Develop Bugs

[Q] EL26 modem not as fast as EG30 modem

I recently updated to a complete EL26 system with matching ROM kernel and modem...I've noticed when I run speedtest to test my WIFI speed my results are consistantly low getting on average .76 Mbps down where as my EG30 setup got consistantly 15Mbps down...as fast as my comupter...
I was wondering if anybody knew what factors contributed to this descrepency and if anybody had any suggestions on how to fix this problem.
thanks in advance
please keep in mind this is for WIFI ONLY

Just go back to EG30 then. There is no "fix". Certain modems are good in certain areas. Have you tried EL13?

yes i tried EL13 and EK02...at first with EK02 it was as fast as EG30...but soon slowed to .76Mbps

Then stick with EG30 or investigate whether there are conditions other than the modem that might be causing the speed change. Is there intermittent interference from neighbors?

I have noticed that undervolting too much will impact data speed on my device. Just something to look into.

no just two other laptops on this connection...when i run a speedtest on my computer and speedtest on my phone... like one right after the other i get 15 on my comp and less than 1 on my phone...if i go back to EG30...which AIO do i use...can i still use Roms based on EL26...and will i b ok with rogues desperado kernel?

Drumrocker said:
I have noticed that undervolting too much will impact data speed on my device. Just something to look into.
Click to expand...
Click to collapse
thanks...but i havent gotten in to undervolting yet...that was going to b my next venture...actually something i planned on getting into today...so i will keep ur advice in mind...any other advice for undervolting is welcomed

lunchboxVA said:
if i go back to EG30...which AIO do i use...can i still use Roms based on EL26...and will i b ok with rogues desperado kernel?
Click to expand...
Click to collapse
You said EL26 modem is worse than EG30 modem, so that assumes you tested them in isolation, but the statment you made above makes it seem like you are not clear on the differences between Modem, Kernel, and ROM.
To go back to EG30 modem, just use CWM and flash the EG30 modem only with your existing setup (kernel/ROM/AIO/etc). You can find the EG30 modem in my signature. Make sure your CWM is packed with EK02/newer-based kernel.

o no sorry for the confusion i know the difference between the three...i was asking because i have read that wen u have all three matching u get the best results...i do get confused when a rom says its based on for instance el26...i would assume that it means its packaged with the el26 modem...i just dont know what based on means...
and i asked about which aio do i use because when i was on the eko2 setup i flashed aio for eg30 and my phone would get past the bootscreen the screen went black and i had to reflash eko2 and then wen i flashed the matching aio it went through fine
samething with el26...i had an el26 setup and flashed an aio for el13...and it caused the same black screen issue which was only resolved after i installed matching aio

ROM could either refer to the entire Modem/Kernel/ROM set or just the ROM portion, depending on context.
Usually EL26-based ROM is only referring to the ROM portion. It may or may not come bundled with a Kernel and normally isn't bundled with a Modem.
You can tell which modem/baseband you are running by going to menu->settings->about phone->baseband and seeing what it says
AIO is implemented in the ROM portion. It usually is not a good idea to mix/match ROM components.
In theory it is best to have Modem/Kernel/ROM versions to match as that is what was tested together, but in reality people have found you can mix/match the 3 components w/o issues.

sfhub said:
ROM could either refer to the entire Modem/Kernel/ROM set or just the ROM portion, depending on context.
Usually EL26-based ROM is only referring to the ROM portion. It may or may not come bundled with a Kernel and normally isn't bundled with a Modem.
You can tell which modem/baseband you are running by going to menu->settings->about phone->baseband and seeing what it says
AIO is implemented in the ROM portion. It usually is not a good idea to mix/match ROM components.
In theory it is best to have Modem/Kernel/ROM versions to match as that is what was tested together, but in reality people have found you can mix/match the 3 components w/o issues.
Click to expand...
Click to collapse
do you know anything about modifying the sys directory or adding folders to it...im trying to get the enable touchscreen 1 script to work...but it cannot modify the sys directory so it errors out

lunchboxVA said:
do you know anything about modifying the sys directory or adding folders to it...im trying to get the enable touchscreen 1 script to work...but it cannot modify the sys directory so it errors out
Click to expand...
Click to collapse
Not familiar with that script, but /system is mounted read-only, so you need to use your root privileges to remount /system to be read/write
I mean this with all the best intentions, but it sounds like you probably should do some more reading before making too many changes in /system

thanks...all i do is read...but as i said i gave it all the permissions and i did run in root explorer with root access...the folders i create dont stick...and then when i try to use the root explorer included with rom toolbox..it says it cannot create the file even tho it has root access

You've verified you still have root? How did you verify?

sfhub said:
You've verified you still have root? How did you verify?
Click to expand...
Click to collapse
in root explorer in the top is says ro or rw plus there super user is installed...and in system tools which i also have i am required to tick the su box

