Related
This is a CyanogenMod 12.1 ROM for the Exynos3470 based Samsung Galaxy Tab 4 7.0 LTE (T235/T235Y).
DO NOT USE IT FOR T230(NU)/T231 OR YOU WILL BRICK YOUR DEVICE
Although T235 and T230(NU)/T231 (T230:WiFi / T231:3G) share the "Galaxy Tab 4 7.0" name they are not related in terms of hardware due to the different SoCs used (Samsung Exynos3470 vs. Marvell PXA1088).
Hence please do not ask for support or ROMs for the T230(NU)/T231.
Working features
Receiving and making calls
Hardware sensors (Acceleration)
Audio
Bluetooth
Wifi
HW accelerated GUI
MTP storage
GPS
USB-OTG (Mass-Storage, Keyboard, Mouse working, USB-Audio untested)
Camera (pictures+video: Back+Front)
Non-working features:
SELinux
Known issues:
See the Bug Report section of this thread
Disclaimer:
You flash this image at your own responsibility. I am not responsible for any damage that might be caused by flashing this image (bricked device, lost data, ...)
Flashing this kernel image will trigger the KNOX counter, so your warranty will be void.
Applications that use KNOX (e.g. "Private Mode") might not work anymore when returning to the stock ROM, as the device is regarded as compromised. Do not flash this ROM if you need those applications.
The image is only for Tab 4 7.0 SM-T235 and SM-T235Y (Exynos)
It might be instable, crash your device, drain your battery, or even might damage your smartphone
Backup your data before flashing and check if the original firmware is present (e.g. at SamMobile)
Click to expand...
Click to collapse
Before you start:
Backup your data, like call history, contacts, sms, WhatsApp messages, favourite app settings that are on internal and external sd (by using Titanium Backup or other apps available on PlayStore). At least all internal data will be lost in any case. If you have bad luck you might also loose data from your external sd card.
Download:
Odin3-v1.85
TWRP 2.8.7.0 recovery image [09/08/2015] (AndroidFileHost Mirror)
CM 12.1 ROM (AndroidFileHost Mirror)
Google Apps (contains Google Play, ...) for Android 5.1.1 from Jajb (Recommended) or the one that suits you best from Consolidated GApps.
Install recovery:
Reboot your device into Odin mode: turn off your device, then press Volume-Down + Home + Power button at the same time and release them.
Confirm the following warning message with the Volume-Up button.
Connect your device to your PC via USB
Make sure the device driver's are installed on your PC
Start Odin
In Odin select PDA and select the recovery image (recovery.tar.md5)
Check that only "Auto Reboot" and "F. Reset Time" is set
Click on "Start": the kernel image should be flashed now and the device should reboot afterwards. By flashing the recovery, your warranty will be void.
After the recovery flashing process was successful, power of your device. If not restart into Download mode and flash again or flash the stock rom.
Before you flash:
You need the latest TWRP recovery (see links above). Otherwise TWRP might not be able to flash the ROM.
Wipe the device to avoid problems with remaining files from the old installation (see instructions below). This also applies if you already installed an older version of CM 12.1.
Flash CyanogenMod:
Reboot into recovery mode (Press Volume-Up + Home + Power button)
If you come from a stock ROM, this is your opportunity to make a Backup of your phone(Backup, then select Boot, System, Data, then swipe to backup). Note that the recovery might fail to restore the backup when you want to go back to the stock ROM (for me it got stuck after a restore during boot. But the backup was made with a different version of TWRP, so it might work in general) - simply do not expect too much of it at the moment.
If you haven't copied the installation files yet, you can now copy the GApps and CyanogenMod zip to your internal sd or external sd (be careful not to put the files into the data directory of the internal sd card as this will be deleted in the next step). Be sure that MTP is enabled (inside Mounts, click on Enable MTP), then, from your pc, copy the files. If MTP does not work from recovery, try it directly from Android or remove the external sd card from the phone and put it into your PC.
Wipe Dalvik Cache, Cache, System and Data (inside Wipe -> Advanced Wipe). Do not report problems if you did not wipe those partitions as the problems are most probably related to this!
Install the CM 12.1 ROM zip-package
Install the GApps zip-package
Reboot the system and enjoy a Lollipop
How to root:
No SuperSu is needed as CyanogenMod already comes with integrated root support. Root access is disabled by default.
You normally do not need root access. If you want to activate root access for apps, do the following:
Open the Settings menu, select "About Phone"
Tap on the "Build number" entry seven times. You should be notified, that the developer settings are now active.
Open the Settings menu, select "Developer options". Enable root access by selecting "Apps" in the "Root-Access" setting.
In case you want to go back to the stock ROM:
lf you do not have the latest stock ROM you can download it from SamMobile
Reboot your phone into Odin mode
Open Odin on your PC and connect your smartphone with your PC via USB
If you have a zip-file unzip it so that you have a .tar.md5 file
In Odin click on the PDA button and select the .tar.md5 file. Then press "Start".
Normally the stock rom fails to boot as the data from CM12 is still on the data partition. So after flashing the stock rom, reboot into recovery mode (it looks a bit different now). First wipe the data partition, then wipe the cache.
Reboot
Changelog
Code:
09/08/2015:
*Update kernel to T235XXU1AOD1
*Synchronize with newest CM 12.1 sources (contains stagefright patches)
*Fixed black screen on minimal brightness
12/07/2015:
* Charging animation in standby-mode fixed
11/07/2015:
* Update to newest CyanogenMod sources (LMY48G)
* Left touchkey working now (configured as App-Switch button)
* Camera Preview working (saving a picture might still crash)
30/06/2015:
* Image sizes reduced to fix "unable to mount /system" problems
28/06/2015:
* Initial test-build
This section is for developers:
A README file with build instructions can be found here:
https://github.com/cm-3470/patcher_degaslte
Sources:
Code:
https://github.com/cm-3470/android_device_samsung_degaslte
https://github.com/cm-3470/android_vendor_samsung_degaslte
https://github.com/cm-3470/android_kernel_samsung_degaslte
https://github.com/cm-3470/android_device_samsung_smdk3470-common
Developers welcome
Help from other developers is always welcome. See the bug/feature section and this thread to see what is missing. Just give some short info (here in this thread or PM) that you want to work on some issue or feature so that work can be synchronized. Maybe there are also other devs that want to work with you on the same issue.
Knowledge in how the kernel works and good programming skills in C, C++ and Java would be nice but not necessary for all problems. At least you should be able to build the ROM and test your changes yourself but you do not need experience in porting ROMs.
XDA:DevDB Information
[T235][ROM][5.1.1][LMY48G] CyanogenMod 12.1 for T235(Y) [Alpha 09/08/2015], ROM for the Samsung Galaxy Tab 4
Contributors
hennymcc
Source Code: https://github.com/cm-3470
ROM OS Version: 5.1.x Lollipop
ROM Kernel: Linux 3.4.x
ROM Firmware Required: TWRP Recovery [version from 09/08/2015]
Based On: CyanogenMod
Version Information
Status: Alpha
Created 2015-06-29
Last Updated 2015-09-24
i've tried to test the rom but i can't install so far... i've wiped all but it said it can't mount system again...
http://www.mobosdata.com/samsung-galaxy-tab-4-7-0-lte-sm-t235y
According to this the SM-T235Y is based on Marvel cpu vs exynos on the sm-t235
Does anyone really know the differences ? On another page i read the sm-t235y has a snapdragon 400 ...
Hectic confusing samsung numbering + different devices with same model name .
