Related
I have previous experience in unpacking and repacking boot images, I did that for my Vivid and Jetstream. But I faced a problem when doing that for EVO 4G
So, this is the situation - I downloaded the RUU for my Unlocked EVO4G, extracted the boot_signed.img and flashed it and it works fine. Then, I tried to unpack and repack the boot image. I used the 0x80400000 (It is mentioned as CONFIG_PHYS_OFFSET in config file) as the kernel base address. However, the new boot image always causes a boot loop. I thought that it may be a problem with the kernel base address that I may be specifying.
If the base address is different, can someone point it out for me? Or am I missing something trivial here?
a bit late but hope it help others:
http://blog.djodjo.org/?p=195
I own a Shield TV 2017 (16GB) remote only (P2894, Darcy) which currently has Nvidia 7.1.0 developer OS, unlocked bootloader and the boot.img was patched using Magisk Manager 6.2.1/Magisk 18.0.
It has been noted patching boot.img using Magisk Manager 6.2.1/Magisk 18.0 only performs a partial root and that something else in the "DTB" information needs to be modified in order to allow full root access to read/write.
I'm new to this so please forgive me if I ask something obvious.
I've connected my Shield TV to my PC via ADB and executed
fastboot oem dtbname
...
(bootloader) tegra210-darcy-p2894-0050-a08-00.dtb
OKAY [ -0.000s]
finished. total time: -0.000s
I don't know how to extract the *.dtb information or know what's required to patch it.
The command to flash it is
fastboot flash DTB tegra210-darcy-p2894-0050-a08-00.dtb
Can someone else help provide what's required to extract, modify, etc... in order to flash and gain full root access?
Mogster2K said:
Zulu99 mentioned something similar - that dm-verity was enabled in darcy's DTB file, preventing any custom firmwares from executing. Foster does not seem to have this problem.
He's provided a patched DTB here - use at your own risk: http://bit.ly/2CxB1hS (WARNING! ONLY FOR 2017 DARCY MODEL!)
Original post here.
Click to expand...
Click to collapse
It's my understanding that this is required to allow TWRP 3.2.3.0 foster to work properly. If not can someone please clarify this for us beginner users?
NOTE: The patched DTB file above is not for the same version as the one I have.
nanerasingh said:
As my test on 2017 16gb 7.2.2 official TWRP patched the boot img i got root access but not fully write.
I used the DTB and flashed from fastboot and reboot without any reset -w command.
No issue of unresponsiveness and boots up normal.I tried edit build.prop in system via ES explorer and reboot the see the persistent and rw works.
So system dm-verity patch by DTB works.
Click to expand...
Click to collapse
Noting this too...
Thanks for the confirmation!
The fastboot -w should only be required if the forced cyption was already in use on the device.
But if I am not mistaken than on the developer version only the data prtition is encrypted, which is no issue.
nadia p. said:
It's my understanding that this is required to allow TWRP 3.2.3.0 foster to work properly. If not can someone please clarify this for us beginner users?
NOTE: The patched DTB file above is not for the same version as the one I have.
Click to expand...
Click to collapse
AFAIK the patched DTB is for booting custom ROMs. More work still needs to be done to get TWRP working again.
---------- Post added at 09:45 PM ---------- Previous post was at 09:42 PM ----------
nadia p. said:
I own a Shield TV 2017 (16GB) remote only (P2894, Darcy) which currently has Nvidia 7.1.0 developer OS, unlocked bootloader and the boot.img was patched using Magisk Manager 6.2.1/Magisk 18.0.
It has been noted patching boot.img using Magisk Manager 6.2.1/Magisk 18.0 only performs a partial root and that something else in the "DTB" information needs to be modified in order to allow full root access to read/write.
I'm new to this so please forgive me if I ask something obvious.
I've connected my Shield TV to my PC via ADB and executed
fastboot oem dtbname
...
(bootloader) tegra210-darcy-p2894-0050-a08-00.dtb
OKAY [ -0.000s]
finished. total time: -0.000s
I don't know how to extract the *.dtb information or know what's required to patch it.
The command to flash it is
fastboot flash DTB tegra210-darcy-p2894-0050-a08-00.dtb
Can someone else help provide what's required to extract, modify, etc... in order to flash and gain full root access?
Click to expand...
Click to collapse
Is root not working for you now? If you have never upgraded the stock ROM past 7.1, then it should work without needing a patched DTB.
Mogster2K said:
AFAIK the patched DTB is for booting custom ROMs. More work still needs to be done to get TWRP working again.
---------- Post added at 09:45 PM ---------- Previous post was at 09:42 PM ----------
Is root not working for you now? If you have never upgraded the stock ROM past 7.1, then it should work without needing a patched DTB.
Click to expand...
Click to collapse
I'm quite the beginner at all of this Android stuff, although I have experience with several other software related things. I'm currently stuck trying to install TWRP 3.2.3.0 foster on my Shield TV 2017 (16GB, remote only + usb keyboard + usb mouse). I haven't been able to backup the entire device yet to use that to see if I can restore everything back to that exact state yet. I don't know how to tell how "rooted" I really am yet.
Steel01 says TWRP 3.2.3.0 fosters is working on Darcy. I'm still trying to confirm this. My main reason for TWRP is to complete a full backup which I can later restore back to that exact state if/when something should happen if accidentally updated and it breaks everything again.
nadia p. said:
I'm quite the beginner at all of this Android stuff, although I have experience with several other software related things. I'm currently stuck trying to install TWRP 3.2.3.0 foster on my Shield TV 2017 (16GB, remote only + usb keyboard + usb mouse). I haven't been able to backup the entire device yet to use that to see if I can restore everything back to that exact state yet. I don't know how to tell how "rooted" I really am yet.
Steel01 says TWRP 3.2.3.0 fosters is working on Darcy. I'm still trying to confirm this. My main reason for TWRP is to complete a full backup which I can later restore back to that exact state if/when something should happen if accidentally updated and it breaks everything again.
