Related
Hello.
I used the ubuntu restore from AdamOutler. It worked like a charm to restore my borked Nook tablet. But for what ever reason it picked up a serial number that doesnt match the one that is registered to me and my tablet. Is there a adb command or something along those lines that i can restore my serial with? I changed the serials via root explorer but it always defaults back to the wrong serial. I know it must be something I did along the line of trying to fix it but it bothers me it doesnt match to my account. It wont let me register it again. Thank you for any help...
markbird1 said:
Hello.
I used the ubuntu restore from AdamOutler. It worked like a charm to restore my borked Nook tablet. But for what ever reason it picked up a serial number that doesnt match the one that is registered to me and my tablet. Is there a adb command or something along those lines that i can restore my serial with? I changed the serials via root explorer but it always defaults back to the wrong serial. I know it must be something I did along the line of trying to fix it but it bothers me it doesnt match to my account. It wont let me register it again. Thank you for any help...
Click to expand...
Click to collapse
Since no one has answered I'll give it a try. The place I find the serial number is
/rom/devconf/SerialNumber it is 16 bytes and permissions are r--r----- or
440. Since you didn't say where you were making the change this may not help.
also for info you will find /system/xbin/setserial hope this limited info may help.
Good luck!
Forgot something. I believe you can register multiple devices with google and use the same account. Mine is registered two different ways. I am registered as
Bn Nook Tablet
and
Barnes&Noble BNTV250
both are the same unit just different builds.
I'm glad im not the only one that this happen to there nook.
i sent Adam a PM last week about it and he told me that he will be making an app for that so let's hope he didn't forget.
In the mean time any help will be greatly appreciated.
Hello again,
I found two places where the serial is stored both in the rom folder. One is the "Serialnumber" file and the other is label "deviceID". Changing both will not outlast a system reset. There must be a hidden backup file where this number is stored also.
markbird1 said:
Hello again,
I found two places where the serial is stored both in the rom folder. One is the "Serialnumber" file and the other is label "deviceID". Changing both will not outlast a system reset. There must be a hidden backup file where this number is stored also.
Click to expand...
Click to collapse
Interesting!
serial number change
The same thing happened to me. Please prod Adam to make that app or post any other solution that is found!
no news yet =/
Any solution yet ??
sailerph said:
Any solution yet ??
Click to expand...
Click to collapse
Try this link.
http://forum.xda-developers.com/showthread.php?t=1610069&highlight=serial
Good Luck!
tobdaryl said:
Try this link.
http://forum.xda-developers.com/showthread.php?t=1610069&highlight=serial
Good Luck!
Click to expand...
Click to collapse
I tried this method, but for some reason, I kept getting errors when trying to write from the unmounted SD card with DD, and, when trying with the device mounted, it would continue to write the .img file, (3-4 gig before I realized why it was taking so long.)
However, once I had the "ROM" sd card, and modified the files as necessary, I booted a CM7 SD card with my nook, installed one of the many "Root" filesystem managers, and replaced the edited DeviceID and SerialNumber files on my Nook's internal ROM.
This worked -- to an extent. B&N's default software now shows my proper Serial #, however, my B&N will still not pass registration.
I'm thinking that perhaps there's something more to the registration process, MAC address perhaps?
((UPDATE))
So, I took the plunge, cracked open the back of the nook, and found the MAC address on a sticker inside, handy that, eh?
However - This still will not pass B&N registration, so there's something that I've managed to mess up beyond that. I'm guessing this particular NT will never be able to use stock ROM's again. Oh, well, not a huge loss IMHO.
((END UPDATE))
I'm probably not going to poke at it further, as I dont acutally plan on using B&N's default software, I purchased my NT with the express intention of rooting. My only worry is warranty, however, I purchased the Best Buy "Accidental Damage" warrenty, so, if it does break. I just need to "drop" it so the screen cracks! LOL!
Nook Tablet Serial Number Restore & MAC Address restore
Thanks to all for the help with repartitioning/rebuilding Nook Tablet. Here's my input to help others on their way.
Serial Number and MAC Address restore.
You will need to install a hex editor to your laptop - one like "Free Hex Editor Neo".
We will find every instance of the serial Number and of the Mac Address in Partition 5 and change them to the correct values.
This also will automatically correct the DeviceID.
Write down your incorrect values and your correct values for Serial Number and MAC Address
Now we will modify an existing rom image for Partition 5
-if you have an existing image for Partition 5 in your laptop make a copy of it and put it in C:/download.
. -skip to step 9
-otherwise do the following:
Get the image for partition 5 from your Nook Tablet and copy it to your laptop.
1. adb shell
2. ~# mount sdcard
3. ~# dd if=/dev/block/mmcblk0p5 of=/sdcard/blk/mmcblk0p5.img
..-this copied the rom image to the sd card. It is about 48MB.
4. ~# exit
5. cd /
6. adb pull /sdcard/blk/mmcblk0p5.img /download/mmcblk0p5.img
..-this copies the image file from the SD card to your laptop. Places it in the C:/download subdirectory.
7. adb shell
8. rm /sdcard/blk/mmcblk0p5.img
..-this deletes the image file from the SD card
Edit the image file
9. Open Free Hex Editor Neo
.......-file, open file, C:\download\mmcblk0p5.img
10. Search for the old incorrect value for the serial number
11. click on the right side of the hex editor (on the ansi script)
.......-do a replace
...............-type in correct serial number
...............-replace every instance of the serial number in the file
12. Do the same operation to find/replace the MAC address
13. save the file. remove the “.img” file extension from it.
14. put it on the sd card in the root directory (either push it or place the SD card in your laptop)
15. adb shell
16. ~# mount sdcard
17. ~# dd if=/sdcard/mmcblk0p5 of=/dev/block/mmcblk0p5
18. ~# exit
19. remove sdcard, reboot internal.
Cheers.
markbird1 said:
Hello.
