Related
When I saw that CWM 6 was available for our Flyer, I jumped to install it without waiting to see results of other users (stupid move, I know). Using DoomLord's touch recovery, I installed and rebooted. Seeing as I had nothing new to flash, I didn't boot back into recovery. Today, I decided I wanted to try out IOIDroid's newest work, and rebooted into recovery to prep for install.
CWM 6 was gorgeous! Only one problem: any action taken made all options text disappear! (nothing but the CWM logo would show until the power button was pushed again) I was able to reboot manually, installed ROM Manager, and CWM 5 through ROM Manager. Reboot to recovery, and nothing but a beautiful white screen/HTC logo... Manually rebooted again, and tried to re flash DoomLord's touch recovery through ROM Manager, reboot, same result. Tried using GooIM to flash the same recovery, and nada...
Luckily the ONEXXL still boots, but I'm stuck with no recovery, now... I'm thinking if I uninstall ROM Manager, delete the CWM folder from my SD, reinstall ROM Manager/CWM, that might fix it? I kinda feel like I'll get the same splash screen, though...
Any other ideas? Never completely lost recovery before...
My tab's Flyer than yours (unless this is posted in a Flyer thread... Then it's just as Flyer...)
http://android-gz.com
Use fastboot.
yes fastbot flash the recovery img
fastboot flash recovery "name of file.img"
That's the reply I was dreading... Lol. I've always had problems with fastboot / adb on my laptop... Think it's got something to do with Windows 7. CMD prompt opens and immediately closes when I try to open either... I'll try it again, though...
I chose the red pill... Now I'm in the mAtrix and I know Kung Fu...
http://android-gz.com
are you sellecting the fastboot.exe itself?
you need to open the command prompt on its own and navigate to the directory that holds the commands
mcord11758 said:
are you sellecting the fastboot.exe itself?
you need to open the command prompt on its own and navigate to the directory that holds the commands
Click to expand...
Click to collapse
Sho 'nuff... I'm a dolt! I haven't tangled with either since my old OG EVO... I soft bricked that, and gave up until I had the time to properly learn, and still haven't gotten the chance to learn. I'll try it the right way now...
I chose the red pill... Now I'm in the mAtrix and I know Kung Fu...
http://android-gz.com
IP IHI II IL said:
Sho 'nuff... I'm a dolt! I haven't tangled with either since my old OG EVO... I soft bricked that, and gave up until I had the time to properly learn, and still haven't gotten the chance to learn. I'll try it the right way now...
I chose the red pill... Now I'm in the mAtrix and I know Kung Fu...
http://android-gz.com
Click to expand...
Click to collapse
Download the start-here.txt attached to this post and place it in the same directory as your fastboot.exe. Change "start-here.txt" to "start-here.bat" and double click it. Follow the commands in the attached image to flash your recovery.img. Make sure the recovery.img is in the fastboot folder.
If the text options disappear when you're in recovery press volume-up and volume-down at the same time to toggle between "Back menu button disabled." and "Back menu button enabled."
pravus_nephilim said:
Download the start-here.txt attached to this post and place it in the same directory as your fastboot.exe. Change "start-here.txt" to "start-here.bat" and double click it. Follow the commands in the attached image to flash your recovery.img. Make sure the recovery.img is in the fastboot folder.
If the text options disappear when you're in recovery press volume-up and volume-down at the same time to toggle between "Back menu button disabled." and "Back menu button enabled."
Click to expand...
Click to collapse
Woah, dude! You ROCK! With 4 kids, and helping my fiancée with her daycare it's not easy to find the time to tinker, and you just saved my heinie! Thanks a TON!
I chose the red pill... Now I'm in the mAtrix and I know Kung Fu...
http://android-gz.com
pravus_nephilim said:
Download the start-here.txt attached to this post and place it in the same directory as your fastboot.exe. Change "start-here.txt" to "start-here.bat" and double click it. Follow the commands in the attached image to flash your recovery.img. Make sure the recovery.img is in the fastboot folder.
If the text options disappear when you're in recovery press volume-up and volume-down at the same time to toggle between "Back menu button disabled." and "Back menu button enabled."
Click to expand...
Click to collapse
Alright, my machine's a dolt now... I try to change the file, and it just renames it start-here.bat.txt... I managed to get into fastboot the right way, finally, and I've tried flashing the recovery to no avail. I've renamed it a few times, but my damn machine just adds the text to the file name instead of changing the file type...
(I just realized I needed to extract the img from the zip, did that and still won't flash...)
I know I must look like an idiot at this point, and sorry if I'm wasting your time with n00bishness, but like I said before, it's been a LONG time since I've been able to practice, so this is basically all new to me...
Sorry guys, and thanks for the help so far!!
Here are my failed attempts:
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\Users\PHILTHY>C:\android\fastboot
usage: fastboot [ <option> ] <command>
commands:
update <filename> reflash device from update.zip
flashall flash boot + recovery + system
flash <partition> [ <filename> ] write a file to a flash partition
erase <partition> erase a flash partition
getvar <variable> display a bootloader variable
boot <kernel> [ <ramdisk> ] download and boot kernel
flash:raw boot <kernel> [ <ramdisk> ] create bootimage and flash it
devices list all connected devices
reboot reboot device normally
reboot-bootloader reboot device into bootloader
options:
-w erase userdata and cache
-s <serial number> specify device serial number
-p <product> specify product name
-c <cmdline> override kernel commandline
-i <vendor id> specify a custom USB vendor id
-b <base_addr> specify a custom kernel base address
-n <page size> specify the nand page size. default:
2048
C:\Users\PHILTHY>devices
'devices' is not recognized as an internal or external command,
operable program or batch file.
