I figured after reading a few things on the new S10 (non-flashable) combinations we could open up a thread and see if we can crack this probem. To start with, and although I've only started my research on this, I have a unpacked S10+ (TMB) firmware, lz4 decompressing and unpacking as much as i can. Kernel will be unpacked the normal way, and all arm type will need to be reversed or at least analyzed. I figured I'd start with the strings "factory approval", "token", etc.
The token unlocking I've read about is supposedly done by very few people that request payment, but we can figure this out ourselves. They probably just have Samsung hookups. You can get the token message in download mode by flashing an empty steady.bin
or try in a linux terminal
$ truncate -s 1024 steady.bin && tar -H ustar -c steady.bin>test_token_failed.tar
or
$ dd if=/dev/urandom of=steady.bin bs=1 count=1024 (tried both with random and zero, and got the same failure codes, maybe another user will have better luck?)
May have to unpack all the APK's from the system image and disassemble in search of strings, and with strings we'll find functions. I'm really thinking it's going to be a code that you can write to steady.bin then flash and unlock. Steady.bin is 1024 bits in size on all the firmware's i've seen. Steady.bin is also associated widely with Reactivation locks (even the Samsung Watches)
Let's reverse these things and get back our repair firmware. I myself don't care about FRP, but for tool development and need combination firmware working!! This is sad, Samsung!
kalexander7 said:
I figured after reading a few things on the new S10 (non-flashable) combinations we could open up a thread and see if we can crack this probem. To start with, and although I've only started my research on this, I have a unpacked S10+ (TMB) firmware, lz4 decompressing and unpacking as much as i can. Kernel will be unpacked the normal way, and all arm type will need to be reversed or at least analyzed. I figured I'd start with the strings "factory approval", "token", etc.
The token unlocking I've read about is supposedly done by very few people that request payment, but we can figure this out ourselves. They probably just have Samsung hookups. You can get the token message in download mode by flashing an empty steady.bin
or try in a linux terminal
$ truncate -s 1024 steady.bin && tar -H ustar -c steady.bin>test_token_failed.tar
or
$ dd if=/dev/urandom of=steady.bin bs=1 count=1024 (tried both with random and zero, and got the same failure codes, maybe another user will have better luck?)
May have to unpack all the APK's from the system image and disassemble in search of strings, and with strings we'll find functions. I'm really thinking it's going to be a code that you can write to steady.bin then flash and unlock. Steady.bin is 1024 bits in size on all the firmware's i've seen. Steady.bin is also associated widely with Reactivation locks (even the Samsung Watches)
Let's reverse these things and get back our repair firmware. I myself don't care about FRP, but for tool development and need combination firmware working!! This is sad, Samsung!
Click to expand...
Click to collapse
any luck so far ?
sent pm
its actually quite easy to bypass and flash combo.. of course it requires certain files as well as theres a few tricks to it.. the files needed are also not free and hard to find but if u have them then u dont need to purchase factory tokens which can only be used a set number of times forcing you to have to purchase again if u need to...
from my research you cannot make a token aka steady.bin.. its tied to device id aka did.. the ppl that sell em get ur device info then they have access to servers most likely these are businesses that pay for a license with samsung who provides them with access and a signing cert so they can sign the token.. basically takes ur device info then send to server that then uses w.e security amd algorithms to create the token then signs it and sends it back..
steady.bin is then flashed in odin amd then allows factory binary to be flashed.
ive tried to create them with my device info replicating an actual token but it didnt work of course.
ENG tokens are rare and alot more money (probably in thousands) but are done the same way.
i have sold my s10+.
if anyone is interested send me a pm and maybe we can work something out.
I should be able to complete combo flash remotely for example. I do not feel comfortable releasing them to anyone nor the exact method since dont want it to get patched
I can also do some exynos models too but this is untested as i dont own exynos devices.
Shoot me a pm or hit me up on tgram.. should be same as my username on here...
elliwigy said:
its actually quite easy to bypass and flash combo.. of course it requires certain files as well as theres a few tricks to it.. the files needed are also not free and hard to find but if u have them then u dont need to purchase factory tokens which can only be used a set number of times forcing you to have to purchase again if u need to...
from my research you cannot make a token aka steady.bin.. its tied to device id aka did.. the ppl that sell em get ur device info then they have access to servers most likely these are businesses that pay for a license with samsung who provides them with access and a signing cert so they can sign the token.. basically takes ur device info then send to server that then uses w.e security amd algorithms to create the token then signs it and sends it back..
steady.bin is then flashed in odin amd then allows factory binary to be flashed.
ive tried to create them with my device info replicating an actual token but it didnt work of course.
ENG tokens are rare and alot more money (probably in thousands) but are done the same way.
i have sold my s10+.
if anyone is interested send me a pm and maybe we can work something out.
I should be able to complete combo flash remotely for example. I do not feel comfortable releasing them to anyone nor the exact method since dont want it to get patched
I can also do some exynos models too but this is untested as i dont own exynos devices.
Shoot me a pm or hit me up on tgram.. should be same as my username on here...
Click to expand...
