Database Users

[BOOTLOADER] Analysis

Brief synopsis
Bootloader unlock isn't likely. Amazon provide the facility to unlock the bootloader, but there is no way of getting the key.
The program which is locking the bootloader appears to be specific to MediaTek and Amazon, therefore, there isn't any source code.
The partitions with an Android bootimg header are all signed with two Amazon certificates. This includes the Little Kernel (LK) and the kernel itself.
The preloader is custom built for Amazon. The preloader doesn't respond to SP Flash Tool because it's constantly in a reboot loop when in 'META mode'. I presume it's intentional; a different version can however be installed (See 'However...').
However...
@bibikalka has found some strings in tz.img refering to a bootloader unlock. There is an amzn_unlock_verify function in lk too.
There must be a is a way to get the preloader to work properly with SP Flash Tool. However, this won't allow you custom ROMs, just reinstall Amazon's software. The software installed is still verified during the boot process. See this unbrick guide to install a different preloader. The preloader is not signed or checked by the boot process.
There is a small chance some part of the boot process could be fooled.
Downgrade potential
An anti-rollback program appears to have been built in to the bootloader which prevents any attempt at downgrading the software on the device. This is rather irritating, and means that downgrading is almost impossible. Only the preloader seems to be unaffected by this anti-rollback system – so, if you attempted to downgrade, and caused your device to become bricked, then you can restore the version you left.
Note that I vaguely reference to the preloader, uboot and lk collectively as 'the bootloader'.
Original post
I previously had downloaded the 5.0.1 and 5.1.1 LK versions, and thought, why not run these through binwalk?
For the old, 5.0.1 bootloader, putting lk.bin through binwalk gave:
Code:
DECIMAL HEXADECIMAL DESCRIPTION
--------------------------------------------------------------------------------
204256 0x31DE0 SHA256 hash constants, little endian
292292 0x475C4 Android bootimg, kernel size: 0 bytes, kernel addr: 0x5D73255B, ramdisk size: 1869570592 bytes, ramdisk addr: 0x6D692074, product name: ""
330144 0x509A0 Unix path: /mnt/build/workspace/fireos-release_500-patch-build/bootable/bootloader/ufbl-features/project/../features/common_openssl/crypto/
330752 0x50C00 Unix path: /mnt/build/workspace/fireos-release_500-patch-build/bootable/bootloader/ufbl-features/project/../features/common_openssl/crypto/
334248 0x519A8 Unix path: /mnt/build/workspace/fireos-release_500-patch-build/bootable/bootloader/ufbl-features/project/../features/common_openssl/crypto/
339912 0x52FC8 Unix path: /mnt/build/workspace/fireos-release_500-patch-build/bootable/bootloader/ufbl-features/project/../features/common_openssl/crypto/
341028 0x53424 Unix path: /mnt/build/workspace/fireos-release_500-patch-build/bootable/bootloader/ufbl-features/project/../features/common_openssl/crypto/
350360 0x55898 Unix path: /mnt/build/workspace/fireos-release_500-patch-build/bootable/bootloader/ufbl-features/project/../features/common_openssl/crypto/
351732 0x55DF4 Certificate in DER format (x509 v3), header length: 4, sequence length: 1067
353656 0x56578 Certificate in DER format (x509 v3), header length: 4, sequence length: 1069
369736 0x5A448 CRC32 polynomial table, little endian
397548 0x610EC LZMA compressed data, properties: 0x91, dictionary size: 33554432 bytes, uncompressed size: 134217728 bytes
Whilst the 5.1.1 bootloader's lk.bin gave:
Code:
DECIMAL HEXADECIMAL DESCRIPTION
--------------------------------------------------------------------------------
204960 0x320A0 SHA256 hash constants, little endian
293720 0x47B58 Android bootimg, kernel size: 0 bytes, kernel addr: 0x5D73255B, ramdisk size: 1869570592 bytes, ramdisk addr: 0x6D692074, product name: ""
332024 0x510F8 Unix path: /mnt/build/workspace/fireos-ship_511-patch-build/bootable/bootloader/ufbl-features/project/../features/common_openssl/crypto/cry
332628 0x51354 Unix path: /mnt/build/workspace/fireos-ship_511-patch-build/bootable/bootloader/ufbl-features/project/../features/common_openssl/crypto/mem
336096 0x520E0 Unix path: /mnt/build/workspace/fireos-ship_511-patch-build/bootable/bootloader/ufbl-features/project/../features/common_openssl/crypto/asn
341712 0x536D0 Unix path: /mnt/build/workspace/fireos-ship_511-patch-build/bootable/bootloader/ufbl-features/project/../features/common_openssl/crypto/evp
342820 0x53B24 Unix path: /mnt/build/workspace/fireos-ship_511-patch-build/bootable/bootloader/ufbl-features/project/../features/common_openssl/crypto/obj
352064 0x55F40 Unix path: /mnt/build/workspace/fireos-ship_511-patch-build/bootable/bootloader/ufbl-features/project/../features/common_openssl/crypto/x50
353420 0x5648C Certificate in DER format (x509 v3), header length: 4, sequence length: 1067
355344 0x56C10 Certificate in DER format (x509 v3), header length: 4, sequence length: 1069
371656 0x5ABC8 CRC32 polynomial table, little endian
So there you go! The bootloader uses OpenSSL to check the partition against two DER format certificates. Ignore the LZMA header for now; binwalk thinks almost everything is LZMA compressed.

Can you run binwalk with -e and post the 5.1.1 certs here

benwaffle said:
Can you run binwalk with -e and post the 5.1.1 certs here
Click to expand...
Click to collapse
Look at the thread about the 5.1.1 lk.bin in this forum and download the binary so you can run binwalk on it yourself.
Here is the lk.bin file, zipped. You can try and run '-e' on this binary.
The extracted certificates appear to contain format strings for decompression/compression error and debug messages. It doesn't look right. But the top of the files are valid certificate headers (or appear to be to the untrained eye).
Thanks @benwaffle.

Good effort!
I shall note that Amazon must have a way to un-brick the devices with MTK tools, they would not swap motherboards in order to revive them ...
The problem with the public MTK tools that it's even impossible to create a scatter file automatically (read only operation), meaning that the formats are such that MTK tools don't understand:
http://forum.xda-developers.com/fire-hd/help/mtk-tools-people-hopeless-bricks-t3139784
There is also an attempt to look at which partitions change when 5.0.1 goes to 5.1.1, and frankly, it's not many places to hide (only a couple of partitions):
http://forum.xda-developers.com/amazon-fire/help/understand-5-1-1-bootloader-bricking-fix-t3301991
On Fire 2014 I also looked at the strings within the bootloaders, and they had some interesting stuff regarding unlocking:
http://forum.xda-developers.com/showpost.php?p=61288384&postcount=57
I wonder if it's possible to patch the very first thing that boots (preloader), and have it pass the unlocking flags around ? Or is preloader also encrypted fully ?

bibikalka said:
Good effort!
I shall note that Amazon must have a way to un-brick the devices with MTK tools, they would not swap motherboards in order to revive them ...
The problem with the public MTK tools that it's even impossible to create a scatter file automatically (read only operation), meaning that the formats are such that MTK tools don't understand:
http://forum.xda-developers.com/fire-hd/help/mtk-tools-people-hopeless-bricks-t3139784
There is also an attempt to look at which partitions change when 5.0.1 goes to 5.1.1, and frankly, it's not many places to hide (only a couple of partitions):
http://forum.xda-developers.com/amazon-fire/help/understand-5-1-1-bootloader-bricking-fix-t3301991
On Fire 2014 I also looked at the strings within the bootloaders, and they had some interesting stuff regarding unlocking:
http://forum.xda-developers.com/showpost.php?p=61288384&postcount=57
I wonder if it's possible to patch the very first thing that boots (preloader), and have it pass the unlocking flags around ? Or is preloader also encrypted fully ?
Click to expand...
Click to collapse
Thanks @bibikalka!
Yes – Amazon must have a way of flashing firmware. I wonder if there is a JTAG header on the board as well. The Fire HD 6 had a 'JDEBUG' port, as seen in iFixit's teardown photographs: https://www.ifixit.com/Teardown/Kindle+Fire+HD+6+Teardown/29815#s70239
There might be a bootloader unlock then! It might need someone to decompile uboot to see how to trigger the unlock.
I've only managed to get the preloader_prod.img at this moment in time (I haven't taken preloader.img off). The SHA256 hash starts at around 95% (117KB out of 121KB) of the file, according to binwalk.

Hi,
I'm sorry to shatter hopes for bootloader rollback, but I was looking at the strings in preloader_prod.img and found this:
Code:
$ strings images/preloader_prod.img | grep -i rollback
[ANTI-ROLLBACK] Processing anti-rollback data
[ANTI-ROLLBACK] Failed to read block 0
[ANTI-ROLLBACK] PL: %x TEE: %x LK: %x
[ANTI-ROLLBACK] Need to update version
[ANTI-ROLLBACK] Invalid checksum!
[ANTI-ROLLBACK] Checksum validated
[ANTI-ROLLBACK] PL version mismatch!
[ANTI-ROLLBACK] L: %x R: %x
[ANTI-ROLLBACK] Updating PL version
[ANTI-ROLLBACK] TEE version mismatch!
[ANTI-ROLLBACK] Updating TEE version
[ANTI-ROLLBACK] LK version mismatch!
[ANTI-ROLLBACK] Updating LK version
[ANTI-ROLLBACK] All checks passed
[ANTI-ROLLBACK] Updating RPMB block...
[ANTI-ROLLBACK] Unable to update RPMB block (wc)
[ANTI-ROLLBACK] Unable to update RPMB block (write)
[ANTI-ROLLBACK] RPMB block updated
[RPMB] Failed to initialize anti-rollback block
[RPMB] Anti-rollback block initialized
[RPMB] Valid anti-rollback block exists
[ANTI-ROLLBACK] Invalid anti-rollback state, skipping
There is more stuff when looking for rpmb...
A little bit of googling leads to: https://docs.google.com/viewer?url=patentimages.storage.googleapis.com/pdfs/US20140250290.pdf
This doesn't look good at all
These strings might give a bit hope:
Code:
[RPMB] Invalid magic, re-creating...
[RTC] clear rpmb program mode flag in rtc register
So something could be stored in the realtime clock and the device might recover if the RPMB block gets destroyed. I can't find any mention of OTP or fuses in the image.
EDIT: It seems rpmb can be accessed through /dev/block/mmcblk0rpmb. I've uploaded mine (5.0.1) to: http://bork.cs.fau.de/~michael/fire/
It seems to only contain a few ones and many zeroes.
It would be interesting to get the rpmb of a 5.1.1 device to compare:
Code:
$ adb shell
[email protected]:/ $ su
[email protected]:/ # dd if=/dev/block/mmcblk0rpmb of=/sdcard/rpmb.bin
1024+0 records in
1024+0 records out
524288 bytes transferred in 0.093 secs (5637505 bytes/sec)
I would not advise trying to flash the 5.0.1 rpmb to a 5.1.1 device!
Regards,
Michael

