Develop Bugs

Building Stock Firmwares (Verizon Specifically)

Hey guys, I've been reading for a while now, finally decided to sign up.
I'm making some modifications to the Galaxy Tab, just playing around and seeing what all is possible. Before I go start deleting potentially important system files, I wanted to get myself a little 'brick insurance'. I'm looking to get a copy of the stock firmware for the US Verizon Wireless version of the Tab (SCH-I800). It is currently running DJ11.
I don't think it is available from either Samsung or Verizon currently, although Samsung HAS provided all of the source code. If I wanted to make a backup of the firmware, something that I could load from the SDCard (ideally, just give it one of those update.zip files) how would I go about doing that?
This is my current plan, tell me if I'm not on track here. I have downloaded the Android Froyo source code available on the Android site. I downloaded the SCH-I800_OpenSource files from Samsung's open source center. If I combine these files as described in the readme from Samsung, and then build the whole project, I should get some sort of "stock" software, in basically the exact same state that it was when I got it from Verizon. Does this sound right?
I want to be able to quickly revert back to like-new set up, so I would prefer to not have to use one of the modified European/International versions if possible. Is there any other trick to getting an unmodified firmware to revert to? Any suggestions?
Thank You

I don't think it'll matter until someone creates a new recovery image. If you could get a clockwork recovery image, you'd be a hero

DavidThompson256 said:
This is my current plan, tell me if I'm not on track here. I have downloaded the Android Froyo source code available on the Android site. I downloaded the SCH-I800_OpenSource files from Samsung's open source center. If I combine these files as described in the readme from Samsung, and then build the whole project, I should get some sort of "stock" software, in basically the exact same state that it was when I got it from Verizon. Does this sound right?
Click to expand...
Click to collapse
Not even close i'm afraid!
Samsung are only required to release the Linux kernel source. The actual OS is not licensed under a "copy left" license, so Samsung are under no obligation to release their customized Android code.
So, you could create your own AOSP build, but this would be absolute stock Froyo - no Samsung launcher, or any of their custom apps.
Regards,
Dave

Yaotl said:
I don't think it'll matter until someone creates a new recovery image. If you could get a clockwork recovery image, you'd be a hero
Click to expand...
Click to collapse
You can use odin or redbend_ua to flash firmwares, you don't necessarily need clockwork - although it would be nice!

Hey infamousjax,
Do you happen to have an update.zip for the verizon tab you can upload? I managed to ninjamorph my framework so nothing opens anymore. I must have used a file that was the wrong png format or something. Anyway I do have the backup framework-res.apk, but I am unsure on the "update-script" as I can't get programs on my tab at the moment.

ninja4hire said:
Hey infamousjax,
Do you happen to have an update.zip for the verizon tab you can upload? I managed to ninjamorph my framework so nothing opens anymore. I must have used a file that was the wrong png format or something. Anyway I do have the backup framework-res.apk, but I am unsure on the "update-script" as I can't get programs on my tab at the moment.
Click to expand...
Click to collapse
I have the Sprint version... and the stock recovery can't flash update.zips unless they are signed.

infamousjax said:
I have the Sprint version... and the stock recovery can't flash update.zips unless they are signed.
Click to expand...
Click to collapse
Yeah I just tried to make an update.zip and sign it with a test signer. Now when go into recovery and run the update.zip it freezes on an Android icon with an exclamation point.

ninja4hire said:
Yeah I just tried to make an update.zip and sign it with a test signer. Now when go into recovery and run the update.zip it freezes on an Android icon with an exclamation point.
Click to expand...
Click to collapse
Can you boot up regularly?

yeah, it's just that I can't open programs or the settings menu.
edit: I have been trying to do an update.zip, but I keep getting "E: signature verification failed". I have tried to different signers already...
This one
http://www.robmcghee.com/android/creating-an-android-update-zip-package/
and this one
http://www.londatiga.net/it/how-to-create-android-update-zip-package/

Your not going to able to sign it without Samsung's signatures... and good luck finding those

yeah I pretty much gave up. I called last night and got the verizon insurance. So now I'm just gonna wait a few days then tell them I dropped it and pay $80 for a new one.

just tell them it started bootlooping for no reason... they should replace it for free if its within 30 days

So it sounds as though I'm not really on the right track here, perhaps I don't need to recompile this thing myself. From some of the replies, I've gathered that there IS at least some way to create a backup of the firmware, in case I screw it up.
Can anyone point me to specific steps on how to do a backup for the Tab? I've seen several guides for other phones before, but I believe that each device is slightly different, and may take different steps. Any suggestions?
Thanks again.

For your stock recovery
Code:
cat /dev/block/bml8 > /sdcard/recovery.bin
For your kernel
Code:
cat /dev/block/bml7 > /sdcard/zImage

Thanks a lot, that info was really helpful!
So, unrelated now, but just kind of curious... is there a reference sheet somewhere or something that explains what each of the files in /dev/block is for? I know they are different sections of the filesystem.
I have about 60 different files in that directory, and was just curious to know what each of them was for.
Thanks again for all the info.

