Related
This is my attempt at a Bell FAQ, it is a work in progress.
Q. Why don't the instructions I found on how to do X not work?A. This is a development forum, sometimes things are written in shorthand assuming you know things you don't. At lot of things are specific to one carrier's phone or another. Sometimes things change and are now obsolete, something new was found, a better way of doing things, if you were not following it all along you are likely to be lost. Read between the lines, you are a human being with reasoning abilities, figure it out. Q. What should I do first?
A. Backup your phone. That means everything, especially your pds partition. Nandroid won't cut it and you have already modified your phone beyond the ability to get back if you can run it.
Ex. dd if=/dev/block/mmcblk0p3 of=/sdcard/backup/mmcblk0p3
Save your backup on your computer, create a zip of all the files, burn it off on cd/dvd, put it in a safety deposit box at your bank. Be prepared for bricking your phone. A lot of things mentioned in threads here are developed and tested for ATT phones, they may not work 100% on your phone.Q. What is ADB?A. It stands for Android Debug Bridge or something like that. It is a program that runs on your computer that lets you talk to your phone using special commands. Your phone has to have adb enabled, it's a setting under application/development.
Ex. adb shell
This opens a linux shell connected to your phone. Linux is an operating system for computers, it is also used as the base for android phones.
Ex. adb install file.apk
Ex. adb push file /tmp
Ex. adb pull /tmp/file .
Q. What is CWM recovery?A. Android phones come with a special boot configuration that allows for changes to the android system from a place outside the system. It is very corporate and does the job for official signed updates, but only Motorola and it's oems can sign the updates. Not much fun for us. CWM recovery is a replacement for the official recovery system that doesn't require signed updates.
You install CWM recovery using fastboot or moto-fastboot.Q. What is unlocking the bootloader all about?A. It is the means of putting CWM recovery on your phone so you can install roms and other packages. It allows you to flash a partition with mods and have the phone not soft brick when you reboot. When the unlocked versions of the atrix bootloader were found it started a new round of mods. A lot of the threads prior to that are now obsolete.Q. How do I unlock the bootloader?A. There is a huge thread already about this, see here.
WARNING: this is a permanent change to your phone.
Summary:
1. Download the archive
2. Extract the sbf inside, whatever it's called, that is the one to use.
3. Use linux sbf_flash or rsdlite from windows to install it.
3. fastboot oem unlock
4. Copy code fastboot spits out.
5. fastboot oem unlock code
6. fastboot reboot
You will see unlocked while booting and when you get into android you will have ~300MB of ram. This will need to be fixed. Also, you will lose all your data during the process, do a backup first.Q. What is fastboot/moto-fastboot?A. It's a program to access the phone and do stuff, write phone partition images mostly. The stock one can only handle tiny system images, pretty useless for the Atrix, xda member eval- compiled the motorola version for us that can handle larger system images, do a search for moto-fastboot.
Ex. moto-fastboot flash recovery recovery.img.Q. How do I fix the ram problem?A. I did up a CWM recovery zip to update the boot and recovery partitions to contain a kernel command line with the missing bit "[email protected]" added. See here.
There are other means of doing this, some boot images come prepackaged with the command line already embedded. There are ATT compiled kernels with a patch inside the kernel itself to do the same thing. You can search for those when you are ready to try things like custom ATT kernels on your phone.Q. How do I root the phone?A. If you are unlocked and you have fastboot flashed a version of CWM recovery, it is trivial. By that I mean almost impossible for newbies to figure out.
It would go something like this:
1. Boot into CWM recovery.
2. use adb shell
3. adb push a su binary to the phone.
4. mount system as read write as /system
5. copy su binary to /system/bin
6. make sure it has the right permissions, 06755 mode , user root, group root.
7. unmount -l /system
8. when in android look on the market for Superuser.apk, install.
Every rooting method out there is all about putting su into /system/bin with 06755 permissions, most don't work anymore since Gingerbread. If you are looking for a simple, no brain involved solution, you are likely to get something working and also something else you didn't want like a replaced preinstall partition or an installed busybox with different functionality for some important system commands. (Busybox may be more up to date even, but if it doesn't do what is expected of the older version, it's still not good.)
Another way would be to create a CWM zip that simply puts the linux su binary in system with the correct permissions. Some info about creating your own can be found here. Doing this is more involved that just doing it manually, but it would be a good practice for getting into creating CWM updates.
Here is a link to a exploit someone did up to root the phone when running GB. Haven't tested it, and with an unlocked phone it is totally redundant, but it's nice that some found yet another security hole in the OS, seems similar in result to psneuter, so be sure to reboot the phone to fix the exploited system.
Seriously, if you are going to be reading or posting in the development section of xda for an android phone, take the 5 minutes to become familiar with adb and a few linux shell commands, it will save you hours of confusion and aggravation. If you fly blind trying things on your phone without understanding what you are doing you are eventually going to get into a place you can't get out of and need a new phone or REALLY have to struggle to understand things. You were warned. Q. How do I get back to stock?
A. You can't unless you have a backup of all your phone partitions and can update your radio and bootloader to be stock. Once you unlock your phone, it is recorded that you did so by blowing a physical fuse on the phone. This cannot be restored, you will need a new phone.
What does stock mean to you? When I bought my phone it had a certain radio, the bootloader couldn't be unlocked, the android system files had certain versions, etc. Beyond the android system there are 18 partitions that I know of on the phone, most phones do with 5-6. Every ota update or sbf files take the normal files and change them to something else, non android partitions get modified or replaced.