I used the ubuntu restore from AdamOutler. It worked like a charm to restore my borked Nook tablet. But for what ever reason it picked up a serial number that doesnt match the one that is registered to me and my tablet. Is there a adb command or something along those lines that i can restore my serial with? I changed the serials via root explorer but it always defaults back to the wrong serial. I know it must be something I did along the line of trying to fix it but it bothers me it doesnt match to my account. It wont let me register it again. Thank you for any help...
Click to expand...
Click to collapse
Do you have the serial number, and mac address that it changed yours to?
Has anyone found a method for restoring Serial Number and DeviceID after recovering a bricked NT? I've recovered, but I can't re-register with B&N due to missing SN/ID? Not really finding any answers in the forums so far. If you have some info or can point me in the right direction, I'd be greatful. (yes I have been trying to look through the forums, just not seeing an answer, though it seems many have asked).
shawnshine2 said:
Has anyone found a method for restoring Serial Number and DeviceID after recovering a bricked NT? I've recovered, but I can't re-register with B&N due to missing SN/ID? Not really finding any answers in the forums so far. If you have some info or can point me in the right direction, I'd be greatful. (yes I have been trying to look through the forums, just not seeing an answer, though it seems many have asked).
Click to expand...
Click to collapse
I would have expected a deregister and reset would have restored your sn.
Beyond that I have found the sn at two locations.
/rom/devconf/SerialNumber
/rom/devconf/DeviceID
these are both text files; there may be others but this is what I found
your sn is located where your sdcard plugs in if you don't have it otherwise
I have not tried to edit these files so I can't suggest you do.
Sorry not much help but that's all I have.
I lost mine once but it returned after I replaced the restore partition and did a reset.
added info:
I pulled both files listed above and checked them with a hex editor and they contain the sn and only the sn - no extra characters of any kind (16 bytes only) permissions on are 440 and 440.
Thanks for the bit o' info. Unfortunately it's not as simple as that. The entire partition table had been deleted thus removing all of the data for the NT. I was able to recreate the partitions, and using meghd00t's & CRE's recovery method got v.1.4.0 B&N reinstalled. Now I'm not able to re-register the device with B&N due to missing DeviceID/Serial. I'm still looking around seeing if I can find a way to re-enter the info. I haven't had much luck in finding an easy way to do it, much less a hard way.
Serial number resolved / Now need Model Number & MAC location
It looks like I only had one file "/rom/devconf/DeviceID" that was only 8 zeros. I pulled the file with ADB, added my SN, saved and pushed it back. I took the saved file, renamed it to SerialNumber and did a push to rom as well.
C:\android-sdk-windows\platform-tools>adb remount
* daemon not running. starting it now on port 5037 *
* daemon started successfully *
remount succeeded
C:\android-sdk-windows\platform-tools>adb devices
List of devices attached
0000000000000000 recovery
C:\android-sdk-windows\platform-tools>adb pull /rom/devconf/DeviceID
1 KB/s (8 bytes in 0.007s)
(here I pulled the file: notice it's only 8bytes instead of 16. Once I had the file my pc, I edited it with Notepad and added my 16digit serial, then saved)
C:\android-sdk-windows\platform-tools>adb push DeviceID /rom/devconf
2 KB/s (16 bytes in 0.007s)
(here I pushed the file back to the nook. notice it is now 16bytes)
C:\android-sdk-windows\platform-tools>adb push SerialNumber /rom/devconf
3 KB/s (16 bytes in 0.004s)
(here I renamed the file on my pc as SerialNumber then pushed it to the rom)
C:\android-sdk-windows\platform-tools>adb shell
~ # ls
ls
boot etc sd-ext
bootdata init sdcard
cache init.rc sys
data proc system
datadata res tmp
default.prop rom ueventd.acclaim.rc
dev root ueventd.goldfish.rc
emmc sbin ueventd.rc
~ # cd rom
cd rom
/rom # cd devconf
cd devconf
/rom/devconf # ls
ls
DeviceID SerialNumber
/rom/devconf # cat DeviceID
cat DeviceID
20202400########/rom/devconf #
/rom/devconf # cat SerialNumber
cat SerialNumber
20202400########/rom/devconf #
/rom/devconf # exit
exit
C:\android-sdk-windows\platform-tools>adb kill-server
C:\android-sdk-windows\platform-tools>
Now the Nook registers the Serial Number. What I need now is to find out where the MAC address and Model number should be listed (located). If I can get that added, I think I'll be good to go. At least I'm now half way there!
shawnshine2 said:
It looks like I only had one file "/rom/devconf/DeviceID" that was only 8 zeros. I pulled the file with ADB, added my SN, saved and pushed it back. I took the saved file, renamed it to SerialNumber and did a push to rom as well.
C:\android-sdk-windows\platform-tools>adb remount
* daemon not running. starting it now on port 5037 *
* daemon started successfully *
remount succeeded
C:\android-sdk-windows\platform-tools>adb devices
List of devices attached
0000000000000000 recovery
C:\android-sdk-windows\platform-tools>adb pull /rom/devconf/DeviceID
1 KB/s (8 bytes in 0.007s)
(here I pulled the file: notice it's only 8bytes instead of 16. Once I had the file my pc, I edited it with Notepad and added my 16digit serial, then saved)
C:\android-sdk-windows\platform-tools>adb push DeviceID /rom/devconf
2 KB/s (16 bytes in 0.007s)
(here I pushed the file back to the nook. notice it is now 16bytes)
C:\android-sdk-windows\platform-tools>adb push SerialNumber /rom/devconf
3 KB/s (16 bytes in 0.004s)
(here I renamed the file on my pc as SerialNumber then pushed it to the rom)
C:\android-sdk-windows\platform-tools>adb shell
~ # ls
ls
boot etc sd-ext
bootdata init sdcard
cache init.rc sys
data proc system
datadata res tmp
default.prop rom ueventd.acclaim.rc
dev root ueventd.goldfish.rc
emmc sbin ueventd.rc
~ # cd rom
cd rom
/rom # cd devconf
cd devconf
/rom/devconf # ls
ls
DeviceID SerialNumber
/rom/devconf # cat DeviceID
cat DeviceID
20202400########/rom/devconf #
/rom/devconf # cat SerialNumber
cat SerialNumber
20202400########/rom/devconf #
/rom/devconf # exit
exit
C:\android-sdk-windows\platform-tools>adb kill-server
C:\android-sdk-windows\platform-tools>
Now the Nook registers the Serial Number. What I need now is to find out where the MAC address and Model number should be listed (located). If I can get that added, I think I'll be good to go. At least I'm now half way there!
