Also tried the above but got the following error:
>fastboot boot aboot.img
creating boot image...
creating boot image - 1050624 bytes
downloading 'boot.img'...
OKAY [ 0.040s]
booting...
FAILED (remote: dtb not found)
finished. total time: 0.077s
Hi, I think you are right. The plastic piece is covered in a piece of black tape that appears to have some metal embedded in it. This was pointed out to me in the "NixOS on Arm" Matrix room. samueldr there also pointed out that there is likely two antennas on the "shunt" (there were two traces into the sticker and seemingly two separate metal traces in the stickers), though interestingly only one connecting pad on the board itself.
sadly, I can only remember one out of a handful of devices/bootloaders this worked on, including even pixel devices.
I can try to get the EDL dump but I'm on NixOS and I don't think those tools are packaged, so I'd have a bit of a speedbump before even getting to the dump. EDIT: I guess I only get emails for some Discourse replies, I didn't realize someone had already posted a dump. Hurray!
1 Like
Thanks for the dumps, the boot.bin contains some dtb's, but it's not clear which of them is actually the right one.
Can you fetch the properties via adb shell?
adb shell getprop | grep "board-id\|msm-id\"
or via fastboot:
fastboot getvar all
grep command gave some issues for some reason but here is the complete getprop:
C:\WINDOWS\System32>adb shell getprop | grep "board-id\|msm-id\"
'grep' is not recognized as an internal or external command,
operable program or batch file.
C:\WINDOWS\System32>adb shell
130|shell@msm8916_32_512:/ $ getprop | grep "board-id\|msm-id\"
>
>130|shell@msm8916_32_512:/ $ getprop
[DEVICE_PROVISIONED]: [1]
[audio.offload.buffer.size.kb]: [32]
[audio.offload.gapless.enabled]: [true]
[av.offload.enable]: [true]
[config.disable_atlas]: [true]
[dalvik.vm.heapgrowthlimit]: [48m]
[dalvik.vm.heapmaxfree]: [2m]
[dalvik.vm.heapminfree]: [512k]
[dalvik.vm.heapsize]: [128m]
[dalvik.vm.heapstartsize]: [5m]
[dalvik.vm.heaptargetutilization]: [0.75]
[dalvik.vm.stack-trace-file]: [/data/anr/traces.txt]
[debug.composition.type]: [c2d]
[debug.egl.hw]: [1]
[debug.force_rtl]: [0]
[debug.mdpcomp.logs]: [0]
[debug.sf.hw]: [1]
[dev.bootcomplete]: [1]
[dev.pm.dyn_samplingrate]: [1]
[dolby.audio.sink.info]: [speaker]
[gsm.current.phone-type]: [1]
[gsm.network.type]: [Unknown]
[gsm.operator.alpha]: []
[gsm.operator.iso-country]: []
[gsm.operator.isroaming]: [false]
[gsm.operator.numeric]: []
[gsm.sim.state]: [ABSENT]
[gsm.version.baseband]: [MD8610 1935 14W23]
[gsm.version.ril-impl]: [Qualcomm RIL 1.0]
[init.svc.adbd]: [running]
[init.svc.atfwd]: [running]
[init.svc.audiod]: [running]
[init.svc.bootanim]: [stopped]
[init.svc.carrier_switcher]: [stopped]
[init.svc.cnd]: [stopped]
[init.svc.config-video]: [stopped]
[init.svc.config-zram]: [stopped]
[init.svc.config_bluetooth]: [stopped]
[init.svc.console]: [running]
[init.svc.debuggerd]: [running]
[init.svc.dpmd]: [stopped]
[init.svc.drm]: [running]
[init.svc.healthd]: [running]
[init.svc.httpproxy-sh]: [stopped]