I have some solutions for getting close to stock, do a search for Gobstopper. There is one for Bell 2.2.2 and Bell 2.3.4, use one or the other. These attempt a full back to stock operation, that means the radio and bootloader will be stock, recovery will be stock as well. (All the partitions that are on the phone are written over with the ones that were on my phone when I bought it, with the exception of partitions 3 (pds), 15 (cache), 16 (data), and 18 (userdata or internal memory), factory reset clears cache and data, you don't want pds touched or internal memory.) Unlocked will no longer be displayed when you boot and you will no longer have CWM recovery installed. You will need to install the unlocked bootloader again and fastboot flash recovery again if stock is not what you wanted. (Your pds partition is not involved in this operation, so if you made changes to it, either directly or indirectly via a sbf this will not restore it, your pds partition contains individual phone information.)
More about sbf format here.Q. What does the pds partition taste like?A. It's not really fit to eat. Now you know.
It is mmcblk0p3, a partition on your phone, it is mounted as /pds when android boots and contains a bunch of folders and files that nobody really understands fully but Motorola. Having a look at some of the files you will see things like your network physical address, bluetooth physical address. You will find threads where the display is all arsed up, cpu running at half speed, touch screen not working right, etc, all due to something going wrong with /pds. It is best to back it up and not mess with it. Restore it in an emergency. Maybe one day everything in there will be figured out, take a stab at it yourself.
See this thread by edgan for how to back up your pds partition.
See this thread by KeRmiT80 about attempting to fix your pds partition. Good motivation to see previous link.
Q. I lost network data access after flashing X.
A. Check your APN list, if it's not a Bell firmware you are using, it probably doesn't have Bell's APN list. Scratch that, you don't know what that is or how to check it.
It stands for Access Point Name and a big list of them is stored on your phone in one big file (/system/etc/apns-conf.xml), each firmware has it's own version of it. Your phone will get two numbers from your carrier's phone network to do a look up in this list to figure out what configuration to use. So say it gets mcc 302, mcn 610, it will check the phone and look up 302, 610 in the file and read what it says there and use that config to try to connect. Now, another thing is that the phone knows what the home network is by these two numbers, embedded somewhere in the system. A foreign, non Bell carrier won't have Bell's numbers in there so your phone will think it's roaming. If you have roaming disabled, guess what, no data connection. Your carrier should be smart enough not to charge you for roaming, never had a problem with that, but you never know.
Here are the apn settings you can enter manually for your phone, see Bell's support link.
Q. How do I get webtop over HDMI to work?
A. There are several threads on getting this to work on ATT phones and others, they are specific to the firmware being run on the phone. They involve copying two deodexed files to your system/app folder and replacing the ones already there. You will also need to clear your dalvik cache to get the new code recognized. They are DockService.apk and PortalApp.apk. If you are not deodexed then you also have to remove the .odex files for both.
Here is one thread for Gingerbread, in the zip there is one for ORFR that will get you to viewing the webtop on Bell GB, but applications don't load.
Here is another thread for Froyo that works, see the Bell specific bit in the OP. This does not work from Bell Gingerbread. To be continued...
Hoping the Mods sticky this
A link should be attached to the wiki as well. I will try to when I get home if it isn't done already.
shouldn't this be in general? or q&a?
Magnetox said:
shouldn't this be in general? or q&a?
Click to expand...
Click to collapse
Probably both. Most things referenced are in development.
Cheers!
Sent from my MB860 using xda premium
y2whisper said:
Hoping the Mods sticky this
A link should be attached to the wiki as well. I will try to when I get home if it isn't done already.
Click to expand...
Click to collapse
+1 this should be a sticky on either or both general or development...
cheers for this...this thread is going to help me with my youtube viewers BIG TIME!!
Very nice!
Keep it up NFHimself!
NFHimself said:
This is my attempt at a Bell FAQ, it is a work in progress.
Q. How do I root the phone?A. If you are unlocked and you have fastboot flashed a version of CWM recovery, it is trivial. By that I mean almost impossible for newbies to figure out.
It would go something like this:
1. Boot into CWM recovery.
2. use adb shell
3. adb push a su binary to the phone.
4. mount system as read write as /system
5. copy su binary to /system/bin
6. make sure it has the right permissions, 06755 mode , user root, group root.
7. unmount -l /system
8. when in android look on the market for Superuser.apk, install.
Every rooting method out there is all about putting su into /system/bin with 06755 permissions, most don't work anymore since Gingerbread. If you are looking for a simple, no brain involved solution, you are likely to get something working and also something else you didn't want like a replaced preinstall partition or an installed busybox with different functionality for some important system commands. (Busybox may be more up to date even, but if it doesn't do what is expected of the older version, it's still not good.) To be continued...
Click to expand...
Click to collapse
I used this method to root the stock Bell Gingerbread ROM. Works on an Atrix too. It's a quick download and easy for those people who may not be comfortable with the adb command line.
http://www.psouza4.com/Bionic/
thx
useful for newbies
but can you put some more details about returning to stock and explain the pds partition in details plz?
papakilo10 said:
I used this method to root the stock Bell Gingerbread ROM. Works on an Atrix too. It's a quick download and easy for those people who may not be comfortable with the adb command line.
http://www.psouza4.com/Bionic/
Click to expand...
Click to collapse
Had a look at the script in that one, should be fine, doesn't install a busybox or anything like that. I don't care for Superuser.apk in /system/app myself, but it won't harm anything having it there.
Cheers!
ytwytw said:
thx
useful for newbies
but can you put some more details about returning to stock and explain the pds partition in details plz?
Click to expand...
Click to collapse
I added a few things, anything in particular you wanted?
I am trying to avoid step by step tutorials or spoon feeding everything, so people who are lazy/careless will have to attempt to think for themselves. It just leads to more questions, more laziness, and bricked phones, and I don't have the time these days.
