Database Users

[Q] USB Drivers

Hi,
I have a legend and everything was fine but after I tried to install the legend CM6RC2 BUILD 66 Rom from cynogenmod it would not reboot any more and I only saw the android robot. After that I tried to get into recovery but that's not possible anymore.
I al ready tried modaco's guide but I didn't understand.
Does anyone know how I can unbrick my usb to be able to get into recovery to install another Rom?
Thanks in advance!

you must unbrick your USB by following this step ( nobody can do it for you... ) :
http://android.modaco.com/content/h...com/309961/usb-brick-rickrolled-b0rked-fixed/

usb drivers
I tried to understand this guide but I don't understand this part:
"Move this to /data/ , and flash the modified image using:
"/data/flash_image misc /data/mtd0.img"
You can move both mtd0.img and flash_image by putting it on your sdcard, and issueing the following command in a terminal emulator:
'cat /sdcard/flash_image > /data/flash_image'
'cat /sdcard/mtd0.img > /data/mtd0.img'
You might have to do 'chmod u+x /data/flash_image' before you run the commands (or chmod 755 /data/flash_image)"
and also i cant do step one because device is not found

you must do this after starting your device.
Before starting your device you must mount you sdcard with 'fastboot oem enableqxdm 0' under fastboot mode ( device off : hold power button + volume down )
after your device started, go to market and install Connecbot.
Start connectbot, select ( at the bottom ) Local in place of ssh , and type 'su' 2 times.
If you get permission denied, do what he's done in his PS http://android.modaco.com/index.php?s=&showtopic=309961&view=findpost&p=1335813

i can type su as many times as i want and nothing happens.
YES i typed it in local.I re-installed htc sync and still my pc cant recognize my phone.
what should i do?

you type SU on your device ? ( in connectbot )
if you see a # at the begining of the line , you are logged as root , just follow the unbrink step

ilos said:
you must do this after starting your device.
Before starting your device you must mount you sdcard with 'fastboot oem enableqxdm 0' under fastboot mode ( device off : hold power button + volume down )
after your device started, go to market and install Connecbot.
Start connectbot, select ( at the bottom ) Local in place of ssh , and type 'su' 2 times.
If you get permission denied, do what he's done in his PS http://android.modaco.com/index.php?s=&showtopic=309961&view=findpost&p=1335813
Click to expand...
Click to collapse
could you explain it for me ? how to do fastboot oem enableqxdm 0 in fastboot.....

you must have android sdk installed to use adb
When you have installed android sdk, go to tools directory, open a command prompt ( MSDOS ) , type 'adb shell' and 'fastboot oem enableqxdm 0'
after that, just reboot your device.
Look that for adb : http://forum.xda-developers.com/showthread.php?t=517874

ilos said:
you must have android sdk installed to use adb
When you have installed android sdk, go to tools directory, open a command prompt ( MSDOS ) , type 'adb shell' and 'fastboot oem enableqxdm 0'
after that, just reboot your device.
Look that for adb : http://forum.xda-developers.com/showthread.php?t=517874
Click to expand...
Click to collapse
what should i do after i reboot my device?
Win7 said he cant recognize the usb device.
is this good? dont you have the drivers or something?

zorro12010 said:
what should i do after i reboot my device?
Win7 said he cant recognize the usb device.
is this good? dont you have the drivers or something?
Click to expand...
Click to collapse
see post #6
to be simple :
only the device will see your sdcard.. not your computer... all steps for unbrick must be done on the phone except the fastboot command

i also tried typing SU and sl
and instead of # it says sh-3.2#

so you are logged as root
just to be sure type : ls not sl
you will see same thing like my screenshoot posted early
now follow unbrick command

ilos said:
you must have android sdk installed to use adb
when you have installed android sdk, go to tools directory, open a command prompt ( msdos ) , type 'adb shell' and 'fastboot oem enableqxdm 0'
after that, just reboot your device.
Look that for adb : http://forum.xda-developers.com/showthread.php?t=517874
Click to expand...
Click to collapse
thousand thanks......for you man.....i made it...........

congratulations !!!

Hi ..
I do not speak English well ،But I'm trying to understand
Please have the same problem, and tried to solve, but to no avail
at the above link in comment # 14
Thanks to Google Translate

