maemo.org - Talk - View Single Post - Introducing ubiboot N9 (multiboot OS loader)

gemfield	2013-11-05 , 15:18
Posts: 12 \| Thanked: 3 times \| Joined on Dec 2011 @ Beijing	#693

Originally Posted by juiceme

/dev/mtd0 is the bootloader, so messing with it is generally what you do not want to do, ever.
If you manage to write s**t there your device will not be able to boot, not now and never again.
And they will not be able to fix that in Nokia Care, or in any service shop since it requires equipment present only at the factory and that was closed down a long time ago.

But the question is whether you were able to damage it?

If you are in Open Mode, it depends on how you did the writing. There are some hazardous procedures, but bootloader is locked down against simple intrusion.

If you are in Closed Mode and managed to tamper with it... well, then the odds are pretty badly against you.

Thanks for your answer.
1, My N9 is in closed mode. in order to use ubiboot, now I am learning to be familiar with the N9 OS

2, Here is my code:
RM696-21-3_PR_003:~# cat mtd.c

Code:

#include <stdio.h>
#include <fcntl.h>
#include <sys/ioctl.h>
#include <mtd/mtd-user.h>

int main()
{
    mtd_info_t mtd_info;
    erase_info_t ei;
    int i;

    unsigned char data[20] = { 0xAA, 0x55, 0xAA, 0x55,0xAA, 0x55, 0xAA, 0x55,0xAA, 0x55, 0xAA, 0x55,0xAA, 0x55, 0xAA, 0x55,0xAA, 0x55, 0xAA, 0x55};
    unsigned char read_buf[20] = {0x00};

    int fd = open("/dev/mtd0", O_RDWR); 

    ioctl(fd, MEMGETINFO, &mtd_info);

    printf("mtd0 type: %x , mtd0 total size: %x bytes , mtd0 erase size: %x bytes\n",mtd_info.type, mtd_info.size, mtd_info.erasesize);

    ei.length = mtd_info.erasesize;

    for(ei.start = 0; ei.start < mtd_info.size; ei.start += ei.length){
        ioctl(fd, MEMUNLOCK, &ei);
        printf("Eraseing Block %#x\n", ei.start);
        ioctl(fd, MEMERASE, &ei);
    } 

    lseek(fd, 0, SEEK_SET);
    read(fd, read_buf, sizeof(read_buf));

    for(i = 0; i<20; i++)
        printf("buf[%d] = 0x%02x\n", i, (unsigned int)read_buf[i]);

    lseek(fd, 0, SEEK_SET);
    write(fd, data, sizeof(data));

    lseek(fd, 0, SEEK_SET);
    read(fd, read_buf, sizeof(read_buf));

    for(i = 0; i<20; i++)
         printf("buf[%d] = 0x%02x\n", i, (unsigned int)read_buf[i]);


    close(fd);
    return 0;
}

3, Here is the result:
RM696-21-3_PR_003:~# gcc mtd.c -o mtd
RM696-21-3_PR_003:~#./mtd

Code:

mtd0 type: 4 , mtd0 total size: 100000 bytes , mtd0 erase size: 40000 bytes
Eraseing Block 0
Eraseing Block 0x40000
Eraseing Block 0x80000
Eraseing Block 0xc0000
buf[0] = 0xa0
buf[1] = 0x00
buf[2] = 0x00
buf[3] = 0x00
buf[4] = 0xf0
buf[5] = 0x2d
buf[6] = 0x00
buf[7] = 0x00
buf[8] = 0x00
buf[9] = 0x00
buf[10] = 0x00
buf[11] = 0x00
buf[12] = 0x00
buf[13] = 0x00
buf[14] = 0x00
buf[15] = 0x00
buf[16] = 0x00
buf[17] = 0x00
buf[18] = 0x00
buf[19] = 0x00
buf[0] = 0xa0
buf[1] = 0x00
buf[2] = 0x00
buf[3] = 0x00
buf[4] = 0xf0
buf[5] = 0x2d
buf[6] = 0x00
buf[7] = 0x00
buf[8] = 0x00
buf[9] = 0x00
buf[10] = 0x00
buf[11] = 0x00
buf[12] = 0x00
buf[13] = 0x00
buf[14] = 0x00
buf[15] = 0x00
buf[16] = 0x00
buf[17] = 0x00
buf[18] = 0x00
buf[19] = 0x00

4, Seems that there have no warning or error, but mtd0 data is still old(i.e. write to mtd0 failed in fact).

5, What is the reason that write to mtd0 looks success but in fact failed?
6, If I reboot my N9, any risk here?

Thanks.

Quote & Reply |

The Following User Says Thank You to gemfield For This Useful Post:
juiceme