Better Mobile App

[Q] /efs recovery

Very bad news.
I appear to have had an accident with /efs. Not 100% sure what I did but suspect it related to a product code change.
My SGS2 now will not show an IMEI or connect to the cell network.
I connected with /adb and saw a number of files were updated earlier today
drwxrwxr-x 5 root root 4096 Jan 1 2000 .files
drwxrwxr-x 2 radio radio 4096 Jan 1 2000 imei
-rw-rw-rw- 1 radio radio 832 Jan 1 2011 nv.log
-rw-rw-rw- 1 radio radio 1 Jan 1 2011 .nv_state
-rwx------ 1 radio radio 32 Jan 1 2011 .nv_data.bak.md5
-rwx------ 1 radio radio 2097152 Jan 1 2011 .nv_data.bak
-rwx------ 1 radio radio 32 Jan 1 2011 .nv_core.bak.md5
-rwx------ 1 radio radio 1048576 Jan 1 2011 .nv_core.bak
-rw-r--r-- 1 root root 1 Jan 1 2011 cryptprop_rebootMode
drwx------ 3 system system 4096 Jan 1 2011 dmp
-rw-r--r-- 1 system system 14 Jan 1 2011 cryptprop_persist.sys.timezone
-rw-r--r-- 1 system system 9 Jan 1 2011 cryptprop_applied_result
-rwxrwxr-- 1 radio radio 880 Jan 1 2011 redata.bin
-rw-rw-rw- 1 system system 6 Aug 12 22:43 calibration_data
-rw-rw-rw- 1 system system 256 Oct 4 15:55 edk_p
-rw-r--r-- 1 system system 3 Nov 2 01:27 cryptprop_persist.sys.language
-rw-r--r-- 1 system system 5 Nov 2 15:21 cryptprop_lockscreen.patterneverchosen
-rw-r--r-- 1 system system 6 Nov 2 15:21 cryptprop_lockscreen.password_type
-rw-r--r-- 1 system system 5 Nov 2 15:21 cryptprop_lock_pattern_visible_pattern
-rw-r--r-- 1 system system 6 Nov 2 15:21 cryptprop_lock_pattern_tactile_feedback_ena
bled
-rw-r--r-- 1 system system 5 Nov 2 15:21 cryptprop_lock_pattern_autolock
-rw-r--r-- 1 root root 3 Nov 2 21:08 cryptprop_securewipedata
-rwx------ 1 radio radio 32 Nov 3 17:44 nv_data.bin.md5
-rwx------ 1 radio radio 2097152 Nov 3 17:44 nv_data.bin
-rw-r--r-- 1 system system 0 Nov 3 18:02 cryptprop_onetimeboot
drwxrwx--x 5 radio system 4096 Nov 3 21:23 .
drwxr-xr-x 21 root root 0 Nov 3 21:58 ..
You can see the changes to nv_data.bin.md5 and nv_data.bin -- I have no idea what crptprop_onetimeboot is but it looks a little suspicious.
Firstly I have a copy of the above as
- a directory on my sdcard
- a dd'd image on my sdcard
- a file copy on my PC (!)
I also see I still have backup files, so with a lot of difficulty (fs kept going read only when trying to copy files, so I ended up renaming the old name to the new name)
ie
.nv_data.bak -> nv_data.bin
.nv_data.bak.md5 -> nv_data.bin.md5
This didn't work (still no service/no imei), so I removed(renamed) the .md5 file -- but it still doesn't work
so it now looks like
# ls -latr
ls -latr
drwxrwxr-x 5 root root 4096 Jan 1 2000 .files
drwxrwxr-x 2 radio radio 4096 Jan 1 2000 imei
-rwx------ 1 radio radio 32 Jan 1 2011 nv_data.bin.md5.orig
-rwx------ 1 radio radio 2097152 Jan 1 2011 nv_data.bin
-rw-rw-rw- 1 radio radio 832 Jan 1 2011 nv.log
-rw-rw-rw- 1 radio radio 1 Jan 1 2011 .nv_state
-rwx------ 1 radio radio 32 Jan 1 2011 .nv_core.bak.md5
-rwx------ 1 radio radio 1048576 Jan 1 2011 .nv_core.bak
-rw-r--r-- 1 root root 1 Jan 1 2011 cryptprop_rebootMode
drwx------ 3 system system 4096 Jan 1 2011 dmp
-rw-r--r-- 1 system system 14 Jan 1 2011 cryptprop_persist.sys.timezone
-rw-r--r-- 1 system system 9 Jan 1 2011 cryptprop_applied_result
-rwxrwxr-- 1 radio radio 880 Jan 1 2011 redata.bin
-rw-rw-rw- 1 system system 6 Aug 12 22:43 calibration_data
-rw-rw-rw- 1 system system 256 Oct 4 15:55 edk_p
-rw-r--r-- 1 system system 3 Nov 2 01:27 cryptprop_persist.sys.language
-rw-r--r-- 1 system system 5 Nov 2 15:21 cryptprop_lockscreen.patterneverchosen
-rw-r--r-- 1 system system 6 Nov 2 15:21 cryptprop_lockscreen.password_type
-rw-r--r-- 1 system system 5 Nov 2 15:21 cryptprop_lock_pattern_visible_pattern
-rw-r--r-- 1 system system 6 Nov 2 15:21 cryptprop_lock_pattern_tactile_feedback_ena
bled
-rw-r--r-- 1 system system 5 Nov 2 15:21 cryptprop_lock_pattern_autolock
-rw-r--r-- 1 root root 3 Nov 2 21:08 cryptprop_securewipedata
-rwx------ 1 radio radio 32 Nov 3 17:44 nv_data.bin.md5.bk
-rwx------ 1 radio radio 2097152 Nov 3 17:44 nv_data.bin.bk
-rw-rw-rw- 1 root root 0 Nov 3 20:55 p
drwxrwx--x 5 radio system 4096 Nov 3 21:48 .
-rw-r--r-- 1 system system 0 Nov 3 21:52 cryptprop_onetimeboot
drwxr-xr-x 21 root root 0 Nov 3 21:58 ..
#
[/FONT]
I DID NOT BACKUP EFS beforehand (only just learnt I need to) and know this may now be screwed, but I'm still hopeful I have the original file and just made a silly error.
I could also
- try recreating the whole fs and copying files back
- checking the prod code within the rom (but why?)
- flashing original firmware
- modifying the dd'd image *offline*, swapping the files, and dd'ing the image back
Any advice. PLEASE....

if you have a backup the easiest way I have found is to use root explorer.
go in to the /efs folder, set to read/write, mark everything and delete (not scrictly necessary simply copying over will work) but if you have been tinkering probably better.
then paste all the back up files and folders in
finally reboot (in my experience when something has gone wrong even this is not necessary)
Root explorer is worth every penny
and keep multiple backup's of your /efs on different drives
If this does not work you are screwed. The file contains your IMEI encrypted and the only way to get that restored is by returning it.
oh I just realised you are saying the back up you have is only of it in the current state?
If that's the case you are probably screwed, have you ever used any apps like nitrality or any unlocking tools? they will create copies of your efs folder on the scard in various locations. have you run a file seach on you sdcard to see if there is any copies at all?
if you have no backups of this folder then I think you will find its a return to manufacturer / sevice centre / provider issue.

I *think* I have restored the files -- and the dates look reasonable, as if they were the originals.
I've now flashed an old ROM (KE5) for good measure, but still no signal
One discrepancy I did notice is that after installing a rom there was some bootup message about csc and XEU when copying files.
My original sales code was VOD (UK vodafone). I had then run XEU firmware and just recently tried to set the sales code to XEU using a *# code. I subsequently flashed back to vodafone firmware today.
So somewhere there's a lingering reference to XEU -- this prod code incompatability could be causing the error?
I definately feel I should have the data to fix this -- after all I have the encrypted file, but am not quite sure of all the factors involved (one being "you're stuffed I know")

type *#06# this should display you IMEI number
if this does not match your IMEI from the box then you have not fixed this
if it shows all zeros or 004999010640000 then you are on a generic IMEI number
strangely when I screwed mine up and got the generic one above I was still able to use mine with a vodafone (UK) sim but not an orange on
if this is the case, and there is no efs backup prior to this you might well be screwed.
if this backup is all you have an you believe the .bak file is intact then I believe you will find solutions for deleting the primary version of the file and keeping only the backups and rebooting
the log file should give you more information on how successful this was, but if this was the result of flashing you probably overwrote both primary and backup

*#1234# is returning a reasonable CSC I9100VODKE2
Checking the nv data files, it appears
- the new ones modded today contain XEU
- the original ones contain VOD
This is consistent with what happened, so I am still confused why the renamed original files do not work, and why there's a reference to multi-csc XEU during bootup.
Some remnant of XEU?

*#06# is currently showing blank -- but those .bak files looked fine.
Annoyed and frustrated...

