Hi, bit of a noob - not sure if i have the terminology right but i have a Note II N7100 and need to do some forensics for a pal whos wife is possibly having an affair and hides it thru kik online chat not txts. I am planning to take an image to a 32gb microsd, move to PC,run winhex and finally testdisc over the resulting drive to hopefully recover some deleted sqlite db's!
I am going off this guide - forensicfocus.com/2012/09/12/android-forensics/ - I have rooted the phone all fine. But i am having a job with the "dd" command for example
dd if=/dev/block/mmcblk0p16 of=/extSdCard/image.img
This returns "/extSdCard/image.img - cannot open for write. No such file or directory"
Or dd if=/dev/block/mmcblk0p16 of=/dev/block/vold/179:33/image.img
returns "/dev/block/vold/179:33/image.img - cannot open for write. Not a directory"
Ive used "diskdigger" to look for images and devices are:
/system 2gb (/dev/block/mmcblk0p16)
/efs 20mb (/dev/block/mmcblk0p3)
/cache 1.34gb (/dev/block/mmcblk0p12)
/data 10.6gb (/dev/block/mmcblk0p16)
/storage/extSdCard, 29gb (dev/block/vold/179:33)
Any help or links on the syntax appreciated greatly
Off the top of my head the first thing I would try is sending the dd image to the internal sdcard first, then moving it to the external later. Might be that it's having trouble going the extra step away from the device.
You could always just plug it into a computer and use adb to pull the dd image(s) directly to the computer and skip putting them on the phone at all. It's what I would do to minimize my residual impact on the device at hand.
Also, try naming them as the mmcblk.img corresponding to what partition you are pulling, makes it easier to go through later.
Try this:
Code:
dd if=/dev/block/mmcblk0p13 of=/storage/extSdCard/system.img bs=4096
This should give you a dd of /system (which is /dev/block/mmcblk0p13, not /dev/block/mmcblk0p16).
dwitherell said:
Try this:
Code:
dd if=/dev/block/mmcblk0p13 of=/storage/extSdCard/system.img bs=4096
This should give you a dd of /system (which is /dev/block/mmcblk0p13, not /dev/block/mmcblk0p16).
Click to expand...
Click to collapse
ah you are a hero! :good::good::good:
G2 Mini
dwitherell said:
Try this:
Code:
dd if=/dev/block/mmcblk0p13 of=/storage/extSdCard/system.img bs=4096
This should give you a dd of /system (which is /dev/block/mmcblk0p13, not /dev/block/mmcblk0p16).
Click to expand...
Click to collapse
Thanks dude! you saved my ass with the D620!
Related
I would like to try flashing the stock bell rom back on my phone but I never backed it up initially.
I've been having Bluetooth music issues with both kernelpanics and ho!no!s roms so I have to get stock to test if its the phone or just the roms while its still in warranty.
Thanks guys!!
Sent from my LG-P930 using XDA
EDIT:
Found stock system.img
What are the ADB commands to flash the file to my phone?
Bump for new topic. Found System.img of stock bell canada rom
adb shell
su
dd if=/sdcard/boot.img of=/dev/block/mmcblk0p8
dd if=/sdcard/recovery.img of=/dev/block/mmcblk0p13
dd if=/sdcard/firmware.img of=/dev/block/mmcblk0p1
dd if=/sdcard/system.img of=/dev/block/mmcblk0p27
dd if=/sdcard/baseband.img of=/dev/block/mmcblk0p14
Epyoch said:
adb shell
su
dd if=/sdcard/boot.img of=/dev/block/mmcblk0p8
dd if=/sdcard/recovery.img of=/dev/block/mmcblk0p13
dd if=/sdcard/firmware.img of=/dev/block/mmcblk0p1
dd if=/sdcard/system.img of=/dev/block/mmcblk0p27
dd if=/sdcard/baseband.img of=/dev/block/mmcblk0p14
Click to expand...