Click to expand...
Click to collapse
Hang in there, this can be done. With cwm I formatted everything including rom and I was able to recover. I'll check on mac and get back so just remain positive.
How to find your Original B&N Nook Tablet MAC Address
I don't know if there is a way to find the Nook Tablet's original MAC address using ADB, but as far as I could find, IF you had ever flashed a version of CM7 onto your device the MAC address is given as 08:00:28:12:03:58. So unless you wrote down your original MAC address before flashing, you will end up with this one. I however do remember a little trick with pc's. When you have a bad nic card in a pc and your dealing with Firewalls and Routers (as I do for work) you can open the system and find the MAC address either printed directly on the board or listed on a sticker that's attached. So I did a little bit of rummaging through some YouTube videos and found a tear down of the NT. Lo and behold, right inside the back cover is a sticker with the NT's serial number AND MAC address. The video for cracking open your nook is here: http://www.youtube.com/watch?v=3SVO2JCgqPM And the website for the tear down is here: http://www.ifixit.com/Teardown/Nook-Tablet-Teardown/7121/1
But, if you don't have a T5 torq's screwdriver to remove the two screws at the SDcard door, if you are very very very careful and gentle, you can still use a tiny (and I mean tiny) flat head and gently insert at the bottom of the back panel right at the middle point and gently pry the back off working your screwdriver in a clockwise direction. Just don't try to pop that lower right hand corner open, you will break the case. (you been warned). Once you have about 3 quarters of the back popped off gently lift up the back cover and peer inside, you should see the SN & MAC address label. Copy the numbers. Replacing the cover back you need to be just as gentle and you want to work it back in going in a counterclockwise motion and only use the screwdriver to help work the last one or two tabs back in. If you are careful enough you won't even know that it was ever open. NOTE: There are two tiny gray paper stickers over the two screws at the SDcard door. If you remove the two papers, and expose the screws, you may have a hard time getting warrenty work done. So just know that before you start futzing with it.
Now if I can just find out where the heck the MAC address is located in the B&N v.1.4.0 software.
shawnshine2 said:
It looks like I only had one file "/rom/devconf/DeviceID" that was only 8 zeros. I pulled the file with ADB, added my SN, saved and pushed it back. I took the saved file, renamed it to SerialNumber and did a push to rom as well.
C:\android-sdk-windows\platform-tools>adb remount
* daemon not running. starting it now on port 5037 *
* daemon started successfully *
remount succeeded
C:\android-sdk-windows\platform-tools>adb devices
List of devices attached
0000000000000000 recovery
C:\android-sdk-windows\platform-tools>adb pull /rom/devconf/DeviceID
1 KB/s (8 bytes in 0.007s)
(here I pulled the file: notice it's only 8bytes instead of 16. Once I had the file my pc, I edited it with Notepad and added my 16digit serial, then saved)
C:\android-sdk-windows\platform-tools>adb push DeviceID /rom/devconf
2 KB/s (16 bytes in 0.007s)
(here I pushed the file back to the nook. notice it is now 16bytes)
C:\android-sdk-windows\platform-tools>adb push SerialNumber /rom/devconf
3 KB/s (16 bytes in 0.004s)
(here I renamed the file on my pc as SerialNumber then pushed it to the rom)
C:\android-sdk-windows\platform-tools>adb shell
~ # ls
ls
boot etc sd-ext
bootdata init sdcard
cache init.rc sys
data proc system
datadata res tmp
default.prop rom ueventd.acclaim.rc
dev root ueventd.goldfish.rc
emmc sbin ueventd.rc
~ # cd rom
cd rom
/rom # cd devconf
cd devconf
/rom/devconf # ls
ls
DeviceID SerialNumber
/rom/devconf # cat DeviceID
cat DeviceID
20202400########/rom/devconf #
/rom/devconf # cat SerialNumber
cat SerialNumber
20202400########/rom/devconf #
/rom/devconf # exit
exit
C:\android-sdk-windows\platform-tools>adb kill-server
C:\android-sdk-windows\platform-tools>
Now the Nook registers the Serial Number. What I need now is to find out where the MAC address and Model number should be listed (located). If I can get that added, I think I'll be good to go. At least I'm now half way there!
Click to expand...
Click to collapse
I'm only finding the mac at one location (seems to easy) but that may be all.
/rom/devconf/MACAddress 12 bytes 440 permissions no colons used in this file just the address all typed together.
We must have been typing together. I run cm7 internal final and have my mac as from the factory. What you mentioned may have related to the first version.
I must have been asleep earlier. Model no
/rom/devconf/ModelNuumber 7 bytes permissions 440 - (BNTV250)
One more step done, another one pops up.
Add the files and I got that knocked out but still having an issue. My devconf directory only had the one original file. I've added the ones you listed and now I have the Serial, Model, and MAC all showing on the Device Info tab. I think there has to be a second MAC location as when I get the Wifi page of the setup screens, it's still listing the old bad MAC address. But It does let me connect to my router. But when it goes to register I still get the error screen. When I click Device Info button, it shows all my info in Green now, but shows Battery: ! 100% in red. I reset battery stats, but nothing changed. I'll keep cracking away at it.
shawnshine2 said:
Add the files and I got that knocked out but still having an issue. My devconf directory only had the one original file. I've added the ones you listed and now I have the Serial, Model, and MAC all showing on the Device Info tab. I think there has to be a second MAC location as when I get the Wifi page of the setup screens, it's still listing the old bad MAC address. But It does let me connect to my router. But when it goes to register I still get the error screen. When I click Device Info button, it shows all my info in Green now, but shows Battery: ! 100% in red. I reset battery stats, but nothing changed. I'll keep cracking away at it.
