before you read -> please use at your own risk!! I am not responsible for any damage!! Use it only if you have a jtag or a riffbox
Hello dear Developer,
I offer you modified files which may possible to Downgrade to an old Bootloader. Every file has the new Samsung Certificate from Android 4.3 Bootloader (XXUEMK8).
This Bootloader is based on Android 4.2.2 firmware (XXUBMGA).
My presumption is that the new Bootloader has something to do with the new Samsung Certificate inside the new Knox enabled Bootloader.
If we flash a newer firmware it will fail because the KNOX bootloader checks the certificate while we flash an older/newer bootloader.
We know that is not possible to Downgrade to an old Bootloader if it has not the same certificate.
aboot.mbn -> https://www.dropbox.com/s/isb22plz7kvnve8/aboot.mbn
rpm.mbn -> https://www.dropbox.com/s/sng6w4lyc6p8w22/rpm.mbn
sbl2.mbn -> https://www.dropbox.com/s/x8hh3livuqh6xku/sbl2.mbn
sbl3.mbn -> https://www.dropbox.com/s/inzx4396x4zdcj1/sbl3.mbn
tz.mbn -> https://www.dropbox.com/s/973ue0rdp80qgbn/tz.mbn
I'll attach you five modified files (aboot.mbn, tz.mbn, sbl2.mbn, sbl3.mbn and rpm.mbn). It's from the XXUBMGA files which has the new certificates from XXUEMK8.
I edited the old Bootloader and I replace the old certificate with the new one from Android 4.3 Bootloader. There are a few differences between the both certificates.
That means:
Updating from MJX to a newer version -> possible
Downgrading from 4.3 to 4.2.2 -> not possible -> Certificates doesn't match with the new one or with the current one
Updating the same firmware (e.g. 4.3 XXUEMK8 -> XXUEMK8) --> also possible
Older firmware like XXUEMJ5 (older than XXUEMK8) is not possible unless we include the modified files to a odin flashable firmware. If we get newer firmwares with new bootloader (certificates) we will not able to flash my modified bootloader.
UPDATE:
Now with Odin flashable tar.md5 file. Big thanks to @mike_galaxy_s
→ Download
FLASH IT AT YOUR OWN RISK!
Some useful information concerning the Mount Points from GT-i9505 from Android 4.3 XXUEMKE
[email protected]:/ # ls -al /dev/block/platform/msm_sdcc.1/by-name/
lrwxrwxrwx root root aboot -> /dev/block/mmcblk0p6
lrwxrwxrwx root root apnhlos -> /dev/block/mmcblk0p1
lrwxrwxrwx root root backup -> /dev/block/mmcblk0p23
lrwxrwxrwx root root boot -> /dev/block/mmcblk0p20
lrwxrwxrwx root root cache -> /dev/block/mmcblk0p18
lrwxrwxrwx root root carrier -> /dev/block/mmcblk0p28
lrwxrwxrwx root root efs -> /dev/block/mmcblk0p10
lrwxrwxrwx root root fota -> /dev/block/mmcblk0p22
lrwxrwxrwx root root fsg -> /dev/block/mmcblk0p24
lrwxrwxrwx root root hidden -> /dev/block/mmcblk0p27
lrwxrwxrwx root root m9kefs1 -> /dev/block/mmcblk0p13
lrwxrwxrwx root root m9kefs2 -> /dev/block/mmcblk0p14
lrwxrwxrwx root root m9kefs3 -> /dev/block/mmcblk0p15
lrwxrwxrwx root root mdm -> /dev/block/mmcblk0p2
lrwxrwxrwx root root modemst1 -> /dev/block/mmcblk0p11
lrwxrwxrwx root root modemst2 -> /dev/block/mmcblk0p12
lrwxrwxrwx root root pad -> /dev/block/mmcblk0p9
lrwxrwxrwx root root param -> /dev/block/mmcblk0p19
lrwxrwxrwx root root persdata -> /dev/block/mmcblk0p26
lrwxrwxrwx root root persist -> /dev/block/mmcblk0p17
lrwxrwxrwx root root recovery -> /dev/block/mmcblk0p21
lrwxrwxrwx root root rpm -> /dev/block/mmcblk0p7
lrwxrwxrwx root root sbl1 -> /dev/block/mmcblk0p3
lrwxrwxrwx root root sbl2 -> /dev/block/mmcblk0p4
lrwxrwxrwx root root sbl3 -> /dev/block/mmcblk0p5
lrwxrwxrwx root root ssd -> /dev/block/mmcblk0p25
lrwxrwxrwx root root system -> /dev/block/mmcblk0p16
lrwxrwxrwx root root tz -> /dev/block/mmcblk0p8
lrwxrwxrwx root root userdata -> /dev/block/mmcblk0p29
[email protected]:/ # cat /proc/mounts
rootfs / rootfs ro,relatime 0 0
tmpfs /dev tmpfs rw,seclabel,nosuid,relatime,mode=755 0 0
devpts /dev/pts devpts rw,seclabel,relatime,mode=600 0 0
none /dev/cpuctl cgroup rw,relatime,cpu 0 0
proc /proc proc rw,relatime 0 0
sysfs /sys sysfs rw,seclabel,relatime 0 0
selinuxfs /sys/fs/selinux selinuxfs rw,relatime 0 0
/sys/kernel/debug /sys/kernel/debug debugfs rw,relatime 0 0
none /acct cgroup rw,relatime,cpuacct 0 0
tmpfs /mnt/secure tmpfs rw,seclabel,relatime,mode=700 0 0
tmpfs /mnt/asec tmpfs rw,seclabel,relatime,mode=755,gid=1000 0 0
/dev/block/dm-0 /mnt/asec/com.picsart.studio-2 ext4 ro,dirsync,seclabel,nosuid,nodev,noatime,errors=continue 0 0
tmpfs /mnt/obb tmpfs rw,seclabel,relatime,mode=755,gid=1000 0 0
/dev/block/platform/msm_sdcc.1/by-name/system /system ext4 ro,seclabel,relatime,data=ordered 0 0
/dev/block/platform/msm_sdcc.1/by-name/userdata /data ext4 rw,seclabel,nosuid,nodev,noatime,discard,journal_checksum,journal_async_commit,noauto_da_alloc,data=ordered 0 0
/dev/block/platform/msm_sdcc.1/by-name/cache /cache ext4 rw,seclabel,nosuid,nodev,noatime,discard,journal_checksum,journal_async_commit,noauto_da_alloc,errors=panic,data=ordered 0 0
/dev/block/platform/msm_sdcc.1/by-name/apnhlos /firmware vfat ro,relatime,uid=1000,gid=1000,fmask=0337,dmask=0227,codepage=cp437,iocharset=iso8859-1,shortname=lower,errors=remount-ro 0 0
/dev/block/platform/msm_sdcc.1/by-name/mdm /firmware-mdm vfat ro,relatime,uid=1000,gid=1000,fmask=0337,dmask=0227,codepage=cp437,iocharset=iso8859-1,shortname=lower,errors=remount-ro 0 0
/dev/block/platform/msm_sdcc.1/by-name/efs /efs ext4 rw,seclabel,nosuid,nodev,noatime,discard,journal_checksum,journal_async_commit,noauto_da_alloc,errors=panic,data=ordered 0 0
/dev/block/platform/msm_sdcc.1/by-name/persdata /persdata/absolute ext4 rw,seclabel,nosuid,nodev,relatime,data=ordered 0 0
/data/container /mnt/shell/container sdcardfs rw,nosuid,nodev,relatime,uid=1000,gid=1000 0 0
/data/media /mnt/shell/emulated sdcardfs rw,nosuid,nodev,relatime,uid=1023,gid=1023 0 0
tmpfs /storage/emulated tmpfs rw,seclabel,nosuid,nodev,relatime,mode=050,gid=1028 0 0
/dev/block/vold/179:33 /storage/extSdCard exfat rw,dirsync,nosuid,nodev,noexec,noatime,nodiratime,uid=1000,gid=1023,fmask=0002,dmask=0002,allow_utime=0020,codepage=cp437,iocharset=utf8,namecase=0,errors=remount-ro 0 0
tmpfs /storage/extSdCard/.android_secure tmpfs ro,seclabel,relatime,size=0k,mode=000 0 0
/data/media /storage/emulated/0 sdcardfs rw,nosuid,nodev,relatime,uid=1023,gid=1023 0 0
/data/media /storage/emulated/0/Android/obb sdcardfs rw,nosuid,nodev,relatime,uid=1023,gid=1023 0 0
/data/media /storage/emulated/legacy sdcardfs rw,nosuid,nodev,relatime,uid=1023,gid=1023 0 0
/data/media /storage/emulated/legacy/Android/obb sdcardfs rw,nosuid,nodev,relatime,uid=1023,gid=1023 0 0
[email protected]:/ # cat /proc/partitions
major minor #blocks name
7 0 17703 loop0
253 0 512000 zram0
179 0 15388672 mmcblk0
179 1 12772 mmcblk0p1
179 2 52764 mmcblk0p2
179 3 128 mmcblk0p3
179 4 256 mmcblk0p4
179 5 512 mmcblk0p5
179 6 2048 mmcblk0p6
179 7 512 mmcblk0p7
179 8 512 mmcblk0p8
179 9 16896 mmcblk0p9
179 10 13952 mmcblk0p10
179 11 3072 mmcblk0p11
179 12 3072 mmcblk0p12
179 13 780 mmcblk0p13
179 14 780 mmcblk0p14
179 15 780 mmcblk0p15
179 16 2826240 mmcblk0p16
179 17 8192 mmcblk0p17
179 18 2119680 mmcblk0p18
179 19 6144 mmcblk0p19
179 20 10240 mmcblk0p20
179 21 10240 mmcblk0p21
179 22 10240 mmcblk0p22
179 23 6144 mmcblk0p23
179 24 3072 mmcblk0p24
179 25 8 mmcblk0p25
179 26 9216 mmcblk0p26
179 27 512000 mmcblk0p27
179 28 20480 mmcblk0p28
179 29 9728000 mmcblk0p29
179 32 30657536 mmcblk1
179 33 30656512 mmcblk1p1
254 0 17703 dm-0
best regards,
Kaito95
what about devices with a locked bootloader, Ex. Verizon and AT&T Galaxy S4 ? would this be possible to flash the modified bootloader on those phones?
This probably wont work in general because you completely forgot to take Qfuses into consideration. You cant downgrade after one of the Qfuses is blown, period. Certificates/downgrading would only work if that didn't exist.
Easton999GS said:
what about devices with a locked bootloader, Ex. Verizon and AT&T Galaxy S4 ? would this be possible to flash the modified bootloader on those phones?
This probably wont work in general because you completely forgot to take Qfuses into consideration. You cant downgrade after one of the Qfuses is blown, period. Certificates/downgrading would only work if that didn't exist.