[HOWTO] Recover from checksum errors

As I've seen a few people around having some checksum erros, I decided to write a small HOWTO.
!!!
The most important information needed to recover from a bricked device is the UID
If your device is not bricked and you read this thread ensure that you have saved your UID!
!!!
​
Because some people do not read big red text, here it is once again:
GET YOUR UID even if your device is not bricked.
If you need help please contact me with PM or ask for help in this thread.
If your device does not boot anymore it may display the following checksum erros:
"LNX checksum error" - when trying to boot into normal mode
"SOS checksum error" - when trying to boot into recovery (VOL- + Power pressed)
<CASE 1> SOS checksum error
Steps:
- Switch off your device by pressing power for ~8sec
- Switch on your device and boot into normal mode
- If LNX checksum error is displayed, stop here and see <CASE 3>
- Download itsmagic (see this thread). Extract "itsmagic" to the tools folder of android sdk.
- Connect your device to your PC (Windows: drivers can be obtained from Acer website)
- If not already done, get your UID using Method 1 of "How to get the UID"
- If not already done, get a dump of mmcblk0_start (see "How to get a dump of mmcblk0_start")
- In the command window type:
Code:
adb push itsmagic /data/local
adb shell
su -
chmod 755 /data/local/itsmagic
/data/local/itsmagic
exit
- If everything went fine you should see some output of itsmagic
- Reboot and check if you can boot again
- Store your UID and mmcblk0_start to some safe place
Possible reasons for this error
- You tried to install a new recovery without calling itsmagic before
- You have not remove /system/etc/install-recovery.sh
- Your recovery partition is corrupt
<CASE 2> LNX checksum error
Steps:
- Switch off your device by pressing power for ~8sec
- Switch on your device and boot into recovery by pressing VOL- + Power
- If SOS checksum error is displayed, stop here and see <CASE 3>
If you have stock recovery:
- If not already done, get your UID using Method 2 of "How to get the UID"
- Apply an official OTA, see this thread
If you have thor's CWR:
- If not already done, get your UID using Method 1 of "How to get the UID".
- Select "reboot system now"
If you have any other recovery (that does not have itsmagic integrated):
- If not already done, get your UID using Method 1 of "How to get the UID". If Method 1 does not work, try Method 2
- DO NOT apply any official update.zip . Otherwise you will end up in <CASE 3>
- send me a PM or ask for help in this thread.
Possible reasons for this error
- You tried to install install a new kernel / stock update.zip without calling itsmagic (will not occur with thor's CWR)
<CASE 3> SOS and LNX checksum error
- If available, upload the "mmcblk0_start" dump to some file hoster (e.g. dropbox)
- Send me a PM with your UID and a link to "mmcblk0_start"
- If you do not have your UID: DO NOT connect your device to your PC:
- Pray that you are able to recover the UID from a PC the Iconia was already connected once.
- Windows: Try Method 2 of "How to get the UID" but DO NOT connect your device to your PC.
- Linux/Mac: Check old syslogs for messages where your device was connected to your PC (normally some "usb " kernel messages)​
Possible reasons for this error
- You tried to install a new kernel athough you already have a SOS checksum error
- You tried to install a new recovery altough you aleady have a LNX checksum error
How to get the UID
Method 1
- If not already done, follow the instruction "Howto install ADB" below
- In the command shell, type:
Code:
adb devices
and press RETURN
This will output something like this:
Code:
List of devices attached
370014740c00594 device
The number is your UID.
- Save this number somewhere it won't get lost
Method 2
- Connect your device to your PC and ensure that drivers are properly installed (Windows: Can be downloaded from Acer website)
Windows:
Download this tool (download link is nearly at the end of the page):
- Open the tool
- Sort after VendorID
- Find all devices with VendorID = 0502 and ProductID = 3325. Check the "Serial number" column for these devices.
Linux:
Call (as root) and see the iSerial field for Iconia.
Code:
lsusb -v
Mac:
- Should be visible in system profiler. Sadly I don't own a mac. So if anyone can help me out with this?
How to get a dump of mmcblk0_start
- If not already done, follow the instruction "Howto install ADB" below
- In the command shell, type:
Code:
adb shell
su -
dd if=/dev/block/mmcblk0 bs=512 count=13312 of=/sdcard/mmcblk0_start
exit
exit
adb pull /sdcard/mmcblk0_start .
- This will create a file "mmcblk0_start" in the tools folder of your android-sdk.
- Copy this file to some safe place
How to install ADB
1. Download android SDK from here. Windows: Download the .zip file instead of the exe file.
2. Extract android SDK somewhere
3. Open a command shell:
- Windows: Press Winkey+R . Some small window appear. Enter "cmd" and click ok. A black command promt window will open.
- Linux/Mac: Open a terminal window
4. "cd" to the "tools" folder of the android sdk by typing the following in the command shell:
- Windows:
Code:
cd "<path to tools folder>"
Sample:
Code:
cd "c:\android\android-sdk-windows\tools"
- Linux/Mac:
Code:
cd /path/to/tools/folder
5. Ensure that your device is connected, that drivers are installed and that USB debugging is enabled (on Iconia: Settings->Applications->Development->USB Debugging)

reserved for me

Im just asking, in case3 u need dump of mmcblk0_start ,but what if dont have it, only UID?
Should i make dump of mmcblk0_start just in case to be insured that evrything will be ok if smth happens?
Any way thks fo tutorial)

Glebaka said:
Im just asking, in case3 u need dump of mmcblk0_start ,but what if dont have it, only UID?
Should i make dump of mmcblk0_start just in case to be insured that evrything will be ok if smth happens?
Any way thks fo tutorial)
Click to expand...
Click to collapse
Having a dump in <case 3> makes everything easier. But it is not mandatory. Nevertheless it's generally a good idea to backup mmcblk0_start.
btw: thor's CWR will backup mmcblk0_start since version 1.2 if you do a nandroid backup.

sc2k said:
How to get a dump of mmcblk0_start
- If not already done, follow the instruction "Howto install ADB" below
- In the command shell, type:
Code:
adb shell
dd if=/dev/block/mmcblk0 of=dd if=/dev/block/mmcblk0 bs=512 count=13312 of=/sdcard/mmcblk0_start
exit
adb pull /sdcard/mmcblk0_start .
- This will create a file "mmcblk0_start" in the tools folder of your android-sdk.
- Copy this file to some safe place
Click to expand...
Click to collapse
Hi there,
after i typed "dd if=/dev/block/mmcblk0 of=dd if=/dev/block/mmcblk0 bs=512 count=13312 of=/sdcard/mmcblk0_start" in the adb shell i got an invalid argument error:
Code:
if: illegal argument combination or already set
What i should do?

when i get a SOS checksum error and a LNX checksum error,can i copy files from pc to a500 device? how?

dmue said:
Hi there,
after i typed "dd if=/dev/block/mmcblk0 of=dd if=/dev/block/mmcblk0 bs=512 count=13312 of=/sdcard/mmcblk0_start" in the adb shell i got an invalid argument error:
Code:
if: illegal argument combination or already set
What i should do?
Click to expand...
Click to collapse
Sorry, there was a typo. Should be correct now
Thanks for the hint.

kimycai said:
when i get a SOS checksum error and a LNX checksum error,can i copy files from pc to a500 device? how?
Click to expand...
Click to collapse
The procedure for this case is much more complex. If you do something wrong, it is getting even more complicated.
I will not publish details currently, sorry. If you get this error, contact me.
As soon as some tools are finished i will update the OP.
Sent from my HTC Desire using XDA App

sc2k said:
Sorry, there was a typo. Should be correct now
Thanks for the hint.
Click to expand...
Click to collapse
Ah ok, thx.

thank you sc2k!

sc2k said:
The procedure for this case is much more complex. If you do something wrong, it is getting even more complicated.
I will not publish details currently, sorry. If you get this error, contact me.
As soon as some tools are finished i will update the OP.
Sent from my HTC Desire using XDA App
Click to expand...
Click to collapse
really？
waiting……

Hi
After I typed "dd if=/dev/block/mmcblk0 bs=512 count=13312 of=/sdcard/mmcblk0_start" in adb i got: "dd if=/dev/block/mmcblk0 bs=512 count=13312 of=/sdcard/mmcblk0_start /dev/block/mmcblk0: cannot open for read: Premission denied"
What i done wrong?

