Docomo Fujitsu Arrows NX F-01F root??? - Android Q&A, Help & Troubleshooting

I know, it's kinda old model from Docomo but still there's no any info out there for rooting and unlocking. Mr. fi01 has made a bunch of tools for other models of Docomo phones but not for this one. So, I wonder if it's possible at all. Ideally, I wanted to get the root and unlock the bootloader to install my custom firmware (e.g., Cyanogen). Tried some roots by fi01, but none of them worked. And I cannot get any answer from him.
I could contribute some money for it (within reasonable limits, ofc.).

oneclickroot,this website say root is done.
root after how to unlock SIM?

o759 said:
oneclickroot,this website say root is done.
Click to expand...
Click to collapse
Really? I have tried a bunch of modern rootkits and exploits and none of them worked. But I figured out how to get root with some private exploit, based on RowHammer attack. Here's my long conversation with fi01 about rooting F-01F: https://github.com/android-rooting-tools/android_run_root_shell/issues/42
Do you have # sign in adb shell and both uid and gid = 0? If yes, then you are root for sure.
But still there is no rights to mount /system as rw because of SELinux and fjsec LSM thing. I'm trying to overcome that but it's not that easy.
Sorry, I don't know how to do SIM unlocking. My phone was already unlocked when I bought it.

There appeared some videos for rooting F-01F on older firmwares (Android 4.2.2 JellyBean, build # V32R63C).
https://www.youtube.com/watch?v=bfpBeUTShhg
https://www.youtube.com/watch?v=kAM2U1hkqng
https://www.youtube.com/watch?v=PvHot7Oo62Q
Sadly I had no success with that 'cause I'm on V10R22A and those rooting tools don't work.

Arrows nx f-01f is now rooted . with shouhuanguanli.apk . Indian FB group. If need more info PM me at facebook messenger "Mijery NyTontolo"
NB: need to repeat process if failed . (person : 23times, but I have root now )

Lez16 said:
Arrows nx f-01f is now rooted . with shouhuanguanli.apk . Indian FB group. If need more info PM me at facebook messenger "Mijery NyTontolo"
NB: need to repeat process if failed . (person : 23times, but I have root now )
Click to expand...
Click to collapse
This is Dianxinos Superuser app. But as I said earlier it's not working for KitKat firmwares (Android 4.4.2, build # V10R22A), because there's PXN enabled and no known way to disable fjsec LSM. On older builds there's no PXN, so ping pong exploit may be used (which seems to be already integrated into Dianxinos, OneClickRoot, KingRoot and others).
Well, anyway I tried to run Dianxinos apk many times. It cannot gain root:
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Please, could you tell what's your build #? (Settings -> About phone -> Build number (at the very end))

HW root
I have attempted to do hardware root but failed. :crying: It was an interesting undertaking, but almost impracticable.
For the reference I used these two wonderful articles: Hacking Hardware with a$10 SD Card Reader and eMMC Adventures, Episode 1: Building my own 64GB memory card with a $6 eMMC chip. Moving in steps through the papers, I determined that eMMC in F-01F is presented in two versions:
1. Toshiba THGBMAG8A4JBA4R, JX4135, Japan 1337KAE
TH: Toshiba NAND
G: Packaged as IC
B: Vcc (Flash power supply) = 3.3 V, VccQ (controller/interface power supply) = 1.8 or 3.3 V
M: eMMC device
A: Controller revision A
G8: 32 GB
A: ? NAND Flash
4: 4-stacked dice (4 8GB chips)
J: ?nm A-type Flash
BA: Lead-free and halogen-free
4: ? temperature grade (? to ? degrees Celsius)
R: package size = ?
2. Samsung KLMBG4GEAC-B001
Here's a photo of the PCB with eMMC revealed:
Both chips are completely interchangeable and share the same pinout. Another two chips on the picture are RAM, which is Samsung K3QF2F20DA-QGCE, 334, 1338 DUO28, GFF0539N, and the camera controller / media processor / ARM core, which is Fujitsu MBG046C E1, 1330 SLC.
Knowing that, I whittled down the eMMC chip to see the contact pads, where the balls were located. After that I traced some pins and got that image:
The power and ground pins could be seen here:
As you may see, DAT0 is quite difficult to solder to (you may need a soldering iron with a very thin tip). But the real hardcore is both CMD and CLK as they are located at the tiny resistors' ends in the very corner between eMMC and bigger resistors. For the better understanding here's a photo with those little resistors completely removed:
So it appears to be a practically impossible thing to get the wires soldered to CMD and CLK, not damaging other components. A spoon of tar is a compound, which covers some of the resistors. I doubt, the most virtuoso in the electronics could do that task (almost of the same complexity as unsoldering an eMMc and soldering it back). That's why I should stop at HW rooting. Maybe someone find those pictures useful and do some further explorations.

help !!!
please help me for root fujitsu f01j.

