Related
Hi, I've googled and checked everywhere but I dont believe i found a post where people re-installed everything with nvflash.
My Samsung galaxy tab only connects APX mode. I think i damaged the bootloader partition(?) with odin when i did not uncheck the 're-partition' box. Since then, the tab is stuck in APX mode only. I've tried draining the power, I've even taken it apart to unplug the battery. I've left it without power, powerbutton taped down and usb stick stuck to the usb adapter to make sure that the power was all drained for at least one week but it still did not work after recharging.
Can anyone help me out by telling me how to use nvflash to reprogram the bootloader partition and re-create the bootloader so that I can use odin or even fastboot to install the new startup and rom. I guess i also need all the files necessary. I've downloaded many bootloader.bin, flash.cfg, flash.bct and they do not seem to work, giving me several errors. I've tried commands like :
nvflash.exe --bct flash.bct --setbct --bl bootloader.bin --configfile flash.cfg --create --go.
however, i do not believe i have the correct files and therefore it does not work, ending with errors.
Prior to using odin, the tablet worked just fine. no issues whatsoever except occasional hangup.
Please let me know if there is any place, person or forum which I can contact in order to download the correct files to use nvflash to reinstall just the bootloader partition or everything on the samsung galaxy tab 10.1 and if possible, the command string i should use in nvflash. I've been trying for about a month to get this to work and I believe i have a command string which will work but I do not have the correct files. I'm about to sell this unit on ebay just so I stop trying and wasting my time on it. Oh, or if you know someone who I can pay to reinstall everything through nvflash, that would work too. Thank you for your time.
Please use the Q&A Forum for questions Thanks
Moving to Q&A
can anyone help?
I'm new to the scene, Have you tried checking via cmd if your Tablet is Locked/Unlocked? Only then can you determine if you can proceed to install CWM to save it.
When you said errors, I assume this is 0x4?
Hi, thank you for responding. I have the i/o edition and i believe those are all unlocked. I did manage to get it to work on another i/o tab but it was before i screwed up with odin. What i usually get is similar to this:
"
C:\nvflash>nvflash --bl bootloader.bin --go
Nvflash started
rcm version 0X20001
System Information:
chip name: t20
chip id: 0x20 major: 1 minor: 3
chip sku: 0x8
chip uid: 0x033c11c244202417
macrovision: disabled
hdcp: enabled
sbk burned: false
dk burned: false
boot device: emmc
operating mode: 3
device config strap: 0
device config fuse: 0
sdram config strap: 0
downloading bootloader -- load address: 0x108000 entry point: 0x108000
download command failed NvError 0x120002
command failure: bootloader download failed (bad data)
bootloader status: Bct file not found (code: 21) message: flags: 1073844220"
If I do
"nvflash.exe --bct flash.bct --setbct --bl bootloader.bin --configfile flash.cfg --create --go"
I get :
"
C:\nvflash old>nvflash.exe --bct flash.bct --setbct --bl bootloader.bin --config
file flash.cfg --create --go
Nvflash started
rcm version 0X20001
System Information:
chip name: t20
chip id: 0x20 major: 1 minor: 3
chip sku: 0x8
chip uid: 0x033c11c244202417
macrovision: disabled
hdcp: enabled
sbk burned: false
dk burned: false
boot device: emmc
operating mode: 3
device config strap: 0
device config fuse: 0
sdram config strap: 0
failed executing command 4 NvError 0x120002
setbct failed NvError 0x0
command failure: bootloader download failed (bad data)
"
The device would then shut off (i hear the sound of it disconnecting from the computer).The problem i'm having is that I'm not sure if the flash.bct, bootloader.bin, and the flash.cfg are correct and I'm not sure if i'm entering the string correctly.
Please let me know what you think or if you can direct me to someone or some website which can help. thank you so much for responding.
Well I'm stuck on the same boat as you, except mine is on the 0x4 and hasn't gotten past the unlocked screen, according to a guide of this device, you need to push CWM to save it, that way you can clear/wipe/flash a stock ROM to save it.
Have you tried pushing the CWM?
Also when it says bad data, Seem's your download is incomplete :|
Hi, i'm sorry I haven't responded. I've been trying to power it down again.
