-Found this little gem posted in this thread, located under the AT&T Samsung Galaxy S II Android Development Forum. So I decided to installed it on my phone and SURPRISE SURPRISE, turns out it works great on our Epic Touch 4G too !
-Anyways, you can follow the instructions which I've quoted right below, and they are also found in the link above. This installation/setup takes all but 5-10minutes if not less!!! Hardest part, if you wanna call it that(its really just the longest part), is downloading the required files. Once you've downloaded all 10 7zip files into a single location, just open ONE OF THEM and extract it by double clicking it and then dragging the bt.img file to your computer. AND you only have to do this to ONE of the downloaded files, no need to open each of them and drag out the bt.img 10 different times, BUT you do need to have all 10 of them copied into the same folder in order for the full image to extract correctly!
-Also, the instructions stated to run the following command:
Code:
su
cd /sdcard/bt
sh installbt.sh
startbt
bt
but they were made for the AT&T version, so on our phones you need to either:
a)copy the bt folder off of /sdcard/external_sd to /sdcard instead; or
b)use the following commands instead:
Code:
su
[B]cd /sdcard/external_sd/bt[/B]
sh installbt.sh
startbt
bt
-If you make use of it, please be sure to thank the originator of it, anantshri, on his thread here, and DooMLoRD on his thread here for assisting in porting it over from the Xperia10 to the SGSII! Good things!
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
DooMLoRD said:
\\----[ Announcement ]----//
[12/July/2011] Updated with new package (bt5_sgs2_shell_scripts_v2.zip) containing shell scripts & busybox
//----[ Announcement ]----\\
hi guys DooMLoRD & anantshri present to u:
BACKTRACK 5 on SGS2
all the work was done by anantshri, i mostly assisted by testing it on my SGS2 and modding it slightly so that it will work properly for SGS2... dont forget to thank him!
i will try n keep it short and simple...
for more details u can read the original thread at X10 sub-forums...
[DEV] BACKTRACK 5 on Xperia X10 chroot
[ Screenshots ]
on startup (shell):
in GUI:
phone + BT5 GUI:
[ Requirements ]
rooted device with busybox installed, if u are using CF-root kernel then u already have busybox installed
Some apps from Android Market:
Android Terminal Emulator
androidVNC
[optional] highly recomended keyboard: Hacker's Keyboard
7zip (for PC), for extracting the files
around 3.3 GB free on internal sdcard (/sdcard/)
[ How To : File Setup ]
u need to do this only once
download the files from the links provided in this thread
extract the files using 7zip to a temporary folder (needs 3.3GB free on that drive)
connect ur SGS2 to PC and mount USB storage
create a folder named 'bt' (without quotes) in the root of ur sdcard and copy the bt.img in that folder
also place the file bt5_sgs2_shell_scripts_v2.zip in root of sdcard, this file has to be flashed via recovery
once u verify that the above is correct then un-mount usb storage
reboot into recovery and flash the file bt5_sgs2_shell_scripts_v2.zip stored in root of sdcard (or if u are using CWM app then just select the file for flashing and the app will do the rest )
once ur phone reboots into OS just check the /sdcard/bt folder
final directory structure should look like this:
/sdcard/bt/bt
/sdcard/bt/bt.img
/sdcard/bt/installbt.sh
/sdcard/bt/startbt
/sdcard/bt/stopbt
once u verify that the above is correct then u can proceed
[ How To : Launch BT ]
start Terminal Emulator app on ur SGS2 and enter the following commands step by step (accept/allow any SuperUser request/popup that u may receive)
su
cd /sdcard/bt
sh installbt.sh
startbt
bt
now u are in BackTrack5 shell
to launch GUI (vncserver) enter the following command
ui
now note the number N shown localhost:N
e.g. as u can see from the above image that "New 'X' desktop is localhost:1", so N=1
the vncserver is running at (5900 + N, N=1 ; so server port is 5901)
now launch androidVNC app on phone and fill in the detials as follows
Nick : bt
Address : 127.0.0.1
Port : 5901
Password : 12345678
Username : <leave it blank>
Color Format : 24-bit color (4 bpp)
inside vnc window select input mode (i personally recommend the following)
TouchPad (here your screen works like a big touchpad use it to navigate mouse.)
and then press connect... now u are in BackTrack GUI!
if u want to exit/close BT5 then u need to follow these steps:
close the androidVNC app (Menu -> Disconnect)
go back into Terminal Emulator app and enter the following commands
u should be at this shell [email protected]:~#
killui
exit
now u will get back to this shell> #
now enter the following commands to stop bt and exit
stopbt
exit
exit
u can now exit the Terminal Emulator app
i would also recommend that u reboot ur phone
[ Important Info ]
root password is 12345678
[ Download Links ]
update.zip package containing shell scripts, busybox (which gets installed to temporary location) [to be flashed via recovery]
this will not disturb/conflict with busybox of ur ROM/CF-Root kernel
bt5_sgs2_shell_scripts_v2.zip (~800KB)
main bt.img
these links are 7zip archives split into 50mb files, u will need to download the following:
total size: 486MB
bt.7z.001 (50 MB)
bt.7z.002 (50 MB)
bt.7z.003 (50 MB)
bt.7z.004 (50 MB)
bt.7z.005 (50 MB)
bt.7z.006 (50 MB)
bt.7z.007 (50 MB)
bt.7z.008 (50 MB)
bt.7z.009 (50 MB)
bt.7z.010 (36 MB)
also uploading to mediafire for mirroring...
Mediafire Folder: http://www.mediafire.com/?f9gk3p3t9wip5
md5 hashes:
Code:
bt.7z.001 f19e769bf42b44867c8bb1d9bb9c5d44
bt.7z.002 a4dd26a98d2c6925d871fb108fb5fadb
bt.7z.003 ecca5a5d72c449117b1d3dbc23aeb1a2
bt.7z.004 8ad487a01e4d149f0247ad9288201f32
bt.7z.005 adab9cb3778cd8ac89ccc0e21997c3d7
bt.7z.006 ba6a28de70a1115dc316f45cea508215
bt.7z.007 f59757e891631607e1a35abadb231b3b
bt.7z.008 cdb8c28a1fbd03657bb42e8d69f0600b
bt.7z.009 426d892f872679e3d53d0ebb0376e138
bt.7z.010 c7d2957bc65340d967b9dd3646d7cb39
ENJOY!
Click to expand...
Click to collapse
ScreenShots
does injection and/or wep hacking works?
leond said:
does injection and/or wep hacking works?
Click to expand...
Click to collapse
Unfortunately it does not...I know the main purpose running BackTrack is being able to use its Networking Security Tools, but it is based on Ubuntu Lucid, v10.04 LTS, so you're still able to run a fully functional operating system on your mobile phone! ATM its more of a novelty than a practicality but Im hoping they find a way to turn the tables soon !
Double Post
Triple Post
Nice thanks for trying it and sharing it!
Question the 10 files that you say to download they can not be extracted? i tryed or am i doing it wrong and when i run commands it fails at bt and says chroot cant execute bin/bash no such file or directory help please!
can you still txt and make calls with this?? looks awesome tho
kyhassen said:
can you still txt and make calls with this?? looks awesome tho
Click to expand...
Click to collapse
It side loads it, so you still get all your notifications and phone calls, and if you just hit the home button it'll take you back to the android OS, it doesn't NOT replace it
donnyevo4g said:
Question the 10 files that you say to download they can not be extracted? i tryed or am i doing it wrong and when i run commands it fails at bt and says chroot cant execute bin/bash no such file or directory help please!
Click to expand...
Click to collapse
They ALL have to be downloaded into the same location before you can successful extract it. ie, if you have bt.7z.001 - bt.7z.009 and are missing bt.7z.010, it will not work....did you download and flash the zip? There's more steps than just extracting the bt image(10 7zip files), also just a heads up, when flashing the zip make sure to clear both cache and dalvik, or you may get an installation error...let me know if you need additional help
all ten of the files i downloaded and put into a folder called bt and i flashed the zip and did not get any error message i have 7zip on my pc and it does not even give me the option to extract what am i doing wrong when i right click on the files and go to properties the file type is not a unzippable file
donnyevo4g said:
all ten of the files i downloaded and put into a folder called bt and i flashed the zip and did not get any error message i have 7zip on my pc and it does not even give me the option to extract what am i doing wrong when i right click on the files and go to properties the file type is not a unzippable file
Click to expand...
