Related
Tis operation IS EASIEST AS you thinking about.
Just download this zip and make all by instruction:
1. Burn noogie.img [2] to microSD card (from 128Mb)with win32diskimager [1].
2. Turn off (10-20 second on power button) NOOK2E and plug in microSD with noogie.img.
3. Turn on NOOK2E
4. When Rooted Forever appear on screen - connect with cable to PC.
5. Wait for a wile.
6. Install Mini tools partition [3] (free).
7. Delete all partition from NOOK2E (Disk size - 1.82Gb)with Mini tools partition (first "Delete" - than "Apply" in top left corner).
8. Install Roadkil's Disk Image [4].
9. Run Roadkil's Disk Image select backup.img and burn on Nook (Physical Disk with 1,82Gb size)
10. After all - turn off NOOK, pull the noogie sd card from it.
Thanks for all who create root for Nook2E & forum.xda-developers.com.
P.S. NOOK image was made from CLEAR NOOK without registration.
Now working on changing s/n and mac. Need public key generator
Need help:
For now - find ./rom/devconf directory with lot of info:
for me are interesting 4:
DeviceID - same as S/N (on motherboard/on box)
MACAddress - as is (write on motherboard)
PublicKey - I don't know is this the same for all nooks or personal for each?
SerialNumber - the S/N as is (on motherboard/on box)
If change sn+id+mac - will work fine with new info.
But what about public key?
Waiting for you replays.
Find more - there are:
HashOfPrivateKey - some thing to use with PublicKey
ProductID - I don't know were to find
MainBoardSN - (write on motherboard)
Yep - there is 3 piece for making all works:
ProductID, HashOfPrivateKey, PublicKey
NEEED HELP
I'm trying to download this, but there are no seeds on the torrent. Any way you could hop back on and seed?
I can leave it seeding for a while after it's done.
So does this work or not ? I read somewhere that every nook has its own very personal default ROM. Since I didn't backup before rooting I suppose my own clean rom is gone, and I think it is impossible to do the other method which uses ADB wireless to do the 8 consecutive boots.
Can you host the file to another location, because it can not be downloaded.
Thanks.
vacano said:
So does this work or not ? I read somewhere that every nook has its own very personal default ROM. Since I didn't backup before rooting I suppose my own clean rom is gone, and I think it is impossible to do the other method which uses ADB wireless to do the 8 consecutive boots.
Can you host the file to another location, because it can not be downloaded.
Thanks.
Click to expand...
Click to collapse
The wireless ADB method worked for me. Much better than trying to 'catch' the boot 8 times in a row.
*first post on XDA, btw!
For me the ADB method didn't work. The process froze at the very end without completing the whole procedure. I got scared that I had f****d the device, but happily it booted again, but with the rooted shell.
Guess I will have to be stuck with the Rooted Forever
Hi,
Thanks very much for the instructions - I've managed to brick my NOOK and I'm desperate for help. But as others have mentioned, the file is no longer available. I cannot stress the amount of gratitude I'd have if you could possibly transfer the image to me via dropbox. I'm flying soon and really need my nook to work.
If you don't have dropbox, you can leave me some mail address and I'll invite you - you'll only have to copy & paste the file within your file system. If you do have dropbox - my mail is [email protected].
an image is nowhere to be found - please, please find it in your heart to transfer me your image.
alternatively, you can upload it to some file server and post it as a reply for the others in need of this file.
Thanks so very much in advance
Dan
I too screwed up and forgot to make a backup. I have acces to (and made a copy of) all the partitions I can view using a noogie bootable. On the factory partition, I noticed a zip file that has all the info for my nook (S/N, MAC address, etc...) in it. Is there any way you could try to put the backup img out, say with the files individual to each nook out, and instructions on where to replace them. Thanks
Warning: Do not use the image and method outlined in the first post!
It will replace data that are unique to _your_ Nook Touch, like your serial number and MAC address.
There are better options for restoring your Nook Touch, like this one.
Please let this thread die.
can you put direct download of (Just download this zip and make all by instruction):
I cant download it
Thanks
uuuuuuuuuuuuuuu hooooooooooooooooo
Greetings!
First of all, I am sorry if this is on the wrong section of the forum. Nevertheless i've tried few rooting applications which are stated to be compatible with this ME103K model, but with no results.. Also many fake sites trying to lure you to purchase something.
Is there anyone who could provide me information on how to root my ASUS ME103K tablet? Should I also try every rooting application available out there or is this useless? Can I verify if they are compatible without all the way installing and running them on the device? (Sorry don't know much about this stuff =)! )
Thank you very much in advance
I rooted ME103K on my own - by compiling a custom kernel
Executive summary: Go to youtube and watch video with ID "gqubgQjqfHw" (I can't post links yet, sorry! ) - or search Youtube for "Rooting MemoPAD10 (ME103K) with my custom compiled kernel"
Analysis:
I hated the fact that my recently purchased MemoPAD10 (ME103K) tablet had no open process to allow me to become root. I don't trust the closed-source one-click root apps that use various exploits, and require communicating with servers in.... China. Why would they need to do that? I wonder...
