Debugging LibStageFright Woes - Disabling MiniJail/SECCOMP - Android Software/Hacking General [Developers Only]

I'm having problems debugging libstagefright.
Code:
#6 0xe6c9c740 in vpx_codec_decode () from target:/system/lib/libstagefright_soft_vpxdec.so
#7 0xe6c98f74 in android::SoftVPX::onQueueFilled(unsigned int) () from target:/system/lib/libstagefright_soft_vpxdec.so
#8 0xe88570f2 in android::SimpleSoftOMXComponent::onMessageReceived(android::sp<android::AMessage> const&) () from target:/system/lib/libstagefright_omx.so
#9 0xe885813e in android::AHandlerReflector<android::SimpleSoftOMXComponent>::onMessageReceived(android::sp<android::AMessage> const&) ()
from target:/system/lib/libstagefright_omx.so
#10 0xe8d24556 in android::AHandler::deliverMessage(android::sp<android::AMessage> const&) () from target:/system/lib/libstagefright_foundation.so
#11 0xe8d26a6a in android::AMessage::deliver() () from target:/system/lib/libstagefright_foundation.so
#12 0xe8d251d2 in android::ALooper::loop() () from target:/system/lib/libstagefright_foundation.so
#13 0xe83592b4 in android::Thread::_threadLoop(void*) () from target:/system/lib/libutils.so
#14 0xe8694812 in __pthread_start(void*) () from target:/system/lib/libc.so
#15 0xe866736a in __start_thread () from target:/system/lib/libc.so
#16 0x00000000 in ?? () from target:/system/vendor/bin/hw/[email protected]
I can debug code up until I get to android::SoftVPX:: onQueueFilled, once the call to vpx_codec_decode() is made, and I step, I get this error:
Thread 12 received signal SIGSYS, Bad system call.
It would appear to be due to this syscall made inside of __pthread_cond_timedwait():
Code:
Thread 13 (Thread 2656.12953):
#0 0xe8664e50 in syscall () from target:/system/lib/libc.so
#1 0xe86941a6 in __pthread_cond_timedwait(pthread_cond_internal_t*, pthread_mutex_t*, bool, timespec const*) () from target:/system/lib/libc.so
#2 0xe884cc58 in android::eek:MXNodeInstance::CallbackDispatcher::loop() () from target:/system/lib/libstagefright_omx.so
#3 0xe884cd04 in android::eek:MXNodeInstance::CallbackDispatcherThread::threadLoop() () from target:/system/lib/libstagefright_omx.so
#4 0xe8359236 in android::Thread::_threadLoop(void*) () from target:/system/lib/libutils.so
#5 0xe8694812 in __pthread_start(void*) () from target:/system/lib/libc.so
#6 0xe866736a in __start_thread () from target:/system/lib/libc.so
#7 0x00000000 in ?? () from target:/system/vendor/bin/hw/[email protected]
Backtrace stopped: previous frame identical to this frame (corrupt stack?)
Code:
(gdb) disas __pthread_cond_timedwait
...........
0xe86941a0 <+100>: movs r0, #240 ; 0xf0
0xe86941a2 <+102>: blx 0xe8661478 <[email protected]>
Syscall #240 appears to be the futex syscall (correct me if I'm wrong)...I added that to the media.codec seccomp profile file on the file system, along with a load of other syscalls, but it still doesn't work and I'm stuck, I don't know what to do as I need to be able to step through the code and it just errors out.
Any ideas on how to disable minijail/seccomp or add the correct syscall number so it doesn't bale once it enters vpx_codec_decode() from android::SoftVPX:: onQueueFilled?

Sorry to bump this, but here's some more output:
Code:
Thread 11 hit Breakpoint 1, 0xf1298e3e in android::SoftVPX:: onQueueFilled(unsigned int) () from target:/system/lib/libstagefright_soft_vpxdec.so
(gdb) c
Continuing.
Thread 11 hit Breakpoint 2, 0xf1298f6c in android::SoftVPX:: onQueueFilled(unsigned int) () from target:/system/lib/libstagefright_soft_vpxdec.so
(gdb) si
0xf1298f70 in android::SoftVPX::onQueueFilled(unsigned int) () from target:/system/lib/libstagefright_soft_vpxdec.so
(gdb) disas
0xf1298f6c <+320>: add.w r1, r12, lr
=> 0xf1298f70 <+324>: blx 0xf1297614 <[email protected]>
0xf1298f74 <+328>: mov r3, r0
0xf1298f76 <+330>: cmp r3, #0
0xf1298f78 <+332>: bne.n 0xf1298ffc <_ZN7android7SoftVPX13onQueueFilledEj+464>
0xf1298f7a <+334>: strb.w r11, [r10, #4]
(gdb) si
Thread 11 received signal SIGSYS, Bad system call.
0xf1297618 in [email protected] () from target:/system/lib/libstagefright_soft_vpxdec.so
As soon as I step into [email protected] I get that bad syscall error. I just don't really understand what the hell is going on.

int80 said:
Sorry to bump this, but here's some more output:
Code:
Thread 11 hit Breakpoint 1, 0xf1298e3e in android::SoftVPX:: onQueueFilled(unsigned int) () from target:/system/lib/libstagefright_soft_vpxdec.so
(gdb) c
Continuing.
Thread 11 hit Breakpoint 2, 0xf1298f6c in android::SoftVPX:: onQueueFilled(unsigned int) () from target:/system/lib/libstagefright_soft_vpxdec.so
(gdb) si
0xf1298f70 in android::SoftVPX::onQueueFilled(unsigned int) () from target:/system/lib/libstagefright_soft_vpxdec.so
(gdb) disas
0xf1298f6c <+320>: add.w r1, r12, lr
=> 0xf1298f70 <+324>: blx 0xf1297614 <[email protected]>
0xf1298f74 <+328>: mov r3, r0
0xf1298f76 <+330>: cmp r3, #0
0xf1298f78 <+332>: bne.n 0xf1298ffc <_ZN7android7SoftVPX13onQueueFilledEj+464>
0xf1298f7a <+334>: strb.w r11, [r10, #4]
(gdb) si
Thread 11 received signal SIGSYS, Bad system call.
0xf1297618 in [email protected] () from target:/system/lib/libstagefright_soft_vpxdec.so
As soon as I step into [email protected] I get that bad syscall error. I just don't really understand what the hell is going on.
Click to expand...
Click to collapse
gdb set force-mode thumb?

gellmar said:
gdb set force-mode thumb?
Click to expand...
Click to collapse
Thanks for the reply, but unfortunately not. I think it's something to do with threading and minijail/SECCOMP.
Code:
(gdb) set arm force-mode thumb
(gdb) si
[New Thread 2652.11026]
Thread 9 received signal SIGSYS, Bad system call.
0xe8a16618 in [email protected] () from target:/system/lib/libstagefright_soft_vpxdec.so

