Related
The way to get rid of the warning caused by unlocking the bootloader on other phones would be to flash the proper bootloader logo in fastboot using:
Code:
fastboot flash logo logo.bin
This is how I did it on my old LG Nexus 5X.
Does anyone have the correct logo for the V20? Has anyone tried this on the V20?
It's not a logo file. It's located in aboot and you can't change it.
androiddiego said:
It's not a logo file. It's located in aboot and you can't change it.
Click to expand...
Click to collapse
That wasn't true on the 5X: https://forum.xda-developers.com/ne...-change-bootlogo-images-imgdata-tool-t3240052
Are you positive that it's different now?
Sizzlechest said:
That wasn't true on the 5X: https://forum.xda-developers.com/ne...-change-bootlogo-images-imgdata-tool-t3240052
Are you positive that it's different now?
Click to expand...
Click to collapse
Here is the tool that might be useful to search for and dump the relevant partition, mount it and investigate the source of the picture and text warning:
Partitions Backup & Restore
https://play.google.com/store/apps/details?id=ma.wanam.partitions
In the best case scenario, even use reverse engineering to skip the warning and its delay altogether, anyone?
Or is aboot non-writable?
You modify aboot in any way / shape / or form, and you better open a ticket with LG. When you unlock your bootloader, that stops aboot from verifying the signature of boot, laf, and recovery. XBL still very much does verification of all the other pieces of firmware. One of the first things it checks is the signature of aboot. If aboot has been modified, or wasn't signed with the same RSA cert that matches the RSA key that is in your model's QFPROM, then the phone goes into 9008 mode. At this time, there is no fixing that -- except sending it back to LG (and there may never be now that LG uses UFS nand in their phones).
-- Brian
I've personally looked into this and looks like it can't be changed.
I'm pretty sure the images is in the *raw_resources* partition. Look here.
It must be very hard to modify though considering LG use it for (all?) many models, since I've only found a single development thread for it, and as you'll see that didn't go very far.
@askermk2000 You are correct. Every single boot, charging, download mode, etc image is on that partition, and it isn't signed / checked, so modify away with no risk of bricking your phone.
There is an index with offsets for each image, but the format of the images isn't immediately obvious.
-- Brian
runningnak3d said:
@askermk2000 You are correct. Every single boot, charging, download mode, etc image is on that partition, and it isn't signed / checked, so modify away with no risk of bricking your phone.
There is an index with offsets for each image, but the format of the images isn't immediately obvious.
-- Brian
Click to expand...
Click to collapse
so it is indeed possible to change the unlocked bootloader warning?
Security wise, there is no reason that you can't change them. It looks like LG is using RLE encoding, so finding the start and end of an image is going to be interesting. There are offsets in the index, but they don't seem to align.
Also, while I don't think having a corrupt raw_resources partition would give you a 9008 brick, you might want to have a backup ready to flash if you decide to modify it. But, (and there is always a but), since aboot loads this, if aboot pukes and doesn't load, that WILL give you a 9008 brick.
If I were you, I would buy a used V10 off of eBay, and test on that since you can recover from a 9008 with an SD card.
-- Brian
Just an FYI type thing that may save people a bit of digging around sometime.
I tried to get the update that just came out, but as i had TWRP as recovery, no good. Anyhow, in my trying i completely bollixed the phone. Would start, but always booted to TWRP and had various conniptions. Could not even get a TWRP backup to load. Strange not encountered before by me stuff............
Anyhow, recovered by the following method to stock and am back in business.
Boot into bootloader fastboot mode.
Extract .xml.zip format firmware file:
eg: CEDRIC_NPP25.137-15_cid50_subsidy-DEFAULT_regulatory-DEFAULT_CFC.xml.zip
to a folder on c drive of the PC that has the ADB and fastboot files in it.