DavidThompson256 said:
is there a reference sheet somewhere or something that explains what each of the files in /dev/block is for? I know they are different sections of the filesystem.
Click to expand...
Click to collapse
What they represent is different devices, not different sections of filesystems. At best (without RAID or LVM) each device holds one filesystem. In unix, filesystems can be mounted at various points into the root filesystem to appear as a single namespace, but they will still be separate filesystems.
Under the block dir you will see anything that is a block device, anything that can be written to randomly, as opposed to a serial type of device. So, all the random access hardware on your device (SDCARD, NAND...) will be represented there except for your RAM. Each physical device will likely have partitions on them so, if a device is named xxx, xxx01 will likely mean partition one on device xxx. Sometimes the same device will appear with several names, one may be buffered access, the other may be raw.
Your internal NAND is likely on the same device, just different partitions of that device. Some of these partitions may not hold filesystems, they may hold other blobs such as a boot loader, or the kernel. To see which ones hold filesystems, you can type df in a terminal and you will likely see which devices are mounted where in the filesystem namespace.
As for the rest of the devices and partitions, they are very hardware device specific. And I don't own a Galaxy tab, so I can't help with that, sorry. But, I hope I didn't give you info you already knew and I hope it might have been at least somewhat helpful...

[Q] Play Store

I have the Nokia N1. Is it there any way to install the Google Play Store (and Play Services) in it?

cisoprogressivo said:
I have the Nokia N1. Is it there any way to install the Google Play Store (and Play Services) in it?
Click to expand...
Click to collapse
haven't found a method yet so far,just wait till international version rom release

Same here. Couldn't find a way to install Play Store yet >_<

The only way for now, is either to wait for a miracle on a root method on the tablet, or wait for the official international release for their ROM.
My N1 is back into its box, as it's pretty much useless now, since over 80% of the apps these days requires Google Service Framework.

It's fine to be a MP4 player now.Install MX player, some comics reader, and some China online games. Hope official GSF come out asap.

LeignHan said:
haven't found a method yet so far
Code:
,just wait till international version rom release[/QUOTE]
I tried several times also. I noticed the model at GMC was had the chinese version info on the back of the device but was running Play Store. Tried a few versions but it exited after a breif pinwheel. The N1 device is listed on googles accepted device list pdf with no specific model information. Maybe the next version of Play store ? IDK how it works. Anyway device is not useless for me - I found most apps I require on Amazon Store or APKs. The Nokia zlaunch is excellent and waking up with screen double touch I like also. I owned apple ipad mini and prefer the build of this. Feels very sturdy - well built.
Click to expand...
Click to collapse

I also got my N1 yesterday. I tried to install the Play Store, yet no success. I also tried the method used to install it on Xiaomi devices, but the offered Play Store there is not compatible with 5.0 (permission READ_LOGS seems to be required, thus the apps crash)
I thought also about flashing the PA Gapps via the "stock" recovery. I tried following:
- Put gapps zip in /mnt/sdcard/ and renamed it to update.zip
- reboot into recovery using adb (adb works fine so far)
I hoped that the recovery would flash the zip as an update, but the error screen appeared. Knows somebody if the zip name and location are correct?

crys_ said:
I also got my N1 yesterday. I tried to install the Play Store, yet no success. I also tried the method used to install it on Xiaomi devices, but the offered Play Store there is not compatible with 5.0 (permission READ_LOGS seems to be required, thus the apps crash)
I thought also about flashing the PA Gapps via the "stock" recovery. I tried following:
- Put gapps zip in /mnt/sdcard/ and renamed it to update.zip
- reboot into recovery using adb (adb works fine so far)
I hoped that the recovery would flash the zip as an update, but the error screen appeared. Knows somebody if the zip name and location are correct?
Click to expand...
Click to collapse
I think the GAPPS zip file is not signed officially. Unless 3rd party recovery is installed, the un-signed gapps is no way to get into N1.

How did you get adb working? It doesnt seem to work for me with the Google USB drivers
EDIT: Nvm I figured it out, I needed to manually install the Google USB driver

Hello,
Has anyone of you checked if fastboot is available? Is the bootloader finally locked or not?
What have you actually checked/tested? At least could save some other guy sometime avoiding non-working retries ...
---------- Post added at 09:29 PM ---------- Previous post was at 09:19 PM ----------
Just in case it gives someone some idea. Latest nexus player came with a 64bit Atom. Could gapps be obtained from there? Just in case architecture is the problem ...

