cnxsoft has quit [Read error: Connection reset by peer]
iyzsong has joined #linux-sunxi
gaston1980 has quit [Quit: Konversation terminated!]
_whitelogger has joined #linux-sunxi
lurchi__ has joined #linux-sunxi
lurchi_ has quit [Ping timeout: 260 seconds]
sunshavi has quit [Ping timeout: 256 seconds]
_whitelogger has joined #linux-sunxi
JohnDoe_71Rus has joined #linux-sunxi
[ACK] has quit [Quit: Standards lives in all perspectives! thanks.]
iyzsong- has joined #linux-sunxi
iyzsong has quit [Ping timeout: 260 seconds]
suprothunderbolt has joined #linux-sunxi
sunshavi has joined #linux-sunxi
CheetahPixie has joined #linux-sunxi
<CheetahPixie>
Alright, so.
<CheetahPixie>
In front of me I have a tablet bought directly from the factory.
<CheetahPixie>
Of course, this is an Allwinner device.
<CheetahPixie>
Even has an eng build of Android that shipped with basically nothing onboard.
<CheetahPixie>
My problem though is this: I want to root it, and I can modify the /system directory at will, and the recovery itself starts with root privileges (so I have a root adb shell); my question is, how can I actually expose this to a fully booted Android in order to run the script dumper?
<CheetahPixie>
It's a NAND device, by the way.
<KotCzarny>
you can try old hole in /proc to get root
<KotCzarny>
or just boot linux userspace with that android kernel to have nand access
<KotCzarny>
but it's offtopic here to ask about android, just saying
<CheetahPixie>
How would the /proc hole work in 3.10?
<CheetahPixie>
and if it's offtopic for here, where do I take this then?
<CheetahPixie>
Did another look after I restored a backup via adb.
<CheetahPixie>
Seems there is a (non-pathed) su in /system/xbin.
<CheetahPixie>
Another quick question.
<CheetahPixie>
make CROSS_COMPILE=arm-linux-gnueabihf- sunxi-script_extractor
<CheetahPixie>
isn't this arm32?
<CheetahPixie>
shouldn't it be aarch64-linux-gnu for 64?
<KotCzarny>
do you believe your android is 64bit?
netlynx has joined #linux-sunxi
netlynx has joined #linux-sunxi
netlynx has quit [Changing host]
[LABYRINTH] has joined #linux-sunxi
<CheetahPixie>
It is 64 bit, with a lib64 path and all.
<CheetahPixie>
And in fact, that 32 bit executable just segfaulted on me.
<KotCzarny>
then recompile with 64bit and update wiki
<KotCzarny>
:)
<CheetahPixie>
I'm going to see if recompiling with 64 bit even works first.
<CheetahPixie>
CPU Z reports the kernel architecture as aarch64, so yes.
<CheetahPixie>
As a small addentum: the line, as provided, does not actually work under Ubuntu 20.04 and GCC 9; I had to link the executable to the name the code expected for it to work properly.
<CheetahPixie>
That is, it appends "gcc" to the name, regardless of the input I provide.
<CheetahPixie>
This is a problem because the filename it requires is "arm-linux-gnueabihf-gcc-9"
<CheetahPixie>
Thus, without linking, I can't even use this program.
<CheetahPixie>
So I'd greatly suggest removing the "gcc" assumption and including the full filename in the wiki.
<KotCzarny>
remember that working with old devices/tools its sometimes useful to have older vm for things
<CheetahPixie>
This works fine when I link it, mind.
<CheetahPixie>
Maybe I can make a quick PR?
<CheetahPixie>
That is, to fix this.
<KotCzarny>
sure, wiki is also freely editable
<CheetahPixie>
The utility still segfaults.
<CheetahPixie>
On aarch64.
<CheetahPixie>
What do I do?
<KotCzarny>
try some other method and/or wait for someone who played with a64 tablet
<CheetahPixie>
Ripping it out of nanda won't work since the file isn't even present there.
<KotCzarny>
you can try dumping the nand image to sdcard image
<KotCzarny>
makes it easier to analyze it later on linux pc
<CheetahPixie>
I already adb pulled all the nand partitions.
<KotCzarny>
then you can binary search them for the script location
<CheetahPixie>
What method would you use for binary searches?
<CheetahPixie>
Mine turned up little that was actually useful.
<CheetahPixie>
Also, when looking at the (admittedly modest) source code of the script extractor, it refers to /dev/mem, which is absent on this tablet.