I'd like to report that F-01F (V10R22A) is rooted now using CVE-2017-8890 exp: https://github.com/dadreamer/CVE-2017-8890. I adapted the exp from thinkycx with some tricky ROP chain to overcome fjsec protection. The LSM and SELinux are still in place after the system restart, so it's a subject for bootloader unlocking and the system modification, but no progress is made for that yet.

dadreamer said:
I'd like to report that F-01F (V10R22A) is rooted now using CVE-2017-8890 exp: . I adapted the exp from thinkycx with some tricky ROP chain to overcome fjsec protection. The LSM and SELinux are still in place after the system restart, so it's a subject for bootloader unlocking and the system modification, but no progress is made for that yet.
Click to expand...
Click to collapse
is any more progress yet for now?

fiefie7 said:
is any more progress yet for now?
Click to expand...
Click to collapse
If you mean the bootloader unlocking, then no more work will be done for that. One of my devices is almost dying due to the bad battery and the second is SIM-locked and software bricked. Therefore I'm not going to spend my resources for these obsolete phones anymore.

well, that's too bad...

Related

N7105 dead boot recovery how to...

This guide will help you to recover dead boot or downgrade knox bootloader on N7105.
If you are on dead boot for some reason,you can skip step 1.
if you want to downgrade from knox bootloader,first backup your data.this will wipe the device
STEP 1
Write to sdcard n7105_boot1.img file
Disassemble the phone and inserd the sdcard in it`s place.connect the lcd cable,battery and power button cable to the motherboard as in picture
!!!!! THIS IS VERY DANGEROUS PROCEDURES,YOU CAN DAMAGE THE LCD CABLE!!!!
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Around the resistor are glue.you must carefully remove the glue with tweezer.Heat the glue to ~ 80-100 *C with hotair gun or hairdryer then carefully remove it.
With a fine tweezers short red marked resistor
!!! you must keep battery connected,lcd ,short with tweezer and press power button with two hands !!!
Press power on button and keep shorting the resistor 3 more seconds then remove short.After few seconds you will see on screen `download completed`
After that you can assembles the phone.Now phone are in dead condition but it`s ok
STEP 2
Write to sdcard n7105_boot2.img file
Connect the battery and press power on buton. SDCARD MODE should appear on screen
Press vol down key to enter download mode
Now you can use odin
cool! but too complicated for norm users.
Excellant
I think that flashing can be dangerous and on these forums we get many cases of bricked phones
The details the OP has posted are just the type of details that forum members need
THE OP has put warnings into the post and just as with flashing bootloaders or radios or custom rom
you can trash an expensive phone .... but users change front glass with the posserbility of damaging
the LCD ... they change back panels ,,, some fit wireless chargers ... change main boards adn fit new modules internally
I say BRILLIANT post just right for those trapped on nasty knox who would like to downgrade
five stars lets have more hardware mods
No idea how you came across this info. Thanks for sharing. Would love to know the technical reasons behind why/how this works. Fantastic how-to for people in a bind and needing a last resort kind of solution.
Danger but cool!
The part to remove glue and to shortcircuit the power is the most danger one, which I think a noob like me will fail on this part.
But cool... never think about this one.
Sent from the corner of this rounded earth (N7105 v4.3, powered by LionROM)
Just one more detail. Will we need to glue resistor to the motherboard before assembling the phone back?
Hi!
Is there a solution?
Because of the display should guarantee!
If there is a solution can someone help me step by step?
German official N7105 Galaxy 4.3