Related

[Q] cyanogenMod 7, need help

It seems that prelink error when compile. How to fixed it? Need prelink-linux-ds.map?
~/dream_sapphire $ adb logcat |grep prelink
- waiting for device -
E/HAL ( 143): Cannot load library: link_image[1962]: 104 could not load needed library 'libgps.so' for 'gps.sapphire.so' (reserve_mem_region[831]: OOPS: 104 prelinked library 'libgps.so' mapped at 0x45fb8000, not at 0xa9700000)
E/QualcommCameraHardware( 105): FATAL ERROR: could not dlopen liboemcamera.so: Cannot load library: reserve_mem_region[831]: OOPS: 105 prelinked library 'liboemcamera.so' mapped at 0x40c0c000, not at 0xa9400000

The Infuse 4G Development Platform AKA UnBrickable Mod

Introduction
This is the 10th device to receive UnBrickable Mod! Lets go back to where it all started. It was proposed by XDA Member js22 that a device could be recovered without JTAG, using only it's native hardware. After months upon months of research, reading debug logs, reverse engineering of hardware and software, we came up with a solution.. Since I was the first to do it, I called it UnBrickable Mod. XDA Member Rebellos then reverse engineered a portion of the IBL into what is known as the HIBL(Hummingbird Interceptor BootLoader). We decided to call it this because the process goes like this: With UBM applied, the processor requests a code download from USB. We feed it the HIBL which reuses IBL code to authenticate with the Hummingbird's secure booting chain, then the Interceptor bootloader calls back and reuses the same IROM Download code used to download it, but we bypass security checks. This "Interception" of the boot sequence is why UnBrickable Mod works. The HIBL has proven to be so powerful and multipurpose that we've been able to package it into a one-click which works with ALL S5PC110 based devices with USB download capabilities.
I'd like to thank pdx 528e for donating the Infuse4G for this modification. This modification would not have been possible on this particular device without total removal of the processor.
After we verify this modification works This will be a replacement for JTAG. How could it possibly be better then JTAG? Let's count the ways....
1. The only part required is a wire.
2. No shipping time.
3. No cost for a box to interface the computer.
4. Permanent.
5. Can be done as a preventive measure.
6. Gives the ability to test new Bootloaders temporarily.
7. Allows development of the entire system.
8. Removes worry about flashing and acts as a backup.
After performing this mod:
Remove the battery, replace the battery, your phone will connect to the computer via USB and await commands. Otherwise it will pretty much act like an Infuse 4G. See the Special Instructions section.
Modification
You will need:
1. Get someone who knows what they're doing with a soldering iron. If they don't know what flux is, then they don't know what they're doing. You can send me a PM(my username @gmail.com) or Connexion2005(aka MobileTechVideos.com).
2. soldering iron - make sure it's sharp, if it's not sharp, then sharpen it, flux it and retin it.
3. flux
4. solder
5. tweezers
6. A relay (for the wire contained within)
getting started:
You will need a very small peice of wire. Tear apart the relay unravel the coil within and grab about 12cm~ of wire. The fact that it comes from a relay is important because relays generally have very small wire which are individually treated with a non-conductive coating.
Take the 12cm~ wire from the relay and tin the very edge of it. No more then 1/32". If you tin more then 1mm, cut off the excess. It is desirable to have a slight bit of excess solder on the tip of this wire.
performing the modification:
1. tear apart your phone... remove six(6) #1 phillips screws from the back. Then you can separate the back from the front. Make sure to take out your SIM and external SDCard before you do this.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
2. Remove the two(2) screws and four(4) electric connections securing the mainboard into the unit and remove the board.
3. remove the EM shield from the processor side.
4. remove xOM5 resistor.
5. Bridge the active side of xOM5 to the active side of xOM3. Most of the resistors in the top row will also work.
6. *OPTIONAL* for Bootloader development you will want UART output. You can use these points to a connection outside the device for UART. These points are exposed when the mainboard is secured to the unit. They are located on the JTAG port.
7. Reassemble the device.
Special Instructions
This replaces the battery charging sequence. The normal battery charging sequence can be activated by holding power for 4 seconds.
To turn on the device, and operate in normal mode, you must hold the power button for 5 seconds.
3 button Download mode works as usual, however you must not have the S5PC110 drivers installed on the computer. You can use your custom rom menu option, adb reboot download, or use a terminal to "reboot download". 301Kohm Factory Mode JIGs work as well, but you must press power to bypass the S5PC110 mode.
Conclusion
Congratulations. You now have a device which works like a KIT-S5PC110 with an OM Value of 29. Now get to developing some serious custom software.
reading material
Creating your own Samsung Bootloaders: http://forum.xda-developers.com/showthread.php?t=1233273
KIT-S5PC110 manual: http://www.mediafire.com/?94krzvvxksvmuxh
how to use DNW: http://tinyurl.com/dnw-how-to
Flash using openOCD and DNW: http://www.arm9board.net/wiki/index.php?title=Flash_using_OpenOCD_and_DNW
another DNW example: http://www.boardset.com/products/mv6410.php
ODroid dev center: http://dev.odroid.com/projects/uboot/wiki/#s-7.2
drivers and utilities
This will be an ever expanding list
Windows Drivers http://forum.xda-developers.com/attachment.php?attachmentid=678937&d=1312590673
Windows Download Tool DNW: http://forum.xda-developers.com/attachment.php?attachmentid=678938&d=1312590673
Windows Command Line tool: http://forum.xda-developers.com/showpost.php?p=17202523&postcount=27
Linux DNW Utility: http://dev.odroid.com/projects/uboot/wiki/#s-7.2
Linux ModeDetect tool: http://code.google.com/p/hummingbird-hibl/downloads/list
Linux Automated UnBricker:http://code.google.com/p/hummingbird-hibl/downloads/list
firmware
Bootloader Hello World by Rebellos http://forum.xda-developers.com/attachment.php?attachmentid=698077&d=1314105521
UnBrick tool http://forum.xda-developers.com/showthread.php?t=1242466
