You can dump the PARAM partition for the Galaxy SIII (GT-I9300) like that:
adb pull /dev/block/platform/dw_mmc/by-name/PARAM PARAM.img
That file at first looks like a tar archive.
$ file PARAM.img PARAM.img: POSIX tar archive (GNU)
And it indeed does contain a tarball:
$ tar tvf PARAM.img -rw-r--r-- se.infra/se.infra 3624 2013-11-28 13:33 adv-env.img -rw-r--r-- se.infra/se.infra 42023 2013-11-28 13:33 ani_upload_1_kernel_panic.jpg -rw-r--r-- se.infra/se.infra 39255 2013-11-28 13:33 ani_upload_2_cp_crash.jpg -rw-r--r-- se.infra/se.infra 47443 2013-11-28 13:33 ani_upload_3_forced_upload.jpg -rw-r--r-- se.infra/se.infra 10810 2013-11-28 13:33 ani_upload_4_hardware_reset.jpg -rw-r--r-- se.infra/se.infra 11586 2013-11-28 13:33 ani_upload_4_smpl.jpg -rw-r--r-- se.infra/se.infra 54151 2013-11-28 13:33 ani_upload_4_unknown_reset.jpg -rw-r--r-- se.infra/se.infra 11495 2013-11-28 13:33 ani_upload_4_watchdog_reset.jpg -rw-r--r-- se.infra/se.infra 12276 2013-11-28 13:33 ani_upload_4_wtsr.jpg -rw-r--r-- se.infra/se.infra 9703 2013-11-28 13:33 ani_upload_4_wtsr_smpl.jpg -rw-r--r-- se.infra/se.infra 12711 2013-11-28 13:33 ani_upload_5_user_fault.jpg -rw-r--r-- se.infra/se.infra 19098 2013-11-28 13:33 ani_upload_6_hsic_disconnected.jpg -rw-r--r-- se.infra/se.infra 84123 2013-11-28 13:33 download_error.jpg -rw-r--r-- se.infra/se.infra 73061 2013-11-28 13:33 download.jpg -rw-r--r-- se.infra/se.infra 64410 2013-11-28 13:33 logo.jpg -rw-r--r-- se.infra/se.infra 37205 2013-11-28 13:33 lpm.jpg -rw-r--r-- se.infra/se.infra 36572 2013-11-28 13:33 lpm_wireless.jpg -rw-r--r-- se.infra/se.infra 91511 2013-11-28 13:33 secure_error.jpg -rwxr-xr-x se.infra/se.infra 5851 2013-11-28 13:33 sud_0.jpg -rwxr-xr-x se.infra/se.infra 2713 2013-11-28 13:33 sud_1.jpg -rwxr-xr-x se.infra/se.infra 5634 2013-11-28 13:33 sud_2.jpg -rwxr-xr-x se.infra/se.infra 6292 2013-11-28 13:33 sud_3.jpg -rwxr-xr-x se.infra/se.infra 4604 2013-11-28 13:33 sud_4.jpg -rwxr-xr-x se.infra/se.infra 5706 2013-11-28 13:33 sud_5.jpg -rwxr-xr-x se.infra/se.infra 6792 2013-11-28 13:33 sud_6.jpg -rwxr-xr-x se.infra/se.infra 3885 2013-11-28 13:33 sud_7.jpg -rwxr-xr-x se.infra/se.infra 6826 2013-11-28 13:33 sud_8.jpg -rwxr-xr-x se.infra/se.infra 6528 2013-11-28 13:33 sud_9.jpg -rw-r--r-- se.infra/se.infra 168616 2013-11-28 13:33 warning.jpg
The size of the PARAM.img file is exactly 8MiB:
$ ls -lah PARAM.img [...] 8.0M [...] PARAM.img $ ls -la PARAM.img [...] 8388608 [...] PARAM.img
And we can get the size of the tarball with --totals:
$ man tar
[...]
--totals[=SIGNAL]
Print total bytes after processing the archive. [...]
For example:
$ tar --totals -tf PARAM.img adv-env.img [many files] warning.jpg Total bytes read: 911360 (890KiB, 286MiB/s)
So here the tarball terminates way before the end of the PARAM.img file.
