Ok, so I figured I'd start a thread for a little community think tank.
If you have any ideas, direction, insight, experience, or anything else constructive, throw it in and maybe one of us can come up with something to crack this bootloader. Root might be nice, but to do anything worth a damn, an open bootloader is needed.
So I'll get this thread rolling...
Something I thought of...some devices need special programming cables.
How comical would it be if Amazon is selling the product needed to send the special command to the device to unlock it?
amazon.com/Factory-Fastboot-Cable-N2A-Motorola/dp/B0099E59SG
I'm going to pick one up and see what I can do with it.
Also something to throw out, anyone aware of how to gather the HW identifier for fastboot devices? Some devices also need to manually have the HW identifier passed via fastboot -i
kenmoini said:
Ok, so I figured I'd start a thread for a little community think tank.
If you have any ideas, direction, insight, experience, or anything else constructive, throw it in and maybe one of us can come up with something to crack this bootloader. Root might be nice, but to do anything worth a damn, an open bootloader is needed.
So I'll get this thread rolling...
Something I thought of...some devices need special programming cables.
How comical would it be if Amazon is selling the product needed to send the special command to the device to unlock it?
amazon.com/Factory-Fastboot-Cable-N2A-Motorola/dp/B0099E59SG
I'm going to pick one up and see what I can do with it.
Also something to throw out, anyone aware of how to gather the HW identifier for fastboot devices? Some devices also need to manually have the HW identifier passed via fastboot -i
Click to expand...
Click to collapse
That cable will not cut it. I have a few N2A fastboot cables, so don't wast your money. The identifier is out there somewhere, don't remember where I found it, but fastboot -i xxxxxxxx will not do it either. Not trying to shoot down the post, but most of the obvious stuff has been tried. It is very likely that a key must be sent before fastboot will go online via usb, but I haven't found anything that works pouring thru the source or bl/misc dumps & hex views.
GSLEON3 said:
That cable will not cut it. I have a few N2A fastboot cables, so don't wast your money. The identifier is out there somewhere, don't remember where I found it, but fastboot -i xxxxxxxx will not do it either. Not trying to shoot down the post, but most of the obvious stuff has been tried. It is very likely that a key must be sent before fastboot will go online via usb, but I haven't found anything that works pouring thru the source or bl/misc dumps & hex views.[/QUOTE
I'm no device but will this help?
if stay at fastboot you should send command ” fastboot -i 0×1949 oem idme bootmode 4000″ under fastboot command line. if it can not fix, you should reflash the system.img to the kindle fire hd.
Click to expand...
Click to collapse
Tomen8r said:
GSLEON3 said:
That cable will not cut it. I have a few N2A fastboot cables, so don't wast your money. The identifier is out there somewhere, don't remember where I found it, but fastboot -i xxxxxxxx will not do it either. Not trying to shoot down the post, but most of the obvious stuff has been tried. It is very likely that a key must be sent before fastboot will go online via usb, but I haven't found anything that works pouring thru the source or bl/misc dumps & hex views.[/QUOTE
I'm no device but will this help?
if stay at fastboot you should send command ” fastboot -i 0×1949 oem idme bootmode 4000″ under fastboot command line. if it can not fix, you should reflash the system.img to the kindle fire hd.
Click to expand...
Click to collapse
No. That is for the older model, using TI & uboot.
Click to expand...
Click to collapse
How about flashing an alternative bootloader like U-boot?
Patrick4 said:
How about flashing an alternative bootloader like U-boot?
Click to expand...
Click to collapse
We are not at the point where we can overwrite the bootloader yet. The kernel prevents the system from touching the bootloader.
JordanRulz said:
We are not at the point where we can overwrite the bootloader yet. The kernel prevents the system from touching the bootloader.
Click to expand...
Click to collapse
The kernel can not really prevent access to the bootloader. The bootloader & kernel are independent of each other. In fact, the bootloader is online before the kernel and even without a kernel, you can still access the bootloader. In fact, I have learned that at this time, no kernel can allow or bar access to the bootloader. That applies to Linux, not just Android.
Even beyond that, many functions on all devices are being moved onto parts of the chip that the kernel cannot access period. They are moving many functions & features into the trusted zone, beyond the kernels reach.
At any rate, none of that changes the fact that you have to have an unlocked bootloader to change the bootloader, or at the very least, an exploit that makes the bootloader think it is unlocked, or that temporarily unlocks it.
Would it help if I offered my HDX 8.9, with the advantage that I have a RIFF box so I could eventually restore the whole thing if needed?
I haven't been able to it teardown, I am afraid I might break something when trying it, but according to iFixit's mini teardown: ifixit.org/blog/5564/kindle-fire-hdx-8-9-mini-teardown/
It doesn't have screws to open the lid, but I can see some screws holes on the pictures and it was too stuck at the top part (right where the HDX 7 has the pink screws).