I tried to push CWM but this is what I get
C:\nvflash>nvflash --resume --download 8 recovery-cwm_4.0.0.4-sam-tab-10.1.img
Nvflash started
[resume mode]
file not found: recovery-cwm_4.0.0.4-sam-tab-10.1.img
failed executing command 2147483647 NvError 0x4
command failure: partition download failed
I tried downloading the file many times so I think it the file should be ok. I guess my tab is screwed up. I wish I knew how to reflash everything with nvflash. If you find out how to reflash everything especially the bootloader, please let me know
Misledz said:
Well I'm stuck on the same boat as you, except mine is on the 0x4 and hasn't gotten past the unlocked screen, according to a guide of this device, you need to push CWM to save it, that way you can clear/wipe/flash a stock ROM to save it.
Have you tried pushing the CWM?
Also when it says bad data, Seem's your download is incomplete :|
Click to expand...
Click to collapse
Hi Inky,
I apologise for the super late reply but try my fix that I posted earlier today.
http://forum.xda-developers.com/showthread.php?t=1478361
After what felt like a whole week with 2 dead tablet's they are both finally alive!
Thanks. I'll give it a try and let you know if anything works.
Misledz said:
Hi Inky,
I apologise for the super late reply but try my fix that I posted earlier today.
http://forum.xda-developers.com/showthread.php?t=1478361
After what felt like a whole week with 2 dead tablet's they are both finally alive!
Click to expand...
Click to collapse
I'm still waiting for my galaxy tab to totally discharge. I've waited a week with the power button plugged in but the moment I plug the tab to the computer, the apx device is detected and so I guess it wasnt as discharged as I thought. I'll keep you posted
Inkydink said:
I'm still waiting for my galaxy tab to totally discharge. I've waited a week with the power button plugged in but the moment I plug the tab to the computer, the apx device is detected and so I guess it wasnt as discharged as I thought. I'll keep you posted
Click to expand...
Click to collapse
Yeah scumbag tablet dies in a day but takes a week to drain, taping the power button to be held down should help out, unplugged. makes it less harmful to that electricity bill you'd save up on
Ps- when you drain it try not to charge it more than 2% makes it easier to resume where you may need to redo the draining process incase you mess up
Sent from my GT-P7500 using Tapatalk
Please help!
http://forum.xda-developers.com/showthread.php?t=1831624
this is my original thread please check it out and post there if you can help me with anything in anyway, i've exhausted every possible option i can find on the web..
Thank you
Spamming the forums isn't a good idea.
Any luck finding a fix? My device is now officially stuck in nvflash and I can not get bootloader.bin to download.
Code:
C:\nvflash>nvflash --bct part2.bct --bl bootloader.bin --go
Nvflash started
rcm version 0X20001
System Information:
chip name: t20
chip id: 0x20 major: 1 minor: 3
chip sku: 0x8
chip uid: 0x0288414343ff52d7
macrovision: disabled
hdcp: enabled
sbk burned: false
dk burned: false
boot device: emmc
operating mode: 3
device config strap: 0
device config fuse: 0
sdram config strap: 0
downloading bootloader -- load address: 0x108000 entry point: 0x108000
download command failed NvError 0x120002
command failure: bootloader download failed (bad data)
bootloader status: Bct file not found (code: 21) message: flags: 1073840124
C:\nvflash>
you check with these files. download through google.
Recovery_P75xx_110710_RemoveUsbDriver.zip (2.87 MB)
Boot-recovery_driver.zip (21.68 MB)
0418_nvflash_user_build.zip (25.59 MB
You'll let me know if you can fix it, bye
So, I didn't flash this originally, and it still boots into CM7 just fine. ROM Manager is installed, it says CWM is successfully flashed and all, but any attempt to boot into recovery will just sit at "Recovery key detected. Booting recovery kernel image."
Obviously the current ROM itself is actually working fine, so what would you suggest be my next step?
Trying to put Flashback 10.3 on it.
Current Recovery: 2.5.1.8
Current ROM: CyanogenMod-7.0.3-Harmony
1. Never use ROM Manager on the gTab.
2. You're on a 1.1 bootloader. Flashback is for 1.2 only. If you want HoneyComb for 1.1, try GtabCombOver or GtabComb.
3. To get CWM back, you'll have to use nvflash. Use bekit's original CWM 2.5.1.1-bekit-0.8 or CWM-4.0.1.5 images (ie. not the flashable zip files). See the OP in this thread for the nvflash cmd line to use.
Thanks for the advice. I'm just now coming to terms with this company not having a Micro-USB cable... >.<
Okay, so my screen is blank when in APX mode, it seems. I'm running NVFlash though, and I just have:
Nvflash started
_
It's been that way over an hour now. Tablet doesn't seem to be doing anything, neither does Command Prompt... just a blinking underscore.
