Hovatek Forum DEVELOPMENT Android [Development] [SOLUTION] to fix touch not working on TWRP / Philz due to kernel disabled touch
Try our Online TWRP Builder..its free!
Can't login? Please, reset your password.


[Development] [SOLUTION] to fix touch not working on TWRP / Philz due to kernel disabled touch

[Development] [SOLUTION] to fix touch not working on TWRP / Philz due to kernel disabled touch

Pages (18): Previous 16 7 8 9 1018 Next
SachinBorkar
SachinBorkar
SachinBorkar
Senior Member
218
29-03-2019, 07:41 PM
#71



(29-03-2019, 04:08 PM)X3non first post has been updated with a few new infos!!
Problem solved.... :-)


For ARM v8a ( AArch64) little endian


The kernel can debug and decompile by :
Hopper ( similar as IDA )


Note : Hopper can run only on following platforms :
Mac OS X, Ubuntu Linux & So on Linux Distro......

Download hopper @ https://www.hopperapp.com/
This post was last modified: 30-03-2019, 02:58 PM by X3non.
SachinBorkar
SachinBorkar
SachinBorkar
Senior Member
218
29-03-2019, 07:42 PM
#72
(29-03-2019, 07:41 PM)SachinBorkar
(29-03-2019, 04:08 PM)X3non first post has been updated with a few new infos!!
Problem solved.... :-)


For ARM v8a ( AArch64) little aindian


The kernel can debug and decompile by :


Hopper ( similar as IDA )





Sent from my Titanium Vista 4G using Tapatalk
Hopper - Download
https://www.hopperapp.com

Note : This is trial version for 1 month.
This post was last modified: 29-03-2019, 08:47 PM by SachinBorkar.
SachinBorkar
SachinBorkar
SachinBorkar
Senior Member
218
29-03-2019, 07:46 PM
#73
(29-03-2019, 12:29 PM)X3non
(28-03-2019, 06:28 PM)SachinBorkar @X3non please help me to deassamble the kernel.
Processor architecture is :
ARM v8a (AArch64)
Is it possible for IDA to decompile or decode it.
OR
can I try manually patch the kernel via hex editor ( by trying manually to decode section of touch driver )

Sent from my Titanium Vista 4G using Tapatalk

@mikesew needs to attaches his symbl.txt file
i think he's kernel should be 'ARM little endian' > 0xFFFFFFC000080000 as start address but without symbls then there's nothing to proceed further with

about patching the kernel manually, this might be possible. one could try something like this
since it seems in assembly language "CMP R0, #2" translate to "02 00 50 E3" in hex (seems to be a constant at least in the kernels i've check just comprises yours & mine which isn't much)
one could try modifying all "02 00 50 E3" found within the uncompressed kernel and test them one after the other till one eventually works.


it'll boring and tedious work cause there'll surely be about 100s of those found, so it means 100 times changing the values > compressing to gz > repacking the recovery > flashing the recovery to the phone.
maybe someone who badly needs touch working could try but definitely not me though

BTW see https://www.hovatek.com/forum/thread-27200.html ; success on a second device with patched kernel and touch working.
Correction Here :.


ARM v8a ( AArch64)

Is a 64bit kernel.



64bit value are different than 32bit of instructions.



** considered the second option was dangerous joke for me and device too [emoji3][emoji16][emoji23] [emoji39] **
This post was last modified: 30-03-2019, 11:03 AM by SachinBorkar.
SachinBorkar
SachinBorkar
SachinBorkar
Senior Member
218
29-03-2019, 07:55 PM
#74
(29-03-2019, 07:46 PM)SachinBorkar
(29-03-2019, 12:29 PM)X3non
(28-03-2019, 06:28 PM)SachinBorkar @X3non please help me to deassamble the kernel.
Processor architecture is :
ARM v8a (AArch64)
Is it possible for IDA to decompile or decode it.
OR
can I try manually patch the kernel via hex editor ( by trying manually to decode section of touch driver )