Click to expand...
Click to collapse
I'm getting a different sense of where we began than I was in the beginning. Are you running CM7 and if so is it from the sdcard?
As a note /rom/devconf includes seventeen files total in my configuration (cm7 alpha final internal - flashed from 1.4.0). If you are running cm7 from sdcard I'll restore to 1.4.0 and see if I can help from there.
Restored all the info / but I think it's a fruitless quest
Whole story long........ I started out with a Nook Tablet that had no partitions, I acquired it that way. It had nothing, wouldn't even boot up. So I have been playing with it for two weeks trying to get it unbricked. After many tries and countless hours, using adamoutler, veronica, and meghd00t & EMR's forum posts I was able to get it running with the SDcard (CM7). I had to recreate the partitions in ADB. I struggled with the whole boot w/wo usb cable & sdcard for a long time. Finally on Friday I used EMR's recovery image and got it where I could finally make some headway and was finally able to boot normally. I used the internal restore image that Veronica posted but was unable to register with B&N. Thus began the search for Serial Numbers & MAC Addresses. The funny thing about that image (and I don't know if it's just because I never had the files to begin with) when you had told me about all the files in /rom/devconf I was confused cause I had only the one empty file. I recreated the files you suggested but still couldn't register. So I went back to one of Veronica's other posts about restoring partition images using the dd command. I copied partition 5, 6, 7, 8, and 9 using her partition images and all of the missing information was restored. I just had to edit the SerialNumber, DeviceID, MACAddress file and I used xvi32 hex editor to add my original MAC address back into the WiFiBackupCalibration file. After all of that, I re-flashed the original recovery software and did a complete restore of the B&N software back to version 1.0.0 . I am sad to report that I am still unable to register it back with B&N. Not a really a big deal, I just wanted to see if I could get it back to as close to original as I could. Using the bypass registration technique shows that there are several additional individual "keys" (hash private key and public key)that are locked to the device from the factory (most likely to keep people from doing what we are doing) and if what is on the device doesn't match what they have in the system from the factory then it refuses the registration. (my theory anyway). So unless someone knows something I don't, that's what I'm going with. One thing I have noticed is that on the Registration Error page, just below the Device Info button is a code B-CM1004. I'm curious if that is an error code and if it is what it might mean? If I find anything else I'll post back. Moral of the story is that I've since flashed CM7 internally and I now have my original MAC address. (always a silver lining).
shawnshine2 said:
Whole story long........ I started out with a Nook Tablet that had no partitions, I acquired it that way. It had nothing, wouldn't even boot up. So I have been playing with it for two weeks trying to get it unbricked. After many tries and countless hours, using adamoutler, veronica, and meghd00t & EMR's forum posts I was able to get it running with the SDcard (CM7). I had to recreate the partitions in ADB. I struggled with the whole boot w/wo usb cable & sdcard for a long time. Finally on Friday I used EMR's recovery image and got it where I could finally make some headway and was finally able to boot normally. I used the internal restore image that Veronica posted but was unable to register with B&N. Thus began the search for Serial Numbers & MAC Addresses. The funny thing about that image (and I don't know if it's just because I never had the files to begin with) when you had told me about all the files in /rom/devconf I was confused cause I had only the one empty file. I recreated the files you suggested but still couldn't register. So I went back to one of Veronica's other posts about restoring partition images using the dd command. I copied partition 5, 6, 7, 8, and 9 using her partition images and all of the missing information was restored. I just had to edit the SerialNumber, DeviceID, MACAddress file and I used xvi32 hex editor to add my original MAC address back into the WiFiBackupCalibration file. After all of that, I re-flashed the original recovery software and did a complete restore of the B&N software back to version 1.0.0 . I am sad to report that I am still unable to register it back with B&N. Not a really a big deal, I just wanted to see if I could get it back to as close to original as I could. Using the bypass registration technique shows that there are several additional individual "keys" (hash private key and public key)that are locked to the device from the factory (most likely to keep people from doing what we are doing) and if what is on the device doesn't match what they have in the system from the factory then it refuses the registration. (my theory anyway). So unless someone knows something I don't, that's what I'm going with. One thing I have noticed is that on the Registration Error page, just below the Device Info button is a code B-CM1004. I'm curious if that is an error code and if it is what it might mean? If I find anything else I'll post back. Moral of the story is that I've since flashed CM7 internally and I now have my original MAC address. (always a silver lining).
Click to expand...
Click to collapse
I haven't abandoned your problem but from here it will be much slower to find a path unless someone with prior knowledge comments. In the meantime you may be able to register B&N from CM7 with NOOK for Android by B&N. https://play.google.com/store/search?q=nook&c=apps
I haven't made any progress toward clearing your problem. If it were mine I would think seriously about doing a CWM backup, doing this recovery “[UnBrick]TOTAL WIPE and reflash back to 1.4.0 via Ubuntu Recovery --Now Easier!!!!”.http://forum.xda-developers.com/showthread.php?t=1470910
Once that is completed reboot into recovery and allow stock 1.4.0 recovery. You could always restore your backup if this failed. If reluctant to try this then you can try NOOK for Android by B&N from Google Play(Android Market) and maybe get registered with your current setup.https://play.google.com/store/search?q=nook+for+android
I'm sorry but this is all I can formulate now.
You guys are way more knowledgeable than me, but, is it possible that you can't register your Tablet, shawnshine2, because the last owner didn't deregister it?
smarcin said:
You guys are way more knowledgeable than me, but, is it possible that you can't register your Tablet, shawnshine2, because the last owner didn't deregister it?
Click to expand...
Click to collapse
Of course it is possible. Thanks for replying 3 heads are better than 2.
I have a theory that I use to help keep me grounded so I can't agree that we know more.
Want to hear my theory? Well I'll tell you either way! I may know more about some subject but you will know more about others; it takes all of us to make the world a better place.
