Related
Anyway, I was using Miui V3 2.4.20 [2.6.35], and Google maps wasn't very happy with it. So I decided it was time to move on to the .32 kernal version, since the developer was going that way too. Downloaded a stock rom with .32 kernal, went to the pink screen and flashed, and then boot loop.
Luckily, I'm awesome, so my phone won't die on me. Tried flashing some roms through clockwork, no bootloop, just stuck at huawei logo. Tried flashing some stock roms, and at about 98% done flashing it goes error. Some parts get flashed causing my recovery reverts to stock, but I'm still stuck at the huawei logo.
Also, in clockworkmod I get errors mounting data and emmc, so that might be a problem. Other partitions mount fine.
I'm sure I'll find a solution eventually, so there's no rush. I've been in similar situations before. Just wanted to see what other people had used for similar situations. So if you know of something that would help, please let me know.
Found these through search (I'll do a better search again later), i will try them tomorrow:
http://forum.xda-developers.com/showpost.php?p=18944228&postcount=4
http://forum.xda-developers.com/showthread.php?t=1683249
http://forum.xda-developers.com/showthread.php?t=1689469
http://forum.xda-developers.com/showthread.php?t=1682501
http://forum.xda-developers.com/showthread.php?t=1011527
After reading a lot of threads, attempting to flash a lot of roms (stock and others), replacing all kinds of images, and offering a sacrifice to the cellphone gods, still at the same problem:
To reiterate problem:
1) Stuck/reboots at Huawei logo
2) Flashing stock roms via pink screen never finish installing, get error message at ~95% finished (During install, unpacks fine)
3) Flashing roms via recovery say they installed, but still boot problem
4) This problem occurred while trying to downgrade from .35 to .32
My next step is to try using Linux to put the Dload folder on the internal SD card and try installing from there. I have a feeling it is related to the partitions having problems. I used both the "get back pink screen" and "data partition resize," maybe something went wrong with them that only appeared when I tried to go back to stock. I'll find out more when I install linux and can see if the partitions are OK or not.
I've always wanted to try linux, and now that my phone is broke I have found the motivation to do so. So a word of advice for people for people wanting to try linux but are too lazy to download the linux file: Soft-brick your phone, it gives you motivation.
UPDATE: I'm pretty sure my partition table is broke pretty bad. In adb shell, df gives me:
Filesystem Size Used Free
/dev 173M 64K 172M
/system 203M 200M 2M
/cache 127M 4M 123M
and that's it. No /HWUserData, /.cust_backup, /mnt/asec, /mnt/obb, or /data.
Would someone be as kind as to tell me how to fix the partition table? I've got a soldering iron, duct tape and super glue. Also, I'm not afraid to buy a "box" to do some Jtag stuff.
Anybody know what Blefish uses to format the phone memory? I read on his tumbler page and his github that he has altered the partition table (he split the /hwuserdata into three sections, which means he has the ability to create partitions) If I can get that tool, then I have a plan:
0) If my understanding is correct, the updates don't install because the needed partitions are missing, which causes an error. I guess the updates won't create partitions, just alter them.
1) Use the tool blefish used to setup the partition table as described in this thread: http://forum.xda-developers.com/showthread.php?t=1504488
2) Once the partitions are back, i should at least be able to get the blue screen, if I'm good, then I can put all right files in /dev/sdb1, which will get me the pink screen.
3) Using the blue/pink screen, I can install stock firmware, which should correct any problems that the partition table has. Maybe even install android.
4) Do the happy dance
5) ???
6) Profit
I've done my homework, searched the forums, made a plan, and cleaned my room. Someone please give me some feedback and at least let me know if I'm heading in the right direction.
typci said:
Anybody know what Blefish uses to format the phone memory?
Click to expand...
Click to collapse
I am using fdisk, the main partitioning tool for MBR table. You can check the table by doing fdisk /dev/block/mmcblk0 and then "p" which should print the current partition table. From there, you can also modify the partitions.
Sent from my U8800 using Tapatalk 2
Blefish said:
I am using fdisk, the main partitioning tool for MBR table. You can check the table by doing fdisk /dev/block/mmcblk0 and then "p" which should print the current partition table. From there, you can also modify the partitions.
Sent from my U8800 using Tapatalk 2
Click to expand...
Click to collapse
Awesome. I used to use fdisk back in the dos days, so I just need to brush up on my skills and learn the adb specifics. I really need to take the time to go learn all the commands associated with adb.
INTERESTING UPDATE: If I flash a rom with locked boot loader, I still get the pink screen but it doesn't work, i.e. I can't access the image folder via windows. If I flash a rom without a locked boot loader, pink screen works. Granted none of these roms actually fully flash, I still get the error near the end.
Fdisk = Permission denied, su = permission denied. Rooted boot image prevents me from getting into recovery, which means adb won't work. Any other way to get root? I'll try flashing a custom rom when I can get clockworkmod working again. For some reason I can't get recovery to load via vol+ & power.
Also something weird is going on. When it boots, it reboots once, then goes to stock recovery, tries to do a factory reset, gets errors on formating. Also in windows two removable disks appear, but I can access them. I take it that they represent the internal SD card and maybe the pink screen image folder partition. Tomorrow I'll try linux and see what happens.
UPDATE:
1) I can't use FDISK because SU won't work. I'm not sure how SU/root works on a software/partition bricked phone.
2) Rooted boot.img won't boot into recovery. SuperOneClick won't work because it can't find the data partition (probably because I don't have one).
3) I was going to try flashing a custom rom but for some reason I can't get clockworkmod working again. The phone will boot into stock recovery on it's own, after a couple of reboots. However, if I change the boot.img or recovery.img to anything else, it gets stuck at huawei logo or boot loop.
4) Unbuntu LiveCD won't work (says it can't find the kernal) even though I used the installer from the website and tried it both via cd and flash drive. Working on installing a dual-boot system now.
I'm really striking out here. Couple of questions if anyone would care to answer.
1) Besides recovery, how else can I establish an adb connection? Pink screen and huawei logo give me device not found.
2) Is there a root exploit available that doesn't require a data partition or is there a root exploit I can modify so it doesn't require a data partition? It's OK if it's a manual exploit, while I'm new with android/adb, I got plenty of experience with command prompt input from back in the dos days.
Also learned there is a HuaWei office in my town. Don't know what they do there, but if I don't make any progress after I couple more days, I'll go find out.
typci said:
UPDATE:
1) I can't use FDISK because SU won't work. I'm not sure how SU/root works on a software/partition bricked phone.
2) Rooted boot.img won't boot into recovery. SuperOneClick won't work because it can't find the data partition (probably because I don't have one).
3) I was going to try flashing a custom rom but for some reason I can't get clockworkmod working again. The phone will boot into stock recovery on it's own, after a couple of reboots. However, if I change the boot.img or recovery.img to anything else, it gets stuck at huawei logo or boot loop.
4) Unbuntu LiveCD won't work (says it can't find the kernal) even though I used the installer from the website and tried it both via cd and flash drive. Working on installing a dual-boot system now.
I'm really striking out here. Couple of questions if anyone would care to answer.
1) Besides recovery, how else can I establish an adb connection? Pink screen and huawei logo give me device not found.
2) Is there a root exploit available that doesn't require a data partition or is there a root exploit I can modify so it doesn't require a data partition? It's OK if it's a manual exploit, while I'm new with android/adb, I got plenty of experience with command prompt input from back in the dos days.
Also learned there is a HuaWei office in my town. Don't know what they do there, but if I don't make any progress after I couple more days, I'll go find out.
Click to expand...
Click to collapse
On pink screen, your device is just like any other mass storage device. So you can still use fdisk on ubuntu with the correct /dev/sdX path. You can also format the data/system/cache using other tools if you need to.
Sent from my U8800 using Tapatalk 2
Sweet, so I just need to get Unbuntu working. I still can't figure out why the live CD/flash drive didn't work. Oh, well. When I get off of work I'll get to installing the dual-boot system. Thanks for your help.
typci said:
Sweet, so I just need to get Unbuntu working. I still can't figure out why the live CD/flash drive didn't work. Oh, well. When I get off of work I'll get to installing the dual-boot system. Thanks for your help.