Sent from my Titanium Vista 4G using Tapatalk

@mikesew needs to attaches his symbl.txt file
i think he's kernel should be 'ARM little endian' > 0xFFFFFFC000080000 as start address but without symbls then there's nothing to proceed further with

about patching the kernel manually, this might be possible. one could try something like this
since it seems in assembly language "CMP R0, #2" translate to "02 00 50 E3" in hex (seems to be a constant at least in the kernels i've check just comprises yours & mine which isn't much)
one could try modifying all "02 00 50 E3" found within the uncompressed kernel and test them one after the other till one eventually works.


it'll boring and tedious work cause there'll surely be about 100s of those found, so it means 100 times changing the values > compressing to gz > repacking the recovery > flashing the recovery to the phone.
maybe someone who badly needs touch working could try but definitely not me though

BTW see https://www.hovatek.com/forum/thread-27200.html ; success on a second device with patched kernel and touch working.
Correction Here :.


ARM v8a ( AArch64)

Is a 64bit kernel.



64bit value are different than 32bit of instructions.




Sent from my Titanium Vista 4G using Tapatalk
"1F 08 00 71"


Is a hex value of



CMP W0, #2 // ARMv8 AArch64



Simply replace this by


"1F 20 03 D5". // nop


Which means no operation.




This will not compare either

get_boot_mode = recovery_mode( 2 )


and zero flag will remain as it is so CPU can't take jump or branch the instruction.






Or

According to hopper tool.

just replace it with



" 1F 00 00 71" // CMP w0, #0x0
This post was last modified: 30-03-2019, 11:08 AM by SachinBorkar.
SachinBorkar
SachinBorkar
SachinBorkar
Senior Member
218
29-03-2019, 07:59 PM
#75



(29-03-2019, 12:29 PM)X3non
(28-03-2019, 06:28 PM)SachinBorkar @X3non please help me to deassamble the kernel.
Processor architecture is :
ARM v8a (AArch64)
Is it possible for IDA to decompile or decode it.
OR
can I try manually patch the kernel via hex editor ( by trying manually to decode section of touch driver )

Sent from my Titanium Vista 4G using Tapatalk

@mikesew needs to attaches his symbl.txt file
i think he's kernel should be 'ARM little endian' > 0xFFFFFFC000080000 as start address but without symbls then there's nothing to proceed further with

about patching the kernel manually, this might be possible. one could try something like this
since it seems in assembly language "CMP R0, #2" translate to "02 00 50 E3" in hex (seems to be a constant at least in the kernels i've check just comprises yours & mine which isn't much)
one could try modifying all "02 00 50 E3" found within the uncompressed kernel and test them one after the other till one eventually works.


it'll boring and tedious work cause there'll surely be about 100s of those found, so it means 100 times changing the values > compressing to gz > repacking the recovery > flashing the recovery to the phone.
maybe someone who badly needs touch working could try but definitely not me though

BTW see https://www.hovatek.com/forum/thread-27200.html ; success on a second device with patched kernel and touch working.
Congrats ! In some days we can able to create universal method to patch kernel.

Again

Congrats ! for device you patched with working touch.

Sent from my Titanium Vista 4G using Tapatalk
SachinBorkar
SachinBorkar
SachinBorkar
Senior Member
218
29-03-2019, 08:40 PM
#76
(29-03-2019, 03:20 PM)X3non Finding the start address of GZ is pretty easy using the file signature (magic number) but the end address is a little bit more difficult and requires a trial and error approach. When trying to find the end of compressed kernel, there are two likely errors you might run into. This post is aimed to help provide fix these errors. I'm using boot.img-zImage from tecno CXair as an example here but it's applicable to others as well

Two possible errors encountered while trying to decompress kernel using 7zip
  • There are some data after the end of the payload data
  • Unexpected end of data


How to fix 7zip kernel decompression error messages


  1. Open the file using HXD
  2. As usual, we'll search for the hex-value "6D 65 64 69 61 74 65 6B 2C 4D 54" , remember this is not the end address of GZipped kernel but it's the closest point we'll use in order to get the real end address

    [Image: How-to-fix-7zip-kernel-decompression-err...ages-3.jpg]

  3. Now we'll start selecting / highlighting and cutting items from this point (you can paste into a new file so as not to misplace what you cut), save the file and try extracting using 7zip
  4. If you get the error message "There are some data after the end of the payload data", then it means you still need to remove more values from the end of the file

    [Image: How-to-fix-7zip-kernel-decompression-err...ages-1.jpg]

  5. But if you get the error message "Unexpected end of data", then it means you've removed more than you should have. Simply undo and try to remove less than what you removed previously

    [Image: How-to-fix-7zip-kernel-decompression-err...ages-2.jpg]

Is it true that gz have always end with value "00" ?

