This post is about running Debian GNU/Linux on the Mesada/Flexiview FV-1 “AndroidTV” unit. This post has been a bit delayed, I got very sidetracked with other things this month!

By following these steps, you should be able to use the FV-1 a bit like a normal desktop Linux computer. However, it’s still a long way from my dream goal of running XBMC for Linux.

Android TV front

Continue reading

I’m calling this a “technical review” because I’m not going to spend much time talking about using Android on this device. The reason for that will become apparent.

I recently purchased two “Android TV” boxes from aliexpress, for investigation and general hackery.

Android TV front
Android TV back
Android TV remote

You can buy these from various online vendors (dealextreme, aliexpress, etc.) Also under other names – for instance it’s sold here in Australia as the Kogan Agora TV.

The “original” product is the Flexiview FV-1, made by Mesada Technology, Shenzhen.

Continue reading

This letter is my plea and suggestion to Wondermedia, although the theme applies to similar tech companies as well.

(If any fluent speaker can translate this into Chinese for me, I’d very much appreciate it!)

Dear Wondermedia Technologies,

Congratulations on your WM8505 system-on-a-chip. In 2005, a “$100 laptop” was a visionary idea, a dream. Now, thanks to your technology, I can buy a netbook for $85, including shipping to my house in Australia. If I was in Shenzhen, who knows how cheap it would be?

That netbook has more power than the $3000 desktop computer that I owned 12 years ago.

However, it’s not all good. Ars Technica recently labelled the $99 Maylong M-150 tablet the “worst gadget ever”. That tablet is built around your WM8505. Noone who reads that review will buy the product. No importer will read that review and decide to wholesale order any WM8505 product. No hardware engineer would choose WM8505 on the basis of that review, either.

It doesn’t have to be that way. Vendors can ship better tablets and netbooks, that get better reviews, at no cost to you. You can sell more units, at no cost to you.

Take a look at the custom firmware on Slatedroid.com. Every one of those people has modded the same proprietary WM8505 build of Android 1.6 to try and make it better. It runs faster and smoother and has more features. They have spent hours of their time trying to make your products better.

Take a look at the rough port I did of Android 2.2 this week. It’s very poor quality, but it doesn’t have to be. It can be better, at no cost to you.

Look at the months of hard work by the talented Alexey Charkov to make a WM8505 Linux kernel that is good enough to be in the official kernel tree. Big players like TI, Marvell, NVidia all pay talented developers to make Linux code that is good enough for inclusion in the official kernel. Alexey is doing the same for you, for free. His work is coming along slowly, but it could be coming faster. You can help him to help you, at no cost.

What resources are the community using, at this moment? At the beginning, barely anything at all, just incomplete leaked data sheets. Then you were kind enough to release most of your Linux kernel source, which has helped greatly.

<

p>I’m writing this letter to suggest you release more, for your own benefit. Many big companies provide datasheets, BSPs, SDKs, source code for free. You should do the same with what you already have. With more information and more source code, it would be possible for the community to build many things. If we had the Android 1.6 source code, WMT SDK source code, or current/complete documentation (even in Chinese) then the community would be able to develop Android firmwares with more features and better hardware support, maybe even a 2.2 port that runs well. There is nothing stopping vendors from shipping devices with a community Android build, if it is better. More WM8505 sales, at no cost to you.

More datasheets and documentation will also make Linux kernel development faster and better. How much of your own developers’ time do you save if the mainline Linux kernel has Wondermedia hardware support in it, instead of having to keep patching it in-house? Better quality kernel, less maintenance costs, no cost to you.

The community is indirectly trying to give you a competitive advantage, for free. All you need to do is open up.

Why not open up? One reason, I think, is that you probably charge for this information. Charging for BSPs & SDKs is a revenue stream. I ask you this: How big is that revenue stream? How many more units do you need to sell before it does not matter any more?

