Check the other apps in priv-app, are they 644 and not 755? I forget, check it.
I'll write up a .sh to install the app,................. uninstall app, create uid , echo into the xml, install app. But not until mon or tue next week. something like "install.sh [uid] [apk]"
creates the uid, install app, fixes platform.xml, it will also check to see if the install is first time or a reinstall.
priv-app alone does not allow surface flinger for non-system uid. is there a fix just in manifest?
Also to note, we can do this perms thing only because it's an old version of droid, this feature has been deprecated, newer droid REQUIRES system uid to get at surface flinger.
That's not the point. The pub key is held in a trusted/protected area, just as they are when using keys auth for ssh, there's no priavte key on the system right, but it verifies only with a "trusted" pub key. The goal would be to find out how to add your pub key to the system keystore, and memory hacking is a way to do that. Once you can add your pub key to that protected keystore, then anything you sign with your private key will be trusted by the system.
KRNL 0x2400000 kernel
KRNL 0x3C00000 ramdisk (can be extracted with 7zip)
KRNL 0x5C00000 recovery (can be extracted with 7zip)
It seems that moving the application to /system/priv-app does not solve all the issues. This gives access to the API, but does not give access to resources. I think that a possible solution could be the method suggested by @Randy222 - editing the platform.xml file.
Your RKey.data is also stored there and right after the individual options:Code: [Select]000001B0 13 09 00 00 | ED F6 FF FF | 04 00 00 00 | FC FF FF FF | 82 7F 61 DD | 70 08 00 03
First word identifies the option Type (0x913 == RLU) followed by the complement word followed by length (4) then complemented
000001C8 15 09 00 00 | EB F6 FF FF | 04 00 00 00 | FC FF FF FF | 14 4F 66 AA | 70 08 00 02
then the CRC32 of the following 4 bytes. The last '03' means that 3 attempts have been made for the RLU option.
Also to note, we can do this perms thing only because it's an old version of droid, this feature has been deprecated, newer droid REQUIRES system uid to get at surface flinger.It's good that Rigol made an oscilloscope on an old version of Android
U-Boot 2014.10-RK3399-06-gb34072bb7d (Aug 23 2023 - 11:38:38)
[ 0.000000] Linux version 4.4.126 (adil@ubuntu) (gcc version 6.3.1 20170404 (Linaro GCC 6.3-2017.05) ) #72 SMP PREEMPT Tue Jul 18 13:47:35 CST 2023
...
One issue I run into was that the timezone was being reset on each boot - sadly they force the timezone in the startup script:
adb shell
su -
cd /rigol/shell; cp start_rigol_app.sh start_rigol_app.sh.orig
sed -i 's?setprop persist.sys.timezone Asia/Shanghai?setprop persist.sys.timezone America/New_York?' start_rigol_app.sh
Greetings to all. Today I tried to fix the time zone by this way and got a broken scope with eternal logo
I edited the time zone in the boot script, replacing the original value with Europe/Kiev
Since changing the timezone to a non-factory one causes boot trouble, it means that the boot sequence is designed terribly wrong.
Actually since you are able to enter the bootloader and it offers you to mount /system, then, probably, if you can get a shell with a mounted /system, you can mount the /rigol partition from there and edit the boot script directly on the scope without removing the SD card.
I edited the time zone in the boot script, replacing the original value with Europe/KievIm from Ukraine too, but wrote "Helsinki" in script because I didn't know how to write correctly (for Android system) "Kiev" or "Kyiv" 😂
Thanks for your answers, shapirus!
Europe/Kiev
Finally my build from scratch is working on this scope Few things left to enter alpha stage.
There are no problems entering this recovery, this is done by the adb command. But to move between items here you need to press the “Volume+” and “Volume-” buttons, but they are not on the oscilloscope
There are no problems entering this recovery, this is done by the adb command. But to move between items here you need to press the “Volume+” and “Volume-” buttons, but they are not on the oscilloscope
I definitely remember that stock recovery worked with the physical keyboard, like with tvboxes.
Now, after resuscitation using Dave's .img, recovery does not load. It tries to boot, and once every 22 seconds the following information appears on the screen for a moment:
But it doesn't load. This doesn't bother me much, but I would like to have a backup recovery option via usb adb instead of disassembling and installing a spare sd card.
I updated ol fw of Dave's image to 1.02, and while I didn’t return the 802 model witht Zelea's tool. Just for fun, I’m testing the 814. I did a simple calibration (not an advanced calibration), the offsets disappeared on the first and second channels. On the fourth channel (ext trig in the original) there are still offsets, including a constant ADC's offset that does not depend on the set input sensitivity V/div value. I think this is explained by the different configuration of these resistors in 802/804 and 814/804:
I will continue my research when I have more free time.