911360 is 0xde800:
$ python [...] >>> hex(911360) '0xde800'
But we still have things after the tarball:
$ hexdump -C PARAM.img 000dd4a0 05 00 14 00 50 07 ff d9 00 00 00 00 00 00 00 00 |....P...........| 000dd4b0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| * 00700000 03 00 fe ca 00 01 00 00 00 00 00 00 00 00 00 00 |................| 00700010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| * 00700200 00 00 00 00 03 00 00 00 4c 4f 00 00 00 00 00 00 |........LO......| 00700210 00 00 00 00 03 00 00 00 01 00 00 00 00 00 00 00 |................| 00700220 00 00 00 00 00 00 00 00 63 6f 6e 73 6f 6c 65 3d |........console=| 00700230 72 61 6d 20 6c 6f 67 6c 65 76 65 6c 3d 34 00 00 |ram loglevel=4..| 00700240 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| * 00700e20 00 00 00 00 00 00 00 00 ff ff ff ff ff ef 7f ff |................| 00700e30 ff ff f7 ff ff ff f7 ff ff fe ff ff ff ff 7f ff |................| 00700e40 fb ef ff ff ff fb ff df ff ff ff ff ff ff ff ff |................| 00700e50 df bf ff ff 7f ef f7 ff f7 ff ff ff ff fe ff ff |................| 00700e60 ff ff ff ff ef fb ff ef ff fb ff ff fd ff f7 ef |................| 00700e70 ff ff ff ff f5 ff ff ff ff ff ff ff ff ff ff ff |................| 00700e80 ff ff ff fe ff ef ff ff ff bf fd ff ff ff ff ff |................| 00700e90 ff ff ff ff ff ff f7 fb ff ff ff eb ff ff ff eb |................| 00700ea0 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fb |................| 00700eb0 ff ff ff ff ff ff ff ff ff ff ff df ff ff ff ff |................| 00700ec0 ff ff ff ff ff ff f7 ff ff ff ff ff ff ff ff ff |................| 00700ed0 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fb |................| 00700ee0 df ff ff ff ff ff ff ff ff ff ff ff ff ff d7 ff |................| 00700ef0 ff ff ff af ff ff ff fe ff ff ff ff ff ff ff ff |................| 00700f00 ff ef ff ff ff 7f ff ff ff df ff ff f7 ff ff ff |................| 00700f10 ff ff ff ff ff ff ff ff ff ff ff ef ff ff f7 ff |................| 00700f20 ff ff ff ff ff ff ff ff ff fe ef ff ff ef fb df |................| 00700f30 ff ff ff ff ff fb ff ff ff ff ff ff ff ff ff ff |................| 00700f40 ff ff f5 ff ff ff ff fb ff ff ff ff ff ff ff ff |................| 00700f50 fb ff ff fb fd ff ff ff ff ff ff ff ff ff ff ff |................| 00700f60 f7 ff ff ef f7 ff ff ef ff ff ff ff ff 9e ff fd |................| 00700f70 ff ff ff ff fb ff ff de f3 fb ff ff ff ef df ff |................| 00700f80 ff ff ff ff ff fb ff bf ff ff ff ff ff ff ff fd |................| 00700f90 ff fe f7 fe ff eb ff ff ff fb ff ff df ff ff ff |................| 00700fa0 df ff ff ff ff ff ff ff ff ff fb ff ff ff ff fb |................| 00700fb0 ff ff ff df ff ff ff ff fe fe fe ff ff f7 ff ff |................| 00700fc0 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fb |................| 00700fd0 fd ff ff ff ff fd ff ff ff ff ff ff fe ff ff ff |................| 00700fe0 ff ff df ff ff ff ff fb ff ff ff ff ff ff ff ff |................| 00700ff0 ff f7 df ff ff ff ff ff ff ff ff ff ff ff ff ff |................| 00701000 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| * 007ffc00 d4 ad 55 ff 52 e9 ed 4c f8 d1 9c 08 79 b6 e9 6c |..U.R..L....y..l| 007ffc10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| * 00800000Questions:
Here's the content of the adv-env.img file:
$ hexdump -C adv-env.img 00000000 03 00 fe ca 00 01 00 00 00 00 00 00 00 00 00 00 |................| 00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| * 00000200 04 00 00 00 01 00 00 00 4c 4f 00 00 00 00 00 00 |........LO......| 00000210 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| 00000220 00 00 00 00 00 00 00 00 63 6f 6e 73 6f 6c 65 3d |........console=| 00000230 72 61 6d 20 6c 6f 67 6c 65 76 65 6c 3d 34 00 00 |ram loglevel=4..| 00000240 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| * 00000e20 00 00 00 00 00 00 00 00 |........| 00000e28Questions:
Default kernel command line: console=ram loglevel=4
console=ram loglevel=8 through the bootloader setenv commandSee MidasBootloader for more details on how to change the command line parameters.
