07:22 <Pinchiukas> To have a meaningful chance of creating a dts file for my device I need the fex file?

07:23 <gamiee> depends on what device with which SoC you have, but yeah, fex can help you a lot

07:23 <Pinchiukas> I don't really have a way to reach FEL mode. But I do have the possibility to boot into linux from an SD card and run sunxi-tools.

07:23 <Pinchiukas> Mine is a https://linux-sunxi.org/Ditter_U20

07:24 <gamiee> Pinchiukas: there is mentoined that it's possible to get into the FEL mode with on-board button, why don't use it? Also still, you can use SD card image which will automatically trigger FEL

07:29 <Pinchiukas> I mean I guess I can trigger FEL mode but I don't have an OTG cable to talk to the device. :D

07:31 <Pinchiukas> Maybe there is a way to get the fex file with sunxi-tools that I just didn't see?

07:32 <gamiee> If your box still have android inside, it might be easier for you to dump it from the OS

07:33 <Pinchiukas> I guess you're implying building a binary for the correct architecture, uploading it to the device and running it?

07:34 <gamiee> No no, if your Ditter have still working Android OS inside, you can boot it, get into the terminal, get root access (very easy, only one command), and dump it to sdcard

07:34 <Pinchiukas> Hmm... I can get to the terminal but what is the command you mean? 'su' doesn't really work in my case.

07:36 <gamiee> Write echo "rootmydevice" > /proc/sunxi_debug/sunxi_debug

07:36 <Pinchiukas> You have GOT to be kidding me. :D

07:37 <jernej> this one trick is pretty well know for past few years

07:37 <jernej> but it doesn't work on newer devices anymore

07:37 <Pinchiukas> Jesus christ! Alright, give me a few minutes to try this.

07:38 <jernej> anyway, one thing you can be certain of, is that if kernel is locked down, there will be custom interfaces, most probably in /sys, to get similar functionality

07:39 <jernej> for example, newer Android doesn't provide /dev/mem anymore, but there are custom drivers, which expose same functionality via sysfs

07:39 <gamiee> lol, good to know

07:40 <jernej> you need to be root to use them, but I didn't meet any of the shelf TV box, where su wouldn't work

07:41 <clever> is it possible to (in device tree) to bind an existing clock (from /sys/kernel/debug/clk/clk_summary) to a set of cpu's for cpufreq control?

07:42 <gamiee> Pinchiukas: after you will gain root access, you can dump the FEX from the NAND/eMMC, although, I absolutely don't know in which address is the script.bin (compiled FEX) placed

07:43 <jernej> gamiee: script.bin is usually part of U-Boot binary

07:44 <jernej> usually you dump whole U-Boot and search for signature and trim file to that address

07:44 <jernej> bintofex will ignore any extra data at the end

07:44 <jernej> *bin2fex

07:45 <gamiee> jernej: oh, good to know, thanks :)

07:49 <jernej> FYI, another trick when analyzing Android behaviour - several busybox applets don't have soft link to expose them as standalone programs

07:49 <jernej> devmem is usually one of those

07:50 <jernej> so run busybox and it will list all supported applets

07:51 <jernej> tftp is another one

07:57 <gamiee> btw, about the SID in mainline kernel, there isn't any way to write into it atm, right? (at least with nvram driver)

07:58 <jernej> no

07:58 <jernej> you shouldn't write it unless you absolutely know what are you doing

07:59 <jernej> but in that case, you'll be able to collect enough info from github to do it yourself

07:59 <gamiee> Yeah, atm, I'm not playing with security features, just want to burn my own serial number to OEM_PROGRAM part of efuse

08:00 <Pinchiukas> Looks like there is no /proc/sunxi* on my Android...

08:00 <jernej> gamiee: is there anything already?

08:01 <gamiee> Pinchiukas: I read somewhere that this root ability was introduced only in some kernel version starting since H3 (if I remember correctly?), so that's probably why. Anyway, you still can use devmem or any exploit for old kernel to get root

08:02 <jernej> gamiee: afaik, you can only turn 1 -> 0 (EPROM concept) so writing over already set fuses can be additionally dangerous

08:02 <Pinchiukas> Hmm I can do 'su' but apparently that just changes the prompt. I believe I'm still in some sort of sandbox.