Cheers!
First, please forgive me if this is posted in the wrong section. It seemed most appropriate.
Second, I take no credit for anything here except for writing the .bat file here used to do the work, as well as assembling the files as per the original post.
All credit goes to djmwj and his article found here:
http://rootzwiki.com/topic/8722-lenovo-ideapad-k1-rooting-guide-messy/
As the title states, it was very messy. The OP figured out how to make it go, but it was a bit fuzzy to follow. So, I thought I'd help folks out a bit and clean things up.
So, I took the instructions presented in the OP, and condensed them into one download with one .bat that does everything from start to finish, minus installing the respective drivers for ADB and NVFlash. However, the drivers are included in the download.
Instructions:
1. Extract K1Root.rar to the directory of your choosing.
2. Connect your tablet to your PC with the USB cable.
3. With your tablet off, press POWER+VOL_UP+VOL_DOWN until the screen turns on, but displays only black.
4. Windows should detect the device, but not install drivers.
5. Go into device manager, select the APX device, choose update drivers, and install the drivers from the aptly named NVFlash_Drivers folder.
6. Open up the NVFLASH_HOME folder and run the file K1Flash.bat
7. Make your desired choices when prompted, and enjoy.
Notes (PLEASE READ BEFORE USING):
THERE MAY BE BUGS! I used it on my own stuff before releasing, and all of the essential components work as they should, however, there may possibly be a minor hiccup somewhere in the script. This should not damage anything. If you have doubts, you're welcome to examine the .bat and check it for yourself.
Please be gentle. I am not a full-time developer. I just wrote this to help make the process simpler for people.
The OP suggests you download and read the partition table, and then name the backup files based on that. This script names the backup files based on the flash.cfg script referenced in the OP, which is what controls the flashes used anyway. So, there shouldn't be any irregularities, however, I can't speak for every device on the planet.
This does NOT use the latest OTA updates. The rooted files being flashed are the default ones from the original download. You can easily adapt this to any files generated from the latest OTA files by simply dropping them in the NVFLASH_HOME file.
To install the SU properly, you have to install ADB drivers midway through the script. There's probably a way around this, but I didn't find it to be too inconvenient.
The ADB drivers are also located in the NVFLASH_HOME folder. Just do like you did when installing drivers in step #5, but instead point to NVFLASH_HOME.
Um...um...
That should be it. Obviously, use at your own risk. Let me know if there are problems with the script, and I will fix them.
Oh, and party on, Wayne.
http://www.megaupload.com/?d=AG10XE25
EDIT:
Attached is an updated .bat file which fixes a few errors in the original script, plus adds more userability. Just extract to the NVFLASH_HOME folder and run.
digitalhigh said:
First, please forgive me if this is posted in the wrong section. It seemed most appropriate.
Click to expand...
Click to collapse
You may want to change the title to Ideapad K1, I don't know if this will work for the Thinkpad tablet.
Thanks for this, I just picked up this tablet ($250 at staples) and was worrying about having to tackle linux and "compiling" just to be able to get hulu.com working. You're a lifesaver.
gallahad2000 said:
You may want to change the title to Ideapad K1, I don't know if this will work for the Thinkpad tablet.
Thanks for this, I just picked up this tablet ($250 at staples) and was worrying about having to tackle linux and "compiling" just to be able to get hulu.com working. You're a lifesaver.
Click to expand...
Click to collapse
Wow. Yeah, I'm pretty sure the key used is just for the Ideapad. Thanks for pointing that out. My dumb a$$ must've blanked out and just used the group name when posting.
And just to be fair, the original poster does include everything needed to do stuff in windows as well - it's just very hard to discern from the post.
question
Is anyone working on a custom ROM for this tablet? I am hopeing that there will be at least a few custom roms available at some point in the near future.
jfkerekes said:
Is anyone working on a custom ROM for this tablet? I am hopeing that there will be at least a few custom roms available at some point in the near future.
Click to expand...
Click to collapse
We need to be able to root and unlock the bootloader first.
Does the root method work on the 121211 update?
Or is there a way to flash back to the older firmware?
the OTA update 12 12 11.... seems to be update.zip style with no .img files inside. just loose files like normal rom updates. doesnt seeem like you can drop the files in as suggested. or i have the wrong OTA....
oh and is this for LINUX as the OP or work in windows too??
Hi, I was wondering, is this procedure works for the Lenovo ThinkPad 1838-25U? I'm thinking to buy it to give a test ride, i sold my Transformer 101 to buy the Prime but it seems like Asus is taking vacations on the delivery shipments. Is this a good tablet? or is better to wait for another version?
READ THE POST
IDEApad not THINKpad. no it wont work.
First of all- thank you so much for creating this script! I have been putting off rooting this device due to the "messy" nature of the original post.
I was hoping you could help me troubleshoot, I have tried both the new K1 root application and the original .bat file. I know the drivers are working because the script makes it as far as creating and formatting partitions and successfully pushes the bootlooder.bin but then:
bootloader.bin sent successfully
file not found: recovery.img
failed executing command 2147483647 NvError 0x4
command failure: create failed
I've tried everything I can think of... any ideas?
Thanks again.
I found problem.
after root done follow step. I cannot factory reset and update any ota.
anyone can help me ?
taiz said:
I found problem.
after root done follow step. I cannot factory reset and update any ota.
anyone can help me ?
Click to expand...
Click to collapse
Yes you have to roll-back to 04 stock and then apply the OTA's
Backup of the stock lenovo .apks!
File 1:http://www.mediafire.com/?r7iskr3wrfx4u01
File 2:http://www.mediafire.com/?fymdv9e9kmj332s
File 3:http://www.mediafire.com/?w33k205ej4fpbcl
A big thanks to Khanning who was nice enough to walk me through the adb commands and bear with me when I couldn't get adb over usb to work.
