tegra30_debrick
tegra30_debrick copied to clipboard
tofurky
Tegra X1 (Pixel C "dragon") debrick?
the original fusee-gelee was tailored to tegra x1. the one from jevinskie included here as a git submodule is tailored towards tegra30.
the payload here (uart_payload.c) will ONLY work on tegra30. it was originally written for x1 by ktemkin though, see https://github.com/tofurky/tegra30_debrick/blob/master/payload/ipatch_rcm_sample.c https://github.com/tofurky/tegra30_debrick/blob/master/payload/t210.h for the unmodified code.
you can probably take the missing macros (since i don't have a copy of registers.h) from uart_payload.c
i am not sure what or any equivalent there is to nvflash for the x1 - nvflash from this repo is ancient (2013). sorry i can't be of more help, i do not have experience with any other tegra chips. maybe there's some stuff on xda developers or similar?
Thank you for the info. No unfortunately I found nothing on XDA.
Yes, seems nvflash does not work with X1 (see https://github.com/NVIDIA/tegrarcm) but still I don't understand how to put Pixel C on RCM mode as described for the original work. Is it simply the equivalent of fasboot mode? I will ask directly to the author...
Good Morning, From the command line: reboot forced-recovery should put it into RCM mode.
On Fri, Jan 14, 2022 at 3:34 AM Samuel @.***> wrote:
Thank you for the info. No unfortunately I found nothing on XDA.
Yes, seems nvflash https://http.download.nvidia.com/tegra-public-appnotes/flashing-tools.html does not work with X1 (see https://github.com/NVIDIA/tegrarcm) but still I don't understand how to put Pixel C on RCM mode as described on original work by jevinskie. Is simply the equivalent of fasboot mode? I will try again...
— Reply to this email directly, view it on GitHub https://github.com/tofurky/tegra30_debrick/issues/7#issuecomment-1012913935, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAFWB7I7GN4ANXARMWWDF7LUV7NZHANCNFSM5L3MVEWQ . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.
You are receiving this because you are subscribed to this thread.Message ID: @.***>
Thank you for the tip, unfortunately fastboot reboot forced-recovery is not a valid command on my Pixel C.
I could only run fastboot reboot or fastboot reboot-bootloader.
Good Morning, From the command line: reboot forced-recovery should put it into RCM mode.
No, it would have to be an adb shell command. If you chainload u-boot you can do it manually with a pair of mm commands to the pmu block. If you can fastboot boot a recovery image you can do it from there as it exposes adb as well.
If you chainload u-boot you can do it manually with a pair of mm commands to the pmu block.
Very interesting: that's exactly the meaning of shofel2 exploit, right? So, the ability to chainload u-boot... but my question is how could I run the exploit, having only fastboot working?
Thank you for the tip, unfortunately
fastboot reboot forced-recoveryis not a valid command on my Pixel C. I could only runfastboot rebootorfastboot reboot-bootloader.Good Morning, From the command line: reboot forced-recovery should put it into RCM mode.
Hello, I think this blog might be suitable for you. https://yifan.lu/2022/06/17/unbricking-shield-tv-2015-with-a-bootrom-exploit/
