Sucessfully flashed 98.18.78 recovery into Locked 98.30.1 - Droid RAZR M General

I understand it is currently not possible to unlock a Razr M with 98.18.94 or 98.30.1 OTA. Never the less, I had been trying to restore a previous VooDoo root that I deleted before the last OTA. Through the experimenting, I screwed up the flash on my phone, and recovering it, I found something that might be interesting.
As others pointed out, downgrading does not work. Flashboot gives various errors. When I screwed up my file system, I was able to flash from 98.18.94 (which I had) to 98.30.1 (which was the only download I could find) using RSD Lite. I was lucky it worked. And since I have been able to experiment and keep flashing 98.30.1 over and over.
I would like to report that in my experiments, I noticed an interesting fact about the recovery.img:
I am able to flash stock 98.18.78 recovery to my phone running 98.30.1.
I have verified the recovery.img contents are not the same, according to a WinMerge file compare, they are ~10% the same
When I try to flash twrp or cwm recovery, the only fastboot error is to the effect "wrong partition size".
The size of .78 and 98.30.1 recovery are the same, 10,485,760 bytes
On the other hand, if I try to flash the .78 system.img fastboot, or use RSD lite to flash .78, I see different security related errors on the phone's fastboot screen- none of which mention partition size. Of course, this is related to the Locked Bootloader I have.
What I wonder is, since the error for the recovery.img is not a security related one, but one of size, and the fact that it took recovery from .78- I wonder if a cwm or twrp made to be the same size as stock Moto recovery, would it be able to sneak in?
Right now my Razr M has gone from 98.18.94 to 98.30.1 with a 98.18.78 recovery. And I'm working ok.
I am not a professional Android Dev. But I am going to do the research and try to modify a cwm type recovery to match the size of a Moto recovery, and see what happens.
I invite anyone with real experience to contribute.
Bryan

bryanwieg said:
What did you say?
Click to expand...
Click to collapse
Well I hope you have something here!
We need someone like jbaumert or Phil3759 to chime in here.

aviwdoowks said:
Well I hope you have something here!
We need someone like jbaumert or Phil3759 to chime in here.
Click to expand...
Click to collapse
I have already found that if I take the OTA recovery and unpackbootimg and then mkbootimg without changing anything.. it recompiles down to aprox 5mb, which is different than the size it started from Moto.
So I am looking at if the size is set in how the img is compiled.

30.1 and .94 are the same updates, just different system versions. As for the other stuff, I'm not even sure what to say. I'm with Avi on this, I definitely would like to see what a dev has to say.

New Philz coming BTW.
http://forum.xda-developers.com/showpost.php?p=48881182&postcount=2003
Others could ask for the padded up Philz or at least Quote my post.
http://forum.xda-developers.com/showpost.php?p=48886733&postcount=2004

aviwdoowks said:
New Philz coming BTW.
http://forum.xda-developers.com/showpost.php?p=48881182&postcount=2003
Others could ask for the padded up Philz or at least Quote my post.
http://forum.xda-developers.com/showpost.php?p=48886733&postcount=2004
Click to expand...
Click to collapse
I found out via a hex editor, both files have empty data insert after the same point, with certificate data at the end, and it winds up making each file the same size. The data before the 'empty data' in each file is mostly different bits.
My current problem is that when I decompile an img, and recompile it, it's bigger, meaning that I cannot insert the 'empty data' at the same point they did.

bryanwieg said:
I found out via a hex editor, both files have empty data insert after the same point, with certificate data at the end, and it winds up making each file the same size. The data before the 'empty data' in each file is mostly different bits.
My current problem is that when I decompile an img, and recompile it, it's bigger, meaning that I cannot insert the 'empty data' at the same point they did.
Click to expand...
Click to collapse
They are both signed with the 128, or more, bit code. Which is what makes this a such a Loooooong shot.

aviwdoowks said:
They are both signed with the 128, or more, bit code. Which is what makes this a such a Loooooong shot.
Click to expand...
Click to collapse
Well, you'r right on the money. I appended data to a CWM recovery the same as Moto did to thiers, including the certificate at the end.
I didn't get a partition size error this time, but I did get a 'Failed to hab check for recovery'.
Granted, I didn't manage to place the 'empty data' at the same point in the file as the stock roms did. Other than that, it must be the certificate.

bryanwieg said:
What I wonder is, since the error for the recovery.img is not a security related one, but one of size, and the fact that it took recovery from .78- I wonder if a cwm or twrp made to be the same size as stock Moto recovery, would it be able to sneak in?
Click to expand...
Click to collapse
No, because it first checks the size (or whether it's a valid image at all) and if the size is correct, it checks the signature.

I found that I can put recovery all the way back to 98.15.66. I haven't tried further back due to kernel version.
I tried to then apply an update ZIP to something pre 98.30.1, and it passed validation (woohoo), but if failed an assert that checked the version in the props. (cry)
I wish there was something in the older recoveies we could exploit.

Really glad to see someone is still trying to find some sort of exploit for this device in it's updated state, it seemed like everyone had completely given up on it. My girlfriend recently grabbed a used Razr M to use for a while but it's fully updated, and I would love to be able to root it for her. I'll be following this thread to see if anything comes of this recovery downgrading

I'm pretty sure you can edit the props from what I can remember.
Sent from my XT907 using xda app-developers app

bryanwieg said:
I found that I can put recovery all the way back to 98.15.66. I haven't tried further back due to kernel version.
I tried to then apply an update ZIP to something pre 98.30.1, and it passed validation (woohoo), but if failed an assert that checked the version in the props. (cry)
I wish there was something in the older recoveies we could exploit.
Click to expand...
Click to collapse
You can use root eplorer free to extract the single img from the 404 or 411 xml.zips
---------- Post added at 10:44 AM ---------- Previous post was at 10:39 AM ----------
Here http://sbf.droid-developers.org/phone.php?device=8
---------- Post added at 10:48 AM ---------- Previous post was at 10:44 AM ----------
The razr hd (2), atrix hd, photon Q all use a recovery w/ same key. Git to work man!

Re:
So, it is RSD that is keeping it from flashing, would the bootloader(locked) boot a recovery partition that isn't signed? Has anybody tried to dd the recovery partition? I will grab a TWRP dd recovery image if you guys have an interest in trying that.
It would still require root and either a terminal emulator or adb shell.

815turbo said:
So, it is RSD that is keeping it from flashing, would the bootloader(locked) boot a recovery partition that isn't signed? Has anybody tried to dd the recovery partition? I will grab a TWRP dd recovery image if you guys have an interest in trying that.
It would still require root and either a terminal emulator or adb shell.
Click to expand...
Click to collapse
Am I alone here now?
Does anyone with a locked boot loader want to try this? I could create a windows shell script to make it easier if that's the worry.

I am willing to try it out. Win 7 64bit... pass me needed staf to flash it
Sent from my XT907 using xda app-developers app

please do
815turbo said:
Am I alone here now?
Does anyone with a locked boot loader want to try this? I could create a windows shell script to make it easier if that's the worry.
Click to expand...
Click to collapse
sure do, i'm on win8, but also had win xp, how can i do it? what to download, what to execute? i can adb shell i think. i've survived from bricked before the screen said "flash failure".

benya274 said:
sure do, i'm on win8, but also had win xp, how can i do it? what to download, what to execute? i can adb shell i think. i've survived from bricked before the screen said "flash failure".
Click to expand...
Click to collapse
I'll post it in just a few minutes. I will also post the required commands and we'll be backing up current recovery. If it fails, it should be no problem to restore your backed up recovery.
Download TWRP image on your phone from: titanroms.com/upload/rec.img
Please get to an adb prompt and run these commands:
su
cd /sdcard
dd if=/dev/block/platform/msm_sdcc.1/by-name/recovery of=/sdcard/recbak1.img
dd if=/dev/block/platform/msm_sdcc.1/by-name/recovery of=/sdcard/recbak2.img
Please ensure that both copies are 10MB. The dd command should end by saying "10485760 Bytes Copied" on all of the "dd" commands.
Now, you should have two backups of the recovery partition and the TWRP Image you downloaded from here all on your sdcard.
You can follow with these commands AFTER your backup has completed.
cp /sdcard/Download/rec.img /sdcard/rec.img
dd if=/sdcard/rec.img of=/dev/block/platform/msm_sdcc.1/by-name/recovery
dd if=/dev/block/platform/msm_sdcc.1/by-name/recovery of=twrprecbak.img
mount -o remount,rw /system
mv /system/etc/install-recovery.sh /system/etc/install-recovery.bak
mv /system/recovery-from-boot.p /system/recovery-from-boot.bak
reboot recovery
In the event of a failed attempt at this you can run the following from adb:
su
cd /sdcard/
dd if=/sdcard/recbak1.img of=/dev/block/platform/msm_sdcc.1/by-name/recovery
Give me a holler if you don't understand this well. Good luck, guys.