This may fix your issues http://forum.xda-developers.com/showpost.php?p=21309379&postcount=50
Can someone help I used this and I installed drivers from the drivers folder fine ....I ran option 1 fine and it said completed but said something about nvflash error make sure drivers are installed ....but on my tablet it said phone update success ....when I try option three to flash image it just stays at nvflash started and goes no further and when I try to install Su it won't connect adb , probably cause adb drivers wouldnt install ....any advice ....device is booting and seems stock ....it did not wipe my files either
Sent from my HTC EVO 3D X515a using XDA App
maek_it_happen said:
Can someone help I used this and I installed drivers from the drivers folder fine ....I ran option 1 fine and it said completed but said something about nvflash error make sure drivers are installed ....but on my tablet it said phone update success ....when I try option three to flash image it just stays at nvflash started and goes no further and when I try to install Su it won't connect adb , probably cause adb drivers wouldnt install ....any advice ....device is booting and seems stock ....it did not wipe my files either
Sent from my HTC EVO 3D X515a using XDA App
Click to expand...
Click to collapse
It means you are not in APX mode. Read the PDF and follow the instructions for installing the APX drivers. This should fix your issues.http://forum.xda-developers.com/show...9&postcount=50
I just completed step 3 flashing the image went fine up to bootloader .bin sent successfully ...then it says
File not found recovery.img
Failed executing command 2147473647 Nverror 0x4
Command failure : create failed
Edit the link u posted is not working and the drivers are installed
Edit 2 I just downloaded ur v2 root tool in ur other thread ....for some reason ur flash me Command actualy went past the recovery img error I was having with this tool .... But yours is flawless
Sent from my HTC EVO 3D X515a using XDA App
maek_it_happen said:
Edit 2 I just downloaded ur v2 root tool in ur other thread ....for some reason ur flash me Command actualy went past the recovery img error I was having with this tool .... But yours is flawless
Click to expand...
Click to collapse
Glad to hear it worked for you.
TD
I recently got this device and looking for a way to root this device without having to roll back to the factory default rom and then having to update again using OTA.
Question, am I in luck, is that at all possible or do I have to really rollback and reinstall everything again?
Thanks!
Sent from my K1 using Tapatalk
Anyone have the root? Megaupload is down forever.
Hi folks,
we have some lucky users among us with a generic (Dev) IMEI - some of these are able to get OTA updates, thought for testusers and/or developers from Samsung, after they install latest Test firmware XXLSA from sammobile....some got updates up to XXLSC and already provided a dump. Others got updates up to XXLSD (and maybe higher in future - who knows, where the journey ends...), but don't know what to do to share this firmware with us 'Flashaholics' here on xda and other forums...
Now, as more and more people asking me (why ever me...) how to make a system dump from Stock Firmware, I decided to write a short 'HowTo for Dummies'. So if you know about someone, who has a unknown Test Firmware installed, or YOU are the chosen one, just follow this tutorial and make us happy
This is just one way of several to do this - but as I think, it is the easiest way for newbies (without having to use Android SDK and adb shell on PC --> that's what experienced would do )
Prerequisites:
- at least 1,4 GB free space on internal SDcard
- a brain (and above 80 IQ-points...)!!!!!
Step 1) Rooting your Stock Firmware (thx to Phil for the steps, I just copy/pasted them) --> if you already have Root + busybox installed, go to Step 2) directly
download this Root_Superuser_3.1.3_Busybox_1.20.2-Update1-signed.zip and this cwm-non-touch-6.0.1.4-i9100.zip
Put the previously downloaded cwm-non-touch-6.0.x.x-i9100.zip file on your external sd card
Copy the Root_XXX.zip file you downloaded to internal or external sd card
Boot into stock recovery (volume up+home+power), and select "apply update from external storage". Now select the cwm-non-touch-6.x.x.x-i9100.zip file you copied in previous step (this step gives a temporary flash that will disappear after reboot)
You get CWM recovery interface (this custom recovery is temporary, not permanent)
Inside CWM, select "install zip from sdcard". Then, select "choose zip from sdcard". Now, scroll down to the "Root_XXX.zip" file and hit power button to install it.
It will add SuperSU or Superuser last version apk to system/app, last superuser binary (su) to system/xbin and busybox last version to system/xbin, all with correct file permissions.
Reboot and you get permanent root + busybox installed on your stock kernel.
(You can easily unroot your device afterwards...it is also described in Phils thread, where I took all these from: [20 Sep 2012][ICS]Universal Rooting for most ICS phones, Any ROM, now with CWM6 )
Step 2) Making a complete System Dump of Stock Firmware:
Install 'Terminal Emulator' from Playstore
Open Terminal Emulator
type 'su' with your internal keyboard and press return button
grant Superuser access on upcoming popup window
now type the following line and press return button after finished typing:
Code:
dd if=/dev/block/mmcblk0p8 of=/sdcard/modem.bin
==> this will generate 'modem.bin' (= Modem) on your internal SDcard (will be finished after a few seconds)
now type the following line and press return button after finished typing:
Code:
dd if=/dev/block/mmcblk0p5 of=/sdcard/zImage
==> this will generate 'zImage' (= Kernel) on your internal SDcard (will be finished after a few seconds)
now type the following line and press return button after finished typing:
Code:
dd if=/dev/block/mmcblk0p12 of=/sdcard/hidden.img
==> this will generate 'hidden.img' (= preload partition) on your internal SDcard (will be finished after a few minutes, as it is more then 300 mb!)
now type the following line and press return button after finished typing:
Code:
dd if=/dev/block/mmcblk0p9 of=/sdcard/factoryfs.img
==> this will generate 'factoryfs.img' (= system partition) on your internal SDcard (will be finished after a few minutes, as it is more then 800 mb!)