Raphaello said:
Hi
After I typed "dd if=/dev/block/mmcblk0 bs=512 count=13312 of=/sdcard/mmcblk0_start" in adb i got: "dd if=/dev/block/mmcblk0 bs=512 count=13312 of=/sdcard/mmcblk0_start /dev/block/mmcblk0: cannot open for read: Premission denied"
What i done wrong?
Click to expand...
Click to collapse
You need to be root
Type
Code:
su -
before.
I will update the guide

Thanks but it's doesn't work yet. I have root access. I tried type "su-" but it is the same message "cannot open for read: Premission denied". I install usb drivers and the others think from guide hmmmm....

Raphaello said:
I tried type "su-" but it is the same message "cannot open for read: Premission denied".
Click to expand...
Click to collapse
Did you type su- or su - (notice the space between su and -)?
Also you'll have to confirm su permissions on the tablet.

I typed "su -" with space between su and -
I have USB debugging turn on
When i type "su -" it say "Premission denied"
I really sorry for problem and thanks you for trying to help me

Is your device rooted? Because it has to be.
And if it's rooted did you notice a superuser app popping up after you run the command.

What a shame, I did not notice a superuser app popping up :/ Now it's ok. Thank You very much. I must learn a lot. Only think was taht I can't pull this file to my computer via "adb pull /sdcard/mmcblk0_start" but i copy it directly from device Now I feel safe.
Thanks a lot guys

Well, actually you should be able to dump directly to adb without copying to device to save some time.
like dd if=/dev/mmcblk0p1 count=X bs=Y
but without specifying of= or using of=-
and don't forget to redirect it to file. like "adb shell "dd if ..." > dump_p1". Not sure it will work fine, but I used it once on another device to dump block device image.

i download the android sdk zip file, but is seems that the "tools" folder doesn't include the adb executable file , how should i do?

Root 2.3.6 Roms

Good news everyone!
Here is the rooting method for 2.3.6 ROM's, that I decided to call PreinstalameEsta (roughly translated to PreinstallThis)
This method doesn't change any user data. The sbf that is flashed during the procedure only modifies the /preinstall partition (CG66), in which exists a security problem that I exploited to get the root access.
Files needed:
PreinstalameEsta's Files: https://github.com/downloads/nicofff/preinstalameEsta/nicofff-preinstalameEsta-v0.9-4-gce4da6b.zip
ADB, RSD lite, drivers, etc.
Procedure:
1) Unzip the PreinstalameEsta's Files
2) Plug your phone, and switch on USB debugging
3) Run the rootMM2_en.bat file (or runme_en.sh on linux)
3) When asked to flash the new sbf file, reboot the phone into bootloader mode (turn on while pressing the up arrow on the keyboard)
4) Open RSD lite, select the fixed.sbf file and flash it into the phone. (if on linux, use the sbf_flash app included)
5) When it finishes flashing, and reboots, continue executing the rootMM2.bat file.
6) After a few reboots more, the batch file will finish and the phone should be rooted.
In case you want to contribute code, translations, etc.:
https://github.com/nicofff/preinstalameEsta
For an explanation (in spanish) on how i found the root, check here:
http://nicofff.blogspot.com.ar/2012/06/historia-de-un-rooteo-y-todo-lo-que.html
Original Thread on GA: http://www.grupoandroid.com/topic/49338-root-ginger-de-personal-claro-movistar-vivo-y-tigoretail/
Happy Rooting
Nicofff
Update 05/08/2012:
I got my phone stolen last night (In San Telmo, Buenos Aires). Just in case it ends in the hands of a good soul and they happen to come here, i humbly ask them to return it.
The way to identify it: Under the battery, there is a sticker from AFIP that is slightly burnt.
Thanks

Hello my friend, I made all steps and I couldn't make it
I have milestone 2 (brazilian version)
45.2.2710.A953.Latam.en.01 (retail R01)
I think I'll be forever with this rom !
Any idea ?!?!
Thanks !!

Gauzo said:
Hello my friend, I made all steps and I couldn't make it
I have milestone 2 (brazilian version)
45.2.2710.A953.Latam.en.01 (retail R01)
I think I'll be forever with this rom !
Any idea ?!?!
Thanks !!
Click to expand...
Click to collapse
Try again.. All people in Argentina could do it using this tutorial.. Just look at the original thread
Sorry for my english

Gauzo said:
Hello my friend, I made all steps and I couldn't make it
I have milestone 2 (brazilian version)
45.2.2710.A953.Latam.en.01 (retail R01)
I think I'll be forever with this rom !
Any idea ?!?!
Thanks !!
Click to expand...
Click to collapse
What errors did you get?
Paste the output from the script and from RSDlite

argentina personal
Did it work on argentina personal ? :crying:

makipn said:
Did it work on argentina personal ? :crying:
Click to expand...
Click to collapse
Yes it does! 300 Downloads from GrupoAndroid and counting!

I flashed fixed.sbf with rsdlite, everything was fine... after that when I tried to use the root_mm2_en, it was saying that couldn't change, like other roots (doomlord v4, superoneclick,...)
What can I do ? Later I'll post my error
Thanks a lot !

gb vivo 2.3.6 & windows 7
when i run rootMM2-en.bat it opens a window where there is written " press a button to continue" when i press it, it start to work and appers this message :
0 KB/s (105 bytes in 1.000s)
Without closing this window, shutdown the phone
and restart it in bootloader mode (power + UP key in the keyboard)
Once inside the bootloader mode, flash the fixed.sbf from rsdlite
after it restarts, enable USB debugging and press enter to continue...
Premere un tasto per continuare . . .
Waiting for Phone
Syntax error: Unterminated quoted string
than the phone switch off by itself and i had turn it on in bootloader mode, i have flashed the fixed sbf and than the it show me this message
remount failed: Operation not permitted
failed to copy 'su' to '/system/bin/su': Read-only file system
Unable to chmod /system/bin/su: No such file or directory
link failed Read-only file system
failed to copy 'busybox' to '/system/xbin/busybox': Read-only file system
Unable to chmod /system/xbin/busybox: No such file or directory
/system/xbin/busybox: not found
failed to copy 'Superuser.apk' to '/system/app/Superuser.apk': Read-only file sy
stem
/sbin/hotplug > /sys/kernel/uevent_helper
The End
is it a bug or i had make a mistake ?