Click to collapse
Sure, let's schedule a time for this
kalexander7 said:
Sure, let's schedule a time for this
Click to expand...
Click to collapse
I have s20 model need flash token combination
Sent from my VOG-L09 using Tapatalk
S20? You're in the S10 forums dude.
vro66rand said:
I have s20 model need flash token combination
Click to expand...
Click to collapse
not possible.. even token servers r down
I bought this solutiion from a website can anyone can try with g975x?
https://mega.nz/file/LNoBSQbT
key VjLG-O2fcKbQ1P2wAsreSLvWWoyWHTkVPxUagcQQsp8
mariolcela said:
I bought this solutiion from a website can anyone can try with g975x?
https://mega.nz/file/LNoBSQbT
key VjLG-O2fcKbQ1P2wAsreSLvWWoyWHTkVPxUagcQQsp8
Click to expand...
Click to collapse
you bought it you can try it.. also g975x is LDU model
I dont have a g975x model.
Also its for all g975 models
What does flashing combo files do? Give root or bootloader unlock or something else?
mariolcela said:
I bought this solutiion from a website can anyone can try with g975x?
https://mega.nz/file/LNoBSQbT
key VjLG-O2fcKbQ1P2wAsreSLvWWoyWHTkVPxUagcQQsp8
Click to expand...
Click to collapse
Hey Buddy,
Where did you get it from?
I need a newer version ....
JazonX said:
Hey Buddy,
Where did you get it from?
I need a newer version ....
Click to expand...
Click to collapse
I don't know if they have a newer version but here you go
https://support.halabtech.com
Just search for your phone model
mariolcela said:
I don't know if they have a newer version but here you go
https://support.halabtech.com
Just search for your phone model
Click to expand...
Click to collapse
they dont lol.. bypass is easy
elliwigy said:
they dont lol.. bypass is easy
Click to expand...
Click to collapse
Really ?
Any clue how to do so?
I need help with such a device..
i dont try but if you can wipe the stady partition with root by dd command or you can flash boot-loader of combination directly by dd or purchase one token of desire set flash it and then take a whole backup by twrp and flash it with twrp this is my thinking i dont know this can work but possible that could be
harissiddiq said:
i dont try but if you can wipe the stady partition with root by dd command or you can flash boot-loader of combination directly by dd or purchase one token of desire set flash it and then take a whole backup by twrp and flash it with twrp this is my thinking i dont know this can work but possible that could be
Click to expand...
Click to collapse
huh lmao if u could do any of that then u dont need any token to begin with
[DELETED]
Related
Does anyone know of a bootloader unlock for a rooted ASUS Zenfone 2e? There is an option in dev settings to enable oem unlock, but how would I do that? I want to unlock the bootloader and then flash a custom recovery. If anyone can help me, please let me know. And I also have a system .img file for the phone that I dumped if that would help.
zshep99 said:
Does anyone know of a bootloader unlock for a rooted ASUS Zenfone 2e? There is an option in dev settings to enable oem unlock, but how would I do that? I want to unlock the bootloader and then flash a custom recovery. If anyone can help me, please let me know. And I also have a system .img file for the phone that I dumped if that would help.
Click to expand...
Click to collapse
Over on this thread we've been working on that for a while.
Over on this thread we've been working on that for a while.
Click to expand...
Click to collapse
They haven't been working on it enough... I found some stuff but the sources are shady at best. Im testing them now... so far I cant get the dang "fastboot oem unlock" command to work. I need a list of ALL known fastboot and oem commands so i can get this thing unlocked.
- first I found the key...
you have to remount the /factory directory as rw like this as root
Code:
su
Code:
mount -o remount,rw /factory /factory
after you've done that you can do the following
Code:
getprop ro.isn > /factory/asuskey
so far I've rebooted several times to find a change, or anything, nothing.
if you run the command
Code:
cat asuskey
you get a string of NON HEX characters. but I need to know what to do with them. Im kind-of new to this thing but I would help if I can. I know Linux OK'ish... but I could maybe compile the entire ROM from ASUS's Source Code?? I don know. It IS on their page tho, if that helps. No ROM tho.
I would like some help compiling for the Zenphone 2e. This is a shout out to all the Vets. I want to put in some leg work, but I havent really done mor than experimenting with the Android OS, I get the Idea, Fundimentally ...it's Linux so I should be able to BUILD my Own Bootloader for it... These Bootloaders are Illegal and there's really NO excuse for them. These Intel based phones are essentially a PC in your hand, and the Bootloaders MUST run AFTER a quick POST right? What happened over the past 5 years where there is NO BIOS Pin Trick or any way to access the hardware (That is Open Source without accessible code?) by the BALLS (I mean BIOS-EFI)?
