Loading brom-payload/main.c +6 −0 Original line number Diff line number Diff line Loading @@ -149,6 +149,12 @@ int main() { } } case 0x3001: { printf("Kick watchdog\n"); volatile uint32_t *reg = (volatile uint32_t *)0x10212000; reg[8/4] = 0x1971; break; } default: printf("Invalid command\n"); break; Loading modules/common.py +6 −0 Original line number Diff line number Diff line Loading @@ -214,6 +214,12 @@ class Device: # cmd self.dev.write(p32_be(0x3000)) def kick_watchdog(self): # magic self.dev.write(p32_be(0xf00dd00d)) # cmd self.dev.write(p32_be(0x3001)) def rpmb_read(self): # magic self.dev.write(p32_be(0xf00dd00d)) Loading modules/handshake.py +0 −2 Original line number Diff line number Diff line Loading @@ -7,8 +7,6 @@ from logger import log def handshake(dev): log("Handshake") dev.handshake() log("Disable watchdog") dev.write32(0x10212000, 0x22000000) if __name__ == "__main__": Loading modules/main.py +24 −3 Original line number Diff line number Diff line Loading @@ -3,6 +3,7 @@ import os import struct import subprocess import sys import threading import time from argparse import ArgumentParser Loading Loading @@ -30,6 +31,7 @@ def switch_boot0(dev, unbrick = False): if block[0:9] != b"EMMC_BOOT": dev.reboot() raise RuntimeError("what's wrong with your BOOT0?") dev.kick_watchdog() def calculate_time_left(time_passed, done, left): time_left = int(((left - done - 1) * time_passed / (done + 1)).total_seconds()) Loading Loading @@ -60,6 +62,8 @@ def flash_data(dev, data, start_block, max_size=0): calculate_time_left(time_passed, x, blocks), \ str(time_passed)[:-7]), end='\r') dev.emmc_write(start_block + x, data[x * 0x200:(x + 1) * 0x200]) if x % 10 == 0: dev.kick_watchdog() print("") def read_file(path): Loading @@ -82,6 +86,8 @@ def dump_binary(dev, path, start_block, max_size=0): calculate_time_left(time_passed, x, blocks), \ str(time_passed)[:-7]), end='\r') fout.write(dev.emmc_read(start_block + x)) if x % 10 == 0: dev.kick_watchdog() print("") def switch_user(dev, partitiontable = False): Loading @@ -91,6 +97,7 @@ def switch_user(dev, partitiontable = False): if block[510:512] != b"\x55\xAA": dev.reboot() raise RuntimeError("what's wrong with your GPT? try to flash partition table") dev.kick_watchdog() def parse_gpt(dev): data = dev.emmc_read(0x400 // 0x200) + dev.emmc_read(0x600 // 0x200) \ Loading @@ -106,6 +113,17 @@ def parse_gpt(dev): parts[part_name] = (part_start, part_end - part_start + 1) return parts class UserInputThread(threading.Thread): def __init__(self, *args, **kwargs): super().__init__(*args, **kwargs) self.done = False def run(self): log("Hold volume down button and press enter") log("Don't release volume button until you see FASTBOOT mode... on phone screen") input() self.done = True def main(): parser = ArgumentParser() parser.add_argument("-l", "--unlock", action='store_true', dest='unlock', default=False, Loading @@ -131,6 +149,7 @@ def main(): # Load brom payload load_payload(dev, "../brom-payload/build/payload.bin") dev.kick_watchdog() # Partition table if args.partitiontable: Loading Loading @@ -203,9 +222,11 @@ def main(): # Reboot if args.unlock: log("Hold volume down button and press enter") log("Don't release volume button until you see FASTBOOT mode... on phone screen") input() thread = UserInputThread() thread.start() while not thread.done: dev.write32(0x10212008, 0x1971) # low-level watchdog kick time.sleep(1) log("Reboot") dev.reboot() if args.unlock: Loading Loading