Click to expand...
Click to collapse
Sorry, i don't know how about devices with a locked bootloader :/
It's only my presumption. I think there are more things that I look for a success flash. I must find the location of files which depends while flashing an old Bootloader
If someone find more information, you can post it here. I'll look it i would be glad if someone make an odin flashable tar file.
Gesendet von meinem GT-I9505 mit Tapatalk 2
I could make an .tar.md5 file with cygwin.
Gesendet von meinem GT-I9505 mit Tapatalk 2
---------- Post added at 02:54 PM ---------- Previous post was at 02:22 PM ----------
Here is the download link for the Odin flashable .tar.md5 file: https://www.dropbox.com/s/icb12kpbib03x04/BL_MGA_DOWNGRADE.tar.md5
Flash it at your own risk!
Gesendet von meinem GT-I9505 mit Tapatalk 2
This is sbl1.mbn from OLD mga bootloader,
please change certifiate from sbl1 mk8 bootloader!
Are your sure of what you have done? To sign a file you need the private key... if you copied the signature from another file it shouldn't be valid.
Inviato dal mio GT-I9505 utilizzando Tapatalk
dpeddi said:
Are your sure of what you have done? To sign a file you need the private key... if you copied the signature from another file it shouldn't be valid.
Inviato dal mio GT-I9505 utilizzando Tapatalk
Click to expand...
Click to collapse
Yes, I'm very sure the certificates between the old Bootloader and the new Bootloader are different and at least they've the same bytes at the end. I'll post screenshots later you can see how many differences they are. I don't change anything on the Bootloader except the certificates
If you found anything which is useful for me please let me know
Gesendet von meinem GT-I9505 mit Tapatalk 2
joiN85 said:
This is sbl1.mbn from OLD mga bootloader,
please change certifiate from sbl1 mk8 bootloader!
Click to expand...
Click to collapse
I'm on XXUEMJ5 firmware currently. If someone have the newest firmware and have rooted. Please post it here.
-> the location is on /firmware-mdm
Gesendet von meinem GT-I9505 mit Tapatalk 2
Kaito95:
Phone: Samsung Galaxy S4 GT-i9505
ROM:Stock Firmware XXUEMJ5 Germany DBT
Kernel:Stock Kernel
Recovery:PhilZ Touch v5.18.9
System Status: Official
Binary Status: Samsung Official
How'd you do that? recovery Philz did not you stay in 0x1? Mirroring works? you have root?
sachs said:
Kaito95:
Phone: Samsung Galaxy S4 GT-i9505
ROM:Stock Firmware XXUEMJ5 Germany DBT
Kernel:Stock Kernel
Recovery:PhilZ Touch v5.18.9
System Status: Official
Binary Status: Samsung Official
How'd you do that? recovery Philz did not you stay in 0x1? Mirroring works? you have root?
Click to expand...
Click to collapse
I have the new Bootloader unfortunately and the knox flag stay on 0x1 but i could make binary and system status official with mobile odin and wanam xposed. On old Bootloader it stays to custom if I flash a recovery through mobile odin however. I can't test the screen mirroring functionality yet.
Gesendet von meinem GT-I9505 mit Tapatalk 2
Please explain me how you add the signature... i suspect you copied and paste from another file. This isn't the right way. The signature is related to the signed file. You method can work only if the samsung bootloader is bugged like some motorola bootloaders.
Inviato dal mio GT-I9505 utilizzando Tapatalk
dpeddi said:
Please explain me how you add the signature... i suspect you copied and paste from another file. This isn't the right way. The signature is related to the signed file. You method can work only if the samsung bootloader is bugged like some motorola bootloaders.
Inviato dal mio GT-I9505 utilizzando Tapatalk
Click to expand...
Click to collapse
I add the new signatures with a hex editor (UltraEdit) . I have looked for the precise locations where a certificate is present and changed it. The sizes of both files are identical and i don't overwrite anything except the signatures at the end. After that I compared it (UltraCompare) and thats it.
Look here:
-> rpm.mbn
-> aboot.mbn → (1) (2) (3)
-> sbl2.mbn ' sbl3.mbn ' tz.mbn (same as rpm.mbn -> layout)
↓ detailed ↓
ABOOT.mbn (XXUBMGA) Samsungs Zertifikate
Begin Header: --> 00119090h (-> 4A C7 9C 08 F6 A5 B9 BD ED DC .....)
ABOOT.mbn (XXUEMK8) Samsungs NEUE Zertifikate
Begin Header: --> 001326b0h ( [c column] -> 98 27 6D 40)
tz.mbn (XXUBMGA)
Begin Header: 000309b0h ([c column] -> 8D ED 48 79 ... )
tz.mbn (XXUEMK8)
Begin Header: 000309b0h ([c column] -> 42 F6 55 68 ... )
sbl2.mbn (XXUBMGA)
Begin Header: 00022060h (8th column] -> 69 1D D5 EB .... )
sbl2.mbn (XXUEMK8)
Begin Header: 00022060h ([8th column] -> 1C 02 01 EA .... )
sbl3.mbn (XXUBMGA)
Begin Header:0003ef10h ([c column] -> 94 00 F0 8F .... )
sbl3.mbn (XXUEMK8)
Begin Header: 0003ef20h ([c column] -> 94 00 F0 8F .... )
rpm.mbn (XXUBMGA)
Begin Header: 00022500h ([8th column] -> 0E 48 00 B5 00 68 9D B0)
rpm.mbn (XXUEMK8)
Begin Header: 00022500h ([8th column] -> 0E 48 00 B5 00 68 9D B0)
@all... avoid flashing this files... if you are lucky it fail loading with odin... with mobile odin you may brick your device.
http://stackoverflow.com/questions/...-rsa-certificate-etc-to-any-of-file-using-php this is a right way but we don't have Samsung private key
Inviato dal mio GT-I9505 utilizzando Tapatalk
Can any body try use ADB and cmd to downgrade bootloader??? And then go to download mode and flash 4.2.2 with out Knox
Wysłane z mojego GT-I9505 przy użyciu Tapatalka
Kaito95 said:
I add the new signatures with a hex editor (UltraEdit) . I have looked for the precise locations where a certificate is present and changed it. The sizes of both files are identical and i don't overwrite anything except the signatures at the end. After that I compared it (UltraCompare) and thats it.
Click to expand...
Click to collapse
Apparently you have no idea how digital signatures work.
The signature uses the input data, hashes it, then signs it with the private key. The public key, which is distributed with the certificate, is used to verify the signature. If you don't have the private key, you can't make a valid signature from new input. Copying certificates around won't help you unless you have the private key that corresponds to the certificates that you're playing with.
k1mu said:
Apparently you have no idea how digital signatures work.
The signature uses the input data, hashes it, then signs it with the private key. The public key, which is distributed with the certificate, is used to verify the signature. If you don't have the private key, you can't make a valid signature from new input. Copying certificates around won't help you unless you have the private key that corresponds to the certificates that you're playing with.
Click to expand...
Click to collapse
Could be
I thought that the private keys are inside the certificate. While I editing the files, I saw lines that redirect to a http website. As I already have said, there are more things that we must change!
Gesendet von meinem GT-I9505 mit Tapatalk 2
Kaito95 said:
Could be
I thought that the private keys are inside the certificate. While I editing the files, I saw lines that redirect to a http website. As I already have said, there are more things that we must change!
Click to expand...
Click to collapse
Nope. The public key is in the certificate. The only way you're going to get the private key is via a leak.
The URLs in the certificate are most likely CDPs (certificate revocation list distribution point) or OCSP (Online certificate status protocol) addresses. Those permit the certificate issuer to invalidate it if it becomes compromised.
k1mu said:
Nope. The public key is in the certificate. The only way you're going to get the private key is via a leak.
The URLs in the certificate are most likely CDPs (certificate revocation list distribution point) or OCSP (Online certificate status protocol) addresses. Those permit the certificate issuer to invalidate it if it becomes compromised.
Click to expand...
Click to collapse
Damn...
Do you think that we could get the private key through an OTA Update inside the update-zip?? If yes, we could integrate the old Bootloader inside the update-zip... ?
Gesendet von meinem GT-I9505 mit Tapatalk 2
Kaito95 said:
Damn...
Do you think that we could get the private key through an OTA Update inside the update-zip?? If yes, we could integrate the old Bootloader inside the update-zip... ?
Gesendet von meinem GT-I9505 mit Tapatalk 2
Click to expand...
Click to collapse
Private key is just that.
It's locked in a vault somewhere. Unless it gets leaked, forget about it.
Keys have been leaked before, but you aren't going to get the keys through brute force or any other computerized method.
To sign the boot loader, you need the key *AND* the hash.
@Kaito95
Do you know that modem.bin contains sbl and rpm
(there are many other things related to Knox bootloader and downgrade)
Related
Hello all! I'm sorry for my english.