inakipaz said:
What have you actually checked/tested?
Click to expand...
Click to collapse
Okay, so I am far from an expert, here's what I found:
1. You can boot into fastboot by pressing power + vol. down when the device is off. See the attachment how it looks. I've tried a few oem commands: fastboot oem unlock, fastboot oem ?, fastboot oem command list, they don't work.
2. AFAIK there is no root method. I've tried Kingo root, others tried Root Genius, both fail to root it. Looking at chinese forums with Google translate looks like they're waiting for an international ROM with Google stuff to flash.
3. You can install Google play services. It will just crash each time something tries to use it. I've made a sample app that tries to use it, I see these exceptions in Logcat:
Code:
java.lang.SecurityException: attempting to read gservices without permission: Neither user 10060 nor current process has com.google.android.providers.gsf.permission.READ_GSERVICES.
java.lang.RuntimeException: Unable to start activity ComponentInfo{com.google.android.gms/com.google.android.gms.app.settings.GoogleSettingsActivity}: java.lang.SecurityException: caller uid 10060 lacks any of android.permission.INTERACT_ACROSS_USERS
java.lang.RuntimeException: Unable to create service com.google.android.gms.gcm.GcmService: java.lang.SecurityException: attempting to read gservices without permission: Neither user 10060 nor current process has com.google.android.providers.gsf.permission.READ_GSERVICES.
If you are interested in anything else I can try it (unless its some dangerous stuff)

Thanks syddd,
As you say i would not flash anything. I'm not an expert either.
In other ocassions a command useful to me was to boot (not flash) into custom recovery. For recovery I would try one working on similar hardware ... And from there, install superuser to root. If it is simply a clean android, that should do it.
As I said previously on other posts, I will start doing this works on mine once I got one by mid-april.
Remember, It is always important to backup current status!

As I first step I will test something like it appears on this guide for the nexus 7:
http://forum.xda-developers.com/showthread.php?t=2415668
Adapting things to similar hardware ...
Trying fastboot boot with custom recovery to know if the device is locked. If it is it should not allow this operation.
Something like method 1 in this other guide
http://forum.xda-developers.com/nexus-player/orig-development/root-google-adt-1-android-tv-t2962905
Guide on how to port CWM
http://xda-university.com/as-a-developer/porting-clockworkmod-recovery-to-a-new-device
Similar guide on twrp
http://forum.xda-developers.com/showthread.php?p=32965365#post32965365

Thanks for the guide!
I tried to follow the clockworkmod recovery one, but could not dump the boot partition. I am thinking of extracting it from the official ROM, I just dont know where those are... We could find out by snooping on the connection while the device gets a new update.
EDIT: Also "fastboot boot test.img" results in:
C:\>fastboot boot test.img
creating boot image...
creating boot image - 2048 bytes
downloading 'boot.img'...
OKAY [ 2.521s]
BUT the device does not reboot and I see the following for a split second:
"boot command stubbed in this platform!"
where test.img is just an emty file. Does this mean that the boolloader is locked?
EDIT2: I've managed to get 2 update files by clicking the "check for update" button and snooping with Wireshark what happens. It makes a POST request to http://www.fc811.com/OTA/GetOTAFirm...&fw_id=A5CN30B&serial_no=XXXXXXXX&version=1.0 , where serial_no is the serial of your device (found in the about menu) and fw_id is your current firmware. I could download 2 firmwares with this method A5CN30B and A5CN315B. Both are minor updates, if someone has the fw version from the initial release it would be useful because we could get the 5.0.2 update.
I've put these in my dropbox: https://dl.dropboxusercontent.com/u/9186429/nokia_n1/A5CN30B_update.zip https://dl.dropboxusercontent.com/u/9186429/nokia_n1/A5CN315_update.zip
Both have a droidboot.img file inside them, which is a RAMdisk boot image.

Really really nice advances!!
Thanks! You`ve been able to download I think a valid ROM for the device! Now it should be explored ...
And yes, I suppose the boot is locked which means it will not be easy to make changes.
We will need more expert hands to guide on what's next ...
In my opinion I would try to open the Image you have downloaded.

I've opened it, as you can see they are simple .zip files. But they are not ROMs. Part of them are Android patchfiles which contain just binary diffs. The bootloader is a RAMDisk which can be opened and patched with the methods you linked. The big question is whether they can be installed or not.
EDIT: see my other post, one of the older updates contains a full system image

I've been using for about 2 months. And had it repaired once, 'coz of screen issues. They sent me a new one. Very nice! Just the color changed from silver, originally, to grey, otherwise is fine.
The battery is good. It could last longer, if very much, when compared with N7.2013.LTE. The new Intel Atom looks very promising. But as you all know, there's no google play store. So I left it sleeping in the drawer.

New Play Store APK available. Just in case can anyone test it on the device?
http://forum.xda-developers.com/showthread.php?t=1996995
Hope it now works ...

It does not work.
It installs normally, but closes when I open it, just like previous versions. The problem is that play store/Google play services need some special permissions that need root. So no root = no play store.

Just need to wait for the international ROM to leak for this thing. The problem is Nokia is taking it's sweet time to release this thing anywhere else....

HTC desire 526 vzw prepaid image files [download link]

See my other thread about the upgrade message when I connect to HTC sync manager. (Even though the phone reboots and goes thru several flash screens, nothing is changed)
Phone is HTC Desire 526 Verizon prepaid.
This time, I let it run again, but I opened the program temp folder in explorer and grabbed the files.
It has a 1.2GB file that I'm guessing is system image and a 10MB file labeled boot image.
I uploaded it to my Google drive in the hopes that someone here can find a way to use it to get us a custom ROM, or at least root, going.
Here's the files:
https://drive.google.com/folder/d/0B_Sgf7j8WktiM0pmcDJveVBFWUU/edit
Cheers.

