Hello, I thought I'd create this thread to list root methods I tried that did not work, in the hopes we can find one that does.
Tools I tried:
KingRoot (PC and APK)
KingoRoot (PC and APK)
SRSRoot (think this one's fake anyway)
TowelRoot (maybe we need a modstring for it?)
One Click Root
iRoot
HTC Dev
I have not been able to get HTC Dev to work for unlocking the bootloader so far either.
DBlake1 said:
Hello, I thought I'd create this thread to list root methods I tried that did not work, in the hopes we can find one that does.
Tools I tried:
KingRoot (PC and APK)
KingoRoot (PC and APK)
SRSRoot (think this one's fake anyway)
TowelRoot (maybe we need a modstring for it?)
One Click Root
iRoot
Click to expand...
Click to collapse
sobakavich37 said:
I have not been able to get HTC Dev to work for unlocking the bootloader so far either.
Click to expand...
Click to collapse
Maybe once we obtain some sort of root, we can modify the Settings.apk to enable the bootloader unlock option. If you don't know, Android 4.4 and up require you to enable an option in developer options that allows for bootloader unlocking, but is disabled for us.
I want to root my HTC desir526 but kin root descent work
Sent from my Spice Mi-359 using XDA Free mobile app
Did you even read the title? This thread is specifically about what does not work.
htcdev doesn't work either because verizon is using a modified settings.apk that doesn't have an option for bootloader unlock.
attempting to get around this now...
Just got it
Yeah, I just got the phone....I've been learning about Root with my past two phones, but they have not been easy to work with (Samsung Stratosphere and Samsung Galaxy Legend)....it was a nightmare lol. I was hoping it would be easier with this one, but sounds like not so much....Well, I'll keep checking and hopefully we can get some ppl to help. I am willing to donate to people that know what's going on....Does anyone know if there is at least a Custom Recovery that works? Probably not tho, with the locked bootloader you guys speak of huh? Well, I'll keep searching lol.
no custom recovery until we get s-off.
Also, just because I could, I tried the cyndia impactor with no success as well.
Basic info on the device I'm using
HTC Desire 526
HTCD100LVWPP
htc_a13wlpp
bootloader version 1
android version 5.1
buildID LMY470 release-keys
Verizion Wireless
so running cat /proc/emmc reveals:
Code:
dev: size erasesize name
mmcblk0p1: 00004000 00000200 "board_info"
mmcblk0p2: 00400000 00000200 "pg1fs"
mmcblk0p3: 00100000 00000200 "sbl1"
mmcblk0p4: 01af7c00 00000200 "reserve_1"
mmcblk0p5: 00040000 00000200 "mfg"
mmcblk0p6: 017afc00 00000200 "pg2fs"
mmcblk0p7: 00040000 00000200 "rpm"
mmcblk0p8: 00200000 00000200 "tz"
mmcblk0p9: 00400000 00000200 "aboot"
mmcblk0p10: 00a00000 00000200 "sp1"
mmcblk0p11: 00008000 00000200 "ddr"
mmcblk0p12: 00100000 00000200 "rfg_0"
mmcblk0p13: 00100000 00000200 "rfg_1"
mmcblk0p14: 00100000 00000200 "rfg_2"
mmcblk0p15: 00100000 00000200 "rfg_3"
mmcblk0p16: 00100000 00000200 "rfg_4"
mmcblk0p17: 00100000 00000200 "rfg_5"
mmcblk0p18: 00100000 00000200 "rfg_6"
mmcblk0p19: 00100000 00000200 "rfg_7"
mmcblk0p20: 00180000 00000200 "fsg"
mmcblk0p21: 03b00400 00000200 "radio"
mmcblk0p22: 00a00000 00000200 "tool_diag"
mmcblk0p23: 00500000 00000200 "wcnss"
mmcblk0p24: 00000400 00000200 "limits"
mmcblk0p25: 00447c00 00000200 "reserve_2"
mmcblk0p26: 00100000 00000200 "misc"
mmcblk0p27: 00001000 00000200 "debug_config"