So:
- If any of you did tear it down without visible scratches or dents and can point me in the right direction I will be willing to try it (have some jtag adapters which I think should work with the socket on the Kindle).
- Is it worth it for any devs to try with my Kindle and available tools?
Thanks!
Would it be possible to pull the bootloader of the device and analyze it in hex or disassemble it ?
All Stormed out?
Guess this brainstorm dissipated? I am researching because of a Saturn that somehow lost the boot.img file. I may have to relinquish it to the brick pile.
Related
RIP
It has been reported that the info previously presented here is likely to cause troubles recovering in some cases. All info has been removed until further study is complete.
RIP
RIP
I believe fastboot commands have to have the following syntax for the TF300T
fastboot -i 0x0B05
Anyone tried this guide yet?
rpicaso said:
I believe fastboot commands have to have the following syntax for the TF300T
fastboot -i 0x0B05
Anyone tried this guide yet?
Click to expand...
Click to collapse
If using the -i 0x0B05 makes you feel better then by all means use it. When I started collecting information from all of the NVFlash posts I thought the same thing. I found no posts using that format and what I have posted is copied and pasted into a file as it was reported. Later when I had read every NVFlash post I decided to leave everything as I found it rather than correct it when it appears to work without adjustment.
Since putting this together I have not used that format with fastboot and it seems to work fine, makes me wonder if the drivers used for earlier asus transformers were lacking.
Whether you try this or not good luck in your attempt to recover your unit!
When I return home tonight I will edit this thread to reflect -i 0x0B05 on fastboot commands even though this an exact copy of commands from the posts I found.
Thanks for your post.
Good point
tobdaryl said:
If using the -i 0x0B05 makes you feel better then by all means use it. When I started collecting information from all of the NVFlash posts I thought the same thing. I found no posts using that format and what I have posted is copied and pasted into a file as it was reported. Later when I had read every NVFlash post I decided to leave everything as I found it rather than correct it when it appears to work without adjustment.
Since putting this together I have not used that format with fastboot and it seems to work fine, makes me wonder if the drivers used for earlier asus transformers were lacking.
Whether you try this or not good luck in your attempt to recover your unit!
When I return home tonight I will edit this thread to reflect -i 0x0B05 on fastboot commands even though this an exact copy of commands from the posts I found.
Thanks for your post.
Click to expand...
Click to collapse
The earlier drivers may be an issue, or, maybe a hardware difference between tablets. I know on my TF300T fastboot will not function at all without the -i 0x0B05 and as a matter of fact, fastboot reboot will not work at all with or without the -i 0x0B05.. I don't have the need to recover my pad right now as it's running fine but it's nice to know there is a starting point in case I do brick it, using this guide. Thanks for taking the time to post it up!
rpicaso said:
The earlier drivers may be an issue, or, maybe a hardware difference between tablets. I know on my TF300T fastboot will not function at all without the -i 0x0B05 and as a matter of fact, fastboot reboot will not work at all with or without the -i 0x0B05.. I don't have the need to recover my pad right now as it's running fine but it's nice to know there is a starting point in case I do brick it, using this guide. Thanks for taking the time to post it up!
Click to expand...
Click to collapse
You are welcome and thanks for the post and correction. I took a break and made the change as per your post.
I hope someone finds this useful to recover, I did this because there was no thread with the info needed for recovery.
Posts like yours will help to fashion this thread into something useful.
The first steps
Thank you for helping out, taking the first steps and compiling this information. If all goes well, I should be able to confirm the actual steps required to successfully restore from ANY softbrick, as long as you have your nvflash files.
rip
I want to root my nexus 7. I don't know how to all the tutorials are for windows or useing the tool kit I want to do it manually I don't have my boot loader unlocked
Whaleshark345 said:
I want to root my nexus 7. I don't know how to all the tutorials are for windows or useing the tool kit I want to do it manually I don't have my boot loader unlocked
Click to expand...
Click to collapse
All the tutorials presume unlocking of the bootloader. afaik, nobody has bothered to find a separate privilege escalation method of rooting for the N7.
fastboot is available from Google (SDK) for Linux. That means that fastboot methods are identical, irrespective of platform.
There is nothing that prevents you from re-locking the bootloader after you have rooted - with the penalty that unlocking it later will cause a full wipe of /data.
Technically though, it is the *act* of unlocking the bootloader that causes a voiding of the warranty. If they really wanted to do it, I have no doubt Asus could detect a re-locked bootloader (by examining low-level flash write counters).
cheers
Thanks but i was wondering if someone could explain it to me a little more clearly and pro give a link to a tutorial
Unlock the bootloader. There is zero reason not to, except for the factory reset it does.
Whaleshark345 said:
Thanks but i was wondering if someone could explain it to me a little more clearly and pro give a link to a tutorial
Click to expand...
Click to collapse
How long exactly did you look around? Two seconds?
http://forum.xda-developers.com/showthread.php?t=2150661
bftb0 said:
How long exactly did you look around? Two seconds?
http://forum.xda-developers.com/showthread.php?t=2150661
Click to expand...
