Yes, we're all noobs!!!
I have a brand new Excalibur (I bricked my first one five mins. out of the box) and I attempt to upgrade following instructions on the tutorial posted on these forums.
What's not stated on said tutorial (and no one tells you, only after you bricked your phone) is that YOU MUST BACK UP YOUR ORIGINAL ROM before the upgrade, because if anything goes wrong, that is the only ROM you can flash to your phone to restore it, otherwise IT IS BRICKED. (Believe me, it happened to me).
So, to all you experts reading these, please, help us noobs and post here a complete guide on how to back up your original ROM.
We will thank and worship you forever!!!
These days, there is no need to backup your own Rom.
We have a collection of ROMs on this site alone. Or in my signature.
I do suggest to download one prior to updating your ROM.
This forum uses most of a collection of ROM i have uploaded for everyone.
Click here for the forum of original ROMS
Mikey1022 said:
These days, there is no need to backup your own Rom.
We have a collection of ROMs on this site alone. Or in my signature.
I do suggest to download one prior to updating your ROM.
This forum uses most of a collection of ROM i have uploaded for everyone.
Click here for the forum of original ROMS
Click to expand...
Click to collapse
I have two questions: Firstly, there is no official O2 Xda Cosmo ROM or? Secondly, if you back up the ROM first, how can you flash it back to the device? Is there a tutorial for this?
Thanks
READ this thread
uccellino said:
I have two questions: Firstly, there is no official O2 Xda Cosmo ROM or? Secondly, if you back up the ROM first, how can you flash it back to the device? Is there a tutorial for this?
Thanks
Click to expand...
Click to collapse
yeah i'm waiting for the official O2 Xda cosmo ROM. i need it badly because my camera doesn't work anymore with new ROM. and i am totally agree to write a clear reminder to backup your original ROM first before upgrading in the upgrading ROM thread. just in case for noob like me....
Mikey1022 said:
READ this thread
Click to expand...
Click to collapse
After rereading, I still have the questions:
1. How is it possible to flash back a saved backup ROM image?
2. If I use a USPL and then something goes wrong while flashing a cooked ROM, can I only re-flash my original ROM (i.e. for XDA Cosmo which doesn't exist)?
Thanks
Okay - maybe I just figured out the answer to my own question: if I flash the USPL-RUU first before flashing a ROM update, maybe this means I can reflash if something goes wrong? Is this correct, or is there a chance that the SPL get overwritten before the error and I still get stuck?
Well, in fact, it is necessary...
Mikey1022 said:
These days, there is no need to backup your own Rom.
We have a collection of ROMs on this site alone. Or in my signature.
I do suggest to download one prior to updating your ROM.
This forum uses most of a collection of ROM i have uploaded for everyone.
Click here for the forum of original ROMS
Click to expand...
Click to collapse
...When I mean original ROM, I mean the ROM that could only work on a CID-Locked-by-a-carrier Excalibur, not the HTC WW ROM release.
Also, many of us noobs are international, I doubt that on the ROM database on this website we'll be able to find, say, the Movistar Mexico HTC Excalibur WM5 1.15.0000 ROM, which in my case, is the only one I would be able to flash in case anything goes wrong on the upgrade attempt. (I dedicated a week searching this ROM for the first Excalibur I bricked, no results)
Therefore - and I really hate to contradict -, for many of us, a ROM backup IS necessary and a tutorial from you experts on how to do it would be a great, great contribution to this community. (And also to the database, 'cause I'll definitively upload my ROM once I back it up)
velascoperroni said:
...When I mean original ROM, I mean the ROM that could only work on a CID-Locked-by-a-carrier Excalibur, not the HTC WW ROM release.
