AT&T TV - C71KW-400 - B'Com BCM7271 - Root? Bootloader? DRIVERS? - Android Stick & Console Computers General

Hey everyone.
I've done some solid weeks of searching to no avail on this.
I have an AT&T AndroidTV box. Model number is C71KW-400 - Manufactured by WNC, not Samsung. Specs as follows.
Android Version 8.0, up to date. Kernel - 4.1.45-1-15pre [email protected] 2. BSL Ver 2.2.5.0, BSU 2.19, BFW 4.25.
I can't get this thing to mount for anything in ADB. Is there something I'm missing? (drivers, I'm pretty sure.)
I'm not sure if there is an OEM specific driver for this box, but I'm about ready to pull my hair out. Almost no permission from factory whatsoever.
Dev Mode unlocked. USB debugging is on. Type-A to Type-A. It won't read the data cable for anything, but reads a regular flashdrive with no worries. Brand new data cable.
Any advice? Tips? I am trying to root and/or flash a new rom after dealing with this misery.

Did you ever find any answers to your questions? The boxes are $48 - $50 (refurbished) on eBay. I, too, am curious.

I came across one of these boxes recently. When powered up it prompts you for a Direct-TV login account. I could not find a way to bypass the login so I opened it up and discovered it was running a Broadcom 7271ZBKFSBB3 media processor. Broadcom provides an array of open source Linux tools and software at: https://github.com/Broadcom for their set top box products. Anyone out there have experience using the tools?

UART it and let's see what we can boot on it? See my post here https://forum.xda-developers.com/t/...-raspberry-pi-4-bcm2711.4583691/post-88513475

Verified baud rate was 115200 with scope then did a boot dump using an Arduino to read serial data. Doesn't look like uboot.
Begin Boot Dump...
[ 1.048309] brcmstb-pm-psci: Firmware does not support function 0x84000008
[ 1.050420] brcmstb-pm-psci: Firmware does not support function 0x84000008
[ 1.307145] hub 1-0:1.0: config failed, hub doesn't have any ports! (err -19)
[ 1.651205] c71kw_led_probe
[ 2.314889] init: Init cannot set 'ro.boot.veritymode' to 'enforcing': Read-only property was already set
[ 2.335326] init: Could not set 'ro.hardware' to 'wnc7271t' while loading .prop filesRead-only property was already set
[ 5.209120] droid_pm droid_pm: no match for IRQ 'gpio'
[ 6.705036] update_verifier: /data/ota_package/care_map.pb doesn't exist
[ 7.310628] init: Control message: Could not find '[email protected]::INexus/default' for ctl.interface_start from pid: 2898 (/system/bin/hwservicemanager)
[ 7.326131] init: Control message: Could not find '[email protected]::INexus/default' for ctl.interface_start from pid: 2898 (/system/bin/hwservicemanager)
[ 8.007663] droid_pm droid_pm: droid_pm_ioctl: BRCM_IOCTL_GET_PMIC_INFO: no pmic devices found!
[ 12.318812] init: Control message: Could not find '[email protected]::IVcSvc/default' for ctl.interface_start from pid: 2898 (/system/bin/hwservicemanager)
[ 22.496016] BTUSB btusb_ioctl: can't find device
[ 23.696998] WLDEV-ERROR) [ 24.147083] BTUSB btusb_write: can't find device
[ 62.279226] binder_alloc: 3961: binder_alloc_buf size 1056768 failed, no address space
[ 62.303450] binder_alloc: allocated: 556 (num: 6 largest: 496), free: 1039828 (num: 4 largest: 1039356)

Does not look complete. Try to interrupt it by spamming some keyboard inputs that would otherwise work if it were u-boot.
How is the Flash chip connected and can you temporarily prevent the CPU reading the Flash chip ?

https://github.com/broadcom/aeolus here is mentioned a CM console no idea what that is but sounds like a separate UART lol ?
This looks more specific to the STB case https://github.com/ARM-software/u-boot/blob/master/doc/README.bcm7xxx so it's a BOLT bootloder which loads another elf image which may or may not be a modified u-boot ?

