Hi! After latest OTA update I was left with an unbootable Galaxy Nexus (zygote couldn't start) and I lost root (su needed activitymanager up). So I needed to unlock to revive the phone, but I really didn't want to lose my data. After some exploration I could come up with a way to unlock bootloader without wipe and without root. I have seen several questions about this here and this was deemed impossible, so I decided to share my findings and expect they might help someone. Should work with GSM tuna phones.
Components for success:
— unlocking without wipe via putting a byte in param partition (needs root):
[1] http://forum.xda-developers.com/showthread.php?t=1650830&page=15
— OMAPFlash, a low-level utility for manipulating and flashing chipset (usually used to unbrick phones)
[2] http://forum.gsmhosting.com/vbb/f63...9250-galaxy-nexus-gt-i9100g-gt-i9300-1465412/
Take the two of them and you have a solution. I could successfully flash unlock byte to param partition using OMAPFlash.
A sketch of a guide:
1. Boot windows xp, download OMAPFlash (http://d-h.st/XNv), connect a turned off phone without battery, install drivers for omap device. (Mod edit: I've updated the download link.)
2. Dump a part of param partition. You don't need to dump the whole partition, but I think it is safer if you dump a sector-aligned area (512*n). I used 4KB (8 sectors).
Code:
OMAPFlash -omap 4 -2 -p OMAP4460_TUNA_8G_HS_PRO -t 36000 chip_upload [email protected] 1000 param.img
chip_upload is for downloading data from device memory
[email protected] is the start of params partition (check /sys/block/mmcblk0/mmcblk0p4/start, multiply by sector size 512 and convert to hex)
1000 is to copy 4KB.
Sometimes the process stalls (esp if you try to download larger dumps), just reconnect and retry.
3. Verify that the content is similar to first 4 KB of the dumps of param partitions attached in the thread [2]. For me they matched entirely.
4. Change the byte at offset 124 (0x7C) from 01 to 00.
Code:
echo -ne "\x00" | dd obs=1 count=1 seek=124 of=param.img conv=notrunc
5. Flash it back to the device.
Code:
OMAPFlash -omap 4 -2 -p OMAP4460_TUNA_8G_HS_PRO -t 36000 chip_download [email protected] param.img
Reboot, you are unlocked.
Additional links:
[3] http://forum.gsmhosting.com/vbb/f634/gt-i9250-pinout-enjoooy-1463061/ GT-I9250 JTAG pinout. Not directly releavant to the guide, but I found it while searching for solution, thought that can help someone in future.
Additional reading
The dangers of OTA when you have root, or why I was stuck with an unbootable phone at all
I learned the hard way that OTA may cause unpleasant results if you are trying to preserve root and mess with filesystem.
I was trying to preserve root in a way similar to one used by rootkeeper apps: put a copy of su somewhere in /system and make it immutable. So I went and put my su to /tts (thought that it's unprobable that OTA will do something there), and made it immutable.
And then the update came. As part of the the update process it copied a new version of /system/usr/share/zoneinfo/zoneinfo.version file and the file got 660 perms (package_extract_dir("system", "/system") in the update_script). Then it went on to recursively fix permissions so that the mentioned file would be made readable (set_perm_recursive(0, 0, 0755, 0644, "/system")). But the set_perm_recursive was met by immutable su in tts directory, chmod returned error and the recursive process was stopped before it got to zoneinfo.version file. So the latter file remained unreadable.
Unfortunately during startup zygote preloadsClasses, static constructor in some sqlite class needs DateFormat, and DateFormat reads zoneinfo. And fails cause it's unreadable. Exception, System.exit. Phone boot stuck.
To work my copy of su needs to send a message to ActivityManager service using binder. I wrote a dirty mock for AM but servicemanager didn't accept my fraud, it checked uid. I tried to bypass preloadClasses with overflowing system file descriptors count to prevent zygote from reading preload class list, but somehow it didn't succeed. Thus the only option I had was unlocking bootloader.
So it may end bad if you mess with /system on a stock rom with locked bootloader and want to receive OTA. It may seem natural, but sometimes the changes seem irrelevant, and then a chain of small failures leads you to loss of everything: boot, root, and data.
This is great work! Kudos to you for figuring it out.
By the way, where did you find the syntax for OMAPFlash commands?
efrant said:
This is great work! Kudos to you for figuring it out.
By the way, where did you find the syntax for OMAPFlash commands?
Click to expand...
Click to collapse
There are some docs in OMAPFlash_tuna.zip package. The most interesting is OMAPFlash.txt that lists options and commands and has some examples.
Also I was lucky that there is a complete example for unbricking GT-I9250 in Targets/Projects/tuna. This is where I took the options specific for this device.
nichtverstehen said:
There are some docs in OMAPFlash_tuna.zip package. The most interesting is OMAPFlash.txt that lists options and commands and has some examples.
Also I was lucky that there is a complete example for unbricking GT-I9250 in Targets/Projects/tuna. This is where I took the options specific for this device.
Click to expand...
Click to collapse
Exactly. I haven't needed this yet, but i had looked in those board files, cross examining with omap 4460 manual that can be found on the web. Thanks for sharing.
I was not aware that JTAG method had been found. Great news.
Sent from my i9250
Works!
Awesome - this worked for me! Unlocked, unrooted, TAKJU Galaxy Nexus w/JB 4.2.2. I used OMAPFlash_tuna.zip (download link).
I had issues when the downloaded param.img file was long, so I replaced 1000 with 200 in the commands. Regardless, it still took me probably 5-10 tries on each command to get it working (unplugging and replugging the phone in between), and sometimes it would freeze up and I'd have to restart Windows. If it takes longer than 5 seconds, you should press Ctrl+C and restart that step.
My problem was that one of my volume buttons is messed up, and as a result the fastboot screen doesn't work - Windows doesn't detect a fastboot device, and none of the hardware buttons or the touchscreen works either. As a result I needed to unlock the bootloader without using fastboot (oem unlock), and this did the trick!
Also, on Windows, I downloaded a hex editor (i.e., HxD) to do the editing. My modified param.img (only 512 bytes) is attached as well.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Thank you!!! It worked for me too!
The volume buttons on my Galaxy Nexus didn't work and I can't recharge the battery via USB. The USB works only as data connection. Despite all these issues on my phone, it worked for me too!!
I replaced the size in the commands from 1000 to 400 (1024 bytes = 2*512), and I had to put the battery on the phone.
Sweet jesus I cannot express enough gratitude for this post. While I was a little worried about bricking my device, it would up working perfectly.
A couple of confusing points for anyone out there trying to do this:
- The dump / reflash should only take a few seconds each. If it hangs, cancel and re-start the process.
- Install the drivers with the device OFF but plugged in. You will have an OMAP device without a driver in your device manager. Update the device driver and you're good to go.
- I didn't know how to get the dd command to work on windows, so I also went the Hex editor route it it worked flawlessly
- The only snag I ran into was that it did not boot into my flashed CWM after doing an "adb reboot recovery" from the stock rom. It went back to the stock android recovery. From there I did "fastboot boot cwmrecovery.img" and installed my rom and gapps. After that initial boot, it rebooted into recovery just fine! It seems like a weird glitch (maybe just a one-off).
Cheers
techobrien said:
- Install the drivers with the device OFF but plugged in. You will have an OMAP device without a driver in your device manager. Update the device driver and you're good to go.
Click to expand...
Click to collapse
This is a critical step right here. This thread either should be linked on the 101 FAQ if it's not already or stickied.
a maguro wrote this.
techobrien said:
- The only snag I ran into was that it did not boot into my flashed CWM after doing an "adb reboot recovery" from the stock rom. It went back to the stock android recovery. From there I did "fastboot boot cwmrecovery.img" and installed my rom and gapps. After that initial boot, it rebooted into recovery just fine! It seems like a weird glitch (maybe just a one-off).
Cheers
Click to expand...
Click to collapse
Sounds like you are getting hit with the /system/recovery-from-boot.p file. When you boot into Android, this file checks to see if you have stock recovery...if not, it replaces it with stock recovery. You can rename, move, delete the file safely. It shouldn't exist in custom ROMs, which would explain why after installing a ROM and Gapps you were fine.
This is pretty cool. Nice find OP.
cupfulloflol said:
Sounds like you are getting hit with the /system/recovery-from-boot.p file. When you boot into Android, this file checks to see if you have stock recovery...if not, it replaces it with stock recovery. You can rename, move, delete the file safely. It shouldn't exist in custom ROMs, which would explain why after installing a ROM and Gapps you were fine.
This is pretty cool. Nice find OP.
Click to expand...
Click to collapse
This post thread have not been getting the attention it deserves..
Beamed from my Maguro.
cupfulloflol said:
Sounds like you are getting hit with the /system/recovery-from-boot.p file. When you boot into Android, this file checks to see if you have stock recovery...if not, it replaces it with stock recovery. You can rename, move, delete the file safely.
Click to expand...
Click to collapse
Good to know for next time round. The flimsy headphone ribbon cable is the bane of my existence and it seems like a somewhat common problem. I didn't think that the custom rom would touch the bootloader so I was confused, but /system/ makes sense. Thanks for the tip.
Just in case anybody was wondering, this method also worked for my Verizon GNex LTE. I also used a HEX editor.
Hi,
i'm thinking to use this method to unlock my Nexus' bootloader, in order to gain root privileges without wiping the memory.
This because i need to try and undelete files i have lost on my phone, to do this i need the root but i can't use the normal procedure that would wipe forever all the data i need to restore.
As i am new to this kind of operations, i never even rooted my Android phones, i wanted to ask if this procedure can fit my situation, and if there are any risks....
Thank you very much
EDIT: It worked perfectly!!
Thank you very much!!
Did anybody try it on MAGURO device? Does it require any change in the procedure?
Um... The op (and others) did it on a maguro? After all, the title says "on GT-I9250".
Isn't a i9250 a Maguro?
Beamed from my Grouper
Mod edit: removed quote of the OP.
Is WinXP really required for this process or will it work on newer versions of Windows ie Win8?
mielli1 said:
Is WinXP really required for this process or will it work on newer versions of Windows ie Win8?
Click to expand...
Click to collapse
Please do not quote the first post of threads when you reply.
As for your question, if you can get the driver to install on Windows 8, the program will work fine. The driver installs fine in Windows 7 by the way.