Hungarian Telekom dependent device
Thank you:
Lackó
---------- Post added at 09:39 AM ---------- Previous post was at 09:34 AM ----------
Hi!
Is there a solution?
ODIN MODE
PRODUCT NAME: GT-N7105
CUSTOM BINARY DOWNLOAD: YES (4 COUNTS)
CURRENT BINARY: CUSTOM
SYSTEM STATUS: CUSTOM
KNOX WARRANTY VOID: 1
AP SWREW: A2
Because of the display should guarantee!
If there is a solution can someone help me step by step?
German official N7105 Galaxy 4.3
Hungarian Telekom dependent device
Thank you:
Lackó
disparo said:
Just one more detail. Will we need to glue resistor to the motherboard before assembling the phone back?
Click to expand...
Click to collapse
Really? Resistor is soldered down to mobo. You have to remove glue which covers it from top only not whole resistor.
Hello, there are stillimages are alldead.
Hi , I've succeeded in getting to the last step. So what do I do now? Flash it in Odin? with? I tried flashing with a stock 4.3 N7105 ROM and it says "There Is No Pit Partition" and fail, so please advice. I still think my eMMC is not damaged. Can someone verify if we can get to the last step as what asteraky has shown, does it mean our eMMC doesn't need to be replaced. I am short of this last step, I know there is a ray of hope in reviving this Note 2 N7105.
This is what I get
and what does
INVALID RPMB DATA means ? All I can suspect is that the current bootloader in the phone is the 4.3 with KNOX Authentication key, the boot SD has the 4.1.2 bootloader . If only someone can dump a new BOOT SD Repair with the new 4.3 files in it , it might work. Just my theory on this. Does anyone get the same issue?
zelith said:
Hi , I've succeeded in getting to the last step. So what do I do now? Flash it in Odin? with? I tried flashing with a stock 4.3 N7105 ROM and it says "There Is No Pit Partition" and fail, so please advice. I still think my eMMC is not damaged. Can someone verify if we can get to the last step as what asteraky has shown, does it mean our eMMC doesn't need to be replaced. I am short of this last step, I know there is a ray of hope in reviving this Note 2 N7105.
This is what I get
and what does
INVALID RPMB DATA means ? All I can suspect is that the current bootloader in the phone is the 4.3 with KNOX Authentication key, the boot SD has the 4.1.2 bootloader . If only someone can dump a new BOOT SD Repair with the new 4.3 files in it , it might work. Just my theory on this. Does anyone get the same issue?
Click to expand...
Click to collapse
did you try a pit file if not i found one here http://forum.xda-developers.com/showthread.php?t=2137008
This is what I get guys
tried n7105_boot1.img file and got "SDCARD DOWNLOAD FAILED"
with n7105_boot2.img file, I get the "Invalid RPMB data"
I have another working n7105 with 4.3 rooted, is there a way to make my own boot.img file?
zelith said:
This is what I get guys
Click to expand...
Click to collapse
Why do you have repartition checked
Sent from my SGH-I317 using XDA Premium 4 mobile app
hey all..
i am following instructions to every word but when i get sd card mode it says sdcard download failed...
why is this?? what am i doing wrong??
thanks
rob
Does it need to be a 2Gb SDCard, does anyone know?
I'm trying with a 32Gb SDCard and getting nothing.
i tried this method
but no luck, no shows anything
my phone is dead and motherboard is ok , no short
any other solution
thanks
What is the resistance value of this component? Lost mine, need to replace it with spare.
What about for N7100? Does anyone have the file needed to save on sdcard?
WARNING... CORRECT ME IF I'M WRONG, BUT THE 2ND PHOTO (ONE OF MOST IMPORTANT) ISN'T ACTUALLY A NOTE2 IS IS??
I Don't think it matches the other photos (also light background vs others)... so don't pull your whole phone apart unless you are SURE the 2nd photo showing the resistor, is the CORRECT ONE!!! Can someone verify this? It also doesn't match a Note2 disassembly video i watched on youtube...