What happens when you type "su" in adb shell?
The reason I'm asking is you are describing actions that should be working if you have root, but saying they aren't working.
Superuser showing up in the app drawer doesn't actually mean you still have root. It is a database of who gets root permissions. The actual command that gives you root is /system/bin/su or /system/xbin/su

i was doing some readying and it seems like modifying sys folder is more complicated than any other folder including the system folder...but i will try what you just recommended to ensure i have root

so i was messing with adb on the computer I wanted to see what happened if i tried to pull the sys directory to alter it...i made sure i had root access and remounted the system...when i typed in adb pull /sys it caused my cmd to freak out it started scrolling through a million files...i assume it was going through all the files in the directory but each line said special file when it finally stopped it rebooted my phone and kicked me out

lunchboxVA said:
so i was messing with adb on the computer I wanted to see what happened if i tried to pull the sys directory to alter it...i made sure i had root access and remounted the system...when i typed in adb pull /sys it caused my cmd to freak out it started scrolling through a million files...i assume it was going through all the files in the directory but each line said special file when it finally stopped it rebooted my phone and kicked me out
Click to expand...
Click to collapse
So you really wanted to edit /sys rather than /system. I actually thought you were substituting /sys for /system.
/sys aren't real "files". They are mappings to kernel internals that are represented as files. Normal file "operations" may not have the same meaning as you are used to.

Ran Speedtest from about 30 ft away from my router the other night on both my netbook and my phone.. Netbook got somewhere around 12 Mbps and EL26 got around 6.5 Mbps. When you take other factors into account (size of WIFI antenna in a laptop/netbook vs a phone) it isn't that big of a difference.

[Q] How to make a back-up of the I9250 stock ROM without CWM

I would like create a backup (of my entire system including boot image, data and system partitions. Is there any way I can do this without the CWM. The main reason is that I could return the phone to the original state in case if I have to return for service.

For my knowledge (and i have no knoledge! ) samsung accept rooted device on service (otherwise if the phone has broken screen it is not accepted)...but, if i were you, i would install cwm and make a nandroid backup of the whole system. If you want to have all of google system images(to restore original stock) you could set your sdk environment http://developer.android.com/sdk/index.html and download google images (bootloader, rom, radio) and put in a safe place (the SDK supply adb/fasboot which are tools that you would use to restore the google's files). that's the thread with these contents: http://forum.xda-developers.com/showthread.php?t=1366806 That's the standard (so yours) original stock files from google actually on your phone!
and also i advise you to follow these steps to save your /EFS partition (you never know) before flashing custom things, BUT IT REQUIRES ROOT: http://forum.xda-developers.com/showthread.php?t=1352371
BUT, if you don't want to install cwm, you could also see here: http://forum.xda-developers.com/showthread.php?t=1392310

Thank you. If I am right, msskip's tools will install the CWM onto my phone as well. I have just come across a guide for back-up without CWM <http://forum.xda-developers.com/showthread.php?t=1420351>. I am just not quite sure if it is the same full back-up as I get for the Nandriod or CWM. Does anyone have any experience with this?

The post you linked doens' backup /boot partition and recovery. So you can backup only /system and /data; you can obtain these EXACTLY files just downloading the google system (4.0.1 - 4.0.2 - 4.0.3) files (*.img estension) and you have the same result, plus you can get bootloader.img and recovery (evrything stock, meaning samsung galaxy nexus stock files)...these are in the post i linked and are the stock google images and these are the files that our phones has inside (also including system.img).
that' the explanation why i think that is basically useless to make a backup of /system and /data for warranty purpose, because google (or first phone users in november when the phone came out on the market) provied all .img that you need to revert (using fastboot) anytime your phone to a stock 'new'phone (which is your now, so in warranty!). Make, instead, a backup for the files and apps (apk) (usually /data) that you need if you want to try custom roms and then if you are not satisfied get back to stock...
To answer to your question, no is not the same kind of backup, you will lack /boot and recovery.
adding that you can use adb to generate .img by
Code:
cat /proc/mtd
and you will have a fs table with adresses (i have no phone now so cannot provide), then using dd (assuming boot is on mtd2):
Code:
dd if=/dev/mtd/mtd2 of=/sdcard/boot-stock.img bs=2048
and also use this for recovery partition...never tried for system and data partition (but could work, i'm not sure so not do that in this way, wait more knowing-knoledge people and also never tried on ics but, just ginger remembering...dont' know if it's the same in this new system)
but this process make use of
Code:
adb shell
su
the second one requires root....
as of now, i dont' now any method not involving root to make these things but as i stated at first post, i don't know anything

Thank you. I am wondering if the image file you have provided is for yakjuux. I have come across many posts that if I get the wrong baseband, the phone will not work correctly.

post, please, your baseband version which you can find on settings->phone info->basedand version in your phone; mine is 19250xxkl1 that i have recently updated from xxkk1 (the stock one)

My Build # is ITL41F I9250 UGKL1 and the kernel is 3.0.1-ga052f63 [email protected] #1.
Do you think you have a image of this? Thanks.