I am trying to port CWM into my device Huawei Vision U8850, 'recovery mode' compiling from a source code Cyanogen
and i have some errors when starting RecoveryMode
1) E: can't find misc
2) E; Can't mount /cache/recovery/command
3) E: Can't moun( and open) /cache/recovery/log
4) E: Can't mount (and open) /cache/recovery/last_log
My recovery.fstab
Code:
# mount point<->fstype device <-->[device2]
/boot mtd boot
/cache ext3 /dev/block/mmcblk0p11
/data ext3 /dev/block/mmcblk0p8
/misc emmc /data/misc
/recovery mtd recovery /dev/block/mmcblk0p1
/sdcard vfat /dev/block/mmcblk1p1
/system ext3 /dev/block/mmcblk0p7
#/sd-ext ext4 /dev/block/mmcblk0p2
in device "misc" in /data/misc
When i mount "misc ext3 /data/misc" - E: unknown fs type
"misc mtd /data/misc" - E: can't found misc
"misc emmc /data/misc" - Can't open misc
Mounts from device
Code:
rootfs / rootfs ro,relatime 0 0
tmpfs /dev tmpfs rw,relatime,mode=755 0 0
devpts /dev/pts devpts rw,relatime,mode=600 0 0
proc /proc proc rw,relatime 0 0
sysfs /sys sysfs rw,relatime 0 0
none /acct cgroup rw,relatime,cpuacct 0 0
tmpfs /mnt/asec tmpfs rw,relatime,mode=755,gid=1000 0 0
tmpfs /mnt/obb tmpfs rw,relatime,mode=755,gid=1000 0 0
none /dev/cpuctl cgroup rw,relatime,cpu 0 0
/dev/block/mmcblk0p7 /system ext3 rw,relatime,data=ordered 0 0
/dev/block/mmcblk0p8 /data ext3 rw,nosuid,nodev,relatime,errors=continue,data=ordered 0 0
/dev/block/mmcblk0p10 /hidden ext3 rw,nosuid,nodev,relatime,data=ordered 0 0
/dev/block/mmcblk0p9 /hidden/data ext3 rw,nosuid,nodev,relatime,data=ordered 0 0
/dev/block/mmcblk0p11 /cache ext3 rw,nosuid,nodev,relatime,errors=continue,data=ordered 0 0
debugfs /sys/kernel/debug debugfs rw,relatime 0 0
/dev/block/vold/179:33 /mnt/sdcard vfat rw,dirsync,nosuid,nodev,noexec,relatime,uid=1000,gid=1015,fmask=0702,dmask=0702,allow_utime=0020,codepage=cp437,iocharset=iso8859-1,shortname=mixed,utf8,errors=remount-ro 0 0
/dev/block/vold/179:33 /mnt/secure/asec vfat rw,dirsync,nosuid,nodev,noexec,relatime,uid=1000,gid=1015,fmask=0702,dmask=0702,allow_utime=0020,codepage=cp437,iocharset=iso8859-1,shortname=mixed,utf8,errors=remount-ro 0 0
tmpfs /mnt/sdcard/.android_secure tmpfs ro,relatime,size=0k,mode=000 0 0
/dev/block/dm-0 /mnt/asec/ru.dublgis.dgismobile-1 vfat ro,dirsync,nosuid,nodev,relatime,uid=1000,fmask=0222,dmask=0222,codepage=cp437,iocharset=iso8859-1,shortname=mixed,utf8,errors=remount-ro 0 0
My partitions
Code:
major minor #blocks name
7 0 24980 loop0
7 1 27660 loop1
179 0 1867776 mmcblk0
179 1 102400 mmcblk0p1
179 2 500 mmcblk0p2
179 3 1500 mmcblk0p3
179 4 1 mmcblk0p4
179 5 8192 mmcblk0p5
179 6 8192 mmcblk0p6
179 7 253952 mmcblk0p7
179 8 1122304 mmcblk0p8
179 9 81920 mmcblk0p9
179 10 32768 mmcblk0p10
179 11 204800 mmcblk0p11
179 12 8192 mmcblk0p12
179 13 8192 mmcblk0p13
179 14 8192 mmcblk0p14
179 15 8192 mmcblk0p15
179 16 8192 mmcblk0p16
179 17 8192 mmcblk0p17
179 32 3929088 mmcblk1
179 33 3924992 mmcblk1p1
254 0 24979 dm-0
Can be corrected in the boot init.rc section, but then what rights the user and group, options set?
Please help me. Thanks...
Cant help you but good luck for you, i have that phone and i really would like cwm
I did this.
If any interested for CWM Recovery 5.0.2.8 for Huawei Vision U8850
This is firmware based on chaina firmware V100R001CHNC00B307SP20 with kernel 2.6.35.7 and i added root + CWM_recovery_5.0.2.8 http://yadi.sk/d/R4p2T6b30Edt
GriefNorth said:
I did this.
If any interested for CWM Recovery 5.0.2.8 for Huawei Vision U8850
This is firmware based on chaina firmware V100R001CHNC00B307SP20 with kernel 2.6.35.7 and i added root + CWM_recovery_5.0.2.8 http://yadi.sk/d/R4p2T6b30Edt
Click to expand...
Click to collapse
Anyone confirm this is working?
Anyone confirm this is working?
Click to expand...
Click to collapse
Only russian users from http://4pda.ru/forum/index.php?showtopic=257207&st=2320 and http://4pda.ru/forum/index.php?showtopic=358221&st=280 May be problem if you device sim-lock.
Ok, thanks. Im MAYBE trying this
Sent from my Vision
in this firmware original bootloader. and the possibility of obtaining brick is zero %
GriefNorth said:
in this firmware original bootloader. and the possibility of obtaining brick is zero %
Click to expand...
Click to collapse
really? have you installed it?
Sent from my Vision
yes
so is it for 2.3.5 version or 2.3.7 , cos i have 2.3.5
Sent from my Vision
this is full firmware 2.3.7
GriefNorth said:
this is full firmware 2.3.7
Click to expand...
Click to collapse
and its based china version? because on not chinese
Sent from my Vision
Yes it's china version, after installing change language. China because file system ext4 switch off on my official firmware (russian), but in chaina firmware ext4 switch on in kernel and used. CWM recovery not working with ext3.
GriefNorth said:
Yes it's china version, after installing change language. China because file system ext4 switch off on my official firmware (russian), but in chaina firmware ext4 switch on in kernel and used. CWM recovery not working with ext3.
Click to expand...
Click to collapse
ok, but can i change back to original if i dont like that?
Sent from my Vision
Yes...
GriefNorth said:
I did this.
If any interested for CWM Recovery 5.0.2.8 for Huawei Vision U8850
This is firmware based on chaina firmware V100R001CHNC00B307SP20 with kernel 2.6.35.7 and i added root + CWM_recovery_5.0.2.8 ...... ...
Click to expand...
Click to collapse
I have many problems with this firmware. Keyboard isn't contained and every keyboard I install won't work - it disappears every time i write one letter.
And the second problem is that CWM is not working for me. It is there, but I can't do anything in it, because back button is not working.
Is there anybody else having the same problem?
i'm sorry, this firmware not have a keyboard, you should install any keyboard from google market. And in recovery going on the last position and press Vol+andVol- (at the same time) then show @Back button menu [email protected]
GriefNorth said:
i'm sorry, this firmware not have a keyboard, you should install any keyboard from google market. And in recovery going on the last position and press Vol+andVol- (at the same time) then show @Back button menu [email protected]
Click to expand...
Click to collapse
Thanks, I'll give it a second try.
try it's all works, without keyboard *sorry* )))
Oh, the "back button" I ment was the one used for confirming an action in recovery, that one is not working for me, when I use it, the selected action will not perform, nothing will happen, so I canť do anything in it, because there's no working button for confirming actions. Do you know what I mean? I'm not that good at english, so I don't know how to express some things
Hello,
I picked up a Meizu MX2 while I was in Hong Kong last week. I've succesfully rooted the device, but now I'm trying to compile CWM for it and need to save a boot.img file.
Unfortunately, I can't seem to find the boot partition at all. Any ideas would be appreciated.
Code:
1|[email protected]:/ # cat /proc/partitions
major minor #blocks name
7 0 34335 loop0
7 1 13545 loop1
7 2 34335 loop2
7 3 9387 loop3
179 0 31162368 mmcblk0
179 1 27951104 mmcblk0p1
179 2 778240 mmcblk0p2
179 3 2097152 mmcblk0p3
179 4 204800 mmcblk0p4
254 0 34335 dm-0
254 1 13545 dm-1
254 2 34335 dm-2
254 3 9387 dm-3
Code:
127|[email protected]:/ # mount
rootfs / rootfs ro,relatime 0 0
tmpfs /dev tmpfs rw,nosuid,relatime,mode=755 0 0
devpts /dev/pts devpts rw,relatime,mode=600 0 0
proc /proc proc rw,relatime 0 0
sysfs /sys sysfs rw,relatime 0 0
none /acct cgroup rw,relatime,cpuacct 0 0
tmpfs /mnt/asec tmpfs rw,relatime,mode=755,gid=1000 0 0
tmpfs /mnt/obb tmpfs rw,relatime,mode=755,gid=1000 0 0
none /dev/cpuctl cgroup rw,relatime,cpu 0 0
/dev/block/mmcblk0p2 /system ext4 ro,relatime,barrier=1,data=ordered 0 0
/dev/block/mmcblk0p3 /data ext4 rw,nosuid,nodev,noatime,barrier=1,data=ordered,noauto_da_alloc 0 0
/dev/block/mmcblk0p4 /cache ext4 rw,nosuid,nodev,noatime,barrier=1,data=ordered 0 0
/dev/block/dm-0 /mnt/asec/com.ea.games.nfs13_row-1 ext4 ro,dirsync,nosuid,nodev,noatime,barrier=1 0 0
/dev/block/dm-1 /mnt/asec/com.touchtype.swiftkey-1 ext4 ro,dirsync,nosuid,nodev,noatime,barrier=1 0 0
/dev/block/dm-2 /mnt/asec/com.vectorunit.green-1 ext4 ro,dirsync,nosuid,nodev,noatime,barrier=1 0 0
/dev/block/vold/179:1 /mnt/sdcard vfat rw,dirsync,nosuid,nodev,noexec,relatime,uid=1000,gid=1015,fmask=0702,dmask=0702,allow_utime=0020,codepage=cp437,iocharset=iso8859-1,shortname=mixed,utf8,errors=remount-ro 0 0
/dev/block/vold/179:1 /mnt/secure/asec vfat rw,dirsync,nosuid,nodev,noexec,relatime,uid=1000,gid=1015,fmask=0702,dmask=0702,allow_utime=0020,codepage=cp437,iocharset=iso8859-1,shortname=mixed,utf8,errors=remount-ro 0 0
tmpfs /mnt/sdcard/.android_secure tmpfs ro,relatime,size=0k,mode=000 0 0
/dev/block/dm-3 /mnt/asec/com.wordsmobile.musichero-1 ext4 ro,dirsync,nosuid,nodev,noatime,barrier=1 0 0
Code:
[email protected]:/ # df
Filesystem Size Used Free Blksize
/dev 929M 32K 929M 4096
/mnt/asec 929M 0K 929M 4096
/mnt/obb 929M 0K 929M 4096
/system 748M 289M 458M 4096
/data 1G 629M 1G 4096
/cache 196M 10M 186M 4096
/mnt/asec/com.ea.games.nfs13_row-1 32M 31M 1M 4096
/mnt/asec/com.touchtype.swiftkey-1 13M 10M 2M 4096
/mnt/asec/com.vectorunit.green-1 32M 31M 1M 4096
/mnt/sdcard 26G 2G 24G 16384
/mnt/secure/asec 26G 2G 24G 16384
/mnt/asec/com.wordsmobile.musichero-1 9M 7M 1M 4096
Code:
[email protected]:/ # ls -la
drwxr-xr-x root root 2013-01-07 18:28 acct
drwxrwx--- system cache 2013-01-07 06:16 cache
dr-x------ root root 2013-01-07 18:28 config
lrwxrwxrwx root root 2013-01-07 18:28 d -> /sys/kernel/debug
drwxrwx--x system system 2012-12-29 08:14 data
-rw-r--r-- root root 125 1970-01-01 07:00 default.prop
drwxr-xr-x root root 2013-01-07 18:28 dev
lrwxrwxrwx root root 2013-01-07 18:28 etc -> /system/etc
-rwxr-x--- root root 105152 1970-01-01 07:00 init
-rwxr-x--- root root 2344 1970-01-01 07:00 init.goldfish.rc
-rwxr-x--- root root 7139 1970-01-01 07:00 init.mx2.rc
-rwxr-x--- root root 2145 1970-01-01 07:00 init.mx2.usb.rc
-rwxr-x--- root root 19772 1970-01-01 07:00 init.rc
-rwxr-x--- root root 1637 1970-01-01 07:00 init.trace.rc
-rwxr-x--- root root 3915 1970-01-01 07:00 init.usb.rc
drwxrwxr-x root system 2013-01-07 18:28 mnt
dr-xr-xr-x root root 1970-01-01 07:00 proc
drwx------ root root 2012-12-19 16:28 root
drwxr-x--- root root 1970-01-01 07:00 sbin
lrwxrwxrwx root root 2013-01-07 18:28 sdcard -> /mnt/sdcard
drwxr-xr-x root root 2013-01-07 18:28 sys
drwxr-xr-x root root 2012-12-30 23:01 system
-rw-r--r-- root root 272 1970-01-01 07:00 ueventd.goldfish.rc
-rw-r--r-- root root 1703 1970-01-01 07:00 ueventd.mx2.rc
-rw-r--r-- root root 3879 1970-01-01 07:00 ueventd.rc
lrwxrwxrwx root root 2013-01-07 18:28 vendor -> /system/vendor
Any luck with this?
finding boot image partition
[
QUOTE=bakedjake;36394241]Hello,
I picked up a Meizu MX2 while I was in Hong Kong last week. I've succesfully rooted the device, but now I'm trying to compile CWM for it and need to save a boot.img file.
Unfortunately, I can't seem to find the boot partition at all. Any ideas would be appreciated.
179 1 27951104 mmcblk0p1
179 2 778240 mmcblk0p2
179 3 2097152 mmcblk0p3
179 4 204800 mmcblk0p4
/dev/block/mmcblk0p2 /system ext4 ro,relatime,barrier=1,data=ordered 0 0
/dev/block/mmcblk0p3 /data ext4 rw,nosuid,nodev,noatime,barrier=1,data=ordered,noauto_da_alloc 0 0
/dev/block/mmcblk0p4 /cache ext4 rw,nosuid,nodev,noatime,barrier=1,data=ordered 0 0
Click to expand...
Click to collapse
Based on the information you have provided, you have four visible partitions on the flash. With three used by system, data, and cache, I would expect the remaining partition to be boot ( mmcblk0p1 ). I would do a dump of all partitions as back-ups for a future restore if necessary.
dump the partitions with "cat /dev/block/mmcblk0p1 > /sdcard/mmcblk0p1.img"
substitute the names of the partitions accordingly. I recommend you install an external sdcard larger than the built in and save the images there.
If you do look at the image files with a hex editor, the boot image partition will have the boot command string usually in the beginning of the file.
Good luck
mccabet said:
[
Based on the information you have provided, you have four visible partitions on the flash. With three used by system, data, and cache, I would expect the remaining partition to be boot ( mmcblk0p1 ). I would do a dump of all partitions as back-ups for a future restore if necessary.
dump the partitions with "cat /dev/block/mmcblk0p1 > /sdcard/mmcblk0p1.img"
substitute the names of the partitions accordingly. I recommend you install an external sdcard larger than the built in and save the images there.
If you do look at the image files with a hex editor, the boot image partition will have the boot command string usually in the beginning of the file.
Good luck
Click to expand...
Click to collapse
download the boot partition app from google play and click on the middle lower button after open then you can click on the partitions to tell you the label number and what it is ass boot or recovery or sbl1
michaelway67 said:
download the boot partition app from google play and click on the middle lower button after open then you can click on the partitions to tell you the label number and what it is ass boot or recovery or sbl1
Click to expand...
Click to collapse
What is the name of the app?
mccabet said:
[
Based on the information you have provided, you have four visible partitions on the flash. With three used by system, data, and cache, I would expect the remaining partition to be boot ( mmcblk0p1 ). I would do a dump of all partitions as back-ups for a future restore if necessary.
dump the partitions with "cat /dev/block/mmcblk0p1 > /sdcard/mmcblk0p1.img"
substitute the names of the partitions accordingly. I recommend you install an external sdcard larger than the built in and save the images there.
If you do look at the image files with a hex editor, the boot image partition will have the boot command string usually in the beginning of the file.
Good luck
Click to expand...
Click to collapse
I agree. This is the correct method. No need for crappy apps from the playstore for such a simple proceedure. And you remain in control.
yes but some rather play it safe and not mess with commands but the app is partition table
here
mccabet said:
[
Based on the information you have provided, you have four visible partitions on the flash. With three used by system, data, and cache, I would expect the remaining partition to be boot ( mmcblk0p1 ). I would do a dump of all partitions as back-ups for a future restore if necessary.
dump the partitions with "cat /dev/block/mmcblk0p1 > /sdcard/mmcblk0p1.img"
substitute the names of the partitions accordingly. I recommend you install an external sdcard larger than the built in and save the images there.
If you do look at the image files with a hex editor, the boot image partition will have the boot command string usually in the beginning of the file.
Good luck
Click to expand...
Click to collapse
This seems a pretty difficult way to go about this.
The easiest way is to use adb:
Code:
adb pull /tmp/recovery.log
If using Windows and you want to pull out to your desktop
Code:
adb pull /tmp/recovery.log C:\Users\Your Name\Desktop
Open the recovery text file using notepad++ (you can use notepad but it's not at all organized) and the first dozen lines or so tell you specifically which each partition is (boot, data, system, cache, etc) relative to it's mmcblk0p_ . This was the only way I could find my boot partition after trying every cat /proc, fdisk, parted, command I could think of. Hope it helps!
Try looking at /proc/mtd , on some devices it usually contains names and descriptions of each MTD device present on the system.
hello all
i just trying to make cwm for my brand new SAMSUNG GALAXY STAR G-S5282 but coudnt find any source orsomething like that... its running jelly bean i try to dump boot image but its says
Code:
dump_image boot boot.img
/system/bin/sh: dump_image: not found
ok now something wron it dont have dump_image file in it
partitions of this mobile is
Code:
cat /proc/partitions
major minor #blocks name
179 0 3817472 mmcblk0
179 1 3840 mmcblk0p1
179 2 3840 mmcblk0p2
179 3 5120 mmcblk0p3
179 4 5120 mmcblk0p4
179 5 10240 mmcblk0p5
179 6 10240 mmcblk0p6
179 7 10240 mmcblk0p7
179 8 512 mmcblk0p8
179 9 2048 mmcblk0p9
179 10 2048 mmcblk0p10
179 11 8192 mmcblk0p11
179 12 3840 mmcblk0p12
179 13 3840 mmcblk0p13
179 14 3840 mmcblk0p14
179 15 3840 mmcblk0p15
179 16 256 mmcblk0p16
179 17 256 mmcblk0p17
179 18 256 mmcblk0p18
179 19 10240 mmcblk0p19
179 20 524288 mmcblk0p20
179 21 917504 mmcblk0p21
179 22 131072 mmcblk0p22
179 23 5120 mmcblk0p23
179 24 10240 mmcblk0p24
179 25 2121728 mmcblk0p25
179 26 8 mmcblk0p26
179 27 1024 mmcblk0p27
mounts
Code:
cat /proc/mounts
rootfs / rootfs rw,relatime 0 0
tmpfs /dev tmpfs rw,nosuid,relatime,mode=755 0
devpts /dev/pts devpts rw,relatime,mode=600 0 0
proc /proc proc rw,relatime 0 0
sysfs /sys sysfs rw,relatime 0 0
tmpfs /mnt/asec tmpfs rw,relatime,mode=755,gid=
tmpfs /mnt/obb tmpfs rw,relatime,mode=755,gid=1
/dev/block/mmcblk0p21 /system ext4 ro,relatime,
/dev/block/mmcblk0p25 /data ext4 rw,nosuid,node
mit,data=ordered 0 0
/dev/block/mmcblk0p20 /cache ext4 rw,nosuid,nod
bmit,data=ordered 0 0
/dev/block/mmcblk0p19 /efs ext4 rw,nosuid,nodev
commit,data=ordered 0 0
debugfs /sys/kernel/debug debugfs rw,relatime 0
/dev/fuse /storage/sdcard0 fuse rw,nosuid,nodev
up_id=1023,default_permissions,allow_other 0 0
now is there any wy to make dump of boot.img or recovery.img for making cwm?
touseefiqbal said:
now is there any wy to make dump of boot.img or recovery.img for making cwm?
Click to expand...
Click to collapse
Yes you can dump both boot.img and recovery.img provided you have root access by using the following commands:
First:
Code:
cd /dev/block/platform
Then list which platform name you have:
Code:
ls
After change into the platform name directory (The following is an example from my Verizon Galaxy S3):
Code:
cd msm_sdcc.1/by-name
Then:
Code:
ls -l
This command will list what partitions are the boot and recovery partitions make sure to note which block number the recovery and boot partitions are. Now that we know what block number the partitions we want are we can dump them:
Code:
cat /dev/block/recovery_partition_block number > /mnt/sdcard/recovery.img
cat /dev/block/boot_partition_block number > /mnt/sdcard/boot.img
You should now have recovery.img and boot.img files located on your sdcard. Let me know if you still have questions .
Sent from my SCH-I535 using xda premium
shimp208 said:
Yes you can dump both boot.img and recovery.img provided you have root access by using the following commands:
First:
Code:
cd /dev/block/platform
Then list which platform name you have:
Code:
ls
After change into the platform name directory (The following is an example from my Verizon Galaxy S3):
Code:
cd msm_sdcc.1/by-name
Then:
Code:
ls -l
This command will list what partitions are the boot and recovery partitions make sure to note which block number the recovery and boot partitions are. Now that we know what block number the partitions we want are we can dump them:
Code:
cat /dev/block/recovery_partition_block number > /mnt/sdcard/recovery.img
cat /dev/block/boot_partition_block number > /mnt/sdcard/boot.img
You should now have recovery.img and boot.img files located on your sdcard. Let me know if you still have questions .
Sent from my SCH-I535 using xda premium
Click to expand...
Click to collapse
sorry i didnt tell you that i dont have root access
I dnt hav root access
Sent from my GT-S5282 using XDA Premium HD app
touseefiqbal said:
sorry i didnt tell you that i dont have root access
Click to expand...
Click to collapse
If you want to root your device I would recommend checking out this thread
http://forum.xda-developers.com/showthread.php?t=2320771 on how to root the Galaxy Star.
Sent from my SCH-I535 using xda premium
As you can see, I can not find where is boot.img in, cuold you pls show me, thank.
shimp208 said:
If you want to root your device I would recommend checking out this thread
http://forum.xda-developers.com/showthread.php?t=2320771 on how to root the Galaxy Star.
Sent from my SCH-I535 using xda premium
Click to expand...
Click to collapse
My divice is rooted
Try to get recovery bro
Sent from my GT-S5282 using XDA Premium HD app
touseefiqbal said:
Try to get recovery bro
Sent from my GT-S5282 using XDA Premium HD app
Click to expand...
Click to collapse
I've get recovery.img already thank your method above, but I want to get boot.img and can not see where.
hi
oldmanhp said:
I've get recovery.img already thank your method above, but I want to get boot.img and can not see where.
Click to expand...
Click to collapse
can you plz share recovery? i will help you to get boot.img
one more thing is it recovery for galaxy star gt-s5282? if yes pl share
ter
oldmanhp said:
I've get recovery.img already thank your method above, but I want to get boot.img and can not see where.
Click to expand...
Click to collapse
install terminal emulator and type
Code:
dump_image boot /sdcard/boot.img
touseefiqbal said:
can you plz share recovery? i will help you to get boot.img
one more thing is it recovery for galaxy star gt-s5282? if yes pl share
Click to expand...
Click to collapse
Here you are, post #48, it is for Galaxy Mega gt-i9152.
http://forum.xda-developers.com/showthread.php?p=44268116#post44268116
oldmanhp said:
I've get recovery.img already thank your method above, but I want to get boot.img and can not see where.
Click to expand...
Click to collapse
To get boot.img I would recommend dumping the partition named KERNEL which from the output you provided is /dev/block/mmcblk0p5 the device's kernel is usually stored on the /boot partition, so from what I can tell /dev/block/mmcblk0p5 appears to be the boot partition that you could then dump to get a boot.img file.
q
shimp208 said:
To get boot.img I would recommend dumping the partition named KERNEL which from the output you provided is /dev/block/mmcblk0p5 the device's kernel is usually stored on the /boot partition, so from what I can tell /dev/block/mmcblk0p5 appears to be the boot partition that you could then dump to get a boot.img file.
Click to expand...
Click to collapse
also if you hav cwm reovery then through recovery go for a backup
Firstly, mods, please! Move me to a different forum if this thread is in the wrong place, I'm not used to posting on xda (usely searching is sufficient.)
Updates: Method to restore your ME170C* from a brick! See below for the guide.
I just picked up a ME170CX at a local Meijers in the Thanksgiving sale. It has pretty decent hardware and the default UI is pretty nice, overall. However, the previous tablet I used (and still do) was the Acer Iconia A500, which has the good luck of a custom bootloader, a 4.4.4 OmniRom port as well as a bunch of other stuff, and an extremely recent CWM. Long story short, I'm spoiled on .bat scripts and a convenient APX flashing utility by NVidia.
Since I'm essentially blazing the trail, I'd really like a few ideas to get started. Again, my plan is to compile CWM, make a flashable root package, and to (eventually) put together a custom ROM. So far, this is the info I've collected to that end:
Running Android 4.4.2
build # KVT49L.WW_MeMO_Pad-11.2.3.21-20141111 release-keys
Kernel version: 3.10.20 [email protected] #1
Intel USB drivers confirmed to work for both ADB/fastboot.
Includes DROIDBOOT (ie: fastboot)
MMC partition layout
Partition Info
/proc/partitions
major minor #blocks name
179 0 15392768 mmcblk0
179 1 48128 mmcblk0p1
179 2 8192 mmcblk0p2
179 3 2048 mmcblk0p3
179 4 21504 mmcblk0p4
179 5 1024 mmcblk0p5
179 6 21504 mmcblk0p6
179 7 32768 mmcblk0p7
179 8 428032 mmcblk0p8
179 9 1187840 mmcblk0p9
259 0 13633519 mmcblk0p10
179 40 4096 mmcblk0rpmb
179 30 8192 mmcblk0gp0
179 20 4096 mmcblk0boot1
179 10 4096 mmcblk0boot0
179 50 3872256 mmcblk1
179 51 3870720 mmcblk1p1
"$ mount" results
rootfs / rootfs ro,relatime 0 0
tmpfs /dev tmpfs rw,seclabel,nosuid,relatime,mode=755 0 0
devpts /dev/pts devpts rw,seclabel,relatime,mode=600 0 0
proc /proc proc rw,relatime 0 0
sysfs /sys sysfs rw,seclabel,relatime 0 0
selinuxfs /sys/fs/selinux selinuxfs rw,relatime 0 0
none /acct cgroup rw,relatime,cpuacct 0 0
none /sys/fs/cgroup tmpfs rw,seclabel,relatime,mode=750,gid=1000 0 0
tmpfs /mnt/media_rw tmpfs rw,seclabel,relatime,mode=700,uid=1023,gid=1023 0 0
tmpfs /storage tmpfs rw,seclabel,relatime,mode=751,gid=1028 0 0
tmpfs /Removable tmpfs rw,seclabel,relatime,mode=751,gid=1028 0 0
tmpfs /mnt/secure tmpfs rw,seclabel,relatime,mode=700 0 0
tmpfs /mnt/asec tmpfs rw,seclabel,relatime,mode=755,gid=1000 0 0
tmpfs /mnt/obb tmpfs rw,seclabel,relatime,mode=755,gid=1000 0 0
none /dev/cpuctl cgroup rw,relatime,cpu 0 0
/dev/block/platform/intel/by-label/system /system ext4 ro,seclabel,noatime,data=
ordered 0 0
/dev/block/platform/intel/by-label/factory /factory ext4 ro,seclabel,noatime 0 0
/dev/block/platform/intel/by-label/cache /cache ext4 rw,seclabel,nosuid,nodev,no
atime,data=ordered 0 0
/dev/block/platform/intel/by-label/config /config ext4 rw,seclabel,nosuid,nodev,
noatime,data=ordered 0 0
/dev/block/platform/intel/by-label/firmware /firmware ext4 ro,seclabel,noatime,d
ata=ordered 0 0
/dev/block/platform/intel/by-label/data /data ext4 rw,seclabel,nosuid,nodev,noat
ime,noauto_da_alloc,data=ordered 0 0
/dev/block/platform/intel/by-label/gauge /gauge ext4 rw,seclabel,nosuid,nodev,no
atime 0 0
adb /dev/usb-ffs/adb functionfs rw,relatime 0 0
/dev/block/mmcblk0p7 /ADF ext4 rw,seclabel,nosuid,nodev,noatime,data=ordered 0 0
none /sys/kernel/debug debugfs rw,relatime,mode=755 0 0
none /pstore pstore rw,relatime 0 0
none /proc/sys/fs/binfmt_misc binfmt_misc rw,relatime 0 0
/dev/fuse /mnt/shell/emulated fuse rw,nosuid,nodev,relatime,user_id=1023,group_i
d=1023,default_permissions,allow_other 0 0
/dev/block/vold/179:51 /mnt/media_rw/MicroSD vfat rw,dirsync,nosuid,nodev,noexec
,relatime,uid=1023,gid=1023,fmask=0002,dmask=0002,allow_utime=0020,codepage=437,
iocharset=iso8859-1,shortname=mixed,utf8,errors=remount-ro 0 0
/dev/block/vold/179:51 /mnt/secure/asec vfat rw,dirsync,nosuid,nodev,noexec,rela
time,uid=1023,gid=1023,fmask=0002,dmask=0002,allow_utime=0020,codepage=437,iocha
rset=iso8859-1,shortname=mixed,utf8,errors=remount-ro 0 0
/dev/fuse /storage/MicroSD fuse rw,nosuid,nodev,relatime,user_id=1023,group_id=1
023,default_permissions,allow_other 0 0
/dev/block/platform/intel/by-label contents
lrwxrwxrwx root root 2014-11-28 17:29 ADF -> /dev/block/mmcblk0p7
lrwxrwxrwx root root 2014-11-28 17:29 cache -> /dev/block/mmcblk0p8
lrwxrwxrwx root root 2014-11-28 17:29 config -> /dev/block/mmcblk0p4
lrwxrwxrwx root root 2014-11-28 17:29 data -> /dev/block/mmcblk0p10
lrwxrwxrwx root root 2014-11-28 17:29 factory -> /dev/block/mmcblk0p3
lrwxrwxrwx root root 2014-11-28 17:29 firmware -> /dev/block/mmcblk0p6
lrwxrwxrwx root root 2014-11-28 17:29 gauge -> /dev/block/mmcblk0p5
lrwxrwxrwx root root 2014-11-28 17:29 panic -> /dev/block/mmcblk0p2
lrwxrwxrwx root root 2014-11-28 17:29 reserved -> /dev/block/mmcblk0p1
lrwxrwxrwx root root 2014-11-28 17:29 system -> /dev/block/mmcblk0p9
/dev/block/platform/intel/by-guid contents
lrwxrwxrwx root root 2014-11-28 17:29 80868086-8086-8086-8086-000000000000 -> /dev/block/mmcblk0p1
lrwxrwxrwx root root 2014-11-28 17:29 80868086-8086-8086-8086-000000000001 -> /dev/block/mmcblk0p2
lrwxrwxrwx root root 2014-11-28 17:29 80868086-8086-8086-8086-000000000002 -> /dev/block/mmcblk0p3
lrwxrwxrwx root root 2014-11-28 17:29 80868086-8086-8086-8086-000000000003 -> /dev/block/mmcblk0p4
lrwxrwxrwx root root 2014-11-28 17:29 80868086-8086-8086-8086-000000000004 -> /dev/block/mmcblk0p5
lrwxrwxrwx root root 2014-11-28 17:29 80868086-8086-8086-8086-000000000005 -> /dev/block/mmcblk0p6
lrwxrwxrwx root root 2014-11-28 17:29 80868086-8086-8086-8086-000000000006 -> /dev/block/mmcblk0p7
lrwxrwxrwx root root 2014-11-28 17:29 80868086-8086-8086-8086-000000000007 -> /dev/block/mmcblk0p8
lrwxrwxrwx root root 2014-11-28 17:29 80868086-8086-8086-8086-000000000008 -> /dev/block/mmcblk0p9
lrwxrwxrwx root root 2014-11-28 17:29 80868086-8086-8086-8086-000000000009 -> /dev/block/mmcblk0p10
Parted info for partitions
Model: MMC 016GE2 (sd/mmc)
Disk /dev/block/mmcblk0: 15.8GB
Sector size (logical/physical): 512B/512B
Partition Table: gpt
Number Start End Size File system Name Flags
1 17.4kB 49.3MB 49.3MB reserved boot
2 49.3MB 57.7MB 8389kB panic boot
3 57.7MB 59.8MB 2097kB ext2 factory
4 59.8MB 81.8MB 22.0MB ext4 config
5 81.8MB 82.9MB 1049kB ext2 gauge
6 82.9MB 105MB 22.0MB ext4 firmware
7 105MB 138MB 33.6MB ext4 ADF
8 138MB 577MB 438MB ext4 cache
9 577MB 1793MB 1216MB ext4 system
10 1793MB 15.8GB 14.0GB ext4 data
Instructions
Recover from a failed root attempt -
Follow this excellent guide by sevensvr who was kind enough to do what I was too busy at the time to do. Thanks, bro!