At this time I have not performed this modification. If you are in a pinch, please use this method. I will be performing this mod on my own device shortly.
We confirmed this device has got another iROM build, this means different HW revision of CPU.
HIBL for that will be released soon.
U are a genius Adam
Sent from my SAMSUNG-SGH-I997 using xda premium
JordanElliott said:
U are a genius Adam
Sent from my SAMSUNG-SGH-I997 using xda premium
Click to expand...
Click to collapse
I second that. I'm ready to send my phone in.
I'm not a developer but I try to play one on XDA. Seriously I'm not a developer. DlevROM Yo!
Thanks. But my wife wont let me touch hers...
Edit. Her phone...LOL..
Sent from my SAMSUNG-SGH-I897 using XDA App
To much trouble .....but thanks anyway
Sent from my SAMSUNG-SGH-I997 using xda premium
To bad i'm a perfectionist that doesn't know how to solder; my baby is to new to put her through this lol.
Sent from my SGH-I997 using xda premium
oh man glad to see this here thanks
It would be good to mention a recommendation on soldering iron power. I mean I have 75 watt irons, and 150/400 watt guns, I like to use a bigger than needed iron because it reduces the heat up time and if you get it the first time reduces damage but only if you get it exactly at the right time.
But I wouldn't put any of those big tools near a computer or phone. I'd say 15 Watts is plenty, 25 is manageable if you are good and the to is sharp and clean, these small electronics are soldered with infrared and aren't even designed to have an iron used on them. Keep that in mind if you consider this mod! This can be tricky stuff that can damage your hardware.
Adam, has any progress been made on the galaxy s to boot Meego or Linux? I know you can install Linux to the sd card and run it along side Android using terminal emulator to access it like you posted in the captivate section a while back but I never saw it running with a GUI on the phone, if you Jeanne a way to accesses fluxbox with the phones touch screen, that would be cool even if I can't boot stair into Linux yet.
This is really great thx so does it mean the infuse can be like the hd2 run almost all the popular Smartphone operating systems ?
leeroy1034 said:
This is really great thx so does it mean the infuse can be like the hd2 run almost all the popular Smartphone operating systems ?
Click to expand...
Click to collapse
What it means is that if you are a developer that wants to develop a way to do those things you can do it without fear or bricking. I doubt it will lead to the infuse being the next hd2 but its a step in the direction.
I'm just hoping it means more roms to get my flashing addiction fix
Sent from my SAMSUNG-SGH-I997 using XDA App
The_Zodiac said:
I'm just hoping it means more roms to get my flashing addiction fix
Sent from my SAMSUNG-SGH-I997 using XDA App
Click to expand...
Click to collapse
I hope it leads to Meego for the infuse, I kinda dislike Android, its too slow, too fractured, we shouldn't need all this super fast hardware to get a smooth experience. but I have never used Meego. Even with a lack of a huge app market it has to be better than lame ios or win phone7.
Wow, reading these threads and the custom bootloaders threads makes me realize how much smarter some of you are than me. I can only thank you for your work done and time given to the community. Great work to everyone involved!
AJerman said:
Wow, reading these threads and the custom bootloaders threads makes me realize how much smarter some of you are than me.
Click to expand...
Click to collapse
Personally...
Naah, I've just got loads of time to waste for pretty useless things (mainly, once per few months something useful like HIBL comes out) :d
https://m.google.com/app/plus/mp/217/#~loop:aid=z12pxpqbdlikhv0rj04cd5gbiz3wg5eqqjg&view=activity
Ok. I'm having a problem. We have USB debug mode..
Code:
Bus 001 Device 035: ID 04e8:1234 Samsung Electronics Co., Ltd
It is enumerating properly in Linux.
It is uploading the HIBL properly as well.
Code:
[email protected]:~/Desktop$ sudo smdk-usbdl -a d0020000 -f ./HIBL.bin
SMDK42XX,S3C64XX USB Download Tool
Version 0.20 (c) 2004,2005,2006 Ben Dooks <[email protected]>
S3C64XX Detected!
=> found device: bus 001, dev 034
=> loaded 24576 bytes from ./HIBL.bin
=> Downloading 24586 bytes to 0xd0020000
=> Data checksum 5d9c
=> usb_bulk_write() returned 24586
[email protected]:~/Desktop$
However, the device does not un-enumerate and re-enumerate as it usually does after receiving and executing the HIBL.
Here is the UART output from uploading HIBL.
Code:
Insert an OTG cable into the connector!
����
Uart negotiation Error
����
Here is a typical boot.
Code:
Uart negotiation Error
Insert an OTG cable into the connector!
Enumeration TimeOut Error
1
-----------------------------------------------------------
Samsung Primitive Bootloader (PBL) v3.0
Copyright (C) Samsung Electronics Co., Ltd. 2006-2010
-----------------------------------------------------------
+n1stVPN 2688
+nPgsPerBlk 64
PBL found bootable SBL: Partition(3).
MAX8893_REG_ONOFF return val 1
MAX8893_REG_DISCHARGE return val ff
MAX8893_REG_LSTIME return val 8
MAX8893_REG_DVSRAMP return val 9
MAX8893_REG_BUCK return val 2
MAX8893_REG_LDO1 return val 2
MAX8893_REG_LDO1 new val e
MAX8893_REG_LDO2 return val e
MAX8893_REG_LDO2 new val 10
MAX8893_REG_ONOFF return val 1
MAX8893_REG_ONOFF new val 21
MAX8893_REG_ONOFF return val 21
MAX8893_REG_ONOFF new val 31
Set cpu clk. from 400MHz to 800MHz.
OM=0x29, device=OnenandMux(Audi)
IROM e-fused - Non Secure Boot Version.
-----------------------------------------------------------
Samsung Secondary Bootloader (SBL) v3.0
Copyright (C) Samsung Electronics Co., Ltd. 2006-2010
Board Name: ARIES REV 03
Build On: May 19 2011 22:17:14
-----------------------------------------------------------
Re_partition: magic code(0x80040)
[PAM: ] ++FSR_PAM_Init
[PAM: ] OneNAND physical base address : 0xb0000000
[PAM: ] OneNAND virtual base address : 0xb0000000
[PAM: ] OneNAND nMID=0xec : nDID=0x50
[PAM: ] --FSR_PAM_Init
fsr_bml_load_partition: pi->nNumOfPartEntry = 12
partitions loading success
board partition information update.. source: 0x0
Now Read Images - ID : 1
.Done.
read 1 units.
==== PARTITION INFORMATION ====
ID : IBL+PBL (0x0)
ATTR : RO SLC (0x1002)
FIRST_UNIT : 0
NO_UNITS : 1
===============================
ID : PIT (0x1)
ATTR : RO SLC (0x1002)
FIRST_UNIT : 1
NO_UNITS : 1
