I was wondering if it were possible to change the bootloader logos (not the boot animation, which displays during the Android startup process) for the HD 8.9" (jem). Would we be able to change both the white & orange and white & blue "Kindle Fire" logos, or would we only be able to modify the white & blue logo? I know the second logo must be modifiable somehow, as Hashcode did it when he wrote the 2nd bootloader image for the HD devices.
Using existing bug in bootloader only 2nd one is possible to change. Orange logo is shown by the stock amazon bootloader which is signed and those the device will refuse to boot it if you will modify it. To modify the second bootlogo you should recompile 2nd bootloader and rebuild boot.img
ipipipipip said:
Using existing bug in bootloader only 2nd one is possible to change. Orange logo is shown by the stock amazon bootloader which is signed and those the device will refuse to boot it if you will modify it. To modify the second bootlogo you should recompile 2nd bootloader and rebuild boot.img
Click to expand...
Click to collapse
1) So I would need to modify initlogo.rle and then recompile the u-boot file?
2) After that, would I need to flash that file to the bootloader partition on the Kindle?
3) Finally, would the new u-boot bootloader brick my kindle?
If you flash it in place of second bootloader you are safe (second bootloader is built-in into "boot" partition), if you alter actual "bootloader" partition -- you'll get a brick (it is signed, and its integrity is checked by xloader (also signed xD)) (and I'm not sure if it is possible to recover from this state without disassembling the device and connecting directly to emmc pins).
TL;DR; It's not possible to get rid of orange kf logo, but you can change the blue one.
ipipipipip said:
If you flash it in place of second bootloader you are safe (second bootloader is built-in into "boot" partition), if you alter actual "bootloader" partition -- you'll get a brick (it is signed, and its integrity is checked by xloader (also signed xD)) (and I'm not sure if it is possible to recover from this state without disassembling the device and connecting directly to emmc pins).
TL;DR; It's not possible to get rid of orange kf logo, but you can change the blue one.
Click to expand...
Click to collapse
Sorry for the (really) late reply, but I read the post, and I was planning on building CM for myself. Would I flash the u-boot file directly to the boot partition, or does it need to be wrapped into a ROM boot image somehow? Also, if if needs to be embedded into the boot image (and I'm assuming it does), where would it need to be placed?
There is a prebuilt binary of uboot (in the device specific files) https://github.com/KFire-Android/android_device_amazon_jem/tree/cm-12.0/prebuilt/boot that is attached to the boot.img while building the ROM
ipipipipip said:
There is a prebuilt binary of uboot (in the device specific files) https://github.com/KFire-Android/android_device_amazon_jem/tree/cm-12.0/prebuilt/boot that is attached to the boot.img while building the ROM
Click to expand...
Click to collapse
I figured that out, and I was able to change the 2nd bootloader image successfully.
However, whenever I directly reboot to recovery without pressing and holding the volume up button (i.e.: when choosing to reboot to recovery from within TWRP or Android), the blue and white "Kindle Fire" logo shows up instead of my custom image. I'm thinking that this is because the initlogo.rle is also baked into the custom bootloader partition (which I think uses u-boot as well). Would there be any way to decompile the bootloader (not the u-boot.binary in the device-specific files), replace initlogo.rle, and then recompile into a usable bootloader image?
the initlogo.rle is also baked into the custom RECOVERY partition
Click to expand...
Click to collapse
don't touch the partition called "bootloader" without correct signature you'll get a brick that is quite hard to recover.
recovery partition is built almost the same way as the boot one, and I suppose you may use the same uboot binary (the one with replaced initlogo.rle) for it, just place it with a specific offset into your TWRP (or whatever you use) recovery image.
https://github.com/KFire-Android/android_device_amazon_jem/blob/cm-12.0/boot.mk#L53
ipipipipip said:
don't touch the partition called "bootloader" without correct signature you'll get a brick that is quite hard to recover.
recovery partition is built almost the same way as the boot one, and I suppose you may use the same uboot binary (the one with replaced initlogo.rle) for it, just place it with a specific offset into your TWRP (or whatever you use) recovery image.
https://github.com/KFire-Android/android_device_amazon_jem/blob/cm-12.0/boot.mk#L53
Click to expand...
Click to collapse
I'll try that out. Thanks so much for the help!
Related
Greetings,
I'm trying to build a clockworkmod recovery for my smartphone Fujitsu Arrows X F-02E. I've got the stock recovery dumped from the phone (attachments) and the recovery.fstab. I used them to build recovery on this site builder.clockworkmod.com. Recovery compiled successfully. Then I flashed it to my phone. And when I try to boot into recovery nothing happens, the phone just boots normally into the system (the stock recovery, in its turn, booted normally). Can anyone help with making a CWM recovery?
