_EXEC) = 0
stat64("/vendor/lib/libc.so", 0xbea736b8) = -1 ENOENT (No such file or directory)
stat64("/system/lib/libc.so", {st_mode=S_IFREG|0644, st_size=286596, ...}) = 0
open("/system/lib/libc.so", O_RDONLY) = 7
lseek(7, 0, SEEK_SET) = 0
read(7, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0\0\0\0\0004\0\0\0"..., 4096) = 4096
lseek(7, -8, SEEK_END) = 286588
read(7, "\1\0\0\0\0\0\0\0", 8) = 8
mmap2(NULL, 331776, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x400f7000
madvise(0x400f7000, 331776, 0xc /* MADV_??? */) = 0
mmap2(0x400f7000, 271932, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED, 7, 0) = 0x400f7000
madvise(0x400f7000, 271932, 0xc /* MADV_??? */) = 0
mprotect(0x400f7000, 274432, PROT_READ|PROT_WRITE|PROT_EXEC) = 0
mmap2(0x4013a000, 10344, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 7, 0x43) = 0x4013a000
madvise(0x4013a000, 10344, 0xc /* MADV_??? */) = 0
mmap2(0x4013d000, 45051, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x4013d000
madvise(0x4013d000, 45051, 0xc /* MADV_??? */) = 0
close(7) = 0
mprotect(0x400f7000, 274432, PROT_READ|PROT_EXEC) = 0
stat64("/vendor/lib/liblog.so", 0xbea736b8) = -1 ENOENT (No such file or directory)
stat64("/system/lib/liblog.so", {st_mode=S_IFREG|0644, st_size=13536, ...}) = 0
open("/system/lib/liblog.so", O_RDONLY) = 7
lseek(7, 0, SEEK_SET) = 0
read(7, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0\0\0\0\0004\0\0\0"..., 4096) = 4096
lseek(7, -8, SEEK_END) = 13528
read(7, "\1\0\0\0\0\0\0\0", 8) = 8
mmap2(NULL, 20480, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x4000d000
madvise(0x4000d000, 20480, 0xc /* MADV_??? */) = 0
mmap2(0x4000d000, 11235, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED, 7, 0) = 0x4000d000
madvise(0x4000d000, 11235, 0xc /* MADV_??? */) = 0
mprotect(0x4000d000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC) = 0
mmap2(0x40010000, 4116, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 7, 0x2) = 0x40010000
madvise(0x40010000, 4116, 0xc /* MADV_??? */) = 0
close(7) = 0
stat64("/vendor/lib/libstdc++.so", 0xbea73618) = -1 ENOENT (No such file or directory)
stat64("/system/lib/libstdc++.so", {st_mode=S_IFREG|0644, st_size=5336, ...}) = 0
open("/system/lib/libstdc++.so", O_RDONLY) = 7
lseek(7, 0, SEEK_SET) = 0
read(7, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0\0\0\0\0004\0\0\0"..., 4096) = 4096
lseek(7, -8, SEEK_END) = 5328
read(7, "\1\0\0\0\0\0\0\0", 8) = 8
mmap2(NULL, 12288, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40082000
madvise(0x40082000, 12288, 0xc /* MADV_??? */) = 0
mmap2(0x40082000, 2656, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED, 7, 0) = 0x40082000
madvise(0x40082000, 2656, 0xc /* MADV_??? */) = 0
mprotect(0x40082000, 4096, PROT_READ|PROT_WRITE|PROT_EXEC) = 0
mmap2(0x40083000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 7, 0) = 0x40083000
madvise(0x40083000, 4096, 0xc /* MADV_??? */) = 0
mmap2(0x40084000, 16, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x40084000
madvise(0x40084000, 16, 0xc /* MADV_??? */) = 0
close(7) = 0
mprotect(0x40082000, 4096, PROT_READ|PROT_EXEC) = 0
mprotect(0x40083000, 4096, PROT_READ) = 0
stat64("/vendor/lib/libm.so", 0xbea73618) = -1 ENOENT (No such file or directory)
stat64("/system/lib/libm.so", {st_mode=S_IFREG|0644, st_size=91288, ...}) = 0
open("/system/lib/libm.so", O_RDONLY) = 7
lseek(7, 0, SEEK_SET) = 0
read(7, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0\0\0\0\0004\0\0\0"..., 4096) = 4096
lseek(7, -8, SEEK_END) = 91280
read(7, "\1\0\0\0\0\0\0\0", 8) = 8
mmap2(NULL, 98304, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x400d8000
madvise(0x400d8000, 98304, 0xc /* MADV_??? */) = 0
mmap2(0x400d8000, 85924, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED, 7, 0) = 0x400d8000
madvise(0x400d8000, 85924, 0xc /* MADV_??? */) = 0
mprotect(0x400d8000, 86016, PROT_READ|PROT_WRITE|PROT_EXEC) = 0
mmap2(0x400ee000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 7, 0x15) = 0x400ee000
madvise(0x400ee000, 4096, 0xc /* MADV_??? */) = 0
mmap2(0x400ef000, 32, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x400ef000
madvise(0x400ef000, 32, 0xc /* MADV_??? */) = 0
close(7) = 0
mprotect(0x400d8000, 86016, PROT_READ|PROT_EXEC) = 0
mprotect(0x400ee000, 4096, PROT_READ) = 0
mprotect(0x4000d000, 12288, PROT_READ|PROT_EXEC) = 0
mprotect(0x40010000, 4096, PROT_READ) = 0
stat64("/vendor/lib/libcutils.so", 0xbea736b8) = -1 ENOENT (No such file or directory)
stat64("/system/lib/libcutils.so", {st_mode=S_IFREG|0644, st_size=63252, ...}) = 0
open("/system/lib/libcutils.so", O_RDONLY) = 7
lseek(7, 0, SEEK_SET) = 0
read(7, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0\0\0\0\0004\0\0\0"..., 4096) = 4096
lseek(7, -8, SEEK_END) = 63244
read(7, "\1\0\0\0\0\0\0\0", 8) = 8
mmap2(NULL, 126976, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40148000
madvise(0x40148000, 126976, 0xc /* MADV_??? */) = 0
mmap2(0x40148000, 58972, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED, 7, 0) = 0x40148000
madvise(0x40148000, 58972, 0xc /* MADV_??? */) = 0
mprotect(0x40148000, 61440, PROT_READ|PROT_WRITE|PROT_EXEC) = 0
mmap2(0x40157000, 4620, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 7, 0xe) = 0x40157000
madvise(0x40157000, 4620, 0xc /* MADV_??? */) = 0
mmap2(0x40159000, 57096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x40159000
madvise(0x40159000, 57096, 0xc /* MADV_??? */) = 0
close(7) = 0
mprotect(0x40148000, 61440, PROT_READ|PROT_EXEC) = 0
mprotect(0x40157000, 4096, PROT_READ) = 0
mprotect(0x8000, 503808, PROT_READ|PROT_EXEC) = 0
mmap2(NULL, 49152, PROT_READ, MAP_SHARED, 8, 0) = 0x400a4000
futex(0x40140734, FUTEX_WAKE_PRIVATE, 2147483647) = 0
open("/dev/urandom", O_RDONLY) = 7
read(7, "@\236", 4) = 4
close(7) = 0
clock_gettime(CLOCK_MONOTONIC, {29544, 299349465}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40167000
madvise(0x40167000, 4096, 0xc /* MADV_??? */) = 0
mprotect(0x40167000, 4096, PROT_READ) = 0
getuid32() = 0
brk(0) = 0xf0d000
brk(0xf0d000) = 0xf0d000
brk(0xf0e000) = 0xf0e000
write(1, "hello\n", 6hello
) = 6
mprotect(0x40167000, 4096, PROT_READ|PROT_WRITE) = 0
mprotect(0x40167000, 4096, PROT_READ) = 0
futex(0x4014072c, FUTEX_WAKE_PRIVATE, 2147483647) = 0
munmap(0x40167000, 4096) = 0
exit_group(0) = ?
and now lastest download link :
Download Strace 4.8 from here
license
strace is a free software, you may download source of strace from here

Only 4 downloads ?!

Segfault any attemp to use it!
Running on LG P500 (ARMv6) cm-10.2
OK, guess what? Already have it on /system/xbin and that does work.

Very nice tool/utility man.....
will try it to solve issues on my roms...
thanks man :good:
regards,
abhi922.

abhi922 said:
Very nice tool/utility man.....
will try it to solve issues on my roms...
thanks man :good:
regards,
abhi922.
Click to expand...
Click to collapse
Dido, I needed such a tool too.
Thanks

Would like to try it, but the download link requires me to sign up for an account. Can't you make this available some other way?

you dont need an account to download. Between the 2 ads is the download button

SVLAN said:
you dont need an account to download. Between the 2 ads is the download button
Click to expand...
Click to collapse
Thanks, I got it! I really hate these purposely misleading download sites.

Once i run strace -p 123 it will come back
Code:
strace: attach: ptrace(PTRACE_ATTACH, ...): Operation not permitted

SVLAN said:
Once i run strace -p 123 it will come back
Code:
strace: attach: ptrace(PTRACE_ATTACH, ...): Operation not permitted
Click to expand...
Click to collapse
I said :
(123 is a example , use any other PID you wish )
Click to expand...
Click to collapse
You must use the a valid PID , 123 is an example .
For getting PID of an APP/Process , use the this command in terminal :
Code:
ps | grep "abc"
instead of abc , write the process name you want ! for example :
Code:
ps | grep "com.android.acore"
then search for PID in the output and use it with strace !

SVLAN said:
Once i run strace -p 123 it will come back
Code:
strace: attach: ptrace(PTRACE_ATTACH, ...): Operation not permitted
Click to expand...
Click to collapse
You need to be root to attach to already running processes.
I also find the "-f" option useful for more complex executables (which fork new processes). "-o" to write the output to a file can be useful if there is much output.

@alireza7991
Can I use this in the tool in my signature please?

Lgrootnoob said:
@alireza7991
Can I use this in the tool in my signature please?
Click to expand...
Click to collapse
This is a free software , You must accept the GNU Public Licence v2 ( or higher ) terms ; after that , you are allowed to use it .

alireza7991 said:
This is a free software , You must accept the GNU Public Licence v2 ( or higher ) terms ; after that , you are allowed to use it .
Click to expand...
Click to collapse
Sweet!

