Q&A for [Recovery] [v500] CWM 6.0.5.1
Some developers prefer that questions remain separate from their main development thread to help keep things organized. Placing your question within this thread will increase its chances of being answered by a member of the community or by the developer.
Before posting, please use the forum search and read through the discussion thread for [Recovery] [v500] CWM 6.0.5.1. If you can't find an answer, post it here, being sure to give as much information as possible (firmware version, steps to reproduce, logcat if available) so that you can get help.
Thanks for understanding and for helping to keep XDA neat and tidy!
Didn't work- aboot needs flashing?
Hi, I got up to the last step, but aborted as per your instructions when access to aboot was denied. Does this mean I need to downgrade to a different stock android before putting a custom recovery on? If so, how do I do that?
When you first typed "su" to gain root access in the terminal, did you allow it in the SuperSU application? It sounds like your problem is related to root permissions not being given. Was the problem with using the "dd" command or the command to patch the recovery.img?
---------- Post added at 12:48 PM ---------- Previous post was at 12:44 PM ----------
Oh, I think the problem is that you need to go into the developer options and allow root to both apps and adb. Root permission is default to apps only and that setting needs to be changed to give adb root access.
Edit: I added a new note about this to the guide.
I am running stock HTC and there is no option to allow root access in developer options as in your screenshot (main thread- I don't have permission to post). However, I checked in SuperSU and root access is granted.
I am not very experienced in this area. Maybe I'm doing something wrong. Here's a copy and paste from command line I used to run ADB:
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
E:\Google SDK\adt-bundle-windows-x86_64-20130729\sdk\platform-tools>adb push rec
overy.img /data/local/tmp
* daemon not running. starting it now on port 5037 *
* daemon started successfully *
3423 KB/s (10514432 bytes in 2.999s)
E:\Google SDK\adt-bundle-windows-x86_64-20130729\sdk\platform-tools>adb push lok
i_tool /data/local/tmp
2286 KB/s (379276 bytes in 0.162s)
E:\Google SDK\adt-bundle-windows-x86_64-20130729\sdk\platform-tools>adb shell
[email protected]:/ $ su
su
[email protected]:/ # chmod 755 /data/local/tmp/loki_tool
chmod 755 /data/local/tmp/loki_tool
[email protected]:/ # dd if=/dev/block/platform/msm_sdcc.1/by-name/aboot of=/data/local
/tmp/aboot.img
cc.1/by-name/aboot of=/data/local/tmp/aboot.img <
1024+0 records in
1024+0 records out
524288 bytes transferred in 0.085 secs (6168094 bytes/sec)
[email protected]:/ # /data/local/tmp/loki_tool patch recovery /data/local/tmp/aboot.im
g /data/local/tmp/recovery.img /data/local/tmp/recovery.lok
a/local/tmp/recovery.img /data/local/tmp/recovery.lok <
Loki tool v2.1
[-] Unsupported aboot image.
Ok, your problem is not related to permissions. You have followed the directions correctly. The problem you have is that your aboot.img is not compatible with loki_tool, so it is unable to patch your recovery.img to recovery.lok. Perhaps downgrading your firmware would install an older loki_tool exploitable aboot partition. You might also just be able to change aboot without having to downgrade everything else, but it really depends on your version of software. There are some recovery threads that install a new aboot.img along with a new recovery.img, but just make sure you don't install the wrong aboot, because you might get a boot loop and have to reset with the LG tool.
Edit: when you say you are running stock HTC, do you really mean stock LG? This is for v500 devices only.
Yes, I meant stock LG. I've got version 4.4.2, v 50020d.
The threads I've seen seem to require a custom recovery to install the old version of android... which is what I need to install a custom recovery. Maybe I'm being dense. Can you point me in the right direction at all?
Yes, I think 20d is the latest firmware that has the aboot partition patched to prevent loki_tool from working. The safest way, without risking a boot loop, would probably be to downgrade your firmware to an older version with the LG tool. But, I don't know if those older images are available for your device. I would assume that any official v500 image from LG would work, as long as the hardware is not different. I've heard that some of the newer v500 devices have a different camera module, which would require the latest version of software for the different camera to be supported. By downgrading the LG firmware on newer models, you could lose the camera driver support. Maybe you should determine what camera is in your device before you make a decision on which version of software to install with the LG tool.
I stupidly upgraded from 500b to d when my OS recommended it but my G-Pad is a bit older. Basically, I should be able to downgrade to tha without risking the camera. But I don't know how. I had a look at an LG tool thread, but it was quite confusing and most talk was related to the LG G2. There are many options in the LG tool which I have no idea about. I might be abIe to work it out after extensive reading but a bigger problem is I don't know where to get the image to flash v500b from.
Yes, we need a thread with links to all the stock images.
---------- Post added at 03:31 PM ---------- Previous post was at 03:13 PM ----------
The question really is, which loki_tool exploitable aboot.img is compatible with the software on your device. I have a feeling that you would get a boot loop if you tried to change only your aboot.img to an older version without downgrading the system to match.
Edit: I'm not really sure what would happen if I made a copy of my aboot partition for you to flash over your copy. I could post my aboot.img, and it could be flashed to your device using dd, but it's risky.
Theoretically, if you flash a new aboot.img and recovery.lok (to match the new aboot partition), you would not be able to boot into the old system (because your boot partition does not match the new aboot partition), but you should still be able to get into the new custom recovery (because it matches aboot). Then you could install a custom Rom that replaces your old boot partition (the kernel).
Edit: I think you should take a look at this thread: http://forum.xda-developers.com/showpost.php?p=53140473&postcount=14
I was able to download the kdz file for my v500 which should work for your device also.
Here is a link to the LG Tool that is modified to download the file from a local server: http://storagecow.eu/index.php?dir=Xda/LG+Software/KDZ+Flashing+Tools/
Edit: I recommend using LG Flash Tool 2014 to flash the kdz file instead.
http://forum.xda-developers.com/showthread.php?t=2797190
Unsupported aboot image
Hi!
