02:06.39 | *** join/#openezx GvzEvxre (n=timr@pdpc/supporter/bronze/TimRiker) |
08:46.37 | ysakaed | i have got another flag for the bootloader 0x1caabca8 today |
08:46.45 | ysakaed | i put on wiki already |
08:47.38 | ysakaed | it was showing 0x7c7c7c7c all the time, until today it shows that when its low in battries |
08:47.53 | ysakaed | i tried again after an hour and it changed to 0x95aa95aa ... |
11:54.49 | stefan_schmidt | ysaked: thanks |
12:02.39 | ysakaed | not too sure what's going on tho, now my phone changes from 7c7c7c7c to 95aa95aa |
12:03.08 | *** join/#openezx jonwil (n=jonwil@220-244-120-190.static.tpgi.com.au) |
12:56.00 | stefan_schmidt | ysaked: able to load and execute a kernel via boot_usb with this flag? |
13:05.58 | ysakaed | hmm i am not too sure how to do it... i need to compile the kernal from the source code given from motorola first right? |
13:07.18 | stefan_schmidt | yes, but you can also use my precompiled kernel for first tests. |
13:07.45 | stefan_schmidt | The only thing you really need to compile your own is boot_usb from LaForge. |
13:08.03 | stefan_schmidt | Kernel: http://www.datenfreihafen.org/~stefan/EZX/zImage-first-only-ptrace |
13:08.18 | stefan_schmidt | boot_usb: http://svn.gnumonks.org/trunk/a780/src/boot_usb/ |
13:09.05 | stefan_schmidt | You need an installed libusb with header files for compiling boot_usb |
13:10.50 | ysakaed | hmm i managed to build boot_usb on fedora core 4 |
13:10.58 | ysakaed | is there anyway can build on winxp? |
13:11.29 | ysakaed | since i am on winxp machine now |
13:12.42 | stefan_schmidt | never tried this. |
13:12.54 | stefan_schmidt | Is libusb available under Windows? |
13:13.20 | ysakaed | i am not quite sure |
13:13.38 | ysakaed | i will give it a try under linux then |
13:14.16 | ysakaed | so where should i put the zImage file? |
13:15.35 | stefan_schmidt | You need only ./boot_usb zImage-file |
13:15.50 | ysakaed | oh i see |
13:16.02 | stefan_schmidt | Be sure you have permission for the usb stuuf |
13:16.15 | ysakaed | let me try now |
13:16.24 | stefan_schmidt | I do it as root under debian. |
13:18.56 | ysakaed | now the flag is 0x95aa95aa |
13:19.21 | stefan_schmidt | ok |
13:20.17 | jonwil | I wouldnt be surprised if something lower-level than BLOB is what sets that flag |
13:20.26 | jonwil | possibly code running on the BP side |
13:20.38 | jonwil | or code running on the AP side that is below blob |
13:20.51 | ysakaed | hmm cannot find ezx device in bootloader mode |
13:20.56 | ysakaed | weird it found before |
13:21.08 | stefan_schmidt | hmm |
13:22.16 | stefan_schmidt | jonwil: readinf some of the ezx blob code give me the impression there is a bp booloader starts first. |
13:22.37 | stefan_schmidt | perhaps this bootloader doing the magic with the flag. |
13:22.59 | ysakaed | hmm does it suppose to show anything on the computer? |
13:23.05 | ysakaed | it shows out lots of 00s |
13:23.31 | stefan_schmidt | yes. it show a lot hex stuff |
13:23.57 | ysakaed | and nothing happend to my phone |
13:24.06 | ysakaed | after showing |
13:25.25 | stefan_schmidt | same as LaForge on three of his phones. |
13:25.44 | ysakaed | i will try on the dead a780 |
13:26.06 | stefan_schmidt | Once you get the 7c... flag back on your bootloader please try it again. |
13:28.50 | ysakaed | nope doesn't work |
13:28.57 | ysakaed | guess have to wait until it goes back to 7c |
13:29.16 | stefan_schmidt | thanks |
13:29.38 | ysakaed | strange |
