Hi All
I recently bricked my Acer A210 and it's running in APX mode. In a effort to bring it back to life i have been researching the jtag setup.
As you can see from this image, on the rigth hand side is JDBUG1, with pin 1 mark at the top.
Now this is a A510 in the image, but the same 10 pin connect is on my A210 and possibly on the A700,
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Now using many different tegra3 manuals and dev board guides i've reversed the jtag connector, well mostly, I've some more to confirm but i though i would put this out there in case any one has any thing to add, i will also upload as much info as i have and the pdf in case any one want to confirm my research,
Hopefully we can fix without $$$$ hardware.
I have a o'scope (30 years old crt based) ,arduino, buspirate, Open Source logic sniffer.
The latter two from dangerous prototypes, the main one i will use is the bus pirate in jtag mode.
I have already connected the buspirate up but no results i could rely on so i went back to research, here is what i've turned up ,
Code:
1 1.8v Tegra System Voltage
2 TRST (on A210 a 0R resistor is missing or 'un-stuffed' or not 'stuffed', see info about tying to gnd for CPU access )
3 10K to +v 1.8v for TDI
4 10K to +v 1.8v for TMS
5 100K to GND for TCK
6 10K to GND for RTCK (Return clock , see [URL="http://en.wikipedia.org/wiki/Joint_Test_Action_Group"]RTCK wiki[/URL] )
7 TDO (direct into CPU )
8 HOT_RESET (1.8v)
9 ON_KEY# (+5v )
10 GND
Now this information has been gleamed from many sources.
please see attached images for now, on the A210 the tracks are more exposed but I think its safe to assum the debug connector pin outs would be the same for the 3 devices,
EDIT** Ive found the A510 Schematic Online A510 Schematic - See Page 7 for JTAG
darkspr1te
<place holder for additional files>
Various Tegra(3) Files
Tegra Files / Manuals / PDFs ETC
Very interesting stuff, unfortunately my knowledge is not sufficient to contribute. But i'll definitely follow this topic, hope you can fix it.
Always an awesome moment went you succeeded "DIY" without spending big bucks.
herogjan said:
Very interesting stuff, unfortunately my knowledge is not sufficient to contribute. But i'll definitely follow this topic, hope you can fix it.
Always an awesome moment went you succeeded "DIY" without spending big bucks.
Click to expand...
Click to collapse
Yes, when We have that eureka moment and it works it's a great feeling, sadly I am not having that moment yet with the Acer. But I wont give up.
I am taking a break from the actual JTAG hacking part for Xmas and just to give myself a break from IT, I will return to the project in the new year.
Darkspr1te
What can we do with JTAG on our Acer Axxx ?
Envoyé de mon GT-I9505 en utilisant Tapatalk
imtheyoyo said:
What can we do with JTAG on our Acer Axxx ?
Envoyé de mon GT-I9505 en utilisant Tapatalk
Click to expand...
Click to collapse
We will be able to turn it into the most powerful tablet and take over the world *evil laugh*. Or we could recover our bricked tablets that are in apx mode like he said in post 1.
Sent from my A701 using Tapatalk
Hi All,
I've made some progress
Code:
> scan_chain
TapName Enabled IdCode Expected IrLen IrCap IrMask
-- ------------------- -------- ---------- ---------- ----- ----- ------
0 tegra3.arm Y 0x330173d7 0x330173d7 2 0x01 0x01
> jtag init
JTAG tap: tegra3.arm tap/device found: 0x330173d7 (mfg: 0x1eb, part: 0x3017, ver: 0x3)
> halt
Halt timed out, wake up GDB.
timed out while waiting for target halted
in procedure 'halt'
Cant get cpu to halt, could be due to many things, am i taking to the right core? it the jtag instructions i am sending the right ones for the arm/corex cores
right now, I dont know, most users dont document building the jtag instruction up so it's going to be new for me.
darkspr1te
Hi All,
I've made some progress
Code:
> scan_chain
TapName Enabled IdCode Expected IrLen IrCap IrMask
-- ------------------- -------- ---------- ---------- ----- ----- ------
0 tegra3.arm Y 0x330173d7 0x330173d7 2 0x01 0x01
> jtag init
JTAG tap: tegra3.arm tap/device found: 0x330173d7 (mfg: 0x1eb, part: 0x3017, ver: 0x3)
> halt
Halt timed out, wake up GDB.
timed out while waiting for target halted
in procedure 'halt'
Cant get cpu to halt, could be due to many things, am i taking to the right core? it the jtag instructions i am sending the right ones for the arm/corex cores
right now, I dont know, most users dont document building the jtag instruction up so it's going to be new for me.
EDIT** Seems what I am looking at here is the JTAG Route controller (similar to TI's ICEPICK router controller) but as I have not information yet on how to shift the router controller I am lost, Anyone got any input ?
for the ICEPICK it does the following commands to setup the router controller
Code:
# Utilities for TI ICEpick-C ... used in DaVinci, OMAP3, and more.
# jrc == TAP name for the ICEpick
# port == a port number, 0..15
proc icepick_c_tapenable {jrc port} {
# NOTE: it's important not to enter RUN/IDLE state until
# done sending these instructions and data to the ICEpick.
# And never to enter RESET, which will disable the TAPs.
# select router
irscan $jrc 7 -endstate IRPAUSE
drscan $jrc 8 0x89 -endstate DRPAUSE
# set ip control
irscan $jrc 2 -endstate IRPAUSE
drscan $jrc 32 [expr 0xa0002108 + ($port << 24)] -endstate DRPAUSE
irscan $jrc 0x3F -endstate RUN/IDLE
runtest 10
}
Now i dont know if the Tegra3 has it's own route controller an how it's programmed/setup
This is my first time into JTAG so it's a massive learning curve,
I am assuming that once i send the tegra3 the correct IRSCAN/DRSCAN jtag codes it will setup access in to the device further.
EDIT **
Some additional information I am still trying to understand/process, it's from tegra2 but one could assume it's valid for tegra3 as a lot of what i've turned up has been the case. This excludes security
based information
Code:
Note that in the circuit in Figure 24, there is an optional resistor on JTAG_TRST_N. For normal JTAG operation, this resistor
should not be present. The JTAG_TRST_N pin on the Tegra 250 selects whether the JTAG interface is to be used for
communicating with the Tegra 250 CPU complex, or for Test/Scan purposes. When JTAG_TRST_N is pulled low, the JTAG
interface is enabled for access to the CPU complex. When high, it is in Test/Scan mode.