C:\Users\PHILTHY>C:\android\fastboot flash Flyer-HC-CWM5-Recovery-DooMLoRD-v02-T
ouchEdition.zip
unknown partition 'Flyer-HC-CWM5-Recovery-DooMLoRD-v02-TouchEdition.zip'
error: cannot determine image filename for 'Flyer-HC-CWM5-Recovery-DooMLoRD-v02-
TouchEdition.zip'
C:\Users\PHILTHY>c:\android\fastboot devices
HT15XJN00873 fastboot
C:\Users\PHILTHY>c:\android\fastboot recovery.img
usage: fastboot [ <option> ] <command>
commands:
update <filename> reflash device from update.zip
flashall flash boot + recovery + system
flash <partition> [ <filename> ] write a file to a flash partition
erase <partition> erase a flash partition
getvar <variable> display a bootloader variable
boot <kernel> [ <ramdisk> ] download and boot kernel
flash:raw boot <kernel> [ <ramdisk> ] create bootimage and flash it
devices list all connected devices
reboot reboot device normally
reboot-bootloader reboot device into bootloader
options:
-w erase userdata and cache
-s <serial number> specify device serial number
-p <product> specify product name
-c <cmdline> override kernel commandline
-i <vendor id> specify a custom USB vendor id
-b <base_addr> specify a custom kernel base address
-n <page size> specify the nand page size. default:
2048
C:\Users\PHILTHY>c:\android\fastboot update update.zip
error: failed to load 'update.zip'
C:\Users\PHILTHY>c:\android\fastboot flashall
error: neither -p product specified nor ANDROID_PRODUCT_OUT set
C:\Users\PHILTHY>c:\android\fastboot flash recovery.img
unknown partition 'recovery.img'
error: cannot determine image filename for 'recovery.img'
C:\Users\PHILTHY>c:\android\fastboot flash c:\android\recovery.zip
unknown partition 'c:\android\recovery.zip'
error: cannot determine image filename for 'c:\android\recovery.zip'
C:\Users\PHILTHY>c:\android\fastboot flash recovery.img
unknown partition 'recovery.img'
error: cannot determine image filename for 'recovery.img'
C:\Users\PHILTHY>c:\android
'c:\android' is not recognized as an internal or external command,
operable program or batch file.
C:\Users\PHILTHY>c:\android\fastboot flash recovery recovery.img
error: cannot load 'recovery.img'
C:\Users\PHILTHY>
EDIT: ok, so I re-downloaded/installed the SDK and tools. I put the recovery.img in the folder "C:\android\platform-tools" and ran:
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\Users\PHILTHY>C:\android\platform-tools\fastboot flash recovery recovery.img
error: cannot load 'recovery.img'
C:\Users\PHILTHY>
WTH am I doing wrong?! I know it's user error...
EDIT 2: MORE failed attempts... starting to get frustrated...
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\Users\PHILTHY>C:\android\platform-tools\fastboot flash recovery recovery.img
error: cannot load 'recovery.img'
C:\Users\PHILTHY>C:\android\platform-tools\adb reboot bootloader
* daemon not running. starting it now on port 5037 *
* daemon started successfully *
error: device not found
C:\Users\PHILTHY>C:\android\platform-tools\fastboot devices
HT15XJN00873 fastboot
C:\Users\PHILTHY>C:\android\platform-tools\fastboot
usage: fastboot [ <option> ] <command>
commands:
update <filename> reflash device from update.zip
flashall flash boot + recovery + system
flash <partition> [ <filename> ] write a file to a flash partition
erase <partition> erase a flash partition
format <partition> format a flash partition
getvar <variable> display a bootloader variable
boot <kernel> [ <ramdisk> ] download and boot kernel
flash:raw boot <kernel> [ <ramdisk> ] create bootimage and flash it
devices list all connected devices
continue continue with autoboot
reboot reboot device normally
reboot-bootloader reboot device into bootloader
help show this help message
options:
-w erase userdata and cache
-s <serial number> specify device serial number
-p <product> specify product name
-c <cmdline> override kernel commandline
-i <vendor id> specify a custom USB vendor id
-b <base_addr> specify a custom kernel base address
-n <page size> specify the nand page size. default:
2048
C:\Users\PHILTHY>C:\android\platform-tools\fastboot reboot-bootloader
rebooting into bootloader...
OKAY [ 0.512s]
finished. total time: 0.514s
C:\Users\PHILTHY>C:\android\platform-tools\fastboot flash C:\android\platform-to
ols\recovery.img
unknown partition 'C:\android\platform-tools\recovery.img'
error: cannot determine image filename for 'C:\android\platform-tools\recovery.i
mg'
C:\Users\PHILTHY>C:\android\platform-tools\fastboot flash recovery.img
unknown partition 'recovery.img'
error: cannot determine image filename for 'recovery.img'
C:\Users\PHILTHY>C:\android\platform-tools\fastboot flash recovery recovery.img
error: cannot load 'recovery.img'
C:\Users\PHILTHY>C:\android\platform-tools\fastboot flash Flyer-HC-CWM5-Recovery
-DooMLoRD-v02-TouchEdition.zip
unknown partition 'Flyer-HC-CWM5-Recovery-DooMLoRD-v02-TouchEdition.zip'
error: cannot determine image filename for 'Flyer-HC-CWM5-Recovery-DooMLoRD-v02-
TouchEdition.zip'
C:\Users\PHILTHY>C:\android\platform-tools\fastboot flash C:\android\platform-to
ols\fastboot\recovery.img
unknown partition 'C:\android\platform-tools\fastboot\recovery.img'
error: cannot determine image filename for 'C:\android\platform-tools\fastboot\r
ecovery.img'
C:\Users\PHILTHY>C:\android\platform-tools\fastboot flash C:\android\platform-to
ols\fastboot\recovery.img
unknown partition 'C:\android\platform-tools\fastboot\recovery.img'
error: cannot determine image filename for 'C:\android\platform-tools\fastboot\r
ecovery.img'
C:\Users\PHILTHY>C:\android\platform-tools\fastboot flash recovery recovery.img
error: cannot load 'recovery.img'
C:\Users\PHILTHY>C:\android\platform-tools\fastboot
usage: fastboot [ <option> ] <command>
commands:
update <filename> reflash device from update.zip
flashall flash boot + recovery + system
flash <partition> [ <filename> ] write a file to a flash partition
erase <partition> erase a flash partition
format <partition> format a flash partition
getvar <variable> display a bootloader variable
boot <kernel> [ <ramdisk> ] download and boot kernel
flash:raw boot <kernel> [ <ramdisk> ] create bootimage and flash it
devices list all connected devices
continue continue with autoboot
reboot reboot device normally
reboot-bootloader reboot device into bootloader
help show this help message
options:
-w erase userdata and cache
-s <serial number> specify device serial number
-p <product> specify product name
-c <cmdline> override kernel commandline
-i <vendor id> specify a custom USB vendor id
-b <base_addr> specify a custom kernel base address
-n <page size> specify the nand page size. default:
2048
C:\Users\PHILTHY>C:\android\platform-tools\fastboot flash recovery recovery.img
error: cannot load 'recovery.img'
C:\Users\PHILTHY>C:\android\platform-tools\fastboot flash recovery recovery.img
error: cannot load 'recovery.img'
C:\Users\PHILTHY>C:\android\platform-tools\fastboot flash recovery.img
unknown partition 'recovery.img'
error: cannot determine image filename for 'recovery.img'
C:\Users\PHILTHY>
I have the recovery.img in "C:\android\platform-tools". I also created a folder named "fastboot" and put it in there, and tried to run it to no avail...grrrrr
IP IHI II IL said:
Alright, my machine's a dolt now... I try to change the file, and it just renames it start-here.bat.txt... I managed to get into fastboot the right way, finally, and I've tried flashing the recovery to no avail. I've renamed it a few times, but my damn machine just adds the text to the file name instead of changing the file type...