Click to collapse
3 seconds
bftb0 said:
How long exactly did you look around? Two seconds?
http://forum.xda-developers.com/showthread.php?t=2150661
Click to expand...
Click to collapse
I can understand where the guy's coming from. I've now Googled about six different 'tutorials' on how to root the Nexus 7.
They are all total ****. Horribly written with unclear, incomplete, and contradictory instructions.
Seriously--that one you linked is only good if you already know how to do it. For someone that doesn't...it's useless.
I rooted my 7 months ago (unlocked bootloader, etc.), but lost root with the 4.2.2 update. I can't find the instruction set I used last time, and the tutorials I've found so far actually have me wishing whoever wrote them was here now so that I could beat the **** out of them.
Seriously, whoever wrote them--especially the one you linked--sucks. Bad. A lot. Terrible writing.
A shortcut is to install Windows in Virtualbox and use Wug's utility to get the job done, an extra step but this will surely save you a lot of time to do it manually.
http://www.webupd8.org/2012/08/install-adb-and-fastboot-android-tools.html
I dont understand what is so complicated about rooting a nexus device. it is literally the EASIEST device to root and flash. Not sure why people need walkthroughs or tutorials.
fastboot oem unlock
fastboot flash recovery nameofrecovery.img
reboot into recovery
install supersu.zip
what part of that is complicated that requires someone to hold your hand and help you type out the commands??
@fre1102
Well, I suppose that poorly written tutorials and a flood of newbs looking to be spoon fed is good for generating ad revenue for XDA. Not really great for what made it a compelling site in it's early history, though.
On the other hand, the OP asked a help question - and failed to do so in the help and questions forum. That certainly appears like a lack of paying attention, does it not?
I suppose you might have a complaint if you had actually been paying someone to give you advice, but to complain about the quality of something that costs you nothing seems a bit like an entitlement problem - whether you are correct in your appraisal or not.
It's an internet bulletin board - there is no barrier to entry and the quality is going to vary widely. That makes it YOUR RESPONSIBILITY to decide what to believe. It's not as if people are coming in to your home and forcing you to do any of this stuff.
Nobody here owes you anything; this site has always encouraged folks to take responsibility for their own actions. If you have a rooted device that is borked - simply put, that is YOUR FAULT. Period.
Pirateghost said:
http://www.webupd8.org/2012/08/install-adb-and-fastboot-android-tools.html
I dont understand what is so complicated about rooting a nexus device. it is literally the EASIEST device to root and flash. Not sure why people need walkthroughs or tutorials.
fastboot oem unlock
fastboot flash recovery nameofrecovery.img
reboot into recovery
install supersu.zip
what part of that is complicated that requires someone to hold your hand and help you type out the commands??
Click to expand...
Click to collapse
You can even cut that down by a step by installing the latest version of TWRP 2.4 which will autmatically detect an unrooted rom and root it for you.
I gotta admit though that getting some custom roms was a little confusing to me in the beginning after rooting and flashing a samsung phone using heimdall in Linux. It's the lack of a good guide that really didn't help. I was hoping that there would be a sticky in the Q&A or a wiki topic about it but those sections for the nexus 7 aren't that organized.
Maybe we should start using the wiki... It would be easier to keep up to date even if someone decides to abandon a thread since anyone else can go in and edit it, and if we get repeated questions we can just copy and paste a link for those who want to be spoon fed since they will always be a constant presence on this forum.
EDIT:
I had to use the cyanogenmod rom building wiki to get a good, well-written guide on unlocking the n7 and flashing a custom recovery. Good thing I had started building the rom before I got the device shipped to me since it helped to have a "good" version of cwm6 laying around.
thanks guys I rooted it was easy just needed to adjust the commands for Ubuntu witch is just adding a "sudo ./" to the beginning of every command
Whaleshark345 said:
thanks guys I rooted it was easy just needed to adjust the commands for Ubuntu witch is just adding a "sudo ./" to the beginning of every command
Click to expand...
Click to collapse
Good deal. Some folks go to the trouble of customizing some udev configuration files (I think it's udev, but can't remember right now) so that unprivileged Linux users have permissions on individual USB devices.
To me that seems like quite a bit of trouble for stuff that I do infrequently (using fastboot); I just drop to a root shell
$ sudo /bin/bash
#
and save a couple keystrokes with the fastboot commands.
BTW, when using adb from Linux, it is only necessary to start up the adb server with root privileges - the server process is the only thing needing privileges on the USB bus, so
Code:
$ sudo `which adb` devices
gets the party started but
$ adb pull /sdcard/myzipfile.zip
won't result in files owned by root.
Not surprisingly, all this stuff is less cumbersome using a Mac OS/X flavor of Unix - by default the USB devices are reachable by unprivileged users without any udev/hotplug diddling or sudo invocations.
cheers
I very noobs when type command "fastboot erase bootloader". My Nexus 7 is brick.