Don't forget to disable driver signature verification if you are trying to install drivers in Windows 8.
Windows 8 - stuck at installing drivers
beekay201 said:
This is a critical step right here. This thread either should be linked on the 101 FAQ if it's not already or stickied.
a maguro wrote this.
Click to expand...
Click to collapse
I have a Nexus with a broken volume up button, so am trying this method as a way of unlocking the bootloader and rooting my device.
When I plug the powered off device into the usb port, constantly get the sounds of a device being inserted, and then unplugged (two different beeps.) This continues until I unplug the phone.
Is this the step where I should get a "found new hardware" notification? It is not happening for me, and I'm wondering if this is Windows 8 related.
FYI - I have already disabled driver signature verification.
Related
Howdy all!
What's this? Read on, dear reader, to discover the magic that is PurpleDrake.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
What is this?
This is a utility to easily root your LG G3 (specific models only). It's a fairly foolproof script that includes all the dependencies you'll need for getting your phone rooted easily.
This is the FULL version. This means that it will automatically root, and ask you if you want TWRP installed and a custom boot that doesn't trip the root checker!
Click to expand...
Click to collapse
Who made this?
This root is a collaboration between myself (IOMonster), jcase, and autoprime.
Special thanks also to beaups for some initial guidance looking at the vulnerable application.
Thanks to @Shelnutt2 for the security-disabled boot.img
Thanks to @Dees-Troy for the TWRP image!
Click to expand...
Click to collapse
Is my phone compatible?
The new LG G3 models each are slightly different with regards to rooting and unlocking.
To see a matrix of which LG G3 phones are compatible with this root, please see this Google Docs spreadsheet that we've compiled.
When you run this program, your phone will reboot and run a test to see if it's compatible. If the application succeeds, it'll let you know that it's able to permaroot you. If not, it'll fail gracefully and reboot you back to normal Android without having changed anything.
Please note that this version is currently only compatible with the T-Mobile D851 version of the LG G3. For other phones, we suggest you look for the LITE version of PurpleDrake.
Click to expand...
Click to collapse
How do I use this?
WE NOW SUPPORT WINDOWS! YAY ME
To start, for either platform you'll need to scroll down to the download section and get the file.
Ensure that your phone is in ADB mode (PTP Mode for everyone but Verizon. Verizon users need to be in "Internet"/"Ethernet" mode)
Linux Instructions (in a terminal!)
Extract the file you downloaded...
tar xvf ~/Downloads/PurpleDrake-TMO_VERSION.tar.gz
Mark the application as executable, and run it!
cd PurpleDrake-TMO
chmod +x purpledrake_linux.sh
./purpledrake_linux.sh
OSX Instructions (just a bit easier)
Extract the file you downloaded
Double-click on "purpledrake_osx"
Windows Instructions
Extract the file you downloaded
Double-click on "purpledrake_windows"
The application will guide you through all the steps you need.
You will still need to install SuperSU from the market after installing PurpleDrake. This pack does not include one.
If you choose to install the custom boot.img, your phone's root checker will not be tripped and your phone will show as UNROOTED.
After, be sure to check @autoprime's post for how to disable OTA upgrades! here : http://forum.xda-developers.com/showpost.php?p=54254111&postcount=2
Click to expand...
Click to collapse
But, what if I don't want to run your script to root?
Well then, I'd be a little hurt, but you can still do everything the script does manually.
Download the package, and extract it. Open a terminal in the main folder of the archive and run these commands:
Code:
adb reboot --bnr_recovery
adb push ./assets/start_restore /temp/start_restore
adb push ./assets/permaroot.bin /temp/start_restore
adb reboot
That will perma-root you, however there's no protection from doing something stupid or the phone being incompatible. Please be careful!
Click to expand...
Click to collapse
Where do I get this?
WINDOWS/OSX/LINUX VERSION OUT NOW!
- Fixed Windows support
- Fixed OSX ADB issues not detecting phone first try
- Fixed race conditions leading to errors permarooting
- Added 64-bit Linux ADB
Code:
[url]http://downloads.codefi.re/thecubed/lg_g3/purpledrake/PurpleDrake-TMO_R03.tar.gz[/url]
Old version here... (OSX/Linux only)
Code:
[url]http://downloads.codefi.re/thecubed/lg_g3/purpledrake/PurpleDrake-TMO_R01.tar.gz[/url]
Please DO NOT mirror or re-upload the PurpleDrake software to your own site, or any other file host.
If you need drivers for Windows (thanks @autoprime for having these handy!):
Verizon Drivers: http://downloads.codefi.re/autoprime/LG/LG_G3/LG VZW_United_WHQL_v2.14.1.exe
Everyone Else: http://downloads.codefi.re/autoprim...leDriver_S50MAN311AP22_ML_WHQL_Ver_3.11.3.exe
Click to expand...
Click to collapse
Help, it doesn't work!
Post here, let us know what happened and we'll try to help you. DO NOT private message us on XDA or on IRC asking for help. We will not assist privately.
Most questions if not answered here can be answered on #lg-g3 on IRC in Freenode.
Click to expand...
Click to collapse
Thanks so much! How can I show my appreciation?
Since this was a collaboration project, proceeds that are made from this root will be split between amongst us so we can purchase a Sprint test phone to root (as it's currently not rooted).
If you'd like to donate to us, click the "Donate to me" button on the left sidebar under my name, and be sure to enter a comment to let us know that you're donating towards the PurpleDrake project.
Thanks again!
Click to expand...
Click to collapse
FAQ:
Q: I'm running the Windows .bat as administrator and it's closing/not working.
A: There is no need to run the .bat as admin. Just double-click and run.
Q: I get the "Windows cannot find '.\assets\windows\bin\mintty.exe'." error.. watdo?
A: Try just double-clicking on the .bat instead of running as admin.
Also make sure the script is extracted properly first before running.
Q: I [used Flashify and] am stuck in fastboot.. how can I get out?
A: Be cautious using Flashify as it seems it's not working right.. or people are hitting the wrong buttons with it.
HERE are the stock TMO D851 partitions.
Use fastboot to flash recovery(TWRP or stock) and stock boot. This will install TWRP and fix booting into rom.
If on Windows you will need fastboot drivers. Use Google to find fastboot binaries and drivers.
Code:
fastboot flash boot boot.img
fastboot flash recovery recovery.img
fastboot reboot
The commands to flash TWRP manually instead of using flashify is below.
Place TWRP on the root of your internal /sdcard/ using MTP, downloading it directly to phone or using ADB push.
Code:
adb push name_of_file.img /sdcard/
adb shell
su
dd if=/sdcard/name_of_file.img of=/dev/block/platform/msm_sdcc.1/by-name/recovery
Disable OTA:
Open LG Hidden Menu (3845#*851#) --> WLAN Test --> OTA Setting --> OFF
*Replace "851" with your devices model number, 850, 852, 855 etc...
The first D851 update has been released (10M). Bootloader remained unlocked. It would appear future OTAs will be safe to take AS LONG AS YOUR PHONE IS NOT MODIFIED! If you have flashed TWRP or installed xposed or modified /system then you need to restore any changes made or flash stock firmware (tot/kdz) before taking OTA.
If using a non-tmobile g3 I would be hesitant about taking OTA updates. An OTA may update the boot stack to block Bump!
EFS Backup:
Code:
[FONT="Arial Narrow"][B]Backup EFS after jailbreaking your G3. EFS is split into 2 partitions modemst1 and modemst2.
img files will be on root of internal sdcard. Save the .img files somewhere else besides the sdcard... email, cloud, etc..[/B]
DO NOT FLASH OTHER PEOPLES EFS OR FLASH YOUR OWN BACKUPS ONTO ANOTHER PHONE.
THIS WILL BREAK EFS ON THE PHONE YOU ARE FLASHING TO. EFS BACKUPS ARE FOR THE PHONE THEY CAME FROM ONLY.
I have made a new thread on EFS backup and restore which can be found [URL="http://forum.xda-developers.com/lg-g3/development/efs-lg-g3-efs-backup-restore-t2907329"]HERE[/URL].
[/HIDE]
[B][SIZE="5"]Restoring Stock / Remove root flag:[/SIZE][/B]
[HIDE]
Download the tmo .tot file and use lg flash to restore it to stock. itll format everything on internal sdcard so backup anything u may need off it.
T-Mobile firmware can be found [URL="http://downloads.codefi.re/wolfgart/LG_G3/D851"]here[/URL]. Thanks to [user=608699]@wolfgart[/user] for the files and [user=1157052]@thecubed[/user] for codefire hosting.
*Step by step picture guide - [url]http://imgur.com/W83hMPE[/url]
install the drivers.
put phone into Download Mode (power off. unplug USB. pull battery. put battery back in. press/hold Volume Up then plug in USB cable.)
In Windows Device Manager set the phones serial COM port to #41. (*see picture guide for help)
Install [URL="http://downloads.codefi.re/autoprime/LG/LG_G3/Setup_LGFlashTool_1.8.6.527.zip"][B]LG Flash[/B][/URL]. In "C:\LG\LG Flash" folder delete megalock dll. Replace with .dll below.
new megalock dll - [url]http://bit.ly/1cQADXm[/url] (this site includes a "download manager.. UNCHECK THE BOX before downloading dll file.)
Run LG Flash in the "C:\LG\LG Flash" folder. Select korean factory if asked.
When LG Flash opens you will see a box to select firmware and dll.
Select [URL="http://downloads.codefi.re/autoprime/LG/LG_G3/LGUP_8974.dll"][B]LG Flash .dll[/B][/URL]
Select (.tot)
Hit OK (*see picture guide for help)
Hit yellow start button. If you get Milkyway error click ok. LG Flash will then run a crc check on the tot file. Takes a bit.
After crc check finishes unplug the phone. plug phone back in. it should now be seen in LG Flash and start flashing.
Phone will reboot when finished. You may end up on a screen with s "2"... let it sit there for a minute or two.
If stuck on "2" try unplugging the usb cable from the phone.. wait 10 seconds.. then plug the usb cable back in. now wait 30 seconds and hopefully it changes to a "3"
Once the phone says "3" you can unplug the USB.. remove the battery and plug back in.. boot back up... you are now 100% stock.