(I just realized I needed to extract the img from the zip, did that and still won't flash...)
I know I must look like an idiot at this point, and sorry if I'm wasting your time with n00bishness, but like I said before, it's been a LONG time since I've been able to practice, so this is basically all new to me...
Sorry guys, and thanks for the help so far!!
Click to expand...
Click to collapse
Your explorer settings are preventing you from changing the file type. If you are on Windows 7 change it in;
Start > Control Panel > Folder Options > View then uncheck "Hide extensions for known file types"
If you place that start-here.bat in the same folder as your fastboot.exe it will take you to the right directory in the terminal. It was only to try simplify things!
If you have the SDK extracted to the root of your drive and the terminal is saying "C:\Users\PHILTHY>" you're going to have to change directory by typing
Code:
cd C:\android-sdk\platform-tools
Then when you're in the proper folder in the terminal type out the following commands while in fastboot
Code:
fastboot flash recovery recovery.img
fastboot erase cache
fastboot reboot
Extract the recovery.img from the .zip. You don't need to make a folder called fastboot. Just have the recovery.img in the platform-tools folder along with the fastboot.exe.
pravus_nephilim said:
Your explorer settings are preventing you from changing the file type. If you are on Windows 7 change it in;
Start > Control Panel > Folder Options > View then uncheck "Hide extensions for known file types"
If you place that start-here.bat in the same folder as your fastboot.exe it will take you to the right directory in the terminal. It was only to try simplify things!
If you have the SDK extracted to the root of your drive and the terminal is saying "C:\Users\PHILTHY>" you're going to have to change directory by typing
Code:
cd C:\android-sdk\platform-tools
Then when you're in the proper folder in the terminal type out the following commands while in fastboot
Code:
fastboot flash recovery recovery.img
fastboot erase cache
fastboot reboot
Extract the recovery.img from the .zip. You don't need to make a folder called fastboot. Just have the recovery.img in the platform-tools folder along with the fastboot.exe.
Click to expand...
Click to collapse
I'll can't believe I forgot to enter the cd command... All that frustration over 2 lil letters... I promise I used to know this stuff well... Guess I've been outta the game for too long... That did it! Thanks for all your help guys, and SUPER thanks to pravus for goin the extra mile to help a dolt!
I chose the red pill... Now I'm in the mAtrix and I know Kung Fu...
http://android-gz.com
I had an even worse case on my flyer.
Tried to get the touch recovery, then install a HC based rom. It won't work at all. Everytime I got flash closed on recovery.
pravus_nephilim said:
Download the start-here.txt attached to this post and place it in the same directory as your fastboot.exe. Change "start-here.txt" to "start-here.bat" and double click it. Follow the commands in the attached image to flash your recovery.img. Make sure the recovery.img is in the fastboot folder.
If the text options disappear when you're in recovery press volume-up and volume-down at the same time to toggle between "Back menu button disabled." and "Back menu button enabled."
Click to expand...
Click to collapse
vinteri said:
I had an even worse case on my flyer.
Tried to get the touch recovery, then install a HC based rom. It won't work at all. Everytime I got flash closed on recovery.
Click to expand...
Click to collapse
Do you have a Gingerbread or Honeycomb hboot and are you HTCDev unlocked or S-OFF?
I have s-off. Before I flashed the touch recovery, I had ICS OneXXl rom installed.
hBoot should be HC.
pravus_nephilim said:
Do you have a Gingerbread or Honeycomb hboot and are you HTCDev unlocked or S-OFF?
Click to expand...
Click to collapse
vinteri said:
I have s-off. Before I flashed the touch recovery, I had ICS OneXXl rom installed.
hBoot should be HC.
Click to expand...
Click to collapse
Okay, so you're S-OFF with the Honeycomb hboot and trying to flash another HC ROM in recovery. How did you flash the touch recovery? I don't fully understand what you mean when you said "Everytime I got flash closed on recovery".
Everytime I tried to go to recovery, it showed up for less one second, then turned to black screen. Bad thing is I wiped the previous installed Rom. Without recovery, I can't restore from backup.
Sent from my PG86100 using Tapatalk 2
vinteri said:
Everytime I tried to go to recovery, it showed up for less one second, then turned to black screen. Bad thing is I wiped the previous installed Rom. Without recovery, I can't restore from backup.
Sent from my PG86100 using Tapatalk 2
Click to expand...
Click to collapse
Surely you can reboot into the bootloader, go to fastboot and try reflash the a recovery.img? Check the md5 of your downloaded recovery.img in case something is off.
