IRC log for #htc-linux on 20070802

00:08.14*** join/#htc-linux Hawk|- (n=Hawk@p5B179530.dip0.t-ipconnect.de)
01:09.14*** join/#htc-linux ImCoKeMaN (n=imcokema@pool-71-251-148-185.hrbgpa.fios.verizon.net)
01:28.36ImCoKeMaNanyone here feel like schooling someone to learn more advanced features in haret for the HTC -TITAN?  (aka-mogul)
01:38.27Kevin2ImCoKeMaN: What are you looking to do?
01:39.26ImCoKeMaNwell in all honesty i want to develop a method of a soft bootloader for the device
01:39.43ImCoKeMaNi don't need to have linux on it, but i'm willing to learn that in the process
01:40.12ImCoKeMaNI also have an htc-apache that i could use for learning, but right now i can't even dump the GPIOs from teh mogul
01:41.06Kevin2What kind of cpu does the TITAN have?
01:41.17ImCoKeMaNmsm7500 qualcomm
01:41.33Kevin2Oohh.  That's new.  What happens when you run haret on it?
01:41.37ImCoKeMaNhaven't seen much support for it, but i'll try whatever is helpful
01:41.48ImCoKeMaNi am able to telnet in with my PC and run commands
01:42.08ImCoKeMaNi was also able to create a startup.txt to dump the bootloader from a WM5 device
01:42.56Kevin2Great!  You're the first success report.  Can you create a file "earlyharetlog.txt" in the same directory as haret.exe and post the resulting "haretlog.txt" file?  (Preferably mail it to haret@handhelds.org)
01:43.29Kevin2Oh, and make sure you're using the latest haret..
01:43.35ImCoKeMaN0.4.8?
01:43.40ImCoKeMaNor a nightly build?
01:43.45ImCoKeMaNi have both heh
01:43.50Kevin2http://handhelds.org/~koconnor/haret/haret-20070730.exe
01:44.04ImCoKeMaNok, damnit not that new lol
01:44.09Kevin2Nightly build is also good.
01:45.17ImCoKeMaNok lemme load that sucker up
01:46.25Kevin2Do you know of any docs for that cpu?  Finding the irq and gpio registers is key.
01:48.33ImCoKeMaNi have seen a little documentation, but not the gpio registers....i did a ram dump though and if you can hit it from there with hex editor it might help
01:48.42ImCoKeMaNso what do you want in that txt file?
01:49.11ImCoKeMaNi haven't run it with a zimage
01:51.18Kevin2Just create an empty file "earlyharetlog.txt" -- its presence triggers early logging in haret.
01:51.54ImCoKeMaNok, well all it sent me was: ===== HaRET pre-0.4.9-20070730_201515 =====
01:53.34Kevin2haret didn't launch?
01:54.52ImCoKeMaNok nevermind grabbed the file too early
01:55.41Kevin2BTW, what do you mean by "soft bootloader"?
01:57.03ImCoKeMaNi want to make it possible to load custom WM6 rom's on the phone
01:57.09ImCoKeMaNthey have done this with the hermes
01:58.06ImCoKeMaNafter being able to load it to ram i'd need to use a modified SPL (bootloader) to flash the new rom to bypass CID and certificate checking
01:58.55ImCoKeMaNif all i get is a lot of device info though i will still consider it a successful endeavor, i'm always up for learning new stuff
01:59.58Kevin2Okay.  I think 'pof' did a lot of work with the bootloaders on other phones.
02:00.45Kevin2Can you telnet into the phone and run "wi 1"?
02:01.48ImCoKeMaNshould i delete that txt file before doing much else or does it matter?
02:02.25Kevin2It doesn't really matter, but yeah, you can delete the earlyharetlog.txt file.
02:03.13ImCoKeMaNlooks to be stopped at: Restoring windows exception handlers...
02:03.59ImCoKeMaNi sent the log to you
02:04.54ImCoKeMaNhere's what i got from wi 1
02:04.57ImCoKeMaNHaRET(1)# wi 1
02:04.57ImCoKeMaNirq:8001af38@A02943F8=809a90c4 abort:8000104c@A02943F0=809a90e8 prefetch:8001aaa
02:04.57ImCoKeMaN8@A02943EC=809a9114 data=80978000 sizes=c:000010a8,t:000350a8
02:04.57ImCoKeMaNBeginning memory tracing.
02:04.57ImCoKeMaNReplacing windows exception handlers...
02:04.57ImCoKeMaNFinished installing exception handlers.