Click to collapse
Gotcha! wasn't really sure what kind of error you were having but if that is it, all you need to do is double click on any one of the files, I used the bt.7z.001, and when it opens, just drag the bt.img file to your desktop, and let it extract! Its not really a zip so thats why it doesn't have an option to extract it in the menu but again just double click on anyone of them and you'll be all good broda!
ok i got the one file to extract but the others wont now what do i do once i have that image file do i put it in the bt folder and then run commands?
donnyevo4g said:
ok i got the one file to extract but the others wont now what do i do once i have that image file do i put it in the bt folder and then run commands?
Click to expand...
Click to collapse
-Yup you got it! They way 7z file work is that it evenly breaks a larger file down into multiple smaller .7z files.
-In this example, the bt.img file is about 486MB. So, 9/10 of the bt.7z files are 50MB each and then the 10th file, holding the remain bytes, is 36MB. So once you have them all downloaded into the same location, you can open ANY one of them and drag its content to the hard drive, and it will extract the entire 486MB, using all of the files. And you only have to do this ONCE, you DON'T have to open each of them and drag all of their content out.
-So yea, now copy the bt.img file to the bt folder located in the /sdcard/external_sd folder, and then copy the entire bt folder to the /sdcard folder instead(Im guessing the ATT version doesn't have an external sd card, cuz the cd /sdcard/bt command is for the /sdcard location and not /sdcard/external_sd, which is where flashing the zip places the bt folder). So in the end you're going to use this /sdcard/bt folder and not /sdcard/external_sd/bt...EDITED..and don't quote me on the .7z file sizes from above, not really sure how large they are cuz looking at the file now in my phone its 3.26GB, I was using 50MB for an easy explanation and arguments sake only, thx...and Im actually gonna update OP w/ the step needing to copy the bt folder from the /sdcard/external_sd location to /sdcard instead
now im getting a chroot error when i type bt it says chroot execute bin/bash innput/output error? HELPPPPP
donnyevo4g said:
now im getting a chroot error when i type bt it says chroot execute bin/bash innput/output error? HELPPPPP
Click to expand...
Click to collapse
post exactly what you have done so far and what commands you are able to enter successfully and at what command you are getting the error, thx
Posting now stay online
Heres the error im getting look towards the bottom
donnyevo4g said:
Heres the error im getting look towards the bottom
Click to expand...
Click to collapse
ok and where's the rest of the info I asked for?
i can only fit so much in the screen shot what else you looking for
Related
This post DOES NOT CONTAIN SWYPE BINARIES, and presumes that you have backed up your original Swype.apk and libSwypeCore.so files. If you forgot to, you can get them by doing an unyaffs on the system.img from any of your nandroid backups that would contain swype, or the G2's PC10IMG.zip, and extracting the files from system/lib/libSwypeCore.so and system/app/Swype.apk.
You can also check this post for other methods of attaining your old Swype files: http://forum.xda-developers.com/showthread.php?t=841603
DO NOT USE THIS ARCHIVE WITHOUT FIRST ADDING THE SWYPE FILES. BAD THINGS MAY HAPPEN. I'M NOT RESPONSIBLE FOR ANYTHING THAT HAPPENS TO YOUR PHONE EITHER WAY.
TO RESTORE THE SWYPE FILES FROM A NANDROID BACKUP:
See this post http://forum.xda-developers.com/showthread.php?t=835971 for the original PC10IMG.zip file that should theorietically also contain it - though I have not yet figured out how to extract files from its system.img
1. Locate your nandroid backup that you know you made when you had Swype2. Find the system.img in the nandroid backup (probably in /sdcard/ClockworkMod/backup/)3. Open an adb shell and execute the following:
mkdir /sdcard/system
cp /sdcard/ClockworkMod/backup/YOUR-BACKUP-NAME/system.img /sdcard/system/
cd /sdcard/system
unyaffs system.img4. Mount your sdcard on your PC and navigate to the system/app folder and copy Swype.apk to your desktop5. Navigate to the system/lib folder and copy libSwypeCore.so to your desktopYou can now safely delete the system folder on your sdcard (it's taking up a lot of space).
Now you should have Swype.apk and libSwypeCore.so ready to go.
Once you get those files, you're ready to create the update zip:
1. Download the FixSwype.zip attached to the bottom of this thread, and edit it with your favorite archive editor (I prefer 7-Zip, because it's open-source and fully-featured).
You should see:
system
META-INF
2. Browse to the system/app directory, and paste in your Swype.apk
then, go back up to the system/lib directory, and paste in the libSwypeCore.so
3. Move the new FixSwype.zip to your SD Card, either via mounting it on your PC and manually copying it, or by "adb push FixSwype.zip /sdcard/"
4. Reboot to recovery. Navigate to "apply zip from sdcard" or equivalent function, and select your FixSwype.zip.5. You're done! Reboot the phone, go to Settings, Language & keyboard, and check "Swype". Enjoy! You now have a permanent Swype-restoring patch.
Of course, you'll have to re-run this process any time you install a new ROM, as the new ROM will overwrite your existing /system partition, where Swype lives.
So, whenever you install a new rom just...
1. apply the new ROM's .zip file
2. apply the FixSwype.zip file
wash, rinse, repeat!
Want to buy me a beer? Click here!
There's not really any need for this if you're using CM. Once you have Swype on your phone, create a file in /system/etc/ called custom_backup_list.txt. Each line in the file should be the path to a file that you want preserved when you flash a new version, with the leading /system/ removed. So, for swype, your /system/etc/custom_backup_list.txt would have:
app/Swype.apk
lib/libSwypeCore.so
(I also added app/Quickoffice.apk, along with the modified files for the fixed keymap.)
Once you have this file in place, Swype (and whatever else you list) will be preserved automatically for you every time you flash a new CM.
itp said:
There's not really any need for this if you're using CM. Once you have Swype on your phone, create a file in /system/etc/ called custom_backup_list.txt. ...
Click to expand...
Click to collapse
itp,
This is really good info to have! Thanks. I've heard rumors (unconfirmed by myself) that Rom Manager does not honor this file, so I'll leave my post up for the time being, for people who may find it useful or don't feel comfortable playing in /system.
how do i do a unyaffs on my stock backup rom so i can get the swype keyboard back? Also does this work on virtuous roms?
hate to break your heart, but the easier-est way is already made just by 3 clicks in an apk.
http://forum.xda-developers.com/showthread.php?t=841603
just download the apk in the link of mediafire through your phone or from computer move it to your sd card.
use a file manager/browser to locate and install the file.
open, look for the swype which it only shows that file...click and it will do the rest for you by itself.
oh and make sure you check it in the keyboard settings and uncheck any other keyboards you might have installed.
mbergh22 said:
how do i do a unyaffs on my stock backup rom so i can get the swype keyboard back? Also does this work on virtuous roms?
Click to expand...
Click to collapse
I just now updated the post above with directions for this. Oh, and yes it should work for any/all ROMs.
GunToYoMouth123 said:
hate to break your heart, but the easier-est way is already made just by 3 clicks in an apk.
http://forum.xda-developers.com/showthread.php?t=841603
Click to expand...
Click to collapse
Neat...I had seen that post before but not since it was updated with the apk. Cool.
does that apk work with virtuous roms? and which unayffs file do i download and where do i store it?
unyaffs is a command that is built in to Android
It says unyaffs not found
Sent from my HTC Vision using XDA App
mbergh22 said:
It says unyaffs not found
Click to expand...
Click to collapse
Hmm, make sure you're spelling it right... otherwise, not sure. It's possible (but unlikely) the ROM you're using doesn't include it. It's definitely in cyanogenmod...
Edit: here's a screenshot of when I used it...
