Results 1 to 1 of 1

Thread: [12.02.2012][ROOT] TriangleAway v1.0 ONly For SGS II

  1. #1
    Junior Poster NOMIOMI's Avatar
    Phone model
    Galaxy s2 N95.N8.Phton4g
    Join Date
    Oct 2011

    Thumbs up [12.02.2012][ROOT] TriangleAway v1.0 ONly For SGS II

    This app can reset your flash counter and triangle on ICS builds. The download is attached.

    ( and by brick I mean brick - only a board replacement or a JTAG unit will be able to save you, don't mess with boot(loader) stuff unless you really mean it! )

    Please check the values the app displays are correct before resetting the counters. There really isn't much more to say about it, except for the technical details, which most of you will likely skip.

    Also, Samsung may well change behavior for this in the future, so with any major firmware updates you should check and doublecheck if this app still works before attempting a reset.

    Technical details

    Secured URL

    The flash counter and triangle state had to be stored somewhere. Everybody knew that. Guesses have been made in the past where it could be, and I have personally compared the raw flash disk contents between different amount of custom flashes in the past, unable to find any differences. You can dump and compare the entire /dev/block/mmcblk0 and you won't find a difference (you'll find a few unallocated and unused gaps, though).

    The solution comes with the new kernel uses by ICS builds. The flash disk actually has two hidden boot partitions, /dev/block/mmcblk0boot0 and /dev/block/mmcblk0boot1 . The MMC driver in the kernels used for Gingerbread did not present these partitions in the past, the MMC driver in the ICS kernel does.

    Teamhacksung members said something about having found the location, so I retried locating the position on ICS. Until recently I had always ran the KH4 Gingerbread build because until the LPB ICS build USB host was not properly supported on ICS, and I need that for other apps I make. It's really easy to find now on ICS. Dump and compare the partitions and you'll have found them in no time. To do all that for you, there are two variables:

    custom flash counter, /dev/block/mmcblk0boot0 @ 0x0020004
    triangle display state, /dev/block/mmcblk0boot0 @ 0x0020008

    I treat the custom flash counter as a 32 bit value in this tool, but it could well be an 8 bit value - 3 of the 4 bytes are 0. The triangle display state is either an 8 bit value (I treat it as such) or a 16 bit value (with the 2nd byte being 0). The triangle display state variable will be 2 for invisible, and 1 for visible.

    These boot partitions are presented as readonly by default, but allowing modification is a simple matter of executing the following before writing the data:

    echo 0 > /sys/block/mmcblk0boot0/force_ro

    That should give you all the information you need to replicate this. A number of bytes trailing the custom flash counter and triangle display state variables also change between flashes and appear to be checksum related.

    The app checks for a device model starting with GT-I9000 just to be sure you don't use this on any weird device.

    As stated above, this isn't easily doable on Gingerbread. That is also why this currently does not work on the SGNote. When ICS is released for the SGNote it'll probably be trivial to make it compatible. I say not easily doable, because it is not impossible. If you put a lot of effort into it, you can probably talk to the MMC device directly and modify these partitions, I personally don't feel it is worth the effort for Gingerbread, as (at the time of this writing) official ICS firmwares should be available for both the SGS2 as well as the SGNote very shortly.


    Secured URL
    Last edited by NOMIOMI; 15th February 2012 at 10:10.

  2. Welcome

    To see more of this thread, please login or register.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts