Better Mobile App

TWRP 2.7 fails on /data backup

I just flashed TWRP v2.7 on my One. Tried making a backup but it keeps failing while backing up the data partition. It doesn't give any sort of error code or indication why. It just stops and says "Backup Failed". I flashed back to v2.6.3.4 and the backup completes fine. I noticed that w/ v2.6.3.4 it breaks up each partition into multiple files. It doesn't appear that v2.7 does that. Not sure if that would matter. Also, I'm still running stock 4.3. Does v2.7 only work with KitKat ROMs? I know v2.7 just released & there could be some bugs, but wondered if anyone else is experiencing this. Here's my getvar all just in case.
fastboot getvar all
(bootloader) version: 0.5
(bootloader) version-bootloader: 1.55.0000
(bootloader) version-baseband: 4T.20.3218.13
(bootloader) version-cpld: None
(bootloader) version-microp: None
(bootloader) version-main: 3.17.502.3
(bootloader) version-misc: PVT SHIP S-OFF
(bootloader) serialno:
(bootloader) imei:
(bootloader) meid: 00000000000000
(bootloader) product: m7_ul
(bootloader) platform: HBOOT-8064
(bootloader) modelid: PN0712000
(bootloader) cidnum: CWS__001
(bootloader) battery-status: good
(bootloader) battery-voltage: 4211mV
(bootloader) partition-layout: Generic
(bootloader) security: off
(bootloader) build-mode: SHIP
(bootloader) boot-mode: FASTBOOT
(bootloader) commitno-bootloader: dirty-a85199f7
(bootloader) hbootpreupdate: 11
(bootloader) gencheckpt: 0

2.7.0.0 does split the archives, so it's not that.

cschmitt said:
2.7.0.0 does split the archives, so it's not that.
Click to expand...
Click to collapse
Okay. I guess it just didn't explicitly say it's doing so like v2.6.3.4 does. Didn't actually look at the /system backup that did complete in v2.7.

sharksfan7 said:
Okay. I guess it just didn't explicitly say it's doing so like v2.6.3.4 does. Didn't actually look at the /system backup that did complete in v2.7.
Click to expand...
Click to collapse
Grab the log from /cache/recovery/last_log, should tell why it's failing.

Thanks. I've already went back to 2.6.3.4 and ran a backup. I'll have to reflash 2.7 and try again. I'll try to do that later tonight.

So I reflashed TWRP 2.7 and tried to create a backup. Once again it failed. I grabbed the last_log and took a look at it. But it have no idea what the errors mean. Here are the last few lines of the log. Anyone care to shed some light on what this means?
Splitting thread ID 0 into archive 2
E:tar_open error opening ''
E:Error creating tar '' for thread 0
I:ERROR tarList for thread ID 0
E:Error creating backup.
I:createTarFork() process ended with ERROR=255
I:Set page: 'action_complete'
I:Set page: 'rebootcheck'
I:Root permissions appear to be lost... fixing. (This will always happen on 4.3+ ROMs with SELinux.
I:Copying file /cache/recovery/log to /cache/recovery/last_log
Rebooting...
I went back to the Techerrata page and realized that v2.7 is available for the m7 but not m7_ul. I assume that there is a distinct difference between these versions if they need to be listed separately. My AT&T device is a m7_ul, so I guess the reason the backup fails has something to do with that. But from the TeamWin page, if you search for HTC One, it doesn't list the m7_ul variant at all. I only found the image for the m7_ul by browsing the list of all the devices that TWRP is available for. And the only version listed under m7_ul is 2.6.3.4.
Then again, this is just speculation on my part. I really don't know all the technical aspects of how all this works. I just follow the instructions on how to use it. If anyone who knows for sure why backups would be failing in v2.7, I would love to hear an explanation.

I just ran a nandroid backup with twrp 2.7.0.0 and worked fine

I'm kinda in the same boat as the OP. If anyone can help us out that would be awesome!

Me too...hope someone has a working solution. Thanks!
Sent from my HTC One using xda app-developers app

wildboyz322 said:
I'm kinda in the same boat as the OP. If anyone can help us out that would be awesome!
Click to expand...
Click to collapse
z3atl said:
Me too...hope someone has a working solution. Thanks!
Sent from my HTC One using xda app-developers app
Click to expand...
Click to collapse
The working solution is stay with TWRP 2.6.3.3 or 2.6.3.4

I'm in a similar boat. I'm getting the same error:
Splitting thread ID 0 into archive 2
E:tar_open error opening ''
E:Error creating tar '' for thread 0
I:ERROR tarList for thread ID 0
E:Error creating backup.
I:createTarFork() process ended with ERROR=255
I:Set page: 'action_complete'
I:Set page: 'rebootcheck'
I:Root permissions appear to be lost... fixing. (This will always happen on 4.3+ ROMs with SELinux.
I:Copying file /cache/recovery/log to /cache/recovery/last_log
Rebooting...
However, I'm using a Samsung Galaxy S3 TMO..... and I successfully used TWRP 2.7 / Nandroid to backup my system before.... but now it just gives me this error. Currently trying to backup a rooted stock rom that I used ODIN to put on the device.
EDIT: SOLUTION! I just checked Enable Compression and it seems to be working.....FYI.

