Related
I cannot proceed with restoring my Streak 7 without the following information. Please, this is not meant to be a discussion thread. If you can help out, thanks, if not, please contribute any discussion in my other thread "NVFlash Only Method of Access". This will help to keep the information somewhat organized.
1) I need the partition data from a working unit
Mode: nvflash (Vol Up & Down while plugging in usb)
Command: nvflash --getpartitiontable partitiontable.txt
The outputted text file should specify the exact sectors that the images need to be written to.
Download NVFlash here: NVFlash
2) I need the actual partition img files for all but the System, Boot, & Recovery.
Mode: SAA (nvflash)
Command: nvflash --read x part-x.img (where x is the partition number so you will have to run the command for each partition 2-7)
If you can pull these files for me, I can provide an upload method if you do not have your own.
Again, thank you.
check your pm for other files.
Thank you, thank you, thank you. Except I am not able to download any of the part files. I was able to get the bootloader so the path is accurate, I think the problem is that the .img files will not transport, you will have to zip them. I had the same problem on my server.
try the img files now.
runee said:
try the img files now.
Click to expand...
Click to collapse
Awesome! Downloading now.
No p15.img. Just about got everything else downloaded, can you get that posted up as well? Thanks again!
See next post. Crappy internet connection.
I have successfuly restored my Streak 7 using nvflash and the img files provided by Runee. I will work up a how-to as soon as I can make the img files available. Currently I am trying to restore root, but it is not going too well.
Patience and cooperation have been the keys to my success.
It may be a while before I can make the img files available, if someone can get them online before me, awesome. You will need to start with the correct bct and cfg files. I have them included in the nvflash zip below. Also I have created a batch command included in the zip (Restore.bat) that you can launch once you have the 2 through 14 img files in the same directory as nvflash.exe.
http://illdill.org/streak7/files/nvflash.zip
Hello everyone,
This is a AP.bin extractor
rewritten in plain C based on xonar_'s work and support both linux and win32
navossoc@xda introduced the "LGExtract.exe". the encrypyted/compressed kdz can be extracted/decrypted to AP.bin/CP.fls by LGExtract.exe
xonar_ made BIN/FLS extractor
http://forum.xda-developers.com/showthread.php?t=1879915
and release source(win32)
•http://forum.xda-developers.com/showpost.php?p=31432471&postcount=11 (original Java version by xonar_)
•http://forum.xda-developers.com/showpost.php?p=33426102&postcount=37 (win32 C port by navossoc)
•http://forum.xda-developers.com/showpost.php?p=34022349&postcount=141
Basically, the AP.bin file is plain raw file, the bootable images can be extracted by searching specific pattern "ANDROID!".
based on this work, I can figure out the AP.bin header information without searching specific pattern to extract boot.img/ext4 partitions/bootloader etc.
Usage
Download attached file. It include both win32 and linux binary and it's source(GPL).
• show AP.bin information
Code:
extract P990_AP.bin
• extract specific section
Code:
extract P990_AP.bin 3
• or extract all images
Code:
extract P990_AP.bin -1
TODO
• show filenames or partitions
References
mman-win32 is used to port win32 binary
• mman-win32 (GPLv2) by kutuzov - http://code.google.com/p/mman-win32/
• http://forum.xda-developers.com/showpost.php?p=34078601&postcount=148
ChangeLog
•*oops! no source change. just replace with working extract.exe (reported by spyrosk and Kostja_V)
Credits
• navossoc - the Author of LGExtract.exe and win32 C port of extractor.
• xonar_ - BIN/FLS extractor and it's java source.
This is a cool tool, wkpark, but I don't understand the difference to the already available tool here:
(it already does extract AP.bin files of the latest ICS leaks, dumping all the available partitions.
But I guess your tool does dump more things like header and bootloader? Could you please write the differences of those two tools?
Also it would be cool to get a tool which is capable of re-merging changed partitions (system.img, boot.img, recovery.img, cracked bootloader) again to a AP.bin --- would that possible? We could create Smartflah-Custom-ROMs then!)
Stefan Gündhör said:
This is a cool tool, wkpark, but I don't understand the difference to the already available tool here:
(it already does extract AP.bin files of the latest ICS leaks, dumping all the available partitions.
But I guess your tool does dump more things like header and bootloader? Could you please write the differences of those two tools?
Also it would be cool to get a tool which is capable of re-merging changed partitions (system.img, boot.img, recovery.img, cracked bootloader) again to a AP.bin --- would that possible? We could create Smartflah-Custom-ROMs then!)
Click to expand...
Click to collapse
as I already mentioned, just rewritten in plain C to make it more portable to support both linux and win32
and make it more unix friendly
and this tool print the exact address and size of images to make it possible to use "dd" to fix AP.bin without any specific tools
e.g.)
Code:
$ extract SU660_AP.bin
filesize: 939524096
[01] address=0x00100000 size=0x00300000
[02] address=0x00400000 size=0x00080000
[03] address=0x00480000 size=0x00180000
[04] address=0x00600000 size=0x20000000
[05] address=0x20600000 size=0x00800000
[06] address=0x20e00000 size=0x01400000
[07] address=0x22200000 size=0x15e00000
$ extract SU660_AP.bin 6 # 6 is recovery.img
...
$ dd if=cwm.img of=SU660_AP.bin bs=1024 seek=$(printf "%d" $((0x20e00000 / 1024))) conv=notrunc
now we got CWM injected AP.bin!
But currently you cant use this method for ICS firmwares
wkpark said:
as I already mentioned, just rewritten in plain C to make it more portable to support both linux and win32
and it is more unix friendly
Click to expand...
