02-24-2012, 11:23 PM
|
#76 |
|
Carpe diem, c'est la vie.
  
Posts: 6,433
Karma: 10773668
Join Date: Nov 2011
Location: Multiverse 6627A
Device: K1 to PW3
|
Summary: The kindles have a "Magic Bullet" that will ALWAYS allow custom code to be installed on them, including anything from just adding a jailbreak key, custom screensaver or custom fonts, all the way up to installing a completely different operating system on them, like Android OS. These tools already exist and we know how to use them. Simple step-by-step instructions will be provided, along with custom partition images that already contain the custom changes that we want.
Read all about it: https://www.mobileread.com/forums/sho....php?p=1979692 Conclusion: So, good news all around. Not just for me, but for everybody. Yes? UPDATE: Because this grew into a book-like "manifesto", I broke it up into chapters and added chapter titles. It is really a topic of its own, so I moved it to a new thread called "Fastboot Manifesto". This also replaced previous posted contents that were evolving into the new content as I reworked it and thought about it more. Last edited by geekmaster; 02-25-2012 at 04:25 AM. |
|
|
|
02-25-2012, 03:56 AM
|
#77 |
|
Junior Member
Posts: 3
Karma: 10
Join Date: Feb 2012
Device: Kindle Touch
|
How to recover mmcblk0p1 with fastboot?
My Kindle Touch bricked. Thanks to geekmaster and yifanlu, I'm able to boot into fastboot. I have compiled fastboot on my ArchLinux x64. It seems to be working well. It can recognize my Kindle Touch and do flash. However, when I try to do
Code:
./fastboot flash system mmcblk0p1.img However, Code:
./fastboot erase system Could anyone tell me the right procedure to recover the main partition(mmcblk0p1) in fastboot? Thanks! |
|
|
|
|
02-25-2012, 03:59 AM
|
#78 | |
|
Connoisseur
Posts: 67
Karma: 10
Join Date: Feb 2012
Device: Kindle Touch SO
|
Quote:
 And geekmaster keep saying that its possible and will be possible always. So I keep believing BTW: what should happen when Kindle boots in fastboot mode? Because I can't see anything happen: nothing change on the screen, no new USB device connects.. Last edited by murz_07; 02-25-2012 at 04:09 AM. |
|
|
|
|
|
02-25-2012, 04:10 AM
|
#79 | |
|
Carpe diem, c'est la vie.
Posts: 6,433
Karma: 10773668
Join Date: Nov 2011
Location: Multiverse 6627A
Device: K1 to PW3
|
Quote:
|
|
|
|
|
|
02-25-2012, 04:14 AM
|
#80 | |
|
Carpe diem, c'est la vie.
Posts: 6,433
Karma: 10773668
Join Date: Nov 2011
Location: Multiverse 6627A
Device: K1 to PW3
|
Quote:
Up until now, I have been concentrating on tools that do not need fastboot mode. But now that fastboot is the only tool to repair my kindle touch, which was bricked while testing these other methods, I will now concentrate on getting a fastboot solution put together, including simple patches to create preconfigured partition images from original partition backups. As reported above, there may be a problem with the flashing images to a Kindle Touch. Let's hope that is a problem with that particular fastboot tool and not with the touch. I successfully flashed partitions on a K4NT using a fastboot that I compiled, but I modified the source code to clean all the warning messages before I used it. I need it to repair my Touch, so this potential problem will be analyzed (and hopefully corrected) soon. Last edited by geekmaster; 02-25-2012 at 04:23 AM. |
|
|
|
|
|
02-25-2012, 04:24 AM
|
#81 | |
|
Junior Member
Posts: 3
Karma: 10
Join Date: Feb 2012
Device: Kindle Touch
|
Quote:
|
|
|
|
|
|
02-25-2012, 04:33 AM
|
#82 | |
|
Carpe diem, c'est la vie.
Posts: 6,433
Karma: 10773668
Join Date: Nov 2011
Location: Multiverse 6627A
Device: K1 to PW3
|
Quote:
P.S. I really need some sleep before I try using fastboot to reflash my touch to repair the damaged /var/local/mntusb.params file. It is a new idea to me to make CHANGES to a partition by flashing an image file that has those changes preinstalled. I think that this is a GOOD idea. UPDATE: I have a serial port connection on my touch now. When I use fastboot to flash an image file to the system (or other) partition, the serial port shows a message that it flashed mmcblk0 (which contains linux kernels for main and diags). When I try to boot main or diags is says "linux kernel not found", which confirst that mmcblk0 does appear to have been overwritten with the wrong data. That could also explain why if quits with a "success" message much too quickly. For now, I recommend booting to diags and using the dd command in a RUNME.sh script file to write an mmcblk0p1.img file on the USB drive to /dev/mmcblk0p1, as described in later posts in this thread, and in the "Fastboot Manifesto" thread. P.S. In English, "rubish" means "in the manner of a rube, or rube-like". It can also mean "Rube Goldberg-like" (i.e. overly complex). Rube: http://www.urbandictionary.com/define.php?term=rube - Rube Goldberg: http://www.dictionaryslang.com/Rube%20Goldberg. "Rubbish" (different word) means "garbage", implying grossly incorrect or useless - how can asking questions and stating known facts be considered "garbage"? So, the next post below must be calling somebody a "rube". What's up, ItsMee? Last edited by geekmaster; 02-27-2012 at 06:44 AM. |
|
|
|
|
|
02-25-2012, 05:28 AM
|
#83 |
|
Member
Posts: 19
Karma: 10
Join Date: Feb 2012
Device: Kindle Touch
|
- rubish -
|
|
|
|
|
02-26-2012, 09:13 AM
|
#84 | |
|
Junior Member
Posts: 5
Karma: 10
Join Date: Feb 2012
Device: Kindle Touch
|
Quote:
I can enter the USB Recovery Mode, but unfortunately, no matter what u-boot I've downloaded, my Kindle Touch can't boot. Even when I tried to press it for over 30s, I can't see the green light. If there any possibility that with the USB Recovery(HID Mode) I can download the whole binary(firmware)? I doubt that the FLASH might be corrupted. If I can't fix it, then I have to send it back to Amazon. |
|
|
|
|
|
02-26-2012, 11:35 AM
|
#85 |
|
Member
Posts: 19
Karma: 10
Join Date: Feb 2012
Device: Kindle Touch
|
I'm base user - all my advises may make it worse for you. Only take actions that you understand.
