|
N950's serial-console Phoenix flasher jig adapter
1 Attachment(s)
Hello,
Here is an amazing device. Directly from Nokia Lab...:) You know what is it? Regards. |
Re: ??? Proto device ???
odds bodkins!
interesting looking board... |
Re: ??? Proto device ???
testing unit for some device
|
Re: ??? Proto device ???
I think it's a flashing jig used for flashing firmware onto a device.
There's a pic of a similar one in use here: https://maemoteam.wordpress.com/2009...lash-marathon/ |
Re: ??? Proto device ???
that is a very good guess.
|
Re: ??? Proto device ???
Quote:
|
Re: ??? Proto device ???
@n950: It is for which device? Nokia N900 or Nokia N950?
|
Re: ??? Proto device ???
Excellent.
You know what that means right guys?!?!?! We now have the power to automate the production line of flashing maemo onto whatever we can grab.... Maemo toasters.. Maemo nightlites ... Maemo tv remotes... Maemo alarm clocks... Maemo intimate electronic appliances... Why... we can implement the final directive... take over the world... dum-dum-dum--duuumm (ominous background music) |
Re: ??? Proto device ???
It's the old spark!
|
Re: ??? Proto device ???
:D
Dave's got it right. Actually ... it isn't the fact I've recently been watching whole seasons of it or anything :D But y'know the one guy THE one guy who would be all over the old n8x0's and the n900 for it's sheer tinker-ability... is The Doctor... as in Doctor Who... hell I bet he'd use it all the time... not saying he'd replace his sonic screwdriver or his new sonic shades... but I bet he'd tweak the hell out of a nxx0... |
Re: ??? Proto device ???
Quote:
It's the N950's serial-console Phoenix flasher jig adapter. And it's a prototype device :) It can be basically connected to any N950 as battery (you can even sideload power with 4V adapter or use real battery), and it exposes the RS232 pins (--set-rd-flags=serial-console) so basically you can see the kernel messages and login even on broken displays and bypass lockcodes. :eek: I can take others pics if you want... |
Re: N950's serial-console Phoenix flasher jig adapter
1 Attachment(s)
Here is a frontside picture:
It's a proto device :) |
Re: N950's serial-console Phoenix flasher jig adapter
This has been asked manymany times but
Where do you find and buy these? Cool, it is nice that you collect these protos and show these to us. Maybe otherwise these all cool protos would just dust somewhere :) |
Re: N950's serial-console Phoenix flasher jig adapter
It's my secret.
|
Re: N950's serial-console Phoenix flasher jig adapter
Here is my old post about that jig:
http://talk.maemo.org/showpost.php?p...9&postcount=79 |
Re: N950's serial-console Phoenix flasher jig adapter
@n950: please send it to dirkvl and together with kimmoli and andrew we will get hundreds of this device in less than one week. :-))
Very nice, thanks for sharing pictures. |
Re: N950's serial-console Phoenix flasher jig adapter
n950, please get us a Lauta RM-742, We know you can! :)
|
Re: N950's serial-console Phoenix flasher jig adapter
Quote:
I have sent you an email. Check it and let me know. Thanks. |
Re: N950's serial-console Phoenix flasher jig adapter
Hi,
With what application on Ubuntu or Windows i can bypass lockcode at startup from N950 device? How the jig adapter work? Any help? Thank you |
Re: N950's serial-console Phoenix flasher jig adapter
5 Attachment(s)
Test with device:
I have attached my N950 proto to my Jig to my PC (win7 x64) with rs232 to rs232 and rs232 to usb. Drivers: http://www.winchiphead.com/download/CH341/CH341SER.ZIP I put mu battery BV-4D on rearside and N950 on frontside. I put BSI to battery mode (here are the choice: normal, test, local, battery) and POWER SELECT to battery (choices: DC or Battery) I install WinFlasher and run it with this command: flasher --set-rd-flags=serial-console Now nothing Run. nb. if i push on N950 power the device Turn ON but I need to know how to recognize flasher with serial RS232 on Win7? Any help for that? Thanks in advance. |
Re: N950's serial-console Phoenix flasher jig adapter
I do not know how to use windows flasher but you need to do 2 things:
1) Enable rd mode (There should be a flasher switch to do that) 2) set serial console rd flag. And you need to connect the phone via USB in addition to the jig. jig is for serial console. USB is for flashing. |
Re: N950's serial-console Phoenix flasher jig adapter
use putty, set connection to serial (with correct serial port number, baud rate in settings) and you should ser kernel and bootloader messages in window
|
Re: N950's serial-console Phoenix flasher jig adapter
Quote:
If i see bootloader msg and kernel how to remove lockscreen (security code)? Is there any method to kill lockscreen password? without jig. https://m.youtube.com/watch?v=Quv9iD75JJM is it possible to do this method if it's at startup? |
Re: N950's serial-console Phoenix flasher jig adapter
N9 has OMAP which has a ROM-BOOT that checks for a 'magic char' during boot, on a number of interfaces (depending on some config pins of SoC). So you need flasher attached to one of the interfaces (serial, USB...) and started *before* you power up the OMAP device.