EFI = Extensible Firmware Interface... It loads Extensions for the operation of the Hardware components and provides a BIOS like Interface to the Hardware PRE BOOT... but Where are the USer Options??? I Dont agree with anyone who says that the firmware should be locked down for safety... It's a crock. Its a good idea to make it locked down from Factory ONLY if the user is goven the ability to EASILY Unlock it. I dont know what else to say. I just want Vanilla and as usual this ASUS is LOADED with Spyware from ATT. (I'm not a spelling JEDI)
forum.xda-developers.com/zenfone2/general/unofficial-relock-unlock-bootloader-t3378426
---------- Post added at 12:42 PM ---------- Previous post was at 12:41 PM ----------
http://forum.xda-developers.com/zenfone2/general/unofficial-relock-unlock-bootloader-t3378426
Yeas some nice kind hearted soul at lg could leake the software to unlock bootloaders even if it dont work on all varient we would have more of an idea the algorithim lg uses to encrypt the bl partition. From there unlock ive been getting prety in depth. Yes the bl is locked but easly unlockable its the bl partitions encrytion is what i guess the unlock bin take care of. I have a copy of a random unlock.bin. and ive reduced it in a hex ed. Ive also got by 3 bl partitions ripped and am in the proscess of ripping them to hex to compare codes trying to find the unlock string i need help and ideas here have ls991 how do i get my device id so i can compare it in the string of codes i can also convert device idz to hex and run it with my boot partz to see if i can find those stringz.
Now is this a lost cause or any one got input im pretty tech and cumputer salvy so lets get this unlonked guys we csn do this anything is possible
How do i view the content of a .img file 7zip winrar cant open them at all or is this the encryption im runnin into ill post a screenshot in a sec
You know... dictionaries are free for every browser and maybe punctuation marks will help too. Nobody would read your text, because it's just a mess.
But I'm nice and link you to "Android Image Kitchen". You need it to extract & repack the boot.img:
http://forum.xda-developers.com/showthread.php?t=2073775
MickyFoley said:
You know... dictionaries are free for every browser and maybe punctuation marks will help too. Nobody would read your text, because it's just a mess.
But I'm nice and link you to "Android Image Kitchen". You need it to extract & repack the boot.img:
http://forum.xda-developers.com/showthread.php?t=2073775
Click to expand...
Click to collapse
They are its mainly the screen on my tablet I use. It's one of the most horrible interfaces I've ever had. But thank you so kindy good sir
So i think i found the string addrdz that the unlock.bin adressess but of coarse i still need my device id and lgs software to decode my iemi and device id into a usable decryption code
Is it even possible to get into fastboot on a ls991.
Hey guys,
It seems more and more people are receiving the new version of the P8000:
- Stock Android 6
- New fingerprint scanner that is moved slightly higher and is able to unlock phone from screen-off (I confirm this is working)
- Sim 2 is combined with the micro-sd (I haven't tried whether you can have them both in at the same time)
- Somethings new about the display, since people are reporting errors with it after flashing older roms.
Warning: do NOT flash other roms. We have no way to unbrick the soft bricks yet!
---
Other topics that refer to this version:
http://forum.xda-developers.com/elephone-p8000/general/rom-p8000-t3431571
http://forum.xda-developers.com/elephone-p8000/help/stock-rom-p8000b-t3434477
http://forum.xda-developers.com/elephone-p8000/general/p8000-version-announced-t3346848
---
For development:
- The phone does not come pre-rooted. We have no way to flash custom recovery yet. Any tips for getting root? I've tried such tools as Kingo and vRoot, they don't work.
- We need the blocks file (scatter file) for SP Flash Tools. MTKDroidTools reports "unknown rom structure". Any help? Would love to start working on this.
Looking forward to hearing from others who have this version/who can help me with these questions.
Thanks!
Emile
Nice! Can you provide a dump from /system and /boot maybe?
BlueFlame4 said:
Nice! Can you provide a dump from /system and /boot maybe?
Click to expand...
Click to collapse
I would, if I knew how to. Any pointers?
Emileh said:
I would, if I knew how to. Any pointers?
Click to expand...
Click to collapse
Sure thing. On a rooted device, go into adb shell.
Then use "mount" command to check which partitions are mounted. One should be "/dev/block/platform/mtk-msdc.0/by-name/system" or similar. Use "dd if=/dev/block/platform/mtk-msdc.0/by-name/system of=/storage/emulated/0/system.img bs=1M" to dump the system to the internal sdcard to the file "system.img". If adb complains that bs=1M is an invalid option, try again without that one. A system dump can take some time where you will not get any feedback, so be patient there
Do the same for boot. So "/dev/block/platform/mtk-msdc.0/by-name/boot" should be the way to go for the path. I cannot tell the definite pathes on Android 6.0 but I am rather sure they are more or less like this.
If you run into troubles, just ask
BlueFlame4 said:
Sure thing. On a rooted device, go into adb shell.
Then use "mount" command to check which partitions are mounted. One should be "/dev/block/platform/mtk-msdc.0/by-name/system" or similar. Use "dd if=/dev/block/platform/mtk-msdc.0/by-name/system of=/storage/emulated/0/system.img bs=1M" to dump the system to the internal sdcard to the file "system.img". If adb complains that bs=1M is an invalid option, try again without that one. A system dump can take some time where you will not get any feedback, so be patient there
Do the same for boot. So "/dev/block/platform/mtk-msdc.0/by-name/boot" should be the way to go for the path. I cannot tell the definite pathes on Android 6.0 but I am rather sure they are more or less like this.