As far is i know, you have a GSM version of Galaxy Nexus. So it's safe to grab google image of /system, /boot and for the radio grab UGKL1 radio/baseband version. To better answear it's better to know also you bootloader version (which probably is primekk15): you can view this by going on bootloader on you phone doing this:
1 setup android sdk environment (include fastboot) for your pc system (windows-linux-osx)
2 enter in the settings menu of the phone and tic the 'debug usb'
3 attach the phone to the pc and let it recognize your phone (windows-osx), for linux install udev that already are in your distrib/repo
4 (assuming you are on windows) on pc... start/run/ cmd: the the terminal open up and go in your android-sdk directory, enter and then go to platform-tools; there is adb command, run: adb reboot bootloader
this will restart your phone in the bootloader menu. There, you have all of information you need...just write here your bootloader version (to have a confirmation) to understand which versione you need to download and put in a safe place in case of warranty-need...
Then wait someone better than me that knows how to make backup of all partitions without root (without exploit i think it's difficult to grant su access on the standard ics system); if there is no such possibility, just root, install cwm and do a nandroid backup and then trasnferr on a safe place on your place and you are good to go to try modding.....
now i need sleep as here is 8 in the morning and finishing compilemy l701x kernel which weight 3,4 mb lzo compressed, fine tuning.....good nite,ehm,good mornig..mmm... good is enough

Thank you. It takes some time to download the packages.
The Bootloader shows the following
Product Name: Tuna
Variant: Maguro
HW Version: 9
Bootloader Verson: Primekk14
Baseband Version: I9250UGKL1
Carrier Info: None
Signing: Production
What would be the appropriate to donload. Do you have their respective link? Thank you for your ongoing support.

Would anyone with experience please provide me with inputs if:
1. there is any way to back-up without root
OR
2. the phone has to be rooted, is there any way to have a program residing in my computer iso the phone (CWM in this case).
OR
3. there is any way to remove CWM and other rooted apps before I use GNex Toolkit to relock the phone.
Thanks.

Here you go:
http://forum.xda-developers.com/showthread.php?t=1420351

Would anyone with experience please help?

I am struggling with the same issue. Restoring the nandroid, removing su and superuser.apk and then relocking the bootloader actually brings the phone to quite factory looking mode (except for timestamps in system)
I wonder if it is possible to pull dump of system the same way it is done for boot and recovery.

Guys - it is pretty trivial to restore all partitions you would be modifying to factory conditions because Google provides the factory images for which you can use fastboot to restore. You don't even need to be unlocked much less rooted or have CWM installed because the Google images are official and have the correct signatures.
As for making image copies of your phones partitions this cannot be done w/o root access because these partitions are only available to root. If you are rooted you can use a utility such as dd on the phone to copy the partitions.
Sent from my Galaxy Nexus using XDA App

silow said:
Guys - it is pretty trivial to restore all partitions you would be modifying to factory conditions because Google provides the factory images for which you can use fastboot to restore. You don't even need to be unlocked much less rooted or have CWM installed because the Google images are official and have the correct signatures.
As for making image copies of your phones partitions this cannot be done w/o root access because these partitions are only available to root. If you are rooted you can use a utility such as dd on the phone to copy the partitions.
Sent from my Galaxy Nexus using XDA App
Click to expand...
Click to collapse
Google provides yakju images only. Phones here in Canada come with yakjuux which is even 4.0.1. It will be pretty obvious you have thinkered with your phone if you return it with yakju image instead the original one.
As for root - I think it might not be necesary - I was able to do nandroid backup without flashing neither recovery or root to my system by simply unlocking the boot loader and booting CWM off fastboot. I am thinking can we dd while in CWM (flash of phone still intact - except of bootloader which is not an issue since it can be relocked)
Anyone have the dd syntax handy and the partition that needs to be dumped?
system partition seems to be /dev/block/platform/omap/omap_hsmmc.0/by-name/system (this is the df output after I mounted it in CWM)
Would the dd command be something like
Code:
dd if=/dev/block/platform/omap/omap_hsmmc.0/by-name/system of=/sdcard/yakjuux.img

CWM provides you "root" because it has the su binaries in the ramdisk.
You can run the following when booted into CWM since CWM will mount /data:
Code:
dd if=/dev/block/mmcblk0p10 of=/data/media/system.img

leobg said:
[snip]
Anyone have the dd syntax handy and the partition that needs to be dumped?
system partition seems to be /dev/block/platform/omap/omap_hsmmc.0/by-name/system (this is the df output after I mounted it in CWM)
Would the dd command be something like
Code:
dd if=/dev/block/platform/omap/omap_hsmmc.0/by-name/system of=/sdcard/yakjuux.img
Click to expand...
Click to collapse
I think that may work. The output file may be padded with extra zeros, so you may need to trim them before flashing (this is certainly the case when you dump the radio).
EDIT: I would probably use this instead (although I am not sure it will make a difference:
Code:
dd if=/dev/block/platform/omap/omap_hsmmc.0/by-name/system of=/data/media/yakjuux.img

efrant said:
I think that may work. The output file may be padded with extra zeros, so you may need to trim them before flashing (this is certainly the case when you dump the radio).
EDIT: I would probably use this instead (although I am not sure it will make a difference:
Code:
dd if=/dev/block/platform/omap/omap_hsmmc.0/by-name/system of=/data/media/yakjuux.img
Click to expand...
Click to collapse
Yes, that was what I actually ended up doing since /sdcard was a sym link to /data/media. Resulting file is 654MB uncompressed. I wonder how can I easily check if content is right on a win machine.
---------- Post added at 09:44 PM ---------- Previous post was at 09:37 PM ----------
silow said:
CWM provides you "root" because it has the su binaries in the ramdisk.
You can run the following when booted into CWM since CWM will mount /data:
Code:
dd if=/dev/block/mmcblk0p10 of=/data/media/system.img
Click to expand...
Click to collapse
Yes, I meant it's not necessary to make any changes on the filesystem to achieve it once bootloader lock is off. And by simply relocking the device after, there are zero traces of any 'hackery' being done on the phone.

