Chromebook Wifi Password Hack? - Chromebooks

Ok. So at the beginning of the semester I bought a chromebook for school(paid 500$) and they put management on the chromebook I bought without my consent. Anyway, I somehow got around forced re enrollment by using 3 different recovery drives that I modified and a hour of my time. It is now in developer mode, but to stay out of trouble I re-enrolled it. Dev Mode was blocked btw at the start of this endeavor. So I have an enrolled chromebook with developer mode and the school wifi that was installed with the enrollment.
Is there any way possible to get this password? I do have access to shell among other dev tools. I was wondering if there was anyway to get into the area where it stores the policy...
I went to chrome://policy and found the wifi info.
{
"GlobalNetworkConfiguration": {
"AllowOnlyPolicyNetworksToAutoconnect": true
},
"NetworkConfigurations": [ {
"GUID": "{2c8d57f6-ef42-4067-bf7c-cc186353aa1e}",
"Name": "OP97-NET",
"ProxySettings": {
"Type": "Direct"
},
"Type": "WiFi",
"WiFi": {
"AutoConnect": true,
"HiddenSSID": false,
"Passphrase": "********",
"SSID": "OP97-NET",
"Security": "WPA-PSK"
}
} ]
}
How would I find what the passphrase actually is. Thanks!

Maybe try checking the file at /home/root/*/shill/shill.profile per this guide? If there's nothing in that file, try /var/cache/shill/default.profile
Edit: Noticed another file location on my Chromebook - a hidden (dot prefixed) file at /var/cache/shill/.org.chromium.Chromium.* which appears to contain much the same data as default.profile, including the ROT47 encoded password for my current access point.
If you find "Passphrase=rot47" in any of those files then as per the guide you can just decrypt the encoded passphrase with
Code:
echo "code" | tr '\!-~' 'P-~!-O'
I know this works on non-managed chromebooks, not sure about managed, but since you have shell access, its worth a try...

I shall give it a try
Nolirum said:
Maybe try checking the file at /home/root/*/shill/shill.profile per this[/URL] guide? If there's nothing in that file, try /var/cache/shill/default.profile
If you find "Passphrase=rot47" in either of those files then as per the guide you can just decrypt the encoded passphrase with
Code:
echo "code" | tr '\!-~' 'P-~!-O'
I know this works on non-managed chromebooks, not sure about managed, but since you have shell access, its worth a try...
Click to expand...
Click to collapse
I will give it a try! Thanks!

is there a way to access internet passwords without dev mode or crosh on a chromebook?

i cant get in it says bad password
im super new

How'd you remove the forced re-enrollment with developer mode blocked?

im on chromebook and have wrecked 3 school chromebooks because they were restricted, i power washed them so they were completely new and when at home on my school chromebook, on my own wifi, it said i needed a recovery usb drive or something like that. how would i get one so that my chromebook will run but also not be restricted?
$cronos_ said:
How'd you remove the forced re-enrollment with developer mode blocked?
Click to expand...
Click to collapse
?
just wondering
im on chromebook and have wrecked 3 school chromebooks because they were restricted, i power washed them so they were completely new and when at home on my school chromebook, on my own wifi, it said i needed a recovery usb drive or something like that. how would i get one so that my chromebook will run but also not be restricted?

weeflee2005 said:
just wondering
im on chromebook and have wrecked 3 school chromebooks because they were restricted, i power washed them so they were completely new and when at home on my school chromebook, on my own wifi, it said i needed a recovery usb drive or something like that. how would i get one so that my chromebook will run but also not be restricted?
Click to expand...
Click to collapse
Get recovery images from here https://chromiumdash.appspot.com/serving-builds?deviceCategory=ChromeOS and you can flash with Rufus

$cronos_ said:
Get recovery images from here https://chromiumdash.appspot.com/serving-builds?deviceCategory=ChromeOS and you can flash with Rufus
Click to expand...
Click to collapse
k thanks

Related

[Q] How to find my WPA passphrase

Is there a file in the files structure that houses the WPA passphrase. I have looked around in \system\etc\wifi but none of those files seem to be what I am looking for. I have a feeling it is encrypted in some file but I thought I would ask if anyone knows. Most of the devices tell me that the passphrase is unchanged when i go into the settings of already configured networks. This does not help me if i forget what the passphrase is. Thanks in advance.
jschauf said:
Is there a file in the files structure that houses the WPA passphrase. I have looked around in \system\etc\wifi but none of those files seem to be what I am looking for. I have a feeling it is encrypted in some file but I thought I would ask if anyone knows. Most of the devices tell me that the passphrase is unchanged when i go into the settings of already configured networks. This does not help me if i forget what the passphrase is. Thanks in advance.
Click to expand...
Click to collapse
If you are rooted you can use WiFi key recovery from the market to recover your passphrase. I have no idea where it gets this information though, you could always ask the dev I imagine.
you will need root to read /data or adb.
the wpa psk is clear text in
/data/misc/wifi/wpa_supplicant.conf
polobunny said:
If you are rooted you can use WiFi key recovery from the market to recover your passphrase. I have no idea where it gets this information though, you could always ask the dev I imagine.
Click to expand...
Click to collapse
That helps for my rooted phone but not for the stupid Kindle Fire one of my co-workers has. That is the device I am really trying to extract the passphrase from. I will look at that app for my phone though.
jschauf said:
That helps for my rooted phone but not for the stupid Kindle Fire one of my co-workers has. That is the device I am really trying to extract the passphrase from. I will look at that app for my phone though.
Click to expand...
Click to collapse
Well you need root either way. :/
polobunny said:
Well you need root either way. :/
Click to expand...
Click to collapse
Figures, guess I will have to figure something else out.
you MIGHT be able to do it with adb without root
if you have adb on a computer somewhere try
adb pull /data/misc/wifi/wpa_supplicant.conf