[/HIDE]
[B][SIZE="5"]PurpleDrake YouTube Videos:[/SIZE][/B]
[HIDE]
[url]https://www.youtube.com/watch?v=wJtz51KgxjM[/url]
[/HIDE]
And where is the bootloader unlock talked about at the bounty thread or was it just a hoax?
Gesendet von meinem LG-D855
Tectas said:
And where is the bootloader unlock talked about at the bounty thread or was it just a hoax?
Gesendet von meinem LG-D855
Click to expand...
Click to collapse
Hoax? What?
This pack is ONLY for the T-Mobile G3 which has an unlocked bootloader out of the box.
D855 support is NOT included in here. There will be a separate thread when we have an unlock for the bootloaders of the rest of the G3 family.
Tectas said:
And where is the bootloader unlock talked about at the bounty thread or was it just a hoax?
Gesendet von meinem LG-D855
Click to expand...
Click to collapse
There is no boot loader unlock..where ever you read this is misinformed...the T-Mobile variant ships boot loader unlocked, it is the only one so far to be shipping unlocked.
Sweet
thecubed said:
Hoax? What?
This pack is ONLY for the T-Mobile G3 which has an unlocked bootloader out of the box.
D855 support is NOT included in here. There will be a separate thread when we have an unlock for the bootloaders of the rest of the G3 family.
Click to expand...
Click to collapse
I'm aware of that and sry it wasn't meant offensive or to put this one down, autoprime, did imply at the bounty thread, that you as well managed to unlock the bootloader, at least at the beginning, that's what I'm referring to, sry that i said it the wrong way, was a bit disappointed, which for sure isn't your fault or the one of this tool, it's still great progress you made.
Gesendet von meinem LG-D855
I wish the international G3 D855 will be unlocked too
Sent from my LG-D855 using XDA Premium 4 mobile app
Great glad to see this released thank to all that is involved
LGG3 and beyond
All my family is sleep in the room with my Mac will be running asap bright and early. Thank you for your hardwork
Thecubed, autoprime, shelnutt2, jcase, and whoever else....thanks for this. Truly appreciated! Can't wait for Windows support. :Cheers:
Sent from my LG-D851 using XDA Premium 4 mobile app
Plans to support recovery for D855 in the near future?
Need to know to sell or not the G3 ?
What the hell software compatible with a mac that's a 1st whoop whoop well done guys and thanks for the hard work
Yeah great time to be a Mac owner
I have a feeling this treads about to turn in to a "when will this version be supported" topic :/
LGG3 and beyond
Success!
1. THANK YOU!
2. It didn't work the first time around, temproot worked but permaroot did not. Maybe it had to do with the fact that I was reading this forum while it was waiting for my input... I can't see how that would have made a difference but whatever. [[ Edit: It worked the second time running, I just followed the instructions immediately - no problems. /Edit ]]
3. Just a reminder for Linux users ... you have to add udev rules as described here: http://developer.android.com/tools/device.html ... and when you are done with that, also run:
$ sudo service udev restart; sudo killall -9 adb
4. My G3 would only connect to my laptop (Ubuntu 14.04) when it was in PTP mode. MTP or Charge Only did _NOT_ work... Only PTP.
5. THANK YOU AGAIN! You devs rock!
Frank.
Same as the guy above didn't work the first time but worked perfect the second! OSX here.
@ OP
http://forum.xda-developers.com/lg-g3/general/s-carrier-specific-g3-threads-t2818549
I keep getting no such file or directory, going to re download drivers and see
@thecuba not telling you what to do but maybe put this on T-Mobile thread as well http://forum.xda-developers.com/tmobile-lg-g3/development
Hope you don't take it the wrong way
This is a discussion lifted from [Kernel] TRIM: Speeding up the Galaxy S2 Epic 4G Touch d710, as it is not really relevant in that thread.
Dudebowski said:
heimdall shell scripts for backup and repartition worked as expected. Thank you once again, Lanchon, very straightforward.
CWM backup to removable SD, backup internal storage contents to removable sd, remove the removable SD, adb reboot recovery, run backup script, run repartition script, reboot recovery, format every partition, power down, insert sdcard again, restore CWM backup, run lanchon's recovery trim zip.
[attached lanchon's trim/FPbug kernel, and recovery trimmer. note you'll have to mount all the partitions you wish to trim before executing the zip]
However great that was... I went of the beaten trail and tried reformatting my internal storage space (sdcard0) as ext4. Didn't know CWM had added that option... anyhow, it seems I have some permissions issue with the internal storage space now, can't write to it at all. What did I do wrong?
/storage/sdcard0 rwx rwx --x root:sdcard_r
Click to expand...
Click to collapse
I've been trying all morning, but I can't get Heimdall to see my phone. It never shows up in zadig.exe as "Samsung ..." instead my phone shows up as "Gadget Serial Control" and "Gadget Serial". I can not replace the driver for "Gadget Serial Control". I replaced it for "Gadget Serial", but Heimdall still could not talk to my phone. I tried all 3 different driver options. none of them worked. So far I've tried it on my 2 workstation both with windows 8.1. I am going to try to find a Windows 7 PC later and give it another go.
Kjricker said:
This is a discussion lifted from [Kernel] TRIM: Speeding up the Galaxy S2 Epic 4G Touch d710, as it is not really relevant in that thread.
I've been trying all morning, but I can't get Heimdall to see my phone. It never shows up in zadig.exe as "Samsung ..." instead my phone shows up as "Gadget Serial Control" and "Gadget Serial". I can not replace the driver for "Gadget Serial Control". I replaced it for "Gadget Serial", but Heimdall still could not talk to my phone. I tried all 3 different driver options. none of them worked. So far I've tried it on my 2 workstation both with windows 8.1. I am going to try to find a Windows 7 PC later and give it another go.
Click to expand...
Click to collapse
just use linux! a live pendrive would be enough
linux mint cinnamon 64
or simply ubuntu
to install heimdall type this:
sudo apt-get install heimdall-flash
Lanchon said:
just use linux! a live pendrive would be enough
linux mint cinnamon 64
or simply ubuntu
to install heimdall type this:
sudo apt-get install heimdall-flash
Click to expand...
Click to collapse
I thought about that as well. Easier to do that then find a Windows 7 PC for me
It'll have to wait until tonight though. I put off work too long today. I'll report back once I give that a go tonight.
A few suggestions for Windoze compatibility:
Latest Samsung ADB drivers + installer (works in W8.1, and without keeze or whatever that sammy bloatware is)
http://www.modaco.com/topic/361286-...ver-for-mobile-phones-15490-drivers-win-87xp/
Google's official Android USB driver (says it's only for nexus devices, but I've found it has worked for sammy gear too.)
https://developer.android.com/sdk/win-usb.html
Before installing those, you might want to remove the drivers for whatever devices listed as: adb interface, serial modem, gadget, samsung mobile devices. Anything that suddenly shows up when you plug the phone into the PC.
Do this from device manager (winkey+r, devmgmt.msc) and click 'View -> Show Hidden Devices' to see hardware that's not currently active / plugged in. Right click on treelist entry, 'uninstall'
when installing the new drivers, make sure the phone is NOT plugged into the PC. Once installed, reboot, then plug your phone back in. Whatever drivers necessary for connectivity should be activated now.
Neither of those drivers worked for me either. My phone always comes up in the device manager as modem or gadget. With either gadget serial driver or modem driver. The Google driver installed, but never got used.
Time to switch to a Linux live and give it a try.
Kjricker said:
Neither of those drivers worked for me either. My phone always comes up in the device manager as modem or gadget. With either gadget serial driver or modem driver. The Google driver installed, but never got used.
Time to switch to a Linux live and give it a try.
Click to expand...
Click to collapse
I don't think it is in the cards for me. In Linux Mint I also did not get it to work properly. I got initialization errors. I got it to download the current pit once. Then I tried to repartition with the new pit and I kept getting initialization errors. It would not work any more, not even download the current pit again. I tried different cables and usb ports. SIGH.
Kjricker said:
I don't think it is in the cards for me. In Linux Mint I also did not get it to work properly. I got initialization errors. I got it to download the current pit once. Then I tried to repartition with the new pit and I kept getting initialization errors. It would not work any more, not even download the current pit again. I tried different cables and usb ports. SIGH.
Click to expand...
Click to collapse
its ok. every time u use heimdall you need to restart the phone in download mode again. --no-reboot does not mean the phone keeps listening to commands. this is samsung after all
Lanchon said:
its ok. every time u use heimdall you need to restart the phone in download mode again. --no-reboot does not mean the phone keeps listening to commands. this is samsung after all
Click to expand...
Click to collapse
You gotta be kidding....Each time a Heimdall command is run, the phone needs to be restarted back into download mode. How crazy. I'll try again tomorrow then. I made an Ubuntu live flash drive now. I thought maybe I'd have better luck with it. Once again, thanks for the help.
Kjricker said:
You gotta be kidding....Each time a Heimdall command is run, the phone needs to be restarted back into download mode. How crazy. I'll try again tomorrow then. I made an Ubuntu live flash drive now. I thought maybe I'd have better luck with it. Once again, thanks for the help.
Click to expand...
Click to collapse
lol
Lanchon said:
lol
Click to expand...
Click to collapse
Success!
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
I ended up using Mint Linux 32bit installed and ran from a USB flash drive. Ubuntu was awful. I haven't used an Ubuntu live distro of it in a while, and I did not care for it. Neither version of Linux I used had proper drivers for my Nvidia 750TI, but at least with Mint I had a full desktop. With Ubuntu it was like working on and old win95 PC with a resolution of 640x480. YUCK!
Before starting this journey, you should already have your phone running CM11 with a current recovery.
Here are my complete steps.
Get files for install after partitioning
Download CM11 nightly, GAPPS, Lanchon's kernel with TRIM (optional), Lanchon's sensor fix v2 and FL24 modem.
Place the above files on the phone's external SD card. Unmount and eject the card.
Get files for partitioning
Download partition files and scripts provided by Lanchon:
http://forum.xda-developers.com/showpost.php?p=58317191&postcount=83
Unzip the file.
Prep live Linux usb drive
Download Linux Mint Cinnamon 32bit no codecs:
http://www.linuxmint.com/edition.php?id=175
Install Mint Linux onto flash drive using rufus-1.4.12:
https://rufus.akeo.ie/downloads/rufus-1.4.12.exe
Prep repartition files and scripts
Boot PC from usb flash drive into Linux Mint.
