Related
I have somehow messed up my folio 100, and its BCT and bootloader information.
So im hoping someone else with little experience, knows how to use the nvflash utilities and dump the information for me and send me a link on where to get it.
the combo to get into bootloader mode is: POWER button pressed 4 times + VOL- key and it will go into bootloader mode.
I can extract these tomorrow evening.
Can you be clearer with the bootload sequence?
Tried to get the booload seq. Ended up with a partial reset of settings...
tshoulihane said:
I can extract these tomorrow evening.
Can you be clearer with the bootload sequence?
Tried to get the booload seq. Ended up with a partial reset of settings...
Click to expand...
Click to collapse
well, i dont think you should try it..!!
another user did, he ended up with a semi-bricked device too.. so thanks but now the fun stops.. it seems that Toshiba included a very,very bad key combo that terminates the device to a deadlocked machine..
so ill just figure out another way to get the partitions off it.. but my 4xpower + vol- is really scary, do NOT try it
at least until is cleared on how to get out of this bootloader state again.
I dumped the partitions which are visible from android already. Don't quite know what got resentment with your key sequence - DATA wiped? Some of the preloaded apps are broken now, but they were a bit broken before.
tshoulihane said:
I dumped the partitions which are visible from android already. Don't quite know what got resentment with your key sequence - DATA wiped? Some of the preloaded apps are broken now, but they were a bit broken before.
Click to expand...
Click to collapse
so you mean, you can extract all partitions from a shell?
ie. bootloader of partition2 and so forward?
i didnt notice that all 8 partitions were accessable there?
can you upload the dump of them somewhere?
A guy made the dumps of the ROM (not the recovery image though) on the forum of Frandroid DOT fr but I cannot post you the link directly here (anti spam as I do not have many messages on the forum).
I will PM you (if it allows me)
bootoo said:
A guy made the dumps of the ROM (not the recovery image though) on the forum of Frandroid DOT fr but I cannot post you the link directly here (anti spam as I do not have many messages on the forum).
I will PM you (if it allows me)
Click to expand...
Click to collapse
i have the dump of the /system i need all of the other partitions ie. 0 to 8
i cannot restore system, as i got no bootable tablet at all, i need raw partition dumps which i hope can be used using nvflash
Is it possible to extract opera mobile 10.1 apk?
toca79 said:
Is it possible to extract opera mobile 10.1 apk?
Click to expand...
Click to collapse
look for it here
Dexter_nlb said:
look for it here
Click to expand...
Click to collapse
Thx a lot found it.
I think the resolution is too high though.
Hi Dex, did you was able to restore your bricked folio?
roglio said:
Hi Dex, did you was able to restore your bricked folio?
Click to expand...
Click to collapse
decided to get another one..
ok!
I was hoping you did it because I'm a little tired of android (apple fan ).
My idea was to build and flash linux (ubuntu 10.10 works on toshiba AC100).
But if there isn't a way to restore the factory default (bootloader, etc.), I'll give up.
roglio said:
My idea was to build and flash linux (ubuntu 10.10 works on toshiba AC100).
Click to expand...
Click to collapse
when i was debugging bootloader configs, i was provided some config files that Ac100 users said would work on our folio, but i see now partition setup is very different, so we need to make proper configs for our folio before experimenting with the bootloader..
again, as you metion backup seems to do , when recover seems unavailable currently. it will be hard to verify if the parition table layout is working.
Hi,
sorry, maybe I missunderstood someting, but I cannot understand your problem in reading out the whole flash.
1. I have opened / disassembled my Filio 100. And like I have suspected there is a 16GB micoSD card connected (soldered) to the PCB and fixed with glue. One could read out the whole flash in a card reader.
2. You have fully access to the microSD card out of Android:
/dev/block/mmcblk0
sh-4.1# cd /dev/block
cd /dev/block
sh-4.1# pwd
pwd
/dev/block
sh-4.1# ls -l
ls -l
brw------- root root 254, 1 2010-12-07 08:46 dm-1
brw------- root root 254, 0 2010-12-07 08:46 dm-0
drwxr-xr-x root root 2010-12-07 08:45 vold
brw------- root root 179, 17 2010-12-07 08:45 mmcblk1p1
brw------- root root 179, 16 2010-12-07 08:45 mmcblk1
brw------- root root 7, 7 2010-12-07 08:45 loop7
brw------- root root 7, 6 2010-12-07 08:45 loop6
brw------- root root 7, 5 2010-12-07 08:45 loop5
brw------- root root 7, 4 2010-12-07 08:45 loop4
brw------- root root 7, 3 2010-12-07 08:45 loop3
brw------- root root 7, 2 2010-12-07 08:45 loop2
brw------- root root 7, 1 2010-12-07 08:45 loop1
brw------- root root 7, 0 2010-12-07 08:45 loop0
brw------- root root 179, 8 2010-12-07 08:45 mmcblk0p8
brw------- root root 179, 7 2010-12-07 08:45 mmcblk0p7
brw------- root root 179, 6 2010-12-07 08:45 mmcblk0p6
brw------- root root 179, 5 2010-12-07 08:45 mmcblk0p5
brw------- root root 179, 4 2010-12-07 08:45 mmcblk0p4
brw------- root root 179, 3 2010-12-07 08:45 mmcblk0p3
brw------- root root 179, 2 2010-12-07 08:45 mmcblk0p2
brw------- root root 179, 1 2010-12-07 08:45 mmcblk0p1
brw------- root root 179, 0 2010-12-07 08:45 mmcblk0
sh-4.1#
Regards, Artem
Hi DerArtem! Nice first post indeed!!!!
Thank you for your information.
A micro SD soldered is a nice gift from toshiba!!! This means upgrades, full dumps, etc.
Great
A request: could you please post some pictures?
DerArtem said:
sorry, maybe I missunderstood someting, but I cannot understand your problem in reading out the whole flash.
Click to expand...
Click to collapse
did i write i had problem dumping the entire mmc device? not really.
Yes, you misunderstood,Writing a proper cfg file describing the different areas is required.. dumping is easy part, documenting is harder..
but feel free to contribute and document the .cfg file for bootloader, that is of course appreciated...
I just got back from my business trip, and finally had some more time to take a closer look at the device.
roglio said:
Hi DerArtem! Nice first post indeed!!!!
Thank you for your information.
A micro SD soldered is a nice gift from toshiba!!! This means upgrades, full dumps, etc.
Great
A request: could you please post some pictures?
Click to expand...
Click to collapse
The device has a warranty seal inside. If you open the device completly the seal will break. I have just opened the device soo far, that the seal will not break. To make photos I will have to open it copletly. I will think about it....
Dexter_nlb said:
did i write i had problem dumping the entire mmc device? not really.
Yes, you misunderstood,Writing a proper cfg file describing the different areas is required.. dumping is easy part, documenting is harder..
but feel free to contribute and document the .cfg file for bootloader, that is of course appreciated...
Click to expand...
Click to collapse
Ok, I see. I have duped the mmc and mounted the partitions on my pc:
Here is the partition table on my PC:
Code:
[email protected] ~/bin/folio $ /sbin/fdisk -u -l folio.img
Platte folio.img: 15.9 GByte, 15920005120 Byte
1 Köpfe, 63 Sektoren/Spur, 493551 Zylinder, zusammen 31093760 Sektoren
Einheiten = Sektoren von 1 × 512 = 512 Bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x00000000
Gerät boot. Anfang Ende Blöcke Id System
folio.img1 2048 526335 262144 83 Linux (/system)
folio.img2 526336 2623487 1048576 83 Linux (/cache)
folio.img3 2623488 2627583 2048 83 Linux (/misc)
folio.img4 2627584 31093759 14233088 5 Erweiterte
folio.img5 2628608 2644991 8192 83 Linux (???)
folio.img6 2646016 4743167 1048576 83 Linux (/data)
folio.img7 4744192 4754431 5120 83 Linux (???)
folio.img8 4755456 31093759 13169152 83 Linux (13G - storage)
Now you can mount the partitions on your pc:
Code:
sudo mount -o loop,ro,offset=$((512*2048)) folio.img /mnt/floppy/
I was not able to find the kernel or the bootloader or the root partition in the dump. I have also checked it with a hex editor.
Is the Folio using an other storage for kernel and bootloder? Does it have more NOR/NAND flash inside?
While looking at the size of the microSD (15920005120 bytes) I think that the bootloader is hiding a part of the microSD from the OS where the kernel and the bootloader are...
Where is the .cfg file you are talking about located?
DerArtem said:
Where is the .cfg file you are talking about located?
Click to expand...
Click to collapse
its a file assoiciated with the nvflash utility. search for the toshiba AC100 or here for more details for them it works fine.
the part 5 and 7 are boot kernel(8Mbyte) + recovery kernel(5Mbyte) , bootloader is as i know from ac100 on part0 , but thats not 100% yet.