>Even when I tried to press it for over 30s, I can't see the green light. Not sure how, but i was there and got my kindle back to work. Are you able to get into diagnose mode? Are you able to access the Kindle via USB? Did you change scripts before the kindle broke? If so - you might want to revert that changes with a script via usb, that fixed a lot for me, together with the factory_reset. Make sure you don't mess up any further, better think twice. (I'm to nervous once in a while :-) ItsMee PS: Any good advises how to make my /tmp/root/authorized_keys persistent? Didn't see something like /etc/rc.local and don't need another unbootable situation right now :-) |
|
|
|
|
02-26-2012, 05:55 PM
|
#86 |
|
Carpe diem, c'est la vie.
Posts: 6,433
Karma: 10773668
Join Date: Nov 2011
Location: Multiverse 6627A
Device: K1 to PW3
|
The LED is not a reliable indicator of battery status on a bricked kindle. It is controlled by SOFTWARE, not by hardware. In fact, the battery charger is also controlled by SOFTWARE, so bricking a kindle can interfere with charging the battery.
We have had excellent recovery success by charging the battery first. Charge the battery with a wall charger for at least two hours, then use MfgTool to change to fastboot mode (which charges better and faster according to serial i/o messages about battery status during fastboot mode). Charge it in fastboot mode AT LEAST two more hours (preferably overnight) then try again. There are three different people I helped who succeeded ONLY after there battery got enough charge. Without enough, you will see strange behavior, like RUNME.sh not finishing, or fastboot not working, or MfgTool starting to download u-boot to the Kindle but never finishing. So, charge it enough to get into fastboot mode, then charge it some more. There is a good chance you WILL be able to get to diags, from which you CAN repair you kindle using USB drive export and a custom RUNME.sh launched by data.tar.gz, to fix your "custom" problem... I have my touch connected to a serial port now, and the ONLY serial i/o messages I see during and after booting to fastboot are battery voltage messages, which show a steady quick charge up to 4.190 volts, where it stabilizes (my k4nt stabilizes at 4.171 volts). Now that I have a good battery charge, I will try debricking it again. Here is my serial port output after booting fastboot with MfgTool: Code:
Boot 2009.08-lab126 (Feb 19 2012 - 05:03:11) CPU: Freescale i.MX50 family 1.1V at 800 MHz mx50 pll1: 800MHz mx50 pll2: 400MHz mx50 pll3: 216MHz ipg clock : 50000000Hz ipg per clock : 50000000Hz uart clock : 24000000Hz ahb clock : 100000000Hz axi_a clock : 400000000Hz axi_b clock : 200000000Hz weim_clock : 100000000Hz ddr clock : 800000000Hz esdhc1 clock : 80000000Hz esdhc2 clock : 80000000Hz esdhc3 clock : 80000000Hz esdhc4 clock : 80000000Hz MMC: FSL_ESDHC: 0, FSL_ESDHC: 1 Board: Whitney WFO Boot Reason: [POR] Boot Device: MMC Board Id: 0061XXXXXXXXXXXX S/N: B011XXXXXXXXXXXX *** TODO: Dump protected MMC here *** DRAM: 256 MB Using default environment In: serial Out: logbuff Err: logbuff Quick Memory Test 0x70000000, 0xfffe000 POST done in 13 ms BOOTMODE OVERRIDE: FASTBOOT Hit any key to stop autoboot: 0 U-Boot 2009.08-lab126 (Nov 03 2011 - 11:56:58) CPU: Freescale i.MX50 family 1.1V at 800 MHz mx50 pll1: 800MHz mx50 pll2: 400MHz mx50 pll3: 216MHz ipg clock : 50000000Hz ipg per clock : 50000000Hz uart clock : 24000000Hz cspi clock : 54000000Hz ahb clock : 100000000Hz axi_a clock : 400000000Hz axi_b clock : 200000000Hz weim_clock : 100000000Hz ddr clock : 200000000Hz esdhc1 clock : 80000000Hz esdhc2 clock : 80000000Hz esdhc3 clock : 80000000Hz esdhc4 clock : 80000000Hz MMC: FSL_ESDHC: 0, FSL_ESDHC: 1 Board: Whitney WFO Boot Reason: [POR] Boot Device: MMC Board Id: 0061XXXXXXXXXXXX S/N: B011XXXXXXXXXXXX I2C: ready DRAM: 256 MB Using default environment In: serial Out: serial Err: serial POST done in 2 ms Battery voltage: 4058 mV BOOTMODE OVERRIDE: FASTBOOT running cmd: fastboot Entering fastboot mode... Battery