i have a pixel 6 verizon and need to downgrade the firmware to android 13 october 2022. The only way to do that is via OTA image flash but whenever i try it does not flash since it cannot downgrade bootloader. the phone cannot be oem unlocked. my only chance is to edit/remove boot.img and/or modify the script to prevent the bootloader flash. i've found payload file dumpers but only to extract the images within. is there any way to do this? i know it can be don for the full system images rather easy.
ronclone said:
i have a pixel 6 verizon and need to downgrade the firmware to android 13 october 2022. The only way to do that is via OTA image flash but whenever i try it does not flash since it cannot downgrade bootloader. the phone cannot be oem unlocked. my only chance is to edit/remove boot.img and/or modify the script to prevent the bootloader flash. i've found payload file dumpers but only to extract the images within. is there any way to do this? i know it can be don for the full system images rather easy.
Click to expand...
Click to collapse
are you looking for a way to edit the extracted images?
If so I think you might be able to edit the extracted boot images with a text editor although not sure how reliable my information is for that
catcatjpg said:
are you looking for a way to edit the extracted images?
If so I think you might be able to edit the extracted boot images with a text editor although not sure how reliable my information is for that
Click to expand...
Click to collapse
yes, i would like to edit the image to skip flashing the bootloader. however, OTA images are different than full factory images. they do not have an easy way to modify a "flash-all.bat" file or equivalent. therefore my question, i would like to know if something like this is posible at all.
ronclone said:
i have a pixel 6 verizon and need to downgrade the firmware to android 13 october 2022. The only way to do that is via OTA image flash but whenever i try it does not flash since it cannot downgrade bootloader. the phone cannot be oem unlocked. my only chance is to edit/remove boot.img and/or modify the script to prevent the bootloader flash. i've found payload file dumpers but only to extract the images within. is there any way to do this? i know it can be don for the full system images rather easy.
Click to expand...
Click to collapse
The bootloader has to be unlocked to manually flash a factory image or OTA. Since you have a Verizon device you cannot unlock your bootloader, so attempting to flash any image of any kind will fail. Worse, even if you did have an unlocked device, without a custom recovery you won't be able to flash modified factory images. The stock recovery checks for the presence of Google's signature in the factory image and, if it doesn't find it, will refuse to flash the package.
Modifying flash-all.bat to not flash the bootloader by commenting out the proper line in the batch file will work since you're not modifying the images themselves, but the point is moot anyway since you cannot manually flash factory images due to that pesky bootloader.
That's the issue. However just to clarify, I absolutely can flash OTA images via fastboot even with a locked bootloader, I've done it multiple times. What I can't do is flash full factory images, the ones that need an unlocked bootloader.
I stand corrected regarding the flashing of OTA update files. Flashing full OTA images is conceivably possible, considering that I forgot Google gave device owners that capability. However, this doesn't change the fact you cannot alter Google-supplied ROM images without losing Google's signature on those files. So you won't be able to flash an OTA without also flashing the bootloader.
So is there a specific reason you have to have that particular bootloader?
It's not a bootloader problem per se. It's an Android version problem for me. I wouldn't mind downgrading the bootloader, is just that pixel devices apparently cannot downgrade bootloeader so it must be done with some kind of trickery.
Your on a device with an unlockable bootloader.
You can only flash official ota zips in recovery provided you are not downgrading.
Any attempt to manipulate the OTA zip will break the Google signature, and therefore any attempt to flash it on a locked bootloader will fail.
Tldr: forget about it
shoey63 said:
Your on a device with an unlockable bootloader.
You can only flash official ota zips in recovery provided you are not downgrading.
Any attempt to manipulate the OTA zip will break the Google signature, and therefore any attempt to flash it on a locked bootloader will fail.
Tldr: forget about it
Click to expand...
Click to collapse
yeah i think you're right. unfortunately.
Related
Here is the first Official ATT RUU for the Jetstream. I think many users waiting for this.
Now you can restore your device to stock always.
This update is only for AT&T Jetstream!!
(by the way, you can flash this ruu to any Jetstream which has s-off)
You can create a CWM flashable zip format from this RUU easily. Just extract the rom.zip file and flash the required .img files. This preserves your data partition but clean install is recommended.
