Hi all,
I'm working on reserve engineering libcamera for Tattoo, based on libcamera2 by NCommander. Thanks to nopy for many help.
HTC have changed a lot in their kernel, and left LOTS of useless or temporary codes not to be cleaned up. Right now, camera codes in the kernel are very clean and tidy and mainly ported from AOSP-donut kernel. Interfaces of /dev/msm_camera/control0, config0, and frame0 are successfully generated. As you know, HTC kernel implemented the /dev/msm_camera/msm_camera0 interface to communicate with requests from user space. I'm not sure why HTC did such a hack. The reason why I ported camera codes from AOSP-donut relies on the fact that most of camera working ROMs for other headsets like Dream or Sapphire did this, even if these ROMs are powered by 2.6.32 or even 2.6.34 kernels.
I've sticked to HTC camera driver in the kernel. Please check out my github.
Here is the explanation of the relationship between libcamera, libqcamera and the kernel, written by NCommander.
This is my first step to reserver engineering work on libcamera. Camera does NOT work yet.
The current logcat and klogtail have been attached here, Donut version as well. Thanks to MrGland, salva.tejero, and kicmi.
If anyone is interested in hacking for Tattoo, just let know. I'll invite you to cooperate with us.
Regards,
do you want try my kernel?
it have a problem with wifi...but the camera and media driver are correctly loaded...
if u want i can send it via pm
i have fix the GL problem on my rom...i haven't a tatto...but if u want i can see again the problem with your rom.
i'm just thinkg to restart my rom from zero. I have already downloaded the froyo source and i'm starting to compile the source and add my personal kernel...
said me if u want collaborate to made a new 2.2 rom
W/dalvikvm( 613): threadid=10: thread exiting with uncaught exception (group=0x400207d8)
I am by no means a c++ expert, but I started learning it last week. A uncaught exception needs catching so that the whole thread does not terminate, you can deal with them using catch(), unless it is a hardware exception
I think you two have the best chance of making a working froyo rom if you work together based on using your roms. I use fyodors 1.6 rom daily
I believe this too.
I prefer fyodor's rom though cause with his roms I never had problems on booting. Ikxdf' s roms from the other side don't boot on my device(except abusu 2.01 and capcake 1.01)
you two (ikxdf,cn.fyodor) are supermans make a team mix up your files and your skills, make a great panfyodorcake ROM and we, tattoo users will be so happy Good Luck
E: omg sry kiljacken and HCDR.Jacob ale supermans too
cn.fyodor said:
I've dived into the source files, and found there was a __NULL__ "config_defaults" array of structure in egl.cpp file. This array was used in eglChooseConfig function, which is heavily related with my issue. I'm not sure what the codes did since not familiar with C++ programming. I've googled a lot, but no luck.
I need C++ experts to read the opengl codes in Froyo system and find the reason why 'No configs match configSpec' error comes up. Thanks in advance.
Regards,
Click to expand...
Click to collapse
If you send me that file or gives me the path to it in the Android source code I'll gladly take a look at it...
If you send me that file or gives me the path to it in the Android source code I'll gladly take a look at it...
Click to expand...
Click to collapse
Same here...
ikxdf said:
do you want try my kernel?
it have a problem with wifi...but the camera and media driver are correctly loaded...
if u want i can send it via pm
i have fix the GL problem on my rom...i haven't a tatto...but if u want i can see again the problem with your rom.
i'm just thinkg to restart my rom from zero. I have already downloaded the froyo source and i'm starting to compile the source and add my personal kernel...
said me if u want collaborate to made a new 2.2 rom
Click to expand...
Click to collapse
Hi, ikxdf
Glad to see you in this dev thread. My kernel can drive the camera correctly, but I haven't verified it yet. Feel free to send yours to me, I'll test it to check whether it works or not.
speedyracer5 said:
W/dalvikvm( 613): threadid=10: thread exiting with uncaught exception (group=0x400207d8)
I am by no means a c++ expert, but I started learning it last week. A uncaught exception needs catching so that the whole thread does not terminate, you can deal with them using catch(), unless it is a hardware exception
Click to expand...
Click to collapse
Thanks for the info. If it's a hardware exception, there must be some bugs in my customized kernel. However, to be honest, I really don't know how to debug the C++ codes.
kiljacken said:
If you send me that file or gives me the path to it in the Android source code I'll gladly take a look at it...
Click to expand...
Click to collapse
Thanks. The top path is frameworks/base/opengl. This exception error was thrown by the ./java/android/opengl/GLSurfaceView.java and the eglChooseConfig function is defined in ./libagl/egl.cpp. Hope you find something useful to debug it.
My greetings,
are the best in the tattoo improving.
Thanks to all the people who try to improve the tattoo...
let´s go friends
cn.fyodor said:
Hi, ikxdf
Glad to see you in this dev thread. My kernel can drive the camera correctly, but I haven't verified it yet. Feel free to send yours to me, I'll test it to check whether it works or not.
Thanks for the info. If it's a hardware exception, there must be some bugs in my customized kernel. However, to be honest, I really don't know how to debug the C++ codes.
Thanks. The top path is frameworks/base/opengl. This exception error was thrown by the ./java/android/opengl/GLSurfaceView.java and the eglChooseConfig function is defined in ./libagl/egl.cpp. Hope you find something useful to debug it.
Click to expand...
Click to collapse
I've looked much at the files and i have fund that the error you get is caused when an app gives some info about a configuration and EGL can't find a config that matches that information...
Does this error happen in the camera app??
cn.fyodor said:
Hi, ikxdf
Glad to see you in this dev thread. My kernel can drive the camera correctly, but I haven't verified it yet. Feel free to send yours to me, I'll test it to check whether it works or not.
Thanks for the info. If it's a hardware exception, there must be some bugs in my customized kernel. However, to be honest, I really don't know how to debug the C++ codes.
Thanks. The top path is frameworks/base/opengl. This exception error was thrown by the ./java/android/opengl/GLSurfaceView.java and the eglChooseConfig function is defined in ./libagl/egl.cpp. Hope you find something useful to debug it.
Click to expand...