leobg said:
Yes, that was what I actually ended up doing since /sdcard was a sym link to /data/media. Resulting file is 654MB uncompressed. I wonder how can I easily check if content is right on a win machine.
Click to expand...
Click to collapse
There is obviously some extra padding in there, as the file size should be closer to half that size uncompressed.
---------- Post added at 09:08 AM ---------- Previous post was at 08:51 AM ----------
leobg said:
[snip]
And by simply relocking the device after, there are zero traces of any 'hackery' being done on the phone.
Click to expand...
Click to collapse
Not sure why so many people are worried about "traces of hackery". I can't speak from personal experience, but many Nexus One owners (if not all of who have attempted), had NO issues returning devices to HTC that were unlocked... Remember, the N1 did not have a relockable bootloader, so they obviously knew you were messing around.

You don't have to FLASH CWM to USE CWM.
Just BOOT CWM. Simple.

[Q] SIM not recognized - Help needed

Hi
My wife bought a Note 2 (N7100) in China, second hand. I thought it was stock, so I tried to update it manually (official update) with Odin. But of course it was rooted and with some chinese ROM (my guess since I saw chinese charachters).
That didn't work so I proceeded to install a custom rom. After trying over and over, my phone would not recognise the SIM no longer (it worked before I started out with this mess). I have basically tried installing multiple roms (4.1, 4.3, 4.4), Odin fails when trying offical roms, multiple modem zips etc. Dont know what to do.
Problem is that I can not get the PCode because there is no connection with the SIM. IMEI is on the back of the phone, but trying *272*#IMEI-code# doesn't give me nothing because i just get fail. Trying to download a official rom from china over baidu.com, but until now no luck. What would you do? Right now its a phablet with wifi, nothing else. Anyone have an idea how to fix this little mess I put myself into?

Flash custom recovery and TRY THIS method in ADB.
Confirm if they have the same efs address though, but I think it's the same.

cz4r3n said:
Flash custom recovery and TRY THIS method in ADB.
Confirm if they have the same efs address though, but I think it's the same.
Click to expand...
Click to collapse
Looks like my /efs/ partition is zero, nill nothing. What to do? Use it as a wifi phablet? I dont have linux, only mac, so I cant do these two steps, but I guess it does not matter since I can not open the efs.img file
linux# losetup /dev/loop0 efs.img
linux# fsck /dev/loop0
So the phone is impossible to fix now - right? /efs/ folder on phone is emtpy.

Found my IMEI number for this phone on Google Dashboard. Is it possible to restore the EFS image only using that?

mikasjoman said:
Found my IMEI number for this phone on Google Dashboard. Is it possible to restore the EFS image only using that?
Click to expand...
Click to collapse
Did you ever have a backup on your efs?If yes, then restore it.there are so many threads on how to restore your efs.
---------- Post added at 07:55 PM ---------- Previous post was at 07:44 PM ----------
mount efs in adb.
adb shell
su
mount
dd if=/dev/block/mmcblk0p3 of=/sdcard/mmcblk0p3.bin
Code:
dd if=/dev/zero of=/dev/block/mmcblk0p3
dd if=/sdcard/mmcblk0p3.bin of=/dev/block/mmcblk0p3
mmcblk0p3.bin

That is a no Or maybe. I made a copy to my harddrive with those instructions you linked to. Could I email the efs.img file to you and you check if its usable? Maybe it is just corrupt. I really don't know how to figure it out on this mac. If it was empty it should not be the 21 MB it is.
I did a "cat" on the efs.img file and it seems full of info.
Being the poor student I am, I wont be able to buy a new phone in some time

Sucessfully flashed 98.18.78 recovery into Locked 98.30.1

I understand it is currently not possible to unlock a Razr M with 98.18.94 or 98.30.1 OTA. Never the less, I had been trying to restore a previous VooDoo root that I deleted before the last OTA. Through the experimenting, I screwed up the flash on my phone, and recovering it, I found something that might be interesting.
As others pointed out, downgrading does not work. Flashboot gives various errors. When I screwed up my file system, I was able to flash from 98.18.94 (which I had) to 98.30.1 (which was the only download I could find) using RSD Lite. I was lucky it worked. And since I have been able to experiment and keep flashing 98.30.1 over and over.
I would like to report that in my experiments, I noticed an interesting fact about the recovery.img:
I am able to flash stock 98.18.78 recovery to my phone running 98.30.1.
I have verified the recovery.img contents are not the same, according to a WinMerge file compare, they are ~10% the same
When I try to flash twrp or cwm recovery, the only fastboot error is to the effect "wrong partition size".
The size of .78 and 98.30.1 recovery are the same, 10,485,760 bytes
On the other hand, if I try to flash the .78 system.img fastboot, or use RSD lite to flash .78, I see different security related errors on the phone's fastboot screen- none of which mention partition size. Of course, this is related to the Locked Bootloader I have.
What I wonder is, since the error for the recovery.img is not a security related one, but one of size, and the fact that it took recovery from .78- I wonder if a cwm or twrp made to be the same size as stock Moto recovery, would it be able to sneak in?
Right now my Razr M has gone from 98.18.94 to 98.30.1 with a 98.18.78 recovery. And I'm working ok.
I am not a professional Android Dev. But I am going to do the research and try to modify a cwm type recovery to match the size of a Moto recovery, and see what happens.
I invite anyone with real experience to contribute.
Bryan

bryanwieg said:
What did you say?
Click to expand...
Click to collapse
Well I hope you have something here!
We need someone like jbaumert or Phil3759 to chime in here.

