Related
hi,
before updating to 4.3 via OTA i was rooted via chinese method and had problems with my wifi, i decided to wipe my note using fastboot -w, to see if it would fix the wifi issue, afterwards it booted up and i installed the 4.3 OTA, i think it installed but my device went into a bootloop and i can not get ADB or Fastboot to recognise it (I know the drivers work, they recognise my LG G2), the only device showing up in device manager is APX. I did some googling and found that its Nvidia low level recovery system. Is there any way to get my TN7 out of APX or do I wait until Nvidia release the relevant blobs? (Am I right in saying that Nvflash doesnt support Tegra 4 yet?) Can you guys think of any solutions? I am happy to try experimental, pre-alpha stuff!
Thanks in advance,
Aliaksei
aliaksei said:
hi,
before updating to 4.3 via OTA i was rooted via chinese method and had problems with my wifi, i decided to wipe my note using fastboot -w, to see if it would fix the wifi issue, afterwards it booted up and i installed the 4.3 OTA, i think it installed but my device went into a bootloop and i can not get ADB or Fastboot to recognise it (I know the drivers work, they recognise my LG G2), the only device showing up in device manager is APX. I did some googling and found that its Nvidia low level recovery system. Is there any way to get my TN7 out of APX or do I wait until Nvidia release the relevant blobs? (Am I right in saying that Nvflash doesnt support Tegra 4 yet?) Can you guys think of any solutions? I am happy to try experimental, pre-alpha stuff!
Thanks in advance,
Aliaksei
Click to expand...
Click to collapse
Sorry to say that no one has yet got NvFlash working with Tegra 4 SoC, bar in-house developers and wholesalers.
If you can't get the device into fastboot then your only alternative is to return the tablet on warranty since you are not getting a proper bootloader which is a sign of an early released unlocked tablet where legally there was no hindrance to tinkering. To get fastboot try;
Starting up the device with the POWER-BUTTON + TOP VOLUME-BUTTON held down at same time. The device will boot and as soon as you see the logo, then release only the POWER-BUTTON so that the device doesn't do a unwanted restart on you. What you should be trying to archive with this is get to a menu based bootloader if you have one. There, you should be able to toogle on fastboot and recover the device.
I hope that helps.
If I return it on warranty, will they be able to see that it was rooted, invalidating my warranty?
Sent from my LG-D802 using xda app-developers app
Hi everyone,
I hope anyone can help me with this.
After trying to change lcd density with apps from the playstore.
The mojo brings me a black screen, no logo at startup, the only thing what i can do is the root procedure, it displays me " Key driver not found.." etc.. but nothing after that.
I don't know how to restore it, or factory reset it, or acces to build.prop etc.. and also i can't acces to devices via usb => computeur(adb not listed)
If anyone get an idea, it will be great.:good:
LCD density? What app did you use? Why are you adjusting an LCD setting on a device that does not have an LCD screen? Try unplugging it for 15 minutes and then plug it back in.
EDIT: I see what you did. You used LCDDensity to try to increase the resolution. Not a great idea. You probably picked some value that is way outside of what the Mojo will display. Since this app requires root you had to grant privileges to it in order to do this. I don't know if you will be able to fix it until some method if sending a recovery image to the device (and a recovery image for that matter) is revealed.
EDIT 2: Can you try this:
http://www.freaktab.com/showthread.php?12075-FOUND-MAD-CATZ-M-O-J-O-RECOVERY-MENU
If you can get to be able to choose "Yes" for factory reset maybe it will help. It's something to try.
re :Black screen
I put a windows typical keyboard and try the mojo recovery menu procedure, always same black screen.
Now i found an image.zip call "mojo-signed-ota-MO0202-WW.zip" but how to use it now, maybe via fastboot or anything else because it's only way for now that displays me something from mojoto hdmi monitor.
daves94 said:
I put a windows typical keyboard and try the mojo recovery menu procedure, always same black screen.
Now i found an image.zip call "mojo-signed-ota-MO0202-WW.zip" but how to use it now, maybe via fastboot or anything else because it's only way for now that displays me something from mojoto hdmi monitor.
Click to expand...
Click to collapse
You'll need to contact, Madcatz for support.
gwaldo said:
You'll need to contact, Madcatz for support.
Click to expand...
Click to collapse
Hi,
I've allready contact Mad Catz support and submit a ticket, we will see if they give me a way to unblock this box.
Thanks
daves94 said:
Hi,
I've allready contact Mad Catz support and submit a ticket, we will see if they give me a way to unblock this box.
Thanks
Click to expand...
Click to collapse
Keep us updated. I am curious to see what their solution is. Either RMA the unit or reveal a recovery method to you. If the latter, I am certain many folks (myself included) would really like to know!
zektor said:
Keep us updated. I am curious to see what their solution is. Either RMA the unit or reveal a recovery method to you. If the latter, I am certain many folks (myself included) would really like to know!
Click to expand...
Click to collapse
Hi,
We will see, i posted a ticket on friday, and a guy "symphatic" told me on live chat support that it would take 2-3 open days to have an answer.
I saw in another post on xda that one guy have similar problem but due a rom update i think.
I will keep you up to date with this an we'll check at the same time if they have a good technical support.
Thanks guys.
http://forum.xda-developers.com/showthread.php?p=52563100#post52563100
davhttp://forum.xda-developers.com/showthread.php?p=52563100#post52563100es94 said:
Hi everyone,
I hope anyone can help me with this.
After trying to change lcd density with apps from the playstore.
The mojo brings me a black screen, no logo at startup, the only thing what i can do is the root procedure, it displays me " Key driver not found.." etc.. but nothing after that.