Canceled it... retried it... worked quickly (bootloader and recovery "sent succesfully", not sure why it hung up last time. Doesn't look like it's booting into recovery though, it's just hanging on the Viewsonic screen with the "Booting recovery kernel image" like before.
Are you sure I have the 1.1 bootloader? Without stock, how can I tell?
ocdtrekkie said:
Doesn't look like it's booting into recovery though, it's just hanging on the Viewsonic screen with the "Booting recovery kernel image" like before.
Click to expand...
Click to collapse
What's the nvflash command you typed in and which recovery image did you flash?
Are you sure I have the 1.1 bootloader? Without stock, how can I tell?
Click to expand...
Click to collapse
Like this.
nvflash --bl bootloader.bin --download 9 recovery-clockwork-4.0.1.5-smb_a1002_bl1.1.img
^- that one.
Not sure if I have a way to get a terminal emulator on this thing. And I don't have ADB here. Lemme see what I can manage.
That command line is correct. Put the tablet back into APX mode and run this command:
Code:
C:\> [B].\nvflash --bl bootloader.bin --format_partition 7 --format_partition 12 --go[/B]
The ``--go'' flag will cause bootloader to try to boot into the ROM; otherwise it will just wait for further commands and you'll have to power off the tablet.
If you lose the initial splash screen (the VS birds), then run the same command with a `6' instead of `7'.
Partitions formatted successfully, Go didn't seem to tell it to do anything, still had to turn it off. Still have birds, still won't boot into recovery.
Command prompt paste:
c:\Users\jweisz\Desktop\nvflash>nvflash --bl bootloader.bin --download 9 recover
y-clockwork-4.0.1.5-smb_a1002_bl1.1.img
Nvflash started
rcm version 0X20001
System Information:
chip name: t20
chip id: 0x20 major: 1 minor: 3
chip sku: 0x8
chip uid: 0x17144040411fa297
macrovision: disabled
hdcp: enabled
sbk burned: false
dk burned: false
boot device: nand
operating mode: 3
device config strap: 0
device config fuse: 0
sdram config strap: 0
downloading bootloader -- load address: 0x108000 entry point: 0x108000
sending file: bootloader.bin
| 928945/928945 bytes sent
bootloader.bin sent successfully
waiting for bootloader to initialize
bootloader downloaded successfully
sending file: recovery-clockwork-4.0.1.5-smb_a1002_bl1.1.img
\ 3524608/3524608 bytes sent
recovery-clockwork-4.0.1.5-smb_a1002_bl1.1.img sent successfully
c:\Users\jweisz\Desktop\nvflash>.\nvflash --bl bootloader.bin --format_partition
7 --format_partition 12 --go
Nvflash started
rcm version 0X20001
System Information:
chip name: t20
chip id: 0x20 major: 1 minor: 3
chip sku: 0x8
chip uid: 0x17144040411fa297
macrovision: disabled
hdcp: enabled
sbk burned: false
dk burned: false
boot device: nand
operating mode: 3
device config strap: 0
device config fuse: 0
sdram config strap: 0
downloading bootloader -- load address: 0x108000 entry point: 0x108000
sending file: bootloader.bin
| 928945/928945 bytes sent
bootloader.bin sent successfully
waiting for bootloader to initialize
bootloader downloaded successfully
Formatting partition 7 please wait.. done!
Formatting partition 12 please wait.. done!
Questions:
1. Did the initial splash screen vanish?
2. Can you boot into the ROM?
3. What's the output of the ``dmesg | fgrep ...'' command? CM-7.0.3 should have everything you need to type that command in a Terminal Emulator window and find out the bootloader version.
CM7 has a terminal? Probably shoulda checked for that! LOL!
Yeah, it's gotta be that I have 1.2
<7>[ 5.794813] Shmoo: s_CpuShmoo.ShmooVmaxIndex = 8
Alright, now I have recovery. See, you got me lost here:
rajeevvp said:
2. You're on a 1.1 bootloader. Flashback is for 1.2 only. If you want HoneyComb for 1.1, try GtabCombOver or GtabComb.
Click to expand...
Click to collapse
So... Flashback it is then, I guess.
Did you flash a customized CM-7.0.3 for the 1.2 bootloader because the standard one from cyanogenmod.com is 1.1 only?
Anyway, nvflash the 1.2 version of CWM-4.0.1.5.
I didn't flash the CM7 that was on here. Couldn't tell you.
