Post-mortem Android device decryption - Upgrading, Modifying and Unlocking

If you ever run into trouble and can't decrypt your phone, but still have the image and password of the encrypted file system, you can use this tool to mount the encrypted file system on your PC.
My i9300 display and touchscreen broke, but I managed to dump /dev/block/mmcblk0p12 via recovery. This partition contains the encrypted /data file system on my device.
So I took the AOSP code and wrapped a small command line tool around it to decrypt and mount the device on Linux.
I hope this is useful and that this is the right forum for such things.

Related

[Tools/Recovery] TWRP for LG Optimus F3Q

TWRP Recovery for the LG F3Q (codenames: fx3q, d520)
Background story (who ever wants to know):
As I'm currently testing around with flashing etc I hated it to re-flash the stock ROM again and again. It is sooo time consuming..
In that kind of ROM compiling learning process I also was able to build a working TWRP recovery for the LG F3Q so that was such a good feeling But as said the caveat was that because of the locked bootloader we can reach TWRP (or CWM) only when executing "adb reboot recovery" from the running system. That was not really satisfying me though..
Some day I've done a factory reset and well I saw that this is starting my TWRP recovery when executing it! Well it isn't such a surprise as TWRP sits on the recovery partition and will be triggered by the factory reset script but... well do you think what I think? When it would be possible to start TWRP fully and not that factory reset part of TWRP than we would have a workaround to reach the recovery mode without booting the system (which is in fact not possible anymore when flashing of system.img/boot.img fails)
That said.. I was in touch with the TWRP developers bigbiff and Dees_Troy and many thanks for the hint they gave me! I have build a new TWRP version based on that information I got and well the idea of that is:
Vol Down + Power -> LG Factory Reset screen appears
Confirming with power 2 times as asked
Voila: No factory reset anymore but TWRP is here!
Well that will have a caveat - READ CAREFULLY:
As you may think of the factory reset in the boot-up process and within the ROM will not working anymore until you flash another recovery!
But if you know that it is not such a caveat because you can choose the wipe options within TWRP to do a "manual" factory reset.
v2.8.1.0 build 5
USE THAT ON YOUR OWN RISK! BACKUP BEFORE!
Working (quickly tested):
Install (to flash a custom Kernel)
Mounting partitions
Reboot Recovery | System
adb shell (also see known issues)
Backup (compressed | uncompressed | encrypted (!) | unencrypted)
Restore (unencrypted | encypted (!) | compressed | uncompressed)
Internal storage /data/media
MTP which mounts the external storage!
File Manager
Terminal Command
Power charging while in TWRP
Displaying CPU temp
Totally untested:
WIPE (should work)
decrypting /data (but should work as it do so for encrypted backups already)
Every option which is not stated as "Known issue" or "Working"
Known issues (with workarounds):
ADB works only when screen "timed out" (manual locking does not help it must time out) therefore ADB can take up to 1 minute after boot until it becomes available (because screen need to be timed out first)
Workaround: set the time limit in the screen menu to e.g. 10 sec (that is the default value for now)
Timezone is not set correctly (that seems to be a well known bug in several devices using TWRP.... )
Workaround: set a timezone which displays the most accurate timezone
Known issues (without workarounds):
When you use the "Power Off" option in the "Reboot" menu the device will reboot instead of powering off
Wiping /data not possible after "factory reset buttons" used. You need to choose "wipe" and then "format data" manually (or use mke2fs on CLI).
Vibration is not working (I will not fix that atm because I like it that way)
Hardware keys at bottom doesn't work
If you use the factory reset button /data partition will be inaccessible and need to be re-flashed (means you will LOOSE your app and system configs when you use factore reset)
Download:
Attached you will find the TWRP v2.8.1.0 version ready to use even with locked bootloader:
BACKUP EVERYTHING BEFORE USING THIS. USE AT YOUR OWN RISK!
DD Image file:twrp_v2.8.1.0_build5_fx3q_FR-OFF.img.zip = FactoryReset is disabled / TWRP will be loaded instead (also see known issues)
Read the Installation & Usage instructions in this thread on how to install that file.
Installation & Usage instructions
Pre-Requirements
Read the FAQ
YOU NEED ROOT! (check FAQ)
YOU SHOULD do a NANDroid BACKUP! (check FAQ)
You need to boot up, enable USB debugging and then connect USB cable.(check FAQ get ROOT - the link contains a guide on that)
You better doing a NANDroid backup right? (I mentioned that before - but DO it! NOW!)
For the best usage experience install the sediKERNEL or use joel's debloated stock ROM which includes it already
Bulletproof Method 1: "the average user"
Use this guide if you simply want to install & use TWRP like it should be. If you're unsure use this guide!
Install:
Download the TWRP recovery file and unzip it
copy it to your device (e.g. adb push or simply copy & paste by your file browser)
Download the loki_tool (https://github.com/djrbliss/loki/raw/master/bin/loki_tool)
copy loki_tool to your device (e.g. adb push or simply copy & paste by your file browser)
execute:
adb shell
su (you may need to grant permission)
mount -oremount,rw /system
cp /PATH-WHERE-YOU-COPIED/loki_tool /system/bin/ && chmod 755 /system/bin/loki_tool
loki_tool flash recovery /PATH-WHERE-YOU-COPIED/twrp_X.X.X.X_recovery_FRoff/off.img
reboot recovery --> you should see the TWRP screen
Usage (sediKERNEL v2.0 or higher installed):
Power on the device
when you see the LG logo the first time do NOTHING!!
When the screen goes black THEN press Volume UP + Volume DOWN. Both the same time and hold them pressed.
Release the buttons when the screen goes black again
Wait. You will see the LG logo a third time and then you will see the recovery screen!
If you see a kernel crash then you have pressed the magic keys too early! Read and follow the above steps carefully and you should be fine.
Usage (without sediKERNEL v2.0 or higher):
boot into your ROM
execute "adb reboot recovery" from your PC or open a Terminal on your device and execute "su" then "reboot recovery"
Bulletproof Method 2: "developers only"
This is the developers preferred way of installing TWRP. It ensures that even when your ROM or Kernel gets damaged that you still be able to boot into recovery. This is to the developers or heavy testers who are knowing what they do ONLY!
But even when you think this is for you: Read the important hint at the end before deciding if you want to choose this method.
Install:
flash recovery image to your RECOVERY partition:
adb shell su -c dd if=/storage/external_SD/twrp_vXXXXX_fx3q_FR-OFF.img of=/dev/block/platform/msm_sdcc.1/by-name/recovery
adb reboot recovery
A user reports the the by-name does not worked for him but this one:
adb shell su -c dd if=/storage/external_SD/twrp_vXXXXX_fx3q_FR-OFF.img of=/dev/block/mmcblk0p17
-> If you can see TWRP now everything is fine - Otherwise DO NOT continue!
BACKUP YOUR WHOLE DEVICE NOW! I highly recommend to backup everything except /data from within TWRP because it is easy and works (from TWRP v2.8build5 or higher)
BACKUP /data is recommended to be done NOW and this way:
adb shell su -c dd if=/dev/block/platform/msm_sdcc.1/by-name/userdata of=/external_sd/userdata_backup_stock.img
--> This can take a long while but it contains also the backup for the internal storage not only /data and that internal part is not backupable over TWRP
while in TWRP flash the same recovery image to your BOOT partition now (do not think that this is dangerous. The boot partition is not a magic thing or so it is only the partition which will be started from the bootloader thats all about it. So yes you can install a recovery image on the boot partition without any harm.):
adb shell su -c dd if=/external_sd/twrp_vXXXXX_fx3q_FR-OFF.img.loki of=/dev/block/platform/msm_sdcc.1/by-name/boot
watch carefully that the process ended without errors and that the size is exactly the same as it should be (about 1,3GB)
adb shell sync
power off the device by taken out the battery (do not use reboot or something we want to be sure that the next step is absolutely really the normal boot up)
Boot up normally --> you should see TWRP !! You're NOT in recovery mode you're booting the normal boot mode!
