Hi, newbie poster here with a questions
I'm actually just curious as I've found enough information to root my phone and create backups. However, I like to know what I'm doing more intimately. I hope someone can give a word of explanation. This seems like the most techy forum so I decided to ask here.
1)What is it that we flash when installing a new ROM? Is it a partition on the internal flash drive?
2) Is the boot loader stored in the /boot partition?
3) Is there some kind of BIOS chip in these phones? Something has to initiate to start reading the /boot partition? Do we alter this in any way (like when flashing a computer BIOS).
A final bonus question that I would like to know is, what is changed when the boot loader is unlocked (I know the purpose and why it needs to be done). Is unlocking the boot loader simply removing the (or a) check so that unsigned stuff can be installed (like ROMs and clockwork recovery).
So in essence the boot loader is patched (= its code altered).
Thanks for taken the time to explain this to me
Jeroen
Find you phones forum, there will be sticky posts there to read up on rooting
I did For hours. I can find why a boot loader needs to be unlocked or decrypted. But not what is actually changed and why this is changed.
I can probably figure out question 1 though. But not what the boot order is, and whether hboot sits in a BIOS chip and is the same as a computer BIOS. There is little clear information on that.
IF I had to guess, I'd say hboot is stored on a chip in the phone and executes different partitions on flash. Be it Android or the recovery partition. Which one is booted, can be selected using Hboot. So it is kind of a limited BIOS. But that is just a guess and I could be very wrong.
What is it that we flash when installing a new ROM? Is it a partition on the internal flash drive?
Flashing a new ROM, either from your manufacturer or a custom ROM, and you'll flash several partitions of the internal nand flash disk. Not only boot-partition, but system, data, bootloader, radio-code etc as well.
Is the boot loader stored in the /boot partition?
No. The partition named boot contains an image composed by the root file system in the form of an initramfs plus the Linux kernel. This is the partition the boot loader initially loads and start. The boot loader itself resides on another partition, often not visible in /proc/mtd and often not in the format of proper file system neither.
Is there some kind of BIOS chip in these phones? Something has to initiate to start reading the /boot partition? Do we alter this in any way (like when flashing a computer BIOS).
To compare it with a BIOS doesn't make things clearer, since the computer BIOS today is more a bootloader than a API for low level I/O it once was. The bootloader can be compared to the BIOS boot loading function of the BIOS.
A final bonus question that I would like to know is, what is changed when the boot loader is unlocked
The locked boot loader only accept images signed with the manufacturers secret cryptographic key - everything else will be rejected. Unlocking it, and it'll accept unsigned images as well, making you free to boot and/or flash whatever you like.
Thank you Kuisma. When I omitted hboot in my Google search, I found a lot more explanatory links. hboot appears to be HTC specific.
So unlocking the boot loader is a vendor patch in fact. It is not patched by the community? Probably the option is foreseen to disable the certificate check by the vendor and then I shouldn't really call it a patch.
Something still has to start the boot loader. Is this hard coded in the CPU that the boot loader will start at location x in the NAND? I suppose that is the only way in fact. Boot loader and hardware would then be intimately connected just like with a regular BIOS.
I'd better not mess with the boot loader partition then
Jeroen1000 said:
Thank you Kuisma. When I omitted hboot in my Google search, I found a lot more explanatory links. hboot appears to be HTC specific.
So unlocking the boot loader is a vendor patch in fact. It is not patched by the community?
Something still has to start the boot loader. Is this hard coded in the CPU that the boot loader will start at location x in the NAND? I suppose that is the only way in fact. Boot loader and hardware would then be intimately connected just like with a regular BIOS.
I'd better not mess with the boot loader partition then
Click to expand...
Click to collapse
The boot loader is most likely just mapped as a part of the memory the CPU starts its execution at, more or less.
If the manufacturer allows it, you can unlock the boot loader in a official way, usually simultaneous erasing the DRM information. Then there's the unofficial way, cracking the phone unlocking it via some exploit.
I wrote a few words about the boot loader at http://whiteboard.ping.se/Android/BootLoader.