@hennymcc
do you have included selinux_defconfig in your twrp kernel?
androidboot.selinux=disabled at twrps kernel cmd line should be removed
i wiped system and all partitions using your new twrp but when i install the zip file then /system becomes unmountable
/system is formated ext4
should i try to format it f2fs ?
interstellar22 said:
i wiped system and all partitions using your new twrp but when i install the zip file then /system becomes unmountable
/system is formated ext4
should i try to format it f2fs ?
Click to expand...
Click to collapse
any marvell devices will not work with this or any other custom rom.
sub77 said:
any marvell devices will not work with this or any other custom rom.
Click to expand...
Click to collapse
this is an exynos device not marvell
and now for some reason i cant restore the backup i made
i tryed restorng the backup with twrp 2.8.6.0 recovery from this thread and the 2.8.1.0 from the other.
one gives boot animation loop and the other is stuck at boot
hennymcc said:
In case you want to go back to the stock ROM:
lf you do not have the latest stock ROM you can download it from SamMobile
Click to expand...
Click to collapse
Stock Roms on Android File Host (quicker, free-er host site than Sammobile)
@interstellar22 did you try wiping cache after you restored, before you booted?
thisisapoorusernamechoice said:
Stock Roms on Android File Host (quicker, free-er host site than Sammobile)
@interstellar22 did you try wiping cache after you restored, before you booted?
Click to expand...
Click to collapse
i tryed once without wiping cache, but i had cache backed up also
then i tryed to do a factory reset
still stuck at bootlogo
and adb logcat and adb devices shows nothing
sub77 said:
@hennymcc
do you have included selinux_defconfig in your twrp kernel?
androidboot.selinux=disabled at twrps kernel cmd line should be removed
Click to expand...
Click to collapse
The default selinux setting is enforced. As the selinux configuration files are not complete, Android would not boot.
Setting androidboot.selinux=permissive might work, but when I tested this setting on my S5 mini, it was rather unstable for some reason.
interstellar22 said:
http://www.mobosdata.com/samsung-galaxy-tab-4-7-0-lte-sm-t235y
According to this the SM-T235Y is based on Marvel cpu vs exynos on the sm-t235
Does anyone really know the differences ? On another page i read the sm-t235y has a snapdragon 400 ...
Hectic confusing samsung numbering + different devices with same model name .
Click to expand...
Click to collapse
sub77 said:
any marvell devices will not work with this or any other custom rom.
Click to expand...
Click to collapse
interstellar22 said:
this is an exynos device not marvell
Click to expand...
Click to collapse
T235 and T235Y definitely use Exynos 3470 SoCs. Here an extract from the T235Y default.prop:
Code:
ro.product.model=SM-T235Y
ro.product.name=degasltezt
ro.product.device=degaslte
ro.product.board=universal3470
ro.chipname=exynos3470
The default.prop file of the T235 is similar, only that the product name is degasltexx.
Marvell's PXA1088 SoC is used in the T230/NU which is the non-LTE (WiFi-only) variant of the Tab 4 7.0.
Marvell's PXA1088 and Samsung's Exynos3470 are totally different and have nothing in common (except an ARM core), the same applies to Qualcomm's Snapdragon. There are many websites that mention wrong SoC names as Samsung's naming scheme is rather confusing.
The same applies to the S5 Mini: G800F/M/Y -> Exynos3470, G800H -> Qualcomm Snapdragon.
corneo said:
i've tried to test the rom but i can't install so far... i've wiped all but it said it can't mount system again...
Click to expand...
Click to collapse
Code:
Info: format successful
I:mkfs.f2fs -t 1 /dev/block/mmcblk0p18 process ended with RC=0
Done.
Why was the system partition formatted with f2fs? The default file system is ext4.
The TWRP partition table is hardcoded to ext4 so that's probably the reason for these lines:
Code:
E:Unable to mount '/system'
I:Actual block device: '/dev/block/mmcblk0p18', current file system: 'ext4'
Could you reformat it with ext4?
interstellar22 said:
i tryed once without wiping cache, but i had cache backed up also
then i tryed to do a factory reset
still stuck at bootlogo
and adb logcat and adb devices shows nothing
Click to expand...
Click to collapse
Did you flash the stock ROM with Odin?
And afterwards wipe the data partition and then the cache with the _stock_ recovery (as TWRP is not available after flashing the stock ROM)?
interstellar22 said:
i wiped system and all partitions using your new twrp but when i install the zip file then /system becomes unmountable
/system is formated ext4
should i try to format it f2fs ?
Click to expand...
Click to collapse
Short summary:
interstellar22 and corneo tried it so far and both got the error message "/system unmountable"
Strange that corneo was able to generate an error log.
@corneo: did you create the log with adb?
At least according to corneo's log, it seams that after the F2FS format the partition is reformatted with EXT4 afterwards:
Code:
Formatting system using make_ext4fs function.
It also says:
Code:
erasing 588800 blocks
blkdiscard failed: Invalid argument
writing 134395 blocks of new data
lseek64 failed: Invalid argument
I:Legacy property environment disabled.
E:Error executing updater binary in zip '/external_sd/cm-12.1-20150627-UNOFFICIAL-degaslte.zip'
Error flashing zip '/external_sd/cm-12.1-20150627-UNOFFICIAL-degaslte.zip'
Not that sure about what causes this error. Maybe the partition sizes have to be changed.
hennymcc said:
Short summary:
interstellar22 and corneo tried it so far and both got the error message "/system unmountable"
Strange that corneo was able to generate an error log.
@corneo: did you create the log with adb?
At least according to corneo's log, it seams that after the F2FS format the partition is reformatted with EXT4 afterwards:
Code:
Formatting system using make_ext4fs function.
It also says:
Code:
erasing 588800 blocks
blkdiscard failed: Invalid argument
writing 134395 blocks of new data
lseek64 failed: Invalid argument
I:Legacy property environment disabled.
E:Error executing updater binary in zip '/external_sd/cm-12.1-20150627-UNOFFICIAL-degaslte.zip'
Error flashing zip '/external_sd/cm-12.1-20150627-UNOFFICIAL-degaslte.zip'
Not that sure about what causes this error. Maybe the partition sizes have to be changed.
Click to expand...
Click to collapse
i've created the log in recovery and copied it to sd.
now i flashed the tab again with odin and try it again. same issue...
Gesendet von meinem One M8
i managed to get the original firmware back with odin
could it be that the system.new.dat file is corrupted ?
i had formated system with ext4 then did the update and was still getting unable to mount /system afterwards
so most probably the system.new.dat file has some problems or i have no idea why i cant mount /system afterwards
Maybe it is caused by wrong BOARD_...IMAGE_PARTITION_SIZE values in BoardConfig.mk.
Could you please post the contents of /proc/mounts and /proc/partitions:
Code:
cat /proc/mounts
cat /proc/partitions
The above should be performed from the stock ROM. The device must be rooted.
Hmm, the problem might be here:
Code:
Patching system image unconditionally...
blockimg version is 2
erasing 588800 blocks
blkdiscard failed: Invalid argument
writing 134395 blocks of new data
lseek64 failed: Invalid argument
588800 * 4096 = 2411724800 bytes (2,2GB)
This is the value of the BoardConfig.mk taken from the S5 Mini (BOARD_SYSTEMIMAGE_PARTITION_SIZE := 2411724800).
But the system partition is only 2233466880 bytes:
Code:
/system | /dev/block/mmcblk0p18 | Size: 2096MB Used: 1828MB Free: 268MB Backup Size: 1828MB
Code:
I:wipe_path '/system'
Formatting System using make_ext4fs function.