===============================
ID : EFS (0x14)
ATTR : RW STL SLC (0x1101)
FIRST_UNIT : 2
NO_UNITS : 40
===============================
ID : SBL (0x3)
ATTR : RO SLC (0x1002)
FIRST_UNIT : 42
NO_UNITS : 5
===============================
ID : SBL2 (0x4)
ATTR : RO SLC (0x1002)
FIRST_UNIT : 47
NO_UNITS : 5
===============================
ID : PARAM (0x15)
ATTR : RW STL SLC (0x1101)
FIRST_UNIT : 52
NO_UNITS : 20
===============================
ID : KERNEL (0x6)
ATTR : RO SLC (0x1002)
FIRST_UNIT : 72
NO_UNITS : 30
===============================
ID : RECOVERY (0x7)
ATTR : RO SLC (0x1002)
FIRST_UNIT : 102
NO_UNITS : 30
===============================
ID : FACTORYFS (0x16)
ATTR : RW STL SLC (0x1101)
FIRST_UNIT : 132
NO_UNITS : 1146
===============================
ID : DBDATAFS (0x17)
ATTR : RW STL SLC (0x1101)
FIRST_UNIT : 1278
NO_UNITS : 536
===============================
ID : CACHE (0x18)
ATTR : RW STL SLC (0x1101)
FIRST_UNIT : 1814
NO_UNITS : 130
===============================
ID : MODEM (0xb)
ATTR : RO SLC (0x1002)
FIRST_UNIT : 1944
NO_UNITS : 60
===============================
loke_init: j4fs_open success..
load_lfs_parameters valid magic code and version.
reading nps status file is successfully!.
nps status=0x504d4f43
load_debug_level reading debug level from file successfully(0x574f4c44).
init_fuel_gauge: vcell = 3660mV, soc = 13
check_quick_start_condition- Voltage: 3660.0, Linearized[0/15/30], Capacity: 12
init_fuel_gauge: vcell = 3660mV, soc = 13, rcomp = d01f
reading nps status file is successfully!.
nps status=0x504d4f43
PMIC_IRQ1 = 0xc0
PMIC_IRQ2 = 0x0
PMIC_IRQ3 = 0x1
PMIC_IRQ4 = 0x0
PMIC_STATUS1 = 0x0
PMIC_STATUS2 = 0x0
get_debug_level current debug level is 0x574f4c44.
aries_process_platform: Debug Level Low
keypad_scan: key value ----------------->= 0x0
CONFIG_ARIES_REV:48 , CONFIG_ARIES_REV03:48
check_download: micorusb_status1 = 0, key_value = 0
aries_process_platform: final s1 booting mode = 0
DISPLAY_PATH_SEL[MDNIE 0x1]is on
MDNIE setting Init start!!
vsync interrupt is off
video interrupt is off
[fb0] turn on
MDNIE setting Init end!!
lcd_power_on_ld9040
s6e63m0_c110_spi_read_byte-------------------------: 86
DA lcd ID1 = 86
s6e63m0_c110_spi_read_byte-------------------------: 48
DB lcd ID2 = 48
s6e63m0_c110_spi_read_byte-------------------------: 44
DC lcd ID3 = 44
LCD_ID == 3
Autoboot (0 seconds) in progress, press any key to stop
get_debug_level current debug level is 0x574f4c44.
get_debug_level current debug level is 0x574f4c44.
boot_kernel: Debug Level Low
FOTA Check Bit
Read BML page=, NumPgs=
FOTA Check Bit (0x871f8801)
Load Partion idx = (6)
..............................done
Kernel read success from kernel partition no.6, idx.6.
setting param.serialnr=0x31352402 0x61dc00ec
setting param.board_rev=0x30
setting param.cmdline=console=ttySAC2,115200 loglevel=4
Starting kernel at 0x32000000...
Uncompressing Linux.............................................................
[ 0.000000] copy: bad source 0
[ 0.000000] mout_audss: bad source 0
[ 0.090119] KERNEL:kernel_sec_get_debug_level_from_boot=0x574f4c44
[ 0.094853] KERNEL:magic_number=0x0 DEBUG LEVEL low!!
[ 0.099864] (kernel_sec_set_upload_cause) : upload_cause set 0
[ 0.804603] irq requested hpd irq
[ 0.850107] --------A1026 i2c driver A1026_probe called
[ 0.853875] --------A1026_probe: device not supported
[ 0.859131] --------A1026_driver_init successful
[ 0.863514] --------A1026_dev_powerup called
[ 3.007976] Failed to request gpio touchkey_init:738
[ 3.011482] Failed to request gpio touchkey_init:740
[ 12.856445] init: [disk_config] initialize_mbr_flash for S1_EUR
[ 12.860891] init: [disk_config] [Disk Size (16005464064), (15630336k), secto]
[ 12.870565] init: [disk_config] calc_pte_of_disk -> start 64 num lba 2732844
[ 12.879153] init: [disk_config] calc_pte_of_disk -> start 27328512 num lba 3
[ 12.888197] init: [disk_config] compare_partition -> num_part 0 , offset (44)
[ 12.896007] init: [disk_config] [ target -> Disk0 : 13992165376 (13664224k) ]
[ 12.905162] init: [disk_config] Match partition table entry ... skip(0)
[ 12.911775] init: [disk_config] compare_partition -> num_part 1 , offset (46)
[ 12.919575] init: [disk_config] [ target -> Disk1 : 2013265920 (1966080k) 00]
[ 12.928584] init: [disk_config] Match partition table entry ... skip(1)
[ 12.935185] init: [disk_config] compare_partition -> num_part 2 , offset (47)
[ 12.942987] init: [disk_config] [ target -> Disk2 : 0 (0k) 00:00:00000000:00]
[ 12.950698] init: [disk_config] Match partition table entry ... skip(2)
[ 12.957303] init: [disk_config] compare_partition -> num_part 3 , offset (49)
[ 12.965104] init: [disk_config] [ target -> Disk3 : 0 (0k) 00:00:00000000:00]
[ 12.972811] init: [disk_config] Match partition table entry ... skip(3)
[ 12.979399] init: [disk_config] bNeedRoot : 0x00
[ 12.990828] init: cannot open '/initlogo.rle'
[ 13.075055] Failed to request FM_RESET!
[ 13.172981] init: [disk_config] :::: /dev/block/mmcblk0p1 :::::
[ 13.180732] init: [disk_config] vfat_identify -> ok
[ 13.184160] init: [disk_config] :::: /dev/block/mmcblk0p2 :::::
[ 13.190129] init: [disk_config] Error ::rfs_identify -> oem_name ()
[ 13.196466] init: [disk_config] rfs_identify -> failed
[ 13.202486] init: [disk_config] Error ::rfs_identify -> oem_name ()
[ 13.207833] init: [disk_config] rfs_identify -> failed
[ 13.213839] init: [disk_config] Error ::rfs_identify -> oem_name ()
[ 13.219189] init: [disk_config] rfs_identify -> failed
[ 13.225210] init: [disk_config] rfs_format -> /system/bin/fat.format -F 32 -
[ 13.252568] init: [disk_config] rfs_format -> ok[BIF: ] FSR VERSION: FSRM
[ 13.552104] init: cannot find '/system/bin/false', disabling 'noplaylogos'
[ 13.586570] init: cannot find '/system/etc/install-recovery.sh', disabling ''
sh: can't access tty; job control turned off
$ [ 19.506760] init: no such service 'bootanim'
[ 43.514858] init: no such service 'bootanim'
[ 61.035132] init: sys_prop: permission denied uid:1000 name:dpm.allowcamera
[ 71.204861] init: untracked pid 3290 exited
����
Uart negotiation Error
Rebellos, any ideas?
Updated 3rd post in this thread. We found out another S5PC110 iROM revision for the first time.
It's working. Excellent work Rebellos!
This log shows HIBL, then SBL going into download mode. Then a heimdall print-pit was excuted and the device rebooted.
Code:
����
Uart negotiation Error
-------------------------------------------------------------