stargo said:
Hi,
I'm sorry to shatter hopes for bootloader rollback, but I was looking at the strings in preloader_prod.img and found this:
Code:
$ strings images/preloader_prod.img | grep -i rollback
[ANTI-ROLLBACK] Processing anti-rollback data
[ANTI-ROLLBACK] Failed to read block 0
[ANTI-ROLLBACK] PL: %x TEE: %x LK: %x
[ANTI-ROLLBACK] Need to update version
[ANTI-ROLLBACK] Invalid checksum!
[ANTI-ROLLBACK] Checksum validated
[ANTI-ROLLBACK] PL version mismatch!
[ANTI-ROLLBACK] L: %x R: %x
[ANTI-ROLLBACK] Updating PL version
[ANTI-ROLLBACK] TEE version mismatch!
[ANTI-ROLLBACK] Updating TEE version
[ANTI-ROLLBACK] LK version mismatch!
[ANTI-ROLLBACK] Updating LK version
[ANTI-ROLLBACK] All checks passed
[ANTI-ROLLBACK] Updating RPMB block...
[ANTI-ROLLBACK] Unable to update RPMB block (wc)
[ANTI-ROLLBACK] Unable to update RPMB block (write)
[ANTI-ROLLBACK] RPMB block updated
[RPMB] Failed to initialize anti-rollback block
[RPMB] Anti-rollback block initialized
[RPMB] Valid anti-rollback block exists
[ANTI-ROLLBACK] Invalid anti-rollback state, skipping
There is more stuff when looking for rpmb...
A little bit of googling leads to: https://docs.google.com/viewer?url=patentimages.storage.googleapis.com/pdfs/US20140250290.pdf
This doesn't look good at all
These strings might give a bit hope:
Code:
[RPMB] Invalid magic, re-creating...
[RTC] clear rpmb program mode flag in rtc register
So something could be stored in the realtime clock and the device might recover if the RPMB block gets destroyed. I can't find any mention of OTP or fuses in the image.
EDIT: It seems rpmb can be accessed through /dev/block/mmcblk0rpmb. I've uploaded mine (5.0.1) to: http://bork.cs.fau.de/~michael/fire/
It seems to only contain a few ones and many zeroes.
It would be interesting to get the rpmb of a 5.1.1 device to compare:
Code:
$ adb shell
[email protected]:/ $ su
[email protected]:/ # dd if=/dev/block/mmcblk0rpmb of=/sdcard/rpmb.bin
1024+0 records in
1024+0 records out
524288 bytes transferred in 0.093 secs (5637505 bytes/sec)
I would not advise trying to flash the 5.0.1 rpmb to a 5.1.1 device!
Regards,
Michael
Click to expand...
Click to collapse
How interesting. Thanks @stargo! I've updated the OP accordingly to your findings. Yes, it seems more complex than previously thought. I'll upload my 5.1.1 rpmb binary soon.

Hi there! As se en within I read mtk is a very hard platform to work with, because they are very closed, and they hardly ever release any source, so most Roms are ports of a similar decide. I'll have a search for a device with this same soc to ser if i can come back with related info. That's why I'm surprised we have cm here!

[ROM][crDroid][CM-Based][6.0.1][UNOFFICIAL][26.06.2016]

{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
​
OnePlus warranty covers software modifications!​
crDroid Features:
* Volume panel timeout
* Clear recents location
* Heads up customization
- Quick access button on expanded status bar
- Swipe behavior
- Touch outside behavior
- Time out
- Do not disturb
- Blacklist
* SlimRoms custom lockscreen shortcuts
* Navbar on/off
* Hardare keys on/off (in devices supported)
* Power menu in navring targets
* SlimPie controls with all working
* Sound panel option om power menu
* Superuser indicator (Notification, Statusbar icon or no indicator)
* Force expanded notifications on expanded statusbar
* Power menu and notifications tiles
* Four tiles per row
* Vibrate on tiles touch
* Disable quick settings on secure lockscreen​
Install steps:
1. Reboot into TWRP
2. Wipe System, Data, Cache and Dalvik
3. Flash crDroid zip
4. Flash GAPPS
5. Reboot​
Download: ​{Mod edit}​
Credits​CM-Team
crDroid-Team
Taker18
Grarak​
XDA:DevDB Information
crDroid, ROM for the OnePlus 3
Contributors
flo071, Taker18
Source Code: https://github.com/crdroidandroid
ROM OS Version: 6.0.x Marshmallow
ROM Kernel: Linux 3.10.x
ROM Firmware Required: Unlocked Bootloader & TWRP
Based On: CyanogenMod
Version Information
Status: Testing
Beta Release Date: 2016-06-26
Created 2016-06-20
Last Updated 2020-04-30

Reserved

Reserved

Thank you for freshly baked rom!! What version of gapps to install?

amilt0n said:
Thank you for freshly baked rom!! What version of gapps to install?
Click to expand...
Click to collapse
arm64 for android 6.0.1
Regards,
flo071

hi! thanks.....screenshoots?

angelsanges said:
hi! thanks.....screenshoots?
Click to expand...
Click to collapse
i dont have screenshots now...sorry.... i ll get my op3 this week...
Regards,
flo071

great job

It's strange but after rom booted and finished to install it's going to reboot again and again
No any gapps flashed.

amilt0n said:
It's strange but after rom booted and finished to install it's going to reboot again and again
No any gapps flashed.
Click to expand...
Click to collapse
Some else have this problem?
If so..pls give me logcats
Regards,
Flo071

bauita said:
great job
Click to expand...
Click to collapse
we know bro, just fun