Related
Hi there
First, I know that it might be a stupid question, but I'm new to Android.
I've read about the official unlocking method HTC offers and yesterday I tried it out, worked all fine.
But what has changed? What can I do now which I couldn't before? I don't get it! Can I flash ROMs now? How?
I can only see that it now says "UNLOCKED" at the top of the bootloader. Also, I've read about Clockwork-Mod and TW and so on, so I tried to "install" Clockwork-Mod. Failed. Now it crashes when trying to open "Recovery" in bootloader.
But main question: What can I do now, with unlocked phone?
Thanks! And don't laugh about my English... I've tried my best
Install TWRP recovery, there is a sticky in the dev section. Then you can indeed flash ROMs however since you are s-on still you will have to flash a bit differently. Search the dev section for joeykrim's flash image gui. It has all the instructions you need to flash a custom rom.
A little further explaination, since you are still s-on the kernels don't flash correctly unless you flash using fastboot or joeys gui. If you don't flash this way you can end up in a bootloop or have broken wifi and 4g etc.
3VO Sent
luckyluke02 said:
Hi there
First, I know that it might be a stupid question, but I'm new to Android.
I've read about the official unlocking method HTC offers and yesterday I tried it out, worked all fine.
But what has changed? What can I do now which I couldn't before? I don't get it! Can I flash ROMs now? How?
I can only see that it now says "UNLOCKED" at the top of the bootloader. Also, I've read about Clockwork-Mod and TW and so on, so I tried to "install" Clockwork-Mod. Failed. Now it crashes when trying to open "Recovery" in bootloader.
But main question: What can I do now, with unlocked phone?
Thanks! And don't laugh about my English... I've tried my best
Click to expand...
Click to collapse
New to Android ... One of these days I should put together a guide from start to finish.
Here are a few more details in addition to the great answer already provided in the above post. A link to my applciation, Flash Image GUI, which makes loading custom kernels a little bit simplier and possible without a computer attached to the device.
There are basically three partitions we look to commonly customize on the Android device, boot, recovery and system. Of course, there are times when we customize or upgrade other partitions but they aren't as common or as required.
Boot holds the booting kernel.
Recovery holds the recovery kernel and recovery binary.
System holds the android system.
On many HTC devices, some or all of these partitions are locked by the bootloader which is essentially a very low level write protection.
The s-off revolutionary method removes write protection on all partitions.
The HTC unlock method removes write protection on some partitions and also depends on the mode the device is booted into. This is the first time HTC has made an official unlock method through their stock bootloader. Who knows if they will improve it in the future by unlocking all partitions or if they still stick to their current model.
Hope that helps a bit more background/history to the context! Good luck!
I am trying to understand some more about this tablet, so far I have learned (please correct any errors):
These were given away at Google I/O with fastboot and an unlocked bootloader.
The ones you purchase in the store do not have fastboot, and have a locked bootloader.
An unlocked bootloader will show an unlocked padlock at the bottom of the screen.
You can still root and change ROMs with a locked bootloader, but cannot repartition your device, or use NVFlash without currently-unknown keys.
Without aforementioned keys, you cannot unlock or downgrade the bootloader, even with Odin. That or none of the Odin tars have the old unlocked bootloader.
The reason I am so fixated on the bootloader, is because this tablet seems to be nearly impossible to hard brick.
APX and Odin offer 2 modes of recovery, which should always be available, unless you wipe the bootloader portion of your NAND.
I am more interested in seeing what else I can make the tablet do besides run Android. The TABUNTU project is of great interest to me, but my GT-P7510 won't let me flash via APX...
I'd like to thank you as you have just managed to educate me a little I've only had my tab a few weeks so this was some good information I hope to try out some stuff also now I've herd its possible ill be fixated also
Sent from my HTC Wildfire S A510e using Tapatalk
It seems I have gotten TABUNTU to work via some Odin trickery, by sacrificing Android completely. Just because I cannot repartition the NAND, does not mean I can't use the existing partitions for un-intended uses
linux.img -> boot.img (modified boot.img-cmdline to mmcblk0p8)
ubuntu.img -> data.img
make into odin tar, flash.