When used in the normal operating mode to access the internal CPUs, in order to reset the Tegra 250 JTAG block, a reset
command is used rather than toggling the JTAG_TRST_N pin.
darkspr1te
imtheyoyo said:
What can we do with JTAG on our Acer Axxx ?
Envoyé de mon GT-I9505 en utilisant Tapatalk
Click to expand...
Click to collapse
Right now, with current public information, Nothing. But Who knows what it may turn up, access to SBK maybe? I dont know, I am not that level of expert, but it may turn up some interesting stuff. it may allow users to debrick devices (hopefully)
Let me start todays post off with a small request,
if anyone knows of a guide to using openocd/buspirate to investigate a jtag connection that is totally unknown then please post a link here,
I have read billions (well maybe dozens) of ducuments talking about boundry scans, config files, jtag route controllers but it seems almost none show you, they all are the same, they talk about in a vague way that your already ment to know what they are on about. Gah.
Anyway, i've ran some irscan/drscan commands and i've really got no where, i am confirming that keeping TRSRT high gives you the IDCODE of 0x330173d7 and if low then it errors out and you get all zeros,
ive found some tegra2 setup files for a jtag system called BDI-x0000 and they include a lot of info on the registers which are similar if not the same as tegra3, but the IDCODE is different and it's a different language to openocd, again plenty of documents hint at it being a simple conversion but i dont see it, maybe a case of 'cant see the wood for the trees' but it's not for noobs, which drives me a little insane,
Has anyone seen any docs of nexus 7 jtag ? i mean it's operation/setup not pin outs, i've got copies of that info but not actual irscan/drscan codes or anything.
Well I hope someone can provide a little input.
darkspr1te
Let me start todays post off with a small request,
if anyone knows of a guide to using openocd/buspirate to investigate a jtag connection that is totally unknown then please post a link here,
I have read billions (well maybe dozens) of ducuments talking about boundry scans, config files, jtag route controllers but it seems almost none show you, they all are the same, they talk about in a vague way that your already ment to know what they are on about. Gah.
Anyway, i've ran some irscan/drscan commands and i've really got no where, i am confirming that keeping TRSRT low gives you the IDCODE of 0x330173d7 and if high then it errors out and you get all zeros,
ive found some tegra2 setup files for a jtag system called BDI-x0000 and they include a lot of info on the registers which are similar if not the same as tegra3, but the IDCODE is different and it's a different language to openocd, again plenty of documents hint at it being a simple conversion but i dont see it, maybe a case of 'cant see the wood for the trees' but it's not for noobs, which drives me a little insane,
Has anyone seen any docs of nexus 7 jtag ? i mean it's operation/setup not pin outs, i've got copies of that info but not actual irscan/drscan codes or anything.
Well I hope someone can provide a little input.
darkspr1te
Click to expand...
Click to collapse
And i am double posting again.
After trying to deal with Acer to resolve the APX issue this is what hapnned
Code:
Sunil: Hi, my name is Sunil. How may I help you?
darkspr1te: hello
Sunil: Hello, darkspr1te.
darkspr1te: Hi Sunil, happy new year
darkspr1te: I have a Acer A210 that stopped booting, windows detects it as a Nvidia APX device
Sunil: Thank you and same to you.
Sunil: I am sorry to know about the issue.
Sunil: Do not worry. I will do my best to resolve the issue.
Sunil: I have the SNID number as 23203532115, is it correct?
darkspr1te: One sec let me double check
darkspr1te: yes that is correct
Sunil: Thank you for the confirmation.
darkspr1te: so what is the way forward ?
Sunil: In order to help you in a better way, please let me know the name of the country you reside now.
Sunil: Sure, I will help you in this regard.
Sunil: In order to help you in a better way, please let me know the name of the country you reside now.
darkspr1te: i am currently in Zambia, Ive tried for the past two weeks to get support from South Africa which is the closest agent to where I am, please dont tell me that i can only deal with them, they dont answer emails or live chat (i have screen shots and email logs to show this)
Sunil: I am sorry for that.
darkspr1te: so what is the way forward ?
Sunil: Your chat has come through to the Acer UK Support; hence, we are unable to assist with your enquiry.
We are able to assist UK customers with technical queries for products covered under warranty.
Sunil: Please click on the link below and select your country. You will then be directed to your local Acer website with the Service and Support section, containing contact details for your local Acer service centre.
Here is the weblink: http://www.acer.com/worldwide/support/
darkspr1te: Suni, ive tried that link, i've got nowhere, please I am begging you to help
Sunil: I completely understand your concern, darkspr1te. We are able to assist UK customers with technical queries for products covered under warranty.
darkspr1te: I am a uk customer, I carry a british passport, I can trace my family back 150 years in uk and I purchased the device in UK. what more do you need?
darkspr1te: I am only out of the country on work.
Sunil: darkspr1te, from our records, I see the unit is purchased in Zambia. We cannot pull any information of the unit.
darkspr1te: Thats impossible, I personally purchased it in Portsmouth , we have NO ACER agent or reseller here in Zambia
Sunil: I am sorry for that.
darkspr1te: Please I am begging you, just give me My Secure Boot key for the device that I purchased and own, i can deal with the rest my self
Sunil: Please be online for 2 minutes while I check the information on your query.
darkspr1te: thansk you
Sunil: Thank you.
Sunil: Thank you for staying online. I appreciate your patience.
Sunil: darkspr1te, please let me know the exact issue with the unit to assist you in a better way.
darkspr1te: The unit does not boot, it is only detectedd in windows as Nvidia APX device
Sunil: Alright.
darkspr1te: prior to that it rebooted while watching a movie and in the top left it said fastboot error
Sunil: Okay.
Sunil: darkspr1te, I have checked my records, We cannot come to a conclusion regarding the fault without the unit being physically diagnosed by the technician. I request you to contact South Africa Acer support for more information.
darkspr1te: Then can you please provide me with my Secure Boot key for the device so I can resolve the issue myself.
Sunil: I am so sorry, We do not have such information available.