13:29.42 | stefan_schmidt | I think there is a deeper problem with your dead a780 |
13:29.43 | ysakaed | now its in 7c now |
13:29.49 | stefan_schmidt | :) |
13:29.53 | stefan_schmidt | That was fast. |
13:32.25 | ysakaed | nothing happened |
13:32.32 | stefan_schmidt | damn it |
13:33.41 | ysakaed | hmmm |
13:35.12 | stefan_schmidt | if i'am right harald was the only one who was able to boot this kernel. And me of course. |
13:35.20 | stefan_schmidt | This is really annoying. |
13:37.38 | ysakaed | i think alebm success too |
13:37.46 | ysakaed | i was talking to him yesterday he said he managed to do it |
13:37.57 | ysakaed | if i remember it correctly |
13:38.27 | stefan_schmidt | good. feedback about this is very welcome. |
13:39.08 | stefan_schmidt | talking about alebm remember me to trigger him about the scummvm patch. :) |
13:39.18 | ysakaed | hehe |
13:39.21 | ysakaed | i will tell him tomrow |
13:39.41 | ysakaed | its good to play old classic game ;) |
13:40.00 | stefan_schmidt | you know him personally? |
13:40.23 | stefan_schmidt | or just have a chat elsewhere? |
13:40.29 | ysakaed | i chat with him on msn |
13:40.51 | ysakaed | he usually appear around 12 afters after now ;) |
13:41.00 | stefan_schmidt | :) |
13:41.05 | stefan_schmidt | timezones are funny |
13:41.13 | ysakaed | which is 1pm in the afternoon for me |
13:41.29 | ysakaed | ehehe |
13:55.53 | *** join/#openezx ao2 (n=u@2001:1418:117:0:0:0:0:1) |
13:56.10 | ao2 | hallo |
13:57.48 | stefan_schmidt | hi |
14:03.49 | ao2 | I have a conjecture about the different FLAG values |
14:05.09 | ao2 | I noted that on my phone, which I do not use very much, FLAG assumed several values |
14:05.56 | ao2 | moreover Harald said that his dev phones show an higher FLAG value, while his production phone show 0x7c7c7c7c |
14:06.54 | ao2 | stephan reported that his phone has "always" that value, and he added that the phoen is used quite intensively while not being hacked |
14:07.08 | ao2 | s/stephan/stefan/ |
14:08.14 | ao2 | so, I tried to not use my phone for a while, leaving it turned OFF during the night |
14:08.28 | ao2 | this morning I had FLAG=0x95aa95aa |
14:09.36 | ao2 | then i left my phone switched ON (in normal mode, not bootloader mode), and at 16.00 I have FLAG=0x7c7c7c7c |
14:11.12 | ao2 | so __maybe__ (at least in my case) the flag value tells the state of charge of some internal component that change state when the phone in ON for a while |
14:11.38 | ao2 | my conjecture is based on the assumption that harald keeps his dev phones turned OFF while not ahking on them |
14:11.59 | ao2 | and on the fact that stefan, maybe, leave the phone turned on even during the night?? |
14:12.06 | ao2 | ... |
14:12.24 | ao2 | did you understand anything of what i wrote? :) |
14:13.32 | ao2 | well, even if my thery is somehow proved, I do not know, yet, why the kernel from fals boots anyway, regardless the flag value... |
14:13.43 | ao2 | s/thery/theory |
14:14.05 | ao2 | s/fals/flash |
14:15.58 | ao2 | what do you think about this weird idea? |
14:17.42 | stefan_schmidt | sorry for the delay |
14:18.23 | stefan_schmidt | could be a theory but there are still some open questions. |
14:18.34 | ao2 | sure |
14:18.54 | ao2 | but, can you confirm that you leave your phone On during night? |
14:19.03 | stefan_schmidt | I'll turn my phone off this night. |
14:19.15 | ao2 | well, just to try |
14:20.28 | stefan_schmidt | the other point to dig could be the bp bootloader. |