mmcblk0p28: 00180000 00000200 "modem_st1"
mmcblk0p29: 00180000 00000200 "modem_st2"
mmcblk0p30: 00040000 00000200 "pdata"
mmcblk0p31: 01600000 00000200 "persist"
mmcblk0p32: 00004000 00000200 "sec"
mmcblk0p33: 00100000 00000200 "cdma_record"
mmcblk0p34: 00000400 00000200 "fsc"
mmcblk0p35: 00002000 00000200 "ssd"
mmcblk0p36: 00020000 00000200 "rfg_8"
mmcblk0p37: 00020000 00000200 "rfg_9"
mmcblk0p38: 00020000 00000200 "rfg_10"
mmcblk0p39: 00020000 00000200 "rfg_11"
mmcblk0p40: 00020000 00000200 "rfg_12"
mmcblk0p41: 00020000 00000200 "rfg_13"
mmcblk0p42: 00020000 00000200 "rfg_14"
mmcblk0p43: 00020000 00000200 "rfg_15"
mmcblk0p44: 00004000 00000200 "control"
mmcblk0p45: 00010000 00000200 "extra"
mmcblk0p46: 00140400 00000200 "local"
mmcblk0p47: 00040000 00000200 "skylink"
mmcblk0p48: 02800000 00000200 "carrier"
mmcblk0p49: 00080000 00000200 "frp"
mmcblk0p50: 01000000 00000200 "vzw_quality"
mmcblk0p51: 01000000 00000200 "vzw_logger"
mmcblk0p52: 01400000 00000200 "fataldevlog"
mmcblk0p53: 01e00000 00000200 "devlog"
mmcblk0p54: 00a00000 00000200 "ramdump"
mmcblk0p55: 00a00000 00000200 "battery"
mmcblk0p56: 01000000 00000200 "absolute"
mmcblk0p57: 003a4800 00000200 "reserve"
mmcblk0p58: 03000000 00000200 "hosd"
mmcblk0p59: 02000000 00000200 "boot"
mmcblk0p60: 02000000 00000200 "recovery"
mmcblk0p61: 18000000 00000200 "cache"
mmcblk0p62: a0000000 00000200 "system"
mmcblk0p63: 00500000 00000200 "cota"
mmcblk0p64: 00500000 00000200 "apppreload"
mmcblk0p65: f8000000 00000200 "userdata"
For quick reference,
Recovery mmcblk0p60
aboot mmcblk0p9
boot mmcblk0p59
system mmcblk0p62
I will try to make some dumps of these so we can start messing with things that Verizon obviously doesn't want to. (that partition marked vzw_logger makes me want to root this even more lol)
I haven't messed with android in quite some time, but after poking around on the forums a bit I did notice something that may work in the m9 forums, something called a java card and xtc2 cable, I'll look into them more...
edit #2:
after being fueled by mountain dew and newport menthol 100's all night it feels as though I have made little progress. it's almost 6am and I'm still s-on with no root.
Verizons modified settings apk doesn't allow us to set the flag to allow for htc dev unlock, I've been looking into forcibly making the change, however without root I just get permission denied
I also can't even attempt to boot into a custom recovery as its s-on
If anyone has a temp root somehow, I think/hope this code should work to allow the htc dev unlock to work, however, I've also seen on some of the nexus 6+9 that the actual bit for this is stored in aboot or possibly in persist.
Code:
adb shell
cd /data/data/com.android.providers.settings/databases
sqlite3 settings.db
update system set value=1 where name='oem_unlock_enable';
.quit
at this point I feel as though I'm in an endless loop, I can't seem to dump anything without root and I can't even begin to attempt perma-root/s-off without a dump first. Any insight here would be greatly appreciated. (even a temp root would allow me to make the dumps) (I just get permission denied with everything I've tried, dd, cat, oem saveprt2sd, mount and tar, ect)
edit # idk anymore
"root genius" from http://www.shuame.com/en/root/ also doesn't work (although it looks like its just a flashy ui for kingroot lol) (i also tried the Chinese version 3.0 to no avail)
also tried pingpong root as some had success with the verizon one m9, didnt work...