[init.svc.ims_rtp_daemon]: [running]
[init.svc.imsdatadaemon]: [running]
[init.svc.imsqmidaemon]: [running]
[init.svc.installd]: [running]
[init.svc.irsc_util]: [stopped]
[init.svc.keystore]: [running]
[init.svc.media]: [running]
[init.svc.netd]: [running]
[init.svc.netmgrd]: [running]
[init.svc.new_imei]: [stopped]
[init.svc.ptt_socket_app]: [running]
[init.svc.qcom-c_core-sh]: [stopped]
[init.svc.qcom-c_main-sh]: [stopped]
[init.svc.qcom-post-boot]: [stopped]
[init.svc.qcom-sh]: [stopped]
[init.svc.qcom-usb-sh]: [stopped]
[init.svc.qcomsysd]: [running]
[init.svc.qmuxd]: [running]
[init.svc.qrngd]: [running]
[init.svc.qrngp]: [stopped]
[init.svc.qseecomd]: [running]
[init.svc.rfs_access]: [running]
[init.svc.ril-daemon]: [running]
[init.svc.rmt_storage]: [running]
[init.svc.sdcard]: [running]
[init.svc.servicemanager]: [running]
[init.svc.ssr_setup]: [stopped]
[init.svc.surfaceflinger]: [running]
[init.svc.thermal-engine]: [running]
[init.svc.time_daemon]: [running]
[init.svc.ueventd]: [running]
[init.svc.usb_uicc_daemon]: [stopped]
[init.svc.usb_uicc_enable]: [stopped]
[init.svc.vm_bms]: [running]
[init.svc.vold]: [running]
[init.svc.wcnss-service]: [running]
[init.svc.zygote]: [running]
[keyguard.no_require_sim]: [true]
[media.aac_51_output_enabled]: [true]
[media.stagefright.enable-aac]: [true]
[media.stagefright.enable-fma2dp]: [true]
[media.stagefright.enable-http]: [true]
[media.stagefright.enable-player]: [true]
[media.stagefright.enable-qcp]: [true]
[media.stagefright.enable-scan]: [true]
[media.swhevccodectype]: [1]
[mm.enable.qcom_parser]: [3407871]
[mmp.enable.3g2]: [true]
[net.bt.name]: [Android]
[net.change]: [net.qtaguid_enabled]
[net.hostname]: [android-b155c8599ab2530d]
[net.qtaguid_enabled]: [1]
[net.tcp.buffersize.default]: [4096,87380,110208,4096,16384,110208]
[net.tcp.buffersize.edge]: [4093,26280,35040,4096,16384,35040]
[net.tcp.buffersize.evdo]: [4094,87380,262144,4096,16384,262144]
[net.tcp.buffersize.gprs]: [4092,8760,11680,4096,8760,11680]
[net.tcp.buffersize.hsdpa]: [4094,87380,1220608,4096,16384,1220608]
[net.tcp.buffersize.hspa]: [4094,87380,1220608,4096,16384,1220608]
[net.tcp.buffersize.hspap]: [4094,87380,1220608,4096,16384,1220608]
[net.tcp.buffersize.hsupa]: [4094,87380,1220608,4096,16384,1220608]
[net.tcp.buffersize.lte]: [524288,1048576,2097152,262144,524288,1048576]
[net.tcp.buffersize.umts]: [4094,87380,110208,4096,16384,110208]
[net.tcp.buffersize.wifi]: [524288,2097152,4194304,262144,524288,1048576]
[net.tcp.default_init_rwnd]: [60]
[net.tcp.delack.default]: [1]
[net.tcp.delack.lte]: [8]
[net.tcp.delack.wifi]: [20]
[net.tcp.usercfg.default]: [0]
[net.tcp.usercfg.lte]: [1]
[net.tcp.usercfg.wifi]: [1]
[persist.audio.fluence.speaker]: [true]
[persist.audio.fluence.voicecall]: [true]
[persist.audio.fluence.voicerec]: [false]
[persist.camera.capture.animate]: [1]
[persist.camera.preview.size]: [0]
[persist.camera.qcom.misc]: [0]
[persist.camera.tintless]: [enable]
[persist.camera.tn.disable]: [0]
[persist.cne.feature]: [4]
[persist.data.netmgrd.qos.enable]: [true]
