GalaxySIIGTI9100G » History » Revision 74

« Previous | Revision 74/87 (diff) | Next »
Denis 'GNUtoo' Carikli, 04/03/2020 05:44 AM

Galaxy S II (GT-I9100G)

Device Galaxy S II (GT-I9100G)
Manufacturer Samsung
Release date ?
Codename i9100G ?
Status Not supported yet
Variants GSM: GT-I9100G
Latest images None


Long time ago, we had reports that the "Galaxy SII" had an unsigned bootloader, but we didn't manage to confirm to which exact model it applied to, or if people assumed that the bootloader of the GT-I9100 was unsigned because it uses Xloader which is GPLv2. Samsung also published the source code of various Xloader versions they used on the GT-I9100G for different Android versions. However until now we weren't able to confirm that any device were able to run unsigned bootloaders. Though we verified that at least the bootloader of the I9100G_CHN_CHN is signed.


  • Uses the samsung-ipc protocol
  • The modem probably uses MIPI, so it should be isolated
  • 1G of ram => it should be enough for Replicant 6 and 9

Wiki pages

Various IRC logs of research on it.

  • Read the log below and remove what is not relevant
  • Add what is relevant in various pages of the Replicant wiki or Wikidata and point to that if it's in another page that this one (or wikidata).

GT-I9100G bootloader related

(08:47:20 PM) sensiblemn: GNUtoo: i just got a report from a postmarketOS developer saying that booting works with that free software x-loader repo for the i9100G that I found. they had to make a one line commit to get it building, but it boots.
(08:48:24 PM) sensiblemn: so early reports suggest that we found a Galaxy S2 that has a free software bootloader. they said it doesn't even need to be signed with signGP.c.
(10:36:35 PM) hpagseddy[m]: So i have an i9100g and compiled this without any errors in case you guys are interested
(10:49:32 PM) freekurt: thanks for jumping in here hpagseddy. we have been trying for quite some time to find a way to liberate the first stage bootloader on Exynos4 SoC based i9100 and i9300 devices. this is great news that the i9100G seems to have a free software first stage bootloader.
(10:51:08 PM) hpagseddy[m]: Yep, also there is a thing that i9100g is based on TI OMAP

GT-I9100G Linux upstreaming

(11:01:27 PM) hpagseddy[m]: Btw Droid 4 has mainline
(11:02:42 PM) hpagseddy[m]: i9100g uses same display and digitizer with i9100, has a broadcom wifi but sadly a PowerVR GPU
(11:10:48 PM) hpagseddy[m]: Since it uses same display and even same connectors
(11:11:06 PM) hpagseddy[m]: I know it because i am using i9100 display on my i9100g :)
(11:11:17 PM) hpagseddy[m]: Besides capacitive buttons, all functional
(11:11:48 PM) hpagseddy[m]: Even capacitive connector plugged in so if i do some kernel hacks i can get them working too
(11:11:50 PM) freekurt: we really appreciate your willingness to do testing if we decide to proceed with trying to mainline this device, which has yet to be determined.
(11:14:38 PM) freekurt: it seems as though this device would be quite attractive to other pmOS devs as well, now that the freedom of the bootloader appears to have been determined.
(11:15:19 PM) hpagseddy[m]: I hope so, i was the only maintainer over 2 years :)
(11:15:27 PM) hpagseddy[m]: Of this device
(11:15:37 PM) freekurt: :-) thanks for holding down the fort!
(11:15:52 PM) hpagseddy[m]: But if the device gets mainlined, things will definitely change

OMAP4 blaze reference platform related

(07:17:23 PM) sensiblemn: GNUtoo: ah, it seems like some OMAP devices are GP and others are HS, so the question is whether we can find smartphones and tablets that are GP. Looks like the Blaze Tablet released by TI is GP. [...]
(07:22:26 PM) sensiblemn: also this very odd looking OMAP Blaze cell phone seems to be GP rather than HS.
(07:23:30 PM) sensiblemn:
(07:24:04 PM) sensiblemn:

TODO: add the blaze, zoom1 (omap3), zoom2 to the reviewd devices and to wikidata

Android requirements

(10:58:08 PM) freekurt: 512 MB of RAM seems rough for AOSP 10, especially when we are trying to get it to work with 2D acceleration. 1GB should be much better.
=> TODO: check Android 10 requirements and add them to the wiki

