irclog2html for #openezx on 20060410

02:06.39*** join/#openezx GvzEvxre (n=timr@pdpc/supporter/bronze/TimRiker)
08:46.37ysakaedi have got another flag for the bootloader 0x1caabca8  today
08:46.45ysakaedi put on wiki already
08:47.38ysakaedit was showing 0x7c7c7c7c all the time, until today it shows that when its low in battries
08:47.53ysakaedi tried again after an hour and it changed to 0x95aa95aa ...
11:54.49stefan_schmidtysaked: thanks
12:02.39ysakaednot too sure what's going on tho, now my phone changes from 7c7c7c7c to 95aa95aa
12:03.08*** join/#openezx jonwil (n=jonwil@220-244-120-190.static.tpgi.com.au)
12:56.00stefan_schmidtysaked: able to load and execute a kernel via boot_usb with this flag?
13:05.58ysakaedhmm i am not too sure how to do it... i need to compile the kernal from the source code given from motorola first right?
13:07.18stefan_schmidtyes, but you can also use my precompiled kernel for first tests.
13:07.45stefan_schmidtThe only thing you really need to compile your own is boot_usb from LaForge.
13:08.03stefan_schmidtKernel: http://www.datenfreihafen.org/~stefan/EZX/zImage-first-only-ptrace
13:08.18stefan_schmidtboot_usb: http://svn.gnumonks.org/trunk/a780/src/boot_usb/
13:09.05stefan_schmidtYou need an installed libusb with header files for compiling boot_usb
13:10.50ysakaedhmm i managed to build boot_usb on fedora core 4
13:10.58ysakaedis there anyway can build on winxp?
13:11.29ysakaedsince i am on winxp machine now
13:12.42stefan_schmidtnever tried this.
13:12.54stefan_schmidtIs libusb available under Windows?
13:13.20ysakaedi am not quite sure
13:13.38ysakaedi will give it a try under linux then
13:14.16ysakaedso where should i put the zImage file?
13:15.35stefan_schmidtYou need only ./boot_usb zImage-file
13:15.50ysakaedoh i see
13:16.02stefan_schmidtBe sure you have permission for the usb stuuf
13:16.15ysakaedlet me try now
13:16.24stefan_schmidtI do it as root under debian.
13:18.56ysakaednow the flag is 0x95aa95aa
13:19.21stefan_schmidtok
13:20.17jonwilI wouldnt be surprised if something lower-level than BLOB is what sets that flag
13:20.26jonwilpossibly code running on the BP side
13:20.38jonwilor code running on the AP side that is below blob
13:20.51ysakaedhmm cannot find ezx device in bootloader mode
13:20.56ysakaedweird it found before
13:21.08stefan_schmidthmm
13:22.16stefan_schmidtjonwil: readinf some of the ezx blob code give me the impression there is a bp booloader starts first.
13:22.37stefan_schmidtperhaps this bootloader doing the magic with the flag.
13:22.59ysakaedhmm does it suppose to show anything on the computer?
13:23.05ysakaedit shows out lots of 00s
13:23.31stefan_schmidtyes. it show a lot hex stuff
13:23.57ysakaedand nothing happend to my phone
13:24.06ysakaedafter showing
13:25.25stefan_schmidtsame as LaForge on three of his phones.
13:25.44ysakaedi will try on the dead a780
13:26.06stefan_schmidtOnce you get the 7c... flag back on your bootloader please try it again.
13:28.50ysakaednope doesn't work
13:28.57ysakaedguess have to wait until it goes back to 7c
13:29.16stefan_schmidtthanks
13:29.38ysakaedstrange
13:29.42stefan_schmidtI think there is a deeper problem with your dead a780
13:29.43ysakaednow its in 7c now
13:29.49stefan_schmidt:)
13:29.53stefan_schmidtThat was fast.
13:32.25ysakaednothing happened
13:32.32stefan_schmidtdamn it
13:33.41ysakaedhmmm
13:35.12stefan_schmidtif i'am right harald was the only one who was able to boot this kernel. And me of course.
13:35.20stefan_schmidtThis is really annoying.
13:37.38ysakaedi think alebm success too
13:37.46ysakaedi was talking to him yesterday he said he managed to do it
13:37.57ysakaedif i remember it correctly
13:38.27stefan_schmidtgood. feedback about this is very welcome.