aviwdoowks said:
Well I hope you have something here!
We need someone like jbaumert or Phil3759 to chime in here.
Click to expand...
Click to collapse
I have already found that if I take the OTA recovery and unpackbootimg and then mkbootimg without changing anything.. it recompiles down to aprox 5mb, which is different than the size it started from Moto.
So I am looking at if the size is set in how the img is compiled.

30.1 and .94 are the same updates, just different system versions. As for the other stuff, I'm not even sure what to say. I'm with Avi on this, I definitely would like to see what a dev has to say.

New Philz coming BTW.
http://forum.xda-developers.com/showpost.php?p=48881182&postcount=2003
Others could ask for the padded up Philz or at least Quote my post.
http://forum.xda-developers.com/showpost.php?p=48886733&postcount=2004

aviwdoowks said:
New Philz coming BTW.
http://forum.xda-developers.com/showpost.php?p=48881182&postcount=2003
Others could ask for the padded up Philz or at least Quote my post.
http://forum.xda-developers.com/showpost.php?p=48886733&postcount=2004
Click to expand...
Click to collapse
I found out via a hex editor, both files have empty data insert after the same point, with certificate data at the end, and it winds up making each file the same size. The data before the 'empty data' in each file is mostly different bits.
My current problem is that when I decompile an img, and recompile it, it's bigger, meaning that I cannot insert the 'empty data' at the same point they did.

bryanwieg said:
I found out via a hex editor, both files have empty data insert after the same point, with certificate data at the end, and it winds up making each file the same size. The data before the 'empty data' in each file is mostly different bits.
My current problem is that when I decompile an img, and recompile it, it's bigger, meaning that I cannot insert the 'empty data' at the same point they did.
Click to expand...
Click to collapse
They are both signed with the 128, or more, bit code. Which is what makes this a such a Loooooong shot.

aviwdoowks said:
They are both signed with the 128, or more, bit code. Which is what makes this a such a Loooooong shot.
Click to expand...
Click to collapse
Well, you'r right on the money. I appended data to a CWM recovery the same as Moto did to thiers, including the certificate at the end.
I didn't get a partition size error this time, but I did get a 'Failed to hab check for recovery'.
Granted, I didn't manage to place the 'empty data' at the same point in the file as the stock roms did. Other than that, it must be the certificate.

bryanwieg said:
What I wonder is, since the error for the recovery.img is not a security related one, but one of size, and the fact that it took recovery from .78- I wonder if a cwm or twrp made to be the same size as stock Moto recovery, would it be able to sneak in?
Click to expand...
Click to collapse
No, because it first checks the size (or whether it's a valid image at all) and if the size is correct, it checks the signature.

I found that I can put recovery all the way back to 98.15.66. I haven't tried further back due to kernel version.
I tried to then apply an update ZIP to something pre 98.30.1, and it passed validation (woohoo), but if failed an assert that checked the version in the props. (cry)
I wish there was something in the older recoveies we could exploit.

Really glad to see someone is still trying to find some sort of exploit for this device in it's updated state, it seemed like everyone had completely given up on it. My girlfriend recently grabbed a used Razr M to use for a while but it's fully updated, and I would love to be able to root it for her. I'll be following this thread to see if anything comes of this recovery downgrading

I'm pretty sure you can edit the props from what I can remember.
Sent from my XT907 using xda app-developers app

bryanwieg said:
I found that I can put recovery all the way back to 98.15.66. I haven't tried further back due to kernel version.
I tried to then apply an update ZIP to something pre 98.30.1, and it passed validation (woohoo), but if failed an assert that checked the version in the props. (cry)
I wish there was something in the older recoveies we could exploit.
Click to expand...
Click to collapse
You can use root eplorer free to extract the single img from the 404 or 411 xml.zips
---------- Post added at 10:44 AM ---------- Previous post was at 10:39 AM ----------
Here http://sbf.droid-developers.org/phone.php?device=8
---------- Post added at 10:48 AM ---------- Previous post was at 10:44 AM ----------
The razr hd (2), atrix hd, photon Q all use a recovery w/ same key. Git to work man!

Re:
So, it is RSD that is keeping it from flashing, would the bootloader(locked) boot a recovery partition that isn't signed? Has anybody tried to dd the recovery partition? I will grab a TWRP dd recovery image if you guys have an interest in trying that.
It would still require root and either a terminal emulator or adb shell.

815turbo said:
So, it is RSD that is keeping it from flashing, would the bootloader(locked) boot a recovery partition that isn't signed? Has anybody tried to dd the recovery partition? I will grab a TWRP dd recovery image if you guys have an interest in trying that.
It would still require root and either a terminal emulator or adb shell.
Click to expand...
Click to collapse
Am I alone here now?
Does anyone with a locked boot loader want to try this? I could create a windows shell script to make it easier if that's the worry.