Service mode (of the I9100G ?)

hpagseddy[m]: its ok i found the code
hpagseddy[m]: So i am at the main menu
hpagseddy[m]: So the fullname is like SP6260_T1_01.1300
sensiblemn: are you seeing that in service mode?
(12:47:36 AM) hpagseddy[m]: no
(12:47:52 AM) hpagseddy[m]: i just saw SP6260_T1_01.1300
(12:48:22 AM) hpagseddy[m]: since the numbers match and XMM6260 used in S2
(12:48:31 AM) hpagseddy[m]: i made a conclusion like this
(12:51:03 AM) forkbomb: i'm pretty sure it would be XMM6260 or XMM6262, same as i9300
(12:51:21 AM) sensiblemn: oh, that sounds convenient!
(12:51:50 AM) hpagseddy[m]: Perfect

(12:56:01 AM) forkbomb: hpagseddy[m]: ah, the i9100G is different i think
(12:56:06 AM) forkbomb: it's OMAP based
(12:56:10 AM) hpagseddy[m]: other one was for the development board??
(12:56:15 AM) hpagseddy[m]: Yes it is
(12:56:23 AM) hpagseddy[m]: TI OMAP4430, same as Droid 4
(12:56:58 AM) sensiblemn: actually, this looks like the correct defconfig for it, still says xmm6260
(12:57:38 AM) hpagseddy[m]: i think so
(12:57:48 AM) hpagseddy[m]: if it has t1 then it is i9100g
(12:58:17 AM) sensiblemn: dang, i messed that last link up. this is it. final answer.
(12:59:50 AM) hpagseddy[m]: the other one is most likely development board or prototype configs

h3. I9300T

(12:51:55 AM) forkbomb: the i9300T is just a Telstra branded i9300 afaik
(12:52:49 AM) hpagseddy[m]: <freekurt "yeah, that might be it. https://"> i9300T has the same SP6260 naming as i9100g as this shows
(12:53:10 AM) sensiblemn: you're correct
(12:54:16 AM) sensiblemn: also, not sure if this is the correct defconfig, but this kernel from samsung suggests it is xmm6260 also
(12:55:09 AM) hpagseddy[m]: t1, thats correct
(12:55:18 AM) hpagseddy[m]: but the defconfig isnt
(12:55:48 AM) hpagseddy[m]:
(12:55:52 AM) hpagseddy[m]: this is for the device

h3. TODO: Notify forkbomb

(01:00:57 AM) sensiblemn: forkbomb: did you hear that we seem to have found a free software first stage bootloader for the i9100G and that it doesn't seem to require any signature checks?
(01:01:27 AM) hpagseddy[m]: yes i compiled and ran it on my device with no problem
(01:01:59 AM) hpagseddy[m]: also fixed the old build a bit
(01:02:02 AM) hpagseddy[m]: >So i have an i9100g and compiled this without any errors in case you guys are interested
(01:05:55 AM) forkbomb: no, i didn't. very nice!
(01:06:35 AM) hpagseddy[m]: well i dont know how to use it so just compiled and flashed with odin
(01:06:45 AM) hpagseddy[m]: also one line fix hehe
(01:07:33 AM) hpagseddy[m]: it compiled with no problem on 4.6 gcc
(01:14:47 AM) sensiblemn: hpagseddy: it is my understanding that, since x-loader is EOL, and since Replicant wants to upstream as much code as we can, we would have to upstream what x-loader is doing into u-boot SPL, which i don't know how long it would take to do. the fact that very similar devices are already in upstream u-boot likely will help though, if we decide to pursue it.
(01:16:01 AM) hpagseddy[m]: Since it is open source, it is ok to keep it untill we have the device booted in my opinion
(01:16:17 AM) sensiblemn: yes, for sure.
(01:17:00 AM) hpagseddy[m]: but well last decision is yours since you guys are the replicant devs :)

h3. LineageOS support

(01:22:29 AM) sensiblemn: hpagseddy: have you tested LineageOS 13 on the device before?
(01:23:21 AM) hpagseddy[m]: yes it had several issues but performance was good
(01:23:33 AM) hpagseddy[m]: it had audio error which was so annoying
(01:23:41 AM) hpagseddy[m]: 12.1 was best
(01:24:22 AM) sensiblemn: what kind of audio error?
(01:25:51 AM) hpagseddy[m]: audio was some kind of disorted
(01:39:01 AM) sensiblemn: hpagseddy: did you notice any other issues?
(01:39:11 AM) sensiblemn: with 13?
(01:40:13 AM) hpagseddy[m]: Gps doesnt work
(01:40:18 AM) hpagseddy[m]: Night mode doesnt work