[persist.debug.wfd.enable]: [1]
[persist.demo.hdmirotationlock]: [false]
[persist.dpm.feature]: [0]
[persist.env.c.phone.matchnum]: [11]
[persist.fuse_sdcard]: [true]
[persist.gps.qc_nlp_in_use]: [1]
[persist.hwc.enable_vds]: [1]
[persist.hwc.mdpcomp.enable]: [true]
[persist.loc.nlp_name]: [com.qualcomm.services.location]
[persist.oem.dump]: [1]
[persist.radio.VT_ENABLE]: [1]
[persist.radio.VT_HYBRID_ENABLE]: [1]
[persist.radio.adb_log_on]: [0]
[persist.radio.apm_sim_not_pwdn]: [1]
[persist.radio.calls.on.ims]: [true]
[persist.radio.csvt.enabled]: [false]
[persist.radio.custom_ecc]: [1]
[persist.radio.dsdx]: [true]
[persist.radio.eons.enabled]: [false]
[persist.radio.ignore_dom_time]: [5]
[persist.radio.jbims]: [1]
[persist.radio.lte_vrte_ltd]: [1]
[persist.radio.mt_sms_ack]: [20]
[persist.radio.multisim.config]: [ssss]
[persist.radio.network_feature]: [2]
[persist.radio.nitz_lons_0_0]: [eir]
[persist.radio.nitz_lons_1_0]: []
[persist.radio.nitz_lons_2_0]: []
[persist.radio.nitz_lons_3_0]: []
[persist.radio.nitz_plmn_0]: [272 03]
[persist.radio.nitz_sons_0_0]: [eir]
[persist.radio.nitz_sons_1_0]: []
[persist.radio.nitz_sons_2_0]: []
[persist.radio.nitz_sons_3_0]: []
[persist.radio.rat_on]: [combine]
[persist.radio.restore_mode_pref]: [1]
[persist.rild.nitz_long_ons_0]: []
[persist.rild.nitz_long_ons_1]: []
[persist.rild.nitz_long_ons_2]: []
[persist.rild.nitz_long_ons_3]: []
[persist.rild.nitz_plmn]: []
[persist.rild.nitz_short_ons_0]: []
[persist.rild.nitz_short_ons_1]: []
[persist.rild.nitz_short_ons_2]: []
[persist.rild.nitz_short_ons_3]: []
[persist.sys.country]: [CN]
[persist.sys.dalvik.vm.lib]: [libdvm.so]
[persist.sys.language]: [zh]
[persist.sys.localevar]: []
[persist.sys.logkit.ctrlcode]: [1]
[persist.sys.profiler_ms]: [0]
[persist.sys.strict_op_enable]: [false]
[persist.sys.timezone]: [Europe/Dublin]
[persist.sys.usb.config.extra]: [none]
[persist.sys.usb.config]: [diag,serial_smd,rmnet_bam,adb]
[persist.sys.whitelist]: [/system/etc/whitelist_appops.xml]
[persist.telephony.oosisdc]: [false]
[persist.timed.enable]: [true]
[persist.usb.chgdisabled]: [1]
[ril.ecclist]: [911,112,000,08,110,999,118,119]
[ril.qcril_pre_init_lock_held]: [0]
[ril.subscription.types]: [NV,RUIM]
[rild.libargs]: [-d /dev/smd0]
[rild.libpath]: [/system/vendor/lib/libril-qc-qmi-1.so]
[ro.adb.secure]: [0]
[ro.alarm_boot]: [false]
[ro.allow.mock.location]: [0]
[ro.baseband]: [msm]
[ro.bluetooth.dun]: [true]
[ro.bluetooth.hfp.ver]: [1.6]
[ro.bluetooth.sap]: [true]
[ro.board.platform]: [msm8916]
[ro.boot.baseband]: [msm]
[ro.boot.bootdevice]: [7824900.sdhci]
[ro.boot.dump_switch]: [on]
[ro.boot.emmc]: [true]
[ro.boot.hardware]: [qcom]
[ro.boot.selinux]: [disabled]
[ro.boot.serialno]: [42bbae6c]
[ro.bootloader]: [unknown]
[ro.bootmode]: [unknown]
[ro.build.characteristics]: [default]
[ro.build.date.utc]: [1654962539]
[ro.build.date]: [2022年 06月 11日 星期六 23:48:59 CST]
[ro.build.description]: [msm8916_32_512-user 4.4.4 KTU84P eng.qwang.20220611 test-keys]
[ro.build.display.id]: [UNF1123]
