Monday, November 28, 2016

Allwinner A33 Tablets Hacking Guide (with Mainline Kernel/U-Boot)

For any infomation update, please send a mail to me (icenowy@aosc.xyz).

Assumptions

I will assume that the reader is able to cross-compile a Linux kernel.

How to check whether a tablet uses Allwinner A33

  • The most exact way, disassemble the tablet, and find a chip with "A33" on it ;-)
  • Check the "Build Number"(版本号) in "About Tablet" in the stock Android's Settings, if it starts with "aster", then it will mostly be an A33-based tablet.

Get root permission

  • Usually unbranded Allwinner tablets are shipped with "userdebug" firmware, which by default have adbd running as root. So simply try "adb shell" on a PC first.
  • If your tablet unfortunately disabled adbd's root permission, you can try a Kingroot. (Although I do not like Kingroot...)

Prequisites to hack an A33 tablet

  • Prepare a PC with GNU/Linux installed ;-)
  • Prepare a ARM GCC toolchain. (The Linaro one is Okay. https://releases.linaro.org/components/toolchain/binaries/latest/arm-linux-gnueabihf/ )
  • Prepare host build environment, and build sunxi-tools ( https://github.com/linux-sunxi/sunxi-tools ) or install it from your distro.
  • Prepare a reliable Micro-USB cable, and if your tablet come with a dedicated DC power input, you'd better prepare a power adapter for it (as you can use OTG in the same time then).
  • Prepare a brain that likes hacking ;-)

Retrieve necessary info from Android

Run lsmod and detect device by modules loaded

Touchscreen controllers:
  • gt9xx{,f}_ts - Goodix GT9xx touchscreen controller
  • gslX680{,new} - Silead GSLX68X touchscreen controller
Wireless network adapters:
  • 8723bs - Realtek RTL8723BS Wireless Network Adapter (SDIO)
  • 8723cs - (usually) Realtek RTL8703AS Wireless Network Adapter (SDIO)
  • esp8089 - Espressif ESP8089 Wireless Network Adapter (SDIO)

Retrieve script.bin

On A33 devices, script.bin are usuall not accessible on nanda partition.
So you must use a dd command to dump it:
dd if=/dev/mem of=/sdcard/script.bin bs=1 count=262144 skip=1124073472
Then use bin2fex from sunxi-tools to decipher the script.bin to script.fex .
Some infomation in it may be needed.

(For Silead GSLX68X touchscreen controller) Retrieve the firmware

Retrieve all the .ko files prefixed with "gslX680" in /vendor/modules .
Then use the fw_extractor tool from https://github.com/onitake/gsl-firmware to extract the firmwares from the .ko files.

Mainline kernel's restrictions and advantages

Restrictions:


  1. NAND cannot be supported well now. (But if your device uses an eMMC, you still have the opportunity to install Linux to the eMMC. )
  2. Hardware-accelerated video decoding is not yet supported.
  3. More features missing...

Advantages:

  1. It's newer.
  2. It can support newer Systemd ;-)
  3. It's more stable.
(NOT FINISHED YET)

My Bio

Icenowy Zheng, a Grade 2 student @ Sun Yat-Sen University.

Allwinner fans (as I'm POOR).