13:39.08stefan_schmidttalking about alebm remember me to trigger him about the scummvm patch. :)
13:39.18ysakaedhehe
13:39.21ysakaedi will tell him tomrow
13:39.41ysakaedits good to play old classic game ;)
13:40.00stefan_schmidtyou know him personally?
13:40.23stefan_schmidtor just have a chat elsewhere?
13:40.29ysakaedi chat with him on msn
13:40.51ysakaedhe usually appear around 12 afters after now ;)
13:41.00stefan_schmidt:)
13:41.05stefan_schmidttimezones are funny
13:41.13ysakaedwhich is 1pm in the afternoon for me
13:41.29ysakaedehehe
13:55.53*** join/#openezx ao2 (n=u@2001:1418:117:0:0:0:0:1)
13:56.10ao2hallo
13:57.48stefan_schmidthi
14:03.49ao2I have a conjecture about the different FLAG values
14:05.09ao2I noted that on my phone, which I do not use very much, FLAG assumed several values
14:05.56ao2moreover Harald said that his dev phones show an higher FLAG value, while his production phone show 0x7c7c7c7c
14:06.54ao2stephan reported that his phone has "always" that value, and he added that the phoen is used quite intensively while not being hacked
14:07.08ao2s/stephan/stefan/
14:08.14ao2so, I tried to not use my phone for a while, leaving it turned OFF during the night
14:08.28ao2this morning I had FLAG=0x95aa95aa
14:09.36ao2then i left my phone switched ON (in normal mode, not bootloader mode), and at 16.00 I have FLAG=0x7c7c7c7c
14:11.12ao2so __maybe__ (at least in my case) the flag value tells the state of charge of some internal component that change state when the phone in ON for a while
14:11.38ao2my conjecture is based on the assumption that harald keeps his dev phones turned OFF while not ahking on them
14:11.59ao2and on the fact that stefan, maybe, leave the phone turned on even during the night??
14:12.06ao2...
14:12.24ao2did you understand anything of what i wrote? :)
14:13.32ao2well, even if my thery is somehow proved, I do not know, yet, why the kernel from fals boots anyway, regardless the flag value...
14:13.43ao2s/thery/theory
14:14.05ao2s/fals/flash
14:15.58ao2what do you think about this weird idea?
14:17.42stefan_schmidtsorry for the delay
14:18.23stefan_schmidtcould be a theory but there are still some open questions.
14:18.34ao2sure
14:18.54ao2but, can you confirm that you leave your phone On during night?
14:19.03stefan_schmidtI'll turn my phone off this night.
14:19.15ao2well, just to try
14:20.28stefan_schmidtthe other point to dig could be the bp bootloader.
14:21.25stefan_schmidtI think he runs before blob. We can the first two lines in our botloader pictures about that.
14:22.30stefan_schmidtAnd reading the motorola changes in the blob code gives my the guess there is an BP bootloader and it runs first.
14:23.02ysakaedhmmmmm
14:23.59ao2If we wanted to change the bootloader we would need to use a jtag, is that correct?
14:25.13stefan_schmidtperhaps you can flash the bootloader area also from a running phone inside a telnet session. But you really want a working jtag setup if something goes wrong.
14:25.57ao2did you tried to open your phone stefan_schmidt ? I was thinking to open mine.
14:26.16ao2or there are some photos on the net already?
14:29.31stefan_schmidtno
14:29.45stefan_schmidtthinking about it
14:30.33stefan_schmidti think i've seen some picture at motofans. Not sure if it was e680 or a780
14:31.25ao2i saw some e680 too
14:32.37stefan_schmidtbtw: i should have done a backup before. Yesterday i flashed a really small kernel without fs support and after that my images was gone.
14:32.46stefan_schmidtweird
14:34.29ao2backup... i didn't make it either. Anyway, If I manage to open my moto, I'll tell you, so you can leave your dressed :)
14:34.38stefan_schmidt:)
15:10.12stefan_schmidtysakaed, night
15:23.37*** join/#openezx TimRiker (n=timr@pdpc/supporter/bronze/TimRiker)
15:49.28*** join/#openezx blkhawk (i=blkhawk@p54A769AA.dip.t-dialin.net)
16:28.45stefan_schmidtTimRiker: Do you figured out the problem with busybox?
16:51.32TimRikernope. need to try some different toolchains.
16:52.08TimRikerI tried a static busybox built with uclibc and still got some broken behaviour
16:52.41TimRikerso it's not the c library. or at least not only the c library.
16:53.04TimRikeris there anything in the kernel sources about the drm mount stuff?
