Hovatek Forum
Announcement: We've launched MTK Auto TWRP porter v1.4 and Android IMG unsign tool v1.0 (Mar, 2019)
[Development] [SOLUTION] to fix touch not working on TWRP / Philz due to kernel disabled touch - Printable Version

+- Hovatek Forum (https://forum.hovatek.com)
+-- Forum: DEVELOPMENT (https://forum.hovatek.com/forum-38.html)
+--- Forum: Android (https://forum.hovatek.com/forum-39.html)
+--- Thread: [Development] [SOLUTION] to fix touch not working on TWRP / Philz due to kernel disabled touch (/thread-27132.html)

Pages: 1 2 3 4 5 6 7 8 9 10 11 12


[SOLUTION] to fix touch not working on TWRP / Philz due to kernel disabled touch - SachinBorkar - 03-24-2019

In this tutorial, i'm going to show how i managed to patch kernel to enable touch in recovery TWRP / Philz.

WARNING


This worked for me and with my results, i've posted a working TWRP with touch @ https://forum.hovatek.com/thread-27138.html . You can try on your device if you wish and let us know if it works for you or not, but there's no guarantees it will work on your phone.


Requirements


Important Notice



Steps on how to patch kernel to enable touch in recovery TWRP / Philz


  1. Extract Android Image Kitchen & paste your recovery.img into the folder
  2. Double click on >> unpackimg.bat

    [Image: how-to-patch-kernel-to-enable-touch-in-t...very-1.jpg]

  3. After that your Image will Unpack and divides in two folders
    >> ramdisk
    >> split_img << zImage is kernel image and will be found in split_img folder

    [Image: how-to-patch-kernel-to-enable-touch-in-t...very-2.jpg]

  4. Open recovery.img-zImage (kernel) using 7zip then click on "Info"

    [Image: how-to-patch-kernel-to-enable-touch-in-t...very-3.jpg]

  5. It will display compression method used to compress the kernel (in my case i have GZ) along with a warning about payload data. Also take note of the "Packed Size" cause you'll need this later on then Exit 7zip

    [Image: how-to-patch-kernel-to-enable-touch-in-t...very-4.jpg]

  6. To get a decompressable kernel, we need to removed extra data before kernel & extra data after kernel using hxd editor
  7. Open the recovery.img-zImage using HXD editor (you can also just drag the file onto HXD window)

    [Image: how-to-patch-kernel-to-enable-touch-in-t...very-5.jpg]

  8. We're going to use the file signature of GZ (gzip) to search for the start and end address of kernel within this file
  9. Once the file is opened, click the beginning of the middle section (the middle section is the one in hex view) then click Search > Find

    [Image: how-to-patch-kernel-to-enable-touch-in-t...very-6.jpg]

  10. In the search window, click Hex-Values tab
    Code:
    Search for: 1F 8B  
    Direction: forward
    then click OK

    note this value "1F 8B" is the file signature (magic number) for GZ and if your kernel has a different compression method, you may search online for the file signature online)

    [Image: how-to-patch-kernel-to-enable-touch-in-t...very-7.jpg]

  11. The found item will be highlighted

    [Image: how-to-patch-kernel-to-enable-touch-in-t...very-8.jpg]

  12. Now select and highlight everything just before the found values till the beginning of the file then right click and CUT (this will remove the values from the file)

    [Image: how-to-patch-kernel-to-enable-touch-in-t...very-9.jpg]

  13. Press Ctrl + N in HXD to create a new empty file

    [Image: how-to-patch-kernel-to-enable-touch-in-t...ery-10.jpg]

  14. Click on Edit > Paste Write, the contents you CUT will be pasted into the new window then click File > Save As > save this file with something easy to remember e.g "begin of extra kernel data"

    [Image: how-to-patch-kernel-to-enable-touch-in-t...ery-11.jpg]

  15. Now we've removed the extra data at the beginning of the file, next will be to remove the extra data at the end
  16. Return back to the recovery.img-zImage window in HXD, click the beginning of the middle section (the middle section is the one in hex view) then click Search > Find > Hex Values
    Code:
    Search for: 6D 65 64 69 61 74 65 6B 2C 4D 54  
    Direction: forward
    then click OK

    note this value "6D 65 64 69 61 74 65 6B 2C 4D 54" is not the end address but we'll use from this point to get the actual end address)