Go on with flashing the sediKERNEL into your RECOVERY partition:
Download the sediKERNEL from here (the stock one could work, too but never tested ...)
push it to your device with adb or MTP (since v2.8build5)
Flash the sediKERNEL to your RECOVERY partition:
adb shell su -c dd if=/external_sd/sediKERNEL_JB-vXXXX.img of=/dev/block/platform/msm_sdcc.1/by-name/recovery
Reboot into Recovery by using TWRP GUI or by executing "adb reboot recovery"
Your ROM will boot.
Usage:
From now on every time your device booting up you will see the TWRP screen and need to choose Reboot-->Recovery to boot your ROM.
This is the absolute best way to use TWRP if you want to be sure that you will reach the recovery even when your ROM gets damaged and is confirmed to work very well (as always guarantees are not available )
Important hint:
Be sure that you keep in mind that from now on your recovery and boot partition are not the same anymore (you can always revert back to the normal behaviour, of course!). So if you want to flash a kernel image you need to ensure that it goes to the RECOVERY partition instead of the normal BOOT partition (because on boot partition is TWRP now).
If I got my ROM working I will definitively add an option to the installer where this will be ensured and I asked @joel.maxuel for his stock ROM to add that, too. As for now we are the only ones who are developing for the F3Q so you should be save enough atm but you will need to keep that always in mind when you want to replace the kernel and/or ROM.
What would happen if you forget about that? Well nothing really bad because when you install a kernel or ROM the boot image partition simply gets overwritten and that means only that your TWRP is not there anymore but the system will boot (if the new kernel/ROM is not buggy or damaged). You then could install TWRP by method 1 or using method 2 by using the boot image/Kernel you want to install.
Damage your device - booting (NOT RECOMMENDED will loose /data ):
You probably NEVER want to use this method. It is here for reference only.
I highly recommend to choose one of the above bulletproof versions instead of this one because it WILL damage /data and you need to restore that whole partition afterwards.
All my tests has shown that this comes not from TWRP (in one of my tests I disabled everything in the sourcecode of TWRP which wipes /data) but coming from LG itself. The factory reset button/option do something with the /data partition sturucture and afterwards you cannot use that anymore. I also tried to restore the partition info by trying all backup superblocks but that doesn't worked. No backup superblock is accessible.
Restoring them by mke2fs and e2fsck does not work unfortunately.. (mke2fs -S /dev/block/platform/msm_sdcc.1/by-name/userdata && e2fsck -yf /dev/block/platform/msm_sdcc.1/by-name/userdata)
So if you have loosed your /data and/or internal storage you need to have a DD imaged backup near.
Install:
same as for "Bulletproof Method 1" above
Usage:
When you choosen FR-OFF then TWRP will be able to start without booting up the whole system (also see known issues):
Power Off the device (remove battery)
Vol Down + Power --> Then put the battery back --> LG Factory Reset screen appears
Confirming with power button 2 times as asked - if you downloaded and flashed the FRoff version of TWRP it will NOT open the normal reset procedure but /data and the internal storage are not accessible afterwards (read above about the details). That means your app configs and systems configs get lost that way. You have been warned!
Voila: No (full) factory reset anymore but TWRP is here when you have damaged your ROM or for some dev approach
If you want the factory reset back simply choose the file twrp_2.7.1.0_recovery_FRon.img.lok and follow the above instructions. Afterwards you will have TWRP but it will be reachable only when you execute "adb reboot recovery" from the running system.
XDA:DevDB Information
sediTWRP for LG Optimus F3Q, Tool/Utility for the General Discussion
Contributors
xdajog
Source Code: https://github.com/xdajog/bootable_recovery_twrp_fx3q
Version Information
Status: Stable
Current Stable Version: v2.8.1.0 build 5
Stable Release Date: 2014-11-18
Created 2015-05-19
Last Updated 2015-07-20
FAQ
Frequently Asked Questions (FAQ)
What is that "adb" thing?
adb stands for: Android Debug Bridge and can help a lot when it comes to work with your device. It is not for developers only but they use it a lot of course.
But a normal user can use this to exchange files without the need of mounting, backing up the device, reboot the device and use it as a very comfortable way of having a terminal emulator.
Normally adb itself is not available as a standalone application - it comes with the Android SDK which is very big and heavy if you want to use adb and/or fastboot (another great tool) only.
But we live in a great world with many people wanting to make things easy so here you go when you want/need only adb and fastboot:
download & install adb at lifehacker
(Direct link for Windows users: Go to easy ADB install thread)
How to get root for the F3Q?
Here is the tool and guide: Saferoot
[*]What is a "nandroid" backup?
nandroid means essentially: "a full image of all your partitions" so it is a full snapshot of your ROM including all your apps and contents.
The name NANDroid is a portmanteau of "NAND" (as in Flash memory - NAND flash) and "Android." (Source)
[*]How to create a "nandroid" backup?
(See above for the meaning of "nandroid backup")
You have several options on how to do that.
The normal and absolutely recommended way is to do that "offline" (from within recovery mode) but you can also do it "online" (while Android is running).
.
Offline nandroid backup by using TWRP recovery: Guide
If you have no custom recovery installed read on.
.
Online nandroid backup:
by using an app:
There is 1 (known to me) "online" nandroid backup tool available which will backup from within your running Android: PlayStore.
I tested it and still using it since a while and I really like it but I would not fully resist on it.
I had no problems backing up but sometimes an app is lost when restoring. This may have been fixed but well it is like imaging a running Windows or Linux system:
Do not do it online if you can - it may/will work but there could be problems/inconsistencies later!!
If you never made a nandroid before doing it online will not harm anything and should be your first start. So install the Online Nandroid backup tool and begin.
Check out this guide for some hints: Guide
(If you like the Android app do not hesitate to buy the unlock key to support the developer!)
by using commandline tools:
First of all you need "adb" installed (check out the FAQ answer number 1 above).
Then you need someone who is telling you the device partition table and you need a big sized SD card to hold the images.
The reason is that you will use a special command named "dd" which images the whole partition (not the content only!).
dd is a VERY dangerous tool because if you use it wrong your device may get bricked so it is essential that you are using the
correct command and check that twice!
Check out the next FAQ on how to do this for the F3Q.
[*]How to create a "nandroid" backup for the F3Q - WITHOUT having a custom recovery?
The whole process will take a big amount of time but it is worth to follow each step including the md5sum checks at the end.
Please read the previous FAQ first because there you will find more information about background and other options you may have.
Ensure you have a SD card inserted which is big enough and having enough free space available (4GB at least! I recommend at least 8 GB but this depends on the size of your current data partition. A completely stock ROM with nothing installed and unused will need 3 GB space).
.