I think I'm stuck. The box cleared all it's settings when I powered it up with the cover off. It must have sensed it with the IR detector. Now it is prompting me to hit two buttons on the remote simultaneously for 3 seconds. I don't have the original remote that comes with the box and have been using my Logitec Harmony to emulate the remote. The Harmony does not allow me to do this. See attached photos...
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}

That's weird it should not have such a security feature, if they put such a feature preventing repairs, boycott all their brands all their everything from the investor fund all related companies down to the parking garage guards give them the silent treatment for being an evilcorp. Look them with contempt and shame them. Make tc tc tc noises when you pass them. The settings reset was probably due to the provider firmware not being able to authenticate to a central server for a period of time, or receiving empty config from the central server due to missing subscription.
This should be outlawed creating crippled products MUST BE OUTLAWED all lawmakers I just lost all respect for them it's over. They are nothing to me. Unworthy humans.
The USB-A to USB-A to connect in some useful way, for this to work there must be a code running on the CPU to make this possible. This code should exist in the GPL sources obtainable by asking the evilcorp (if they don't give them they break GPL and must be fined some millions) Also from devkits with similar SoC if not from github etc. I do not advise it due to it will be timeconsuming just commenting on it.
get a remote from an online seller near you, or as an idea, bring to a directv (att?) store and use their demo unit remote to setup yours ..
with remotes you can also try things with a TV with HDMI-CEC and with some TVs they can emulate some devices remotes and send IR to them
Otherwise dump the flash, modify the contents and rewrite the flash.
Monetarily it's not worth it but let me ask you WHAT IS THE COST OF FREEDOM ?!
The ADB there are no drivers for that - TV boxes use ADB over network. If it's USB -what PID VID ?
If AI ever becomes like the Terminator it would rightly go and punish any makers of any crippled hardware or software that imposes artificial limitations on anyone or anything. And this is not a collectivist ideology its pure math logic.

Related

[APP][2.2+] macroMote - The only remote control application you need.

macroMote
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
​
macroMote, the only remote control application you need for your computer. Functionality? Using a command based system macroMote allows you to easily create the functionality you need to take control of your computer remotely. Design? With its tabbed layout organizing your macros has never been easier, this means your macros can be categorised how you want them to be. Simplicity? Everything about macroMote screams simplicity, after all that’s what a remote is for right? Macros can still be created (and removed) while clients (yes, more than one device can be connected at the same time!) are connected; the changes will be synced to all of the devices in real-time.
Features
- Command system to create whatever functionality you need
- Tabbed design for easy access
- Connect as many devices as you want
- Changes are synced in real-time to all devices
- macroMote Server compatible with Windows, Linux and Mac
Planned Features
- Added security (PIN to connect)
- Ability to save IP address
- Ability to change port
- Better tablet support
This really is the definition of universal.
Silly example macro, opens chrome and navigates to XDA
Code:
shell "cmd /C start chrome --start-maximized"
wait 2000
move "155,45"
click left
wait 500
type "XDA "
type ENTER
wait 1500
move "192,280"
click left
REQUEST : Please can you test this on your Linux/Mac machines. It should work but unfortunately I haven't had chance to fully test it (especially on Mac)
Please post your feedback for any improvements, commands and bugs!
How To? Mirror
Server Mirror
Lite
Pro​
Reserved - Update information should go here.
This looks good but I have one question/concern.
How does the remote know which application to send the macro commands too? In other words, that VLC tab you have will only be useful if VLC is your currently active window.
It would be nice if each macro command could be directed towards a specific application running on your computer. If I want to control my iTunes music via remote, I don't want to maximize it first.
Make sense?
That is a very good question! I've thought about this and it still needs some work. With the server being programmed in Java it means I don't have access to external sources like window names and other useful things. It would mean I need to use the system API's (which of course then means I would need to figure out a way to get it to work on Linux and Mac too). Which means its going to be a pain in the ass. Fortunately must commonly used applications listen out for hot keys regardless of focus.
A simple solution would be? :
press ALT
type TAB
release ALT
Click to expand...
Click to collapse
- Added Mirror Links to 'How To?' and 'Server' (My site host seems to be blocking the links...)
400+ Views... one reply.
It would be nice if people could leave some feedback? I put a lot of time into this.
So you have to be at the PC when writing set commands for each remote function?
Have you thought about being able to write a custom function on the Android phone then pushing that to the server then executing it?
Would like to have a little play with this app though, I like the idea Could maybe interpret something like this into a smart tv one day with a bit of modification.
Good Job
Yes, well the idea was that you set-up all of your macros on the computer before hand (prevents security issues). Since you will only need to write the macro once.
I developed this to function as an AIO remote to be used with any software and OS on your computer (where other remote controllers fail). I would of continue developing it, but it seems nobody is interested or doesn't understand what it does fully. I think I might just release the Pro version for free.
TheUnkn0wn said:
Yes, well the idea was that you set-up all of your macros on the computer before hand (prevents security issues). Since you will only need to write the macro once.
I developed this to function as an AIO remote to be used with any software and OS on your computer (where other remote controllers fail). I would of continue developing it, but it seems nobody is interested or doesn't understand what it does fully. I think I might just release the Pro version for free.
Click to expand...
Click to collapse
I would try and offer some ideas but as you said it lies with using System API's.... Would be a huge improvement if you did manage to figure it out.
And yes the XDA feedback is sometimes.....