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
From what I remember, unyaffs will not work on Mac. Are you on a Mac?
rraxda said:
From what I remember, unyaffs will not work on Mac. Are you on a Mac?
Click to expand...
Click to collapse
Nope windows 7 and I have even tried it through the terminal on my phone. I am using the latest virtuous rom.
rraxda said:
From what I remember, unyaffs will not work on Mac. Are you on a Mac?
Click to expand...
Click to collapse
This command is executed on the phone, not on the computer, so it wouldn't matter if it's Mac, Windows, Linux, BSD, etc...
mbergh22 said:
does that apk work with virtuous roms? and which unayffs file do i download and where do i store it?
Click to expand...
Click to collapse
Unfortunetly the apk i sent doesn't work for sense roms,you should ask the original poster . I tried on sense roms, and it says no swype found in back-up file. But for cm and froyo roms,it does work.
Sent from my HTC Vision using XDA App
Weaseal said:
This command is executed on the phone, not on the computer, so it wouldn't matter if it's Mac, Windows, Linux, BSD, etc...
Click to expand...
Click to collapse
Weaseal said:
Open an adb shell and execute the following:
mkdir /sdcard/system
cp /sdcard/ClockworkMod/backup/YOUR-BACKUP-NAME/system.img /sdcard/system/
cd /sdcard/system
unyaffs system.img[/INDENT]
Click to expand...
Click to collapse
My bad... I thought that when you said "open an adb shell" you were speaking of running adb shell from cmd? Is that wrong?
this is an older tutorial i found for the evo way back. it needs to be updated..
this could possibly work on other android htc phones to that have the fm transmit capability....
the evos Broadcom chip has a built in fm receiver and also a transmitter.
according to some threads and diagrams ive seen the transmitter does have a power source, it just doesnt have and software code to actually work.
like hdmi the hardware was there but there was no code set up, therefore we didnt have full hdmi out. it had to be built from scratch.
the hardware for the fm transmitter is there we just need some one to build the code for it.
some one please take this on!!
This tutorial was originally posted in > android development and hacking > android software development.
i am reposting it here in the evo forums for guidelines
its a nice tutorial but its old. i think it was for android 2.0 ive followed the tutorial but i couldnt get it working, and i by no means have the experience to switch things up and get it working.
[TUTORIAL] Reverse engineering HTC FM Radio for noobs (on EVO 4G)
Okay, I'm writing this because I want to help any other newbies trying to learn how to reverse engineer. The technical details involved in this are extremely daunting, so the purpose of this tutorial is to first explain in layman terms exactly what you're trying to accomplish and what to expect. Then we'll go over the details. That way you're not completely blind going into this. I'm fairly new to the scene, so I'm not as knowledgeable as everyone else. If you see any errors in my post, let me know so I can change. I'm going to assume you know a little bit of Java, can find your way around a computer, and know nothing about Android. The techniques used should work with other Android phones. For this tutorial I'm using Windows 7, Cygwin, and my stock (not rooted) EVO 4G mobile phone.
The FM tuner for the Evo is run by a Broadcom chip: BCM4329. This chip is pretty amazing in that it does wireless, bluetooth, and it has an FM receiver/transmitter. We're interested in the FM receiver / transmitter.
Now, all android phones are based on a Linux kernel. Basically they're Linux running computers. The Android operating system is then installed onto the linux system. Every app is then run off of Android.
Android is based on Java but it is not a Java system. It uses a virtual machine called Dalvik. Google did this to get around licensing issues with Sun Microsystems. So they pretty much invented their own machine language (called byte code) for the Java language. This makes things complicated for the reverse engineer because from what I've read, once Java is converted into this machine language or byte code, it can't be converted back.
So let's rehash.
If you were programming strictly in Java, you would see these extensions:
Java source code = .java
Compiled Java source code = Java byte code = .class
Compressed file to package your program = .jar (Java Archive)
But since you're programming in Android and Dalvik, you will see these:
Java source code = .java
Compiled Java source code = Dalvik byte code = .dex
Compressed file to package your program = .apk
(I haven't mentioned this, but HTC further Optimizes their .dex code)
Optimized Dalvik byte code = .odex
I'm writing all of these down because it's very easy to get confused with all of the extensions. (for me at least!). remember how I said once you go dex, you can't go back to java? That's where JesusFreke comes in. He's a senior member of XDA, and he created "baksmali" and "smali", two programs that can convert the Dalvik code back into a human readable format. These files have extensions of .smali
Decompiled Dalvik byte code = .smali
But what can you do with .smali files? That's where this other senior member, brut.all comes in: He developed apktool. apktool takes JesusFreke's work to the next level. This program in conjunction with NetBeans, actually lets you trace through any program using the .smali code taken from JesusFreke's programs!
apktool does this by converting those .smali files into "fake" .java files that can be used by the NetBeans (program that compiles and makes java programs) IDE. I say "fake" because apktool embeds the .smali code into java files as comments. However, once you attach a debugger to NetBeans, you'll see that the debugger will follow line by line every execution statement found in the smali code!
So...... you can take the program you want, plug it into Net Beans using a debugger (using the default ddms command provided by Android SDK), and you can trace everything you do in the program. I have it connected to my phone, so whenever I push a button while running my HTC FMRadio app or unplug my headphones,I see the corresponding response to the HTCFMRadio code I have loaded in NetBeans. I can now see in real-time how the program operates from my own interactions... JAM.
Technical Aspects: How to get from ground zero to tracing HTCFMRadio?
1.) Download Android SDK - Go to google development site and follow instructions: Make sure to download the latest Java JDK. Once that is installed, download NetBeans 6.8. Unfortunately, smali debugging does not work with the lastest versions of NetBeans.
Download the "Java SE" version for minimal space
http://netbeans.org/downloads/6.8/index.html
You can follow the rest of Google walkthrough and download Eclipse and ADT plugin, but it's not pertinent to this. You're going to be using adb and ddms from the android SDK extensively, so make sure the path for </android SDK/tools> is included in the PATH variable in your ENVIRONMENT SETTINGS. To get here, right click My computer, click properties, Advanced Settings, ENVIRONMENT SETTINGS.
2.) Search for 7z and download it. It is an awesome and free compression tool that will be extremely useful. It can be used to "unzip" .jar, .apk, and other compressed formats.
3.) Get the Radio app. You can do this by going to "shipped-roms" website, downloading the latest Supersonic image, and following the directions in the unlockr tutorial for HTC kitchens at the unlockr website... (once you have extracted the files from the image, you can look in the system/app and system/framework directories to get the files listed below) or:
you can pull the following files from your phone:
Using the command prompt type (and with phone plugged in, and with USB debugging enabled on phone):
adb pull /system/app/HtcFMRadio.odex
adb pull /system/app/HtcFMRadio.apk
adb pull /system/framework ./framework
This will put HtcFMRadio.odex and HtcFMRadio.apk in the current directory and create a framework directory with more files. A couple of the files in the framework are needed for the HtcFMRadio app, but for simplicity, we're just going to pull the whole directory.
Now that we have the files, we have to make a few changes to make the app installable and to be viewable by the debugger. To do this we have to decompile the .odex format into a human readable format we can edit. That brings us to:
3.) Download baksmali and smali from Project Hosting on Google Code (google search smali).
Usually an Android application is made up of one file, an apk file. Inside the apk file is an AndroidManifest.xml file, a classes.dex file (compiled Java code for the program), and other folders. The other folders contain either graphics or other .xml files that tell the program how it should look to the user. We don't have to worry about those for now. This is important because APKTOOL only opens programs set up this way. But wait up? We didn't download one .apk file, we downloaded an .apk file and an .odex file! What gives? Well, if you right click the apk file and open it (using 7z), you'll see that it's missing the classes.dex file. The dex file for the app is actually the HtcFMRadio.odex file we downloaded. So, to make this system app more like a nominal app, we have to find a way to convert the HtcFMRadio.odex to a classes.dex file. That's easy with baksmali and smali!