Install "adb" on your pc (check out the FAQ #1 above).
root your device (check out FAQ #2 above)
connect with adb to your (running) F3Q:
adb shell
(you should see a prompt)
su
(you need to grant permission if you haven't yet)
Then backup your current ROM and data:
dd if=/dev/block/platform/msm_sdcc.1/by-name/system of=/storage/external_SD/system.2015-07-20.img
dd if=/dev/block/platform/msm_sdcc.1/by-name/boot of=/storage/external_SD/boot.2015-07-20.img
dd if=/dev/block/platform/msm_sdcc.1/by-name/userdata of=/storage/external_SD/userdata.2015-07-20.img
dd if=/dev/block/platform/msm_sdcc.1/by-name/recovery of=/storage/external_SD/recovery.2015-07-20.img
# If you never backed up your EFS you really should do that once:
dd if=/dev/block/platform/msm_sdcc.1/by-name/modemst1 of=/storage/external_SD/modemst1.img
dd if=/dev/block/platform/msm_sdcc.1/by-name/modemst2 of=/storage/external_SD/modemst2.img
Click to expand...
Click to collapse
Just to be sure you can do an online backup now, too ( Guide ) Online Nandroid backup App
.
copy the backup(s) to your device (connect USB cable - open your external storage and drag&drop) <--- DO NOT SKIP THIS STEP!!!! It is absolutely essential!
Check your copy on your device:
md5sum /storage/external_SD/system.2015-07-20.img
md5sum /storage/external_SD/boot.2015-07-20.img
md5sum /storage/external_SD/userdata.2015-07-20.img
md5sum /storage/external_SD/recovery.2015-07-20.img
md5sum /storage/external_SD/modemst1.img
md5sum /storage/external_SD/modemst2.img
Click to expand...
Click to collapse
Download a md5sum checker like this one Windows MD5 and load each file you copied to it (on Linux the "md5sum" command can be used of course).
compare the md5sums from the above output and ensure that they are all matching.
[*]Why is factory reset not working when installing TWRP? (or: AAAAaaaah my /data is inaccessible after doing a factory reset!!!!)
All my tests has shown that this comes not from TWRP (in one of my tests I disabled everything in the sourcecode of TWRP which wipes /data) but coming from LG itself. The factory reset button/option do something with the /data partition sturucture and afterwards you cannot use that anymore. I also tried to restore the partition info by trying all backup superblocks but that doesn't worked. No backup superblock is accessible.
Restoring them by mke2fs and e2fsck does not work unfortunately.. (mke2fs -S /dev/block/platform/msm_sdcc.1/by-name/userdata && e2fsck -yf /dev/block/platform/msm_sdcc.1/by-name/userdata)
So if you have loosed your /data and/or internal storage you need to have a DD imaged backup near. Sorry but you have been warned (known issues) before.
.
if you want the factory reset back simply choose the file twrp_2.7.1.0_recovery_FRon.img.lok and follow the above instructions. Afterwards you will have TWRP but it will be reachable only when you execute "adb reboot recovery" from the running system. v2.7. is not recommended to use but atm the only option if you really want that. Instead I would better try the wipe options from within TWRP and re-installing your ROM of choice or simply using the official LG flashing tool to get your F3Q fully reset.
.
History / Changelog
Previous development (v2.7.1.0)
I HIGHLY RECOMMEND USING v2.8 instead of this version!
You have been warned.. If you still want that buggy version go on here:
USE THAT ON YOUR OWN RISK! I STRONGLY RECOMMEND TO BACKUP EVERYTHING BEFORE PROCEEDING.
Working:
Install (to flash a custom Kernel)
Mounting partitions (see known issues for the internal one)
Reboot Recovery | System
adb shell
File Manager
Terminal Command
Totally untested:
WIPE (may work)
Known issues:
If the device becomes locked and then unlocked by the user adb will restart on the device (or crash and start again. haven't had looked into that yet)
When you use the "Power Off" option in the "Reboot" menu the device will reboot instead of powering off
RESTORE (will NOT work!)
BACKUP (will NOT work!)
You cannot mount the external sd via USB or MTP
Vibration is not working (I will not fix that atm because I like it that way)
Timezone is not set correctly (that seems to be a well known bug in several devices using TWRP....
Internal storage is missing (/data/media)
Hardware keys at bottom doesn't work
If you use the factory reset button /data partition will be inaccessible and need to be re-flashed (means you will LOOSE your app and system configs when you use factore reset)
Download:
Attached you will find the loki'ed TWRP version (v2.7.1.0):
AGAIN: THIS IS A PROOF-OF-CONCEPT only. It definitively WILL have bugs and problems! I want to proof that it will be possible to have TWRP on this device and also have a way to boot up into TWRP without booting the whole system.
twrp_2.7.1.0_recovery_FRoff.img.lok = FactoryReset is disabled / TWRP will be loaded instead
twrp_2.7.1.0_recovery_FRon.img.lok = FactoryReset is enabled / TWRP can be reached with "adb reboot recovery" only
Read the Installation & Usage instructions in the OP on how to install that file.
Awesome work! Saves having to risk modifying the bootloader (for now). :laugh: :highfive: Thanks!
xdajog said:
TWRP Recovery for the LG F3Q / D520
...
Click to expand...
Click to collapse
I'm unable to get logs from TWRP, it does crash reliably when messing about in settings and such.
Timezone fix is needed. (Devices time is set to the correct local time, but TWRPs timezones arent correct.)
Device does not show internal storage.
Wipe menu does not differentiate from internal storage and /data
there's no /mnt, /storage or /sdcard present while in TWRP.
Uhm, I'm sure there's some more I've missed, but that's all I've got for now.
eriklion said:
I'm unable to get logs from TWRP, it does crash reliably when messing about in settings and such.
Click to expand...
Click to collapse
Uhm what do you mean? adb shell and then open /tmp/recovery.log? Clicking on the small mini icon at middle bottom of the screen? Both working for me. Have you tested the above attached version or the one I gave you at dropbox? The above is a more current one!
Timezone fix is needed. (Devices time is set to the correct local time, but TWRPs timezones arent correct.)
Click to expand...
Click to collapse
hm I will look into that
Device does not show internal storage.
Click to expand...
Click to collapse
yeah forgot to mention that. Is that shown in CWM btw?
Wipe menu does not differentiate from internal storage and /data
Click to expand...
Click to collapse
Could you explain what does that means?
there's no /mnt, /storage or /sdcard present while in TWRP.
Click to expand...
Click to collapse
/mnt and /storage are not needed or am I wrong? /sdcard would point to the internal storage I think but I decided to use /external_sd instead which is accessible in the latest version.
Finally got around to test. Looks great, I love having TWRP over CWM!
Unfortunately the backup function is not working. TWRP errors out and reloads itself. I have a pastebin, sorry it's so long but I wanted to try a couple different backup options before I gave up and produced a log file:
http://pastebin.com/QUfNw6Rk
The portions of interest are:
Code:
Backing up Cache...
I:Creating backup...
I:Creating tar file '/external_sd/TWRP/BACKUPS/1db9cba/1970-01-24--22-43-59 JZO54K//cache.ext4.win'
I:addFile '/cache/recovery' including root: 0
Failed to get selinux context: Operation not supported on transport endpoint
I:addFile '/cache/recovery/log' including root: 0
Failed to get selinux context: Operation not supported on transport endpoint
...
Code:
Backing up Data...
I:Creating backup...