Place phone into download mode by turning the phone off. Then press power and volume down. When the warning screen comes on, press volume up to continue into download mode.
Plug phone into PC.
In Linux Mint navigate to the folder where you unzipped the partition files and scripts you downloaded earlier. Copy all the files to the Mint "Download" folder. Select the .sh files and right click them and choose properties. Check the box labeled "Allow executing file as a program." I also set both Group and Others access to "Read and Write". Then select the rest of the files and change their permissions as well. I just changed them all to "Read and Write". I do not know if this step is necessary or not, but it is what I did. Why copy the files to the Mint "Download" folder you ask. Well because I could not change their properties where I had originally saved them. That's why.
Next right click on the above "Download" folder and choose open in terminal. Now you should have a terminal window open at the locations of those files. You can verify it by typing in "ls". You should see a list of the files.
Install Heimdall
In the terminal window install Heimdall, the command is:
Code:
sudo apt-get install heimdall-flash
If you are not sure whether your device is connected, the command:
Code:
heimdall detect
should return Device detected.
Download you current pit
At the terminal prompt type:
Code:
sudo ./download-current-pit.sh
If all goes well you should get 2 new files in the Downloads folder:
downloaded.pit
downloaded.pit.txtIf the downloaded.pit file is 0kb, then something has gone wrong. Don't move forward. Time to figure out what went wrong. If the file is around 4kb, then compare "downloaded.pit.txt" to "d710-stock.pit.txt". If they match, move forward. Otherwise proceed at your own risk.
Repartition Phone
Due to weirdness I don't understand, each time a Heimdall command is done you need to restart the phone in download mode. Since you just downloaded your current pit, you executed a Heimdall command. So turn off the phone. Then restart it in download mode again. No need to unplug the phone from the PC while you do this.
Now , with the phone in download mode again execute the following command in the terminal window:
Code:
sudo ./repartition-now.sh
* This script uses the d710-1GBsys-6GBdata-7.3GBsdcard-8MBpreload.pit file. If you want to use one of the others that were provided, you either do the command manually or edit the .sh file accordingly.
You should see a few lines go by in terminal showing the result and then instructions on what to do next. Following is what I did.
Reinstall CM11
Unplug phone from PC and reboot into recovery. I had a little panic here as it seemed my phone did not want to boot into recovery. I had not unplugged my phone from the PC. Once I unplugged it from the PC I could restart into recovery just fine. I believe the sequence is, turn off the phone, then press power and volume up at the same time.
Once in recovery, follow the instructions from the .sh file listed in the terminal window. Go to "mounts and storage", then format the /system, /cache, /data (as vfat) and /storage/sdcard0. You can try to format /preload, but I always get an error when trying to format that.
Now, insert SD card with the CM11 files you downloaded at the start. Flash the .zips
FL24.zip
cm-11-20150118-NIGHTLY-d710.zip
gapps-kk-20140105-signed.zip
sensor-fix-v2-d710.zip
kernel-Lanchon-TRIM-FPBug-20150113-cm-11-20150111-NIGHTLY-d710.zip (optional)
Reboot the phone and complete the CM11 setup process. If you installed the TRIM kernel listed above, then you may want to run the trim commands. Open the terminal app on your phone and enter the following:
Code:
su -c "fstrim -v /system; fstrim -v /data; fstrim -v /cache; fstrim -v /preload"
Congratulate yourself and then move on with your life.
gald u made it!!!
couple of comments...
you can use bash xxx.sh to run a script that doesnt have execute permissions.
before partitioning, you should compare the downloaded.pit.txt with the stock pit.txt (bundled in zip) and if there's any difference, abort the process!! IMHO anyway.
Lanchon said:
gald u made it!!!
couple of comments...
you can use bash xxx.sh to run a script that doesnt have execute permissions.
before partitioning, you should compare the downloaded.pit.txt with the stock pit.txt (bundled in zip) and if there's any difference, abort the process!! IMHO anyway.
Click to expand...
Click to collapse
Ah okay. I didn't know about bash. So the command then would be "bash xxxx.sh"? So I can remove all the steps about changing the permissions?
I agree about comparing the pit files. I guess I didn't make that clear enough. I'll fix that.
Kjricker said:
Ah okay. I didn't know about bash. So the command then would be "bash xxxx.sh"? So I can remove all the steps about changing the permissions?
I agree about comparing the pit files. I guess I didn't make that clear enough. I'll fix that.
Click to expand...
Click to collapse
sudo bash xxx in this case, but leave it as it is! same thing
Lanchon said:
sudo bash xxx in this case, but leave it as it is! same thing
Click to expand...
Click to collapse
Okay awesome. I added the bit about comparing the 2 files.
Thank you so much for all your help. I laughed, I cried, I learned.
Kjricker said:
Okay awesome. I added the bit about comparing the 2 files.
Thank you so much for all your help. I laughed, I cried, I learned.
Click to expand...
Click to collapse
Thank you thank you, Lanchon and Kjricker! Worked for me! You have my eternal gratitude!
Here are a few observations for any one who is hesitant to try this, especially those who are unfamiliar with Linux:
Linux is the way to go. Follow the instructions. But not every Linux distro works. I have a netbook running a two year-old version of Lubuntu. That didn't work. I flashed the LInux Mint distro in Kjricker's post to a 2gb USB drive and booted into it from the netbook.
From Linux Mint home screen, connect to your network (Ethernet or wireless).
From the Toolbar on the bottom of the screen, select File Manager. Locate on your PC where you copied Lanchon's files, select them in File Manager; and from the right-click menu copy those files to the Downloads folder.
From the Menu, open the Terminal application and install Heimdall (the command is: sudo apt-get install heimdall-flash). (I wasn't sure if Heimdall was already included in Linux Mint so I did it anyway.)
Change to the Downloads directory (the command is cd /home/mint/Downloads).
Now put your phone in Download mode and plug it into the PC.
If you are not sure whether your device is connected, the command heimdall detect should return Device detected.
Ahh yes you must install Heimdall. I'll add that.
Sent from my SM-T700 using Tapatalk
Recently I restored a nandroid backup of Mokee 8-Nov-2014 release. I had made this backup prior to repartitioning. Then I updated the apps and data etc.. After verifying that my phone was running fine, I booted into recovery to do a new nandroid backup.
The backup failed, with a message "couldn't mount /preload". It's been reported in this thread, after partitioning, format of /preload failed.
Still in recovery, I formatted and mounted /preload. Rebooted the system (Mokee, that is) to make sure everything was working. (It was.)
Then I booted into recovery and made a successful nandroid backup.
LG Pro Lite D680
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Boot On Charge
Non-generic feature for commercial purposes
URGENT NEED! - WILL DONATE
What we need:
I am looking for an urgent solution to boot-on-charge LG D680 cell phone, I am asking for help to developers who have experience on this area. The subject is related to unlock the bootlaoder, fastboot and custom rom. I understand the task is not simple, I am looking forward to donate whoever hacks the non generic feature.
What we do:
We provide video service through LG D680 cell phone (Also known as LG Pro Lite D680), the phone has 3G connection and is plugged to the power supply when is working.
Problem:
Most of the day the phone is plugged and working properly, however when the weekend comes the cell phone is unplugged and the energy is completely consumed. Currently, when the power is back to the cell phone we need to start the cell phone MANUALLY by pressing the power on button.
Goal:
We need the phone to be booted into the OS automatically when is plugged into the power USB cable (the phone initial status is powered off).
Possible Solutions / Alternatives:
Unlock the bootloader and run fastboot command fastboot oem off-mode-charge 0.
Continue our research, based on the steps described below (see LG D680 experience)
Replace charge animation with boot file command /system/bin/reboot (see Huawei experience below replacing ipod file).
Finding a custom ROM that already contains a Boot on Charge behaviour.
Finding a custom ROM that at least has “Power On Schedule” feature (AOSP certificate permissions level).
Finding a generic Android vestion with “Power On Schedule”.
Cellphone specifications:
PLATFORM
OS - Android OS, v4.1.2 (Jelly Bean), upgradаble to v4.4.2 (KitKat)
Chipset - Mediatek MT6577
CPU - Dual-core 1 GHz Cortex-A9
GPU - PowerVR SGX531
Previous work and research:
We did this "boot on charge" research in two types of cell phones. One is HUAWEI G730 and the other is LG D680. Fortunately, it worked fine in G730, but we haven’t the same results up to now on LG D680.
In Huawei G730, we replaced charging animation located at /system/bin/ipod with an ipod file containing “/system/bin/reboot” and worked like charm!
LG D680, we could not find the animation file, but we found that it might be inside the boot image. We did some research in order to modify it, but we got blocked (someone might continue our steps if useful).
HUAWEI G730 Extended Procedure:
Since this phone has a Mediatek chipset, the “battery animation” app is running on /system/bin folder. Is running with the filename ipod. The main task is to exchange ipod content (which is originally binary) to an ipod file with this content: /system/bin/reboot.
So, create a brand new file called ipod, and wrote the line in there. We transferred the file to the phone via adb push, as shown in next steps below.
Copy procedure: So, we set our phone to USB Debugging Mode, then we connected it to the PC, and run the following script:
adb shell mkdir /storage/sdcard0/carga/ (We created a folder to store files being pushed from the PC to the phone)
adb push ipod /storage/sdcard0/carga/ (We are pushing the file to the storage folder within the phone)
adb shell "su -c 'mount -o rw,remount -t ext4 /dev/block/mmcblk0p5 /system'" (This step is very important, here we remount the /system folder with read-write permissions. Only doing this we will be able to copy programmatically the “hacked” file ipod to /system/app. Look out that we used mmcblk0p5 because the system folder is mapped there in this phone. You can check this running cat /proc/dumchar_info)
adb shell "su -c 'chattr -i /system/bin/ipod'" (doing this we took out immutability to the original file ipod)
adb shell "su -c 'cp /system/bin/ipod /storage/sdcard0/carga/ipod.old'" (just creating a backup file from the original ipod)
adb shell "su -c 'rm /system/bin/ipod'" (here we are removing original ipod file)
adb shell "su -c 'cp /storage/sdcard0/carga/ipod /system/bin/'" (now we copy the new file ipod to the destination folder)
adb shell "su -c 'chmod 755 /system/bin/ipod'" (change the permission ro rwx-rx-rx)
adb shell "su -c 'mount -o ro,remount -t ext4 /dev/block/mmcblk0p5 /system'" (we remount the /system folder with read-only permissions)
adb shell "su -c 'reboot'" (Finally we reboot the phone)
RESULT: Whenever you plug in the phone to the charger when it is off, it will try to boot on the battery animation, but instead, it will be redirected to a “reboot” command, which in turn will be redirecting execution to the O.S.