Are those files for the US or the Europe version?

Ynlord said:
Are those files for the US or the Europe version?
Click to expand...
Click to collapse
USA, Verizon prepaid

ericpeacock79 said:
USA, Verizon prepaid
Click to expand...
Click to collapse
Which one is exactly the temp directory of the program?

Ynlord said:
Are those files for the US or the Europe version?
Click to expand...
Click to collapse
Ynlord said:
Which one is exactly the temp directory of the program?
Click to expand...
Click to collapse
I pulled those files from the temporary download location of the HTC program on Windows, just after it downloaded the update, while it was copying the files to the phone.
It was in the Program Files directory of the HTC desktop program, instead of the windows user profile temp folder like most programs.
The files uploaded are the update files.

ericpeacock79 said:
I pulled those files from the temporary download location of the HTC program on Windows, just after it downloaded the update, while it was copying the files to the phone.
It was in the Program Files directory of the HTC desktop program, instead of the windows user profile temp folder like most programs.
The files uploaded are the update files.
Click to expand...
Click to collapse
I was having trouble downloading the one that you posted, i downloaded again with the htc sync manager and got it on this location C:\Users\<your_user_name>\AppData\Local\HTC MediaHub\FOTA.
Should i go to recovery and fast it or should i use adb for it?

Ynlord said:
I was having trouble downloading the one that you posted, i downloaded again with the htc sync manager and got it on this location C:\Users\<your_user_name>\AppData\Local\HTC MediaHub\FOTA.
Should i go to recovery and fast it or should i use adb for it?
Click to expand...
Click to collapse
I do not know if it would work like that. If I had to guess, I would say fastboot, but I really don't know.
I will try it tomorrow and let you know. I still have the phone, but I don't use it and can't seem to sell it on Craigslist...

Is it possible to unpack an image of the non branded version and compare the differences.. see what we can change to possibly allow hot-spot or root?

hemanolio said:
Is it possible to unpack an image of the non branded version and compare the differences.. see what we can change to possibly allow hot-spot or root?
Click to expand...
Click to collapse
That might be difficult, given that the US-market 526 was only sold by Verizon and doesn't seem to be too popular of a phone. I never found a way to order it unlocked straight from HTC.

Does the boot.img have an unlocked bootloader?I need one thats unlocked

there is no unlocked bootloader for the Vreizon prepaid Desire 526.
I posted these files in the hopes that someone could use them to get us unlocked.

Thank You for the files.
I will take a look and let you guys know how to flash it.
It will help the bootloader issue.
I need these files to keep working on this.
Thanks again
---------- Post added at 05:54 PM ---------- Previous post was at 05:46 PM ----------
To flash the rom. Whichever of the 2 downloads it is ???
rename the file to
Code:
0PM3IMG.zip
Copy 0PM3IMG.zip to the external sd card.
Boot the phone into the bootloader / download mode.
It should find the file on the sdcard and ask you if you want to install it.
I will test it out later.
Basically if you mess something up in the phone by deleting files or whatnot this should be useable to flash back to stock.

I know I'm just an amateur with programming but couldn't you/we just "Frankencode" it? Like have two/three of the same file and keep one original, have another be the successful edit, and have another be the experimental editing?

To some extent that is what i'm working on.
The Desire 626s is the same chipset and the boot-loader is unlockable.
These RUU files / ( Factory Rom ) ruu = rom update utility come packed with some goodies.
The bootloader is in the packages for the 526 and the 626.
The question is how to flash the files from the 626 to the 526.
The ruu uses a couple different security measures to make sure the files aren't tampered with.
The main zip file is signed with keys and verified to be signed against the public half of the keypair.
It's a file called keys in the /res folder of the recovery.img ramdisk.
By generating a pair of keys ( Private and Publick ) .pk8 and .pem and dumping the public key with dumppublickeys it is possible to change the key in the /res/key of the ramdisk. This means we can modify the main zip file and sign it with our own keys and it will pass the signature test.
But the zip files inside of the main zip are also signed / encrypted.
We can decrypt the inner zip files with bruuveal. So that can extract the zip files and not get errors.
Or use the HTC Decrypt tool found on this forum.
The interesting thing here is that prior to the ruu flashing the phone it flashes the HOSD.
That's the smaller zip file.
The only reason for HTC to do that i'm thinking is because the hosd / hboot that is on the phone to begin with blocks writing of the necessary partitions by some means.
So the hosd is pre-updated to allow the main ruu to flash.
This is not the case on the 626s. The other interesting thing is that the hosd flashes by itself in the main zip not a sub zip and like I said I can get around the first file signature.
If I can get the 626s firmware to flash to the 526 then we can unlock the boot-loader.
If we can find a way to get around the inner file signing ( If I can figure out where the public half of the key is)

You can flash the software using fastboot...
fastboot flash zip <name 1st zip>
fastboot flash zip <name 2nd zip>
If the second file will not be able to - use htc_fastboot
where to take - when unpacking (executing)standart RUU file

Anyone find a solution to this problem? I have the desire 526 and it froze during upgrading with the htc sync, now it doesn't go past the boot screen and I've searched for a solution to this problem everywhere.