Sunil: Is there anything else I may help you with?
darkspr1te: actually thats not true,I have a contact in uk who used to work with acer support and he said you can send a BCT config file which is keyed with my boot key and only usable on my device, sadly he left acer otherwise it would be him i would be talking to
Sunil: darkspr1te, If we had the options, we would have definitely helped you. we hope you can understand the situation.
darkspr1te: using the BCT file and nvidia NVFLASH i can fix my device in seconds
Sunil: We do not have such information available.
Sunil: I request you to contact South Africa Acer support for more information.
darkspr1te: then who does
Sunil: Is there anything else I may help you with?
darkspr1te: south africa HAVE NOT responded at all
Sunil: We are able to assist UK customers who reside in UK with technical queries for products covered under warranty.
darkspr1te: fine
Sunil: I request you to contact South Africa Acer support for more information.
Sunil: Is there anything else I may help you with?
darkspr1te: you're joking right ?
Sunil: darkspr1te, If we had the options, we would have definitely helped you. we hope you can understand the situation.
darkspr1te: No I dont understand, I dont know why I have a device that I cannot use because Acer is withholding the key to my own device
darkspr1te: you i had a nexus 7 with same tegra3 cpu and they gave me the secure key within a day of me reqquesting it
Sunil: darkspr1te, you have contacted Acer UK hardware technical support department and we do not have such information available with us. I request you to contact South Africa Acer support for more information.
Sunil: It was a pleasure working with you. Thank you for contacting Acer live chat. Have a nice day.
I will no longer recomend acer devices, I am pulling my github files for the acer as I dont want to be responsable for bricking someone else's device either. I just hope that someone at acer reads this and knows how useless chat/email support is.
darkspr1te
Another support agent in south africa, who after 3 hours of contant hello's finally answered.
Code:
Jacques: Hi, my name is Jacques. How may I help you?
darkspr1te: hello
darkspr1te: hello, is there anyone there
Jacques: yes can we help you?
darkspr1te: i have a acer A210 and it's not booting , i was watching a video and it rebooted, in the top left it said fastboot error and now windows only detects Nvidia APX device
Jacques: you will have to restore the operating system
darkspr1te: ok,
darkspr1te: how do i do that ?
Jacques: you can send it in for repair so we can reflash the device
darkspr1te: Jacques, I am currently not in a situation where that can be done, please I am begging you to assist me with my secure boot key so i can do it, I've sent two tablets to south africa in the past, first one stolen, second one came back still broken ( at the cost of the tablet), i cant afford the third.
darkspr1te: i know using nvflash and the BCT file thats linked to my secure boot key will fix the device
Jacques: we do not supply the files available for download on any of our sites , so to get assistance you will have to send it for repairs
darkspr1te: but I cant, please, i am begging.
darkspr1te: hello, are you still there
Jacques: I'm here
Jacques: unfortunately nothing more I can assist with as the files you looking for is not available for downbload
darkspr1te: Please Jacques, I am only asking for the key to my own device,
darkspr1te: i can give you the URL for acer Tiawan where acer support perrsonell get the key from
darkspr1te: but as i dont have a acer login account i cant get the key for my device
darkspr1te: if i had the key i can just use NVFLASH to fix in seconds
darkspr1te: all you need is the CPUID
darkspr1te: which is androidboot.serialno=015d256487300205
darkspr1te: ?
darkspr1te: are you still there
darkspr1te: hello
darkspr1te: hello
darkspr1te: hello
darkspr1te: anyone there ?
That was support in south africa
darkspr1te
Hi All,
i recently picked up this project again, I've got some new doc's and info but as yet no solution.
My current thinking is to attack the emmc, to which ive produced some photo doc's to upload.
In the first picture is the underneath of the emmc,
Red is CLK or clock
Yellow is CMD or command
light blue is VSS @ 1.8v
red border shows the outline of the emmc chip on the otherside of the pcb. see the picture called blend for a blended view of the same.
My current thinking is the emmc has failed or locked up, why ? well on the clock and cmd lines i get a nice clear trace on my logic sniffer and scope,
Now looking at the the picture called marked, look in the bottom right of the red box, those resistors more or less lighn up with the DAT0/7 pins but i do not get any signal at all from them with the scope. The system outputs CMD's down the CMD line to the emmc at power on, that and the clock can clearly be seen on the scope.
I have also referred to the a510 schema and emmc pins are ment to be the following on the T30 cpu
Dat0 - B6 (z = floating)
CLK - F8 z
CMD - H10 z
i have hunted around this area with the scope and found nothing.
from the SMARC sAT30 manual, it says the following for the EMMC
Either A:
DAT0 - K1 (pu = pull up)
CMD -N6 pu
CLK - M6 pu
or B:
DAT0 L27
CMD - J29
CLK - G30
both location have not shown either clk/cmd or a response from DAT0. Still more research to do.
last time i buy a tegra i can tell you. damn locked up piece of sh!t.
darkspr1te
Edit: I forgot to add the specs for the EMMC
Samsung KLMAG2GE4A
PDF attached
Futher reading ont this emmc at ps3wiki http://www.psdevwiki.com/ps3/KLMAG2GE4A-A001
More pictures Of EMMC
Final group of pictures
WTF! That eMMC is really blank! Do you have any info on that? Can you do anything to it's surface to see what it says?
Also, on the OP schematics there's a "UART debug" port. What's on that?
I am having a similar issue using JTAG on a Tegra 2 device.
Would it possible for you to post the Tegra 2 documentation you have?
darkspr1te said:
EDIT **
Some additional information I am still trying to understand/process, it's from tegra2 but one could assume it's valid for tegra3 as a lot of what i've turned up has been the case. This excludes security
based information
Code:
Note that in the circuit in Figure 24, there is an optional resistor on JTAG_TRST_N. For normal JTAG operation, this resistor
should not be present. The JTAG_TRST_N pin on the Tegra 250 selects whether the JTAG interface is to be used for
communicating with the Tegra 250 CPU complex, or for Test/Scan purposes. When JTAG_TRST_N is pulled low, the JTAG
interface is enabled for access to the CPU complex. When high, it is in Test/Scan mode.
When used in the normal operating mode to access the internal CPUs, in order to reset the Tegra 250 JTAG block, a reset
command is used rather than toggling the JTAG_TRST_N pin.
darkspr1te
Click to expand...
Click to collapse
Tom_Perman said:
I am having a similar issue using JTAG on a Tegra 2 device.
Would it possible for you to post the Tegra 2 documentation you have?
Click to expand...
Click to collapse
I can tell that you will find the most useful docs via baidu
also search for terga2 and terga3, some docs were misspelled.