01:56 <@GNUtoo> Did LineageOS or Cyanogenmod support it at some point?
01:57 < hpagseddy[m]> Cyanogenmod untill 13.0
01:57 < hpagseddy[m]> Omnirom 4.4 and 5.0.2
01:57 <@GNUtoo> ok, that explains why LineageOS has some stuff on it but nothing on the wiki
01:57 < hpagseddy[m]> thats all i remember and tested
01:58 < hpagseddy[m]> GNUtoo: yeah they just forked it and it just stays there
01:59 < hpagseddy[m]> but 12.1 is still cyanogen
02:00 < sensiblemn> there was an attempt made at 14.1 but it seems like it was unsuccessful because it wouldn't boot
02:00 < sensiblemn>
02:00 < hpagseddy[m]> also someone rebased cm11 to lineage 11

h3. TODO: look at omap-usb-tool patches and merge them or ask for sending patches for review

(01:19:56 AM) sensiblemn: GNUtoo: this looks like omap-usb-tool but it was recently updated
(01:21:37 AM) hpagseddy[m]: hmm, he forked this repo from
(01:22:03 AM) hpagseddy[m]: so he added sd card booting
(01:22:09 AM) hpagseddy[m]: and some fixed
(01:22:13 AM) hpagseddy[m]: fixes*
(01:22:25 AM) GNUtoo:
(01:22:29 AM) GNUtoo: but it seems down right nw
(01:22:32 AM) GNUtoo: *right now

h3. Diff between the samsung xloader and hpagseddy xloader

hpagseddy's fork consists of Samsung source code with the addition of "a fix to enable to build it (with more modern gcc?)": .

h2. Partitions

The PIT  of the Galaxy SII (GT-I9100G) can be found in the [[GalaxySIII9100GPit]] page.

|_. PIT |_. Linux name |_. mount point |_. partition type |_. block device |_. Description |
| MLO |\2. Not visible on Linux | | | First stage of bootloader |
|\2. EFS | | | mmcblk0p1 | modem data partition |
|\2. SBL1 | | | mmcblk0p2 | |
|\2. SBL2 | | Empty | mmcblk0p3 | |
|\2. PARAM  | | | mmcblk0p4 | |
|\2. KERNEL | None | zImage | mmcblk0p5 | boot partition, See [[IsorecRecoveryIssue]] for more details |
|\2. RECOVERY | None | | mmcblk0p6 | recovery partition, See [[IsorecRecoveryIssue]] for more details |
|\2. CACHE| | | mmcblk0p7 | Android cache partition |
|\2. MODEM| | | mmcblk0p8 | modem firmware partition |
|\2. FACTORYFS| | | mmcblk0p9 | Android system partition |
|\2. DATAFS| | | mmcblk0p10 | Android application data |
|\2. UMS | | | mmcblk0p11 | user data (music, pictures, etc) |
|\2. HIDDEN | | | mmcblk0p12 | contains some data, and Samsung APK |

This was constructed from the PIT, TODO: check the partitions content

h3. MLO

On a I9100G_CHN_CHN with Android 2.3.6 with the OMAP reported as being in HS mode we have:
--- Entry #0 ---
Binary Type: 0 (AP)
Device Type: 2 (MMC)
Identifier: 1
Attributes: 0 (Read-Only)
Update Attributes: 0
Partition Block Size/Offset: 0
Partition Block Count: 0
File Offset (Obsolete): 0
File Size (Obsolete): 0
Partition Name: X-loader
Flash Filename: MLO
FOTA Filename: 

This doesn't give any indication of where is MLO, but it's clearly visible with an hexadecimal editor like vbindiff.

|_. Offset from mmcblk0 |_. size |_. comments |
| 0x20000 (256k) | 256k | MLO + potentially other stuff |
| 0x40000 (512k) | 256k | MLO + potentially less other stuff |

