[XYBOARD][RECOVERY] Funding for Dev to create Recovery/Rom - Xoom Android Development

I would like to know how many forum members would be willing to donate funds to any developer willing to seriously work at creating a recovery program and maybe one rom for the Xyboard 10.1 4G/LTE device.
I realize the bootloader is still locked, but devs have managed to bypass the bootloader on other devices using some very creative thinking. The bootloader on my Droid Razr is still locked, but we have Safestrap, CWM
There is also a member i saw that would be willing to donate a xyboard for testing.
I would be willing to donate $100 towards this project.
We need to show the manufacturers that our platform is truely OPEN SOURCE?

so, here we meet again, chumboy
well i'm in, offering 50$ for unlock/bypass

nchantmnt said:
so, here we meet again, chumboy
well i'm in, offering 50$ for unlock/bypass
Click to expand...
Click to collapse
welcome! hey again.
fair amount of views, not many investors.
surprised, it's verizon's main tablet that has 4g (besides the galaxy tab 10.1 which i heard is discontinued).
patience.

I would get in on this. I have actually been trying to figure out Hash's safestrap to see how it is replicated for different devices.
Sent from my Droid3 using xda app-developers app

I know it can be done...it's just a matter of interest. Is some dev interested in spending time to figure it out.
we have recovery for many, many devices whose bootloaders are locked.
SafeStrap would be great....or TWRP.
So far, we have $150 available for anyone who creates a recovery. Come 'n git it, devs!

why not create a simmilar thread at xoomforums.com... guess the most of interested useres aren't reading much @ XDA since atm there is no development going on for this device.
if you do so, just be sure to link to each other thread, list the users & amount and sync those two threads in their first post like:
"chumboy (xda/xoomforums) - 100$
nchantmnt (xda/xoomforums ) - 50
.....
hopefully many many more
_____
total funds until 28th of Sept - 150$
ill try and see if i can get some users @ androild-hilfe.de to join in
maybe u know of some other forums as well
cheers

25 from me if the recovery will working for international xoom2 too.

Hello guys,
i want to help you to get a custom recovery for your XOOM2,
because i´ve long waited for a cwm that could be used on my phone - Motoluxe XT615.
And i got sick of all those devs out there who don´t want to help us to make it even easier.
So my mates and me tired a lot together. Finally a chinese developer team got it.
So i hope i can charge my knowledge with you.
My first few questions are:
- Any tries of implementing 2nd init?
- Which type of internal storage (MTD, EMMC)?
- Locked bootloader (realy think so )?
- Can you upload the init.* script in the root of your phone?
I hope you have rootaccess

luxxx123 said:
Hello guys,
i want to help you to get a custom recovery for your XOOM2,
because i´ve long waited for a cwm that could be used on my phone - Motoluxe XT615.
And i got sick of all those devs out there who don´t want to help us to make it even easier.
So my mates and me tired a lot together. Finally a chinese developer team got it.
So i hope i can charge my knowledge with you.
My first few questions are:
- Any tries of implementing 2nd init?
- Which type of internal storage (MTD, EMMC)?
- Locked bootloader (realy think so )?
- Can you upload the init.* script in the root of your phone?
-and yes we have root
I hope you have rootaccess
Click to expand...
Click to collapse
for 2nd init i really lack the knowledge of how to do this, but atm trying to get to know more about it. is this even working on ics?
internal storage should be mtd if i'm not totally wrong...
the bootloader is locked, we are sure about that and about the init... will upload it for you later... first got to recharge^^
what kind of approach is it that you have in mind? i may lack the knowledge about bootstrapping etc, but i'm eger to learn

nchantmnt said:
for 2nd init i really lack the knowledge of how to do this, but atm trying to get to know more about it. is this even working on ics?
internal storage should be mtd if i'm not totally wrong...
the bootloader is locked, we are sure about that and about the init... will upload it for you later... first got to recharge^^
what kind of approach is it that you have in mind? i may lack the knowledge about bootstrapping etc, but i'm eger to learn
Click to expand...
Click to collapse
The 2nd init should not be a problem. Internal storage is /mnt/sdcard/ external drive can be loaded on /mnt/usbdisk_1.0/
The bootloader is locked, Motorola has not released this yet. However, I did decode a file that had the agreement for unlocking the bootloader so this leads me to believe it will happen in the future.
My knowledge of bootstrapping is limited as well but I do know that if Motorola's system catches anything of another system trying to run, it will reject it and either bootloop or reboot. The secret is in the boot stage not interacting with factory boot at all.

wow...you guys are talking way over my head. i understand somewhat, but at this time, i can't contribute anything but funding.
and emotional support !!!
let me know what a non-coder like myself can do to help you.
so far, we have $175 available to dev who creates recovery.

Devs,
Just want to make sure you dev's are working on the Xyboard 10.1" with LTE connectivity and not just the wifi only device.
It's the Xyboard MZ617 7444.

Realy guys i don´t want your money
On my phone we got a CWM recovery via hijacking battery_charger.
That means when your phone is of and connect it to any kind of power supply it normaly starts this huge battery loading animation.
We simlinked this battery_charger script to a folder that excutes the CWM.
So everytime i shutdown the phone and connect it to powersupply i´ll enter CWM.
I´m quite sure this will work on your tablet, too.
I just can help you with this kind. When your aim is to get a real 2nd Init i can´t help you,
because there my knowledge ends too.
But for beginning i think it would be nice to have any kind of custom recovery, or?
To beginn i realy need the init scripts guys. Open your filebrowser and go to internal storage root, there they should be.