In that case I would try deleting nv_data.bin and nv_data.m5 and rebooting
(assuming you have copies of everything
with just nv_data.bak nv_data.bak.md5
At least with the SGS1 this would work provided those bak files are the originals but the nv.log file will tell you more after the boot.
HOWEVER the SGSII has a lot more in this folder and I do not claim to fully understand them all but if you have a back up it's worth a shot
planetf1 said:
*#1234# is returning a reasonable CSC I9100VODKE2
Checking the nv data files, it appears
- the new ones modded today contain XEU
- the original ones contain VOD
This is consistent with what happened, so I am still confused why the renamed original files do not work, and why there's a reference to multi-csc XEU during bootup.
Some remnant of XEU?
Click to expand...
Click to collapse

Took some inspiration from http://www.communityhosting.net/sgsunlock/i9000.html and decided to check permissions & recreation of md5.
md5 wasn't recreated, so no matter, I had a backup. that is restored, but I don't know if the .bak files are needed. Yet trying to create them I get:
# mv nv_data.bin.md5.orig nv_data.bin.md5
mv nv_data.bin.md5.orig nv_data.bin.md5
# cp nv_data.bin .nv_data.bak
cp nv_data.bin .nv_data.bak
cp: write error: Read-only file system
#
This isn't a space issue.
There could be another cause -- /efs/imei/mps_info.dat contains the 3 characters "XEU" even though the file is dated Jan 2011
So either
- the date has been manually fudged
OR
- the code always was XEU -- unlikely.
I'm currently working on the basis that fundamentally the IMEI is intact, that the original nv_data.bin is intact & that the phone is validating the CSC in mps_info.dat (XEU) against nv_data.bin (VOD) and failing.
Though this wouldn't explain why before the fix, with XEU in the nv_data.bin, it wasn't working
Unless the issue is the filesystem itself. could it be corrupt? Is this in fact why it switched to R/O mode each time? I've tried multiple kernels including insecure. surely they wouldn't all "protect" this fs.
But if this is the case where is fsck? maybe I need to copy the fs image to another linux box with ext4 & inspect/correct before shipping back and dd'ing

Continuing.
Found /system/bin/e2fsck -- ran this against /efs with
# /system/bin/e2fsck /dev/block/mmcblk0p1
/system/bin/e2fsck /dev/block/mmcblk0p1
e2fsck 1.41.11 (14-Mar-2010)
ext2fs_check_if_mount: Can't check if filesystem is mounted due to missing mtab file while determini
ng whether /dev/block/mmcblk0p1 is mounted.
/dev/block/mmcblk0p1 contains a file system with errors, check forced.
Pass 1: Checking inodes, blocks, and sizes
Pass 2: Checking directory structure
Pass 3: Checking directory connectivity
/lost+found not found. Create<y>? y
yes
Pass 4: Checking reference counts
Pass 5: Checking group summary information
Block bitmap differences: -(3202--3203) +4104
Fix<y>? yes
/dev/block/mmcblk0p1: ***** FILE SYSTEM WAS MODIFIED *****
/dev/block/mmcblk0p1: 60/1280 files (1.7% non-contiguous), 2188/5120 blocks
**** >>> I NOW HAVE AN IMEI <<< ****
AND SIGNAL
LOGGED ONTO VODAFONE
WOOOHAY.
THIS HAS BEEN FUN. LOOK AND LEARN..
and seriously thanks to all the other articles and some moral support here tonight.
Going to put back proper firmware , remove dodgy kernels and GET A BIG BEER OR THREE

planetf1 said:
Continuing.
Going to put back proper firmware , remove dodgy kernels and GET A BIG BEER OR THREE
Click to expand...
Click to collapse
and make several backups of the /efs folder in its current state one would assume

Phone seems working. restoring over a HSPA connection happily, recognized voda sim.
now reinstalling titanium backup and copying down from dropbox...

The final step was restoring from titanium backup.
I had erased my sdcard -- though my backup was on dropbox.
However titanium backup is awful at copying files to/from dropbox -- as is IMO the phone when in "phone/kies" mode.
Finally I simply copied the dropbox directory back in USB debug=mass storage mode which was quick and reliable -- and then restored most items en-masse (I have a pro license).
For the record so far phone is fine - and indeed I've since run a new efs backup
The key takeaways from this are
* Backup efs and save it somewhere offline
* get titanium backup pro. it's good (better if it backed up efs too!)
* usb mass storage mode is the most reliable way for file xfer
* backup efs (again)
* don't get complacent
And of course if you do get a similar problem to mine
a) take a backup of efs with dd if=/dev/mmcXXX of=/mnt/scard/myefs.img (check name - I forget)
b) copy files you can to sdcard
c) copy both of this to a seperate pc
d) Just try running fsck (as above) - If I'd done this sooner I'd have saved hours. I should have gone with the obvious -- I've seen this on enough linux systems in the past to know what was happening but was thrown by no kernel messages.

Thanks for letting us know, might be a nice reference for future problems, especially the filesystem check.

Writing about it also helped keep me sane.giving up and hitting the beer was becoming increasingly attractive.
I do think making the warning about efs clearer would help.backup really should be a must at the earliest opportunity
Sent from my GT-I9100 using Tapatalk

Another thought.do unmount /efs before fsck
Sent from my GT-I9100 using Tapatalk

Unable to restore
I know I had a valid IMEI during the last week or so.
I have flashed several ROM's during the last month.
Last night lost IMEI
Now , no matter what I try, I can't seem to restore my IMEI. I have the fake one that ends in a bunch of zero''s
My SDCARD has a folder called EFS_BACKUP with multiple efs_xxxxxxx.tar.gz files in it. If I extract any of these and try to restore them to the /EFS folder I still have the fake IMEI number.
Please help - I didn't understand all the adb code in this post

Hi there,
/efs is fairly new to me too, to be honest it took hours of careful rooting before I gained some useful knowledge in how that area works.
-- what I would suggest before *anything else* is to copy anything you do have left in /efs. You will need to be root to do this. I found the gui root explorer type tools a bit clunky so I used the android SDK (adb is one of the tools in this package) to help. IF YOU NEED HELP WITH THIS SAY. You need to copy the files to multiple places for safety. Someone OFF your phone, ie on a PC. This is just in case things get worse. Do the same with any of those .gz backups you have. Maybe you'll need them *if* you make things worse...
If you're familiar with linux/unix systems this is all fairly easy, but if you're not it can be quite scary. For example you have to be able to write to /efs as well as list files and move them around. One wrong step and you could make things worse.
If you're unsure perhaps you could find a friend who knows *nix well to help you out. The bottom line is that you need to
a) ensure the right files are in there
b) The filesystem itself was intact
I definately suffered from b -- less sure about a.
What you need to do will depend a fair bit on what files you find in there, and what dates they are.
You said you had some backup files. Are you sure you have some from before the problem started? Can you look inside those backup files (I think winzip or similar will expand them for you). WIthout divoluging the actual contents (since you don't want to share your IMEI with anyone), is there an nv_data.bin file in there? Out of all the files it seems to be the most critical. When's it dated (mine was Jan 2011). If you cant' find that file how about .nv_data.bak - is that a good size, and again an old one.
If you have either of these -- even without anything else I think you can probably recover.
If you can get up and running with adb, a good start would be
adb shell
ls -laR /efs

Thank you very much, fsck method fixed my efs. Phone just broke it while doing nothing :/

I love you
You just saved my Galaxy S2

Yay. Brilliant news

Weirdness with CWM nandroid backup

I'm still running Task's 7/3 ICS - yes, I'm going to go to the Tasks JB sometime soon, but I was waiting for things to get fixed and settle down before I switched.
I did a nandroid backup today and the files that were generated are different than the ones from a previous version of Task's ICS - all the .tar files are zero size and there are files with ".a" appended to the filename that have all the data in them. The previous version of Task's ICS didn't generate the .a files, just .tar files. CWM version is 5.5.0.4.
Code:
-rwxr-xr-x. 1 root root 8388608 Oct 21 21:09 boot.img
-rwxr-xr-x. 1 root root 0 Oct 21 21:12 cache.ext4.tar
-rwxr-xr-x. 1 root root 11776 Oct 21 21:12 cache.ext4.tar.a
-rwxr-xr-x. 1 root root 0 Oct 21 21:10 data.ext4.tar
-rwxr-xr-x. 1 root root 479716352 Oct 21 21:12 data.ext4.tar.a
-rwxr-xr-x. 1 root root 510 Oct 21 21:13 nandroid.md5
-rwxr-xr-x. 1 root root 8388608 Oct 21 21:09 recovery.img
-rwxr-xr-x. 1 root root 0 Oct 21 21:09 system.ext4.tar
-rwxr-xr-x. 1 root root 289286144 Oct 21 21:10 system.ext4.tar.a
I did some google searches but didn't find much about this. Are these files going to restore properly if I need to do a restore? I'm somewhat concerned about this because I want to be able to go back to ICS if JB has some issues that I would rather wait until they are fixed before I switch to JB. And I'd like to get some advice before trying to do a restore and finding out it messes up my phone (the phone is owned by my employer so I need to keep it in working order in case I get an after-hours call).

mvi57 said:
I'm still running Task's 7/3 ICS - yes, I'm going to go to the Tasks JB sometime soon, but I was waiting for things to get fixed and settle down before I switched.
I did a nandroid backup today and the files that were generated are different than the ones from a previous version of Task's ICS - all the .tar files are zero size and there are files with ".a" appended to the filename that have all the data in them. The previous version of Task's ICS didn't generate the .a files, just .tar files. CWM version is 5.5.0.4.
Code:
-rwxr-xr-x. 1 root root 8388608 Oct 21 21:09 boot.img
-rwxr-xr-x. 1 root root 0 Oct 21 21:12 cache.ext4.tar
-rwxr-xr-x. 1 root root 11776 Oct 21 21:12 cache.ext4.tar.a
-rwxr-xr-x. 1 root root 0 Oct 21 21:10 data.ext4.tar
-rwxr-xr-x. 1 root root 479716352 Oct 21 21:12 data.ext4.tar.a
-rwxr-xr-x. 1 root root 510 Oct 21 21:13 nandroid.md5
-rwxr-xr-x. 1 root root 8388608 Oct 21 21:09 recovery.img
-rwxr-xr-x. 1 root root 0 Oct 21 21:09 system.ext4.tar
-rwxr-xr-x. 1 root root 289286144 Oct 21 21:10 system.ext4.tar.a
I did some google searches but didn't find much about this. Are these files going to restore properly if I need to do a restore? I'm somewhat concerned about this because I want to be able to go back to ICS if JB has some issues that I would rather wait until they are fixed before I switch to JB. And I'd like to get some advice before trying to do a restore and finding out it messes up my phone (the phone is owned by my employer so I need to keep it in working order in case I get an after-hours call).
Click to expand...
Click to collapse
Why not just make another backup? Or test restore and have you return to stock files ready
Bleh

122ninjas said:
Why not just make another backup? Or test restore and have you return to stock files ready
Bleh
Click to expand...
Click to collapse
I've done 3 or 4 backups with the same results, and no errors reported by CWM. I will probably end up testing it but I thought I'd ask about it first in case it does cause a problem so I don't have to do a complete wipe/reflash to recover from a busted restore.

mvi57 said:
I've done 3 or 4 backups with the same results, and no errors reported by CWM. I will probably end up testing it but I thought I'd ask about it first in case it does cause a problem so I don't have to do a complete wipe/reflash to recover from a busted restore.
Click to expand...
Click to collapse
Did you try restoring one of the backups yet, to see if it restores properly?

