This app can reset your flash counter and triangle on ICS builds. The download is attached.
THIS IS A DANGEROUS OPERATION AND COULD POTENTIALLY BRICK YOUR DEVICE. PROCEED AT YOUR OWN RISK. A USB JIG IS PREFERRED IF YOU HAVE ONE.
( and by brick I mean brick - only a board replacement or a JTAG unit will be able to save you, don't mess with boot(loader) stuff unless you really mean it! )
Please check the values the app displays are correct before resetting the counters. There really isn't much more to say about it, except for the technical details, which most of you will likely skip.
Also, Samsung may well change behavior for this in the future, so with any major firmware updates you should check and doublecheck if this app still works before attempting a reset.
CHECK AND DOUBLE CHECK THE INFORMATION UNDER "CURRENT STATUS" IS CORRECT BEFORE RESETTING THE COUNTER !
( If triangle, counter, or device is not showing or not correct, DO NOT USE but report back here )
Note: using Triangle Away may unmount your SD card. Reboot or manually remount it from Android settings.
Technical details (Updated 13.02.2012)
The flash counter and triangle state had to be stored somewhere. Everybody knew that. Guesses have been made in the past where it could be, and I have personally compared the raw flash disk contents between different amount of custom flashes in the past, unable to find any differences. You can dump and compare the entire /dev/block/mmcblk0 and you won't find a difference (you'll find a few unallocated and unused gaps, though).
The solution comes with the new kernel uses by ICS builds. The flash disk actually has two hidden boot partitions, /dev/block/mmcblk0boot0 and /dev/block/mmcblk0boot1 . The MMC driver in the kernels used for Gingerbread did not present these partitions in the past, the MMC driver in the ICS kernel does.
Teamhacksung members said something about having found the location, so I retried locating the position on ICS. Until recently I had always ran the KH4 Gingerbread build because until the LPB ICS build USB host was not properly supported on ICS, and I need that for other apps I make. It's really easy to find now on ICS. Dump and compare the partitions and you'll have found them in no time. I've already done it, so here is the information.
Structure /dev/block/mmcblk0boot0 @ 0x00020000:
0x00020000 header magic: 32bit - 0x12340011
0x00020004 flash count: 16bit
0x00020006 future: 16bit - 0x0000
0x00020008 type: 16bit - 0x0000 unknown, 0x0001 custom (triangle), 0x0002 Samsung Official
0x0002000A name: max 16 chars
0x0002001A end: 16bit - 0x0000
The boot partitions are presented as readonly by default, but allowing modification is a simple matter of executing the following before writing the data:
echo 0 > /sys/block/mmcblk0boot0/force_ro
That should give you all the information you need to replicate this. A number of bytes trailing this structure also change between flashes and appear to be checksum related.
As stated above, this isn't easily doable on Gingerbread. That is also why this currently does not work on the SGNote. When ICS is released for the SGNote it'll probably be compatible out of the box, or trivial to make it compatible. I say on Gingerbread it is not easily doable, but it is not impossible. If you put a lot of effort into it, you can probably talk to the MMC device directly and modify these partitions, I personally don't feel it is worth the effort for Gingerbread, as (at the time of this writing) official ICS firmwares should be available for both the SGS2 as well as the SGNote very shortly.
Update 16.02.2012: Users have confirmed TriangleAway works on the I9220 SGNote ICS leak !
Changelogs
02.03.2012 - v1.25
- Updated icon
- Updated some texts
- Added automatic reset at boot option
- Uploaded to Market
13.02.2012 - v1.10
- Updated technical details
- Device check removed, instead the app checks the header magic
- Internal structure changed
Download
Download from the Android Market
The Android Market download is not free - it costs about a beer (thanks!). The download listed below is 100% the exact same program, but free.
Please do not redistribute for the moment (soon?)
( 1.00: 634; 1.10: 12795 )
Credits: CHAINFIRE
Thanks
XtrmblackberryThemes
THIS IS A DANGEROUS OPERATION AND COULD POTENTIALLY BRICK YOUR DEVICE. PROCEED AT YOUR OWN RISK. A USB JIG IS PREFERRED IF YOU HAVE ONE.