UPDATE: I can't attach these files here so I've uploaded them to my Cubby: cubby.com/pl/Android/_1f03da99a7034dd6b5ed7cb27bcc0bb0
UPDATE2: There are source code files of firmware of F-02E here - http://spf.fmworld.net/oss/oss/f-02e/ But I'm not advanced in programming enough to use it.
Cat In Boots said:
Greetings,
I'm trying to build a clockworkmod recovery for my smartphone Fujitsu Arrows X F-02E. I've got the stock recovery dumped from the phone (attachments) and the recovery.fstab. I used them to build recovery on this site builder.clockworkmod.com. Recovery compiled successfully. Then I flashed it to my phone. And when I try to boot into recovery nothing happens, the phone just boots normally into the system (the stock recovery, in its turn, booted normally). Can anyone help with making a CWM recovery?
UPDATE: I can't attach these files here so I've uploaded them to my Cubby: cubby.com/pl/Android/_1f03da99a7034dd6b5ed7cb27bcc0bb0
Click to expand...
Click to collapse
did you use
# cat /proc/mtd
or http://forum.xda-developers.com/showthread.php?t=2334554
to get the recovery.img
hechis said:
did you use
# cat /proc/mtd
or http://forum.xda-developers.com/showthread.php?t=2334554
to get the recovery.img
Click to expand...
Click to collapse
I've used different ways. Using adb I've downloaded, for a backup, all files from phone in /dev/block/ section. I've got 45 files,from mmcblk0 to mmcblk45, and only two of them had 10240kb size, one of them was a recovery. Then I've made backup with recovery-tools and got one more .img file. Checking the md5 sums showed that mmcblk32 is equal to recovery.img. So here it is. As alternative way I could get this recovery by copying /dev/block/platform/sdhci-tegra.3/by-name/SOS . It's the same recovery and equal to mmcblck32. So there is no doubt that it's the correct file we need.
UPDATE2: There are source code files of firmware of F-02E here - http://spf.fmworld.net/oss/oss/f-02e/ But I'm not advanced in programming enough to use it.
Found this info - blogs.yahoo.co.jp/y_19980320/33484520.html (use google translate). It seems that bootloader is locked and it's divided into 2 parts. First one, BL1 (not re-writable) is checking the authenticity of the BL2 (re-writable, but without correct signature it has no sense) after that, BL2 checks the kernel and boot the phone. Can we do something with that? (hello Motorola Defy)
And in the second post - blogs.yahoo.co.jp/y_19980320/33513111.html there are some usefull info too, but I culdn't understand a bit of this, even with google translate. Does anyone knows what is said in that post?
I think I've got both of this files. BI1 and BI2 here - cubby.com/pl/Android/_1f03da99a7034dd6b5ed7cb27bcc0bb0 But I may be wrong. As mentioned in the article in the first link the first part of bootloader can not be re-written. But I've tried and both parts flashed successfully. So either I've found not the bootloader files either info in the article is wrong. How can I find out are these correct bootloader files or not?
It seems that I found wrong files. Correct files seems to be - mmcblk0boot0.img and mmcblk0boot1.img. Here - cubby.com/pl/Android/_1f03da99a7034dd6b5ed7cb27bcc0bb0
You can try this
From China:
http://bbs.xda.cn/thread-11674785-1-1.html
From xda
http://forum.xda-developers.com/showthread.php?t=2334554
Works with F03D
I have a Fujitsu F03 D , this recovery can works with it ?
Thanks , bye :fingers-crossed:
F02-E Data Recovery
Hello everybody, I don't know if I am on the right topic, but I think people here can answer because it's about the Fujitsu F02-E.
I have this phone since more than 4 years and I was plenty satisfied with this item but since yesterday, the phone don't want to work anymore...
At first, it was starting until the screen "ARROWS" and then restart again and again.
Today, the phone is trying to start by two times himself when I put the battery in it...(Orange led; green led; orange led, green led, and at last orange led twinkle two times..then, all is switch off)
When I try to charging, it try to restart like I was explaining and then all is switch off, even the orange led that tells you it is charging...
But when charging it try to restart every 5 minutes..
Now, the screen switch on very rarely and not even for one second.
The very important question is:
Do You know a trick or an application that can recovery all data, because there are A LOT of important things Inside. I have found a few data recover but they are not compatible with the F02-E.
I would be very, very grateful if You can help me, please.
ps: Sorry for my English, I'm French
Have a good day.
Thank You.
Hey,
I've been messing around with flashify app to see if it will install a custom TWRP or CWM as a recovery image but made sure i backed up my recovery using ES File Explorer (as root) /dev/block/platform/msm_sdcc.1/by-name/ recovery and by all intents and purposes it would work if there was a custom recovery out there that would support the Amazon Fire Phone.
When i install a random phones custom recovery and boot up into recovery it will show the amazon screen then with power and up button pressed it will go to a plain black screen.
I would the recover my original recovery file to area mentioned above after this not working and i would have my normal recovery again.