[Q] Directly Accessing the eMMC Module for Repair/Backup

UPDATE: November 8, 2014
* JTAG is disabled by QFuse.
* UART is available via the headphone jack for debugging/etc (Pinout to be posted later w/ examples)
* Searching for ways to access VSSQ and VSS (all other eMMC pins are accessible otherwise).
* New photos detailing locations of pins have been uploaded.
Current Located eMMC Pinouts:
CMD, DAT 0 to 7, VDDI, VDD, and VCCQ
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Notes:
* VCCQ is is attached to 1.8V going to GND and an AGND connection going through two capacitors; one is 4.7u while the other is 0.1u.
* VCC is attached to 2.95V GRND with the same 2 capacitors leading to AGND.
* All DAT pins have 47K resistors leading to 1.8V GND.
* The CMD pin has a 10K resistor leading to 1.8V GND.
CLK
I'm currently searching how to access VSS and VSSQ.
As far as I know jtag ports are disabled on most msm8974 soc phone in the qfuse table. That is why dont find any jtag solution for LG G2 after 13 months of its release or for any other msm8974 phones. Try to find the pins for the emmc to get direct access to it then we can mount it to the pc as an external hdd or flashsdrive.
So I have found the pins for the eMMC chip, and nicely enough they are located below the eMMC module itself. However, it is under the lid, so access requires you to desolder the lid from around it.
One thing I noticed with JTAG is that there is a *WATCH_DOG ENABLE* function that is activated by applying a 22K resistor to on of the leads (might be a different value, not at home so I don't have the PCB layout handy).
I also noticed that applying a resistor to one of the GPIO pins will trigger "FORCED_USB_BOOT", which may be handy for loading a bootloader from USB for eMMC partitioning via fastboot/etc. Haven't done enough research on that to give a definitive answer though.
Came across some more information.
Apparently, the Nexus 5 (both the D820 and D821), have four different boot configurations. Boot0, the one that is disabled altogether by default, can be activated via adding a 22K resistor to pad R3025 (attached to pin BF20 on the MSM8974). By adding this 22K resistor, we should be able to use Boot Config "0" and at the same time enable hardware Watchdog which makes me assume this is a debug mode for the Nexus 5 (and hopefully this might enable the JTAG pins). Will update as I come across more information.
Sorry, but I just want to butt in a let you guys know that there are users on here that still appreciate your dedication and curiosity to Android. This is why I love Android.
Carry on, definitely following this thread.
-------------------------------------------------------------------------
[ DEVICE : N5 ] [ ROM : L DEV PREVIEW ] [ KERNEL : ELEMENTALX ]
Thanks for the support, dEris!
So after digging around some more, the four boot configurations and Watchdog enabling GPIO pins are standard on all of the MSM8974 SOCs. The info I posted apples to both the LG G2 and Nexus 5. The MSM8974 has these GPIO pins standard across, from what I can tell, all boards. If that is correct, backing up the eMMC might be far simpler than I originally thought.
Just keep in mind that I am making a lot of assumptions here. I do not have the hardware to test this myself with, and until I do this is all speculation.
Alright, I've edited some photos to show all of the eMMC's pins on the PCB. One thing I'd like to note that the eMMC CLK pin is located on the other side of the board by the MSM8974 instead of near the eMMC chip itself.
Here are the photos:
Using these diagrams we should be able to connect directly to the eMMC chip.
Derragon said:
Alright, I've edited some photos to show all of the eMMC's pins on the PCB. One thing I'd like to note that the eMMC CLK pin is located on the other side of the board by the MSM8974 instead of near the eMMC chip itself.
Here are the photos:
View attachment 3004913
View attachment 3004912
Using these diagrams we should be able to connect directly to the eMMC chip.
Click to expand...
Click to collapse
So it is not required to find Vcc, Vss, VccQ and VssQ connections?
Sorry, I am pretty new to all of this, so thanks for the info on the other pins that I need to find. Will post a diagram of where VCC, VCCQ and GND are when I get back from work. Sorry for not posting those ones!
Derragon said:
Sorry, I am pretty new to all of this, so thanks for the info on the other pins that I need to find. Will post a diagram of where VCC, VCCQ and GND are when I get back from work. Sorry for not posting those ones!
Click to expand...
Click to collapse
My Nexus 5 refuses to power-on and I'm fairly interested in recovering all the data stored on the eMMC chip. This thread is helping out and it would be awesome to have the location of the various power pins. By the way, how did you manage to get all this information? Thanks anyway for the work you've done.
Hey is VSS and VSSQ the same thing as Ground?