voltage: 4063 mV USB speed: HIGH Connected to USB host! Charger disconnect USB speed: HIGH Connected to USB host! USB configured. Battery voltage: 4166 mV Battery voltage: 4162 mV Battery voltage: 4162 mV Battery voltage: 4162 mV Battery voltage: 4171 mV Battery voltage: 4176 mV Battery voltage: 4166 mV Battery voltage: 4162 mV Battery voltage: 4171 mV Battery voltage: 4176 mV Battery voltage: 4185 mV Battery voltage: 4185 mV Battery voltage: 4166 mV Battery voltage: 4180 mV Battery voltage: 4180 mV Battery voltage: 4185 mV Battery voltage: 4190 mV Battery voltage: 4194 mV Battery voltage: 4190 mV Battery voltage: 4190 mV Battery voltage: 4194 mV Battery voltage: 4190 mV I think that the reason is because fastboot loads the full bist u-boot from mmc (why there are two u-boot sets above), and the larger bist build has better battery charging code in int. Booting to main or diags just uses the little u-boot that was loaded into RAM. Last edited by geekmaster; 02-27-2012 at 05:18 AM. |
|
|
|
|
02-26-2012, 08:43 PM
|
#87 |
|
Carpe diem, c'est la vie.
Posts: 6,433
Karma: 10773668
Join Date: Nov 2011
Location: Multiverse 6627A
Device: K1 to PW3
|
Another one (un)bites the dust!
Here is the IRC session (with permission) from another successfully debricked kindle touch:
Code:
14:51 <dasmoover> so i can repair the dead kindle touch?
14:53 <geekmstr> A lot of people did. I provided a "demo" payload, that does
nothing but put something on the display, but my "universal"
mntus.params works on all kindles by computing the values,
even with no payload, fixes kindles that were bricked when
they used a data.tar.gz for a different kindle model.
14:53 <geekmstr> In that thread, cscat added a command to call the
factory_reset script (not included in my download yet),
that unbricked a lot more kindles...
14:54 <geekmstr> My KindleSelectBoot tool (custom u-boot images and
custom MfgTool profiles) lets you boot a bricked kindle to main,
diags, or fastboot with no changes to mmc...
14:55 <dasmoover> link!
14:55 <dasmoover> i need to restore my old ktouch
14:55 <dasmoover> remember the one i bricked?
14:55 <geekmstr> https://www.mobileread.com/forums/showthread.php?t=169645
14:56 <geekmstr> https://www.mobileread.com/forums/showthread.php?t=170241
14:57 <dasmoover> well wheres the tool dude/
14:58 <geekmstr> downloads in first post:
https://www.mobileread.com/forums/showthread.php?t=169645
14:58 <geekmstr> screenshots this post:
https://www.mobileread.com/forums/showthread.php?p=1972836
15:01 <geekmstr> you can write a RUNME.sh to copy all the dropbear files
from main to diags (if you mount them), if you installed yifanlu's
SSH package. Or you could put his .tar.gz on /mnt/mmc and
make RUNME.sh extract it to diags root if you make it writable...
15:02 <geekmstr> With the dropbear files in place, the USBnet diags menu
starts SSH (which takes about 20 secs for dropbear to init before
you can connect). diags menus N) U) Z) then exit to start dropbear...
15:03 <geekmstr> Either use SSH to mount and fix main, or use some custom
RUNME.sh scripts. Later in the thread I posted (in "code" tags)
that dumps a LOT of diags info into /mnt/us/gmlogs.txt (or
something like that)...
15:04 <geekmstr> Anyway, my tools have unbricked a lot of touches lately,
but they work on k4 as well...
15:04 <geekmstr> k4 is easier because booting to diags gives you ssh.
The dropbear files are already on the diags partition...
15:05 <geekmstr> Read the threads....
15:07 <geekmstr> But especially post#4 for screenshots, and bottom of #1
for downloads. And post #11 for the factory reset option...
15:08 <geekmstr> here you can read the code before installing it:
https://www.mobileread.com/forums/showthread.php?p=1978973
15:09 <dasmoover> cant seem to get into the special mode
15:10 <geekmstr> maybe your battery needs charging. use a usb power
adapter for a few hours. The battery completely drains when
bricked...
15:11 <geekmstr> you need to charge it enough (maybe overnight) to boot to
fastboot mode. In fastboot it charges quickly...
