Cannot retrieve PIT from Galaxy S4 GT-I9500

[stac47]

Hello,

I am working on the following issue. I open his ticket to follow the progress up. I hope I will be able to find something.

So let's start with the scenario.

I simply would like to use Heimdall from my Debian Jessie. For the moment, a simple command is to retrieve and display the PIT.

$heimdall print-pit

stac@mercure:~/develoment/Heimdall/heimdall$ ./heimdall detect
Device detected
stac@mercure:~/develoment/Heimdall/heimdall$ ./heimdall print-pit
Heimdall v1.4.0

Copyright (c) 2010-2013, Benjamin Dobell, Glass Echidna
http://www.glassechidna.com.au/

This software is provided free of charge. Copying and redistribution is
encouraged.

If you appreciate this software and you would like to support future
development please consider donating:
http://www.glassechidna.com.au/donate/

Initialising connection...
Detecting device...
Claiming interface...
Attempt failed. Detaching driver...
Claiming interface again...
Setting up interface...

Initialising protocol...
ERROR: Failed to send data!Releasing device interface...
Re-attaching kernel driver...

If I do it twice here is the output:

stac@mercure:~/develoment/Heimdall/heimdall$ ./heimdall print-pit
Heimdall v1.4.0

Copyright (c) 2010-2013, Benjamin Dobell, Glass Echidna
http://www.glassechidna.com.au/

This software is provided free of charge. Copying and redistribution is
encouraged.

If you appreciate this software and you would like to support future
development please consider donating:
http://www.glassechidna.com.au/donate/

Initialising connection...
Detecting device...
Claiming interface...
Setting up interface...
libusbx: error [op_set_interface] setintf failed error -1 errno 71
ERROR: Setting up interface failed!
Releasing device interface...

In the same time here is the kernel output:

[ 4249.292070] usb 3-1: new high-speed USB device number 4 using ehci-pci
[ 4249.425119] usb 3-1: New USB device found, idVendor=04e8, idProduct=685d
[ 4249.425133] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=0
[ 4249.425143] usb 3-1: Product: Gadget Serial
[ 4249.425153] usb 3-1: Manufacturer: SAMSUNG
[ 4249.511956] cdc_acm 3-1:1.0: This device cannot do calls on its own. It is not a modem.
[ 4249.512845] cdc_acm 3-1:1.0: ttyACM0: USB ACM device
[ 4249.514207] usbcore: registered new interface driver cdc_acm
[ 4249.514217] cdc_acm: USB Abstract Control Model driver for USB modems and ISDN adapters

First I thought it was the 1.4RC1 from official Debian Jessie repo. So I took the up-to-date code compiled it and run it with, unfortunately, the same result.

Following the results on my computer and reading of other tickets, I first try to look on libusb side. I don't have any MS Windows to proceed the procedure from youtube.

I recompiled this lib and run the heimdall with the debug mode activated. Here is the debug log:

[https://gist.github.com/stac47/6856451#file-debuglog-txt]

I was at this step, thinking this was a problem on my local machine. So I tried to do the same with my old Galaxy S1. And this worked perfectly. Hereafter is an excerpt from dmesg. We can see that instead of usbserial driver in the working case, in the bad case it is cdc_acm driver. I don't know if this is normal. So perhaps there is an hidden setting on the device. (I already made many tests with the trick *#0808#, but without any good result).