Click to expand...
Click to collapse
TWRP works for darcy IF AND ONLY IF it has never been upgraded to stock rom 7.2 or higher. 7.2 majorly broke a lot of things, including TWRP, which is why this thread has so much traffic lately and I why asked whether you had upgraded past 7.1. Please confirm whether you have or not.
Mogster2K said:
TWRP works for darcy IF AND ONLY IF it has never been upgraded to stock rom 7.2 or higher. 7.2 majorly broke a lot of things, including TWRP, which is why this thread has so much traffic lately and I why asked whether you had upgraded past 7.1. Please confirm whether you have or not.
Click to expand...
Click to collapse
Hello Mogster2K, Originally without any modifications the factory installed Nvidia software upgraded itself through on-line updates to 7.2.1 which then broke other 3rd party Apps for me. I then attempted to downgrade to 6.3.0 developer OS, however because it was my first time unlocking the bootloader it wiped everything so once it 6.3.0 was successfully flashed, I had to connect to the internet, sign-in again to Google Play and meanwhile it forced itself to update back to 7.2.1 again. Later by following ACiDxCHRiST's guide HERE, I was able to successfully downgrade to 7.1.0 developer by patching the 7.1.0 boot.img then manually flashed each line item in flash-all.bat.
Later I tried to install TWRP 3.2.3.0 so I could backup the device, however I've not been successful with that since I have a Shield TV 2017 (16GB) remote only model so I must use a USB keyboard and USB mouse to do it. I was reading these other posts here about what the issues might be preventing me from installing TWRP and using it to back everything up. Does this help answer your question?
So I'm currently on 7.1.0 developer OS, patched boot.img using Magisk Manager 6.2.1/Magisk 18.0. So far the Apps that were broken by 7.2.0 "factory" are again working fine in 7.1.0. I don't game, I mainly watch movies and tv series with my device so I don't have many requirements other than I'd like to back everything up so in case it accidentally gets updated somehow I can revert back to a working archive and continue from there.
Mogster2K said:
TWRP works for darcy IF AND ONLY IF it has never been upgraded to stock rom 7.2 or higher.
Click to expand...
Click to collapse
I realized I wasn't sure if by upgrading the "stock" rom this included updating the device to 7.2.0 (or later) via on-line updates or just flashing the rom itself to 7.2.0 (or later).
Does anyone know how to test for certain criteria to help determine if:
A) anything needs to be modified in regards to DTB
B) if their device has been updated in such a way that it currently breaks TWRP (or other things) in such a way there is no fix as of today
This should prove quite useful to help us understand if/anything needs to be done or where the device resides at any given moment.
nadia p. said:
I realized I wasn't sure if by upgrading the "stock" rom this included updating the device to 7.2.0 (or later) via on-line updates or just flashing the rom itself to 7.2.0 (or later).
Click to expand...
Click to collapse
Both. Anyway, I did not realize at the time that darcy could be fully downgraded to 7.1, sorry. It doesn't work on my foster, so I can't use TWRP at all. Also, to the best of my knowledge, TWRP requires at least a USB mouse to function regardless of which ShieldTV model you have. And the modified DTB is just for booting modified images on darcy 7.2+. You're fine without it on 7.1.
Stuck... post backup TWRP 3.2.3.0, now corrupt w/black screen
I'm not sure if this had anything to do with it but I'm suck at a black screen after backing up TWRP.
More information can be found at this POST.
Already this 7.2 update is creating topics all over the place
Anyway, let me try to at least some light on things.
My latest findings:
1. The bootloader does not downgrade to 7.1 once you had at least the 7.2.x installed, not sure about 7.2 as it is too late for me to test this.
I did not check with the 6.3 either but maybe someone who did is able to state what bootloader is working then.
2. The DTB is not included in the firmware images at all but it seems it was included in some pre 7.1 to include the "updates" for the Darcy models.
What makes the Zulu one tick is the simple fact that it is patched to disable DM-Verity completely.
Hence the requirement for the fastboot -w or a factory reset.
TWRP and such....
This might get quite long, so anyone without half decent knowledge about rooting, firmwares and recoveries can just skip it
First thing I learned from 7.2 was: Do not mess with your bootloader!!!
Second thing I learned is that Linus was right with his statement about NVidia and their open source suppport.
So what actually changed?
For starters the NVidia statement of the developer firmware being rootable is not true the same way it was before.
Google latest kernel fixes and changes have been implemented - look it up yourself please to spare me thausand of lines of typing!
In short it means that all backdoors or such that Magisk or SU have used are unavailabe now.
Rooting still works but with the limit of write access.
And that is the important factor one for TWRP, the second is "routing".
Let me try to word it as simple as I can...
We can not modify the system to ignore the stock recovery or related security features.
We can not write to required areas of the system required to boot into TWRP through the recovery.
If you somehow manage to get into TWRP, like when I still had a working mod, there again is no write access to system available and the internal memory will be corrupted if you write a backup.
The DTB Zulu provided gives us system wide write rights again by disabling DM-Verity but this only goes for the system!!
The recovery does not use the DTB in this way.
Best thing you end up with is a dark screen where ADB seems to be working.
It actually works with full root access for me in several cases LOL
So if that really is TWRP then why can't we see it?
My TV is great as it allows multi input formats.
So a 1080P signal will be accepted as such.
And every time this screen format changes I see a little pop up with the new resolutions on the screen.
Since 7.2 this popup no longer shows up....
TWRP might actually be there and working but we can not see or use it.
The strange thing however is that at least on the 7.2.2 I had the strange problem that just trying to boot into tWRP through fastboot resulted in a corrupt system.
The bootloader realises the recovery written into the temp area has no NVidia signature or hash code to match.
This means for the bootloader a possible attack on the system happened and it is "secured", resulting in a soft brick.
My plans to fix all this crap for good:
The DTB is a partial solution at best as we
a) don't really know how compatible it is with future updates.
b) we still fail to properly use TWRP again.