I have carefully researched HTCdev bootloader unlock process and found next:
1. Completely erases (filling 0x00) mmcblk0p23 (data).
2. All files deleted from /cache/ partition (but partition itself NOT fills with 0x00).
3. On partition mmcblk0p16 erases (overwriting with 0x00) 10 bytes at offset 0xA0 (mine was "3.08.401.1").
4. In paritions mmcblk0p16 and mmcblk0p31 written 0x01 at offset 0xC40 (was 0x00). I don't know what is it, but maybe it's related to "unlocked" bootloader problems.
5. In partition mmcblk0p3 at offset 0x424 written 4 bytes, replacing existing values: 0x74B50109 (was 0x4ED7B921) - it's not text string.
6. In partition mmcblk0p3 at offset 0x8404 written 4 bytes: HTCU.
On relocking bootloader using fastboot oem lock i seen following changes:
1. In partition mmcblk0p3 at offset 0x424 written 4 bytes, replacing existing values: 0xE6D84D2B - it's not text string.
2. In partition mmcblk0p3 at offset 0x8404 written 4 bytes: HTCL.
BUT!
to really unlock bootloader (checked if it's only text in BOOT changed or really unlocked by command fastboot boot boot.img, on locked I got FAILED (remote: not allowed)) You need do only last steps, writting into parttion mmcblk0p3 at offset 0x8404 HTCU for unlocked, HTCL for relocked or 0x00000000 for locked.
read partition image using terminal commands
su (and gain root access to terminal)
dd if=/dev/block/mmcblk0p3 of=/sdcard/mmcblk0p3.img
then mount SDCARD to PC over USB and edit mmcblk0p3 using WinHEX or another HEX editor, jump to offset 0x8404 and write HTCU for unlocked, HTCL for relocked or 0x00000000 for locked.
Then umount SDCARD from PC and write modified partition image back to phone memory using command
dd if=/sdcard/mmcblk0p3.img of=/dev/block/mmcblk0p3
That's all. Please post Your zipped mmcblk0p3.img files with HBOOT/firmware/radio/baseband version descriptions to find if 5 bytes at offset 0x424 same for all phones, or individual.
Thank You!
P.S. I have HBOOT 1.49.0018. mmcblk0p3 is 31.6Mib, but zips to ~32Kb
It sounds interesting, but could you please simplify the whole process and write a detailed instruction how to do it?
Interested in this method aswell.
Could it work on hboot 1.53 also?
Sent from my shooteru using xda premium
phikal said:
Interested in this method aswell.
Could it work on hboot 1.53 also?
Sent from my shooteru using xda premium
Click to expand...
Click to collapse
I don't know. If somebody with unlocked or relocked bootloader and 1.53 HBOOT can provide image of this partition - we can just look for this strings and find this string. offset may differs, but I think it's same for all hboots.
Thank God for $amsung !
Sent from the man in Your attic.....
At 0x424 -- 74 b5 01 09 01
HTCU at 0x8404
Unlocked soff 1.49.007
Latest radio 11.25.3504.06_M
Blk16 at 0xa0 just zeros
Odesláno z mého PG8600 pomocí Tapatalk 2
New motherboard
Hi
I just recover my phone from HTC with a new motherboard and hboot 1.53.
How can I help ? I am under linux but dd isn't my favorite command. is there a way to have a .sh or smth ?
I am just desperate for this.
Thanks in advance.
I recieved some images of this partition fom mine russian friends and compared them. Here is results:
4 bytes at offest 0x824 are unique for every phone. There is "simlock" string near this bytes. I think it's used to generate sim lock code.
4 bytes at offset 0x424 are unique for every unlocked or relocked phone. I recieved only one image from locked phone, but this bytes was same for mine and that image. It's too little to be sure, but it's looks like it's same for every locked phone. it's 0x4ED7B921
16 bytes at offset 0x9400 - unique for every phone
another 16 bytes at offset 0x9410 repeats 265 times (until 0xA49F) and unique for every phone. - 4040 bytes at all.
previous 16 bytes again at offset 0xA800 repeats 32 times (until 0xA9FF) and unique for every phone. 512 bytes at all.
Grea09 said:
Hi
I just recover my phone from HTC with a new motherboard and hboot 1.53.
How can I help ? I am under linux but dd isn't my favorite command. is there a way to have a .sh or smth ?
I am just desperate for this.
Thanks in advance.
Click to expand...
Click to collapse
Are You have wire-trick s-off? Phones with new motherboard are much more interesting than stock.
I have one image of mmcblk0p3 partition from such phone. There is some more differences in it, comparing to stock phone:
4 bytes at offset 0xC24 (near "simunlock"string - at all other images those bytes was same.
256 bytes at offset 0xAD00 - all other images had 0x00 at this offset. It's NOT Unlock_code.bin.
previous 256 bytes again at offset 0xB100 - again same 256 bytes. All other images had 0x00 at this offset. It's still NOT Unlock_code.bin.
Here is Bash script. Correct ADB= string to which adb output for Your system or full path to adb binary, then save it as adbflasher, then chmod +x adbflasher
Connect Your S-OFF Evo 3D to PC and run ./adbflasher read security_record security_record.img - this will be mmcblk0p3 partition image.