Sorry was abroad for some days
Yes, any kind of custom recovery would be nice. Here you go with the init.
Any information on how you are going to do this would be nice so we can alter this to our needs (thinking about some bootloader to choose weather to load cwm or automatic just charge after some seconds would be nice)
What are the limits of this way? Guess we will not be able to flash kernels, right?

First off, sorry for double-posting
having read myself enough into 2nd init i guess there will be no way to get this running on our xoom2/xyboard models, as the devices need to be running some froyo-kernel to get this working. Maybe even a tweaked gingerbread-kernel can be used for 2nd init, but it should not be possible with honeycomb or even ics. So i guess our best bet is to concentrate on the option luxxx123 is going to give us.

Wow...interest seems to be picking up! That's great.
the Xyboard is really a pretty good tablet.
What you guys are discussing is slightly over my head so i'll just lurk and help when i can.

The kernel version is 3.0.8 Does froyo go into the 3's? I thought it stopped at 2.6.
Sent from my Droid3 using xda app-developers app

Youre right... Froyo stopped at 2.6 but if i recall it correctly the hijack of 2nd init doesnt work with newer kernel versions. But i would be glad if i was wrong here
Gesendet von meinem XOOM 2 mit Tapatalk 2

I tried pulling the 2nd init and hijack from my Droid 3 which has Hash's Safestrap. I customized a few things for my Xyboard and put the files in place but it put it into a bootloop. You just may be right.
Sent from my Droid3 using xda app-developers app

I'll save you guy some trouble, boostrap and safestrap won't work, bootstrap hijack method will not work, bootstrap is open source and you can find all the stuff on github by koush, safe strap by hashofcode will not work, it utilizes the same hijack binaries of bootstrap, this is also open source on his github,
Both can be built from the source, with the recovery files build from cm9 or cm7 .
I have built the recovery and the bootstrap they simply do not work.
That said i have gotten rid of my two (I even at one point offered to send one of mine to a known developer, not one took me up on the offer that's why I learned how to do it myself.
Now someone here brought up a way that peaked my interest, syslinking the charge while battery off script to a custom script to boot into a custom recovery' (cwm or twrp) this seems like the most likely at this could be done.
Someone with some time could find the script in question and post it I'm sure myself or someone else could get something going.
Sent from my Nexus 7 using Tapatalk 2

Related

[Q] {Q} ClockworkMod

now im coming from many other android related phones but what i remember most that may help....ima test this but i remember ClockworkMod Recovery being used for MT3GS.......we go into our stock recovery; click update.zip (which was the clockwork recovery) and it would boot up a recovery mode that way; has anyone attempted this?
....Just a thought towards root or atleast custom recovery
s0xpan said:
now im coming from many other android related phones but what i remember most that may help....ima test this but i remember ClockworkMod Recovery being used for MT3GS.......we go into our stock recovery; click update.zip (which was the clockwork recovery) and it would boot up a recovery mode that way; has anyone attempted this?
....Just a thought towards root or atleast custom recovery
Click to expand...
Click to collapse
The way I understand is the locked or bug in NAND will not allow for a recover. It removes all SU permissions on reboot.
Big Dawg 23 said:
The way I understand is the locked or bug in NAND will not allow for a recover. It removes all SU permissions on reboot.
Click to expand...
Click to collapse
i feel as if if we can get into fastboot and do modifications that way (thanks Modaco) why cant we go even further to be that a means of rooting; with appropriate scripts? why is it people are like *sigh* i have no root but i have temp root.......nand locked but i can do **** with android actually open; what if there was a way to initiate visionary on run.....before actual loading the os like the steps as
power on > visionary/turn into custom recov or custom boot like magldr is supposed to be> os?
This thread can't be serious.
Sent from my T-Mobile G2 using Tapatalk
unforgiven512 said:
This thread can't be serious.
Sent from my T-Mobile G2 using Tapatalk
Click to expand...
Click to collapse
so it cant be serious because i have an idea? that can help speed up the development for your phone? thanks guy
s0xpan said:
i feel as if if we can get into fastboot and do modifications that way (thanks Modaco) why cant we go even further to be that a means of rooting; with appropriate scripts? why is it people are like *sigh* i have no root but i have temp root.......nand locked but i can do **** with android actually open; what if there was a way to initiate visionary on run.....before actual loading the os like the steps as
power on > visionary/turn into custom recov or custom boot like magldr is supposed to be> os?
Click to expand...
Click to collapse
Have you contributed anything to the G2 root effort? Some of the best Android hackers are working to root this phone; in fact many of the same ones who came up with the method you posted in your first post.
im actually attempting but with any type of movement requires a brainstorming; so i was literally brainstorming outloud......i cant help if my ideas have been thought of you kno
There's a thinktank thread, it was posted there, it won't work.
Sent from my HDfied HTC Desire
Not trying to be rude, but present some facts. Try it out. Show us the code. Explain your findings. And present your idea in a clean, intelligent, organized manner. That means capital letters. That means punctuation. That means use the space bar.
I agree with, I'd say, ~90% of the other users here. All the useless crap in this forum is doing absolutely nothing towards getting actual development accomplished.
Mods: Please lock and/or delete this thread. Also, I apologize for wasting an entry in the SQL database. =P
Sent from my T-Mobile G2 using Tapatalk
well i have an idea; ima pursue it the clockwork mod has been proven to not work so ima attempt ; ima get this working even though i dont have contact with too many devs working on this phone
s0xpan said:
well i have an idea; ima pursue it the clockwork mod has been proven to not work so ima attempt ; ima get this working even though i dont have contact with too many devs working on this phone
Click to expand...
Click to collapse
Haha good luck. People keep posting about what should be done yet have no idea what actually goes on to do any of this stuff. It isn't as simple as "making" it, you have to know HOW to make it. Please go to the think tank thread.
thinktank thread is good but the WIKI is even better. I just wish it was updated more often -- but anyway this thing has everything short of #g2root irc
http://forum.xda-developers.com/wiki/index.php?title=HTC_Vision#Intro
READ THIS REALLY F*CKING CAREFULLY --- it is great reading. If you have ideas after reading it (i said read it dont glance it dont masturbate on it just read it as if it was your last will and testament) and then speak up.
Look not to rain on ur parade buddy but in order to do that on the mts you first had to install the enginering img to the phone that allows unsigned packages. Now since we have a copy of the eng img for the g2 (we as in the devs not me) and the phone will not let you downgrade to it so therefore the mts way of loading a custom recovery won't work. I traded in my mts to get my g2.
androidcues said:
thinktank thread is good but the WIKI is even better. I just wish it was updated more often -- but anyway this thing has everything short of #g2root irc
http://forum.xda-developers.com/wiki/index.php?title=HTC_Vision#Intro
READ THIS REALLY F*CKING CAREFULLY --- it is great reading. If you have ideas after reading it (i said read it dont glance it dont masturbate on it just read it as if it was your last will and testament) and then speak up.
Click to expand...
Click to collapse
Wow, I didn't even know this existed. Thanks mate!
As for OP, post this in the thinktank thread. Why did you bother making your own thread? You only had an idea, which is what the other thread is for. If you had tried it out and had success, then it may be a different story.
Don't post stuff here unless you get permission

