Why not a nexus chipset ?
Peter Zotov
whitequark at whitequark.org
Wed Oct 3 00:14:56 CEST 2012
Maciej Grela писал 02.10.2012 02:00:
>> My colleague/friend Sergey Gridassov[1] has been developing a
>> replacement
>> RIL[2]
>> for SGS2 and found everything of the above. He probably won't be
>> posting to
>> this list because he's not a native English speaker, but if there is
>> enough
>> interest (and it seems that there is), I could prepare and post the
>> relevant
>> instructions. It's pretty trivial actually.
>>
>
> Please do publish them. This is pretty cool.
>
> Regards,
> Maciej Grela
Assuming you know C, consider this code:
https://github.com/grindars/android_hardware_samsung_freeril/blob/jellybean/libsamsung-ipc/SamsungModem.cpp
The boot process is IROM->PSI->EBL->SecureImage. Authenticity of PSI is
not checked.
He has verified this by changing the magic constant 0xDEADDEAD and
booting PSI.
Speaking about 0xDEADDEAD, it's a command ID which makes the PSI make a
complete
RAM dump. So, then he has sent the modified command and successfully
obtained a
dump.
The rest should be obvious from the source.
--
WBR, Peter Zotov.
More information about the baseband-devel
mailing list