All up a total nighmare for any modder or person with a lot of data and apps to backup and restore.
My first attempt was to build the 7.2 from the sources, thinking at least here the NVidia statements are correct that their installer takes care of everything.
Lol! It did take of about 120GB in downloads but did not give me any of require software suites actually required to even load a build tree.
Would need far more time than I have to mae complete and work with registrations, accounts and all this.
So I decided to go back to my roots before Magisk was a thing.
Dissecting the firmware, disabling all new "safety" features and not required encryptions and hash checks.
That bit I think I finnished to my satisfaction.
On the packing to make it work to be installed under 7.2.X I am still working.
Biggest drawback for me is that I lost TWRP and that the TWRP builder does not even let me log in on my Shield.
So even if a more offical way or porting or building could be a way out I can not access it.
Means I can neither try to install my modded firmware nor test it.
So if anyone reading here has a confirmed way to downgrade to something that brings TWRP back to live with working write access and working backup functions:
Don't be shy, we don''t bite (much)!
Share your way, give us the links and if my magic still works a bit this nightmare shall soon be over for good
7.2 sources still have not been released yet, anyway. I found a reference to a new branch "rel-30-r2-partner-o" but that's all.
Downunder35m said:
Already this 7.2 update is creating topics all over the place
Anyway, let me try to at least some light on things.
My latest findings:
1. The bootloader does not downgrade to 7.1 once you had at least the 7.2.x installed, not sure about 7.2 as it is too late for me to test this.
I did not check with the 6.3 either but maybe someone who did is able to state what bootloader is working then.
2. The DTB is not included in the firmware images at all but it seems it was included in some pre 7.1 to include the "updates" for the Darcy models.
What makes the Zulu one tick is the simple fact that it is patched to disable DM-Verity completely.
Hence the requirement for the fastboot -w or a factory reset.
TWRP and such....
This might get quite long, so anyone without half decent knowledge about rooting, firmwares and recoveries can just skip it
First thing I learned from 7.2 was: Do not mess with your bootloader!!!
Second thing I learned is that Linus was right with his statement about NVidia and their open source suppport.
So what actually changed?
For starters the NVidia statement of the developer firmware being rootable is not true the same way it was before.
Google latest kernel fixes and changes have been implemented - look it up yourself please to spare me thausand of lines of typing!
In short it means that all backdoors or such that Magisk or SU have used are unavailabe now.
Rooting still works but with the limit of write access.
And that is the important factor one for TWRP, the second is "routing".
Let me try to word it as simple as I can...
We can not modify the system to ignore the stock recovery or related security features.
We can not write to required areas of the system required to boot into TWRP through the recovery.
If you somehow manage to get into TWRP, like when I still had a working mod, there again is no write access to system available and the internal memory will be corrupted if you write a backup.
The DTB Zulu provided gives us system wide write rights again by disabling DM-Verity but this only goes for the system!!
The recovery does not use the DTB in this way.
Best thing you end up with is a dark screen where ADB seems to be working.
It actually works with full root access for me in several cases LOL
So if that really is TWRP then why can't we see it?
My TV is great as it allows multi input formats.
So a 1080P signal will be accepted as such.
And every time this screen format changes I see a little pop up with the new resolutions on the screen.
Since 7.2 this popup no longer shows up....
TWRP might actually be there and working but we can not see or use it.
The strange thing however is that at least on the 7.2.2 I had the strange problem that just trying to boot into tWRP through fastboot resulted in a corrupt system.
The bootloader realises the recovery written into the temp area has no NVidia signature or hash code to match.
This means for the bootloader a possible attack on the system happened and it is "secured", resulting in a soft brick.
My plans to fix all this crap for good:
The DTB is a partial solution at best as we
a) don't really know how compatible it is with future updates.
b) we still fail to properly use TWRP again.
All up a total nighmare for any modder or person with a lot of data and apps to backup and restore.
My first attempt was to build the 7.2 from the sources, thinking at least here the NVidia statements are correct that their installer takes care of everything.
Lol! It did take of about 120GB in downloads but did not give me any of require software suites actually required to even load a build tree.
Would need far more time than I have to mae complete and work with registrations, accounts and all this.
So I decided to go back to my roots before Magisk was a thing.
Dissecting the firmware, disabling all new "safety" features and not required encryptions and hash checks.
That bit I think I finnished to my satisfaction.
On the packing to make it work to be installed under 7.2.X I am still working.
Biggest drawback for me is that I lost TWRP and that the TWRP builder does not even let me log in on my Shield.
So even if a more offical way or porting or building could be a way out I can not access it.
Means I can neither try to install my modded firmware nor test it.
So if anyone reading here has a confirmed way to downgrade to something that brings TWRP back to live with working write access and working backup functions:
Don't be shy, we don''t bite (much)!
Share your way, give us the links and if my magic still works a bit this nightmare shall soon be over for good
Click to expand...
Click to collapse
First of all thank you so much for putting all this in layman's terms so someone like me can understand it. Total respect!
Since my device is useless if there is some way I can offer you remote access to a PC, the device and anything else I can assist you with please don't hesitate to let me know.
If you need me to send you my device with remote that you can use to complete these things and get everyone unstuck from this dreadful situation I'm all for that too.
I wish there were a means, like with computers, that we can purchase a band new device, fully back it up before even connecting it to the internet and being forced to sign-in to Google Play before we even have access to the device. We'd also need a way to wipe, format and reinstall this backup without any issues. Is this too much to ask for in an Android world?
EDIT: I have time, access to certain hardware PCs, Macs and Linux, and have some basic skills with computers, phones, etc... If I can assist you or anyone with certain time consuming things let me know. The only Android device I currently own now is the Shield TV.
Would it Work to just flash the system/vendor files without updating the Bootloader?
nadia p. said:
Since my device is useless if there is some way I can offer you remote access to a PC, the device and anything else I can assist you with please don't hesitate to let me know.
Click to expand...
