Announcement

Collapse
No announcement yet.

Senseit P4 rev1 JTAG

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
  • #1

    Senseit P4 rev1 JTAG

    Hello.
    Just want to share my finding with community.
    RIFF are realy helpful tool. Thank you.

    P.S. According to senseit support, this phone have two revisions.
    Attached Files
    Tags: None
  • #2
    And dump.
    I cut EFS2APPS, but this must be enough for dll creation i think.
    Attached Files

    Comment

    • #3
      Hi,
      Could You please connect phone by using DCC loader ?

      1. Click "Analyze JTAG Chain"
      2. Click "Search for DLL"
      3. Select any DLL shown to be compatible
      4. Try reading dump (DCC -> Read Memory)
      5. Save file + complete log.
      ICQ: 299-912-089
      QQ: 1634811353

      Comment

      • #4
        Unlock Forum - RIFF Box support forum

        Comment

        • #5
          Hello.
          I have expired account, so I can not add new dll's. Unfortunately, do not have any dll with this cpu in list.
          Something wrong with dump readed that way?

          Code:
          [20.04.2018 17:51:40] [START OPERATION_ID = JTAG_ANALIZE]
[20.04.2018 17:51:40] Open serial port...OK
[20.04.2018 17:51:40] Connecting to the RIFF Box...OK
[20.04.2018 17:51:40] Firmware Version: 1.48 (RIFFBOX1), JTAG Manager Version: 1.74
[20.04.2018 17:51:40] Selected Custom Target: [CORTEX-A8, 2.60V, TAP0]
[20.04.2018 17:51:40] 
[20.04.2018 17:51:40] Connecting to the target...OK
[20.04.2018 17:51:40] Set I/O Voltage reads as 2.60V, TCK Frequency is RTCK
[20.04.2018 17:51:40] 
[20.04.2018 17:51:40] Following devices are found on the JTAG chain:
[20.04.2018 17:51:40]   Device on TAP #0: ID = 0x503C10E1, IR Length = 0x04 bits
[20.04.2018 17:51:40] Total IR length: 0x0004 bits
[20.04.2018 17:51:40] 
[20.04.2018 17:51:40] Analizing IDCODE(s) of the JTAG scan chain:
[20.04.2018 17:51:40] 1. 0x503C10E1: Qualcomm MSM7227, H/W Rev. #5
[20.04.2018 17:51:40] [FINISH OPERATION_ID = JTAG_ANALIZE]
[20.04.2018 17:51:35] [START OPERATION_ID = GET_DEVICE_ID]
[20.04.2018 17:51:35] Open serial port...OK
[20.04.2018 17:51:35] Connecting to the RIFF Box...OK
[20.04.2018 17:51:35] Firmware Version: 1.48 (RIFFBOX1), JTAG Manager Version: 1.74
[20.04.2018 17:51:35] Selected Custom Target: [CORTEX-A8, 2.60V, TAP0]
[20.04.2018 17:51:35] 
[20.04.2018 17:51:35] Connecting to the CORTEX-A8 target...OK
[20.04.2018 17:51:35] Set I/O Voltage reads as 2.59V, TCK Frequency is RTCK
[20.04.2018 17:51:35] 
[20.04.2018 17:51:35] Target ID on TAP0: 0x503C10E1 - Connected OK
[20.04.2018 17:51:35] [FINISH OPERATION_ID = GET_DEVICE_ID]
          Last edited by smos; 04-23-2018, 09:44 PM. Reason: add log

          Comment

          • #6
            Nothing wrong with dump, but we cannot create DLL without knowing which DCC loader to use.
            Please PM me Your Box S/N.
            ICQ: 299-912-089
            QQ: 1634811353

            Comment

            • #7
              Hello.

              here is logs:

              Code:
              [25.04.2018 10:52:03] [START OPERATION_ID = JTAG_ANALIZE]
[25.04.2018 10:52:03] Open serial port...OK
[25.04.2018 10:52:03] Connecting to the RIFF Box...OK
[25.04.2018 10:52:03] Firmware Version: 1.49 (RIFFBOX1), JTAG Manager Version: 1.77
[25.04.2018 10:52:03] Selected Resurrector: [LG GT540 V1.00]
[25.04.2018 10:52:03] 
[25.04.2018 10:52:03] Connecting to the target...OK
[25.04.2018 10:52:03] Set I/O Voltage reads as 2.60V, TCK Frequency is RTCK
[25.04.2018 10:52:03] 
[25.04.2018 10:52:03] Following devices are found on the JTAG chain:
[25.04.2018 10:52:03]   Device on TAP #0: ID = 0x503C10E1, IR Length = 0x04 bits
[25.04.2018 10:52:03] Total IR length: 0x0004 bits
[25.04.2018 10:52:03] 
[25.04.2018 10:52:03] Analizing IDCODE(s) of the JTAG scan chain:
[25.04.2018 10:52:03] 1. 0x503C10E1: Qualcomm MSM7227, H/W Rev. #5
[25.04.2018 10:52:03] [FINISH OPERATION_ID = JTAG_ANALIZE]

              Code:
              [25.04.2018 10:52:12] [START OPERATION_ID = DCC_READ_MEMORY]
[25.04.2018 10:52:12] 
[25.04.2018 10:52:12] Current Settings:
[25.04.2018 10:52:12] -----------------
[25.04.2018 10:52:12] Address: 			000000000000
[25.04.2018 10:52:12] Length: 			000020000000
[25.04.2018 10:52:12] Address Space: 		RAM
[25.04.2018 10:52:12] AutoFullFlash: 		UNCHECKED
[25.04.2018 10:52:12] Use End Address: 		UNCHECKED
[25.04.2018 10:52:12] ECC Module Enabled: 	UNCHECKED
[25.04.2018 10:52:12] Image File is Used: 	UNCHECKED
[25.04.2018 10:52:12] Use Address as Offset: 	UNCHECKED
[25.04.2018 10:52:12] Main (UNCHECKED): 
[25.04.2018 10:52:12] Redu (UNCHECKED): 
[25.04.2018 10:52:12] 
[25.04.2018 10:52:29] Open serial port...OK
[25.04.2018 10:52:29] Connecting to the RIFF Box...OK
[25.04.2018 10:52:29] Firmware Version: 1.49 (RIFFBOX1), JTAG Manager Version: 1.77
[25.04.2018 10:52:29] Selected Resurrector: [LG GT540 V1.00]
[25.04.2018 10:52:29] 
[25.04.2018 10:52:29] Connecting to the dead body...OK
[25.04.2018 10:52:29] Detected dead body ID: 0x503C10E1 - IGNORED!
[25.04.2018 10:52:29] Set I/O Voltage reads as 2.62V, TCK Frequency is RTCK
[25.04.2018 10:52:29] Adaptive Clocking RTCK Sampling is: [Sample at MAX]
[25.04.2018 10:52:29] Settings Code: 0x00000000000000000000000020000000
[25.04.2018 10:52:29] 
[25.04.2018 10:52:29] Resurrection sequence started.
[25.04.2018 10:52:29] Establish communication with the phone...OK
[25.04.2018 10:52:29] Initializing internal hardware configuration...OK
[25.04.2018 10:52:29] Uploading resurrector data into memory...OK
[25.04.2018 10:52:29] Starting communication with resurrector...OK
[25.04.2018 10:52:29] 
[25.04.2018 10:52:29] Detected an Initialized FLASH1 Chip, ID: 0x00AD/0x55BC (512MB)
[25.04.2018 10:52:29] 
[25.04.2018 10:52:29] Reading MCU address space from 0x000000000000 to 0x00001FFFFFFF
[25.04.2018 10:52:29] [FINISH OPERATION_ID = DCC_READ_MEMORY]

              Comment

              • #8
                Read ROM1, not the MCU space.
                And attach saved file here.
                ICQ: 299-912-089
                QQ: 1634811353