Code:
#!/bin/bash
set -x
E_WRONGCOMMAND=65
E_WRONGPARTITION=66
E_ERASE=67
ADB="/opt/android-sdk-update-manager/platform-tools/adb"
fs_write() {
echo fs_write $*
local param_fs=$1
local param_file=$2
local param_device=$3
exportfs none
exportfs $param_fs
device_detect $param_device
sudo pv $param_file|dd of=$device bs=65536
sync
exportfs none
}
fs_read() {
echo fs_read $*
local param_fs=$1
local param_file=$2
local param_device=$3
exportfs none
echo calling exportfs $param_fs
exportfs $param_fs
echo calling device_detect
device_detect $param_device
sudo pv $device |dd of=$param_file bs=65536 &
exportfs none
}
fs_erase() {
echo fs_erase $*
local param_fs=$1
local param_device=$2
case $param_fs in
security_record) echo Erasing partition $param_fs not allowed: it may brick Your phone!; exit $E_ERASE;;
hboot) echo Erasing partition $param_fs not allowed: it will brick Your phone!; exit $E_ERASE;;
emmc) echo Erasing partition $param_fs not allowed: it will brick Your phone!; exit $E_ERASE;;
none) echo Unable to erase partition $param_fs!; exit $E_ERASE;;
*) fs_write $param_fs /dev/zero $param_device ;;
esac
}
exportfs() {
echo exportfs $*
case $1 in
security_record) partition=/dev/block/mmcblk0p3;;
hboot) partition=/dev/block/mmcblk0p12;;
radio) partition=/dev/block/mmcblk0p17;;
adsp) partition=/dev/block/mmcblk0p19;;
boot) partition=/dev/block/mmcblk0p20;;
recovery) partition=/dev/block/mmcblk0p21;;
system) partition=/dev/block/mmcblk0p22;;
data) partition=/dev/block/mmcblk0p23;;
cache) partition=/dev/block/mmcblk0p24;;
devlog) partition=/dev/block/mmcblk0p27;;
emmc) partition=/dev/block/mmcblk0;;
sdcard) partition=/dev/block/mmcblk1;;
none) partition="none";;
*) echo Wrong partition: $1; exit $E_WRONGPARTITION;;
esac
legacy="/sys/devices/platform/usb_mass_storage/lun0/file"
recent="/sys/devices/platform/msm_otg/msm_hsusb/gadget/lun0/file"
until $ADB shell "echo $partition > $legacy" ; do sleep 1;done
until $ADB shell "echo $partition > $recent" ; do sleep 1;done
until $ADB shell "echo $partition |su -c \"tee $legacy\"" ; do sleep 1;done
until $ADB shell "echo $partition |su -c \"tee $recent\"" ; do sleep 1;done
echo exportfs $* done
}
device_detect() {
echo "device_detect $*"
device=`find /dev/disk/by-id/|grep -i Android|sort|head -n 1` ## TODO: write better detect function!
if [[ "z$1" != "z" ]] ;then device=$1; fi
}
usage() {
echo "Usage: adbflasher flash hdsp boot.img [device_to_flash]
adbflasher flash recovery recovery.img [device_to_flash]
adbflasher flash radio radio.img [device_to_flash]
adbflasher flash hboot hboot.img [device_to_flash] ## Dangerous!
adbflasher flash adsp adsp.img [device_to_flash]
adbflasher flash emmc emmc.img [device_to_flash] ## Extremly dangerous! DO NOT FLASH ANY FILE EXCEPT YOUR HAVE READ FROM YOUR PHONE EARLIER!
adbflasher exportfs {hboot|radio|adsp|boot|recovery|system|data|cache|devlog|emmc|sdcard|none}
## Might br dangerous! ALWAYS do exportfs none before exportfs another partition!
adbflasher read {security_record|hboot|radio|adsp|boot|recovery|system|data|cache|devlog|emmc|sdcard|none} filename.img [device_to_read]
adbflasher erase {radio|adsp|boot|recovery|system|data|cache|devlog|sdcard} [device_to_erase]"
}
if [[ $# -eq 0 ]] ;then usage; exit $E_WRONGCOMMAND; fi
case $1 in
exportfs) exportfs $2 ;;
erase) fs_erase $2 $3 |exit $? ;;
read) fs_read $2 $3 $4 |exit $? ;;
flash) fs_write $2 $3 $4 |exit $? ;;
*) echo "Wrong command: $1"; usage; exit $E_WRONGCOMMAND ;;
esac
#until /opt/android-sdk-update-manager/platform-tools/adb reboot ; do sleep 1;done
S-trace said:
I recieved some images of this partition fom mine russian friends and compared them. Here is results:
4 bytes at offest 0x824 are unique for every phone. There is "simlock" string near this bytes. I think it's used to generate sim lock code.
4 bytes at offset 0x424 are unique for every unlocked or relocked phone. I recieved only one image from locked phone, but this bytes was same for mine and that image. It's too little to be sure, but it's looks like it's same for every locked phone. it's 0x4ED7B921
16 bytes at offset 0x9400 - unique for every phone
another 16 bytes at offset 0x9410 repeats 265 times (until 0xA49F) and unique for every phone. - 4040 bytes at all.
previous 16 bytes again at offset 0xA800 repeats 32 times (until 0xA9FF) and unique for every phone. 512 bytes at all.
Are You have wire-trick s-off? Phones with new motherboard are much more interesting than stock.
I have one image of mmcblk0p3 partition from such phone. There is some more differences in it, comparing to stock phone:
4 bytes at offset 0xC24 (near "simunlock"string - at all other images those bytes was same.
256 bytes at offset 0xAD00 - all other images had 0x00 at this offset. It's NOT Unlock_code.bin.
previous 256 bytes again at offset 0xB100 - again same 256 bytes. All other images had 0x00 at this offset. It's still NOT Unlock_code.bin.
Here is Bash script. Correct ADB= string to which adb output for Your system or full path to adb binary, then save it as adbflasher, then chmod +x adbflasher
Connect Your S-OFF Evo 3D to PC and run ./adbflasher read security_record security_record.img - this will be mmcblk0p3 partition image.
