Related
Hello people,
Are there any tools for viewing and editing the amss.bin?
HEX Editor...
IDA...
Brain.
Best Regards
adfree said:
HEX Editor...
IDA...
Brain.
Best Regards
Click to expand...
Click to collapse
with revskill i got this with amss.bin
#define UNLOADED_FILE 1
#include <idc.idc>
static main() {
MakeName(0x00079B70, "Memcmp");
MakeName(0x00062160, "Memcpy");
MakeName(0x0022E924, "Memcpy");
MakeName(0x0006216B, "Memcpy_Generic");
MakeName(0x0022E92F, "Memcpy_Generic");
MakeName(0x000621D0, "__rt_udiv");
MakeName(0x00079F8C, "__rt_udiv");
MakeName(0x00062334, "strlen");
MakeName(0x0007A2C4, "strlen");
MakeName(0x00070DB2, "diag_sp");
MakeName(0x00062298, "strcmp");
MakeName(0x0007A1D8, "strcmp");
MakeName(0x0007A360, "strncpy");
MakeName(0x00072502, "diag_pkt");
MakeName(0x00062F00, "__rt_div0");
MakeName(0x0007D324, "__rt_div0");
MakeName(0x00062F10, "__32__rt_raise");
MakeName(0x0007F1F8, "__32__rt_raise");
MakeName(0x00ACC3A8, "rex_int_lock_32");
MakeName(0x00072330, "subsys_getid");
MakeName(0x0007A548, "vsprintf");
MakeName(0x00062004, "MemClr");
MakeName(0x0022E7C8, "MemClr");
MakeName(0x000725CC, "diag_subsystem");
MakeName(0x0006EC72, "diag_hdlr");
MakeName(0x000726D2, "diag_hdlr");
MakeName(0x00083D86, "diag_hdlr");
MakeName(0x00085432, "diag_hdlr");
}
What about it ?
@Tigrouzen, no segment found at 0x00079B70 etc
amss it's regular elf with a bunch of segments
Code:
Name : LOAD
Start : 0x001E7000
End : 0x001EE000
Length: 0x00007000
----------------------
Name : LOAD
Start : 0x001F0000
End : 0x001F1000
Length: 0x00001000
----------------------
Name : LOAD
Start : 0x001F2000
End : 0x005D8000
Length: 0x003E6000
----------------------
Name : LOAD
Start : 0x005D8000
End : 0x00CDB000
Length: 0x00703000
----------------------
Name : LOAD
Start : 0x00CDB000
End : 0x00D11000
Length: 0x00036000
----------------------
Name : LOAD
Start : 0x00D11000
End : 0x00DAF000
Length: 0x0009E000
----------------------
Name : LOAD
Start : 0x00DAF000
End : 0x00DB9000
Length: 0x0000A000
----------------------
Name : LOAD
Start : 0x00DB9000
End : 0x00E9B000
Length: 0x000E2000
----------------------
Name : LOAD
Start : 0x00E9C000
End : 0x01BF9000
Length: 0x00D5D000
----------------------
Name : LOAD
Start : 0x01BF9000
End : 0x01D05000
Length: 0x0010C000
----------------------
Name : LOAD
Start : 0x01FF0000
End : 0x01FF006C
Length: 0x0000006C
----------------------
Name : LOAD
Start : 0xB0000000
End : 0xB0010CE7
Length: 0x00010CE7
----------------------
Name : LOAD
Start : 0xB0040000
End : 0xB0057000
Length: 0x00017000
----------------------
Name : LOAD
Start : 0xB0100000
End : 0xB0107207
Length: 0x00007207
----------------------
Name : LOAD
Start : 0xB0140000
End : 0xB01401B8
Length: 0x000001B8
----------------------
Name : LOAD
Start : 0xB0200000
End : 0xB0208CF3
Length: 0x00008CF3
----------------------
Name : LOAD
Start : 0xB0240000
End : 0xB024028C
Length: 0x0000028C
----------------------
Name : LOAD
Start : 0xB0400000
End : 0xB040DBE8
Length: 0x0000DBE8
----------------------
Name : LOAD
Start : 0xB0600000
End : 0xB0602000
Length: 0x00002000
----------------------
Name : LOAD
Start : 0xB0602000
End : 0xB0604000
Length: 0x00002000
----------------------
Name : LOAD
Start : 0xF0000000
End : 0xF001F878
Length: 0x0001F878
----------------------
Name : LOAD
Start : 0xF0020000
End : 0xF0026000
Length: 0x00006000
load amss.bin with TriX, dump decoded stage (elf format) and analyze with disassembler (e.g. IDA)
Ok guys i extract certificate from Amss S8530 XEJL2, bootloader segments full info fsbl sbl...
Also i can dump complete NAND and find segment and algorith for RC1 too
This is appscompressed.bin algorythme
0x01ca7750 RIPEMD128+160+MD4
0x01ca7750 SEAL+MD4 key
appcomp hash :
SHA1 : EB55C6690ACAF40BB2F845313F58BFE9C3BC529D
SHA224 : AAC3E2B65CC9F33BB7EDDA3DEB541CA9E8919422CC179B4D2B49F39BAE008F00
SHA256 : 580D3DB21E41A9FE588AE544266040FABA8AF044E739971E77F2B1272323D0B6
SHA256-HTC : A44BC029D7F952750003D9695ED7B464E446D34EEF5BD9665487E4C2BF81F669
MD4 : B3BD8310FF2C4C05E2044FD491814792
MD5 : 7220779D1094C5F7789094DC75BA4E9E
CRC16 (0x1189) : F4EA
CRC30 (Block: 0x1000, Page: 0x200) : 0BD214AA
CRC30 (Block: 0x2000, Page: 0x400) : 0A28A17A
CRC32 (0xEDB88320) : 313F4EF2
CRC32 (0x04C11DB7) : 90B01704
CRC32 HTC (0xEDB88320) : B55B60A7
ECC Reed Solomon (parity 10) : 43702DA1FDAC4DB2023B
ECC BCH Micron 3 byte : 818144
ECC Hamming Toshiba (8 bit - 0x200 bytes) : C00FC3
ECC Hamming (8 bit - 0x200 bytes) : FF3CF3
ECC Hamming (16 bit - 0x200 bytes) : 3FCFFC
Amss algo :
0x0007fce0 CRC-16 norm
0x0007fee0 CRC-16 inv
0x0007f8e0 CRC-30
0x0007eb50 CRC30 Function
0x00b66194 CRC-32
0x00b66394 CRC32 Function
0x000800e0 CRC-32 Xilinx
0x0007eb58 CRC32 Xilinx Function
0x000800e4 CRC32 Xilinx Function
0x00c3c490 DES RAW Spbox
0x00c39381 RSA PKCS SHA1/RIPEND Digest
0x00c39390 MD2 S
0x00463548 SHA2 table
0x008fcc88 SHA2 table
0x00b6eb14 ZDeflate
0x0041a28c SHA1+MD4+MD5 init
0x008fcb08 SHA1+MD4+MD5 init
0x00c3d7f8 SHA1+MD4+MD5 init
0x0041a29c SHA1+MD4+MD5 key1
0x008fcb18 SHA1+MD4+MD5 key1
0x00c3d808 SHA1+MD4+MD5 key1
0x001a9844 SHA1+MD4+MD5 key2
0x0041ac1c SHA1+MD4+MD5 key2
0x008fcb1c SHA1+MD4+MD5 key2
0x001a9848 SHA1+MD4+MD5 key3
0x0041ac20 SHA1+MD4+MD5 key3
0x008fcb20 SHA1+MD4+MD5 key3
0x00463648 SHA2 init table
0x008fcd88 SHA2 init table
0x00c3d80c SHA2 init table
0x0046364c SHA2 init table
0x008fcd8c SHA2 init table
0x00c3d810 SHA2 init table
0x00419980 RIPEMD128+160+MD4
0x008fcaf8 RIPEMD128+160+MD4
0x00bdcca0 RIPEMD128+160+MD4
0x001a9844 MD5
0x0041ac1c MD5
0x008fcb1c MD5
0x00419980 SEAL+MD4 key
0x008fcaf8 SEAL+MD4 key
0x00bdcca0 SEAL+MD4 key
0x004fc7af HTC PUBLIC KEY
E9079DBB2452104990982132470BA20B7C795D1B4690B718B62FCD38D71D4E458FAF320374B89D5236C79BD57D2BA2D3508A4A605B0D48CB8CA5478BFE4D7D32AB0AE072BC367A9615F002D5023A617B422FEC1EF8DAD772D75E9C4F06EF624B864699A3F080D1B8E192B921D159852B2DC798F752B4F1FA529FF123D9963F73
0x00708134 Sober 128
0x00c3cd90 Sober 128 SBox
Possible algos little endian: 45
0x00315f6c AES te
Possible algos big endian: 1
Amss hash :
SHA1 : C59C5785E823E5E1CA9BE05DB6F55F8C8AC1BBA3
SHA224 : 5F50CED13C1204068E443919706B53D866271DAB1CFB5A9CB07A953CAE008F00
SHA256 : D86C7634FE07806D3B87701EC7F72F25DAAFAC7C40CA1D370C1ABA5840C091C0
SHA256-HTC : 120F70AECE78B8DCF69DCD79F020AB00AE17572123BA21274D6F6EE280774A09
MD4 : 7703DF5B1074392D4B91ECA23BAC9D92
MD5 : 22197F8AAD6A2CB4394E1B4E63EB843C
CRC16 (0x1189) : FAC5
CRC30 (Block: 0x1000, Page: 0x200) : 311AE4C7
CRC30 (Block: 0x2000, Page: 0x400) : 295DFC29
CRC32 (0xEDB88320) : 8DB21A34
CRC32 (0x04C11DB7) : 7B94B6A4
CRC32 HTC (0xEDB88320) : 08450BBC
ECC Reed Solomon (parity 10) : A04D69B134A126F3FD15
ECC BCH Micron 3 byte : 000000
ECC Hamming Toshiba (8 bit - 0x200 bytes) : FFFFFF
ECC Hamming (8 bit - 0x200 bytes) : FFFFFF
ECC Hamming (16 bit - 0x200 bytes) : FFFFFF
Amms certificat :
https://rapidshare.com/files/3061245812/1.cer
Well, the main idea was ..., to get some tools with which the amss.bin for bada v1.2 and v2 can be modified to work for the American/Australian version of the wave. Looks like there are some hardware differences and this file is containing information needed for the RF module.
Looks like there are some hardware differences and this file is containing information needed for the RF module
Click to expand...
Click to collapse
No idea if Hardware differences, but I'm pretty sure there are different Config/Calibration data...