Creating filesystem with parameters:
Size: 2233466880
The system.img itself is only 500MB in size. So I guess reducing the image size should fix the problem.
An updated ROM is available. The image sizes have been reduced. I hope this fixes the problems with the system-partition.
Also use the new TWRP recovery as the partition sizes might be hardcoded in the old one.
good news! new recovery and system image works! very smooth so far, searching for bugs now. the only one i found are the extended settings option. it doesn't work but thats no problem for me. thank you very much!
Gesendet von meinem One M8
Greetings!
I'd like to present a TWRP recovery for the single-sim Xperia X. This release works on Xperia X F5121 and F5122
DISCLAIMER:
I'm not responsible for any damage done to your device. You have been warned.
REQUIREMENTS
Unlocked bootloader
Working ADB and Fastboot (You can get the latest version through Android Studio or by visiting this site)
FEATURES
MTP support
ADB Sideload
Backups and restores almost every partition
Full SELinux support
Working encryption. You can access /data within recovery
NEEDS TESTING
USB-OTG
DOWNLOADS
INSTALLATION
Unlock the bootloader
Download the file
Put the following code in CMD/Terminal:
Code:
fastboot flash recovery twrp-3.1.1-suzu-*.img
//Replace * with the version you want to flash
Unplug the cable
Press Volume Down + Power to activate the recovery. When installed properly, the device should vibrate funnily, purple LED should appear and after a couple of seconds you should see the TWRP screen.
Enjoy!
BUILD
You need to sync the OmniROM and vendor blobs from DonkeyCoyote. You can find my sources on GitHub.
android_device_sony_loire_common
https://github.com/omnirom/android_bootable_recovery/commits/android-7.1
Thanks:
@grayleshy - for initial TWRP
@AndroPlus for some of his flags
OmniROM team for sources
If you find my work useful, consider buying me a cup of coffee
[TWRP] TWRP 3.1.0 for Xperia X
Old OP below:
Team Win Recovery Project 3.1.0
REQUIREMENT:
- Unlocked bootloader
FEATURES:
- MTP support
- USB OTG storage support
- Covers most partitions for nandroid backups
- ADB root
- Full SELinux support
- Support for partition decryption
Download: Dropbox
Installation via the bootloader (Platform-tools (adb & fastboot))
Code:
fastboot flash recovery recovery.img
Running TWRP: turn the phone off, wait 5 seconds, then pinch at the same time the power key and the volume down key until the device vibrates, release the keys. Recovery starts within 5-10 seconds.
DISCLAIMER:
No one is responsible for any damage done to your device but YOU. You've been warned.
Special thanks kistigun for testing recovery on the device.
Changelog: twrp.me
TWRP was going on OmniRom 7.1 sources and XperiaDeveloper.
SOURCEs: Suzu; loire; Common.
Nice work! Finally no more decryption problems on the X!
Working well, thanks!
One question ; is it possible to reboot the recovery via twrp reboot menu (or use an app like flashfire /flashify)? When I've tried the phone boots normally instead.
baddesthad said:
One question ; is it possible to reboot the recovery via twrp reboot menu (or use an app like flashfire /flashify)?
Click to expand...
Click to collapse
Unfortunately the reboot Recovery does not work from the specifics of the section, but in the future maybe will be fixed. If I don't find how to fix that button will be removed.
samavar89 said:
Unfortunately the reboot Recovery does not work from the specifics of the section, but in the future maybe will be fixed.
Click to expand...
Click to collapse
Good to know, thanks for clarifying
Is there a difference to the 3.1.0 TWRP recovery from the Poison thread?
Oel said:
Is there a difference to the 3.1.0 TWRP recovery from the Poison thread?
Click to expand...
Click to collapse
Yes, this TWRP version has decryption problem fixed. So you can acces internal memory(and make a full backup) without the need of doing a full whipe & format /DATA
kistigun said:
Yes, this TWRP version has decryption problem fixed. So you can acces internal memory(and make a full backup) without the need of doing a full whipe & format /DATA
Click to expand...
Click to collapse
Ah...
Ok, Thanks!
kistigun said:
Yes, this TWRP version has decryption problem fixed. So you can acces internal memory(and make a full backup) without the need of doing a full whipe & format /DATA
Click to expand...
Click to collapse
No,
don't ask password but I can't access my internal memory.
I install zip file from my external sd card only.....no full backup...
someone knows a recovery that finally works?
robby.pgn said:
No, don't ask password but I can't access my internal memory.
I install zip file from my external sd card only.....no full backup...
Click to expand...
Click to collapse
This problem is strange, please provide a log recovery.
I flashed this on my xperia x dual on nougat 7.0
I can go to recovery but when i try to turn on the phone normally it says "The phone is corrupt and cant be trusted bluh bluh..."
it says press power button to continue but when i press it screen turns off and nothings happens
what should i do?!
Kianush said:
I flashed this on my xperia x dual on nougat 7.0
I can go to recovery but when i try to turn on the phone normally it says "The phone is corrupt and cant be trusted bluh bluh..."
it says press power button to continue but when i press it screen turns off and nothings happens
what should i do?!
Click to expand...
Click to collapse
In Your kernel there is support for DM-Verity and Sony RIC?
it's stock kernel man, I unlocked bootloader and flashed stock nougat for xperia X dual sim
I just wanna root it, if there is any other way pls help me out
-----
btw after this problem i used flashtool to flash system and kernel from stock rom to be able to use my phone again
robby.pgn said:
No,
don't ask password but I can't access my internal memory.
I install zip file from my external sd card only.....no full backup...
someone knows a recovery that finally works?
Click to expand...
Click to collapse
Kianush said:
it's stock kernel man, I unlocked bootloader and flashed stock nougat for xperia X dual sim
I just wanna root it, if there is any other way pls help me out
-----
btw after this problem i used flashtool to flash system and kernel from stock rom to be able to use my phone again
Click to expand...
Click to collapse
use this tool/guide to make a rooted kernel(and edit DM-Verity and Sony RIC): https://forum.xda-developers.com/xp...oot-automatic-repack-stock-kernel-dm-t3301605
grayleshy said:
Team Win Recovery Project 3.1.0
Click to expand...
Click to collapse
I've installed and tried this TWRP in my Xperia X with MM. Very nice that it can access the data partition! I did not try to install any zip yet.
Some problems I've seen:
dmesg.log: no output
recovery.log: https://pastebin.com/EwbtuC9q
What is interesting in the output:
Code:
I:cmd: /sbin/exfat-fuse -o big_writes,max_read=131072,max_write=131072 /dev/block/mmcblk1p1 /external_sd
CANNOT LINK EXECUTABLE "sh": cannot locate symbol "__fwrite_chk" referenced by "/sbin/busybox"...
I:exfat-fuse failed to mount with result '', trying vfat
I:Unable to mount '/external_sd'
I:Actual block device: '/dev/block/mmcblk1p1', current file system: 'vfat'
Looks like something is not right with the busybox in the image. Maybe it is that what is causing the external sdcard (in my case in exfat filesystem) not being mounted?
Thanks
robby.pgn said:
don't ask password but I can't access my internal memory.
I install zip file from my external sd card only.....no full backup.
Click to expand...
Click to collapse
This problem is almost resolved, just need to test, but I don't have time to compile recovery. In the test version recovery without decryption, problem solved.
juliompinheiro said:
I've installed and tried this TWRP in my Xperia X with MM. Very nice that it can access the data partition! I did not try to install any zip yet.