Click to collapse
when I type SU in, it says /sbin/sh: su: not found
and if i try dd if=/sdcard/system.img of=/dev/block/mmcblk0p27
it gives me dd: can't open '/sdcard/system.img': No such file or directory
Okay, first, in CWM, you don't need to su for root permissions, your ADB shell has them. Second, if you haven't copied your file to the root level of your sdcard and if your file isn't named "system.img" exactly, that command will fail. I'll leave it to you to figure out how to move/rename your system.img file accordingly lol
Edit, it just occurred to me you might be having the garbled sdcard problem where it will spit out garbage if you type in the "ls" command in ADB. The solution has been posted by kernelpan1c, but first let us know what the output of ls is if you're sure your system.img is in the root level of your sdcard.
Malnilion said:
Okay, first, in CWM, you don't need to su for root permissions, your ADB shell has them. Second, if you haven't copied your file to the root level of your sdcard and if your file isn't named "system.img" exactly, that command will fail. I'll leave it to you to figure out how to move/rename your system.img file accordingly lol
Edit, it just occurred to me you might be having the garbled sdcard problem where it will spit out garbage if you type in the "ls" command in ADB. The solution has been posted by kernelpan1c, but first let us know what the output of ls is if you're sure your system.img is in the root level of your sdcard.
Click to expand...
Click to collapse
I already used ADB to push system.img to my phone's SDCard root directory.
Are you suggesting that I reformat my SDCard through windows?
I just realized that I am lacking the boot.img of the stock bell ROM. system and boot are the two that are absolutely necessary to get the phone working correct?
Which rom are you coming from? If it's a Nitro rom/kernelpan1c's rom, you shouldn't have to flash boot.img.
Yeah, according to kernelpan1c, there is something weird going on with the way our sdcard is formatted. After formatting it in Windows he says it should work just fine in the CWM flashed by Rom Manager (I haven't tested it myself, but I'm sure he's correct). I really want to know what is making the Rom Manager CWM unable to read it where bytecode64's CWM can read it just fine...
Malnilion said:
Which rom are you coming from? If it's a Nitro rom/kernelpan1c's rom, you shouldn't have to flash boot.img.
Yeah, according to kernelpan1c, there is something weird going on with the way our sdcard is formatted. After formatting it in Windows he says it should work just fine in the CWM flashed by Rom Manager (I haven't tested it myself, but I'm sure he's correct). I really want to know what is making the Rom Manager CWM unable to read it where bytecode64's CWM can read it just fine...
Click to expand...
Click to collapse
I think I'll be using HO!NO!'s rom as a base for the boot.img, since he has a bell optimus LTE, not the AT&T phone. I'm assuming that he hasn't made any changes to the boot partition, since no custom kernel development has occurred for this phone yet.
I found a so called legit CWM backup of the BELL rom, in one of the lu6200 threads, http://forum.xda-developers.com/showthread.php?t=1472501
but recovering the backup only hangs on the LG logo. I did a "advanced restore" and restored only the system and boot files but that didn't get past the logo either...
It booted after an advanced restore with the "stock" system(from that thread) and the boot (from HONO's), but the WIFI wouldn't start, it said error.
Where did you get your stock bell system.img? and can you provide it?
hereric said:
when I type SU in, it says /sbin/sh: su: not found
and if i try dd if=/sdcard/system.img of=/dev/block/mmcblk0p27
it gives me dd: can't open '/sdcard/system.img': No such file or directory
Click to expand...
Click to collapse
Mount sdcard in recovery.
After you enter adb shell
"mount /sdcard" (without quotations)
Then use the command "dd if=/sdcard/system.img of=/dev/block/mmcblk0p27"
I am making a separate thread specifically for Sprint because I have seen so many posts from Sprint users that took the OTA update, and I don't want this to be buried in the other thread.
If you have a Sprint G2, then you have to wipe the fota partition AND the misc partition.
Thanks so much to autoprime from #lg-g2 for pointing me in the right direction.