Virus / trojan / malware in the official Zopo Speed 7 / 7+ ROM from 2016-09-21

Some weeks ago, a virus appeared a second time on my Speed 7, which is not removable and at the end requires a full re-flash of the device.
Symptoms: every couple of hours two apps with the name "Settings" are getting installed. The virus scanner (I used "Sophos") detect the viruses which belong to the "Triada" class; I can remove them, but after a while they reappear again.
To find out if the malware comes from "outside" (for example by installing a malicious app) or is already pre-installed in the ROM I performed the following investigation:
1) Downloaded the latest ROM for Speed 7 (from 2016-09-21, MD5 sum 8dfa789e1e795f285b4c6a9a65433943) to a Linux PC
2) Unzipped the file, converted "system.img" to a raw image file (with simg2img)
3) mounted the raw image file
4) uploaded the file system/priv-app/System-UI/SystemUI.apk (MD5 sum 55169441bfb82af77f2187614e5d2c1c) to virustotal.com
13 of 59 virus scanners detect a problem:
AegisLab: Android.Troj.Ztorg!c
Arcabit: Android.Trojan.Ztorg.GC
BitDefender: Android.Trojan.Ztorg.GC
ClamAV: Java.Malware.Agent-6331114-0
Emsisoft: Android.Trojan.Ztorg.GC (B)
GData: Android.Trojan.Ztorg.GC
K7GW: Trojan ( 0001140e1 )
MAX: malware (ai score=81)
McAfee: Artemis!55169441BFB8
Qihoo-360: Trojan.Android.Gen
Sophos AV: Andr/Dropr-FY
TrendMicro-HouseCall: Suspicious_GEN.F47V1015
WhiteArmor: Malware.HighConfidence
Conclusion: the latest ROM image for the Speed 7 is infected by a virus / trojan that can not be removed from the system. The purpose of this virus is not obvious to me, but it installs other trojans of the "Triada" class (using the camouflage name "Settings"). In my opinion it is a very serious problem affecting the integrity of private user data and credentials. I also checked the latest ROM images of the Speed 7 plus and Speed 7C models, they are also infected.
Second investigation:
I rooted the phone and installed afwall+, hoping that the firewall will block downloading of additional virus components (beside the already installed system app SystemUI). The log file entries of afwall+ show that SystemUI tries to connect to two different servers, usually several times per minute:
First: 54.169.134.231:80 (name "ec2-54-169-134-231.ap-southeast-1.compute.amazonaws.com")
Since port 80 is HTTP protocol I opened the web page in a browser. It simply shows a page with one single word: "prabat". Maybe a password to access other malware???
Second: 221.130.182.169:80 (no nameserver entry)
Opening this address shows a page with chinese letters only and several links, which are always the same and point to an Android app named NanoLauncher.apk"
Downloading the APK and uploading it to virustotal.com shows that 10 of 62 scanners detect
a virus. Here is the list (only positives):
AegisLab: SUSPICIOUS
AVware: Trojan.AndroidOS.Generic.A
CAT-QuickHeal: Android.Cooee.Ee670 (PUP)
Cyren: AndroidOS/GenPua.185A3C66!Olympus
ESET-NOD32: a variant of Android/Cooee.E potentially unsafe
Fortinet: Riskware/Cooee_E!Android
Ikarus: AdWare.AndroidOS.Cooee
McAfee: Artemis!185A3C66DFD3
McAfee-GW-Edition: Artemis
Symantec Mobile Insight: AppRisk:Generisk
This confirms that the system app SystemUI of the latest official ROM is infected by a severe virus.
I posted my finding also on the ZOPO forum, but after several posts they do not accept messages any more claiming that they will be checked by the moderator.
I also recevied an email by ZOPO with the following answer:
Dear User
As we have told you before, if you flashed the software from our website, then it is ok.
Before we published, we would do full test, and it is no problem.
Thank you.
If you also can not accept this situation, please contact "[email protected]" and request a virus-free image.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Yes, I found this
https://photos.app.goo.gl/NYz1VRMQrZXOWDIj1
Thanks a lot for the useful hint!
I also checked my /system/lib/libandroid_runtime.so (directly from my phone) with virustotal.com: 18 of 59 engines detect a virus of the Triada class.
Then I checked the same file from the Speed 7 system image (from 2016-09-21). The file on the ROM image and on my phone are identical, so it has not been modified "from outside" (maybe by another malware). So the virus is definitely pre-installed on the latest ROM image on a system library level (which makes things even worse)!
BTW: which virus scanner did you use to get your results? None of the ones I used up to now detected the problem in libandroid_runstime.so
Dr web or Norton. I have my own port now. Zopo stock is not safe
Zopo Speed 7 / 7+ ROM from 2016-09-21
two installations will always appear after a while "youtube stopped working"
complete blocking of your mobile. I installed Zopo Speed 7+ ROM Ghost45 here is OK.
This is also quite funny: beside the latest ROM images for the Zopo 7 / 7+ / 7C, also the Forum App provided on zopomobile.com is infected with malware!
If the APK file (ZOPO-Forum_APP.apk) is scanned with virustotal.com, 12 of 62 engines detect malware.
After complaining about this on the zopomobile.com forum, all my threads located there were removed and they removed my permission to post anything.
My conclusions for the future: I will never buy ZOPO products again. I will think twice before I will buy a cheap chinaphone again.
si1 said:
This is also quite funny: beside the latest ROM images for the Zopo 7 / 7+ / 7C, also the Forum App provided on zopomobile.com is infected with malware!
If the APK file (ZOPO-Forum_APP.apk) is scanned with virustotal.com, 12 of 62 engines detect malware.
After complaining about this on the zopomobile.com forum, all my threads located there were removed and they removed my permission to post anything.
My conclusions for the future: I will never buy ZOPO products again. I will think twice before I will buy a cheap chinaphone again.
Click to expand...
Click to collapse
Hi, never ever buy ZOPO!
They remove again all posts frome zopo forum
Try my PORT, https://forum.xda-developers.com/sp...t-port-umi-touch-speed7-t3704343/post74498536
mstdzw said:
Hi, never ever buy ZOPO!
They remove again all posts frome zopo forum
Try my PORT, https://forum.xda-developers.com/sp...t-port-umi-touch-speed7-t3704343/post74498536
Click to expand...
Click to collapse
Dear mstdzw,
thanks a lot for the offer! Your port is for the Speed 7+ (ZP952), I own a Speed 7 (ZP951). Can I also install your port on the ZP951 without problems or does one have to modify the ROM image?
Thanks in advance!
si1 said:
Dear mstdzw,
thanks a lot for the offer! Your port is for the Speed 7+ (ZP952), I own a Speed 7 (ZP951). Can I also install your port on the ZP951 without problems or does one have to modify the ROM image?
Thanks in advance!
Click to expand...
Click to collapse
I think this should work. Added zip with zp951 kernel.
mstdzw said:
I think this should work. Added zip with zp951 kernel.
Click to expand...
Click to collapse
Thanks a lot - I will give it a try during the next weeks!
Did it work? My ZP951 is still stock, what is this android version?
thanks