[Q] Rock Jaw Vi

Hi guys, I have the Rock Jaw Vi phone which by all sense and purpose seems to be a clone of the HTC One. It's Quad Core with 2 mega pixel camera on the front and 8 mega pixel on the back. The case and all outward appearances are that of the HTC, the phone info screen displays the following ...
Model Number = RJViJGTL32SM
Andoid version 4.2.1
Baseband version = moly.wr8.w1248.md.wg.mp.v6.p8,2013/08/12 15:55
Kernel version 3.4.5 [email protected] #1 Mon Aug 19 16:54:14 CST 2013
Build Number = 0502H026_20130819
I can get into the boot options screen by doing the On/Volume Down press but the menu's are all in Chinese and just seem to go through self diagnostics and tests. I can drag n drop file from Mac OSx but none of the apps I have found so far will communicate with the phone via USB. I am trying to get root so i can do a full back-up and then to try and put HTC Android 4.3 on it.
Do you guys have any idea on how I can achieve this or to get the phone to display it's boot options in English ?
I am pretty much clueless and stuck, any advice, tips, hacks etc would be really appreciated
I did follow a link at one stage on the web that went to SRSroot but their tool was windows only
Hmmm More messing with the phone has revealed power on with volume up depressed gets me to some very small text menu with the options;
Boot Normal
Fastboot
Boot(UART)
Boot UART is all the test screens that I was getting in Chinese but now they are touch screen buttons and labeled in english ao that's good to know.
Using fastboot-mac from HTCRootOne tries to talk to it but comes back with error: could not clear input pipe; result -536854449, is this something that's platform specific, ie it's not a true HTC so the version of fastboot-mac is no good and needing a non specific version ?
Ok that error is generated to the oem get_identifier_token...
If i do a fastboot-mac devices i get the reply "mt6589_phone_720pv2 fastboot" ...
I'm getting there slowly
Done some more digging with the phone attached to the Mac here and checking my systems profile I see that the phone is listed under usb connections as seen in the screen grab, still referring the as a HTC. Getting a new usb cable delivered to see if the phones usb cable provided is for charging only. If anyone here has any other suggestions I would be all ears or eyes as the case might be
Done more grubbing around and have found it to be a HDC One, HTC One clone .... Now to go see if any are rooted on here
Can anyone help me
Well i am pretty much stuck here so if anyone is reading this and wants to offer some help and advice I could do with it
I have looked around on the phone and can't see any bin or system folders even with show hidden i can't find them.
adb wont give me a remote shell, it complains that there is no bin/bash
when i try and do an adb backup i get 0 byte files grrrrr!!
I still need to find a way of getting root
This phone is a tricky beast for a learner - lol
Install some file explorer that allows you to browse from the top folder (/). I'm pretty sure you'll find at least /system there.
gbl08ma said:
Install some file explorer that allows you to browse from the top folder (/). I'm pretty sure you'll find at least /system there.
Click to expand...
Click to collapse
Thanks Gbl08ma - I have have it opened in Mac osx finder with show all files hidden or otherwise - The phone shows as two "No Name" devices and get mounted immediately on connection ....
I used sideload to push a package file over using adb and then went back to use Finder, and I can't see the file anywhere - hidden partition perhaps ? Can you do that with Android ?
Even the Android SDK file transfer app wont see the phone when it's connected, I am all very confused - lol
Thanks for the reply - Wonder if i can use disk utility to so some probing and at least get an ISO image file incase I goof things real bad - lol
TpwUK
tpwuk01 said:
Thanks Gbl08ma - I have have it opened in Mac osx finder with show all files hidden or otherwise - The phone shows as two "No Name" devices and get mounted immediately on connection ....
I used sideload to push a package file over using adb and then went back to use Finder, and I can't see the file anywhere - hidden partition perhaps ? Can you do that with Android ?
Even the Android SDK file transfer app wont see the phone when it's connected, I am all very confused - lol
Thanks for the reply - Wonder if i can use disk utility to so some probing and at least get an ISO image file incase I goof things real bad - lol
TpwUK
Click to expand...
Click to collapse
/ does not get mounted over USB so you won't see /bin, /system, /data or anything other than the SD card and the internal FAT32 "user" partition when entering USB transfer mode.
You must do it on the device. And for adb to work, USB debugging must be enabled in the settings.
gbl08ma said:
/ does not get mounted over USB so you won't see /bin, /system, /data or anything other than the SD card and the internal FAT32 "user" partition when entering USB transfer mode.
You must do it on the device. And for adb to work, USB debugging must be enabled in the settings.
Click to expand...
Click to collapse
I already had the phone in usb debug mode. Had to set the phone to use usb as MTP and not mass storage device connection type. Now it allows me to get in to the blighter with adb, fastboot still errors with pipes. That method allows me to get adb shell running and i can get android file transfer .... back to the reading part again
Thanks for the information gbl08ma - if i can find a way to back-up the rom i will share it somewhere
Hmm yummy - lots of interesting things in there .... Forgive my ignorance again please, but if i can create an update.zip file from the shell on the device that compresses all files from \ and all subdirs would that be the same thing as a safe ROM backup ? i wanna be safe before i attempt to root the phone as someone on here has a lower spec version of this phone and says it's a partial brick now.
TpwUK
Rooted
This phone is easily rooted with the motochopper
http://forum.xda-developers.com/showthread.php?p=40747604
Now should I push my luck further and go for the ROM - lol
TpwUK
I believe i own the same mobile
@tpwuk01
I also asked the same here; http://forum.xda-developers.com/showthread.php?t=2180425&page=92
but i was only able to root using frama root app, and it worked like a charm, but thats the only thing i could achieve, dont know but it seems theres no official thread of developement going on for any cloned device, mine runs the MOLY.WR8.W1248.MD.WG.MP.V6.P8 2013/08/12 15:55 Baseband.
After root i just installed some root apps, ads blockers, cant get any recovery to work, (Playing safe actually not to brick this now, since no support yet) but would have appreciated trying out kitkat on it, using antutu to view up specs, its impressive, i got to find out our 13MP camera at the back can do a great job than it currently is we only need to figure out how to change the image compression, the one i stumbled upon online was the blast, the 13MP was great also the flash light was tweaked to be 50X its current brightness, our 1GB application space was increased to 3.5GB, GPS and the rest was also modded to work really great.
Would like to hear any new updates you stumble upon bro.
Still a nice and featured packed device.