Flashback works well on here. Thanks for all your help. Most of the time if I get a question reply from someone, they give one answer, then never come back to follow up. You're awesome.
ocdtrekkie said:
I didn't flash the CM7 that was on here. Couldn't tell you.
Click to expand...
Click to collapse
Then yours is a one-off. There are 1.2 versions of both CM-7.1.x and CM-7.2.x on the board here, but, I never encountered CM-7.0.3 on a 1.2 bootloader till today. Looks like somebody upgraded to the 1.2 bootloader and then flashed a 1.2 pershoot kernel before handing the tab over to you.
Flashback works well on here. Thanks for all your help.
Click to expand...
Click to collapse
Good luck with your new ROM.
I received yesterday one CUBE i6 Air and I'm trying to flashearle ROM "Remix OS".
Following existing Tutos, I dropped the ManufacturingFlashTool_Setup_6.0.43 tool I have set as it says in the / the tutos "SOC devices" SET: VID: 8087 PID: 0A65
"Android Devices VID: 8087 PID:. 09EF you open the .xml file flash and 5% remains unused, it seems that not run the flash and the continuous tablet notice" Waiting fastboot command "and the .log da this.
04/12/16 20: 34: 23,835 INFO: Manufacturing Flash Tool V 6.0.43 (build on Sun May 18 12:29:29 PDT 2014) 04/12/16 20: 34: 23,845 INFO: Loading settings from C: / ProgramData / INTEL / Manufacturing Flash Tool.ini
12/04/16 20: 34: 23,850 INFO: Using Qt version: 4.8.1
12/04/16 20: 34: 23,850 INFO: Using XFSTK version: 1.5.5.
04/12/16 20: 34: 23,860 WARNING: Please select a flash file ...
12/04/16 20: 34: 40,379 INFO: Loading Flash file (M: / TABLET CUBE i6 Air / firmware / cube_i6-Remix OS / images_cube_i6-B2015072804-signed / flash .xml)
04/12/16 20: 34: 40,379 INFO: GP_Flag is Set to 0x80000045
12/04/16 20: 34: 40,379 INFO: Ready to flash!
04/12/16 20: 34: 49,729 INFO: do_new_medfield_device STARTING TO FLASH
12/04/16 20: 34: 49,730 INFO: Port 0/0/4 # 0: DNX / droidboot phase - SN: BaytrailBDF22010
04/12/16 20: 36: 51,608 ERROR: Port 0/0/4 # 0: Booting failed to droidboot.img - SN: BaytrailBDF22010.
I've tried to do different flash ROM cube_i6-Remix OS to the stock rom i6 and nothing, always ends in error and is not as we do.
Someone can advise me, I repeat my tablet is the i6 Air Cube 32Gb.
aids and / or suggestions would be appreciated.
It may be relevant that I am working with a PC AMD 64bit ?.
I no longer remains another possibility is outrageous that any program of Chinese or Korean tool flash work even though it is running a neophyte and Intel trouble for flashing a device that is based on a SOC intel, we , I do not understand why I think it must be my fault, that some of what I do is not right.
Can anyone enlighten me?
For i6Air it seems that several models exist, with several bios.
If the tablet is not exactly that provided for the ROM, this type of error occurs.
I tried to flash mine to change the windows and I had that kind of error.
The ROM with OS Remix is planned for the I6 Air Remix. The reference it is the same?
I think I have figured out how to root every G6 that is still ARB 0, and doesn't currently have root.
However, I can't test it (sorry not buying yet another G6), so I need someone willing to try.
If I am wrong, you WILL end up with a brick that can't be fixed except by LG.
If you are interested, reply to this thread. Please do not PM me, it will be ignored (sorry too many PMs).
Also, please don't quote this entire post .. just @ mention me.
-- Brian
@runningnak3d I will try it. I have a G6 H873 to test the method on. If it bricks, it bricks for science.
@runningnak3d does this also include bootloader unlock as alluded you may be able to accomplish in your LAF thread? If yes, then i have a H870DS im willing to risk.
@runningnak3d I have an LG G6 sitting on a desk doing nothing because of lack of root option, I wouldn't care to brick it if it is trying to root it, I vae another device as a daily driver
I am crafting up the procedure, and will try to get something out today.
I am going to have to pull the KDZs for the various models, but until I can do that, what ARB are you guys on. List model / Android version / ARB version
As for the DS -- that will have to be last (if this works at all) because a custom kernel will have to be compiled, and I am not going to do that until we know that it works on the single SIM models.