DO NOT USE PINGPONG ROOT, results in a soft-brick
another edit,
I emailed HTC asking them for either a stock ruu for our device, or for a workaround for not being able to use the htcdev unlock. (I really dislike verizon right now, well, I always have because of crap like this lol)
aaaaannnnndddd... its bricked.... lol can still get into recovery so hopefully i can get this thing back on its feet (doesnt even get to the verizon splash screen )
edit #420: no more brick boots up just fine now, still no root.
I am in process of chatting (escalating) with HTC about what they can do for us to bypass verizons misguidance in this matter.
I should also be able to get a stock ruu soon
@wassti "edit #420" - LMAO, epic.
I subscribed to this thread to follow your progress. I'd help if i had any clue about doing that stuff.
hehe
so about that RUU; HTC told me that I should be able to use HTC sync to grab the RUU files. Sadly HTC sync doesnt see the device and after a little research last night it appears as though we need to change the usb mode to a 'htc sync' mode instead of charging/media device/modem. But I can't find where they moved the option for this. it used to be in storage, but its not...
also I read a few notes that said it needs to be in a mobo usb port and not on a front header, I tried that (didn't work) but I'm assuming some people have low voltage on their front headers (I've seen it happen so many times on generic PCs, cough foxconn)
any ideas anyone? anyone able to get it to talk to htc sync on pc?
Been looking around a bit... All the HTC resources I'm finding say it will open automatically, obviously not the case for us.
no, nothing has been easy with this phone yet lol. We need to change the usb mode to something that is hidden, (or I just can't find it, maybe the setting got moved in 5 or 5,1) It used to be under storage to change usb mode, and I've found one on our phone that allows me to change the phone into a usb modem to provide internet to whatever pc it is connected to, but nothing to change the usb storage mode.
Edit: Here is the official response from HTC regarding our phone.
Code:
At this time, the HTC Desire 526 for Verizon does not have the oem unlock setting in developer options. Without that option, oem commands will not run and throw the error you have received. This option may be included in a future update. Please feel free to check for this option after future updates. Rest assured, HTC is committed to assisting developers in unlocking bootloaders for HTC devices and we'll continue to unlock additional devices in the future. With all of that being said, I have forwarded a request, on your behalf, to have this option added.
I can't really rest assured that they are committed to assisting developers unlock bootloaders seeing as my bootloader is still locked. (and he basically just rephrased what I had asked in my first ticket lol...) I'll be responding back to them to see if there is anything at all we can do, but for now, it looks as though HTC has turned their back on us.
Does anyone have access to an XTC2-Clip or a java card? I think one of those may be the best option moving forward, however information on the actual workings of the clip/javacard are scarce and I haven't the faintest idea of what would need to be done to make one of these devices work for s-off on our 526. (I think it needs some sort of diagnostic file or something, again, not sure)
Well, I did manage to get my phone connected to the HTC Sync Manager. Can't really do much with it though.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
What steps did you take to get it connected to HTC sync manager? nvm got it
we should be able to grab the ruu from a temp directory by clicking repair. I'm making a backup as I'm typing this and then I will attempt to get the ruu. If the ruu includes the recovery partition, we should be able to extract it and cook up a custom recovery. Sadly none of this will really help until we have s-off.
Well, backed up, then attempted to repair only to be greeted with the pleasant message that "No software available". I've reached out to HTC again to hopefully get the ruu.
Yeah, HTC doesn't make ROMs for Verizon devices available to download. I wish I'd never bought into Verizon's scam.
same, sadly apart from using hangouts and gvoice (which I have to do at home anyway cuz of bad cell signal) Verizon is the only carrier with signal in the northern part of Wisconsin.
I miss sprint and blowing through 80gb of data per month without a care in the world.
Ever tried using something like Opera Max to reduce data usage as much as possible? It doesn't need root and works rather well, even for wifi.
On a different note, I think I might have figured a way to do what we were discussing over Steam chat. Maybe.
Just checked for updates and got a security update available for download. I suggest everyone who wants the potential of root to NOT install this update. It has CVE-2015-3636 and Stagefright exploits fixed.
EDIT: Speaking of CVE-2015-3636, I found the source code to a weaponized PoC that I'm trying to port to our device.
EDIT2: Well Verizon is officially the worst cell company in America. This update is FORCE installed when you reboot the phone, or the updater reboots it for you. I never opted to install the update, it just did it without my consent. So there goes my chances of rooting.