sminatore said:
is it a bug or i had make a mistake ?
Click to expand...
Click to collapse
It's a bug because of the translation... I've found it:
Code:
adb shell "echo 'doing something on adb, otherwise it doesn't work'"
Should change to
Code:
adb shell "echo 'doing something on adb, otherwise it does not work'"
@nicofff the ' in "don't" caused a syntax error

sminatore said:
gb vivo 2.3.6 & windows 7
when i run rootMM2-en.bat it opens a window where there is written " press a button to continue" when i press it, it start to work and appers this message :
0 KB/s (105 bytes in 1.000s)
Without closing this window, shutdown the phone
and restart it in bootloader mode (power + UP key in the keyboard)
Once inside the bootloader mode, flash the fixed.sbf from rsdlite
after it restarts, enable USB debugging and press enter to continue...
Premere un tasto per continuare . . .
Waiting for Phone
Syntax error: Unterminated quoted string
than the phone switch off by itself and i had turn it on in bootloader mode, i have flashed the fixed sbf and than the it show me this message
remount failed: Operation not permitted
failed to copy 'su' to '/system/bin/su': Read-only file system
Unable to chmod /system/bin/su: No such file or directory
link failed Read-only file system
failed to copy 'busybox' to '/system/xbin/busybox': Read-only file system
Unable to chmod /system/xbin/busybox: No such file or directory
/system/xbin/busybox: not found
failed to copy 'Superuser.apk' to '/system/app/Superuser.apk': Read-only file sy
stem
/sbin/hotplug > /sys/kernel/uevent_helper
The End
is it a bug or i had make a mistake ?
Click to expand...
Click to collapse
do this:
adb shell "rm /data/preinstall_md5/*"
and then run the script again, but when instead of rebooting into bootloader mode and flashing, just reboot it normally

thx for answer
but....i'm a noob... where i should type this : adb shell "rm /data/preinstall_md5/*" ??

I had the same problem, I'll try to do this ! let's see guys !

Caesarivs said:
It's a bug because of the translation... I've found it:
Code:
adb shell "echo 'doing something on adb, otherwise it doesn't work'"
Should change to
Code:
adb shell "echo 'doing something on adb, otherwise it does not work'"
@nicofff the ' in "don't" caused a syntax error
Click to expand...
Click to collapse
Just updated the POST pointing to the fixed version

sminatore said:
thx for answer
but....i'm a noob... where i should type this : adb shell "rm /data/preinstall_md5/*" ??
Click to expand...
Click to collapse
Gauzo said:
I had the same problem, I'll try to do this ! let's see guys !
Click to expand...
Click to collapse
Just download the latest version (v0.9-4) from github: https://github.com/nicofff/preinstalameEsta
The bug is fixed

still doesnt work, i have downloaded the last version and than follow again the instructions written in firts post, but if i turn on the device on bootmode it give me always the same error, and if i turn on the phone normally i cant flash the sbf file ....

sminatore said:
still doesnt work, i have downloaded the last version and than follow again the instructions written in firts post, but if i turn on the device on bootmode it give me always the same error, and if i turn on the phone normally i cant flash the sbf file ....
Click to expand...
Click to collapse
Run rootMM2.bat, do you get the same error?

rootMM2_en.bat
im trying on linux now... lets see

sminatore said:
rootMM2_en.bat
im trying on linux now... lets see
Click to expand...
Click to collapse
There are two .bat files... rootMM2_en.bat and rootMM2.bat... run rootMM2.bat and tell us if you get the same error... because the bug is fixed, it should be something else

Hey Guys !!! thanks it's working now !!!
Just try to use Rootmm2.bat not the other one with EN....
Thanks a LOT !!!!!

oh **** it works!!!!!!
(have done the same step i have done with rootMM2_en.bat)
THANKS!