Click to expand...
Click to collapse
i actually understood nothing from your posts but i would like to congratulate you for being a user who does research before asking ppl something
and I gladly give you a bump
JaymzBond said:
i actually understood nothing from your posts but i would like to congratulate you for being a user who does research before asking ppl something
and I gladly give you a bump
Click to expand...
Click to collapse
Thanks. Unfortunately the project is on hold for a couple of days. My electric motorcycle has been having some problems and I've been repairing it. Also, I think I found out why linux wasn't working. Apparently the "alternative" downloads aren't useable as a live CD, which is why the kernal wasn't there. Anyway, it's been a great learning experience. Maybe after I "break" my phone enough times I'll learn enough to become a developer.
Doing some research before getting back to working on the phone.
Looks like Blefish is talking about using linux's fdisk, when I was trying to use adb's fdisk. That would certainly allow me to bypass the su problem with adb. I think I got all the correct files for my linux livecd, so that shouldn't be a problem. After I'm done with my workout, I'll try it out and see how it goes. It's time to learn how to use linux.
Update: Got unbuntu working. Storage devices are all /media instead of /dev like I was expecting. But I think I'm not looking in the right place.
Plugged in phone via pink screen and 3 drives came up:
System - has system stupp (app, bin, etc, fonts, ...) - sdb12
256 MB File system - image folder with all the .img and .mbn files - sdb1
136 MB File system - has fotapkg, lost+found, recovery folders- filesystem type ext3/ext4 - I'm not sure what this is, maybe sdb6? If it was data (sdb13) then I wouldn't get the error in recovery, If it was the internal SD card the filesystem should be vfat. If someone knows better, please let me know.
For some reason I don't have permission to access the lost+found folder, or so Unbuntu tells me.
Tried to used fdisk with system, got error: I don't know how to handle files with mode 40755
Also found some recovery log files in the fotapkg and recovery folders. I'll post it here incase someone can get some more useful information out of it. Does anyone know what all these (null) mean?
Tomorrow I'll get to work on learning how to use unbuntu and fdisk.
Starting recovery on Sun Jan 6 00:03:50 1980
can't open /dev/tty0: No such file or directory
framebuffer: fd 3 (480 x 800)
recovery filesystem table
=========================
0 /tmp ramdisk (null) (null)
1 /boot vfat /dev/block/mmcblk0p1 (null)
2 /fat vfat /dev/block/mmcblk0p1 (null)
3 /cache ext4 /dev/block/mmcblk0p6 (null)
4 /data_pseudo ext4 /dev/block/mmcblk0p13 (null)
5 /misc emmc /dev/block/mmcblk0p7 (null)
6 /recovery vfat /dev/block/mmcblk0p1 (null)
7 /HWUserData vfat /dev/block/mmcblk0p14 (null)
8 /system ext4 /dev/block/mmcblk0p12 (null)
9 /sdcard vfat /dev/block/mmcblk1p1 /dev/block/mmcblk1
I:cmdline: console=ttyDCC0 androidboot.hardware=huawei androidboot.localproppath=hw/default androidboot.emmc=true androidboot.image=recovery androidboot.mode=user androidboot.baseband=msm
Ita_move_command_file
I:Got arguments from boot message
Command: "recovery" "--wipe_data" "--wipe_cache"
Formatting /cache...
Creating filesystem with parameters:
Size: 136314880
Block size: 4096
Blocks per group: 32768
Inodes per group: 4160
Inode size: 256
Journal blocks: 1024
Label:
Blocks: 33280
Block groups: 2
Reserved block group size: 15
Created filesystem with 11/8320 inodes and 1585/33280 blocks
E:failed to mount /data_pseudo (No such file or directory)
E:failed to mount /data_pseudo (No such file or directory)
Formatting /data...
Need size of filesystem
E:format_volume: make_extf4fs failed on /dev/block/mmcblk0p13
E:failed to mount /data_pseudo (No such file or directory)
E:failed to mount /data_pseudo (No such file or directory)
Formatting /cache...
Creating filesystem with parameters:
Size: 136314880
Block size: 4096
Blocks per group: 32768
Inodes per group: 4160
Inode size: 256
Journal blocks: 1024
Label:
Blocks: 33280
Block groups: 2
Reserved block group size: 15
Created filesystem with 11/8320 inodes and 1585/33280 blocks
Data wipe failed.
wipe internal sdcard fail.
It could be that the data partition (originally mmcblk0p13) got wiped out and now mmcblk0p13 is internal sd card. Here's the original partition table:
Code:
Disk /dev/block/mmcblk0: 3959 MB, 3959422976 bytes
1 heads, 16 sectors/track, 483328 cylinders
Units = cylinders of 16 * 512 = 8192 bytes
Device Boot Start End Blocks Id System
/dev/block/mmcblk0p1 1 30721 245760 b Win95 FAT32 CUST
Partition 1 does not end on cylinder boundary
/dev/block/mmcblk0p2 * 30721 30783 500 4d Unknown SBL1
Partition 2 does not end on cylinder boundary
/dev/block/mmcblk0p3 30783 31158 3000 46 Unknown TZ
Partition 3 does not end on cylinder boundary
/dev/block/mmcblk0p4 31158 483328 3617363+ 5 Extended EBR
Partition 4 does not end on cylinder boundary
/dev/block/mmcblk0p5 32769 34304 12288 59 Unknown OEMINFO/BOOTLOADER IMAGES
/dev/block/mmcblk0p6 40961 57600 133120 4c Unknown CACHE
/dev/block/mmcblk0p7 65537 65599 500 5a Unknown MISC
/dev/block/mmcblk0p8 73729 74112 3072 58 Unknown FSG?
/dev/block/mmcblk0p9 81921 82795 7000 50 Unknown ADSP
/dev/block/mmcblk0p10 90113 90496 3072 4a Unknown MODEM_ST1
/dev/block/mmcblk0p11 98305 98688 3072 4b Unknown MODEM_ST2
/dev/block/mmcblk0p12 106497 134656 225280 83 Linux SYSTEM
/dev/block/mmcblk0p13 139265 216064 614400 83 Linux USERDATA
/dev/block/mmcblk0p14 221185 483328 2097152 69 Unknown INTERNAL_SD
The sdb6 is indeed cache, and it is used for recovery communication between Android.
If everything would be ok, it would mount sdb1, sdb6, sdb12, sdb13 and sdb14 inside Ubuntu, so it seems that something is wrong at the end.
If you have 14 partitions, use disk utility from Ubuntu and try manually formatting the 13 for ext4 and 14 for vfat. Taking ownership is not needed, it should work either way.
Blefish, thanks for the help. Got unbuntu up and working along with fdisk and identified the phone.
I have 13 partitions (including one empty one) , not 14. Here's the print out:
[email protected]:~$ sudo fdisk /dev/sde
omitting empty partition (13)
Command (m for help): p
Disk /dev/sde: 3959 MB, 3959422976 bytes
1 heads, 62 sectors/track, 124729 cylinders, total 7733248 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x00000000
Device Boot Start End Blocks Id System
/dev/sde1 1 491520 245760 b W95 FAT32
/dev/sde2 * 491521 492520 500 4d QNX4.x
/dev/sde3 492521 498520 3000 46 Unknown
/dev/sde4 498521 7733247 3617363+ 5 Extended
/dev/sde5 524288 548863 12288 59 Unknown
/dev/sde6 655360 921599 133120 4c Unknown
/dev/sde7 1048576 1049575 500 5a Unknown
/dev/sde8 1179648 1185791 3072 58 Unknown
/dev/sde9 1310720 1324719 7000 50 OnTrack DM
/dev/sde10 1441792 1447935 3072 4a Unknown
/dev/sde11 1572864 1579007 3072 4b Unknown
/dev/sde12 1703936 2154495 225280 83 Linux
Comparing with your partition table I see two differences:
1) the ending block of sde1 is 491520 on mine and on the original it is 30721, however the blocks are the same, so that is probably not a problem
2) sde13 is empty, and sde14 is missing.
