I unlock the bootloader of mdz-16-ab by disassembling uboot and write the cracked instructions back to the box using 'mw' command in uboot.
I've only cracked r454 firmware virsion(android 6.0). And I'm looking for someone who have a UART cable to do more tests on this work. My final purpose is to crack the final firmware release (android pie).
Though my work, I can decrypt the boot image and recovery image and boot decrypted images.
If you want to boot any image: mw 77eff124 14000007
If you want to decrypt the boot image and copy it out from RAM: mw 77eff120 d280ccc0; mw 77eff124 aa0003f4
(this is different for different firmware versions, this one is for r454)
You can add 'mw 77eff124 14000007' to the beginning of uboot env 'preboot' and 'saveenv' to autocrack during boot. After that, you can replace the encrypted boot images with decrypted boot images and use twrp and magisk.
If you have upgraded to oreo or pie, don't worry. I need you to do some tests too. I will soon crack these new versions.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
i flash r454 firmware (once r454 update.zip) into my mdz19aa, cant power on, only show MI.
intel_outside said:
I unlock the bootloader of mdz-16-ab by disassembling uboot and write the cracked instructions back to the box using 'mw' command in uboot.
I've only cracked r454 firmware virsion(android 6.0). And I'm looking for someone who have a UART cable to do more tests on this work. My final purpose is to crack the final firmware release (android pie).
Though my work, I can decrypt the boot image and recovery image and boot decrypted images.
If you want to boot any image: mw 77eff124 14000007
If you want to decrypt the boot image and copy it out from RAM: mw 77eff120 d280ccc0; mw 77eff124 aa0003f4
(this is different for different firmware versions, this one is for r454)
You can add 'mw 77eff124 14000007' to the beginning of uboot env 'preboot' and 'saveenv' to autocrack during boot. After that, you can replace the encrypted boot images with decrypted boot images and use twrp and magisk.
If you have upgraded to oreo or pie, don't worry. I need you to do some tests too. I will soon crack these new versions.
Click to expand...
Click to collapse
Could you please make a guide that how to found the address(77eff124) ? Thank you.
Related
After managing to unlock via fake cid, installing twrp recovery, my attempt to install nj's Kangbang rom failed (something like com.android.core errors) Attempted Rancun Soff, made it partially through but my command window repeatedly froze at step where original RUU is installed.. (using win vista 32 bit) ..
Been going mad trying to fix this, and now can only gt to the bootloader screen- fastboot works, but get errors trying to flash any image- same with any attmpt to artificially place PJ53Img.zip (recovery, RUU, rom...) or any other file on external sd, then booting.
Essentially stuck with this screen (or Fastboot)....
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
soccerfocus05 said:
After managing to unlock via fake cid, installing twrp recovery, my attempt to install nj's Kangbang rom failed (something like com.android.core errors) Attempted Rancun Soff, made it partially through but my command window repeatedly froze at step where original RUU is installed.. (using win vista 32 bit) ..
Been going mad trying to fix this, and now can only gt to the bootloader screen- fastboot works, but get errors trying to flash any image- same with any attmpt to artificially place PJ53Img.zip (recovery, RUU, rom...) or any other file on external sd, then booting.
Essentially stuck with this screen (or Fastboot)....
Click to expand...
Click to collapse
ukb is based off the old software, therefore you have to flash the boot.img of the old software via adb.nits has both te new and old boot images posted here somewhere.
unfortunately, at the moment i am unable to successfully flash anything via fastboot...no twrp, no stock recovery...
You said in the OP that you unlocked your bootloader. You'll need to re-lock if before the RUU will successfully install.
sorry, thought i posted this screenshot earlier- i am relocked but this is the only gui i can access
I know this seems obvious, but are you getting the stock image files from here: http://forum.xda-developers.com/showthread.php?t=1770978 ?
I was really dumb and wanted to unroot so i decided to flash a stock_recovery.img to my Huawei LYO-L01. When prompted where to i selected boot without looking it up first :crying: Now when i open my phone i get a black screen that says
Android system recovery <3e>
LYO-L21C479B102
Reboot system now
apply update from ADB etc. etc.
I can still boot into TWRP and have a folder with some recovery files from when i rooted my phone.
How can i get my phone back into a bootable state?
EDIT: I imagine i can just get a fresh boot img form extracting this update.app i see everyone taking about but i dont know where to get an update.app. Can someone point me towards a download?
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Nafekop said:
I was really dumb and wanted to unroot so i decided to flash a stock_recovery.img to my Huawei LYO-L01. When prompted where to i selected boot without looking it up first :crying: Now when i open my phone i get a black screen that says
Android system recovery <3e>
LYO-L21C479B102
Reboot system now
apply update from ADB etc. etc.
I can still boot into TWRP and have a folder with some recovery files from when i rooted my phone.
How can i get my phone back into a bootable state?
EDIT: I imagine i can just get a fresh boot img form extracting this update.app i see everyone taking about but i dont know where to get an update.app. Can someone point me towards a download?
Click to expand...
Click to collapse
Well if you can boot into Twrp you just soft bricked your device so that should be easy to fix.
What you can do is: Restore an Backup of Stock Rom if you have one.
Or restore stock rom via an update.app file made for your device. (Something like this: https://boycracked.com/2017/06/15/official-huawei-honor-5a-lyo-l01-stock-rom-firmware/ )
Next time root with Magisk, is much better, is systemless and you can hide root from other apps easily and has a lot of usefull features.
I hope this helped you.
If it did, the thanks button works well
Magisk patched boot image for Android 12 firmware 58.2.A.2.90
Works on my XQ-AS72 without bootloop
Download
Google Drive
PREVIEW
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Usage
A fresh installation is recommended.