So Guys, the new Build is UP! Hope you enjoy it!
Download
https://www.androidfilehost.com/?fid=24591000424942200
Changelog
====================
06-24-2016
====================
* frameworks/opt/net/wifi/
6d15b6e hotspot: Add a fallback to model-name for SSID
====================
06-23-2016
====================
* android/
1f4aef4 Merge remote-tracking branch 'cm/cm-13.0' into 6.0.0
* device/qcom/sepolicy/
a841b05 Merge remote-tracking branch 'cm/cm-13.0' into 6.0.0
* frameworks/base/
8c92bc0 Revert "Keyguard Wallpaper Changer [1/2]"
2faa450 Merge remote-tracking branch 'cm/cm-13.0' into 6.0.0
* packages/apps/Settings/
33ecb1d Revert "Keyguard Wallpaper Changer [2/2]"
f85016e Merge remote-tracking branch 'cm/cm-13.0' into 6.0.0
* packages/apps/SetupWizard/
2af50fe Merge remote-tracking branch 'cm/cm-13.0' into 6.0.0
* packages/apps/ThemeChooser/
7f5a68e Merge remote-tracking branch 'cm/cm-13.0' into 6.0.0
* packages/inputmethods/LatinIME/
e711ecf Merge remote-tracking branch 'cm/cm-13.0' into 6.0.0
* vendor/cmsdk/
73b1a27 Merge remote-tracking branch 'cm/cm-13.0' into 6.0.0
* vendor/crdroid/
bf1146c Merge remote-tracking branch 'cm/cm-13.0' into 6.0.0
====================
06-22-2016
====================
* device/oneplus/oneplus3/
8d7331a oneplus3: Add missing permissions for fb
a326c4e oneplus3: Fix decryption in TWRP
169ce83 oneplus3: Add kernel repository to cm.dependencies
a304f6f oneplus3: Adress more SELinux denials
b72e959 oneplus3: Fix voice speaker
368298c oneplus3: Add initial sepolicy
b6082e1 init.qcom.rc: Add separate service to configure BT address
6a8c39c oneplus3: Remove debugfs mounting
d21bb51 Revert "oneplus3: Set SELinux to permissive"
* device/qcom/common/
e1dbc22 power: msm8952: Fix previous_boost_time getting reset
* frameworks/opt/telephony/
b3d9061 Telephony Data: Introduce DataAllowed state
9354bf6 Fix issue when two MMS requests with same priority on both SUB's
* hardware/qcom/audio-caf/msm8960/
36aec39 hal: only open the amplifier once
2d69794 hal: enable amplifier earlier
dfe21b6 hal: Notify amplifier of device enable/disable
1170162 hal: Convert libaudioamp to audio_amplifier HAL
dbf1e5f hal: Support the audio amplifier hook
* packages/apps/BluetoothExt/
a92c7d6 wipower: Only build a4wp if BSP is available
* packages/apps/LockClock/
932b0cc Actually verifies if CM weather feature is available
* packages/apps/Settings/
232e667 Settings: Fix possible NPE
b720488 Settings: handle 'always ask' for SMS subscription on 3rd party apps
* packages/services/Mms/
56584b7 Revert "MmsRequest: Reimplement automatic data sub switch"
* system/bt/
0af4949 bt-vendor: Check for vendor SSR function before attempting to call it
* vendor/crdroid/
2b8c4b2 sepolicy: put bash in shell context
====================
06-21-2016
====================
* bootable/recovery/
8e507d8 recovery: Initialize menu_show_start_ to avoid crash
* cts/
26069ff merge in marshmallow-cts-release history after reset to marshmallow-cts-dev
a286bc9 Merge "DO NOT MERGE: Bump CTS to 6.0R8" into marshmallow-cts-dev
47de61a DO NOT MERGE: Bump CTS to 6.0R8
0963264 Merge "Merge "Merge "DO NOT MERGE ANYWHERE: Bump CTS to 5.0R8" into lollipop-cts-dev am: 68e28793a6 -s ours" into lollipop-mr1-cts-dev am: bc927019d8 -s ours" into marshmallow-cts-dev
88c962c Merge "Merge "DO NOT MERGE ANYWHERE: Bump CTS to 5.0R8" into lollipop-cts-dev am: 68e28793a6 -s ours" into lollipop-mr1-cts-dev am: bc927019d8 -s ours
bc92701 Merge "Merge "DO NOT MERGE ANYWHERE: Bump CTS to 5.0R8" into lollipop-cts-dev am: 68e28793a6 -s ours" into lollipop-mr1-cts-dev
5216f5e Merge "DO NOT MERGE ANYWHERE: Bump CTS to 5.0R8" into lollipop-cts-dev am: 68e28793a6 -s ours
68e2879 Merge "DO NOT MERGE ANYWHERE: Bump CTS to 5.0R8" into lollipop-cts-dev
2624477 DO NOT MERGE ANYWHERE: Bump CTS to 5.0R8
e864c88 Merge "DO NOT MERGE Updated the test to use Build.VERSION.SECURITY_PATCH Updated the test for June 2016" into marshmallow-cts-dev
c43822b DO NOT MERGE Updated the test to use Build.VERSION.SECURITY_PATCH Updated the test for June 2016
9fcf2d1 Merge "CameraIts: Use wait and notify for callback counter" into marshmallow-cts-dev
a613cc4 Merge "Merge "Revert "Fix for ByodFlowTestActivity"" into lollipop-mr1-cts-dev am: 8f0c2f57cf" into marshmallow-cts-dev
9205f90 Merge "Revert "Fix for ByodFlowTestActivity"" into lollipop-mr1-cts-dev am: 8f0c2f57cf
8f0c2f5 Merge "Revert "Fix for ByodFlowTestActivity"" into lollipop-mr1-cts-dev
30e4608 Revert "Fix for ByodFlowTestActivity"
ae4ee1e Merge "Fixing mnc byod build failures." into marshmallow-cts-dev
d382f3c Fixing mnc byod build failures.
9502933 Merge "Relax checks in usb accessory test and add logs" into marshmallow-cts-dev
cc4f1ca Merge "Merge "Merge "Merge \"DO NOT MERGE Add CTS for bug-15428797\" into kitkat-cts-dev am: 75c6dee114 -s ours" into lollipop-cts-dev am: 7342e25b39 -s ours" into lollipop-mr1-cts-dev am: ef2e6a3698 -s ours" into marshmallow-cts-dev
900becf Merge "Merge "Merge \"DO NOT MERGE Add CTS for bug-15428797\" into kitkat-cts-dev am: 75c6dee114 -s ours" into lollipop-cts-dev am: 7342e25b39 -s ours" into lollipop-mr1-cts-dev am: ef2e6a3698 -s ours
ef2e6a3 Merge "Merge "Merge "DO NOT MERGE Add CTS for bug-15428797" into kitkat-cts-dev am: 75c6dee114 -s ours" into lollipop-cts-dev am: 7342e25b39 -s ours" into lollipop-mr1-cts-dev
a9809d6 Merge "Merge "Merge "Merge \"DO NOT MERGE: CTS test case for verifying overflow in libskia JPG processing\" into kitkat-cts-dev am: e50ec09f51 -s ours" into lollipop-cts-dev am: 83b7fd487f -s ours" into lollipop-mr1-cts-dev am: da437175f1 -s ours" into marshmallow-cts-dev
3cb434d Merge "Merge "Merge \"DO NOT MERGE: CTS test case for verifying overflow in libskia JPG processing\" into kitkat-cts-dev am: e50ec09f51 -s ours" into lollipop-cts-dev am: 83b7fd487f -s ours" into lollipop-mr1-cts-dev am: da437175f1 -s ours
c15d8c7 Merge "Merge "DO NOT MERGE Add CTS for bug-15428797" into kitkat-cts-dev am: 75c6dee114 -s ours" into lollipop-cts-dev am: 7342e25b39 -s ours
2f2b1f7 Merge "Merge "Merge "DO NOT MERGE: CTS test case for verifying overflow in libskia JPG processing" into lollipop-cts-dev am: 0404910bed -s ours" into lollipop-mr1-cts-dev am: 397f066e4a -s ours" into marshmallow-cts-dev
1b253de Merge "Merge "Merge "DO NOT MERGE: CTS test case for CVE-2015-1532" into lollipop-cts-dev am: 15fe61b748 -s ours" into lollipop-mr1-cts-dev am: 89039c7838 -s ours" into marshmallow-cts-dev
68a5deb Merge "Merge "Merge "DO NOT MERGE: Revert "Verifier: Enable and disable non-market apps" [DO NOT MERGE]" into lollipop-cts-dev am: c4d4802fc3 -s ours" into lollipop-mr1-cts-dev am: 629fc1730f -s ours" into marshmallow-cts-dev
7342e25 Merge "Merge "DO NOT MERGE Add CTS for bug-15428797" into kitkat-cts-dev am: 75c6dee114 -s ours" into lollipop-cts-dev
da43717 Merge "Merge "Merge "DO NOT MERGE: CTS test case for verifying overflow in libskia JPG processing" into kitkat-cts-dev am: e50ec09f51 -s ours" into lollipop-cts-dev am: 83b7fd487f -s ours" into lollipop-mr1-cts-dev
1b2f238 Merge "Merge "DO NOT MERGE: CTS test case for verifying overflow in libskia JPG processing" into lollipop-cts-dev am: 0404910bed -s ours" into lollipop-mr1-cts-dev am: 397f066e4a -s ours
0c601b6 Merge "Merge "DO NOT MERGE: CTS test case for CVE-2015-1532" into lollipop-cts-dev am: 15fe61b748 -s ours" into lollipop-mr1-cts-dev am: 89039c7838 -s ours
8755754 Merge "Merge "DO NOT MERGE: Revert "Verifier: Enable and disable non-market apps" [DO NOT MERGE]" into lollipop-cts-dev am: c4d4802fc3 -s ours" into lollipop-mr1-cts-dev am: 629fc1730f -s ours
7d67d3f Merge "Merge "DO NOT MERGE: CTS test case for verifying overflow in libskia JPG processing" into kitkat-cts-dev am: e50ec09f51 -s ours" into lollipop-cts-dev am: 83b7fd487f -s ours
000dee3 Merge "DO NOT MERGE Add CTS for bug-15428797" into kitkat-cts-dev am: 75c6dee114 -s ours
397f066 Merge "Merge "DO NOT MERGE: CTS test case for verifying overflow in libskia JPG processing" into lollipop-cts-dev am: 0404910bed -s ours" into lollipop-mr1-cts-dev
89039c7 Merge "Merge "DO NOT MERGE: CTS test case for CVE-2015-1532" into lollipop-cts-dev am: 15fe61b748 -s ours" into lollipop-mr1-cts-dev
9a4cb39 Merge "Merge "DO NOT MERGE: CTS test case for CVE-2015-1532" into lollipop-mr1-cts-dev am: 304c6a29cd -s ours" into marshmallow-cts-dev
629fc17 Merge "Merge "DO NOT MERGE: Revert "Verifier: Enable and disable non-market apps" [DO NOT MERGE]" into lollipop-cts-dev am: c4d4802fc3 -s ours" into lollipop-mr1-cts-dev
83b7fd4 Merge "Merge "DO NOT MERGE: CTS test case for verifying overflow in libskia JPG processing" into kitkat-cts-dev am: e50ec09f51 -s ours" into lollipop-cts-dev
73711b9 Merge "Merge "DO NOT MERGE: CTS test case for verifying overflow in libskia JPG processing" into lollipop-mr1-cts-dev am: 7cd0cf6c48 -s ours" into marshmallow-cts-dev
a7377c5 Merge "DO NOT MERGE: CTS test case for verifying overflow in libskia JPG processing" into lollipop-cts-dev am: 0404910bed -s ours
7d2c66a Merge "DO NOT MERGE: CTS test case for CVE-2015-1532" into lollipop-mr1-cts-dev am: 304c6a29cd -s ours
07e6f59 Merge "DO NOT MERGE: CTS test case for CVE-2015-1532" into lollipop-cts-dev am: 15fe61b748 -s ours
c1dc212 Merge "DO NOT MERGE: CTS test case for verifying overflow in libskia JPG processing" into kitkat-cts-dev am: e50ec09f51 -s ours
d1df89d Merge "DO NOT MERGE: CTS test case for verifying overflow in libskia JPG processing" into lollipop-mr1-cts-dev am: 7cd0cf6c48 -s ours
7a1b703 Merge "DO NOT MERGE: Revert "Verifier: Enable and disable non-market apps" [DO NOT MERGE]" into lollipop-cts-dev am: c4d4802fc3 -s ours
75c6dee Merge "DO NOT MERGE Add CTS for bug-15428797" into kitkat-cts-dev
c96517c DO NOT MERGE Add CTS for bug-15428797
e50ec09 Merge "DO NOT MERGE: CTS test case for verifying overflow in libskia JPG processing" into kitkat-cts-dev
0404910 Merge "DO NOT MERGE: CTS test case for verifying overflow in libskia JPG processing" into lollipop-cts-dev
15fe61b Merge "DO NOT MERGE: CTS test case for CVE-2015-1532" into lollipop-cts-dev
304c6a2 Merge "DO NOT MERGE: CTS test case for CVE-2015-1532" into lollipop-mr1-cts-dev
7cd0cf6 Merge "DO NOT MERGE: CTS test case for verifying overflow in libskia JPG processing" into lollipop-mr1-cts-dev
86afa23 Merge "DO NOT MERGE CTS test case for verifying overflow in libskia JPG processing" into marshmallow-cts-dev
1e6909c DO NOT MERGE CTS test case for verifying overflow in libskia JPG processing
1d1d716 Merge "DO NOT MERGE Add CTS tests for Bug - 23034759 and Bug - 21132860" into marshmallow-cts-dev
018a164 DO NOT MERGE Add CTS tests for Bug - 23034759 and Bug - 21132860
c4d4802 Merge "DO NOT MERGE: Revert "Verifier: Enable and disable non-market apps" [DO NOT MERGE]" into lollipop-cts-dev
451712a DO NOT MERGE: Revert "Verifier: Enable and disable non-market apps" [DO NOT MERGE]
* device/oneplus/oneplus3/
be50cf4 oneplus3: Disable HDR 1x frame for Snap
* device/qcom/sepolicy/
22008e8 msm8937: Fix labeling of the cache and FRP partitions
* external/stagefright-plugins/
4c4ad3f stagefright-plugins: call packet_queue_init earier
* frameworks/base/
4282864 Automatic translation import
* frameworks/opt/telephony/
3718ef2 Telephony: handle 3rd party sms apps + 'always ask'
* hardware/broadcom/libbt/
1415972 libbt-vendor (BRCM): Add ssr_cleanup
* hardware/qcom/audio-caf/msm8937/
a11ff3c ssr: Fix building with OSS materials
* packages/apps/CMFileManager/
e337edc Fix Rename on VFat
80077de ListPopupWindow: set height of the list
2274d21 Search: Hide progress spinner if search fails
* packages/apps/CellBroadcastReceiver/
7223f70 Automatic translation import
* packages/apps/Contacts/
00ae48a Automatic translation import
* packages/apps/Dialer/
a907708 Automatic translation import
* packages/apps/Gello/
9fc0dae Automatic translation import
* packages/apps/InCallUI/
9af9096 Automatic translation import
* packages/apps/ManagedProvisioning/
be01e94 Automatic translation import
* packages/apps/Messaging/
9986c0d Automatic translation import
20ee26e String improvements
* packages/apps/Screencast/
7bc0763 Automatic translation import
* packages/apps/Settings/
d40bcaf Automatic translation import
5524936 Settings : Move trust agent search index to LockscreenSettings
* packages/apps/TvSettings/
55e73b5 Automatic translation import
* packages/apps/WallpaperPicker/
6cfca71 Automatic translation import
* packages/inputmethods/LatinIME/
884ca0d Automatic translation import
* packages/providers/DataUsageProvider/
260c7dc Automatic translation import
* packages/services/Telephony/
c4fd682 Automatic translation import
* vendor/cmsdk/
f4dd414 Themes: Fix ThemeManagerTest
afcfb67 Themes: Fix applying default theme
====================
06-20-2016
====================
* device/oneplus/oneplus3/
a5187c9 oneplus3: Add missing OMX blob
81190a6 oneplus3: Add missing camera parameter and symbol
56645a7 oneplus3: Switch to prebuilt camera HAL
525f189 Revert "oneplus3: Add OSS camera HAL"
b9163f3 Revert "oneplus3: camera: Use direct * pathmap"
425c9ed oneplus3: Enable audio recording
47675c2 oneplus3: Add acdb id override
2c703e6 oneplus3: Fix dt2w
54751e3 oneplus3: cmhw: Use cmsdk FileUtils
174e723 oneplus3: Enable cpusets
f63ec5f oneplus3: Stop loading wifi modules
4d71fba oneplus3: Add overlay for Snap
0103a36 oneplus3: Support for CDMA
a69c24a oneplus3: Enable proximity check on wake
e4f4c7e nx510j: Enable world phone and CDMA options
288600a oneplus3: Add prebuilt libOmxVenc
f346a6a oneplus3: LED brightness LibLights control
* kernel/oneplus/msm8996/
f0812a3 oneplus3: Enable cpusets
7efd2f7 cpuset: Make cpusets restore on hotplug
e459add cpuset: Add allow_attach hook for cpusets on android.
a06784c oneplus3: Disable modules
* packages/apps/Settings/
5004f92 Bring back the custom wallpaper picker [3/5]
* packages/apps/Snap/
cd37b99 Snap: Add picture resolutions for OnePlus 3
* packages/apps/Trebuchet/
113538a Bring back the custom wallpaper picker [2/5]
* vendor/oneplus/
7f8c876 oneplus3: Update media blobs
1701439 oneplus3: Add prebuilt camera hal
69b3004 oneplus3: Add dpmapi to dpmserviceapp dependence