This actually makes sense. When I was using MIUI, I reduced the size of the internal sd to near zero, since MIUI could only either the internal or external sd, not both. After trying to downgrade, I had a problem, so I tried to restore the internal sd card back to stock size, just to bring my phone back to stock. Something must have gone when I did that.
So if I understand the problem correctly, to fix this I need to:
1) Split sde13 into 2 partitions
2) Format sde13 to ext4 and sde14 to vfat
3) Try installing adroid again
Do I need to name the partitions a certain name or do anything else?
In the mean time I'll be looking into how to use disk utility and fdisk to deal with sde13 and sde14.
Had an idea that I only need sde13 (data) to get things working again, the system shouldn't need sde14 (internal sd) to work.
So I went to disk utility, found Qualcomm MMC storage and tried to format the free 2.9GB at the end. Got an error:
Error creating partition: helper exited with exit code 1: In part_add_partition: device_file=/dev/sde, start=1103101952, size=2856000000, type=0x83
Entering MS-DOS parser (offset=0, size=3959422976)
MSDOS_MAGIC found
looking at part 0 (offset 512, size 251658240, type 0x0b)
new part entry
looking at part 1 (offset 251658752, size 512000, type 0x4d)
new part entry
looking at part 2 (offset 252170752, size 3072000, type 0x46)
new part entry
looking at part 3 (offset 255242752, size 3704180224, type 0x05)
Entering MS-DOS extended parser (offset=255242752, size=3704180224)
readfrom = 255242752
MSDOS_MAGIC found
readfrom = 255243264
MSDOS_MAGIC found
readfrom = 255243776
MSDOS_MAGIC found
readfrom = 255244288
MSDOS_MAGIC found
readfrom = 255244800
MSDOS_MAGIC found
readfrom = 255245312
MSDOS_MAGIC found
readfrom = 255245824
MSDOS_MAGIC found
readfrom = 255246336
MSDOS_MAGIC found
readfrom = 1140842496
No MSDOS_MAGIC found
Exiting MS-DOS extended parser
Exiting MS-DOS parser
MSDOS partition table detected
containing partition table scheme = 1
got it
Error: Invalid partition table on /dev/sde -- wrong signature 0.
ped_disk_new() failed
So, my partition table is corrupt? I'll need to figure out how to fix this.
Here's some options I've found:
http://forum.xda-developers.com/showpost.php?p=21572216&postcount=12
ksatta mentions a couple of ideas:
1) If someone backed up their phone using dd, I could use that to restore my phone.
Here's a link on how to do it: http://linuxpoison.blogspot.com/2009/04/creating-backuprestore-images-using-dd.html
dd if=/dev/sdX | gzip > /home/sdX.bin.gz
where sdX is the U8800
2) I could clone someone's partition table. If someone could give me a copy of their MBR that should work.
Here's a link on how to do it: http://embraceubuntu.com/2005/10/20/backing-up-the-mbr/
Create a backup of your MBR by doing a:
dd if=/dev/sdX of=MBR-backup bs=512 count=1
That should read “create a disk dump of the input file, which is /dev/sdx (change to hda, or hdb or sda, depending on where the MBR is on your computer), and save it in the output-file MBR-backup in the directory from where the command is issued. Backup the first sector only, while you are at it”.
3) gparted - it's some kind of partition tool. Might be able to use it to fix the error. Not sure how to use it though.
For now I'm going to look into gparted for Ubuntu. If someone can help me out with a dd backup or cloning the partition table that would be awesome.
UPDATE: For people following this thread, and to keep me more organized, I'll start adding more of the important resources I find. They may one day help you fix your phone.
https://bugs.launchpad.net/ubuntu/+source/gparted/+bug/434463
Seems a guy fixed his the same error with gparted. However it wasn't on a phone. Also I'm seem a lot of people refer to sfdisk. I'll need to learn more about it.
https://answers.launchpad.net/ubuntu/+question/113539
"I got an answer in a forum, which looks easy.
Do a
sudo fdisk /dev/sda
then type
w
to write partition table, without any modification of it.
The signature should be fixed."
Is this safe to do to my phone? I know I'll have to write the MBR eventually, but I have to get it right the first time. If I screw up, I may not be able to connect to ubuntu anymore. Anyway, the guy said it fixed the error with his harddrive, so it's worth a try.
http://www.thegeekstuff.com/2010/09/linux-fdisk/
How to use fdisk, in case anyone needs to know
So my new plan is to:
1) dd Backup and MBR backup - in case I break it worse than it is
2) try to fix with fdisk w or gparted
I think the change in start and end is caused by Ubuntu using cylinders/sectors/blocks. Should not too much difference though.
Using MBR restore would not work here, as it restores the main 4 partitions list. MBR uses EBR aswell, which is located at the beginning of every extended partition. So we would have to copy the EBR of every partition.
I'd suggest deleting sde13, adding sde13 and sde14.
When adding sde13, note that starting block should be at the end of sde12, so simply insert last block of sde12 there. If it gives error, simply press enter as it automatically finds free block after the last one. End block could be for example +500M so fdisk automatically finds the correct end block. Do the same for sde14, but note the start block again. sde14 end block should be the last block there is on the card.
After you've done that, do w to write and if it tells you to restart or something, unplug the phone, take out the battery and restart to pink screen again. Then try to use disk utility again or gparted (have not tested this) to reformat sde13 and sde14 to ext4 and vfat.
You should be safe until you don't mess with the primary partitions, especially the mmcblk0p2 and mmcblk0p3.
Thanks again for the reply, Blefish. I may have just fixed it. I'll know soon enough.
I did two things:
1) sudo fdisk /dev/sde12 followed by w
2) sudo fdisk /dev/sde followed by w
After that it enabled me to add the 13 and 14 partition. I used disk utility so I didn't have to worry about the blocks. Afterwards they mounted in ubuntu like they should.
UPDATE: Not quite fixed, but the rom installed without error. So I think the partition problem is fixed.
Now I just have a boot loop. I'll go back to ubuntu, clear the cache, and try installing from the internal sdcard
2nd UPDATE: Stock recovery gives and error about mounting the cache partition. However CWM mounts it fine. My partition problems may not be over.
3rd UPDATE: genokolar's "Custom you partition" file to return to stock file deletes my partition 13 and 14. Had 13 and 14 back working, used the file as per instructions, afterwards ubuntu drive utililty shows 13 and 14 as "free." So that is where part of my problem comes from.
4th UPDATE: Fixed the problem with stock recovery. Turns out froyo doesn't like ext4 partitions. Changed cache partition to ext3, no more error.
Here are some exerts from the CMW log when I tried to flash cyanongen. Can anyone tell me if any of these errors are problems, and if they are what they mean?
W:Unable to get recovery.fstab info for /datadata during fstab generation!
W:Unable to get recovery.fstab info for /sd-ext during fstab generation!
I:Checking for extendedcommand...
I:Skipping execution of extendedcommand, file not found...
failed to open /sys/class/android_usb/android0/state: No such file or directory
-- Installing: /sdcard/CM7-070512.zip
Finding update package...
I:Update location: /sdcard/CM7-070512.zip
Opening update package...