If you run into troubles, just ask
Click to expand...
Click to collapse
Thank you for your great instructions! The problem is that we've yet to achieve root on this device. We don't have a custom recovery for this version of the P8000 yet and other 'standard' methods of rooting don't work for me.
(I'm pretty solid in shell, so I'll do this afterwards, but I guess root is actually the first step).
// Edit to say: it does not come pre-rooted
Since the elephone support on facebook didn't realize there are two different versions of the P8000 available, I still need a ROM to unbrick my phone.
flo1k said:
Since the elephone support on facebook didn't realize there are two different versions of the P8000 available, I still need a ROM to unbrick my phone.
Click to expand...
Click to collapse
Ok, we know that, but doesn't really help us
Can you write them an e-mail?
I will do
Edit: OK, see if there will be an answer.
Thank you flo1k!
I have e-mailed as well, and would like to post on the Elephone forum, but don't seem to have access (because of minimum post count, I guess)
Anyone willing to ask for a ROM for the new P8000 on the forum there?
ROM Dump
@BlueFlame4
I can provide ROM dump in two versions:
1) a dump from adress 0000 0000 to 9d80 0000 (apr. 2.5 GB in one file)
2) a readback generated with the scatter.txt of the 'old' 5.1 stock ROM (apr. 2.8 GB seperated in 23 files)
FrauHofrat said:
@BlueFlame4
I can provide ROM dump in two versions:
1) a dump from adress 0000 0000 to 9d80 0000 (apr. 2.5 GB in one file)
2) a readback generated with the scatter.txt of the 'old' 5.1 stock ROM (apr. 2.8 GB seperated in 23 files)
Click to expand...
Click to collapse
The second choice looks promising
Maybe a stupid question
where shall I upload the files - any preferred webspace?
I'm uploading the files - because they contain my NVRAM I send the link as PM as soon as the upload is finished
FrauHofrat said:
Maybe a stupid question
where shall I upload the files - any preferred webspace?
I'm uploading the files - because they contain my NVRAM I send the link as PM as soon as the upload is finished
Click to expand...
Click to collapse
Are you sure we're talking about the same version of the P8000? Cause as far as I know there isn't 5.1 available for this version... Right?
Just checking thank you for your help in any case!! Really looking forward to it.
// edit: ah, you just used the old scatter file. But does that one work for this version?
Emileh said:
Are you sure we're talking about the same version of the P8000? Cause as far as I know there isn't 5.1 available for this version... Right?
Click to expand...
Click to collapse
No, there is only one Firmware available - the mysterious P8000_6.0_20160516.
Btw, this Phone contains a new mainboard model "K06TS-L-V2.0.3" - the 'old' mainboard is moder "K05T...."
// edit: ah, you just used the old scatter file. But does that one work for this version?
Click to expand...
Click to collapse
No, it doesn't work resp. the phone boots with this firmware, but the LCD-driver is the wrong one - the display only shows coloured lines and blurry spots. And there are probabely some more bugs ....
FrauHofrat said:
No, there is only one Firmware available - the mysterious P8000_6.0_20160516.
Btw, this Phone contains a new mainboard model "K06TS-L-V2.0.3" - the 'old' mainboard is moder "K05T...."
No, it doesn't work resp. the phone boots with this firmware, but the LCD-driver is the wrong one - the display only shows coloured lines and blurry spots. And there are probabely some more bugs ....
Click to expand...
Click to collapse
But if the phone boots with the firmware, doesnt that mean that the scatter file of the regular P8000 works? Since it flashes the firmware correctly.
The problem is that I was not able to flash the 'readback files' to the faulty phone.
When selecting 'Only Download' at SP-Flashtool I got the error "PMT... must be download"
When selecting 'Firmware Upgrade" I got some BROM error code
In both cases I used the same scatter,txt which I used to 'readback' the firmware from the working phone
Actually I have to correct my statement in post #15:
I flashed the faulty phone with the last 5.1 stock ROM (160711) - with this stock ROM the phone boots up but LCD (and probably more things) is not working.
I have actually gotten alot further
You have the use the scatter.txt from Android 6.0, which works perfectly fine. I have been able to extract boot.img, system.img and recovery.img that way (using Readback in SP Flash Tools)
Which ones do you need?
They probably flash fine (only thing I've flashed so far are custom recoveries, and although my ported PhilZ starts, I havent gotten it to mount anything.)
A little warning: don't use anything that has anything to do with Android 5.1. Those scatter files don't work
These are great news!
"Which ones do you need?"
Probably all of them
Ok this contains the scatter file, preloader, system.img, boot.img and stock recovery.img
https://ehaffmans.stackstorage.com/index.php/s/uKGKCir0BociydU
You need SP Flash Tools v5, select the scatter file first, then deselect everything, and only select these 4 and manually select the correct files.
Btw, the name of the preloader file is wrong, don't worry. It came from this phone
I am of course not responsible for anything!
Can you guys please confirm this doesn't contain anything personal? Like personal files or IMEI or something. Thanks!
