Doubletap2wake not seeing touches. - Android Software/Hacking General [Developers Only]

Although a newbie to Kernel hacking I have built a custom Android build for a FriendlyArm Nano PC T3 Plus and it's very reliable. I've modified the kernel to add additional serial ports etc so I know a little bit of my way around it but this is the first time with adding a new driver.
The issue I have is in not seeing the events from the touchscreen within the driver. I've used the source from this git repository, which seems to be pretty similar to others of the same type.
https://git.sphere.ly/varun.chitre1...e1/drivers/input/touchscreen/doubletap2wake.c
Now, I do have something working in regards to the fact that during boot I see the following in the console debug output so I know the code compiled and is being initialised.
[ 3.220000] input: dt2w_pwrkey as /devices/virtual/input/input3
[ 3.224000] [doubletap2wake]: doubletap2wake_init done
I can also see touch events from cat /sys/input/event1 when the display is off so I know that they are not disabled when the screen is off. I've enabled the debug output from the doubletap2wake code but nothing appears in the debug output so I suspect that I am missing some hook or have an incorrect driver registration somewhere.
Any clues what I might be missing? I have trawled as many github repositories trying to find what I am missing but every one is pretty much the same.

I managed to get the touch detection to work and it was the fact that I had not registered the correct driver in this function. Might be handy for anyone else working on this.
static int input_dev_filter(struct input_dev *dev) {
if (strstr(dev->name, "touch") ||
strstr(dev->name, "himax_ts")) {
return 0;
} else {
return 1;
}
}
It still doesn't work but I know why. I now need to find the code that is called when the display suspends and resumes and input the code to enable the doubletap2wake driver, so I now need to trawl through all of the video drivers to find the right one.

Related

system call -> SOFTAP on -> infrastructure mode

Hello,
Has anyone taken a look at the bcm4329's kernel module? I've been looking around and trying to figure out how the Sprint Hotspot application works and I've found it calls the SIOCSIWPRIV system call on the interface to bring up this mode.
Does anyone have any experience on this matter? I'm looking to get infrastructure mode working.
My current approach is to write a native C app, do the ioctl with some sort of struct (I'm tempted just to memalloc and hand-write the first one), and see what happens.
The driver throws a bunch of debug info into the kernel log when you invoke the command so its dead easy to spot.
Any suggestions?
andrew500 said:
Hello,
Has anyone taken a look at the bcm4329's kernel module? I've been looking around and trying to figure out how the Sprint Hotspot application works and I've found it calls the SIOCSIWPRIV system call on the interface to bring up this mode.
Does anyone have any experience on this matter? I'm looking to get infrastructure mode working.
My current approach is to write a native C app, do the ioctl with some sort of struct (I'm tempted just to memalloc and hand-write the first one), and see what happens.
The driver throws a bunch of debug info into the kernel log when you invoke the command so its dead easy to spot.
Any suggestions?
Click to expand...
Click to collapse
im definitely not up to speed on this but if you wanna post some links to the source files you're referencing, it might help me and anybody else who is interested to get up to speed quicker and provide suggestions.
appreciate your work on troubleshooting and experimenting with wifi tether!
joeykrim,
I'm knee deep in it right now. I'm taking the source code to iwconfig and using it as a template to implement the system calls I need, using a hybrid of the structs in wireless.h and in the bcm4329 driver source, from the bravo kernel. Basically I create a big struct in memory and pass it into the driver using a pointer to a iw_point struct, which holds my big master struct, and then the driver copies it out of user-space into kernel space and acts upon it.
I'll put together all the details once they are a little more solid.
It looks like infrastructure-mode on the EVO is a very distinct possibility, this code will also translate into the workaround for built-in tether on Froyo, from what I've seen they are exclusively using this broadcom interface so far.
It's a hardware specific hack, but many of the phones that have come out lately are using the bcm4329 (and with good reason, chip has freakin everything).