When I enter the command to patch the recovery I got the response "Unsupported aboot image"
I´m on V50020a, loki_tool only supports V50010a?
It means your aboot is patched. I'd downgrade with lg tool then root over again.
Deltadroid said:
It means your aboot is patched. I'd downgrade with lg tool then root over again.
Click to expand...
Click to collapse
Thanks, just looked thru the rest of this thread and realized that, lazy me.
Latest 20D and CWM - device unlock, so Boot success!! ??
Hi All,
I am trying to get into Recovery but I only get "device unlock, so Boot success!!", Goes dim for a second and then just loads back into Stock.
I am unable to access TWRP.
Any help?
SOLVED. Downgraded to 10A
Deltadroid said:
The new versions of LG Tool won't let you downgrade because the program checks for the latest firmware version to install. There is another version of LG Tool that does allow for downgrading firmware here:
http://forum.xda-developers.com/showthread.php?t=2797190
Now you just need to get the kdz file to install here:
https://www.androidfilehost.com/?w=files&flid=13296
Click to expand...
Click to collapse
I tried using that tool to downgrade to the 4.2.2 firmware, but the tool keeps saying that the pad became disconnected, ad the retry button does not work. I have tried both in USB Debugging mode and download mode. Is there any other way to get the V50010A_00.kdz firmware onto my GPad?
You must have your device in download mode in order to use the LG Tool. It doesn't matter what settings you have in the rom. Perhaps trying a different Windows computer could help.
Deltadroid said:
You must have your device in download mode in order to use the LG Tool. It doesn't matter what settings you have in the rom. Perhaps trying a different Windows computer could help.
Click to expand...
Click to collapse
I did end up trying with a different computer, and finally had success. Then I re-applied root with towelroot, and I'm good to go. Thanks!
I followed the instructions and have successfully installed the CM recovery. When I booted into the recovery, I decided to make a backup. The backup went fine, then I selected "restore" to see what was available, and there was one backup, just like I expected. However, the backup file was dated 1970-11-21.09.49.26. The clock on my tablet should have been set correctly, so why is it dated like that?
It seems like a patch is needed for CWM to set the proper time. I wonder if Philz gets the correct time. I know TWRP 8.0.0 has the correct time with a recent patch.
I'm sure someone with access could cherry pick that patch for us.
Now that I have done a backup, I am good to go to install a custom ROM now, correct? If I don't like the ROM I can just restore my backup to go back to stock 4.2.2?
Related
I would like create a backup (of my entire system including boot image, data and system partitions. Is there any way I can do this without the CWM. The main reason is that I could return the phone to the original state in case if I have to return for service.
For my knowledge (and i have no knoledge! ) samsung accept rooted device on service (otherwise if the phone has broken screen it is not accepted)...but, if i were you, i would install cwm and make a nandroid backup of the whole system. If you want to have all of google system images(to restore original stock) you could set your sdk environment http://developer.android.com/sdk/index.html and download google images (bootloader, rom, radio) and put in a safe place (the SDK supply adb/fasboot which are tools that you would use to restore the google's files). that's the thread with these contents: http://forum.xda-developers.com/showthread.php?t=1366806 That's the standard (so yours) original stock files from google actually on your phone!
and also i advise you to follow these steps to save your /EFS partition (you never know) before flashing custom things, BUT IT REQUIRES ROOT: http://forum.xda-developers.com/showthread.php?t=1352371
BUT, if you don't want to install cwm, you could also see here: http://forum.xda-developers.com/showthread.php?t=1392310
Thank you. If I am right, msskip's tools will install the CWM onto my phone as well. I have just come across a guide for back-up without CWM <http://forum.xda-developers.com/showthread.php?t=1420351>. I am just not quite sure if it is the same full back-up as I get for the Nandriod or CWM. Does anyone have any experience with this?
The post you linked doens' backup /boot partition and recovery. So you can backup only /system and /data; you can obtain these EXACTLY files just downloading the google system (4.0.1 - 4.0.2 - 4.0.3) files (*.img estension) and you have the same result, plus you can get bootloader.img and recovery (evrything stock, meaning samsung galaxy nexus stock files)...these are in the post i linked and are the stock google images and these are the files that our phones has inside (also including system.img).
that' the explanation why i think that is basically useless to make a backup of /system and /data for warranty purpose, because google (or first phone users in november when the phone came out on the market) provied all .img that you need to revert (using fastboot) anytime your phone to a stock 'new'phone (which is your now, so in warranty!). Make, instead, a backup for the files and apps (apk) (usually /data) that you need if you want to try custom roms and then if you are not satisfied get back to stock...
To answer to your question, no is not the same kind of backup, you will lack /boot and recovery.
adding that you can use adb to generate .img by
Code:
cat /proc/mtd
and you will have a fs table with adresses (i have no phone now so cannot provide), then using dd (assuming boot is on mtd2):
Code:
dd if=/dev/mtd/mtd2 of=/sdcard/boot-stock.img bs=2048
and also use this for recovery partition...never tried for system and data partition (but could work, i'm not sure so not do that in this way, wait more knowing-knoledge people and also never tried on ics but, just ginger remembering...dont' know if it's the same in this new system)
but this process make use of
Code:
adb shell
su
the second one requires root....
as of now, i dont' now any method not involving root to make these things but as i stated at first post, i don't know anything
Thank you. I am wondering if the image file you have provided is for yakjuux. I have come across many posts that if I get the wrong baseband, the phone will not work correctly.
post, please, your baseband version which you can find on settings->phone info->basedand version in your phone; mine is 19250xxkl1 that i have recently updated from xxkk1 (the stock one)
My Build # is ITL41F I9250 UGKL1 and the kernel is 3.0.1-ga052f63 [email protected] #1.
Do you think you have a image of this? Thanks.
