Good evening everyone!
I recently bought a Junsun V1 head unit for my Golf 7. I specifically chose it because of the AC8227L SOC, which is a renamed MT8127. It includes a few more peripherals that are useful in car infotainment systems, but the core is identical.
I'm in the process of creating a new firmware from scratch, to replace the chinglish, buggy stock one. However, I have not succeeded yet.
What I have done so far is create a TWRP image for it, completely from source, using the prebuilt kernel. It's available here (any mirrors will be appreciated and linked in this post):
https://mega.nz/file/1Gp2gJ5S#gAxcP1WK8nwXivYTpAlyEsWNoWwNZBZ8VTs3fm57gEc
I have also dumped the firmware from the 2GB + 32GB version: https://mega.nz/file/hXhEjTab#AowvrX36nn9rXIkeu_zgnGmLyDxtiSUSWswwmXcN46k
To install install TWRP simply put it on the "RECOVERY" section in SP Flash Tool using the scatter and preloader provided in the firmware dump. Uncheck everything else and press flash.
You'll need a type-a to type-a USB cable connected to the 4-pin USB connector (not the 6-pin), and then give power to the unit.
Any other information about the device, serial communication between android and the MCU, decompiled apps, modified apps, etc are also welcome!
I hope this is useful for somebody.
UPDATE 07-01-2021:
I've been reverse engineering the MainUI apk for a week now. I've extracted the MCU communication protocol, now I'm trying to extract the DSP protocol, and CAN will be next.
The touch buttons on the left side of the unit is managed by this .apk as well, and that has already been reverse engineered, only the implementation has to be done with the available API I wrote.
All help is welcome. You can find the source code in github. The important work is being done in native libraries, the java stuff is useless right now. https://github.com/Iscle/MainUI
root
hi, i think i have a HU similar to yours ( se e attached pucture ). Btw did you manage to root the original fw? what about your development, it sounds interesting...
root
......see attachment
maxou2 said:
hi, i think i have a HU similar to yours ( se e attached pucture ). Btw did you manage to root the original fw? what about your development, it sounds interesting...
Click to expand...
Click to collapse
maxou2 said:
......see attachment
Click to expand...
Click to collapse
If you can install TWRP then you will be able to root.
iceblue1980 said:
If you can install TWRP then you will be able to root.
Click to expand...
Click to collapse
magisk?
maxou2 said:
magisk?
Click to expand...
Click to collapse
Anything you want but I would really recommend SuperSU as Magisk doesn't work as intended on these units. Also make sure you run SuperSU v2.79 and no higher. As for TWRP, only version 3.0.2 is stable in my experience.
I'm stuck unlocking the bootloader, the command "fastboot oem unlock" works and the unit ask to confirm by pressing vol+, unfortunately the touch on the panel does not work... tried to put a wireless keyboard dongle on the other USb but it doesn't work....
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Magisk works just fine, I actually recommend it over SuperSU, as SuperSU is practically obsolete nowadays.
Also, no need to unlock the bootloader, just flash the recovery image as I explained on the first post.
Just made a deep study and tests on this unit, here my results, thoughts, mods and other considerations hoping this will help.
Being scared to brick the unit I used a conservative approach by making step by step mods rather than flash the firmware at the first post.
Here's my changment pattern:
Firmware : Before rooting I updated to the last version of the firmware the vendor gave me ( the latest OEM firmware ).
It's an OTA update ( use the "five fingers screen touch & move" method ) after putting the the files .bin and .upd in a USB key connected to a USB port when you powerup the unit.
I enclose a link to download it.
OTA update
I've made a DUMP of the partitions ( by using the SP tool Readback feature, you can find a lot of tutos on the internet how to use it ) and with the WwR tools i managed to have a full flashable original FW backup.
Another interesting method is to retrieve the partition content on a "live" system by use a shell and the dd unix command :
Enable the developer option on the system and connect the 4 wire USB port to a PC ( by using a 4 wire male to male USB cable ).
If you have an ADB command environment installed on your PC you can just fire a "adb shell" command,
followed by an "su @#zxcvbnmasdfghjklqwertyuiop1234567890,." to have a shell with superuser rights.
Now you can navigate trought your file system as root.
Anyway here's the partions table :
/dev/block/platform/soc/11230000.mmc/by-name # ls -l
lrwxrwxrwx 1 root root 21 Dec 3 14:26 ANDROID -> /dev/block/mmcblk0p24
lrwxrwxrwx 1 root root 20 Dec 3 14:26 ARM2 -> /dev/block/mmcblk0p9
lrwxrwxrwx 1 root root 21 Dec 3 14:26 BOOTIMG -> /dev/block/mmcblk0p10
lrwxrwxrwx 1 root root 21 Dec 3 14:26 CACHE -> /dev/block/mmcblk0p25
lrwxrwxrwx 1 root root 21 Dec 3 14:26 DKB -> /dev/block/mmcblk0p22
lrwxrwxrwx 1 root root 21 Dec 3 14:26 EXPDB -> /dev/block/mmcblk0p20
lrwxrwxrwx 1 root root 21 Dec 3 14:26 FRP -> /dev/block/mmcblk0p23
lrwxrwxrwx 1 root root 21 Dec 3 14:26 KB -> /dev/block/mmcblk0p21
lrwxrwxrwx 1 root root 20 Dec 3 14:26 LK -> /dev/block/mmcblk0p6
lrwxrwxrwx 1 root root 21 Dec 3 14:26 LOGO -> /dev/block/mmcblk0p14
lrwxrwxrwx 1 root root 21 Dec 3 14:26 METAZONE -> /dev/block/mmcblk0p17
lrwxrwxrwx 1 root root 21 Dec 3 14:26 MISC -> /dev/block/mmcblk0p13
lrwxrwxrwx 1 root root 20 Dec 3 14:26 NVRAM -> /dev/block/mmcblk0p2
lrwxrwxrwx 1 root root 21 Dec 3 14:26 ODMDTBO -> /dev/block/mmcblk0p18
lrwxrwxrwx 1 root root 20 Dec 3 14:26 PROTECT_F -> /dev/block/mmcblk0p3
lrwxrwxrwx 1 root root 20 Dec 3 14:26 PROTECT_S -> /dev/block/mmcblk0p4
lrwxrwxrwx 1 root root 20 Dec 3 14:26 PRO_INFO -> /dev/block/mmcblk0p1
lrwxrwxrwx 1 root root 21 Dec 3 14:26 RECOVERY -> /dev/block/mmcblk0p11
lrwxrwxrwx 1 root root 20 Dec 3 14:26 SECCFG -> /dev/block/mmcblk0p5
lrwxrwxrwx 1 root root 21 Dec 3 14:26 SEC_RO -> /dev/block/mmcblk0p12
lrwxrwxrwx 1 root root 20 Dec 3 14:26 TEE1 -> /dev/block/mmcblk0p7
lrwxrwxrwx 1 root root 20 Dec 3 14:26 TEE2 -> /dev/block/mmcblk0p8
lrwxrwxrwx 1 root root 21 Dec 3 14:26 VENDOR -> /dev/block/mmcblk0p19
lrwxrwxrwx 1 root root 21 Dec 3 14:26 forfanzone -> /dev/block/mmcblk0p15
lrwxrwxrwx 1 root root 21 Dec 3 14:26 tszone -> /dev/block/mmcblk0p16
lrwxrwxrwx 1 root root 21 Dec 3 14:26 userdata -> /dev/block/mmcblk0p26
Just use the dd unix command to dump every partitions content to a /sdcard directory where you can easily copy to an external USB stick or PC via adb pull.
E.g: dd if=/dev/block/mmcblk0p10 of=/sdcard/TWRP/boot_from_dd.img
Luckily I didn't have to use these datas to unbrick my system...
TWRP : I used another version ,it's a v3.3.1, works well. Flashed with SP Flash tool and the scatter contained in the .zip firmware at first post. I enclosed it so someone can tell what's the best option amongst these.
ROOT : Flashing magisk zip from TWRP worked flawlessy, but in my case i experienced an additional delay at boot ( let's say between 20-30 sec ), now a cold boot takes about 1 minute whereas with no root it was about 35 secs. I suspect this is due to the magisk modification to the boot process .
HW mods, temp controls and other infos will follow.
Any questions, just ask.
I have v1 1ram 16rom with ac8227l, but when I tried to update my radio I was only able to with an update-ty.zip with a manual process like this:
What I can do????
this is the last firmware that junsun send to me https://drive.google.com/file/d/1OjZcB0yqVQsu8O63l58VrMneZBmr25p5/view?usp=sharing
jabatillo_2001 said:
this is the last firmware that junsun send to me https://drive.google.com/file/d/1OjZcB0yqVQsu8O63l58VrMneZBmr25p5/view?usp=sharing
Click to expand...
Click to collapse
jabatillo_2001 said:
I have v1 1ram 16rom with ac8227l, but when I tried to update my radio I was only able to with an update-ty.zip with a manual process like this:
What I can do????
Click to expand...
Click to collapse
Your update process is very different from mine, probably you should tick every checkbox ( the most dangerous could be the MCU IMHO ) and start the update process. You should check first with the vendor, but it seems the correct procedure if the files he sent you match your Head Unit.
BTW take some picture of the MCu version, FW revision etc... of your unit.
Actually the compressed file they sent you contains BOOT, SYSTEM, TEE AND VENDOR updated partitions, and .bin update file ( usually the mcu update are .bin file but in my experience are really smaller then the one contained in the zip so it's diffucult to know what is for ).
So probably you should tick the "Sistema - > update_ty.zip" ONLY and start the update process....
The update only works with this name of file update-ty.zip, others don't work. My problem is bluetooth, It Connects and disconnects all the time. I'm crazy with this, I think the problem is bttool.apk or MTK but I'm not sure.I'm not allow to call or answer calls, either I can't dial by numbers.