Click to collapse
Aaaah okay cool
What about the re-merging thing, do you think you could maybe look into that?
Edit: Ah I see you updated your post, thanks!
Simply awesome. Thanks wkpark!
Very good utility, bravo!
I have been able to decipher everything except partitions 1 and 2, in total there are 7 partitions
1. 01.img
2. 02.img
3. bootloader.img
4. boot.img
5. recovery.img
6. data.img
7. ext3_system.img
I have created a shell for Linux
Use
Copy the file P990_AP.bin into the AP_Toolkit folder /
Run menuen.sh or menues.sh
Look very useful! Tnx dude!
Homero2 said:
Very good utility, bravo!
I have been able to decipher everything except partitions 1 and 2, in total there are 7 partitions
1. 01.img
2. 02.img
3. bootloader.img
4. boot.img
5. recovery.img
6. data.img
7. ext3_system.img
I have created a shell for Linux
Use
Copy the file P990_AP.bin into the AP_Toolkit folder /
Run menuen.sh
Click to expand...
Click to collapse
I guess the order of images are not always the same,
the V30C of SU660 is somewhat different, so this script is not compatible with SU660
some images like as bootable images can be detected by the following method
the bootable images easily checked by dd
Code:
[ $(dd if=boot.img bs=1 count=8 2>/dev/null) = 'ANDROID!' ] && echo "this a is bootable image"
OK, actually the structure varies between models, I have checked that there are differences between P990 and SU660.
And within the same model varies structure?, I've tried several versions of P990 and it seems that the structure is maintained.
Homero2 said:
Very good utility, bravo!
I have been able to decipher everything except partitions 1 and 2, in total there are 7 partitions
1. 01.img
2. 02.img
3. bootloader.img
4. boot.img
5. recovery.img
6. data.img
7. ext3_system.img
I have created a shell for Linux
Use
Copy the file P990_AP.bin into the AP_Toolkit folder /
Run menuen.sh or menues.sh
Click to expand...
Click to collapse
If I remember well partition 1 is the bct file. I suppose that partition 2 has something to do with partition layout .
Sent from my LG-P990 using xda app-developers app
This is a new version, it is more complex than the previous version, also includes the BAT version for Window.
Forgive if there is any error in the Windows version, long time that I do not write anything serious for Windows.
In the menu you can choose the model (P990 or SU660)
Researching a bit I have seen that the 01.img portion is the star.bct, but...
The original file weighs in at 4.0kb, which is obtained with AP_Tool weighs 3.0 MB
With a hex editor I saw that the heading is:
Code:
32 DB 10 C0 A8 A2 5 C 3F 1B 17 34 84 15 57 C6
Looking for I found 7 headers, I extracted them and got 7 files which then I expose in the order found within the 01.img file
star_0.bct - 4.0Kb - this is good (exactly of 000 to FFF)
star_1.bct - 508.0Kb
star_2.bct to star_6.bct - 512.0Kb
Guys,
the extract exe in first post does not work properly. I think it doesn't extract the partitions at the right headers.
I extracted the V28g bin file and the system and data partitions when mounted are unreadable.
Using the extract2 (attached) the partitions are readable perfectly.
The sizes also, differ between the two set of partitions.
I felt I had to let you know.
spyrosk said:
Guys,
the extract exe in first post does not work properly. I think it doesn't extract the partitions at the right headers.
I extracted the V28g bin file and the system and data partitions when mounted are unreadable.
Using the extract2 (attached) the partitions are readable perfectly.
The sizes also, differ between the two set of partitions.
I felt I had to let you know.
Click to expand...
Click to collapse
Did you use the LG extract.exe or other tool to get the ap.bin?
It works perfectly with the lgextract.exe that's why I wrote this post
And why don't you attach your source code?
Isn't it modified extract.c?
Or just binary hacked executable
found at the navossoc's post?
The license of this source code is GPL but you didn't include modified source code in it.
Sent from my LG-P990 using xda app-developers app
wkpark said:
Did you use the LG extract.exe or other tool to get the ap.bin?
It works perfectly with the lgextract.exe that's why I wrote this post
And why don't you attach your source code?
Isn't it modified extract.c?
Or just binary hacked executable
found at the navossoc's post?
The license of this source code is GPL but you didn't include modified source code in it.
Sent from my LG-P990 using xda app-developers app
Click to expand...
Click to collapse
I did use LGExtract.exe to get the bin.
I just downloaded the binary in the first post of this thread. I didn't touch the source code.
The tool from OP doesn't work for me too. The extracted system.img size is 515mb, but should be 512, so it is not flashable via nvflash.
On the screenshot you can see, that files extracted using extract-v0.1 from the OP and extract2 from the http://forum.xda-developers.com/showpost.php?p=34100186&postcount=2 have different sizes.
spyrosk said:
Guys,
the extract exe in first post does not work properly. I think it doesn't extract the partitions at the right headers.
I extracted the V28g bin file and the system and data partitions when mounted are unreadable.
Using the extract2 (attached) the partitions are readable perfectly.
The sizes also, differ between the two set of partitions.
I felt I had to let you know.
Click to expand...
Click to collapse
Kostja_V said:
The tool from OP doesn't work for me too. The extracted system.img size is 515mb, but should be 512, so it is not flashable via nvflash.
On the screenshot you can see, that files extracted using extract-v0.1 from the OP and extract2 from the http://forum.xda-developers.com/showpost.php?p=34100186&postcount=2 have different sizes.
Click to expand...
Click to collapse
thankyou for your testing!!
confirmed !
my bad.. I uploaded not correctly patched win32 executable by mistake.
I just replace the old one with a working win32 binary.
