Related
ADVANCED USERS ONLY - NVFLASH REQUIRED
I would like to reiterate the importance of when I say this is not for the faint of heart. You should be familiar with nvflash, know how to pull the partition table, know how to do a full restore, etc. You are directly and blindly flashing a partition. A small percentage of devices have a different partition table, which this guide would not work for.
1)Follow this guide to setup Nvflash, and enter APX mode: http://wiki.tegratab.com/index.php/Nvflash_FAQ
2)Download boot logo if you don't have one.
3)Open a command line and change directory to the image location on your hard drive.
4)Enter APX mode
5)Run command:
Code:
nvflash --bl bootloader.bin --download 6 (imagename).bmp
-a)Note: 6 is the number of the partition that this image is stored on, nothing else resides on this partition, and nothing else will be damaged
6)Reboot and you should see something other than the Viewsonic Birds
Sample:
Do not save this image preview as template(it is a png instead of bmp).
Download here: http://www.multiupload.com/OWS9JEPVXE
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Creating Logo:
Tools:
Gimp (or equivalent)
-free photo editing software
1)Open my sample image in Gimp
2)Find logo that you want
-a)For example you could find a android image
3)Select and delete tegra logo
4)Paste your logo onto the white tegra background (this has correct dimensions)
5)Merge layers
6)Save as .bmp
7)Flash like above method
Bootloader
Correct bootloader.bin is located in the stock Gtablet TnT Nvflash restore(one without 46 in name): http://db.tt/Wm25t7U
Cool Tip thanks for sharing
Hey thanks, that's awesome! By any chance, would you know how to change the GTablet Oval Graphic and the animated X that's after it?
BTW, what do you guys think of a possible animated logo for Roebeets and Rothnics builds. I think they deserve their own animated logos ala Cyanogen Mod. What do you guys think? Hoping someone with some graphics talent sees this. ;P
The animated X is easily changable, I know its just a zip file you replace. (From what I read about my Droid 2.) I would assume it would be the same in this case. I've not done it though.
I also would like to know how to remove the gTablet oval logo that shows up after the Viewsonic birds logo.
Its gone in CM6.1 but TNT is way more stable/functional
KnightCrusader said:
The animated X is easily changable, I know its just a zip file you replace. (From what I read about my Droid 2.) I would assume it would be the same in this case. I've not done it though.
I also would like to know how to remove the gTablet oval logo that shows up after the Viewsonic birds logo.
Click to expand...
Click to collapse
gTablet logo is in the boot.img, and could be replaced with a little effort.
The main animation is the zip file, like you point out, and it is easily replaceable. I have used the Nexus One animation in the ZPad 2.2 ROM. I believe it is under /system/media.
Hmm.....any thoughts?
EDIT: Ignore me. Read that you can't use stock NVIDIA bootloader.bin ::face palm::. Working now
Code:
c:\Program Files (x86)\NVIDIA Corporation\tegra_froyo_20101105>nvflash --bl boot
loader.bin --download 6 tegra.bmp
Nvflash started
rcm version 0X20001
System Information:
chip name: t20
chip id: 0x20 major: 1 minor: 3
chip sku: 0x8
chip uid: 0x1714118842c051d7
macrovision: disabled
hdcp: enabled
sbk burned: false
dk burned: false
boot device: nand
operating mode: 3
device config strap: 0
device config fuse: 0
sdram config strap: 0
downloading bootloader -- load address: 0x108000 entry point: 0x108000
sending file: bootloader.bin
| 933404/933404 bytes sent
bootloader.bin sent successfully
waiting for bootloader to initialize
bootloader downloaded successfully
sending file: tegra.bmp
\ 1441792/1843256 bytes sentdata send failed NvError 0x30012
command failure: partition download failed
h8rift said:
Hmm.....any thoughts?
EDIT: Ignore me. Read that you can't use stock NVIDIA bootloader.bin ::face palm::. Working now
Code:
c:\Program Files (x86)\NVIDIA Corporation\tegra_froyo_20101105>nvflash --bl boot
loader.bin --download 6 tegra.bmp
Nvflash started
rcm version 0X20001
System Information:
chip name: t20
chip id: 0x20 major: 1 minor: 3
chip sku: 0x8
chip uid: 0x1714118842c051d7
macrovision: disabled
hdcp: enabled
sbk burned: false
dk burned: false
boot device: nand
operating mode: 3
device config strap: 0
device config fuse: 0
sdram config strap: 0
downloading bootloader -- load address: 0x108000 entry point: 0x108000
sending file: bootloader.bin
| 933404/933404 bytes sent
bootloader.bin sent successfully
waiting for bootloader to initialize
bootloader downloaded successfully
sending file: tegra.bmp
\ 1441792/1843256 bytes sentdata send failed NvError 0x30012
command failure: partition download failed
Click to expand...
Click to collapse
ummm yea, I got the same thing. I have the version of NVFLASH from week one with the original files that we used to bring it back to stock.
What am I missing?
EDIT: I'M WITH YOU, SORRY FALSE ALARM, guess I grabbed the wrong one (idiot)
Nice find Rothnic
Also, if you find another boot up logo you want (where the malata, nexus, ect. animated screen is), its just a .zip that can be replaced in /system/media Nice little change!
deleted...
So its not working for me. It connects, downaloads and starts the bootloader, then downloads the bmp successfully. I shut the tab off and restart and I see those damn birds....
Any ideas?
I already redownloaded the nvflash files. Still doesn't work.
I formated partition 6 with nvflash and put my picture there and still have the damn birds. Every time it says it's successful! Damn It! LOL!
Noob question: Where do I get bootloader.bin?
-=Sent from my ViewSonic G Tablet (Zpad 2.2) using Tapatalk=-
Bump...
Seriously... I managed to modify the boot.img and change the g-tablet logo, but I can't get this one done! It's very frustrating. Something so simple, yet it won't work!
I used nvflash in Win 7
I used nvflash in Ubuntu
I formated partition 6
I dumped 16MB from partition 6 and tried to view it
NUTIN!
Does anyone have any ideas?
Make sure you are not using the nvidia nvflash but the one in the other folder.
Lil Help
So I was trying to get this to work, realized I could format partition 6 (to try to get the file to copy) and did that, must have removed some stuff that needs to be there cause now I keep getting an error, process acore stopped. The on screen keyboard no longer pops up.