I am gonna try it out tomorrow,i dont have time to do it tonight cause i need to go to work. My pc on work does not have internet connection I will keep u guys posted on any progress.
Sent from my XT907 using xda app-developers app

Just wanted to say I flashed the old ICS recovery to mine using fastboot commands but it didn't get me very far though.if I then try and flash the corresponding blur zip from recovery it just says invalid signature. Was trying to find a way to downgrade so I could get rooted..
Sent from my XT907 using Tapatalk

Related

A new method for ROOTing your xoom!!!

I do not know why you say this...
MOD EDIT: Rooters beware. Proceed with extreme caution, as these are highly uncharted waters.
Hi,
I am here to provide you a new method in rooting your xoom, it does not require to flash the decrypted boot.img image.
I have tried it only on my Wifi XOOM, which is a UK version. (With a Japan version of ROM, downloaded from Motodev and upgrade to 3.1)
***EDIT***
I have also tried on a HK 3g xoom (which shows MZ601 in MTP but MZ602 in fastboot). It works without any problem, and internal storage preserved untouched.
===============================================================
I am NOT a xoom developer, nor a rom cook. I am just a user of xoom, which know
a little on developing and are willing to try new things.
So, I can not be sure that the method below works on your device. By following the
things below, your xoom may have a chance to brick.
I am not responsible for any brick or mulfunction device.
===============================================================
To root your xoom, you should start with flashing your device with the clockworkmod recovery (Please refer to the post by solarnz).
After flashing the clockworkmod recovery, do the following.
1. Download the attached ROOT.zip, place it on the root directory of the external sd card, and rename it to update.zip
2. Restart your device to the recovery by:
Type "adb reboot recovery" from your pc
OR press volumn down ~2 seconds after the motorola logo appears when the device starts,
then volumn up when "-->Android recovery" appears.
3. Apply the update in the recovery.
That's it. Your device should be already rooted.
=======================================================================
I am not the inventor of the method, I think about this since I have a Samsung i9000,
and the method of rooting the i9000 is by applying a update.zip file.
I have created the ROOT.zip file by changing the i9000 root zip file with the newer su and superuser.apk (From here: http://forum.xda-developers.com/showthread.php?t=1010568)
I have also changed the updater-script in order to let the updater mount the correct partition for the update.
I am not sure if this update applies to other devices (especially for the 3g ones). This should work if the system partition have name "/dev/block/platform/sdhci-tegra.3/by-name/system".
I would like to thank solarnz for providing the clockmodwork recovery for xoom,
the one who invented the method of rooting the i9000 with a update.zip (I cannot find who make that, sorry...),
and also Xaositek for providing the su and superuser.apk files (I am too lazy to find it by myself...).
========================================================================
That's all. Please try on your device (especially for those stock 3.2) if you would like to take some risk, and report if it is success or not.
Thanks.
eddielo said:
Hi,
I am here to provide you a new method in rooting your xoom, it does not require to flash the decrypted boot.img image.
I have tried it only on my Wifi XOOM, which is a UK version. (With a Japan version of ROM, downloaded from Motodev and upgrade to 3.1)
===============================================================
I am NOT a xoom developer, nor a rom cook. I am just a user of xoom, which know
a little on developing and are willing to try new things.
So, I can not be sure that the method below works on your device. By following the
things below, your xoom may have a chance to brick.
I am not responsible for any brick or mulfunction device.
===============================================================
To root your xoom, you should start with flashing your device with the clockworkmod recovery (Please refer to the post by solarnz).
After flashing the clockworkmod recovery, do the following.
1. Download the attached ROOT.zip, place it on the root directory of the external sd card, and rename it to update.zip
2. Restart your device to the recovery by:
Type "adb reboot recovery" from your pc
OR press volumn down ~2 seconds after the motorola logo appears when the device starts,
then volumn up when "-->Android recovery" appears.
3. Apply the update in the recovery.
That's it. Your device should be already rooted.
=======================================================================
I am not the inventor of the method, I think about this since I have a Samsung i9000,
and the method of rooting the i9000 is by applying a update.zip file.
I have created the ROOT.zip file by changing the i9000 root zip file with the newer su and superuser.apk (From here: http://forum.xda-developers.com/showthread.php?t=1010568)
I have also changed the updater-script in order to let the updater mount the correct partition for the update.
I am not sure if this update applies to other devices (especially for the 3g ones). This should work if the system partition have name "/dev/block/platform/sdhci-tegra.3/by-name/system".
I would like to thank solarnz for providing the clockmodwork recovery for xoom,
the one who invented the method of rooting the i9000 with a update.zip (I cannot find who make that, sorry...),
and also Xaositek for providing the su and superuser.apk files (I am too lazy to find it by myself...).
========================================================================
That's all. Please try on your device (especially for those stock 3.2) if you would like to take some risk, and report if it is success or not.
Thanks.
Click to expand...
Click to collapse
How do you flash cwm if your device if locked? Also the purpose of the rooted boot.img is to allow you to mount your device for adb commands.
Sent from my PG86100 using Tapatalk
yeah no offense but this sounds a little sketch... I see you make a quote at the bottom asking people to report success if they try... I personally would not try this.
Unlocking and rooting is really not that hard and not very time consuming using current methods
Of course, for installing CWM, you have to unlock your device by using "fastboot oem unlock", but that will not brick your device anyway.
For this method, you do not need to issue adb commands to root your device, so no need to have a modified boot.img.
Also, for the current rooting methods, it is not 100% work on some device (like the HK 3g version, which reported missing of internal storage after rooting with currently available method), I would like to see if this work on that.
Rooters beware. Proceed with extreme caution, as these are highly uncharted waters.
eddielo said:
For this method, you do not need to issue adb commands to root your device, so no need to have a modified boot.img.
Click to expand...
Click to collapse
I think you missed my point. Rooted boot.img isn't used for rooting. Its used for adb commands like adb remount. Say i want to adb push a file to my xoom, ls a directory on my xoom, or adb rename system files. Those are all reason you need the rooted boot.img.
Sorry, this is not a rooting method. All what this is doing is flashing su, busybox and Superuser.apk.
There is more to rooting a device than this. You also need an insecure boot image.
I am sorry if I do not catch the real meaning of rooting a device.
What I think of rooting is to let my device, starting from everything stock, untouched, to a state that applications that need root, like Titanium backup or root explorer, works without problem.
I have tried on my two devices with this method, titanium backup works perfectly, root explorer can remount the system partition to rw and can successfully copy files and delete files from that.
The insecure boot.img image, as far as I know, provides everyone to use "adb remount" and make changes to the system directory. But my method do not need adb in copying the binaries and chmod them. You may call it flashing, but after that, su works without problem.
Please, try it first. If you think it is not a method of rooting, I am sorry about that.
Actually guys, don't dismiss him just yet, over in the Galaxy S II forums we only flash insecured images long enough to root the OS then flash back to a secure one, so you have root access but no remount or system r/w.
It's a (fairly) legitimate method and is exactly how I rooted my xoom this time round, well not exactly, I did it like this:
unlock
flash solarnz CWM
adb mount system r/w
push su and busybox
reboot
install superuser from market
done
This is how most people run their GSII and means you can use root apps but no insecure boot image (because the GSII shows a warning on every boot with insecure images and keeps a binary flash counter, cheeky samsung).
This will at least get you to the point where you can su from within android and dump your boot image to modify it yourself, which is what I just did to update my Euro 3G root guide.
So does this mean just "rooted".....like can't flash a rom?
Sent from my Xoom using XDA Premium App
roughneckboren said:
So does this mean just "rooted".....like can't flash a rom?
Sent from my Xoom using XDA Premium App
Click to expand...
Click to collapse
Rooting has nothing to do with installing a rom. To install a rom, you just need to unlock and fastboot flash CWM. This guide in noway helps you flash a rom.
alias_neo said:
Actually guys, don't dismiss him just yet, over in the Galaxy S II forums we only flash insecured images long enough to root the OS then flash back to a secure one, so you have root access but no remount or system r/w.
It's a (fairly) legitimate method and is exactly how I rooted my xoom this time round, well not exactly, I did it like this:
unlock
flash solarnz CWM
adb mount system r/w
push su and busybox
reboot
install superuser from market
done
This is how most people run their GSII and means you can use root apps but no insecure boot image (because the GSII shows a warning on every boot with insecure images and keeps a binary flash counter, cheeky samsung).
This will at least get you to the point where you can su from within android and dump your boot image to modify it yourself, which is what I just did to update my Euro 3G root guide.
Click to expand...
Click to collapse
Without an rooted boot.img your recovery will get wiped out every time you boot the OS.
So will this let you make a titanium backup of your data? That way you could recover your data after using the regular unlock method that erases everything?
silvinoa said:
So will this let you make a titanium backup of your data? That way you could recover your data after using the regular unlock method that erases everything?
Click to expand...
Click to collapse
Yes and NO...
Yes this method will allow you to run titanium backup. But to use this method you have to unlock, which erases everything.