Also, many of us noobs are international, I doubt that on the ROM database on this website we'll be able to find, say, the Movistar Mexico HTC Excalibur WM5 1.15.0000 ROM, which in my case, is the only one I would be able to flash in case anything goes wrong on the upgrade attempt. (I dedicated a week searching this ROM for the first Excalibur I bricked, no results)
Therefore - and I really hate to contradict -, for many of us, a ROM backup IS necessary and a tutorial from you experts on how to do it would be a great, great contribution to this community. (And also to the database, 'cause I'll definitively upload my ROM once I back it up)
Click to expand...
Click to collapse
Actually, it's quite easy to CID unlock your phone to load whatever ROM you want. Much easier in fact, than dumping your current ROM and restoring it. I was able to flash my first ROM within about 30 minutes of reading on this forum, and had no problems at all.
velascoperroni said:
...When I mean original ROM, I mean the ROM that could only work on a CID-Locked-by-a-carrier Excalibur, not the HTC WW ROM release.
Also, many of us noobs are international, I doubt that on the ROM database on this website we'll be able to find, say, the Movistar Mexico HTC Excalibur WM5 1.15.0000 ROM, which in my case, is the only one I would be able to flash in case anything goes wrong on the upgrade attempt. (I dedicated a week searching this ROM for the first Excalibur I bricked, no results)
Therefore - and I really hate to contradict -, for many of us, a ROM backup IS necessary and a tutorial from you experts on how to do it would be a great, great contribution to this community. (And also to the database, 'cause I'll definitively upload my ROM once I back it up)
Click to expand...
Click to collapse
I completely agree with you
I just have no idea how to restore a backed-up ROM and I haven't read anything saying how to do it either. As you say, many of us a stuck with devices CID locked to some international ROM that is impossible to get.
So once again the question: Does anyone know how to re-flash a backed-up ROM?
I'm no expert but all I'm going to say is this. If you have a Rom from a different carrier that has not leaked to the public, then you are probably out of luck. You take the risk of hoping your phone will not have serious problems down the line of your contract or usage. You should pick up insurance on your phone depending on the stipulations your carrier has about lost or stolen or even broken phones. In that case you could return/replace your phone if need be after modifying it to your liking. I also would suggest that the entire reason we are here is that we don't want to be like the norm. We want what we paid for and don't want to be restricted. It's a risk. You must make that choice and succeed or fail that's not anyone's problem but your own. With all the Roms out there you should find one to your liking. If you brick your phone which seems so much more difficult than my razr modding days, than sell it for parts and lesson learned.
In the U.S. the Open Headset Alliance is our future so what we do to our phones in the future will be our choice.
Good Modding
Pfunk
C'mon guys...
Wy all the negativity?
I'm I conspiring against copyright laws if I want to have a backup of the ROM I paid for?
Is backing up a ROM frowned upon on this community? or is it so easy (from what I can gather it requires "dumping" and "restoring") that it is even insulting for me to ask you how to do it?
Yes, we are all here because we don't conform to the norm, but we are all HERE to help each other out. Why the closure? Why the elitism?
Like all of you, I want to take full advantage of the piece of technology I acquired without the restrictions installed on them by the phone corps. Yes, I would like to have the minimum risks while doing so, and yes, I would like to do it as cost effective as I can, just as anyone of you would.
It is a risk to upgrade a Cid.Locked phone with the bypass provided on this website, It happened to me and to many: USB cord unplugs and voila, bricked phone.
One alternative is to pay $40 bucks for a permanent Cid.Unlock, which will allow you to flash and flash and flash, even if you get stuck in the middle of one process.
The other, used by many here who wont pay, is to use the Cid bypass, while having a backup original rom "just in case".
What I only ask (for myself and my peer noobs) is to have this same other alternative as many, many of you.
Really, is it to hard to post the following?