[HOW-TO] Lenovo IdeaTab A1000 Rooting

HOW TO ROOT YOUR LENOVO IDEATAB A1000​
<DISCLAIMER>​
By attempting these steps, your warranty will be void. Even worse than that, it might cause crashes, freezes, random explosions, 2nd degree burns, or even turn your beloved tab into $100+ paperweight. What works on mine might not work on yours, so don't attempt if you don't know what you're doing. Do at your own risk. Corrections are welcome. I must admit that I'm not an expert, so any info I posted might be wrong, and I can't offer you much help. I'm not responsible for anything arising from the use of this how-to. I can only wish you good luck.
<WHY ROOT?>​
- Without root or OTA upgrades (at time of writing, Indonesian customers still can't get it), you'll be stuck with ~500MB internal memory. That's annoying.
- You're stuck with the default IO scheduler (cfq) and governor (hybrid, haven't heard that one..)
- You have an incredibly large amount of bloatware you can't get rid of, in that already cramped up internal storage
- Did I mention freedom?
<REQUIREMENTS>​
This method is originally used to root Acer Iconia B1-A71. Somehow I noticed that the two actually has the same chipset, MTK8317 (if it really was relevant ). So I tried the method, and through sheer n00b's luck, it worked like a charm!
Lenovo IdeaPad A1000-G --> 4GB storage, 2G/EDGE. This method haven't been tested on A1000-T/F, different storage cap (16GB, etc.) or other variants, but it should work with slight modification. Screenshots of my specs are attached below. Remember, proceed at your own risk!
A Linux System. Never tried on Windows or Mac. I personally used Linux Mint 15. The source post uses Ubuntu.
working ADB (android-tools-adb). You can get this from synaptics, apt-get, etc. If your system can detect adb devices, you should be fine.
Superuser Binary
Busybox Binary (You can get these two from the links on original post. XDA says noobs can't post links :'( )
ORIGINAL THREAD
<CREDITS>​
XDA Senior Member entonjackson, for writing such a noob-friendly how-to for rooting Acer Iconia B1-A71 and for allowing me to use it for this how-to.
XDA Member alba81, for discovering the method as acknowledged on the original post by entonjackson
All awesome gurus on XDA which I can't mention one by one.
<THE STEPS>​
1. Extract the android sdk to your home folder, e.g. a user named Bob will use like /home/bob
2. Open a terminal
3. Now plug your A1000 into your machine and turn on Debugging Mode (Go into Settings -> Developer Tools, turn on Developer tools, then turn on USB Debugging Mode)
4. Now back at the keyboard of your Linux machine in your terminal type:
Code:
sudo adb devices
The output should be something like:
Code:
123456789ABCDEF device
If it's not, google for it. Somehow your Linux hasn't detected the A1000, although the android sdk for Linux brings all needed drivers with it.
If your device was found, congratulations. The adb connection between your linux machine and your tablet is intact.
5. Now extract the downloaded busybox archive to your home folder, in it there should be a busybox binary. So Bob does:
Code:
sudo ./adb push /home/bob/busybox /data/local/tmp
Code:
sudo ./adb shell
Code:
chmod 755 /data/local/tmp/busybox
6. You should copy the busybox binary into a directory where you can access it as a plain non-root user on the tablet. We need this binary. so we can apply unix tools like telnet, dd, cat, etc. But for now we need it to establish a telnet session between our tablet and our linux machine.
(This point is written on original post. Seems important, but as soon as I finished step 5, I can use those tools)
7. Dial *#*#3646633#*#* to enter Engineer Mode
8. Go to Connectivity -> CDS Information -> Network Utility
9. type the following command:
Code:
/data/local/tmp/busybox telnetd -l /system/bin/sh -p 1234
Advice from original poster: copy and paste it from the browser on your tablet, because dependent on which keyboard app installed, this can be freakin tricky. In the next step you will learn, why it's so important why this command should be correct.
10. Tap on Run. You won't get any feedback, so you will never know if the entered command runs properly or not. That's why you should make sure the command is ok.
Now we have started our telnet server on the tablet.
11. Back in the terminal type:
Code:
/data/local/tmp/busybox telnet 127.0.0.1 1234
If you now get an error like couldn't find busybox or something, then either adb push failed or you forgot to chmod, in step 5
12. Now enter:
Code:
cat /proc/dumchar_info
You should get a bunch of lines, try to find a line containing the partition named android
{..... partition list .....}
android 0x0000000028A00000 0x00000000020E8000 2 /dev/block/mmcblk0p3
{..... partition list .....}
13. We will create a dump of our android system. This is the point where different variants *MIGHT* have different parameters. This step is important, as wrong parameter will result in unmountable image.
Stop. Take a deep breath. If you're not familiar with dd, find a good doc of it. There's a plethora of them.
Get yourself a programmer's calculator (Linux Mint 15 has one built in).
Here's what you'll do :
Convert the hex number on the 3rd column into decimal. In my case (0x20E8000) will yield 34504704. Divide by 4096. The result (8424) goes to the skip parameter.
Convert the hex number on the 2nd column. In my case (0x28A00000) will yield 681574400. Divide by 4096. The result (166400) goes to the count parameter.
So the full dd command will look like :
Code:
dd if=/dev/block/mmcblk0 bs=4096 skip=8424 count=166400 | gzip > /cache/system.img.gz
Do a full sanity check before hitting enter! It will take about 5 minutes.
14. After it's finished we must make the image readable for adb, so we do:
Code:
chmod 777 /cache
and
Code:
chmod 777 /cache/system.img.gz
15. Leave the telnet, and then adb shell session by:
Code:
exit
Code:
exit
16. Now we pull our image by
Code:
sudo adb pull /cache/system.img.gz
wait 1-2 minutes.
It should be then located inside /home/bob. It did for me. If not, do a search . It should be a .gz, extract it right there (or /home/bob if it isn't there)
17. Now we need to modify our system image by adding the tiny but helpful su binary. Extract the SU binary to /home/bob.
18. We create a folder where we will mount our system image to. To create it do:
Code:
sudo mkdir /media/a1000
19. Now we mount it:
Code:
sudo mount -o loop /home/bob/system.img /media/a1000
if it fails, then you entered wrong parameters on step 13
20. Now we copy our SU binary to our mounted system image:
Code:
sudo cp /home/bob/su /media/a1000/bin
21. the su binary needs to have the proper rights to make it usable, so we 'suid' it with:
Code:
sudo chmod 06755 /media/a1000/bin/su
22. Let's unmount our baby by:
Code:
sudo umount /media/a1000
and because bob doesn't like a messed up system, he does:
Code:
sudo rm -rf /media/a1000
because he hopefully won't need it anymore.
23. We have to gzip it again to bring it back to where it belongs to. this we do by:
Code:
cd /home/bob
Code:
gzip /home/bob/system.img
24. So here we are now, we made it to the final Boss fight! The next steps are dangerous and should be performed with caution. We copy back our modified system image, which can brick your device, if you do a mistake! Enter adb shell again :
Code:
sudo adb shell
25. Remove the old boring image:
Code:
rm /cache/system.img.gz
26. Leave adb shell
Code:
exit
27. copy our cool new system image containing the su binary:
Code:
sudo adb push /home/bob/system.img.gz /cache
28. Enter adb shell again
Code:
sudo adb shell
29. Usually the telnet server on the tablet is still running, at least in my case it's been like that. That's why we can directly connect to the telnet server with:
Code:
/data/local/tmp/busybox telnet 127.0.0.1 1234
If this doesn't work, then obviously your telnet server isn't running anymore. So on your tablet if the telnet command is still entered (see step 9), tap on Run again and repeat step 29.
30. Now this is the most dangerous step in this how to (no it wasn't the mkdir one). You can copy following command to make sure everything is fine and paste it into your telnet session on your linux terminal.
<WARNING! SANITY CHECK! MAKE SURE *ALL* THE DD PARAMETERS MATCH THE FIRST DD (STEP 13) OR YOUR A1000 WILL TURN INTO A VERY EXPENSIVE PAPERWEIGHT!>
Code:
[B]/data/local/tmp/busybox zcat /cache/system.img.gz | dd of=/dev/block/mmcblk0 bs=4096 seek=8424 count=166400[/B]
After 1-2 minutes you're done, if your tablet or pc or yourself didn't catch fire, everything's fine.
31. Leave telnet / adb shell by doing
Code:
exit
Code:
exit
32. Reboot your A1000 via ADB, then exit
Code:
sudo adb reboot
Code:
exit
33. Unplug your tablet from PC
34. Install Superuser (No, not SuperSU, cause it won't work!). I personally use Superuser by ChainsDD, from Play Store
35. Be lucky. Your tablet and thus you are now free!
Don't forget to hit thanks, if this helps ​

hi, after step 13 (i double checked the command), i get this error
Code:
/system/bin/sh: can't create /cache/system.img.gz: Permission denied
/dev/block/mmcblk0: cannot open for read: Permission denied
I have the WiFi 4G version

Im too stuck in step 13.....nothing wrong with the script, can u give me a solution?
Im using A1000G also

@ts
Your guide work perfectl, in windows enviroment but mount step still need linux,
I've question are you using DirectoryBinding? Mine always close when playing Real Racing, its very annoying
You have suggeztion or alternative for DirectoryBinding?