02:05.01ImCoKeMaNRestoring windows exception handlers...
02:05.25Kevin2Did the phone lock up?
02:05.28ImCoKeMaNyup
02:05.44ImCoKeMaNit's reset now though
02:06.38Kevin2Okay - probably because we don't have a cpuflushcache for your arm cpu type - that can be fixed.
02:07.49ImCoKeMaNYay, i've been reading and reading and wasn't able to get very far on this one myself since i'm doing the trailblazing and haven't even used it before
02:08.34Kevin2Can you run "dump cp(15)"?
02:09.36ImCoKeMaNEXCEPTION on access to coprocessor 15 register 8
02:09.36ImCoKeMaNc00: 4107b364 | c08: ffffffff
02:09.36ImCoKeMaNc01: 0085387f | c09: fffffff0
02:09.36ImCoKeMaNc02: 10290000 | c10: 00000000
02:09.36ImCoKeMaNc03: 00000001 | c11: 00000003
02:09.43ImCoKeMaNEXCEPTION on access to coprocessor 15 register 4
02:09.43ImCoKeMaNEXCEPTION on access to coprocessor 15 register 12
02:09.43ImCoKeMaNc04: ffffffff | c12: ffffffff
02:09.43ImCoKeMaNc05: 00000005 | c13: 18000000
02:09.50ImCoKeMaNEXCEPTION on access to coprocessor 15 register 14
02:09.50ImCoKeMaNc06: 083bb73c | c14: ffffffff
02:09.50ImCoKeMaNEXCEPTION on access to coprocessor 15 register 7
02:09.57ImCoKeMaNc07: ffffffff | c15: 00000000
02:12.31Kevin2That's really interesting - you're getting exceptions on cp15 accesses.
02:13.47Kevin2Can you run "addlist gpios cpsr" and then "watch gpios"
02:14.47ImCoKeMaNdid you get that? i kinda scrolled some...i also have a page from work this might be ~15 mins to dial in and check it
02:15.18ImCoKeMaNBeginning memory tracing.
02:15.18ImCoKeMaNWatching GPIOS(00): Insn e10f0000
02:15.18ImCoKeMaN000000: insn e10f0000=2000011f (00000000)
02:16.18Kevin2I got the cp15 registers if that is what you are asking.
02:21.43ImCoKeMaNok i'll just do some multi-tasking here since the page from work isn't descriptive and i have to wait for user to email back
02:22.51Kevin2So, haret can do quite a bit to explore the device.  It can read/write to memory.  It can also "watch" what reads and writes wm makes to memory - it can also "watch" interrupts that the hardware generates.
02:23.11Kevin2Without chipset docs, however, it will be an uphill battle.  The only think I can think of is to start disassembling things.
02:24.25Kevin2The omap850 processor is in a similar state.  It doesn't have chipset docs (though it is supposed to be similar to an earlier omap processor).  The phones using that chipset have been idle on the dev front for a couple years now.
02:26.13ImCoKeMaNhmm ok
02:27.12ImCoKeMaNi was wondering how to set it to start execution of code at a specific ram address
02:28.57Kevin2How to make haret jump to a code address?
02:30.45ImCoKeMaNyes
02:31.19ImCoKeMaNprobably something quite simple for people that were using it, and i thought i saw it once, but haven't been able to find it after i got what i wanted to test
02:31.37Kevin2Hrmm.  That isn't implemented.  You could modify haret to jump to an address pretty easily.
02:31.55ImCoKeMaNAlso i'm not sure what exact info i need to be able to do the recompiling...(same track i see)
02:32.21ImCoKeMaNi dled a lot from the CVS, but my VS2005 was puking whenever i tried to compile
02:32.31Kevin2If you want to run the bootloader again, you probably need to disable the MMU.  In that case, you want to look at what the linux bootloader does - see src/linboot.cpp
02:32.48Kevin2We now compile with cegcc - see the directions in the INSTALL file.
02:33.23Kevin2Do you have linux?  (Everyone else compiles haret via linux.)  If not, it should work from a cygwin environment, but no one has tried it.
02:35.04ImCoKeMaNalright i guess i'll do the haret work through that
02:35.36ImCoKeMaNi'd probly start up with knoppix or load it on one of my other boxes though
02:36.10Kevin2Yeah, you are better off trying to get it to run under linux.  The compile steps are pretty straight forward.
02:37.54ImCoKeMaNmight as well not complicate the trailblazing too much
02:38.34ImCoKeMaNby the way thank you for your help so far, i have a feeling i'll be needing quite a bit =)
02:38.51Kevin2No problem.
