Hi. I recently bought couple of tv boxes and decided to modify their firmware for my needs (root in progress).
All devices are Amlogic S905X based, so i found multiple TWRP builds for s905x and tried to boot from sdcard.
Obviously i failed: none of them were loaded and device just stuck at logo screen. So i decided to build my own version of TWRP based on stock recovery. As far as i'm writing this message obviously i failed again.
I'm unable to unpack stock ramdisk and kernel, looks like they were encrypted and are decrypted by second stage bootloader during boot. Though i'm experienced in cracking but i never had a deal with bootloader disassembly and analysis, so i need help unpacking this at least tell me how to disassemble bootloader correctly.
I've attached recovery and boot images.
boot - https: //yadi.sk/d/zpwSfpHhAx4QGQ
recovery = https: //yadi.sk/d/67jx76xOYUU0Mw
Related
Hi guys,
First up here are the details of the phone that I am currently using:
Zeaplus M7
MediaTek MT6752
Android 5.0
Root = YES
Unlocked = YES
Secure = NO
The Problem
I have compiled CWM using the CM-11.0 branch, and TWRP using the OmniRom and TWRP Minimal sources, but I always end up with the same problem, regardless of whether I flash CWM or TWRP.
After flashing either of the recovery.img files to the phone, I can attempt to boot into recovery and what happens is the phone restarts, sits at the splash logo (boot screen) and sits there for around 15-30seconds (using the stock recovery, it will already have booted by this point), and then it will just restart the phone and it will continue to boot to the system as normal.
This happens on both CWM and TWRP. What is causing both the recoveries to hang at the boot screen without actually entering the recovery? Is there a way I can get a logcat or log of what is happening during the recovery bootup so I can check if there are any error messages going on behind the scenes that I am missing out on?
If you need anymore information please let me know!
Thanks
Just committed the most recent files for a CWM (11.0) build. (Also contains some older files used for the TWRP build)
https://github.com/alien-13/android_device_zeaplus_m7
Hopefully that may help out a little bit more. Not 100% sure what could be causing the issue as the P6000 has a working TWRP, and I have based this device tree around the P6000 device tree (with specific changes made to suit the M7).
Not sure if this will help, I also have the z+m7 , have tried the ele p 7000 Rom on it and it works fine, twrp installs fine, but will not download from playstore , both are from needrom made by s7yler, when I go back to m7 Rom with the p7000 twrp package exactly the same happens as happens to your phone, have noticed in m7 Rom and Mijue t500 Rom which are the same, there is a file called Encrypt, which I have never seen in other roms.could this be a problem
There is now a twrp for the zeaplus m7 on the zeaplus forum
Hi all. After spending a couple of days reading abd understanding aboot, boot and kernel operations, I'm now curious about if there can be a boot time console before the kernel is loaded into memory i.e. if there can be a process that somehow will enable us to fork in between the aboot and the boot, and wait for user interaction to load the user specified boot, and then will hand over the execution to the specified boot. Can it be possible anyhow?
Aboot is checked by SBL at boot.
Looking for the same for a phone with bricked eMMC.
https://forum.xda-developers.com/android/help/how-to-boot-sd-card-qmobile-z8-bricked-t3712171
Found any solution?
Please remove this thread, its misleading as hell
Yes, very possible....
The old bootloader for dual booting a PS3 offered just the thing.
It's android equivalent would be a kernel with exec & a modified recovery that provides a transparent command line instead of using scripts.
Take a look at jollaman's dual boot recovery & aroma installer for the nexus 5x.
Good place to start for a pure android solution.
Otherwise, there are versions of u-boot that run on certain phones, or grub2 alternatively.
Aboot & sbl gotta get gutted though.
Hi all,
I put my hands on a Philips 10BDL4151T, an Android 7.1.2 tablet powered by a RockChip rk3368.
My goal is to root it, and these are my findings/what I tried so far:
-AIO root tools (KingRoot et al.) don't work
-Bootloader unlock works fine
-RockChip AndroidTools for flash dump works fine
-fastboot can boot images only up to 16MB
-Dumped recovery.img doesn't boot (it's 32MB)
-No official sources/updates/OTA images are available.
-None of the available TWRPs for rk3368 devices found in the wild boot: the ones in AOSP format are too large and the others in KRNL format seems not compatible (nothing on screen and usb stops working)
The last thing that came to my mind was dumping boot.img and patching it with Magisk Manager, but i haven't flashed it back yet because I'm too afraid of bricking it (and I don't know if AndroidTool can be used to restore a bricked device)
What should i do? Is writing back patched boot.img safe? Can I eventually recover from it?
Or are there other ways?
Thank you
Any news on this one? I also have the same device and what to have google play store...
Hello all,
I have a question about flashing Lenovo IdeaTab A1000LF (MTK6577 device). I would like to add busybox into initramfs and slightly change init strategy. boot.img from official ROM A1000LF_A412_01_05_130705_USER_DCC was unpacked with abootimg from Fedora repo. I added busybox for armv7l into initramfs/sbin and packed it again with the same tool. New boot.img was flashed into device with Flash Tools 3 (works on virtual machine with Win7) in Firmware Update mode with DA DL All With check sum option. Download mode did not work (there was errors in scatter file, __NODL_FAT partition exactly). Tablet was starting after flashing fow a few seconds. First boot logo was shown and then reboot again. Everything seems to work fine in case of flashing original boot.img. There might be some problems with Checksums or packing/unpacking initramfs (even if I create new boot.img without changes, tablet will not boot correctly). Do you have any ideas?
P.S. I didn't find suitable general thread for such kind of devices and tasks. Maybe you can suggest something.
I'm on a quest to root my Hisense A9 e-ink phone. There isn't a stock ROM available online, and my attempts at extracting the recovery.img or boot.img with an EDL client or through ABD have failed. So the next thing I can think of trying is bundling a TWRP build, or possibly borrowing the TWRP from a similarly architected device and seeing if I can boot into it (without flashing).
So is there a way to build TWRP for an unsupported device, when there's no recovery.img available?
Also, is it safe to ./fastboot boot recovery.img without risk of bricking the phone (ie., booting instead of flashing)? If so, then I can try existing TWRP builds for similar devices.
Alternatively, are there any other avenues for rooting a new device which has no available stock ROM? Or other possible workarounds to get Google Services working correctly? I've tried MicroG, but the Hisense A9's ROM doesn't support signature spoofing, and to enable support I need TWRP.
Here's a thread which details some of my failed attempts at getting the boot.img via the EDL client.
And some more details about the phone:
Hisense A9 / HLTE556N
Processor: Qualcomm Snapdragon 662
Android 11
Software version: L2037.6.03.11.00
Kernel: 4.19.157
A/B partitions
Thanks everyone!
Did you tried those experiments…..
I have same question…kinda….
As their is no twrp recovery for my device (vivo 1802 mtk device) I was thinking of booting into twrp recovery not made for my device specifically Without flashing it.
To get the job done maybe some backups or flashing using twrp. But I don’t know what will be the consequences of it…… If anyone got idea or hands on experience on it, I would like to know