Better Mobile App

Bootloader Cracking : Devs only

NEW - March 2011
A method of booting custom kernels (using kexec) has been developed. Thanks Bin4ry, zdzihu, MrHassell, blagus, and all other devs who are working hard to make this stable.
The bootloader protection has been bypassed!
zdzihu said:
Bootloader is broken/bypassed!
Big bad huge font to avoid confusion =)​
@Goroh_kun:
Buddy, I know you're still reading this forums so... I just want you to know that you are absolutely BRILLIANT. You're a STAR.
BIG thanks for all your contributions into this project! Nothing, and I mean NOTHING would happen without you.
@devs:
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
@SE: lads, it's your turn now - please unlock it already. I promise we won't brick our phones
@all: DON'T ask for details. I will post here when I'm ready to do so. Today (I guess?) is the Arc release date and stuff, I don't want to mess around...
Still busy working abroad,
Cheers,
z
Click to expand...
Click to collapse
Link to 2.1 alpha kernel (2.6.29)
http://forum.xda-developers.com/showpost.php?p=12578251&postcount=848
OLD
Important info!
http://forum.xda-developers.com/showpost.php?p=12298790&postcount=811
Link to FlashTool
http://forum.xda-developers.com/showthread.php?t=920746
Here are some posts:
MrHassell said:
Yes and yes - while rebooting and as zdzihu previously reported kexec is viable.
http://forum.xda-developers.com/showpost.php?p=8714275&postcount=407
zdzihu
override partition table using kernel command line. Tried (via kexec) and it worked.
Code:
mtdparts=msm_nand:[email protected](appslog),[email protected](cache),[email protected](system),[email protected](userdata),[email protected](loader)
Bin4ry - tawrite - http://forum.xda-developers.com/showpost.php?p=8931422&postcount=442
cat /proc/mtd
mtd0 cache
mtd1 appslog
mtd2 userdata
mtd3 system
My final post on the subject. Have better things to do now the media have landed au reviour.
Click to expand...
Click to collapse
Bin4ry's kexec kit posts
http://forum.xda-developers.com/showpost.php?p=12240639&postcount=708 - V1
http://forum.xda-developers.com/showpost.php?p=12245719&postcount=711 - V2
http://forum.xda-developers.com/showpost.php?p=12260334&postcount=724 - V3
MrHassell's V3 test log
http://forum.xda-developers.com/showpost.php?p=12261764&postcount=729
21st March 2011, onwards
Bin4ry said:
Can you try to run it on chargemon script instead of xRec?
So that we can run it at the very beginning of boot process. Maybe this is a solution!
This should work in the chargemon script:
exec /data/local/tmp/run.sh
WARNING!
JUST TRY THIS IF YOU KNOW WHAT YOU ARE DOING !
Regards
Click to expand...
Click to collapse
Androxyde said:
chargemon the safer way :
Just before recovery if then else :
if [ -e /data/local/tmp/kexec ]
then
rm -r /data/local/tmp/kexec
exec /data/local/tmp/run.sh
fi
so from the OS, touch /data/local/tmp/kexec the reboot and it will boot the kexec script and remove the kexec file so that the next boot or reboot will go fine
Click to expand...
Click to collapse
Bin4ry said:
So, 2 users with bb58 had booted fine then WLOD.
Seems the initial idea is working
Now fix the problems and all is good ?
Regards
Click to expand...
Click to collapse
DooMLoRD's test
http://forum.xda-developers.com/showpost.php?p=12266289&postcount=750
Bin4ry's edited chargemon file
http://forum.xda-developers.com/showpost.php?p=12266422&postcount=753
Comment from DooMLoRD - actually about the above file.
DooMLoRD said:
just an additional comment...
the following chargemon will work only for recovery flashed through Flashtool v0.2.8 for stock roms only
also please do not try that chargemon on CM7RC2 roms (u wont be able to get into the OS cause recovery on CM7RC2 is shifted to /system/recovery/
also the line chroot / /init will work for 2.3 roms but is not compatible with 2.2 roms... for 2.2 roms u need /system/bin/chroot / /init
Click to expand...
Click to collapse
x10b's test
x10b said:
boot.img installed >> boots normal got my radio, wifi , everything works fine...
FW : 2.1.1.A.0.16
BB : 2.1.58
test ok......
Click to expand...
Click to collapse
x10b's test video
http://forum.xda-developers.com/showpost.php?p=12287032&postcount=798
DooMLoRD's edited (universal) chargemon file
http://forum.xda-developers.com/showpost.php?p=12267053&postcount=762
Important for 'non-devs' - also look at DooMLoRD's post ahead
wolfilein said:
@all
you shouldn't flash the file with xrecovery!
you should extract it to
/data/local/tmp/
on you phone
and replace the /system/bin/chargemon with the one bin4ry has posted some posts ago
after that make it executable
with
chmod 755 /system/bin/chargemon
then create the file /data/local/tmp/kexec
with
touch /data/local/tmp/kexec
and then reboot you phone should load the new kernel
Click to expand...
Click to collapse
DooMLoRD's post in reply to above:
http://forum.xda-developers.com/showpost.php?p=12267467&postcount=766
jerpelea said:
cm7 boots with custom kernel
Click to expand...
Click to collapse
More testing:
DooMLoRD said:
test with Stock SE ROM FW: 2.1.A.0.435 | BB: 2.1.54
booted into OS but no radio, strange question mark symbol on top of battery symbol (in notification bar)... phone rebooted in few seconds couldnt get into "About Phone"... though no LED notifications of any sort... even have made a video of boot up process [it look good on handset ] will post it here in a while
EDIT:
on second attempt tried to get to "About Phone" asap... under "Kernel Version" it was "unknown"... and then the system immediately rebooted...
keep up the great work Bin4ry and all other devs...
Click to expand...
Click to collapse
DooMLoRD's bootup video
http://forum.xda-developers.com/showpost.php?p=12269301&postcount=775
Androxyde said:
I am on stock firmware A.0.16
I modded my chargemon to implement booting cust kernels from it and a gscript script shortcut on the desktop to reboot.
I tried these :
Reboot custom kernel with stock BB .58 : booted / no radio / reboot in less than 1 minute
Reboot custom kernel with BB 55 : same as with .58
Reboot custom kernel with BB 52 : booted / no radio / no reboot
Reboot stock rom with BB 52 : no radio
So with my last try I cannot conclude anything about the "no radio"
Will keep you informed with my further tests
Click to expand...
Click to collapse
More tests from DooMLoRD
http://forum.xda-developers.com/showpost.php?p=12272634&postcount=784
http://forum.xda-developers.com/showpost.php?p=12282471&postcount=789
http://forum.xda-developers.com/showpost.php?p=12303304&postcount=812
Bin4ry's kernel patches, config and build script from zdzihu:
http://forum.xda-developers.com/showpost.php?p=12272201&postcount=781
Bin4ry's kernel based on SE .435 kernel sources
http://forum.xda-developers.com/showpost.php?p=12275044&postcount=786
Aeny's tests
Aeny said:
x10i | J's CM7 RC2 V10a | BaseBand 2.0.46 | boot.img: 22.03.11-00_25
-Same behavior as BB 2.0.52
-(Stock kernel + this BaseBand = WLOD reboot loop.)
x10i | J's CM7 RC2 V10a | BaseBand 2.0.49 | boot.img: 22.03.11-00_25
-Same behavior as BaseBand 2.0.52
x10i | J's CM7 RC2 V10a | BaseBand 2.0.52 | boot.img: 22.03.11-00_25
-Screen not waking up by pressing any buttons, to wake up press any button, then press the screen. If "Screen-on" and/or "Screen-off" animations are enabled in CM-Settings then screen cannot be woken up at all.
-Battery shows a percentage, but does not indicate charging, however the battery level is going up.
-Time seems to update once every few (10~11) minutes instead of every minute & always starts counting from 1/1/1970 -1h:00m at boot.
-WiFi shows "error" under settings but does magically work, just can't be turned off.
-Bluetooth doesn't want to turn on.
-Baseband: "Unknown".
-Kernel Version: 2.6.29Bin4ry "[email protected] #1".
-no reboots (running 15minutes).
-screen doesn't auto-turn off but dims instead.
-Battery status shows as "unknown" under settings -> about phone -> status.
-No USB.
-LED doesn't light up while charging.
x10i | J's CM7 RC2 V10a | BaseBand 2.1.54 | boot.img: 22.03.11-00_25
-Freezes after 2~5seconds(can't see if WLOD because LED doesn't work).
-(Stock kernel + this BaseBand = WLOD reboot loop.)
x10a | J's CM7 RC2 V10a | BB 2.1.54 | boot.img: 22.03.11-00_25
-Freezes after 2~5seconds->reboot(can't see if WLOD because LED doesn't work).
-(Stock kernel + this BaseBand = WLOD reboot loop.)
Click to expand...
Click to collapse
Aeny said:
x10i | Build: 2.1.A.435 | BaseBand: 2.1.54 | boot.img: 22.03.11-00_25
-Booted into OS: YES
-Radio: NO
-Reboot in few seconds: YES
-Questionmark on battery: YES
-BaseBand: Unknown
-kernel: 2.6.29Bin4ry [email protected] #1
x10i | Build: 2.1.A.435 | BaseBand: 2.1.58 | boot.img: 22.03.11-00_25
-Booted into OS: YES
-Radio: NO
-Reboot in few seconds: YES
-Questionmark on battery: YES
-BaseBand: Unknown
-kernel: 2.6.29Bin4ry [email protected] #1
x10i | Build: 2.1.A.435 | BaseBand: 2.1.54(a) | boot.img: 22.03.11-00_25
-Booted into OS: YES
-Radio: NO
-Reboot in few seconds: YES
-Questionmark on battery: YES
-BaseBand: Unknown
-kernel: 2.6.29Bin4ry [email protected] #1
x10i | Build: 2.1.A.435 | BaseBand: 2.1.55(a) | boot.img: 22.03.11-00_25
-Booted into OS: YES
-Radio: NO
-Reboot in few seconds: YES
-Questionmark on battery: YES
-BaseBand: Unknown
-kernel: 2.6.29Bin4ry [email protected] #1
Back to CM7 for me, SE's rom felt like playing a game @ 2FPS.
~Aeny
Click to expand...
Click to collapse
Ahmed radi's tests
Ahmed radi said:
boot.img: 22.03.11-00_25 / FW: SE 2.1 / BB 2.1.54
its work great !
boot normaly then radio work and WiFi also work !
boot.img: 22.03.11-00_25 / FW: SE 2.1 / BB 2.0.52
freeze on SE logo fo about 5~9 sec | no radio (insert SIM) | Wifi work
@ Bin4ry
good look bro
Click to expand...
Click to collapse
Ahmed radi said:
@ DooMLoRD
good now we have conferm that bin4ry kernel work with .54
i try also 52 but there is no radio !
i reflash the phone with 54 BB but also get no signal !
any idea about this ?
@bin4ry
could we convert the .img to .sin ?
Click to expand...
Click to collapse
Bin4ry said:
No, sin is the signature header. For that we need the signing key and we don't have it!
Regards
Click to expand...
Click to collapse