Some Interesting Stuff.

Found this in
external/chromium_org/third_party/WebKit/PerformanceTests/Parser/resources/final-url-en
@ line 81 http://209.87.231.94/HomelandSecurity/
it comes up 404 but , i thought i was interesting.
I'm trying to figure out how to mod the browser to kill ads and pop-ups/unders
i found the file br grep'ing popup and that's what popped up ! xD
I love grep.
m
What is that interesting thing you're talking about???
M,
hi, lot's of things actually !
But seriously, since my attempts at getting a build through for the sm-t330nu are going slow, i thought i'd start hacking at the browser.
Figuring out privacy related stuf, killing tracking, ads, popups, location, etc.
Also starting to get into how ssh works. This thread will be mostly for notes to myself, keeping them on my hard drive seems
a lost cause since i trash it so frequently. :silly:
m
moonbutt74 said:
M,
hi, lot's of things actually !
But seriously, since my attempts at getting a build through for the sm-t330nu are going slow, i thought i'd start hacking at the browser.
Figuring out privacy related stuf, killing tracking, ads, popups, location, etc.
Also starting to get into how ssh works. This thread will be mostly for notes to myself, keeping them on my hard drive seems
a lost cause since i trash it so frequently. :silly:
m
Click to expand...
Click to collapse
Oooooohhh try just the ip in your browser it takes you to a login page??
No, you're watching too many movies. Sorry, woke up grumpy.
My thinking was actually this, in external/chromium_org/third_party/WebKit/PerformanceTests/Parser/resources/final-url-en
The term test can be wildly misused/abused, so in terms of tracking/logging ipaddresses/devices and therefore individuals
i am wondering if just a quick "touch" to the url's/sites/servers in that list from behind the scenes is enough
to get your information logged and therfore maybe abused/misused.
The term forensic can be wildly misused/abused in the same way, more often than not as a euphemism for
stealing other people's information/data. I am referring to those always seeking to enable monitor-mode
so they can do penetration testing, kali, nethunter etc.
I am NOT saying the legit does not exist but, these what i'm assuming to be "kids" who can't even compile a kernel
are pestering and nagging for nethunter builds, strike me as shady.
okay so for the browser i'm staring here https://github.com/copperhead-security
specifically with removing/disabling rlz tracking
https://github.com/copperhead-secur...mmit/2741fc2baaca711e72329ebe6e7e5cf9a7485314
i stumbled on this by accident, if anyone has a lead on popup/ad pushing let me know.
I'm pretty sure it's in a java class file somewhere, if i understand those they can be "unplugged"
with a little manipulation.
kernel caf patching
okay so this is what i think are patches needed to build caf, though i continue to get segmentation fault with surfaceflinger
in order of appearance- top down. this is more for my reference, if i am missing anything please let me know.
msm: mdss: implement overlay prepare ioctl
https://github.com/jfdsmabalot/kernel_samsung_klte/commit/a11236283bc1afa5a0c05daed6541e45b46da8cb
msm: mdss: add retire fence support
https://github.com/jfdsmabalot/kernel_samsung_klte/commit/81e6b894e53f42d8948c084d693f2df27a6f2f64
msm: vidc: add LTR support for video encoder
https://github.com/jfdsmabalot/kernel_samsung_klte/commit/624fd84a1101a63f51e447eb22e76926defe4322
msm: vidc: Add generic LTR mode support
https://github.com/jfdsmabalot/kernel_samsung_klte/commit/9386bb61976a5e274456d8504214b97118435db2
msm: vidc: Add support to request frame level QP information