Check out NV items... AMSS + NV items = Qualcomm related part...
http://www.samsunguniverse.com/forum/s8500-can-work-with-qualcomm-tools-t199.html
You could take an look on FCC documents for maybe Hardware check...
Best Regards
I think gambal refers to UMTS bands, Europe is different than in America.
UMTS bands in America are 850 - 1900
UMTS bands in Europe are 2100
bada 1.2 and above only works with Euro bands (these updates hasn't oficially released in America), so as we know the file "amss.bin" contains the parameters that define which bands to work, would be good to try to edit the information to compile a new "amss.bin" to work with American bands ..
Many Americans would be happy!
...would be good to try to edit the information to compile a new "amss.bin" to work with American bands ...
Click to expand...
Click to collapse
But you are really sure that not NV items differ?
Maybe easier to compare NV items...
Best Regards
You mean to compare amss NV items from a 1.0 American firmware and another 1.2 European firmware?
I was import to a .Qcn file a list of NV items of my mobile (bada 1.0 american), i will compare with another one of 1.2.
It's posible to create more NV items if is necesary?
sorry for double post.
i've compared NV items of my phone, first with a 1.0 american firmware then with a 1.2 European firmware..
EDIT: thought that there were no differences because the file size was identical, but looking more attentively i find some, i will continue researching,
You tried QPST or which Tool?
And are sure there are no differences?
I have 2x S8500... with QPST difference 10 NV items + one S8500 has 10 more
Content not checked... too lazy at this time.
Best Regards
Edit 1.
File Summary:
Phone Model: 19 [QSC6270/QSC6240], Configuration Name: default, Total NV Item Count: 305
Click to expand...
Click to collapse
File Summary:
Phone Model: 19 [QSC6270/QSC6240], Configuration Name: default, Total NV Item Count: 319
Click to expand...
Click to collapse
And these are only the "official" NV items... and not the hidden one...
Example...
Code:
NV item: [B]2608[/B] [NV_GSM_850_AMPM_MASTER_TBL_SEG8_F1_I], index 0
NV_GSM_850_AMPM_MASTER_TBL_SEG8_F1_I 0: 12 3d fc ff 9c 3c fc ff 26 3c fc ff b0 3b fc ff
NV_GSM_850_AMPM_MASTER_TBL_SEG8_F1_I 1: 34 3b fc ff af 3a fc ff 2a 3a fc ff a6 39 fc ff
NV_GSM_850_AMPM_MASTER_TBL_SEG8_F1_I 2: 22 39 fc ff 9f 38 fc ff 0c 38 fc ff 65 37 fc ff
NV_GSM_850_AMPM_MASTER_TBL_SEG8_F1_I 3: be 36 fc ff 18 36 fc ff 73 35 fc ff ce 34 fc ff
NV_GSM_850_AMPM_MASTER_TBL_SEG8_F1_I 4: 2a 34 fc ff 87 33 fc ff e5 32 fc ff 43 32 fc ff
NV_GSM_850_AMPM_MASTER_TBL_SEG8_F1_I 5: a2 31 fc ff 01 31 fc ff 61 30 fc ff c2 2f fc ff
NV_GSM_850_AMPM_MASTER_TBL_SEG8_F1_I 6: 23 2f fc ff 85 2e fc ff 85 2e fc ff 85 2e fc ff
NV_GSM_850_AMPM_MASTER_TBL_SEG8_F1_I 7: 85 2e fc ff 85 2e fc ff 85 2e fc ff 85 2e fc ff
sorry for my english, I mean to say that i find some differences..
between 2 firmwares, I find 40 differents NV items using "RF NV items Manager" program.
Example:
European 1.2 Firm:
Code:
NV item: 5059 [NV_WCDMA_2100_TX_LIN_MASTER_0_ENH_I], index 0
NV item: 5061 [NV_WCDMA_900_TX_PDM_LIN_0_ENH_I], index 0
American 1.0 Firm:
Code:
NV item: 5064 [NV_WCDMA_1900_TX_PDM_LIN_0_ENH_I], index 0
NV item: 5060 [NV_WCDMA_800_TX_PDM_LIN_0_ENH_I], index 0
(it's look like these items manage the umts network)
This are 2 items of 40 that I find.. So, I imported all 40 1.0 American Firmware Nv Items to the 1.2 Euro Firmwared Phone, (using previous modified .QCN file) then, i restart the device, but nothing happen, still no find UMTS network... But i want believe that we are close to find the solution
If I use PSAS to Display the new added NV items, these appear as "inactive item" and those already on the phone appears lile "bad parameter"
not know what else I can try...
Even if NV items count is different. Dump of NV area will be always the same in size. Area in oneNAND reserved for NV data is constant, and in most it's just empty space, filled with zeros.
Is it possible to dump whole NV items list using QPST? Can you guys do that and send dumps to me?
If not please search for following NV items and send me values you get (if you get any)
Int id 556
Int id 5
Int id 7
Int id 1403
String id 254
String id 387
String id 388
String id 256
String id 197
I want to prove some theory just taken from Bada kernel and need few different values to compare. These should contain Timezone, Locale and SimBlock settings. (If these NV items are even available)
Please send me PMs with dumps if you get any. Thanks in advance.
Tell me when you are ready "amms.bin" to "bada 2.0" so I can put it on my phone. I'm from Argentina. Thank you very much!
Rebellos said:
Int id 556
Int id 5
Int id 7
Int id 1403
Click to expand...
Click to collapse
With "PSAS" display "Inactive Item", and with "RV NV item manager" i don't these id's..
@adfree
Hey, if I wrote in phone (with "RV NV item manager") some NV items, is not take any effect... does exist another step to "activate" these items or some? maybe in Stune have to add any parameter? or maybe the "QPST Service program" tool..
I have fear of breaking the handset really... I just wan't to calibrate the UMTS bands, need these:
WCDMA_II_PCS_1900
WCDMA_V_850
http://forum.xda-developers.com/showpost.php?p=12436452&postcount=1
Other way to access NV items.
Now you can backup with sTune for instance... folders:
Code:
[B]NV
nvm[/B]
EXTREME Caution!
Some IDs are protected... so you can maybe write/activate, but not easily remove change = brick...
Best Regards
a little question..
there is a firmware of S8530 which has bada 1.2 and 850/900/2100Mhz 3g bands capable... there are firmwares prepared for Brazil and Australia.
it's posible to flash that amss.bin in a S8500 with bada 1.2?
I tried this, but the bootloader says "error erase amms"
amss.bin in a S8500 with bada 1.2?
Click to expand...
Click to collapse
If I remember correct, then yes...
Maybe not all combinations...
BUT check Multiloader ... adresses are different...
So you have to edit...
Later more.
Maybe give Link to this S8530 Firmware, so I can take an look or try for you...
Best Regards
Does anybody know, which partition table type is used on the /dev/block/mmcblk0 (sgh-i927) ?
I thought there is GPT, but
Code:
~ # dmesg | grep -B1 -e mmcblk0
...
<4>[ 7.293135] Primary GPT is invalid, using alternate GPT.
<6>[ 7.293252] mmcblk0: p1 (䙅S) p2 (偁P) p3 (䅃C) p4 (䵉S) p5 (卍C) p6 (䑕A) p7 (䑍M) p8 (体S) p9 (乌X) p10 (呏A) p11 (䥈D)
...
fdisk does not recognize the partition table
Code:
~ # fdisk -l /dev/block/mmcblk0
Disk /dev/block/mmcblk0: 7733 MB, 7733248000 bytes
4 heads, 16 sectors/track, 236000 cylinders
Units = cylinders of 64 * 512 = 32768 bytes
Disk /dev/block/mmcblk0 doesn't contain a valid partition table
~ # fdisk -l /edevblommcb1
fdisk: can't open '/edevblommcb1': No such file or directory
~ # fdisk -l /dev/block/mmcblk1
Disk /dev/block/mmcblk1: 8166 MB, 8166309888 bytes
255 heads, 63 sectors/track, 992 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Device Boot Start End Blocks Id System
/dev/block/mmcblk1p1 1 992 7968208+ b Win95 FAT32
ok, no msdos table - no problem, I dumped mmcblk0 to my pc and checked it with parted:
Code:
[[email protected]][~/work/android-work/sgh-i927/device]> parted mmcblk0 print
WARNING: You are not superuser. Watch out for permissions.
Warning: Unable to open /home/roma/work/android-work/sgh-i927/device/mmcblk0 read-write (Permission denied).
/home/roma/work/android-work/sgh-i927/device/mmcblk0 has been opened read-only.
Warning: Unable to open /home/roma/work/android-work/sgh-i927/device/mmcblk0 read-write (Permission denied).
/home/roma/work/android-work/sgh-i927/device/mmcblk0 has been opened read-only.
Error: /home/roma/work/android-work/sgh-i927/device/mmcblk0: unrecognised disk label
disassembled:
Code:
[[email protected]][~/work/android-work/sgh-i927/device]> ../../../android-sdk-linux_86/tools/adb pull /sbin/recovery ./mmcblk0.elf
2823 KB/s (793872 bytes in 0.274s)
[[email protected]][~/work/android-work/sgh-i927/device]> dd if=mmcblk0 of=mmcblk0.mbr count=1
1+0 records in
1+0 records out
512 bytes (512 B) copied, 5.8074e-05 s, 8.8 MB/s
[[email protected]][~/work/android-work/sgh-i927/device]> arm-eabi-objcopy --add-section mmcblk0=mmcblk0.mbr mmcblk0.elf
BFD: st4OsaEp: warning: sh_link not set for section `.ARM.exidx'
[[email protected]][~/work/android-work/sgh-i927/device]> arm-eabi-objdump -d -j mmcblk0 mmcblk0.elf
BFD: mmcblk0.elf: warning: sh_link not set for section `.ARM.exidx'
mmcblk0.elf: file format elf32-littlearm
Disassembly of section mmcblk0:
00000000 <mmcblk0>:
0: 3d5463d0 ldclcc 3, cr6, [r4, #-832]
4: 7c021fb1 stcvc 15, cr1, [r2], {177}
8: 9d1cfe9b ldcls 14, cr15, [ip, #-620]
c: bd8ba89c stclt 8, cr10, [fp, #624]
10: a2bfdf46 adcsge sp, pc, #280 ; 0x118
14: fa289616 blx 0xa25874
18: ffd97eab undefined instruction 0xffd97eab
1c: 6b1737f5 blvs 0x5cdff8
20: 14ea3ae2 strbtne r3, [sl], #2786
24: 545ad41f ldrbpl sp, [sl], #-1055
28: 720e0d51 andvc r0, lr, #5184 ; 0x1440
2c: 5cbb5c11 ldcpl 12, cr5, [fp], #68
30: 406ec5b9 strhtmi ip, [lr], #-89
34: 4514c01f ldrmi ip, [r4, #-31]
38: 52aac445 adcpl ip, sl, #1157627904 ; 0x45000000
3c: f83a0f38 undefined instruction 0xf83a0f38
...
seems garbage to me.