Installing update...
unmount of /system failed; no such volume
package_extract_file: no backup_initd.sh in package
set_perm: chown of /tmp/backup_initd.sh to 0 0 failed: No such file or directory
set_perm: chmod of /tmp/backup_initd.sh to 777 failed: No such file or directory
about to run program [/tmp/backup_initd.sh] with 2 args
run_program: execv failed: No such file or directory
run_program: child exited with status 1
Pass 5: Checking group summary information
/dev/block/mmcblk0p12: 11/56448 files (0.0% non-contiguous), 7142/225280 blocks
mount: failed to mount /dev/block/mmcblk0p12 at /system: Invalid argument
set_perm: chown of 0750 to 0 2000 failed: No such file or directory
set_perm: chmod of 0750 to 755 failed: No such file or directory
set_perm: chown of /system/etc/init.qcom.post_boot.sh to 0 2000 failed: No such file or directory
set_perm: chmod of /system/etc/init.qcom.post_boot.sh to 555 failed: No such file or directory
set_perm: chown of /system/xbin/apply_firewall to 0 0 failed: No such file or directory
set_perm: chmod of /system/xbin/apply_firewall to 6755 failed: No such file or directory
set_perm: chown of /system/xbin/apply_theme to 0 0 failed: No such file or directory
set_perm: chmod of /system/xbin/apply_theme to 6755 failed: No such file or directory
set_perm: chown of /system/xbin/dumplog to 0 0 failed: No such file or directory
set_perm: chmod of /system/xbin/dumplog to 6755 failed: No such file or directory
set_perm: chown of /system/xbin/mv2sd to 0 0 failed: No such file or directory
set_perm: chmod of /system/xbin/mv2sd to 6755 failed: No such file or directory
set_perm: chown of /system/xbin/ota to 0 0 failed: No such file or directory
set_perm: chmod of /system/xbin/ota to 6755 failed: No such file or directory
Updating BOOT Image...
about to run program [/tmp/backup_initd.sh] with 2 args
run_program: execv failed: No such file or directory
run_program: child exited with status 1
Installation complete!script result was [Installation complete!]
Install from sdcard complete.
failed to open /sys/class/android_usb/android0/state: No such file or directory
My phone is fixed. I have no idea how it became fixed, but it is fixed.
I placed b518 on the internal sd card, and installed it. Then bootloop. So I held both volume keys+power to try another rom. It installed again. Went to recovery, it did a factory reset. Bootloop. Went back to recovery to see if I could wipe the sd card. No option for it, so I did another factory reset and rebooted my phone. I left my phone bootlooping for a minute while I looked online for a Huawei service center, and then my phone booted. I gues it got scared and didn't want to go to a service center.
This been a great learning experience, although at times a major headaches. I want to thank blefish for all his help. Thanks to this, i've bee reading his blog and other stuff, and now will follow some of his other projects.
Now to downgrade back to 2.2!!!!
UPDATE: All official roms are working correctly (b136, b138, b518, b528), recovery (5.0.2.6) works. However I haven't been able to get a single custom rom to work. Tried a couple .32 MIUI and CM, but they all stick at the huawei logo. Did factory reset and dalvik wipe, get error can't mount /sd-ext during dalvik wipe, and still doesn't boot.
Maybe I need to try a newer verison of CWM? I tried the newer versions before, and I didn't like them. Buggy and often wouldn't find my sd card.
This thread must be made sticky because it consists of pure information about dealing with soft-bricks. Thanks a lot for your curiosity, you're my hero.
NOTICE: THIS IS ABOUT: "Error executing updater-binary" while flashing CM-12 or Lollipop based ROMs. Check you recovery log to find EXACTLY WHAT HAPPENED, if you have bugs related to lseek64 and blkdiscard. Then THIS IS PROBABLY RELATED TO YOUR PROBLEM. OTHERWISE, IT IS NOT RELATED TO THIS, STAY AWAY.
To check your recovery logs. On TWRP -> Advanced -> Copy Log to SD after trying to flash - > Inspect the Log on your computer and search for blkdiscard or lseek64 and errors around them.
Here is the usual disclaimer about how I blame you for bricking your device by doing risky stuff, and by reading this you acknowledge you are doing this at your own risk. And if you point me, blaming me for you destroying your own device, I'll laugh at you. Yada yada yada.
As far as I know, this fixed it for me, so I am sharing it.
This started with the findings of @murderered, so go thank him.
Original post from him:
murderered said:
Is the installation currently broken? Or am i doing something wrong? Formatted system as ext4, wiped all caches, data and accidently also the user data (having a backup, so no problem).
Code:
Formatting system using make_ext4fs function.
Creating filesystem with parameters:
Size: 880803840
Block size: 4096
Blocks per group: 32768
Inodes per group: 7680
Inode size: 256
Journal blocks: 3360
Label:
Blocks: 215040
Block groups: 7
Reserved block group size: 55
Created filesystem with 11/53760 inodes and 6965/215040 blocks
warning: wipe_block_device: Wipe via secure discard suppressed due to bug in EMMC firmware
Updating partition details...
I:Data backup size is 0MB, free: 12611MB.
I:Unable to mount '/usb-otg'
I:Actual block device: '', current file system: 'vfat'
I:Set page: 'action_complete'
I:Set page: 'clear_vars'
I:Set page: 'refreshfilesystem'
I:getpartitiondetails list '/system;'
I:getpartitiondetails wipe_path '/system'
I:Set page: 'selectfilesystem'
I:Set page: 'partitionoptions'
I:Set page: 'advancedwipe'
I:Set page: 'action_page'
I:wipe list 'DALVIK;/data;/cache;'
I:wipe_path 'DALVIK'
Wiping Dalvik Cache Directories...
-- Dalvik Cache Directories Wipe Complete!
I:wipe_path '/data'
Wiping data without wiping /data/media ...
Done.
I:wipe_path '/cache'
Formatting cache using make_ext4fs function.
Creating filesystem with parameters:
Size: 587202560
Block size: 4096
Blocks per group: 32768
Inodes per group: 7168
Inode size: 256
Journal blocks: 2240
Label:
Blocks: 143360
Block groups: 5
Reserved block group size: 39
Created filesystem with 11/35840 inodes and 4616/143360 blocks
warning: wipe_block_device: Wipe via secure discard suppressed due to bug in EMMC firmware
I:Recreating /cache/recovery folder.
I:Copying file /etc/recovery.fstab to /cache/recovery/recovery.fstab
I:Version number saved to '/cache/recovery/.version'
Updating partition details...
I:Data backup size is 0MB, free: 12611MB.
I:Unable to mount '/usb-otg'
I:Actual block device: '', current file system: 'vfat'
I:Set page: 'action_complete'
I:Set page: 'clear_vars'
I:Set page: 'advancedwipe'
I:Set page: 'wipe'
I:Set page: 'main'
I:Set page: 'clear_vars'
I:Set page: 'main2'
I:Set page: 'mount'
I:Set page: 'main'
I:Set page: 'clear_vars'
I:Set page: 'main2'
I:Set page: 'advanced'
I:Set page: 'sideload'
I:Set page: 'action_page'
Starting ADB sideload feature...
BOARD_HAS_NO_REAL_SDCARD := true
RECOVERY_SDCARD_ON_DATA := true
TW_NO_USB_STORAGE := true
I:TW_BRIGHTNESS_PATH := /sys/devices/fd900000.qcom,mdss_mdp/qcom,mdss_fb_primary.148/leds/lcd-backlight/brightness
I:Found brightness file at '/sys/devices/fd900000.qcom,mdss_mdp/qcom,mdss_fb_primary.148/leds/lcd-backlight/brightness'
I:TWFunc::Set_Brightness: Setting brightness control to 255
Starting to open usb_init()
unix_open to open usb_init(): -1
sideload_service invoked
adbd exiting after successful sideload
Restarting adbd...
Installing '/data/media/0/sideload.zip'...
Checking for MD5 file...
Skipping MD5 check: no MD5 file found
I:Zip contains SELinux file_contexts file in its root. Extracting to /file_contexts
I:Legacy property environment initialized.
about to run program [/tmp/backuptool.sh] with 2 args
grep: /system/build.prop: No such file or directory
Not backing up files from incompatible version: 12
run_program: child exited with status 127
about to run program [/tmp/otasigcheck.sh] with 1 args
erasing 249856 blocks
blkdiscard failed: Invalid argument
writing 109461 blocks of new data
lseek64 failed: Invalid argument
I:TWFunc::Set_Brightness: Setting brightness control to 5
I:Legacy property environment disabled.