Edit: more details here if interested in flashing TABUNTU on locked bootloader
Hey guys. Need a big hand here. So I have a HTC One on contract from Three in the UK.
I rooted the phone and all that jazz and decided on putting a custom ROM on my device.
However while in TWRP I wiped the phone and seemingly all the contents on it, including TWRP.
Now I have a bricked phone that boots into recovery/ the bootloader only. I've tried flasing
RUU files on but it fails with the error code 140? I don't know much about this I'm quite a noob.
In recovery the information is as follows:
*** TAMPERED ***
*** RELOCKED ***
*** SECURITY WARNING ***
M7_UL PVT SHIP S-ON RH
HBOOT- 1.54.0000
RADIO-4A. 17. 3250. 14
OpenDSP-v31.120.274.0617
OS-2.24.401.0
eMMC-boot 2048MB
Please help me. I've read through wonderful guides by other patrons on this website but nothing seems to work.
I'm at my wits end.
Thank you in advance for any help.
I know very little about this, but just to brainstorm (and confirm a few basic facts):
When you rooted originally, did you use HTC's bootloader unlocker or a different method to unlock the bootloader?
How are you flashing ROMS? Are you doing everything through the phone (example, using one-touch-root apps) or are you using the Android Debug Bridge?
The bootloader typically comes with options to reboot, boot into recovery, factory reset, etc. Can you confirm that these options have disappeared (or never existed in the first place)?
My knee-jerk reaction is that you didn't use an HTC bootloader unlocker and, therefore, the HTC GUU detects a bootloader mismatch and aborts. Therefore, you need to see if there's a way to flash a stock HTC bootloader (which, I can tell you from experience, is usually a one-way-trip to super-bricking) or see if the bootloader you already have installed can be unlocked through the ADB.
In my very limited experience and understanding of Android, it's generally pretty difficult to wipe the recovery partition from within the phone - one generally as to flash it from ADB or screw with the bootloader in some way to wipe it. I wonder, therefore, whether the recovery partition is just fine but maybe the bootloader is throwing a fit because it's not the HTC default.
I'm sure you've tried or thought of all of this, but since nobody else is stepping up, I thought I'd help brainstorm a bit and keep the thread fresh.
Borden Rhodes said:
I know very little about this, but just to brainstorm (and confirm a few basic facts):
When you rooted originally, did you use HTC's bootloader unlocker or a different method to unlock the bootloader?
How are you flashing ROMS? Are you doing everything through the phone (example, using one-touch-root apps) or are you using the Android Debug Bridge?
The bootloader typically comes with options to reboot, boot into recovery, factory reset, etc. Can you confirm that these options have disappeared (or never existed in the first place)?
My knee-jerk reaction is that you didn't use an HTC bootloader unlocker and, therefore, the HTC GUU detects a bootloader mismatch and aborts. Therefore, you need to see if there's a way to flash a stock HTC bootloader (which, I can tell you from experience, is usually a one-way-trip to super-bricking) or see if the bootloader you already have installed can be unlocked through the ADB.
In my very limited experience and understanding of Android, it's generally pretty difficult to wipe the recovery partition from within the phone - one generally as to flash it from ADB or screw with the bootloader in some way to wipe it. I wonder, therefore, whether the recovery partition is just fine but maybe the bootloader is throwing a fit because it's not the HTC default.
I'm sure you've tried or thought of all of this, but since nobody else is stepping up, I thought I'd help brainstorm a bit and keep the thread fresh.
Click to expand...
Click to collapse
I unlocked the bootloader originally by getting a specific code from HTC and using it through the command prompt I think. I can go into the bootloader and it has all the fastboot, recovery, factory reset business there. Trying factory reset does nothing. I've downloaded HTC toolkit 2.2 and I tried initially pushing ROMS to flash to TWRP, but it would never detect my phone. Then I stupidly did a full wipe through TWRP and now that's disappeared. All that's left is the bootloader now. I've tried forcing RUU updates through the HTC toolkit but it always fails. So does running the normal RUU process. I can't seem to find the correct one for Three UK. The most I've been able to do is re-lock the bootloader and I'm running out of ideas. Thank you for your reply. I feel so helpless!.