0p3nsrc said:
Did you try restoring one of the backups yet, to see if it restores properly?
Click to expand...
Click to collapse
Yes, I did that a few days ago before I upgraded to Task's AOKP JB. The restore worked.

[Q] Error while compiling kernel from source!!!

So..... I've been fussing with the kernel these days.
I managed to add cwm recovery just by editing initramfs.
also, I could enable init.d support
I had a repacker script that only involves original zImage and edited initramfs folder and it made my work easier.
Now, I became greedy and I wanted to add cpu governor.
If I want to do so, I 've gotta actually compile the kernel from source.
I first used this command
export ARCH=arm
export CROSS_COMPILE=/home/xxxxxxxx/arm-2009q3/bin/arm-none-eabi
make venturi_kor_defconfig #I have Korean device
make menuconfig # at the menu, i located my initramfs folder
make -j2
I've got numerous errors no matter what toolchain I used.
arm-eabi-4.4.0
arm-eabi-4.4.3
arm-eabi-4.7
arm-2009q3
arm-eabi-linaro 4.6.2
arm-eabi-linaro 4.7
all the zImages created had similar sizes as the original ones but none of them passed samsung logo (they do boot into recovery though)
4.4.3 and 4.7 didn't even make zImage so I guess that's guaranteed failure.
But Samsung's YP-GB70 Opensource zip says that I should use arm-2009q3 and when I do, it still gives me error
I use 12.04 LTS 64bit
any suggestion please? I'm dire

stylemate said:
So..... I've been fussing with the kernel these days.
I managed to add cwm recovery just by editing initramfs.
also, I could enable init.d support
I had a repacker script that only involves original zImage and edited initramfs folder and it made my work easier.
Now, I became greedy and I wanted to add cpu governor.
If I want to do so, I 've gotta actually compile the kernel from source.
I first used this command
export ARCH=arm
export CROSS_COMPILE=/home/xxxxxxxx/arm-2009q3/bin/arm-none-eabi
make venturi_kor_defconfig #I have Korean device
make menuconfig # at the menu, i located my initramfs folder
make -j2
I've got numerous errors no matter what toolchain I used.
arm-eabi-4.4.0
arm-eabi-4.4.3
arm-eabi-4.7
arm-2009q3
arm-eabi-linaro 4.6.2
arm-eabi-linaro 4.7
all the zImages created had similar sizes as the original ones but none of them passed samsung logo (they do boot into recovery though)
4.4.3 and 4.7 didn't even make zImage so I guess that's guaranteed failure.
But Samsung's YP-GB70 Opensource zip says that I should use arm-2009q3 and when I do, it still gives me error
I use 12.04 LTS 64bit
any suggestion please? I'm dire
Click to expand...
Click to collapse
Hmmm. First make sure you downloaded source for the gingerbread kernel (2.6.35) and not froyo (2.6.32) - it should also be a zip.
Second 4.4.3 is what I use, so that's quite strange. I'll need complete output to see what the problem is.

Mevordel said:
Hmmm. First make sure you downloaded source for the gingerbread kernel (2.6.35) and not froyo (2.6.32) - it should also be a zip.
Second 4.4.3 is what I use, so that's quite strange. I'll need complete output to see what the problem is.
Click to expand...
Click to collapse
Hmm sorrry for not clarifying that. I'm certain that I got Gingerbread source and it said to use G++ toolchain for EABI. Which is arm-2009q3-68
I made a mistake saying that It gave me an error. they were warnings. zImages were succesfully made along with other modules but it just doesn't boot.
btw, do you know how to fix bootloop when recovery can't locate cache partition and can't even factory reset?

stylemate said:
Hmm sorrry for not clarifying that. I'm certain that I got Gingerbread source and it said to use G++ toolchain for EABI. Which is arm-2009q3-68
I made a mistake saying that It gave me an error. they were warnings. zImages were succesfully made along with other modules but it just doesn't boot.
btw, do you know how to fix bootloop when recovery can't locate cache partition and can't even factory reset?
Click to expand...
Click to collapse
Do you have the initramfs packed into the rom because Samsung kernels have the initramfs inside them.
Sent from my Nexus 7 using Tapatalk HD

zaclimon said:
Do you have the initramfs packed into the rom because Samsung kernels have the initramfs inside them.
Sent from my Nexus 7 using Tapatalk HD
Click to expand...
Click to collapse
....... hmmmmmm I'm having quite hard time comprehending that....... sorry
i first extracted initramfs from zImage, (you know by using magic number like 30 37 30 37)
Then I added cwm recovery from Entropy's source.
I repacked it to modified_ramdisk.cpio
Then I tried to compile kernel by samsung's open source zip (inside there were one tar.gz for platform and another for kernel)
I used those commands at the first post, using the right toolchain that the opensource specified.
I even located my initramfs directory in the GUI section of config.
What did I do wrong?

stylemate said:
....... hmmmmmm I'm having quite hard time comprehending that....... sorry
i first extracted initramfs from zImage, (you know by using magic number like 30 37 30 37)
Then I added cwm recovery from Entropy's source.
I repacked it to modified_ramdisk.cpio
Then I tried to compile kernel by samsung's open source zip (inside there were one tar.gz for platform and another for kernel)
I used those commands at the first post, using the right toolchain that the opensource specified.
I even located my initramfs directory in the GUI section of config.
What did I do wrong?
Click to expand...
Click to collapse
Oh sorry I meant kernel instead of ROM. Hmm why don't you take an initramfs from another source or copy-paste the scripts from your device and add the cwm binaries from entropy's?
Sent from my Nexus 7 using Tapatalk HD

stylemate said:
Hmm sorrry for not clarifying that. I'm certain that I got Gingerbread source and it said to use G++ toolchain for EABI. Which is arm-2009q3-68
I made a mistake saying that It gave me an error. they were warnings. zImages were succesfully made along with other modules but it just doesn't boot.
btw, do you know how to fix bootloop when recovery can't locate cache partition and can't even factory reset?
Click to expand...
Click to collapse
stylemate said:
....... hmmmmmm I'm having quite hard time comprehending that....... sorry
i first extracted initramfs from zImage, (you know by using magic number like 30 37 30 37)
Then I added cwm recovery from Entropy's source.
I repacked it to modified_ramdisk.cpio
Then I tried to compile kernel by samsung's open source zip (inside there were one tar.gz for platform and another for kernel)
I used those commands at the first post, using the right toolchain that the opensource specified.
I even located my initramfs directory in the GUI section of config.
What did I do wrong?
Click to expand...
Click to collapse
As far as I know, you didn't do anything wrong. The issue must be somewhere in the init scripts (init.<whatever>, recovery.rc, ueventd.<whatever>). Did you copy those from Entropy's ramdisk too? Which ones?

zaclimon said:
Oh sorry I meant kernel instead of ROM. Hmm why don't you take an initramfs from another source or copy-paste the scripts from your device and add the cwm binaries from entropy's?
Sent from my Nexus 7 using Tapatalk HD
Click to expand...
Click to collapse
I think I'm the only one with korean SGP5 initramfs source.....
anyway, I had a repacking script which doesn't bother with compiling the actual kernel.
I could make a kernel with just CWM recovery and it worked.
But I figured out that I had to compile the actual kernel to add governor or OC stuff... so......

Mevordel said:
As far as I know, you didn't do anything wrong. The issue must be somewhere in the init scripts (init.<whatever>, recovery.rc, ueventd.<whatever>). Did you copy those from Entropy's ramdisk too? Which ones?
Click to expand...
Click to collapse
Ho Thanks for your suggestion. I didn't copy the actual files of those scripts, I looked at his commit and saw those lines changed when he was adding CWM. So I just added or replaced few lines at recovery.rc
Then I copied bunch of files in sbin, which seemed necessary for the recovery.
I copied the clockworkmod image file
Then finally i copied the recovery.fstab
to misc/
I edited recovery.fstab several times to get mount and storage work.
So I think initramfs itself has no problem....... It got me a working kernel with CWM recovery.
But it's the problem when I actually try to compile kernel from the scratch.....

stylemate said:
Ho Thanks for your suggestion. I didn't copy the actual files of those scripts, I looked at his commit and saw those lines changed when he was adding CWM. So I just added or replaced few lines at recovery.rc
Then I copied bunch of files in sbin, which seemed necessary for the recovery.
I copied the clockworkmod image file
Then finally i copied the recovery.fstab
to misc/
I edited recovery.fstab several times to get mount and storage work.
So I think initramfs itself has no problem....... It got me a working kernel with CWM recovery.
But it's the problem when I actually try to compile kernel from the scratch.....
Click to expand...
Click to collapse
When you were just modifying the initramfs, did it boot normally then?