Ahmed radi said:
good lack Bin4ry !
test report :
X10 2.1 .435
BB54
run gr8 ,with Xda then reboot in se rom with radia and i test wifi and its work also!
edit :
BB58 also just like above !
>after we have sacsesfully loud Bin4ry kernel , could we have muiltitouch(not just dual) ? thanx
Click to expand...
Click to collapse
More info from Bin4ry
http://forum.xda-developers.com/showpost.php?p=12285626&postcount=795
shyvue's test
shvyue said:
I'm new to this but what i did is, copy all files from bootkit to /data/local/tmp
adb shell
$ su
# chmod 06755 run.sh
# ./run.shls
Phone shows fast-usb reboot, then a cute dog at top-left, then xda-developer with brown background.
SE stock image:
2.1.A.435
x10i-2.1.58 white led after xda-developer image then reboot with SE logo, etc
x10i-2.1.54 white led after xda-developer image then reboot with SE logo, etc
Click to expand...
Click to collapse
mpasanthosh's test
http://forum.xda-developers.com/showpost.php?p=12311351&postcount=816
Starting from 14th January 2011
blagus said:
Hi to all developers!
I haven't read whole thread, but I'm sure bootloader hasn't been cracked yet.
I spoke to a source who know really a lot about SE phones. He has been investigating X10 a lot and I got some info from him. He might be able to give me some further info but only if you are willing to read and try to accept my post and not just tell me "Xperia is different SE phone".
Believe me, he knows a lot about how X10 boots/works, and what's happening inside it (software part). He's been investigating phones since DB2020, and knows something about phones even before that.
As first, when I told him about "bootloader" he wasn't 100% sure what is that.
Most correct structure of X10 boot process and all "parts" involved is:
first, "real" ROM, which is actually one time programmable and can't be ever reprogrammed, is started.
In EROM, there's signature which is checked by ROM at beginning of boot - if signature is OK, ROM proceeds with running EROM and leaves it to continue boot process.
That is: checking signatures of everything that it runs directly, and then launches it if signatures are OK.
He also said that ROM is very incorrect name for phone's firmware - because ROM is actually thing that I mentioned above. Of course, you don't have to rename all ROMs to FW now, however it would be good if at least here in development thread correct names are used because that would help you, me in understanding what you're talking about - because I have knowledge from A1/A2 series and now he proved me that I was right about what I was saying - and him in understanding and possibly some further small tips.
He said that the thing that launches actual firmware - Android, is S1Boot, and it actually is in some structural way connected with A1's EROM and A2's SEMCBOOT.
(That is the thing I've been trying to say some time ago however no one was listening to me, nor wanted to check it - everyone was just saying "No, this phone is different from other SE phones.)
That then means that getting developer (more understandable - "brown") loader.sin - which actually contains S1Boot, or as you probably call it, bootloader - won't help you because in that S1Boot, there are flags that define if brown image will be accepted or not.
Also, in ROM there is root certificate (Qualcomm), "first in the chain" he said, not Red - retail, or Brown - developer one. S1Boot is also signed with that root certificate, and even existing S1Boot in our Xperias contain both Red and Brown certificates (unlike on A1/A2, where there is either red which accepts just red flashes, or brown which accepts them all), and only thing that differs is flags which tells EROM/S1Boot should it accept brown flash or not.
Note: Do not mix root certificate that is S1Boot signed with, and Red/Brown located inside it!
You can easily check this by opening existing, "usual" available for download here loader.sin in Notepad and you'll first find few certificates - S1_loader_root, S1_EROM_root, etc. and after that S1_loader_test, S1_EROM_test, etc. - same names, but instead of root it says test - this proves that there are both red and brown certificates.
He also said that
"brown sin-s can be self-produced... usually the brown RSA keys are available".
That means that if we put brown RSA key before header of pre-patched loader.img, we would get brown signed loader.sin, and we would just have to find a way to change flag to make the phone accept that brown image.
About pre-patching: yes, S1Boot has to be patched in order to accept unsigned flashes - whether it's just changing those flags, or rewriting it - however in that case still original root certificate must stay inside because it's checked by ROM.
And last thing is that he said that "SE used to disable Jtag on retail phones".
I remember that someone here mentioned Jtag but I don't know what was the result.
To receive further help/tips from him, following questions must be answered:
Question 1: To what exactly do you refer when speaking about bootloader? Now when I explained about S1Boot, can we actually say that bootloader = S1Boot (similar to) > A1's EROM (similar to) > A2's SEMCBOOT?
Question 2: What's contained in boot.img, if S1Boot is inside loader.img/loader.sin?
Best regards
Click to expand...
Click to collapse
25th January 2011
Bin4ry said:
Anyone wants to try my modded kexec-tool? I hope i have found a solution, but don't know yet, because my netbook still compiles the kernel ..... (for another 20 hours )
Regards
Bin4ry
Click to expand...
Click to collapse
Bin4ry said:
Since Maxrfon didn't answered my last mail again (he's very busy now) i had spare time and worked on this little tool once more =)
I hope we can boot another kernel with kexec-tool now.
for that we need a zImage and a initrd + some bootparameters for the kernel (root partition)
So if anyone want to try i would be lucky. My compilation was broken and now i have to start again :'(
So i anyone here wants help to try i would be lucky =)
Regards
Click to expand...
Click to collapse
26th January 2011
Bin4ry said:
Yes a initrd is needed, because i have not found the initrd location in virtual memory now, so i cannot point to it from kexec
Code:
kexec -l /zImage --apend="root........" --file="/initrd"
kexec -e -f
also you should appen the root partition.
It would be nice if someone could upload a zImage, i'm still stuck in compiling it *LoL* ****ing netbook is compiling 15 hours and then it aborts with some errors ^^
Regards
Click to expand...
Click to collapse
blagus said:
Put kexec in /system, chmod 777
Put ramdisk_orig.tgz and zImage to / and chmod 777
Code:
# kexec-tool -l /zImage --append="/" --initrd="/ramdisk_orig.tgz"
# kexec-tool -fe
After reboot zImage and initrd dissapear from /
Maybe if I put them in /system... I'll try that and let you know result.
Click to expand...
Click to collapse
Bin4ry said:
@Shamux thanks for the kernel.
@blagus:
You have to append the root partition to kernel parameters, else it will not detect it!
It's just like you want to boot a normal kernel on pc
Try adding --append="root=/dev/blablabla rw"
check which one is root partition (don't know now) and then check again if it works.
What we really neew is some kmsg log or smth.
Also Z mentioned to compile the kernel with semc-es209ra-capk config.
A minimal config will be a better way to start because something is breaking up we cannot find it.
But if we can boot minimal kernel, we can try to add more and more step by step and find the problem =)
Regards
Click to expand...
Click to collapse
blagus said:
Hmm... then, a little bit of experimenting is required...
I've got new info regarding bootloader cracking, from my source again
In theory it's very simple and you probably know that already: we calculate prime numbers that public key is made from - one key is enough, second can be calculated with
key ÷ 1st prime formula. But, you already know that.
Now, how to get these keys? Probably you know that too but let me repeat:
with OpenSSL we can get certificates from loader.sin. For example, this is interesting part of S1_loader_root (root certificate):
Code:
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
00:ea:a5:f7:7d:bd:67:21:33:04:00:ea:91:b0:c6:
cd:38:6c:aa:da:60:c1:77:e2:24:67:be:b7:da:4f:
e6:e5:92:fd:5b:b4:1a:97:54:cb:2f:7d:b1:63:e3:
d4:43:b9:a6:91:70:36:9f:5f:3a:7a:0e:2c:a7:44:
3b:40:84:0f:40:79:4a:b7:e8:58:d7:47:15:29:79:
07:b7:65:7b:d3:6d:40:10:29:78:c5:8f:51:b0:6e:
38:a9:97:1c:ff:1e:e5:bc:0d:22:1c:08:22:db:ad:
40:6f:2f:28:8a:8f:5c:38:d3:2a:96:72:48:66:28:
07:80:11:f1:62:f9:d3:40:a7
Exponent: 65537 (0x10001)
Modulus here is public key.
Just give this modulus to the CPUs and GPUs and let them calculate primes.
With these primes, calculation of private key should be trivial.
Update: this key is what we need to crack, that's it. Then, we can even make our own certificate - just like now there are, for example, s1_loader (Red, retail) and s1_loader_test (Brown, developer), we can make our own s1_loader_xda... and then, if it's issuer is S1_Loader_Root_f851 (like it is in root certificate attached here), and it is present in all parts of loader.sin (signature, signature of loader payload data) then phone will accept it.
Yes, that's right: this "Modulus" number above is the one that we need to crack in order to modify bootloader.
Update: if there's something confusing in this certificate, it's probably the fact that it's issuer and subject are same: yes, it's self-signed. But unfortunately, it won't work if we make our self-signed certificate
Click to expand...
Click to collapse
arkedk said:
Don't know if this is any help or useful info for any of the devs.
But managed to check the code in the lib_s1_verification.so file
Here's the boot sequence.
These files is what I know has something to do with the s1:
/lib/lib_s1_verification.so
/bin/linker
/bin/s1_verification_test
I don't know what I'm looking at here, but just wanted to see if I could make some kind of contribution to get the bootloader opened up.
Also attached the dedexed files from within semc_bootinfoif.jar if those are useful to anyone.
Assuming this is the Booting Sequence:
Click to expand...
Click to collapse