EDIT: SOLUTION! I just checked Enable Compression and it seems to be working.....FYI.
Click to expand...
Click to collapse
Fixed it for me too - thanks for that! :good:

I've got a problem with TWRP failing on a backup with E:createTarFork() process ended with ERROR=255.
The is part of the log
* MD5 Created.
Backing up System...
E:Error opening '/system/app/AntHalService/oat' -- error: Not a directory
E:Error in Generate_TarList!
I:InfoManager saving '/external_sd/TWRP/BACKUPS/FA54CYJ11099/2016-01-29--23-52-55_MRA58K_release-keys/system.info'
E:createTarFork() process ended with ERROR=255
Backup Failed.
Cleaning Backup Folder

blocka said:
I've got a problem with TWRP failing on a backup with E:createTarFork() process ended with ERROR=255.
The is part of the log
* MD5 Created.
Backing up System...
E:Error opening '/system/app/AntHalService/oat' -- error: Not a directory
E:Error in Generate_TarList!
I:InfoManager saving '/external_sd/TWRP/BACKUPS/FA54CYJ11099/2016-01-29--23-52-55_MRA58K_release-keys/system.info'
E:createTarFork() process ended with ERROR=255
Backup Failed.
Cleaning Backup Folder
Click to expand...
Click to collapse
I had the same problem. I think the only solution is full wipe

Ryder. said:
I had the same problem. I think the only solution is full wipe
Click to expand...
Click to collapse
Thanks, yeah I thought that might be the case.
Can you tell me why is it that when we do a TWRP restore that system needs to be read only? Because I think I may have forgotten to select this option after I did a restore and that's screwed some stuff up.

blocka said:
Thanks, yeah I thought that might be the case.
Can you tell me why is it that when we do a TWRP restore that system needs to be read only? Because I think I may have forgotten to select this option after I did a restore and that's screwed some stuff up.
Click to expand...
Click to collapse
Go to "mount" in twrp and uncheck mount system partition read-only option. Then it should restore your backup successfully

Can't unlock Verizon Incredible 4G phone, was previously unlocked

I am trying to unlock my HTC Incredible 4G on Verizon to load a new ROM onto it. All of my attempts have failed up to this point, by using the WinDroid v2.3 automated tool. I get the following output during the process:
Code:
Task:
1) WINDROID USERS CHOOSE THIS OPTION!
2) Set CID to SuperCID (11111111) - Requires Root
3) Revert CID to original state (VZW__001) - Requires Root
4) Re-lock the bootloader
5) Install recovery
6) Put phone into temp-root mode
10) Exit
Choose a task: 1
========================
= Step 1: Temp-Root =
========================
* daemon not running. starting it now on port 5037 *
* daemon started successfully *
List of devices attached
FA************ device
Under "List of devices attached" above, you should see your device
listed (looks like HTXXXXXXXXXX).
Do you see your device (Y/N)? y
Now unlock your device and confirm the restore operation.
By the time you are done reading this sentence, it should be safe to
accept the restore prompt on your device. You should not have a backup
password set on your phone, so leave both password fields empty.
If this process is successful, the script will continue. If not, this
shell will run forever and you must exit by closing this window.
When you see this message, the restore is complete. Your phone will
now reboot to what looks like an unusable state (be patient!). A
status bar will show across the top, but there will be no ring unlock.
This is good! Wait for the script to begin step 2: SuperCID.
========================
= Step 2: SuperCID =
========================
Your phone's CID is being modified to SuperCID. Once complete, your
phone will reboot to the bootloader.
2+0 records in
2+0 records out
1024 bytes transferred in 0.025 secs (40960 bytes/sec)
142 KB/s (1024 bytes in 0.007s)
31 KB/s (1024 bytes in 0.032s)
2+0 records in
2+0 records out
1024 bytes transferred in 0.035 secs (29257 bytes/sec)
< waiting for device >
...
(bootloader) cid: VZW__001
OKAY [ 0.011s]
finished. total time: 0.012s
Just above, you should see (bootloader) cid: 11111111
1) Yes, my cid is 11111111. Keep going.
2) No, my cid is VZW__001. Factory reset and try again.
3) No, my cid is VZW__001. Exit the script.
There are two things I notice here:
1) My phone is not identified as "HTxxxxxxxxxx" but rather "FA**********".
2) It appears to work, with the reading and writing of the files, but then it doesn't work.
One thing that I noticed was that when I go into the bootloader when this does not work, I get the first attachment.
When I go to the "Recovery" option, then I get the second attachment.
It appears that I originally put a ROM or S-off'd and unlocked my phone, but somehow lost the unlock and can't figure out how to fix it.
Any help in figure it out would be appreciated.

Do you know which OTA is currently on the phone? The unlock method depends greatly on which one is installed. Assuming you're on the latest, try this method: http://forum.xda-developers.com/showthread.php?t=2664460 The script looks slightly different than what you've posted above.

junkmail9 said:
Do you know which OTA is currently on the phone? The unlock method depends greatly on which one is installed. Assuming you're on the latest, try this method: http://forum.xda-developers.com/showthread.php?t=2664460 The script looks slightly different than what you've posted above.
Click to expand...
Click to collapse
Thanks for the input.
My device is at the most current OTA: 2.19.605.2 710RD
Android: 4.0.4
Kernel:
3.0.8-01625-g9d06ef9
[email protected] #1
SMP PREEMPT
I tried the link that you pointed to with no success. I got the following error messages:
Code:
/sdcard/cid: cannot open for write: Read-only file system
remote object '/sdcard/cid' does not exist
The system cannot find the file specified.
cannot stat 'cid': No such file or directory
/sdcard/cid: cannot open for read: No such file or directory
rm failed for /sdcard/cid, No such file or directory
Could Not Find C:\Users\Keith\Downloads\cid
I've tried just the straight-forward process of a number of different scripts. I think there is something specific that I am missing.

keithsmessina said:
Thanks for the input.
My device is at the most current OTA: 2.19.605.2 710RD
Android: 4.0.4
Kernel:
3.0.8-01625-g9d06ef9
[email protected] #1
SMP PREEMPT
I tried the link that you pointed to with no success. I got the following error messages:
Code:
/sdcard/cid: cannot open for write: Read-only file system
remote object '/sdcard/cid' does not exist
The system cannot find the file specified.
cannot stat 'cid': No such file or directory
/sdcard/cid: cannot open for read: No such file or directory
rm failed for /sdcard/cid, No such file or directory
Could Not Find C:\Users\Keith\Downloads\cid
I've tried just the straight-forward process of a number of different scripts. I think there is something specific that I am missing.
Click to expand...
Click to collapse
Sorry for the delay in response. Looking again at your screenshot in the OP, you are indeed missing the CID. It should appear between "FIREBALL" and "HBOOT":
I have not dealt directly with that one before, but I would imaging that during temproot, you'll need to recreate the directory. I vaguely recall in a post in this forum on how to manually push a different CID via memory chunk. That might be the best approach to rebuild that area so that you can get going again.