Click to collapse
Sorry, I've lost track of your particular situation. Are you unable to reflash Stock 7.2 or 7.2.1? I realize it's hardly ideal, but it would at least make the ShieldTV usable.
From what I understand the dtb file is in the blob file, so simply flashing back a blob file would put back the stock dtb file. The only issue with flashing blob files is if you tried flashing back a Nougat blob file if you were already on a Oreo Firmware, as long as you only try flashing a Oreo Firmware blob file you shouldn't run into any problems, I would have to go back and have a read, but I'm sure I read that you may have done this and if you had tried to flash a Nougat blob file when you were already on an Oreo Firmware, that could be where you first ran into problems. But I'm not too sure if you are asking where to get the modified dtb file or not, I'm not sure if you have already flashed the modified dtb file or you are asking where to get the modified dtb file. I checked the dtb version on my 2017 Darcy Shield and it came up with a different number version than yours, mine came back with: tegra210-darcy-p2894-0050-a04-00.dtb whereas you have posted you have the tegra210-darcy-p2894-0050-a08-00.dtb. I done the check on what version of the dtb I had before and after using the modified dtb and also after when I flashed back a Oreo blob file and back to a Full Stock Oreo firmware and they both came back as the a04 version.
I would try and flash back to the latest Stock 7.2.1 image released on Nvidia's site: https://developer.nvidia.com/gameworksdownload
If successful then I would look at downgrading back to 7.1 Stock Firmware. I'm still a bit confused if this is what you have done or you only have a black screen when trying to boot to system?
The Fifth and Sixth version on the downloads screen are the versions for the 2017 model, one being the Developer version and the one below being the Stock version of 7.2.1. I would try flashing the Stock Version first and see if that gets you back up and running again. If it does, I would again check the dtb version as I am sure the 2017 Darcy model should be showing the a04 version and not a08.
---------- Post added at 01:06 PM ---------- Previous post was at 12:55 PM ----------
I just had a quick read back, you have said you have flashed the Developer image and then also flashed a patched boot.img. I have not done this combo as it is not the way I would do things. I would use just the Stock Firmware and not the Developer image with a patched boot.img. I do not know 100% for sure if the only difference between the Developer version and the stock version is the boot.img but if you are going to use a patched boot.img anyway, this is the reason why I say there is no need to flash the Developer version as you are going to use a Patched boot.img anyway, I would just stick with the Stock version.
Mogster2K said:
Sorry, I've lost track of your particular situation. Are you unable to reflash Stock 7.2 or 7.2.1? I realize it's hardly ideal, but it would at least make the ShieldTV usable.
Click to expand...
Click to collapse
Hello Mogster2K, from the factory install which was updated OTA to 7.2.1 I was able to 1st unlock the bootloader and flash 6.3.0 developer OS to my device successfully, or so I thought so. What I mean by this is based on what Downunder35m said once the device has been updated to 7.2.0 regardless of how when flashing previous versions of OS (developer or recovery) it may not revert the bootloader to 6.3.0. This we still have to see and test to confirm, unfortunately he nor I have any way to test things right now. That being said because I unlocked the bootloader (forced wipe) then flashed 6.3.0 that all went fine accept when booting to the Nvidia home screen it required me to connect to the internet and then sign-in to Google Play. Doing this the OS forces it to update itself again back to 7.2.1 (at that time).
So now that the previous steps were useless I then discovered ACiDxCHRiST's guide HERE and followed that since the bootloader was already unlocked I could modify the boot.img form 7.1.0 then flash that. Well two things happened, it worked perfectly however it's most likely Magisk didn't truly root the device 100%, it only rooted it partially. So now the device worked fine on 7.1.0 and everything was going well UNTIL I decided to install TWRP and backup my device. Doing so totally screwed it, now I have a black screen.... Read THIS.
So one of the reasons I started this thread was to find out more about DTB and how do we start to first test a devices current state, perhaps patch it to what we need to recover from the 7.2.0 changes and restrictions. The benefit of all of this is we should be able, with expertise, be able to climb our way out of this hole and get back to a working device.
whiteak said:
From what I understand the dtb file is in the blob file, so simply flashing back a blob file would put back the stock dtb file. The only issue with flashing blob files is if you tried flashing back a Nougat blob file if you were already on a Oreo Firmware, as long as you only try flashing a Oreo Firmware blob file you shouldn't run into any problems, I would have to go back and have a read, but I'm sure I read that you may have done this and if you had tried to flash a Nougat blob file when you were already on an Oreo Firmware, that could be where you first ran into problems. But I'm not too sure if you are asking where to get the modified dtb file or not, I'm not sure if you have already flashed the modified dtb file or you are asking where to get the modified dtb file. I checked the dtb version on my 2017 Darcy Shield and it came up with a different number version than yours, mine came back with: tegra210-darcy-p2894-0050-a04-00.dtb whereas you have posted you have the tegra210-darcy-p2894-0050-a08-00.dtb. I done the check on what version of the dtb I had before and after using the modified dtb and also after when I flashed back a Oreo blob file and back to a Full Stock Oreo firmware and they both came back as the a04 version.
I would try and flash back to the latest Stock 7.2.1 image released on Nvidia's site: https://developer.nvidia.com/gameworksdownload
If successful then I would look at downgrading back to 7.1 Stock Firmware. I'm still a bit confused if this is what you have done or you only have a black screen when trying to boot to system?
The Fifth and Sixth version on the downloads screen are the versions for the 2017 model, one being the Developer version and the one below being the Stock version of 7.2.1. I would try flashing the Stock Version first and see if that gets you back up and running again. If it does, I would again check the dtb version as I am sure the 2017 Darcy model should be showing the a04 version and not a08.
---------- Post added at 01:06 PM ---------- Previous post was at 12:55 PM ----------
I just had a quick read back, you have said you have flashed the Developer image and then also flashed a patched boot.img. I have not done this combo as it is not the way I would do things. I would use just the Stock Firmware and not the Developer image with a patched boot.img. I do not know 100% for sure if the only difference between the Developer version and the stock version is the boot.img but if you are going to use a patched boot.img anyway, this is the reason why I say there is no need to flash the Developer version as you are going to use a Patched boot.img anyway, I would just stick with the Stock version.