Dexter_nlb said:
the part 5 and 7 are boot kernel(8Mbyte) + recovery kernel(5Mbyte) , bootloader is as i know from ac100 on part0 , but thats not 100% yet.
Click to expand...
Click to collapse
So, I have checked part 5 and 7. The content is the same like in boot.img and recovery.img. So the BCT is somewhere else...
Good evening!
I have been trying to give FreeXperia another chance after over a year, but I can't figure out where in the package is the ROM itself.
I downloaded the file FXP125-cm-9-20120616-UNOFFICIAL-es209ra-KERNEL.7z per the instructions on the development forum. This archive contains the following files:
Code:
-rw-rw-r-- 1 jp jp 152 juin 16 07:49 config.properties
drwx------ 9 jp jp 4096 juin 16 07:47 custom
drwx------ 22 jp jp 4096 juin 16 07:47 devices
drwx------ 2 jp jp 4096 juin 16 07:47 drivers
drwx------ 3 jp jp 4096 juin 16 07:48 firmwares
-rw-rw-r-- 1 jp jp 729 juin 2 14:36 FlashTool
-rw-rw-r-- 1 jp jp 144384 juin 2 14:36 FlashTool64.exe
-rw-rw-r-- 1 jp jp 3190 juin 2 14:36 FlashToolConsole
-rw-rw-r-- 1 jp jp 212992 juin 2 14:36 FlashTool.exe
drwx------ 2 jp jp 4096 juin 16 07:47 loaders
-rw-rw-r-- 1 jp jp 2183 juin 13 15:02 stderr.log
-rw-rw-r-- 1 jp jp 74905 juin 5 08:03 uninstall.exe
-rw-rw-r-- 1 jp jp 806494 juin 3 14:17 x10flasher.jar
drwx------ 8 jp jp 4096 juin 16 07:48 x10flasher_lib
Based on my previous ROM experience, there should be a .zip file in there to install from CWM or xRecovery. Looking for anything zip related in the archive yields the following result:
Code:
zip.exe
gzip.exe
ffjcext.zip
zipfs.jar
libzip.so
libzip.so
ffjcext.zip
zipfs.jar
zip.dll
ffjcext.zip
zipfs.jar
zip.dll
ffjcext.zip
zipfs.jar
I did find the kernel and was able to flash it and back to my Oodie 7.2 v3 kernel. That part is well covered. I also tried copying the whole archive to the phone and flash it from there, but it is not recognized.
Is there a different way to install this ROM?
Thanks!
Download the zip file
http://fiberupload.com/users/jerpelea/8294/FXP125_CM9.0_RC0
The file is located in es209ra. Put that on your sd card
Follow install guide:
http://forum.xda-developers.com/showpost.php?p=17998666&postcount=12446
Sent from my X10i using xda premium
Doh! It makes so much sense. Thanks!
I did it successfully this time. However, the colors are crap, WiFi does not work and the mobile data does not work either. I guess I will have to wait for another couple of weeks before trying again...
here's the fiix for data bug:
http://forum.xda-developers.com/showpost.php?p=22464715&postcount=561
for colour fix:
flash this in cwm : http://icxperia.com/championswimmer/x10-semc-es209ra/aokp/displayfix_FXP121_CM9_es209ra_CWM.zip
Thanks THElogiC! The colors are now OK. However, using the app to correct the APN issue is more difficult. I did find the .apk file on the developer website and copied it to my SD card. However, how can I install it? FXP125 does not come with a pre-installed file manager...
I am facing the same problem if I try to install a new file manager, and since I don't have data connectivity, I cannot install it from Google Play.
Is there any other way to install this .apk?
Thanks again!
---
UPDATE: I found this clever way of doing it...
http://forum.xda-developers.com/showpost.php?p=27511309&postcount=2
But it does not work either.
Code:
20/030/2012 21:30:30 - INFO - Installing ./custom/apps/HiAPN.apk
20/030/2012 21:30:30 - INFO - Installing ./custom/apps/Ghost Commander 1.41.1b5.apk
20/030/2012 21:30:30 - INFO - APK Installation finished
20/030/2012 21:30:41 - INFO - Device disconnected
And the apps still do not show in the drawer...
This is what I will be trying next:
http://forum.xda-developers.com/showpost.php?p=22600260&postcount=247
There's a way you can install apps without using file manger but using browser.
I will post link soon
Right now on mobile
Sent from my X10i
---------- Post added at 09:08 AM ---------- Previous post was at 08:52 AM ----------
here's the link:
http://forum.xda-developers.com/showthread.php?t=1695355
So..... I've been fussing with the kernel these days.
I managed to add cwm recovery just by editing initramfs.
also, I could enable init.d support
I had a repacker script that only involves original zImage and edited initramfs folder and it made my work easier.
Now, I became greedy and I wanted to add cpu governor.
If I want to do so, I 've gotta actually compile the kernel from source.
I first used this command
export ARCH=arm
export CROSS_COMPILE=/home/xxxxxxxx/arm-2009q3/bin/arm-none-eabi
make venturi_kor_defconfig #I have Korean device
make menuconfig # at the menu, i located my initramfs folder
make -j2
I've got numerous errors no matter what toolchain I used.
arm-eabi-4.4.0
arm-eabi-4.4.3
arm-eabi-4.7
arm-2009q3
arm-eabi-linaro 4.6.2
arm-eabi-linaro 4.7
all the zImages created had similar sizes as the original ones but none of them passed samsung logo (they do boot into recovery though)
4.4.3 and 4.7 didn't even make zImage so I guess that's guaranteed failure.
But Samsung's YP-GB70 Opensource zip says that I should use arm-2009q3 and when I do, it still gives me error
I use 12.04 LTS 64bit
any suggestion please? I'm dire
stylemate said:
So..... I've been fussing with the kernel these days.
I managed to add cwm recovery just by editing initramfs.
also, I could enable init.d support
I had a repacker script that only involves original zImage and edited initramfs folder and it made my work easier.
Now, I became greedy and I wanted to add cpu governor.
If I want to do so, I 've gotta actually compile the kernel from source.
I first used this command
export ARCH=arm
export CROSS_COMPILE=/home/xxxxxxxx/arm-2009q3/bin/arm-none-eabi
make venturi_kor_defconfig #I have Korean device
make menuconfig # at the menu, i located my initramfs folder
make -j2
I've got numerous errors no matter what toolchain I used.
arm-eabi-4.4.0
arm-eabi-4.4.3
arm-eabi-4.7
arm-2009q3
arm-eabi-linaro 4.6.2
arm-eabi-linaro 4.7
all the zImages created had similar sizes as the original ones but none of them passed samsung logo (they do boot into recovery though)
4.4.3 and 4.7 didn't even make zImage so I guess that's guaranteed failure.
But Samsung's YP-GB70 Opensource zip says that I should use arm-2009q3 and when I do, it still gives me error
I use 12.04 LTS 64bit
any suggestion please? I'm dire
Click to expand...
Click to collapse
Hmmm. First make sure you downloaded source for the gingerbread kernel (2.6.35) and not froyo (2.6.32) - it should also be a zip.
Second 4.4.3 is what I use, so that's quite strange. I'll need complete output to see what the problem is.
Mevordel said:
Hmmm. First make sure you downloaded source for the gingerbread kernel (2.6.35) and not froyo (2.6.32) - it should also be a zip.
Second 4.4.3 is what I use, so that's quite strange. I'll need complete output to see what the problem is.
Click to expand...
Click to collapse
Hmm sorrry for not clarifying that. I'm certain that I got Gingerbread source and it said to use G++ toolchain for EABI. Which is arm-2009q3-68
I made a mistake saying that It gave me an error. they were warnings. zImages were succesfully made along with other modules but it just doesn't boot.
btw, do you know how to fix bootloop when recovery can't locate cache partition and can't even factory reset?
stylemate said:
Hmm sorrry for not clarifying that. I'm certain that I got Gingerbread source and it said to use G++ toolchain for EABI. Which is arm-2009q3-68
I made a mistake saying that It gave me an error. they were warnings. zImages were succesfully made along with other modules but it just doesn't boot.
btw, do you know how to fix bootloop when recovery can't locate cache partition and can't even factory reset?
Click to expand...
Click to collapse
Do you have the initramfs packed into the rom because Samsung kernels have the initramfs inside them.
Sent from my Nexus 7 using Tapatalk HD
zaclimon said:
Do you have the initramfs packed into the rom because Samsung kernels have the initramfs inside them.
Sent from my Nexus 7 using Tapatalk HD
Click to expand...
Click to collapse
....... hmmmmmm I'm having quite hard time comprehending that....... sorry
i first extracted initramfs from zImage, (you know by using magic number like 30 37 30 37)
Then I added cwm recovery from Entropy's source.