I need to try some other firmware to resolve the problem.
Perhaps you can give me one idea or some trick to help me.
Thanks a lot.
My Android mobile XDA app don't work properly, after I'll attach you photos of my radio characteristics.
maxou2 said:
Actually the compressed file they sent you contains BOOT, SYSTEM, TEE AND VENDOR updated partitions, and .bin update file ( usually the mcu update are .bin file but in my experience are really smaller then the one contained in the zip so it's diffucult to know what is for ).
So probably you should tick the "Sistema - > update_ty.zip" ONLY and start the update process....
Click to expand...
Click to collapse
jabatillo_2001 said:
The update only works with this name of file update-ty.zip, others don't work. My problem is bluetooth, It Connects and disconnects all the time. I'm crazy with this, I think the problem is bttool.apk or MTK but I'm not sure.I'm not allow to call or answer calls, either I can't dial by numbers.
I need to try some other firmware to resolve the problem.
Perhaps you can give me one idea or some trick to help me.
Thanks a lot.
My Android mobile XDA app don't work properly, after I'll attach you photos of my radio characteristics.
Click to expand...
Click to collapse
Need to be sure that the firmware in this thread match your unit first, take pictures of your system infos. BTW your unit is only 1 GB RAM right?
Can you post the link where you bought it? ( Probably aliexpress... )
Keep in mind that generally on these chinese HU the BT is not managed by the android system as with cellphones, it's the MCU and dedicated apk that usually do that ( you do not have any BT option in the android system settings ).
So:
1) Did you try with a system reset?
2) Can you reach an advanced system option menu ( a little bit tricky in my unit ) where you can interact deeply ( BE VERY CAREFUL ) with several options, here you can set some BT systemwide parameters.
3) Maybe an MCU update could also help
1) yes
2)Wells, only development options of Android, the firmware not contains BT options. If you turn off BT, It turns off automatically. BT music only works if you play by mobile, neither by radio.
3) Perhaps, but it's the same problem, to update MCU I need a file named m51_update. You can see in image.
I have a A2 Lite of Xiaomi, but I try in a note 6 pro and the same problem.
What can I do?
I don't know what I can modify native MCU, but I like to probe another compatible ROM.
All my test, without rooting, are around Android 8.1 BT problems..
Bttool.apk don't work properly, disconnects for example, when I try to syncronize the contacts.
I'm afraid to brick It installing by flashing.
maxou2 said:
Keep in mind that generally on these chinese HU the BT is not managed by the android system as with cellphones, it's the MCU and dedicated apk that usually do that ( you do not have any BT option in the android system settings ).
So:
1) Did you try with a system reset?
2) Can you reach an advanced system option menu ( a little bit tricky in my unit ) where you can interact deeply ( BE VERY CAREFUL ) with several options, here you can set some BT systemwide parameters.
3) Maybe an MCU update could also help
Click to expand...
Click to collapse
maxou2 said:
Need to be sure that the firmware in this thread match your unit first, take pictures of your system infos. BTW your unit is only 1 GB RAM right?
Can you post the link where you bought it? ( Probably aliexpress... )
Click to expand...
Click to collapse
The firmware I posted on the first post was also extracted with SP Flash Tools + WwR tools. I sent it to a friend who uploaded a dump made with dumpyara here: https://git.rip/dumps/ffkj/ff-5000
This way we can navigate the filesystem easily, and grab anything we need.
I'm in the process of creating a kernel source for this SoC, I don't know if it will work, but if it does, the first thing I'll do is overclock it haha
jabatillo_2001 said:
1) yes
2)Wells, only development options of Android, the firmware not contains BT options. If you turn off BT, It turns off automatically. BT music only works if you play by mobile, neither by radio.
3) Perhaps, but it's the same problem, to update MCU I need a file named m51_update. You can see in image.
I have a A2 Lite of Xiaomi, but I try in a note 6 pro and the same problem.
What can I do?
I don't know what I can modify native MCU, but I like to probe another compatible ROM.
All my test, without rooting, are around Android 8.1 BT problems..
Bttool.apk don't work properly, disconnects for example, when I try to syncronize the contacts.
I'm afraid to brick It installing by flashing.
Click to expand...
Click to collapse
You should check your HU Hardware parameters, so you can figure is this thread is for you.
System "About device" - see picture.. Take a picture of the values on the screen.
After that touch the Gear icon on the top right of the screen a popup menu will appear, digit 8888 and ok.
An advanced system setting menu will appear, choose "others", scroll down and you'll see some BT options ( see picture ), try to change them.
Save and reboot.
If your system doesn't have such as menus I strongly recommend you to check elsewhere because probably your HU is different from mine.
Related
I'm jumping and starting to develop for this device and just got the mount points. This is for anyone else that cares :silly:
lrwxrwxrwx root root 2012-10-03 20:37 boot -> /dev/block/mmcblk0p10
lrwxrwxrwx root root 2012-10-03 20:37 bootloader -> /dev/block/mmcblk0p2
lrwxrwxrwx root root 2012-10-03 20:37 cache -> /dev/block/mmcblk0p12
lrwxrwxrwx root root 2012-10-03 20:37 crypto -> /dev/block/mmcblk0p4
lrwxrwxrwx root root 2012-10-03 20:37 dfs -> /dev/block/mmcblk0p7
lrwxrwxrwx root root 2012-10-03 20:37 dkernel -> /dev/block/mmcblk0p6
lrwxrwxrwx root root 2012-10-03 20:37 efs -> /dev/block/mmcblk0p8
lrwxrwxrwx root root 2012-10-03 20:37 idme -> /dev/block/mmcblk0p3
lrwxrwxrwx root root 2012-10-03 20:37 misc -> /dev/block/mmcblk0p5
lrwxrwxrwx root root 2012-10-03 20:37 recovery -> /dev/block/mmcblk0p9
lrwxrwxrwx root root 2012-10-03 20:37 system -> /dev/block/mmcblk0p11
lrwxrwxrwx root root 2012-10-03 20:37 userdata -> /dev/block/mmcblk0p13
lrwxrwxrwx root root 2012-10-03 20:37 xloader -> /dev/block/mmcblk0p1
Click to expand...
Click to collapse
timmytim said:
I'm jumping and starting to develop for this device and just got the mount points. This is for anyone else that wants that cares :silly:
Click to expand...
Click to collapse
Not to pick nits here, but those are actually the partition names -> device names. I hope you don't mind if I hijack your thread temporarily, but I think the following information is related.
Earlier this evening, a friend of mine let me borrow her KFHD for a few days with a "you break it, you bought it" proviso. Naturally, I've been playing around with it a bit.
I've also been looking at the way the storage space has been laid out on the KFHD. I think the most interesting change for most people will be the way the userdata partition is being used. I haven't seen this information posted anywhere, so I just wanted to share for the curious.
On the original KF, there are separate userdata and media partitions. The userdata partition gets mounted on /data and it's used mostly to store apps, settings, etc. The media partition gets mounted on /sdcard and that's used to store movies, music, books and other large files.
For the KFHD, the media partition is gone and the bulk of the storage space has been allotted to the userdata partition. That partition still gets mounted on /data, but /data now also contains a media directory. The KFHD then uses /data/media as the root for a virtual filesystem that gets mounted on /sdcard.
There have been at least a few users who mentioned repartitioning the original KF to get more space for apps by sacrificing space on /sdcard and vice versa. No such tradeoffs are required on the KFHD, because all of the user's files now get stored on one filesystem. As a result, the storage space gets a chance to be used more efficiently. I just thought that was a very tidy solution and an upgrade to the way things were done in the original.
Now, to get somewhat back on topic, here are the partition table details for the KFHD...
Code:
# parted /dev/block/mmcblk0 print
Error: Can't have overlapping partitions.
Model: MMC MAG2GA (sd/mmc)
Disk /dev/block/mmcblk0: 15.6GB
Sector size (logical/physical): 512B/512B
Partition Table: gpt
Number Start End Size File system Name Flags
1 131kB 262kB 131kB xloader
2 262kB 524kB 262kB bootloader
3 524kB 590kB 65.5kB idme
4 590kB 606kB 16.4kB crypto
5 606kB 608kB 2048B misc
6 1049kB 11.5MB 10.5MB dkernel
7 11.5MB 213MB 201MB ext4 dfs
8 213MB 230MB 16.8MB ext4 efs
9 230MB 238MB 8389kB recovery
10 238MB 246MB 8389kB boot
11 246MB 1175MB 929MB ext4 system
12 1175MB 1857MB 682MB ext4 cache
13 1857MB 15.6GB 13.8GB ext4 userdata
I dont mind at all. I've always referred to those as mount points but thinking about it now I realize I was wrong, lol.
Thanks man
kinfauns said:
Not to pick nits here, but those are actually the partition names -> device names. I hope you don't mind if I hijack your thread temporarily, but I think the following information is related.
Earlier this evening, a friend of mine let me borrow her KFHD for a few days with a "you break it, you bought it" proviso. Naturally, I've been playing around with it a bit.
I've also been looking at the way the storage space has been laid out on the KFHD. I think the most interesting change for most people will be the way the userdata partition is being used. I haven't seen this information posted anywhere, so I just wanted to share for the curious.
On the original KF, there are separate userdata and media partitions. The userdata partition gets mounted on /data and it's used mostly to store apps, settings, etc. The media partition gets mounted on /sdcard and that's used to store movies, music, books and other large files.
For the KFHD, the media partition is gone and the bulk of the storage space has been allotted to the userdata partition. That partition still gets mounted on /data, but /data now also contains a media directory. The KFHD then uses /data/media as the root for a virtual filesystem that gets mounted on /sdcard.