Two questions for the general community:
1. Does anyone know if flashing the RUU will restore the CID?
@keithsmessina - It probably wouldn't hurt to try this anyway. I am guessing it will fail due to lack of CID.
2. Will sending the following command work while phone is in bootloader if the phone is not s-off and the \sdcard\CID directory is missing? What, if any other damage could occur if the \sdcard\CID directory is missing?
Code:
fastboot oem writecid VZW__001

junkmail9 said:
Two questions for the general community:
1. Does anyone know if flashing the RUU will restore the CID?
@keithsmessina - It probably wouldn't hurt to try this anyway. I am guessing it will fail due to lack of CID.
2. Will sending the following command work while phone is in bootloader if the phone is not s-off and the \sdcard\CID directory is missing? What, if any other damage could occur if the \sdcard\CID directory is missing?
Code:
fastboot oem writecid VZW__001
Click to expand...
Click to collapse
Thank you for the suggestions.
1. I tried this, but got the message: "Main version is older." I think I can only do that if my version is lower than the current RUU.
2. I tried the fastboot write, but I got:
Code:
(bootloader) fighter_init_sd, SD card already power on
(bootloader) sdhw_7xxx_open: id=0
(bootloader) sdcc_init_memory_device done
(bootloader) SD clock freq = 19MHz....
(bootloader) [FAT_ERROR] fat_open_file: can not find SMART_IO.CRD
(bootloader) [JAVACARD_ERR] SMART_IO.CRD cann't find
OKAY [ 0.172s]
finished. total time: 0.174s
When I tried: adb devices with the phone at "fastboot USB", I didn't see anything, so I think it failed for that reason. I tried killing adb, removing and reinserting the USB, adn then running adb devices, but still comes up empty.
I'm really at a loss, but appreciate the help from you guys.

I managed to figure out the read-inly access. HTC Sync Manager started each time and grabbed the SD card before the script could do anything. I renamed the HTC Sync Manager to stop it from running. Then I re-ran the script and got:
Code:
2+0 records in
2+0 records out
1024 bytes transferred in 0.002 secs (512000 bytes/sec)
333 KB/s (1024 bytes in 0.003s)
71 KB/s (1024 bytes in 0.014s)
2+0 records in
2+0 records out
1024 bytes transferred in 0.002 secs (512000 bytes/sec)
< waiting for device >
...
(bootloader) cid: VZW__001
OKAY [ 0.010s]
finished. total time: 0.012s
So, I am still not getting the right CID, but progress nonetheless.

Try uninstalling all HTC software rather than renaming it. Also I believe
http://forum.xda-developers.com/showthread.php?t=2664460 does not require the super cid.
From my Chroma Flo

wmuflyer said:
Try uninstalling all HTC software rather than renaming it. Also I believe
http://forum.xda-developers.com/showthread.php?t=2664460 does not require the super cid.
From my Chroma Flo
Click to expand...
Click to collapse
Thank you for that. I don't know how many times I've gone through it, but I finally got that you just have to do step 6 rather than step 1 to get S-Off. I now have S-Off with TWRP.
The next problem that I am running into is getting an error message when trying to flash the pacman fireball ROM:
Code:
This package is for device: fireballx; this device is .
Really appreciate all the help in getting me to this point.

Need to use the modified TWRP. Read the OP carefully it takes a bit of work, it swaps partitions so you have more space for apps.
Edit: OP in the PAC thread.
Sent from my Nexus 5 using XDA Free mobile app

wmuflyer said:
Need to use the modified TWRP. Read the OP carefully it takes a bit of work, it swaps partitions so you have more space for apps.
Edit: OP in the PAC thread.
Sent from my Nexus 5 using XDA Free mobile app
Click to expand...
Click to collapse
I realize that I kept running into an issue changing one of the file systems during that first process which meant that only one of them changed: the "Data" filesystem.
The "Internal Storage" filesystem gave me an MTP error, but then said it finished successfully. It stayed as a vFAT filesystem.
I did get Liquidsmooth up and running with PaGapps, but am now looking for a way to resize my partitions, as there isn't much room left to install apps.

People have looked at resizing the partitions but nobody has had any luck. The partition change seems to be the best bet it was set up by MDMower for his CM builds http://mdmower.cmphys.com/cyanogenmod-fireball/ it might give you more information to make the swap. Beeko has stopped work on Liquid Smooth so for current Android 5.x PAC or CM are the choices and they only work with the partition swap. I have PAC on my Fireball but will probably try CM 12.1 soon.

keithsmessina said:
Thank you for that. I don't know how many times I've gone through it, but I finally got that you just have to do step 6 rather than step 1 to get S-Off. I now have S-Off with TWRP.
Click to expand...
Click to collapse
Excellent! Glad you got it done.

junkmail9 said:
Excellent! Glad you got it done.
Click to expand...
Click to collapse
I've managed to swap the partitions and get the Pacman ROM installed, thanks to the instructions you sent me, wmuflyer. No hiccups with the Pacman ROM, it seems to be polished and working flawlessly. Thanks again for all the help, guys! Really appreciate it.

Xiaomi Huami Amazefit / Pace smartwatch - is root possible ?