Click to collapse
The Exception has been thrown from JAVA because num_config[0] has not been populated by eglChooseConfig. This output parameter it's populated at the last line of eglChooseConfig.
I don't know the architecture of android and egl stuff, what i can reccomend to you is to use the LOGE macro to write in console the list of attibute (attrib_list parameter) and try to see in which point the function returns (using LOGE macro opportunely).
From what i can understand, this function tries to match the list of attributes passed as parameter(attrib_list) with global array of configurations (gConfigs), which contains 8 configurations (every configuration is an array of attributes).
Java makes 2 calls to eglChooseConfig, the first is to retrieve the number of configurations that matches the attribute list, if this number is >0 create an empty array and re-call eglChooseConfig to get the array itself populated, otherwise throws the exception you have showed in your log.
ivendor said:
The Exception has been thrown from JAVA because num_config[0] has not been populated by eglChooseConfig. This output parameter it's populated at the last line of eglChooseConfig.
I don't know the architecture of android and egl stuff, what i can reccomend to you is to use the LOGE macro to write in console the list of attibute (attrib_list parameter) and try to see in which point the function returns (using LOGE macro opportunely).
From what i can understand, this function tries to match the list of attributes passed as parameter(attrib_list) with global array of configurations (gConfigs), which contains 8 configurations (every configuration is an array of attributes).
Java makes 2 calls to eglChooseConfig, the first is to retrieve the number of configurations that matches the attribute list, if this number is >0 create an empty array and re-call eglChooseConfig to get the array itself populated, otherwise throws the exception you have showed in your log.
Click to expand...
Click to collapse
I think you're right...
I think it would be important for all of us, to have a rom 100 % funcional 2.1 or 2.2 without the camera, and before fix the camera...i think
If you make a team i havent doubt could be able to make it real
thanks for all
capito djjkd said:
I think it would be important for all of us, to have a rom 100 % funcional 2.1 or 2.2 without the camera, and before fix the camera...i think
If you make a team i havent doubt could be able to make it real
thanks for all
Click to expand...
Click to collapse
why?
because the devs maybe could stop developing, because they are satisfied of the working camera?
i don't think so. if they could get the camera working, there isn't a long way anymore to a 100% functional 2.1/2.2 ROM.
I hope this comes true, good luck to the devs!!!!!!
ivendor said:
The Exception has been thrown from JAVA because num_config[0] has not been populated by eglChooseConfig. This output parameter it's populated at the last line of eglChooseConfig.
I don't know the architecture of android and egl stuff, what i can reccomend to you is to use the LOGE macro to write in console the list of attibute (attrib_list parameter) and try to see in which point the function returns (using LOGE macro opportunely).
From what i can understand, this function tries to match the list of attributes passed as parameter(attrib_list) with global array of configurations (gConfigs), which contains 8 configurations (every configuration is an array of attributes).
Java makes 2 calls to eglChooseConfig, the first is to retrieve the number of configurations that matches the attribute list, if this number is >0 create an empty array and re-call eglChooseConfig to get the array itself populated, otherwise throws the exception you have showed in your log.
Click to expand...
Click to collapse
I commented out the setEGLConfigChooser() stmt. in Camera/src/*/ui/GLRootView.java source file to use the GLES default config for camera. Although the 'no config match...' exception didn't come up, camera didn't snapshot any images as if the sensor didn't open. Check out the attachment below.
If the setEGLConfigChooser stmt. was added, in eglChooseConfig function, both possibleMatch and num_config will be 0. I'm trying to find the low-level reason.
The setEGLConfigChooser() in Camera/src/*/ui/GLRootView.java source file is defined:
public void
setEGLConfigChooser (int redSize,
int greenSize, int blueSize, int alphaSize, int depthSize, int stencilSize).
All we want (i think) is the correct values for the parameters. Ok at page
http://brandnewreality.com/blog/android-egl-querying-your-gl-driver
there is a java program to query from a donut tattoo the configs....
Now we can correct the parameters at setEGLConfigChooser function.
I hope that this helps us...
seg
segway_ said:
The setEGLConfigChooser() in Camera/src/*/ui/GLRootView.java source file is defined:
public void
setEGLConfigChooser (int redSize,
int greenSize, int blueSize, int alphaSize, int depthSize, int stencilSize).
All we want (i think) is the correct values for the parameters. Ok at page
http://brandnewreality.com/blog/android-egl-querying-your-gl-driver
there is a java program to query from a donut tattoo the configs....
Now we can correct the parameters at setEGLConfigChooser function.
I hope that this helps us...
seg
Click to expand...
Click to collapse
Wont this method you are proposing hard coding the values?Shouldnt these be set by the user?There must be another class with the default values and which saves the user defined values.
Look at the code:
http://android.git.kernel.org/?p=pl...0f823229da7569a51367f20c0c9d048d1cba;hb=froyo
175 private void initialize() {
176 mFlags |= FLAG_INITIALIZED;
177 setEGLConfigChooser(8, 8, 8, 8, 0, 4);
178 getHolder().setFormat(PixelFormat.TRANSLUCENT);
179 setZOrderOnTop(true);
Click to expand...
Click to collapse
Is it hard coded?
seg
Well the values are hard coded.. but at the look of it I guess the hardware need these hard coded values to initialise. Good point seg.
Related
Hey everybody!
I'm creating this thread to keep the Barcorama related discussion in a dedicated thread. The discussion spawned here.
Barcorama is a Zxing-based (http://code.google.com/p/zxing/) barcode reader software developed by me in C#. The program's main purpose is to provide a free (and hopefully powerful) tool in the consumer's toolchain!
Feel free to try out and comment on it.
The tool is being developed on my Kaiser, so any feedback on how it performs on other devices is welcomed!
Basic Usage (not yet updated for v0.9x:
a. Press the "Shoot" button to launch the phones camera wizard and take a photo of the barcode by pressing the front "OK" button, or the normal side-shoot button. Barcorama will return automatically upon capture and try to recognize the code.
b. Press the "Open" button to launch the file dialog and navigate/select a previously taken photo. Again, after loading the photo, recognition starts.