Hummingbird Interceptor Boot Loader (HIBL) v1.0
Copyright (C) Rebellos 2011
-------------------------------------------------------------
Calling IBL Stage2 ...OK
Testing DRAM1 ...OK
iRAM reinit ...OK
cleaning OTG context ...OK
Chain of Trust has been successfully compromised.
Begin unsecure download now...
0x00000000BL3 EP: 0x40244000
Download complete, hold download mode key combination.
Starting BL3 in...
Set cpu clk. from 400MHz to 800MHz.
OM=0x29, device=OnenandMux(Audi)
IROM e-fused - Non Secure Boot Version.
-----------------------------------------------------------
Samsung Secondary Bootloader (SBL) v3.0
Copyright (C) Samsung Electronics Co., Modified by Rebell
Build On: Jun 8 2011 21:44:47
-----------------------------------------------------------
Re_partition: magic code(0x0)
[PAM: ] ++FSR_PAM_Init
[PAM: ] OneNAND physical base address : 0xb0000000
[PAM: ] OneNAND virtual base address : 0xb0000000
[PAM: ] OneNAND nMID=0xec : nDID=0x50
[PAM: ] --FSR_PAM_Init
fsr_bml_load_partition: pi->nNumOfPartEntry = 12
partitions loading success
board partition information update.. source: 0x0
.Done.
read 1 units.
==== PARTITION INFORMATION ====
ID : IBL+PBL (0x0)
ATTR : RO SLC (0x1002)
FIRST_UNIT : 0
NO_UNITS : 1
===============================
ID : PIT (0x1)
ATTR : RO SLC (0x1002)
FIRST_UNIT : 1
NO_UNITS : 1
===============================
ID : EFS (0x14)
ATTR : RW STL SLC (0x1101)
FIRST_UNIT : 2
NO_UNITS : 40
===============================
ID : SBL (0x3)
ATTR : RO SLC (0x1002)
FIRST_UNIT : 42
NO_UNITS : 5
===============================
ID : SBL2 (0x4)
ATTR : RO SLC (0x1002)
FIRST_UNIT : 47
NO_UNITS : 5
===============================
ID : PARAM (0x15)
ATTR : RW STL SLC (0x1101)
FIRST_UNIT : 52
NO_UNITS : 20
===============================
ID : KERNEL (0x6)
ATTR : RO SLC (0x1002)
FIRST_UNIT : 72
NO_UNITS : 30
===============================
ID : RECOVERY (0x7)
ATTR : RO SLC (0x1002)
FIRST_UNIT : 102
NO_UNITS : 30
===============================
ID : FACTORYFS (0x16)
ATTR : RW STL SLC (0x1101)
FIRST_UNIT : 132
NO_UNITS : 1146
===============================
ID : DBDATAFS (0x17)
ATTR : RW STL SLC (0x1101)
FIRST_UNIT : 1278
NO_UNITS : 536
===============================
ID : CACHE (0x18)
ATTR : RW STL SLC (0x1101)
FIRST_UNIT : 1814
NO_UNITS : 130
===============================
ID : MODEM (0xb)
ATTR : RO SLC (0x1002)
FIRST_UNIT : 1944
NO_UNITS : 60
===============================
loke_init: j4fs_open success..
load_lfs_parameters valid magic code and version.
reading nps status file is successfully!.
nps status=0x504d4f43
load_debug_level reading debug level from file successfully(0x574f4c44).
init_fuel_gauge: vcell = 4102mV, soc = 80
check_quick_start_condition_with_charger- Voltage: 4102.50000, Linearized[64/79/94], Capacity: 83
init_fuel_gauge: vcell = 4102mV, soc = 80, rcomp = d01f
reading nps status file is successfully!.
nps status=0x504d4f43
PMIC_IRQ1 = 0x28
PMIC_IRQ2 = 0x0
PMIC_IRQ3 = 0x0
PMIC_IRQ4 = 0x0
PMIC_STATUS1 = 0x40
PMIC_STATUS2 = 0x2c
get_debug_level current debug level is 0x574f4c44.
aries_process_platform: Debug Level Low
keypad_scan: key value ----------------->= 0x20
CONFIG_ARIES_REV:48 , CONFIG_ARIES_REV03:48
reading nps status file is successfully!.
nps status=0x504d4f43
==> Welcome to ARIES!
==> Entering usb download mode..
DISPLAY_PATH_SEL[MDNIE 0x1]is on
MDNIE setting Init start!!
vsync interrupt is off
video interrupt is off
[fb0] turn on
MDNIE setting Init end!!
Error : Current Mode is Host
EP2: 0, 2, 0; len=7
EP2: 0, 2, 0; len=7
sug: IN EP asserted
Error:Invalid connection string!
Error:Invalid connection string!
- Odin is connected!
set_nps_update_start: set nps start flag successfully.
process_packet: request id(100), data id(0)
process_rqt_init: platform number(0x0), revision(0x0)
process_packet: request id(100), data id(1)
process_packet: request id(101), data id(1)
.Done.
read 1 units.
check_pit_integrity: valid pit magic code.
process_packet: request id(101), data id(2)
process_packet: request id(101), data id(2)
process_packet: request id(101), data id(2)
process_packet: request id(101), data id(2)
process_packet: request id(101), data id(2)
process_packet: request id(101), data id(2)
process_packet: request id(101), data id(2)
process_packet: request id(101), data id(2)
process_packet: request id(101), data id(2)
process_packet: request id(101), data id(3)
process_packet: request id(103), data id(0)
process_rqt_close: xmit completed!
set_nps_update_completed: set nps completed flag successfully.
process_packet: request id(103), data id(1)
process_rqt_close: target reset!
ARIES MAGIC_ADDR=0x0 / INFORM5=0x12345678
1
-----------------------------------------------------------
Samsung Primitive Bootloader (PBL) v3.0
Copyright (C) Samsung Electronics Co., Ltd. 2006-2010
-----------------------------------------------------------
+n1stVPN 2688
+nPgsPerBlk 64
PBL found bootable SBL: Partition(3).
MAX8893_REG_ONOFF return val 1
MAX8893_REG_DISCHARGE return val ff
MAX8893_REG_LSTIME return val 8
MAX8893_REG_DVSRAMP return val 9
MAX8893_REG_BUCK return val 2
MAX8893_REG_LDO1 return val 2
MAX8893_REG_LDO1 new val e
MAX8893_REG_LDO2 return val e
MAX8893_REG_LDO2 new val 10
MAX8893_REG_ONOFF return val 1
MAX8893_REG_ONOFF new val 21
MAX8893_REG_ONOFF return val 21
MAX8893_REG_ONOFF new val 31
Set cpu clk. from 400MHz to 800MHz.
OM=0x29, device=OnenandMux(Audi)
IROM e-fused - Non Secure Boot Version.
-----------------------------------------------------------
Samsung Secondary Bootloader (SBL) v3.0
Copyright (C) Samsung Electronics Co., Ltd. 2006-2010
Board Name: ARIES REV 03
Build On: May 19 2011 22:17:14
-----------------------------------------------------------
Re_partition: magic code(0x0)
[PAM: ] ++FSR_PAM_Init
[PAM: ] OneNAND physical base address : 0xb0000000
[PAM: ] OneNAND virtual base address : 0xb0000000
[PAM: ] OneNAND nMID=0xec : nDID=0x50
[PAM: ] --FSR_PAM_Init
fsr_bml_load_partition: pi->nNumOfPartEntry = 12
partitions loading success
board partition information update.. source: 0x0
Now Read Images - ID : 1
.Done.
read 1 units.
==== PARTITION INFORMATION ====
ID : IBL+PBL (0x0)
ATTR : RO SLC (0x1002)
FIRST_UNIT : 0
NO_UNITS : 1
===============================
ID : PIT (0x1)
ATTR : RO SLC (0x1002)
FIRST_UNIT : 1
NO_UNITS : 1
===============================
ID : EFS (0x14)
ATTR : RW STL SLC (0x1101)
FIRST_UNIT : 2
NO_UNITS : 40
===============================
ID : SBL (0x3)
ATTR : RO SLC (0x1002)
FIRST_UNIT : 42
