RIFF Box = 30-08-2018
RIFF Box eMMC Plugin v5.0 released -USB Qualcomm and UFS chips support
| eMMC Partition Table FullFlash Image Files Processing Plugin (eMMCDiskPartitions.dll) v5.00
-------------------------------------
- added USB Connection Mode (Qualcomm Sahara)
- added support for parsing EFI,PIT,MBR-type dumps from UFS memory (Page Size = 0x1000)
- added option to select active Partition to be parsed - in this case "Parse Connected Memory' button will parse precisely the selected partition,
and "Parse Local Dump File" button will assume that parsed dump was read from the specified partition;
- [Parse Official Firmware]: Improved loading MTK partition files which are named with prefix '__NODL_' while on disk those are named without prefix.
- [Parse Official Firmware]: fixed the bug when clicking the "Read Form Connected Device" button to read partition sizes during the MTK scatter file parsing did nothing.
- for PIT/EFI parsed dumps/devices improved parsing when 'Show Gaps' is checked; __NOT_ALLOCATED space at the end of image file is autodetected for BACKUP_GPT partition.
- added automatic select/deselct all partitions feature to context menu (right-click on partitions list, then chose desired action)
- fixed the bug when plugin loaded (injected) in total more than 2GB of partitions data then reading wrong data could occur.
- default chip size (which is used when expanding expandable partitions - those with size = 0) is changed flrom 64GB to 512GB
- [Load Firmware Files]: fixed bug when loading firmware files from GPT partition: if "gpt_backup" file was present, the gpt_backup file was loaded into gpt partition, instead of 'gpt_main';
- fixed EXT4 File System Parser bug: 64bit addressing was handled incorrectly, thus some contents (directories/files) may be not parsed
- EXT4 File System Parser is optimized, parsing is done much faster
- Fixed file names encoding in EXT4 File System Parser. Now names are recognized as UTF-8 strings
- when loading official firmware, the partitions list is automatically rewinded to always keep showing currently loaded partition progress;
- reworked the main interface window - now parsed partitions list and File System contents explorer are moved to separate pages.
- File System contents explorer now builds the list of all partitions detected with supported file systems at once; to initate the parsing of selected partition just enough to expand its tree node
- added 'Preview' to the The contents explorer. It is possible to instantly start checking the selected file's conents - supported currently: text files, picture files, ELF files.
To check the file it is not necessary to export it to the hard disk first, just click on file and in preview window the contents of the file will be displayed.
- [Parse Official Firmware]: added support for Qualcomm XML programming files: to load click the "Parse Official Firmware" button and select Qualcomm's XML file (like rawprogram0.xml); Plugin will create list of partitions from it,
will load required files into partitions and will be instantly ready to flash those into connected device.
- Renamed old buttons 'Read Selected', 'Flash Selected' to 'Read Selected Full Area', 'Flash Selected Full Area'
and added 'Flash Selected Used Area' button: it is possible now to flash either only the used area of partition or the full partition area.
For example, if full partition size is 1GB, but the meaningfull data file injected into it was 1MB, there is no point flashing full partition area (1GB). Instead, to save time just first 1MB can be flashed with 'Flash Selected Used Area' button
This feature is especially useful when flashing partitions after [Parse Official Firmware] is executed.
- [Parse Official Firmware] - optimized parsing firmware file. Loading any firmware files now happen almost instantly. Plugin now works with external files of partitions on-the-fly, so it is not required now to waste time injecting file's data into partition during parsing stage.
Sparse packed files are handled on-the-fly as well. All operations are performed in the background.
From the user point of view, you just keep working with the parsed partitions as usually - as if local dump were loaded and parsed.
|
RIFF Box Qualcomm Sahara support, tips and tricks
| Hello dear users !
We took some time to prepare latest addition to JTAG Manager and built from scratch complete Sahara protocol support (both firehose and streaming download). We didn't just embedded freely available tools from Qualcomm (emmcdl and qh_loader), instead, we used own code.