Now you have the following output / files on your internal SDcard:
modem.bin
zImage
hidden.img
factoryfs.img
==> zip these 4 together and upload them to a hoster ==> post the link here and devs can start building a new ROM (Stock + CustomROMs) and kernel devs (now we luckily have Phil for that) can preroot the kernel + put in CWM recovery.
That's all and really very very easy....
Disclaimer:
I am not responsible for any damages - it is your risk (though it is not a dangerous thing to do!)
hope this will be a very good guide in getting the new leaked rom from sammy
Nicely done my friend this should ease up on some of the users (the ones who get updates for us XD)
Congratulations on this, now you see why community loves you soooo. liebe endet nie !!
es ein vergnugen es zu lesen. gute arbeit eybee :good:
Thank very much boss
Hope you will be one of the prof when xda university will open.
Thank you very much
Hope now when we will see LS(any letter) it will be with the links of the dump
Envoyé depuis mon GT-N7000 avec Tapatalk
Funny
Envoyé depuis mon GT-N7000 avec Tapatalk
Cool bro thanks but you can use the supersu.zip and the busybox.zip from stock recovery
Tapatalking on my n7000
msedek said:
Cool bro thanks but you can use the supersu.zip and the busybox.zip from stock recovery
Tapatalking on my n7000
Click to expand...
Click to collapse
It was easy copy paste for me in the rooting part....you can root and install busybox in 567 different ways...in the end the result counts
Clicked for Newsworthy article. :thumbup:
Sounds really simple for someone who doesn't have the second prerequisite.
Back uped the info.
Sent from my GT-N7000 using Tapatalk 2
Sharing your valuable knowledge and experience is priceless for those who are interested. Well, me, I simply follow pros like you.
Sent from my GT-N7000 using xda premium
In addition to Step 2:
I made the dumps from my PC with a connected device with "adb", so I could copy them to the harddisk directly.
"adb devices" for checking if connection is established, "adb shell" switching to the device, "su" for root access, and then the commands eybee1970 explained in detail.
After that I fetched the files in my file manager from the connected device.
I prefer to work with terminal windows on the PC and not on the device.
With this you do not need Step 1 - because I didn't
another great one from eyebee
great guide for learners like me
thanks
ThaiDai said:
In addition to Step 2:
I made the dumps from my PC with a connected device with "adb", so I could copy them to the harddisk directly.
"adb devices" for checking if connection is established, "adb shell" switching to the device, "su" for root access, and then the commands eybee1970 explained in detail.
After that I fetched the files in my file manager from the connected device.
I prefer to work with terminal windows on the PC and not on the device.
With this you do not need Step 1 - because I didn't
Click to expand...
Click to collapse
That's why I said 'for Dummies'....no PC, no Android SDK, no adb shell...just the device
This is a superb guide! cheers eybee
Deleted
Sent from my GT-N7000 using xda app-developers app
Now the history rolls back...
as people raced to create their own custom roms.
The chosen ones with their great knowledge was kind enough to uncover about the custom rom things and shared it with some tutorials here in xda-dev for people who needed it.
Just like the old time...when WinMo has a bright future here.
Thanks a million for devs and chefs at xda-dev who always spread the lights.
ZacDerbyshire said:
Great guide. A little off topic but I don't know where else to ask and you are an expert in ROM making. How do I put things like all multiwindow apps and 4 way reboot in the ROM build before it goes on the phone? Sorry again for it being in here, can't find anywhere else to ask.
Sent from my GT-N7000 using xda app-developers app
Click to expand...
Click to collapse
4Way reboot mod is at the system/framwork/ directory "android.policy.jar" file is responsible for this stuff....
as for all multi apps after an investigation it appeared it looked for a certain statement to know whether its a sammy app patching that code to the launcher and editting the policy for this feature too gets you all apps access (almost all) as some just dont work....
there are plenty of guides and tutorials over the internet and forums... on different phones mostly but with a little time you can manage everything as you want to so READ some enjoy!
i'am guessing we need to start writing more tutorials in the N7000 section in here we have no knowledge sharing mostly developing and some new guys are ready to try their own so we have to share everything it started with eybee (thanks to him) and hopefully will continue with all other guys who do mods.... no matter how small it can be usefull.
believe it or not but even devs assist each other with mods its not like each one was born with all that OP-Code in his head
Ah...good guide eybee.Let me see if i can make a shell script to dump the partitions and make odin roms out of it.I already have scripts to dump and make odin rom for /system,/data partitions.will add preload,kernel and modem to the script.Let me see how my time permits today.Hope the script will help people.But the only drawback is it will work only on linux.Users may use cygwin too for it
Sent from my GT-N7000 using xda app-developers app
eybee1970 said:
That's why I said 'for Dummies'....no PC, no Android SDK, no adb shell...just the device
Click to expand...
Click to collapse
For my case adb shell was not succeed. Device reboots unexpectedly while dumping factoryfs. Maybe file size is too big. Thus I had to use terminal emulator though pc keyboard is much more convenience
Great tutorial!
Sent from my GT-N7000 using xda app-developers app
Two remarks:
Typing something like "dd if=/dev/block/mmcblk0p9 of=/sdcard/factoryfs.img" is never something I would call easy. If you do not have Linux shell commands knowledge, than these are about "50 characters without meaning" that you have to type (on the keyboard of your device - which is even more error-prone).
PC or Note: it is never dummy-simple.