08:03 <jernej> why?

08:03 <gamiee> jernej: oh, there is already some data in OEM_PROGRAM, then probably I would use NV1 part, which is all zeroes, so there shouldn't be a problem to burn anything.

08:03 <Pinchiukas> 'id' shows me I'm not uid 0.

08:03 <jernej> gamiee: only 1 -> 0

08:03 <Pinchiukas> Anyway, maybe I should just try dumping uboot or whatever contains the fex file?

08:04 <gamiee> jernej: on linux-sunxi wiki, it's written here that only 0 => 1

08:04 <gamiee> (90% of the eFuse is 0)

08:04 <jernej> ah, ok

08:04 <jernej> maybe it's inverted logic

08:05 <jernej> anyway, smaeul can help you here, I know only bits and pieces

08:07 <gamiee> Pinchiukas: you can try, but if you're not root, probably it will not work. But I remember that my friend used some exploit for 3.4 kernel to get root

08:08 <Pinchiukas> I'm not even sure any more. I can't even find the device file from which I guess I'd try to get uboot.

08:11 <Pinchiukas> Can anyone suggest how I could try to get the fex file? :)

08:11 <gamiee> jernej: thanks, I found some code which someone used for writing to eFuse and it worked, but it uses kernel functions, so I probably might try to rework that to use /dev/mem , but it's still quite risky

09:17 <MoeIcenowy> jernej: did you try to implement the scaler on DE2?

09:18 <jernej> MoeIcenowy: Scaler works fine for quite some time

09:18 <jernej> also on DE3

09:18 <jernej> however, I have problem with YUV scaler on DE3.3 (H616)

09:18 <MoeIcenowy> sorry

09:19 <MoeIcenowy> my sight seem to be broken

09:19 <MoeIcenowy> I say sun8i_[uv]i_scaler

09:19 <jernej> no problem :)

09:28 <Pinchiukas> Can anyone help me extract the fex data so that I can hopefully write a devicetree for my device?

09:42 <jernej> Pinchiukas: extract about first 15 MiB from eMMC and then we can talk further

09:42 <jernej> I have no idea about NAND procedure

09:59 <Pinchiukas> That's cool but maybe you can give me pointers on how to find the eMMC block device? :D

10:24 <jernej> one of the /dev/mmcblk

10:25 <jernej> just remove SD card and the only one that remains is eMMC

10:36 <Pinchiukas> jernej: there is no /dev/mmc* :)

10:36 <jernej> well, then you probably don't have eMMC

10:36 <jernej> do you have photo of PCB?

10:37 <Pinchiukas> I uploaded a couple to https://linux-sunxi.org/Ditter_U20 but can make more if neccessary.

10:38 <Pinchiukas> My 'mount' output: https://pastebin.com/raw/4djx24UV

10:40 <jernej> ok, your board has raw NAND chip - I don't board with that, so I can't help you here

10:54 <gamiee> smaeul: hi, I'm trying to burn efuses on my H3. I'm successfully reading them with registers method. But writing is not working. I created my own function but also used the same code that Allwinner's BSP u-boot uses for writing, no success. I'm trying to write into NV1 (0x14). Any guess where can be an issue? I noticed there is function named "set_efuse_voltage" before writing, also I read some mailing list about that some voltage needs to be s

13:26 <gamiee> update: I have confirmed that flashing of fuses works, since I can flash OEM_PROGRAM, but I can't flash NV1 :(

13:39 <gamiee> On H3, there is pin named "VDD_EFUSEEBP" which is grounded, maybe this pin needs to be pulled high to be able to burn into NV1?

13:41 <MoeIcenowy> Pinchiukas: you can try to read the physical memory (if /dev/mem exists) starting at 0x43000000

13:41 <MoeIcenowy> there should be script.bin

13:49 <gamiee> another update: NV2 is possible to burn

14:04 <Pinchiukas> MoeIcenowy: there is no "script.bin" anywhere in the filesystem. How exactly do I read the memory? Maybe there's a better way of doing it? Maybe some of the block device refers to storage? Here is the contents of my /dev: https://pastebin.com/raw/wK4UZ0Ub

18:36 <gamiee> https://gist.github.com/gamelaster/c34c70261692694904dc84df1c496879 if anyone want to burn fuses, use it at your own risk.