Better Mobile App

Upgrade to 1.60, but extended_ROM won't let me edit anything

I'm new to this. Now what? I was trying to remove the TMDNL.Customizations.sa.CAB file like Akira did, but the thing won't let me cut or delete it. Neither will it allow me to edit config.txt, it just says make sure that the program isn't in use or write-protected - WTF?! It wasn't saying that before the update. Any suggestions? I'm using scarybears extended_ROM viewer btw. Is there any program that allows me to edit the registry? Thanks in advace.

get a reg editor like regedit.Mrln_ARM.cab
If you delete the value "MountFlags" (dword:00000001 == 'hidden filesystem') from the key [HKEY_LOCAL_MACHINE\System\StorageManager\Profiles\TRUEFFS_DOC], this 16MByte disk gets mounted as '\Extended_ROM'.
then when connected to active sync
you can delete the files
you can edit the config.txt and just remove the line in case you want the cab file not to be deleted

Exactly where do I get that editor?

I've done that, deleted mount flags and all, and it STILL won't let me edit!

where is this protected rom area?

delete the files from your pc
not through you pda
link to active sync
and cut the files
and past them in a folder on your pc

It's useless for me~
I think the extended rom lock is being applied like the sim lock.
Upgrade OS rom or extended rom will do nothing on the lock.
I only can mount the ms_.nbf in linux, modify the file, and flash it back to the xda2

akira said:
delete the files from your pc
not through you pda
link to active sync
and cut the files
and past them in a folder on your pc
Click to expand...
Click to collapse
Tried that too. Won't work as well mate.

killercheung said:
It's useless for me~
I think the extended rom lock is being applied like the sim lock.
Upgrade OS rom or extended rom will nothing on the lock.
For this case , we only can mount the ms_.nbf in linux, edit the file, and flash it back to the xda2 to modify it
Click to expand...
Click to collapse
How do you do this exactly? I read what you and the other guy talked about in the other thread, but it wasn't too clear for me (I'm not a programmer y'know)
Care to explain it to me more thoroughly? Such as what software do I need? and what steps to take? I'm new to this stuff. It seems like only you and I have this problem y'know...and it sucks.

King said:
Exactly where do I get that editor?
Click to expand...
Click to collapse
Hello
you can download it from this site http://www.phm.lu/Products/PocketPC/RegEdit/
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
regards.
Othman

my guess is that this is how it is protected:
( from http://www.m-sys.com/ )
3.3 FL_IOCTL_WRITE_PROTECT ( == 3002 )
This function enables key-controlled write protection (software protection) for
DiskOnChip. Once DiskOnChip is protected by the key, it remains in read-only
mode. Removing a key can be done by an authorized user who knows the current
key.
The key consists of 8 bytes (64 bits), each of which may be any 8-bit code
character (264 combinations). The key is stored on the flash disk in a manner
that is both scrambled and hidden. That is, the key is encrypted, and it is not
possible to read the flash disk to see the encrypted key. If the key is lost or
forgotten by the authorized user, the flash disk can be restored to read/write
mode by downloading all data from it, reformatting it, and uploading the saved
data. A new key can then be enforced.
The same procedure can also be performed by unauthorized users. In this case
however, the authorized user is able to determine that the key was removed or
changed.
A key-protected DiskOnChip is available to an unauthorized user in read-only
mode. All data may be read, but not written or modified. An authorized user can
write to the flash disk by temporarily disabling the write-protection (unlock)
or permanently removing it (unprotect), depending on the parameters involved.
If the protection is temporarily removed, dismounting DiskOnChip and/or
performing a system reset cause DiskOnChip to revert to read-only mode.
DiskOnChip units are not key-protected by default when shipped by M-Systems.
Note: This protection is not as reliable as the hardware protection supported
by DiskOnChip Millennium Plus and Mobile DiskOnChip.
Input Record
typedef struct {
unsigned char type; /* Type of operation: FL_PROTECT / FL_UNPROTECT / FL_UNLOCK */
long password[2]; /* 8 bytes Key */
} flWriteProtectInput
#define FL_PROTECT 0 - Make the DiskOnChip write-protected.
#define FL_UNPROTECT 1 - Permanently remove the write-protection.
#define FL_UNLOCK 2 - Temporarily remove the write-protection.
Output Record
typedef struct {
FLStatus status;
} flOutputStatusRecord;