Thanks for your input and I'm throwing a thanks your way.
And finally the saga ends ...for better or worse.
So to give a final ( ? ) update here, after going through every forum post I could find and even trying a few things not covered I finally gave in and called customer support. Since I bought this used and completely wiped out, I didn't expect that they would be much help. I was surprised. The CSR asked a few questions about what the problem was and I give it to him straight. He was surprisingly understanding. He looked up the serial number and said it was still registered to the previous owner, but it was also still under warranty. Here he was little cautious with me, but I give him all of my buddies information, name, address, phone number, email. With that, he was a little more comfortable. He said that he needed to De-register it on their servers and then for me to try again in 15 minutes. Unfortunately, this did not fix it. I called him back and he passed me to the technical desk. They in-turn had me try to do a "hard reset" (as if I hadn't done that 100 times already). When that failed, he said that the only thing they could do was to swap it out. I figured they'd say no since I wasn't the original owner, but they actually went ahead and sent the email with the return voucher to my buddy. He was gracious enough to print it out for me. Went to the store later in the afternoon and they switched it out no questions asked with a cert. pre-owned. But in true sales-people style, they talked me into buying a new case! So, I am at a loss to say what the problem was but B&N really didn't seem to care. They just wanted to make sure I was happy with their customer service, which, at the end of the day, I am really grateful for. I'm sorry I don't have the answer that can solve this problem for others, but honesty with B&N at least got me a replacement with almost no hassle. So, if nothing else, you can always give that a shot.
shawnshine2 said:
So to give a final ( ? ) update here, after going through every forum post I could find and even trying a few things not covered I finally gave in and called customer support. Since I bought this used and completely wiped out, I didn't expect that they would be much help. I was surprised. The CSR asked a few questions about what the problem was and I give it to him straight. He was surprisingly understanding. He looked up the serial number and said it was still registered to the previous owner, but it was also still under warranty. Here he was little cautious with me, but I give him all of my buddies information, name, address, phone number, email. With that, he was a little more comfortable. He said that he needed to De-register it on their servers and then for me to try again in 15 minutes. Unfortunately, this did not fix it. I called him back and he passed me to the technical desk. They in-turn had me try to do a "hard reset" (as if I hadn't done that 100 times already). When that failed, he said that the only thing they could do was to swap it out. I figured they'd say no since I wasn't the original owner, but they actually went ahead and sent the email with the return voucher to my buddy. He was gracious enough to print it out for me. Went to the store later in the afternoon and they switched it out no questions asked with a cert. pre-owned. But in true sales-people style, they talked me into buying a new case! So, I am at a loss to say what the problem was but B&N really didn't seem to care. They just wanted to make sure I was happy with their customer service, which, at the end of the day, I am really grateful for. I'm sorry I don't have the answer that can solve this problem for others, but honesty with B&N at least got me a replacement with almost no hassle. So, if nothing else, you can always give that a shot.
Click to expand...
Click to collapse
Great! I'm glad you didn't wait any longer on me as I was stumped.
Happy computing.
Not wanting to give up but may have to
After hours and hours of searching and reading, I must say this post makes me kind of sad. I haven't taken the time to reset my serial number and MAC, but this post makes me think "why bother". I really love my Nook & I was trying to unRoot and just go back to stock. Somewhere along the way I must've clicked something wrong and hosed it all up. AdamOutler's Total Wipe method was the only thing I could find to get me out of a CWM bootloop. Mine is right at a year old (Christmas gift last year), so I seriously doubt B&N will be as forgiving with me.
Just adding to this thread in case someone has figured out anything since April. I also messaged Adam to see if he had any thoughts. Sadness is setting in.
Vol4Ever said:
After hours and hours of searching and reading, I must say this post makes me kind of sad. I haven't taken the time to reset my serial number and MAC, but this post makes me think "why bother". I really love my Nook & I was trying to unRoot and just go back to stock. Somewhere along the way I must've clicked something wrong and hosed it all up. AdamOutler's Total Wipe method was the only thing I could find to get me out of a CWM bootloop. Mine is right at a year old (Christmas gift last year), so I seriously doubt B&N will be as forgiving with me.
Just adding to this thread in case someone has figured out anything since April. I also messaged Adam to see if he had any thoughts. Sadness is setting in.
Click to expand...
Click to collapse
Have you looked at this thread?
Yes. Read in detail. It tells you how to retrieve serial number, but that apparently doesn't get you past the B&N checks that occur when setting up the tablet. It still locks up and gives the number to tech support. Without completing the activation step, you can't access the B&N store or your previously purchased content.
Vol4Ever said:
Yes. Read in detail. It tells you how to retrieve serial number, but that apparently doesn't get you past the B&N checks that occur when setting up the tablet. It still locks up and gives the number to tech support. Without completing the activation step, you can't access the B&N store or your previously purchased content.
Click to expand...
Click to collapse
My reading of that thread's first post is it's about how to put tablet's serial number (which can be found on the back of the micro-SD card slot cover) back into the NT's relevant system info files. The "Retrieve" word in the OP's thread title is, unfortunately, misleading.
I live in Japan and after more than 6 months I have successfully and permanently rooted both my Sharp 003 SH Galapagos and the 005SH Galapagos (Softbank not Docomo). My next concern is how to SIM unlock. I have been reading the posts about hacking the nv_bin file. I have searched through all of the the files (Root FTP thank you!) but there was no such file. I am happy to send along any screenshots or data files if that helps.
Thanks in advance.
Search Sharp 003SH Root Success and Sharp 005SH Root success on Youtube for more info
Can't really help you. Don't know anything about it. But I would like to know how you ended up rooting this phone of ours.
Its not a file on the filesystem. The sim locking in these phones is in the radio image; which can be accessed when you use the custom build kernel thats in the latest rootkit (I assume thats what you are using).