Just wondering if anyone can utilize this info as i know that the Kindle HDX managed to have a custom recovery installed on with with a locked bootloader.
I am currently looking at building a custom CWM recovery for device but if anyone else has better understanding of how to do this it might save a lot of time lol
TheDynamo said:
Hey,
I've been messing around with flashify app to see if it will install a custom TWRP or CWM as a recovery image but made sure i backed up my recovery using ES File Explorer (as root) /dev/block/platform/msm_sdcc.1/by-name/ recovery and by all intents and purposes it would work if there was a custom recovery out there that would support the Amazon Fire Phone.
When i install a random phones custom recovery and boot up into recovery it will show the amazon screen then with power and up button pressed it will go to a plain black screen.
I would the recover my original recovery file to area mentioned above after this not working and i would have my normal recovery again.
Just wondering if anyone can utilize this info as i know that the Kindle HDX managed to have a custom recovery installed on with with a locked bootloader.
I am currently looking at building a custom CWM recovery for device but if anyone else has better understanding of how to do this it might save a lot of time lol
Click to expand...
Click to collapse
I'm doing experiments, I flashed the TWRP version of the Galaxy Note 3 HLTE as they share processor but has not worked, I keep trying.
Best regards,
Just spent hours trying to make a custom CWM recovery image in Ubuntu 14.04 following the guide below but didn't have much luck. May try again at the weekend. If anyone else wants to have a go i have attached recovery and boot images
http://forum.xda-developers.com/android/development/guide-how-to-build-cwm-based-recovery-t2973804
On my KDFIRE Soho is the bootloader Locked and Stock recovery. But you can Flash Roms with the Stock Recovery. There is something with the signature. But only custom Roms based on FireOS Are Working. The FireOS Statusbar is my Personal Nightmare
Well I ported a custom CWM recovery but unfortunately it still does not work when installing with Flashify get the same black screen - Attached.
This made me laugh today
Amazon.co.uk
Your Account Amazon.co.uk
Message From Customer Service
Hello,
I understand that you are not happy, as bootloader is locker for Amazon Fire Phone and would like to have a Key to unlock Bootloader.
I realise that you have been greatly inconvenienced by this situation, it is never our intention to cause inconvenience to our valued customers like you. Please accept my apologies.
Unfortunately, at this time we do not have option to provide Key to unlock Bootloader.
Customer feedback like yours is very important in helping us continue to improve the Fire phone experience. I've forwarded your message to our Fire Phone Team for consideration as we make further improvements.
Thanks for taking the time to provide your feedback.
We look forward to seeing you again soon.
Warmest regards,
Sravanthi
Your feedback is helping us build Earth's Most Customer-Centric Company.
Amazon.co.uk
here's something you should consider.. make a single byte modification to the original bootloader and see if it boots.. if it does.. then we're clear.. if not we're ****ed.. if we're ****ed, then we need to deal with the procedure authenticating (and probably hashing) the recovery.. the bootloader.. or hashcode's hijack it is...
AbdouRetro said:
here's something you should consider.. make a single byte modification to the original bootloader and see if it boots.. if it does.. then we're clear.. if not we're ****ed.. if we're ****ed, then we need to deal with the procedure authenticating (and probably hashing) the recovery.. the bootloader.. or hashcode's hijack it is...
Click to expand...
Click to collapse
So did anyone tried this? It's very easy to do.
Pull your recovery image
Code:
adb shell
su
cat /dev/block/platform/msm_sdcc.1/by-name/recovery > /sdcard/recovery.img
exit
adb pull /sdcard/recovery.img .
then open it up in a hex editor (hdx - windows/ vi - linux) and change a useless byte (probably at the end of the file) or unpack/repack the image using unmkbbotimg/mkbootimg. Then push it back
Code:
adb push recovery.img /sdcard/recovery-new.img
adb shell
su
cat /sdcard/recovery-new.img /dev/block/platform/msm_sdcc.1/by-name/recovery
exit
Then try rebooting to your recovery
Code:
adb reboot recovery
If it works, We might be able to replace stock recovery with a custom built CWM recovery or something since we have the kernel source available. As it seems in update-script, recovery has access to everything weather bootloader is unlocked or not. If you can't modify recovery image yourself, post it here. I'll modify it for you.
madushan1000 said:
So did anyone tried this? It's very easy to do.
Pull your recovery image
Code:
adb shell
su
cat /dev/block/platform/msm_sdcc.1/by-name/recovery > /sdcard/recovery.img
exit
adb pull /sdcard/recovery.img .
then open it up in a hex editor (hdx - windows/ vi - linux) and change a useless byte (probably at the end of the file) or unpack/repack the image using unmkbbotimg/mkbootimg. Then push it back
Code:
adb push recovery.img /sdcard/recovery-new.img
adb shell
su
cat /sdcard/recovery-new.img /dev/block/platform/msm_sdcc.1/by-name/recovery
exit
Then try rebooting to your recovery
Code:
adb reboot recovery
If it works, We might be able to replace stock recovery with a custom built CWM recovery or something since we have the kernel source available. As it seems in update-script, recovery has access to everything weather bootloader is unlocked or not. If you can't modify recovery image yourself, post it here. I'll modify it for you.
