Active Topics
-
The N900 is now 15 years old! (9)
to Nokia N900 by Arno_11 - 8 hrs, 55 mins ago -
Sailfish OS for the Motorola Moto G7 Power (XT1955-5) - (ocean) (4)
to SailfishOS by Maemish - 5 days, 21 hrs ago - more...
|
2013-11-05
, 14:08
|
|
Posts: 44 |
Thanked: 9 times |
Joined on Apr 2013
|
#692
|
Originally Posted by Storm_11
Thanks but I use sillyboot instead. But I want ubiboot, would really want to triple boot or penta boot.
you're not alone, I've had the same issue with ubiboot too. tried a few different harmattan based kernels, all with the same issue. Black screen, but I haven't got around to getting debug logs yet, havent had the time. HW revision 1501
In the meantime, reflash the standard open kernel if you need to get back into harmattan.
sudo flasher -a <yourmainfirmware.bin> -k zImage_2.6.32.54-openmode_l2fix --flash-only=kernel -f -R
|
|
2013-11-05
, 15:18
|
|
Posts: 12 |
Thanked: 3 times |
Joined on Dec 2011
@ Beijing
|
#693
|
Originally Posted by juiceme
Thanks for your answer.
/dev/mtd0 is the bootloader, so messing with it is generally what you do not want to do, ever.
If you manage to write s**t there your device will not be able to boot, not now and never again.
And they will not be able to fix that in Nokia Care, or in any service shop since it requires equipment present only at the factory and that was closed down a long time ago.
But the question is whether you were able to damage it?
If you are in Open Mode, it depends on how you did the writing. There are some hazardous procedures, but bootloader is locked down against simple intrusion.
If you are in Closed Mode and managed to tamper with it... well, then the odds are pretty badly against you.
1, My N9 is in closed mode. in order to use ubiboot, now I am learning to be familiar with the N9 OS
2, Here is my code:
RM696-21-3_PR_003:~# cat mtd.c
Code:
#include <stdio.h>
#include <fcntl.h>
#include <sys/ioctl.h>
#include <mtd/mtd-user.h>
int main()
{
mtd_info_t mtd_info;
erase_info_t ei;
int i;
unsigned char data[20] = { 0xAA, 0x55, 0xAA, 0x55,0xAA, 0x55, 0xAA, 0x55,0xAA, 0x55, 0xAA, 0x55,0xAA, 0x55, 0xAA, 0x55,0xAA, 0x55, 0xAA, 0x55};
unsigned char read_buf[20] = {0x00};
int fd = open("/dev/mtd0", O_RDWR);
ioctl(fd, MEMGETINFO, &mtd_info);
printf("mtd0 type: %x , mtd0 total size: %x bytes , mtd0 erase size: %x bytes\n",mtd_info.type, mtd_info.size, mtd_info.erasesize);
ei.length = mtd_info.erasesize;
for(ei.start = 0; ei.start < mtd_info.size; ei.start += ei.length){
ioctl(fd, MEMUNLOCK, &ei);
printf("Eraseing Block %#x\n", ei.start);
ioctl(fd, MEMERASE, &ei);
}
lseek(fd, 0, SEEK_SET);
read(fd, read_buf, sizeof(read_buf));
for(i = 0; i<20; i++)
printf("buf[%d] = 0x%02x\n", i, (unsigned int)read_buf[i]);
lseek(fd, 0, SEEK_SET);
write(fd, data, sizeof(data));
lseek(fd, 0, SEEK_SET);
read(fd, read_buf, sizeof(read_buf));
for(i = 0; i<20; i++)
printf("buf[%d] = 0x%02x\n", i, (unsigned int)read_buf[i]);
close(fd);
return 0;
}
RM696-21-3_PR_003:~# gcc mtd.c -o mtd
RM696-21-3_PR_003:~#./mtd
Code:
mtd0 type: 4 , mtd0 total size: 100000 bytes , mtd0 erase size: 40000 bytes Eraseing Block 0 Eraseing Block 0x40000 Eraseing Block 0x80000 Eraseing Block 0xc0000 buf[0] = 0xa0 buf[1] = 0x00 buf[2] = 0x00 buf[3] = 0x00 buf[4] = 0xf0 buf[5] = 0x2d buf[6] = 0x00 buf[7] = 0x00 buf[8] = 0x00 buf[9] = 0x00 buf[10] = 0x00 buf[11] = 0x00 buf[12] = 0x00 buf[13] = 0x00 buf[14] = 0x00 buf[15] = 0x00 buf[16] = 0x00 buf[17] = 0x00 buf[18] = 0x00 buf[19] = 0x00 buf[0] = 0xa0 buf[1] = 0x00 buf[2] = 0x00 buf[3] = 0x00 buf[4] = 0xf0 buf[5] = 0x2d buf[6] = 0x00 buf[7] = 0x00 buf[8] = 0x00 buf[9] = 0x00 buf[10] = 0x00 buf[11] = 0x00 buf[12] = 0x00 buf[13] = 0x00 buf[14] = 0x00 buf[15] = 0x00 buf[16] = 0x00 buf[17] = 0x00 buf[18] = 0x00 buf[19] = 0x00
5, What is the reason that write to mtd0 looks success but in fact failed?
