When I installed Cyanogen's latest, one of several times, I decided to run a logcat of what was going on (actually just the debug monitor). I noticed the following line of output:
I am particularly interested in the first and last errors
Code:
08-09 09:21:28.684: INFO//system/bin/dosfsck(1352): 63 sectors/track, 255 heads
08-09 09:21:28.684: INFO//system/bin/dosfsck(1352): 64260 hidden sectors
08-09 09:21:28.684: INFO//system/bin/dosfsck(1352): 867510 sectors total
[B][COLOR=Red]08-09 09:21:28.704: ERROR/flash_image(1361): error opening /data/recovery.img: No such file or directory[/COLOR][/B]
08-09 09:21:28.964: DEBUG/AKMD(1363): akmd 1.6.4 START
08-09 09:21:28.964: DEBUG/AKMD(1363): library version: 1.2.1.1129
[COLOR=Red]08-09 09:21:29.144: ERROR/vold(1352): Unable to read framework command (Bad file number)
08-09 09:21:29.144: ERROR/vold(1352): Error processing framework command (Bad file number)
08-09 09:21:29.144: ERROR/vold(1352): Unable to read framework command (Bad file number)[/COLOR]
[COLOR=Red]08-09 09:21:29.144: ERROR/vold(1352): Error processing framework command (Bad file number)
08-09 09:21:29.154: ERROR/vold(1352): Unable to read framework command (Bad file number)
08-09 09:21:29.154: ERROR/vold(1352): Error processing framework command (Bad file number)
08-09 09:21:29.756: ERROR/vold(1352): Unable to read framework command (Bad file number)
08-09 09:21:29.756: ERROR/vold(1352): Error processing framework command (Bad file number)[/COLOR]
[I][COLOR=Red][B]08-09 09:21:30.174: ERROR/RIL Acoustic(1354): Fail to open /system/etc/AudioPara_ALL.csv -1.[/B][/COLOR][/I]
08-09 09:21:30.184: INFO/RIL Acoustic(1354): open /system/etc/AudioPara4.csv success.
08-09 09:21:30.224: INFO/RIL Acoustic(1354): acoustic table version: Dream_TMU_20090305
08-09 09:21:30.304: INFO/RIL Acoustic(1354): read_audio_para_from_file success.
Why am I getting all these errors at boot. Is this normal?
Or is this a problem. Phone runs well enough
try sending a pm to cyanogen
Thanks..but I don't want Cyanogen to think I'm using him for a personal tech support. This appears to be a problem of my making...The last error has to do with the Meltus Louder hack.....I think (those are the names of the files that the audio hack pushes).
Anyway, I was just hoping a member who is knowledgeable about this could pipe in....
[WIP]Dissecting the bootloader aka: get rid of annoying "Your device is corrupt"
This is WIP (work in progress) ... posting this as a separate thread to get other people involved so we can try to get rid of the annoying "Your device is corrupt" thing.
On the back of my thread on the splash screen (see https://forum.xda-developers.com/oneplus-6t/development/tool-splash-screen-modification-t3874158), @AnoopKumar and I started checking the bootloader.
The bootloader is in the partition called: abl_a (and/or abl_b) depending on whether you boot from A or B slot.
(https://forum.xda-developers.com/showpost.php?p=78409574&postcount=28)
All below is on Linux ... I am not a Windows guru ...
Take a raw dump of the abl_a partition. Reboot into TWRP, once there do: "adb shell".
Code:
> adb shell
# dd if=/dev/block/bootdevice/by-name/abl_b of=/sdcard/img.abl_a
# <ctrl-D>
> adb pull /sdcard/img.abl_a
You will now have the dump of the bootloader partition in the file
Then, use "binwalk" to see what is inside the abl_a image:
Code:
> binwalk -e img.abl_a
DECIMAL HEXADECIMAL DESCRIPTION
--------------------------------------------------------------------------------
0 0x0 ELF, 32-bit LSB executable, ARM, version 1 (SYSV)
4488 0x1188 Certificate in DER format (x509 v3), header length: 4, sequence length: 1279
5771 0x168B Certificate in DER format (x509 v3), header length: 4, sequence length: 1133
6908 0x1AFC Certificate in DER format (x509 v3), header length: 4, sequence length: 1149
12408 0x3078 LZMA compressed data, properties: 0x5D, dictionary size: 16777216 bytes, uncompressed size: 487624 bytes
I am thinking that bytes 0...4487 is the real bootloader code, so:
Code:
> head --bytes=4488 img.abl_b > abc
> file abc
abc: ELF 32-bit LSB executable, ARM, version 1 (SYSV), statically linked, corrupted section header size
Not sure why it says "corrupt section header size".