I will post any documentation i've created if I can find it, i've recently moved a lot of data to archive that i was not working on, the acer stuff was among it .
How far along are you jtag wise? any comms with the chips ?
darkspr1te
Tom_Perman said:
I am having a similar issue using JTAG on a Tegra 2 device.
Would it possible for you to post the Tegra 2 documentation you have?
Click to expand...
Click to collapse
Do you have a photo with your JTAG connection? which acer is it?
Related
So I have the unfortiounet task of fixing a tablet for a co-worker. The co-worker origionally gave the tablet to another co-worker who, unknowingly at the time, flashed firmware for the previous generation device. To make a long story short, it boots ok, Screen sensors sound wireless etc works EXCEPT the touchscreen.
I do not think that the drivers that were with the rom he installed were correct (go figure, newer device ... larger screen etc.)
So my first question How would I go about determining the touchscreen hardware without cracking open the case?
I know in a *nix environment you can use lspci or lsusb to get some basic information about the hardware on the usb or pci busses but I dont think that archetecture exists here, I may be wrong.
Ultimatly If an existing driver cannot be found I am facing writing a driver for the hardware at hand.
Thanks in advance for advice/help.
Anyone?
Identifying touch screen controllers
I'm having trouble finding drivers too. Starting with touch screen manufacturer.
This looks promising.
w w w. touch-base. com
/documentation/ identifying%20touch%20screen%20controllers. htm
(sorry for the screwed up link. the site doesn't allow new posters to post outside links.)
If you find a good source for drivers let me know.
Thanks,
The frustrating part is NEC has a dedicated product page but they have no drivers and only the manual for the non-touch version of the monitor.
NEC AccuSync LCD51-BK-TR (i.e. ASLCD51-BK-TR) 15" LCD touch screen monitor.
This is a simple guide for fellow developers on how to access the UART console on this phone. This is not something people should do on their phones, and this is NOT JTAG or anything along those lines. UART is for debugging purposes only, not for recovering dead phones.
Now note that I'm still learning all about this so it's not working 100%. I have no access to the bootloader at this stage and the kernel kills UART by changing the baud rate once the UART drivers are initialised.
Requirements
A USB cable you can cut up to make the UART cable
A level converter to convert the UART lines to USB (I use my Arduino)
A 523Kohm resistor
Soldering skills
Sharp craft knife
Software for viewing TTY connections (I use PuTTY on Windows)
Steps
You need to remove the plastic from the micro USB connector with a knife so you can access the pins and wires inside it.
Unsolder all the wires from it
Resolder the wires with this configuration:
Vcc (Pin 1) -> Do not connect
D- (Pin 2) -> RXD
D+ (Pin 3) -> TXD
ID (Pin 4) -> Attach one leg of the 523Kohm resistor to this, and the other to GND
GND (Pin 5) -> GND (MUST BE CONNECTED TO PHONE AND LEVEL CONVERTER)
Connect the level converter to the computer
Start the TTY software with this configuration: 115200 baud, 8N1, no flow control and start the connection
Connect to the phone via ADB Shell and enter:
Code:
su
echo PDA > /sys/devices/platform/switch-sio/uart_sel
Turn the phone off completely
Connect the UART cable to the phone
Remove the battery from the phone to ensure it is off completely and reinsert it
You should get at least 'Uncompressing Linux... done, booting the kernel.' show up on the console after a few seconds. If you don't, then you have missed a step. Go back to the top and try again.
Steps to enable kernel support for UART
Samsung disabled early printk on the device, most likely out of laziness. We need to reenable it.
Go to your kernel source code and do make menuconfig
You will need to change the code for CMDLINE to add support for CMDLINE_EXTEND. You can see what needs to be changed by looking at kernel 3.0s sources and looking at arch/arm/kernel/setup.c, and changing the code in there. Just do a search for CMDLINE_FORCE and it will bring you to the function that needs modified. You will also need to modify /arch/arm/Kconfig to add the choice in make menuconfig for enable CMDLINE_EXTEND
Go to "Boot options"
Change default command line to 'console=ttyS2,115200' and enable 'Extend boot options'
Go back to the main menu and go to "Kernel Hacking"
Enable 'Kernel low-level debugging' and 'Enable early printk'
Save your configuration and exit
Make the kernel as always and flash it on your phone
Reboot the phone as above and hopefully you should get output from the UART.
Hopefully this will help developers with their efforts to improve this excellent device.
Thanks i test it.
Can you show the pins???
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Or a tutorial to conect.
-Thanks for your work.
Enviado desde mi Sensation usando Tapatalk 2
Video tutorial
Superb buddy. But screenshot or video tutorial will clear everyone's small doubts.
Edit : I think now UC team cant complain that they dont know about how to creat UART cable. They can now build UART cable & work on 3.x kernel instead of keep working on older 2.x kernel.
Ya hill
You can make a video or some picture to teach is easier than only text :thumbup:
Sent from my Droid X using xda premium
Well , thanks a lot! I really needed knowledge about this. Sadly I do not have a spare device else would have experimented a lot with my phone!
Thnx anyways, appreciated
vishal24387 said:
Superb buddy. But screenshot or video tutorial will clear everyone's small doubts.
Click to expand...
Click to collapse
loukalok said:
Ya hill
You can make a video or some picture to teach is easier than only text
Click to expand...
Click to collapse
I don't mean to be rude, nor to discourage people who'd like to start developing. But there's A TON of information about this, not only in XDA forums, but also all over the web (even a couple of vids from AdamOutler showing how to use this on a Captivate).
So if you have any doubt while doing this, go look in the Galaxy S forums, and also a couple of posts in the hardware hacking section. Because that's where this little "discovery" was made.
In this thread, for example, you have a couple of interesting links to read.
@Hillbeast ... I posted this on the other thread, but I guess you wont be able to reply as the mods closed that thread. See if you can reply here. It will be very helpful, as you are the only one who has a working UART setup with this phone.
@Hillbeast ... We (me + few other users) are planning to setup an uart as a collaborated effort and have zeroed in to this convertor, which, supposedly, is available in India. Do you think this will work for our device? Just need your thoughts about this. I understand you might not be able to confirm for sure. Just your thoughts.
http://www.rhydolabz.com/index.php?m...oducts_id=1090
@Anyone_except_Hillbeast_wondering_if_you_should_reply Please don't reply to this, unless you have a working UART setup or have a good understanding of this stuff.