I repacked it to modified_ramdisk.cpio
Then I tried to compile kernel by samsung's open source zip (inside there were one tar.gz for platform and another for kernel)
I used those commands at the first post, using the right toolchain that the opensource specified.
I even located my initramfs directory in the GUI section of config.
What did I do wrong?
stylemate said:
....... hmmmmmm I'm having quite hard time comprehending that....... sorry
i first extracted initramfs from zImage, (you know by using magic number like 30 37 30 37)
Then I added cwm recovery from Entropy's source.
I repacked it to modified_ramdisk.cpio
Then I tried to compile kernel by samsung's open source zip (inside there were one tar.gz for platform and another for kernel)
I used those commands at the first post, using the right toolchain that the opensource specified.
I even located my initramfs directory in the GUI section of config.
What did I do wrong?
Click to expand...
Click to collapse
Oh sorry I meant kernel instead of ROM. Hmm why don't you take an initramfs from another source or copy-paste the scripts from your device and add the cwm binaries from entropy's?
Sent from my Nexus 7 using Tapatalk HD
stylemate said:
Hmm sorrry for not clarifying that. I'm certain that I got Gingerbread source and it said to use G++ toolchain for EABI. Which is arm-2009q3-68
I made a mistake saying that It gave me an error. they were warnings. zImages were succesfully made along with other modules but it just doesn't boot.
btw, do you know how to fix bootloop when recovery can't locate cache partition and can't even factory reset?
Click to expand...
Click to collapse
stylemate said:
....... hmmmmmm I'm having quite hard time comprehending that....... sorry
i first extracted initramfs from zImage, (you know by using magic number like 30 37 30 37)
Then I added cwm recovery from Entropy's source.
I repacked it to modified_ramdisk.cpio
Then I tried to compile kernel by samsung's open source zip (inside there were one tar.gz for platform and another for kernel)
I used those commands at the first post, using the right toolchain that the opensource specified.
I even located my initramfs directory in the GUI section of config.
What did I do wrong?
Click to expand...
Click to collapse
As far as I know, you didn't do anything wrong. The issue must be somewhere in the init scripts (init.<whatever>, recovery.rc, ueventd.<whatever>). Did you copy those from Entropy's ramdisk too? Which ones?
zaclimon said:
Oh sorry I meant kernel instead of ROM. Hmm why don't you take an initramfs from another source or copy-paste the scripts from your device and add the cwm binaries from entropy's?
Sent from my Nexus 7 using Tapatalk HD
Click to expand...
Click to collapse
I think I'm the only one with korean SGP5 initramfs source.....
anyway, I had a repacking script which doesn't bother with compiling the actual kernel.
I could make a kernel with just CWM recovery and it worked.
But I figured out that I had to compile the actual kernel to add governor or OC stuff... so......
Mevordel said:
As far as I know, you didn't do anything wrong. The issue must be somewhere in the init scripts (init.<whatever>, recovery.rc, ueventd.<whatever>). Did you copy those from Entropy's ramdisk too? Which ones?
Click to expand...
Click to collapse
Ho Thanks for your suggestion. I didn't copy the actual files of those scripts, I looked at his commit and saw those lines changed when he was adding CWM. So I just added or replaced few lines at recovery.rc
Then I copied bunch of files in sbin, which seemed necessary for the recovery.
I copied the clockworkmod image file
Then finally i copied the recovery.fstab
to misc/
I edited recovery.fstab several times to get mount and storage work.
So I think initramfs itself has no problem....... It got me a working kernel with CWM recovery.
But it's the problem when I actually try to compile kernel from the scratch.....
stylemate said:
Ho Thanks for your suggestion. I didn't copy the actual files of those scripts, I looked at his commit and saw those lines changed when he was adding CWM. So I just added or replaced few lines at recovery.rc
Then I copied bunch of files in sbin, which seemed necessary for the recovery.
I copied the clockworkmod image file
Then finally i copied the recovery.fstab
to misc/
I edited recovery.fstab several times to get mount and storage work.
So I think initramfs itself has no problem....... It got me a working kernel with CWM recovery.
But it's the problem when I actually try to compile kernel from the scratch.....
Click to expand...
Click to collapse
When you were just modifying the initramfs, did it boot normally then?
Mevordel said:
When you were just modifying the initramfs, did it boot normally then?
Click to expand...
Click to collapse
yes. very smoothly
I used linaro tool chain 4.6.2 and also arm-eabi-4.7 both worked fine when i just modified the initramfs with a simple script.
stylemate said:
yes. very smoothly
I used linaro tool chain 4.6.2 and also arm-eabi-4.7 both worked fine when i just modified the initramfs with a simple script.
Click to expand...
Click to collapse
Can you boot into CWM and (using adb shell) give me the output of
Code:
cat /proc/cpuinfo
ls -la /
Thanks.
Mevordel said:
Can you boot into CWM and (using adb shell) give me the output of
Code:
cat /proc/cpuinfo
ls -la /
Thanks.
Click to expand...
Click to collapse
Sorry I couldn't do anything because my device was hard bricked and I fixed it today 0.0
Hope you are still around here.
I can't run adb shell with my newly compiled kernel
computer does not detect my device and i tried plugging it in and out several times, killing adb server each time.
interesting thing is that i can't mount USB storage, system, efs or anything else in CWM recovery.
Only cache partition is mounted which is strange. I used same initramfs source for both working kernel and newly compiled kernel,
but i don't know what happened during the compiling process.
I tried compiling with the original intiramfs folder (not modified one) and <3e> recovery also gave me numerous errors like can't mount where, where, where, where.
so there mustn't be a problem in both init.rc-like scripts and ultimately initramfs. It's probably the compiling process and how I set up the compilation.
Do i have to check all lines in venturi_kor_defconfig......?
oh btw, sdcard can be mounted with original ramdisk compiled kernel also, just checked it now.
stylemate said:
Sorry I couldn't do anything because my device was hard bricked and I fixed it today 0.0
Hope you are still around here.
I can't run adb shell with my newly compiled kernel
computer does not detect my device and i tried plugging it in and out several times, killing adb server each time.
interesting thing is that i can't mount USB storage, system, efs or anything else in CWM recovery.
Only cache partition is mounted which is strange. I used same initramfs source for both working kernel and newly compiled kernel,
but i don't know what happened during the compiling process.
I tried compiling with the original intiramfs folder (not modified one) and <3e> recovery also gave me numerous errors like can't mount where, where, where, where.
so there mustn't be a problem in both init.rc-like scripts and ultimately initramfs. It's probably the compiling process and how I set up the compilation.
Do i have to check all lines in venturi_kor_defconfig......?
oh btw, sdcard can be mounted with original ramdisk compiled kernel also, just checked it now.
Click to expand...
Click to collapse
I mean from CWM on your repacked-but-not-compiled kernel -- the one you said worked.
Also, which exactly zip did you download from Samsung's site? You don't need to go through the defconfig as long as you got the right one.
Third, please only compile with 4.4.3 or the one Samsung recommends. Anything newer will probably not work.
Fourth, as to partitions, they are all formatted to RFS, right? And can you run in CWM (where everything mounts and is mounted):
Code:
mount
fdisk -l /dev/block/mmcblk0
Mevordel said:
I mean from CWM on your repacked-but-not-compiled kernel -- the one you said worked.
Also, which exactly zip did you download from Samsung's site?
Third, please only compile with 4.4.3 or the one Samsung recommends. Anything newer will probably not work.
Click to expand...
