[Development] [SOLUTION] to fix touch not working on TWRP / Philz due to kernel disabled touch
[Development] [SOLUTION] to fix touch not working on TWRP / Philz due to kernel disabled touch
(29-03-2019, 04:08 PM)X3non first post has been updated with a few new infos!!Problem solved.... :-)
(29-03-2019, 07:41 PM)SachinBorkarHopper - Download(29-03-2019, 04:08 PM)X3non first post has been updated with a few new infos!!Problem solved.... :-)
For ARM v8a ( AArch64) little aindian
The kernel can debug and decompile by :
Hopper ( similar as IDA )
Sent from my Titanium Vista 4G using Tapatalk
(29-03-2019, 12:29 PM)X3nonCorrection Here :.(28-03-2019, 06:28 PM)SachinBorkar @X3non please help me to deassamble the kernel.
Processor architecture is :
ARM v8a (AArch64)
Is it possible for IDA to decompile or decode it.
OR
can I try manually patch the kernel via hex editor ( by trying manually to decode section of touch driver )
Sent from my Titanium Vista 4G using Tapatalk
@mikesew needs to attaches his symbl.txt file
i think he's kernel should be 'ARM little endian' > 0xFFFFFFC000080000 as start address but without symbls then there's nothing to proceed further with
about patching the kernel manually, this might be possible. one could try something like this
since it seems in assembly language "CMP R0, #2" translate to "02 00 50 E3" in hex (seems to be a constant at least in the kernels i've check just comprises yours & mine which isn't much)
one could try modifying all "02 00 50 E3" found within the uncompressed kernel and test them one after the other till one eventually works.
it'll boring and tedious work cause there'll surely be about 100s of those found, so it means 100 times changing the values > compressing to gz > repacking the recovery > flashing the recovery to the phone.
maybe someone who badly needs touch working could try but definitely not me though
BTW see https://www.hovatek.com/forum/thread-27200.html ; success on a second device with patched kernel and touch working.
(29-03-2019, 07:46 PM)SachinBorkar"1F 08 00 71"(29-03-2019, 12:29 PM)X3nonCorrection Here :.(28-03-2019, 06:28 PM)SachinBorkar @X3non please help me to deassamble the kernel.
Processor architecture is :
ARM v8a (AArch64)
Is it possible for IDA to decompile or decode it.
OR
can I try manually patch the kernel via hex editor ( by trying manually to decode section of touch driver )
Sent from my Titanium Vista 4G using Tapatalk
@mikesew needs to attaches his symbl.txt file
i think he's kernel should be 'ARM little endian' > 0xFFFFFFC000080000 as start address but without symbls then there's nothing to proceed further with
about patching the kernel manually, this might be possible. one could try something like this
since it seems in assembly language "CMP R0, #2" translate to "02 00 50 E3" in hex (seems to be a constant at least in the kernels i've check just comprises yours & mine which isn't much)
one could try modifying all "02 00 50 E3" found within the uncompressed kernel and test them one after the other till one eventually works.
it'll boring and tedious work cause there'll surely be about 100s of those found, so it means 100 times changing the values > compressing to gz > repacking the recovery > flashing the recovery to the phone.
maybe someone who badly needs touch working could try but definitely not me though
BTW see https://www.hovatek.com/forum/thread-27200.html ; success on a second device with patched kernel and touch working.
ARM v8a ( AArch64)
Is a 64bit kernel.
64bit value are different than 32bit of instructions.
Sent from my Titanium Vista 4G using Tapatalk
(29-03-2019, 12:29 PM)X3nonCongrats ! In some days we can able to create universal method to patch kernel.(28-03-2019, 06:28 PM)SachinBorkar @X3non please help me to deassamble the kernel.
Processor architecture is :
ARM v8a (AArch64)
Is it possible for IDA to decompile or decode it.
OR
can I try manually patch the kernel via hex editor ( by trying manually to decode section of touch driver )
Sent from my Titanium Vista 4G using Tapatalk
@mikesew needs to attaches his symbl.txt file
i think he's kernel should be 'ARM little endian' > 0xFFFFFFC000080000 as start address but without symbls then there's nothing to proceed further with
about patching the kernel manually, this might be possible. one could try something like this
since it seems in assembly language "CMP R0, #2" translate to "02 00 50 E3" in hex (seems to be a constant at least in the kernels i've check just comprises yours & mine which isn't much)
one could try modifying all "02 00 50 E3" found within the uncompressed kernel and test them one after the other till one eventually works.
it'll boring and tedious work cause there'll surely be about 100s of those found, so it means 100 times changing the values > compressing to gz > repacking the recovery > flashing the recovery to the phone.
maybe someone who badly needs touch working could try but definitely not me though
BTW see https://www.hovatek.com/forum/thread-27200.html ; success on a second device with patched kernel and touch working.
(29-03-2019, 03:20 PM)X3non Finding the start address of GZ is pretty easy using the file signature (magic number) but the end address is a little bit more difficult and requires a trial and error approach. When trying to find the end of compressed kernel, there are two likely errors you might run into. This post is aimed to help provide fix these errors. I'm using boot.img-zImage from tecno CXair as an example here but it's applicable to others as wellIs it true that gz have always end with value "00" ?
Two possible errors encountered while trying to decompress kernel using 7zip
- There are some data after the end of the payload data
- Unexpected end of data
How to fix 7zip kernel decompression error messages
- Open the file using HXD
- As usual, we'll search for the hex-value "6D 65 64 69 61 74 65 6B 2C 4D 54" , remember this is not the end address of GZipped kernel but it's the closest point we'll use in order to get the real end address
- Now we'll start selecting / highlighting and cutting items from this point (you can paste into a new file so as not to misplace what you cut), save the file and try extracting using 7zip
- If you get the error message "There are some data after the end of the payload data", then it means you still need to remove more values from the end of the file
- But if you get the error message "Unexpected end of data", then it means you've removed more than you should have. Simply undo and try to remove less than what you removed previously
(29-03-2019, 08:40 PM)SachinBorkar Is it true that gz have always end with value "00" ?
Or
Its my myth ?
Sent from my Titanium Vista 4G using Tapatalk
(29-03-2019, 07:55 PM)SachinBorkar "1F 08 00 71"
Is a hex value of
CMP W0, #2 // ARMv8 AArch64
Simply replace this by
"1F 20 03 D5". // nop
Which means no operation.
This will not compare either
get_boot_mode = recovery_mode( 2 )
and zero flag will remain as it is so CPU can't take jump or branch the instruction.
Or
According to hopper tool.
just replace it with
" 1F 00 00 71" // CMP w0, #0x0
(30-03-2019, 04:10 PM)X3nonNeed a tester for it.(29-03-2019, 07:55 PM)SachinBorkar "1F 08 00 71"
Is a hex value of
CMP W0, #2 // ARMv8 AArch64
Simply replace this by
"1F 20 03 D5". // nop
Which means no operation.
This will not compare either
get_boot_mode = recovery_mode( 2 )
and zero flag will remain as it is so CPU can't take jump or branch the instruction.
Or
According to hopper tool.
just replace it with
" 1F 00 00 71" // CMP w0, #0x0
before adding this to the main guide,
has it been confirmed? i.e is the phone able to boot into recovery after nopping the command and repacking?