LG D680 Procedure:
We found that this phone also has a Mediatek chipset. Moreover, it also has a file called ipod within /system/bin. But in this case, the bootloader image doesn’t call ipod whenever it displays the battery animation. So we had to check where is mapped the boot image on the phone by executing adb shell "cat /proc/dumchar_info". As the picture shows, the boot image (bootimg) is mapped in /dev/block/mmcblk0, from offset 0x1200000, and with size 0x900000.
We tried the following steps, in order to test if we were able to download / upload booting without bricking the phone:
We copy bootimg partition to boot.img by doing adb shell "su -c dd if=/dev/block/mmcblk0 of=/storage/sdcard0/boot.img bs=1024 skip=18432 count=9216’. (Skip and Count are measured on KBytes, and those values are offset and size translated from hexa to dec).
Then we did the inverse operation by executing: adb shell "su -c dd if=/storage/sdcard0/boot.img of=/dev/block/mmcblk0 bs=1024 seek=18432”
RESULT: The phone WASN’T bricked, and reboot normally (obviously without any change on bootimg).
Because these steps worked, we went even further, this time by unpacking and repacking boot.img file. The steps done were:
Same as (b)
We pulled boot.img file from the phone to a folder within the PC, and then we unpacked the image with bootimg.exe as the picture shows below. One interesting fact is that the pulled file sized almost 9MB.
Then we repacked it without any change inside the image, as the picture shows below. The “repacked” image is now on file “boot-new.img”, but its size is almost 7.4MB. We don’t know why we have this difference.
Same as step (ii) on (b).
RESULT: The phone resulted in a SECURITY_ERROR. It is weird because we didn’t change anything. We didn’t tried further since we are not able to unpack-repack the same image, and loading it successfully.
Edited: The security error can be avoided please follow the just below instructions.
Avoid Security Error:
In order to avoid the security error above mentioned, you need to edit the default.prop file (located at /bootimg/initrd)
Change the value from 1 to 0.
FastBoot Note LG:
Fastboot is a solution performing these commands, the problem is that the bootloader is locked for these operations on the generic vesion:
fastboot oem unlock
fastboot oem off-mode-charge 0
fastboot oem lock
fastboot reboot
The command "adb reboot bootloader" does not enter on fastboot upon reboot. There seems to be an opened option while booting on "Download Mode". What I did find out is that when you go into "Download Mode" a new ADB Device is detected on my computer however no driver matched the device. I assume fastboot could be avilable on Download Mode. I have been suggested by romulocarlos to Install the drivers on LG's website however did not work out.
Files:
For making the tests your will need the system.img, boot.img images files. If you brick your phone and want to un-brick the phone please follow this guide [Guide] LG G PRO LITE- Unroot/Unbrick - flash official factory firmware. Currently we are using this kdz image.
Forum:
G Pro Lite D680 Android Development at Android General.
XDA considered the case and opened a new forum for the phone. Thanks very much laufersteppenwolf (aka Wolf), MikeChannon (forum moderator) and svetius.
Conclusion:
We have reached this spot and need help from more advanced hackers. As you guys can see, we have been working hard to trying to hack the boot-on-charge feature on the D680 however has not been yet possible. There is no precedent on this phone on custom CWM & TWRP and custom roms yet therefore the is no out of the box solution as on many other phones (i.e. cyanogen list). We have also tried XDA University practices with no results.
I am ready to donate whoever would help us in solving this problem, its an urgent matter that needs to be solved as soon as possible. I will reward a developer by making a donation.
Appreciate very much the help in advance and reading.
Best,
Jose
Well, it's not that easy without having the actual device, but it'd help quite a bit if you could upload a system dump as well as the boot.img
laufersteppenwolf said:
Well, it's not that easy without having the actual device, but it'd help quite a bit if you could upload a system dump as well as the boot.img
Click to expand...
Click to collapse
Hi laufersteppenwolf,
Congratulations for your achievements and career, amazing.
I am hereby sharing two link resoruces to download what you have asked for, system.html containing the system.img and boot.html containing boot.img. Please let me know if you have problems downloading.
I understand the side effects of not having the cellphone by your side, hope we can mitigate it with the image files you are asking. As extended solution I can open a vnc session or whatever remote tool you can consider.
Thanks so much for the answer and support.
Best,
Jose
JoseVigil said:
Hi laufersteppenwolf,
Congratulations for your achievements and career, amazing.
I am hereby sharing two link resoruces to download what you have asked for, system.html containing the system.img and boot.html containing boot.img. Please let me know if you have problems downloading.
I understand the side effects of not having the cellphone by your side, hope we can mitigate it with the image files you are asking. As extended solution I can open a vnc session or whatever remote tool you can consider.
Thanks so much for the answer and support.
Best,
Jose
Click to expand...
Click to collapse
I am DL'ing the files now, but please use another hoster, as 4shared is not allowed on XDA
laufersteppenwolf said:
I am DL'ing the files now, but please use another hoster, as 4shared is not allowed on XDA
Click to expand...
Click to collapse
Hi laufersteppenwolf,
Thanks for clarifying, I was not aware 4shared was not allowed. I am changing the hosting and updating the link.
Cheers,
Jose
Alright, what I have done so far is I have unpacked the boot image and the ramdisk, edited the ramdisk so it shoud execute /system/bin/reboot when the phone boots because of the charger. Then I repacked both and signed the boot.img again so the bootloader would accept it.
The result, however, is a bootloop. I am just not yet sure whether it is caused by a "false alarm" (the ramdisk always thinking the phone is being booted because of a plugged in charger) or caused by either the bootloader or other low-level security checks. But I also doubt that, as the bootloader seems to accept the repacked image (doesn't show the security error screen).
But I currently do not have any logs, which is why all this is wild guessing. So the highest priority now is to get some proper logs so I know what's going on
laufersteppenwolf said:
Alright, what I have done so far is I have unpacked the boot image and the ramdisk, edited the ramdisk so it shoud execute /system/bin/reboot when the phone boots because of the charger. Then I repacked both and signed the boot.img again so the bootloader would accept it.
The result, however, is a bootloop. I am just not yet sure whether it is caused by a "false alarm" (the ramdisk always thinking the phone is being booted because of a plugged in charger) or caused by either the bootloader or other low-level security checks. But I also doubt that, as the bootloader seems to accept the repacked image (doesn't show the security error screen).
But I currently do not have any logs, which is why all this is wild guessing. So the highest priority now is to get some proper logs so I know what's going on
Click to expand...
Click to collapse
Hi Wolf,
Great advance! Keep the great work up .
I have made some modifications on the original post. Yes you are right, the bootloader friendly accepts the original image and we have figured out the security error. We have found on our end that you need to edit the default.prop file (located at /bootimg/initrd) and set ro.secure to value 0. I also added the files to the post (yet to change the server origin on the boot.image though), added the kdz image to unbrick. Also appended the new forum for the phone.
I appreciate that you have favored to create the forum for the G Pro Lite D680 Android Development. Its great that we can help the community with our achievements.
Best,
Jose
JoseVigil said:
Hi Wolf,
Great advance! Keep the great work up .
I have made some modifications on the original post. Yes you are right, the bootloader friendly accepts the original image and we have figured out the security error. We have found on our end that you need to edit the default.prop file (located at /bootimg/initrd) and set ro.secure to value 0. I also added the files to the post (yet to change the server origin on the boot.image though), added the kdz image to unbrick. Also appended the new forum for the phone.
I appreciate that you have favored to create the forum for the G Pro Lite D680 Android Development. Its great that we can help the community with our achievements.
Best,
Jose
Click to expand...
Click to collapse
ro.secure doesn't trigger the security checks, this prop is only for other things like adb on early boot, enabling adb remount, adb as root by default,...
I also set ro.secure to 0 in the builds I sent you, so that's not the cause of the issue
@JoseVigil
I have some pretty good news The phone now does exactly what you want it to do, as soon as you plug in the charger, the phone boots into offline charging mode, but then directly reboots again into the normal system.
The reboot is not that nice, but it's by far the easiest, as well as safest, way to do it.
Turns out, LG did a pretty sloppy job, giving me adb access to the device when in offline charging mode, giving me the chance to read which process is running and patching the binary to run my hack before actually executing the binary. And that's it. A few lines of bash code and you're good to go
Now my question, do you want me to write a tiny script to do all the work patching the system, or shall I just explain what to do?
laufersteppenwolf said:
@JoseVigil
I have some pretty good news The phone now does exactly what you want it to do, as soon as you plug in the charger, the phone boots into offline charging mode, but then directly reboots again into the normal system.
The reboot is not that nice, but it's by far the easiest, as well as safest, way to do it.
Turns out, LG did a pretty sloppy job, giving me adb access to the device when in offline charging mode, giving me the chance to read which process is running and patching the binary to run my hack before actually executing the binary. And that's it. A few lines of bash code and you're good to go
Now my question, do you want me to write a tiny script to do all the work patching the system, or shall I just explain what to do?
Click to expand...
Click to collapse
You are the man Wolf!
Its great that you have been able to find a workaround.
Yes, ideally both. I would appreciate if you can write the script so we can run it on our rooted phones pragmatically and a brief description of what it does (comprehensive from reading the script too) with implementation steps to reproduce too.
With the script I will do the proper test on my end and provide you feedback in case we have an issue. I will place the donation the coming week early on right after the test, I will be pleased that you get your reaward .
Once that, I think It would be pertinent though that we can expose how far we have reached with our research. If you agree, we can set the ground for someone (either me or you or anyone) to get a bootable customized boot image and unlock the door for CM.
I would love to see this running on CM. But I also know we have to be realistic, as you mentioned, this could be a hell of a work to have a working custom recovery, the device tree and blobs with kernel (almost XDA University I have not been able to deal with too).