@Mods ... There's no OT here so please refrain from being trigger happy.
Hetalk said:
@Mods ... There's no OT here so please refrain from being trigger happy.
Click to expand...
Click to collapse
Trust me when I say that pulling that trigger makes me unhappy.
^ not u buddy. You've been pretty reasonable. I respect your patience here.
Sent from my GT-I9003 using xda premium
Hetalk said:
@Hillbeast ... I posted this on the other thread, but I guess you wont be able to reply as the mods closed that thread. See if you can reply here. It will be very helpful, as you are the only one who has a working UART setup with this phone.
@Hillbeast ... We (me + few other users) are planning to setup an uart as a collaborated effort and have zeroed in to this convertor, which, supposedly, is available in India. Do you think this will work for our device? Just need your thoughts about this. I understand you might not be able to confirm for sure. Just your thoughts.
http://www.rhydolabz.com/index.php?m...oducts_id=1090
@Anyone_except_Hillbeast_wondering_if_you_should_reply Please don't reply to this, unless you have a working UART setup or have a good understanding of this stuff.
@Mods ... There's no OT here so please refrain from being trigger happy.
Click to expand...
Click to collapse
This is more what you're looking for. Those adapters are either ludicrously expensive or not right.
http://www.ebay.com/itm/USB-2-0-To-RS232-UART-TTL-COM-Module-Serial-Converter-6Pin-Buildin-in-CP2102-New-/270920605812?pt=AU_Laptop_Accessories&hash=item3f14206074
hillbeast said:
This is more what you're looking for. Those adapters are either ludicrously expensive or not right.
http://www.ebay.com/itm/USB-2-0-To-RS232-UART-TTL-COM-Module-Serial-Converter-6Pin-Buildin-in-CP2102-New-/270920605812?pt=AU_Laptop_Accessories&hash=item3f14206074
Click to expand...
Click to collapse
Thanks a lot! W
I'll try to setup UART and work on the Kernel.
hillbeast said:
This is more what you're looking for. Those adapters are either ludicrously expensive or not right.
http://www.ebay.com/itm/USB-2-0-To-RS232-UART-TTL-COM-Module-Serial-Converter-6Pin-Buildin-in-CP2102-New-/270920605812?pt=AU_Laptop_Accessories&hash=item3f14206074
Click to expand...
Click to collapse
@Hillbeast
is this the same?
http://www.ebay.com.my/itm/251082091781?ssPageName=STRK:MESINDXX:IT&_trksid=p3984.m1436.l2649#ht_2305wt_1312
chongns said:
@Hillbeast
is this the same?
http://www.ebay.com.my/itm/251082091781?ssPageName=STRK:MESINDXX:IT&_trksid=p3984.m1436.l2649#ht_2305wt_1312
Click to expand...
Click to collapse
Pretty much.
hillbeast said:
Pretty much.
Click to expand...
Click to collapse
thanks, HB. will you do a tutorial to show how to use Putty, if that easy, can u please explain abit on this topic?
thanks in advance.
chongns said:
thanks, HB. will you do a tutorial to show how to use Putty, if that easy, can u please explain abit on this topic?
thanks in advance.
Click to expand...
Click to collapse
I think you can also use windows hyperterminal (copy from XP or download, it is not there by default on Windows 7), it is easier to use I think, just use the settings hb mentioned in the OP.
just make sure you use the same baud rate in the COM port on the device manager where the usb cable is connected and the hyperterminal program.
jan3586 said:
I think you can also use windows hyperterminal (copy from XP or download, it is not there by default on Windows 7), it is easier to use I think, just use the settings hb mentioned in the OP.
just make sure you use the same baud rate in the COM port on the device manager where the usb cable is connected and the hyperterminal program.
Click to expand...
Click to collapse
PuTTY is probably easier in the long run as it also supports Force echo on which is needed for setting up the Sbl seeing we can't see it on the SL. I'll make a guide today.
I also recommend PuTTY as it works in Linux too for those out there who use that.
Sent from my Galaxy S2
Hillbeast thank you for your responses and sorry to ask one more question.
Can you please review this link below and advise if this will work? Reason I ask is, this item is local to where I live and I can avoid international shipping.
http://www.emsysedukits.com/interfa...rial-rs232-uart-converter-p-236.html?cPath=67
Hetalk said:
Hillbeast thank you for your responses and sorry to ask one more question.
Can you please review this link below and advise if this will work? Reason I ask is, this item is local to where I live and I can avoid international shipping.
http://www.emsysedukits.com/interfa...rial-rs232-uart-converter-p-236.html?cPath=67
Click to expand...
Click to collapse
Yeah that should be fine.
Just a small update guys. I have got the UART setup with me and everything works fine. I am able to see the PBL, SBL and also the SBL prompt is accessible.
I have used 540K resistor.
http://pastebin.com/DgZmvzET
dhiru1602 said:
Just a small update guys. I have got the UART setup with me and everything works fine. I am able to see the PBL, SBL and also the SBL prompt is accessible.
I have used 540K resistor.
http://pastebin.com/DgZmvzET
Click to expand...
Click to collapse
Good news then! let's get the ball rolling. Goodluck to you guys. Lol i know its a spam sorry.
I was given a car stereo for a present . best present ever .
Its a duel operating system android wince
It was all working correctly for about a month then the android part became faulty.
it comes up with a error message .
bonovoHandle has stopped . when this comes up after booting the screen dulls
you can press ok but then it does the same thing.
I have had many attempts in contacting Newsmy but not one single reply. the ebay shop it was purchased from has closed down .
the windows part works well just the android is dead. I think if I was able to get firmware for it I could fix it but cant find that anywhere .
I really appreciate any help . links or advice . This website has been a big help amongst my friends but this android stereo has us all beat. Until it died this stereo was the best thing since sliced bread. Big thankyou for any help
Mr Winter said:
I was given a car stereo for a present . best present ever .
Its a duel operating system android wince
It was all working correctly for about a month then the android part became faulty.
it comes up with a error message .
bonovoHandle has stopped . when this comes up after booting the screen dulls
you can press ok but then it does the same thing.
I have had many attempts in contacting Newsmy but not one single reply. the ebay shop it was purchased from has closed down .
the windows part works well just the android is dead. I think if I was able to get firmware for it I could fix it but cant find that anywhere .