[ro.build.fingerprint]: [qcom/msm8916_32_512/msm8916_32_512:4.4.4/KTU84P/eng.qwang.20220611:user/test-keys]
[ro.build.host]: [qwang]
[ro.build.id]: [KTU84P]
[ro.build.product]: [msm8916_32_512]
[ro.build.tags]: [test-keys]
[ro.build.type]: [user]
[ro.build.user]: [qwang]
[ro.build.version.codename]: [REL]
[ro.build.version.incremental]: [eng.qwang.20220611]
[ro.build.version.release]: [4.4.4]
[ro.build.version.sdk]: [19]
[ro.carrier]: [unknown]
[ro.com.android.dataroaming]: [true]
[ro.com.android.dateformat]: [MM-dd-yyyy]
[ro.config.alarm_alert]: [Alarm_Classic.ogg]
[ro.config.low_ram]: [true]
[ro.config.max_starting_bg]: [3]
[ro.config.notification_sound]: [OnTheHunt.ogg]
[ro.config.pppoe_enable]: [1]
[ro.config.zram]: [true]
[ro.crypto.state]: [unencrypted]
[ro.debuggable]: [1]
[ro.factorytest]: [0]
[ro.fm.transmitter]: [false]
[ro.gps.agps_provider]: [1]
[ro.hardware]: [qcom]
[ro.min_freq_0]: [400000]
[ro.opengles.version]: [196608]
[ro.pip.gated]: [0]
[ro.product.board]: [msm8916]
[ro.product.brand]: [qcom]
[ro.product.cpu.abi2]: [armeabi]
[ro.product.cpu.abi]: [armeabi-v7a]
[ro.product.device]: [msm8916_32_512]
[ro.product.locale.language]: [en]
[ro.product.locale.region]: [US]
[ro.product.manufacturer]: [unknown]
[ro.product.model]: [msm8916_32_512]
[ro.product.name]: [msm8916_32_512]
[ro.qc.sdk.audio.fluencetype]: [none]
[ro.qc.sdk.audio.ssr]: [false]
[ro.qualcomm.bluetooth.ftp]: [true]
[ro.qualcomm.bluetooth.hfp]: [true]
[ro.qualcomm.bluetooth.hsp]: [true]
[ro.qualcomm.bluetooth.map]: [true]
[ro.qualcomm.bluetooth.nap]: [true]
[ro.qualcomm.bluetooth.opp]: [true]
[ro.qualcomm.bluetooth.pbap]: [true]
[ro.qualcomm.bt.hci_transport]: [smd]
[ro.qualcomm.cabl]: [0]
[ro.revision]: [0]
[ro.ril.svdo]: [false]
[ro.ril.svlte1x]: [false]
[ro.runtime.firstboot]: [86411866]
[ro.secure]: [0]
[ro.serialno]: [42bbae6c]
[ro.sf.lcd_density]: [320]
[ro.sys.fw.bg_apps_limit]: [16]
[ro.sys.usb.default.config]: [diag,serial_smd,rmnet_bam,adb]
[ro.telephony.call_ring.multiple]: [false]
[ro.telephony.default_cdma_sub]: [0]
[ro.telephony.default_network]: [12]
[ro.use_data_netmgrd]: [true]
[ro.vendor.extension_library]: [/vendor/lib/libqc-opt.so]
[ro.wifi.channels]: []
[service.bootanim.exit]: [1]
[swe.tile.height]: [128]
[swe.tile.maxtile]: [128]
[swe.tile.width]: [128]
[sys.boot_completed]: [1]
[sys.ims.DATA_DAEMON_STATUS]: [1]
[sys.ims.QMI_DAEMON_STATUS]: [1]
[sys.keymaster.loaded]: [true]
[sys.listeners.registered]: [true]
[sys.sysctl.extra_free_kbytes]: [10800]
[sys.usb.config]: [rndis,none,adb]
[sys.usb.rps_mask]: [0]
[sys.usb.state]: [rndis,adb]
[sys.usb.tethering]: [true]
[telephony.lteOnCdmaDevice]: [1]
[tunnel.audio.encode]: [false]
[usb_uicc.enabled]: [0]
[usb_uicc.loading]: [1]
[use.voice.path.for.pcm.voip]: [true]
[vidc.enc.narrow.searchrange]: [1]
[vold.post_fs_data_done]: [1]
[wifi.interface]: [wlan0]
[wlan.driver.ath]: [0]
[wlan.driver.config]: [/data/misc/wifi/WCNSS_qcom_cfg.ini]
[wlan.driver.status]: [ok]
shell@msm8916_32_512:/ $
fastboot getvar all gave nothing:
C:\WINDOWS\System32>fastboot getvar all
all:
finished. total time: 0.003s
This help?