[Q] How to make a back-up of the I9250 stock ROM without CWM

I would like create a backup (of my entire system including boot image, data and system partitions. Is there any way I can do this without the CWM. The main reason is that I could return the phone to the original state in case if I have to return for service.
For my knowledge (and i have no knoledge! ) samsung accept rooted device on service (otherwise if the phone has broken screen it is not accepted)...but, if i were you, i would install cwm and make a nandroid backup of the whole system. If you want to have all of google system images(to restore original stock) you could set your sdk environment http://developer.android.com/sdk/index.html and download google images (bootloader, rom, radio) and put in a safe place (the SDK supply adb/fasboot which are tools that you would use to restore the google's files). that's the thread with these contents: http://forum.xda-developers.com/showthread.php?t=1366806 That's the standard (so yours) original stock files from google actually on your phone!
and also i advise you to follow these steps to save your /EFS partition (you never know) before flashing custom things, BUT IT REQUIRES ROOT: http://forum.xda-developers.com/showthread.php?t=1352371
BUT, if you don't want to install cwm, you could also see here: http://forum.xda-developers.com/showthread.php?t=1392310
Thank you. If I am right, msskip's tools will install the CWM onto my phone as well. I have just come across a guide for back-up without CWM <http://forum.xda-developers.com/showthread.php?t=1420351>. I am just not quite sure if it is the same full back-up as I get for the Nandriod or CWM. Does anyone have any experience with this?
The post you linked doens' backup /boot partition and recovery. So you can backup only /system and /data; you can obtain these EXACTLY files just downloading the google system (4.0.1 - 4.0.2 - 4.0.3) files (*.img estension) and you have the same result, plus you can get bootloader.img and recovery (evrything stock, meaning samsung galaxy nexus stock files)...these are in the post i linked and are the stock google images and these are the files that our phones has inside (also including system.img).
that' the explanation why i think that is basically useless to make a backup of /system and /data for warranty purpose, because google (or first phone users in november when the phone came out on the market) provied all .img that you need to revert (using fastboot) anytime your phone to a stock 'new'phone (which is your now, so in warranty!). Make, instead, a backup for the files and apps (apk) (usually /data) that you need if you want to try custom roms and then if you are not satisfied get back to stock...
To answer to your question, no is not the same kind of backup, you will lack /boot and recovery.
adding that you can use adb to generate .img by
Code:
cat /proc/mtd
and you will have a fs table with adresses (i have no phone now so cannot provide), then using dd (assuming boot is on mtd2):
Code:
dd if=/dev/mtd/mtd2 of=/sdcard/boot-stock.img bs=2048
and also use this for recovery partition...never tried for system and data partition (but could work, i'm not sure so not do that in this way, wait more knowing-knoledge people and also never tried on ics but, just ginger remembering...dont' know if it's the same in this new system)
but this process make use of
Code:
adb shell
su
the second one requires root....
as of now, i dont' now any method not involving root to make these things but as i stated at first post, i don't know anything
Thank you. I am wondering if the image file you have provided is for yakjuux. I have come across many posts that if I get the wrong baseband, the phone will not work correctly.
post, please, your baseband version which you can find on settings->phone info->basedand version in your phone; mine is 19250xxkl1 that i have recently updated from xxkk1 (the stock one)
My Build # is ITL41F I9250 UGKL1 and the kernel is 3.0.1-ga052f63 [email protected] #1.
Do you think you have a image of this? Thanks.
As far is i know, you have a GSM version of Galaxy Nexus. So it's safe to grab google image of /system, /boot and for the radio grab UGKL1 radio/baseband version. To better answear it's better to know also you bootloader version (which probably is primekk15): you can view this by going on bootloader on you phone doing this:
1 setup android sdk environment (include fastboot) for your pc system (windows-linux-osx)
2 enter in the settings menu of the phone and tic the 'debug usb'
3 attach the phone to the pc and let it recognize your phone (windows-osx), for linux install udev that already are in your distrib/repo
4 (assuming you are on windows) on pc... start/run/ cmd: the the terminal open up and go in your android-sdk directory, enter and then go to platform-tools; there is adb command, run: adb reboot bootloader
this will restart your phone in the bootloader menu. There, you have all of information you need...just write here your bootloader version (to have a confirmation) to understand which versione you need to download and put in a safe place in case of warranty-need...
Then wait someone better than me that knows how to make backup of all partitions without root (without exploit i think it's difficult to grant su access on the standard ics system); if there is no such possibility, just root, install cwm and do a nandroid backup and then trasnferr on a safe place on your place and you are good to go to try modding.....
now i need sleep as here is 8 in the morning and finishing compilemy l701x kernel which weight 3,4 mb lzo compressed, fine tuning.....good nite,ehm,good mornig..mmm... good is enough
Thank you. It takes some time to download the packages.
The Bootloader shows the following
Product Name: Tuna
Variant: Maguro
HW Version: 9
Bootloader Verson: Primekk14
Baseband Version: I9250UGKL1
Carrier Info: None
Signing: Production
What would be the appropriate to donload. Do you have their respective link? Thank you for your ongoing support.
Would anyone with experience please provide me with inputs if:
1. there is any way to back-up without root
OR
2. the phone has to be rooted, is there any way to have a program residing in my computer iso the phone (CWM in this case).
OR
3. there is any way to remove CWM and other rooted apps before I use GNex Toolkit to relock the phone.
Thanks.
Here you go:
http://forum.xda-developers.com/showthread.php?t=1420351
Would anyone with experience please help?
I am struggling with the same issue. Restoring the nandroid, removing su and superuser.apk and then relocking the bootloader actually brings the phone to quite factory looking mode (except for timestamps in system)
I wonder if it is possible to pull dump of system the same way it is done for boot and recovery.
Guys - it is pretty trivial to restore all partitions you would be modifying to factory conditions because Google provides the factory images for which you can use fastboot to restore. You don't even need to be unlocked much less rooted or have CWM installed because the Google images are official and have the correct signatures.
As for making image copies of your phones partitions this cannot be done w/o root access because these partitions are only available to root. If you are rooted you can use a utility such as dd on the phone to copy the partitions.
Sent from my Galaxy Nexus using XDA App
silow said:
Guys - it is pretty trivial to restore all partitions you would be modifying to factory conditions because Google provides the factory images for which you can use fastboot to restore. You don't even need to be unlocked much less rooted or have CWM installed because the Google images are official and have the correct signatures.
As for making image copies of your phones partitions this cannot be done w/o root access because these partitions are only available to root. If you are rooted you can use a utility such as dd on the phone to copy the partitions.
Sent from my Galaxy Nexus using XDA App
Click to expand...
Click to collapse
Google provides yakju images only. Phones here in Canada come with yakjuux which is even 4.0.1. It will be pretty obvious you have thinkered with your phone if you return it with yakju image instead the original one.
As for root - I think it might not be necesary - I was able to do nandroid backup without flashing neither recovery or root to my system by simply unlocking the boot loader and booting CWM off fastboot. I am thinking can we dd while in CWM (flash of phone still intact - except of bootloader which is not an issue since it can be relocked)
Anyone have the dd syntax handy and the partition that needs to be dumped?
system partition seems to be /dev/block/platform/omap/omap_hsmmc.0/by-name/system (this is the df output after I mounted it in CWM)
Would the dd command be something like
Code:
dd if=/dev/block/platform/omap/omap_hsmmc.0/by-name/system of=/sdcard/yakjuux.img
CWM provides you "root" because it has the su binaries in the ramdisk.
You can run the following when booted into CWM since CWM will mount /data:
Code:
dd if=/dev/block/mmcblk0p10 of=/data/media/system.img
leobg said:
[snip]
Anyone have the dd syntax handy and the partition that needs to be dumped?
system partition seems to be /dev/block/platform/omap/omap_hsmmc.0/by-name/system (this is the df output after I mounted it in CWM)
Would the dd command be something like
Code:
dd if=/dev/block/platform/omap/omap_hsmmc.0/by-name/system of=/sdcard/yakjuux.img
Click to expand...
Click to collapse
I think that may work. The output file may be padded with extra zeros, so you may need to trim them before flashing (this is certainly the case when you dump the radio).
EDIT: I would probably use this instead (although I am not sure it will make a difference:
Code:
dd if=/dev/block/platform/omap/omap_hsmmc.0/by-name/system of=/data/media/yakjuux.img
efrant said:
I think that may work. The output file may be padded with extra zeros, so you may need to trim them before flashing (this is certainly the case when you dump the radio).
EDIT: I would probably use this instead (although I am not sure it will make a difference:
Code:
dd if=/dev/block/platform/omap/omap_hsmmc.0/by-name/system of=/data/media/yakjuux.img
Click to expand...
Click to collapse
Yes, that was what I actually ended up doing since /sdcard was a sym link to /data/media. Resulting file is 654MB uncompressed. I wonder how can I easily check if content is right on a win machine.
---------- Post added at 09:44 PM ---------- Previous post was at 09:37 PM ----------
silow said:
CWM provides you "root" because it has the su binaries in the ramdisk.
You can run the following when booted into CWM since CWM will mount /data:
Code:
dd if=/dev/block/mmcblk0p10 of=/data/media/system.img
Click to expand...
Click to collapse
Yes, I meant it's not necessary to make any changes on the filesystem to achieve it once bootloader lock is off. And by simply relocking the device after, there are zero traces of any 'hackery' being done on the phone.
leobg said:
Yes, that was what I actually ended up doing since /sdcard was a sym link to /data/media. Resulting file is 654MB uncompressed. I wonder how can I easily check if content is right on a win machine.
Click to expand...
Click to collapse
There is obviously some extra padding in there, as the file size should be closer to half that size uncompressed.
---------- Post added at 09:08 AM ---------- Previous post was at 08:51 AM ----------
leobg said:
[snip]
And by simply relocking the device after, there are zero traces of any 'hackery' being done on the phone.
Click to expand...
Click to collapse
Not sure why so many people are worried about "traces of hackery". I can't speak from personal experience, but many Nexus One owners (if not all of who have attempted), had NO issues returning devices to HTC that were unlocked... Remember, the N1 did not have a relockable bootloader, so they obviously knew you were messing around.
You don't have to FLASH CWM to USE CWM.
Just BOOT CWM. Simple.