This RUU deletes all your personal data and apps so backup to SD card.
http://www.htc.com/us/support/jetstream-att/downloads/
MIRROR:
https://rapidshare.com/files/1394623110/htc_jetstream_emr_update_1.30.502.1_us.exe
This system update includes:
Security patch
Removal of HTC Logger
Bug fixes
i can't see any thing fitting the description you wrote. just the htc sync and some PDF's...
am i wrong?
Make sure you relocked your bootloader!!! otherwise update will fail!!!
guru_shastri said:
i can't see any thing fitting the description you wrote. just the htc sync and some PDF's...
am i wrong?
Click to expand...
Click to collapse
Try to refresh the page or empty your cache and try again. I downloaded right now. If no luck I can upload to multiupload.
i still can't see it.
tried using other browsers even. no stock rom link.
could u make it CWM flashable and then upload to multiupload?
also,
can u specify what it contains?
I cannot make CWM zip but I can upload the RUU
please upload it. thanks.
here is the download link:
https://rapidshare.com/files/1394623110/htc_jetstream_emr_update_1.30.502.1_us.exe
sweet...thanks!
I hope everyone like this release and now everyone can back to stock who bricked his device. I'm waiting for this too from last november.
well, i tried running the file on my unlocked device. it failed (as expected..)
since creating the CWM flashable is over my skills, how can i run it?
does it worth the trouble in relocking the bootloader?
i d/lded the Ruu, but the installation failed (bootloader unlocked)
i got the rom.zip file but i have no idea how to convert it to cwm zip file. couldnt find a proper guide to it
now what do we do?
Can any upload it to another mirror
other than rapidshare?
Are the updates in this RUU worthwhile?
Relock your device bootloader first!!!!! Than run the RUU. I updated my relocked device successfully yesterday.
You can unlock it again after update. I successfully rooted it as well.
Now my device is much stable.
If you have AT&T working sim and data plan, you can update from the settings via OTA.
Update will fail if your device has unlocked bootloader!!!!!!!!!
Well, i updated my device.
i locked my device (fastboot oem lock) which put me in a "security issues" state.
that means the device is in bootloader state only. the only way to keep going from that point is running the RUU to overwrite the issues.
after the update - an unlock is required. that is done with the bin file sent from HTC when first unlocking the device. (fastboot flash unlocktoken Unlock_code.bin)
Now, ReRoot and your good to go.
OK. just finished the cycle. have no idea what the update contains actually - but still - doesnt worth the trouble. hopefully task or doomlord will make the RUU into a CWM flasable..
feherhollo, if you can, in the future be more specific about the process you do. lines like "relock the device" arn't so clear to everybody. thanks.
If you can all wait another day, I'll have a CWM-flashable zip out this weekend. It looks like bmw-boy might be doing this as well.
FOUND THE RECOVERY (See below)
Right now my goal is to go back to stock to flash the OTA Update. I am running my nandroid back up I first made when which is the 4.4.4 w/ Software # 1.58.502.1. and right now I have TWRP as my recovery.
Also can someone confirm something for me. This nandroid I am running is rooted obviously and has SuperUser on it. If I go back to the stock recovery can I still do the OTA update even though SuperUser is there and the phone is unlocked?
Also in order to get the stock recovery back on the phone I need to use ABD and the windows command prompt method correct?
Thanks
found this link and was able to find the stock recovery finally. I clicked "Non-WWE- Recovery Images" Ten on the site it opens I clicked the more recoveries folder at the top and 1.58.502.1 was the first one.
http://forum.xda-developers.com/showthread.php?t=2701376
Now the only thing I need to know is if going back to stock recovery will allow me to update to OTA even though there is SuperUser on my device and even though I am rooted and unlock (S-on)
magicbumm328 said:
found this link and was able to find the stock recovery finally. I clicked "Non-WWE- Recovery Images" Ten on the site it opens I clicked the more recoveries folder at the top and 1.58.502.1 was the first one.
http://forum.xda-developers.com/showthread.php?t=2701376
Now the only thing I need to know is if going back to stock recovery will allow me to update to OTA even though there is SuperUser on my device and even though I am rooted and unlock (S-on)
Click to expand...