16:53.29TimRikerI wonder if they changed the syscall interface defs.
17:02.50stefan_schmidtTimRiker: I've not read much of the kernel changes from motorola yet. Perhaps LaF0rge can give you a hint.
18:15.46*** join/#openezx uwe (n=uwe@dslb-084-056-014-233.pools.arcor-ip.net)
19:26.54ao2hi again
19:27.22ao2I found that site, that have a reverse engineering report of the A780, but it is quite expensive to buy...
19:27.24ao2http://www.dri.co.jp/auto/report/portelligent/pormota78005.htm
19:40.45ao2here there are some photos of my A780 naked: http://www.studenti.unina.it/~ospite/gallery/gallery_images/foto/naked%20moto/index.html
19:46.01*** join/#openezx stefan_schmidt (n=stefan@p548648DB.dip.t-dialin.net)
19:46.50ao2hi stefan_schmidt
19:47.02ao2i took some photos of my moto's internals
19:47.09ao2http://www.studenti.unina.it/~ospite/gallery/gallery_images/foto/naked%20moto/index.html
19:51.26stefan_schmidthi
19:51.44stefan_schmidtcool. i'll take a look
19:52.04*** join/#openezx uwe_ (n=uwe@213.244.124.16)
19:52.13uwe_uwe, sorry ...
19:52.56*** part/#openezx uwe (n=uwe@213.244.124.16)
19:53.14*** join/#openezx uwe_ (n=uwe@dslb-084-056-014-233.pools.arcor-ip.net)
19:54.53*** part/#openezx uwe_ (n=uwe@dslb-084-056-014-233.pools.arcor-ip.net)
19:57.30*** join/#openezx uwehermann (n=uweherma@dslb-084-056-014-233.pools.arcor-ip.net)
19:57.47stefan_schmidtuwehermann: hi
19:57.56uwehermannstefan_schmidt: hi stefan
19:58.02ao2I've also found service manuals for A780, but I do not know if such infos can be used in writing freesoftware in a legal way
19:59.41stefan_schmidtao2: is the manual available from the motorola site or is it leaked under unknown circumstances?
19:59.58uwehermanngotta go now, but I'll be around more often in future for a780 work...
19:59.58ao2rather unknown, i have to say
19:59.59uwehermanncu
20:01.11*** part/#openezx uwehermann (n=uweherma@dslb-084-056-014-233.pools.arcor-ip.net)
20:04.16stefan_schmidtao2: Nice pictures but the interesting chips, and especially their names, are covered.
20:04.57stefan_schmidtao2: And i don't think it is a good idea to remove this covers.
20:05.00ao2i know, but i was a bit feared, please understand :)
20:05.08ao2in fact
20:06.02stefan_schmidtao2: no problem. I#am feared to naked it, too.
20:06.42stefan_schmidtI'am not sure but perhaps LaF0rge had done some good pics. We should ask him.
20:07.04ao2Level 1 and 2 Service manuals, have infos about part lists and disassembling instruction, not many informations about ICs
20:07.32ao2I think I can give you the source, it is on the net after all
20:08.58stefan_schmidtIf the manual is only for disassembling instruction i see no problems with writing software here.
20:09.11ao2Level 3 manuals can "pollute" developers, i think
20:09.37stefan_schmidtok, so please don't send the url.
20:10.43stefan_schmidti want to be sure we get no problems later with things like "You have read our manual, so you stolen our code..."
20:11.21stefan_schmidtPeople really want to look into this stuff will find it anyway on the net.
20:12.16ao2sure, at least we have to see what LaForge thinks about that, and i think his opinion will be pretty much like your
20:12.22stefan_schmidtSome of the ezx sdk are alos leaked if i understand the postings in the motofans forum.
20:12.30TimRiker<PROTECTED>
20:13.43TimRikerI'd love to see the ezx sdk too.
20:13.43ao2i think i found the link prawling in morofans
20:13.43ao2and the sdk can be found that way too
20:13.43TimRikerk
20:13.44ao2s/morofans/motofans
20:14.56stefan_schmidt<PROTECTED>
20:23.17TimRiker<PROTECTED>
20:24.43TimRiker<PROTECTED>
20:26.24TimRiker<PROTECTED>
20:26.52stefan_schmidtjust added: http://wiki.openezx.org/Photos
20:26.53TimRikerthere is patented code in the linux kernel that is licensed for use in a limited manner.