As far is i know, you have a GSM version of Galaxy Nexus. So it's safe to grab google image of /system, /boot and for the radio grab UGKL1 radio/baseband version. To better answear it's better to know also you bootloader version (which probably is primekk15): you can view this by going on bootloader on you phone doing this:
1 setup android sdk environment (include fastboot) for your pc system (windows-linux-osx)
2 enter in the settings menu of the phone and tic the 'debug usb'
3 attach the phone to the pc and let it recognize your phone (windows-osx), for linux install udev that already are in your distrib/repo
4 (assuming you are on windows) on pc... start/run/ cmd: the the terminal open up and go in your android-sdk directory, enter and then go to platform-tools; there is adb command, run: adb reboot bootloader
this will restart your phone in the bootloader menu. There, you have all of information you need...just write here your bootloader version (to have a confirmation) to understand which versione you need to download and put in a safe place in case of warranty-need...
Then wait someone better than me that knows how to make backup of all partitions without root (without exploit i think it's difficult to grant su access on the standard ics system); if there is no such possibility, just root, install cwm and do a nandroid backup and then trasnferr on a safe place on your place and you are good to go to try modding.....
now i need sleep as here is 8 in the morning and finishing compilemy l701x kernel which weight 3,4 mb lzo compressed, fine tuning.....good nite,ehm,good mornig..mmm... good is enough
Thank you. It takes some time to download the packages.
The Bootloader shows the following
Product Name: Tuna
Variant: Maguro
HW Version: 9
Bootloader Verson: Primekk14
Baseband Version: I9250UGKL1
Carrier Info: None
Signing: Production
What would be the appropriate to donload. Do you have their respective link? Thank you for your ongoing support.
Would anyone with experience please provide me with inputs if:
1. there is any way to back-up without root
OR
2. the phone has to be rooted, is there any way to have a program residing in my computer iso the phone (CWM in this case).
OR
3. there is any way to remove CWM and other rooted apps before I use GNex Toolkit to relock the phone.
Thanks.
Here you go:
http://forum.xda-developers.com/showthread.php?t=1420351
Would anyone with experience please help?
I am struggling with the same issue. Restoring the nandroid, removing su and superuser.apk and then relocking the bootloader actually brings the phone to quite factory looking mode (except for timestamps in system)
I wonder if it is possible to pull dump of system the same way it is done for boot and recovery.
Guys - it is pretty trivial to restore all partitions you would be modifying to factory conditions because Google provides the factory images for which you can use fastboot to restore. You don't even need to be unlocked much less rooted or have CWM installed because the Google images are official and have the correct signatures.
As for making image copies of your phones partitions this cannot be done w/o root access because these partitions are only available to root. If you are rooted you can use a utility such as dd on the phone to copy the partitions.
Sent from my Galaxy Nexus using XDA App
silow said:
Guys - it is pretty trivial to restore all partitions you would be modifying to factory conditions because Google provides the factory images for which you can use fastboot to restore. You don't even need to be unlocked much less rooted or have CWM installed because the Google images are official and have the correct signatures.
As for making image copies of your phones partitions this cannot be done w/o root access because these partitions are only available to root. If you are rooted you can use a utility such as dd on the phone to copy the partitions.
Sent from my Galaxy Nexus using XDA App
Click to expand...
Click to collapse
Google provides yakju images only. Phones here in Canada come with yakjuux which is even 4.0.1. It will be pretty obvious you have thinkered with your phone if you return it with yakju image instead the original one.
As for root - I think it might not be necesary - I was able to do nandroid backup without flashing neither recovery or root to my system by simply unlocking the boot loader and booting CWM off fastboot. I am thinking can we dd while in CWM (flash of phone still intact - except of bootloader which is not an issue since it can be relocked)
Anyone have the dd syntax handy and the partition that needs to be dumped?
system partition seems to be /dev/block/platform/omap/omap_hsmmc.0/by-name/system (this is the df output after I mounted it in CWM)
Would the dd command be something like
Code:
dd if=/dev/block/platform/omap/omap_hsmmc.0/by-name/system of=/sdcard/yakjuux.img
CWM provides you "root" because it has the su binaries in the ramdisk.
You can run the following when booted into CWM since CWM will mount /data:
Code:
dd if=/dev/block/mmcblk0p10 of=/data/media/system.img
leobg said:
[snip]
Anyone have the dd syntax handy and the partition that needs to be dumped?
system partition seems to be /dev/block/platform/omap/omap_hsmmc.0/by-name/system (this is the df output after I mounted it in CWM)
Would the dd command be something like
Code:
dd if=/dev/block/platform/omap/omap_hsmmc.0/by-name/system of=/sdcard/yakjuux.img
Click to expand...
Click to collapse
I think that may work. The output file may be padded with extra zeros, so you may need to trim them before flashing (this is certainly the case when you dump the radio).
EDIT: I would probably use this instead (although I am not sure it will make a difference:
Code:
dd if=/dev/block/platform/omap/omap_hsmmc.0/by-name/system of=/data/media/yakjuux.img
efrant said:
I think that may work. The output file may be padded with extra zeros, so you may need to trim them before flashing (this is certainly the case when you dump the radio).
EDIT: I would probably use this instead (although I am not sure it will make a difference:
Code:
dd if=/dev/block/platform/omap/omap_hsmmc.0/by-name/system of=/data/media/yakjuux.img
Click to expand...
Click to collapse
Yes, that was what I actually ended up doing since /sdcard was a sym link to /data/media. Resulting file is 654MB uncompressed. I wonder how can I easily check if content is right on a win machine.
---------- Post added at 09:44 PM ---------- Previous post was at 09:37 PM ----------
silow said:
CWM provides you "root" because it has the su binaries in the ramdisk.
You can run the following when booted into CWM since CWM will mount /data:
Code:
dd if=/dev/block/mmcblk0p10 of=/data/media/system.img
Click to expand...
Click to collapse
Yes, I meant it's not necessary to make any changes on the filesystem to achieve it once bootloader lock is off. And by simply relocking the device after, there are zero traces of any 'hackery' being done on the phone.
leobg said:
Yes, that was what I actually ended up doing since /sdcard was a sym link to /data/media. Resulting file is 654MB uncompressed. I wonder how can I easily check if content is right on a win machine.