  17. The found item will be highlighted, Now scroll up a little bit and you'll find a blank space like in the screenshot below.
  18. Look closely at the blank space, just before mine i have E2 00 as the end of my kernel, everything after this is extra data (yours might be different but leave the last two zeros 00 before the non zero values)

    [Image: how-to-patch-kernel-to-enable-touch-in-t...ery-12.jpg]

  19. Now select and highlight everything just after the values (E2 00 in my case) till the very end of the file then right click and CUT (this will remove the values from the file)

    [Image: how-to-patch-kernel-to-enable-touch-in-t...ery-13.jpg]

  20. As we did before, Press Ctrl + N in HXD to create a new empty file, then click on Edit > Paste Write , the contents you CUT will be pasted into the new window then click File > Save As > save this file with something easy to remember e.g "end of extra kernel data"
  21. Now save the recovery.img-zImage file, Click File > Save (this will save the changes you've made and the color in HXD should go from red to black)

    [Image: how-to-patch-kernel-to-enable-touch-in-t...ery-14.jpg]

  22. Now close recovery.img-zImage from HXD then open using 7zip > click Info to confirm the file no long has extra payload error. If it doesn't then simply extract the content using 7zip

  23. Now we need to dump the symbols from phone and get the touch driver entry point (loading point) from the phone using ADB. Launch ADB window and type the commands below, press Enter key after each line
    Code:
    adb shell
    su
    echo 0 > /proc/sys/kernel/kptr_restrict
    cat /proc/kallsyms >/sdcard/symbl.txt
    cat /proc/kallsyms | grep tpd_i2c_probe
    exit
    exit
    adb pull /sdcard/symbl.txt


    NOTE: the EXIT command remove su and adb shell thus reverts everything back to regular adb so you can pull

    [Image: how-to-patch-kernel-to-enable-touch-in-t...ery-15.jpg]

  24. The above commands will save symbols as symbl.txt on your phone then copy it over to your PC in adb folder and the last command will display the location of touch drivers, note down this address location somewhere. in my case i have "c06c4348"
  25. Now Launch IDA Pro > File > Open > locate the kernel~ file you extracted in the previous steps and Open the file
  26. Set Processor type as ARM little-endian (ARM) and leave the remaining values as they are then click OK
  27. Next change the values of "ROM start address" and "Loading address", leave the rest as they are then click OK
    Code:
    32 bit = 0xC0008000
    64 bit = 0xFFFFFFC000080000

    [Image: how-to-patch-kernel-to-enable-touch-in-t...ery-16.jpg]

  28. You may get a message about "IDA can not identify the entry point automatically as there is no standard of binaries" click OK to proceed
  29. Now you need to wait till IDA loads the kernel file completely, look out from when the yellow circle turns green. Once its green then IDA is done loading
  30. Click File > Script file... then navigate to and select the kallsyms_loader.idc you downloaded, after the file is loaded IDA will request for symbols, now select the symbl.txt file which we pulled from the phone earlier on.
  31. Wait until IDA loads everything completely

    [Image: how-to-patch-kernel-to-enable-touch-in-t...ery-17.jpg]

  32. Right click on the Yellow marked section and select "jump to address" > type in the address gotten from ADB (remember mine is "c06c4348") then click Enter

    [Image: how-to-patch-kernel-to-enable-touch-in-t...ery-18.jpg]

  33. Here it has taken us to where touch is been loaded or not depending if the phone is booted into recovery or normal boot.

    [Image: how-to-patch-kernel-to-enable-touch-in-t...ery-19.jpg]

  34. Get_boot_mode <<< it checks whether it is recovery mode or boot mode.
    Code:
    #2 is for recovery
    #0 is for boot.
    If it got getbootmode = 0; then it will activate touch or touch driver basically thinking the phone is going into boot mode.