I:Creating tar file '/external_sd/TWRP/BACKUPS/1db9cba/1970-01-24--22-43-59 JZO54K//data.ext4.win'
I:addFile '/data/dontpanic' including root: 0
Failed to get selinux context: Operation not supported on transport endpoint
I:addFile '/data/dontpanic/last_kmsg0' including root: 0
Failed to get selinux context: Operation not supported on transport endpoint
I:addFile '/data/dontpanic/next_count' including root: 0
Failed to get selinux context: Operation not supported on transport endpoint
I:addFile '/data/dontpanic/last_kmsg1' including root: 0
Failed to get selinux context: Operation not supported on transport endpoint
I:addFile '/data/dontpanic/last_kmsg2' including root: 0
Failed to get selinux context: Operation not supported on transport endpoint
I:addFile '/data/dontpanic/last_kmsg3' including root: 0
Failed to get selinux context: Operation not supported on transport endpoint
I:addFile '/data/dontpanic/last_kmsg4' including root: 0
Failed to get selinux context: Operation not supported on transport endpoint
I:addFile '/data/dontpanic/last_kmsg5' including root: 0
Failed to get selinux context: Operation not supported on transport endpoint
I:addFile '/data/dontpanic/last_kmsg6' including root: 0
Failed to get selinux context: Operation not supported on transport endpoint
I:addFile '/data/dontpanic/last_kmsg7' including root: 0
Failed to get selinux context: Operation not supported on transport endpoint
__bionic_open_tzdata: couldn't find any tzdata when looking for localtime!
__bionic_open_tzdata: couldn't find any tzdata when looking for GMT!
__bionic_open_tzdata: couldn't find any tzdata when looking for posixrules!
Starting TWRP 2.7.1.0 on Sun Jan 25 03:44:01 1970
I:Single storage only.
I:No internal storage defined.
I:No storage defined, defaulting to /sdcard.
I:Lun file '/sys/devices/platform/usb_mass_storage/lun0/file' does not exist, USB storage mode disabled
I:Found brightness file at '/sys/class/leds/lcd-backlight/brightness'
I:TWFunc::Set_Brightness: Setting brightness control to 255
Starting the UI...Pixel format: 480x800 @ 32bpp
Pixel format: RGBX_8888
Not using qualcomm overlay, 'msmfb43_80201'
framebuffer: fd 4 (480 x 800)
=> Linking mtab
=> Processing recovery.fstab
I:Processing '/boot'
I:Processing '/cache'
I:Processing '/data'
I:Processing '/misc'
I:Processing '/recovery'
I:Processing '/external_sd'
I:Processing '/system'
I:Creating Android Secure: /external_sd/.android_secure
I:Backup folder set to '/external_sd/TWRP/BACKUPS/1db9cba'
I:Settings storage is '/external_sd'
Updating partition details...
I:Unmounting main partitions...
E:Unable to unmount '/data'
I have a stock based ROM to test, and I want to make sure I can enter recovery through the bootloader should things go sour. If TWRP can backup and restore, that allows me to go back to my true stock after the test. Any ideas?
joel.maxuel said:
Finally got around to test. Looks great, I love having TWRP over CWM!
Unfortunately the backup function is not working. TWRP errors out and reloads itself. [.....] Any ideas?
Click to expand...
Click to collapse
Yes.
There are several things coming in place when it comes to backing up out of TWRP atm...
You hopefully have read the big fat red warning ? What I mean is the part regarding /data gets lost when you do a factory-reset
That said if you have entered TWRP by pressing the physical keys your /data partition will be wiped (really bad thing but that it is made for and I haven't had the time to look into that further)
The result is a cleaned /data which is not mountable until you format it with mke2fs.
(e.g.: "adb shell mke2fs -T ext4 /dev/block/mmcblk0p15")
If you do not do that what MAY happens is that TWRP failing because of missing /data (and if not then you should ensure that /data was really backed up)
But as your log told me it seems to be not the problem here 'cause the /data partition is detected by TWRP. so it could be 2)
Mounting points.
As stated the mount points are not fully working in TWRP atm. That means when it comes to /sdcard which is the internal device storage it will fail, too because it cannot be found. The reason for this is that LG mounts /sdcard by the sdcard service but that is somehow tricky thats why it is not working atm.
And on top: the internal storage normally needs to be mounted to "/data/media" especially when we want to use MultiROM later.
So +1 for /sdcard or/and internal storage related
background info: http://teamw.in/DataMedia
The last one I could imagine is "something else" which could be catched by "/proc/last_kmsg"
The important thing is that this file gets written only after a crash and when the battery was not removed. So if the device reboots to TWRP again try to adb shell to the device and then paste the last_kmsg again. Maybe we can find something here.
When I will continue on TWRP I think of upgrading to v2.8 because they enable MTP here which could be good for copying data between device and pc..
BTW:
I have no idea what CWM port which is also be available would do in case of starting a backup especially what will REALLY gets backed up!!!!
IMHO the best way on doing a nandroid backup atm is "adb shell dd ...." Takes a long time but then you can be sure. I can give you all the mountpoints if you need them.
As I currently have not such much success with porting the ROM I will now come back here to TWRP and will finish it to have a hopefully fully working recovery. I cannot say the timeline for this but it will definitively be the next what I want to do because when this is done I can better match the rest for the ROM.
xdajog said:
<SNIP>
IMHO the best way on doing a nandroid backup atm is "adb shell dd ...." Takes a long time but then you can be sure. I can give you all the mountpoints if you need them.
As I currently have not such much success with porting the ROM I will now come back here to TWRP and will finish it to have a hopefully fully working recovery. I cannot say the timeline for this but it will definitively be the next what I want to do because when this is done I can better match the rest for the ROM.
Click to expand...
Click to collapse
This should work (I've done it before for eriklion):
Code:
adb shell
dd if=/dev/block/platform/msm_sdcc.1/by-name/system of=/storage/external_SD/system.2014-11-12.img
dd if=/dev/block/platform/msm_sdcc.1/by-name/boot of=/storage/external_SD/boot.2014-11-12.img
dd if=/dev/block/platform/msm_sdcc.1/by-name/cache of=/storage/external_SD/cache.2014-11-12.img
dd if=/dev/block/platform/msm_sdcc.1/by-name/userdata of=/storage/external_SD/userdata.2014-11-12.img
Now, is there a recommended adb command to wipe data and cache, since factory reset function is not the best choice? I see a few with the following process...
Code:
adb shell
su
format DATA
format CACHE
...but not much commentary on it.
I appreciate the second (third, whatever you are on) crack at TWRP. Hopefully the next version will squash the bugs. Btw, I will see if I can provide a /proc/last_kmsg tonight have posted a last_kmsg here.
joel.maxuel said:
This should work (I've done it before for eriklion):
Code:
adb shell
dd /dev/block/platform/msm_sdcc.1/by-name/system /storage/external_SD/system.2014-11-12.img
dd /dev/block/platform/msm_sdcc.1/by-name/boot /storage/external_SD/boot.2014-11-12.img
dd /dev/block/platform/msm_sdcc.1/by-name/cache /storage/external_SD/cache.2014-11-12.img
dd /dev/block/platform/msm_sdcc.1/by-name/userdata /storage/external_SD/userdata.2014-11-12.img
Click to expand...
Click to collapse
yes thats all you need to backup & restore
joel.maxuel said:
Now, is there a recommended adb command to wipe data and cache, since factory reset function is not the best choice? I see a few with the following process...
Code:
adb shell
su
format DATA
format CACHE
...but not much commentary on it.
I appreciate the second (third, whatever you are on) crack at TWRP. Hopefully the next version will squash the bugs. Btw, I will see if I can provide a /proc/last_kmsg tonight.
Click to expand...
