Understanding Partitions in Android MediaTek Chips

Published on 2024-01-27 in Android

Flash Samsung Galaxy A34 SP Flash Tool

Published on 2024-01-27 in Android, Software

Scatter File

To use the SP Flash tool you need to have a scatter file. One easy way to find that is to look out for other devices that use the same chipset but the manufacturer releases the firmware file including the scatter file one such manufacturer is Xiaomi but you may find other manufacturers as well.

Samsung Galaxy A34 uses Dimensity 1080[MT6877v] and here is the list of other devices that use this chip as well:


Devices come in two kinds, eMMC and UFS. eMMC is just an SD card but in a package of a chip which then is called an embedded SD card or eMMC. Others come with UFS storage which is NAND flash in fancy words. You can determine your device type by looking at the specs. For A34 that is UFS 2.2.

Partition Starting Address

There’s a PIT (Partition Information Table) file inside all Samsung firmware. This file includes all partition starting addresses. Don’t know how to read it yet though

Small Notes

  1. If you are creating a scatter file from scratch know that you should put all partition inside and all correct start addresses. SP Flash Tool every time you flash even a single partition will update the device gpt partition table based on the scatter file you supplied thus be careful or backup the ptable before starting messing around
  2. Would be awesome if anyone knows a tool which can read the ptable, currently I used mtkclient but the support is not that great
  3. SP Flash Tool By SRAM, By DRAM option, choose how the file was first copied to the device and then write to the actual location. Both should work in normal conditions, SRAM used if DRAM has issues, pro during R&D.

Samsung MTK Force BRom (DM)

Published on 2024-01-23 in Android, Software

Half of Samsung devices come with a MediaTek chip. These chips come with a special mode called BROM or emergency mode. This is something that by default is not enabled but if the device goes into broken mode it will activate to allow the device to be flashed without the need for a jtag connection.
There’s a tool called Android Utility Tool that comes with a very shitty support, website, and documentation. In my journey, I thought I give it a shot as the phone that I was playing with wasn’t so important to me. Unfortunately, I used the tool to put my device into the BROM mode and the device got bricked with a black screen and no reaction whatsoever.
The solution was easy just get a stock ROM extract Bootloader files uncompress the LZ4 file format and then use the write boot_section and write a preloader file to the device. And your device will work revive again.
Final note MediaTek mode only enables for a few seconds after you reboot the device so each time you want to execute an action you have to keep Holding the power button or some combination for a few seconds or more.

How to Downgrade Samsung SW REV. CHECK FAIL

Published on 2024-01-20 in Android

If you try to downgrade a new Samsung phone to an older firmware using Odin you are gonna get SW REV. CHECK FAIL. Fortunately, there’s a fix for this but it takes a little bit of patience

Quick Guide

  1. Download and install 7-Zip
  2. Download the required tool.
  3. Extract the Ap_<Version>.tar.md5​ content in the same place as the required tools.
  4. Convert .lz4 files to .img​ by dragging and dropping them on lz4.exe​
  5. Run SignRemover
  6. Pack the whole dir except lz4 files and tools to tar with 7-Zip
  7. Do the same for the bootloader(Ap_<Version>.tar.md5​) and flash normally using Odin

If needed place vb_mate.img in AP slot to disable AVB

How to Downgrade Android Version in Samsung Devices if Device is in Higher Binery


Web Extension Console Firefox

Published on 2023-12-19 in Software

Developing Firefox extensions could be rough but shouldn’t be. here are few techniques to smooth out the process

1. Dev Console

Access all extension logs by visiting about:debugging#/runtime/this-firefox and clicking on the Inspect button to see console.log logs.

For background scripts, you can see the logs also in the browser console by pressing Ctrl+Shift+J

2. Try WebExtension API Live

You can access WebExtension API Here and you can try them in about:debugging#/runtime/this-firefox in the same console. As an example browser.tabs.query({active: true}) will give you the current tab

3. Terms

A browser action is a button that your extension adds to the browser’s toolbar

4. Installation

If you want to install your add-on you need to first sign it on the Mozilla platform but this can take time instead you can install Firefox Developer Edition and enable xpinstall.signatures.required to disable sign enforcement and then normally install your add-on

  1. Anatomy of Extention
  2. Windows Firefox Dev Edition 100.0

How UDP Hole Punching Work

Published on 2023-12-13 in Linux, Software, Windows

TCP/UDP hole punching or NAT traversal works as following:

A and B are behind NAT and want to communicate, while you have public relay server, S.

1. A connects to S, B connects to S

2. S send A ip and port to B, and send B ip and port to A

3. One of A or B try to connect to the other by the address S shared

Note1: For hole punching you don’t need uPnP IGD or port forwarding

Note2: UDP hole punching works more reliably than TCP hole punching as it’s connectionless by nature and don’t need SYN packet

Note3: Hole punching isn’t a reliable technique as router or other firewall may see B ip address is different from S ip address and block the inbound connection

Note4: STUN is a standard protocol that implement UDP hole punching although you can create a custom protocol as well following the above steps

RNN vs CNN in Speech Recognition

Published on 2023-10-06 in Speech Recognition

RNN or CNN, that’s the question. so what should you use?

Let the battle begin

So speech recognition is a very broad task. People use speech recognition to do speech-to-text on videos, a pre-recorded data which you can go back and forth between past and future and optimize the output a couple of times. On the other hand voice control is also a speech recognition task, but you need to do all this speech processing in real time. And within a low latency time manner.

And now comes the big question. Which technologies should you use RNN or CNN? in this post, We’re going to talk about that

so generally, speech waveform data by using a CMVN or MFCC, can be converted to 2D image data and then, from that point is basically an image that you can show to people and people can learn how each word will look like. So, it is basically detecting where exactly the word is happening. And it’s very similar to an object detection task. very similar, but not quite the same. And why is that? So, a lot of times we also have trouble detecting words but we are using the language grammar in the background of our head to predict what exactly the next word would look like. And we’re using that and combining that with the waveform data and then we detect the right word so if you say, a very strange word to people, they will have trouble getting the correct text out of it. But if you teach them a couple of times, and they know that when these words pop up, they will have much less trouble detecting them. So the machine learning community uses the same approach.

In modern speech recognition engines ML engineers first use CNN to capture the features, or at least detect how likely the word is, and then run an RNN in the background as a language model to improve the result. So in the case of voice control, you don’t care about the language model, because there is no language model. You can say whatever word you want, or at least we give you that freedom, and then you just need the text out of the word that you just said.

So in that case there is no use for RNN as there is no language model. And a 1D convolutional network is enough. So it is the same as localization and object detection in classic machine learning. So if you use the same technique as YOLO to move around the convolution layer, around the waveform, and just detect the maximum confidence score on a window, then you can find the exact word happening at that time. The problem is as the number of words increases and increases this technique will become more and more challenging. So you need to develop more mature techniques. And that’s exactly why we introduced HMM. The best technique is to use a hidden Markov model To detect which word is spoken in a certain way and then slide that word over the signal and find out if it’s actually that signal or not. And by using that we can do that alignment. We can do better force alignment, use that data, and also feed it to Hmm, To increase the accuracy and finally, we create this awesome engine with a great amount of accuracy that no one has seen ever before.

So wait for it and Sleep on it.

Windows Accurate Timing

Published on 2023-09-13 in Software, Windows

There’s a lot of controversial discussion over the internet about achieving accurate sleep function on Windows platforms. The problem is most of them are very old and with the introduction of multicore processors many of the older functions break down but this is not the case in 2023.
Nowadays you can easily call the cross-platform C++ 11 chrono function and with the following source code, I could achieve one millisecond accuracy which is more than enough for my application.

#include <chrono>
#include <thread>

Before I used the QThread::msleep function which had an accuracy of about 5ms to 15ms which was a lot more than what I imagined even when I used the QThread::usleep function.
There is an issue that is if you call the sleep function on a thread the OS scheduling system will put your application to sleep and it may take a while till the scheduler picks up your application again. To prevent this issue you need to specifically tell OS to treat your application differently than others and C++ 11 introduces chrono which uses QueryPerformanceCounter in the background Windows API to make sure Windows scheduler will pick your application up at the right time
You can go ahead and directly call the Windows API function but nowadays C++ 11 is nicely integrated into a lot of environments and it’s also a cross-platform solution so lucky you, you don’t need to get your hands dirty anymore.

  1. YouTube – Test and Set Synchronization Primitive
  2. RandomASCii: Windows Timer
  3. Microsoft – Windows Performance Analyzer
  4. YouTube – CppCon 2017: Fedor Pikus “C++ atomics, from basic to advanced.”

Windows Last Restart Reason

Published on 2023-09-11 in Windows

The Windows 10 may restart unexpectedly. In order to find out why you can execute the following command:

wevtutil qe System /q:"*[System[(EventID=41) or (EventID=1074) or (EventID=6008)]]" /c:1 /f:text /rd:true

If the case is Operating System: Service pack (Planned), set the following registry key to disable automatic Windows update restart:


SetWindowsHookEx Callback Never Called

Published on 2023-08-05 in Software, Windows

Previously, we learned we needed to put our callback function in a separate DLL and then load that DLL in another program. So you did that you create a separate dll, you put the callback there you call the SetWindowsHookEx function to set up the callback, But the callback doesn’t get called at all. So what’s wrong?

In order to figure this out, you need to notice that the SetWindowsHookEx function is actually a DLL injector. What does that mean? It means it first loads or injects your DLL inside the target application, And then it will hook your callback to the Windows messages queue or any other callback that you specified.

So for this to work, there are several conditions that need to be met otherwise several things can go wrong. And in my case, all of them went wrong. I’m going to list them here. So maybe it will help you. By any chance if you bump into any other issue and you finally got to solve it. Then please mention that in the comments, so other people and I can learn from your mistakes as well. Alright, let’s get to the problems.

1. Thread ID

The first problem that I had was the thread ID. So there are several ways to get the thread ID. First, don’t use the GetWindowThreadProcessId function

the best and most legitimate way to get the thread ID is by using the CreateToolhelp32Snapshot function which goes through all threads and checks if they are the main thread for an application. Actually, I found that the CreateToolhelp32Snapshot function is returning a different value than the GetWindowThreadProcessId, and it was actually the reason why my DLL doesn’t get floats. So that’s first.

2. DLL Dependency

Second, you have to be aware that your callback is going to inject your DLL into another program. So you have to make sure that the DLL that you wrote is not dependent on any other libraries other than the one that is already installed in the “System Path”.

so in my case, I was using the Qt library and the SetWindowsHookEx function was installing the hook successfully, But in reality, the dll never gets injected into the target program.

3. Printf

The last dilemma was, don’t use the printf function without taking extra care. So in my case, I was using this

To know why you got to understand that when you’re calling this function from your application and then you call AllocConsole function, it will open up a console that is hooked up to your application not to the DLL that is injected into the program so if you printf something in your callback, you won’t see anything because it’s running on a thread on your main application. If you want to see that you need to call the AllocConsole function inside your DLL main function.

Otherwise when you use the printf function that will write to the output of the console of the target processor instead of the console that you had opened

What do the letters W and L stand for in WPARAM and LPARAM?

‹ previous posts