Question
So even with developer options unlocked there no possibility of rooting?
So using fastboot there is a way to boot an update? as i seen. i can get screenshots if needed. im not to far into rooting and didnt want to brick the device. if its possible to flash a update. anybody think itd be possible to flash a custom rom or RUU to return to S-OFF? downgrading capabilities?
Related
Hello everyone,
I've tried to find out as much as I could, but the math just does not work out. I'm basically asking the same as this poster here:
http://forum.xda-developers.com/showthread.php?t=1736034
This are the partitions I could find:
Code:
mmcblk0p17: 00040000 00000200 "misc"
mmcblk0p21: 0087f400 00000200 "recovery"
mmcblk0p22: 00400000 00000200 "boot"
mmcblk0p25: 31dffe00 00000200 "system"
mmcblk0p28: 0afffe00 00000200 "cache"
mmcblk0p26: 3cfffe00 00000200 "userdata"
mmcblk0p29: 017ade00 00000200 "devlog"
mmcblk0p31: 00040000 00000200 "pdata"
mmcblk0p30: 00011c00 00000200 "extra"
mmcblk0p32: 05ffe000 00000200 "fat"
mmcblk0p27: 07fffe00 00000200 "swap"
I calculated the sizes in megabyte to
0.25
8.49707
4
797.999511719
175.999511719
975.9995117188
23.679199219
0.25
0.069335938
95.9921875
127.999511719
which adds up to approximately 2211,07 megabyte.
The Dsmeg output shows mmcblk0: mmc0:0001 SEM04G 2.28 GiB . As you can see this is still about +-125 megabyte short of the number I calculated. But there is probably some space hidden from the Android OS like hboot and other stuff that is invisible.
Anyway, this is way short of 4 GiB. Could anyone please offer some explanation as to why this is?
cheers,
Jeroen
Jeroen1000 said:
Hello everyone,
I've tried to find out as much as I could, but the math just does not work out. I'm basically asking the same as this poster here:
http://forum.xda-developers.com/showthread.php?t=1736034
This are the partitions I could find:
Code:
mmcblk0p17: 00040000 00000200 "misc"
mmcblk0p21: 0087f400 00000200 "recovery"
mmcblk0p22: 00400000 00000200 "boot"
mmcblk0p25: 31dffe00 00000200 "system"
mmcblk0p28: 0afffe00 00000200 "cache"
mmcblk0p26: 3cfffe00 00000200 "userdata"
mmcblk0p29: 017ade00 00000200 "devlog"
mmcblk0p31: 00040000 00000200 "pdata"
mmcblk0p30: 00011c00 00000200 "extra"
mmcblk0p32: 05ffe000 00000200 "fat"
mmcblk0p27: 07fffe00 00000200 "swap"
I calculated the sizes in megabyte to
0.25
8.49707
4
797.999511719
175.999511719
975.9995117188
23.679199219
0.25
0.069335938
95.9921875
127.999511719
which adds up to approximately 2211,07 megabyte.
The Dsmeg output shows mmcblk0: mmc0:0001 SEM04G 2.28 GiB . As you can see this is still about +-125 megabyte short of the number I calculated. But there is probably some space hidden from the Android OS like hboot and other stuff that is invisible.
Anyway, this is way short of 4 GiB. Could anyone please offer some explanation as to why this is?
cheers,
Jeroen
Click to expand...
Click to collapse
My math tells me ~750mb is missing. Take your printout of cat /proc/emmc then do "df" find the items missing and starting adding to what you have above. Comes up to ~3.25 GB. Which if we went to the trouble of find the size of each partition in /dev/block/ Im sure you would prolly come up with the rest.
This was asked 100 times already. Please use the forum search.
Thank you!
1ceb0x said:
This was asked 100 times already. Please use the forum search.
Thank you!
Click to expand...
Click to collapse
I'll try but I have looked really. That's why I tried to find it myself. Perhaps I should broaden my search then. At any rate I'm just trying to learn. Gotta start somewhere:angel:
But perhaps you are mistaken with RAM-memory? On that topic I can find many threads indeed
@jmztaylor, I think you may be counting some things twice that way. I'm not sure though.