I am willing to try it out. Win 7 64bit... pass me needed staf to flash it
Sent from my XT907 using xda app-developers app

please do
815turbo said:
Am I alone here now?
Does anyone with a locked boot loader want to try this? I could create a windows shell script to make it easier if that's the worry.
Click to expand...
Click to collapse
sure do, i'm on win8, but also had win xp, how can i do it? what to download, what to execute? i can adb shell i think. i've survived from bricked before the screen said "flash failure".

benya274 said:
sure do, i'm on win8, but also had win xp, how can i do it? what to download, what to execute? i can adb shell i think. i've survived from bricked before the screen said "flash failure".
Click to expand...
Click to collapse
I'll post it in just a few minutes. I will also post the required commands and we'll be backing up current recovery. If it fails, it should be no problem to restore your backed up recovery.
Download TWRP image on your phone from: titanroms.com/upload/rec.img
Please get to an adb prompt and run these commands:
su
cd /sdcard
dd if=/dev/block/platform/msm_sdcc.1/by-name/recovery of=/sdcard/recbak1.img
dd if=/dev/block/platform/msm_sdcc.1/by-name/recovery of=/sdcard/recbak2.img
Please ensure that both copies are 10MB. The dd command should end by saying "10485760 Bytes Copied" on all of the "dd" commands.
Now, you should have two backups of the recovery partition and the TWRP Image you downloaded from here all on your sdcard.
You can follow with these commands AFTER your backup has completed.
cp /sdcard/Download/rec.img /sdcard/rec.img
dd if=/sdcard/rec.img of=/dev/block/platform/msm_sdcc.1/by-name/recovery
dd if=/dev/block/platform/msm_sdcc.1/by-name/recovery of=twrprecbak.img
mount -o remount,rw /system
mv /system/etc/install-recovery.sh /system/etc/install-recovery.bak
mv /system/recovery-from-boot.p /system/recovery-from-boot.bak
reboot recovery
In the event of a failed attempt at this you can run the following from adb:
su
cd /sdcard/
dd if=/sdcard/recbak1.img of=/dev/block/platform/msm_sdcc.1/by-name/recovery
Give me a holler if you don't understand this well. Good luck, guys.

I am gonna try it out tomorrow,i dont have time to do it tonight cause i need to go to work. My pc on work does not have internet connection I will keep u guys posted on any progress.
Sent from my XT907 using xda app-developers app

Just wanted to say I flashed the old ICS recovery to mine using fastboot commands but it didn't get me very far though.if I then try and flash the corresponding blur zip from recovery it just says invalid signature. Was trying to find a way to downgrade so I could get rooted..
Sent from my XT907 using Tapatalk

[OBSOLETE THREAD] Rooting LG G4S (H735)