A run through of the panel code and mddi interface

Hey guys,
Over the last few days, I've been reading through the code and just trying to understand how it all works.
I think I've got some pretty good guesses on how the panel interacts with the video hardware now, so I thought I'd share. Some of you probably already know this stuff, so if I'm getting anything wrong, please tell me. Note this whole post is pretty much 100% guesses, so take it all with salt.
The phone uses a "Mobile Station Modem" (msm) chipset which is this specialized chipset made for hand held devices that provides a grab bag of features.
This chipset seems to be what drives access to the various features of the phone (video, cameras, gps, etc). The chipset can be used in a variety of phones and things, so it provides some features that aren't relevant or wired up to the evo 4g.
Inside msm_fb.h there's a list of the output interfaces:
enum {
MSM_MDDI_PMDH_INTERFACE = 0,
MSM_MDDI_EMDH_INTERFACE,
MSM_EBI2_INTERFACE,
MSM_LCDC_INTERFACE,
MSM_TV_INTERFACE,
MSM_MDP_NUM_INTERFACES = MSM_TV_INTERFACE + 1
};
In reverse order, I'm guessing this translates to, "old school tv out", "typical digital video output (for LCDs and other digital outputs)", "memory i/o (unrelated to video? or maybe for driving 'dumb framebuffers'?)", "External mobile display via mddi", "primary mobile display via mddi".
mddi is apparently "Mobile Display Digital Interface" which is some new way to connect lcd panels to the video hardware using less wires than more typical digital video outputs. I guess a usecase for mddi would be a flip phone, where the big screen would take the primary interface, and the little viewfinder screen you use when the phone is closed would be driven via the external interface.
Apparently, the HDMI port on the EVO is hooked up to the LCDC interface (where on other android phones, the LCDC interface is used for the screen). So that leaves the two mddi interfaces left. Which one of the mddi interfaces does driver use for the main display? Unsurprisingly, it seems to use the "primary interface" aka mddi0
Note this code in board-supersonic-panel.c:
if (panel_type == 0) {
mddi_pdata.power_client = mddi_epson_power;
} else {
mddi_pdata.power_client = mddi_novatec_power;
}
msm_device_mddi0.dev.platform_data = &mddi_pdata;
and this code in devices.c:
static struct resource resources_mddi0[] = {
...
.start = MSM_PMDH_PHYS;
...
}
struct platform_device msm_device_mddi0 = {
...
.resource = resources_mddi0
...
}
Okay, so now we know the panel talks to the graphics hardware via mddi. But, how is the image data transferred? Apparently, there are two possible DMA channels. The "primary" dma channel and the "secondary" dma channel. I think these channels are closely tied with the interface the panel is hooked up to. i.e. the panel uses the primary interface, so it would use the primary dma channel. I'm not 100% sure though. It might be that either channel is okay. I suspect the former is true, though, because at some point the epson panels weren't working when they were trying to use the secondary dma channel and Joe Hansche made them work by forcing them to use the primary channel (among other changes).
There is a little mystery here, though. mdp_probe has this:
if (pdata == NULL || pdata->dma_channel == MDP_DMA_P) {
ret = mdp_out_if_register(&mdp->mdp_dev,
MSM_MDDI_PMDH_INTERFACE, mdp, MDP_DMA_P_DONE,
mdp_dma_to_mddi);
} else if (pdata->dma_channel == MDP_DMA_S) {
ret = mdp_out_if_register(&mdp->mdp_dev,
MSM_MDDI_PMDH_INTERFACE, mdp, MDP_DMA_S_DONE,
mdp_dmas_to_mddi);
}
The else half of that code says something like:
if we've found a panel in our devices database that is configured to use the secondary dma channel, then link the primary interface up to the secondary dma channel code.
As the code stands now, there is no panel in the devices database configured for the secondary dma channel, so that else clause will never run, afaict. Anyway the driver is at least structured to allow the primary interface to use the secondary dma channel. It just might not work in practice.
The driver looks incomplete for handling the external interfaces. It hardcodes using the primary interface. That's okay though, since the evo4g apparently doesn't use that interface (since it's not a clamshell phone with a viewfinder display i guess).
the logic seems pretty sound and makes sense. appreciate the detailed write up with the sections of code!
for arguments sake, assume you're 100% correct in everything you stated, im not clear on the immediate next step or options of steps which can be taken from here?
i think this wouldve done more good to be posted in the thread thats topic is about the source u are commenting on. :/
Thanks, extremely helpful even if they are only guesses!
toastcfh said:
i think this wouldve done more good to be posted in the thread thats topic is about the source u are commenting on. :/
Click to expand...
Click to collapse
I thought about it, but I thought it might be a little too much of a deep dive and didn't want to hijack that thread.
We can move the discussion there if you want.
joeykrim said:
the logic seems pretty sound and makes sense. appreciate the detailed write up with the sections of code!
for arguments sake, assume you're 100% correct in everything you stated, im not clear on the immediate next step or options of steps which can be taken from here?
Click to expand...
Click to collapse
well the point of this is code spelunking is just educational, not necessarily with a specific end goal in mind. Since this is the developer forum, it's probably useful in general to have stuff like this written out so that when people (with specific end goals in mind) don't know where to start they can do a read through and figure out the best place to dive in.