-- Brian
runningnak3d said:
I am crafting up the procedure, and will try to get something out today.
I am going to have to pull the KDZs for the various models, but until I can do that, what ARB are you guys on. List model / Android version / ARB version
As for the DS -- that will have to be last (if this works at all) because a custom kernel will have to be compiled, and I am not going to do that until we know that it works on the single SIM models.
-- Brian
Click to expand...
Click to collapse
US997z US Cellular unlocked ARB not sure but if that means anti-rollback version 0000 android Oreo 8.0.0
[ro.lge.swversion_arb]: [ ] I guess that means 00
runningnak3d said:
I am crafting up the procedure, and will try to get something out today.
I am going to have to pull the KDZs for the various models, but until I can do that, what ARB are you guys on. List model / Android version / ARB version
As for the DS -- that will have to be last (if this works at all) because a custom kernel will have to be compiled, and I am not going to do that until we know that it works on the single SIM models.
-- Brian
Click to expand...
Click to collapse
LG-H870DS/8.0.0/?
SW ver V20d-TWN-XX
Kernel 3.18.71
Hi Brian, how do we find ARB version?
bick said:
LG-H870DS/8.0.0/?
SW ver V20d-TWN-XX
Kernel 3.18.71
Hi Brian, how do we find ARB version?
Click to expand...
Click to collapse
use adb shell... once in adb shell type: getprop ro.lge.swversion_arb
if the output in command prompt window is empty I guess is = 00 if it is 01 then you should get 01 as the output of the command
JEANRIVERA said:
use adb shell... once in adb shell type: getprop ro.lge.swversion_arb
if the output in command prompt window is empty I guess is = 00 if it is 01 then you should get 01 as the output of the command
Click to expand...
Click to collapse
Came back with nothing:
C:\adb>adb shell
lucye:/ $ getprop ro.lge.swversion_arb
lucye:/ $
bick said:
Came back with nothing:
C:\adb>adb shell
lucye:/ $ getprop ro.lge.swversion_arb
lucye:/ $
Click to expand...
Click to collapse
I guess that means it is 00 then
Model: H873
Android Version: 8.0.0
ARB: 00
---------- Post added at 08:49 AM ---------- Previous post was at 08:45 AM ----------
JEANRIVERA said:
US997z US Cellular unlocked ARB not sure but if that means anti-rollback version 0000 android Oreo 8.0.0
[ro.lge.swversion_arb]: [ ] I guess that means 00
Click to expand...
Click to collapse
When I retrieve that value, it returns "ARB00", so I'm not sure if having no value at all means the same thing or not.
Code:
lucye:/ $ getprop ro.lge.swversion_arb
ARB00
A much more reliable way:
Code:
adb shell cat /sys/bus/platform/devices/lge-qfprom/antirollback
Example from an H872:
Code:
$ adb shell cat /sys/bus/platform/devices/lge-qfprom/antirollback
1
With that said, if you are ARB 0, then first we need to get a laf version that we can work with.
Follow the instructions in this post: https://forum.xda-developers.com/tmobile-g6/how-to/root-h872-to-including-11g-t3775518
Except:
Instead of the H91810p KDZ, download the H91510e: link
Instead of any of the H872 KDZs, download the KDZ for the version that is currently on your phone.
Only do PART 1 of the procedure to get the H915 laf onto your phone. Do NOT proceed onto flashing TWRP. If you do, you will brick your phone.
Also, go ahead and get an SD card formatted FAT16 or FAT32. It can't be exFat, NTFS, or ext2, 3, or 4 -- laf can only read FAT partitions on the SD card. It only needs to be big enough to hold TWRP, and the eng. aboot (256meg would do).
Lastly, get FWUL downloaded and burned to a USB stick, and make sure you can boot with it and have network connectivity.
Really last this time -- anyone that wants try this is welcome, but I suggest that you let ONE person try it so that you don't all end up with bricks if I am wrong.
Once I get confirmation that someone has completed the above steps, I will post the remainder on how to unlock your bootloader, and actually flash TWRP.
-- Brian
Okay, going through the procedure for my device now. If anyone wants protection from bricking their phone, I've taken on the smallest straw. Will update very soon.
UPDATE
Sorry for the delay everyone. I said 'very soon' but my wife had an errand schedule for our day.
My initial download of the KDZ apparently corrupted so it took me a while to figure out that it was the problem. Fresh download was accepted by LG UP just fine.