Click to collapse
1st
Processor : ARMv7 Processor rev 2 (v7l)
BogoMIPS : 99.40
Features : swp half thumb fastmult vfp edsp thumbee neon vfpv3
CPU implementer : 0x41
CPU architecture: 7
CPU variant : 0x2
CPU part : 0xc08
CPU revision : 2
Hardware : SMDKC110
Revision : 0000
Serial : 08c5603ec1690711
-rw-r--r-- 1 system system 118 Dec 25 12:19 default.prop
drwxr-xr-x 9 root root 2840 Jan 23 01:26 dev
drwxrwxr-x 1 radio system 0 Jan 23 01:26 efs
drwxr-xr-x 2 root root 0 Jan 23 01:26 emmc
lrwxrwxrwx 1 root root 11 Jan 23 01:26 etc -> /system/etc
-rwxr-xr-x 1 system system 1876 Dec 25 12:19 fota.rc
-rwxr-xr-x 1 system system 168364 Dec 25 12:27 init
-rw-r--r-- 1 system system 1677 Dec 25 12:19 init.goldfish.rc
-rwxr-xr-x 1 system system 30941 Dec 28 08:32 init.rc
-rwxr-xr-x 1 system system 30931 Dec 25 17:46 init.rc~
-rwxr-xr-x 1 system system 4489 Dec 25 12:19 init.smdkc110.rc
drwxr-xr-x 3 system system 0 Dec 25 12:19 lib
-rwxr-xr-x 1 system system 1419 Dec 25 12:19 lpm.rc
drwx------ 2 system system 0 Dec 26 16:21 misc
drwxrwxr-x 3 root root 0 Jan 23 01:26 mnt
drwxr-xr-x 2 root root 0 Jan 23 01:26 preload
dr-xr-xr-x 60 root root 0 Jan 1 1970 proc
-rwxr-xr-x 1 system system 410344 Dec 25 12:19 recovery
-rw-r--r-- 1 system system 2182 Dec 25 12:39 recovery.rc
drwxr-xr-x 3 system system 0 Dec 25 12:40 res
drwxr-xr-x 2 system system 0 Dec 26 16:31 sbin
drwxr-xr-x 2 root root 0 Jan 23 01:26 sdcard
drwxr-xr-x 12 root root 0 Jan 23 01:26 sys
drwxr-xr-x 1 root root 0 Jan 23 01:26 system
drwxrwxrwt 2 root root 60 Jan 23 01:26 tmp
-rw-r--r-- 1 system system 0 Dec 25 12:19 ueventd.goldfish.rc
-rw-r--r-- 1 system system 4245 Dec 25 12:19 ueventd.rc
-rwxr-xr-x 1 system system 1749 Dec 25 12:19 ueventd.smdkc110.rc
drwxrwxr-x 3 system system 0 Dec 28 08:33 vendor
init.rc~ file is the autocreated backup file that i forgot to erase
2nd
I downloaded YP-GB70-WW GB Opensource.zip
3rd
Yes I've been using the right toolchain that the readme file specified.
I have tried 4.4.3 too and many other toolchains.
4th
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
it's very normal... I had to fix this part of partition cause my partition was messed up beginning from block 12 but now it's perfect.
picture stolen from Siraki......
stylemate said:
1st
Processor : ARMv7 Processor rev 2 (v7l)
BogoMIPS : 99.40
Features : swp half thumb fastmult vfp edsp thumbee neon vfpv3
CPU implementer : 0x41
CPU architecture: 7
CPU variant : 0x2
CPU part : 0xc08
CPU revision : 2
Hardware : SMDKC110
Revision : 0000
Serial : 08c5603ec1690711
-rw-r--r-- 1 system system 118 Dec 25 12:19 default.prop
drwxr-xr-x 9 root root 2840 Jan 23 01:26 dev
drwxrwxr-x 1 radio system 0 Jan 23 01:26 efs
drwxr-xr-x 2 root root 0 Jan 23 01:26 emmc
lrwxrwxrwx 1 root root 11 Jan 23 01:26 etc -> /system/etc
-rwxr-xr-x 1 system system 1876 Dec 25 12:19 fota.rc
-rwxr-xr-x 1 system system 168364 Dec 25 12:27 init
-rw-r--r-- 1 system system 1677 Dec 25 12:19 init.goldfish.rc
-rwxr-xr-x 1 system system 30941 Dec 28 08:32 init.rc
-rwxr-xr-x 1 system system 30931 Dec 25 17:46 init.rc~
-rwxr-xr-x 1 system system 4489 Dec 25 12:19 init.smdkc110.rc
drwxr-xr-x 3 system system 0 Dec 25 12:19 lib
-rwxr-xr-x 1 system system 1419 Dec 25 12:19 lpm.rc
drwx------ 2 system system 0 Dec 26 16:21 misc
drwxrwxr-x 3 root root 0 Jan 23 01:26 mnt
drwxr-xr-x 2 root root 0 Jan 23 01:26 preload
dr-xr-xr-x 60 root root 0 Jan 1 1970 proc
-rwxr-xr-x 1 system system 410344 Dec 25 12:19 recovery
-rw-r--r-- 1 system system 2182 Dec 25 12:39 recovery.rc
drwxr-xr-x 3 system system 0 Dec 25 12:40 res
drwxr-xr-x 2 system system 0 Dec 26 16:31 sbin
drwxr-xr-x 2 root root 0 Jan 23 01:26 sdcard
drwxr-xr-x 12 root root 0 Jan 23 01:26 sys
drwxr-xr-x 1 root root 0 Jan 23 01:26 system
drwxrwxrwt 2 root root 60 Jan 23 01:26 tmp
-rw-r--r-- 1 system system 0 Dec 25 12:19 ueventd.goldfish.rc
-rw-r--r-- 1 system system 4245 Dec 25 12:19 ueventd.rc
-rwxr-xr-x 1 system system 1749 Dec 25 12:19 ueventd.smdkc110.rc
drwxrwxr-x 3 system system 0 Dec 28 08:33 vendor
init.rc~ file is the autocreated backup file that i forgot to erase
2nd
I downloaded YP-GB70-WW GB Opensource.zip
3rd
Yes I've been using the right toolchain that the readme file specified.
I have tried 4.4.3 too and many other toolchains.
Click to expand...
Click to collapse
Thanks. I edited my post after you quoted it. But from what you posted, everything looks in order. (A minor OCD is that you should delete init.rc~, but it shouldn't make a difference.)
It's somewhat a hunch, but try downloading the "YP-G1 US" source and compiling it with venturi_kor_defconfig,
And I'm not sure, as I don't have any of the Korean devices, but isn't there a difference between YP-G70 and YP-GB70? If so, then venturi may not even be the right config.
Mevordel said:
Thanks. I edited my post after you quoted it. But from what you posted, everything looks in order. (A minor OCD is that you should delete init.rc~, but it shouldn't make a difference.)
It's somewhat a hunch, but try downloading the "YP-G1 US" source and compiling it with venturi_kor_defconfig,
And I'm not sure, as I don't have any of the Korean devices, but isn't there a difference between YP-G70 and YP-GB70? If so, then venturi may not even be the right config.
Click to expand...
Click to collapse
DMB function and Camera is the major and maybe the only difference. But That doesn't really matter.
As long as i get bootable kernel I will be fine with it. Haha
Thank you, I will try with YP-G70 later.
Hello,
is there any working linux script for extracting v30 kdz firmware and dz files?
Big thanks for help
H930g - lgv30 - kdz extract - linux
djsven said:
Hello,
is there any working linux script for extracting v30 kdz firmware and dz files?
Big thanks for help
Click to expand...
Click to collapse
Yes sir , I have found one
https://github.com/ehem/kdztools
Here are the output from my first test:
[email protected]:~/Android/kdztools-master$ ./unkdz -f H93011m_00_OPEN_EU_OP_1229.kdz -l
[!] Warning: Data between headers and payload! (offsets 826 to 83768)
[+] KDZ Partition List (format v2)
=========================================
0 : H93011m_00.dz (3563995785 bytes)
1 : LGUP_c.dll (3079120 bytes)
2 : LGUP_c.dylib (1229456 bytes)
[email protected]:~/Android/kdztools-master$ ./unkdz -f H93011m_00_OPEN_EU_OP_1229.kdz -x
[!] Warning: Data between headers and payload! (offsets 826 to 83768)
[+] Extracting all partitions from v2 file!
[+] Extracting H93011m_00.dz to kdzextracted/H93011m_00.dz
[+] Extracting LGUP_c.dll to kdzextracted/LGUP_c.dll
[+] Extracting LGUP_c.dylib to kdzextracted/LGUP_c.dylib
[+] Extracting extra data to kdzextracted/kdz_extras.bin
So far this is the only steps I have tried, I will give a later try to extract the whole DZ file
For your information I m running Ubuntu 16.04 LTS
I wish you good luck
Edit : Unfortunately I got this error when I try to list the DZ file
[email protected]:~/Android/kdztools-master$ ./undz -f H93011m_00.dz -l
[!] Error: Value supposed to be zero in field "reserved5" is non-zero (0x5900)
Sorry For this deception, maybe you know what this error is meaning ?
The format changed slightly, but the extraction still works. I didn't feel like figuring out what the data in the reserved field is for, so just comment out the two sys.exit(1).
You can use this patch...
Code:
diff --git a/undz.py b/undz.py
index 1078248..aa386a0 100755
--- a/undz.py
+++ b/undz.py
@@ -74,7 +74,7 @@ class UNDZUtils(object):
dz_item[key] = dz_item[key].rstrip(b'\x00')
if b'\x00' in dz_item[key]:
print("[!] Error: extraneous data found IN "+key, file=sys.stderr)
- sys.exit(1)
+ #sys.exit(1)
elif type(dz_item[key]) is int:
if dz_item[key] != 0:
print('[!] Error: Value supposed to be zero in field "'+key+'" is non-zero ('+hex(dz_item[key])+')', file=sys.stderr)
@@ -86,7 +86,7 @@ class UNDZUtils(object):
# To my knowledge this is supposed to be blank (for now...)
if len(dz_item['pad']) != 0:
print("[!] Error: pad is not empty", file=sys.stderr)
- sys.exit(1)
+ #sys.exit(1)
return dz_item
@@ -195,7 +195,7 @@ class UNDZChunk(dz.DZChunk, UNDZUtils):
zdata = self.dz.dzfile.read(self.dataSize)
# Decompress the data
- buf = zlib.decompress(zdata)
+ buf = zlib.decompress(zdata)
crc = crc32(buf) & 0xFFFFFFFF
-- Brian
runningnak3d said:
The format changed slightly, but the extraction still works. I didn't feel like figuring out what the data in the reserved field is for, so just comment out the two sys.exit(1).