But this site seems to offer a logical explanation to the issue. I'm not savvy enough to check this on the One V but I will give it a shot.
hi, i'm porting black ice from this device to my Desire Z, and while restoring my apps from TB, i had a pause in installation, i went to install the apps manually, and Android said there was no space left, but i checked my space, and i have like 700MB in /system, and /data isn't so bad too.
i would like to know what are the sizes of /system /data and /cache for the DHD to know if that's the problem, or something else is blocking the memory.
thanks
EDIT: oh, and, i would like to know where are they located (/dev/block/mmcblk0pXX)... thanks
Bump
———————————————————
i didn't mean to mock you or to offend you in any kind of way
You could try asking the devs in thr blackice thread. They are quite helpful.
Sent from a dream.
i guess no one wants to past the output of
Code:
cat /proc/emmc
mine is this:
Code:
dev: size erasesize name
mmcblk0p17: 00040000 00000200 "misc"
mmcblk0p21: 0087f400 00000200 "recovery"
mmcblk0p22: 00400000 00000200 "boot"
mmcblk0p25: 22dffe00 00000200 "system"
mmcblk0p27: 12bffe00 00000200 "cache"
mmcblk0p26: 442ffe00 00000200 "userdata"
mmcblk0p28: 014bfe00 00000200 "devlog"
mmcblk0p29: 00040000 00000200 "pdata"
i want to know DHD's partition sizes so i could edit them and make them like the ones above so that i can get more apps installed (if they are smaller)
Edit-was able to find this
dev: size erasesize name
mmcblk0p17: 00040000 00000200 "misc"
mmcblk0p21: 0087f400 00000200 "recovery"
mmcblk0p22: 00400000 00000200 "boot"
mmcblk0p25: 22dffe00 00000200 "system"
mmcblk0p29: 002ffc00 00000200 "local"
mmcblk0p27: 090ffe00 00000200 "cache"
mmcblk0p26: 496ffe00 00000200 "userdata"
mmcblk0p30: 014bfe00 00000200 "devlog"
mmcblk0p31: 00040000 00000200 "pdata"
mmcblk0p28: 09800000 00000200 "lib"
that was helpful, thanks!
now to figure out the way to put my partitions in DHD's places.
i mean: local, pdata, devlog, and lib partitions are either not there on my DZ, or misplaced. that's why i'm having trouble installing apps.
———————————————————
i didn't mean to mock you or to offend you in any kind of way
System dump: Raw system.img
Stock rooted flash able zip: http://db.tt/Y5UzGsB6
boot.img dump: http://goo.im/devs/Indirect/VZW_M7/boot.img
insecure boot.img: http://goo.im/devs/Indirect/VZW_M7/boot_insecure.img
stock recovery img: [Not yet]
Partition List:
Code:
dev: size erasesize name
mmcblk0p19: 000ffa00 00000200 "misc"
mmcblk0p34: 00fffe00 00000200 "recovery"
mmcblk0p33: 01000000 00000200 "boot"
mmcblk0p35: 8bfffc00 00000200 "system"
mmcblk0p26: 00140200 00000200 "local"
mmcblk0p36: 2ffffe00 00000200 "cache"
mmcblk0p37: 660000000 00000200 "userdata"
mmcblk0p22: 01400000 00000200 "devlog"
mmcblk0p24: 00040000 00000200 "pdata"
mmcblk0p27: 00010000 00000200 "extra"
mmcblk0p31: 04b00200 00000200 "radio"
mmcblk0p16: 03c00400 00000200 "adsp"
mmcblk0p15: 00100000 00000200 "dsps"
mmcblk0p17: 007ffa00 00000200 "radio_config"
mmcblk0p20: 00400000 00000200 "modem_st1"
mmcblk0p21: 00400000 00000200 "modem_st2"
mmcblk0p28: 00100000 00000200 "cdma_record"
mmcblk0p18: 02000000 00000200 "reserve_1"
mmcblk0p30: 034ffa00 00000200 "reserve_2"
mmcblk0p32: 05fffc00 00000200 "reserve_3"
mmcblk0p29: 06069e00 00000200 "reserve"
Indirect said:
System dump: Coming whenever I can get root
boot.img dump:
insecure boot.img:
stock recovery img:
Partition List:
Code:
dev: size erasesize name
mmcblk0p19: 000ffa00 00000200 "misc"
mmcblk0p34: 00fffe00 00000200 "recovery"
mmcblk0p33: 01000000 00000200 "boot"
mmcblk0p35: 8bfffc00 00000200 "system"
mmcblk0p26: 00140200 00000200 "local"