[Q] Hooking System Calls (FORK)

I am trying to implement a simple system call hook. My method was the same method used by standard linux rootkits like adore. this method worked for hooking sys_open and other file IO system calls. but when i tried to hook sys_fork and other process related system calls my android phone crashes (Nexus one, Motorola Milestone, and emulator). Something inherently different about Android either ARM or android kernel is different from basic linux machines which wont allow me to use the same method to hook the system call fork. Basically my method is below, this is implemented via a LKM on a phone that i have root access on.
//save pointer to original function
orig_fork = sys_call_table[__NR_fork];
//point sys_fork to my my_fork function
sys_call_table[__NR_fork] = my_fork;
//call original fork call (simplest case)
asmlinkage int my_fork(struct pt_regs *regs)
{
pid_t pid;
pid = (*orig_fork)(regs);
return pid;
}
Some how i think the stack is getting messed up. I looked at the source code for the kernel and found that the sys_fork isnt actually in the system call table. Instead it is a sys_fork_wrapper. This wrapper is an assembler function with two commands which lead it to branching to sys_fork. Sys_fork in turn calls another function called do_fork. Through debugging methods i was able to confirm that my call to the original fork function was returning correctly, but when i try to return the pid within my own function the crash occurs. Now whats interesting is that I was able to confirm that do_fork is called many times without calling sys_fork for many processes on the phone. So when i do the simplest process i can think of by starting up a shell the phone didnt crash. But it wont open up a shell. The terminal locks up when i try to open the shell. Starting up a shell will call a sys_fork_wrapper->sys_fork->do_fork like expected. Starting up another more complicated process such as calculator it will call sys_fork_wrapper->sys_fork->do_fork->do_fork->do_fork->do_fork.... so bacially i am left with lots of questions about why hooking sys_fork is not working.
In reality I am hooking an assembler "function" and not a c function. The sys_fork_wrapper does branch command without link which led me to believe that there is no return from it, from the program counter perspective.
Did you ever resolve this issue?
Maybe you could try some inline asm in your code to just jmp to the orig_fork, if it is an assembly function that doesn't return, i.e. just a jmp stub itself.
I would like to hook sys_fork as well, to present a dialog box every time a new app runs and to allow me to block certain apps from starting.
Android Kernel rootkit.
Awesome
@michaelmotes Thanks so much for posting this link! I'm in the process of trying to do a little hooking hack in order to... well bypass a restriction on most phones prior to ICS. I won't say what for because if it works... I'll be putting out an app lol. But I really appreciate you sharing this.

[Q] Potential fix for Katkiss 4.3 on Asus SL101 slider

I am a new member, and cannot post directly to the Dev forums yet, so I am placing this here, in the hopes that someone can repost, or pass this on to timduru (or other involved devs)
From the KatKiss thread -- http://forum.xda-developers.com/showthread.php?p=47853666&highlight=sl101#post47853666
Quote:
Originally Posted by martyr2k6 View Post
Just wanted to point out that I am running this on my SL101 with ZERO hiccups...
...
Any chance there is a way to resolve the hardware keyboard locking issue or the USB port not working?
Keyboard should most likely be a matter of inverting the lid switch in the kernel.
But difficult to test without an SL101.
Click to expand...
Click to collapse
I develop for my arch linux box , and have built custom kernels for it, so i took a quick stab at looking through the source code for the katkernel for the tf101 - > https://github.com/timduru/tf101-katkernel/blob/c6199499470976a55973e566b0b804e4b4796b5c/drivers/acpi/dock.c, and it would appear that the lid switch section he is referring to is here:
Code:
static void dock_event(struct dock_station *ds, u32 event, int num)
{
struct device *dev = &ds->dock_device->dev;
char event_string[13];
char *envp[] = { event_string, NULL };
struct dock_dependent_device *dd;
if (num == UNDOCK_EVENT)
sprintf(event_string, "EVENT=undock");
else
sprintf(event_string, "EVENT=dock");
/*
* Indicate that the status of the dock station has
* changed.
*/
if (num == DOCK_EVENT)
kobject_uevent_env(&dev->kobj, KOBJ_CHANGE, envp);
list_for_each_entry(dd, &ds->hotplug_devices, hotplug_list)
if (dd->ops && dd->ops->uevent)
dd->ops->uevent(dd->handle, event, dd->context);
if (num != DOCK_EVENT)
kobject_uevent_env(&dev->kobj, KOBJ_CHANGE, envp);
}
If that is true, a simple edit like so should do the trick:
Code:
if (num == UNDOCK_EVENT)
sprintf(event_string, "EVENT=dock");
else
sprintf(event_string, "EVENT=undock");
However, I have not set up a development environment for the android before, and it seems like a fairly large learning curve to setup the linaro toolchain, download, change that source, compile, package and test the change. Especially since my unfamiliarity with android dev in general would increase the odds of it not working due to user error!
If someone (initial dev??) would make that change, and save a sl101-version of the kernel for testing, I would be glad to load it and report back.
If someone would rather hold my hand a little bit with setting up the toolchain and building and packaging the kernel, I'd be willing to try it myself.
Thanks for any help, either way! The ROM looks/works great on my sl101...except for the whole 'not able to open it' thing