tried both ur builds...on both the builds rom flashes and enters android is upgrading screen , completes upgrading and thn reboots ..doesnt enter setup screen at all..it keeps rebooting..any help..tried wit and without gapps.same trouble..

hafiz.hasan said:
tried both ur builds...on both the builds rom flashes and enters android is upgrading screen , completes upgrading and thn reboots ..doesnt enter setup screen at all..it keeps rebooting..any help..tried wit and without gapps.same trouble..
Click to expand...
Click to collapse
yes i know....it is a problem with the SystemUI....crDroid Team is working on it...
Regards,
flo071

flo071 said:
yes i know....it is a problem with the SystemUI....crDroid Team is working on it...
Regards,
flo071
Click to expand...
Click to collapse
thank you...?

So Guys, the new Build is UP! Hope you enjoy it!
Download
{Mod edit}
Changelog
====================
06-26-2016
====================
* android/
8ec7f08 Merge remote-tracking branch 'cm/cm-13.0' into 6.0.0
* device/qcom/common/
8fe35cc power: msm8996: Support boost and perf profile hints
* device/qcom/sepolicy/
2cdcb90 Merge remote-tracking branch 'cm/cm-13.0' into 6.0.0
* frameworks/base/
293a289 Merge remote-tracking branch 'cm/cm-13.0' into 6.0.0
e0e7598 Revert "Keyguard Wallpaper Changer [1/2]"
* frameworks/opt/telephony/
90501cb Subscription updater: don't turn data off if we've never set a deafult
* kernel/oneplus/msm8996/
6a83a0d ARM: dts: 15801: Correct asoc dtsi override
* packages/apps/Bluetooth/
4924f59 Revert "Revert "Ensure synchronized access of JNI callback object""
* packages/apps/FMRadio/
387bb91 Remove false log warnings
a1649aa Fix exponential content observer registration
* packages/apps/Settings/
7b5caa9 Merge remote-tracking branch 'cm/cm-13.0' into 6.0.0
9a6161f Revert "Keyguard Wallpaper Changer [2/2]"
* vendor/cmsdk/
cf6fb60 Merge remote-tracking branch 'cm/cm-13.0' into 6.0.0
* vendor/crdroid/
0528dd7 Merge remote-tracking branch 'cm/cm-13.0' into 6.0.0
* vendor/oneplus/
f3c0816 oneplus3: Remove ims.apk and imssettings.apk
1317ead oneplus3: Update blobs
====================
06-25-2016
====================
* cts/
8a3f20b Merge "DO NOT MERGE: disable libskia test." into marshmallow-cts-release
f9c17e5 DO NOT MERGE: disable libskia test.
* device/oneplus/oneplus3/
85ad7c4 init.qcom.rc: create iop socket
060f096 Merge pull request #1 from parheliamm/cm-13.0
be8ad16 Oneplus3: Remove useless memory setting.
* frameworks/base/
d442df6 wifi: Enable WiFi IpReachabilityMonitor by default
* frameworks/opt/net/wifi/
a0ac5e1 Reduce the link de-bounce time to 4 from earlier 7 seconds
012e76c Wifi: Clear scan caches while loading configured networks
80dfbc2 wifi: Use isGbkString() to check if SSID is GBK encoded
bb5d2c2 Wifi: Update Frequency before broadcasting intent
045ddba Wifi: send an explicit ENABLE_NETWORK with "no-connect"
c17a63e Wifi: Unblacklist the BSSIDs, if driver roams to the same again.
f995ef7 Wifi : Add null check before accessing ScanDetailCache
c06efae Wifi: Add NULL check before processing gscan results
faada83 P2P: p2p flush on a group remove event.
cbe286e wificonfig: store the scan cache for saved wifi configuration
e97c943 Don't create ScanDetailCache if entry absent in mScanDetailCaches
22b3c71 Wifi: Update WifiController state if Wifi turn On fails
6c7911a Wifi: Clear lastConnectAttemptTimestamp variable on a Wifi turn off
88db18e wifi: Bring back mIsWiFiIpReachabilityEnabled check
* kernel/oneplus/msm8996/
55f10c4 Revert "usb: dwc3: Fix assignment of EP transfer resources"
d32e3a7 Merge branch 'linux-3.18.y' of git://git.kernel.org/pub/scm/linux/kernel/git/jaegeuk/f2fs-stable into cm-13.0
9501689 Merge branch 'linux-3.18.y' of git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable into cm-13.0
a98847d oneplus3: Enable cpusets
cd4435a cpuset: Make cpusets restore on hotplug
736e87f cpuset: Add allow_attach hook for cpusets on android.
288db6f oneplus3: Disable modules
fd6b599 oneplus3: Enable bfq, set noop as default
5a09b10 block, bfq: add Early Queue Merge (EQM) to BFQ-v7r7 for 3.18.0
ea122d3 block: introduce the BFQ-v7r7 I/O sched for 3.18
f7a3696 block: cgroups, kconfig, build bits for BFQ-v7r7-3.18
947e976 qpnp-haptic: Add sysfs interface to control intensity
ec933c1 input: tri-state-key: Get it ready for CM
1e98ad8 input: synpatics_s1302: Get gestures ready for CM
97b2a7c input: synaptics_s1302: Clean up oneplus' logic
b24bbb4 ARM: dts: 15801: Clean up and orgainze DT
dbb50f5 leds: qpnp: turn off the button-backlight on boot
bb43776d usb: gadget: remove virtual cdrom
1e1a8ac msm: kgsl: Fix the snapshot mempool size calculation
00e6014 msm: kgsl: Correct the order of preemption packets
c200f55 msm: kgsl: Unbind the kgsl-event workqueue
2daf594 msm: kgsl: Add a cmdbatch profiling flag to get time since boot
2fbca54 msm: kgsl: Add A5x support for CONTEXT_SWITCH_YIELD preemption
3d97a28 msm: kgsl: Submit a set of critical packets right after ME init
152d51e msm: kgsl: verify user memory permissions before mapping to GPU driver
0990181 msm: kgsl: Bring in line with CAF
32c0f15 msm: kgsl: Specify the initial pwrlevel for each speed bin
bbc9f55 msm: kgsl: Restrict secure contexts to ringbuffer level preemption
8fcb7d0 oneplus3: Disable HBTP virtual mouse
4509d5e ARM64: dts: oneplus3: Add add synchronized RGB blink params
6959653 leds: qpnp: revert oneplus change
9a7cd34 soc: qcom: glink: Fix channel migration on fully open channel
35e80c0 soc: qcom: glink: Fix race condition in dummy xprt cleanup
4c0b7b4 soc: qcom: glink: Fix ssr race condition in glink_close
599b23b soc: qcom: glink: Refactor rwref lock mechanism
5c891ad soc: qcom: glink: Reorganize glink lock hierarchy
c944dc7 soc: qcom: ipc_router_glink_xprt: Queue receive intents appropriately
a4dd344 ASoC: apr: add API to read subsys state
f42a0ad qcom: core_ctl_helper: Fix potential NULL pointer dereference
8f3a9f4 soc: qcom: memory_dump_v2: use kmemleak_not_leak for mem dump's app table
e676c10 soc: qcom: ipc_router_mhi_xprt: Code Refactor to handle interface changes
65d7383 QBT1000: Enable runtime pm for qbt1000
5628f83 soc: qcom: rpm_master_stat: Add additional debug stats
b19b617 soc: qcom: glink: Add null pointer guards in glink transports
be6e3f6 QBT1000: modify input device to support all key events
d480089 swr-wcd-ctrl: Ensure soundwire banks are always in sync
8fc046e swr-wcd-ctrl: Handle soundwire slave device ungroup
4680eed soundwire: Add API to ungroup soundwire slave devices
076b1d2 soundwire: Add API to control slave device data path
1c3e76b ASoC: msm: qdsp6v2: Increase period size for pcm driver.
db3e97f ASoC: codecs: Fix possible null pointer dereference
629c3d7 ASoC: wcd-mbhc: Fix issue with headset insert with extn.cable
e0546e8 ASoC: wsa881x: Request device ungroup for speaker disable
2ba4ccf ASoC: msm: audio-effects: misc fixes in h/w accelerated effect
64e5ce9 ASoC: core: protect component list traversal with lock
180c23b soundwire: Add support for 48x2 frame structure
5755a05 soundwire: Avoid runtime suspend after device path bringup
d173a9f soundwire: Fix NULL pointer check while setting group ID
33535c0 soundwire: Add slave synchronization configuration
05f0390 ASoC: msm: qdsp6v2: DAP: Fix buffer overflow
38b185b ASoC: codecs: use correct subsystem status check
9075319 ASoC: msm: qdspv2: Add tertiary MI2S ports support
5365db9 ASoC: msm: Add apq8096 i2c machine driver
1a403c2 ASoC: codecs: Add audio MCLK support for APQ8096
fef3da7 ASoC: wcd9335: Remove pop on bring-up of noise cancelling headset
374d4e5 ASoC: wcd9335: Update decimator filter cutoff frequency
ed233bc ASoC: msm: qdsp6v2: Update set_params to avoid use before set
4d36726 ASoC: msm: qdsp6v2: compress passthrough fixes
eba8f35 ASoC: msm: q6dspv2: initialize private data before using it
451df9e ASoC: msm: qdsp6v2: set token for stereo_to_custom_stereo command
ba4e44a ASoC: wcd_cpe_services: Make the worker thread standalone
116bc16 ASoC: wcd9335: fix mute issue on headphone during concurrency
5aa3d80 ASoC: msm: qdsp6v2: Don't register to modem for SSR callbacks
a7fd5a8 ASoC: wcd-mbhc: Avoid fake headset report during headphone remove
bc8b0d1 ASoC: wcd9335: Add support for lineout volume adjustment
f25cfc1 ASoC: wcd9335: Give more headroom for headphone PA ramp
2f6519e ASoC: wcd9335: Update TX gain correctly after decimator enable
3dbc68b ASoC: wcd-mbhc: Add pointer validation checks in wcd-mbhc-v2.c
73cc68c ASoC: msm: qdsp6v2: Move spin lock init before apr registration
3170dfe android: binder: Don't use sched_preempt_enable_no_resched.
49f3f7e android: binder: Use wake up hint for synchronous transactions.
02444bd ion: Remove deferred free flag from system secure heap
f728a05 ion: Add Prefetch IOCTL support for System Secure heap
49a1dd5 ion/system_heap: Revisit secure pool shrinker implementation
19e72cd ion: Improve support for heap walking
a08f66d Ion: Add page pooling to Ion System Secure Heap