Some problems I've seen:
dmesg.log: no output
recovery.log: https://pastebin.com/EwbtuC9q
What is interesting in the output:
Code:
I:cmd: /sbin/exfat-fuse -o big_writes,max_read=131072,max_write=131072 /dev/block/mmcblk1p1 /external_sd
CANNOT LINK EXECUTABLE "sh": cannot locate symbol "__fwrite_chk" referenced by "/sbin/busybox"...
I:exfat-fuse failed to mount with result '', trying vfat
I:Unable to mount '/external_sd'
I:Actual block device: '/dev/block/mmcblk1p1', current file system: 'vfat'
Looks like something is not right with the busybox in the image. Maybe it is that what is causing the external sdcard (in my case in exfat filesystem) not being mounted?
Click to expand...
Click to collapse
This issue failed to reproduce, and yet there is no solution. You the problem is not in Busybox, and something else.
grayleshy said:
Running TWRP: turn the phone off, wait 5 seconds, then pinch at the same time the power key and the volume down key until the device vibrates, release the keys. Recovery starts within 5-10 seconds.
Click to expand...
Click to collapse
For whatever reason I'm not able to boot into TWRP like I should be. I've used the poison version of TWRP before so I know what to do, and yet the phone will just boot normally despite holding volume down and power when off.
I know that TWRP is installed though as I am able to boot to it if I first boot to the bootloader using a USB cable but that is very cumbersome to do though.
grayleshy said:
This issue failed to reproduce, and yet there is no solution. You the problem is not in Busybox, and something else.
Click to expand...
Click to collapse
Clearly for the image available at your dropbox there are some libraries dependency errors, not only for the 'busybox', but also for other binaries that are in /sbin.
I do not know why this issue is only happening on my device since you said you can't reproduce this error. If there is anything I can do to help solve this strange behavior, count on me. I am an advanced linux user, but not too familiar with android specifics.
On latest 333 ROM for UK so that fingerprint scanner works on my Xperia X F5121.
I also modified by kernel/boot so that TWRP doesn't brick (actually boot loop) the device like it did the first time. After using these awesome instructions flashing TWRP recovery from here didn't kill the device any longer: https://forum.xda-developers.com/crossdevice-dev/sony/root-root-stock-firmware-modern-sony-t3558904
I was able to take an early nandroid backup before a bunch of Titanium restores, etc. Now I get stuck at "Backing up data" step and it literally doesn't move to the next file. Attaching an image of where I get stuck. FYI, I do use password encryption on the backup and I did disable MD5 creation... still just stuck.
Next tests are to:
see if the stall is on the same exact file number
try no encryption
do a check disk (fsck) type of repair just in case I have corruption --- on my brand new device
Any suggestions greatly appreciated!
UPDATED:
I only back up Boot, System & Data (the default)
On second attempt it stopped at file 18869 of 22065 --- so it does jump and not consistently stop at a certain file.
OFFICAL TWRP RELEASED, this thread is no longer active. 3-30-2018
https://twrp.me/motorola/motorolamotox4.html
---
UNOFFICIAL BUILDS -- USE AT YOUR OWN RISK AND KNOW HOW TO GET YOURSELF OUT OF TROUBLE IF IT ARISES. I ASSUME NO RESPONSIBILITY FOR YOUR BROKEN THINGS.
UPDATED 01-11-2018
There are now 7.1 based and 8.0 based builds. Obviously, be careful to select the proper download. While I don't think flashing/booting the wrong one would permanently brick the device, let's not find out
For now I will not be attempting to make data decryption work. It is REQUIRED that you unencrypt your device by formatting userdata, so back up your stuff first.
IMPORTANT NOTES: TWRP for OREO is a bit of a pain as it currently requires manually editing your fstab. I have tried to automate this process, but it breaks stuff. So just be aware before you begin that it is a rather time consuming process.
If you make any change to your boot partition after flashing SuperSU, you will need to reflash it or you will get a bootloop.
8.0 OREO TWRP INSTALLATION:
OREO SEEMS VERY FINICKY AND DOES NOT LIKE CHANGES TO ITS FILESYSTEM -- BE PREPARED TO REFLASH STOCK.
0. FLASH OREO FACTORY IMAGE (may work otherwise, but we should be starting from fresh stock here)
1. Download FASTBOOT BOOTABLE TWRP for 8.0/OREO below
2. Download SuperSU 2.82 SR5 below
3. Move SuperSU to external SD or USB OTG
4. From bootloader, fasboot BOOT TWRP
5. Flash SuperSU (note: do not format /data now... not necessary and will cause errors on boot)
6. Reboot system
7. With any root file editor/text editor (Amaze, Total Commander, etc) open /system/vendor/etc/fstab.qcom as a text file for editing.
8. At the end of the /data partition entry, delete "fileencryption=ice" and replace it with "encryptable=footer".
9. Save fstab.qcom (and make sure it is actually saved properly!)
10. Reboot to bootloader and fasboot BOOT TWRP
11. Go to Wipe, hit the FORMAT DATA button, and type "yes" to format /data. This will erase your data, obviously:silly:
12. Reboot system (should now be unencrypted, verify in Settings>Security or by booting TWRP and checking /data with File Manager.
If you later choose to flash TWRP (not the bootable we used here!), you may need to flash SuperSU again to avoid bootloops.
7.1.1 NOUGAT TWRP INSTALLATION:
1. Download current TWRP for 7.1.1 build below
2. Download SuperSU 2.85 SR5 (https://forum.xda-developers.com/apps/supersu/2014-09-02-supersu-v2-05-t2868133
3. Move SuperSU to your external Micro SD card.
4. Fastboot flash the TWRP image.
5. Reboot to TWRP.
6. FORMAT data (not wipe...use the "FORMAT DATA" button and type "yes". OBVIOUSLY THIS WILL ERASE YOUR DATA)
7. Install SuperSU 2.85 SR5
8. Reboot to system (it WILL bootloop a couple times...don't panic!) and confirm that device is unencrypted by checking that SETTINGS>SECURITY>ENCRYPTION now prompts "encrypt" (don't do it).
DOWNLOADS:
TWRP FOR 7.1.1 (Nougat) DOWNLOAD: https://drive.google.com/open?id=1Et-AQgCNx7WDAwzihlI51euUa2ixKHEP
TWRP FOR 8.0 (Oreo) DOWNLOAD: https://drive.google.com/open?id=1WcVS_3rloF7jxPulj_jKxfsp3zy5pB5N
FASTBOOT BOOTABLE TWRP IMAGE (OREO BASED): https://drive.google.com/open?id=12ClviqtEjtflB63UQ1CZQNKEqkprBO0u **For temporary TWRP boot using "fastboot boot". Do not flash or you will be stuck in recovery!**
DEVICE TREE: https://github.com/mightysween/android_device_motorola_payton (NEEDS TO BE UPDATED WITH OREO BRANCH)
changelog:
BETA4
-reverted to 3.2.0 for current build (release candidate rebased to 3.2.1).
-fixed "format data" button
-finalized fstab for OTG/SD/INTERNAL mounting
-target is now UNENCRYPTED devices only (/data decrypt will not be fixed)
BETA3
-Rebased to TWRP 3.2.1
-USB OTG working
-all partitions mounting correctly
-considered working except for decrypt and MTP/ADB
BETA2
-fixed internal storage mount
BETA1
- updated source to TWRP 3.2.0
ALPHA3
- Fixed USB mounting (adb/mtp still nonfunctional) BROKEN IN BETA1
ALPHA2
- SD Card fixed
ALPHA1
- /system is now properly mounted.