Kernel Source

Hello,
Im not sure if anyone was aware, but the source code for the kernel is available from the Acer website. Im not sure if this would help with the dev of roms or cracking the bootloader. Thought I would throw it out there.
Its available on the Acer support page under the A100, and is around 100mb
mvan4310 said:
Hello,
Im not sure if anyone was aware, but the source code for the kernel is available from the Acer website. Im not sure if this would help with the dev of roms or cracking the bootloader. Thought I would throw it out there.
Its available on the Acer support page under the A100, and is around 100mb
Click to expand...
Click to collapse
Yeah, I saw that. Doesn't make a difference though, we need a unlocked bootloader before a custom kernel we can make with that is useful.
Back in my Xperia x10 days they were able to find a way to crash the stock kernel and were able to load custom kernels with a locked bootloader. Its probably not feasible considering it was a much older kernel version and from a different manufacturer...but one can only hope right? lol
Don't know if it helps, but the thunderbolt also came with a locked bootloader and devs figured out how to flash a custom kernel. The custom was also locked but supported what they needed it to. It was flashed with the same process as our flashing updates manually. Maybe some of the tbolt devs could help?
Sent from my A100 using Tapatalk
We could do a custom rom that through 2nd-init, but so far its been an uphill battle trying to figure it out. I'm not a kernel developer, but I've done some work modifying and working with cm7 kernels but nothing to this scale.
I do know that we wouldnt be able to change the kernel on this device or a modified recovery because there's some checking going on with the checksum of the disk images.
@crossix
Have you seen this thread in the Nook Tablet forums?
They found a way around the the bootloader problem.
I was thinking the above. Maybe we can make a work around through the kernal code. I havnt done programming on this low of a level but can scan through to see if and what checks there are and if there are any loopholes... I like to think they have a backdoor somewhere in there...
Excuse me, I was wrong. The tbolt with its locked bootloader was solved a little differently. I think what they did was flash an entirely different bootloader to it. One that was still encrypted but unlocked. Don't know if that's possible in this case but thought it was something to mention.
Sent from my LG-VM670 using Tapatalk
Maybe we should talk to nemith and fattire and they may have some suggestions. I am no where shilled at this level of development to talk intelligently to them. My development skills lie in the .Net field and at the application level. So I am not much help.
@painter... i have been looking through the nook forums that you referred to and i certyainly think that this is possible route to go with the a100. this is also way above my skillset, however i will be more than happy to do what i can if there are any developers interested. i have been doing alot of research into the locked bootloader and this is the most promising news that i have heard so far. I wish we could get more devs interested in this little tablet because it has great potential if we could get past the bootloader.
What Ill do later is download the code again, had before, but accidentally deleted it, and look through some of the more important code to see what can be found. Why would Acer put up the source code if there isnt a way to alter the kernel? Seems counter-intuitive to put it up without a purpose...
here is some info on 2nd init, if anyone smarter than me is interested in having a look.....good luck!..... http://cvpcs.org/blog/2011-06-14/2nd-init._what_it_is_and_how_it_works
mvan4310 said:
What Ill do later is download the code again, had before, but accidentally deleted it, and look through some of the more important code to see what can be found. Why would Acer put up the source code if there isnt a way to alter the kernel? Seems counter-intuitive to put it up without a purpose...
Click to expand...
Click to collapse
Because they have to, its required by gpl to make the source public. Just because they make it public, doesnt mean that it'll compile properly though. But, in this case it does compile cleanly and with it we could probably take bits and pieces of cwm for the a500 and get it to work (their gpl version not thor's recovery). How to do that tough with our current encrypted recovery I dunno.
I looked at the thread and it definitely looks like something doable but what offset would we use and how would we tell the boot partition to go look for a custom recovery when we cant even open it to alter its contents since it and the recovery partitions are both encrypted.
If you make a image of either partition using dd and try to mount it and read its contents you see gibberish rather then editable files in the images. might be able to poke at it with a hex editor, but that's beyond my skill level.
Sent from my MB860 using XDA App
Im still in the extraction process, and it is a rather large image. Its around 500mb compressed. I can take a look into it, but cant make any promises that Ill find anything at all. I understand the gpl and whatnot, and the partitions being encrypted, and am just hoping that somewhere in the kernel is a clue as to what is being done that can help us along the way to cracking this thing.
I didnt think of this until now, but is the newer A500 encrypted? If s, maybe we can find the difference between the older and the newer version somehow and see what they are using. Just a thought, could be completely wrong.
from what I understood (I could be completely wrong though) one of the newest updates that brought the a500 up to 3.2.1 changed their encryption method so itsmagic (their security hole) no longer worked. The work around for that was to downgrade to 3.2 and install cwm / itsmagic and them flash a recovery 3.2.1 image.
Sent from my MB860 using XDA App
Hmm, Not sure. Ill look around. Im still trying to root my tab, have been unsuccessful thus far, and about 3 hours into trying..
is there any benefit in opening the device and sniffing around? I know the bootloader's encrypted but some of it might not be? That's how GeoHot found the first iPhone unlock exploit; by shorting two pins or something?
I also know it's possible to read NAND chips with an Arduino to some extent. I dunno, just talking out loud...
Never thought of finding a way through the hardware itself. I have never opened my Acer, probably wont. I have a Chromebook and they only way to install another OS on it was to flip a switch and pop the cover off, since it has a button thats enabled with the case on that prevents writing to specific portions and whatnot... Good thought. Maybe someone will look into this further.
A100 teardown
http://www.techrepublic.com/blog/it...eardown-lots-of-tech-crammed-into-7-case/3028
Sent from my PG86100 using Tapatalk
I think its very nifty that it has an expansion slot for a cellular chip. All the specs I can find on the 3g a101 show it as having half the RAM. Wonder what it would take to pop a 3g chip in there and get it working. :-\ You would probably have to flash the firmware from the 101 to get it to see the chip...

