How to fix "PMT changed for the ROM, it must be downloaded" - Other SmartWatches
While trying to modify my KW88 Pro watch to run AsteroidOS I took the advice of the program and clicked "Format All + Download" without fully understanding what it does. It deletes all partitions. The install then failed with some random errors but I had a brick. I managed to recover it with KW88 Pro firmware (KW88Pro_V1.5_NHH_B_20190114) I found on discourse.fullandroidwatch.com (don't know how legit it is but at least it works now).
While this guide is how to fix the "PMT changed for the ROM, it must be downloaded" error, the above is relevant. You must find firmware for your watch that has the default partition layout if you did not take a backup before formatting or if you don't know the partition layout. In a nutshell you get the PMT error when the partition layout of the scatter file does not match the partition layout of the device, and the stock firmware + scatter file is needed as a reference point. My error:
https://imgur.com/aFZKfOo
Let's compare the start addresses of those 3 partitions to the stock firmware:
https://imgur.com/rV3XBt2
Boot and Logo partitions are the same, but User Data starts at a different address.
If we compare the contents of both the scatter files we see the same thing:
https://imgur.com/OYw10d3
https://imgur.com/DNQ1Ztw
In a nutshell what you need to do is clone the partition layout (start address variables + offset variable) into the new scatter file, but maintain all other variables of the scatter file. It should also be mentioned that there are other partitions in the scatter file that I had from AsteroidOS that did not match the physical layout of the firmware I used, and even though I was not flashing them I still had to edit the scatter file.
Afterwards using these settings I flashed successfully:
https://imgur.com/TdVRDEV
I also want to note that the End Addresses will not match even with the correct partition layout because different firmware has different sizes on disk, despite the space allocated for the partitions. In theory if you want you could reclaim unused space by tweaking the original scatter file and then the custom scatter file, but it may also impact your future updates if the partition is too small.
Hope I made someone's day easier, best of luck
Can you explain the getting the partition start and offset address part?
Because I think im going to brick my phone really soon if I can't make this auto-generated scatter I got from internet work to flash my phone back to stock rom.
The scatter itself already has some bugs with userdata partition (Too large)
kutiz21 said:
Can you explain the getting the partition start and offset address part?
Because I think im going to brick my phone really soon if I can't make this auto-generated scatter I got from internet work to flash my phone back to stock rom.
The scatter itself already has some bugs with userdata partition (Too large)
Click to expand...
Click to collapse
Sure thing. The scatter file which is for stock firmware vs. the file for new firmware will not allocate the space on disk based on what partitions are actually, physically on it. The new scatter file for custom firmware will be for what the devs had on their device, but not what you actually have on yours (different hardware versions, android releases, w.e.). What you need to do is take the existing partitions of your device, the start addresses for them, add the size of that partition to get the end address and using that information supply that data to the new scatter file. You COULD in theory also change the partition sizes but that is more prone to error so I did not recommend that. So what I did would visually look like this, the | are partition start / end markers
Original scatter file:
|xxxxxxxxxxx||xxxxxxxxxxx||xxxxxxxxxxxxxxxxxxxxxxxxxxx||xxxxxxxxxxxxxxxxxxxxxx||xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx||xxxxxxxxxxxxx|
vs new scatter file:
|xxxxxxxxxxx||xxxxxxxxxxx||xxxxxxxxxxxxxxxxxxxxxxxxxxx||xxxxxxxxxxxxxxx||xxxxxxxxxxxxxxxxxxxxxxx||xxxxxxxxxx|
vs the patched scatter file:
|xxxxxxxxxxx||xxxxxxxxxxx||xxxxxxxxxxxxxxxxxxxxxxxxxxx||xxxxxxxxxxxxxxx....................||xxxxxxxxxxxxxxxxxxxxxxx....................................................||xxxxxxxxxx........|
Tl;Dr An offset is basically a way of saying address + data/space (until next segment at next address).