                Comment

                • #9
                  Did it

                  Code:
                  [26.04.2018 9:53:44] [START OPERATION_ID = JTAG_ANALIZE]
[26.04.2018 9:53:44] Open serial port...OK
[26.04.2018 9:53:44] Connecting to the RIFF Box...OK
[26.04.2018 9:53:44] Firmware Version: 1.49 (RIFFBOX1), JTAG Manager Version: 1.77
[26.04.2018 9:53:44] Selected Resurrector: [LG GT540 V1.00]
[26.04.2018 9:53:44] 
[26.04.2018 9:53:44] Connecting to the target...OK
[26.04.2018 9:53:44] Set I/O Voltage reads as 2.60V, TCK Frequency is RTCK
[26.04.2018 9:53:44] 
[26.04.2018 9:53:44] Following devices are found on the JTAG chain:
[26.04.2018 9:53:44]   Device on TAP #0: ID = 0x503C10E1, IR Length = 0x04 bits
[26.04.2018 9:53:44] Total IR length: 0x0004 bits
[26.04.2018 9:53:44] 
[26.04.2018 9:53:44] Analizing IDCODE(s) of the JTAG scan chain:
[26.04.2018 9:53:44] 1. 0x503C10E1: Qualcomm MSM7227, H/W Rev. #5
[26.04.2018 9:53:44] [FINISH OPERATION_ID = JTAG_ANALIZE]
                  Code:
                  [26.04.2018 11:32:22] [START OPERATION_ID = DCC_READ_MEMORY]
[26.04.2018 11:32:22] 
[26.04.2018 11:32:22] Current Settings:
[26.04.2018 11:32:22] -----------------
[26.04.2018 11:32:22] Address: 			000000000000
[26.04.2018 11:32:22] Length: 			000020000000
[26.04.2018 11:32:22] Address Space: 		ROM1
[26.04.2018 11:32:22] AutoFullFlash: 		UNCHECKED
[26.04.2018 11:32:22] Use End Address: 		UNCHECKED
[26.04.2018 11:32:22] ECC Module Enabled: 	UNCHECKED
[26.04.2018 11:32:22] Image File is Used: 	UNCHECKED
[26.04.2018 11:32:22] Use Address as Offset: 	UNCHECKED
[26.04.2018 11:32:22] Main (UNCHECKED): 
[26.04.2018 11:32:22] Redu (UNCHECKED): 
[26.04.2018 11:32:22] 
[26.04.2018 11:42:37] Open serial port...OK
[26.04.2018 11:42:37] Connecting to the RIFF Box...OK
[26.04.2018 11:42:37] Firmware Version: 1.49 (RIFFBOX1), JTAG Manager Version: 1.77
[26.04.2018 11:42:37] Selected Resurrector: [LG GT540 V1.00]
[26.04.2018 11:42:37] 
[26.04.2018 11:42:37] Connecting to the dead body...OK
[26.04.2018 11:42:37] Detected dead body ID: 0x503C10E1 - IGNORED!
[26.04.2018 11:42:37] Set I/O Voltage reads as 2.59V, TCK Frequency is RTCK
[26.04.2018 11:42:37] Adaptive Clocking RTCK Sampling is: [Sample at MAX]
[26.04.2018 11:42:37] Settings Code: 0x00010000000000000000000020000000
[26.04.2018 11:42:37] 
[26.04.2018 11:42:37] Resurrection sequence started.
[26.04.2018 11:42:37] Establish communication with the phone...OK
[26.04.2018 11:42:37] Initializing internal hardware configuration...OK
[26.04.2018 11:42:37] Uploading resurrector data into memory...OK
[26.04.2018 11:42:37] Starting communication with resurrector...OK
[26.04.2018 11:42:37] 
[26.04.2018 11:42:37] Detected an Initialized FLASH1 Chip, ID: 0x00AD/0x55BC (512MB)
[26.04.2018 11:42:37] 
[26.04.2018 11:42:37] 
[26.04.2018 11:42:37] WARNING: Resuming interrupted read from 0x000015F20000, yet to read - 0x00000A0E0000...
[26.04.2018 11:42:37] Reading FLASH1 address space from 0x000015F20000 to 0x00001FFFFFFF
[26.04.2018 11:42:37] Completed in 00:10:12.351 (Average Transfer Rate: 277.43 kB/s)
[26.04.2018 11:42:37] [FINISH OPERATION_ID = DCC_READ_MEMORY]
                  Attached Files

                  Comment

                  Previous template Next
                  Working...
                  X

                  We process personal data about users of our site, through the use of cookies and other technologies, to deliver our services, personalize advertising, and to analyze site activity. We may share certain information about our users with our advertising and analytics partners. For additional details, refer to our Privacy Policy.

                  By clicking "I AGREE" below, you agree to our Privacy Policy and our personal data processing and cookie practices as described therein. You also acknowledge that this forum may be hosted outside your country and you consent to the collection, storage, and processing of your data in the country where this forum is hosted.

                  I Agree