EDIT: THE DEVDB PROJECT HAS RISEN UP!
https://forum.xda-developers.com/moto-z-play/development/project-real-unbrick-hard-bricked-moto-t3927107
This is so easy to do, and can be sooo helpful if one day You will end with hard-brick.
If you have any questions send me a private message. :good:
Hey! My name is Jacob and I must tell you that there is one common problem with Moto Z Play - OTA after downgroading results in hardbrick :silly:
I have also bricked my device some days ago, since then I have gathered interesting info, probably all old and not so old blankflash files (these were used in the past to unbrick, but don't work now) and two tools, that allowed me to make proper rawprogram0, patch0 and gpt_main0.bin needed for making files, that will allow everyone to unbrick.
But this can be worth nothing without your help. Problem with unbricking, is that last OTA, updated chip security making unable to flash older chip firmware rendering all flashfiles useless. To make new one, I must get some files that are not present in the internet, but are present in ALL working phones. All I need is full mmcblk0 backup. If you want to help follow these easy-peasy instructions:
INFO: Procedure bellow excludes EFS, MODEMST1, MODEMST2, FSG, BACKUP partitions from backup. These are your phone specific partitions, that contain sensitive information like IMEI, serial numbers etc, but this guide shows how to avoid them while backing up so you don't have to worry about it
Prerequisites:
1. Your phone might be rooted (but doesn't have to be), definitelly should be working and not messed up too much.
2. You must have at least 32 GB micro sd card
3. Any ROM, even custom will be good, but if you have stock, you get +1 point
Steps:
1. If you have TWRP recovery, boot into it and go to step 2.
If you don't have, here is official one https://eu.dl.twrp.me/addison/ - rename it to "twrp.img" and boot to it with
Code:
fastboot boot twrp.img
2. Backup your /data partition and keep it in safe place
3. Format sdcard in ext4 (it is more robust and failsafe) or FAT32/exFAT (if you are on windows).[/URL]
4. Wipe /data on your phone and insert sdcard. Under "Mount" tab in TWRP, check box next to SD-CARD.
5. Open TWRP terminal emulator (It is in advamced tab), type "su" and run these command:
If you trust me that I won't do bad things with your IMEI:
Code:
dd if=/dev/block/mmcblk0 of=/[U][I]"Ext sd location here"[/I][/U]/Loader.img bs=4096
This just makes full-backup of your all partitions from Qualcomm chip.
OR
If you don't trust me:
Code:
dd if=/dev/block/mmcblk0p[B][COLOR="Red"]X[/COLOR][/B] of=/[B][COLOR="DeepSkyBlue"]Y[/COLOR][/B]/mmcblk0p[COLOR="Red"]X[/COLOR] bs=4096
Where X is number of partition from 1 to 54 BUT NOT: 27 (modemst1), 28 (modemst2), 29 (fsg)
and Y is location of your SD-CARD. This will only back up partitions without IMEI, and other phone-specific info.
6 Generated files will be HUGE (~27GB). Copy them to pc and upload to cloud. Maby https://mega.nz/ - probably only they have enough space for that file for free.
7 Post link here or send it to me via Private Message.
8 That's all! If you managed to get here, all comunity is grateful, :highfive: you will be included as biggest contribuor to the new thread I will make in near future!
If I find the time I will throw my old Z Play back to stock and try this. But can take a while before I have that time. Especially uploading that amount of data which would take me at least 12 hours. So if I do that, I will most likely get it into a split archive
Unfortunately I don't have a 32Gb sdcard. If there's another way to do this, I'm willing to help
Camarda said:
Unfortunately I don't have a 32Gb sdcard. If there's another way to do this, I'm willing to help
Click to expand...
Click to collapse
The only other way I know would be a USB C OTG adapter and a USB stick...
Artim_96 said:
If I find the time I will throw my old Z Play back to stock and try this. But can take a while before I have that time. Especially uploading that amount of data which would take me at least 12 hours. So if I do that, I will most likely get it into a split archive
Click to expand...
Click to collapse
Camarda said:
Unfortunately I don't have a 32Gb sdcard. If there's another way to do this, I'm willing to help
Click to expand...
Click to collapse
Thank you very much guys! You don't even know how much did you motivated me to continue research when I got your responses. If you will have any problem, ask me for advice - I will try to help. :highfive:
In case of Artim_96, you probably know this one, but to split dd image, you can use (obviously) "skip" parameter, for example:
Code:
dd if=/dev/block/mmcblk0 of=/sdcard/mmcblk0_1.img bs=4096 count=10GB
dd if=/dev/block/mmcblk0 of=/sdcard/mmcblk0_2.img bs=4096 skip=10GB count=10GB
dd if=/dev/block/mmcblk0 of=/sdcard/mmcblk0_3.img bs=4096 skip=20GB count=10GB
dd if=/dev/block/mmcblk0 of=/sdcard/mmcblk0_4.img bs=4096 skip=30GB
In case of Camarda: ...