Click to collapse
As long as the ROM is stock (nothing modified by root) and stock recovery, you can update by OTA (root okay, unlocked bootloader okay).
Another option, just relock the bootloader and run the 4.4.4 RUU. It saves you from all the hassle (finding stock ROM and stock recovery), plus installing 2 OTAs. Only reason to do it the way you are, is to keep user data (RUU wipes phone) and it also saves you from having to relock.
redpoint73 said:
As long as the ROM is stock (nothing modified by root) and stock recovery, you can update by OTA (root okay, unlocked bootloader okay).
Another option, just relock the bootloader and run the 4.4.4 RUU. It saves you from all the hassle (finding stock ROM and stock recovery), plus installing 2 OTAs. Only reason to do it the way you are, is to keep user data (RUU wipes phone) and it also saves you from having to relock.
Click to expand...
Click to collapse
Well I do have the stock ROM. Idk if it having super user on it counts as being modified by root though? If not then its fine. And as mentioned I found the stock recovery as well.
The only reason I was looking to do it this way was because I do not really know what RUU is or how to do any of it. Idk how difficult it would be to relock the boot loader then figure out the RUU thing. Idk what the differences are between that and my phone being rooted as it is now are. I'll have to see if there is a thread that explains this RUU thing to me.
Thanks for the help and suggestion too btw
magicbumm328 said:
Well I do have the stock ROM. Idk if it having super user on it counts as being modified by root though? If not then its fine.
Click to expand...
Click to collapse
SuperUser is same as root, and is fine.
When I say "modifed by root" that often is when a user deletes "bloatware" they don't want, or adds apps, or modifies apps in the system partition.
If you didn't explicitly do any of those things, you should be fine. You will know this is the problem when you install the OTA, as the install will fail with the error message that the "system has been modified".
magicbumm328 said:
The only reason I was looking to do it this way was because I do not really know what RUU is or how to do any of it. Idk how difficult it would be to relock the boot loader then figure out the RUU thing. Idk what the differences are between that and my phone being rooted as it is now are. I'll have to see if there is a thread that explains this RUU thing to me.
Click to expand...
Click to collapse
RUU = ROM update utility
RUU is super easy, you don't really need much guidance to use it. LOCKED or RELOCKED bootloader is required to run it (UNLOCKED if okay if you have s-off). PC required, and the RUU will wipe the phone (so backup any personal data you want to keep, into your PC, cloud, etc.). Aside from those points, RUU is a self-explanatory executable (.exe) program that runs from your PC, and simple to use.
Relocking the bootloader is accomplished easily with a single fastboot command (after connecting phone to PC and booting into fastboot mode): fastboot oem lock
This is also assuming you did the bootloader unlock yourself, and therefore have fastboot/adb setup on your computer.
Running the RUU itself (after relocking the bootloader) is very easy. Boot into OS (some folks have better success being booted into fastboot mode, but I think the RUU is designed to run when booted into OS), connect to PC, then just run the RUU executable on your PC. The RUU executable will then just guide you what you need to do. Its mostly automated, you just need to confirm a few dialogue screens, etc. The RUU will reboot the phone a couple times, install the needed files automatically, and that's really it.
However, since you seem confidant you already have a stock ROM and corresponding stock recovery, I suppose the RUU doesn't gain you too much. But if you hadn't done those steps already, it often saves folks the hassle of tracking down the right stock ROM and recovery for their CID and current firmware. RUU in my opinion is a cleaner install, as it installs a complete stock image (not just updating piecemeal, like an OTA often does).
Also, since OTAs typically need to be installed in sequence, you will probably need to OTA to 2.23 software, than another OTA to 3.42 software. As RUU is a complete image, it would get you to 3.42 software in one fell swoop.
One other thing to note, is that if you are for some reason not connected to AT&T's network (using another carrier, another country, etc.) you will not get any OTAs on the AT&T branded device. AT&T oddity here, most other version will still OTA, even when not connected to a specific carrier. In contrast the AT&T RUU is able to be downloaded and run by anyone with an internet connection and PC (regardless of country, carrier, etc.). I'm under the assumption that most folks on this forum section are on AT&T's network, although I know that some are not (you haven't stated either way).