brom-payload/main.c +6 −0 Original line number Diff line number Diff line Loading @@ -149,6 +149,12 @@ int main() { } } case 0x3001: { printf("Kick watchdog\n"); volatile uint32_t *reg = (volatile uint32_t *)0x10212000; reg[8/4] = 0x1971; break; } default: printf("Invalid command\n"); break; Loading
modules/common.py +6 −0 Original line number Diff line number Diff line Loading @@ -214,6 +214,12 @@ class Device: # cmd self.dev.write(p32_be(0x3000)) def kick_watchdog(self): # magic self.dev.write(p32_be(0xf00dd00d)) # cmd self.dev.write(p32_be(0x3001)) def rpmb_read(self): # magic self.dev.write(p32_be(0xf00dd00d)) Loading
modules/handshake.py +0 −2 Original line number Diff line number Diff line Loading @@ -7,8 +7,6 @@ from logger import log def handshake(dev): log("Handshake") dev.handshake() log("Disable watchdog") dev.write32(0x10212000, 0x22000000) if __name__ == "__main__": Loading
modules/main.py +24 −3 Original line number Diff line number Diff line Loading @@ -3,6 +3,7 @@ import os import struct import subprocess import sys import threading import time from argparse import ArgumentParser Loading Loading @@ -30,6 +31,7 @@ def switch_boot0(dev, unbrick = False): if block[0:9] != b"EMMC_BOOT": dev.reboot() raise RuntimeError("what's wrong with your BOOT0?") dev.kick_watchdog() def calculate_time_left(time_passed, done, left): time_left = int(((left - done - 1) * time_passed / (done + 1)).total_seconds()) Loading Loading @@ -60,6 +62,8 @@ def flash_data(dev, data, start_block, max_size=0): calculate_time_left(time_passed, x, blocks), \ str(time_passed)[:-7]), end='\r') dev.emmc_write(start_block + x, data[x * 0x200:(x + 1) * 0x200]) if x % 10 == 0: dev.kick_watchdog() print("") def read_file(path): Loading @@ -82,6 +86,8 @@ def dump_binary(dev, path, start_block, max_size=0): calculate_time_left(time_passed, x, blocks), \ str(time_passed)[:-7]), end='\r') fout.write(dev.emmc_read(start_block + x)) if x % 10 == 0: dev.kick_watchdog() print("") def switch_user(dev, partitiontable = False): Loading @@ -91,6 +97,7 @@ def switch_user(dev, partitiontable = False): if block[510:512] != b"\x55\xAA": dev.reboot() raise RuntimeError("what's wrong with your GPT? try to flash partition table") dev.kick_watchdog() def parse_gpt(dev): data = dev.emmc_read(0x400 // 0x200) + dev.emmc_read(0x600 // 0x200) \ Loading @@ -106,6 +113,17 @@ def parse_gpt(dev): parts[part_name] = (part_start, part_end - part_start + 1) return parts class UserInputThread(threading.Thread): def __init__(self, *args, **kwargs): super().__init__(*args, **kwargs) self.done = False def run(self): log("Hold volume down button and press enter") log("Don't release volume button until you see FASTBOOT mode... on phone screen") input() self.done = True def main(): parser = ArgumentParser() parser.add_argument("-l", "--unlock", action='store_true', dest='unlock', default=False, Loading @@ -131,6 +149,7 @@ def main(): # Load brom payload load_payload(dev, "../brom-payload/build/payload.bin") dev.kick_watchdog() # Partition table if args.partitiontable: Loading Loading @@ -203,9 +222,11 @@ def main(): # Reboot if args.unlock: log("Hold volume down button and press enter") log("Don't release volume button until you see FASTBOOT mode... on phone screen") input() thread = UserInputThread() thread.start() while not thread.done: dev.write32(0x10212008, 0x1971) # low-level watchdog kick time.sleep(1) log("Reboot") dev.reboot() if args.unlock: Loading