Then check the detail of the ELF file:
Code:
> readelf abc
ELF Header:
Magic: 7f 45 4c 46 01 01 01 00 00 00 00 00 00 00 00 00
Class: ELF32
Data: 2's complement, little endian
Version: 1 (current)
OS/ABI: UNIX - System V
ABI Version: 0
Type: EXEC (Executable file)
Machine: ARM
Version: 0x1
Entry point address: 0x9fa00000
Start of program headers: 52 (bytes into file)
Start of section headers: 0 (bytes into file)
Flags: 0x0
Size of this header: 52 (bytes)
Size of program headers: 32 (bytes)
Number of program headers: 3
Size of section headers: 0 (bytes)
Number of section headers: 0
Section header string table index: 0
There are no sections in this file.
There are no sections to group in this file.
Program Headers:
Type Offset VirtAddr PhysAddr FileSiz MemSiz Flg Align
NULL 0x000000 0x00000000 0x00000000 0x00094 0x00000 0
NULL 0x001000 0x9fa30000 0x9fa30000 0x01988 0x02000 0x1000
LOAD 0x003000 0x9fa00000 0x9fa00000 0x30000 0x30000 RWE 0x1000
There is no dynamic section in this file.
There are no relocations in this file.
Dynamic symbol information is not available for displaying symbols.
No version information found in this file.
Elf file type is EXEC (Executable file)
Entry point 0x9fa00000
There are 3 program headers, starting at offset 52
The bootloader binary code is in the LOAD segment
More to follow later ... have to catch some sleep now ...
foobar66 said:
This is WIP (work in progress) ... posting this as a separate thread to get other people involved so we can try to get rid of the annoying "Your device is corrupt" thing.
On the back of my thread on the splash screen (see https://forum.xda-developers.com/oneplus-6t/development/tool-splash-screen-modification-t3874158), @AnoopKumar and I started checking the bootloader.
The bootloader is in the partition called: abl_a (and/or abl_b) depending on whether you boot from A or B slot.
(https://forum.xda-developers.com/showpost.php?p=78409574&postcount=28)
All below is on Linux ... I am not a Windows guru ...
Take a raw dump of the abl_a partition. Reboot into TWRP, once there do: "adb shell".
You will now have the dump of the bootloader partition in the file
Then, use "binwalk" to see what is inside the abl_a image:
I am thinking that bytes 0...4487 is the real bootloader code, so:
Not sure why it says "corrupt section header size".
Then check the detail of the ELF file:
The bootloader binary code is in the LOAD segment
More to follow later ... have to catch some sleep now ...
Click to expand...
Click to collapse
Wow! Excited to see this! Thanks
It doesn't matter if you find it.
I don't think you can flash a modified BL partition and have the device boot.
This is part of secure boot. The notice will always be there with an unlocked BL.
It's on all devices that have ARM trust zone and secure boot, if they run Android.
This is part of Google's requirements.
foobar66 said:
This is WIP (work in progress) ... posting this as a separate thread to get other people involved so we can try to get rid of the annoying "Your device is corrupt" thing.
On the back of my thread on the splash screen (see https://forum.xda-developers.com/oneplus-6t/development/tool-splash-screen-modification-t3874158), @AnoopKumar and I started checking the bootloader.
The bootloader is in the partition called: abl_a (and/or abl_b) depending on whether you boot from A or B slot.
(https://forum.xda-developers.com/showpost.php?p=78409574&postcount=28)
All below is on Linux ... I am not a Windows guru ...
Take a raw dump of the abl_a partition. Reboot into TWRP, once there do: "adb shell".