Click to collapse
I always do it that way:
Code:
Starting TWRP
adb shell
("su" in TWRP not needed normally)
mke2fs -T ext4 /dev/block/mmcblk0p15 (for userdata)
mke2fs -T ext4 /dev/block/mmcblk0p14 (for cache)
Then you can be sure it is clean and well formatted. ext4 is for both cache and userdata and works fine for me.
twrp v2.8 with many enhancements and fixes is on its way
Stay tuned ....
if you get bored in the meanwhile ... click thanks
Is someone here with running the stock ROM (or absolutely not modified means formatted! /data partition) who is willing to give me a quick help? It must be stock or placed back to stock by using a backuped image dump if you have one.
The following need to be done in recovery so you need to have CWM or TWRP installed. Boot into recovery (adb reboot recovery) and then use "adb shell" to connect.
I need your output of this command:
Code:
mke2fs -n /dev/block/platform/msm_sdcc.1/by-name/userdata
This will not do/destroy/modify anything.
It should display some information about that partition. Read the details here http://linux.die.net/man/8/mke2fs
The reason is that LG factory reset seems to wipe superblocks (wanted by LG or not - fact is that they are thrown) and THEN forwarding to the recovery tool like TWRP but to be sure I need the above output from 1 or 2 people to be sure enough on how to proceed.
Thanks in advance
As Joel investigated that may destroy /data cause of a buggy version of mke2fs!! Oh man..
-----
Sent from my SGH-I927 using XDA Android mobile app
Ok thx to joel I'm able to investigate the LG facotry reset further.
In parallel I will try another way which will be (if I get it working) absolutely smooth and will not have such workaround character like the current idea (hijacking factory reset).
Give me some time but if that works it would be a great solution for accessing recovery..
Stay tuned some good things may happen...
-----
Sent from my SGH-I927 using XDA Android mobile app
Finally v2.8 for F3Q has arrived !!! I think a very good approach now!
Have fun and as usual any thx click.... and so on
Check out the OP for Download and details:
http://forum.xda-developers.com/showpost.php?p=55239027&postcount=1
UPDATE:
I have completely reworked the "Installation & Usage instructions" section in the OP. PLEASE READ and be happy
xdajog said:
Finally v2.8 for F3Q has arrived !!! I think a very good approach now!
Have fun and as usual any thx click.... and so on
Check out the OP for Download and details:
http://forum.xda-developers.com/showpost.php?p=55239027&postcount=1
UPDATE:
I have completely reworked the "Installation & Usage instructions" section in the OP. PLEASE READ and be happy
Click to expand...
Click to collapse
Great work.
Am looking at method two. If I was to install a ROM, wouldn't the boot partition (thus my new recovery) be overwritten by the ROM package's boot.img? And when I was cooking with the Kitchen, the ROM required a specific mount point for the boot partition. If it is supposed to point to recovery, seems to me that neither would boot (overwritten recovery, ROM pointing in the wrong location).
So, what is this solution getting around? So we have an option to load TWRP before a system we don't necessarily trust will boot? Thus avoiding the bootloader fallback even more? Or is it a broken boot.img breaks TWRP as well so even if we try to go in through the bootloader, TWRP fails to load as well?
Sorry for my confusion, still trying to grasp all this new information.
joel.maxuel said:
Great work.
Click to expand...
Click to collapse
Thanks
Am looking at method two. If I was to install a ROM, wouldn't the boot partition (thus my new recovery) be overwritten by the ROM package's boot.img?
Click to expand...
Click to collapse
Method 2 will suggest that if you install a custom ROM that you are be able to use/choose the boot.img partition (I hoped that the "hint" at the was clear enough but better to ask of course!)
And when I was cooking with the Kitchen, the ROM required a specific mount point for the boot partition. If it is supposed to point to recovery, seems to me that neither would boot (overwritten recovery, ROM pointing in the wrong location).
Click to expand...
Click to collapse
Well yes you either need to point to the recovery partition or (and that would be what I recommend) you let the user choose what he wanted to do.
So, what is this solution getting around?
Click to expand...
Click to collapse
The best we can do here (and that is what I will do for my custom ROM if I get it done some day) to use AROMA installer and ask the user if he has a recovery installed in the boot partition or not. Then you can choose what to do in the updater script.
I uploaded an example of my AROMA installation setup for the "sediROM for Samsung Captivate Glide" in this post. This one is VERY complex but you will get the idea and many input on how to do things.
So we have an option to load TWRP before a system we don't necessarily trust will boot? Thus avoiding the bootloader fallback even more?
Click to expand...
Click to collapse
Yes using method 2 we have always coming TWRP up when powering on the device. We then can choose to do things in there or to boot to "recovery" which will be the ROM. What do you meant with "bootloader fallback"?
Or is it a broken boot.img breaks TWRP as well so even if we try to go in through the bootloader, TWRP fails to load as well?
Click to expand...
Click to collapse
Not sure If I got you. When the boot partition gets overwritten TWRP and any possibility to get into TWRP will be lost because it sits only in the boot partition when using method 2. If you choose to do a factory reset when powering on the device or from within the ROM I have no idea what happens then unfortunately. That is untested but if you willing to test..
Sorry for my confusion, still trying to grasp all this new information.
Click to expand...
Click to collapse
No worry about that happy if that is useful for someone
xdajog said:
I uploaded an example of my AROMA installation setup for the "sediROM for Samsung Captivate Glide" in this post. This one is VERY complex but you will get the idea and many input on how to do things.
Click to expand...
Click to collapse
Thanks! I will take a look at this in the next few days.
xdajog said:
Yes using method 2 we have always coming TWRP up when powering on the device. We then can choose to do things in there or to boot to "recovery" which will be the ROM. What do you meant with "bootloader fallback"?
Click to expand...
Click to collapse
Bootloader fallback as in having to access TWRP via the bootloader. Our regular method is to access form the ROM, but if the ROM is bricked for whatever reason, the fallback is through the bootloader.
xdajog said:
Not sure If I got you. When the boot partition gets overwritten TWRP and any possibility to get into TWRP will be lost because it sits only in the boot partition when using method 2. If you choose to do a factory reset when powering on the device or from within the ROM I have no idea what happens then unfortunately. That is untested but if you willing to test..
Click to expand...
Click to collapse
I was alluding to the scenario if one was to choose method one, installed a ROM, and things got busted badly... Would you even be able to access TWRP with a bad boot partition? I think so, because recovery partition should be self sufficient (I think you proved it by swapping their places by way of method two), it is just getting into recovery by way of bootloader) I don't particularly like.
Had to face that fear last night, and ultimately, TWRP started up fast enough from the bootloader that it seemed like nothing happened, but when i went to dump the log, it could not recognize the sdcard. DD'ing my userdata partition back fixed that issue.
joel.maxuel said:
Bootloader fallback as in having to access TWRP via the bootloader. Our regular method is to access form the ROM, but if the ROM is bricked for whatever reason, the fallback is through the bootloader.
Click to expand...
Click to collapse
You mean "factory-reset" right? By either pressing the factory reset buttons (or by choosing from within the ROM) correct?
I was alluding to the scenario if one was to choose method one, installed a ROM, and things got busted badly... Would you even be able to access TWRP with a bad boot partition? I think so, because recovery partition should be self sufficient (I think you proved it by swapping their places by way of method two), it is just getting into recovery by way of bootloader) I don't particularly like.
Click to expand...
Click to collapse
If you install TWRP with method 1 and your boot partition gets corrupt you still be able to reach TWRP by using the factory-reset buttons. But you will loose /data then.
If you install TWRP with method 2 and your boot partition has gone you can not start TWRP anymore because it sits on there.