- now plays nice with our working root method.
- ramdisk is patched to prevent first boot encryption once /data is decrypted (now requires flashable ZIP)
NOT WORKING:
adb/mtp/sideload
/data decryption (abandoned -- /data access requires unencryption)
CREDITS: @kraatus90 for kernel fix, @Chainfire for SuperSU, @jcadduono for no-verity-opt-encrypt scripts.
---
Thanks so much for all your work!
hi,
you said this is really unstable and could brick the device easily. however, you seem to be testing and experimenting with your device a lot, so i'd like to ask if you have any particual unbrick method that you use when something goes wrong.. like, a via fastboot flashable image or something simmilar...?
thanks for your work!
Thanks for you work. If you have any unbrick methods pls tell.appreciated your work ?
I am not going to provide step by step "unbrick" methods, because until the partitioning is properly set up, TWRP has potential access to things that can not be fixed.
Again, this is still highly experimental.
All that said, my entire process to protect any device remains the same: Have a backup for every partition you will be testing, make as few changes as possible at a time, test boot images before flashing (fastboot boot), and test restore methods frequently (flashing back to stock or backups), and don't do anything unless you are highly certain of the outcome.
By those standards, there is nothing to gain by installing TWRP right now, as its basic function (install/backup/restore) is not set up yet.
Found the BoardConfig flag to enable FBE (TW_INCLUDE_CRYPTO_FBE := true) but do not have the lib it is dependent on (libe4crypt) and I don't see it anywhere yet...
For reference (not sure this is most current, but it demonstrates the process)
https://github.com/nijel8/TWRP/commit/bd7492de28963b7e74e8e5d3f17ec9a5a287d9c3
I have confirmed that FBE support is present in the source, dependent on this missing module... so need to figure out where/how to enable it.
It is possible that this entire process is specific to only certain devices (i.e. Pixel, Nexus). If this is the case, we may be stuck at this point for awhile.
Obvious workaround is to not be encrypted to begin with -- but that isn't a "solution".
mightysween said:
It is possible that this entire process is specific to only certain devices (i.e. Pixel, Nexus). If this is the case, we may be stuck at this point for awhile.
Click to expand...
Click to collapse
This appears to be the case, unfortunately. Seems that the TWRP FBE support was built specifically for the Google implementation of FBE which was merged into kernel sources for Nexus and Pixel. Not even using the qseecomd I assumed it was... will remove on next build.
Info on FBE:
https://source.android.com/security/encryption/file-based
Will be testing options to disable forced encryption, and if necessary dm-verity...
Anyone who wants to dig through kernel for related flags and props, it would be greatly appreciated!
Hey, where did the big "format data" button go in TWRP? Is that optional on compile... can't find a flag for it...
Making good progress this morning.
Seem to have a build with properly decrypted /system, and working SD Card. I also have patched the boot.img to disable forced encryption on the first boot. But now, I can not find a safe way to fully format (not "wipe") the /data partition. As mentioned in the previous post, the "FORMAT DATA" button is missing. The fastboot command "fastboot format userdata" returns an error that it does not support RAW format.
Need to figure out why this is happening... and once I do, I believe I can reformat /data without encryption and then will have an almost fully working TWRP build. Obviously, the ideal solution would be to have TWRP work out of the gate with an encrypted /data, but until then this is going to be our best option.
Will post an updated test build in the OP soon.... needs further testing before I would recommend non-expert users to try it.
Getting very close now!
UPDATE: ADDED NEW BUILD TO OP
---
Also, just occurred to me that the ramdisk will need to be patched every time, so now that I have SD card support will be testing some of the existing flashable ZIPs out there that are designed specificially to prevent first-boot encryption and/or disable dm-verity.
---
mightysween said:
Hey, where did the big "format data" button go in TWRP? Is that optional on compile... can't find a flag for it...
Click to expand...
Click to collapse
This is really the only hold up... I changed the partition from 'Advanced Wipe", but as expected, it was still encrypted on boot as it doesn't actually format the footer where encryption is stored. I can't figure out where that darn "FORMAT DATA" button ran off to, and that is exactly what we need here.
mightysween said:
This is really the only hold up... I changed the partition from 'Advanced Wipe", but as expected, it was still encrypted on boot as it doesn't actually format the footer where encryption is stored. I can't figure out where that darn "FORMAT DATA" button ran off to, and that is exactly what we need here.
Click to expand...
Click to collapse
I don't know how to help except to say that using TWRP 3.1.0-MOD_1 with my XT1254 (DROID Turbo), when you go to wipe it has two buttons --- one on the left for Advanced Wipe and Format Data on the right.
johnjingle said:
I don't know how to help except to say that using TWRP 3.1.0-MOD_1 with my XT1254 (DROID Turbo), when you go to wipe it has two buttons --- one on the left for Advanced Wipe and Format Data on the right.
Click to expand...
Click to collapse
I have 3.1.1-0 (same version I am building here) on several other devices, and the button is there. It has to be triggered by something during compile, but I can't figure it out. Driving me nuts
Looking through TWRP source, and can find actions for every other button (wipe, backup, restore, install, etc) but not for format. Hmm.
I posted over on an old but semi-active TWRP flags thread, maybe someone will have some insight.
Wondering if I make a stock boot image without the encryption tag in fstab, and then wipe data and reboot... then flash my image. That may make it so the data partition is never encrypted in the first place and allow TWRP to work.
But that is an ugly, non-user friendly fix. Why can't we just format /data?
---
Final update for today... this seems to be a compile issue, which is a good thing. I tried to manually decrypt /data from the TWRP command line, and got this:
No crypto support was compiled into this build.
Click to expand...
Click to collapse
So, I must be missing something in boardconfig still... and maybe need to set up a small proprietary vendor folder with the necessary libs
mightysween said:
Final update for today... this seems to be a compile issue, which is a good thing. I tried to manually decrypt /data from the TWRP command line, and got this:
So, I must be missing something in boardconfig still... and maybe need to set up a small proprietary vendor folder with the necessary libs
Click to expand...
Click to collapse
Thanks for doing all of this! I wish I had the time and knowledge to help.
Had a few PM's checking on TWRP status, so an update.
The good news is that the X4 is using Qualcomm based decryption for /data... the bad news is that most if it seems to be closed source. This will take some time for me to figure out, but I have already made some progress by sifting through logs.
Right now, I am trying to find a device with similar decrypt scheme to have some more guidance on the process.
mightysween said:
Had a few PM's checking on TWRP status, so an update.
The good news is that the X4 is using Qualcomm based decryption for /data... the bad news is that most if it seems to be closed source. This will take some time for me to figure out, but I have already made some progress by sifting through logs.
Right now, I am trying to find a device with similar decrypt scheme to have some more guidance on the process.
Click to expand...
Click to collapse
dont know all about these things but maybe xiaomi mi a1 twrp can help as it is also using same a/b partition. and twrp is already there for it
vivek638 said:
dont know all about these things but maybe xiaomi mi a1 twrp can help as it is also using same a/b partition. and twrp is already there for it
Click to expand...
Click to collapse
Thanks, the Mi A1 is one of the devices I have been comparing to, and has been quite helpful.
mightysween said:
Thanks, the Mi A1 is one of the devices I have been comparing to, and has been quite helpful.
Click to expand...
Click to collapse
Keep searching. wish i could have helped but dont know anything about compiling n all..
I'm not much of a programmer, but I can look through the files. Is there anything in particular we're searching for?
Hello,
is there a way to flash the dtb partition using TWRP ?