mmcblk0p36: 2ffffe00 00000200 "cache"
mmcblk0p37: 660000000 00000200 "userdata"
mmcblk0p22: 01400000 00000200 "devlog"
mmcblk0p24: 00040000 00000200 "pdata"
mmcblk0p27: 00010000 00000200 "extra"
mmcblk0p31: 04b00200 00000200 "radio"
mmcblk0p16: 03c00400 00000200 "adsp"
mmcblk0p15: 00100000 00000200 "dsps"
mmcblk0p17: 007ffa00 00000200 "radio_config"
mmcblk0p20: 00400000 00000200 "modem_st1"
mmcblk0p21: 00400000 00000200 "modem_st2"
mmcblk0p28: 00100000 00000200 "cdma_record"
mmcblk0p18: 02000000 00000200 "reserve_1"
mmcblk0p30: 034ffa00 00000200 "reserve_2"
mmcblk0p32: 05fffc00 00000200 "reserve_3"
mmcblk0p29: 06069e00 00000200 "reserve"
Click to expand...
Click to collapse
i presume as usual it's locked down??
Aldo101t said:
i presume as usual it's locked down??
Click to expand...
Click to collapse
It's not s-off and all exploits have been patched but I managed to dev unlock.
Aldo101t said:
i presume as usual it's locked down??
Click to expand...
Click to collapse
it has been unlocked through htc.dev already, i think they are working on recovery now
Indirect said:
It's not s-off and all exploits have been patched but I managed to dev unlock.
Click to expand...
Click to collapse
well, that's good if anyone has this phone i suggest they unlock while the getting is good. if verizon follows their past shinanigins they'll lock it down in about a week,
@Indirect
Are you going to upload all in 1 file. I just need the recovery which is like 8mb
I'll be uploading them seperately
Sent from my One true love.
thanks for this
goo.im is slow as molasses
System dump is finally uploaded along with recovery, boot, and an insecure boot.img added if you want to root but the recovery is FUBAR. Enjoy.
edit: No problem, flex
i havent rooted since the DInc days - is there a rundown of how to root the one?
crazyg0od33 said:
i havent rooted since the DInc days - is there a rundown of how to root the one?
Click to expand...
Click to collapse
just htc dev unlock and flash the boot.img
(fastboot flash boot boot.img)
@Indirect That is the Sprint TWRP recovery instead of stock recovery
Flyhalf205 said:
@Indirect That is the Sprint TWRP recovery instead of stock recovery
Click to expand...
Click to collapse
Frick. Mmk, well I need another person real quick to get the recovery image. Just get teamviewer.
Indirect said:
just htc dev unlock and flash the boot.img
(fastboot flash boot boot.img)
Click to expand...
Click to collapse
awesome! thanks
and thats the insecure boot.img or the regular one?
crazyg0od33 said:
awesome! thanks
and thats the insecure boot.img or the regular one?
Click to expand...
Click to collapse
insecure
So seeing as Verizon learned their exploit lessons from the DNA, I am assuming revone and moonshine do not work? Has anyone tried running revone as root? i.e adb shell-> su-> ./revone -p?
Throwing together a stock rooted zip with superuser and insecure boot.img for adb running as root. Building and will upload shortly.
Zip posted
Sent from my One true love.
Indirect said:
Zip posted
Sent from my One true love.
Click to expand...
Click to collapse
are you working on a deodexed version by chance?
andybones said:
are you working on a deodexed version by chance?
Click to expand...
Click to collapse
Negative.
[For Dev only][updated for customizd recovery]Desire boot & recovery -signed files
This is for DEV only ;
here I rar the two files altogether, now it's you guys DEVs' turn.
Hope this help.
They from "TUHL TW version. Dump from my device
=================================================================================================
Teaser: Chainfire's 2.19 su in there successfully.
