10-16-2012, 10:28 AM | #691 |
Carpe diem, c'est la vie.
Posts: 6,433
Karma: 10773668
Join Date: Nov 2011
Location: Multiverse 6627A
Device: K1 to PW3
|
For my K4 custom u-boot, I added a like that inserted my hard-coded (string constant) values immediately after reading the value from mmc. There is a function for reading mmc.
It was able to boot up that way, even though it did not write to mmc. The K4 needs to know the serial number AND pcbsn to decide how to init DRAM. |
10-16-2012, 10:37 AM | #692 | |
Member
Posts: 15
Karma: 19998
Join Date: Oct 2012
Device: Kindle touch KT
|
Quote:
|
|
10-16-2012, 10:40 AM | #693 | |
Going Viral
Posts: 17,212
Karma: 18210809
Join Date: Feb 2012
Location: Central Texas
Device: No K1, PW2, KV, KOA
|
Quote:
|
|
10-16-2012, 11:10 AM | #694 |
Carpe diem, c'est la vie.
Posts: 6,433
Karma: 10773668
Join Date: Nov 2011
Location: Multiverse 6627A
Device: K1 to PW3
|
The serial output shows that u-boot reported "Invalid board id! Can't determine system type for RAM init.. bailing!", which is what I got on my K4. It reports that message when deciding how to init DRAM, based on the pcbsn idme var. Right after the code reads that var (using idme_find_var?) I changed the return value to my original pcbsn. I also did that for the other known idme vars. Then it booted, and I used "idme -d" from SSH to write those to mmc.
But I was able to use MfgTool to run my custom u-boot. EDIT: If you cannot build your own, it may be possible to patch my u-boot binary, replacing my idme vars with your own. Last edited by geekmaster; 10-16-2012 at 11:13 AM. |
10-16-2012, 11:26 AM | #695 | |
Carpe diem, c'est la vie.
Posts: 6,433
Karma: 10773668
Join Date: Nov 2011
Location: Multiverse 6627A
Device: K1 to PW3
|
Quote:
EDIT: In the diags Settings menu, the pcbsn idme var is called "PCBA ID". The only idme vars I need to patch are serial and pcbsn. EDIT2: I just tested this. It boots to whatever mode the bootmode idme var and/or ENABLE_DIAGS file selected, just like a normal bootup. WARNING: It actually wrote the idme vars. My demo kindle serial and pcbsn changed to the forced values from my other kindle. I have a backup though, so I will change them back... Last edited by geekmaster; 10-16-2012 at 12:31 PM. |
|
10-16-2012, 12:46 PM | #696 |
Carpe diem, c'est la vie.
Posts: 6,433
Karma: 10773668
Join Date: Nov 2011
Location: Multiverse 6627A
Device: K1 to PW3
|
I just patched the serial and pcbsn in my custom u-boot binary, replacing some of my hex characters with ascii zeroes. It does not boot. They must contain a check-digit or something. And of course it WROTE the idme vars, so it is bricked until I patch some real values in my u-boot and let if write those to mmc...
Fun, huh? Anyway, it works right when you patch in REAL serial and pcbsn (even if from a different kindle). |
10-16-2012, 12:51 PM | #697 |
Going Viral
Posts: 17,212
Karma: 18210809
Join Date: Feb 2012
Location: Central Texas
Device: No K1, PW2, KV, KOA
|
Does the u-boot have access to its environment before it initializes ddr ram?
If so, put the desired values in the environment and pull them from there. Then people would not have to re-build the u-boot binary, just hex-edit the saved environment strings (hmm... we could probably even script that number edit). |
10-16-2012, 01:02 PM | #698 | |
(offline)
Posts: 2,907
Karma: 6736094
Join Date: Dec 2011
Device: K3, K4, K5, KPW, KPW2
|
Quote:
|
|
10-16-2012, 01:08 PM | #699 | |
Carpe diem, c'est la vie.