Click to expand...
Click to collapse
There is obviously some extra padding in there, as the file size should be closer to half that size uncompressed.
---------- Post added at 09:08 AM ---------- Previous post was at 08:51 AM ----------
leobg said:
[snip]
And by simply relocking the device after, there are zero traces of any 'hackery' being done on the phone.
Click to expand...
Click to collapse
Not sure why so many people are worried about "traces of hackery". I can't speak from personal experience, but many Nexus One owners (if not all of who have attempted), had NO issues returning devices to HTC that were unlocked... Remember, the N1 did not have a relockable bootloader, so they obviously knew you were messing around.
You don't have to FLASH CWM to USE CWM.
Just BOOT CWM. Simple.
I understand it is currently not possible to unlock a Razr M with 98.18.94 or 98.30.1 OTA. Never the less, I had been trying to restore a previous VooDoo root that I deleted before the last OTA. Through the experimenting, I screwed up the flash on my phone, and recovering it, I found something that might be interesting.
As others pointed out, downgrading does not work. Flashboot gives various errors. When I screwed up my file system, I was able to flash from 98.18.94 (which I had) to 98.30.1 (which was the only download I could find) using RSD Lite. I was lucky it worked. And since I have been able to experiment and keep flashing 98.30.1 over and over.
I would like to report that in my experiments, I noticed an interesting fact about the recovery.img:
I am able to flash stock 98.18.78 recovery to my phone running 98.30.1.
I have verified the recovery.img contents are not the same, according to a WinMerge file compare, they are ~10% the same
When I try to flash twrp or cwm recovery, the only fastboot error is to the effect "wrong partition size".
The size of .78 and 98.30.1 recovery are the same, 10,485,760 bytes
On the other hand, if I try to flash the .78 system.img fastboot, or use RSD lite to flash .78, I see different security related errors on the phone's fastboot screen- none of which mention partition size. Of course, this is related to the Locked Bootloader I have.
What I wonder is, since the error for the recovery.img is not a security related one, but one of size, and the fact that it took recovery from .78- I wonder if a cwm or twrp made to be the same size as stock Moto recovery, would it be able to sneak in?
Right now my Razr M has gone from 98.18.94 to 98.30.1 with a 98.18.78 recovery. And I'm working ok.
I am not a professional Android Dev. But I am going to do the research and try to modify a cwm type recovery to match the size of a Moto recovery, and see what happens.
I invite anyone with real experience to contribute.
Bryan
bryanwieg said:
What did you say?
Click to expand...
Click to collapse
Well I hope you have something here!
We need someone like jbaumert or Phil3759 to chime in here.
aviwdoowks said:
Well I hope you have something here!
We need someone like jbaumert or Phil3759 to chime in here.
Click to expand...
Click to collapse
I have already found that if I take the OTA recovery and unpackbootimg and then mkbootimg without changing anything.. it recompiles down to aprox 5mb, which is different than the size it started from Moto.
So I am looking at if the size is set in how the img is compiled.
30.1 and .94 are the same updates, just different system versions. As for the other stuff, I'm not even sure what to say. I'm with Avi on this, I definitely would like to see what a dev has to say.
New Philz coming BTW.
http://forum.xda-developers.com/showpost.php?p=48881182&postcount=2003
Others could ask for the padded up Philz or at least Quote my post.
http://forum.xda-developers.com/showpost.php?p=48886733&postcount=2004
aviwdoowks said:
New Philz coming BTW.
http://forum.xda-developers.com/showpost.php?p=48881182&postcount=2003
Others could ask for the padded up Philz or at least Quote my post.
http://forum.xda-developers.com/showpost.php?p=48886733&postcount=2004
Click to expand...
Click to collapse
I found out via a hex editor, both files have empty data insert after the same point, with certificate data at the end, and it winds up making each file the same size. The data before the 'empty data' in each file is mostly different bits.
My current problem is that when I decompile an img, and recompile it, it's bigger, meaning that I cannot insert the 'empty data' at the same point they did.
bryanwieg said:
I found out via a hex editor, both files have empty data insert after the same point, with certificate data at the end, and it winds up making each file the same size. The data before the 'empty data' in each file is mostly different bits.
My current problem is that when I decompile an img, and recompile it, it's bigger, meaning that I cannot insert the 'empty data' at the same point they did.
Click to expand...
Click to collapse
They are both signed with the 128, or more, bit code. Which is what makes this a such a Loooooong shot.
aviwdoowks said:
They are both signed with the 128, or more, bit code. Which is what makes this a such a Loooooong shot.
Click to expand...
Click to collapse
Well, you'r right on the money. I appended data to a CWM recovery the same as Moto did to thiers, including the certificate at the end.
I didn't get a partition size error this time, but I did get a 'Failed to hab check for recovery'.
Granted, I didn't manage to place the 'empty data' at the same point in the file as the stock roms did. Other than that, it must be the certificate.
bryanwieg said:
What I wonder is, since the error for the recovery.img is not a security related one, but one of size, and the fact that it took recovery from .78- I wonder if a cwm or twrp made to be the same size as stock Moto recovery, would it be able to sneak in?
Click to expand...
Click to collapse
No, because it first checks the size (or whether it's a valid image at all) and if the size is correct, it checks the signature.
I found that I can put recovery all the way back to 98.15.66. I haven't tried further back due to kernel version.
I tried to then apply an update ZIP to something pre 98.30.1, and it passed validation (woohoo), but if failed an assert that checked the version in the props. (cry)
I wish there was something in the older recoveies we could exploit.
Really glad to see someone is still trying to find some sort of exploit for this device in it's updated state, it seemed like everyone had completely given up on it. My girlfriend recently grabbed a used Razr M to use for a while but it's fully updated, and I would love to be able to root it for her. I'll be following this thread to see if anything comes of this recovery downgrading
I'm pretty sure you can edit the props from what I can remember.