NO_UNITS : 5
===============================
ID : SBL2 (0x4)
ATTR : RO SLC (0x1002)
FIRST_UNIT : 47
NO_UNITS : 5
===============================
ID : PARAM (0x15)
ATTR : RW STL SLC (0x1101)
FIRST_UNIT : 52
NO_UNITS : 20
===============================
ID : KERNEL (0x6)
ATTR : RO SLC (0x1002)
FIRST_UNIT : 72
NO_UNITS : 30
===============================
ID : RECOVERY (0x7)
ATTR : RO SLC (0x1002)
FIRST_UNIT : 102
NO_UNITS : 30
===============================
ID : FACTORYFS (0x16)
ATTR : RW STL SLC (0x1101)
FIRST_UNIT : 132
NO_UNITS : 1146
===============================
ID : DBDATAFS (0x17)
ATTR : RW STL SLC (0x1101)
FIRST_UNIT : 1278
NO_UNITS : 536
===============================
ID : CACHE (0x18)
ATTR : RW STL SLC (0x1101)
FIRST_UNIT : 1814
NO_UNITS : 130
===============================
ID : MODEM (0xb)
ATTR : RO SLC (0x1002)
FIRST_UNIT : 1944
NO_UNITS : 60
===============================
loke_init: j4fs_open success..
load_lfs_parameters valid magic code and version.
reading nps status file is successfully!.
nps status=0x504d4f43
load_debug_level reading debug level from file successfully(0x574f4c44).
init_fuel_gauge: vcell = 4101mV, soc = 80
check_quick_start_condition_with_charger- Voltage: 4101.25000, Linearized[67/82/97], Capacity: 83
init_fuel_gauge: vcell = 4101mV, soc = 80, rcomp = d01f
reading nps status file is successfully!.
nps status=0x504d4f43
PMIC_IRQ1 = 0x0
PMIC_IRQ2 = 0x0
PMIC_IRQ3 = 0x0
PMIC_IRQ4 = 0x0
PMIC_STATUS1 = 0x40
PMIC_STATUS2 = 0x2c
get_debug_level current debug level is 0x574f4c44.
aries_process_platform: Debug Level Low
keypad_scan: key value ----------------->= 0x0
CONFIG_ARIES_REV:48 , CONFIG_ARIES_REV03:48
check_download: micorusb_status1 = 4, key_value = 0
aries_process_platform: final s1 booting mode = 0
DISPLAY_PATH_SEL[MDNIE 0x1]is on
MDNIE setting Init start!!
vsync interrupt is off
video interrupt is off
[fb0] turn on
MDNIE setting Init end!!
lcd_power_on_ld9040
s6e63m0_c110_spi_read_byte-------------------------: 86
DA lcd ID1 = 86
s6e63m0_c110_spi_read_byte-------------------------: 48
DB lcd ID2 = 48
s6e63m0_c110_spi_read_byte-------------------------: 44
DC lcd ID3 = 44
LCD_ID == 3
Autoboot (0 seconds) in progress, press any key to stop
get_debug_level current debug level is 0x574f4c44.
get_debug_level current debug level is 0x574f4c44.
boot_kernel: Debug Level Low
FOTA Check Bit
Read BML page=, NumPgs=
FOTA Check Bit (0x871f8801)
Load Partion idx = (6)
..............................done
Kernel read success from kernel partition no.6, idx.6.
setting param.serialnr=0x31352402 0x61dc00ec
setting param.board_rev=0x30
setting param.cmdline=console=ttySAC2,115200 loglevel=4
Starting kernel at 0x32000000...
Uncompressing Linux..............................................................................................................
[ 0.000000] copy: bad source 0
[ 0.000000] mout_audss: bad source 0
[ 0.090122] KERNEL:kernel_sec_get_debug_level_from_boot=0x574f4c44
[ 0.094863] KERNEL:magic_number=0x0 DEBUG LEVEL low!!
[ 0.099874] (kernel_sec_set_upload_cause) : upload_cause set 0
[ 0.802403] irq requested hpd irq
[ 0.846178] --------A1026 i2c driver A1026_probe called
[ 0.849942] --------A1026_probe: device not supported
[ 0.855208] --------A1026_driver_init successful
[ 0.859587] --------A1026_dev_powerup called
[ 3.004125] Failed to request gpio touchkey_init:738
[ 3.007639] Failed to request gpio touchkey_init:740
[ 12.613596] init: [disk_config] initialize_mbr_flash for S1_EUR
[ 12.617987] init: [disk_config] [Disk Size (16005464064), (15630336k), sector_size 512 :: num_lba 31260672 ]
[ 12.627716] init: [disk_config] calc_pte_of_disk -> start 64 num lba 27328448 next : 27328512
[ 12.636293] init: [disk_config] calc_pte_of_disk -> start 27328512 num lba 3932160 next : 31260672
[ 12.645348] init: [disk_config] compare_partition -> num_part 0 , offset (446)(0x1be)
[ 12.653148] init: [disk_config] [ target -> Disk0 : 13992165376 (13664224k) 00:0c:00000040:01a0ffc0 ]
[ 12.662313] init: [disk_config] Match partition table entry ... skip(0)
[ 12.668924] init: [disk_config] compare_partition -> num_part 1 , offset (462)(0x1ce)
[ 12.676721] init: [disk_config] [ target -> Disk1 : 2013265920 (1966080k) 00:0c:01a10000:003c0000 ]
[ 12.685729] init: [disk_config] Match partition table entry ... skip(1)
[ 12.692391] init: [disk_config] compare_partition -> num_part 2 , offset (478)(0x1de)
[ 12.700135] init: [disk_config] [ target -> Disk2 : 0 (0k) 00:00:00000000:00000000 ]
[ 12.707841] init: [disk_config] Match partition table entry ... skip(2)
[ 12.714454] init: [disk_config] compare_partition -> num_part 3 , offset (494)(0x1ee)
[ 12.722244] init: [disk_config] [ target -> Disk3 : 0 (0k) 00:00:00000000:00000000 ]
[ 12.729962] init: [disk_config] Match partition table entry ... skip(3)
[ 12.736538] init: [disk_config] bNeedRoot : 0x00
[ 12.748654] init: cannot open '/initlogo.rle'
[ 12.832898] Failed to request FM_RESET!
[ 12.931189] init: [disk_config] :::: /dev/block/mmcblk0p1 :::::
[ 12.938955] init: [disk_config] vfat_identify -> ok
[ 12.942398] init: [disk_config] :::: /dev/block/mmcblk0p2 :::::
[ 12.948354] init: [disk_config] Error ::rfs_identify -> oem_name ()
[ 12.954696] init: [disk_config] rfs_identify -> failed
[ 12.960739] init: [disk_config] Error ::rfs_identify -> oem_name ()
[ 12.966056] init: [disk_config] rfs_identify -> failed
[ 12.972089] init: [disk_config] Error ::rfs_identify -> oem_name ()
[ 12.977424] init: [disk_config] rfs_identify -> failed
[ 12.983432] init: [disk_config] rfs_format -> /system/bin/fat.format -F 32 -S 4096 -s 4 /dev/block/mmcblk0p2
[ 13.009915] init: [disk_config] rfs_format -> ok[BIF: ] FSR VERSION: FSR_1.2.1p1_b139_RTM
[ 13.310236] init: cannot find '/system/bin/false', disabling 'noplaylogos'
[ 13.337944] init: cannot find '/system/etc/install-recovery.sh', disabling 'flash_recovery'
sh: can't access tty; job control turned off
$ [ 19.257644] init: no such service 'bootanim'
[ 39.060649] init: sys_prop: permission denied uid:1000 name:wifi.interface
[ 44.151646] init: no such service 'bootanim'
the commands run were:
Code:
sudo smdk-usbdl -a d0020000 -f ./Infuse_HIBL_3.bin
sudo smdk-usbdl -a d40244000 -f ./Sbl.bin
You can get these pre-release binaries here: http://www.mediafire.com/file/yewg81mwdklb357/HIBLandSblBinaries.zip
Everything is working but I have not yet tested flashing. Flashing should go off without a hitch. You will use Odin 1.7 or 1.8.