Code:
> adb shell
# dd if=/dev/block/bootdevice/by-name/abl_b of=/sdcard/img.abl_a
# <ctrl-D>
> adb pull /sdcard/img.abl_a
You will now have the dump of the bootloader partition in the file
Then, use "binwalk" to see what is inside the abl_a image:
Code:
> binwalk -e img.abl_a
DECIMAL HEXADECIMAL DESCRIPTION
--------------------------------------------------------------------------------
0 0x0 ELF, 32-bit LSB executable, ARM, version 1 (SYSV)
4488 0x1188 Certificate in DER format (x509 v3), header length: 4, sequence length: 1279
5771 0x168B Certificate in DER format (x509 v3), header length: 4, sequence length: 1133
6908 0x1AFC Certificate in DER format (x509 v3), header length: 4, sequence length: 1149
12408 0x3078 LZMA compressed data, properties: 0x5D, dictionary size: 16777216 bytes, uncompressed size: 487624 bytes
I am thinking that bytes 0...4487 is the real bootloader code, so:
Code:
> head --bytes=4488 img.abl_b > abc
> file abc
abc: ELF 32-bit LSB executable, ARM, version 1 (SYSV), statically linked, corrupted section header size
Not sure why it says "corrupt section header size".
Then check the detail of the ELF file:
Code:
> readelf abc
ELF Header:
Magic: 7f 45 4c 46 01 01 01 00 00 00 00 00 00 00 00 00
Class: ELF32
Data: 2's complement, little endian
Version: 1 (current)
OS/ABI: UNIX - System V
ABI Version: 0
Type: EXEC (Executable file)
Machine: ARM
Version: 0x1
Entry point address: 0x9fa00000
Start of program headers: 52 (bytes into file)
Start of section headers: 0 (bytes into file)
Flags: 0x0
Size of this header: 52 (bytes)
Size of program headers: 32 (bytes)
Number of program headers: 3
Size of section headers: 0 (bytes)
Number of section headers: 0
Section header string table index: 0
There are no sections in this file.
There are no sections to group in this file.
Program Headers:
Type Offset VirtAddr PhysAddr FileSiz MemSiz Flg Align
NULL 0x000000 0x00000000 0x00000000 0x00094 0x00000 0
NULL 0x001000 0x9fa30000 0x9fa30000 0x01988 0x02000 0x1000
LOAD 0x003000 0x9fa00000 0x9fa00000 0x30000 0x30000 RWE 0x1000
There is no dynamic section in this file.
There are no relocations in this file.
Dynamic symbol information is not available for displaying symbols.
No version information found in this file.
Elf file type is EXEC (Executable file)
Entry point 0x9fa00000
There are 3 program headers, starting at offset 52
The bootloader binary code is in the LOAD segment
More to follow later ... have to catch some sleep now ...
Click to expand...
Click to collapse
Good job, if needed i can help with the checking
tech_head said:
It doesn't matter if you find it.
I don't think you can flash a modified BL partition and have the device boot.
This is part of secure boot. The notice will always be there with an unlocked BL.
It's on all devices that have ARM trust zone and secure boot, if they run Android.
This is part of Google's requirements.
Click to expand...
Click to collapse
abl.img is not the bootloader i guess.
tech_head said:
It doesn't matter if you find it.
I don't think you can flash a modified BL partition and have the device boot.
This is part of secure boot. The notice will always be there with an unlocked BL.
It's on all devices that have ARM trust zone and secure boot, if they run Android.
This is part of Google's requirements.
Click to expand...
Click to collapse
On other devices they've been able to swap this image with another one to "hide" the message, to "get rid of it".
Would we sweet if we could get rid of the unlocked bootloader message too.
dennisbednarz said:
Would we sweet if we could get rid of the unlocked bootloader message too.
Click to expand...
Click to collapse
+1
U guys should talk [email protected] We had this issue of broken verity with the essential phone and he came up with a redboot.img that u flash and it bootloops the phone and fixes verity. It keeps bootlooping till.it fixes it, then u flash a proper kernel and you are good. Cuz as It stands one can only resolve this properly with the tool
jacksummers said:
U guys should talk [email protected] We had this issue of broken verity with the essential phone and he came up with a redboot.img that u flash and it bootloops the phone and fixes verity. It keeps bootlooping till.it fixes it, then u flash a proper kernel and you are good. Cuz as It stands one can only resolve this properly with the tool
Click to expand...
Click to collapse
Different issue.
They are not trying to get rid of the red warning but the yellow warning for an unlocked BL.
