Here's a fastboot boot image that loads openrecovery without touching /system. Using this you can get into OpenRecovery and poke around without modifying the phone's software at all.
So for example you can get into OpenRecovery after flashing a stock ROM without rooting and without installing the openrecovery bootstrap. (You still need to put the relevant parts of OpenRecovery on the sdcard). Basically after flashing a stock ROM you can:
1) Enable USB Debugging
2) adb reboot bootloader
3) fastboot boot openrecovery-fastboot.img
and boom, you're in OpenRecovery. Unfortunately, I don't think there is a way to get to fastboot without a fully working system.
Anyway, this allows you to get into OpenRecovery without rooting and without installing the OpenRecovery bootstrap. adb is active so you can go in and yank a pristine /system partition image using for example dump_image system /sdcard/system.img that could then be put into an sbf.
Also, there is a replacement for /sdcard/OpenRecovery/lib/modules/2.6.29/part-STR.ko that adds read-only mtd entries for the missing partitions. The source for the kernel module is on github https://github.com/CyanogenModXT720/xt720_modules_eclair/tree/master/mtdhack
After you update part-STR.ko and reboot into openrecovery you will have these mtd devices:
Code:
# cat /proc/mtd
dev: size erasesize name
mtd0: 00180000 00020000 "pds"
mtd1: 00060000 00020000 "cid"
mtd2: 000a0000 00020000 "logo"
mtd3: 00060000 00020000 "misc"
mtd4: 00380000 00020000 "boot"
mtd5: 00480000 00020000 "recovery"
mtd6: 008c0000 00020000 "cdrom"
mtd7: 0c7a0000 00020000 "system"
mtd8: 06a00000 00020000 "cache"
mtd9: 0ad20000 00020000 "userdata"
mtd10: 00180000 00020000 "cust"
mtd11: 00200000 00020000 "kpanic"
[B]mtd12: 00020000 00020000 "mbmloader"
mtd13: 000a0000 00020000 "mbm"
mtd14: 000a0000 00020000 "mbmbackup"
mtd15: 00060000 00020000 "bploader"
mtd16: 00060000 00020000 "cdt"
mtd17: 00060000 00020000 "lbl"
mtd18: 00060000 00020000 "lbl_backup"
mtd19: 00180000 00020000 "sp"
mtd20: 00060000 00020000 "devtree"
mtd21: 003c0000 00020000 "bpsw"
mtd24: 00080000 00020000 "rsv"[/B]
Often nandroid dumps are not sufficient for rebuilding sbf's (esp of /system, /cache, /data). For the most part, you need to use the dump_image command to get an exact binary dump to preserve motorola's signatures. You can use this to yank other partitions that are needed to create an sbf. For example to dump the bpsw, you would boot into OpenRecovery and then access the phone via adb:
Code:
cd /sdcard
dump_image bpsw bpsw.img
This would create /sdcard/bpsw.img that could then be used to reassemble an sbf. The /system partition is difficult because rooting and installing the openrecovery bootstrap modifies its content. You must use the fastboot openrecovery on a not-rooted phone to get a copy of system.img that is suitable for creating a sbf. /data and /cache aren't really needed to reconstruct an sbf.
Happy hacking!
This is good news! Now the devs can create SBFs instead of people loading a stock sbf and then doing updates/nandroids. Awesome stuff.
xtwister6 said:
This is good news! Now the devs can create SBFs instead of people loading a stock sbf and then doing updates/nandroids. Awesome stuff.
Click to expand...
Click to collapse
Unfortunately, not. You'd still use nandroid or update once inside OpenRecovery. Things flashed via sbf must be signed by Motorola. Some parts of sbfs are checked each and every reboot (boot.img, bpsw.img, devtree.img, cdt.img, bootloaders etc) and some are only checked during the very first reboot after flashing (system.img, cdrom.img, cust.img -- these ones are processed by the bootloaders and information about them is stored in the sp partition).
What this does allow us to do is possibly build missing sbfs if we have access to a phone running it's stock software. It also makes the process of rooting from stock possibly a smidgen easier (depending on how difficult adb/fastboot is compared to UniversalAndroot for 2.1 or whatever is used on 2.2).
Nice work MZ. You have been putting in the hours here lately clearing up a lot of questions. Keep it up and let me know if you need me to test anything. I am in the process of getting another XT so when I do, I'll let you know.
You guide me (in a Mike Meyers voice).
it my recovery flasher
Caution : it is only for DEV
you must install 2nd-init type recovery and backup PDS partition and reflash SBF or your original recovery partition after using you want (sometime it broken PDS partion at nandroid recovery!)
Code:
mkdir /pds
mount -t yaffs2 /dev/block/mtdblock0 /pds
cd /pds
tar cvzf /sdcard/pds.tar.gz *
cd /
fuser -k /dev/block/mtdblock0
umount /pds
rm -R /pds
it include recovery partition from korean 39R
it will allow OTA(from update.zip) type recovery and backup almost partition and something
Related
Hi everyone
I recently bought a ZTE blade variant which turns out to completely different blade.
It has a Marvell CPU @ 806 Mhz and 512 MB ram.
I managed to root it and found a working version (2.5.0.9) of clockwork recovery on some chinese site. This particular version fails to do "nandroid" backup. So, i'm in need of a fully functional clockwork recovery for the device.
Any help regarding it will be warmly welcome.