15:11 <dasmoover> ah
15:12 <dasmoover> yeah
15:12 <dasmoover> dead battery icon
15:12 <dasmoover> lol
15:12 <geekmstr> Anyway, try this: Plug into computer USB. Press and hold
power until LED off. Press Home button. Release power. Release
Home. New device with VID/PID 0x15a2/0x0052. Windows USB
HID drivers should install automagically... Then run MfgTool,
which talks to it...
15:13 <geekmstr> Charge it two or 3 hrs, then go to fastboot and fast-charge
it another hour...
15:13 <geekmstr> bricked only charges EXTREMELY slowly and only with a
power adapter...
15:13 <geekmstr> fastboot charges rapidly.
15:14 <geekmstr> Got it?
15:19 <dasmoover> jst gonna charge it a bit
15:22 <geekmstr> My "diags" RUNME.sh is here:
http://mobileread.com/forums/showthread.php?p=1979042
15:24 <dasmoover> beautiful man very good shit here
15:24 <geekmstr> thanks.
15:25 <geekmstr> I post all the steps of the evolution of my learning, in
stream-of-consciousness format, in hopes that others will learn
to learn like I do...
15:26 <geekmstr> Not just the end result, but the PROCESS of getting there
is what is the REAL goldmine...
15:26 <geekmstr> IMHO
15:28 <geekmstr> Of course my epiphany was obvious to people who
came from the android community, but it was new to me...
15:31 <geekmstr> Much of what I learned came from the GPL source code
and the freescale iMX50 Reference (and other) Manuals, and
using the tools you can download at freescale.com
15:33 <geekmstr> And from sbloader code for RockBox and other linux project
that use sbloader, and from yifanlu's fastboot tool (I cleaned the
source code so no warnings with gcc -Wall and -Wextra).
15:34 <dasmoover> awh yeah i'm in diags
15:35 <geekmstr> warning: I successfully flashed images to my k4, but others
say fastboot image flashing on touch reports "success" way to soon
and cannot have worked...
15:36 <geekmstr> Do not erase main system or diags with fastboot. Some dude
in my thread says he erased his before trying to flash it. It is not
eeprom, so why erase flash when you are going to completely fill
that range anyway?
15:36 <dasmoover> okay so i have usb mounted
15:36 <dasmoover> i remember
15:36 <dasmoover> i broke i by loading tun.ko
15:37 <dasmoover> so i'vw got to chang /lib
15:37 <dasmoover> i need to restore /lib
15:37 <geekmstr> in low power mode it loads a 0-byte fake storage device to
keep host PC "green" crap from turning off USB power...
15:38 <geekmstr> In the source code it is called "fstor" mode (fake storage).
It is part of the battery charging process...
15:39 <geekmstr> That is a problem with running scripts from mntus.params,
because "fdisk -l" can return bad values from the fstor device...
15:39 <dasmoover> so i need to create a data.tar.gz with original /lib
15:40 <geekmstr> do not use data.tar.gz -- root partition may not be
writeable. boot diags. export USB. Add MY data.tar.gz to launch
your RUNME.sh at next reboot to diags.
15:41 <dasmoover> okay
15:41 <geekmstr> Put your stuff in a .tar.gz, and have RUNME do "mount
/dev/mmcblk0p1 /mnt/mmc" then extract your package there...
15:42 <dasmoover> so no fastboot?
15:42 <geekmstr> Or --- make a runme and ssh.tar.gz and extract those
dropbear files to diags, so menu N) U) Z) X) will start dropbear.
15:43 <geekmstr> MfgTool with my profiles does NOT need fastboot (except
to recharge the battery).
15:44 <dasmoover> okay so i have /lib in .zip
15:44 <geekmstr> In my case, I did a BAD mntus.params that bricks main
and diags. If fastboot could erase mmcblk0p3 that would fix it, but its
partition names do not indicate which partition, and I already erased
the safe ones.
15:44 <dasmoover> on root
15:44 <dasmoover> usb
15:44 <geekmstr> I can ONLY use fastboot in my case. But you can boot to
diags to export usb drive.
15:44 <dasmoover> yeah
15:44 <dasmoover> i have lib.zip on usb
15:45 <dasmoover> now write a script to mount root and extract?
15:45 <geekmstr> yes...
15:45 <dasmoover> mount /dev/mmcblk0p1 /mnt/mmc
15:46 <dasmoover> unzip /mnt/us/lib.tar /mnt/mmc/
15:46 <dasmoover> does kindle have unzip?
15:46 <geekmstr> you can model it after scripts in my thread. Use the logger
one that pipes ALL output ( all code here ) 2>&1 >>/mnt/us/gmlogs.txt
15:47 <geekmstr> I believe it has unzip. It runs from startup scripts and they
use full path. You could add PATH= at top of script...
15:47 <geekmstr> then do not need full prefix path on all commands like
startup scripts use.
15:48 <geekmstr> mntusb is sourced, and kindle bricks easily from it, so
just use my published on in my data.tar.gz. Look at it though. Good
learning there...
15:48 <dasmoover> okay so now how to run?
15:48 <dasmoover> just rebboot?
15:48 <geekmstr> I like code to fit one screen full. Old school. My scripts
are compact.
15:49 <geekmstr> reboot from menu. Hard reset often does not run payload...
15:49 <dasmoover> D?