It has been a lot of fun and a pleasure to know you and interact with you. I hope this is our first experience.
Thanks very much for the great work.
Best,
Jose
JoseVigil said:
You are the man Wolf!
Its great that you have been able to find a workaround.
Yes, ideally both. I would appreciate if you can write the script so we can run it on our rooted phones pragmatically and a brief description of what it does (comprehensive from reading the script too) with implementation steps to reproduce too.
With the script I will do the proper test on my end and provide you feedback in case we have an issue. I will place the donation the coming week early on right after the test, I will be pleased that you get your reaward .
Once that, I think It would be pertinent though that we can expose how far we have reached with our research. If you agree, we can set the ground for someone (either me or you or anyone) to get a bootable customized boot image and unlock the door for CM.
I would love to see this running on CM. But I also know we have to be realistic, as you mentioned, this could be a hell of a work to have a working custom recovery, the device tree and blobs with kernel (almost XDA University I have not been able to deal with too).
It has been a lot of fun and a pleasure to know you and interact with you. I hope this is our first experience.
Thanks very much for the great work.
Best,
Jose
Click to expand...
Click to collapse
Alright, in the attachment I have uploaded the script, including all needed files in order to execute it. The script will also tell you what it's about to do before doing it, so in case you run into issues, you know where to look into
So, what the installer script is going to do:
It will first of all push a script temporarily to the internal sdcard, then it will back up /system/bin/rtcd to /system/bin/rtcd_original, as we need to execute it later again. Next it will copy the script over from the sdcard to /system/bin/rtcd, replacing the original binary (and setting the correct permissions to both modified files). As the last step it will delete the temp file from the sdcard again.
That's all the installer script does.
The actual "magic" is inside the script being pushed to /system. It gets executed before starting chargemon and reads out the devices boot mode. If the boot mode is charger, it executes /system/bin/reboot. Otherwise it executes the original binary in /system/bin/rtcd_original.
And that's about it As simple as it could only be
Regarding further development, up until now, every device I own received a werewolf kernel, and I'm not planning on making an exception for this phone
I will definitely keep on looking into it, though it will not be as high on my priorities list as this workaround was
I will most likely open a new thread in the next couple of days, stating my findings regarding the phone/boot image/bootloader.
@JoseVigil @laufersteppenwolf
I'm New In Rom Developing . But I Think This Can Help You To Find Security Checks
I need lg g pro lite dual d686 custom twrp recovery i cant find anywhere plz provide working recovery link for d686 as iam new it seems custom recovery for specific d686 dosnt exits so share tested link for d686
Sent from my LG-D686 using xda Forums PRO
Hello I need boot on charge on my LG E460 with MTK. I done ipod change, rctd replace from laufersteppenwolf file without results. I can't went into fastboot mode of course to set oem mode charge for 0
Phone have root, bootloader unlock, busybox and supersu. Any suggestions?
Maxjimme said:
I need lg g pro lite dual d686 custom twrp recovery i cant find anywhere plz provide working recovery link for d686 as iam new it seems custom recovery for specific d686 dosnt exits so share tested link for d686
Sent from my LG-D686 using xda Forums PRO
Click to expand...
Click to collapse
TWRP RECOVERY
http://forum.xda-developers.com/optimus-g-pro/d680-development/d686-unsecured-boot-img-twrp-2-8-7-x-t3163144
Same Problem here with LG E460. Is there a solution for fastboot mode with this device?
hi, do you think this script could work on a LG G Pro 2 ?
hi guys, any chance i could get this working on a chinese mediatek device running kitkat 4.4.2 ??
I found some firmware files for the Asus Zenpad Z8 ZT581KL for Verizon. Neither Asus or Verizon host any firmware for this device, despite having other similar device firmware available (like the ZT500KL, etc), which sucks.
VZW_ZT581KL_V3.4.16_all_user_M101901_16.0.0_160519.zip
ASUS Factory VZW_ZT581KL_V5.4.1_all_user_M101901_16.0.0_170202 androidhost.ru.zip
ZT581KL_T3.3.8_pre_burn_image_20160516.zip
ZT581KL_Z581KL_EMERGENCY_DLOAD.7z
ZT581KL_FUSE_Security_Keybox_160728.rar
Z581KL_initrd_diff.zip
ASUS.Flash.Tool.v1.0.0.45.zip
Running a stock, factory reset device, I was able to flash VZW_ZT581KL_V3.4.16_all_user_M101901_16.0.0_160519.zip using Asus Flash Tool 1.0.0.45, which successfully downgraded Tablet from V3.4.23 to V3.4.16.
I tried flashing ZT581KL_T3.3.8_pre_burn_image_20160516.zip but it did not work and error-ed out with no brick or anything. Usually the firmware is in a .raw format so you can flash either via zip file which has raw file in root folder of archive, or via the raw file itself. I tried both and was not successful. For some reason this archive had a .bin file instead of a .raw file. I tried renaming them but still didn't work. However, I was able to extract the .bin to find the firmware files inside just like the other version firmwares (that were in raw). One thing I have not tried yet, is to try manually flashing the individual firmware files from the extracted bin, and see if that works--or if someone else with this tablet wants to try, here are the files. If successful, it might lower kernel version down more to allow root exploits to root device.
I have not tried flashing V5.4.1, but I'm confident it will work. I do not know if via the Asus Flash Tool/Asus Tablet will allow doing a flash to V5.4.1 and downgrade back down to V3.4.16, but just did V.3.4.23 (stock orig fw already on device) to V.3.4.16 and it worked. I did receive an OTA to upgrade to V3.4.18 (or was it V.3.4.21, I can't remember) and took the upgrade (then flashed back to V.3.4.16), so it appears that when doing an OTA it will "leap-frog" to the next higher version release until you are on the newest build, so the first OTA you get won't do a direct upgrade from V3.4.16- to V5.4.1 or V5.4.5, but will upgrade it in an incremental way, via the next higher version release.
Hopefully someone can try to root their tablet if any of these files are of any help. I might work up courage to try 3.38 again via manual fastboot, but if you do it and succeed, I would love to hear about it.
The other files hosted ZT581KL_Z581KL_EMERGENCY_DLOAD.7z and ZT581KL_FUSE_Security_Keybox_160728.rar have to do with re-flashing the Qualcomm Snapdragon SoC (un-bricking), and the other one something to do with clearing/setting FUSE when the phone leaves factory or something, I'm not sure. Hopefully they can be of some use to someone to unlock this device. It would be nice. So here u go.
https://www.androidfilehost.com/?w=files&flid=289525 - link to ASUS_ZenPad_Z8_ZT581KL_P008_Verizon files
Has anyone tried flashing 'ZT581KL_T3.3.8_pre_burn_image_20160516' yet? Just wondering if it was successful; I haven't tried it yet.
smokejumper76 said:
Has anyone tried flashing 'ZT581KL_T3.3.8_pre_burn_image_20160516' yet? Just wondering if it was successful; I haven't tried it yet.
Click to expand...
Click to collapse
can you tell me how to extract the .raw from .bin, I will try to flash the device.
fuyangui said:
can you tell me how to extract the .raw from .bin, I will try to flash the device.
Click to expand...
Click to collapse
I used 7zip to extract the firmware from the archive.. Open 'ZT581KL_T3.3.8_pre_burn_image_20160516.zip' with 7zip. It should come up with a folder named 'ZT581KL_T3.3.8_pre_burn_image_20160516'. Go in that folder. There will then be a file shown called 'userdata.bin'. In 7zip, if you right click that file, then select 'Open Inside', it should open inside the .bin file and show the firmware files. From there, you can extract them somewhere. Hopefully, you can try to apply each .img file separately (fastboot), one at a time, and see if it works. Thank you!
Sorry to resurrect this old thread but I might have some info that will help others.
First off thanks for the OP for the download links as I cannot find the OEM ROMS anywhere for this device.
Second here are some more instructions that you may need if you are having issues with this device.
Use ASUS FLash Tool v1.0.0.45, it has the device model that you need and was the one that worked for me. Then download ASUS Factory VZW_ZT581KL_V5.4.1_all_user_M101901_16.0.0_170202 androidhost.ru.zip from the link the OP posted, it should be the first file, then this is the step that I missed and took forever to figure out. You have to open that zip file and extract the .raw file, so you should have a file called ZT581KL_all_VZW_user_V5.4.1.raw. That is the file that you need to select in the Asus Flash Tool by clicking the little box with a down arrow inside it, then boot your tablet into Fastboot (Hold down the Power and Volume Down buttons) then once in fastboot, make sure you select the right model for this tablet it should be, ZT581KL, then I left Wipe Data as no, then connect your tablet to your computer with a USB cable, and you should see your Serial Number and a round icon under the State column. Then once that is all correct click the Start button, you may get an error about some FPS thing that can't be downloaded or something just hit OK, then you should see under the Description column that it's flashing the ROM, wait for a while and you should then have a "Flash Image Successfully (The serial number for your device will show here)" under the description and your tablet will reboot.
My tablet was originally on v5.4.5, this ROM will take you back to v5.4.1 but then through the tablet settings you can do an upgrade to v5.4.4 then do another one and it will be at v5.4.5 then you are all set.
So the issue I was having with the tablet was after a factory reset it would freeze at the setup screen and not let me continue, it took me forever to find out how to get it fixed and the instructions above worked for me, so if anyone else is having similar issues then hopefully this will help. I literally spent days and searched through about 70 forums to try and find a fix for it, I even reached to Asus for help, which they basically told me I had to pay to send it in and have it fixed, I was just about to give up when I came upon this thread and the OP's download links, so thanks again smokejumper76. If anyone has any questions about my instructions feel free to reply/comment.
Thanks!
Downgrade success
I used the files provided by OP and was able to successfully flash from 5.4.1 to 3.4.16. I got this tablet from a friend a few years back that he acquired from his work when it went out of business. It has the frp lock on it and im looking at the few available options. So, since this tablet had been sitting for two years. Its Guinea pig time. I'll flash the 3.3.8 and check back. It seems you can go forward or backward in so versions with the flash tool. So I'm not too worried about brick. If I can just get usb debugging on I'll be gold. Possible exploits if it runs.