[11632.956069] usb 3-1: new high-speed USB device number 5 using ehci-pci
[11633.158368] usb 3-1: New USB device found, idVendor=04e8, idProduct=6601
[11633.158382] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=0
[11633.158392] usb 3-1: Product: Gadget Serial
[11633.158402] usb 3-1: Manufacturer: SAMSUNG
[11633.159597] cdc_acm 3-1:2.0: This device cannot do calls on its own. It is not a modem.
[11633.159828] cdc_acm 3-1:2.0: ttyACM0: USB ACM device
[11633.276788] usbcore: registered new interface driver usbserial
[11633.277450] usbcore: registered new interface driver usbserial_generic
[11633.278111] usbserial: USB Serial support registered for generic
[11633.292596] usbcore: registered new interface driver visor
[11633.293254] usbserial: USB Serial support registered for Handspring Visor / Palm OS
[11633.293903] usbserial: USB Serial support registered for Sony Clie 5.0
[11633.294560] usbserial: USB Serial support registered for Sony Clie 3.5
[11656.355415] usb 3-1: USB disconnect, device number 5

My conclusion is that the problem lies between heimdall libusb and the device. Next step is probably a big stage of debugging.

I will continue on this topic. If someone has any idea to submit, don't hesitate. Regards,

Stac

[stac47]

Maybe it is linked to issue #152 as we can see in the following log.

stac@mercure:~/develoment/Heimdall/heimdall$ sudo ./heimdall print-pit --verbose --usb-log-level debug
Heimdall v1.4.0

Copyright (c) 2010-2013, Benjamin Dobell, Glass Echidna
http://www.glassechidna.com.au/

This software is provided free of charge. Copying and redistribution is
encouraged.

If you appreciate this software and you would like to support future
development please consider donating:
http://www.glassechidna.com.au/donate/

Initialising connection...
Detecting device...
[timestamp] [threadID] facility level [function call] <message>
--------------------------------------------------------------------------------
[ 0.005571] [00000d98] libusbx: debug [libusb_get_device_list] 
[ 0.006432] [00000d98] libusbx: debug [libusb_get_device_descriptor] 
[ 0.006719] [00000d98] libusbx: debug [libusb_open] open 4.2
[ 0.007102] [00000d98] libusbx: debug [usbi_add_pollfd] add fd 11 events 4
[ 0.007421] [00000d98] libusbx: debug [libusb_get_device_descriptor] 
[ 0.007721] [00000d98] libusbx: debug [add_to_flying_list] arm timerfd for timeout in 1000ms (first in line)
[ 0.008187] [00000d99] libusbx: debug [linux_udev_event_thread_main] udev event thread entering.
[ 0.008370] [00000d98] libusbx: debug [libusb_handle_events_timeout_completed] doing our own event handling
[ 0.008892] [00000d98] libusbx: debug [handle_events] poll() 4 fds with timeout in 60000ms
[ 0.009177] [00000d98] libusbx: debug [handle_events] poll() returned 1
[ 0.009460] [00000d98] libusbx: debug [reap_for_handle] urb type=2 status=0 transferred=4