Can you help me fix this problem?
KingMGT said:
I very noobs when type command "fastboot erase bootloader". My Nexus 7 is brick.
Can you help me fix this problem?
Click to expand...
Click to collapse
Hi, KingMGT...
You typed the command that should never be typed!
Unless you have previously created 'blobs' specific to your Nexus 7 (using the flatline procedure), your device is unrecoverably bricked.
Rgrds,
Ged.
Can you help me fix this problem? :( :([/QUOTE said:
Strip it and sell the parts on eBay apart from the motherboard im afraid its unrecoverable without blob backups
Sent from one of my 47 iPads running android C3P0
Click to expand...
Click to collapse
Captain Sweatpants said:
Strip it and sell the parts on eBay apart from the motherboard im afraid its unrecoverable without blob backups
Sent from one of my 47 iPads running android C3P0
Click to expand...
Click to collapse
Is RMA out of discussion here ?
Wild78 said:
Is RMA out of discussion here ?
Click to expand...
Click to collapse
Yes. Because he erased his bootloader.
You could buy a new motherboard and fit it you self its pretty easy and you can get them for about £40/50 but warranty is out the question.
Sent from one of my 47 iPads running android C3P0
Read read read, learn, learn more, understand, understand fully......then and only then start messing with your devices.
Sorry for your loss.
Sent from my N5 cell phone telephone....
KingMGT said:
I very noobs when type command "fastboot erase bootloader". My Nexus 7 is brick.
Can you help me fix this problem?
Click to expand...
Click to collapse
Well bro, you have my sympathy.
This command results in hard bricks.....
Now the only way is to restore a .blob backup which you should have taken through flatlines nvflash before doing the biggest mistake of your life.
You may reclaim your warranty, I think.....but your n7 is dead.
Sent from my Nexus 7 using Tapatalk
Thanks all.
I sold it and bought a new Google nexus 7 16GB Wifi.
After bought, i instant backup blob.bin hehe.
We live and learn. The first time I started messing with android I hard bricked a Samsung galaxy spica. Got really nervous about messing with my next phone
Sent from one of my 47 iPads running android C3P0
KingMGT said:
I very noobs when type command "fastboot erase bootloader". My Nexus 7 is brick.
Can you help me fix this problem?
Click to expand...
Click to collapse
I am pretty sure your nexus is a paperweight, but can I ask....what possessed you to type that?...
KingMGT said:
I very noobs when type command "fastboot erase bootloader". My Nexus 7 is brick.
Can you help me fix this problem?
Click to expand...
Click to collapse
Curious if you know which bootloader version you have? I'm on 4.23 and I have, out of morbid curiousity, typed that which should never be type... fastboot erase bootloader and it doesn't erase. Says erase failed. Bootloader and Nexus unharmed. That being said, please DO NOT try this at home! But I'm wondering under what circumstances a bootloader would allow itself to be erased? I've flashed bootloaders, which makes total sense, but erasing should never be an option.
adomol said:
Curious if you know which bootloader version you have? I'm on 4.23 and I have, out of morbid curiousity, typed that which should never be type... fastboot erase bootloader and it doesn't erase. Says erase failed. Bootloader and Nexus unharmed. That being said, please DO NOT try this at home! But I'm wondering under what circumstances a bootloader would allow itself to be erased? I've flashed bootloaders, which makes total sense, but erasing should never be an option.
Click to expand...
Click to collapse
You sir, are brave.
Sent from my N5 cell phone telephone....
adomol said:
Curious if you know which bootloader version you have? I'm on 4.23 and I have, out of morbid curiousity, typed that which should never be type... fastboot erase bootloader and it doesn't erase. Says erase failed. Bootloader and Nexus unharmed. That being said, please DO NOT try this at home! But I'm wondering under what circumstances a bootloader would allow itself to be erased? I've flashed bootloaders, which makes total sense, but erasing should never be an option.
Click to expand...
Click to collapse
Hi, adomol...
As politely as I can put this, but "Why?"... did you try this...
Generally, the command...
Code:
fastboot erase <partition_name>
...will delete/erase whatever the named partition occupies. Often, this will be for something relatively innocuous, (eg., fastboot erase boot, fastboot erase userdata, etc.) but it also WILL ERASE THE UNIQUE DEVICE SPECIFIC, CRYPTOSIGNED BOOTLOADER for your unique Nexus 7 if your attempt to erase the bootloader succeeds. And your device is then HARDBRICKED.
---------------------------------------------
I suspect the reason why your quasi-suicidal attempt to brick your Nexus 7 failed, is because your bootloader is probably locked... and fastboot commands fail if the bootloader is locked.
I strongly recommend you desist from further experimentation along these lines.
Rgrds,
Ged.
GedBlake said:
Hi, adomol...
As politely as I can put this, but "Why?"... did you try this...