I don't know how to restore it, or factory reset it, or acces to build.prop etc.. and also i can't acces to devices via usb => computeur(adb not listed)
If anyone get an idea, it will be great.:good:
Click to expand...
Click to collapse
Do not play with a build prop on a m,o,j,o it wil screw it up likely,but if you can access a terminal on the console or command it in windows/linux/mac osx etc somehow,then you can reset the screen resolution,to do that use this set of commands in a terminal for the mad catz m.o.j.o if possible: type: su ,no comma though then hit the enter key, then type: am display-size reset ,no comma though and again hit enter key.
If a terminal is accessible which i guess it should be if usb debugging option was left turned on if usb debugging was turned off before this your [email protected],but don't ask me how you do this as i am not a developer,but it would reset the resolution on the console to factory and allow it to work for sure if performed on a terminal within the console which you cannot get access to at present,but i do think it may be possible in windows over usb debugging somehow?
I found the recovery menu i covered it in a thread here,but it only says erase not erase/restore so i guess it is dangerous doing that,the other question is does root work on erase if it does restore it,and or did altering your resolution alter the build prop file which erase/restore may/may not restore to factory after such changes making erase option in recovery dangerous although you could try it but be warned it could wipe/brick the device possibly.1st try to use the commands i gave it's easier and safer to toy with.It also 100% worked within the os when i used resolution changer pro and got it stuck in a shrunken screen size you couldn't see all the icons in.
the link to the post about accessing the recovery menu is at the very top of this post #8 post, it links to my freaktab page on how to access the recovery menu,you can only use a usb keyboard for this in usb 2.0 port though to be on the safe side remove any sd card carrying data on it if you choose to erase do not erase cache etc though at a guess?To be completely safe ask what each erase option does on the site 1st otherwise you may completely brick your m.o.j.o at present it is ok but semi bricked and still would function if you can get terminal up to alter the resolution.
PHYSC-1 said:
http://forum.xda-developers.com/showthread.php?p=52563100#post52563100
Do not play with a build prop on a m,o,j,o it wil screw it up likely,but if you can access a terminal on the console or command it in windows/linux/mac osx etc somehow,then you can reset the screen resolution,to do that use this set of commands in a terminal for the mad catz m.o.j.o if possible: type: su ,no comma though then hit the enter key, then type: am display-size reset ,no comma though and again hit enter key.
If a terminal is accessible which i guess it should be if usb debugging option was left turned on if usb debugging was turned off before this your [email protected],but don't ask me how you do this as i am not a developer,but it would reset the resolution on the console to factory and allow it to work for sure if performed on a terminal within the console which you cannot get access to at present,but i do think it may be possible in windows over usb debugging somehow?
I found the recovery menu i covered it in a thread here,but it only says erase not erase/restore so i guess it is dangerous doing that,the other question is does root work on erase if it does restore it,and or did altering your resolution alter the build prop file which erase/restore may/may not restore to factory after such changes making erase option in recovery dangerous although you could try it but be warned it could wipe/brick the device possibly.1st try to use the commands i gave it's easier and safer to toy with.It also 100% worked within the os when i used resolution changer pro and got it stuck in a shrunken screen size you couldn't see all the icons in.
the link to the post about accessing the recovery menu is at the very top of this post #8 post, it links to my freaktab page on how to access the recovery menu,you can only use a usb keyboard for this in usb 2.0 port though to be on the safe side remove any sd card carrying data on it if you choose to erase do not erase cache etc though at a guess?To be completely safe ask what each erase option does on the site 1st otherwise you may completely brick your m.o.j.o at present it is ok but semi bricked and still would function if you can get terminal up to alter the resolution.
Click to expand...
Click to collapse
Yeah i saw your method,but in my case i can't acces to an adb shell (termnial) to put "am display reset" command, i'm on macos and i can't list my mojo attached via mac's terminal in adb mode, (i've done kill...start...adb server) my mojo only appear in fastboot mode (fastboot-mac devices) it seems that it can't past the bootloader.
I've found a ROM named "mojo-signed-ota-MO0202-WW.zip" but can't flash it coz i think this rom can only be applied via recovery mode (clockword etc..).
I know that in fastboot mode we can also flash a rom, it has command to do it, but need the right files(img, etc...) which is not in that rom.
I know also that we can make system.img etc... from a rom like this but i'll be laborious, coz i am not develloper too, and i just have some basics on linux distro's but if mad catz don't give me a method to unblock my box or give me a fully stock rom, i will try it.
Well, we'll see i'll keep you up to date.
Thanks.
daves94 said:
Yeah i saw your method,but in my case i can't acces to an adb shell (termnial) to put "am display reset" command, i'm on macos and i can't list my mojo attached via mac's terminal in adb mode, (i've done kill...start...adb server) my mojo only appear in fastboot mode (fastboot-mac devices) it seems that it can't past the bootloader.
I've found a ROM named "mojo-signed-ota-MO0202-WW.zip" but can't flash it coz i think this rom can only be applied via recovery mode (clockword etc..).
I know that in fastboot mode we can also flash a rom, it has command to do it, but need the right files(img, etc...) which is not in that rom.
I know also that we can make system.img etc... from a rom like this but i'll be laborious, coz i am not develloper too, and i just have some basics on linux distro's but if mad catz don't give me a method to unblock my box or give me a fully stock rom, i will try it.
Well, we'll see i'll keep you up to date.
Thanks.
Click to expand...
Click to collapse
TMK, fastboot only flash the boot rom, at least that's what in the v2 update the sys files are just overwritten, but not a rom.
I dont think fastboot can flash the nand/OS partition.
Yeah if you get a system rom and way of installing, I too would be interested.
I'm guessing it's something they can't openly distribute...