HTH /j |
Re: N950's serial-console Phoenix flasher jig adapter
2 Attachment(s)
Putty work :)
I have connected only the RS232 --> USB. But now how to remove password at startup? Any help? With Putty i can't enter command line why? Thank you |
Re: N950's serial-console Phoenix flasher jig adapter
Quote:
Can you explain me please? |
Re: N950's serial-console Phoenix flasher jig adapter
for password see how N900 device lockcode works (e.g. in http://talk.maemo.org/showthread.php?p=524522) - the problem is the lockcode function is part of the OS running, and I'd guess on N9(50) your best bet is to reflash the complete device to unlock an unknown lockcode. That's been the intended effect it been implemented for: protect your data when you lose device. So recovery path is: delete all data aka 'reflash'
{edit] while in N900 the lockcode (hash) is stored in NAND, in N9 iirc this is slightly different as in: you can't (write?) access the lockcode in openmode, as the storage location gets 'sealed' when the bootloader decides to enter 'openmode' and run an unsigned kernel. [edit2] basically I guess your situation is identical to this http://talk.maemo.org/showthread.php?p=603825 [edit3] afaik it was possible on N900 to set "locked: no" flag by mere flashing of rootfs in maybe up to PR1.2. However I'm sure they fixed that by adding a sort of flag to MyDocs as well, so you had to reflash both, in probably PR1.3. Sorry I lost interest in N9 / Harmattan when it became clear that user don't own their device since Nokia doesn't hand out the keys for that security stuff |
Re: N950's serial-console Phoenix flasher jig adapter
Quote:
The one i really want to bypass security code will arrive soon. It's N950 armored prototype with Beta OS. I don't want to flash the device. It's a jewel. So how to find pass or remove security code? Try to explain me step by step please. |
Re: N950's serial-console Phoenix flasher jig adapter
I'm really not competent since I never looked into details how Harmattan (closed blob lockscreen) works, but I'd suspect your only option _is_ reflashing. You should try to find the same version/revision-number of flash image as you got on your N950, so you don't 'upgrade', since Harmattan blocks downgrade. This means you can't flash an older than recently flashed image, and when you flash a newer image, you're one step closer to "dead end", Maybe http://maemo.cloud-7.de/950/myimages/ helps with that (OCF = One Click Flasher).