Maybe you think that you can’t afford the support costs, or the maintenance overhead. If this is a concern, rest assured that the community does not need much. Even if you just “leak” a torrent file or send the files for someone else to host, the Internet will make sure that they never go away. The community already provides support for each other.

I realise this is not the same as most small hardware companies’ culture. However, there’s no reason why you can’t behave like the big companies on this. This will differentiate you in the marketplace and give you an advantage. The community is standing by, waiting to help make your products great.

These words apply to all similar companies, not just Wondermedia. If someone becomes the first truly open manufacturer of small, affordable, embedded ARM systems then I predict that the developer community will beat a path to their door.

This year a slew of companies have launched competing Android tablet devices. A lot of rhetoric has been spun about how Android’s open source ecosystem gives manufacturers and consumers an advantage.

Android is open source; it can be liberally extended to incorporate new cutting edge technologies as they emerge. The platform will continue to evolve as the developer community works together to build innovative mobile applications. (Open Handset Alliance)

Unfortunately, the current crop of Android tablets aren’t nurturing open source at all.

Android Tablets

With the exception of Barnes & Noble’s Nook e-reader, a device that isn’t even really a tablet, I couldn’t find a single EDIT: I found one tablet manufacturer who was complying with the minimum of their legal open source requirements under GNU GPL. Let alone supporting community development.

Manufacturer Based In Tablets GPL Compliant Sources Available
Apad China 1+ No No
Archos France 2 Yes (see caveats below) Yes
Barnes & Noble United States 1 Yes Yes
Eken Group China 4+ No Partial
(see below)
Gome China 1 No Partial
(see below)
Moonse China 1+ No No
Pandigital United States 1 No (may change) ?
Smart Devices China 5 No Community

EDIT 2/9: Benmars posted in the comments that Archos have now released GPL source code for the Archos 7 Home Tablet. This looks to be a full kernel source release for the Rockchip RK28xx SoC, and even includes includes a prebuilt linux-x86 cross-compiler toolchain. Thank you Archos!

EDIT 31/7: In the comments, xauieous points out that while Archos have released GPL source for the ARM11/OMAP2 based “Archos 5 Internet Tablet” (aka Archos Generation 7), they are not complying with GPL for the ARM9 based “Archos 7 Home Tablet”. The contents of the “Generation 7” kernel tarball seem to bear this out. Xauieous claims Rockchip are holding out on the source for the Archos 9 Home Tablet, same as Apad.

Also, personal note to Archos: Please get a less confusing naming scheme!

EDIT 28/7: Courtesy Harald Welte @ VIA, there’s been a source drop of kernel source for WM8505-based tablets (Eken M001,M003,Gome FlyTouch, etc.) Some parts (video, SD/MMC drivers) are still binary only, Harald says he’s talking to VIA about it.

EDIT 26/7: Zebul posted a comment and drew my attention back to Archos’ GPL download section. I originally thought these were all just media player firmwares, but it turns out “Archos Generation 7” means the “Archos 5 Internet Tablet” and this tarball is a full GPL source release. Well done Archos! To their detriment, the binary firmware does not contain any obvious GPL mention – and this may mean they are still in technical breach of the GPL. The manual doesn’t mention anything either. But it’s still streets ahead of the others. Yay Archos!

(EDIT: I posted some details here. Please leave a comment if I’ve missed any tablets, or any source releases.)

What’s this GPL?

The GNU General Public License is a “copyleft” software license. Manufacturers releasing products with GPL licensed code, like the Linux kernel that underpins Android, are required to make their changes available in source code form.

Android itself isn’t GPL. Its open source Apache license does not mandate that source code has to be made available. However, all Android systems include the Linux kernel at minimum, and may also include other GPL-licensed pieces of software that are not part of the base Android distribution.

GPL source releases for these kernels make it easier for developers to build alternative operating systems, Android or otherwise, to run on the tablet hardware. It also allows improvements and changes to flow back “upstream” to the original software authors.