I guess it's something we can do ourselves... just have had the time to research...
daves94 said:
Yeah i saw your method,but in my case i can't acces to an adb shell (termnial) to put "am display reset" command, i'm on macos and i can't list my mojo attached via mac's terminal in adb mode, (i've done kill...start...adb server) my mojo only appear in fastboot mode (fastboot-mac devices) it seems that it can't past the bootloader.
I've found a ROM named "mojo-signed-ota-MO0202-WW.zip" but can't flash it coz i think this rom can only be applied via recovery mode (clockword etc..).
I know that in fastboot mode we can also flash a rom, it has command to do it, but need the right files(img, etc...) which is not in that rom.
I know also that we can make system.img etc... from a rom like this but i'll be laborious, coz i am not develloper too, and i just have some basics on linux distro's but if mad catz don't give me a method to unblock my box or give me a fully stock rom, i will try it.
Well, we'll see i'll keep you up to date.
Thanks.
Click to expand...
Click to collapse
The recovery menu has update from zip file so why not try it? Put the file on an sd card and see if recovery install from zip allows that 202 update to be done without being inside the os,It's going to be risky but in your case if they opt not to fix it free,and i gather they won't without charge it's not going to hurt, as you've voided the warranty any way messing without being insulting.
daves94 said:
Hi everyone,
I hope anyone can help me with this.
After trying to change lcd density with apps from the playstore.
The mojo brings me a black screen, no logo at startup, the only thing what i can do is the root procedure, it displays me " Key driver not found.." etc.. but nothing after that.
I don't know how to restore it, or factory reset it, or acces to build.prop etc.. and also i can't acces to devices via usb => computeur(adb not listed)
If anyone get an idea, it will be great.:good:
Click to expand...
Click to collapse
Hi Dave,
I had the same problem after a reboot of the m.o.j.o ...
I only could push an image on it but without success.
The hotline sent me this link :
http://www.freaktab.com/showthread.php?12075-FOUND-MAD-CATZ-M-O-J-O-RECOVERY-MENU
But the keyboard was not recognized.
I think the best way is to push all the rom "mojo-signed-ota-MO0202-WW.zip" on it.
Because the image is only 6Mb against 240Mb.
Do you fix it ?
TE=French_Dev;52669246]Hi Dave,
I had the same problem after a reboot of the m.o.j.o ...
I only could push an image on it but without success.
The hotline sent me this link :
http://www.freaktab.com/showthread.php?12075-FOUND-MAD-CATZ-M-O-J-O-RECOVERY-MENU
But the keyboard was not recognized.
I think the best way is to push all the rom "mojo-signed-ota-MO0202-WW.zip" on it.
Because the image is only 6Mb against 240Mb.
Do you fix it ?[/QUOTE]Yes that's my freaktab page i made lol.But it's going to have to be usb not a ps2/usb adaptor,it does work trust me if your using usb 2.0 port it works with a usb keyboard,the only time it won't is if your not 100% right in how you press the keys.
can get it on my usb keyboard a cheap 5 quid generic keyboard,so i seriously doubt you can't.Unless your pressing the order of the key differently
you need to :boot from cold with keyboard in 1st read bottom paragraph then start step 1.
Step 1.1st press alt then print screen and then i hold them in as you are pressing them in that order after turning on the m.o.j.o before the light comes on though not after it will not work if you do that,doit very quickly
Step 2.Then you see the blue light appear release and repress i key holding the rest down still keep i key held in for 5 seconds release press again for five seconds release press down for 5 seconds keep doing that until white writing appears keep those alt and print screen keys on all the time whilst doing the 5 second press of i key,until white writing appears.
Step 3.Once done you'll land at a broken robot screen tust me you can do it,once there you need to press the windows symbol key hold it on, then press the print screen key hold that on as well keep both held on and finaly press home key this means you have all 3 keys held in now press down arrow with the keys held on if not working press up arrow with all 3 other keys held on.You will 100% go to the recovery menu i guarentee that.
JOB DONE
VERY IMPORTANT NOTE:
If it doesn't work turn the console off at the wall and then leave a bit turn back on then repeat until it works keep doing that,it maybe the keyboard isn't picking up if you use reboot in comand or if your using a reboot tool to reboot it use the power for the mains to turn it off on not a reboot command,it needs to be done from a cold boot.
Re
H guys
Bad news for my mojo.
First of all, mad catz did the same thing as French_Dev (Salut à toi le français), they sent me the PHYSC-1 method to recover my mad catz.
After that i have retry the method with another keyboard, and i thought i recovered it coz i was able to see the android logo(robot screen broken), and recovery menu, but impossible to have access to data factory reset.
And now Ladies & Gentlemen...
I give my mojo to a friend who sometimes unblocks android phones, thinking he will find the way...
But he bring's me back the mojo now bricked, no blue logo at startup, and no access to fastboot mode with the male male usb cable.
He told me that he finds an another rom tu put on it, but after cleaning and flash it ===> bricked...
I can i confirm that the PHYSC-1 method work, but in my case i couldn't apply data/factory reset or maybie it's coz keyboards which i have.
Now i must find the way to unbrick it if it's possible. (i think it's possible for sure, linux based...)
Thanks for all your replies guys.
daves94 said:
H guys
Bad news for my mojo.
First of all, mad catz did the same thing as French_Dev (Salut à toi le français), they sent me the PHYSC-1 method to recover my mad catz.
After that i have retry the method with another keyboard, and i thought i recovered it coz i was able to see the android logo(robot screen broken), and recovery menu, but impossible to have access to data factory reset.
And now Ladies & Gentlemen...
I give my mojo to a friend who sometimes unblocks android phones, thinking he will find the way...
But he bring's me back the mojo now bricked, no blue logo at startup, and no access to fastboot mode with the male male usb cable.