Once you download goto command prompt and type:
java -jar baksmali-<version>.jar -d framework -x HtcFMRadio.odex
(Remember to match baksmali-<version>.jar with the filename of baksmali you downloaded)
If done correctly, you should see a newly created \out directory
This creates an out\com\htc\fm directory with many .smali files.
Now let's reverse the process and put it back as a dex file. Type at command prompt:
java -jar smali-<version>.jar out -o classes.dex
If done correctly you'll see a newly created classes.dex.
now, right click on HtcFMRadio.apk (select 7z and open). Drag classes.dex into the file. Say yes to the prompt. Now you have a normal apk file APKTOOL can read!
4.) Download APKTOOL from Project Hosting on Google Code and the helper apps for your OS. (If you're extracting files for windows OS you should have apktool.bat and aapt.exe). Extract (again using 7z, don't you love this program?) apktool.jar (keep it as a jar file, don't extract the stuff inside of it), apktool.bat, and aapt.exe to the directory you're working on. To make things neat, you can also delete HtcFMRadio.odex (you don't need it anymore) and classes.dex (make sure you put it in the HtcFMRadio.apk file first!)
If this is the first time you're using apktool, then you have to install the htc framework so apktool can baksmali the Radio app. You only have to do this once:
apktool if ./framework/com.htc.resources.apk
Alright, at the command prompt:
apktool d -d HtcFMRadio.apk
This extracts the contents of HtcFMRadio.apk and places them in the HtcFMRadio directory. However, there are two major differences between this content and the content created in step 3. If you go into the smali directory you'll see that instead of .smali files, you'll see .java files. And if you go back and edit the AndroidManifest.xml file, you will also see that it's in text! Android applications convert their xml files to binary format. Now that APKTOOL has converted everything to an IDE friendly format, we can use NetBeans to edit everything. The first thing we're going to do is edit AndroidManifest.xml (using notepad) and add the following:
android:debuggable="true" to the Application tag.
IT should now look like this:
<application android:theme="@android:style/Theme.Black.NoTitleBar" android:label="@string/fm_app_name" android:icon="@drawable/fm_radio" android:taskAffinity="android.task.fmradio" android:description="@string/htc_corp" android:allowTaskReparenting="true" android:debuggable="true">
This permission lets the debugger watch the program while it's running on the phone.
We are going to run into two problems if we try to install this program. One is that Android doesn't let you install more than one copy of a system app. The second issue is that if we change the signature of our system app, then we'll have to change the signatures of our other system apps as well! Ahh.... So, to get around that, we're going to trick Android into thinking we have a completely new program. We're going to do that by renaming the com.htc.fm class to com.htc.modradio class. Next step:
5.) Cygwin (or Linux virtual machine)
The easiest way that I can think of to replace strings in multiple files is by using linux. You can most definitely do it in WIndows, but I dont know how. If you let me know how, I can put it in this tutorial.
(update: you can use Notepad++ to easily find/replace strings in multiple files for Windows. You still, however, want to download Cygwin if you're going to develop with Android-NDK.)
For now, just search for Cygwin (Cygwin is a program that lets you run Linux commands from a command prompt using your Windows directories), and install it. Make sure to have the Perl option selected. You'll need Perl to make the following commands work.
Once you get Cygwin up and running
cd <to your HtcFMRadio directory>
in my case it's
cd /cygdrive/c/Users/Jerry/Desktop/HtcFMRadio
now type the following commands in this order:
this command changes all occurances of htc/fm to htc/modradio in your xml and .java files.
find ./ -type f | xargs perl -pi -e 's/htc\/fm/htc\/modradio/g'
this command changes all occurances of htc.fm to htc.modradio
find ./ -type f | xargs perl -pi -e 's/htc.fm/htc.modradio/g'
If you don't follow this order, your source code will get messed up.
If using cygwin, a bunch of .bak files will be created. Using windows search, find all .bak files in your HtcFMRadio directory, then select them all and delete them (Make sure they are only files with .bak!)
Now just rename the fm directory to modradio. It is located in HtcFMRadio/smali/com/htc
Now go to your windows command prompt and type:
apktool b -d .\HtcFMRadio modradio.apk
Now sign and install modradio.apk on your phone.
adb install modradio.apk
If you have never signed before, then you need to use keytool and jarsigner. These two files are in your JDK directory, so make sure you include your JDK directory in the PATH variable of your ENVIRONMENT SETTINGS. (To get here, right click on My Computer, click Properties, Advanced Settings, Environment Variables. Once you make change, open up a new COMMAND prompt to see changes).
cd to the directory which has modradio.apk
now type:
keytool -genkeypair
Answer all questions, then use the same password for all password prompts.
Next type:
jarsigner -verbose modradio.apk mykey
Type in the password you created in the above step. Your apk should now be signed.
Next install:
adb install modradio.apk
Success!
6.) Testing the app on phone
Go to your phone and you'll now see a new FMRadio icon next to your first. Click on it and watch it open. It should now be able to play music. Keep it open.
7.) Using Netbeans
Go into HtcFMRadio and delete the build directory created by APKTOOL.
Now open up Net Beans and click on File, New Project, Select Java Project with Existing Sources, click on Next
Select HtcFMRadio directory for Project Folder, rename Project Name to whatever you want. Let's type in ModRadio. click on Next
Next to "Source Package Folders" click on "Add Folder" and select the smali directory.
Click Finish. For a quick tutorial by Brut.all, search APKTOOL in youtube and click on: Apktool Demo 2 - Smali improvements
Right click on Libraries. Click on "Add Jar / Folder". You want to add Android.Jar. Since I have Android 2.1 loaded I went to /platforms/android-7 located in my android SDK directory.
Your project is now ready for editting!
8.) Running the Debugger to trace through program.
Next go back to Windows command prompt and type ddms. This runs the Dalvik Debug Monitor. A window should open up. In the left hand side you should see com.htc.modradio. That's our app! To the right you're going to see 2 numbers, you're interested in the one to the right, 4 cells away from com.htc.modradio. This number is a port number, and you're going to use it to communicate with NetBeans. (In my case it is 8603)
Go back to NetBeans and click on Debug, Attach Debugger.
In the host field type: localhost
In the Port field: type in the second number you saw. (8603)
If everything is working you'll see a bug appear next to com.htc.modradio in the Dalvik Debug Monitor. Look at the bottom bar of NetBeans for feedback. If you get errors make sure the numbers match, or try port 8700 and make sure you select com.htc.modradio in the Dalvik Debug Monitor. Port 8700 is the default port used for whatever program you select in Dalvik Debug Monitor.
9.) Setting a breakpoint
I'm making this a seperate step because it is completely arbitrary. When creating a break point be sure to follow this rule:
You must select line with some instruction, you can't set breakpoint on lines starting with ".", ":" or "#".
Rather than looking for a spot to breakpoint, though, I'll tell you where to put one so you can quickly see how the debugger traces through the code. You aren't "REQUIRED" to do the next step, but if you want to trace you have to put a breakpoint somewhere.
In Net Beans click on the Project tab, click on Source Packages, com.htc.modradio, and then doubleclick on BroadcomFMTuner.java
We're going to insert a breakpoint. Scroll down to line 3226 and on your keyboard press: CTRL-SHIFT-F8, select line in dropdown box and hit ok. (To keep it simple, I usually look for "invoke" instructions to set breakpoints at)
Now go to your phone and click on the physical "back" button on your phone. This will clear the radio,(you should still be able to listen to music). Drag your status bar down. You should see a radio icon. Click on it again. The radio backgroudn will appear, but you wont' see any text or anything. Now go back to your netbeans application. You should now see debug options highlighted! Click on Step Over (F8) to step through!
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
i found a few things.
http://pdf.eccn.com/pdfs/Datasheets/Broadcom/BCM4329.pdf
http://www.broadcom.com/products/Bluetooth/Bluetooth-RF-Silicon-and-Software-Solutions/BCM4329
Mad tutorial man! You have just opened up my world even more to Android. Thank you heaps.
BTW your freakin signature got me good damn you! I thought someone had hacked my PC LOL
Any chance that this will work with JB?. Can you post app?. Thanks.