https://github.com/jfdsmabalot/kernel_samsung_klte/commit/25aed54f477de553fc7416654f9b2557b4ce811d
msm: vidc: Add support to request frame bits info as extra-data
https://github.com/jfdsmabalot/kernel_samsung_klte/commit/802e147e4fa00b6763f56f00857ea1cb2929a081
[media] v4l2: Add enum for frame level QP extra-data
https://github.com/jfdsmabalot/kernel_samsung_klte/commit/f1e928a792a4b0b245f98f2100271cb4eeb1d515
[media] v4l2: Add enums to request frame bits info as extra-data
https://github.com/jfdsmabalot/kernel_samsung_klte/commit/a7cdb3054adb4d646788968665cf7f80eb8a2ef6
msm: vidc: Add support for MBI extradata
https://github.com/jfdsmabalot/kernel_samsung_klte/commit/ac57110a911658fbf58d969cd887dde8481d2349
msm: vidc: add control to enable Hierarchical P num layers
https://github.com/jfdsmabalot/kernel_samsung_klte/commit/dff92816f6897c8010c0934968d5ec4c9296d4d1
msm: vidc: detect mbaff information from firmware
https://github.com/jfdsmabalot/kernel_samsung_klte/commit/ca0885dd645b5741c3e6adcb892707d7f7859314
the last two i am not sure of, optional maybe ?
i also found some interesting stuff concerning over clocking, once i round it up i will make a similar ordered post.
the information appears to be for an msm kernel overclocked to 3.0ghz which is definitely not us, but though the numbers may be wrong
the places in kernel source where those adjustments need to be made may be what we need.
m
the preceeding information / commit history is located here https://github.com/jfdsmabalot/kernel_samsung_klte/commits/master?page=2
in github user jfdsmabalot 's repositories
https://github.com/jfdsmabalot
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
on ioscheds and overclocking
i am looking at these commits from the same github user as the previous post mentioned
as an example for what need to be done for the overclocking attempt.
While the actual digits don't apply to us, i'm guessing the approach does.
Again, for my reference, starting in order of appearance, top down.
block: Add I/O schedulers
https://github.com/jfdsmabalot/kern...mmit/be37021b9071733b5f5db3ebf2eb86235a4b11cf
sched: set mc_power_savings=2
https://github.com/jfdsmabalot/kern...mmit/5c94de7c86b3e1b2c8bbdee605035c47d2a9fc1b
description - this feature packs tasks together and try to bind them to cpu0, which in theory will let cpu1 idle longer, thus improving battery life.
Info: http://elinux.org/images/1/1d/Comparing_Power_Saving_Techniques_For_Multicore_ARM_Platforms.pdf
Overclock
https://github.com/jfdsmabalot/kern...mmit/2004ab21e5bbdab54712c83ec437622a73338b67
desciption -
This will let you overclock to 3.0Ghz, this is just for fun and to tell you honestly, our device is really good running the stock frequencies,
so It's up to you to use it.
Click to expand...
Click to collapse
Find the right numbers !!! If i understand it correctly, we should be able to over clock [safely] +30% [maybe?]
The commit history is here https://github.com/jfdsmabalot/kernel_samsung_msm8974ab/commits/kitkat
Further along are some reverts from earlier commits and some fine tuning, look through all of them to see
the what and why.
One more, probably need this,
block: sysfs: allow non superusers to change i/o scheduler
https://github.com/moonbutt74/kerne...mmit/2b663fcbb0e6fcc440f26fe05178e9b81bb91452
note to self- wonder if something in this approach can be used to "solve" some other problems, kitkat and onward.
vidc: Our blobs do not support extradata
Working With mksh
Found this thread while trying to figure out mkshrc configuration by XDA user @7175
[Shell][mksh][Scripting]::mksh-R50e-static-FULL+mkshrc_mods:::
http://forum.xda-developers.com/showthread.php?t=2770804
@r2d23cpo , dude i think you'll like this !