In command prompt cd\ to that directory.
fastboot flash the following in sequence.
fastboot flash partition gpt.bin
fastboot flash motoboot motoboot.img
fastboot flash logo logo.bin
fastboot flash boot boot.img
fastboot flash recovery recovery.img
fastboot flash system system.img_sparsechunk1
fastboot flash system system.img_sparsechunk2
fastboot flash system system.img_sparsechunk3
fastboot flash system system.img_sparsechunk4
fastboot flash modem NON-HLOS.bin
fastboot flash fsg fsg.mbn
fastboot erase cache
fastboot erase userdata
fastboot reboot
boots to stock .
Not my own work, adapted from this thread by t-bon3
https://forum.xda-developers.com/showthread.php?t=2542219
which I found thanks to eens post18 at this thread
https://forum.xda-developers.com/g5/how-to/npp25-137-33-stock-firmware-moto-g5-t3577084/page2
After this, Motorola system update installed. On Australian XT1676 is build number NPP25.137-15-7
Patch level 1-May-2017
Still get the I cant be trusted page on power up as have unlocked bootloader.
Many thanks to all at XDA, its a resource that can certainly get you into trouble, but then out of it again.
where do you get the stock firmware?
Think I worked out what I did wrong. Somehow, I changed the format of the data partition. Fat fingers at some point??
TWRP backups didn’t like that and would not mount or write to the data partition as it was not f2fs format that the backup had been made in??
Anyway, restored data from a TWRP backup after going to ....wipe…format data. All good.
That gave me the passcode lockout issue at next reboot which can deal with.
stock Firmware? http://www.filefactory.com/folder/c6cdedc45a775d27/?sort=created&order=DESC&show=25
for me stock the phone came with is: CEDRIC_NPP25.137-15_cid50_subsidy-DEFAULT_regulatory-DEFAULT_CFC.xml.zip
Worked on my XT1676 dual sim, but CHECK if its appropriate for your model. There are files on that page that wont be and flashing some of their components (particularly bootloader), can i have read, be unrecoverable disastrous. Be warned.
Slow, but got it. At first i thought it was corrupt as TWRP wouldn't flash it. My gumby. The .xml.zips apparently need to be extracted and flashed file by file.
We're you able to revert to a locked bootloader after this, I am looking forward to do so
We're you able to revert to a locked bootloader after this, I am looking forward to do so
Click to expand...
Click to collapse
didnt try, didnt need to for taking take the update.
And, from my reading there is no way so far to relock the bootloader. I got it to stock, with stock recovery, and that was enough for me.
astmacca said:
didnt try, didnt need to for taking take the update.
And, from my reading there is no way so far to relock the bootloader. I got it to stock, with stock recovery, and that was enough for me.
Click to expand...
Click to collapse
I can confirm what you said, but I am asking because I am sick of the warning before the device starts
ap4ss3rby said:
I can confirm what you said, but I am asking because I am sick of the warning before the device starts
Click to expand...
Click to collapse
You can get rid of that easily
Put phone in fastboot mode
Download logo from link below
Enter the following in a windows command prompt where you have fastboot files & the logo file
Code:
fastboot.exe flash logo logo-g5-fix.bin
http://drive.google.com/file/d/0B-idWfPYugGvREJaR3B0UFIxUkU/view?usp=sharing
TheFixItMan said:
You can get rid of that easily
Put phone in fastboot mode
Download logo from link below
Enter the following in a windows command prompt where you have fastboot files & the logo file
Code:
fastboot.exe flash logo logo-g5-fix.bin
http://drive.google.com/file/d/0B-idWfPYugGvREJaR3B0UFIxUkU/view?usp=sharing
Click to expand...
Click to collapse
Thanks, but this is why I made a Google pixel themed logo.bin and used a matching boot animation to go with it some time earlier
downgrade
thanks for the guide
- can i use this method to downgrade to this version?
- can i do this without unlocking the bootloader
- if it goes wrong can i unlock the bootloader later (i have an unlock code)
- is there a reason why we don't flash sparsechunk.0 ?
thanks in advance
distclean said:
thanks for the guide
- can i use this method to downgrade to this version?