Why should consumers care?

The average tablet buyer isn’t an open source developer. However, having healthy open source releases means future support for these devices is guaranteed. Currently, projects like CyanogenMod make new improvements available to old Android phones whose manufacturers have already moved on. Similar community improvements could make new releases available on tablets, even though manufacturers are no longer supporting them.

Often, community Android releases are better than the original manufacturer’s. Slatedroid & ECOTOX have been releasing customised Android versions for the Eken M001 tablet which are both faster and support more features than the OEM release. Having kernel source available can only serve to make these releases better. For the Nook e-reader, community software releases allow you to view more ebook formats on your Nook, and even add totally unexpected features like Pandora Internet Radio.

Why should tablet manufacturers care?

Most manufacturers seem to be stuck in the “vendor” mindset that their hardware should remain entirely under their control, and that anyone else working on it is a problem.

However, it seems like community development almost always adds value to the hardware by extending it and adding more features. Especially in the tablet arena where there are no carriers to insist on platform lockdown to support their business model, an open platform doesn’t seem like it carries any significant drawbacks.

Some companies, particularly the smaller Chinese ones, appear to be concerned about competitors ripping their software off into compatible hardware. From what we’ve seen with the Eken M001 though, it doesn’t seem like source availability – especially kernel source – would do much to change the situation.

Outside of e-readers, there aren’t any companies competing on custom software anyhow: for the most part the software is vanilla Android, and competition is on performance, specifications, and especially price. This seems to make an even bigger opportunity for a clever manufacturer to embrace community open-source development, and differentiate themselves from all the “me too” Android clones without incurring any actual R&D cost.

What about chipset manufacturers?

A lot of kernel development for these devices is done by the original chipset manufacturers themselves. For example, it seems like VIA authored and compiled the kernels found in all devices based on the WM8505 chipset (including Eken’s tablets and some others..) It seems like the same story is true for Rockchip, who make the chipset used in the iRobot APad & Moonse E-7001.

Chipset manufacturers aren’t required to release GPL source code to the public, provided they send sources alongside any GPL software that goes to the device manufacturer. VIA has so far chosen this path, stating all sources are released to device manufacturers (although Eken has claimed differently at least once.) In the case of RockChip, manufacturers claim RockChip isn’t even doing that much and are violating GPL themselves (see first comment).

In addition, chipset manufacturers may sometimes author custom kernel modules or other components that are not GPL licensed at all. For example, Samsung have a video acceleration kernel module that is included in the firmware for the SmartQ tablet range. These components are normally not open sourced at all.

I can think of three reasons which chipset manufacturers do not embrace open source. One is that it is simpler not to. Another is that they charge device manufacturers for access to their SDK, and preemptively releasing source takes away that revenue stream (although possibly at the expense of extra hardware sales.) The last is that they are concerned about protection of their intellectual property, although this seems unnecessary given that most of their trade secrets are captured in the hardware itself, which is in turn protected by patents.

What about Google?

Google is in an interesting position here. On the one hand, they have worked hard to make sure that above the kernel layer Android is not GPL licensed. This serves to calm worried manufacturers threatened by the idea of having to release source. It seems, sadly, like a necessary step in order for Android to receive the kind of market prominence that Google wants for it.

On the other hand, it seems hypocritical for Google to tout Android’s “open source” credentials when it seems so clear that most companies profiting from it are completely oblivious, maybe even antagonistic, to open source.

I think there may be things Google could do to encourage manufacturers to be more friendly (or at least legally compliant) with open source, without scaring them off. An idea that springs to mind, especially now Google seem to be out of the device business, is promotion & accreditation of open source friendly manufacturers who receive extra kudos and promotion from Google in exchange for giving back to the community. Some kind of base level accreditation for companies who do not violate GPL, and additional incentives for companies who give back extra to the community.

Where to from here?