[ 0.009748] [00000d98] libusbx: debug [handle_control_completion] handling completion status 0
[ 0.010025] [00000d98] libusbx: debug [disarm_timerfd] 
[ 0.010188] [00000d98] libusbx: debug [usbi_handle_transfer_completion] transfer 0x840f734 has callback 0xb77844c0
[ 0.010227] [00000d98] libusbx: debug [sync_transfer_cb] actual_length=4
[ 0.010407] [00000d98] libusbx: debug [add_to_flying_list] arm timerfd for timeout in 1000ms (first in line)
[ 0.010505] [00000d98] libusbx: debug [libusb_handle_events_timeout_completed] doing our own event handling
[ 0.010545] [00000d98] libusbx: debug [handle_events] poll() 4 fds with timeout in 60000ms
[ 0.010710] [00000d98] libusbx: debug [handle_events] poll() returned 1
[ 0.010750] [00000d98] libusbx: debug [reap_for_handle] urb type=2 status=0 transferred=16
[ 0.010923] [00000d98] libusbx: debug [handle_control_completion] handling completion status 0
[ 0.010961] [00000d98] libusbx: debug [disarm_timerfd] 
[ 0.010995] [00000d98] libusbx: debug [usbi_handle_transfer_completion] transfer 0x840f734 has callback 0xb77844c0
[ 0.011029] [00000d98] libusbx: debug [sync_transfer_cb] actual_length=16
      Manufacturer: "SAMSUNG"
[ 0.011097] [00000d98] libusbx: debug [add_to_flying_list] arm timerfd for timeout in 1000ms (first in line)
[ 0.011319] [00000d98] libusbx: debug [libusb_handle_events_timeout_completed] doing our own event handling
[ 0.011360] [00000d98] libusbx: debug [handle_events] poll() 4 fds with timeout in 60000ms
[ 0.011589] [00000d98] libusbx: debug [handle_events] poll() returned 1
[ 0.011633] [00000d98] libusbx: debug [reap_for_handle] urb type=2 status=0 transferred=4
[ 0.011668] [00000d98] libusbx: debug [handle_control_completion] handling completion status 0
[ 0.011702] [00000d98] libusbx: debug [disarm_timerfd] 
[ 0.011735] [00000d98] libusbx: debug [usbi_handle_transfer_completion] transfer 0x840f734 has callback 0xb77844c0
[ 0.011896] [00000d98] libusbx: debug [sync_transfer_cb] actual_length=4
[ 0.011943] [00000d98] libusbx: debug [add_to_flying_list] arm timerfd for timeout in 1000ms (first in line)
[ 0.012208] [00000d98] libusbx: debug [libusb_handle_events_timeout_completed] doing our own event handling
[ 0.012469] [00000d98] libusbx: debug [handle_events] poll() 4 fds with timeout in 60000ms
[ 0.012518] [00000d98] libusbx: debug [handle_events] poll() returned 1
[ 0.012556] [00000d98] libusbx: debug [reap_for_handle] urb type=2 status=0 transferred=28
[ 0.012591] [00000d98] libusbx: debug [handle_control_completion] handling completion status 0
[ 0.012624] [00000d98] libusbx: debug [disarm_timerfd] 
[ 0.012658] [00000d98] libusbx: debug [usbi_handle_transfer_completion] transfer 0x840f734 has callback 0xb77844c0
[ 0.013183] [00000d98] libusbx: debug [sync_transfer_cb] actual_length=28
           Product: "Gadget Serial"