1. Downoad these softwares;
2. Do this to "dump";
3. Do that to "restore";
4. To re-flash, do this.
C'mon, all for one and one for all right?
p.s. For my friend asking how to re-flash a backed up ROM, from what I've gathered, it goes something like this: your backed up ROM must be in a *.bn format (I still don't know how to even achieve this); then you must get a hold of any HTC RUU Software, extract it (Winrar) and replace the *.bn file inside the extracted folder with your *.bn file; with the HTC connected in bootloader mode, run the exe file in the extracted folder.
velascoperroni said:
...I doubt that on the ROM database on this website we'll be able to find, say, the Movistar Mexico HTC Excalibur WM5 1.15.0000 ROM, which in my case, is the only one I would be able to flash in case anything goes wrong on the upgrade attempt. (I dedicated a week searching this ROM for the first Excalibur I bricked, no results)
Therefore - and I really hate to contradict -, for many of us, a ROM backup IS necessary and a tutorial from you experts on how to do it would be a great, great contribution to this community. (And also to the database, 'cause I'll definitively upload my ROM once I back it up)
Click to expand...
Click to collapse
The Official ROMs collection is as full as I can make it. To have more images, we need everyone to upload ones that are missing to something like rapidshare, mediafire, or one of a few dozen other hosting sites, then tell up here on xda dev. Or upload it to several yourself. Spreading things on the net is much easier than ripping the ROM out anyway, and you benefit from the online backups, too.
So, yes, if you aren't going to back up your ROM, hope that someone else already has. Or, even better, be that first guy who does it, to make things easier for the rest of us. Besides, we might want to see what kinda goodies are tucked in the Movistar version
Indeed!
Profezza said:
...Or, even better, be that first guy who does it, to make things easier for the rest of us. Besides, we might want to see what kinda goodies are tucked in the Movistar version
Click to expand...
Click to collapse
Thanks for the support Profezza, indeed I intend to be the first, but in order to do that, I need to know how to do it.
I'll keep my hopes up for someone to post here the procedure for backing up my own ROM.
Also, the Movistar version is pretty lame, at least it would be a language addition to the database since it is originally in Spanish.
velascoperroni said:
Thanks for the support Profezza, indeed I intend to be the first, but in order to do that, I need to know how to do it.
I'll keep my hopes up for someone to post here the procedure for backing up my own ROM.
Click to expand...
Click to collapse
My post kinda ignored that point, as... I don't actually know how it is done.
velascoperroni said:
Also, the Movistar version is pretty lame, at least it would be a language addition to the database since it is originally in Spanish.
Click to expand...
Click to collapse
I think the version # system is controlled by HTC and fairly consistent across brandings, so it looks like it is a rather old one, but yeah, it could handy just for the Spanish. And ya never know, maybe a better graphic or two in some odd corner. I'll come back and bump this if it looks like it is fading away.
velascoperroni said:
p.s. For my friend asking how to re-flash a backed up ROM, from what I've gathered, it goes something like this: your backed up ROM must be in a *.bn format (I still don't know how to even achieve this); then you must get a hold of any HTC RUU Software, extract it (Winrar) and replace the *.bn file inside the extracted folder with your *.bn file; with the HTC connected in bootloader mode, run the exe file in the extracted folder.
Click to expand...
Click to collapse
Hi velascoperroni!
Thank you for your help - this is helping me to get closer to understanding
Basically I have my old ROM image as .img files (actually 5 of them) produced by bkondisk, together with a log file saying what goes where. So now all we need to figure out is how to turn these back into a .bn file and we'll be in business. For info on bkondisk, which lets you save your ROM (as .img files), see this wiki http://wiki.xda-developers.com/index.php?pagename=bkondisk
Could anyone point me to some resources on these two file formats? Then maybe we could come up with a conversion program when one doesnt exist
Getting closer!
Great, it seems we are getting closer to our goal!!!
But still surprises me that no one has posted a complete how to... perhaps the only few who know the deal haven't read this thread yet.
Now we know the following:
1. Bkondisk: software that allows to backup ROM in *.img format.
2. The original format of the ROM is *.bn
We don't know if the *.img file needs to be converted to *.bn or if they are compatible.
