Friday, January 3, 2014

Hacking into the Minix Neo X7


       Recently, just in time for the holiday season, I have been testing and developing with a Minix Neo X7 and its very handy A2 airmouse.
Minix NEO X7 TV box with RK3188 Quad-Core CPU and 2GB RAM


    This TV box is remarkable to me on the outside for the quality of its finishes, that do make it sturdy and good looking. On the inside there are some probably good choices on the design, namely:

- A quality Audio CODEC (RT5616 that afaik is a Realtek ALC5616) instead of the usual cheap RK1000 shipped on most TV boxes.

- A well suited on-board Ethernet MAC (Realtek RTL8152) as opposed to using the internal MAC of the RK3188, as is done by most other TV boxes, which are riddled with bugs (to list a just few of RK MAC's problems: quirks when connecting Ethernet directly to a PC, stops working on TV-box Linux restart, CPU shut-down upon serving heavy files over SAMBA, ...).

- An on-board battery for the RTC chip (real-time clock HYM8563 to keep the time even without network), which may be interesting for embedded projects with a Linux OS.


    Also, as a less precisely statement, though based on my electronics background, just by looking at the X7 PCB one can find many more capacitors than on most other devices. This is maybe one of the most important good points of this box, since having those capacitors means much more stability, so that it is far less likely for it to hang/reboot while doing heavy duty stuff.

Next time your Android stick/tablet/phone reboots, hangs, or throws you out of an app, think that more than half the times this is due to trimmed down capacitor count, while the rest of the times it's just buggy SW.




Apart from that, Minix has already released twice their kernel sources:

- In September 2013, to well known developer phjanderson (here)

- And then again in December 2013, for the MINIX Developer Challenge, which by the way may be of interest to Android hackers and artists, since they offer well rewarded prizes for the best UI (up until Feb. 9, 2014).





    The practice of respecting the GPL license is something we, as an open source community, value most and certainly distinguishes one vendor from another.

    Think that, even for Android, having kernel sources means an "explosion" of ROMs, developers, and, generally, features such as safer overclocking, updates, fixes (i.e. Vsync screen fix), etc, without the irksome binary patching.

     However, if I could make a wish, that would be the schematics of this TV box, so we can know which CPU pins are connected to which pins of the many ICs on the board, so as to give an even better support for all its components.
     Please note that plain schematics are like the blueprint on hotel room doors, they don't disclose how the hotel was built, just how the rooms are set up.
   

Hacking the machine


1) First things first, you may want to backup your recovery partition (no need to backup the others, unless you have your data on it, since MINIX offers the latest stock ROMs on their site). For that we do the following:
- Coonect the X7 to the power outlet (but don't press the power button yet)
- Connect the X7 to the PC through its USB OTG MicroUSB connector
- Carefully insert a clip into the "Recovery" pin hole (near the HDMI connector) until a pushbutton clicks, and keep it pushed.
- Press the X7's Power button

Then, upon doing a "lsusb" on the PC you'll see the X7 in bootloader mode, listed as a nameless USB device.

You can check the partition table (as a list formatted like: partition_size@partition_offset(partition_name)) by issuing this command:

sudo ./rkflashtool r 0 1 | head -n 11

The partition parameters is what follows after mtdparts. On my X7's revision this looks like:

mtdparts=rk29xxnand:0x00002000@0x00002000(misc),0x00008000@0x00004000(kernel),0x00008000@0x00012000(boot),0x00010000@0x00020000(recovery),0x00020000@0x00030000(backup),0x00040000@0x00050000(cache),0x00800000@0x00090000(userdata),0x00002000@0x00890000(kpanic),0x00130000@0x00892000(system),-@0x009c5000(user)

So backing up recovery partition becomes (swapping size <=> offset):

sudo ./rkflashtool r 0x20000 0x10000 > NEO_X7_recovery.img


2) Second step would be to root Android, so you can reboot to recovery (i.e. Linux) anytime. Rooting the X7 is done as described in this post.



3) Now you want to compile your kernel with the options (.config) you prefer, just remember to use the latest kernel source, at the last line of the MINIX Developer Challenge announcement.

As a base for any hacking, the stock Neo X7 config is: /arch/arm/configs/box_3188_r2_defconfig

To compile your own kernel you can follow this post: Generic Linux Kernel building for RK devices.



4) Last step is flashing your shiny new kernel to the recovery partition of the X7. This is done with the following two commands:


sudo ./rkflashtool w 0x20000 0x10000 < recovery.img
sudo ./rkflashtool b


5) In order to boot to Linux, you just need to insert an SD card with your Linux RFS (you can create your own RFS as described here) and then, you can either use this excellent "Autorun Linux" app, or install "Android Terminal Emulator" get inside it, type "su" and then "reboot recovery" every time.

That's it, happy hacking!




Regarding Android 4.4 KitKat


Yesterday Minix issued a brief message regarding the recently announced, supposed, Android 4.4 support on some RK3188 devices from other vendors [that do not release their kernel sources].

Since I have been myself, along with other well known developers in the RK Linux community, doing work on upgrading the RK kernel to newer versions (3.0.36+ is tremendously outdated), I can confirm Minix' point of view, that the supposed 4.4 support by those other vendors is indeed FAKE.

The leaked 4.4-supporting kernel is the same old 3.0.36+ kernel with just some drivers in different structures/places and the bare minimum to trick Android 4.4 into believing it is running a newer kernel.
Naturally this is a recipe for bad outcomes, instability and developer support dispersion.

It kinda feels like those MicroSD cards that are labelled 8 GB but are internally just 4 GB...

So, I really look forward to the official release of a real Android 4.4 and its kernel sources. Until then I think we are better off with a nice theme in our current and more stable Android Jelly Bean.