Generally, the command...
Code:
fastboot erase <partition_name>
...will delete/erase whatever the named partition occupies. Often, this will be for something relatively innocuous, (eg., fastboot erase boot, fastboot erase userdata, etc.) but it also WILL ERASE THE UNIQUE DEVICE SPECIFIC, CRYPTOSIGNED BOOTLOADER for your unique Nexus 7 if your attempt to erase the bootloader succeeds. And your device is then HARDBRICKED.
---------------------------------------------
I suspect the reason why your quasi-suicidal attempt to brick your Nexus 7 failed, is because your bootloader is probably locked... and fastboot commands fail if the bootloader is locked.
I strongly recommend you desist from further experimentation along these lines.
Rgrds,
Ged.
Click to expand...
Click to collapse
I know it was reckless and could have hardbricked my device, but the thrill overtook me. I have a history of this kind of behavior. But that is beside the point.
I've used fastboot many times and executed most of the usual commands... format, erase, flash, devices, oem unlock, oem lock. All on this very device. The same one I almost euthanized. It is a Nexus 7 2012, unlocked running all-f2fs SlimKat, bootloader version 4.23 (which is the current version.) I flashed that bootloader myself a couple months back when I did a nexus factory image install through fastboot. I also used the erase command on all the usual partitions before flashing them, as I took care of each one seperately.
That being said, I executed the dreaded command on this N7. Result... erase failed
Now that result just brings up more questions, although it would make sense to have fastboot not be able to erase that part or somehow build into the bootloader somekind of failsafe. Could be that 4.23 can't be erased and older versions can?
adomol said:
I know it was reckless and could have hardbricked my device, but the thrill overtook me. I have a history of this kind of behavior. But that is beside the point.
I've used fastboot many times and executed most of the usual commands... format, erase, flash, devices, oem unlock, oem lock. All on this very device. The same one I almost euthanized. It is a Nexus 7 2012, unlocked running all-f2fs SlimKat, bootloader version 4.23 (which is the current version.) I flashed that bootloader myself a couple months back when I did a nexus factory image install through fastboot. I also used the erase command on all the usual partitions before flashing them, as I took care of each one seperately.
That being said, I executed the dreaded command on this N7. Result... erase failed
Now that result just brings up more questions, although it would make sense to have fastboot not be able to erase that part or somehow build into the bootloader somekind of failsafe. Could be that 4.23 can't be erased and older versions can?
Click to expand...
Click to collapse
Hi, adomol...
You're definitely onto something here... I must be mad, but I've just attempted to erase my bootloader. And encountered a similar error to yours.
So, with every precaution available to hand, here's what I did...
------------------------------------
...made available a known working copy of the v4.23 bootloader.img on my laptop, with the intention of immediately fastboot flashing it, in the event the bootloader erase SUCCEEDED. (Providing you DON'T reboot the device immediately after a bootloader flash failure (or erasure), there is a small window of opportunity to fastboot flash a known working bootloader... before you reboot the device.)
...made available my 'flatline' created 'blob.bin' file, and nvFlash tools...
My device...
Nexus 7 (2012), 16Gb,'grouper' model, WiFi only.
Bootloader v4.23, unlocked.
Custom recovery is TWRP 2.7.0.0
Running rooted KitKat 4.4.2, with modifications (see my sig. for details).
--------------------------------------------------------------------------
With all tools, files and everything I could think of readily available (and my heart in my stomach!!)... I ran the potential Nexus 7 command line killer...
WARNING TO ALL READERS: The following command is potentially VERY dangerous, and may BRICK your device. Do NOT use casually. The previous poster raised an interesting issue regarding the v4.23 bootloader, and what follows is my own risky experiment... which happily, did not brick MY Nexus 7. I can make no such guarantees about YOUR Nexus 7.
Code:
fastboot erase bootloader
It failed... with this error message...
Code:
erasing 'bootloader'...
FAILED <remote: Unsupport Erase bootloader Partition.>
finished. total time: 0.016s
See my attached thumbnail.
So, it DOES appear that, at least as far as the v4.23 bootloader is concerned... it's impossible to deliberately erase it... although accidentally overwriting it, I suspect might be a different matter - eg., inadvertently fastboot flashing a boot.img to the bootloader partition, for example.
Anyway... very nice find, @adomol... you've discovered something interesting as a result of your bravery or foolhardiness... and I can't decide which! Whichever quality it is, I think I share it.
--------------------------------------------------------------------------
Right... I'm off for a cigar, and a drop of whisky to calm my nerves.
Rgrds,
Ged.
GedBlake said:
Anyway... very nice find, @adomol... you've discovered something interesting as a result of your bravery or foolhardiness... and I can't decide which! Whichever quality it is, I think I share it.
--------------------------------------------------------------------------
Right... I'm off for a cigar, and a drop of whisky to calm my nerves.
Rgrds,
Ged.
Click to expand...