Unfortunately not, as there is no hint regarding the exact model.
On this old of a version of Android, isn't the DTB appended to the gzip'd kernel? (That's how I managed to get my own kernel to boot, anyway).
So, I just got one of the red+white sticks... the shell has a microsd slot, but there's nothing underneath. And it appears to be the same board, but... the two pads at the bottom of the picture I sent earlier are each soldered, so maybe there are subtle differences.
from the black stick (that I've previously shown):
Format: Log Type - Time(microsec) - Message - Optional Info
Log Type: B - Since Boot(Power On Reset), D - Delta, S - Statistic
S - QC_IMAGE_VERSION_STRING=BOOT.BF.3.0.C4.1-00011
S - IMAGE_VARIANT_STRING=HAAAANAZA
S - OEM_IMAGE_VERSION_STRING=qwang
S - Boot Config, 0x000002e1
S - Core 0 Frequency, 0 MHz
B - 1544 - PBL, Start
B - 3488 - bootable_media_detect_entry, Start
B - 68848 - bootable_media_detect_success, Start
B - 68853 - elf_loader_entry, Start
B - 70146 - auth_hash_seg_entry, Start
B - 70355 - auth_hash_seg_exit, Start
B - 86587 - elf_segs_hash_verify_entry, Start
B - 145131 - PBL, End
B - 119834 - SBL1, Start
B - 169671 - pm_device_init, Start
D - 14243 - pm_device_init, Delta
B - 184403 - boot_flash_init, Start
D - 30 - boot_flash_init, Delta
B - 188398 - boot_config_data_table_init, Start
D - 22814 - boot_config_data_table_init, Delta - (0 Bytes)
B - 215787 - CDT version:3,Platform ID:11,Major ID:1,Minor ID:0,Subtype:0
B - 222009 - sbl1_ddr_set_params, Start
B - 225700 - cpr_init, Start
D - 0 - cpr_init, Delta
B - 231312 - Pre_DDR_clock_init, Start
D - 183 - Pre_DDR_clock_init, Delta
D - 0 - sbl1_ddr_set_params, Delta
B - 243786 - pm_driver_init, Start
D - 6832 - pm_driver_init, Delta
B - 259189 - clock_init, Start
D - 30 - clock_init, Delta
B - 269315 - Image Load, Start
D - 34709 - QSEE Image Loaded, Delta - (332232 Bytes)
B - 304054 - Image Load, Start
D - 6893 - SEC Image Loaded, Delta - (2048 Bytes)
B - 313143 - sbl1_efs_handle_cookies, Start
D - 610 - sbl1_efs_handle_cookies, Delta
B - 319548 - Image Load, Start
D - 18605 - QHEE Image Loaded, Delta - (15032 Bytes)
B - 338184 - Image Load, Start
D - 18666 - RPM Image Loaded, Delta - (149308 Bytes)
B - 356850 - Image Load, Start
D - 22478 - APPSBL Image Loaded, Delta - (344784 Bytes)
B - 379359 - QSEE Execution, Start
D - 61 - QSEE Execution, Delta
B - 385062 - SBL1, End
D - 267577 - SBL1, Delta
S - Flash Throughput, 115000 KB/s (843404 Bytes, 7320 us)
S - DDR Frequency, 400 MHz
Android Bootloader - UART_DM Initialized!!!
[0] welcome to lk
[10] platform_init()
[10] Configured XPU violations to be fatal errors
[10] target_init()
[60] Done initialization of the card
[80] pm8S��}� cold boot
[80] pm8x41_get_is_cold_boot: cold boot
[90] Unable to locate /bootselect partition
[90] use_signed_kernel=0, is_unlocked=1, is_tampered=0.