RUU links are included on my Index thread under heading "RUUs": http://forum.xda-developers.com/showthread.php?t=2751432
Aside from wiping the phone (OTA keeps user data, but you may end up wiping anyway if you run into bugs after OTA), the other downside to RUU is that you need to relock the bootloader. Then you need to unlock the bootloader again (via the HTCDev.com site, or alternately sunshine) if you want to install custom recovery, install custom ROMs, root, etc.
So the choice is really yours (RUU versus OTA). I'm just giving it as an alternative.
Reverted back to "Locked" bootloader, but still get error when updating to 5.1.1 OTA
I just used Nexus Root Toolkit 2.0.5 to revert back to an OEM "Locked" state which I ahd confirmed by rebooting into bootloader. The reason I did this was so I would be able to update my device with OTA updates, but I keep getting an error every time I try to update to 5.1.1.
What are my options?
Unlock, flash Nexus Factory Images.
From what I've read if you get a failed OTA install it won't let you un-root, re-lock, etc... and take the OTA. This is to protect your device.
ETA: Do you even have to have the BL flag locked to take an OTA? I don't think so...
livinginavacuum said:
I just used Nexus Root Toolkit 2.0.5 to revert back to an OEM "Locked" state which I ahd confirmed by rebooting into bootloader. The reason I did this was so I would be able to update my device with OTA updates, but I keep getting an error every time I try to update to 5.1.1.
What are my options?
Click to expand...
Click to collapse
NEVER NEVER NEVER NEVER NEVER LOCK YOUR BOOTLOADER!!!!
1) This does not in ANY WAY impact OTAs.
2) This has the potential to *LOCK YOU OUT*.
Get your updates here:
https://developers.google.com/android/nexus/images
So then how can I go back to being able to update via OTA?
livinginavacuum said:
So then how can I go back to being able to update via OTA?
Click to expand...
Click to collapse
If you want to get OTA's, fastboot flash the stock system.img and boot.img > https://developers.google.com/android/nexus/images
But if you're going to do that, why not just fastboot flash the 5.1.1 factory images?
As posted above, do not relock your bootloader. It does not impact your ability to accept OTA's and can end up bricking your device.
cam30era said:
If you want to get OTA's, fastboot flash the stock system.img and boot.img > https://developers.google.com/android/nexus/images
But if you're going to do that, why not just fastboot flash the 5.1.1 factory images?
As posted above, do not relock your bootloader. It does not impact your ability to accept OTA's and can end up bricking your device.
Click to expand...
Click to collapse
Is there an idiot's proof guide to this?
And besides helping me unlock my device once again as you guys recommend, can the Nexus Root Toolkit make my life easier by flashing the the stock system.img and boot.img so that I can get OTA's?
livinginavacuum said:
Is there an idiot's proof guide to this?
And besides helping me unlock my device once again as you guys recommend, can the Nexus Root Toolkit make my life easier by flashing the the stock system.img and boot.img so that I can get OTA's?
Click to expand...
Click to collapse
Here's a guide. Note: use the "Long method" > http://forum.xda-developers.com/nexus-9/general/guide-how-to-unlock-bootloader-flash-t3035153
Toolkits are OK if you understand how to fix a problem when you run into trouble. I'd suggest that you use the manual method, but it's your decision. There's a thread in the Development section for NRT if you choose to go that way.
I have bricked my phone. It's stucked in a boot loop.
I had an up-to-date, non-rooted, locked XT1524. Since 3G and 4G didn't work on my country, first I tried flashing the modem and baseband from a retail XT1527 stock ROM. The flashing went OK, but 3G and 4G still didn't work (as happened to pablo_cba in this thread).
Then I turned my common sense off and tried flashing the whole XT1527 ROM. I though that since they were stock ROMs I didn't have any need to root the phone (or install TWRP). And since I was flashing the same version I had, I didn't need to unlock the bootloader either. Wrong! The ROM I flashed was version 5.1 (23.29-15), and my current ROM at the moment was 5.0 (22.50-X). Since I haven't unlocked the bootloader, I can't go back to the retail XT1524 stock ROM published here.
