Android OS Forum banner
1 - 13 of 13 Posts

·
Developer
Joined
·
34 Posts
FIrst off I'd like to say Thanks to RootzWiki for the device. They gave me a Fascinate and told me to do what I want with it... So I made it into a development device. Thanks to RootzWiki for the device!

introduction
I'm not kidding when I say UnBrickable. Modifying the OM pins means you can boot from USB, UART or MMC. This makes the phone quite UNBRICKABLE. There is nothing you can do software wise to prevent the device from booting into this mode. We are communicating with the unrewritable, efused IROM on the processor. It's the thing that makes the system on a chip into a "system on a chip".I am here now to tell you how to turn your Samsung Fascinate into a KIT-S5PC110 development board. The KIT-S5PC110 development board is the platform used to develop our phones. There are some differences between this mod and the official development platform. The S5PC110 has a removable internal SDCard and no touchscreen.

Why would you want to do this? When you plug in the battery and connect it to the coa

.b.b
mputer in "off" mode, it will become an S5PC110 board awaiting download of a program to run. This occurs long before anything like software or firmware enters the processor. This is the IROM of the device awaiting commands or a power on signal.

Because it is accepting a memory flash, anything may be put onto the device to perform a boot sequence..... Apple iOS (iPhone4 has the same processor) WP7 (mango supports this processor).

This is better then JTAG. How could it possibly be better then JTAG? Let's count the ways....
1. The only part required is a wire.
2. No shipping time.
3. No cost for a box to interface the computer.
4. Permanent.
5. Can be done as a preventive measure.
6. Gives the ability to test new Bootloaders temporarily.
7. Allows development of the entire system.
8. Removes worry about flashing and acts as a backup.
9. JTAG is not an option currently :D.. Really, this is the only way.

After performing this mod:
Remove the battery, replace the battery, your phone will connect to the computer via USB and await commands. Otherwise it will pretty much act like a Fascinate. See the Special Instructions section.

Hardware Modificaiton

You will need:
1. Get someone who knows what they're doing with a soldering iron. If they don't know what flux is, then they don't know what they're doing. You can also speak to myself(my username @gmail.com) or Connexion2005(aka MobileTechVideos.com)
2. soldering iron - make sure it's sharp, if it's not sharp, then sharpen it, flux it and retin it.
3. flux
4. solder
5. tweezers
6. A relay (possibly- for the wire within to use as a bridge)

performing the modification:
1. tear apart your phone... Make sure to take out your SIM and external SDCard before you do this.
1A. Remove the screws.
1B. Separate the top case from the bottom case
1C. disconnect the display connector and free the camera and button assemblies from the case.
1D. Remove the mainboard



2. Perform the mod as follows: Replace the xOM5 resistor from the top position to the bottom position.

*OR: remove the xOM5 resistor and jumper the center pads of xOM5 to the center pads of xOM0 or xOM3.



3. reassemble the phone.

Special Instructions

  • This replaces the battery charging sequence. The normal battery charging sequence can be activated by holding power for 4 seconds.
  • To turn on the device, and operate in normal mode, you must hold the power button for 5 seconds.
  • 3 button Download mode works as usual, however you must not have the S5PC110 drivers installed on the computer. You can use your custom rom menu option, adb reboot download, or use a terminal to "reboot download". 301Kohm Factory Mode JIGs work as well, but you must press power to bypass the S5PC110 mode.
  • There is no known 3 button combo to get into recovery mode. This may be a matter of timing though. You can use your custom ROM options or "adb reboot recovery", or use a terminal to "reboot recovery".

Software based UnBrickable Resurrection


This video applies, but on the Fascinate, you must hold the POWER button during the entire flashing sequence.

Instructions


Unbricking:
1. Apply UnBrickable Mod to your device from above
2. Run ModeDetect to verify your phone is in the proper mode: http://forum.xda-developers.com/showthread.php?t=1257434&page=2
You should see this while you hold the power button:

3. Run UnBrickable Resurrector: http://forum.xda-developers.com/attachment.php?attachmentid=710199&stc=1&d=1315173984 This will only work on linux currently. Install Linux or dual boot if you have windows.
If you are still holding the power button, you should see this on Mode Detect.