- can i do this without unlocking the bootloader
- if it goes wrong can i unlock the bootloader later (i have an unlock code)
- is there a reason why we don't flash sparsechunk.0 ?
thanks in advance
Click to expand...
Click to collapse
No you cannot downgrade (same firmware version or newer required)
Yes - unlocked bootloader not required
As long as your phone still goes into the bootloader
You should flash all sparsechunks in number order
Thanks a bunch,
So to be absolutely clear, my phone shipped with NPP25.137-15-7 i can't install the stock rom linked, and the same version isn't out yet,
if i unlock the bootloader, would i be able to downgrade ?
Is the software channel setting preserved across this method?
distclean said:
Thanks a bunch,
So to be absolutely clear, my phone shipped with NPP25.137-15-7 i can't install the stock rom linked, and the same version isn't out yet,
if i unlock the bootloader, would i be able to downgrade ?
Is the software channel setting preserved across this method?
Click to expand...
Click to collapse
You maybe able to - there are different variants of the same phone
As long as the firmware is the same or newer (as in the bootloader and API version) it may flash
It will either flash or error out
There's only one way to find out - if your phone is dead anyway it's not going to make alot of difference
No - generally you can never downgrade firmware - doing so would be dangerous and you may loose the bootloader for good
thanks again,
motoboot.img is the bootloader you talk about? is the partition layout described somewhere? would custom roms use a different one here?
do tell me by the way if i should get this information elsewhere/if i should read something to get started in the whole moto g world.
distclean said:
thanks again,
motoboot.img is the bootloader you talk about? is the partition layout described somewhere? would custom roms use a different one here?
do tell me by the way if i should get this information elsewhere/if i should read something to get started in the whole moto g world.
Click to expand...
Click to collapse
You can write in adb
Code:
adb shell
cat /proc
cat /proc/partitions
Hello,
Does anyone know where can I download the latest firmware for Moto G5 XT1676 baseband Version: m8937_ 8000.122.02.40 R
Thanks
astmacca said:
Boot into bootloader fastboot mode.
Extract .xml.zip format firmware file:
eg: CEDRIC_NPP25.137-15_cid50_subsidy-DEFAULT_regulatory-DEFAULT_CFC.xml.zip
to a folder on c drive of the PC that has the ADB and fastboot files in it.
In command prompt cd\ to that directory.
fastboot flash the following in sequence.
fastboot flash partition gpt.bin
fastboot flash motoboot motoboot.img
fastboot flash logo logo.bin
fastboot flash boot boot.img
fastboot flash recovery recovery.img
fastboot flash system system.img_sparsechunk1
fastboot flash system system.img_sparsechunk2
fastboot flash system system.img_sparsechunk3
fastboot flash system system.img_sparsechunk4
fastboot flash modem NON-HLOS.bin
fastboot flash fsg fsg.mbn
fastboot erase cache
fastboot erase userdata
fastboot reboot
boots to stock .
Click to expand...
Click to collapse
You're partially right. These commands won't work for our files. You have to flash the firmware according to the instructions contained within the "flashfile.xml" file within the archive. For example we have no "motoboot" partition
I've flashed every stock package available now (4 I think) and haven't been offered an update once. I've ran a couple of custom ROMs but they're just not right in one way or another. Might be time to move on.
distclean said:
Thanks a bunch,
So to be absolutely clear, my phone shipped with NPP25.137-15-7 i can't install the stock rom linked, and the same version isn't out yet,
if i unlock the bootloader, would i be able to downgrade ?
Is the software channel setting preserved across this method?
Click to expand...
Click to collapse
I upgraded to this and since then can't downgrade the phone to the stock roms available online. From memory trying to flash gpt.bin gave a "Security version downgrade" error. So I wouldn't assume you'll be able to downgrade and until there is a copy of this particular firmware, you won't be able to flash back or relock the bootloader
astmacca said:
Think I worked out what I did wrong. Somehow, I changed the format of the data partition. Fat fingers at some point??