So there must be more than just the .bmp file in partition 6?
Can someone please look at partition 6 and maybe zip or list the files and folders in it. I would rather rebuild partition 6 than rebuild my whole setup.
Aditionally rothnic can you add step 1a to the instructions.
1a) replace the bootloader.bin file with one from the original or a custom rom specifically for the gtab.
I did get the new image installed though
it2steve said:
ummm yea, I got the same thing. I have the version of NVFLASH from week one with the original files that we used to bring it back to stock.
What am I missing?
EDIT: I'M WITH YOU, SORRY FALSE ALARM, guess I grabbed the wrong one (idiot)
Nice find Rothnic
Also, if you find another boot up logo you want (where the malata, nexus, ect. animated screen is), its just a .zip that can be replaced in /system/media Nice little change!
Click to expand...
Click to collapse
i dont get it, how did you guys get this to work? did you have to download the bootloader.bin from else where and not use the one included in the folder?
please help!
thanks!
popezaphod said:
Noob question: Where do I get bootloader.bin?
-=Sent from my ViewSonic G Tablet (Zpad 2.2) using Tapatalk=-
Click to expand...
Click to collapse
I'm with you and lost. I am running TnT Lite 2.2. I've got nvflash up and running, but I guess am misssing the bootloader.bin file as I get an erro at the end.
realsol said:
Make sure you are not using the nvidia nvflash but the one in the other folder.
Click to expand...
Click to collapse
what other folder? could you please explain?
thanks!
liquidcaffeine said:
I'm with you and lost. I am running TnT Lite 2.2. I've got nvflash up and running, but I guess am misssing the bootloader.bin file as I get an erro at the end.
Click to expand...
Click to collapse
yea i get you get the same error im getting. look below:
System Information:
chip name: t20
chip id: 0x20 major: 1 minor: 3
chip sku: 0x8
chip uid: 0x17141188445fd217
macrovision: disabled
hdcp: enabled
sbk burned: false
dk burned: false
boot device: nand
operating mode: 3
device config strap: 0
device config fuse: 0
sdram config strap: 0
downloading bootloader -- load address: 0x108000 entry point: 0x108000
sending file: bootloader.bin
| 933404/933404 bytes sent
bootloader.bin sent successfully
waiting for bootloader to initialize
bootloader downloaded successfully
sending file: tegra.bmp
/ 1835008/1843256 bytes sentdata send failed NvError 0x30012
command failure: partition download failed
liquidcaffeine said:
I'm with you and lost. I am running TnT Lite 2.2. I've got nvflash up and running, but I guess am misssing the bootloader.bin file as I get an erro at the end.
Click to expand...
Click to collapse
The really weird thing now is after a reboot, half if the new graphic is showing up!
i got past the error when pushing out the tegra.bmp file but now the screen turns black and says "entering nvlash recovery mode / nv3p server"
i followed this...
http://forum.xda-developers.com/showthread.php?t=859834
felizf said:
i got past the error when pushing out the tegra.bmp file but now the screen turns black and says "entering nvlash recovery mode / nv3p server"
i followed this...
http://forum.xda-developers.com/showthread.php?t=859834
Click to expand...
Click to collapse
That means you are done, now restart.
TF701T NvFlash Unbrick Solution(tested)
(continue of the threadhttps://forum.xda-developers.com/showthread.php?t=2655888)
Charge tab before unbricking.
Connect tab to PC.
If your tab not started already in APX mode, then run APX mode by pressing button combination Vol+ and Power.
Insall drivers from "usb_drivers" if needed.
If there is a problem with the installation of drivers, use Google to search- how to install unsigned drivers.
When device installed correctly run "tf701t_flash.bat".
If flash process interrupts with error like ...read\write error..., then probably EMMC memory chip is damaged and need to replace.
If flash process complete, then we ready to next step.
Prepare fat32 formatted microSD card.
Download from ASUS site update package.
https://www.asus.com/us/Tablets/The_New_ASUS_Transformer_PadTF701T/HelpDesk_BIOS/
It _MUST_ be Version V10.14.1.47, SKU(region)- of your choice.
The downloaded file will look like **_epaduser_10_14_1_47_UpdateLauncher.zip
There will be another archive inside that archive.
Extract it, and rename it to t4_sdupdate.zip
Put t4_sdupdate.zip in root of microSD card.
Insert microSD card in tab, then start tab in recovery mode by pressing Vol- and Power key combination.
Follow onscreen instructions to complete recovery process.
After all you tab must be restored to factory state JB Android.
Now you may update firmware version using OTA or sdcard.
NvFlash TF701T Unbrick
http://mega.nz/#!mk8k0Y5S!TQJVfcQudH9HIMnapiGZWccV3VvygnTjDWYLxJte4lo
mirror
http://smartjtagbox.com/owncloud/index.php/s/T8DKqDuhSZzffSp
What is this? A covert ad campaign for Mega? How about hosting the file somewhere that does not force you to download an app, open an account and all that cr***? I'd be really curious to see the code, but not like this.....
Sent from my TF700T using Tapatalk
berndblb said:
What is this? A covert ad campaign for Mega? How about hosting the file somewhere that does not force you to download an app, open an account and all that cr***? I'd be really curious to see the code, but not like this.....
Click to expand...
Click to collapse
Where did you see the ad or need to register, or requirement of install the program for downloading?
Just checking in IE and FF.
I see a big red button- "download", no ads, and no requirements.
Ok, for those who have problems with mega.nz added a mirror for download.
TF701t - Hard Reset Fails ...
Dear Community,
I wanted to hard reset my TF701t to delete my data and give it to another one.
But now it stucks in "deleting data" ... that endures a minute then a dead android is on the screen.
When I want to reboot it, the hard reset comes again and want to delete everything, but the dead android is coming back :/
I can't go in Recovery Mode (Volume-down + Power)
Connection to APX works but, see pic below ...
I don't know what I could try anymore ...
Hope somebody have an idea.
Best greetings,
Symbic
Bild -> url: ibb.co/iFP5JH
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Symbic said:
Dear Community,
I wanted to hard reset my TF701t to delete my data and give it to another one.
But now it stucks in "deleting data" ... that endures a minute then a dead android is on the screen.
When I want to reboot it, the hard reset comes again and want to delete everything, but the dead android is coming back :/
I can't go in Recovery Mode (Volume-down + Power)
Connection to APX works but, see pic below ...