After a successful recognition, a popup message may ask whether to run the specified external program with the recognized code. The program along with its arguments is specified in the settings. The code will be inserted wherever the !###! string is be found (may be multiple times).
In general, my tests show that the autofocus camera feature seems to achieve a good result when holding the phone more then 5cm away from the target.
Source code is available here: https://sourceforge.net/projects/barcorama/
or download the trunk snapshot here: http://barcorama.svn.sourceforge.net/viewvc/barcorama/trunk.tar.gz?view=tar
Features:
-- Recognizes 1D and 2D barcodes. See the google page for details. Version 0.3 is currently incorporated.
-- Runs an external program to pass the recognized code
Requirements:
- NETCF v2.0
ChangeLog:
v0.9h
-- ability for "continuous operation". After successful recognition, continues scanning/shooting/etc...
-- option to beep after successful recognition. Useful in "continuous operation"
v0.9g (for Testing!):
-- Costpad fixes regarding same name shops
-- QR recognition working (thanx to mao xuchu!). Mind though that proper result handling is not present.
-- BUGFIX: many settings were not holding on their value
v0.9f (for Testing!):
-- Memory optimization. Thanx user jeutaw for reporting the bug!
v0.9e (for Testing!):
-- BUGFIX: fixed exception at the end of the purchase submit procedure
v0.9d (for Testing!):
-- Warning: a bug has already been identified regarding the ability to submit purchases to costpad.com. Perhaps you want to wait a few hours until I get home and fix it <-- FIXED in v0.9e
-- Manual entry of the barcode (useful when scan/shoot/open methods fail)
-- More finger-oriented purchase date entry method
-- Able to register a new shop through Barcorama
-- Smoother button fading
-- Various fixes
v0.9c (for Testing!):
-- GUI fixes (should now cope better with high-res devices)
v0.9b (for Testing!):
-- not connecting to the Internet at startup
v0.9a (for Testing!):
-- Preliminary Costpad.com integration
v0.8a:
-- Reintroduced the "Live" mode (thanks to WiMo project), where continuous capturing is performed (low resolution only, thanks to HTC... )
-- Experimental Autofocus tweak! Manually triggering the autofocus capability so to make the "Live" mode usable. Warning: not all devices/roms will be compatible!
v0.7a:
-- Better File open method
-- Minor interface changes
v0.6:
-- Elastic GUI layout. Supporting landscape mode and greater resolutions.
v0.5c:
- Bugfix: Normal handling of spaces in external program's path and arguments
- Added a program icon (thanx nibblah)
v0.5b:
- Bugfix: proper saving/loading of external program settings.
v0.5
- Can now run an external program passing the recognized barcode.
v0.4d
- Small fix for QR decoding
v0.4c
- Upgraded ZXing to 0.4.5 for 1D barcodes (only)
v0.4b
- Fixed a nasty bug that disabled EAN and UPC codes!
v0.4
- Able to individually select what barcode types to try
- Option for selecting whether automatic return from the Camera application is desired. When not selected, the user has to manually exit the Camera application, beign able this way to recapture before decode
- Added a clickable link in the About page to easily reach this forum
- Black appearance
v0.3b
- Incorporated a ZXing bugfix regarding code-39 decoding
- Added a popup question to copy a recognized code into the clipboard
v0.3
- Tweaked usage of the .net camera API. Using a file based method to detect when the capture was performed.
- Automatically returning back to the application after the user shoots the photo. No second "OK" is needed.
- Better UI behavior by using background thread for camera capture and image decoding
- Various bugfixes
Known Issues:
-- False recognitions (encountered some EAN13 faults)
-- 3megapixel photos cannot be loaded
-- After shooting, image appears 90-degrees counter-clockwise rotated. Recognition works though.
Have fun!
hypest
P.S Please, if you encounter a bug/problem, report it and add your hardware/software configuration, or fill your signature with such info. Reporting of successful trials is also welcomed
Removed: The "speedy" version was removed as it was not functioning on par with the "normal" version...
Added a cab file that includes the .exe and creates a Start Menu shortcut. The shortcut seems to be missing the proper icon and perhaps it won't work in Non-English installations. Removed the ..v07a.zip as the cab seems stable.
Removed: The "Barcorama.zip" as it was too old...
I'm not experiencing crashes anymore, but the app doesn't appear to be receiving the photo taken after pressing shoot etc. I tried leaving the app for a minute, in case it was too busy processing to show anything on screen, but to no avail. If I take a photo manually, it is able to process via the OPEN button.
You might want to change the url in the about section into something people are more likely to type into their browser, in case they get the file indirectly... (the tinyurl would be http://tinyurl.com/2kxkuj for example, a little shorter at least)
The other files that came with the previous versions of Barcorama (WiMoNative.dll, and the OpenNETCF.etc.etc), can they be removed from the program's directory?
PS Thanks for all your work so far
SilentlyScreaming said:
I'm not experiencing crashes anymore, but the app doesn't appear to be receiving the photo taken after pressing shoot etc. I tried leaving the app for a minute, in case it was too busy processing to show anything on screen, but to no avail. If I take a photo manually, it is able to process via the OPEN button.
Click to expand...
Click to collapse
After taking the photo, do you manually press OK (or the "return" icon), or do you just leave it to return on its own? I think, the Nadavi's camera version, after some seconds returns automatically but it's actually a "cancel", not an "OK".
SilentlyScreaming said:
You might want to change the url in the about section into something people are more likely to type into their browser, in case they get the file indirectly... (the tinyurl would be http://tinyurl.com/2kxkuj for example, a little shorter at least)
Click to expand...
Click to collapse
The long url really sucks, I know. This was just a quick and dirty solution to the "add an About window". I will certainly change it to actually be a clickable link.
SilentlyScreaming said:
The other files that came with the previous versions of Barcorama (WiMoNative.dll, and the OpenNETCF.etc.etc), can they be removed from the program's directory?
Click to expand...
Click to collapse
Yes, with the present application functionality, do supplement dlls are needed. So, it is safe to remove them.
SilentlyScreaming said:
PS Thanks for all your work so far
Click to expand...
Click to collapse
Thank YOU...
hypest
Looks good.
Looking forward to updates. I can't get it to "shoot" and decode.