hmm, my 1.60 is not write protected.
can anyone with a writeprotected rom_extended dump the first 96k of
the extended rom, and mail with attachment to the forum?
instructions:
*download tool: xda2dmp
* then boot the xda-ii in bootloader mode ( hold power + navigator button while resetting ) , you should see 'serial' on the display.
WARNING: you will lose all data on your device
* then put back the device in the cradle ( now you see 'usb' on the display )
* disable USB connections in the connection settings of activesync
* then run
Code:
xda2dmp -u 0x70000000 0x18000 xtdrom.bin
* if you zip the xtdrom.bin it will be really small no problem to attach it to a posting to this forum

XDA developer Itsme said:
hmm, my 1.60 is not write protected.
can anyone with a writeprotected rom_extended dump the first 96k of
the extended rom, and mail with attachment to the forum?
instructions:
*download tool: xda2dmp
* then boot the xda-ii in bootloader mode ( hold power + navigator button while resetting ) , you should see 'serial' on the display.
WARNING: you will lose all data on your device
* then put back the device in the cradle ( now you see 'usb' on the display )
* disable USB connections in the connection settings of activesync
* then run
Code:
xda2dmp -u 0x70000000 0x18000 xtdrom.bin
* if you zip the xtdrom.bin it will be really small no problem to attach it to a posting to this forum
Click to expand...
Click to collapse
Errr...what's this supposed to do?

figure out where the protection is stored in the extended rom.
I suspect it to be somewhere in the memory range 0x70000000-0x70018000

Damn...is that the only way? Can't I edit the upgraded ROM's executable file then upload it to my PDA again? I can't put it on bootloader mode without removing it from the cradle you see - I don't have the USB connection cable (without the cradle) thing. I'll still have to purchase one in order to put it on bootloader mode if that's the case.

it does not matter if you remove it from the cradle in order to put it in bootloader mode, just put it back afterwards.
the xda2dmp tool can read roms through either usb, or serial port, but I only wrote the usb instructions since I expect more people to have a usb cradle, than a serial cable.
this is the only way I know of to read the hidden part of the chip that the extended rom is on.

Alright. BTW, many thanks for taking the time to help out a newbie
Oh,and there are two dmp files I can download...the cpp one, and the compiled version...which one should I use?

King
u need a compiled version of the file. cpp is source code which u will need to compile before running.
to answer ur other question. u can create a file on ur linux box and flash it to the phone. what xda developers are trying to do is to crack the key to be able to write to the card and skip the flashing step.
alex

XDA developer Itsme said:
hmm, my 1.60 is not write protected.
can anyone with a writeprotected rom_extended dump the first 96k of
the extended rom, and mail with attachment to the forum?
instructions:
*download tool: xda2dmp
* then boot the xda-ii in bootloader mode ( hold power + navigator button while resetting ) , you should see 'serial' on the display.
WARNING: you will lose all data on your device
* then put back the device in the cradle ( now you see 'usb' on the display )
* disable USB connections in the connection settings of activesync
* then run
Code:
xda2dmp -u 0x70000000 0x18000 xtdrom.bin
* if you zip the xtdrom.bin it will be really small no problem to attach it to a posting to this forum
Click to expand...
Click to collapse

thanks.
hmmm, that looks almost like it is in my rom.
and on my xda the extended rom is not write protected.
are you sure your rom is write protected?
if you unhide the extended rom, can you modify /add/remove files from
the folder \Extended_ROM ?
----------------------
my rom:
00008000 "17A3339203052"
00008020 "OK"
00008400 "HT339D326916"
00008420 " Himalayas DIAG V1.01s "
00008440 "OK "
00008460 c2 70 00 00
000084a0 80 70 00 00
your rom:
00008000 "17A4345100264"
00008020 "OK"
00008400 "HT345D312949"
00008420 " Himalayas DIAG V1.03sb3"
00008440 "OK "
00008460 70 38 00 00
000084a0 40 38 00 00
---------------------
I expect to find the hash of the password somewhere, none of these values look like one.