Here is the partition structure of the new blade.
dev: size erasesize name
mtd0: 00100000 00020000 "bootloader"
mtd1: 00040000 00020000 "ramdisk"
mtd2: 00040000 00020000 "nvm"
mtd3: 00800000 00020000 "cpbinary"
mtd4: 00300000 00020000 "kernel"
mtd5: 00300000 00020000 "maintenance"
mtd6: 00500000 00020000 "recovery"
mtd7: 00040000 00020000 "misc"
mtd8: 02700000 00020000 "cache"
mtd9: 0c800000 00020000 "system"
mtd10: 0d800000 00020000 "userdata"
mtd11: 00a00000 00020000 "NVM"
mtd12: 00f40000 00020000 "telephony"
mtd13: 00100000 00020000 "reserved"
mtd14: 00a00000 00020000 "MRVL_BBM"
I tried to backup the bootloader and recovery using the following commands
# cat /dev/mtd/mtd0 >sdcard/Boot_mtd0.img
# cat /dev/mtd/mtd6 >sdcard/Recovery_mtd6.img
I'm attaching both these file.
Thanks in advance.
i m looking for it too.
Ok guys im after ripping the official rom from my zoostorm sl8 mini. i then want to cook the rom to my standard rom, as there are many problems with the standard rom like youtube wont run at all sound is so quite i can hardly hear it etc i have plenty of info i just need a little guidance ok so i have rooted the sl8 mini with the tut provided via xda. I have installed CWM but it says it is not compatible with my version of android its displays 3310-9506 as an unknown device. When i boot into CMW recovery it displays in the bottom of the recovery screen invalid bootloader argument and also unable to mount any of the partitions. okay so i have got ADB and pushed rkdump over to the sl8 mini it took a while as i had to download root explorer to change the file permissions of the data folder. Rkdump pushed over to data now and when i connect to the device and type cat /proc/mtd it gives me the following list
dev: size erasesize name
mtd0: 00800000 00200000 "bootloader"
mtd1: 00800000 00400000 "logo"
mtd2: 00800000 00400000 "aml_logo"
mtd3: 00800000 00400000 "recovery"
mtd4: 00800000 00400000 "boot"
mtd5: 20000000 00400000 "system"
mtd6: 08000000 00400000 "cache"
mtd7: 20000000 00400000 "userdata"
mtd8: 1b5000000 00400000 "NFTL_Part"
okay so where do i go from here guys just so i can rip the rom cheers wattsy
Use this to to root the Zoostorm sl8 mini, I didnt know this at the time but is also installed CWM, use rom manager to boot into CWM, everything else works with no errors, however what you are trying to do is well past my expertise.
http://forum.xda-developers.com/showthread.php?t=1989174
they have released an update now so you should be able to rip it
h ttp:// zoostormsl8.blogspot.co.uk
or
ht tp:// downloads.zoostorm.com/drivers/android/sl8mini/
Hi all,
i'm using HTC One dual sim 802d Indian version.
Today only i have got an update to 4.2.2..... so Indian user cheers for this update
something is better than nothing ...
So the latest version now is 2.37.720.1 (316.38 MB)
even i got the same update
why are the playing with us , the world has got 4.3 and we are still getting 4.2.2 bug fixes
nitin_ko said:
even i got the same update
why are the playing with us , the world has got 4.3 and we are still getting 4.2.2 bug fixes
Click to expand...
Click to collapse
Yap bro just hopping to get 4.3 asap ...
At least htc is still working on something or other
ravinder0003 said:
Yap bro just hopping to get 4.3 asap ...
At least htc is still working on something or other
Click to expand...
Click to collapse
we are way down their list. Hope we get it this year only and with sense 5.5
ravinder0003 said:
Hi all,
i'm using HTC One dual sim 802d Indian version.
Today only i have got an update to 4.2.2..... so Indian user cheers for this update
something is better than nothing ...
So the latest version now is 2.37.720.1 (316.38 MB)
Click to expand...
Click to collapse
hello ,
could you please provide a htc one dual sim 802d stock nandroid backup CWM.
My HTC run soul 20 v2 and i want to use the official one and cannot find one compatible with my phone could you please provide it to me
the thing that i didnt do a backup before installing soul ROM
HTC one dual sim was runing arabic version rom using "more local "
pn07510
hboot 2.27
s-off
CWM recovery
Please
fadihawari said:
hello ,
could you please provide a htc one dual sim 802d stock nandroid backup CWM.
My HTC run soul 20 v2 and i want to use the official one and cannot find one compatible with my phone could you please provide it to me
the thing that i didnt do a backup before installing soul ROM
HTC one dual sim was runing arabic version rom using "more local "
pn07510
hboot 2.27
s-off
CWM recovery
Please
Click to expand...
Click to collapse
thake a look at this thread
superpfpf said:
thake a look at this thread
Click to expand...
Click to collapse
Could not flash anything from this too :crying:
fadihawari said:
Could not flash anything from this too :crying:
Click to expand...
