Error: Expected response 8 on cmd 1, got 0x10!

[GoogleCodeExporter]

Hi,
I have a royal pf141 model photoframe[1] which is also a sitronix product. 
This is my initial try with the device...

<<<shell session starts here>>>>>

root@shyam:/home/shyam/plans# dmesg | tail
[  174.226215] usb-storage: device scan complete
[  174.229126] scsi 2:0:0:0: Direct-Access     SITRONIX MULTIMEDIA      
0.09 PQ: 0 ANSI: 0 CCS
[  174.230084] sd 2:0:0:0: Attached scsi generic sg2 type 0
[  174.247091] sd 2:0:0:0: [sdb] 4096 512-byte hardware sectors: (2.09
MB/2.00 MiB)
[  174.251084] sd 2:0:0:0: [sdb] Write Protect is off
[  174.251094] sd 2:0:0:0: [sdb] Mode Sense: 0b 00 00 08
[  174.251101] sd 2:0:0:0: [sdb] Assuming drive cache: write through
[  174.264085] sd 2:0:0:0: [sdb] Assuming drive cache: write through
[  174.264097]  sdb: unknown partition table
[  174.302203] sd 2:0:0:0: [sdb] Attached SCSI removable disk
root@shyam:/home/shyam/plans# lsscsi
[0:0:0:0]    disk    ATA      TOSHIBA MK1234GS AH00  /dev/sda
[1:0:0:0]    cd/dvd  MATSHITA DVD-RAM UJ-850S  1.61  /dev/scd0
[2:0:0:0]    disk    SITRONIX MULTIMEDIA       0.09  /dev/sdb
root@shyam:/home/shyam/plans# lsusb
Bus 004 Device 001: ID 1d6b:0001  
Bus 003 Device 001: ID 1d6b:0001  
Bus 005 Device 002: ID 5986:0100 Bison Acer OrbiCam
Bus 005 Device 001: ID 1d6b:0002  
Bus 002 Device 001: ID 1d6b:0001  
Bus 001 Device 002: ID 1403:0001  
Bus 001 Device 001: ID 1d6b:0001  
root@shyam:/home/shyam/st2205tool/svn/sitronix-dpf/trunk/st2205tool# fdisk
-l /dev/sdb

Disk /dev/sdb: 2 MB, 2097152 bytes
1 heads, 4 sectors/track, 1024 cylinders
Units = cylinders of 4 * 512 = 2048 bytes
Disk identifier: 0x03a8ad60

Disk /dev/sdb doesn't contain a valid partition table
root@shyam:/home/shyam/st2205tool/svn/sitronix-dpf/trunk/st2205tool#
./hackfw.sh /dev/sdb 
Interactive script to hack the firmware of your keychain photo
player.
Expected response 8 on cmd 1, got 0x10!
Sorry, there doesn't seem to be a device using the ST2205U chipset
at /dev/sdb.
root@shyam:/home/shyam/st2205tool/svn/sitronix-dpf/trunk/st2205tool#
./phack -df firmware-dump /dev/sdb
Expected response 8 on cmd 1, got 0x10!

<<<<shell session ends here>>>>>>

I tried a crooked way out of the  by changing the response 8 on the phack
source to 16 which i am getting;-)
I could get the firmware dump and could get short messages displayed on the
device as this..

<<<<shell session starts here>>>>>>>>>
root@shyam:/home/shyam/st2205tool/svn/sitronix-dpf/trunk/st2205tool#
./phack -m "Yay" /dev/sdb
Expected response 8 on cmd 1, got 0x10!
root@shyam:/home/shyam/st2205tool/svn/sitronix-dpf/trunk/st2205tool# make
cc    -c -o main.o main.c
gcc -o phack main.o  -g
root@shyam:/home/shyam/st2205tool/svn/sitronix-dpf/trunk/st2205tool#
./phack -m "Yay" /dev/sdb
Message written.
root@shyam:/home/shyam/st2205tool/svn/sitronix-dpf/trunk/st2205tool#
./phack -m "abcdefghijklmnopqrstuvwxyz" /dev/sdb
Message written.

<<<<shell session ends here>>>

The last message displayed "abcdefghi" on the device... that is the message
is stripped after first 9 characters.
Then i tried  hackfw.sh with the changed phack and i got as below.

<<<shell session starts here>>>>
root@shyam:/home/shyam/st2205tool/svn/sitronix-dpf/trunk/st2205tool#
./hackfw.sh /dev/sdb
Interactive script to hack the firmware of your keychain photo
player.
Message written.

Ok, first off all, we're going to backup the firmware and memory of your
device to fwimage.bak and memimage.bak. Please save fwimage.bak, you
need it to flash a newer version into your unit.
Found existing fwimage.bak, moving to fwimage.bak.old
..
..............................................................
Making a working copy...
Looking for a known device profile...
hack/m_coby_dir ...
...nope.
hack/m_ebuyer ...
...nope.
hack/m_hknameless ...
...nope.
hack/m_keypix ...
...nope.
hack/m_nextg ...
...nope.
hack/m_royal_pf141 ...
...nope.
hack/m_sitronix ...
...nope.
Sorry, I couldn't find a matching device profile. If you want to give 
creating it yourself a shot, please read ./hack/newhack.txt for more
info.
(Btw: this can also mean your device already has a hacked firmware. If
you want to upgrade your device using this script, please flash back
the fwimage.bak the previous version saved first.)
root@shyam:/home/shyam/st2205tool/svn/sitronix-dpf/trunk/st2205tool# 

<<<<<shell session ends here>>>>>>>>>

The firmware i got by running modified phack is attached (at
attachment/modified-phack-firmware-dump/* ). But that don't seem to be a
good dump as i have already tampered the phack tool. disassembling those
dumps didn't show me anything useful as said in the newhack.txt :(

I also tried "cat /dev/sdb > device-dump" to get the firmware as phack
didn't work at first time. Those dumps seemed more useful and i could also
make a profile refering newhack.txt from these dumps though it too didn't
work. the profile i made and the second dump is also attached at
attachment/device-firmware-dump/.

Hope this helps..
Hope i could get my lcd display work soon:)

Shyam K

[1] http://www.amazon.com/Royal-39103T-PF141-Digital-Travel/dp/B000FOOHX2 

Original issue reported on code.google.com by AEshya...@gmail.com on 19 Oct 2009 at 6:35

Attachments:

• attachment.tar.gz

[GoogleCodeExporter]

Also added at sitronix-dpf sourceforge project page 
http://sourceforge.net/tracker/?func=detail&aid=2881561&group_id=215209&atid=103
2753

Original comment by AEshya...@gmail.com on 19 Oct 2009 at 6:37

[GoogleCodeExporter]

I'm having a very similar problem, see my post

Original comment by rockofc...@gmail.com on 27 Apr 2010 at 10:53

[GoogleCodeExporter]

hint: this reply report the available memory!

Original comment by michudr...@gmail.com on 9 Jul 2010 at 10:22