Wild speculation

I don't have the experience to know if this is possible, which is why I ask because I'm curious. I post here because I want devs to see it, and think "that could work" or "idiot"
As we know the defy bootloader will probably never be unlocked, now I was thinking would it not be possible to somehow isolate the bootloader from a rom, and run some kind of virtual one in a seperate partition to run a fully custom kernel? It's probably crazy but I'm dying to know what people think, don't be too hard on me I have no coding experience :/ however all opinions are welcome I think anything is possible
Sent from the real world by hacking into the matrix
I don't want that this will become another dead Bootloader-Hacking-Thread but I want to give you an answer with the facts:
1) There currently is no known way to execute code before booting the kernel because everything is well protected though signing code.
2) The only way to boot a kernel after kernel-boot are tools like kexec or 2ndboot. But a phone's RIL is a heavy stone on that way because it's not that easy to reinitialize this part of hardware and without RIL a phone is useless. The main-developers canceled this project due to this reason.
Other "non-phone"-devices with locked bootloader (like Sony's google-tv) are using this method without problems.
3) You can use kexec/2ndboot to load a full bootloader instead of an kernel only, too. But because we don't have the source we would have to reverse engineer it to disable the signature check of the kernel otherwise you would load another useless protected bootloader This was also an project but I don't think it's still alive...
Additional note: You can't directly flash a modified bootloader because our chipset has built-in OMAP3-security features. This means the CPU will only boot signed Code from NAND.
You can find many helpful information about this topic on this page:
http://and-developers.com/partitions:cdt#cdt_table_of_droid_x
Thanks that clarifies things quite a bit, however I mean loading not just a second kernel but a WHOLE bootloader that would handle the phones entire functions independently, or is it completely hardwired so its impossible for something to override it? (Sorry if you have already answered in the above). Another thing, has noone tried to compile custom fixed sbf? Maybe the bootloader could be replaced that way? In software almost anything done can be undone in some way, although perhaps this is the rare case where it isn't
Sent from the real world by hacking into the matrix
I edited my post to have everything at one place.
I hope this answers your questions.
The bootloader is like the bios in a pc (actually is part of the bios), it's what initializes the device and loads the rest of the code. to load it again or another one you had to reinitialize the device. the issue with the RIL is that when reset or restarted it "panics" and resets the whole device (I think, read it somewhere).
also the second unlocked bootloader that you want to load does not exist anyway.
it's better to just help the developers with bug reports and testing than daydream.
sorry mate!
m11kkaa said:
I edited my post to have everything at one place.
I hope this answers your questions.
Click to expand...
Click to collapse
So its all been tried before, damn! XD at least the devs here have done a fine job of making good roms even with this limitation, guess I will do my research before I buy my next phone as I love playing with roms, the more custom, the better
Sent from the real world by hacking into the matrix