Would it be possible to root my sg2 USCC version of Epic4gtouch.

I was looking at the auto root for FB15 and was wanting to know if it would work for my phone, Android version: 2.3.6, Baseband: S:R760.01 K.FB14. Any help is greatly appreciated.
Sent from my SCH-R760 using Tapatalk
^^ Second this. Just got SCH-R760 (SGS II) from USCC, there is currently ZERO support. Thanks!
I've tried the ek02 autoroot three times and it's not able to push the files. SuperOneClick didn't work either.
Sent from my SCH-R760 using xda premium
themac79 said:
I was looking at the auto root for FB15 and was wanting to know if it would work for my phone, Android version: 2.3.6, Baseband: S:R760.01 K.FB14. Any help is greatly appreciated.
Sent from my SCH-R760 using Tapatalk
Click to expand...
Click to collapse
The fb15 on this phone is ics so not going to work on your GB ROM .....maybe steady Hawkin can make you a kernel to root it with Odin ....all you have to do is ask him he may do it
He may port cwm for you too don't hurt to ask
Sent from my SPH-D710 using xda premium
Epix4G said:
The fb15 on this phone is ics so not going to work on your GB ROM .....maybe steady Hawkin can make you a kernel to root it with Odin ....all you have to do is ask him he may do it
He may port cwm for you too don't hurt to ask
Sent from my SPH-D710 using xda premium
Click to expand...
Click to collapse
That would be great! Thanks for the advice, really appreciate it.
not working
from what I hear zergrush no longer works in 2.3.6. I tried manually installing but it fails on the USCC GS2 (SCH-R760)
[+] Found a GingerBread ! 0x00000118
[+] Found a Samsung, running Samsung mode
[*] Scooting ...
[*] Sleeping a bit (~40s)...
[*] Waking !
[*] Sending 149 zerglings ...
[*] Sleeping a bit (~40s)...
[*] Waking !
[*] Sending 189 zerglings ...
[-] Hellions with BLUE flames !
mostly working
So I tried it with my SCH-R760 SGS2 I was able to get root boot recovery. Having the FB14 kernel would make this a snap however the Epic 4g Touch is so close it mostly worked. I seem to have intermittent wifi problems but everything else appears to work without issue.
I got the kernel from step two WISHLINK:wiki.rootzwiki.com/index.php/Samsung_Epic_4G_Touch or directly WISHLINK:goo-inside.me/epic4gtouch/kernel/acs-eb30-clockwork-epic-touch-4g-sep-20-4-00-pm.tar
I tried sweet talking USCC, evidently I'm not as charming as I think I am they told me I'm screwed and don't yet have the re-image. However, the above has the phone working and rooted minus a few problems with wifi.
Good luck.
Margey said:
So I tried it with my SCH-R760 SGS2 I was able to get root boot recovery. Having the FB14 kernel would make this a snap however the Epic 4g Touch is so close it mostly worked. I seem to have intermittent wifi problems but everything else appears to work without issue.
I got the kernel from step two WISHLINK:wiki.rootzwiki.com/index.php/Samsung_Epic_4G_Touch or directly WISHLINK:goo-inside.me/epic4gtouch/kernel/acs-eb30-clockwork-epic-touch-4g-sep-20-4-00-pm.tar
I tried sweet talking USCC, evidently I'm not as charming as I think I am they told me I'm screwed and don't yet have the re-image. However, the above has the phone working and rooted minus a few problems with wifi.
Good luck.
Click to expand...
Click to collapse
If you can get the E4GT kernel to boot on your phone then just use it to install su onto your ROM (/system), then put back your original USCC kernel and you'll be rooted with everything working.
So basically if your adb shell has a "#" prompt, you can just use Auto Root Option A on your phone and install root onto your phone's ROM. Just ignore the zergrush status, even though it fails, the script is still smart enough to install root onto your rom in your situation.
Then to get your original kernel back, figure out which partition has the recovery.bin, which is an unused mirror of your original kernel/zImage.
In the case of E4GT, this is partition /dev/block/mmcblk0p6
To get the mirror of your zImage type the following in adb shell
Code:
cd /sdcard
dd if=/dev/block/mmcblk0p6 of=zImage bs=256 count=32765
Now it is very important that the partition you chose above is really the recovery.bin partition, otherwise the file you just created will essentially be junk and won't allow you to boot your phone (ie *IF* you installed it, your phone *would not boot*)
Assuming you had the correct partition, to install it as your running kernel, you can do
Code:
cd /sdcard
dd if=zImage of=/dev/block/mmcblk0p5 bs=256 count=32765
Please don't go jumping into this unless you fully understand what I suggested.
YOU CAN MAKE YOUR PHONE UNBOOTABLE IF YOU DO THINGS WRONG.
I don't have your phone and the partitions could be different, so I'm depending on you to figure out if things don't make sense.
If you are unsure, ask questions before doing anything.
While I'm just understanding partitions and the like I'm able to follow your instructions but the *IF* parts I'd like to question.
I have:
/dev/block/mmcblk0p6
and
/dev/block/mmcblk0p5
I'm not sure how this correlates to the recovery.bin unless it is apart of one of those files. So for the SCH-R760 with FB14 I'd be looking for how to verify this. I can easily run the suggested lines and looks like everything is there. However to get this far it's been several hours and I'm a bit gun shy as I have to work tomorrow and actually need my phone. Again thank you for the suggestions and help. I'm very close. Everything but wifi is working and very well.
did anyone try flashing the cwm from the touch. it should work because the mount points line up the same. if so i can finish the ics rom and give it to who ever is willing to try
---------- Post added at 09:13 PM ---------- Previous post was at 08:56 PM ----------
sfhub said:
If you can get the E4GT kernel to boot on your phone then just use it to install su onto your ROM (/system), then put back your original USCC kernel and you'll be rooted with everything working.
So basically if your adb shell has a "#" prompt, you can just use Auto Root Option A on your phone and install root onto your phone's ROM. Just ignore the zergrush status, even though it fails, the script is still smart enough to install root onto your rom in your situation.
Then to get your original kernel back, figure out which partition has the recovery.bin, which is an unused mirror of your original kernel/zImage.
In the case of E4GT, this is partition /dev/block/mmcblk0p6
To get the mirror of your zImage type the following in adb shell
Code:
cd /sdcard
dd if=/dev/block/mmcblk0p6 of=zImage bs=256 count=32765
Now it is very important that the partition you chose above is really the recovery.bin partition, otherwise the file you just created will essentially be junk and won't allow you to boot your phone (ie *IF* you installed it, your phone *would not boot*)
Assuming you had the correct partition, to install it as your running kernel, you can do
Code:
cd /sdcard
dd if=zImage of=/dev/block/mmcblk0p5 bs=256 count=32765
Please don't go jumping into this unless you fully understand what I suggested.
YOU CAN MAKE YOUR PHONE UNBOOTABLE IF YOU DO THINGS WRONG.
I don't have your phone and the partitions could be different, so I'm depending on you to figure out if things don't make sense.
If you are unsure, ask questions before doing anything.
Click to expand...
Click to collapse
Here is a mount print out of the sgs2 from uscc that i had someone give me.
http://pastebin.com/k0nXEcKt
---------- Post added at 09:19 PM ---------- Previous post was at 09:13 PM ----------
Can't they just odin flash or heimdall flash the kernel/recovery in, that would be easier, then they truly don't have to root the rom first.
ironfisted said:
Can't they just odin flash or heimdall flash the kernel/recovery in, that would be easier, then they truly don't have to root the rom first.
Click to expand...
Click to collapse
They already did that. That is why they have rooted adb through the kernel. The issue is they are using an Epic 4G Touch kernel which causes some things to not work on their phone. I am suggesting they install their root functionality in the ROM and restore their original USCC kernel/zImage.
Since (according to them) they don't have a package to return to stock, basically they don't have a kernel/zImage to flash in ODIN because it was never provided to them.
Their original kernel/zImage is gone because they flashed over it (presumably before backing it up). That is why I gave them instructions to pull the backup kernel/zImage. Once they do that, whether they install that zImage within Android or through ODIN is not really important. The important part is they get the correct partition to use to pull the backup from so that they have a valid kernel/zImage to flash.
---------- Post added at 09:55 PM ---------- Previous post was at 09:42 PM ----------
Margey said:
While I'm just understanding partitions and the like I'm able to follow your instructions but the *IF* parts I'd like to question.
I have:
/dev/block/mmcblk0p6
and
/dev/block/mmcblk0p5