Code:
adb -d shell su -c busybox dd if=/dev/block/mmcblk0 bs=4096 > D:\mmc.bin
... should do the job, where "D:\mmc.bin" can be any other valid location on your pc.
To make this work, you must have root and busybox installed.
Bobernator said:
In case of Artim_96, you probably know this one, but to split dd image, you can use (obviously) "skip" parameter, for example:
Code:
dd if=/dev/block/mmcblk0 of=/sdcard/mmcblk0_1.img bs=4096 count=10GB
dd if=/dev/block/mmcblk0 of=/sdcard/mmcblk0_2.img bs=4096 skip=10GB count=10GB
dd if=/dev/block/mmcblk0 of=/sdcard/mmcblk0_3.img bs=4096 skip=20GB count=10GB
dd if=/dev/block/mmcblk0 of=/sdcard/mmcblk0_4.img bs=4096 skip=30GB
Click to expand...
Click to collapse
that would be a solution, but I guess it's way easier to create one image, zip it and let it get split to about 5 GB chunks, and probably creating a check sum for each before upload
---------- Post added at 17:02 ---------- Previous post was at 16:56 ----------
but what I don't get: I should make a backup of /data, for what? And then I should connect the phone to my PC, but the following commands look very much like linux commands, so the connection to PC seems unneccessary. Plus, for what reason does the SD Card need to be ext4? the commands should work with exFAT too plus no windows system can read ext4. And there is no program to read it for Windows that's slow as hell
Artim_96 said:
that would be a solution, but I guess it's way easier to create one image, zip it and let it get split to about 5 GB chunks, and probably creating a check sum for each before upload
---------- Post added at 17:02 ---------- Previous post was at 16:56 ----------
but what I don't get: I should make a backup of /data, for what? And then I should connect the phone to my PC, but the following commands look very much like linux commands, so the connection to PC seems unneccessary. Plus, for what reason does the SD Card need to be ext4? the commands should work with exFAT too plus no windows system can read ext4. And there is no program to read it for Windows that's slow as hell
Click to expand...
Click to collapse
Sorry, I was in a bit hurry when I was writing tutorial. I have just corected misteakes in it. :silly:
That part with backing up /data and wiping it is just for Your comfort - You probably don't want to include all you photos, videos contacts etc, in the backup, I am wrong?
EDIT: You are right, solution with splitting archive is clearly better, becouse of smaller size and auto merging archives
Bobernator said:
Sorry, I was in a bit hurry when I was writing tutorial. I have just corected misteakes in it. :silly:
That part with backing up /data and wiping it is just for Your comfort - You probably don't want to include all you photos, videos contacts etc, in the backup, I am wrong?
EDIT: You are right, solution with splitting archive is clearly better, because of smaller size and auto merging archives
Click to expand...
Click to collapse
Would it help you to get /data too? It's my old phone, screen is quite damaged so there is nothing worth looking for on it. Plus it was completely wiped twice by flashing the firmware with flashfile and unlocking the bootloader again since flashing the firmware locked it.
Data partition is absolutely not needed, but thanks for asking!
zip compressing was totally worth it. It went from 29.1 GB to just 2.58 GB?
Artim_96 said:
zip compressing was totally worth it. It went from 29.1 GB to just 2.58 GB?
Click to expand...
Click to collapse
Thanks for support!
@Camarda - You are from Brasil, so you probably have different version of software, so if you will upload it, phones outside of Europe can be safed too. Do you still want to help?
Bobernator said:
Thanks for support!
@Camarda - You are from Brasil, so you probably have different version of software, so if you will upload it, phones outside of Europe can be safed too. Do you still want to help?
Click to expand...
Click to collapse
I just sent you the file, tell me if everything is ok
Thank you! Artim's backup is not working on my phone, and I suddenly realised that my exam ending my school are in less than month (!), so I didn't have time neither to write a thread, nor to reverse engineer the file, but I will try to find time and test your backup!
Ps. Don't worry about me beeing temporiarly inactive, this thread is my current target and I won't give up!
Bobernator said:
Thank you! Artim's backup is not working on my phone, and I suddenly realised that my exam ending my school are in less than month (!), so I didn't have time neither to write a thread, nor to reverse engineer the file, but I will try to find time and test your backup!
Ps. Don't worry about me beeing temporiarly inactive, this thread is my current target and I won't give up!
Click to expand...
Click to collapse
Bobernator, I'm just posting to let you know that I am very thankful for your efforts and to take as long as you need. I have a LATAM XT1635-02 that got bricked by an automatic update quite a few months ago. It's in fastboot state. If there is anything I can do to help, let me know.
I now own a XT1710-06, so if you think the files from it could be useful, let me know.
Welcome again! My exams have just ended (I hope they went well) I am temporally at my uncle's house so I don't have access to files and info I've gathered, but I will return to home at friday and even Easter will not stop me, becouse I have decided to start DevXDA project!
Stay with me guys
Fulcano said:
Bobernator, I'm just posting to let you know that I am very thankful for your efforts and to take as long as you need. I have a LATAM XT1635-02 that got bricked by an automatic update quite a few months ago. It's in fastboot state. If there is anything I can do to help, let me know.