15:49 <geekmstr> in diags. reboot from menu.
15:50 <geekmstr> first menu item has a reboot in it. easier than the reboot
buried in the bottom exit menu...
15:50 <geekmstr> touch the first menu item in main screen, then restart there...
15:51 <dasmoover> its restarting
15:51 <geekmstr> I did not publish that yet. I will do screenshots of all the
steps later...
15:51 <dasmoover> still amazon thing
15:51 <dasmoover> happen to have ssh package handy
15:52 <geekmstr> You may need to add a reset for the boot counter if "repair
needed" screen. see the thread. SSH was already installed in main
using yifanlus package. I just copied from main to diags.
15:53 <dasmoover> is that info there
15:54 <geekmstr> https://github.com/downloads/yifanlu/KindleTool/simple_usbnet_1.1.zip
16:13 <dasmoover> how to write back img file in fastboot?
16:13 <dasmoover> i have .img file
16:13 <geekmstr> dd if=/mnt/us/mmcblk0p1.img of=/dev/mmcblk0p1 bs=1024
16:14 <geekmstr> That is probably in 100 posts in the forums. Basic linux.
16:20 <dasmoover> just rebooted.. waiting to see result
16:20 <dasmoover> dunno it still seems bricked
16:20 <dasmoover> i didnt use fastboot
16:20 <dasmoover> i used diags
16:20 <dasmoover> but i wanted to know fastboot
16:21 <dasmoover> i mean i just replaced pl01 and its still not booting up
16:21 <dasmoover> dunno what else could have corrupted
16:22 <geekmstr> did you boot diags (either with ENABLE_DIAGS or with my
boot tool) before writing your p1 image?)
16:22 <dasmoover> boot tool
16:22 <dasmoover> boot tool all times
16:23 <dasmoover> well f--- it wont go into diags now
16:23 <geekmstr> Each reboot goes back to whatever the bootmode var was.
If bootmode = main and no ENABLE_DIAGS, exting diags booted
to main before running payload.
16:23 <geekmstr> Maybe you need to charge the battery more...
16:24 <geekmstr> charge in fastboot mode.
16:24 <geekmstr> next time in diags, add ENABLE_DIAGS with the payload,
before rebooting.
16:25 <geekmstr> Or... do a hard reset with magic key to use my tool.
16:25 <dasmoover> says
16:25 <dasmoover> runmme.done
16:25 <dasmoover> and runme.out
16:25 <dasmoover> so it mustve run
16:25 <geekmstr> It ran from main. writing an image with files open corrupts it.
16:25 <geekmstr> Do it again with ENABLE_DIAGS.
16:26 <geekmstr> And you are using a low battery, so complications there too...
16:26 <dasmoover> so ENABLE_DIAGS on root righ
16:26 <geekmstr> Erase RUNEM.done first or script does not run.
16:26 <geekmstr> ENABLE_DIAGS on usb drive.
16:27 <dasmoover> yah did thatrebooting now
16:27 <geekmstr> Need to update first post. Info in later posts says add
ENABLE_DIAGS and erase RUNME.done and add data.tar.gz
while exporting USB drive in diags.
16:27 <dasmoover> ywah i did all that
16:28 <geekmstr> data.tar.gz erases itself. RUNME.done disables the script.
16:28 <dasmoover> so when its done writing it should boot to diags/
16:29 <geekmstr> It runs ONESHOT mode so a bug does not brick the kindle.
You do NOT need a new data.tar.gz each time -- only if the payload in
/var/local gets deleted (factory restore).
16:30 <geekmstr> The kindle rebuilds /var/local if you dd /dev/zero to
/dev/mmcblk0p3
16:30 <dasmoover> yah i'm wrrwring p1
16:30 <geekmstr> you have ENABLE_DIAGS so it should boot to diags.
16:31 <geekmstr> You may have problems if your battery is too low...
16:31 <dasmoover> its plugged i tho
16:32 <dasmoover> its jut doing the tree stuff
16:32 <geekmstr> It takes a long time to write a 350MB image. If battery low
it will reboot before it completes.
16:32 <geekmstr> Others reported success only after a full recharge in
fastboot mode.
16:34 <geekmstr> You can run the factory_restore script. If you kill
mmcblk0p3 it will rebuild on reboot. If you kill mmcblk0p4 it will
rebuild on reboot. At least that is what the startup scripts say.
16:35 <geekmstr> If it cannot mount p3 or p4 it formats them and copies files
there from /opt
16:38 <geekmstr> It sits at the tree while copying p1.
16:39 <geekmstr> You can use eips to display text on the kindle tree screen.
See my sample RUNME.sh on the first post.
16:39 <geekmstr> You can display progress messages on eink while it runs.
16:40 <geekmstr> But during the dd you can only wait.
16:41 <geekmstr> It can take like 15 minutes or something to copy. Low battery
is a big problem. Not charging during payload. Only draining the
battery (and faster while writing flash).
16:41 <geekmstr> If no luck, charge overnight, and read the thread while it charges...
16:42 <geekmstr> Adding usbnet from the link I posted above allows SSH
from diags and interactive exporation and repair.
