3 Oct
2012
3 Oct
'12
12:14 a.m.
Maciej Grela писал 02.10.2012 02:00:
Assuming you know C, consider this code:
https://github.com/grindars/android_hardware_samsung_freeril/blob/jellybean…
The boot process is IROM->PSI->EBL->SecureImage. Authenticity of PSI is
not checked.
He has verified this by changing the magic constant 0xDEADDEAD and
booting PSI.
Speaking about 0xDEADDEAD, it's a command ID which makes the PSI make a
complete
RAM dump. So, then he has sent the modified command and successfully
obtained a
dump.
The rest should be obvious from the source.
--
WBR, Peter Zotov.
My
colleague/friend Sergey Gridassov[1] has been developing a
replacement
RIL[2]
for SGS2 and found everything of the above. He probably won't be
posting to
this list because he's not a native English speaker, but if there is
enough
interest (and it seems that there is), I could prepare and post the
relevant
instructions. It's pretty trivial actually.
Please do publish them. This is pretty cool.
Regards,
Maciej Grela
4656
days inactive
4656
days old
baseband-devel@lists.osmocom.org
0 comments
1 participants
participants (1)
-
Peter Zotov