Has anybody else the same "broken" partition table?
fdisk -l /dev/block/mmcblk0
Everybody!
Please, help me in the research.
Post please here your terminal output for these commands:
Code:
$ su
# fdisk -l /dev/block/mmcblk0
Thank you!
romanr said:
Everybody!
Please, help me in the research.
Post please here your terminal output for these commands:
Code:
$ su
# fdisk -l /dev/block/mmcblk0
Thank you!
Click to expand...
Click to collapse
my result:
sorry for late response.....I am quite stuck with job hunting
romanr said:
Everybody!
Please, help me in the research.
Post please here your terminal output for these commands:
Code:
$ su
# fdisk -l /dev/block/mmcblk0
Thank you!
Click to expand...
Click to collapse
And my results
Code:
$ su
su
# fdisk -l /dev/block/mmcblk0
fdisk -l /dev/block/mmcblk0
Disk /dev/block/mmcblk0: 7733 MB, 7733248000 bytes
4 heads, 16 sectors/track, 236000 cylinders
Units = cylinders of 64 * 512 = 32768 bytes
Disk /dev/block/mmcblk0 doesn't contain a valid partition table
romanr said:
Everybody!
Please, help me in the research.
Post please here your terminal output for these commands:
Code:
$ su
# fdisk -l /dev/block/mmcblk0
Thank you!
Click to expand...
Click to collapse
<-- doesnt have a linux box available, sorry
Thanks everybody!
seems there is no standard msdos partition table on SGH-i927, but how does it work then... will dig it more
repartition
How can I re partition my Glide?
I think my NAND is corrupted, It does not boot. I can't get into the recovery (vol down + power).
I can get into the Download Mode.
Thanks
Litatus said:
How can I re partition my Glide?
I think my NAND is corrupted, It does not boot. I can't get into the recovery (vol down + power).
I can get into the Download Mode.
Thanks
Click to expand...
Click to collapse
You shouldn't have to do anything crazy. Put it into download mode and get one of the official releases for ICS -- and then run it against your phone -- it should get everything setup for you perfectly. I believe the download is about 660MB, though, just as a heads-up!
terinfire said:
You shouldn't have to do anything crazy. Put it into download mode and get one of the official releases for ICS -- and then run it against your phone -- it should get everything setup for you perfectly. I believe the download is about 660MB, though, just as a heads-up!
Click to expand...
Click to collapse
Well, i did that. I used the GB and the ICS roms, but nothing. No boot and no recovery, just the samsung logo or the download mode. I was thinking that my NAND could be corrupted, and since I didn't find the .pit file, I started to try other pits files. I've found one that finish the whole process with odin (the others gave me error). But the pit was for 16GB, and now when i flash the GB rom I get an error at the end of the flashing process, when the modem.bin is been transfered, and with the ICS rom at the beggining of the flashing process, when the fs is transfered. In the first case i get the following error message in the glide's screen: "partition size too small". In the second case i get: "data too large". So if i didn't have partitions problems before, now i got it.
http://forum.xda-developers.com/showthread.php?t=1831561
Try using that -- that's an all-in-one tool, which should hopefully repartition your tables and the like. Make sure you put your phone into download mode. If not, sounds like you're going to have a lot of pain moving forward.
not working.. proof...
ok. here are the snapshots. The first two are when I try to flash the stock GB rom. The other two are when I try to flash the stock ICS. The last one is when I try to flash the all-in-one tool...
Nothing... I need to Re-partition my NAND. (I think is the last thing to do before to say it is a hardware issue).
Maybe I could do a JTAG. My friend has the riff box, but he doesn't know the pinout to do the jtag. Does anyone knows?
gdisk
Seems there is GPT, but only the backup copy is used
Code:
GPT fdisk (gdisk) version 0.8.4
Unsupported GPT version in backup header; read 0x00000000, should be
0x00010000
Partition table scan:
MBR: not present
BSD: not present
APM: not present
GPT: not present
Creating new GPT entries.
Command (? for help): p
Disk /dev/block/mmcblk0: 15104000 sectors, 7.2 GiB
Logical sector size: 512 bytes
Disk identifier (GUID): 95328BF5-FDA5-45A2-BD5F-CE18C3F102AD
Partition table holds up to 128 entries
First usable sector is 34, last usable sector is 15103966
Partitions will be aligned on 2048-sector boundaries
Total free space is 15103933 sectors (7.2 GiB)
Number Start (sector) End (sector) Size Code Name
Command (? for help): r
Recovery/transformation command (? for help): c
Warning! This will probably do weird things if you've converted an MBR to
GPT form and haven't yet saved the GPT! Proceed? (Y/N): y
Caution! After loading partitions, the CRC doesn't check out!
Recovery/transformation command (? for help): p
Disk /dev/block/mmcblk0: 15104000 sectors, 7.2 GiB
Logical sector size: 512 bytes
Disk identifier (GUID): 95328BF5-FDA5-45A2-BD5F-CE18C3F102AD
Partition table holds up to 128 entries
First usable sector is 34, last usable sector is 15103966
Partitions will be aligned on 2048-sector boundaries
Total free space is 23485 sectors (11.5 MiB)
Number Start (sector) End (sector) Size Code Name
1 21504 46079 12.0 MiB 0700 ES
2 46080 1274879 600.0 MiB 0700 AP
3 1274880 1913855 312.0 MiB 0700 CC
4 1913856 9779199 3.8 GiB 0700 IS
5 9779200 9783295 2.0 MiB 0700 MC
6 9783296 13977599 2.0 GiB 0700 UA
7 13977600 14010367 16.0 MiB 0700 MM
8 14010368 14020607 5.0 MiB 0700 SS
9 14020608 14036991 8.0 MiB 0700 LX
10 14036992 14053375 8.0 MiB 0700 OA
11 14053376 15101951 512.0 MiB 0700 HD
Recovery/transformation command (? for help): q
Despite checksum error the table seems sane.
I thought if there is GPT, then probably there should be an EFI, but I don't see an EFI system partition, also the first partition is not FAT32 (seems it is even zero-filled) so it does not contain EFI boot loader. Probably the bootloader is written in the first 21503 sectors that are marked as free.
Until we know how the bootloader works changing the partition table is rather dangerous.
partition data
Code:
AP:
total 84
-rw-r--r-- 1 root root 2037 Aug 1 2008 CSCFiles.txt
-rw-r--r-- 1 root root 16 Aug 1 2008 CSCVersion.txt
-rw-r--r-- 1 root root 374 Aug 1 2008 SW_Configuration.xml
drwxr-xr-x 2 root root 4096 Feb 19 2012 T9DB
drwxr-xr-x 2 root root 4096 Aug 14 23:19 app
drwxr-xr-x 2 root 2000 4096 Feb 28 2012 bin
-rw-rw-rw- 1 root root 2936 Feb 19 2012 build.prop
drwxr-xr-x 2 root root 4096 Feb 19 2012 cameradata
drwxr-xr-x 2 root root 4096 Feb 19 2012 csc
drwxr-xr-x 16 root root 4096 Apr 19 2012 etc
drwxr-xr-x 2 root root 4096 Feb 19 2012 fonts
drwxr-xr-x 2 root root 4096 Feb 19 2012 framework
drwxr-xr-x 6 root root 8192 Aug 14 23:19 lib
drwx------ 2 root root 4096 Jan 1 1970 lost+found
drwxr-xr-x 4 root root 4096 Feb 19 2012 media
drwxr-xr-x 4 root root 4096 Feb 19 2012 tts
drwxr-xr-x 7 root root 4096 Feb 19 2012 usr
drwxr-xr-x 4 root root 4096 Feb 19 2012 vsc
drwxr-xr-x 2 root 2000 8192 Feb 23 2012 xbin
CC:
total 384
-rw-r--r-- 1 10029 10029 380994 Dec 7 21:57 downloadfile.bin
drwxrwx--- 2 root root 4096 Jan 1 1970 lost+found
drwxrwxr-x 2 roma 2001 4096 Dec 11 22:51 recovery
ES:
total 2140
-rw-r--r-- 1 roma roma 2 Dec 11 02:38 cryptprop_FailedAttempts
-rw-r--r-- 1 roma roma 9 Jan 1 2011 cryptprop_applied_result
-rw-r--r-- 1 roma roma 5 Feb 19 2012 cryptprop_lock_pattern_autolock
-rw-r--r-- 1 roma roma 6 Feb 19 2012 cryptprop_lock_pattern_tactile_feedback_enabled
-rw-r--r-- 1 roma roma 6 Feb 19 2012 cryptprop_lock_pattern_visible_pattern
-rw-r--r-- 1 roma roma 9 Aug 27 15:08 cryptprop_lockscreen.lockoutattemptdeadline
-rw-r--r-- 1 roma roma 6 Feb 19 2012 cryptprop_lockscreen.password_type
-rw-r--r-- 1 roma roma 5 Feb 19 2012 cryptprop_lockscreen.patterneverchosen
-rw-r--r-- 1 root root 5 Dec 3 11:07 cryptprop_onetimeboot
-rw-r--r-- 1 roma roma 3 Feb 19 2012 cryptprop_persist.sys.language
-rw-r--r-- 1 roma roma 14 Nov 14 20:01 cryptprop_persist.sys.timezone
-rw-r--r-- 1 root root 1 Jan 1 2011 cryptprop_rebootMode
-rw-r--r-- 1 root root 5 Jan 1 2007 cryptprop_sdcard
-rw-r--r-- 1 root root 3 Dec 3 11:07 cryptprop_securewipedata