Code:
#!/bin/bash
set -x
E_WRONGCOMMAND=65
E_WRONGPARTITION=66
E_ERASE=67
ADB="/opt/android-sdk-update-manager/platform-tools/adb"
fs_write() {
echo fs_write $*
local param_fs=$1
local param_file=$2
local param_device=$3
exportfs none
exportfs $param_fs
device_detect $param_device
sudo pv $param_file|dd of=$device bs=65536
sync
exportfs none
}
fs_read() {
echo fs_read $*
local param_fs=$1
local param_file=$2
local param_device=$3
exportfs none
echo calling exportfs $param_fs
exportfs $param_fs
echo calling device_detect
device_detect $param_device
sudo pv $device |dd of=$param_file bs=65536 &
exportfs none
}
fs_erase() {
echo fs_erase $*
local param_fs=$1
local param_device=$2
case $param_fs in
security_record) echo Erasing partition $param_fs not allowed: it may brick Your phone!; exit $E_ERASE;;
hboot) echo Erasing partition $param_fs not allowed: it will brick Your phone!; exit $E_ERASE;;
emmc) echo Erasing partition $param_fs not allowed: it will brick Your phone!; exit $E_ERASE;;
none) echo Unable to erase partition $param_fs!; exit $E_ERASE;;
*) fs_write $param_fs /dev/zero $param_device ;;
esac
}
exportfs() {
echo exportfs $*
case $1 in
security_record) partition=/dev/block/mmcblk0p3;;
hboot) partition=/dev/block/mmcblk0p12;;
radio) partition=/dev/block/mmcblk0p17;;
adsp) partition=/dev/block/mmcblk0p19;;
boot) partition=/dev/block/mmcblk0p20;;
recovery) partition=/dev/block/mmcblk0p21;;
system) partition=/dev/block/mmcblk0p22;;
data) partition=/dev/block/mmcblk0p23;;
cache) partition=/dev/block/mmcblk0p24;;
devlog) partition=/dev/block/mmcblk0p27;;
emmc) partition=/dev/block/mmcblk0;;
sdcard) partition=/dev/block/mmcblk1;;
none) partition="none";;
*) echo Wrong partition: $1; exit $E_WRONGPARTITION;;
esac
legacy="/sys/devices/platform/usb_mass_storage/lun0/file"
recent="/sys/devices/platform/msm_otg/msm_hsusb/gadget/lun0/file"
until $ADB shell "echo $partition > $legacy" ; do sleep 1;done
until $ADB shell "echo $partition > $recent" ; do sleep 1;done
until $ADB shell "echo $partition |su -c \"tee $legacy\"" ; do sleep 1;done
until $ADB shell "echo $partition |su -c \"tee $recent\"" ; do sleep 1;done
echo exportfs $* done
}
device_detect() {
echo "device_detect $*"
device=`find /dev/disk/by-id/|grep -i Android|sort|head -n 1` ## TODO: write better detect function!
if [[ "z$1" != "z" ]] ;then device=$1; fi
}
usage() {
echo "Usage: adbflasher flash hdsp boot.img [device_to_flash]
adbflasher flash recovery recovery.img [device_to_flash]
adbflasher flash radio radio.img [device_to_flash]
adbflasher flash hboot hboot.img [device_to_flash] ## Dangerous!
adbflasher flash adsp adsp.img [device_to_flash]
adbflasher flash emmc emmc.img [device_to_flash] ## Extremly dangerous! DO NOT FLASH ANY FILE EXCEPT YOUR HAVE READ FROM YOUR PHONE EARLIER!
adbflasher exportfs {hboot|radio|adsp|boot|recovery|system|data|cache|devlog|emmc|sdcard|none}
## Might br dangerous! ALWAYS do exportfs none before exportfs another partition!
adbflasher read {security_record|hboot|radio|adsp|boot|recovery|system|data|cache|devlog|emmc|sdcard|none} filename.img [device_to_read]
adbflasher erase {radio|adsp|boot|recovery|system|data|cache|devlog|sdcard} [device_to_erase]"
}
if [[ $# -eq 0 ]] ;then usage; exit $E_WRONGCOMMAND; fi
case $1 in
exportfs) exportfs $2 ;;
erase) fs_erase $2 $3 |exit $? ;;
read) fs_read $2 $3 $4 |exit $? ;;
flash) fs_write $2 $3 $4 |exit $? ;;
*) echo "Wrong command: $1"; usage; exit $E_WRONGCOMMAND ;;
esac
#until /opt/android-sdk-update-manager/platform-tools/adb reboot ; do sleep 1;done
Click to expand...
Click to collapse
Thanks a lot for your great work.
What is security_record ? Is this script only saving the partition or is there a serious risk of bricking ?
I realy can't afford now any serious riscky operation beceause I am realy unlucky with this phone and I'm planning to sell it now.
I can help if you want (for other to know what to do) but I am not ready for this anymore.
Grea09 said:
Thanks a lot for your great work.
What is security_record ? Is this script only saving the partition or is there a serious risk of bricking ?
I realy can't afford now any serious riscky operation beceause I am realy unlucky with this phone and I'm planning to sell it now.
I can help if you want (for other to know what to do) but I am not ready for this anymore.
Click to expand...
Click to collapse
What is security_record? - It's mmcblk0p3 partition of eMMC card (internal memory of Evo 3D). What is it's data are? I don't know, and I'm trying to reserach it. It's looks like some diigtal keys stored in this place, some of them are same for every phone, and some are individual for every phone.
No, it's no risk if You will just read partition using read command (and don't using write or erase commands).
This script is only open selected partition (or full eMMC in "* emmc" operations) to access from PC and then read it using dd command.
But I will need images of another partitions or all eMMC card, and it would be fine if You can provide it later for future research of Evo 3D memory. You can even erase CACHE, DATA, SYSTEM, ADSP and RADIO partitions using ./adbflasher erase {system/data/cache/adsp/radio/boot/recovery/logo} before sending zipped emmc.img to me using ./adbflasher read emmc emmc.img command.
This is recommended sequence of commands:
./adbflasher read emmc emmc_original.img ## Reading original eMMC image to restore it later.
./adbflasher erase cache ## Erasing CACHE partition. I'm not interested for it.
./adbflasher erase data ## Erasing DATA partition. It's Your private data, I'm not interested for it.
./adbflasher erase system ## Erasing SYSTEM partition. It's Android OS. I'm not interested for it.
./adbflasher erase radio ## Erasing RADIO partition. I'm not interested for it.
./adbflasher erase adsp ## Erasing ADSP partition. I'm not interested for it.
./adbflasher erase boot ## Erasing BOOT partition. I'm not interested for it.
./adbflasher erase recovery ## Erasing RECOVERY partition. I'm not interested for it.
./adbflasher erase logo ## Erasing LOGO partition. I'm not interested for it.