Reactivation Lock work around

Hello, i found a gear fit2 while out jogging, advertised to try find the owner and no one replied, so now i have this unit ....i did a factory reset and of course now the activation lock is on by the original owner. Is there a way of resetting this so i can use it? Is it a firmware installation process i need to do to solve this? or do i just throw it in the rubbish bin?
Thanks in advance for any help.
same issue when bought a Gear S2 on ebay. Returned the watch, can not do anything to remove activation lock easily.
For Gear S2 there is a guy wich can unlock with remote PC connection and it ask $45 (search youtube for Gear S2 activation lock).
I BOUGHT THE FILES. once i have done the process and check it works i will post the links here for free. if someone can help me creating the tutorial that will be nice (im lazzy) will hit with news soon as i have them
monblink said:
I BOUGHT THE FILES. once i have done the process and check it works i will post the links here for free. if someone can help me creating the tutorial that will be nice (im lazzy) will hit with news soon as i have them
Click to expand...
Click to collapse
hi, did you get around to uploading the files somewhere? We will be eternally thankful if you can kindly upload and share the files & if you were able to create any tutorial with us. Thanks
alguna solucion?
monblink said:
I BOUGHT THE FILES. once i have done the process and check it works i will post the links here for free. if someone can help me creating the tutorial that will be nice (im lazzy) will hit with news soon as i have them
Click to expand...
Click to collapse
Hi did you ever finish? I would be happy to pay you some$ for the files. I'd rather pay you than one of these jerks trying to extort money from people on youtube.
So it's not hard to put the thing into download mode wireless, and connect to it over wifi with my computer. the rest of the process and the files though, I don't have.
Thanks
I paid
I paid 30usd and he unlocked it for me. It works great. 1hr.
What ADB Commands are Needed?
Getting the files is not a big deal, it's what you do once you have them that matters. The part that's missing that all the Shady greedy unlock service providers try to hide from you when they do the removal process, are the ADB Commands they use to remove the activation lock.
Basically they use net Odin and recovery wireless download mode (AP) to flash firmware revision that lets you enter developer mode and enable ADB, and then ADB into the Gear Fit 2 and remove the lock via ADB command, while they have Echo off to hide what they're doing in the command window.
after it's done and you reboot, you net Odin flash to regular retail firmware. And you're done
Does anyone know the ADB Commands are once the Fit 2 is connected, to remove activation lock?
Could be common to what is done for Samsung's other Tizen smart watches.
monblink said:
I BOUGHT THE FILES. once i have done the process and check it works i will post the links here for free. if someone can help me creating the tutorial that will be nice (im lazzy) will hit with news soon as i have them
Click to expand...
Click to collapse
Do you still have the steps? Other than the files what are the ADB Commands once connected? Thanks
Steps for everyone else since the OP seems to have disappeared. Here is the basics, what we're missing are the ADB commands to remove the actual protection. Someone can fill in the blank please since I saw everything but those commands (they were hidden)
1. Download Net Odin and install. https://drive.google.com/open?id=0B1...WhHTzFLNHhTbUk - Also have ADB installed on your computer. Minimal ADB and Fastboot is one package you can use for this.
2. Also youll need to download a gear fit 2 factory diagnostic? firmware here ver U1DQH1 works - http://www.gsm-file.com/files/factorysw-combination-file-6378 . And a set of normal firmware. Such as from here: https://drive.google.com/open?id=0B1...Wp6MnNsWHpLelE
3. Hold power down on gear fit 2 until you see rebooting in blue, while it says that hit power button 2-3 times to get to bootloader menu. use power to move to Download (wireless) and hold power down to select. as soon as it enters Download wireless mode, hit power twice quickly to change to AP mode.
4. Run Net Odin and leave it running. Then go to your wireless settings and connect to the now-visible Gear Fit 2. After a few minutes, Net Odin should show an IP address in the box on the left.
5. Click the AP button in Net Odin and load the unzipped combination FTMA file you downloaded above. Hit Start and flash it. Once done, Fit 2 will reboot to a screen with yellow diagnostic info. Hit Power, settings, connection, wifi, turn it on, then connect to your wireless internet connection.
6. Once connected, then touch that network connection in the Fit 2 connection list to open up details, and note the ip address (example: 192.168.201.12).
7. Hit back button to go back into settings, then Gear Info, then enable developer mode (this enables ADB), then hit back to back out of settings menu
8. Open up a command prompt window in the directory where you have adb.exe, and type adb connect IPADDRESS:26101
- note IPADDRESS is your Ip address you noted above, and the :26101 is a port number. So using above example, I would type:
adb connect 192.168.201.12:26101
9. Once connected, type adb devices and you should see it listed.
10. THIS IS THE MISSING STEP - here are the ADB commands to remove the activation lock settings/flags. SOMEONE PLEASE FILL THIS IN
11. Once step 10 is done, hold power to reboot your Fit 2 (it's ready to be flashed with retail firmware), and just like before, but it into Download wireless mode, and AP mode.
-to check if the lock is removed, you can instead first select download mode (USB) instead of wireless, and see if it says ACTIVATION LOCKFF to confirm/doublecheck
12. In Net Odin take your unzipped retail firmware files and place each file as named in filenames, in the appropriate slots for AP, CSC, and BL. Hit Start to flash.
13. Once done and rebooted, should be clean and good to go.