See the 2ch root/ROM thread for more details, but basically it is done through ADB, manually backing up the "_modem" partition; stripping the spare/ECC bytes and then extracting the radio OS using QualcommDumpAnalyser
I have managed to extract this image, but no idea where to go from there. None of the other device info seems to apply to this (HTC, Samsung, LG, any other Android that has had its sim-lock discovered in the radio)
Advice i got from the guys on 2ch: "Qualcomm's NAND code is neither difficult, nor unique, so if you know what you are looking for its not hard"
003SH 005SH Sim unlock
Thanks very much for giving me a new direction. I'll get started on it right away and let you know how it progresses.
It just sucks that the guys who know how to unlock it are staying quiet, saying its "taboo"
FYI, stripping the Spare/ECC bytes can be done manually (i wrote a C program to do it), but there is an option in the RevSkills app to do it all for you - i recommend doing that.
Of course we face another issue once we find the actual unlock - recalculating the ECC bytes after making the change; the only way to access the radio is with raw data access.
P.S. hope you have warranty on your phones - this is very likely to brick at least one phone until we get it right
---------- Post added at 12:30 PM ---------- Previous post was at 12:24 PM ----------
In the spirit of open cooperation, here are the instructions i was given, translated and simplified
In ADB Shell, type su to get the # prompt, then:
cat /proc/mtd <Enter>
Confirm that you have the "_modem" partition available. If not, you need to reflash with the custom build kernel
Dump the image to file with the following command:
dump_image -r -D -F _modem /sdcard/backupimages/modem.img
Access this with anything as "raw dump" and all blocks will get read as ECC error, so definitely dont do this
ECC positioning is different to Linux, so take care
The following maps out how 512bytes of data and 10 bytes of ECC info are stored in a 528 byte block:
0000 - 01CF (0-463): Data
01D0 - 01D1 (464-465): Unused (0xff)
01D2 - 0201 (466-513): Data
0202 - 020B (514-523): ECC
020C - 020F (524-527): Unused (0xff)
Use RevSkills application to extract the data portions:
Menu⇒Calculators/Generators⇒Android MTD Nand remove Spare and ECC
Extract all of the Data only portions out of the raw dump, and then use QualcommDumpAnalyser to read it and split up the various parts. I did notice that i wasnt able to get the AMSS block out with QualcommDumpAnalyser - i copied that out manually by calculating the byte positions shown in QDA.
003SH bootloader key sequence?
Eternalardor,
I'd be happy to swap information. Perhaps you could shed some light on the question of the bootloader for the Sharp 003SH and 005SH? There seems to be no discernible key sequence (Power+home+Volume up etc.) to access the bootloader. I feel like I've tried them all. Can you tell me this critical piece of information?
Is a form of the USB Jig necessary to access it?
Looking forward to your response.
003SH SIM unlock
Dominik,
Here are the results of the original /proc/mtd (before rooting)
boot
cache
misc
recovery
ipl
system
persist
log
battlog
calllog
ldb
userdata
I don't see the _modem partition. Should I?
I have also included a screenshot of the results showing size. I have most of them backed up as .img files too.
FYI: .img backed up sizes. Perhaps this will help you to ponder where the _modem partition may have gone. Maybe it's been renamed?
boot 11,264KB
cache 3,072KB
misc 1,024KB
recovery 11,264KB
ipl 15,360KB
system 419,840KB
persist 30,720KB
ldb 45,056KB
userdata 405,120KB
There is no bootloader menu AFAIK. If you install the custom kernel, you will have the option of a quasi-recovery mode, by pressing the home button between 7-12 seconds after the Galapagos logo is seen (or was that the Softbank logo)
Anyway, looking at the screenshots, it seems you do not have the custom kernel.
How did you achieve root on your phone?
To do this, you need to use the "003sh_005sh_dm009sh-rootkit" from at least 5/27 (recommend _0614); which is available on the 2ch forums. This includes 2 possible ways of achieving root:
1. A modified standard kernel (boot image), which, when flashed gives you regular root access
2. A custom compiled kernel, which has full root, a bunch of power profiles, and heaps more features (inc that quasi recovery), as well as access to the "_modem" image.
Judging from your youtube videos, you speak some Japanese, so the Japanese menus in the rootkit shouldnt be much trouble.
http://www1.axfc.net/uploader/Si/so/142435
This is what i used.
Go here for help/instructions http://anago.2ch.net/test/read.cgi/android/1337845757/
And dont even think about typing in English on there, or you will be ignored and/or told to go away
This all looks familiar. I have been using the root kit (5/27) to get where I am now - step by blessed step. It was pretty straight forward BUT I have never seen the option to write to the system partition. It is in all the instructions but the only option I have with respect to the system partition is to back it up. I'm confused as to why it doesn't seem to show up for me. I am using a Japanese machine so all the characters are displayed and I can read the instructions but I can't find help anywhere as to why I don't have that particular (and critical) option. I can see a lot of new and cool options in the 6/14 release. I'm excited and would like to get it installed.
I'll let you know how it goes. Thanks for your help .... keep it coming!
And another thing
Could you explain a little more about "having" the custom kernel? Using the root kit, I wrote to the Recovery partition then the Boot partition then rebooted from the Recovery partition and all seemed well. As I said above, I have never been able to write to the System partition despite it appearing in all the instructions. I suspect that is what is holding me back from the latest and greatest custom kernel. Still, I am enjoying all the same functionality that everyone else seems to be enjoying in root. What am I missing?
Eep, you wrote to the boot partition before trying the recovery? Brave!
The steps should be:
Write image to recovery partition;
Then reboot to recovery partition (from the menu) and confirm it all works without errors.
Then write image to boot partition
And then turn off the phone, and reboot (the last part is only my instructions - you could just select "reboot to boot partition" from the menu)
You are doing this on your 005SH right? It should be the same for the 003SH, but i only have the 005SH. In the rootkit there is 2 options when you say "burn custom image":
1 カスタムビルドrootedカーネル(リカバリーキット機能付き)
2 S4080 標準rootedカーネル(簡易リカバリー機能付き)
Q 中止してメインメニューへ戻る
You must do the first one, the CUSTOM rooted kernel, to get any of the really cool features. The second option is only if you just want root access for a particular app or something. AFAIK the second option doesnt even disable MIYABI LSM, which prevents you from mounting the system dir as R/W
But either way, writing to the System dir is not important for what we are doing. You need the Custom kernel, which gives you access to the "_modem"
Edit, i just noticed in your screenshots above, you didnt even get root in ADB shell?