I have to shoot the picture, then run the program to get it to decode the
1D barcode.
Very nice.
Hi, Sean here from the zxing project. Glad to see you got this into C# and I hope it was not too painful. Let me know if you notice bugs. I put a link to your project on the code.google.com page.
Once the code stops changing and looks about done, we'd like to do the same thing, but port to Object C for the iPhone.
Got me blushing
srowen said:
Hi, Sean here from the zxing project. Glad to see you got this into C# and I hope it was not too painful. Let me know if you notice bugs. I put a link to your project on the code.google.com page.
Once the code stops changing and looks about done, we'd like to do the same thing, but port to Object C for the iPhone.
Click to expand...
Click to collapse
Hello Sean! Flattered to see a comment from one of the project's developer!
Translating to C# was surprisingly easy and effective by using the MS JLCA. Ofcource I had to make some adjustments, but nothing really "difficult". Poking into the zxing code is certainly on my agenta but for the time being I'm trying to figure out why the prog does not work on some fellow posters' devices . I'll be happy to drive your attention to any bugs I notice.
...will keep my eye on your project's progress...
hypest
Quick Shot not working for me. The application do not get the image. Manual shot dont recognizes EAN13 code. Folder selection not working(HTC Camera takes the shots in Storagecard\DCIM\100Media folder that cant be selected because its a subfolder.)
Trouble replicating the problem
I just reverted my Kaiser to its original rom (had to cook it from the dump I performed the day I got it), but the prog works (shouldn't I be happy about that?). I can use the "Shoot" and recognize...
Some details:
device: HTC TyTN II (unbranded)
Greek ROM (ACE Hellas)
OS: 5.2.1620 (build 18125.0.4.2)
ROM version: 1.56.405.5
Date: 08/28/07
Radio: 1.27.12.32
Protocol: 22.45.88.07H
Camera ver: 4.08 build 28288
The prog also worked with my "previous" ROM (panosha's joannita light + Nadavi's camera)
Perhaps some of you guys that the app does not fully work, can post additional info on the hardware/software you're using.
Thanx,
hypest
i wonder if it had something to do with localization. It is a german Phone here. I've tested it with my own programm(also written in C#) and it has no problem getting the shot. strange....
nsa666 said:
Quick Shot not working for me. The application do not get the image. Manual shot dont recognizes EAN13 code. Folder selection not working(HTC Camera takes the shots in Storagecard\DCIM\100Media folder that cant be selected because its a subfolder.)
Click to expand...
Click to collapse
EAN13 generally seems to work. Please, could you try this image?
I have tested the prog on about 10 actual products. Try to keep the phone about 6-10cm away from the target (not closer than 5, anyway).
Thank you for the info on the behavior of the load dialog. I will try and use a different facility to browse every folder.
hypest
nsa666 said:
i wonder if it had something to do with localization. It is a german Phone here. I've tested it with my own programm(also written in C#) and it has no problem getting the shot. strange....
Click to expand...
Click to collapse
I cannot completely rule out the possibility to be a localization issue, even though, the second Kaiser device I used today was not a Greek one (I thing was English-default) and it worked on it too.
With your shot it actually works. With my it reads wrong code.
nsa666 said:
With your shot it actually works. With my it reads wrong code.
Click to expand...
Click to collapse
Indeed, your image produces a false recognition. It is quite probable that this is a zxing related bug, but I'll have to investigate it further. Actually I have encountered this faulty recognition once.
hypest
Do you plan to release your source so that others might be able to develop customized applications? I personally would like to have it query a MySQL DB via the web over HSDPA connection to query inventory levels and pricing of product in my warehouse. Other uses might be to have it auto-query the UPC against an online DB to find the best price for a given product or to upload the UPC to an on-line DB to review later from your desktop.
After you take the picture with the Shoot option what do you hit to have it decode it? If i hit the return (back arrow) nothing happens, and if i hit the OK key on the front of my Tilt, nothing happens...
PengLord said:
Do you plan to release your source so that others might be able to develop customized applications? I personally would like to have it query a MySQL DB via the web over HSDPA connection to query inventory levels and pricing of product in my warehouse. Other uses might be to have it auto-query the UPC against an online DB to find the best price for a given product or to upload the UPC to an on-line DB to review later from your desktop.
Click to expand...
Click to collapse
Actually, these uses are exactly what I have in mind! The app will act just as the barcode-recognition medium. The backend will be the really interesting stuff .
I just have to figure out some serious problems and in the meantime I'll decide whether to release the code in an organized manner, or just enable the tool to be used as external executable from other apps (or a linkable lib).
pizzaguy said:
After you take the picture with the Shoot option what do you hit to have it decode it? If i hit the return (back arrow) nothing happens, and if i hit the OK key on the front of my Tilt, nothing happens...
Click to expand...
Click to collapse
On my kaiser, either way works . Most of the time though, I use the front (D-PAD) OK button just because is easier to press.
I have updated the #1 post and attached a build with some debugging messages. Please try that too and report which messages you see.
hypest
hypest said:
I have updated the #1 post and attached a build with some debugging messages. Please try that too and report which messages you see.
Click to expand...
Click to collapse
"Dialog didn't return OK!"
apears when pressing OK on the D-Pad or the icon.
i have a German TyTn II.
ROM Version: 1.56.407.3
Nadavi_HTC_Camera_5_0_4_2915_00.cab is installed, could this be the issue? the preinstalled version was .... sh.... not very good.
hope this helps you a bit..
Im not a great coder but i found a nice PDF that might be good to help with decoding the image. http://www.atilim.edu.tr/~misafran/proje web/BIS04.pdf
bypass build
Fellow posters,
I have revised the #1 post to include a newer build, hopefully with better results. This one tries a different approach to reach the captured image..
to pizzaguy:
The paper might be helpful, event though it is not presented as simply software-based (it benefits from the DSP processor present).
hypest
it still doesnt work.