Sent from my XT907 using xda app-developers app
bryanwieg said:
I found that I can put recovery all the way back to 98.15.66. I haven't tried further back due to kernel version.
I tried to then apply an update ZIP to something pre 98.30.1, and it passed validation (woohoo), but if failed an assert that checked the version in the props. (cry)
I wish there was something in the older recoveies we could exploit.
Click to expand...
Click to collapse
You can use root eplorer free to extract the single img from the 404 or 411 xml.zips
---------- Post added at 10:44 AM ---------- Previous post was at 10:39 AM ----------
Here http://sbf.droid-developers.org/phone.php?device=8
---------- Post added at 10:48 AM ---------- Previous post was at 10:44 AM ----------
The razr hd (2), atrix hd, photon Q all use a recovery w/ same key. Git to work man!
Re:
So, it is RSD that is keeping it from flashing, would the bootloader(locked) boot a recovery partition that isn't signed? Has anybody tried to dd the recovery partition? I will grab a TWRP dd recovery image if you guys have an interest in trying that.
It would still require root and either a terminal emulator or adb shell.
815turbo said:
So, it is RSD that is keeping it from flashing, would the bootloader(locked) boot a recovery partition that isn't signed? Has anybody tried to dd the recovery partition? I will grab a TWRP dd recovery image if you guys have an interest in trying that.
It would still require root and either a terminal emulator or adb shell.
Click to expand...
Click to collapse
Am I alone here now?
Does anyone with a locked boot loader want to try this? I could create a windows shell script to make it easier if that's the worry.
I am willing to try it out. Win 7 64bit... pass me needed staf to flash it
Sent from my XT907 using xda app-developers app
please do
815turbo said:
Am I alone here now?
Does anyone with a locked boot loader want to try this? I could create a windows shell script to make it easier if that's the worry.
Click to expand...
Click to collapse
sure do, i'm on win8, but also had win xp, how can i do it? what to download, what to execute? i can adb shell i think. i've survived from bricked before the screen said "flash failure".
benya274 said:
sure do, i'm on win8, but also had win xp, how can i do it? what to download, what to execute? i can adb shell i think. i've survived from bricked before the screen said "flash failure".
Click to expand...
Click to collapse
I'll post it in just a few minutes. I will also post the required commands and we'll be backing up current recovery. If it fails, it should be no problem to restore your backed up recovery.
Download TWRP image on your phone from: titanroms.com/upload/rec.img
Please get to an adb prompt and run these commands:
su
cd /sdcard
dd if=/dev/block/platform/msm_sdcc.1/by-name/recovery of=/sdcard/recbak1.img
dd if=/dev/block/platform/msm_sdcc.1/by-name/recovery of=/sdcard/recbak2.img
Please ensure that both copies are 10MB. The dd command should end by saying "10485760 Bytes Copied" on all of the "dd" commands.
Now, you should have two backups of the recovery partition and the TWRP Image you downloaded from here all on your sdcard.
You can follow with these commands AFTER your backup has completed.
cp /sdcard/Download/rec.img /sdcard/rec.img
dd if=/sdcard/rec.img of=/dev/block/platform/msm_sdcc.1/by-name/recovery
dd if=/dev/block/platform/msm_sdcc.1/by-name/recovery of=twrprecbak.img
mount -o remount,rw /system
mv /system/etc/install-recovery.sh /system/etc/install-recovery.bak
mv /system/recovery-from-boot.p /system/recovery-from-boot.bak
reboot recovery
In the event of a failed attempt at this you can run the following from adb:
su
cd /sdcard/
dd if=/sdcard/recbak1.img of=/dev/block/platform/msm_sdcc.1/by-name/recovery
Give me a holler if you don't understand this well. Good luck, guys.
I am gonna try it out tomorrow,i dont have time to do it tonight cause i need to go to work. My pc on work does not have internet connection I will keep u guys posted on any progress.
Sent from my XT907 using xda app-developers app
Just wanted to say I flashed the old ICS recovery to mine using fastboot commands but it didn't get me very far though.if I then try and flash the corresponding blur zip from recovery it just says invalid signature. Was trying to find a way to downgrade so I could get rooted..
Sent from my XT907 using Tapatalk
Hi,
I just want to unlock bootloader on my g pad and flash custom rom. I did this many times on Nexus devices, also sony.
I installed sdk, next Google drivers and my tablet is detected by computer as adb interface.
But when I type command - adb reboot bootlader
Tablet just reboots. I'm not able to get into fastboot. Plz help. It's v500 version. My software version is v50020d.
Earlier I didn't know that LG locks bootloader and I tried many times to flash custom recovery. One time I had made a mistake and using flashify - I flashed twrp for v510. But LG support tool helped me to repair it. Probably it flashed stock with full wipe becsuse I lost data so everything should be fine now but as You can see - it isn't...
HTC One M8
Also command adb reboot oem-unlock only reboots it
HTC One M8
The v500 has a locked bootloader. You need to root first and then install a older aboot and recovery in order to flash roms. This device like the g2 uses loki to bypass the lg lock.
Ok. I've already rooted my device but every time I try to flash twrp using "loki" method I end with screen like this...
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
HTC One M8
WKD622 said:
Ok. I've already rooted my device but every time I try to flash twrp using "loki" method I end with screen like this...
HTC One M8
Click to expand...
Click to collapse
Okay, so that message providing you wait a bit and see twrp start, means that you have successfully bypassed the locked bootloader...
If it freezes there and nothing happens that would be something different... The second sentence reads differently if Loki has bypassed things. The screen above seems to indicate that Loki is not successfully bypassing (hence my edits to this post) it should say something different in the second line if Loki is successful. My tablet is at home right now so I can't take a picture of a working Loki bypass...
A successful bypass should say something like: Device unlock so boot success!
After this screen twrp turns on.
Edit
Okey... Maybe I've done something wrong. Could you tell me how to flash this recovery in points?
I'm not very familiar with LG...