So you're more bulletproof by choosing method 1 because you would reach TWRP even when the boot partition gets damaged but you will loose /data then! Mentioned in the known issues in the OP.
Had to face that fear last night, and ultimately, TWRP started up fast enough from the bootloader that it seemed like nothing happened, but when i went to dump the log, it could not recognize the sdcard. DD'ing my userdata partition back fixed that issue.
Click to expand...
Click to collapse
When you have TWRP installed with method 1 you will reach TWRP by factory reset buttons and it will DO NOTHING ! Really! It simply starts TWRP because I patched TWRP that way that it will not wipe anything when triggered by the factory-reset command / button!
I can say that for double sure since today because:
1) In one of my tests I had disabled REALLY EVERY wipe option within TWRP - compiled it - installed it and even then /data gets lost!
2) I have installed the BOOT image means KERNEL on the RECOVERY partition today again and then used the factory-reset buttons again (after I restored /data of course)... and /data gets lost AGAIN--?!!
That means even when there is absolutely no custom recovery in place (like TWRP) which would normally handle wiping /data then nevertheless /data gets corrupted! I have tested that twice so I can say now for sure that this has nothing to do with TWRP but it comes from the LG bootloader instead! That bootloader is CRAP. sorry.
I had tested one approach which is build in boot image RAM disk which catches the keys which are pressed and then reboot into recovery. That would work but only as long as you have a working boot image partition. So that is the same good/bad as having TWRP sitting within the boot partition which is much easier to do so I decided to go this way for now.
One last word about the crappy factory-reset by LG: I have tried a lot to find out what really happens to the partition or partition table of /data when those keys are pressed but the only thing I can say is that the superblocks are inaccessible and the same for the backup superblocks. doing a "mke2fs -S" does not work (and wouldn't fix the root cause of the issue) and I have no idea what LG do here. Therefore cannot fix that ..
so I believe we will need to live with one of the 3 methods described in the OP....
Hope that answered some of your questions...
Bad news..
The Desire Z of my wife is completely broken now.
That means I cannot develop anymore..
- I ported and released the latest TWRP version to the F3Q
- I'm able to build AOSP JellyBean (not booting yet though),
- I compiled and released a custom AOSP Kernel (named sediKERNEL)
.... and a lot more..
I have everything I need to continue here in place...
I have the will and the ability to continue...
But no device anymore..
If someone has a F3Q to give away.. then I will continue but I'm not willing to buy a F3Q for developing only. So if you have an idea how we could continue let me know.
Update:
Check out the following link if you want to help http://forum.xda-developers.com/showthread.php?t=2952919
Otherwise that will end here for me unfortunately...
Hopefully not.
Yours
Xdajog.
-----
Sent from my SGH-I927 using XDA Android mobile app
I will update the installation instructions soon!
Because of the new sediKERNEL v2.0 the instructions will be made bullet proof only .. and i try to do it more detailed @Kediil
-----
Sent from my SGH-I927 using XDA Android mobile app

[REPARTITION] Nexus 5 Repartition [HAMMERHEAD] [16GB/32GB] [UA TWRP]

Nexus 5 Repartition​
No one is responsible for your actions except yourself. Everything written further may potentially brick your device, although risk is reduced to minimum.
This repartition package offers 1.5G /system; a /vendor partition and it is fully backward compatible with any ROM (including stock system.img).
Known-issues
HTML:
- If repartition pack says that device isn't correct,
than, if partition table wasn't modified before,
congrats! your device has different memory chip
that those I worked with. No worry, PM me and
I'll add support for it.
DO THE BACKUPs. Repartition will erase all your data
USB connection to PC is MANDATORY else you will not have opportunity to push ROM to your device
Installation
HTML:
# Before processing further we highly recommend you backup persist using terminal and dd comand and EFS
# Or you might lose your IMEI/WIFI + BT mac addresses
# This mod is backwards compatible with any ROM so we highly recommend NOT to reverse it if repartition went well.
# You should use ONLY recovery from this thread since other don't support all benefits of this mod.
# When installing ROM just after you flashed zip and before installing GAPPs you MUST make a resize in TWRP since all roms are build for ~1G system.
# To restore stock layout use same zip and steps as for repartition.
1. Boot into recovery (You need to allow system partition modification to be able resize /system in recovery).
2. Backup your data & Move your files from flash to your PC.
3. Flash repartition pack zip.
4. Do the actions asked by repartition pack (go to Terminal in ordinary recovery and input word that pack will tell you. Everything else will be done automatically).
5. Phone will reboot into recovery.
6. Install TWRP from below (it is build with support of new partitions layout and sizes. It can be differed from official TWRP by next format 3.x.x-1 UA).
7. Format everything. (mount errors will not affect formatting!)
- In TWRP: Wipe > Format data
- Type yes
- Once this completes go to: Wipe > Advanced Wipe
- Tick all the boxes and wipe. There should be no further mount errors.
8. Install ROM which you like.
9. Enjoy better flash partition layout.
If something gone wrong - we recommend you NOT to do anything by yourself. Write here for help, else you may do only worse.
Downloads:
Repartitioning package: GitHub
Credits:
Special thanks to
- Unlegacy-Android team;
- Sudokamikaze;
- surfrock66 for his gide for Nexus 5;
As usual, feedback is appreciated
XDA:DevDB Information
Nexus 5 Repartition, Tool/Utility for the Google Nexus 5
Contributors
Clamor
Source Code: https://github.com/clamor95/android_device_unlegacy_recovery
Version Information
Status: Stable
Created 2018-09-19
Last Updated 2019-01-18
Common issues and F. A. Q.
Repartition pack should be safe for most devices. Common mistakes, issues and their solution will be published here.
1. You shouldn't flash any internal parts of repartition pack (*.sh files) only flash whole zip using TWRP. You may use my scripts for personal use or projects but authorship should to be kept.
2. If something isn't mounting after repartition try to format partitions that don't mount using Wipe -> Advanced Wipe in TWPR. Ideally you should format in that way all partitions in Advanced Wipe menu (see 5-th step of installation guide).
3. To be sure that repartition went well I enclose loging zip. Flash it after repartition (when device reboots into TWRP). It won't modify anything only generates a partition.log in root of internal storage and outputs your current partition layout to screen. You shoud check if your layout is same as those fragments I provide under spoiler (file systems doesn't matter). If there are any differences you have to discribe what you did and enclose partition.log to your post.
HAMMERHEAD STOCK
Code:
25 192937984B 1266679807B 1073741824B system
26 1266679808B 1298137087B 31457280B crypto
27 1298137088B 2032140287B 734003200B cache
HAMMERHEAD MODIFIED
Code:
25 192937984B 1803551231B 1610613248B system
26 1803551232B 2065695231B 262144000B vendor
27 2065695232B 2097152511B 31457280B crypto
28 2097152512B 2306867711B 209715200B cache
4. Flashable resize zip for ROMs that support addon.d (automatic resize when dirty flashing updates).
5. To backup persist partition you need PC with installed adb. Boot your hammerhead in TWRP and plug to PC. Than use next commands.
Code:
adb root
adb shell
dd if=/dev/block/mmcblk0p16 of=/sdcard/persist.img
Than copy .img file from root of internal storage to your PC. Although, script doesn't affect that area, backup of this partition may help in case of any problems with mac address etc.
Thank you for this zip!!! It works fine but I used nano package gapps for the face unlock but still does not work on LOS 15.1. Any suggestions
Vendor partition means support for treble.... Right?