02:40.24ImCoKeMaNare there any other things i can run that will get a little more beggining info that might be needed?
02:41.04Kevin2try "help" and "help dump".  there are a bunch of process oriented commands you can play with (eg, "ps" and "lsmod").
02:42.40ImCoKeMaNyeah ps doesn't work
02:43.03ImCoKeMaNUnable to create tool help snapshot
02:43.17Kevin2Okay, that is odd.
02:48.19ImCoKeMaNthe lsmod works fine though
02:52.49Kevin2Can you try: http://handhelds.org/~koconnor/haret/haret-20070801.exe  -- It should detect an "arm v6" cpu now.
03:01.05Kevin2ImCoKeMaN: Actually, can you try http://handhelds.org/~koconnor/haret/haret-20070801b.exe -- I think this may fix "ps" but I'm not sure.
03:04.12ImCoKeMaNthe "b" version worked with ps!
03:04.29ImCoKeMaNboth versions detect it as generic ARM v6
03:05.31Kevin2Cool.  Can you see if "wi 1" works now?  (Very good chance it will still lockup the phone..)
03:05.44ImCoKeMaNHaRET(2)# wi 1
03:05.54ImCoKeMaNirq:8001af38@A02943F8=809a70c4 abort:8000104c@A02943F0=809a70e8 prefetch:8001aaa
03:05.54ImCoKeMaN8@A02943EC=809a7114 data=80976000 sizes=c:000010a8,t:000350a8
03:05.54ImCoKeMaNBeginning memory tracing.
03:05.54ImCoKeMaNReplacing windows exception handlers...
03:05.54ImCoKeMaNFinished installing exception handlers.
03:05.54ImCoKeMaNRestoring windows exception handlers...
03:05.54ImCoKeMaNFinished restoring windows exception handlers.
03:05.54ImCoKeMaNHandled 1002 irq, 376 abort, 71 prefetch, 0 lost, 0 errors
03:05.54ImCoKeMaNHaRET(3)#
03:06.35Kevin2Excellent!
03:07.29Kevin2So, you now have the ability to watch irqs and trace reads and writes that wm makes.  Of course, you still need to know which addresses have meaning.
03:08.17ImCoKeMaNi tried the watching GPIOs again and got a diff error:
03:08.17ImCoKeMaNHaRET(4)# addlist gpios cpsr
03:08.17ImCoKeMaNHaRET(5)# watch gpios 10
03:08.17ImCoKeMaNBeginning memory tracing.
03:08.17ImCoKeMaNWatching GPIOS(00): Insn e10f0000
03:08.17ImCoKeMaN000000: insn e10f0000=2000011f (00000000)
03:08.17ImCoKeMaN000000: insn e10f0000=2000001f (00000100)
03:08.17ImCoKeMaNTerminating haret due to unhandled exception (pc=1828fb2c)
03:08.29Kevin2Oh, another good command to run is "dump mmu".  This will show the mmu table.  There is a lot of output there.  You might want to post "dump mmu 1"  - it has less info.
03:12.24Kevin2Hrmm.  That is strange - the pc looks like it is in a library routine.  Not sure why it would do that.
03:13.12Kevin2Note though, the cpsr is just the processor status register - I was using the watch gpios thing just as a round about way to query that register.  It doesn't make much sense to "watch" it.  You'll need to find the gpio addresses to really make use of the "watch gpios" stuff.
03:15.07ImCoKeMaNyeah i'm thinking if i can find the GPIO info for a few of the button presses it would help me see where to start in the phone SPL also
03:24.14Kevin2Well, you can look through the output of "dump mmu 1" and then try to guess where the important registers are by watching interesting looking address ranges.
03:26.06Kevin2You'll likely get a lot of traffic though - gpios, irqs, ssp, etc. are all pretty high volume.  Not sure how one could tell them apart.
03:27.17Kevin2Disasembling the first part of the bootloader may help too - the boot loader usually fiddles with the gpios early in the boot.
03:32.58ImCoKeMaNyep, i'll need to do a lot of learning and testing.  So what's the best method for posting the info?  is there a section to post for the Titan?
03:34.57Kevin2Two wiki sites - handhelds.org or xda-developers.com - both are pretty good, but I prefer handhelds.org because it seems to have better ping times for me.
03:35.23Kevin2You can peruse through the other phones that are there.  People generally post all the info they find as they find it.