Click to collapse
connect yout phone with your computer and enter in your console on your computer:
1. adb shell
2. su -
3. cat /proc/emmc
now you see a list of your partitions, it looks similar to this
Code:
dev: size erasesize name
mmcblk0p20: 000ffa00 00000200 "misc"
mmcblk0p37: 00fffe00 00000200 "recovery"
mmcblk0p36: 01000000 00000200 "boot"
mmcblk0p38: 93fffc00 00000200 "system"
mmcblk0p27: 00140200 00000200 "local"
mmcblk0p39: 17fffe00 00000200 "cache"
mmcblk0p40: 670000000 00000200 "userdata"
mmcblk0p23: 01400000 00000200 "devlog"
mmcblk0p25: 00040000 00000200 "pdata"
mmcblk0p28: 00010000 00000200 "extra"
mmcblk0p34: 04b00200 00000200 "radio"
mmcblk0p16: 03c00400 00000200 "adsp"
mmcblk0p15: 00100000 00000200 "dsps"
mmcblk0p18: 00500000 00000200 "wcnss"
mmcblk0p17: 007ffa00 00000200 "radio_config"
mmcblk0p21: 00400000 00000200 "modem_st1"
mmcblk0p22: 00400000 00000200 "modem_st2"
mmcblk0p30: 00040000 00000200 "skylink"
mmcblk0p31: 01900000 00000200 "carrier"
mmcblk0p29: 00100000 00000200 "cdma_record"
mmcblk0p19: 01affe00 00000200 "reserve_1"
mmcblk0p33: 034ffa00 00000200 "reserve_2"
mmcblk0p35: 05fffc00 00000200 "reserve_3"
mmcblk0p32: 04729a00 00000200 "reserve"
search for "recovery"
4. then use the partition listed for your device and flash the stock recovery, where it must be on your external sdcard
Code:
dd if=/sdcard2/recovery.img of=/dev/block/mmcblk0p37
5. lock the bootloader
Code:
echo -ne '\x00\x00\x00\x00' | dd of=/dev/block/mmcblk0p3 bs=1 seek=33796
6. reboot into fastboot mode, in soul rom, hold power and choose restart, then choose bootloader
7. in fastboot mode enter on your console on you computer:
Code:
fastboot oem rebootRUU
8. when your phone is ready, you will see it on the display of the phone, enter
Code:
fastboot flash zip ruu.zip
where ruu.zip is the name of the file you downloaded from this thread for example, if you downloaded
Code:
PN07IMG_M7C_DWG_JB_50_S1_HTCCN_CHS_CT_2.43.1401.1_Radio_1237.25.32.0717__NV_NVMFG_CT_4.22_001_release_344194_signed_2_4.zip
then put it in your adb folder rename it to ruu.zip or use the original name to flash the file
9. if the flash procedure stops after a few seconds, reenter the command
Code:
fastboot flash zip ruu.zip
now wait, when its finished
10. restart the phone
Code:
fastboot reboot
i hope it helps
p.s. if you need a stock recovery, you can use one in the zip file you downloaded, or in one of the ota zip files, there is another zipfile inside the ota file called firmware.zip
superpfpf said:
connect yout phone with your computer and enter in your console on your computer:
1. adb shell
2. su -
3. cat /proc/emmc
now you see a list of your partitions, it looks similar to this
Code:
dev: size erasesize name
mmcblk0p20: 000ffa00 00000200 "misc"
mmcblk0p37: 00fffe00 00000200 "recovery"
mmcblk0p36: 01000000 00000200 "boot"
mmcblk0p38: 93fffc00 00000200 "system"
mmcblk0p27: 00140200 00000200 "local"
mmcblk0p39: 17fffe00 00000200 "cache"
mmcblk0p40: 670000000 00000200 "userdata"
mmcblk0p23: 01400000 00000200 "devlog"
mmcblk0p25: 00040000 00000200 "pdata"
mmcblk0p28: 00010000 00000200 "extra"
mmcblk0p34: 04b00200 00000200 "radio"
mmcblk0p16: 03c00400 00000200 "adsp"
mmcblk0p15: 00100000 00000200 "dsps"
mmcblk0p18: 00500000 00000200 "wcnss"
mmcblk0p17: 007ffa00 00000200 "radio_config"
mmcblk0p21: 00400000 00000200 "modem_st1"
mmcblk0p22: 00400000 00000200 "modem_st2"
mmcblk0p30: 00040000 00000200 "skylink"
mmcblk0p31: 01900000 00000200 "carrier"
mmcblk0p29: 00100000 00000200 "cdma_record"
mmcblk0p19: 01affe00 00000200 "reserve_1"
mmcblk0p33: 034ffa00 00000200 "reserve_2"
mmcblk0p35: 05fffc00 00000200 "reserve_3"
mmcblk0p32: 04729a00 00000200 "reserve"
search for "recovery"
4. then use the partition listed for your device and flash the stock recovery, where it must be on your external sdcard
Code:
dd if=/sdcard2/recovery.img of=/dev/block/mmcblk0p37
5. lock the bootloader
Code:
echo -ne '\x00\x00\x00\x00' | dd of=/dev/block/mmcblk0p3 bs=1 seek=33796
6. reboot into fastboot mode, in soul rom, hold power and choose restart, then choose bootloader
7. in fastboot mode enter on your console on you computer:
Code:
fastboot oem rebootRUU
8. when your phone is ready, you will see it on the display of the phone, enter
Code:
fastboot flash zip ruu.zip
where ruu.zip is the name of the file you downloaded from this thread for example, if you downloaded
Code:
PN07IMG_M7C_DWG_JB_50_S1_HTCCN_CHS_CT_2.43.1401.1_Radio_1237.25.32.0717__NV_NVMFG_CT_4.22_001_release_344194_signed_2_4.zip
then put it in your adb folder rename it to ruu.zip or use the original name to flash the file
9. if the flash procedure stops after a few seconds, reenter the command
Code:
fastboot flash zip ruu.zip
now wait, when its finished
10. restart the phone
Code:
fastboot reboot
i hope it helps
p.s. if you need a stock recovery, you can use one in the zip file you downloaded, or in one of the ota zip files, there is another zipfile inside the ota file called firmware.zip
Click to expand...
Click to collapse
this what i got
sending 'zip' (1171494 KB)...