I don't know what I could try anymore ...
Hope somebody have an idea.
Best greetings,
Symbic
Bild -> url: ibb.co/iFP5JH
Click to expand...
Click to collapse
Link to the picture is broken, so we cannot see what result you got...
What's your situation: Bootloader unlocked? Custom recovery? I guess not since you get the dead Android?
link to screenshot ok.
as i can see- problems begin after trying access to EMMC chip.
"Taking backup of EKS"
unfortunately with 90% certainty i can say that the EMMC chip damaged.
mr.bin said:
link to screenshot ok.
as i can see- problems begin after trying access to EMMC chip.
"Taking backup of EKS"
unfortunately with 90% certainty i can say that the EMMC chip damaged.
Click to expand...
Click to collapse
Can I do anything else to test the EMMC chip?
Symbic said:
Can I do anything else to test the EMMC chip?
Click to expand...
Click to collapse
In that state the EMMC chip can be tested with the special equipment like EasyJtag box.
Hello Mr Bin, registered an account just to say thank you...
You have no idea.. was helping a friend to update, but the guy who sold it(tf701) had bought it from different region and turned it to US, so we ended up hard bricking it.
Long story short, we hard bricked it.
Thank you for your hard work in making the fix, and a big THANK you for sharing it...
Perfect fix, its better than before because it got updated to .47 (we couldnt update, no OTA no manual, too old version for custom recoveries)
Again.. thanks :good::good:
Thanks.
But, after clicking to RCK, shows Android with blue procesing line and after few seconds android with open door and red triangle !. After few minutes bootloop....nothing more.
What can i doing again?
Wow! It's back!
Hi.
First of all: Thank you very much! I was sure my tablet was a goner... It is actually back. One tip I'd like to add: I had to try around a bit to get into APX mode. But essentially I just had to connect the tablet to my PC and then push "Volume up" and power at the same time - and ignore that the screen did not light up ...
Again: Thanks a lot!
Mr.Bin,
You have resurrected my TF701T! Thank you SOOOO MUCH! You are an actual genius! Thanks!
Help w installation
I have the same problems although i have not installed any custom OS but after few months of not using it didnt load up and ended in APX mode.
Tried this solution, installed the driver, started the .bat file and ended up here :
Nvflash 3.08.1704 started
Using blob 3.08.1704
chip uid from BR is: 0x600000015c3e10080c000000190301c0
rcm version 0X350001
Skipping BoardID read at miniloader level
System Information:
chip name: unknown
chip id: 0x35 major: 1 minor: 2
chip sku: 0x3
chip uid: 0x000000015c3e10080c000000190301c0
macrovision: disabled
hdcp: enabled
jtag: disabled
sbk burned: true
board id: 0
warranty fuse: 0
dk burned: true
boot device: emmc
operating mode: 6
device config strap: 0
device config fuse: 17
sdram config strap: 0
RCM communication completed
sending file: flash.bct
- 8192/8192 bytes sent
flash.bct sent successfully
BCT sent successfully
odm data: 0x82098000
downloading bootloader -- load address: 0x80108000 entry point: 0x80108000
sending file: bootloader.bin
data send failed NvError 0x120002
command failure/warning: bootloader download failed (bad data)
I would be very thankful for any information you could read from this. Just would like to know if i even have a chance of getting it back on.
So, I was running fine with CROMi-X KitKat, but wanted to upgrade to Marshmallow (to install sw not supported in KitKat), so decided to try KatKiss 6.0. It's been years since I've played with flashing ROMs, but I did a little reading to refresh my memory. Then I rebooted into recovery (ClockworkMod), backed everything up, then wiped everything, formatted /data, and tried flashing the KatKiss zip file. At that point, it just sat there forever at the ASUS logo screen:
I've tried several times to boot back into recovery by holding the Vol+ and Power buttons, but it either doesn't boot, or boots to the above screen. I've connected it to my Mac w/ the Android SDK Platform Tools, but adb doesn't see any device listed. [I've got an old Windows laptop (XP?)] I could use if it will do something the Mac can't.]
Any advice on how I can save this tablet?
This method can be apply to tft300t?
Hi! What a great thread! After lurking on this forum for many years, i've registered to expose my issue with an old tf701 that was given to me by a friend. He say me he installed esexplorer and deleted file to clean space. Next day he rebooted and never been able to boot system. Now tablet is in bootloop ending with blackscreen and backlight on. Im able to open in fastboot and talk with minimal adb and fastboot. RCK update ending with fallen robot, Wipe data/cache ending with fallen robot. APX mode also working and ive run mr.bin's Nvflash unbrick tool with this result:
Nvflash 3.08.1704 started
Using blob 3.08.1704
chip uid from BR is: 0x600000015c3e10060400000001058440
rcm version 0X350001
Skipping BoardID read at miniloader level
System Information:
chip name: unknown
chip id: 0x35 major: 1 minor: 2
chip sku: 0x3
chip uid: 0x000000015c3e10060400000001058440
macrovision: disabled
hdcp: enabled
jtag: disabled
sbk burned: true
board id: 0
warranty fuse: 0
dk burned: true
boot device: emmc
operating mode: 6
device config strap: 0
device config fuse: 17
sdram config strap: 1
RCM communication completed
sending file: flash.bct
- 8192/8192 bytes sent
flash.bct sent successfully
BCT sent successfully
odm data: 0x82098000
downloading bootloader -- load address: 0x80108000 entry point: 0x80108000
sending file: bootloader.bin
| 1463232/1463232 bytes sent
bootloader.bin sent successfully
waiting for bootloader to initialize
bootloader downloaded successfully
Taking backup of EKS
Receiving file: EKS_0400000001058440.bin, expected size: 4194304 bytes
/ 4194304/0 bytes received
file received successfully
Taking backup of PER
Receiving file: PER_0400000001058440.bin, expected size: 8388608 bytes
/ 8388608/0 bytes received
file received successfully
Taking backup of ABT
Receiving file: ABT_0400000001058440.bin, expected size: 4194304 bytes
/ 4194304/0 bytes received
file received successfully
Continuing create using flash.cfg
setting device: 2 3
deleting device partitions
creating partition: BCT
creating partition: PT
creating partition: EBT
creating partition: DFI
creating partition: BMP
creating partition: ABT
creating partition: GP1
creating partition: SOS
creating partition: DTB
creating partition: LNX
creating partition: APP
creating partition: CAC
creating partition: APD
creating partition: ADF
creating partition: MSC
creating partition: USP
creating partition: PER
creating partition: CRA
creating partition: MDA
creating partition: EKS
creating partition: UDA
creating partition: GPT
sending file: bootloader.bin
| 1463232/1463232 bytes sent
bootloader.bin sent successfully
sending file: xusb_sil_rel_fw
- 126464/126464 bytes sent
xusb_sil_rel_fw sent successfully
sending file: ABT_0400000001058440.bin
/ 4194304/4194304 bytes sent
ABT_0400000001058440.bin sent successfully
sending file: recovery.img
\ 7272704/7272704 bytes sent
recovery.img sent successfully
sending file: boot.img
- 6760704/6760704 bytes sent
boot.img sent successfully
sending file: PER_0400000001058440.bin
/ 8388608/8388608 bytes sent
PER_0400000001058440.bin sent successfully
sending file: EKS_0400000001058440.bin
/ 4194304/4194304 bytes sent
EKS_0400000001058440.bin sent successfully
failed executing command 26 NvError 0x120002
command failure/warning: sync failed (bad data)
bootloader status: Bct Write Failed (code: 22) message: nverror:0x40005 (0x14000
5) flags: 0
Click to expand...