Heya guys,
So Huami, a sub-company by Xiaomi, gave birth to their watch, and started to sell it in the states as well.
there are two flavors to this watch:
1. the Chinese UI version - Amazefit Smartwatch, with Mifit support and Chinese apps for monitoring activities.
2. the English UI version - called Amazefit Pace, with playstore Mifit version with Google support and Strava sync.
both of the watches are identical by hardware, what distinguish them is the firmware: current Chinese version is 1.2.2a and the English one is 1.3.0n.
the functionality is the same, everything is the same.
the watch itself is based on a Xburst chip, as the w808 ingenic, with the same specs.
the biggest issue is that the manufacturer telling stories and misleading the end users who has bought the Chinese version, and telling us that maybe we'll have a English version for the Chinese one sometime during 2017, if we'll get it at all.
so ... there's a lot of global users with the Chinese version who want to convert their watch to be fully English or support hebrew or what ever they want to do.
is it possible to create a working recovery for the Xburst MIPS chip in this watch?
the bootloader is unlockable, whats next ?
Code:
C:\adb>fastboot getvar all
(bootloader) version-bootloader: U-Boot 2013.07-00094-g03785ac
(bootloader) version-baseband: N/A
(bootloader) version-hardware: V1.1 20130322
(bootloader) version-cdma: N/A
(bootloader) variant: watch
(bootloader) serialno: 0123456789abcdef
(bootloader) product: watch
(bootloader) secure: no
(bootloader) unlocked: yes
(bootloader) uart-on: NO
(bootloader) partition-size:bootloader: 0x0000
(bootloader) partition-type:bootloader: emmc
(bootloader) partition-size:recovery: 0x1000
(bootloader) partition-type:recovery: emmc
(bootloader) partition-size:boot: 0x2000
(bootloader) partition-type:boot: emmc
(bootloader) partition-size:system: 0x3000
(bootloader) partition-type:system: ext4
(bootloader) partition-size:cache: 0x4000
(bootloader) partition-type:cache: ext4
(bootloader) partition-size:userdata: 0x5000
(bootloader) partition-type:userdata: ext4
(bootloader) max-download-size: 0x4000000
all:
finished. total time: 0.280s
Thanks!

1immortal said:
Heya guys,
So Huami, a sub-company by Xiaomi, gave birth to their watch, and started to sell it in the states as well.
there are two flavors to this watch:
1. the Chinese UI version - Amazefit Smartwatch, with Mifit support and Chinese apps for monitoring activities.
2. the English UI version - called Amazefit Pace, with playstore Mifit version with Google support and Strava sync.
both of the watches are identical by hardware, what distinguish them is the firmware: current Chinese version is 1.2.2a and the English one is 1.3.0n.
the functionality is the same, everything is the same.
the watch itself is based on a Xburst chip, as the w808 ingenic, with the same specs.
the biggest issue is that the manufacturer telling stories and misleading the end users who has bought the Chinese version, and telling us that maybe we'll have a English version for the Chinese one sometime during 2017, if we'll get it at all.
so ... there's a lot of global users with the Chinese version who want to convert their watch to be fully English or support hebrew or what ever they want to do.
is it possible to create a working recovery for the Xburst MIPS chip in this watch?
the bootloader is unlockable, whats next ?
Code:
C:\adb>fastboot getvar all
(bootloader) version-bootloader: U-Boot 2013.07-00094-g03785ac
(bootloader) version-baseband: N/A
(bootloader) version-hardware: V1.1 20130322
(bootloader) version-cdma: N/A
(bootloader) variant: watch
(bootloader) serialno: 0123456789abcdef
(bootloader) product: watch
(bootloader) secure: no
(bootloader) unlocked: yes
(bootloader) uart-on: NO
(bootloader) partition-size:bootloader: 0x0000
(bootloader) partition-type:bootloader: emmc
(bootloader) partition-size:recovery: 0x1000
(bootloader) partition-type:recovery: emmc
(bootloader) partition-size:boot: 0x2000
(bootloader) partition-type:boot: emmc
(bootloader) partition-size:system: 0x3000
(bootloader) partition-type:system: ext4
(bootloader) partition-size:cache: 0x4000
(bootloader) partition-type:cache: ext4
(bootloader) partition-size:userdata: 0x5000
(bootloader) partition-type:userdata: ext4
(bootloader) max-download-size: 0x4000000
all:
finished. total time: 0.280s
Thanks!
Click to expand...
Click to collapse
Log shows '[bootloader]unlocked=yes' does it means it's unlocked?

Yes, as far as I know
Sent from my MI 3W using Tapatalk

bump ?
also, any help with porting a twrp recovery to mips platform will be great!

more information that i've dig up from the SoC manufacturer site:
Source code download
Download REPO
$ Mkdir
$ Cd
$ Wget http://git.ingenic.cn:8082/bj/repo
$ Chmod + x repo
Get the complete source code (including toolchain)
$ ./repo init -u http://git.ingenic.cn:8082/gerrit/AOSP/platform/manifest -b android-4.4.4_r2-ingenic
$ ./repo sync
this will provide the source for the M200 SoC.

really waiting for this development
I'm not a dev and sure cant help for dev's things either, but I really appreciate your helpful efforts, guys.

Novedades???
Enviado desde mi MI MAX mediante Tapatalk

No ensure but...
I'm working on the source of the watch and maybe there is some possibility for the root or just translate it... I don't ensure anything but maybe. There is only a problem, since i don't have the watch still i cant test myself and try so is there someone that can try do this for me? with the watch in ADB MODE write this:
Code:
adb backup -apk -all -f backup.ab
Maybe there is some possibility to just translate the launcher
Does this work?
If yes please upload the result here!
Thanks!