14:21.25 | stefan_schmidt | I think he runs before blob. We can the first two lines in our botloader pictures about that. |
14:22.30 | stefan_schmidt | And reading the motorola changes in the blob code gives my the guess there is an BP bootloader and it runs first. |
14:23.02 | ysakaed | hmmmmm |
14:23.59 | ao2 | If we wanted to change the bootloader we would need to use a jtag, is that correct? |
14:25.13 | stefan_schmidt | perhaps you can flash the bootloader area also from a running phone inside a telnet session. But you really want a working jtag setup if something goes wrong. |
14:25.57 | ao2 | did you tried to open your phone stefan_schmidt ? I was thinking to open mine. |
14:26.16 | ao2 | or there are some photos on the net already? |
14:29.31 | stefan_schmidt | no |
14:29.45 | stefan_schmidt | thinking about it |
14:30.33 | stefan_schmidt | i think i've seen some picture at motofans. Not sure if it was e680 or a780 |
14:31.25 | ao2 | i saw some e680 too |
14:32.37 | stefan_schmidt | btw: i should have done a backup before. Yesterday i flashed a really small kernel without fs support and after that my images was gone. |
14:32.46 | stefan_schmidt | weird |
14:34.29 | ao2 | backup... i didn't make it either. Anyway, If I manage to open my moto, I'll tell you, so you can leave your dressed :) |
14:34.38 | stefan_schmidt | :) |
15:10.12 | stefan_schmidt | ysakaed, night |
15:23.37 | *** join/#openezx TimRiker (n=timr@pdpc/supporter/bronze/TimRiker) |
15:49.28 | *** join/#openezx blkhawk (i=blkhawk@p54A769AA.dip.t-dialin.net) |
16:28.45 | stefan_schmidt | TimRiker: Do you figured out the problem with busybox? |
16:51.32 | TimRiker | nope. need to try some different toolchains. |
16:52.08 | TimRiker | I tried a static busybox built with uclibc and still got some broken behaviour |
16:52.41 | TimRiker | so it's not the c library. or at least not only the c library. |
16:53.04 | TimRiker | is there anything in the kernel sources about the drm mount stuff? |
16:53.29 | TimRiker | I wonder if they changed the syscall interface defs. |
17:02.50 | stefan_schmidt | TimRiker: I've not read much of the kernel changes from motorola yet. Perhaps LaF0rge can give you a hint. |
18:15.46 | *** join/#openezx uwe (n=uwe@dslb-084-056-014-233.pools.arcor-ip.net) |
19:26.54 | ao2 | hi again |
19:27.22 | ao2 | I found that site, that have a reverse engineering report of the A780, but it is quite expensive to buy... |
19:27.24 | ao2 | http://www.dri.co.jp/auto/report/portelligent/pormota78005.htm |
19:40.45 | ao2 | here there are some photos of my A780 naked: http://www.studenti.unina.it/~ospite/gallery/gallery_images/foto/naked%20moto/index.html |
19:46.01 | *** join/#openezx stefan_schmidt (n=stefan@p548648DB.dip.t-dialin.net) |
19:46.50 | ao2 | hi stefan_schmidt |
19:47.02 | ao2 | i took some photos of my moto's internals |
19:47.09 | ao2 | http://www.studenti.unina.it/~ospite/gallery/gallery_images/foto/naked%20moto/index.html |
19:51.26 | stefan_schmidt | hi |
19:51.44 | stefan_schmidt | cool. i'll take a look |
19:52.04 | *** join/#openezx uwe_ (n=uwe@213.244.124.16) |
19:52.13 | uwe_ | uwe, sorry ... |
19:52.56 | *** part/#openezx uwe (n=uwe@213.244.124.16) |
19:53.14 | *** join/#openezx uwe_ (n=uwe@dslb-084-056-014-233.pools.arcor-ip.net) |
19:54.53 | *** part/#openezx uwe_ (n=uwe@dslb-084-056-014-233.pools.arcor-ip.net) |
19:57.30 | *** join/#openezx uwehermann (n=uweherma@dslb-084-056-014-233.pools.arcor-ip.net) |