Hi all,
This guide is split into two parts as of now , part 1 is for changing the settings menu background and part 2 is for changing the backgground for dialer and contacts.
Part -1
may be this method is known to few but im posting this to people who dont know how to change the background image of the settings menu and other few.
Sample screenshots
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Like it?
here is the method to do this.
Software needed :
1.7zip (to replace the image)
2.android sdk(to use adb commands to push/pull the files)
How it works:
We are modifying/replacing an image called "background_holo_dark.png" in the "framework-res.apk" which is responsible for displaying background images in menu.
Step 1:
Use the following adb command below to pull the "framework-res.apk" from your mobile to pc.
Code:
adb pull system/framework/framework-res.apk
Step 2:
Open the framework-res.apk via 7zip and navigate to the following directory
"framework-res.apk\res\drawable-nodpi\", you will see a file called "background_holo_dark.png". Delete the image and dont close the 7zip.
Preparing your own image:
Now use any png image you want to set as background , resize it to 512 x 512 via mspaint or any other image editing software and rename the file to "background_holo_dark.png".
Drag the newly created image file back to 7zip(to the same directory where the old file is deleted) and close the 7 zip .
Step 3:
Now its time to push the file back to mobile, type the following command in the same command prompt
Code:
adb remount
now type the following
Code:
adb push framework-res.apk system/framework
Step 4:
Now reboot your mobile, you will have the new background image enabled
Part-2
Wanna change the background of the dialer and contacts?? well read below,
Step 1:
Use the adb command (or u can use root explorer) to pull the "Contacts.apk" from your mobile to pc.
Step 2:
Open the Contacts.apk via 7zip and navigate to the following directory
"Contacts.apk\res\drawable-nodpi\", you will see a file called "background_dial_holo_dark.png". Delete the image and dont close the 7zip.
Drag the image (similar to the one created in part 1 of the guide) file back to 7zip(to the same directory where the old file is deleted) and close the 7 zip .
Step 3:
Now its time to push/copy back the file back to mobile. Copy back the file to the same directory from where it is copied.
Step 4:
Now reboot your mobile, you will have the new background image enabled
Your dialer and contacts shortcut may be missing from your launcher, just drag it back to the homescreen from the app drawer.
Step:5
This step is optional!!! If you do not get those shortcuts, enter cwm and wipe cache and dalvik cache.
Sample screenshots.
Note:
For users who know how to use root explorer can use the same to copy/paste the framework-res.apk before and after editing.
Sample images are taken with 160 dpi, this mod will work with all dpi.
credit:
vertimus (thanks to him , he helped finding the right image to replace)
you can find some ready to use backgrounds in this post ... will be updating this post when i find something beautiful for a background
updated with a few more images
Now the journy began, will try it soon
For those who don't have the sdk tools...
Root explorer can also be used in order to copy the framework-res.apk and after editing paste it again.
mitsos89 said:
For those who don't have the sdk tools...
Root explorer can also be used in order to copy the framework-res.apk and after editing paste it again.
Click to expand...
Click to collapse
Yeap
But doing this, just after copying, the phone made a small reboot. And after, I had the new background image
(I try with adb remount, but this command doesn't work...)
So I did it with ES Explorate
Black background
Thanks for this tutorial. Was having trouble using root explorer so I just used ES File Explorer and that worked fine. Finally have the black background I love in Settings.
Link is below for anyone that wants it
works also fine for non CM9 Rom, but the category bars (interface, device etc.) are not transparent. How to change it?
Thanks and Greetz
kr4mb3
Why developers from S2 not developing themes for ICS?
kachrukamble said:
Why developers from S2 not developing themes for ICS?
Click to expand...
Click to collapse
i think it will take some more time as still there are many users using gb. once ics hits stable , then we can see hell lot of themes
updated with a few more images, people who try this mod do post their background image in this thread so that it can be shared
wow i don't know the process was that easy.. also working on aokp and maybe cna rom since both cm9 based.. if no 7zip present Winrar could do the job..
here's mine..
background:
the background also effect other app that uses standard android framework
mass esolle
Here is mine.
Thanks bala_gamer for the info sweet as nice and simple cheers.
Heres mine:
mm i put the file in but didnt work.. is it the same file for ics roms
xinfinityoO said:
mm i put the file in but didnt work.. is it the same file for ics roms
Click to expand...
Click to collapse
you mean samsung ics roms? if you are using the stock theme for samsung roms then replace the following file in the same directory
"tw_background_dark.png".
If you are using themed samsung roms then you can give this guide a try
xinfinityoO said:
mm i put the file in but didnt work.. is it the same file for ics roms
Click to expand...
Click to collapse
Which rom you are using???. Let me know so i can help you.
thanks allot working what about other background like menu button also for dial-pad how to make it transparent ...... etc
I've been trying this more ever and I couldn't get it to work. I had it once but as soon as I flashed a theme of CM9 it was over-written and if I try to replace the file I always get a bootloop. And even worse is that I can't install Java for the pc program so if anyone can give me a step by step on how to do this with root explorer and 7zip that would be very appreciated
frigers said:
I've been trying this more ever and I couldn't get it to work. I had it once but as soon as I flashed a theme of CM9 it was over-written and if I try to replace the file I always get a bootloop. And even worse is that I can't install Java for the pc program so if anyone can give me a step by step on how to do this with root explorer and 7zip that would be very appreciated
Click to expand...
Click to collapse
its the same with root explorer
1. copy the framework-res.apk to your sd card.
2. edit the apk using the same procedure in the 1st post.
3. now copy the file to sdcard.
4. copy back the file from sd card to system/framework
5. set the permission as follows in root explorer
OOX
OXX
OXX
6.reboot
bala_gamer said:
its the same with root explorer
1. copy the framework-res.apk to your sd card.
2. edit the apk using the same procedure in the 1st post.
3. now copy the file to sdcard.
4. copy back the file from sd card to system/framework
5. set the permission as follows in root explorer
OOX
OXX
OXX
6.reboot
Click to expand...
Click to collapse
Do we need to re-sign the APK after pasting the image in the zip file? or we can simply put this APK back to the framework folder?
EDIT: Nevermind.. it works!! without re-signing the apk. thanks.
Need ROOT access
I tried these all to dump my phones ROM
http://bm-smartphone-reviews.blogspot.pt/2012/03/increasing-g11i-pro-and-hd7-internal.html
http://www.addictivetips.com/mobile/how-to-backup-your-android-phones-boot-recovery-and-system-partition-images/
And many others also where i can find the ways to dump ROM but no success then i can across this site
http://android.podtwo.com/romdump/
but still dint got success then thaught to just do some changes in the steps and then had done those
1. I downloaded the romdump_v82b.zip from http://android.podtwo.com/romdump/
2. Copy and paste the romdump file to /data/local/(open root browers /root access file manager and then go to data folder and then open local folder and paste the file romdump)
3. Long press romdump file and select permission and check all boxes.
4. Created a folder name romdump in sd card and
5. Open Terminal Emulator in phone and followed the steps below mentioned and got the ROM dumped in my sd card
$ export PATH=/data/local/bin:$PATH
$ su
# chmod 04755 /data/local/romdump
# /data/local/romdump
You will see all the things whats going on below if you see this then you will get the ROM dumped if not then follow the steps once again
Android ROM dumper v0.82b
(c)2011 Sebastian404
Device : ALPS.GB.FDD2.MP.V3.9
Creating required files... done.
Opening mtd table... done.
Dumping kernel config... /proc/config.gz: No such file or directory
done.
Dumping boot partition... done.
Dumping recovery partition... done.
Dumping system partition... done.
Creating Checksums... done.
Cleaning up... done.
All done.
#
This works but is it valid or useful?
Hi everybody.
I tested this method on tablet M005 dual SIM from Chinabuye (unknown manufacturer) and I confirm that it works. Reading the shahabazas post I was not sure if the file 'romdump' is to be copied to computer /data/local/ folder or the same folder on the tablet so if anybody would have the same doubts I clarify that it is the folder on the tablet/phone.