HTC One M8
WKD622 said:
Twrp turns on.
HTC One M8
Click to expand...
Click to collapse
Excellent, then you have successfully installed twrp and you can get into twrp recovery. Next do a backup to an sdcard (if you have one), download a rom to that card and install it...
---
Does TWRP start can you get into it?
muiriddin said:
Excellent, then you have successfully installed twrp and you can get into twrp recovery. Next do a backup to an sdcard (if you have one), download a rom to that card and install it...
Click to expand...
Click to collapse
I had also done this and flash cm but nothing changed.
Maybe this screen was a result of flashing twrp using flashify.
Yesterday I flashed stock so now I want to begin this process one more time . Could You tell me how to do it?
HTC One M8
----
Yes. But now it come to my mind that this problem with booting was a result of twrp for v510 flashed using flashify and next Loki method. Because maybe at the end twrp was for v500 and it worked but I wasn't able to flash anything because it "thought" that I'm using v510. But next i delete line in updater-script connected with authorization and as a result I flashed cm for my v500 but this boot screen didn't changed.
So as you know next thing I've done was flashing stock and now I want to start from beginnig without problems .
Could you tell me how? :/
HTC One M8
WKD622 said:
Yesterday I flashed stock so now I want to begin this process one more time . Could You tell me how to do it?
HTC One M8
Click to expand...
Click to collapse
Okay, my process from a fresh install of 4.4.2 is:
make sure to download everything you need before you start this process and read through it carefully...
1. Root device using stumproot, thread located here:
http://forum.xda-developers.com/lg-g3/orig-development/root-stump-root-lg-g3-sprint-verizon-t2850906
Other root approaches potentially will work as well, I use stump since it also works on my phone...
2. Download and use step 3 from idioterror's thread here:
http://forum.xda-developers.com/showthread.php?t=2698267
You will need to modify his batch file to properly work the details for that are in the thread, the download by itself will not work without changing a line in the batch file (if I recall from memory find the query for 50010b and change it to 50010d.)
If that worked the batch file ends with an attempt to reboot into recovery. Unplug the cable after the batch file sends the reboot command so the adb reboot recovery command can properly complete and get you into recovery...
if the tablet boots back into stock try another adb reboot recovery manually(or use flashify to reboot into recovery), again unplug once the reboot starts.
If that does not get you into TWRP but instead gets you into stock recovery you need to do the steps in idioterror's batch file manually go here for details:
http://forum.xda-developers.com/showpost.php?p=56707177&postcount=15
(be really careful with the dd comands if you do this a mistype with them will be very dangerous)).
Once you have this working recovery you need to decide which base you are going to use with your tablet, the 4.2.2. base (for AOSP based roms) or the 4.4.2 base (for recent stock based roms). The recoveries for the 4.2.2. and 4.4.2 are different see the details in this thread:
http://forum.xda-developers.com/showthread.php?t=2551499
You can run AOSP based roms on the 4.4.2 firmware but you will typically need to flash a 4.4.2 replacement kernel like redkernel or mani... See the proper threads in the development section...
If you are going to run AOSP based roms with the standard kernel skip to 3b...
3a. I am running a 4.4.2 firmware base and a redkernel on lollipop myself, make sure to install the latest 2.8.0 recovery for the 4.4.2 firmware base... You can now flash stock based roms, or AOSP roms with a 4.4.2 capable kernel do not do step 3b for stock based roms...
3b. Install the 4.2.2. base (will actually install a different recovery partition and aboot partition, however it will get your firmware back to 4.2.2. which is what almost all of the AOSP roms expect...) thread and download details here:
http://forum.xda-developers.com/showthread.php?t=2719411
That download is huge and takes a while to flash, don't panic, but make sure that the MD5's match since a failed flash for that one can brick the tablet...
4. Enjoy your rooted and rommable tablet!
muiriddin said:
You will need to modify his batch file to properly work the details for that are in the thread, the download by itself will not work without changing a line in the batch file (if I recall from memory find the query for 50010b and change it to 50010d.)
If that worked the batch file ends with an attempt to reboot into recovery. Unplug the cable after the batch file sends the reboot command so the adb reboot recovery command can properly complete and get you into recovery...
if the tablet boots back into stock try another adb reboot recovery manually(or use flashify to reboot into recovery), again unplug once the reboot starts.
If that does not get you into TWRP this step failed and youwill have to manually walk through what the batch file does... Stop and ask me or someone else for further assistance (or open up idioterror's batch file and figure out what it does so you can do it manually (be really careful with the dd comands if you do this a mistype with them will be very dangerous)).
Click to expand...
Click to collapse
You need to know that yesterday back to stock was my second one. 1st time few days ago I edited script as You wrote here form v50020b to d and it didn't boot to recovery. The same result was when it comes to booting to recovery using app like flashify.
So unfortunately I need to do it with the hardest way . I will try. It will be very nice experience.
I belong to crx team as a (very) novice member so I hope Cr3pt will help me looking at instruction You wrote for me if something goes wrong.
Thanks a lot. Probably everything will be okey but there is an option that I will be back here with more questions. :E
Thanks a lot.
HTC One M8
Does it boot into the stock recovery instead with two really strange errors?
WKD622 said:
You need to know that yesterday back to stock was my second one. 1st time few days ago I edited script as You wrote here form v50020b to d and it didn't boot to recovery. The same result was when it comes to booting to recovery using app like flashify.
So unfortunately I need to do it with the hardest way . I will try. It will be very nice experience.
I belong to crx team as a (very) novice member so I hope Cr3pt will help me looking at instruction You wrote for me if something goes wrong.
Thanks a lot. Probably everything will be okey but there is an option that I will come with more questions.
Thanks a lot.
HTC One M8
Click to expand...
Click to collapse
HTC One M8
WKD622 said:
HTC One M8
Click to expand...
Click to collapse
Yeah, idioterror's script is failing, when I had that happen I had to manually do what was in the batch file via an adb shell. I can't write those instructions until later tonight (assuming my little girl sleeps tonight that is)...