I therefore decided this was a good opportunity for me to study the relevant documentation and follow the steps necessary to build an Android kernel for my tablet. I then packaged my custom-compiled kernel into my custom boot image, and the video shows how I boot from it and become root in the process.
Note that I didn't burn anything in my tablet - it's a 'tethered' root, it has no side-effects.
If you are a developer, you can read in detail about the steps I had to take to modify the kernel (and su.c) and become root - by reading the questions (and answers!) that I posted in the Android StackExchange forum ( can't post links yet, see the video description in Youtube ).
If you are not a developer, you can download my custom boot image from the link below - but note that this means you are trusting me to not do evil things to your tablet as my kernel boots and my /sbin/su is run
Honestly, I haven't done anything weird - I just wanted to run a debootstrapped Debian in my tablet, and succeeded in doing so. But I am also worried about the cavalier attitude I see on the web about rooting your devices - if you want to be truly safe, you must either do what I did (and recompile the kernel yourself) or absolutely trust the person that gives it to you. I do wish Google had forced a UI-accessible "become root" option in Android, just as Cyanogen does (sigh).
The image I created and used in the video to boot in rooted mode, is available from the link show in the Youtube video details.
Enjoy!
ttsiodras said:
Executive summary: Go to youtube and watch video with ID "gqubgQjqfHw" (I can't post links yet, sorry! ) - or search Youtube for "Rooting MemoPAD10 (ME103K) with my custom compiled kernel"
Analysis:
I hated the fact that my recently purchased MemoPAD10 (ME103K) tablet had no open process to allow me to become root. I don't trust the closed-source one-click root apps that use various exploits, and require communicating with servers in.... China. Why would they need to do that? I wonder...
I therefore decided this was a good opportunity for me to study the relevant documentation and follow the steps necessary to build an Android kernel for my tablet. I then packaged my custom-compiled kernel into my custom boot image, and the video shows how I boot from it and become root in the process.
Note that I didn't burn anything in my tablet - it's a 'tethered' root, it has no side-effects.
If you are a developer, you can read in detail about the steps I had to take to modify the kernel (and su.c) and become root - by reading the questions (and answers!) that I posted in the Android StackExchange forum ( can't post links yet, see the video description in Youtube ).
If you are not a developer, you can download my custom boot image from the link below - but note that this means you are trusting me to not do evil things to your tablet as my kernel boots and my /sbin/su is run
Honestly, I haven't done anything - I just wanted to run a deboot-strapped Debian in my tablet. But I am also worried about the cavalier attitude I see on the web about rooting your devices - if you want to be truly safe, you must either do what I did (and recompile the kernel yourself) or absolutely trust the person that gives it to you. I do wish Google had forced a UI-accessible "become root" option in Android, just as Cyanogen does (sigh).
The image I created and used in the video to boot in rooted mode, is available from the link show in the Youtube video details.
Enjoy!
Click to expand...
Click to collapse
Hello ttsiodras,
I had the same problem as OP and didn't want to go the "chinese route" either, especially since there seem to be conflicting reports on whether it works on the ME103k or not so I tried your solution - with mixed results...
Disclaimer: I'm totally new to Android (colour me unpleasantly surprised) and have little experience in Linux, so for further reference I would consider myself an advanced noob. Please keep this in mind when evaluating my claims or judging what I have done so far or am capable of doing by myself in the future.
What I did:
- become developer in the ME103k by tapping the system build repeatedly, then allowing debugging via USB
- use ADB to boot into the bootloader
- use fastboot to boot your boot.rooted.img
What happened:
- I did get root access
- the tab now always boots into the bootloader, even when told via ADB or fastboot to boot normally or into recovery. Pushing buttons etc doesn't seem to work either
- my attempts to do a recovery via the vanilla Asus method has failed due to the same fact that boot never gets past fastboot
Since you claimed in your description that there would be no side-effects since it is a tethered root I am somewhat puzzled as to what exactly happened. From what I understand - which admittedly isn't a lot - what should have happened is that your boot image is loaded, giving me root access until the next reboot without changing anything about the default boot process or image. I read somewhere else that this is how people test out different kernels with fastboot before deciding on which one they want to use on their devices. The whole boot process being changed and corrupted in a way that makes the tablet non-rebootable without having the cable and an adb- and fastboot-capable machine nearby is not really what I would have expected going by your description.
Of course it is entirely possible (and probably even rather likely) that I got something wrong along the way or there is a simple fix to my problem I am not aware of.
As for possible steps maybe you or someone else in the forum could point me to a way to return my tablet to factory settings before risking damaging it beyond repair. I'm assuming that it should be possible and rather straightforward to recover the original setup with the firmware provided by Asus (downloaded the newest version from the homepage) but to be honest I'm a bit scared to go ahead with it before knowing for sure how to do this safely.
One thing seems certain: I won't be able to do it the way Asus says I should unless I can somehow get into normal or recovery boot modes again. I do however still have root access and am able to run fastboot and ADB including shell on the tablet, so it should be possible.
I would certainly appreciate any help very much
Thanks
drsiegberterne said:
. . . From what I understand - which admittedly isn't a lot - what should have happened is that your boot image is loaded, giving me root access until the next reboot without changing anything about the default boot process or image. I read somewhere else that this is how people test out different kernels with fastboot before deciding on which one they want to use on their devices.