Please help RK3188 device Rom

Hi guys desprate for some help on a android device RK3188 rockchip need to find firmware to get it to boot as im currently on blank screen but not bricked as i can still access the device through batch tool. I basically flashed the wrong firmware all info is bellow that i know Please Please help have asked in other forums but no one wants to help
elonex
AD181-SDCT-BBW1-A-V1
RK3188
ROCKCHIP
RK30SDK
RK30BOARD
ARM [email protected]
REVISION - R3PO
BUILD ID - CX-WF185IT-Z05-18.5-B1.02.20170412
BUILD/KOT49H
DALVIK 1.6.0
KERNEL VERSON 3.0.36+(ENG.ROOT.20151104.193426)
KERNEL ARCHITECTURE ARMV71
API LEVEL 19
OPEN GL ES 2.0
samsung 622
KLN8GIWEPD-B031
S4CRDMGXN
SKhynix
H5TQ2G83GFR
RDC 627V
DWMN0916LH1
Z05-V4.1 8G+1G
18.5/21.5-5V
04.600.ELC.0195
CXP02016376 KBL
ADW160851056
QL 16.19
z05 v4.1 8g+1g
Update
Im a tad bit disappointing no one has any replied as where to look or give any input to my problem some of us are not android gurus and so far i have spent 3 solid days trying to find out as much as possible to solve my problem. Anyhow be assured once i do crack this i shell do a complete guide for this for these boards and list all firmware links ect ect
UPDATE SO FAR
So iv been digging about digging around and yet still nothing on the firmware side of things but i have found the board make model which is
SunChip AD-Z05 V4.1 and the device is EL-1851AIO 18.5" screen
I have checked the site for firmware which has come up blank also the seller site of the device its self no firmware there ether but now i have better leads i might (fingers crossed) find it somewhere. I will keep this post updated as i go
anyone who has any idea's to this feel free to comment or message me.
Sirus187MDK said:
Update
Im a tad bit disappointing no one has any replied as where to look or give any input to my problem some of us are not android gurus and so far i have spent 3 solid days trying to find out as much as possible to solve my problem. Anyhow be assured once i do crack this i shell do a complete guide for this for these boards and list all firmware links ect ect
UPDATE SO FAR
So iv been digging about digging around and yet still nothing on the firmware side of things but i have found the board make model which is
SunChip AD-Z05 V4.1 and the device is EL-1851AIO 18.5" screen
I have checked the site for firmware which has come up blank also the seller site of the device its self no firmware there ether but now i have better leads i might (fingers crossed) find it somewhere. I will keep this post updated as i go
anyone who has any idea's to this feel free to comment or message me.
Click to expand...
Click to collapse
Hello,
i have the same thing like you. But im not a developer. Do you have any update about links to ROM or something? Many thanks.
Don't know if anyone still cares or is tinkering around with this, but I came into possession of a touchscreen display board with the AD-Z05 SoC ARM board.
For everyone's info, the AD-Z05 is made by SunChip and designed to be used by OEMs for various things. If you've ever tried hunting down info about it like I did, you'll find very little documentation about it besides this board overview:
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Note the "Update" button, located next to the power jack. This is our key to getting into the recovery environment. I haven't found a consistent method for getting it to work, but what seems to work most of the time is holding down the update button, connecting the power source, pressing the Power On/Off button, then waiting until the default android recovery screen is up (should only take about 10 seconds tops.)
