If I replace my logic board after water damage, can I clone my existing serial?

[coplate]

Sure, I'll hold off. No hurry either, thanks for any time you do have though.

[coplate]

@knc1

Hey, I found this post from you

https://www.mobileread.com/forums/sh...d.php?t=262358

Does that step 12 and 13 look like the steps to do a full backup you were looking for, or were you looking for something to break that apart even further.


Edit: just your first tho85ght on wether that gives enough to run your mapping script on, or if it needs to be run on the actual device?


I'm aware that I dont see any sort of restore process I there, but I can be patient, I just have a tendency to ask too many questions.

[knc1]

No.*
That only copies part of the USB user storage, as written in step 13.

Please wait before melting down your Kindle, it needs to still run to get the information you might need when you swap out the motherboards.

= = = =

*) That is how to recover the file used to install the initial, production line testing, firmware build. The ones found in step #3 of the current jailbreak.

Note: That method no longer works, Amazon/Lab126 protected themselves from our recovering the file.

Note 2: Scroll down to the second post.
See where the bundle and bundle type is displayed in the output of KindleTool?
The recovered file is a: "FB02 recovery" package - which is why it installs when used in the jailbreak.
The firmware versions: 5.8.8 and 5.8.9 can no longer install a "FB02" type of package.

- - - - -

But thanks for the link, that (and threads it links to) has information I can use this weekend.

We (the developers) have decided not to give Lab126 any more of those detailed descriptions of what we know about their system.

[knc1]

On a PW-3 (5.6.1.1 - typical) you want to save the first 32Mbyte.

Code:

PW3_work $ fdisk -l blk0LeadIn.raw

Disk blk0LeadIn: 33 MB, 33554432 bytes
4 heads, 16 sectors/track, 1024 cylinders, total 65536 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x386d519c

     Device Boot      Start         End      Blocks   Id  System
blk0LeadIn1   *       65536      987135      460800   83  Linux
blk0LeadIn2          987136     1118207       65536   83  Linux
blk0LeadIn3         1118208     1249279       65536   83  Linux
blk0LeadIn4         1249280     7634943     3192832    b  W95 FAT32

There are 65,536 sectors of storage prior to the start of the first partition (0 .. 65,535).
That 32Mbyte contains things like u-boot, main and diag kernels, plus the device specific stuff.

Assuming your USBnetworking (in your Linux VM) is setup the same as given in my ssh tutorials:

Code:

PW3_work $ ssh kpw
#################################################
#  N O T I C E  *  N O T I C E  *  N O T I C E  # 
#################################################
Rootfs is mounted read-only. Invoke mntroot rw to
switch back to a writable rootfs.
#################################################
[root@kindle root]#

Giving you (remote) command line access.
First, you want to know the device names assigned to the flash storage:

Code:

[root@kindle root]# cat /proc/partitions
major minor  #blocks  name

   7        0    3192824 loop0
   7        2        564 loop2
   7        3      73292 loop3
   7        4         36 loop4
   7        5        700 loop5
   7        6      14864 loop6
 179        0    3817472 mmcblk0
 179        1     460800 mmcblk0p1
 179        2      65536 mmcblk0p2
 179        3      65536 mmcblk0p3
 179        4    3192832 mmcblk0p4
 179       16       4096 mmcblk0boot1
 179        8       4096 mmcblk0boot0

Where mmcblk0 is the entire eMMC device. The other, more detailed entries, are the logical partitions (where the file systems live).

Visible USB storage (visible when not running USB networking) is at: /mnt/us
The eMMC device uses an erase block size of 4096 bytes.
So to write the first 32Mbyte to a file at the top of visible USB storage:

Code:

dd if=/dev/mmcblk0 of=/mnt/us/blk0LeadIn.raw bs=4096 count=8192

That binary file contains everything that is not accounted for by the partitioned areas.

= = = =

I will continue to work up a script that breaks out all of the parts of that 32Mbyte file, because you don't want to write the entire thing to a replacement motherboard, just specific parts of it.

= = = =

There is also a utility included with the Kindles: idme

Code:

[root@kindle root]# idme
usage: idme <ARGUMENTS>
    --serial S    Sets the serial number S
    --board B     Sets the board id B
    --pcbsn PCB   Sets the pcb serial number PCB
    --mac M       Sets the MAC address M 
    --mfg ID      Sets the Manufacturer Code
    --bootmode BM Sets the bootmode value
    --postmode PM Sets the postmode value
    -s            Shows all existing values

Just using that to display all of the current settings:

Code:

[root@kindle root]# idme -s
serial: G090G1XXXXXXXXXX
accel: 
mac: 74YYYYYYYYYY
mfg: WSXXXXXXXXXXXXXXXX
pcbsn: 09999999999999999
config: 
bootmode: main
postmode: normal

I used fillers for the actual numbers of my device, but that should be obvious.

Then, on the replacement motherboard, you can use the idme utility to set its values to those of your old board.

(But that 32Mbyte backup file may have some uses, go ahead and make it.)

[coplate]

I've got that 32MB block copied off, and I would love to understand what's in it.