Click to expand...
Click to collapse
Your understanding is correct - that's exactly what should have happened.
I can assure you that the kernel I compiled is formed from the Asus sources with the 2 patches I made that have *nothing* to do with the bootloader - they patch the way that the kernel allows dropping privileges and thus allowing root level access.
Something else must have happened - did you by any chance "burn" the image? i.e. `(DONT DO THIS) fastboot flash boot boot.rooted.img` instead of `fastboot boot boot.rooted.img`?
I did not advocate for burning precisely because it is unpredictable - manufactures sometimes require signing images with their private keys before allowing a boot image to boot (AKA "locked bootloaders") which means that any attempt to burn may lead to weird configurations. . .
If you did burn it, maybe you can try burning the original "boot.img" from the Asus OTA (Over the Air) update .zip file (avaible as a big download at the ASUS site - "UL-K01E-WW-12.16.1.12-user.zip" )
I know of no way to help you with the current state of your tablet, except to "ease the pain" by saying that rebooting to fastboot is always "recoverable" - you can always boot into my own (rooted) kernel or the original (from the ASUS .zip file) with `fastboot boot <whatever_image>`. No "harm" can happen from this - as you correctly said, it's the way to try new kernels and images.
UPDATE - after more reverse engineering:
I had a look into the contents of the boot loader running inside the ME103K, and I am pretty sure that if you execute this at fastboot...
# fastboot oem reset-dev_info
# fastboot reboot
... you will get back to normal, un-tethered bootings of your ME103K.
Thanassis.
ttsiodras said:
Your understanding is correct - that's exactly what should have happened.
I can assure you that the kernel I compiled is formed from the Asus sources with the 2 patches I made that have *nothing* to do with the bootloader - they patch the way that the kernel allows dropping privileges and thus allowing root level access.
Something else must have happened - did you by any chance "burn" the image? i.e. `(DONT DO THIS) fastboot flash boot boot.rooted.img` instead of `fastboot boot boot.rooted.img`?
I did not advocate for burning precisely because it is unpredictable - manufactures sometimes require signing images with their private keys before allowing a boot image to boot (AKA "locked bootloaders") which means that any attempt to burn may lead to weird configurations. . .
If you did burn it, maybe you can try burning the original "boot.img" from the Asus OTA (Over the Air) update .zip file (avaible as a big download at the ASUS site - "UL-K01E-WW-12.16.1.12-user.zip" )
I know of no way to help you with the current state of your tablet, except to "ease the pain" by saying that rebooting to fastboot is always "recoverable" - you can always boot into my own (rooted) kernel or the original (from the ASUS .zip file) with `fastboot boot <whatever_image>`. No "harm" can happen from this - as you correctly said, it's the way to try new kernels and images.
Thanassis.
Click to expand...
Click to collapse
Hi Thanassis,
thanks for your quick reply and your efforts. I'm actually around 85% sure I did not flash the image but since I had no Linux on my computer at the time (I know shame on me) I used a Mac and the command line was a bit different. Since I had never used ADB or fastboot I relied on some guide that explained how to even get into the bootloader and might have gotten something wrong.
On the other hand I later read out the commands I used in the Mac shell and couldn't find anything other than the things I should have done and described earlier, so as far as I can tell this all should never have happened. It may be interesting to point out here that the "stuck in fastboot" mode happened immediately after the first time I loaded your kernel and I most definitely just wrote fastboot boot boot.rooted.img at that point.
As for fixing the problem now it's not only about the inconvenience of the whole thing. I also later (after I was already stuck in fastboot mode) installed some apps for helping me manage privileges of different apps (xposed framework and xprivacy) which turned out to not be compatible in some way or another. So now not only is my tablet not booteable in a normal way but its also cluttered with even more useless stuff than before and I would really like to just reset it before thinking about any other possibilities.
If I flash boot the original ASUS boot image found in the file you described and which i dowloaded already, shouldn't that fix the problem if I accidentally did flash your boot image? Or will there be even more trouble?
Alternatively isn't there a manual way to flash the whole zipped recovery image or am I misunderstanding what this ASUS file actually contains?
And which of the two options is safer to try first or in other words - which one might break the tablet once and for all?
Thanks again and sorry for my incompetence
drsiegberterne said:
Hi Thanassis,
If I flash boot the original ASUS boot image found in the file you described and which i dowloaded already, shouldn't that fix the problem if I accidentally did flash your boot image? Or will there be even more trouble?
. . .
Alternatively isn't there a manual way to flash the whole zipped recovery image or am I misunderstanding what this ASUS file actually contains?
. . .
Thanks again and sorry for my incompetence
Click to expand...
Click to collapse
No, don't be sorry We are all either choosing to learn in this world (i.e. make mistakes and learn from them), or choose to remain stuck in ignorance. I applaud your efforts in properly rooting the tablet. . .
To the point - remember, you are root now ; whatever apps you installed, you can definitely uninstall them. You don't necessarily need to wipe it.