Click to expand...
Click to collapse
In short the 7.2.1 update broke the factory install by affecting other apps I use and that were working perfectly fine in 7.1.0 before the update occurred. This was the sole reason I attempted to revert back to a previous OS.
Just flashing 6.3.0 didn't work as it updated itself back to 7.2.1 forcibly. I then had to work around that issue and the only way I found was to download 7.1.0, patch it's boot.img file, flash 7.1.0 developer to keep the bootloader uplocked so it wouldn't wipe the system whereby deleting the user info, apps, etc..., make sense? The only issue is that Magisk didn't fully root the device properly and with the new OS verification added to 7.2.0 it created all sorts of other protections where we're not able to fully wipe everything and flash back normally. These protections kick in and prevent it. This is why we're trying to see how to undo the protection settings so we can actually do what we need to do. DTB is part of this.
Hi I was trying to enable qualcomm diag mode in my pixel 3 xl. I was able to do it on my old pixel 1 phone with flashing Google's vendor images. It was enabling debug mode. But when I try to do the same thing on my pixel 3 xl, I always get "Your device is corrupted" screen and phone is stuck at boot. I tried both first and last firmwares with first and last vendor binaries. I'm using generic "fastboot flash vendor vendor.img" command. This only happens with external vendor images. When I try original vendor.img phone works. But external, no luck. Any help is welcome. If wanted I can supply more info.
BTW cause of my struggling is when I was messing with custom roms I deleted my original IMEI number. Now I want it back.
Sepkov said:
Hi I was trying to enable qualcomm diag mode in my pixel 3 xl. I was able to do it on my old pixel 1 phone with flashing Google's vendor images. It was enabling debug mode. But when I try to do the same thing on my pixel 3 xl, I always get "Your device is corrupted" screen and phone is stuck at boot. I tried both first and last firmwares with first and last vendor binaries. I'm using generic "fastboot flash vendor vendor.img" command. This only happens with external vendor images. When I try original vendor.img phone works. But external, no luck. Any help is welcome. If wanted I can supply more info.
BTW cause of my struggling is when I was messing with custom roms I deleted my original IMEI number. Now I want it back.
Click to expand...
Click to collapse
when say original vendor.img and external vendor.img what does it mean ? external vendor images which is modified by an user? sorry for my noobish question just curios ...
you can download the latest factory image for pixel 3xl april build, extract the zip edit the flash.all bat file to remove -w which will get your phone back to original state without wiping your internal data/storage files.
you can alternatively try flashing the vendor image through fastboot to both slots using command and see if it helps either. not sure if IMEI loss will stop this process from happening.
fastboot flash vendor_a vendor.img
fastboot flash vendor_b vendor.img
SacredDeviL666 said:
when say original vendor.img and external vendor.img what does it mean ? external vendor images which is modified by an user? sorry for my noobish question just curios ...
you can download the latest factory image for pixel 3xl april build, extract the zip edit the flash.all bat file to remove -w which will get your phone back to original state without wiping your internal data/storage files.
you can alternatively try flashing the vendor image through fastboot to both slots using command and see if it helps either. not sure if IMEI loss will stop this process from happening.
fastboot flash vendor_a vendor.img
fastboot flash vendor_b vendor.img
Click to expand...
Click to collapse
Hello sir. Thanks for your answer.
When I mean original vendor image, I mean the one inside in the factory image.
When I mean external vendor image, I mean the one google provides apart from factory image located in here:
https://developers.google.com/android/images#crosshatch
I'm pretty sure I'm using the one has same software version.
Sorry for my english, I'm not a native english speaker. So in order to give this topic a little clarity I'm going to type the steps I'm following with the device behaviour, hope it helps.
Steps:
1 - Downloading latest factory image (version: PQ2A.190405.003) and flashing to device with ./flash-all.sh >> device is rebooting and starting just fine
2 - Downloading external vendor image google provides from the link I mentioned above and flashing with
"fastboot flash vendor_a vendor.img && fastboot flash vendor_b vendor.img" >> Device says it's corrupted and not booting stuck at splash.
Also just "fastboot flash vendor vendor.img" >> Just same doesn't turn on stuck at splash.
I'm probably missing something because I was able to do this in my pixel 1 device.
The whole thing I'm trying to do is to recovery my imei with qpst firmware. To do this I need diag mode.
With my regards.
Sepkov said:
Sorry for my english, I'm not a native english speaker. So in order to give this topic a little clarity I'm going to type the steps I'm following with the device behaviour, hope it helps.
Click to expand...
Click to collapse
All good as long as we understand each other that serves the purpose of a language :good:
Sepkov said:
Hello sir. Thanks for your answer.
I'm pretty sure I'm using the one has same software version.
Steps:
1 - Downloading latest factory image (version: PQ2A.190405.003) and flashing to device with ./flash-all.sh >> device is rebooting and starting just fine
2 - Downloading external vendor image google provides from the link I mentioned above and flashing with
"fastboot flash vendor_a vendor.img && fastboot flash vendor_b vendor.img" >> Device says it's corrupted and not booting stuck at splash.
Also just "fastboot flash vendor vendor.img" >> Just same doesn't turn on stuck at splash.
I'm probably missing something because I was able to do this in my pixel 1 device.
Click to expand...
Click to collapse
This is strange as both should have same vendor.img from the full factory image. This is the factory image which you have downloaded and said to be flashing fine.
Could you please link me the exact vendor.img link you are downloading from ? why are you flashing vendor image again if the factory images already flashes them. or why not extract it from the existing the factory image which is getting flashed successfully.
Sepkov said:
The whole thing I'm trying to do is to recovery my imei with qpst firmware. To do this I need diag mode.
With my regards.
Click to expand...