Yes it's possible . And possible to install apk or extract apk on the watch.
Look my post on en miui forum.
But wait official translate in next week .... or i wait a Link to download rom 1.3 (official english ) to install in the watch with adb.
Eric

Ericmo said:
Yes it's possible . And possible to install apk or extract apk on the watch.
Look my post on en miui forum.
But wait official translate in next week .... or i wait a Link to download rom 1.3 (official english ) to install in the watch with adb.
Eric
Click to expand...
Click to collapse
You have been telling since weeks that an English update will be coming soon. Where do you take that knowledge from? Or is this just wishful thinking?
I'm afraid just waiting is not enough. We should try to do something on our own, as proposed in this thread.

Neuer_User said:
You have been telling since weeks that an English update will be coming soon. Where do you take that knowledge from? Or is this just wishful thinking?
I'm afraid just waiting is not enough. We should try to do something on our own, as proposed in this thread.
Click to expand...
Click to collapse
yes, I agree with you. I think this is possible but not simple to follow the weekly updates.
For translation in early 2017, this comes from support. Many people have had the same information with support of other languages.
But I still do not understand why there are 2 different firmware ....

Ericmo said:
yes, I agree with you. I think this is possible but not simple to follow the weekly updates.
For translation in early 2017, this comes from support. Many people have had the same information with support of other languages.
But I still do not understand why there are 2 different firmware ....
Click to expand...
Click to collapse
Support only told us that "there might be a possibility to switch the Chinese watch to other languages in 2017'. Interpreting that this means next week there will be an update to English is very, very far fetched.
There are two firmwares because xiaomi wants to have it this way. They do the same for their other products (at least the action cams). This is pure marketing and sales strategy, no technical reasons.
---------- Post added at 07:39 AM ---------- Previous post was at 07:32 AM ----------
I tried to enter bootloader via adb (adb reboot bootlosder), but that did not work. I read somewhere that there is no fastboot on the watch.
What did work was "adb reboot recovery", but of course not much help for us.

You need to type:
adb shell reboot fastboot
Sent from my MI 3W using Tapatalk

Waiting update today.....
Wait and see

striker4709 said:
I'm working on the source of the watch and maybe there is some possibility for the root or just translate it... I don't ensure anything but maybe. There is only a problem, since i don't have the watch still i cant test myself and try so is there someone that can try do this for me? with the watch in ADB MODE write this:
Code:
adb backup -apk -all -f backup.ab
Maybe there is some possibility to just translate the launcher
Does this work?
If yes please upload the result here!
Thanks!
Click to expand...
Click to collapse
Where will be stored the backup file?
Edit: find it!
Inviato dal mio D6633 utilizzando Tapatalk

Pi3rluigi said:
Where will be stored the backup file?
Inviato dal mio D6633 utilizzando Tapatalk
Click to expand...
Click to collapse
It should be in your adb folder.
If you cant find it just use this instead
Code:
adb backup -apk -all -f C:\backup.ab

striker4709 said:
It should be in your adb folder.
If you cant find it just use this instead
Code:
adb backup -apk -all -f C:\backup.ab
Click to expand...
Click to collapse
I'm a Mac user, it was in my account root folder.
Uploading to Mega
Inviato dal mio D6633 utilizzando Tapatalk

1immortal said:
You need to type:
adb shell reboot fastboot
Sent from my MI 3W using Tapatalk
Click to expand...
Click to collapse
Does only a normal reboot for me. Just the same as it I type "adb shell reboot to-heaven" or similar 😀.
Do you really get into a fastboot mode there? What am I doing wrong?

Neuer_User said:
Does only a normal reboot for me. Just the same as it I type "adb shell reboot to-heaven" or similar 😀.
Do you really get into a fastboot mode there? What am I doing wrong?
Click to expand...
Click to collapse
I had tested, for me worked!
The watch restarted and stopped at the Amazfit logo
Inviato dal mio D6633 utilizzando Tapatalk

Pi3rluigi said:
I had tested, for me worked!
The watch restarted and stopped at the Amazfit logo
Click to expand...
Click to collapse
Strange, my watch does not stop at the logo but continues with the normal boot.
What adb version are you using? I have "Android Debug Bridge version 1.0.32".

2020 and 2019 ZTE blade impossible to root ?!

They say, that unfortunately, a majority of new Unisoc (Spreadtrum) chips have bootloaders that cannot be unlocked without a key, which is not provided by the SoC manufacturer, and is beyond the control of the ODM. Many low-end Android smartphones are powered by such chips, and the end result is that root is impossible on those devices, i.e. ZTE Blade A5 2019, Doogee N10, etc. (Unisoc SC9863A)
Some have obtained the source code of the U-boot bootloader used on those devices, however, the algorithm for the key verification is stored on the Trusted Execution Environment, which means it cannot be extracted (the TEE is a SecureEnclave-like device, with no possible direct access to it's memory or storage, besides de-capping it and reading the bits with an electron microscope) -- more info here: https://source.android.com/security/trusty
However, Spreadtrum actually does verify the whole boot process, meaning that booting a modified binary is impossible. If you change the boot partition, it will infinitely reboot with a black screen and vibration. If you leave the boot as-is, but change system, it will get to the splash screen and then reboot. etc.
It genuinely does cryptographicaly verify the signature and hash of every partition. Which is great for security, in theory, unless the OS has preloaded spyware, but the secureboot process prevents you from removing it.
Been there, and I didn't even realised the cause.
MTK is quite good, but it's becoming worse in the perf/$ ratio, i.e. the SC9863A is a octa core A55 chip at 1.5GHz, while similar MTK devices are dual core A7 at 1.2 GHz. The architecture improvements alone are excellent, not mentioning the extra cores and higher clock speed.
The key is most certainly not the same, because I doubt they would go through the trouble of doing actual secure boot verification, and storing the data in the TEE, and just have the same key. Additionally, the U-boot code I obtained lies to the user about commands not being found, if the command doesn't contain a valid unlock key.

there is a dedicated thread on hovatek forum for rooitng this chipset

that thread on hovatek is thrilling...