After changing the environment variable, we still have loglevel=4 in the adv-env.img file that is in the tarball:
adv-env.img
$ hexdump -C adv-env.img 00000000 03 00 fe ca 00 01 00 00 00 00 00 00 00 00 00 00 |................| 00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| * 00000200 04 00 00 00 01 00 00 00 4c 4f 00 00 00 00 00 00 |........LO......| 00000210 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| 00000220 00 00 00 00 00 00 00 00 63 6f 6e 73 6f 6c 65 3d |........console=| 00000230 72 61 6d 20 6c 6f 67 6c 65 76 65 6c 3d 34 00 00 |ram loglevel=4..| 00000240 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| * 00000e20 00 00 00 00 00 00 00 00 |........| 00000e28
And the actual kernel parameters were instead saved after the tarball:
$ hexdump PARAM.img * 00700200 00 00 00 00 03 00 00 00 4c 4f 00 00 00 00 00 00 |........LO......| 00700210 00 00 00 00 03 00 00 00 01 00 00 00 00 00 00 00 |................| 00700220 00 00 00 00 00 00 00 00 63 6f 6e 73 6f 6c 65 3d |........console=| 00700230 72 61 6d 20 6c 6f 67 6c 65 76 65 6c 3d 38 00 00 |ram loglevel=8..| 00700240 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| *Results:
On a GT-I9300, if I set the address 0x00700204 to 00, it switch to the USB to the modem's USB, and Bus 002 Device 095: ID 1519:0020 Comneon HSIC Device appears when connecting the GT-I9300 to a computer.
When I set it back to 01, I can have ADB again.
Here's the diff:
$ vbindiff PARAM.img PARAM.img.new PARAM.img 0070 0204: 00 00 00 00 4C 4F 00 00 00 00 00 00 00 00 00 00 ....LO.. ........ 0070 0214: 03 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 ........ ........ 0070 0224: 00 00 00 00 63 6F 6E 73 6F 6C 65 3D 72 61 6D 20 ....cons ole=ram 0070 0234: 6C 6F 67 6C 65 76 65 6C 3D 38 00 00 00 00 00 00 loglevel =8...... 0070 0244: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ 0070 0254: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ 0070 0264: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ 0070 0274: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ 0070 0284: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ 0070 0294: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ 0070 02A4: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ 0070 02B4: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ 0070 02C4: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ 0070 02D4: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ 0070 02E4: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ 0070 02F4: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ PARAM.img.new 0070 0204: 01 00 00 00 4C 4F 00 00 00 00 00 00 00 00 00 00 ....LO.. ........ 0070 0214: 03 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 ........ ........ 0070 0224: 00 00 00 00 63 6F 6E 73 6F 6C 65 3D 72 61 6D 20 ....cons ole=ram 0070 0234: 6C 6F 67 6C 65 76 65 6C 3D 38 00 00 00 00 00 00 loglevel =8...... 0070 0244: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ 0070 0254: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ 0070 0264: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ 0070 0274: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ 0070 0284: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ 0070 0294: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ 0070 02A4: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ 0070 02B4: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ 0070 02C4: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ 0070 02D4: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ 0070 02E4: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ 0070 02F4: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ ┌──────────────────────────────────────────────────────────────────────────────┐ │Arrow keys move F find RET next difference ESC quit T move top │ │C ASCII/EBCDIC E edit file G goto position Q quit B move bottom │ └──────────────────────────────────────────────────────────────────────────────┘
At the next boot the s-boot bootloader will then configure the USB switch to connect to the modem USB.
You can also get that behavior with the stock OS if you go to the phone application and enter *#7284# and set USB toMODEM and then click on the SAVE and RESET button. It will then reboot the phone automatically.
If you run the stock OS, you can't count on recoveries as it tend to replace them the recoveries with its own recovery, but you can still use *#7284# to change USB back to PDA instead of MODEM.
With Replicant, you can enable the terminal, adb and root for adb and applications in the developers settings, and once that is done, through the terminal application you can get root with su and then type the following command to enable adb again:
echo PDA > /sys/devices/virtual/sec/switch/usb_sel
PARAM partition and copy the modified PARAM image to the PARAM partition with dd.