[OBSOLETE THREAD]
This thread is obsolete. A solution was found, which is posted here:
http://forum.xda-developers.com/g4/help/method-to-root-lg-g4s-model-h735-lg-g4-t3248030
Please use the new thread for discussions.
------------------------
Original thread:
------------------------
Hi,
I have been trying to root the LG G4S (H735), also known as "LG G4 Beat".
I tried two things:
Approach 1
I tried the method posted by konsolen in this thread:
http://forum.xda-developers.com/g4/general/lg-g4s-world-root-lg-devices-t3231759
but it didn't work for me. I tried several times with varying approaches, but the boot process always gets stuck on the LG logo.
Approach 2
I also tried to inject the root as suggested in this thread for the G4:
http://forum.xda-developers.com/g4/help/rooting-lg-h735-g4-beat-t3192491
I've used the Inject_Root_G4.zip from this link, which I believe is the same shared elsewhere:
https://mega.nz/#!BIxUzbqI!nt2YnGnGQlSiBQ-Ar-c-q7oDMIEsg6xd0Kmek-q0clg
And I get the same problem - stuck on the LG logo when booting.
For anyone who wants to reproduce Approach 2 to maybe find a solution:
1. Start up LGFlashTool2014. You can follow instructions in thread by konsolen (see Approach 1 above). You can use his .kdz file as well. Important: Pull out your USB cable as soon as the green letters COMX (with a number instead of X) appear on the phone. My flashtool actually didn't display the progress percentage, but apparently this at 9%. It doesn't matter if you don't see the percentage though, I've verified with this KDZ image that if you pull the cable at the very moment the green letters appear, nothing is corrupted. The phone will still display 0%. Leave it as it is after you unplugged the cable.
2. Kill your flash tool with the windows task manager. After it closed, you can plug the phone back in and open a windows command line in the folder where your Send_Command.exe is (you can download the package in konsolen's instructions which contains Send_Command.exe as well).
3. Open the console to your phone with
Code:
Send_Command.exe \\.\COMX.
(with your number instead of X)
You will have to do steps 1-3 every time you want to get this console, for example to run all the dd commands below.
4. Calculate the dd parameters and backup your system partition into a .img file. There is an excellent guide by dominik-p for how to determine your individual dd parameters:
http://forum.xda-developers.com/g4/help/how-to-determine-dd-parameters-lg-g4-t3184867
5. Keep a copy of your system.img somewhere safe, you can use it to restore your system if something goes wrong. So don't use this original in the next steps!
6. Copy the .img file to a linux system and mount it. I'm guessing who is trying this knows how to do this. Anything you change in the folder you mounted the image on, will be saved in the image. You can then use this updated image to overwrite your original system partition, again with dd (as described in the thread by dominik-p) using your parameters. So here's the crucial bit: You get root access to your system files via linux. When you know the right things to mess with, you can root your phone with the updated image. Injecting the root as done in step 8 is one way to change the system on the G4 in order to root it.
7. [Optional] If you are new to this, you may want to do a simple test before you continue.
Create a testfile (test.txt) on the mounted system partition. Then copy the .img file back to your phone and try to "dd" it back over your system partition.
Then, check if you see the test file on your system partition -- you may have to reboot the phone after the dd command (and log back in with Send_Command.exe) in order to see the updates.
8. Inject root with the Inject_Root_G4.zip on the mounted folder of the image on your linux system. You can follow instructions (Step 2) here:
http://forum.xda-developers.com/g4/general/lg-g4-100-root-success-directives-root-t3180586
9. Copy the new img file to your phone and "dd" it over your system partition, using your own dd parameters.
10. Reboot the phone (you can also just type LEAVE in the Send_Command.exe console).
Now, it should be rooted - if it worked for you!
If it worked for you, that's great. It didn't for me, it got stuck on the LG logo in the boot process again. So I had to write my original system.img back onto my system partition to get the phone back.
I did get the following errors in Step 8 above, though I did try anyway to use the resulting image. The errors may have something to do with my problem, but it may also be because the inject root is for the G4, not the G4s.
Code:
sudo ./autoroot.sh
cp: cannot create regular file ‘operatingtable/lib64/libsupol.so’: No such file or directory
chmod: cannot access ‘operatingtable/lib64/libsupol.so’: No such file or directory
chcon: cannot access ‘operatingtable/lib64/libsupol.so’: No such file or directory
chmod: cannot access ‘operatingtable/bin/app_process64_original’: No such file or directory
chcon: cannot access ‘operatingtable/bin/app_process64_original’: No such file or directory
chmod: cannot access ‘operatingtable/bin/app_process_init’: No such file or directory
chcon: cannot access ‘operatingtable/bin/app_process_init’: No such file or directory
If anyone finds a solution to this, or has any ideas what could be tried, I would be very interested to hear it. I'm new to rooting phones and don't have much experience beyond what I did in the last days.
Cheers
Jennifer

jen.magnolis said:
4. Calculate the dd parameters and backup your system partition into a .img file. There is an excellent guide by @dominik-p for how to determine your individual dd parameters:
http://forum.xda-developers.com/g4/help/how-to-determine-dd-parameters-lg-g4-t3184867
Click to expand...
Click to collapse
Happy that my guide has helped you
As I said here:
http://forum.xda-developers.com/g4/help/rooting-lg-h735-g4-beat-t3192491/page5
Everyone who is interested to inject root must edit the autoroot.sh from the inject.zip and use the correct files from SuperSU
More information about the files:
https://su.chainfire.eu
Maybe you have to use other files. Not the files from the inject.zip
Download the Update-SuperSU zip from http://download.chainfire.eu/supersu
Copy the files you need to the "su" folder of the extracted inject.zip
For information which files are needed read the "update-binary" file from the SuperSU zip.
(located here META-INF/com/google/android/update-binary)
Good luck everyone :good:

Thanks again for the links! I'll try again soon, when I get time for it, and report the results here
By the way, here's the ls -lR of my system.

Ok, no problem, take your time.
I've got also lot of other work to do...
I just read your system.txt (thanks)
According to these lines:
Code:
lrwxr-xr-x. 1 root 2000 13 Aug 24 02:05 app_process -> app_process32
-rwxr-xr-x. 1 root 2000 13588 Aug 24 02:05 app_process32
It seems that the firmware is 32 bit.
More info about your firmware is in /system/build.prop
So you have to take the right lines from update-binary and copy them and edit the autoroot.sh
Please don't ask me which lines. It's a bit difficult... (you have to understand the logic in update-binary)
Then copy the files from the right folder (arm?) to the "su" folder.
Sorry. I'm out now here for the next time. I have a H815 and happy with it.
I think you will find the solution. :good:

Custom Recoverys
Hi All
Are there any custom recovery's for the G4 beat/G4s
Thanks

Thanks dominik-p for your help. Good luck with your other work, don't worry I won't distract you with asking questions You already helped a lot.
benji5688, you can check for official firmware (.kdz file) on this link, pasting your IMEI instead of YOUR-IMEI in the link below.
http://csmg.lgmobile.com:9002/csmg/b2c/client/auth_model_check2.jsp?esn=YOUR-IMEI
I did not find any for mine there, but I did find it on
http://devtester.ro/projects/lg-firmwares/
Which brought me to this link where I could find mine:
http://pkg02.azure.gdms.lge.com/dn/downloader.dev?fileKey=FW703UV132GQAUP7A0ED99N/H73510c_00.kdz
but you should look for your specific model.

jen.magnolis said:
Hi,
I have been trying to root the LG G4S (H735), also known as "LG G4 Beat".
I tried two things:
Click to expand...
Click to collapse
LOL
I did the exact same thing as you, and really the EXACT, I also contacted dominik-p for the same problem you got with the bs. LOL
Was about to do the same thing you did here too just told that to dominik-p lol.
You post is great, well detailled. Hope someone found something
But got something different. my phone is the LGH731 LG G4 Vigor from Videotron in Canada.
If someone need files or system.img LINK
That's not the exact same thing as the post owner but i'm pretty sure the root method will be. (DON'T use this system.img to inject in you H735) it's from a H731 and they don't have the same partition size.