[02 May] [BETA] Slackware-CURRENT on HTC HD2 v0.1b [kernel: htc-msm-2.6.32-9-38181]

This is the ARMEDSlack(Slackware) on the HTC HD2, hope you will enjoy it
Features
USBHost mode to connect USB stuff
Tv-out using DisplayLink -> Conifrmed working.
3G
Wifi
Internal bluetooth-NEED TESTERS.
KDE Desktop
Oxygen Theme
ARMEDSlackware current, 01May(updating to 21Jan11)
With games, graphics, internet(only included konq, please download Firefox manually), multimedia, office(not OpenOffice, but can load *.ppt, *.xls, etc) applications
KvKbd on-screen keyboard, can docking
NTFS Support
Original version of slackware(ARMEDSlack), did not do much customization
Installation
Decompress the archive, you will get a folder named "slackware", copy that folder to the ROOT of your sdcard.
Switch on the phone, navigate to that folder using the file browser, run "CLRCAD.exe" first, then run "haret-pre-0.5.3-20100629_092009-QSD8250-ONLY.exe"
Default kernel is USBHOST, if you want to use alternative kernel, open the "startup.txt", comment out (by removing out "#") the kernel you want and comment the kernel you don't want.
You can now customize the system path, to do this, create a file called "slackware_path.txt" under the ROOT of your SD card, and put the slackware path as the content of that file, for example:
"slackware_path.txt":
Code:
/slackwarelinux
Download links
HaRET version:
https://rapidshare.com/files/3940000627/slackware-htchd2-20120501-v0.1b.7z
http://depositfiles.com/files/ll1ebek1a
https://www.dropbox.com/sh/ann8ydcimxhze98/Hoq5GBn9S7
File name: slackware-htchd2-20120501-v0.1b.7z
File size: 1,543,627,926 bytes
File MD5: 0D77967FF95693CEB710341B7A084603
Click to expand...
Click to collapse
Note
- Phone may rang if someone calling to your phone, but phone application may crash after the phone rang, so please DISABLE PHONE RINGING
- ROOTFS will be 4000MB(NOT 4096MB), due to limit of FAT file system!
- You can use slackpkg to install stuff, just type "slackpkg install packagename" in the terminal.
- You are suggested that to take care all of the dependencies problem FIRST, slackware(slackpkg/installpkg) WILL NOT take care it for you.
- The passwords of users:
root: password Yep, "password" is the password
slackware: Yep, it's blank
- In default, user "slackware" can use sudo without password
Something about the next release
- Next version will be sound enabled(media and in-call sound), solution have been found, but i will not release the driver in THIS RELEASE!
- Next version may have a newer kernel, which works with both MAGLDR and HaRET, I will not release this kernel first because USBHOST is not working
Special Thanks
glocklee - HaRET tester, Provided some ideas to me
Robbie P - HaRET tester, Final tester
pantizol - HaRET tester, Final tester, TV OUT tester
nikola360 - Final tester

Update:
Known issues:
No GPS/Camera
Bluetooth is a bit buggy(BT can't transmit sound)
No systemsettings on system items
No widget adding
No sound on phonon, but mplayer.
No hardware button
No multitouch
Code:
Changelog:
2012-05-01: Beta release

Screenshots
#2011-07-21
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
#2011-08-03
---------------------------------------
#04(below) are NOT OWNED BY ME

Reserved #03

sarp_pasha said:
Reserved #03
Click to expand...
Click to collapse
Why you reserved #03?

So if it Will boot from magldr only touchscreen doesn't work but USB Host works?
-------------------------------------
Sent via the XDA Tapatalk App

nikola360 said:
So if it Will boot from magldr only touchscreen doesn't work but USB Host works?
-------------------------------------
Sent via the XDA Tapatalk App
Click to expand...
Click to collapse
Yes! But you need change your kenel first,
if the kernel compile still fail, i will use HTC HD2 Ubuntu v0.3's kernel

Best of luck with this
As nicola360 implies, touchscreen may not matter if usb hosting works, since we can use keyboard and mouse.
And if we can boot via magldr, then WP7, android and ubuntu tri-booting becomes a workable reality.