Well. The 3.3.8 is not packaged properly for flashing. And that 600mb file expands to 9gb. There is a file "system.img" inside that's roughly the right size as the system and has the correct file structure. I have a friend who is going to help me repack that rom correctly for flashing. Meanwhile I am going to look into the 3.4.16 rom and see if I can't set usb debug to on and flash the modded image. From there I should be able to sideload su. I'll report back.
mofugggz said:
Well. The 3.3.8 is not packaged properly for flashing. And that 600mb file expands to 9gb. There is a file "system.img" inside that's roughly the right size as the system and has the correct file structure. I have a friend who is going to help me repack that rom correctly for flashing. Meanwhile I am going to look into the 3.4.16 rom and see if I can't set usb debug to on and flash the modded image. From there I should be able to sideload su. I'll report back.
Click to expand...
Click to collapse
Any update? Thank you for your efforts!
smokejumper76 said:
Any update? Thank you for your efforts!
Click to expand...
Click to collapse
I have the same tablet as well. Root would be great, any chance of unlocking the BL?
klister said:
I have the same tablet as well. Root would be great, any chance of unlocking the BL?
Click to expand...
Click to collapse
hi
any advance with this?
Enviado desde mi P008 mediante Tapatalk
WHat is the password to the files
I used the emergency download file to unbrick the Japanese version of z581kl. However, maybe the partition structure is different, when I try to write to the system partition, it says that there is no partition. What should i do? I'm sorry for my bad English.
allisondanielle said:
WHat is the password to the files
Click to expand...
Click to collapse
https://www.asusflashtool.com/ - Description Page with Password
Unzip Password: asusflashtool.com
I installed ZT581KL_T3.3.8_pre_burn_image_20160516.zip on my z581kl.
That resulted in Android 6.0 AOSP working!
There is a bug that screen rotation is not possible, but everything else is fine.
There is a bug that the screen cannot be rotated, but other than that, everything is fine. After installing TWRP, you need to mount /system and the location of system.img, and then execute the following command from the TWRP terminal.
mkdir new-system
mount system.img new-system
cp -a -R -p new-system/* /system
Translated with www.DeepL.com/Translator (free version)
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
清水侑磨 said:
I installed ZT581KL_T3.3.8_pre_burn_image_20160516.zip on my z581kl.
That resulted in Android 6.0 AOSP working!
There is a bug that screen rotation is not possible, but everything else is fine.
There is a bug that the screen cannot be rotated, but other than that, everything is fine. After installing TWRP, you need to mount /system and the location of system.img, and then execute the following command from the TWRP terminal.
mkdir new-system
mount system.img new-system
cp -a -R -p new-system/* /system
Translated with www.DeepL.com/Translator (free version)View attachment 5251235View attachment 5251237View attachment 5251239
Click to expand...
Click to collapse
I flashed the zt581kl image using EDL mode as described in this blog because the partition structure of the zt581kl is different from that of the zt581kl.
z581klでEDLモードに入る方法
xxxxx
itgameinfo.blogspot.com
Hi. New to the forum. I’m looking to downgrade my asus zt581kl so that I can root. Can someone show me the exactly step by step to downgrade my table? The above replies are a bit confusing to follow.
Tmupt said:
Hi. New to the forum. I’m looking to downgrade my asus zt581kl so that I can root. Can someone show me the exactly step by step to downgrade my table? The above replies are a bit confusing to follow.
Click to expand...
Click to collapse
Maybe start here:
https://www.getdroidtips.com/v5-4-1-nougat-verizon-asus-zenpad-z8/
I've been messing around with some of the files, and I was able to brick and unbrick the device following the firehose SOP PDF instructions. It basically flashes a barebones boot w/o any OS, and you have to flash a complete firmware to it to restore it back.
I was also able to install TWRP but it showed 0 space avail, I think because I didn't wipe it. I'll play with that later.
Used these links (use google translate)
z581klでEDLモードに入る方法
xxxxx
itgameinfo.blogspot.com
zenpad 3 8.0に簡単にTWRPを導入する+fastbootの裏技
xxxxx
itgameinfo.blogspot.com
I need to ask @清水侑磨 about how to flash ZT581KL_T3.3.8_pre_burn_image_20160516.zip. I think the userdata.bin file is a NAND dump created by Chinese Miracle 2 / Infinity Box but I'm having problems getting it to read the partitions. I was able to get the tablet in EDL mode, so I'm not sure what I'm doing wrong.
Anyone have a QPST .QCN file for ZT581KL for this device? Flashing 3.3.8 from that preburn file will nuke your IMEI. Mine got changed to all 1s and lost provisioning connectability w/ carrier. in fastboot/adb, so I need to restore it. If anyone could make a QCN (with your IMEI removed of course) so I can do that I would be most appreciative.
smokejumper76 said:
I've been messing around with some of the files, and I was able to brick and unbrick the device following the firehose SOP PDF instructions. It basically flashes a barebones boot w/o any OS, and you have to flash a complete firmware to it to restore it back.
I was also able to install TWRP but it showed 0 space avail, I think because I didn't wipe it. I'll play with that later.
Used these links (use google translate)
z581klでEDLモードに入る方法
xxxxx
itgameinfo.blogspot.com
zenpad 3 8.0に簡単にTWRPを導入する+fastbootの裏技
xxxxx
itgameinfo.blogspot.com
I need to ask @清水侑磨 about how to flash ZT581KL_T3.3.8_pre_burn_image_20160516.zip. I think the userdata.bin file is a NAND dump created by Chinese Miracle 2 / Infinity Box but I'm having problems getting it to read the partitions. I was able to get the tablet in EDL mode, so I'm not sure what I'm doing wrong.
Click to expand...
Click to collapse
Sorry for the late reply.
To boot AOSP, instead of burning the system.img from edl or fastboot, use adb.
The method is as follows
1、Start TWRP.
2、Connect your PC to USB.
3、Go to the directory where system.img is located, and press
adb push system.img /sdcard/
4、Enter the shell
adb shell
5、Mount system.img.
mkdir new-system
mount system.img new-system
6、Copy the contents of the mounted system.img to the system partition.
cp -a -R -p new-system/* /system
(If this fails, check that the system partition is mounted. If the system partition is mounted but you cannot write to it, format the system partition.)
7、After rebooting, you should see an Android message
Translated with www.DeepL.com/Translator (free version)
NOTE: I am not responsible for any bricked devices. DO THIS AT YOUR OWN RISK!
Click to expand...
Click to collapse
I recently changed my splash screen logo from samsung to a custom one i made in pixlr. Its looks coool. A video is attached below.
REQUIREMENTS:
- ROOTED A32 4G
- usb c cable (to connect to pc)
- windows PC (for zipping and etc.)
- ADB installed on your pc. (For running shell commands) [OR YOU COULD USE SOME TERMINAL EMULATOR]
If your doing this on your phone just follow along, i included seperate commands.
STEPS:
1. Download attached up_param.bin (i extracted this from android 11 firmware. it shld work with fine with 12 they are same. Since downloading whole firmware takes alot of time)
2. Install 7zip if you already didn't from here.
3. Make a working directory anywhere
4. Use 7 zip to extract up_param.bin to a folder.
After extracting this is what you should see
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
These are all the images!
5. modify files as you like. (MAKE SURE THE DIMENSIONS ARE THE SAME. AND DO NOT REMOVE ANY IMAGE IT COULD BRICK)
NOTE: DO NOT TOUCH DOWNLOAD MODE IMAGES. if you f**k them up you will never be able to get into download mode again
You can replace boot_warning.jpg, logo.jpg (main file responsible logo), letter.jpg (the logo that shows for a split second), svb_orange.jpg (boot loader unlock warning)
6. select all images -> right click -> add to archive.
7. set it to tar.
8. set compression method to GNU.
This is what it should look like
9. Click on OK.
10. Now connect your A32 to the PC. (enable USB debugging)
11. Copy over the tar file that was generated by 7zip to anywhere. i am gonna assume we placed it in the internal storage (/sdcard/)
12. Run the following commands.
NOTE: I am editing the original thread since i checked in up param file of my new a13 fw and found new file. Its for if the battery temperature is too high. if you modify the up param from a11 fw and flash that it may not exist and the phone will boot loop if it wants to display the menu...
iM UPLOADING A13 stock up_param HERE FROM A325FXXU2CVK3.
Uploaded as up_param-a13.bin
adb shell (Phone users skip this.)
su
(Grant su permission if the popup comes up).
Then run
ls -l /dev/block/platform/****/by-name
After you get a long output. Search for up_param.
(We all have the same phone but just in case some people with diff samsung mtk phones come here).
now we just have to run 2 more commands and we are done!
Taking backups incase something goes wrong.
(People with different phones replace your up_param partition name here.)
dd if=/dev/block/mmcblk0p35 of=/sdcard/backup-param.bin
Now flashing our new modified up_param with new images
dd if=/sdcard/filename.tar of=/dev/block/mmcblk0p35
WE ARE DONE! now reboot and enjoy the new logo!
CREDITS:
- Orignal post: here.
Also video attached below
Captain_cookie_200 said:
I recently changed my splash screen logo from samsung to a custom one i made in pixlr. Its looks coool. A video is attached below.
REQUIREMENTS:
- ROOTED A32 4G
- usb c cable (to connect to pc)
- windows PC (for zipping and etc.)
- ADB installed on your pc. (For running shell commands) [OR YOU COULD USE SOME TERMINAL EMULATOR]
If your doing this on your phone just follow along, i included seperate commands.
STEPS:
1. Download attached up_param.bin (i extracted this from android 11 firmware. it shld work with fine with 12 they are same. Since downloading whole firmware takes alot of time)
2. Install 7zip if you already didn't from here.
3. Make a working directory anywhere
4. Use 7 zip to extract up_param.bin to a folder.
After extracting this is what you should see
View attachment 5775661
These are all the images!
5. modify files as you like. (MAKE SURE THE DIMENSIONS ARE THE SAME. AND DO NOT REMOVE ANY IMAGE IT COULD BRICK)
NOTE: DO NOT TOUCH DOWNLOAD MODE IMAGES. if you f**k them up you will never be able to get into download mode again
You can replace boot_warning.jpg, logo.jpg (main file responsible logo), letter.jpg (the logo that shows for a split second), svb_orange.jpg (boot loader unlock warning)
6. select all images -> right click -> add to archive.
View attachment 5775663
7. set it to tar.
8. set compression method to GNU.