OKAY [ 47.666s]
writing 'zip'...
(bootloader) rom parsing start ...
(bootloader) rom parsing finish ...
(bootloader) zip header checking...
(bootloader) zip info parsing...
(bootloader) checking model ID...
(bootloader) checking custom ID...
FAILED (remote: 42 custom id check fail)
finished. total time: 55.274s
fadihawari said:
this what i got
sending 'zip' (1171494 KB)...
OKAY [ 47.666s]
writing 'zip'...
(bootloader) rom parsing start ...
(bootloader) rom parsing finish ...
(bootloader) zip header checking...
(bootloader) zip info parsing...
(bootloader) checking model ID...
(bootloader) checking custom ID...
FAILED (remote: 42 custom id check fail)
finished. total time: 55.274s
Click to expand...
Click to collapse
That means you are flashing a zip which is not meant for your CID. what is your CID and which file are you flashing?
rockyseenu said:
That means you are flashing a zip which is not meant for your CID. what is your CID and which file are you flashing?
Click to expand...
Click to collapse
CID now on HC__a07
tried to flash this
PN07IMG_M7C_DWG_JB_50_S1_HTCCN_CHS_CT_2.17.1401.2_Radio_1237.20.28.0614_NV_CT_3.23_001___release_324898_signed_2_2.zip
this
PN07IMG_M7C_DWG_JB_50_S1_HTCCN_CHS_CT_2.43.1401.1_ Radio_1237.25.32.0717__NV_NVMFG_CT_4.22_001_releas e_344194_signed_2_4.zip
and even tried this
RUU_M7C_DWG_JB_50_HTCCN_CHS_CT_1.12.1401.1_Radio_1237.17.18.0423release_signed.exe
S-OFF and Can change CID
fadihawari said:
CID now on HC__a07
tried to flash this
PN07IMG_M7C_DWG_JB_50_S1_HTCCN_CHS_CT_2.17.1401.2_Radio_1237.20.28.0614_NV_CT_3.23_001___release_324898_signed_2_2.zip
this
PN07IMG_M7C_DWG_JB_50_S1_HTCCN_CHS_CT_2.43.1401.1_ Radio_1237.25.32.0717__NV_NVMFG_CT_4.22_001_releas e_344194_signed_2_4.zip
and even tried this
RUU_M7C_DWG_JB_50_HTCCN_CHS_CT_1.12.1401.1_Radio_1237.17.18.0423release_signed.exe
S-OFF and Can change CID
Click to expand...
Click to collapse
the last one is an exe file. dont flash that. you can try any of the first two. Change your CID to HTCCN702 and then flash either of the zips.
or supercid 11111111
rockyseenu said:
the last one is an exe file. dont flash that. you can try any of the first two. Change your CID to HTCCN702 and then flash either of the zips.
Click to expand...
Click to collapse
Flashed successfully but when start to load icons a system it roboot
; is there a rom for Asia not the china telecom i thing=k it is radio and compatibility issue
rockyseenu said:
the last one is an exe file. dont flash that. you can try any of the first two. Change your CID to HTCCN702 and then flash either of the zips.
Click to expand...
Click to collapse
I bricked my device ihave 720 based DWG software and when i flashed 1401 keep restarting please i need a software for 720 based DWG software
radio.img
Does anyone know if Android Kitchen works with 4.4.2 stock ROM for SPH-L720?
I am trying to generate a custom ROM for SPH-L720 from the NAE stock ROM (Kitkat) using Android Kitchen.
Everything goes without error during the creation of the ROM.
I selected to install SuperSU
did not install busybox
deodexed both framework and apps
optimized apks for memory
everything else was default settings
However, when I flash the rom (using Philz Touch Wiz 6.25.0)
It gets to this point and quits:
Using legacy property environment for update-binary....
Please upgrade to latest binary.....
I then have to restore the backup.
Any ideas?
Did you ever figure this out?
Yes.
Sent from my SPH-L720 using XDA Premium 4 mobile app
jtash01 said:
Yes.
Sent from my SPH-L720 using XDA Premium 4 mobile app
Click to expand...
Click to collapse
care to tell how you fixed this?
jtash01 said:
Yes.
Sent from my SPH-L720 using XDA Premium 4 mobile app
Click to expand...
Click to collapse
Elaborate please.
Sent from my SPH-L720 using Tapatalk
BUMP! anybody figure this out?? ive tried everything i can think of to make a 4.4.2 rom for sm-t330nu galaxy tab 4 and i cant get passed either error 0 or 6.
what ive tried:
-Modify updater-script from MTD to EMMC
-Modify updater-script to "ext4", "MTD" (or EMMC, ive tried both)
-Modify updater-script to "yaffs2", "MTD" (or EMMC)
-finding multiple "updated" updater-binary files and swapping them (because of error stating binary is using legacy environment. error 6)
-Signed update, unsigned update
-simply loading rom into kitchen, building working folder, and then zipping "vanilla" rom. Still error 0
ANY HELP WOULD BE APPRECIATED.
p.s. My overall goal after having a custom rom, is to add my own custom kernel (already built) and add the kali nethunter packages. But this rom first lol
<edit>
OK, so i think ive found the answer to this issue. It is a combination issue of an improperly formed updater-script (either unfinished or simply bad data), and the update-binary that is included with Android-Kitchen.