6, If I reboot my N9, any risk here?
Thanks.
| The Following User Says Thank You to gemfield For This Useful Post: | ||
|
|
2013-11-05
, 15:38
|
|
Community Council |
Posts: 4,920 |
Thanked: 12,867 times |
Joined on May 2012
@ Southerrn Finland
|
#694
|
Originally Posted by gemfield
Ah, I see you are really delibrately trying to write into mtd0. Risque, that is
Thanks for your answer.
1, My N9 is in closed mode. in order to use ubiboot, now I am learning to be familiar with the N9 OS
2, Here is my code:
RM696-21-3_PR_003:~# cat mtd.c
3, Here is the result:
RM696-21-3_PR_003:~# gcc mtd.c -o mtd
RM696-21-3_PR_003:~#./mtd
4, Seems that there have no warning or error, but mtd0 data is still old(i.e. write to mtd0 failed in fact).
5, What is the reason that write to mtd0 looks success but in fact failed?
6, If I reboot my N9, any risk here?
Thanks.
Well, for starters, even as you are in Closed Mode, you do not have enought credentials to do what you're after.
The device has pretty good safeguards against that, so even as you run that code as root it still will fail silently due to missing credentials. Now, if you do want to destroy your device permanently, you can run your code under Inception to gain privilidges to make the write happen for real.
As for booting the device now, you should be safe as your code did not really modify mtd0.
|
|
2013-11-05
, 18:49
|
|
Posts: 69 |
Thanked: 50 times |
Joined on Mar 2012
|
#695
|
what exactly do you mean by flashing to closed/open mode back to back i don't understand exactly, please elaborate the commands for this if you don't mind, thanks again, i just ref lashed the device using
sudo flasher -F <yourmainfirmware.bin> -F <youremmc.bin> -f and then flashed the open kernel, please correct what I am doing so Aegis does not have issues, thanks again
sudo flasher -F <yourmainfirmware.bin> -F <youremmc.bin> -f and then flashed the open kernel, please correct what I am doing so Aegis does not have issues, thanks again
|
|
2013-11-05
, 19:23
|
|
Posts: 69 |
Thanked: 50 times |
Joined on Mar 2012
|
#696
|
I got ubiboot booting my device by reading the readme file in ubiboot downloads, i didnt get rid of the openmode warning, now that i got this far is there an easy way to do that, i tried and it gave an error, Thanks again
|
|
2013-11-05
, 20:17
|
|
Community Council |
Posts: 4,920 |
Thanked: 12,867 times |
Joined on May 2012
@ Southerrn Finland
|
#697
|
Originally Posted by plourde
The back-to-back flashing procedure is to make sure that when the device boots up the first time after a clean flash, it boots to open mode.
what exactly do you mean by flashing to closed/open mode back to back i don't understand exactly, please elaborate the commands for this if you don't mind, thanks again, i just ref lashed the device using
sudo flasher -F <yourmainfirmware.bin> -F <youremmc.bin> -f and then flashed the open kernel, please correct what I am doing so Aegis does not have issues, thanks again
Why this is important; After a clean flash, the first boot creates the aegis keys for the device. These keys are different for open mode and closed mode, and if you have closed mode keys in open mode device you will have lots of random problems.
So, how this is done, is you need to clean-flash, and then immediately flash an open mode kernel before the device boots after the clean flash.