5ef8d48 ion page pool: Provide an API to try and allocate from only the Pool
e6f55e5 ion: Update nr_total properly in ion_system_heap_shrink
f37060a staging: ion: shrink page-pool by page unit
30888d6 ion: Restore upstream behavior in ion_page_pool_shrink()
3841b7f staging: ion: debugfs to shrink pool
011a038 staging: ion: Add X86 dependency for ION_POOL_CACHE_POLICY
b8a77c4 ion: fix page pool cache policy
bd6589e ion: Handle the memory mapping correctly on x86
d43ee06 ion : In carveout heap, change minimum allocation order from 12 to PAGE_SHIFT, After this change each bit in bitmap (genalloc - General purpose special memory pool)
457c37e msm: mdss: fix wrong chroma stride for h2v1/h1v2 formats
db65d2c msm: mdss: fix truncation of 64 bit for clk rate
2bfc76a msm: mdss: hdmi: set the output format to RGB888
5d12183 msm: mdss: Fix potential NULL pointer dereferences
bca6e79 msm: mdss: fb: reconfigure panel if output format has changed
ff4e810 msm: mdss: hdmi: check for scrambler override
10fe251 msm: mdss: hdmi: update switch node on hpd off
e79cd6c msm: mdss: hdmi: add dynamic fps support
b05f29b msm: mdss: turn off the phy during idle pc only if panel supports
10a84d8 msm: mdss: add null check before dereferencing members
5a1361c msm: mdss: add multi-mode support for dynamic fps
55e894b msm: mdss: add dynamic fps support for hdmi
0a5357f msm: mdss: Fix AD configuration for single DSI case
97f7f08 msm: mdss: update lineptr instantly in cmd mode panels w/autorefresh
fbe37f9 msm: mdss: hdmi: update power module state during probe
cb66f0c msm: mdss: send FB registered event before initializing MDP
88d610f msm: mdss: hdmi: enable scrambler during handoff
2921383 msm: mdss: hdmi: do not toggle power for HDMI modules
005b17c msm: mdss: hdmi: add debug method to print panel event names
557bdb8 msm: mdss: add lineptr interrupt support for video mode panels
4710a89 msm: mdss: add scr rev support for dsc
60ac658 msm: mdss: fix bit offset in pps configuration for dsc
79f8bd1 msm: mdss: Fix deadlock between AD lock and mdp clk lock
33683a9 msm: mdss: reset WB mixercfg during WB destroy
973cd78 msm: mdss: hdmi: add support for CEC suspend and resume events
7d58300 msm: mdss: hdmi: Do not treat intermediate ddc error as failure
eacfe97 msm: mdss: add lineptr interrupt support for command mode panels
d7214bd mdss: dsi: turn off phy power supply during static screen
92e68ec mdss: dsi: read dsi and phy revision during dsi ctrl probe
b20885f msm: mdss: fix the null check in framebuffer driver
a01bc68 msm: mdss: fix NULL pointer dereferencing issues
ea7322a msm: mdss: disable dsi burst mode when idle is enabled
6e54709 msm: mdss: fix to update the configuration for display related GPIOs
44b9e25 msm: mdss: Prevent zero backlight from been sent to AD core
0697479 msm: mdss: Fix PA memory color read sequence for foliage HOLD values
c5a11d3 msm: mdss: dsi: increase dsi error count only for valid errors
229b096 msm: mdss: fix simulator panel SW-TE parameters
9391a93 msm: mdss: clear solid fill pipe b/w vote
4390ccf msm: mdss: keep tear check enabled in LP1 power state
2fd0e98 msm: mdss: dsi: ensure clocks are off when setting their source
db0eddc msm: mdss: dsi: ignore error interrupt when mask not set
68c3acc msm: mdp: undo oneplus modification for auto refresh
e336389 mdss: mdp: avoid panic if recovery handler is uninitialized
84d9e96 mdss: mdp: avoid mdp done isr wait for split ctrl during reset
ad77eed mdss: mdp: add event timer for auto refresh
56944fb msm: mdss: Fix NULL pointer dereference
228ab1b msm: mdss: register smmu context fault handler
7cf44ea msm: mdss: delay dma commands for split-dsi cmd mode panels
cb5a9a0 msm: mdss: fix to restore pp split config
baa6574 msm: mdss: fix possible out-of-bounds and overflow issue in mdp debugfs
04d9c40 msm: mdss: Correct block id check for mdss_mdp_misr_table
0324281 msm: mdss: Fix memory leak in panel_debugfs_create_array func
14a31e3 msm: mdss: Properly set the PP feature cfg_payload in layers
c001577 msm: mdss: Properly free memory in error case
1b918af msm: mdss: Add NULL check before de-allocating framebuffer
091bdc6 msm: mdss: Bring in line with CAF
265b1ac msm: vidc: Enabling DPB-OPB split for NV12 color format
516f6ca msm: vidc: Fix buffer overflow issue in driver
63e055d9 msm: vidc: Make buffer validity checks stronger
84153e0 msm: vidc: Use Dcvs only when there is no resolution change
a26abd1 msm: vidc: Add support for output crop extra data
ae400eb msm: vidc: Update instance state before cap check
02baaf4 msm: vidc: Update mbs per second calculation
46212de msm: vidc: Handle encoder input in true dynamic mode
802cb9d msm: vidc: Invalidate cache for read only FBD
32816c2 oneplus3: Disable NTFS and regenerate defconfig
7256c6c fs: Remove exfat-nofuse driver
fb848cc oneplus3: Increase log buffer
8e8bbac init/Kconfig: Undo oneplus change
* packages/apps/Settings/
86c8b5e UI: Ensure "use for" options displayed when in landscape orientation
* vendor/cmsdk/
131de78 Themes: Provide 100% test coverage for themes

Still the same problem..boots up and restarts after upgradin screen....

great rom base one of the best I have ever run on any of my android phones. Here's to hoping you get everything running smoothly. The only rom I would actually want to root my phone to use...... :good:

After the last update to version 6.5 my phone hung on the logo and hung for an hour. I crashed CrDroid and went back to stock firmware OP. Crapt CrDroid

kiko80 said:
After the last update to version 6.5 my phone hung on the logo and hung for an hour. I crashed CrDroid and went back to stock firmware OP. Crapt CrDroid
Click to expand...
Click to collapse
Wrong thread.

[Guide][G800F/M/Y][7.1.2][UNOFFICIAL] Build Slim ROM 7 Nougat from Source

Overview
I've created a very simple #!/bin/bash script (attached) to automate the initial build or subsequent rebuild of SpookCity138's ROM:
Slim Rom 7 for the Samsung S5 mini G800f (kminilte). The script simply automates the steps and processes created by others (none of which is my own work - all credit goes to the original creators). I have only tested this script on my own working environment: Gnome Ubuntu 17.04; 16GB RAM; i7-7700HQ; If your environment differs from this your experience may differ from mine.
How to Execute script
See readme at: https://github.com/fidoedidoe/build_scripts
Thanks
@spookcity138, @jimmy999x. Taking the time to educate me at each and every tentative step and demonstrating great patience
Contributors
spookcity138
jimmy999x
Script Source
The latest version of the script (and others for different devices) can be found here: https://github.com/fidoedidoe/build_scripts
SpookCity138's ROM
https://forum.xda-developers.com/galaxy-s5-mini/development/rom-slim-rom-7-nougat-t3558926
Created 2017-09-20
Last Updated 2017-12-09

There are sources to build this ROM for the Snapdragon variant (G800H)? It's a very good device, but simply there is not a single Nougat ROM for it...

wow, excellent, I have reviewed the code (I have not executed it yet) looks pretty good, it should work, I have to copy your script and modify it for other roms, thanks!
edit 1: it is possible to use this script (I use it and it works perfect) to automate even more the process of configuring the compilation environment https://github.com/akhilnarang/scripts
Also, for Ubunt 16.04 I added a couple more to make it easier some things:
cmake
nautilus (optional)
phablet-tools
unrar
silversearcher-ag (this is optional, but extremely useful for me, allows me to find the problematic lines inside a document or folder)

lfom said:
There are sources to build this ROM for the Snapdragon variant (G800H)? It's a very good device, but simply there is not a single Nougat ROM for it...
Click to expand...
Click to collapse
You need to apply some SELinux, CAF, And CM/LOS Patches to build a Nougat ROM for G800H, or that rom will not boot, or will shall not pass from build errors.
Is not a easy task.....

lfom said:
There are sources to build this ROM for the Snapdragon variant (G800H)? It's a very good device, but simply there is not a single Nougat ROM for it...
Click to expand...
Click to collapse
i found this on YT
so far so good for me
give it a try
https://youtu.be/UPOpJgqnlf8

not working for me -- using xubuntu 17.10

ko_taka said:
not working for me -- using xubuntu 17.10
Click to expand...
Click to collapse
Script updated on github (follow links for build_slimrom7_kminilte.sh). Tested on my laptop (Ubuntu gnome 17.04) and SlimRom7 version 1.17 builds successfully (although I have yet to test the build on the device). I'll update the attached zip in the opening page in the coming days, but as a general rule github is the best place to find latest version(s).
Thanks to @spookcity138 (again) for taking time the time and offering sound help / advice identifying the issues and resolve (the issue was within applying device specific patches ./apply.sh).