Hovatek forums indicate you need a PAC or FDL file to do anything unless you buy extra hardware. Can anything be done for a vendor that hasn't released either? Even a temproot exploit like mtk-su is fine, if it works on Android 9.

those El-Cheapo phones are simply not supported well by hackerdom.

if we can port mtk-su to this processor or create a new temp root we are done

Skorpion96 said:
if we can port mtk-su to this processor or create a new temp root we are done
Click to expand...
Click to collapse
You cant port mtk-su. The sercuity exploit is a defect built into the CPU. A CPU is made up on millions of transistors , A transistor is a switch (On/Off) , Creates a workload that targets the switch would normally return no to yes is very difficult n can very easily destroy the CPU by creating a internal short. NOTE The device manufacturer can help provide a bootloader key if request

lepusang said:
You cant port mtk-su. The sercuity exploit is a defect built into the CPU. A CPU is made up on millions of transistors , A transistor is a switch (On/Off) , Creates a workload that targets the switch would normally return no to yes is very difficult n can very easily destroy the CPU by creating a internal short. NOTE The device manufacturer can help provide a bootloader key if request
Click to expand...
Click to collapse
i know that mtk-su can't be ported but maybe we can use the source of mtk easy su and the cve-2015-1474 to make a working app

Skorpion96 said:
i know that mtk-su can't be ported but maybe we can use the source of mtk easy su and the cve-2015-1474 to make a working app
Click to expand...
Click to collapse
Can it really be done? I have a ZTE blade vantage 2 and I'd love to root it if possible.

I just tried a zip to enable fastboot on the axon mini on my zte blade A5 2019, it flashes, fails because model is different but it is not a signature error meaning that it has the same signature. So signature is the same for every zte, now I'm asking zte Italy to help me getting the unlock file or the signature itself which is the same since or I will flash the file directly or I will sign it and flash. I hope they will help.
Useless try, they refused to help because of their policy

Went out and bought an m8l plus to try it. This is the first time I've ever dealt with a unisoc sc9863a. I was optimistic about it at first, but now I'm doubtful
*Update* found modified fastboot folder and did the following. Unlocked bootloader, about to try to root with magisk. Root achieved with magisk. Made copy of firmware, moved boot_a to phone and patched with magisk. Flashed patched boot_a with adb. Currently deleting system apps. Root is go. This is unisoc sc9863a blu m8l Android 11

Found this. Can't post the link, but I'll c&p the text:
Open the modified_fastboot folder, right-click then select Open in Terminal
Test detection using
Code:
./fastboot devices
Get Identifier Token using
Code:
./fastboot oem get_identifier_token
You should get an output like
Identifier token:
XXXXXXXXXXXXXXXXXXXXXXXX
OKAY [ 0.019s]
finished. total time: 0.019s
Copy out the Identifier token
Run this command ; replace XXXXXXXXXXXXXXXXXXXXXXXX with your Identifier token
Code:
./signidentifier_unlockbootloader.sh XXXXXXXXXXXXXXXXXXXXXXXX rsa4096_vbmeta.pem signature.bin
You should have an output like
Identifier sign script, ver 0.10
1+0 records in
1+0 records out
50 bytes copied, 0.000257562 s, 194 kB/s
Identifier sign successfully
You should also see a signature.bin file in the modified_fastboot folder
Finally, run this command
Code:
./fastboot flashing unlock_bootloader signature.bin
You should get a prompt on the device asking you to push a volume button to confirm unlock, do so
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
You should now have an output like
downloading 'unlock_message'...
OKAY [ 0.001s]
unlocking bootloader...
Info:Unlock bootloader success! OKAY [ 85.787s]
finished. total time: 85.788s
Reboot the device using
Code:
./fastboot reboot
Your bootloader should now be unlocked
They request you log in and register in exchange for the modified fastboot folder

you can get the modified Fastboot folder anywhere, used that trick to bl unlock all my blu and wiko phones

R41N MuTT said:
Found this. Can't post the link, but I'll c&p the text:
Open the modified_fastboot folder, right-click then select Open in Terminal
Test detection using
Code:
./fastboot devices
Get Identifier Token using
Code:
./fastboot oem get_identifier_token
You should get an output like
Identifier token:
XXXXXXXXXXXXXXXXXXXXXXXX
OKAY [ 0.019s]
finished. total time: 0.019s
Copy out the Identifier token
Run this command ; replace XXXXXXXXXXXXXXXXXXXXXXXX with your Identifier token
Code:
./signidentifier_unlockbootloader.sh XXXXXXXXXXXXXXXXXXXXXXXX rsa4096_vbmeta.pem signature.bin
You should have an output like
Identifier sign script, ver 0.10
1+0 records in
1+0 records out
50 bytes copied, 0.000257562 s, 194 kB/s
Identifier sign successfully
You should also see a signature.bin file in the modified_fastboot folder
Finally, run this command
Code:
./fastboot flashing unlock_bootloader signature.bin
You should get a prompt on the device asking you to push a volume button to confirm unlock, do so
You should now have an output like
downloading 'unlock_message'...
OKAY [ 0.001s]
unlocking bootloader...
Info:Unlock bootloader success! OKAY [ 85.787s]
finished. total time: 85.788s
Reboot the device using
Code:
./fastboot reboot
Your bootloader should now be unlocked
They request you log in and register in exchange for the modified fastboot folder
Click to expand...
Click to collapse
It succeeded ....but. when i try
fastboot flash recovery recovery.img
It says
Sending recovery... (Size shows in KB)
Then says writing recovery... Fot infinity ....
I ported custom twrp recovery using hovatek's automatic unisoc twrp porting guide....have any solution? I also tried to flash twrp by spd research tool and it stuck at probably 95/97 percent