These steps should pretty much encapsulate the process of what these guys are doing via Teamviewer, it's the ADB steps we are missing. Hopefully there's someone out there not trying to profit off of everyone whos nice enough to help us fill that part in. Thanks.
Thanks PaulieP for the tutorial... I need this but your files on drive are 404, can you add shared link please
I just found a gear fit2 on my bike ride this morning. I'd be pretty upset if I lost this myself so I wanted to see what my options are for returning it to its owner. With technology today, I'd assume that there's gotta be some way to find the owner of a device...
Does anyone have any ideas
jaminos said:
Thanks PaulieP for the tutorial... I need this but your files on drive are 404, can you add shared link please
Click to expand...
Click to collapse
Guess they pulled the files but it doesn't matter, there are a lot of places to download Net Odin. For the factory firmware you can also get it from the other site (gsm-files).
I want to reiterate though that those files are useless in removing activation lock unless we have the ADB commands the unlockers use - as mentioned in the missing step 10 of the tutorial.
PaulieP said:
Guess they pulled the files but it doesn't matter, there are a lot of places to download Net Odin. For the factory firmware you can also get it from the other site (gsm-files).
I want to reiterate though that those files are useless in removing activation lock unless we have the ADB commands the unlockers use - as mentioned in the missing step 10 of the tutorial.
Click to expand...
Click to collapse
Yeah I saw that... That's ****ty....
Joshuaaah said:
I paid 30usd and he unlocked it for me. It works great. 1hr.
Click to expand...
Click to collapse
Hey! Can you explain how it does the trick ? Does it send you files or something ?
---------- Post added at 02:40 AM ---------- Previous post was at 02:17 AM ----------
PaulieP said:
Guess they pulled the files but it doesn't matter, there are a lot of places to download Net Odin. For the factory firmware you can also get it from the other site (gsm-files).
I want to reiterate though that those files are useless in removing activation lock unless we have the ADB commands the unlockers use - as mentioned in the missing step 10 of the tutorial.
Click to expand...
Click to collapse
Hey dit you download the factory diagnostic file ? it's not free on gsm-files and I don't like that... If you can share with me, I appreciate
jaminos said:
Hey! Can you explain how it does the trick ? Does it send you files or something ?
Click to expand...
Click to collapse
They do it exactly the way I outlined in the tutorial / step-by-step, that is the only way any of them that offer paid services do it.
Again, the only way we are able to do it ourselves, is if someone fills in the missing ADB commands for us that these unlockers keep hidden when they are connected via Teamviewer.
The files will not help you without this information above, there is no bypass without those ADB commands to remove the reactivation lock from a Samsung Tizen device.
PaulieP said:
They do it exactly the way I outlined in the tutorial / step-by-step, that is the only way any of them that offer paid services do it.
Again, the only way we are able to do it ourselves, is if someone fills in the missing ADB commands for us that these unlockers keep hidden when they are connected via Teamviewer.
The files will not help you without this information above, there is no bypass without those ADB commands to remove the reactivation lock from a Samsung Tizen device.
Click to expand...
Click to collapse
I understand but dis you download a factory diagnostic firmware ? I want to try
so I might be doing the youtube activation removal process for the gear fit 2 that I found on my bike ride. so far I've read prices ranging form $30-$45. Does anyone know what's the lowest price paid for this "service"?
second. I'm not totally clear on how the process works but I assume that someone remotely connects to my machine, with the watch connected, and runs some unknown adb commands on my system. This leads me to my second question. If I pay for this service, is there any way to capture the keystrokes by using some sort of key logger?
If anyone can help me out with finding this information, I'll gladly post the adb commands for anyone to use
jaminos said:
Thanks PaulieP for the tutorial... I need this but your files on drive are 404, can you add shared link please
Click to expand...
Click to collapse
jdmst77 said:
so I might be doing the youtube activation removal process for the gear fit 2 that I found on my bike ride. so far I've read prices ranging form $30-$45. Does anyone know what's the lowest price paid for this "service"?
second. I'm not totally clear on how the process works but I assume that someone remotely connects to my machine, with the watch connected, and runs some unknown adb commands on my system. This leads me to my second question. If I pay for this service, is there any way to capture the keystrokes by using some sort of key logger?
If anyone can help me out with finding this information, I'll gladly post the adb commands for anyone to use
Click to expand...
Click to collapse
The process works exactly how I outlined in my step by step a few posts back.
The missing part are the ADB commands which are hidden valley the use of Echo Off in the command window .
You will need some sort of keylogger or capture that will record even keystrokes in a command prompt window with Echo Off.
PaulieP said:
The process works exactly how I outlined in my step by step a few posts back.
The missing part are the ADB commands which are hidden valley the use of Echo Off in the command window .
You will need some sort of keylogger or capture that will record even keystrokes in a command prompt window with Echo Off.
Click to expand...
Click to collapse
I found a few options. I'm not sure how to test to see if any of these will work: https://www.raymond.cc/blog/free-and-simple-keylogger-to-monitor-keystrokes-in-windows/