I see a small section at 0x040402.


Then another section at 0x041000

Then another section at 0xe41000

Those two look like the boot images, there was also a variety of other things, but I don't know what they are.

[knc1]

Quote:

Originally Posted by coplate

I've got that 32MB block copied off, and I would love to understand what's in it.

I see a small section at 0x040402.


Then another section at 0x041000

Then another section at 0xe41000

Those two look like the boot images, there was also a variety of other things, but I don't know what they are.

0x041000 - uImage for main (bootable)
Copy out mmcblk0p1 - you must have the matching main system file image.

0xE41000 - uImage for diags (bootable)
Copy out mmcblk0p2 - you must have the matching diags system file image.

Copy out mmcblk0p3 - that is the private user data area, used by both 'main' and 'diags'.

Skip any copy out of mmcblk0p4 - that is the visible USB storage area (and destination of the copy command I wrote above).
You already linked to my directions on how to get all of that area over the USB cable.

That info is in the serial de-bricking thread, among others.
And those haven't changed in the series 5 firmware devices that I know of.

0x3F000 - Start of device specific data (idme trampoline) - or at least it used to be on the K5 & PW.

Oxthers are unknown (or I just haven't found the posts that describe them).
It takes a lot of groveling through source code to discover the descriptions.
Some are probably support for NFS - which no one has posted any work on (the Kindles will network boot).

[coplate]

Well, I got all of that backed up, so I went and used the hot air station, and I was able to get all the shields off - but, I also broke the touch screen somehow.

I don't know if I melted the connectors a little too much, or I disturbed some solder points, but it doesn't work any more.

I have previously written a tool that will show a cursor on the screen so it's not the worst thing in the world, unless I accedntally get an update and usbnet gets disabled.

I'm going to charge it up, and see if the battery drain is stopped, but it's time for me to buy a new one I guess.

And now I'll have one for parts if I need the screen. I'm confident the touchscreen still works, and I did something to the board.

Maybe I can try to figure out how to drive it from my arduino or just use it for a shopping list etc.

Thanks for all your time.

[knc1]

That is the real tricky part (no pun intended) of board rework -
Not melting all those little nearby parts off, only melting what you intend to melt.

Hang on to those files, you may want something from them someday.

[coplate]

Quote:

Originally Posted by knc1

0x041000 - uImage for main (bootable)
..
..

It takes a lot of groveling through source code to discover the descriptions.

Do you know off the top of your hea what source files these are in, if they are in the gplrelease files provided, or a thread where people have already talked about this?

[knc1]

Quote:

Originally Posted by coplate

Do you know off the top of your hea what source files these are in, if they are in the gplrelease files provided, or a thread where people have already talked about this?

It is in the gplrelease archive.
You want the u-boot and (Linux) kernel source archives out of that archive.

[coplate]

thanks, I hadnt unpacked the uboot, but I didn't find anything promising grepping for 'e41000' in linux files, so I imagine it might be the decimal form or another format of the number.

[knc1]

Quote:

Originally Posted by coplate

thanks, I hadnt unpacked the uboot, but I didn't find anything promising grepping for 'e41000' in linux files, so I imagine it might be the decimal form or another format of the number.

Oh, I didn't realize you where looking for that -
It is in the u-boot declarations, the load address of the 'diags' kernel.
So unpack u-boot sources.

It is not in the kernel sources, because the kernel will run wherever it lands (or at least its header does, that just depends on the arch).

[coplate]

My new motherboard came, it boots up in french on version 5.6.1.

I am happy to report that my touchscreen works with it, I was a little worried I could have fried that somehow when hooking it up to the old motherboard that it no longer worked on.

@knc1, Do you have a recommendation on what I can do to get hte closest to a full wipe /reset of all data?

Would you recommend just flashing factory 5.7.4, or trying to use usb downloader mode once I figure out that switch on the back of the board?

I know that our jailbreak and so on survive normal updates, so I wanted to try to make sure I got rid of everything that may have been on here, just in case ( I'm not really worried about back doors, just doing it for the experience, and maybe i'll learn things )


Edit:

Although, maybe I should just stay on 5.6.1 :-) :-) :-)

Edit 2:

I'll need to go up to 5.8.2 I think for USB OTG support.

Edit 3:

either way, I'm going to set it aside in airplane mode for 3 days to check this new battery I bought.

If this battery drains fast on this motherboard, then I just got a bad battery from ebay too!

[knc1]

The following, very specific, sequence will remove all changes from the user areas and from the 'main' OS (it will not touch 'diags' OS - but only RP ever adds anything there).

1. Press the "Reset (to factory defaults)" menu selection.
2. Install an Amazon update (format) file. These are complete images and they will over-write any changes made to the 'main' OS that the reset didn't get.

The opposite order will not do the job of getting rid of our viral jailbreak.

Yes, that is posted about a zillion times in this forum, ever since 5.1.2 on the KT, IIRC.

Note:
Compare that ordered list of two steps with the jailbreak instructions.
Yes, they are the same.
No, it isn't an accident that they are the same.