I now own a XT1710-06, so if you think the files from it could be useful, let me know.
Click to expand...
Click to collapse
I think I you can easly fix your phone, since fastboot works. You will need factory update zip, it is pinned somewhere in this forum, but if you feel unsure (you can brick phone even harder with this method if it goes wrong), I can assist you during the weekend and share a link with correct zip.
And thanks for support!
Device which you have is Moto Z2 Play (albus) that have next version of the chip in Moto Z Play (addison). My plan is to fix addison by combining some of the firmware from it and albus, but these files are available freely and you don't need to send them.
Bobernator said:
I think I you can easly fix your phone, since fastboot works. You will need factory update zip, it is pinned somewhere in this forum, but if you feel unsure (you can brick phone even harder with this method if it goes wrong), I can assist you during the weekend and share a link with correct zip.
And thanks for support!
Device which you have is Moto Z2 Play (albus) that have next version of the chip in Moto Z Play (addison). My plan is to fix addison by combining some of the firmware from it and albus, but these files are available freely and you don't need to send them.
Click to expand...
Click to collapse
Thanks for the reply! Sorry, i've been quite busy with exams as well.
It's been a while since the phone is bricked, and i think fastboot was the wrong word. When it is plugged in it appears as a qualcomm device and the LED blinks, but other than that the phone does absolutely nothing. I remember being unable to unbrick it because of needing a `programmer.pem` file specific to the version of android that was installed.
The phone had an unlocked bootloader, twrp and supersu. It got stuck during an OEM update from 7.1.1 (i think) to 8.0.0. It was stuck for over four hours, I turned it off by force and then it never turned on again .
With regards to the Moto Z2 files, that's fantastic to hear. If there's anything else I can do to help, please say so. I've configured email alerts now so i'll get notified when you reply .
Thanks for the effort!
The genius Andrey Smirnoff, author of PotatoNV, offers a version of the program that can be used in Linux, called PotatoNV-crossplatform, written in python3.
Steps to unlock bootloader of HUAWEI P20 lite with PotatoNV in Linux (can be used for any Huawei phone listed, tested in Arch Linux)
1) Prepare the software
- Download PotatoNV-crossplatform, unpack and cd inside it
- Prepare a venv, using python3/pip3 :
Code:
python -m venv ./
source ./bin/activate
pip install -r requirements.txt
- Fix some bugs of the software:
i. in file main.py, line 48, replace %s with the name of the folder, that lies under ./bootloaders and contains the bootloader of your phone, eg for P2 lite:
Code:
args.manifest = "./bootloaders/hisi659a/manifest.json".format(args.bootloader)
ii. in file imageflasher.py, comment out lines 59, 67 and 76, as function ui.debug is not defined in module ui
2) Prepare the hardware (omitting the details, you can find them easily online)
- open the back case using heat from a hair dryer, better start from the left side as you see the phone from the back
- connect (short, ground) the test point with the adjucent metal case
- connect the phone to USB cable with the spare hand (eg. by pushing the cable while the phone is hold at a fixed edge)
- notice if the phone screen lights on. If it does, unplug the cable and try again until no light comes up (you can see light through the chips of the open phone)
- check that the device /dev/ttyUSB0 shows up (the interface well known to those who connect devices with UART...)
3) Run the program:
-
Code:
python -m usrlock
(if you hit at permission problem run the above as root)
- select any bootloader (as you have hardcoded the correct one)
- select any 16-digit code, eg 1111111111111111
Wait as the 'magic' happens!
Your phone's bootloader in now unlocked. The phone will reboot, low level reset and start!
Good luck with flashing!
Thanks for sharing!
Thanks for sharing this quide.
In my case it didn't work. Lack of knowledge, propably. I got message
Code:
PotatoNV-crossplatform-master]$ python -m usrlock
Traceback (most recent call last):
File "/usr/lib/python3.9/runpy.py", line 197, in _run_module_as_main
return _run_code(code, main_globals, None,
File "/usr/lib/python3.9/runpy.py", line 87, in _run_code
exec(code, run_globals)
File "/home/xxxx/Lataukset/PotatoNV-crossplatform-master/usrlock/__main__.py", line 2, in <module>
import chalk
ModuleNotFoundError: No module named 'chalk'
Everyting seemed to be installed. But I quess something is missing. There is no "chalk" in anywhere. Do you happen to know about this case?
kuukkeli01 said:
Thanks for sharing this quide.
In my case it didn't work. Lack of knowledge, propably. I got message
Code:
PotatoNV-crossplatform-master]$ python -m usrlock
Traceback (most recent call last):
File "/usr/lib/python3.9/runpy.py", line 197, in _run_module_as_main
return _run_code(code, main_globals, None,
File "/usr/lib/python3.9/runpy.py", line 87, in _run_code
exec(code, run_globals)
File "/home/xxxx/Lataukset/PotatoNV-crossplatform-master/usrlock/__main__.py", line 2, in <module>
import chalk
ModuleNotFoundError: No module named 'chalk'
Everyting seemed to be installed. But I quess something is missing. There is no "chalk" in anywhere. Do you happen to know about this case?