Developers

Is there anyone developing for the Kindle Fire 2?
As far as I can see, the answer is no but I'm not sure if you're all just been busy and work and don't have much to post yet.
If there is no dev team(s), or devs at all working towards getting this thing with a working Recovery and ROM, I will most likely put together a team this weekend.
Also, assuming there are devs, may you share any findings you have? Why or why not the recovery is being a difficult process and whatnot.
I will probably put together a team just in case, I just can't make promises until I meet this weekend and see if they want to work on this.
If/when i get a team I will make a thread for it and post any news updates as they happen. I really hope we can all get this thing cracked open soon!
Thank you in advance!
UPDATE!:
I hit reply instead of save, so I lost my post sadly, so bullet points!
-I could not contact the main dev.
-I do not plan on making a full dev team anytime soon.
-Powerpoint45 and Hashcode are making progress, moreso Powerpoint, although eventually it seems Hashcode plans to have a workaround, just no ETA or promises from him, but there is more hope than before!
-I will still help and try and offer advice to any newer people, I am not a dev, but I have a decent amount of experience that would be enough to help new people.
Good luck to all!
I too would like to know this. I don't have much but I would donate what I can to the first dev or team to get us past this locked bootloader.
Sent from my SAMSUNG-SGH-T989 using xda app-developers app
LegendaryCatalyst said:
I too would like to know this. I don't have much but I would donate what I can to the first dev or team to get us past this locked bootloader.
Sent from my SAMSUNG-SGH-T989 using xda app-developers app
Click to expand...
Click to collapse
Thanks I'll let you all know what gets decided this weekend. One coder agreed so far but their experience with Android is limited. The main person I have yet to talk to but he is the one that constantly messes with his android devices since android first came out. The issue is that he does not have a kindle fire, so I may have to buy them ones or lend mine to them to get the coding started.
I have been flashing ROMs and whatnot for a couple years, done my vibrant, galaxy s2, and a few others, but have no coding or developing skills whatsoever. I imagine everyone starts somewhere but I don't have the slightest idea where to begin. I would love to learn though. A locked bootloader seems like a steep challenge compared to obtaining root or developing a ROM. I might be wrong in that regard too.
Sent from my SAMSUNG-SGH-T989 using xda app-developers app
Depends on how the bootloader is signed. The Motorola Droid and Droid X were relatively easy to crack but other devices may never be cracked without help from the manufacturer.
LegendaryCatalyst said:
I have been flashing ROMs and whatnot for a couple years, done my vibrant, galaxy s2, and a few others, but have no coding or developing skills whatsoever. I imagine everyone starts somewhere but I don't have the slightest idea where to begin. I would love to learn though. A locked bootloader seems like a steep challenge compared to obtaining root or developing a ROM. I might be wrong in that regard too.
Sent from my SAMSUNG-SGH-T989 using xda app-developers app
Click to expand...
Click to collapse
Since this device already has Root, I don't know that the bootloader will be an issue. The Gen 1 Kindle Fire has JellyBean running on it already so it may be a (somewhat) simple task to port that to the Gen 2. I'll have to pull it and see what may be device specific to get things running on the Gen 2, but it can be done. We'll need to first get a custom recovery going to allow the ROM to install.
This looks promising from the Gen 1 forum. Perhaps someone can reach out to the dev and see 1) if he's ok with us using it and 2) if he can help get it going on the Gen 2.
http://forum.xda-developers.com/showthread.php?t=1399889
A locked bootloader generally means no custom kernels. Kexec is the only workaround (that I know of) other than unlocking, to start a new kernel . Root simply gives su access, it can't, in and of itself provide kernel customization.
Didn't the recovery for the KFHD's get put on hold? The stock recoveries won't usually let you flash anything that's not signed.
I'm not a dev but it seems like porting the KF1 ROM over to the KF2 should be pretty easy. Other than the bootloader, the hardware changes were minor, just bumping the CPU/GPU up one model and doubling the RAM. Again, it all hinges on unlocking the bootloader or reverse engineering the key it's signed with. Anybody have access to Amazon's EC2 system?
Antoine.WG said:
Didn't the recovery for the KFHD's get put on hold? The stock recoveries won't usually let you flash anything that's not signed.
I'm not a dev but it seems like porting the KF1 ROM over to the KF2 should be pretty easy. Other than the bootloader, the hardware changes were minor, just bumping the CPU/GPU up one model and doubling the RAM. Again, it all hinges on unlocking the bootloader or reverse engineering the key it's signed with. Anybody have access to Amazon's EC2 system?
Click to expand...
Click to collapse
I just toured google today and made a new friend. He doesn't work on the android side, and that building is the most secure on the campus (That and the google+ are the only buildings regular employees can't enter fully without special permissions)
I am hoping he can introduce me to people on the android side of things and see if they would be willing to offer any insight that wouldn't involve an NDA heh.
LaserChicken said:
A locked bootloader generally means no custom kernels. Kexec is the only workaround (that I know of) other than unlocking, to start a new kernel . Root simply gives su access, it can't, in and of itself provide kernel customization.
Click to expand...
Click to collapse
This is true, however the question was around custom ROMS, not kernels. You do not need a custom kernel to run a custom ROM, it's just nice to have the flexability.