I tried typing in 'adb root enable' and this appeared (see attachment).
If we can get a developer rom somehow, we could enable root.
If unclear, it says that 'adbd cannot run as root in production builds'.
I think that Sony Ericsson's adb drivers are causing this. If we could hack into the official android one, we could maybe unlock some adb commands (adb shell doesn't even allow any command to work!)

Very good idea to start a new thread. Please someone of the moderators delete all future comments that are not related to root!
I finally compiled the tardis program but it doesn't work
Here my original post :
-----
This didn't work on X10. But possibly someone will try it on other devices.
Usage: ./tardis <BIG FILE>
Big file should be ~ 100mb
------
-Bin4ry

Gathered Information about the kernel and mount points so far:
Kernel Version: Linux version 2.6.29-rel ([email protected]) (gcc version 4.2.1) #2 PREEMPT Wed Mar 10 16:53:36 JST 2010
(notice it's been compiled on march 10 so it might have been patched until february)
Internal flash partitions:
/dev/block/mtdblock2 /system yaffs2 ro 0 0
/dev/block/mtdblock3 /data yaffs2 rw,nosuid,nodev 0 0
/dev/block/mtdblock1 /cache yaffs2 rw,nosuid,nodev 0 0
/dev/block/loop0 /cdrom iso9660 ro 0 0
4Mb ramdisk: tmpfs /sqlite_stmt_journals tmpfs rw,size=4096k 0 0
Inside the software update package, there are a lot of files:
update.xml -> update template, it says not to erase amss_fs.sin, maybe that's why it's empty...
preset.ta ->
Inside there's this:
Code:
// preset.ta has same format as TA file generated by FXTool
// Specification document: 69/159 35-LXE 108 116 Uen, Rev PA3
// Format:
// [TAPartition<HEX8>]{1}
// [UnitID<HEX32> UnitSize<HEX16> Data<HEX8>{UnitSize}]{n}
// (c) Sony Ericsson Mobile Communications AB, 2009
02
000008FD 0010 00 00 08 00 05 00 00 00 0E 00 00 00 08 00 00 00
00000961 0004 FE FF FF FF
amss_fs.sin -> no idea...but it seems empty as the cache 639 byte
apps_log.sin -> template for wiping mtdblock0 partition? (639 byte)
cache.sin -> template for wiping cache partition (like data partition, 639 byte)
fota0.sin -> ?
fota1.sin -> ?
boot.sin -> our beloved boot.img? (5.4 mbytes)
recovery.sin -> it looks like we have a recovery mode after all (not just safe mode)
dsp1.sin -> dsp firmware?
amss.sin -> Radio firmware?
metadata.dat -> 536 bytes, I guess it will be package metadata
simlock.ta -> 1,3 kb
system_S1-SW-LIVE....sin -> 195Mb, system partition
userdata_S1-SW-LIVE....sin -> 4,8kb, template for wiping data partition, maybe it has some file in there... haven't checked yet.
Things I tried so far:
m7 exploit. It seems fixed on this kernel (that or it might need some tinkering to the code)
exit_notify() local root exploit. suid_dumpable is 0 on /proc, so useless
h00ly**** exploit. Bin4ry tried this, but it seems it didn't work either.
Good thing: Sony Ericsson update service is programmed in java, and lollylost100 has already managed to make the program dump update images decrypted, so we might have a chance with that.
Also, bootloader starts if you take out the battery, plug usb and then turn it back in. It goes on for 10 seconds, after that, it times out and reboots to normal. So maybe if we don't mess with the bootloader we can restore it no matter what happens to the rest of the flash (don't trust this much)
About the mtd partitions, there are only four visible to Android, but there have to be more.
Radio partition, recovery partition (if it flashes it will be somewhere, unless its just a kernel+ramdisk that boots when in 'safe mode'), bootloader and such. Where are they hidden?
I have a copy of the running configuration for the kernel from .16 version, if anybody wants, I can put it somewhere.
If you wan't to retrieve it from your phone just do:
cat /proc/config.gz > /sdcard/config.gz
from adb/local terminal.
@HunteronX: that error it gives you is because you need a dev firmware, or being able to do a 'su', to get root access, it's not a driver problem. If you do "adb shell" you get a terminal with user id 2000 (shell), but no way of getting id 0 (root) with official firmware (unless hacking).By the way, that post you pasted from me is very outdated and there's not much useful information so you can remove it from the first post Thanks for starting a new thread, hopefully we'll manage to keep it clean!
Regards, Biktor

biktor_gj said:
update.xml -> update template, it says not to erase amss_fs.sin, maybe that's why it's empty...
Click to expand...
Click to collapse
Code:
<?xml version="1.0" encoding="utf-8" ?>
<UPDATE>
<NOERASE>amss_fs.sin</NOERASE>
</UPDATE>

HunteronX said:
I tried typing in 'adb root enable' and this appeared (see attachment).
If we can get a developer rom somehow, we could enable root.
If unclear, it says that 'adbd cannot run as root in production builds'.
I think that Sony Ericsson's adb drivers are causing this. If we could hack into the official android one, we could maybe unlock some adb commands (adb shell doesn't even allow any command to work!)
Click to expand...
Click to collapse
This information is Wrong.
ADB is not allowed to run as root on Any production builds, not only Sony Ericsson.
Also all "normal" ADB commands work.
My Contribution: The only Directory where you can put native executables is /data

sim-value said:
This information is Wrong.
ADB is not allowed to run as root on Any production builds, not only Sony Ericsson.
Also all "normal" ADB commands work.
My Contribution: The only Directory where you can put native executables is /data
Click to expand...
Click to collapse
confirmed, all production build android we couldn't enable root. that is too easy.
we do can write and excute in /data. It use to be an exploit moving data form
/data to /system but now that hole is close, thoe move request get kill on the way.
Still no sign of recovery or bootloader access. ADB reboot won't help as you will get the normal bootup screen.
SEUS flash mode can be turn on and detect USB SEMC Flash Device in Linux and Mac OS, but after 20 - 30 second
it will shut it self and reboot in normal mode. there might be some trigger here.

funfobia said:
confirmed, all production build android we couldn't enable root. that is too easy.
we do can write and excute in /data. It use to be an exploit moving data form
/data to /system but now that hole is close, thoe move request get kill on the way.
Still no sign of recovery or bootloader access. ADB reboot won't help as you will get the normal bootup screen.
SEUS flash mode can be turn on and detect USB SEMC Flash Device in Linux and Mac OS, but after 20 - 30 second
it will shut it self and reboot in normal mode. there might be some trigger here.
Click to expand...
Click to collapse
Ok, thanks for telling me that - looks like i've got a lot to learn...
@biktor_gj I've hopefully now removed all the information you wanted.

/data is not the only place where you can run binaries, you can also execute them from /sqlite_stmt_journal ramdisk. The only issue is after rebooting the phone files will disappear, but /data has the nosuid flag enabled on the mount command, but that flag doesn't exist on the sqlite tmpfs.
Regards

I just sniffed yesterday the packets when SEUS is connecting to the Sonyerricsson Serve.
What I found out is that SEUS is requesting following IP: 195.95.193.10
If you enter this in your browser it returns following:
ma3.extranet.sonyericsson.com
There you can download a software called EMMA. Someone knows what's that for a software?

goroh_kun said:
I uploaded mtd dump program for xperia with my mtd_nand_ex module.
It includes souce code, and static linked binary.
http://hotfile.com/dl/52240500/a1a6e72/mtd_raw_dump.zip.html
With normal mtd-utils(nand-dump), you can't rip complete nand image.
so I have to change mtd mode to RAW MODE.
the raw image includes OOB(Out Of Band) area, so we have to
calculate ECC（Error Correction Code） to get its executable image.
Click to expand...
Click to collapse
I write program to rip original image from mtd raw image.
http://hotfile.com/dl/52522564/4d776ac/mtd_analyze.zip.html
I'm working to figure out how oob area works.
if you have any information please contact me, or write message here!