## It's no brick risk now, even while all those partitions have erased. You can boot to HBOOT and flash PG86IMG.zip with firmware, restoring LOGO, ADSP, RADIO partitions, then flash Your favorite recovery using fastboot or PG86IMG.zip, then wipe CACHE and restore NANDROID backup of SYSTEM and DATA.
./adbflasher read emmc emmc.img ## Reading cleaned eMMC image for sending it to me
gzip emmc.img ## Packing 2.25Gb to ~16Mb, because it's almost all space in file is now filled with 0x00
./adbflasher write emmc emmc_original.img ## Writing original eMMC image back to phone. It's some bricking risk now, if power loss will occur during early stage of writing process. It's no risk if You using UPS or notebook with fully charged battery.
rm emmc_original.img ## Erasing 2.25Gb original eMMC image. You can keep it, if needed.
Now, You can send emmc.img.gz to me. You will need at least 5.5Gb of free disk space on Your PC before doing this.
Thank You.
Hi's.
S-trace said:
What is security_record? - It's mmcblk0p3 partition of eMMC card (internal memory of Evo 3D). What is it's data are? I don't know, and I'm trying to reserach it. It's looks like some diigtal keys stored in this place, some of them are same for every phone, and some are individual for every phone.
No, it's no risk if You will just read partition using read command (and don't using write or erase commands).
This script is only open selected partition (or full eMMC in "* emmc" operations) to access from PC and then read it using dd command.
But I will need images of another partitions or all eMMC card, and it would be fine if You can provide it later for future research of Evo 3D memory. You can even erase CACHE, DATA, SYSTEM, ADSP and RADIO partitions using ./adbflasher erase {system/data/cache/adsp/radio/boot/recovery/logo} before sending zipped emmc.img to me using ./adbflasher read emmc emmc.img command.
This is recommended sequence of commands:
./adbflasher read emmc emmc_original.img ## Reading original eMMC image to restore it later.
./adbflasher erase cache ## Erasing CACHE partition. I'm not interested for it.
./adbflasher erase data ## Erasing DATA partition. It's Your private data, I'm not interested for it.
./adbflasher erase system ## Erasing SYSTEM partition. It's Android OS. I'm not interested for it.
./adbflasher erase radio ## Erasing RADIO partition. I'm not interested for it.
./adbflasher erase adsp ## Erasing ADSP partition. I'm not interested for it.
./adbflasher erase boot ## Erasing BOOT partition. I'm not interested for it.
./adbflasher erase recovery ## Erasing RECOVERY partition. I'm not interested for it.
./adbflasher erase logo ## Erasing LOGO partition. I'm not interested for it.
## It's no brick risk now, even while all those partitions have erased. You can boot to HBOOT and flash PG86IMG.zip with firmware, restoring LOGO, ADSP, RADIO partitions, then flash Your favorite recovery using fastboot or PG86IMG.zip, then wipe CACHE and restore NANDROID backup of SYSTEM and DATA.
./adbflasher read emmc emmc.img ## Reading cleaned eMMC image for sending it to me
gzip emmc.img ## Packing 2.25Gb to ~16Mb, because it's almost all space in file is now filled with 0x00
./adbflasher write emmc emmc_original.img ## Writing original eMMC image back to phone. It's some bricking risk now, if power loss will occur during early stage of writing process. It's no risk if You using UPS or notebook with fully charged battery.
rm emmc_original.img ## Erasing 2.25Gb original eMMC image. You can keep it, if needed.
Now, You can send emmc.img.gz to me. You will need at least 5.5Gb of free disk space on Your PC before doing this.
Thank You.
Click to expand...
Click to collapse
I have also tried to unlock HTC evo3d over the internet site HTCdev.com but I could not. Could you please explain your solution in a clear and simple way?
Thank you very much.
Hakancoskun35 said:
I have also tried to unlock HTC evo3d over the internet site HTCdev.com but I could not. Could you please explain your solution in a clear and simple way?
Thank you very much.
Click to expand...
Click to collapse
Are You S-OFF?
This method works only for S-OFF and rooted devices.
If you are already rooted. Why would you need it,
Sorry Bro I don't want to abuse you. But I have same problem
My Handsets motherboard was replaced I here I am stuck with unlock-able EVO 3d. I tried many things but can't get through.
Your works is exactly what I was had in mind, Can we make a universal .IMG or .PG86IMG.zip for unlock boot loader.
Just a thought.
Ohh mine is HBOOT 1.53.007 Unlock-able HTC EVO 3D
P.S. if you can direct me I can try to S-OFF & Root my device as per your instructions
Thanks
abhi_nagpure said:
If you are already rooted. Why would you need it,
Sorry Bro I don't want to abuse you. But I have same problem
My Handsets motherboard was replaced I here I am stuck with unlock-able EVO 3d. I tried many things but can't get through.
Your works is exactly what I was had in mind, Can we make a universal .IMG or .PG86IMG.zip for unlock boot loader.
Just a thought.
Ohh mine is HBOOT 1.53.007 Unlock-able HTC EVO 3D
P.S. if you can direct me I can try to S-OFF & Root my device as per your instructions
Thanks
Click to expand...
Click to collapse
My brother has the same problem, motherboard replaced so devunlock doesnt work. Would be great if this methode works for him.
Sent from my shooteru using xda premium
I can build update.zip for Recovery. But You still will need S-OFF to have write access to mmcblk0p3.
Yes thats what I am talking about.
You see there are many people here who have same problem. May be you are at solving it.
I am already fighting with HTC Service for unlocking or replacing my handset. But I don't think they'll give it.
So we have to do some thing our selves.
Sent from my HTC EVO 3D X515m using Tapatalk 2
Flashable package to unlock/lock/relock bootloader
I have built this package for You.
Just rename it to what You want to do:
query_bootloader.zip - query current state of bootloader (do it before anything else!)
unlock_bootloader.zip - unlock
relock_bootloader.zip - relock
lock_bootloader.zip - lock
and then flash it using Recovery. That's all.