LG AccessUSB - WebOS debug/root access

AccessUSB is a hardware key, that allows to activate debug mode, root access, etc.
I successfully reversed its protocol and made my own device. Some features:
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Debug menu - root:
=================================================================================
[h] Helps about function of charactor key
[ a][func:0x00000000]: Check AccessUsb
[ c][func:0x00000000]: Channel Up/Down Test
[ d][func:0x00000000]: Show Orginal Debug Menu
[ h][func:0x00000000]: Helps about function of charactor key
[ i][func:0x00000000]: MHP Debugging
[ t][func:0x00000000]: set single core
[ u][func:0x00000000]: Virtual Remocon Key Input Mode
[ x][func:0x00000000]: Exit Debug Mode
=================================================================================
Main menu:
help,? Print this help message
============================================================
md Memory dump
mm Modify memory
mf Memory fill
mmap Map kernel physical memory to user vitrual memory
dsm Disassemble memory
regs Dump current exception registers
num Print number in hex/dec/bin
uptime Print system up time
sload load symbol info
sh enter shell
call Call a function
..........
------ ORG MAIN ----------------------------------------
1 Print Mask Menu
2 S/W Version Info
7 DILE_VT Menu
8 SGL Menu
9 BCAS Menu
10 API_SDec Menu
101 SENC Menu
102 SENC API Menu
103 TV Pipeline Menu
11 API_VDEC Menu
111 VENC Menu
12 VIDEO MW Menu
13 VIDEO DIL Menu
15 Picture Quality MW Menu
16 VIDEO Picture Quality DIL Menu
..........
listen listener AND Subscirbe Debug Menu
kadp LG115X Kadp debug menu
uart1 Control MUX for selecting UART1
cnt Auto-Control RF-Generator or Video-Generator
sd system property interface debug menu
============================================================
exit Exit from ORG MAIN menu
AccessUSB uses RSA-2048 encryption. To get access I replace its key in TV firmware, but still looking for original key. If anyone have original AccessUSB, I can copy that RSA key and make a clone.
Original AccessUSB can have time and/or usage count limitations, clone will be without any limitations. So if you help me with this key I will provide firmware and instructions how to make your own AccessUSB. Contact: PM or lgexplorer [at] tutanota.com.
Also looking any other info about original AccessUSB.
AccessUSB devices are signed individually by LG, and I was told that they are pricy to get even for repair shops.
I was making my own one with a BeagleBone Black and CDC-ACM aswell, but deemed it useless due to the existence of better ways to get root and the signature check (serial.pem) on the device
blala said:
AccessUSB devices are signed individually by LG, and I was told that they are pricy to get even for repair shops.
I was making my own one with a BeagleBone Black and CDC-ACM aswell, but deemed it useless due to the existence of better ways to get root and the signature check (serial.pem) on the device
Click to expand...
Click to collapse
Did you got original AccessUSB or valid RSA key? How repair shops can obtain it?
Root is only one feature, that can be obtained via AccessUSB, also it is official root access method, that will not be "fixed" in updates.
Web OS
LgExplorer said:
Did you got original AccessUSB or valid RSA key? How repair shops can obtain it?
Root is only one feature, that can be obtained via AccessUSB, also it is official root access method, that will not be "fixed" in updates.
Click to expand...
Click to collapse
USB access is sweet but i noticed that LG store has more than one IPTV apps how is that so. But no KODI app or is there a way to convert APK to IPK and install on to WebOS.