TWRP backups didn’t like that and would not mount or write to the data partition as it was not f2fs format that the backup had been made in??
Anyway, restored data from a TWRP backup after going to ....wipe…format data. All good.
That gave me the passcode lockout issue at next reboot which can deal with.
stock Firmware? http://www.filefactory.com/folder/c6cdedc45a775d27/?sort=created&order=DESC&show=25
for me stock the phone came with is: CEDRIC_NPP25.137-15_cid50_subsidy-DEFAULT_regulatory-DEFAULT_CFC.xml.zip
Worked on my XT1676 dual sim, but CHECK if its appropriate for your model. There are files on that page that wont be and flashing some of their components (particularly bootloader), can i have read, be unrecoverable disastrous. Be warned.
Slow, but got it. At first i thought it was corrupt as TWRP wouldn't flash it. My gumby. The .xml.zips apparently need to be extracted and flashed file by file.
Click to expand...
Click to collapse
Is this ROM is good to my XT1676 Baseband: M8937_11.16.02.51R ?
astmacca said:
Think I worked out what I did wrong. Somehow, I changed the format of the data partition. Fat fingers at some point??
TWRP backups didn’t like that and would not mount or write to the data partition as it was not f2fs format that the backup had been made in??
Anyway, restored data from a TWRP backup after going to ....wipe…format data. All good.
That gave me the passcode lockout issue at next reboot which can deal with.
stock Firmware? http://www.filefactory.com/folder/c6cdedc45a775d27/?sort=created&order=DESC&show=25
for me stock the phone came with is: CEDRIC_NPP25.137-15_cid50_subsidy-DEFAULT_regulatory-DEFAULT_CFC.xml.zip
Worked on my XT1676 dual sim, but CHECK if its appropriate for your model. There are files on that page that wont be and flashing some of their components (particularly bootloader), can i have read, be unrecoverable disastrous. Be warned.
Slow, but got it. At first i thought it was corrupt as TWRP wouldn't flash it. My gumby. The .xml.zips apparently need to be extracted and flashed file by file.
Click to expand...
Click to collapse
Hi, i own the same model of moto g5, i do this in fastboot window
fastboot erase userdata
now the phone only boot in twrp and show a message "failed to mount /data". i think that delete my userdata partition, how could i fix it?
once i can avoid this loop in twrp, i follow these steps to flash stock rom
thanks in advance
juan
Will I brick a device if I only flash a newest 'gpt.bin'? Just one single file.
Code:
fastboot flash partition gpt.bin
WITHOUT flashing 'bootloader.img'
It's possible you may be able to flash gpt.bin and not have your device brick, I suspect however you may be setting your device up for a later hard brick, e.g. if you were to take an OTA. Previous hard bricks on Moto devices have likely been caused by a mismatch between the GPT/bootloader and the system (especially when taking OTA updates that may not have as stringent checks as the fastboot). https://forum.xda-developers.com/moto-x-2014/general/warning-downgrade-bootloader-partition-t3105147 for what could happen.
What are you attempting to achieve by simply just flashing the GPT?
echo92 said:
What are you attempting to achieve by simply just flashing the GPT?
Click to expand...
Click to collapse
Well, ideally, I want the newest bootloader 81.0C, as I explained in my another post Bootloader 81.0C (sha-7ca0393, 2017-03-20)
.
I beleive LineageOS is better off with BL 81.0C
Specifically, "Advanced Restart" works better with BL 81.0C.
While with older bootloaders, the following happens:
Hang up/freeze on "Advanced Restart"
rybshik said:
Well, ideally, I want the newest bootloader 81.0C, as I explained in my another post Bootloader 81.0C (sha-7ca0393, 2017-03-20)
.
I beleive LineageOS is better off with BL 81.0C
Specifically, "Advanced Restart" works better with BL 81.0C.
While with older bootloaders, the following happens:
Hang up/freeze on "Advanced Restart"
Click to expand...