**edit, now (don't use above link to get you recovery flash..becuase that's stock recovery)
=================================================================================================
I present you the Desire eye TWRP 2810 based Onepagebook/Rayzen moded recovery
so you guys can have rooted device
Happy rooted!!
=========================================================
March 13, 2015:
TWRP 2850 updated:
TWRP-eye-2850-OPB-themed-red.img 15.4 MB
https://mega.co.nz/#!hNJUTQqT!RPU1g_SJnMWKkoWMbZDaoEXYStG8d2V-xPENAuo4glI
and emmc info:
Code:
dev: size erasesize name
mmcblk0p1: 00100000 00000200 "sbl1"
mmcblk0p2: 076f7c00 00000200 "pg1fs"
mmcblk0p3: 00004000 00000200 "board_info"
mmcblk0p4: 00800000 00000200 "reserve_1"
mmcblk0p5: 00040000 00000200 "mfg"
mmcblk0p6: 017afc00 00000200 "pg2fs"
mmcblk0p7: 00040000 00000200 "sbl1_update
mmcblk0p8: 00040000 00000200 "rpm"
mmcblk0p9: 00200000 00000200 "tz"
mmcblk0p10: 00008000 00000200 "sdi"
mmcblk0p11: 00400000 00000200 "hboot"
mmcblk0p12: 00500000 00000200 "sp1"
mmcblk0p13: 00100000 00000200 "wifi"
mmcblk0p14: 00008000 00000200 "ddr"
mmcblk0p15: 00100000 00000200 "dsps"
mmcblk0p16: 03c00400 00000200 "adsp"
mmcblk0p17: 00500000 00000200 "wcnss"
mmcblk0p18: 00800000 00000200 "radio_conf
mmcblk0p19: 00180000 00000200 "fsg"
mmcblk0p20: 04b00400 00000200 "radio"
mmcblk0p21: 00400000 00000200 "tool_diag"
mmcblk0p22: 03200000 00000200 "custdata"
mmcblk0p23: 00effc00 00000200 "reserve_2"
mmcblk0p24: 00100000 00000200 "misc"
mmcblk0p25: 00180000 00000200 "modem_st1"
mmcblk0p26: 00180000 00000200 "modem_st2"
mmcblk0p27: 01400000 00000200 "fataldevlo
mmcblk0p28: 00001000 00000200 "debug_conf
mmcblk0p29: 00040000 00000200 "pdata"
mmcblk0p30: 00004000 00000200 "control"
mmcblk0p31: 00140400 00000200 "local"
mmcblk0p32: 00010000 00000200 "extra"
mmcblk0p33: 00100000 00000200 "cdma_recor
mmcblk0p34: 00000400 00000200 "fsc"
mmcblk0p35: 00002000 00000200 "ssd"
mmcblk0p36: 00040000 00000200 "skylink"
mmcblk0p37: 01900000 00000200 "carrier"
mmcblk0p38: 00040000 00000200 "sensor_hub
mmcblk0p39: 01e00000 00000200 "devlog"
mmcblk0p40: 00002800 00000200 "cir_img"
mmcblk0p41: 02de6000 00000200 "reserve"
mmcblk0p42: 01000000 00000200 "boot"
mmcblk0p43: 01800000 00000200 "recovery"
mmcblk0p44: 05800000 00000200 "reserve_3"
mmcblk0p45: 00000000 00000200 "system"
mmcblk0p46: 60000000 00000200 "userdata"
mmcblk0p47: 14000000 00000200 "cache"
So how did you achieve root access?
sidle said:
So how did you achieve root access?
Click to expand...
Click to collapse
Getting this thing rooted would be nice....however, it doesn't seem to be too popular of a phone. I'm not too sure if it;s going to happen.
arminyack said:
Getting this thing rooted would be nice....however, it doesn't seem to be too popular of a phone. I'm not too sure if it;s going to happen.
Click to expand...
Click to collapse
Considering its only on AT&T right now in the USA, it might be a while. Mine comes in today but i got it unlocked to use on tmobile. Hopefully the guy that rooted can share what he did.
jsho31 said:
Considering its only on AT&T right now in the USA, it might be a while. Mine comes in today but i got it unlocked to use on tmobile. Hopefully the guy that rooted can share what he did.
