Dump/extract already deleted messages from FB messenger's cache - Android Q&A, Help & Troubleshooting

Hello everyone!
Does anybody know please, if it's somehow possible to dump/extract messages from the Facebook messenger application which have been already deleted by the user (read correctly as a 'cheating girlfriend') and which maybe left stored somewhere on device within the internal messenger's CACHE memory?
I am pretty sure that they still must have be stored somewhere secretly in the phone, because within the Apps -> Messenger -> Storage -> It still shows that some space is used as following: Application - 100MB, Data -325 MB, Cache - 60.14 MB Total - 486 MB. -> That's a clear evidence that application is using some internal cache storage somewhere...
I've already read many articles found on internet about how to 'very simply' recover deleted messages from the phone saying that you just need to check for subfolder "fb_temp" within the "com.facebook.orca" and WOALA - That's it!
But in fact, it's not so easy at all, because that folder always displays as empty, no matter whether I check it with windows explorer (when the phone is plugged to PC via USB) or using ADB shell.....the subfolder "fb_temp" always appears as an empty folder. Maybe it's because the phone is not yet rooted? I don't know.
Code:
hero2lte:/storage/self/primary/[COLOR="Blue"]com.facebook.katana/fb_temp[/COLOR] $ ls -la
total 8
[COLOR="DarkOrange"]drwxrwx--x 2 root sdcard_rw 4096 2019-02-02 22:51 .
drwxrwx--x 3 root sdcard_rw 4096 2018-08-08 20:03 ..[/COLOR]
-rw-rw---- 1 root sdcard_rw 0 2018-08-08 20:03 .nomedia
hero2lte:/storage/self/primary/com.facebook.katana/fb_temp $
hero2lte:/storage/self/primary/com.facebook.katana/fb_temp $
hero2lte:/storage/self/primary/com.facebook.katana/fb_temp $ cd ../../com.facebook.orca/fb_temp/
hero2lte:/storage/self/primary/[COLOR="Blue"]com.facebook.orca/fb_temp[/COLOR] $ ls -la
total 8
[COLOR="DarkOrange"]drwxrwx--x 2 root sdcard_rw 4096 2019-07-18 23:14 .
drwxrwx--x 3 root sdcard_rw 4096 2017-11-27 00:29 ..[/COLOR]
-rw-rw---- 1 root sdcard_rw 0 2017-11-27 00:29 .nomedia
hero2lte:/storage/self/primary/com.facebook.orca/fb_temp $
hero2lte:/storage/self/primary/com.facebook.orca/fb_temp $
Does anybody have any experience with similar problem ? Maybe it's more for Interpol to ask instead of here ...but ... you never know :laugh:
I've also read several articles about how to correctly root the phone in different fashions, what are the pros and cons... but, if possible, I'd prefer rather to avoid of rooting the phone at all, because it always carries a a high risk of loosing the data / because during the rooting process (for example with combination of latest TWRP and Magisk) it is necessary to wipe all the data - Obviously really I cannot afford go ahead with that option. But anyway, the rooting method does not guarantee me the results which I need to achieve (extract the deleted messages).....OR? Please feel free to correct me if I was wrong.
Any ideas how to figure this issue out?
Some technical facts:
Is phone already rooted?: No.
Phone model: Samsung Galaxy S7 Edge (SM-935F)
Android version: 8.0.0
KNOX version: 3.1 , api level 25 , TIMA 3.3.0
FB messenger version: 224.1.0.18.117
has no SD card, only phone's internal memory is used
Your any feedbacks / hints or advices will be highly appreciated! :good:
PS: any advices like: "find a new girlfriend" are not accepted! :laugh: ...

Related

[Q] /efs recovery

Very bad news.
I appear to have had an accident with /efs. Not 100% sure what I did but suspect it related to a product code change.
My SGS2 now will not show an IMEI or connect to the cell network.
I connected with /adb and saw a number of files were updated earlier today
drwxrwxr-x 5 root root 4096 Jan 1 2000 .files
drwxrwxr-x 2 radio radio 4096 Jan 1 2000 imei
-rw-rw-rw- 1 radio radio 832 Jan 1 2011 nv.log
-rw-rw-rw- 1 radio radio 1 Jan 1 2011 .nv_state
-rwx------ 1 radio radio 32 Jan 1 2011 .nv_data.bak.md5
-rwx------ 1 radio radio 2097152 Jan 1 2011 .nv_data.bak
-rwx------ 1 radio radio 32 Jan 1 2011 .nv_core.bak.md5
-rwx------ 1 radio radio 1048576 Jan 1 2011 .nv_core.bak
-rw-r--r-- 1 root root 1 Jan 1 2011 cryptprop_rebootMode
drwx------ 3 system system 4096 Jan 1 2011 dmp
-rw-r--r-- 1 system system 14 Jan 1 2011 cryptprop_persist.sys.timezone
-rw-r--r-- 1 system system 9 Jan 1 2011 cryptprop_applied_result
-rwxrwxr-- 1 radio radio 880 Jan 1 2011 redata.bin
-rw-rw-rw- 1 system system 6 Aug 12 22:43 calibration_data
-rw-rw-rw- 1 system system 256 Oct 4 15:55 edk_p
-rw-r--r-- 1 system system 3 Nov 2 01:27 cryptprop_persist.sys.language
-rw-r--r-- 1 system system 5 Nov 2 15:21 cryptprop_lockscreen.patterneverchosen
-rw-r--r-- 1 system system 6 Nov 2 15:21 cryptprop_lockscreen.password_type
-rw-r--r-- 1 system system 5 Nov 2 15:21 cryptprop_lock_pattern_visible_pattern
-rw-r--r-- 1 system system 6 Nov 2 15:21 cryptprop_lock_pattern_tactile_feedback_ena
bled
-rw-r--r-- 1 system system 5 Nov 2 15:21 cryptprop_lock_pattern_autolock
-rw-r--r-- 1 root root 3 Nov 2 21:08 cryptprop_securewipedata
-rwx------ 1 radio radio 32 Nov 3 17:44 nv_data.bin.md5
-rwx------ 1 radio radio 2097152 Nov 3 17:44 nv_data.bin
-rw-r--r-- 1 system system 0 Nov 3 18:02 cryptprop_onetimeboot
drwxrwx--x 5 radio system 4096 Nov 3 21:23 .
drwxr-xr-x 21 root root 0 Nov 3 21:58 ..
You can see the changes to nv_data.bin.md5 and nv_data.bin -- I have no idea what crptprop_onetimeboot is but it looks a little suspicious.
Firstly I have a copy of the above as
- a directory on my sdcard
- a dd'd image on my sdcard
- a file copy on my PC (!)