There have been at least a few users who mentioned repartitioning the original KF to get more space for apps by sacrificing space on /sdcard and vice versa. No such tradeoffs are required on the KFHD, because all of the user's files now get stored on one filesystem. As a result, the storage space gets a chance to be used more efficiently. I just thought that was a very tidy solution and an upgrade to the way things were done in the original.
Now, to get somewhat back on topic, here are the partition table details for the KFHD...
Code:
# parted /dev/block/mmcblk0 print
Error: Can't have overlapping partitions.
Model: MMC MAG2GA (sd/mmc)
Disk /dev/block/mmcblk0: 15.6GB
Sector size (logical/physical): 512B/512B
Partition Table: gpt
Number Start End Size File system Name Flags
1 131kB 262kB 131kB xloader
2 262kB 524kB 262kB bootloader
3 524kB 590kB 65.5kB idme
4 590kB 606kB 16.4kB crypto
5 606kB 608kB 2048B misc
6 1049kB 11.5MB 10.5MB dkernel
7 11.5MB 213MB 201MB ext4 dfs
8 213MB 230MB 16.8MB ext4 efs
9 230MB 238MB 8389kB recovery
10 238MB 246MB 8389kB boot
11 246MB 1175MB 929MB ext4 system
12 1175MB 1857MB 682MB ext4 cache
13 1857MB 15.6GB 13.8GB ext4 userdata
Click to expand...
Click to collapse
hello,
excuse me,i have a question: how have you got that? What's command have you write?
-> adb shell
-> su
-> parted
?
Android (Linux) Command Parted - Example
magikstar said:
hello,
excuse me,i have a question: how have you got that? What's command have you write?
-> adb shell
-> su
-> parted
?
Click to expand...
Click to collapse
magikstar,
The command is: parted here is examples on how the command is used:
Connect a Android Device to the PC USB, then reboot into recovery
At the command prompt type the command: adb shell
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Open parted with the command: parted/dev/block/mmcblk0
To see The list of partitions and the capacity on the sdcard, type the command: print
The above example was not the Kindle, it is just to be used as an example.
---------- Post added at 07:15 PM ---------- Previous post was at 07:12 PM ----------
timmytim said:
I'm jumping and starting to develop for this device and just got the mount points. This is for anyone else that cares :silly:
Click to expand...
Click to collapse
timmytim,
Thank you for posting these Partition names, this is helpful.
How do I pull the 9, 10, & 11 blocks to a Windows 7 hard drive for future flashing?
timmytim said:
I'm jumping and starting to develop for this device and just got the mount points. This is for anyone else that cares :silly:
Click to expand...
Click to collapse
Is there a way using ADB to pull the boot, recovery, and system partitions to my hard drive for flashing if needed?
bobcat131 said:
Is there a way using ADB to pull the boot, recovery, and system partitions to my hard drive for flashing if needed?
Click to expand...
Click to collapse
Yes there is, see STEP 1. here - http://forum.xda-developers.com/showthread.php?t=2128848
Or this:
Code:
adb shell su -c "dd if=/dev/block/mmcblk0boot0 of=/sdcard/boot0block.img"
adb shell su -c "dd if=/dev/block/platform/omap/omap_hsmmc.1/by-name/boot of=/sdcard/stock-boot.img"
adb shell su -c "dd if=/dev/block/platform/omap/omap_hsmmc.1/by-name/recovery of=/sdcard/stock-recovery.img"
adb shell su -c "dd if=/dev/block/platform/omap/omap_hsmmc.1/by-name/system of=/sdcard/stock-system.img" # This will take a few minutes
adb pull /sdcard/boot0block.img
adb pull /sdcard/stock-boot.img
adb pull /sdcard/stock-recovery.img
adb pull /sdcard/stock-system.img # This will take a few minutes
Credit to Hashcode :good:
Backup
Thanks for this quick answer. Where will these images be found - on the sdcard or on the hard drive?
bobcat131 said:
Thanks for this quick answer. Where will these images be found - on the sdcard or on the hard drive?
Click to expand...
Click to collapse
I think they are first saved to the SD Card then can pulled from there to your Hard Drive with the adb pull commands.
backup
Thanks again. I'll try on my KFSOWI today.
Backup/Restore
Gilly10 said:
I think they are first saved to the SD Card then can pulled from there to your Hard Drive with the adb pull commands.
Click to expand...
Click to collapse
I dumped them and pulled them to my hard drive okay. However, when I flashed them, all went well, until the system.img. I got this error when flashing the system img. "Invalid sparse file format at header magi"
How do I fix this?
If you are on the 2013 that makes more sense, the system image on a 2013 model you pull can't fit in fastboot's buffer so it would be useless, though I don't get why it thought it was sparsed, it shouldn't have been. I do recall seeing that error at one point while we were researching a way to restore the 2013 model when it gets bricked.
Sent from my Amazon Kindle Fire HD using Tapatalk
stunts513 said:
If you are on the 2013 that makes more sense, the system image on a 2013 model you pull can't fit in fastboot's buffer so it would be useless, though I don't get why it thought it was sparsed, it shouldn't have been. I do recall seeing that error at one point while we were researching a way to restore the 2013 model when it gets bricked.
Sent from my Amazon Kindle Fire HD using Tapatalk
Click to expand...
Click to collapse
Is there a way to increase fastboot's buffer size?
Sent from my 2013 Kindle Fire HD
Backup/Restore
stunts513 said:
If you are on the 2013 that makes more sense, the system image on a 2013 model you pull can't fit in fastboot's buffer so it would be useless, though I don't get why it thought it was sparsed, it shouldn't have been. I do recall seeing that error at one point while we were researching a way to restore the 2013 model when it gets bricked.
Sent from my Amazon Kindle Fire HD using Tapatalk
Click to expand...
Click to collapse
Yes, it is the 2013 edition. Now it is stuck at the boot logo (color Kindle Fire). It has ADB and fastboot recognition and I have a factory cable.
Any suggestions on how to unbrick this device using fastboot ??
Mineturtle33 said:
Is there a way to increase fastboot's buffer size?
Sent from my 2013 Kindle Fire HD
Click to expand...
Click to collapse
There are 2 reasons we can't do this, one is because even if we adjusted it we have no way to sign the new uboot so the device would hard brick upon flashing. The second reason is the buffer the file gets stored on is the devices ram. In this case the system image is around 1.3 GB, while the kindle only has 1gb of ram so there's a physical limitation.
bobcat131 said:
Yes, it is the 2013 edition. Now it is stuck at the boot logo (color Kindle Fire). It has ADB and fastboot recognition and I have a factory cable.
Any suggestions on how to unbrick this device using fastboot ??
Click to expand...
Click to collapse
Good news is this was recently developed: http://forum.xda-developers.com/showthread.php?t=2685090
It should restore it as long as you can get it into fastboot. Because of the fastboot buffer limitation, this pushes a partial resized system image that has just enough file to boot up, then pushes a amazon update to the device and forces it to update the system partition to a full os. Its really clever.
Sent from my Amazon Kindle Fire HD using Tapatalk
stunts513 said:
There are 2 reasons we can't do this, one is because even if we adjusted it we have no way to sign the new uboot so the device would hard brick upon flashing. The second reason is the buffer the file gets stored on is the devices ram. In this case the system image is around 1.3 GB, while the kindle only has 1gb of ram so there's a physical limitation.
Good news is this was recently developed: http://forum.xda-developers.com/showthread.php?t=2685090
It should restore it as long as you can get it into fastboot. Because of the fastboot buffer limitation, this pushes a partial resized system image that has just enough file to boot up, then pushes a amazon update to the device and forces it to update the system partition to a full os. Its really clever.
But how to restore, if system.img is unflashable. I tride but still stuck at boot logo. HELP!:crying:
Click to expand...
Click to collapse
His system image is flashable because of some modifying he did, though I'm not sure if he included the matching boot image and recovery that goes with it, I'll check on it in a bit.
Sent from my Amazon Kindle Fire HD using Tapatalk
stunts513 said:
His system image is flashable because of some modifying he did, though I'm not sure if he included the matching boot image and recovery that goes with it, I'll check on it in a bit.
Sent from my Amazon Kindle Fire HD using Tapatalk
Click to expand...
Click to collapse
I'm scratching my head, either i'm its not there or i'm stupid, i don't see the utility to download to fix the problem on the gdrive. Am i missing something?
I have Kindle Fire HD7 2012. After including of my kindle device(press the power button) is showing the Kindle Fire logo and then is showing the coloured inscription of "Provisioning Fail"
I been looking but to no avail... Is there a problem with backing up all 12 partitions and maybe making a zip file for otheres to use in KFFAide or is it gonna contain information thats personal to device and to user?
GUIDE how to backup Verizon Developer Device aboot Partition
All Samsung Developer Devices are identical to retail devices with exception of one partition "aboot". What is all this fuss aboot? This partition holds the magic that unlocked your bootloader. It has a signed SHA256 key that a thousand Monkeys could not crack. If this partition is overwritten or corrupt the DE phone could brick, and bootloader will lock. Welcome to retail. This partition is device ID specific and coded to the device with super encryption. If this partition is backed up prior to corruption, it could be possible to restore a locked developer device. Some discussion of DE's aboot here and here
As of this writing several DE owners were smart enough to backup aboot, several were able to restore their unlocked bootloader. They were able to restore with the help of several XDA devleopers that were able to take the pre-saved aboot, and make it into an Odin flashable tar. It was reported that EFS Professional could create an Odin flashable aboot.tar.gz, that doesn't need any prior modifications. This info was incorrect, all backups of aboot will require modification prior to flashing. If you accidentally "Retail" your DE, post to this thread, and myself or one of the other devs will fix your backup. There is risk involved with restore, so please don't perposly flash your device to retail.
