search

ilyakurdyukov / fpdoom

Doom for feature phones
The Unlicense
48 stars 5 forks source link

Energizer Energy E12 `!!! keymap not found` #6

Closed medanisjbara closed 1 year ago

medanisjbara commented 1 year ago

I was able to watch as mentioned in the readme. But no keys worked.

A firmware dump can be found here

Request: Is there a chance you can provide a small guide on how to extract the keymap for those who are interested in learning how this is done ?

medanisjbara commented 1 year ago

Something I noticed is in common in all of the keymaps in releases is that they all end with 8 sets of ffff (in hex). Is that a rule ?

ilyakurdyukov commented 1 year ago

Try unpacking the firmware using bzpwork or uniflash. And look in kern.bin for an array (40 16-bit values for SC6531E) containing the characters 0123456789#* and some others or 0xffff. That's a keymap.

I found it at offset 0x4bee8, the first value is the boot key. I added it to releases as keymap_energizer_e12.bin.

ilyakurdyukov commented 1 year ago

There is a filter to automatically find the keymap, but it only works if the layout is in the uncompressed part of the firmware (kern.bin is in the compressed part). Also, some firmwares contain malformed keymaps with duplicate or junk values, so this filter cannot find them in such cases.

ilyakurdyukov commented 1 year ago

Is the LCD detected on your phone? LCD: id = 0x in the log.

ilyakurdyukov commented 1 year ago

Something I noticed is in common in all of the keymaps in releases is that they all end with 8 sets of ffff (in hex). Is that a rule ?

This isn't a rule, but a common situation.

medanisjbara commented 1 year ago

Try unpacking the firmware using bzpwork or uniflash. And look in kern.bin for an array (40 16-bit values for SC6531E) containing the characters 0123456789#* and some others or 0xffff. That's a keymap.

I found it at offset 0x4bee8, the first value is the boot key. I added it to releases as keymap_energizer_e12.bin.

Thank you !!

Is the LCD detected on your phone? LCD: id = 0x in the log.

It is detected.

ilyakurdyukov commented 1 year ago

Is the LCD detected on your phone? LCD: id = 0x in the log.

It is detected.

Can you provide a number for the list in the readme?

The readme does not provide instructions on how to use a keymap file though. Adding that would definitively be helpful.

Hmm, yes, but I wrote this in Releases:

Keymap files for specific models (copy to workdir and add the --keymap <filename> option for libc_server):

ilyakurdyukov commented 1 year ago

I recommend that you use the following options:

--rotate 3 --scaler 3 --keymap keymap_energizer_e12.bin

Or 1 for --rotate if you prefer keys on the left.

medanisjbara commented 1 year ago

Can you provide a number for the list in the readme?

If you want the entire log. You can find it here

Hmm, yes, but I wrote this in Releases:

Yes, I'm sorry.

I recommend that you use the following options:

--rotate 3 --scaler 3 --keymap keymap_energizer_e12.bin

Or 1 for --rotate if you prefer keys on the left.

The defaults (mentioned in the readme) worked perfectly fine. But I will try those in a sec.

medanisjbara commented 1 year ago

Also, Thank you!

ilyakurdyukov commented 1 year ago
  • Chip: SC6531DA

This is SC6531E, I can see it from the firmware. Offset 0x20 is "2656", which is a flip of 6562, this is the real chip number, so SC6531E is not actually 6531, but 6562.

medanisjbara commented 1 year ago

Well, somehow. The boot key only works when the battery is not plugged in. And it does not work without a battery. I had to follow your instructions in this related issue.

Welp, I guess some variations of the same chip can make a difference.

ilyakurdyukov commented 1 year ago

Then this is the first case of the SC6531E that won't boot without a battery.

medanisjbara commented 1 year ago

I found it at offset 0x4bee8, the first value is the boot key. I added it to releases as keymap_energizer_e12.bin.

Can I ask you about that 0A at the end ? it did not appear in the kern.bin. I'm assuming that it does not matter what you put at the end. But I'm asking to make sure.

ilyakurdyukov commented 1 year ago

I found it at offset 0x4bee8, the first value is the boot key. I added it to releases as keymap_energizer_e12.bin.

Can I ask you about that 0A at the end ? it did not appear in the kern.bin. I'm assuming that it does not matter what you put at the end. But I'm asking to make sure.

Which 0A ?

$ hd keymap_energizer_e12.bin 
00000000  31 00 32 00 33 00 05 00  ff ff 34 00 35 00 36 00  |1.2.3.....4.5.6.|
00000010  01 00 08 00 37 00 38 00  39 00 0d 00 09 00 2a 00  |....7.8.9.....*.|
00000020  30 00 23 00 2b 00 ff ff  06 00 07 00 04 00 28 00  |0.#.+.........(.|
00000030  27 00 ff ff ff ff ff ff  ff ff ff ff ff ff ff ff  |'...............|
00000040  ff ff ff ff ff ff 29 00  ff ff ff ff ff ff ff ff  |......).........|
00000050

Github states that the size is:

80 Bytes

So the problem could be that your browser thinks it's a text file and added a newline at the end.

medanisjbara commented 1 year ago

Yeah, My bad. I used xxd inside vim to inspect the file. Forgot that vim adds a newline to files being edited by default.