What ive found so far about this issue:
apparently to install 4 args are required at the format/mount section of the updater-script. At this point,
format("ext4", "EMMC", "/system");
mount("ext4", "EMMC", "/system");
We need 4 arguments and obviously there are only 3, so we...
format("ext4", "EMMC", "/dev/block/platform/msm_sdcc.1/by-name/system", "/system");
mount("ext4", "EMMC", "/dev/block/platform/msm_sdcc.1/by-name/system", "/system");
This is for the samsung galaxy tab 4 8" sm-t330nu, your exact path may be different, you can find this by locating and viewing your fstab or in my case fstab.qcomm file.
However..... I am still unable to properly flash my rom... I believe this is because of an incompatible update-binary, so im currently trying multiple binaries from similar devices (as i cant find any custom roms for this device to pull one from.)
</edit>
<edit #2>
I GOT IT TOO FLASH! since my device is a smt330nu, i grabbed a 4.4.2 SLIMKAT smt230nu rom (RESPECT AND CREDIT TO THE SLIMKAT TEAM). I opened the zip, and compared my updater-script with theirs and came up with this:
format("ext4", "EMMC", "/dev/block/platform/msm_sdcc.1/by-name/system", "/system");
mount("ext4", "EMMC", "/dev/block/platform/msm_sdcc.1/by-name/system", "/system");
needs to be
mount("ext4", "EMMC", "/dev/block/mmcblk0p23", "/system");
delete_recursive("/system");
and later on in the code:
package_extract_file("boot.img", "/boot");
needs to be
package_extract_file("boot.img", "/dev/block/mmcblk0p14");
I also copied over their update-binary, and even though i still get the "legacy" error it runs through the entire install!!!
</edit #2>
Try archikitchen!
Sent from my SPH-L720 using XDA Free mobile app
koivth said:
Try archikitchen!
Sent from my SPH-L720 using XDA Free mobile app
Click to expand...
Click to collapse
+1
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Hello, guys!
I have the same issue:
"Using legacy property environment for update-binary....
Please upgrade to latest binary....."
When I try to flash my firmware, which has been made from syste.img and boot.img by using Android-Kitchen.
I found out in this thread, that there is alternative of Android Kutchen
Try archikitchen!
Click to expand...
Click to collapse
I tried archikitchen, but when I chose: "i - Create a ZIP-flashable ROM from stock partition image(s)" options, and choose system.img and boot.img I got an error:
Trying to mount system.img
Root access is required! modprobe loop
[sudo] password for vadimstupakov:
Stage 1: Mounting with automatic filesystem...
Root access is required! mount -t auto -o loop PROJECT_082415_180214/system.img /tmp/ArchiKitchenLOOP
mount: wrong fs type, bad option, bad superblock on /dev/loop0,
missing codepage or helper program, or other error
In some cases useful info is found in syslog - try
dmesg | tail or so.
Failed!
Root access is required! umount /tmp/ArchiKitchenLOOP
umount: /tmp/ArchiKitchenLOOP: not mounted
Stage 2: Checking if image is in special sparse ext4 format available for conversion...
It doesn't look like sparse ext4 file
Sorry, all stages failed, we're not able to extract files from this image in any implemented way
Either it's not a valid partition image, or we don't know how to mount it
Press [Enter] key to continue...
system.img I get from build of Android 4.xx. boot.img I get from partition of my device "HTC Desire 601":
# cat /proc/emmc
dev: size erasesize name
mmcblk0p22: 000ffa00 00000200 "misc"
mmcblk0p34: 00fffe00 00000200 "recovery"
mmcblk0p33: 01000000 00000200 "boot"
mmcblk0p35: 71fffc00 00000200 "system"
mmcblk0p29: 00140200 00000200 "local"
mmcblk0p36: 0efffe00 00000200 "cache"
mmcblk0p37: 130000000 00000200 "userdata"
mmcblk0p25: 01400000 00000200 "devlog"
mmcblk0p27: 00040000 00000200 "pdata"
mmcblk0p30: 00010000 00000200 "extra"
mmcblk0p16: 02d00000 00000200 "radio"
mmcblk0p17: 00a00000 00000200 "adsp"
mmcblk0p15: 00100000 00000200 "dsps"
mmcblk0p18: 00500000 00000200 "wcnss"
mmcblk0p19: 007ffa00 00000200 "radio_config"
mmcblk0p23: 00400000 00000200 "modem_st1"
mmcblk0p24: 00400000 00000200 "modem_st2"
mmcblk0p32: 01fffc00 00000200 "reserve"
mmcblk0p28: 00004000 00000200 "control
~ # dd if=/dev/block/mmcblk0p33 of=/sdcard/boot.img
Android kitchen (not archikitchen) made correct decompressing of system.img.
What I make incorrect?
My goal:
I have system.img and boot.img. I want to make zip firmware from this images and install it from sdcard by using recovery mode.
PS: Device has already rooted and unblocked.
Thanks!
RedEyer said:
Hello, guys!
I have the same issue:
"Using legacy property environment for update-binary....
Please upgrade to latest binary....."
When I try to flash my firmware, which has been made from syste.img and boot.img by using Android-Kitchen.
I found out in this thread, that there is alternative of Android Kutchen
I tried archikitchen, but when I chose: "i - Create a ZIP-flashable ROM from stock partition image(s)" options, and choose system.img and boot.img I got an error:
Trying to mount system.img
Root access is required! modprobe loop
[sudo] password for vadimstupakov:
Stage 1: Mounting with automatic filesystem...
Root access is required! mount -t auto -o loop PROJECT_082415_180214/system.img /tmp/ArchiKitchenLOOP
mount: wrong fs type, bad option, bad superblock on /dev/loop0,
missing codepage or helper program, or other error
In some cases useful info is found in syslog - try
dmesg | tail or so.