Barcorama_bypass.exe
IOException
bei System.IO.__Error.WinIOError()
bei System.IO.Directory.InternalCreateDirectory()
bei System.IO.Directory.CreateDirectory()
bei TestNS.TestCL.button1_Click()
bei System.Windows.Forms.Control.OnClick()
bei System.Windows.Forms.Button.OnClick()
bei System.Windows.Forms.ButtonBase.WnProc()
bei System.Windows.Forms.Control._InternalWnProc()
bei Microsoft.AGL.Forms.EVL.EnterModalDialog()
bei System.Windows.Forms.Form.ShowDialog()
bei TestNS.TestCL.Main()
P.S.: This comes if i klick on "shot" buton. The camera app dont even starts.
P.S.2: just tested the verbose version. It seems to be something wrong with directory name. it says \Storagecard\Barcorama\Barcorama_verbose.exe. I think it should say only \Storagecard\Barcorama .
This thread is for development discussion only. If you are not actively working on the project, please go to the discussion thread where your contribution will be more valuable. By keeping this thread clean, we can hope to get Android working on our devices much quicker.
Project Status:
We now have a 2.6.27 kernel which is capable of booting Angstrom and Android. Android looks good and is responsive, but most core functions are not there yet. Work is focused on kernel development to provide us with a stable base with working hardware. You can find test files in the second post.
We have a Wiki page where the project gets documented in some detail.
History
The development had a slow start while Orux worked out how to make the mdp talk to mddi to get a working display. We hope that progress will be faster now as there has been considerable work on the Diamond and Raphael hardware, which is quite similar to the Blackstone.
23Feb09
Screen problems fixed at last - many weeks work from Orux got the mdp talking to mddi and give us a working display.
03Mar09
Wow! So much progress in just a week! We now have working SD (some issues with brands of cards - under investigation), allowing booting direct from the SD card; working hardware buttons, and some GSM functionality (the network connects and reports of sending SMS successfully). Credit to Orux, Pichurri, Cybersalsero, Jonlar (and have I missed anyone out - not me, I have been spectating!). Pichurri has posted a full install package on teh wiki, go try it and give feedback in the testing thread.
(to be continued!)
Current tasks
Debugging SD card problems many ppl having
Getting our own version of Android (currently using builds optimised for Raph/Diam
More GSM functions - who will be first to make a call???
What can I do?
You tell us! First thing would be to get yourself set up with a development environment. You need Linux on your PC - either installed as the main OS or if you use Windows, in a virtual machine (eg Virtualbox). Then follow the instructions on the wiki to get the sources and latest diff.
Reserved for files
Here you will find the up to date files related to the project.
Pichurri's full 2.6.27 install package is on the wiki here
You should correct the posts: 2.6.26 and 2.6.27 is the kernels used. More info: www.kernel.org
brumbrum said:
You should correct the posts: 2.6.26 and 2.6.27 is the kernels used. More info: www.kernel.org
Click to expand...
Click to collapse
We are using 2 kernels:
2.6.25 --> htc-msm-2.6.25 branch in git.linuxtogo.org. This is the kernel that we are testing in our machines these days.
2.6.27 --> htc-msm-2.6.27 branch in git.linuxtogo.org. Where we will stay in a few days. Better kernel, more improvements. Here is where people from other projects are working now.
orux said:
We are using 2 kernels:
2.6.25 --> htc-msm-2.6.25 branch in git.linuxtogo.org. This is the kernel that we are testing in our machines these days.
2.6.27 --> htc-msm-2.6.27 branch in git.linuxtogo.org. Where we will stay in a few days. Better kernel, more improvements. Here is where people from other projects are working now.
Click to expand...
Click to collapse
Sorry, my mistake. Typed the message above late in the night.
But in the first and second post in this thread it says 2.2.65 and 2.2.67.
Thanks, was posted in a rush, just pm me if you see more errors. We use the odd numbered dev kernels, they will always have the most recent stuff.
A challenge for someone who likes graphic drivers:
I think linux is using ~10% of epson controller capabilities.
We have a lot of information about this controller, and open source code from epson.
Perhaps someone would like to work with this stuff.
orux said:
A challenge for someone who likes graphic drivers:
I think linux is using ~10% of epson controller capabilities.
We have a lot of information about this controller, and open source code from epson.
Perhaps someone would like to work with this stuff.
Click to expand...
Click to collapse
Do you mean things like picture-in-picture? Would be good later on in the gui - multiple desktops, that kind of thing. Also I noticed the Epson controller handles TV-out. Do we know if the out-connection exists for this, or have they just not connected it up?
Another thing to consider maybe USB on-the-go - the MSM72xx supports it; if (big if) the usb port has the right connections, it would be possible to mount external storage.
But I think it's more for later on - core functionality would be about making calls, sms, GPRS/3G. Let's see what we get from the latest kernel. Orux have you talked to the RAPH/DIAM guys on irc about merging?
orux said:
A challenge for someone who likes graphic drivers:
I think linux is using ~10% of epson controller capabilities.
We have a lot of information about this controller, and open source code from epson.
Perhaps someone would like to work with this stuff.
Click to expand...
Click to collapse
what makes you believe that?
whatever makes you believe it, share it!
if you have anything like docs,etc to share or point to lets have it !
Blackstone has got 2 graphic processors:
--->mdp, inside the chip. We have drivers in the kernel (mdp.c, mdp_ppp.c ...) I am not sure what capabilities are being used in current kernel. There are not good docs about mdp processor (I haven't got any useful).
--->epson controller. It can do:
• Picture in Picture, Transparency, Alpha Blending
• Image Rotation (90°, 180°, 270°) and Mirroring
• Scroll Assist
• AME (Auto Movie Enhancement)
• Supports up to three layers
• Image Doubling
• Bi-Cubic Scaling (1/2x ~ 8x)
• Over/Down Sampling Scaling (1/8x ~ 8x)
• Edge Enhancement
We don't have driver support in current kernel, but we have docs and source code from epson (link posted in discussion thread).
Htc Touch Pro has a tvout usb cable adapter, and seems to work in linux! I don't know if this cable works with our device.
USB on-the-go: interesting TODO.
patp said:
Orux have you talked to the RAPH/DIAM guys on irc about merging?
Click to expand...