Is it safe to say that none of the forums have a solution to the Desire 526 vzw prepaid problem? I've searched multiple forums, youtube videos, and no one either answer the problem or the answers do not work. However most of us are just looking for the original boot & recovery, but that seems to be an impossible mission. Hopefully, someone in some forum will come up with a solution that actually works, or someone will actually respond to some of our questions.

ericpeacock79 said:
See my other thread about the upgrade message when I connect to HTC sync manager. (Even though the phone reboots and goes thru several flash screens, nothing is changed)
Phone is HTC Desire 526 Verizon prepaid.
This time, I let it run again, but I opened the program temp folder in explorer and grabbed the files.
It has a 1.2GB file that I'm guessing is system image and a 10MB file labeled boot image.
I uploaded it to my Google drive in the hopes that someone here can find a way to use it to get us a custom ROM, or at least root, going.
Here's the files:
https://drive.google.com/folder/d/0B_Sgf7j8WktiM0pmcDJveVBFWUU/edit
Cheers.
Click to expand...
Click to collapse
curious to know what file are we suppose to use?

badHTC526 said:
curious to know what file are we suppose to use?
Click to expand...
Click to collapse
No idea. I just put these up in the hopes that someone would be able to put them to good use. I'm not a dev, sorry.

I was able to find quite a few RUU's for HTCD100LVW after excavaing into the mythical 2nd & later pages of Google search. I can't remember how bad my soft brick was, but I spend somewhere near 40 hours ****ing this phone up before finally pulling the right bootable sd image on BigCountry's BL/root/TWRP method
Sent from my Desire 526 using XDA Labs

2016 version (new fingerprint scanner, combined sim/sd)

Hey guys,
It seems more and more people are receiving the new version of the P8000:
- Stock Android 6
- New fingerprint scanner that is moved slightly higher and is able to unlock phone from screen-off (I confirm this is working)
- Sim 2 is combined with the micro-sd (I haven't tried whether you can have them both in at the same time)
- Somethings new about the display, since people are reporting errors with it after flashing older roms.
Warning: do NOT flash other roms. We have no way to unbrick the soft bricks yet!
---
Other topics that refer to this version:
http://forum.xda-developers.com/elephone-p8000/general/rom-p8000-t3431571
http://forum.xda-developers.com/elephone-p8000/help/stock-rom-p8000b-t3434477
http://forum.xda-developers.com/elephone-p8000/general/p8000-version-announced-t3346848
---
For development:
- The phone does not come pre-rooted. We have no way to flash custom recovery yet. Any tips for getting root? I've tried such tools as Kingo and vRoot, they don't work.
- We need the blocks file (scatter file) for SP Flash Tools. MTKDroidTools reports "unknown rom structure". Any help? Would love to start working on this.
Looking forward to hearing from others who have this version/who can help me with these questions.
Thanks!
Emile

Nice! Can you provide a dump from /system and /boot maybe?

BlueFlame4 said:
Nice! Can you provide a dump from /system and /boot maybe?
Click to expand...
Click to collapse
I would, if I knew how to. Any pointers?

Emileh said:
I would, if I knew how to. Any pointers?
Click to expand...
Click to collapse
Sure thing. On a rooted device, go into adb shell.
Then use "mount" command to check which partitions are mounted. One should be "/dev/block/platform/mtk-msdc.0/by-name/system" or similar. Use "dd if=/dev/block/platform/mtk-msdc.0/by-name/system of=/storage/emulated/0/system.img bs=1M" to dump the system to the internal sdcard to the file "system.img". If adb complains that bs=1M is an invalid option, try again without that one. A system dump can take some time where you will not get any feedback, so be patient there
Do the same for boot. So "/dev/block/platform/mtk-msdc.0/by-name/boot" should be the way to go for the path. I cannot tell the definite pathes on Android 6.0 but I am rather sure they are more or less like this.
If you run into troubles, just ask

BlueFlame4 said:
Sure thing. On a rooted device, go into adb shell.
Then use "mount" command to check which partitions are mounted. One should be "/dev/block/platform/mtk-msdc.0/by-name/system" or similar. Use "dd if=/dev/block/platform/mtk-msdc.0/by-name/system of=/storage/emulated/0/system.img bs=1M" to dump the system to the internal sdcard to the file "system.img". If adb complains that bs=1M is an invalid option, try again without that one. A system dump can take some time where you will not get any feedback, so be patient there
Do the same for boot. So "/dev/block/platform/mtk-msdc.0/by-name/boot" should be the way to go for the path. I cannot tell the definite pathes on Android 6.0 but I am rather sure they are more or less like this.
If you run into troubles, just ask
Click to expand...
Click to collapse
Thank you for your great instructions! The problem is that we've yet to achieve root on this device. We don't have a custom recovery for this version of the P8000 yet and other 'standard' methods of rooting don't work for me.
(I'm pretty solid in shell, so I'll do this afterwards, but I guess root is actually the first step).
// Edit to say: it does not come pre-rooted

Since the elephone support on facebook didn't realize there are two different versions of the P8000 available, I still need a ROM to unbrick my phone.

flo1k said:
Since the elephone support on facebook didn't realize there are two different versions of the P8000 available, I still need a ROM to unbrick my phone.
Click to expand...
Click to collapse
Ok, we know that, but doesn't really help us
Can you write them an e-mail?