I have serious doubts however. Everywhere I searched on backup/restore of the stock ROM I was reading that to take the copy of the stock ROM the system must be not running. That's how the CM Recovery works. In the romdump method however the system is running while taking the copy of ROM. So I have 2 questions:
1. Is the copy of ROM taken this way valid/accurate?
2. How to use the romdump files to flash the ROM back in the case that something goes wrong later on and flashing it back will become necessary?
Here is the list of the files you get after running romdump:
config.gz
system.info.gz
boot.img
recovery.img
system.tar
checksum.md5
I would appreciate if someone could answer those questions or point me to corresponding info as I want to over/under clock my tablet and that involves flushing custom kernel. This model of tablet is not popular and does not have custom kernel or ROMs available for download and I will have to cook it myself in which case it is very likely that I will brick it.:laugh:
Cheers
mengagumkan said:
1. Is the copy of ROM taken this way valid/accurate?
2. How to use the romdump files to flash the ROM back in the case that something goes wrong later on and flashing it back will become necessary?
Click to expand...
Click to collapse
well, romdump is very useful to create a custom rom how to do that is another/long question you can't confirm will work for all phones if you don't have sources of that application also if this is good/accurate well just restore boot/system/recovery partition on your phone and now you are sure about that (yes backup before!)
to restore use fastboot utility i.e. let's say you have a problem entering recovery mode then
Code:
fastboot flash recovery recovery.img
to overclock your tablet you need to edit files in kernel so you need kernel sources if you don't have that forget about that
do nothing if not sure about because I have some doubts about these Chinese tablets -how to restore to stock rom ? - just in case !
Series of "silly" questions
First of all thank you ruscan.callin for your response.
I am quite familiar with Linux and I use Ubuntu every day so knowing, that linux is open source and modifiable in many ways, I thought that it would be possible to extract kernel from tablet, from there extract all files or modules (I am not yet very familiar with kernel structure) and then modify files, scripts, etc. to suit and pack it back to img format and flash to tablet. After all, Android is a Linux, right? Maybe my way of thinking is wrong?
I imagined that all those wonderful people from CM that do so many ROMs and modified kernels for popular phones and tablets work this way, that is, they don't have access to manufacturer's source codes? Or do they have access to different source codes for every specific model they work on (in case they are all different)?
Maybe it is possible to work from Android kernel source code publicised by Google and change there frequency and voltage values then compile a kernel back and flush it? Will then all buttons and TV, radio, sensors and other hardware work as they should?
My tablet has Android 2.3.6 and kernel 2.6.35.7, does it mean that the source code for it is open and available for download or is it modified in some way by the manufacturer (I mean the kernel, not the apps)? I would think that if this was modified it should have some different name like 2.3.6-M005 and 2.6.35.7-M005 (in this case M005 is a model number) or something like that?
I already managed to root this tablet and all works but it is slow with some aps like GPS, Maps and Navigation, and has low capacity battery, about 1800 mAh, so I thought that over/underclocking would help to speed it up on demand and save battery when speed is not needed.
Apart from that I have problem with romdump files because a romdump gives (amongst others) boot.img and system.tar and the latter is a tar archive of system folder and not the tar archive of system.img file so the Android Kitchen does not accept it as a ROM. Therefore the problem is how to make romdump files to be acceptable by the Kitchen?
I would appreciate any responses, thanks.
Some questions answered
Well, nobody bothered to answer my questions so I try to answer them myself just in case that other noobs like me would read it.
Yes, it is safe to say that every device model has different ROM and kernel.
Android and kernel publicized by Google as a source code work as is only for devices sold by Google. Other models by various manufactures have all different kernels, recovery or engineering modes and ROMs. Often manufacturers do not publicize source code so it is difficult to modify kernels, albeit possible. It is in fact done by pulling the kernel and/or ROM out, modify it and put it back with better features.
Most tutorials do not work for most people starit "from the box" and require some changes because all user's computers are different, so people who are serious about android mods have to find their own ways that work for them taking tutorials as a guide only.
In my case I found that the CPU MT6573 in my tablet model M005 works well even at 998 MHz and there is MTK CPU Control app on Google Play that can increase the cpu speed to 806 MHz so there is no need for me to trod into murky ways of kernel modyfications for now. I installed the app and my tablet runs at 806 MHz no problems. Now I need to find a way to improve the battery life.
Try to use romdump on my Acer Iconia A210 Tablet:
Code:
/data/local/romdump
Android ROM dumper v0.82b
(c)2011 Sebastian404
Device : Acer_AV043_A210_1.034.00_EMEA_DE
Creating required files... cat: can't open '/proc/mtd': No such file or directory
gzip: can't open '/sdcard/romdump//system.info.gz': File exists
done.
Opening mtd table... Segmentation fault
Tool don't work for me on my iconia a210 but I tried to use dd. That works
Thanks for this method! Would this word on a Ubuntu 12.10 (Quantal Quetzal) 32 bit?
thanks
thanks for info.
schlex2010 said:
Try to use romdump on my Acer Iconia A210 Tablet:
Code:
/data/local/romdump
Android ROM dumper v0.82b
(c)2011 Sebastian404
Device : Acer_AV043_A210_1.034.00_EMEA_DE
Creating required files... cat: can't open '/proc/mtd': No such file or directory
gzip: can't open '/sdcard/romdump//system.info.gz': File exists
done.
Opening mtd table... Segmentation fault
Tool don't work for me on my iconia a210 but I tried to use dd. That works
Click to expand...
Click to collapse
I, too, tried getting this to work on an Iconia tablet, but ran into the same issue. Beware that
Code:
dd
doesn't actually work and will create a corrupt image. I had read a insightful post into why this was, but (of course) had no luck finding it back.
Instead, I modified romdump to look in a temporary path following this answer on Stack Overflow:
unix.stackexchange.com/a/56939/26151
My steps were:
Download romdump
Edit it under linux using
Code:
sed s-/proc/mtd-/tmp/mntx- < romdump > romdump.new
Push
Code:
romdump.new
to the device
Code:
adb shell
to the device and execute:
Code:
mkdir /tmp
ln -s /proc/mounts /tmp/mntx
chmod 04755 /data/local/romdump.new
/data/local/romdump.new
Locate the backup at
Code:
/mnt/sdcard/romdump
stimpy84 said:
I, too, tried getting this to work on an Iconia tablet, but ran into the same issue. Beware that
Code:
dd
doesn't actually work and will create a corrupt image. I had read a insightful post into why this was, but (of course) had no luck finding it back.
Click to expand...
Click to collapse
I found the source of that statement:
modaco.com /topic/327661-how-to-backup-the-systemimg-bootimg-and-recoveryimg/#entry1534321
(Sorry for the broken URLs, but the forum won't allow me to post any.)
Dear Op, thank you for the dump method.
I'm trying to dump the rom of my rooted HTC One X but I get the following error.
Any idea what I'm doing wrong?
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Use this command
Su
Cat proc/emmc
Because all partition chaned nowdays,try it.
Sent from my GT-I5800 using Tapatalk 2
Thank you, that's giving me a partition structure of my device but no dump.
pratikmore said:
Use this command
Su
Cat proc/emmc
Because all partition chaned nowdays,try it.
Sent from my GT-I5800 using Tapatalk 2
Click to expand...
Click to collapse
Just visit here,You will get your ans and next steps
http://forum.xda-developers.com/showthread.php?t=2027311
Sent from my GT-I5800 using Tapatalk 2
I need help dumping the system of a UG007. It has a Rockchip RK3066. I am using romdump. I am able to sucessfully complete the dump, but I cannot locate the dumped files. Any suggestions?
heres my CMD screen for the first pass
Code:
adb push romdump /data/local/
3076 KB/s (1149900 bytes in 0.365s)
adb shell
[email protected]:/ # chmod 755 /data/local/romdump
chmod 755 /data/local/romdump
[email protected]:/ # /data/local/romdump
/data/local/romdump
Android ROM dumper v0.82b
(c)2011 Sebastian404
Device : rk30sdk-eng 4.1.1 JRO03H eng.ant.20121108.175527 test-keys
Creating required files... done.
Opening mtd table... done.