03:35.29ImCoKeMaNI'll try the handhelts org one.  i'm generally hanging around the PPCGeeks forum (started with teh Apache) and i'll probably add info there, but there aren't too many there that will be looking at Haret, i do go to XDA also, but they are generally for the GSM devices
03:36.15Kevin2Yeah.  I have a 6700 also (and I ported linux to it).  I found the handhelds.org site better for cdma.
03:40.42ImCoKeMaNgood work on the port the phone part has been given up on huh?
03:42.10Shadowmitekevin was a regular of my channel back then in his early porting days
03:42.22Shadowmiteheh, back when we still had rayban, phazen and luke around
03:42.23Shadowmite:(
03:42.36Shadowmiteit's been so hard to get myself motivated lately
03:42.43Kevin2Too time intensive.  I'm not really into disassembly.
03:42.49Kevin2Hi Shadowmite.
03:43.13Shadowmiteheya man... I'm still getting to the trinity port... give me time
03:43.15Shadowmitelol
03:43.24Shadowmitelearning arm native programming now
03:47.44ImCoKeMaNsounds like a useful thing to learn
03:48.55Shadowmiteit's been holding me back for quite a while not knowing a lot about it
03:50.25ImCoKeMaNi'm gonna need to learn a lot more about IDA and assembly, i only did a little bit in comp sci
04:06.35*** join/#htc-linux ltxdaMBL (n=ltxdaMBL@mea0cfa48.tmodns.net)
04:13.36Kevin2Good night.
04:20.56ImCoKeMaNnight kevin, thanks again!
05:36.01*** join/#htc-linux sadeness_ (n=LamersIn@nat1.rlan.ru)
05:40.24*** part/#htc-linux rmoravcik (n=rmoravci@ip-89-103-152-149.karneval.cz)
07:14.00*** join/#htc-linux rob_w (n=bob@Mb936.m.pppool.de)
08:31.51*** join/#htc-linux DTMonterrey (n=evandro@cornelius.estig.ipb.pt)
08:42.19*** join/#htc-linux dion (n=dion@inhex.net)
10:33.37*** join/#htc-linux goxboxlive (n=goxboxli@141.80-202-161.nextgentel.com)
11:56.53*** part/#htc-linux DTMonterrey (n=evandro@cornelius.estig.ipb.pt)
12:26.31*** join/#htc-linux drummer10630 (n=rubic@202.69.162.139)
12:36.21*** part/#htc-linux drummer10630 (n=rubic@202.69.162.139)
13:48.45SniZhttp://i109.photobucket.com/albums/n62/WG2006_2006/cut/a4c7a017a7f1876b1b97c0562ffa3974.jpg
14:46.16*** join/#htc-linux jeanseb (n=jeanseb@gazypan.dyndns.org)
15:18.54*** join/#htc-linux DTMonterrey (n=evandro@cornelius.estig.ipb.pt)
15:30.07*** join/#htc-linux robotician (n=dale@usr016.bb275-03.udp.im.wakwak.ne.jp)
15:30.52*** join/#htc-linux jeanseb (n=jeanseb@gazypan.dyndns.org)
15:53.21*** join/#htc-linux jeanseb (n=jeanseb@gazypan.dyndns.org)
16:24.21*** join/#htc-linux goxboxlive (n=goxboxli@141.80-202-161.nextgentel.com)
16:24.58*** join/#htc-linux goxboxlive (n=goxboxli@141.80-202-161.nextgentel.com)
16:28.40*** join/#htc-linux goxboxlive (n=goxboxli@141.80-202-161.nextgentel.com)
16:47.27*** join/#htc-linux RoEn (n=roen@p54A67E56.dip.t-dialin.net)
17:02.18*** join/#htc-linux scorpio16v (n=scorpio1@f048207254.adsl.alicedsl.de)
17:06.28*** join/#htc-linux rmoravcik (n=rmoravci@ip-89-103-152-149.karneval.cz)
17:07.18*** part/#htc-linux scorpio16v (n=scorpio1@f048207254.adsl.alicedsl.de)
17:19.08*** join/#htc-linux pH5 (n=ph5@e178204236.adsl.alicedsl.de)
17:20.00*** join/#htc-linux rmoravcik (n=rmoravci@ip-89-103-152-149.karneval.cz)
17:24.41*** part/#htc-linux DTMonterrey (n=evandro@cornelius.estig.ipb.pt)
17:35.25*** join/#htc-linux robotician (n=dale@usr016.bb275-03.udp.im.wakwak.ne.jp)
18:20.56*** join/#htc-linux dion (n=dion@inhex.net)
