Develop Bugs

A new method for ROOTing your xoom!!!

I do not know why you say this...
MOD EDIT: Rooters beware. Proceed with extreme caution, as these are highly uncharted waters.
Hi,
I am here to provide you a new method in rooting your xoom, it does not require to flash the decrypted boot.img image.
I have tried it only on my Wifi XOOM, which is a UK version. (With a Japan version of ROM, downloaded from Motodev and upgrade to 3.1)
***EDIT***
I have also tried on a HK 3g xoom (which shows MZ601 in MTP but MZ602 in fastboot). It works without any problem, and internal storage preserved untouched.
===============================================================
I am NOT a xoom developer, nor a rom cook. I am just a user of xoom, which know
a little on developing and are willing to try new things.
So, I can not be sure that the method below works on your device. By following the
things below, your xoom may have a chance to brick.
I am not responsible for any brick or mulfunction device.
===============================================================
To root your xoom, you should start with flashing your device with the clockworkmod recovery (Please refer to the post by solarnz).
After flashing the clockworkmod recovery, do the following.
1. Download the attached ROOT.zip, place it on the root directory of the external sd card, and rename it to update.zip
2. Restart your device to the recovery by:
Type "adb reboot recovery" from your pc
OR press volumn down ~2 seconds after the motorola logo appears when the device starts,
then volumn up when "-->Android recovery" appears.
3. Apply the update in the recovery.
That's it. Your device should be already rooted.
=======================================================================
I am not the inventor of the method, I think about this since I have a Samsung i9000,
and the method of rooting the i9000 is by applying a update.zip file.
I have created the ROOT.zip file by changing the i9000 root zip file with the newer su and superuser.apk (From here: http://forum.xda-developers.com/showthread.php?t=1010568)
I have also changed the updater-script in order to let the updater mount the correct partition for the update.
I am not sure if this update applies to other devices (especially for the 3g ones). This should work if the system partition have name "/dev/block/platform/sdhci-tegra.3/by-name/system".
I would like to thank solarnz for providing the clockmodwork recovery for xoom,
the one who invented the method of rooting the i9000 with a update.zip (I cannot find who make that, sorry...),
and also Xaositek for providing the su and superuser.apk files (I am too lazy to find it by myself...).
========================================================================
That's all. Please try on your device (especially for those stock 3.2) if you would like to take some risk, and report if it is success or not.
Thanks.

eddielo said:
Hi,
I am here to provide you a new method in rooting your xoom, it does not require to flash the decrypted boot.img image.
I have tried it only on my Wifi XOOM, which is a UK version. (With a Japan version of ROM, downloaded from Motodev and upgrade to 3.1)
===============================================================
I am NOT a xoom developer, nor a rom cook. I am just a user of xoom, which know
a little on developing and are willing to try new things.
So, I can not be sure that the method below works on your device. By following the
things below, your xoom may have a chance to brick.
I am not responsible for any brick or mulfunction device.
===============================================================
To root your xoom, you should start with flashing your device with the clockworkmod recovery (Please refer to the post by solarnz).
After flashing the clockworkmod recovery, do the following.
1. Download the attached ROOT.zip, place it on the root directory of the external sd card, and rename it to update.zip
2. Restart your device to the recovery by:
Type "adb reboot recovery" from your pc
OR press volumn down ~2 seconds after the motorola logo appears when the device starts,
then volumn up when "-->Android recovery" appears.
3. Apply the update in the recovery.
That's it. Your device should be already rooted.
=======================================================================
I am not the inventor of the method, I think about this since I have a Samsung i9000,
and the method of rooting the i9000 is by applying a update.zip file.
I have created the ROOT.zip file by changing the i9000 root zip file with the newer su and superuser.apk (From here: http://forum.xda-developers.com/showthread.php?t=1010568)
I have also changed the updater-script in order to let the updater mount the correct partition for the update.
I am not sure if this update applies to other devices (especially for the 3g ones). This should work if the system partition have name "/dev/block/platform/sdhci-tegra.3/by-name/system".
I would like to thank solarnz for providing the clockmodwork recovery for xoom,
the one who invented the method of rooting the i9000 with a update.zip (I cannot find who make that, sorry...),
and also Xaositek for providing the su and superuser.apk files (I am too lazy to find it by myself...).
========================================================================
That's all. Please try on your device (especially for those stock 3.2) if you would like to take some risk, and report if it is success or not.
Thanks.
Click to expand...
Click to collapse
How do you flash cwm if your device if locked? Also the purpose of the rooted boot.img is to allow you to mount your device for adb commands.
Sent from my PG86100 using Tapatalk

yeah no offense but this sounds a little sketch... I see you make a quote at the bottom asking people to report success if they try... I personally would not try this.
Unlocking and rooting is really not that hard and not very time consuming using current methods

Of course, for installing CWM, you have to unlock your device by using "fastboot oem unlock", but that will not brick your device anyway.
For this method, you do not need to issue adb commands to root your device, so no need to have a modified boot.img.
Also, for the current rooting methods, it is not 100% work on some device (like the HK 3g version, which reported missing of internal storage after rooting with currently available method), I would like to see if this work on that.

Rooters beware. Proceed with extreme caution, as these are highly uncharted waters.

eddielo said:
For this method, you do not need to issue adb commands to root your device, so no need to have a modified boot.img.
Click to expand...
Click to collapse
I think you missed my point. Rooted boot.img isn't used for rooting. Its used for adb commands like adb remount. Say i want to adb push a file to my xoom, ls a directory on my xoom, or adb rename system files. Those are all reason you need the rooted boot.img.

Sorry, this is not a rooting method. All what this is doing is flashing su, busybox and Superuser.apk.
There is more to rooting a device than this. You also need an insecure boot image.

I am sorry if I do not catch the real meaning of rooting a device.
What I think of rooting is to let my device, starting from everything stock, untouched, to a state that applications that need root, like Titanium backup or root explorer, works without problem.
I have tried on my two devices with this method, titanium backup works perfectly, root explorer can remount the system partition to rw and can successfully copy files and delete files from that.
The insecure boot.img image, as far as I know, provides everyone to use "adb remount" and make changes to the system directory. But my method do not need adb in copying the binaries and chmod them. You may call it flashing, but after that, su works without problem.
Please, try it first. If you think it is not a method of rooting, I am sorry about that.

Actually guys, don't dismiss him just yet, over in the Galaxy S II forums we only flash insecured images long enough to root the OS then flash back to a secure one, so you have root access but no remount or system r/w.
It's a (fairly) legitimate method and is exactly how I rooted my xoom this time round, well not exactly, I did it like this:
unlock
flash solarnz CWM
adb mount system r/w
push su and busybox
reboot
install superuser from market
done
This is how most people run their GSII and means you can use root apps but no insecure boot image (because the GSII shows a warning on every boot with insecure images and keeps a binary flash counter, cheeky samsung).
This will at least get you to the point where you can su from within android and dump your boot image to modify it yourself, which is what I just did to update my Euro 3G root guide.

So does this mean just "rooted".....like can't flash a rom?
Sent from my Xoom using XDA Premium App

roughneckboren said:
So does this mean just "rooted".....like can't flash a rom?
Sent from my Xoom using XDA Premium App
Click to expand...
Click to collapse
Rooting has nothing to do with installing a rom. To install a rom, you just need to unlock and fastboot flash CWM. This guide in noway helps you flash a rom.

alias_neo said:
Actually guys, don't dismiss him just yet, over in the Galaxy S II forums we only flash insecured images long enough to root the OS then flash back to a secure one, so you have root access but no remount or system r/w.
It's a (fairly) legitimate method and is exactly how I rooted my xoom this time round, well not exactly, I did it like this:
unlock
flash solarnz CWM
adb mount system r/w
push su and busybox
reboot
install superuser from market
done
This is how most people run their GSII and means you can use root apps but no insecure boot image (because the GSII shows a warning on every boot with insecure images and keeps a binary flash counter, cheeky samsung).
This will at least get you to the point where you can su from within android and dump your boot image to modify it yourself, which is what I just did to update my Euro 3G root guide.
Click to expand...
Click to collapse
Without an rooted boot.img your recovery will get wiped out every time you boot the OS.

So will this let you make a titanium backup of your data? That way you could recover your data after using the regular unlock method that erases everything?

silvinoa said:
So will this let you make a titanium backup of your data? That way you could recover your data after using the regular unlock method that erases everything?
Click to expand...
Click to collapse
Yes and NO...
Yes this method will allow you to run titanium backup. But to use this method you have to unlock, which erases everything.

Would it be possible to root my sg2 USCC version of Epic4gtouch.

I was looking at the auto root for FB15 and was wanting to know if it would work for my phone, Android version: 2.3.6, Baseband: S:R760.01 K.FB14. Any help is greatly appreciated.
Sent from my SCH-R760 using Tapatalk

^^ Second this. Just got SCH-R760 (SGS II) from USCC, there is currently ZERO support. Thanks!

I've tried the ek02 autoroot three times and it's not able to push the files. SuperOneClick didn't work either.
Sent from my SCH-R760 using xda premium

themac79 said:
I was looking at the auto root for FB15 and was wanting to know if it would work for my phone, Android version: 2.3.6, Baseband: S:R760.01 K.FB14. Any help is greatly appreciated.
Sent from my SCH-R760 using Tapatalk
Click to expand...
Click to collapse
The fb15 on this phone is ics so not going to work on your GB ROM .....maybe steady Hawkin can make you a kernel to root it with Odin ....all you have to do is ask him he may do it
He may port cwm for you too don't hurt to ask
Sent from my SPH-D710 using xda premium

Epix4G said:
The fb15 on this phone is ics so not going to work on your GB ROM .....maybe steady Hawkin can make you a kernel to root it with Odin ....all you have to do is ask him he may do it
He may port cwm for you too don't hurt to ask
Sent from my SPH-D710 using xda premium
Click to expand...
Click to collapse
That would be great! Thanks for the advice, really appreciate it.

not working
from what I hear zergrush no longer works in 2.3.6. I tried manually installing but it fails on the USCC GS2 (SCH-R760)
[+] Found a GingerBread ! 0x00000118
[+] Found a Samsung, running Samsung mode
[*] Scooting ...
[*] Sleeping a bit (~40s)...
[*] Waking !
[*] Sending 149 zerglings ...
[*] Sleeping a bit (~40s)...
[*] Waking !
[*] Sending 189 zerglings ...
[-] Hellions with BLUE flames !

mostly working
So I tried it with my SCH-R760 SGS2 I was able to get root boot recovery. Having the FB14 kernel would make this a snap however the Epic 4g Touch is so close it mostly worked. I seem to have intermittent wifi problems but everything else appears to work without issue.
I got the kernel from step two WISHLINK:wiki.rootzwiki.com/index.php/Samsung_Epic_4G_Touch or directly WISHLINK:goo-inside.me/epic4gtouch/kernel/acs-eb30-clockwork-epic-touch-4g-sep-20-4-00-pm.tar
I tried sweet talking USCC, evidently I'm not as charming as I think I am they told me I'm screwed and don't yet have the re-image. However, the above has the phone working and rooted minus a few problems with wifi.
Good luck.