He told me that he finds an another rom tu put on it, but after cleaning and flash it ===> bricked...
I can i confirm that the PHYSC-1 method work, but in my case i couldn't apply data/factory reset or maybie it's coz keyboards which i have.
Now i must find the way to unbrick it if it's possible. (i think it's possible for sure, linux based...)
Thanks for all your replies guys.
Click to expand...
Click to collapse
It would be bricked he's attempted some or should i probably say has likely flashed clockwork mod or some rom for eg.a samsung phone or nexus tablet etcetc.Which they don't work for any other tablet or phone because they are device specific,hence the need to flash only a zip file in recovery and only a zip file from mad catz not any other rom or backup is made for a m.o.j.o except the mad catz m.o.j.o 202 update zip file so nobody should try anything else like erase etc only flashing the provided update from mad catz at a guess it won't need previous cache erase or any other erase because the zip when inside the os seems to fromat it for you so should do the same in recovery mode in theory to.Try all over again to get to recovery with a usb stick plugged in somehow with the 202 update on if possible,i am of the 'assumption' that is how it is done with a usb stick in usb 3.0 port with the zip on it but not 100% i have never done it nor do i need to chance a rick of a working m.o.j.o mate? Really feel for you though it can't hurt to tinker with it some more though now can it?
OK sorry ,may have misread a bit there,so before giving it a mate you did flash the 202 update file yes/no?
Secondly if you did flash it it tried to boot logo the lot yes/no?
Thirdly you gave it a mate who [email protected] it up for you yes/no?
Sorry i see what you mean now,you don't erase you flash the zip 202 update zip job done mate that's all no erase no nothing else to do barr that i am guessing,but you need it on usb stick or think about this,if it was downloaded on the m.o.j.o prior this 202 update zip and you click update from zip in recovery menu,i think it may ask where giving you the choice to look for the file on what ever device it may be on including the console,so you may not need a usb stick?
Perseverance is the key if at 1st you don't succeed try try and try again trust me i have used that motto to my advantage many times it's the only thing i learned from school.
That's how i found that recovery menu,it's how i found my tv secret menu last night,it's how i found all necissary flash files for and flashed a haipi phone,how i flashed my mates bb 9820 curve etcetc,i never stop trying,i have recovered iphones before and that haipai when bricked etctc so you have nothing to loose in persistantly trying it again and again until you have found the way to flash it over with 202 update.zip
I always find ways to mod (hack) devices on my own from what i label as ethical hacking although it's not the real terminology but it sort of is in a way,i basically scour forums finding bits here and bits there puting them together to find the complete path to flashing something,i may resort to taking one sentance in a forum then another then another finaly i get the full guide and i flash it,so my view is it's a sort of ethical hacking it's diuling infromation to perform a hardware hack in an ethical way as modding a rom is legal 99.9% of the time.
It's how i managed to get pi****u on a k-r42android tv box and then upgrade it to ubuntu trusty tahr 14.04 by looking at ubuntu forum posts for commands to upgrade the installation,the reason was it's ubuntu on pi****u os so therefore it can be upgraded as is done in ubuntu.So the story goes where there is a will there is a way.
I'd like to share some experience on hacking SHARP Android phones.
In the past I have published 102SH unlock and a tool helping users outside Japan to obtain OTA.
About rooting.
We have following preconditions.
a. Locked bootloader.
b. aboot without fastboot facilities.
c. kernel driver preventing read/write to certain partitions.
d. eMMC hardware write protections on certain blocks(including boot, recovery, system, etc.), enforced by power on write protection. This cannot be disabled unless a power off. Please refer document of eMMC datasheet.
For a or b it does not affect rooting.
For c, if we have kernel exploit it's not the case.
For d, you cannot write to protected blocks after the phone booting into Android. So even with temp root and patched kernel you can do nothing making root persist.
Someone mentioned loki. First it's an *old* LK exploit in 2013. Second boot is eMMC write protected. So it's over.
Also someone mentioned fi01's root tools. It's useless here since it's too outdated for this phone. I know every detail of the exploits inside the tool.
Therefore the two ways are all wrong.
What does the right way rooting this phone like?
a. We have to find several exploits and the final one should be kernel exploit. If I'm not going wrong, we could turn off eMMC power and set Qualcomm download magic in SMEM, then a hot reboot should bring the device into download mode with all partition writable.
b. We could try to find exploit or backdoor in sbl1/aboot.
I hope this thread becoming a serious technic discussing thread and more powerful devs joinning in.
2015.4.12
I'm going to give up on this phone.
I still don't have a 306SH SBL1 dump, too lazy to do it. The following result is based on a 305SH SBL1 dump received from someone.
Modem dump here if anyone interested.
https://www.dropbox.com/s/syulmij77qtzb7q/modem.bin.306sh.S8216.tar.xz?dl=0
And a 305SH SBL1 dump is attached.
Power on this phone with Volume Up pressed brings this device boot into FLDR mode, which can load and run code in SBL1. But unfortunately, there are complicated checks(possible RSA protected) before jumping to the code. Code will be loaded to 0x20000000 and the entry point is 0x20000050.
This will show you more on how to talk to the phone over USB cable.
Code:
lsusb -v -d 04dd:933a
The protocol is simple:
op: 1 byte(== 0x00)
size: 4 byte(BE order)
flag: 1 byte(== 0xFF causes loaded address changes to 0xf8002000 other than 0x20000000)
data: size byte(s)
sum: 1 byte(== ~sum of all bytes in from op)
Then the phone replies 010201fb which means failure and reboots, on success it will reply 010200fc.
On success, there is further checking on the outgoing data. If the check fails, the phone will go to EDL mode(aka emergency download mode, USB VID=Qualcomm and PID=9008, some guys may be familiar with it.)