I also found out about an easier method to re-flash the ROM:
1. Format your SD Card in FAT32;
2. Copy your *.bn file to your SD Card;
3. Turn off phone, insert SD Card, Turn on phone in bootloader mode;
4. The phone should automatically recognize the ROM and start the flashing process.
Uccelino: Try placing the *.img file in the SD Card instead of the *.bn file. Maybe, just maybe the phone also recognizes *img files!
Getting closer!
Great, it seems we are getting closer to our goal!!!
But still surprises me that no one has posted a complete how to... perhaps the only few who know the deal haven't read this thread yet.
Now we know the following:
1. Bkondisk: software that allows to backup ROM in *.img format.
2. The original format of the ROM is *.bn
We don't know if the *.img file needs to be converted to *.bn or if they are compatible.
I also found out about an easier method to re-flash the ROM:
1. Format your SD Card in FAT32;
2. Copy your *.bin file to your SD Card;
3. Turn off phone, insert SD Card, Turn on phone in bootloader mode.
4. The phone should automatically recognize the ROM and start the flashing process.
Uccelino: Try placing the *.img file in the SD Card instead of the *.bin file. Maybe, just maybe the phone also recognizes *img files!
Also...
Sorry for the double post back there!!
Also check out this thread I started when I bricked my first Excalibur:
http://forum.xda-developers.com/showthread.php?t=378050
I never got a feasible response to wether sprite backup would work or not, and I did not want to spend $30 bucks to find out.
velascoperroni said:
Great, it seems we are getting closer to our goal!!!
But still surprises me that no one has posted a complete how to... perhaps the only few who know the deal haven't read this thread yet.
Now we know the following:
1. Bkondisk: software that allows to backup ROM in *.img format.
2. The original format of the ROM is *.bn
We don't know if the *.img file needs to be converted to *.bn or if they are compatible.
I also found out about an easier method to re-flash the ROM:
1. Format your SD Card in FAT32;
2. Copy your *.bin file to your SD Card;
3. Turn off phone, insert SD Card, Turn on phone in bootloader mode.
4. The phone should automatically recognize the ROM and start the flashing process.
Uccelino: Try placing the *.img file in the SD Card instead of the *.bin file. Maybe, just maybe the phone also recognizes *img files!
Click to expand...
Click to collapse
I just had an idea: I will flash a ROM, back it up, and compare the *.bn files to the *.img files I get from backing up - maybe they are or are almost the same, and we can convert them
I will try. Thanks
Apologies if this has been covered before- searched a couple of times with no joy...
Waiting for delivery of my Defy and still not sure what mods to do...Having read about a lot of UK models having the dreaded ear-piece fault, I'm just wondering:
1. what I can do that can be undone if my phone develops this fault?
i.e. Is it possible to root the phone, remove some of the Motoblur bloatware, overclock and scale, and still be able to return it to it's original state if the earpiece goes? (or at least make any mods undetectable!)
2. From what I've read it is possible to skip the Motoblur registration. Would I still be able to use the phone portal- what apps require the Motoblur registration?
Basically I'd love to tweak the phone but am paranoid about voiding the waranty!
Thanks in advance!
Once you are rooted and have recovery installed backup your system before doing anything else. If something happens restore the backup and unroot. Only problem might be if you have some type of hardware issue and can no longer boot the phone.
There is always risk, but that will help.
rbeier1221 said:
Once you are rooted and have recovery installed backup your system before doing anything else. If something happens restore the backup and unroot. Only problem might be if you have some type of hardware issue and can no longer boot the phone.
There is always risk, but that will help.
Click to expand...
Click to collapse
Thanks. Is it the case that you can mod the phone any way you like as long as you backup, restore and unroot before returning the phone for any possible warranty claim? Would a Mototola tech be able to tell that the phone had been modded and then reset to it's original state? Just wondering if I'd be better to wait a couple of months for any possible fault to appear...Thanks again.
cwhiggs said:
...am paranoid about voiding the waranty!