(No you can't flash aboot on your retail phone)
There are several ways to backup this unique partition, these procedures are not real difficult, but care should be taken. One method is by using ADB. Big learning curve, but rewarding. install Google SDK and use ABD [ADB Guides] Setup and run ADB, and backup the partition using dd command. This is a computer to Android terminal interface via USB. If you have used Linux scripts, this should easy peasy once ADB is functional. Copy and paste a script to copy aboot to SD, and the rest of the partitions using the ADB Method below.
You could even copy aboot to your phone's SD using your recovery file editor, or use ADB pull (permissions, mount, could make this tough though).
There is a cool program built by XDA contributor @lyriquidperfection, it's called EFS Professional It is a very powerful tool, it runs on windows computers, and uses a GUI, no scripts, just point and, click, click, click Easy Method.
Both interfaces require ROOT, and use Busybox. SuperSU, and busybox must be installed on your device prior, as well as Samsung drivers (Direct link to VZW Note 4 DE )
I like BusyBox Tools by Stephen (Stericson), or try Busybox On Rails
Disclaimer: If you are careful, study a bit, and follow direction closely there isn't much risk. Please be careful, these tools are capable of bricking your phone if you blindly explore other commands. If you run into problems, Post to this thread, someone will help you. If you go poking around the advanced user commands and mess it up, good luck. Don't hate on me if you do something stupid.
1. ADB Method Here is a quick guide that I made while backing up my note-4 DE. I point out the path to the partitions on Note-4. The VZW note-4 aboot partition is mmcblk0p7 This location and partition number are different in other DE models. This backup will need to be made flash-able if it's ever needed.
2. EFS Professional Easy Method (This guide will work for the other developer devices too. Tested on Note-3 & Galaxy S5 Developer Editions)
Download EFS Professional on windows computer, install EFSProfessional. This program has an imbedded version of ADB built in (don't run any other ADB programs at the same time)
Make sure USB debug is checked under phone's setting "Developer options", tick "USB debugging" (might already be ticked) If "developer options" tab is missing from "Settings", go to "Settings", "About phone", then tap, tap, tap, on "Build number" do it spasticly until it unlocks, aboot 7 times. ha ha Canada
(Click on the attached thumbnails to enlarge them to huge)
View attachment 3075958 View attachment 3075959
Hook the phone to USB & computer prior to running EFSPro. Keep an eye on the phones screen when the program starts, a few popups will probably pop up on the phone, allow your computer's RSA key, tic the always remember, and allow access to your computer. SU will pop up on the screen too, grant access. (If it doesn't connect, check phone's drop down for connection options. Worst case, toggle usb debug off/on while attempting connection in efspro).
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Click on EFS Professional, The only folder you need to use is under the backup tab. Don't mess around under the other tabs, just click on backup.
View attachment 3048807 View attachment 3125707
Under the Backup Tab select "manage" Then select "Create New". Now you will create a PIT file, the map of your DE's system.
View attachment 3075885 View attachment 3075886
Type in the File name, display name, and description. I typed "note-4" in all three boxes.
View attachment 3181033
Click "Read Pit" a popup will nag, just click "OK" and continue, device written, click "OK", Then hit "Save".
View attachment 3075888
You now have your DE's PIT, the road map to your system partition. Ready to backup aboot? Lets go, press "Manage" then "refresh". Now your new pit should be visible under the "manage" drop down.
View attachment 3075899
From the drop down find your device (Note-4), and "select" it.
View attachment 3075900 View attachment 3075901
"Deselect all", then tic aboot only (You don't want to save all in one zip, it's +3GB, and will take forever, and most likely choke on it's self. Later after backing up aboot you can go back, and save the other partitions that aren't backed up by TWRP).
View attachment 3075902 View attachment 3075911
Click "backup". When it's finished you should now have two copies of aboot zipped up in a nice file (Note-4_xxxxxxxx.tar.gz) in EFSProBackup folder on your internal SD (or External SD), and on your computer both locations should contain a TAR of aboot. You can rename it "MyNote4_aboot.tar.gz". Later you should also manually move this to external SD using Root Explorer or ES File explorer
View attachment 3075912
Now is the time to donate to @lyriquidperfection , or a least go back to his OP and hit the thanks button.
View attachment 3075913
If a stock Tar is accidentally flashed, locking the boot loader, the phone won't be able to run EFS Pro because it requires root, and busybox, and may not boot anyway. If you do somehow lock your boot loader. Post your request for help to this thread, someone will PM you asking for your aboot backup, one of the devs here will make your aboot odin flashable, and send it back ready to go.
*Odin can't flash all the partitions, only the ones that are mapped in your PIT file. Please do a second backup, make a combined zip, select the following: aboot.mbn, NON-HLOS.bin, rpm.mbn, sbl1.mbn, sdi.mbn, tz.mbn. This will up your insurance policy to premium
Now that your are "out of the woods", go back into EFSPro and backup all partition blocks, minus a few huge ones that are already backed up by your recovery. I back up all blocks on a fresh DE image, before installing a bunch of apps (recovery, SuperSU, and Busybox). If you have a bunch of stuffs already installed you might want to skip blocks: 25 Cache, and 27 User Data. They are huge, and redundant if you already backed up everything in TWRP. You do have everything backed up in TWRP, right???
Eye glazing stuffs: The backups can be un-zipped to a tar, aboot.mbn.tar. Then unzipped again to reveal the unzipped partitions. These can be selectively modified into an Odin flash-able tar.md5. This part should be done by a developer because some hex editing and special software adds an md5 checksum .
Don't be the one that flashes a stock image tar, or allows a repair kiosk to touch your precious. Hopefully the insurance policy you just made won't ever have to be claimed.
Check back for correction, and updates. Please post your results good, or bad to this thread.
THANKS!
Nice guide I will have to do this
radionerd said:
Samsung Developer Devices are identical to retail devices with exception of one partition "aboot". If this partition is overwritten or corrupt the phone will brick, and bootloader will lock. This partition is device ID specific and coded to the boot partition, and device. If both of these partitions are backed up prior to corruption, it would be possible to restore a locked developer device.
There are several ways to backup these unique partitions, these procedures are not real difficult, but care should be taken. One method is by using ADB. install Google SDK and use ABD [ADB Guides] Setup and run ADB, and backup the partitions using dd command. This is a computer to phone terminal interface via USB. If you have used Linux scripts, this should easy peasy once ADB is functional.
There is a cool program built by XDA contributor lyriquidperfection, it's called EFS Professional It is a very powerful tool that runs on windows computers, and uses a GUI, no scripts, just point and click
Both interfaces use Busybox, so it must be installed on your device prior.
I like BusyBox Tools by Stephen (Stericson), or Busybox On Rails
Disclaimer: If you are careful, study a bit, and follow direction closely there isn't much risk. Please be careful these tools are capable of bricking your phone if you explore other commands. If you run into problems, I will try to help.
1. ADB Method Here is a quick guide that I made while backing up my note-4 DE. The VZW note-4 aboot partition is mmcblk0p7 This location and name are different in other models.
2. EFS Professional Method
Download EFS Professional on windows computer, install it. This program has a imbedded version of ADB built in (don't run any other ADB programs at the same time)
Make sure USB debug is checked under phone's setting, Developer options tick USB debugging (should already be ticked) If developer options is missing, go to settings, About phone, tap tap tap "Build number" spasticly until it unlocks.
Hook the phone to USB prior to running EFSPro. Keep an eye on the phones screen when the program starts, a few popups will probably pop up on the phone, Tic the always remember, and allow access to the computer. SU will pop up on the screen too, grant access.
View attachment 3048807
(Click on the attached photos to enlarge them)
The only folder you need to use is under the backup tab. Don't mess around under the other tabs, just backup.
Under the Backup Tab select "manage" Then select "Create New". Now you will create a PIT file, and grab a map the DE system.
View attachment 3048818
Type in the File name, display name, and description. I typed "note-4".
Then Click "read device", it should look like the picture below. Then hit "Save".
View attachment 3048835
You now have a Note-4 PIT, and map. Ready to backup aboot and boot, just press "Manage" then "refresh". Now your new pit should be visible under "manage drop down".
From the drop down find your device, and "select" it.
View attachment 3048845
"Deselect all", then tic aboot and boot only (You don't want to save all in one zip, it's Gigs, and will take forever, and most likely choke on it's self later you can go back and save the other partitions that aren't backed up by TWRP).
Then click "backup", when it's done you should now have an efsprofessional folder on your internal SD, and on your computer that contains a TAR of aboot and boot.
View attachment 3048866
Now is the time to donate to Liquid Perfection, or a least go back to his OP and hit the thanks button.
This is a ruff work in progress, but it's getting late, so check back for typos, correction, and updates. Please post your results good, or bad to this thread.
THANKS!
Click to expand...
Click to collapse
This is great work. Thanks so much. We've already seen a couple of our fellow Note 4 DE owners need a aboot backup to restore their unlocked bootloader. This is a must for any DE owner. It's like an insurance policy.
How do you restore?
Once you use the dd command in terminal emulator or in adb, or once you have an efs-professional backup of your aboot, so you have an aboot.mbn or aboot.bak, how do you restore it if you have inadvertently, let's say, flashed a retail edition aboot by flashing a retail full tar file from Odin for instance? I bought a Note 3 DE last year, and I made a copy of my aboot as soon as I got it, using the dd command, the file is about 2mb, but so far I don't know how to restore it if it does get the retail aboot installed on it by accident. Could you please shed some light on the restoration procedure as well?
Also, I know if you backup your /efs partition on twrp, it can't be restored if you mess it up, supposedly that's what makes the phone tick and gives it its identity, I have read about a few people on this forum that accidentally deleted their /efs partition and their phone never worked right after that, like their unlock screen wouldn't work and a lot of other stuff was messed up, as they described. If you make a /efs backup with efs-professional, could it be restored correctly if the /efs partition gets corrupted by accident? I don't really know why anyone would need to delete that partition, but I think some rom or modem update procedure did it, but just in case it happens.