Boot Bios - how to [Android]

hi folks, thanks to @joesnose we can now enter the yoga book's bios/uefi. you might say 'thank you' to him for this!!!
more about his tries can be found here: https://forum.xda-developers.com/thi...ncept-t3565366
to do so just follow the following steps:
1. start adb shell
2. type the following commands
(alternatively you can also enter the commands in TWRP's terminal)
Code:
mount -t efivarfs efivarfs /sys/firmware/efi/efivars
Code:
printf "\x07\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00" > /sys/firmware/efi/efivars/OsIndications-8be4df61-93ca-11d2-aa0d-00e098032b8c
Code:
reboot
!!!as always, be very careful what you do in the bios - the chance for creating a stylish and expensive chopping board is quite high!!!
unfortunately, it seems like you always have to type those commands to enter the bios.
danjac said:
hi folks, thanks to @joesnose we can now enter the yoga book's bios/uefi. you might say 'thank you' to him for this!!!
more about his tries can be found here: https://forum.xda-developers.com/thi...ncept-t3565366
to do so just follow the following steps:
1. boot twrp
2. go to advanced and open the terminal
3. type the following commands
Code:
mount -t efivarfs efivarfs /sys/firmware/efi/efivars
Code:
printf "\x07\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\ x00" > /sys/firmware/efi/efivars/OsIndications-8be4df61-93ca-11d2-aa0d-00e098032b8c
Code:
reboot
!!!as always, be very careful what you do in the bios - the chance for creating a stylish and expensive chopping board is quite high!!!
unfortunately, it seems like you always have to type those commands to enter the bios.
Click to expand...
Click to collapse
About entering the bios. On my YT3P after entering this command just once I am then able to boot bios from twrp reboot screen. This is not working for you danjac?
Also if you make the changes in the bios to get usb keyboard working you can also disable fast boot which allows you to press f7 at boot which allows entry to bios. gets you to boot device selection and pressing esc will take you to other bios options.
And everyone should give thanks to @danjac for trying this on the yogabook.
Sent from my Nexus 6P using Tapatalk
really tnx @danjac , helpful i will try this later
how ever did you flash twrp as your default recovey?
Code:
mount -t efivarfs efivarfs /sys/firmware/efi/efivars
Code:
printf "\x07\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\ x00" > /sys/firmware/efi/efivars/OsIndications-8be4df61-93ca-11d2-aa0d-00e098032b8c
Code:
reboot
Not working for me (Yoga book android WiFi only).
What means printf symbols? Unicode characters? If yes, space between "\x00\ x00" is needed?
I tried to insert commands three times, and tried to use "Reboot BIOS" in TWRP. No profit. Device booting in android.
razielvamp said:
Code:
mount -t efivarfs efivarfs /sys/firmware/efi/efivars
Code:
printf "\x07\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\ x00" > /sys/firmware/efi/efivars/OsIndications-8be4df61-93ca-11d2-aa0d-00e098032b8c
Code:
reboot
Not working for me (Yoga book android WiFi only).
What means printf symbols? Unicode characters? If yes, space between "\x00\ x00" is needed?
I tried to insert commands three times, and tried to use "Reboot BIOS" in TWRP. No profit. Device booting in android.
Click to expand...
Click to collapse
try entering commands from adb shell with tablet on android.
Then on your pc copy and paste
printf "\x07\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\ x00" > /sys/firmware/efi/efivars/OsIndications-8be4df61-93ca-11d2-aa0d-00e098032b8c
Sent from my Nexus 6P using Tapatalk
razielvamp said:
Code:
mount -t efivarfs efivarfs /sys/firmware/efi/efivars
Code:
printf "\x07\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\[COLOR="Red"] x00[/COLOR]" > /sys/firmware/efi/efivars/OsIndications-8be4df61-93ca-11d2-aa0d-00e098032b8c
Code:
reboot
Not working for me (Yoga book android WiFi only).
What means printf symbols? Unicode characters? If yes, space between "\x00\ x00" is needed?
I tried to insert commands three times, and tried to use "Reboot BIOS" in TWRP. No profit. Device booting in android.
Click to expand...
Click to collapse
no 'space'!!!!
there is/was one in the original thread (see the last x00) ...so it also was the reason why it didn't work for me from adb shell. presumably i just ignored the space when typing it manually in twrp...
now it also works from pc/adb...
I corrected the OP! thanks for reporting back!
Ok. I get BIOS but OTG keyboard not working. Halo keyboard too.
I can use only vol up, vol down and power buttons. But I need "ESC" button too, in other case I can not escape submenus.
I got!
long press VolUP = return.
But still do not understand how select usb device in boot order. It seems like BIOS not support OTG function, so how can I change for boot from USB drive when it not detected?
razielvamp said:
Ok. I get BIOS but OTG keyboard not working. Halo keyboard too.
I can use only vol up, vol down and power buttons. But I need "ESC" button too, in other case I can not escape submenus.
I got!
long press VolUP = return.
But still do not understand how select usb device in boot order. It seems like BIOS not support OTG function, so how can I change for boot from USB drive when it not detected?
Click to expand...
Click to collapse
Device manager......
System setup........
android.......
Uefi secure BOOT=disable.
South cluster configuration.......
Usb configuration.....
default drd CONFIG=hostmode
Usb VBUS=on.
that's it save changes and exit. Next time you boot to bios you can use keyboard connected via otg to use bios. You can also select next boot device in bios boot manager.
If you want to be able to interupt boot process to select boot device also disable fast boot under boot category in bios . This will mean you get a black screen with progress bar on power on but allows use f7 to select boot device.
After booting another os from usb it often takes 3 boots to get back to android, don't panic.
Sent from my Nexus 6P using Tapatalk
joesnose said:
Device manager......
System setup........
android.......
Uefi secure BOOT=disable.
South cluster configuration.......
Usb configuration.....
default drd CONFIG=hostmode
Usb VBUS=on.
that's it save changes and exit. Next time you boot to bios you can use keyboard connected via otg to use bios. You can also select next boot device in bios boot manager.