I am on 40GB partition. Not enough?
perly terminated.
Fetching projects: 70% (381/544) fatal: unable to access 'https://android.googlesource.com/platform/hardware/akm/': gnutls_handshake() failed: The TLS connection was non-properly terminated.
Fetching projects: 73% (398/544) fatal: unable to access 'https://android.googlesource.com/platform/system/connectivity/shill/': gnutls_handshake() failed: The TLS connection was non-properly terminated.
fatal: unable to access 'https://android.googlesource.com/platform/external/jsr330/': gnutls_handshake() failed: The TLS connection was non-properly terminated.
Fetching projects: 74% (403/544) fatal: unable to access 'https://android.googlesource.com/platform/external/jsr330/': gnutls_handshake() failed: The TLS connection was non-properly terminated.
error: Cannot fetch platform/external/jsr330
Fetching projects: 78% (425/544) fatal: write error: No space left on device
fatal: write error: No space left on device
fatal: write error: No space left on device
fatal: write error: No space left on device
fatal: write error: No space left on device
fatal: write error: No space left on device
fatal: write error: No space left on device
fatal: index-pack failed
error: index-pack died
fatal: index-pack failed
fatal: index-pack failed
fatal: index-pack failed
fatal: index-pack failed
fatal: index-pack failed
error: Cannot fetch SlimRoms/frameworks_base
Click to expand...
Click to collapse

ko_taka said:
I am on 40GB partition. Not enough?
Click to expand...
Click to collapse
Yeah,you're running out of space. I don't recall exactly what the sources and the build of a nougat ROM take,space wise. It seems a little weird you were running out of space syncing the sources. If I recall correctly nougat sources are somewhere between 25-30GB. I could be wrong though. The actual build itself (the out folder) also takes a fair bit of space. Again,just guessing,but around 15-20GB. I would say 60GB would be what you need.

hi spookcity138, nice to see you around
I haven't coded that so I'm feeling a bit lost
The process finally ended (now I am on 80GB partition)
I do not know where is the build if that built anything
those are the last lines
build_slimrom7_kminilte.sh: 176: build_slimrom7_kminilte.sh: [[: not found
Remove references to OmniRom recovery...
remove config_uriBlruEnabled references, spoils the build...
alter local manifest files for slimrom 7 build compatability...
insert text into file: frameworks/base/core/res/res/values/config.xml...
delete file cm_arrays.xml...
remove flipflap stuff from device/samsung/smdk3470-common/smdk3470-common.mk...
build_slimrom7_kminilte.sh: 205: read: Illegal option -t
build_slimrom7_kminilte.sh: 210: build_slimrom7_kminilte.sh: [[: not found
patching file include/telephony/ril.h
Hunk #1 FAILED at 31.
Hunk #2 succeeded at 395 (offset -1 lines).
Hunk #3 succeeded at 409 (offset -1 lines).
Hunk #4 succeeded at 569 (offset -1 lines).
Hunk #5 succeeded at 624 (offset -1 lines).
Hunk #6 succeeded at 1023 (offset -1 lines).
Hunk #7 succeeded at 5217 (offset -1 lines).
Hunk #8 succeeded at 5866 (offset -1 lines).
1 out of 8 hunks FAILED -- saving rejects to file include/telephony/ril.h.rej
manually reapplying failed Hunk #1...
patching file ril/Android.mk
patching file ril/libril/Android.mk
patching file ril/libril/ril.cpp
patching file ril/libsecril-client/Android.mk
applying frameworks_av to frameworks/av
Applying: av: Add samsung wfd service
Applying: add Android M MediaBufferGroup:MediaBufferGroup() for libwvm.so
applying frameworks_native to frameworks/native
Applying: Revert "Remove Parcel::writeIntPtr."
Applying: add missing const getSensorList() for MM gpsd (G800FXXU1CPK5)
applying hardware_libhardware to hardware/libhardware
applying hardware_ril to hardware/ril
Applying: ril: recover on crash
applying hardware_samsung_ril to hardware/samsung/ril
Applying: add SetAudioMode and SetSoundClockMode for MM audio-ril
applying packages_services_Telephony to packages/services/Telephony
./apply.sh: line 24: cd: /home/ferran/android/build_scripts/packages/services/Telephony: No such file or directory
build_slimrom7_kminilte.sh: 238: read: Illegal option -t
build_slimrom7_kminilte.sh: 243: build_slimrom7_kminilte.sh: [[: not found
prepare device specific code...
build_slimrom7_kminilte.sh: 249: build_slimrom7_kminilte.sh: source: not found
build_slimrom7_kminilte.sh: 250: build_slimrom7_kminilte.sh: lunch: not found
running croot...
build_slimrom7_kminilte.sh: 253: build_slimrom7_kminilte.sh: croot: not found
build_slimrom7_kminilte.sh: 262: read: Illegal option -t
build_slimrom7_kminilte.sh: 267: build_slimrom7_kminilte.sh: [[: not found
running mka bacon...
build_slimrom7_kminilte.sh: 273: build_slimrom7_kminilte.sh: mka: not found
Click to expand...
Click to collapse

ko_taka said:
hi spookcity138, nice to see you around
I haven't coded that so I'm feeling a bit lost
The process finally ended (now I am on 80GB partition)
I do not know where is the build if that built anything
those are the last lines
Click to expand...
Click to collapse
The build did not start. It applied the patches successfully (all but one where there was an error) Then it is just a serious of failures. I have not used this script so I cant say specifically where you are going wrong. Does the script have executable permissions? (I assume so as it partially worked) Do you have all of the need dependencies for building Android? Thats not the issue I don't think,but you need them either way. Other than that I am not real sure honestly. You may need to wait for @fidoedidoe to help you. I'll reply back if any possible reason comes to mind.

ko_taka said:
hi spookcity138, nice to see you around
I haven't coded that so I'm feeling a bit lost
The process finally ended (now I am on 80GB partition)
I do not know where is the build if that built anything
those are the last lines
Click to expand...
Click to collapse
Hi @ko_taka
@spookcity138 is correct, the script failed...when it succeeds it's pretty clear the last few messages published will read along the lines of: "Package Complete: .../out/target/product/kminilte/Slim-kminilte-7.1.2.build.1.17-UNOFFICIAL-20171209-1401.zip" followed by "#### make completed successfully (24:30 (mm:ss)) ####" (note the build time will vary depending on the power of your build machine and utilisation of ccache). Oh, FYI - my build folder is ~95GB in size (the ../out/ folder is 26GB and the ../.repo/ folder is 47GB!!)
Back to the script failure....first verify the following variable in the build_slimrom7_kminilte.sh is defined correctly for your environment:
Code:
WORK_DIRECTORY="$HOME/android/slimrom7"
For my personal build environment I keep the script (build_slimrom7_kminilte.sh) in a separate folder to where the source is located and the build is output to (just so i can purge those folders without losing the build script). FYI on your laptop your folder structure should look something like that shown below, with build_slimrom7.kminilte.sh stored in the folder .../build_scripts
Code:
/home/ferran/android/build_scripts
/home/ferran/android/slimrom7
Once the above is verified...the primary issue you have is every time you see "...[[: not found", the script is hitting an issue. Check that the first line of the script contains the line "#!/bin/bash ", this is called "shebang" and it tells your shell what program to interpret the script with, in our case we need "Bash". I'm now wondering what OS / Shell you're using (I use Ubuntu Gnome 17.04 with Bash version 4.4.7) does yours differ from this? To verify your Bash version:
Code:
$ bash -version
GNU bash, version 4.4.7(1)-release (x86_64-pc-linux-gnu)
Copyright © 2016 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
You could try forcing your shell to use bash (from memory), by switching to the /build_scripts/ folder and running the following command (do not use sudo or any elevated permissions):
Code:
$ cd /home/ferran/android/build_scripts
$ ./build_slimrom7_kminilte.sh
Let me know how you get on, in essence the script is failing on the evaluation lines where "if [[....]]" is used. if we can't get it to work, in your case, the script may need to be altered to change the evaluation (perhaps "if [...]" would be more suitable). Anyway - give me some feedback and lets see if we can get you a little further.

my bash is 4.4.12
working directory had been set correctly
I removed the double [[ leaving a simple [ same with ]] closing brackets
it says Illegal option -t in line 238
this is line 238: read -r -p "6/7. Initialise environment for Build <Y/n>? (automatically continues unprompted after 10 seconds): " -t 10 -e -i Y PROMPT
it also says [: Y: unexpected operator on line 243
this is line 243: if [ ! $PROMPT =~ ^[Yy]$ ]; then