Click to collapse
Is this the reason you need to flash vendor.img again even after the factory image i linked above flashes those.
SacredDeviL666 said:
All good as long as we understand each other that serves the purpose of a language :good:
This is strange as both should have same vendor.img from the full factory image. This is the factory image which you have downloaded and said to be flashing fine.
Could you please link me the exact vendor.img link you are downloading from ? why are you flashing vendor image again if the factory images already flashes them. or why not extract it from the existing the factory image which is getting flashed successfully.
Is this the reason you need to flash vendor.img again even after the factory image i linked above flashes those.
Click to expand...
Click to collapse
Hello sir. Thanks for your reply.
On factory images google provides only release vendor image, which has necessary debugging features disabled. But the one from the link I provided has debugging features enabled. I can see the necessary lines in that external vendor image. But not on the one inside the factory zip. Here is the link of vendor image I downloaded:
https://dl.google.com/dl/android/aosp/google_devices-crosshatch-pq2a.190405.003-86ca23db.tgz
You may need a linux like shell in order to use the file provided from google.
Sepkov said:
Hello sir. Thanks for your reply.
On factory images google provides only release vendor image, which has necessary debugging features disabled. But the one from the link I provided has debugging features enabled. I can see the necessary lines in that external vendor image. But not on the one inside the factory zip. Here is the link of vendor image I downloaded:
https://dl.google.com/dl/android/aosp/google_devices-crosshatch-pq2a.190405.003-86ca23db.tgz
You may need a linux like shell in order to use the file provided from google.
Click to expand...
Click to collapse
I am at a loss when it comes to Linux sorry for that can you replace this vendor image you mentioned above to the vendor in factory image you have downloaded and see if it gets flashed fine along with the factory image?
The only reason i could think of is the vendor files aren't matching the requirement an thus giving image corrupt error.
Sorry couldn't be of much help if the above doesn't help then i would suggest to wait for opinions from experts around.
I could request @karandpr to check and verify if the vendors are matching from both source or probably help you troubleshoot you further.
@efrant has got pixel 3 maybe he could if not karan...
The file you linked is just the script to pull the vendor blobs from the phone, it is not a vendor.img
Imei should can back once you connect to WiFi or insert a Sim. It will not because if you use an esim you get a different imei. If you use a regular aim you get the imei in phone.
And don't flash generic anything. Maybe a gsi but vendor & radio you keep the same. Boot can be patched and do whatever. In no way even with a gsi do you ever flash custom vendor images. Most custom ROMs if not all want you to have the latest vendor and radio images. Those tell the rom what it is working with. No way is anything to do with that is generic.
No sir you are wrong it's a bash script designed to work with Macos and Linux. Even in Windows subsystem for Linux.
S8rooted&tooted said:
Imei should can back once you connect to WiFi or insert a Sim. It will not because if you use an esim you get a different imei. If you use a regular aim you get the imei in phone.
And don't flash generic anything. Maybe a gsi but vendor & radio you keep the same. Boot can be patched and do whatever. In no way even with a gsi do you ever flash custom vendor images. Most custom ROMs if not all want you to have the latest vendor and radio images. Those tell the rom what it is working with. No way is anything to do with that is generic.
Click to expand...
Click to collapse
But the file I'm trying to flash is provided by Google for my software. What's wrong with that?
Just to give this topic a little clarity I'm basicly trying to do this:
https://forum.xda-developers.com/showpost.php?p=77262880&postcount=54
It was working on pixel 1 as I mentioned but not on pixel 3 xl.
WHYY
Sepkov said:
Just to give this topic a little clarity I'm basicly trying to do this:
https://forum.xda-developers.com/showpost.php?p=77262880&postcount=54
It was working on pixel 1 as I mentioned but not on pixel 3 xl.
WHYY
Click to expand...
Click to collapse
@Sepkov @Xdevillived666
I don't think this works on the Pixel 3/Pixel 3XL. At least not fully, according to these post:
QPST ports open on pixel 3 by Xdevillived666
Update:QXDM Pixel 3 limited success (help) by Xdevillived666
¯\_(ツ)_/¯
I don't think he meant he was flashing the pixel vendor, he meant he was using that process with the pixel 3 downloads.
Exactly I was mentioning this
Those are not generic images you are linking. Those device specific images. Dev images which I would not be messing with unless you know what you are doing. And from the sound of it, no one in here should be screwing with those. I took two minutes to look at this and laugh. One. No such thing as a generic vendor image. There are Dev Google device specific vendor images that render your phone useless except talking to your computer. If that is ok with you and the goal, go for it. But this post is about files that don't exist trying to make work. And from what Google puts out, you flashed it right, and is working right if you got it to boot. User would not see a difference except not being able to do anything except USB dialogue to your computer. So what is the point? Dev? Hell if you can t even flash a simple device specific file, you shouldn't be doing Dev work.
---------- Post added at 02:37 PM ---------- Previous post was at 02:23 PM ----------
Also after reading, these will not work with the stock rom. You need a custom rom these binaries from Google. The factory image doesn't mix with these images. The factory images contain the vendor image. From the quick run down Google actually gives, these are not meant to mix with the factory rom. These are meant outside of the factory rom getting asop custom ROMs going. Gsi and such.
Deleted
https://developers.google.com/android/drivers
S8rooted&tooted said:
Those are not generic images you are linking. Those device specific images. Dev images which I would not be messing with unless you know what you are doing. And from the sound of it, no one in here should be screwing with those. I took two minutes to look at this and laugh. One. No such thing as a generic vendor image. There are Dev Google device specific vendor images that render your phone useless except talking to your computer. If that is ok with you and the goal, go for it. But this post is about files that don't exist trying to make work. And from what Google puts out, you flashed it right, and is working right if you got it to boot. User would not see a difference except not being able to do anything except USB dialogue to your computer. So what is the point? Dev? Hell if you can t even flash a simple device specific file, you shouldn't be doing Dev work.