drwx------ 3 roma roma 4096 Jan 1 2011 dmp
-rw------- 1 roma roma 112 Feb 19 2012 edk_p
-rw------- 1 root root 1 Jan 1 2007 essiv
drwxrwxr-x 2 1001 1001 4096 Nov 22 2011 imei
-rwx------ 1 1001 1001 4533 Mar 13 2012 nv.log
-rwx------ 1 1001 1001 2097152 Dec 11 22:51 nv_data.bin
-rwx------ 1 1001 1001 32 Dec 11 22:51 nv_data.bin.md5
-rwxrw-r-- 1 1001 1001 880 Jan 1 2011 redata.bin
-rw-rw-r-- 1 roma roma 3 Dec 11 22:37 slideCount
IS:
total 629124
drwxr-xr-x 3 root root 4096 Feb 20 2012 Android
drwxr-xr-x 3 root root 4096 Mar 26 2012 DCIM
drwxr-xr-x 2 root root 4096 Mar 17 2012 LOST.DIR
-rwxr-xr-x 1 root root 2344960 Feb 21 2012 app-add-system.tar
drwxr-xr-x 3 root root 4096 Feb 26 2012 clockworkmod
drwxr-xr-x 3 root root 4096 Feb 23 2012 data
-rwxr-xr-x 1 root root 285217010 Feb 1 2012 i927_OsiMood_v0_Origins.zip
-rwxr-xr-x 1 root root 186525834 Feb 16 2012 i927_OsiMood_v2.02.14.zip
-rwxr-xr-x 1 root root 2378 Nov 8 2009 qwerty.html
-rwxr-xr-x 1 root root 10240 Feb 21 2012 resolv-system.tar
-rwxr-xr-x 1 root root 10240 Feb 20 2012 sd-ext-swap-system.tar
-rwxr-xr-x 1 root root 133328 Oct 30 2011 timezone2011i.zip
-rwxr-xr-x 1 root root 58388913 Dec 7 2010 update-cm-6.1.0-DS-signed.zip
-rwxr-xr-x 1 root root 104298840 Feb 20 2012 update-cm-7.1.0-GalaxyS2-signed.zip
-rwxr-xr-x 1 root root 7249920 Feb 21 2012 xbin-add-system.tar
MC:
total 0
MM:
total 0
SS:
total 0
UA:
total 220
-rw-rw-rw- 1 roma roma 4096 Dec 3 11:08 NVM0
-rw-rw-rw- 1 roma roma 16384 Nov 19 16:54 NVM1
-rw-rw-rw- 1 roma roma 2832 Dec 3 11:08 NVM13
-rw-rw-rw- 1 roma roma 0 Feb 19 2012 NVM2
-rw-rw-rw- 1 roma roma 83724 Nov 19 16:54 NVM3
-rw-rw-rw- 1 roma roma 112 Nov 19 16:55 NVM5
-rw-rw-rw- 1 roma roma 0 Feb 19 2012 NVM6
drwxrwxr-x 2 roma roma 4096 Dec 7 20:45 anr
drwxrwx--x 2 roma roma 8192 Dec 11 22:31 app
drwxrwx--x 2 roma roma 4096 Apr 19 2012 app-private
drwx------ 5 roma roma 4096 Dec 7 20:24 backup
-rw-rw-rw- 1 roma roma 2777 Dec 11 14:51 cal.bin
drwxrwxr-x 25 roma roma 4096 Dec 11 02:22 clipboard
drwxrwx--x 2 roma roma 16384 Dec 11 22:31 dalvik-cache
drwxrwx--x 245 roma roma 12288 Dec 7 22:06 data
drwxr-x--- 2 root 1007 4096 Feb 19 2012 dontpanic
lrwxrwxrwx 1 root root 16 Dec 11 22:19 dropbear -> /sd-ext/dropbear
drwxrwxrwt 2 root root 4096 Feb 19 2012 fota
drwxrwx--x 2 roma roma 4096 Feb 19 2012 gps
srwxrwxrwx 1 1002 1002 0 Dec 7 18:03 inc_data_path
drwxrwx--x 3 2000 2000 4096 Sep 8 21:57 local
drwxrwxrwx 2 roma roma 4096 Dec 7 20:45 log
drwxrwx--- 2 root root 4096 Jan 1 1970 lost+found
drwxrwx--t 10 roma 9998 4096 Feb 23 2012 misc
drwxr--r-- 3 root root 4096 Feb 19 2012 mrd
drwx------ 2 root root 4096 Nov 14 20:01 property
drwx------ 3 roma roma 4096 Feb 19 2012 secure
drwxrwxr-x 8 roma roma 4096 Dec 11 22:51 system
drwxr-xr-x 2 roma roma 4096 Feb 21 2012 tombstones
drwxrwx--- 2 1010 1010 4096 Feb 19 2012 wifi
HD:
total 8
drwxr-xr-x 2 root root 4096 Sep 23 2011 app
drwxr-xr-x 2 root root 4096 Sep 23 2011 sdcard
HD/app:
total 1828
-rw-r--r-- 1 root root 30241 Sep 23 2011 ATTFamilyMapLauncher.apk
-rw-r--r-- 1 root root 644618 Sep 23 2011 Kindle-OEM-0.9.6-STUB.apk
-rw-r--r-- 1 root root 19096 Sep 23 2011 YPMAndroid_VPL-release_3.apk
-rw-r--r-- 1 root root 19390 Sep 23 2011 com.mobitv.client.tv.apk
-rw-r--r-- 1 root root 18476 Sep 23 2011 myATTVPL_SA_v4_aligned.apk
-rw-r--r-- 1 root root 1128479 Sep 23 2011 qik-preload-1.18-release-lite.apk
HD/sdcard:
total 98556
-rw-r--r-- 1 root root 94468591 Sep 23 2011 ASPHALT6_11-002_ONv2_480_H264_GOOD.wmv
-rw-r--r-- 1 root root 1270663 Sep 23 2011 Asphalt_6_Screen_Shot_1280x768_1.png
-rw-r--r-- 1 root root 1314442 Sep 23 2011 Asphalt_6_Screen_Shot_1280x768_2.png
-rw-r--r-- 1 root root 1269021 Sep 23 2011 Asphalt_6_Screen_Shot_1280x768_3.png
-rw-r--r-- 1 root root 1370346 Sep 23 2011 Asphalt_6_Screen_Shot_1280x768_4.png
-rw-r--r-- 1 root root 1217762 Sep 23 2011 Asphalt_6_Screen_Shot_1280x768_5.png
LX:
total 0
OA:
total 0
AP - seems like /system
CC - something to do with recovery
ES - /efs
IS - /sdcard (I have internal and external storage swapped)
UA - /data
HD - seems like bloatware bootstrap installation depot, 500Mb, perhaps it may be used as additional storage!
MC, MM, SS, LX, OA - was not mounted, unknown filesystem type
partition data
MC - seems like recovery bootloader, or something related (solely out off "boot-recovery" keyword
Code:
00000000 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
*
00000800 62 6f 6f 74 2d 72 65 63 6f 76 65 72 79 00 00 00 |boot-recovery...|
00000810 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000820 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000830 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
*
00100000 ff ff ff ff 01 02 ff ff ff ff ff ff ff ff ff ff |................|
00100010 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff |................|
*
00100800 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
*
001ff000 3b 86 7c 39 74 01 00 00 00 00 00 00 ff 00 00 00 |;.|9t...........|
001ff010 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
001ff020 00 00 00 00 00 00 00 00 44 4c 4f 57 00 00 00 00 |........DLOW....|
001ff030 01 00 00 00 d4 fa fb ee 17 f2 c0 e7 e1 8f 8d 6e |...............n|
001ff040 b3 9a 72 08 ab c6 b9 17 26 89 ae 99 57 85 2d 57 |..r.....&...W.-W|
001ff050 74 7f 71 79 9a 9f 49 12 6a 9b 68 0e 22 da 07 13 |t.qy..I.j.h."...|
001ff060 c1 e5 e8 60 73 f5 61 4d 0f 05 b2 11 53 f4 46 8c |...`s.aM....S.F.|
001ff070 02 19 19 3b 71 c1 6f 4d bd ad cb e2 7e 48 c4 28 |...;q.oM....~H.(|
001ff080 d5 a9 4f 7e 85 99 5c c1 a3 2f a1 43 90 bf 1f 30 |..O~..\../.C...0|
001ff090 39 9a 2f a0 61 df e4 41 e0 c8 9c ab d1 f2 ca a9 |9./.a..A........|
001ff0a0 d3 0f 6c 46 02 51 8c 13 89 18 18 4d 04 e9 a3 94 |..lF.Q.....M....|
001ff0b0 55 79 ea 0d fe f7 35 6c 93 e6 d5 2a 7c 1e f6 9f |Uy....5l...*|...|
001ff0c0 b9 53 c6 ab 8a 60 2d 77 81 f6 cd e4 86 18 f2 57 |.S...`-w.......W|
001ff0d0 20 00 9b 61 33 1c 35 3b 64 3a 11 0b cf cb 84 6e | ..a3.5;d:.....n|
001ff0e0 70 7f 6a 20 72 03 63 f0 0c d1 05 79 cd 87 53 d0 |p.j r.c....y..S.|
001ff0f0 e4 78 da 3e 71 95 5a b0 1f 8b 9a 76 69 4f 68 d9 |.x.>q.Z....viOh.|
001ff100 56 cb 56 48 64 2b b2 15 e4 24 29 00 b2 57 9c b0 |V.VHd+...$)..W..|
001ff110 e3 b8 e0 b1 89 b3 c8 a8 d1 9b f9 54 3d c2 e8 57 |...........T=..W|
001ff120 94 ab aa 6d 37 5e 2e b3 98 7b 98 29 af 01 b8 9a |...m7^...{.)....|
001ff130 de 7d 6f 9f cb af 0d 71 cb ce 73 94 f8 46 d0 bf |.}o....q..s..F..|
001ff140 66 12 83 95 b6 3a d4 40 08 25 f3 c2 1e 8e b4 42 |f....:[email protected]%.....B|
001ff150 bc c8 82 f5 27 e3 40 c2 5a eb 3d 6b 14 19 2d 5f |....'[email protected]=k..-_|
001ff160 d5 9e 0a a9 19 f0 3d 91 26 34 51 bb 66 a9 97 be |......=.&4Q.f...|
001ff170 ab 06 74 b7 ff ff ff ff ff ff ff ff ff ff ff ff |..t.............|
001ff180 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff |................|
*
001ff800 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
*
00200000
SS - is the system kernel (figured out by initramfs dismantling)
LX - is the recovery kernel
OA - empty partition, zeroed out
MM - really don't know what is it
no way to change the partition table (for now)
Actually there is GPT-like partition table, but it's impossible to modify it because there is a data (or a code) that overlaps with primary GPT header, so modifying the table with bare GPT tools like parted or gdisk will definitelly break something.
my PIT file
Litatus said:
I need to Re-partition my NAND. (I think is the last thing to do before to say it is a hardware issue).
Click to expand...
Click to collapse
Here is my pit file attached. Try to flash recovery, than if it works - try the factoryfs image.
thanks, but...
romanr said:
Here is my pit file attached. Try to flash recovery, than if it works - try the factoryfs image.
Click to expand...
Click to collapse
wow... thanks!... finally i got a pit file... unfortunately does not work either...
I get an error...
Litatus said:
wow... thanks!... finally i got a pit file... unfortunately does not work either...
I get an error...
Click to expand...
Click to collapse
Try heimdall, perhaps console one. I think you did put the recovery into the wrong slot.
GB images
Litatus said:
wow... thanks!... finally i got a pit file... unfortunately does not work either...
Click to expand...