Package is untested on device, sorry, I have bricked mine Evo during another experiments T_T
I don't have root or s-off but still I'll try whatever possible to test your zip,
Thanks
Sent from my HTC EVO 3D X515m using Tapatalk 2
Сome on!
It's 14 downloads at now, but 0 replies!
I am very interested to result! I have tested sctipt on test images and it's worked perfectly, but how about real devices? Especially S-ON?
Hey,
I have an Evo 3D with the following:
- unlocked bootloader via HTCDev
- HBOOT downgrade from 1.49.0018 to 1.49.0007 via Revolutionary
- S-OFF
- Custom Firmware
The problem is that the touchscreen is not working properly anymore (i suspect the digitizer), so there's a hardware issue.
My questions:
- how can i bring my phone to factory defaults so i can send it to warranty? Ok, i know that i should flash an PG86IMG.zip via bootloader to bring the original ROM and Bootloader back. Are there any other steps that i should follow?
- how can i lock my bootloader? I say lock, not relock.
The phone was bought SIM FREE and it was not branded.
Cheers.
I have Zenfone 5 phone, and i want to flashable system.img for the fastboot.
I tried dump system.img with help of this topic: http://forum.xda-developers.com/showthread.php?t=2450045
I used this code for the know what devblock is system for the zenfone:
Code:
adb shell
ls -al /dev/block/platform/intel/by-label/
And the mmcblk0p9 showed as system. Than I dumped system image with this command:
Code:
adb shell
su
dd if=/dev/block/mmcblk0p9 of=/sdcard/system.img
After dump of system.img, I tried flash it via fastboot with this command:
Code:
fastboot flash system system.img
But the flashing process is aborted with this error:
Code:
invalid sparse file format at header magi [I]-> This error appeared in Windows CMD, others in the below, appeared in the fastboot screen[/I]
e:unknowing chunk type
failed: bad file number
In summary; I dumped system.img and flashed it via fastboot and, it wasn't flashed, and give error.
I tried to convert system.img to system.raw via Ubuntu with simg2img file, I took this error:
Code:
invalid sparse file format at header magi
How to solve this "invalid sparse file format error"? Please help me? I'm making a rom, but this error blocked me
Hello
I have a Lenovo tabM10 tablet.I was rooting it and change its booting animation successfully. Now i want to change its splash picture. I extract splash.img from
/dev/block/by-name/splash
Click to expand...
Click to collapse
With following command:
Code:
dd if=/dev/block/by-name/splash of=/mnt/sdcard/
But can't getting image out of splash.img. I use following commands to get image out :
Code:
ffmpeg -hide_banner -f rawvideo -vcodec rawvideo -pix_fmt rgb24 -s 1280x800 -i splash.img -vframes 1 -y output_splash.png
And
Code:
ffmpeg -hide_banner -f rawvideo -vcodec rawvideo -pix_fmt rgb565 -s 1280x800 -i splash.img -vframes 1 -y output_splash.png
And another commands that i found in internet.
But in all case the output image is wrong. I want to get image out to check either the extracted partition is correct or no!
However, a complete guide to changing the splash image is accepting.
Thanks you.
Hey all,
I am learning how Android works and am trying to figure out how I can update the Android filesystem by extracting a ramdisk from normal boot.img, adding some files, then flashing it back. So far, I have been unsuccessful in doing this and am hoping to figure out why. Here's the steps below I have taken:
Using a Google Pixel 4a, Android 11, kernel v 4.14 (i.e. not GKI)
High level:
Extract ramdisk.cpio from boot.img using magiskboot via adb on device, modify extract contents, sent back up to magiskboot, repackaged, then flashed via fastboot.
Detailed steps:
Grab ramdisk.cpio
Code:
$ # obtain the ramdisk.cpio from magiskboot
$ adb -d shell "cd ${BOOT_IMG_PATH}; ./magiskboot unpack boot.img"
$ adb -d pull /${BOOT_IMG_PATH}/ramdisk.cpio /tmp/
$ # attempt to modify the filesystem
$ mkdir /tmp/rd && cd rd
$ cpio -i < /tmp/ramdisk.cpio
$ touch yolo
$ echo "why doest this work" > system/wtf.txt
$ echo "why doest this work" > sys/wtf.txt
$ echo "why doest this work" > vendor/wtf.txt
#patch this directory back up and send to magiskboot
$ find . | cpio -oH new > /tmp/new.ramdisk.cpio
$ adb -d push /tmp/new.ramdisk.cpio ${BOOT_IMG_PATH}/ramdisk.cpio
$ adb -d shell "cd ${BOOT_IMG_PATH}; ./magiskboot repack boot.img
$ adb -d pull /${BOOT_IMG_PATH}/new-boot.img /tmp/
# apply this modifyied boot.img
$ adb reboot bootloader
fastboot flash boot /tmp/new-boot.img
fastboot reboot
After doing this, I'll adb back in to verify:
Code:
adb -d shell "find / -name "wtf.txt" 2>/dev/null
# silence.... always silence... no file change
* I am aware that Wu modifies the extracted dtb file from boot.img with a "magiskboot dtb dtb patch" command but that doesn't seem to apply to my particular boot.img as the fstab doesn't seem to be around
* I am aware that vbmeta and codesigning, I have disabled vbmeta via fastboot
* I am aware that there's A/B slots for flashing. I have tried flashing both slots to make sure the updated ramdisk is seen
* I am aware of magiskboot's kernel patch from skip_initramfs -> want_initramfs. I could use some clarification on this if it pertains to my problem
* My Android device uses "mount method C" from Wu's great writeup https://github.com/topjohnwu/Magisk/blob/master/docs/boot.md. That is, it's init's job to mount everything on my device. I guess I feel confused as to why init wouldn't mount the additional files that I've added to the ramdisk
Extremely grateful for help or guidance on what I've overlooked. Thanks y'all
You should probably examine your modified boot file to see if the new stuff is in there.
I don't use your tools or even deal with cpio as a file type.
Code:
C:\>echo Hello > sbin\bogus
C:\>imgutil /i boot.img sbin/bogus
C:\>imgutil /l boot.img
...
sbin/bogus
...