Homero2 said:
Researching a bit I have seen that the 01.img portion is the star.bct, but...
The original file weighs in at 4.0kb, which is obtained with AP_Tool weighs 3.0 MB
With a hex editor I saw that the heading is:
Code:
32 DB 10 C0 A8 A2 5 C 3F 1B 17 34 84 15 57 C6
Looking for I found 7 headers, I extracted them and got 7 files which then I expose in the order found within the 01.img file
star_0.bct - 4.0Kb - this is good (exactly of 000 to FFF)
star_1.bct - 508.0Kb
star_2.bct to star_6.bct - 512.0Kb
Click to expand...
Click to collapse
the image 01(BCT) and 02(PT. Partition Table) are updated by the Smartflash or NVFlash automagically.
you can't even simply download(flash) the BCT/PT image at all
like as MBR and PT, the BCT also duplicated itself
@wkpark hi,
I bumped into the following issue, when I first had an idea making an option in AIO-Toolkit to switch between locked and yours unlocked new bootloader.
I extracted stock bootloader image with your bin extractor.
I also checked its md5 with a backed-up (by nvflash) one's (which was smartflashed) and are the same.
So far so good and your bin extractor works perfectly.
When I try to flash it, nvflash always stops here | 1507328/1572864 bytes sent
Do you have any idea why this happens?
Since the unlocked one is much smaller than the total size of the partition, I suppose stock one has about the same actual size.
Could you please make an image of the stock one for me (with its data only)? get the original from here
cause I don't know how to do it myself and actually I am on a leave and I don't have any linux pc available.
I'd like to give a try because now I am curious, why the cracked one can be flashed and the stock not.
Thank you in advance for your help
Cheers
spyrosk said:
@wkpark hi,
I bumped into the following issue, when I first had an idea making an option in AIO-Toolkit to switch between locked and yours unlocked new bootloader.
I extracted stock bootloader image with your bin extractor.
I also checked its md5 with a backed-up (by nvflash) one's (which was smartflashed) and are the same.
So far so good and your bin extractor works perfectly.
When I try to flash it, nvflash always stops here | 1507328/1572864 bytes sent
Do you have any idea why this happens?
Since the unlocked one is much smaller than the total size of the partition, I suppose stock one has about the same actual size.
Could you please make an image of the stock one for me (with its data only)? get the original from here
cause I don't know how to do it myself and actually I am on a leave and I don't have any linux pc available.
I'd like to give a try because now I am curious, why the cracked one can be flashed and the stock not.
Thank you in advance for your help
Cheers
Click to expand...
Click to collapse
Hi! I was facing the same problem like you. Open the bootloader.bin in a hex editor (WinHEX or any other hexeditor) and delet all the FF hex values from the end of the file. I hope it will work for you
Edit: I deleted the FF a valuses frrom the the backed up bootloader
Hello,
maybe this is a feature request or bug report, I don't really know:
Can you ditch the full path inside the md5sum files found at: dl.omnirom.org?
eg, from:
Code:
c9ac67ba61c7e654c5891c693a50d931 /home/build/omni/out/target/product/flo/omni-4.4.2-20131225-flo-NIGHTLY.zip
to leaving only the filename:
Code:
c9ac67ba61c7e654c5891c693a50d931 omni-4.4.2-20131225-flo-NIGHTLY.zip
Since I always check the md5 sum before I flash a new ROM I'll have to edit the .md5sum files manually after each download.
Otherwise the commandline utility md5sum -c failes because the file could not be found.
Additionally, can you place the appropriate md5sum file along with the ROM Zip in the opendelta folder? TWRP would check the file if a md5sum file is found.
Happy Holidays!
seXneo said:
Hello,
maybe this is a feature request or bug report, I don't really know:
Can you ditch the full path inside the md5sum files found at: dl.omnirom.org?
eg, from:
Code:
c9ac67ba61c7e654c5891c693a50d931 /home/build/omni/out/target/product/flo/omni-4.4.2-20131225-flo-NIGHTLY.zip
to leaving only the filename:
Code:
c9ac67ba61c7e654c5891c693a50d931 omni-4.4.2-20131225-flo-NIGHTLY.zip
Since I always check the md5 sum before I flash a new ROM I'll have to edit the .md5sum files manually after each download.
Otherwise the commandline utility md5sum -c failes because the file could not be found.
Additionally, can you place the appropriate md5sum file along with the ROM Zip in the opendelta folder? TWRP would check the file if a md5sum file is found.
Happy Holidays!
Click to expand...
Click to collapse
OpenDelta already checks the MD5 when download/patching - if the MD5's don't match nothing will be flashed. Doing it again inside recovery would just be a waste of CPU. If secure mode is enabled, whole-file signature verification is also done inside recovery, which also guarantees the file to be correct.
In other words, it would not be any use.
However, if I download the rom zip, and am planing on hacking it before installing the updated image, having the edit the md5sum file before I can verify the download using it is still an issue, not to mention the simple case of initial install, and I like having a few installable zips around in case I need to reinstall.
UPDATE 09/20/2016 - Root is now available for the SM-T285 (custom ROM and SM-T280 to follow) see post for details (http://forum.xda-developers.com/showpost.php?p=68777842&postcount=27)
After some work I've managed to debloat my Galaxy Tab A(6) 7.0 LTE (SM-T285/T280). We all know that with a locked bootloader we
can at least do customizations with the system partition:
Here is a simple guide with hopes that more people with the device can continue to allow for more ROM customizations:
Tools/Requirements:
================
- Ubuntu as my OS
- make sure you have adb installed and running (See the android developers guide on how to do this)
- Heimdall 1.4.1
- A copy of the stock firmware zip from samsung for your device
- 7zip to be able to unzip the firmware from above
- Android AOSP fsutils simg2img and make_ext4fs (Attached) (note that your make_ext4fs needs to be patched to be able to generate samsung patches easily see gist) for some reason samsung chose to use a slightly different sparse file layout for this device. Using the stock make_ext4fs to generate an image will cause heimdall ( ad Odin) to stop data uploads after the first packet stream.
