View Single Post
Old 02-27-2012, 05:42 AM   #89
geekmaster
Carpe diem, c'est la vie.
geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.
 
geekmaster's Avatar
 
Posts: 6,433
Karma: 10773668
Join Date: Nov 2011
Location: Multiverse 6627A
Device: K1 to PW3
Quote:
Originally Posted by TommyLau View Post
geekmaster, thank you so much for your detailed replied, as you mentioned if the battery is low, the behavior will be strange.

Actually, that's exactly the problem I've met: MfgTool starting to download u-boot to the Kindle but never finishing, the issues is, the MfgTool shows it downloaded successfully, but the start/stop button is still in red, which is not a normal finish I assume.

And also, I tried to charge the battery by a wall charger, however, the orange light will on, and last for 3~4 hours, it will go dim(no lights any more), I've done that like three to four times. I think the charging didn't work out, right?

Another quick question is, is there any download link for the whole Kindle Touch binary image in case my FLASH(or partition) is corrupted?

Thank you so so so much for your help.
Kindles can get bricked in different ways. Charging them could depend on how they are bricked.

When I bricked my old K4NT I did not know how to charge it and nothing seemed to work enough. Charging overnight got me only about 20 to 30 minutes in which I could load u-boot with MfgTool, then it would not work again. I would have to charge it with a wall charger overnight before it would work with MfgTool again. I ended up charging the old K4NT battery using the new K4NT without removing either battery (they are glued in with a very secure glue). I was able to position the two kindles back to back and get the battery cable connected between them using needle-nosed pliers, after folding the cable back at a 45-degree angle. I later discovered that I could get a full charge in fastboot mode so this risky procedure would not have been necessary.

Conclusion: charge enough to get into fastboot mode, then fully charge it in fastboot mode. You can monitor the charging process with a serial port connection. As mentioned before, the LED is software-controlled and cannot be trusted on a bricked kindle.

Regarding the complete touch backup image, I have used "dd" to copy the first 32MB of mmcblk0p1 (which contains the linux kernels for man and diags), but it has long stretches of 0x00 in it. According to yifanlu, it appears that parts of this memory are "write-only" to user-land processes such as the dd command I used. It was reported that the idme command we use to read and write idme vars (serial, pcbsn, mac, mfg, accel, bootmode, postmode) writes directly to those locations, but reads a /proc (kernel driver interface) to get those values from a kernel-mode process that reads them.

That means that some areas of our mmc are not readable by "dd", so a full backup would not contain all the data (all those 0x00 in my backup?). But it looks like we may be able to WRITE an image though, which could possibly write bad data onto good data in those protected areas if we use dd to write an image that was created with dd.

What we really need is a kernel-mode process to read and write mmc (similar to idme, but which can give us a full backup of protected areas of mmc and not just the idme vars). A tool such as this may be considered a security risk by amazon (a hack tool) because those areas were not protected by accident and may contain information that would help people do bad things (like decrypt protected books purchased from amazon). We want this tool for good, and people already know how to do the bad things without this, so I hope amazon would not give us trouble for creating or using such a tool.

I think we can get a full backup of all of the mmc contents now (including protected areas) by exporting it over the serial port. There were early reports of this being done on the forums during the early analysis of the Touch, when a jailbreak method was being researched.

We can normally flash (write) to mmc using tools such as MfgTool or fastboot. Unfortunately, there appears to be a fastboot bug in the touch, where flashing other partitions writes onto mmcblk0 instead of where it belongs, and terminates early with a false "success" report. That means that my touch mmcblk0p1 may be corrupted now, and the serial port verifies that when I try to boot main or diags, when I get a "linux kernel not found" error message in the serial port status messages.

So what I need to explore this further is a copy of mmcblk0 (at least the first 32MB) from somebody who exported it from a good kindle touch using the serial port. I want to fix fastboot so that it works correctly. In the mean time, USB Downloader mode has most of the same functionality as fastboot, so perhaps we can flash the touch partitions using MfgTool (with different profiles) instead of fastboot. We can use fastboot after it gets repaired.

Last edited by geekmaster; 02-27-2012 at 06:17 AM.
geekmaster is offline   Reply With Quote