19:57.47 | stefan_schmidt | uwehermann: hi |
19:57.56 | uwehermann | stefan_schmidt: hi stefan |
19:58.02 | ao2 | I've also found service manuals for A780, but I do not know if such infos can be used in writing freesoftware in a legal way |
19:59.41 | stefan_schmidt | ao2: is the manual available from the motorola site or is it leaked under unknown circumstances? |
19:59.58 | uwehermann | gotta go now, but I'll be around more often in future for a780 work... |
19:59.58 | ao2 | rather unknown, i have to say |
19:59.59 | uwehermann | cu |
20:01.11 | *** part/#openezx uwehermann (n=uweherma@dslb-084-056-014-233.pools.arcor-ip.net) |
20:04.16 | stefan_schmidt | ao2: Nice pictures but the interesting chips, and especially their names, are covered. |
20:04.57 | stefan_schmidt | ao2: And i don't think it is a good idea to remove this covers. |
20:05.00 | ao2 | i know, but i was a bit feared, please understand :) |
20:05.08 | ao2 | in fact |
20:06.02 | stefan_schmidt | ao2: no problem. I#am feared to naked it, too. |
20:06.42 | stefan_schmidt | I'am not sure but perhaps LaF0rge had done some good pics. We should ask him. |
20:07.04 | ao2 | Level 1 and 2 Service manuals, have infos about part lists and disassembling instruction, not many informations about ICs |
20:07.32 | ao2 | I think I can give you the source, it is on the net after all |
20:08.58 | stefan_schmidt | If the manual is only for disassembling instruction i see no problems with writing software here. |
20:09.11 | ao2 | Level 3 manuals can "pollute" developers, i think |
20:09.37 | stefan_schmidt | ok, so please don't send the url. |
20:10.43 | stefan_schmidt | i want to be sure we get no problems later with things like "You have read our manual, so you stolen our code..." |
20:11.21 | stefan_schmidt | People really want to look into this stuff will find it anyway on the net. |
20:12.16 | ao2 | sure, at least we have to see what LaForge thinks about that, and i think his opinion will be pretty much like your |
20:12.22 | stefan_schmidt | Some of the ezx sdk are alos leaked if i understand the postings in the motofans forum. |
20:12.30 | TimRiker | <PROTECTED> |
20:13.43 | TimRiker | I'd love to see the ezx sdk too. |
20:13.43 | ao2 | i think i found the link prawling in morofans |
20:13.43 | ao2 | and the sdk can be found that way too |
20:13.43 | TimRiker | k |
20:13.44 | ao2 | s/morofans/motofans |
20:14.56 | stefan_schmidt | <PROTECTED> |
20:23.17 | TimRiker | <PROTECTED> |
20:24.43 | TimRiker | <PROTECTED> |
20:26.24 | TimRiker | <PROTECTED> |
20:26.52 | stefan_schmidt | just added: http://wiki.openezx.org/Photos |
20:26.53 | TimRiker | there is patented code in the linux kernel that is licensed for use in a limited manner. |
20:26.57 | stefan_schmidt | <PROTECTED> |
20:27.34 | TimRiker | see the nftl m-systems drivers for an example. GPL, but patent restricted. (assuming the patents are valid and enforceable) |
20:28.04 | stefan_schmidt | <PROTECTED> |
20:28.41 | stefan_schmidt | oh, i don't knoew such stuff touches the kernel. |
20:29.00 | TimRiker | <PROTECTED> |
20:30.09 | stefan_schmidt | what happend if they changed there mind and want to get money out of that? Removing the code is of course possible but what is about the already running kernels? |
20:31.22 | stefan_schmidt | <PROTECTED> |
20:37.26 | ao2 | should I hide some info other than IMEI on the pictures? |
20:38.09 | ao2 | i'm referring to any "personal" informations |