Margey said:
So I tried it with my SCH-R760 SGS2 I was able to get root boot recovery. Having the FB14 kernel would make this a snap however the Epic 4g Touch is so close it mostly worked. I seem to have intermittent wifi problems but everything else appears to work without issue.
I got the kernel from step two WISHLINK:wiki.rootzwiki.com/index.php/Samsung_Epic_4G_Touch or directly WISHLINK:goo-inside.me/epic4gtouch/kernel/acs-eb30-clockwork-epic-touch-4g-sep-20-4-00-pm.tar
I tried sweet talking USCC, evidently I'm not as charming as I think I am they told me I'm screwed and don't yet have the re-image. However, the above has the phone working and rooted minus a few problems with wifi.
Good luck.
Click to expand...
Click to collapse
If you can get the E4GT kernel to boot on your phone then just use it to install su onto your ROM (/system), then put back your original USCC kernel and you'll be rooted with everything working.
So basically if your adb shell has a "#" prompt, you can just use Auto Root Option A on your phone and install root onto your phone's ROM. Just ignore the zergrush status, even though it fails, the script is still smart enough to install root onto your rom in your situation.
Then to get your original kernel back, figure out which partition has the recovery.bin, which is an unused mirror of your original kernel/zImage.
In the case of E4GT, this is partition /dev/block/mmcblk0p6
To get the mirror of your zImage type the following in adb shell
Code:
cd /sdcard
dd if=/dev/block/mmcblk0p6 of=zImage bs=256 count=32765
Now it is very important that the partition you chose above is really the recovery.bin partition, otherwise the file you just created will essentially be junk and won't allow you to boot your phone (ie *IF* you installed it, your phone *would not boot*)
Assuming you had the correct partition, to install it as your running kernel, you can do
Code:
cd /sdcard
dd if=zImage of=/dev/block/mmcblk0p5 bs=256 count=32765
Please don't go jumping into this unless you fully understand what I suggested.
YOU CAN MAKE YOUR PHONE UNBOOTABLE IF YOU DO THINGS WRONG.
I don't have your phone and the partitions could be different, so I'm depending on you to figure out if things don't make sense.
If you are unsure, ask questions before doing anything.

While I'm just understanding partitions and the like I'm able to follow your instructions but the *IF* parts I'd like to question.
I have:
/dev/block/mmcblk0p6
and
/dev/block/mmcblk0p5
I'm not sure how this correlates to the recovery.bin unless it is apart of one of those files. So for the SCH-R760 with FB14 I'd be looking for how to verify this. I can easily run the suggested lines and looks like everything is there. However to get this far it's been several hours and I'm a bit gun shy as I have to work tomorrow and actually need my phone. Again thank you for the suggestions and help. I'm very close. Everything but wifi is working and very well.

did anyone try flashing the cwm from the touch. it should work because the mount points line up the same. if so i can finish the ics rom and give it to who ever is willing to try
---------- Post added at 09:13 PM ---------- Previous post was at 08:56 PM ----------
sfhub said:
If you can get the E4GT kernel to boot on your phone then just use it to install su onto your ROM (/system), then put back your original USCC kernel and you'll be rooted with everything working.
So basically if your adb shell has a "#" prompt, you can just use Auto Root Option A on your phone and install root onto your phone's ROM. Just ignore the zergrush status, even though it fails, the script is still smart enough to install root onto your rom in your situation.
Then to get your original kernel back, figure out which partition has the recovery.bin, which is an unused mirror of your original kernel/zImage.
In the case of E4GT, this is partition /dev/block/mmcblk0p6
To get the mirror of your zImage type the following in adb shell
Code:
cd /sdcard
dd if=/dev/block/mmcblk0p6 of=zImage bs=256 count=32765
Now it is very important that the partition you chose above is really the recovery.bin partition, otherwise the file you just created will essentially be junk and won't allow you to boot your phone (ie *IF* you installed it, your phone *would not boot*)
Assuming you had the correct partition, to install it as your running kernel, you can do
Code:
cd /sdcard
dd if=zImage of=/dev/block/mmcblk0p5 bs=256 count=32765
Please don't go jumping into this unless you fully understand what I suggested.
YOU CAN MAKE YOUR PHONE UNBOOTABLE IF YOU DO THINGS WRONG.
I don't have your phone and the partitions could be different, so I'm depending on you to figure out if things don't make sense.
If you are unsure, ask questions before doing anything.
Click to expand...
Click to collapse
Here is a mount print out of the sgs2 from uscc that i had someone give me.
http://pastebin.com/k0nXEcKt
---------- Post added at 09:19 PM ---------- Previous post was at 09:13 PM ----------
Can't they just odin flash or heimdall flash the kernel/recovery in, that would be easier, then they truly don't have to root the rom first.

ironfisted said:
Can't they just odin flash or heimdall flash the kernel/recovery in, that would be easier, then they truly don't have to root the rom first.
Click to expand...
Click to collapse
They already did that. That is why they have rooted adb through the kernel. The issue is they are using an Epic 4G Touch kernel which causes some things to not work on their phone. I am suggesting they install their root functionality in the ROM and restore their original USCC kernel/zImage.
Since (according to them) they don't have a package to return to stock, basically they don't have a kernel/zImage to flash in ODIN because it was never provided to them.
Their original kernel/zImage is gone because they flashed over it (presumably before backing it up). That is why I gave them instructions to pull the backup kernel/zImage. Once they do that, whether they install that zImage within Android or through ODIN is not really important. The important part is they get the correct partition to use to pull the backup from so that they have a valid kernel/zImage to flash.
---------- Post added at 09:55 PM ---------- Previous post was at 09:42 PM ----------
Margey said:
While I'm just understanding partitions and the like I'm able to follow your instructions but the *IF* parts I'd like to question.
I have:
/dev/block/mmcblk0p6
and
/dev/block/mmcblk0p5
I'm not sure how this correlates to the recovery.bin unless it is apart of one of those files. So for the SCH-R760 with FB14 I'd be looking for how to verify this. I can easily run the suggested lines and looks like everything is there. However to get this far it's been several hours and I'm a bit gun shy as I have to work tomorrow and actually need my phone. Again thank you for the suggestions and help. I'm very close. Everything but wifi is working and very well.
Click to expand...
Click to collapse
Based on the previous pastebin that was posted it looks like the partitions on the USCC GS2 line up with the Sprint E4GT so it should be safe to run what I suggested.
Both /dev/block/mmcblk0p5 and /dev/block/mmcblk0p6 are linux device files that map to partitions in your phone's EMMC memory.
mmcblk0p5 is labeled zImage (on Sprint) and mmcblk0p6 is labeled recovery.bin (on Sprint). They have the exact same contents. zImage is the kernel and recovery for your phone.
recovery.bin is not being used (on Sprint) so it basically ends up being a backup of your zImage/kernel. Since you overwrote your USCC zImage with the Sprint E4GT zImage (presumably before backing it up) you cannot recover the original from your phone using the partition assigned to zImage.
I am suggesting you retrieve your original zImage from what is essentially a backup in the partition labeled recovery.bin (mmcblk0p6). This can then be installed in your zImage partition (mmcblk0p5) either directly through Android or through ODIN.
Once you create the zImage file as above, keep a copy off your phone on your PC just in case.
The whole purpose of putting back your original USCC zImage/kernel is so all the features work again, but since your root was achieved through the kernel, putting back the original zImage/kernel would cause you to lose root. That is why I suggested, prior to putting back the original USCC kernel, you install persistent root inside your ROM (ie /system)
You can do that by running Auto Root - Option A and ignoring the Blue Hellions error. If your adb is rooted as you described above, Auto Root will still install persistent root in your ROM despite the failure of the zergrush exploit. Once you install the persistent root in your ROM, you can restore the original USCC kernel/zImage and still have root for your applications. You can confirm that Auto Root - Option A did its job by typing:
Code:
ls -l /system/xbin/su
and verifying su is there and it has the proper permissions. If you are unsure, post the output and I can confirm.

What didn't work? maybe its a matter of the rom difference that makes stuff not work. Just an idea. I was thinking of porting the ics rom over to the sgs2 for them.

ironfisted said:
What didn't work? maybe its a matter of the rom difference that makes stuff not work. Just an idea. I was thinking of porting the ics rom over to the sgs2 for them.
Click to expand...
Click to collapse
As mentioned by Margey's post, the wifi wasn't working well. wifi drivers are in the kernel. Margey installed just the kernel/recovery, not the ROM.

sfhub said:
As mentioned by Margey's post, the wifi wasn't working well. wifi drivers are in the kernel.
Click to expand...
Click to collapse
hmmm, so ics is still doable then. hmmmmmm

I just wanted to thank everyone for their help it is very much appreciated. I'm going to try what sfhub posted. I still have my stock kernel since I've been working and haven't had time to do anything. I will try and make a copy of my stock kernel. Can I push superuser into my rom using adb or do I need to flash the Epic 4G's kernel then push superuser and then flash my stock kernel back.
Sent from my SCH-R760 using xda premium

eureka
sfhub said:
They already did that. That is why they have rooted adb through the kernel. The issue is they are using an Epic 4G Touch kernel which causes some things to not work on their phone. I am suggesting they install their root functionality in the ROM and restore their original USCC kernel/zImage.
Since (according to them) they don't have a package to return to stock, basically they don't have a kernel/zImage to flash in ODIN because it was never provided to them.
Their original kernel/zImage is gone because they flashed over it (presumably before backing it up). That is why I gave them instructions to pull the backup kernel/zImage. Once they do that, whether they install that zImage within Android or through ODIN is not really important. The important part is they get the correct partition to use to pull the backup from so that they have a valid kernel/zImage to flash.
---------- Post added at 09:55 PM ---------- Previous post was at 09:42 PM ----------
Based on the previous pastebin that was posted it looks like the partitions on the USCC GS2 line up with the Sprint E4GT so it should be safe to run what I suggested.
Both /dev/block/mmcblk0p5 and /dev/block/mmcblk0p6 are linux device files that map to partitions in your phone's EMMC memory.
mmcblk0p5 is labeled zImage (on Sprint) and mmcblk0p6 is labeled recovery.bin (on Sprint). They have the exact same contents. zImage is the kernel and recovery for your phone.
recovery.bin is not being used (on Sprint) so it basically ends up being a backup of your zImage/kernel. Since you overwrote your USCC zImage with the Sprint E4GT zImage (presumably before backing it up) you cannot recover the original from your phone using the partition assigned to zImage.
I am suggesting you retrieve your original zImage from what is essentially a backup in the partition labeled recovery.bin (mmcblk0p6). This can then be installed in your zImage partition (mmcblk0p5) either directly through Android or through ODIN.
Once you create the zImage file as above, keep a copy off your phone on your PC just in case.
The whole purpose of putting back your original USCC zImage/kernel is so all the features work again, but since your root was achieved through the kernel, putting back the original zImage/kernel would cause you to lose root. That is why I suggested, prior to putting back the original USCC kernel, you install persistent root inside your ROM (ie /system)
You can do that by running Auto Root - Option A and ignoring the Blue Hellions error. If your adb is rooted as you described above, Auto Root will still install persistent root in your ROM despite the failure of the zergrush exploit. Once you install the persistent root in your ROM, you can restore the original USCC kernel/zImage and still have root for your applications. You can confirm that Auto Root - Option A did its job by typing:
Code:
ls -l /system/xbin/su
and verifying su is there and it has the proper permissions. If you are unsure, post the output and I can confirm.
Click to expand...
Click to collapse
I doubled checked su, good. Re-ran the image per your suggestion, all good. I have wifi, I have 3G, I have phone and I have root and CWM.
Thank you.