Click to collapse
Advise would be great help. I dont know if mmc could be dead, it showing some successful tranfert but keep failing at same place. Thanks!
Hello. These commands for nvflash make a backup and installation of the system.
REED
@cls
@nvflash.exe --blob blob.bin --bl bootloader.bin --read 9 recovery.img --read 11 boot.img --read 12 system.img
@pause
WRITE
@cls
@nvflash.exe --blob blob.bin --bl bootloader.bin --download 9 recovery.img --download 11 boot.img --download 12 system.img
@pause
Thanks mr.bin for a great tool
Important information who uses nvflash!
3 files (ABTxxxxxxxxxxxxxxxx.bin, EKS_xxxxxxxxxxxxxxxx.bin, PER_xxxxxxxxxxxxxxxx.bin, which are created after running nvflash, must be flashed again. Otherwise, it will be impossible to unlock the tablet again and the serial number will be lost. Save in a safe place and then rename the files to EKS, ABT, PER.
To do this, create a second file with the bat extension. In a text editor, type these lines
Code:
nvflash --wait --blob blob.bin --bl bootloader.bin --download 7 ABT --download 21 EKS --download 18 PER --go
If these files are saved on the unlocked tablet, then after their firmware unlocking will be restored.
Also, using nvflash, you can resize partitions, flash a bootloader with file system markup, recovery.
There is no way to load an unlocked bootloader in this process ??
As title says, I was JUST about to backup all my app data, contacts and stored messages from my Z3 Compact, when it started bootlooping on its own.
I did some researching since I have a basic background in Electronics repair (not to mention almost unlimited amounts of stubbornness and patience) and learned of a Serial debug test pads under the battery (the battery were a real pain in the rear to remove without ruining anything) which gave me following boot log (with IMEI numbers censored by me):
Code:
Format: Log Type - Time(microsec) - Message
Log type: B - since boot(excluding boot rom). D - delta
B - 253882 - SBL1, Start
B - 259158 - scatterload_region && ram_init, Start
D - 0 - scatterload_region && ram_init, Delta
B - 276147 - pm_device_init, Start
D - 27328 - pm_device_init, Delta
B - 303658 - boot_flash_init, Start
D - 217739 - boot_flash_init, Delta
B - 521733 - boot_config_data_table_init, Start
D - 0 - boot_config_data_table_init, Delta
B - 527863 - PBS setup, Start
D - 1159 - PBS setup, Delta
B - 533719 - sbl1_ddr_set_params, Start
B - 538355 - Pre_DDR_clock_init, Start
D - 244 - Pre_DDR_clock_init, Delta
D - 0 - sbl1_ddr_set_params, Delta
B - 551745 - pm_driver_init, Start
D - 237930 - pm_driver_init, Delta
B - 790041 - clock_init, Start
D - 183 - clock_init, Delta
B - 793152 - Image Load, Start
B - 907649 - Tz Execution, Start
D - 173392 - Tz Execution, Delta
B - 1090771 - Image Load, Start
B - 1147776 - Signal PBL to Jump to RPM FW
B - 1148050 - sbl1_wait_for_ddr_training, Start
D - 31750 - sbS1 BOOT
[120] USB init ept @ 0x7365000
[140] TA config read from GPT: 0x10 blocks of size 0x20000 @ 0x20000
S1 BOOT (1286-7314 S1_Boot_MSM8974AC_LA3.0_L_15.4)
[180] GPIO HW_ID[3:0]: [0000]
[180] soc_ver: 0x10001, pmic_ver: 3.1
[190] die_id: 0x1070712e, oem_product_id: 0x4, otp_lock: 0x155
PBA ID: 1285-0545 (4)
[200] CHG_STATUS_REG is 0x0 after pm8x41_chg_sts_get()
Startup flags: [ONKEY PRESSED]
Warmboot reason: [COLDBOOT]
Remote lock is UNSUPPORTED
Rooting status is: Not done
[340] OV: 0x80000 0x0 0x0
[ERROR @ S1/boot/src/s1boot_config_parser.c:595]:
MiscTA unit 2473 could not be read!
[ERROR @ S1/boot/src/s1boot_config_parser.c:845]:
None or incorrect vbus_pulse configuration!
[ERROR @ S1/boot/src/s1boot_config_parser.c:904]:
No variant configuration to store!
[360] USB ID: 1790
[360] OTG State is invalid
Service mode detected: [NONE]
[ERROR @ S1/boot/src/s1boot_lib_api.c:1448]:
TA read failed!
[450] S1 decisions complete, image to boot is 0.