Or

Its my myth ?

Sent from my Titanium Vista 4G using Tapatalk
SachinBorkar
SachinBorkar
SachinBorkar
Senior Member
218
30-03-2019, 02:44 AM
#77
Incase you're wondering what the ADB commands are for, here's a quick explanation

1. "ADB shell" and "SU"
adb commands to open root in adb window

2. echo 0 > /proc/sys/kernel/kptr_restrict
There is a restriction in kernel to dump symbols. This command removes the restriction

3. cat /proc/kallsyms >/sdcard/symbl.txt
cat command reads the contents of "kallsyms" and then outputs the contents into a new file "symbl.txt"

4. cat /proc/kallsyms | grep tpd_i2c_probe
cat command reads the contents of kallsyms then grep command searches for "tpd_i2c_probe" & filters the rest away and outputs any line containing "tpd_i2c_probe"

5. Exit
this command terminates and returns a level below. e.g going from 'root #' to 'shell $' OR from 'shell $' to 'adb'

6. adb pull /*****
adb command for copying files from phone to PC


Sent from my Titanium Vista 4G using Tapatalk
This post was last modified: 30-03-2019, 01:53 PM by X3non.
X3non
X3non
X3non
Recognized Contributor
22,062
30-03-2019, 04:02 PM
#78
(29-03-2019, 08:40 PM)SachinBorkar Is it true that gz have always end with value "00" ?
Or
Its my myth ?

Sent from my Titanium Vista 4G using Tapatalk

i've never known file types to have magic number endings
also i dont think it's documented anywhere that gz always ends with 00, so one cant say for sure


BTW do you have a 64 bit phone you're using to test?
if yes, try using IDA x64, this probably requires python x64 too
load the kernel > ARM little endian > 0xFFFFFFC000080000 > click Edit > Segments > edit segment... >
combination : public
segment bitness: 64 bit

see if ida is able to loads the segments sections then you load the idc script and symbls
This post was last modified: 30-03-2019, 04:04 PM by X3non.
X3non
X3non
X3non
Recognized Contributor
22,062
30-03-2019, 04:10 PM
#79
(29-03-2019, 07:55 PM)SachinBorkar "1F 08 00 71"
Is a hex value of
CMP W0, #2 // ARMv8 AArch64


Simply replace this by
"1F 20 03 D5". // nop

Which means no operation.

This will not compare either
get_boot_mode = recovery_mode( 2 )
and zero flag will remain as it is so CPU can't take jump or branch the instruction.
Or
According to hopper tool.
just replace it with

" 1F 00 00 71" // CMP w0, #0x0

to help others find important info such as this, i'm adding them to important notice section in the main guide
before adding this to the main guide,
has it been confirmed? i.e is the phone able to boot into recovery after nopping the command and repacking?
This post was last modified: 30-03-2019, 04:15 PM by X3non.
SachinBorkar
SachinBorkar
SachinBorkar
Senior Member
218
30-03-2019, 04:15 PM
#80



(30-03-2019, 04:10 PM)X3non
(29-03-2019, 07:55 PM)SachinBorkar "1F 08 00 71"
Is a hex value of
CMP W0, #2 // ARMv8 AArch64


Simply replace this by
"1F 20 03 D5". // nop

Which means no operation.

This will not compare either
get_boot_mode = recovery_mode( 2 )
and zero flag will remain as it is so CPU can't take jump or branch the instruction.
Or
According to hopper tool.
just replace it with

" 1F 00 00 71" // CMP w0, #0x0

before adding this to the main guide,
has it been confirmed? i.e is the phone able to boot into recovery after nopping the command and repacking?
Need a tester for it.

Sent from my Titanium Vista 4G using Tapatalk
Pages (18): Previous 16 7 8 9 1018 Next
Users browsing this thread:
 4 Guest(s)
Users browsing this thread:
 4 Guest(s)
YtWhTl
live chat
whatsapp telegram instagram