Click to expand...
Click to collapse
If that's your primary concern, tweaking isn't really an option.
As soon as you start fiddling with the software, you technically void your warranty.
That said, most fiddling can be undone and if the phone were to end up in a state that you couldn't boot it to fix your fiddling, there's a fairly good chance that the engineers wouldn't be able to boot it to discover what you've done.
Not to mention, from past personal experience, a lot of front-line engineers that actually deal with faulty handsets that are sent away for repair don't really care or may not be bright enough to be able to tell that you've messed with your phone.
Thanks. Think I'll go ahead and mod it. Been reading the relevent posts/stickies and from what I can see as long as I'm carefull and follow the various steps closely and in order, I'll be unlucky to brick it. Think I'd get pissed off waiting several months for any fault to show- just wary of the earpiece going and then being told I'm screwed coz I've played with the software! Thanks again.
I've been curious about how the Bootloader is locked down and why it's so difficult/impossible to unlock. How does the mfg get the initial load onto the device when it's manufactured?
I read that this bootloader has some 2048 encryption and that it's impossible to crack. However, I feel like there should be a way to alter the systems firmware from a PC or some kind of connection to the device.
Buchez said:
I've been curious about how the Bootloader is locked down and why it's so difficult/impossible to unlock. How does the mfg get the initial load onto the device when it's manufactured?
I read that this bootloader has some 2048 encryption and that it's impossible to crack. However, I feel like there should be a way to alter the systems firmware from a PC or some kind of connection to the device.
Click to expand...
Click to collapse
The way I read it somewhere is this,
There are efuses built into the processor/motherboard/memory/whatever that the new bootloader "blows" when it is installed. These efuses are necessary pathways for the older bootloaders, hence why they won't install. I don't believe the new bootloader is "locked" per say, it just prevents earlier versions from being installed. There is also a guide somewhere on these forums to recover your device from a brick if you tried to downgrade the bootloader. The new bootloader also doesn't prevent you from installing earlier roms, as long as they are flashable from recovery. Just do not try to use Odin to revert to an earlier rom. That's what causes the bricks, and although there is a procedure to recover, it doesn't sound easy and you end up back on MJB when you're done anyway. Hope that helped.
To whoever wrote the original post I referred to above, my apologies for not giving credit.
Thanks for the reply.
I'm pretty solid with flashing ROM's and such. I have been wondering if it would be possible to use a regular PC and some cool software to reset or reformat the firmware on the system.
Here is a link to the article I was reading:
http://rootzwiki.com/news/att-locks-down-its-galaxy-s-iv-bootloader/
Say I have brand new S3 hardware right off the factory floor. How does that system get injected with the software? When the factories get damaged or "Bricked" units back and refurb them, how do they do that. I know that you can use the SD card trick to jump your phone back to life, but there has to be some master way to do this
Buchez said:
Thanks for the reply.
I'm pretty solid with flashing ROM's and such. I have been wondering if it would be possible to use a regular PC and some cool software to reset or reformat the firmware on the system.
Here is a link to the article I was reading:
http://rootzwiki.com/news/att-locks-down-its-galaxy-s-iv-bootloader/
Say I have brand new S3 hardware right off the factory floor. How does that system get injected with the software? When the factories get damaged or "Bricked" units back and refurb them, how do they do that. I know that you can use the SD card trick to jump your phone back to life, but there has to be some master way to do this
Click to expand...
Click to collapse
I don't have an S3, I'm on the S3 section because my mom broke her phone, so this is speculation based on when I owned an Optimus G:
There are qualcomm tools that can fix a lot more than Odin and Fastboot can, apparently, and manufacturers have access to those. When I had an Atrix 4G someone told me they replace the entire board when eFuses are burned incorrectly, but that sounds really expensive. Anyway, just my 2 cents, i'm out~
Hey!