Great work is done on eMMC Plugin too, which now supports USB, ISP and JTAG access. You can select partition on LU (Logical Unit) to parse.
Among other improvements, we added GPT repair/adjust which serves as analogue to patch0.xml used with QFIL.
"Adjust GPT" will automatically update checksums and resize userdata partition to fill whole chip. This is valuable in cases where gpt is from different chip size.
There is more work, but we feel confident that current functions can satisfy most of the needs in servicing and forensics fields.
So, for start, few important tips:
1. Make sure to have Qualcomm drivers installed
2. Most Snapdragon 200 firehose loaders don't have read support, also some will not output storage info (size, SN, brand). We found out that there is one universal firehose looader which supports all this, but uses a bit different protocol. As this is Alcatel loader, we named it "Alcatel Firehose".
It can be used with MSM8x10, MSM8x12, MSM8x26 which otherwise don't have read support. File is attached here.
3. Sahara protocol requires phone to be in EDL mode. To enter EDL mode, exist few methods:
1. Kill phone BootChain or GPT [IMG]http://www.****************/images/smilies/biggrin.gif[/IMG]
2. Switch to EDL from ADB or from TWRP: (TWRP tested on some Samsung models)
"Adb reboot EDL"
3. Use EDL cable (Xiaomi phones for example)
4. Activate Diag mode and JTAG Manager will switch it to EDL automatically if phone supports it.
5. Hold Vol+ for 10 seconds (OnePLus models)
6. Short EDL TP-s if exist
7. Short CMD to GND
9. Most reliable method is to remove eMMC [IMG]http://www.****************/images/smilies/biggrin.gif[/IMG]
I'll add some videos to this post later, for now please test functionality and ask for clarification if there is anything unclear.
|
RIFF Box DLL updates, 30.08.2018
| New Resurrector DLL-s today:
USB:
ISP:
-
LG D686
-
LG N3 Nexus 5X
-
Samsung J330F
-
Samsung T585
-
Samsung J200F
-
Samsung J120G
-
HTC One X S702e PJ4610000
-
HTC One SV V520e PL8013000
-
HTC One M9 0PJA20040
-
HTC One M8 0P6B70000
-
HTC One M7 PN0711000
-
HTC One DS PN0771000
-
HTC Desire D816V 0P9C80000
-
HTC Desire D500 0P3Z11200
-
HTC Desire 626 0PM921000
-
HTC Desire 616 0PBM10000
-
HTC Desire 601 0P4E21000
-
HTC Desire 526G 0PL410000
-
HTC Desire 510 0PCV20000
-
Fly IQ4505
-
Xiaomi Redmi Note 4
|
RIFF Box JTAG Manager v1.80
RIFF Box firmware v1.50
RIFF Box Firmware 1.50
---------------------------
- Fixed RIFFBOX2 Firmware bug: when reading any data from eMMC Chip, the Data CRC16 was not checked, so even data received with errors was considered to be valid.
Now RIFFBOX2 Firmware detects data CRC16 errors, and guarantees data read from eMMC chip is valid.
RIFFBOX1 Firmware is not affected by this bug, but firmware update is required to update to 1.50 version string.
- Fixed timing bug which prevented to change BOOT and RPMB partitions sizes
RIFF Box Firmware v1.51
- fixed RIFF1 firmware bug which caused random box restarts during ISP flashing
- fixed RIFF1 firmware bug which caused freezing during consequtive eMMC write operations in single session
- fixed RIFF1 & RIFF2 firmware bug which caused erasing the first block of eMMC chip's user area after reading eMMC firmware or reading Samsung Smart Info
RIFF Box JTAG Manager v1.81
- added USB mode: it is possible to connect supported devices via USB cable; (Qualcomm Sahara Firehose and Streaming Download protocols)
- added UFS memories support via USB interface.
- added feature to remember each partition address and length settings on USB read/write page;
- added feature to remember each partition address and length settings on eMMC read/write page;
now when partition is changed, the relevant Address and Length fields are changed to correspond values which were set for selected partition;
- fixed an issue with settings when there are no downloaded resurrectors or if there are not all kinds of resurrectors are present;
Now informative dialogs are displayed for users to be able to clue out what's to be done.