If you do want to, I'd suggest booting in recovery and doing it the normal way that Asus recommends. Since you said "buttons don't work", you may want to try using the original recovery .img - i.e. "fastboot boot recovery.img". I'd love to suggest a link from ASUS, but they don't host it (which is bad - they really should) - so instead go to "goo" dot "gl" slash "noegkY" - this will point you to a discussion where a kind soul is sharing his ME103K recovery.img.
Booting from the recovery will allow you to install the ASUS OTA update - and probably try cleaning cache partition, etc
Good luck!
ttsiodras said:
No, don't be sorry We are all either choosing to learn in this world (i.e. make mistakes and learn from them), or choose to remain stuck in ignorance. I applaud your efforts in properly rooting the tablet. . .
To the point - remember, you are root now ; whatever apps you installed, you can definitely uninstall them. You don't necessarily need to wipe it.
If you do want to, I'd suggest booting in recovery and doing it the normal way that Asus recommends. Since you said "buttons don't work", you may want to try using the original recovery .img - i.e. "fastboot boot recovery.img". I'd love to suggest a link from ASUS, but they don't host it (which is bad - they really should) - so instead go to "goo" dot "gl" slash "noegkY" - this will point you to a discussion where a kind soul is sharing his ME103K recovery.img.
Booting from the recovery will allow you to install the ASUS OTA update - and probably try cleaning cache partition, etc
Good luck!
Click to expand...
Click to collapse
The problem here is that he doesn't seem to have the same version as on my tablet. I have the newest version with Lollipop while this seems to be at least a couple of patches earlier with a completely different version of Android. Won't I risk breaking things even more if I try to apply this - as in trying to recover a recovery that is not on my tablet since certainly the recovery.img doesn't contain all the information needed since it's only 10 MB.
As you can probably guess the whole discussion in your link about what part of the system is broken and how to fix it goes right over my head. It also seems like they did not find a satisfactory solution in the end (short of sending the tablet to ASUS). As you can imagine I'm at quite a loss what to try and what not out of fear to make things worse. At least for now I can still use the tablet to do the things I need it to do.
Thanks for your help anyway, I will try to read up more on the topic and decide what to do next.
drsiegberterne said:
The problem here is that he doesn't seem to have the same version as on my tablet. I have the newest version with Lollipop while this seems to be at least a couple of patches earlier with a completely different version of Android. Won't I risk breaking things even more if I try to apply this - as in trying to recover a recovery that is not on my tablet since certainly the recovery.img doesn't contain all the information needed since it's only 10 MB.
Thanks for your help anyway, I will try to read up more on the topic and decide what to do next.
Click to expand...
Click to collapse
I understand how you feel - your tablet is operational now (OK, with the annoyance that you need to boot it in "tethered mode") - so you rightfully fear that you may mess things up with further steps.
Just to clarify something - the recovery img is something that works on its own ; it has no dependency on what kind of Android image is installed in the /system partition.
If you do decide to do it, "fastboot boot recovery.img" will bring you to a spartan menu, showing options that allow you to apply an update (i.e. the ASUS update you downloaded!), clean the /cache partition, etc.
Choose "install update from SD card" (use volume up/down to choose, power btn to select), and navigate to your SD card, where you will have placed the big .zip file from ASUS.
The recovery process will begin, and your tablet will be "wiped" with the image from ASUS. Reboot, and be patient while the tablet boots up - it will be just like the first time you started it (i.e. install from scratch).
Whatever you decide - good luck!
ttsiodras said:
I understand how you feel - your tablet is operational now (OK, with the annoyance that you need to boot it in "tethered mode") - so you rightfully fear that you may mess things up with further steps.
Just to clarify something - the recovery img is something that works on its own ; it has no dependency on what kind of Android image is installed in the /system partition.
If you do decide to do it, "fastboot boot recovery.img" will bring you to a spartan menu, showing options that allow you to apply an update (i.e. the ASUS update you downloaded!), clean the /cache partition, etc.
Choose "install update from SD card" (use volume up/down to choose, power btn to select), and navigate to your SD card, where you will have placed the big .zip file from ASUS.
The recovery process will begin, and your tablet will be "wiped" with the image from ASUS. Reboot, and be patient while the tablet boots up - it will be just like the first time you started it (i.e. install from scratch).
Whatever you decide - good luck!
Click to expand...
Click to collapse
Okay, a little update from the battlefront:
I tried the recovery image and did get into the menu, however the recovery failed with the same two error messages as in your earlier link ("footer is wrong" and "signature verification failed"). My output from fastboot getvar all is also very similar to the one from that guy except I have a different bootloader version than him (3.03).
Another thing I noticed is that if I boot the standard boot.img found in the ASUS zip it will recognize the internal sdcard normally, however when I boot your rooted image the internal memory doesn't seem to be recognized, at least not through the pre-installed file manager. Downloading a file to the internal storage also failed while rooted but all the apps and the OS itself so far seem totally unaffected otherwise.
My last resort at the moment is the fastboot flash boot boot.img but I have little hope it would change anything since in the thread you linked they proposed just that and if it had worked they probably would have mentioned it.