E:Error executing updater binary in zip '/data/media/0/sideload.zip'
TWRP 2.8.1.0; Donkey Kernel 3alpha3; Coming from GPE 4.4.4
Thanks in advance!
Click to expand...
Click to collapse
In a nutshell, Google Play Edition devices seem to have a different partition allocation (number of blocks per partition?) that will basically break anything using the new raw block images format that Lollipop uses to flash partitions.
This SHOULD ONLY HAPPEN ON THE GPE 4.4.4 OTA (XT1032?). XT1033 Users who converted to 4.4.3, you are safe.
YET, I HAVEN'T CONFIRMED THAT HIS HAPPENS FOR ALL GPE DEVICES OUT THERE WITH THE 4.4.4 OTA. FOR THE SAKE OF THIS GUIDE I'LL ASUME THAT THIS HAPPENS UNIVERSALLY.
Motorola, in example, still uses the /system layout, associated with a patching system for their Lollipop soak test OTA for XT1033.
Screenshot of the /system subfolder from the Lollipop XT1033 OTA.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
OK @murderered (and mostly anyone that has a GPE device with Android 4.4.4), I found a solution for flashing CM12 with the "Error executing updater-binary". Yet it's quite complicated because of the restrictive nature of the 4.4.4 bootloader.
NOTICE: Check you recovery log to find EXACTLY WHAT HAPPENED, if you have bugs related to lseek64 and blkdiscard. Then THIS IS PROBABLY RELATED TO YOUR PROBLEM. OTHERWISE, STAY AWAY.
Basically, you will need to download the following:
1. Either a Retail or a carrier version of the full 4.4.2 ROM (one you can flash via fastboot). It seriously needs to be a full rom, you can skip this if you instead find a full 4.4.4 ROM, because you need the system.img and boot.img. Do not use the GPE one, it has to be RETAIL/CARRIER and RETAIL/CARRIER ONLY.
1.1. You don't exactly need the 4.4.2 ROM as long as you can push to your sdcard via recovery (not sure why, but I couldn't on TWRP 2.8.1.0).
1.2. I still recommend it because if something derps in the way (like, "suddenly" you can't push through your recovery anymore), you can correct this with it.
2. Then the corresponding 4.4.4 OTA update to your 4.4.2 ROM. Unless, you found a full 4.4.4 stock ROM or you can push through recovery. You'll need most of the bootloader files and the gpt.bin from it (as it is a 4.4.4 version it won't be rejected by fastboot).
3. Patience, it took me 5 hours to finally acomplish it.
4. the lastest mfastboot (this will not work, or, atleast it didn't work for me, with the Android SDK one). I used this as I was also inspecting the Lollipop OTA. Kudos to @W3ND31, who uploaded it (seriously, go thank him to for posting the OTA in the first place, he deserves it): https://docs.google.com/file/d/0B4PT9WP-u_z9NXRBWF9EV2lGcWs/edit
So, I'll try to not sound too cryptic on this, but if you find something you don't understand is preferable to just PM me (and try to explain as much as you can, seriously, I get tired quite easily because I have already been a ROM porter quite a few times).
The steps are simple, but it's quite easy to mess it up (and I didn't exactly have much caution as being experienced in this, but you should).
Before the first step, ensure you can push through the sdcard via ADB easily, test it NOW; this is not mandatory, yet it will probably save you a lot of time; and, because later, you will not be able to test it. We will have to wipe /data partition, so backup EVERYTHING.
0. Have a ROM ready to flash, like CM12, and all it's requirements, GApps, SuperSU, the DSP Fix, everything.
1. First of all, go to fastboot mode (advice: have a decent battery level, it shouldn't take long, just an advice anyway).
2. On your PC, extract the mfastboot binaries to a empty folder.
3. Then extract emmc_appsboot.mbn, fsg.mbn, gpt.bin, rpm.mbn, sbl1_8226.mbn, sdi.mbn, tz.mbn FROM THE 4.4.4 OTA/FULL Image. All these to the same folder where mfastboot is.
4. Extract the system.img or system_sparsechunk's (it should be in sparse images, if it isn't, well, that is why I used the mfastboot) and boot.img from the FULL 4.4.2 STOCK ROM to the folder too.
5. Connect to the phone to the PC and make sure it's recognized if you haven't already.
6. Open a terminal, like cmd or PowerShell and change directory to where your mfastboot.exe is.
7. Run the following :
Code:
mfastboot flash sbl1 sbl1_8226.mbn
mfastboot flash aboot emmc_appsboot.mbn
mfastboot flash rpm rpm.mbn
mfastboot flash tz tz.mbn
mfastboot flash fsg fsg.mbn
mfastboot flash sdi sdi.mbn
mfastboot flash partition gpt.bin
8. Select recovery on the menu (recovery shouldn't have been messed up, still, you have a fastboot terminal, if run into problems, flash your custom recovery again). And wait for it to boot (it could take more time than usual). You'll notice that most partitions are "broken" (by the noticeable errors thrown by your recovery), format /system, /cache, and /data (hope you remembered to backup as I said before).
9.A. Now, if you could push zips through recovery via adb, it's time to test it again. Mount the sdcard on your recovery menu, pray for salvation, and try to push your ROM via ADB through recovery and flash it (via adb sideload, or manually, whatever). I didn't have the luck here, but it should work just fine. Remember to also push SuperSU and your gapps. If successfull, Skip to 15. If not, continue reading.
9.B. If you couldn't push zips through adb, like me. Then you will have to use the 4.4.2 stuff I said you should download as a recomendation.
Attention: As I don't know how recoveries other than TWRP handle formatting in certain filesystems, you may need to flash TWRP for the following.
10. You will have to (temporarilly) format your /data partition to f2fs, so if you are still on your recovery, go and do that. (TWRP > Wipe > Advanced Wipe > select /data > Format > Tap F2FS > Confirm)
11. Go back to fastboot mode in your phone and go back to your computer terminal of choice.
12. Run the following (and read, seriously, READ):
12.A. If your stock 4.4.2 ROM download didn't have sparse images, mfastboot will handle do this for you instead:
Code:
mfastboot flash system system.img
12.B. If your stock 4.4.2 ROM download did have sparse images, flash them one by one. Example:
Code:
mfastboot flash system system_sparsechunk1
mfastboot flash system system_sparsechunk2
mfastboot flash system system_sparsechunk3
13. And finally flash the boot.img
Code:
mfastboot flash boot boot.img
14. Once you did this, reboot to Android. If it BOOTS, then is a good sign, your partition table matches with whatever the bootloader or Android wants.
14.1. If your device is stuck in a bootloop, then you may have to go to recovery and wipe /data and /cache (and remember, /data needs to be f2fs). Anything else, I blame you.
.15. Do the Setup Wizard (don't even bother to sign in to Google), and copy your files to the sdcard. Don't worry about the Android version on your device (4.4.3), because we have everything else to the 4.4.4 version (bootloader and gpt.bin are the important ones)
16. Since this is related to CM12... Just go to recovery and pray to the gods of the software for success. Atleast mine booted...
Why so much bug thread... This error only comes in GPE 4.4.4. ... Downgrade to GPE 4.4.2 and flash CM12 using twrp 2.8.1.0... Simple... No need of bigger guide
padhu1989 said:
Why so much bug thread... This error only comes in GPE 4.4.4. ... Downgrade to GPE 4.4.2 and flash CM12 using twrp 2.8.1.0... Simple... No need of bigger guide
Click to expand...
Click to collapse
If it was that easy...once you updated to 4.4.4 fastboot will not let you downgrade back.
And then the problem prevails, you can't revert back to the non-bugged file.
Heck, on the lollipop thread you can see the same problem on a bigger scale, once you flashed the OTA you can't go back to 4.4.4. It simply doesn't boot.
Paul L. said:
If it was that easy...once you updated to 4.4.4 fastboot will not let you downgrade back.
And then the problem prevails, you can't revert back to the non-bugged file.
Heck, on the lollipop thread you can see the same problem on a bigger scale, once you flashed the OTA you can't go back to 4.4.4. It simply doesn't boot.