From this point, I'm stumped on what to do. ADB reports that the device is in recovery mode, I can get a basic shell and browse the ROM, even finding some factory test binaries, but that's about it. This wiki deals with the Rockchip CPUs and has some useful utilites, but the RkDevTool reports that my CPU doesn't match whatever ID it's expecting. Trying to reboot into fastboot or this "maskrom" mode freezes the utility. I've tried reaching out to the manufacturer to see if they have any documentation, I'll post back if I find anything.
Edit: Also see the official Rockchip wiki.
GitHub - linux-rockchip/rkflashtool: Tools for flashing Rockchip devices
Tools for flashing Rockchip devices. Contribute to linux-rockchip/rkflashtool development by creating an account on GitHub.
github.com
Introduction - Kobol Wiki
Kobol Wiki
wiki.kobol.io
Firmware Upgrade Guide For RK3188 RK3288 RK3368 Devices
UPD: Rreflashing guide for linux Host PC added. BEFORE START What you need: 1. Image file 2. Host PC (Windows) 3. USB OTG Cable Supported host OS: 1. Windows XP (32/64bit) 2. Windows 7 (32/64bit) 3. Windows 8 (32/64bit) All manipulations I...
forum.xda-developers.com
Hello:
I'm not a developer in the least bit, but I'm trying to find firmware for AD-X37. I've done some searching and thought this might be helpful for anyone who might understand the information: https://www.oschina.net/informat/linux下go语言开发
【GoRK3288】1.Rockchip RK3288, GO!GO!!GO!!! - OSCHINA - 中文开源技术交流社区
前言: 最近看了看Google的Go语言,发现有点意思,这个开源的项目准备用golang来实现。 其实开发板本身的驱动程序已经实现了各个功能,但是有的时候在使用中有些麻烦,有可能需要修改dts文件重新编译内核才能够使...
www.oschina.net
Also, maybe this information about maskrom mode from https://wiki.t-firefly.com/en/Firefly-RK3288/upgrade_table.html
Focus on: In Windows, When Linux upgrade to the Android5.1, how to enter Maskrom Mode:
Steps are as follows:
In AndroidTool_v2.58, click “Erase Flash”, this step is erase IDB, it can’t erase flash, so it will appear “erase flash failed”;
Reboot, in AndroidTool_v2.35, click “Erase Flash”, when it finish, the board will enter Maskrom Mode;
Click “Upgrade” to start burn the Android5.1 firmware.
Sorry if this is not helpful at all. Please keep us updated.
Thank you for the info, @jimlarson77! Did you happen to see any steps for backing up the flash before erasing?
I did hear back from SunChip:
Sunchip is one of Apple's provider. We are professional manufacturer and designer of LCD digital signage which established in 2012,we have more than 80 engineers focus on Android mainboard's software and hardware R & D, commercial media player/box(support Android and Linux OS), also provide SKD parts for LCD digital signage.
Attached SPECS about AD-Z05 mainboard and hot selling models SPECS for your reference.
Click to expand...
Click to collapse
I've attached the specification sheets they gave me.
tgp1994 said:
Thank you for the info, @jimlarson77! Did you happen to see any steps for backing up the flash before erasing?
I did hear back from SunChip:
I've attached the specification sheets they gave me.
Click to expand...
Click to collapse
I did not see any steps for backing up the flash before erasing. I attempted to flash firefly firmware(through the complete steps listed in that last link I sent about Maskrom, and everything went perfectly until the firmware was flashed. Now the board I tried it on won't power on(I'm aware now that the firmware was not the correct one).
If you would like to run some tests with a functional or non-functional board, I could let you play around with a few that I have.
Thank you for the offer @jimlarson77. My curiosity is only from an amerature hobbyist perspective; I'm curious if I can get my digital sign working and flashed, but otherwise I will just try to part it out.