You can use this patch...
Code:
diff --git a/undz.py b/undz.py
index 1078248..aa386a0 100755
--- a/undz.py
+++ b/undz.py
@@ -74,7 +74,7 @@ class UNDZUtils(object):
dz_item[key] = dz_item[key].rstrip(b'\x00')
if b'\x00' in dz_item[key]:
print("[!] Error: extraneous data found IN "+key, file=sys.stderr)
- sys.exit(1)
+ #sys.exit(1)
elif type(dz_item[key]) is int:
if dz_item[key] != 0:
print('[!] Error: Value supposed to be zero in field "'+key+'" is non-zero ('+hex(dz_item[key])+')', file=sys.stderr)
@@ -86,7 +86,7 @@ class UNDZUtils(object):
# To my knowledge this is supposed to be blank (for now...)
if len(dz_item['pad']) != 0:
print("[!] Error: pad is not empty", file=sys.stderr)
- sys.exit(1)
+ #sys.exit(1)
return dz_item
@@ -195,7 +195,7 @@ class UNDZChunk(dz.DZChunk, UNDZUtils):
zdata = self.dz.dzfile.read(self.dataSize)
# Decompress the data
- buf = zlib.decompress(zdata)
+ buf = zlib.decompress(zdata)
crc = crc32(buf) & 0xFFFFFFFF
-- Brian
Click to expand...
Click to collapse
hey , this doesnt work at all, its still showing the same error as before , im trying to extract G7 ThinQ kdz
[email protected]:~/kdztools-master$ ./undz.py -x -f G71010b_00.dz
[!] Error: Value supposed to be zero in field "reserved5" is non-zero (0x5900)
[email protected]:~/kdztools-master$
Click to expand...
Click to collapse
This was a quick hack to get V30 Nougat KDZs to extract. V30 Oreo KDZs require additional work, and I haven't even looked at G7 KDZs yet.
-- Brian
Encounter the same issue, patched the sys.exit() calls and flipped this line to avoid the error with reserved5:
('reserved5', ('I', False)), # currently always zero
But still errors. Further info at: hxxxs://github.com/ehem/kdztools/issues/16#issuecomment-435356938
SALT works perfectly fine with V30 oreo kdzs, doesnt work though with G7/V40 kdzs ?
i mean... SALT actually can do way more than just extracting kdzs ... but thats the only use i have for it atm
SGCMarkus said:
SALT works perfectly fine with V30 oreo kdzs, doesnt work though with G7/V40 kdzs ?
i mean... SALT actually can do way more than just extracting kdzs ... but thats the only use i have for it atm
Click to expand...
Click to collapse
Managed to unpack a modem partition LG changed the compression algorithm from zlib to zstd on LG V40 kdzs
SGCMarkus said:
SALT works perfectly fine with V30 oreo kdzs, doesnt work though with G7/V40 kdzs ?
i mean... SALT actually can do way more than just extracting kdzs ... but thats the only use i have for it atm
Click to expand...
Click to collapse
Thank you very much for posting this.
It turns out I had a corrupt download of the H932 20o KDZ and no -- LG hasn't made any additional changes to the KDZ format.
When I saw that SALT was working for you, then I knew my extractor should work as well and that lead me to start looking elsewhere.
-- Brian
BINGO! LGV40 unpacked!
Code:
[20:10 [email protected] dzextracted] > sudo mount -t ext4 vendor_a.image /media/edu/ext4_tmp
[sudo] password for edu:
[20:10 [email protected] dzextracted] > cd /media/edu/ext4_tmp
[20:10 [email protected] ext4_tmp] > ll
total 220K
drwxr-xr-x. 10 root 2000 4.0K Dec 31 2008 app
drwxr-xr-x. 6 root 2000 8.0K Dec 31 2008 bin
drwxr-xr-x. 2 root 2000 4.0K Dec 31 2008 carrier
drwxr-xr-x. 2 root 2000 4.0K Dec 31 2008 dsp
drwxr-xr-x. 2 root 2000 4.0K Dec 31 2008 els
drwxr-xr-x. 2 root 2000 4.0K Dec 31 2008 eri
drwxr-xr-x. 23 root 2000 4.0K Dec 31 2008 etc
drwxr-xr-x. 2 root 2000 4.0K Dec 31 2008 ffu
drwxr-xr-x. 3 root 2000 4.0K Dec 31 2008 firmware
drwxr-xr-x. 2 root 2000 4.0K Dec 31 2008 fota
drwxr-xr-x. 2 root 2000 4.0K Dec 31 2008 framework
drwxr-xr-x. 11 root 2000 16K Dec 31 2008 lib
drwxr-xr-x. 9 root 2000 16K Dec 31 2008 lib64
drwx------. 2 root root 16K Dec 31 2008 lost+found
drwxr-xr-x. 2 root 2000 4.0K Dec 31 2008 media
drwxr-xr-x. 2 root 2000 4.0K Dec 31 2008 mpt
drwxr-xr-x. 83 root 2000 4.0K Dec 31 2008 overlay
drwxr-xr-x. 3 root 2000 4.0K Dec 31 2008 package
drwxr-xr-x. 3 root 2000 4.0K Dec 31 2008 persdata
drwxr-xr-x. 2 root 2000 4.0K Dec 31 2008 persist-lg
drwxr-xr-x. 2 root 2000 4.0K Dec 31 2008 power
drwxr-xr-x. 3 root 2000 4.0K Dec 31 2008 priv-app
drwxr-xr-x. 3 root 2000 4.0K Dec 31 2008 radio
drwxr-xr-x. 5 root 2000 4.0K Dec 31 2008 rfs
drwxr-xr-x. 2 root 2000 4.0K Dec 31 2008 sns
drwxr-xr-x. 2 root 2000 4.0K Dec 31 2008 srtc
drwxr-xr-x. 3 root 2000 4.0K Dec 31 2008 vzw
-rw-------. 1 root root 8.8K Dec 31 2008 build.prop
-rw-r--r--. 1 root root 1.9K Dec 31 2008 compatibility_matrix.xml
-rw-------. 1 root root 684 Dec 31 2008 default.prop
lrw-r--r--. 1 root root 12 Dec 31 2008 factory_data -> /system/data
lrw-r--r--. 1 root root 19 Dec 31 2008 factory_etc -> /system/factory_etc
lrw-r--r--. 1 root root 19 Dec 31 2008 factory_lib -> /system/factory_lib
lrw-r--r--. 1 root root 21 Dec 31 2008 factory_lib64 -> /system/factory_lib64
-rw-r--r--. 1 root root 36K Dec 31 2008 manifest.xml
-rw-r--r--. 1 root root 16K Dec 31 2008 ueventd.rc
runningnak3d said:
Thank you very much for posting this.
It turns out I had a corrupt download of the H932 20o KDZ and no -- LG hasn't made any additional changes to the KDZ format.
When I saw that SALT was working for you, then I knew my extractor should work as well and that lead me to start looking elsewhere.
-- Brian
Click to expand...
Click to collapse
I PM you with the URL. I guess you don't need it but figured you would want an official link from LG Bridge.
Sent from my LG-H932 using XDA Labs
eduuk said:
Managed to unpack a modem partition LG changed the compression algorithm from zlib to zstd on LG V40 kdzs
Click to expand...
Click to collapse
Hello eduuk,
What did you do to get V40 to unpack? I have a feeling it could work for the LG G7. Thanks for any help.
Dvalin21 said:
Hello eduuk,
What did you do to get V40 to unpack? I have a feeling it could work for the LG G7. Thanks for any help.
Click to expand...
Click to collapse
I am also unable to get a useful unpack of a G7 or V40 KDZ.
@eduuk You don't even need to share your code, but if you could just point out the differences between the V30 and V40 KDZ format it would be appreciated.
-- Brian
@eduuk i got passed the reserved5 but now i get this error: [!] Error: extraneous data found IN pad
Also, if you can provide help with changing the compression algorithm from zlib to zstd i would appreciate it.
Dvalin21 said:
@eduuk i got passed the reserved5 but now i get this error: [!] Error: extraneous data found IN pad
Also, if you can provide help with changing the compression algorithm from zlib to zstd i would appreciate it.
Click to expand...
Click to collapse
I hate doing work that someone else has already done -- it is just a waste of time, but since it seems that he isn't willing to share the changes, I am spending the day mapping out the structure of the G7 / V40 KDZ format, and updating the extractor so that it can deal with the new version.