Can it theoretically break the tablet even more? I would hate to have to send it in because I completely bricked it...
drsiegberterne said:
Okay, a little update from the battlefront:
Another thing I noticed is that if I boot the standard boot.img found in the ASUS zip it will recognize the internal sdcard normally, however when I boot your rooted image the internal memory doesn't seem to be recognized.
Click to expand...
Click to collapse
Not the case for me - everything works fine (including internal and external sdcard), so it's definitely not my kernel causing this.
drsiegberterne said:
My last resort at the moment is the fastboot flash boot boot.img but I have little hope it would change anything since in the thread you linked they proposed just that and if it had worked they probably would have mentioned it.
Can it theoretically break the tablet even more? I would hate to have to send it in because I completely bricked it...
Click to expand...
Click to collapse
Flashing is always dangerous (from what you've said, I actually theorize that you did, actually, flash already...)
I doubt this will solve the boot issue, to be honest - if I were you, I'd continue to boot tethered (with my image when you need root access, and (maybe) the Asus image when you don't). Myself, I always boot my own bootimage, since I have zero problems with it, and it allows me to run a complete Debian distro in a chroot (thus making my tablet a full-blown UNIX server - e.g. I run privoxy on it to filter all stupid ads in all apps on the tablet, etc).
No matter what you decide, good luck!
Thanassis.
ttsiodras said:
Not the case for me - everything works fine (including internal and external sdcard), so it's definitely not my kernel causing this.
Flashing is always dangerous (from what you've said, I actually theorize that you did, actually, flash already...)
I doubt this will solve the boot issue, to be honest - if I were you, I'd continue to boot tethered (with my image when I need root access, and (maybe) the Asus image when I don't). Myself, I always boot my own bootimage, since I have zero problems with it, and it allows me to run a complete Debian distro in a chroot (thus making my tablet a full-blown UNIX server - e.g. I run privoxy on it to filter all stupid ads in all apps on the tablet, etc).
No matter what you decide, good luck!
Thanassis.
Click to expand...
Click to collapse
I already tried to flash the original boot.img yesterday but it didn't change anything as you correctly assumed so I guess for now there is nothing more to do. I might write to the Asus support and maybe send the tablet in if it is free of charge for me (which I doubt). The only other option is to spend the next months to get sufficiently versed in Android to actually fix the problems myself but even for that I would probably need some files or source code from Asus. I find it rather disappointing the way these "closed" systems work nowadays, with the advancement of Linux and Open Source I really would have expected the opposite to be true but apparently people care more about convenience than actually being able to use the tools they buy in the way they want to.
Getting these Android devices like buying a hammer that can't hammer things in on Sundays.
drsiegberterne said:
I find it rather disappointing the way these "closed" systems work nowadays, with the advancement of Linux and Open Source I really would have expected the opposite to be true but apparently people care more about convenience than actually being able to use the tools they buy in the way they want to
Click to expand...
Click to collapse
I share the sentiment - it's really sad.
Undoing the tethered root
drsiegberterne said:
I already tried to flash the original boot.img yesterday but it didn't change anything as you correctly assumed so I guess for now there is nothing more to do. I might write to the Asus support and maybe send the tablet in if it is free of charge for me (which I doubt). The only other option is to spend the next months to get sufficiently versed in Android to actually fix the problems myself but even for that I would probably need some files or source code from Asus. I find it rather disappointing the way these "closed" systems work nowadays, with the advancement of Linux and Open Source I really would have expected the opposite to be true but apparently people care more about convenience than actually being able to use the tools they buy in the way they want to.
Getting these Android devices like buying a hammer that can't hammer things in on Sundays.
Click to expand...
Click to collapse
Hi drsiegberterne - I had a look into the contents of the boot loader running inside the ME103K, and I am pretty sure that if you execute this at fastboot...
# fastboot oem reset-dev_info
# fastboot reboot
... you will get back to normal, un-tethered bootings of your ME103K.
Hope this solves your problem!
Kind regards,
Thanassis.
Hello dev's! Unfortunately, in January, my brother passed away, and I have been tasked with trying to get into his phone and recover any important images really to pass along to his wife and daughter. Needless to say, I don't know his PIN code - and I am down to 2 guesses before the phone is wiped. So here I am.
Pardon my lack of technical language here but my brother did install Team Win Recovery Project 3.1.1-0 so I have been able to get to "recovery mode". Unfortunately, his partition is encrypted and I have been unable to guess that password either.
Because his drive is encrypted, I can't get into /data to remove any .key files. I have successfully been able to figure out how to sideload zip files via ADB that are supposed to bypass the PIN screen but I have had no luck. The google "find my phone" method is not working probably because the phone isn't connecting to a network.
I have read through an alpha security post about a malicious charger hack but I don't see where to download that tool.
So - does anyone know of any possible application or ZIP file I can sideload that will either help remove the decryption password or completely and successfully bypass the PIN?
Can I update TWRP to a newer version in hopes that the encryption is removed?
Any help is appreciated!
FWIW, my brother was on these forms as Colomonster - and I know that he loved tinkering with his phone daily.
There's no efficient way of breaking the data partition if it's encrypted, sorry.