            length: 18
      device class: 2
               S/N: 0
           VID:PID: 04E8:685D
         bcdDevice: 021B
   iMan:iProd:iSer: 1:2:0
          nb confs: 1
[ 0.013409] [00000d98] libusbx: debug [libusb_get_config_descriptor] index 0

interface[0].altsetting[0]: num endpoints = 1
   Class.SubClass.Protocol: 02.02.01
       endpoint[0].address: 83
           max packet size: 0010
          polling interval: 09

interface[1].altsetting[0]: num endpoints = 2
   Class.SubClass.Protocol: 0A.00.00
       endpoint[0].address: 81
           max packet size: 0200
          polling interval: 00
       endpoint[1].address: 02
           max packet size: 0200
          polling interval: 00
Claiming interface...
[ 0.013780] [00000d98] libusbx: debug [libusb_claim_interface] interface 1
Attempt failed. Detaching driver...
[ 0.013839] [00000d98] libusbx: debug [libusb_detach_kernel_driver] interface 1
Claiming interface again...
[ 0.018226] [00000d98] libusbx: debug [libusb_claim_interface] interface 1
Setting up interface...
[ 0.018257] [00000d98] libusbx: debug [libusb_set_interface_alt_setting] interface 1 altsetting 0

Initialising protocol...
[ 0.018741] [00000d98] libusbx: debug [add_to_flying_list] arm timerfd for timeout in 1000ms (first in line)
[ 0.018763] [00000d98] libusbx: debug [libusb_handle_events_timeout_completed] doing our own event handling
[ 0.018772] [00000d98] libusbx: debug [handle_events] poll() 4 fds with timeout in 60000ms
[ 0.018901] [00000d98] libusbx: debug [handle_events] poll() returned 1
[ 0.018914] [00000d98] libusbx: debug [reap_for_handle] urb type=2 status=0 transferred=0
[ 0.018922] [00000d98] libusbx: debug [handle_control_completion] handling completion status 0
[ 0.018930] [00000d98] libusbx: debug [disarm_timerfd] 
[ 0.018939] [00000d98] libusbx: debug [usbi_handle_transfer_completion] transfer 0x840d9c4 has callback 0xb77844c0
[ 0.018947] [00000d98] libusbx: debug [sync_transfer_cb] actual_length=0
[ 0.018958] [00000d98] libusbx: debug [add_to_flying_list] arm timerfd for timeout in 1000ms (first in line)
[ 0.018976] [00000d98] libusbx: debug [libusb_handle_events_timeout_completed] doing our own event handling
[ 0.018985] [00000d98] libusbx: debug [handle_events] poll() 4 fds with timeout in 60000ms
[ 1.019014] [00000d98] libusbx: debug [handle_events] poll() returned 1
[ 1.019073] [00000d98] libusbx: debug [handle_events] timerfd triggered
[ 1.019102] [00000d98] libusbx: debug [libusb_cancel_transfer] 
[ 1.019464] [00000d98] libusbx: debug [disarm_timerfd] 
[ 1.019499] [00000d98] libusbx: debug [libusb_handle_events_timeout_completed] doing our own event handling
[ 1.019521] [00000d98] libusbx: debug [handle_events] poll() 4 fds with timeout in 60000ms
[ 1.019545] [00000d98] libusbx: debug [handle_events] poll() returned 1
[ 1.019569] [00000d98] libusbx: debug [reap_for_handle] urb type=2 status=-2 transferred=0
[ 1.019588] [00000d98] libusbx: debug [handle_control_completion] handling completion status -2
[ 1.019606] [00000d98] libusbx: debug [usbi_handle_transfer_cancellation] detected timeout cancellation
[ 1.019623] [00000d98] libusbx: debug [disarm_timerfd] 
[ 1.019640] [00000d98] libusbx: debug [usbi_handle_transfer_completion] transfer 0x840d9c4 has callback 0xb77844c0
[ 1.019658] [00000d98] libusbx: debug [sync_transfer_cb] actual_length=0
WARNING: Control transfer #2 failed. Result: -7
[ 1.019733] [00000d98] libusbx: debug [add_to_flying_list] arm timerfd for timeout in 1000ms (first in line)