Huh? It's a well-known, standard unix utility, being a part of Android distribution since Android 1.6 (although, only in debug builds)...
See https://android.googlesource.com/platform/external/strace/ (note all the branches on the left)
It's good to make people aware of it, though, as it's a very useful tool for debugging some kinds of issues.

tom3q said:
Huh? It's a well-known, standard unix utility, being a part of Android distribution since Android 1.6 (although, only in debug builds)...
See https://android.googlesource.com/platform/external/strace/ (note all the branches on the left)
It's good to make people aware of it, though, as it's a very useful tool for debugging some kinds of issues.
Click to expand...
Click to collapse
I haven't seen it, but its just in android sources and only in debug builds for debugging the android but This is a standalone build of latest STrace suitable for developers to debug their APPs . Developers will not download and compile whole android for just having a dynamicly linked strace .
Another thing , why most of you are saying its a well-known/popular linux utility ... , did I say it is not ????

Segfaults on Razr i (intel atom x86).

alireza7991 said:
I haven't seen it, but its just in android sources and only in debug builds for debugging the android but This is a standalone build of latest STrace suitable for developers to debug their APPs . Developers will not download and compile whole android for just having a dynamicly linked strace .
Another thing , why most of you are saying its a well-known/popular linux utility ... , did I say it is not ????
Click to expand...
Click to collapse
But that's something that's popular to do here, a lot of people download the sources and compile the ROMs they run from source. Additionally, this is probably included in every custom ROM out there. My CM10.2 install has the utility built in.
There's no need to be defensive, the RD that's replying to you is just providing links for more reading. The better informed the users of this site are, the more cool stuff we'll see in the future.
Thanks for your strace build!

r3tr0g4m3r said:
Segfaults on Razr i (intel atom x86).
Click to expand...
Click to collapse
This does not work on X86 based platforms.

There're quite a few blog posts on the net about compiling strace from source.
Eg. http://discuz-android.blogspot.com/2008/01/create-google-android-strace-tool.html
I've created a precompiled tgz package that you can extract into the root of your filesystem and it'll put strace into /data/local (i.e. /data/local/bin/strace).
http://muzso.hu/node/4869
I prefer my utilities in /data/local.