R41N MuTT said:
Found this. Can't post the link, but I'll c&p the text: ....
Click to expand...
Click to collapse
fastboot oem get_identifier_token
Give only back the Serial Number in hexadecimal
Put your SN of your Device in a Hexeditor and change the view to Hexview
when you compare you will see its the SN
I show you the output of my Device, it's an blackview A70 Smartphone. This device is my favorite victim, because it is stubborn as a donkey.
Code:
d:\android\blackview\a70>fastboot oem get_identifier_token
(bootloader) identifier token:
(bootloader) 334b3032384137304545413037313431
(bootloader) 37
okay [ 0.031s]
finished. total time: 0.031s
(the number above in a phantasy number)
Interesting is, here are 3 lines (bootloader)
1. is title
2. is first part of SN
3. is 2. Part of SN
yes the length of the SN of this device is 17 characters. In this case you have to put line 2 and line 3 together to build the number.
If you dont do that, not success with unlock.
for example, this is my SN read with
fastboot devices
3K028A70EEA071417
fastboot oem get_identifier_token
334b3032384137304545413037313431
37
the difference is only binary and hex view

[GUIDE] Important partitions you must backup after you have the phone rooted, Stock firmware reinstallation guide at worst case

These partitions are important when you'll have to restore the phone back to normal from worst case.
Code:
elableinfo (/dev/block/sda4) - This partition contains Certification Image, may not important.
imeilock (/dev/block/sdg1) - This partition contains your device IMEI.
persist (/dev/block/sda8) - This partition contains your device PSN, MAC, Bluetooth.
oemowninfo (/dev/block/sda2) - This partition contains SKUID, exclusive info, etc.
simlock (/dev/block/sde63) - Carrier locked TA-1251 only. Mandatory to allow your phone boot if your phone isn't carrier locked.
Other Snapdragon 765G based Android phones can also refer this, although we can't guarantee it will 100% apply on your phone. DO NOT FOLLOW THIS GUIDE IF YOU ARE USING TA-1257 (NOKIA 8 V 5G UW from Verizon Wireless).
WARNING:
1. DO NOT SHARE YOUR CRITICAL PARTITION BACKUP IMAGES TO ANYONE ELSE TO PREVENT ABUSE, PLUS, SHARING THIS VIOLATES THE RULE OF XDA.
2. CRITICAL PARTITION BACKUP IMAGES FOR BOTH TA-1243 AND TA-1251 AREN'T INTERCHANGEDABLE.
Click to expand...
Click to collapse
To backup these partitions:
1. Unlock the bootloader and root your phone with Magisk.
2. Execute these commands:
Code:
adb shell mkdir /storage/emulated/0/bgt-critical/
adb shell su
(Confirm root permission on your phone - if you missed that or didn't confirm it, open Magisk app and grant it manually)
adb shell su -c dd if=/dev/block/bootdevice/by-name/imeilock of=/storage/emulated/0/bgt-critical/imeilock.img
adb shell su -c dd if=/dev/block/bootdevice/by-name/persist of=/storage/emulated/0/bgt-critical/persist.img
adb shell su -c dd if=/dev/block/bootdevice/by-name/oemowninfo of=/storage/emulated/0/bgt-critical/oemowninfo.img
adb shell su -c dd if=/dev/block/bootdevice/by-name/simlock of=/storage/emulated/0/bgt-critical/simlock.img
adb pull /storage/emulated/0/bgt-critical/
3. Save entire bgt-critical directory at safe place.
Additionally, you must do QCN backup in case you erased NVRAM at worst case.
To do that:
1. Root your phone with Magisk.
2. Execute this command on your PC with ADB shell for enabling Qualcomm Diag Port:
Code:
adb shell su -c setprop sys.usb.config diag,serial_cdev,rmnet,adb
3. Install QPST 2.7.496 and use QPST Software Download to backup both XQCN and QCN images, and save both of them at bgt-critical partition you have saved.