Type
ADB Shell<Enter>
Then type
su<enter>
The cursor should change to a #, this means root. You may get a prompt on the phone from Superuser asking you to give root access to "shell". Once you have this try the cat /proc/mtd again
jcroot003sh,
can you tell me how to root 003sh?
Use the link i provided in my previous post
http://forum.xda-developers.com/showpost.php?p=27989085&postcount=8
You can use a translator if you dont understand Japanese, but the general instructions are in the post above yours
I translated it for a friend, but that is at work, so wont be able to put it up until monday.
DominikB said:
Use the link i provided in my previous post
http://forum.xda-developers.com/showpost.php?p=27989085&postcount=8
You can use a translator if you dont understand Japanese, but the general instructions are in the post above yours
I translated it for a friend, but that is at work, so wont be able to put it up until monday.
Click to expand...
Click to collapse
Thank you for your replying. I will wait for your translated version. You are really a good person.
Progress
I have successfully found and dumped the "_modem" image. Exactly as you stated - forgot the "su" command in ADB. Thanks. The next problem is editing out the code. I am way above my head here so I will do some research before bugging you for a step-by-step for that.
Also, the bootloader worked. I didn't realize how to do it until I read the notes in the 6/14 release. I successfully put a previously dead phone back on it's feet EXACTLY to the point of my current phone simply by backing up and then restoring partitions through the bootloader. Very slick and easy.
Will get to work. I'll be in contact soon with my progress on the SIM unlock.
I have spent a bit of time looking at it, it certainly isnt easy (Certainly isnt a "lock=yes" section). I assume the actual locking portion is encrypted/compressed/or just compiled, because it would be too easy otherwise (be happy to be proven wrong). For starters, i cannot even find my IMEI number in the dump file... I think that this dump only includes the radio code, not the NV RAM which contains the IMEI and SIM Lock status. If that is the case then the solution should be to change the portion of the radio code that queries the NV RAM, so that it doesnt care if the SIM lock is supposed to be applied.
Extracting the spare/ECC bits out should be done with the RevSkills app; extracting the relevant portions, that is a bit of a cludge; QualcommDumpAnalyser can show the start/end positions, but doesnt extract the AMSS part (AFAIK thats where the code will be). You need to use a hex editor to cut that part out manually... And i am still not 100% sure what the block size is on this NAND.
Good luck!
And if there *are* any experienced hackers out there willing to help out, i can offer some monetary help (as will a few of my fellow Japanese smartphone owning friends) as this will be valuable for not just these 2 phones (there is an army of 007SH owners waiting on this unlock)
Shall we give the 007/009 a shot?
I can see mountains of the 007SH on the auction (mostly pink). Perhaps I should pick one up and take it for a spin. I am happy to try to do something to help out for all the help I am receiving.
Or perhaps the 009SH?
How hard would it be to crack the 007? The 009SH looks like it is supported in the latest release kit.
Thoughts?
Currently, the 003/005SH are going to be the easiest, because they have the custom kernel which allows access to the "_modem" image. To do it on the 007SH we need to build a custom kernel (compiled from the sources available on the ktai-dev site), and add the modem access code (this is in the src directory of the rootkit). Not impossible, but i dont have a Linux machine to compile the sources.
However i think that the code will be fairly universal. Once we find it on the 005SH we will know what we are looking for on the 007SH as well. That will make many people happy
Anyway, my 005SH is under warranty/anshin plan so i dont mind if it gets bricked (especially now that we can take nand backups).
First things first though - examining the 005SH modem image. Does anyone know whether the NAND is a 16kb or 128kb block size? Or is it something completely different?
P.S. The DM009SH is just the Disney Mobile version of the 003SH
Linux machine no problem
I have a Linux server running 24/7 so compiling the kernel is easy. Don't let that be the holdup. I'll keep working on the 003SH _modem image.
DominikB,
I can't open this site [anago.2ch.net/test/read.cgi/smartphone/1319287551/] on channel2 for free. This site had been moved to the past-log storehouse. So.... I even can't look at Japanese version for rooting 003sh. It is very helpful if you can show me the steps for rooting 003sh.
Managed to fix my wifi mac address problem with some info read in this thread:
forum.xda-developers.com/showthread.php?t=1131649
all performed using linux,
connect phone to pc using in terminal
adb shell
dd if=/dev/block/mmcblk0p3 of=/sdcard/filename.img (stored image of block on sdcard)
exit
exit
disconnect then reconnect phone to pc this time allowing access to sdcard.
in terminal mount the image for editing
mount -o loop /source/filename.img /destination/
using a hex editor modify '/wifi/wlan_mac.bin' with wanted address
save
unmount /destination/
the filename.img has now been modified and needs to be returned to the phone
remove the phone then reconnect and using 'adb shell'
su
chmod 777 /sdcard/filename.img
dd if=/sdcard/filename.img of=/dev/block/mmcblk0p3
reboot
now after the reboot connect your phone to the wifi and it will be using your new address
Original question below:
got 2 of these Atrix phones.
i have rooted both following this guide
wiki.cyanogenmod.com/wiki/Motorola_Atrix_4G:_Full_Update_Guide
now my one has this installed:
cm-7-20121014-NIGHTLY-olympus.zip
the wifes is still stock.
now we both have been experiencing wifi problems, which i have traced to both phones having the same wifi mac code
98:4B:4A:5D:8D:4C. Resulting in the router not being able to distinguish between them, a right mess.
i have tried following this guide to change my mac address
pocketnow.com/tweaks-hacks/motorola-atrix-4g-how-to-change-wi-fi-and-bt-mac
but changing the address in this file has no effect, its as though the mac address above is a spoof. Not the address stored in /pds/wifi/wlan_mac.bin
i have also tried from terminal 'busybox ifconfig eth0 hw ether xx:xx:xx:xx:xx:xx'
this also does not change my address.
others mention to change the contents of nvram.txt here:
/etc/wl/nvram.txt
this also has made no change
the 2 file locations mentioned contain different mac addresses from the one above.
which file contains this code '98:4B:4A:5D:8D:4C' ?