Timte to time I was getting errors while fetching
TLS errors
I found it is due gnutls package and applied the following solution:
compile git with openssl. To do this, run the following commands:
sudo apt-get update
sudo apt-get install build-essential fakeroot dpkg-dev libcurl4-openssl-dev
sudo apt-get build-dep git
mkdir ~/git-openssl
cd ~/git-openssl
apt-get source git
dpkg-source -x git_1.7.9.5-1.dsc
cd git-1.7.9.5
(Remember to replace 1.7.9.5 with the actual version of git in your system.)
Then, edit debian/control file (run the command: gksu gedit debian/control) and replace all instances of libcurl4-gnutls-dev with libcurl4-openssl-dev.
Then build the package (if it's failing on test, you can remove the line TEST=test from the file debian/rules):
sudo dpkg-buildpackage -rfakeroot -b
Install new package:
x86_64: sudo dpkg -i ../git_1.7.9.5-1_amd64.deb
Click to expand...
Click to collapse
I'm using git-openssl build now
Just started the fetching process again
I'm under virtual machine on a host with a proper firewall configuration -- maybe that caused the connection problems while fetching

ko_taka said:
my bash is 4.4.12
working directory had been set correctly
I removed the double [[ leaving a simple [ same with ]] closing brackets
it says Illegal option -t in line 238
this is line 238: read -r -p "6/7. Initialise environment for Build <Y/n>? (automatically continues unprompted after 10 seconds): " -t 10 -e -i Y PROMPT
it also says [: Y: unexpected operator on line 243
this is line 243: if [ ! $PROMPT =~ ^[Yy]$ ]; then
Click to expand...
Click to collapse
Sounds like we're making progress. This is good. So, reading around the subject of square brackets vs double. It transpires converting the evaluations from double square brackets ([[..]]) to singles ([..]) may** change how variables are referenced. In my script I was forced to use double square brackets to correctly evaluate the response from the "read -r....." (read input) command (where it evaluates when upper or lower case Y is entered). If this command is changed from double square brackets to single ones the command then fails (on my setup). Further to this, in your reply it appears you're also having issues with the "read" command, for some reason your version doesn't support the -t directive (which waits for N seconds - ie: -t 5 will wait 5 seconds for user input).
For now the easiest thing to do is to remove *all* of the steps in the script that awaits input from the user to continue processing the script (they are non essential vanity items primarily used while I was building out the script). There are 7 is these in the script (look for "1/7", "2/7", "3/7", etc etc), just comment out (insert # at beginning of each line) for all 7 instances. There are ~10 lines per instance, examples of how instance #1 and #7 should look after editing is below. Just do the same for all 7 instances in your script and re run the script.
Code:
...
...
#PROMPT=""
#read -r -p "1/7. Initialise/Reinitialise Repo, first 'repo init' will take hours <Y/n>? (automatically continues unpromted after 5 seconds): " -t 5 -e -i Y PROMPT
#echo
#if [ -z "$PROMPT" ]; then
# PROMPT="Y"
#fi
#if [[ ! $PROMPT =~ ^[Yy]$ ]]; then
# echo "Response: '$PROMPT', exiting!"
# exit 1
#fi
...
...
#PROMPT=""
#read -r -p "7/7. Build rom (this segment can take hours) <Y/n>? (automatically continues unprompted after 10 seconds): " -t 10 -e -i Y PROMPT
#echo
#if [ -z "$PROMPT" ]; then
# PROMPT="Y"
#fi
#if [[ ! $PROMPT =~ ^[Yy]$ ]]; then
# echo "Response: '$PROMPT', exiting!"
# exit 1
#fi
...
I'd be really interested in knowing what OS you're using (Ubuntu, Mac, etc along with version) perhaps I can use this detail to come up with a more generic version of the script.
Good luck, let me know how you get on.

ko_taka said:
Timte to time I was getting errors while fetching
TLS errors
I found it is due gnutls package and applied the following solution:
I'm using git-openssl build now
Just started the fetching process again
I'm under virtual machine on a host with a proper firewall configuration -- maybe that caused the connection problems while fetching
Click to expand...
Click to collapse
I'd also try changing the value of the variable: REPO_SYNC_THREADS in the script to something lower (more suitable to your internet bandwidth / performance), try 2 or 4 and build up from there. ie: REPO_SYNC_THREADS=2

I think the problem was on GIT .. confusing I think so
I would be waiting a message like (file doesnt exist or something like that)
anyway I still with compiling errors but now is quite different
I am using virtualbox (Xubuntu 17.10) on Mac OS 10.13.2 Mac Mini 2014 entry level
applying packages_services_Telephony to packages/services/Telephony
./apply.sh: line 24: cd: /home/ferran/android/slimrom7/packages/services/Telephony: No such file or directory
6/7. Initialise environment for Build <Y/n>? (automatically continues unprompted after 10 seconds): Y
prepare device specific code...
including device/generic/mini-emulator-arm64/vendorsetup.sh
including device/generic/mini-emulator-armv7-a-neon/vendorsetup.sh
including device/generic/mini-emulator-mips64/vendorsetup.sh
including device/generic/mini-emulator-mips/vendorsetup.sh
including device/generic/mini-emulator-x86_64/vendorsetup.sh
including device/generic/mini-emulator-x86/vendorsetup.sh
including device/samsung/kminilte/vendorsetup.sh
build/envsetup.sh: line 1716: vendor/slim/build/envsetup.sh: No such file or directory
build/core/product_config.mk:250: *** _nic.PRODUCTS.[[device/samsung/kminilte/slim.mk]]: "vendor/slim/config/common_full_phone.mk" does not exist. Stop.
build/envsetup.sh: line 624: vendor/slim/build/tools/roomservice.py: No such file or directory
build/core/product_config.mk:250: *** _nic.PRODUCTS.[[device/samsung/kminilte/slim.mk]]: "vendor/slim/config/common_full_phone.mk" does not exist. Stop.
cat: /home/ferran/android/slimrom7/vendor/slim/build/envsetup.sh: No such file or directory
cat: /home/ferran/android/slimrom7/vendor/slim/build/envsetup.sh: No such file or directory
build/core/product_config.mk:250: *** _nic.PRODUCTS.[[device/samsung/kminilte/slim.mk]]: "vendor/slim/config/common_full_phone.mk" does not exist. Stop.
** Don't have a product spec for: 'slim_kminilte'
** Do you have the right repo manifest?
running croot...
mka clean/clobber needed...
./build_slimrom7_kminilte.sh: line 257: mka: command not found
7/7. Build rom (this segment can take hours) <Y/n>? (automatically continues unprompted after 10 seconds): Y
running mka bacon...
./build_slimrom7_kminilte.sh: line 273: mka: command not found
Click to expand...
Click to collapse

ko_taka said:
I think the problem was on GIT .. confusing I think so
I would be waiting a message like (file doesnt exist or something like that)
anyway I still with compiling errors but now is quite different
I am using virtualbox (Xubuntu 17.10) on Mac OS 10.13.2 Mac Mini 2014 entry level
Click to expand...
Click to collapse
Thanks for the feedback. At first glance it looks to me like your issue is less to do with the script and more to do with not having all the source locally. Seeing commands such as running ./apply.sh (puled down with the source) error reporting "file not found" is the smoking gun.
Right now I'd be tempted to say ensure you've successfully pulled the primary SlimRom7 source locally. It may be easier to do this outside of the script by running the following:
Code:
$ cd /home/ferran/android/slimrom7/
$ repo forall -vc "git reset --hard" --quiet
$ repo sync --jobs="2"
Keep an eye out of timeouts / 404 while it's syncing the repo's (the third of the three commands above). If you get errors just keep rerunning the "repo sync" command given above while in the correct directory until it completes without error. Once you have that done successfully, change the the build_scripts directory and re-run the script. If you see timeouts / 404 in the script output then you might have to manually run the "git clone" commands to see which one is causing the issue(s).

why does need that much space?
I was executing
$ repo forall -vc "git reset --hard" --quiet
$ repo sync --jobs="2"
Click to expand...
Click to collapse
I am getting the message "out of space"
80GB full of source code and even need more space??

ko_taka said:
why does need that much space?
I was executing
I am getting the message "out of space"
80GB full of source code and even need more space??
Click to expand...
Click to collapse
Use a disk usage analysis tool to find out whether earlier failed attempts pulled source down to multiple locations (when the script was failing).. I mentioned in an earlier post the size of the repo, look back 5 or 6 posts. Don't forget the bulk of the source will be contained in a hidden folder named /.repo/ check this folder doesn't exist outside of the build folder (/slimrom7/)...looking at earlier attempts I'd fist check your /build_scripts/ folder for the hidden .repo folder and if there delete it. Good luck

Moto E4 (Qualcomm) new september update?

It looks like a new update is out for the Qualcomm, factory unlocked version of the Moto E4. I see the update number as "npqs26.69-27-3" and a description of "Security updates through September 1, 2017".
Anyone know how the update can be applied for those of us that are rooted? Has anyone already performed the update? Any issues to report?

You have to go fully stock to update. Probably will involve wiping the device.

I have the Verizon variant Moto E4, bought from Walmart in $40 deal in August, unlocked from eBay and then it started working for me for my AT&T SIM, yesterday I mistakenly updated the same to NDQ26.69-23-3 and now it is not working for my AT&T Sim. can anyone suggest what to do ? Has anyone run into this issue ?