Click to expand...
Click to collapse
so this works i just tested it, I used the method you posted about changed the last bit with the hex editor, changed the last octet from 00 to 01, used flashify to flash the recovery
Heres the link to the recovery I modded if you want to test/verify:
https://drive.google.com/file/d/0Bw62MrywuCbwNUZ3Sm05b3FBMGM/view?usp=sharing
thoughtlesskyle said:
so this works i just tested it, I used the method you posted about changed the last bit with the hex editor, changed the last octet from 00 to 01, used flashify to flash the recovery
Heres the link to the recovery I modded if you want to test/verify:
https://drive.google.com/open?id=0Bw62MrywuCbwNUZ3Sm05b3FBMGM
Click to expand...
Click to collapse
You changed a bit at the end of the image right? Then that doesn't make any difference. Sorry I was misleading the last time. I didn't know any better myself then. Recovery partition doesn't contain the recovery image in its entirety. There is extra space. What bootloader does is, it reads the image Heder from the first few bytes of the partition, header contains the length of the recovery image. Then the bootloader verify that length of the recovery partition against some encrypted hash. So to check if this really works (My bet is it doesn't) we have to change a bit inside the length of the recovery image. The easiest thing to do is, unpack and repack the recovery image. I'll give it a try later and post the results.
madushan1000 said:
You changed a bit at the end of the image right? Then that doesn't make any difference. Sorry I was misleading the last time. I didn't know any better myself then. Recovery partition doesn't contain the recovery image in its entirety. There is extra space. What bootloader does is, it reads the image Heder from the first few bytes of the partition, header contains the length of the recovery image. Then the bootloader verify that length of the recovery partition against some encrypted hash. So to check if this really works (My bet is it doesn't) we have to change a bit inside the length of the recovery image. The easiest thing to do is, unpack and repack the recovery image. I'll give it a try later and post the results.
Click to expand...
Click to collapse
Yeah i changed the one at the end, hopefully your testing does work, the way you explained it did make sense
Sent from my A0001 using Tapatalk
This is a no-go, I unpacked and repacked the stock recovery with bootimg-tools (so that it would have no signature information) and flashed it on to recovery partition. The device hangs on Amazon logo when I reboot to recovery. We need to find a way to unlock the bootloader
The hardware of Fire HD (3rd generation) and HD 8.9(Jem) is almost the same. The SoC is the same... So, i wonder if anyone tried?
I've downloaded an update image for hd 3rd and the kernel cmdline in it's boot.img says that the platform is still "bowser".
I'd like to try to flash it (some partitions) to my kindle and try to boot it.
Also, since boot images for this platforms should be signed to boot on omap4, the question is whether the signature for HD 3rd is valid for Jem?
ipipipipip said:
The hardware of Fire HD (3rd generation) and HD 8.9(Jem) is almost the same. The SoC is the same... So, i wonder if anyone tried?
I've downloaded an update image for hd 3rd and the kernel cmdline in it's boot.img says that the platform is still "bowser".
I'd like to try to flash it (some partitions) to my kindle and try to boot it.
Also, since boot images for this platforms should be signed to boot on omap4, the question is whether the signature for HD 3rd is valid for Jem?
Click to expand...
Click to collapse
I highly recommend that you DO NOT do that. Although they are pretty much the same tablet (except for the screen size), this WILL result in a hard brick. So unless you feel like throwing away your investment on a perfectly good tablet, DO NOT PROCEED WITH FLASHING ANY PARTITIONS FROM ANY OTHER DEVICE BUT THE KINDLE FIRE HD 8.9"!!! I can't stress this enough! I don't want to see yet another thread saying that you hard bricked your tablet by flashing partitions for another device.
Sent from my Kindle Fire HD 8.9" using Tapatalk
phiftyopz said:
I highly recommend that you DO NOT do that. Although they are pretty much the same tablet (except for the screen size), this WILL result in a hard brick. So unless you feel like throwing away your investment on a perfectly good tablet, DO NOT PROCEED WITH FLASHING ANY PARTITIONS FROM ANY OTHER DEVICE BUT THE KINDLE FIRE HD 8.9"!!! I can't stress this enough! I don't want to see yet another thread saying that you hard bricked your tablet by flashing partitions for another device.
Sent from my Kindle Fire HD 8.9" using Tapatalk
Click to expand...
Click to collapse
Don't worry, I know, what I am doing) Btw, it's not that easy to hard brick this tablet, as long as you keep stock bootloader and xloader untouched. I'm using hashcode's second bootloader to ignore bootimage signature check. The main problem now is that "soho" (yep it's Fire HD 7" 2013 codename) has significantly larger system partition, so I suppose it might be a reason why Jem don't get futher firmware updates, as it would require repartitioning of the internal storage, and user data loss as a result.