Click to collapse
Not yet; perhaps your (or pichurri, ...) task when we have a good .27 diff. I have too much language limitations for an on-line discussion
p3ngwin said:
what makes you believe that?
whatever makes you believe it, share it!
if you have anything like docs,etc to share or point to lets have it !
Click to expand...
Click to collapse
OK, OK! These things take time - we all have other jobs I guess. We plan to get any open source docs online in a systematic way, we just need to figure out a reliable way - ie not RS etc. And we have to be careful of proprietry materials - we don't want copyright lawyers after us...
If anyone wants to offer us some rock solid webspace, that would be awesome.
TODO: Investigate instability of screen
I think that problems with screen are caused by onscreen keyboard. This keyboard is an excellent hack, but it is not 100% integrated with android.
We need to test a kernel without it.
orux said:
I think that problems with screen are caused by onscreen keyboard. This keyboard is an excellent hack, but it is not 100% integrated with android.
We need to test a kernel without it.
Click to expand...
Click to collapse
Or use the cup cake version with the keyboard in android it self.
Full doc of the epson controler : http://vdc.epson.com/index.php?option=com_docman&task=cat_view&gid=278&Itemid=40
Link is at the bottom of the wiki, add yours
I don't think we need to put all the docs at the same place, just add links at the bottom of the wiki, either hosted or link to website.
I can provide hosting if you need, just pm me.
repository
what do you guys think about creating some kind of repository(git or svn) to upload and share our blackstone kernel? i think it would make development much easier if you could see changes of other people immediately. we could use github or sourceforge.
I also think the On-Screen Keyboard is a problem.
Earlyer today I was goofing around in Android and every time I moved the keyboard, the graphics started acting very weird.(scrolling, not updating etc.)
When I hit F5 on the OSK, it would refresh Android and go back to the home page and the screen would be normal again.
Maybe route the OSK to a pip on the epson?
It's git for kernel dev, anyways svn sucks (inc troll)
If we set up a git, we'll need a guy working as a maintainer and pulling from everyone. This may become usefull when people start working in many different areas of the kernel, but for now diffs are better as they can be easily shared, and there's a howto in the wiki.
patp said:
OK, OK! These things take time - we all have other jobs I guess. We plan to get any open source docs online in a systematic way, we just need to figure out a reliable way - ie not RS etc. And we have to be careful of proprietry materials - we don't want copyright lawyers after us...
If anyone wants to offer us some rock solid webspace, that would be awesome.
Click to expand...
Click to collapse
hey i have a servage account that i hardly use which has massive space and bandwidth i could give you a ftp account to and any sql servers you may need. let me know
Rewpparo said:
Full doc of the epson controler : http://vdc.epson.com/index.php?option=com_docman&task=cat_view&gid=278&Itemid=40
Link is at the bottom of the wiki, add yours
I don't think we need to put all the docs at the same place, just add links at the bottom of the wiki, either hosted or link to website.
I can provide hosting if you need, just pm me.
Click to expand...
Click to collapse
Agreed, the wiki is the best place for this. Would you be happy for me to mention your hosting offer on the front page (which will quite soon need a better structure I'm sure).
JanSchotsmans said:
I also think the On-Screen Keyboard is a problem.
Earlyer today I was goofing around in Android and every time I moved the keyboard, the graphics started acting very weird.(scrolling, not updating etc.)
When I hit F5 on the OSK, it would refresh Android and go back to the home page and the screen would be normal again.
Maybe route the OSK to a pip on the epson?
Click to expand...
Click to collapse
Now that my friend, is a stunning idea (if it can be done simply). How does it relate to the Android OSK mentioned by xmoo? I guess the linux one is low level whereas the Android one is basically an app in the gui. Advantages to both, but if it works out of the box, the android one would mean we could essentially get rid of the linux one. We have ssh if we want to type in a console (or maybe android terminal app?).
Ok, so lets get cracking on this bootloader.
boot.img and recovery.img certs (thanks to ntwrkwizard):
http://ponack.net/designgears/atrix/mmcblk0p10 - cert extract.zip
http://ponack.net/designgears/atrix/mmcblk0p11 - cert extract.zip
Flaw in the X.509 certs:
http://www.darkreading.com/security/vulnerabilities/218900008/index.html
Boot.img & Recovery.img
http://www.ponack.net/designgears/dump.7z
DG, afaik, that exploit deals with the md2 hash algorithm. it is a good possible starting point. has the signing cert been found/recovered/viewed yet?
if moto signed it with an md5 hash cert, then that may not be possible.
Well if you guys need any processing power to help crack anything let me know. I am willing to donate my system. Current specs:
i7-970 six core 4.8ghz overclocked
4 gtx580 gpus
24gb ddr3 2000
HSDL 240gb ssd
Like I said, if you guys need any processing power let me know.
Sent from my "5 inch Galaxy Tab"
Atrix here on the 22nd
dtmcnamara said:
Well if you guys need any processing power to help crack anything let me know. I am willing to donate my system. Current specs:
i7-970 six core 4.8ghz overclocked
4 gtx580 gpus
24gb ddr3 2000
HSDL 240gb ssd
Like I said, if you guys need any processing power let me know.
Sent from my "5 inch Galaxy Tab"
Atrix here on the 22nd
Click to expand...
Click to collapse
Please don't post here. This is a dev only thread. Post your offer in General.
Thanks!
These downloads look like just CA certs. Could someone extract the x.509 cert embedded in the beginning of the boot.img and post it to this thread? I'm out and about this weekend and don't have a box with a hex editor handy.
perdurabo2 said:
These downloads look like just CA certs. Could someone extract the x.509 cert embedded in the beginning of the boot.img and post it to this thread? I'm out and about this weekend and don't have a box with a hex editor handy.
Click to expand...
Click to collapse
If you could tell me how to do that I will be more than happy to get those for you. I'm the go to guy, remember?
Here is the extracted cert from within mmcblk0p10.img. This hex dump is extracted from 7FF7FC through 7FFDF9.
Also is the extracted cert from within mmcblk0p11.img. This hex dump is extracted from 7FF7FC through 7FFE79.
Not sure the value of an extracted public side of the x.509 is post signature but I'm sure someone will define that.
Good luck..
NW
back on topic please.