As soon as I have it functional, I will post a link to the repo.
-- Brian
runningnak3d said:
I hate doing work that someone else has already done -- it is just a waste of time, but since it seems that he isn't willing to share the changes, I am spending the day mapping out the structure of the G7 / V40 KDZ format, and updating the extractor so that it can deal with the new version.
As soon as I have it functional, I will post a link to the repo.
-- Brian
Click to expand...
Click to collapse
You rock sir, thank you
Dvalin21 said:
You rock sir, thank you
Click to expand...
Click to collapse
Well, that was more of a pain in the butt than it needed to be, but repo is incoming once I clean up some of my debug code:
Code:
[swango:~/dev/kdztools/kdzextracted] master(+11/-8)* ± ../undz2.py -f G71010f_00.dz -l
[+] DZ Partition List
=========================================
0/ 0 : PrimaryGPT_0.bin (1363 bytes)
0/ 1 : PrimaryGPT_0.bin (277 bytes)
0/ 2 : PrimaryGPT_0.bin (277 bytes)
0/ 3 : PrimaryGPT_0.bin (335 bytes)
0/ 4 : PrimaryGPT_0.bin (2355 bytes)
0/ 5 : PrimaryGPT_0.bin (404 bytes)
0/ 6 : PrimaryGPT_0.bin (213 bytes)
1/?? : mpt (<empty>)
2/?? : drm (<empty>)
3/?? : sns (<empty>)
4/?? : ssd (<empty>)
5/ 7 : persist_13446.bin (743 bytes)
6/?? : misc (<empty>)
7/ 8 : ftm_21894.bin (75 bytes)
8/?? : power (<empty>)
9/?? : encrypt (<empty>)
10/?? : eksst (<empty>)
11/?? : rct (<empty>)
12/?? : fota (<empty>)
13/?? : srtc (<empty>)
14/?? : pstore (<empty>)
15/?? : els (<empty>)
16/?? : carrier (<empty>)
17/?? : persdata (<empty>)
18/ 9 : oem_a_77574.bin (738 bytes)
<snip>
and
Code:
θ78° [swango:~/dev/kdztools/kdzextracted] master(+11/-8)* 3s ± ../undz2.py -f G71010f_00.dz -s 20
[+] Extracting single slice^Wpartition!
[+] Extracting vendor_a_81670.bin to vendor_a.image
[+] Extracting vendor_a_114503.bin to vendor_a.image
[+] Extracting vendor_a_147206.bin to vendor_a.image
[+] Extracting vendor_a_147701.bin to vendor_a.image
<snip>
[swango:~/dev/kdztools/kdzextracted] master(+11/-8)* 130 ± cd dzextracted/
[swango:~/dev … ols/kdzextracted/dzextracted] master(+11/-8)* ± mkdir mnt
[swango:~/dev … ols/kdzextracted/dzextracted] master(+11/-8)* ± sudo mount vendor_a.image ./mnt
[swango:~/dev … ols/kdzextracted/dzextracted] master(+11/-8)* ± cd mnt
[swango:~/dev … kdzextracted/dzextracted/mnt] $ ls -al
total 208
drwxr-xr-x 27 root root 4096 Dec 31 1969 .
drwxr-xr-x 3 swango swango 4096 Dec 15 10:29 ..
drwxr-xr-x 8 root 2000 4096 Dec 31 2008 app
drwxr-xr-x 6 root 2000 8192 Dec 31 2008 bin
-rw------- 1 root root 8664 Dec 31 2008 build.prop
drwxr-xr-x 2 root 2000 4096 Dec 31 2008 carrier
<snip>
The quick and dirty is that the header changed -- which is why there was data in the pad (that is the zero padding at the end of the header to make it 512 bytes) -- so I defined those, and they also changed the compression from zlib to zstandard (you need version 0.9 or greater) NOT zstd.
Lastly, when the compress, they don't include the size in the zstandard header, so I just picked a value that was big enough to decompress the largest partition.
Again, I have a lot of cleanup to do, and then I will commit this. Eventually I will make it so you can pass something like --zlib or --zst so that one file can be used to extract both old and new format KDZs, but for now there is undz2.py
-- Brian
OK - thread and link are here.
Please let me know if you come across any KDZs that you can't extract, but please post the errors in that thread.
-- Brian
Dvalin21 said:
Hello eduuk,
What did you do to get V40 to unpack? I have a feeling it could work for the LG G7. Thanks for any help.
Click to expand...
Click to collapse
runningnak3d said:
OK - thread and link are here.
Please let me know if you come across any KDZs that you can't extract, but please post the errors in that thread.
-- Brian
Click to expand...
Click to collapse
hey guys,
sorry but I didnt get the time to answer you. Took me an entire day to patch the python code. It's so so ugly code, so I would prefer not share it if anyone can code it better than me
There was a guy who was sending me private messages to do the same as me, and he got it too. The only thing to do is to change the algorithm and patch out asserts and other checks.
Please let me know if you can do it without my ugly code. Otherwise, I will share it of course.
---------- Post added at 12:54 AM ---------- Previous post was at 12:51 AM ----------
runningnak3d said:
Well, that was more of a pain in the butt than it needed to be, but repo is incoming once I clean up some of my debug code:
Code:
[swango:~/dev/kdztools/kdzextracted] master(+11/-8)* ± ../undz2.py -f G71010f_00.dz -l
[+] DZ Partition List
=========================================
0/ 0 : PrimaryGPT_0.bin (1363 bytes)
0/ 1 : PrimaryGPT_0.bin (277 bytes)
0/ 2 : PrimaryGPT_0.bin (277 bytes)
0/ 3 : PrimaryGPT_0.bin (335 bytes)
0/ 4 : PrimaryGPT_0.bin (2355 bytes)
0/ 5 : PrimaryGPT_0.bin (404 bytes)
0/ 6 : PrimaryGPT_0.bin (213 bytes)
1/?? : mpt (<empty>)
2/?? : drm (<empty>)
3/?? : sns (<empty>)
4/?? : ssd (<empty>)
5/ 7 : persist_13446.bin (743 bytes)
6/?? : misc (<empty>)
7/ 8 : ftm_21894.bin (75 bytes)
8/?? : power (<empty>)
9/?? : encrypt (<empty>)
10/?? : eksst (<empty>)
11/?? : rct (<empty>)
12/?? : fota (<empty>)
13/?? : srtc (<empty>)
14/?? : pstore (<empty>)
15/?? : els (<empty>)
16/?? : carrier (<empty>)
17/?? : persdata (<empty>)
18/ 9 : oem_a_77574.bin (738 bytes)
<snip>
and
Code:
θ78° [swango:~/dev/kdztools/kdzextracted] master(+11/-8)* 3s ± ../undz2.py -f G71010f_00.dz -s 20
[+] Extracting single slice^Wpartition!
[+] Extracting vendor_a_81670.bin to vendor_a.image
[+] Extracting vendor_a_114503.bin to vendor_a.image
[+] Extracting vendor_a_147206.bin to vendor_a.image
[+] Extracting vendor_a_147701.bin to vendor_a.image
<snip>
[swango:~/dev/kdztools/kdzextracted] master(+11/-8)* 130 ± cd dzextracted/
[swango:~/dev … ols/kdzextracted/dzextracted] master(+11/-8)* ± mkdir mnt
[swango:~/dev … ols/kdzextracted/dzextracted] master(+11/-8)* ± sudo mount vendor_a.image ./mnt
[swango:~/dev … ols/kdzextracted/dzextracted] master(+11/-8)* ± cd mnt
[swango:~/dev … kdzextracted/dzextracted/mnt] $ ls -al
total 208
drwxr-xr-x 27 root root 4096 Dec 31 1969 .
drwxr-xr-x 3 swango swango 4096 Dec 15 10:29 ..
drwxr-xr-x 8 root 2000 4096 Dec 31 2008 app
drwxr-xr-x 6 root 2000 8192 Dec 31 2008 bin
-rw------- 1 root root 8664 Dec 31 2008 build.prop
drwxr-xr-x 2 root 2000 4096 Dec 31 2008 carrier
<snip>
The quick and dirty is that the header changed -- which is why there was data in the pad (that is the zero padding at the end of the header to make it 512 bytes) -- so I defined those, and they also changed the compression from zlib to zstandard (you need version 0.9 or greater) NOT zstd.
Lastly, when the compress, they don't include the size in the zstandard header, so I just picked a value that was big enough to decompress the largest partition.
Again, I have a lot of cleanup to do, and then I will commit this. Eventually I will make it so you can pass something like --zlib or --zst so that one file can be used to extract both old and new format KDZs, but for now there is undz2.py
-- Brian
Click to expand...