You can now disconnect your phone and move to a windows computer to use Odin or any other Samsung tool, or use Heimdall One-Click from Linux. Keep holding the power button!
4. Run Heimdall One-Click: http://forum.xda-developers.com/showthread.php?t=1288130 (or odin3 one-click),
5. repeat steps 2 and 3 with bootloader flashing enabled (Heimdall One-Click has a safety mechanism which requires you to flash once before flashing bootloaders).

conclusion

Congratulations. You now have a device which works like a KIT-S5PC110 with an OM Value of 29. Now get to developing some serious custom software.
reading material
Creating your own Samsung Bootloaders: http://forum.xda-developers.com/showthread.php?t=1233273
KIT-S5PC110 manual: http://www.mediafire.com/?94krzvvxksvmuxh
how to use DNW: http://tinyurl.com/dnw-how-to
Flash using openOCD and DNW: http://www.arm9board.net/wiki/index.php?title=Flash_using_OpenOCD_and_DNW
another DNW example: http://www.boardset.com/products/mv6410.php
ODroid dev center: http://dev.odroid.com/projects/uboot/wiki/#s-7.2

drivers and utilities
This will be an ever expanding list
Windows Drivers http://forum.xda-developers.com/attachment.php?attachmentid=678937&d=1312590673
Windows Download Tool DNW: http://forum.xda-developers.com/attachment.php?attachmentid=678938&d=1312590673
Windows Command Line Download Tool: http://forum.xda-developers.com/showpost.php?p=17202523&postcount=27
Linux DNW Utility: http://dev.odroid.com/projects/uboot/wiki/#s-7.2

firmware
One-Click Resurrector: http://forum.xda-developers.com/attachment.php?attachmentid=705515&d=1314762609
Bootloader Hello World by Rebellos http://forum.xda-developers.com/attachment.php?attachmentid=698077&d=1314105521
 

·
Android Apprentice
Joined
·
38 Posts
I have literally no clue about any of what you just said. Far too technical for me. But I thank you for the contribution to our community!
 

·
Android Mechanic
Joined
·
203 Posts
I don't even have a samsung, just mod and develop for my friend's fascinate.... even knowing that .... I can still say, wow, hero, just saying....

amazing work boss, really.
 

·
Developer
Joined
·
34 Posts
Discussion Starter · #7 ·
Ya. It works on a brick. Unless you figured out how to rewrite iROM... to my knowledge, its never been done outside the factory.
 

·
Android Beginner
Joined
·
5 Posts
Could you post a video on how to perform this? Or maybe some before and after pics demonstrating how xOM resistors should look like? I'm dying to perform this but I want to make sure I have it right.
 

·
Developer
Joined
·
34 Posts
Discussion Starter · #11 ·
I would not recommend doing this after watching a video. There's a level of skill required. With that said... I tried to do a video, but you can't tell what I'm doing and it didn't come out well so I didn't release it. If you possession the skill, the plans above will be sufficient.
 

·
Developer
Joined
·
34 Posts
Discussion Starter · #13 ·
Here are the connection points for UART
Green Circuit component Passive circuit component Hardware programmer Electronic engineering

You will need a UART device for communicating with them. I use an Arduino Mega. The Arduino Mega is much like the Android ADK. The difference is the ADK has an additional USB port for communication with an Android device. ADK, Arduino or any other UART device will work.

You will need to use your favorite serial communicatons program on your computer to speak to a UART device. I use minicom with the following parameters... "minicom -D /dev/ttyUSB0", baud: 115200, parameters: 8N1, flow controls off.

On my Arduino Mega I run the following code:
Code:
void setup() {<br />
  // initialize both serial ports:<br />
  Serial.begin(115200);<br />
  Serial1.begin(115200);<br />
}<br />
<br />
void loop() {<br />
  // read from port 1, send to port 0:<br />
  if (Serial1.available()) {<br />
    int inByte = Serial1.read();<br />
    Serial.print(inByte, BYTE);<br />
  }<br />
  // read from port 0, send to port 1:<br />
  if (Serial.available()) {<br />
    int inByte = Serial.read();<br />
    Serial1.print(inByte, BYTE);	<br />
  }<br />
Here is a picture of my setup without any connections made.
View attachment 9974

I have run the UART connections to two pieces of solid core wires which have been bent upwards in the center and melted into the case of my Fascinate. This allows me to connect and disconnect using the hooks above without even opening the device's case. It's a bit ugly, but for debugging purposes, UART can't be beat.

This allows UART debugging while using the USB port for other things.

