11-18-2012, 11:32 AM | #1 |
but forgot what it's like
Posts: 741
Karma: 2345678
Join Date: Dec 2011
Location: north (by northwest)
Device: Kindle Touch
|
How idme tool works
For a long time, it was speculated that writing zeroes into some /dev/mmcblk0 areas can erase idme variables, because these areas are somewhat specially handled (maybe, write-only) and directly mapped to storage area of these variables. I think, it's not quite right.
At first, some trivial fact: idme tool (i.e. /usr/sbin/idme) initially reads current idme varables' values from various /proc files, which are created by kernel from values passed by U-Boot in memory. Here is a list of these files: Code:
[root@kindle root]# grep /proc\/ /usr/sbin/idme /proc/usid /proc/mac_addr /proc/mac_sec /proc/board_id /proc/bootmode /proc/postmode But real values aren't changed immediately after writing to /dev/mmcblk0. They are changed only on (re)boot by U-Boot. Check function idme_check_update in U-Boot sources (located at file common/cmd_idme.c). This function peeks at fixed offset of /dev/mmcblk0, checks for presence of predefined magic byte sequence (represented by characters "abcdefghhgfedcba") and then (only after acknowlegement of presence of magic sequence!) copies idme variables block from /dev/mmcblk0 to separate boot partition (where U-Boot is stored by itself) and rewrite idme variables block at /dev/mmcblk0 with zeroes. eMMC offset and size of variables block are defined at include/configs/imx50_yoshi.h: Code:
#define CONFIG_MMC_USERDATA_ADDR 0x3F000 #define CONFIG_MMC_USERDATA_SIZE (5*1024) Code:
#define CONFIG_IDME_UPDATE 1 #define CONFIG_IDME_UPDATE_ADDR 0x3f000 #define CONFIG_IDME_UPDATE_MAGIC "abcdefghhgfedcba" Code:
[root@kindle root]# hexdump -C -s 0x3f000 -n 5120 /dev/mmcblk0 0003f000 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| * 00040400 Let's set idme variable value and then read data at that offset again (I've changed suffixes of private data values with X): Code:
[root@kindle root]# idme -d --bootmode main Devmode enabled Reading vars from temp storage... ...None found, Copying vars from /proc Setting bootmode to main Writing new vars to temp area You must reboot before new values will take effect [root@kindle root]# hexdump -C -s 0x3f000 -n 5120 /dev/mmcblk0 0003f000 42 30 30 46 XX XX XX XX XX XX XX XX XX XX XX XX |B00FXXXXXXXXXXXX| 0003f010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| * 0003f030 46 30 XX XX XX XX XX XX XX XX XX XX 00 00 00 00 |F0XXXXXXXXXX....| 0003f040 45 53 XX XX XX XX XX XX XX XX XX XX XX XX XX XX |ESXXXXXXXXXXXXXX| 0003f050 XX XX XX XX 00 00 00 00 00 00 00 00 00 00 00 00 |XXXX............| 0003f060 30 30 35 XX XX XX XX XX XX XX XX XX XX XX XX XX |005XXXXXXXXXXXXX| 0003f070 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| * 0003f1f0 61 62 63 64 65 66 67 68 68 67 66 65 64 63 62 61 |abcdefghhgfedcba| 0003f200 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| * 00040000 6d 61 69 6e 00 00 00 00 00 00 00 00 00 00 00 00 |main............| 00040010 6e 6f 72 6d 61 6c 00 00 00 00 00 00 00 00 00 00 |normal..........| 00040020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| * 00040400 Last edited by eureka; 11-18-2012 at 12:03 PM. Reason: proper X's |
11-18-2012, 11:57 AM | #2 |
Carpe diem, c'est la vie.
Posts: 6,433
Karma: 10773668
Join Date: Nov 2011
Location: Multiverse 6627A
Device: K1 to PW3
|
You should X out the hex values too. Your idme vars are still exposed in the hex dump, and can be converted from hex to ASCII easily.
Great information. Thanks. |
Advert | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Classic Font and epub, what works on sony, now works on Nook too! | ctos | Barnes & Noble NOOK | 26 | 07-25-2011 09:24 AM |
The right tool? | SleepyBob | Sigil | 4 | 01-25-2011 09:03 PM |
New tool? | cloggy | Reading and Management | 2 | 08-27-2010 05:13 PM |
Fonts and Epub - What works on Sony, Works for Pocket Pro too! | tamzilla | Astak EZReader | 23 | 12-13-2009 10:56 PM |