Or if you still want to use stock make_ext4fs you can try using Chainfire's sgs4ext4fs and run this after you generate your system.img, I haven't tried this route personally myself.
Step By Step (Part 1 - Mount stock system.img for modification)
==========
1. Create a folder to do your work like samsing_kitchen for example. Place your
stock firmware package there
Code:
mkdir samsung_kitchen
cd samsung_kitchen
2. Extract your stock firmware's system.img using 7zip
Code:
7z x XTC-T285XXU0APCN-20160421170750.zip
7z x T285XXU0APCN_T285OLB0APC6_T285XXU0APCN_HOME.tar.md5
Should see a couple of image files, one of them is system.img.
3. Create mount point and convert from sparse image to mountable image and then mount it
Code:
mkdir system
simg2img system.img system.img.raw
sudo mount -t ext4 -o loop system.img.raw ./system
The contents of the system image should now be visible inside the system folder you
just created. You can now proceed to modifiying it (e.g. remove apps)
(Part 2 - Repackage image for flashing to device)
=================================================
DISCLAIMER: As always make sure you backup your important files in case
something goes wrong! I will not be responsible for any losses resulting from this
activity. Also this activity may void your warranty.
Prequisites:
- Make sure you have heimdall properly working.
- Make sure you have oem unlock. This should be visible in developer settings
To know if it is enabled/disable FRP protection should be disabled when you go
in Odin mode.
1. pull the file_contexts file from .your device ( or download the attached in this post).
Code:
adb pull file_contexts
on a connected device in developer mode. You will need this file so that the permissions are properly set when building the image
2. Exit from system back to your working folder (e.g. samsing_kitchen ) and run
the following:
Code:
sudo make_ext4fs -s -l 2147483648 -S file_contexts -a system new_system.img ./system
This should create a flashable image called new_system.img
3. Restart your SM-T285 into Odin Mode (Power-off, then hold home vol-down + power until Odin Mode shows up)
4. Flash using Heimdall
Code:
heimdall flash --SYSTEM new_system.img
Your device should automatically restart after this. If something goes wrong you can always flash the original system image back.
Making an ODIN flashable image
----------------------------------------
To create an image compatible with ODIN (tar.md5) make sure you have a copy of the stock image zip from samsung and extract (using 7zip) its contents to a folder:
An extracted file should look like this:
Code:
boot.img
cache.img
hidden.img
nvitem.bin
recovery.img
SPRDCP.img
SPRDGDSP.img
SPRDLTEDSP.img
SPRDWDSP.img
system.img
replace the stock system.img with the one you created from above:
Code:
cp ../new_system.img system.img
tar and md5 it:
Code:
tar -H ustar -c boot.img cache.img hidden.img recovery.img SPRDCP.img SPRDGDSP.img SPRDLTEDSP.img SPRDWDSP.img system.img >T285_CUSTOM.tar
md5sum -t T285_CUSTOM.tar > T285_CUSTOM.tar
mv T285_CUSTOM.tar T285_CUSTOM.tar.md5
as per ashyx this should also work as well:
Code:
tar -H ustar -c system.img > system.tar
md5sum -t system.tar > sytem.tar
mv system.tar system.tar.md5
Optionally Zip it if you want:
Code:
7z a T285_CUSTOM.zip T285_CUSTOM.tar.md5
This guide should work for the T280 as well, though I can't confirm it since I don't have access to that model.
Petition for samsung to unlock the device:
https://www.change.org/p/samsung-unlock-the-bootloader-for-the-samsung-galaxy-tab-a-7-0-2016?recruiter=286570213&utm_source=petitions_share&utm_medium=copylink
Custom ROM to enable move apps to sd (apps2sd like support):
http://forum.xda-developers.com/android/development/rom-samsung-galaxy-tab-7-0-lte-2016-sm-t3455788
@jedld
Nice guide, just a few things though.
I don't think it's really necessary to use the file contexts as we're building a system image and all permissions should remain intact.
Regarding the chunk size, Chainfire created sgs4ext4fs to deal with this, it just needs to be run afterwards on the sparse image to patch the headers.
What is the source for the make_ext4fs patch or did you create this patch?
Lastly some people may prefer to use ODIN to flash.
So maybe you could add to the guide that the image can be repacked into a ODIN flashable tar using 7-zip.
By the way the guide will work for the T280 too, so you may want to add that.
Thanks.
ashyx said:
@jedld
Nice guide, just a few things though.
I don't think it's really necessary to use the file contexts as we're building a system image and all permissions should remain intact.
Regarding the chunk size, Chainfire created sgs4ext4fs to deal with this, it just needs to be run afterwards on the sparse image to patch the headers.
What is the source for the make_ext4fs patch or did you create this patch?
Lastly some people may prefer to use ODIN to flash.
So maybe you could add to the guide that the image can be repacked into a ODIN flashable tar using 7-zip.
By the way the guide will work for the T280 too, so you may want to add that.
Thanks.
Click to expand...
Click to collapse
I don't think it's really necessary to use the file contexts as we're building a system image and all permissions should remain intact.
Click to expand...
Click to collapse
I remember encountering a boot loop without that, let me check again and I'll update the guide.
What is the source for the make_ext4fs patch or did you create this patch?
Click to expand...