I also see I still have backup files, so with a lot of difficulty (fs kept going read only when trying to copy files, so I ended up renaming the old name to the new name)
ie
.nv_data.bak -> nv_data.bin
.nv_data.bak.md5 -> nv_data.bin.md5
This didn't work (still no service/no imei), so I removed(renamed) the .md5 file -- but it still doesn't work
so it now looks like
# ls -latr
ls -latr
drwxrwxr-x 5 root root 4096 Jan 1 2000 .files
drwxrwxr-x 2 radio radio 4096 Jan 1 2000 imei
-rwx------ 1 radio radio 32 Jan 1 2011 nv_data.bin.md5.orig
-rwx------ 1 radio radio 2097152 Jan 1 2011 nv_data.bin
-rw-rw-rw- 1 radio radio 832 Jan 1 2011 nv.log
-rw-rw-rw- 1 radio radio 1 Jan 1 2011 .nv_state
-rwx------ 1 radio radio 32 Jan 1 2011 .nv_core.bak.md5
-rwx------ 1 radio radio 1048576 Jan 1 2011 .nv_core.bak
-rw-r--r-- 1 root root 1 Jan 1 2011 cryptprop_rebootMode
drwx------ 3 system system 4096 Jan 1 2011 dmp
-rw-r--r-- 1 system system 14 Jan 1 2011 cryptprop_persist.sys.timezone
-rw-r--r-- 1 system system 9 Jan 1 2011 cryptprop_applied_result
-rwxrwxr-- 1 radio radio 880 Jan 1 2011 redata.bin
-rw-rw-rw- 1 system system 6 Aug 12 22:43 calibration_data
-rw-rw-rw- 1 system system 256 Oct 4 15:55 edk_p
-rw-r--r-- 1 system system 3 Nov 2 01:27 cryptprop_persist.sys.language
-rw-r--r-- 1 system system 5 Nov 2 15:21 cryptprop_lockscreen.patterneverchosen
-rw-r--r-- 1 system system 6 Nov 2 15:21 cryptprop_lockscreen.password_type
-rw-r--r-- 1 system system 5 Nov 2 15:21 cryptprop_lock_pattern_visible_pattern
-rw-r--r-- 1 system system 6 Nov 2 15:21 cryptprop_lock_pattern_tactile_feedback_ena
bled
-rw-r--r-- 1 system system 5 Nov 2 15:21 cryptprop_lock_pattern_autolock
-rw-r--r-- 1 root root 3 Nov 2 21:08 cryptprop_securewipedata
-rwx------ 1 radio radio 32 Nov 3 17:44 nv_data.bin.md5.bk
-rwx------ 1 radio radio 2097152 Nov 3 17:44 nv_data.bin.bk
-rw-rw-rw- 1 root root 0 Nov 3 20:55 p
drwxrwx--x 5 radio system 4096 Nov 3 21:48 .
-rw-r--r-- 1 system system 0 Nov 3 21:52 cryptprop_onetimeboot
drwxr-xr-x 21 root root 0 Nov 3 21:58 ..
#
[/FONT]
I DID NOT BACKUP EFS beforehand (only just learnt I need to) and know this may now be screwed, but I'm still hopeful I have the original file and just made a silly error.
I could also
- try recreating the whole fs and copying files back
- checking the prod code within the rom (but why?)
- flashing original firmware
- modifying the dd'd image *offline*, swapping the files, and dd'ing the image back
Any advice. PLEASE....
if you have a backup the easiest way I have found is to use root explorer.
go in to the /efs folder, set to read/write, mark everything and delete (not scrictly necessary simply copying over will work) but if you have been tinkering probably better.
then paste all the back up files and folders in
finally reboot (in my experience when something has gone wrong even this is not necessary)
Root explorer is worth every penny
and keep multiple backup's of your /efs on different drives
If this does not work you are screwed. The file contains your IMEI encrypted and the only way to get that restored is by returning it.
oh I just realised you are saying the back up you have is only of it in the current state?
If that's the case you are probably screwed, have you ever used any apps like nitrality or any unlocking tools? they will create copies of your efs folder on the scard in various locations. have you run a file seach on you sdcard to see if there is any copies at all?
if you have no backups of this folder then I think you will find its a return to manufacturer / sevice centre / provider issue.
I *think* I have restored the files -- and the dates look reasonable, as if they were the originals.
I've now flashed an old ROM (KE5) for good measure, but still no signal
One discrepancy I did notice is that after installing a rom there was some bootup message about csc and XEU when copying files.
My original sales code was VOD (UK vodafone). I had then run XEU firmware and just recently tried to set the sales code to XEU using a *# code. I subsequently flashed back to vodafone firmware today.
So somewhere there's a lingering reference to XEU -- this prod code incompatability could be causing the error?
I definately feel I should have the data to fix this -- after all I have the encrypted file, but am not quite sure of all the factors involved (one being "you're stuffed I know")
type *#06# this should display you IMEI number
if this does not match your IMEI from the box then you have not fixed this
if it shows all zeros or 004999010640000 then you are on a generic IMEI number
strangely when I screwed mine up and got the generic one above I was still able to use mine with a vodafone (UK) sim but not an orange on
if this is the case, and there is no efs backup prior to this you might well be screwed.
if this backup is all you have an you believe the .bak file is intact then I believe you will find solutions for deleting the primary version of the file and keeping only the backups and rebooting
the log file should give you more information on how successful this was, but if this was the result of flashing you probably overwrote both primary and backup
*#1234# is returning a reasonable CSC I9100VODKE2
Checking the nv data files, it appears
- the new ones modded today contain XEU
- the original ones contain VOD
This is consistent with what happened, so I am still confused why the renamed original files do not work, and why there's a reference to multi-csc XEU during bootup.
Some remnant of XEU?
*#06# is currently showing blank -- but those .bak files looked fine.
Annoyed and frustrated...
In that case I would try deleting nv_data.bin and nv_data.m5 and rebooting
(assuming you have copies of everything
with just nv_data.bak nv_data.bak.md5
At least with the SGS1 this would work provided those bak files are the originals but the nv.log file will tell you more after the boot.
HOWEVER the SGSII has a lot more in this folder and I do not claim to fully understand them all but if you have a back up it's worth a shot
planetf1 said:
*#1234# is returning a reasonable CSC I9100VODKE2
Checking the nv data files, it appears
- the new ones modded today contain XEU
- the original ones contain VOD
This is consistent with what happened, so I am still confused why the renamed original files do not work, and why there's a reference to multi-csc XEU during bootup.
Some remnant of XEU?
Click to expand...
Click to collapse
Took some inspiration from http://www.communityhosting.net/sgsunlock/i9000.html and decided to check permissions & recreation of md5.
md5 wasn't recreated, so no matter, I had a backup. that is restored, but I don't know if the .bak files are needed. Yet trying to create them I get:
# mv nv_data.bin.md5.orig nv_data.bin.md5
mv nv_data.bin.md5.orig nv_data.bin.md5
# cp nv_data.bin .nv_data.bak
cp nv_data.bin .nv_data.bak
cp: write error: Read-only file system
#
This isn't a space issue.
There could be another cause -- /efs/imei/mps_info.dat contains the 3 characters "XEU" even though the file is dated Jan 2011
So either
- the date has been manually fudged
OR
- the code always was XEU -- unlikely.
I'm currently working on the basis that fundamentally the IMEI is intact, that the original nv_data.bin is intact & that the phone is validating the CSC in mps_info.dat (XEU) against nv_data.bin (VOD) and failing.
Though this wouldn't explain why before the fix, with XEU in the nv_data.bin, it wasn't working
Unless the issue is the filesystem itself. could it be corrupt? Is this in fact why it switched to R/O mode each time? I've tried multiple kernels including insecure. surely they wouldn't all "protect" this fs.
But if this is the case where is fsck? maybe I need to copy the fs image to another linux box with ext4 & inspect/correct before shipping back and dd'ing
Continuing.