Another simple operation in this mode is displaying the phone's code name.
By sending 3001ce the phone will reply 3109[8 bytes string][1 byte sum]. For my 306SH Boost Mobile variant, this string is "PB25".
Sent from my MI 4C using XDA Free mobile app
goooooooood job!
tewilove said:
I'd like to share some experience on hacking SHARP Android phones.
In the past I have published 102SH unlock and a tool helping users outside Japan to obtain OTA.
I approtiate FlowSwitch's work and he is my idol.
About rooting.
We have following preconditions.
a. Locked bootloader.
b. aboot without fastboot facilities.
c. kernel driver preventing read/write to certain partitions.
d. eMMC hardware write protections on certain blocks(including boot, recovery, system, etc.), enforced by power on write protection. This cannot be disabled unless a power off. Please refer document of eMMC datasheet.
For a or b it does not affect rooting.
For c, if we have kernel exploit it's not the case.
For d, you cannot write to protected blocks after the phone booting into Android. So even with temp root and patched kernel you can do nothing making root persist.
Someone mentioned loki. First it's an *old* LK exploit in 2013. Second boot is eMMC write protected. So it's over.
Also someone mentioned fi01's root tools. It's useless here since it's too outdated for this phone. I know every detail of the exploits inside the tool.
Therefore the two ways are all wrong.
What does the right way rooting this phone like?
a. We have to find several exploits and the final one should be kernel exploit. If I'm not going wrong, we could turn off eMMC power and set Qualcomm download magic in SMEM, then a hot reboot should bring the device into download mode with all partition writable.
b. We could try to find exploit or backdoor in sbl1/aboot.
I hope this thread becoming a serious technic discussing thread and more powerful devs joinning in.
Sent from my MI 4C using XDA Free mobile app
Click to expand...
Click to collapse
you can change DIAG by enter ##3424# and enter MSL code, it need a driver, i think if we change DIAG, we can root it from another mode
Don't spam.
Sent from my MI 4C using XDA Free mobile app
tewilove said:
Don't spam.
Sent from my MI 4C using XDA Free mobile app
Click to expand...
Click to collapse
who ?
tewilove said:
I'd like to share some experience on hacking SHARP Android phones.
In the past I have published 102SH unlock and a tool helping users outside Japan to obtain OTA.
I approtiate FlowSwitch's work and he is my idol.
About rooting.
We have following preconditions.
a. Locked bootloader.
b. aboot without fastboot facilities.
c. kernel driver preventing read/write to certain partitions.
d. eMMC hardware write protections on certain blocks(including boot, recovery, system, etc.), enforced by power on write protection. This cannot be disabled unless a power off. Please refer document of eMMC datasheet.
For a or b it does not affect rooting.
For c, if we have kernel exploit it's not the case.
For d, you cannot write to protected blocks after the phone booting into Android. So even with temp root and patched kernel you can do nothing making root persist.
Someone mentioned loki. First it's an *old* LK exploit in 2013. Second boot is eMMC write protected. So it's over.
Also someone mentioned fi01's root tools. It's useless here since it's too outdated for this phone. I know every detail of the exploits inside the tool.
Therefore the two ways are all wrong.
What does the right way rooting this phone like?
a. We have to find several exploits and the final one should be kernel exploit. If I'm not going wrong, we could turn off eMMC power and set Qualcomm download magic in SMEM, then a hot reboot should bring the device into download mode with all partition writable.
b. We could try to find exploit or backdoor in sbl1/aboot.
I hope this thread becoming a serious technic discussing thread and more powerful devs joinning in.
Sent from my MI 4C using XDA Free mobile app
Click to expand...
Click to collapse
Forgive me as ive never held a sharp android phone let alone worked on on. but i have a few questions regarding the "knowns" of this device. ive worked on many other devices and it was "known" to have a locked bootloader up until i packed teh cwm/twrp correctly and showed them they dont have a locked bootloader.
sprint is fairly open about bootloaders so why would this one be locked? is there a trend in sharp locked bootloader phones? has someone flashed a custom boot.img/recovery and been presented with a locked bootloader warning screen?
trying to find out some more information and this seemed teh most informed one.
shabbypenguin said:
Forgive me as ive never held a sharp android phone let alone worked on on. but i have a few questions regarding the "knowns" of this device. ive worked on many other devices and it was "known" to have a locked bootloader up until i packed teh cwm/twrp correctly and showed them they dont have a locked bootloader.
sprint is fairly open about bootloaders so why would this one be locked? is there a trend in sharp locked bootloader phones? has someone flashed a custom boot.img/recovery and been presented with a locked bootloader warning screen?
trying to find out some more information and this seemed teh most informed one.
Click to expand...
Click to collapse
Hey! I remember you from the galaxy avant forum. Thanks for your work on that phone. Are you interested in trying to obtain root for this phone? I am going to try and make a bounty for this phone, but I am unsure as how to do so.
Let me know if I can be of assistance to you.
Quickdraw996 said:
Hey! I remember you from the galaxy avant forum. Thanks for your work on that phone. Are you interested in trying to obtain root for this phone? I am going to try and make a bounty for this phone, but I am unsure as how to do so.
Let me know if I can be of assistance to you.
Click to expand...
Click to collapse
my buddy autoprime and i used to chat about this phone, we both wanted one when it launched but neither we willing to just get one. i was hoping the price would have died down a bit but its held strong. at any rate right now im just looking for info, ive never worked on a sharp device before and im unfamiliar with how their bootloaders run in comparison to samsung/lg
shabbypenguin said:
my buddy autoprime and i used to chat about this phone, we both wanted one when it launched but neither we willing to just get one. i was hoping the price would have died down a bit but its held strong. at any rate right now im just looking for info, ive never worked on a sharp device before and im unfamiliar with how their bootloaders run in comparison to samsung/lg
Click to expand...