Click to collapse
Just applied the following patch on latest aosp sources:
https://gist.github.com/jedld/4f388496bda03b349f5744f367749a67
There is a magic number used which I can't figure out, the value is different between SM-T285 ROMS coming from different regions.
Nice to hear about sgs4ext4fs though, probably wouldn't be able to know based on the problem I encountered that the tool also applies unless someone pointed it out.
https://www.change.org/p/samsung-unl...edium=copyLink
Petition for unlocked bootloader for samsung, please sign
http://samsung4android.ru/?ipub=422
any thoguth on this?
klemen241 said:
http://samsung4android.ru/?ipub=422
any thoguth on this?
Click to expand...
Click to collapse
ashyx already tried everything. CF-auto root requires an unlocked recovery, the tablet won't even accept a repacked recovery image. Besides the guy in the video wasn't even using a SM-T285, if you look closely the files he used were for the SM-T550.
klemen241 said:
https://www.change.org/p/samsung-unl...edium=copyLink
Petition for unlocked bootloader for samsung, please sign
Click to expand...
Click to collapse
link is broken though, you must have used the auto truncated link, use this instead:
https://www.change.org/p/samsung-un...edium=copylink&recuruit_context=copylink_long
What about those custom roms? As far as i can see we can use modified stock rom. Can we go anywhere with that? And can someone explain how to make external storage bigger with SD?
SM-T285M with locked bootloader - research ...
First, I have a SM-T285M which is a Galaxy Tab A6 7.0 LTE with a COO CSC. and is factory unlocked (UB as Samsung notates it these days. It's got North and South America LTE bands, and unfortunately it also has a locked bootloader just like the T285 and the T280.
Hear me out on this theory I have come up with ....
I recently stumbled across mention of Samsung pushing out an OTA at some point that broke root at the kernel level forever. I read Chainfire has created a patch that fixes this on some models. Unfortunately not the T28x's due to the locked BL.
While looking for stock ROMS, I discovered differences in the pit files and the size of hidden.img that occurred between 3/2016 and 4/2016 releases leading me to believe that's when they locked the bootloader and pushed the root killing kernel ota to the T285M. The hidden.img was shrunk to a little more than the boot.img and the PIT was modified beginning with the 4/26 release
My T285M was built on 4/7/2016 and now having the new pit and hidden.img, any attempts at ODIN flashing of the 3/23 factory rom (3/10 build) crashes out at hidden.img. I figure I will be unable to go back to the 3/10 build unless I use the pit for that 3/10 build - I'm not ready to play that deep on this .... yet, I don't even know if I am on to anything at this point. but maybe someone else wants to ....
Take a peek at the contents of the three released roms for the T285M in the capture below and if anyone thinks theres hope in getting to root by going back to 3/10 build and PIT I can point you to the three files for experimentation, or even better to get to chainfire if this is doable.
BTW jedid GREAT debloat for the T285. I'm using the system.img on my T285M , I hated Touchwiz so much, now all we need is root. see if these tell you anything.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
klemen241 said:
What about those custom roms? As far as i can see we can use modified stock rom. Can we go anywhere with that? And can someone explain how to make external storage bigger with SD?
Click to expand...
Click to collapse
There are a number of things we can already do with a custom system.img like debloat, enable universal sd r/w, customizing apps, probably theming and fonts are also possible. Hopefully more people can come up with mods.
Unfortunately we need root/unlocked boot.img to do important things to fix the weakness of this device like changing partition sizes, enable apps2sd support, xposed framework, having customizable cpu performance governors/overclocking etc.
TopTongueBarry said:
First, I have a SM-T285M which is a Galaxy Tab A6 7.0 LTE with a COO CSC. and is factory unlocked (UB as Samsung notates it these days. It's got North and South America LTE bands, and unfortunately it also has a locked bootloader just like the T285 and the T280.
Hear me out on this theory I have come up with ....
I recently stumbled across mention of Samsung pushing out an OTA at some point that broke root at the kernel level forever. I read Chainfire has created a patch that fixes this on some models. Unfortunately not the T28x's due to the locked BL.
While looking for stock ROMS, I discovered differences in the pit files and the size of hidden.img that occurred between 3/2016 and 4/2016 releases leading me to believe that's when they locked the bootloader and pushed the root killing kernel ota to the T285M. The hidden.img was shrunk to a little more than the boot.img and the PIT was modified beginning with the 4/26 release
My T285M was built on 4/7/2016 and now having the new pit and hidden.img, any attempts at ODIN flashing of the 3/23 factory rom (3/10 build) crashes out at hidden.img. I figure I will be unable to go back to the 3/10 build unless I use the pit for that 3/10 build - I'm not ready to play that deep on this .... yet, I don't even know if I am on to anything at this point. but maybe someone else wants to ....
Take a peek at the contents of the three released roms for the T285M in the capture below and if anyone thinks theres hope in getting to root by going back to 3/10 build and PIT I can point you to the three files for experimentation, or even better to get to chainfire if this is doable.
BTW jedid GREAT debloat for the T285. I'm using the system.img on my T285M , I hated Touchwiz so much, now all we need is root. see if these tell you anything.
Click to expand...
Click to collapse
i was wondering the same thing, if ther is any chance of unlocking it on earlier versions.
Also i sent email to samsung support again, maybe they will be sick of us begging and release the lock
klemen241 said:
i was wondering the same thing, if ther is any chance of unlocking it on earlier versions.
Also i sent email to samsung support again, maybe they will be sick of us begging and release the lock
Click to expand...