LG UP indicated an "ARB PASS: SUCCESS" after the laf partition flashed and then once my H87320g KDZ was flashed without the laf, it has now rebooted into a stock LG install, no bootloop or brick.
Download TWRP: link
Download eng. aboot: link
Copy them both to your SD card, and then put it in your phone, and boot to download mode. Your screen probably won't init -- so all you will see is "download mode" in blue, and not the full download mode screen .. that is normal.
Boot up FWUL from the USB stick, and hook your phone up to your PC.
Login (password is linux)
On the desktop is an LG folder -- open it. Inside is runningnak3d icon -- double click it.
You will be at a shell prompt. Type:
Code:
git pull
git checkout h872-miscwrte
./partitons.py --list
Post the output here...
-- Brian
runningnak3d said:
Download TWRP: link
Click to expand...
Click to collapse
Which TWRP should I grab, the one for H872?
---------- Post added at 03:42 PM ---------- Previous post was at 03:25 PM ----------
I downloaded the H872 one. Here is the output of those commands:
Code:
[B][[email protected] lglafsploit]$[/B] git pull
remote: Enumerating objects: 73, done.
remote: Counting objects: 100% (73/73), done.
remote: Compressing objects: 100% (49/49), done.
remote: Total 66 (delta 42), reused 28 (delta 17)
Unpacking objects: 100% (66/66), done.
From https://gitlab.com/runningnak3d/lglaf
11caab1..05a924a h872-miscwrte -> origin/h872-miscwrte
3ef85ef..8c04118 h918-miscwrte -> origin/h918-miscwrte
* [new branch] h932-dd-write -> origin/h932-dd-write
4f5522c..be4d9e0 v10-miscwrte -> origin/v10-miscwrte
Already up to date.
[B][[email protected] lglafsploit]$[/B] git checkout h872-miscwrte
Branch 'h872-miscwrte' set up to track remote branch 'h872-miscwrte' from 'origin'.
Switched to a new branch 'h872-miscwrte'
[B][[email protected] lglafsploit]$[/B] ./partitions.py --list
MBR Header
LBA size (sector size): {0} 512
Number of MBR partitions: 1
# Active From(#s) Size(#s) Code Type
1 _ 1 4294967295 EE EFI GPT protective MBR
GPT Header
Disk GUID: 98101B32-BBE2-4BF2-A06E-2BB33D000C20
LBA size (sector size): 4096
GPT First LBA: 1
GPT Last LBA: 59391
Number of GPT partitions: 29
# Flags From(#s) To(#s) GUID/UID Type/Name
1 1152921504606846976 6 10245 20117F86-E985-4357-B9EE-374BC1D8487D Unknown
471A9803-7DF2-5BFE-55D0-6B0A138D0E0E boot
2 1152921504606846976 10246 20613 9D72D4E4-9958-42DA-AC26-BEA7A90B0434 Unknown
CEE95E9A-4402-59CD-3748-2AE13F052C01 recovery
3 1152921504606846976 20614 30981 DF24E5ED-8C96-4B86-B00B-79667DC6DE11 Unknown
27DDFCD8-D866-57EA-0DEA-04D6FCC0C386 recoverybak
4 1152921504606846976 30982 31493 A053AA7F-40B8-4B1C-BA08-2F68AC71A4F4 Unknown
4C1ADAD3-D945-8B94-5FD8-461F57BF5546 tz
5 1152921504606846976 31494 32005 E6C8667F-8044-44A7-B1D9-BEFE88AAD86C Unknown
A48C85CC-487D-AE1E-4A66-4223711B9FD1 tzbak
6 1152921504606846976 32006 32517 400FFDCD-22E0-47E7-9A23-F16ED9382388 Unknown
97D88AF5-8BAF-4993-2172-94D497B88DC3 aboot
7 1152921504606846976 32518 33029 C993E3DF-FE66-49C9-8D8D-7C681C4DCAE9 Unknown
695164DD-4E12-F27E-1989-28CBB576459E abootbak