Update unsuccessful on unlocked and rooted Moto E4 Qualcomm Perry
I have a moto e4 (qualcomm, perry) bought from Amazon (unlocked, no added) and have a CDMA trackfone-verizon sim. Phone is working fine, but the update will not apply. It gives me an error and indicates the update was unsuccessful. The bootloader is unlocked and the phone is rooted.
The issue seems to be the sha1 sum of by boot partition (see last_log below). I downloaded the stock rom for this device from https :// firmware.center/firmware/Motorola/Moto%20E4/Stock/
I believe the right one is PERRY_NPQ26.69-27_cid50_subsidy-DEFAULT_regulatory-XT1768_CFC_CANADA.xml.zip because Settings->About Phone->Build number is "NPQ26.69-27" and cat /proc/cpuinfo indicates "Device: perry". Does anybody else find it frustrating that I cannot get this file directly from motorola?
Inside that zip is a boot.img file. The sha1 sum of that file (computed with openssl sha1 boot.img) is 8f6e5f9814b84c48054bc9fd3df9f91610b85e09, which exactly matches the red text in the log file below. Also the length, 16777216, matches my current boot partition to the byte. I was hoping that simply writing this to the boot partition would fix the issue, but that was a big mistake. I copied the file to the phone and executed:
$ dd if=/dev/block/bootdevice/by-name/boot of=boot.img.orig #to save a backup of the original partition
$ dd if=boot.img of=/dev/block/bootdevice/by-name/boot
this bricked the device and it wouldn't boot. Didn't even make it to the Motorola splash screen. After some digging I was able to use fastboot on my PC to restore the boot.img.orig using:
PC$ fastboot flash:raw boot boot.img.orig
This restored the device to functioning order, but I was still not able to install the update. After this, tried to boot the stock boot image without flashing it using:
PC$ fastboot boot boot.img
This caused it to hang forever at the blue motorola splash screen. Power cycling cleared the issue as expected.
As you probably guessed by now, I am an experienced linux user, but new to android and really don't know what I am doing. @madbat99 suggests that I will have to flash the complete stock rom, wiping the device. I know how to backup, both with a backup app and with twrp, so wiping won't be a huge issue. Does anybody know how to flash a full rom? I am using gentoo linux and have fastboot and adb installed and can communicate with the bootloader, I have just never flashed a phone before. Should I expect to have to relock the bootloader for the update to apply? Afterwords, I am going to have to re-unlock the bootloader, re-root the device and then restore all my backups, correct?
I really want to apply this update due to the large gaping security holes it patches.
The relevant section of /cache/recovery/last_log are: (I bolded what I think is the real error)
[ 1.687300] I:whole-file signature verified against RSA key 0
[ 1.687314] I:verify_file returned 0
[ 1.687376] Installing update...
[ 1.729707] installing gptupgrade updater extensions
[ 1.739414] file_contexts.bin is taken from /file_contexts.bin
[ 1.740818] Mount command parameters gotten in updater script
[ 1.740855] mount point :/oem location: /dev/block/bootdevice/by-name/oem , file system type :ext4
[ 1.741029] secontext for the mount point /oem is ubject_remfs:s0
[ 1.744665] Source: motorola/perry/perry:7.1.1/NPQ26.69-27/31:user/release-keys
[ 1.744695] Target: motorola/perry/perry:7.1.1/NPQS26.69-27-3/3:user/release-keys
[ 1.744704] Verifying current system...
[ 2.115566] contents of partition "/dev/block/bootdevice/by-name/boot" didn't match EMMC:/dev/block/bootdevice/by-name/boot:16777216:8f6e5f9814b84c48054bc9fd3df9f91610b85e09:16777216:aa4a543db08521bc2bb6860f0d8e463d199db938
[ 2.115605] file "EMMC:/dev/block/bootdevice/by-name/boot:16777216:8f6e5f9814b84c48054bc9fd3df9f91610b85e09:16777216:aa4a543db08521bc2bb6860f0d8e463d199db938" doesn't have any of expected sha1 sums; checking cache
[ 2.115664] failed to stat "/cache/saved.file": No such file or directory
[ 2.115675] failed to load cache file
[ 2.115687] dump_badfile is failed: EMMC:/dev/block/bootdevice/by-name/boot:16777216:8f6e5f9814b84c48054bc9fd3df9f91610b85e09:16777216:aa4a543db08521bc2bb6860f0d8e463d199db938 is not present
[ 2.115720] script aborted: E3005: "EMMC:/dev/block/bootdevice/by-name/boot:16777216:8f6e5f9814b84c48054bc9fd3df9f91610b85e09:16777216:aa4a543db08521bc2bb6860f0d8e463d199db938" has unexpected contents.
[ 2.154752] E:Error in /cache/Blur_Version.26.11.31.perry.retail.en.US.zip
[ 2.154825] (Status 7)
[ 2.187583]
[ 2.209427] W:failed to read uncrypt status: No such file or directory
[ 2.209642] I:/cache/Blur_Version.26.11.31.perry.retail.en.US.zip
[ 2.209652] 0
[ 2.209660] time_total: 1
[ 2.209668] retry: 0
[ 2.209675] target_build: 3
[ 2.209682] source_build: 31
[ 2.209689] error: 3005
[ 2.209699] Installation aborted.

maurerpe said:
I have a moto e4 (qualcomm, perry) bought from Amazon (unlocked, no added) and have a CDMA trackfone-verizon sim. Phone is working fine, but the update will not apply. It gives me an error and indicates the update was unsuccessful. The bootloader is unlocked and the phone is rooted.
The issue seems to be the sha1 sum of by boot partition (see last_log below). I downloaded the stock rom for this device from https :// firmware.center/firmware/Motorola/Moto%20E4/Stock/
I believe the right one is PERRY_NPQ26.69-27_cid50_subsidy-DEFAULT_regulatory-XT1768_CFC_CANADA.xml.zip because Settings->About Phone->Build number is "NPQ26.69-27" and cat /proc/cpuinfo indicates "Device: perry". Does anybody else find it frustrating that I cannot get this file directly from motorola?
Inside that zip is a boot.img file. The sha1 sum of that file (computed with openssl sha1 boot.img) is 8f6e5f9814b84c48054bc9fd3df9f91610b85e09, which exactly matches the red text in the log file below. Also the length, 16777216, matches my current boot partition to the byte. I was hoping that simply writing this to the boot partition would fix the issue, but that was a big mistake. I copied the file to the phone and executed:
$ dd if=/dev/block/bootdevice/by-name/boot of=boot.img.orig #to save a backup of the original partition
$ dd if=boot.img of=/dev/block/bootdevice/by-name/boot
this bricked the device and it wouldn't boot. Didn't even make it to the Motorola splash screen. After some digging I was able to use fastboot on my PC to restore the boot.img.orig using:
PC$ fastboot flash:raw boot boot.img.orig
This restored the device to functioning order, but I was still not able to install the update. After this, tried to boot the stock boot image without flashing it using:
PC$ fastboot boot boot.img
This caused it to hang forever at the blue motorola splash screen. Power cycling cleared the issue as expected.
As you probably guessed by now, I am an experienced linux user, but new to android and really don't know what I am doing. @madbat99 suggests that I will have to flash the complete stock rom, wiping the device. I know how to backup, both with a backup app and with twrp, so wiping won't be a huge issue. Does anybody know how to flash a full rom? I am using gentoo linux and have fastboot and adb installed and can communicate with the bootloader, I have just never flashed a phone before. Should I expect to have to relock the bootloader for the update to apply? Afterwords, I am going to have to re-unlock the bootloader, re-root the device and then restore all my backups, correct?
I really want to apply this update due to the large gaping security holes it patches.
The relevant section of /cache/recovery/last_log are: (I bolded what I think is the real error)
[ 1.687300] I:whole-file signature verified against RSA key 0
[ 1.687314] I:verify_file returned 0
[ 1.687376] Installing update...
[ 1.729707] installing gptupgrade updater extensions
[ 1.739414] file_contexts.bin is taken from /file_contexts.bin
[ 1.740818] Mount command parameters gotten in updater script
[ 1.740855] mount point :/oem location: /dev/block/bootdevice/by-name/oem , file system type :ext4
[ 1.741029] secontext for the mount point /oem is ubject_remfs:s0
[ 1.744665] Source: motorola/perry/perry:7.1.1/NPQ26.69-27/31:user/release-keys
[ 1.744695] Target: motorola/perry/perry:7.1.1/NPQS26.69-27-3/3:user/release-keys
[ 1.744704] Verifying current system...
[ 2.115566] contents of partition "/dev/block/bootdevice/by-name/boot" didn't match EMMC:/dev/block/bootdevice/by-name/boot:16777216:8f6e5f9814b84c48054bc9fd3df9f91610b85e09:16777216:aa4a543db08521bc2bb6860f0d8e463d199db938
[ 2.115605] file "EMMC:/dev/block/bootdevice/by-name/boot:16777216:8f6e5f9814b84c48054bc9fd3df9f91610b85e09:16777216:aa4a543db08521bc2bb6860f0d8e463d199db938" doesn't have any of expected sha1 sums; checking cache
[ 2.115664] failed to stat "/cache/saved.file": No such file or directory
[ 2.115675] failed to load cache file
[ 2.115687] dump_badfile is failed: EMMC:/dev/block/bootdevice/by-name/boot:16777216:8f6e5f9814b84c48054bc9fd3df9f91610b85e09:16777216:aa4a543db08521bc2bb6860f0d8e463d199db938 is not present
[ 2.115720] script aborted: E3005: "EMMC:/dev/block/bootdevice/by-name/boot:16777216:8f6e5f9814b84c48054bc9fd3df9f91610b85e09:16777216:aa4a543db08521bc2bb6860f0d8e463d199db938" has unexpected contents.
[ 2.154752] E:Error in /cache/Blur_Version.26.11.31.perry.retail.en.US.zip
[ 2.154825] (Status 7)
[ 2.187583]
[ 2.209427] W:failed to read uncrypt status: No such file or directory
[ 2.209642] I:/cache/Blur_Version.26.11.31.perry.retail.en.US.zip
[ 2.209652] 0
[ 2.209660] time_total: 1
[ 2.209668] retry: 0
[ 2.209675] target_build: 3
[ 2.209682] source_build: 31
[ 2.209689] error: 3005
[ 2.209699] Installation aborted.
Click to expand...
Click to collapse
I hate to quote a post that long but you cannot install an official update on a rooted device with custom recovery.
If you have the correct firmware for your device, you need to extract it, rename .xml files to .img and flash with fastboot.
But it really needs to be correct firmware. I don't know the correct one for your device.
Might help
---------- Post added at 09:12 PM ---------- Previous post was at 09:00 PM ----------

z82anu said:
I have the Verizon variant Moto E4, bought from Walmart in $40 deal in August, unlocked from eBay and then it started working for me for my AT&T SIM, yesterday I mistakenly updated the same to NDQ26.69-23-3 and now it is not working for my AT&T Sim. can anyone suggest what to do ? Has anyone run into this issue ?
Click to expand...
Click to collapse
i have the verizon variant and updated to this patch back in October when it came out and i'm still using my cricket sim in it with no problems. are you still having the issue?

madbat99 said:
I hate to quote a post that long but you cannot install an official update on a rooted device with custom recovery.
If you have the correct firmware for your device, you need to extract it, rename .xml files to .img and flash with fastboot.
But it really needs to be correct firmware. I don't know the correct one for your device.
Might help
---------- Post added at 09:12 PM ---------- Previous post was at 09:00 PM ----------
Click to expand...
Click to collapse
Thank you @madbat99 . Using this method I was able to flash back to stock and install the update. The update works fine with my tracfone-verizon sim. I am not having the issue reported by @z82anu
To automate the process, I wrote a perl script that parses the servicefile.xml or flashfile.xml, verifies all the steps are valid, verifies that all files exist, verifies the md5 sums, and then executes the appropriate fastboot commands. It can be downloaded from https://github.com/maurerpe/stock-flash Hopefully, this will help other linux users looking to flash back to stock. Should work on window and Mac as well, but I haven't tested it.

Problem in Loading kernel module

I have successfully compiled stock kernel from samsung sources for my galaxy S5 G900H on kali linux.
I am trying to compile some modules. For that I have starred these ::
Code:
[*] Enable loadable module support
[CENTER] [*] Forced module loading [/CENTER]
[CENTER] [*] Module unloading [/CENTER]
[CENTER] [*] Forced module unloading [/CENTER]
I have rooted my phone and set selinux permissive mode. But trying to load these modules gives Exec format errors .
Code:
/system/bin/insmod asix.ko
insmod: failed to load asix.ko: Exec format error
In dmesg, it is showing ::
Code:
[ 5378.629376] [c3] TIMA: lkmauth--launch the tl to check kernel module; module len is 279631
[ 5378.630154] [c3] TIMA: lkmauth--cannot open mobicore session from kernel. 15
[ 5378.630296] [c3] TIMA: lkmauth--unable to load kernel module; module len is 279631.

After hours of searching , I found the culprit, it was samsung TIMA. So I just deselected "Enable TIMA" under "System Type" in kernel config. Now the modules load successfully.