Code:
adb shell
cd /dev/block/platform/msm_sdcc.1/by-name
dd if=/dev/zero of=./fota
dd if=/dev/zero of=./misc
If you can't get adb to talk to your phone and only have the terminal from TWRP, then you will have to type the paths out -- make sure you get them right
-- Brian
I keep getting an error saying -
Code:
[email protected]:/dev/block/platform/msm_sdcc.1/by-name # dd if=/dev/zero of=./misc
zero of=./misc
./misc: write error: No space left on device
32769+0 records in
32768+0 records out
16777216 bytes transferred in 1.332 secs (12595507 bytes/sec)1
That is normal since we didn't specify a block size and a count. When dd fills the partition with zeros it errors out that it is out of space. The goal here is to do just that, fill the entire partition with zeros
-- Brian
runningnak3d said:
That is normal since we didn't specify a block size and a count. When dd fills the partition with zeros it errors out that it is out of space. The goal here is to do just that, fill the entire partition with zeros
-- Brian
Click to expand...
Click to collapse
That makes sense. Still learning about this side of android. Appreciate the help bro.
Silicon Knight said:
That makes sense. Still learning about this side of android. Appreciate the help bro.
Click to expand...
Click to collapse
does this work on D802 with CWM?
Also, i actually formatted all partitions shown on CWM advance menu.. does it mean my EFS is corrupt? I did not make EFS backup..
Hi people! I need backups from your phone F180L. Those who have F180L phone please make a backup. Go to the terminal emulator and type:
su
cd /sdcard
mkdir 123
cd /123
dd if=/dev/block/mmcblk0p1 of=modem.img
dd if=/dev/block/mmcblk0p15 of=drm.img
dd if=/dev/block/mmcblk0p12 of=m9kefs1.img
dd if=/dev/block/mmcblk0p13 of=m9kefs2.img
dd if=/dev/block/mmcblk0p26 of=persist.img
Please Share a link to files that are in the /123
mazahaka1997 said:
Hi people! I need backups from your phone F180L. Those who have F180L phone please make a backup. Go to the terminal emulator and type:
su
cd /sdcard
mkdir 123
cd /123
dd if=/dev/block/mmcblk0p1 of=modem.img
dd if=/dev/block/mmcblk0p15 of=drm.img
dd if=/dev/block/mmcblk0p12 of=m9kefs1.img
dd if=/dev/block/mmcblk0p13 of=m9kefs2.img
dd if=/dev/block/mmcblk0p26 of=persist.img
Please Share a link to files that are in the /123
Click to expand...
Click to collapse
Those who know what this is about, need no explanations. Those who are not so sure, be aware that by doing this (specifically the line in red), you will be sharing your phone's identity. Nothing's wrong with that, as long as you know it.
What's in drm and persist images?
Sent from my LG-E975 using Tapatalk
davevinci said:
What's in drm and persist images?
Click to expand...
Click to collapse
For these two, I don't know... Since I am not familiar with nuts and bolts of the DRM implementation on Android, I don't know what exactly is stored on that partition. As for persist, I was trying to get some info on it quite a while ago, for a different phone that is long gone, but couldn't find much.
Q&A for [INFO]Partition List HTC ONE M8 / RAW DUMP SCRIPT
Some developers prefer that questions remain separate from their main development thread to help keep things organized. Placing your question within this thread will increase its chances of being answered by a member of the community or by the developer.
Before posting, please use the forum search and read through the discussion thread for [INFO]Partition List HTC ONE M8 / RAW DUMP SCRIPT. If you can't find an answer, post it here, being sure to give as much information as possible (firmware version, steps to reproduce, logcat if available) so that you can get help.
Thanks for understanding and for helping to keep XDA neat and tidy!
Roundabout Method
I don't mean to be a grave digger, but this method worked for me, perhaps someone else may find it useful:
Problems:
I couldn't get access to the partitions through adb shell, it kept giving 'access denied' and adb was not asking SuperSu for root permissions.