I can flash bootloader, boot, system easily using twrp. But since there is no /block device for the dtb partition its not as easy like the other partitions.
Just dd'ing to /dev/dtb does not work, too.
I need to flash 13 devices mounted in a Server Rack, so it would be nice to do this by twrp and not by usb.
Greetings,
chris
Hi!
Did you ever find an answer to your question?
I figured out that /dev/dtb seems to be picking up data from either /dev/block/[email protected] or /dev/block/reserved/@0x440000, there are two identical copies of gzipped dtb.img there.
P.S. Reading the driver code I see that you can just write dtb/multi-dtb into /dev/dtb and it will be stored into both copies on /reserved partition
I wasn't brave enough to try and flash them on a running TV and risk bricking it though
Hi everyone and Happy New Year,
I am trying to open ROM_0 file created with SP Flash tool. I have tried ROM explorer 0.9.1, I have tried various option converting with simg2img and opening with 7zip but nothing has worked so far.
The file is about 100GB and it is a SP Flash tool backup of my userdata on which I have a lot of images which i need to save.
I was using Dot OS 5.2 general image and a message popped up about trying Android 12 and I have clicked on it just to get rid of it but I assume it has triggered a download. My phone crashed yesterday evening when I started the cmera app and once restarted it was in a boot loop mode stuck on the dot os logo.
So far I have tried various options unsuccessful - I have reflashed the image which I originally flashed, I have set the partitions active - a and b and reverted to the initial active one which was "a".
I have also flashed system.img (with the treble general image) but still it is in a boot loop mode.
I have just decided to flash back the super.img image from the stock and guess what - still stuck.
Flashed the stock boot.img again thinking there might be an issue with the kernel but that didn't help.
I understand that it is the case of fully flashing back the stock ROM which will lock the bootloader and delete all my userdata in order to have the phone back.
However the phone IS NOT important, the ONLY IMPORTANT thing are the images in the userdata.
I have created the backup of it straight after the boot loop appeared. Tried to read here on XDA but it is not clear what format is that file and how I can access the data on it.
Looked for a recovery partition but there is none. Potentially hidden as you can get into stock recovery via fastbootd. But the options there are only to wipe the partitions/reset.
The phone is Umidigi Bison Pro and I have been having all but troubles with it.
Any help greatly appreciated it.
Regards
s80_gad said:
Hi everyone and Happy New Year,
I am trying to open ROM_0 file created with SP Flash tool. I have tried ROM explorer 0.9.1, I have tried various option converting with simg2img and opening with 7zip but nothing has worked so far.
The file is about 100GB and it is a SP Flash tool backup of my userdata on which I have a lot of images which i need to save.
I was using Dot OS 5.2 general image and a message popped up about trying Android 12 and I have clicked on it just to get rid of it but I assume it has triggered a download. My phone crashed yesterday evening when I started the cmera app and once restarted it was in a boot loop mode stuck on the dot os logo.
So far I have tried various options unsuccessful - I have reflashed the image which I originally flashed, I have set the partitions active - a and b and reverted to the initial active one which was "a".
I have also flashed system.img (with the treble general image) but still it is in a boot loop mode.
I have just decided to flash back the super.img image from the stock and guess what - still stuck.
Flashed the stock boot.img again thinking there might be an issue with the kernel but that didn't help.
I understand that it is the case of fully flashing back the stock ROM which will lock the bootloader and delete all my userdata in order to have the phone back.
However the phone IS NOT important, the ONLY IMPORTANT thing are the images in the userdata.
I have created the backup of it straight after the boot loop appeared. Tried to read here on XDA but it is not clear what format is that file and how I can access the data on it.
Looked for a recovery partition but there is none. Potentially hidden as you can get into stock recovery via fastbootd. But the options there are only to wipe the partitions/reset.
The phone is Umidigi Bison Pro and I have been having all but troubles with it.
Any help greatly appreciated it.
Regards
Click to expand...
Click to collapse
May I'm wrong, but I guess that if you didn't give it an extension then the file doesn't have a format; when you make a backup of a partition using SP Flash tool you should give it an extension, for example userdata_backup.img will work, in some devices, for some partition the .bin extension is used.
And to restore the device to a working state without losing data you could flash the stock ROM unchecking the userdata partition and using Download only option won't re-lock your bootloader.
If actually your userdata was not overwritten you still can try a second attempt to preserve it using mtk-client, search for it in GitHub, also consider what I stated about re-flash your original ROM preserving the userdata partition.
Thanks SubwayChamp, I appreciate your comment.
I have tried .img, .bin, ext4 etc but cannot open it - I am not sure if there is another application that can convert it in a readable format or maybe if we can mount it and access the files.
I had the impression that if you flash the stock rom the bootloader is locked and you loose everything.
But thanks for your advice - I will flash everything apart from the userdata partition which is last in the order anyway. Should I select or deselect the preloader partition- will that make a difference?
Regards
Just flashed the full stock rom without the userdata partition - still stuck on the logo in a boot loop . I really need to open the userdata backup file from SP flash tool as I feel I have to do a full reset/wipe.
Any other suggestions about explorer for the sp flash dump file, please?
Regards
s80_gad said:
Just flashed the full stock rom without the userdata partition - still stuck on the logo in a boot loop . I really need to open the userdata backup file from SP flash tool as I feel I have to do a full reset/wipe.
Any other suggestions about explorer for the sp flash dump file, please?
Regards
Click to expand...
Click to collapse
No, I didn't say to change the extension now and try it in various format, unfortunately I feel that if you didn't give you the extension at the time to make a backup then the file is unreadable, what I mean is that when you make the dump through SP Flash tool you have to give to the file a name and an extension, not letting it as is offered by SP Flash tool, for example you did see the name ROM_0 or similar, but you have to give it a name and an extension, in this case userdata_backup.img would work.
Did you check mtk-client?, you can read (dump) the userdata partition through this CLI tool, and after that you can restore it at any time.
Using the download option (only) you never re-lock your bootloader.
But wait a minute, keep in mind that your device is A/b, so you have to double-try all the things, for example, if you want to flash a specific partition like boot you have to be sure in which partition you are right now BUT unfortunately you don't know which partition is the working one, so better use fastboot to flash the missed partition, target to both slots.
And what about the option to get to a custom recovery? (I guess you had it previously to flash CR Droid) either taking a backup of userdata or re-flashing the same CR Droid that was functional previously.
Thanks SubwayChamp for your reply.
So I will try to dump the userdata again then - I still haven't touched it so I hope the partition and the data on it is fine.
I assume it is that mtkclient you are referring to. Will see if I can get some time today to try the live cd first as I am on Windows at this moment.
So my device is indeed A/B - the system is on "a" and I have flashed dot os using fastbootd and overwriting the system.img within the super.img. It worked fine for about 20 days until that crash (I only assume it is due to the update - nothing else has happened that could create trouble).
Also tried to set the b partition active but didn't help so switched back to "a".
Unfortunately there is no recovery partition, from what I learned the recovery is within the boot img. I have tried to load temporary unofficial twrp - fastboot boot twrp.img - and the first step is ok, but then it crashes. so no luck to load custom recovery even temporary in order to save the userdata on sdcard.
Tried to get to the contents trough adb shell but while some directories are listed, I get access denied to the userdata - I think maybe the links are broken?
I will try with the mtk to see if I can back it up - and what I'll do is I'll flash the full stock rom including the userdata and potentially will try to flash the old userdata through fastboot or sp flash or mtk.