Making a batch wich automatically generates an ROM installable with ODIN (so the result are tars) is dangerous.
The difference between "dump" and "dumb" isn't so big - as I just proved myself.
When you make a batch with a complete process from dumping, copying, building to a "blob" installable with Odin there will be no step in the process for quality control.
Example (hurts to write this): If there's something in the original Rom you are dumping that couldn't be shared then it makes its way through the process in to the final Rom. And the dummy user of these scripts will never know or can protect himself from it.
Only pro from this: after learning this the hard way you don't feel like a dummy user anymore.
Hi,
I9305 is not officially supported by towelroot. So I searched for some details about the exploit and found this pastebin.com/A0PzPKnM (which seems to be decompiled and cleaned - made more readable towelroot v1) and some articles about how its supposed to work (blog.nativeflow.com/the-futex-vulnerability and tinyhack.com/2014/07/07/exploiting-the-futex-bug-and-uncovering-towelroot/). I have to admit that I don’t understand it fully, but well enough to modify it to this pastebin.com/1fdmC4Xv , which is working exploit on my i9305 with Android 4.3, kernel 3.0.31. I didn’t make any big changes – I made few modifications to compile the code, added lots of debugging output, changed what happens when the hack is successful and added the iov_index variable, which is the most important change. The original code is not nice and my changes are not nice neither, please be lenient while reading it. If you want to use it, compile it with android ndk, push to /data/local/tmp and run. There can be one argument, number from 0 (default) to 7 (you can use bigger, but it makes no sense). If it succeeds, you’ll get root prompt. Otherwise it can freeze or reboot the phone. You can check the kernel panic reason in /proc/last_kmsg. If you see that it crashed in plist_add because “Unable to handle kernel NULL pointer dereference at virtual address 0000000c”, subtract 0xc from the address and use as the argument (iov_index) next time. Don’t give up, it doesn’t work always. Note that, the phone will reboot after you quit the root shell. Its up to you what you do with this, but AFAIK successful execution of this exploit doesn`t change the KNOX warranty bit, at least my phone still says that the system is “official”.
Remember to be careful, when doing anything of this and don’t blame for any damage.
If you want to play with it in debugger, you don’t have to use the android emulator as suggest in the article mentioned above – I used vanilla kernel 3.0.31 compiled with exynos4_defconfig, buildroot userspace and latest qemu with the machine smdkc210.
Pavel
P.S. I don`t have enough posts here, so you have to use the links manually
prqek said:
Hi,
I9305 is not officially supported by towelroot. So I searched for some details about the exploit and found this pastebin.com/A0PzPKnM (which seems to be decompiled and cleaned - made more readable towelroot v1) and some articles about how its supposed to work (blog.nativeflow.com/the-futex-vulnerability and tinyhack.com/2014/07/07/exploiting-the-futex-bug-and-uncovering-towelroot/). I have to admit that I don’t understand it fully, but well enough to modify it to this pastebin.com/1fdmC4Xv , which is working exploit on my i9305 with Android 4.3, kernel 3.0.31. I didn’t make any big changes – I made few modifications to compile the code, added lots of debugging output, changed what happens when the hack is successful and added the iov_index variable, which is the most important change. The original code is not nice and my changes are not nice neither, please be lenient while reading it. If you want to use it, compile it with android ndk, push to /data/local/tmp and run. There can be one argument, number from 0 (default) to 7 (you can use bigger, but it makes no sense). If it succeeds, you’ll get root prompt. Otherwise it can freeze or reboot the phone. You can check the kernel panic reason in /proc/last_kmsg. If you see that it crashed in plist_add because “Unable to handle kernel NULL pointer dereference at virtual address 0000000c”, subtract 0xc from the address and use as the argument (iov_index) next time. Don’t give up, it doesn’t work always. Note that, the phone will reboot after you quit the root shell. Its up to you what you do with this, but AFAIK successful execution of this exploit doesn`t change the KNOX warranty bit, at least my phone still says that the system is “official”.
Remember to be careful, when doing anything of this and don’t blame for any damage.
If you want to play with it in debugger, you don’t have to use the android emulator as suggest in the article mentioned above – I used vanilla kernel 3.0.31 compiled with exynos4_defconfig, buildroot userspace and latest qemu with the machine smdkc210.
Pavel
P.S. I don`t have enough posts here, so you have to use the links manually
Click to expand...
Click to collapse
Hi! I use I9305 with android 4.4.4 - without any branding. Could U help me with root this device without knox flag? Thank u, I'm from polish and my english is soo bad ;/ I want ready aplication to install if u could do this for me
wow thanks you
Hi schizyk12,
I am afraid, that I will disappoint you. I don`t have any other phone than my i9305 with 4.3, so it would be a blind shot to create such an application. Even if I had some more devices, I am not sure if I have time to do this. Another problem is that I am not even sure whether this would work on 4.4.4. What kernel does it use? See this www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3153 , if your kernel version is higher than 3.14.5 then the bug this is exploiting is fixed. If you kernel is build after May 26th, 2014, it is also probably fixed.
I am attaching the binary that worked for me. You can try it - unzip it and pull it into /data/local/tmp using adb (if you don`t know how to do it, search the web, it`s not difficult) and execute from adb shell as /data/local/tmp/tr_c 1 (or some other integer, see my original post). Keep trying, it may not work for the first time. If it succeeds, you will see something like this:
Code:
cpid3 resumed.
hack.
/system/bin/sh
[email protected]:/data/local/tmp #
If your phone reboots, it is a good sign – the bug is probably not fixed.