[ 1.019784] [00000d98] libusbx: debug [libusb_handle_events_timeout_completed] doing our own event handling
[ 1.019807] [00000d98] libusbx: debug [handle_events] poll() 4 fds with timeout in 60000ms
[ 2.019782] [00000d98] libusbx: debug [handle_events] poll() returned 1
[ 2.019836] [00000d98] libusbx: debug [handle_events] timerfd triggered
[ 2.019858] [00000d98] libusbx: debug [libusb_cancel_transfer] 
[ 2.020207] [00000d98] libusbx: debug [disarm_timerfd] 
[ 2.020242] [00000d98] libusbx: debug [libusb_handle_events_timeout_completed] doing our own event handling
[ 2.020282] [00000d98] libusbx: debug [handle_events] poll() 4 fds with timeout in 60000ms
[ 2.020308] [00000d98] libusbx: debug [handle_events] poll() returned 1
[ 2.020330] [00000d98] libusbx: debug [reap_for_handle] urb type=2 status=-2 transferred=0
[ 2.020349] [00000d98] libusbx: debug [handle_control_completion] handling completion status -2
[ 2.020367] [00000d98] libusbx: debug [usbi_handle_transfer_cancellation] detected timeout cancellation
[ 2.020384] [00000d98] libusbx: debug [disarm_timerfd] 
[ 2.020402] [00000d98] libusbx: debug [usbi_handle_transfer_completion] transfer 0x840d9c4 has callback 0xb77844c0
[ 2.020420] [00000d98] libusbx: debug [sync_transfer_cb] actual_length=0
WARNING: Control transfer #3 failed. Result: -7
[ 2.020467] [00000d98] libusbx: debug [add_to_flying_list] arm timerfd for timeout in 1000ms (first in line)
[ 2.020516] [00000d98] libusbx: debug [libusb_handle_events_timeout_completed] doing our own event handling
[ 2.020538] [00000d98] libusbx: debug [handle_events] poll() 4 fds with timeout in 60000ms
[ 3.020519] [00000d98] libusbx: debug [handle_events] poll() returned 1
[ 3.020579] [00000d98] libusbx: debug [handle_events] timerfd triggered
[ 3.020600] [00000d98] libusbx: debug [libusb_cancel_transfer] 
[ 3.020995] [00000d98] libusbx: debug [disarm_timerfd] 
[ 3.021031] [00000d98] libusbx: debug [libusb_handle_events_timeout_completed] doing our own event handling
[ 3.021052] [00000d98] libusbx: debug [handle_events] poll() 4 fds with timeout in 60000ms
[ 3.021077] [00000d98] libusbx: debug [handle_events] poll() returned 1
[ 3.021101] [00000d98] libusbx: debug [reap_for_handle] urb type=2 status=-2 transferred=0
[ 3.021120] [00000d98] libusbx: debug [handle_control_completion] handling completion status -2
[ 3.021138] [00000d98] libusbx: debug [usbi_handle_transfer_cancellation] detected timeout cancellation
[ 3.021155] [00000d98] libusbx: debug [disarm_timerfd] 
[ 3.021172] [00000d98] libusbx: debug [usbi_handle_transfer_completion] transfer 0x840d9c4 has callback 0xb77844c0
[ 3.021190] [00000d98] libusbx: debug [sync_transfer_cb] actual_length=0
WARNING: Control transfer #4 failed. Result: -7
[ 3.021237] [00000d98] libusbx: debug [add_to_flying_list] arm timerfd for timeout in 1000ms (first in line)
[ 3.021288] [00000d98] libusbx: debug [libusb_handle_events_timeout_completed] doing our own event handling
[ 3.021309] [00000d98] libusbx: debug [handle_events] poll() 4 fds with timeout in 60000ms
[ 4.021286] [00000d98] libusbx: debug [handle_events] poll() returned 1
[ 4.021338] [00000d98] libusbx: debug [handle_events] timerfd triggered
[ 4.021360] [00000d98] libusbx: debug [libusb_cancel_transfer] 
[ 4.022256] [00000d98] libusbx: debug [disarm_timerfd] 
[ 4.022295] [00000d98] libusbx: debug [libusb_handle_events_timeout_completed] doing our own event handling
[ 4.022317] [00000d98] libusbx: debug [handle_events] poll() 4 fds with timeout in 60000ms