Try another method to run modified kernel.
hi, all
I found that the method modifying boot or recovery area is not good way,
because these partition are signed with SE signature, and it seems that
bootloader check its SHA hash and signature everytime on boot process.
so I try another approach that
execute another kernel, from original SE kernel like kexec method.
but original SE kernel is not configured with CONFIG_KEXEC.
so I have to modify kexec interfaces from system calls to proc filesystem
access.
http://hotfile.com/dl/52604229/240e97c/kexec_ex.zip.html
http://hotfile.com/dl/52609760/96288b5/kexec-tools.tgz.html
It seems work to boot new kernel. you have to build kernel with initrd image.
wait for details..

we have 2 options
patch loader or go kexec

flash tools for x10 nand
happy play
http://hotfile.com/dl/53734913/3b68720/flash_tools.tar.bz2.html

rosco16 said:
Great!!!
If you had flashed NAND ...is it correct to say that x10 is root 100% already ??
cheers
Click to expand...
Click to collapse
NO
- we can dump and flash nand (tested tools)
- SE boot (kernel is signed like .sin files) and our boot is not signed so it will not boot
WE need kexec to load our kernel or patch bootloader not to check for signed kernel
@custom rom Cyanogen V6 alpha is compiled but we can not boot it

zephyrix said:
Dump the bootloader, patch it, then rewrite.
Click to expand...
Click to collapse
)
you are so funny
if it was that simple we would do it

zephyrix said:
Dump the bootloader, patch it, then rewrite.
Click to expand...
Click to collapse
First, bootloader and fota applications have some kind of lock and cannot be read (unlike boot, recovery amss & dsp). Second, to patch a bootloader you need to disassemble it, find all the points where it checks for signatures, and patch them. Then you need to test it, and if you mess it once, 400$ phone to the trash. Much more useful to have kexec working, since with it you could, in theory, boot the bootloader from ram, to check if patching goes good and do all the testing withour breaking anything. And you could run a kernel of choice.
Things aren't as easy as that I'm affraid...

How to dump bootloader
Hi, all
try this to dump your bootloader.
http://hotfile.com/dl/53890681/9e4b303/spldump.zip.html
the SPL image remains in internal RAM address 0x0 - 0x100000.
I wrote a driver to dump this area through /proc/splimage.

goroh_kun said:
Hi, all
try this to dump your bootloader.
http://hotfile.com/dl/53890681/9e4b303/spldump.zip.html
the SPL image remains in internal RAM address 0x0 - 0x100000.
I wrote a driver to dump this area through /proc/splimage.
Click to expand...
Click to collapse
I love you goroh, thank you very very much
On a side note, is it just me or it is full of checks everywhere?

biktor_gj said:
I love you goroh, thank you very very much
On a side note, is it just me or it is full of checks everywhere?
Click to expand...
Click to collapse
yep is full
thanks goroh
but dump seems to be wrong
after 0x3000 is padding
next block is at 0x100000
@kexec we need to somehow patch it to load the loader

KEXEC for Sony Xperia Sola

Hallo, after two days of trying to make kexec working, got it working! Its based on hard boot kexec! We can create now multiboot menu and boot multi roms without need for flashing them! Will make this thread updated including files, kernel and instructions!

munjeni said:
Hallo, after two days of trying to make kexec working, got it working! Its based on hard boot kexec! We can create now multiboot menu and boot multi roms without need for flashing them! Will make this thread updated including files, kernel and instructions!
Click to expand...
Click to collapse
and probably now guys with locked bootloader can boot roms requiring custom kernels

DevSwift1 said:
and probably now guys with locked bootloader can boot roms requiring custom kernels
Click to expand...
Click to collapse
NO because kernel need enabled kexec and reguire some other modifications whick is not exist on stock kernel!!!
Tried to boot stock kernel but failed, seems not stable kexec by now! Need help!
Here is kernel changes (3 commits by Aug.09.2013) -> https://github.com/munjeni/android_kernel_xperiago/commits/jb-dev seems there is problem with clean reboot! Got kexec working with usind zImage from the same kernel version but seems when there is another kernel version its fail! I think it fail on my reboot function implementation! Need help to solve these things!

Got ansfer by self. Stock kernel and everyother without kexec patch ca not be loaded more info here -> http://forum.xda-developers.com/showthread.php?p=44077327
Tomorow will make it better, hope perfectly working.

Ok, lets go multiboot development!
My experience using kexec:
- since hard reboot owerwrite new kernel and ramdisk, I disabled hard reboot. So we need shutdown cpu instead of using function reboot! Since we have no shutdown cpu function we have very slow boot after executing new kernel and ramdisk (curently I am satisfied with slow boot because kexec can boot new kernel and ramdisk, yes its slow but working )
What is needed for kexec boot:
- kexec can not boot non kexec based kernels
- kexec can boot only kexec enabled kernel which mean only kernel which have my kexec patch (you can patch your kernel using kexec patch from my git)
- suported phones by now is only Sola and Go
My idea for multiboot by now:
- making boot menu based on modified CWM recovery
Modified CWM recovery plan:
- create new recovery and add new sub menu for multiboot feature
CWM multiboot menu idea:
- here we can write kexec multiboot functions
CWM kexec function idea:
- mount system, cache, userdata partition from external sdcard EXT4 partitons and mount them (only if these partions is created by you on your sdcard !!! We can create an small submenu for creating these partitons if these partitons not exist, but not now, we can do it later after creating simple kexec main menu))
- after mounting these partitions we can:
- boot android from allready installed android from these partitions
- ability to install new android to these partiton and boot them
Lets go! Before I start making new CWM, I need better ideas! What you think how we can do it??? Waiting your ideas!!!
Maybe we can do it without using CWM???

So, how about another kernel or rom which isn't supporting kexec yet?
Sent from risahikari

munjeni said:
Lets go! Before I start making new CWM, I need better ideas! What you think how we can do it??? Waiting your ideas!!!
Maybe we can do it without using CWM???
Click to expand...
Click to collapse
I cannot think of a way to do this without involving CWM. But we could make use of the volume buttons to select the ROM on boot (by mounting the appropriate partition based on the volume button that has been pressed down when the bootsplash screen is displayed). However this would limit us to the number of ROMs that can be installed to two (or max 3, if we have an option to set a default ROM to boot if no button is pressed).
Brilliant work by the way. You are Godlike! :victory:

itachilinux said:
So, how about another kernel or rom which isn't supporting kexec yet?
Sent from risahikari
Click to expand...
Click to collapse
Simple not supported!
First of all we need to create ramdisk which will boot android located on external sdcard, than if we get it working we can play with kexec. I need your help! If some one get android working from external sdcard than I will continue further. I am allso playing now with new ramdisk and trying to get external android booting!!
Our multiboot is not ready. Only ready is kexec tool and kexec kernel. Our multiboot feature is not yet implemented. Our multiboot is in plan and our multiboot need ideas!

can this be of any help?
http://forum.xda-developers.com/showpost.php?p=42057833&postcount=1
github:
https://github.com/tux-mind/tf201-dev

Changed fstab, recovery.fstab and sony fstab device paths to point to the external sdcard partition, modified updater_script paths, rebooted to the recovery, installed rom to the external sdcard partitions, rebooted, after abnormaly slow boot system booted but is abnormally unresponsive, so I deleted and reverted back to the emmc boot. Sory guys I am stopping here until some one get android booted from sdcard! I have no free time to play with external boot. When you done it I will continue

Any one have idea what is use of the fota kernel??? Got fota kernel and ramdisk kexeced and booted, found some tools in sbin folder, there is fota tools, for example after exacution of the fota-ua got this output:
./fota-ua --help
FOTA-UA May 21 2013 18:05:10
ERROR [181] Parameter Error
Info [745] No status file
Total physical memory: 407695360 bytes
Total available physical memory: 8314880 bytes
Configuration information at runtime:
The number of pages of physical memory SC_PHYS_PAGES: 99535
The number of currently available pages of physical memory _SC_AVPHYS_PAGES: 203
0
Info [88] The number of processors configured _SC_NPROCESSORS_CONF: 2
The number of processors currently online (available) _SC_NPROCESSORS_ONLN: 2
Size of a page in bytes _SC_PAGESIZE: 4096
Logging of resource usage measures:
Maximum resident set size ru_maxrss: 172 KB
Page reclaims ru_minflt: 84
Page faults ru_majflt: 0
Block input operations: 0
Block output operations: 0
Info [468] No sdcard found in mounts
Info [757] Update Failed
WARN [48] Failed to remove /sbin/fota-ua, Read-only file system
WARN [52] Failed to remove /sbin/fota-mke2fs, Read-only file system
WARN [56] Failed to remove /sbin/rb_repart, No such file or directory
Click to expand...
Click to collapse
What we can do with these tools???
Or another tool:
./rb_repart
Repartitioning Tool
(C) Copyright 1999-2011 Red Bend Ltd.
4 Hacharash St. Hod-Hasharon, Israel
Version: 7.0.15.5514
Usage: ./rb_repart
-r [OPTIONAL, DEFAULT] - Run full operation
-t [OPTIONAL] - Run in test mode. Do not perform writes
-c config_file [OBLIGATIONAL] - Configuration file
Click to expand...
Click to collapse

munjeni said:
Any one have idea what is use of the fota kernel??? Got fota kernel and ramdisk kexeced and booted, found some tools in sbin folder, there is fota tools, for example after exacution of the fota-ua got this output:
What we can do with these tools???
Or another tool:
Click to expand...
Click to collapse
Well have you ever updated Sola with OTA,you will notice it boots to recovery and thats fota kernel "f-ota" - friendly over the air update system