Click to collapse
http://opensource.samsung.com/reception/receptionSub.do?method=sub&sub=F&searchValue=t285m
---------- Post added at 02:46 AM ---------- Previous post was at 02:36 AM ----------
TopTongueBarry said:
First, I have a SM-T285M which is a Galaxy Tab A6 7.0 LTE with a COO CSC. and is factory unlocked (UB as Samsung notates it these days. It's got North and South America LTE bands, and unfortunately it also has a locked bootloader just like the T285 and the T280.
Hear me out on this theory I have come up with ....
I recently stumbled across mention of Samsung pushing out an OTA at some point that broke root at the kernel level forever. I read Chainfire has created a patch that fixes this on some models. Unfortunately not the T28x's due to the locked BL.
While looking for stock ROMS, I discovered differences in the pit files and the size of hidden.img that occurred between 3/2016 and 4/2016 releases leading me to believe that's when they locked the bootloader and pushed the root killing kernel ota to the T285M. The hidden.img was shrunk to a little more than the boot.img and the PIT was modified beginning with the 4/26 release
My T285M was built on 4/7/2016 and now having the new pit and hidden.img, any attempts at ODIN flashing of the 3/23 factory rom (3/10 build) crashes out at hidden.img. I figure I will be unable to go back to the 3/10 build unless I use the pit for that 3/10 build - I'm not ready to play that deep on this .... yet, I don't even know if I am on to anything at this point. but maybe someone else wants to ....
Take a peek at the contents of the three released roms for the T285M in the capture below and if anyone thinks theres hope in getting to root by going back to 3/10 build and PIT I can point you to the three files for experimentation, or even better to get to chainfire if this is doable.
BTW jedid GREAT debloat for the T285. I'm using the system.img on my T285M , I hated Touchwiz so much, now all we need is root. see if these tell you anything.
Click to expand...
Click to collapse
UPDATE: I was able to get the 3/10 stock factory rom flashed without changing the pit. Replaced the hidden.img file in this rom with a renamed copy of the boot.img from the same rom. Flashing does fail in the very end, but it completes before failing so I simply rebooted immediately into Odin mode again to flash jedid's debloated system.img for the T285. Done this a couple times now and the device comes up just fine. About device and Phone Info Samsung confirm it is running the 3/10 build.
Bad news is the bootloader is locked in this build too. No hope unless someone can do something with the source. See prior post.
is open source same for t280? i have 280 not 285
klemen241 said:
is open source same for t280? i have 280 not 285
Click to expand...
Click to collapse
not sure how having the kernel source would help since we can't even change the kernel on the device which is kinda awkward for samsung. Besides I remember ashyx having compilation issues with spreadtrum kernel sources by samsung and not just for this device.
TopTongueBarry said:
http://opensource.samsung.com/reception/receptionSub.do?method=sub&sub=F&searchValue=t285m
---------- Post added at 02:46 AM ---------- Previous post was at 02:36 AM ----------
UPDATE: I was able to get the 3/10 stock factory rom flashed without changing the pit. Replaced the hidden.img file in this rom with a renamed copy of the boot.img from the same rom. Flashing does fail in the very end, but it completes before failing so I simply rebooted immediately into Odin mode again to flash jedid's debloated system.img for the T285. Done this a couple times now and the device comes up just fine. About device and Phone Info Samsung confirm it is running the 3/10 build.
Bad news is the bootloader is locked in this build too. No hope unless someone can do something with the source. See prior post.
Click to expand...
Click to collapse
I remember flashing an earlier build thinking the same thing and yep the bootloader is still locked. Aside from that I ran kingroot to see if there was anything exploitable... did'nt work. What I haven't tried is to see if superuser is disabled in this kernel though.
jedld said:
After some work I've managed to debloat my Galaxy Tab A(6) 7.0 LTE (SM-T285/T280). We all know that with a locked bootloader we
can at least do customizations with the system partition:
Here is a simple guide with hopes that more people with the device can continue to allow for more ROM customizations:
Tools/Requirements:
================
- Ubuntu as my OS
- make sure you have adb installed and running (See the android developers guide on how to do this)
- Heimdall 1.4.1
- A copy of the stock firmware zip from samsung for your device
- 7zip to be able to unzip the firmware from above
- Android AOSP fsutils simg2img and make_ext4fs (Attached) (note that your make_ext4fs needs to be patched to be able to generate samsung patches easily see gist) for some reason samsung chose to use a slightly different sparse file layout for this device. Using the stock make_ext4fs to generate an image will cause heimdall ( ad Odin) to stop data uploads after the first packet stream.
Or if you still want to use stock make_ext4fs you can try using Chainfire's sgs4ext4fs and run this after you generate your system.img, I haven't tried this route personally myself.
Step By Step (Part 1 - Mount stock system.img for modification)
==========
1. Create a folder to do your work like samsing_kitchen for example. Place your
stock firmware package there
Code:
mkdir samsung_kitchen
cd samsung_kitchen
2. Extract your stock firmware's system.img using 7zip
Code:
7z x XTC-T285XXU0APCN-20160421170750.zip
7z x T285XXU0APCN_T285OLB0APC6_T285XXU0APCN_HOME.tar.md5
Should see a couple of image files, one of them is system.img.
3. Create mount point and convert from sparse image to mountable image and then mount it
Code:
mkdir system
simg2img system.img system.img.raw
sudo mount -t ext4 -o loop system.img.raw ./system
The contents of the system image should now be visible inside the system folder you
just created. You can now proceed to modifiying it (e.g. remove apps)
(Part 2 - Repackage image for flashing to device)
=================================================
DISCLAIMER: As always make sure you backup your important files in case
something goes wrong! I will not be responsible for any losses resulting from this
activity. Also this activity may void your warranty.
Prequisites:
- Make sure you have heimdall properly working.