Click to collapse
Yeah 0x200 bytes of header, i removed that first with dd and then I coded in python changing offsets. Sorry but I dont have the time of coding this properly.
---------- Post added at 12:59 AM ---------- Previous post was at 12:54 AM ----------
eduuk said:
hey guys,
sorry but I didnt get the time to answer you. Took me an entire day to patch the python code. It's so so ugly code, so I would prefer not share it if anyone can code it better than me
There was a guy who was sending me private messages to do the same as me, and he got it too. The only thing to do is to change the algorithm and patch out asserts and other checks.
Please let me know if you can do it without my ugly code. Otherwise, I will share it of course.
---------- Post added at 12:54 AM ---------- Previous post was at 12:51 AM ----------
Yeah 0x200 bytes of header, i removed that first with dd and then I coded in python changing offsets. Sorry but I dont have the time of coding this properly.
Click to expand...
Click to collapse
The best way is to do a pull request at the main repo https://github.com/ehem/kdztools
---------- Post added at 01:00 AM ---------- Previous post was at 12:59 AM ----------
runningnak3d said:
I hate doing work that someone else has already done -- it is just a waste of time, but since it seems that he isn't willing to share the changes, I am spending the day mapping out the structure of the G7 / V40 KDZ format, and updating the extractor so that it can deal with the new version.
As soon as I have it functional, I will post a link to the repo.
-- Brian
Click to expand...
Click to collapse
Dude, did you read this by any chance? https://github.com/ehem/kdztools/issues
Cheers mate
Thanks for the answer @eduuk, however Brian did a kdztool working that I was able to fully extract all the image files for the G710TM10n firmware for T-Mobile. Still with that said we still appreciate all your work!
ORIGINAL POST:
Hello,
this is almost a brand new phone, still no resources over the internet about how to root it.
Is anybody working on it?
Does anybody know a viable solution to effectively root BL8800 Pro without any damage?
Thanks
--------------------------------------------
ROOTING PROCEDURE WITH UBUNTU 22.04 - ONLY FOR PHONE FIRMWARE 20220617v02 (big thanks to adamfahdi)
***WARNING*** THIS IS RISKY: 1 USER REPORTED A BRICKED PHONE WITH BOOT LOOP, ALL OTHERS OK - PLEASE DO NOT CHANGE ANYTHING AND CONTROL SYSTEM VERSION THOROUGHLY
***WARNING*** THIS PROCEDURE WILL WIPE ALL YOUR PHONE CONTENTS, IT'S LIKE A FACTORY RESET, BACKUP ANYTHING YOU NEED BEFORE ACTING!
ACTIONS ON BL8800 Pro PHONE
---> activate developer menu and USB debug on BL8800 Pro
---> check "oem unlocking" in developer menu
---> check "enable USB debug" in developer menu
---> install latest magisk apk (CURRENTLY 25.2)
---> check "enable alternate sources" when installing magisk
---> connect USB cable
---> copy boot.img on phone (downloaded from https://mega.nz/file/rDIAWJaR#TOjmxZl5LdjyVur3lwqP2wgNCm19tNoLhxXioRV8n70 this is for 20220617v02 firmware ONLY!)
---> patch boot.img with magisk
---> copy patched pboot.img on PC
ACTIONS FROM UBUNTU 22.04
---> open terminal
$ sudo apt install adb fastboot
$ adb devices -l
List of devices attached
BL8800PEEAxxxxxxx unauthorized usb:3-2 transport_id:1
---> authorize PC from BL8800 Pro screen
$ adb devices -l
List of devices attached
BL8800PEEAxxxxxxx device usb:3-2 product:BL8800Pro_EEA model:BL8800Pro device:BL8800Pro transport_id:1
---> check if adb is working correctly and reboot to bootloader
$ adb shell
BL8800Pro:/ $ ls
acct bin cache d data_mirror default.prop etc init.environ.rc lost+found mnt oem proc sdcard sys system_ext apex bugreports config data debug_ramdisk dev init linkerconfig metadata odm postinstall product storage system vendor
BL8800Pro:/ $ reboot bootloader
$ fastboot devices
BL8800PEEAxxxxxxx fastboot
$ fastboot flashing unlock
---> press VolumeUP on phone to choose "Yes" <----- THIS WILL WIPE ALL YOUR PHONE CONTENTS!!!
(bootloader) Start unlock flow
OKAY [ 7.348s]
Finished. Total time: 7.348s
$ fastboot flash boot pboot.img <----- THIS MAY BRICK YOUR PHONE!!!
Sending 'boot_a' (40960 KB) OKAY [ 1.368s]
Writing 'boot_a' OKAY [ 0.177s]
Finished. Total time: 1.563s
$ fastboot reboot
EXTRA: PROCEDURE TO RUN APPS THAT DENY EXECUTION WITH ROOTED PHONE
Some sleazy apps (banking, ebay, etc.) check if you have rooted your phone and refuse to run/authenticate/etc.
This is how you can solve this, everything done from MAGISK:
activate Magisk Hide, in the "App" settings section - rename magisk app to whatever you like
activate Zygisk, in the "Magisk" setting section, then reboot
in the "Magisk" setting section, select the rogue apps you want to hide rooting from (e.g. ebay)
in Magisk modules section install "Shamiko" module downloaded from https://github.com/LSPosed/LSPosed.github.io/releases then reboot
in Magisk modules section install "Universal SafetyNet Fix" module downloaded from https://github.com/kdrag0n/safetynet-fix/releases then reboot
check in Magisk modules section that both modules are active and running
EXTRA: in order to check that safetynet fix is working, you may download "YASNAC" app from play store
ENJOY YOUR PHONE!!!
do you only want to root?
Keep in mind:
Rooting may void the manufacturer’s warranty on your device.
Rooting will block the firmware OTA updates.
Required Downloads:1)Download ADB & Fastboot files
2)Blackview USB Drivers install on your pc
3)Download Other Drivers: Mediatek VCOM Drivers or MTK USB Drivers
4)Download And Install the SP Flash tool on your computer
5)Download the latest Blackview Stock ROM and move it to the PC
Download and extract the stock ROM to your PC.
You need to extract the boot image using the MTK Droid Tool
Attach your device via USB cable and copy only the boot.img file from the extracted folder to your device storage
Launch Magisk Manager. When a popup appears asking to install Magisk, select INSTALL and choose install again.
Tap on “Patch Boot Image File”.
Navigate to internal storage and select your phone’s boot image that you transferred earlier.
Wait for a couple of seconds. Magisk will start patching the boot image.
Once the boot image has been patched, copy the “patched_boot.img” from the internal storage and replace it in the same extracted ROM folder on your PC.
To flash stock rom whit the patched image follow this
Hi, thanks for your answer.
Do these tools also work on linux?
I saw that BL8800 Pro ROM is not available on the page, is there anyother source where I can download or some tool that can make a snapshot from the phone?
I saw that MTK Droid Tool looks like windows only but I am not worried... while the USB drivers are included in linux kernel? Here running ubuntu 22.04, thanks!
