mvanotti
commented
6 years ago The logs are from @tuxuser fork, but with the code from this repo I have the same issues
Open mvanotti opened 6 years ago
mvanotti
commented
6 years ago The logs are from @tuxuser fork, but with the code from this repo I have the same issues
mvanotti
commented
6 years ago Here is the output of DMESG after running the TRIM command
<6>[ 1057.448707 / 01-01 21:25:39.649][0] FG: update_sram_data: soc:[100], soc_raw[9950], voltage:[4374821], ocv:[4362157], current:[1525], batt_temp:[270], charge_raw [3170204 / 3148000]
<12>[ 1058.538431 / 01-01 21:25:40.749][1] [LAF] read property item = TMO
<12>[ 1058.903452 / 01-01 21:25:41.109][1] [LAF] read property item = TMO
<12>[ 1058.907278 / 01-01 21:25:41.109][1] [LAF] default access list.
<12>[ 1058.907346 / 01-01 21:25:41.109][1] [LAF] use write protection for /dev/block/mmcblk0
<12>[ 1058.907433 / 01-01 21:25:41.109][1] [LAF] success to open the flash driver, dev = /dev/block/mmcblk0, fd = 39
<12>[ 1059.048035 / 01-01 21:25:41.249][1] [LAF] can not access wp area 117440512 - 125829119(117440512 - 117964287)
<12>[ 1059.048119 / 01-01 21:25:41.249][1] [LAF] laf_message.command = 0x45535245(ERSE)
<12>[ 1059.048184 / 01-01 21:25:41.249][1] [LAF] laf_message.arg0 = 0x27
<12>[ 1059.048246 / 01-01 21:25:41.249][1] [LAF] laf_message.arg1 = 0x38000
<12>[ 1059.048307 / 01-01 21:25:41.249][1] [LAF] laf_message.arg_opt0 = 0x3ff
<12>[ 1059.048368 / 01-01 21:25:41.249][1] [LAF] laf_message.arg_opt1 = 0x0
<12>[ 1059.048429 / 01-01 21:25:41.249][1] [LAF] laf_message.data_length = 0x0
<12>[ 1059.048489 / 01-01 21:25:41.249][1] [LAF] laf_message.data_check = 0xed40
<12>[ 1059.048549 / 01-01 21:25:41.249][1] [LAF] laf_message.magic = 0xbaacadba
<12>[ 1059.048618 / 01-01 21:25:41.249][1] [LAF] hex dump start address = 0xacf0000c count = 512
<12>[ 1059.048723 / 01-01 21:25:41.249][1] [LAF] [00000:0xacf0000c] [ 45 52 53 45 27 00 00 00 00 80 03 00 ff 03 00 00 ] ERSE'...........
<12>[ 1059.048825 / 01-01 21:25:41.249][1] [LAF] [00010:0xacf0001c] [ 00 00 00 00 00 00 00 00 40 ed 00 00 ba ad ac ba ] ........@.......
<12>[ 1059.048926 / 01-01 21:25:41.249][1] [LAF] [00020:0xacf0002c] [ 00 b7 a3 7e c0 1a 41 65 83 38 d9 3c 5f 14 52 ec ] ...~..Ae.8.<_.R.
<12>[ 1059.049026 / 01-01 21:25:41.249][1] [LAF] [00030:0xacf0003c] [ e0 55 f1 f3 39 23 d8 fc 34 0c 6d d9 e6 a0 21 8a ] .U..9#..4.m...!.
<12>[ 1059.049126 / 01-01 21:25:41.249][1] [LAF] [00040:0xacf0004c] [ 19 90 18 73 00 00 00 4d 0a 4b 08 f9 4e 10 20 1a ] ...s...M.K..N. .
<12>[ 1059.049226 / 01-01 21:25:41.249][1] [LAF] [00050:0xacf0005c] [ 19 90 18 73 00 00 00 4d 0a 4b 08 f9 4e 10 20 1a ] ...s...M.K..N. .
<12>[ 1059.049326 / 01-01 21:25:41.249][1] [LAF] [00060:0xacf0006c] [ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ] ................
<12>[ 1059.049425 / 01-01 21:25:41.249][1] [LAF] [00070:0xacf0007c] [ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ] ................
<12>[ 1059.049525 / 01-01 21:25:41.249][1] [LAF] [00080:0xacf0008c] [ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ] ................
<12>[ 1059.049626 / 01-01 21:25:41.249][1] [LAF] [00090:0xacf0009c] [ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ] ................
<12>[ 1059.049729 / 01-01 21:25:41.249][1] [LAF] [000a0:0xacf000ac] [ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ] ................
<12>[ 1059.049831 / 01-01 21:25:41.249][1] [LAF] [000b0:0xacf000bc] [ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ] ................
<12>[ 1059.049933 / 01-01 21:25:41.249][1] [LAF] [000c0:0xacf000cc] [ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ] ................