Now, after resuscitation using Dave's .img, recovery does not load. It tries to boot, and once every 22 seconds the following information appears on the screen for a moment:
i2c@ff160000 {
compatible = "rockchip,rk3399-i2c";
reg = <0x0 0xff160000 0x0 0x1000>;
clocks = <0x8 0x46 0x8 0x15a>;
clock-names = "i2c", "pclk";
interrupts = <0x0 0x24 0x4 0x0>;
pinctrl-names = "default";
pinctrl-0 = <0x3e>;
#address-cells = <0x1>;
#size-cells = <0x0>;
status = "okay";
clock-frequency = <0x61a80>;
rtc@32 {
compatible = "rockchip,rtc-rx8010sj";
reg = <0x32>;
interrupt-parent = <0x3f>;
interrupts = <0x3 0x8>;
status = "okay";
};
};
I can't read this blurry text.
Anyway, I have image of 924S. I can upload it somewhere if You need it (before that, I need to delete some non-free files from it - not relevant to scope).
I can't read this blurry text.The text is clearly visible in the second and third images. These are stills (frames) from the video. Same as on blurred gif (1st image).
[ 0.000000] Kernel command line: earlycon=uart8250,mmio32,0xff1a0000 swiotlb=1 coherent_pool=1m cma=257M androidboot.baseband=N/A androidboot.selinux=disabled androidboot.hardware=rk30board androidboot.console=ttyFIQ0 init=/init mtdparts=rk29xxnand:0x00002000@0x00002000(uboot),0x00002000@0x00004000(trust),0x00002000@0x00006000(misc),0x00008000@0x00008000(resource),0x0000C000@0x00010000(kernel),0x00010000@0x0001C000(boot),0x00020000@0x0002C000(recovery),0x00038000@0x0004C000(backup),0x00040000@0x00084000(cache),0x00400000@0x000C4000(system),0x00008000@0x004C4000(metadata),0x00000040@0x004CC000(verity_mode),0x00002000@0x004CC040(baseparamer),0x00000400@0x004CE040(frp),0x000FA000@0x004CE440(rigol),-@0x00600000(userdata) storagemedia=sd androidboot.oem_unlocked=0 uboot_logo=0x02000000@0xf5c00000 loader.timestamp=2023-08-23_11:38:38 SecureBootCheckOk=0
Thank you! I will definitely contact you when I find time to experiment with 924S img on my 802.
Anyway, I have image of 924S. I can upload it somewhere if You need it (before that, I need to delete some non-free files from it - not relevant to scope).
uboot: 0x000800000 -- 0x000C00000 (4 MB)
trust: 0x000C00000 -- 0x001000000 (4 MB)
misc: 0x001000000 -- 0x001400000 (4 MB)
resource: 0x001400000 -- 0x002400000 (16 MB)
kernel: 0x002400000 -- 0x003C00000 (24 MB)
boot: 0x003C00000 -- 0x005C00000 (32 MB)
recovery: 0x005C00000 -- 0x009C00000 (64 MB)
backup: 0x009C00000 -- 0x010C00000 (112 MB)
cache: 0x010C00000 -- 0x018C00000 (128 MB)
system: 0x018C00000 -- 0x098C00000 (2048 MB)
metadata: 0x098C00000 -- 0x099C00000 (16 MB)
verity_mode: 0x099C00000 -- 0x099C08000 (0 MB)
baseparamer: 0x099C08000 -- 0x09A008000 (4 MB)
frp: 0x09A008000 -- 0x09A088000 (0 MB)
rigol: 0x09A088000 -- 0x0B9488000 (500 MB)
userdata: 0x0C0400000 -- 0x7629FFFFF (27174 MB) ?
I definitely remember that stock recovery worked with the physical keyboard, like with tvboxes.
I would like to have a backup recovery option via usb adb instead of disassembling and installing a spare sd card.
I updated old fw of Dave's image to 1.02, and while I didn’t return the 802 model with Zelea2's tool. Just for fun, I’m testing the 814. I did a simple calibration (not an advanced calibration), the offsets disappeared on the first and second channels. On the fourth channel (ext trig in the original) there are still offsets, including a constant ADC's offset that does not depend on the set input sensitivity V/div value. I think this is explained by the different configuration of these resistors in 802/804 and 814/804:
I will continue my research when I have more free time.
I'm interested too, just to compare with 800 series.
Partitions on sdcard are offset by 0x400000