I'm not sure how this correlates to the recovery.bin unless it is apart of one of those files. So for the SCH-R760 with FB14 I'd be looking for how to verify this. I can easily run the suggested lines and looks like everything is there. However to get this far it's been several hours and I'm a bit gun shy as I have to work tomorrow and actually need my phone. Again thank you for the suggestions and help. I'm very close. Everything but wifi is working and very well.
Click to expand...
Click to collapse
Based on the previous pastebin that was posted it looks like the partitions on the USCC GS2 line up with the Sprint E4GT so it should be safe to run what I suggested.
Both /dev/block/mmcblk0p5 and /dev/block/mmcblk0p6 are linux device files that map to partitions in your phone's EMMC memory.
mmcblk0p5 is labeled zImage (on Sprint) and mmcblk0p6 is labeled recovery.bin (on Sprint). They have the exact same contents. zImage is the kernel and recovery for your phone.
recovery.bin is not being used (on Sprint) so it basically ends up being a backup of your zImage/kernel. Since you overwrote your USCC zImage with the Sprint E4GT zImage (presumably before backing it up) you cannot recover the original from your phone using the partition assigned to zImage.
I am suggesting you retrieve your original zImage from what is essentially a backup in the partition labeled recovery.bin (mmcblk0p6). This can then be installed in your zImage partition (mmcblk0p5) either directly through Android or through ODIN.
Once you create the zImage file as above, keep a copy off your phone on your PC just in case.
The whole purpose of putting back your original USCC zImage/kernel is so all the features work again, but since your root was achieved through the kernel, putting back the original zImage/kernel would cause you to lose root. That is why I suggested, prior to putting back the original USCC kernel, you install persistent root inside your ROM (ie /system)
You can do that by running Auto Root - Option A and ignoring the Blue Hellions error. If your adb is rooted as you described above, Auto Root will still install persistent root in your ROM despite the failure of the zergrush exploit. Once you install the persistent root in your ROM, you can restore the original USCC kernel/zImage and still have root for your applications. You can confirm that Auto Root - Option A did its job by typing:
Code:
ls -l /system/xbin/su
and verifying su is there and it has the proper permissions. If you are unsure, post the output and I can confirm.
What didn't work? maybe its a matter of the rom difference that makes stuff not work. Just an idea. I was thinking of porting the ics rom over to the sgs2 for them.
ironfisted said:
What didn't work? maybe its a matter of the rom difference that makes stuff not work. Just an idea. I was thinking of porting the ics rom over to the sgs2 for them.
Click to expand...
Click to collapse
As mentioned by Margey's post, the wifi wasn't working well. wifi drivers are in the kernel. Margey installed just the kernel/recovery, not the ROM.
sfhub said:
As mentioned by Margey's post, the wifi wasn't working well. wifi drivers are in the kernel.
Click to expand...
Click to collapse
hmmm, so ics is still doable then. hmmmmmm
I just wanted to thank everyone for their help it is very much appreciated. I'm going to try what sfhub posted. I still have my stock kernel since I've been working and haven't had time to do anything. I will try and make a copy of my stock kernel. Can I push superuser into my rom using adb or do I need to flash the Epic 4G's kernel then push superuser and then flash my stock kernel back.
Sent from my SCH-R760 using xda premium
eureka
sfhub said:
They already did that. That is why they have rooted adb through the kernel. The issue is they are using an Epic 4G Touch kernel which causes some things to not work on their phone. I am suggesting they install their root functionality in the ROM and restore their original USCC kernel/zImage.
Since (according to them) they don't have a package to return to stock, basically they don't have a kernel/zImage to flash in ODIN because it was never provided to them.
Their original kernel/zImage is gone because they flashed over it (presumably before backing it up). That is why I gave them instructions to pull the backup kernel/zImage. Once they do that, whether they install that zImage within Android or through ODIN is not really important. The important part is they get the correct partition to use to pull the backup from so that they have a valid kernel/zImage to flash.
---------- Post added at 09:55 PM ---------- Previous post was at 09:42 PM ----------
Based on the previous pastebin that was posted it looks like the partitions on the USCC GS2 line up with the Sprint E4GT so it should be safe to run what I suggested.
Both /dev/block/mmcblk0p5 and /dev/block/mmcblk0p6 are linux device files that map to partitions in your phone's EMMC memory.
mmcblk0p5 is labeled zImage (on Sprint) and mmcblk0p6 is labeled recovery.bin (on Sprint). They have the exact same contents. zImage is the kernel and recovery for your phone.
recovery.bin is not being used (on Sprint) so it basically ends up being a backup of your zImage/kernel. Since you overwrote your USCC zImage with the Sprint E4GT zImage (presumably before backing it up) you cannot recover the original from your phone using the partition assigned to zImage.
I am suggesting you retrieve your original zImage from what is essentially a backup in the partition labeled recovery.bin (mmcblk0p6). This can then be installed in your zImage partition (mmcblk0p5) either directly through Android or through ODIN.
Once you create the zImage file as above, keep a copy off your phone on your PC just in case.
The whole purpose of putting back your original USCC zImage/kernel is so all the features work again, but since your root was achieved through the kernel, putting back the original zImage/kernel would cause you to lose root. That is why I suggested, prior to putting back the original USCC kernel, you install persistent root inside your ROM (ie /system)
You can do that by running Auto Root - Option A and ignoring the Blue Hellions error. If your adb is rooted as you described above, Auto Root will still install persistent root in your ROM despite the failure of the zergrush exploit. Once you install the persistent root in your ROM, you can restore the original USCC kernel/zImage and still have root for your applications. You can confirm that Auto Root - Option A did its job by typing:
Code:
ls -l /system/xbin/su
and verifying su is there and it has the proper permissions. If you are unsure, post the output and I can confirm.
Click to expand...
Click to collapse
I doubled checked su, good. Re-ran the image per your suggestion, all good. I have wifi, I have 3G, I have phone and I have root and CWM.
Thank you.
I have been trying to use the auto-root method after installing the recovery kernel and it keeps saying waiting for device to connect? How can I get it to see my device?
themac79 said:
I have been trying to use the auto-root method after installing the recovery kernel and it keeps saying waiting for device to connect? How can I get it to see my device?
Click to expand...
Click to collapse
You can actually just copy the files to your sdcard and run the script by hand, but the specific reason it is waiting for your phone is because ADB cannot see your phone.
That might be because you haven't enabled USB debugging. It might be because of driver problem. It could be because your ##8778# setting is incorrect.
Have you ever been able to use "adb" with your phone?
sfhub said:
You can actually just copy the files to your sdcard and run the script by hand, but the specific reason it is waiting for your phone is because ADB cannot see your phone.
That might be because you haven't enabled USB debugging. It might be because of driver problem. It could be because your ##8778# setting is incorrect.
Have you ever been able to use "adb" with your phone?
Click to expand...
Click to collapse
I finally got it, the problem was I was missing a driver for my phone. Now I'm trying to make a copy of my stock kernel using your instructions but for some reason when I type cd /sdcard it says it can't find the path specified. It shows my device listed, I don't know what I'm doing wrong? Wait..do you mean to use my phone to make a copy?
themac79 said:
I finally got it, the problem was I was missing a driver for my phone. Now I'm trying to make a copy of my stock kernel using your instructions but for some reason when I type cd /sdcard it says it can't find the path specified. It shows my device listed, I don't know what I'm doing wrong?
Click to expand...
Click to collapse
Are you doing that from an "adb shell"?
You can replace with "cd /data/local/tmp", it can really be any directory where you have write permissions.
If you want to be more bold, you can skip the step of creating a zImage file and write directly from the recovery.bin partition into the zImage partition. The zImage file is nice because if you screw things up and your phone won't boot, you can still use ODIN to flash the zImage (assuming you moved it to your PC)
Code:
dd if=/dev/block/mmcblk0p6 of=/dev/block/mmcblk0p5 bs=256 count=32765