Any old version of twrp might do the trick and then in /data/system folder delete these files ( if they are there )
password.key
pattern.key
locksettings.db
locksettings.db-shm
locksettings.db-wal
@catsruul I figured this would be the case but it does look like I get inifinite guesses, so there’s always that
@cpt.macp thanks for this tip! Can I downgrade via sideloading? I’ll have to look up a tutorial.. thanks!
You said any important photos correct?
https://support.google.com/accounts/troubleshooter/6357590?hl=en
I assume that your brother used Google Photos and any photos he took were most likely backed up to that. You can talk to Google about retrieving said data, you will need to prove things of course though. You will need to get a court order issued, that is if it is even approved, and everything else required should be on that page. Best of luck! Sorry to say but if the /data is encrypted you are pretty much screwed, although TWRP should decrypt in when it enters recovery so idk. That webpage is your best shot imo.
thanks @ZVNexus for the tip. I do have access to his Google account but because my brother was a super sleuth, he didn't have his images automatically upload to his photo drive. the photos that are there are few and from 2015
With access to his account, I do see his "activity", which I am not even sure he knew was being tracked (oh Google!) and I see that he used things like
Code:
Used com.android.gallery3d
and
Code:
Used org.cyanogenmod.snap
both of which look like photo apps.
you mentioned that TWRP should decrypt when I enter recovery.. what do you mean by that? if it is encrypted then it should always ask for a password right?
I wonder if this app is available anywhere for download and use.
HTML:
https://alephsecurity.com/2017/03/26/oneplus3t-adb-charger/
Lonoshea said:
thanks @ZVNexus for the tip. I do have access to his Google account but because my brother was a super sleuth, he didn't have his images automatically upload to his photo drive. the photos that are there are few and from 2015
With access to his account, I do see his "activity", which I am not even sure he knew was being tracked (oh Google!) and I see that he used things like
Code:
Used com.android.gallery3d
and
Code:
Used org.cyanogenmod.snap
both of which look like photo apps.
you mentioned that TWRP should decrypt when I enter recovery.. what do you mean by that? if it is encrypted then it should always ask for a password right?
I wonder if this app is available anywhere for download and use.
HTML:
https://alephsecurity.com/2017/03/26/oneplus3t-adb-charger/
Click to expand...
Click to collapse
I meant that even if the chip was encrypted TWRP should have let you touch the data partition. My phone is also encrypted but TWRP allows me to touch those partitions. Strange. Hopefully others can help.
Lonoshea said:
Hello dev's! Unfortunately, in January, my brother passed away, and I have been tasked with trying to get into his phone and recover any important images really to pass along to his wife and daughter. Needless to say, I don't know his PIN code - and I am down to 2 guesses before the phone is wiped. So here I am.
Pardon my lack of technical language here but my brother did install Team Win Recovery Project 3.1.1-0 so I have been able to get to "recovery mode". Unfortunately, his partition is encrypted and I have been unable to guess that password either.
Because his drive is encrypted, I can't get into /data to remove any .key files. I have successfully been able to figure out how to sideload zip files via ADB that are supposed to bypass the PIN screen but I have had no luck. The google "find my phone" method is not working probably because the phone isn't connecting to a network.
I have read through an alpha security post about a malicious charger hack but I don't see where to download that tool.
So - does anyone know of any possible application or ZIP file I can sideload that will either help remove the decryption password or completely and successfully bypass the PIN?
Can I update TWRP to a newer version in hopes that the encryption is removed?
Any help is appreciated!
Click to expand...
Click to collapse
I'm confused: if the partition is encrypted, you will generally be asked for a password during the boot process. If you're unable to enter the correct password (which AFAIK has unlimited tries), the phone simply won't boot. So you will never arrive at the lockscreen where you're supposed to enter the PIN (which offers a number of tries before wiping). With an encrypted partition, entering the recovery will prompt you for the same password you're supposed to enter during the boot process. Again, unlimited tries. As long as you're unable to do that the partitions will be 'invisible'. You can still wipe/partition them and that will remove the encryption as well as all of your data. But it seems the device you're working on works differently?
Either way: in order to gain access, you will need to either know the PIN directly (if the phone boots without a boot password) or gain access to the encrypted partition through TWRP, allowing you to remove the files responsible for the PIN lock. I'm sorry for your loss, but if it would work in any other way it simply wouldn't be secure for any Android user out there who is using encryption. Even google shouldn't be able to decrypt the phone, though it's theoretically possible they do have some kind of backdoor.
At this point, your best bet is probably trying to brute force the partition password. That would probably take a very long time, but I'm sure there's tools and organizations specializing in that sort of work.
Right, here's the situation...
I have two ZenWatch 1's, one is running AsteroidOS (after a failed OTA made the watch unusable), the second (which was very kindly donated to me) is running WearOS 6.0.1. Now, what I am trying to do is to get a temporary root on the WearOS watch so I can create image files to copy to the Asteroid watch. I have the DirtyCow executable copied to the watch, but I don't have a modified run-as, and as my knowledge of Linux is zero, I have no idea how to obtain or make this file. Currently if I run the exploit it just gives me a "Permission denied" message.