Solution: [I disclaim everything for legal purposes]
After a number of things, I finally copied the following into Google Keep (you can use anything, notepad, whatever, mainly to transfer a script-like function). WARNING, you DO need an External SD CARD (Verify through Root Explorer that the /sdcard2/ is your EXTERNAL SD card. Make a folder on it called "World" [or whatever], it will save there, else change [use replace all in notepad?] it to work):
Code:
dd if=/dev/block/mmcblk0p1 of=/sdcard2/World/mmcblk0p1
dd if=/dev/block/mmcblk0p2 of=/sdcard2/World/mmcblk0p2
dd if=/dev/block/mmcblk0p3 of=/sdcard2/World/mmcblk0p3
dd if=/dev/block/mmcblk0p4 of=/sdcard2/World/mmcblk0p4
dd if=/dev/block/mmcblk0p5 of=/sdcard2/World/mmcblk0p5
dd if=/dev/block/mmcblk0p6 of=/sdcard2/World/mmcblk0p6
dd if=/dev/block/mmcblk0p7 of=/sdcard2/World/mmcblk0p7
dd if=/dev/block/mmcblk0p8 of=/sdcard2/World/mmcblk0p8
dd if=/dev/block/mmcblk0p9 of=/sdcard2/World/mmcblk0p9
dd if=/dev/block/mmcblk0p10 of=/sdcard2/World/mmcblk0p10
dd if=/dev/block/mmcblk0p11 of=/sdcard2/World/mmcblk0p11
dd if=/dev/block/mmcblk0p12 of=/sdcard2/World/mmcblk0p12
dd if=/dev/block/mmcblk0p13 of=/sdcard2/World/mmcblk0p13
dd if=/dev/block/mmcblk0p14 of=/sdcard2/World/mmcblk0p14
dd if=/dev/block/mmcblk0p15 of=/sdcard2/World/mmcblk0p15
dd if=/dev/block/mmcblk0p16 of=/sdcard2/World/mmcblk0p16
dd if=/dev/block/mmcblk0p17 of=/sdcard2/World/mmcblk0p17
dd if=/dev/block/mmcblk0p18 of=/sdcard2/World/mmcblk0p18
dd if=/dev/block/mmcblk0p19 of=/sdcard2/World/mmcblk0p19
dd if=/dev/block/mmcblk0p20 of=/sdcard2/World/mmcblk0p20
dd if=/dev/block/mmcblk0p21 of=/sdcard2/World/mmcblk0p21
dd if=/dev/block/mmcblk0p22 of=/sdcard2/World/mmcblk0p22
dd if=/dev/block/mmcblk0p23 of=/sdcard2/World/mmcblk0p23
dd if=/dev/block/mmcblk0p24 of=/sdcard2/World/mmcblk0p24
dd if=/dev/block/mmcblk0p25 of=/sdcard2/World/mmcblk0p25
dd if=/dev/block/mmcblk0p26 of=/sdcard2/World/mmcblk0p26
dd if=/dev/block/mmcblk0p27 of=/sdcard2/World/mmcblk0p27
dd if=/dev/block/mmcblk0p28 of=/sdcard2/World/mmcblk0p28
dd if=/dev/block/mmcblk0p29 of=/sdcard2/World/mmcblk0p29
dd if=/dev/block/mmcblk0p30 of=/sdcard2/World/mmcblk0p30
dd if=/dev/block/mmcblk0p31 of=/sdcard2/World/mmcblk0p31
dd if=/dev/block/mmcblk0p32 of=/sdcard2/World/mmcblk0p32
dd if=/dev/block/mmcblk0p33 of=/sdcard2/World/mmcblk0p33
dd if=/dev/block/mmcblk0p34 of=/sdcard2/World/mmcblk0p34
dd if=/dev/block/mmcblk0p35 of=/sdcard2/World/mmcblk0p35
dd if=/dev/block/mmcblk0p36 of=/sdcard2/World/mmcblk0p36
dd if=/dev/block/mmcblk0p37 of=/sdcard2/World/mmcblk0p37
dd if=/dev/block/mmcblk0p38 of=/sdcard2/World/mmcblk0p38
dd if=/dev/block/mmcblk0p39 of=/sdcard2/World/mmcblk0p39
dd if=/dev/block/mmcblk0p40 of=/sdcard2/World/mmcblk0p40
dd if=/dev/block/mmcblk0p41 of=/sdcard2/World/mmcblk0p41
dd if=/dev/block/mmcblk0p42 of=/sdcard2/World/mmcblk0p42
dd if=/dev/block/mmcblk0p43 of=/sdcard2/World/mmcblk0p43
dd if=/dev/block/mmcblk0p44 of=/sdcard2/World/mmcblk0p44
dd if=/dev/block/mmcblk0p45 of=/sdcard2/World/mmcblk0p45
dd if=/dev/block/mmcblk0p46 of=/sdcard2/World/mmcblk0p46
(Copy with or add a final return character for the last line to run okay)
I installed Terminal Editor
I went into Terminal Editor, typed "SU" pressed enter, a window pops up from SuperSu, Grant TE superpowers!!