I have been trying to use the auto-root method after installing the recovery kernel and it keeps saying waiting for device to connect? How can I get it to see my device?

themac79 said:
I have been trying to use the auto-root method after installing the recovery kernel and it keeps saying waiting for device to connect? How can I get it to see my device?
Click to expand...
Click to collapse
You can actually just copy the files to your sdcard and run the script by hand, but the specific reason it is waiting for your phone is because ADB cannot see your phone.
That might be because you haven't enabled USB debugging. It might be because of driver problem. It could be because your ##8778# setting is incorrect.
Have you ever been able to use "adb" with your phone?

sfhub said:
You can actually just copy the files to your sdcard and run the script by hand, but the specific reason it is waiting for your phone is because ADB cannot see your phone.
That might be because you haven't enabled USB debugging. It might be because of driver problem. It could be because your ##8778# setting is incorrect.
Have you ever been able to use "adb" with your phone?
Click to expand...
Click to collapse
I finally got it, the problem was I was missing a driver for my phone. Now I'm trying to make a copy of my stock kernel using your instructions but for some reason when I type cd /sdcard it says it can't find the path specified. It shows my device listed, I don't know what I'm doing wrong? Wait..do you mean to use my phone to make a copy?

themac79 said:
I finally got it, the problem was I was missing a driver for my phone. Now I'm trying to make a copy of my stock kernel using your instructions but for some reason when I type cd /sdcard it says it can't find the path specified. It shows my device listed, I don't know what I'm doing wrong?
Click to expand...
Click to collapse
Are you doing that from an "adb shell"?
You can replace with "cd /data/local/tmp", it can really be any directory where you have write permissions.
If you want to be more bold, you can skip the step of creating a zImage file and write directly from the recovery.bin partition into the zImage partition. The zImage file is nice because if you screw things up and your phone won't boot, you can still use ODIN to flash the zImage (assuming you moved it to your PC)
Code:
dd if=/dev/block/mmcblk0p6 of=/dev/block/mmcblk0p5 bs=256 count=32765

[Q] How/what to get for a backup of my 4.0.2 yakjuzs-variant? Also, how to get AOSP?

I have the Hong Kong variant of the Galaxy Nexus GSM (yakjuzs) running 4.0.2.
I haven't even unlocked the bootloader yet. (Stupid, I know.)
I've had the phone long enough to know "how it's supposed to behave" so that when I unlock and root a ROM I'll know if something is behaving badly, so now I'm looking to switch to the latest/greatest yakju (who comes up with these terrible names?) 4.0.4.
However, before I do so, I'd like a perfect backup of my phone 'as-is' so that if something goes horribly, horribly wrong I can get back to the 'original state'.
Now, I've done some reading around and I'm confused. It looks like I need several different kinds of backups, and I'm not even sure if all of them are going to be 'worth it'.
First, I found the Galaxy Nexus Toolkit. It only mentions the yakju variant, not my yakjuzs, but it "seems to" work for making a backup of my phone's data. I just haven't tested the backups, nor do I know how to, so I don't know if it's actually working or not.
I'm just not sure what it's backing up. It's obviously NOT backing up the ROM or radios (is there anything else it's not backing up?), and I don't know what it means by "System Apps", nor "apps data". Obviously it's backing up all the APKs I've installed from the market, etc. That part I get. What else is it backing up? (I know it's also backing up the virtual SD card if I tell it to, as long as I uninstall Google Currents first, which seems to have a directory structure that doesn't jive well with Win7.)
Secondly, I found this thread about backing up the Desire S which I'm going to take a wild guess and say that the advice given in it still applies to my phone as well: namely that a "NANDROID" backup will backup the ROM and radios and other 'stuff' on my phone that the GNT doesn't grab.
Thing is: I don't know what "Clockwork Recovery Mod" or "NANDROID" are, or where to get them. If I Google "Clockwork Recovery Mod", it takes me to this page which doesn't have anything on it called "Recovery Mod" at all. Is it the "ROM Manager" app?
A little more Googling suggests that this is true, or at least that I can get "Clockwork Recovery Mod" through that app (weird way of getting it, honestly), but I thought I'd ask here first.
Is "NANDROID" a part of CRM? I'd use this, which is the first thing that shows up when I Google 'Nandroid', but it seems to be four years old, and references phones that I might not even be able to find on eBay, so I'm thinking it's not a trustworthy source.
Of course, all of this requires root, right? I've been told this requires unlocking the Bootloader, though I do see this exploit that lets you get Root without doing that. So, basically, I can root with that exploit, then download that 'ROM Manager', use it to flash CRM over my locked Bootloader, then use that to do a NANDROID backup of my phone?
Right?
And, regarding that whole 'rooting/superuser' thing, I know that the 'standard' is to use 'superuser.apk' for root permissions for apps. I've read about SuperSU, the 'superior' superuser alternative. Does that require superuser.apk, or can it be used as a replacement for it? And if it can be a replacement for superuser.apk, does that mean I can use it *instead* of superuser.apk in that root exploit? How would I get the APK to use? Buy it on the market, and then somehow (adb pull? Is that it?) take the APK off of my phone and on to my computer?
I'm asking mostly because any app that checks for 'root permissions' (such as Google Movies Play Movies Play Play Movies or whatever it's called) apparently dislikes root permissions being available on a phone, but only checks for a file called 'superuser.apk'. If I don't have that file, no problem, right?
Finally, how do I get the 4.0.4 yakju straight-from-Google ROM? Do I need new radios for that? Where do I get those? No, I don't want AOKP or CM9.

Moleculor said:
[snip]
Of course, all of this requires root, right? I've been told this requires unlocking the Bootloader, though I do see this exploit that lets you get Root without doing that. So, basically, I can root with that exploit, then download that 'ROM Manager', use it to flash CRM over my locked Bootloader, then use that to do a NANDROID backup of my phone?
Right?
Click to expand...
Click to collapse
Right. Root with the exploit, install ROM Manager from the market, use ROM Manager to flash CWM recovery, boot into CWM recovery, and perform a (nandroid) backup. This will be saved in a folder in /sdcard. Now you have to pull all of the data off your phone somehow*, and save it to your computer. Then follow this guide to flash yakju 4.0.4.
*The easiest way to pull the data off your device is to boot into CWM recovery, and plug into your computer (assuming you have the drivers set up properly), open a command prompt in the directory where you have your adb.exe file, and type adb pull /data/media. This will put everything in /sdcard onto your computer.
Moleculor said:
And, regarding that whole 'rooting/superuser' thing, I know that the 'standard' is to use 'superuser.apk' for root permissions for apps. I've read about SuperSU, the 'superior' superuser alternative. Does that require superuser.apk, or can it be used as a replacement for it? And if it can be a replacement for superuser.apk, does that mean I can use it *instead* of superuser.apk in that root exploit? How would I get the APK to use? Buy it on the market, and then somehow (adb pull? Is that it?) take the APK off of my phone and on to my computer?
I'm asking mostly because any app that checks for 'root permissions' (such as Google Movies Play Movies Play Play Movies or whatever it's called) apparently dislikes root permissions being available on a phone, but only checks for a file called 'superuser.apk'. If I don't have that file, no problem, right?
Finally, how do I get the 4.0.4 yakju straight-from-Google ROM? Do I need new radios for that? Where do I get those? No, I don't want AOKP or CM9.
Click to expand...
Click to collapse
Just flash su and you will be fine. There are still some issues with supersu that have not been sorted out yet. (And by the way, the file that the apps look for is su, not Superuser.apk. Superuser.apk does not give root access - it basically acts as a firewall for apps requesting root from the su binary.)

efrant said:
Right. Root with the exploit, install ROM Manager from the market, use ROM Manager to flash CWM recovery, boot into CWM recovery, and perform a (nandroid) backup. This will be saved in a folder in /sdcard.
Click to expand...
Click to collapse
Ok, this is one thing I've never understood: I don't have an /sdcard, or at least I don't see it. Is this because I don't have root, and thus when I access my phone's internal storage, it's shortcutting me directly into /sdcard as if it's the root directory, thus I never see the directory /sdcard is in?
efrant said:
Now you have to pull all of the data off your phone somehow*, and save it to your computer. Then follow this guide to flash yakju 4.0.4.
*The easiest way to pull the data off your device is to boot into CWM recovery,
Click to expand...
Click to collapse
Ok. Wat? I've booted into the stock bootloader once before, would I do that same process to get into CWM recovery once CWM recovery is installed? And can a CWM recovery be installed on a phone with a locked bootloader (but with root)? Or should I just bite the bullet and unlock the bootloader?
efrant said:
and plug into your computer (assuming you have the drivers set up properly), open a command prompt in the directory where you have your adb.exe file, and type adb pull /data/media. This will put everything in /sdcard onto your computer.
Click to expand...
Click to collapse
Wait, what? Ok. I'm an ancient IBM-DOS and MS-DOS user, so I 'get' directory structures, but... where exactly is /sdcard? What's the directory structure of the phone like? Because /data/media doesn't exactly scream "/sdcard" to me.
efrant said:
Just flash su and you will be fine. There are still some issues with supersu that have not been sorted out yet.
Click to expand...
Click to collapse
Aww. SuperSU looked so nifty.
efrant said:
(And by the way, the file that the apps look for is su, not Superuser.apk. Superuser.apk does not give root access - it basically acts as a firewall for apps requesting root from the su binary.)
Click to expand...
Click to collapse
Hm. So if the APK were to instead look for... say... "tacolicker" instead of "su" for root access, apps that detect root would be less likely to find root access and be all DRM-y?
----
Also, I downloaded the binaries for 4.0.4 from the AOSP, including radios, drivers, etc. Do I leave them in the tarballs? (Those are called tarballs, right? The TGZ files? Only used linux for two minutes in my life, not counting this phone,) Or do I extract them first? And I'm assuming some of this goes onto my phone... somehow?