- Make sure you have oem unlock. This should be visible in developer settings
To know if it is enabled/disable FRP protection should be disabled when you go
in Odin mode.
1. pull the file_contexts file from .your device.
Code:
adb pull file_contexts
on a connected device in developer mode. You will need this file so that the permissions are properly set when building the image
2. Exit from system back to your working folder (e.g. samsing_kitchen ) and run
the following:
Code:
sudo make_ext4fs -s -l 2147483648 -S file_contexts -a system new_system.img ./system
This should create a flashable image called new_system.img
3. Restart your SM-T285 into Odin Mode (Power-off, then hold home vol-down + power until Odin Mode shows up)
4. Flash using Heimdall
Code:
heimdall flash --SYSTEM new_system.img
Your device should automatically restart after this. If something goes wrong you can always flash the original system image back.
Making an ODIN flashable image
----------------------------------------
To create an image compatible with ODIN (tar.md5) make sure you have a copy of the stock image zip from samsung and extract (using 7zip) its contents to a folder:
An extracted file should look like this:
Code:
boot.img
cache.img
hidden.img
nvitem.bin
recovery.img
SPRDCP.img
SPRDGDSP.img
SPRDLTEDSP.img
SPRDWDSP.img
system.img
replace the stock system.img with the one you created from above:
Code:
cp ../new_system.img system.img
tar and md5 it:
Code:
tar -H ustar -c boot.img cache.img hidden.img recovery.img SPRDCP.img SPRDGDSP.img SPRDLTEDSP.img SPRDWDSP.img system.img >T285_CUSTOM.tar
md5sum -t T285_CUSTOM.tar > T285_CUSTOM.tar
mv T285_CUSTOM.tar T285_CUSTOM.tar.md5
Optionally Zip it if you want:
Code:
7z a T285_CUSTOM.zip T285_CUSTOM.tar.md5
This guide should work for the T280 as well, though I can't confirm it since I don't have access to that model.
Click to expand...
Click to collapse
Anyway to do this on a windows machine?????
lohtse said:
Anyway to do this on a windows machine?????
Click to expand...
Click to collapse
Not sure though since you need to be able to mount an ext4 image, make modifications to it and then write it back. Plus the tools required to write the image back properly are only available in linux so I doubt there will be one for windows unless someone puts in effort to make something for it. The best I can do is to make a docker image where you can run it under windows with those tools if anyone is interested.
Just a note regarding the guide, it's not really necessary to add all the other partition images when creating the ODIN flashable tar.
All that is required is:
tar cvf system.tar system.img
jedld said:
Not sure though since you need to be able to mount an ext4 image, make modifications to it and then write it back. Plus the tools required to write the image back properly are only available in linux so I doubt there will be one for windows unless someone puts in effort to make something for it. The best I can do is to make a docker image where you can run it under windows with those tools if anyone is interested.
Click to expand...
Click to collapse
is there no way to create a set of files(zip etc) we windows users could flash using odin? would be a huge help if that could be done! also anyone have a link to a stock rom??
and finally I noticed that the US samsung site has a pdf manual for this tablet that refers to marshmallow!!!!!
http://www.samsung.com/us/business/support/owners/product/SM-T280NZWAXAR
lohtse said:
is there no way to create a set of files(zip etc) we windows users could flash using odin? would be a huge help if that could be done! also anyone have a link to a stock rom??
and finally I noticed that the US samsung site has a pdf manual for this tablet that refers to marshmallow!!!!!
http://www.samsung.com/us/business/support/owners/product/SM-T280NZWAXAR
Click to expand...
Click to collapse
I highly doubt this thing will get mm. [emoji52]
Hello,
Can someone share the latest OTA (1may OR april?) of the rom file? I wanted to update flashing stock firmware unrooted and then catch the ota dont work anymore. Maybe sideload the OTA is possible.
https://drive.google.com/open?id=1NSy8XYACTHby3J-P0oNwjpemB2cVTfpI
Sideloading doesn't work. The payload_dumper works but I don't know how to proceed. Please share your solution.
I Will take a look at it. How did you get this file?
hans3103 said:
I Will take a look at it. How did you get this file?
Click to expand...
Click to collapse
connect the phone via usb
adb logcat > ota.txt
start the update checker on the phone
when it's done checking for updates, kill the adb process with ctrl-c
open ota.txt in a text editor, and find "UpdaterEngineHelper". There should be a downloadURL that looks likes this:
https:\/\/dlmgr.gtm.svcmot.com\/dl\/dlws\/1\/download\/pVVhGqfAoWboVIqb838eEonkj9%2FmlRBFuisKgbOUteZFGF0LVIr3fZGsyTBNleklN%2BvGu2j4xooz5Ky%2Fve7SfcLy%2BnAgSPiBhHVKQMS9PezFINpjNHvv0LiZfFTgkal53FtJpWmVmq9HjFdA9BLys8YW5j8U%2BumAog%2FEuma8ykNSVc6LsgTBb%2FTsECF2QrMF
remove the backslashes from the URL and paste the result in a browser. It will download a zip file.
Note that this download URL will only be available for a limited amount of time.
mijm said:
connect the phone via usb
adb logcat > ota.txt
start the update checker on the phone
when it's done checking for updates, kill the adb process with ctrl-c
open ota.txt in a text editor, and find "UpdaterEngineHelper". There should be a downloadURL that looks likes this:
https:\/\/dlmgr.gtm.svcmot.com\/dl\/dlws\/1\/download\/pVVhGqfAoWboVIqb838eEonkj9%2FmlRBFuisKgbOUteZFGF0LVIr3fZGsyTBNleklN%2BvGu2j4xooz5Ky%2Fve7SfcLy%2BnAgSPiBhHVKQMS9PezFINpjNHvv0LiZfFTgkal53FtJpWmVmq9HjFdA9BLys8YW5j8U%2BumAog%2FEuma8ykNSVc6LsgTBb%2FTsECF2QrMF
remove the backslashes from the URL and paste the result in a browser. It will download a zip file.