I tried to remove some apk's from soho system image and flashing it to Jem, but still no luck - it reboots into recovery. And it seems Jem's bootloader signature check is not longer valid for soho images: I tried to flash it's recovery and got a red screen and fastboot in a second, as a result.
I suppose the reason could be that soho uses new kernel 3.4 while I have stock 3.0... BTW, there is close to zero soho specific code in the kernel source, so I'll try to recompile this kernel for jem and create a valid boot image with it.
PS. Does anyone know a good way to trace or debug boot process on this devices, without teardown and soldering up to usart? Some config line to enable kernel output to lcd?
PPS. Is it possible to repartition internal storage (or change some partitions size), without a risk to brick device completely?
ipipipipip said:
Don't worry, I know, what I am doing) Btw, it's not that easy to hard brick this tablet, as long as you keep stock bootloader and xloader untouched. I'm using hashcode's second bootloader to ignore bootimage signature check. The main problem now is that "soho" (yep it's Fire HD 7" 2013 codename) has significantly larger system partition, so I suppose it might be a reason why Jem don't get futher firmware updates, as it would require repartitioning of the internal storage, and user data loss as a result.
I tried to remove some apk's from soho system image and flashing it to Jem, but still no luck - it reboots into recovery. And it seems Jem's bootloader signature check is not longer valid for soho images: I tried to flash it's recovery and got a red screen and fastboot in a second, as a result.
I suppose the reason could be that soho uses new kernel 3.4 while I have stock 3.0... BTW, there is close to zero soho specific code in the kernel source, so I'll try to recompile this kernel for jem and create a valid boot image with it.
PS. Does anyone know a good way to trace or debug boot process on this devices, without teardown and soldering up to usart? Some config line to enable kernel output to lcd?
PPS. Is it possible to repartition internal storage (or change some partitions size), without a risk to brick device completely?
Click to expand...
Click to collapse
If you were to flash TWRP, that allows you to resize the system partition, but there could be another way to resize it without touching the recovery partition.
Keep us updated on your progress with this project, as I (and I'm sure some other people) would like to know whether or not you could do this.
Sent from my iPhone 4 using Tapatalk
Note:
This is not bootanimation, this is to change the splash screen (the 'Robin' boot logo which is displayed when device is switched ON)
This is for Nextbit Robin Only..
(For other devices, please send me your splash.img so that I can create a tool for you too.)
Requirements:
1. Rooted Nextbit Robin (any ROM) or just unlocked bootloader
2. Optional: Terminal Emulator app or Custom Recovery or atleast working fastboot in computer
3. You're proceeding at your own risk.
STEPS to create splash.img:
1. Download & Extract this: Nextbit_Robin_Splash_Maker.zip
2. Make sure you have a picture in PNG format with resolution 1080x1920px.
3. Now rename your picture as logo.png & replace it inside "pics" folder of the extracted folder.
4. Finally, run the 'CREATE_LOGO.bat' to create splash.img and flashable zip file, which you can find inside the "output" folder after completion.
STEPS to flash splash.img:
Optional: To backup your original splash.img:
Code:
dd if=/dev/block/bootdevice/by-name/splash of=/sdcard/splash.img
(Not necessary though..)
You may get it from the stock firmware itself.
I have also attached the stock splash.img from 10/6/16 - 00WW_1_450.
Now, choose any one easy method to flash:
a. To flash from recovery:
Transfer the flashable_splash.zip to your device and flash from TWRP or CWM or Philz or any other custom recovery.
b. To flash from Terminal Emulator:
Transfer the splash.img to your device's Internal Storage, Open Terminal Emulator & enter the following to flash it:
Code:
su
dd if=/sdcard/splash.img of=/dev/block/bootdevice/by-name/splash
c. To flash from Fastboot mode:
Code:
fastboot flash splash splash.img
Note:
Incase something goes wrong or device doesn't bootup, flash the stock splash.img from custom recovery or fastboot.
Also, changing the splash screen doesn't mean you can get rid of the 5 seconds timeout in bootloder unlocked warning, that's actually present in the bootloader (aboot partition).. (To get rid of that, you either need to patch it up to set the timeout to 0, or you may have to unset the unlock & tamper bit similar to this.. And, I'm not doing this, since I don't own a Robin as of now)
Hit the Thanks :good: button if it worked for you
You are welcome to post the splash images that you created (along with the picture)..
Awesome. Thanks for this.
Made these from a few images i found on google so all credit goes to the original owners and the OP of course.