I was able to flash gpt.bin and bootloader.img, but things went south on boot.img. Now the bootloader is stuck with the following error:
Code:
version downgraded for boot
failed to validate boot image
Trying to flash boot.img (or system) fails with error:
Code:
hab check failed for boot
Failed to verify hab image boot
Trying to go back to XT1524 ROM fails with:
Code:
version downgraded for aboot
Trying to unlock the bootloader fails with:
Code:
Enable OEM Unlock
Which is obvious because I haven't enabled it on the phone, but it sucks because I can't boot and enable it.
So, here goes my questions:
- What does the "hab check failed" means? Is there any way to bypass it and finish flashing the XT1527 ROM?
- Is there any way to unlock the bootloader without enabling it first on developer settings?
- Is there anything I can do other than waiting that 5.1 gets rolled to XT1524 phones, and that a stock ROM for it gets leaked?
Thanks a lot for your kindly help!
Ah, I know exactly what happened. The good news is that your device is not bricked. The bad news is that you will need to wait a few weeks for the XT1524 5.1 stock images to be released.
The CID is a one byte Motorola specific value that indicates which region your device is for. Boot and system images are signed by Motorola tools that sign for a specific CID. The bootloaders for Motorola phones are signed with qualcomm tools that do not care about CIDs. As a result, you can flash a bootloader meant for a device with a different CID, but you can't flash a boot or system image for a different CID (while bootloader locked).
Since the bootloader is not CID specific, you were able to flash the new bootloader. The new bootloader blows fuses to increment the security version and prevent rollback. It will not allow you to flash an older boot and system image, since they may contain vulnerabilities. Now, the bootloader won't allow you to flash anything except a new 5.1 ROM signed for your CID.
I'd recommend just waiting a few weeks for the signed official 5.1 images for XT1524 to be released.
If you can't wait and are willing to take your phone apart and void the warranty and solder onto stuff, you can circumvent the Factory Reset Protection feature to unlock your bootloader. I don't recommend doing this, but it can be done. You will need to solder onto test points for the flash (that will be located underneath shielding cans). Writing 0x01 to the last byte of the frp partition will enable bootloader unlocking. Once again, I don't recommend doing this, I'm just stating what is possible.
EDIT: It might be worth a try seeing if Motorola will do something under warranty. The challenge will be to explain your problem in a manner that will not make them consider it to have been damaged by you. I don't know what they will think of your issue.
The exact thing happened to me. I think that the 5.1 firmware will arrive soon to your device. I took to my carrier, and they gave a new one in 2 weeks. I think that Motorola won't help you, as you requested the bootloader code.
just wanted to say i had been running my verizon note 3 (non-dev edition) like everyone else here
with the bl unlocked to dev edition and rooted most likely with either kingo or supersu through teamyemin or proyemin and i think there is another one too.
basically if you want to go back 100% original (including your original cid) its not as easy as you might think.
first thing i did was wipe everything that was possible to wipe from within twrp recovery.
next i booted to odin download mode
from there i flashed the OB6 official firmware
then i rooted using the kingo method as this seemed the most likely not to infect my computer and possibly only stole info from my phone. (this used the 2 files 1.tar and 2.tar flashed with odin for pc)
i then verified my root and installed terminal emulator end es file explorer root
i copied samsung_cid to phone sd card and used es file explorer root to move to ./data/local/tmp
changed my cid back to original and rebooted phone
booted to stock recovery and wiped everything i could and booted into odin download mode
flashed OF1 official
there is a very important part that could get alot of ppl phones into brick mode.
when you goto change the cid back to original you better already have the stock BL on and running and >>>NOT<<< the DEV-BL
that is why i chose to flash an official OB6 rom first
if you try to change the cid to original non-dev edition and reboot your phone this could have problems since you would have the dev bl flashed with a non dev bl cid
when the cid for the dev edition became available you could change the cid first and boot into the bl and it would say something like developer mode enabled or someting like that even if you had the stock bl flashed (not the dev bl)
this is fine
only problem is if you change that cid back to stock/original non-dev while you are running the dev bl
i dont know what would happen but i bet it wouldnt be good.
ok next part i think is important is getting rid of kingo root as much as possible and that is why i flashed the OB6 firmware first and then OF1 for my very last step.
ok thanks.
i know alot of ppl are probably gonna say why would you want to go back to stock original cid and my answer is this.
phone is really stable and also if i want to sell it which im thinking about.
hope it helped some ppl.