Click to expand...
Click to collapse
I was in 4.4.4 GPE and I downgraded to 4.4.2 using Fastboot without any issues.. Lollipop is different... You must be doing something wrong...
padhu1989 said:
I was in 4.4.4 GPE and I downgraded to 4.4.2 using Fastboot without any issues.. Lollipop is different... You must be doing something wrong...
Click to expand...
Click to collapse
Yeah, you could be right. Or maybe I have just been unlucky. My device already had 4.4.3 when I bought it. Or just maybe it's just that I am plain stupid, as far as I know, I tried everything I could, yet my bootloader is somehow intelligent enough to recognize the 4.4.3 (and 4.4.2 too) gpt.bin as outdated.
Brief synopsis
Bootloader unlock isn't likely. Amazon provide the facility to unlock the bootloader, but there is no way of getting the key.
The program which is locking the bootloader appears to be specific to MediaTek and Amazon, therefore, there isn't any source code.
The partitions with an Android bootimg header are all signed with two Amazon certificates. This includes the Little Kernel (LK) and the kernel itself.
The preloader is custom built for Amazon. The preloader doesn't respond to SP Flash Tool because it's constantly in a reboot loop when in 'META mode'. I presume it's intentional; a different version can however be installed (See 'However...').
However...
@bibikalka has found some strings in tz.img refering to a bootloader unlock. There is an amzn_unlock_verify function in lk too.
There must be a is a way to get the preloader to work properly with SP Flash Tool. However, this won't allow you custom ROMs, just reinstall Amazon's software. The software installed is still verified during the boot process. See this unbrick guide to install a different preloader. The preloader is not signed or checked by the boot process.
There is a small chance some part of the boot process could be fooled.
Downgrade potential
An anti-rollback program appears to have been built in to the bootloader which prevents any attempt at downgrading the software on the device. This is rather irritating, and means that downgrading is almost impossible. Only the preloader seems to be unaffected by this anti-rollback system – so, if you attempted to downgrade, and caused your device to become bricked, then you can restore the version you left.
Note that I vaguely reference to the preloader, uboot and lk collectively as 'the bootloader'.
Original post
I previously had downloaded the 5.0.1 and 5.1.1 LK versions, and thought, why not run these through binwalk?
For the old, 5.0.1 bootloader, putting lk.bin through binwalk gave:
Code:
DECIMAL HEXADECIMAL DESCRIPTION
--------------------------------------------------------------------------------
204256 0x31DE0 SHA256 hash constants, little endian
292292 0x475C4 Android bootimg, kernel size: 0 bytes, kernel addr: 0x5D73255B, ramdisk size: 1869570592 bytes, ramdisk addr: 0x6D692074, product name: ""
330144 0x509A0 Unix path: /mnt/build/workspace/fireos-release_500-patch-build/bootable/bootloader/ufbl-features/project/../features/common_openssl/crypto/
330752 0x50C00 Unix path: /mnt/build/workspace/fireos-release_500-patch-build/bootable/bootloader/ufbl-features/project/../features/common_openssl/crypto/
334248 0x519A8 Unix path: /mnt/build/workspace/fireos-release_500-patch-build/bootable/bootloader/ufbl-features/project/../features/common_openssl/crypto/
339912 0x52FC8 Unix path: /mnt/build/workspace/fireos-release_500-patch-build/bootable/bootloader/ufbl-features/project/../features/common_openssl/crypto/
341028 0x53424 Unix path: /mnt/build/workspace/fireos-release_500-patch-build/bootable/bootloader/ufbl-features/project/../features/common_openssl/crypto/
350360 0x55898 Unix path: /mnt/build/workspace/fireos-release_500-patch-build/bootable/bootloader/ufbl-features/project/../features/common_openssl/crypto/
351732 0x55DF4 Certificate in DER format (x509 v3), header length: 4, sequence length: 1067
353656 0x56578 Certificate in DER format (x509 v3), header length: 4, sequence length: 1069
369736 0x5A448 CRC32 polynomial table, little endian
397548 0x610EC LZMA compressed data, properties: 0x91, dictionary size: 33554432 bytes, uncompressed size: 134217728 bytes
Whilst the 5.1.1 bootloader's lk.bin gave:
Code:
DECIMAL HEXADECIMAL DESCRIPTION
--------------------------------------------------------------------------------
204960 0x320A0 SHA256 hash constants, little endian
293720 0x47B58 Android bootimg, kernel size: 0 bytes, kernel addr: 0x5D73255B, ramdisk size: 1869570592 bytes, ramdisk addr: 0x6D692074, product name: ""
332024 0x510F8 Unix path: /mnt/build/workspace/fireos-ship_511-patch-build/bootable/bootloader/ufbl-features/project/../features/common_openssl/crypto/cry
332628 0x51354 Unix path: /mnt/build/workspace/fireos-ship_511-patch-build/bootable/bootloader/ufbl-features/project/../features/common_openssl/crypto/mem
336096 0x520E0 Unix path: /mnt/build/workspace/fireos-ship_511-patch-build/bootable/bootloader/ufbl-features/project/../features/common_openssl/crypto/asn
341712 0x536D0 Unix path: /mnt/build/workspace/fireos-ship_511-patch-build/bootable/bootloader/ufbl-features/project/../features/common_openssl/crypto/evp
342820 0x53B24 Unix path: /mnt/build/workspace/fireos-ship_511-patch-build/bootable/bootloader/ufbl-features/project/../features/common_openssl/crypto/obj
352064 0x55F40 Unix path: /mnt/build/workspace/fireos-ship_511-patch-build/bootable/bootloader/ufbl-features/project/../features/common_openssl/crypto/x50
353420 0x5648C Certificate in DER format (x509 v3), header length: 4, sequence length: 1067
355344 0x56C10 Certificate in DER format (x509 v3), header length: 4, sequence length: 1069
371656 0x5ABC8 CRC32 polynomial table, little endian
So there you go! The bootloader uses OpenSSL to check the partition against two DER format certificates. Ignore the LZMA header for now; binwalk thinks almost everything is LZMA compressed.
Can you run binwalk with -e and post the 5.1.1 certs here
benwaffle said:
Can you run binwalk with -e and post the 5.1.1 certs here
Click to expand...
Click to collapse
Look at the thread about the 5.1.1 lk.bin in this forum and download the binary so you can run binwalk on it yourself.
Here is the lk.bin file, zipped. You can try and run '-e' on this binary.
The extracted certificates appear to contain format strings for decompression/compression error and debug messages. It doesn't look right. But the top of the files are valid certificate headers (or appear to be to the untrained eye).
Thanks @benwaffle.
Good effort!
I shall note that Amazon must have a way to un-brick the devices with MTK tools, they would not swap motherboards in order to revive them ...
The problem with the public MTK tools that it's even impossible to create a scatter file automatically (read only operation), meaning that the formats are such that MTK tools don't understand:
http://forum.xda-developers.com/fire-hd/help/mtk-tools-people-hopeless-bricks-t3139784
There is also an attempt to look at which partitions change when 5.0.1 goes to 5.1.1, and frankly, it's not many places to hide (only a couple of partitions):
http://forum.xda-developers.com/amazon-fire/help/understand-5-1-1-bootloader-bricking-fix-t3301991
On Fire 2014 I also looked at the strings within the bootloaders, and they had some interesting stuff regarding unlocking:
http://forum.xda-developers.com/showpost.php?p=61288384&postcount=57
I wonder if it's possible to patch the very first thing that boots (preloader), and have it pass the unlocking flags around ? Or is preloader also encrypted fully ?
bibikalka said:
Good effort!
I shall note that Amazon must have a way to un-brick the devices with MTK tools, they would not swap motherboards in order to revive them ...