After you flash the stock 58.2.A.2.90, turn off your device then press and hold volume+ button while connecting to USB to enable the fastboot mode.
Open fastboot and type command below
Code:
fastboot flash boot_a magisk_patched_boot-58.2.A.2.90.img
fastboot flash boot_b magisk_patched_boot-58.2.A.2.90.img
then reboot and initialize your device.
For those who miss MagiskHide and Modules-Repo in old version DO NOT update magisk to 24.0+ after install
I put 1II XQ-AT52_Customized TW_58.2.A.2.90-R2C as you instructed
It also works, thanks!
I'm glad the root was successful, but the wireless charging will be lost!
奶茶G said:
I put 1II XQ-AT52_Customized TW_58.2.A.2.90-R2C as you instructed
It also works, thanks!
I'm glad the root was successful, but the wireless charging will be lost!
Click to expand...
Click to collapse
The 5II does not include wireless charging hardware. If you can provide the kernel from 1II firmware, it should look like boot_********.sin so that we can repack it.
Works on my XQ-AT51 (Sony Xperia 1 MKII) with Android 12 ( 58.2.A.7.55)
Thanks!
Works on my Xepria 5 II with 58.2.A.7.55 too. Thank you.
# Edit after further using
Seems like it breaks the wifi hotspot functionality. It can startup a wifi hotspot, but other devices cant connect to that wifi.
Hi I'm new here, is unlock bootloader necessary for this? Thanks for your reply
So i'm trying to boot my Xperia 1 II with XQ-AT51_Customized US_58.2.A.7.93-R3C which is its latest firmware. I managed to finally get it to not bootloop with this file but magisk is showing as N/A for root. Here is the .sin like you asked for. I cannot get magisk to generate a bootable boot image and was wondering what you were doing to get yours to boot.
boot_X-FLASH-ALL-2389.sin
While researching about Run-length-encoding (RLE) and modifying the source code of the splash image tool for the OnePlus 6 series to be compatible with 8 series (which was starting to look promising), I ended up stumbling upon this GitHub repository for a tool that already accomplishes the unpacking and repacking process of logo.img for various OPlus (Oppo + OnePlus = OPlus) devices.
This has been tested on both OOS12 and OOS13 firmware. Compatibility with older versions of the logo.img from previous OOS versions (OOS11 and below) is unknown at the time of writing this.
Usage
Unpack oplus splash image:
./opsplash unpack -i orig-logo.img -o pic
Editing:
You'll want to make your edits to the output file named "boot". I noticed that if "boot" exceeds the default size it will not show up during power on and will instead display a black screen. It is advised to keep the bitmap file the same size or less to work properly.
Repack oplus splash image:
./opsplash repack -i orig-logo.img -o new-logo.img
Only read image info:
./opsplash readinfo -i orig-logo.img
Flashing
This will need to be done in fastbootd rather than fastboot (bootloader), since regular fastboot (bootloader) prevents flashing critical partitions.
Original logo:
fastboot flash --slot=all logo orig-logo.img
New logo:
fastboot flash --slot=all logo new-logo.img
Side note:
I seem to have found some rather unusual images in the logo.img for instantnoodlep. You'll just have to unpack it and see for yourself -_-
Reserved
made this one, looks good. logo.img in attachment, plus original bmp, remove the *.pdf extension (xda impose upload rules)
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
why do i keep getting this error my stock boot.bmp is 7.41 MB
the one i want to replace is 6.67 mb
but i keep running to this error
whould you know why?
halloweenm925 said:
why do i keep getting this error my stock boot.bmp is 7.41 MB
the one i want to replace is 6.67 mb
but i keep running to this error
whould you know why?
Click to expand...
Click to collapse
Your bmp file does not pass checks:
1. You bmp file header is doesn't equal to 0x36.
2. BMP file itself seems to be wrong or corrypted.
Also try to rename it to contain no spaces in filename.
Requirements !!!SCRIPT WILL WIPE DATA!!!
Backup your data 'script will wipe data'
GN2200 Nord N20 Phone
Should be on by stock (Active Slot A)
Unlocked Bootloader
Windows PC
Latest ADB & Fastboot drivers
Instructions
Download & Extract restore Script zip
Open Extracted zip folder
Open #N20 100% Stock unbrick (GN2200 ONLY).bat file
Connect phone to PC via fastboot
Hit "Y" on keyboard once your ready to start
Once script turns GREEN an says COMPLETED reboot to system
ENJOY
TESTED ON 2 GN2200 N20's both successful
"""NOT FOR CPH2459 """
Download Link
N20 Stock ROM Unbrick tool zip (GN2200 C.11 A12 ONLY)
Download size ( 7.5gb )
Extracted size ( 10.5 )
GN2200 UNBRICK SCRIPT
GN2200 UNBRICK SCRIPT replacement bat. Place this in extracted unbrick script folder an overwrite the original bat
i have a rewritten all-in-one script for gn2200. With a lot my features. Doing final touches.
some guy on "gn2200 telegram" is trying to steal my work. An banned me
XDA= (spatz1987) which is banned already
Telegram= ( @bABySky2 )
an doing a poll to steal my work
I'm am sorry mods but needs to be known
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
[email protected] telegram
STOLE MY ALL IN ONE SCRIPT
CODE.!!!!!!
!!!!!DO NOT USE WILL BRICK DEVICE!!!!
Awesome!! Thanks man!!!... Any way to make this to work with edl? Lol Screen won't turn on at all, I'm hoping I can connect to edl..
abovethegov said:
Awesome!! Thanks man!!!... Any way to make this to work with edl? Lol Screen won't turn on at all, I'm hoping I can connect to edl..
Click to expand...
Click to collapse
I have a rewritten one also but no edl