Click to collapse
In your subsequent post, however, you appear to have concluded the custom logo.bin was the issue causing the restart hang? https://forum.xda-developers.com/showpost.php?p=73292757&postcount=449
As was explained in another reply to your queries, the bootloader isn't one partition, but a lot of individual partitions (e.g. tz, aboot sbl). Although in theory you could dd those partitions from another device, as you proposed, I do not know if there are any verification checks unique to each device.
Perhaps the safest approach is to wait for the 7.1.1 actual release/the 7.1.1 fastboot firmware, to formally update your device to the latest bootloader.
Just got a swappa LG G6 with a locked bootblock, and zero unlock count, with factory ROM and factory bootloader. I need to root the device for some SD work I want to try, but I'd like to do whatever I can now to make the unroot clean in the future. I've got adb and fasboot working, and I'm fine with the rooting process. I'd prefer to avoid any sketchy mediafire links if possible for obvious reasons. Anything that could be done through fastboot or adb would be great.
What I imagine this would look like would be:
Preparations
Image system partition through fastboot (how?)
Image recovery partition through fastboot (how?)
Image bootloader partition through fastboot (how?)
Install TWRP
Unlock bootloader
Boot TWRP through fastboot
Flash TWRP
Restore Factory
Restore system partition through fastboot (how?)
Restore recovery partition through fastboot (how?)
Restore bootloader partition through fastboot (how?)
Clear bootblock unlock counter (how?)
Lock bootblock
Hopefully some of that made sense, but I'm not sure if any of it can be done.
You don't say which variant LG G6 you have. Not all can be bootloader unlocked and rooted, you know.
Ah, apparently you didn't know...
https://forum.xda-developers.com/lg-g6/how-to/req-how-to-unlock-bootloader-canadian-t3934053
Too bad. Sell your Canadian LG G6 back on Swappa and buy a V30 instead...
Thx... No worries on the rootless LG. I found a way to do what I needed root-free over the weekend.
Hiya guys!
So, I've been plucking away at trial and error with my G6 (H873 Canadian) now that I have edl to fall back to and by using qdloader flashes to write my nand I have written my device with a hybrid of the pie beta 29a and an unlocked us997 aboot. after modifying the devinfo partition... my magisk modified boot image gets me as far as my lockscreen. I can login but my background is black. if I open magisk manager it shows it as installed but then crashes seconds later. ideas? I have very minimal knowledge of the partition structure and the chain of trust for this device and I am absolutely sure it's my mistake so maybe someone who is kind enough and has the time could explain a bit more to me about the inner workings of this mishmash bootup and possibly help me fix it to remain booted? Preferrable if I don't have to downgrade by the way pie has saved this device performance wise.
After more screwing about I somehow relocked the bootloader and the key that worked before is now rejected. Any help?
No further luck but it doesn't matter. the boot loops have stopped and my changes are intact. h873 running dual speaker mod and adblocking hosts file. root, however, is not still functioning and my attempted viper4android install is in some weird instant reboot to bootloader limbo.
If I can do it by simply ****ing around I'm confident someone can do more than me with enough time and knowledge. I'm not giving up either. I just honestly don't know what I'm doing. I do caution anyone who messes with this sort of stuff to dump a full partition level backup of your phone. I know I nearly lost my misc partition (imei won't work right without it) and was saved by an earlier dump in my preliminary testing
H873: Question what aboot did you use and how did you modify the devinfo partition? Ive literally been working on the aboot in Ghidra for 5 weeks, I have root in system with a modified su98, system is not currently mountable because it is not referenced in /proc/mounts . From what I can gather the devinfo must have 0x2 at both 0x10 and 0xe0 while both are equal to 2 and device reset is called the unlock bit in rpmb is equal to Y else it is N then it will erase unlock key from rpmb. Also im not afraid of bricking I have been in edl mode well over 50 times and have explored every single partition on this thing. I have the aboot for US997 unlocked variant and the files from runningnak3d's AFH. The fastboot portion of the aboot when looking at the de-compiled code in Ghidra is extremely small and strict.