Something has changed which causes his script to fail that I haven't tracked down yet (there is a thread on this somewhere in the LG GPAD forums)... It is either the newest LG drivers, or a newer adb.exe install or something that is conflicting with idioterror's script... his approach still works, you just have to manually do it...
One additional thing, when I manually did it, I had already installed busybox so I did not use his tools (dd etc) I used the ones that I had already installed (I use the BusyBox Pro from Stericson in the play store for this, his free version should also work).
Step by Step Aboot/Recovery when the script fails
WARNING: I'm trying to help, I assume that you know how to recover from mistakes by reverting to stock with LG's software if needed. This is the procedure I followed by manually doing what Id10tError had in his batch file... If anything fails below I messed up in translating the instructions. I did not run the dd commands on my tablet to check since I have already done this process. Please be careful... If you find errors I will try and help... the dd command does have the ability to completely destroy your tablet if you use it incorrectly... if you have questions or see a difference between my instructions and the batch file ask and I'll be glad to answer questions. This was translated from idioterror's script, any errors are mine not his.
I assume that you have installed busybox, (this gives you a working dd on the device)
you have rooted your tablet
and you have adb working on your computer.
You could potentially also do this from the tablet itself if you copy the files needed to the proper locations (skip the push part below) and use a terminal directly. I also assume that you have downloaded idioterror's aboot replacement stuff from my earlier instructions. On the computer go to the directory that you opened the zip file and do a directory listing you should see:
the dd lines below may wrap depending upon how you are displaying this...
The directory should contain:
11/12/2014 09:59 PM <DIR> .
11/12/2014 09:59 PM <DIR> ..
05/16/2014 08:48 PM 524,288 aboot.img
05/16/2014 08:48 PM 815,104 adb.exe
05/16/2014 08:48 PM 96,256 AdbWinApi.dll
05/16/2014 08:48 PM 60,928 AdbWinUsbApi.dll
05/16/2014 08:48 PM <DIR> busybox
05/16/2014 08:48 PM 11,001,856 recovery.lok
07/07/2014 04:41 PM 4,156 runme.bat
then type
adb shell
su
mkdir /sdcard/flash_tmp/
exit
exit
adb push ./aboot.img /sdcard/flash_tmp/aboot.img
adb push ./recovery.lok /sdcard/flash_tmp/recovery.lok
adb shell
su
chmod -R 777 /sdcard/flash_tmp
dd if=/sdcard/flash_tmp/aboot.img of=/dev/block/platform/msm_sdcc.1/by-name/aboot
dd if=/sdcard/flash_tmp/recovery.lok of=/dev/block/platform/msm_sdcc.1/by-name/recovery
rm -rf /sdcard/flash_tmp/
exit
exit
adb reboot recovery
unplug the cable once it starts rebooting and enter TWRP recovery...
It will be dim if you are coming from the 4.4.2 base, go to a dark room if needed so you can see it and flash a newer 4.4.2 recovery next if you are planning on using stock roms, or flash the 4.2.2. base otherwise... see my earlier post for a link to the recovery thread or the 4.2.2 base.
Thanks!
Everything works perfect
HTC One M8
Step 3 of idioterror's thread doesn't work.
You said:
2. Download and use step 3 from idioterror's thread here:
http://forum.xda-developers.com/showthread.php?t=2698267
However, I am unable to download the file from the link.
Do you know of another location where the file can be downloaded?
Thanks in advance!
Morty.
Good morning,
Please forgive me for my stupidity.
I am usually pretty good at doing phones tablets etc, namely samsung which we all own in this household.
I very rarely ever ask for guidance and sit back and learn myslef, but these LG's are working me hard.
I have brought 2 x lg gpad's for my sons for xmas and want to get them rooted and twrp installed.
I have a GB V50020d and a US V50020b Both on 4.4.2
I have read for two days how-to's and watched numerous videos, i have drivers installed and managed with both tablets, rooted them with Kingoroot.
Due to the amount of time that has past since they came out orignally and i buying them, there are so many threads, files etc i.e trwp 2.6, whereas it is now 2.8, will the how-to's still work the same?
The runmebat file i see mentioned numerous times but yet i am not educated to understand how i can open this and where it is located.
The information as regard this tablet is simply over powering and leaving me in a pickle.
I know the usual read read read method and believe me i have gone over and over to no avail.
Please any advice to get me to put custom recovery on both so i can test rom's the wonderful creators on here produce.
Your time is very much appreciated
Best wishes
I'm in the same boat mate. Installed custom recoveries and ROMs on 2 HTC phones before, but this one has me stumped. Bootloader can't be unlocked, don't understand loki hack, can't get it to work either.
Okay, my process from a fresh install of 4.4.2 is:
make sure to download everything you need before you start this process and read through it carefully... and realize you do this at your own risk, I will try to help, but this process can brick your device if done incorrectly...
1. Root device using stumproot, thread located here:
http://forum.xda-developers.com/lg-g...rizon-t2850906
Other root approaches potentially will work as well, I use stump since it also works on my phone...
2. Download and use step 3 from idioterror's thread here:
http://forum.xda-developers.com/show....php?t=2698267
You will need to modify his batch file to properly work the details for that are in the thread, the download by itself will not work without changing a line in the batch file (if I recall from memory find the query for 50010b and change it to 50010d.)
If that worked the batch file ends with an attempt to reboot into recovery. Unplug the cable after the batch file sends the reboot command so the adb reboot recovery command can properly complete and get you into recovery...
if the tablet boots back into stock try another adb reboot recovery manually(or use flashify to reboot into recovery), again unplug once the reboot starts.
If that does not get you into TWRP this step failed and youwill have to manually walk through what the batch file does... (manual instructions below, skip to them finish that and then come back here!).
Once you have this working recovery you need to decide which base you are going to use with your tablet, the 4.2.2. base (for AOSP based roms) or the 4.4.2 base (for recent stock based roms). The recoveries for the 4.2.2. and 4.4.2 are different see the details in this thread:
http://forum.xda-developers.com/show....php?t=2551499
If you are going to run AOSP based roms skip to 3b...