I can't wait to have a magldr bootable version of linux! Will the sound (call) and texting work?
Maybe it's a stupid question at this time of the developement of this version...

hopkinskong said:
Why you reserved #03?
Click to expand...
Click to collapse

Good work guys it will be a plesure to have a beeter replacment for desktop linux on ours hd'2 since no news about ubuntu v0.4 realese. Keep it goin.
Sent from my HTC Desire HD 2 using XDA App

Great news..thank you..

arkatis said:
Click to expand...
Click to collapse
Please see post #4 (or i called #03 cuz i reserved #02), #4(3) are NOT owned by me, its another user reserve that, what point is it?

hopkinskong said:
Please see post #4 (or i called #03 cuz i reserved #02), #4(3) are NOT owned by me, its another user reserve that, what point is it?
Click to expand...
Click to collapse
I think he did it for fun.
Reading through his previous posts I don't see anything malicious about it.
I suppose when you started a thread with 3 reserving posts in it, he just created another one.
Have you PM'd him to remove it?

Robbie P said:
I think he did it for fun.
Reading through his previous posts I don't see anything malicious about it.
I suppose when you started a thread with 3 reserving posts in it, he just created another one.
Have you PM'd him to remove it?
Click to expand...
Click to collapse
No, just leave him...
btw, uploading screenshot

Screenshots uploaded, total 10 pic

Keep up THIS!

the pictures are taken from HD2 MAGLDR, HaRET or Emulator (QEMU)?

nikola360 said:
the pictures are taken from HD2 MAGLDR, HaRET or Emulator (QEMU)?
Click to expand...
Click to collapse
non-of above
Its KSnapshot, just press printsysrq on my usb keyboard

ah...... do you think that it should support this when you finish to build it?
HUB USB (4 ports)--------MicroUSB-----HD2
/\
/ \
/ 3 free USB ports------Mouse-keyboard
/
1 USB p. for second HUB (4 ports)
|
|
/ \
/ \
/ Ethernet Adapter
/
3 free ports for internal memory (like pendrive)-VGA Port Adapter (in future).......other ideas

[APP][Xposed] XMultiWindow 1.6.0-- Like Omni's Splite View[UPDATE140213]

Here is a Xposed module, which port omni's splite view to other ROM.
Features:
*Support splite view and work with two workspace.
*Switch app into splite view in any situations.
*Could switch landscape and portrait.
*Support use SideBar to use.
*Sidebar Settings.
Note:
*Now,two workspace is perfect.
*MIUI user plaes allow floating window.
How to use(please install xposed before):
*FIRST,click the preference item to open the SideBar.
*THEN,you can slide from left to right and open SideBar window.
*AT LAST,you just set the SideBar window position and enjoy splite view.
Test:
*MIUI work fine.
*stock rom work fine.
Thanks to:
*@zst123(I based on his halo float window)
Change Log:
BETA-1.0.0:
*base usage.
*floting window control.
BETA-1.0.1:
*update display.
*support instruction.
BETA-1.0.2:
*fix landscape and portrait.
1.1.0
*fix sub activity'problem,close to perfect(all thanks to zst123)
*fix other devices' resolution.
*fix conflict with xhalo and omni and halo and samsung.(i change the flags that diffrent other).
1.5.0
*NEW:add SideBar and earily to use.
*clean code
1.6.0:
*NEW:Sidebar update and add Sidebar Settings
*code clean.
BUG List:
*some app not work(like fuubo and at present one)
**if exist two app,and one of them couldn't touch item.
Download page:
http://repo.xposed.info/module/com.lovewuchin.xposed.xmultiwindow
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
File:
1.6.0:
View attachment XMultiWindow.apk

No download link ? No picture preview ?
Sent from Bandung

Vuska said:
No download link ? No picture preview ?
Sent from Bandung
Click to expand...
Click to collapse
I am newer and uploading now

Take your time my friend cuz this is something we wait for it for ever.
Thank u so much

MR.Samo said:
Take your time my friend cuz this is something we wait for it for ever.
Thank u so much
Click to expand...
Click to collapse
but it also has some bugs and i coudn't solve it,i really hope some one can help me

Great work dev! Haha. I knew someone will create this!
I think you should say that this uses the same 0x2000 flag as Halo and will conflict with ROMs with halo.
Request to use 0x1000 (so it will not conflict and we will have best of both).

