Project

General

Profile

Actions

Issue #2076

open

Investigate I9300 eMMC toolbox

Added by Denis 'GNUtoo' Carikli over 4 years ago. Updated over 4 years ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
-
Target version:
-
Start date:
07/12/2020
Due date:
% Done:

0%

Estimated time:
Resolution:
Device:
Galaxy Note 8.0 (N51xx)
Grant:
Type of work:
Actions #1

Updated by Denis 'GNUtoo' Carikli over 4 years ago

  • Device Galaxy Note 8.0 (N51xx) added
  • Device deleted (Unknown)
Actions #2

Updated by Denis 'GNUtoo' Carikli over 4 years ago

  • Subject changed from Find a way to do a full backup of the GT-N5100 to Find a way to do a full backup of midas and/or GT-N5100
  • Target version deleted (Replicant 6.0 0004 RC2)
Actions #3

Updated by Denis 'GNUtoo' Carikli over 4 years ago

  • Subject changed from Find a way to do a full backup of midas and/or GT-N5100 to Investigate I9300 eMMC toolbox
Actions #4

Updated by Denis 'GNUtoo' Carikli over 4 years ago

The I9300 eMMC toolbox can run code in s-boot 4.0.
It works at least on the following devices:
  • GT-I9300
  • GT-N5100

It probably also works on the GT-I9305, GT-N7100, GT-N7105,

This could be used to do the following:
  • As s-boot 4.0 on the Exynos 4412 is Incompatible with Linux it could be used to enable to work on upstream Linux without relying on some nonfree u-boot versions or some Linux patches.
  • It would also enable to easily do complete backups of the stock OS (the stock OS is full of nonfree software, so it would only be used for things like making xgoldmon work in Replicant)
I've uploaded the code in contrib/GNUtoo/s-boot_usb_exploit and here are my findings:
  • Linux and u-boot's code to clear the armv7 caches is under GPLv2 only while the I9300 eMMC toolbox is under GPLv3
  • Adding Linux (~5M) inside the shellcode makes the shellcode not executed anymore, probably because it's too big
  • There aren't a lot of functions to work with:
    • There is no libc
    • There is no printf but we have a puts equivalent named print
    • The sleep function is not calibrated. To have precise sleeps, you probably need to calibrate it.
  • Adding a loader inside the shellcode works, however:
    • Jumping to linux afterward doesn't work
    • We don't have an u-boot to run in this context yet (#2088)

So unless we somehow manage to get a GPL exception to combine this code with GPLv2-only code from Linux, we'd need to code the cache clear ourselves.

So given the amount of work, it's probably better to work on having u-boot run from the boot.img partition (#2088) and revisit that bug later once that's done if necessary.

edit5: I accidentally deleted the wrong post, so I recreated the content.

Actions

Also available in: Atom PDF