Android POS machine H10-1 made by Citaq? Can I reuse it for personal touch tablet?

Hey All
Its been a while since I got to play with anything these days but I recently found one of these POS 10in touchscreen units in the dumpster and it fires up into a menu running android. So I was hoping I could reflash this and use it like a tablet given it's also got a small thermal printer in it, so maybe try and save it from e-waste
I searched online for more details and came across this HERE which is identical to what I have so hoping I can root it and flash it with a clean android?
I would love to repurposed this to use as a touch screen tablet or similar, since it's got a GSM module and can take an SDCard too as I opened it up and took some pictures and I managed to get it in a recovery mode as well - from the PIX its using a rockchip RK3368
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
I am not sure if the mini usb port is a OTG port to try and use ADB but I have not been able to do much with it and hoping someone can guide me through to possibly a reflash or ways to unlook root and add in another bootloader/rom
I've downloaded the files from citaq website but so far not been successful to do much with it, has anyone played with these and turned them into something more practical for the home?
Here's hoping for some tips - Apology if this is in the wrong section, move as needed :good:
Cheers
Kosti
@Kostiz
Device actually is running Android 5.1.1. It seems it has only 1GB RAM what is far too little to run a full fledged Android.
As long as you don't replace device's Stock Recovery by TWRP or similar recoveries, after a successful rooting don't install Magisk and/or Xposed Framework, you're on the safe side to play with, IMHO.
As 1st step check whether device is accessable by means of both ADB and Fastboot.
jwoegerbauer said:
@Kostiz
Device actually is running Android 5.1.1. It seems it has only 1GB RAM what is far too little to run a full fledged Android.
As long as you don't replace device's Stock Recovery by TWRP or similar recoveries, after a successful rooting don't install Magisk and/or Xposed Framework, you're on the safe side to play with, IMHO.
As 1st step check whether device is accessable by means of both ADB and Fastboot.
Click to expand...
Click to collapse
Hey, Thanks for chiming in!
So in order to get ADB and or Fastboot its suggested to enable USB debugging in the device system settings, but I am not sure on how to do this, would it be safe to assume this is already USB debug is already enabled?
Could I back up the original stock recovery
I'm a little green on the whole process hence looking thought I'd ask here, I don't think I even have an OTG cable handy
I will see if I can load ADB on a windows box and try and talk to this unit
Cheers
Kosti
@Kostiz
An OTG-cable isn't needed, because the recovery menu
doesn't give you the opportunity to load something from an USB-device
OK, some success!
I went back and connected a mini USB straight to the PC and ADB driver installed detected the android device.
Ran ADB in windows powershell
So whats the best method to backup the entire ROM, and recovery files in the event I stuff this up?
Do I use just ADB for this or someother tools?
I did try one tool here from the vendors website but stuck as not sure what the Chinese characters mean..
Is the fact that this is only 1G i couldn't run Android at all and needs to be stripped down?
Cheers
Kosti
@Kostiz
Android Oreo Go Edition is a lightweight distribution of Android that runs better than normal Android on devices with <= 1 GB of RAM
How to backup device's Stock ROM is eplained here.
Thanks again mate!
Seem I have to do a lot of reading and thankfully everything is here, just got to spend time to read and have a go!
BTW how do I go about using volume rockers and power button to move around the menu in recovery when there is none but only the two buttons as shown the reset and recovery buttons on the main board?
BTW, the current ROM installed boots into a special menu, all other settings are hidden, would there be a way to enable seeing all the items and when getting the the settings (gear icon) that pops up in the corner, only takes me to the standard wifi menu to choose a wifi, so it seems everything else is hidden, if by enabling these I could potentially not need to do anything other than stop the default application from starting up - if that makes any sense
Could I just get back into a adb shell and try
adb shell
su
pm enable applicationname
I have to read up on rooting first I assume before I do much more, this is getting exciting, LOL :good:
Kostiz said:
BTW how do I go about using volume rockers and power button to move around the menu in recovery when there is none but only the two buttons as shown the reset and recovery buttons on the main board?
Click to expand...
Click to collapse
You use Android's HOME button to navigate within the Recovery menu, use POWER button to select option.
Hi, fellas! Please help me with one of these Citaq H10 POS. All we have is bootloop with some custom ROM showing vendor's logo.
Forcing it into recovery gives me some dead android screen with "No command" text.
Please guide me through this challenge, cause I have no other option but to ressurect it somehow.
Good news is that I have another one that is working fine, so we could try cloning it or something. Please help!
Yet I can't attach pics, cause of few posts, but if needed I can PM some.
citaq h10-2
I am also stuck with this machine citaq h10-2 , i did use a wireless kb to move up/down and not the 2 buttons on the motherboard , i can talk with it with ADB but all you can do is put it in sideload to upload new firmware and put it in fastboot but in fastboot you only get a black screen , what I have don is > opened up developer mode but you have no OEM UNLOCK tick box in side so running any bootloader unlock dose not work and i have run them all, if you google this machine for flashing new firmware you only get XDA this forum, unless any body knows another place to get the info from please let us know as i do think this would make a nice tablet with printer, the firmware is 5.1.1 and would love to put 6.0 or above on it but. i did download some firmware and used sideload to install it but it come up with error , i did try and make a backup but cannot do it ?, I think the firmware was from a galaxy s5 , I am not into all this firmware flashing so I am learning as I go along and if I brick it up well it was for free any way as the takeaway was shutting down and he gave it to me so no loss, if any body knows how we can get 6.0 or above on this machine please let us know.
A big thank you to all that can help put android 6.0 or above on this tablet.
Did you guys take a look at the solution here ? It worked for me ! All with a 2k ohm resistor...
Hola, alguien tiene la Rom de este dispositivo?

Toybox questions..