Moleculor said:
Ok, this is one thing I've never understood: I don't have an /sdcard, or at least I don't see it. Is this because I don't have root, and thus when I access my phone's internal storage, it's shortcutting me directly into /sdcard as if it's the root directory, thus I never see the directory /sdcard is in?
Click to expand...
Click to collapse
Yes, it is shortcutting you there.
Moleculor said:
Ok. Wat? I've booted into the stock bootloader once before, would I do that same process to get into CWM recovery once CWM recovery is installed? And can a CWM recovery be installed on a phone with a locked bootloader (but with root)? Or should I just bite the bullet and unlock the bootloader?
Click to expand...
Click to collapse
Yes, CWM can be installed with root and a locked bootloader. What I suggested to do is root, install CWM, backup, then unlock.
Moleculor said:
Wait, what? Ok. I'm an ancient IBM-DOS and MS-DOS user, so I 'get' directory structures, but... where exactly is /sdcard? What's the directory structure of the phone like? Because /data/media doesn't exactly scream "/sdcard" to me.
Click to expand...
Click to collapse
That is because /sdcard is just a symlink (linux term -- just a link/shortcut) to /data/media, which is the actual directory.
Moleculor said:
Aww. SuperSU looked so nifty.
Hm. So if the APK were to instead look for... say... "tacolicker" instead of "su" for root access, apps that detect root would be less likely to find root access and be all DRM-y?
Click to expand...
Click to collapse
Yes.
Moleculor said:
Also, I downloaded the binaries for 4.0.4 from the AOSP, including radios, drivers, etc. Do I leave them in the tarballs? (Those are called tarballs, right? The TGZ files? Only used linux for two minutes in my life, not counting this phone,) Or do I extract them first? And I'm assuming some of this goes onto my phone... somehow?
Click to expand...
Click to collapse
Follow the directions in the link I provided in my previous post. If you do that, you will need to extract everything: the tgz, the tar, and the zip inside.

efrant said:
Yes, CWM can be installed with root and a locked bootloader. What I suggested to do is root, install CWM, backup, then unlock.
Click to expand...
Click to collapse
Ok, just to completely clarify... to boot into CWM Recovery, I hold both volume buttons and turn the phone on? Or is that just the bootloader, and Recovery is something different? Or am I right, but I'm missing a step?
efrant said:
That is because /sdcard is just a symlink (linux term -- just a link/shortcut) to /data/media, which is the actual directory.
Click to expand...
Click to collapse
S'what I thought. They use the same thing in Win7, apparently.
Thanks!

Moleculor said:
Ok, just to completely clarify... to boot into CWM Recovery, I hold both volume buttons and turn the phone on? Or is that just the bootloader, and Recovery is something different? Or am I right, but I'm missing a step?
Click to expand...
Click to collapse
To boot into CWM recovery (after you flash it), you can:
1) Hold both volume buttons and turn the phone on to get you into the bootloader, then scroll with the volume buttons until you see recovery and then select it with the power button; or
2) Install Quick Boot from the market. Awesome app.
---------- Post added at 10:38 PM ---------- Previous post was at 10:34 PM ----------
Moleculor said:
[snip]
Also, I downloaded the binaries for 4.0.4 from the AOSP, including radios, drivers, etc. Do I leave them in the tarballs? (Those are called tarballs, right? The TGZ files? Only used linux for two minutes in my life, not counting this phone,) Or do I extract them first? And I'm assuming some of this goes onto my phone... somehow?
Click to expand...
Click to collapse
And you don't need to download the binaries. All you need to download is the IMM76D "factory images" found here: http://code.google.com/android/nexus/images.html

efrant said:
To boot into CWM recovery (after you flash it), you can:
1) Hold both volume buttons and turn the phone on to get you into the bootloader, then scroll with the volume buttons until you see recovery and then select it with the power button; or
2) Install Quick Boot from the market. Awesome app.
Click to expand...
Click to collapse
Excellent. Thanks. So Recovery shows up as another option in the bootloader. Or something.
efrant said:
And you don't need to download the binaries. All you need to download is the IMM76D "factory images" found here: http://code.google.com/android/nexus/images.html
Click to expand...
Click to collapse
Ohh, good to know, since I downloaded both that AND the drivers. So, no drivers, just that one image. K.

Dumb question: What's 'fastboot'? I "get" adb... but what's "fastboot"?

Moleculor said:
Dumb question: What's 'fastboot'? I "get" adb... but what's "fastboot"?
Click to expand...
Click to collapse
Nexus devices have two interfaces: fastboot and ADB.
Fastboot commands (used via the fastboot.exe file) can only be used when your device is booted in the bootloader (or fastboot mode).
ADB commands (used via the adb.exe file, along with two .dll files) can only be used when your device is booted normally with USB Debugging enabled in your device's settings, or booted into CWM.
They each do different things. For example, fastboot allows you to unlock/re-lock your bootloader, flash images to partitions on your device, boot kernels on your device without flashing them, erase partitions, etc. ADB has a set of commands that let you interface with the OS. As well, it allows you to execute shell commands directly on the phone using adb shell.

Aha. Weird that there would be two separate interfaces... unless technically the bootloader and Android are two separate OSes?
Final questions I hope (since I have your attention)... this might actually be more appropriate in the exploit thread, but once I have root access, how do I clean up after myself? i.e. Delete the files I put into /data/local/tmp? Did I create the /tmp directory when I pushed those files onto the phone, or is there other stuff in there too?
EDIT:Scratch that, I just used cd, ls, and rm to remove the files, rmdir to remove the ../tmp directory... but now I note that /data/local is empty too. Can I safely delete that?
Does the ROM Manager ROM backup thing that I'm running (is this nandroid? I didn't have to boot into the bootloader to do it) back up the /data/local/tmp directory? If so, I think I might need to delete my ROM backup, delete those files, and rerun the backup.
It's running now. I'm assuming it's dumping everything into one file, or something?
And is this the nandroid backup thing, or is that something in the recovery mode?
Actually, where can I read about the directory structure and all what each directory is for? /data/media is the fake SD Card, obviously, so what's /data/local? Etc.

Moleculor said:
Aha. Weird that there would be two separate interfaces... unless technically the bootloader and Android are two separate OSes?
Click to expand...
Click to collapse
Think of the bootloader as the BIOS, nothing more. The recovery is like a mini OS.
Moleculor said:
Final questions I hope (since I have your attention)... this might actually be more appropriate in the exploit thread, but once I have root access, how do I clean up after myself? i.e. Delete the files I put into /data/local/tmp? Did I create the /tmp directory when I pushed those files onto the phone, or is there other stuff in there too?
EDIT:Scratch that, I just used cd, ls, and rm to remove the files, rmdir to remove the ../tmp directory... but now I note that /data/local is empty too. Can I safely delete that?
Click to expand...
Click to collapse
No, you did not create the /tmp directory. And there is no harm in leaving the three files there, but feel free to remove them.
Moleculor said:
Does the ROM Manager ROM backup thing that I'm running (is this nandroid? I didn't have to boot into the bootloader to do it) back up the /data/local/tmp directory? If so, I think I might need to delete my ROM backup, delete those files, and rerun the backup.
Click to expand...
Click to collapse
Yes, a backup in CWM is called a nandroid backup. The three files that you copied there don't matter. They can be deleted at any time, with or without root.
Moleculor said:
It's running now. I'm assuming it's dumping everything into one file, or something?
And is this the nandroid backup thing, or is that something in the recovery mode?
Click to expand...
Click to collapse
It's creating a backup and storing it in /clockworkmod/backup/
Moleculor said:
Actually, where can I read about the directory structure and all what each directory is for? /data/media is the fake SD Card, obviously, so what's /data/local? Etc.
Click to expand...
Click to collapse
Look in these forums. When I first started, I spent hours reading before I attempted anything.

Sucessfully flashed 98.18.78 recovery into Locked 98.30.1

I understand it is currently not possible to unlock a Razr M with 98.18.94 or 98.30.1 OTA. Never the less, I had been trying to restore a previous VooDoo root that I deleted before the last OTA. Through the experimenting, I screwed up the flash on my phone, and recovering it, I found something that might be interesting.
As others pointed out, downgrading does not work. Flashboot gives various errors. When I screwed up my file system, I was able to flash from 98.18.94 (which I had) to 98.30.1 (which was the only download I could find) using RSD Lite. I was lucky it worked. And since I have been able to experiment and keep flashing 98.30.1 over and over.
I would like to report that in my experiments, I noticed an interesting fact about the recovery.img:
I am able to flash stock 98.18.78 recovery to my phone running 98.30.1.
I have verified the recovery.img contents are not the same, according to a WinMerge file compare, they are ~10% the same
When I try to flash twrp or cwm recovery, the only fastboot error is to the effect "wrong partition size".
The size of .78 and 98.30.1 recovery are the same, 10,485,760 bytes
On the other hand, if I try to flash the .78 system.img fastboot, or use RSD lite to flash .78, I see different security related errors on the phone's fastboot screen- none of which mention partition size. Of course, this is related to the Locked Bootloader I have.
What I wonder is, since the error for the recovery.img is not a security related one, but one of size, and the fact that it took recovery from .78- I wonder if a cwm or twrp made to be the same size as stock Moto recovery, would it be able to sneak in?
Right now my Razr M has gone from 98.18.94 to 98.30.1 with a 98.18.78 recovery. And I'm working ok.
I am not a professional Android Dev. But I am going to do the research and try to modify a cwm type recovery to match the size of a Moto recovery, and see what happens.
I invite anyone with real experience to contribute.
Bryan

bryanwieg said:
What did you say?
Click to expand...
Click to collapse
Well I hope you have something here!
We need someone like jbaumert or Phil3759 to chime in here.

aviwdoowks said:
Well I hope you have something here!
We need someone like jbaumert or Phil3759 to chime in here.
Click to expand...
Click to collapse
I have already found that if I take the OTA recovery and unpackbootimg and then mkbootimg without changing anything.. it recompiles down to aprox 5mb, which is different than the size it started from Moto.
So I am looking at if the size is set in how the img is compiled.

30.1 and .94 are the same updates, just different system versions. As for the other stuff, I'm not even sure what to say. I'm with Avi on this, I definitely would like to see what a dev has to say.

New Philz coming BTW.
http://forum.xda-developers.com/showpost.php?p=48881182&postcount=2003
Others could ask for the padded up Philz or at least Quote my post.
http://forum.xda-developers.com/showpost.php?p=48886733&postcount=2004

aviwdoowks said:
New Philz coming BTW.
http://forum.xda-developers.com/showpost.php?p=48881182&postcount=2003
Others could ask for the padded up Philz or at least Quote my post.
http://forum.xda-developers.com/showpost.php?p=48886733&postcount=2004
Click to expand...
Click to collapse
I found out via a hex editor, both files have empty data insert after the same point, with certificate data at the end, and it winds up making each file the same size. The data before the 'empty data' in each file is mostly different bits.
My current problem is that when I decompile an img, and recompile it, it's bigger, meaning that I cannot insert the 'empty data' at the same point they did.

bryanwieg said:
I found out via a hex editor, both files have empty data insert after the same point, with certificate data at the end, and it winds up making each file the same size. The data before the 'empty data' in each file is mostly different bits.
My current problem is that when I decompile an img, and recompile it, it's bigger, meaning that I cannot insert the 'empty data' at the same point they did.
Click to expand...
Click to collapse
They are both signed with the 128, or more, bit code. Which is what makes this a such a Loooooong shot.

aviwdoowks said:
They are both signed with the 128, or more, bit code. Which is what makes this a such a Loooooong shot.
Click to expand...
Click to collapse
Well, you'r right on the money. I appended data to a CWM recovery the same as Moto did to thiers, including the certificate at the end.
I didn't get a partition size error this time, but I did get a 'Failed to hab check for recovery'.
Granted, I didn't manage to place the 'empty data' at the same point in the file as the stock roms did. Other than that, it must be the certificate.

bryanwieg said:
What I wonder is, since the error for the recovery.img is not a security related one, but one of size, and the fact that it took recovery from .78- I wonder if a cwm or twrp made to be the same size as stock Moto recovery, would it be able to sneak in?
Click to expand...
Click to collapse
No, because it first checks the size (or whether it's a valid image at all) and if the size is correct, it checks the signature.