Mevordel said:
When you were just modifying the initramfs, did it boot normally then?
Click to expand...
Click to collapse
yes. very smoothly
I used linaro tool chain 4.6.2 and also arm-eabi-4.7 both worked fine when i just modified the initramfs with a simple script.

stylemate said:
yes. very smoothly
I used linaro tool chain 4.6.2 and also arm-eabi-4.7 both worked fine when i just modified the initramfs with a simple script.
Click to expand...
Click to collapse
Can you boot into CWM and (using adb shell) give me the output of
Code:
cat /proc/cpuinfo
ls -la /
Thanks.

Mevordel said:
Can you boot into CWM and (using adb shell) give me the output of
Code:
cat /proc/cpuinfo
ls -la /
Thanks.
Click to expand...
Click to collapse
Sorry I couldn't do anything because my device was hard bricked and I fixed it today 0.0
Hope you are still around here.
I can't run adb shell with my newly compiled kernel
computer does not detect my device and i tried plugging it in and out several times, killing adb server each time.
interesting thing is that i can't mount USB storage, system, efs or anything else in CWM recovery.
Only cache partition is mounted which is strange. I used same initramfs source for both working kernel and newly compiled kernel,
but i don't know what happened during the compiling process.
I tried compiling with the original intiramfs folder (not modified one) and <3e> recovery also gave me numerous errors like can't mount where, where, where, where.
so there mustn't be a problem in both init.rc-like scripts and ultimately initramfs. It's probably the compiling process and how I set up the compilation.
Do i have to check all lines in venturi_kor_defconfig......?
oh btw, sdcard can be mounted with original ramdisk compiled kernel also, just checked it now.

stylemate said:
Sorry I couldn't do anything because my device was hard bricked and I fixed it today 0.0
Hope you are still around here.
I can't run adb shell with my newly compiled kernel
computer does not detect my device and i tried plugging it in and out several times, killing adb server each time.
interesting thing is that i can't mount USB storage, system, efs or anything else in CWM recovery.
Only cache partition is mounted which is strange. I used same initramfs source for both working kernel and newly compiled kernel,
but i don't know what happened during the compiling process.
I tried compiling with the original intiramfs folder (not modified one) and <3e> recovery also gave me numerous errors like can't mount where, where, where, where.
so there mustn't be a problem in both init.rc-like scripts and ultimately initramfs. It's probably the compiling process and how I set up the compilation.
Do i have to check all lines in venturi_kor_defconfig......?
oh btw, sdcard can be mounted with original ramdisk compiled kernel also, just checked it now.
Click to expand...
Click to collapse
I mean from CWM on your repacked-but-not-compiled kernel -- the one you said worked.
Also, which exactly zip did you download from Samsung's site? You don't need to go through the defconfig as long as you got the right one.
Third, please only compile with 4.4.3 or the one Samsung recommends. Anything newer will probably not work.
Fourth, as to partitions, they are all formatted to RFS, right? And can you run in CWM (where everything mounts and is mounted):
Code:
mount
fdisk -l /dev/block/mmcblk0

Mevordel said:
I mean from CWM on your repacked-but-not-compiled kernel -- the one you said worked.
Also, which exactly zip did you download from Samsung's site?
Third, please only compile with 4.4.3 or the one Samsung recommends. Anything newer will probably not work.
Click to expand...
Click to collapse
1st
Processor : ARMv7 Processor rev 2 (v7l)
BogoMIPS : 99.40
Features : swp half thumb fastmult vfp edsp thumbee neon vfpv3
CPU implementer : 0x41
CPU architecture: 7
CPU variant : 0x2
CPU part : 0xc08
CPU revision : 2
Hardware : SMDKC110
Revision : 0000
Serial : 08c5603ec1690711
-rw-r--r-- 1 system system 118 Dec 25 12:19 default.prop
drwxr-xr-x 9 root root 2840 Jan 23 01:26 dev
drwxrwxr-x 1 radio system 0 Jan 23 01:26 efs
drwxr-xr-x 2 root root 0 Jan 23 01:26 emmc
lrwxrwxrwx 1 root root 11 Jan 23 01:26 etc -> /system/etc
-rwxr-xr-x 1 system system 1876 Dec 25 12:19 fota.rc
-rwxr-xr-x 1 system system 168364 Dec 25 12:27 init
-rw-r--r-- 1 system system 1677 Dec 25 12:19 init.goldfish.rc
-rwxr-xr-x 1 system system 30941 Dec 28 08:32 init.rc
-rwxr-xr-x 1 system system 30931 Dec 25 17:46 init.rc~
-rwxr-xr-x 1 system system 4489 Dec 25 12:19 init.smdkc110.rc
drwxr-xr-x 3 system system 0 Dec 25 12:19 lib
-rwxr-xr-x 1 system system 1419 Dec 25 12:19 lpm.rc
drwx------ 2 system system 0 Dec 26 16:21 misc
drwxrwxr-x 3 root root 0 Jan 23 01:26 mnt
drwxr-xr-x 2 root root 0 Jan 23 01:26 preload
dr-xr-xr-x 60 root root 0 Jan 1 1970 proc
-rwxr-xr-x 1 system system 410344 Dec 25 12:19 recovery
-rw-r--r-- 1 system system 2182 Dec 25 12:39 recovery.rc
drwxr-xr-x 3 system system 0 Dec 25 12:40 res
drwxr-xr-x 2 system system 0 Dec 26 16:31 sbin
drwxr-xr-x 2 root root 0 Jan 23 01:26 sdcard
drwxr-xr-x 12 root root 0 Jan 23 01:26 sys
drwxr-xr-x 1 root root 0 Jan 23 01:26 system
drwxrwxrwt 2 root root 60 Jan 23 01:26 tmp
-rw-r--r-- 1 system system 0 Dec 25 12:19 ueventd.goldfish.rc
-rw-r--r-- 1 system system 4245 Dec 25 12:19 ueventd.rc
-rwxr-xr-x 1 system system 1749 Dec 25 12:19 ueventd.smdkc110.rc
drwxrwxr-x 3 system system 0 Dec 28 08:33 vendor
init.rc~ file is the autocreated backup file that i forgot to erase
2nd
I downloaded YP-GB70-WW GB Opensource.zip
3rd
Yes I've been using the right toolchain that the readme file specified.
I have tried 4.4.3 too and many other toolchains.
4th
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
it's very normal... I had to fix this part of partition cause my partition was messed up beginning from block 12 but now it's perfect.
picture stolen from Siraki......

stylemate said:
1st
Processor : ARMv7 Processor rev 2 (v7l)
BogoMIPS : 99.40
Features : swp half thumb fastmult vfp edsp thumbee neon vfpv3
CPU implementer : 0x41
CPU architecture: 7
CPU variant : 0x2
CPU part : 0xc08
CPU revision : 2
Hardware : SMDKC110
Revision : 0000
Serial : 08c5603ec1690711
-rw-r--r-- 1 system system 118 Dec 25 12:19 default.prop
drwxr-xr-x 9 root root 2840 Jan 23 01:26 dev
drwxrwxr-x 1 radio system 0 Jan 23 01:26 efs
drwxr-xr-x 2 root root 0 Jan 23 01:26 emmc
lrwxrwxrwx 1 root root 11 Jan 23 01:26 etc -> /system/etc
-rwxr-xr-x 1 system system 1876 Dec 25 12:19 fota.rc
-rwxr-xr-x 1 system system 168364 Dec 25 12:27 init
-rw-r--r-- 1 system system 1677 Dec 25 12:19 init.goldfish.rc
-rwxr-xr-x 1 system system 30941 Dec 28 08:32 init.rc
-rwxr-xr-x 1 system system 30931 Dec 25 17:46 init.rc~
-rwxr-xr-x 1 system system 4489 Dec 25 12:19 init.smdkc110.rc
drwxr-xr-x 3 system system 0 Dec 25 12:19 lib
-rwxr-xr-x 1 system system 1419 Dec 25 12:19 lpm.rc
drwx------ 2 system system 0 Dec 26 16:21 misc
drwxrwxr-x 3 root root 0 Jan 23 01:26 mnt
drwxr-xr-x 2 root root 0 Jan 23 01:26 preload
dr-xr-xr-x 60 root root 0 Jan 1 1970 proc
-rwxr-xr-x 1 system system 410344 Dec 25 12:19 recovery
-rw-r--r-- 1 system system 2182 Dec 25 12:39 recovery.rc
drwxr-xr-x 3 system system 0 Dec 25 12:40 res
drwxr-xr-x 2 system system 0 Dec 26 16:31 sbin
drwxr-xr-x 2 root root 0 Jan 23 01:26 sdcard
drwxr-xr-x 12 root root 0 Jan 23 01:26 sys
drwxr-xr-x 1 root root 0 Jan 23 01:26 system
drwxrwxrwt 2 root root 60 Jan 23 01:26 tmp
-rw-r--r-- 1 system system 0 Dec 25 12:19 ueventd.goldfish.rc
-rw-r--r-- 1 system system 4245 Dec 25 12:19 ueventd.rc
-rwxr-xr-x 1 system system 1749 Dec 25 12:19 ueventd.smdkc110.rc
drwxrwxr-x 3 system system 0 Dec 28 08:33 vendor
init.rc~ file is the autocreated backup file that i forgot to erase
2nd
I downloaded YP-GB70-WW GB Opensource.zip
3rd
Yes I've been using the right toolchain that the readme file specified.
I have tried 4.4.3 too and many other toolchains.
Click to expand...
Click to collapse
Thanks. I edited my post after you quoted it. But from what you posted, everything looks in order. (A minor OCD is that you should delete init.rc~, but it shouldn't make a difference.)
It's somewhat a hunch, but try downloading the "YP-G1 US" source and compiling it with venturi_kor_defconfig,
And I'm not sure, as I don't have any of the Korean devices, but isn't there a difference between YP-G70 and YP-GB70? If so, then venturi may not even be the right config.