[DEV] [WIP] Kexec Hardboot Patch

- I have implemented a first cut of kexec hardboot patch for the Apollo and Thor Devices
- @Tasssadar created the excellent MultiROM
- I am working to provide support for our devices (Apollo and Thor) and as such this is first step
- The commit in my SlimLP kernel is here.
- This is the patch:
Code:
diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig
index 9468df5..a8b637a 100644
--- a/arch/arm/Kconfig
+++ b/arch/arm/Kconfig
@@ -2249,6 +2249,32 @@ config ATAGS_PROC
Should the atags used to boot the kernel be exported in an "atags"
file in procfs. Useful with kexec.
+config KEXEC_HARDBOOT
+ bool "Support hard booting to a kexec kernel"
+ depends on KEXEC
+ help
+ Allows hard booting (i.e., with a full hardware reboot) to a kernel
+ previously loaded in memory by kexec. This works around the problem of
+ soft-booted kernel hangs due to improper device shutdown and/or
+ reinitialization. Support is comprised of two components:
+
+ First, a "hardboot" flag is added to the kexec syscall to force a hard
+ reboot in relocate_new_kernel() (which requires machine-specific assembly
+ code). This also requires the kexec userspace tool to load the kexec'd
+ kernel in memory region left untouched by the bootloader (i.e., not
+ explicitly cleared and not overwritten by the boot kernel). Just prior
+ to reboot, the kexec kernel arguments are stashed in a machine-specific
+ memory page that must also be preserved. Note that this hardboot page
+ need not be reserved during regular kernel execution.
+
+ Second, the zImage decompresor of the boot (bootloader-loaded) kernel is
+ modified to check the hardboot page for fresh kexec arguments, and if
+ present, attempts to jump to the kexec'd kernel preserved in memory.
+
+ Note that hardboot support is only required in the boot kernel and any
+ kernel capable of performing a hardboot kexec. It is _not_ required by a
+ kexec'd kernel.
+
config CRASH_DUMP
bool "Build kdump crash kernel (EXPERIMENTAL)"
depends on EXPERIMENTAL
diff --git a/arch/arm/boot/compressed/head.S b/arch/arm/boot/compressed/head.S
index 64a6d6f..6c9d423 100644
--- a/arch/arm/boot/compressed/head.S
+++ b/arch/arm/boot/compressed/head.S
@@ -10,6 +10,13 @@
*/
#include <linux/linkage.h>
+ .arch armv7-a
+
+#ifdef CONFIG_KEXEC_HARDBOOT
+ #include <asm/kexec.h>
+ #include <asm/memory.h>
+#endif
+
/*
* Debugging stuff
*
@@ -135,6 +142,64 @@ start:
1: mov r7, r1 @ save architecture ID
mov r8, r2 @ save atags pointer
+#ifdef CONFIG_KEXEC_HARDBOOT
+ /* Check hardboot page for a kexec kernel. */
+ ldr r3, =KEXEC_HB_PAGE_ADDR
+ ldr r0, [r3]
+ ldr r1, =KEXEC_HB_PAGE_MAGIC
+ teq r0, r1
+ bne not_booting_other
+
+ /* Clear hardboot page magic to avoid boot loop. */
+ mov r0, #0
+ str r0, [r3]
+
+ /*
+ * Copy dtb from location up high in memory to default location.
+ * Kernel freezes if this is not done.
+ */
+ ldr r1, [r3, #12] @ kexec_boot_atags
+ ldr r2, [r3, #16] @ kexec_boot_atags_len
+ mov r5, #0 @ iterator
+catags_cpy:
+ ldr r0, [r1, r5] @ from kexec_boot_atags
+ str r0, [r8, r5] @ to atags_pointer
+ add r5, r5, #4
+ cmp r5, r2
+ blo catags_cpy
+
+#ifdef KEXEC_HB_KERNEL_LOC
+ /*
+ * Copy kernel from location up high in memory to location in first 128MB.
+ * Bootloader on hammerhead erases first 128MB of ram on reboot, so it can't
+ * be in there before reboot, but decompressing in location above 128MB takes
+ * a long time. This memcpy is much quicker, for some reason.
+ */
+ ldr r2, [r3, #4] @ kexec_start_address
+ ldr r4, [r3, #20] @ kexec_kernel_len
+ ldr r6, =KEXEC_HB_KERNEL_LOC @ target
+ mov r5, #0 @ iterator
+kernel_cpy:
+ ldr r0, [r2, r5] @ from kexec_start_address
+ str r0, [r6, r5] @ to KEXEC_HB_KERNEL_LOC
+ add r5, r5, #4
+ cmp r5, r4
+ blo kernel_cpy
+#else
+ ldr r6, [r3, #4] @ kexec_start_address
+#endif
+
+ /* set registers and boot kexecd' kernel */
+ mov r0, #0
+ ldr r1, [r3, #8] @ kexec_mach_type
+ mov r2, r8 @ atags pointer
+ mov pc, r6
+
+ .ltorg
+
+not_booting_other:
+#endif
+
#ifndef __ARM_ARCH_2__
/*
* Booting from Angel - need to enter SVC mode and disable
@@ -176,7 +241,19 @@ not_angel:
ldr r4, =zreladdr
#endif
- bl cache_on
+ /*
+ * Set up a page table only if it won't overwrite ourself.
+ * That means r4 < pc && r4 - 16k page directory > &_end.
+ * Given that r4 > &_end is most unfrequent, we add a rough
+ * additional 1MB of room for a possible appended DTB.
+ */
+ mov r0, pc
+ cmp r0, r4
+ ldrcc r0, LC0+32
+ addcc r0, r0, pc
+ cmpcc r4, r0
+ orrcc r4, r4, #1 @ remember we skipped cache_on
+ blcs cache_on
restart: adr r0, LC0
ldmia r0, {r1, r2, r3, r6, r10, r11, r12}
@@ -222,7 +299,7 @@ restart: adr r0, LC0
* r0 = delta
* r2 = BSS start
* r3 = BSS end
- * r4 = final kernel address
+ * r4 = final kernel address (possibly with LSB set)
* r5 = appended dtb size (still unknown)
* r6 = _edata
* r7 = architecture ID
@@ -270,6 +347,7 @@ restart: adr r0, LC0
*/
cmp r0, #1
sub r0, r4, #TEXT_OFFSET
+ bic r0, r0, #1
add r0, r0, #0x100
mov r1, r6
sub r2, sp, r6
@@ -316,12 +394,13 @@ dtb_check_done:
/*
* Check to see if we will overwrite ourselves.
- * r4 = final kernel address
+ * r4 = final kernel address (possibly with LSB set)
* r9 = size of decompressed image
* r10 = end of this image, including bss/stack/malloc space if non XIP
* We basically want:
* r4 - 16k page directory >= r10 -> OK
* r4 + image length <= address of wont_overwrite -> OK
+ * Note: the possible LSB in r4 is harmless here.
*/
add r10, r10, #16384
cmp r4, r10
@@ -369,7 +448,8 @@ dtb_check_done:
add sp, sp, r6
#endif
- bl cache_clean_flush
+ tst r4, #1
+ bleq cache_clean_flush
adr r0, BSYM(restart)
add r0, r0, r6
@@ -381,7 +461,7 @@ wont_overwrite:
* r0 = delta
* r2 = BSS start
* r3 = BSS end
- * r4 = kernel execution address
+ * r4 = kernel execution address (possibly with LSB set)
* r5 = appended dtb size (0 if not present)
* r7 = architecture ID
* r8 = atags pointer
@@ -444,6 +524,15 @@ not_relocated: mov r0, #0
cmp r2, r3
blo 1b
+ /*
+ * Did we skip the cache setup earlier?
+ * That is indicated by the LSB in r4.
+ * Do it now if so.
+ */
+ tst r4, #1
+ bic r4, r4, #1
+ blne cache_on
+
/*
* The C runtime environment should now be setup sufficiently.
* Set up some pointers, and start decompressing.
@@ -474,6 +563,7 @@ LC0: .word LC0 @ r1
.word _got_start @ r11
.word _got_end @ ip
.word .L_user_stack_end @ sp
+ .word _end - restart + 16384 + 1024*1024
.size LC0, . - LC0
#ifdef CONFIG_ARCH_RPC
@@ -510,6 +600,7 @@ cache_on: mov r3, #8 @ cache_on function
* to cover all 32bit address and cacheable and bufferable.
*/
__armv4_mpu_cache_on:
+ .arch armv4
mov r0, #0x3f @ 4G, the whole
mcr p15, 0, r0, c6, c7, 0 @ PR7 Area Setting
mcr p15, 0, r0, c6, c7, 1
@@ -614,13 +705,24 @@ __setup_mmu: sub r3, r4, #16384 @ Page directory size
mov pc, lr
ENDPROC(__setup_mmu)
[email protected] Enable unaligned access on v6, to allow better code generation
[email protected] for the decompressor C code:
+__armv6_mmu_cache_on:
+ mrc p15, 0, r0, c1, c0, 0 @ read SCTLR
+ bic r0, r0, #2 @ A (no unaligned access fault)
+ orr r0, r0, #1 << 22 @ U (v6 unaligned access model)
+ mcr p15, 0, r0, c1, c0, 0 @ write SCTLR
+ b __armv4_mmu_cache_on
+
__arm926ejs_mmu_cache_on:
#ifdef CONFIG_CPU_DCACHE_WRITETHROUGH
+ .arch armv5
mov r0, #4 @ put dcache in WT mode
mcr p15, 7, r0, c15, c0, 0
#endif
__armv4_mmu_cache_on:
+ .arch armv4
mov r12, lr
#ifdef CONFIG_MMU
mov r6, #CB_BITS | 0x12 @ U
@@ -641,6 +743,7 @@ __armv4_mmu_cache_on:
mov pc, r12
__armv7_mmu_cache_on:
+ .arch armv7-a
mov r12, lr