[Flashable zip]
BTW @GokulNC the battery image does not change when building the logo. This could be because of newer firmware maybe and updated image? Whatever it is I'd love to help test whatever fix that could be implemented
Now if only we could figure out how to remove the annoying pestering startup warning about unlocking the device
AnierinB said:
BTW @GokulNC the battery image does not change when building the logo. This could be because of newer firmware maybe and updated image? Whatever it is I'd love to help test whatever fix that could be implemented
Click to expand...
Click to collapse
I'm not sure.. I just found a battery pic in it and put it as it is..
Maybe it's loaded from the boot.img (unpack it and check it out)
Jacobwitt said:
Now if only we could figure out how to remove the annoying pestering startup warning about unlocking the device
Click to expand...
Click to collapse
Try locking the bootloader and see if still that warning persists..
Code:
fastboot oem lock
If that didn't help, send the aboot partition of your device (Both stock locked aboot and unlocked one)..
I'll check that out..
AnierinB said:
Made these from a few images i found on google so all credit goes to the original owners and the OP of course.
[Flashable zip]
Click to expand...
Click to collapse
made that my new wall paper lol.
souphail said:
made that my new wall paper lol.
Click to expand...
Click to collapse
Here is the updated Logo and wallpaper. Added a basic ether compound (Device Code-name is ether) and rearranged some things,
So I noticed another bug that is pretty interesting.. when you don't use a battery logo and just the logo.png the battery logo shows stock boot logo (when battery dies and then plug in) even though its not in my pics folder.. must be another instance of it in the splash.img
I just watched this and thought I was on my thread for a second xD Nice video man!
But for future reference it's pronounced A-NY-RIN, but don't worry everyone gets it wrong haha.
I bought a LG V35 recently. When I got the phone, I found its rooted already and looks like bootloader is unlocked since the 1st screen shows the warning unlocked messages. See attachments.
After I got into the system, I could see magisk and used root permission without any problem.
I wanted to do a system backup in the customer recovery like twrp or CWM. (I thought it should be there, since phone is rooted) But after I clicked "reboot to recovery" with TaiBackup APP, I could not get into recovery and screen shows "erasing data" and then rebooted. When system was started up again, phone was done a factory reset and magisk did not work any more...(I checked, I still can see the unlocked bootloader messages at that time)
Then I had to send my phone to the seller and got rooted again. I really do not understand how the seller rooted this phone!!
Now I am wondering if I can flash any custom recovery like twrp? I do not see LG V35 in official twrp's support device list. Dare I try the twrp for LG G7 or LG V30 or others?
If I have to try twrp for LG G7, is there anybody knows how to do a recovery backup via ADB beforehand? Anything I can do to minimize the risk?
He probably dumped the boot image with LGUP, and manually patched it with Magisk on another device
crumbling9999 said:
He probably dumped the boot image with LGUP, and manually patched it with Magisk on another device
Click to expand...
Click to collapse
Yes, I searched with google about patching magisk boot img and now I agree with you.
Now, when I trying to install some modules in magisk, I will get "installation failed". See the attachment.
I googled and tried to find the solution. It is said that I could update/re-install the magisk manager apk to solve the problem. But the seller told me DO NOT touch the magisk and even update it.
Do you know if I can update the magisk manager when rooted in the patching boot img way?
Do you know if I can install xposed in the magisk in this case?
Are there some DONTs when rooted in the patching boot img way?
Thanks for your reply.
Mate just start first with a backup via LGUP than check if you can reboot to bootloader. Then read a bit G7 thread and if you are confident in your knowledge and skills continue - it is an easy job to firstly backup your both boot mages, patch them and flash them back to your phone if you have fastboot.
vlad48 said:
Mate just start first with a backup via LGUP than check if you can reboot to bootloader. Then read a bit G7 thread and if you are confident in your knowledge and skills continue - it is an easy job to firstly backup your both boot mages, patch them and flash them back to your phone if you have fastboot.
Click to expand...
Click to collapse
Please tell me how to backup both boot images? Thx
alex.coffen said:
Yes, I searched with google about patching magisk boot img and now I agree with you.
Now, when I trying to install some modules in magisk, I will get "installation failed". See the attachment.
I googled and tried to find the solution. It is said that I could update/re-install the magisk manager apk to solve the problem. But the seller told me DO NOT touch the magisk and even update it.
Do you know if I can update the magisk manager when rooted in the patching boot img way?
Do you know if I can install xposed in the magisk in this case?
Are there some DONTs when rooted in the patching boot img way?
Thanks for your reply.
Click to expand...
Click to collapse
Is there somebody can tell me how to solve the issue that i can not install any module in magisk?
Can i update the magisk framework to 18.1 when the root method is coming from the patching boot image?
Since you have full fastboot, grab a copy of TWRP for the G7 and try booting it. I verified today that laf from the G7 boots just fine on the V35, so TWRP should work until (yes I am being optimistic here) I can get the V35 rooted and build our own TWRP.