---------- Post added at 02:37 PM ---------- Previous post was at 02:23 PM ----------
Also after reading, these will not work with the stock rom. You need a custom rom these binaries from Google. The factory image doesn't mix with these images. The factory images contain the vendor image. From the quick run down Google actually gives, these are not meant to mix with the factory rom. These are meant outside of the factory rom getting asop custom ROMs going. Gsi and such.
Click to expand...
Click to collapse
Hello. Thanks for your answer.
So I need an aosp rom in order to use these "debug enabled vendor" images. Is that correct? If so I still don't understand why it was working well with the pixel 1.
Google must have done something different. Thanks sir I will look on to it.
It is not they won't work. You for one are not going to Google or those other posts. The pixel XL and pixel 3 xl are not the same phones. I have both actually. One rooted on Q and on not rooted on Q. Pixel 3 xl no root. These images you speak of are for custom ROMs. Go read the link I provided. Asop ROMs to be exact. These are for people that build ROMs. To get the binaries to communicate with their ROMs. Vendor GPS to be exact. A factory rom has these are ready. Why are you mixing custom and factory images. They don't work together.
S8rooted&tooted said:
It is not they won't work. You for one are not going to Google or those other posts. The pixel XL and pixel 3 xl are not the same phones. I have both actually. One rooted on Q and on not rooted on Q. Pixel 3 xl no root. These images you speak of are for custom ROMs. Go read the link I provided. Asop ROMs to be exact. These are for people that build ROMs. To get the binaries to communicate with their ROMs. Vendor GPS to be exact. A factory rom has these are ready. Why are you mixing custom and factory images. They don't work together.
Click to expand...
Click to collapse
The reason I'm trying to flash Google supplied vendor.img is that I'm trying to restore my imei using qpst software. I was able to do this with flashing Google provided vendor.img that has same build number as the pixel has. In that phone(pixel 1) I was able to type "setprop sys.usb.config diag,adb,mtp" (ofc after rooting) and after that I could see my phone in qpst software. I want to mention here I was not using any different rom than Google factory rom. It was working flawlessly. On pixel 3 xl I was trying to do the same steps with latest pixel 3 xl factory image and corresponding vendor.img. But I am not able to succeed. I will compile aosp for myself because I was not able find a aosp rom build ready. Then look for enabling diag mode. Thanks for your reply, I was missing aosp part in drivers section.
https://www.getdroidtips.com/twrp-recovery-motorola-moto-e6/
None of my recoveries have worked for the E6, but I'm being linked as a developer for a working TWRP recovery. if you came from this link, DO NOT use my builds. I've deleted the links to my builds anyway. Someone else got OrangeFox working on the forums. Go check it out and use that one instead.
I tried it but sadly it didn't work - I tried to use it as a temporary boot but it simply booted into the the normal E6 OS
TristianX said:
I tried it but sadly it didn't work - I tried to use it as a temporary boot but it simply booted into the the normal E6 OS
Click to expand...
Click to collapse
Crap, I gotta see if there's a way I can get logs then. But you usually can't get logs unless you can boot into a custom recovery...
Gimme a bit to think about this
I tried this image;
https://unofficialtwrp.com/twrp-3-3-1-root-moto-e6/
This process too
https://forum.xda-developers.com/moto-e6/how-to/rooting-e6-surfna-t3965659
and then of course your image from this post.
They all indicate they flash ok from the fastboot status but when it should boot/temp boot/or replace recovery it simply puts me back into normal boot up. I'm using the t-mobile variant with firmware PCB29.73-65-3
Ohhhh I'm excited to see where this can go!
My buddy just sent me a PM and brought up a good point. When dirty porting, I didn't even think to check if the recoveries were both 64 bit. This could be the reason why it's not booting. I'm gonna have another go at this later today and post up another test image for you all if I can figure something out.
Also, just as a heads up, this is for the QUALCOMM MODEL E6. Not sure if there's a MediaTek international model, but this isn't for that.
Well when you post back I'll deff give it a try.
I'm gonna try porting from a different phone, some kind of Aquarius model. It has the same chipset and is 64 bit too.
Also, to those that werent able to flash/boot from it, you unlocked your bootloader right? Forgot to mention that it needs to be unlocked for this to work
I haven't had a chance to give this a go. I'm making sure I understand everything and the risks. More than willing to give it a shot tho
In the process of dirty porting TWRP again to the E6. The only issue is I now have Windows on my PC (for very important personal reasons) and Carliv Image Kitchen is only available on Linux. Here's the steps I need to take to get you guys the 2nd "alpha" of TWRP:
1) Beat Broken Arrow in Payday 2 so I can go back to Linux
2) Download the recoveries/image kitchens for everything again to do the port
3) Do the dirty port and upload it
Currently I'm working on step 1, but it should be done by the end of this night.
NEW RECOVERY IS UP!!! Go download Attempt 2 and see if it gets you any further. If that breaks, try Attempt 3.
Got a moto e6 recently just as an Android device to experiment/mess around with (Mostly been into iOS and Jailbreaking) and stumbled across this thread. Whats the current situation with this? Is the TWRP port working?
Tim0xff7 said:
Got a moto e6 recently just as an Android device to experiment/mess around with (Mostly been into iOS and Jailbreaking) and stumbled across this thread. Whats the current situation with this? Is the TWRP port working?
Click to expand...
Click to collapse
Attempt 1 didn't work, waiting on someone to try Attempt 2, and if that doesn't work then 3. If you want to help (I'd really appreciate it) unlock your bootloader and try to boot/flash into one of the images I gave
I'd love to help! Bootloader is already unlocked so I'll try flashing and then get back to you with results
Some observations so far:
-Using fastboot to boot an image flat-out doesn't work. I'd hazard a guess and say it's due to Pie requiring system-as-root and the boot image not utilizing a ramdisk, but honestly I don't really know.