#ifdef CONFIG_MMU
mrc p15, 0, r11, c0, c1, 4 @ read ID_MMFR0
@@ -653,8 +756,12 @@ __armv7_mmu_cache_on:
mcrne p15, 0, r0, c8, c7, 0 @ flush I,D TLBs
#endif
mrc p15, 0, r0, c1, c0, 0 @ read control reg
+ bic r0, r0, #1 << 28 @ clear SCTLR.TRE
orr r0, r0, #0x5000 @ I-cache enable, RR cache replacement
orr r0, r0, #0x003c @ write buffer
+ bic r0, r0, #2 @ A (no unaligned access fault)
+ orr r0, r0, #1 << 22 @ U (v6 unaligned access model)
+ @ (needed for ARM1176)
#ifdef CONFIG_MMU
#ifdef CONFIG_CPU_ENDIAN_BE8
orr r0, r0, #1 << 25 @ big-endian page tables
@@ -687,6 +794,7 @@ __fa526_cache_on:
mov pc, r12
__arm6_mmu_cache_on:
+ .arch armv6
mov r12, lr
mov r6, #CB_BITS | 0x12 @ U
bl __setup_mmu
@@ -895,7 +1003,7 @@ proc_types:
.word 0x0007b000 @ ARMv6
.word 0x000ff000
- W(b) __armv4_mmu_cache_on
+ W(b) __armv6_mmu_cache_on
W(b) __armv4_mmu_cache_off
W(b) __armv6_mmu_cache_flush
@@ -1015,7 +1123,10 @@ cache_clean_flush:
mov r3, #16
b call_cache_fn
+ .arch armv4
__armv4_mpu_cache_flush:
+ tst r4, #1
+ movne pc, lr
mov r2, #1
mov r3, #0
mcr p15, 0, ip, c7, c6, 0 @ invalidate D cache
@@ -1033,6 +1144,8 @@ __armv4_mpu_cache_flush:
mov pc, lr
__fa526_cache_flush:
+ tst r4, #1
+ movne pc, lr
mov r1, #0
mcr p15, 0, r1, c7, c14, 0 @ clean and invalidate D cache
mcr p15, 0, r1, c7, c5, 0 @ flush I cache
@@ -1040,14 +1153,19 @@ __fa526_cache_flush:
mov pc, lr
__armv6_mmu_cache_flush:
+ .arch armv6
mov r1, #0
- mcr p15, 0, r1, c7, c14, 0 @ clean+invalidate D
+ tst r4, #1
+ mcreq p15, 0, r1, c7, c14, 0 @ clean+invalidate D
mcr p15, 0, r1, c7, c5, 0 @ invalidate I+BTB
- mcr p15, 0, r1, c7, c15, 0 @ clean+invalidate unified
+ mcreq p15, 0, r1, c7, c15, 0 @ clean+invalidate unified
mcr p15, 0, r1, c7, c10, 4 @ drain WB
mov pc, lr
+ .arch armv7-a
__armv7_mmu_cache_flush:
+ tst r4, #1
+ bne iflush
mrc p15, 0, r10, c0, c1, 5 @ read ID_MMFR1
tst r10, #0xf << 16 @ hierarchical cache (ARMv7)
mov r10, #0
@@ -1107,14 +1225,20 @@ iflush:
mcr p15, 0, r10, c7, c5, 4 @ ISB
mov pc, lr
+ .arch armv5
__armv5tej_mmu_cache_flush:
+ tst r4, #1
+ movne pc, lr
1: mrc p15, 0, r15, c7, c14, 3 @ test,clean,invalidate D cache
bne 1b
mcr p15, 0, r0, c7, c5, 0 @ flush I cache
mcr p15, 0, r0, c7, c10, 4 @ drain WB
mov pc, lr
+ .arch armv4
__armv4_mmu_cache_flush:
+ tst r4, #1
+ movne pc, lr
mov r2, #64*1024 @ default: 32K dcache size (*2)
mov r11, #32 @ default: 32 byte line size
mrc p15, 0, r3, c0, c0, 1 @ read cache type
@@ -1148,10 +1272,14 @@ no_cache_id:
__armv3_mmu_cache_flush:
__armv3_mpu_cache_flush:
+ tst r4, #1
+ movne pc, lr
mov r1, #0
mcr p15, 0, r1, c7, c0, 0 @ invalidate whole cache v3
mov pc, lr
+ .arch armv4
+
/*
* Various debugging routines for printing hex characters and
* memory, which again must be relocatable.
diff --git a/arch/arm/configs/apollo-android_defconfig b/arch/arm/configs/apollo-android_defconfig
index 4f143ea..1d498b6 100644
--- a/arch/arm/configs/apollo-android_defconfig
+++ b/arch/arm/configs/apollo-android_defconfig
@@ -674,7 +674,8 @@ CONFIG_ZBOOT_ROM_BSS=0
# CONFIG_ARM_APPENDED_DTB is not set
CONFIG_CMDLINE=""
# CONFIG_XIP_KERNEL is not set
-# CONFIG_KEXEC is not set
+CONFIG_KEXEC=y
+CONFIG_KEXEC_HARDBOOT=y
# CONFIG_CRASH_DUMP is not set
# CONFIG_AUTO_ZRELADDR is not set
diff --git a/arch/arm/include/asm/kexec.h b/arch/arm/include/asm/kexec.h
index c2b9b4b..564c55b 100644
--- a/arch/arm/include/asm/kexec.h
+++ b/arch/arm/include/asm/kexec.h
@@ -17,6 +17,10 @@
#define KEXEC_ARM_ATAGS_OFFSET 0x1000
#define KEXEC_ARM_ZIMAGE_OFFSET 0x8000
+#ifdef CONFIG_KEXEC_HARDBOOT
+ #define KEXEC_HB_PAGE_MAGIC 0x4a5db007
+#endif
+
#ifndef __ASSEMBLY__
/**
@@ -53,6 +57,10 @@ static inline void crash_setup_regs(struct pt_regs *newregs,
/* Function pointer to optional machine-specific reinitialization */
extern void (*kexec_reinit)(void);
+#ifdef CONFIG_KEXEC_HARDBOOT
+extern void (*kexec_hardboot_hook)(void);
+#endif
+
#endif /* __ASSEMBLY__ */
#endif /* CONFIG_KEXEC */
diff --git a/arch/arm/kernel/machine_kexec.c b/arch/arm/kernel/machine_kexec.c
index c355aeb..29cdd2f 100644
--- a/arch/arm/kernel/machine_kexec.c
+++ b/arch/arm/kernel/machine_kexec.c
@@ -14,6 +14,9 @@
#include <asm/cacheflush.h>
#include <asm/mach-types.h>
#include <asm/system_misc.h>
+#include <linux/memblock.h>
+#include <linux/of_fdt.h>
+#include <asm/mmu_writeable.h>
extern const unsigned char relocate_new_kernel[];
extern const unsigned int relocate_new_kernel_size;
@@ -22,6 +25,12 @@ extern unsigned long kexec_start_address;
extern unsigned long kexec_indirection_page;
extern unsigned long kexec_mach_type;
extern unsigned long kexec_boot_atags;
+#ifdef CONFIG_KEXEC_HARDBOOT
+extern unsigned long kexec_hardboot;
+extern unsigned long kexec_boot_atags_len;
+extern unsigned long kexec_kernel_len;
+void (*kexec_hardboot_hook)(void);
+#endif
static atomic_t waiting_for_crash_ipi;
@@ -32,6 +41,37 @@ static atomic_t waiting_for_crash_ipi;
int machine_kexec_prepare(struct kimage *image)
{
+ struct kexec_segment *current_segment;
+ __be32 header;
+ int i, err;
+
+ /* No segment at default ATAGs address. try to locate
+ * a dtb using magic */
+ for (i = 0; i < image->nr_segments; i++) {
+ current_segment = &image->segment[i];
+
+ err = memblock_is_region_memory(current_segment->mem,
+ current_segment->memsz);
+ if (!err)
+ return - EINVAL;
+
+#ifdef CONFIG_KEXEC_HARDBOOT
+ if(current_segment->mem == image->start)
+ mem_text_write_kernel_word(&kexec_kernel_len, current_segment->memsz);
+#endif
+
+ err = get_user(header, (__be32*)current_segment->buf);
+ if (err)
+ return err;
+
+ if (be32_to_cpu(header) == OF_DT_HEADER)
+ {
+ mem_text_write_kernel_word(&kexec_boot_atags, current_segment->mem);
+#ifdef CONFIG_KEXEC_HARDBOOT
+ mem_text_write_kernel_word(&kexec_boot_atags_len, current_segment->memsz);
+#endif
+ }
+ }
return 0;
}
@@ -110,7 +150,10 @@ void machine_kexec(struct kimage *image)
unsigned long reboot_code_buffer_phys;
void *reboot_code_buffer;
- arch_kexec();
+ if (num_online_cpus() > 1) {
+ pr_err("kexec: error: multiple CPUs still online\n");
+ return;
+ }
page_list = image->head & PAGE_MASK;
@@ -120,10 +163,14 @@ void machine_kexec(struct kimage *image)
reboot_code_buffer = page_address(image->control_code_page);
/* Prepare parameters for reboot_code_buffer*/
- kexec_start_address = image->start;
- kexec_indirection_page = page_list;
- kexec_mach_type = machine_arch_type;
- kexec_boot_atags = image->start - KEXEC_ARM_ZIMAGE_OFFSET + KEXEC_ARM_ATAGS_OFFSET;
+ mem_text_write_kernel_word(&kexec_start_address, image->start);
+ mem_text_write_kernel_word(&kexec_indirection_page, page_list);
+ mem_text_write_kernel_word(&kexec_mach_type, machine_arch_type);
+ if (!kexec_boot_atags)
+ mem_text_write_kernel_word(&kexec_boot_atags, image->start - KEXEC_ARM_ZIMAGE_OFFSET + KEXEC_ARM_ATAGS_OFFSET);
+#ifdef CONFIG_KEXEC_HARDBOOT
+ mem_text_write_kernel_word(&kexec_hardboot, image->hardboot);
+#endif
/* copy our kernel relocation code to the control code page */
memcpy(reboot_code_buffer,
@@ -137,5 +184,18 @@ void machine_kexec(struct kimage *image)
if (kexec_reinit)
kexec_reinit();
+#ifdef CONFIG_KEXEC_HARDBOOT
+ /* Run any final machine-specific shutdown code. */
+ if (image->hardboot && kexec_hardboot_hook)
+ kexec_hardboot_hook();
+#endif
+
soft_restart(reboot_code_buffer_phys);
}
+
+void arch_crash_save_vmcoreinfo(void)
+{
+#ifdef CONFIG_ARM_LPAE
+ VMCOREINFO_CONFIG(ARM_LPAE);
+#endif
+}
diff --git a/arch/arm/kernel/relocate_kernel.S b/arch/arm/kernel/relocate_kernel.S
index d0cdedf..0e45ffc 100644
--- a/arch/arm/kernel/relocate_kernel.S