Can you upload your file here? The browser can't parse the address posted man.
Edit: already downloaded from repo now. Gonna try it later. Thanks OP.

happiness4u said:
Can you upload your file here? The browser can't parse the address posted man.
Edit: already downloaded from repo now. Gonna try it later. Thanks OP.
Click to expand...
Click to collapse
as you can see,i am a new and i could write links.
and i'll uplode file immediately.

zst123 said:
Great work dev! Haha. I knew someone will create this!
I think you should say that this uses the same 0x2000 flag as Halo and will conflict with ROMs with halo.
Request to use 0x1000 (so it will not conflict and we will have best of both).
Click to expand...
Click to collapse
i think i use a not good way to solve this problem because i use two flag with two view,and the two position will conflict,and the most problem is that the subactivity couldn't add to the pointing view,could you help me?

LovewuChin said:
i think i use a not good way to solve this problem because i use two flag with two view,and the two position will conflict,and the most problem is that the subactivity couldn't add to the pointing view,could you help me?
Click to expand...
Click to collapse
In your ActivityRecord class hook, you can use these to check. Then use taskAffinity (I refer to my source code)
Code:
boolean top_window = (i.getFlags() & 0x2000) == 0x2000;
boolean bottom_window = (i.getFlags() & 0x1000) == 0x1000;
....
....
if ( (top_window || bottom_window) && taskAffinity ) {
Field intentField = param.thisObject.getClass().getDeclaredField("intent");
intentField.setAccessible(true);
Intent newer = (Intent) intentField.get(param.thisObject);
if (top_window) {
newer.addFlags(0x2000);
}
if (bottom_window) {
newer.addFlags(0x1000);
}
intentField.set(param.thisObject, newer);
floatingWindow = true;
}
You can try this and see if it works.
(On a side note, do you speak chinese?)

zst123 said:
In your ActivityRecord class hook, you can use these to check. Then use taskAffinity (I refer to my source code)
Code:
boolean top_window = (i.getFlags() & 0x2000) == 0x2000;
boolean bottom_window = (i.getFlags() & 0x1000) == 0x1000;
....
....
if ( (top_window || bottom_window) && taskAffinity ) {
Field intentField = param.thisObject.getClass().getDeclaredField("intent");
intentField.setAccessible(true);
Intent newer = (Intent) intentField.get(param.thisObject);
if (top_window) {
newer.addFlags(0x2000);
}
if (bottom_window) {
newer.addFlags(0x1000);
}
intentField.set(param.thisObject, newer);
floatingWindow = true;
}
You can try this and see if it works.
(On a side note, do you speak chinese?)
Click to expand...
Click to collapse
yes,i speak chinese! and thank you for sloving my problem!

How can i close the floating blue circle?

Great idea but I think it need some work... Apps show above other apps... Alot of space under the down workspace and the navbar bar... And after that whatever app I open normally it shows on above workspace
Sent from my Nexus 5 using XDA Premium 4 mobile app

Simply amazing. Keep up dev:good:

very good, working perfectly on my galaxy s4-I9505 with android 4.3 stock

Well dev..does it conflict with xhalo floating window module?
Sent from my Micromax A110Q using XDA Premium 4 mobile app

great module, works good. Got a reboot while trying it but I can understand its just an initial release.

wow wow wow wow wow!!! thankssssss

Tried it in Tab 2 with 4.2.2 Stock and Touchwiz. App got confused and opened the launcher in half the screen and now everything is a mess Also it doesn't close all windows to restore everything when the option is chosen so I had to reboot Great work. Can't wait for the bugs to get ironed out
After touchwiz crashed and with the main homescreen loaded, I managed to open feedly and youtube together with no problem.