Dumping kernel config... sh: cat: /proc/config.gz: No such file or directory
done.
Dumping boot partition... done.
Dumping recovery partition... done.
Dumping system partition... done.
Creating Checksums... done.
Cleaning up... done.
All done.
I couldn't find the dumped files so I tried again, but it says that the files already exist.
Code:
adb shell
[email protected]:/ # /data/local/romdump
/data/local/romdump
Android ROM dumper v0.82b
(c)2011 Sebastian404
Device : rk30sdk-eng 4.1.1 JRO03H eng.ant.20121108.175527 test-keys
Creating required files... gzip: can't open '/sdcard/romdump//system.info.gz': F
ile exists
done.
Opening mtd table... done.
Dumping kernel config... sh: cat: /proc/config.gz: No such file or directory
done.
Dumping boot partition... done.
Dumping recovery partition... done.
Dumping system partition... done.
Creating Checksums... done.
Cleaning up... done.
All done.
the script runs like the op has shown ..
but it produces the following files only
config.gz
system.info.gz
system.tar
checksum.md5
the following two are missing
boot.img
recovery.img
however the prompt is showing that done ok... but they are not there.. only the other 4 files..
any help ?
shahabazas said:
Need ROOT access
I tried these all to dump my phones ROM
http://bm-smartphone-reviews.blogspot.pt/2012/03/increasing-g11i-pro-and-hd7-internal.html
http://www.addictivetips.com/mobile/how-to-backup-your-android-phones-boot-recovery-and-system-partition-images/
And many others also where i can find the ways to dump ROM but no success then i can across this site
http://android.podtwo.com/romdump/
but still dint got success then thaught to just do some changes in the steps and then had done those
1. I downloaded the romdump_v82b.zip from http://android.podtwo.com/romdump/
2. Copy and paste the romdump file to /data/local/(open root browers /root access file manager and then go to data folder and then open local folder and paste the file romdump)
3. Long press romdump file and select permission and check all boxes.
4. Created a folder name romdump in sd card and
5. Open Terminal Emulator in phone and followed the steps below mentioned and got the ROM dumped in my sd card
$ export PATH=/data/local/bin:$PATH
$ su
# chmod 04755 /data/local/romdump
# /data/local/romdump
You will see all the things whats going on below if you see this then you will get the ROM dumped if not then follow the steps once again
Android ROM dumper v0.82b
(c)2011 Sebastian404
Device : ALPS.GB.FDD2.MP.V3.9
Creating required files... done.
Opening mtd table... done.
Dumping kernel config... /proc/config.gz: No such file or directory
done.
Dumping boot partition... done.
Dumping recovery partition... done.
Dumping system partition... done.
Creating Checksums... done.
Cleaning up... done.
All done.
#
Click to expand...
Click to collapse
Just a stupid question. How do you reverse "$ export PATH=/data/local/bin:$PATH" Every time I open terminal, it shows me export PATH=/data/local/bin:$PATH which is kinda annoying.
it warks for all andorid phone?
Thank you. Worked perfectly for me after struggling to get the recovery images from the generic Proscan PLT7035B using other techniques
Cheers.:good:
Laurentius26 said:
Dear Op, thank you for the dump method.
I'm trying to dump the rom of my rooted HTC One X but I get the following error.
Any idea what I'm doing wrong?
Click to expand...
Click to collapse
I have this problem too
Hi all,
This guide uses the built-in SSH server on the phone that gets activated once you enable Device Discovery to give us TRUE full file system access. MTP doesn't truly give full file system access as there are files and folders that aren't accessible still.
NOTE: The automation of the steps listed in this whole guide has been incorporated into an easy GUI within @gus33000 's app called Interop Tools. Big thanks to him for taking the time to simplify this whole process.
Many thanks to @gus33000 [For the simplification and guinea pig process ] and @black_blob [ For making me try the UMCIAuditMode trick again]!
Manual Steps for SFTP
Tools needed
@djamol's Root Tool , or even the OEMSetting.reg tweak that @WojtasXda came up with
Some SFTP program (Swish Easy SFTP works the BEST, WinSCP works second best, but for some reason it can't read the root C: drive from SFTP).
Steps:
If you're using @djamol's Root Tool, use @vcfan's Lumia Registry Editor for this
The following keys should be set to the following string values under the Path of System\Currentcontrolset\control\ssh\sirepuser
Represented in this guide as key: value
stfp-home-dir : C:\
default-home-dir : C:\
sftp-mkdir-rex : .*
sftp-open-dir-rex : .*
sftp-read-file-rex : .*
sftp-remove-file-rex : .*
sftp-rmdir-rex : .*
sftp-stat-rex : .*
sftp-write-file-rex : .*
auth-method : password
user-pin : 1234
After you've verified that at least one of these keys have been set, exit the app
[*] Go to the phone settings app and put your Windows 10 Mobile phone in Developer Mode, activate Device Discovery then turn on Pair mode
[*] Pair to your phone using WConnect, either from usb connect mode ("wconnect usb") or IP (wconnect youripaddress) using the pin on your device
[*] When this is complete, go to %USERPROFILE%\appdata\local\Microsoft\WConnectSrv. In this directory, you should see a privkey.pem file. Hold on to this
[*] Open up PuttyGen, click on the Conversions menu and then click Import key. Point to the path that contains the privkey.pem file, then press Okay
[*] Back in PuttyGen, click on the Save private key button and then save the .ppk file off somewhere that you'll remember.
[*] Open Pagent, click Add key and point to the .ppk file you generated before. You'll want to make sure this is ALWAYS running.
If using Swish
Go to Windows Explorer, dbl-click on the Swish icon under Devices and Drives. Click on Add SFTP Connection at the top
Enter in a label that you wish to save the connection present as .
Under host your phone's IP as Host.
Enter in Sirepuser as the User.
Enter / as the Path.
Press Create
Go back to the Swish folder then click on the connection that you just created (YOU MUST HAVE PAGENT RUNNING FOR THIS TO WORK).
When prompted, enter "1234" as the password.
If using WinSCP:
Open WinSCP. Underneath of the Password box, click on Advanced.
Click on the SFTP menu item and set the Preferred SFTP protocol version to 2
Click on the SSH -> Authentication menu item. Click Allow agent forwarding, click on the ellipsis next to Private key file and choose the .ppk file you saved from PuttyGen
Press Ok to save the settings
Back on the WinSCP main screen, enter in your phone's Wi-Fi IP into host name and for the User name, type in Sirepuser. Press save and then save this session as a "Site" in WinSCP
Login. When prompted, enter "1234" as the password.
You'll receive an error initially about not being able to browse /C/ and blah blah. You can right-click and click on Goto Folder. /C/Data will be a nice folder to start at since that's where most of the goodies are.
Voila, you should know be able to have full file system access.
Now there are a FEW caveats to this..
If you're looking to modify/download any of the important files in the AOW folder, you won't be able to. For SOME REASON, it's returning "No such file or directory" if you try to download/modify some certain files. It will also return this if you try to do the same for the registry hives.
If you happen to remove all paired pins on your phone, you must add pin from the phone and use the pin as the password to your SFTP session
I'm tired of my SFTP access cutting out because the WiFi disappears when the screen goes to lock >_<. What do I do?!?!!?
Using the same Lumia Registry Editor from Djamol's Root Tool, Head to the \system\currentcontrolset\services\keepwifionsvc Path and set the following DWORD value
Start => 2
For some reason the service that keeps wifi running even while the screen is under lock is disabled on 10512. This enables it. Reboot and you'll have WiFi working under lock screen on 10512.
Manual Steps for running CMD over SSH (assuming you've done the SFTP steps above) Redstone builds required. 10586.XXX builds will NOT work
Tools Needed:
IoT Insider Preview ISO
Interop Tools - Download the latest arm package and all packages from the Dependencies directory. Install the dependencies first, THEN install the app.