Thread
Progress Report:
Very bad news! Atom processors are actually running the x86 architecture (32bit for PC users.) Although I should have guessed this, the Intel support page did not indicate the arch and I ended up checking on Wikipedia. As soon as a saw that the processor was a x86, my hopes of a generic BOOT.IMG were dashed. Sure enough, after pulling off images of all the partitions of the device I found that the two flagged boot are neither a .tar file of any recognizable type, nor a partition type I'm familar with. After mounting the system directory I can't find anything useful. As far as I can tell the device doesn't have a standard issue bootloader/recovery setup but somehow has the two interlocked. Either that or the recovery is in the panic partition and I just can't identify it as such. The recovery-from-boot.p file still exists, so that's a little comfort.
As a side note, fastboot has a custom file format for use with the .img flash system and has kindly neglected to post any documentation that I can find on the format. Without that the raw imgs I have of partitions are essentially worthless.
Does this mean the project is going to fail? No, I just have to begin warming myself up to arguing with ASUS over releasing source, something I don't relish. If anyone has some familarity to dealing with manufacturers' over source, I'd love to talk to you!
Basically, after my updates, what I need to begin is a few good ideas of where to go next with these:
Root - Completed
Method to deduce the partitions' actual uses or names - Aborted for the present, focusing on getting ASUS source
A link or explanation of how exactly FASTBOOT installs images so that the system image file can flashed properly.
Device tree for the ME170C or ME170CX.
Expert guidance.
Downloads:
Windows Intel Drivers
linux fastboot binary for asus devices - Thanks to the person who first compiled this with ASUS compatibility!
raw system.img with SU (NOT fastboot compatible!)
Thankee very much, sorry for my ignorance on some things. Hey, everyone has to learn!
Update: Root found and partition progress has been made!
Thanks so much! Worked perfectly!! Glad i have root. Ill be following this thread. A custom rom would be nice:good:
Thanks
Thanks for all your work.
I'm posting to let you know I'm following the progress. My skills are too basics to be useful but know that your work is appreciated.
A beer on me.
Cheers
Thanks for the support, everyone! I'll keep pushing.
Updates: Architecture turns out to be x86, no conventional BOOT.IMG seems to be surfacing. Trying to get ahold of the ASUS support for the source tree.
m27frogy said:
Thanks for the support, everyone! I'll keep pushing.
Updates: Architecture turns out to be x86, no conventional BOOT.IMG seems to be surfacing. Trying to get ahold of the ASUS support for the source tree.
Click to expand...
Click to collapse
I wish i was more help all i can really do is offer support and test easy things lol
P.s. I also picked this up on thanksgiving day sale. At hhgregg
Thanks for starting the thread...
Already bricked one, but I have another. Tell me, would resetting after five seconds had elapsed (as opposed to exactly five seconds) after applying the root exploit corrupt this process?
Still willing to root the second one... for science.
Thanks!
Genius4Hire said:
Already bricked one, but I have another. Tell me, would resetting after five seconds had elapsed (as opposed to exactly five seconds) after applying the root exploit corrupt this process?
Still willing to root the second one... for science.
Thanks!
Click to expand...
Click to collapse
I'm about positive that the app tells you to wait 10 seconds not 5. For the bricked one I added a guide which should hopefully revive it.
Bricked memopad...
m27frogy said:
I'm about positive that the app tells you to wait 10 seconds not 5. For the bricked one I added a guide which should hopefully revive it.
Click to expand...
Click to collapse
That could be true! If that is the case I am probably closer, as I waited a few extra seconds. I got distracted for a few seconds and proceeded to reboot. Just let me know when/if I should try on the other device, I can't wait to root this thing.
My eventual goal is to run multiple various Linux live images from th SD card.
Thanks for the response.
Update: More bad news. My tablet's battery for no reason at all failed and won't recharge. There will be some delay on further progress while I RMA it. Sorry, guys! :crying:
m27frogy said:
Update: More bad news. My tablet's battery for no reason at all failed and won't recharge. There will be some delay on further progress while I RMA it. Sorry, guys! :crying:
Click to expand...
Click to collapse
Let us know how the rma process goes. Ive heared mixed reviews with asus
root asus memo pad7 me170cx
I bought it Christmas eve went to the asus website got the latest we update mental installed it had 4.4.2 . then went and got zenphone 1.4.6 from asus followed instructions received root 10 in.total. is I need can recovery any body gay ideas
m27frogy said:
Firstly, mods, please! Move me to a different forum if this thread is in the wrong place, I'm not used to posting on xda (usely searching is sufficient.)
Updates: Root found and partitions have been ironed out more thoroughly, although I still need help figuring out what partition is the recovery.
Root method is in the apk below, follow it's instructions very carefully, I will not be responsible if you brick your device! Thanks, RootZenfone!
Updates: Lots of new discoveries, some of which are great and others are rather depressing, check the bottom of the page for new downloads!
I just picked up a ME170CX at a local Meijers in the Thanksgiving sale. It has pretty decent hardware and the default UI is pretty nice, overall. However, the previous tablet I used (and still do) was the Acer Iconia A500, which has the good luck of a custom bootloader, a 4.4.4 OmniRom port as well as a bunch of other stuff, and an extremely recent CWM. Long story short, I'm spoiled on .bat scripts and a convenient APX flashing utility by NVidia.
Since I'm essentially blazing the trail, I'd really like a few ideas to get started. Again, my plan is to compile CWM, make a flashable root package, and to (eventually) put together a custom ROM. So far, this is the info I've collected to that end:
Running Android 4.4.2
build # KVT49L.WW_MeMO_Pad-11.2.3.21-20141111 release-keys
Kernel version: 3.10.20 [email protected] #1
Intel USB drivers confirmed to work for both ADB/fastboot.
Includes DROIDBOOT (ie: fastboot)
MMC partition layout
Partition Info
/proc/partitions
major minor #blocks name
179 0 15392768 mmcblk0
179 1 48128 mmcblk0p1
179 2 8192 mmcblk0p2
179 3 2048 mmcblk0p3
179 4 21504 mmcblk0p4
179 5 1024 mmcblk0p5
179 6 21504 mmcblk0p6
179 7 32768 mmcblk0p7
179 8 428032 mmcblk0p8
179 9 1187840 mmcblk0p9
259 0 13633519 mmcblk0p10
179 40 4096 mmcblk0rpmb
179 30 8192 mmcblk0gp0
179 20 4096 mmcblk0boot1
179 10 4096 mmcblk0boot0
179 50 3872256 mmcblk1
179 51 3870720 mmcblk1p1
"$ mount" results
rootfs / rootfs ro,relatime 0 0
tmpfs /dev tmpfs rw,seclabel,nosuid,relatime,mode=755 0 0
devpts /dev/pts devpts rw,seclabel,relatime,mode=600 0 0
proc /proc proc rw,relatime 0 0
sysfs /sys sysfs rw,seclabel,relatime 0 0
selinuxfs /sys/fs/selinux selinuxfs rw,relatime 0 0
none /acct cgroup rw,relatime,cpuacct 0 0
none /sys/fs/cgroup tmpfs rw,seclabel,relatime,mode=750,gid=1000 0 0
tmpfs /mnt/media_rw tmpfs rw,seclabel,relatime,mode=700,uid=1023,gid=1023 0 0
tmpfs /storage tmpfs rw,seclabel,relatime,mode=751,gid=1028 0 0
tmpfs /Removable tmpfs rw,seclabel,relatime,mode=751,gid=1028 0 0
tmpfs /mnt/secure tmpfs rw,seclabel,relatime,mode=700 0 0
tmpfs /mnt/asec tmpfs rw,seclabel,relatime,mode=755,gid=1000 0 0
tmpfs /mnt/obb tmpfs rw,seclabel,relatime,mode=755,gid=1000 0 0
none /dev/cpuctl cgroup rw,relatime,cpu 0 0
/dev/block/platform/intel/by-label/system /system ext4 ro,seclabel,noatime,data=
ordered 0 0
/dev/block/platform/intel/by-label/factory /factory ext4 ro,seclabel,noatime 0 0
/dev/block/platform/intel/by-label/cache /cache ext4 rw,seclabel,nosuid,nodev,no
atime,data=ordered 0 0
/dev/block/platform/intel/by-label/config /config ext4 rw,seclabel,nosuid,nodev,
noatime,data=ordered 0 0
/dev/block/platform/intel/by-label/firmware /firmware ext4 ro,seclabel,noatime,d
ata=ordered 0 0
/dev/block/platform/intel/by-label/data /data ext4 rw,seclabel,nosuid,nodev,noat
ime,noauto_da_alloc,data=ordered 0 0
/dev/block/platform/intel/by-label/gauge /gauge ext4 rw,seclabel,nosuid,nodev,no
atime 0 0
adb /dev/usb-ffs/adb functionfs rw,relatime 0 0
/dev/block/mmcblk0p7 /ADF ext4 rw,seclabel,nosuid,nodev,noatime,data=ordered 0 0
none /sys/kernel/debug debugfs rw,relatime,mode=755 0 0
none /pstore pstore rw,relatime 0 0
none /proc/sys/fs/binfmt_misc binfmt_misc rw,relatime 0 0
/dev/fuse /mnt/shell/emulated fuse rw,nosuid,nodev,relatime,user_id=1023,group_i
d=1023,default_permissions,allow_other 0 0
/dev/block/vold/179:51 /mnt/media_rw/MicroSD vfat rw,dirsync,nosuid,nodev,noexec
,relatime,uid=1023,gid=1023,fmask=0002,dmask=0002,allow_utime=0020,codepage=437,
iocharset=iso8859-1,shortname=mixed,utf8,errors=remount-ro 0 0
/dev/block/vold/179:51 /mnt/secure/asec vfat rw,dirsync,nosuid,nodev,noexec,rela
time,uid=1023,gid=1023,fmask=0002,dmask=0002,allow_utime=0020,codepage=437,iocha
rset=iso8859-1,shortname=mixed,utf8,errors=remount-ro 0 0
/dev/fuse /storage/MicroSD fuse rw,nosuid,nodev,relatime,user_id=1023,group_id=1
023,default_permissions,allow_other 0 0
/dev/block/platform/intel/by-label contents
lrwxrwxrwx root root 2014-11-28 17:29 ADF -> /dev/block/mmcblk0p7
lrwxrwxrwx root root 2014-11-28 17:29 cache -> /dev/block/mmcblk0p8
lrwxrwxrwx root root 2014-11-28 17:29 config -> /dev/block/mmcblk0p4
lrwxrwxrwx root root 2014-11-28 17:29 data -> /dev/block/mmcblk0p10
lrwxrwxrwx root root 2014-11-28 17:29 factory -> /dev/block/mmcblk0p3
lrwxrwxrwx root root 2014-11-28 17:29 firmware -> /dev/block/mmcblk0p6
lrwxrwxrwx root root 2014-11-28 17:29 gauge -> /dev/block/mmcblk0p5
lrwxrwxrwx root root 2014-11-28 17:29 panic -> /dev/block/mmcblk0p2
lrwxrwxrwx root root 2014-11-28 17:29 reserved -> /dev/block/mmcblk0p1
lrwxrwxrwx root root 2014-11-28 17:29 system -> /dev/block/mmcblk0p9
/dev/block/platform/intel/by-guid contents
lrwxrwxrwx root root 2014-11-28 17:29 80868086-8086-8086-8086-000000000000 -> /dev/block/mmcblk0p1
lrwxrwxrwx root root 2014-11-28 17:29 80868086-8086-8086-8086-000000000001 -> /dev/block/mmcblk0p2
lrwxrwxrwx root root 2014-11-28 17:29 80868086-8086-8086-8086-000000000002 -> /dev/block/mmcblk0p3
lrwxrwxrwx root root 2014-11-28 17:29 80868086-8086-8086-8086-000000000003 -> /dev/block/mmcblk0p4
lrwxrwxrwx root root 2014-11-28 17:29 80868086-8086-8086-8086-000000000004 -> /dev/block/mmcblk0p5
lrwxrwxrwx root root 2014-11-28 17:29 80868086-8086-8086-8086-000000000005 -> /dev/block/mmcblk0p6
lrwxrwxrwx root root 2014-11-28 17:29 80868086-8086-8086-8086-000000000006 -> /dev/block/mmcblk0p7
lrwxrwxrwx root root 2014-11-28 17:29 80868086-8086-8086-8086-000000000007 -> /dev/block/mmcblk0p8
lrwxrwxrwx root root 2014-11-28 17:29 80868086-8086-8086-8086-000000000008 -> /dev/block/mmcblk0p9
lrwxrwxrwx root root 2014-11-28 17:29 80868086-8086-8086-8086-000000000009 -> /dev/block/mmcblk0p10
Parted info for partitions
Model: MMC 016GE2 (sd/mmc)
Disk /dev/block/mmcblk0: 15.8GB
Sector size (logical/physical): 512B/512B
Partition Table: gpt
Number Start End Size File system Name Flags
1 17.4kB 49.3MB 49.3MB reserved boot
2 49.3MB 57.7MB 8389kB panic boot
3 57.7MB 59.8MB 2097kB ext2 factory
4 59.8MB 81.8MB 22.0MB ext4 config
5 81.8MB 82.9MB 1049kB ext2 gauge
6 82.9MB 105MB 22.0MB ext4 firmware
7 105MB 138MB 33.6MB ext4 ADF
8 138MB 577MB 438MB ext4 cache
9 577MB 1793MB 1216MB ext4 system
10 1793MB 15.8GB 14.0GB ext4 data
Instructions
Recover from a failed root attempt -
First, you're going to need to install the Intel drivers at the bottom of the page.