In Linux you can enter 2 flashing commands on the same row, separated by semicolon, so that when first command is executed, the second command is executed right after it:
sudo flasher -F firmware.bin -F emmc.bin -f -R ; sudo flasher -a firmware.bin -k zImage_2.6.32.54-openmode_l2fix --flash-only=kernel -f -R
|
|
2013-11-05
, 20:20
|
|
Community Council |
Posts: 4,920 |
Thanked: 12,867 times |
Joined on May 2012
@ Southerrn Finland
|
#698
|
Originally Posted by plourde
If you want to remove the openmode warning, you need to flash it clean to cosed mode first;
I got ubiboot booting my device by reading the readme file in ubiboot downloads, i didnt get rid of the openmode warning, now that i got this far is there an easy way to do that, i tried and it gave an error, Thanks again
sudo flasher -F firmware.bin -F emmc.bin -f -R
Then remove the warning:
disclaimer-cal remove View-openmode
And last, do the back-to-back flashing.
|
|
2013-11-06
, 14:24
|
|
Posts: 12 |
Thanked: 3 times |
Joined on Dec 2011
@ Beijing
|
#699
|
Originally Posted by juiceme
Hi, juiceme, I am really intresting in that how ubiboot works:
@plourde, you do not need to remove sillyboot at all, sillyboot and ubiboot operate at different boot phases.
How sillyboot works:
- boot loader starts up the flashed kernel just as usual
- last part of kernel startup is call to /sbin/preinit which does number of things before launching up /sbin/init
- sillyboot is a modification of /sbin/preinit which allows starting up different init, based on user selection
How ubiboot works:
- boot loader starts up the ubiboot kernel instead of device kernel
- ubiboot runs a self-contained linux minidistro which has many things, including the boot menu selection
- based on user selection, ubiboot loads up the next level kernel and set sup the correct boot environment.
a) for Harmattan, it prepares kernel to run /sbin/preinit_harmattan from mmcblk0p2.
b) for Nitdroid, it prepares kernel to run /sbin/preinit_nitdroid from mmcblk0p2.
c) for Nemo, it prepares kernel to run /sbin/init from mmcblk0p4.
d) for Firefox, it prepares kernel to run /sbin/preinit_firefox from mmcblk0p2.
e) and so on...- last thing what happens, is that ubiboot executes the loaded 2nd level kernel, which goes on and starts the prepared preinit/init file.
So, now you understand that when you use ubiboot, your sillyboot will never be run at all, the modified /sbin/preinit that is sillyboot is sidestepped totally.
To install ubiboot, this is the simple list of things what to do:
1.) copy the file ubiboot.conf to your /home/userMyDocs/boot/ directory
2.) copy the cpio archive to your /home/user/MyDocs/boot/ directory
3.) copy your kernels to /boot/ directory
4.) copy the preinits to /sbin/ directory
5.) flash the ubiboot kernel
That's it. And remember to check that ubiboot.conf has the correct list of kernels that you copied to /boot/
There are dozens of things you could do differently but this is the basic setup.
1, /dev/mtd0 is the bootloader and locked by Nokia, then why it can start the ubiboot kernel? Isn't it can only load official kernel with Nokia signature? Does ubiboot kernel have such signature?
2, what is the difference between /dev/mtd0 bootloader and the Nolo bootloader? If they are different, then which partion that the Nolo bootloader located?
| The Following User Says Thank You to gemfield For This Useful Post: | ||
|
|
2013-11-06
, 15:08
|
|
Community Council |
Posts: 4,920 |
Thanked: 12,867 times |
Joined on May 2012
@ Southerrn Finland
|
#700
|
Originally Posted by gemfield
The bootloader starts any kernel that's correctly stored to the kernel partition (which is mtd2, by the way)
Hi, juiceme, I am really intresting in that how ubiboot works:
1, /dev/mtd0 is the bootloader and locked by Nokia, then why it can start the ubiboot kernel? Isn't it can only load official kernel with Nokia signature? Does ubiboot kernel have such signature?
2, what is the difference between /dev/mtd0 bootloader and the Nolo bootloader? If they are different, then which partion that the Nolo bootloader located?
The bootup behaves a bit differently, however, depending on if the kernet is signed with Nokia certificate or not.
If the kernel is "Original Nokia-signed kernel", the device unlocks access to the HW-protected trusted-mode registers and functionality, allowing system trusted services to do prectically anything on the device HW.
If the kernel is not signed correctly, the device locks the trusted mode access and there are some things that cannot be done. (for example the writing to mtd0 that you attempted in your code...)
Ubiboot kernel is not signed by Nokia, if it was things would be very different indeed
To use ubiboot, you do not need to mess with MTD, or do any esoteric trics, it is enough just to flash it to the device with the regular flasher.
| The Following User Says Thank You to juiceme For This Useful Post: | ||
The Glorious Lady T.Mavica
Twitter https://twitter.com/TMavica