[OBSOLETE THREAD] Rooting LG G4S (H735)

[OBSOLETE THREAD]
This thread is obsolete. A solution was found, which is posted here:
http://forum.xda-developers.com/g4/help/method-to-root-lg-g4s-model-h735-lg-g4-t3248030
Please use the new thread for discussions.
------------------------
Original thread:
------------------------
Hi,
I have been trying to root the LG G4S (H735), also known as "LG G4 Beat".
I tried two things:
Approach 1
I tried the method posted by konsolen in this thread:
http://forum.xda-developers.com/g4/general/lg-g4s-world-root-lg-devices-t3231759
but it didn't work for me. I tried several times with varying approaches, but the boot process always gets stuck on the LG logo.
Approach 2
I also tried to inject the root as suggested in this thread for the G4:
http://forum.xda-developers.com/g4/help/rooting-lg-h735-g4-beat-t3192491
I've used the Inject_Root_G4.zip from this link, which I believe is the same shared elsewhere:
https://mega.nz/#!BIxUzbqI!nt2YnGnGQlSiBQ-Ar-c-q7oDMIEsg6xd0Kmek-q0clg
And I get the same problem - stuck on the LG logo when booting.
For anyone who wants to reproduce Approach 2 to maybe find a solution:
1. Start up LGFlashTool2014. You can follow instructions in thread by konsolen (see Approach 1 above). You can use his .kdz file as well. Important: Pull out your USB cable as soon as the green letters COMX (with a number instead of X) appear on the phone. My flashtool actually didn't display the progress percentage, but apparently this at 9%. It doesn't matter if you don't see the percentage though, I've verified with this KDZ image that if you pull the cable at the very moment the green letters appear, nothing is corrupted. The phone will still display 0%. Leave it as it is after you unplugged the cable.
2. Kill your flash tool with the windows task manager. After it closed, you can plug the phone back in and open a windows command line in the folder where your Send_Command.exe is (you can download the package in konsolen's instructions which contains Send_Command.exe as well).
3. Open the console to your phone with
Code:
Send_Command.exe \\.\COMX.
(with your number instead of X)
You will have to do steps 1-3 every time you want to get this console, for example to run all the dd commands below.
4. Calculate the dd parameters and backup your system partition into a .img file. There is an excellent guide by dominik-p for how to determine your individual dd parameters:
http://forum.xda-developers.com/g4/help/how-to-determine-dd-parameters-lg-g4-t3184867
5. Keep a copy of your system.img somewhere safe, you can use it to restore your system if something goes wrong. So don't use this original in the next steps!
6. Copy the .img file to a linux system and mount it. I'm guessing who is trying this knows how to do this. Anything you change in the folder you mounted the image on, will be saved in the image. You can then use this updated image to overwrite your original system partition, again with dd (as described in the thread by dominik-p) using your parameters. So here's the crucial bit: You get root access to your system files via linux. When you know the right things to mess with, you can root your phone with the updated image. Injecting the root as done in step 8 is one way to change the system on the G4 in order to root it.
7. [Optional] If you are new to this, you may want to do a simple test before you continue.
Create a testfile (test.txt) on the mounted system partition. Then copy the .img file back to your phone and try to "dd" it back over your system partition.
Then, check if you see the test file on your system partition -- you may have to reboot the phone after the dd command (and log back in with Send_Command.exe) in order to see the updates.
8. Inject root with the Inject_Root_G4.zip on the mounted folder of the image on your linux system. You can follow instructions (Step 2) here:
http://forum.xda-developers.com/g4/general/lg-g4-100-root-success-directives-root-t3180586
9. Copy the new img file to your phone and "dd" it over your system partition, using your own dd parameters.
10. Reboot the phone (you can also just type LEAVE in the Send_Command.exe console).
Now, it should be rooted - if it worked for you!
If it worked for you, that's great. It didn't for me, it got stuck on the LG logo in the boot process again. So I had to write my original system.img back onto my system partition to get the phone back.
I did get the following errors in Step 8 above, though I did try anyway to use the resulting image. The errors may have something to do with my problem, but it may also be because the inject root is for the G4, not the G4s.
Code:
sudo ./autoroot.sh
cp: cannot create regular file ‘operatingtable/lib64/libsupol.so’: No such file or directory
chmod: cannot access ‘operatingtable/lib64/libsupol.so’: No such file or directory
chcon: cannot access ‘operatingtable/lib64/libsupol.so’: No such file or directory
chmod: cannot access ‘operatingtable/bin/app_process64_original’: No such file or directory
chcon: cannot access ‘operatingtable/bin/app_process64_original’: No such file or directory
chmod: cannot access ‘operatingtable/bin/app_process_init’: No such file or directory
chcon: cannot access ‘operatingtable/bin/app_process_init’: No such file or directory
If anyone finds a solution to this, or has any ideas what could be tried, I would be very interested to hear it. I'm new to rooting phones and don't have much experience beyond what I did in the last days.
Cheers
Jennifer
jen.magnolis said:
4. Calculate the dd parameters and backup your system partition into a .img file. There is an excellent guide by @dominik-p for how to determine your individual dd parameters:
http://forum.xda-developers.com/g4/help/how-to-determine-dd-parameters-lg-g4-t3184867
Click to expand...
Click to collapse
Happy that my guide has helped you
As I said here:
http://forum.xda-developers.com/g4/help/rooting-lg-h735-g4-beat-t3192491/page5
Everyone who is interested to inject root must edit the autoroot.sh from the inject.zip and use the correct files from SuperSU
More information about the files:
https://su.chainfire.eu
Maybe you have to use other files. Not the files from the inject.zip
Download the Update-SuperSU zip from http://download.chainfire.eu/supersu
Copy the files you need to the "su" folder of the extracted inject.zip
For information which files are needed read the "update-binary" file from the SuperSU zip.
(located here META-INF/com/google/android/update-binary)
Good luck everyone :good:
Thanks again for the links! I'll try again soon, when I get time for it, and report the results here
By the way, here's the ls -lR of my system.
Ok, no problem, take your time.
I've got also lot of other work to do...
I just read your system.txt (thanks)
According to these lines:
Code:
lrwxr-xr-x. 1 root 2000 13 Aug 24 02:05 app_process -> app_process32
-rwxr-xr-x. 1 root 2000 13588 Aug 24 02:05 app_process32
It seems that the firmware is 32 bit.
More info about your firmware is in /system/build.prop
So you have to take the right lines from update-binary and copy them and edit the autoroot.sh