XperianPro said:
Well have you ever updated Sola with OTA,you will notice it boots to recovery and thats fota kernel "f-ota" - friendly over the air update system
Click to expand...
Click to collapse
When I tried on Xperia Go to update trought fota it was not worked! I never seen anything related to the fota recovery! Is recovery exist on fota kernel??? Have any menu???
Found some logs:
/data/local/tmp/sbin/fotatools # find / | grep fota
find / | grep fota
/cache/recovery/fota
/cache/recovery/fota/executed
/cache/recovery/fota/report
/cache/recovery/fota/status
/system/bin/fota-snoop
find: /proc/2652: No such file or directory
find: /proc/3172: No such file or directory
find: /proc/3554: No such file or directory
find: /proc/3610: No such file or directory
find: /proc/3723: No such file or directory
find: /proc/3884: No such file or directory
/data/local/tmp/sbin/fota-tad
/data/local/tmp/sbin/fotatools
/data/local/tmp/sbin/fotatools/rb_repart
/data/local/tmp/sbin/fotatools/vold.fstab
/data/local/tmp/sbin/fotatools/toolbox
/data/local/tmp/sbin/fota-mke2fs
/data/local/tmp/sbin/fota-ua
/dev/.fota_ui_down
/dev/.fota_ui_shutdown
/data/local/tmp/sbin/fotatools # ls /cache/recovery
ls /cache/recovery
fota
last_log
/data/local/tmp/sbin/fotatools # ls /cache/recovery/last_log
ls /cache/recovery/last_log
/cache/recovery/last_log
/data/local/tmp/sbin/fotatools # cat /cache/recovery/last_log
cat /cache/recovery/last_log
MR: Master reset starting Sat Aug 10 20:26:26 2013
recovery filesystem table
=========================
0 /tmp ramdisk (null) (null)
1 /data ext4 /dev/block/mmcblk0p11 (null)
2 /cache ext4 /dev/block/mmcblk0p12 (null)
3 /modemfs ext4 /dev/block/mmcblk0p6 (null)
MR: Got content --wipe_data from /cache/recovery/command
MR: Formatting /cache
Creating filesystem with parameters:
Size: 262144000
Block size: 4096
Blocks per group: 32768
Inodes per group: 8000
Inode size: 256
Journal blocks: 1024
Label: /cache
Blocks: 64000
Block groups: 2
Reserved block group size: 15
Created filesystem with 11/16000 inodes and 2065/64000 blocks
MR: Formatting /data
Creating filesystem with parameters:
Size: 2147483648
Block size: 4096
Blocks per group: 32768
Inodes per group: 8192
Inode size: 256
Journal blocks: 8192
Label: /data
Blocks: 524288
Block groups: 16
Reserved block group size: 127
Created filesystem with 11/131072 inodes and 17193/524288 blocks
MR: Unlocking gesture
MR: Resetting RFHAL parameters
MR: Cleaning dir /modemfs/RFHAL
MR: Leaving dir /modemfs/RFHAL
MR: Master reset done
/data/local/tmp/sbin/fotatools #
Click to expand...
Click to collapse

I hope it will work on Xperia™ U, I don't know if it could be possible as I don't know how many differences are between Sola's and U's ramdisk and stuff. :/

munjeni said:
Any one have idea what is use of the fota kernel??? Got fota kernel and ramdisk kexeced and booted, found some tools in sbin folder, there is fota tools, for example after exacution of the fota-ua got this output:
What we can do with these tools???
Or another tool:
Click to expand...
Click to collapse
well, on xperia s for example we use fota partition like a it was a recovery partition
otherwise as soon as you unlock your bl (= no more OTA) it becomes usless

mirhl said:
well, on xperia s for example we use fota partition like a it was a recovery partition
otherwise as soon as you unlock your bl (= no more OTA) it becomes usless
Click to expand...
Click to collapse
How you load recovery from ota partition? Seems you have something like LK bootloader???

munjeni said:
How you load recovery from ota partition? Seems you have something like LK bootloader???
Click to expand...
Click to collapse
a sort of
newer kernels when booting recovery, check if FOTA partition has the custom one installed
if yes, they loads that. otherwise standard recovery
more information here

mirhl said:
a sort of
newer kernels when booting recovery, check if FOTA partition has the custom one installed
if yes, they loads that. otherwise standard recovery
more information here
Click to expand...
Click to collapse
Thats good idea, but thats not ideal solution in comparation with phones which have separated recovery/boot partition and bootloader ui like HTC devices which have direct recovery load trought bootloader, these solution only working if primary boot partition is modified and added "few lines" for booting recovery from seccond partition (like ota partition). Will be perfect solution if we make LK bootloader for separating recovery/boot partition, allso with LK we will be able to create custom emmc layout, by now I can not see any small bootloader for NovaThor on google search, seems thats not public. Searching for a way for creating bootloader based on kernel. How we can modify curent kernel and make them bootloader??? We can modify recovery and make them bootloader kexec based, but I am not happy with kexec because we need to fix them first because loading an kernel trought current kexec patch is very slow! I will be happy if some one look into my git and find a solution for fixing them!

mirhl said:
well, on xperia s for example we use fota partition like a it was a recovery partition
otherwise as soon as you unlock your bl (= no more OTA) it becomes usless
Click to expand...
Click to collapse
What about if I relock my bootloader, do I will be able to use fota??? Seems ota working only if drm keys is not broken??

munjeni said:
What about if I relock my bootloader, do I will be able to use fota??? Seems ota working only if drm keys is not broken??
Click to expand...
Click to collapse
i have a locked bootloader but on xperia u and if you want anything i will happly help and mine has never been unlocked
---------- Post added at 04:59 PM ---------- Previous post was at 04:44 PM ----------
bobthecooldad said:
i have a locked bootloader but on xperia u and if you want anything i will happly help and mine has never been unlocked
Click to expand...
Click to collapse
just read this about fota
http://forum.xda-developers.com/showpost.php?p=12615775&postcount=1
and the orginal file is checked and if it isnt the correct one the phone wont boot

[Q&A] [GUIDE] How to build CWM-based Recovery from source in Ubuntu 12.04 with CM-11

[Q&A] [GUIDE] How to build CWM-based Recovery from source in Ubuntu 12.04 with CM-11
Q&A for [GUIDE] How to build CWM-based Recovery from source in Ubuntu 12.04 with CM-11.0
Some developers prefer that questions remain separate from their main development thread to help keep things organized. Placing your question within this thread will increase its chances of being answered by a member of the community or by the developer.
Before posting, please use the forum search and read through the discussion thread for [GUIDE] How to build CWM-based Recovery from source in Ubuntu 12.04 with CM-11.0. If you can't find an answer, post it here, being sure to give as much information as possible (firmware version, steps to reproduce, logcat if available) so that you can get help.
Thanks for understanding and for helping to keep XDA neat and tidy!

My phone has 16mb recovery part but the recovery.img I made is 25 mb so I can't flash it In BoardConfig.mk, I can wrote at least 24.936.448 at the line of BOARD_RECOVERYIMAGE_SIZE to compile the recovery image. How can I solve this problem? Can I reduce the size of the .img file to 16 mb?

denizyildizi345 said:
My phone has 16mb recovery part but the recovery.img I made is 25 mb so I can't flash it In BoardConfig.mk, I can wrote at least 24.936.448 at the line of BOARD_RECOVERYIMAGE_SIZE to compile the recovery image. How can I solve this problem? Can I reduce the size of the .img file to 16 mb?
Click to expand...
Click to collapse
I don't understand how you ended up with such a big recovery... The biggest ramdisk I saw (in TWRP) is not more than 4-5 Mb. Do you have a kernel over 20Mb? It can't be, otherwise the stock recovery will be oversized too. Somewhere you made a mistake probably.
And to answer your question, no you can't reduce the size of recovery that big; if you have a kernel compressed in xz, you may try to compress the ramdisk in xz too, and the size will be smaller, but not enough... you need to downsize it with 9Mb, which is not possible.
So check again, to see if there isn't a mistake somewhere.

carliv said:
I don't understand how you ended up with such a big recovery... The biggest ramdisk I saw (in TWRP) is not more than 4-5 Mb. Do you have a kernel over 20Mb? It can't be, otherwise the stock recovery will be oversized too. Somewhere you made a mistake probably.
And to answer your question, no you can't reduce the size of recovery that big; if you have a kernel compressed in xz, you may try to compress the ramdisk in xz too, and the size will be smaller, but not enough... you need to downsize it with 9Mb, which is not possible.
So check again, to see if there isn't a mistake somewhere.
Click to expand...
Click to collapse
I took a screenshot of my CM11-0/out/target/product/msm8226/root folder which is 25 mb. There is a boot.img file. I think the problem is that file. I unpacked a few recovery.img files but none of them included that file. If problem is this, how can I remove that file from my ramdisk?
I removed that file and flashed new recovery.img but now my phone isn't booting in recovery mode.

denizyildizi345 said:
I took a screenshot of my CM11-0/out/target/product/msm8226/root folder which is 25 mb. There is a boot.img file. I think the problem is that file. I unpacked a few recovery.img files but none of them included that file. If problem is this, how can I remove that file from my ramdisk?
I removed that file and flashed new recovery.img but now my phone isn't booting in recovery mode.
Click to expand...
Click to collapse
No, for checking recovery root you need to look here: CM11-0/out/target/product/msm8226/recovery/root . But anyway that folder looks strange (I see a perl script there)....
Check my screenshot below.
And type a
Code:
make clobber
before stating a new build, or
Code:
make clean
between repetitive builds.

im getting this error each time i try to compile:
make: *** No rule to make target `/etc/init.rc'
please any suggestions

george676 said:
im getting this error each time i try to compile:
make: *** No rule to make target `/etc/init.rc'
please any suggestions
Click to expand...
Click to collapse
You need to be more specific: what recovery you try to build, in what environment (if it's not cm-11), and post a link to your device folder tree. That error means that the compiler can't find an init.rc file to add in ramdisk.