[450] IMEI[0]: ##############
[450] Info: failed to retrieve secondary IMEI (optional) in facility 0x1 with code 0x2 (error ignored)
[1150] Using DTB entry 194/00010000/8/0 for device 194/00010001/8/0
[1160] CHG_STATUS_REG is 0x0 after pm8x41_chg_sts_get()
[1160] icon_flg is 0x0 battery_flg is 0x0 chg_presence_flg is 0x0
[1170] backlight_enable=1
[1190] Detected display: jdi novatek 720p cmd
[1310] No lp855x --> PMIC backlight
[1570] Battery is Good! go to HLOS
[1580] CHG_STATUS_REG is 0x0 after pm8x41_chg_sts_set()
[1580] cmdline: "androidboot.hardware=qcom user_debug=31 msm_rtb.filter=0x3b7"\
[1590] " ehci-hcd.park=3 androidboot.bootdevice=msm_sdcc.1 vmalloc=3"\
[1600] "00M dwc3.maximum_speed=high dwc3_msm.prop_chg_detect=Y andro"\
[1600] "idboot.emmc=true androidboot.bootloader=s1 oemandroidboot.s1"\
[1610] "boot=1286-7314_S1_Boot_MSM8974AC_LA3.0_L_15.4 androidboot.se"\
[1620] "rialno=YT9112XZ6P ta_info=1,16,256 startup=0x00000001 warmbo"\
[1620] "ot=0x00000000 oemandroidboot.imei=##############00 oemandroi"\
[1630] "dboot.phoneid=0000:##############00 oemandroidboot.security="\
[1640] "1 oemandroidboot.babe08b3=50000000 lcdid_adc=0x5D4F8 display"\
[1640] "_status=on androidboot.baseband=msm".
[1650] Updating device tree: start
[1680] Updating device tree: done
Leaving S1 BOOT
[1730] If you can read this line, S1 BOOT is done. Start the stone rolling!
[1740] booting linux @ 0x8000, ramdisk @ 0x2000000 (3754834), tags/device tree @ 0x1e00000
[1740] Continuous splash enabled, keeping panel alive.
Format: Log Type - Time(microsec) - Message
Log type: B - since boot(excluding boot rom). D - delta
B - 89883 - SBL1, Start
B - 95160 - scatterload_region && ram_init, Start
D - 0 - scatterload_region && ram_init, Delta
B - 112148 - pm_device_init, Start
D - 27328 - pm_device_init, Delta
B - 139629 - boot_flash_init, Start
D - 65117 - boot_flash_init, Delta
B - 205082 - boot_config_data_table_init, Start
D - 30 - boot_config_data_table_init, Delta
B - 211243 - PBS setup, Start
D - 1159 - PBS setup, Delta
B - 217068 - sbl1_ddr_set_params, Start
B - 221460 - Pre_DDR_clock_init, Start
D - 244 - Pre_DDR_clock_init, Delta
D - 0 - sbl1_ddr_set_params, Delta
B - 235033 - pm_driver_init, Start
D - 237930 - pm_driver_init, Delta
B - 473451 - clock_init, Start
D - 183 - clock_init, Delta
B - 579805 - Image Load, Start
B - 689178 - Tz Execution, Start
D - 32574 - Tz Execution, Delta
B - 731512 - Image Load, Start
B - 787754 - Signal PBL to Jump to RPM FW
B - 788150 - sbl1_wait_for_ddr_training, Start
D - S1 BOOT
[120] USB init ept @ 0x7365000
[140] TA config read from GPT: 0x10 blocks of size 0x20000 @ 0x20000
S1 BOOT (1286-7314 S1_Boot_MSM8974AC_LA3.0_L_15.4)
[180] GPIO HW_ID[3:0]: [0000]
[180] soc_ver: 0x10001, pmic_ver: 3.1
[190] die_id: 0x1070712e, oem_product_id: 0x4, otp_lock: 0x155
PBA ID: 1285-0545 (4)
[200] CHG_STATUS_REG is 0x0 after pm8x41_chg_sts_get()
Startup flags: [ONKEY PRESSED]
Warmboot reason: [CRASH]
Remote lock is UNSUPPORTED
Rooting status is: Not done
[330] OV: 0x80000 0x0 0x0
[ERROR @ S1/boot/src/s1boot_config_parser.c:595]:
MiscTA unit 2473 could not be read!
[ERROR @ S1/boot/src/s1boot_config_parser.c:845]:
None or incorrect vbus_pulse configuration!
[ERROR @ S1/boot/src/s1boot_config_parser.c:904]:
No variant configuration to store!
[360] USB ID: 1790
[360] OTG State is invalid
Service mode detected: [NONE]
[ERROR @ S1/boot/src/s1boot_lib_api.c:1448]:
TA read failed!
[370] S1 decisions complete, image to boot is 1.
[380] IMEI[0]: ##############
[380] Info: failed to retrieve secondary IMEI (optional) in facility 0x1 with code 0x2 (error ignored)
[ERROR @ S1/util/src/s1_elf_loader.c:422]:
File image is not an known ELF-file.
[ERROR IN FAC 0xB CODE 0x3 @ S1/util/src/s1_elf_loader.c:1501]:
ELF-Loader initialization failed. De-initializing.
[ERROR @ S1/util/src/s1_elf_loader.c:1577]:
Invalid parameter.
[ERROR IN FAC 0xB CODE 0x3 @ S1/boot/src/s1boot_elf_loader.c:707]:
ELF loading failed!
[420] Crash detected, but ramdumper not found.
[420] clean ramdump info
[430] rebooting.
Leaving S1 BOOT
As for the OS, I wasn't running a recent version since I was rooted (despite what the log says) and Sony being both the only manufacturer of appropriately sized smartphones and a huge trouble to anyone who likes to have a rooted and fully functional phone at the same time (often nerfing the camera when rooting via their official means).
So is there any way to recovering the rest of the data on the internal eMMC chip? I frankly don't care much about rescuing the phone itself, only the data, so if it comes to having to desolder the eMMC and dumping the data via the backwards compatibility interface many eMMC chips have that's identical to the SD-card protocol and a holding jig (with eventual 1.8v to 3.3v level converter) then so be it, the data is number #1 priority while making the phone itself useful again is only a nice bonus, so if data recovery isn't possible at all then I'm not gonna bother spending more energy on it.
Any useful help appreciated
UPDATE: crisis toned down from DEFCON 1 to DEFCON 3, as it turns out I DID have a 3rd-party bootloader on the phone after all (Philz Touch fork of CWM) that I had completely forgotten both that I installed it and how to enter it.
Both embarrassing and a pleasant surprise.
So now I'm looking for a way to restore the late part of the original boot system and core OS files so It can boot, which'll enable me to make a nice dump of critical files with convenient app(s), instead of having to manually pilfer through a backup for data and figuring out how to transfer them over to my new phone the nicest way.