I also have i9305 with Android 4.3 (kernel 3.0.31) and everything seems to work fine - when I execute tr_c 1 it displays a lot of lines but there are few, which look exact same like in your post above. Now the problem - this method doesn't give me root access... I don't know what is wrong. Can you help me with this? Maybe you know how to get it working? Thanks for all of your work PS: Sorry for my english.
What do you mean by root access? This is not one the “one click root” applications, this is only the exploit. If you see at the end what I posted in my previous post, you have root access, but only in that one session. If you want to have rooted device, you have to do the rest manually. Unfortunately I didn`t find any article describing what this means. There are only lots of “one click” apps. Finally I used Koushiks Superuser – it is simple and opensource, so it was quite easy to find how the installation (“rooting”) works. Take a look at this script github.com/koush/Superuser/blob/master/Superuser/assets/update-binary . Don`t execute it, it is supposed to be run from recovery. Here are briefly the steps to be done (I hope I didn`t forget anything, don`t do it if you don`t understand it):
1) mount -oremount,rw /system
2) copy su to /system/xbin
3) chown it 0:0 and chmod it to 6755
4) create link from /system/bin/su to /system/xbin/su
5) modify (or create) /system/etc/install-recovery.sh (see github.com/koush/Superuser/blob/master/Superuser/assets/install-recovery.sh)
6) sync and reboot
I actually used the disabled ssh service from /init.rc and I am enabling it install-recovery.sh, so if the su daemon is killed, it is restarted automatically. The daemon is needed because of bypassing SELinux, the suid bit is not enough (I suppose I can chmod to 755 in step 3).
You don`t have to compile the whole supperuser, you can download it from here www.koushikdutta.com/post/superuser .
But there is one problem with this version – if the selinux is enforcing, the su works only from adb shell. It is because the socket used for communication between su and daemon is in /dev, which is not accessible by applications. So I moved it to /data/local/tmp/. Now it works for apps and not for adb shell. But you have to compile the su binary to do this. I should report a bug to Koushik.... Also adding setenforce 0 to install-recovery.sh should help, but it turns off SELinux.
Pavel
Yeah, I thought it will be something like "one-click root". Now I understand - I had root access from adb but not normally rooted phone I read your instructions and I have more questions. Did you do this on your phone? Is the warranty void still 0 after these operations? I don't want to change it to 1
PS: I'm not sure if I can make this work, so I must live without root on this device since it'll be easier to do
I*did all of this on my phone I don`t see any triangle like here www.mobot.net/samsung-galaxy-s2-removing-yellow-triangle-37410 . The know warranty void in download mode says 0, so I guess it is OK. But the device status in settings says custom, but this happened after I removed knox related applications. I didn`t try to put them back. It may fix it. If I remember well, the step I described didn`t change any of these bit and statuses.
It`s not so difficult, you just need some understanding how Linux system works.
Sony rolled out Android Pie 9 50.2.A.0.352 for Xperia XA2 Ultra 2 days ago. I was wondering if I proceed with the update from my rooted Oreo, will I have any working Root for Android 9 for my phone?:silly:
Only a few regions has gotten Pie so far. Makes it hard to work on getting root when most of us are still waiting.
Edit: XA2 Ultra H3223 USA just got Pie today.
Looking for this one too hoping on of this days root method will come out ..
anyone tried using magisk ? the root method last time in Oreo ? want to try it out but i'm afraid my phone will get bricked
danger
qhuinzy_09 said:
Looking for this one too hoping on of this days root method will come out ..
anyone tried using magisk ? the root method last time in Oreo ? want to try it out but i'm afraid my phone will get bricked
Click to expand...
Click to collapse
You're rightly afraid. Steer clerar of magisk. Wait for a proper rooting method, or perhaps don't root at all.
This update is already a danger (see the previous brick wave), I would wait until things calm down.
XA2 Ultra owner, not updating. Staying on Android 8 for a good while.st
ish4d0w777 said:
You're rightly afraid. Steer clerar of magisk. Wait for a proper rooting method, or perhaps don't root at all.
This update is already a danger (see the previous brick wave), I would wait until things calm down.
XA2 Ultra owner, not updating. Staying on Android 8 for a good while.st
Click to expand...
Click to collapse
yeah mate Heard the brick update in russia just waiting for the proper Root method hope it will come out soon..
But the pie update is Really Good ! over all 9/10 and also noticed the battery is far longer now :good::good:
yes guys sony xa 2 ultra root in original rom normal the steps is the same of classic all time in all others rom idk if i make a deference but me use this step 1. run adb in my pc and write fastboot boot twrp-3.2.3-1-discovery.img step2. in twrp first install addonsu-16.0-arm64-signed.zip this file take of line age os 16 idk if this make the deference but me install first this file , so step 3. install magisk and reboot phone no install twrp in phone just restart and phone work very well in original rom pie9 H4213_Customized GR_1313-7447_50.2.A.0.352_R1B i hope help good luck to root your xa 2 ultra
malamas said:
yes guys sony xa 2 ultra root in original rom normal the steps is the same of classic all time in all others rom idk if i make a deference but me use this step 1. run adb in my pc and write fastboot boot twrp-3.2.3-1-discovery.img step2. in twrp first install addonsu-16.0-arm64-signed.zip this file take of line age os 16 idk if this make the deference but me install first this file , so step 3. install magisk and reboot phone no install twrp in phone just restart and phone work very well in original rom pie9 H4213_Customized GR_1313-7447_50.2.A.0.352_R1B i hope help good luck to root your xa 2 ultra
Click to expand...