I found that I can put recovery all the way back to 98.15.66. I haven't tried further back due to kernel version.
I tried to then apply an update ZIP to something pre 98.30.1, and it passed validation (woohoo), but if failed an assert that checked the version in the props. (cry)
I wish there was something in the older recoveies we could exploit.

Really glad to see someone is still trying to find some sort of exploit for this device in it's updated state, it seemed like everyone had completely given up on it. My girlfriend recently grabbed a used Razr M to use for a while but it's fully updated, and I would love to be able to root it for her. I'll be following this thread to see if anything comes of this recovery downgrading

I'm pretty sure you can edit the props from what I can remember.
Sent from my XT907 using xda app-developers app

bryanwieg said:
I found that I can put recovery all the way back to 98.15.66. I haven't tried further back due to kernel version.
I tried to then apply an update ZIP to something pre 98.30.1, and it passed validation (woohoo), but if failed an assert that checked the version in the props. (cry)
I wish there was something in the older recoveies we could exploit.
Click to expand...
Click to collapse
You can use root eplorer free to extract the single img from the 404 or 411 xml.zips
---------- Post added at 10:44 AM ---------- Previous post was at 10:39 AM ----------
Here http://sbf.droid-developers.org/phone.php?device=8
---------- Post added at 10:48 AM ---------- Previous post was at 10:44 AM ----------
The razr hd (2), atrix hd, photon Q all use a recovery w/ same key. Git to work man!

Re:
So, it is RSD that is keeping it from flashing, would the bootloader(locked) boot a recovery partition that isn't signed? Has anybody tried to dd the recovery partition? I will grab a TWRP dd recovery image if you guys have an interest in trying that.
It would still require root and either a terminal emulator or adb shell.

815turbo said:
So, it is RSD that is keeping it from flashing, would the bootloader(locked) boot a recovery partition that isn't signed? Has anybody tried to dd the recovery partition? I will grab a TWRP dd recovery image if you guys have an interest in trying that.
It would still require root and either a terminal emulator or adb shell.
Click to expand...
Click to collapse
Am I alone here now?
Does anyone with a locked boot loader want to try this? I could create a windows shell script to make it easier if that's the worry.

I am willing to try it out. Win 7 64bit... pass me needed staf to flash it
Sent from my XT907 using xda app-developers app

please do
815turbo said:
Am I alone here now?
Does anyone with a locked boot loader want to try this? I could create a windows shell script to make it easier if that's the worry.
Click to expand...
Click to collapse
sure do, i'm on win8, but also had win xp, how can i do it? what to download, what to execute? i can adb shell i think. i've survived from bricked before the screen said "flash failure".

benya274 said:
sure do, i'm on win8, but also had win xp, how can i do it? what to download, what to execute? i can adb shell i think. i've survived from bricked before the screen said "flash failure".
Click to expand...
Click to collapse
I'll post it in just a few minutes. I will also post the required commands and we'll be backing up current recovery. If it fails, it should be no problem to restore your backed up recovery.
Download TWRP image on your phone from: titanroms.com/upload/rec.img
Please get to an adb prompt and run these commands:
su
cd /sdcard
dd if=/dev/block/platform/msm_sdcc.1/by-name/recovery of=/sdcard/recbak1.img
dd if=/dev/block/platform/msm_sdcc.1/by-name/recovery of=/sdcard/recbak2.img
Please ensure that both copies are 10MB. The dd command should end by saying "10485760 Bytes Copied" on all of the "dd" commands.
Now, you should have two backups of the recovery partition and the TWRP Image you downloaded from here all on your sdcard.
You can follow with these commands AFTER your backup has completed.
cp /sdcard/Download/rec.img /sdcard/rec.img
dd if=/sdcard/rec.img of=/dev/block/platform/msm_sdcc.1/by-name/recovery
dd if=/dev/block/platform/msm_sdcc.1/by-name/recovery of=twrprecbak.img
mount -o remount,rw /system
mv /system/etc/install-recovery.sh /system/etc/install-recovery.bak
mv /system/recovery-from-boot.p /system/recovery-from-boot.bak
reboot recovery
In the event of a failed attempt at this you can run the following from adb:
su
cd /sdcard/
dd if=/sdcard/recbak1.img of=/dev/block/platform/msm_sdcc.1/by-name/recovery
Give me a holler if you don't understand this well. Good luck, guys.

I am gonna try it out tomorrow,i dont have time to do it tonight cause i need to go to work. My pc on work does not have internet connection I will keep u guys posted on any progress.
Sent from my XT907 using xda app-developers app

Just wanted to say I flashed the old ICS recovery to mine using fastboot commands but it didn't get me very far though.if I then try and flash the corresponding blur zip from recovery it just says invalid signature. Was trying to find a way to downgrade so I could get rooted..
Sent from my XT907 using Tapatalk

[Tools/Recovery] TWRP for LG Optimus F3Q

TWRP Recovery for the LG F3Q (codenames: fx3q, d520)
Background story (who ever wants to know):
As I'm currently testing around with flashing etc I hated it to re-flash the stock ROM again and again. It is sooo time consuming..
In that kind of ROM compiling learning process I also was able to build a working TWRP recovery for the LG F3Q so that was such a good feeling But as said the caveat was that because of the locked bootloader we can reach TWRP (or CWM) only when executing "adb reboot recovery" from the running system. That was not really satisfying me though..
Some day I've done a factory reset and well I saw that this is starting my TWRP recovery when executing it! Well it isn't such a surprise as TWRP sits on the recovery partition and will be triggered by the factory reset script but... well do you think what I think? When it would be possible to start TWRP fully and not that factory reset part of TWRP than we would have a workaround to reach the recovery mode without booting the system (which is in fact not possible anymore when flashing of system.img/boot.img fails)
That said.. I was in touch with the TWRP developers bigbiff and Dees_Troy and many thanks for the hint they gave me! I have build a new TWRP version based on that information I got and well the idea of that is:
Vol Down + Power -> LG Factory Reset screen appears
Confirming with power 2 times as asked
Voila: No factory reset anymore but TWRP is here!
Well that will have a caveat - READ CAREFULLY:
As you may think of the factory reset in the boot-up process and within the ROM will not working anymore until you flash another recovery!
But if you know that it is not such a caveat because you can choose the wipe options within TWRP to do a "manual" factory reset.
v2.8.1.0 build 5
USE THAT ON YOUR OWN RISK! BACKUP BEFORE!
Working (quickly tested):
Install (to flash a custom Kernel)
Mounting partitions
Reboot Recovery | System
adb shell (also see known issues)
Backup (compressed | uncompressed | encrypted (!) | unencrypted)
Restore (unencrypted | encypted (!) | compressed | uncompressed)
Internal storage /data/media
MTP which mounts the external storage!
File Manager
Terminal Command
Power charging while in TWRP
Displaying CPU temp
Totally untested:
WIPE (should work)
decrypting /data (but should work as it do so for encrypted backups already)
Every option which is not stated as "Known issue" or "Working"
Known issues (with workarounds):
ADB works only when screen "timed out" (manual locking does not help it must time out) therefore ADB can take up to 1 minute after boot until it becomes available (because screen need to be timed out first)
Workaround: set the time limit in the screen menu to e.g. 10 sec (that is the default value for now)
Timezone is not set correctly (that seems to be a well known bug in several devices using TWRP.... )
Workaround: set a timezone which displays the most accurate timezone
Known issues (without workarounds):
When you use the "Power Off" option in the "Reboot" menu the device will reboot instead of powering off
Wiping /data not possible after "factory reset buttons" used. You need to choose "wipe" and then "format data" manually (or use mke2fs on CLI).
Vibration is not working (I will not fix that atm because I like it that way)
Hardware keys at bottom doesn't work
If you use the factory reset button /data partition will be inaccessible and need to be re-flashed (means you will LOOSE your app and system configs when you use factore reset)
Download:
Attached you will find the TWRP v2.8.1.0 version ready to use even with locked bootloader:
BACKUP EVERYTHING BEFORE USING THIS. USE AT YOUR OWN RISK!
DD Image file:twrp_v2.8.1.0_build5_fx3q_FR-OFF.img.zip = FactoryReset is disabled / TWRP will be loaded instead (also see known issues)
Read the Installation & Usage instructions in this thread on how to install that file.
Installation & Usage instructions
Pre-Requirements
Read the FAQ
YOU NEED ROOT! (check FAQ)
YOU SHOULD do a NANDroid BACKUP! (check FAQ)
You need to boot up, enable USB debugging and then connect USB cable.(check FAQ get ROOT - the link contains a guide on that)
You better doing a NANDroid backup right? (I mentioned that before - but DO it! NOW!)
For the best usage experience install the sediKERNEL or use joel's debloated stock ROM which includes it already
Bulletproof Method 1: "the average user"
Use this guide if you simply want to install & use TWRP like it should be. If you're unsure use this guide!
Install:
Download the TWRP recovery file and unzip it
copy it to your device (e.g. adb push or simply copy & paste by your file browser)
Download the loki_tool (https://github.com/djrbliss/loki/raw/master/bin/loki_tool)
copy loki_tool to your device (e.g. adb push or simply copy & paste by your file browser)
execute:
adb shell
su (you may need to grant permission)
mount -oremount,rw /system
cp /PATH-WHERE-YOU-COPIED/loki_tool /system/bin/ && chmod 755 /system/bin/loki_tool
loki_tool flash recovery /PATH-WHERE-YOU-COPIED/twrp_X.X.X.X_recovery_FRoff/off.img
reboot recovery --> you should see the TWRP screen
Usage (sediKERNEL v2.0 or higher installed):
Power on the device
when you see the LG logo the first time do NOTHING!!
When the screen goes black THEN press Volume UP + Volume DOWN. Both the same time and hold them pressed.
Release the buttons when the screen goes black again
Wait. You will see the LG logo a third time and then you will see the recovery screen!
If you see a kernel crash then you have pressed the magic keys too early! Read and follow the above steps carefully and you should be fine.
Usage (without sediKERNEL v2.0 or higher):
boot into your ROM
execute "adb reboot recovery" from your PC or open a Terminal on your device and execute "su" then "reboot recovery"
Bulletproof Method 2: "developers only"
This is the developers preferred way of installing TWRP. It ensures that even when your ROM or Kernel gets damaged that you still be able to boot into recovery. This is to the developers or heavy testers who are knowing what they do ONLY!
But even when you think this is for you: Read the important hint at the end before deciding if you want to choose this method.
Install:
flash recovery image to your RECOVERY partition:
adb shell su -c dd if=/storage/external_SD/twrp_vXXXXX_fx3q_FR-OFF.img of=/dev/block/platform/msm_sdcc.1/by-name/recovery
adb reboot recovery
A user reports the the by-name does not worked for him but this one:
adb shell su -c dd if=/storage/external_SD/twrp_vXXXXX_fx3q_FR-OFF.img of=/dev/block/mmcblk0p17
-> If you can see TWRP now everything is fine - Otherwise DO NOT continue!
BACKUP YOUR WHOLE DEVICE NOW! I highly recommend to backup everything except /data from within TWRP because it is easy and works (from TWRP v2.8build5 or higher)
BACKUP /data is recommended to be done NOW and this way:
adb shell su -c dd if=/dev/block/platform/msm_sdcc.1/by-name/userdata of=/external_sd/userdata_backup_stock.img
--> This can take a long while but it contains also the backup for the internal storage not only /data and that internal part is not backupable over TWRP
while in TWRP flash the same recovery image to your BOOT partition now (do not think that this is dangerous. The boot partition is not a magic thing or so it is only the partition which will be started from the bootloader thats all about it. So yes you can install a recovery image on the boot partition without any harm.):
adb shell su -c dd if=/external_sd/twrp_vXXXXX_fx3q_FR-OFF.img.loki of=/dev/block/platform/msm_sdcc.1/by-name/boot
watch carefully that the process ended without errors and that the size is exactly the same as it should be (about 1,3GB)
adb shell sync
power off the device by taken out the battery (do not use reboot or something we want to be sure that the next step is absolutely really the normal boot up)
Boot up normally --> you should see TWRP !! You're NOT in recovery mode you're booting the normal boot mode!
Go on with flashing the sediKERNEL into your RECOVERY partition:
Download the sediKERNEL from here (the stock one could work, too but never tested ...)
push it to your device with adb or MTP (since v2.8build5)
Flash the sediKERNEL to your RECOVERY partition:
adb shell su -c dd if=/external_sd/sediKERNEL_JB-vXXXX.img of=/dev/block/platform/msm_sdcc.1/by-name/recovery
Reboot into Recovery by using TWRP GUI or by executing "adb reboot recovery"
Your ROM will boot.
Usage:
From now on every time your device booting up you will see the TWRP screen and need to choose Reboot-->Recovery to boot your ROM.
This is the absolute best way to use TWRP if you want to be sure that you will reach the recovery even when your ROM gets damaged and is confirmed to work very well (as always guarantees are not available )
Important hint:
Be sure that you keep in mind that from now on your recovery and boot partition are not the same anymore (you can always revert back to the normal behaviour, of course!). So if you want to flash a kernel image you need to ensure that it goes to the RECOVERY partition instead of the normal BOOT partition (because on boot partition is TWRP now).
If I got my ROM working I will definitively add an option to the installer where this will be ensured and I asked @joel.maxuel for his stock ROM to add that, too. As for now we are the only ones who are developing for the F3Q so you should be save enough atm but you will need to keep that always in mind when you want to replace the kernel and/or ROM.
What would happen if you forget about that? Well nothing really bad because when you install a kernel or ROM the boot image partition simply gets overwritten and that means only that your TWRP is not there anymore but the system will boot (if the new kernel/ROM is not buggy or damaged). You then could install TWRP by method 1 or using method 2 by using the boot image/Kernel you want to install.
Damage your device - booting (NOT RECOMMENDED will loose /data ):
You probably NEVER want to use this method. It is here for reference only.
I highly recommend to choose one of the above bulletproof versions instead of this one because it WILL damage /data and you need to restore that whole partition afterwards.
All my tests has shown that this comes not from TWRP (in one of my tests I disabled everything in the sourcecode of TWRP which wipes /data) but coming from LG itself. The factory reset button/option do something with the /data partition sturucture and afterwards you cannot use that anymore. I also tried to restore the partition info by trying all backup superblocks but that doesn't worked. No backup superblock is accessible.
Restoring them by mke2fs and e2fsck does not work unfortunately.. (mke2fs -S /dev/block/platform/msm_sdcc.1/by-name/userdata && e2fsck -yf /dev/block/platform/msm_sdcc.1/by-name/userdata)
So if you have loosed your /data and/or internal storage you need to have a DD imaged backup near.
Install:
same as for "Bulletproof Method 1" above
Usage:
When you choosen FR-OFF then TWRP will be able to start without booting up the whole system (also see known issues):
Power Off the device (remove battery)
Vol Down + Power --> Then put the battery back --> LG Factory Reset screen appears
Confirming with power button 2 times as asked - if you downloaded and flashed the FRoff version of TWRP it will NOT open the normal reset procedure but /data and the internal storage are not accessible afterwards (read above about the details). That means your app configs and systems configs get lost that way. You have been warned!
Voila: No (full) factory reset anymore but TWRP is here when you have damaged your ROM or for some dev approach
If you want the factory reset back simply choose the file twrp_2.7.1.0_recovery_FRon.img.lok and follow the above instructions. Afterwards you will have TWRP but it will be reachable only when you execute "adb reboot recovery" from the running system.
XDA:DevDB Information
sediTWRP for LG Optimus F3Q, Tool/Utility for the General Discussion
Contributors
xdajog
Source Code: https://github.com/xdajog/bootable_recovery_twrp_fx3q
Version Information
Status: Stable
Current Stable Version: v2.8.1.0 build 5
Stable Release Date: 2014-11-18
Created 2015-05-19
Last Updated 2015-07-20