On this phone, if you have a "red" warning you use the MSMDownload tool and go back factory including locking the BL.
This is a different case.
Well ... bad luck ... I tried to change abl_b and reflash it ... phone is sort of *dead* now.
Does no longer boot at all.
However, when I plug it into the PC, I can see:
Code:
> lsusb
Bus 001 Device 034: ID 05c6:9008 Qualcomm, Inc. Gobi Wireless Modem (QDL mode)
And then:
Code:
> dmesg
[ 9395.999112] usb 1-1: new high-speed USB device number 34 using xhci_hcd
[ 9396.149376] usb 1-1: New USB device found, idVendor=05c6, idProduct=9008
[ 9396.149380] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=0
[ 9396.149383] usb 1-1: Product: QUSB_BULK_CID:0402_SN:33B9DDAC
[ 9396.149386] usb 1-1: Manufacturer: Qualcomm CDMA Technologies MSM
[ 9396.150184] qcserial 1-1:1.0: Qualcomm USB modem converter detected
[ 9396.150372] usb 1-1: Qualcomm USB modem converter now attached to ttyUSB0
So it is not completely *dead* but in some sort of Qualcomm low level mode. I found some info here: https://together.jolla.com/question...ss-modem-any-chance-to-bring-it-back-to-life/ but did not make any progress yet.
EDIT: looking at MsmDownloadTool to debrick the phone ...
foobar66 said:
Well ... bad luck ... I tried to change abl_b and reflash it ... phone is sort of *dead* now.
Does no longer boot at all.
However, when I plug it into the PC, I can see:
Code:
> lsusb
Bus 001 Device 034: ID 05c6:9008 Qualcomm, Inc. Gobi Wireless Modem (QDL mode)
And then:
Code:
> dmesg
[ 9395.999112] usb 1-1: new high-speed USB device number 34 using xhci_hcd
[ 9396.149376] usb 1-1: New USB device found, idVendor=05c6, idProduct=9008
[ 9396.149380] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=0
[ 9396.149383] usb 1-1: Product: QUSB_BULK_CID:0402_SN:33B9DDAC
[ 9396.149386] usb 1-1: Manufacturer: Qualcomm CDMA Technologies MSM
[ 9396.150184] qcserial 1-1:1.0: Qualcomm USB modem converter detected
[ 9396.150372] usb 1-1: Qualcomm USB modem converter now attached to ttyUSB0
So it is not completely *dead* but in some sort of Qualcomm low level mode. I found some info here: https://together.jolla.com/question...ss-modem-any-chance-to-bring-it-back-to-life/ but did not make any progress yet.
EDIT: looking at MsmDownloadTool to debrick the phone ...
Click to expand...
Click to collapse
Use this https://forum.xda-developers.com/oneplus-6t/how-to/tool-6t-msmdownloadtool-v4-0-oos-9-0-5-t3867448
Should try for several times with instruction here
Question - when does device show red warning? When u disable dm verity?
I unlocked and rooted but only had yellow warning, but when i installed aosp gsi i had a red warning. Once of the step to install the rom was flashing vbmeta and disabling dm verity.
patelparth120595 said:
Question - when does device show red warning? When u disable dm verity?
I unlocked and rooted but only had yellow warning, but when i installed aosp gsi i had a red warning. Once of the step to install the rom was flashing vbmeta and disabling dm verity.
Click to expand...
Click to collapse
Disabled dm-verity caused red warning, i guess.
---------- Post added at 10:01 AM ---------- Previous post was at 09:58 AM ----------
foobar66 said:
Well ... bad luck ... I tried to change abl_b and reflash it ... phone is sort of *dead* now.
Does no longer boot at all.
However, when I plug it into the PC, I can see:
And then:
So it is not completely *dead* but in some sort of Qualcomm low level mode. I found some info here: https://together.jolla.com/question...ss-modem-any-chance-to-bring-it-back-to-life/ but did not make any progress yet.
EDIT: looking at MsmDownloadTool to debrick the phone ...
Click to expand...
Click to collapse
Edited abl.img ? and flashed via recovery/fastboot ?
AnoopKumar said:
Edited abl.img ? and flashed via recovery/fastboot ?
Click to expand...
Click to collapse
No, just flashed using dd command in TWRP shell.
foobar66 said:
No, just flashed using dd command in TWRP shell.