[ 4.022342] [00000d98] libusbx: debug [handle_events] poll() returned 1
[ 4.022366] [00000d98] libusbx: debug [reap_for_handle] urb type=2 status=-2 transferred=0
[ 4.022385] [00000d98] libusbx: debug [handle_control_completion] handling completion status -2
[ 4.022403] [00000d98] libusbx: debug [usbi_handle_transfer_cancellation] detected timeout cancellation
[ 4.022420] [00000d98] libusbx: debug [disarm_timerfd] 
[ 4.022809] [00000d98] libusbx: debug [usbi_handle_transfer_completion] transfer 0x840d9c4 has callback 0xb77844c0
[ 4.022863] [00000d98] libusbx: debug [sync_transfer_cb] actual_length=0
WARNING: Control transfer #5 failed. Result: -7
[ 4.022914] [00000d98] libusbx: debug [add_to_flying_list] arm timerfd for timeout in 1000ms (first in line)
[ 4.022965] [00000d98] libusbx: debug [libusb_handle_events_timeout_completed] doing our own event handling
[ 4.023392] [00000d98] libusbx: debug [handle_events] poll() 4 fds with timeout in 60000ms
[ 4.027026] [00000d98] libusbx: debug [handle_events] poll() returned 1
[ 4.027059] [00000d98] libusbx: debug [reap_for_handle] urb type=2 status=-71 transferred=0
[ 4.027102] [00000d98] libusbx: debug [handle_control_completion] handling completion status -71
[ 4.027120] [00000d98] libusbx: debug [handle_control_completion] low-level bus error occurred
[ 4.027137] [00000d98] libusbx: debug [disarm_timerfd] 
[ 4.027155] [00000d98] libusbx: debug [usbi_handle_transfer_completion] transfer 0x840d9c4 has callback 0xb77844c0
[ 4.027173] [00000d98] libusbx: debug [sync_transfer_cb] actual_length=0
WARNING: Control transfer #6 failed. Result: -1
[ 4.027242] [00000d98] libusbx: debug [add_to_flying_list] arm timerfd for timeout in 1000ms (first in line)
[ 4.027266] [00000d98] libusbx: debug [submit_bulk_transfer] need 1 urbs for new transfer with length 4
[ 4.027310] [00000d98] libusbx: debug [libusb_handle_events_timeout_completed] doing our own event handling
[ 4.027331] [00000d98] libusbx: debug [handle_events] poll() 4 fds with timeout in 60000ms
[ 5.027294] [00000d98] libusbx: debug [handle_events] poll() returned 1
[ 5.027350] [00000d98] libusbx: debug [handle_events] timerfd triggered
[ 5.027371] [00000d98] libusbx: debug [libusb_cancel_transfer] 
[ 5.027722] [00000d98] libusbx: debug [disarm_timerfd] 
[ 5.027757] [00000d98] libusbx: debug [libusb_handle_events_timeout_completed] doing our own event handling
[ 5.027778] [00000d98] libusbx: debug [handle_events] poll() 4 fds with timeout in 60000ms
[ 5.027803] [00000d98] libusbx: debug [handle_events] poll() returned 1
[ 5.027826] [00000d98] libusbx: debug [reap_for_handle] urb type=3 status=-2 transferred=0
[ 5.027845] [00000d98] libusbx: debug [handle_bulk_completion] handling completion status -2 of bulk urb 1/1
[ 5.027863] [00000d98] libusbx: debug [handle_bulk_completion] abnormal reap: urb status -2
[ 5.027880] [00000d98] libusbx: debug [handle_bulk_completion] abnormal reap: last URB handled, reporting
[ 5.027897] [00000d98] libusbx: debug [usbi_handle_transfer_cancellation] detected timeout cancellation
[ 5.027914] [00000d98] libusbx: debug [disarm_timerfd] 
[ 5.027931] [00000d98] libusbx: debug [usbi_handle_transfer_completion] transfer 0x840d9c4 has callback 0xb77844c0
[ 5.027950] [00000d98] libusbx: debug [sync_transfer_cb] actual_length=0
ERROR: Failed to send data: "ODIN"
Releasing device interface...
[ 5.028005] [00000d98] libusbx: debug [libusb_release_interface] interface 1
Re-attaching kernel driver...
[ 5.028063] [00000d98] libusbx: debug [libusb_attach_kernel_driver] interface 1