UPDATE #2
Dug through my computer backup and found the files from when I originally rooted it, including the latest .ftf file i flashed to the phone.
Could I be cheeky and get away with only flashing the kernel and the boot_delivery to make it boot normally again so I can do a "traditional" phone data transfer? or is that a waste of time?
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Hello, i need some Help for the EDL Flash on Redmi Note9 Codename Merlin.
Fastboot and Recovery does not work. Reboot after Redmi Sign.
Bootloader is open, Backcover is open. What must i do now?
Please help me for finding Testpoint.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
First, close your device and keep it untouched.
Next, follow this guide:
[GUIDE] How to bypass authentication and flash in EDL with NO auth for FREE
Thanks to: chaosmaster / k4y0z: GitHub / XDA xyzz / xyz`: GitHub / XDA Dinolek: GitHub / XDA How to install: 1. Download the attached file: VD171_MTK-bypass.zip. 2. Extract the file and open the folder. 3. Run and install python...
forum.xda-developers.com
VD171 said:
First, close your device and keep it untouched.
Next, follow this guide:
Click to expand...
Click to collapse
Thanks but i have a mistake at the end from the bat.
[2021-08-05 06:32:01.748392] Waiting for device
[2021-08-05 06:32:19.245436] Found port = COM9
[2021-08-05 06:32:19.429782] Device hw code: 0x707
[2021-08-05 06:32:19.429782] Device hw sub code: 0x8a00
[2021-08-05 06:32:19.429782] Device hw version: 0xca00
[2021-08-05 06:32:19.429782] Device sw version: 0x0
[2021-08-05 06:32:19.429782] Device secure boot: True
[2021-08-05 06:32:19.438464] Device serial link authorization: True
[2021-08-05 06:32:19.438464] Device download agent authorization: True
[2021-08-05 06:32:19.438464] Disabling watchdog timer
[2021-08-05 06:32:19.438464] Disabling protection
Traceback (most recent call last):
File "C:\Users\COMPAKT17\Downloads\VD171_MTK-bypass-v1.5\VD171_MTK-bypass-v1.5\Bypass\src\exploit.py", line 36, in exploit
udev._ctx.managed_claim_interface = lambda *args, **kwargs: None
AttributeError: 'NoneType' object has no attribute '_ctx'
The above exception was the direct cause of the following exception:
Traceback (most recent call last):
File "C:\Users\COMPAKT17\Downloads\VD171_MTK-bypass-v1.5\VD171_MTK-bypass-v1.5\Bypass\main.py", line 213, in <module>
main()
File "C:\Users\COMPAKT17\Downloads\VD171_MTK-bypass-v1.5\VD171_MTK-bypass-v1.5\Bypass\main.py", line 58, in main
result = exploit(device, config.watchdog_address, config.payload_address, config.var_0, config.var_1, payload)
File "C:\Users\COMPAKT17\Downloads\VD171_MTK-bypass-v1.5\VD171_MTK-bypass-v1.5\Bypass\src\exploit.py", line 38, in exploit
raise RuntimeError("libusb is not installed for port {}".format(device.dev.port)) from e
RuntimeError: libusb is not installed for port COM9
Drücken Sie eine beliebige Taste . . .
Frettchen-Kalle said:
Thanks but i have a mistake at the end from the bat.
[2021-08-05 06:32:01.748392] Waiting for device
[2021-08-05 06:32:19.245436] Found port = COM9
[2021-08-05 06:32:19.429782] Device hw code: 0x707
[2021-08-05 06:32:19.429782] Device hw sub code: 0x8a00
[2021-08-05 06:32:19.429782] Device hw version: 0xca00
[2021-08-05 06:32:19.429782] Device sw version: 0x0
[2021-08-05 06:32:19.429782] Device secure boot: True
[2021-08-05 06:32:19.438464] Device serial link authorization: True
[2021-08-05 06:32:19.438464] Device download agent authorization: True
[2021-08-05 06:32:19.438464] Disabling watchdog timer
[2021-08-05 06:32:19.438464] Disabling protection
Traceback (most recent call last):
File "C:\Users\COMPAKT17\Downloads\VD171_MTK-bypass-v1.5\VD171_MTK-bypass-v1.5\Bypass\src\exploit.py", line 36, in exploit
udev._ctx.managed_claim_interface = lambda *args, **kwargs: None
AttributeError: 'NoneType' object has no attribute '_ctx'
The above exception was the direct cause of the following exception:
Traceback (most recent call last):
File "C:\Users\COMPAKT17\Downloads\VD171_MTK-bypass-v1.5\VD171_MTK-bypass-v1.5\Bypass\main.py", line 213, in <module>
main()
File "C:\Users\COMPAKT17\Downloads\VD171_MTK-bypass-v1.5\VD171_MTK-bypass-v1.5\Bypass\main.py", line 58, in main
result = exploit(device, config.watchdog_address, config.payload_address, config.var_0, config.var_1, payload)
File "C:\Users\COMPAKT17\Downloads\VD171_MTK-bypass-v1.5\VD171_MTK-bypass-v1.5\Bypass\src\exploit.py", line 38, in exploit
raise RuntimeError("libusb is not installed for port {}".format(device.dev.port)) from e
RuntimeError: libusb is not installed for port COM9
Drücken Sie eine beliebige Taste . . .
Click to expand...
Click to collapse
Did you install the python module pyusb?
Did you try to run as administrator?
thank you VD171
it works perfektly now.
i trie it with 12.04 global, then auto update to 12.08 und at last auto update to 12.01 (android11)
bootloader is 2nd time open now .-)
it try 3.41 recovery with admin fastboot command and all seen fine - but not so is.
Cant boot in twrp - there is no twrp? and now?
//edit
i think this was it (no twrp) that me brick the phone the first time flash custom rom ;-)
Frettchen-Kalle said:
thank you VD171
it works perfektly now.
i trie it with 12.04 global, then auto update to 12.08 und at last auto update to 12.01 (android11)
bootloader is 2nd time open now .-)
it try 3.41 recovery with admin fastboot command and all seen fine - but not so is.
Cant boot in twrp - there is no twrp? and now?
//edit
i think this was it (no twrp) that me brick the phone the first time flash custom rom ;-)
Click to expand...
Click to collapse
Good work, my friend.