Mr. Clown said:
back on topic please.
Click to expand...
Click to collapse
Who are you talking to? The cert conversation is applicable.
Hi friend,
is the bootloader encrypten the same as defy or milestone?
Or a new one?
Maybe we could get all a free bootloader if this would work?
Or other technical?
Thanks
perdurabo2 said:
Who are you talking to? The cert conversation is applicable.
Click to expand...
Click to collapse
He deleted some unnecessary posts which were getting off topic. That's all.
The structure of an X.509 v3 digital certificate is as follows:
Certificate
Version
Serial Number
Algorithm ID
Issuer
Validity
Not Before
Not After
Subject
Subject Public Key Info
Public Key Algorithm
Subject Public Key
Issuer Unique Identifier (optional)
Subject Unique Identifier (optional)
Extensions (optional)
...
Certificate Signature Algorithm
Certificate Signature
Click to expand...
Click to collapse
The extensions they come in are:
pem - (Privacy Enhanced Mail) Base64 encoded DER certificate, enclosed between "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----"
.cer, .crt, .der - usually in binary DER form, but Base64-encoded certificates are common too (see .pem above)
.p7b, .p7c - PKCS#7 SignedData structure without data, just certificate(s) or CRL(s)
.p12 - PKCS#12, may contain certificate(s) (public) and private keys (password protected)
.pfx - PFX, predecessor of PKCS#12 (usually contains data in PKCS#12 format, e.g., with PFX files generated in IIS)
PKCS#7 is a standard for signing or encrypting (officially called "enveloping") data. Since the certificate is needed to verify signed data, it is possible to include them in the SignedData structure. A .P7C file is a degenerated SignedData structure, without any data to sign.
PKCS#12 evolved from the personal information exchange (PFX) standard and is used to exchange public and private objects in a single file.
Click to expand...
Click to collapse
Flaws in the X509 Certificate:
Specification: Complexity and lack of quality
The X.509 standard was primarily designed to support the X.500 structure, but todays use cases center around the web. Many features are of little or no relevance today. The X.509 specification suffers from being over-functional and underspecified and the normative information is spread across many documents from different standardization bodies. Several profiles were developed to solve this, but these introduce interoperability issues and did not fix the problem.
Architectural flaws
Use of blacklisting invalid certificates (using CRLs and OCSP) instead of whitelisting
CRLs are particularly poor because of size and distribution patterns
Ambiguous OCSP semantics and lack of historical revocation status
Revocation of root certificates not addressed
Aggregation problem: Identity claim (authenticate with an identifier), attribute claim (submit a bag of vetted attributes) and policy claim are combined in a single container. This raises privacy, policy mapping and maintenance issues.
Delegation problem: CAs cannot technically restrict subCAs to issue only certificates within a limited namespaces and attribute set – this feature of X.509 in not in use. Therefore a large number of CAs exists in the Internet, and classifying them and their policies is an insurmountable task. Delegation of authority within an organization cannot be handled at all, like it is common business practice.
Federation problem: Certificate chains that are the result of sub-CAs, bridge- and cross-signing make validation complex and expensive in terms of processing time. Path validation semantics may be ambiguous. Hierarchy with 3rd-party trusted party is the only model. This is inconvenient when a bilateral trust relationship is already in place.
Problems of Commercial Certificate Authorities
Flawed business model: The subject, not the relying party, purchases certificates. The RA will usually go for the cheapest offer; quality is not being paid for in the competing market.
CAs deny almost all warranties to the user.
Expiration date: Should be used to limit the time the key strength is deemed sufficient. Abused by CAs to charge the client an extension fee. Places unnecessary burden on user with key roll-over.
Client certificates have zero protection value against dedicated attackers.
In browsers, the security is that of the weakest CA. There are very weak CAs.
“Users use an undefined certification request protocol to obtain a certificate which is published in an unclear location in a nonexistent directory with no real means to revoke it.“
Implementation issues
Implementation suffer from design flaws, bugs, different interpretations of standards and lack of interoperability of different standards. Some problems are:
Many implementations turn off revocation check:
Seen as obstacle, policies are not enforced
Would it be turned on in all browsers by default, including code signing, it would probably crash the infrastructure.
DNs are complex and little understood (lack of cononicalization, i18n problems, ..)
rfc822Name has 2 notations
Name and policy constraints hardly supported
Key usage ignored, first certificate in a list being used
Enforcement of custom OIDs is difficult
Attributes should not be made critical because it makes clients crash.
Unspecified length of attributes lead to product-specific limits
Exploits
In 2005, Arjen Lenstra and Benne de Weger demonstrated "how to use hash collisions to construct two X.509 certificates that contain identical signatures and that differ only in the public keys", achieved using a collision attack on the MD5 hash function.
In 2008, Alexander Sotirov and Marc Stevens presented at the Chaos Communication Congress a practical attack that allowed them to create a rogue Certificate Authority, accepted by all common browsers, by exploiting the fact that RapidSSL was still issuing X.509 certificates based on MD5.
X.509 certificates based on SHA-1 had been deemed to be secure up until very recent times. In April 2009 at the Eurocrypt Conference , Australian Researchers of Macquarie University presented "Automatic Differential Path Searching for SHA-1" . The researchers were able to deduce a method which increases the likelihood of a collision by several orders of magnitude.
Domain-validated certificates („Junk certificates“) are still trusted by web browsers, and can be obtained with little effort from commercial CAs.
EV-certificates are of very limited help, because Browsers do not have policies that disallow DV-certificates,
There are implementation errors with X.509 that allow e.g. falsified subject names using null-terminated strings or code injections attacks in certificates.
Click to expand...
Click to collapse
From the sound of it, the X.509 cerificate the Atrix uses will be in .p12 format, although I could be wrong.
Example of a Decoded X509 cert: http://pastie.org/1590676
Great post, this is def a way to go and explore , i have been messsing with NVIDIAFlash all day so far.. i think if i can get a bootstrap or something on here so that i can mount and add some files to system folder with phone off i may be on to something ..
t0dbld said:
Great post, this is def a way to go and explore , i have been messsing with NVIDIAFlash all day so far.. i think if i can get a bootstrap or something on here so that i can mount and add some files to system folder with phone off i may be on to something ..