8 0 33030 34053 4627AE27-CFEF-48A1-88FE-99C3509ADE26 Unknown
D267834D-FAB1-920A-E6FC-A56D7420459F raw_resources
9 0 34054 35077 C1DAB2CF-697D-4665-B43D-00BA47487528 Unknown
B9795B4C-400D-1E60-205B-5650DEE574C5 raw_resourcesbak
10 1152921504606846976 35078 35205 098DF793-D712-413D-9D4E-89D711772228 Unknown
C56E8DC3-3671-12F1-8A01-BC9981649736 rpm
11 1152921504606846976 35206 35333 680CA584-238C-4E0F-8438-15F43257A055 Unknown
C3DB3F2B-A906-A9ED-5021-259DEC048569 rpmbak
12 1152921504606846976 35334 35461 E1A6A689-0C8D-4CC6-B4E8-55A4320FBD8A Unknown
88BE6260-D924-EAF8-BE5A-363EDE26C991 hyp
13 1152921504606846976 35462 35589 24C03326-2523-4E03-8C5E-B07ED7A44CD9 Unknown
0CE8ECBE-46EE-3889-9130-6533519A807F hypbak
14 1152921504606846976 35590 35717 C00EEF24-7709-43D6-9799-DD2B411E7A3C Unknown
343B1328-A7F3-5284-0463-11EC47201309 pmic
15 1152921504606846976 35718 35845 4E646DCC-29E2-459A-B7C5-618E6F3AD76A Unknown
34B1563F-E471-03A6-99F3-FEC1CC85CC80 pmicbak
16 0 35846 35877 F65D4B16-343D-4E25-AAFC-BE99B6556A6D Unknown
D6A64FD3-7F54-545C-48D8-9791D2D632ED devcfg
17 0 35878 35909 10A0C19C-516A-5444-5CE3-664C3226A794 Unknown
0572C0B3-91F0-E82E-08D0-4276C17B4C3F devcfgbak
18 1152921504606846976 35910 57925 A8944C60-3BD0-442F-94C1-D137A5F9C383 Unknown
F5165B81-2DA2-B61D-C11C-82E7B5C7409F modem
19 1152921504606846976 57926 58053 303E6AC3-AF15-4C54-9E9B-D9A8FBECF401 Unknown
7A18B22B-D98E-598B-48D9-672F34850E54 sec
20 1152921504606846976 58054 58181 4F772165-0F3C-4BA3-BBCB-A829E9C969F9 Unknown
494050D0-F6E5-1440-FA96-4E4ECB3DD491 keymaster
21 1152921504606846976 58182 58309 7C29D3AD-78B9-452E-9DEB-D098D542F092 Unknown
4A9A5D18-8149-97ED-C7A9-04B53EFE2E85 keymasterbak
22 1152921504606846976 58310 58437 73471795-AB54-43F9-A847-4F72EA5CBEF5 Unknown
FD7411E7-3C64-42A8-D306-6B31AD271019 cmnlib
23 1152921504606846976 58438 58565 7C29D3AD-78B9-452E-9DEB-D098D542F092 Unknown
8A2F1492-8C9E-3F67-EB15-84FADE9A8058 cmnlibbak
24 1152921504606846976 58566 58693 8EA64893-1267-4A1B-947C-7C362ACAAD2C Unknown
F00B6251-F0EA-9516-C3A3-C3D7AEDDF7A1 cmnlib64
25 1152921504606846976 58694 58821 379D107E-229E-499D-AD4F-61F5BCF87BD4 Unknown
3B2CA5FC-07C6-9A73-2EE4-E4E9E7D3001A cmnlib64bak
26 1152921504606846976 58822 58949 E6E98DA2-E22A-4D12-AB33-169E7DEAA507 Unknown
C4655C1F-AC8F-9BC0-469D-211E69A237E9 apdp
27 1152921504606846976 58950 59077 ED9E8101-05FA-46B7-82AA-8D58770D200B Unknown
705B6B2F-C1C5-C343-B70F-6DB5F9E10D68 msadp
28 1152921504606846976 59078 59205 11406F35-1173-4869-807B-27DF71802812 Unknown
BE798179-83E0-F385-4B9B-3FF815104459 dpo
29 0 59206 59206 3716CB88-FF5A-4DEE-A392-12A05637B49D Unknown
830F530A-C109-D818-959A-1C0BADE11951 grow5
While the H872 version should work, grab the one for the US997.
OK....
Here goes the magic (or the boom and cry -- depending on the outcome).
Actually -- let's make sure you have full root access first....
Type:
Code:
./lglaf.py
whoami
-- Brian
Alright, I grabbed the US997 version. Here is the output:
Code:
[B][[email protected] lglafsploit]$[/B] ./lglaf.py
LGLAF.py by Peter Wu (https://lekensteyn.nl/lglaf)
Type a shell command to execute or "exit" to leave.