Where do we get our original Cid?
The method used to do the unlocking runs the tool in two passes, like this:
pass1: change the CID.
pass2: (create debrick image &) alter the aboot partition sig to the DevEd sig.
There is no reason this can not be reversed (assuming you have root on ANY ROM) e.g. :
pass_negative_2: flash stock aboot to aboot partition.**
pass_negative_1: revert the CID by altering the original code to write your CID (minor code change and recompile).
** must be from the exact same version of boot firmware you have on the phone; you could use "dd" for this.
There's no reports of people trying this explicitly, but OTOH note this: there were owners of DevEd devices that accidentally flashed stock bootloaders. They didn't change their CID, and they didn't brick. They just couldn't go back to an unlocked bootloader any longer, or boot custom kernels: they converted their phones to retail without ever changing their CID.
Anyhow, it appears that you went through a ton of effort, when all you needed to do was flash the stock "aboot" back into place.
It probably isn't even necessary to revert the CID back.
ExpialZLD said:
Where do we get our original Cid?
Click to expand...
Click to collapse
You recorded it - as a precaution - when you went through the unlocking process. Didn't you?
As I mentioned above, it probably doesn't matter anyway.
@OP: did your "Custom" boot logo disappear eventually?
PS even after doing this the phone will still have a blown knox warranty flag and certain TZ/qseecom functionality will no longer work, even with 100% pure stock on the phone.
bftb0 said:
The method used to do the unlocking runs the tool in two passes, like this:
pass1: change the CID.
pass2: (create debrick image &) alter the aboot partition sig to the DevEd sig.
There is no reason this can not be reversed (assuming you have root on ANY ROM) e.g. :
pass_negative_2: flash stock aboot to aboot partition.**
pass_negative_1: revert the CID by altering the original code to write your CID (minor code change and recompile).
** must be from the exact same version of boot firmware you have on the phone; you could use "dd" for this.
There's no reports of people trying this explicitly, but OTOH note this: there were owners of DevEd devices that accidentally flashed stock bootloaders. They didn't change their CID, and they didn't brick. They just couldn't go back to an unlocked bootloader any longer, or boot custom kernels: they converted their phones to retail without ever changing their CID.
Anyhow, it appears that you went through a ton of effort, when all you needed to do was flash the stock "aboot" back into place.
It probably isn't even necessary to revert the CID back.
You recorded it - as a precaution - when you went through the unlocking process. Didn't you?
As I mentioned above, it probably doesn't matter anyway.
@OP: did your "Custom" boot logo disappear eventually?
PS even after doing this the phone will still have a blown knox warranty flag and certain TZ/qseecom functionality will no longer work, even with 100% pure stock on the phone.
Click to expand...
Click to collapse
Does by record do you mean by using a tool or like taking a picture of the cid
ExpialZLD said:
Does by record do you mean by using a tool or like taking a picture of the cid
Click to expand...
Click to collapse
Cut-n-paste to a text file.
The tool spews out onto the screen the device's CID before it goes about changing it.
That assumes you followed the directions in the OP and used ADB. Or, didn't follow those instructions and used a terminal emulator. (I don't know whether or not the app shows you the output from the binary).
As I mentioned, folks that had DevEd devices (that is, "factory unlocked" bootloaders) that made the mistake of flashing stock firmware turned their DevEd phones into retail phones - without ever changing the CID to some other value. So it may not even matter - you end up with a "retail" phone with the same CID that you currently have.
In any event, if you didn't record the previous CID, there's nothing to do about it.
The OP mentions something called "samsung_cid". I presume he is talking about a mod of the original code that allows you to re-write the CID to an arbitrary value.