Thank you for the great work and tutorial
newuser134 said:
Once you use the dd command in terminal emulator or in adb, or once you have an efs-professional backup of your aboot, so you have an aboot.mbn or aboot.bak, how do you restore it if you have inadvertently, let's say, flashed a retail edition aboot by flashing a retail full tar file from Odin for instance? I bought a Note 3 DE last year, and I made a copy of my aboot as soon as I got it, using the dd command, the file is about 2mb, but so far I don't know how to restore it if it does get the retail aboot installed on it by accident. Could you please shed some light on the restoration procedure as well?
Click to expand...
Click to collapse
Hopefully no one will have to be the Guinea Pig, and restore a corrupted aboot from accidentally flashing a retail TAR on their DE. As far as I know only one guy has tried aboot restore successfully, with big help from a dev who made his prior saved aboot flashable.
As far as I know aboot restore is untested with efsprofessional, I have successfully restored other partitions using efspro on my note-3 DE.
Unfortunately every DE version that has been released has had several folks overwrite aboot; accidentally, or in desperation flash retail Tars, by themselves, by Samsung service center, or at a retail store kiosk, like bestbuy.
Your DE warranty, and insurance is your backups. Samsung won't fix your corrupted system, if they do (only if no knox trip 0x0), you will receive your phone with a retail image put on it. Having an aboot backup could possibly bring it back to DE.
newuser134 said:
Also, I know if you backup your /efs partition on twrp, it can't be restored if you mess it up, supposedly that's what makes the phone tick and gives it its identity, I have read about a few people on this forum that accidentally deleted their /efs partition and their phone never worked right after that, like their unlock screen wouldn't work and a lot of other stuff was messed up, as they described. If you make a /efs backup with efs-professional, could it be restored correctly if the /efs partition gets corrupted by accident? I don't really know why anyone would need to delete that partition, but I think some rom or modem update procedure did it, but just in case it happens.
Click to expand...
Click to collapse
Been there done that, Most of the guys that had efs messed up on Note-3 DE, including myself, we used the first T-mobile TWRP version that didn't backup the right efs partition, upon TWRP restore we had major problems, some of us compounded the problems, me too TWRP was quickly updated, and a few of us figured out ways to rebuilt /efs.
"What I learned was backup your backup, then back that up too" I do complete TWRP backup as soon as rooted, DD of all partitions, then backup all partitions, except a few huge partitions using efspro.
newuser134 said:
Thank you for the great work and tutorial
Click to expand...
Click to collapse
Thanks WIP, hope to add soon "copy and paste" scripts for all the partitions.
Thanks for the instructions. I hope to never need it, but I will follow this procedure just to be on the safe side.
Doesn't TWRP handle this by ticking on the EFS checkbox when making a backup?
solidunit said:
Doesn't TWRP handle this by ticking on the EFS checkbox when making a backup?
Click to expand...
Click to collapse
TWRP does backup EFS, but not aboot, or a handful of other partitions. EFS pro can backup all partitions.
radionerd said:
Type in the File name, display name, and description. I typed "note-4".
Then Click "read device", it should look like the picture below. Then hit "Save".
View attachment 3048835
Click to expand...
Click to collapse
When I get to the "read device" step I get an error saying it cannot find the pit file in the EFS folder. What am I missing? Thanks
tfly212 said:
When I get to the "read device" step I get an error saying it cannot find the pit file in the EFS folder. What am I missing? Thanks
Click to expand...
Click to collapse
Did you click on the Manage box and select "create new"
Then read device
Then name note-4 on device name, display name, and description, then click save
go back to manage, click refresh
Then go to device filters, find your note 4
de-select all, then select aboot
Then click backup.
Now you should have a "double zipped" file of aboot in your computer efsprofessional folder, and on your sdcard.
Attached a few pictures from my note 3
radionerd said:
Did you click on the device filter box "v" and select "create new"
Then read
Click to expand...
Click to collapse
I did not the first time...but once I did it worked perfectly, thank you. I didn't think to click the dropdown as I knew Note 4 wasn't going to be on there. Might want to add that line to the instructions in case anyone else runs into the same issue.
All good now...going to donate to the dev tonight.
tfly212 said:
I did not the first time...but once I did it worked perfectly, thank you. I didn't think to click the dropdown as I knew Note 4 wasn't going to be on there. Might want to add that line to the instructions in case anyone else runs into the same issue.
All good now...going to donate to the dev tonight.
Click to expand...
Click to collapse
Great!
I will go look at the wording of the OP
tfly212 said:
I did not the first time...but once I did it worked perfectly, thank you. I didn't think to click the dropdown as I knew Note 4 wasn't going to be on there. Might want to add that line to the instructions in case anyone else runs into the same issue.
All good now...going to donate to the dev tonight.
Click to expand...
Click to collapse
Buy him some nappies for his kid
Thanks man,
I updated my OP with 27 8"x10" color glossy photos with circles and arrows
radionerd said:
Buy him some nappies for his kid
Thanks man,
I updated my OP with 27 8"x10" color glossy photos with circles and arrows
Click to expand...
Click to collapse
Will do...I have a little one also, and while a beer sounds better, the way they go through diapers is staggering.
How do I find my computers RSA key? I am on windows 8.1?
texasez said:
How do I find my computers RSA key? I am on windows 8.1?
Click to expand...
Click to collapse
You don't need to know the computer's RSA key, The RSA pop-up comes up on your phone when entering ADB mode. The key is in the pop-up, Just grant access.
Is the "sbl1bak" a backup of the "sbl1" ????????
larrycjr said:
Is the "sbl1bak" a backup of the "sbl1" ????????
Click to expand...
Click to collapse
Yup,
However sb1bak is empty on my note 4
Easy look at Note 4 partition Mounts by-name (trltevzw)
aboot -> /dev/block/mmcblk0p7 (2048KB)
apnhlos -> /dev/block/mmcblk0p1
boot -> /dev/block/mmcblk0p17
cache -> /dev/block/mmcblk0p25
carrier -> /dev/block/mmcblk0p26
dbi -> /dev/block/mmcblk0p5
ddr -> /dev/block/mmcblk0p6
efs -> /dev/block/mmcblk0p13
fota -> /dev/block/mmcblk0p19
mdm1m9kefs1 -> /dev/block/mmcblk0p14
mdm1m9kefs2 -> /dev/block/mmcblk0p15
mdm1m9kefs3 -> /dev/block/mmcblk0p10
mdm1m9kefsc -> /dev/block/mmcblk0p16
misc -> /dev/block/mmcblk0p20
modem -> /dev/block/mmcblk0p2
pad -> /dev/block/mmcblk0p11
param -> /dev/block/mmcblk0p12
persdata -> /dev/block/mmcblk0p23
persist -> /dev/block/mmcblk0p22
recovery -> /dev/block/mmcblk0p18
rpm -> /dev/block/mmcblk0p8
sbl1 -> /dev/block/mmcblk0p3
sbl1bak -> /dev/block/mmcblk0p4
ssd -> /dev/block/mmcblk0p21
system -> /dev/block/mmcblk0p24
tz -> /dev/block/mmcblk0p9
userdata -> /dev/block/mmcblk0p27
I finally get past the RSA problem by using installer mode on phone but the phone auto changes back to media device and then efs pro does not recognize the phone. I tried camera (ptp) mode but it will not go past pressing the device info button on efs pro. How do I make the phone stay in installer mode. I keep getting popups wanting me to install the verizon software but I did not install.
How do I keep the installer mode active?
Your obviously on the dev edition?? Correct? If so if it's not to much to ask will you send me a copy of your sbl1. Please.
Sent from my SM-N910V
TL;DR ... please skip to the bottom for a step-by-step how-to.
It is still a bit of a mystery on how easy it is for someone to lose their EFS data (including baseband/IMEI). It has happened a few times (judging by the forum activity). Even for more reason, especially since this data cannot be replaced without warranty work, it is always best to protect yourself.
So I took the task of backing up all my partitions (some through TWRP, others through shell/dd), and then pulling the dd'd partitions to my PC. Best practice is to back up everything...there may be something else lost that you may need in the future.
My old theory (based on grep'ping the images) targeted p16 and p18. According to /dev/block/by-name, mmcblk0p16 translates to the APD partition (which is related to the demo program), and mmcblk0p18 the system partition ...
Code:
lrwxrwxrwx root root 2015-07-07 16:40 ADF -> /dev/block/mmcblk0p17
lrwxrwxrwx root root 2015-07-07 16:40 APD -> /dev/block/mmcblk0p16
lrwxrwxrwx root root 2015-07-07 16:40 boot -> /dev/block/mmcblk0p1
lrwxrwxrwx root root 2015-07-07 16:40 boot-one-shot -> /dev/block/mmcblk0p5
lrwxrwxrwx root root 2015-07-07 16:40 cache -> /dev/block/mmcblk0p15
lrwxrwxrwx root root 2015-07-07 16:40 config -> /dev/block/mmcblk0p14
lrwxrwxrwx root root 2015-07-07 16:40 data -> /dev/block/mmcblk0p19
lrwxrwxrwx root root 2015-07-07 16:40 factory -> /dev/block/mmcblk0p12
lrwxrwxrwx root root 2015-07-07 16:40 fastboot -> /dev/block/mmcblk0p3
lrwxrwxrwx root root 2015-07-07 16:40 misc -> /dev/block/mmcblk0p13
lrwxrwxrwx root root 2015-07-07 16:40 panic -> /dev/block/mmcblk0p11
lrwxrwxrwx root root 2015-07-07 16:40 persistent -> /dev/block/mmcblk0p9
lrwxrwxrwx root root 2015-07-07 16:40 ramdump -> /dev/block/mmcblk0p6
lrwxrwxrwx root root 2015-07-07 16:40 recovery -> /dev/block/mmcblk0p2
lrwxrwxrwx root root 2015-07-07 16:40 reserved -> /dev/block/mmcblk0p10
lrwxrwxrwx root root 2015-07-07 16:40 silentlake -> /dev/block/mmcblk0p7
lrwxrwxrwx root root 2015-07-07 16:40 splashscreen -> /dev/block/mmcblk0p4
lrwxrwxrwx root root 2015-07-07 16:40 system -> /dev/block/mmcblk0p18
lrwxrwxrwx root root 2015-07-07 16:40 userkeystore -> /dev/block/mmcblk0p8
...however, the location within system is elusive (no common files between the search terms, except "/system/usr/srec/en-US/hmm_symbols", which doesn't seem to count)...