I really appreciate any help . links or advice . This website has been a big help amongst my friends but this android stereo has us all beat. Until it died this stereo was the best thing since sliced bread. Big thankyou for any help
Click to expand...
Click to collapse
hey,i saw your thread in newsmy forum,
i think you needs a firmware to get your carpad reborn...
ok,i've found one for you.
here is the update image:Kitkat 4.4.2 for AD3188,800x480 model.if your HU is 1024x600,don't use this.
http#//pan.baidu.com/s/1kTso5AR
and this is a flash tool for PC,no Mac,you know..
http#//pan.baidu.com/s/1eQu0IQm
method to enter flash mode:
1.powered your android box
2.connect it to your computer
3.if you can see that software's first gray box turns pink,you got it.
or
1.unplug the power cable
2.press down the reset button
3.don't release it ,plug in the power cable.
4.you will get the pink box.
br,
zygame
zygame said:
hey,i saw your thread in newsmy forum,
i think you needs a firmware to get your carpad reborn...
ok,i've found one for you.
here is the update image:Kitkat 4.4.2 for AD3188,800x480 model.if your HU is 1024x600,don't use this.
http#//pan.baidu.com/s/1kTso5AR
and this is a flash tool for PC,no Mac,you know..
http#//pan.baidu.com/s/1eQu0IQm
method to enter flash mode:
1.powered your android box
2.connect it to your computer
3.if you can see that software's first gray box turns pink,you got it.
or
1.unplug the power cable
2.press down the reset button
3.don't release it ,plug in the power cable.
4.you will get the pink box.
br,
zygame
Click to expand...
Click to collapse
Thankyou for your help. I have the high resolution android car pad . could you please help me find software for hi resolution version . I am sorry I do not speak or read Chinese and the download links are hard for me. Is there any English sites please . very great full for your help.
Mr Winter said:
Thankyou for your help. I have the high resolution android car pad . could you please help me find software for hi resolution version . I am sorry I do not speak or read Chinese and the download links are hard for me. Is there any English sites please . very great full for your help.
Click to expand...
Click to collapse
1024x600's latest firmware is: AD3188_S_KK4.4.2_1.0.3_1024x600
http#//pan.baidu.com/s/1hquw37A
Update tool is:
http#//pan.baidu.com/s/1eQu0IQm
Sorry I can't upload them to mega or somewhere,because my network have a very-low bandwidth to upload.
I'll let you know how to download it at baidu disk.
View attachment 2951120
View attachment 2951121
And then you should unzip them all and open the update tool.
View attachment 2951125
So,the last thing you should do is connect the carpad to your computer and wait the software connect it.
if not ,you can plugin the power cord and press the reset button for 5 sec to enter the flash mode.
good luck
I also have a Newsmy Carpad II on a Ford Focus. It also have WinCE and Android box.
And no: the customer service is not able to answer your questions. They can only sell but not follow the customers.
I dont know chinese, and with translators I cannot register to their forum /bbs (btw how did you? I saw your post)
My systen have many bugs ( FM radio RDS, not functioning, volume that sometimes raise to full or drop to zero after a single tap) and now the backlight of dash is disappeared.
At the beginning I had contact with skype, now they are not aswering at all..
Cruiser_541239 said:
I also have a Newsmy Carpad II on a Ford Focus. It also have WinCE and Android box.
And no: the customer service is not able to answer your questions. They can only sell but not follow the customers.
I dont know chinese, and with translators I cannot register to their forum /bbs (btw how did you? I saw your post)
My systen have many bugs ( FM radio RDS, not functioning, volume that sometimes raise to full or drop to zero after a single tap) and now the backlight of dash is disappeared.
At the beginning I had contact with skype, now they are not aswering at all..
Click to expand...
Click to collapse
Mr Winter said:
I was given a car stereo for a present . best present ever .
Its a duel operating system android wince
It was all working correctly for about a month then the android part became faulty.
it comes up with a error message .
bonovoHandle has stopped . when this comes up after booting the screen dulls
you can press ok but then it does the same thing.
I have had many attempts in contacting Newsmy but not one single reply. the ebay shop it was purchased from has closed down .
the windows part works well just the android is dead. I think if I was able to get firmware for it I could fix it but cant find that anywhere .
I really appreciate any help . links or advice . This website has been a big help amongst my friends but this android stereo has us all beat. Until it died this stereo was the best thing since sliced bread. Big thankyou for any help
Click to expand...
Click to collapse
I'm sorry to hear about these issues, these Carpad II units look very interesting but there is very little information out there about them. Anyone with one of these units, could you answer these questions:
1) Do steering wheel controls work in Android, or only in WinCE?
2) Can you listen to the radio (WinCE I assume) and run an Android app simultaneously? So say listen to the radio and also run the Waze gps app with voice prompts. How does it handle the audio mixing?
3) What is the boot time? From ignition to radio playing. I have a pure android unit now but the boot time is slow. I understand WinCE is much faster, and I hope the radio would start playing while the android system is still booting up.
Thanks!
Skitals said:
I'm sorry to hear about these issues, these Carpad II units look very interesting but there is very little information out there about them. Anyone with one of these units, could you answer these questions:
1) Do steering wheel controls work in Android, or only in WinCE?
2) Can you listen to the radio (WinCE I assume) and run an Android app simultaneously? So say listen to the radio and also run the Waze gps app with voice prompts. How does it handle the audio mixing?
3) What is the boot time? From ignition to radio playing. I have a pure android unit now but the boot time is slow. I understand WinCE is much faster, and I hope the radio would start playing while the android system is still booting up.
Thanks!
Click to expand...
Click to collapse
The unit is very interesting and powerful, the fact you can't talk with the support is ridiculous because sometimes a problem can go away in 5 minutes of skype talks..
1) Only in WInCE. But not sure of your question.
2) Yes you can. WinCE have different volume levels (media, radio, phone, video ..) but all the audio in Android environment is streamed in the MEDIA channel of WinCE. You can still control single volumes in Android.
This is not so bad, but there is only a problem: music stream doesn't drop down during speech of navigators in Android.
3) Boot time is longer than OEM equipment of corse. First to be ready is WinCE with all the media and canbus sections. Radio (if on before last power off) start immediately. Android double the time. I use it for Sygic Navigator, and Google Maps navigation (the best because always up to date and with real time traffic)
Dont buy one
Skitals said:
I'm sorry to hear about these issues, these Carpad II units look very interesting but there is very little information out there about them. Anyone with one of these units, could you answer these questions:
1) Do steering wheel controls work in Android, or only in WinCE?