FAQ
Frequently Asked Questions (FAQ)
What is that "adb" thing?
adb stands for: Android Debug Bridge and can help a lot when it comes to work with your device. It is not for developers only but they use it a lot of course.
But a normal user can use this to exchange files without the need of mounting, backing up the device, reboot the device and use it as a very comfortable way of having a terminal emulator.
Normally adb itself is not available as a standalone application - it comes with the Android SDK which is very big and heavy if you want to use adb and/or fastboot (another great tool) only.
But we live in a great world with many people wanting to make things easy so here you go when you want/need only adb and fastboot:
download & install adb at lifehacker
(Direct link for Windows users: Go to easy ADB install thread)
How to get root for the F3Q?
Here is the tool and guide: Saferoot
[*]What is a "nandroid" backup?
nandroid means essentially: "a full image of all your partitions" so it is a full snapshot of your ROM including all your apps and contents.
The name NANDroid is a portmanteau of "NAND" (as in Flash memory - NAND flash) and "Android." (Source)
[*]How to create a "nandroid" backup?
(See above for the meaning of "nandroid backup")
You have several options on how to do that.
The normal and absolutely recommended way is to do that "offline" (from within recovery mode) but you can also do it "online" (while Android is running).
.
Offline nandroid backup by using TWRP recovery: Guide
If you have no custom recovery installed read on.
.
Online nandroid backup:
by using an app:
There is 1 (known to me) "online" nandroid backup tool available which will backup from within your running Android: PlayStore.
I tested it and still using it since a while and I really like it but I would not fully resist on it.
I had no problems backing up but sometimes an app is lost when restoring. This may have been fixed but well it is like imaging a running Windows or Linux system:
Do not do it online if you can - it may/will work but there could be problems/inconsistencies later!!
If you never made a nandroid before doing it online will not harm anything and should be your first start. So install the Online Nandroid backup tool and begin.
Check out this guide for some hints: Guide
(If you like the Android app do not hesitate to buy the unlock key to support the developer!)
by using commandline tools:
First of all you need "adb" installed (check out the FAQ answer number 1 above).
Then you need someone who is telling you the device partition table and you need a big sized SD card to hold the images.
The reason is that you will use a special command named "dd" which images the whole partition (not the content only!).
dd is a VERY dangerous tool because if you use it wrong your device may get bricked so it is essential that you are using the
correct command and check that twice!
Check out the next FAQ on how to do this for the F3Q.
[*]How to create a "nandroid" backup for the F3Q - WITHOUT having a custom recovery?
The whole process will take a big amount of time but it is worth to follow each step including the md5sum checks at the end.
Please read the previous FAQ first because there you will find more information about background and other options you may have.
Ensure you have a SD card inserted which is big enough and having enough free space available (4GB at least! I recommend at least 8 GB but this depends on the size of your current data partition. A completely stock ROM with nothing installed and unused will need 3 GB space).
.
Install "adb" on your pc (check out the FAQ #1 above).
root your device (check out FAQ #2 above)
connect with adb to your (running) F3Q:
adb shell
(you should see a prompt)
su
(you need to grant permission if you haven't yet)
Then backup your current ROM and data:
dd if=/dev/block/platform/msm_sdcc.1/by-name/system of=/storage/external_SD/system.2015-07-20.img
dd if=/dev/block/platform/msm_sdcc.1/by-name/boot of=/storage/external_SD/boot.2015-07-20.img
dd if=/dev/block/platform/msm_sdcc.1/by-name/userdata of=/storage/external_SD/userdata.2015-07-20.img
dd if=/dev/block/platform/msm_sdcc.1/by-name/recovery of=/storage/external_SD/recovery.2015-07-20.img
# If you never backed up your EFS you really should do that once:
dd if=/dev/block/platform/msm_sdcc.1/by-name/modemst1 of=/storage/external_SD/modemst1.img
dd if=/dev/block/platform/msm_sdcc.1/by-name/modemst2 of=/storage/external_SD/modemst2.img
Click to expand...
Click to collapse
Just to be sure you can do an online backup now, too ( Guide ) Online Nandroid backup App
.
copy the backup(s) to your device (connect USB cable - open your external storage and drag&drop) <--- DO NOT SKIP THIS STEP!!!! It is absolutely essential!
Check your copy on your device:
md5sum /storage/external_SD/system.2015-07-20.img
md5sum /storage/external_SD/boot.2015-07-20.img
md5sum /storage/external_SD/userdata.2015-07-20.img
md5sum /storage/external_SD/recovery.2015-07-20.img
md5sum /storage/external_SD/modemst1.img
md5sum /storage/external_SD/modemst2.img
Click to expand...
Click to collapse
Download a md5sum checker like this one Windows MD5 and load each file you copied to it (on Linux the "md5sum" command can be used of course).
compare the md5sums from the above output and ensure that they are all matching.
[*]Why is factory reset not working when installing TWRP? (or: AAAAaaaah my /data is inaccessible after doing a factory reset!!!!)
All my tests has shown that this comes not from TWRP (in one of my tests I disabled everything in the sourcecode of TWRP which wipes /data) but coming from LG itself. The factory reset button/option do something with the /data partition sturucture and afterwards you cannot use that anymore. I also tried to restore the partition info by trying all backup superblocks but that doesn't worked. No backup superblock is accessible.
Restoring them by mke2fs and e2fsck does not work unfortunately.. (mke2fs -S /dev/block/platform/msm_sdcc.1/by-name/userdata && e2fsck -yf /dev/block/platform/msm_sdcc.1/by-name/userdata)
So if you have loosed your /data and/or internal storage you need to have a DD imaged backup near. Sorry but you have been warned (known issues) before.
.
if you want the factory reset back simply choose the file twrp_2.7.1.0_recovery_FRon.img.lok and follow the above instructions. Afterwards you will have TWRP but it will be reachable only when you execute "adb reboot recovery" from the running system. v2.7. is not recommended to use but atm the only option if you really want that. Instead I would better try the wipe options from within TWRP and re-installing your ROM of choice or simply using the official LG flashing tool to get your F3Q fully reset.
.