Though SBL1 and SBL2 have location and size reported my the bootloader with heimdall print-pit:
--- Entry #2 ---
Binary Type: 0 (AP)
Device Type: 2 (MMC)
Identifier: 2
Attributes: 0 (Read-Only)
Update Attributes: 0
Partition Block Size/Offset: 49152
Partition Block Count: 4096
File Offset (Obsolete): 0
File Size (Obsolete): 0
Partition Name: SBL1
Flash Filename: Sbl.bin
FOTA Filename: 

--- Entry #3 ---
Binary Type: 0 (AP)
Device Type: 2 (MMC)
Identifier: 3
Attributes: 0 (Read-Only)
Update Attributes: 0
Partition Block Size/Offset: 53248
Partition Block Count: 4096
File Offset (Obsolete): 0
File Size (Obsolete): 0
Partition Name: SBL2
Flash Filename: 
FOTA Filename: 

h2. Recovery

The device is not supported by TWRP, but it was supported by cyanogenmod recoveries:

That recovery is a zImage. Note that this recovery may not be FSDG compliant, so the first step would be to make a Replicant recovery for this device/

h2. CyanogenMod support and stock Android with the version that has a signed bootloader

According to the "I9100G CyanogenMod installation instructions": , "Users running Android 2.3 on their I9100G MUST first upgrade to stock Android 4.x before installing CyanogenMod, or the device won't boot into the system due to it relying on a newer bootloader. A 4.1 bootloader is recommended." 

However this approach has several issues.

The update doesn't work anymore. 

It also requires you to put a SIM card in the device, which results in privacy issues.

In addition to that, it requires you to give the device a network connection, knowing that the device is running a proprietary Android distribution.

Once you do that it still fails with "Processing failed".

Right before the failure you can see "Signup for a Samsung account" on the top of the window with "Terms and conditions".

So it probably tries to access some page like which doesn't exist anymore, and it probably does that to show terms and conditions which were probably unacceptable. 

They might also have legally prevented you to work on some part of Replicant if you agreed to them, depending on the country you are located in or you intend to travel to.

This is most probably not an issue with the versions that don't have a signed bootloader as the first stage bootloader could simply be replaced by a free software xloader.

h2. Bootloaders

See [[GTI9100GBootloaderFreedom]] and [[GTI9100GBootloaderInterface]]

h2. Hardware

h3. Sumary

As far is we get from what we've seen on the motherboard itself, here are our guesses about chips and what they do:

* 6030B1A5 21ZEDL9G2 G1 --- Power IC based on sellers on the web
* TWL6040A2 22AH9SW G2 --- Audio codec made by TI
* I9811 V 1.0B XG626 F2076538  --- Modem IC
* SAMSUNG 210 KMVYLOOOLM-B503 --- EMMC Chip 16GB based on this forum thread
* K3PE7E700D-XGC1 --- DDR DRAM chip, most likely 1GB

h3. PCB details

Chips markings:

Ti logo

TI logo
22AH9SW G2

I'm not sure about G1, maybe it's Gi or G|

V 1.0B
And on the right side, there is F2076538 written.

There is a small battery soldered. That might be interesting if it's able to keep the correct time when the battery is removed. 
If not you need to run then to turn off the phone and remove the battery, and then put on the battery, set the correct time, and then

K3PF7E700 XGC1

There are with many capacitors around

Links about similar chips:
* Interesting

The links talk about things like LPDDR2. The links are not for the same chip but, for the second part number, the reference is pretty close ( K3PE7E700M-XGC1 )

The third link has a description with "Mobile DRAM LPDDR2" and "Package: FBGA" 

FBGA is "Fine Ball Grid Array based on ball grid array technology. It has thinner contacts and is mainly used in system-on-a-chip designs" "according to wikipedia":

SOC (and eMMC?):
Maybe MDL5 15

I'm not 100% sure of the last line (Maybe MDL5 15) as there are stuff printed with a blue ink on top (040321)

* Some links talk about "CPU":
* Other eMMC:

h2. Links

* "Official support for CyanogenMod":
* "Unofficial LineageOS 13 for the I9100G":
** "Source code for it":
* Infos on the bootloader:
* "Infos on xloader and how to make a serial port adapter":

Updated by Denis 'GNUtoo' Carikli about 4 years ago · 74 revisions

Also available in: PDF HTML TXT