---------- Post added at 04:11 AM ---------- Previous post was at 03:44 AM ----------
After flashing a ROM the system partition resizes back to 1009mb...
Can this be fixed?
@sinkoo1979 try bigger gapps, alse, it may be Lineage problem.
@getrooted0019 you didn't read Installation part carefully, did you? You need to use resize option in TWRP to restore original size after flashing ROMs since they are build for 1G /system partition.
getting a message in twrp "this is not a nexus 5" and won't let me switch back to stock.
@sinkoo1979 send me your partition table in bytes
Clamor said:
@sinkoo1979 send me your partition table in bytes
Click to expand...
Click to collapse
Data and vendor partitions in my nexus 5 are 0mb and not present. System showing about 1028mb while cache is on 29mb.
Thank you for your help but can't change the cache storage back to stock. Can't access the internal storage in TWRP. I think I corrupted my partitions on the nexus 5. Nexus 5 boots into TWRP but can't access nothing. Tried to flash different rom with OTG but bootloops. Can't flash stock because the cache partition is too small.
@sinkoo1979 just stop. I'd ask you to create a telegram account and PM it to me here. I'll help you, just don't do anything
Clamor said:
@sinkoo1979 just stop. I'd ask you to create a telegram account and PM it to me here. I'll help you, just don't do anything
Click to expand...
Click to collapse
Thank you for your help
This is fixable! I was a noob and didn't resize my system partition after flashing rom. Flashed the hh repartition to go back to stock in the ua twrp and got a bunch of errors. Then flashed stock recovery and tried again. This is not a Nexus 5 popped up. The backup file is inside the flashable zip. I just used adb shell and parted to execute the commands listed in backup and viola my Nexus 5 is back. So those freaking out that they messed up their phone...don't worry it's fixable just listen to Clamor. Anyone can pm me too if you need help.
@typow102 if repartition pack says "It is not Nexus 5" than you shouldn't continue without asking here. Using scripts from pack on them own is dangerous as well. Currently I don't know how many types of MMC installed in our Nexus 5 and "It is not Nexus 5" on repartition or on returning to stock may indicate a new type MMC chip like it was with Nexus 7 (2013)
Clamor said:
@typow102 if repartition pack says "It is not Nexus 5" than you shouldn't continue without asking here. Using scripts from pack on them own is dangerous as well. Currently I don't know how many types of MMC installed in our Nexus 5 and "It is not Nexus 5" on repartition or on returning to stock may indicate a new type MMC chip like it was with Nexus 7 (2013)
Click to expand...
Click to collapse
That's the thing though It worked perfectly the first time I flashed it. No errors. Luckily I have had quite a bit of experience with terminal and parted so I felt confident in what I was doing. Can I help you in any way with this? There very well maybe a different mmc chip we don't know about yet.
@typow102 feel free to help if you are certain you can.
For those who downloaded repartition pack before this message is published, please redownload pack since previous version might have a problems with repartition. If repartition was already made, don't worry everything should be fine. Just use up-to-date pack.
Do I need to resize the partition in twrp every time after flashing any ROM and then flash gapps package?
@bagajohny yeah, till devs decide to support it officially.
When I install the ROM (crDroid 4.6) after change the partitions, when I go to TWRP, Wipe > Advanced Wipe, selecting system and pushing over Repair or Change File System button and then over Resize File System, this message was shown:
Repairing system before resizing.
Repairing system using e2fsck...
Done.
Resizing...
/sbin/resize2fs /dev/block/mmcblk0p25 process ended with ERROR: 1
Unable to resize system.
So no resizing is made.
@froilson resize once more, if fails, change mounting state of system and try once more
@Clamor with this can we have treble support ?

[HELP NEEDED] ROM Development for Duo

Hello Everyone!
I have gone down the rabbit hole in developing ROMs for the Surface Duo. Since we have root, and the ability to unlock the bootloader, I wanted to see what I could do for ROM development. Unfortunately, I've ran into two problems: creating a device tree for the Surface Duo and unzipping the system image.
First, the device tree for OS builds was not released.
Second, the system image is formatted as an EXT2 file, NOT an EXT4 file, and not as an Android system file that sim2img desires.
I found the system image through two methods:
Finding the payload.bin OTA file and extracting the images there.
Rooting the phone, copying the super.img, and extracting the images.
In both situations, the filetype of the system image is Linux rev 1.0 ext2 image. All the guides I found say the image should be an EXT4 file type.
This is for both A and B Partitions. I can't mount ext2 images onto my linux OS (I'm on Kali OS) via mount loop.
Code:
wrong fs type, bad option, bad superblock on /dev/loop0, missing codepage or helper program, or other error.
If anyone can help me out, that would be great!
JengaMasterG said:
Hello Everyone!
I have gone down the rabbit hole in developing ROMs for the Surface Duo. Since we have root, and the ability to unlock the bootloader, I wanted to see what I could do for ROM development. Unfortunately, I've ran into two problems: creating a device tree for the Surface Duo and unzipping the system image.
First, the device tree for OS builds was not released.
Second, the system image is formatted as an EXT2 file, NOT an EXT4 file, and not as an Android system file that sim2img desires.
I found the system image through two methods:
Finding the payload.bin OTA file and extracting the images there.
Rooting the phone, copying the super.img, and extracting the images.
In both situations, the filetype of the system image is Linux rev 1.0 ext2 image. All the guides I found say the image should be an EXT4 file type.
This is for both A and B Partitions. I can't mount ext2 images onto my linux OS (I'm on Kali OS) via mount loop.
Code:
wrong fs type, bad option, bad superblock on /dev/loop0, missing codepage or helper program, or other error.
If anyone can help me out, that would be great!
Click to expand...
Click to collapse
If my memory serves me right it should be mount -t ext2 <blah>
pibleck said:
If my memory serves me right it should be mount -t ext2 <blah>
Click to expand...
Click to collapse
Sadly, I've tried that. I get the same loop error as posted above.
JengaMasterG said:
大家好!
我已经在为Surface Duo开发ROM时陷入了兔子洞。由于我们有root,并且能够解锁引导加载程序,我想看看我能为ROM开发做些什么。不幸的是,我遇到了两个问题:为Surface Duo创建设备树和解压缩系统映像。
首先,未发布操作系统版本的设备树。
其次,系统映像被格式化为 EXT2 文件,而不是 EXT4 文件,也不是 sim2img 所需的 Android 系统文件。
我通过两种方法找到了系统映像:
查找有效负载.bin OTA 文件并在那里提取图像。
生根手机,复制super.img,然后提取图像。
在这两种情况下,系统映像的文件类型都是 Linux rev 1.0 ext2 映像。我找到的所有指南都说图像应该是EXT4文件类型。
这适用于 A 和 B 分区。我无法通过挂载循环将 ext2 映像挂载到我的 linux 操作系统(我在 Kali OS 上)。我无法将 ext2 映像挂载到我的 linux 操作系统上。
Code:
错误的 fs 类型、错误的选项、/dev/loop0 上的错误超级块、缺少代码页或帮助程序或其他错误。[/代码]
如果有人能帮助我,那就太好了!
[/QUOTE]
https://surface.downloads.prss.microsoft.com/dbazure/ota_b1-11-customer_gen_2022.517.57.zip?t=5bc2c2bd-751e-4bf4-8e32-3dcce783f7e7&e=1658523817&h=2253dc7d607ba51f842aa6e1e761a0646f372348b15d6cea075105797ed6682a
Click to expand...