History / Changelog
Previous development (v2.7.1.0)
I HIGHLY RECOMMEND USING v2.8 instead of this version!
You have been warned.. If you still want that buggy version go on here:
USE THAT ON YOUR OWN RISK! I STRONGLY RECOMMEND TO BACKUP EVERYTHING BEFORE PROCEEDING.
Working:
Install (to flash a custom Kernel)
Mounting partitions (see known issues for the internal one)
Reboot Recovery | System
adb shell
File Manager
Terminal Command
Totally untested:
WIPE (may work)
Known issues:
If the device becomes locked and then unlocked by the user adb will restart on the device (or crash and start again. haven't had looked into that yet)
When you use the "Power Off" option in the "Reboot" menu the device will reboot instead of powering off
RESTORE (will NOT work!)
BACKUP (will NOT work!)
You cannot mount the external sd via USB or MTP
Vibration is not working (I will not fix that atm because I like it that way)
Timezone is not set correctly (that seems to be a well known bug in several devices using TWRP....
Internal storage is missing (/data/media)
Hardware keys at bottom doesn't work
If you use the factory reset button /data partition will be inaccessible and need to be re-flashed (means you will LOOSE your app and system configs when you use factore reset)
Download:
Attached you will find the loki'ed TWRP version (v2.7.1.0):
AGAIN: THIS IS A PROOF-OF-CONCEPT only. It definitively WILL have bugs and problems! I want to proof that it will be possible to have TWRP on this device and also have a way to boot up into TWRP without booting the whole system.
twrp_2.7.1.0_recovery_FRoff.img.lok = FactoryReset is disabled / TWRP will be loaded instead
twrp_2.7.1.0_recovery_FRon.img.lok = FactoryReset is enabled / TWRP can be reached with "adb reboot recovery" only
Read the Installation & Usage instructions in the OP on how to install that file.

Awesome work! Saves having to risk modifying the bootloader (for now). :laugh: :highfive: Thanks!

xdajog said:
TWRP Recovery for the LG F3Q / D520
...
Click to expand...
Click to collapse
I'm unable to get logs from TWRP, it does crash reliably when messing about in settings and such.
Timezone fix is needed. (Devices time is set to the correct local time, but TWRPs timezones arent correct.)
Device does not show internal storage.
Wipe menu does not differentiate from internal storage and /data
there's no /mnt, /storage or /sdcard present while in TWRP.
Uhm, I'm sure there's some more I've missed, but that's all I've got for now.

eriklion said:
I'm unable to get logs from TWRP, it does crash reliably when messing about in settings and such.
Click to expand...
Click to collapse
Uhm what do you mean? adb shell and then open /tmp/recovery.log? Clicking on the small mini icon at middle bottom of the screen? Both working for me. Have you tested the above attached version or the one I gave you at dropbox? The above is a more current one!
Timezone fix is needed. (Devices time is set to the correct local time, but TWRPs timezones arent correct.)
Click to expand...
Click to collapse
hm I will look into that
Device does not show internal storage.
Click to expand...
Click to collapse
yeah forgot to mention that. Is that shown in CWM btw?
Wipe menu does not differentiate from internal storage and /data
Click to expand...
Click to collapse
Could you explain what does that means?
there's no /mnt, /storage or /sdcard present while in TWRP.
Click to expand...
Click to collapse
/mnt and /storage are not needed or am I wrong? /sdcard would point to the internal storage I think but I decided to use /external_sd instead which is accessible in the latest version.

Finally got around to test. Looks great, I love having TWRP over CWM!
Unfortunately the backup function is not working. TWRP errors out and reloads itself. I have a pastebin, sorry it's so long but I wanted to try a couple different backup options before I gave up and produced a log file:
http://pastebin.com/QUfNw6Rk
The portions of interest are:
Code:
Backing up Cache...
I:Creating backup...
I:Creating tar file '/external_sd/TWRP/BACKUPS/1db9cba/1970-01-24--22-43-59 JZO54K//cache.ext4.win'
I:addFile '/cache/recovery' including root: 0
Failed to get selinux context: Operation not supported on transport endpoint
I:addFile '/cache/recovery/log' including root: 0
Failed to get selinux context: Operation not supported on transport endpoint
...
Code:
Backing up Data...
I:Creating backup...
I:Creating tar file '/external_sd/TWRP/BACKUPS/1db9cba/1970-01-24--22-43-59 JZO54K//data.ext4.win'
I:addFile '/data/dontpanic' including root: 0
Failed to get selinux context: Operation not supported on transport endpoint
I:addFile '/data/dontpanic/last_kmsg0' including root: 0
Failed to get selinux context: Operation not supported on transport endpoint
I:addFile '/data/dontpanic/next_count' including root: 0
Failed to get selinux context: Operation not supported on transport endpoint
I:addFile '/data/dontpanic/last_kmsg1' including root: 0
Failed to get selinux context: Operation not supported on transport endpoint
I:addFile '/data/dontpanic/last_kmsg2' including root: 0
Failed to get selinux context: Operation not supported on transport endpoint
I:addFile '/data/dontpanic/last_kmsg3' including root: 0
Failed to get selinux context: Operation not supported on transport endpoint
I:addFile '/data/dontpanic/last_kmsg4' including root: 0
Failed to get selinux context: Operation not supported on transport endpoint
I:addFile '/data/dontpanic/last_kmsg5' including root: 0
Failed to get selinux context: Operation not supported on transport endpoint
I:addFile '/data/dontpanic/last_kmsg6' including root: 0
Failed to get selinux context: Operation not supported on transport endpoint
I:addFile '/data/dontpanic/last_kmsg7' including root: 0
Failed to get selinux context: Operation not supported on transport endpoint
__bionic_open_tzdata: couldn't find any tzdata when looking for localtime!
__bionic_open_tzdata: couldn't find any tzdata when looking for GMT!
__bionic_open_tzdata: couldn't find any tzdata when looking for posixrules!
Starting TWRP 2.7.1.0 on Sun Jan 25 03:44:01 1970
I:Single storage only.
I:No internal storage defined.
I:No storage defined, defaulting to /sdcard.
I:Lun file '/sys/devices/platform/usb_mass_storage/lun0/file' does not exist, USB storage mode disabled
I:Found brightness file at '/sys/class/leds/lcd-backlight/brightness'
I:TWFunc::Set_Brightness: Setting brightness control to 255
Starting the UI...Pixel format: 480x800 @ 32bpp
Pixel format: RGBX_8888
Not using qualcomm overlay, 'msmfb43_80201'
framebuffer: fd 4 (480 x 800)
=> Linking mtab
=> Processing recovery.fstab
I:Processing '/boot'
I:Processing '/cache'
I:Processing '/data'
I:Processing '/misc'
I:Processing '/recovery'
I:Processing '/external_sd'
I:Processing '/system'
I:Creating Android Secure: /external_sd/.android_secure
I:Backup folder set to '/external_sd/TWRP/BACKUPS/1db9cba'
I:Settings storage is '/external_sd'
Updating partition details...
I:Unmounting main partitions...
E:Unable to unmount '/data'
I have a stock based ROM to test, and I want to make sure I can enter recovery through the bootloader should things go sour. If TWRP can backup and restore, that allows me to go back to my true stock after the test. Any ideas?

joel.maxuel said:
Finally got around to test. Looks great, I love having TWRP over CWM!
Unfortunately the backup function is not working. TWRP errors out and reloads itself. [.....] Any ideas?
Click to expand...
Click to collapse
Yes.
There are several things coming in place when it comes to backing up out of TWRP atm...
You hopefully have read the big fat red warning ? What I mean is the part regarding /data gets lost when you do a factory-reset
That said if you have entered TWRP by pressing the physical keys your /data partition will be wiped (really bad thing but that it is made for and I haven't had the time to look into that further)
The result is a cleaned /data which is not mountable until you format it with mke2fs.
(e.g.: "adb shell mke2fs -T ext4 /dev/block/mmcblk0p15")
If you do not do that what MAY happens is that TWRP failing because of missing /data (and if not then you should ensure that /data was really backed up)
But as your log told me it seems to be not the problem here 'cause the /data partition is detected by TWRP. so it could be 2)
Mounting points.
As stated the mount points are not fully working in TWRP atm. That means when it comes to /sdcard which is the internal device storage it will fail, too because it cannot be found. The reason for this is that LG mounts /sdcard by the sdcard service but that is somehow tricky thats why it is not working atm.
And on top: the internal storage normally needs to be mounted to "/data/media" especially when we want to use MultiROM later.
So +1 for /sdcard or/and internal storage related
background info: http://teamw.in/DataMedia
The last one I could imagine is "something else" which could be catched by "/proc/last_kmsg"
The important thing is that this file gets written only after a crash and when the battery was not removed. So if the device reboots to TWRP again try to adb shell to the device and then paste the last_kmsg again. Maybe we can find something here.
When I will continue on TWRP I think of upgrading to v2.8 because they enable MTP here which could be good for copying data between device and pc..
BTW:
I have no idea what CWM port which is also be available would do in case of starting a backup especially what will REALLY gets backed up!!!!
IMHO the best way on doing a nandroid backup atm is "adb shell dd ...." Takes a long time but then you can be sure. I can give you all the mountpoints if you need them.
As I currently have not such much success with porting the ROM I will now come back here to TWRP and will finish it to have a hopefully fully working recovery. I cannot say the timeline for this but it will definitively be the next what I want to do because when this is done I can better match the rest for the ROM.

xdajog said:
<SNIP>
IMHO the best way on doing a nandroid backup atm is "adb shell dd ...." Takes a long time but then you can be sure. I can give you all the mountpoints if you need them.
As I currently have not such much success with porting the ROM I will now come back here to TWRP and will finish it to have a hopefully fully working recovery. I cannot say the timeline for this but it will definitively be the next what I want to do because when this is done I can better match the rest for the ROM.
Click to expand...
Click to collapse
This should work (I've done it before for eriklion):
Code:
adb shell
dd if=/dev/block/platform/msm_sdcc.1/by-name/system of=/storage/external_SD/system.2014-11-12.img
dd if=/dev/block/platform/msm_sdcc.1/by-name/boot of=/storage/external_SD/boot.2014-11-12.img
dd if=/dev/block/platform/msm_sdcc.1/by-name/cache of=/storage/external_SD/cache.2014-11-12.img
dd if=/dev/block/platform/msm_sdcc.1/by-name/userdata of=/storage/external_SD/userdata.2014-11-12.img
Now, is there a recommended adb command to wipe data and cache, since factory reset function is not the best choice? I see a few with the following process...
Code:
adb shell
su
format DATA
format CACHE
...but not much commentary on it.
I appreciate the second (third, whatever you are on) crack at TWRP. Hopefully the next version will squash the bugs. Btw, I will see if I can provide a /proc/last_kmsg tonight have posted a last_kmsg here.