There are a lot more Android devices on the horizon, from a variety of manufacturers. It is my sincere hope that, especially following the growing buzz around “open source hardware”, at least one chipset or device manufacturer decides to make a break from the pack and announce “open source friendly products & manufacturing” that includes supporting community development.

Until then, if you care about open source you may actually be better off buying an iPad than many of the devices listed above. At least Apple comply with GPL and contribute back to the open source projects that they benefit from!

“Derek” posted up a comment yesterday:

I have a EKEN M001, which will not unlock the screen by pressing MENU.

I have tried reseting the EKEN M001 by pressing the Reset button on the back ofthe MID, but te screen stays unlocked.

The top of the screen says: “Demo Version” when the GUI appears, does this need a Operating System update. If so, hpw can this be done.

Short Answer

I think your tablet has failed its internal licensing check. Try to return it to the retailer that you bought it from. If you now connect it to the internet, it will “phone home” to a company in Shenzhen, China.

EDIT: Before you give up try connecting to the internet for a while and leave it connected. It seems like sometimes “phoning home” will verify that it’s a legit install and then the message will go away.

Long Answer

This is a coincidence, because just yesterday I was looking at the decompiled Eken libraries posted to slatedroid by ‘bushing’. Hidden in there is licensing code that verifies the Eken is running on genuine hardware. I think it works like this:

  • The Eken has a serial number loaded into its CPU (a WMT system parameter in the SoC.)
  • The serial number maps to the hardware (MAC) address of the onboard wireless adapter.
  • At startup, the Eken loads the serial number and compares it with the serial number it calculates from the wireless adapter.
  • If they do not match, it locks and throws up “Demo Purpose Only” (possibly “Demo version has expired” on the latest firmware.) It will also continually try to “phone home” with some details about the device (see below.)

I think all of this is to prevent someone putting their firmware into another device, unlicensed. The code is obfuscated (intentionally hidden in the source) in the hope that a casual shanzhai observer will miss it.

From looking around the internet, it looks like quite a few devices are turning up brand new with “Demo Purpose Only”. The only easy thing to do is to return it to the retailer that you bought it from.

It is possible some retailers are selling fake or refurbished units (maybe they swapped the WiFi unit or the CPU daughterboard out.) In other cases like this, it looks like units may be shipping from Eken with invalid serial numbers (poor quality control?) Finally, in cases like this it seems that temporary problems with the WiFi may trigger this behaviour for a while, then it fixes itself.

Eken Phone Home

I found it quite surprising that the unit tries to phone home if it thinks its license is invalid. It phones home with 3 details:

  • A username & password which is decoded from the file /data/wmtpref/custkey (in the firmware itself.)
  • The MAC address of the wireless adapter

… the very odd thing is that the unit does not phone home to Eken. It phones home to a company called Aiteer, who are also based in Shenzhen but do not seem to have any published relationship with Eken. Aiteer’s web site doesn’t say anything about software development, but I can only guess that they did the firmware development for Eken and possibly related MID/tablet devices using the WM8505 chipset.

Other Thoughts

It’s odd that the firmware locks the user out and tries to phone home, because if the user is locked out then it’s unlikely that they’re going to be able to connect to the internet. Maybe I missed a detail in my reverse-engineering, and the lockout only kicks in every few minutes or something.

Although “phoning home” is pretty common, software phoning home without the knowledge or consent of the user is less common and is often regarded as unethical. I’m glad that in this case no personal information is being sent back, but clearly we’re at the mercy of the manufacturers in this regard. Unlike mainstream manufacturers, companies like Eken have no corporate presence outside of their factory in China – in other countries, the laws that protect consumers are effectively powerless. If you hypothetically did find out that an unscrupulous shanzhai was stealing your personal details, there is no real recourse you could take.

The license check code was obfuscated in the library (libui.so in this case) so that a casual observer would not see it. For example, nothing unusual showed up when I ran ‘strings’ the other day. However, a tiny bit more reverse-engineering shows up a helper method calling base64_decode to decode each of the string constants related to the license check.