Posts: 6,433
Karma: 10773668
Join Date: Nov 2011
Location: Multiverse 6627A
Device: K1 to PW3
|
Quote:
It only needs serial and pcbsn to boot. It "permanently" changed those values on my demo K4 (which I used to test it because that u-boot has K4 values in it). Now I have a pair of K4s with the same serial and pcbsn. I should change it back before they "phone home". @knc1: The u-boot running on the kindle does not have access to environment variables on the host PC, where MfgTool was running when it pushed the hacked u-boot to the kindle. I was planning to try appending a text config file to the u-boot image file though (and adjusting the flash header length to compensate, so it all gets sent over USB). I hope the CRC check does not use the flash header length... Last edited by geekmaster; 10-16-2012 at 01:12 PM. |
|
10-16-2012, 02:46 PM | #700 | |
Going Viral
Posts: 17,212
Karma: 18210809
Join Date: Feb 2012
Location: Central Texas
Device: No K1, PW2, KV, KOA
|
Quote:
The **U-Boot Environment Variables** in the **U-Boot** build! As in: Code:
#define CONFIG_EXTRA_ENV_SETTINGS \ CFG_BOOTFILE \ CFG_ROOTPATH \ "netdev=eth0\0" \ "nfsargs=setenv bootargs root=/dev/nfs rw " \ "nfsroot=${serverip}:${rootpath}\0" \ "ramargs=setenv bootargs root=/dev/ram rw\0" \ "addip=setenv bootargs ${bootargs} " \ "ip=${ipaddr}:${serverip}:${gatewayip}:${netmask}" \ ":${hostname}:${netdev}:off panic=1\0" \ "addtty=setenv bootargs ${bootargs} console=ttyS0,${baudrate}\0"\ "flash_nfs=run nfsargs addip addtty;" \ "bootm ${kernel_addr}\0" \ "flash_self=run ramargs addip addtty;" \ "bootm ${kernel_addr} ${ramdisk_addr}\0" \ "net_nfs=tftp 200000 ${bootfile};run nfsargs addip addtty;" \ "bootm\0" \ - - - - Which is how they get away with bspatching the u-boot and uImage files and still be able to load them. If you use the various mkimage tools, you will find that the patched images fail the checksum tests but load and run anyway. |
|
10-16-2012, 03:32 PM | #701 | |
but forgot what it's like
Posts: 741
Karma: 2345678
Join Date: Dec 2011
Location: north (by northwest)
Device: Kindle Touch
|
Quote:
Recent versions of kernel can access eMMC boot parition, but this functionality isn't present in KT's kernel/modules. |
|
10-17-2012, 01:29 PM | #702 | |
Junior Member
Posts: 8
Karma: 5516
Join Date: Oct 2012
Device: Kindle Keyboard 3G, Kindle ($69 Black)
|
Quote:
Since it took me hours to find, here's a bit more information should someone find themselves in the same situation. Model: Kindle 4.1 Problem: Repair Needed screen comes up after restart screen stops halfway on the progress bar. No USB drive detected. Bricked Reason: Main kernel not corrupted, just entered wrong framework start path Solution: https://www.mobileread.com/forums/sho...sh#post1979349 (geekmaster's) MfgTool.exe+data.tar.gz+RUNME.sh Lesson: Never try to hack your Kindle when you're sleepy and don't give up!! |
|
10-17-2012, 09:38 PM | #703 |
( ͡° ͜ʖ ͡°){ʇlnɐɟ ƃǝs}Týr
Posts: 6,586
Karma: 6299991
Join Date: Jun 2012
Location: uti gratia usura (Yao ying da ying; Mo ying da yieng)
Device: PW-WIFI|K5-3G+WIFI| K4|K3-3G|DXG|K2| Rooted Nook Touch
|
Hacking tired Kills (kindles)! Take A Break!
|
10-18-2012, 07:55 AM | #704 |
total noob
Posts: 2
Karma: 10
Join Date: Sep 2012
Device: Kindle Touch
|
Totally locked out.