<KotCzarny>
with 3.10 kernel and upwards they started using script to dtb converter
<KotCzarny>
so i would search for dtb
random_yanek has quit [Ping timeout: 246 seconds]
<CheetahPixie>
Alright.
<CheetahPixie>
Can I reliably reverse this to an usable dts/fex file that I can later use to compile something else?
<KotCzarny>
yes, by normal linux tools you can get dts from dtb
<KotCzarny>
not easy to read, but should include all device specific configs
<CheetahPixie>
If that won't hold water, I'm hoping the folks who I bought these from actually is willing to hand over a bin/fex/dtb/dts file for me to use.
<KotCzarny>
not tested, just random google
<CheetahPixie>
Well, /dev/dtb doesn't even exist for me
<KotCzarny>
no easy route then
<KotCzarny>
you should do some text searches for dtb magic bytes etc
<CheetahPixie>
what are those magic bytes?
<KotCzarny>
for my h5 dtb looks like it starts with 0xd0 0d de ed
<KotCzarny>
erm
<KotCzarny>
for my h5 dtb looks like it starts with 0xd0 0d fe ed
<KotCzarny>
and its usually 32-64kB long
<KotCzarny>
and should also contain strings similar to sun50...
<CheetahPixie>
alright
s3b0 has joined #linux-sunxi
<CheetahPixie>
not going to be able to search everything, but I hope a hexeditor and the ones I can work with suffice.
<KotCzarny>
it should be in the first few hundred megs of nand
tl_lim has quit [Read error: Connection reset by peer]
<jernej>
the easiest way to get android DTB is to extract it from Android update or LiveSuit image
<KotCzarny>
jernej: assuming you have one. which might be harder than dumping nand ;)
<CheetahPixie>
I don't have one, fun fact.
<jernej>
well, most of the time it's possible to find it on net
<CheetahPixie>
This is straight from the factory.
<CheetahPixie>
No mentions of this board anywhere on the web.
<CheetahPixie>
Nor the platform.
<CheetahPixie>
Plus, I'm not finding d00dfeed anywhere in NAND.
<KotCzarny>
might be byte swapped
<jernej>
note that nand may have pages scrambled due to wear leveling algorithm
<CheetahPixie>
Byteswapped?
<jernej>
e.g. no guarantee that DTB will be in sequential pages
<CheetahPixie>
Underside is about as barren as Wyoming on a good day.
<KotCzarny>
no obvious/marked pads
<KotCzarny>
i wonder where did they route the serial
<KotCzarny>
on pinetab they've routed serial to 3.5" jack
<KotCzarny>
and there is no other a64 tablet in the linux-sunxi wiki
<KotCzarny>
so think of yourself as a pioneer of sorts
<CheetahPixie>
That was my plan.
<KotCzarny>
while waiting for someone with more experience you can create an account on the wiki and add a page about your device using new-device-howto
<CheetahPixie>
I might.
andy25225 has quit [Ping timeout: 256 seconds]
andy25225 has joined #linux-sunxi
arti has joined #linux-sunxi
<KotCzarny>
i wonder what those 2 pads near the sdcard slot are
ldevulder_ has joined #linux-sunxi
arti has quit [Ping timeout: 256 seconds]
iyzsong- has quit [Ping timeout: 256 seconds]
afaerber has quit [Ping timeout: 256 seconds]
narmstrong has quit [Ping timeout: 256 seconds]
ric96 has quit [Ping timeout: 256 seconds]
aib has quit [Ping timeout: 256 seconds]
<CheetahPixie>
good questio
OnkelUlla has quit [Ping timeout: 256 seconds]
s3b0 has quit [Quit: Konversation terminated!]
ldevulder__ has quit [Ping timeout: 246 seconds]
matteosilex has quit [Ping timeout: 256 seconds]
xes has quit [Ping timeout: 256 seconds]
MartijnBraam has quit [Ping timeout: 256 seconds]
andy25225 has quit [*.net *.split]
suprothunderbolt has quit [*.net *.split]
aliosa27 has quit [*.net *.split]
willmore has quit [*.net *.split]
Kwiboo has quit [*.net *.split]
Nemo_bis has quit [*.net *.split]
Putti has quit [*.net *.split]
anarsoul|c has quit [*.net *.split]
ccaione has quit [*.net *.split]
_whitelogger has joined #linux-sunxi
lennard has joined #linux-sunxi
pmp-p has quit [Ping timeout: 272 seconds]
xes has joined #linux-sunxi
suprothunderbolt has quit [Ping timeout: 265 seconds]