The problem with the public MTK tools that it's even impossible to create a scatter file automatically (read only operation), meaning that the formats are such that MTK tools don't understand:
http://forum.xda-developers.com/fire-hd/help/mtk-tools-people-hopeless-bricks-t3139784
There is also an attempt to look at which partitions change when 5.0.1 goes to 5.1.1, and frankly, it's not many places to hide (only a couple of partitions):
http://forum.xda-developers.com/amazon-fire/help/understand-5-1-1-bootloader-bricking-fix-t3301991
On Fire 2014 I also looked at the strings within the bootloaders, and they had some interesting stuff regarding unlocking:
http://forum.xda-developers.com/showpost.php?p=61288384&postcount=57
I wonder if it's possible to patch the very first thing that boots (preloader), and have it pass the unlocking flags around ? Or is preloader also encrypted fully ?
Click to expand...
Click to collapse
Thanks @bibikalka!
Yes – Amazon must have a way of flashing firmware. I wonder if there is a JTAG header on the board as well. The Fire HD 6 had a 'JDEBUG' port, as seen in iFixit's teardown photographs: https://www.ifixit.com/Teardown/Kindle+Fire+HD+6+Teardown/29815#s70239
There might be a bootloader unlock then! It might need someone to decompile uboot to see how to trigger the unlock.
I've only managed to get the preloader_prod.img at this moment in time (I haven't taken preloader.img off). The SHA256 hash starts at around 95% (117KB out of 121KB) of the file, according to binwalk.
Hi,
I'm sorry to shatter hopes for bootloader rollback, but I was looking at the strings in preloader_prod.img and found this:
Code:
$ strings images/preloader_prod.img | grep -i rollback
[ANTI-ROLLBACK] Processing anti-rollback data
[ANTI-ROLLBACK] Failed to read block 0
[ANTI-ROLLBACK] PL: %x TEE: %x LK: %x
[ANTI-ROLLBACK] Need to update version
[ANTI-ROLLBACK] Invalid checksum!
[ANTI-ROLLBACK] Checksum validated
[ANTI-ROLLBACK] PL version mismatch!
[ANTI-ROLLBACK] L: %x R: %x
[ANTI-ROLLBACK] Updating PL version
[ANTI-ROLLBACK] TEE version mismatch!
[ANTI-ROLLBACK] Updating TEE version
[ANTI-ROLLBACK] LK version mismatch!
[ANTI-ROLLBACK] Updating LK version
[ANTI-ROLLBACK] All checks passed
[ANTI-ROLLBACK] Updating RPMB block...
[ANTI-ROLLBACK] Unable to update RPMB block (wc)
[ANTI-ROLLBACK] Unable to update RPMB block (write)
[ANTI-ROLLBACK] RPMB block updated
[RPMB] Failed to initialize anti-rollback block
[RPMB] Anti-rollback block initialized
[RPMB] Valid anti-rollback block exists
[ANTI-ROLLBACK] Invalid anti-rollback state, skipping
There is more stuff when looking for rpmb...
A little bit of googling leads to: https://docs.google.com/viewer?url=patentimages.storage.googleapis.com/pdfs/US20140250290.pdf
This doesn't look good at all
These strings might give a bit hope:
Code:
[RPMB] Invalid magic, re-creating...
[RTC] clear rpmb program mode flag in rtc register
So something could be stored in the realtime clock and the device might recover if the RPMB block gets destroyed. I can't find any mention of OTP or fuses in the image.
EDIT: It seems rpmb can be accessed through /dev/block/mmcblk0rpmb. I've uploaded mine (5.0.1) to: http://bork.cs.fau.de/~michael/fire/
It seems to only contain a few ones and many zeroes.
It would be interesting to get the rpmb of a 5.1.1 device to compare:
Code:
$ adb shell
[email protected]:/ $ su
[email protected]:/ # dd if=/dev/block/mmcblk0rpmb of=/sdcard/rpmb.bin
1024+0 records in
1024+0 records out
524288 bytes transferred in 0.093 secs (5637505 bytes/sec)
I would not advise trying to flash the 5.0.1 rpmb to a 5.1.1 device!
Regards,
Michael
stargo said:
Hi,
I'm sorry to shatter hopes for bootloader rollback, but I was looking at the strings in preloader_prod.img and found this:
Code:
$ strings images/preloader_prod.img | grep -i rollback
[ANTI-ROLLBACK] Processing anti-rollback data
[ANTI-ROLLBACK] Failed to read block 0
[ANTI-ROLLBACK] PL: %x TEE: %x LK: %x
[ANTI-ROLLBACK] Need to update version
[ANTI-ROLLBACK] Invalid checksum!
[ANTI-ROLLBACK] Checksum validated
[ANTI-ROLLBACK] PL version mismatch!
[ANTI-ROLLBACK] L: %x R: %x
[ANTI-ROLLBACK] Updating PL version
[ANTI-ROLLBACK] TEE version mismatch!
[ANTI-ROLLBACK] Updating TEE version
[ANTI-ROLLBACK] LK version mismatch!
[ANTI-ROLLBACK] Updating LK version
[ANTI-ROLLBACK] All checks passed
[ANTI-ROLLBACK] Updating RPMB block...
[ANTI-ROLLBACK] Unable to update RPMB block (wc)
[ANTI-ROLLBACK] Unable to update RPMB block (write)
[ANTI-ROLLBACK] RPMB block updated
[RPMB] Failed to initialize anti-rollback block
[RPMB] Anti-rollback block initialized
[RPMB] Valid anti-rollback block exists
[ANTI-ROLLBACK] Invalid anti-rollback state, skipping
There is more stuff when looking for rpmb...
A little bit of googling leads to: https://docs.google.com/viewer?url=patentimages.storage.googleapis.com/pdfs/US20140250290.pdf
This doesn't look good at all
These strings might give a bit hope:
Code:
[RPMB] Invalid magic, re-creating...
[RTC] clear rpmb program mode flag in rtc register
So something could be stored in the realtime clock and the device might recover if the RPMB block gets destroyed. I can't find any mention of OTP or fuses in the image.
EDIT: It seems rpmb can be accessed through /dev/block/mmcblk0rpmb. I've uploaded mine (5.0.1) to: http://bork.cs.fau.de/~michael/fire/
It seems to only contain a few ones and many zeroes.
It would be interesting to get the rpmb of a 5.1.1 device to compare:
Code:
$ adb shell
[email protected]:/ $ su
[email protected]:/ # dd if=/dev/block/mmcblk0rpmb of=/sdcard/rpmb.bin
1024+0 records in
1024+0 records out
524288 bytes transferred in 0.093 secs (5637505 bytes/sec)
I would not advise trying to flash the 5.0.1 rpmb to a 5.1.1 device!
Regards,
Michael
Click to expand...
Click to collapse
How interesting. Thanks @stargo! I've updated the OP accordingly to your findings. Yes, it seems more complex than previously thought. I'll upload my 5.1.1 rpmb binary soon.
Hi there! As se en within I read mtk is a very hard platform to work with, because they are very closed, and they hardly ever release any source, so most Roms are ports of a similar decide. I'll have a search for a device with this same soc to ser if i can come back with related info. That's why I'm surprised we have cm here!
I am currently trying to port Plasma Mobile to the 6P. I have gotten through all of the configuration, minus setting the LD_LIBRARY_PATH (causes bootloop, manually export before running lxc-start) and the screen brightness control (Nexus 5/X are LCD). I am currently stuck trying to get lxc to launch the system. It throws the following error:
Code:
1|angler:/ # lxc-start -n system -F
The configuration file contains legacy configuration keys.
Please update your configuration file!
lxc-start: system: namespace.c: lxc_clone: 67 Failed to clone (0x2c020000): Invalid argument.
lxc-start: system: start.c: lxc_spawn: 1253 Invalid argument - Failed to clone a new set of namespaces.
lxc-start: system: start.c: __lxc_start: 1459 Failed to spawn container "system".
lxc-start: system: tools/lxc_start.c: main: 371 The container failed to start.
lxc-start: system: tools/lxc_start.c: main: 375 Additional information can be obtained by setting the --logfile and --logpriority options.
I'm not too sure as to what is going on with the error, as I have never used lxc before.