I want to start developing on an old Sony smartphone, the Xperia Miro st23i (Mesona).
Why this device? It isn't expensive to buy a new mainboard in case I break it and for reasons of sentimentality
I have already compiled kernels for Desktop Linux for various reasons.
Now to my question:
There are CM10 sources and some 2.5-ish TWRP available which I intended to upgrade.
Can I break access to fastboot by flashing a kernel that doesn't work at all?
This always happens every now and then when trying something. But on my Thinkpad, I could always swap the hdd when I've messed things totally up... Here, I can't do that.
Same question for TWRP, can I break fastboot?
Can a messed up partition layout break fastboot?
How could I break fastboot?
I think my questions applies to more or less every Sony phone.
I couldn't find any information useful to me by Google or Xda search because the results are so full of questions how to get into fastboot...
I absolutely don't know how the fastboot mode works and what it depends on.
I just want to know what major mistakes I could do before I do them. Maybe I can prevent to be in need of a JTAG Interface by asking in advance
Thanks for any useful answer!
PS: Please don't discuss the fact I'm gonna develop on this device. The amount of thanks given in case I'm successful will be like 4 and the device will be sluggish as hell on Marshmallow or Nougat because it has only a few MBs of RAM and only 1GHz CPU. I know that! But I don't want to start developing on a device that's so expensive that I can't afford to break it.
You wouldn't let a newbie "try to learn something" at your new Prius. You would give him your old 1992 car that you don't need anyway, regardless of its top speed -
Kaffeetrinker said:
Hey!
I want to start developing on an old Sony smartphone, the Xperia Miro st23i (Mesona).
Why this device? It isn't expensive to buy a new mainboard in case I break it and for reasons of sentimentality
I have already compiled kernels for Desktop Linux for various reasons.
Now to my question:
There are CM10 sources and some 2.5-ish TWRP available which I intended to upgrade.
Can I break access to fastboot by flashing a kernel that doesn't work at all?
This always happens every now and then when trying something. But on my Thinkpad, I could always swap the hdd when I've messed things totally up... Here, I can't do that.
Same question for TWRP, can I break fastboot?
Can a messed up partition layout break fastboot?
How could I break fastboot?
I think my questions applies to more or less every Sony phone.
I couldn't find any information useful to me by Google or Xda search because the results are so full of questions how to get into fastboot...
I absolutely don't know how the fastboot mode works and what it depends on.
I just want to know what major mistakes I could do before I do them. Maybe I can prevent to be in need of a JTAG Interface by asking in advance
Thanks for any useful answer!
PS: Please don't discuss the fact I'm gonna develop on this device. The amount of thanks given in case I'm successful will be like 4 and the device will be sluggish as hell on Marshmallow or Nougat because it has only a few MBs of RAM and only 1GHz CPU. I know that! But I don't want to start developing on a device that's so expensive that I can't afford to break it.
You wouldn't let a newbie "try to learn something" at your new Prius. You would give him your old 1992 car that you don't need anyway, regardless of its top speed -
Click to expand...
Click to collapse
Sony devices can use flashtool which is different from fastboot and provides the ability to reflash the full firmware - which helps you get out of most issues you may encounter.
hypertrack said:
Sony devices can use flashtool which is different from fastboot and provides the ability to reflash the full firmware - which helps you get out of most issues you may encounter.
Click to expand...
Click to collapse
Thanks for trying to answer my question, but that's not it.
I've already unbricked like 50 phones by exactly following tutorials and reading everything I could find.
In the end, I just want to know what flashmode or fastboot mode depend on. I want to know which partitions I may mess up and which I may not mess up.
My guess is I may do everything as long as I don't reflash the bootloader partition.
Kaffeetrinker said:
Thanks for trying to answer my question, but that's not it.
I've already unbricked like 50 phones by exactly following tutorials and reading everything I could find.