Click to collapse
I'm breeding an XDA loony bin in here! It's like Jackass Nexus 7 edition. :laugh:
Thanks for posting the screenshot, though. I wish I would have been resourceful enough to do that, considering how unlikey these results were thought to have been. Good job @GedBlake!
@adomol That being the one command that will irrevocably brick a nexus you at either very brave or stupid to type that please tell me you had a blob.bin backup before trying that. Anyway that's an interesting find nonetheless.
Programming is a race between engineers striving to build bigger and better idiot-proof programs, and the Universe trying to produce bigger and better idiots. So far, the Universe is winning.
Hello,
Problem:
factory reset my Droid RAZR M with the hope to resolve in-call audio problems (very low ear piece volume at full). When I rebooted the phone the Welcome screen appeared asking for a language choice. Chose english US. The Message: "Please wait, This may take a few minutes" appeared with a spinning icon. But nothing else ever happens. The phone never moves beyond this selection.
I have android-sdk (Linux setup) installed on my computer in order to use the suite of tools like fastboot and adb. The tools work, in that I can see the phone, pull data, upload to the phone and even get a command shell on the phone. However in order for adb to recognize the phone I have to put the phone in "BT Tools" mode. In "AP fastboot" mode fastboot sees the phone. As far as I remember USB debugging was turned on.
I do not have a recovery image installed.
The phone has Kitkat 4.4.2 ver 183.46.10 and is rooted with TowelRoot. I just unlocked the bootloader today via motoapocalypse package. Status of the phone is unlocked Code 3
I also removed some unused apps - like NFL and a few other space and bandwidth consuming apps that I will never use.
I'd like to get this phone to work again. Is there any hope?
Please advise and thanks for reading.
You can flash custom recovery via fastboot and then custom ROM or flash stock ROM via RSD. Guide is in first thread in general section.
http://forum.xda-developers.com/showthread.php?t=2869432
[GUIDE][FAQ][DIY][KK] How to Root, Boot Unlock & More
Thanks for the pointer. I gather that RSD is a Windows based app. At the present time I do not have a Windows computer. So I took a shot at the job using fastboot, adb and all as found in the android-sdk. Did the steps as described in the flashing post. Now all I ever see is the "Bootloader unlocked warning message" and the phone never progresses beyond the warning. I disassembled the phone, to disconnect the battery -- hoping for a reset miracle. No change after reassembly. Given the latest state of the phone as described above, is there any chance of reviving this phone now that it's stuck at the bootloader warning?
(I read a post about a Motorola Factory Cable -- and if I understand the factory cable puts the phone in a special mode for flashing looking into this option).
I am out to learn and am not afraid of poking around -- so at this point I have no more to lose.
Would the Windows computer make the difference? Using linux mint atm.
Klen2 said:
You can flash custom recovery via fastboot and then custom ROM or flash stock ROM via RSD. Guide is in first thread in general section.
http://forum.xda-developers.com/showthread.php?t=2869432
[GUIDE][FAQ][DIY][KK] How to Root, Boot Unlock & More
Click to expand...
Click to collapse
diordnAMRZAR said:
Thanks for the pointer. I gather that RSD is a Windows based app. At the present time I do not have a Windows computer. So I took a shot at the job using fastboot, adb and all as found in the android-sdk. Did the steps as described in the flashing post. Now all I ever see is the "Bootloader unlocked warning message" and the phone never progresses beyond the warning. I disassembled the phone, to disconnect the battery -- hoping for a reset miracle. No change after reassembly. Given the latest state of the phone as described above, is there any chance of reviving this phone now that it's stuck at the bootloader warning?
(I read a post about a Motorola Factory Cable -- and if I understand the factory cable puts the phone in a special mode for flashing looking into this option).
I am out to learn and am not afraid of poking around -- so at this point I have no more to lose.
Would the Windows computer make the difference? Using linux mint atm.
Click to expand...
Click to collapse
You can try using SBF_FLASH or mFastboot-v2 (which has a linux version) to flash the system.img .
SOLVED: [Q] Droid Razr M not fully booting: Help Please
That worked. Thanks! So the difference between the SDK fastboot and the one in the link provided (mfastboot-V2): the linux-fastboot seems to be smarter about uploading the larger image files to the flashable device (guessing). I am sure I did "flashboot flash system system.img" with the flashboot util from the SDK.
@ATTACK do you have the source for that version of fastboot or patches? Would like to have a look.
Thanks again! Got an unlocked rooted working Droid RAZR M!
diordnAMRZAR said:
That worked. Thanks! So the difference between the SDK fastboot and the one in the link provided (mfastboot-V2): the linux-fastboot seems to be smarter about uploading the larger image files to the flashable device (guessing). I am sure I did "flashboot flash system system.img" with the flashboot util from the SDK.
@ATTACK do you have the source for that version of fastboot or patches? Would like to have a look.
Thanks again! Got an unlocked rooted working Droid RAZR M!