Please don't ask me which lines. It's a bit difficult... (you have to understand the logic in update-binary)
Then copy the files from the right folder (arm?) to the "su" folder.
Sorry. I'm out now here for the next time. I have a H815 and happy with it.
I think you will find the solution. :good:
Custom Recoverys
Hi All
Are there any custom recovery's for the G4 beat/G4s
Thanks
Thanks dominik-p for your help. Good luck with your other work, don't worry I won't distract you with asking questions You already helped a lot.
benji5688, you can check for official firmware (.kdz file) on this link, pasting your IMEI instead of YOUR-IMEI in the link below.
http://csmg.lgmobile.com:9002/csmg/b2c/client/auth_model_check2.jsp?esn=YOUR-IMEI
I did not find any for mine there, but I did find it on
http://devtester.ro/projects/lg-firmwares/
Which brought me to this link where I could find mine:
http://pkg02.azure.gdms.lge.com/dn/downloader.dev?fileKey=FW703UV132GQAUP7A0ED99N/H73510c_00.kdz
but you should look for your specific model.
jen.magnolis said:
Hi,
I have been trying to root the LG G4S (H735), also known as "LG G4 Beat".
I tried two things:
Click to expand...
Click to collapse
LOL
I did the exact same thing as you, and really the EXACT, I also contacted dominik-p for the same problem you got with the bs. LOL
Was about to do the same thing you did here too just told that to dominik-p lol.
You post is great, well detailled. Hope someone found something
But got something different. my phone is the LGH731 LG G4 Vigor from Videotron in Canada.
If someone need files or system.img LINK
That's not the exact same thing as the post owner but i'm pretty sure the root method will be. (DON'T use this system.img to inject in you H735) it's from a H731 and they don't have the same partition size.
Ha, that's funny, and you got the same problem of course (frozen logo boot).
We will find a solution. It's just a matter of time. I'm a bit pressed for work in the next days but I'll get back into it around mid week. I think the main problem was, as I suspected and also as dominik-p pointed out, we've been using the wrong inject files. And the G4s is 32 bit so obviously it won't work with 64 bit libs.
First thing I'll try is using the other files from the link dominik-p shared. I'll also read the guide and try to understand which files need to be changed to gain root access in general, i.e. learn the basics of how to root. Then I think/hope I'll be able to fix this. And finally get to move all my stuff onto SD and get my storage back
Meanwhile, if you get any new results, let me know.
Cheers
jen.magnolis said:
Ha, that's funny, and you got the same problem of course (frozen logo boot).
We will find a solution. It's just a matter of time. I'm a bit pressed for work in the next days but I'll get back into it around mid week. I think the main problem was, as I suspected and also as dominik-p pointed out, we've been using the wrong inject files. And the G4s is 32 bit so obviously it won't work with 64 bit libs.
First thing I'll try is using the other files from the link dominik-p shared. I'll also read the guide and try to understand which files need to be changed to gain root access in general, i.e. learn the basics of how to root. Then I think/hope I'll be able to fix this. And finally get to move all my stuff onto SD and get my storage back
Meanwhile, if you get any new results, let me know.
Cheers
Click to expand...
Click to collapse
Yes i'm trying this today (the 32-64 bits thing)
Custom recovery
What does this file do though?
Is it a custom recovery or is it the stock rom?
Thanks Benji
benji5688 said:
What does this file do though?
Is it a custom recovery or is it the stock rom?
Thanks Benji
Click to expand...
Click to collapse
It's the stock ROM. It can be used for recovery, depending what your problem is. If you destroyed your ROM by trying to root, you can recover with this.
If you mess with something in your system partition (where the Android OS is installed), you'd need a copy of your individual system partition (like a "backup") to restore. This highly depends on your phone/version, so you have to do this backup yourself. You can follow the instructions with the dd parameters, linked to from the main thread.
Are there any custom recoverys
Hi
Are there any custom recovery available, I want to get Xposed.
Can anyone make one?
Thanks for all the help
benji5688 said:
Hi
Are there any custom recovery available, I want to get Xposed.
Can anyone make one?
Thanks for all the help
Click to expand...
Click to collapse
I far as I know to get Xposed you need to be rooted... Well there is no root method availaible, well you can try the methods that Jen explained here but I doubt they will work... if yes, you lucky ****
Is the g4s running marshmallow? Is so you would need to use a compatible su install.
Sent from my VS986 using XDA Free mobile app
larsdennert said:
Is the g4s running marshmallow? Is so you would need to use a compatible su install.
Sent from my VS986 using XDA Free mobile app
Click to expand...
Click to collapse
No the problem is really just changing the 64 bits command to make then use the 32 bits ones
I manage everything except this one
Code:
chcon --reference=operatingtable/bin/app_process32 operatingtable/bin/app_process64_original
I agree with xsteacy, this will most likely not work, that's why we opened this discussion
We just have to find the right files to use (instead of the 64 bit ones).
I will get back onto the subject by Wednesday when I have time.
I solved it! My phone is rooted
I asked someone to test my script before I post the results. Hang on there, tomorrow I'll post the solution.
Good times!
jen.magnolis said:
I solved it! My phone is rooted
I asked someone to test my script before I post the results. Hang on there, tomorrow I'll post the solution.
Good times!
Click to expand...
Click to collapse
0.0 OH!?
Ok I'm putting it out there for others to test as well.
Please report if it worked so I can take this into account before updating the main thread instructions.
In the attached .zip file there is a README with instructions.
Note: Thanks goes to @konsolen who shared instructions on how to open the COM port on the H735.
The script in konsolens post is essentially the upater-binary script of the SuperSU package, but with a few modifications.
That may have been necessary on konsolens phone, but it didn't work on mine. For me, using the original script worked.
However, the zip file has to be extracted manually with busybox before the updater-binary script is started. I am not
sure if busybox absolutely needs to be in the /sbin folder, but that's where I saw elsewhere that it belonged, so
I moved it over there in my script. I haven't tested this with busybox being elsewhere.
Thanks goes also to @dominik-p for sharing the link to excellent documentation and for his instructions on how
to make a backup (with dd) of your system, in case anything goes wrong.
UPDATE: I did all commands in root_lgh375.sh manually when I found it already worked, so please report if all is good with the script, but I think it should be, it only does what I did manually.
Congratulations @jen.magnolis
Well done