Compiler stops after a few segments
This is shown in my terminal:
Code:
cp: cannot stat ‘/home/paul/cm-10.2/out/target/product/Ultra/root/init.recovery.*.rc’: No such file or directory
make: [/home/paul/cm-10.2/out/target/product/Ultra/recovery/root.ts] Error 1 (ignored)
mkdir -p /home/paul/cm-10.2/out/target/product/Ultra/recovery/root/system/bin
cp -rf device/CherryMobile/Ultra/recovery/root /home/paul/cm-10.2/out/target/product/Ultra/recovery/
cp: omitting directory ‘device/CherryMobile/Ultra’
make: *** [/home/paul/cm-10.2/out/target/product/Ultra/recovery/root.ts] Error 1
[email protected] ~/cm-10.2 $ make clobber
And you wrote about the problem:
During the build process you may encounter some errors or warnings.
*********************
Code:
Code:
cp: cannot stat `/home/carliv/CM11-0/out/target/product/P780/root/init.recovery.*.rc': No such file or directory
make: [/home/carliv/CM11-0/out/target/product/P780/recovery/root.ts] Error 1 (ignored)
This will not stop the build, and it appears if you don't use a init.recovery.{hardware}.rc file. Can be ignored, as the build process does.
Though in my terminal it just stopped at that part so I had to rename mine which was originally init.recovery.qcom.rc to init.recovery.*.rc
--edit--
And yet it still would not continue ... Any ideas on how to fix this?
--edit # 2--
Here's the pastebin link just in case ->biQ7kjV8 add that to pastebin...(I can't post links)
--edit # 3--
I fixed it... Turns out that it was just a BoardConfig.mk parameter that I forgot to complete

Calculate proper BoardConfig.mk partition sizes
I have this log:
Code:
----- Making recovery image ------
/home/paul/cm-10.2/out/target/product/Ultra/recovery.img maxsize=8380416 blocksize=135168 total=8409088 reserve=270336
error: /home/paul/cm-10.2/out/target/product/Ultra/recovery.img too large (8409088 > [8650752 - 270336])
make: *** [/home/paul/cm-10.2/out/target/product/Ultra/recovery.img] Error 1
make: *** Deleting file `/home/paul/cm-10.2/out/target/product/Ultra/recovery.img'
Meaning I have wrong sizes for the partitions so I need help on it...
When I ran the following:
cat /proc/mtd
cat /proc/emmc
they both return: No such file or directory...
Now If I run the command: cat /proc/partitions
it comes up with this:
As far as I know.... mmcblk1p1 is my external sd card which is about 32 GB...
My system image is about 1 GB and more(confirmed) when I used the dd command(to dump it) and is located at mmcblk0p16
Userdata reaches more than 4 GB as reported by the dd command(file size too large) and is located at mmbblk0p25
here(recovery.fstab):
/boot mtd /dev/block/mmcblk0p10
/cache yaffs2 /dev/block/mmcblk0p18
/data yaffs2 /dev/block/mmcblk0p25
/misc mtd /dev/block/mmcblk0p20
/recovery mtd /dev/block/mmcblk0p19
/system yaffs2 /dev/block/mmcblk0p16
-- edit --
I solved this already

Help required for compiling CWM for android 4.4.2 version only?
I am on Ubuntu 14.0.4 and I am trying to build a CWM recovery for Celkon Q 5009android 4.4.2, Broadcom processor). I have set up build environment and currently working on syncing repo. I have heard that it takes too much time and disk space to complete this process. I am interested to know in the following particular scenario : want to build only CWM recovery from source for an android running on version 4.4.2. So do I have to download all repositories or is there any shortcut that would enable me to not download all, but a certain part that is required for android 4.4.2? If yes, how to go about it? please help.

Please help. I do not undertstand why 'repo sync' always fails at a particular stage, though I have 30+ GB of disk space available in my working folder named 'cm12'. Following is the last screen message :
Fetching project platform/external/ant-glob
Fetching projects: 8% (40/495) Receiving objects: 86% (2389/2771), 26.68 MiBerror: RPC failed; result=56, HTTP code = 200iB | 124.00 KiB/s
fatal: The remote end hung up unexpectedly
fatal: early EOF
fatal: index-pack failed
remote: Sending approximately 1.94 GiB ...
remote: Counting objects: 85, done
remote: Finding sources: 100% (85/85)
error: RPC failed; result=56, HTTP code = 200iB | 88.00 KiB/s
fatal: The remote end hung up unexpectedly
Now should I run 'repo sync' again or should I use 'repo sync -j1' ?
fatal: early EOF
fatal: index-pack failed
error: Cannot fetch device/lge/mako-kernel
error: Exited sync due to fetch errors

Hey,
In which size are the values in BoardConfig.mk at BOARD_BOOTIMAGE_PARTITION_ZISE? bit?
And how I can convert blocks to this size because my lge only print out the partition sizes in blocks.
LG Noel

Black Manta said:
Hey,
In which size are the values in BoardConfig.mk at BOARD_BOOTIMAGE_PARTITION_ZISE? bit?
And how I can convert blocks to this size because my lge only print out the partition sizes in blocks.
LG Noel
Click to expand...
Click to collapse
http://forum.xda-developers.com/showpost.php?p=60297989&postcount=51
Somewhere around that post you will find your answer.

Hi. Your guide is the most useful I found on the net. Much more than the official cyanogenmod wiki's porting one. Thanks a lot.
I'm trying to use it to build a cm 12.1 (lollipop) cwm on a mediatek device.
1) My stock rom (also Android 5.1) already ships a fstab.mt6795 file into the ramdisk. I moved it inside /recovery/root, and copied its content in /recovery/recovery.fstab
This is its content, should I make any change inside it?
Code:
# Android fstab file.
#<src> <mnt_point> <type> <mnt_flags and options> <fs_mgr_flags>
# The filesystem that contains the filesystem checker binary (typically /system) cannot
# specify MF_CHECK, and must come before any filesystems that do specify MF_CHECK
/dev/block/platform/mtk-msdc.0/by-name/system /system ext4 ro wait
/dev/block/platform/mtk-msdc.0/by-name/userdata /data ext4 noatime,nosuid,nodev,noauto_da_alloc,discard wait,check,resize,encryptable=footer
/dev/block/platform/mtk-msdc.0/by-name/cache /cache ext4 noatime,nosuid,nodev,noauto_da_alloc,discard wait,check
/dev/block/platform/mtk-msdc.0/by-name/protect1 /protect_f ext4 noatime,nosuid,nodev,noauto_da_alloc,commit=1,nodelalloc wait,check,autoformat
/dev/block/platform/mtk-msdc.0/by-name/protect2 /protect_s ext4 noatime,nosuid,nodev,noauto_da_alloc,commit=1,nodelalloc wait,check,autoformat
#please add cip or persist on project fstab
#/dev/block/platform/mtk-msdc.0/by-name/persist /persist ext4 noatime,nosuid,nodev,noauto_da_alloc,commit=1,nodelalloc wait,check,autoformat
#/dev/block/platform/mtk-msdc.0/by-name/custom /custom ext4 ro wait
/devices/mtk-msdc.0/11230000.MSDC0 auto vfat defaults voldmanaged=sdcard0:[email protected],noemulatedsd
/devices/mtk-msdc.0/11240000.MSDC1 auto vfat defaults voldmanaged=sdcard1:auto
/devices/bus.2/11270000.USB3_XHCI auto vfat defaults voldmanaged=usbotg:auto
/dev/block/platform/mtk-msdc.0/by-name/frp /persistent emmc defaults
2) How can I find out which of the .rc files available in stock ramdisk include in my recovery, besides the renamed init.rc copied from /bootable/recovery/etc ?
3) My stock rom obviously already ships a init.mt6795.rc. Should I merge any of its lines to the one I copied from /bootable/recovery/etc in my /recovery folder?
Thanks in advance for your time and your efforts.