( and by brick I mean brick - only a board replacement or a JTAG unit will be able to save you, don't mess with boot(loader) stuff unless you really mean it! )
Please check the values the app displays are correct before resetting the counters. There really isn't much more to say about it, except for the technical details, which most of you will likely skip.
Also, Samsung may well change behavior for this in the future, so with any major firmware updates you should check and doublecheck if this app still works before attempting a reset.
CHECK AND DOUBLE CHECK THE INFORMATION UNDER "CURRENT STATUS" IS CORRECT BEFORE RESETTING THE COUNTER !
( If triangle, counter, or device is not showing or not correct, DO NOT USE but report back here )
Note: using Triangle Away may unmount your SD card. Reboot or manually remount it from Android settings.
Technical details (Updated 13.02.2012)
The flash counter and triangle state had to be stored somewhere. Everybody knew that. Guesses have been made in the past where it could be, and I have personally compared the raw flash disk contents between different amount of custom flashes in the past, unable to find any differences. You can dump and compare the entire /dev/block/mmcblk0 and you won't find a difference (you'll find a few unallocated and unused gaps, though).
The solution comes with the new kernel uses by ICS builds. The flash disk actually has two hidden boot partitions, /dev/block/mmcblk0boot0 and /dev/block/mmcblk0boot1 . The MMC driver in the kernels used for Gingerbread did not present these partitions in the past, the MMC driver in the ICS kernel does.
Teamhacksung members said something about having found the location, so I retried locating the position on ICS. Until recently I had always ran the KH4 Gingerbread build because until the LPB ICS build USB host was not properly supported on ICS, and I need that for other apps I make. It's really easy to find now on ICS. Dump and compare the partitions and you'll have found them in no time. I've already done it, so here is the information.
Structure /dev/block/mmcblk0boot0 @ 0x00020000:
0x00020000 header magic: 32bit - 0x12340011
0x00020004 flash count: 16bit
0x00020006 future: 16bit - 0x0000
0x00020008 type: 16bit - 0x0000 unknown, 0x0001 custom (triangle), 0x0002 Samsung Official
0x0002000A name: max 16 chars
0x0002001A end: 16bit - 0x0000
The boot partitions are presented as readonly by default, but allowing modification is a simple matter of executing the following before writing the data:
echo 0 > /sys/block/mmcblk0boot0/force_ro
That should give you all the information you need to replicate this. A number of bytes trailing this structure also change between flashes and appear to be checksum related.
As stated above, this isn't easily doable on Gingerbread. That is also why this currently does not work on the SGNote. When ICS is released for the SGNote it'll probably be compatible out of the box, or trivial to make it compatible. I say on Gingerbread it is not easily doable, but it is not impossible. If you put a lot of effort into it, you can probably talk to the MMC device directly and modify these partitions, I personally don't feel it is worth the effort for Gingerbread, as (at the time of this writing) official ICS firmwares should be available for both the SGS2 as well as the SGNote very shortly.
Update 16.02.2012: Users have confirmed TriangleAway works on the I9220 SGNote ICS leak !
Changelogs
02.03.2012 - v1.25
- Updated icon
- Updated some texts
- Added automatic reset at boot option
- Uploaded to Market
13.02.2012 - v1.10
- Updated technical details
- Device check removed, instead the app checks the header magic
- Internal structure changed
Download
Download from the Android Market
The Android Market download is not free - it costs about a beer (thanks!). The download listed below is 100% the exact same program, but free.
Please do not redistribute for the moment (soon?)
( 1.00: 634; 1.10: 12795 )
Credits: CHAINFIRE
Thanks
XtrmblackberryThemes
1 comments:
Can you show a `ls -l /dev/block/mmc*`? I’m interested in the block major and minor numbers used by that mmc driver.
And also a /proc/partitions dump.
...and the pit-file... as we are on it... ;-)
My CyanogenMod just counts from mmcblk0p1 to 12, reflecting all partitions in my pit file (as extracted, seen and uploaded with heimdall trunk (1.4 has bugs with the command line regarding repartioning)). The major/minor numbering is normal (from major 179, minor 1 on, then going over to major 259 because the “disc” has too many partitions...).
So... which partition are you actually accessing??
Post a Comment