Update: I just obtained two firmare files, one maked EEA (likely for Europe) with date 2022-06-17 and another one marked NEU (likely NotEUrope) with date 2022-06-10, both subversion V02 directly from Blackview customer support. This is listing of EEA version:
-rw-rw-r-- 1 1000 1000 41943040 giu 16 19:59 boot-debug.img
-rw-rw-r-- 1 1000 1000 41943040 giu 16 19:59 boot.img
drwxrwxr-x 2 1000 1000 4096 giu 16 19:59 DATABASE
-rw-rw-r-- 1 1000 1000 136976 giu 16 19:59 dpm.img
-rw-rw-r-- 1 1000 1000 148064 giu 16 19:59 dpm-verified.img
-rw-rw-r-- 1 1000 1000 8388608 giu 16 19:59 dtbo.img
-rw-rw-r-- 1 1000 1000 72960 giu 16 19:59 dtbo-verified.img
-rw-rw-r-- 1 1000 1000 2029376 giu 16 19:59 gz.img
-rw-rw-r-- 1 1000 1000 2033072 giu 16 19:59 gz-verified.img
-rw-rw-r-- 1 1000 1000 1226000 giu 16 19:59 lk.img
-rw-rw-r-- 1 1000 1000 1233392 giu 16 19:59 lk-verified.img
-rw-rw-r-- 1 1000 1000 8420336 giu 16 19:59 logo.bin
-rw-rw-r-- 1 1000 1000 8424032 giu 16 19:59 logo-verified.bin
-rw-rw-r-- 1 1000 1000 440624 giu 16 19:59 mcupm.img
-rw-rw-r-- 1 1000 1000 444320 giu 16 19:59 mcupm-verified.img
-rwxrwxr-x 1 1000 1000 64971072 giu 16 19:59 md1img.img
-rw-rw-r-- 1 1000 1000 64982208 giu 16 19:59 md1img-verified.img
-rw-rw-r-- 1 1000 1000 50656 giu 16 19:59 MT6833_Android_scatter.txt
-rw-rw-r-- 1 1000 1000 83956 giu 16 19:59 MT6833_Android_scatter.xml
-rw-rw-r-- 1 1000 1000 2080 giu 16 19:59 pi_img.img
-rw-rw-r-- 1 1000 1000 5776 giu 16 19:59 pi_img-verified.img
-rw-rw-r-- 1 1000 1000 391996 giu 16 19:59 preloader_tf929_dk_dk029_lepton_6833_r0_eea.bin
-rw-rw-r-- 1 1000 1000 428528 giu 16 19:59 scp.img
-rw-rw-r-- 1 1000 1000 435920 giu 16 19:59 scp-verified.img
-rw-rw-r-- 1 1000 1000 11088 giu 16 19:59 spmfw.img
-rw-rw-r-- 1 1000 1000 14784 giu 16 19:59 spmfw-verified.img
-rw-rw-r-- 1 1000 1000 657344 giu 16 19:59 sspm.img
-rw-rw-r-- 1 1000 1000 661040 giu 16 19:59 sspm-verified.img
-rw-r--r-- 1 1000 1000 5135711316 giu 16 19:59 super.img
-rw-rw-r-- 1 1000 1000 970240 giu 16 19:59 tee.img
-rw-rw-r-- 1 1000 1000 977632 giu 16 19:59 tee-verified.img
-rw-r--r-- 1 1000 1000 2343188 giu 16 19:59 userdata.img
-rw-rw-r-- 1 1000 1000 4096 giu 16 19:59 vbmeta.img
-rw-rw-r-- 1 1000 1000 4096 giu 16 19:59 vbmeta_system.img
-rw-rw-r-- 1 1000 1000 4096 giu 16 19:59 vbmeta_vendor.img
DATABASE/
-rw-rw-r-- 1 1000 1000 202741 giu 16 19:59 APDB_MT6853_S01__W2209
-rw-rw-r-- 1 1000 1000 20943 giu 16 19:59 APDB_MT6853_S01__W2209_ENUM
-rwxrwxr-x 1 1000 1000 11093341 giu 16 19:59 MDDB_InfoCustomAppSrcP_MT6833_S00_TF928_R0_6833_NLWCG_V0_1_9_S220505_1_unlwctg_n.EDB
-rwxrwxr-x 1 1000 1000 746087 giu 16 19:59 MDDB.META_MT6833_S00_TF928_R0_6833_NLWCG_V0_1_9_S220505_1_unlwctg_n.EDB
Is this the correct overall filesystem suitable for modifying before flashing?
Thanks
One update: trying to feed scatter.xml file to SP Flash Tool gets the complaint that "MT68 platform not supported on this version" (it's MT6833) but versions following 5.1924 don't have the field for scatter.xml file....
SO at the moment I am stopped at full adb shell to the device, but nothing much more.
Btw, in order to avoid problems I am running tests from inside a W10 VM in vitualbox inside linux.
derjaeger said:
One update: trying to feed scatter.xml file to SP Flash Tool gets the complaint that "MT68 platform not supported on this version" (it's MT6833) but versions following 5.1924 don't have the field for scatter.xml file....
SO at the moment I am stopped at full adb shell to the device, but nothing much more.
Btw, in order to avoid problems I am running tests from inside a W10 VM in vitualbox inside linux.
Click to expand...
Click to collapse
Hi.
Have you tried the Fastboot method?
I also go astray
I am looking for a way to root and I take risky actions. Perhaps I understand it all wrong, but...
I unlocked the bootloader using MTKClient. Then I wanted to create a scatter myself using MTK Droid Tool to get boot.img from the phone. Unfortunately, MTK Droid Tool did not support (I think) memory.
Would you share the boot.img file, please? I'd like to try the Fastboot method.
Thank you.
Hello
First of all, I didn't worry about unlocking bootloader as, pressing power+vol_up buttons when phone is off, already lets you enter to a factory stock bootloader with a menu an option of which can also apply patches, so it looks kinda "ready" without the need of injecting something via fastboot (which is, btw, also an option of that menu). I don't know if that applies for you too, I have a European "EEA" latest firmware version installed.
Second, as written in my previous mail, the tool didn't operate with MT68xx devices, so it couldn't therefore extract anything.
((
I think that either an updated version of that tool comes out (but 6.x versions don't have the "scatter" file field) or we could start from that full firmware that Blackview let me download. I can transfer it to you if needed, you find the file list in my other previous mail.
At the moment the basic idea would be, I think as you might have in mind, once the boot.img file is somehow extracted, patch it with magisk, transfer it to the phone and apply it though the bootloader.
Do you agree?
Pasha
@derjaeger
Thank you for your response
I think you are completely right.
I read everything again and noticed that there are only two ROM files, not this whole list, and that there is some doubt about the scatter file and how SP Flash Tool supports it.
So the new firmware has no obvious procedure to upload it and the boot.img file must first be extracted to use Magisk.
It will be best if I wait for a proven method
I will be grateful for the ROM files, they will certainly be useful. Do you have restrictions on their distribution?
Thank you and best regards.
Saper
Yes, the MT68xx platform is likely to have introduced substantial modifications to the architecture and, therefore, the extraction methods. Is anybody reading this thread aware of new tools?
About the SW, I got no restrictions at all, pls let me know in private how you would like to receive them.
Have anybody here the Stock ROM for the Blackview BL8800 Pro?
Hi, I have it, but you gotta wait up to 25th August, as I am now on holiday.
Sorry, I forgot I had the ready link from the company: https://mega.nz/file/rDIAWJaR#TOjmxZl5LdjyVur3lwqP2wgNCm19tNoLhxXioRV8n70
Please let me know if this helps you to make some progress!
WELL DONE!! i been following this threat and failed to flash the boot.img many times as it's not supported by MTk flash tool- Droid tool SP-FLASH. Been working on this for over month now!! Finally after 9 hours of work non stop got it solved i was able to flash the patched boot.img
BE AWARE!!!! ALL YOUR FILES WILL BE DELETED ----- WARRANTY VOIDED !!
Finally
DONATIONS ARE WELCOMED FOR THE HARD WORK!! CASHAPP: $adamkey99
1-Download - Install - Extract -----> Platform Tools.Zip (ADB-Fastboot) etc,, in the ZIP file
2-rename the patched boot file TO boot.img to the same folder Platform Tools
3- Boot to Recovery & connect USB
4- Choose ENTER Fastboot
5- Choose Reboot to bootloader
6- open the folder Patform Tools and open CMD
7- Type the commend "fastboot devices" letters only!! you'll see your device pop up
8- Type the commend "fastboot flashing unlock" letters only!!
9-you'll see your phone in very small letters saying choose if you want to unlock WARRANTY VODIED
10- choose yes
11- type commend "fastboot flash boot boot.img" Letters only!
12-Type commend "fastboot reboot" Letters only!!
ALL DONE
how to Gain ROOT???
SUPRIZE ME WITH DONATIONS FOR HARD WORK!! CASHAPP: $adamkey99
1-open settings and Enable Developer options
2- Download-Install Dr Fone Root on your computer HERE'S GOOD LINK TO DOWNLOAD: https://myphoneupdate.com/download-dr-fone-root/
3- connect your device via USB and select file transfer
4- Run Dr Fone Root
5- Accept-install anything might pop up on the phone screen
your phone will reboot multiple times very normal
Congratulations!!! ALL DONE
DONATIONS ARE WELCOMED FOR THE HARD WORK!! CASHAPP: $adamkey99
Hello Adam, thanks for your replies.
I am not understanding well, in the first one you talk about a patched boot.img but there's no link to it.
In the second one you talk about using a 3rd party app, but is it safe? How do you know it does not install some unwanted stuff?
So I don't understand if you rooted your phone in the 1st or 2nd way, but how is it behaving? Any slowdowns/crashes/unwanted behaviours?
Thanks
derjaeger said:
Hello Adam, thanks for your replies.
I am not understanding well, in the first one you talk about a patched boot.img but there's no link to it.
In the second one you talk about using a 3rd party app, but is it safe? How do you know it does not install some unwanted stuff?
So I don't understand if you rooted your phone in the 1st or 2nd way, but how is it behaving? Any slowdowns/crashes/unwanted behaviours?
Click to expand...
Click to collapse
Where to get the boot.img??
1- download and extract the stock room for your device using Winrar or any zipping tools : https://mega.nz/file/rDIAWJaR#TOjmxZl5LdjyVur3lwqP2wgNCm19tNoLhxXioRV8n70
2-look inside the stock room folder you just extracted there's boot.img file
3- Copy the boot.img to your device
4- lunch magisk and patch the boot.img you just moved to your device
5- copy the patched boot.img to your pc
now go follow the steps on my first comment
-------------------------------------------------------
No issues at all