This is what it should look like
View attachment 5775665
9. Click on OK.
10. Now connect your A32 to the PC. (enable USB debugging)
11. Copy over the tar file that was generated by 7zip to anywhere. i am gonna assume we placed it in the internal storage (/sdcard/)
12. Run the following commands.
adb shell (Phone users skip this.)
su
(Grant su permission if the popup comes up).
Then run
ls -l /dev/block/platform/****/by-name
After you get a long output. Search for up_param.
View attachment 5775673
(We all have the same phone but just in case some people with diff samsung mtk phones come here).
now we just have to run 2 more commands and we are done!
Taking backups incase something goes wrong.
(People with different phones replace your up_param partition name here.)
dd if=/dev/block/mmcblk0p35 of=/sdcard/backup-param.bin
Now flashing our new modified up_param with new images
dd if=/sdcard/filename.tar of=/dev/mmcblk0p35
WE ARE DONE! now reboot and enjoy the new logo!
Click to expand...
Click to collapse
Very good thanks
kilam9900 said:
Very good thanks
Click to expand...
Click to collapse
hehe your welcome. hope it works epikly for you. (if you do it)
Captain_cookie_200 said:
hehe your welcome. hope it works epikly for you. (if you do it)
Click to expand...
Click to collapse
I will do it but I am scare to f**k size so I will do it on PC
kilam9900 said:
I will do it but I am scare to f**k size so I will do it on PC
Click to expand...
Click to collapse
oh lmao. if you do end up breaking your up_param it would still boot fine. but downlaod mode would break until a proper up param file is flashed again.
Captain_cookie_200 said:
oh lmao. if you do end up breaking your up_param it would still boot fine. but downlaod mode would break until a proper up param file is flashed again.
Click to expand...
Click to collapse
I'm reassured
I recommend using dd oflag=direct,sync if=/sdcard/filename.tar of=/dev/block/mmcblk[...] otherwise you may get all sorts of problems, even a bricked phone, especially if you reboot straightaway after flashing. Inside Android all data transfers are cached, it's not the Download tool where everything is synchronous (or at least flushed before reboot).
uluruman said:
I recommend using dd oflag=direct,sync if=/sdcard/filename.tar of=/dev/block/mmcblk[...] otherwise you may get all sorts of problems, even a bricked phone, especially if you reboot straightaway after flashing. Inside Android all data transfers are cached, it's not the Download tool where everything is synchronous (or at least flushed before reboot).
Click to expand...
Click to collapse
i didnt have to deal with anything like that. i did multiple flashes atleast 15 flashes using dd to the up param partition and i did not brick my phone at all. worse you could get is a black screen while booting. and your download mode would not work. but its easy to get it back just flash the up param file again the one that was backed up. although thanks for the info. i did this using recovery. could also be done while booted into android itself
Captain_cookie_200 said:
i didnt have to deal with anything like that. i did multiple flashes atleast 15 flashes using dd to the up param partition and i did not brick my phone at all. worse you could get is a black screen while booting. and your download mode would not work. but its easy to get it back just flash the up param file again the one that was backed up. although thanks for the info. i did this using recovery. could also be done while booted into android itself
Click to expand...
Click to collapse
I ran into this problem when rebooted the phone using the "reboot" shell command right after the "dd". When rebooting from the UI all caches are flushed, of course, but the "reboot" command is a bit crude method I suppose (although in Linux it's always absolutely graceful). Anyway, the logo screen looked absolutely fine, and the system booted okay, but when I tried to enter Download I got the black screen and the boot loop, and no way to either enter Download, Recovery or boot the system. In fact the only thing that still worked was forced reboot (Power + Vol Down). I was able to get out of this situation by connecting the charger and holding Power + Vol Down to force the phone into the off state, then I connected it to the PC and tried entering the Download mode once again, and this time it worked although the graphics was all messed up.
uluruman said:
I ran into this problem when rebooted the phone using the "reboot" shell command right after the "dd". When rebooting from the UI all caches are flushed, of course, but the "reboot" command is a bit crude method I suppose (although in Linux it's always absolutely graceful). Anyway, the logo screen looked absolutely fine, and the system booted okay, but when I tried to enter Download I got the black screen and the boot loop, and no way to either enter Download, Recovery or boot the system. In fact the only thing that still worked was forced reboot (Power + Vol Down). I was able to get out of this situation by connecting the charger and holding Power + Vol Down to force the phone into the off state, then I connected it to the PC and tried entering the Download mode once again, and this time it worked although the graphics was all messed up.
Click to expand...
Click to collapse
did you touch the download mode images in any way? i dont know why this happened for you. i guess i did press the reboot button instead of using the command. since i do it on first fw reflash and i flash a gsi immdiiately afterwards... download shouldnt have died like that tho. i messed with my down load images completely. i competely replaced them with diff new images that are diff sizes too. i dont know why this is happening for you. my download works fine. although it reverts to the old download image somehow once on downloading mode. for confirmations it does show my edited images.
Captain_cookie_200 said:
did you touch the download mode images in any way? i dont know why this happened for you. i guess i did press the reboot button instead of using the command. since i do it on first fw reflash and i flash a gsi immdiiately afterwards... download shouldnt have died like that tho. i messed with my down load images completely. i competely replaced them with diff new images that are diff sizes too. i dont know why this is happening for you. my download works fine. although it reverts to the old download image somehow once on downloading mode. for confirmations it does show my edited images.
Click to expand...
Click to collapse
I suppose your Download still worked fine because the up_param tar archive was complete and not corrupt, and even image files were normal and not chopped in the middle of the data stream. In my case it was the latter, when cache is not flushed the data stream is just cut, and such a simple program as Download obviously cannot handle broken files. The Download tool itself is kept in the separate "debugger" flash memory, I guess it has the default graphics too which can be displayed if no graphics is found in up_param.
uluruman said:
I suppose your Download still worked fine because the up_param tar archive was complete and not corrupt, and even image files were normal and not chopped in the middle of the data stream. In my case it was the latter, when cache is not flushed the data stream is just cut, and such a simple program as Download obviously cannot handle broken files.
Click to expand...
Click to collapse
oh i see. thanks for telling about this. it would help people alot from preventing to brick their phone from bricking
Captain_cookie_200 said:
oh i see. thanks for telling about this. it would help people alot from preventing to brick their phone from bricking
Click to expand...
Click to collapse
Correction: 'dd oflag=direct,sync' does not work in Android shell, the working alternative is 'dd conv=fsync'
Captain_cookie_200 said:
I recently changed my splash screen logo from samsung to a custom one i made in pixlr. Its looks coool. A video is attached below.
REQUIREMENTS:
- ROOTED A32 4G
- usb c cable (to connect to pc)
- windows PC (for zipping and etc.)
- ADB installed on your pc. (For running shell commands) [OR YOU COULD USE SOME TERMINAL EMULATOR]
If your doing this on your phone just follow along, i included seperate commands.
STEPS:
1. Download attached up_param.bin (i extracted this from android 11 firmware. it shld work with fine with 12 they are same. Since downloading whole firmware takes alot of time)
2. Install 7zip if you already didn't from here.
3. Make a working directory anywhere
4. Use 7 zip to extract up_param.bin to a folder.
After extracting this is what you should see
View attachment 5775661
These are all the images!
5. modify files as you like. (MAKE SURE THE DIMENSIONS ARE THE SAME. AND DO NOT REMOVE ANY IMAGE IT COULD BRICK)
NOTE: DO NOT TOUCH DOWNLOAD MODE IMAGES. if you f**k them up you will never be able to get into download mode again
You can replace boot_warning.jpg, logo.jpg (main file responsible logo), letter.jpg (the logo that shows for a split second), svb_orange.jpg (boot loader unlock warning)
6. select all images -> right click -> add to archive.
View attachment 5775663
7. set it to tar.
8. set compression method to GNU.
This is what it should look like
View attachment 5775665
9. Click on OK.
10. Now connect your A32 to the PC. (enable USB debugging)
11. Copy over the tar file that was generated by 7zip to anywhere. i am gonna assume we placed it in the internal storage (/sdcard/)
12. Run the following commands.
NOTE: I am editing the original thread since i checked in up param file of my new a13 fw and found new file. Its for if the battery temperature is too high. if you modify the up param from a11 fw and flash that it may not exist and the phone will boot loop if it wants to display the menu...
iM UPLOADING A13 stock up_param HERE FROM A325FXXU2CVK3.
Uploaded as up_param-a13.bin
adb shell (Phone users skip this.)
su
(Grant su permission if the popup comes up).
Then run
ls -l /dev/block/platform/****/by-name
After you get a long output. Search for up_param.
View attachment 5775673
(We all have the same phone but just in case some people with diff samsung mtk phones come here).
now we just have to run 2 more commands and we are done!
Taking backups incase something goes wrong.
(People with different phones replace your up_param partition name here.)
dd if=/dev/block/mmcblk0p35 of=/sdcard/backup-param.bin
Now flashing our new modified up_param with new images
dd if=/sdcard/filename.tar of=/dev/block/mmcblk0p35
WE ARE DONE! now reboot and enjoy the new logo!
Click to expand...
Click to collapse
NOTE: I am editing the original thread since i checked in up param file of my new a13 fw and found new file. Its for if the battery temperature is too high. if you modify the up param from a11 fw and flash that it may not exist and the phone will boot loop if it wants to display the menu...
iM UPLOADING A13 stock up_param HERE FROM A325FXXU2CVK3.
Uploaded in orignal thread as up_param-a13.bin
I made it and works perfectly, thanks for the tutorial!!
ApiYoshi said:
I made it and works perfectly, thanks for the tutorial!!
Click to expand...
Click to collapse
glad to hear thatt. and your welcome
how to apply this on snapdragon devices
they don't have up_parem.bin file ??
elswerky said:
how to apply this on snapdragon devices
they don't have up_parem.bin file ??
Click to expand...
Click to collapse
they do? check inside bl file of your firmware. Or using the partition list command should show it
Captain_cookie_200 said:
they do? check inside bl file of your firmware. Or using the partition list command should show it
Click to expand...
Click to collapse
Bl file itself doesn't have up_parem.bin file
Unlike exynis devices which have it
And am.nit familiar with partition as you said if you can helping me
Talking about tab S6 w8th android 12 , OneUi 4.1