...please note, I have redacted my IMEI segments for protection.
Code:
[email protected]:~/Build/ArchiKitchen-master/PROJECT_070815_181336$ grep -c -r -a abcd * | grep -v :0
system/lib/arm/libcrypto.so:1
system/lib/libstagefright.so:1
system/lib/libcrypto.so:1
system/tts/lang_pico/en-GB_kh0_sg.bin:1
system/tts/lang_pico/es-ES_zl0_sg.bin:1
system/app/ASUSBrowser/ASUSBrowser.apk:2
system/app/LiveWallpapers/LiveWallpapers.apk:1
system/priv-app/GmsCore/lib/x86/libsslwrapper_jni.so:1
system/priv-app/FileManager2/x86/FileManager2.odex:1
system/priv-app/AsusZenUIServices/x86/AsusZenUIServices.odex:1
system/usr/icu/icudt53l.dat:1
system/usr/srec/en-US/hmm_symbols:1
system/usr/xt9/databases/ldb/ZHsbUNps_GB18030_xt9_big.ldb:1
system/bin/wpa_supplicant:1
system/bin/hostapd:1
[email protected]:~/Build/ArchiKitchen-master/PROJECT_070815_181336$ grep -c -r -a efgh * | grep -v :0
system/etc/security/cacerts/ccc52f49.0:1
system/etc/catalog/V1_7260/audiocomms_config/parameter-framework/Settings/Audio/AudioConfigurableDomains.xml:35
system/etc/catalog/V1_DSDA/audiocomms_config/parameter-framework/Settings/Audio/AudioConfigurableDomains.xml:29
system/framework/x86/boot.oat:1
system/usr/srec/en-US/hmm_symbols:1
system/usr/xt9/databases/ldb/ENubUN_xt9.ldb:1
system/usr/xt9/databases/ldb/ESusUN_xt9.ldb:1
system/vendor/lib/libWVStreamControlAPI_L1.so:1
[email protected]:~/Build/ArchiKitchen-master/PROJECT_070815_181336$ grep -c -r -a ijkl * | grep -v :0
system/etc/security/cacerts/d16a5865.0:2
system/tts/lang_pico/en-GB_kh0_sg.bin:1
system/app/MYuppyHK_Medium/MYuppyHK_Medium.apk:6
system/app/YouTube/YouTube.apk:1
system/app/Newsstand/x86/Newsstand.odex:1
system/usr/srec/en-US/hmm_symbols:1
system/usr/xt9/databases/ldb/ITusUN_xt9.ldb:1
[email protected]:~/Build/ArchiKitchen-master/PROJECT_070815_181336$
Just recently, user noviardi did a real world test with two devices...one with a working baseband, the other with a borked EFS. Noviardi managed to get device number two working by cloning p14 (also known as the config partition). Please note there are consequences, that with this solution, only one device can be "online" at a time, or the functioning IMEI will get blacklisted (then neither devices will have cell access). Which is the least of the problems. Hence, why I do not share my EFS data (neither should anyone else), or even snippets.
So, if you want to back up your EFS for personal resuce, your best shot is to back up the mmcblk0p14 / Config partition. But if you are paranoid (like me ), might as well back up everything.
Here's how to do it:
Connect the device to your PC
Turn on USB debugging (if not already)
From your PC, fire up a terminal/command prompt
Type "adb shell" (without the quotes - may need to add "sudo" to the front depending on your situation)
Run these commands:
Code:
su
dd if=/dev/block/mmcblk0p14 of=/storage/MicroSD/mmcblk0p14.img
Repeat the last line for any other partitions to back up (changing both numbers)
Type "exit", press enter (and repeat to close adb shell)
Run the following command:
Code:
adb pull /storage/MicroSD/mmcblk0p14.img .
Repeat for any other partitions to copy to your PC
Close out terminal, unplug USB cable.
Also, there is at least one version of TWRP (TheSSJ's release) that will back up your Config partition for you, as Config is also responsible for connectivity issues (not related to IMEI) switching between ROM's.
Hope this helps on how to protect your IMEI, with a big thanks to noviardi.
Mines showing that too..emei of abcdefgh........and not number sometimes...its weird.
pato2015 said:
Mines showing that too..emei of abcdefgh........and not number sometimes...its weird.
Click to expand...
Click to collapse
I clarified my text above.
I masked my IMEI (with abcd...) in the code boxes as I did not want even part of my IMEI known (for personal security reasons). My actual terminal I used the numbers in groups of four obtained from dialing *#06#.
If you are getting letters after dialing *#06#, I must ask - can you dial out? Did you do any modifications to the phone since you got it (e.g. root, unlock bootloader, etc)?
joel.maxuel said:
I clarified my text above.
I masked my IMEI (with abcd...) in the code boxes as I did not want even part of my IMEI known (for personal security reasons). My actual terminal I used the numbers in groups of four obtained from dialing *#06#.
If you are getting letters after dialing *#06#, I must ask - can you dial out? Did you do any modifications to the phone since you got it (e.g. root, unlock bootloader, etc)?
Click to expand...
Click to collapse
Im still on stock due , i join the asus beta program on going ....change imei only appears abcd change imei only appears during when im on recovery mode...when pound number sign asterisk it imei appears the original imei on my side.
pato2015 said:
Im still on stock due , i join the asus beta program on going ....change imei only appears abcd change imei only appears during when im on recovery mode...when pound number sign asterisk it imei appears the original imei on my side.
Click to expand...
Click to collapse
Doesn't sound corrupted then, just boatloader is being protective.
Or at worst, bug in boatloader.
Sent from my ASUS ZenFone 2
I haven't heard of any easier way or any potential issues, but as always, better safe than sorry with this stuff .
Hi,
I tried to copy the blocks from a terminal emulator on the device itself, and it took a long time and I cancelled it. How big are the blocks, and how long should the copy take?
BobboVilla said:
Hi,
I tried to copy the blocks from a terminal emulator on the device itself, and it took a long time and I cancelled it. How big are the blocks, and how long should the copy take?
Click to expand...
Click to collapse
mmcblk0p16 is about 300MB, so will take a couple minutes (one to dd it, the other to adb pull it). mmcblk0p18 (which I don't think carries EFS as I was able to grep the individual files in the system partition and no common files came up) is ~2.3GB and will (probably) take over 10 minutes.
Also, my procedure above assumes you have a MicroSD card inserted. Don't know the outcome if one ran the commands without one (probably an out of space error).
joel.maxuel said:
mmcblk0p16 is about 300MB, so will take a couple minutes (one to dd it, the other to adb pull it). mmcblk0p18 (which I don't think carries EFS as I was able to grep the individual files in the system partition and no common files came up) is ~2.3GB and will (probably) take over 10 minutes.
Also, my procedure above assumes you have a MicroSD card inserted. Don't know the outcome if one ran the commands without one (probably an out of space error).
Click to expand...
Click to collapse
Thanks. Although I'm not an android developer, I am a programmer, so I can understand code/scripting, and I realized that the command assumed I had an SD card .
I'll do it again and this time let it finish .
mmmm i tried this procedure (also used for oneplus one) and works well.
Type "adb shell" (without the quotes - may need to add "sudo" to the front depending on your situation)
Run these commands for backup efs:
su
dd if=/dev/block/mmcblk0p10 of=/sdcard/modemst1.bin bs=512
dd if=/dev/block/mmcblk0p11 of=/sdcard/modemst2.bin bs=512
Modemst1.bin and Modemst2.bin are saved in internal storage
for restore use fastboot
fastboot flash modemst1 modemst1.bin
fastboot flash modemst2 modemst2.bin
Bye.
fosseperme said:
mmmm i tried this procedure (also used for oneplus one) and works well.
Type "adb shell" (without the quotes - may need to add "sudo" to the front depending on your situation)
Run these commands for backup efs:
su
dd if=/dev/block/mmcblk0p10 of=/sdcard/modemst1.bin bs=512
dd if=/dev/block/mmcblk0p11 of=/sdcard/modemst2.bin bs=512
Modemst1.bin and Modemst2.bin are saved in internal storage
for restore use fastboot
fastboot flash modemst1 modemst1.bin
fastboot flash modemst2 modemst2.bin
Bye.
Click to expand...
Click to collapse
Keep in mind that procedure backs up "reserved" and "panic" for this device, as this one does not have modemst1/2 partitions.
It is still a hunting match.
Sent from my ASUS_Z00AD
if I could get a copy of mmcblk0p16 ? whether it is contained individual device's IMEI number ?
omgwtf19924 said:
if I could get a copy of mmcblk0p16 ? whether it is contained individual device's IMEI number ?
Click to expand...
Click to collapse
I wouldn't recommend that. Because it is the phone's unique identity like someone's fingerprints, services like cell providers will have difficulty distinguishing one from the other, and I think the policy in that case is to shut both devices down (blacklist the IMEI). So now, you would have two unusable devices.
I got your PM also, reconstructing that partition (that is your EFS) is a taboo topic, mostly because it is illegal in many countries. I wouldn't recommend that either.