- fixed an issue when user tries to select Resurrectors filter (for example to filter only ISP Resurrectors) and there are no Resurrectors of the selected Filter kind;
Now informative dialogs are displayed for users to be able to clue out what's wrong. And deadloop with settings is avoided now.
- added information on the Plugins page - in case there are no plugins are downloaded yet, the not experienced user can see information about plugins and how to get them;
- revised the "Resurrector Settings" logic: renamed to "Automatic Parameters" and "Manual Parameters by User".
When selected "Automatic Parameters", the required connection settings are used from the Resurrector DLL: for all modes - JTAG, eMMC, USB.
Please note, any settings (values) present in the ISP Resurrector DLLs are copied when DLL is selected and are not forced not to be changed later by user.
Thus for ISP mode, all settings (interface, SD_CLK, voltage and bus width) can be modified anytime, and are not grayed out in the "Automatic Parameters" mode.
When selected "Manual Parameters by User", the required connection settings are used from correspondent fields.
Additional checks added to eliminate irregularities during connection to the device when incorrect mode DLL is selected in the list.
Message dialogs are displayed to inform user what has to be done in order to fix the problems
- completely reworked scenarios for cases when "Automatic Parameters" or "Manual Parameters by User" option is selected
It now complies to following rules: when "Manual Parameters by User" are selected, the settings block is changed depending to currently active Page.
For example, if eMMC Read/Write page is active, ISP settings block is displayed, if DCC Read/Write page is active, JTAG Custom Settings block is displayed, etc.
In case "Automatic Parateres" is selected, no matter what active page is selected, the settings block which corresponds to the mode of selected resurrector is displayed.
This helps to eliminate illogical scenarios - for eample, when selected resurrector is ISP Resurrector and user tries to Read/Write memory on DCC Read/Write Page.
In this case Error Message dialog is displayed for user.
- implemented more informative and self-explainable run-time rebuild of the JTAG Manager's settings blocks interface when Automatic Parameters" or "Manual Parameters by User" are selected.
=============
RIFF Box JTAG Manager 1.79
---------------------------
- Added context menu for the PKG editor - right-click on data write actions allows to perform alignment of the selected ation's data. Normally alignment is performed when adding new write memory action.
This feature allows to align actions in selectable manner, after all write actions were added to the list. This feature is handy when adding full list of write actions via eMMC Plugin,
and when some partitions are required to remain full size, and others are allowed to be cut/aligned
- "eMMC/SD Access" Page -> "Data Length" Field, ComboBox with pre-set lengths, 'File Size': when selected, Data Length field is filled with value equal to selected File's size.
Now File size is automatically aligned to 0x200. JTAG Manager automatically handles non-aligned to 0x0200 files - the remaining data is filled with 00s.
- Added "Load EXT_CSD Register" feature to the eMMC/SD Advanced dialog. It is possible now to load 0x200-byte EXT_CSD register into currently connected eMMC context;
Format supported: plain binary format, 0x200 bytes size of file; most often these are files with extentions '*.bin' and '*.extcsd';
- Added "Load CID & CSD Registers" feature to the eMMC/SD Advanced dialog. It is possible now to load CID and CSD registers into currently connected eMMC context;
Format supported: log text files made with other boxes.
JTAGManager.exe
RIFF Box JTAG Manager 1.80
---------------------------
- Fixed save file bug: After JTAG Manager showed there is no Free Disk Space to save the file, consequtive Save attempts resulted in errors.
- Fixed keyboard layout switching when RichEdit component is activated (these are forms containing instructions, help, etc - like Resurrection Manual, Useful Plugins description text, etc)
- Firmware update procedure is improved
JTAGManager.exe
|
09-15-2017, 04:45 AM
جميع تحديثات ريف جيتاغ - Riff Jtag Updates
JTAGManager.exe
العرض العادي
المواضيع المتشابهه