TBH I don't understand why the phone is still in a bootloop - can't be only because I haven't cleared the userdata?
Regards
s80_gad said:
Thanks SubwayChamp for your reply.
So I will try to dump the userdata again then - I still haven't touched it so I hope the partition and the data on it is fine.
I assume it is that mtkclient you are referring to. Will see if I can get some time today to try the live cd first as I am on Windows at this moment.
Click to expand...
Click to collapse
It works on Windows though.
s80_gad said:
So my device is indeed A/B - the system is on "a" and I have flashed dot os using fastbootd and overwriting the system.img within the super.img. It worked fine for about 20 days until that crash (I only assume it is due to the update - nothing else has happened that could create trouble).
Click to expand...
Click to collapse
The issue was originated due to the lack of the other system files that also occupy this space; vendor, odm, product (may vary depending on the device), can be fixed flashing the super.img using fastbootd again.
s80_gad said:
Also tried to set the b partition active but didn't help so switched back to "a".
Unfortunately there is no recovery partition, from what I learned the recovery is within the boot img. I have tried to load temporary unofficial twrp - fastboot boot twrp.img - and the first step is ok, but then it crashes. so no luck to load custom recovery even temporary in order to save the userdata on sdcard.
Click to expand...
Click to collapse
Yes, this device doesn't have a dedicated recovery partition, but it is placed in a tiny portion of the boot image (usually the ramdisk) you can try by flashing the TWRP image onto the boot partition (flashing, not booting only) then boot to it, do the stuff you need through TWRP, from there you could solve the bootloop. To can boot to Android again you should need to flash a boot image.
s80_gad said:
Tried to get to the contents trough adb shell but while some directories are listed, I get access denied to the userdata - I think maybe the links are broken?
Click to expand...
Click to collapse
No, it's encrypted.
s80_gad said:
I will try with the mtk to see if I can back it up - and what I'll do is I'll flash the full stock rom including the userdata and potentially will try to flash the old userdata through fastboot or sp flash or mtk.
TBH I don't understand why the phone is still in a bootloop - can't be only because I haven't cleared the userdata?
Regards
Click to expand...
Click to collapse
When you flashed a system image onto the super partition the other partitions that are set dynamically didn't find a place to be recreated or couldn't play its role, added to this, a different system image that which is contained in the super image can differ in sizes either logical and/or dynamical (virtual sized).
SubwayChamp said:
The issue was originated due to the lack of the other system files that also occupy this space; vendor, odm, product (may vary depending on the device), can be fixed flashing the super.img using fastbootd again.
Click to expand...
Click to collapse
Flashed already the original stock rom super. img and everything else apart from userdata - it doesn't work.
see below
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
SubwayChamp said:
Yes, this device doesn't have a dedicated recovery partition, but it is placed in a tiny portion of the boot image (usually the ramdisk) you can try by flashing the TWRP image onto the boot partition (flashing, not booting only) then boot to it, do the stuff you need through TWRP, from there you could solve the bootloop. To can boot to Android again you should need to flash a boot image.
Click to expand...
Click to collapse
Tried to flash it - it just restarts the phone straight away - in fact replaced it with sp flash tool as well which recognises only the "a" partition and flashes it there.
SubwayChamp said:
No, it's encrypted.
Click to expand...
Click to collapse
I see
SubwayChamp said:
When you flashed a system image onto the super partition the other partitions that are set dynamically didn't find a place to be recreated or couldn't play its role, added to this, a different system image that which is contained in the super image can differ in sizes either logical and/or dynamical (virtual sized).
Click to expand...
Click to collapse
I am guessing this is why I have to reflash the whole rom incl userdata in order to make the phone usable.
What I'll do is I'll try to dump userdata with mtk and then will reflash everything with the stock rom ()hopefully the phone will boot) and then will flash the dumped userdata with mtk. Hopefully that will work.
I'll see if I can somehow mount the mtk .bin file to see if I can get to the contents of it
Will have to use the live dvd as I have win 7 and python 3.9 cannot run on win 7.
EDIT: Can't start anything through the live dvd - is there any workaround for win 7 or is there a direct executable file which I can get to start the mtkclient?
Regards
Hello,
I also have an Umidigi Bison Pro that I am going to use as a daily driver. (It's a pity that it's unpopular it would be a great device for modding, it's cheap, rugged and has source code availability of the official ROM and kernel). I created a Telegram group about this phone if you want to join is https://t.me/UmidigiBisonPro
About your problem you can read this guide (it describes how to backup and extract from the file created by SP Flash Tool even the partitions that not visible such as the b slots) https://www.hovatek.com/forum/thread-21970.html
To give you an idea on my Bison Pro a total of 52 partitions were extracted.
If you have the full backup from before the bootloop (before the upgrade, when it was still working) my advice is to restore all partitions.
I consider myself a novice regarding modding but it is likely that after the upgrade the userdata partition is no longer readable.
I have read that you should not update the GSI ROMs but repeat the whole flash sequence.
I also recommend removing the forced encryption of the userdata partition (you can do this when rooting) to avoid exactly these problems where you have the partition backup but not the decryption key.
s80_gad said:
Flashed already the original stock rom super. img and everything else apart from userdata - it doesn't work.
see below
View attachment 5499133
Tried to flash it - it just restarts the phone straight away - in fact replaced it with sp flash tool as well which recognises only the "a" partition and flashes it there.
I see
I am guessing this is why I have to reflash the whole rom incl userdata in order to make the phone usable.
What I'll do is I'll try to dump userdata with mtk and then will reflash everything with the stock rom ()hopefully the phone will boot) and then will flash the dumped userdata with mtk. Hopefully that will work.
I'll see if I can somehow mount the mtk .bin file to see if I can get to the contents of it
Will have to use the live dvd as I have win 7 and python 3.9 cannot run on win 7.
EDIT: Can't start anything through the live dvd - is there any workaround for win 7 or is there a direct executable file which I can get to start the mtkclient?
Regards
Click to expand...
Click to collapse
Sorry for delay, I didn't receive any notification on this (or I didn't notice it), I hope you sorted out your issue, if not, let me know.
SubwayChamp said:
Sorry for delay, I didn't receive any notification on this (or I didn't notice it), I hope you sorted out your issue, if not, let me know.
Click to expand...
Click to collapse
I didn't received notification too on your message and I found out on profile account that the notification for new message on a thread are default disabled.
I recently had some problems and experimented with partitions.
Reducing the possible cases I think the decryption key for the userdata partition might be in these partitions: super , misc , nvdata , nvcfg , md_udc
and I noticed that if one of them is corrupted/different version the dm-verity check fails (in my case it is written on the screen) and it was necessary to reflash all partitions except userdata (I don't know if there is a faster combination, from the few tests done in this case I didn't find any)
Do you have more information about where the decryption key might be between those partitions?
I have made a brief description of the role of all the partitions encountered but I still don't know some of them:
boot_para
gz_a (/ gz_b)
md_udc
otp
spmfw_a (/ spmfw_b)
sspm_a (/ sspm_b)
teksunhw_a (/ teksunhw_b)
Werve said:
I didn't received notification too on your message and I found out on profile account that the notification for new message on a thread are default disabled.
I recently had some problems and experimented with partitions.
Reducing the possible cases I think the decryption key for the userdata partition might be in these partitions: super , misc , nvdata , nvcfg , md_udc
and I noticed that if one of them is corrupted/different version the dm-verity check fails (in my case it is written on the screen) and it was necessary to reflash all partitions except userdata (I don't know if there is a faster combination, from the few tests done in this case I didn't find any)
Do you have more information about where the decryption key might be between those partitions?