Click to collapse
可以下载的链接。
Surface 恢复映像下载 - Microsoft 支持
support.microsoft.com
JengaMasterG said:
Hello Everyone!
I have gone down the rabbit hole in developing ROMs for the Surface Duo. Since we have root, and the ability to unlock the bootloader, I wanted to see what I could do for ROM development. Unfortunately, I've ran into two problems: creating a device tree for the Surface Duo and unzipping the system image.
First, the device tree for OS builds was not released.
Second, the system image is formatted as an EXT2 file, NOT an EXT4 file, and not as an Android system file that sim2img desires.
I found the system image through two methods:
Finding the payload.bin OTA file and extracting the images there.
Rooting the phone, copying the super.img, and extracting the images.
In both situations, the filetype of the system image is Linux rev 1.0 ext2 image. All the guides I found say the image should be an EXT4 file type.
This is for both A and B Partitions. I can't mount ext2 images onto my linux OS (I'm on Kali OS) via mount loop.
Code:
wrong fs type, bad option, bad superblock on /dev/loop0, missing codepage or helper program, or other error.
If anyone can help me out, that would be great!
Click to expand...
Click to collapse
Surface 恢复映像下载 - Microsoft 支持
support.microsoft.com

Question Read Only Access to System Files after Root

here are some commands I have tried after root following @sd_shadow 's guide
[email protected] ~ $ adb remount
/system/bin/sh: remount: inaccessible or not found
caprip:/ # mount -o rw,remount /system
mount: '/system' not in /proc/mounts
caprip:/ # mount -o rw,remount /
'/dev/block/dm-0' is read-only
caprip:/ # touch file
touch: 'file': Read-only file system
Wanted to post something like this right now since i have the same problem, i think for adb remount to work you need to first run adb root, but that doesnt work unless you modify ro.debuggable=0 to 1 which cannot be done since you cant mount system as rw, i will keep you updated if i find anything tho!
- Apparently you can modify the boot.img to set ro.debuggable=1 but most of the tools i tried dont recognize this phones boot image as valid so i wont really spend more time on this since i think its something way beyond the scope of what i can do. And the only tool that worked outputted a unusable archive, i think this has to do with the source of the device being closed or something related to why we dont have custom roms on this device yet. But dont take my word for it since i just started playing with stuff like this a few hours ago so i can remap the assistant button.
And even if i could modify it i have a hunch it would behave just as using remount from shell.
If anyone who understands this better than me could provide some insight to my rambling it would be great!
The reason for this behaviour is the unified "super" partition. /system is dynamic, i.e. it may change size depending on future updates. /vendor is also a part of the "super" partition, thus is also read only. There is a way to restore rw access but it a) is not guaranteed and b) affects the ability to apply OTA updates.
If you're willing to take the risk, you should be able to find the relevant post on here (XDA, not the G30 section) with some search fu. You will need a Linux machine and the knowledge to use it. The "run on device" unified script does not fully work on the G30 and you need to reconfig the super image on a Linux box.
Chron0s said:
The reason for this behaviour is the unified "super" partition. /system is dynamic, i.e. it may change size depending on future updates. /vendor is also a part of the "super" partition, thus is also read only. There is a way to restore rw access but it a) is not guaranteed and b) affects the ability to apply OTA updates.
If you're willing to take the risk, you should be able to find the relevant post on here (XDA, not the G30 section) with some search fu. You will need a Linux machine and the knowledge to use it. The "run on device" unified script does not fully work on the G30 and you need to reconfig the super image on a Linux box.
Click to expand...
Click to collapse
Can I have some more search terms to find what you are talking about?
I can do better than that but with the usual caveats of bootloops, hard-bricks, kicked kittens, spacetime anomalies and global thermonuclear war:
G30 /system rw
I remain totally immune for blame when this goes wrong. You need a disaster recovery strategy in place before trying this. Read the first post in that thread thoroughly before doing anything.
Make sure you have a copy of the correct stock ROM and at least RSD-lite to recover. Also, revert Magisk patched initrd (boot.img - be sure your stock matches the ROM version or you'll lose the touch screen/RIL) before attempting this method - you can restore it later but the script requires the live ROM on the device to be stock. This is not something Motorola can be blamed for, it's upstream and applies to all devices running with a super partition and dynamic /system and /vendor.
More caveats: You will lose OTA updates. You will still need to boot to fastbootd to access /system. There is still currently no custom recovery for this device. A manual update will put you back to square one, which is why I decided to forget rw on /system and use Magisk to debloat/degoogle as the method employed in the debloater persists across updates.
Chron0s said:
I can do better than that but with the usual caveats of bootloops, hard-bricks, kicked kittens, spacetime anomalies and global thermonuclear war:
G30 /system rw
I remain totally immune for blame when this goes wrong. You need a disaster recovery strategy in place before trying this. Read the first post in that thread thoroughly before doing anything.
Make sure you have a copy of the correct stock ROM and at least RSD-lite to recover. Also, revert Magisk patched initrd (boot.img - be sure your stock matches the ROM version or you'll lose the touch screen/RIL) before attempting this method - you can restore it later but the script requires the live ROM on the device to be stock. This is not something Motorola can be blamed for, it's upstream and applies to all devices running with a super partition and dynamic /system and /vendor.
More caveats: You will lose OTA updates. You will still need to boot to fastbootd to access /system. There is still currently no custom recovery for this device. A manual update will put you back to square one, which is why I decided to forget rw on /system and use Magisk to debloat/degoogle as the method employed in the debloater persists across updates.
Click to expand...
Click to collapse
As long as I still have access to the bootloader I it should be fine? Also others on this device thread don't have this issue, why?
As long as you can boot to fastboot, you should be able to recover. There are, of course, exceptions to this as every G5s plus owner who ever deleted the persist partition without a bit-perfect backup will know only too well.
I haven't seen a single instance of anyone on a dynamic /system device, including the Moto G30, being able to remount /system rw without jumping through hoops like these. Perhaps it is simply because most people know that dynamic /system became A Thing recently. Again, this is on Alphabet, not Lenovo/Motorola.
This is also why this device section is full of "how to root" queries as the traditional method of banging su into /system/sbin and installing a management APK doesn't work with dynamic partitions. The only way to get a working su binary onto the system is via initramfs preloaded with the kernel, which is what Magisk patches and is why Magisk is the only root solution for this device.
If you think I'm typing nonsense, that's fine. Here's the advice, it was free and comes with a guarantee worth exactly what you paid for it.
No, not at all. Thanks for your help, Got error 73 which is where the Linux comes in so I imagine it's probably fine? I'll run the repair script when I get home later.
Error 73 is exactly the error I got, which is indeed why you need the older Linux method of patching the super image.

Device says it's FDE encrypted, but actually it isn't

I have Xiaomi RN5/whyred, PIN protected, TWRP, Magisk-rooted.
And the following output, which means we have FDE:
getprop ro.crypto.state: 'encrypted'
getprop ro.crypto.type : 'block'
Аlso, there is dm-X block device exists and mounted to /data which aims for encryption.
But actually, I am able to boot TWRP and access /userdata partition without password/PIN prompting. Also, alarm works while device is powered off (which impossible at FDE). So, actually there is no encryption.
Am I right on suggestion, that dm-device works in no-op mode? Thanks.
Or it works using some "dummy" password, so there is no performance benefit comparing with normal encryption process?
Answer myself: it uses 'default_password', that known everything, e.g. TWRP, so it decrypts /userdata partition (FDE) without a promt.

Categories

Resources