Click to collapse
Here are my GB images: http://romanr.info/android/sgh-i927-GB-img.zip
These images do not contain EFS and factoryfs, so normal boot will not work.
Use heimdall 1.4, 1.3 may not work.
You may start with repartitioning and flashing only GPT and SOS images.
Code:
heimdall flash --repartition --pit sgh-i927-GB.pit --GPT GPT.img --SOS SOS.img
Than reboot and try to enter the recovery (hold volume down key). If the recovery works - you'r fine.
If recovery does not work, then try to flash more images.
Code:
heimdall flash --MSC MSC.img
heimdall flash --EBT EBT.img --EB2 EB2.img
Than try to reboot into recovery again.
Flash other images only at last resort.
Flash PT.img at very last resort.
Litatus said:
I need to Re-partition my NAND. (I think is the last thing to do before to say it is a hardware issue).
Maybe I could do a JTAG. My friend has the riff box, but he doesn't know the pinout to do the jtag. Does anyone knows?
Click to expand...
Click to collapse
sgh-i927 does not have NAND/emmc, it has bare MMC card internally mounted, all partitions lie on that internal card. Curious, that odin for now does not allow to read/dump the partition, but it is possible to dump all the internal mmc drive and get access to bootloader and other things. The first 2 blocks (block size = 512KiB) are hidden though.
I belive that samsung devices are truly unbreakable. Seems that samsung odin-download mode is booted out of some hidden storage, so repartition or even full wipe of internal SD card does not break the download mode.
Also I noticed that nvflash mode works too (holding volume up + volume down), but it requires some additional files. You may dig into it, it is JTAG-equivalent low-level mode.
D859 has 2sims, I can't use other g3 template, right
I already read a loi of information from cm wiki about hout to build a cm,
but I still have any clue yet,
I got D859 official rom scr code yesterday from opensource.lge.com,
I don't know how can I start for building cm,
I need some help, thank you!:laugh:
Here is the list of the files
LGD859_Lollipop_LGD859_V20a_Android_opensource/android/external: $ ls -al
drwxr-xr-x 17 578 brctl
drwxr-xr-x 21 714 dnsmasq
drwxr-xr-x 44 1496 e2fsprogs
drwxr-xr-x 7 238 ebtables
drwxr-xr-x 12 408 gcc-demangle
drwxr-xr-x 25 850 iproute2
drwxr-xr-x 21 714 iptables
drwxr-xr-x 31 1054 iputils
drwxr-xr-x 15 510 junit
drwxr-xr-x 41 1394 libexif
drwxr-xr-x 20 680 libnetfilter_conntrack
drwxr-xr-x 16 544 libnfnetlink
drwxr-xr-x 18 612 libnl
LGD859_Lollipop_LGD859_V20a_Android_opensource/android/vendor/lge: $ ls -la
drwxr-xr-x 3 102 apps
drwxr-xr-x 3 102 build
drwxr-xr-x 5 170 external
drwxr-xr-x 3 102 factory
drwxr-xr-x 4 136 frameworks
drwxr-xr-x 3 102 prebuilt
drwxr-xr-x 4 136 system
LGD859_Lollipop_LGD859_V20a_Android_opensource/kernel: $ ls -al
-rw-r--r-- 1 5935 AndroidKernel.mk
-rw-r--r-- 1 18693 COPYING
-rw-r--r-- 1 94984 CREDITS
drwxr-xr-x 237 8058 Documentation
-rw-r--r-- 1 2536 Kbuild
-rw-r--r-- 1 252 Kconfig
-rw-r--r-- 1 210475 MAINTAINERS
-rw-r--r-- 1 53855 Makefile
-rw-r--r-- 1 364155 Module.symvers
-rw-r--r-- 1 17459 README
-rw-r--r-- 1 3371 REPORTING-BUGS
drwxr-xr-x 31 1054 arch
drwxr-xr-x 38 1292 block
drwxr-xr-x 89 3026 crypto
drwxr-xr-x 112 3808 drivers
drwxr-xr-x 55 1870 firmware
drwxr-xr-x 149 5066 fs
drwxr-xr-x 26 884 include
drwxr-xr-x 14 476 init
drwxr-xr-x 17 578 ipc
drwxr-xr-x 133 4522 kernel
drwxr-xr-x 150 5100 lib
drwxr-xr-x 79 2686 mm
drwxr-xr-x 62 2108 net
drwxr-xr-x 14 476 samples
drwxr-xr-x 91 3094 scripts
drwxr-xr-x 18 612 security
drwxr-xr-x 28 952 sound
drwxr-xr-x 14 476 tools
-rw-r--r-- 1 37204 tuxera_update.sh
drwxr-xr-x 9 306 usr
drwxr-xr-x 3 102 virt
and its readme file said
1. Android build
- Download original android source code ( L 5.0 ) from source.android.com
- Untar opensource packages of LGD859_L_V20a_Android.tar.gz into downloaded android source directory
a) cat LGD859_L_V20a_Android.tar.gza* | tar zxvpf -
- And, merge the source into the android source code
- Run following scripts to build android
a) source build/envsetup.sh
b) lunch 1
c) make -j4
- When you compile the android source code, you have to add google original prebuilt source(toolchain) into the android directory.
- After build, you can find output at out/target/product/generic
2. Kernel Build
- Uncompress using following command at the android directory
tar xvzf LGD859_L_V20a_Kernel.tar.gz
- When you compile the kernel source code, you have to add google original prebuilt source(toolchain) into the android directory.
- Run following scripts to build kernel
a) cd kernel
1) D859
b) make ARCH=arm CROSS_COMPILE=../prebuilts/gcc/linux-x86/arm/arm-eabi-4.8/bin/arm-eabi- g3-ctc_cn-perf_defconfig zImage -j4
* "-j4" : The number, 4, is the number of multiple jobs to be invoked simultaneously.
- After build, you can find the build image(zImage) at arch/arm/boot
3. how to build chromium34_lge (vendor\lge\external\chromium34_lge\src),
please refer to README.txt at the folder mentioned above.
Hey guys!
I'm searching around and I couldn't find a way to root SM-R500 Samsung Galaxy Watch Active (Tizen 4.0.0.3). I found a lot of firmware on different websites, but I couldn't find a rooted one. Any suggestions ...
Thanks
Depend what you expect...
Factory/Service Firmware called Combination Firmware is rooted...
I am using Combination Firmware as base... as Engineer sboot.bin (Bootloader) Engineer Kernel is inside...
From Stock Firmware only rootfs.img is modified... to have su Binary...
Problem...
SM-R500 nor other Galaxy variant tested...
Sugestion for you...
Flash Combination Firmware to see what kind of Root you can expect...
I could help you to modify Firmware Files... but OWN RISK...
Best Regards
adfree said:
Depend what you expect...
Factory/Service Firmware called Combination Firmware is rooted...
I am using Combination Firmware as base... as Engineer sboot.bin (Bootloader) Engineer Kernel is inside...
From Stock Firmware only rootfs.img is modified... to have su Binary...
Problem...
SM-R500 nor other Galaxy variant tested...
Sugestion for you...
Flash Combination Firmware to see what kind of Root you can expect...
I could help you to modify Firmware Files... but OWN RISK...
Best Regards
Click to expand...
Click to collapse
I don’t mind to give it a try. Please share what you have?
Sorry.
I waste tooo much time with Tizen...
I have limited time... and energy...
The long way is here:
https://forum.xda-developers.com/smartwatch/gear-s3/gear-s3-android-wear-port-wip-t3584588
Somewhere inside this Thread are infos how to play with rootfs.img...
The "faster" way for you or both of us... is.
Flash Combination Firmware for SM-R500 to see if this is what you want...
Code:
COMBINATION-FT40_R500XXU1ASA5.tar.md5
COMBINATION-FT40_R500XXU1ASG1.tar.md5
These 2 FT40 seems leaked and available... maybe somewhere in public...
I am too lazy to search for you.
TRy hard enough and in 2 days you can pm me... if you not able to find it...
Maybe I will upload for you...
But again.
What kind of magic you expect from Rooting of your SM-R500?
So I can make decission to help you... or maybe waste my time with other things.
Best Regards
Edit 1.
Code:
COMBINATION-FT40_R500XXU1[B]ASA5[/B].tar.md5
ASA5 I have on my HDD... I could upload...
Edit 2.
Uupsi.. I have both FT40...
Still no idea if somewhere public Link available...
Edit 3...
Lesson 1.
https://forum.xda-developers.com/showpost.php?p=73503787&postcount=150
You "need" netOdin Tool for Flashing Firmware...
I will upload for you:
Code:
COMBINATION-FT40_R500XXU1ASA5.tar.md5
Need some time for upload...
Plese remember:
Own risk!
Best Regards
---------- Post added at 04:28 AM ---------- Previous post was at 03:35 AM ----------
Code:
COMBINATION-FT40_R500XXU1ASA5.tar.md5
https://www.file-upload.net/download-13786815/COMBINATION-FT40_R500XXU1ASA5.tar.md5.7z.html
Own risk!
Best Regards
adfree said:
Sorry.
I waste tooo much time with Tizen...
I have limited time... and energy...
The long way is here:
https://forum.xda-developers.com/smartwatch/gear-s3/gear-s3-android-wear-port-wip-t3584588
Somewhere inside this Thread are infos how to play with rootfs.img...
The "faster" way for you or both of us... is.
Flash Combination Firmware for SM-R500 to see if this is what you want...
Code:
COMBINATION-FT40_R500XXU1ASA5.tar.md5
COMBINATION-FT40_R500XXU1ASG1.tar.md5
These 2 FT40 seems leaked and available... maybe somewhere in public...
I am too lazy to search for you.
TRy hard enough and in 2 days you can pm me... if you not able to find it...
Maybe I will upload for you...
But again.
What kind of magic you expect from Rooting of your SM-R500?
So I can make decission to help you... or maybe waste my time with other things.
Best Regards
Edit 1.
Code:
COMBINATION-FT40_R500XXU1[B]ASA5[/B].tar.md5
ASA5 I have on my HDD... I could upload...
Edit 2.
Uupsi.. I have both FT40...
Still no idea if somewhere public Link available...
Edit 3...
Lesson 1.
https://forum.xda-developers.com/showpost.php?p=73503787&postcount=150
You "need" netOdin Tool for Flashing Firmware...
I will upload for you:
Code:
COMBINATION-FT40_R500XXU1ASA5.tar.md5
Need some time for upload...
Plese remember:
Own risk!
Best Regards
---------- Post added at 04:28 AM ---------- Previous post was at 03:35 AM ----------
Code:
COMBINATION-FT40_R500XXU1ASA5.tar.md5
https://www.file-upload.net/download-13786815/COMBINATION-FT40_R500XXU1ASA5.tar.md5.7z.html
Own risk!