Ha, that's funny, and you got the same problem of course (frozen logo boot).
We will find a solution. It's just a matter of time. I'm a bit pressed for work in the next days but I'll get back into it around mid week. I think the main problem was, as I suspected and also as dominik-p pointed out, we've been using the wrong inject files. And the G4s is 32 bit so obviously it won't work with 64 bit libs.
First thing I'll try is using the other files from the link dominik-p shared. I'll also read the guide and try to understand which files need to be changed to gain root access in general, i.e. learn the basics of how to root. Then I think/hope I'll be able to fix this. And finally get to move all my stuff onto SD and get my storage back
Meanwhile, if you get any new results, let me know.
Cheers

jen.magnolis said:
Ha, that's funny, and you got the same problem of course (frozen logo boot).
We will find a solution. It's just a matter of time. I'm a bit pressed for work in the next days but I'll get back into it around mid week. I think the main problem was, as I suspected and also as dominik-p pointed out, we've been using the wrong inject files. And the G4s is 32 bit so obviously it won't work with 64 bit libs.
First thing I'll try is using the other files from the link dominik-p shared. I'll also read the guide and try to understand which files need to be changed to gain root access in general, i.e. learn the basics of how to root. Then I think/hope I'll be able to fix this. And finally get to move all my stuff onto SD and get my storage back
Meanwhile, if you get any new results, let me know.
Cheers
Click to expand...
Click to collapse
Yes i'm trying this today (the 32-64 bits thing)

Custom recovery
What does this file do though?
Is it a custom recovery or is it the stock rom?
Thanks Benji

benji5688 said:
What does this file do though?
Is it a custom recovery or is it the stock rom?
Thanks Benji
Click to expand...
Click to collapse
It's the stock ROM. It can be used for recovery, depending what your problem is. If you destroyed your ROM by trying to root, you can recover with this.
If you mess with something in your system partition (where the Android OS is installed), you'd need a copy of your individual system partition (like a "backup") to restore. This highly depends on your phone/version, so you have to do this backup yourself. You can follow the instructions with the dd parameters, linked to from the main thread.

Are there any custom recoverys
Hi
Are there any custom recovery available, I want to get Xposed.
Can anyone make one?
Thanks for all the help

benji5688 said:
Hi
Are there any custom recovery available, I want to get Xposed.
Can anyone make one?
Thanks for all the help
Click to expand...
Click to collapse
I far as I know to get Xposed you need to be rooted... Well there is no root method availaible, well you can try the methods that Jen explained here but I doubt they will work... if yes, you lucky ****

Is the g4s running marshmallow? Is so you would need to use a compatible su install.
Sent from my VS986 using XDA Free mobile app

larsdennert said:
Is the g4s running marshmallow? Is so you would need to use a compatible su install.
Sent from my VS986 using XDA Free mobile app
Click to expand...
Click to collapse
No the problem is really just changing the 64 bits command to make then use the 32 bits ones
I manage everything except this one
Code:
chcon --reference=operatingtable/bin/app_process32 operatingtable/bin/app_process64_original

I agree with xsteacy, this will most likely not work, that's why we opened this discussion
We just have to find the right files to use (instead of the 64 bit ones).
I will get back onto the subject by Wednesday when I have time.

I solved it! My phone is rooted
I asked someone to test my script before I post the results. Hang on there, tomorrow I'll post the solution.
Good times!

jen.magnolis said:
I solved it! My phone is rooted
I asked someone to test my script before I post the results. Hang on there, tomorrow I'll post the solution.
Good times!
Click to expand...
Click to collapse
0.0 OH!?

Ok I'm putting it out there for others to test as well.
Please report if it worked so I can take this into account before updating the main thread instructions.
In the attached .zip file there is a README with instructions.
Note: Thanks goes to @konsolen who shared instructions on how to open the COM port on the H735.
The script in konsolens post is essentially the upater-binary script of the SuperSU package, but with a few modifications.
That may have been necessary on konsolens phone, but it didn't work on mine. For me, using the original script worked.
However, the zip file has to be extracted manually with busybox before the updater-binary script is started. I am not
sure if busybox absolutely needs to be in the /sbin folder, but that's where I saw elsewhere that it belonged, so
I moved it over there in my script. I haven't tested this with busybox being elsewhere.
Thanks goes also to @dominik-p for sharing the link to excellent documentation and for his instructions on how
to make a backup (with dd) of your system, in case anything goes wrong.
UPDATE: I did all commands in root_lgh375.sh manually when I found it already worked, so please report if all is good with the script, but I think it should be, it only does what I did manually.

Congratulations @jen.magnolis
Well done