Screen broken, need for screen stream

Dear all,
Two months after installing a new screen on my OnePlus 5T, the screen basically stopped working (black, sometimes flickering parts).
However: the touch function is still working. For example, I can still operate spotify, as I just know where I would have to press...
As I really wish to retrieve some information from the phone, or initiate data transfer to a new OnePlus, I would like to try screen streaming options.
Since I can't really operate any other app without seeing the screen, I wanted to force it from my computer via adb commands.
The phone is unlocked/rooted, and adb debugging enabled.
There are two approaches I would like try:
GitHub - Genymobile/scrcpy: Display and control your Android device
Display and control your Android device. Contribute to Genymobile/scrcpy development by creating an account on GitHub.
github.com
I am planning to run these approches on a virtual machine for linux/ubuntu on a windows 11 computer, and I got it so far, that the device is being recogniced by the <adb devices> command, showing the device number.
However, the phone is also unauthorized, potentially hindering me from continuing with scrcpy (and potentially any other adb driven approach).
Please find the following output.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Of course, the internet provides solutions to that problem but they all require me to use the screen of my phone. (Which technically is possible, but I just can't see where I am tapping/if popups come up etc.).
So here's my question(s):
Is adb-driven screen streaming the only option I have at that point?
Are these approaches reasonable, or is there an easier solution?
Is there a way to properly set up the adb connection, that is also compatible with the broken screen problem I experience?
As this seems to be a more general question, I wasn't sure where to put this thread, but I could imagine that many approaches could lead to a satisfying result.
Just in case everthing fails, I also ordered a new screen from china, but it will probably take around 3-4 weeks to arrive...
I would greatly appreciate any suggestions or feedback.
Thanks in advance!
Ulrich
TheSlashed said:
Dear all,
Two months after installing a new screen on my OnePlus 5T, the screen basically stopped working (black, sometimes flickering parts).
However: the touch function is still working. For example, I can still operate spotify, as I just know where I would have to press...
As I really wish to retrieve some information from the phone, or initiate data transfer to a new OnePlus, I would like to try screen streaming options.
Since I can't really operate any other app without seeing the screen, I wanted to force it from my computer via adb commands.
The phone is unlocked/rooted, and adb debugging enabled.
There are two approaches I would like try:
GitHub - Genymobile/scrcpy: Display and control your Android device
Display and control your Android device. Contribute to Genymobile/scrcpy development by creating an account on GitHub.
github.com
I am planning to run these approches on a virtual machine for linux/ubuntu on a windows 11 computer, and I got it so far, that the device is being recogniced by the <adb devices> command, showing the device number.
However, the phone is also unauthorized, potentially hindering me from continuing with scrcpy (and potentially any other adb driven approach).
Please find the following output.
View attachment 5756521
Of course, the internet provides solutions to that problem but they all require me to use the screen of my phone. (Which technically is possible, but I just can't see where I am tapping/if popups come up etc.).
So here's my question(s):
Is adb-driven screen streaming the only option I have at that point?
Are these approaches reasonable, or is there an easier solution?
Is there a way to properly set up the adb connection, that is also compatible with the broken screen problem I experience?
As this seems to be a more general question, I wasn't sure where to put this thread, but I could imagine that many approaches could lead to a satisfying result.
Just in case everthing fails, I also ordered a new screen from china, but it will probably take around 3-4 weeks to arrive...
I would greatly appreciate any suggestions or feedback.
Thanks in advance!
Ulrich
Click to expand...
Click to collapse
it could be a hardware issue, most probably loose connection with the LCD Digitizer. you could try fixing it at a service or on your own.
Hey, and thanks!
You're right, it is most definitely a hardware issue. Hence, I ordered already a new screen.
Not sure if I want to break apart the whole phone again to check the connection to the LCD digitizer, if I can first try some software approaches...
The most pressing issue I have right now, is the missing authorization for usb debugging, as I can't answer any confirmation prompts send to the phone.

Categories

Resources