Best course of action is servicing. Even if you voided your warranty, ASUS won't say no, it's just be prepared to pay (more). Of course, in this case you could pretend the warranty is still good, go back to unrooted stock, and play unaware...
Just curious, how did you hurt your IMEI? Just to see if there is a pattern of events that can cause that (and ultimately be prevented for someone else).
This happened so that, for some time I could not enter into a standard recovery, update your phone through the built-in program ended in failure, and at the entrance to recovery tried to update the phone and soon jumped mistake. Restore factory settings did not help, full unroot nothing distance, upload the new system did not help ... at the end I installed a temporary CWM used for root and reformatted /factory , /config, /cache, /ADP, /ADF and probably in one of them sat a match for IMEI ... oh well, I contacted ASUS service center and wait for a response. Currently, it is not detected SIM1 and SIM2 work and logs on to the network, both have the same IMEI and should have separate.
EDIT: Phone service reported to ASUS, after returning once the makings copies of files on the future ...
efs problem....help
i lost my asus zenfone 2 ze550ml's efs file so its showing only one dummy imei number,
But i have system backup which i took using temporary recovery
tell me if there is a way to recover efs from system backup?
thanks.
i havnt unlocked bootloader yet!
psurve01 said:
i lost my asus zenfone 2 ze550ml's efs file so its showing only one dummy imei number,
But i have system backup which i took using temporary recovery
tell me if there is a way to recover efs from system backup?
thanks.
i havnt unlocked bootloader yet!
Click to expand...
Click to collapse
I'm pretty sure it's the APD (mmcblk0p16) partition at this point.
You can try to restore system, I just don't think it would be fruitful.
Always curious with this sort of thing, what (do you think) happened that you lost your EFS?
The actual partition that keep imei is on mmcblk0p14 named Config
i got 2 phone with one dead baseband chip to tried out.
the mmcblk0p16 that you mention doesn't contain imei at all..
best luck
noviardi said:
The actual partition that keep imei is on mmcblk0p14 named Config
i got 2 phone with one dead baseband chip to tried out.
the mmcblk0p16 that you mention doesn't contain imei at all..
best luck
Click to expand...
Click to collapse
I was considering this one a while back. There was just no search matches to back that theory up.
If you have successfully revived one EFS with the partition (#14) from the other device, that not only makes sense with the problems I have had with config in the past, also means we have something more solid to go by than just block searches.
Will update in a little bit, with attribution. Thanks!
OfficerJimLahey said:
I was considering this one a while back. There was just no search matches to back that theory up.
If you have successfully revived one EFS with the partition (#14) from the other device, that not only makes sense with the problems I have had with config in the past, also means we have something more solid to go by than just block searches.
Will update in a little bit, with attribution. Thanks!
Click to expand...
Click to collapse
yes sir.
as we now confirmed that the imei is containing in the #14..
let hope some expert will extract the importance imei from that 64mb partition..
the backup command should be
adb shell
su
dd if=/dev/block/mmcblk0p14 of=/storage/MicroSD/mmcblk0p14.img
and restore whole 14 partition from the adb shell
with this command
adb shell
su
dd if=/storage/MicroSD/mmcblk0p14.img of=/dev/block/mmcblk0p14
Recently I tried to root the phone and successfully did it via CWM Temporary Recovery.
I used Exposed Framework, Intelli3G module, greenify etc. My phone was running well except I needed to turn flight mode on and off each time after booting or restarting my phone to get network on sim 1. But it was going well until one day when there was a new OTA update available. I just had forgotten the issue of OTA update on a rooted device.
After updating my rooted device it went into bootlops. I am not so geeky so I was looking for a solution. Then I restored a previous NANDROID backup via CWM but the it was showing error after restoration when the device rebooted.
So then again I went to CWM recovery mode and FORMATTED ALL THE PARTITIONS INCLUDING EFSthen I flashed some downgraded recovery.img, droidboot.img etc and updated my phone with the lattest official stock firmware via CWM
I was lucky to unbrick my phone as it started well
But then the real problem started
THERE'S NO NETWORK ON SIM 1
I reflashed my phone but it was same then I took it to a servicing store they said I have IMEI problem in my phone, the phone is now in the servicing shop,
Isn't there any way to restore my imei???
How about Zenfone Rescue tool kit(by Aztech)??
Hello,
I managed to break my fingerprint reader. I don't think the problem is my /persist because all sensors work fine. But unfortunately, I had never backed up the rest of the sensitive partitions: vbmeta, vbmeta_system, keystore, keymaster, odm, core_nhlos, secdata, abl, cmnlib, cmnlib64, devcfg, dsp, hyp, xbl, xbl_config, tz, rpm, aging, aging_mod.
Could someone on a TMO 7t Pro 5G McLaren (with a working fingerprint reader preferably running the latest 10.0.35 software, please pull and post these partition img files? If you don't know how, it's very simple, please ask.
I point to this because my previous phone, Essential PH1, had similar issues, but at least Essential had posted all of the firmware images on their website every month, and flashing the above partitions would fix it. 1+ doesn't provide anything and even the MSM doesn't restore all of these partitions.
Thanks so very very much in advance!
Edit: If possible, could one extract all partition img files from 10.0.35 in addition to those requested above?
EDIT2: ODM partition has 1st priority for anyone who can help.
Edit3: odm is fine. After looking through some logs,
I need keystore, keymaster (_a or _b, whichever is your current slot), vbmeta (a or b), and vbmeta_system (a or b). None are very large I think.
You're making me want a backup. I thought MSM was supposed to be that for us. Irritating.
A couple of those look like they could have sensitive data. Anyone know of a reason not to post them? Looks like they are all available via /dev/block..
ttabbal said:
You're making me want a backup. I thought MSM was supposed to be that for us. Irritating.
A couple of those look like they could have sensitive data. Anyone know of a reason not to post them? Looks like they are all available via /dev/block..
Click to expand...
Click to collapse
If you don't already have a backup of every partition, please please please do so urgently. Or an RMA will most likely be in your future. That should be in huge bold print with a link to instructions at the very top of the root and bootloader unlock threads.
I've never had a device with these issues before. It's starting to get ridiculous.
Edit: If you didn't take backups before unlocking the bootloader, Widevine L1 support (being able to watch Netflix in HD instead of 480p crap on our giant beautiful screens) is lost forever (except for RMA). And just flashing a "bad" canary version of magisk was enough to kill the fingerprint sensor. Of course I didn't learn any of this until it was too late.
MSM will get your phone back to life but not fully heal it. Basically all the MSM is guaranteed to do is get the phone to boot. No sensors, no fingerprint, no Widevine L1, no IMEI and wifi Mac address fix (if one is really screwed). And 1+ didn't take any measures to protect the sensitive partitions once bootloader is unlocked. It's all just a clusterf**k
Same issues on 7T and 8 and 8pro if that makes you feel any better ¯\_(ツ)_/¯
Well, that's irritating. WTF wouldn't you have a recovery tool for all those? Interestingly, I don't seem to have odm in there at all. Ah, scratch that, it's in /dev/block/mapper and there are 3. _a, _b, -verity.
It's rpm I don't seem to have. 10.0.35.
ttabbal said:
Well, that's irritating. WTF wouldn't you have a recovery tool for all those? Interestingly, I don't seem to have odm in there at all. Ah, scratch that, it's in /dev/block/mapper and there are 3. _a, _b, -verity.
It's rpm I don't seem to have. 10.0.35.
Click to expand...
Click to collapse
Yeah, system, vendor, product, and odm are stored in super.img on Android 10. But u found it. Find out what slot you are on, running 10.0.35, and you'd want the _a or _b files that match your current slot.
ttabbal said:
Well, that's irritating. WTF wouldn't you have a recovery tool for all those? Interestingly, I don't seem to have odm in there at all. Ah, scratch that, it's in /dev/block/mapper and there are 3. _a, _b, -verity.
It's rpm I don't seem to have. 10.0.35.
Click to expand...
Click to collapse
I think you are right. Rpm doesn't exist possibly on this phone. Don't have time to research right now.
But I noticed in /dev/block/mapper, I only have _a and _b. No -verity file. For system, vendor, odm, nor product. Could you post the -verity file(s)?
What files/file sizes do you have in /odm/ ?
starcms said:
I think you are right. Rpm doesn't exist possibly on this phone. Don't have time to research right now.
But I noticed in /dev/block/mapper, I only have _a and _b. No -verity file. For system, vendor, odm, nor product. Could you post the -verity file(s)?
What files/file sizes do you have in /odm/ ?
Click to expand...
Click to collapse
Doesn't look really interesting to me, but here's the ls output.
Code:
OnePlus7TProNR:/sdcard/img # ls -l /odm
total 20
drwxr-xr-x 4 root root 4096 2008-12-31 17:00 etc
drwx------ 2 root root 16384 2008-12-31 17:00 lost+found
OnePlus7TProNR:/sdcard/img # ls -l /odm/etc
total 12
-rw------- 1 root root 2735 2008-12-31 17:00 build.prop
-r--r--r-- 1 root root 0 2008-12-31 17:00 fs_config_dirs
-r--r--r-- 1 root root 0 2008-12-31 17:00 fs_config_files
drwxr-xr-x 2 root root 4096 2008-12-31 17:00 selinux
drwxr-xr-x 2 root root 4096 2008-12-31 17:00 vintf
OnePlus7TProNR:/sdcard/img # ls -l /odm/etc/selinux/
total 728
-rw-r--r-- 1 root root 733547 2008-12-31 17:00 precompiled_sepolicy
-rw-r--r-- 1 root root 65 2008-12-31 17:00 precompiled_sepolicy.plat_sepolicy_and_mapping.sha256
-rw-r--r-- 1 root root 65 2008-12-31 17:00 precompiled_sepolicy.product_sepolicy_and_mapping.sha256
OnePlus7TProNR:/sdcard/img # ls -l /odm/etc/vintf/
total 16
-rw-r--r-- 1 root root 5300 2008-12-31 17:00 manifest.xml
-rw-r--r-- 1 root root 1369 2008-12-31 17:00 manifest_ese.xml
-rw-r--r-- 1 root root 622 2008-12-31 17:00 manifest_noese.xml
I can try, but my upstream sucks. It might be faster for someone else to grab them.