    [Image: how-to-patch-kernel-to-enable-touch-in-t...ery-20.jpg]

  35. In IDA, click Options > General > Disassembly Tab > Number of opcode bytes: 6 then click OK

    [Image: how-to-patch-kernel-to-enable-touch-in-t...ery-24.jpg]

  36. You'll notice the yellow marked section has changed to hex values
  37. We need to note down at least 4 - 5 lines of this hex values. In my case i have the following values below
    Code:
    02 00 50 E3 46 00 00 0A 04 10 A0 E1 00 08 04 E3

    [Image: how-to-patch-kernel-to-enable-touch-in-t...ery-25.jpg]

  38. Close IDA and relaunch HXD editor then open the extracted kernel~ file using HXD
  39. Once the file is opened, click the beginning of the middle section (the middle section is the one in hex view) then click Search > Find > Hex Values
    Code:
    Search for: the hex values you noted down from the previous step above  (in my case it is "02 00 50 E3 46 00 00 0A 04 10 A0 E1 00 08 04 E3")
    Direction: forward
    then click OK

    [Image: how-to-patch-kernel-to-enable-touch-in-t...ery-26.jpg]

  40. Once found, modify the first value from 02 to 00 then save. Patching is done now time to recompress

    [Image: how-to-patch-kernel-to-enable-touch-in-t...ery-27.jpg]

  41. Return back to the top offset in HXD, we need to take note of certain details needed in order to compress. Close HXD once you're done

    Code:
    1) It is default file signature by gz.
    2) The parameters or properties of compressed gz file.
    3) Here is no Name of compressed file.

    Explanation of points 2 and 3.
    • Point 2.
      the 3rd value (usually in offset 02) in gz file always denotes compression method
      In my case it's 08 which means "Deflate Compression method".

      the 9th value (usually in offset 08) denotes Compression type
      In my case it's 02 which means "Max compression"

    • Point 3
      When we gzip any kernel the output file must have the same filename with the actual file kernel we're compressing
      It is clear that 7zip cannot be used to compress it. So ensure to use gzip for windows.

    [Image: how-to-patch-kernel-to-enable-touch-in-t...ery-28.jpg]

  42. Gzip is a command line tool so we must use within CMD or powershell
  43. Open the bin folder within the extracted Gzip, hold shift key then select open command prompt window or powershell window here
  44. Type the command below and hit Enter to compress the kernel back to GZ
    Code:
    gzip -n -k -9 "C:\Users\Sachin\Downloads\Android Image Kitchen\gzip kernel~"

    remember the points 2 and 3 we noted in the previous steps, this is where they play their part
    -n this indicates the file should have no name
    -9 indicates max compression
    -k keeps the original file i.e the original file won't be deleted incase you need it
    set the file location to the location on your PC and if the folder location of your kernel has spaces then you must enclose with ""

    [Image: how-to-patch-kernel-to-enable-touch-in-t...ery-29.jpg]

  45. Once compression is done,

  46. Open the newly compressed file using 7zip then click INFO, check and ensure the "Packed Size" matches the original file (the one you took note of earlier on)
  47. If it doesn't match the original file e.g the packed size is reduced by 1 byte, open the uncompressed kernel in hxd > scroll down to the end and add "00" in the hex section > re-compress back to GZ and check if the new Packed size matches. (The packed size must match that of the original or the recovery wont boot)
  48. Once the packed size matches then you can proceed to the next step
  49. Launch HXD, open the files you saved earlier on.
    • "begin of extra kernel data",
    • "end of extra kernel data"
    • the newly GZ compressed kernel file in the previous step above

  50. Select and copy everything from the newly GZ compressed kernel. (Shortcut keys is Ctrl + A then Ctrl + C)

  51. Paste the copied data at the very end of "begin of extra kernel data" in HXD

  52. Next, select and copy everything from "end of extra kernel data" then paste at the end of the newly modified "begin of extra kernel data" then Save As "recovery.img-zImage"
  53. So what you've done now is "begin + kernel + end"

  54. Copy the new "recovery.img-zImage" file into the split_img folder within Android Image Kitchen

  55. Repack the recovery by double clicking on >> "repackimg.bat"

  56. Now you can test the new patched custom recovery by flashing into recovery partition then check if the touch now works


Credits


RE: [ SOLUTION ] Touch is not working on TWRP/Philzdue to kernel disable touch. - X3non - 03-25-2019

(03-24-2019, 07:41 PM)SachinBorkar Wrote:  ...
Any corrections may be appreciate.

If useful then thanks me.

Sent from my Titanium Vista 4G using Tapatalk

sunday is more or less rest day [Image: smile.gif]
we'll look into drafting the guide for you later today, you could specify your phone model and chipset too (will come in handy when people start complaining it doesn't work for them)


RE: [ SOLUTION ] Touch is not working on TWRP/Philzdue to kernel disable touch. - SachinBorkar - 03-25-2019

(03-25-2019, 01:12 AM)X3non Wrote:  
(03-24-2019, 07:41 PM)SachinBorkar Wrote:  ...
Any corrections may be appreciate.