Failed!
Root access is required! umount /tmp/ArchiKitchenLOOP
umount: /tmp/ArchiKitchenLOOP: not mounted
Stage 2: Checking if image is in special sparse ext4 format available for conversion...
It doesn't look like sparse ext4 file
Sorry, all stages failed, we're not able to extract files from this image in any implemented way
Either it's not a valid partition image, or we don't know how to mount it
Press [Enter] key to continue...
system.img I get from build of Android 4.xx. boot.img I get from partition of my device "HTC Desire 601":
# cat /proc/emmc
dev: size erasesize name
mmcblk0p22: 000ffa00 00000200 "misc"
mmcblk0p34: 00fffe00 00000200 "recovery"
mmcblk0p33: 01000000 00000200 "boot"
mmcblk0p35: 71fffc00 00000200 "system"
mmcblk0p29: 00140200 00000200 "local"
mmcblk0p36: 0efffe00 00000200 "cache"
mmcblk0p37: 130000000 00000200 "userdata"
mmcblk0p25: 01400000 00000200 "devlog"
mmcblk0p27: 00040000 00000200 "pdata"
mmcblk0p30: 00010000 00000200 "extra"
mmcblk0p16: 02d00000 00000200 "radio"
mmcblk0p17: 00a00000 00000200 "adsp"
mmcblk0p15: 00100000 00000200 "dsps"
mmcblk0p18: 00500000 00000200 "wcnss"
mmcblk0p19: 007ffa00 00000200 "radio_config"
mmcblk0p23: 00400000 00000200 "modem_st1"
mmcblk0p24: 00400000 00000200 "modem_st2"
mmcblk0p32: 01fffc00 00000200 "reserve"
mmcblk0p28: 00004000 00000200 "control
~ # dd if=/dev/block/mmcblk0p33 of=/sdcard/boot.img
Android kitchen (not archikitchen) made correct decompressing of system.img.
What I make incorrect?
My goal:
I have system.img and boot.img. I want to make zip firmware from this images and install it from sdcard by using recovery mode.
PS: Device has already rooted and unblocked.
Thanks!
Click to expand...
Click to collapse
use ImgExtractor_1_3_6 to unpack your system.img (copy system.img to the ImgExtractor_1_3_6 folder and double click the system.img bat)
then find a meta-inf for your phone to mak a zip installer
CONFIRMED WORKING
No CDMA like Sprint or Verizon. Feel free to test though
EDIT: Sprint See http://forum.xda-developers.com/sprint-one-m9/general/nv-unlocksim-t3314755
Hey guys.
I recently purchased a HTC M9 Sprint with the hopes that I could unlock it. Unfortunately I was not able to
Anyway brought a AT&T version (that arrived yesterday) and started to have a play with it.
First things first:
HTC DEV bootloader unlock
TWRP install
SU
S-Off via Sunshine (optional)
Now for the fun
I dumped all the partitions (except userdata as it was 28GB lol). Then started to work on the Sim Unlock. My attempt via the method that i posted here did not work for me. I then decided to try my luck with a code from Ebay. I got one for US $4 which was pretty good. Took a few hours, but sure enough I received an email with a code. I started a logcat and then entered the SIM Unlock code and to my surprise it WORKED . Nothing interesting in the logcat though
I then dumped all the partitions again (except userdata)
Here is the list BTW:
Code:
dev: size erasesize name
mmcblk0p1: 00004000 00000200 "board_info"
mmcblk0p2: 00400000 00000200 "pg1fs"
mmcblk0p3: 00100000 00000200 "sbl1"
mmcblk0p4: 00100000 00000200 "pmic"
mmcblk0p5: 02800000 00000200 "dummy"
mmcblk0p6: 001f7c00 00000200 "reserve_1"
mmcblk0p7: 00040000 00000200 "mfg"
mmcblk0p8: 017afc00 00000200 "pg2fs"
mmcblk0p9: 00080000 00000200 "rpm"
mmcblk0p10: 00200000 00000200 "tz"
mmcblk0p11: 00018000 00000200 "sdi"
mmcblk0p12: 00200000 00000200 "hyp"
mmcblk0p13: 00100000 00000200 "aboot"
mmcblk0p14: 00a00000 00000200 "tool_diag"
mmcblk0p15: 00a00000 00000200 "sp1"
mmcblk0p16: 00100000 00000200 "ddr"
mmcblk0p17: 00100000 00000200 "rfg_0"
mmcblk0p18: 00100000 00000200 "rfg_1"
mmcblk0p19: 00100000 00000200 "rfg_2"
mmcblk0p20: 00100000 00000200 "rfg_3"
mmcblk0p21: 00100000 00000200 "rfg_4"
mmcblk0p22: 00100000 00000200 "rfg_5"
mmcblk0p23: 00100000 00000200 "rfg_6"
mmcblk0p24: 00100000 00000200 "rfg_7"
mmcblk0p25: 00180000 00000200 "fsg"
mmcblk0p26: 03b00400 00000200 "radio"
mmcblk0p27: 01400000 00000200 "adsp"
mmcblk0p28: 00000400 00000200 "limits"
mmcblk0p29: 004f7c00 00000200 "reserve_2"
mmcblk0p30: 01600000 00000200 "persist"
mmcblk0p31: 00a00000 00000200 "ramdump"
mmcblk0p32: 00100000 00000200 "misc"
mmcblk0p33: 00180000 00000200 "modem_st1"
mmcblk0p34: 00180000 00000200 "modem_st2"
mmcblk0p35: 01400000 00000200 "fataldevlog"
mmcblk0p36: 01e00000 00000200 "devlog"
mmcblk0p37: 00040000 00000200 "pdata"
mmcblk0p38: 00004000 00000200 "control"
mmcblk0p39: 00010000 00000200 "extra"
mmcblk0p40: 00100000 00000200 "cdma_record"
mmcblk0p41: 00000400 00000200 "fsc"
mmcblk0p42: 00002000 00000200 "ssd"
mmcblk0p43: 00080000 00000200 "sensor_hub"