20:39.48 | stefan_schmidt | ao2: hide IMEI is a good idea. The other numbers are technical and no personal stuff. |
20:40.29 | stefan_schmidt | ao2: I think only picture number 5 is affected. |
20:40.38 | ao2 | yes |
20:40.56 | ao2 | i forgot to upload updated thumbnails |
20:41.06 | stefan_schmidt | ao2: Sorry i should had asked you before linking your photos on the wiki. |
20:41.29 | ao2 | well, i'm fixing my picture number 5 |
20:42.58 | ao2 | ok, updated, no problem. |
20:43.53 | stefan_schmidt | you're fast :) |
20:55.41 | blkhawk | evening |
20:55.52 | blkhawk | just woke up after a few hours of needed sleep |
20:55.58 | blkhawk | did i miss anything? |
20:57.08 | stefan_schmidt | hi |
20:57.58 | stefan_schmidt | not really. ao2 naked his a780 |
20:58.12 | blkhawk | ohhh |
20:58.16 | blkhawk | pr0n |
20:58.19 | ao2 | just undressed it a bit :) |
20:59.17 | stefan_schmidt | you can buy some nice underwear. ;) |
21:02.56 | ao2 | time to go |
21:03.00 | ao2 | see you tomorrow |
21:03.15 | ao2 | and stefan_schmidt, remember to switch off your phone :P |
21:04.03 | stefan_schmidt | ao2: i will do so. |
21:05.13 | ao2 | tomorrow, here in italy we will now what will be the new gorverment for the next 5 years, give us a "good luck" :) |
21:05.31 | ao2 | s/now/know |
21:06.14 | ao2 | good night |
21:09.23 | TimRiker | and stop if from flashing green when locked. |
21:14.02 | TimRiker | Here's one I wish I had: http://www.teardown.com/channels/wireless/Motorola_A780.aspx but not to the tune of $2,450. |
21:15.01 | blkhawk | heh |
21:15.44 | stefan_schmidt | what a price |
21:15.59 | TimRiker | used to have access to there at a previous employer. |
21:16.19 | stefan_schmidt | I think we figue out the most of our own. But this will take some time. |
21:17.09 | TimRiker | not a lot in the teardown that we need and can't discover. but they kill a device by opening all the covers which is nice. |
21:17.51 | TimRiker | they also do power profiles and cost estimates. Not useful for hacking purposed, but if you wanted to clone the device, then they are very useful. |
21:18.46 | stefan_schmidt | i'd think the chinese guys disassembling on their own for cloning purpose. ;) |
21:19.13 | TimRiker | I need an stunnel binary so I can secure pop, imap, and smtp. |
21:27.25 | stefan_schmidt | did stunnel need openssl? |
21:32.25 | *** join/#openezx uwehermann (n=uweherma@dslb-084-056-026-138.pools.arcor-ip.net) |
21:32.31 | uwehermann | hi |
21:32.34 | stefan_schmidt | hi |
21:51.12 | TimRiker | stefan_schmidt: yes. stunnel needs openssl. |
21:51.25 | TimRiker | can't recall if openssl is on the device already or not. |
22:27.40 | stefan_schmidt | if i'am right, openssl is not on the device. |
22:28.55 | stefan_schmidt | I read about problems compiling openssl for this phone. But i'am not sure with which toolchain the problems occurs. |
22:40.02 | *** join/#openezx quobl (n=quobl@tor/session/x-89dbf0e0b360499c) |
23:21.06 | TimRiker | makes a lot of sense. build ssl support but only compile it into the opera binary. |
23:23.08 | TimRiker | so anyone have a web or ssh server running on the phone yet? |
23:23.54 | TimRiker | anyone looked at the in.ftpd wierdness? (it runs but it's not a normal ftp and it's not on the filesyste) |
23:30.32 | stefan_schmidt | The in.ftpd thing is odd. |
23:31.28 | stefan_schmidt | Harald has dropbear in his svn: http://svn.gnumonks.org/trunk/a780/src/dropbear/ |
23:31.44 | stefan_schmidt | i need really some sleep now. night. |
23:52.51 | TimRiker | nite. |