In the end, I just want to know what flashmode or fastboot mode depend on. I want to know which partitions I may mess up and which I may not mess up.
My guess is I may do everything as long as I don't reflash the bootloader partition.
Click to expand...
Click to collapse
Ahh ok - so I bet @Bin4ry would be able to answer that question - either him or @Androxyde
@Kaffeetrinker
This thread by @munjeni used to contain much more detailed info about the S1 bootloader, but most of it can't be accessed right now.
Titokhan said:
@Kaffeetrinker
This thread by @munjeni used to contain much more detailed info about the S1 bootloader, but most of it can't be accessed right now.
Click to expand...
Click to collapse
Thank you very much! This thread gave me some words to google. Doing so, I found the information I needed
As soon as summer's over, the project can start.
To answer my own question in short: you can't hardbrick a Sony device as long as you don't mess with the bootloader.
Fota recoveries are completely seperated from the actual ROM (although they can be updated together).
Fastboot does neither rely on Fota kernel nor does it on the system kernel.
As long as you do only regular rom developing and don't change the partition layout or mess in any other way with the bootloader partition, nothing should go wrong.
If you create an unbootable system kernel, you still can use your twrp. And if you create an unbootable TWRP, you can still get into the system.
If you mess up both, you still habe got fastboot.
Hi
I'm new to the forum but have been doing a fair amount of research. I am stuck now though and would like a bit of help.
My situation is that I have a Xperia XA1 ultra (I know I should post in that device specific forum but not much seems to be happening there) I have a very specific problem that I have treated like a forensics problem.
The phone is locked by a pattern which has been guessed by another person so many times that the gatekeeper only allows one entry per day provided the phone is charged otherwise the timer resets.
It has not been rooted and ADB is disabled.
I have connected to it through fastboot and what I can gather is that it is running Android Oreo.
The system details are as follows:
Product: XA1 Ultra G3221
Build Number: 48.1.A.0.129
Chipset: Mediatek MT6757 Helio P20
Bootloader: Locked
My research has led me to the possibility of loading a recovery image into the RAM of the phone and accessing ADB that way. I tried this with a TWRP image but obviously it didn't work. There is a company called Cellebrite that claims to be able to load it's own boot/recovery image into the bootloader and gain entry that way, however the license is something like £10,000. I'm definitely not a commercial customer.
The final option for me would be to dump the memory via JTAG or chipoff, the contents would be encrypted but I found a blog where somebody had managed to find the location of the gesture.key file while the system was encrypted. I can't remember what the site was called though, it took me ages to find last time.
My main questions are does Sony sign the boot image with it's own keys or does it use the standard Android Verified Boot?
Does Sony reuse the same keys for signing across devices? Likely not but maybe
Is there a way to send specific instructions to the RAM via fastboot?
Does anybody know of an exploit that could be used?
Is there a way to extract the boot.img and recover the Sony keys?
If there any other docs, resources or ways to get the data that could help, I will gladly read and/or try them. I think this forum is probably the biggest resource one though but after a while the specific information needed gets harder to find.
The main thing is that I don't unlock the bootloader and flash anything. It's all got to be live and non data damaging.
I tried MTPwn on the off chance that it would work but nope, it was a no go.
If there was a way to utilise the mediatek exploit to gain entry from fastboot that would be excellent, or to use fastboot to dump the memory.
Thanks for reading, I hope someone can help.
Your thread was quite confusing at first as I wasn't sure what to look for exactly :/
That being said, you have your phone locked and you want to unlock it. However you don't want to flash or reset your device, you don't have root permission, you don't have debugger mode on and you don't want to unlock the bootloader, correct?
Basically you're asking for the impossible...
All I can think of is FROST attack. See article for details and source code.
You can also send your device to your nearest Sony service center and they can probably fix it with no memory loss.
Other than that, you MUST hard reset your phone if you want it back.