If you want to be able to interupt boot process to select boot device also disable fast boot under boot category in bios . This will mean you get a black screen with progress bar on power on but allows use f7 to select boot device.
After booting another os from usb it often takes 3 boots to get back to android, don't panic.
Sent from my Nexus 6P using Tapatalk
Click to expand...
Click to collapse
Hello Guys and Girls,
Sorry for my english, which is not my mother tongue.
Just to say that after reading a lot in XDA folder (thanks to the people who provided how to root/use TWRP and access Bios)
I managed to boot from USB key but I have a acpi-bios-error ( no matter what I changed in the bios related to acpi) while intalling windows 10 32/64 bits.
I would like to know if someone met this issue and solved it somehow ?
By any chance, is there someone (who was able to boot to W10) who can tell which software they use to make their usb bootable ?
I gave up for the moment (I spent too much time on it, need to rest lol)
Thank you for reading my post,
Sweetgeex said:
Hello Guys and Girls,
Sorry for my english, which is not my mother tongue.
Just to say that after reading a lot in XDA folder (thanks to the people who provided how to root/use TWRP and access Bios)
I managed to boot from USB key but I have a acpi-bios-error ( no matter what I changed in the bios related to acpi) while intalling windows 10 32/64 bits.
I would like to know if someone met this issue and solved it somehow ?
By any chance, is there someone (who was able to boot to W10) who can tell which software they use to make their usb bootable ?
I gave up for the moment (I spent too much time on it, need to rest lol)
Thank you for reading my post,
Click to expand...
Click to collapse
With windows I always get the acpi bios error! I have tried many bios options but obviously with caution. Always the error. I keep trying with my "win to go" usb stick.
This error is also quite generic so its hard to know what is causing it.
Sent from my Nexus 6P using Tapatalk
Many Thanks for the answer,
I guess this will be a blocking issue for everyone.
I "heard" on other forums that we might need to upgrade the bios, I don't think it will be possible from Android side.
(I saw there is a tool on Lenovo support site)
Sweetgeex said:
Many Thanks for the answer,
I guess this will be a blocking issue for everyone.
I "heard" on other forums that we might need to upgrade the bios, I don't think it will be possible from Android side.
(I saw there is a tool on Lenovo support site)
Click to expand...
Click to collapse
Or possibly the current bios needs dumping and editing to allow "hidden options". I did see some pics during searching of a similar cherry view bios but there was a "select os" option that does not show in mine.
Sent from my Nexus 6P using Tapatalk
joesnose said:
Or possibly the current bios needs dumping and editing to allow "hidden options". I did see some pics during searching of a similar cherry view bios but there was a "select os" option that does not show in mine.
Sent from my Nexus 6P using Tapatalk
Click to expand...
Click to collapse
Wooh, maybe we are almost there !
I guess the time has come to wait and see....
---------- Post added 25th April 2017 at 12:09 AM ---------- Previous post was 24th April 2017 at 11:56 PM ----------
Sweetgeex said:
Wooh, maybe we are almost there !
I guess the time has come to wait and see....
Click to expand...
Click to collapse
Just a check, did you go under system-setup >> south cluster configuration >> SCC configuration >> SCC eMMC Support & SCC SD Card Support (internal and SDcard)
here we can set ACPI mode/PCI Mode or disable
I'm afraid that it will remove android, but it might be a key issue.
Sweetgeex said:
Wooh, maybe we are almost there !
I guess the time has come to wait and see....
---------- Post added 25th April 2017 at 12:09 AM ---------- Previous post was 24th April 2017 at 11:56 PM ----------
Just a check, did you go under system-setup >> south cluster configuration >> SCC configuration >> SCC eMMC Support & SCC SD Card Support (internal and SDcard)
here we can set ACPI mode/PCI Mode or disable
I'm afraid that it will remove android, but it might be a key issue.
Click to expand...
Click to collapse
Sorry missed your post there.
I have tried many things in bios so its hard to remember them all. I think i tried pci mode and also disabled.
Also it might be good if people post what they are trying which could be then added to the first post.
And, i was changing one option at a time then reverting the changes after failed boot, there is a possibility that multiple changes are needed.
Sent from my Lenovo YT3-X90F using Tapatalk
No worries,
Are we agreed that if the installation succeed, it will remove android, right ?
Sweetgeex said:
No worries,
Are we agreed that if the installation succeed, it will remove android, right ?
Click to expand...
Click to collapse
agreed.
Like I said I was mostly trying with my "win to go" usb drive. That is a complete win 10 os on a usb stick, boots just fine on other pc's I have.
I would not recommend full install at the moment for two reasons. 1) who knows what kind of driver issues/problems there will be. 2) would returning to android work if whole device was overwritten, losing bootloader etc.
Sent from my Nexus 6P using Tapatalk
Alright, thank for clearing this up.
I guess that for the moment, we need to set the issue with ACPI, I will keep looking to other topics and forums here and there.
If I found anything, I will post it here.
Many thanks for your answers.
Boot with linux??
Good morning, has anyone tried doing this but with any linux distro? i'm not sure which one is compatible with our device
joao1979 said:
Good morning, has anyone tried doing this but with any linux distro? i'm not sure which one is compatible with our device
Click to expand...
Click to collapse
I have booted several versions of linux and android x86 on my yogatab3pro.
Would like to hear your findings.
on yt3p all need the nomodeset flag in order to boot. This of course means no hardware accelleration.
for me no touch , no sound and no hardware accelleration but they will boot.
Oh and there is some cherrytrail targeted distros. One by linuxium and another called xjubutab.
For reference.
https://forum.xda-developers.com/th.../ubuntu-yoga-tab-3-pro-proof-concept-t3565366
Sent from my Nexus 6P using Tapatalk
unfortunately i didn't find anything useful for us but i´ll keep searching for a solution, i don´t know if it´s possible to update or downgrade an android bios (i´m not an expert on this matter)