+++ b/arch/arm/kernel/relocate_kernel.S
@@ -4,6 +4,15 @@
#include <asm/kexec.h>
+#ifdef CONFIG_KEXEC_HARDBOOT
+#include <asm/memory.h>
+#if defined(CONFIG_ARCH_TEGRA_2x_SOC) || defined(CONFIG_ARCH_TEGRA_3x_SOC)
+ #include <mach/iomap.h>
+#elif defined(CONFIG_ARCH_APQ8064) || defined(CONFIG_ARCH_MSM8974)
+ #include <mach/msm_iomap.h>
+#endif
+#endif
+
.globl relocate_new_kernel
relocate_new_kernel:
@@ -52,6 +61,12 @@ relocate_new_kernel:
b 0b
2:
+#ifdef CONFIG_KEXEC_HARDBOOT
+ ldr r0, kexec_hardboot
+ teq r0, #0
+ bne hardboot
+#endif
+
/* Jump to relocated kernel */
mov lr,r1
mov r0,#0
@@ -60,6 +75,52 @@ relocate_new_kernel:
ARM( mov pc, lr )
THUMB( bx lr )
+#ifdef CONFIG_KEXEC_HARDBOOT
+hardboot:
+ /* Stash boot arguments in hardboot page:
+ * 0: KEXEC_HB_PAGE_MAGIC
+ * 4: kexec_start_address
+ * 8: kexec_mach_type
+ * 12: kexec_boot_atags
+ * 16: kexec_boot_atags_len
+ * 20: kexec_kernel_len */
+ ldr r0, =KEXEC_HB_PAGE_ADDR
+ str r1, [r0, #4]
+ ldr r1, kexec_mach_type
+ str r1, [r0, #8]
+ ldr r1, kexec_boot_atags
+ str r1, [r0, #12]
+ ldr r1, kexec_boot_atags_len
+ str r1, [r0, #16]
+ ldr r1, kexec_kernel_len
+ str r1, [r0, #20]
+ ldr r1, =KEXEC_HB_PAGE_MAGIC
+ str r1, [r0]
+
+#if defined(CONFIG_ARCH_TEGRA_2x_SOC) || defined(CONFIG_ARCH_TEGRA_3x_SOC)
+ ldr r0, =TEGRA_PMC_BASE
+ ldr r1, [r0]
+ orr r1, r1, #0x10
+ str r1, [r0]
+loop: b loop
+#elif defined(CONFIG_ARCH_APQ8064)
+ /* Restart using the PMIC chip, see mach-msm/restart.c */
+ ldr r0, =APQ8064_TLMM_PHYS
+ mov r1, #0
+ str r1, [r0, #0x820] @ PSHOLD_CTL_SU
+loop: b loop
+#elif defined(CONFIG_ARCH_MSM8974)
+ /* Restart using the PMIC chip, see mach-msm/restart.c */
+ ldr r0, =MSM8974_MPM2_PSHOLD_PHYS
+ mov r1, #0
+ str r1, [r0, #0]
+loop: b loop
+#else
+#error "No reboot method defined for hardboot."
+#endif
+
+ .ltorg
+#endif
.align
.globl kexec_start_address
@@ -79,6 +140,20 @@ kexec_mach_type:
kexec_boot_atags:
.long 0x0
+#ifdef CONFIG_KEXEC_HARDBOOT
+ .globl kexec_boot_atags_len
+kexec_boot_atags_len:
+ .long 0x0
+
+ .globl kexec_kernel_len
+kexec_kernel_len:
+ .long 0x0
+
+ .globl kexec_hardboot
+kexec_hardboot:
+ .long 0x0
+#endif
+
relocate_new_kernel_end:
.globl relocate_new_kernel_size
diff --git a/arch/arm/mach-msm/board-8974.c b/arch/arm/mach-msm/board-8974.c
index 6d52ccc..21b40dd 100644
--- a/arch/arm/mach-msm/board-8974.c
+++ b/arch/arm/mach-msm/board-8974.c
@@ -52,6 +52,13 @@
#include "amzn_ram_console.h"
#endif
+#ifdef CONFIG_KEXEC_HARDBOOT
+#include <asm/setup.h>
+#include <asm/memory.h>
+#include <linux/memblock.h>
+#define HDX_PERSISTENT_RAM_SIZE (SZ_1M)
+#endif
+
#if defined(CONFIG_ARCH_MSM8974_THOR) || defined(CONFIG_ARCH_MSM8974_APOLLO)
enum WLANBT_STATUS {
WLANOFF_BTOFF = 1,
@@ -84,12 +91,35 @@ static struct reserve_info msm8974_reserve_info __initdata = {
void __init msm_8974_reserve(void)
{
+#ifdef CONFIG_KEXEC_HARDBOOT
+ // Reserve space for hardboot page - just after ram_console,
+ // at the start of second memory bank
+ int ret;
+ phys_addr_t start;
+ struct membank* bank;
+#endif
+
reserve_info = &msm8974_reserve_info;
of_scan_flat_dt(dt_scan_for_memory_reserve, msm8974_reserve_table);
msm_reserve();
#if defined(CONFIG_AMZN_RAM_CONSOLE) && (defined(CONFIG_ARCH_MSM8974_THOR) || defined(CONFIG_ARCH_MSM8974_APOLLO))
amzn_ram_console_init(AMZN_RAM_CONSOLE_START_DEFAULT, AMZN_RAM_CONSOLE_SIZE_DEFAULT);
#endif
+
+#ifdef CONFIG_KEXEC_HARDBOOT
+ if (meminfo.nr_banks < 2) {
+ pr_err("%s: not enough membank\n", __func__);
+ return;
+ }
+
+ bank = &meminfo.bank[1];
+ start = bank->start + SZ_1M + HDX_PERSISTENT_RAM_SIZE;
+ ret = memblock_remove(start, SZ_1M);
+ if(!ret)
+ pr_info("Hardboot page reserved at 0x%X\n", start);
+ else
+ pr_err("Failed to reserve space for hardboot page at 0x%X!\n", start);
+#endif
}
static void __init msm8974_early_memory(void)
diff --git a/arch/arm/mach-msm/include/mach/memory.h b/arch/arm/mach-msm/include/mach/memory.h
index 6119a3c..abe4882 100644
--- a/arch/arm/mach-msm/include/mach/memory.h
+++ b/arch/arm/mach-msm/include/mach/memory.h
@@ -20,6 +20,15 @@
/* physical offset of RAM */
#define PLAT_PHYS_OFFSET UL(CONFIG_PHYS_OFFSET)
+#if defined(CONFIG_KEXEC_HARDBOOT)
+#if defined(CONFIG_ARCH_MSM8974_THOR) || defined(CONFIG_ARCH_MSM8974_APOLLO)
+#define KEXEC_HB_PAGE_ADDR UL(0x2F600000)
+#define KEXEC_HB_KERNEL_LOC UL(0x3208000)
+#else
+#error "Adress for kexec hardboot page not defined"
+#endif
+#endif
+
#define MAX_PHYSMEM_BITS 32
#define SECTION_SIZE_BITS 28
diff --git a/arch/arm/mach-msm/restart.c b/arch/arm/mach-msm/restart.c
index a96b02f..da157a4 100644
--- a/arch/arm/mach-msm/restart.c
+++ b/arch/arm/mach-msm/restart.c
@@ -38,6 +38,10 @@
#include "timer.h"
#include "wdog_debug.h"
+#ifdef CONFIG_KEXEC_HARDBOOT
+#include <asm/kexec.h>
+#endif
+
#define WDT0_RST 0x38
#define WDT0_EN 0x40
#define WDT0_BARK_TIME 0x4C
@@ -351,6 +355,26 @@ static int __init msm_pmic_restart_init(void)
late_initcall(msm_pmic_restart_init);
+#ifdef CONFIG_KEXEC_HARDBOOT
+static void msm_kexec_hardboot_hook(void)
+{
+ set_dload_mode(0);
+
+ // Set PMIC to restart-on-poweroff
+ pm8xxx_reset_pwr_off(1);
+
+ // These are executed on normal reboot, but with kexec-hardboot,
+ // they reboot/panic the system immediately.
+#if 0
+ qpnp_pon_system_pwr_off(PON_POWER_OFF_WARM_RESET);
+
+ /* Needed to bypass debug image on some chips */
+ msm_disable_wdog_debug();
+ halt_spmi_pmic_arbiter();
+#endif
+}
+#endif
+
static int __init msm_restart_init(void)
{
#ifdef CONFIG_MSM_DLOAD_MODE
@@ -367,6 +391,10 @@ static int __init msm_restart_init(void)
if (scm_is_call_available(SCM_SVC_PWR, SCM_IO_DISABLE_PMIC_ARBITER) > 0)
scm_pmic_arbiter_disable_supported = true;
+#ifdef CONFIG_KEXEC_HARDBOOT
+ kexec_hardboot_hook = msm_kexec_hardboot_hook;
+#endif
+
return 0;
}
early_initcall(msm_restart_init);
diff --git a/include/linux/kexec.h b/include/linux/kexec.h
index af84a25..a4509ad 100644
--- a/include/linux/kexec.h
+++ b/include/linux/kexec.h
@@ -111,6 +111,10 @@ struct kimage {
#define KEXEC_TYPE_CRASH 1
unsigned int preserve_context : 1;
+#ifdef CONFIG_KEXEC_HARDBOOT
+ unsigned int hardboot : 1;
+#endif
+
#ifdef ARCH_HAS_KIMAGE_ARCH
struct kimage_arch arch;
#endif
@@ -178,6 +182,11 @@ extern struct kimage *kexec_crash_image;
#define KEXEC_ON_CRASH 0x00000001
#define KEXEC_PRESERVE_CONTEXT 0x00000002
+
+#ifdef CONFIG_KEXEC_HARDBOOT
+#define KEXEC_HARDBOOT 0x00000004
+#endif
+
#define KEXEC_ARCH_MASK 0xffff0000
/* These values match the ELF architecture values.
@@ -196,10 +205,14 @@ extern struct kimage *kexec_crash_image;
#define KEXEC_ARCH_MIPS ( 8 << 16)
/* List of defined/legal kexec flags */
-#ifndef CONFIG_KEXEC_JUMP
-#define KEXEC_FLAGS KEXEC_ON_CRASH
-#else
+#if defined(CONFIG_KEXEC_JUMP) && defined(CONFIG_KEXEC_HARDBOOT)
+#define KEXEC_FLAGS (KEXEC_ON_CRASH | KEXEC_PRESERVE_CONTEXT | KEXEC_HARDBOOT)
+#elif defined(CONFIG_KEXEC_JUMP)
#define KEXEC_FLAGS (KEXEC_ON_CRASH | KEXEC_PRESERVE_CONTEXT)
+#elif defined(CONFIG_KEXEC_HARDBOOT)
+#define KEXEC_FLAGS (KEXEC_ON_CRASH | KEXEC_HARDBOOT)
+#else
+#define KEXEC_FLAGS (KEXEC_ON_CRASH)
#endif
#define VMCOREINFO_BYTES (4096)
diff --git a/kernel/kexec.c b/kernel/kexec.c
index 4e2e472..aef7893 100644
--- a/kernel/kexec.c
+++ b/kernel/kexec.c
@@ -1004,6 +1004,10 @@ SYSCALL_DEFINE4(kexec_load, unsigned long, entry, unsigned long, nr_segments,
if (flags & KEXEC_PRESERVE_CONTEXT)
image->preserve_context = 1;
+#ifdef CONFIG_KEXEC_HARDBOOT
+ if (flags & KEXEC_HARDBOOT)
+ image->hardboot = 1;
+#endif
result = machine_kexec_prepare(image);
if (result)
goto out;