4javier said:
Hi. Your guide is the most useful I found on the net. Much more than the official cyanogenmod wiki's porting one. Thanks a lot.
I'm trying to use it to build a cm 12.1 (lollipop) cwm on a mediatek device.
1) My stock rom (also Android 5.1) already ships a fstab.mt6795 file into the ramdisk. I moved it inside /recovery/root, and copied its content in /recovery/recovery.fstab
This is its content, should I make any change inside it?
Code:
# Android fstab file.
#<src> <mnt_point> <type> <mnt_flags and options> <fs_mgr_flags>
# The filesystem that contains the filesystem checker binary (typically /system) cannot
# specify MF_CHECK, and must come before any filesystems that do specify MF_CHECK
/dev/block/platform/mtk-msdc.0/by-name/system /system ext4 ro wait
/dev/block/platform/mtk-msdc.0/by-name/userdata /data ext4 noatime,nosuid,nodev,noauto_da_alloc,discard wait,check,resize,encryptable=footer
/dev/block/platform/mtk-msdc.0/by-name/cache /cache ext4 noatime,nosuid,nodev,noauto_da_alloc,discard wait,check
/dev/block/platform/mtk-msdc.0/by-name/protect1 /protect_f ext4 noatime,nosuid,nodev,noauto_da_alloc,commit=1,nodelalloc wait,check,autoformat
/dev/block/platform/mtk-msdc.0/by-name/protect2 /protect_s ext4 noatime,nosuid,nodev,noauto_da_alloc,commit=1,nodelalloc wait,check,autoformat
#please add cip or persist on project fstab
#/dev/block/platform/mtk-msdc.0/by-name/persist /persist ext4 noatime,nosuid,nodev,noauto_da_alloc,commit=1,nodelalloc wait,check,autoformat
#/dev/block/platform/mtk-msdc.0/by-name/custom /custom ext4 ro wait
/devices/mtk-msdc.0/11230000.MSDC0 auto vfat defaults voldmanaged=sdcard0:[email protected],noemulatedsd
/devices/mtk-msdc.0/11240000.MSDC1 auto vfat defaults voldmanaged=sdcard1:auto
/devices/bus.2/11270000.USB3_XHCI auto vfat defaults voldmanaged=usbotg:auto
/dev/block/platform/mtk-msdc.0/by-name/frp /persistent emmc defaults
2) How can I find out which of the .rc files available in stock ramdisk include in my recovery, besides the renamed init.rc copied from /bootable/recovery/etc ?
3) My stock rom obviously already ships a init.mt6795.rc. Should I merge any of its lines to the one I copied from /bootable/recovery/etc in my /recovery folder?
Thanks in advance for your time and your efforts.
Click to expand...
Click to collapse
First let me ask you where did you find a cwm for lollipop to build it? I'm interested to see that.
Second in recovery fstab you may want to add emmc partitions like boot, recovery... Check my github and look at elephone p6000 device folder (it's close enough to understand). If internal sdcard is on data/media you don't have to add it at all in fstab (at least that was the rule for kitkat... again I need to see the source for that lollipop cwm to tell you exactly). In elephone device recovery fstab you can see that usb and external sdcard are defined as auto for type not vfat because it is better to let minivold manage that.
Normaly for cm12.1 ther is no need to copy any rc file in root, only the fstab. {hardware}, which you said you did.
Again I can tell more if I will see the source code for the recovery, and last thing my guide is quite old now but I'm glad you found it useful.

Thanks for your quick reply.
I think I've not been so clear explaining what I'm doing: when I talk about "Lollipo CWM" I just mean that I'm working on 12.1 branch of cyanogenmod source tree, that as you know is based on the same sources of Lollipop, instead of the one the guide was originally aimed to.
1) I feel really dumb at this moment. I don't know exactly how many time I read that fstab file, and I never noticed that it lacks entries for partitions not managed by stock recovery. Sorry if I wasted your time with a stupid question.
2)For sdcards, then it's better to leave untouched the voldmanaged options, but change the filesystem type to auto?
3) I don't need to copy any other .rc file (init.mt6795.usb.rc, init.xlog.rc, etc...), nor to merge anything from init.mt6795.rc of the stock rom. Right?
Thanks again.

4javier said:
Thanks for your quick reply.
I think I've not been so clear explaining what I'm doing: when I talk about "Lollipo CWM" I just mean that I'm working on 12.1 branch of cyanogenmod source tree, that as you know is based on the same sources of Lollipop, instead of the one the guide was originally aimed to.
1) I feel really dumb at this moment. I don't know exactly how many time I read that fstab file, and I never noticed that it lacks entries for partitions not managed by stock recovery. Sorry if I wasted your time with a stupid question.
2)For sdcards, then it's better to leave untouched the voldmanaged options, but change the filesystem type to auto?
3) I don't need to copy any other .rc file (init.mt6795.usb.rc, init.xlog.rc, etc...), nor to merge anything from init.mt6795.rc of the stock rom. Right?
Thanks again.
Click to expand...
Click to collapse
I did understand it's cm12.1, but that was my question since there is no cwm for cm12.1 only cyanogenmod recovery which is different. At the moment I only recommend twrp for cm12.1+ and for that you have to use a different fstab, easy to find on github or here on xda in twrp threads.

Then, if I'm not too much confused:
- since CM12, Clockworkmod isn't anymore included in its source tree
- if I don't set any RECOVERY_VARIANT it defaults to CyanogenMod Recovery, not CWM anymore
- the recovery.img I built is, at its best, a Cyanogenmod recovery
- the recovery.fstab I used (the one i posted before, but now with /boot, /recovery and /nvram entries added) is in version 2 format, that twrp doesn't understand. So I have to find out how to convert in the old fstab format.
Am I right?
Another question: I used the last version of your CarlivKitchen. That doesn't offer anymore the choice to re/pack for standard android or for mtk images, because it automatically detect the format. But when it repacks, it adds the mtk header if the original image had it? Or am I forced to use a custom boot image maker?

4javier said:
Then, if I'm not too much confused:
- since CM12, Clockworkmod isn't anymore included in its source tree
- if I don't set any RECOVERY_VARIANT it defaults to CyanogenMod Recovery, not CWM anymore
- the recovery.img I built is, at its best, a Cyanogenmod recovery
- the recovery.fstab I used (the one i posted before, but now with /boot, /recovery and /nvram entries added) is in version 2 format, that twrp doesn't understand. So I have to find out how to convert in the old fstab format.
Am I right?
Another question: I used the last version of your CarlivKitchen. That doesn't offer anymore the choice to re/pack for standard android or for mtk images, because it automatically detect the format. But when it repacks, it adds the mtk header if the original image had it? Or am I forced to use a custom boot image maker?
Click to expand...
Click to collapse
Yes for all and for twrp fstab I think you can study device folders from twrp github (few are mediatek).
My kitchen now detects if image has mtk header and will repack it the same way (it stores a variable in unpacked folder which will tell that it must add a mtk header).

I decided to follow this guide to integrate the changes needed to build twrp instead of cwm: http://forum.xda-developers.com/showthread.php?t=1943625
It doesn't cover all the preparation steps like yours do. Do you think there are changes to be made to make your guide suitable for cm12 and twrp, or I can follow it until the " Build a CWM-based Recovery " paragraph?

I need help with a MTK6752 device

Hello guys,
I have a Ulefone Be Touch 2 (with a MT6752 cpu) that only boot and stay on the ulefone logo, and I can't install any ROM (official or custom ones)...
In fact, the tools (latest SPFlashTool v5.1628 and the one provided by ulephone I used successfully earlier) do the download process until 100% without error message, but the only thing that seems to be on the phone (and working) is the recovery.
With this two softwares I am able to install the official recovery or TWRP (2.8.7.0 from needrom), and they both are usable.
But when I try to do something in recovery mod, it tells me that cache or system partitions (and others) are not mounted (or found).
In SPFlashTool, I tryed many features without success but I have (NAND and UFS) errors when doing memory tests :
#External RAM:
#
# Type = DRAM
#
# Size = 0x80000000 (2048MB/16384Mb)
#
#NAND Flash:
#
# ERROR: NAND Flash was not detected!
#
#EMMC:
#
# EMMC_PART_BOOT1 Size = 0x0000000000400000(4MB)
# EMMC_PART_BOOT2 Size = 0x0000000000400000(4MB)
# EMMC_PART_RPMB Size = 0x0000000000400000(4MB)
# EMMC_PART_GP1 Size = 0x0000000000000000(0MB)
# EMMC_PART_GP2 Size = 0x0000000000000000(0MB)
# EMMC_PART_GP3 Size = 0x0000000000000000(0MB)
# EMMC_PART_GP4 Size = 0x0000000000000000(0MB)
# EMMC_PART_USER Size = 0x00000003a3e00000(14910MB)
#
#UFS:
#
# ERROR: UFS was not detected!
I don't understand what it meens and how can I change the recovery if the NAND is gone? Are system partitions and recovery stored in different places/memory (types)?
I searched and read on differents thread (the UBT2 review, mtk6755 ERROR: NAND Flash was not detected by split52 , [GUIDE] How to 'unbrick' your Mediatek MT65xx...) and googled and watched related videos but didn't find anything than matches and can really help me.
So, if someone can help me I would really be grateful.
Thank you in advance.
I'm sorry if I post this thread in the wrong section (I think it's the first I creat).
sylkyls

I had a problem like your's when I walked all over my partition layout because of a botched flash. Didn't have UFS errors tho. No info anywhere. Had to verify my scatter file and recovery fstab layout agreed with each other. Ended up modifying my scatter file. Took it one partition at a time using the fstab until the recovery recognized all partitions then backed up my files, reformatted and flashed the stock rom using SPF Tools. Took a while to boot. After that, the original scatter file worked. Still don't make sense why it worked that way but it got me back working.