[ 5.028102] [00000d98] libusbx: debug [libusb_close] 
[ 5.028134] [00000d98] libusbx: debug [usbi_remove_pollfd] remove fd 11
[ 5.028168] [00000d98] libusbx: debug [libusb_exit] 
[ 5.028184] [00000d98] libusbx: debug [libusb_exit] destroying default context

Hereafter is the dump of such a failing usb session. It has been taken with usbmon.

[https://gist.github.com/stac47/6872173#file-usbmon_log_heimdall]

Need to study this now. Regards,

Lauent

[stac47]

Hello,

I continued the investigations on this topic. Now we have a dump of what happens on USB bus. But we need a working case to compare. I finally managed to access a Windows computer and I installed Kies and tried to flash my phone as shown in Benjamin's wonderfull video. Unfortunatly it failed : it seems to also come from a timeout error.

Desperately, I tried ODIN and in this case I flashed manage to flash the phone and I take a dump of the connection. If someone needs it, don't hesitate to let me know.

The difference with the logs I got on Linux is that the sequence before sending the bulk data "ODIN", a modem like command is sent "ATQ0E0V1\n" (41 54 51 30 45 30 56 31 0D). The response is "OKAY" (4F 4B 41 59).

I will try this. Stac

[anpaza]

From here: http://forum.xda-developers.com/showthread.php?t=2442262

{ Getting an error?

If you receive this error message: Initialising connection… Detecting device… Claiming interface… ERROR: Claiming interface failed!

it’s because you have used the Samsung Kies software, which you should uninstall at once, but as it adds some kernel extensions, run this as well:

A. Launch Terminal B. Get Root and run these:

sudo sh kextunload -b com.devguru.driver.SamsungComposite kextunload -b com.devguru.driver.SamsungACMData kextunload -b com.devguru.driver.SamsungACMControl

C. Try again! }

[elad661]

These commands are for mac only, they won't work on linux

[aapo]

Hi stac47 did you managed with GT-I9500?

I'm trying with the same device and I'm encountering similar error messages. I tested what you described and got at least PIT downloaded.

I'm working with git head (69c3aafd81e2804216361ac13eea4b157594ce24) First I need this hack to even start using interface:

--- a/heimdall/source/BridgeManager.cpp
+++ b/heimdall/source/BridgeManager.cpp
@@ -231,7 +231,9 @@ bool BridgeManager::ClaimDeviceInterface(void)
 {
        Interface::Print("Claiming interface...\n");

-       int result = libusb_claim_interface(deviceHandle, interfaceIndex);
+//     int result = libusb_claim_interface(deviceHandle, interfaceIndex);
+ int result = libusb_detach_kernel_driver(deviceHandle, interfaceIndex);
+ result = libusb_claim_interface(deviceHandle, interfaceIndex);

 #ifdef OS_LINUX

Then: Before sending "ODIN": send "ATQ0E0V1\n" and wait "OKAY". After that send "ODIN" and wait "LOKE".

Protocol initialisation successful.
Beginning session...
Some devices may take up to 2 minutes to respond.
Please be patient!
Session begun.
Downloading device's PIT file...
ERROR: libusb error -7 whilst receiving bulk transfer.
 Retrying...
PIT file download successful.
Ending session...
Releasing device interface...

After that I need reboot the phone to get connection working again.

This is command what I used:

sudo ./heimdall download-pit --output  GT-I9500.pit --verbose --no-reboot --stdout-errors

[filmaj]

That certainly worked for me! My error handling is a bit off here but here's my diff:

diff --git a/heimdall/source/BridgeManager.cpp b/heimdall/source/BridgeManager.cpp
index b7bff3d..66eea1d 100644
--- a/heimdall/source/BridgeManager.cpp
+++ b/heimdall/source/BridgeManager.cpp
@@ -231,7 +231,9 @@ bool BridgeManager::ClaimDeviceInterface(void)
 {
    Interface::Print("Claiming interface...\n");

-   int result = libusb_claim_interface(deviceHandle, interfaceIndex);
+   //int result = libusb_claim_interface(deviceHandle, interfaceIndex);
+    int result = libusb_detach_kernel_driver(deviceHandle, interfaceIndex);
+    result = libusb_claim_interface(deviceHandle, interfaceIndex);