If I've read your message correctly, you are doing everything through the HTC toolkit and not through the Android SDK. Frankly, I don't know how the former works. Especially if the HTC Toolkit isn't detecting your phone, you may want to run over to http://developer.android.com/sdk/ and fetch the SDK for your system and set it up. You don't need the ADT Bundle, just the SDK Tools link at the bottom. This may make it easier for other, more knowledgeable people debug your phone, since they all use the SDK. The weaponry you'll be using is all in the <sdk install location>/tools directory, so get a command prompt window pointed there (by the by, are you using Windows, Mac or Linux?)
If you already have your SDK up, or once you do, you'll want to get familiar with the fastboot command, described in this post: forum.xda-developers.com/showthread.php?t=2277112 . What we want to do is see whether we can flash a new recovery ROM.
As long as you don't attempt to flash over the bootloader, you shouldn't super-brick your phone. Based on the message in your original post, your bootloader may have relocked itself. If your first attempt at installing a new recovery ROM doesn't work, then you'll have to use the procedure you used originally to unlock your bootloader. If you've forgotten how to do that, then these instructions (which assume you're using the SDK) should help: http://wiki.cyanogenmod.org/w/Install_CM_for_m7.
You're currently using TWRP, which I've personally found buggy. Until you have a functioning phone again, you may want to use ClockworkMod (CWM) Recovery instead: http://www.clockworkmod.com/rommanager. It has fewer features, but at least they work properly. If flashing ROMs over fastboot is new to you, there are plenty of guides on the Interwebs to help you. I'll also try to walk you through it if you let me know where you're getting stuck. The critical thing, considering that there are many types of HTC One, is to make sure that you flash the ROM that exactly matches your phone. If you flash the wrong ROM, you probably won't break your phone any more than it is, but let's try not to test that theory. If you're not positive which phone you have, say so and we'll help you find out.
Let us know once you have CWM on your phone or where you got stuck. The advantage of using the SDK, too, is that you can copy and paste the output right back to the forum.
I hope I understood everything correctly. Let me know if I haven't.
I'm finding a very unusual lack of info about those backup bootloaders, considering that flashing over the primary bootloader partition is one of the most usual reasons for people to brick, and the secondary bootloader can be used in some of those devices to just fix the phone in seconds..
On N4, the secondary bootloader only works with Qualcomm fast-download mode, but in the N5 the secondary bootloader is a fully-functional bootloader for fastboot that stays on the original bootloader version that came from the phone (in my case h10x), which literally makes you able to just zero the aboot sbl partitions and boot into the secondary bootloader and just flash a new bootloader and fix the stuff in matter of seconds.
I am not sure if on the newer Nexus there are also backup bootloaders (on N9 there are, don't know if fully functional for fastboot or no), but if there are and they're fastboot-functional, they're a HUGE deal.
Why there's like no info about this anywhere on XDA? Even trying to make a search here or over google for backup bootloaders brings veery small info about this, just isolated cases
I don't know if this belongs to a more technical forum or not
Really.. noone?
Is this a dead forum or wrong forum for this?
I had did a wrong boot.img flash and now fastboot is gone. I just want to verify that fastboot was actually located somewhere inside the boot.img.
Side notes..... I have a phone now that doesnt power on cuz the preloader is cooked by flashing that boot.img. If you try to charge the phone ,the battery charging icon does not show so that means I hard bricked phone.
lextacy said:
I had did a wrong boot.img flash and now fastboot is gone. I just want to verify that fastboot was actually located somewhere inside the boot.img.
Side notes..... I have a phone now that doesnt power on cuz the preloader is cooked by flashing that boot.img. If you try to charge the phone ,the battery charging icon does not show so that means I hard bricked phone.
Click to expand...