Next, follow the instructions to setup fastboot in this guide. (Make sure you setup your PATH right)
Next, you're going to need a copy of the system partition, which you can find at the bottom of the page.
Once you have the system.img downloaded, turn on your tablet while holding both volume buttons down and the power key. Release the power key after three seconds and wait for it to boot.
Once you're in recovery mode plug the tablet into your computer with the handy MicroUSB cable.
Open up a command prompt and navigate to the directory you downloaded the file to. (Google for some guides on the command line)
Run the command fastboot devices. Three things could happen: 1. "fastboot is not a recognized command", you didn't install fastboot properly. 2. Nothing happens in which case the Intel drivers aren't working or your device isn't connected properly. 3. A bunch of random numbers, a space, and then a smaller name.
If the previous command worked out to #3, run fastboot flash system system.img. If it appears to be doing something, let it sit and don't disturb it. If it just says something about system.img not existing, you didn't go to the right directory.
If the command prompt comes back and tells you it worked then unplug your tablet. (If it didn't work, send me a PM with info.)
Next, use the volume keys to highlight "Wipe Your Device" and use the power key to select it. Select Yes and wait. Then shut off your tablet and reboot.
Hopefully, everything worked and you have a working tablet!:fingers-crossed:
Progress Report:
Very bad news! Atom processors are actually running the x86 architecture (32bit for PC users.) Although I should have guessed this, the Intel support page did not indicate the arch and I ended up checking on Wikipedia. As soon as a saw that the processor was a x86, my hopes of a generic BOOT.IMG were dashed. Sure enough, after pulling off images of all the partitions of the device I found that the two flagged boot are neither a .tar file of any recognizable type, nor a partition type I'm familar with. After mounting the system directory I can't find anything useful. As far as I can tell the device doesn't have a standard issue bootloader/recovery setup but somehow has the two interlocked. Either that or the recovery is in the panic partition and I just can't identify it as such. The recovery-from-boot.p file still exists, so that's a little comfort.
Does this mean the project is going to fail? No, I just have to begin warming myself up to arguing with ASUS over releasing source, something I don't relish. If anyone has some familarity to dealing with manufacturers' over source, I'd love to talk to you!
Basically, after my updates, what I need to begin is a few good ideas of where to go next with these:
Root - Completed
Method to deduce the partitions' actual uses or names - Aborted for the present, focusing on getting ASUS source
A way to get an image of the device that I could flash from fastboot if something were to go wrong - Should work, can't think why it wouldn't
Device tree for the ME170C or ME170CX.
Expert guidance.
Downloads:
Windows Intel Drivers
linux fastboot binary for asus devices - Thanks to the person who first compiled this with ASUS compatibility!
system.img with SU
Thankee very much, sorry for my ignorance on some things. Hey, everyone has to learn!
Click to expand...
Click to collapse
Don't know the if there is any differences between the ME170C and ME170CX.
the ME170C src, and the firmware are available at Asus support site.
pda12 said:
Don't know the if there is any differences between the ME170C and ME170CX.
the ME170C src, and the firmware are available at Asus support site.
Click to expand...
Click to collapse
only difference i can see is the amount of memory they have. Every thing else is the same looking at the specs.
it seems that we *might* have been given a way to unlock the bootloader?
So I was looking into the Asus firmware/rom update
what in the ifwi.zip (in the update package) appear most interesting
it seems that we *might* have been given a way to unlock the bootloader
Code:
fastboot flash dnx dnx_fwr_*
in the similar way as with the Dell Venue, especially that of the ZenFone
pda12 said:
So I was looking into the Asus firmware/rom update
what in the ifwi.zip (in the update package) appear most interesting
it seems that we *might* have been given a way to unlock the bootloader
Code:
fastboot flash dnx dnx_fwr_*
in the similar way as with the Dell Venue, especially that of the ZenFone
Click to expand...
Click to collapse
That's good news! That would be awesome to see lollipop and custom kernels on this thing. Just gotta get together with some smarter people than I
well this is my new project, downloading the kernel source and newest firmware now.... still no cwm or twrp / no way to flash it if we did right?
daavvis said:
well this is my new project, downloading the kernel source and newest firmware now.... still no cwm or twrp / no way to flash it if we did right?
Click to expand...
Click to collapse
As far as I know you are correct. No way to flash. Only root as far as I know. Far from a dev but glad to hear its being worked on, thank you!
Sent from my Nexus 6
Just to clarify, this is the way things are panning out:
1. It's unknown exactly how the ME170CX boots into flashboot. It could either be bundled with the boot.img or somehow a part of the panic partition.
2. I was unaware that .img files required a specific format in fastboot (I just assumed that when a "*nix" system makes an .img file it's an .img file not a .customformattedpartitionwithanunneccessarydescriptorimg) It'll be a while as I try to figure out how to take the raw image of the system partition and turn it into something that fastboot will accept.
3. Projects in RL are making it rather difficult to keep up with things so updates won't come quickly.
4. If someone is able to make a breakthrough with the boot system or with the fastboot img, I will be glad to add their post to the OP.
Thanks, hang in there guys! We'll get there eventually. :crying:
A hopeful bump. :thumbup:
Sent from my Nexus 6
Good news. Root is on the way. I have found an exploit (namely the dirty cow exploit to gain root access), only problem is my root lasts for 1 command and I am trying to work out a way to transfer over the su binary itself. I will update this post once I have more info.
ALSO, AND THIS IS IMPORTANT. IF YOU WANT ROOT, DO NOT UPDATE TO ZV6 WHEN IT DROPS. ZV6 WILL LIKELY PATCH THIS EXPLOIT.
Reserved
Following!
Noticed on another forum, ZV6 has appeared.
I cannot remember if you are given a choice whether to install these or not...turned off wifi/data just in case, lol.
It will download the update, but it won't install without your permission. As an update on root. I have a root shell, but I cannot do anything thanks to SELinux. I need to find an exploit to get around SELinux.
Code:
λ adb -d shell
[email protected]:/ $ run-as exec whoami
Warning: setcon transition to 'u:r:init:s0' failed (is SELinux Enforcing?)
root
[email protected]:/ $ run-as exec dd if=/dev/block/bootdevice/by-name/boot of=/sdcard/boot.img
Warning: setcon transition to 'u:r:init:s0' failed (is SELinux Enforcing?)
dd: /dev/block/bootdevice/by-name/boot: Permission denied
I knew about ZV6 because I saw the kernel sourrces when I went to download the ZV5 source
if this helps........
EagerestWolf said:
Reserved
Click to expand...
Click to collapse
https://mega.nz/#!6BMlmIZB!CBKqxLvGl3c2EfYXj6_hIbdUKxPtbfWzgoglQb0d5aA
thats the ZV5 update for the LGLS775ABB that popped up on my LGLS775ABB ZVZ4!
454.4mb.zip, unzips to 1.02gb..............
If you can get any way to recovery from a predicament out of it, please share!
zach
---------- Post added at 11:16 PM ---------- Previous post was at 11:10 PM ----------
EagerestWolf said:
It will download the update, but it won't install without your permission. As an update on root. I have a root shell, but I cannot do anything thanks to SELinux. I need to find an exploit to get around SELinux.
Code:
λ adb -d shell
[email protected]:/ $ run-as exec whoami
Warning: setcon transition to 'u:r:init:s0' failed (is SELinux Enforcing?)
root
[email protected]:/ $ run-as exec dd if=/dev/block/bootdevice/by-name/boot of=/sdcard/boot.img
Warning: setcon transition to 'u:r:init:s0' failed (is SELinux Enforcing?)
dd: /dev/block/bootdevice/by-name/boot: Permission denied
Click to expand...
Click to collapse
Definitely no dev here, but using a selenix mode changer app, in 5.1.1, linking su binaries from su/bin to system/xbin allowed it to set selenix to permissice on the Samsung Galaxy J3 (2016) SM-J320P until we got a permissive kernel. That phone has one messed up os hyrbid odex & deodex mix..............
zach...........