I will do
Edit: OK, see if there will be an answer.

Thank you flo1k!

I have e-mailed as well, and would like to post on the Elephone forum, but don't seem to have access (because of minimum post count, I guess)
Anyone willing to ask for a ROM for the new P8000 on the forum there?

ROM Dump
@BlueFlame4
I can provide ROM dump in two versions:
1) a dump from adress 0000 0000 to 9d80 0000 (apr. 2.5 GB in one file)
2) a readback generated with the scatter.txt of the 'old' 5.1 stock ROM (apr. 2.8 GB seperated in 23 files)

FrauHofrat said:
@BlueFlame4
I can provide ROM dump in two versions:
1) a dump from adress 0000 0000 to 9d80 0000 (apr. 2.5 GB in one file)
2) a readback generated with the scatter.txt of the 'old' 5.1 stock ROM (apr. 2.8 GB seperated in 23 files)
Click to expand...
Click to collapse
The second choice looks promising

Maybe a stupid question
where shall I upload the files - any preferred webspace?
I'm uploading the files - because they contain my NVRAM I send the link as PM as soon as the upload is finished

FrauHofrat said:
Maybe a stupid question
where shall I upload the files - any preferred webspace?
I'm uploading the files - because they contain my NVRAM I send the link as PM as soon as the upload is finished
Click to expand...
Click to collapse
Are you sure we're talking about the same version of the P8000? Cause as far as I know there isn't 5.1 available for this version... Right?
Just checking thank you for your help in any case!! Really looking forward to it.
// edit: ah, you just used the old scatter file. But does that one work for this version?

Emileh said:
Are you sure we're talking about the same version of the P8000? Cause as far as I know there isn't 5.1 available for this version... Right?
Click to expand...
Click to collapse
No, there is only one Firmware available - the mysterious P8000_6.0_20160516.
Btw, this Phone contains a new mainboard model "K06TS-L-V2.0.3" - the 'old' mainboard is moder "K05T...."
// edit: ah, you just used the old scatter file. But does that one work for this version?
Click to expand...
Click to collapse
No, it doesn't work resp. the phone boots with this firmware, but the LCD-driver is the wrong one - the display only shows coloured lines and blurry spots. And there are probabely some more bugs ....

FrauHofrat said:
No, there is only one Firmware available - the mysterious P8000_6.0_20160516.
Btw, this Phone contains a new mainboard model "K06TS-L-V2.0.3" - the 'old' mainboard is moder "K05T...."
No, it doesn't work resp. the phone boots with this firmware, but the LCD-driver is the wrong one - the display only shows coloured lines and blurry spots. And there are probabely some more bugs ....
Click to expand...
Click to collapse
But if the phone boots with the firmware, doesnt that mean that the scatter file of the regular P8000 works? Since it flashes the firmware correctly.

The problem is that I was not able to flash the 'readback files' to the faulty phone.
When selecting 'Only Download' at SP-Flashtool I got the error "PMT... must be download"
When selecting 'Firmware Upgrade" I got some BROM error code
In both cases I used the same scatter,txt which I used to 'readback' the firmware from the working phone
Actually I have to correct my statement in post #15:
I flashed the faulty phone with the last 5.1 stock ROM (160711) - with this stock ROM the phone boots up but LCD (and probably more things) is not working.

I have actually gotten alot further
You have the use the scatter.txt from Android 6.0, which works perfectly fine. I have been able to extract boot.img, system.img and recovery.img that way (using Readback in SP Flash Tools)
Which ones do you need?
They probably flash fine (only thing I've flashed so far are custom recoveries, and although my ported PhilZ starts, I havent gotten it to mount anything.)
A little warning: don't use anything that has anything to do with Android 5.1. Those scatter files don't work

These are great news!
"Which ones do you need?"
Probably all of them

Ok this contains the scatter file, preloader, system.img, boot.img and stock recovery.img
https://ehaffmans.stackstorage.com/index.php/s/uKGKCir0BociydU
You need SP Flash Tools v5, select the scatter file first, then deselect everything, and only select these 4 and manually select the correct files.
Btw, the name of the preloader file is wrong, don't worry. It came from this phone
I am of course not responsible for anything!
Can you guys please confirm this doesn't contain anything personal? Like personal files or IMEI or something. Thanks!