[edit] the whole purpose of device security lockcode and lockscreen is that you *cannot* bypass it (depending on manuffacturer's policy maybe except by a full reflash so the user data would stay private). If you could bypass (and access user private data) it would mean that the security folks in Nokia sw development did a poor job. The only other alternative to a) flashing and to b) hoping for an exploit that allows cracking the code (which I'm not aware of any for Harmattan, but see above about my competence) is: c) build some setup that tests all 99999 possible lockcodes. Compare the infamous recent case US authorities against Apple, to unlock an iPhone. Actually Apple also wouldn't really have a way to do that, just like Nokia wouldn't (or rather: isn't supposed to) have a way to unlock N9(50) while preserving user data (let alone that there are known attack vectors independant of OS to access the user data via exploit / rooting of the modem radio firmware stack, but those are not working on N9(50) unlike on basically all more modern smartphones) |
Re: N950's serial-console Phoenix flasher jig adapter
Quote:
Thanks for your help i hope i will find solution to kill lockscreen pass. perhaps like on youtube video i posted no? |
Re: N950's serial-console Phoenix flasher jig adapter
Quote:
My N950 Developer Edition (one of the early devices, never dared to update) has "Meego 1.2 Harmattan 1.2011.22-6_PR_RM680" which is same as http://maemo.cloud-7.de/950/myimages...0-OEM1-916.bin As long as you could log in to the device via e.g. ssh, there's hope to disable the lockcode or even crack it or reset it. If you can't log in and thus can't access system data, you're most likely in for reflashing or hacks like the YT video |
Re: N950's serial-console Phoenix flasher jig adapter
1 Attachment(s)
Hi,
Here is a picture of the terminal now working :) inside Putty Serial SSH. I need to know how to kill lockscreen password or find the password please? What command line? Any help? |
Re: N950's serial-console Phoenix flasher jig adapter
1 Attachment(s)
when i try like on youtube video (https://m.youtube.com/watch?v=Quv9iD75JJM) (app lockscreen crash put come just after 1 sec) and i have this message on putty:
|
Re: N950's serial-console Phoenix flasher jig adapter
hey that's good news, I already suspected it gets respawned. So you need to achieve to get this message a probably 3 times in one minute and respawning stops.
You also could try to simply `kill -9 devicelockd` but I'm pretty sure on Harmattan you don't have the permissions to do that, even as root. Cheer "THANK YOU AEGIS"! BE WARNED THOUGH! It might also result in MALF http://maemo.cloud-7.de/Aegis-kills-device.jpg Anyway kudos to the developer coding devicelockd, it's really brilliant to simply have a buffer overflow as backdoor there ;-P I couldn't have sneaked in anything any smarter, and you even have plausible deniability |
Re: N950's serial-console Phoenix flasher jig adapter
Hi,
When i run this command i have that on PR1.3: Code:
BusyBox v1.20.0.git (MeeGo 3:1.20-0.2+0m8) built-in shell (ash)About command Code:
kill -9 devicelockdCode:
sh: invalid number 'devicelockd'https://wiki.maemo.org/Phone_control...creen_and_keys on PR1.3 to start. Thanks |
Re: N950's serial-console Phoenix flasher jig adapter
Quote:
Quote:
ps gives you the pid Or you can try killall. (With no guarantee of success. I have never tried killing devicelockd.) |
Re: N950's serial-console Phoenix flasher jig adapter
You can use pkill instead of kill. Instead of needing the process ID you just need the process name, like this:
pkill devicelockd |
Re: N950's serial-console Phoenix flasher jig adapter
Quote:
And after 3/4 times device reboot. :( How to kill it definitively? Code:
BusyBox v1.20.0.git (MeeGo 3:1.20-0.2+0m8) built-in shell (ash) |
Re: N950's serial-console Phoenix flasher jig adapter
Quote:
Try killall devicelockd it works but Devicelock reappear everytime until device restart like pkill command :( |
Re: N950's serial-console Phoenix flasher jig adapter
It sounds like the watchdog restarts the device when devicelockd is terminated.
The following relates to maemo, and gives the R&D flags you can set (from [1]) Code:
maemo_flasher-3.5_2.4.5.3_beta/flasher-3.5 --set-rd-flagEdit: the folowing line from your paste indicates it might be the same option in harmattan: Code:
[ 231.310638] init: lifeguard resets ENABLED |
| All times are GMT. The time now is 00:36. |
vBulletin® Version 3.8.8