Root with Windows ?
Hi,
I am a new member because i bought this tblet but i can't root. I don't have a linux environment, so there is a solution with W8 Pro 64 ?
Thanks a lot for you help,

ulisez said:
hi, after step 13 (i double checked the command), i get this error
Code:
/system/bin/sh: can't create /cache/system.img.gz: Permission denied
/dev/block/mmcblk0: cannot open for read: Permission denied
I have the WiFi 4G version
Click to expand...
Click to collapse
have you chmod-ed the busybox (or is the chmod successful without error)? Try chmod-ing the /cache before attempting step 13. It seems that you still don't have access to the NAND device (mmcblk0). Have you updated firmware via OTA?
artonelico said:
Im too stuck in step 13.....nothing wrong with the script, can u give me a solution?
Im using A1000G also
Click to expand...
Click to collapse
Do you encounter the same error message like ulisez had? Could you post the screenshot of the partition list (the lines after you execute dumchar_info)?
rmage said:
@ts
Your guide work perfectl, in windows enviroment but mount step still need linux,
I've question are you using DirectoryBinding? Mine always close when playing Real Racing, its very annoying
You have suggeztion or alternative for DirectoryBinding?
Click to expand...
Click to collapse
I personally use Link2SD by Bulent Akpinar to link apps to 2nd partition on my SDcard.
Letsar said:
Hi,
I am a new member because i bought this tblet but i can't root. I don't have a linux environment, so there is a solution with W8 Pro 64 ?
Thanks a lot for you help,
Click to expand...
Click to collapse
The original developer who posted the method (entonjackson) plans to integrate the method in the next release his toolkit, the Acer Iconia Toolkit. I think you should check his thread : http://forum.xda-developers.com/showthread.php?t=2240029

sammymaddog said:
have you chmod-ed the busybox (or is the chmod successful without error)? Try chmod-ing the /cache before attempting step 13. It seems that you still don't have access to the NAND device (mmcblk0). Have you updated firmware via OTA?
Do you encounter the same error message like ulisez had? Could you post the screenshot of the partition list (the lines after you execute dumchar_info)?
I personally use Link2SD by Bulent Akpinar to link apps to 2nd partition on my SDcard.
The original developer who posted the method (entonjackson) plans to integrate the method in the next release his toolkit, the Acer Iconia Toolkit. I think you should check his thread : http://forum.xda-developers.com/showthread.php?t=2240029
Click to expand...
Click to collapse
Link2SD doesn't link app data, do you have any option?

yes i had same message with ulyses, by the way im from indonesia too can i contact you through chat client?
oh yeah im using windows 7 and using cmd as a terminal in linux
thx before bro

sammymaddog said:
The original developer who posted the method (entonjackson) plans to integrate the method in the next release his toolkit, the Acer Iconia Toolkit. I think you should check his thread : http://forum.xda-developers.com/showthread.php?t=2240029
Click to expand...
Click to collapse
Ok, i see his toolkit. It's very good. I'll wait

rmage said:
Link2SD doesn't link app data, do you have any option?
Click to expand...
Click to collapse
I'm not sure whether the stock kernel of our devices supports init.d, thus supports CronMod/Data2SD. Lenovo locked our bootloader, and currently there's no way around it. So I personally think, Link2SD method are the best option for now.
Let's give it several months until our dev gurus bring their miracles upon this device

The attached image shows mt6577 Hardware, can u provide the Soc details please

Hi, Can any one upload Lenovo ideatab A1000 system.img

in step 20, it appears you are writing to a /bin directory on the android system. However such a directory is not visible either through shell or the system telnet account.
Do I need to understand something else about android to make sense of this.
regards
vidya

one month gone past but the op seems to be in caves or has bricked the device

STOCK ROM
CAN ANY BODY PROVIDE ME A STOCK ROM OF THIS DEVISE
I HV ROOTED SUCCESSFULLY BY A VERY EASY METHOD
BUT SCREWED UP WHILE UPDATING IT SO PLZ PLZ HELP ME OUT
THE DEVICE BOOTS BUT ALL THE APP CRASHES :crying::crying:

VR.gtmini said:
The attached image shows mt6577 Hardware, can u provide the Soc details please
Click to expand...
Click to collapse
VR.gtmini said:
one month gone past but the op seems to be in caves or has bricked the device
Click to expand...
Click to collapse
sorry to make you wait. I'm a last grader university student, and final project stuffs have got me pinned down. Hope you understand
Actually the SoC is MT8317. For some god-knows reason Mediatek have made this SoC with signatures similar to MT6577. But somehow CPU tweaker correctly detects the SoC (MT8317). Maybe it's the CPU-Z bug?
unknown_world said:
Hi, Can any one upload Lenovo ideatab A1000 system.img
Click to expand...
Click to collapse
zod0070 said:
CAN ANY BODY PROVIDE ME A STOCK ROM OF THIS DEVISE
I HV ROOTED SUCCESSFULLY BY A VERY EASY METHOD
BUT SCREWED UP WHILE UPDATING IT SO PLZ PLZ HELP ME OUT
THE DEVICE BOOTS BUT ALL THE APP CRASHES :crying::crying:
Click to expand...
Click to collapse
I'm uploading the modified .img. Let's pray my old HSPA modem won't catch fire by the morning.
vidyadhara said:
in step 20, it appears you are writing to a /bin directory on the android system. However such a directory is not visible either through shell or the system telnet account.
Do I need to understand something else about android to make sense of this.
regards
vidya
Click to expand...
Click to collapse
I think you got it wrong. The write process does not take place on the device. It's on the loop-mounted .img in /mnt/a1000 on your computer (step 18-19). Cheers!