Mevordel said:
Thanks. I edited my post after you quoted it. But from what you posted, everything looks in order. (A minor OCD is that you should delete init.rc~, but it shouldn't make a difference.)
It's somewhat a hunch, but try downloading the "YP-G1 US" source and compiling it with venturi_kor_defconfig,
And I'm not sure, as I don't have any of the Korean devices, but isn't there a difference between YP-G70 and YP-GB70? If so, then venturi may not even be the right config.
Click to expand...
Click to collapse
DMB function and Camera is the major and maybe the only difference. But That doesn't really matter.
As long as i get bootable kernel I will be fine with it. Haha
Thank you, I will try with YP-G70 later.

Help rooting a Coolpad Canvas 4g (locked to Cricket)/disable startup sound

I tried using kingo root, both on the phone and on the computer. I am not sure where to proceed from there. The main reason I want to root is to disable the startup sound, which does not get disabled automatically when I have my phone on mute. I tried using the sound disabler app from the play store, and it seems to not be working (the startup sound still plays).

Rooting Coolpad Canvas (Cricket)
Me too having same issue as well, tried kingoroot
And king-root some got to like 30%... need help rooting it as well.. and maybe twrp would be great
But possibly could flash twrp using the coolpad's
Note 3 twrp for it, because they both have same
Resolution and screen size i believe, so for the porting shouldn't be all that hard.. any advice
Would be great..

Coolpad Canvas Root
joshglen said:
I tried using kingo root, both on the phone and on the computer. I am not sure where to proceed from there. The main reason I want to root is to disable the startup sound, which does not get disabled automatically when I have my phone on mute. I tried using the sound disabler app from the play store, and it seems to not be working (the startup sound still plays).
Click to expand...
Click to collapse
SmartPhoneDeveloper said:
Me too having same issue as well, tried kingoroot
And king-root some got to like 30%... need help rooting it as well.. and maybe twrp would be great
But possibly could flash twrp using the coolpad's
Note 3 twrp for it, because they both have same
Resolution and screen size i believe, so for the porting shouldn't be all that hard.. any advice
Would be great..
Click to expand...
Click to collapse
I just ordered a coolpad canvas its coming on Saturday. I was able to root my last phone (Alcatel Onetouch Flint) which had no official guides on how to root it (so i made a guide). I might be able to do the same thing with this phone ill let u guys know if im able to root it when it comes.

Casey Campanile said:
I just ordered a coolpad canvas its coming on Saturday. I was able to root my last phone (Alcatel Onetouch Flint) which had no official guides on how to root it (so i made a guide). I might be able to do the same thing with this phone ill let u guys know if im able to root it when it comes.
Click to expand...
Click to collapse
Awesome!.. you won't believe how good this phone is for the price it has pretty powerful specs for the price and screen size is a whopping 5.5 inch and HD, I got mine for 49.99 when it was available at walmart luckily they had 2 left in Stock the day I went and got one.. but yeah I been trying to root it with no luck , but I'm not that good at programming when it comes to phones hopefully we can get this one rooted at least if anything .. it definitely deserves it being decently powerful phone here's the specs on it.. : https://ibb.co/ehJjtQ

Guys I was able to pull over 70% of the system files from it.. but for some reason it stops at when trying to pull WCNSS_qcom_cfg.ini file for some reason-(said permission was denied)??..hmm.., I will post pic shortly..

Any luck Casey on it?.. so far nothing working for rooting it yet you may have better luck than me..

SmartPhoneDeveloper said:
Any luck Casey on it?.. so far nothing working for rooting it yet you may have better luck than me..
Click to expand...
Click to collapse
No luck yet I tried kingroot, kingo app, towelroot, framaroot and some others nothing works. Still searching for a better method

So apparently it's harder to root nougat cuz of this new security feature. I feel like one click methods not gonna work

Well I also noticed when doing command get ver all that it said secured eMMc with the little kernel bootloader I'm sure there are ways around this but its going to require some help with someone that has higher phone developing skills than of my own of course.. also try command while connected to computer "adb pull system" without the quotes it got to 72% for me before it wouldn't write no more still have the files for system if anyone needs them for rewriting or porting in the bootloader ..
---------- Post added at 03:55 AM ---------- Previous post was at 03:43 AM ----------
Casey Campanile said:
No luck yet I tried kingroot, kingo app, towelroot, framaroot and some others nothing works. Still searching for a better method
Click to expand...
Click to collapse
Same here.. hmm , well if you or you can invite someone that maybe can port in or rewrite the little kernel bootloader to be unlocked, i have 72% of the system files.. still couldn't Figure out how to or where to extract the boot.img or recovery.img from?.. or the cache.img and the other .img files as well.. some of them or the .sh file in the system folder i extracted i believe may contain the answer?.. I'm sure for the rewriting of the bootloader but it's gonna require someone with better skills than of mine because i don't know how to rewrite little kernel bootloader image, but I'm sure for some this is a breeze though lol...
Oh almost forgot , from the building prop editor, i also managed to get the recovery key ID as well of someone knows how to port or rewrite the recovery.img, i know this will be of big help for sure this is the recovery key ID for the recovery image , i will post the pic of it shortly..

SmartPhoneDeveloper said:
Same here.. hmm , well if you or you can invite someone that maybe can port in or rewrite the little kernel bootloader to be unlocked, i have 72% of the system files.. still couldn't Figure out how to or where to extract the boot.img or recovery.img from?.. or the cache.img and the other .img files as well.. some of them or the .sh file in the system folder i extracted i believe may contain the answer?.. I'm sure for the rewriting of the bootloader but it's gonna require someone with better skills than of mine because i don't know how to rewrite little kernel bootloader image, but I'm sure for some this is a breeze though lol...
Click to expand...
Click to collapse
The mount points for where to pull the .img files from can't you find them by running cat /proc/mounts? These are the locations I got:

Interesting... so with these mount points I'm assuming we should be able to do something I'm sure of it considering the zte zmax pro which also is qualcomm snapdragon processor and also utilizing same procedure of sorts and they managed to make twrp for it and also root so I'm sure same here ...which they some how put it into diagnostic mode or called **DFU mode and it allowed them to flash after mounting points was made with Linux OS
---------- Post added at 02:13 AM ---------- Previous post was at 02:11 AM ----------
Also we you could possibly use also called QPST tool for Windows allows flashing of qualcomm processors as well ...