I will admit that I am running blind here with no real clue what to do. I have tried every other avenue for rooting the watch but none of the other methods (KingRoot, KingoRoot etc) have worked. I have read that this watch may be vulnerable to the DirtyCow exploit but it's getting beyond my ability to work out. Again, I don't need a permanent root, just a temporary one to allow me to create image files of system, boot and recovery.
Does anyone have a working knowledge of this exploit that might be able to help me out?
Shiny Quagsire has successfully unlocked the Pixel Watch's bootloader via the pogo pins (which ended up being USB like people suspected)
https://twitter.com/i/web/status/1583186847596892160
Thank you very much for info.
This sounds really interesting.
I hope Rooting is also possible with Magisk Version 25.2...
Best Regards
adfree said:
Thank you very much for info.
This sounds really interesting.
I hope Rooting is also possible with Magisk Version 25.2...
Best Regards
Click to expand...
Click to collapse
Magisk kinda works on Wear OS, but the UI is basically unusable. I am currently working on adding proper UI support, among other things.
Sorry. I come from Samsung Galaxy Watch...
Rooting only via USB cable like this:
SM-R765F Teardown
Dear friends, I found that the LTE connection is very useful when you have to leave your mobile somewhere and you can get calls and notifications through mobile connection. I bought a Gear S3 LTE (R765) from a Singapore site because in Italy it...
forum.xda-developers.com
boot.img and vbmeta.img patched with Magisk Version 25.2
Then I have nearly full access like this:
Firmware and Combination Firmware and FOTA Delta and CSC change and...
Looks like it could be harder since Tizen... A Stock Firmware for netOdin/Odin not available yet... B Combination Firmware not available yet C FOTA Delta File for study I have...
forum.xda-developers.com
No idea why write access... as Super.img is readonly... I thought...
Sorry for Hijack your Thread.
Good Luck.
Best Regards
Please, Maybe somebody could help me.
On Samsung GW4 I have only 1 Shell Linux Terminal... where I can type on Watch...
All others not show Keyboard:
Firmware and Combination Firmware and FOTA Delta and CSC change and...
Looks like it could be harder since Tizen... A Stock Firmware for netOdin/Odin not available yet... B Combination Firmware not available yet C FOTA Delta File for study I have...
forum.xda-developers.com
Exact this APK runs on all Firmware Versions I have tested:
Firmware and Combination Firmware and FOTA Delta and CSC change and...
Looks like it could be harder since Tizen... A Stock Firmware for netOdin/Odin not available yet... B Combination Firmware not available yet C FOTA Delta File for study I have...
forum.xda-developers.com
But it not handle Root...
I am too lazy to decompile and try to add something in Manifest...
Tiny and slow brain... I have.
Maybe on Pixel Watch more Apps work proper?
Thanx in advance.
Best Regards
Last 1 for today...
I have searched for APKs for "Secret Codes"...
Secret Codes - Apps on Google Play
Secret Codes allows you to scan your device and find hidden functionalities.
play.google.com
For my Samsung GW4 not work... as Codes looks like:
Code:
*#1234#
But maybe usefull for Pixel watch... in comment somebody posted:
Not 1 code is working. My "device is incompatible" try to put it in a dialer. There are other app that can forward code to a dialer app called "Engineer Mode MTK" without problems. Redmi Note 10S.
Click to expand...
Click to collapse
Sorry, I have only Samsung crap... so no idea how usefull in Android 11...
Best Regards
Maybe ask those questions in... the Samsung Galaxy Watch4 forums, maybe?
@GuyInDogSuit
The idea is to work together....
Maybe you not need Root in your Pixel Watch nor you sideload APKs to your Pixel Watch.
I'm currently working on attempting some modifications (possibly root), however the biggest blocker currently is the lack of a firmware image or OTA ZIP. So if anyone hasn't updated their watch yet and can capture an OTA ZIP URL, that would be super helpful.
In the meantime I got the kernel to build fine with my manifest at https://github.com/shinyquagsire23/kernel_manifest-r11btwifi, but now I need to build a bare-minimum rootfs/recovery so I can dump the partitions and make a factory image.
adfree said:
@GuyInDogSuit
The idea is to work together....
Maybe you not need Root in your Pixel Watch nor you sideload APKs to your Pixel Watch.
Click to expand...
Click to collapse
Maybe. But there's a reason why I mentioned that, as this is a forum for a different watch. Hence why I pointed you in that direction.
Dionicio3 said:
Shiny Quagsire has successfully unlocked the Pixel Watch's bootloader via the pogo pins (which ended up being USB like people suspected)
https://twitter.com/i/web/status/1583186847596892160
Click to expand...
Click to collapse
As cool as that is, here's hoping a more user-friendly solution is found, if the USB characger can't be used then hopefully wireless ADB asat the very least.
You won't be able to use either of those for fastboot. The cable doesn't support data transfer (it's a version of wireless charging) and wireless adb doesn't work for fastboot (needed to unlock the bootloader). The best chance we have is that someone creates a 3D printed cable.
Really hoping that this thing develops further, could really use it.
Unfortunately I already updated the watch.
shinyquagsire23 said:
I'm currently working on attempting some modifications (possibly root), however the biggest blocker currently is the lack of a firmware image or OTA ZIP. So if anyone hasn't updated their watch yet and can capture an OTA ZIP URL, that would be super helpful.