here is an example UART output
Code:
-----------------------------------------------------------<br />
   Samsung Primitive Bootloader (PBL) v3.0<br />
   Copyright (C) Samsung Electronics Co., Ltd. 2006-2010<br />
-----------------------------------------------------------<br />
<br />
+n1stVPN	   2688<br />
+nPgsPerBlk    64<br />
PBL found bootable SBL: Partition(3).<br />
<br />
Set cpu clk. from 400MHz to 800MHz.<br />
OM=0x9, device=OnenandMux(Audi)<br />
IROM e-fused - Non Secure Boot Version.<br />
<br />
-----------------------------------------------------------<br />
   Samsung Secondary Bootloader (SBL) v3.0<br />
   Copyright (C) Samsung Electronics Co., Ltd. 2006-2010<br />
<br />
   Board Name: ARIES REV 03<br />
   Build On: Sep 21 2010 18:43:18<br />
-----------------------------------------------------------<br />
<br />
Re_partition: magic code(0xffffffff)<br />
[PAM:   ] ++FSR_PAM_Init<br />
[PAM:   ]   OneNAND physical base address	   : 0xb0000000<br />
[PAM:   ]   OneNAND virtual  base address	   : 0xb0000000<br />
[PAM:   ]   OneNAND nMID=0xec : nDID=0x50<br />
[PAM:   ] --FSR_PAM_Init<br />
fsr_bml_load_partition: pi->nNumOfPartEntry = 12<br />
partitions loading success<br />
board partition information update.. source: 0x0<br />
Now Read Images - ID : 1<br />
.Done.<br />
read 1 units.<br />
==== PARTITION INFORMATION ====<br />
ID		 : IBL+PBL (0x0)<br />
ATTR	   : RO SLC (0x1002)<br />
FIRST_UNIT : 0<br />
NO_UNITS   : 1<br />
===============================<br />
ID		 : PIT (0x1)<br />
ATTR	   : RO SLC (0x1002)<br />
FIRST_UNIT : 1<br />
NO_UNITS   : 1<br />
===============================<br />
ID		 : EFS (0x14)<br />
ATTR	   : RW STL SLC (0x1101)<br />
FIRST_UNIT : 2<br />
NO_UNITS   : 40<br />
===============================<br />
ID		 : SBL (0x3)<br />
ATTR	   : RO SLC (0x1002)<br />
FIRST_UNIT : 42<br />
NO_UNITS   : 5<br />
===============================<br />
ID		 : SBL2 (0x4)<br />
ATTR	   : RO SLC (0x1002)<br />
FIRST_UNIT : 47<br />
NO_UNITS   : 5<br />
===============================<br />
ID		 : PARAM (0x15)<br />
ATTR	   : RW STL SLC (0x1101)<br />
FIRST_UNIT : 52<br />
NO_UNITS   : 20<br />
===============================<br />
ID		 : KERNEL (0x6)<br />
ATTR	   : RO SLC (0x1002)<br />
FIRST_UNIT : 72<br />
NO_UNITS   : 30<br />
===============================<br />
ID		 : RECOVERY (0x7)<br />
ATTR	   : RO SLC (0x1002)<br />
FIRST_UNIT : 102<br />
NO_UNITS   : 30<br />
===============================<br />
ID		 : FACTORYFS (0x16)<br />
ATTR	   : RW STL SLC (0x1101)<br />
FIRST_UNIT : 132<br />
NO_UNITS   : 1146<br />
===============================<br />
ID		 : DBDATAFS (0x17)<br />
ATTR	   : RW STL SLC (0x1101)<br />
FIRST_UNIT : 1278<br />
NO_UNITS   : 536<br />
===============================<br />
ID		 : CACHE (0x18)<br />
ATTR	   : RW STL SLC (0x1101)<br />
FIRST_UNIT : 1814<br />
NO_UNITS   : 140<br />
===============================<br />
ID		 : MODEM (0xb)<br />
ATTR	   : RO SLC (0x1002)<br />
FIRST_UNIT : 1954<br />
NO_UNITS   : 50<br />
===============================<br />
loke_init: j4fs_open success..<br />
load_lfs_parameters valid magic code and version.<br />
load_debug_level reading debug level from file successfully(0x574f4c44).<br />
init_fuel_gauge: vcell = 4136mV, soc = 100<br />
init_fuel_gauge: vcell = 4136mV, soc = 100, rcomp = d01f<br />
reading nps status file is successfully!.<br />
nps status=0x504d4f43<br />
PMIC_IRQ1    = 0x0<br />
PMIC_IRQ2    = 0x0<br />
PMIC_IRQ3    = 0x0<br />
PMIC_IRQ4    = 0x0<br />
PMIC_STATUS1 = 0x40<br />
PMIC_STATUS2 = 0x2c<br />
get_debug_level current debug level is 0x574f4c44.<br />
aries_process_platform: Debug Level Low<br />
keypad_scan: key value ----------------->= 0x0<br />
CONFIG_ARIES_REV:48 , CONFIG_ARIES_REV03:48<br />
check_download: micorusb_status1 = 400, key_value = 0<br />
DISPLAY_PATH_SEL[MDNIE 0x1]is on<br />
MDNIE setting Init start!!<br />
vsync interrupt is off<br />
video interrupt is off<br />
[fb0] turn on<br />
MDNIE setting Init end!!<br />
set_boot_mode: boot mode = 1<br />
aries_process_platform: final s1 booting mode = 1<br />
aries_check_vf_status() ----- aver_vf_adc : 3666<br />
main: booting stop and power off..<br />
loke_exit: bye~ bye!<br />
aries_power_off: TA or USB connected<br />
aries_power_off: WDT reset
This also allows access into the SBL prompt which is like the BIOS of your device. You can really modify things in there. See here for more information http://forum.xda-developers.com/showthread.php?t=1287780

If you're serious about low level development, kernel development, or porting other operating systems, you'll need to get UART working.
 

Attachments

1 - 13 of 13 Posts
Top