Click to collapse
How would one go about figuring out such things? I have not tried to get to recovery, download mode, etc yet.
Quickdraw996 said:
How would one go about figuring out such things? I have not tried to get to recovery, download mode, etc yet.
Click to expand...
Click to collapse
@parkerlreed on reddit answered a few of my questions. in teh past if i was able to root a device i could just compile recovery and root everyone then for devices like samsung, without knowing the bootloader situation or how to flash software on this device im left a bit clueless atm.
shabbypenguin said:
@parkerlreed on reddit answered a few of my questions. in teh past if i was able to root a device i could just compile recovery and root everyone then for devices like samsung, without knowing the bootloader situation or how to flash software on this device im left a bit clueless atm.
Click to expand...
Click to collapse
How can I test to see if the bootloader is locked?
Quickdraw996 said:
How can I test to see if the bootloader is locked?
Click to expand...
Click to collapse
Without root, the only option is something fairly stupid that could render your device non-booting.
shabbypenguin said:
Without root, the only option is something fairly stupid that could render your device non-booting.
Click to expand...
Click to collapse
****, figured as much.
shabbypenguin said:
Without root, the only option is something fairly stupid that could render your device non-booting.
Click to expand...
Click to collapse
I... might be up for this. Mother is moving over to Verizon prepaid. I would then have a Moto G to use as my main phone, leaving the Aquos for testing. I'll report back if this turns out to be the case.
Well... This is interesting... The day before I get my new phone to replace my Crystal (cracked digitizer), people with Android experience show interest... Oh well... :silly:
What has made things difficult is that it does some weird stuff without any clue to us as to what it's doing.
USB in computer then Vol Up + Pwr: Phone vibrates once, the Notification LED turns White and installs something on my laptop. The install does not finish before the phone turns off roughly 15 seconds later. That install does not happen again when tried a second time.
Vol Up THEN USB in computer THEN when the LED turns Red hold Pwr: Windows audibly cues a device connect and the screen turns on displaying Charging with a battery logo. The screen then turns off and Windows audibly cues a disconnect. After the audio cue the phone vibrates for roughly 6 seconds, stops, vibrates for another 2 (vibrated for 15 seconds on other tries), and LED turns White (another audio connect cue) for about 15 seconds and turns off (audio disconnect cue).
I started a thread here: http://forum.xda-developers.com/aquos-crystal/help/download-mode-306sh-t3005531 but have not been able to recreate it again...
There is another thread where I posted where the Crystal would endlessly vibrate off and on...
I will still keep the Crystal and might stick around to do some experimental stuff to try to figure things out since it won't be my daily driver anymore. Hope this helps.
I have seen that exact behavior on mine. When I got the solid white LED, I quickly ran adb and fastboot but neither showed the device (on Linux so I don't have to worry about drivers installing). I've also seen it show up as a USB device while powered off and charging but same deal there. I think it just does that so it can register charging from Windows.
I'll try to get a writeup of all the exact behavior.
---------- Post added at 10:22 PM ---------- Previous post was at 09:56 PM ----------
Ok here it goes...
Powered off:
Unplugged:
Hold Vol Up + Power + release shortly after = White light for 15 seconds
Hold Vol Down for 5 seconds + Press and hold Power for a few seconds and continue to hold Vol down = Recovery mode
Plugged: Red light for charging. Device shows up to computer under the generic USB VID/PID ID 04dd:933a Sharp Corp.
Hold Vol Up + Power + release shortly after = same as above. adb nor fastboot -i 0x04dd see the device
Hold Vol Down for 5 seconds + Press and hold Power for a few seconds and continue to hold Vol down = Same as above. Plugging it in after entering recovery shows no devices on the computer.
"Vol Up THEN USB in computer THEN when the LED turns Red hold Pwr: " as mentioned above just seems to go into charging mode then does a small reset and goes back into charging mode.
Holding just power and continuing to hold it: Device starts to boot up, turns back off due to long holding power, and then starts to vibrate if you continue to hold power. Doesn't stop until power is released.
I am able to get my device recognized by adb/fastboot, however when I try to do an oem unlock, it says it is "waiting for device" even though it is connected and was just working fine. Any help?
Someone else says that they have possibly unlocked their bootloader via the command I typed, but no matter what I try, it will not stop "waiting for [my] device"
Quickdraw996 said:
I am able to get my device recognized by adb/fastboot, however when I try to do an oem unlock, it says it is "waiting for device" even though it is connected and was just working fine. Any help?
Someone else says that they have possibly unlocked their bootloader via the command I typed, but no matter what I try, it will not stop "waiting for [my] device"
Click to expand...
Click to collapse
Are you sure it's even seeing the device? fastboot devices would show it. Also what device do you have exactly? 04dd is the vendor code for Sharp...
parkerlreed said:
Are you sure it's even seeing the device? fastboot devices would show it. Also what device do you have exactly? 04dd is the vendor code for Sharp...
Click to expand...
Click to collapse
I have a Sharp Aquos Crystal.
Typing in "adb devices" shows my device, I have not tried typing in "fastboot devices" though, will try that later today.
I simply typed what was listed in another Sharp Aquos Crystal thread and it appears that they may have unlocked their bootloader.
Quickdraw996 said:
I have a Sharp Aquos Crystal.
Typing in "adb devices" shows my device, I have not tried typing in "fastboot devices" though, will try that later today.
I simply typed what was listed in another Sharp Aquos Crystal thread and it appears that they may have unlocked their bootloader.
Click to expand...