Has anyone tried a Kindle fire HD rom? I think the specs are identical except for the screen. I'll do a little research and see what I can do. I would like to see otg working on my son's 2nd generation fire. Sent from my Nexus 7 using Tapatalk HD
I might make a kf2 root app
tjmack3rd said:
Has anyone tried a Kindle fire HD rom? I think the specs are identical except for the screen. I'll do a little research and see what I can do. I would like to see otg working on my son's 2nd generation fire. Sent from my Nexus 7 using Tapatalk HD
Click to expand...
Click to collapse
That's not quite how it works. I would also recommend to NOT TRY ANYTHING ON THE OTHER KINDLE FORUMS. If you check here, people have posted what works. I believe there is one guide for the basic rooting, and another for the steps on using root to make your Kindle do some decent stuff (new launchers, lockscreens, marketplace, all the good stuff!)
However, the issue with the KF2 is not really getting ROMs on, it's the step before it which is getting a working recovery so we can safely flash ROMs onto the device. Once that's done it shouldn't be hard to get a ROM, and it may be even possible to just use a KFHD ROM without any issues, BUT we need the recovery on here first, and getting around the locked bootloader.
To my all caps warning, just check the Q & A forums to see all the people who tried the recovery, rom, and rooting methods for their KF2. Most end up bricked.
If you are experienced in the sort of thing, go ahead and try at your own risk, just be careful. As you may notice, yes, most if not all (can't remember off the top of my head) of the methods we use to root ARE from the KFHD, so yes, some things do work, but way too many times I read about people that tried to put software that wasn't for the KF2 on it and it ends up bricked. Thankfully people seem to be fixing the bricked Kindles, but it's a very unfortunate experience people shouldn't have to go through.
powerpoint45 said:
I might make a kf2 root app
Click to expand...
Click to collapse
Forgot to multi quote :\
This would be great I think! We have the tools so far, it's just that none have been made specifically for the KF2.
Good luck on the app as I'm sure many new KF2 users will appreciate it!
iytrix said:
That's not quite how it works. I would also recommend to NOT TRY ANYTHING ON THE OTHER KINDLE FORUMS. If you check here, people have posted what works. I believe there is one guide for the basic rooting, and another for the steps on using root to make your Kindle do some decent stuff (new launchers, lockscreens, marketplace, all the good stuff!)
However, the issue with the KF2 is not really getting ROMs on, it's the step before it which is getting a working recovery so we can safely flash ROMs onto the device. Once that's done it shouldn't be hard to get a ROM, and it may be even possible to just use a KFHD ROM without any issues, BUT we need the recovery on here first, and getting around the locked bootloader.
To my all caps warning, just check the Q & A forums to see all the people who tried the recovery, rom, and rooting methods for their KF2. Most end up bricked.
If you are experienced in the sort of thing, go ahead and try at your own risk, just be careful. As you may notice, yes, most if not all (can't remember off the top of my head) of the methods we use to root ARE from the KFHD, so yes, some things do work, but way too many times I read about people that tried to put software that wasn't for the KF2 on it and it ends up bricked. Thankfully people seem to be fixing the bricked Kindles, but it's a very unfortunate experience people shouldn't have to go through.
Click to expand...
Click to collapse
I burnt out my usb port trying to make a fastboot cable. I tied the wrong pin in... I'm waiting on my replacement. I'm going to try to use the revrom to get the cwm on my kf2 if that works, I'm sure we could get someone to make a touch cwm or twrp for the kfhd. If the kfhd cwm works, we could use the touch cwm/twrp. Perhaps it will need to be modified... perhaps not. I suspect that the cwm won't work perfectly and we need to modify it to use the correct partition table.
I should mention that using my current factory cable, I can get to fastboot. I just burnt out the data pin. I tried to use dd to flash the revboot stuff, but I forgot to do the part where you get past the locked bootloader... instabrick
fmkilo said:
I burnt out my usb port trying to make a fastboot cable. I tied the wrong pin in... I'm waiting on my replacement. I'm going to try to use the revrom to get the cwm on my kf2 if that works, I'm sure we could get someone to make a touch cwm or twrp for the kfhd. If the kfhd cwm works, we could use the touch cwm/twrp. Perhaps it will need to be modified... perhaps not. I suspect that the cwm won't work perfectly and we need to modify it to use the correct partition table.
I should mention that using my current factory cable, I can get to fastboot. I just burnt out the data pin. I tried to use dd to flash the revboot stuff, but I forgot to do the part where you get past the locked bootloader... instabrick
Click to expand...
Click to collapse
I was trying to make a fb cable earlier today but the connectors were too hard to solder so I need a new cable to work with. I had same idea as u. Trying to boot into a recovery like cwm
Sent from my DROIDX using xda app-developers app
Nvm
you should be able to delete a post...
powerpoint45 said:
I was trying to make a fb cable earlier today but the connectors were too hard to solder so I need a new cable to work with. I had same idea as u. Trying to boot into a recovery like cwm
Sent from my DROIDX using xda app-developers app
Click to expand...
Click to collapse
I bought one on eBay for £3 including free next day delivery. I'll try to find the link as he was selling lots and it was delivered fast (in UK).
EDIT :
http://item.mobileweb.ebay.co.uk/viewitem?itemId=140893291002
Sent using my Jelly fingers.
Not devving yet, but as soon as we have our own recovery...
Sent from my SAMSUNG-SGH-I727 using Tapatalk 2