Here's how to reinstall stock firmware, in case you bricked the phone at worst situation.
Please disable automatic translation on your web browser if you can't click "CLICK TO SHOW CONTENT" button.
Click to expand...
Click to collapse
Assuming you have UFS lun0-lun6 erased, or the phone is currently at Qualcomm 900E which are considered worst situation.
1. Download following firmware, and extract it 3 times - you'll get tons of files inside.
bgt-2210-0-00WW-B01.HMDSW.7z | by Hikari Calyx for Generic Device/Other
Download GApps, Roms, Kernels, Themes, Firmware, and more. Free file hosting for all Android developers.
www.androidfilehost.com
2. Use text editor to open rawprogram0_sparse.xml and delete the string super.img inside to save time when doing part 1 flashing.
Use text editor to open rawprogram4.xml and replace the string abl.elf into BGT-abl.elf , then save it.
3. Copy prototype ABL into the firmware directory, and make sure the filename is BGT-abl.elf .
4A. (For Windows users)
Please install QPST 2.7.496 or newer and Qualcomm USB Driver before you proceed. You'd better to erase all other incompatible drivers to increase success rate.
Once installed, please copy QSaharaServer.exe and fh_loader.exe from QPST installation directory (C:\Program Files (x86)\Qualcomm\QPST\bin by default) to firmware directory.
4B. (For macOS / Linux users)
Please install Python EDL from following website:
GitHub - bkerler/edl: Inofficial Qualcomm Firehose / Sahara / Streaming / Diag Tools :)
Inofficial Qualcomm Firehose / Sahara / Streaming / Diag Tools :) - GitHub - bkerler/edl: Inofficial Qualcomm Firehose / Sahara / Streaming / Diag Tools :)
github.com
5. If your phone is currently at 900E, you must disassemble the phone by opening the back cover and make sure the motherboard is exposed.
Disconnect the battery, use a pair of tweezers to short the test point, then connect your phone to PC. Using USB 2.0 port is strongly recommended for best stability.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
If you're using PC that only has USB 3.1 port you may like encounter USB port throttling issue. In this case you must buy an USB hub as workaround.
To check if your phone is properly connected:
(For Windows users)
Please open Device Manager and check if your phone is listed as Qualcomm HS-USB QDLoader 9008 / Qualcomm HS-USB Diagnostics 9008. If not you need to disconnect the phone, short the test point and connect the phone to PC again. Once it's listed you can remove the tweezer.
(For macOS / Linux users)
Please execute this command:
Code:
lsusb
and see if a device started from 05C6:9008 is listed. If yes, you can remove the tweezer and proceed to next step.
6A. (For Windows users)
Please check the COM port in Device Manager, assuming the COM port number is 8.
Open a Command Prompt or PowerShell window at directory where you have tons of firmware files extracted.
Execute this command (replace the COM port number to actual COM port number you see in Device Manager)
Code:
.\QSaharaServer -p \\.\COM8 -s 13:prog_firehose_ddr.elf
If you see a message says image uploaded successfully, you can proceed to next step.
Execute this command to upload rawprogram XML configuration:
Code:
.\fh_loader --port=\\.\COM8 --search_path=. --sendxml=rawprogram0_sparse.xml,rawprogram1.xml,rawprogram2.xml,rawprogram3.xml,rawprogram4.xml,rawprogram5.xml,rawprogram6.xml --noprompt --showpercentagecomplete --zlpawarehost=1 --memoryname=UFS
Wait for image files being uploaded, now write patch XML configuration:
Code:
.\fh_loader.exe --port=\\.\COM8 --search_path=. --sendxml=patch0.xml,patch1.xml,patch2.xml,patch3.xml,patch4.xml,patch5.xml,patch6.xml --noprompt --showpercentagecomplete --zlpawarehost=1 --memoryname=UFS
Once these commands are executed successfully, you can disconnect the phone, reconnect the battery and power it on.
Your phone should boot straight into Fastboot mode. If it doesn't boot the battery might be drained, recharge it a little bit before you proceed.
6B. (For macOS / Linux users)
Assuming you have Python EDL installed properly.
Open a terminal under the directory where you have firmware extracted, and execute this command:
Code:
edl qfil rawprogram0_sparse.xml,rawprogram1.xml,rawprogram2.xml,rawprogram3.xml,rawprogram4.xml,rawprogram5.xml,rawprogram6.xml patch0.xml,patch1.xml,patch2.xml,patch3.xml,patch4.xml,patch5.xml,patch6.xml /path/to/where/firmware/images/arelocated/ --memory=ufs --loader=prog_firehose_ddr.elf
Wait for image files being uploaded. If the flashing procedure is throttling, you may want to execute this command before connecting phone with test point shorted.
Once this command is executed successfully, you can disconnect the phone, reconnect the battery and power it on.
Your phone should boot straight into Fastboot mode. If it doesn't boot the battery might be drained, recharge it a little bit before you proceed.
7. Reinstall all other partitions with Fastboot command.
If you're Windows user, please DO NOT USE Minimal ADB and Fastboot, but use this instead: https://developer.android.com/studio/releases/platform-tools
Code:
fastboot flash partition:0 gpt_both0.bin
fastboot --set-active=a reboot-bootloader
fastboot flash xbl xbl.elf
fastboot flash xbl_config xbl_config.elf
fastboot flash abl abl.elf
fastboot flash tz tz.mbn
fastboot flash hyp hyp.mbn
fastboot flash devcfg devcfg.mbn
fastboot flash storsec storsec.mbn
fastboot flash pwinfo pwinfo.img
fastboot flash bluetooth BTFM.bin
fastboot flash modem NON-HLOS.bin
fastboot flash core_nhlos Core_NON-HLOS.bin
fastboot flash dsp dspso.bin
fastboot flash logfs logfs_ufs_8mb.bin
fastboot flash keymaster km4.mbn
fastboot flash featenabler featenabler.mbn
fastboot flash toolsfv tools.fv
fastboot flash metadata metadata.img
fastboot flash aop aop.mbn
fastboot flash qupfw qupv3fw.elf
fastboot flash imagefv imagefv.elf
fastboot flash uefisecapp uefi_sec.mbn
fastboot flash multiimgoem multi_image.mbn
fastboot flash vbmeta_system vbmeta_system.img
fastboot flash vbmeta vbmeta.img
fastboot flash dtbo dtbo.img
fastboot flash userdata userdata.img
fastboot flash recovery recovery.img
fastboot flash super super.img
fastboot flash boot boot.img
fastboot flash persist persist.img
By doing this will allow your phone boot as the bare minimal situation, but not ideally functional.
Next you must restore critical partitions you have backed up before.
Code:
fastboot erase fsc
fastboot erase modemst1
fastboot erase modemst2
fastboot flash fsg fs_image.img
fastboot flash elableinfo /path/to/bgt-critical/elableinfo.img
fastboot flash imeilock /path/to/bgt-critical/imeilock.img
fastboot flash persist /path/to/bgt-critical/persist.img
fastboot flash oemowninfo /path/to/bgt-critical/oemowninfo.img
fastboot reboot
8. Once your phone boots into normal OS, use Magisk to root your phone, and execute this command to enable Qualcomm Diag Port:
Code:
adb shell su -c setprop sys.usb.config diag,serial_cdev,rmnet,adb
9. (For Windows users) Use QPST Software Download to restore the QCN/XQCN image you backed up before. Eject SIM before you doing so to prevent issues.
10. (Skip if you're not using Carrier locked TA-1251) Reboot the phone into Fastboot mode and flash simlock partition:
Code:
adb reboot bootloader
fastboot flash simlock /path/to/bgt-critical/simlock.img
fastboot reboot
11. Enjoy your fully revived Nokia 8.3.

Reserved #3