Now, copy the above 'script', paste into TE (It will start immediately)
Connect your phone to your computer, and copy the World folder from your external storage to your computer.
PS it takes about 3GB on near-stock, without User Data.
Mainly I wanted the radio files and such, but whatever now I have a whole backup
Yea you'll need an unsecured kernel for ADB with root and some other modifications. It will get only worse moving forward. On the M9, even more stuff is required to run ADB as root.
My script still works, you just need to work out how to grant root to ADB.
Unfortunately, that also means you will not have any means to run a full and true stock backup (clone) of your phone because you need to modify at least the kernel and the ROM (add SU) in order to have access.
On the M9, DD has even been disabled for most partitions even with S-OFF. There, you can not access quite a few partitions with dd write (read works), rendering such clone backups useless.
So it's been a while since I played with ROMs on my v521, but i just upgraded to TWRP 3.1.1-0, and tried to update lineage to the newest nightly. I'm not swuck in a boot-loop.
I've run the commands in terminal that fixed the issue last time I ran into it:
Code:
dd if=/dev/zero of=/dev/block/platform/msm_sdcc.1/by-name/fota
dd if=/dev/zero of=/dev/block/platform/msm_sdcc.1/by-name/misc
To no avail - terminal says it can't find the files.
I've wiped everything, reformatted data, reinstalled TWRP, etc.
What's next? How can I break out of the loop?
I fixed it. Grabbed the wrong bookmark. Should have run:
Code:
dd if=/dev/zero of=/dev/block/bootdevice/by-name/fota
dd if=/dev/zero of=/dev/block/bootdevice/by-name/misc
Xerloq said:
I fixed it. Grabbed the wrong bookmark. Should have run:
Code:
dd if=/dev/zero of=/dev/block/bootdevice/by-name/fota
dd if=/dev/zero of=/dev/block/bootdevice/by-name/misc
Click to expand...
Click to collapse
I recently ran into this issue. Thanks for posting the fix!
You saved my butt with this, OP! Thank you!
For those who stumble onto this, the "terminal" he's referring to is the TWRP terminal that is accessible in TWRP>>Advanced>>Terminal.
Thanks for this fix! Could someone please tell me how to type an equal sign (=) in the TWRP terminal keyboard? I can't find it anywhere. I managed to give the tablet these commands with the adb shell.
How to upgrading 3.1.1-0?
How to upgrading 3.1.1-0?
yangseunghwan said:
How to upgrading 3.1.1-0?
Click to expand...
Click to collapse
I am using 3.1.1-0.
Thanks, this worked perfectly! I'm running TWRP-V521-3.0.2.0
How to type an "=" sign in TWRP terminal kb
channeledbymodem said:
Thanks for this fix! Could someone please tell me how to type an equal sign (=) in the TWRP terminal keyboard? I can't find it anywhere. I managed to give the tablet these commands with the adb shell.
Click to expand...
Click to collapse
I'll answer my own question in case someone comes here looking for the answer:
in twrp terminal keyboard to type "=" sign, tap ?123, then ~\{ for special characters including "="
Xerloq said:
I fixed it. Grabbed the wrong bookmark. Should have run:
Code:
dd if=/dev/zero of=/dev/block/bootdevice/by-name/fota
dd if=/dev/zero of=/dev/block/bootdevice/by-name/misc
Click to expand...
Click to collapse
I have been stuck on this issue for over 5 hours thank you so mucn