If useful then thanks me.

Sent from my Titanium Vista 4G using Tapatalk

sunday is more or less rest day [Image: smile.gif]
we'll look into drafting the guide for you later today, you could specify your phone model and chipset too (will come in handy when people start complaining it doesn't work for them)
MT6735/37 more info embedded with guide.

Sent from my Titanium Vista 4G using Tapatalk


[ SOLUTION ] Touch is not working on TWRP/Philz due to kernel disable touch. - SachinBorkar - 03-25-2019

More info about gzip file format is Here :

http://www.onicos.com/staff/iz/formats/gzip.html

Sent from my Titanium Vista 4G using Tapatalk


[ SOLUTION ] Touch is not working on TWRP/Philz due to kernel disable touch. - Mikesew - 03-25-2019

Hey bro I have two question for you sir my first question is:-

1) what is the exact processor type for Mediatek MT6737M ×64(64bit) processors can you tell me please?

Is that Arm big endian can i try using it?


2)Again can you tell me the start and execution address for Mediatek MT6737M ×64(64bit) processors, I think it is totally different from that off ×64(64bit).

My phone is:-

BRAND:-TECNO
MODEL:-TECNO CX Air
CHIPSET:-MT6737M 64bit
ANDROID:-7.0 Nougat
RAM:-2GB
ROM:-16GB


Please help me, I downloaded all the tool you just mentioned on the tutorial now I am waiting your answer.

Please........Please help me!

I want to have fully functional custom recovery. I am bored with flashing the recovery to boot partition and bla....bla


Sent from my TECNO CX Air using Tapatalk


RE: [ SOLUTION ] Touch is not working on TWRP/Philz due to kernel disable touch. - SachinBorkar - 03-25-2019

(03-25-2019, 05:17 PM)Mikesew Wrote:  Hey bro I have two question for you sir my first question is:-

1) what is the exact processor type for Mediatek MT6737M ×64(64bit) processors can you tell me please?

Is that Arm big endian can i try using it?


2)Again can you tell me the start and execution address for Mediatek MT6737M ×64(64bit) processors, I think it is totally different from that off ×64(64bit).

My phone is:-

BRAND:-TECNO
MODEL:-TECNO CX Air
CHIPSET:-MT6737M 64bit
ANDROID:-7.0 Nougat
RAM:-2GB
ROM:-16GB


Please help me, I downloaded all the tool you just mentioned on the tutorial now I am waiting your answer.

Please........Please help me!

I want to have fully functional custom recovery. I am bored with flashing the recovery to boot partition and bla....bla


Sent from my TECNO CX Air using Tapatalk
1 ]Try to see info of kernel image in 7z.
2 ] If your processor is 64 bit then use little aindian.
3] 0xFFFFFFC000080000 is starting address of 64bit kernel.


Sent from my Titanium Vista 4G using Tapatalk


[ SOLUTION ] Touch is not working on TWRP/Philz due to kernel disable touch. - Mikesew - 03-25-2019

What about the execution address?

Sent from my TECNO CX Air using Tapatalk


RE: [ SOLUTION ] Touch is not working on TWRP/Philz due to kernel disable touch. - SachinBorkar - 03-25-2019

(03-25-2019, 06:24 PM)Mikesew Wrote:  What about the execution address?

Sent from my TECNO CX Air using Tapatalk
0xFFFFFFC000080000

Sent from my Titanium Vista 4G using Tapatalk


RE: [ SOLUTION ] Touch is not working on TWRP/Philz due to kernel disable touch. - SachinBorkar - 03-25-2019

(03-25-2019, 06:26 PM)SachinBorkar Wrote:  
(03-25-2019, 06:24 PM)Mikesew Wrote:  What about the execution address?

Sent from my TECNO CX Air using Tapatalk
0xFFFFFFC000080000

Sent from my Titanium Vista 4G using Tapatalk
Here kernel starts to execute.

Sent from my Titanium Vista 4G using Tapatalk


[ SOLUTION ] Touch is not working on TWRP/Philz due to kernel disable touch. - Mikesew - 03-25-2019

Does the start and execution address are the same?

Sent from my TECNO CX Air using Tapatalk