Click to collapse
If it's showing up under adb then it's not in fastboot mode. That's the issue here. Actually trying to figure out if there is a fastboot mode and how to get to it. And then on top of that seeing if a bootloader unlock works.
Hi to all.
I landed on XDA because I am not able to hack my Asus Zenfone Laser 2 dual-sim (ZE550KL, which seems to be also called as Z00L or Z00LD... I don't know why... ?!? ). Actually I'm very new on smartphone hacking, so I did my best recently to understand what "rooting", "recovery", "brick" etc mean.
I tried to enter this world because my phone gets gradually very slow as I use it and so I supposed that erasing the pre-installed applications and overclocking it would help, possibly installing a lighter and more performing custom rom. In order to do this I read that in short I have to unlock the boot loader, root the phone and then eventually install a custom rom. In fact I suppose that getting root privileges should already do the job by keeping the original rom, unistall all unwanted apps and eventually overclocking it. Is that correct?
However, the problems I found on my way are the following two:
I've not been able to follow those procedures on Linux. In detail, I'm not able to use "fastboot boot" instruction because it gets stuck on "waiting for any device". The device is listed and allowed when running "adb devices", the boot had been unlocked previously, the phone is in debug mode etc... but the problem is still there despite I've been trying with both the adb package included in the repositries and the one downloaded from the related google page. I've been told it may be a matter of USB drivers, so I also installed the android studio package thinking it would help, but I was wrong. I'm quite confused on this, despite I do hope I can hack my phone using my favourite operating system (I'm a Linux user since 2006). If you do not feel like helping on this then I will try on Windows.
After trying the same procedures on Windows 10, I realised that the Android Usb drivers released by Google did not work. I had to install the proprietary ASUS USB Drivers from the official website and only then I was able to overcome on Windows the same "waiting for any device" I had experienced on Linux. However, the phone "bricks". I suppose this should be the technical term used in this field to tell that the phone gets stuck for hours on the boot animation. I tried several times to reboot it, but each time the same story.
Maybe the problem on Linux is that I do not have the proper Android Device Usb drivers installed. In this case, how to solve the problem taking into account that ASUS only released the drivers for Windows?
RECAP: I have my phone bricked now (Android is unable to reboot, but I can do access both to the Power+VolumeUP menu (by the way, what's the name of this menu? Fast boot?) and the Power+VolumeDOWN menu (by the way, what's the name of this menu? Recovery boot?)
So sorry for the long story.
Hope you can help.
Thanks for your attention and best regards.
Uhm... no replies till now?
i dont know how you get this kind of trouble, maybe try other computer? , im using wondows 10, download small package of of fastboot driver and adb driver, flash twrp using fastboot command. all done. then i make full backup using twrp, next flash magisk .now i have root access, any problem or bootloop i just restore the full backup that work.
---------- Post added at 04:53 PM ---------- Previous post was at 04:22 PM ----------
i see a lot of this zen2 laser got bricked on this general forum , you should read some more if that could help
When I had this device, I remember booting a temporary recovery TWRP and rooted it in that recovery. Then once I got rooted, I installed TWRP app and installed a permanent recovery from within the TWRP app, which needed root of course. Then I got everything working.
You can try booting on a temporary TWRP using fastboot then flash supersu or magisk or whatever rooting client you want. Though, I think you need an unlocked bootloader. I'm sure there's a guide around here somewhere
I'm using a Z00T and just installed LineageOS yesterday using Windows 10, following a guide by Android Authority and LineageOS.
Volume Up + Power = Fastboot
Volume Down + Power = Recovery
Sounds like you can get into Fastboot, so I'm wondering if maybe you can use it to flash the recovery image??? (I'm not a dev in any form; try this at own risk)
I'm assuming you unlocked the bootloader already...
In the directory where all your images are, perhaps try flashing the recovery with the following, where RECOVERY.img is whatever you may have renamed the TWRP image to be:
Code:
fastboot flash recovery RECOVERY.img
After it's finished flashing, turn off the phone, then reboot into recovery mode with Volume Down + Power.
Something Similar happened with my phone and looking for answer
Hi All,
I'm new to this but do some hands on reading these forums. Recently i don't know how but my phone continuously boot into Fast-Boot mode. If I try to push some zip file as mentioned i'm getting error related to partition. "failed to write partition."
Can someone help me out with this.
Thank in advance.
CerealKiIIel said:
Hi to all.
I landed on XDA because I am not able to hack my Asus Zenfone Laser 2 dual-sim (ZE550KL, which seems to be also called as Z00L or Z00LD... I don't know why... ?!? ). Actually I'm very new on smartphone hacking, so I did my best recently to understand what "rooting", "recovery", "brick" etc mean.
I tried to enter this world because my phone gets gradually very slow as I use it and so I supposed that erasing the pre-installed applications and overclocking it would help, possibly installing a lighter and more performing custom rom. In order to do this I read that in short I have to unlock the boot loader, root the phone and then eventually install a custom rom. In fact I suppose that getting root privileges should already do the job by keeping the original rom, unistall all unwanted apps and eventually overclocking it. Is that correct?
However, the problems I found on my way are the following two:
I've not been able to follow those procedures on Linux. In detail, I'm not able to use "fastboot boot" instruction because it gets stuck on "waiting for any device". The device is listed and allowed when running "adb devices", the boot had been unlocked previously, the phone is in debug mode etc... but the problem is still there despite I've been trying with both the adb package included in the repositries and the one downloaded from the related google page. I've been told it may be a matter of USB drivers, so I also installed the android studio package thinking it would help, but I was wrong. I'm quite confused on this, despite I do hope I can hack my phone using my favourite operating system (I'm a Linux user since 2006). If you do not feel like helping on this then I will try on Windows.