Attempting to set the logfile throws the following, even after remounting to rw:
Code:
angler:/ # lxc-start -n system -F -o log
lxc-start: system: log.c: log_open: 383 failed to open log file "log" : Read-only file system
Extra info:
LineageOS 14.1 latest nightly
pm-rootfs-20170210-152001 for the rootfs
Latest lxc-android
Any help is appreciated, as I am kinda stuck right now.
Hi there,
I had a problem after installing LOS 15.1, my TWRP could not mount /data anymore. I tried then to change the partition (first reformat, then to exFat4), however since then my data of my OS is corrupted and the phone only starts into recovery/TWRP.
In recovery however, it is stuck into the teamwin twrp splash screen... The phone still reacts to adb commands, but I cannot start it anymore except fastboot and into the explained recovery state... Anyone an idea how to get my phone running again?
(I tried already to install different versions of TWRP, did'nt help)
Here is my recovery.log after I start TWRP and it gets stuck:
Code:
Starting TWRP 3.2.1-0-2af13795 on Wed Jan 28 15:53:59 1970
(pid 369)
RECOVERY_SDCARD_ON_DATA := true
I:Lun file '/sys/devices/soc/6a00000.ssusb/6a00000.dwc3/gadget/lun0/file'
TW_INCLUDE_CRYPTO := true
I:TW_BRIGHTNESS_PATH := /sys/devices/soc/900000.qcom,mdss_mdp/900000.qcom,mdss_mdp:qcom,mdss_fb_primary/leds/lcd-backlight/brightness
I:Found brightness file at '/sys/devices/soc/900000.qcom,mdss_mdp/900000.qcom,mdss_mdp:qcom,mdss_fb_primary/leds/lcd-backlight/brightness'
I:TWFunc::Set_Brightness: Setting brightness control to 153
I:LANG: en
Starting the UI...
setting DRM_FORMAT_RGBX8888 and GGL_PIXEL_FORMAT_RGBX_8888
cannot find/open a drm device: No such file or directory
fb0 reports (possibly inaccurate):
vi.bits_per_pixel = 32
vi.red.offset = 0 .length = 8
vi.green.offset = 8 .length = 8
vi.blue.offset = 16 .length = 8
setting GGL_PIXEL_FORMAT_RGBA_8888
double buffered
framebuffer: 0 (1440 x 2560)
Using fbdev graphics.
I:TWFunc::Set_Brightness: Setting brightness control to 153
I:Loading package: splash (/twres/splash.xml)
I:Load XML directly
I:PageManager::LoadFileToBuffer loading filename: '/twres/splash.xml' directly
I:Checking resolution...
I:Scaling theme width 1.333333x and height 1.333333x, offsets x: 0 y: 0 w: 0 h: 0
I:Loading resources...
I:Loading variables...
I:Loading mouse cursor...
I:Loading pages...
I:Loading page splash
I:Switching packages (splash)
I:minui: /sys/board_properties/virtualkeys.synaptics_dsx is 4 % 6
I:minui: /sys/board_properties/virtualkeys.synaptics_dsx: ignoring unknown virtual key type 102
=> Linking mtab
=> Processing recovery.fstab
I:Reading /etc/recovery.fstab
I:Processing '/boot'
I:Processing '/recovery'
I:Processing '/system'
I:Processing '/system_image'
I:Processing '/data'
I:Processing '/cache'
I:Processing '/modem_image'
I:Processing '/bluetooth'
I:Processing '/misc'
I:Processing '/efs1'
I:Processing '/efs2'
I:Processing '/efsg'
I:Processing '/efsc'
I:Processing '/persist'
I:Created '/persist' folder.
I:Processing '/external_sd'
I:Created '/external_sd' folder.
I:Processing '/usb-otg'
I:Created '/usb-otg' folder.
I:Done processing fstab files
I:Setting up '/data' as data/media emulated storage.
I:Created '/sdcard' folder.
I:Can't probe device /dev/block/sda9
I:Unable to mount '/data'
I:Actual block device: '/dev/block/sda9', current file system: 'f2fs'
I:Can't probe device /dev/block/sda9
I:Unable to mount '/data'
I:Actual block device: '/dev/block/sda9', current file system: 'f2fs'
get_crypt_ftr_info crypto key location: '/dev/block/bootdevice/by-name/cryptkey'
I:Backup folder set to '/data/media/TWRP/BACKUPS/3b7135c8'
I:Settings storage is '/data/media'
I:Device is encrypted with the default password, attempting to decrypt.
crypt_ftr->fs_size = 109914520
Using scrypt with keymaster for cryptfs KDF
Invalid hex string
Failed to convert passwd from hex, using passwd instead
keymaster module name is Keymaster QTI HAL
keymaster version is 256
Found keymaster1 module, using keymaster1 API.
Signing safely-padded object
Using scrypt with keymaster for cryptfs KDF
Invalid hex string
Failed to convert passwd from hex, using passwd instead
keymaster module name is Keymaster QTI HAL
keymaster version is 256
Found keymaster1 module, using keymaster1 API.
Signing safely-padded object
crypt_ftr->fs_size = 109914520
Using scrypt with keymaster for cryptfs KDF
keymaster module name is Keymaster QTI HAL
keymaster version is 256
Found keymaster1 module, using keymaster1 API.
Signing safely-padded object
Using scrypt with keymaster for cryptfs KDF
keymaster module name is Keymaster QTI HAL
keymaster version is 256
Found keymaster1 module, using keymaster1 API.
Signing safely-padded object
load_crypto_mapping_table: target_type = req-crypt
load_crypto_mapping_table: real_blk_name = /dev/block/sda9, extra_params = fde_enabled ice
Password matches
Data successfully decrypted, new block device: '/dev/block/dm-0'
Thanks in advance!
Well, the last line of your log does begin with 'data successfully decrypted', so logically, you are still encrypted. In TWRP, you must ALWAYS format data to remove encryption, wipe isn't enough. You can format data as either ext4 or f2fs, depending on what your current ROM/kernel supports. Ext4 is the safer option and will always work.
The exact version of TWRP you are using doesn't really matter, but I suggest @jcadduono's official TWRP for our device. Just download the latest *.img from twrp.me. Flash it with whatever tool you know works (Axon7Tool, Axon 7 EDL Tool, fastboot, etc).
If you can access fastboot then try:
fastboot erase userdata
or
fastboot format userdata
I haven't used fastboot in awhile, so I'm not sure which of those commands it is, but 1 of the 2 should work. Once that has succeeded then (re)flash TWRP and try booting to recovery again.
If all else fails then you can always flash the stock ROM EDL of your choice, that should get you up and running.
I tried already in fastboot erase userdata or format userdata - the phone doesn't know this partition.
Further, flashing a stock ROM in EDL mode with MiFlash (e.g. this ROM https://forum.xda-developers.com/axon-7/how-to/download-center-factory-images-ota-t3606547 A2017G-N-B12-FULL EDL) didn't work either. I receive always an error "cannot receive hello packet"...
The phone doesn't know userdata? Every Android device has one. And I'm pretty sure that's what it's called. Or just data for shorthand. Anyway, Google says that both of those fastboot commands are valid. Did you type them exactly as I posted? What is the exact error, verbatim?
As for the can't receive hello packet bit, then either you are not really in EDL mode, your EDL drivers are screwed up, or something fishy is going on with MiFlash.
Open up Device Management in Windows, find the option that enables hidden devices. Then expand every category and uninstall any device driver that is obviously Axon related. Make sure you tick the "delete driver" (or whatever it says) box too.
If you have used Zadig drivers, they can interfere.
Uninstall MiFlash.
Go to:
https://forum.xda-developers.com/axon-7/development/edl-emergency-dl-mode-twrp-unlock-t3553514
Download the Qualcomm drivers and MiFlash from the first post, install them as instructed. That is all I've ever used for EDL flashing, it just works, no need to change it.
Unplug phone from PC, make sure it is turned off. Hold VolUp+VolDown+Power. Let go when you see a red light blink in upper left (if it stays on you are in DFU mode). Connect phone, open MiFlash, everything should work.