Help for starting developing

Hi Guys,
I wanna start developing apps for the gearS2. Foir now I have some experience with html and several other languages mainly for windows applications and also last programming job was like 6 years ago so I'm not really up to date with all the different options for developing.
For start I tried to use the tizen SDK but I'm a little lost due to the variaty of options and also the quite buggy SDK. Installing the 2.4 SDK left me with an error for the simulator (hax not working). I t hink i got arround this by installing this manually. Emulator works now but for example the UI builder doesnt work. So my thought is to start a web app with tau as this seems to work quite reliable. My goal is to write a basic control of my hue lights (I know there is an app for that but I wanna try to build my own). My plan is to use an java lib for the hue commands and do the rest via the tau/html/javascript.
Now my question is if anyone can give me any advice on how to start developing. Does my plan seem valid. Can anyone help me or give me some tips? Maybe I'm missing something or someone just has some shortcuts.
Thanks in advance.
Björn
Hi.
I found this "howto" : http://www.tizenexperts.com/2015/12/how-to-deploy-to-gear-s2-smartwatch/
It helped me to successfully deploy a project sample on my gear s2 folllowing these steps :
- install sdk
- generate & configure author certificate.
- download, compile and run/deploy a project sample on the gear s2 (SensorBall).
During the "Request the Certificate" step, I ran into this java exception :
Unhandled event loop exception No more handles [Unknown Mozilla path (MOZILLA_FIVE_HOME not set)]
Click to expand...
Click to collapse
I'm on "debian jessie" with "openjdk7":
If this happens:
- install package "libwebkitgtk-1.0-0"
- add "-Dorg.eclipse.swt.browser.DefaultType=webkit" to you "eclipse.ini" file
- restart tizen.
At the end, you'll have a new app installed on your watch. You can recognized it with the tizen icon.
I hope this can help you.
Bye.
thank you for your feedback akaiah.
I found this site earlier, requested a certificate but then I couldnt find the site again. So thx for the link.
My problems are more linked to
a) the general structure of webapps for tizen
b) rusty coding skills (last time i coded was 6 years ago and mainly c# / object pascal for windows)
c) problems with tau / it's documentation
Maybe someone can help with a few detailed questions.
First question is regarding the online samples. I've found the following code in one sample for wearables (calendar app) but I don't know what this is and if I should be using stuff like this. It doesn't look like standard javascript to me but I can't find any API/library included either:
Code:
/**
* App module.
* @requires {@link Calendar/views/initPage}
* @namespace Calendar/app
* @memberof Calendar
*/
define({
name: 'app',
requires: [
'views/initPage'
],
def: function appInit() {
'use strict';
/**
* Initializes the app.
* @memberof Calendar/app
*/
function init() {
console.log('app::init');
}
return {
init: init
};
}
});
Second question is regarding jquery. Which version should I use and how am I supposed to include this? I'm using the 2.4 SDK download but programming a wearable web app with 2.3.1. I tried inlcuding jquery by downloading the latest version 2.1.4 (uncompressed) and putting it in my lib file folder, then including it in the html header. I have the feeling though that this is causing some issues. E.G. some notations don't work:
Code:
$( "#divname" ).innerHTML = "newtext";
doesnt work. No error just no result.
Third question is regarding tau. I tried to create a popup and register a callback for the popupafterclose-event like this but it doesn't work (event is not fired)
HTML:
<!--Popup HTML code-->
<div id="popup" data-role="popup">
<p>This is a completely basic popup, no options set.</p>
</div>
<script>
// Use popup events
var popup = document.getElementById("popup");
popup.addEventListener("popupafteropen", function()
{
// Implement code for popupafteropen event
});
</script>
taken form HERE
What am I doing wrong here? Is this the correct API im looking here or maybe does it collide with the jquery library?
For any tips I would be very thankfull.
Greetings
Björn
Wow thanks finally some one. I wold love to root my device ..
If theres a way.
If anyone was wondering about this issue, I kind of got this solved.
I just started an new project copied over all code and removed my jquqery imports and the code that gave me errors before just works fine. TAU in generell seems to be quite buggy and is easily be destroyed by an "unlucky" combination of UI changes (opening a popup or another window).
Even a week later I still don't know what the code in the calendar sample is from and tau seems not to be the most stable library out there. If anyone else has trouble starting developing for this I'm happy to share more experiences.
Greetings from germany

Categories

Resources