2) Can you listen to the radio (WinCE I assume) and run an Android app simultaneously? So say listen to the radio and also run the Waze gps app with voice prompts. How does it handle the audio mixing?
3) What is the boot time? From ignition to radio playing. I have a pure android unit now but the boot time is slow. I understand WinCE is much faster, and I hope the radio would start playing while the android system is still booting up.
Thanks!
Click to expand...
Click to collapse
my car has no steering wheel buttons other than horn so I don't know , but if you buy one which I suggest you don't as this one worked just for a month and because I am overseas, china newsmy want nothing to do with me . they advertise it has can bus controls for some major brands. Newsmy HAS NO CUSTOMER SERVICE.
Still not working .
zygame said:
1024x600's latest firmware is: AD3188_S_KK4.4.2_1.0.3_1024x600
http#//pan.baidu.com/s/1hquw37A
Update tool is:
http#//pan.baidu.com/s/1eQu0IQm
Sorry I can't upload them to mega or somewhere,because my network have a very-low bandwidth to upload.
I'll let you know how to download it at baidu disk.
View attachment 2951120
View attachment 2951121
And then you should unzip them all and open the update tool.
View attachment 2951125
So,the last thing you should do is connect the carpad to your computer and wait the software connect it.
if not ,you can plugin the power cord and press the reset button for 5 sec to enter the flash mode.
good luck[/QUOTE
I found some usefull links for car pad owners but mine is not accepting firmware upgrade . I get the pink box but then I get red tex telling me firmware will not load error. and pink box never flashes yellow I am thinking I have the wrong firmware version. I will try others . downloads are slow and often time out so I have to download again . will keep trying.
I cant tell what firmware I need , I don't have the box anymore and it never came with English instructions so I tossed them away. All I can tell you is written inside the pure android box is this. AD3188-JB4.22-CARPAD-1.0.0 THEN IN PEN IT HAS -79 . thankyou for your help
Click to expand...
Click to collapse
links
I still cant post links and I am still on a 5 minute restriction
Mr Winter said:
I still cant post links and I am still on a 5 minute restriction
Click to expand...
Click to collapse
still the same
Mr Winter said:
still the same
Click to expand...
Click to collapse
no change.. newsmy car stereo is no good.
I managed somehow to subscribe and post 3/4 questions on their chinese forum.
I obtained a couple of posts from another user (useful for the specific topic), and stop. No one from Newsmy answered in a week.
At this point I just have to hope that the Carpad will never break, and take back my unanswered questions.
For this reasons I strongly discourage anyone from outside China to buy a product newsmy.
In Italy I am a moderator in a forum community of the same vehicle of mine.
There was a lot of waiting for the reviews on this product, others would follow me to the purchase of Carpad probably. Now it will not happen.
http://forum.xda-developers.com/android/general/4-4-2-kitkat-head-unit-newsmy-carpad-t2865525
In here we are very happy with this unit!
What's wrong with your products?I am summer from Newsmy,maybe i can help you.
Sent from my vivo Y17T using XDA Free mobile app
---------- Post added 31st December 2014 at 12:10 AM ---------- Previous post was 30th December 2014 at 11:39 PM ----------
which model? who sell to you? and what is your problem?
Sent from my vivo Y17T using XDA Free mobile app
Hi Summer,
my unit came from tradesolution.hk,
images and serial number in attachment.
I have differents issues, here are some:
RADIO SECTION->
- 80% of the FM stations I get them in MONO;
- FM "AF" function, is not funcional. I travel to the same cities every days, and with others radio I can keep the same radio stations, with CARPAD I lose the signal. Before I listened always two or three stations and frequencies changed without me lose the signal. With Carpad not happen.
- RDS never received any stream, even if the symbol appears on display;
(FM OEM antenna is connected, in fact, by disconnecting the cable, I do not find any station)
- I cannot scan FM with binded phisical key: only via touchscreen, and this is really useless;
OTHERS->
- I do not have the rear parking sensors, but I have aftermarket rear camera: I correctly get the image on the unit, but without sensors I get a continuos annoying beep and I cannot disable in any way. make a software way to DISABLE it;
- the quality of the microphone in a phone call is very very LOW.. make a software way to allow the use of an auxiliary microphone;
- backlight sometime is off, although in the rest of the dashboard is turned on;
...
I have other problems to list, but for the moment I stop. let's see what happens.
I consider regrettable the fact that the service contact on skype has abandoned me without answer. And from your forum you have locked my account after I asked a few questions.
Summer-Newsmy said:
What's wrong with your products?I am summer from Newsmy,maybe i can help you.
Sent from my vivo Y17T using XDA Free mobile app
---------- Post added 31st December 2014 at 12:10 AM ---------- Previous post was 30th December 2014 at 11:39 PM ----------
which model? who sell to you? and what is your problem?
Sent from my vivo Y17T using XDA Free mobile app
Click to expand...
Click to collapse
Hello
I bought a newsmy carpad 2 for my ford focus 1.6 tdci 2010. Unfortunately I became no support from newsmy, althought I wrote severals mails: no answer, no help, nothing. I' m very disappointed! The newsmy carpad 2 is a very good product, but without support from producer Newsmy!!
I explain here my problem one more time with the hope that someone may help me!
I have a problem with the Newsmy Ford Mondeo,Focus 08,S-Max Android 4.2 Capacitive Touch Screen Car Pad 2. The serial number of the DVD Player is: SN E5PCF0018HQ0010 (overseas stock).
I installed the DVD Player. Unfortunately the wheel controls and the backlight of the player don't work. I asked a technician about it. He told me that the DVD player must be configured with the newest firmware of the player and with the software vehicleconfig otherwise the can-bus module of the player cannot work properly with my car. My car is a ford focus 1.6 tdci 2010.
Somebody can help me please??
Thanks in advance!
Roberto
Summer-Newsmy said:
What's wrong with your products?I am summer from Newsmy,maybe i can help you.
Sent from my vivo Y17T using XDA Free mobile app
---------- Post added 31st December 2014 at 12:10 AM ---------- Previous post was 30th December 2014 at 11:39 PM ----------
which model? who sell to you? and what is your problem?