-The init executable from the stock recovery is 32-bit, and everything I've seen so far indicates an entirely 32-bit build for the E6. Using 64-bit TWRP bases probably won't work; the second and third attempts linked in the first post do not boot, and attempts to boot to recovery with them flashed will fail, with the phone continuing on to boot the system regularly, which in turn restores the stock recovery image.
-On the other hand, with what I believe is your first build, and my own test using the standard E5 TWRP as a base, I can get as far as the TWRP splash screen, where it locks up indefinitely.
-I've also tried creating my own device tree based on the E5 tree and building from scratch without any further success, although in fairness I've only been at it for a couple of hours.
FEGuy said:
Some observations so far:
-Using fastboot to boot an image flat-out doesn't work. I'd hazard a guess and say it's due to Pie requiring system-as-root and the boot image not utilizing a ramdisk, but honestly I don't really know.
-The init executable from the stock recovery is 32-bit, and everything I've seen so far indicates an entirely 32-bit build for the E6. Using 64-bit TWRP bases probably won't work; the second and third attempts linked in the first post do not boot, and attempts to boot to recovery with them flashed will fail, with the phone continuing on to boot the system regularly, which in turn restores the stock recovery image.
-On the other hand, with what I believe is your first build, and my own test using the standard E5 TWRP as a base, I can get as far as the TWRP splash screen, where it locks up indefinitely.
-I've also tried creating my own device tree based on the E5 tree and building from scratch without any further success, although in fairness I've only been at it for a couple of hours.
Click to expand...
Click to collapse
PM me. I've got a buddy who's more into kernels and things like that that can probably help us. I'd like to help too, but I can't promise much as I've never done kernel development before
Any headway on this front?
Hey OP, I got it to boot to the TWRP logo, but it won't fully boot into recovery. is there something I'm missing? sorry, I sorely want to install liveboot again on my device, and I feel like I'm being an idiot with some huge oversight on my part haha. is it functional?
---------- Post added at 08:56 PM ---------- Previous post was at 08:55 PM ----------
I'm only asking because I've sat at the TWRP logo for more than half an hour sorry to bug you
Daltonyx said:
Hey OP, I got it to boot to the TWRP logo, but it won't fully boot into recovery. is there something I'm missing? sorry, I sorely want to install liveboot again on my device, and I feel like I'm being an idiot with some huge oversight on my part haha. is it functional?
---------- Post added at 08:56 PM ---------- Previous post was at 08:55 PM ----------
I'm only asking because I've sat at the TWRP logo for more than half an hour sorry to bug you
Click to expand...
Click to collapse
The TWRP is not working. None of them are. The original poster has said in some recent comments that they plan on buying the E6, so maybe in the future we may get a fully working TWRP. I sure hope so, because my E6 has been collecting dust in my drawer for about a month now. I've been content with my G6 and G7 Power but I can't stand such a nice but unused phone.
Since Visible is pretty much giving away the e6 with any old trade in maybe the op will finally get one.
Moto G Stylus Metro PCS brand:
I'm brand new to this subject so please forgive any ignorance. I'm decent with linux but new to android stuff.
Tried flashing the latest weekly build of OmniROM - now seems to be stuck at boot screen and won't go past. I am coming from latest OTA update from Motorola.
Phone was not rooted prior to starting this.
I also accidentally wiped slot A with my factory image on it (oops).
TWRP did not ask for any decryption key so I ran:
fastboot erase userdata
and this seemed to fix errors that I was getting while flashing with respect to denying access.
What I've done:
-Unlocked bootloader
-Installed TWRP 3.5.0-10 from the g-stylus forum.
-wiped and formatted via TWRP
-flashed 5/23 weekly build of OmniROM
Now no matter what I do or what slot I flash to it will not get past the Omni boot load animated screen. I've run this for almost 2 hours and nothing happens.
Any ideas?
Thanks!
nutsnax said:
Moto G Stylus Metro PCS brand:
I'm brand new to this subject so please forgive any ignorance. I'm decent with linux but new to android stuff.
Tried flashing the latest weekly build of OmniROM - now seems to be stuck at boot screen and won't go past. I am coming from latest OTA update from Motorola.
Phone was not rooted prior to starting this.
I also accidentally wiped slot A with my factory image on it (oops).
TWRP did not ask for any decryption key so I ran:
fastboot erase userdata
and this seemed to fix errors that I was getting while flashing with respect to denying access.
What I've done:
-Unlocked bootloader
-Installed TWRP 3.5.0-10 from the g-stylus forum.
-wiped and formatted via TWRP
-flashed 5/23 weekly build of OmniROM
Now no matter what I do or what slot I flash to it will not get past the Omni boot load animated screen. I've run this for almost 2 hours and nothing happens.
Any ideas?
Thanks!
Click to expand...
Click to collapse
Weekly builds may be unstable. I'm actually curious on how you got a hold of such build for the this device. Most, if not all ROMs are unofficial for the stylus and updates for each rom varies by contributed developers.....
However, you say you're decent with Linux. I'm sure there's some developers here that would help you with various tools to learn on how to make your own version of any type of OS.
As for OmniRom, I'd probably ask @vache for some help, for he has his own unofficial version.
Also, I recommend that you have the latest platform tools and the moto software tool if you don't have these yet...
nevermind I got it working. I was flashing p2pstate.bin directly (somehow this works?) when instead I was supposed to extract the image files and flash the respective files.
Seems to boot up now. Thanks!
nutsnax said:
nevermind I got it working. I was flashing p2pstate.bin directly (somehow this works?) when instead I was supposed to extract the image files and flash the respective files.
Seems to boot up now. Thanks!
Click to expand...
Click to collapse
That's good you got it to work. One developer once told me, when all else fails, think outside of the box. You'll eventually get it to work somehow
I have your solution cuz I went through the same thing.. you have to start out with stock Android 10 so you have to be bootloader unlocked and rooted that way you can downgrade your software and it's only the super images that you have to downgrade.. so just flash your supers and you'll be fine but they have to be stock Android 10 it doesn't matter what firmware version because you're keeping the same modem file