Pageant
Putty
Steps:
First, you'll need to download the Windows IoT Core Insider Preview ISO. Mount it and then install the MSI. Next, you'll need to go into Disk Management (diskmgmt.msc) and create a new 4GB VHD by clicking Action-> Create VHD. Set the location to any place you wish for it to be, set the size to 4GB and keep the rest the same. Pay attention to the disk number shown in the Disk Management screen after you create and mount that VHD (They have a blue drive icon to the left of them).
When this is complete, open up an elevated command prompt. Go to C:\Program Files (x86\Microsoft IoT\FFU.
Run the following command:
Code:
dism.exe /Apply-Image /ImageFile:flash.ffu /ApplyDrive:\\.\PhysicalDriveN /SkipPlatformCheck
Where N is the disk number. At this point, you should start seeing a bunch of volumes created. The MainOS volume is the one we'll care about.
Go to that drive and copy the Windows\System32\cmd.exe and Windows\system32\en-us\cmd.exe.mui to your phone's Document's folder.
Next step is to open up the Interop Tools app, and tap on the Interop Unlock menu item from the hamburger menu. Select the option to restore NDTKSvc, reboot.
When the device comes back up, re-open Interop Tools and this time click on the Registry Editor from the hamburger menu.
Enter the following values, then press Write Data:
Registry Hive : HKEY_LOCAL_MACHINE
Registry Type: String
Registry Key Path: SYSTEM\Controlset001\Control\SSH\Sirepuser
Registry Value Name: default-shell
Registry Value Data: C:\Data\Users\Public\Documents\cmd.exe
Write this key tap on the hamburger menu and go to the Registry Browser. Travel to HKEY_LOCAL_MACHINE -> SYSTEM -> ControlSet001 -> Control -> Ci.
Tap the + button on the application bar and make sure the values are set to the following and then press Write:
Registry Hive: HKEY_LOCAL_MACHINE
Registry Type: Integer
Registry Key Path: SYSTEM\ControlSet001\Control\CI
Registry Value Name: UMCIAuditMode
Registry Value Data: 1
This actually enables the execution of unsigned executables. This is how we end up making CMD and the other programs work ^_^.
Reboot your phone. Wait a good 3-5 minutes before you try doing anything because your phone will be acting very unstable (Some apps crashing, and others working).
While you have pageant open and the private key added, open up a putty SSH session to your phone using the username of Sirepuser. You should be delighted at this point (If you did everything correctly) to see a Command Prompt. You should be getting random resource string errors when you try typing DIR, etc and this is due to the fact that we don't have the mui string in the correct place. Let's fix that.
ONE BIG THING TO NOTE: running CMD in SSH is very sensitive to keystrokes. If you are typing a command and press backspace even once, then the command won't send at all. It will state that it doesn't recognize what you're doing, so be sure to type these things in FLAWLESSLY (yeah it's annoying)
What we want to do now is then copy the cmd.exe to C:\Windows\System32 and the cmd.exe.mui to C:\Windows\System32\en-US. Run the following commands:
copy c:\Data\Users\Public\cmd.exe c:\Windows\System32
copy c:\Data\Users\Public\cmd.exe.mui c:\Windows\System32\en-US
Back on your phone, go back to Interop Tools and click on the Registry Editor. Follow the same exact steps as you did for changing the default-shell key, but make one change:
Registry Value Data: C:\Windows\system32\cmd.exe
At this point, restart your putty session and then you'll be good to go with CMD running over SSH as SYSTEM!
Extra:
There was a reason I said to copy off the system32 folder somewhere... If you follow the same process to get the files to your Documents folder and move them over to system32, you can have quite a bit of exes to run from the command line. The easiest thing to do is to use xcopy to get everything there.
Extra #2:
You can run .NET Console apps in CMD if they are named the following 3 names: TailoredDeploy.exe, WConnectAgent.exe or WConnectAgentLauncher.exe.
Make a directory on your SD Card named "test" or put it in the test directory on your phone's C: drive and it should go. Beware that the runtime is weird on the phone and not ALL things are possible to do with a .NET Console app
PLEASE... For the love of god DO NOT add DefApps to the Administrators group if you don't want all of your apps to stop working
Have fun ^_^
Also...
USE THIS AT YOUR OWN RISK! I AM NOT RESPONSIBLE IF YOU BLOW UP YOUR PHONE ON PURPOSE OR BY ACCIDENT
Hi, snickler! Can I have your permission to repost your tut? It's great and I wanna share with everyone since everyone's really hoping for a full fs access. Of course, i will link your post and add you and the others to the disclaimer.
OH My god . very good so fast . forget MTP Full FS for ever
ngame said:
OH My god . very good so fast . forget MTP Full FS for ever
Click to expand...
Click to collapse
"Theoretical Full FS"
I've tried, but failed
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
@zetvn, did you follow ALL steps? Make sure Device Discovery is on and that your phone's WiFi is on. That message basically means you have a timeout. Also check your IP address and see if it is the correct WiFi address
ADeltaX said:
"Theoretical Full FS"
Click to expand...
Click to collapse
It's full access until you want to modify any of the IMPORTANT files in the AOW directory lol. I'll see how I can get around that and post more, but yes this IS indeed full access.
snickler said:
It's full access until you want to modify any of the IMPORTANT files in the AOW directory lol. I'll see how I can get around that and post more, but yes this IS indeed full access.
Click to expand...
Click to collapse
I was replying about MTP, not about SSH access. lol
. Have you gotten any closer to rooting AOW @ADeltaX?
Is there any way to copy files to C:\Windows\Fonts in the phone without the PC?
snickler said:
. Have you gotten any closer to rooting AOW @ADeltaX?
Click to expand...
Click to collapse
70% yes.
Adb shell is now as root user.
SU binary works fine.
Busybox too.
Superuser app seems to work too.
BUT
Apps can't reference from superuser app because of limit of project astoria caused by some modified libs. (stderr stdout = null)
SU binary refernce from libc.so and it's also modified....
ADeltaX said:
70% yes.
Adb shell is now as root user.
SU binary works fine.
Busybox too.
Superuser app seems to work too.
BUT
Apps can't reference from superuser app because of limit of project astoria caused by some modified libs. (stderr stdout = null)
SU binary refernce from libc.so and it's also modified....
Click to expand...
Click to collapse
Brilliant! Is it on your thread yet? If so, point me to it
snickler said:
Brilliant! Is it on your thread yet? If so, point me to it
Click to expand...
Click to collapse
Not yet, I need to upload these files and create a new thread.
I have a very slow connection, so probably will be ready within 2-4 hours :\
I'll mention you if i'll open the thread/the file is ready.
ADeltaX said:
Not yet, I need to upload these files and create a new thread.
I have a very slow connection, so probably will be ready within 2-4 hours :\
I'll mention you if i'll open the thread/the file is ready.
Click to expand...
Click to collapse
Awesome! Yeah, definitely make a new thread for this. BTW, I updated my OP to include a reg key change to enable WiFi under lock screen. It may not be useful for everyone connecting via USB, but for those on IP it will be VERY helpful
guys please answer: Is there a way to copy files to fonts folder from the phone without using PC?
MrMHK said:
guys please answer: Is there a way to copy files to fonts folder from the phone without using PC?
Click to expand...
Click to collapse
Look at Djamol's Root Tool. There's utilities in there that you should be able to move files with.
Time to play... Thanks for this!
Invite me too
ADeltaX said:
Not yet, I need to upload these files and create a new thread.
I have a very slow connection, so probably will be ready within 2-4 hours :\
I'll mention you if i'll open the thread/the file is ready.
Click to expand...
Click to collapse
Invite me too plz, I want to learn much & much again...
Lost...
Hey there i am following the instructions as written, went to install the vcREG bootstrap and the instructions they give is to apply it to the reinstalled Extras+Info app on the SD card. well when i try to download it it says the app is no longer available? is there a work around?
AteBitDesigns said:
Hey there i am following the instructions as written, went to install the vcREG bootstrap and the instructions they give is to apply it to the reinstalled Extras+Info app on the SD card. well when i try to download it it says the app is no longer available? is there a work around?
Click to expand...
Click to collapse
You didn't follow instructions. It states to use Djamol's root tool and use the Lumia Registry Editor within it that is vcReg's.