Click to collapse
Fastboot doesn't actually reside on the phone it is a communication protocol used to flash the specific partitions of the phones layout. Specifically fastboot itself is just a binary (.bin on OS X and Linux and .exe on windows) used to communicate with the fastboot protocol. Correct me if I'm wrong but what I'm guessing what you did is you meant to flash a boot.img to the boot partition and instead you flashed that to the bootloader/preloader partition erasing the bootloader. There is a flag when the bootloader is complied that allows the bootloader to have support for fastboot. Your best bet is to to try and find a factory image for your phone to try and re-flash the stock bootloader through fastboot. A second option is find a friend who has the same phone model as you and that is rooted, then dump there bootloader using terminal emulator or a similar app, transfer it to your computer and then flash it using fastboot. If you have any more questions or just want some more clarification on what I said feel free to ask more then happy to help !
shimp208 said:
Fastboot doesn't actually reside on the phone it is a communication protocol used to flash the specific partitions of the phones layout. Specifically fastboot itself is just a binary (.bin on OS X and Linux and .exe on windows) used to communicate with the fastboot protocol. Correct me if I'm wrong but what I'm guessing what you did is you meant to flash a boot.img to the boot partition and instead you flashed that to the bootloader/preloader partition erasing the bootloader. There is a flag when the bootloader is complied that allows the bootloader to have support for fastboot. Your best bet is to to try and find a factory image for your phone to try and re-flash the stock bootloader through fastboot. A second option is find a friend who has the same phone model as you and that is rooted, then dump there bootloader using terminal emulator or a similar app, transfer it to your computer and then flash it using fastboot. If you have any more questions or just want some more clarification on what I said feel free to ask more then happy to help !
Click to expand...
Click to collapse
Good info here , I did not know that fastboot was outside the android environments. The command I ran was "fastboot flash boot boot.img" if that makes sence. This was on a chinese smartphone that has a chinese only text bootloader. So no other friends will have this phone where I can grab an image from. I ordered a new phone (surprise , surprise right? ) haha , BUT I would still like to get this brick working for learning purposes and root practice.
lextacy said:
Good info here , I did not know that fastboot was outside the android environments. The command I ran was "fastboot flash boot boot.img" if that makes sence. This was on a chinese smartphone that has a chinese only text bootloader. So no other friends will have this phone where I can grab an image from. I ordered a new phone (surprise , surprise right? ) haha , BUT I would still like to get this brick working for learning purposes and root practice.
Click to expand...
Click to collapse
Glad I could help you out ! It must be a bad boot image then that you flashed, but that shouldn't prevent you from accessing the bootloader. When you get your new phone and root it you should be able to pull that stock boot image and then get your old phone working again. As always any questions let me know !
So fastboot doesn't reside in the phone?
I understand that it's a protocol, but how does the phone know to act like a server for the PC fastboot client?
Where does the phone load the protocol rules from?
Can fastboot mode run even without any partition on the phone?
If so the phone would be virtually unbrickable.
I'm just trying to understand.
JackSlaterIV said:
So fastboot doesn't reside in the phone?
I understand that it's a protocol, but how does the phone know to act like a server for the PC fastboot client?
Where does the phone load the protocol rules from?
Can fastboot mode run even without any partition on the phone?
If so the phone would be virtually unbrickable.
I'm just trying to understand.
Click to expand...
Click to collapse
Perhaps the best way to understand how fastboot works is to take a look at it's source code found here https://android.googlesource.com/platform/system/core/+/master/fastboot/fastboot_protocol.txt and the general fastboot code here https://android.googlesource.com/platform/system/core/+/master/fastboot. Let me know if you still have questions.
shimp208 said:
Perhaps the best way to understand how fastboot works is to take a look at it's source code found here https://android.googlesource.com/platform/system/core/+/master/fastboot/fastboot_protocol.txt and the general fastboot code here https://android.googlesource.com/platform/system/core/+/master/fastboot. Let me know if you still have questions.
Click to expand...
Click to collapse
Thanks, I saw but there is no answer there.