In case you are new, the command will be:
Code:
fastboot boot twrp.img
Where twrp.img is whatever the filename of TWRP is. If the touch screen works, and the rest of the functionality is there, you can use that for now. However, you will have to have a PC and fastboot boot it every time you want to get into TWRP.
On SD845 and later devices (which the G7 and V35 have), recovery is no longer a separate partition -- it is included in boot. So, you do NOT want to flash the G7 version because while the G7 kernel may work fine for laf, and TWRP, it probably wouldn't be ideal to use as a system kernel.
Let me know if you have any questions.
I do have a question for you. Where did you get your phone from? I have a hard time believing that there are so many V35s out there with engineering bootloaders -- so I would like to get my hands on one and figure out how they unlocked the bootloader.
-- Brian
runningnak3d said:
Since you have full fastboot, grab a copy of TWRP for the G7 and try booting it. I verified today that laf from the G7 boots just fine on the V35, so TWRP should work until (yes I am being optimistic here) I can get the V35 rooted and build our own TWRP.
In case you are new, the command will be:
Code:
fastboot boot twrp.img
Where twrp.img is whatever the filename of TWRP is. If the touch screen works, and the rest of the functionality is there, you can use that for now. However, you will have to have a PC and fastboot boot it every time you want to get into TWRP.
On SD845 and later devices (which the G7 and V35 have), recovery is no longer a separate partition -- it is included in boot. So, you do NOT want to flash the G7 version because while the G7 kernel may work fine for laf, and TWRP, it probably wouldn't be ideal to use as a system kernel.
Let me know if you have any questions.
I do have a question for you. Where did you get your phone from? I have a hard time believing that there are so many V35s out there with engineering bootloaders -- so I would like to get my hands on one and figure out how they unlocked the bootloader.
-- Brian
Click to expand...
Click to collapse
Thanks for your answers.
I bought this phone from taobao which is a bigest famous online shopping site in China. I do not know how they unlocked the bootloader and tell me if something I can help with.
I unlocked LG G2/G4/oneplus 5T myself so I know the basic knowledges about how to execute ADB command and the normal root process. But I do not know the one using patched magisk boot img way.
As far as I understand, you meant that we can temporarily boot into the G7 twrp to use its functions but we cannot actually flash the twrp to the phone. Booting to G7 twrp image, is it safe? (The "safe" I mean is that, if I encounter problems, at least I still can startup the phone with rooted. Otherwise, I need to send my phone to the seller who is 2000KM away to root it again...Last time I booted into its recovery, all my data was erased...) Anyway, I will try it as you suggested, but I will put it the 2nd priority.
The 1st priority is that, I truely want to solve the problem I met about installing magisk module failed. See my attachment. I want to know if I can fix the problem by updating the magisk framework. I need the "safe" way as I just said.
So if I click "yes" in the 33.jpg I attached, do you know which would happen?
A. brick the phone
B. restart and get a factory reset, then I cannot use root any more
C. nothing changed, still install module failed but root can work
D. Solve the problem and can install module successfully
If you press "Yes" it will just download Magisk setup which will fail doing anything it will reboot to the stock recovery which will perform security check and wipeout magisk from boot image.
To solve your problem and install the module properly you need to patch externally your boot image and and flash it back in fastboot mode overwriting both a and b slots.
So:
1. Dump boot via LGUP download mode.
2. Patch it via Magisk Manager.
3. Flash it back under fastboot mode.
4. Install your module and enjoy...
P.S.: If you are not confident on how to perform any of the listed steps above please do not start it at all because definitely you will need to travel 200 km again for restoring root...
vlad48 said:
If you press "Yes" it will just download Magisk setup which will fail doing anything it will reboot to the stock recovery which will perform security check and wipeout magisk from boot image.
To solve your problem and install the module properly you need to patch externally your boot image and and flash it back in fastboot mode overwriting both a and b slots.
So:
1. Dump boot via LGUP download mode.
2. Patch it via Magisk Manager.
3. Flash it back under fastboot mode.
4. Install your module and enjoy...
P.S.: If you are not confident on how to perform any of the listed steps above please do not start it at all because definitely you will need to travel 200 km again for restoring root...
Click to expand...
Click to collapse
Thanks for explaining. That is what I worry about. Some questions for you:
1. I have used LGUP to dump boot_a and boot_b. (Very slow, took 1 hour. I renamed them to boot_a_org.img and boot_b_org.img, they are no difference with cksum). So this is currently boot images patched by seller? So, no matter what problems I encounter, I can flash boot_a_org.img(boot_b_org.img) back to boot_a and boot_b to recover my phone anytime and still get rooted? If so, I can feel free to do anything no worrying about the 2000KM delivery...
2. You mentioned "Patch it via Magisk Manager". I can directly patch boot_a_org.img to do it? I think boot_a_org.img is already patched by seller. (I do not have the original unpatched and unlocked bootloader img for V35...)
3. "Patch it via Magisk Manager". can only be done in my V35 phone, or it is OK to do it in other phones?