Found /system/bin/e2fsck -- ran this against /efs with
# /system/bin/e2fsck /dev/block/mmcblk0p1
/system/bin/e2fsck /dev/block/mmcblk0p1
e2fsck 1.41.11 (14-Mar-2010)
ext2fs_check_if_mount: Can't check if filesystem is mounted due to missing mtab file while determini
ng whether /dev/block/mmcblk0p1 is mounted.
/dev/block/mmcblk0p1 contains a file system with errors, check forced.
Pass 1: Checking inodes, blocks, and sizes
Pass 2: Checking directory structure
Pass 3: Checking directory connectivity
/lost+found not found. Create<y>? y
yes
Pass 4: Checking reference counts
Pass 5: Checking group summary information
Block bitmap differences: -(3202--3203) +4104
Fix<y>? yes
/dev/block/mmcblk0p1: ***** FILE SYSTEM WAS MODIFIED *****
/dev/block/mmcblk0p1: 60/1280 files (1.7% non-contiguous), 2188/5120 blocks
**** >>> I NOW HAVE AN IMEI <<< ****
AND SIGNAL
LOGGED ONTO VODAFONE
WOOOHAY.
THIS HAS BEEN FUN. LOOK AND LEARN..
and seriously thanks to all the other articles and some moral support here tonight.
Going to put back proper firmware , remove dodgy kernels and GET A BIG BEER OR THREE
planetf1 said:
Continuing.
Going to put back proper firmware , remove dodgy kernels and GET A BIG BEER OR THREE
Click to expand...
Click to collapse
and make several backups of the /efs folder in its current state one would assume
Phone seems working. restoring over a HSPA connection happily, recognized voda sim.
now reinstalling titanium backup and copying down from dropbox...
The final step was restoring from titanium backup.
I had erased my sdcard -- though my backup was on dropbox.
However titanium backup is awful at copying files to/from dropbox -- as is IMO the phone when in "phone/kies" mode.
Finally I simply copied the dropbox directory back in USB debug=mass storage mode which was quick and reliable -- and then restored most items en-masse (I have a pro license).
For the record so far phone is fine - and indeed I've since run a new efs backup
The key takeaways from this are
* Backup efs and save it somewhere offline
* get titanium backup pro. it's good (better if it backed up efs too!)
* usb mass storage mode is the most reliable way for file xfer
* backup efs (again)
* don't get complacent
And of course if you do get a similar problem to mine
a) take a backup of efs with dd if=/dev/mmcXXX of=/mnt/scard/myefs.img (check name - I forget)
b) copy files you can to sdcard
c) copy both of this to a seperate pc
d) Just try running fsck (as above) - If I'd done this sooner I'd have saved hours. I should have gone with the obvious -- I've seen this on enough linux systems in the past to know what was happening but was thrown by no kernel messages.
Thanks for letting us know, might be a nice reference for future problems, especially the filesystem check.
Writing about it also helped keep me sane.giving up and hitting the beer was becoming increasingly attractive.
I do think making the warning about efs clearer would help.backup really should be a must at the earliest opportunity
Sent from my GT-I9100 using Tapatalk
Another thought.do unmount /efs before fsck
Sent from my GT-I9100 using Tapatalk
Unable to restore
I know I had a valid IMEI during the last week or so.
I have flashed several ROM's during the last month.
Last night lost IMEI
Now , no matter what I try, I can't seem to restore my IMEI. I have the fake one that ends in a bunch of zero''s
My SDCARD has a folder called EFS_BACKUP with multiple efs_xxxxxxx.tar.gz files in it. If I extract any of these and try to restore them to the /EFS folder I still have the fake IMEI number.
Please help - I didn't understand all the adb code in this post
Hi there,
/efs is fairly new to me too, to be honest it took hours of careful rooting before I gained some useful knowledge in how that area works.
-- what I would suggest before *anything else* is to copy anything you do have left in /efs. You will need to be root to do this. I found the gui root explorer type tools a bit clunky so I used the android SDK (adb is one of the tools in this package) to help. IF YOU NEED HELP WITH THIS SAY. You need to copy the files to multiple places for safety. Someone OFF your phone, ie on a PC. This is just in case things get worse. Do the same with any of those .gz backups you have. Maybe you'll need them *if* you make things worse...
If you're familiar with linux/unix systems this is all fairly easy, but if you're not it can be quite scary. For example you have to be able to write to /efs as well as list files and move them around. One wrong step and you could make things worse.
If you're unsure perhaps you could find a friend who knows *nix well to help you out. The bottom line is that you need to
a) ensure the right files are in there
b) The filesystem itself was intact
I definately suffered from b -- less sure about a.
What you need to do will depend a fair bit on what files you find in there, and what dates they are.
You said you had some backup files. Are you sure you have some from before the problem started? Can you look inside those backup files (I think winzip or similar will expand them for you). WIthout divoluging the actual contents (since you don't want to share your IMEI with anyone), is there an nv_data.bin file in there? Out of all the files it seems to be the most critical. When's it dated (mine was Jan 2011). If you cant' find that file how about .nv_data.bak - is that a good size, and again an old one.
If you have either of these -- even without anything else I think you can probably recover.
If you can get up and running with adb, a good start would be
adb shell
ls -laR /efs
Thank you very much, fsck method fixed my efs. Phone just broke it while doing nothing :/
I love you
You just saved my Galaxy S2
Yay. Brilliant news

Wrong Carrier Name

Hi
I have an unlocked SGSII and everything is fine, I love the phone, but now I have a strange problem...
A few days ago I was in an foreign country and the phone entered in roaming. Everything went ok, I was able to use the phone normally but when I come back home my carrier name didn't change. I mean, I'm using my carrier network (not in roaming anymore) but the name didn't change!!!!
It doesn't affects the phone use but is annoying to see the wrong name of the carrier
Does anybody has a suggestion to solve this? Factory reset?
Thanks
JC
Have you tried going into Settings > Mobile Networks > Network Operators ?
Sent from my GT-I9100
fekken said:
Have you tried going into Settings > Mobile Networks > Network Operators ?
Sent from my GT-I9100
Click to expand...
Click to collapse
Yes, I did Fekken. Manual and automatic search!!! I can't my carrier's name
JC
In the same boat
Hello,
Allthough I cannot help you , i just wanted to let you know that you are not alone ....
I own a HTC One S, which yesterday since the roaming yesterday is stuck on the foreign operator name too
I can confirm that i am actually no longer roaming as my numeric Operator ID is back to "27001" which is LUXGSM , but the Operator name is still listed as "Orange F"
To make things worse , ( maybe you can check if it's the same on your phone ) if I go to manual Network selection , my starred ( Home ) Network is listed as "Orange F" , so it looks as if the phone has completely replaced the name
Everything is working , but it is certainly quite annoying to see the wrong name everywhere
Cheers,
Claude
Hi Garlfield
That's exactly what is happening with my SGS II. My real carrier is TMN (I know that because everything is working, like Internet and other services of the carrier) the name is Orange.
By the way, where did you find your Operator ID, just to be sure...
I would try tur5ning off and removing the battery for a few minutes.
If that doesn't work I would wipe the cache.
Erlanderterv said:
I would try tur5ning off and removing the battery for a few minutes.
If that doesn't work I would wipe the cache.
Click to expand...