 #ifdef OS_LINUX

@@ -298,6 +300,41 @@ bool BridgeManager::InitialiseProtocol(void)
    Interface::Print("Initialising protocol...\n");

    unsigned char dataBuffer[7];
+    unsigned char crazyShit[9];
+
+    // Send some crazy weird shit
+    memcpy(crazyShit, "ATQ0E0V1\n", 9);
+   if (!SendBulkTransfer(crazyShit, 9, 1000))
+   {
+       Interface::PrintError("Failed to send crazy shit!");
+   }
+   // Expect "OKAY"
+   memset(crazyShit, 0, 9);
+
+   int dataTransferred = 0;
+
+   int result = libusb_bulk_transfer(deviceHandle, inEndpoint, crazyShit, 7, &dataTransferred, 1000);
+
+   if (result != LIBUSB_SUCCESS)
+   {
+       if (verbose)
+           Interface::PrintError("Failed to receive crazy shit response. Result: %d\n", result);
+   }
+   else
+   {
+       if (dataTransferred == 4 && memcmp(dataBuffer, "OKAY", 4) == 0)
+       {
+           // Successfully received "OKAY"
+           Interface::Print("Crazy shit OKAY response received! I cant believe it TBH.\n\n");
+       }
+       else
+       {
+           if (verbose)
+               Interface::PrintError("Expected: \"OKAY\"\nReceived: \"%s\"\n", crazyShit);
+
+           Interface::PrintError("Unexpected crazy shit response!\n");
+       }
+   }

    // Send "ODIN"
    memcpy(dataBuffer, "ODIN", 4);
@@ -311,7 +348,7 @@ bool BridgeManager::InitialiseProtocol(void)
    // Expect "LOKE"
    memset(dataBuffer, 0, 7);

-   int dataTransferred = 0;
+   dataTransferred = 0;

    int result = libusb_bulk_transfer(deviceHandle, inEndpoint, dataBuffer, 7, &dataTransferred, 1000);

I get some of my error handling messages to come up so some of that is clearly off, but in general, the AT command seems to work as expected - thanks @aapo!

Here's the top of the output from a flash command:

~/src/Heimdall/bin/heimdall flash --verbose --no-reboot --RECOVERY recovery.img --BOOT boot.img --SYSTEM system.img --CACHE cache.img --HIDDEN hidden.img --RADIO modem.bin --BOOTLOADER sboot.bin
Heimdall v1.4.1

Copyright (c) 2010-2014 Benjamin Dobell, Glass Echidna
http://www.glassechidna.com.au/

This software is provided free of charge. Copying and redistribution is
encouraged.

If you appreciate this software and you would like to support future
development please consider donating:
http://www.glassechidna.com.au/donate/

Initialising connection...
Detecting device...
      Manufacturer: "SAMSUNG"
           Product: "Gadget Serial"

            length: 18
      device class: 2
               S/N: 0
           VID:PID: 04E8:685D
         bcdDevice: 021B
   iMan:iProd:iSer: 1:2:0
          nb confs: 1

interface[0].altsetting[0]: num endpoints = 1
   Class.SubClass.Protocol: 02.02.01
       endpoint[0].address: 83
           max packet size: 0010
          polling interval: 09

interface[1].altsetting[0]: num endpoints = 2
   Class.SubClass.Protocol: 0A.00.00
       endpoint[0].address: 81
           max packet size: 0200
          polling interval: 00
       endpoint[1].address: 02
           max packet size: 0200
          polling interval: 00
Claiming interface...
Setting up interface...

Initialising protocol...
ERROR: Expected: "OKAY"
Received: "OKAY"
ERROR: Unexpected crazy shit response!
Protocol initialisation successful.

Beginning session...

Some devices may take up to 2 minutes to respond.
Please be patient!

Session begun.

Downloading device's PIT file...
WARNING: Empty bulk transfer after receiving packet failed. Continuing anyway...
PIT file download successful.

Uploading RECOVERY
0%
13%
....

This was on a GT-I9500, flashing the I9500XXUFNE7_I9500MBCFNE1_MBC firmware off of sammobile.