17:26 <dasmoover> it is just frozen still
17:26 <dasmoover> unplugged it from computer
17:26 <dasmoover> led died
17:26 <dasmoover> then plugged it into wall
17:26 <dasmoover> waiting now
17:26 <dasmoover> guessing it ran, died
17:27 <dasmoover> so waiting on full charge
17:27 <dasmoover> can get to diags no problem
18:04 <dasmoover> i have all p*
18:30 <dasmoover> all the image blocks
18:31 <dasmoover> anyways i want to use fastboot...
18:31 <geekmstr> You could have mounted it and deleted that tun.ko file and
fixed any script that started it...
18:33 <dasmoover> i f---ed with /lib
18:51 <geekmstr> I had to install libusb-1.0 with apt-get (needed for compile).
18:52 <geekmstr> So you really only need the binary, but I will send all...
18:53 <dasmoover> installed libusb-1.0
18:54 <geekmstr> need to run fastboot with "sudo ./fastboot" or it runs but
only partly works. Usb writing needs sudo...
18:54 <dasmoover> rgr
19:01 <dasmoover> so what command to compile
19:01 <geekmstr> make
19:01 <geekmstr> or make -j5 on a quadcore...
19:02 <dasmoover> gcc -ofastboot fastboot.o protocol.o engine.o
usb_linux.o&&strip fastboot&&upx fastboot>/dev/null
19:02 <dasmoover> /bin/sh: upx: not found
19:02 <dasmoover> make: *** [fastboot] Error 127
19:02 <dasmoover> mb, g
19:02 <dasmoover> nvm fixed
19:02 <geekmstr> I compress my exes with upx. either install upx, or remove
that step from makefile
19:02 <dasmoover> yay it works
19:02 <dasmoover> plugging in kindle now
19:02 <dasmoover> err
19:02 <dasmoover> booting fastboot mode
19:03 <dasmoover> then unplugging and jacking into my linux machine
19:03 <geekmstr> sudo ./fastboot getvar bootmode
19:03 <dasmoover> do i set it via mfg or this tool
19:03 <geekmstr> you can read or write all idme vars with fastboot
19:03 <geekmstr> to get to fastboot mode, need mfgtool.
19:03 <dasmoover> okay
19:03 <dasmoover> brb setting it in
19:04 <geekmstr> In fastboot mode, fastboot tool will see it.
19:04 <geekmstr> usb in, power press, led off, home press, power release.
19:04 <dasmoover> okay sent to fastboot
19:04 <dasmoover> can i unplugand plug into linux now
19:05 <dasmoover> i got fastboot woking
19:05 <geekmstr> try sudo ./fastboot getvar bootmode
19:06 <dasmoover> its running down a bunch of stuff
19:06 <geekmstr> It is normal for "check main" or whatever to fail. The flash
CRC is set at first flash, but mounting a partition from mmc changes
it to not match flash header crc.
19:06 <dasmoover> so now what
19:10 <dasmoover> thats all the command sees
19:10 <geekmstr> But vid/pid is for a different usb device
19:10 <dasmoover> ill unplug em ll
19:10 <dasmoover> ill unplug em all
19:10 <geekmstr> leave kindle plugged in. Put it in USB HID mode. Tell
MfgTool to use fastboot profile. Click start.
19:10 <dasmoover> thats what i did
19:10 <geekmstr> Other devices do not matter.
19:10 <dasmoover> then i unplugged it and put it on my linux box
19:10 <dasmoover> now we are here
19:11 <geekmstr> Did you do sudo?
19:11 <dasmoover> trying to use fastboot
19:11 <dasmoover> yes..
19:11 <geekmstr> It cannot send commands unless root.
19:11 <geekmstr> It must see vendor 0x1949,product 0xd0d0
19:12 <geekmstr> dev(vendor:0x1949,product:0xd0d0,...
19:13 <dasmoover> it still shows same values when kindle is not plugged in
19:13 <geekmstr> The kindle SHOULD go into fastboot mode if you tool can
write usb (needs to be root for usb write access)
19:13 <dasmoover> just sent into fastboot via mfg..
19:14 <dasmoover> unplugging and putting onto linux box now
19:14 <geekmstr> 0x1948 belongs to lab126.
19:14 <dasmoover> LED died on unplug
19:14 <geekmstr> Do not unplug.
19:14 <dasmoover> dude i have to
19:14 <dasmoover> in order to put my windows machine
19:14 <dasmoover> with mfg
19:14 <dasmoover> tolinux box
19:15 <dasmoover> with fastboot
19:15 <dasmoover> how2set fastboot mode in linux then
19:16 <geekmstr> Yifanlu said that the "install fastboot bundle" item in diags
sets fastboot mode. Did not try that myself...
19:16 <dasmoover> ill try to do that
19:16 <geekmstr> mfgtool boot diags. fastboot bundle while plugged into linux
and fastboot running.