Click to collapse
Hi
Thanks for the tip. Just removed the battery, in a few minutes I'll came back to tell if that worked
Well, the battery thing didn't work... To do wipe the cache I need to do a factory reset? My phone isn't rooted, so I don't have CWM.
Thanks
Turn off. Then go into recovery mode (Home+Volume Up+Power) Select Wipe cache by moving the highlight up and down with the volume keys and press power to select.
Then select Reboot.
Erlanderterv said:
Turn off. Then go into recovery mode (Home+Volume Up+Power) Select Wipe cache by moving the highlight up and down with the volume keys and press power to select.
Then select Reboot.
Click to expand...
Click to collapse
Thanks Erlanderterv, but that didn't work either. Still wrong carrier name after a cache wipe.
I guess I'm going to try the factory reset now...
jcustodio said:
Thanks Erlanderterv, but that didn't work either. Still wrong carrier name after a cache wipe.
I guess I'm going to try the factory reset now...
Click to expand...
Click to collapse
Download a carrier name app and type in your carrier name?
iXanza said:
Download a carrier name app and type in your carrier name?
Click to expand...
Click to collapse
Hi iXanza
That's an option, but it really doesn't solve the problem, just hide's it
Hi,
I'm running "Traffic Monitor" from RadioOpt , that app has a device tab where you can see a lot of info about your device , one of which is the Network ID
27001 is in fact LUXGSM , but shown by the phone as Orange F ....
I did some testing , as i live quite close to the belgian border
1) got to manually select network ( Here I do NOT see LUXGSM , but Orange F )
2) register on a Belgian network manually , I see the "R" popping up for roaming , and the Carrier name is properly displayed as "BEL Proximus"
3) go back to manually set network ( This time I see LUXGSM , and i thought already YESSS )
4) register on LUXGSM , the "R" disappears and the carrier name is "Orange F" again
Aaaaarrgh
I don't really want to factory reset, unless that's last option , so i'll continue searching ;-)
Hi Garfield1970
Thanks for the app. I just confirmed that my carrier's numeric code (TMN Portugal 268 06) is the one that phone is using. Now I'm absolutely sure that I'm not in roaming
Here, even if I do a manual search I never see my carrier's name, only 2 "Orange", the one from Spain and the one that's a false Orange.
I was trying to avoid the factory reset too, but I think I'm going to do it to see if it works...
JC
Woot Woot
Did I say I don't like factory resets
I managed to get mine working again , without reset or whatsoever ... YAY!
Here's what I did , bear in mind that this is what worked for a *rooted* HTC One S running ICS 4.03 stock , so I cannot guarantee it will work for you , and as usual :
<disclaimer>You do everything at your own risk!</disclaimer>
1) Connect USB Cable then go on the phone by using ADB SHELL
2) su
3) cd /data/property
4) ls -al
-rw------- root root 1 2012-06-26 16:08 persist.radio.adb_log_on
-rw------- root root 1 2012-06-26 16:09 persist.radio.clir
-rw------- root root 8 2012-06-24 15:41 persist.radio.nitz_lons_0_0
-rw------- root root 0 2012-06-24 15:41 persist.radio.nitz_lons_1_0
-rw------- root root 0 2012-06-24 15:41 persist.radio.nitz_lons_2_0
-rw------- root root 0 2012-06-24 15:41 persist.radio.nitz_lons_3_0
-rw------- root root 9 2012-06-24 15:41 persist.radio.nitz_plmn_0
-rw------- root root 8 2012-06-24 15:41 persist.radio.nitz_sons_0_0
-rw------- root root 0 2012-06-24 15:41 persist.radio.nitz_sons_1_0
-rw------- root root 0 2012-06-24 15:41 persist.radio.nitz_sons_2_0
-rw------- root root 0 2012-06-24 15:41 persist.radio.nitz_sons_3_0
-rw------- root root 9 2012-06-24 12:20 persist.radio.pdn.profile
-rw------- root root 0 2012-06-19 22:29 persist.service.adb.enable
-rw------- root root 2 2012-06-19 22:30 persist.sys.country
-rw------- root root 2 2012-06-19 22:30 persist.sys.language
-rw------- root root 0 2012-06-19 22:30 persist.sys.localevar
-rw------- root root 1 2012-06-26 16:08 persist.sys.profiler_ms
-rw------- root root 15 2012-06-26 16:10 persist.sys.timezone
-rw------- root root 3 2012-06-19 22:39 persist.sys.usb.config
In my case , the files : "persist.radio.nitz_lons_0_0" and "persist.radio.nitz_sons_0_0" contained the incorrect Carrier name : "Orange F" and the file persist.radio.nitz_plmn_0 contained the Network If for which it was displayed "270 01"
so for the 3 files i did the following : ( if you want to verify the contents before editing , use the <cat> command to list the contents of the files )
5) rm persist.radio.nitz_lons_0_0
( delete the file )
6) touch persist.radio.nitz_lons_0_0
( recreate empty file )
7) chmod 600 persist.radio.nitz_lons_0_0
( change the rights back to the original ones )
8) rm persist.radio.nitz_sons_0_0
9) touch persist.radio.nitz_sons_0_0
10) chmod 666 persist.radio.nitz_sons_0_0
11) rm persist.radio.nitz_plmn_0
12) touch persist.radio.nitz_plmn_0
13) chmod 666 persist.radio.nitz_plmn_0
14) ls -al
-rw------- root root 1 2012-06-26 16:08 persist.radio.adb_log_on
-rw------- root root 1 2012-06-26 16:09 persist.radio.clir
-rw------- root root 0 2012-06-26 16:05 persist.radio.nitz_lons_0_0
-rw------- root root 0 2012-06-24 15:41 persist.radio.nitz_lons_1_0
-rw------- root root 0 2012-06-24 15:41 persist.radio.nitz_lons_2_0
-rw------- root root 0 2012-06-24 15:41 persist.radio.nitz_lons_3_0
-rw------- root root 0 2012-06-26 16:05 persist.radio.nitz_plmn_0
-rw------- root root 0 2012-06-26 16:05 persist.radio.nitz_sons_0_0
-rw------- root root 0 2012-06-24 15:41 persist.radio.nitz_sons_1_0
-rw------- root root 0 2012-06-24 15:41 persist.radio.nitz_sons_2_0
-rw------- root root 0 2012-06-24 15:41 persist.radio.nitz_sons_3_0
-rw------- root root 9 2012-06-24 12:20 persist.radio.pdn.profile
-rw------- root root 0 2012-06-19 22:29 persist.service.adb.enable
-rw------- root root 2 2012-06-19 22:30 persist.sys.country
-rw------- root root 2 2012-06-19 22:30 persist.sys.language
-rw------- root root 0 2012-06-19 22:30 persist.sys.localevar
-rw------- root root 1 2012-06-26 16:08 persist.sys.profiler_ms
-rw------- root root 15 2012-06-26 16:10 persist.sys.timezone
-rw------- root root 3 2012-06-19 22:39 persist.sys.usb.config
So now , all the concerned files were 0 byte long , and all I had to do was reboot the phone to get everything back to normal
The timestamp of the modified files indicates they were modified when I was roaming in the "Orange F" Network , I was in France at that time ....
For now , I'm happy to be back with correct display without resetting the phone , let's hope it will stay that way !