[100] Loading boot image (6252544): W�5
[150] Loading boot image (6252544): done
[150] DTB Total entry: 56, DTB version: 3
[160] Using DTB entry 0x000000ce/00000000/0x0001000b/256 for device 0x000000ce/00010000/0x0001000b/0
[170] pm8x41_get_is_cold_boot: cold boot
[170] target_pause_for_battery_charge : pon_reason is 16 cold_boot:1
[180] cmdline: ra=r2020a androidboot.hardware=qcom user_debug=31 msm_rtb.filter=0x237 ehci-hcd.park=3 androidboot.bootdevice=7824900.sdhci androidboot.Y+˫�disabled selinux=0 androidboot.emmc=true androidboot.serialno=60d83205 androidboot.baseband=msm androi[200] Updating device tree: start
[350] Updating device tree: done
[360] booting linux @ 0x80008000, ramdisk @ 0x82000000 (502655), tags/device tree @ 0x81e00000
from the red+white:
S - QC_IMAGE_VERSION_STRING=BOOT.BF.3.0.C4.1-00011
S - IMAGE_VARIANT_STRING=HAAAANAZA
S - OEM_IMAGE_VERSION_STRING=qwang
S - Boot Config, 0x000002e1
S - Core 0 Frequency, 0 MHz
B - 1545 - PBL, Start
B - 3490 - bootable_media_detect_entry, Start
B - 126981 - bootable_media_detect_success, Start
B - 126986 - elf_loader_entry, Start
B - 128274 - auth_hash_seg_entry, Start
B - 128484 - auth_hash_seg_exit, Start
B - 142724 - elf_segs_hash_verify_entry, Start
B - 201621 - PBL, End
B - 208620 - SBL1, Start
B - 271907 - pm_device_init, Start
D - 14762 - pm_device_init, Delta
B - 287249 - boot_flash_init, Start
D - 0 - boot_flash_init, Delta
B - 291275 - boot_config_data_table_init, Start
D - 21319 - boot_config_data_table_init, Delta - (0 Bytes)
B - 317169 - CDT version:3,Platform ID:11,Major ID:1,Minor ID:0,Subtype:0
B - 323361 - sbl1_ddr_set_params, Start
B - 327051 - cpr_init, Start
D - 30 - cpr_init, Delta
B - 332694 - Pre_DDR_clock_init, Start
D - 183 - Pre_DDR_clock_init, Delta
D - 0 - sbl1_ddr_set_params, Delta
B - 345138 - pm_driver_init, Start
D - 6832 - pm_driver_init, Delta
B - 360571 - clock_init, Start
D - 30 - clock_init, Delta
B - 370666 - Image Load, Start
D - 33947 - QSEE Image Loaded, Delta - (332232 Bytes)
B - 404613 - Image Load, Start
D - 6893 - SEC Image Loaded, Delta - (2048 Bytes)
B - 413732 - sbl1_efs_handle_cookies, Start
D - 610 - sbl1_efs_handle_cookies, Delta
B - 420137 - Image Load, Start
D - 18544 - QHEE Image Loaded, Delta - (15032 Bytes)
B - 438712 - Image Load, Start
D - 18635 - RPM Image Loaded, Delta - (149308 Bytes)
B - 457378 - Image Load, Start
D - 22539 - APPSBL Image Loaded, Delta - (344784 Bytes)
B - 479948 - QSEE Execution, Start
D - 91 - QSEE Execution, Delta
B - 485651 - SBL1, End
D - 279380 - SBL1, Delta
S - Flash Throughput, 113000 KB/s (843404 Bytes, 7411 us)
S - DDR Frequency, 400 MHz
Android Bootloader - UART_DM Initialized!!!
[0] welcome to lk
[10] platform_init()
[10] Configured XPU violations to be fatal errors
[10] target_init()
[60] Done initialization of the card
[80] pm8x41_'et_is_cold_boot: cold boot
[80] pm8x41_get_is_cold_boot: cold boot
[90] Unable to locate /bootselect partition
[90] use_signed_kernel=0, is_unlocked=0, is_tampered=0.
[100] Loading boot image (6252544): start
[150] Loading boot image (62SI"5
[150] DTB Total entry: 56, DTB version: 3
[160] Using DTB entry 0x000000ce/00000000/0x0001000b/256 for device 0x000000ce/00010000/0x0001000b/0
[170] pm8x41_get_is_cold_boot: cold boot
[170] target_pause_for_battery_charge : pon_reason is 16 cold_boot:1
[180] cmdline: ra=r2020a androidboot.hardware=qcom user_debug=31 msm_rtb.filter=0x237 ehci-hcd.park=3 androidbbootdevice=7824900.sdhci androidboot.selinux=disabled selinux=0 androidboot.emmc=true androidboot.serialno=dde3b899 androidboot.baseband=msm androi[200] UVѥdevice tree: start
[360] Updating device tree: done
[360] booting linux @ 0x80008000, ramdisk @ 0x82000000 (502655), tags/device tree @ 0x81e00000
Looks identical, though I just eyeballed critical values. There's some info about the DTB it's selecting, maybe that's helpful @kirdes
Yes, the dtb's are appended to the kernel. And the kernel in turn is part of the boot.bin.