smith901 said:
I had a problem like your's when I walked all over my partition layout because of a botched flash. Didn't have UFS errors tho. No info anywhere. Had to verify my scatter file and recovery fstab layout agreed with each other. Ended up modifying my scatter file. Took it one partition at a time using the fstab until the recovery recognized all partitions then backed up my files, reformatted and flashed the stock rom using SPF Tools. Took a while to boot. After that, the original scatter file worked. Still don't make sense why it worked that way but it got me back working.
Click to expand...
Click to collapse
Thank you smith901,
I don't know how to do this: I can run a terminal into the recovery but if I do cat /etc/fstab or less /etc/fstab , I only have :
/system ext4 rw
/cache ext4 rw
/data ext4 rw
/external_sd auto rw
I think I'm doing the wrong way.
Could you tell me (or redirect me to) a method please?
Have a nice day
sylkyls

sylkyls said:
Thank you smith901,
I don't know how to do this: I can run a terminal into the recovery but if I do cat /etc/fstab or less /etc/fstab , I only have :
/system ext4 rw
/cache ext4 rw
/data ext4 rw
/external_sd auto rw
I think I'm doing the wrong way.
Could you tell me (or redirect me to) a method please?
sylkyls
Click to expand...
Click to collapse
Seems to be fstab problems.
Use whatever unpacking tool you are comfortable with to unpack the stock recovery and TWRP. Then replace your fstab files in the root and /etc directories after changing what you want, rw to /system or whatever. Modify the twrp.fstab file in /etc using the values from stock fstab. You might have to add in or replace your rc and mt6735 files also. Repack then flash. The log screen in TWRP will let you know what partitions can't be read. Choosing the correct encryption partition took some trial & error.
Once you get it all to read, the modified twrp.fstab, files in the unpacked stock recovery folder plus a device tree, and the TWRP building thread will get a recovery built by yourself as soon as you can sync from git.

smith901 said:
Seems to be fstab problems.
Use whatever unpacking tool you are comfortable with to unpack the stock recovery and TWRP. Then replace your fstab files in the root and /etc directories after changing what you want, rw to /system or whatever. Modify the twrp.fstab file in /etc using the values from stock fstab. You might have to add in or replace your rc and mt6735 files also. Repack then flash. The log screen in TWRP will let you know what partitions can't be read. Choosing the correct encryption partition took some trial & error.
Once you get it all to read, the modified twrp.fstab, files in the unpacked stock recovery folder plus a device tree, and the TWRP building thread will get a recovery built by yourself as soon as you can sync from git.
Click to expand...
Click to collapse
Thank you again, but I'm really sorry that I can't apply your instructions... ( unpacking with 7-zip does not give me any fstab file )
Could you try to do it with the official rom please? ( download link is in the bottom of this page: http://ulefone.com/download/betouch2.html , at the next step my phone needs the "option 2" rar file).
With custom roms (zip files flashable with a custom recovery or rar archive), I can unpack thems and obtain/open a fstab file ( recovery.fstab ) but not with things flashable with SPFlashTool.
sylkyls

sylkyls said:
Thank you again, but I'm really sorry that I can't apply your instructions... ( unpacking with 7-zip does not give me any fstab file )
Could you try to do it with the official rom please? ( download link is in the bottom of this page: http://ulefone.com/download/betouch2.html , at the next step my phone needs the "option 2" rar file).
With custom roms (zip files flashable with a custom recovery or rar archive), I can unpack thems and obtain/open a fstab file ( recovery.fstab ) but not with things flashable with SPFlashTool.
sylkyls
Click to expand...
Click to collapse
I meant an unpacking tool like Carliv Image Kitchen or Android Image Kitchen. I'm rarely this helpful so once I finish cleaning the carpet I'll have a look.

The recovery.fstab file look slim in this recovery but that is what they made.
Download Aindroid Image Kitchen.
Follow the instructions to unpack your stock recovery and TWRP recovery.
Make the changes you want. Copy needed files, /etc/recovery.fstab, fstab.mt6752 and probably the *.rc files from stock to TWRP. Just check everything to be sure.
Repack TWRP then flash.
I don't use Windows so I couldn't use the program provided in the archive.

sylkyls,
did you solve the issue? I have the same problem.

cmarqz said:
sylkyls,
did you solve the issue? I have the same problem.
Click to expand...
Click to collapse
Hello,
Sorry every one but I forgot to follow this thread as I had a lot of work and someone giave me another phone ( a samsung note 4 N910F) that I repared (and am using now) and then I did let my ulefone away from my priorities.
Sorry cmarqz but I didn't try the solution proposed by smith901 on my MTK6752 device.
Maybe I'll try it later.
Did you find a solution for your device?
Best regards XDA users.

[TUTORIAL] Disable AVB/Verity in Vendor [Dynamic Partition] - Enable RW

PREREQUISITE
- adb enabled [developer options]
- root [Magisk/SU]
- original /vendor partition [flashed with official update/firmware]
- File/Root Explorer
- adb for Windows [Minimal ADB and Fastboot, provided]
- UKA [Unpacker Kitchen for Android] - Send me a PM
- USB cable always connected

Reserved

You can do the same steps for the other logical partitions [system & product]
At the end you do :
System
tune2fs -L / /data/local/UnpackerSystem/system.new.img
tune2fs -O ^read-only /data/local/UnpackerSystem/system.new.img
tune2fs -O ^has_journal /data/local/UnpackerSystem/system.new.img
adb shell
su
dd if=/sdcard/system.img of=/dev/block/dm-2
(just copy/past to avoid errors !)
Reboot your phone right away !
Product
must be renamed vendor because the Magisk Module still doesn't support this name yet ... just rename it vendor.img before taking any action ... and after creating your image, do :
tune2fs -L product /data/local/UnpackerSystem/vendor.new.img
tune2fs -O ^read-only /data/local/UnpackerSystem/vendor.new.img
tune2fs -O ^has_journal /data/local/UnpackerSystem/vendor.new.img
NOW you can rename it product.img
adb shell
su
dd if=/sdcard/product.img of=/dev/block/dm-0
Reboot your phone right away !

"Houston, we have problem!"
Now what? Is this only for MIUI users? I have flashed Nusantara ROM right now...
Also it is possible, that you can create "default" RW images for surya, upload them somewhere on cloud (one RW system please! medium rare, thank you ... 12.0.7 is fine for me...)
... but anyway, thanks for your hard work...
BTW @brigudav already created flashable RW vendor for Surya, can that be done also for system?

jeryll said:
"Houston, we have problem!"
View attachment 5232079
Now what? Is this only for MIUI users? I have flashed Nusantara ROM right now...
Also it is possible, that you can create "default" RW images for surya, upload them somewhere on cloud (one RW system please! medium rare, thank you ... 12.0.7 is fine for me...)
... but anyway, thanks for your hard work...
BTW @brigudav already created flashable RW vendor for Surya, can that be done also for system?
Click to expand...
Click to collapse
Check your Mount Namespace Mode in Magisk Manager
No it's not only for miui, it's for all roms ! (btw i'm on LOS 17.1 ... and i never used MIUI)
Yes, you can do that for the 3 logical partitions ... this tutorial is for all devices with dynamic paritition aka super.img (not limited to poco x3 nfc !!!)
I will put a clean vendor.img later (with RW enabled and AVB-Verity Disabled)
I will put a modded version of Magisk 20.4 too if someone would use it (like me)

janhammer504 said:
Check your Mount Namespace Mode in Magisk Manager
No it's not only for miui, it's for all roms ! (btw i'm on LOS 17.1 ... and i never used MIUI)
Click to expand...
Click to collapse
- thanks for the answer, but I must say I'm unable to continue, because I'm unable to install UKA module on A11 ROM
- regardless of Mount Namespace Mode - I checked all three - with reboot - result is the same
- I'm also unable to install magisk 20.4 on A11 ROM - and with v21.0 or higher - UKA will not install
- so Id say this guide is for now useable only for A10 users
- I will test A10 ROM in a few days
- maybe there is a problem with my phone, but I reflashed full recovery version of latest MIUI before flashing custom rom together with encryption disabler, so my super partition should be cleaned up
- so using unencrypted storage could be another problem for this to work?

jeryll said:
- thanks for the answer, but I must say I'm unable to continue, because I'm unable to install UKA module on A11 ROM
- regardless of Mount Namespace Mode - I checked all three - with reboot - result is the same
- I'm also unable to install magisk 20.4 on A11 ROM - and with v21.0 or higher - UKA will not install
- so Id say this guide is for now useable only for A10 users
- I will test A10 ROM in a few days
- maybe there is a problem with my phone, but I reflashed full recovery version of latest MIUI before flashing custom rom together with encryption disabler, so my super partition should be cleaned up
- so using unencrypted storage could be another problem for this to work?
Click to expand...
Click to collapse
Hi, flash an official MIUI for your device.
Do the dirty job and save your vendor.img
Reflash your rom !
(i have already uploaded a clean vendor.img here)

I close this thread too since a lot of features have been added to this work ... and since there are many disrespectful developers-like around who steal my work and give no credit !
Check my custom vendor thread to learn more about this work !
If you have any question, send me a PM, i will check first if you are not a troll : if you get no answer from me, then understand by yourself !

@janhammer504 Hi. For the sake of the community it's always sad to see someone taking their work from XDA.
If you've got issues with other people using your work without credit here on XDA you can always reach out to someone on the moderator team for help. Or better yet, one of us on the Developer Relations team. We can help you solve any disputes and make sure you get proper credit.
You can find a list of moderators here:
https://docs.google.com/document/d/1lK5rP103OL3StU3q9iqwX9LU_k8XABeSQIAT3EHCqgM/pub