Good work. Please don't give up, all people want this !!!

problem with Wiko Sunset after flashing kernel

Hi,
I am a new user and I have a problem flashing kernel to my phone;I have a Wiko Sunset Phone:
Hardware : MT6572
Model : SUNSET
Build number : ALPS.KK1.MP6.V1
Build date UTC : 20150316-123627
Android v : 4.4.2
Baseband v: MOLY.WR8.W1315.MD.WG.MP.V36, 2014/03/29 17:48
Kernel v : 3.4.67 ([email protected]) (gcc version 4.7 (GCC) ) #1 SMP Mon Mar 16 20:33:28 CST 2015
I have recompiled kernel present in package SUNSET_OpenSource56465.zip with the command: ./mk wiko n k;the kernel is compiled without error but when I flash it, the phone display a white screen and then reboot continuously;I'm using as ramdisk that present in stock firmware
Any idea?
Thank you

Hello Biasi,
Your kernel work with little modification :
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Let me 10 min to go home, i will explain you what i do.
Bye
PS : it's not very good to build as root but it's not the problem

Biasi,
I found a bug in MTKIMG, i try to repack your kernel and the Sunset reboot continously, so i try to repack my own compiler kernel "kernel_wiko.bin" and Arg...:crying: Sunset reboot continously too.... But i run my own kernel for a while so i'm very confused !
So I remove the MTK header of my kernel and YipHa, Sunset boot is OK , i do the same with your kernel, and hurray, Suset boot OK too !
Here is the detailled procedure :
I dump my ROM with SPFlashTools
I unpack my original boot.img with MTKIMG
Code:
./mtkimg.exe unpack myboot.img
I copy/paste your kernel "kernel_wiko.bin" in to the directory
I remove the first 512 bytes (MTK header)
I repack the boot.img with MTKIMG
Code:
./mtkimg.exe repack boot.img -k kernel_wiko.bin
I reflash only the boot partition with the new boot.img
The Sunset boot well, enjoy !
This mean MTKIMG not handle well a kernel that already got MTK header but handle well a "Linux ARM zImage".
Thanks to point me this problem, i will investigate and correct the MTKIMG immediately.
Could you try to repack your kernel with the zImage directly not the kernel_wiko.bin (zImage is in you OBJ directory of your kernel build tree i dont remember the exact directory name) and let me know if this work.
Hop this help

I have repacked my kernel following your instructions and then flashed it with SP Flash Tool but the phone continue to reboot;can you attach your boot.img with my kernel? so I try it on my phone

Ok i will do now

Here you can find :
Your kernel without MTK header
View attachment biasi_kernel_without_header.zip
Working boot.img packed with your kernel
View attachment biasi_kernel_boot_img.zip
Hop this help
PS1 : Don't forget to click on Thanks button on my post(s)
PS: What mean "mao1" ?

I flashed it but phone continue to reboot with a white screen,very strange.
I'm using SPFlashTool 5.1516 to flash the boot.img
mao1 is a short name of invention that I have assigned to my development server

I use SPFlashTool v5.1516 too.
Did you flash only the BOOTIMG partition or the wall ROM ?
What is the version of your actual ROM ? (Wiko parameters version sucks, enter to phone : *#563412*# to get right version).
My Sunset come with V11 (4.4.2) after i download the offical ROM on Wikomobile site and flash it, i'm now on V17 (4.4.2).
I see uboot difference, preloader, etc... Be sure the rest of your ROM is in V17 accordly to your kernel build

I forgot to update firmware to new version, I did not know that it was necessary for kernel flash thanks a lot and sorry if I wasted your time
now I'm downloading the update and I'll tell you something as soon as I finished

No problem for time, you help me to find a bug in MTKIMG
And dont forget to dump your original ROM (SPFlashTool do it well)
Exemple of the "version suck" on Wiko, this is the same Sunset without modification :
From parameters :
From *#563412*# call
PS: In my country MAO mean "Music assisted by computer" so i think you are a music composer

Ok,
I correct the bug on MTKIMG, now you can repack a kernel and ramdisk with or without MTK header.
Could your try the MTKIMG V0.42 and tell me in the official thread (http://forum.xda-developers.com/android/development/tools-unpack-repack-boot-img-utility-t3154621) if all work correctly now ?
Thanks in advance

I had the version 15 before the update
now I have update to 17 and I have flashed kernel but continue to reboot with white image :crying:

Did you try the "biasi_kernel_boot_img.zip" from previous post ?
Did you do a wipe cache and wipe data ?
Could you post the scatter file you use ?