Hello World,
I am, as of last week, the proud owner of a brick. My delightfully bricked brick sometimes also goes by the name of KT: 5.1.2. Also included in my enviable Brick Technology are the following modifications:
Some time ago I bricked up my kindle--black screen of death--which I was able to correct with MFG tool, flashing diags +ssh, and reinstalling main partition (re: simple debricking thread). then, after I got it unbricked, and Sometime during the modifications listed above, I no longer had access to 3G At work the other day, I very much wanted to look some stuff up on Wikipedia, so, stupidly and without thinking, I did a 'reset device' to see if maybe that would get me 3G. har har har, of course this did not help anything at all. The kindle was acting flakey after that, claiming I did not have the developer flag anymore, though I did according to the settings > device info. I figured it would be easier to start over on the whole shebang from scratch, then to try and diagnose what had blown the thing's mind so drastically, as it seemed to be totally knackered. (by totally knackered, I just mean that it was starting to chug, seeming generally flaky) I tried to enable USBnetworking, but it no longer worked on the main system, so I booted into diags, but it no longer worked there. I had intended on reinstalling the main partition from a back up, but, ho-hum, diags froze up. I couldn't hard reset, I couldn't SSH, I couldn't do jack. It stayed frozen in diags until the charge battery screen came on. I am assuming that the diags log was deleted in the system reset, so that might be *part* of what caused the flakiness, but it is now at a point where I am truly 100% bricked out, or so it seems. I have since scoured the forums for some kind of insight, but what I've seen is "charge it in the wall" and "charge it in fastboot mode" First I tried keeping it plugged into the wall for a good 9 hours. The orange light came on when it was plugged in, and then it would go off after about an hour of charging. I kept it plugged in. After that, I attempted to reboot it into its regular boot mode via MFG, but it failed, (I don't remember the error). Then I tried to boot it into fastboot, with the intention of trying to charge it in fastboot, but MFG tool, however, errored out (again, I don't remember what the error was that caused it to fail) and failed to get anywhere. BTW, seems obvious, but worth note, when I plug it into my computer, it does not show up at all as a removable device. the computer just acts like it doesn't exist. I will run it through those steps again when I get a moment and post the errors that MFG tool spews at me when I try to use it. Those are really all that I have to go on unless I try to get at the serial port, but even then, I don't know what that would accomplish without any power. I am at a loss. I don't know how to even begin to diagnose this thing if I cant even get it to a point where it will hold a charge enough to provide any sort of means to get in. I really would like to own a functioning kindle. really, like, a lot. Traditionally I like to maintain my status as a lurker until I have something to contribute to a community, and I like to be fairly self-sufficient until I get a feel for things, but at this rate I've been trying for days and am about ready to give up. figured it was time to throw in the towel and just ask. Noob here. Any thoughts or advice? I'm out of ideas. Last edited by Speaker_unclear; 10-18-2012 at 07:59 AM. |
10-18-2012, 08:24 AM | #705 |
Going Viral
Posts: 17,212
Karma: 18210809
Join Date: Feb 2012
Location: Central Texas
Device: No K1, PW2, KV, KOA
|
Step one: Re-charge the battery.
Yes: I can see in your post that you have already read about that, but now your situation may well be different. Either (or both) of two things has happened: The battery has been over-discharged enough that it can no longer hold enough charge, OR The battery has been discharged to the point that the internal battery management can no longer re-charge it. Remove battery from Kindle, recharge it with an "Amazon Approved" re-charger. That is the "official" company line. For DIY situation - you can use any general purpose Li-Ion charger, OR You can "fake it" - Use a constant current, voltage limited, charging source; Recharge at 30% of the listed (on the battery) one-hour rate for two hours. Do not exceed a terminal voltage of 4.2 volts under charge; Do not let the temperature of the battery raise enough to damage it. That **might** (if not suffering from lack of charge holding capacity) get the battery back to a condition where you can get the Kindle into the "fastboot" re-charge mode. |
Tags |
debricking |
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Which one Nook simple touch or Kobo mini? | capuchino71 | Which one should I buy? | 18 | 07-12-2013 05:09 PM |
Sell Kindle Keyboard 3G, Nook Simple Touch | austinmitchell | Flea Market | 5 | 03-01-2013 11:34 AM |
I have some questions about K4 touch debricking | drjonvargas | Kindle Developer's Corner | 4 | 04-22-2012 03:46 PM |
kindle touch simple debricking for help | non_fox | Amazon Kindle | 4 | 04-18-2012 08:32 PM |
Troubleshooting simple kindle touch (and k4nt) debricking method | geekmaster | Amazon Kindle | 0 | 03-02-2012 10:31 PM |