[CWM] ClockworkMod 6.0.4.0 that will NOT update your touchscreen firmware

So I have this new tablet, and knowing all the bugs surrounding the touchscreen, decided not to update it (it came as stock JSS15J). However I still want to be able to use CM on it, so I patched the kernel to never update the touchscreen fw. Here's the compiled recovery from CM-10.2 synced today (october 2th), and then the kernel patch:
https://docs.google.com/file/d/0ByHQWL5Q6bSwYXJpaE9JZ0dnbVE/edit?usp=sharing
Code:
diff --git a/drivers/input/touchscreen/ektf3k.c b/drivers/input/touchscreen/ektf3k.c
index 4b6a7e7..451bcee 100755
--- a/drivers/input/touchscreen/ektf3k.c
+++ b/drivers/input/touchscreen/ektf3k.c
@@ -392,7 +392,7 @@ static int check_fw_version(const unsigned char*firmware, unsigned int size, int
id = firmware[size - 2*FIRMWARE_PAGE_SIZE + 122] |
(firmware[size - 2*FIRMWARE_PAGE_SIZE + 123] << 8);
- touch_debug(DEBUG_INFO, "The firmware was version 0x%X and id:0x%X\n", version, id);
+ touch_debug(DEBUG_INFO, "The firmware was version 0x%X and id:0x%X, new fw_version: 0x%X\n", version, id, fw_version);
if (id == 0x3029 && BOOTCODE_VERSION >= 0x6046) {
/*if the touch firmware was empty, always update firmware*/
@@ -1318,7 +1318,10 @@ static int firmware_update_header(struct i2c_client *client, unsigned char *firm
unsigned char nb_isp_cmd[4] = {0x45, 0x49, 0x41, 0x50};
unsigned char *cursor;
struct elan_ktf3k_ts_data *ts = i2c_get_clientdata(client);
-
+
+ printk("[ektf3k]: firmware_update_header: not updating your firmware, bro\n");
+ return 0;
+
if(ts == NULL)
return -1;
I can also upload the kang if anyone needs it. Note my patch has the old/new version swapped (small bug), it says new fw_version, but it's actually the current version.
I tested it with my own device just in case someone is wondering wether it works or not.
On a slightly unrelated note, my CM 10.2 kang would not have the Wi-Fi module loading. I had this error in logcat:
Code:
E/WifiHW ( 190): Failed to write wlan fw path param (Operation not permitted)
E/WifiStateMachine( 597): Failed to reload STA firmware java.lang.IllegalStateException: command '6 softap fwreload wlan0 STA' failed with '400 6 SoftAP command has failed'
Digging a bit further led to this error in the kernel log:
Code:
<6>[ 69.311614] wlan: loading driver v3.2.2.17B
<3>[ 69.314300] wlan: [573:F :HDD] hdd_parse_config_ini: request_firmware failed -2
However the official nightly didn't have this issue. I tracked it down to the lack of a symbolic link, which I had to create manually:
Code:
mount -o remount,rw /dev/block/platform/msm_sdcc.1/by-name/system /system
cd /vendor/firmware/wlan/prima/
ln -s /data/misc/wifi/WCNSS_qcom_cfg.ini WCNSS_qcom_cfg.ini
ln -s /data/misc/wifi/WCNSS_qcom_wlan_nv.bin WCNSS_qcom_wlan_nv.bin
I hope this information will be useful to others. Still not sure why my build has this problem and the official builds don't.

[Help] Bootloader Exception

Bootloader exception
[ RST_STAT = 0x10000000 ]
EVT 1.0
ASV TBL VER 8, Grade = C
ECT : PARA005i
LOT_ID = NA46A
CHIP_ID = 02b62e48b99c
CHIP_ID2 = 00000000
MNGS:40'C APOLLO:40'C G3D:40'C ISP:41'C
Exception: do_handler_serror: SERROR(esr: 0xbf000000) 'a WB }
pc : 0x8f0132cc [r : 0x8f022 dbc sp : 0x8f10fe90 @
@ _
I've tried going into download mode but it isn't working.
Please Help!!
The computer doesn't recognize it either.. if anyone has any info please help me!