19:24.53*** join/#htc-linux goxboxlive (n=goxboxli@141.80-202-161.nextgentel.com)
19:28.23*** join/#htc-linux goxboxlive (n=goxboxli@141.80-202-161.nextgentel.com)
19:36.38*** join/#htc-linux goxboxlive (n=goxboxli@141.80-202-161.nextgentel.com)
20:18.11*** join/#htc-linux skodde (n=skodde@unaffiliated/skodde) [NETSPLIT VICTIM]
20:18.11*** join/#htc-linux TBBle (n=tbble@2001:388:f000:0:0:0:0:2d) [NETSPLIT VICTIM]
20:18.11*** join/#htc-linux the_sys0p (n=the_sys0@cpe-66-75-196-173.bak.res.rr.com) [NETSPLIT VICTIM]
20:23.53*** join/#htc-linux skodde (n=skodde@unaffiliated/skodde) [NETSPLIT VICTIM]
20:23.53*** join/#htc-linux TBBle (n=tbble@2001:388:f000:0:0:0:0:2d) [NETSPLIT VICTIM]
20:23.53*** join/#htc-linux the_sys0p (n=the_sys0@cpe-66-75-196-173.bak.res.rr.com) [NETSPLIT VICTIM]
21:17.16*** join/#htc-linux ImCoKeMaN (n=imcokema@pool-71-251-148-185.hrbgpa.fios.verizon.net)
21:30.04*** join/#htc-linux AdamPal (n=adam@adam.loc2.apnicsolutions.com)
21:30.25AdamPalHello there, please help! I think I have bricked my poor HERMES
21:30.44AdamPalBoot up goes straight to RGB screen
21:30.50AdamPalHERM300, IPL-1.01, SPL-1.40.Olipro
21:31.06*** join/#htc-linux wireddd (n=wired@97-81-78-105.dhcp.athn.ga.charter.com)
21:37.08AdamPalAnyone here?
22:08.33*** join/#htc-linux bd2 (n=cbou@89.113.85.104)
22:09.10AdamPalPlease? Someone?
22:35.28*** join/#htc-linux BabelO (n=Fabrice@lun34-2-82-238-28-28.fbx.proxad.net)
22:36.49BabelOhi
22:38.25BabelOljp around ?
22:39.05ImCoKeMaNthere is a program on the xda wiki called uni exit bootloader that should fix it
22:39.47Shadowmiteor just set 14 0
22:39.49Shadowmite:)
22:40.03BabelOhi ImCoKeMaN
22:40.07BabelOhi Shadowmite
22:40.12ImCoKeMaNhey
22:40.22BabelOImCoKeMaN: that's you with qualcom ?
22:40.48BabelOyes ;)
22:41.09ImCoKeMaNthe msm7500?
22:41.10ImCoKeMaNyeah
22:42.15BabelOah it is only cdma :(
22:42.35ImCoKeMaNwell, to me its not "only" cdma...
22:42.52BabelOyes, i know, sorry ;)
22:43.18ImCoKeMaNbut i know why many feel that way =)
22:43.19BabelOi just say that because i read that kevin2 say it is like omap850
22:44.49ImCoKeMaNi thouhgt i saw something in documentation about GSM, but i'm not really sure...not too much out there yet
22:45.14BabelOthere is some people that have some success with omap850 gsm
22:47.35ImCoKeMaNwell i'm just starting to learn the haret stuff, but i also have an apache that i can use to practice on
22:51.27ImCoKeMaNit's crazy how fast kevin modded the haret for the msm7500
22:52.08BabelOyes, i see that , very very fast ;)
22:54.11BabelOi have an omap850 based phone now...
22:55.15ImCoKeMaNwizard?
22:55.49BabelOno, at start it was a htc touch, and it finsh with a artemis :)
22:56.53ImCoKeMaNcool
22:59.53ljpBabel0: pong
22:59.56BabelOyes, now need some linux kernel compile
22:59.59BabelOhi ljp
23:01.09BabelOljp: i have a problem with dialer.xml file today... i don't understand the use of keypad="xxx"
23:08.55ljpthat means if you are in keypad mode, the dialer wont show
23:09.15ljpif ="no"
23:10.09BabelOljp: ok, i ve done something wrong with that :( when i resuse the xml, load always fails because of that
23:13.17ljphmm
23:17.14BabelOljp: i also write some lines for the trolltech greenphone about a small software i want to do ;)
23:17.57BabelObut need to finish this app i have some time soon to do that
23:28.13BabelOgood night

Generated by irclog2html.pl Modified by Tim Riker to work with infobot.