General Pixel Watch successfully bootloader unlocked

Shiny Quagsire has successfully unlocked the Pixel Watch's bootloader via the pogo pins (which ended up being USB like people suspected)
https://twitter.com/i/web/status/1583186847596892160

Thank you very much for info.
This sounds really interesting.
I hope Rooting is also possible with Magisk Version 25.2...
Best Regards

adfree said:
Thank you very much for info.
This sounds really interesting.
I hope Rooting is also possible with Magisk Version 25.2...
Best Regards
Click to expand...
Click to collapse
Magisk kinda works on Wear OS, but the UI is basically unusable. I am currently working on adding proper UI support, among other things.

Sorry. I come from Samsung Galaxy Watch...
Rooting only via USB cable like this:
SM-R765F Teardown
Dear friends, I found that the LTE connection is very useful when you have to leave your mobile somewhere and you can get calls and notifications through mobile connection. I bought a Gear S3 LTE (R765) from a Singapore site because in Italy it...
forum.xda-developers.com
boot.img and vbmeta.img patched with Magisk Version 25.2
Then I have nearly full access like this:
Firmware and Combination Firmware and FOTA Delta and CSC change and...
Looks like it could be harder since Tizen... A Stock Firmware for netOdin/Odin not available yet... B Combination Firmware not available yet C FOTA Delta File for study I have...
forum.xda-developers.com
No idea why write access... as Super.img is readonly... I thought...
Sorry for Hijack your Thread.
Good Luck.
Best Regards

Please, Maybe somebody could help me.
On Samsung GW4 I have only 1 Shell Linux Terminal... where I can type on Watch...
All others not show Keyboard:
Firmware and Combination Firmware and FOTA Delta and CSC change and...
Looks like it could be harder since Tizen... A Stock Firmware for netOdin/Odin not available yet... B Combination Firmware not available yet C FOTA Delta File for study I have...
forum.xda-developers.com
Exact this APK runs on all Firmware Versions I have tested:
Firmware and Combination Firmware and FOTA Delta and CSC change and...
Looks like it could be harder since Tizen... A Stock Firmware for netOdin/Odin not available yet... B Combination Firmware not available yet C FOTA Delta File for study I have...
forum.xda-developers.com
But it not handle Root...
I am too lazy to decompile and try to add something in Manifest...
Tiny and slow brain... I have.
Maybe on Pixel Watch more Apps work proper?
Thanx in advance.
Best Regards

Last 1 for today...
I have searched for APKs for "Secret Codes"...
Secret Codes - Apps on Google Play
Secret Codes allows you to scan your device and find hidden functionalities.
play.google.com
For my Samsung GW4 not work... as Codes looks like:
Code:
*#1234#
But maybe usefull for Pixel watch... in comment somebody posted:
Not 1 code is working. My "device is incompatible" try to put it in a dialer. There are other app that can forward code to a dialer app called "Engineer Mode MTK" without problems. Redmi Note 10S.
Click to expand...
Click to collapse
Sorry, I have only Samsung crap... so no idea how usefull in Android 11...
Best Regards

Maybe ask those questions in... the Samsung Galaxy Watch4 forums, maybe?

@GuyInDogSuit
The idea is to work together....
Maybe you not need Root in your Pixel Watch nor you sideload APKs to your Pixel Watch.

I'm currently working on attempting some modifications (possibly root), however the biggest blocker currently is the lack of a firmware image or OTA ZIP. So if anyone hasn't updated their watch yet and can capture an OTA ZIP URL, that would be super helpful.
In the meantime I got the kernel to build fine with my manifest at https://github.com/shinyquagsire23/kernel_manifest-r11btwifi, but now I need to build a bare-minimum rootfs/recovery so I can dump the partitions and make a factory image.

adfree said:
@GuyInDogSuit
The idea is to work together....
Maybe you not need Root in your Pixel Watch nor you sideload APKs to your Pixel Watch.
Click to expand...
Click to collapse
Maybe. But there's a reason why I mentioned that, as this is a forum for a different watch. Hence why I pointed you in that direction.

Dionicio3 said:
Shiny Quagsire has successfully unlocked the Pixel Watch's bootloader via the pogo pins (which ended up being USB like people suspected)
https://twitter.com/i/web/status/1583186847596892160
Click to expand...
Click to collapse
As cool as that is, here's hoping a more user-friendly solution is found, if the USB characger can't be used then hopefully wireless ADB asat the very least.

You won't be able to use either of those for fastboot. The cable doesn't support data transfer (it's a version of wireless charging) and wireless adb doesn't work for fastboot (needed to unlock the bootloader). The best chance we have is that someone creates a 3D printed cable.