[APP][PATCH] SnoopSnitch OnePlus Compatibility Patch

After some trial and error, I have identified the reason why snoopsnitch isn't working.
The issue is related to the DIAG initialization code in the diag-helper binary.
I'm attaching a working patch and a compiled APK (PM me for the link or maybe a mod. can attach it. I have 10 post link restriction) for your convenience.
PS: the code specifically look for OnePlus manufacturer but it may work on other devices too (with the appropriate changes)
Code:
diff --git a/contrib/diag_helper/jni/diag-helper.c b/contrib/diag_helper/jni/diag-helper.c
index ddb7fcb1..c1b00a33 100644
--- a/contrib/diag_helper/jni/diag-helper.c
+++ b/contrib/diag_helper/jni/diag-helper.c
@@ -3,6 +3,7 @@
#include <sys/socket.h>
#include <sys/stat.h>
#include <sys/un.h>
+#include <sys/system_properties.h>
#include <android/log.h>
@@ -13,6 +14,7 @@
#include <stdlib.h>
#include <unistd.h>
#include <arpa/inet.h>
+#include <string.h>
#define BUF_SIZE 1000000
@@ -62,9 +64,15 @@ open_diag_dev(void)
int diag_fd = -1;
int rv = -1;
int olderrno;
+ bool op = false;
+ char man[PROP_VALUE_MAX + 1];
+
+ __system_property_get("ro.product.manufacturer", man);
logmsg(ANDROID_LOG_DEBUG, "opening diag device");
+ if (strcasecmp("oneplus", man) == 0) op = true;
+
diag_fd = open("/dev/diag", O_RDWR|O_CLOEXEC);
if (diag_fd < 0) {
logmsg(ANDROID_LOG_FATAL, "error opening diag device: %m");
@@ -74,6 +82,7 @@ open_diag_dev(void)
const unsigned long DIAG_IOCTL_SWITCH_LOGGING = 7;
const int MEMORY_DEVICE_MODE = 2;
+ const int mode_param[] = { MEMORY_DEVICE_MODE, -1, 0 };
struct diag_logging_mode_param_t stMode = {
MEMORY_DEVICE_MODE, 0, 1
};
@@ -84,7 +93,10 @@ open_diag_dev(void)
rv = ioctl(diag_fd, DIAG_IOCTL_SWITCH_LOGGING, MEMORY_DEVICE_MODE);
if (rv < 0) {
olderrno = errno;
- rv = ioctl(diag_fd, DIAG_IOCTL_SWITCH_LOGGING, (void *)&stMode);
+ if(op)
+ rv = ioctl(diag_fd, DIAG_IOCTL_SWITCH_LOGGING, (void *)&mode_param, sizeof(mode_param));
+ else
+ rv = ioctl(diag_fd, DIAG_IOCTL_SWITCH_LOGGING, (void *)&stMode);
}
if (rv < 0) {
Credits: SRLabs, original author repository: https://opensource.srlabs.de/projects/snoopsnitch
{Mod edit: Added apk on request of OP @h3ph4est7s}
thanks
I've been looking for this for a while, I sent you a pm
it works perfectly thanks
Hi,
Thanks for the apk! It's great to see it again running (especially initializing) on my device, love it! As I already wrote in another posting in another thread (sorry for the double post, but in this specific case it's OK I think), there are two things that need to be mentioned:
- the patch level checks do not work on my device, maybe this depends in the ROM I'm using (I'm on Havoc 3.8 / Android 10) - I'll have to check if it maybe works with another ROM.
- I currently cannot say if the detection of silent SMS and IMSI Catchers really is working since I've havent't had such events till now. Silent SMSes should appear from time to time IMO. IMSI catcher events are extremely rare in my experience, I used Snoop Snitch for about one year two or three years ago and got two of those events in the whole year: one in Germany, one in Canada.
Cheers
Zap
I am also facing the same DIAG_CHAR initializing issue. I used your snoopsnitch apk to test on my Oneplus 5, LOS16. The app started, but closed immediately. The backend service keep on restarted. My logcat shows as below.
12-11 13:16:12.186 9407 9407 E [email protected]: Could not get passthrough implementation for [email protected]::ICameraProvider/legacy/0.
12-11 13:16:12.198 9417 9417 I diag-helper: starting
12-11 13:16:12.198 9417 9417 I diag-helper: test mode invoked
12-11 13:16:12.198 9417 9417 D diag-helper: opening diag device
12-11 13:16:12.198 9417 9417 F diag-helper: error setting diag device logging mode: Bad address/Invalid argument
12-11 13:16:12.199 9417 9417 E diag-helper: error opening DIAG device
12-11 13:16:12.200 9261 9261 E msd-service: Terminating MsdService after shutting down due to an unexpected error
12-11 13:16:12.202 9261 9261 I opSnitchServic: System.exit called, status: 1
12-11 13:16:12.202 9261 9261 I AndroidRuntime: VM exiting with result code 1, cleanup skipped.
12-11 13:16:12.215 1359 9176 I ActivityManager: Process .SnoopSnitchService (pid 9261) has died: fore SVC
12-11 13:16:12.215 1359 9176 W ActivityManager: Scheduling restart of crashed service de.srlabs.snoopsnitch/.qdmon.MsdService in 1000ms
12-11 13:16:12.215 1359 1405 W libprocessgroup: kill(-9261, 9) failed: No such process
12-11 13:16:12.215 1359 1405 I libprocessgroup: Successfully killed process cgroup uid 10092 pid 9261 in 0ms
Click to expand...
Click to collapse
Any kind of help is appreciated.
Installed this Mod on my OP7T Pro, but it crashes at start. The unmodified version starts flawless, but did mit recognize root privileges (message at the bottom "snoopsnitch require root access..."). On clicking the start network test button it tells me "could not initialize the diag interface". I checked diag_char in system and it is enabled. No Idea whats wrong. Using Android 10 with latest stabile stock OS.
EinsteinXXL said:
Installed this Mod on my OP7T Pro, but it crashes at start. The unmodified version starts flawless, but did mit recognize root privileges (message at the bottom "snoopsnitch require root access..."). On clicking the start network test button it tells me "could not initialize the diag interface". I checked diag_char in system and it is enabled. No Idea whats wrong. Using Android 10 with latest stabile stock OS.
Click to expand...
Click to collapse
Same here with Oxygen OS 11 beta. The modded app crashes on start and the original app can't "initilize diag driver."
On my OP3T with Android 11 (Arrow OS) it works. Same again as before: Starting and initializing perfectly, but the patch level checks do not work.
The Problem seems to be device-/SOC - specific.
Hello and thank you so very much for this. I had been wanting to use it for s long time and finally came across your workaround. Unfortunately it didn't work for me. I originally installed through nethunter store but I uninstalled that and installed yours. I am running Jaguar OS on OP8T rooted with magisk. I created a logcat hoping that you'll be able to hero me get it going. I am attaching it here. Thank you!

Categories

Resources