After trying the same procedures on Windows 10, I realised that the Android Usb drivers released by Google did not work. I had to install the proprietary ASUS USB Drivers from the official website and only then I was able to overcome on Windows the same "waiting for any device" I had experienced on Linux. However, the phone "bricks". I suppose this should be the technical term used in this field to tell that the phone gets stuck for hours on the boot animation. I tried several times to reboot it, but each time the same story.
Maybe the problem on Linux is that I do not have the proper Android Device Usb drivers installed. In this case, how to solve the problem taking into account that ASUS only released the drivers for Windows?
RECAP: I have my phone bricked now (Android is unable to reboot, but I can do access both to the Power+VolumeUP menu (by the way, what's the name of this menu? Fast boot?) and the Power+VolumeDOWN menu (by the way, what's the name of this menu? Recovery boot?)
So sorry for the long story.
Hope you can help.
Thanks for your attention and best regards.
Click to expand...
Click to collapse
hey I have the same issue im on windows 10 and asus hasn't realeased drivers for asus zenfone laser connectivity so It wont show up no matter what I do, and the windows 7 drivers cant be used.
BlondebigboobsIRL said:
hey I have the same issue im on windows 10 and asus hasn't realeased drivers for asus zenfone laser connectivity so It wont show up no matter what I do, and the windows 7 drivers cant be used.
Click to expand...
Click to collapse
I'm using Z00T and Windows 10. Had no issues using the Android Authority and LineageOS guides.
These guides are great but I don't want to lose my data by formatting my bootlooping device, and the drivers asus gives do not work with windows 10, the adb drivers work fine but the asus drivers do not.
Hello I am posting in Q&A because I'm a new XDA user, I was not allowed to post in the dev channel.
I have an Essential phone that has been working great for the past few years, no issues, and it was running standard build receiving OTA updates, until the very last update, which soft bricked the phone.
The phone was never enabled in developer mode while in Android, and now, I can't boot the phone into android at all. The only thing I can do is get into fastboot.
Fastboot state shows DEVICE STATE - locked
Any commands I try to unlock flashing, or change slots, anything at all, I get the error that the device is locked so all commands to unlock fail.
Is there any way to unlock device state from fastboot? I saw a youtube video showing a way to use a chopped USB cable to enter emergency / EDL mode for Qualcomm-based Android devices, but have not seen anyone post that this was successful with the Essential
Does anyone know of any method to be able to unlock flashing from fastboot? Or any other method to un-brick an essential? I've attempted everything, on both Mac and PC, nothing works.
On mac or PC, I can query the device in fastboot and get a response, I just can't do anything to unlock anything!!
Many thanks in advance for any suggestions!
Same problem
Same thing happened to me. Same day as you. I can get fastboot but not adb but since the device is locked I can't flash. I've only had the phone about 6 months so I contacted customer support and they offered to replace the phone.
It might be a known issue because they didn't even try to address the fact that I could get fastboot connected but not adb. They just offered to replace.
Thanks for the info! I am -at least in this case- unfortunately an early adopter. I bought two essentials at the beginning of the pre-release.
Essential support checked my serial number and said the phone was out of warranty.
Has anyone been able to force the Essential into EDL mode to recover that way? It looks like you have to latch one of the USB pins to ground, or 5V, but I haven't found any detailed instructions on how to make this work on the essential...
Thanks again
Justin
I'm sure things have changed and I'm wrong, but if you can get into the fastboot menu can't you just cycle through the options until you get to recovery and then flash an official release from Essential?
I may be thinking of LG or something but this should be possible as long as it's newer than the current software installed because it will see it as an official update and allow the flash.
Thanks but unfortunately, when I try and do that, the phone just does the same thing, it hangs forever on the initial boot screen white Android text with the circle/square logo...
That's why I've been looking into the more direct hardware version of forcing the phone into EDL mode, which is supposed to be possible with all Qualcomm based phones.
I've just not found the time yet to find a USB-C cable I'd be happy to cut in half and short the pins on! Which is why I was hoping someone might have tried this with an essential before to know if it was successful before I start trashing good cables
Thanks again for your reply!
JB
justinbaird said:
Hello I am posting in Q&A because I'm a new XDA user, I was not allowed to post in the dev channel.
I have an Essential phone that has been working great for the past few years, no issues, and it was running standard build receiving OTA updates, until the very last update, which soft bricked the phone.
The phone was never enabled in developer mode while in Android, and now, I can't boot the phone into android at all. The only thing I can do is get into fastboot.
Fastboot state shows DEVICE STATE - locked
Any commands I try to unlock flashing, or change slots, anything at all, I get the error that the device is locked so all commands to unlock fail.
Is there any way to unlock device state from fastboot? I saw a youtube video showing a way to use a chopped USB cable to enter emergency / EDL mode for Qualcomm-based Android devices, but have not seen anyone post that this was successful with the Essential
Does anyone know of any method to be able to unlock flashing from fastboot? Or any other method to un-brick an essential? I've attempted everything, on both Mac and PC, nothing works.
On mac or PC, I can query the device in fastboot and get a response, I just can't do anything to unlock anything!!
Many thanks in advance for any suggestions!
Click to expand...
Click to collapse
I have the exact same problem,
My phone is stuck on Essential log when I turned it on,
I can access Bootloader normally but the device is locked so I cannot flash it,
Recovery is corrupted, when I try to star it, it shows only the the Essential log and freeze so I can not format or wipe or sideload.
OEM Locked and unchecked
USB Debugging is unchecked
and I can't flash anything,
Did you managed to unlock it through Fastboot command or any other way ?
I wish I can just login to the recovery or unlock it so I can flash it clean,
Kindly help me if you found a way out
Thank you