Sent from my vivo Y17T using XDA Free mobile app
Click to expand...
Click to collapse
... Where are you Summer ...
We can also take one answer at a time if you want. For example we can begin with:
Is Newsmy really interested in take care of overseas customers, or is a "sell and forget" company?
We really take care of your problem, yoy can add my skype for problems: summer_352.
Sent from my vivo Y17T using XDA Free mobile app
Upgraded Android with instruction and image file given:
is it normal ?
I have lost Android Box??
:edit
NEVERMIND! Upgrade succeeded!
This 4.4 Android version is beautiful configured this way on the carpad and I can see a better UI and user experience.
Good work for this upgrade.
In the WinCE section instead, there is still an open issue regarding RDS and its related AF (alternate frequencies) function. This function allow user to travel km and km keeping the same Radio Station tuned. This function is responsible to scan in the background for alternative frequencies of the selected station and transparently switch.
Unfortunately carpad is currently sold as "RDS enabled" but is not fully enabled.
Hope in the future the manufacturer will update this part too.
Many thanks to Summer.
I am going to pass your skype contact other clients I know who are not fully satisfied with the product. I hope you will want to give them some good advice.
Hi Folks, i read quite a bit in the XDA-dev forums in the last few years, but now it's time to change the status "from passive to active". :silly:
- I have a "ZTE MF90+" (a nifty little mobile 4G WiFi hotspot with battery). The Chipset should be based on a Qualcomm MDM9215.
- I bought it about 3 years ago and it is SIM-Locked (aka Provider-Locked iirc).
- I fiddled around a bit with it and am able to ADB into it (from my Ubuntu 18.04 machine and from my Raspberry Pi, too - e.g. to activate RNDIS/CDC mode for USB tethering)
- I have an unlock code, that should work "to tear down this SIM-Lock wall" without any hassle.
So far, so good ... but my interests are still not satisfied; i want to know what's up with the internals of this modem, when i enter the unlock code. I simply want to observe and understand what's going on under the hood.
To quote Ylvis from their song Stonehenge: "And i know i should be happy, but instead, there's question, i can't get out of my head!"
Maybe a year ago i did some internet research, where i found several clues that the "SIM-Lock" information might be stored inside some Section of a NV storage https://forum.xda-developers.com/showthread.php?t=1954029.
On some other russian hacker forum (that i can't find right now, unfortunately) according to google translate one of them seemed to be able to change one NV entry there to get rid of the Sim-Lock. The tabs are still open on my other Ubuntu 14.04 Laptop 250km away from here, so it might take some time to provide the "russian hacker forum link" here for further reference. I haven't tried it out back then as i heavily relied on this mobile hotspot back then and could neither afford to brick it nor had the time to fiddle around further.
What i remember was also this thread: https://forum.xda-developers.com/showthread.php?t=1804117, but this thread is from 2012 and e.g. the download link for the NV-items_reader_writer.rar don't work anymore, so i haven't tried it yet to get this program running.
So now i need your help:
-> What tools can i use (on my Ubuntu Linux machine, if necessary via WINE) to read out a "full image" of the (Android) system to flash back later (if necessary) and what tool can i use to read (and modify if necessary one day) the NV items to compare them "before and after" i unlocked it?
Any hints where to start and in which direction i could head from there? :cyclops:
Please help me to grow and rise :highfive:
Hi,
my name is Melanie, I'm part of an effort to root the Vector robot made by Anki.
Anki has recently gone into administration, with the IP of the company winding up as collateral for an emergency loan that was never paid back.
Vector is very much dependent on the "cloud", namely, Anki's servers running on AWS. The SSL certificate for these servers is due to expire in September. There is little chance of it being renewed since the company has no funds.
A group of tech-savvy owners have got together on Discord to discuss how to help Vector survive the coming demise of his servers. They had already collected a not insignificant amount of information in the form of datasheets and observations as well as images of the internals of the robot and images of jigs Anki used during development.
I'm bringing this project to this forum because, internally, Vector is really a phone without the GSM part.
He is powered by a Qualcomm APQ8009 (Snapdragon 212), which has been paired with a combination ram/flash chip by Kingston, 04EMCP04-NL3DM627. There is also a Wifi/BLE module and a screen and 4 microphones.
The Snapdragon runs an Android boot loader and Linux kerner version 3.18.66-perf.
This is where he becomes different from a phone in that he doesn't start Zygote, but rather runs a number of daemons from systemd.
As shipped, there is no user accessible wired IO.
There are a number of wirepads on the PCB, as well as unpopulated pads for a micro USB port. When I joined the project, the serial port was already known, but while it provides a boot log, there is no getty on it.
The USB port had to this point not been successfully activated.
Since I'm a hardware person, that is where i placed my lever. I populated the USB port and started digging. Finally I found a solder pad labeled F_USB which was not even close tot he USB port, but turned out to be a boot mode pin from the CPU. Pulling it to VCC made the USB port enumerate in EDL mode. Qualcomm call it QDL or QDLoader, but it basically an interface to the ROM in the CPU, just like phones have.
From this I managed to grab a CPU ID but not much more.
Meanwhile, we reverse-engineered the phone app that comes with it and are currently writing a general purpose library to talk to Vector over BLE.
At this point, I found that I was facing a thicket of software, mostly either cracked or containing malware, or both, but very little legit options.
I see a few options to go forward on this:
- Find a software that can talk to the Snapdragon 212 to extract the current image
- Desolder the flash to extract the image via a programmer
- Desolder the CPU to access the flash's data lines without having to heat the flash, which could corrupt it
The last two options are bound to be destructive and all us owners have found a connection to their robots and are loath to sacrifice them. Also, they require a bit of investment and are, because of that, no quick wins.
I'm hoping that someone here may have the missing pieces I need to get from QDL 9008 mode to an image of the flash on my disk. We believe we have another way to flash it, not needing the USB port, but we don't have an image to try it with and flashing something like all zeroes would needlessly destroy a robot.
- Melanie
PS: I would post links but I'm too young to do so. There is a google group called "Project Victor" that has the info we have so far called anki-vector-rooting, a.k.a. Project Victor.
https://groups.google.com/forum/m/#!forum/anki-vector-rooting
You are welcome to PM links to me and I will post them as a work around.
hope the best!
Link to Project Vector
http://projectvictor.my.to/
Sent from my ocean using XDA Labs