Click to expand...
Click to collapse
Phone still dead ?
OK ... I managed to recover my phone !
A windows PC with the MSM program did the trick.
I am now back to stock 9.0.5
foobar66 said:
OK ... I managed to recover my phone !
A windows PC with the MSM program did the trick.
I am now back to stock 9.0.5
Click to expand...
Click to collapse
I assume that, there is nothing to do with the abl.img. Only thing we can do with it is change the default strings to a song lyric or something. abl.img is the uefi firmware i guess. Bootloader is using the images stored in the logo partition.
Gsi's flash without breaking verity if u flash to both slots. And totally format. Fastboot -w. The phone sees any changes to partitions as corruption and breaks verity, hence red warning.. if someone would be inclined to talk to invisiblek from the essential threads, he could tell u of a fix. The solution is not in abl. It's in the stock boot.img. if I had more time, I would help
---------- Post added at 02:52 PM ---------- Previous post was at 02:51 PM ----------
tech_head said:
Different issue.
They are not trying to get rid of the red warning but the yellow warning for an unlocked BL.
On this phone, if you have a "red" warning you use the MSMDownload tool and go back factory including locking the BL.
This is a different case.
Click to expand...
Click to collapse
No, they are talking about breaking verity also. Seems to be both messages, but more recently the broken verity message. Which there is two types, one u can boot from, one u cannot.
jacksummers said:
U guys should talk [email protected] We had this issue of broken verity with the essential phone and he came up with a redboot.img that u flash and it bootloops the phone and fixes verity. It keeps bootlooping till.it fixes it, then u flash a proper kernel and you are good. Cuz as It stands one can only resolve this properly with the tool
Click to expand...
Click to collapse
I would love that idea. That would be really nice to have on our device
I have tried to mod my Nokia Lumia 930. My bootloader was already unlocked for side loading. Now I wanted to mod Astoria on it so that I can also use Android apps. However, Windows Phone Internals kept telling me that my phone is already unlocked. When starting the Mass Storage Mode and Enabled Toor Access, the message of the missing FFU appeared.
After trying to reflash, I entered the red bootloop and could no longer access the phone. The recovery tool also failed here.
When using the Thor2 tool manually, the following message appeared:
Bash:
PS C:\Program Files (x86)\Microsoft Care Suite\Windows Device Recovery Tool> .\thor2.exe -mode uefiflash -ffufile "..\..\..\Users\myUser\Downloads\windowsphone-deploy\Repository\RM-1045\RM1045_02540.00019.15234.50006_RETAIL_prod_signed_1012_02699D_000-DE.ffu"
THOR2 1.8.2.18
Built for Windows @ 13:36:46 Jun 16 2015
Thor2 is running on Windows of version 6.2
............
programming operation failed!
327681 Error: Unable to send or receive message.
Operation took about 8.00 seconds. Average transfer speed was 2.65 MB/s.
THOR2_ERROR_UNABLE_TO_SEND_OR_RECEIVE_MESSAGE_DURING_SFFU_PROGRAMMING
The phone went off and since then it is not responding. Also not on the power button or the combo power button + volume down.
Full Log:
Spoiler
Bash:
PS C:\Program Files (x86)\Microsoft Care Suite\Windows Device Recovery Tool> .\thor2.exe -mode uefiflash -ffufile "..\..\..\Users\MyUser\Downloads\windowsphone-deploy\Repository\RM-1045\RM1045_02540.00019.15234.50006_RETAIL_prod_signed_1012_02699D_000-DE.ffu"
THOR2 1.8.2.18
Built for Windows @ 13:36:46 Jun 16 2015
Thor2 is running on Windows of version 6.2
C:\Program Files (x86)\Microsoft Care Suite\Windows Device Recovery Tool\thor2.exe -mode uefiflash -ffufile ..\..\..\Users\MyUser\Downloads\windowsphone-deploy\Repository\RM-1045\RM1045_02540.00019.15234.50006_RETAIL_prod_signed_1012_02699D_000-DE.ffu
Process started Thu Dec 29 21:58:12 2022
Logging to file C:\Users\MyUser\AppData\Local\Temp\thor2_win_20221229215812_ThreadId-51424.log
Debugging enabled for uefiflash
Initiating FFU flash operation
WinUSB in use.