In the meantime I got the kernel to build fine with my manifest at https://github.com/shinyquagsire23/kernel_manifest-r11btwifi, but now I need to build a bare-minimum rootfs/recovery so I can dump the partitions and make a factory image.
Click to expand...
Click to collapse
Maybe you could post instructions on how to obtain the OTA url.
shinyquagsire23 said:
I'm currently working on attempting some modifications (possibly root), however the biggest blocker currently is the lack of a firmware image or OTA ZIP. So if anyone hasn't updated their watch yet and can capture an OTA ZIP URL, that would be super helpful.
In the meantime I got the kernel to build fine with my manifest at https://github.com/shinyquagsire23/kernel_manifest-r11btwifi, but now I need to build a bare-minimum rootfs/recovery so I can dump the partitions and make a factory image.
Click to expand...
Click to collapse
I was looking at your twitter and saw your awesome five minutes crafts. I just quickly measured the distance between the pins and it seems like it might be a standard distance of 1.27mm, which you can buy online. That might be easier.
Shebee said:
Really hoping that this thing develops further, could really use it.
Unfortunately I already updated the watch.
Maybe you could post instructions on how to obtain the OTA url.
Click to expand...
Click to collapse
The general gist is like, get the update notification, *don't download it* and do a bug report from the Watch app. Then download the update, do another bug report, and hope that the URL is somewhere in the logs.
shinyquagsire23 said:
The general gist is like, get the update notification, *don't download it* and do a bug report from the Watch app. Then download the update, do another bug report, and hope that the URL is somewhere in the logs.
Click to expand...
Click to collapse
The problem with the first update was that you were forced to install it before you could access the watch app. But should we be expecting a security update the first Monday of the month, like on the pixels? Or is it still too soon?
shinyquagsire23 said:
The general gist is like, get the update notification, *don't download it* and do a bug report from the Watch app. Then download the update, do another bug report, and hope that the URL is somewhere in the logs.
Click to expand...
Click to collapse
Surely there's a more reliable (if not tedious way), such as debugging/monitoring network traffic when initiating a update?
Managed to pull the boot partitions using gross fastboot schenanigans involving oem commands and ramdumps: https://drive.google.com/drive/folders/1m_gkqAopDyn4MhTtdYisGWWwpbMqoZxJ?usp=sharing
boot_b turned out to just be the same as the recovery partition. I also pulled super.img but I forget how to extract that, I'll upload system_a/b and other stuff later. No success in patching with Magisk yet though, I made an issue here.
and patched them with Magisk from my phone,
Click to expand...
Click to collapse
I see something with "Phone"...
I made this mistake with Samsung GW4.
You can not use other Hardware.
You need to run Magisk on Pixel Watch...
As Magisk need some info from device...
For my device I was successfull with Magisk Version 24.3 and now using 25.2...
Only as info.
Thanx for your Uploads.
Best Regards
Edit 1.
Not all files downloaded... started with vendor.img
Tested under Ubuntu with imjtool but no success...
Short looked with WinHex inside... no idea what it is...
But system.img is easy. Under Windows I can use 7Zip Tool to extract files.
Edit 2.
recovery.img I can extract with imjtool...
Code:
[email protected]:~/imj$ ./imjtool vendor.img extract
vendor.img is not a recognized image. Sorry
[email protected]:~/imj$ ./imjtool recovery.img extract
Boot image version 2 for OS version 0x16000167 (11.128 Patch Level 2022-7) detected (1660 byte header)
Part Size Pages Addr
Kernel (@0x0000800): 17465360 8529 0x80008000
Ramdisk (@0x10a9000): 7556181 3690 0x81000000
Device Tree(@0x17de000): 143653 71 0x81f00000
Recovery DTBO/ACPIO: 28472
MAGIC: 0x1eabb7d7
Extracting dtbo
AVB0 (@0x1809000): 2240
AVBf (@0x1ffffc0):
Tags: 0x80000100
Flash Page Size: 2048 bytes
ID: 81d8d1a935948a17696e088f49b7239d8c5dcc1c000
Name:
CmdLine: buildvariant=user
Found GZ Magic at offset 11460360
extracted/kernelimage.gz:
gzip: extracted/kernelimage.gz: decompression OK, trailing garbage ignored
-100.5% -- replaced with extracted/kernelimage
Extracting kernel
Extracting ramdisk
Searching for DT at 0x17de000
MAGIC: 0x1eabb7d7
Extracting dtbo - exists so renaming to _dtbo
Edit 3.
No idea if vbmeta.img is mandatory... for Patching with Magisk.
I have ever patched both files inside 1 tar:
Code:
boot.img
vbmeta.img
Dave_247 said:
Surely there's a more reliable (if not tedious way), such as debugging/monitoring network traffic when initiating a update?
Click to expand...
Click to collapse
I tried to reverse engineer the update API on my pixel 7 yesterday (just the part where it checks for a new update) but everything is encrypted (of course) and Google Play services refuses to accept any custom TLS certificates I put on my phone. There's probably a better way to do this, but I'm no expert. All I know now is that it uses the android.googleapis.com site.