MultiROM Recovery Image Running
- See attached screenshot
- The recovery.img output was exceeding the recovery partition size
- I resolved this by compressing the kernel with xz reducing the output size by ~300KB...
- and have switched the recovery ramdisk to be compressed with lzma further reducing the output size by ~2MB
- That's one more step further

Possible Samsung Unlock method through RIL_OEM_HOOK_RAW?

Hello,
I was looking into CSC.apk today when this caught my eye
CscModemSettingService.java
Notice updateLockInfo and addLockInfo
Code:
/*
* Decompiled with CFR 0_110.
*
* Could not load the following classes:
* android.app.Service
* android.content.Context
* android.content.Intent
* android.content.SharedPreferences
* android.content.SharedPreferences$Editor
* android.os.Bundle
* android.os.Handler
* android.os.IBinder
* android.os.Message
* android.os.SystemProperties
* android.util.Log
* com.samsung.android.sec_platform_library.FactoryPhone
* com.samsung.android.sec_platform_library.PacketBuilder
* java.io.File
* java.lang.Byte
* java.lang.Integer
* java.lang.Object
* java.lang.Runnable
* java.lang.String
* java.lang.StringBuffer
* java.lang.Thread
* java.util.ArrayList
* org.w3c.dom.Node
* org.w3c.dom.NodeList
*/
package com.samsung.sec.android.application.csc;
import android.app.Service;
import android.content.Context;
import android.content.Intent;
import android.content.SharedPreferences;
import android.os.Bundle;
import android.os.Handler;
import android.os.IBinder;
import android.os.Message;
import android.os.SystemProperties;
import android.util.Log;
import com.samsung.android.sec_platform_library.FactoryPhone;
import com.samsung.android.sec_platform_library.PacketBuilder;
import com.samsung.sec.android.application.csc.CscParser;
import java.io.File;
import java.util.ArrayList;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
public class CscModemSettingService
extends Service {
private static final boolean isMarvell = "mrvl".equalsIgnoreCase(SystemProperties.get((String)"ro.board.platform", (String)"Unknown").trim());
private String CPLockCode = "";
private String DEFAULT_CSC_FILE = CscParser.getCustomerPath();
private String NSPLockCode = "";
private String NetLockCode = "";
private String OTHERS_CSC_FILE = CscParser.getOthersPath();
private String SPLockCode = "";
private int amrVoiceCodec = -1;
private int generalLockInfo = 0;
private int gprsAttachMode = 1;
ArrayList<Byte> mByteArray = new ArrayList();
private Handler mHandler;
private Intent mIntent = null;
private int mItemCount = 0;
private FactoryPhone mPhone = null;
private int networkMode = 0;
private int ssms = -1;
private String strNetworkMode = "auto";
private String strSalesCode = "";
private int unlockCnt = 3;
public CscModemSettingService() {
this.mHandler = new Handler(){
/*
* Enabled aggressive block sorting
* Lifted jumps to return sites
*/
public void handleMessage(Message message) {
int n = message.getData().getInt("error");
switch (message.what) {
default: {
return;
}
case 2000: {
Log.i((String)"CscModemSettingService", (String)"SEND_PRECONFIG_DONE response incoming!!");
if (n == 0) return;
Log.i((String)"CscModemSettingService", (String)"AsyncResult Exception Occur!!!");
return;
}
case 2001: {
Log.i((String)"CscModemSettingService", (String)"SEND_MODEM_DONE response incoming!!");
if (n == 0) return;
Log.i((String)"CscModemSettingService", (String)"AsyncResult Exception Occur!!!");
return;
}
case 2002:
}
Log.i((String)"CscModemSettingService", (String)"SEND_RESET_DONE response incoming!!");
if (n != 0 && !isMarvell) {
Log.i((String)"CscModemSettingService", (String)"AsyncResult Exception Occur!!!");
return;
}
SharedPreferences.Editor editor = CscModemSettingService.this.getSharedPreferences("csc.preferences_name", 0).edit();
editor.putBoolean("csc.key.csc_modem_setting_done", true);
editor.commit();
}
};
}
private void compareLockAndModemInfo() {
this.readModemInfo();
this.readLockInfo();
this.mItemCount = 0;
this.mByteArray = new ArrayList();
this.addModemInfoToBuffer();
this.addLockInfoToBuffer();
Log.i((String)"CscModemSettingService", (String)("compareLockAndModemInfo() : mByteArray = " + this.mByteArray.size()));
this.sendByteBuffer(7, 1);
}
/*
* Enabled aggressive block sorting
*/
private void readLockInfo() {
CscParser cscParser = new CscParser(this.DEFAULT_CSC_FILE);
int n = 5;
this.NetLockCode = "";
this.SPLockCode = "";
this.NSPLockCode = "";
this.CPLockCode = "";
String string = cscParser.get("Settings.Main.Security.UnlockCnt");
this.unlockCnt = string == null ? 3 : new Integer(string);
NodeList nodeList = cscParser.searchList(cscParser.search("Settings.Main.Security."), "NetworkLock");
if (nodeList != null && nodeList.getLength() > 0) {
this.generalLockInfo = 1 | this.generalLockInfo;
for (int i = 0; i < nodeList.getLength(); ++i) {
StringBuffer stringBuffer = new StringBuffer(cscParser.getValue(nodeList.item(i)));
if (stringBuffer.toString().length() == 5) {
n = 5;
stringBuffer.append("#");
} else {
n = 6;
}
Log.i((String)"CscModemSettingService", (String)("NetworkLock > code (" + i + ") : " + stringBuffer.toString()));
this.NetLockCode = this.NetLockCode + stringBuffer.toString();
}
}
Log.i((String)"CscModemSettingService", (String)("NetworkLock > all code : " + this.NetLockCode));
NodeList nodeList2 = cscParser.searchList(cscParser.search("Settings.Main.Security."), "SubsetLock");
if (nodeList2 != null && nodeList2.getLength() > 0) {
this.generalLockInfo = 2 | this.generalLockInfo;
for (int i = 0; i < nodeList2.getLength(); ++i) {
StringBuffer stringBuffer = new StringBuffer(cscParser.getValue(nodeList2.item(i)));
if (stringBuffer.toString().length() == 2) {
stringBuffer.append("#");
}
Log.i((String)"CscModemSettingService", (String)("SubsetLock > code (" + i + ") : " + stringBuffer.toString()));
this.NSPLockCode = this.NSPLockCode + Integer.toString((int)n) + stringBuffer.toString();
}
}
Log.i((String)"CscModemSettingService", (String)("SubsetLock > all code : " + this.NSPLockCode));
NodeList nodeList3 = cscParser.searchList(cscParser.search("Settings.Main.Security."), "SPLock");
if (nodeList3 != null && nodeList3.getLength() > 0) {
this.generalLockInfo = 8 | this.generalLockInfo;
for (int i = 0; i < nodeList3.getLength(); ++i) {
String string2 = cscParser.getValue(nodeList3.item(i));
Log.i((String)"CscModemSettingService", (String)("SPLock > code (" + i + ") : " + string2));
this.SPLockCode = this.SPLockCode + string2;
}
}
Log.i((String)"CscModemSettingService", (String)("SPLock > all code : " + this.SPLockCode));
NodeList nodeList4 = cscParser.searchList(cscParser.search("Settings.Main.Security."), "CPLock");
if (nodeList4 != null && nodeList4.getLength() > 0) {
this.generalLockInfo = 16 | this.generalLockInfo;
for (int i = 0; i < nodeList4.getLength(); ++i) {
String string3 = cscParser.getValue(nodeList4.item(i));
Log.i((String)"CscModemSettingService", (String)("CPLock > code (" + i + ") : " + string3));
this.CPLockCode = this.CPLockCode + string3;
}
}
Log.i((String)"CscModemSettingService", (String)("CPLock > all code : " + this.CPLockCode));
}
/*
* Enabled aggressive block sorting
*/
private void readModemInfo() {
CscParser cscParser = new CscParser(this.DEFAULT_CSC_FILE);
this.strNetworkMode = new CscParser(this.OTHERS_CSC_FILE).get("Settings.Main.Network.NetworkMode");
if (this.strNetworkMode == null) {
String string = SystemProperties.get((String)"ro.csc.sales_code");
this.networkMode = "SKT".equals((Object)string) || "KTT".equals((Object)string) || "LGT".equals((Object)string) ? 0 : 1;
} else if (this.strNetworkMode.equalsIgnoreCase("auto")) {
this.networkMode = 1;
} else if (this.strNetworkMode.equalsIgnoreCase("UMTS")) {
this.networkMode = 2;
} else if (this.strNetworkMode.equalsIgnoreCase("GSM")) {
this.networkMode = 3;
} else if (this.strNetworkMode.equalsIgnoreCase("900")) {
this.networkMode = 4;
} else if (this.strNetworkMode.equalsIgnoreCase("1800")) {
this.networkMode = 5;
} else if (this.strNetworkMode.equalsIgnoreCase("1900")) {
this.networkMode = 6;
}
if (cscParser.get("Settings.Main.Network.AutoAttach") == null) {
this.gprsAttachMode = 1;
} else if (cscParser.get("Settings.Main.Network.AutoAttach").equalsIgnoreCase("on")) {
this.gprsAttachMode = 1;
} else if (cscParser.get("Settings.Main.Network.AutoAttach").equalsIgnoreCase("off")) {
this.gprsAttachMode = 0;
}
if (cscParser.get("Settings.Messages.SMS.SSMS") == null) {
this.ssms = 0;
} else if (cscParser.get("Settings.Messages.SMS.SSMS").equalsIgnoreCase("on")) {
this.ssms = 1;
} else if (cscParser.get("Settings.Messages.SMS.SSMS").equalsIgnoreCase("off")) {
this.ssms = 0;
}
if (cscParser.get("Settings.Main.Sound.AMRVoiceCodec") == null) {
this.amrVoiceCodec = -1;
return;
} else {
if (cscParser.get("Settings.Main.Sound.AMRVoiceCodec").equalsIgnoreCase("enable") || cscParser.get("Settings.Main.Sound.AMRVoiceCodec").equalsIgnoreCase("on")) {
this.amrVoiceCodec = 1;
return;
}
if (!cscParser.get("Settings.Main.Sound.AMRVoiceCodec").equalsIgnoreCase("disable") && !cscParser.get("Settings.Main.Sound.AMRVoiceCodec").equalsIgnoreCase("off")) return;
{
this.amrVoiceCodec = 0;
return;
}
}
}
private void readSalesCode() {
this.strSalesCode = new CscParser(this.DEFAULT_CSC_FILE).get("GeneralInfo.SalesCode");
Log.i((String)"CscModemSettingService", (String)("csc modem strSalesCode = " + this.strSalesCode));
}
private void updateLockInfo() {
String string;
String string2 = CscParser.getSalesCode();
if (!string2.equals((Object)"null") && new File(string = "/system/csc/" + string2 + this.DEFAULT_CSC_FILE).exists()) {
this.DEFAULT_CSC_FILE = string;
}
this.readLockInfo();
this.mItemCount = 0;
this.mByteArray = new ArrayList();
this.addLockInfoToBuffer();
Log.i((String)"CscModemSettingService", (String)("updateLockInfo() : mByteArray Size = " + this.mByteArray.size()));
this.sendByteBuffer(8, 0);
}
private void updateModemInfo() {
this.readSalesCode();
this.sendSalesCode();
this.readModemInfo();
this.mItemCount = 0;
this.mByteArray = new ArrayList();
this.addModemInfoToBuffer();
Log.i((String)"CscModemSettingService", (String)("updateModemInfo() : mByteArray Size = " + this.mByteArray.size()));
this.sendByteBuffer(7, 0);
this.sendResetMsg();
}
public void addLockInfoToBuffer() {
Log.i((String)"CscModemSettingService", (String)"add Lock Info");
this.mByteArray.add((Object)new Byte(-127));
this.mByteArray.add((Object)new Byte(0));
this.mByteArray.add((Object)new Byte(0));
this.mByteArray.add((Object)new Byte(0));
this.mByteArray.add((Object)new Byte(6));
this.mByteArray.add((Object)new Byte(0));
this.mByteArray.add((Object)new Byte(1));
this.mByteArray.add((Object)new Byte(1));
this.mByteArray.add((Object)new Byte(0));
this.mByteArray.add((Object)new Byte(1));
this.mByteArray.add((Object)new Byte(0));
this.mByteArray.add((Object)new Byte((byte)(255 & this.generalLockInfo)));
this.mItemCount = 1 + this.mItemCount;
if ((1 & this.generalLockInfo) > 0) {
int n = this.NetLockCode.length();
int n2 = n + 15;
this.mByteArray.add((Object)new Byte(-126));
this.mByteArray.add((Object)new Byte(0));