Hey hopefully I'm posting in the correct sub section if not can a mod please move this. First off just want to say thanks for the information I've gotten lurking the past few months. I'm basically completely new learning basic coding etc. Sorry for the rant my question is ive been experiencing some cyber attacks which are very confusing and a long story...I'll try to keep it short...
Currently I'm on an old Samsung a21(buying the a54 when it comes out soon) my wife has a Samsung a53. Both phones have toybox installed but this wasn't flashed by me. I flashed her phone with the stock firmware last week to attempt to rid the hacking on it. Is it even possible to flash toybox remotely? I wouldn't think so as you would need to have several things lined up plus it connected to a pc. Nearly every device in my house has been corrupted down to smart watches, Bluetooth low energy devices, and especially computers. All of my pcs registrys are completely infected. My wife swears this is not her and has no idea how to do any of this. I have my suspicions with certain "coincidences" happening which are to numerous to name. Sorry for posting this here but I don't know where else to ask. If anyone could even point me in the right direction I'm willing to put In work. I've called professionals that basically advised me to trash everything. That's all fine and dandy but I need to understand this issue to prevent it from happening again. The scope of this issue is way over my head but I've made decent progress in the last three months. I'll check out the toybox guides here to see if that offers some clues
Thanks In advance for any advice.
Since you didn't write specific facts, I'll just answer about toybox.
Toybox has been on Samsung phones for a long time and is a system application without the ability to manually do an update.
Toybox - Wikipedia
en.m.wikipedia.org
Hey thanks for the reply. I didn't understand it was native to android. Would it be normal to have toybox version 0.8.4? I'll attach a picture maybe you can give me a little direction to go in. My phones able to be controlled remotely,modded apps, some weird things going down. Thanks again I'm pulling my hair out looking commands up.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Ace1222 said:
(...) Would it be normal to have toybox version 0.8.4? I'll attach a picture maybe you can give me a little direction to go in. My phones able to be controlled remotely,modded apps, some weird things going down. (...)
Click to expand...
Click to collapse
Could you please ask the questions precisely?
There is nothing special in the attached picture.
You want to just do:
Code:
$ setenforce 0
But it probably won't let you do that because your shell is not root.
Ace1222​
Toybox since Android 6 is default component of Android OS: it replaced former Toolbox. Toybox is located either in /system or in /vendor partition.
Latest Toybox version is 0.8.9 ( conatains SU cmdlet ), can get downloaded from here:
Index of /toybox/bin
landley.net
Renate said:
You want to just do:
Code:
$ setenforce 0
But it probably won't let you do that because your shell is not root.
Click to expand...
Click to collapse
This only temporarliy disables SELinux what isn't needed when updating Toybox binary.
jwoegerbauer said:
This only temporarliy disables SELinux what isn't needed when updating Toybox binary.
Click to expand...
Click to collapse
I was only correcting the syntax on the OP's post #3.
jwoegerbauer said:
This only temporarliy disables SELinux what isn't needed when updating Toybox binary.
Click to expand...
Click to collapse
How is the user supposed to update the binary file when there is no root?
I never here said rooting Android is not needed to update Toybox binary.
To clarify things:
1. Obtaining Root only allows you the ability to modify the system. E.g. mounting partitions accessible as RW.
2. SELinux is a completely different entity. To change a devices SELinux State is written into the devices Kernel. The kernel is a part of the ROM. It determines whether or not the device is permitted to change it's SELinux State.
jwoegerbauer said:
I never here said rooing Android is not needed to update Toybox binary.
To clarify things:
1. Obtaining Root only allows you the ability to modify the system.
2. SELinux is a completely different entity. To change a devices SELinux State is written into the devices Kernel. The kernel is a part of the ROM. It determines whether or not the device is permitted to change it's SELinux State.
Click to expand...
Click to collapse
OK.
jwoegerbauer said:
This only temporarliy disables SELinux what isn't needed when updating Toybox binary.
Click to expand...
Click to collapse
How is user Ace1222 supposed to update the binary file when he does not have root, as you can see in the screenshot?
The user did not write that he has/wants root.
If you would carefully read my posts -> the solution already implicitely was given by me: make use of temporary root!
jwoegerbauer said:
If you would carefully read my posts -> the solution already implicitely was given by me: make use of temporary root!
Click to expand...
Click to collapse
Since you did/know how to do it on the Samsung Galaxy A21 and on the Samsung Galaxy A53 without burning the KNOX flag, just write. The user did not ask for it, but since you are advising, advise completely.

			
				
@jwoegerbauer
OP is not asking for updating toybox
there is no such "temporary root" for android on real devices (such as smartphones and tablets)
the toybox linked cannot replace the android version of toybox
toolbox is holding android specific applets (such as getevent) and cannot replaced by toybox
2 & 3: You're absolutely wrong. I kindly ask you to end spreading nonsense, TIA.
4: Yes, Toybox doesn't contain getevent cmdlet as Toolbox does, but that's abolutely irrelevant here.
get yourself a smartphone and learn the basics. I will pay $ 100 if you show any proof of your magic temporary root.
Sorry for causing any tension and debates here guys. I am interested in root access if that's what's needed. I'm totally ignorant and can sort of follow along what was posted. For clarification I don't have access to the rom folder even for read privileges. My intent is to figure out how/why my devices are being manipulated. E.g. why are there custom apps,partitions,user profiles, different access levels to folders that aren't in the root directory? Obviously my devices have been tampered with but I'm to ignorant to provide the information to help you help me.
Renate said:
You want to just do:
Code:
$ setenforce 0
But it probably won't let you do that because your shell is not root.
Click to expand...
Click to collapse
Yeah I tried that days ago and like you expected permission denied...
on bootloader locked devices system cannot modified. samsung devices are secure, a simple factory reset will remove all potential malware. just don't use the same samsung/google accounts again afterwards and do not restore backup of apps you don't know.

Categories

Resources