[NEWBIE GUIDE] How to Unlock Bootloader/Root and install Addons FireStick 4k

None of this is my work and all recognition goes to the awesome developers that made this possible, I will link their guides in here with some minor notes for newbies like me that may had some issues trying to unlock and root the Fire Stick (FS) 4K
DISCLAIMER: BE WARNED THAT YOU HAVE TO OPEN YOUR FIRE STICK AND IT WILL VOID YOUR WARRANTY, THIS IS NOT FOR THE FAINT OF HEART AND NEITHER THE DEVELOPERS OR MYSELF ARE RESPONSIBLE IF YOU BRICK YOUR DEVICE OR VOID YOUR WARRANTY
Ok, now let's begin:
UPDATE: Per Sus_i, this makes perfect sense:
"Since the exploit can't be patched, it's in my opinion the best to do the setup at the beginning, pair the remote, then update to the latest over fireOS. That way you avoid a pending update nag setup screen after doing the exploit. Then enable ADB and unknown sources. After kamakiri I would flash only magisk.zip + sideload the manager app with adb... and avoid any prerooted rom flashing until there is an update to a somewhat higher version (and the current 6.2.6.8v1 has that contact manufacturer error screen)."
First very important, I wish I would have known this before but make sure you have a Laptop and a Monitor to Connect the FS to, so basically the USB Power cable from the FS connect it to your laptop and connect the HDMI portion to a monitor or TV
I also strongly recommend to have your FS deregistered before continuing as this will prevent your FS from automatically updating after rooting
In order to unlock the bootloader follow "THIS GUIDE"
I made a quick video on how to open your device and how to Short it using Aluminum Foil:
https://www.youtube.com/watch?v=h4I6ifBLWJ4
Process is pretty self explanitory, make a USB ISO from the image provided on that thread, boot into it and open terminal, make sure you put the file he provides on a RW location, my mistake was that I put it inside a RO folder and it would not load the script, so I mounted the kamakiri-mantis-v1.2.zip unto the /mnt directory of the usb and I was able to run the script successfully, make sure to run the commands quickly as the first time that I it finished the ./bootrom-step.sh script and I left it sitting for 10 minutes to grab a bite, I couldn't run the second script and had to start all over. After the second ./fastboot-step.sh script, your device will be on the TWRP recovery, now on the same terminal page or a new one enter these commands:
Code:
adb devices
adb shell
exit
You should see your device's serial number from the first command with "device" to the right of it and the second command will basically put you inside the device's directory assuming you have established a successful connection. The last command just put you back to your starting point, now open the firefox browser on the FireOS USB and navigate to the URL below
Download the Pre-Rooted Image from "HERE" This image contains Magisk already so you don't have to worry about installing it separately, the image is larger than the available partition on this USB so this is a good time to either get a second USB or if you want to download the file to your local hdd and pull them from there its up to you, then run these commands:
Code:
adb push <your download location you decided earlier here>/mantis-6.2.6.8-rooted_r1.zip / sdcard/
adb reboot recovery
adb shell
twrp install /sdcard/mantis-6.2.6.8-rooted_r1.zip
twrp wipe cache
twrp wipe dalvik
reboot -p
This basically installs the pre-rooted image to your device, after the last command, you should see on your monitor the Fire Stick Reboot and boot to the Amazon GUI Splash Screen, now very important if you followed my previous instructions of deregistering your device before performing all these steps, it should bring you up to the Amazon Initial Setup Screen, now what you want to do is do the following commands before continuing on terminal:
Code:
adb devices *you should see something your screen where the FS is connected to, click accept or enter can't remember*
Now it should show you in terminal your serial number and "device" next to it, meaning you can run adb commands in which you will run the following to disable OTA updates:
Code:
adb shell
su *after this command you should see something again on your screen, click the check the box "Always Remember" and click ok" *
if "su" was successful, you should see something like this:
mantis:/ $ su
mantis:/ # *the hash means you're running as root, if you don't have a "#" you are not running as root"
Than continue with these commands and should get the following results:
pm disable com.amazon.tv.forcedotaupdater.v2
***Package com.amazon.tv.forcedotaupdater.v2 new state: disabled***
pm disable com.amazon.device.software.ota
***Package om.amazon.device.software.ota new state: disabled***
pm disable com.amazon.device.software.ota.override
***Package com.amazon.device.software.ota.override new state: disabled***
After running all these commands exit adb and continue with the normal Amazon Setup including adding your amazon account. After you get to the screen where you can see all the apps, open a new web page browser in firefox and download "This Add-On" , this one is less than 200MB so it should fit on the Fire OS USB, so I would download it and copy it to /mnt for ease of access, go back to terminal and type this:
Code:
adb devices
adb push <your download location you decided earlier here>/AFTV-MM-1.7-6.2.6.8.zip/ sdcard/
adb reboot recovery *it will boot into TWRP*
adb shell
twrp install /sdcard/AFTV-MM-1.7-6.2.6.8.zip
twrp wipe cache
twrp wipe dalvik
reboot -p
Your device will reboot and if everything went smoothly, you should have a rooted amazon fire stick 4k, Congrats :good:
Nice guide
Here are a few thoughts from me...
It's important to use the latest kamakiri. The mentioned prerooted 6.2.6.5 is probably a downgrade. A few sticks needs an update of the TZ in order to play prime video. The TZ update is only in the v1.2 Kamakiri or in the 6.2.6.6 prerooted.
Edit: S̵i̵n̵c̵e̵ ̵t̵h̵e̵ ̵e̵x̵p̵l̵o̵i̵t̵ ̵c̵a̵n̵'̵t̵ ̵b̵e̵ ̵p̵a̵t̵c̵h̵e̵d̵,̵ ̵i̵t̵'̵s̵ ̵i̵n̵ ̵m̵y̵ ̵o̵p̵i̵n̵i̵o̵n̵ ̵t̵h̵e̵ ̵b̵e̵s̵t̵ ̵t̵o̵ ̵d̵o̵ ̵t̵h̵e̵ ̵s̵e̵t̵u̵p̵ ̵a̵t̵ ̵t̵h̵e̵ ̵b̵e̵g̵i̵n̵n̵i̵n̵g̵,̵ ̵p̵a̵i̵r̵ ̵t̵h̵e̵ ̵r̵e̵m̵o̵t̵e̵,̵ ̵t̵h̵e̵n̵ ̵u̵p̵d̵a̵t̵e̵ ̵t̵o̵ ̵t̵h̵e̵ ̵l̵a̵t̵e̵s̵t̵ ̵o̵v̵e̵r̵ ̵f̵i̵r̵e̵O̵S̵.̵ ̵T̵h̵a̵t̵ ̵w̵a̵y̵ ̵y̵o̵u̵ ̵a̵v̵o̵i̵d̵ ̵a̵ ̵p̵e̵n̵d̵i̵n̵g̵ ̵u̵p̵d̵a̵t̵e̵ ̵n̵a̵g̵ ̵s̵e̵t̵u̵p̵ ̵s̵c̵r̵e̵e̵n̵ ̵a̵f̵t̵e̵r̵ ̵d̵o̵i̵n̵g̵ ̵t̵h̵e̵ ̵e̵x̵p̵l̵o̵i̵t̵.̵ ̵T̵h̵e̵n̵ ̵e̵n̵a̵b̵l̵e̵ ̵A̵D̵B̵ ̵a̵n̵d̵ ̵u̵n̵k̵n̵o̵w̵n̵ ̵s̵o̵u̵r̵c̵e̵s̵.̵ ̵ After kamakiri I would flash only magisk.zip + sideload the manager app with adb... and avoid any prerooted rom flashing until there is an update to a somewhat higher version (and the current 6.2.6.8v1 has that contact manufacturer error screen).
Edit: Update: meanwhile, the fix for the mentioned 'contact manufacturer' error is known...
Take a look here and here.
Edit/Update: Due to efuses (blocking the bootrom access), it isn't recommended to do any update infront of the unlock...
Sus_i said:
Nice guide
Here are a few thoughts from me...
It's important to use the latest kamakiri. The mentioned prerooted 6.2.6.5 is probably a downgrade. A few sticks needs an update of the TZ in order to play prime video. The TZ update is only in the v1.2 Kamakiri or in the 6.2.6.6 prerooted.
Since the exploit can't be patched, it's in my opinion the best to do the setup at the beginning, pair the remote, then update to the latest over fireOS. That way you avoid a pending update nag setup screen after doing the exploit. Then enable ADB and unknown sources. After kamakiri I would flash only magisk.zip + sideload the manager app with adb... and avoid any prerooted rom flashing until there is an update to a somewhat higher version (and the current 6.2.6.8v1 has that contact manufacturer error screen).
Click to expand...
Click to collapse