<12>[ 1059.050035 / 01-01 21:25:41.249][1] [LAF] [000d0:0xacf000dc] [ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ] ................
<12>[ 1059.050170 / 01-01 21:25:41.259][1] [LAF] [000e0:0xacf000ec] [ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ] ................
<12>[ 1059.050272 / 01-01 21:25:41.259][1] [LAF] [000f0:0xacf000fc] [ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ] ................
<12>[ 1059.050375 / 01-01 21:25:41.259][1] [LAF] [00100:0xacf0010c] [ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ] ................
<12>[ 1059.050477 / 01-01 21:25:41.259][1] [LAF] [00110:0xacf0011c] [ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ] ................
<12>[ 1059.050579 / 01-01 21:25:41.259][1] [LAF] [00120:0xacf0012c] [ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ] ................
<12>[ 1059.050681 / 01-01 21:25:41.259][1] [LAF] [00130:0xacf0013c] [ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ] ................
<12>[ 1059.050783 / 01-01 21:25:41.259][1] [LAF] [00140:0xacf0014c] [ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ] ................
<12>[ 1059.050885 / 01-01 21:25:41.259][1] [LAF] [00150:0xacf0015c] [ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ] ................
<12>[ 1059.050987 / 01-01 21:25:41.259][1] [LAF] [00160:0xacf0016c] [ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ] ................
<12>[ 1059.051090 / 01-01 21:25:41.259][1] [LAF] [00170:0xacf0017c] [ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ] ................
<12>[ 1059.051192 / 01-01 21:25:41.259][1] [LAF] [00180:0xacf0018c] [ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ] ................
<12>[ 1059.051295 / 01-01 21:25:41.259][1] [LAF] [00190:0xacf0019c] [ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ] ................
<12>[ 1059.051396 / 01-01 21:25:41.259][1] [LAF] [001a0:0xacf001ac] [ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ] ................
<12>[ 1059.051499 / 01-01 21:25:41.259][1] [LAF] [001b0:0xacf001bc] [ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ] ................
<12>[ 1059.051601 / 01-01 21:25:41.259][1] [LAF] [001c0:0xacf001cc] [ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ] ................
<12>[ 1059.051703 / 01-01 21:25:41.259][1] [LAF] [001d0:0xacf001dc] [ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ] ................
<12>[ 1059.051804 / 01-01 21:25:41.259][1] [LAF] [001e0:0xacf001ec] [ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ] ................
<12>[ 1059.051906 / 01-01 21:25:41.259][1] [LAF] [001f0:0xacf001fc] [ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ] ................
<12>[ 1059.052944 / 01-01 21:25:41.259][1] [LAF] read property item = TMO
<12>[ 1059.104474 / 01-01 21:25:41.309][0] [LAF] success to close handle to flash driver, fd = 39
<5>[ 1062.300146 / 01-01 21:25:44.509][6] pet_watchdog
<12>[ 1063.993277 / 01-01 21:25:46.199][5] [LAF] read property item = TMO
<12>[ 1065.399008 / 01-01 21:25:47.609][1] [LAF] read property item = TMO
runningnak3d
commented
6 years ago You should have posted the issue on his fork :)
You need to specify --cr 2 so:
partitions.py --cr 2 --ufs --wipe persistent
But that isn't going to work unless you have patched gpt.py to deal with 4096 byte sector size.
Again, this doesn't belong here. If you open an issue on his fork, I will be glad to help you.
Also, you need to edit partitions.py and and /dev/block/sdX to the body of the OPEN where the X is the block device that your persistent partition is on.
-- Brian
mvanotti
commented
6 years ago Hi!
I meant that the traces that I pasted (command output & dmesg) were after running code from that fork. But the same issue happened with the code from this repo. I think this is the main repo, so I reported the issue here, hoping more people would see it.
Sadly I will not have access to the phone for the long weekend, will try the command next Wednesday.
When there was an issue with the challenge-response, the phone would return an ACCESS_DENIED error, here the error code is unknown. Could it be possible that that partition is write-protected somehow? Do you think the --cr flag would help in this case? (I am able to dump the partition, not restore it nor enhace it).
The persistent partition is somewhere in /dev/block/mmcblk0 (it doesn't correspond to any of the other block devices). I have also tried issuing an OPEN command and trying a WRTE but it fails with the same UNKOWN error.
I did not get the bit about patching the partition tool. The partition seems to be correct: I've verified that it contains the correct data after doing a dump and also reading from /dev/block/mmcblk0 in that offset. The tool seems to be handling that part well, and the offsets seemed correct.
runningnak3d
commented
6 years ago From your log:
[LAF] can not access wp area 117440512 - 125829119(117440512 - 117964287)
Yes, the --cr flag should help you. Also, you don't need the --ufs flag because you don't have a UFS NAND.
mvanotti
commented
6 years ago @runningnak3d I see. I will try that then.