-rw-r--r-- 1 travis travis 816K Jun 4 15:40 img/odm-verity.img
-rw-r--r-- 1 travis travis 1.3G Jun 4 15:41 img/product-verity.img
-rw-r--r-- 1 travis travis 2.2G Jun 4 15:40 img/system_root-verity.img
-rw-r--r-- 1 travis travis 884M Jun 4 15:43 img/vendor-verity.img
After looking through some logs, you can ignore most of that.
I need keystore, keymaster (_a or _b, whichever is your current slot), vbmeta (a or b), and vbmeta_system (a or b). None are very large I think.
Thanks for all of your time @ttabbal. Sorry if I'm driving you crazy Been driving myself crazy trying to fix this for 2 weeks now lol
My /odm seems to be fine. Matches yours. I was mainly concerned about those 2 files with 0 size. But I don't have any of the -verity.imgs from /dev/block/mapper. I'm pretty sure they are supposed to be created and mounted at boot (from super.img and by verity/vbmeta). I'm hoping those 2 vbmeta partitions will fix things up. If not, then I'll try keystore and keymaster. And then I'll have to send it in...
Edit:. Just curious, I'm assuming you are bootloader unlocked and running Magisk? Just confirming since you have those -verity.imgs
ok.. Hope it helps.
https://drive.google.com/file/d/1a9FTbvdEM2n12wjc4SL7kNMu3SAtfuAY/view?usp=sharing
https://drive.google.com/file/d/15Ssumik6iMY7kWgldHfFajsbyNdh9aTz/view?usp=sharing
Yes, I am unlocked and rooted with Magisk.
ttabbal said:
ok.. Hope it helps.
https://drive.google.com/file/d/1a9FTbvdEM2n12wjc4SL7kNMu3SAtfuAY/view?usp=sharing
https://drive.google.com/file/d/15Ssumik6iMY7kWgldHfFajsbyNdh9aTz/view?usp=sharing
Yes, I am unlocked and rooted with Magisk.
Click to expand...
Click to collapse
Well, not exactly lol.
Flashed your two images via fastboot, still broken fingerprint and still missing -verity files from /dev/block/mapper/ , went to flash my backups of vbmeta and vbmeta_system via fastboot, got into a bootloop, and after a couple hours of screwing with it, finally got back where I started from...except using your images.
I don't understand. vbmeta and vbmeta_system are NOT device specific. One from my phone, one from your phone, one from anyone's phone running 10.0.35 should be exactly the same.
What exact method did you use to pull the images? dd to a tmp dir on device and then adb pull img? dd directly to computer? or adb pull the partitions themselves direct to computer? Shouldn't all 3 methods return the same results?
I swear, after the RMA I really don't know if I am going to risk unlocking the bootloader again (this is coming from someone who has had s-off/bootloader unlock/root/su/Magisk on every single android device ever owned over the past 10 years...without ever having any problem I couldn't fix by myself)
It should all be the same img, but I did "dd bs=1M if=/dev/<partition> of=/sdcard/img/" and adb pull them to the computer. Pretty much the same dd command I use for most image work. I am on 10.0.35.
One of the biggest reasons I gave this device a shot was the ability to reflash back to stock. Now I hear that doesn't work. That's really annoying. This is something Oneplus should just provide as a backup. They don't even have to keep it up to date. We can OTA our way to the latest. They have to have something like that to flash the phones before shipping them out. I guess they could flash to storage chips before installing them on the PCBs.
I was also hoping to see some development, I didn't realize that the A/B thing or A10 was going to cause so many problems. Not the devs fault, just one more thing to shake my head at. Sadly, I think root stuff is going to start phasing out. I don't mind no support for modified software, but I hate that I don't own my devices.
ttabbal said:
It should all be the same img, but I did "dd bs=1M if=/dev/<partition> of=/sdcard/img/" and adb pull them to the computer. Pretty much the same dd command I use for most image work. I am on 10.0.35.
One of the biggest reasons I gave this device a shot was the ability to reflash back to stock. Now I hear that doesn't work. That's really annoying. This is something Oneplus should just provide as a backup. They don't even have to keep it up to date. We can OTA our way to the latest. They have to have something like that to flash the phones before shipping them out. I guess they could flash to storage chips before installing them on the PCBs.
I was also hoping to see some development, I didn't realize that the A/B thing or A10 was going to cause so many problems. Not the devs fault, just one more thing to shake my head at. Sadly, I think root stuff is going to start phasing out. I don't mind no support for modified software, but I hate that I don't own my devices.
Click to expand...
Click to collapse
What is the need or result of the "bs=1M" in the command? I've never seen that before in other threads. I'm assuming it means block size equal to 1MB. Is that definitely required to get a good pull? Same bs for any/all partitions?
If you have persist and both EFS images backed up, you should be okay. The MSM tool can restore I think everything else. I'd keep a backup especially of any partitions that don't end in _a or _b. The MSM tool definitely takes care of the rest (those ending in _a and _b). I just hate using it because there's no way to make it not wipe userdata. And without being able to make a nandroid backup due to no fully working twrp due to A10, it's just a giant pain.
And unfortunately we can't just OTA our way to the latest, at least not by manually downloading an OTA from 1+. Only way to update is with a real OTA update from T-Mobile.
The A/B partitioning isn't the problem with development. That's been around since Android 7 or 8. It's the new dynamic partitioning format that all phones that launch with Android 10 (or newer) have. Even the Pixel 4 doesn't have fully working twrp yet. It's coming soon though...
Edit: Also, for the dd commands, did you use /dev/block/actual_partition or /dev/block/by-name/friendly_name_of_partition? Again, should it really make a difference?
Edit2: All of these issues have a root cause from Android 10. The new required partitioning system for any phones that launch with it. That's why unlocking the bootloader wipes reserve.img. Because it's in userdata (cause of A10) and 1+ forgot about that and didn't rewrite the algorithm used when the bootloader is unlocked. It's also their negligence (combined with A10) which causes persist (and other key partitions) to become so easily corrupted. Virtually all devices launched since Android 7 use "fastboot flashing unlock" and then "fastboot flashing unlock_critical" to allow changes to device specific partitions. For some reason 1+ still is using the antiquated "fastboot oem unlock" command which unlocks literally everything, even some stuff that unlock_critical doesn't, and which in the old days, didn't matter. A10 especially should not ever be used with fastboot oem unlock. Google says so lol.
If it makes you feel better, this isn't unique to this phone. It's a problem on every device 1+ has launched with A10 and still is (OP7T/TPro/OP8/Pro). Because of A10 partitioning combined with the use of an antiquated bootloader that only supports "fastboot oem unlock"
The block size doesn't matter for the pull and doesn't change the image at all. It just reads in chunks, making it faster.
Yes, I used by-name and it shouldn't matter if you use that or the sd# names.
It's your persist and it's unique. The rest of your sensors won't care. If you didn't back it up, you're screwed. An MSM restore doesn't fix this.
LLStarks said:
It's your persist and it's unique. The rest of your sensors won't care. If you didn't back it up, you're screwed. An MSM restore doesn't fix this.
Click to expand...
Click to collapse
The issue is I had a backup of my unique persist. And restoring it doesn't fix the dang fingerprint. That's why I was thinking the issue had to be elsewhere
Hello.
I have an old Samsung GT-I9060 (not sure if I should name it “Galaxy Grand Neo” or “Galaxy Grand Lite”) ; this is definitively not a ”Samsung Galaxy Grand Neo Plus”, but no such thread like ”Samsung Galaxy Grand Neo/Lite” without “Plus” seems to exist here.
I am trying to explore it using tools like adb or heimdall, I have Windows (10, 8, 7 , Vista and XP) AND Linux (Debian) computers in order to do this. Also Android Studio on Windows but I'm quite beginning on it, I'm more used on Microsoft Visual Studio and web languages.
I would like to understand how it works if I want to root it, or if I try to create my own firmware, either from existing ones or even eventually from source code.
I would like to avoid using any existing hack without completely understand any underlying handling.
So I got the corresponding stock firmware, and tried to explore it (by un-tarring in a Linux environment).
As a result, I get the following files :
total 1458620
-rw-r--r-- 1 root root 18087936 1970-01-01 01:00:00 BcmCP.img
-rw-r--r-- 1 root root 5472768 1970-01-01 01:00:00 boot.img
-rw-r--r-- 1 root root 30626024 1970-01-01 01:00:00 cache.img
-rw-r--r-- 1 root root 2440 1970-01-01 01:00:00 dt-blob
-rw-r--r-- 1 root root 7430328 1970-01-01 01:00:00 hidden.img
-rw-r--r-- 1 root root 614400 1970-01-01 01:00:00 param.lfs
-rw-r--r-- 1 root root 6935040 1970-01-01 01:00:00 recovery.img
-rw-r--r-- 1 root root 645244 1970-01-01 01:00:00 sboot.bin
-rw-r--r-- 1 root root 1422287488 1970-01-01 01:00:00 system.img
Click to expand...
Click to collapse
Now I would like to understand all of them.
I can find utilities for going deeper and explore inside most .img files for example.
But one of the most mystifying seems to be BcmCP.img. Googling it doesn't help me.
What is exactly in this file ?
Getting and analyzing the PIT using heimdall, I can see it is likely a partition contents.
But I can't identify any filesystem.
How can I go deeper into this ?
Gingko