4. Can I try to boot into G7 twrp then I can flash the newest magisk via twrp? In this way I can fix my problem?
Thank you very much in advance.
1. Download LGUP from HERE
(make sure you put it in the right place afterwards: C:\Program Files (x86)\LG Electronics\LGUP)
2. Shut down your phone and then press VOL+ button and connect it via USB cable to your computer (The phone will boot in download mode).
3. Start LGUP.exe and select DUMP mode. DUMP only those partitions (place checkbox):
abl_a
abl_b
boot_a
boot_b
xbl_a
xbl_b
This will finish our backup preparation, so report back once done.
(Also just come to a better idea - compress and upload somewhere your boot_a file I'll try to patch it with latest Magisk and upload it back to you)
vlad48 said:
If you press "Yes" it will just download Magisk setup which will fail doing anything it will reboot to the stock recovery which will perform security check and wipeout magisk from boot image.
To solve your problem and install the module properly you need to patch externally your boot image and and flash it back in fastboot mode overwriting both a and b slots.
So:
1. Dump boot via LGUP download mode.
2. Patch it via Magisk Manager.
3. Flash it back under fastboot mode.
4. Install your module and enjoy...
P.S.: If you are not confident on how to perform any of the listed steps above please do not start it at all because definitely you will need to travel 200 km again for restoring root...
Click to expand...
Click to collapse
Laf has new security that prevents reading for now. LG UP 1.14 and 1.15 can't read .. and I can't find a copy of 1.16.
-- Brian
@runningnak3d maybe you are mixing V40 with V35. Using this DUMP only version of LGUP bootloader unlocked phones are able to dump all (even non kdz partitions) so he will be able to perform this operation.
vlad48 said:
@runningnak3d maybe you are mixing V40 with V35. Using this DUMP only version of LGUP bootloader unlocked phones are able to dump all (even non kdz partitions) so he will be able to perform this operation.
Click to expand...
Click to collapse
This only works for v35 phones with unlocked bootloader?
Yes, I have already dumped those part:
abl_a
abl_b
boot_a ============> I rename this one to boot.img
boot_b
xbl_a
xbl_b
Could you teach me what is each one used for?
So boot.img is currently boot image patched by seller? So, no matter what problems I encounter, I can flash boot.img back to boot_a and boot_b to recover my phone anytime and still get rooted? If so, I can feel free to do anything no worrying about the 2000KM delivery...
You mentioned "Patch it via Magisk Manager". I can directly patch boot.img to do it? I think boot.img is already patched by seller. (I do not have the original unpatched and unlocked bootloader img for V35...)
alex.coffen said:
Yes, I have already dumped those part:
abl_a
abl_b
boot_a ============> I rename this one to boot.img
boot_b
xbl_a
xbl_b
Could you teach me what is each one used for?
So boot.img is currently boot image patched by seller? So, no matter what problems I encounter, I can flash boot.img back to boot_a and boot_b to recover my phone anytime and still get rooted? If so, I can feel free to do anything no worrying about the 2000KM delivery...
You mentioned "Patch it via Magisk Manager". I can directly patch boot.img to do it? I think boot.img is already patched by seller. (I do not have the original unpatched and unlocked bootloader img for V35...)
Click to expand...
Click to collapse
The files I dumped from LGUP are bin file or img file?
I try to patch the boot.img file but everytime I get error. See attachment.
@alex.coffen Yes if you backup your boot image and do not boot into RECOVERY everything will be safe.
It appears your DUMP was not done properly. Please if possible open your boot.img with HEX editor and take a look at it - if there are only 0-es there than it appears something is wrong with your dump.
vlad48 said:
@alex.coffen Yes if you backup your boot image and do not boot into RECOVERY everything will be safe.
It appears your DUMP was not done properly. Please if possible open your boot.img with HEX editor and take a look at it - if there are only 0-es there than it appears something is wrong with your dump.
Click to expand...
Click to collapse
Yes, all 0-es. What should I do? I have already re-installed the USB dirver 4.2.0. See attachment.
Since I failed to use LGUP dump boot img, I think about another way.
I installed termintor on my phone. Under directory /dev/block/bootdevice/by-name, I execute "ls -l" then I can find all partitions, for one example:
boot_a -> /dev/block/sde11
In this case, do you know if I can use "dd if=/dev/block/sde11 of=/storage/emulated/0/Download/boot_a.img" to get the boot img?
@runningnak3d, @vlad48
Since I failed to use LGUP to dump boot img, I think about another way.
I installed termintor on my phone. Under directory /dev/block/bootdevice/by-name, I execute "ls -l" then I can find all partitions, for one example:
boot_a -> /dev/block/sde11
In this case, do you know if I can use "dd if=/dev/block/sde11 of=/storage/emulated/0/Download/boot_a.img" to get the boot img?
@runningnak3d, @vlad48