---------- Post added at 11:21 PM ---------- Previous post was at 11:16 PM ----------
EagerestWolf said:
I knew about ZV6 because I saw the kernel sourrces when I went to download the ZV5 source
Click to expand...
Click to collapse
If your kdz's available you can't be talking about the BOOST Mobile Stylo 2........... only one LG's not coughing up software for........ oh well, damn, thought I had found something going somewhere for this device..............
Yes that link above is for BOOST LG Stylo 2! The update was waiting right out of the box, it was already on ZV4 so factory reset hooked it up immediately and run a log cat until it acquired the update again. Then spent about 20 minutes going through all the https links until finding the one the update was coming from and downloaded to the Windows machine.
zach
If you go to LG's Open Source Website. They have all the kernel sources there. ZV6 is listed so it's coming. As for your update package, I looked and I wasn't sure if I saw a recovery image, but I did see a LAF image, which is also helpful.
As for bypassing SELinux, I have a few leads on that one. Once we have root, we will have recovery and ROM's, but we need root first to fix fastboot.
I am actually going to try injecting a modified kernel into your update an flashing it. Since this is an official FOTA. It may work.
!!!!!!!
EagerestWolf said:
I am actually going to try injecting a modified kernel into your update an flashing it. Since this is an official FOTA. It may work.
Click to expand...
Click to collapse
Coolbeans!!! Its signed, can't remember the name but do remember seeing the signature verification. I used winrar so nothing should be messed up with it as well.
Any help, anything, just let me know! I cannot understand why another excellent phone for this price is drifting str8 past any development. Went to Asus after I first got into modding and my HTC burnt..... left them due to their never unlocking bootloaders, etc.... Samsung next, the J3, one messed up piece of os there but we modded the hell out of it, now LG............ every variant of this device has the kdz available if I'm not mistaken. If temp root had to be forced onto this phone, to dd it it would just about be worth the $119 it cost me!
zach
TWRP
EagerestWolf said:
I am actually going to try injecting a modified kernel into your update an flashing it. Since this is an official FOTA. It may work.
Click to expand...
Click to collapse
terminal:
cat /proc/cmdline
trying to get kernel cmd line
& arguments
also stock boot.img
but keep getting perm denied
Can you get any of this so TWRP can be ported?
The person who did TWRP for the Stylo 2 + says he can port TWRP for Stylo 2 LGLS775ABB (my device) if whats listed above can be provided.
Any ideas?
That won't work, we need root, and before we can do anything related to TWRP, we need fastboot, so this is all in vain.
Sent from my LGLS775 using Tapatalk
coolbeans2016 said:
terminal:
cat /proc/cmdline
trying to get kernel cmd line
& arguments
also stock boot.img
but keep getting perm denied
Can you get any of this so TWRP can be ported?
The person who did TWRP for the Stylo 2 + says he can port TWRP for Stylo 2 LGLS775ABB (my device) if whats listed above can be provided.
Any ideas?
Click to expand...
Click to collapse
I can provide a stock boot.img I have for LS775 ZV5 build, but cat /proc/cmline is useless right now. I do get some output with cat /proc/partitions and cat /proc/mounts
Code:
major minor #blocks name
253 0 485204 zram0
179 0 15388672 mmcblk0
179 1 512 mmcblk0p1
179 2 512 mmcblk0p2
179 3 512 mmcblk0p3
179 4 512 mmcblk0p4
179 5 2048 mmcblk0p5
179 6 1536 mmcblk0p6
179 7 512 mmcblk0p7
179 8 512 mmcblk0p8
179 9 512 mmcblk0p9
179 10 512 mmcblk0p10
179 11 2048 mmcblk0p11
179 12 16384 mmcblk0p12
179 13 16384 mmcblk0p13
179 14 512 mmcblk0p14
179 15 1536 mmcblk0p15
179 16 1536 mmcblk0p16
179 17 24576 mmcblk0p17
179 18 24576 mmcblk0p18
179 19 24576 mmcblk0p19
179 20 24576 mmcblk0p20
179 21 1536 mmcblk0p21
179 22 512 mmcblk0p22
179 23 512 mmcblk0p23
179 24 512 mmcblk0p24
179 25 512 mmcblk0p25
179 26 512 mmcblk0p26
179 27 512 mmcblk0p27
179 28 512 mmcblk0p28
179 29 8192 mmcblk0p29
179 30 32768 mmcblk0p30
179 31 10240 mmcblk0p31
259 0 8192 mmcblk0p32
259 1 8192 mmcblk0p33
259 2 65536 mmcblk0p34
259 3 1024 mmcblk0p35
259 4 2560 mmcblk0p36
259 5 2048 mmcblk0p37
259 6 6144 mmcblk0p38
259 7 40960 mmcblk0p39
259 8 3207168 mmcblk0p40
259 9 921600 mmcblk0p41
259 10 10915840 mmcblk0p42
259 11 8175 mmcblk0p43
179 32 4096 mmcblk0rpmb
Code:
rootfs / rootfs ro,seclabel,relatime 0 0
tmpfs /dev tmpfs rw,seclabel,nosuid,relatime,mode=755 0 0
devpts /dev/pts devpts rw,seclabel,relatime,mode=600 0 0
proc /proc proc rw,relatime 0 0
sysfs /sys sysfs rw,seclabel,relatime 0 0
selinuxfs /sys/fs/selinux selinuxfs rw,relatime 0 0
debugfs /sys/kernel/debug debugfs rw,relatime 0 0
none /acct cgroup rw,relatime,cpuacct 0 0
none /sys/fs/cgroup tmpfs rw,seclabel,relatime,mode=750,gid=1000 0 0
tmpfs /mnt tmpfs rw,seclabel,relatime,mode=755,gid=1000 0 0
none /dev/cpuctl cgroup rw,relatime,cpu 0 0
pstore /sys/fs/pstore pstore rw,relatime 0 0
/dev/pstore /dev/pstore pstore rw,relatime 0 0
adb /dev/usb-ffs/adb functionfs rw,relatime 0 0
/dev/block/bootdevice/by-name/system /system ext4 ro,seclabel,noatime,data=ordered 0 0
/dev/block/bootdevice/by-name/cache /cache ext4 rw,seclabel,nosuid,nodev,noatime,noauto_da_alloc,errors=continue,data=ordered 0 0
/dev/block/bootdevice/by-name/userdata /data ext4 rw,seclabel,nosuid,nodev,noatime,noauto_da_alloc,resuid=1000,errors=continue,data=ordered 0 0
/dev/block/bootdevice/by-name/persist /persist ext4 rw,seclabel,nosuid,nodev,noatime,noauto_da_alloc,errors=continue,data=ordered 0 0
/dev/block/bootdevice/by-name/modem /firmware vfat ro,context=u:object_r:firmware_file:s0,relatime,uid=1000,gid=1000,fmask=0337,dmask=0227,codepage=437,iocharset=iso8859-1,shortname=lower,errors=remount-ro 0 0
/dev/block/bootdevice/by-name/sns /sns ext4 rw,seclabel,nosuid,nodev,noatime,noauto_da_alloc,errors=continue,data=ordered 0 0
/dev/block/bootdevice/by-name/drm /persist-lg ext4 rw,seclabel,nosuid,nodev,noatime,noauto_da_alloc,errors=continue,data=ordered 0 0
/dev/block/bootdevice/by-name/mpt /mpt ext4 rw,seclabel,nosuid,nodev,noatime,noauto_da_alloc,errors=continue,data=ordered 0 0
/dev/block/bootdevice/by-name/carrier /carrier ext4 rw,seclabel,nodev,relatime,noauto_da_alloc,data=ordered 0 0
tmpfs /storage tmpfs rw,seclabel,relatime,mode=755,gid=1000 0 0
/dev/fuse /mnt/runtime/default/emulated fuse rw,nosuid,nodev,noexec,noatime,user_id=1023,group_id=1023,default_permissions,allow_other 0 0
/dev/fuse /storage/emulated fuse rw,nosuid,nodev,noexec,noatime,user_id=1023,group_id=1023,default_permissions,allow_other 0 0
/dev/fuse /mnt/runtime/read/emulated fuse rw,nosuid,nodev,noexec,noatime,user_id=1023,group_id=1023,default_permissions,allow_other 0 0
/dev/fuse /mnt/runtime/write/emulated fuse rw,nosuid,nodev,noexec,noatime,user_id=1023,group_id=1023,default_permissions,allow_other 0 0
EagerestWolf said:
That won't work, we need root, and before we can do anything related to TWRP, we need fastboot, so this is all in vain.
Sent from my LGLS775 using Tapatalk
Click to expand...
Click to collapse
Have you been able to achieve some progress? If you need to try I have some time and one of these phone to try. I really need root on this version.
coolbeans2016 said:
terminal:
cat /proc/cmdline
trying to get kernel cmd line
& arguments
also stock boot.img
but keep getting perm denied
Can you get any of this so TWRP can be ported?
The person who did TWRP for the Stylo 2 + says he can port TWRP for Stylo 2 LGLS775ABB (my device) if whats listed above can be provided.
Any ideas?
Click to expand...
Click to collapse
You can get your cmdline from unpacked boot
Sent from my SM-J320P using Tapatalk
coolbeans2016 said:
terminal:
cat /proc/cmdline
trying to get kernel cmd line
& arguments
also stock boot.img
but keep getting perm denied
Can you get any of this so TWRP can be ported?
The person who did TWRP for the Stylo 2 + says he can port TWRP for Stylo 2 LGLS775ABB (my device) if whats listed above can be provided.
Any ideas?
Click to expand...
Click to collapse
rick.wardenburg said:
You can get your cmdline from unpacked boot
Sent from my SM-J320P using Tapatalk
Click to expand...
Click to collapse
This is cmdline from unpacked boot image.
Code:
cmdline = console=ttyHSL0,115200,n8 androidboot.console=ttyHSL0 androidboot.hardware=ph1 user_debug=31 msm_rtb.filter=0x3F ehci-hcd.park=3 androidboot.bootdevice=7824900.sdhci lpm_levels.sleep_disabled=1 vmalloc=600m
Any progress on this or is it a another dead end for us?
Sent from my LGLS775 using Tapatalk
can someone pm me when you do obtain root permanently
....will keep checking...also i can make a stock dimp of my zv4 if ne one needs it since lg likes to keep everything tight....does anyone know how to enter download mode??
Doctur said:
can someone pm me when you do obtain root permanently
....will keep checking...also i can make a stock dimp of my zv4 if ne one needs it since lg likes to keep everything tight....does anyone know how to enter download mode??
Click to expand...
Click to collapse
And if someone tells you, please tell me. : )
I was going to root my friends Android, however after further discovery --- thus far--- it looks like this device has not been rooted yet.
Is anyone able to create a partion.xml for use with tool studio eMMC download tool. Im trying to figure it out myself and having a little trouble but I believe it should allow us to flash the v3 firmware.