Open hanguofu opened 5 years ago
As a big side note for future, I recommend to use RAM directly without affecting ROM if you don't want to recover your corrupted bootloader from device for each trying of course.
write bl2_file 0xd9000000 // bl2
write uboot_tpl_file 0x200c000 // tpl to ddr
write usbbl2runpara_file 0xd900c000 // for booting tpl from 0x200c000
0xd9000000 <<< ddr run
0xd900c000 << +c000
0x200c000 << 0x2000000 (u-boot map) + c000
Actual addresses may be different for your platform, therefore you need to check it from manifest from any firmware image to your device after unpacking it, for example, via AmlImagePack tool:
AmlImagePack -d flashable.img ./dir
Also note, BL2 may prevent corruption of bootloader when you're trying via official flasher. Because flasher (usb burning tool or how it was named, I don't remember) starts like ~ bootloader -> then with BL2 will try to execute directly from RAM and it will abort anything if they have any problem, or it will finally commit changes to ROM.
Seems this is what I'm talking about:
with USB_Burning_Tool , the process stops at 1% with error : [0x10103005]Romcode/initialize DDR/download data/reading image failed
To the question:
Is there any way to retrieve the above parameters/packages from the original bootloader ( dumped with dd command ) ?
Yes, of course, https://github.com/3F/aml_s905_uboot#arm-trusted-firmware
before sequence [010064AA] ~ u-boot.bin.usb.bl2 (BL2)
Second part, starting with `010064AA` is UBOOT.USB ~ u-boot.bin.usb.tpl
But looks like your attached bootloader is encrypted. I'm not sure (I don't see @AMLрї
sign) and you're talking about s905d that I did not inspect as I already said (s905, s905x, s905d, are not the same).
Anyway, there are something different with your case before my 010064AA:
0018A690 07 0B 08 0D 12 12 2A 08 01 00 00 00 00 00 24 24 ......*.......$$
0018A6A0 00 00 00 00 00 44 A4 00 00 80 [ 01 00 64 AA ] 00 00 .....D¤..Ђ..dЄ..
.........................................^ at 0x18A6AA
So you can't separate it manually as in my readme.
More probably, you need to decrypt this before. Try to ask on XDA for your s905d platform to be sure.
Rehashing the header can also help for your case. Here I mentioned about this.
try this:
aml_encrypt_gxb --bootsig --input bootloader.img --output u-boot_new.bin
btw, this should also prepare/extract separated bl2/tpl
u-boot_new.bin -- updated full image
u-boot_new.bin.usb.bl2 -- DDR.USB
u-boot_new.bin.usb.tpl -- UBOOT.USB
just try
However,
If you only need to restore your device, I recommend Access mode for your emmc,
When u-boot/ddr is corrupted, we can try to switch memory controller into access mode
then just rewrite an working bootloader from any related firmware.
Do you fix it ?
I tried to build my own bootloader with the official tooltrain buildroot from amlogic and the tool did generate a bunch of images : u-boot.bin , ... , aml_upgrade_package.img , ...etc.
But when I tried to burn the aml_upgrade_package.img with USB_Burning_Tool , the process stops at 1% with error : [0x10103005]Romcode/initialize DDR/download data/reading image failed
Then I tried the step-by-step way described at https://github.com/Stane1983/aml-linux-usb-burn/issues/1 , but the process stops at the following command : .\update.exe write C:\webrtc_doc\s905_doc\build_armbian\buildroot_3_14_29\original_images\u-boot.bin.usb.tpl 0x200c000
usbWriteFile len=4096,ret=-5 error_msg=libusb0-dll:err [submit_async] submitting request failed, win error: target does not work. ERR: write data to device failed
I wonder if one of the following files does not match my TV box : u-boot.bin.usb.bl2 ( DDR ) ---- built with the builroot toolchain u-boot.bin.usb.tpl ( UBOOT) ---- built with the builroot toolchain usbbl2runpara_ddrinit.bin --- download from https://github.com/khadas/utils/tree/master/aml-flash-tool/tools usbbl2runpara_runfipimg.bin
Is there any way to retrieve the above parameters/packages from the original bootloader ( dumped with dd command ) ?
bootloader.zip