Best Regards
Click to expand...
Click to collapse
Sorry for the late reply and thank you adfree for your effort, but I already have and tested the combination firmware and It is not what I'm looking for! Now I'm trying to figure the pinout so I can connect it directly.
Done first attempt with DSL1 Firmware...
Waiting for feedback...
Meanwhile...
A
To enable Root access... SDB Tool required...
Code:
sdb root on
A.1
To enable su from Shell...
Additional steps required...
Code:
sdb root on
sdb shell
mount -vo remount,rw /
chmod -v +sx /usr/bin
Code:
sdb root off
Then you can su from shell...
Code:
su
then it asks for password... password is:
Code:
tizen
B
To check if you can now play with rootfs.img "on the fly"...
Code:
sdb root on
Or you have enbled the other way...
Code:
sdb shell
Code:
mount -vo remount,rw /
Now you can for instance delete poweron poweroff Animation... you can do more but this is safe... nothing will explode.
Code:
sdb root on
Switched to 'root' account mode
sdb shell
sh-3.2# cd /usr/share/edje
sh-3.2# ls -a1l
total 1280
drwxr-xr-x 5 root root 4096 Jun 27 2019 .
drwxr-xr-x 131 root root 4096 Jun 27 2019 ..
-rw-r--r-- 1 root root 322470 Apr 19 2019 360x360_PowerOff.edj
-rw-r--r-- 1 root root 227171 Apr 19 2019 360x360_PowerOn.edj
-rw-r--r-- 1 root root 6065 Apr 19 2019 csc-ani.edj
-rw-r--r-- 1 root root 6221 Apr 19 2019 factory-reset-util.edj
drwxr-xr-x 2 root root 4096 Jun 27 2019 images
drwxr-xr-x 2 root root 4096 Jun 27 2019 include
-rw-r--r-- 1 root root 295340 Apr 19 2019 poweroff.edj
-rw-r--r-- 1 root root 411726 Apr 19 2019 poweron.edj
-rw-r--r-- 1 root root 5656 Apr 19 2019 voice-control-elm.edj
drwxr-xr-x 2 root root 4096 Jun 27 2019 xwalk
Code:
rm poweron.edj
and/or
Code:
rm poweroff.edj
Be carefully what you remove or replace...
Best Regards
Seems to work... DSL1 rooted... tested in coop with:
Code:
COMBINATION-FT40_R500XXU1[B]ASL2[/B]
For some dump action I need some infos about partition layout...
Code:
[B]cat /proc/partitions[/B]
Example output from SM-Z130H and SM-R760...
Code:
major minor #blocks name
7 0 10052 loop0
7 1 17408 loop1
254 0 146152 zram0
179 0 3817472 mmcblk0
179 1 1024 mmcblk0p1
179 2 1024 mmcblk0p2
179 3 1024 mmcblk0p3
179 4 1024 mmcblk0p4
179 5 1024 mmcblk0p5
179 6 1024 mmcblk0p6
179 7 1024 mmcblk0p7
179 8 1024 mmcblk0p8
179 9 8192 mmcblk0p9
179 10 9216 mmcblk0p10
179 11 2048 mmcblk0p11
179 12 2048 mmcblk0p12
179 13 2048 mmcblk0p13
179 14 8192 mmcblk0p14
179 15 8192 mmcblk0p15
179 16 8192 mmcblk0p16
179 17 8192 mmcblk0p17
179 18 8192 mmcblk0p18
179 19 4096 mmcblk0p19
179 20 2048 mmcblk0p20
179 21 32768 mmcblk0p21
179 22 131072 mmcblk0p22
179 23 2641920 mmcblk0p23
179 24 917504 mmcblk0p24
179 96 512 mmcblk0rpmb
179 64 4096 mmcblk0boot1
179 32 4096 mmcblk0boot0
179 128 7749632 mmcblk1
179 129 7748608 mmcblk1p1
Code:
sh-3.2# ls -l /dev/disk/by-partlabel
total 0
lrwxrwxrwx 1 root root 15 Apr 6 09:52 boot -> ../../mmcblk0p8
lrwxrwxrwx 1 root root 15 Apr 6 09:52 cm -> ../../mmcblk0p7
lrwxrwxrwx 1 root root 15 Apr 6 09:52 cpnvcore -> ../../mmcblk0p3
lrwxrwxrwx 1 root root 15 Apr 6 09:52 csa -> ../../mmcblk0p2
lrwxrwxrwx 1 root root 16 Apr 6 09:52 csc -> ../../mmcblk0p11
lrwxrwxrwx 1 root root 16 Apr 6 09:52 module -> ../../mmcblk0p10
lrwxrwxrwx 1 root root 15 Apr 6 09:52 param -> ../../mmcblk0p6
lrwxrwxrwx 1 root root 15 Apr 6 09:52 ramdisk1 -> ../../mmcblk0p5
lrwxrwxrwx 1 root root 15 Apr 6 09:52 ramdisk2 -> ../../mmcblk0p4
lrwxrwxrwx 1 root root 15 Apr 6 09:52 recovery -> ../../mmcblk0p9
lrwxrwxrwx 1 root root 16 Apr 6 09:52 rootfs -> ../../mmcblk0p14
lrwxrwxrwx 1 root root 16 Apr 6 09:52 steady -> ../../mmcblk0p15
lrwxrwxrwx 1 root root 16 Apr 6 09:52 system-data -> ../../mmcblk0p12
lrwxrwxrwx 1 root root 15 Apr 6 09:52 tup -> ../../mmcblk0p1
lrwxrwxrwx 1 root root 16 Apr 6 09:52 user -> ../../mmcblk0p13
Code:
sh-3.2# ls -l /dev/disk/by-label
total 0
lrwxrwxrwx 1 root root 16 Apr 6 09:52 modules -> ../../mmcblk0p10
lrwxrwxrwx 1 root root 10 Apr 6 09:52 ramdisk -> ../../ram0
lrwxrwxrwx 1 root root 15 Apr 6 09:52 ramdisk-recovery -> ../../mmcblk0p4
lrwxrwxrwx 1 root root 16 Apr 6 09:52 rootfs -> ../../mmcblk0p14
lrwxrwxrwx 1 root root 16 Apr 6 09:52 tizen -> ../../mmcblk0p13
Code:
sh-3.2# lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
loop0 7:0 0 320K 1 loop /opt/share/zoneinfo
loop1 7:1 0 13.6M 1 loop /usr/share/locale
zram0 254:0 0 279.3M 0 disk [SWAP]
mmcblk0rpmb 179:24 0 512K 0 disk
mmcblk0boot0 179:8 0 4M 1 disk
mmcblk0boot1 179:16 0 4M 1 disk
mmcblk0 179:0 0 3.7G 0 disk
|-mmcblk0p1 179:1 0 32M 0 part
|-mmcblk0p2 179:2 0 8M 0 part /csa
|-mmcblk0p3 179:3 0 2M 0 part
|-mmcblk0p4 179:4 0 20M 0 part
|-mmcblk0p5 179:5 0 8M 0 part
|-mmcblk0p6 179:6 0 8M 0 part
|-mmcblk0p7 179:7 0 3M 0 part
|-mmcblk0p8 259:0 0 16M 0 part
|-mmcblk0p9 259:1 0 16M 0 part
|-mmcblk0p10 259:2 0 16M 0 part /usr/lib/modules
|-mmcblk0p11 259:3 0 190M 0 part /opt/system/csc
|-mmcblk0p12 259:4 0 158M 0 part /opt
|-mmcblk0p13 259:5 0 1.9G 0 part /opt/usr
|-mmcblk0p14 259:6 0 1.3G 0 part
| `-rootfs 253:0 0 1.2G 1 crypt /
`-mmcblk0p15 259:7 0 256K 0 part
Thanx in advance.
Best Regards
Here the answer.