How do i change the mac address?
i think mac address related to hardware so you can't change it. I have flashed several roms but the mac address is constant, the only change is device name.
Sent from my MB860 using xda app-developers app
lambcutlet said:
which file contains this code '98:4B:4A:5D:8D:4C' ?
How do i change the mac address?
Click to expand...
Click to collapse
/pds/wifi/wlan_mac.bin looks like the right place. But be aware that messing up your PDS could mean quite bad consequences for your phone.
I'd probably dump the entire PDS partition into a file and back it up somewhere if I were you.
voncount said:
i think mac address related to hardware so you can't change it. I have flashed several roms but the mac address is constant, the only change is device name.
Click to expand...
Click to collapse
Nope, wrong.
It's true a MAC is a hardware address, but it's not true it cannot be changed.
ravilov said:
/pds/wifi/wlan_mac.bin looks like the right place. But be aware that messing up your PDS could mean quite bad consequences for your phone.
I'd probably dump the entire PDS partition into a file and back it up somewhere if I were you.
Nope, wrong.
It's true a MAC is a hardware address, but it's not true it cannot be changed.
Click to expand...
Click to collapse
pds backup was performed. My address is different in the 'wlan_mac.bin' file, probably the original F8:7B:7A:xx:xx:xx. i did manage to change its contents but still it appears to be over-ridden by '98:4B:4A:5D:8D:4C'
its weird that both phones have the same mac address
also noticed the bluetooth address is different 00:11:22:33:44:55
there is a program somewhere on my phone over riding the original addresses.
does anyone know what it could be?
has anyone else used the same guide as me to root the phone and ended up with the same mac and bt addresses?
Hi!
How do I change the WiFi mac address of an Amaze phone?
I got two Amaze phones that I put Sport's CM10.1 on them.
Problem is both have the same (well known!) mac address. Seems like either CM10.1 picks a fixes address, or perhaps the process or rooting it cause the mac address to be reset?
I tried searching for ways to change it. Some posts require using busybox, however, that's temporary.
Some posts refer to change it in an nvram.txt data somewhere in /data/misc/ (or similar, don't have it handy), however, I do not have that file in any of the phones. I do not know what format I would have to put it in if I were to venture to do it. I found one example of a different phone and it was a rather complex file with all sorts of settings, which makes me cautious about even trying something and possibly breaking the format of the nvram on the phone.
Thanks!
[/COLOR]
ihama said:
Hi!
How do I change the WiFi mac address of an Amaze phone?
I got two Amaze phones that I put Sport's CM10.1 on them.
Problem is both have the same (well known!) mac address. Seems like either CM10.1 picks a fixes address, or perhaps the process or rooting it cause the mac address to be reset?
I tried searching for ways to change it. Some posts require using busybox, however, that's temporary.
Some posts refer to change it in an nvram.txt data somewhere in /data/misc/ (or similar, don't have it handy), however, I do not have that file in any of the phones. I do not know what format I would have to put it in if I were to venture to do it. I found one example of a different phone and it was a rather complex file with all sorts of settings, which makes me cautious about even trying something and possibly breaking the format of the nvram on the phone.
Thanks!
Click to expand...
Click to collapse
flash any sense 4.x rom on any of your device,i heard that sense 4.x roms change the mac adress of your device,dont knw what is the reason though...read it alnog yor research and readings...
http://forum.xda-developers.com/showthread.php?t=2201216
hatim_rajput said:
[/COLOR]
flash any sense 4.x rom on any of your device,i heard that sense 4.x roms change the mac adress of your device,dont knw what is the reason though...read it alnog yor research and readings...
http://forum.xda-developers.com/showthread.php?t=2201216
Click to expand...
Click to collapse
Thanks for the reply, however, this is not a great solution, as it's rather invasive. I'm also finding that this image I am on is stable and yields good battery and it has the latest 4.2.2, so I am trying to avoid major changes like a rom from a different device might be (I'm new to this too ..).
Here is what I have tried:
brute-force search on the zip file that Sport posted
brute-force search on the phone itself via a root shell
searching various other files and forums
the brute-force search on the phone found the mac address. This is what i did:
find -exec grep -iH '00:d2:8b:43:9f:fd' '{}' \;
which yielded:
/sys/devices/platform/msm_sdcc.4/mmc_host/mmc3/mmc3:0001/mmc3:0001:2/wl12xx/ieee80211/phy1/macaddress:00:d2:8b:43:9f:fd
/sys/devices/platform/msm_sdcc.4/mmc_host/mmc3/mmc3:0001/mmc3:0001:2/wl12xx/ieee80211/phy1/addresses:00:d2:8b:43:9f:fd
/sys/devices/platform/msm_sdcc.4/mmc_host/mmc3/mmc3:0001/mmc3:0001:2/wl12xx/net/wlan0/address:00:d2:8b:43:9f:fd
However these files are in a "/proc/-like" mounted device that is read-only. These files look like status files from the OS, so even if I had been able to change them, it looks like the changes would vanish after reboot, and even if that would not be the case, it would not have changed anything.
Any ideas?
This is the solution for permanently changing the MAC of the WiFi in the Amaze (ruby) phone:
su -
mount -o remount -o rw /system
cd /system/etc/firmware/ti-connectivity
calibrator set nvs_mac wl1271-nvs.bin 00:d2:8b:XX:YY:ZZ
cd /
mount -o remount -o ro /system
change the XX YY ZZ to any other (hex) numbers as you please.
(The assumption is that you are connected with adb shell)