mmcblk0p44: 00020000 00000200 "sec"
mmcblk0p45: 00100000 00000200 "abootbak"
mmcblk0p46: 00002800 00000200 "cir_img"
mmcblk0p47: 00140400 00000200 "local"
mmcblk0p48: 00080000 00000200 "frp"
mmcblk0p49: 00200000 00000200 "cpe"
mmcblk0p50: 01400000 00000200 "carrier"
mmcblk0p51: 00040000 00000200 "skylink"
mmcblk0p52: 00020000 00000200 "rfg_8"
mmcblk0p53: 00020000 00000200 "rfg_9"
mmcblk0p54: 00020000 00000200 "rfg_10"
mmcblk0p55: 00020000 00000200 "rfg_11"
mmcblk0p56: 00020000 00000200 "rfg_12"
mmcblk0p57: 00020000 00000200 "rfg_13"
mmcblk0p58: 00020000 00000200 "rfg_14"
mmcblk0p59: 00020000 00000200 "rfg_15"
mmcblk0p60: 01000000 00000200 "absolute"
mmcblk0p61: 00e07000 00000200 "reserve"
mmcblk0p62: 04000000 00000200 "hosd"
mmcblk0p63: 04000000 00000200 "boot"
mmcblk0p64: 04000000 00000200 "recovery"
mmcblk0p65: 14000000 00000200 "cache"
mmcblk0p66: 18000000 00000200 "system"
mmcblk0p67: e0000000 00000200 "userdata"
mmcblk0p68: 12200000 00000200 "apppreload"
mmcblk0p69: 03c00000 00000200 "cota"
mmcblk0p70: 00a00000 00000200 "battery"
Now for the actual fun. I compared every single partition before and after the SIM Lock trying to find a difference. There were many differences between files as they are not 'static' and used by the system. (This was done from recovery BTW).
I was looking for a small difference such as that of the bootloader lock / unlock which you only have to change a small amount of data.
Something that stood out was mmcblk0p52 which is "rfg_8" and I only noticed this because I had made two dump before Sim Unlocking and it was THE ONLY PAIR OF DUMPS THAT MATCHED.
The files themselves aren't that big so I thought what the hell.
I flashed (dd) the 'before sim unlock' mmcblk0p52 and it was SIM LOCKED again
I then flashed (dd) the after 'after sim unlock' mmcblk0p52 and it was SIM UNLOCKED again
If you could help by getting your mmcblkop52 to me I can then compare and see if this will equal a free SIM UNLOCK for you.
AT&T No longer need Files are the same
T-Mobile No longer need Files are the same
Sprint Partition is empty, all 0's - will need to find another way
Verizon I assume it is the same as Sprint.
Others??
Please use the following code:
Code:
adb shell
su
dd if=/dev/block/bootdevice/by-name/rfg_8 of=/sdcard/rfg_8old
exit
exit
adb pull /sdcard/rfg_8old
Then upload the rfg_8old and link to me.
To Sim unlock your device
Do the above and save it to you computer. Download my rfg_8-Locked.txt and compare the two files.
You can do this using HxD from here http://mh-nexus.de/en/hxd/
Drag both files (locked partitions) into HxD and press Ctrl + K or go to File > Analysis > File-Compare > Compare....
It will prop up 'both files are identical'
If there is a file difference then STOP
If the file is the same then you can do the following:
Please copy and paste one line at a time
[Irfg_8-UnLocked.txt must be in your ADB directory OR manually place on the root of internal SD Card and rename to rfg_8 [/I]
Code:
adb push rfg_8-UnLocked.txt /sdcard/rfg_8new
adb shell
su
dd if=/sdcard/rfg_8new of=/dev/block/bootdevice/by-name/rfg_8
exit
exit
Please use the Poll above and leave a comment
Please don't forget to click the thanks button or donate to me http://forum.xda-developers.com/donatetome.php?u=4428363
This took a lot of time and effort. The (at least) $5 it would have cost you for the unlock code, could be put to better use
Thanks for the support guys
Stifilz
THANKS TO:
@grim489 for dumping the mmcblk0p52 from T-Mobile (which I found was an exact match)
@bigp951 for dumping the mmcblk0p52 from AT&T locked sim (which I found was an exact match)
@bigp951 for dumping the mmcblk0p52 from DEV Edition factory unlocked sim (which I found was empty 0's, probably due to never being locked)
@bigp951 for testing the Unlocked partition on AT&T and confirming it worked
@WildsideUK for confirming that this works while S-On
Interesting. I'll look into this.
Sent From My HTC One (M9)
M9 Sprint
Do you think it will work with my sprint M9?
Here is my mmcblk0p52, I am sim locked to T-Mobile. Haven't got around to trying the international software/firmware with your other unlock thread but managed to get this. :good:
elmy2424 said:
Do you think it will work with my sprint M9?
Click to expand...
Click to collapse
Not at the moment. I have a sprint M9 and have not managed to get it working with this method
grim489 said:
Here is my mmcblk0p52, I am sim locked to T-Mobile. Haven't got around to trying the international software/firmware with your other unlock thread but managed to get this. :good:
Click to expand...