I tried to flash "biasi_kernel_boot_img.zip" and to do wipe cache and wipe data but with no success

Your scatter file is strictly identical of my scatter file.
I repack your kernel_wiko.bin with MTKIMG 0.42 and it work well !
Try this :
1 - Reflash the whole official ROM partition V17
2 - Be sure Sunset boot OK
3 - Load the scatter into SpFlashTool
4 - Uncheck ALL except BOOTIMG partition
5 - UNZIP biasi_kernel_boot_img.zip
6 - Click on the file at right of BOOTIMG, offset, etc... and be sure biasi_kernel_boot.img is selected
7 - Click on download
8 - Plug our cable
9 - Wait for transfet
10 - unplug the cable
11 - Check if it's boot
I will do exactly the same procedure now and i tell you the result
---------- Post added at 03:14 ---------- Previous post was at 03:04 ----------
Whole official ROM flashed : Kernel version 3.4.67 [email protected] #1 Wed Apr 22 14:44:08 CST 2015
I will flash the biasi_kernel_boot.img only and let you known...

All is OK !
Sunset boot OK !
I'm going to sleep, it's 3n28 in my country, i'm tired and have no more idea for instance.
Try to unpack your working boot.img and repack it with MTKIMG 0.42, if the boot is ok, replace with your kernel_wiko.bin and repack. This ensure you there is no ID verification/collision or something like that... (Be sure you use V0.42)

I have done the same procedure with no success;now I go to sleep and tomorrow I will continue to debug the problem
thanks for your help

Ok, i will take a look here tomorrow, and i sleep on it

I have formatted the whole flash and then I have flashed the preload.bin,lk.bin and boot.img but the phone continue to reboot
Can you attach your preload.bin (PRELOADER) and lk.bin (UBOOT)?

Hello Biasi,
Here is the uboot and preloader.
View attachment lk.zip
View attachment preloader_wiko.zip
Are you electronic hackers ? Did you have a RS232 to USB converter (3V3) ?
On Sunset, if you unmount you can find TX/RX and TX2/RX2 pin easily available.
You can plug adaptor on TX and see uboot logs in real time and what append during boot.
Courrage

Docomo Fujitsu Arrows NX F-01F root???

I know, it's kinda old model from Docomo but still there's no any info out there for rooting and unlocking. Mr. fi01 has made a bunch of tools for other models of Docomo phones but not for this one. So, I wonder if it's possible at all. Ideally, I wanted to get the root and unlock the bootloader to install my custom firmware (e.g., Cyanogen). Tried some roots by fi01, but none of them worked. And I cannot get any answer from him.
I could contribute some money for it (within reasonable limits, ofc.).

oneclickroot,this website say root is done.
root after how to unlock SIM?

o759 said:
oneclickroot,this website say root is done.
Click to expand...
Click to collapse
Really? I have tried a bunch of modern rootkits and exploits and none of them worked. But I figured out how to get root with some private exploit, based on RowHammer attack. Here's my long conversation with fi01 about rooting F-01F: https://github.com/android-rooting-tools/android_run_root_shell/issues/42
Do you have # sign in adb shell and both uid and gid = 0? If yes, then you are root for sure.
But still there is no rights to mount /system as rw because of SELinux and fjsec LSM thing. I'm trying to overcome that but it's not that easy.
Sorry, I don't know how to do SIM unlocking. My phone was already unlocked when I bought it.

There appeared some videos for rooting F-01F on older firmwares (Android 4.2.2 JellyBean, build # V32R63C).
https://www.youtube.com/watch?v=bfpBeUTShhg
https://www.youtube.com/watch?v=kAM2U1hkqng
https://www.youtube.com/watch?v=PvHot7Oo62Q
Sadly I had no success with that 'cause I'm on V10R22A and those rooting tools don't work.