The code used to decode the username & password from the customer key, as well as the code used to calculate the serial number, are both trivially simple and anyone with some C programming knowledge can decipher them from the decompiled dump in an hour or two. For this reason, I think that the manufacturers only put in this protection to avoid casual copying of their firmware into another product – anyone serious about ripping them off could spend a couple of hours and generate their own serial numbers, and disable the “phone home” feature, without needing to modify the binary code at all.

Because the serial number is tied to the MAC, I don’t think anyone will be able to replace the WiFi module at all – even though you own the product.

It bothers me a lot that Eken are going to lengths to protect the tiny amount of proprietary code in their product, while not doing anything to fulfill either the legal obligations or the spirit of the substantial open source parts of the product. It bothers me doubly so now that they’ve locked out the root serial console in the latest (1.7.4) firmware release. How do they think that this helps their product?

See here for my review of the M001.

Eken M001

This teardown shows the V006 revision of the board, a quick serial port install, and includes some console/dmesg output. The main difference between V005 and V006/V007 board revisions seems to be relocating the USB WiFi dongle to a better position.

EDIT: It took me a while to post this article, and Slatedroid is down this past week. So links to there will be broken (hopefully not for good.)

This isn’t the first teardown of the Eken M001, the first one was the “Aimless Teardown” and there is also a disassembly howto video by another community member.

Warning

I’ve had lots of hardware problems with my Eken since I took it apart. They may have been there before, but maybe not. YMMV, but be careful and remember you may not still have a warranty after the device has been opened, and especially after it’s been modified.

Specifically, I have two problems. There is a cold solder joint in one corner of the board (I’m currently warming it up before it will boot at all.) Also I get occasional failure of the LCD (totally black) on reassembly, which requires me to press on the front of the unit until it clicks back on.

Getting In

  1. Remove the two phillips screws on each side of the base:
    Base of Eken
  2. The only other thing holding the back on is a series of plastic clips around the outside of the unit. Working from the base (the first clip is half-way between the two screws), carefully insert a plastic spudger or a knife (worse, but what I used) and jiggle it around until each clip snaps open. Some clips may break, they’re not very strong.

    Then work your way along towards the top of the unit:
    Eken part open

    Eken more open

  3. Once all the clips have popped, remove the plastic back. Take care not to disturb the small speaker
    Small speaker in the plastic back
    Plastic back

Main Board

Main board as installed
(Click through for a high-res version.)

You can see:

  • Battery and backlight connectors bottom-left
  • Internal USB soldered to pads bottom-right (leading up to the USB WiFi module, installed top left.)
  • LCD and touchscreen ribbon connectors on the left side.
  • Main CPU daughterboard in DIMM socket.
  • CPU Board

    Here’s some shots of the CPU daughterboard:
    CPU daughterboard front
    CPU daughterboard back
    The board is hosting a VIA/Wondermedia WM8505 SoC. Datasheet shared here (courtesy Slatedroid, again.

    Serial Connector

    J17 on the back of the board is a RvTTL (3.3v) serial port. 115200 8N1. Pinout, left to right, is Vcc Tx Rx Gnd.

    I didn’t take any photos of it before I soldered on my serial port, but here it is after:
    Eken M001 serial port

    The only other interesting thing I saw on the back of the board was the 2Gb NAND flash:
    2Gb NAND flash

    Boot logs

    Once you have the serial port connected, you can grab some log data easily (and you also get a root shell once startup completes.)

    EDIT: As of firmware release 1.7.4, no more automatic root shell on serial console. It’s still a boot console, but for root you need to log in… Poor show, Eken.

    Standard kernel boot log, plus some /proc entries
    Log of a factory upgrade via SD card

    I meant to capture and post some of the ‘logcat’ Android log output as well, from standard startup, but it doesn’t look like I kept any.