19:23 <dasmoover> got it in fastboot mode
19:24 <geekmstr> try sudo ./fastboot getvar bootmode
19:25 <dasmoover> dev(vendor:0x1949,product:0xd0d0,class:0,subclass:0,
protocol:0),writable:1,ifc(class:255,subclass:66,protocol:3),
has_bulk(in:1,out:1),serial_number:0061XXXXXXXXXXXX
19:25 <dasmoover> bootmode: fastboot
19:25 <dasmoover> dev(vendor:0x1949,product:0xd0d0,class:0,subclass:0,
protocol:0),writable:1,ifc(class:255,subclass:66,protocol:3),
has_bulk(in:1,out:1),serial_number:0061XXXXXXXXXXXX
19:26 <dasmoover> finished. total time: 0.001s
19:26 <dasmoover> bootmode: fastboot
19:26 <dasmoover> finished. total time: 0.001s
19:26 <dasmoover> sudo ./fastboot flash system mmcblk0p1.img
19:26 <dasmoover> right
19:26 <geekmstr> that looks good.
19:26 <geekmstr> flash should take many minutes
19:26 <dasmoover> downloading 'system'...
19:26 <dasmoover> OKAY [ 3.764s]
19:26 <dasmoover> writing 'system'...
19:26 <geekmstr> a user on mobileread said it completes in 4 seconds.
Too fast...
19:26 <dasmoover> writing 'system'...
19:26 <dasmoover> OKAY [ 8.991s]
19:26 <dasmoover> finished. total time: 12.756s
19:26 <dasmoover> uhhh
19:27 <geekmstr> It took many minutes on my k4nt...
19:27 <dasmoover> should i erase then put back on? or test first
19:27 <geekmstr> maybe the touch has a fastboot bug?
19:27 <geekmstr> NO do not erase.
19:27 <geekmstr> Flash memory does not need that.
19:27 <geekmstr> that will make it worse.
19:28 <dasmoover> okay
19:28 <dasmoover> guess a reboot
19:28 <geekmstr> You could still to dd to write it from a RUNME.sh instead
of fastboot.
19:28 <dasmoover> or another flash
19:28 <geekmstr> apparently touch fastboot does not flash good, with false
success report.
19:28 <geekmstr> It cannot be that fast.
19:29 <geekmstr> USB is not that fast.
19:29 <geekmstr> I think it is a bug
19:29 <geekmstr> do this:
19:29 <geekmstr> sudo ./fastboot setvar bootmode diags
19:30 <geekmstr> that will boot to diags next time you boot. If not, boot there
with MfgTool.
19:30 <dasmoover> okay how2reboot
19:31 <geekmstr> hold power button 20 seconds.
19:31 <geekmstr> the fastboot reboot command does not work.
19:31 <geekmstr> You can repair it with RUNME.sh. fastboot is buggy on
the touch...
19:32 <dasmoover> ive tried runme.sh
19:32 <dasmoover> it has not worked for me writing the .img
19:32 <geekmstr> You booted main that time...
19:32 <dasmoover> okay will retry
19:32 <dasmoover> have usb up
19:33 <geekmstr> boot diags, export usb, add ENABLE_DIAGS and remove
RUNME.done. reboot. payload will run in diags this time...
19:33 <dasmoover> do i need to redrop data.tar.gz no right?
19:33 <geekmstr> You did not have ENABLE_DIAGS last time. It ran in main...
19:33 <geekmstr> No tar file needed. already dropped expoit that runs
RUNME.sh...
19:34 <dasmoover> okay
19:34 <dasmoover> hard reboot?
19:34 <geekmstr> yes.
19:34 <geekmstr> I think I should change my payload to detect main, set
bootmode=diags, and reboot...
19:34 <geekmstr> and only call RUNME.sh when in diags boot.
19:35 <geekmstr> writing to the partition you booted from will corrupt it...
19:35 <dasmoover> okay hard rebooting wall plugged in
19:32 <dasmoover> fixed :)
20:32 <dasmoover> thank you very much
As this and other posts show, it is not a good idea to erase or flash partitions with fastboot for touch yet, even though it worked well for my k4nt. But you can flash partitions with the "dd" command just fine. Be sure to boot diags to flash main from RUNME.sh, and boot main to flash diags from RUNME.sh. It is not good to change a partition that contains open files because you booted from it. Also be sure to have ENABLE_DIAGS set accordingly, because you need to reboot to run the RUNME.sh. It has been reported in various threads that RUNME.sh does not reliably run during a hard reset (long power button hold) so be sure to reboot using a menu item. Good luck, and good learning! This is not easy (yet). I want a GUI that lets you choose what steps you want to do, and which makes a custom RUNME.sh for you. I want a GUI that runs fastboot for you, and avoids all the command-line stuff, and runs in Windows and Linux and Mac. Now, who is going to write that for me...  EDIT: It seems that ixtab wrote that "GUI" for me (Kubrick)!  P.S. I want to thank yifanlu who helped me learn this stuff by guiding me through an IRC recovery session similar to the one shown above, but which was spread over a period of about one week, interrupted by studying manuals and code, which helped me debrick my k4nt, when we were first learning about what USB Downloader mode was and how we could use it. I also want to thank all the others who provided feedback and useful pointers that contributed to my learning as much as I have (so far) about this stuff. Thanks guys (and ladies)! Downloads: See the "simple debricking" sticky. 