Intersting
printf() said:
Sure thing. The scatter file which is for stock firmware vs. the file for new firmware will not allocate the space on disk based on what partitions are actually, physically on it. The new scatter file for custom firmware will be for what the devs had on their device, but not what you actually have on yours (different hardware versions, android releases, w.e.). What you need to do is take the existing partitions of your device, the start addresses for them, add the size of that partition to get the end address and using that information supply that data to the new scatter file. You COULD in theory also change the partition sizes but that is more prone to error so I did not recommend that. So what I did would visually look like this, the | are partition start / end markers
Original scatter file:
|xxxxxxxxxxx||xxxxxxxxxxx||xxxxxxxxxxxxxxxxxxxxxxxxxxx||xxxxxxxxxxxxxxxxxxxxxx||xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx||xxxxxxxxxxxxx|
vs new scatter file:
|xxxxxxxxxxx||xxxxxxxxxxx||xxxxxxxxxxxxxxxxxxxxxxxxxxx||xxxxxxxxxxxxxxx||xxxxxxxxxxxxxxxxxxxxxxx||xxxxxxxxxx|
vs the patched scatter file:
|xxxxxxxxxxx||xxxxxxxxxxx||xxxxxxxxxxxxxxxxxxxxxxxxxxx||xxxxxxxxxxxxxxx....................||xxxxxxxxxxxxxxxxxxxxxxx....................................................||xxxxxxxxxx........|
Tl;Dr An offset is basically a way of saying address + data/space (until next segment at next address).
Click to expand...
Click to collapse
I used Smartphone flash tool version 3 and 5 and I have managed to use my own image to flash numerous phones, encrypted with a key or with no keys (Auth file).
Usually, I would use Google's method of flashing back rom that is using a zip file contains bunch of flashable system images and let fastboot app itself flash it.
I dumped my images using dd tool and img2simg (Full blown raw ext4 file, not sparsed.)
Because fastboot likes sparse images rather than raw ones and flashable sparse images can be easily flashed with SP tool normally (It can make phones bootable but will more likely making phone unbootable most of the time)
I do aware that I need to adjust the address thing. But normally, using the start address based on the scatter. SP app can automatically calculates how large the image and it can prevents you from flashing because it is too large.
But this particular phone won't flash even if it is the stock rom. Which dumped and got its scatter file generated by some sketchy "miracle box".
My best guess is that the scatter file was tied to specific emmc chip and it is not for my phone's emmc so there might be some difference there.
Because when I use the REAL flash scatter file from actual OEM (In this case, Nokia 1, European Variant). It can make my APAC counterpart can be flashed normally, even with my custom sparsed or raw image (These 2 variants were kinda different, technically.)
I would like to point out that newer SP flash tool app tends to hate to co-operate with scatter scripts so that could be a reason (I used older build of version 5 and it only gets the userdata bug, but it does lags the app when the bug "PMT changed for the ROM, it must be downloaded" show up. Because it was a bug and it hadn't fixed in that build, which is fixed in the latest build of SP app when I attempt to flash)
And flashing extracted "stock" rom from flash tool and flash it back over fastboot tool tends to break system OTA and make my phone on bootloop (I highly doubted it was the raw image thing, because of the free space it can allocated. I flashed it raw back then I think because i don't know what happened yet, keep in mind that stock rom images shipped for SP flash tool were most likely in raw state, not compressed like sparse images)
And SP flash tool also hates raw dd images too (too big?????)
So like. What do I need to fix the script? What program that can calculate the exact offset for it? I still be able to flash the stock rom with fastboot fine. But for "unforeseen consequences" that makes it unbootable, I still need it.
Say the scatter is not reliable or doesn't exist. How do I use the readback function and then use some aged apps like MTK droid tool to generate actual offsets and possibly generates scatter for me (Most likely will not work because my phone's Android is too new for it). I used to work with Android 4.2.2 so it's really easy back then.
kutiz21 said:
So like. What do I need to fix the script? What program that can calculate the exact offset for it? I still be able to flash the stock rom with fastboot fine. But for "unforeseen consequences" that makes it unbootable, I still need it.
Say the scatter is not reliable or doesn't exist. How do I use the readback function and then use some aged apps like MTK droid tool to generate actual offsets and possibly generates scatter for me (Most likely will not work because my phone's Android is too new for it). I used to work with Android 4.2.2 so it's really easy back then.
Click to expand...
Click to collapse
I'm not sure how to get the data when no original scatter file exists, I was fortunate enough to find a reference for my stock OS. The other scatter file was for AsteroidOS. I think the easiest way to explain what I did would be to share the scatter files. Effectively start address + partition size should not be larger than the start address of the next partition.
Stock scatter file:
https://pastebin.com/tfFDCPfT
Original AsteroidOS scatter file:
https://pastebin.com/0z7DtL9u
Patched AsteroidOS scatter file:
https://pastebin.com/iiYZTzBt
Take note that in my original post screenshots, AstreroidOS was only flashing 3 partitions (corresponding to the is_download: true/false field of the scatter file). That told me that those were the partitions / boundaries that need to match, the other partitions were irrelevant (for the purpose of flashing anyway). AsteroidOS itself is contained inside the userdata partition, effectively leaving other ~20 partitions as "lower layers" or unused.
printf() said:
I'm not sure how to get the data when no original scatter file exists, I was fortunate enough to find a reference for my stock OS. The other scatter file was for AsteroidOS. I think the easiest way to explain what I did would be to share the scatter files. Effectively start address + partition size should not be larger than the start address of the next partition.