Here's the ALREADY BUSYBOX-ED .img for Ideapad A1000-G 4GB EDGE version. Hope it helps :
www dropbox com/s/rmpnz7c285t5sqz/system.7z

sammymaddog said:
Here's the ALREADY BUSYBOX-ED .img for Ideapad A1000-G 4GB EDGE version. Hope it helps :
www.dropbox.com/s/rmpnz7c285t5sqz/system.7z
Click to expand...
Click to collapse
Thanks for coming back, could u post the MD5 of the system.7z & system.zip.
Also could u provide simple way/steps to directly flash this .img without extracting existing stock system image
My tab A1000-G

do you have stockROM for lenovo A1000G
I need this :crying:

raffly said:
do you have stockROM for lenovo A1000G
I need this :crying:
Click to expand...
Click to collapse
Don't worry, the above link is a stock Lenovo A1000 G ROM, but with pre-root files having no superuser app. Just extract the .7z file
System.7z MD5: 658CA71AC8A230B244F267513857F9A5

[how to] lock/unlock your bootloader without htcdev(s-off required)

*this thread is for m7. it will not work on m8,m9, or any other newer devices! search m8 general for the thread there(same name)
this thread will let you unlock your bootloader without htcdev,or let you change your hboot watermark from relocked or locked back to stock.
originally,we used a zip file flashable in recovery. i have found it to work on gsm devices with 1.44 hboot and CW recovery. it did not work with twrp. if the following is too scary,feel free to test the zip files. that thread,info,and downloads can be found here. since not all recoverys are working,these values can be changed with simple adb commands.
advantages
-no hassle with htcdev,tokens,or unlock codes
-no submitting your phones personal info to htc
-the ability to get back to 100% stock without any visual traces or records of having been s off or unlocking your bootloader.
you do NOT need to downgrade your hboot. this simple adb command works without any scary hboot downgrades.
*you must be s off.
*you must have superuser installed(seethis post] if you need help installing a recovery so you can install superuser)
read this:
this will not work if your s on. its not a way to magically unlock
the usual disclaimers:
use this info at your own risk. if it melts your phone into a little pile of aluminum goo,its not my fault.
credits
-beaups for giving me the echo comand,so yall didnt need to dump,edit with a hex editor,and copy back
-strace for originally discovering the location of the lock status flag(check out this thread for more info)
-kdj67f for fearlessly testing on vzw m7_wlv and putting up some screenshots in post 2. thanks!
-matthew0776 for fearlessly testing for sprint m7_wls
IF you are an advanced user with adb/fastboot set up and some basic knowlede of the cmd window,you can skip to #2
1)set up adb
-download this file
-install drivers: if you have htc sync installed,you should allready have drivers. if not,you can install htc sync,or install these modified htc drivers from revolutionary (driver mirror)
-unzip your miniadb_v1031.zip file. this is native funtionality in windows 7. you otherwise may need a utility such as "7-zip" to extract,or unzip it. place the unzipped folder onto the root of your C drive on your PC. root means the top level,not inside any folders. so just copy and paste,or drag and drop the folder onto C with everything else that is there. you may want to rename it to "miniadb_m7" since youll be putting some device specific files in here.
-open a command window. on windows 7,click the start bubble in the lower left and type "command" in the search box. xp i believe is similar or the same. doing this should open a small black command window.
-change to your miniadb_m7 directory. type the following at the prompt in your cmd window:
cd c:\miniadb_m7
your command promt should change to "c:miniadb_m7>" provided you: 1)unzipped the miniadb_v1031 zip file,and 2)put the folder on your c drive,and 3)entered the name of the folder correctly ("miniadb_m7" in this case)
-now make sure usb debugging is checked in developer options(you will need to turn it on first),and plug your phone into your PC with a usb cable
-make sure your phone is being recognized- type:
adb devices
if your drivers are installed correctly,this should return your phones serial number. you should hear the "found device" noises when you plug your phone in. if it starts installing drivers,wait for it to finish before typing the adb devices command.
if you get your serial number back,then enter this command:
adb reboot bootloader
this should take your phone to the "fastboot" screen,wich is white with colored letters. this is one mode of your bootloaders interactive modes. at the top youll see fastboot devices as confirmation youre in fastboot.
now enter:
fastboot devices
again,this should return your phones serial number. you should hear the "found device" noises when you plug your phone in. if it starts installing drivers,wait for it to finish before typing the adb devices command.
if you get your serial number back,you can enter the following to boot back to the phones OS:
fastboot reboot
and now,youve installed adb/fastboot and tested youre phones drivers. if at either spot,you have trouble and dont get your serial number back,there is some sort of connection issue. use these steps to troubleshoot:
troubleshooting connectivity issues:
-try a reboot of the PC
-try different usb cables and ports
-dont use a usb hub
-dont use usb 3.0
-make sure nothing capable of comunicating with the phone is enabled and running. htc sync,pdanet,easy tether,and even itunes have all been known to cause issues.
-windows 8 has been known to have issues. try a windows 7 or older machine
failing the above,
-i use these drivers for fastboot and adb(donwload and run as admin): http://downloads.unrevoked.com/HTCDriver3.0.0.007.exe (mirror)
failing that,try manually updating the drivers in the following manner:
-put the phone in fastboot mode(select fastboot from the hboot menu)
-open device manager on the PC
-plug in phone,watch for it to pop up in device manager.
-update drivers with device manager,pointing the wizard to the extracted
driver download folder from above
note that you can check the connectivity of the phone,and make sure drivers are working by in the following manner:
-open cmd window. change to directory containing adb/fastboot utilities
-adb with the phone in the booted OS,usb debug enabled,enter:
adb devices in a cmd window
-fastboot with phone in fastboot,enter:
fastboot devices in cmd window
in either case,a properly connected phone with working drivers installed should report back the phones serial number.
Click to expand...
Click to collapse
this process,in your cmd window,should look something like this:
Code:
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\Users\Scott>[COLOR="red"]cd c:\miniadb_m7[/COLOR]
c:\miniadb_m7>adb devices
* daemon not running. starting it now on port 5037 *
* daemon started successfully *
List of devices attached
FAxxxxxxxxxx device
c:\miniadb_m7>[COLOR="red"]adb reboot bootloader[/COLOR]
c:\miniadb_m7>[COLOR="red"]fastboot devices[/COLOR]
FAxxxxxxxxxx fastboot
c:\miniadb_m7>[COLOR="red"]fastboot reboot[/COLOR]
rebooting...
finished. total time: 0.037s
c:\miniadb_m7>
2)reset your "lock status flag"
to LOCK your bootloader,enter the following:
adb devices
adb shell
su (if needed to get a # prompt)
echo -ne '\x00\x00\x00\x00' | dd of=/dev/block/mmcblk0p3 bs=1 seek=33796
(i would very strongly recomend you copy/paste this)
exit
(exit a second time if you need to to get back to a normal > prompt)
adb reboot bootloader
verify you are now locked
_____________________________________________________________________________________________
to UNLOCK your bootloader,enter the following:
adb devices
adb shell
su (if needed to get a # prompt)
echo -ne "HTCU" | dd of=/dev/block/mmcblk0p3 bs=1 seek=33796
(i would very strongly recomend you copy/paste this)
exit
(exit a second time if you need to to get back to a normal > prompt)
adb reboot bootloader
verify you are now unlocked
*i have tested this on my gsm htc one. if someone wants to test on vzw,ill add you to the credits