But none of the dtb's makes sense (at least to me), there aren't any led-gpios nor button-gpios defined.
According to the logs, lk hands over a dtb (out of 56!), but it's still not clear, which dtb that is.
Both of the logs are stopping after the kernel boot?
Yeah, the actual kernel log doesn't output to UART (unless there's something I can turn on in fastboot, idk?).
Once I flash the OpenStick release, I get the lk and kernel output over UART but that's not going to give you anything helpful from the DTB angle.
There are two GPIO wired up to the test pads, and one of those is also wired up to the reset button (GPIO35). From the debian image, I was able to use /sys/kernel/debug/gpio to determine this.
I think I'm getting my head around some of the lk2nd code to maybe write a patch to let lk properly break into a recovery/fastboot (not sure if it can go to EDL) mode with this gpio pin...
EDIT: I'm pretty sure it's a one-line change needed to update the GPIO pin from 37 to 35 for these particular sticks. As long as I can always break back into fastboot, this would unlock pretty safe testing/iteration.
1 Like
More data:
-
After flashing the custom
lk1stbuild, the D+ short to Ground stops working as a way to enter EDL. Hence I went ahead and figured out how to buildabootmyself. -
I have a Mobile NixOS build that produces a patched
abootthat... well, right now it always boots to fastboot unless the reset button is depressed.
I think another tiny patch to the lk1st kernel will reverse the button behavior, but for now I just want to experiment with post-boot stuffs, since I at least know this works.
EDIT: Gotta love Discourse, especially since I have no idea how edits are handled vis-a-vis email...
So, I stupidly tested a new rootfs and new aboot at the same time, made some bad assumptions about how GPIO C code works and "fried" another one. So, it's a bit awkward that I have to push the button for a normal boot.
Maybe someone else wants to try their hand? I'm just working off master: https://github.com/colemickens/lk2nd
EDIT: I'm wondering if the code in target_home needs to change to default the GPIO pin to "pull-up" maybe?
Again, to summarize, this lk2nd fork produces an aboot that works specifically with the UF896_V1.1 board and currently defaults to booting to fastboot, and optionally normal boots when the button is pressed. This, presumably, unblocks y'all from doing openwrt userspace-y stuff and me from further (mobile-)nixos efforts.
EDIT3: okay, the latest revision I pushed is pretty usable now -- it now boots normally by default, and boots to fastboot mode when the reset button is held down.
@kirdes I'd still be very interested if you make progress if figuring out anything about the DTB in use in Android for the sake of fixing up this generic dts, getting the LEDs and stuff might be nice, and anything else that might not work that I haven't noticed.
1 Like
I flashed the lk2nd.img from your fork to the aboot partition and now my stick is recognized as a Mass storage device 
Oh I'm sorry I wasn't more specific, I am building the lk1st target from that repo. Though, if I pushed the most recent version, it should use the reset button to trigger some alternative boot -- with the caveat that I don't really know how that will work executing as lk2nd, I'm surprised it came up as anything... In fact, I guess LK must have a mode where it can emulate MSD for some reason?
Actually, if you didn't sign it with qtestsign, I'm guessing you did get kicked to some other recovery stage. I'm on foot right now but I'll try to post the original non-English instructions I found and/or the WIP PR I have for mobile-nixos that is more explicit about the exact steps to produce the about.img ( which comes out as an mbn file, just fyi).
Sorry for delay, was away for a few days.