Note that this download URL will only be available for a limited amount of time.
Click to expand...
Click to collapse
Thanks for taking the time to offer this. Should I be able to use the download text (minus \'s) here? After removing the \'s, I get "Access to dlmgr.gtm.svcmot.com was denied." Maybe it must be done from one's phone. Is the file from your G-drive a flashable one (adb sideload)? This looked a lot like what was on my phone after I transferred the Smart Assistant app download to my phone. I didn't try to apply the "Update from SD card." I sent my phone in for repair yesterday so I can't check. I was fairly certain that if I could reflash the OPSW28.70-31-12 update (Feb, but this one may have done the job, too), my issues (mainly, no baseband after update), would be corrected. So much is different from my Google phones os and ota, but I'm trying to understand.
Hi, I managed to download the zip file from my computer. It should simply work but keep in mind that it will expire after some time. The URL I posted is just an example and it has already expired.
Sideloading the ota zip doesn't work. You can use the payload_dumper Python script to extract the images from the payload file, and then these files will have to flashed from the bootloader. I tried this a couple of times but failed.
The payload_dumper extracts these files:
.gitkeep
abl.img
bluetooth.img
boot.img
cmnlib.img
cmnlib64.img
devcfg.img
dsp.img
fsg.img
hyp.img
keymaster.img
logo.img
modem.img
oem.img
pmic.img
prov.img
rpm.img
storsec.img
system.img
tz.img
vendor.img
xbl.img
I can share those too if needed.
Thanks, again. As I don't know my way around MOTO phone world, I haven't yet unlocked the bootloader so flashing images is not available. I misunderstood about the zip file thinking it would be an installable file--like Google ota's. I appreciate the lesson on the payload extraction. I'll have to learn how to use that with the files Smart Assistant downloaded.
mijm said:
You can use the payload_dumper Python script to extract the images from the payload file, and then these files will have to flashed from the bootloader. I tried this a couple of times but failed.
.
Click to expand...
Click to collapse
It took me a couple of days (I'm NOT a programming person--71 yr old retired English teacher) to get this working (installing python, setting variables, updating pip, installing virtualenv, installing protobuf--each step requiring web search) but I was able to extract payload.bin. At least I believe I could do this, unlock my bootloader, and try installing .img files if I choose to. For certain, the modem.img is in the file set. I have no idea (I wonder if MOTO does) why the modem did not get flashed. I'll never use the "Smart" Assistant again.
You led me in the right direction which could have taken weeks otherwise. Thanks.
No problem. Please let me know how if and how you manage to flash the images. Every time I tried I got stuck in a bootloop so I must have been doing something wrong.
It sounds scary... :laugh:
Well, I have an idea of how to flash them but some of them confuse me. If you look at this post, it explains how to flash:
https://forum.xda-developers.com/z3-play/how-to/firmware-oficial-9-0-0-pie-instalacion-t3911995
But there are some extra img files in the ota which I don't know what to do with. The fact that the Z3 Play has two partition slots doesn't help.
mijm said:
Well, I have an idea of how to flash them but some of them confuse me. If you look at this post, it explains how to flash:
https://forum.xda-developers.com/z3-play/how-to/firmware-oficial-9-0-0-pie-instalacion-t3911995
But there are some extra img files in the ota which I don't know what to do with. The fact that the Z3 Play has two partition slots doesn't help.
Click to expand...
Click to collapse
Maybe you can answer my question.
I'm afraid I can't answer your question as I don't know how to create a side-loadable zip unfortunately. I would be able to convert the XML into a BAT file without problems -- I could even automate it -- but the OTA package doesn't contain any XML file so there's nothing to go on, at least for flashing the OTA file -- sorry. Meanwhile I'm still waiting for a solution on how to flash the OTA file.
mijm said:
I'm afraid I can't answer your question as I don't know how to create a side-loadable zip unfortunately. I would be able to convert the XML into a BAT file without problems -- I could even automate it -- but the OTA package doesn't contain any XML file so there's nothing to go on, at least for flashing the OTA file -- sorry. Meanwhile I'm still waiting for a solution on how to flash the OTA file.
Click to expand...
Click to collapse
Thanks for responding. I think the process I was questioning should work. The 2.2GB rom files LMSA downloads do have two xml files service and flash. I created a batch file with the service.xml file. The latest update available through the app seems to be 28.70-31-12 which is a second Feb update? This should run through fastboot on locked bootloader. The 91MB ota (May) file I downloaded does not have either of the two xml files but has the payload.bin file which the others do not have. Apparently, MOTO ota's use a delivery system that accesses payload.bin. I'm just brainstorming, but it's mostly a light show with little "BOOM." I am learning some things, though.
I also discovered that the newest (6.2.4) edition of RSD Lite may work on Windows 10--at least the device shows up. This is, supposedly, an official MOTO tool; however, Moto Agents on their forum say it isn't.
Of course, both batch creation and RSD Lite require access to the rom one wishes to flash. Hello, MOTO???? The most recent roms I've found are here.
Today I installed the latest rom that was uploaded on https://mirrors.lolinet.com/firmware/moto/beckham/official/RETAIL/
The one uploaded on 30-5-2019 has the 1 may patch inclusief. It works very good on my XT1929-8. (reteu). After that I rooted it with the latest magisk.