99% is good enough for me haha! Phone just hut 50% charged, give me a minute. Will post back with pictures.
Sent from my HTC6500LVW using XDA Premium 4 mobile app
---------- Post added at 08:56 PM ---------- Previous post was at 08:41 PM ----------
Confirmed, code working. Flags set/reset. Phone even reboots and works will upload pics/screenshots.
Thanks!
Starting out unlocked:
Locking:
Locked:
Unlocking:
Re-unlocked:
Very good work!

Any idea how you would get rid of the tampered flag?
Sent from my HTC One using xda app-developers app

akuma24 said:
Any idea how you would get rid of the tampered flag?
Sent from my HTC One using xda app-developers app
Click to expand...
Click to collapse
http://forum.xda-developers.com/showthread.php?t=2477792

Is this intended for people who got S-OFF and didn't use revone to unlock their bootloader at the same time? What would be the motivation for people doing that (not unlocking)?

will this also remove the "Tampered" flag once S-on has been returned?

deeevan said:
Is this intended for people who got S-OFF and didn't use revone to unlock their bootloader at the same time? What would be the motivation for people doing that (not unlocking)?
Click to expand...
Click to collapse
it can be used for that,with the advantage of being able to unlock without having to submit ones perosnal phone info to htcdev for an unlock code(i.e. no record of having unlocked)
however,it is moreso intended for folks who are unlocked to get back to 100% stock locked. fastboot oem lock gets you relocked and before anyone can suggest it,using the bootloader modifier to just change the banner is IMO fraud.
if you need to return a phone for a legitimate warranty claim,its easy to make it 100% correct in case it makes it back out into the public
broli-zn said:
will this also remove the "Tampered" flag once S-on has been returned?
Click to expand...
Click to collapse
once s on,youll have to run an ruu. prior to s on,you can use the link mentioned above(this one) to reset the tampered flag and remove that banner

scotty1223 said:
it can be used for that,with the advantage of being able to unlock without having to submit ones perosnal phone info to htcdev for an unlock code(i.e. no record of having unlocked)
Click to expand...
Click to collapse
My question is, Can't both of these be achieved with revone -u and revone -l? I unlocked using revone, I never requested an unlock code from htcdev. If you need to be S-OFF ie, use revone, why wouldn't someone just add the extra -u parameter and unlock bootloader at the same time?
The lock command is definitely useful for those on a revone incompatible hboot (most).

Just tried this and it worked just fine, thanks very much.:good:

Cool
Much better than using revone to do this, as it leaves no tracks. Kudos 2 u.

i never claimed this was a major breakthru. this is just anotehr way to skin the cat. if revone is still working and your more comfortable using that,by all means do so.
thanks for all the comments,im glad some are finding it useful

Could you tell me if this method to lock/unlock bootloader wipes phone data like the method via htcdev?

Simple and easy guide much obliged Scotty ?
Skickat från min HTC One med Tapatalk

Can I relock It this way if I unlocked it through htc dev, and get the status locked instead of relocked?
Sent from my HTC One using xda premium

piterk said:
Could you tell me if this method to lock/unlock bootloader wipes phone data like the method via htcdev?
Click to expand...
Click to collapse
no,it does not erase data.
the flashing of unlock code,and relock command initiate hboot to factory reset. this is only changing the flag that hboot checks.
jaypeg123 said:
Can I relock It this way if I unlocked it through htc dev, and get the status locked instead of relocked?
Sent from my HTC One using xda premium
Click to expand...
Click to collapse
yes. thats the whole point- no relocked watermark

Yes this is outstanding. Thank you :thumbup::thumbup::thumbup::thumbup:
Sent from my HTC One using xda premium

if we have installed a modified hboot to remove the red text, can we use this method to lock or it will brick it?

Nikos2k said:
if we have installed a modified hboot to remove the red text, can we use this method to lock or it will brick it?
Click to expand...
Click to collapse
you are fine. this mod has nothing to do with hboot.

@scotty1223
I tried to copy mmcblk0p3 from /dev/block/ to /data/local/tmp and verify that all is done OK..
However, after command
Code:
echo -ne '\x00\x00\x00\x00' | dd of=/data/local/tmp/mmcblk0p3 bs=1 seek=33796
I noticed that size of mmcblk0p3 in /data/local/tmp instead of 127 Mb changed to 33800 b (ie 33796 + 4 b).
Where is mistake? I have or have you? Check your mmcblk0p3 in /dev/block/
There are should be no all 00 after offset 0x8408.
Thank you!!!

Golv said:
@scotty1223
I tried to copy mmcblk0p3 from /dev/block/ to /data/local/tmp and verify that all is done OK..
However, after command
Code:
echo -ne '\x00\x00\x00\x00' | dd of=/data/local/tmp/mmcblk0p3 bs=1 seek=33796
I noticed that size of mmcblk0p3 in /data/local/tmp instead of 127 Mb changed to 33800 b (ie 33796 + 4 b).
Where is mistake? I have or have you? Check your mmcblk0p3 in /dev/block/
There are should be no all 00 after offset 0x8408.
Thank you!!!
Click to expand...
Click to collapse
im not sure what youve got going on with the filesize,but he 33796 is an address,not a size.
the command is writing only 4 bytes,at 8404,8405,8406,8407. if you wish to verify your HTCU or HTCL has been overwritten,dump it to your sd card: dd if=/dev/block/mmcblk0p3 of=/sdcard/mmcblk0p3 then pull it,and open it with a hex editor.
if youre working with a different device,pull mmcblk0p3 first,before issueing any commands,open with a hex editor,and verify the location of the lock flag.
the rest of 8400 is in fact all nulls, or 00
hope that answers your questions. i think youve just found some funky data becasue of the way youre attempting to verify it.