SmartPhoneDeveloper said:
Interesting... so with these mount points I'm assuming we should be able to do something I'm sure of it considering the zte zmax pro which also is qualcomm snapdragon processor and also utilizing same procedure of sorts and they managed to make twrp for it and also root so I'm sure same here ...which they some how put it into diagnostic mode or called **DFU mode and it allowed them to flash after mounting points was made with Linux OS
---------- Post added at 02:13 AM ---------- Previous post was at 02:11 AM ----------
Also we you could possibly use also called QPST tool for Windows allows flashing of qualcomm processors as well ...
Click to expand...
Click to collapse
Managed to get exact locations of each partition by running cat /proc/partitions and then running df to convert them into the common names. Here's what I got:
cp3636a:/ $ cat /proc/partitions
major minor #blocks name
254 0 524288 zram0
179 0 15267840 mmcblk0
179 1 102400 mmcblk0p1
179 2 1 mmcblk0p2
179 3 8 mmcblk0p3
179 4 512 mmcblk0p4
179 5 512 mmcblk0p5
179 6 512 mmcblk0p6
179 7 512 mmcblk0p7
179 8 2048 mmcblk0p8
179 9 2048 mmcblk0p9
179 10 256 mmcblk0p10
179 11 256 mmcblk0p11
179 12 16384 mmcblk0p12
179 13 2048 mmcblk0p13
179 14 2048 mmcblk0p14
179 15 32 mmcblk0p15
179 16 2048 mmcblk0p16
179 17 16 mmcblk0p17
179 18 4096 mmcblk0p18
179 19 20480 mmcblk0p19
179 20 65536 mmcblk0p20
179 21 3072 mmcblk0p21
179 22 3072 mmcblk0p22
179 23 65536 mmcblk0p23
179 24 65536 mmcblk0p24
179 25 1024 mmcblk0p25
179 26 262144 mmcblk0p26
179 27 32768 mmcblk0p27
179 28 1024 mmcblk0p28
179 29 512 mmcblk0p29
179 30 32 mmcblk0p30
179 31 65536 mmcblk0p31
259 0 32 mmcblk0p32
259 1 1024 mmcblk0p33
259 2 1024 mmcblk0p34
259 3 32768 mmcblk0p35
259 4 512 mmcblk0p36
259 5 4096 mmcblk0p37
259 6 384 mmcblk0p38
259 7 384 mmcblk0p39
259 8 384 mmcblk0p40
259 9 384 mmcblk0p41
259 10 256 mmcblk0p42
259 11 256 mmcblk0p43
259 12 256 mmcblk0p44
259 13 256 mmcblk0p45
259 14 8 mmcblk0p46
259 15 65536 mmcblk0p47
259 16 2928640 mmcblk0p48
259 17 10876911 mmcblk0p49
179 32 4096 mmcblk0rpmb
179 64 7761920 mmcblk1
179 65 16384 mmcblk1p1
179 66 7744495 mmcblk1p2
253 0 2882924 dm-0
253 1 10876895 dm-1
253 2 7744495 dm-2
cp3636a:/ $ df
Filesystem 1K-blocks Used Available Use% Mounted on
rootfs 866276 5212 861064 1% /
tmpfs 947448 616 946832 1% /dev
tmpfs 947448 0 947448 0% /mnt
/dev/block/dm-2 7622740 879764 6726592 12% /mnt/expand/ad6a771b-2b4f-4d99-8f6d-640bb1ebd212
/dev/block/dm-0 2792600 2109896 666320 76% /system
/dev/block/bootdevice/by-name/cache 253920 368 248312 1% /cache
/dev/block/bootdevice/by-name/dsp 12016 5052 6640 44% /dsp
/dev/block/bootdevice/by-name/modem 102352 69776 32576 69% /firmware
/dev/block/dm-1 10574084 4527048 6030652 43% /data
/dev/fuse 7622740 879764 6726592 12% /storage/emulated
cp3636a:/ $
---------- Post added at 04:54 PM ---------- Previous post was at 04:50 PM ----------
SmartPhoneDeveloper said:
Interesting... so with these mount points I'm assuming we should be able to do something I'm sure of it considering the zte zmax pro which also is qualcomm snapdragon processor and also utilizing same procedure of sorts and they managed to make twrp for it and also root so I'm sure same here ...which they some how put it into diagnostic mode or called **DFU mode and it allowed them to flash after mounting points was made with Linux OS
---------- Post added at 02:13 AM ---------- Previous post was at 02:11 AM ----------
Also we you could possibly use also called QPST tool for Windows allows flashing of qualcomm processors as well ...
Click to expand...
Click to collapse
So using the location I tried to use the dd command to pull system.img but it said permission denied looks like it requires root:
dd if=/dev/block/dm-0 of=/storage/emulated/0/system.img
dd: /dev/block/dm-0: Permission denied
1|cp3636a:/ $

Don't know a whole lot about development but I'm pretty comfortable with using the Android back end and I'd be willing to help any way I can if there's something I can do or provide. This is such a neat little phone and I think it has a lot of potential.

Picked a canvas up on sale at bestbuy as a back up.. I must say its a nice phone for the money...
Now I just have to wait for coolpad- cricket to release unlock codes so I can use overseas travel.

Try this root
joshglen said:
I tried using kingo root, both on the phone and on the computer. I am not sure where to proceed from there. The main reason I want to root is to disable the startup sound, which does not get disabled automatically when I have my phone on mute. I tried using the sound disabler app from the play store, and it seems to not be working (the startup sound still plays).
Click to expand...
Click to collapse
Hi bro.. Try this root.. I tried in my coolpad canvas cricket but this root is only temporary because I have not found twrp to install super us..
https://forum.xda-developers.com/android/development/guide-to-root-coolpad-note-5-flashing-t3637644

Carzacamil said:
Hi bro.. Try this root.. I tried in my coolpad canvas cricket but this root is only temporary because I have not found twrp to install super us..
https://forum.xda-developers.com/android/development/guide-to-root-coolpad-note-5-flashing-t3637644
Click to expand...
Click to collapse
Here is a link to a TWRP build for the Redmi 4a, same exact internals as our phone. I mean the phones are exact all the way across the board. The best thing to do is to fastboot boot the .img first to see if it works 100%, and being on Nougat flash su systemless root. If it boots to TWRP from fastboot and you can flash su than we should be able to permanently flash TWRP from there. https://forum.xda-developers.com/android/development/recovery-twrp-3-1-0-0-xiaomi-redmi-4a-t3576024

zMILWAUKEE said:
Here is a link to a TWRP build for the Redmi 4a, same exact internals as our phone. I mean the phones are exact all the way across the board. The best thing to do is to fastboot boot the .img first to see if it works 100%, and being on Nougat flash su systemless root. If it boots to TWRP from fastboot and you can flash su than we should be able to permanently flash TWRP from there. https://forum.xda-developers.com/android/development/recovery-twrp-3-1-0-0-xiaomi-redmi-4a-t3576024
Click to expand...
Click to collapse
i tried it but my cellphone is bootloop .. when i do fastboot it says:
Now send the package you want to apply
to the device with "adb sideload <filename>". . .
Finding update package. . .
opening update package. . .
Verifing update package. . .
E:failed to verify whole-file signature
Update package verification took 0.7 s (result 1)
E:signature verification failed
Installation aborted.

Carzacamil said:
i tried it but my cellphone is bootloop .. when i do fastboot it says:
Now send the package you want to apply
to the device with "adb sideload <filename>". . .
Finding update package. . .
opening update package. . .
Verifing update package. . .
E:failed to verify whole-file signature
Update package verification took 0.7 s (result 1)
E:signature verification failed
Installation aborted.
Click to expand...
Click to collapse
From what you're describing it sounds like you didn't do it correctly. In the bootloader it should never ask you to sideload anything. The correct steps are, with the phone on and adb debugging enabled, adb devices, should show your connected to your phone, next adb reboot bootloader, phone will restart into a download type screen, next step, on PC type fastboot devices to see if the PC and phone are communicating correctly, next is to type fastboot boot recovery.img, if it boots into the TWRP we're good, sorry but I don't have a PC up and running right now. So all I can do is suggest and hope you guys can get it running.

Anyone check into this and the comment that's on it, don't know if it will help, but just maybe.
https://mobile.twitter.com/srsroot/status/871056445315452933?lang=en

meatball702 said:
Anyone check into this and the comment that's on it, don't know if it will help, but just maybe.
https://mobile.twitter.com/srsroot/status/871056445315452933?lang=en
Click to expand...
Click to collapse
Don't do it, it's bull crap nothing but viruses. That srs spam link says they can root all phones, well if they could more devs on XDA would push it, but no it's a load of b.s.

Working kdz extractor for V30

Hello,
is there any working linux script for extracting v30 kdz firmware and dz files?
Big thanks for help

H930g - lgv30 - kdz extract - linux
djsven said:
Hello,
is there any working linux script for extracting v30 kdz firmware and dz files?
Big thanks for help
Click to expand...
Click to collapse
Yes sir , I have found one
https://github.com/ehem/kdztools
Here are the output from my first test:
[email protected]:~/Android/kdztools-master$ ./unkdz -f H93011m_00_OPEN_EU_OP_1229.kdz -l
[!] Warning: Data between headers and payload! (offsets 826 to 83768)
[+] KDZ Partition List (format v2)
=========================================
0 : H93011m_00.dz (3563995785 bytes)
1 : LGUP_c.dll (3079120 bytes)
2 : LGUP_c.dylib (1229456 bytes)
[email protected]:~/Android/kdztools-master$ ./unkdz -f H93011m_00_OPEN_EU_OP_1229.kdz -x
[!] Warning: Data between headers and payload! (offsets 826 to 83768)
[+] Extracting all partitions from v2 file!
[+] Extracting H93011m_00.dz to kdzextracted/H93011m_00.dz
[+] Extracting LGUP_c.dll to kdzextracted/LGUP_c.dll
[+] Extracting LGUP_c.dylib to kdzextracted/LGUP_c.dylib
[+] Extracting extra data to kdzextracted/kdz_extras.bin
So far this is the only steps I have tried, I will give a later try to extract the whole DZ file
For your information I m running Ubuntu 16.04 LTS
I wish you good luck
Edit : Unfortunately I got this error when I try to list the DZ file
[email protected]:~/Android/kdztools-master$ ./undz -f H93011m_00.dz -l
[!] Error: Value supposed to be zero in field "reserved5" is non-zero (0x5900)
Sorry For this deception, maybe you know what this error is meaning ?