Click to expand...
Click to collapse
Your guess is correct, mfastboot allows you to flash larger system.img's that wont otherwise flash in fastboot.
As for sources... I have no idea who created mfastboot or where it came from. It's just one of those things that get's passed around the internet.
ATTACK said:
Your guess is correct, mfastboot allows you to flash larger system.img's that wont otherwise flash in fastboot.
As for sources... I have no idea who created mfastboot or where it came from. It's just one of those things that get's passed around the internet.
Click to expand...
Click to collapse
Well I'm happy to have the utility that works. Can thank you enough -- or the creators. Found it also on goggle code after a properly crafted search string. All this for an in-call audio problem that only worsened after I took the phone apart. Still works on speaker mode though so that's good enough -- at low volume. And I learned a few things. One interesting thing: The shell prompt got rewritten to say ${USER}@scorpion_mini/ after flashing the system.img. Pretty sure it only said android prior to re-flashing . And the getprop helper app is a new thing for me.
Feel like a kid all over again exploring this little device.
Doing anything listed here will void your warranty. I don't know the laws where you are so assume it makes you a criminal. These things are posted here for educational purposes only. Never follow any guide if you don't understand the commands.
Enough BS, let's jump in.
For windows users. Installing drivers:
1. Plug USB cable into PC.
2. On the A3 prime, instead of using USB as charging, select use USB as Updating Firmware (i forget actual wording)
3. A prompt will come up on Windows, install those drivers.
4. Reboot.
Install adb and fastboot on your PC, it is up to you to do this.
Enable developer options on your phone, and enable USB debugging and OEM Unlocking.
In your CMD/Shell/Whatever you have.
adb reboot bootloader
fastboot flashing unlock (use volume up to confirm)
fastboot flashing unlock_critical (use volume up to confirm)
Congrats you've unlocked the bootloader.
Use 'fastboot reboot' to reboot if you haven't done so already.
-----
this is where the progress on this device comes to a halt.
The kernel source is available from opensource.ztedevices.com
The device codename is Z5157V, the Kernel they have is listed under Z5157V Q(10) Kernel(4.4.185)
What needs to happen next? Someone needs to compile the kernel from source.
Once that is done, they can extract the boot.img from it, use Magisk, and make a modified boot.img
Whoila, they will now have root. Once this person has root, they can extract recovery.img from the device, and we can begin making a custom TWRP, or who knows, maybe Team Win will pick it up (unlikely).
Once we have a custom recovery and working Magisk, it's just a matter of time before we start seeing custom ROMS.
If someone will sign up to be a guinea pig, or has an extra A3 Prime laying around I will continue development. I bricked mine because I was impulsive and honestly, kinda stupid. (browse through thread to see my idiocy)
Until such a time that I come to possess another A3 Prime OR someone steps up to provide a firmware dump, I am unable to help.
Good luck developing!
Only managed to unlock the bootloader but can't seem to find any information on rooting it.
The structure is indeed different than what you would normally expect to find. 'recovery' isn't a valid partition when trying to flash under fastboot for example.
The only reason I'm interested in trying to root this device is because The mtk engineering mode app doesn't work on this phone, at least not the visible version, so band locking doesn't seem possible without root and a different rom.
Yeah, I bricked my device by flashing a universal MTK TWRP.
Came here to say this, do not flash universal MTK.
It is a soft brick, bootloops with no access to stock or TWRP recovery.
The phone's model number is Z5157V and the stock firmware is Z5157VV1.0.0B17 for google indexing reasons. Only place that MAY have it is behind a $40 pay wall.
Managed to get the kernel from opensource.ztedevices.com, just beginning to work on it now (not sure how I'm gonna get my phone out of bootloop mode, but I'll solve it later)
I have never compiled a kernel from source, but I'm eager to learn, I have two days in the wilderness planned ahead of me. If anyone would compile the kernel, that is great. If not? I'll get it done when I get back.
Been playing around with the phone and key combinations, I think I have found a way to use SP Flash Tool in it's current soft brick state.
If I am successful in compiling the kernel, I will share it.
If I am able to unbrick this phone, I will write a guide.
If those two things happen, I'll be moving forward to make an AOSP based custom ROM for this phone. Maybe a first for a $100 device, but I like root.
If anyone else knows HOW to compile the kernel, you'd put me a few steps ahead when I get back.
Either way, nearly 200 lurkers on this thread, I hope to have answers soon.
ORANGE
zaduma said:
I was able to unlock the bootloader. Confirmed with a boot message on boot.
Click to expand...
Click to collapse
how does that bootmessage read?
does it say : "ORANGE STATE" et cetera ?
s4goa said:
how does that bootmessage read?
does it say : "ORANGE STATE" et cetera ?
Click to expand...
Click to collapse
Yeah
Orange State
Device can't be trusted
Booting in x seconds
1st.
zaduma said:
to make an AOSP based custom ROM for this phone. Maybe a first for a $100 device, but I like root.