I suggest you to try all recovery project you can, and then you can choose one:
[RECOVERY PROJECT] Collection of TWRP & PBRP & SHRP & ORANGEFOX for MERLIN (Redmi Note 9 / Redmi 10X 4G)
Works with: - Xiaomi Redmi Note 9 - Xiaomi Redmi 10X 4G Warnings: - This is not a development thread. This is a help thread. - I didn't build any of them. Use at your own risk. - I don't have the source code for any of them. Use at your own...
forum.xda-developers.com
Traceback (most recent call last):
File "main.py", line 3, in <module>
from src.exploit import exploit
ImportError: No module named src.exploit
Для продолжения нажмите любую клавишу . . .
Read this whole guide before starting.
This is for the 3rd gen Fire TV Stick (sheldonp) and Fire TV Stick Lite (sheldon).
NOTE: FireOS < 7.2.7.3 required
NOTE: This process does not require you to open your device.
What you need:
A Linux installation or live-system
A micro-USB cable
Install python3, PySerial, PyUSB, adb, fastboot. For Debian/Ubuntu something like this should work:
sudo apt update
sudo add-apt-repository universe
sudo apt install python3 python3-serial python3-usb adb fastboot dos2unix
Make sure ModemManager is disabled or uninstalled:
sudo systemctl stop ModemManager
sudo systemctl disable ModemManager
NOTE: If you have issues running the scripts, you might have to run them using sudo.
Also try using different USB-ports (preferably USB-2.0-ports)
1. Extract the attached zip-file "kamakiri-sheldon-1.0.zip" and open a terminal in that directory.
2. Start the script:
sudo ./bootrom-step.sh
It should now say Waiting for device.
3. Plug in the stick (powered off) and wait for the script to finish.
If it fails at some point, stop it and restart the process from step 2.
4. Your device should now reboot into unlocked fastboot state.
5. Run:
./fastboot-step.sh
6. Wait for the device to reboot into TWRP.
7. Use TWRP to flash custom ROMs, Magisk etc.
NOTE: Only ever flash boot/recovery images using TWRP, if you use FlashFire or other methods that are not aware of the exploit, your device will likely not boot anymore (unless you flashed a signed image). TWRP will patch recovery/boot-images on the fly.
NOTE: NEVER erase Preloader, otherwise you’ll hard brick the device and you won’t be able to unbrick it (since bootrom isn’t accessible).
Important information
Don't flash boot/recovery images from FireOS (FlashFire, MagiskManager etc.)
TWRP will prevent updates from overwriting LK/Preloader/TZ, so generally installing an update should work without issues (only full updates, incremental updates won't work).
For ROM developers there is still an option to overwrite these, which should only be done after thorough testing and if needed (LK should never be updated).
It is still advised to disable OTA.
special thanks to @Sus_i for all the testing and support.
Contributors
@xyz`
@k4y0z
@Rortiz2
@t0x1cSH
reserved
reserved
reserved
reserved
Great work guys !
It works, thank you very much for your work, now let's see if I can flash a ROM (tried the Lineage 18.1 but TWRP says it's corrupted )
Edit
Solved, turns out the ubuntu livecd corrupted the zip file when transfering it, tried transfering it again this time via ftp and it works now.
Excellent Work again fellas.. Nice and simple exploit without having to open the device and short. This is top notch development and lets us have a chance to get rid of the amazon junk on these devices .
Thank you for your time devoted on these devices it is really appreciated @k4y0z @Rortiz2 @xyz`
@t0x1cSH
Regards
Thanks for unlocking the firetv stick 3. I was trying to unlock my stick 3 lite however, I'm getting stuck at step 2 .
Now I'm getting the white firetv screen with Hacked Fastboot mode: at the bottom left of the screen. I tried to run bootrom multiple times with the same results. Thanks
[[email protected] ~/Desktop/kamakiri-sheldon-1.0/kamakiri]# ./fastboot-step.sh
fastboot: core/libsparse/sparse.cpp:131: int write_all_blocks(struct sparse_file *, struct output_file *): Assertion `pad >= 0' failed.
./fastboot-step.sh: line 5: 1850 Aborted (core dumped) fastboot flash recovery bin/twrp.img
I tried another linux computer and it works now. I had to install the usb module below too.
All is well now. Thanks again
[email protected]:~/Desktop/stick_3/kamakiri$ sudo ./bootrom-step.sh
Traceback (most recent call last):
File "main.py", line 8, in <module>
from load_payload import load_payload, load_pl_payload
File "/home/dell/Desktop/stick_3/kamakiri/modules/load_payload.py", line 9, in <module>
import usb.core
ModuleNotFoundError: No module named 'usb'
sudo apt-get update
sudo apt-get install python-usb python3-usb
sudo apt-get install python-pip
sudo pip install pyusb
Installed pyusb, still: 'ImportError: no module named core'
On my Raspberry Pi I installed libusb and pyusb via sudo apt-get install libusb-dev python-usb. But running some Python code (pyrow, to read data from a rowing machine) gives me this error at impo...
raspberrypi.stackexchange.com
navin23 said:
Thanks for unlocking the firetv stick 3. I was trying to unlock my stick 3 lite however, I'm getting stuck at step 2 .
Now I'm getting the white firetv screen with Hacked Fastboot mode: at the bottom left of the screen. I tried to run bootrom multiple times with the same results. Thanks
[[email protected] ~/Desktop/kamakiri-sheldon-1.0/kamakiri]# ./fastboot-step.sh
fastboot: core/libsparse/sparse.cpp:131: int write_all_blocks(struct sparse_file *, struct output_file *): Assertion `pad >= 0' failed.
./fastboot-step.sh: line 5: 1850 Aborted (core dumped) fastboot flash recovery bin/twrp.img
Click to expand...
Click to collapse
I know it's too late, since you're already done
but if anyone gets 'Assertion `pad >= 0' failed', the fastboot package needs an update. Connect to the network and run this in a terminal:
Code:
pacman -Sy fastboot
Worked great and a great surprise to see this, thought it's never happen! Had to install pyusb as well and need to get an otg connecter but managed to root my sheldon stick.
Any recommendations, links etc.? I've never had the chance to play with a rooted Fire stick and resources seem quite thin since it's Fire os7. I'm hoping for a magisk module of google apps like the one for FireOS 6 arrives soon and like a guide to install sheldonp onto sheldon vice versa
@k4y0z will a similar unlocking method be used for the Max once we receive the 7.2.7.3 update?