If you are not rooted , a factory reset should do the trick , as I think it clears those settings aswell from the data partition
Cheers,
Claude
Hi Claude
I'm glad you did it, but that is too much for me
I decided to root my phone and install a custom rom on it and everything is ok now, my carrier name my real carrier. I went to Spain again and when I was back to Portugal the carrier and his name changed correctly.
JC
Hi to all!
I have the same problem like explained above, but I have Samsung Galaxy S2 with GB 2.3.5 and I don't have the listed files in /data/property. So I try to find what files in my system (I have rooted phone) have the wrong carrier name. I find that the file with wrong carrier is
/data/data/com.android.providers.telephony/optable.db
So I try to delete the file (to be honest I rename the file) and reboot the phone. The optable.db file is recreated and now all is ok and work ok with correct carrier names :good:.
Regards
Damjan G.
damjang said:
Hi to all!
I have the same problem like explained above, but I have Samsung Galaxy S2 with GB 2.3.5 and I don't have the listed files in /data/property. So I try to find what files in my system (I have rooted phone) have the wrong carrier name. I find that the file with wrong carrier is
/data/data/com.android.providers.telephony/optable.db
So I try to delete the file (to be honest I rename the file) and reboot the phone. The optable.db file is recreated and now all is ok and work ok with correct carrier names.
Click to expand...
Click to collapse
I was very happy to read this post at first, as I thought I had finally solved this issue that had been bugging me for months. But alas This fix didn't work for me. I have a Galaxy W (i 8150). Also on gingerbread 2.3.x. I've had the wrong carrier name stuck since I went to the USA in the spring. I always get " Virgin" showing even though there is no such network here in the UK. I Can see i'm connected to my providers preferred network - EE. (formerly T-Mobile).
I've rooted my phone using the 'recovery mode method' and using a super-user shell gone in and deleted the optable.db file. No luck. Still says "Virgin". I checked for the other method described above and like Damjang didn't have those files. I've tried using various file explorers to search for "Virgin" but I can't find it anywhere.
Does anyone else have any thoughts or as to how to fix this pretty annoying but ultimately unimportant bug?
Update - even factory reset won't work
OK so I kept playing with it, demoving databases in the com.androis.providers.telephony directory etc. And all did a cache clearance. Ultimately I moved too many things around at once and it hosed the operating system somehow. May have been a bad unroot...
Anyway I did a factory reset. And then a restore using the backup I had made with Kies. Before I did the restore the carrier name was displaying properly for once! So I thought yay, despite the annoyance of the reset at least I solve the problem. No luck again... After the restore it reverted to saying "Virgin".
So I thought I better try to do it without the full restore but only a partial restore. So I factory reset again, and then did a restore on just contacts, messages, email etc. Nothing with settings. Damned "Virgin" still came back after a bit!
So I am thinking something wrong with the i8150 system that Samsung created. I noticed that when I did reset in the set up process I got a settings question asked with the title "SIM services" and the options of either "T-Mobile" or "Virgin". Naturally I selected T-Mobile since I have a T-Mobile SIM. I can only guess that somehow that setting selection failed to be programmed properly and that the phone defaults back to "Virgin". Must be that the handset was destined for both North American or British markets and that the system set up was just not done right. Unless I am jump;ing to wrong conclusions.
Hi to all! Today I have again the operator wrong name (after being in roaming). But I must say that now I have no more GB, but JB 4.1.2 NeatRom light 4.3 (on my SGII) and the trick to delete the /data/data/com.android.providers.telephony/optable.db and reboot for me work also in JB. I'm very disappointed that old bugs from GB is also present in JB :crying:
BTW: is there some trick to set the roaming operator priority, if I want to instruct the phone to use the roaming operator XY if possible?

Storage Space Running Out

So this is the sixth time (two per ROM) that I'm getting this error of space running out. I have plenty left but something is messing up, I cleared all of the data needed, did everything that I was suppose to.
Image not attaching
Backup needed data, use rom/kernel cleaning scripts and format internal and external cards then re-flash rom.
Can you give me a link to one/some? Searching isn't doing me any good.
Be creative.
Sent from the little guy
N/A
http://www.google.com/search?q=xda+i9100+nuke+script
Sent from my digital submersible hovercraft.
SGS2 "Storage space running out" - Quick fux
Hello,
Seems like others are getting this error, easiest fix is to root, then uuse a file manager with root access and go to the internal storage folder and find the "log" folder.
Most files with be 0kb in size, but for some reason the latest ones are several MB in size. Delete these and reboot, job done. Then monitor for new logs.
James
Here's what fixed it for me (CM10.1 / N7000)
http://forum.xda-developers.com/showpost.php?p=41455900&postcount=19
cya
R
lost+found !
I had the very same issue with CM 10.1.3 on my i9100.
Thanks to this thread I went to /data/logs. It was empty.
I then had the idea to run a
du -d 1
command in /data and I found out that "lost+found" was filled with files.
Here are examples:
-rw-r--r-- system u0_a63 3715968 2013-11-11 12:12 #57570
-rw-rw---- u0_a221 u0_a221 975 2013-11-24 23:55 #57572
-rw-r--r-- system u0_a236 8496 2013-08-08 12:06 #57573
-rw-r--r-- system u0_a237 41408 2013-08-08 12:06 #57574
-rw-r--r-- system u0_a151 1136664 2013-10-06 17:34 #57575
...
-rw-r--r-- radio radio 1204558 2013-11-29 09:13 #74065
-rw-r--r-- radio radio 1204558 2013-11-29 09:15 #74067
-rw-r--r-- radio radio 1204558 2013-11-29 09:16 #74068
-rw-r--r-- radio radio 1204558 2013-11-29 09:17 #74069
-rw-r--r-- radio radio 1204559 2013-11-29 09:19 #74070
What is strange is that I formatted the /data partition, ran e2fsck -fvy on it while in recovery (it actually found a lot of issues), wiped the partition again and the lost+found folder was still not empty.
Anyway, I recovered more than 1.3MB in my 1.97GB /data partition, I can now envisage the future more serenely
I had the issue again and now it was the /data/log directory that was filled with files from "radio".
I am going to create a userinit.sh script to remove these files at boot-up...
I also found an app that is made to clear the log files if they are too many/take too much storage:
https://play.google.com/store/apps/details?id=com.liamw.root.logeraser

Cannot connect to PC, internal storage unavailable, SD card damaged

Device: Arnova Gbook (ereader)
OS: Android 4.0.3
Kernel version: Linux 3.0.8
I was using my tablet at an airport and everything was fine before I shutoff my phone for the flight to take off. I turned it back on once the plane reached cruising altitude. I got an indicator that my SD card was damaged, which makes no absolutely no sense. also, my apps disappeared...
Problems are:
-When I connect to PC, tapping "Turn on USB storage" nothing happens, only the lile circle indicates that it is doing something but it does nothing...
-Settings>Storage: "Unfortunately, Settings has stopped."
next to the clock it says "Damaged SD card. SD card damaged, you may have to reformat it." There is not SD card in the slot, but it still says this.
-Cannot push an SD card into the slot: It doesnt stay there even if i push it to the maximum inside. No "click sound" either.
-Cant do anything only using the internet, internal storage is not reachable in any way thus i cant install newer rom too.
Did a factory reset (Settings>factory reset) but couldnt help, still the same... I beg you guyz for your help!
Anyone?
up
...having the Same Problem
dyingsoulwow said:
up
Click to expand...