Click to expand...
Click to collapse
why do you think you are first ? their are literally tons of €100 phones in circulation!
s4goa said:
why do you think you are first ? their are literally tons of €100 phones in circulation!
Click to expand...
Click to collapse
Who knows, guess I don't have much experience in this area. (Cheap phones) Figured it's usually not worth it to do all this work for a throwaway phone.
That said, I've been wrong before!
zaduma said:
Yeah
Orange State
Device can't be trusted
Booting in 5 seconds
Click to expand...
Click to collapse
same here after
Code:
fastboot flashing unlock_critical
(bootloader) Start unlock flow
FAILED ()
Finished. Total time: 21.830s
s4goa said:
same here after
Code:
fastboot flashing unlock_critical
(bootloader) Start unlock flow
FAILED ()
Finished. Total time: 21.830s
Click to expand...
Click to collapse
Strange it fails, try flashing unlock first, then flashing unlock_critical, make sure to press volume up on phone when prompted.
fastboot
dude, in order to avoid fuqqing confusion you ought not abbreviate a shell command like you do.
Anyhow, since we two guys have different phones, it makes sense only for me to generally discuss the rooting strategy on a ZTE Spreadtrum phone, as the specifics will differ too much.
I have fastboot on a Lumigon T3 as my "ZTE blade A5 2019" does not have fastboot.
---------- Post added at 16:07 ---------- Previous post was at 15:55 ----------
rooters, come join https://forum.xda-developers.com/group.php?groupid=1925
s4goa said:
dude, in order to avoid fuqqing confusion you ought not abbreviate a shell command like you do.
Anyhow, since we two fuys have different phones, it makes sense only for me to generally discuss the rooting strategy on a ZTE Spreadtrum phone, as the specifics will differ too much.
I have fastboot on a Lumigon T3 as my "ZTE blade A5 2019" does not have fastboot..
---------- Post added at 16:07 ---------- Previous post was at 15:55 ----------
rooters, come join https://forum.xda-developers.com/group.php?groupid=1925
Click to expand...
Click to collapse
Sorry, for clarity if on Linux type su and your root password, or use sudo to escalate your permissions if you don't have permission to use fastboot as a regular user.
If you're on windows, consider a free upgrade, but also leave out sudo and once in fastboot mode on a3 prime, type
1. (sudo) fastboot flashing unlock
2. (sudo) fastboot flashing unlock_critical
Press volume up when prompted and congrats your warranty is now void, bootloader unlocked. I'm not responsible for your choices.
__________
Also yeah, the phones even have different chipsets the Z5157V is a MTK phone
fastboot
this "orange state unlock bootloader" has - however - nothing or little to do with "Developer Menu option UNLOCK BOOTLOADER"
do you know more about this?
on my Lumigon these 2 unlockings are independent of each other, never mind the identical name "unlock bootloader".
s4goa said:
this "orange state unlock bootloader" has - however - nothing or little to do with "Developer Menu option UNLOCK BOOTLOADER"
do you know more about this?
on my Lumigon these 2 unlockings are independent of each other, never mind the identical name "unlock bootloader".
Click to expand...
Click to collapse
Yeah, you'll need to toggle that option to on in Developer Settings before entering the bootloader/fastboot mode and running the unlock commands or they will fail.
we're screwed !
dude, dammit! they cryptosign bootloaders now LINK
if that is true we're done for! how to hack those cryptochips?
its for Unisoc SC9863A Spreadtrum but also other CPUs.
zaduma said:
:crying:
Click to expand...
Click to collapse
s4goa said:
Click to expand...
Click to collapse
Well, I am terribly sorry to hear that, but at least the A3 prime is on mediatek chipsets which I don't believe has any such protection.
Spreadtrum SC9832E, 64bit
zaduma said:
the A3 prime is on mediatek chipsets
Click to expand...
Click to collapse
if you are sure that boot.img can be "modded" then the A3 is a superior phone, let me tell you.
---------- Post added at 22:54 ---------- Previous post was at 22:50 ----------
anyway... its kewl u posted at https://www.gizmochina.com/2020/07/01/zte-blade-a3v-key-specs-leak/
s4goa said:
if you are sure that boot.img can be "modded" then the A3 is a superior phone, let me tell you.
---------- Post added at 22:54 ---------- Previous post was at 22:50 ----------
anyway... its kewl u posted at https://www.gizmochina.com/2020/07/01/zte-blade-a3v-key-specs-leak/
Click to expand...
Click to collapse
Keep checking for updates, once I'm back in town that's exactly what I'll be working on.
Sorry to anyone following this thread, I will continue working on building the kernel, extracting boot, and getting this phone rooted. I will need a volunteer to test the root solution once it is built, and then if possible follow a few steps and extract recovery.img on your newly rooted device and send that to me.
I just don't have the time today even though I said I would be doing it. If there are any volunteers with an A3 prime let me know!