# whoami
Hello, I am LAF. Nice to meet you.#
xrosser said:
Alright, I grabbed the US997 version. Here is the output:
Code:
[B][[email protected] lglafsploit]$[/B] ./lglaf.py
LGLAF.py by Peter Wu (https://lekensteyn.nl/lglaf)
Type a shell command to execute or "exit" to leave.
# whoami
Hello, I am LAF. Nice to meet you.#
Click to expand...
Click to collapse
Hmmm... that isn't good. That makes no sense actually.
Try:
Code:
!EXEC toybox whoami\0
Two spaces between EXEC and toybox
-- Brian
Same output. It is a strange return for that command... I even tried 'echo $USER' and same result.
Code:
[[email protected] lglafsploit]$ ./lglaf.py
LGLAF.py by Peter Wu (https://lekensteyn.nl/lglaf)
Type a shell command to execute or "exit" to leave.
# whoami
Hello, I am LAF. Nice to meet you.# !EXEC toybox whoami\0
Hello, I am LAF. Nice to meet you.# echo $USER
Hello, I am LAF. Nice to meet you.#
So I have a few of these Kramer Panels which aren't supported anymore (The official webpage doesn't have them anymore but the same product here) and I want to wipe out the Kronomeet Software they got going on and install some other flavor of Android (I'm thinking Lineage OS).
To start I got adb and fastboot up and running with Aptitude.
Code:
$ adb --version
Android Debug Bridge version 1.0.41
Version 28.0.2-debian
$ fastboot --version
fastboot version 28.0.2-debian
Connecting fine with adb, and using lsusb we see
Bus 001 Device 037: ID 2207:0011 Fuzhou Rockchip Electronics Company SmartTab
Googling around that name led me to the Rockchip Wiki, which had an article on Fastboot and a bunch of open source repos
https://opensource.rock-chips.com/wiki_Fastboot
Which states: "Rockchip uses 0x2207 as its USB vendor ID. This VID is not in Google's original fastboot code. So every fastboot command has to use "-i" parameter to specify vid to fastboot."
However, running -i on fastboot gives me an invalid option error:
Code:
$ sudo fastboot -i 0x2207 devices
fastboot: invalid option -- 'i'
I also tried downloading the most recent version of the android platform tools with fastboot version 33.0.3-8952118, which gave the same results.
Doing any other fastboot command without the -i just has < waiting for any device >
So essentially, I'm trying to figure out how to load a custom rom onto it, and what my next steps try are.
Other Misc Info I've tried:
In the Developer Settings on the tablet, there's no option to enable "OEM Unlocking"
Tablet doesn't have a power button, just a switch, so no pressing power and volume at the same time.
Rockchip seems to have a TWRP image available to build, which I would like to be able to fastboot flash (https://github.com/rockchip-software/TWRP/tree/android-9.0)
There's also a development tool (https://opensource.rock-chips.com/wiki_Rkdeveloptool) that also lets you load firmware.
Using adb reboot bootloader reboots the tablet to a black empty screen, which I can then communicate with the rkdeveloptool.
In this mode, lsusb returns a new name:
Code:
$ lsusb
Bus 001 Device 038: ID 2207:320a Fuzhou Rockchip Electronics Company RK3288 in Mask ROM mode
$ ./rkdeveloptool ld
DevNo=1 Vid=0x2207,Pid=0x320a,LocationID=106 Loader
$ ./rkdeveloptool ppt
**********Partition Info(parameter)**********
NO LBA Name
00 00002000 uboot
01 00004000 misc
02 00006000 resource
03 0000E000 kernel
04 00016000 boot
05 00026000 recovery
06 00036000 backup
07 00050000 cache
08 00090000 kpanic
09 00092000 system
10 00392000 metadata
11 0039A000 radical_update
12 003BA000 userdata
Found some more useful thread, and am trying to use rkflashkit. But still struggling to find out what .img to use.
Firmware Upgrade Guide For RK3188 RK3288 RK3368 Devices
UPD: Rreflashing guide for linux Host PC added. BEFORE START What you need: 1. Image file 2. Host PC (Windows) 3. USB OTG Cable Supported host OS: 1. Windows XP (32/64bit) 2. Windows 7 (32/64bit) 3. Windows 8 (32/64bit) All manipulations I...
forum.xda-developers.com
[Q] has anyone had success flashing a RK3126 based tablet?
Hello, I've got an irulu X30 (expro 30 plus) running stock firmware, nougat 7.1.2 I've been trying to use rkflashtool in linux and androidtool in windows. Both programs can report some device info and read partitions, the img files created...
forum.xda-developers.com