Fedora on Fire TV

Is anyone tried to do this https://github.com/freedreno/freedreno/wiki/FireTV
It looks like it's possible and done by Rob Clark even in start of May. But lack of root prevent us to use it widely.
Booting process a little bit unclear for me.
Also check this out
I've just asked Rob about locked bootloader on G+, his response was:
To run custom kernel (ie. to get drm/msm driver) you would need an unlocked bootloader. Root the device, and then as root 'pm disable com.amazon.dcp' to block further updates (to avoid existing bootloader being updated). Hopefully the relevant people will be able to release more info about bootloader exploits soon.. having root is the first part of being able to do something useful w/ bootloader.
Click to expand...
Click to collapse
Hey, guys!
Rob posted some details about vulnerability allowing to unlock bootloader in his blog http://bloggingthemonkey.blogspot.ru/2014/06/fire-in-root-hole.html?showComment=1403624931085#c3252639689847494536
Also check the demo using this hole and providing ability to write to physical memory https://github.com/robclark/kilroy
Just need to figure out how to use it, is anyone have an ideas o hints?
iRet said:
Hey, guys!
Rob posted some details about vulnerability allowing to unlock bootloader in his blog http://bloggingthemonkey.blogspot.ru/2014/06/fire-in-root-hole.html?showComment=1403624931085#c3252639689847494536
Also check the demo using this hole and providing ability to write to physical memory https://github.com/robclark/kilroy
Just need to figure out how to use it, is anyone have an ideas o hints?
Click to expand...
Click to collapse
anyone know what this stuff does?
https://github.com/robclark/firetv-grub
unfortunately it seems like there aren't a whole lot of users here with the knowledge to put this information to good use, while i understand what is happening i couldnt begin to make use of any of that information Rob posted. maybe we could we start a bounty on unlocking the bootloader? or should we all just wait it out for jcase and rclark? once the exploits are patched and a update is released im pretty sure your going to see the bootloader unlock made public. Great job in advance to jcase and robclark!
nhumber said:
anyone know what this stuff does?
https://github.com/robclark/firetv-grub
unfortunately it seems like there aren't a whole lot of users here with the knowledge to put this information to good use, while i understand what is happening i couldnt begin to make use of any of that information Rob posted. maybe we could we start a bounty on unlocking the bootloader? or should we all just wait it out for jcase and rclark? once the exploits are patched and a update is released im pretty sure your going to see the bootloader unlock made public. Great job in advance to jcase and robclark!
Click to expand...
Click to collapse
GRUB is a most popular and widely used linux bootloader for PCs
This repo looks like a fork tuned to use in fire tv, I think this one will be used to boot linux on AFTV.
Talking with Rob, he expected, exploit will be issues as soon as amazon will release update.
iRet said:
GRUB is a most popular and widely used linux bootloader for PCs
This repo looks like a fork tuned to use in fire tv, I think this one will be used to boot linux on AFTV.
Talking with Rob, he expected, exploit will be issues as soon as amazon will release update.
Click to expand...
Click to collapse
any new updates on this recently? maybe Robs installation could be easier now that we have the custom recovery option available? pretty interested in getting this running if i can use it for a dedicated xbmc box with proper 24hz support. maybe we could start a bounty for someone who can make an installation that works with cwm if theres interest.
nhumber said:
any new updates on this recently? maybe Robs installation could be easier now that we have the custom recovery option available? pretty interested in getting this running if i can use it for a dedicated xbmc box with proper 24hz support. maybe we could start a bounty for someone who can make an installation that works with cwm if theres interest.
Click to expand...
Click to collapse
Still no news, you could try to ask Rob directly on G+. Not sure if it could be possible through cwm. As for bounty I will pay my $5.
The one thing confusing me, how Rob achieved result in video. Probably there is a way, but some guy still want to make money on it. Another option is a hardware modification.
Yep with linux this box will be very interesting, with Fire OS it's a very specific devise, far from perfect.
iRet said:
Still no news, you could try to ask Rob directly on G+. Not sure if it could be possible through cwm. As for bounty I will pay my $5.
The one thing confusing me, how Rob achieved result in video. Probably there is a way, but some guy still want to make money on it. Another option is a hardware modification.
Yep with linux this box will be very interesting, with Fire OS it's a very specific devise, far from perfect.
Click to expand...
Click to collapse
i did ask him on G+, he said he could upload a pre built boot.img and pointed me to the kernel branch hes using on his firetv, https://github.com/freedreno/kernel-msm/commits/firetv-drm , rbox said its possible if we can get the kernel on there via his recovery.. its all just out of my league. Rob documents how he did it minus the bootloader and root on this page https://github.com/freedreno/freedreno/wiki/FireTV , the instuctions are there so is it possible to flash the kernel with cwm ? and then is it possible to do everything he does with partitioning and file moving via recovery? or if someone gets it on there via his directions is it possible to just make a backup or flashable zip of the whole system? that people can just restore? I'll donate 5$ myself, so that puts the bounty at 10$ i guess.
nhumber said:
i did ask him on G+, he said he could upload a pre built boot.img and pointed me to the kernel branch hes using on his firetv, https://github.com/freedreno/kernel-msm/commits/firetv-drm , rbox said its possible if we can get the kernel on there via his recovery.. its all just out of my league. Rob documents how he did it minus the bootloader and root on this page https://github.com/freedreno/freedreno/wiki/FireTV , the instuctions are there so is it possible to flash the kernel with cwm ? and then is it possible to do everything he does with partitioning and file moving via recovery? or if someone gets it on there via his directions is it possible to just make a backup or flashable zip of the whole system? that people can just restore? I'll donate 5$ myself, so that puts the bounty at 10$ i guess.