Click to collapse
So it looks like I'm having the same problem with the same gear. I tried several cures to no avail.
But First the Tech Specs of my Arnova GBook:
Manufactor: VIMICRO
Model: ANGB
CPU: ARMv 7 rev 2 (v7l)
Memory: RAM 337, ROM 0.91, SDCard 0 MB (at the Moment more to that later)
Android: 4.0.3
BuildID: generic_vortex-userdebug 4.0.3 IML74K 1.0 test-keys
Linux Version: 3.0.8-vimicro([email protected]) (gcc Version 4.4.3)
I copied some files to the mounted exSDCard (4gb noname) when my tablet suddenly died and the only way to reanimate it was by factory resetting it.
The Problem istself seems to relate to the inability to mount a Nonformated SDCard that i can not format because it is not proberly mounted.
I have no clue how to root the tablet. I tried a set of instruction from a french website, but since i don't speak french i'm not sure if the google translator gave me the right directions.
I tried to mount it the SDCard via terminal. Format it connecting the gbook to an ubuntu box and a lot of system tools available via googles play store.
USB connection shows the drives but I'm not abel to mount or list the contents of it. In general the System is booting up and i am able to install apps from Google Play. Since i can't mount any external devices i am not abel to transfer files via other means because the gbook wants to copy them to the interna SDCard (wich is not available ).
I am looking for any possible solution. If there is an alternate Frimware i will try it.
Thanks in advance for any offered Help!
Lanman99
Still trying...
Any solution i found using Google, Bing and DuckDuckGo seems to require Root Access. Has somebody successfully rooted an Arnova GBook?
Or is there really no possibel solution for a dummy user to fix this problem. It seems to boil down that i cannot mount device mmcblk0 to sdcard because "access denied".
Did anybody face a similar problem and fixed it without root?
Tried several SDCard tools to no avail...
ES File Explorer is showing me that everthing i need is there but still, every try to mount the internal storage is leading to permission denied. I'm stating to love Android
Well if there is no root, is it possible to write a shell script to revive the internal SDCard and run that with elevated rights?
ES File manager is showing the directory entry with 0 MB. Since i am a novice in Android Systems i am just not sure if that means anything.
Maybe i'm wasting my time on a piece of chinaware but this nut i still too tempting to ignore. It's just that with my limited Linux knowlegde it seems that mounting a device and formating it afterward sounds not to troublsome or am i completely lost. After asking Google, bing and some other SEs it is not that uncommon but none of the cures i found worked for my GBook.
What am i missing?
Stil no answer from Arnova on my request for a stockrom Download. Somebody got an Idea where elsee i could find a ROM image for an Arnove GBook or does anybody know if there is an alternative Firmware available?
I was able to connect to my Device via ADB
mount is delivering the following:
rootfs on / type rootfs (ro,relatime)
tmpfs on /dev type tmpfs (rw,nosuid,relatime,mode=755)
devpts on /dev/pts type devpts (rw,relatime,mode=600)
proc on /proc type proc (rw,relatime)
sysfs on /sys type sysfs (rw,relatime)
tmpfs on /mnt/asec type tmpfs (rw,relatime,mode=755,gid=1000)
tmpfs on /mnt/obb type tmpfs (rw,relatime,mode=755,gid=1000)
ubi0_0 on /system type ubifs (ro,noatime,no_chk_data_crc,compr=lzo)
ubi1_0 on /data type ubifs (rw,nosuid,nodev,noatime,bulk_read,no_chk_data_crc,compr=lzo)
ubi2_0 on /cache type ubifs (rw,nosuid,nodev,noatime,bulk_read,no_chk_data_crc,compr=lzo)
none on /proc/bus/usb type usbfs (rw,relatime,devmode=666)
The list under /dev/block/vold has three entries:
179:0 179:1 and 7:0
Cat /proc/partitions delivers:
31 0 10240 mtdblock0
31 1 12288 mtdblock1
31 2 120832 mtdblock2
31 3 45056 mtdblock3
31 4 524288 mtdblock4
31 5 1048576 mtdblock5
31 6 262144 mtdblock6
31 7 2169856 mtdblock7
179 0 3909632 mmcblk0
179 1 3905536 mmcblk0p1
Please I am a complete Android Noob. Is there somebody able to guide me to a Point where i can start to patch all this together.
I am able to find pieces here, but i'm not getting the broad picture.
Next try...
using Root Many by Bin4ry http://forum.xda-developers.com/showthread.php?t=1886460 to get into my device I got following results:
======================================================================
= This script will root your Android phone with adb restore function =
= Script by Bin4ry (thanks to Goroh_kun and tkymgr for the idea) =
= Idea for Tablet S from Fi01_IS01 =
= (20.04.2013) v29 =
======================================================================
Device type:
1) Normal
2) Special (for example: Sony Tablet S, Medion Lifetab)
3) New Xperia Root by Goroh_kun (Xperia Z, Xperia V [JellyBean] ...)
x) Unroot
Make a choice: 1
Checking if i should run in Normal Mode or special Sony Mode
Please connect your device with USB-Debugging enabled now
Waiting for device to shop up, if nothing happens please check if Windows ADB-dr
ivers are installed correctly!
remote object '/system/app/Backup-Restore.apk' does not exist
remote object '/system/bin/ric' does not exist
.
.
Above file not found warning ARE NOT ERRORS, it is intended to be this way!
Normal Mode enabled!
.
Pushing busybox....
2207 KB/s (1085140 bytes in 0.480s)
Pushing su binary ....
2185 KB/s (380532 bytes in 0.170s)
Pushing Superuser app
2309 KB/s (1468798 bytes in 0.621s)
Making busybox runable ...
.
Now unlock your device and confirm the restore operation.
Please look at your device and click RESTORE!
If all is successful i will tell you, if not this shell will run forever.
Running ...
Successful, going to reboot your device in 10 seconds!
Waiting for device to show up again....
After reboot the gbook is throwing "unfortunately UI has stopped" and "unfortunately settings has stopped". Nothing works until i factory reset it again (at least something i am growing really good at) and I'm back to square one.
Other means of editing files within the system via ADB are only leading to access denied or system is in read only mode.
Any other ideas?
By using Archtablet.com's method: "http://www.arctablet.com/blog/forum/firmware-development/dumping-firmware-on-arnova-g2-arnova-g3-and-other-rockchip-based-tablets/" i tried to get an Firmwareimage. They tried to Help me out but again disaster struck. Ubuntu 13.04 with usblib installed failed to even recognize the GBook. Trying it with Windows and adb i need (what a surprise) root rights.
So next question is: Is there any general way to read out a tablet firmware without rooting or is it always up to the vendor to just screw things to their Liking ?
I know i should quit this beast, but stubborn as ever i keep banging my head against the wall .
Lanman99

S.onyXT.S v1.0 [UNBRICKER] - Xperia Tab S auto unbricker/flasher!

Hi
I've finished fully automatic unbricker for Sony Xperia Tablet S!
Code:
It wouldn't be possible without xda users, xda community, especially:
deltaztek [SD source],
jappaj [shell access],
NerdiX [beta tester],
and all other users, who helped to get it working!
Source thread where manual solution has been discovered.
Ladies & Gentlemen...
S.onyXT.S [UNBRICKER] !
[What is this?]
S.onyXT.S [UNBRICKER] will unbrick your device firmware,
no need any shell/linux knowledge - step by step, everything automatic.