Stock scatter file:
https://pastebin.com/tfFDCPfT
Original AsteroidOS scatter file:
https://pastebin.com/0z7DtL9u
Patched AsteroidOS scatter file:
https://pastebin.com/iiYZTzBt
Take note that in my original post screenshots, AstreroidOS was only flashing 3 partitions (corresponding to the is_download: true/false field of the scatter file). That told me that those were the partitions / boundaries that need to match, the other partitions were irrelevant (for the purpose of flashing anyway). AsteroidOS itself is contained inside the userdata partition, effectively leaving other ~20 partitions as "lower layers" or unused.
Click to expand...
Click to collapse
So my insights were true. It does automatically calculates the free space of a partition to whether allow you to flash or not. But I tried fiddling with it and it doesn't work. I might try to individually comment out those partitions as unflashable and try it out.
One more thing is that I used to had this error. But it will be gone when I explicitly referencing SP flash tool the preloader partition image (flashing it or not doesn't matter) alongside with all of my custom images but they must be fully loaded in the app.
You will not be able to flash if it can't fully loaded all partitions that has the property "is_download: true". Maybe that should allow me to do the flash.
Any more thoughts on " boundary_check and is_reserved"? Because I used to poke with these and managed to flash my other phone successfully.
I don't have the phone to test right now but more food for thought I guess.
Cheers!
kutiz21 said:
Any more thoughts on " boundary_check and is_reserved"? Because I used to poke with these and managed to flash my other phone successfully.
I don't have the phone to test right now but more food for thought I guess.
Cheers!
Click to expand...
Click to collapse
Not sure what is_reserved does, but boundary_check probably validates the scatter file vs. the layout on the disk. If you don't do the check though you are risking overwriting a partition which might be needed for the lower layer functionality - keystore, firmware, etc.
Related
How to make update.zip from boot.img, system.img, data.img (the nandroid backup)
Yes i know the fastboot trick, but can anyone guide me towards making the nandroid backup files into a update.zip that would work?
I'd like to know too ^^.
Me too. I've successfully scripted the automated creation of a file structure into which the contents of BOOT.IMG, SYSTEM.IMG, DATA.IMG, CACHE.IMG and SD-EXT.IMG are extracted. The script also creates a valid update-script file under ./META-DATA/.... The only issue I have is that I'm using windows so the .IMG files extracted as a yaffs file system, looses the original file permissions. I need someway to recreate the permissions in the update.zip. Thats all. Having a way of converting a nandroid backup to an update.zip means you can very easily cook custom roms from a nandroid backup, and port ROMs across phones using a portable .ZIP format.
Maybe dsixda can help http://forum.xda-developers.com/showthread.php?t=633246 "OR [cook a rom] from a Nandroid backup (under /sdcard/nandroid) [NOT RECOMMENDED]: Copy the system.img and boot.img files from the backup folder to your kitchen's original_update folder NOTE: The Nandroid-backup method of cooking is not the best way to cook, because the kitchen may not account for various advanced options that were cooked outside of this kitchen (these options are in the update-script file which was in the original ROM but is not in the backup. The kitchen needs to re-create this file and 'guess' those options). However, it will support Nandroid backups that already have basic features like root, busybox and /data/app functionality. "
You get nandroid backup images by backing up a ROM which was flashed from an update.zip package. What is then the point of recreating that update.zip package?
giant is right with the klitchen by dsixda you can make an update.zip form nandroid very easy
Guys, we're missing the point. To clarify: The "point of recreating the ZIP ROM file" are numerous. For example, to create a ROM where the original ROM isnt available, i.e. to create a portable ROM based on an existing set of images in a phone where the phone and/or its sdcard cannot be removed or where we do not wish to remove the card. Simple. But more importantly, the process is a learning and development activity that I want to undertake, its a personal decision, for which support would be welcome. Secondly, dsixda issues many caveats around cooking ROMs from nadroid backups. It simply doesnt work - I've tried it - thus his caveat is correct and should be observed. Furthermore, his kitchen creates windows based ZIP files. The process is inherently flawed for creating ROMs for linux because the ZIP files contain a windows file structure which does not contain the appropriate linux based file permissions (linux being the O/S base system on android. The restore operation does not work - in stock form - because one looses the critical file permissions, UID and GID that are required in order for the ROM to function correctly, and in some instances from my experience, to even boot up! His update-script attempts to reinstate the appropriate permissions, UID and GIDs, however, and as dsixda admits, the process is not foolproof and does not cover all eventualities, combinations and scenarios. Thus, the issue of permissions, GID and UID remains outstanding. For these reasons, in my humble view, the issue of permissions is critical in ensuring a successful ROM flash from [linux based] .IMG files. Once this is resolved, the rest of the process is trivial. Indeed, if this one issue could be resolved, then dsixda's kitchen would mature from a useful toolset, to a truly wonderous one-stop solution.