The format changed slightly, but the extraction still works. I didn't feel like figuring out what the data in the reserved field is for, so just comment out the two sys.exit(1).
You can use this patch...
Code:
diff --git a/undz.py b/undz.py
index 1078248..aa386a0 100755
--- a/undz.py
+++ b/undz.py
@@ -74,7 +74,7 @@ class UNDZUtils(object):
dz_item[key] = dz_item[key].rstrip(b'\x00')
if b'\x00' in dz_item[key]:
print("[!] Error: extraneous data found IN "+key, file=sys.stderr)
- sys.exit(1)
+ #sys.exit(1)
elif type(dz_item[key]) is int:
if dz_item[key] != 0:
print('[!] Error: Value supposed to be zero in field "'+key+'" is non-zero ('+hex(dz_item[key])+')', file=sys.stderr)
@@ -86,7 +86,7 @@ class UNDZUtils(object):
# To my knowledge this is supposed to be blank (for now...)
if len(dz_item['pad']) != 0:
print("[!] Error: pad is not empty", file=sys.stderr)
- sys.exit(1)
+ #sys.exit(1)
return dz_item
@@ -195,7 +195,7 @@ class UNDZChunk(dz.DZChunk, UNDZUtils):
zdata = self.dz.dzfile.read(self.dataSize)
# Decompress the data
- buf = zlib.decompress(zdata)
+ buf = zlib.decompress(zdata)
crc = crc32(buf) & 0xFFFFFFFF
-- Brian

runningnak3d said:
The format changed slightly, but the extraction still works. I didn't feel like figuring out what the data in the reserved field is for, so just comment out the two sys.exit(1).
You can use this patch...
Code:
diff --git a/undz.py b/undz.py
index 1078248..aa386a0 100755
--- a/undz.py
+++ b/undz.py
@@ -74,7 +74,7 @@ class UNDZUtils(object):
dz_item[key] = dz_item[key].rstrip(b'\x00')
if b'\x00' in dz_item[key]:
print("[!] Error: extraneous data found IN "+key, file=sys.stderr)
- sys.exit(1)
+ #sys.exit(1)
elif type(dz_item[key]) is int:
if dz_item[key] != 0:
print('[!] Error: Value supposed to be zero in field "'+key+'" is non-zero ('+hex(dz_item[key])+')', file=sys.stderr)
@@ -86,7 +86,7 @@ class UNDZUtils(object):
# To my knowledge this is supposed to be blank (for now...)
if len(dz_item['pad']) != 0:
print("[!] Error: pad is not empty", file=sys.stderr)
- sys.exit(1)
+ #sys.exit(1)
return dz_item
@@ -195,7 +195,7 @@ class UNDZChunk(dz.DZChunk, UNDZUtils):
zdata = self.dz.dzfile.read(self.dataSize)
# Decompress the data
- buf = zlib.decompress(zdata)
+ buf = zlib.decompress(zdata)
crc = crc32(buf) & 0xFFFFFFFF
-- Brian
Click to expand...
Click to collapse
hey , this doesnt work at all, its still showing the same error as before , im trying to extract G7 ThinQ kdz
[email protected]:~/kdztools-master$ ./undz.py -x -f G71010b_00.dz
[!] Error: Value supposed to be zero in field "reserved5" is non-zero (0x5900)
[email protected]:~/kdztools-master$
Click to expand...
Click to collapse

This was a quick hack to get V30 Nougat KDZs to extract. V30 Oreo KDZs require additional work, and I haven't even looked at G7 KDZs yet.
-- Brian

Encounter the same issue, patched the sys.exit() calls and flipped this line to avoid the error with reserved5:
('reserved5', ('I', False)), # currently always zero
But still errors. Further info at: hxxxs://github.com/ehem/kdztools/issues/16#issuecomment-435356938

SALT works perfectly fine with V30 oreo kdzs, doesnt work though with G7/V40 kdzs ?
i mean... SALT actually can do way more than just extracting kdzs ... but thats the only use i have for it atm

SGCMarkus said:
SALT works perfectly fine with V30 oreo kdzs, doesnt work though with G7/V40 kdzs ?
i mean... SALT actually can do way more than just extracting kdzs ... but thats the only use i have for it atm
Click to expand...
Click to collapse
Managed to unpack a modem partition LG changed the compression algorithm from zlib to zstd on LG V40 kdzs

SGCMarkus said:
SALT works perfectly fine with V30 oreo kdzs, doesnt work though with G7/V40 kdzs ?
i mean... SALT actually can do way more than just extracting kdzs ... but thats the only use i have for it atm
Click to expand...
Click to collapse
Thank you very much for posting this.
It turns out I had a corrupt download of the H932 20o KDZ and no -- LG hasn't made any additional changes to the KDZ format.
When I saw that SALT was working for you, then I knew my extractor should work as well and that lead me to start looking elsewhere.
-- Brian

BINGO! LGV40 unpacked!
Code:
[20:10 [email protected] dzextracted] > sudo mount -t ext4 vendor_a.image /media/edu/ext4_tmp
[sudo] password for edu:
[20:10 [email protected] dzextracted] > cd /media/edu/ext4_tmp
[20:10 [email protected] ext4_tmp] > ll
total 220K
drwxr-xr-x. 10 root 2000 4.0K Dec 31 2008 app
drwxr-xr-x. 6 root 2000 8.0K Dec 31 2008 bin
drwxr-xr-x. 2 root 2000 4.0K Dec 31 2008 carrier
drwxr-xr-x. 2 root 2000 4.0K Dec 31 2008 dsp
drwxr-xr-x. 2 root 2000 4.0K Dec 31 2008 els
drwxr-xr-x. 2 root 2000 4.0K Dec 31 2008 eri
drwxr-xr-x. 23 root 2000 4.0K Dec 31 2008 etc
drwxr-xr-x. 2 root 2000 4.0K Dec 31 2008 ffu
drwxr-xr-x. 3 root 2000 4.0K Dec 31 2008 firmware
drwxr-xr-x. 2 root 2000 4.0K Dec 31 2008 fota
drwxr-xr-x. 2 root 2000 4.0K Dec 31 2008 framework
drwxr-xr-x. 11 root 2000 16K Dec 31 2008 lib
drwxr-xr-x. 9 root 2000 16K Dec 31 2008 lib64
drwx------. 2 root root 16K Dec 31 2008 lost+found
drwxr-xr-x. 2 root 2000 4.0K Dec 31 2008 media
drwxr-xr-x. 2 root 2000 4.0K Dec 31 2008 mpt
drwxr-xr-x. 83 root 2000 4.0K Dec 31 2008 overlay
drwxr-xr-x. 3 root 2000 4.0K Dec 31 2008 package
drwxr-xr-x. 3 root 2000 4.0K Dec 31 2008 persdata
drwxr-xr-x. 2 root 2000 4.0K Dec 31 2008 persist-lg
drwxr-xr-x. 2 root 2000 4.0K Dec 31 2008 power
drwxr-xr-x. 3 root 2000 4.0K Dec 31 2008 priv-app
drwxr-xr-x. 3 root 2000 4.0K Dec 31 2008 radio
drwxr-xr-x. 5 root 2000 4.0K Dec 31 2008 rfs
drwxr-xr-x. 2 root 2000 4.0K Dec 31 2008 sns
drwxr-xr-x. 2 root 2000 4.0K Dec 31 2008 srtc
drwxr-xr-x. 3 root 2000 4.0K Dec 31 2008 vzw
-rw-------. 1 root root 8.8K Dec 31 2008 build.prop
-rw-r--r--. 1 root root 1.9K Dec 31 2008 compatibility_matrix.xml
-rw-------. 1 root root 684 Dec 31 2008 default.prop
lrw-r--r--. 1 root root 12 Dec 31 2008 factory_data -> /system/data
lrw-r--r--. 1 root root 19 Dec 31 2008 factory_etc -> /system/factory_etc
lrw-r--r--. 1 root root 19 Dec 31 2008 factory_lib -> /system/factory_lib
lrw-r--r--. 1 root root 21 Dec 31 2008 factory_lib64 -> /system/factory_lib64
-rw-r--r--. 1 root root 36K Dec 31 2008 manifest.xml
-rw-r--r--. 1 root root 16K Dec 31 2008 ueventd.rc

runningnak3d said:
Thank you very much for posting this.
It turns out I had a corrupt download of the H932 20o KDZ and no -- LG hasn't made any additional changes to the KDZ format.
When I saw that SALT was working for you, then I knew my extractor should work as well and that lead me to start looking elsewhere.
-- Brian
Click to expand...
Click to collapse
I PM you with the URL. I guess you don't need it but figured you would want an official link from LG Bridge.
Sent from my LG-H932 using XDA Labs

eduuk said:
Managed to unpack a modem partition LG changed the compression algorithm from zlib to zstd on LG V40 kdzs
Click to expand...
Click to collapse
Hello eduuk,
What did you do to get V40 to unpack? I have a feeling it could work for the LG G7. Thanks for any help.

Dvalin21 said:
Hello eduuk,
What did you do to get V40 to unpack? I have a feeling it could work for the LG G7. Thanks for any help.
Click to expand...
Click to collapse
I am also unable to get a useful unpack of a G7 or V40 KDZ.
@eduuk You don't even need to share your code, but if you could just point out the differences between the V30 and V40 KDZ format it would be appreciated.
-- Brian

@eduuk i got passed the reserved5 but now i get this error: [!] Error: extraneous data found IN pad
Also, if you can provide help with changing the compression algorithm from zlib to zstd i would appreciate it.