Thanx. :good:
SM-R500 DSL1
Code:
sh-3.2# cat /proc/partitions
major minor #blocks name
1 0 20480 ram0
1 1 20480 ram1
7 0 34240 loop0
7 1 384 loop1
254 0 284980 zram0
179 0 3817472 mmcblk0
179 1 8192 mmcblk0p1
179 2 2048 mmcblk0p2
179 3 1024 mmcblk0p3
179 4 512 mmcblk0p4
179 5 512 mmcblk0p5
179 6 28160 mmcblk0p6
179 7 20480 mmcblk0p7
259 0 8192 mmcblk0p8
259 1 2048 mmcblk0p9
259 2 6144 mmcblk0p10
259 3 3072 mmcblk0p11
259 4 18432 mmcblk0p12
259 5 18432 mmcblk0p13
259 6 10240 mmcblk0p14
259 7 4096 mmcblk0p15
259 8 194560 mmcblk0p16
259 9 172032 mmcblk0p17
259 10 1873408 mmcblk0p18
259 11 1439744 mmcblk0p19
259 12 256 mmcblk0p20
179 24 512 mmcblk0rpmb
179 16 4096 mmcblk0boot1
179 8 4096 mmcblk0boot0
Code:
sh-3.2# ls -l /dev/disk/by-partlabel
total 0
lrwxrwxrwx 1 root root 16 Feb 8 11:11 afpc -> ../../mmcblk0p15
lrwxrwxrwx 1 root root 16 Feb 8 11:11 boot -> ../../mmcblk0p12
lrwxrwxrwx 1 root root 16 Feb 8 11:11 cm -> ../../mmcblk0p11
lrwxrwxrwx 1 root root 15 Feb 8 11:11 csa -> ../../mmcblk0p1
lrwxrwxrwx 1 root root 16 Feb 8 11:11 csc -> ../../mmcblk0p16
lrwxrwxrwx 1 root root 15 Feb 8 11:11 module -> ../../mmcblk0p5
lrwxrwxrwx 1 root root 16 Feb 8 11:11 nad_fw -> ../../mmcblk0p14
lrwxrwxrwx 1 root root 15 Feb 8 11:11 nad_refer -> ../../mmcblk0p3
lrwxrwxrwx 1 root root 15 Feb 8 11:11 param -> ../../mmcblk0p9
lrwxrwxrwx 1 root root 15 Feb 8 11:11 ramdisk1 -> ../../mmcblk0p8
lrwxrwxrwx 1 root root 15 Feb 8 11:11 ramdisk2 -> ../../mmcblk0p7
lrwxrwxrwx 1 root root 16 Feb 8 11:11 recovery -> ../../mmcblk0p13
lrwxrwxrwx 1 root root 16 Feb 8 11:11 rootfs -> ../../mmcblk0p19
lrwxrwxrwx 1 root root 15 Feb 8 11:11 smsn -> ../../mmcblk0p4
lrwxrwxrwx 1 root root 16 Feb 8 11:11 steady -> ../../mmcblk0p20
lrwxrwxrwx 1 root root 16 Feb 8 11:11 system-data -> ../../mmcblk0p17
lrwxrwxrwx 1 root root 15 Feb 8 11:11 tup -> ../../mmcblk0p6
lrwxrwxrwx 1 root root 15 Feb 8 11:11 tyd -> ../../mmcblk0p2
lrwxrwxrwx 1 root root 16 Feb 8 11:11 up_param -> ../../mmcblk0p10
lrwxrwxrwx 1 root root 16 Feb 8 11:11 user -> ../../mmcblk0p18
Code:
sh-3.2# ls -l /dev/disk/by-label
total 0
lrwxrwxrwx 1 root root 15 Feb 8 11:11 ramdisk -> ../../mmcblk0p8
lrwxrwxrwx 1 root root 15 Feb 8 11:11 ramdisk-recovery -> ../../mmcblk0p7
lrwxrwxrwx 1 root root 16 Feb 8 11:11 tizen-csc -> ../../mmcblk0p16
lrwxrwxrwx 1 root root 16 Feb 8 11:11 tizen-rootfs -> ../../mmcblk0p19
lrwxrwxrwx 1 root root 16 Feb 8 11:11 tizen-system-da -> ../../mmcblk0p17
lrwxrwxrwx 1 root root 16 Feb 8 11:11 tizen-user -> ../../mmcblk0p18
Code:
sh-3.2# lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
loop0 7:0 0 33.4M 1 loop /usr/share/locale
loop1 7:1 0 384K 1 loop /opt/share/zoneinfo
mmcblk0 179:0 0 3.7G 0 disk
|-mmcblk0p1 179:1 0 8M 0 part /csa
|-mmcblk0p2 179:2 0 2M 0 part
|-mmcblk0p3 179:3 0 1M 0 part
|-mmcblk0p4 179:4 0 512K 0 part
|-mmcblk0p5 179:5 0 512K 0 part
|-mmcblk0p6 179:6 0 27.5M 0 part
|-mmcblk0p7 179:7 0 20M 0 part
|-mmcblk0p8 259:0 0 8M 0 part
|-mmcblk0p9 259:1 0 2M 0 part
|-mmcblk0p10 259:2 0 6M 0 part
|-mmcblk0p11 259:3 0 3M 0 part
|-mmcblk0p12 259:4 0 18M 0 part
|-mmcblk0p13 259:5 0 18M 0 part
|-mmcblk0p14 259:6 0 10M 0 part
|-mmcblk0p15 259:7 0 4M 0 part
|-mmcblk0p16 259:8 0 190M 0 part /opt/system/csc
|-mmcblk0p17 259:9 0 168M 0 part /opt
|-mmcblk0p18 259:10 0 1.8G 0 part /opt/usr
|-mmcblk0p19 259:11 0 1.4G 0 part /
`-mmcblk0p20 259:12 0 256K 0 part
mmcblk0boot0 179:8 0 4M 1 disk
mmcblk0boot1 179:16 0 4M 1 disk
mmcblk0rpmb 179:24 0 512K 0 disk
zram0 254:0 0 278.3M 0 disk [SWAP]
Code:
mmcblk0p1 CSA
mmcblk0p2 TYD
mmcblk0p3 NAD_REFER
mmcblk0p4 SMSN
mmcblk0p5 MODULE
mmcblk0p6 TUP
mmcblk0p7 RAMDISK-RECOVERY
mmcblk0p8 RAMDISK
mmcblk0p9 PARAM
mmcblk0p10 UP_PARAM
mmcblk0p11 CM
mmcblk0p12 BOOT
mmcblk0p13 RECOVERY
mmcblk0p14 NAD_FW
mmcblk0p15 AFPC
mmcblk0p16 CSC
mmcblk0p17 SYSTEM-DATA
mmcblk0p18 USR
mmcblk0p19 ROOTFS
mmcblk0p20 STEADY
mmcblk0boot0 BOOT0
mmcblk0boot1 BOOT1
mmcblk0rpmb RPMB --->protected... NOT readable
mmcblk0 Full 4 GB eMMC
Best Regards
SM-R500 DSL1 summary for dd action... dump partitions... :angel:
We have 20 partitions p1 - p20
+ 3 additional
We are writing to USR partition p18... remember limited space... ca, 1500 MB free
Code:
dd if=/dev/mmcblk0boot0 of=/opt/usr/media/bootloader0.bin
dd if=/dev/mmcblk0boot1 of=/opt/usr/media/bootloader1.bin
[COLOR="Red"][B]dd if=/dev/mmcblk0rpmb of=/opt/usr/media/rpmb.bin[/B][/COLOR]
dd if=/dev/mmcblk0p1 of=/opt/usr/media/csa.bin
dd if=/dev/mmcblk0p2 of=/opt/usr/media/tyd.bin
dd if=/dev/mmcblk0p3 of=/opt/usr/media/nad_refer.bin
dd if=/dev/mmcblk0p4 of=/opt/usr/media/smsn.bin
dd if=/dev/mmcblk0p5 of=/opt/usr/media/module.bin
dd if=/dev/mmcblk0p6 of=/opt/usr/media/tup.bin
dd if=/dev/mmcblk0p7 of=/opt/usr/media/ramdisk-recovery.bin
dd if=/dev/mmcblk0p8 of=/opt/usr/media/ramdisk.bin
dd if=/dev/mmcblk0p9 of=/opt/usr/media/param.bin
dd if=/dev/mmcblk0p10 of=/opt/usr/media/up_param.bin
dd if=/dev/mmcblk0p11 of=/opt/usr/media/cm.bin
dd if=/dev/mmcblk0p12 of=/opt/usr/media/boot.bin
dd if=/dev/mmcblk0p13 of=/opt/usr/media/recovery.bin
dd if=/dev/mmcblk0p14 of=/opt/usr/media/nad_fw.bin
dd if=/dev/mmcblk0p15 of=/opt/usr/media/afpc.bin
dd if=/dev/mmcblk0p16 of=/opt/usr/media/csc.bin
dd if=/dev/mmcblk0p17 of=/opt/usr/media/system-data.bin
[COLOR="Red"][B]dd if=/dev/mmcblk0p18 of=/opt/usr/media/usr.bin[/B][/COLOR]
[COLOR="Red"][B]dd if=/dev/mmcblk0p19 of=/opt/usr/media/rootfs.bin[/B][/COLOR]
dd if=/dev/mmcblk0p20 of=/opt/usr/media/steady.bin
Red marked Commands...
rootfs to dump is not really usefull... remember free space...
usr is written to usr partition... so never possible to dump in 1 step...
rpmb read protected,,, found no way on Wearables...
To pull all files from Media folder...
Code:
sdb pull /opt/usr/media/
Or pull file by file with filename... example:
Code:
sdb pull /opt/usr/media/[B]csa.bin[/B]
Best Regards
To dump "whole" eMMC...
Limitation we have only maximum 1,8 GB... so we have tiny problem to put whole 4 GB...
To check free space...
Example taken from my SM-R760...
Code:
sh-3.2# df -h
Filesystem Size Used Avail Use% Mounted on
rootfs 1.3G 1.1G 200M 84% /
devtmpfs 340M 0 340M 0% /dev
/dev/mmcblk0p14 1.3G 1.1G 200M 84% /
/dev/mmcblk0p12 139M 85M 51M 63% /opt
/dev/mmcblk0p10 14M 253K 13M 2% /usr/lib/modules
tmpfs 352M 24K 352M 1% /dev/shm
tmpfs 352M 2.6M 349M 1% /run
tmpfs 352M 0 352M 0% /sys/fs/cgroup
tmpfs 352M 60K 352M 1% /tmp
/dev/loop0 384K 384K 0 100% /opt/share/zoneinfo
/dev/loop1 34M 34M 0 100% /usr/share/locale
/dev/mmcblk0p11 183M 101M 80M 56% /opt/system/csc
/dev/mmcblk0p2 6.8M 1.2M 5.0M 20% /csa
/dev/mmcblk0p13 1.9G 120M 1.8G 7% /opt/usr
tmpfs 71M 80K 71M 1% /run/user/5001
tmpfs 71M 0 71M 0% /run/user_ext/5001
/dev/mmcblk0p13 1.9G 120M 1.8G 7% /opt/usr/media
/dev/mmcblk0p13 1.9G 120M 1.8G 7% /opt/usr/apps
/dev/mmcblk0p13 1.9G 120M 1.8G 7% /opt/usr/home/owner/media
/dev/mmcblk0p13 1.9G 120M 1.8G 7% /opt/usr/media
sh-3.2# df -a
Filesystem 1K-blocks Used Available Use% Mounted on
rootfs 1298824 1064480 204612 84% /
devtmpfs 347224 0 347224 0% /dev
none 0 0 0 - /proc
sysfs 0 0 0 - /sys
/dev/mmcblk0p14 1298824 1064480 204612 84% /
/dev/mmcblk0p12 141376 86868 51276 63% /opt
/dev/mmcblk0p10 13847 253 13287 2% /usr/lib/modules
securityfs 0 0 0 - /sys/kernel/security
smackfs 0 0 0 - /sys/fs/smackfs
tmpfs 359712 24 359688 1% /dev/shm
devpts 0 0 0 - /dev/pts
tmpfs 359712 2628 357084 1% /run
tmpfs 359712 0 359712 0% /sys/fs/cgroup
cgroup 0 0 0 - /sys/fs/cgroup/systemd
pstore 0 0 0 - /sys/fs/pstore
cgroup 0 0 0 - /sys/fs/cgroup/net_cls
cgroup 0 0 0 - /sys/fs/cgroup/cpu,cpuacct
cgroup 0 0 0 - /sys/fs/cgroup/freezer
cgroup 0 0 0 - /sys/fs/cgroup/memory
debugfs 0 0 0 - /sys/kernel/debug
tmpfs 359712 60 359652 1% /tmp
configfs 0 0 0 - /sys/kernel/config
/dev/loop0 384 384 0 100% /opt/share/zoneinfo
/dev/loop1 34176 34176 0 100% /usr/share/locale
/dev/mmcblk0p11 187373 102462 81020 56% /opt/system/csc
/dev/mmcblk0p2 6907 1218 5117 20% /csa
/dev/mmcblk0p13 1936976 122612 1797980 7% /opt/usr
tmpfs 71940 80 71860 1% /run/user/5001
tmpfs 71940 0 71940 0% /run/user_ext/5001
/dev/mmcblk0p13 1936976 122612 1797980 7% /opt/usr/media
/dev/mmcblk0p13 1936976 122612 1797980 7% /opt/usr/apps
vip_cgroup 0 0 0 - /sys/fs/cgroup/vip
/dev/mmcblk0p13 1936976 122612 1797980 7% /opt/usr/home/owner/media
/dev/mmcblk0p13 1936976 122612 1797980 7% /opt/usr/media
Taken from here:
https://opensource.com/article/18/7/how-check-free-disk-space-linux
First attempt:
Code:
dd if=/dev/mmcblk0 of=/opt/usr/media/full4GB_eMMC.bin
dd stopps if usr partition is full...