Click to expand...
Click to collapse
same boat here
kuukkeli01 said:
Thanks for sharing this quide.
In my case it didn't work. Lack of knowledge, propably. I got message
Code:
PotatoNV-crossplatform-master]$ python -m usrlock
Traceback (most recent call last):
File "/usr/lib/python3.9/runpy.py", line 197, in _run_module_as_main
return _run_code(code, main_globals, None,
File "/usr/lib/python3.9/runpy.py", line 87, in _run_code
exec(code, run_globals)
File "/home/xxxx/Lataukset/PotatoNV-crossplatform-master/usrlock/__main__.py", line 2, in <module>
import chalk
ModuleNotFoundError: No module named 'chalk'
Everyting seemed to be installed. But I quess something is missing. There is no "chalk" in anywhere. Do you happen to know about this case?
Click to expand...
Click to collapse
Use this on your terminal:
Bash:
python -m venv ./
source ./bin/activate
pip install -r requirements.txt
After that don't close the terminal and continue with the next command:
Bash:
python -m usrlock
To running as root you must first do:
Bash:
sudo su
and next run all the above commands (you can skip the install part: "pip install -r requirements.txt").
In my case this didn't work even after OP bug fixes. I had to add one line to main.py file in write_nvme function after ui.success("Bootloader code updated") just before rebooting:
Code:
fb.unlock(key)
Which makes sense to me, if script wasn't even trying to unlock bootloader then why should it be? Wonder why this worked for you guys, maybe I have too new EMUI?
Hello!
Just updating since I just followed your tutorial and ended up unlocking my P8 so thank you!
For anyone encountering an error with M2Crypto when performing pip install requirements.txt, it's a problem with depedencies that I solved following this post: https://github.com/google/python-adb/issues/112#issuecomment-530824958
Also, I used the bootloader from the main PotatoNV release, doing so I had to use another manifest.json since the windows release bootloaders use a xml file, i just modified the name of it and dragged it in the directory of the new bootloader, it went fine. I precise that I have no idea wtf I was doing but since the "adress" line of the two other file was the same I assumed the manifest was the same with just another format. Anyway it worked, and I think I had to do this because installing the "old" bootloaders, hisi659a, returned an error in potatoNV, whilst hisi65x_a went fine.
Thanks again, I will now brick it while installing shady roms and making big mistakes.
LeSplendide said:
Hello!
Just updating since I just followed your tutorial and ended up unlocking my P8 so thank you!
For anyone encountering an error with M2Crypto when performing pip install requirements.txt, it's a problem with depedencies that I solved following this post: https://github.com/google/python-adb/issues/112#issuecomment-530824958
Also, I used the bootloader from the main PotatoNV release, doing so I had to use another manifest.json since the windows release bootloaders use a xml file, i just modified the name of it and dragged it in the directory of the new bootloader, it went fine. I precise that I have no idea wtf I was doing but since the "adress" line of the two other file was the same I assumed the manifest was the same with just another format. Anyway it worked, and I think I had to do this because installing the "old" bootloaders, hisi659a, returned an error in potatoNV, whilst hisi65x_a went fine.
Thanks again, I will now brick it while installing shady roms and making big mistakes.
Click to expand...
Click to collapse
On debian I had to add a bit more of dev packages:
- libxslt1-dev
- libxml2-dev
- python3-dev
- libssl-dev
- python3-m2crypto
- swig
- python3-rsa
I have a question though, as I am not familiar with those bootloader for huawei devices.
Is there a specific fastboot image (bootloader) for P8 ?
Thanks
I have a general question, though, might not be the place but.
The phone I have is FRP locked and bootloader locked.
If I can unlock the bootloader would I be able to run some kind of `fastboot oem erase-frp`?
Thanks
dave2017 said:
fastboot oem erase-frp`?
Click to expand...
Click to collapse
for what reason? You can change FRP status in settings > developers option. Btw, the command fastboot oem erase-frp doesn't work on Kirin, afaik.
-Alf- said:
for what reason? You can change FRP status in settings > developers option. Btw, the command fastboot oem erase-frp doesn't work on Kirin, afaik.
Click to expand...
Click to collapse
The reason is that phone was given to me, reset and frp locked. The previous user does not remember the account she used.
dave2017 said:
The reason is that phone was given to me, reset and frp locked. The previous user does not remember the account she used.
Click to expand...
Click to collapse
so you need google account bypass, not FRP unlock on the phone, it's not the same...
dave2017 said:
The previous user does not remember the account she used
Click to expand...
Click to collapse
Really?
-Alf- said:
so you need google account bypass, not FRP unlock on the phone, it's not the same...
Really?
Click to expand...
Click to collapse
Yeah really, she is 70 year old and does not really get an understanding of what an account is.
-Alf- said:
so you need google account bypass, not FRP unlock on the phone, it's not the same...
Really?
Click to expand...
Click to collapse
And what is a google account bypass? How can I get something for that? Thanks
Amazing!
I just discovered it. Thank you so much! We're going to be able to unlock our phones finally!