Click to expand...
Click to collapse
If he can provide a kernel and the missing link of what to do once you have the kernel and an empty root fs... is it doing an install or is it copying a premade rootfs, then I could probably make some kind of flashable package. I won't have time until next week though.
rbox said:
If he can provide a kernel and the missing link of what to do once you have the kernel and an empty root fs... is it doing an install or is it copying a premade rootfs, then I could probably make some kind of flashable package. I won't have time until next week though.
Click to expand...
Click to collapse
wow guys,
this sounds and looks amazing. This should also enable to run something like OpenELEC natively. Would prefer this much more than having to run Android with all the refresh rate issues.
My box is still in preorder, Amazon says it will ship in about 6weeks. Think this could be an amazing toy
https://github.com/freedreno/kernel-msm/commits/firetv-drm
From some of the commits here, it looks like the Linux kernel does actually support the GPU more or less? Anyone knows if this means 2D/3D or what exactly?
freezer2k said:
My box is still in preorder, Amazon says it will ship in about 6weeks. Think this could be an amazing toy
Click to expand...
Click to collapse
If by preorder you mean Germany/UK... it's going to come with 51.1.3.0 which isn't currently rootable.
rbox said:
If by preorder you mean Germany/UK... it's going to come with 51.1.3.0 which isn't currently rootable.
Click to expand...
Click to collapse
Yes Germany,
Pretty sure it will either be possible due to another exploit by then or worst case with a little bit of soldering The eMMC thing looks promising.
freezer2k said:
Yes Germany,
Pretty sure it will either be possible due to another exploit by then or worst case with a little bit of soldering The eMMC thing looks promising.
Click to expand...
Click to collapse
I wouldn't put too much faith in a new exploit coming out by then, but I guess wishful thinking... The eMMC "hack" is the best route, but I don't think anyone has actually figured it out yet.
Just to update this for those who care, We've got a pre compiled kernel now (located here) and i was informed using the prebuilt fedora f21 images (located here) should include everything needed for graphics drivers to work out of the box with the ftv. Rbox said he would try and throw something together when he gets some time which is great but i figured i'd still throw it out there for anyone else who was curious. I was told a good approach would be to flash the kernel and have the fedora file system on an external USB leaving the amazon file system alone, maybe one day it will be possible to kinda select between two kernels and be able to boot either fedora from external usb or the stock amazon OS from the onboard storage. Bounty is still at 10$
nhumber said:
Just to update this for those who care, We've got a pre compiled kernel now (located here) and i was informed using the prebuilt fedora f21 images (located here) should include everything needed for graphics drivers to work out of the box with the ftv. Rbox said he would try and throw something together when he gets some time which is great but i figured i'd still throw it out there for anyone else who was curious. I was told a good approach would be to flash the kernel and have the fedora file system on an external USB leaving the amazon file system alone, maybe one day it will be possible to kinda select between two kernels and be able to boot either fedora from external usb or the stock amazon OS from the onboard storage. Bounty is still at 10$
Click to expand...
Click to collapse
This sounds great,
would love to try it Biggest issue remaining would probably be rooting the devices that are shipped out now...
Just saw this:
http://bloggingthemonkey.blogspot.de/2014/06/fire-in-root-hole.html
Looks like there is a CVE that allows to root the FireTV, which is different from Towelroot?
Anyone knows if this has been fixed by Amazon?
Here is some proof of concept code:
https://github.com/robclark/kilroy
nhumber said:
Just to update this for those who care, We've got a pre compiled kernel now (located here) and i was informed using the prebuilt fedora f21 images (located here) should include everything needed for graphics drivers to work out of the box with the ftv. Rbox said he would try and throw something together when he gets some time which is great but i figured i'd still throw it out there for anyone else who was curious. I was told a good approach would be to flash the kernel and have the fedora file system on an external USB leaving the amazon file system alone, maybe one day it will be possible to kinda select between two kernels and be able to boot either fedora from external usb or the stock amazon OS from the onboard storage. Bounty is still at 10$
Click to expand...
Click to collapse
Thanks for links, I'm going to try. One thing confusing me, Rob mentioned we have to use diag partition for kernel and rename it to boot because boot is not big enough. Will play around this weekends.
freezer2k said:
Just saw this:
http://bloggingthemonkey.blogspot.de/2014/06/fire-in-root-hole.html
Looks like there is a CVE that allows to root the FireTV, which is different from Towelroot?
Anyone knows if this has been fixed by Amazon?
Here is some proof of concept code:
https://github.com/robclark/kilroy
Click to expand...
Click to collapse
iRet said:
Thanks for links, I'm going to try. One thing confusing me, Rob mentioned we have to use diag partition for kernel and rename it to boot because boot is not big enough. Will play around this weekends.
Click to expand...
Click to collapse
Yes, UK/GER/UnRooted-US FTV's, there is a Santa Claus"
iRet said:
Thanks for links, I'm going to try. One thing confusing me, Rob mentioned we have to use diag partition for kernel and rename it to boot because boot is not big enough. Will play around this weekends.
Click to expand...
Click to collapse
I gave some tips in the cwm thread on how to avoid bricking. I don't even know of how you'll boot in to recovery from a running linux in the first place. Unless you know how to write the bootloader message.
Y314K said:
Yes, UK/GER/UnRooted-US FTV's, there is a Santa Claus"
Click to expand...
Click to collapse
Except that post is extremely old.
rbox said:
I gave some tips in the cwm thread on how to avoid bricking. I don't even know of how you'll boot in to recovery from a running linux in the first place. Unless you know how to write the bootloader message.
Click to expand...
Click to collapse
Can we patch this boot image outside your cwn to try it with fastboot boot?

Categories

Resources