well i don't know what people have tried and got to work or not, but it can eb done and have been done before, one of my sliderom build was done froma nandroid soo i guess it's up to how much effort you put into it and use the kitchen as a tool, but not only use it, cause then you fail, if you don't do some manual work, nothing 100% automated will ever be a big succes
I have a solution. I am coding this up as we speak. My solution will extract the file permission, UID and GID from the .IMG , for each contained file. My script then runs as part of the update-script (i.e. RUN_PROGRAM restore-protection) subsequent to a ROM flash. Thus, the resultant file structure after a ROM update is exactly the same as that contained within the .IMG files. EDIT: coding complete. will test tomorrow on existing phone + sdcard. The purpose of this exercise is to 'clone' an existing phone software load, as ROM file, that can then be flashed. My script takes all partition images (system, data, cache, sd-ext and so on), creates a ROM that includes functionality that will - when flashing - restore the exact permissions, GID and UID as written in the backup files (.IMG), thus cloning the phone. I plan to update the script in future so that APK files can be added or removed, and additional low level features such as kernel pre-empting, scheduling and other features can be added --- I think they call this "a kitchen" in Android speak.??
From your description of what you're doing it sounds like you could end up with the simplest and closest to a one click kitchen that allows users with less knowledge to fully backup / restore / clone their phone (rom, personal settings, data and all). A lot of noobs might like this tool big time
Any progess made on this? I have been trying to create a rom for a nandroid backup. When I go to flash it, I get symlink errors and the flash fails.
dazxda said: I have a solution. I am coding this up as we speak. My solution will extract the file permission, UID and GID from the .IMG , for each contained file. My script then runs as part of the update-script (i.e. RUN_PROGRAM restore-protection) subsequent to a ROM flash. Thus, the resultant file structure after a ROM update is exactly the same as that contained within the .IMG files. EDIT: coding complete. will test tomorrow on existing phone + sdcard. The purpose of this exercise is to 'clone' an existing phone software load, as ROM file, that can then be flashed. My script takes all partition images (system, data, cache, sd-ext and so on), creates a ROM that includes functionality that will - when flashing - restore the exact permissions, GID and UID as written in the backup files (.IMG), thus cloning the phone. I plan to update the script in future so that APK files can be added or removed, and additional low level features such as kernel pre-empting, scheduling and other features can be added --- I think they call this "a kitchen" in Android speak.?? Click to expand... Click to collapse Do you have a link?
dazxda said: I have a solution. I am coding this up as we speak. My solution will extract the file permission, UID and GID from the .IMG , for each contained file. My script then runs as part of the update-script (i.e. RUN_PROGRAM restore-protection) subsequent to a ROM flash. Thus, the resultant file structure after a ROM update is exactly the same as that contained within the .IMG files. EDIT: coding complete. will test tomorrow on existing phone + sdcard. The purpose of this exercise is to 'clone' an existing phone software load, as ROM file, that can then be flashed. My script takes all partition images (system, data, cache, sd-ext and so on), creates a ROM that includes functionality that will - when flashing - restore the exact permissions, GID and UID as written in the backup files (.IMG), thus cloning the phone. I plan to update the script in future so that APK files can be added or removed, and additional low level features such as kernel pre-empting, scheduling and other features can be added --- I think they call this "a kitchen" in Android speak.?? Click to expand... Click to collapse Hi, could yo share your script? I'm also working on something similar, and could use a bit of help
OMG this is exactly what I need.. I read all the way to the end and then ARRGGGGGG.. no more responses in months. Have you made this script yet? If no .. does anyone else have instructions on taking a nandroid backup and creating an IMG or ? My personal reasons.. I have a Craig CMP741E tablet that is stuck in the android logo screen after attempting the factory update.. the one that crashes EVERY1's tablet. And there is no working way that I have found to fix it. No custom roms or factory roms that can be flashed without FIRST having the tablet ON and turn on USB Debugging or already have CWM installed. So I cannot use ADB or any other method I can find to do this. I have a buddy with the same tablet that is rooted and has GAPPS and everything on it. He gave me a copy of his nandroid backup but now I cannot find anything I can actually do with it. If I can turn it into an Update.zip or IMG I can simply put on SD Card.. restart and cross my fingers.