Skel40 said:
@k4y0z will a similar unlocking method be used for the Max once we receive the 7.2.7.3 update?
Click to expand...
Click to collapse
No, the Max isn't vulnerable to the preloader-exploit
Tech0308 said:
Worked great and a great surprise to see this, thought it's never happen! Had to install pyusb as well and need to get an otg connecter but managed to root my sheldon stick.
Any recommendations, links etc.? I've never had the chance to play with a rooted Fire stick and resources seem quite thin since it's Fire os7. I'm hoping for a magisk module of google apps like the one for FireOS 6 arrives soon and like a guide to install sheldonp onto sheldon vice versa
Click to expand...
Click to collapse
You can give a try to LineageOS 18.1. Besides Netflix, everything works perfectly.
Hello i've been trying to follow your steps but i always end up with this error message. Using Fire TV Stick 3 gen (sheldonp) with FireOs 7.2.4.2, do i need version 7.2.7.3 for the root to work?
[2022-03-05 13:40:37.517594] Check boot0
[2022-03-05 13:40:37.996077] Check rpmb
[2022-03-05 13:40:38.026461] Downgrade rpmb
[2022-03-05 13:40:38.026862] Recheck rpmb
Traceback (most recent call last):
File "main.py", line 137, in <module>
main(dev)
File "main.py", line 76, in main
raise RuntimeError("downgrade failure, giving up")
RuntimeError: downgrade failure, giving up
Thank you!
emma80200 said:
Hello i've been trying to follow your steps but i always end up with this error message. Using Fire TV Stick 3 gen (sheldonp) with FireOs 7.2.4.2, do i need version 7.2.7.3 for the root to work?
[email protected]:~/Desktop/kam/kamakiri$ sudo ./bootrom-step.sh
[2022-03-05 13:40:26.865130] Waiting for device
[2022-03-05 13:40:33.943838] Found port = /dev/ttyACM0
[2022-03-05 13:40:33.982781] Handshake
[2022-03-05 13:40:34.004239] Load payload from ../brom-payload/pl/pl.bin = 0x3A04 bytes
[2022-03-05 13:40:36.501491] All good
[2022-03-05 13:40:36.996590] Check device_type_id
[2022-03-05 13:40:36.996836] Detected sheldonp (A265XOI9586NML)
[2022-03-05 13:40:36.996952] Check GPT
[2022-03-05 13:40:37.517453] gpt_parsed = {'lk': (1024, 2048), 'tee1': (3072, 10240), 'tee2': (13312, 10240), 'boot': (23552, 32768), 'recovery': (56320, 32768), 'logo': (89088, 7168), 'kb': (96256, 2048), 'dkb': (98304, 2048), 'MISC': (100352, 2048), 'vendor': (102400, 307200), 'system': (409600, 3072000), 'cache': (3481600, 1048576), 'userdata': (4530176, 10743391), '': (0, 1)}
[2022-03-05 13:40:37.517594] Check boot0
[2022-03-05 13:40:37.996077] Check rpmb
[2022-03-05 13:40:38.026461] Downgrade rpmb
[2022-03-05 13:40:38.026862] Recheck rpmb
Traceback (most recent call last):
File "main.py", line 137, in <module>
main(dev)
File "main.py", line 76, in main
raise RuntimeError("downgrade failure, giving up")
RuntimeError: downgrade failure, giving up
Thank you!
Click to expand...
Click to collapse
Are you using a Virtual Machine?
Rortiz2 said:
Are you using a Virtual Machine?
Click to expand...
Click to collapse
I tried using a PC with linux mint installed, a ubuntu live-system and lastly a ubuntu virtual machine. All returning exact same error
emma80200 said:
I tried using a PC with linux mint installed, a ubuntu live-system and lastly a ubuntu virtual machine. All returning exact same error
Click to expand...
Click to collapse
I just use his fireISO on a USB, it is already setup and worked perfect. I was on 7.2.4.2.
GitHub - amonet-kamakiri/fireiso: ISO with patched kernel for kamakiri and amonet
ISO with patched kernel for kamakiri and amonet. Contribute to amonet-kamakiri/fireiso development by creating an account on GitHub.
github.com
Michajin said:
I just use his fireISO on a USB, it is already setup and worked perfect. I was on 7.2.4.2.
GitHub - amonet-kamakiri/fireiso: ISO with patched kernel for kamakiri and amonet
ISO with patched kernel for kamakiri and amonet. Contribute to amonet-kamakiri/fireiso development by creating an account on GitHub.
github.com
Click to expand...
Click to collapse
I did not know of this ISO. gave it a try, burned it to a USB, but ended with same results.
[2022-03-06 15:14:45.452690] Waiting for device
[2022-03-06 15:14:52.837378] Found port = /dev/ttyACM0
[2022-03-06 15:14:52.892900] Handshake
[2022-03-06 15:14:52.913387] Load payload from ../brom-payload/pl/pl.bin = 0x3A04 bytes
[2022-03-06 15:14:55.409614] All good
[2022-03-06 15:14:55.904632] Check device_type_id
[2022-03-06 15:14:55.904812] Detected sheldonp (A265XOI9586NML)
[2022-03-06 15:14:55.904884] Check GPT
[2022-03-06 15:14:56.433151] gpt_parsed = {'lk': (1024, 2048), 'tee1': (3072, 10240), 'tee2': (13312, 10240), 'boot': (23552, 32768), 'recovery': (56320, 32768), 'logo': (89088, 7168), 'kb': (96256, 2048), 'dkb': (98304, 2048), 'MISC': (100352, 2048), 'vendor': (102400, 307200), 'system': (409600, 3072000), 'cache': (3481600, 1048576), 'userdata': (4530176, 10743391), '': (0, 1)}
[2022-03-06 15:14:56.433294] Check boot0
[2022-03-06 15:14:56.913393] Check rpmb
[2022-03-06 15:14:56.944796] Downgrade rpmb
[2022-03-06 15:14:56.945073] Recheck rpmb
Traceback (most recent call last):
File "/root/Desktop/kamakiri/modules/main.py", line 137, in <module>
main(dev)
File "/root/Desktop/kamakiri/modules/main.py", line 76, in main
raise RuntimeError("downgrade failure, giving up")
RuntimeError: downgrade failure, giving up