Bootlooping, trying to get back to stock, deuces not working, log attached.

Hello guys,
I have been trying to get this to work on my own for a while now. I am trying to use deuces script and it is not working for the life of me. I have formatted user data entirely and killed all encryption. I have tried to install the factory image numerous times and numerous ways but nothing seems to be working. I have tried to use deuces script, from fastboot and it isnt working (log attached).
Here is what is currently going on and the current setup. No ROM installed currently (I do not believe). Device is UNLOCKED. TWRP is installed, version 3.3, latest version.
I can get into fastboot and the computer can see fastboot with fastboot devices command.
I can get into recovery from the device, which is TWRP. I can sideload things from there and run any commands that twrp can natively run.
I can NOT get deuces script to run with either the latest android 9 factory image, or the latest android 10 image.
I am putting all of the factory image files, unzipped, in the platform tools folder, along with the deuces script files in the same folder... then running the script. It is kicking back an error, which is attached as an image.
Additionally the log is attached as well.
ANY insight on how to get my phone back to stock would be great. Really getting anything installed on it would be great at this point, currently I can only get to fastboot and recovery.
Thank you so much!
Try a different cable or USB port if you haven't already.
Also you can try putting everything into C:\platform-tools, instead of having everything a few directories deep.
All my files just get extracted into C:\platform-tools
ilal2ielli said:
Try a different cable or USB port if you haven't already.
Also you can try putting everything into C:\platform-tools, instead of having everything a few directories deep.
All my files just get extracted into C:\platform-tools
Click to expand...
Click to collapse
I always do the same thing with good results!
Sent from my Pixel 2 XL using XDA Labs
wdarea51 said:
Hello guys,
I have been trying to get this to work on my own for a while now. I am trying to use deuces script and it is not working for the life of me. I have formatted user data entirely and killed all encryption. I have tried to install the factory image numerous times and numerous ways but nothing seems to be working. I have tried to use deuces script, from fastboot and it isnt working (log attached).
Here is what is currently going on and the current setup. No ROM installed currently (I do not believe). Device is UNLOCKED. TWRP is installed, version 3.3, latest version.
I can get into fastboot and the computer can see fastboot with fastboot devices command.
I can get into recovery from the device, which is TWRP. I can sideload things from there and run any commands that twrp can natively run.
I can NOT get deuces script to run with either the latest android 9 factory image, or the latest android 10 image.
I am putting all of the factory image files, unzipped, in the platform tools folder, along with the deuces script files in the same folder... then running the script. It is kicking back an error, which is attached as an image.
Additionally the log is attached as well.
ANY insight on how to get my phone back to stock would be great. Really getting anything installed on it would be great at this point, currently I can only get to fastboot and recovery.
Thank you so much!
Click to expand...
Click to collapse
Do it without unzipping the factory image. The script unzips it itself and you're causing an error by doing it for it.
Title
Forget about recovery and unzipping files or scripts.
If you xan boot into the bootloader google gives you precise instructions to follow to just flash everything executing flashall.bat here: developers.google(dot)com/android/images.
If you followed the exact steps and it's not working show the full final terminal output to help you.
JuanG2 said:
Forget about recovery and unzipping files or scripts.
If you xan boot into the bootloader google gives you precise instructions to follow to just flash everything executing flashall.bat here: developers.google(dot)com/android/images.
If you followed the exact steps and it's not working show the full final terminal output to help you.
Click to expand...
Click to collapse
Just for reference, dueces script is use 99% of the time AFTER Google's flash-all.bat had failed to give the desired results. Not saying this is the case here but it is a likely reality.
Sent from my Pixel 2 XL using XDA Labs
CyberpodS2 said:
Just for reference, dueces script is use 99% of the time AFTER Google's flash-all.bat had failed to give the desired results. Not saying this is the case here but it is a likely reality.
Sent from my Pixel 2 XL using XDA Labs
Click to expand...
Click to collapse
I (myself *my opinion*) really wouldn't use that script becouse it's just an incredibly verbose way of forcing the flashing of the images and it's way more tedious to find errors using it.
If google's flash-all script is not working it should be analized why as it only is running 5 fastboot commands to flash all the images and if the phone can't run fastboot commands it's somewhat worring.
In his case the script can be failing for a million reasons like the script cant create the work directory to unzip the factory zip becouse it's only for admin use, or maybe has conflicts of directories, can also not be using an appropiate file for it as the naming scheme does not make sense. In any case the problem here is with the way the dueces script is decompressing the .zip as it can't find the image.zip when it's allocated to the variable here: $imgzipname = (Get-ChildItem _work/*/*.zip).fullname.
This script code is really not prepared to correct it self and is not great, HOWEVER it should work without much of a problem if no naming scheme of the images, partitions, directories changes or so I understand why people use it when they really screw something up.
---------- Post added at 09:30 AM ---------- Previous post was at 09:06 AM ----------
JuanG2 said:
I (myself *my opinion*) really wouldn't use that script becouse it's just an incredibly verbose way of forcing the flashing of the images and it's way more tedious to find errors using it.
If google's flash-all script is not working it should be analized why as it only is running 5 fastboot commands to flash all the images and if the phone can't run fastboot commands it's somewhat worring.
In his case the script can be failing for a million reasons like the script cant create the work directory to unzip the factory zip becouse it's only for admin use, or maybe has conflicts of directories, can also not be using an appropiate file for it as the naming scheme does not make sense. In any case the problem here is with the way the dueces script is decompressing the .zip as it can't find the image.zip when it's allocated to the variable here: $imgzipname = (Get-ChildItem _work/*/*.zip).fullname.
This script code is really not prepared to correct it self and is not great, HOWEVER it should work without much of a problem if no naming scheme of the images, partitions, directories changes or so I understand why people use it when they really screw something up.
Click to expand...
Click to collapse
Actually I just realized why the script is not working for you. You are running it against the incorrect file. You shouldn't be running it against the images.zip that's inside of the factory.zip but rather to the factory.zip itself don't unzip it, just paste the whole zip downloaded from developers.google.com and run the script against it.

Categories

Resources