this.mByteArray.add((Object)new Byte(0));
this.mByteArray.add((Object)new Byte(0));
this.mByteArray.add((Object)new Byte((byte)(n2 & 255)));
this.mByteArray.add((Object)new Byte((byte)(n2 << 8)));
this.mByteArray.add((Object)new Byte(3));
this.mByteArray.add((Object)new Byte(1));
this.mByteArray.add((Object)new Byte(0));
this.mByteArray.add((Object)new Byte(1));
this.mByteArray.add((Object)new Byte(0));
this.mByteArray.add((Object)new Byte(0));
this.mByteArray.add((Object)new Byte(2));
this.mByteArray.add((Object)new Byte(0));
this.mByteArray.add((Object)new Byte(1));
this.mByteArray.add((Object)new Byte(0));
this.mByteArray.add((Object)new Byte((byte)(255 & this.unlockCnt)));
this.mByteArray.add((Object)new Byte(3));
this.mByteArray.add((Object)new Byte(0));
this.mByteArray.add((Object)new Byte((byte)(n & 255)));
this.mByteArray.add((Object)new Byte((byte)(n << 8)));
new byte[this.NetLockCode.length()];
byte[] arrby = this.NetLockCode.getBytes();
for (int i = 0; i < arrby.length; ++i) {
this.mByteArray.add((Object)new Byte(arrby[i]));
}
this.mItemCount = 1 + this.mItemCount;
}
if ((2 & this.generalLockInfo) > 0) {
int n = this.NSPLockCode.length();
int n3 = n + 15;
this.mByteArray.add((Object)new Byte(-125));
this.mByteArray.add((Object)new Byte(0));
this.mByteArray.add((Object)new Byte(0));
this.mByteArray.add((Object)new Byte(0));
this.mByteArray.add((Object)new Byte((byte)(n3 & 255)));
this.mByteArray.add((Object)new Byte((byte)(n3 << 8)));
this.mByteArray.add((Object)new Byte(3));
this.mByteArray.add((Object)new Byte(1));
this.mByteArray.add((Object)new Byte(0));
this.mByteArray.add((Object)new Byte(1));
this.mByteArray.add((Object)new Byte(0));
this.mByteArray.add((Object)new Byte(0));
this.mByteArray.add((Object)new Byte(2));
this.mByteArray.add((Object)new Byte(0));
this.mByteArray.add((Object)new Byte(1));
this.mByteArray.add((Object)new Byte(0));
this.mByteArray.add((Object)new Byte((byte)(255 & this.unlockCnt)));
this.mByteArray.add((Object)new Byte(3));
this.mByteArray.add((Object)new Byte(0));
this.mByteArray.add((Object)new Byte((byte)(n & 255)));
this.mByteArray.add((Object)new Byte((byte)(n << 8)));
new byte[this.NSPLockCode.length()];
byte[] arrby = this.NSPLockCode.getBytes();
for (int i = 0; i < arrby.length; ++i) {
this.mByteArray.add((Object)new Byte(arrby[i]));
}
this.mItemCount = 1 + this.mItemCount;
}
if ((8 & this.generalLockInfo) > 0) {
int n = this.SPLockCode.length();
int n4 = n + 15;
this.mByteArray.add((Object)new Byte(-124));
this.mByteArray.add((Object)new Byte(0));
this.mByteArray.add((Object)new Byte(0));
this.mByteArray.add((Object)new Byte(0));
this.mByteArray.add((Object)new Byte((byte)(n4 & 255)));
this.mByteArray.add((Object)new Byte((byte)(n4 << 8)));
this.mByteArray.add((Object)new Byte(3));
this.mByteArray.add((Object)new Byte(1));
this.mByteArray.add((Object)new Byte(0));
this.mByteArray.add((Object)new Byte(1));
this.mByteArray.add((Object)new Byte(0));
this.mByteArray.add((Object)new Byte(0));
this.mByteArray.add((Object)new Byte(2));
this.mByteArray.add((Object)new Byte(0));
this.mByteArray.add((Object)new Byte(1));
this.mByteArray.add((Object)new Byte(0));
this.mByteArray.add((Object)new Byte((byte)(255 & this.unlockCnt)));
this.mByteArray.add((Object)new Byte(3));
this.mByteArray.add((Object)new Byte(0));
this.mByteArray.add((Object)new Byte((byte)(n & 255)));
this.mByteArray.add((Object)new Byte((byte)(n << 8)));
new byte[this.SPLockCode.length()];
byte[] arrby = this.SPLockCode.getBytes();
for (int i = 0; i < arrby.length; ++i) {
this.mByteArray.add((Object)new Byte(arrby[i]));
}
this.mItemCount = 1 + this.mItemCount;
}
if ((16 & this.generalLockInfo) > 0) {
int n = this.CPLockCode.length();
int n5 = n + 15;
this.mByteArray.add((Object)new Byte(-123));
this.mByteArray.add((Object)new Byte(0));
this.mByteArray.add((Object)new Byte(0));
this.mByteArray.add((Object)new Byte(0));
this.mByteArray.add((Object)new Byte((byte)(n5 & 255)));
this.mByteArray.add((Object)new Byte((byte)(n5 << 8)));
this.mByteArray.add((Object)new Byte(3));
this.mByteArray.add((Object)new Byte(1));
this.mByteArray.add((Object)new Byte(0));
this.mByteArray.add((Object)new Byte(1));
this.mByteArray.add((Object)new Byte(0));
this.mByteArray.add((Object)new Byte(0));
this.mByteArray.add((Object)new Byte(2));
this.mByteArray.add((Object)new Byte(0));
this.mByteArray.add((Object)new Byte(1));
this.mByteArray.add((Object)new Byte(0));
this.mByteArray.add((Object)new Byte((byte)(255 & this.unlockCnt)));
this.mByteArray.add((Object)new Byte(3));
this.mByteArray.add((Object)new Byte(0));
this.mByteArray.add((Object)new Byte((byte)(n & 255)));
this.mByteArray.add((Object)new Byte((byte)(n << 8)));
new byte[this.CPLockCode.length()];
byte[] arrby = this.CPLockCode.getBytes();
for (int i = 0; i < arrby.length; ++i) {
this.mByteArray.add((Object)new Byte(arrby[i]));
}
this.mItemCount = 1 + this.mItemCount;
}
}
public void addModemInfoToBuffer() {
Log.i((String)"CscModemSettingService", (String)"add Modem Info");
if (this.networkMode > 0) {
this.mByteArray.add((Object)new Byte(-121));
this.mByteArray.add((Object)new Byte(0));
this.mByteArray.add((Object)new Byte(0));
this.mByteArray.add((Object)new Byte(0));
this.mByteArray.add((Object)new Byte(1));
this.mByteArray.add((Object)new Byte(0));
this.mByteArray.add((Object)new Byte((byte)(255 & this.networkMode)));
this.mItemCount = 1 + this.mItemCount;
}
this.mByteArray.add((Object)new Byte(-119));
this.mByteArray.add((Object)new Byte(0));
this.mByteArray.add((Object)new Byte(0));
this.mByteArray.add((Object)new Byte(0));
this.mByteArray.add((Object)new Byte(1));
this.mByteArray.add((Object)new Byte(0));
this.mByteArray.add((Object)new Byte((byte)(255 & this.gprsAttachMode)));
this.mItemCount = 1 + this.mItemCount;
if (this.amrVoiceCodec >= 0) {
this.mByteArray.add((Object)new Byte(-117));
this.mByteArray.add((Object)new Byte(0));
this.mByteArray.add((Object)new Byte(0));
this.mByteArray.add((Object)new Byte(0));
this.mByteArray.add((Object)new Byte(1));
this.mByteArray.add((Object)new Byte(0));
this.mByteArray.add((Object)new Byte((byte)(255 & this.amrVoiceCodec)));
this.mItemCount = 1 + this.mItemCount;
}
this.mByteArray.add((Object)new Byte(-115));
this.mByteArray.add((Object)new Byte(0));
this.mByteArray.add((Object)new Byte(0));
this.mByteArray.add((Object)new Byte(0));
this.mByteArray.add((Object)new Byte(11));
this.mByteArray.add((Object)new Byte(0));
this.mByteArray.add((Object)new Byte(2));
this.mByteArray.add((Object)new Byte(1));
this.mByteArray.add((Object)new Byte(0));
this.mByteArray.add((Object)new Byte(1));
this.mByteArray.add((Object)new Byte(0));
this.mByteArray.add((Object)new Byte((byte)(255 & this.ssms)));
this.mByteArray.add((Object)new Byte(2));
this.mByteArray.add((Object)new Byte(0));
this.mByteArray.add((Object)new Byte(1));
this.mByteArray.add((Object)new Byte(0));
this.mByteArray.add((Object)new Byte(0));
this.mItemCount = 1 + this.mItemCount;
}
public IBinder onBind(Intent intent) {
return null;
}
public void onCreate() {
this.mPhone = new FactoryPhone((Context)this);
}
public void onDestroy() {
super.onDestroy();
this.mPhone.disconnectFromRilService();
}
public void onStart(Intent intent, int n) {
Log.i((String)"CscModemSettingService", (String)"onStart");
this.mIntent = intent;
Thread thread = new Thread(new Runnable(){
public void run() {
if (CscModemSettingService.this.mIntent != null && CscModemSettingService.this.mIntent.hasExtra("MODE")) {
String string = CscModemSettingService.this.mIntent.getStringExtra("MODE");
if ("SET_LOCK_INFO".equals((Object)string)) {
Log.i((String)"CscModemSettingService", (String)"SET_LOCK_INFO for modem values. (PHASE 1 writing)");
CscModemSettingService.this.updateLockInfo();
}
if ("SET_MODEM_INFO".equals((Object)string)) {
Log.i((String)"CscModemSettingService", (String)"SET_MODEM_INFO for modem values. (PHASE 2 writing)");
CscModemSettingService.this.updateModemInfo();
}
if ("COMPARE_VERIFY_MODEM".equals((Object)string)) {
Log.i((String)"CscModemSettingService", (String)"COMPARE_VERIFY for modem values. ");
CscModemSettingService.this.compareLockAndModemInfo();
}
return;
}
Log.i((String)"CscModemSettingService", (String)"NO EXTRA");
}
});
thread.setPriority(10);
thread.start();
}
public void sendByteBuffer(int n, int n2) {
int n3 = this.mByteArray.size();
byte[] arrby = new byte[n3];
for (int i = 0; i < n3; ++i) {
arrby[i] = ((Byte)this.mByteArray.get(i)).byteValue();
}
Log.i((String)"CscModemSettingService", (String)"sendByteBuffer");
PacketBuilder packetBuilder = new PacketBuilder(6, (byte)n);
if (n == 7) {
packetBuilder.addData((byte)n2);
}
packetBuilder.addData((byte)this.mItemCount);
packetBuilder.addData(arrby, 0, n3);
this.mPhone.invokeOemRilRequestRaw(packetBuilder.getPacket(), this.mHandler.obtainMessage(2001));
}
public void sendResetMsg() {
Log.i((String)"CscModemSettingService", (String)"sendResetMsg");
PacketBuilder packetBuilder = new PacketBuilder(6, 5);
packetBuilder.addData(1);
if (this.mPhone != null) {
this.mPhone.invokeOemRilRequestRaw(packetBuilder.getPacket(), this.mHandler.obtainMessage(2002));
return;
}
Log.e((String)"CscModemSettingService", (String)"sendResetMsg fail");
}
public void sendSalesCode() {
Log.i((String)"CscModemSettingService", (String)"sendSalesCode");
if (this.strSalesCode == null) {
return;
}
PacketBuilder packetBuilder = new PacketBuilder(6, 1);
packetBuilder.addData(0);
packetBuilder.addData(0);
packetBuilder.addData(this.strSalesCode.getBytes(), 0, this.strSalesCode.getBytes().length);
this.mPhone.invokeOemRilRequestRaw(packetBuilder.getPacket(), this.mHandler.obtainMessage(2000));
}
}
It appears to read the lock codes from the /system/CSC and then update them in the modem through RIL function invokeOemRilRequestRaw (this is also the same api that samsung servicemode app uses). This is on an sgh m919.
Perhaps this could be copied, but we could instead send 00000000 as the new NetLock code?
Obviously this would require root and require the app to be running as a system app since we are calling a protected RIL function (unless we use the Samsung @multiclient api, that requires no privileges and is implemented in stock). But it would be simple to make such an app if this method works. I also discovered that unlockCnt is the number of tries you get for the network unlock code before it is locked out, not that it matters if we can just change the code to whatever we want.
Edit: looks like it is not setting the network lock key as I originally thought, but instead setting a list of allowed MCCMNC that are read from the CSC.
So if the phone was locked to MCCMNCs (making these up)
310020
48262
137373
Payload would be
31002048262#137373
I think these are being written to NVRAM through the raw ril requests
There might be another value that controls whether the region/network lock is on at all. Maybe if we just set it to an empty string, it will turn off?
I know that the app RegionLockAway works somewhat like this. It makes changes to the CSC file and then invokes CSC.apk to send the changes to the modem.