I have made a brief description of the role of all the partitions encountered but I still don't know some of them:
boot_para
gz_a (/ gz_b)
md_udc
otp
spmfw_a (/ spmfw_b)
sspm_a (/ sspm_b)
teksunhw_a (/ teksunhw_b)
Click to expand...
Click to collapse
Why do you think userdata has a decryption key? Unless the user set it in a backup done through a custom recovery or through the device itself, I don't think so, may I'm wrong, but which is your scenario?
SubwayChamp said:
Why do you think userdata has a decryption key? Unless the user set it in a backup done through a custom recovery or through the device itself, I don't think so, may I'm wrong, but which is your scenario?
Click to expand...
Click to collapse
Since the userdata partition is now usually encrypted either with FBE or FDE but once the system loads the files are readable and moveable even externally then it is clear that somehow the data has been decrypted precisely using the relevant decryption key, AES encryption usually.
So if the user has not specified any key this must be derived from the information already in the partitions from the factory.
Then by restoring the right combination of partitions the system can boot correctly by decrypting the userdata partition. Hence the tests and the report I wrote in my last post.
At the moment I was able to remove the forced encryption of the userdata partition by modifying super (specifically fstab present in the /vendor sub partition) but I would like to achieve the same systemless modification using Magisk (to be OTA compatible). Unfortunately, the options to remove dm-verity and forceencrypt have been hidden in the latest versions of Magisk to avoid problems with inexperienced uses.
Since I don't have a custom recovery on the Umidigi Bison Pro I can't force flag those options in the .magisk file so I have to find another way.
Werve said:
Since the userdata partition is now usually encrypted either with FBE or FDE but once the system loads the files are readable and moveable even externally then it is clear that somehow the data has been decrypted precisely using the relevant decryption key, AES encryption usually.
So if the user has not specified any key this must be derived from the information already in the partitions from the factory.
Then by restoring the right combination of partitions the system can boot correctly by decrypting the userdata partition. Hence the tests and the report I wrote in my last post.
At the moment I was able to remove the forced encryption of the userdata partition by modifying syper (specifically fstab present in the /vendor sub partition) but I would like to achieve the same systemless modification using Magisk (to be OTA compatible). Unfortunately, the options to remove dm-verity and forceencrypt have been hidden in the latest versions of Magisk to avoid problems with inexperienced uses.
Since I don't have a custom recovery on the Umidigi Bison Pro I can't force flag those options in the .magisk file so I have to find another way
Click to expand...
Click to collapse
Well, what I said is a different thing, the other user had a different interest than this. They did want to access to some data from a backup in a non-booting device, I referred to that, the userdata image backed up doesn't have an encryption by default, unless the user set one through a custom recovery, suppose that someone did take a backup from the userdata partition, this userdata image can be opened/readable for anyone with minimum skills and the appropriate tool.
In regard to your issue, I don't think, the userdata partition has any kind of restrictions to take OTA updates, most likely this resides in the bootloader, kernel or even a "silent/hidden" partition with no more functions than that.
As a side note, you should check some custom recoveries, specially in Xiaomi devices that easily allow taking OTA updates, for example I always can take OTA, when I use Orange Fox recovery, although I'm not interested, so I make updates manually, to be sure that all run fine.
SubwayChamp said:
Well, what I said is a different thing, the other user had a different interest than this. They did want to access to some data from a backup in a non-booting device, I referred to that, the userdata image backed up doesn't have an encryption by default, unless the user set one through a custom recovery, suppose that someone did take a backup from the userdata partition, this userdata image can be opened/readable for anyone with minimum skills and the appropriate tool.
In regard to your issue, I don't think, the userdata partition has any kind of restrictions to take OTA updates, most likely this resides in the bootloader, kernel or even a "silent/hidden" partition with no more functions than that.
As a side note, you should check some custom recoveries, specially in Xiaomi devices that easily allow taking OTA updates, for example I always can take OTA, when I use Orange Fox recovery, although I'm not interested, so I make updates manually, to be sure that all run fine.
Click to expand...
Click to collapse
The methodology I was referring to that is not OTA supported is to modify the super partition (the dynamic partition that from Android 8? contains system, vendor, product--for Project Treble) to disable the forced encryption of the userdata partition. In my case FBE (File Based Encryption) Android 11 encryption.
Even having disabled the dm-verity if you apply an OTA update the super partition is replaced with the one that does not have the modification to remove the forced encryption and from the tests I have done this refuses to read unencrypted partitions and asks to do a factory reset.
So, the userdata partition makes the OTA update problematic (it doesn't block it, but you lose your personal data).
I am sure that instead of modifying the super partition to disable encryption you can achieve the same result via Magisk and a modified boot partition.
Unfortunately despite many trials due to my inexperience with Magisk I could not do it.
I wanted to do all this to avoid problems as described in the case of this thread that is, have the userdata partition intact but not the rest to be able to describe it. But seems I must let the encryption and do a backup after every OTA update.
Werve said:
The methodology I was referring to that is not OTA supported is to modify the super partition (the dynamic partition that from Android 8? contains system, vendor, product--for Project Treble) to disable the forced encryption of the userdata partition. In my case FBE (File Based Encryption) Android 11 encryption.
Even having disabled the dm-verity if you apply an OTA update the super partition is replaced with the one that does not have the modification to remove the forced encryption and from the tests I have done this refuses to read unencrypted partitions and asks to do a factory reset.
So, the userdata partition makes the OTA update problematic (it doesn't block it, but you lose your personal data).
I am sure that instead of modifying the super partition to disable encryption you can achieve the same result via Magisk and a modified boot partition.
Unfortunately despite many trials due to my inexperience with Magisk I could not do it.
I wanted to do all this to avoid problems as described in the case of this thread that is, have the userdata partition intact but not the rest to be able to describe it. But seems I must let the encryption and do a backup after every OTA update.
Click to expand...
Click to collapse
If you want to apply an OEM vendor stock update then it is a restriction from the OEM itself, and if you want to apply a GSI based update, it's a different approach, not sure if the restriction is FBE related or if the userdata is encrypted or not but probably related to AVB.
There are some tools/scripts you should search for, that can unpack and repack super partition, maybe you find something in the ODM or product image, this is assuming that the super partition it is the culprit.
Just know that it's a nonsense that an order (script) to restore a specific partition, be placed just there, but in other partition.
You should check what the OTA update contains, try to catch the OTA update through some ADB script, then unpack it, and see inside.
Also, you can try backing up every partition, and restoring them one by one, seeing if it boots.
SubwayChamp said:
If you want to apply an OEM vendor stock update then it is a restriction from the OEM itself, and if you want to apply a GSI based update, it's a different approach, not sure if the restriction is FBE related or if the userdata is encrypted or not but probably related to AVB.
There are some tools/scripts you should search for, that can unpack and repack super partition, maybe you find something in the ODM or product image, this is assuming that the super partition it is the culprit.
Just know that it's a nonsense that an order (script) to restore a specific partition, be placed just there, but in other partition.
You should check what the OTA update contains, try to catch the OTA update through some ADB script, then unpack it, and see inside.
Also, you can try backing up every partition, and restoring them one by one, seeing if it boots.
Click to expand...
Click to collapse
I have already done these tests, not with an OTA update but with a different version of the firmware for all partitions, and set out the conclusions.
Obviously it's an OEM restriction since it left the forced FBE encryption on and the way it was created (so I guess also from AOSP) it refuses to read the userdata partition if it doesn't find it encrypted.