isDeviceInNcsdMode
isDeviceInNcsdMode is false
Device mode 6 Uefi mode
[THOR2_flash_state] Pre-programming operations
Disable timeouts
Get flashing parameters
Lumia Flash detected
Protocol version 2.34 Implementation version 2.59
Size of one transfer is 2363392
MMOS RAM support: 1
Size of buffer is 2359296
Number of eMMC sectors: 61071360
Platform ID of device: Nokia.MSM8974.P6180.2.2
Async protocol version: 01
Security info:
Platform secure boot enabled
Secure FFU enabled
JTAG eFuse blown
RDC not found
Authentication not done
UEFI secure boot enabled
SHK enabled
Device supports FFU protocols: 0015
Subblock ID 32
[THOR2_flash_state] Device programming started
Using secure flash method
CoreProgrammer version 2015.06.10.001.
Start programming signed ffu file ..\..\..\Users\MyUser\Downloads\windowsphone-deploy\Repository\RM-1045\RM1045_02540.00019.15234.50006_RETAIL_prod_signed_1012_02699D_000-DE.ffu
FfuReader version is 2015061501
Send FlashApp write parameter: 0x4d544f00
Perform handshake with UEFI...
Flash app: Protocol Version 2.34 Implementation Version 2.59
Unknown sub block detected. Skip...
DevicePlatformInfo: Nokia.MSM8974.P6180.2.2
Unknown sub block detected. Skip...
Unknown sub block detected. Skip...
Supported protocol versions bitmap is 15
Secure FFU sync version 1 supported.
Secure FFU async version 1 supported.
Secure FFU sync version 2 supported.
Secure FFU async version 2 supported.
CRC header v. 1
CRC align bytes. 4
Get CID of the device...
Get EMMC size of the device...
Emmc size in sectors: 61071360
CID: Samsung, Size 29820 MB
Start charging...
Start charging... DONE. Status = 0
ConnSpeedEcho: Elapsed= 0.212000, EchoSpeed= 31.84, Transferred= 7077918 bytes
Get security Status...
Security Status:
Platform secure boot is enabled.
Secure eFUSE is enabled.
JTAG is disabled.
RDC is missing from the device.
Authentication is not done.
UEFI secure boot is enabled.
Secondary HW key exists.
Get RKH of the device...
RKH of the device is 800EEB508F7BBDF12A19262621FD837297A3B062FE2A7078C0F3167E57F21217
Get ISSW Version...
ISSW Version: 216
Mon Aug 11 15:16:52 EEST 2014;ISSW v0216; main; OS; DNE; KCI 1296; ASIC 8974;
Get system memory size...
Size of system mem: 2097152 KB
Read antitheft status...
Requested read param 0x41545250 is not supported by this flash app version.
Send backup to RAM req...
Clearing the backup GPT...SKIPPED!
Successfully parsed FFU file. Header size: 0x000e0000, Payload size: 0x000000006f400000, Chunk size: 0x00020000, Header offset: 0x00000000, Payload offset: 0x00000000000e0000
RKH match between device and FFU file!
Option: Skip CRC32 check in use
Start sending header data...
Start sending payload data V2Sbl in async mode...
Percents: 0
Percents: 1
Exception during programming: 262160
Safe write descriptor index reached: false
Payload data transfer speed (16.88 MB/s) Elapsed time 1.33 sec
Payload data size 22.500305 MB
[IN] programSecureFfuFile. Closing ..\..\..\Users\MyUser\Downloads\windowsphone-deploy\Repository\RM-1045\RM1045_02540.00019.15234.50006_RETAIL_prod_signed_1012_02699D_000-DE.ffu
programming operation failed!
327681 Error: Unable to send or receive message.
Operation took about 8.00 seconds. Average transfer speed was 2.65 MB/s.
THOR2_ERROR_UNABLE_TO_SEND_OR_RECEIVE_MESSAGE_DURING_SFFU_PROGRAMMING
THOR2 1.8.2.18 exited with error code 262160 (0x40010)
This means your phone is hardbricked you should take it to the service center
Is der a solution without service center? Its out of support.
Huskynarr said:
Is der a solution without service center? Its out of support.
Click to expand...
Click to collapse
does jtag work?
Nope, doesnt work. Have send it now back to seller.