Really hoping that this thing develops further, could really use it.
Unfortunately I already updated the watch.
shinyquagsire23 said:
I'm currently working on attempting some modifications (possibly root), however the biggest blocker currently is the lack of a firmware image or OTA ZIP. So if anyone hasn't updated their watch yet and can capture an OTA ZIP URL, that would be super helpful.
In the meantime I got the kernel to build fine with my manifest at https://github.com/shinyquagsire23/kernel_manifest-r11btwifi, but now I need to build a bare-minimum rootfs/recovery so I can dump the partitions and make a factory image.
Click to expand...
Click to collapse
Maybe you could post instructions on how to obtain the OTA url.

shinyquagsire23 said:
I'm currently working on attempting some modifications (possibly root), however the biggest blocker currently is the lack of a firmware image or OTA ZIP. So if anyone hasn't updated their watch yet and can capture an OTA ZIP URL, that would be super helpful.
In the meantime I got the kernel to build fine with my manifest at https://github.com/shinyquagsire23/kernel_manifest-r11btwifi, but now I need to build a bare-minimum rootfs/recovery so I can dump the partitions and make a factory image.
Click to expand...
Click to collapse
I was looking at your twitter and saw your awesome five minutes crafts. I just quickly measured the distance between the pins and it seems like it might be a standard distance of 1.27mm, which you can buy online. That might be easier.

Shebee said:
Really hoping that this thing develops further, could really use it.
Unfortunately I already updated the watch.
Maybe you could post instructions on how to obtain the OTA url.
Click to expand...
Click to collapse
The general gist is like, get the update notification, *don't download it* and do a bug report from the Watch app. Then download the update, do another bug report, and hope that the URL is somewhere in the logs.

shinyquagsire23 said:
The general gist is like, get the update notification, *don't download it* and do a bug report from the Watch app. Then download the update, do another bug report, and hope that the URL is somewhere in the logs.
Click to expand...
Click to collapse
The problem with the first update was that you were forced to install it before you could access the watch app. But should we be expecting a security update the first Monday of the month, like on the pixels? Or is it still too soon?

shinyquagsire23 said:
The general gist is like, get the update notification, *don't download it* and do a bug report from the Watch app. Then download the update, do another bug report, and hope that the URL is somewhere in the logs.
Click to expand...
Click to collapse
Surely there's a more reliable (if not tedious way), such as debugging/monitoring network traffic when initiating a update?

Managed to pull the boot partitions using gross fastboot schenanigans involving oem commands and ramdumps: https://drive.google.com/drive/folders/1m_gkqAopDyn4MhTtdYisGWWwpbMqoZxJ?usp=sharing
boot_b turned out to just be the same as the recovery partition. I also pulled super.img but I forget how to extract that, I'll upload system_a/b and other stuff later. No success in patching with Magisk yet though, I made an issue here.

and patched them with Magisk from my phone,
Click to expand...
Click to collapse
I see something with "Phone"...
I made this mistake with Samsung GW4.
You can not use other Hardware.
You need to run Magisk on Pixel Watch...
As Magisk need some info from device...
For my device I was successfull with Magisk Version 24.3 and now using 25.2...
Only as info.
Thanx for your Uploads.
Best Regards
Edit 1.
Not all files downloaded... started with vendor.img
Tested under Ubuntu with imjtool but no success...
Short looked with WinHex inside... no idea what it is...
But system.img is easy. Under Windows I can use 7Zip Tool to extract files.
Edit 2.
recovery.img I can extract with imjtool...
Code:
[email protected]:~/imj$ ./imjtool vendor.img extract
vendor.img is not a recognized image. Sorry
[email protected]:~/imj$ ./imjtool recovery.img extract
Boot image version 2 for OS version 0x16000167 (11.128 Patch Level 2022-7) detected (1660 byte header)
Part Size Pages Addr
Kernel (@0x0000800): 17465360 8529 0x80008000
Ramdisk (@0x10a9000): 7556181 3690 0x81000000
Device Tree(@0x17de000): 143653 71 0x81f00000
Recovery DTBO/ACPIO: 28472
MAGIC: 0x1eabb7d7
Extracting dtbo
AVB0 (@0x1809000): 2240
AVBf (@0x1ffffc0):
Tags: 0x80000100
Flash Page Size: 2048 bytes
ID: 81d8d1a935948a17696e088f49b7239d8c5dcc1c000
Name:
CmdLine: buildvariant=user
Found GZ Magic at offset 11460360
extracted/kernelimage.gz:
gzip: extracted/kernelimage.gz: decompression OK, trailing garbage ignored
-100.5% -- replaced with extracted/kernelimage
Extracting kernel
Extracting ramdisk
Searching for DT at 0x17de000
MAGIC: 0x1eabb7d7
Extracting dtbo - exists so renaming to _dtbo
Edit 3.
No idea if vbmeta.img is mandatory... for Patching with Magisk.
I have ever patched both files inside 1 tar:
Code:
boot.img
vbmeta.img

Dave_247 said:
Surely there's a more reliable (if not tedious way), such as debugging/monitoring network traffic when initiating a update?
Click to expand...
Click to collapse
I tried to reverse engineer the update API on my pixel 7 yesterday (just the part where it checks for a new update) but everything is encrypted (of course) and Google Play services refuses to accept any custom TLS certificates I put on my phone. There's probably a better way to do this, but I'm no expert. All I know now is that it uses the android.googleapis.com site.