General RedMagic 7&7Pro EDL firehose

This is the firehose for RedMagic 7 and 7Pro, it should work on both CN and global version.
Extracted from the leaked CN firmware.
A small gift for all RedMagic 7&7Pro user.
Good Luck

Thanks from all Nubia community.

I checked, it didn't work for me, on rm 7 PRO.
02:13:54: INFO: User requested *semi-verbose* logging with --loglevel=1 - This is default
02:13:54: INFO: User wants to talk to port '\\.\COM3'
02:13:54: DEBUG: port_fd=0x128
02:13:54: INFO: Took 0.00000000 seconds to open port
02:13:54: INFO: Sorting TAGS to ensure order is <configure>,<erase>, others, <patch>,<power>
02:13:54: INFO: If you don't want this, use --dontsorttags
02:13:54: INFO: Sending <configure>
02:13:54: DEBUG: CHANNEL DATA (P0000) (H00202) ( 228 bytes) - HOST TO TARGET -->
===========================================================================================================
<?xml version="1.0" encoding="UTF-8" ?>
<data>
<configure MemoryName="emmc" Verbose="0" AlwaysValidate="0" MaxDigestTableSizeInBytes="8192" MaxPayloadSizeToTargetInBytes="1048576" ZlpAwareHost="1" SkipStorageInit="0" />
</data>
============================================================================================================
02:13:54: DEBUG: CharsInBuffer=0 Trying to read from USB 8192 bytes
02:13:54: DEBUG: CHANNEL DATA (16 bytes) <-- TARGET to HOST
02:13:54: DEBUG: CharsInBuffer = 16
02:13:54: DEBUG: printBuffer:5423 PRETTYPRINT Buffer is 16 bytes
02:13:54: DEBUG: printBuffer:5500 04 00 00 00 10 00 00 00 0D 00 00 00 01 00 00 00 ................
02:13:54: DEBUG: printBuffer:5513
_____
| ___|
| |__ _ __ _ __ ___ _ __
| __| '__| '__/ _ \| '__|
| |__| | | | | (_) | |
\____/_| |_| \___/|_|
02:13:54: {ERROR: DetermineTag:6224 XML not formed correctly. Expected a < character at loc 0
_____
| ___|
| |__ _ __ _ __ ___ _ __
| __| '__| '__/ _ \| '__|
| |__| | | | | (_) | |
\____/_| |_| \___/|_|
02:13:54: {ERROR: GetNextPacket:7298 3. TAG not found or recognized
_____
| ___|
| |__ _ __ _ __ ___ _ __
| __| '__| '__/ _ \| '__|
| |__| | | | | (_) | |
\____/_| |_| \___/|_|
02:13:54: {ERROR: GetNextPacket:7308
There is a chance your target is in SAHARA mode!!
There is a chance your target is in SAHARA mode!!
There is a chance your target is in SAHARA mode!!
This can mean
1. You forgot to send DeviceProgrammer first (i.e. QSaharaServer.exe -s 13rog_emmc_firehose_8994_lite.mbn)
2. OR, you did send DeviceProgrammer, but it has crashed and/or is not correct for this target
Regardless this program speaks FIREHOSE protocol and your target is speaking SAHARA protcol, so this will not work

swaper1232 said:
I checked, it didn't work for me, on rm 7 PRO.
02:13:54: INFO: User requested *semi-verbose* logging with --loglevel=1 - This is default
02:13:54: INFO: User wants to talk to port '\\.\COM3'
02:13:54: DEBUG: port_fd=0x128
02:13:54: INFO: Took 0.00000000 seconds to open port
02:13:54: INFO: Sorting TAGS to ensure order is <configure>,<erase>, others, <patch>,<power>
02:13:54: INFO: If you don't want this, use --dontsorttags
02:13:54: INFO: Sending <configure>
02:13:54: DEBUG: CHANNEL DATA (P0000) (H00202) ( 228 bytes) - HOST TO TARGET -->
===========================================================================================================
<?xml version="1.0" encoding="UTF-8" ?>
<data>
<configure MemoryName="emmc" Verbose="0" AlwaysValidate="0" MaxDigestTableSizeInBytes="8192" MaxPayloadSizeToTargetInBytes="1048576" ZlpAwareHost="1" SkipStorageInit="0" />
</data>
============================================================================================================
02:13:54: DEBUG: CharsInBuffer=0 Trying to read from USB 8192 bytes
02:13:54: DEBUG: CHANNEL DATA (16 bytes) <-- TARGET to HOST
02:13:54: DEBUG: CharsInBuffer = 16
02:13:54: DEBUG: printBuffer:5423 PRETTYPRINT Buffer is 16 bytes
02:13:54: DEBUG: printBuffer:5500 04 00 00 00 10 00 00 00 0D 00 00 00 01 00 00 00 ................
02:13:54: DEBUG: printBuffer:5513
_____
| ___|
| |__ _ __ _ __ ___ _ __
| __| '__| '__/ _ \| '__|
| |__| | | | | (_) | |
\____/_| |_| \___/|_|
02:13:54: {ERROR: DetermineTag:6224 XML not formed correctly. Expected a < character at loc 0
_____
| ___|
| |__ _ __ _ __ ___ _ __
| __| '__| '__/ _ \| '__|
| |__| | | | | (_) | |
\____/_| |_| \___/|_|
02:13:54: {ERROR: GetNextPacket:7298 3. TAG not found or recognized
_____
| ___|
| |__ _ __ _ __ ___ _ __
| __| '__| '__/ _ \| '__|
| |__| | | | | (_) | |
\____/_| |_| \___/|_|
02:13:54: {ERROR: GetNextPacket:7308
There is a chance your target is in SAHARA mode!!
There is a chance your target is in SAHARA mode!!
There is a chance your target is in SAHARA mode!!
This can mean
1. You forgot to send DeviceProgrammer first (i.e. QSaharaServer.exe -s 13rog_emmc_firehose_8994_lite.mbn)
2. OR, you did send DeviceProgrammer, but it has crashed and/or is not correct for this target
Regardless this program speaks FIREHOSE protocol and your target is speaking SAHARA protcol, so this will not work
Click to expand...
Click to collapse
File updated, try again

Sorry, maybe I'm wrong. I'm ready to check the file. How can I help and how can I do it?

swaper1232 said:
I checked, it didn't work for me. rm 7 PRO
23:25:13: INFO: User requested *semi-verbose* logging with --loglevel=1 - This is default
23:25:13: INFO: User wants to talk to port '\\.\COM3'
23:25:13: DEBUG: port_fd=0x12C
23:25:13: INFO: Took 0.00000000 seconds to open port
23:25:13: INFO: Sorting TAGS to ensure order is <configure>,<erase>, others, <patch>,<power>
23:25:13: INFO: If you don't want this, use --dontsorttags
23:25:13: INFO: Sending <configure>
23:25:13: DEBUG: CHANNEL DATA (P0000) (H00202) ( 227 bytes) - HOST TO TARGET -->
===========================================================================================================
<?xml version="1.0" encoding="UTF-8" ?>
<data>
<configure MemoryName="ufs" Verbose="0" AlwaysValidate="0" MaxDigestTableSizeInBytes="8192" MaxPayloadSizeToTargetInBytes="1048576" ZlpAwareHost="1" SkipStorageInit="0" />
</data>
============================================================================================================
23:25:13: DEBUG: CharsInBuffer=0 Trying to read from USB 8192 bytes
23:25:13: DEBUG: CHANNEL DATA (16 bytes) <-- TARGET to HOST
23:25:13: DEBUG: CharsInBuffer = 16
23:25:13: DEBUG: printBuffer:5423 PRETTYPRINT Buffer is 16 bytes
23:25:13: DEBUG: printBuffer:5500 04 00 00 00 10 00 00 00 0D 00 00 00 01 00 00 00 ................
23:25:13: DEBUG: printBuffer:5513
_____
| ___|
| |__ _ __ _ __ ___ _ __
| __| '__| '__/ _ \| '__|
| |__| | | | | (_) | |
\____/_| |_| \___/|_|
23:25:13: {ERROR: DetermineTag:6224 XML not formed correctly. Expected a < character at loc 0
_____
| ___|
| |__ _ __ _ __ ___ _ __
| __| '__| '__/ _ \| '__|
| |__| | | | | (_) | |
\____/_| |_| \___/|_|
23:25:13: {ERROR: GetNextPacket:7298 3. TAG not found or recognized
_____
| ___|
| |__ _ __ _ __ ___ _ __
| __| '__| '__/ _ \| '__|
| |__| | | | | (_) | |
\____/_| |_| \___/|_|
23:25:13: {ERROR: GetNextPacket:7308
There is a chance your target is in SAHARA mode!!
There is a chance your target is in SAHARA mode!!
There is a chance your target is in SAHARA mode!!
This can mean
1. You forgot to send DeviceProgrammer first (i.e. QSaharaServer.exe -s 13rog_emmc_firehose_8994_lite.mbn)
2. OR, you did send DeviceProgrammer, but it has crashed and/or is not correct for this target
Regardless this program speaks FIREHOSE protocol and your target is speaking SAHARA protcol, so this will not work
Click to expand...
Click to collapse
Check your phone and your setting on your PC, the file confirmed working

JerryYin said:
Check your phone and your setting on your PC, the file confirmed working
Click to expand...
Click to collapse
I'm ready to check the file. How can I help and how can I do it?

swaper1232 said:
I'm ready to check the file. How can I help and how can I do it?
Click to expand...
Click to collapse
hello , check file format after unzip.... MELF -> ELF ...

chill30 said:
hello , check file format after unzip.... MELF -> ELF ...
Click to expand...
Click to collapse
I have a bricked Nubia 7 PRO device. It enters fastboot and EDL mode. What needs to be done to flash the bootloader using the firehose file. I run QFIL, and in addition to .elf I see that I need rawprogram.xml. Where can I get it?

Download the firmware files from redmagic's support site and use Fastboot Enhance to flash the payload
Bricked my phone couple of hours ago fixed this way

JerryYin said:
This is the firehose for RedMagic 7 and 7Pro, it should work on both CN and global version.
Extracted from the leaked CN firmware.
A small gift for all RedMagic 7&7Pro user.
Good Luck
Click to expand...
Click to collapse
do you have magic 8 pro firehouse ?