Could lead to sideeffect...
But could be enough to pull result...
Code:
sh-3.2# dd if=/dev/mmcblk0 of=/opt/usr/media/full4GB_eMMC.bin
dd: writing to `/opt/usr/media/full4GB_eMMC.bin': [COLOR="Red"][B]No space left on device[/B][/COLOR]
3596569+0 records in
3596568+0 records out
1841442816 bytes (1.8 GB) copied, 151.265 s, 12.2 MB/s
Code:
sh-3.2# df -h
Filesystem Size Used Avail Use% Mounted on
rootfs 1.3G 1.1G 200M 84% /
devtmpfs 340M 0 340M 0% /dev
/dev/mmcblk0p14 1.3G 1.1G 200M 84% /
/dev/mmcblk0p12 139M 83M 53M 61% /opt
/dev/mmcblk0p10 14M 253K 13M 2% /usr/lib/modules
tmpfs 352M 24K 352M 1% /dev/shm
tmpfs 352M 2.5M 349M 1% /run
tmpfs 352M 0 352M 0% /sys/fs/cgroup
tmpfs 352M 60K 352M 1% /tmp
/dev/loop0 384K 384K 0 100% /opt/share/zoneinfo
/dev/loop1 34M 34M 0 100% /usr/share/locale
/dev/mmcblk0p11 183M 101M 80M 56% /opt/system/csc
/dev/mmcblk0p2 6.8M 1.2M 5.0M 20% /csa
[COLOR="Red"][B]/dev/mmcblk0p13 1.9G 1.9G 0 100% /opt/usr[/B][/COLOR]
tmpfs 71M 80K 71M 1% /run/user/5001
tmpfs 71M 0 71M 0% /run/user_ext/5001
[COLOR="Red"][B]/dev/mmcblk0p13 1.9G 1.9G 0 100% /opt/usr/media
/dev/mmcblk0p13 1.9G 1.9G 0 100% /opt/usr/apps
/dev/mmcblk0p13 1.9G 1.9G 0 100% /opt/usr/home/owner/media
/dev/mmcblk0p13 1.9G 1.9G 0 100% /opt/usr/media[/B][/COLOR]
Code:
sdb pull /opt/usr/media/full4GB_eMMC.bin
pulled full4GB_eMMC.bin 100% 1756MB
1 file(s) pulled. 0 file(s) skipped.
/opt/usr/media/full4GB_eMMC.bin 552 KB/s (1841442816 bytes in 3255.896s)
Pull seems 1 hour...
Best Regards
Code:
sh-3.2# dd if=/dev/mmcblk0 | gzip > /opt/usr/media/full4GB_eMMC.bin.gz
gzip: stdout: No space left on device
Creates corrupt/unfinished archive file... but have 2200 MB inside... few more as uncompressed...
Better we split... and find other way for user partition...
.
.
.
Best Regards
Maybe found something...
Code:
sdb shell dd if=/dev/mmcblk0boot1>testme11.bin
sdb shell dd if=/dev/mmcblk0boot0>testme11more.bin
sdb shell dd if=/dev/mmcblk0rpmb>testme11moreAA.bin
Now need more time for next attempt...
Code:
sdb shell dd if=/dev/mmcblk0>FULLeMMCoverSDB_WiFi.bin
4 GB !
IMHO 1 - 2 hours...
Best Regards
Rooted SM-R500 DSL1 Firmware is here:
https://forum.xda-developers.com/showpost.php?p=81762345&postcount=838
If Questions... better ask BEFORE...
Best Regards
Hmmm... I don't know why...
But if I direct dump to PC... then additional crap is written...
2 Bytes...
Code:
0D0D
I have Tizen handset... SM-Z130H... with Tizen 2.4...
Here this work as it seems, tested with Command:
Code:
sdb shell dd if=/dev/mmcblk0boot1>Z1_boot1.bin
This partition is ever empty... contains only 00... so IMHO good reference...
But my Z1 is connected via USB cable...
No idea if 0D0D cames because some TCP problem...
Best Regards
With SM-R760 we have luck...
Combination Firmware not mandatory for Tizen 4 Root...
Only RAMDISK taken from Combination Firmware...
Maybe this is also working for SM-R500... need to be tested.
Attached is ramdisk.img from FT40 ASL2 for SM-R500...
Best Regards
I0T said:
Hey guys!
I'm searching around and I couldn't find a way to root SM-R500 Samsung Galaxy Watch Active (Tizen 4.0.0.3). I found a lot of firmware on different websites, but I couldn't find a rooted one. Any suggestions ...
Thanks
Click to expand...
Click to collapse
Hey there! Could you finally root the SM-R500? Is it still alive? Have the same model here... I used to root all Samsung I had but this is my very first watch so I do not want to mess it yet without anyone proofs
Your Firmware Version?
I have only rooted DSL1 for SM-R500...
Best Regards
adfree said:
Your Firmware Version?
I have only rooted DSL1 for SM-R500...
Best Regards
Click to expand...
Click to collapse
Hi adfree, It seems DSL1, lastest Samsung update.. I have read about combination firmwares etc.. but not tired anything without being sure cause is the most expensive watch i ever bought..
The most combinations firms seems for others than R500, I don't know either about knox on watch if will be tripped too and will left samsung pay useless or it works different than phones..
Yesterday I downloaded all tizen SDK tools etc... and sideloaded tpk apps to watch, they install but could not run them propperly.. but I guess all this is about to test yet as it is a "new watch" ...sorry my ignorance but I come from a LG watch from 2015 omg I had to update myself... xD
Thank you and have a nice day !
@Albayeah
Sorry.
In main I am talking with my self... about Rooting...
No idea why user not confirm in public...
I know he used the old method with Combination Firmware first... then my rooted rootfs,img...
The new way... is to flash only RAMDISK from Combination Firmware, then my rooted files.
So Round 1:
with netOdin
https://forum.xda-developers.com/showpost.php?p=81799723&postcount=15
Round 2.
with netOdin
IGNORE the Combination Firmware files
https://forum.xda-developers.com/showpost.php?p=81762345&postcount=838
Only this:
https://www.file-upload.net/download-13891175/2020_DSL1_smR500_ROOT_v1.7z.html
Own Risk!
But I am 99,9 % sure this is working. :angel:
Best Regards
adfree said:
@Albayeah
Sorry.
In main I am talking with my self... about Rooting...
No idea why user not confirm in public...
I know he used the old method with Combination Firmware first... then my rooted rootfs,img...
The new way... is to flash only RAMDISK from Combination Firmware, then my rooted files.
So Round 1:
with netOdin
https://forum.xda-developers.com/showpost.php?p=81799723&postcount=15
Round 2.
with netOdin
IGNORE the Combination Firmware files
https://forum.xda-developers.com/showpost.php?p=81762345&postcount=838
Only this:
https://www.file-upload.net/download-13891175/2020_DSL1_smR500_ROOT_v1.7z.html
Own Risk!
But I am 99,9 % sure this is working. :angel:
Best Regards
Click to expand...
Click to collapse
Many thanks! I am going to save your files by the moment because I am still afraid of messing something definetly on the watch with no reverse..
Maybe I have to do more research..
I hope I dont bother you with my questions but if you already rooted.. could you use samsung apps as usual..? Like samsung health, samsung pay.. won't prompt a security message or disable any functions, any apps..?
Sorry cause i am kinda confused with that details..
On phone I use Samsung apps hiding with magisk etc... cause it is rooted but it is Android, but what about watch with tizen and no magisk..? Will disable the apps just like in the phone, or is it knox unrecoverable? :silly:
Sorry for my inexperience maybe all this sounded silly to you XDD
Best wishes to all on these hard times :good:
Hi,
I own a OP3 with broken screen and am not able to retrieve some photos from the device.
As I already bought a new phone, I'd like to avoid having to repair the display.
Phone facts:
-Rooted Stock Rom, Bootloader unlocked
-Screen totally black, not sure if touch works, at least home key LED lights up when touched
- MTP not working (was recognized by PC, but no files displayed)
What works:
- Boot into stock recovery and fastboot
- adb and fastboot both work (I'm using android-tools-adb with Ubuntu 18.04)
- adb root shell
However, when browsing through the system, both /data and /storage are empty.
mount -a or mount /storage does not work.
When I do a
Code:
cat /proc/partitions
I get something similar to this:
Code:
major minor #blocks name
7 0 98304 loop0
8 16 4096 sdb
8 17 4052 sdb1
8 0 56582144 sda
8 1 8 sda1
8 2 32768 sda2
8 3 262144 sda3
8 4 1024 sda4
8 5 512 sda5
8 6 128 sda6
8 7 128 sda7
8 8 512 sda8
8 9 10240 sda9
8 10 10240 sda10
8 11 1024 sda11
8 12 8096 sda12
8 13 16192 sda13
8 14 512 sda14
8 15 56238572 sda15
8 48 131072 sdd
8 49 32 sdd1
8 50 4 sdd2
8 51 1024 sdd3
8 64 4194304 sde
8 65 512 sde1
8 66 512 sde2
8 67 2048 sde3
8 68 2048 sde4
8 69 512 sde5
8 70 512 sde6
8 71 2048 sde7
8 72 16 sde8
8 73 512 sde9
8 74 512 sde10
8 75 97280 sde11
8 76 16384 sde12
8 77 1024 sde13
8 78 32768 sde14
8 79 8192 sde15
259 0 8192 sde16
259 1 16384 sde17
259 2 65536 sde18
259 3 65536 sde19
259 4 3080192 sde20
259 5 65536 sde21
259 6 4 sde22
259 7 1024 sde23
259 8 512 sde24
259 9 512 sde25
259 10 256 sde26
259 11 256 sde27
259 12 256 sde28
259 13 256 sde29
259 14 256 sde30
259 15 256 sde31
259 16 4 sde32
259 17 33424 sde33
259 18 2048 sde34
8 32 4096 sdc
8 33 4052 sdc1
8 80 1572864 sdf
8 81 2048 sdf1
8 82 2048 sdf2
8 83 4 sdf3
8 84 512 sdf4
Is there any way I can mount the correct partitions to /storage and /data to get access to the the photos using adb / fastboot?
or any other way, maybe like flashing new Stock Rom (without wiping) using adb sideload and then let it boot and access the files via MTP?
@HansiT4 Maybe this tool: https://github.com/Genymobile/scrcpy
Never used it myself as I've never had the need though.