20:26.57stefan_schmidt<PROTECTED>
20:27.34TimRikersee the nftl m-systems drivers for an example. GPL, but patent restricted. (assuming the patents are valid and enforceable)
20:28.04stefan_schmidt<PROTECTED>
20:28.41stefan_schmidtoh, i don't knoew such stuff touches the kernel.
20:29.00TimRiker<PROTECTED>
20:30.09stefan_schmidtwhat happend if they changed there mind and want to get money out of that? Removing the code is of course possible but what is about the already running kernels?
20:31.22stefan_schmidt<PROTECTED>
20:37.26ao2should I hide some info other than IMEI on the pictures?
20:38.09ao2i'm referring to any "personal" informations
20:39.48stefan_schmidtao2: hide IMEI is a good idea. The other numbers are technical and no personal stuff.
20:40.29stefan_schmidtao2: I think only picture number 5 is affected.
20:40.38ao2yes
20:40.56ao2i forgot to upload updated thumbnails
20:41.06stefan_schmidtao2: Sorry i should had asked you before linking your photos on the wiki.
20:41.29ao2well, i'm fixing my picture number 5
20:42.58ao2ok, updated, no problem.
20:43.53stefan_schmidtyou're fast :)
20:55.41blkhawkevening
20:55.52blkhawkjust woke up after a few hours of needed sleep
20:55.58blkhawkdid i miss anything?
20:57.08stefan_schmidthi
20:57.58stefan_schmidtnot really. ao2 naked his a780
20:58.12blkhawkohhh
20:58.16blkhawkpr0n
20:58.19ao2just undressed it a bit :)
20:59.17stefan_schmidtyou can buy some nice underwear. ;)
21:02.56ao2time to go
21:03.00ao2see you tomorrow
21:03.15ao2and stefan_schmidt, remember to switch off your phone :P
21:04.03stefan_schmidtao2: i will do so.
21:05.13ao2tomorrow, here in italy we will now what will be the new gorverment for the next 5 years, give us a "good luck" :)
21:05.31ao2s/now/know
21:06.14ao2good night
21:09.23TimRikerand stop if from flashing green when locked.
21:14.02TimRikerHere's one I wish I had: http://www.teardown.com/channels/wireless/Motorola_A780.aspx  but not to the tune of $2,450.
21:15.01blkhawkheh
21:15.44stefan_schmidtwhat a price
21:15.59TimRikerused to have access to there at a previous employer.
21:16.19stefan_schmidtI think we figue out the most of our own. But this will take some time.
21:17.09TimRikernot a lot in the teardown that we need and can't discover. but they kill a device by opening all the covers which is nice.
21:17.51TimRikerthey also do power profiles and cost estimates. Not useful for hacking purposed, but if you wanted to clone the device, then they are very useful.
21:18.46stefan_schmidti'd think the chinese guys disassembling on their own for cloning purpose. ;)
21:19.13TimRikerI need an stunnel binary so I can secure pop, imap, and smtp.
21:27.25stefan_schmidtdid stunnel need openssl?
21:32.25*** join/#openezx uwehermann (n=uweherma@dslb-084-056-026-138.pools.arcor-ip.net)
21:32.31uwehermannhi
21:32.34stefan_schmidthi
21:51.12TimRikerstefan_schmidt: yes. stunnel needs openssl.
21:51.25TimRikercan't recall if openssl is on the device already or not.
22:27.40stefan_schmidtif i'am right, openssl is not on the device.
22:28.55stefan_schmidtI read about problems compiling openssl for this phone. But i'am not sure with which toolchain the problems occurs.
22:40.02*** join/#openezx quobl (n=quobl@tor/session/x-89dbf0e0b360499c)
23:21.06TimRikermakes a lot of sense. build ssl support but only compile it into the opera binary.
23:23.08TimRikerso anyone have a web or ssh server running on the phone yet?
23:23.54TimRikeranyone looked at the in.ftpd wierdness? (it runs but it's not a normal ftp and it's not on the filesyste)
23:30.32stefan_schmidtThe in.ftpd thing is odd.
23:31.28stefan_schmidtHarald has dropbear in his svn: http://svn.gnumonks.org/trunk/a780/src/dropbear/
23:31.44stefan_schmidti need really some sleep now. night.
23:52.51TimRikernite.

Generated by irclog2html.pl by Jeff Waugh - find it at freshmeat.net! Modified by Tim Riker to work with blootbot logs, split per channel, etc.