Click to collapse
Strange! I was thinking exactly the same process would've been as you've mentioned but then I intended to wait for some expert reviews or suggestions. So you are saying that you did the root exactly the way Android 8 Oreo was rooted as in the process you mentioned? So how far has it been with Android 9 with Root access with you ?
root
noob_coder said:
Strange! I was thinking exactly the same process would've been as you've mentioned but then I intended to wait for some expert reviews or suggestions. So you are saying that you did the root exactly the way Android 8 Oreo was rooted as in the process you mentioned? So how far has it been with Android 9 with Root access with you ?
Click to expand...
Click to collapse
im not sure if understand you exacly your question but my phone work super fast and very stable just follow my steps and you done 100% safe
im try post some photos in my phone to see is real
Easy-Peasy Interactive root
_/easy[+EASY-PEASY+]easy\_
ii-I/n/T_e r-A-c t_I\v\E-ee i have conjured up a simple tool for rooting the xa2 ultra. nothing special, all you do is download the zip, extract it, and run the .bat file, and follow along in the cmd prompt window. its interactive so you will have to select a few options while in recovery. its really easy. bootloader must be unlocked. make sure to read the read me files, and also follow along with the command prompt.
hope someone tries it out. i would like some opinions. im not new to computers, but im new to scripting.
any feedback would be appreciated. go to the ftp site listed below and download Also stock android 9.0 is included, its seperate from the tool. extract the zip open folder and double click newflasher.exe its all set up. just select no on the 2 options that come up before the flashing, put your device in flashmode
ftp://
192.161.
227.
73
v1nd1cta_d3b3llat0tlr said:
_/easy[+EASY-PEASY+]easy\_
ii-I/n/T_e r-A-c t_I\v\E-ee i have conjured up a simple tool for rooting the xa2 ultra. nothing special, all you do is download the zip, extract it, and run the .bat file, and follow along in the cmd prompt window. its interactive so you will have to select a few options while in recovery. its really easy. bootloader must be unlocked. make sure to read the read me files, and also follow along with the command prompt.
hope someone tries it out. i would like some opinions. im not new to computers, but im new to scripting.
any feedback would be appreciated. go to the ftp site listed below and download Also stock android 9.0 is included, its seperate from the tool. extract the zip open folder and double click newflasher.exe its all set up. just select no on the 2 options that come up before the flashing, put your device in flashmode
ftp://
192.161.
227.
73
Click to expand...
Click to collapse
strange that when I unzip a 1.8GB or so zip it just ends up with 2 small files (bat and readme) (even tried pulling the constituent files out from the zip independently). Also the batch file won't run due to windows security (understand running .bat is always risky no matter how good one's intentions might be)
mac231us said:
strange that when I unzip a 1.8GB or so zip it just ends up with 2 small files (bat and readme) (even tried pulling the constituent files out from the zip independently). Also the batch file won't run due to windows security (understand running .bat is always risky no matter how good one's intentions might be)
Click to expand...
Click to collapse
hey, thanks man, im new to this so i really apprecite it. i unzipped the 1.8gb zip, left it for download, and also left the unzipped folder and unhid everything. i left a NOTE to do explain a little better, not much, but its a little more than i am now. i changed permissions on my end, so it should be ok. as long as everything stays together in the same directory, for example the desktop,...... it doent have to be that folder, but it cant be in any other folder either, as long its all on the desktop, its good. i figure you already know that, but it makes me feel better to let you know. the .bat extracts 3 other .zip, one .zip is a usb driver and it installs it also. you can hit no, cmd will read access denied, but in this script its not considered an error, so it will continue. it will also connect to adb automatically and push 2 files, .img, .zip, to the device. if there is a problem with adb connecting, it will give notice, prompt, and when hit enter it will kill adb server and exit cmd. if everything is ok,it will boot the recovery .img automatically, given you press enter to give it permission. once in recovery it prompts instructions for the user, and a new instruction will show after every enter. well, i guess i did explain it better than i did in that NOTE.
hope i dont sound to retarded and noobish, and i hope you give it another go.
again thank you, much appreciated
.
v1nd1cta
noticed your bat file has the zip file in system32 directory
the bat file does not work due to the paths I am guessing. Why would the zip want to be in system 32 windows directory?
any update? a safe way to root in android 9?
v1nd1cta_d3b3llat0tlr said:
hey, thanks man, im new to this so i really apprecite it. i unzipped the 1.8gb zip, left it for download, and also left the unzipped folder and unhid everything. i left a NOTE to do explain a little better, not much, but its a little more than i am now. i changed permissions on my end, so it should be ok. as long as everything stays together in the same directory, for example the desktop,...... it doent have to be that folder, but it cant be in any other folder either, as long its all on the desktop, its good. i figure you already know that, but it makes me feel better to let you know. the .bat extracts 3 other .zip, one .zip is a usb driver and it installs it also. you can hit no, cmd will read access denied, but in this script its not considered an error, so it will continue. it will also connect to adb automatically and push 2 files, .img, .zip, to the device. if there is a problem with adb connecting, it will give notice, prompt, and when hit enter it will kill adb server and exit cmd. if everything is ok,it will boot the recovery .img automatically, given you press enter to give it permission. once in recovery it prompts instructions for the user, and a new instruction will show after every enter. well, i guess i did explain it better than i did in that NOTE.
hope i dont sound to retarded and noobish, and i hope you give it another go.
again thank you, much appreciated
.
Click to expand...
Click to collapse
ftp not working btw
There only seems to be Magisk root for up to 50.1.A.13.83 (Oreo)... Which is a massive pain because there have been tons of updates since, including Android Pie. I check this site loads and still nothing towards rooting for Pie.
So, not sure if this helps, but magisk seems to install fine in pie, but so far I'm having a ton of issues regarding freezes and reboots. Will search for a kernal fix, anyone have a clue to this? Just thought I'd inset my 2¢ into this and see if anyone has any insight to this. Thanks guys you do great work ?