Ops Typo let me edit it, I meant to put 6.2.6.8 on the command lol, and aaaa I see I didn't know the exploit couldn't be patched great info, so than yes I will revise my instructions thank so much
UPDATE: I just checked my FS and I'm on 6.2.6.8v1 and didn't receive contact the manufacturer, is it because I sideloaded the manager app after?
nandroidint said:
UPDATE: I just checked my FS and I'm on 6.2.6.8v1 and didn't receive contact the manufacturer, is it because I sideloaded the manager app after?
Click to expand...
Click to collapse
No. If I remember correct, it has something to do with flashing, i.e. the vendor partition wasn't flashed propperly.
Maybe you flashed not the prerooted!? With the Kamakiri TWRP version is flashing full ota update packages (renamed to zip) also possible... and in the prerooted thread is such a full 6.2.6.8 ota linked.
Edit: Could be that this error is prime video related, idk. rbox said he looks into it soon...
Just for clarification: The prerooted rom is a perfect thing since years.
My suggestion 'avoid any rom flashing' from my last post is just an attempt to keep it simple for beginners.
By the way, if the stick gets all updates in front of the unlock, it makes no sense to update it after the unlock again (unless addon.d support is needed).
I hope that has become clear I very much appreciate all the prerooted stuff
thanx for the tut nandroidint this is exactly what I needed, I wasn't sure how to do the shorting so the video helped out a lot now I'm ready to do this. But I'm sorta a noob when it comes to android so I got few questions tho, 1) what are the main benefits in rooting the fIrestick 4K 2) are there different roms to install? 3) are there root only .apks? 4)also one main thing I would like to be able to do is spoofing the Mac address any idea if that's possible?
5)Oh and lastly what OTB cable do you recommend? sorry for all the questions ?
'std::bad_alloc'
After running the adb push of the manthis.zip Im getting terminate called after throwing an instance of 'std::bad_alloc'.... What Im I doing wrong?
i gave root can i remove amazon services
i dont want google launcher jsut remove services
Sooo there’s no way to expand the storage? Even after rooted? Just bought an otg cable ?
Can I please get some support guys ? previous questions I don’t need answered I found someone on twitter who explained a few things but can someone please answer this.
Hello, after root i got massage on screen
: android system
There is na internal problem with Your device. Contact Your manufacturer for detalis.
And when im trying to register in Amazon it bringing me back to pairing screen, farest i can go it is wifi connection.
Did i brick my Stick?
davinci2798 said:
Hello, after root i got massage on screen
: android system
There is na internal problem with Your device. Contact Your manufacturer for detalis.
And when im trying to register in Amazon it bringing me back to pairing screen, farest i can go it is wifi connection.
Did i brick my Stick?
Click to expand...
Click to collapse
Did you deregister before rooting like the tut says? This is why I’ve been hesitant on rooting because of the lack of support on this forum
Yep, it was new Stick, out from box. Not registered at all. I managed massage, but still comminng to pairing screen.
itsyaboy said:
Sooo there’s no way to expand the storage? Even after rooted? Just bought an otg cable
Can I please get some support guys previous questions I don’t need answered I found someone on twitter who explained a few things but can someone please answer this.
Click to expand...
Click to collapse
You can use adoptable storage on 4K stick with Add-Ons installed and activated AFTV-XM Xposed Module. It brings adoptable storage support to Settings UI.
tsynik said:
You can use adoptable storage on 4K stick with Add-Ons installed and activated AFTV-XM Xposed Module. It brings adoptable storage support to Settings UI.
Click to expand...
Click to collapse
Nice! That’s awesome thanx for the info and reply.
davinci2798 said:
Yep, it was new Stick, out from box. Not registered at all. I managed massage, but still comminng to pairing screen.
Click to expand...
Click to collapse
Hey so have you figured out what was the problem yet? If so could u explain how you managed to fix it? I’m going to root sometime this week and would hate to run into this issue.
USB drive for storage
itsyaboy said:
Sooo there’s no way to expand the storage? Even after rooted? Just bought an otg cable
Can I please get some support guys previous questions I don’t need answered I found someone on twitter who explained a few things but can someone please answer this.
Click to expand...
Click to collapse
Yes, You can use a USB drive for App loading and Movie storage.
See Troypoint.com for good video.
I suggest a single USB OTG Cable and a USB HUB for your drive.
Then you can add a Keyboard and Mouse which make it MUCH easier to type commands.
Good Luck
How might one do this on a Mac?
Thanks
gogorman said:
How might one do this on a Mac?
Thanks
Click to expand...
Click to collapse
Do what? The only thing u can do on the MacOS is to create the bootable iso usb, you can follow these steps to do so https://www.google.com/amp/s/www.le...-on-an-apple-mac-os-x-from-an-iso?hs_amp=true
After your create the bootable usb just reboot and hold down option and select the bootable usb, once in open up Firefox and download the kamakiri-mantis-v1 and open a terminal window and change the directory to where u have the kamakiri folder, in terminal type cd then just drop in the kamakiri and hit enter. From there u can just follow the tut, FYI the bootable usb you create is a Linux OS so that’s how you can do it on a Mac, you just can’t do the rooting on MacOS, just clarifying Incase that was your question.
Sorry I haven't rooted phones in a while and am trying to root my fire stick 4k. Can we get some pictures tutorial pretty please
Sent from my ONEPLUS A5010 using Tapatalk
Step by step instructions would be great?
chinkster said:
Sorry I haven't rooted phones in a while and am trying to root my fire stick 4k. Can we get some pictures tutorial pretty please
Sent from my ONEPLUS A5010 using Tapatalk
Click to expand...
Click to collapse
I would love that too, I have rooted with Unix before but that was on a Drone(Solo).
I understand about creating a bootable USB drive and booting my PC/Mac by changing the bios to boot first off the USB as step 1.
Step 2 is loading software onto the USB while booted under Unix/Linux???
Step 3 How do you then connect to the firestick?
When do you plug the firestick into the tv and when do you short out the jumper??
I know to some of you these sound very basic but it would be helpful for those of us just learning this environment.
Thanks in advance...
RPM99 said:
I would love that too, I have rooted with Unix before but that was on a Drone(Solo).
I understand about creating a bootable USB drive and booting my PC/Mac by changing the bios to boot first off the USB as step 1.
Step 2 is loading software onto the USB while booted under Unix/Linux???
Step 3 How do you then connect to the firestick?
When do you plug the firestick into the tv and when do you short out the jumper??
I know to some of you these sound very basic but it would be helpful for those of us just learning this environment.
Thanks in advance...
Click to expand...
Click to collapse
The link he provided explains all that https://forum.xda-developers.com/fire-tv/orig-development/unlock-fire-tv-stick-4k-mantis-t3978459 all except for when to connect to the tv, but I assume it’s after running the kamakiri script, btw it’s not software, you just download the kamakiri mantis while in the Linux usb os, open a terminal and change the directory of the terminal to the kamakiri folder in order to run the ./bootrom-step.sh and ./fastboot-step.sh commands
Edit: just follow the main guide from the link above then read this guide after, that’s the best way to understand it.

Categories

Resources