3a. I am running a 4.4.2 base and a modified stock myself, I make sure to install the latest 2.8.0 recovery for the 4.4.2 base... You can now flash stock based roms do not do step 3b for stock based roms...
3b. Install the 4.2.2. base (will actually install a different recovery partition and aboot partition, however it will get your firmware back to 4.2.2. which is what almost all of the AOSP roms expect...) thread and download details here:
http://forum.xda-developers.com/show....php?t=2719411
That download is huge and takes a while to flash, don't panic, but make sure that the MD5's match since a failed flash for that one can brick the tablet...
4. Enjoy your rooted and rommable tablet! (stop here if everything worked)
------ This is the manual process if the batch file from step 2 fails for some reason:
Step by Step Aboot/Recovery when the script fails
WARNING: I'm trying to help, I assume that you know how to recover from mistakes by reverting to stock with LG's software if needed. This is the procedure I followed by manually doing what Id10tError had in his batch file... If anything fails below I messed up in translating the instructions. I did not run the dd commands on my tablet to check since I have already done this process. Please be careful... If you find errors I will try and help... the dd command does have the ability to completely destroy your tablet if you use it incorrectly... if you have questions or see a difference between my instructions and the batch file ask and I'll be glad to answer questions. This was translated from idioterror's script, any errors are mine not his.
I assume that you have installed busybox, (this gives you a working dd on the device)
you have rooted your tablet
and you have adb working on your computer.
You could potentially also do this from the tablet itself if you copy the files needed to the proper locations (skip the push part below) and use a terminal directly. I also assume that you have downloaded idioterror's aboot replacement stuff from my earlier instructions. On the computer go to the directory that you opened the zip file and do a directory listing you should see:
the dd lines below may wrap depending upon how you are displaying this...
The directory should contain:
11/12/2014 09:59 PM <DIR> .
11/12/2014 09:59 PM <DIR> ..
05/16/2014 08:48 PM 524,288 aboot.img
05/16/2014 08:48 PM 815,104 adb.exe
05/16/2014 08:48 PM 96,256 AdbWinApi.dll
05/16/2014 08:48 PM 60,928 AdbWinUsbApi.dll
05/16/2014 08:48 PM <DIR> busybox
05/16/2014 08:48 PM 11,001,856 recovery.lok
07/07/2014 04:41 PM 4,156 runme.bat
then type
adb shell
su
mkdir /sdcard/flash_tmp/
exit
exit
adb push ./aboot.img /sdcard/flash_tmp/aboot.img
adb push ./recovery.lok /sdcard/flash_tmp/recovery.lok
adb shell
su
chmod -R 777 /sdcard/flash_tmp
dd if=/sdcard/flash_tmp/aboot.img of=/dev/block/platform/msm_sdcc.1/by-name/aboot
dd if=/sdcard/flash_tmp/recovery.lok of=/dev/block/platform/msm_sdcc.1/by-name/recovery
rm -rf /sdcard/flash_tmp/
exit
exit
adb reboot recovery
unplug the cable once it starts rebooting and enter TWRP recovery...
It will be dim if you are coming from the 4.4.2 base, go to a dark room if needed so you can see it and flash a newer 4.4.2 recovery next if you are planning on using stock roms, or flash the 4.2.2. base otherwise... see my earlier post for a link to the recovery thread or the 4.2.2 base.
All of this information was posted by me in the following thread (you may want to read it there for full context)
http://forum.xda-developers.com/lg-g-pad-83/help/v500-im-able-to-bootloader-t2936670/
Hi, has anyone been able to successfully root H815 with v20a kdz?
From 10b to 10d and even 10h, I've rooted all the images my self, by using the root injection method,
Where i extract the system.bin from the kdz (.dz), and run the injection script* on an ubuntu \ fedora.
*Mind you, I've used the same method (With the Updated SuperSU binaries&app [M Compatible]),
[.bin == .img]
After i have a rootedsystem.img I'd copy it onto the internal SD, and then boot in download mode, and used dd..
But ever since the M Upgrade through LGUP, none of the commands works, seems like Send_commands has become useless, likely LG blocked access to shell through downloadmode..
It always return 'FAIL', to any command.
But the os is fine, usb debugged was on, and pc was allowed, also OEM Unlock was ticked
Did anyone try the same method and also failed?
(if not, just test 'id' when using send_commands, the result would always be 'FAIL')
Even if this method would still work, you wouldn't be able to boot into the system. Since Android 6 the bootloader checks if the system partition is modified. Therefore you need to flash a custom Kernel, which is impossible with an locked bootloader.
That's the good part about that method,
It could be used as a 'backdoor' to write ANY part of the main block device,
it's just mostly used to write the system partition part and replace it with rooted system image:
'dd if=/data/media/0/rootedsystem.img bs=8192 seek=55296 count=529920 of=/dev/block/mmcblk0'
But you could calculate where the boot \ kernel partitions are and also use 'dd' to overwrite them as well..
If LG truly blocked this, we're basically screwed for now (Locked bootloader users)
Yes we could always revert back to LP, and then the method should work again.. (I'm really hoping it does...)
Shameless Self bump with edit:
Reverting back now, putting LGUP to the test:
- 1st time Failed OMG OMG Brick?!? - Win10 TH2 driver issues probably
- 2nd time works on Server 2008R2 VM through workstation, fhuu, doged that bullet...
Update:
Send_Command Functionality is working again!!! Whoooohooo
ROOT EXPOSED and all the goodie goodies
X0rzist said:
Even if this method would still work, you wouldn't be able to boot into the system. Since Android 6 the bootloader checks if the system partition is modified. Therefore you need to flash a custom Kernel, which is impossible with an locked bootloader.
Click to expand...
Click to collapse
Correct - root won't happen for MM anytime soon on bootloader locked devices, if ever.