Click to collapse
OMFG. THE FILE IS IDENTICAL TO MY SIM LOCKED PARTITION. FEEL FREE TO USE HxD TO 'FILE COMPARE' THE HEX VALUES YOURSELF. IF YOU ARE KEEN THEN PLEASE FLASH MY UNLOCKED PARTITION. BE VERY CAREFUL WITH THE DD COMMAND!
Obviously reverse the DD command
Do it in recovery or normal and then reboot.
Can you please dump the partition after too. Here is HxD (I love this software)
Drag both files (locked partitions) into HxD and press Ctrl + K or go to File > Analysis > File-Compare > Compare....
It will prop up 'both files are identical'
Thank you @grim489, credits to you
Gotta find somebody's sim to steal and test but it's no problem I'm just doing the simple stuff haha. Let me get back to you in a little bit stifilz, gonna try it out.
Sent from my HTC One M9 using Tapatalk
are you inside US , i think sprint is unlocking their phones for free, just have to call them,
grim489 said:
Gotta find somebody's sim to steal and test but it's no problem I'm just doing the simple stuff haha. Let me get back to you in a little bit stifilz, gonna try it out.
Sent from my HTC One M9 using Tapatalk
Click to expand...
Click to collapse
Awaiting anxiously
In the mean time can someone that is Sim Unlocked please dump their mmcblk0p52
Here is mine. AT&T SIM locked. I just added .txt to the end.
stifilz said:
Awaiting anxiously
In the mean time can someone that is Sim Unlocked please dump their mmcblk0p52
Click to expand...
Click to collapse
would the dev edition dump work? I have one of those as well...
bigp951 said:
would the dev edition dump work? I have one of those as well...
Click to expand...
Click to collapse
Yup. That would help check the 'unlock' image
stifilz said:
Yup. That would help check the 'unlock' image
Click to expand...
Click to collapse
Here you go!
dev edition---
I hope this works because I bought an AT&T m9 today for my wife but we are on T-mobile. Only thing is I know nothing about dd commands so would need instructions like in the OP.
bigp951 said:
I hope this works because I bought an AT&T m9 today for my wife but we are on T-mobile. Only thing is I know nothing about dd commands so would need instructions like in the OP.
Click to expand...
Click to collapse
Ok first thing you will need to do is dump the current mmcblk0p52 (same as first OP). Pull this files to computer. Download my mmcblk0p52-rfg_8-Locked.txt (LOCKED VERSION) and compare the two files using HxD or similar.
IF they are the same then you can proceed to flash the my mmcblk0p52-rfg_8-UnLocked.txt(UNLOCKED) file.
Code:
adb push mmcblk0p52-rfg_8-UnLocked /sdcard/mmcblk0p52
adb shell
su
dd if=/sdcard/mmcblk0p52 of=/dev/block/mmcblk0p52
exit
exit
Please proceed at your own risk
Thanks
bigp951 said:
here is mine. At&t sim locked. I just added .txt to the end.
Click to expand...
Click to collapse
exactly the same as mine
bigp951 said:
Here you go!
dev edition---
Click to expand...
Click to collapse
DEV edition is BLANK (file is all zeros) this could make sense as it was never Sim locked and therefore does not need to be unlocked
stifilz said:
Ok first thing you will need to do is dump the current mmcblk0p52 (same as first OP). Pull this files to computer. Download my mmcblk0p52-rfg_8-Locked.txt (LOCKED VERSION) and compare the two files using HxD or similar.
IF they are the same then you can proceed to flash the my mmcblk0p52-rfg_8-UnLocked.txt(UNLOCKED) file.
Code:
adb push mmcblk0p52-rfg_8-UnLocked /sdcard/mmcblk0p52
adb shell
su
dd if=/sdcard/mmcblk0p52 of=/dev/block/mmcblk0p52
exit
exit
Please proceed at your own risk
Thanks
Click to expand...
Click to collapse
I am ready to attempt this but am curious to what my chances are for a hard brick? I will copy and paste your commands
I have a nandroid on my sd card so I should be able to recover from anything minor.
EDIT--strangely enough when I attempted to push the file to the sd card this came back...
failed to copy 'mmcblk0p52-rfg_8-UnLocked' to '/sdcard/mmcblk0p52': Permission d
enied
I will put the file in the sd card manually and proceed from there
bigp951 said:
I am ready to attempt this but am curious to what my chances are for a hard brick? I will copy and paste your commands
I have a nandroid on my sd card so I should be able to recover from anything minor.
Click to expand...
Click to collapse
I am fairly certain that it will be the correct file. I don't have another partition of someone that has Sim Unlocked before (I only have my one). I assume that it is not Unlock Code specific. I have flashed to my Sprint M9 to no avail (this had 0's before like your dev edition). Also no damage to the phone
Hardbrick would be HIGHLY UNLIKELY. I have put my HTC's though the wars and they have always came back to me. As long as you are S-OFF you can recover from almost anything. Copy and paste and double check everything .
Best of luck :good:
bigp951 said:
EDIT--strangely enough when I attempted to push the file to the sd card this came back...
failed to copy 'mmcblk0p52-rfg_8-UnLocked' to '/sdcard/mmcblk0p52': Permission d
enied
I will put the file in the sd card manually and proceed from there
Click to expand...
Click to collapse
mmcblk0p52-rfg_8-UnLocked (note .txt has been removed) will need to be in the folder where your ADB is
IT WORKED!