Dvalin21 said:
@eduuk i got passed the reserved5 but now i get this error: [!] Error: extraneous data found IN pad
Also, if you can provide help with changing the compression algorithm from zlib to zstd i would appreciate it.
Click to expand...
Click to collapse
I hate doing work that someone else has already done -- it is just a waste of time, but since it seems that he isn't willing to share the changes, I am spending the day mapping out the structure of the G7 / V40 KDZ format, and updating the extractor so that it can deal with the new version.
As soon as I have it functional, I will post a link to the repo.
-- Brian

runningnak3d said:
I hate doing work that someone else has already done -- it is just a waste of time, but since it seems that he isn't willing to share the changes, I am spending the day mapping out the structure of the G7 / V40 KDZ format, and updating the extractor so that it can deal with the new version.
As soon as I have it functional, I will post a link to the repo.
-- Brian
Click to expand...
Click to collapse
You rock sir, thank you

Dvalin21 said:
You rock sir, thank you
Click to expand...
Click to collapse
Well, that was more of a pain in the butt than it needed to be, but repo is incoming once I clean up some of my debug code:
Code:
[swango:~/dev/kdztools/kdzextracted] master(+11/-8)* ± ../undz2.py -f G71010f_00.dz -l
[+] DZ Partition List
=========================================
0/ 0 : PrimaryGPT_0.bin (1363 bytes)
0/ 1 : PrimaryGPT_0.bin (277 bytes)
0/ 2 : PrimaryGPT_0.bin (277 bytes)
0/ 3 : PrimaryGPT_0.bin (335 bytes)
0/ 4 : PrimaryGPT_0.bin (2355 bytes)
0/ 5 : PrimaryGPT_0.bin (404 bytes)
0/ 6 : PrimaryGPT_0.bin (213 bytes)
1/?? : mpt (<empty>)
2/?? : drm (<empty>)
3/?? : sns (<empty>)
4/?? : ssd (<empty>)
5/ 7 : persist_13446.bin (743 bytes)
6/?? : misc (<empty>)
7/ 8 : ftm_21894.bin (75 bytes)
8/?? : power (<empty>)
9/?? : encrypt (<empty>)
10/?? : eksst (<empty>)
11/?? : rct (<empty>)
12/?? : fota (<empty>)
13/?? : srtc (<empty>)
14/?? : pstore (<empty>)
15/?? : els (<empty>)
16/?? : carrier (<empty>)
17/?? : persdata (<empty>)
18/ 9 : oem_a_77574.bin (738 bytes)
<snip>
and
Code:
θ78° [swango:~/dev/kdztools/kdzextracted] master(+11/-8)* 3s ± ../undz2.py -f G71010f_00.dz -s 20
[+] Extracting single slice^Wpartition!
[+] Extracting vendor_a_81670.bin to vendor_a.image
[+] Extracting vendor_a_114503.bin to vendor_a.image
[+] Extracting vendor_a_147206.bin to vendor_a.image
[+] Extracting vendor_a_147701.bin to vendor_a.image
<snip>
[swango:~/dev/kdztools/kdzextracted] master(+11/-8)* 130 ± cd dzextracted/
[swango:~/dev … ols/kdzextracted/dzextracted] master(+11/-8)* ± mkdir mnt
[swango:~/dev … ols/kdzextracted/dzextracted] master(+11/-8)* ± sudo mount vendor_a.image ./mnt
[swango:~/dev … ols/kdzextracted/dzextracted] master(+11/-8)* ± cd mnt
[swango:~/dev … kdzextracted/dzextracted/mnt] $ ls -al
total 208
drwxr-xr-x 27 root root 4096 Dec 31 1969 .
drwxr-xr-x 3 swango swango 4096 Dec 15 10:29 ..
drwxr-xr-x 8 root 2000 4096 Dec 31 2008 app
drwxr-xr-x 6 root 2000 8192 Dec 31 2008 bin
-rw------- 1 root root 8664 Dec 31 2008 build.prop
drwxr-xr-x 2 root 2000 4096 Dec 31 2008 carrier
<snip>
The quick and dirty is that the header changed -- which is why there was data in the pad (that is the zero padding at the end of the header to make it 512 bytes) -- so I defined those, and they also changed the compression from zlib to zstandard (you need version 0.9 or greater) NOT zstd.
Lastly, when the compress, they don't include the size in the zstandard header, so I just picked a value that was big enough to decompress the largest partition.
Again, I have a lot of cleanup to do, and then I will commit this. Eventually I will make it so you can pass something like --zlib or --zst so that one file can be used to extract both old and new format KDZs, but for now there is undz2.py
-- Brian

OK - thread and link are here.
Please let me know if you come across any KDZs that you can't extract, but please post the errors in that thread.
-- Brian

Dvalin21 said:
Hello eduuk,
What did you do to get V40 to unpack? I have a feeling it could work for the LG G7. Thanks for any help.
Click to expand...
Click to collapse
runningnak3d said:
OK - thread and link are here.
Please let me know if you come across any KDZs that you can't extract, but please post the errors in that thread.
-- Brian
Click to expand...
Click to collapse
hey guys,
sorry but I didnt get the time to answer you. Took me an entire day to patch the python code. It's so so ugly code, so I would prefer not share it if anyone can code it better than me
There was a guy who was sending me private messages to do the same as me, and he got it too. The only thing to do is to change the algorithm and patch out asserts and other checks.
Please let me know if you can do it without my ugly code. Otherwise, I will share it of course.
---------- Post added at 12:54 AM ---------- Previous post was at 12:51 AM ----------
runningnak3d said:
Well, that was more of a pain in the butt than it needed to be, but repo is incoming once I clean up some of my debug code:
Code:
[swango:~/dev/kdztools/kdzextracted] master(+11/-8)* ± ../undz2.py -f G71010f_00.dz -l
[+] DZ Partition List
=========================================
0/ 0 : PrimaryGPT_0.bin (1363 bytes)
0/ 1 : PrimaryGPT_0.bin (277 bytes)
0/ 2 : PrimaryGPT_0.bin (277 bytes)
0/ 3 : PrimaryGPT_0.bin (335 bytes)
0/ 4 : PrimaryGPT_0.bin (2355 bytes)
0/ 5 : PrimaryGPT_0.bin (404 bytes)
0/ 6 : PrimaryGPT_0.bin (213 bytes)
1/?? : mpt (<empty>)
2/?? : drm (<empty>)
3/?? : sns (<empty>)
4/?? : ssd (<empty>)
5/ 7 : persist_13446.bin (743 bytes)
6/?? : misc (<empty>)
7/ 8 : ftm_21894.bin (75 bytes)
8/?? : power (<empty>)
9/?? : encrypt (<empty>)
10/?? : eksst (<empty>)
11/?? : rct (<empty>)
12/?? : fota (<empty>)
13/?? : srtc (<empty>)
14/?? : pstore (<empty>)
15/?? : els (<empty>)
16/?? : carrier (<empty>)
17/?? : persdata (<empty>)
18/ 9 : oem_a_77574.bin (738 bytes)
<snip>
and
Code:
θ78° [swango:~/dev/kdztools/kdzextracted] master(+11/-8)* 3s ± ../undz2.py -f G71010f_00.dz -s 20
[+] Extracting single slice^Wpartition!
[+] Extracting vendor_a_81670.bin to vendor_a.image
[+] Extracting vendor_a_114503.bin to vendor_a.image
[+] Extracting vendor_a_147206.bin to vendor_a.image
[+] Extracting vendor_a_147701.bin to vendor_a.image
<snip>
[swango:~/dev/kdztools/kdzextracted] master(+11/-8)* 130 ± cd dzextracted/
[swango:~/dev … ols/kdzextracted/dzextracted] master(+11/-8)* ± mkdir mnt
[swango:~/dev … ols/kdzextracted/dzextracted] master(+11/-8)* ± sudo mount vendor_a.image ./mnt
[swango:~/dev … ols/kdzextracted/dzextracted] master(+11/-8)* ± cd mnt
[swango:~/dev … kdzextracted/dzextracted/mnt] $ ls -al
total 208
drwxr-xr-x 27 root root 4096 Dec 31 1969 .
drwxr-xr-x 3 swango swango 4096 Dec 15 10:29 ..
drwxr-xr-x 8 root 2000 4096 Dec 31 2008 app
drwxr-xr-x 6 root 2000 8192 Dec 31 2008 bin
-rw------- 1 root root 8664 Dec 31 2008 build.prop
drwxr-xr-x 2 root 2000 4096 Dec 31 2008 carrier
<snip>
The quick and dirty is that the header changed -- which is why there was data in the pad (that is the zero padding at the end of the header to make it 512 bytes) -- so I defined those, and they also changed the compression from zlib to zstandard (you need version 0.9 or greater) NOT zstd.
Lastly, when the compress, they don't include the size in the zstandard header, so I just picked a value that was big enough to decompress the largest partition.
Again, I have a lot of cleanup to do, and then I will commit this. Eventually I will make it so you can pass something like --zlib or --zst so that one file can be used to extract both old and new format KDZs, but for now there is undz2.py
-- Brian
Click to expand...
Click to collapse
Yeah 0x200 bytes of header, i removed that first with dd and then I coded in python changing offsets. Sorry but I dont have the time of coding this properly.
---------- Post added at 12:59 AM ---------- Previous post was at 12:54 AM ----------
eduuk said:
hey guys,
sorry but I didnt get the time to answer you. Took me an entire day to patch the python code. It's so so ugly code, so I would prefer not share it if anyone can code it better than me
There was a guy who was sending me private messages to do the same as me, and he got it too. The only thing to do is to change the algorithm and patch out asserts and other checks.
Please let me know if you can do it without my ugly code. Otherwise, I will share it of course.
---------- Post added at 12:54 AM ---------- Previous post was at 12:51 AM ----------
Yeah 0x200 bytes of header, i removed that first with dd and then I coded in python changing offsets. Sorry but I dont have the time of coding this properly.
Click to expand...
Click to collapse
The best way is to do a pull request at the main repo https://github.com/ehem/kdztools
---------- Post added at 01:00 AM ---------- Previous post was at 12:59 AM ----------
runningnak3d said:
I hate doing work that someone else has already done -- it is just a waste of time, but since it seems that he isn't willing to share the changes, I am spending the day mapping out the structure of the G7 / V40 KDZ format, and updating the extractor so that it can deal with the new version.
As soon as I have it functional, I will post a link to the repo.
-- Brian
Click to expand...
Click to collapse
Dude, did you read this by any chance? https://github.com/ehem/kdztools/issues
Cheers mate

Thanks for the answer @eduuk, however Brian did a kdztool working that I was able to fully extract all the image files for the G710TM10n firmware for T-Mobile. Still with that said we still appreciate all your work!