Arrows nx f-01f is now rooted . with shouhuanguanli.apk . Indian FB group. If need more info PM me at facebook messenger "Mijery NyTontolo"
NB: need to repeat process if failed . (person : 23times, but I have root now )

Lez16 said:
Arrows nx f-01f is now rooted . with shouhuanguanli.apk . Indian FB group. If need more info PM me at facebook messenger "Mijery NyTontolo"
NB: need to repeat process if failed . (person : 23times, but I have root now )
Click to expand...
Click to collapse
This is Dianxinos Superuser app. But as I said earlier it's not working for KitKat firmwares (Android 4.4.2, build # V10R22A), because there's PXN enabled and no known way to disable fjsec LSM. On older builds there's no PXN, so ping pong exploit may be used (which seems to be already integrated into Dianxinos, OneClickRoot, KingRoot and others).
Well, anyway I tried to run Dianxinos apk many times. It cannot gain root:
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Please, could you tell what's your build #? (Settings -> About phone -> Build number (at the very end))

HW root
I have attempted to do hardware root but failed. :crying: It was an interesting undertaking, but almost impracticable.
For the reference I used these two wonderful articles: Hacking Hardware with a$10 SD Card Reader and eMMC Adventures, Episode 1: Building my own 64GB memory card with a $6 eMMC chip. Moving in steps through the papers, I determined that eMMC in F-01F is presented in two versions:
1. Toshiba THGBMAG8A4JBA4R, JX4135, Japan 1337KAE
TH: Toshiba NAND
G: Packaged as IC
B: Vcc (Flash power supply) = 3.3 V, VccQ (controller/interface power supply) = 1.8 or 3.3 V
M: eMMC device
A: Controller revision A
G8: 32 GB
A: ? NAND Flash
4: 4-stacked dice (4 8GB chips)
J: ?nm A-type Flash
BA: Lead-free and halogen-free
4: ? temperature grade (? to ? degrees Celsius)
R: package size = ?
2. Samsung KLMBG4GEAC-B001
Here's a photo of the PCB with eMMC revealed:
Both chips are completely interchangeable and share the same pinout. Another two chips on the picture are RAM, which is Samsung K3QF2F20DA-QGCE, 334, 1338 DUO28, GFF0539N, and the camera controller / media processor / ARM core, which is Fujitsu MBG046C E1, 1330 SLC.
Knowing that, I whittled down the eMMC chip to see the contact pads, where the balls were located. After that I traced some pins and got that image:
The power and ground pins could be seen here:
As you may see, DAT0 is quite difficult to solder to (you may need a soldering iron with a very thin tip). But the real hardcore is both CMD and CLK as they are located at the tiny resistors' ends in the very corner between eMMC and bigger resistors. For the better understanding here's a photo with those little resistors completely removed:
So it appears to be a practically impossible thing to get the wires soldered to CMD and CLK, not damaging other components. A spoon of tar is a compound, which covers some of the resistors. I doubt, the most virtuoso in the electronics could do that task (almost of the same complexity as unsoldering an eMMc and soldering it back). That's why I should stop at HW rooting. Maybe someone find those pictures useful and do some further explorations.

help !!!
please help me for root fujitsu f01j.

I'd like to report that F-01F (V10R22A) is rooted now using CVE-2017-8890 exp: https://github.com/dadreamer/CVE-2017-8890. I adapted the exp from thinkycx with some tricky ROP chain to overcome fjsec protection. The LSM and SELinux are still in place after the system restart, so it's a subject for bootloader unlocking and the system modification, but no progress is made for that yet.

dadreamer said:
I'd like to report that F-01F (V10R22A) is rooted now using CVE-2017-8890 exp: . I adapted the exp from thinkycx with some tricky ROP chain to overcome fjsec protection. The LSM and SELinux are still in place after the system restart, so it's a subject for bootloader unlocking and the system modification, but no progress is made for that yet.
Click to expand...
Click to collapse
is any more progress yet for now?

fiefie7 said:
is any more progress yet for now?
Click to expand...
Click to collapse
If you mean the bootloader unlocking, then no more work will be done for that. One of my devices is almost dying due to the bad battery and the second is SIM-locked and software bricked. Therefore I'm not going to spend my resources for these obsolete phones anymore.

well, that's too bad...