lilc420 said: OMG this is exactly what I need.. I read all the way to the end and then ARRGGGGGG.. no more responses in months. Have you made this script yet? If no .. does anyone else have instructions on taking a nandroid backup and creating an IMG or ? My personal reasons.. I have a Craig CMP741E tablet that is stuck in the android logo screen after attempting the factory update.. the one that crashes EVERY1's tablet. And there is no working way that I have found to fix it. No custom roms or factory roms that can be flashed without FIRST having the tablet ON and turn on USB Debugging or already have CWM installed. So I cannot use ADB or any other method I can find to do this. I have a buddy with the same tablet that is rooted and has GAPPS and everything on it. He gave me a copy of his nandroid backup but now I cannot find anything I can actually do with it. If I can turn it into an Update.zip or IMG I can simply put on SD Card.. restart and cross my fingers. Click to expand... Click to collapse Can you access the tablet's fastboot mode? Turn the tablet fully off, then hold the Menu button and the Power button. I don't have your tablet, but it's a standard boot mode. Make sure you have the tablet connected to the PC. You should see it pop up in the Device Manager, or by doing "fastboot devices" from a command prompt. If you can get there, you may be able to flash a recovery image.
Hi, does anybody knows if there is a response for this post??, i am looking for a method to convert the images files that are included in a rom stock (for using with sp flash tool) to an update.zip file. I have no way to use sp flash tool because my tablet has a hardware problem with microusb port and the only way is flashing a new rom via microSD card with an update.zip.. Maybe the solution is in another thread, please be kind and give me a link or at least give me some suggestions where to look for.
Need help extracting filesystem from ROM
Hello, I've got a Q2 smartwatch from IQI (launch q2 or call it the way you want). I've successfully dumped the ROM from it (see attached ZIP file). The ROM is also seperated into bootloader(s) and OS (the OS is the FILE_01_MTK). When I run binwalk on this file, I get alot of false positives. All the image files are real, but there are alot (to the point I need to pipe the command with more) of LZMA compressed data (see http://pastebin.com/rdfBRLxe) When I try to extract the LZMA archive starting from the first bit of reported data, it simply says that it is a corrupted lzma archive. Also, there is a reported Linux EXT filesystem at 0x8D3803 (9254915), but it is reported as unclean and can't be mounted when I extract it (see file extfs in ZIP). Can someone help me figure out how I can extract all this data in order to make some changes to the OS? I have experience in hacking other firmware, but never saw so much false positives. Thanks, Acrilex123
Pit file editing for repartioning the emmc.
My Emmc just started freezing up, so I did some research & one of the most effective method indicate that if we rapartition the emmc in such a way that it it will skip the bad sectors, then problem can be resolved, while looking at partition map for note 4, I saw all small partitions including system are within first 5gb, so I was thinking if we can create a pit file that can start the partition from 5gb onward, leaving first 5gb useless, maybe device will be usable, I created the pit, but Odin won't let me flash it , saying " Secure check fail : Pit", any ideas or if anyone can modify the pit file that would be great.Here is the attachment containing original pit file.
I have the same problem and your suggested logic might be the solution we need. Let's c who can help
Edit system.img mtk chipset
I have a radio head with a mtk 8227l chipset. I have original firmware and have successfully flashed it. My issue is there system partition it's small and Google play keeps running out of space. It lists external as 12gb free. I have been able to modify the scatter file to try and make the system take more. I can see the effect of this as the external space is reduced by how much I increase system. However there must be something in the system.img file that sets the system partition size as it's still 1.6gb after flashing with edited scatter file. Is there a way to extract this probably have to change the parameter setting it something and repack it for flashing?
So I've extracted the system.img, repacked as 5GB, changed the scatter to match. Flashed to head unit, but /internal is still 1.6gb. I'm obviosly missing something. Does anyone know MTK images and such that could point me in right direction?
MTK8227L Hey I know this post is super old but I’ve searched EVERYWHERE endlessly and there’s little to know info on this specific model. But I just had a couple questions 1) what model head unit do you have. Mine is the GA2186K 2) how did you flash it. 3) were you able to root 4) do you know of any custom roms that can be used with it. Thanks in advanced. I’m desperate for some info on this thing lol. And I’d love to get some sort of custom software on here. Thanks bro, Skye
I don't have an extension for Dump Partitions
I have used LGUP and selected all partitions from DUMP. Is it enough if something goes wrong, do I have everything I need? It must have specific extension?
Yes you have everything you need. Partitions dont need a file extension you can add .img to the file names if you want, which will make them image files. They can all be flashed via fastboot or twrp using console commands just the way they are.