joel.maxuel said:
This should work (I've done it before for eriklion):
Code:
adb shell
dd /dev/block/platform/msm_sdcc.1/by-name/system /storage/external_SD/system.2014-11-12.img
dd /dev/block/platform/msm_sdcc.1/by-name/boot /storage/external_SD/boot.2014-11-12.img
dd /dev/block/platform/msm_sdcc.1/by-name/cache /storage/external_SD/cache.2014-11-12.img
dd /dev/block/platform/msm_sdcc.1/by-name/userdata /storage/external_SD/userdata.2014-11-12.img
Click to expand...
Click to collapse
yes thats all you need to backup & restore
joel.maxuel said:
Now, is there a recommended adb command to wipe data and cache, since factory reset function is not the best choice? I see a few with the following process...
Code:
adb shell
su
format DATA
format CACHE
...but not much commentary on it.
I appreciate the second (third, whatever you are on) crack at TWRP. Hopefully the next version will squash the bugs. Btw, I will see if I can provide a /proc/last_kmsg tonight.
Click to expand...
Click to collapse
I always do it that way:
Code:
Starting TWRP
adb shell
("su" in TWRP not needed normally)
mke2fs -T ext4 /dev/block/mmcblk0p15 (for userdata)
mke2fs -T ext4 /dev/block/mmcblk0p14 (for cache)
Then you can be sure it is clean and well formatted. ext4 is for both cache and userdata and works fine for me.

twrp v2.8 with many enhancements and fixes is on its way
Stay tuned ....
if you get bored in the meanwhile ... click thanks

Is someone here with running the stock ROM (or absolutely not modified means formatted! /data partition) who is willing to give me a quick help? It must be stock or placed back to stock by using a backuped image dump if you have one.
The following need to be done in recovery so you need to have CWM or TWRP installed. Boot into recovery (adb reboot recovery) and then use "adb shell" to connect.
I need your output of this command:
Code:
mke2fs -n /dev/block/platform/msm_sdcc.1/by-name/userdata
This will not do/destroy/modify anything.
It should display some information about that partition. Read the details here http://linux.die.net/man/8/mke2fs
The reason is that LG factory reset seems to wipe superblocks (wanted by LG or not - fact is that they are thrown) and THEN forwarding to the recovery tool like TWRP but to be sure I need the above output from 1 or 2 people to be sure enough on how to proceed.
Thanks in advance
As Joel investigated that may destroy /data cause of a buggy version of mke2fs!! Oh man..
-----
Sent from my SGH-I927 using XDA Android mobile app

Ok thx to joel I'm able to investigate the LG facotry reset further.
In parallel I will try another way which will be (if I get it working) absolutely smooth and will not have such workaround character like the current idea (hijacking factory reset).
Give me some time but if that works it would be a great solution for accessing recovery..
Stay tuned some good things may happen...
-----
Sent from my SGH-I927 using XDA Android mobile app

Finally v2.8 for F3Q has arrived !!! I think a very good approach now!
Have fun and as usual any thx click.... and so on
Check out the OP for Download and details:
http://forum.xda-developers.com/showpost.php?p=55239027&postcount=1
UPDATE:
I have completely reworked the "Installation & Usage instructions" section in the OP. PLEASE READ and be happy

xdajog said:
Finally v2.8 for F3Q has arrived !!! I think a very good approach now!
Have fun and as usual any thx click.... and so on
Check out the OP for Download and details:
http://forum.xda-developers.com/showpost.php?p=55239027&postcount=1
UPDATE:
I have completely reworked the "Installation & Usage instructions" section in the OP. PLEASE READ and be happy
Click to expand...
Click to collapse
Great work.
Am looking at method two. If I was to install a ROM, wouldn't the boot partition (thus my new recovery) be overwritten by the ROM package's boot.img? And when I was cooking with the Kitchen, the ROM required a specific mount point for the boot partition. If it is supposed to point to recovery, seems to me that neither would boot (overwritten recovery, ROM pointing in the wrong location).
So, what is this solution getting around? So we have an option to load TWRP before a system we don't necessarily trust will boot? Thus avoiding the bootloader fallback even more? Or is it a broken boot.img breaks TWRP as well so even if we try to go in through the bootloader, TWRP fails to load as well?
Sorry for my confusion, still trying to grasp all this new information.

joel.maxuel said:
Great work.
Click to expand...
Click to collapse
Thanks
Am looking at method two. If I was to install a ROM, wouldn't the boot partition (thus my new recovery) be overwritten by the ROM package's boot.img?
Click to expand...
Click to collapse
Method 2 will suggest that if you install a custom ROM that you are be able to use/choose the boot.img partition (I hoped that the "hint" at the was clear enough but better to ask of course!)
And when I was cooking with the Kitchen, the ROM required a specific mount point for the boot partition. If it is supposed to point to recovery, seems to me that neither would boot (overwritten recovery, ROM pointing in the wrong location).
Click to expand...
Click to collapse
Well yes you either need to point to the recovery partition or (and that would be what I recommend) you let the user choose what he wanted to do.
So, what is this solution getting around?
Click to expand...
Click to collapse
The best we can do here (and that is what I will do for my custom ROM if I get it done some day) to use AROMA installer and ask the user if he has a recovery installed in the boot partition or not. Then you can choose what to do in the updater script.
I uploaded an example of my AROMA installation setup for the "sediROM for Samsung Captivate Glide" in this post. This one is VERY complex but you will get the idea and many input on how to do things.
So we have an option to load TWRP before a system we don't necessarily trust will boot? Thus avoiding the bootloader fallback even more?
Click to expand...
Click to collapse
Yes using method 2 we have always coming TWRP up when powering on the device. We then can choose to do things in there or to boot to "recovery" which will be the ROM. What do you meant with "bootloader fallback"?
Or is it a broken boot.img breaks TWRP as well so even if we try to go in through the bootloader, TWRP fails to load as well?
Click to expand...
Click to collapse
Not sure If I got you. When the boot partition gets overwritten TWRP and any possibility to get into TWRP will be lost because it sits only in the boot partition when using method 2. If you choose to do a factory reset when powering on the device or from within the ROM I have no idea what happens then unfortunately. That is untested but if you willing to test..
Sorry for my confusion, still trying to grasp all this new information.
Click to expand...
Click to collapse
No worry about that happy if that is useful for someone

xdajog said:
I uploaded an example of my AROMA installation setup for the "sediROM for Samsung Captivate Glide" in this post. This one is VERY complex but you will get the idea and many input on how to do things.
Click to expand...
Click to collapse
Thanks! I will take a look at this in the next few days.
xdajog said:
Yes using method 2 we have always coming TWRP up when powering on the device. We then can choose to do things in there or to boot to "recovery" which will be the ROM. What do you meant with "bootloader fallback"?
Click to expand...
Click to collapse
Bootloader fallback as in having to access TWRP via the bootloader. Our regular method is to access form the ROM, but if the ROM is bricked for whatever reason, the fallback is through the bootloader.
xdajog said:
Not sure If I got you. When the boot partition gets overwritten TWRP and any possibility to get into TWRP will be lost because it sits only in the boot partition when using method 2. If you choose to do a factory reset when powering on the device or from within the ROM I have no idea what happens then unfortunately. That is untested but if you willing to test..
Click to expand...
Click to collapse
I was alluding to the scenario if one was to choose method one, installed a ROM, and things got busted badly... Would you even be able to access TWRP with a bad boot partition? I think so, because recovery partition should be self sufficient (I think you proved it by swapping their places by way of method two), it is just getting into recovery by way of bootloader) I don't particularly like.
Had to face that fear last night, and ultimately, TWRP started up fast enough from the bootloader that it seemed like nothing happened, but when i went to dump the log, it could not recognize the sdcard. DD'ing my userdata partition back fixed that issue.

joel.maxuel said:
Bootloader fallback as in having to access TWRP via the bootloader. Our regular method is to access form the ROM, but if the ROM is bricked for whatever reason, the fallback is through the bootloader.
Click to expand...
Click to collapse
You mean "factory-reset" right? By either pressing the factory reset buttons (or by choosing from within the ROM) correct?
I was alluding to the scenario if one was to choose method one, installed a ROM, and things got busted badly... Would you even be able to access TWRP with a bad boot partition? I think so, because recovery partition should be self sufficient (I think you proved it by swapping their places by way of method two), it is just getting into recovery by way of bootloader) I don't particularly like.
Click to expand...
Click to collapse
If you install TWRP with method 1 and your boot partition gets corrupt you still be able to reach TWRP by using the factory-reset buttons. But you will loose /data then.
If you install TWRP with method 2 and your boot partition has gone you can not start TWRP anymore because it sits on there.
So you're more bulletproof by choosing method 1 because you would reach TWRP even when the boot partition gets damaged but you will loose /data then! Mentioned in the known issues in the OP.
Had to face that fear last night, and ultimately, TWRP started up fast enough from the bootloader that it seemed like nothing happened, but when i went to dump the log, it could not recognize the sdcard. DD'ing my userdata partition back fixed that issue.
Click to expand...
Click to collapse
When you have TWRP installed with method 1 you will reach TWRP by factory reset buttons and it will DO NOTHING ! Really! It simply starts TWRP because I patched TWRP that way that it will not wipe anything when triggered by the factory-reset command / button!
I can say that for double sure since today because:
1) In one of my tests I had disabled REALLY EVERY wipe option within TWRP - compiled it - installed it and even then /data gets lost!
2) I have installed the BOOT image means KERNEL on the RECOVERY partition today again and then used the factory-reset buttons again (after I restored /data of course)... and /data gets lost AGAIN--?!!
That means even when there is absolutely no custom recovery in place (like TWRP) which would normally handle wiping /data then nevertheless /data gets corrupted! I have tested that twice so I can say now for sure that this has nothing to do with TWRP but it comes from the LG bootloader instead! That bootloader is CRAP. sorry.
I had tested one approach which is build in boot image RAM disk which catches the keys which are pressed and then reboot into recovery. That would work but only as long as you have a working boot image partition. So that is the same good/bad as having TWRP sitting within the boot partition which is much easier to do so I decided to go this way for now.
One last word about the crappy factory-reset by LG: I have tried a lot to find out what really happens to the partition or partition table of /data when those keys are pressed but the only thing I can say is that the superblocks are inaccessible and the same for the backup superblocks. doing a "mke2fs -S" does not work (and wouldn't fix the root cause of the issue) and I have no idea what LG do here. Therefore cannot fix that ..
so I believe we will need to live with one of the 3 methods described in the OP....
Hope that answered some of your questions...

Bad news..
The Desire Z of my wife is completely broken now.
That means I cannot develop anymore..
- I ported and released the latest TWRP version to the F3Q
- I'm able to build AOSP JellyBean (not booting yet though),
- I compiled and released a custom AOSP Kernel (named sediKERNEL)
.... and a lot more..
I have everything I need to continue here in place...
I have the will and the ability to continue...
But no device anymore..
If someone has a F3Q to give away.. then I will continue but I'm not willing to buy a F3Q for developing only. So if you have an idea how we could continue let me know.
Update:
Check out the following link if you want to help http://forum.xda-developers.com/showthread.php?t=2952919
Otherwise that will end here for me unfortunately...
Hopefully not.
Yours
Xdajog.
-----
Sent from my SGH-I927 using XDA Android mobile app

I will update the installation instructions soon!
Because of the new sediKERNEL v2.0 the instructions will be made bullet proof only .. and i try to do it more detailed @Kediil
-----
Sent from my SGH-I927 using XDA Android mobile app