RE: UFS, the same issue happens without the flag, but thanks. I didn't know what the difference between eMMC and UFS was: https://news.samsung.com/global/emmc-to-ufs-how-nand-memory-for-mobile-products-is-evolving
It's still unclear why they would be different (other than using a command queue in the UFS operations to make it faster).
runningnak3d
commented
6 years ago eMMC is exposed as just one block device /dev/block/mmcblk0 with a bunch of partitions /dev/block/mmcblk0p1 to p28 (usually)
UFS is exposed as 8 block devices /dev/block/sda to sdh along with a bunch of partitions.
With eMMC you only have to issue an OPEN with no body, and it opens mmcblk0. With UFS you have to specify the block device that you want to work with in the body of the OPEN.
mvanotti
commented
6 years ago Hi @runningnak3d , thanks for your answer.
I tried running the command with the --cr 2 flag, but it didn't work (partitions.py does not support said flag).:
$ git show
commit cef3647a870cb96200dd908b14b9807554c6c8a8 (HEAD, upstream/master)
Merge: b9ade65 6def07a
Author: Peter Wu <peter@lekensteyn.nl>
Date: Wed Jan 10 21:10:14 2018 +0100
Merge pull request #40 from steadfasterX/hotfix/partsize
fix wrong part_size calculation (1 sector missing)
$ python3 ./partitions.py -cr --wipe persistent
usage: partitions.py [-h] [--debug] [--list] [--dump LOCAL_PATH]
[--restore LOCAL_PATH] [--wipe] [--skip-hello]
[partition]
partitions.py: error: unrecognized arguments: -crI did test this in the original repo. Without running the challenge_response, I get ACCESS_DENIED on OPEN:
$ python3 ./partitions.py --wipe persistent
Traceback (most recent call last):
File "./partitions.py", line 274, in <module>
main()
File "./partitions.py", line 247, in main
with laf_open_disk(comm) as disk_fd:
File "/usr/lib/python3.4/contextlib.py", line 59, in __enter__
return next(self.gen)
File "./partitions.py", line 59, in laf_open_disk
open_header = comm.call(open_cmd)[0]
File "/home/mvanotti/frp/lglaf/lglaf.py", line 249, in call
raise RuntimeError('Command failed with error code %#x (%s)' % (errCode, msg))
RuntimeError: Command failed with error code 0x8000010a (LAF_ERROR_ACCESS_DENIED)After issuing a challenge_response (mode 2) before the open, I get the same error as mentioned here (unknown on ERSE):
$ python3 ./partitions.py --wipe persistent
Traceback (most recent call last):
File "./partitions.py", line 277, in <module>
main()
File "./partitions.py", line 273, in main
wipe_partition(comm, disk_fd, part_offset, part_size)
File "./partitions.py", line 212, in wipe_partition
laf_erase(comm, disk_fd, sector_start, sector_count)
File "./partitions.py", line 83, in laf_erase
header, response = comm.call(erase_cmd)
File "/home/mvanotti/frp/lglaf/lglaf.py", line 249, in call
raise RuntimeError('Command failed with error code %#x (%s)' % (errCode, msg))
RuntimeError: Command failed with error code 0x80000118 (LAF_ERROR_<unknown>)My changes:
$ git diff
diff --git a/partitions.py b/partitions.py
index 190512f..4463731 100755
--- a/partitions.py
+++ b/partitions.py
@@ -55,12 +55,14 @@ def find_partition(diskinfo, query):
@contextmanager
def laf_open_disk(comm):
# Open whole disk in read/write mode
+ lglaf.challenge_response(comm, mode=2)
open_cmd = lglaf.make_request(b'OPEN', body=b'\0')
open_header = comm.call(open_cmd)[0]
fd_num = read_uint32(open_header, 4)
try:
yield fd_num
finally:
+ lglaf.challenge_response(comm, mode=4)
close_cmd = lglaf.make_request(b'CLSE', args=[fd_num])
comm.call(close_cmd)
@@ -75,6 +77,7 @@ def laf_read(comm, fd_num, offset, size):
def laf_erase(comm, fd_num, sector_start, sector_count):
"""TRIM some sectors."""
+ lglaf.challenge_response(comm, mode=2)
erase_cmd = lglaf.make_request(b'ERSE',
args=[fd_num, sector_start, sector_count])
header, response = comm.call(erase_cmd)Is there any way to fix this and write to that partition?
Thanks!
runningnak3d
commented
6 years ago You need to send IOCT fd_num,0x1261
-- Brian
Hi!
I have been trying to wipe the persistent partition in a LG MP450, but every time I do a WRTE or a TRIM command, I get the following:
I have tried issuing manual commands and nothing. Most of the other stuff works without issues (opening FDs, running some basic commands, etc).
Any ideas on what I can do?