Click to expand...
Click to collapse
Adding things to the system folder means nothing, the system partition is only check when a new system is flashed via (sbf_flash, rsdlite, or flashing a CG via an update.zip) otherwise you can add/remove items from the /system partition with no worries of the signatures.
I've got a question. Since we are dealing with a closed system. Can we not validate -enddate of the signed boot image. Make note of the exact date and time. Then change the system clock to less than 24 hrs. after this date. This will allow the entire system to think that the bootloader and cert have done their job and simply needs updated. Now we simply need to insert new boot.img that has a valid -startdate within that 24 hr period. The system should simply stop using the expired image and boot the "updated image". Once this generic image is booted, it can simply be swapped out with any further custom roms that we feel the need to use. Once all is done, the system clock will need to be restored to appropriate time. If I knew how to code, I would simply try this myself. But I don't, so I hope this might at least provide some insight to the possibility. I would love to work with developers on finding a solution to this problem, so feel free to ask questions.
jimmydafish said:
Adding things to the system folder means nothing, the system partition is only check when a new system is flashed via (sbf_flash, rsdlite, or flashing a CG via an update.zip) otherwise you can add/remove items from the /system partition with no worries of the signatures.
Click to expand...
Click to collapse
I 100% agree i didnt say that was the end all.... the reason for doing this is so that the computer recoginizes the device in NVIDIAFlash mode and i than can hopefully overwrite the bootloader with the dev version of bootloader.bin
t0dbld said:
I 100% agree i didnt say that was the end all.... the reason for doing this is so that the computer recoginizes the device in NVIDIAFlash mode and i than can hopefully overwrite the bootloader with the dev version of bootloader.bin
Click to expand...
Click to collapse
That will not work, the bootloader is just one piece of a longer chain..changing that out "will" just have the phone reboot and use the backup bootloader. The problem to cracking it lies in all parts. Especially the NvRam where it begins and the MBR.
jimmydafish said:
That will not work, the bootloader is just one piece of a longer chain..changing that out "will" just have the phone reboot and use the backup bootloader. The problem to cracking it lies in all parts. Especially the NvRam where it begins and the MBR.
Click to expand...
Click to collapse
I very much respect all of the work you and your team has put into this situation with other devices, and i very much appreciate the help given by you guys to this forum, and no one including myself wants to waste time, so that being said i have not seen any ideas contributed ... only negative posts on what isnt going to work, i agree that you guys know more than me on this situation perhaps if you could share some of your ideas or the approach or direction you are going i and others could be of some help. We our fresh and not quite so beat up , its like when debuging a program thats driving you nuts and you cant figure out whats going wrong , sometimes a break, sleep, etc is in order so that when you come back your whole train of thought has been altered and you see something differently because you were not looking there before.
I follow instructions well, so lead... i am willing to donate my time my resources, and more than likely my device (at least for the next 29 days )
t0dbld said:
I very much respect all of the work you and your team has put into this situation with other devices, and i very much appreciate the help given by you guys to this forum, and no one including myself wants to waste time, so that being said i have not seen any ideas contributed ... only negative posts on what isnt going to work, i agree that you guys know more than me on this situation perhaps if you could share some of your ideas or the approach or direction you are going i and others could be of some help. We our fresh and not quite so beat up , its like when debuging a program thats driving you nuts and you cant figure out whats going wrong , sometimes a break, sleep, etc is in order so that when you come back your whole train of thought has been altered and you see something differently because you were not looking there before.
I follow instructions well, so lead... i am willing to donate my time my resources, and more than likely my device (at least for the next 29 days )
Click to expand...
Click to collapse
I am not being negative just helping you all steer clear of dead ends. We are looking over some files now and may have some useful tidbits soon. I think we can tell the boot chain from start to finish.
Great!! thanks for the update... on a side note esp in loom of this whole ps3 thing i hope motorola uses the same signing keys for all devices, so that if our day ever comes its x-mas for all
It's quite a simple one I hope. Also, apologies for adding noise to the forum, but I couldn't find any detailed documentation or many tutorials.
I'm making use of findAndHookMethod for a little test project of mine. The problem is, the method which I am hooking has custom classes in its parameters.
Obviously I don't have access to these classes in terms of having the source code imported, so my first thought was just to list the paramaters as Object.class, but this didn't work.
What (if any) are the solutions? Thanks!
P.S.
In case I worded it badly. Say I have method to be hooked...
public void methodThatDoesSomething(ThisCustomClass nameOfParameter)
How do I use findAndHookMethod when listing parameters, as ThisCustomClass.class is not within the scope of my project
Use a string with the class' full name, e.g. "com.hooked.package.ThisCustomClass".
Okey,
Code from GP: http://pastebin.com/raw.php?i=rEH9nq78
I need to hook onTransact method
Code:
XposedHelpers.findAndHookMethod("com.android.vending.details.IDetailsService$Stub",lpparam.classLoader,"onTransact",int.class,Parcel.class,Parcel.class,int.class,testHook);
testHook = just log me if i am in...
But this doesnt work and I think com.android.vending.details.IDetailsService$Stub is probably wrong part.
pyler said:
Okey,
Code from GP: http://pastebin.com/raw.php?i=rEH9nq78
I need to hook onTransact method
Code:
XposedHelpers.findAndHookMethod("com.android.vending.details.IDetailsService$Stub",lpparam.classLoader,"onTransact",int.class,Parcel.class,Parcel.class,int.class,testHook);
testHook = just log me if i am in...
But this doesnt work and I think com.android.vending.details.IDetailsService$Stub is probably wrong part.
Click to expand...
Click to collapse
Mostly the stub is inherited from, so this won't work, because you need to hook into the sub class.
You can hook into android.os.BinderProxy.transact (client) or android.os.Binder.execTransact (service) and check for the interface name, but you'll have still to solve which transaction to catch (transaction = method).
Check this source for more details:
https://github.com/M66B/XPrivacy/blob/master/src/biz/bokhorst/xprivacy/XBinder.java
Note that this is performance wise not the best solution, although the impact is not too big.