It will automatically download needed data.
Unbrick process includes:
downloading "magic SD" prepared image (237mb),
downloading proper update data,
decrypting, extracting update data,
auto making "magic SD" - no need win32imager etc.,
uploading update data to device,
at last - unbricking device - flashing system/hidden partitions.
[Requirements]:
- internet connection to download data ,
- adb drivers correctly installed,
- min. 2GB SD card.
[Changelog]:
Code:
[09.02.2014] v1.0:
- initial version.
[To-Do]:
Code:
- datapp flashing - vendor apps fix,
[Screenshots:]
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
[Download]:
Attached to this thread.
[Donate]:
Keep this project alive - don't forget to donate!
br
condi
current_version=1.0
LEGEND ONCE AGAIN....
If only we had something for out older Tabs
Oh well none the less one more step in the right direction
stifilz said:
LEGEND ONCE AGAIN....
If only we had something for out older Tabs
Oh well none the less one more step in the right direction
Click to expand...
Click to collapse
@condi i have a problem and a question....first the question...why when i type the letter in upper case the tools reboot? and when i type il lower case it say unity doesn't specified....but it continue ....how i must put the letter in up or lowercase? and i'm waiting the cold-booting write but it doesn't appear how much it will take?
masterchif92 said:
@condi i have a problem and a question....first the question...why when i type the letter in upper case the tools reboot? and when i type il lower case it say unity doesn't specified....but it continue ....how i must put the letter in up or lowercase? and i'm waiting the cold-booting write but it doesn't appear how much it will take?
Click to expand...
Click to collapse
hi masterchif,
you type drive letter only? or with ":" ?
br
condi
condi said:
hi masterchif,
you type drive letter only? or with ":" ?
br
condi
Click to expand...
Click to collapse
Only che letter in lowercase ....is important if it is in lower or upper? My tablet is brick I think is stopped in Sony logo....u can help me ? I bricked it while trying to install jb from tool flasher but something went wrong
Inviato dal mio Nexus 5 utilizzando Tapatalk
masterchif92 said:
Only che letter in lowercase ....is important if it is in lower or upper? My tablet is brick I think is stopped in Sony logo....u can help me ? I bricked it while trying to install jb from tool flasher but something went wrong
Inviato dal mio Nexus 5 utilizzando Tapatalk
Click to expand...
Click to collapse
I've just tried - it worked well. No matter if its uppercase or lowercase - it worked well for me.
What windows version you have?
The only problem occured, when I had opened windows explorer, with sd card opened,
or even with my computer - sd card volume became busy, and unbricker couldn't write.
But to get it work - you have only to close all explorer windows.
Could you make screenshot of the issue?
It write on SD but the problem is when I wait for cold boot....I'll wait 1 hrs and it doesn't appear..... My PC says unknown device and the tablet with the SD on stop on Sony logo no cold-booting write
Inviato dal mio Nexus 5 utilizzando Tapatalk
masterchif92 said:
It write on SD but the problem is when I wait for cold boot....I'll wait 1 hrs and it doesn't appear..... My PC says unknown device and the tablet with the SD on stop on Sony logo no cold-booting write
Inviato dal mio Nexus 5 utilizzando Tapatalk
Click to expand...
Click to collapse
Wait wait, what tablet model/version exactly you have?
WiFi tablet s , abile tryng ti install JB i got an error and when it reboot it stays on Sony logo then I try your tools only recovery mode
Inviato dal mio Nexus 5 utilizzando Tapatalk
masterchif92 said:
WiFi tablet s , abile tryng ti install JB i got an error and when it reboot it stays on Sony logo then I try your tools only recovery mode
Inviato dal mio Nexus 5 utilizzando Tapatalk
Click to expand...
Click to collapse
I'm sorry but solution is ONLY for 2nd tab gen - XPERIA TABLET S!
br
condi
O....sorry....but u can help me? I have problem with checking region ...I download 001 version that is mine but gives me always SKU error
Inviato dal mio Nexus 5 utilizzando Tapatalk
masterchif92 said:
O....sorry....but u can help me? I have problem with checking region ...I download 001 version that is mine but gives me always SKU error
Inviato dal mio Nexus 5 utilizzando Tapatalk
Click to expand...
Click to collapse
You have softed bricked your device by trying to install jb to your device
Reading is your friend google even more so
This recovery is for the xperia tab s not for the first sony tab s
By trying to install a firmware that does not fit your device nor has it ever
Next time try reading a little bit about the tools you are about to use on your device and what is needed
The sku error is because the device thinks the firmware your trying to flash is the same as the one previous an a conflict arises
So far there is no known recovery from this other than an offical sony repair centre
xperia m c1905 stock rooted lb
and sony XTS rooted stock j.b thanks djrbliss
dex9mm said:
You have softed bricked your device by trying to install jb to your device
Reading is your friend google even more so
This recovery is for the xperia tab s not for the first sony tab s
By trying to install a firmware that does not fit your device nor has it ever
Next time try reading a little bit about the tools you are about to use on your device and what is needed
The sku error is because the device thinks the firmware your trying to flash is the same as the one previous an a conflict arises
So far there is no known recovery from this other than an offical sony repair centre
xperia m c1905 stock rooted lb
and sony XTS rooted stock j.b thanks djrbliss
Click to expand...
Click to collapse
I see it now.....very disappointed with Sony.... I'll never buy a Sony tablet or smartphone !!! Now I try two more firmware but if I flashed the xperia tablet s in a tablet s I don't think that I can recover it right ?
Inviato dal mio Nexus 5 utilizzando Tapatalk
condi said:
Hi
I've finished fully automatic unbricker for Sony Xperia Tablet S!
[To-Do]:
Code:
- datapp flashing - vendor apps fix,
br
condi
current_version=1.0
Click to expand...
Click to collapse
hello friend
I saw that you removed the datapp lines in the script
as I wrote in the other topic, links to vendor directory are for a specific country
Sony factory script at first startup wants to choose country then obviously resets symlinks for specific directory.
Now my IR works with Panasonic and other tv... ir database seems well
I must clarify that after the manual procedure in dd mmcblk0p3(and 4), the tablet is not updating correctly in recovery. He wrote in mmcblk0p3 and mmcblk0p9 (vendor0 only), then check passed correctly.
Whether updating with jbr1 or jbr2 file is getting the same result, booted the system1 from mmcblk0p4 with jbr1 (not r2), i.e. not been updated, and sonys app not worked.
