Some Questions and Issues, still to be resolved

My Strategy / Way Points:

1. Find out if any Qfuses are blown, and which ones.

(What is the meaning/behavior of the various Qfuses on MSM8960?)

2. If we are not using Qfuses, how are the GPIO boot pins set?

3. If we are using Qfuses, what alternatives do we have to circumvent to reach code execution?

4. What is the meaning of the BOOT_CONFIG pins in (2).

5. How can we change GPIO to do what we want?

a) What do we want?

b) Is this a SW/FW hack or a HW hack?

6. How can we get our code to run?

a) Does it still need to be signed?

b) Where and when should it run?



The Issues

A) What are the:

a) cold-start BOOT_CONFIG settings?

b) warm-start BOOT_CONFIG settings?



Code: C30 MSM_RESOUT_N, AK28 BOOT_CONFIG_6 AH32 BOOT_FROM_ROM also BC[0:1] to verify...

B) How can we read all the GPIO settings as shown in #228 ?



Code: cat /sys/kernel/debug/gpio

Code: ... GPIOs 168-175, GPL0: gpio-171 (TSP_LDO_ON ) out lo gpio-172 (GPB ) in lo gpio-173 (_3_GPIO_TOUCH_INT ) in lo irq-537 edge-falling gpio-174 (USB_SEL ) out lo ...

Code: # To find all directories called "gpio": find / -type d -iname "gpio" #To find all regular files called "gpio": find / -type f -iname "gpio"

C) How to connect to your modem from a PC terminal when connected with USB cable?





Code: echo 0 > /sys/class/android_usb/android0/enable echo 04E8 > /sys/class/android_usb/android0/idVendor echo 6860 > /sys/class/android_usb/android0/idProduct echo diag > /sys/class/android_usb/android0/f_diag/clients echo 1 > /sys/class/android_usb/android0/f_acm/instances echo diag,acm,adb > /sys/class/android_usb/android0/functions echo 1 > /sys/class/android_usb/android0/enable start adbd setprop sys.usb.state sys.usb.config

Code: Code: AT // OK? ATI // device info ATZ // "reset" modem to default configuration (safe) ATE1 // turn on echo ATV1 // turn on verbose results AT+CLAC // lists all officially available AT commands AT+CGMI // Manufacturing Identification AT+CGMM // Model Identification AT+CGMR // Firmware Revision AT$QCDMG // Should cause phone/modem enter to diagnostic mode. (May be hard to exit...)

Code: AT$QCDMG // Transitions to Diagnostics Monitor (DM) operation AT$QCDMR=? // Sets DM baud rate (default 115200) AT&V // Dumps configuration paramters AT$CNTI* // Displays the access technology; // (Proprietary AT commands, AT&T Connection Manager)