Last edited by geekmaster; 03-12-2016 at 06:20 PM. |
|
|
|
|
02-27-2012, 01:25 AM
|
#88 | |
|
Junior Member
Posts: 5
Karma: 10
Join Date: Feb 2012
Device: Kindle Touch
|
Quote:
Actually, that's exactly the problem I've met: MfgTool starting to download u-boot to the Kindle but never finishing, the issues is, the MfgTool shows it downloaded successfully, but the start/stop button is still in red, which is not a normal finish I assume. And also, I tried to charge the battery by a wall charger, however, the orange light will on, and last for 3~4 hours, it will go dim(no lights any more), I've done that like three to four times. I think the charging didn't work out, right? Another quick question is, is there any download link for the whole Kindle Touch binary image in case my FLASH(or partition) is corrupted? Thank you so so so much for your help. |
|
|
|
|
|
02-27-2012, 05:42 AM
|
#89 | |
|
Carpe diem, c'est la vie.
Posts: 6,433
Karma: 10773668
Join Date: Nov 2011
Location: Multiverse 6627A
Device: K1 to PW3
|
Quote:
When I bricked my old K4NT I did not know how to charge it and nothing seemed to work enough. Charging overnight got me only about 20 to 30 minutes in which I could load u-boot with MfgTool, then it would not work again. I would have to charge it with a wall charger overnight before it would work with MfgTool again. I ended up charging the old K4NT battery using the new K4NT without removing either battery (they are glued in with a very secure glue). I was able to position the two kindles back to back and get the battery cable connected between them using needle-nosed pliers, after folding the cable back at a 45-degree angle. I later discovered that I could get a full charge in fastboot mode so this risky procedure would not have been necessary. Conclusion: charge enough to get into fastboot mode, then fully charge it in fastboot mode. You can monitor the charging process with a serial port connection. As mentioned before, the LED is software-controlled and cannot be trusted on a bricked kindle. Regarding the complete touch backup image, I have used "dd" to copy the first 32MB of mmcblk0p1 (which contains the linux kernels for man and diags), but it has long stretches of 0x00 in it. According to yifanlu, it appears that parts of this memory are "write-only" to user-land processes such as the dd command I used. It was reported that the idme command we use to read and write idme vars (serial, pcbsn, mac, mfg, accel, bootmode, postmode) writes directly to those locations, but reads a /proc (kernel driver interface) to get those values from a kernel-mode process that reads them. That means that some areas of our mmc are not readable by "dd", so a full backup would not contain all the data (all those 0x00 in my backup?). But it looks like we may be able to WRITE an image though, which could possibly write bad data onto good data in those protected areas if we use dd to write an image that was created with dd. What we really need is a kernel-mode process to read and write mmc (similar to idme, but which can give us a full backup of protected areas of mmc and not just the idme vars). A tool such as this may be considered a security risk by amazon (a hack tool) because those areas were not protected by accident and may contain information that would help people do bad things (like decrypt protected books purchased from amazon). We want this tool for good, and people already know how to do the bad things without this, so I hope amazon would not give us trouble for creating or using such a tool. I think we can get a full backup of all of the mmc contents now (including protected areas) by exporting it over the serial port. There were early reports of this being done on the forums during the early analysis of the Touch, when a jailbreak method was being researched. We can normally flash (write) to mmc using tools such as MfgTool or fastboot. Unfortunately, there appears to be a fastboot bug in the touch, where flashing other partitions writes onto mmcblk0 instead of where it belongs, and terminates early with a false "success" report. That means that my touch mmcblk0p1 may be corrupted now, and the serial port verifies that when I try to boot main or diags, when I get a "linux kernel not found" error message in the serial port status messages. So what I need to explore this further is a copy of mmcblk0 (at least the first 32MB) from somebody who exported it from a good kindle touch using the serial port. I want to fix fastboot so that it works correctly. In the mean time, USB Downloader mode has most of the same functionality as fastboot, so perhaps we can flash the touch partitions using MfgTool (with different profiles) instead of fastboot. We can use fastboot after it gets repaired. Last edited by geekmaster; 02-27-2012 at 06:17 AM. |
|
|
|
|
|
02-27-2012, 06:32 AM
|
#90 |
|
Junior Member
Posts: 5
Karma: 10
Join Date: Feb 2012
Device: Kindle Touch
|
Another quick question, since I don't have the serial cable available, how I can know the Kindle Touch has succesfully booted into fastboot mode?
Thanks. |
|
|
|
 |
| Tags |
| debricking, kindle mx50 select boot |
«
Previous Thread
|
Next Thread
»
| Thread Tools | Search this Thread |
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Bricked Kindle Touch; Won't boot into diags/fastboot | kerotan | Kindle Developer's Corner | 3 | 05-19-2012 10:58 AM |
| Kindle Touch does not boot | marmomr | Kindle Developer's Corner | 38 | 05-16-2012 01:19 PM |
| Kindle Touch select text, copy paste? | Zimmy | Amazon Kindle | 3 | 02-18-2012 08:45 AM |
| Kindle Touch Won't Boot | teekay | Kindle Developer's Corner | 3 | 12-10-2011 12:51 AM |
| Opus cannot boot, stuck on boot screen | baloma | Bookeen | 35 | 11-13-2010 04:20 AM |
All times are GMT -4. The time now is 08:36 AM.