I had to dd if=/dev/block/mmcblk0p3(updated thru recovery) of=/dev/block/mmcblk0p4 to be the same, read the post of @jappaj to fix datapp symlinks, then the update went correctly thru recovery from jbr1 to jbr2
EDIT: maybe /data partition (/dev/block/mmcblk0p11) must be formated (factory reset) to triger sony's script to ask for country and autoset correct symlinks
I am waiting for tablet P unbricker release.
i beg you for same tool, but for tablet S !!))
im getting invalid drive specification
what does that mean
this dd.exe did not work as expecded. same problem on my win7 laptop
I have mostly rewritten the script for bash / linux shell
IT WORKED
THANKS @condi
PS: why not trying to use the SD-image to flash KitKat?
i mean, you can pull all mmc images and flash all mmc images via dd, why not writing a custom rom this way? the only problem is the kernel.
mounts of /dev/block/*
mmcblk0p1 -> /configs
-r--r--r-- 1 root root 64 Jan 1 2000 06590E37F8A647D989345317AAFF6A6C
-r--r--r-- 1 root root 242 Jan 1 2000 31850B1B-0DAB-42ce-A498-A73479B7B3EB
-r--r--r-- 1 root root 878 Jan 1 2000 calibration_rear.bin
-r--r--r-- 1 root root 63104 Jan 1 2000 CFBSMXHMUAF48EXTDTCSOH4BXXDDRBFG
-r--r--r-- 1 root root 132 Jan 1 2000 local.prop​mmcblk0p2 -> /params
-rw------- 1 root root 2 Jan 30 14:43 activate_done
lrwxrwxrwx 1 root root 57 Jan 30 14:43 countries.lst -> /datapp/vendor/vendor0/regioncodelist/SKU002000172608.lst
drwx------ 2 root root 4096 Jan 1 1970 lost+found
-rw-r--r-- 1 root root 33 Jan 30 14:43 region_checksum.txt
-rw-r--r-- 1 root root 9706 Jan 30 14:43 region.zip
-rw-rw-rw- 1 root root 2 Jan 30 14:43 selected_country​mmcblk0p3 -> /system
mmcblk0p4 -> /system (copy)
mmcblk0p5 -> /cache
(ls /cache/recovery)
-rw-r--r-- 1 root root 45 Jan 1 2000 last_install
-rw-r----- 1 root root 22626 Jan 1 2000 last_log
-rw------- 1 stth stth 18769 Jan 1 2000 log​mmcblk0p6 -> not mounted (2MB, file system?, image not mountable as loop device)
mmcblk0p7 -> not mounted (64MB, file system?, image not mountable as loop device)
mmcblk0p8 -> not mounted (2MB, file system?, image not mountable as loop device)
mmcblk0p9 -> /datapp (vendor)
mmcblk0p10 -> /log
-rw-r--r-- 1 root root 18652 Jan 1 2000 recovery_abort.log​mmcblk0p11 -> /data
judging the size of the unknown partitions, mmcblk0p7 could contain the kernel. probably we just have to find the file system on this partition. i guess, sony just skips a part or descrambles the partition while it shows the sony logo (which is always displayed, no matter if you boot into recovery, or the system) also, the hidden.img is flashed there... so... how to get it out?
what are the files in /configs? maybe keys or executables to decrypt the kernel?
does anybody have a log of a successful update in the logs (see mount list above)? is there any information about an updated kernel?
to get the mmc-images, just create the unbricker sd card (it does not break anything if you stop the script after the sd is written)
execute adb shell "/system/xbin/pwn"
then adb pull /dev/block/mmcblk*
on linux, you can mount them with
mount -o loop <image> <mountpoint>
some require root to view files
if anything is broken, we should be able to reflash all mmcblk-images which of couse should be backed up in advance
€:
today i scanned the sd image and the hidden.img seems, that the tablet would boot any kernel that is at position 0x00000400 on a sd card.
you may copy any image from OTA update.zip to that position and it should load it.
$ dd if=unbrick.img of=/dev/sdXXX
$ dd if=hidden.img of=/dev/sdXXX bs=512 seek=2
i tried the kernel from a tablet s on the xts and settings/about/kernel told me it worked!!
sadly, the data in hidden.img looks similiar to kernels of other SE devices, but is somehow scrambled
stth said:
IT WORKED
THANKS @condi
PS: why not trying to use the SD-image to flash KitKat?
i mean, you can pull all mmc images and flash all mmc images via dd, why not writing a custom rom this way? the only problem is the kernel.
mounts of /dev/block/*
mmcblk0p1 -> /configs
-r--r--r-- 1 root root 64 Jan 1 2000 06590E37F8A647D989345317AAFF6A6C
-r--r--r-- 1 root root 242 Jan 1 2000 31850B1B-0DAB-42ce-A498-A73479B7B3EB
-r--r--r-- 1 root root 878 Jan 1 2000 calibration_rear.bin
-r--r--r-- 1 root root 63104 Jan 1 2000 CFBSMXHMUAF48EXTDTCSOH4BXXDDRBFG
-r--r--r-- 1 root root 132 Jan 1 2000 local.prop​mmcblk0p2 -> /params
-rw------- 1 root root 2 Jan 30 14:43 activate_done
lrwxrwxrwx 1 root root 57 Jan 30 14:43 countries.lst -> /datapp/vendor/vendor0/regioncodelist/SKU002000172608.lst
drwx------ 2 root root 4096 Jan 1 1970 lost+found
-rw-r--r-- 1 root root 33 Jan 30 14:43 region_checksum.txt
-rw-r--r-- 1 root root 9706 Jan 30 14:43 region.zip
-rw-rw-rw- 1 root root 2 Jan 30 14:43 selected_country​mmcblk0p3 -> /system
mmcblk0p4 -> /system (copy)
mmcblk0p5 -> /cache
(ls /cache/recovery)
-rw-r--r-- 1 root root 45 Jan 1 2000 last_install
-rw-r----- 1 root root 22626 Jan 1 2000 last_log
-rw------- 1 stth stth 18769 Jan 1 2000 log​mmcblk0p6 -> not mounted (2MB, file system?, image not mountable as loop device)
mmcblk0p7 -> not mounted (64MB, file system?, image not mountable as loop device)
mmcblk0p8 -> not mounted (2MB, file system?, image not mountable as loop device)
mmcblk0p9 -> /datapp (vendor)
mmcblk0p10 -> /log
-rw-r--r-- 1 root root 18652 Jan 1 2000 recovery_abort.log​mmcblk0p11 -> /data
judging the size of the unknown partitions, mmcblk0p7 could contain the kernel. probably we just have to find the file system on this partition. i guess, sony just skips a part or descrambles the partition while it shows the sony logo (which is always displayed, no matter if you boot into recovery, or the system) also, the hidden.img is flashed there... so... how to get it out?
what are the files in /configs? maybe keys or executables to decrypt the kernel?
does anybody have a log of a successful update in the logs (see mount list above)? is there any information about an updated kernel?
to get the mmc-images, just create the unbricker sd card (it does not break anything if you stop the script after the sd is written)
execute adb shell "/system/xbin/pwn"
then adb pull /dev/block/mmcblk*
on linux, you can mount them with
mount -o loop <image> <mountpoint>
some require root to view files
if anything is broken, we should be able to reflash all mmcblk-images which of couse should be backed up in advance
€:
today i scanned the sd image and the hidden.img seems, that the tablet would boot any kernel that is at position 0x00000400 on a sd card.
you may copy any image from OTA update.zip to that position and it should load it.
$ dd if=unbrick.img of=/dev/sdXXX
$ dd if=hidden.img of=/dev/sdXXX bs=512 seek=2
i tried the kernel from a tablet s on the xts and settings/about/kernel told me it worked!!
sadly, the data in hidden.img looks similiar to kernels of other SE devices, but is somehow scrambled
Click to expand...
Click to collapse
That is just some great work. Were the kernel different? But anyway it could be secure for bootloader check if there is any. Cause it is a tablet s kernel. I have a kernel which have kexec built in for tablet s. I can give it to you for testing if you want. And if you wanna join our hangout, just pm me
Sent from my Sony Tablet S using Tapatalk

Categories

Resources