However should you come to your mind and realize the reality of the situation where you shouldn't be picky about it then you can start with flashing custom recovery. Or using third-party programs like dr.fone.
XDHx86 said:
Your thread was quite confusing at first as I wasn't sure what to look for exactly :/
That being said, you have your phone locked and you want to unlock it. However you don't want to flash or reset your device, you don't have root permission, you don't have debugger mode on and you don't want to unlock the bootloader, correct?
Basically you're asking for the impossible...
All I can think of is FROST attack. See article for details and source code.
You can also send your device to your nearest Sony service center and they can probably fix it with no memory loss.
Other than that, you MUST hard reset your phone if you want it back.
However should you come to your mind and realize the reality of the situation where you shouldn't be picky about it then you can start with flashing custom recovery. Or using third-party programs like dr.fone.
Click to expand...
Click to collapse
Thanks for getting back to me, yes I realise it is asking for the impossible. I'll have a research around that article and see if I can find some information on how to write the program to dump the contents over USB. I tried Dr Fone but that only gave me the option of a hard reset.
My current line of attack is an exploit over USB called OATmeal, whereby a Raspberry Pi is used over OTG with a filesystem label of "../../data", it allows the filesystem of the phone to be mounted and data written off. It is a little complex and so I am struggling a bit with getting it to work. The team over at Project Zero have a good write-up of it so I'm following that and the POC at exploit-db to guide me through it.
I think I will be able to get the USB part to work but I'm not sure if I have to write a Java file to automatically run when /data is mounted, or if that's even possible.
Forenzo said:
My current line of attack is an exploit over USB called OATmeal
Click to expand...
Click to collapse
Not to make you frustrated, but this is an old exploit and I highly doubt it'd work on your device, unless your device security patch is older than 9-2018.
And you can't rollback on your security patch.
You should really consider flashing TWRP or other custom recovery. You have no other option.
XDHx86 said:
Not to make you frustrated, but this is an old exploit and I highly doubt it'd work on your device, unless your device security patch is older than 9-2018.
And you can't rollback on your security patch.
You should really consider flashing TWRP or other custom recovery. You have no other option.
Click to expand...
Click to collapse
Fortunately the device hasn't been updated since around 2-2018 or 3-2018 so any exploit I can find from then onwards that I can use will be great. I really do get that the only realistic option is to unlock the bootloader and flash the recovery but the data needs to be recovered and I absolutely don't want to wipe it.
If I can't do it then it will gather dust until the end of time...
It seems that no matter what I say you won't realize the situation you are in.
I can only suggest to NEVER mess with the phone circuits or the motherboard. No matter which stupid yoututbe tutorial you saw. Those guys are douchebags who only know how to get views and don't care for whatever you/they do to your device.
Needless to say messing with the circuits or the motherboard require dexterity and experience which I'm positive you don't have.
As I said before if you send it to an authorized service center, then they can help you with it without memory loss.
Sending you device to a service center isn't an insult or an act of low self esteem. Service centers exist for a reason, and they're basically geeks who are too passionate about electronics and decided to make a living out of it.
Or maybe you can somehow use the EDL mode on the phone.
In Qualcomm devices the EDL mode is locked and can only be accessed by an authorized person who have the security code of your device. I don't know if it even exist in MTK devices.
Should you actually manage to boot into EDL mode - Assuming it exists and is unlocked - then BEWARE: EDL mode is very low level and any command can directly affect the kernel or compromise the system. Don't use commands you're not sure what do they do.
You can use EDL mode to recover the data from the phone then wipe it clean, then restore the data.
You cannot access memory with EDL mode, but you can access the current image on your device. And from which you can get the key file.
EDL mode is a very very powerful tool (Much more powerful than debugging, fastboot, or anything you may know of) as it doesn't need unlocked bootloader to use it and through which you can do anything to your device including flashing other ROMs.
Good luck on your impossible quest. Make sure to post updates should you find yourself stuck.