C:\WINDOWS\System32>adb devices
List of devices attached
1234567890ABCDEF device
C:\WINDOWS\System32>adb pull /proc/device-tree
remote object '/proc/device-tree' does not exist
Here is the directory listing for /proc:
C:\WINDOWS\System32>adb shell
shell@msm8916_32_512:/ $ cd /proc
shell@msm8916_32_512:/proc $ ls
1
10
100
101
102
103
1035
104
105
1053
106
107
1070
1078
108
109
11
110
111
112
1124
113
1138
114
115
1156
116
117
1172
118
1181
1183
1184
1185
119
1190
1196
1199
12
120
121
122
123
124
125
1256
126
1264
127
128
129
13
130
131
132
133
134
135
136
137
138
139
14
140
141
142
143
144
145
147
148
15
152
153
155
156
157
158
16
17
18
181
182
183
184
185
187
19
190
191
192
193
194
195
196
197
198
199
2
20
201
205
208
209
21
210
22
220
229
23
238
239
24
240
241
243
244
246
25
26
27
273
275
28
286
29
3
30
300
304
31
317
32
33
335
337
338
339
34
340
341
342
343
347
35
358
36
37
379
38
39
4
40
43
430
44
45
46
468
47
48
49
5
50
502
508
51
52
53
54
55
552
56
57
58
59
6
60
61
62
63
64
65
66
67
68
69
7
70
71
72
73
74
75
76
77
797
8
852
9
932
945
96
97
98
99
asound
buddyinfo
bus
cgroups
cmdline
config.gz
consoles
cpu
cpuinfo
crypto
devices
diskstats
driver
execdomains
fb
filesystems
fs
interrupts
iomem
ioports
irq
kallsyms
key-users
kmsg
kpagecount
kpageflags
loadavg
locks
meminfo
misc
modules
mounts
net
pagetypeinfo
partitions
schedstat
scsi
self
slabinfo
softirqs
stat
swaps
sys
sysrq-trigger
sysvipc
timer_list
timer_stats
tty
uptime
version
vmallocinfo
vmstat
zoneinfo
shell@msm8916_32_512:/proc $
Someone in the NixOS on ARM matrix channel posted that this was the DTB extracted from Android: https://gist.github.com/Informatic/77beeeaeef5570fdb0a72f7e91e75d60
I've used information from that to confirm the GPIO35 is the reset button, and have forked the OpenStick kernel and started a DTB specific to this board. It includes the reset button fixup, and also fixes the LED GPIO assignments. The blue LED lights up with wifi activity. The red light flashes annoyingly as a heart-beat, etc.
This is in addition to the lk2nd fork used to produce msm8916-lk1st to replace the aboot partition, which again fixes the GPIO35/reset button so that one can enter fastboot for testing/recovery/etc.
Beyond that, I have mobile-nixos working enough that I can deploy it like a mostly regular NixOS system - it's on my wifi and tailscale networks, etc. As always this contains all of the links/research I know about: https://github.com/colemickens/mobile-nixos/tree/openstick/devices/openstick and from there you can see exactly what I'm building/flashing, links to forks, etc. (No LTE radio in mobile-nixos yet though)
(I think someone else might've locked themselves out of a stick and is still investigating if there's still some other fallback mechanism to get into EDL... not sure if that will go anywhere).
No, seriously, I'm not impressed Discourse, thanks for putting a bunch of arbitrary limits on me:
EDIT
And they figured out EDL recovery mode: https://github.com/colemickens/mobile-nixos/tree/openstick/devices/openstick#edl-recovery-mode
bridge test pad 1 + pad 6 while plugging in USB, hold for 5+ seconds before releasing
Credit goes to infowski!
cc: @kirdes I think this means you should be able to recover, by either flashing the original aboot, the correct msm8916-lk1st, etc.
5 Likes
Anyone can get the stock firmware for the UF896_V1.1? I'v been trying some stuff to get the 4g working on custom firmware, but I at the time of my first cfw flash still didint know how to backup stuff, so no backup :(.
Theres one stock backup on hackaday comments but refuses to flash that backup on edl, my emmc and xml backup both work good, so thats why I'm trying to get the stock firmware from somewhere else.
EDIT:
Also thanks to @ colemickens and other ppl for the information, the testpad edl stuff saved my openstick from "the storage".
EDIT2:
Trying dump from @ Capt.Insano
And it works! thanks!
EDIT3:
Sadly cannot do nothing, only access adb shell and that's it, no wifi, no 4g, nothing, wanted to root the device but cant write files, so I could try at least rageagainstthecage but no.
Thanks for the edl hint, I managed to revive my device 
And your aboot image with the selectable fastboot mode is very helpful.
Thanks for the firmware dump - I had bricked my UF896_V1.1 boot partition through an errant erase and now its working again.
1 Like