Click to expand...
Click to collapse
If we manage to get it rooted, we have real good dev potential, since both M7 and M8 run almost similar specs, only thing that'd have to be ported is the camera libs.
sidle said:
If we manage to get it rooted, we have real good dev potential, since both M7 and M8 run almost similar specs, only thing that'd have to be ported is the camera libs.
Click to expand...
Click to collapse
True. I may have found how to root. If so, ill post here soon as i get mine tomorrow.
Sent from my Xperia Z3
Nice OP! Sounds like we will have some dev support for this device!
Nabeeltanz said:
Nice OP! Sounds like we will have some dev support for this device!
Click to expand...
Click to collapse
hang on guuys, not long, busy for my personal business,I will provide some useful info to everyone here. for sure
feel weird why eye has harmon-kardon? lol
awesome! cant wait =)
Get us a system dump @Onepagebook
Onepagebook said:
hang on guuys, not long, busy for my personal business,I will provide some useful info to everyone here. for sure
feel weird why eye has harmon-kardon? lol
Click to expand...
Click to collapse
'
Looks awesome I can't wait!
sidle said:
'
Looks awesome I can't wait!
Click to expand...
Click to collapse
I am looking forward to this. I am glad some of us appreciate this device.
I had no luck. Good to know the recovery/boot images are flashable though.
Sent from my HTC Desire Eye using XDA Free mobile app
Someone can share the camera.apk please ?
Will972 said:
Someone can share the camera.apk please ?
Click to expand...
Click to collapse
And the lib files
Send via my Galaxy Tab3 8.0
the libs is not very necessary because the Eye experience work on some devices ( one M7, desire 816) by replacing just the apk .. but i need the desire Eye camera.apk to see if it's compatible with the One Mini 2
Tried different rooting methods for the non AT&T versions of the Desire Eye and they all failed. There's even a TWRP for the other models but they fail to flash via fastboot or flashify. Just giving a heads up. Gotta keep the forum active so devs will know there's an interest. If not, they'll move to other projects.
Sent from my HTC Desire Eye using XDA Free mobile app
Onepagebook said:
hang on guuys, not long, busy for my personal business,I will provide some useful info to everyone here. for sure
feel weird why eye has harmon-kardon? lol
Click to expand...
Click to collapse
Awesome! you got the blue version!
Post up some images dude!
I'm surprised no one has thrown together some sort of custom recovery.
The bootloader is easily unlocked, so if someone knowd how to or can point me in the direction to learn how to do this, that would be fantastic.
The community for this phone could explode.
So I've spent the last couple of hours trying to find a way I could abuse android to allow me to Enable OEM Unlock, first by messing with .apks and things before realizing that is it is completely unrelated to whichever settings apk is used after looking at the source code here, then I started seeing if I could find a way to use the adb settings put command (to no avail, as it is not controlled by something as simple as that):
github /android/platform_packages_apps_settings
A lot of this is probably already known to a lot of exploiters, but I discovered:
I'd like to say that a MODIFIED Settings.apk is able to be installed over adb with adb install (possibly modify the app further with java and fix the enable oem option?).
If PERSISTENT_DATA_BLOCK_PROP does not equal "" then ShowOEMUnlock will be true, and you could select the option in settings.
private static final String PERSISTENT_DATA_BLOCK_PROP = "ro.frp.pst";
ro.frp.pst is a restricted file somewhere in in dev/block
However, let's look at the enabling button itself:
The name of the button doesn't really matter, and the strings for them are oem_unlock_enable and oem_unlock_enable_summary, but I thought I'd post it anyways.
When actually clicking the button: " Utils.setOemUnlockEnabled(getActivity(), true);" is called, which uses the same function on the Persistent Data Block Service. I assume this writes the boolean to the device.
My understanding is a bit fuzzy on this one, but I see a function regarding ActivityResult in which if the requestCode for the activity is REQUEST_CODE_ENABLE_OEM_UNLOCK then mEnableOemUnlock is checked if it is, well, checked, then confirmEnableOemUnlock(); is called (which leads to the utils and updateAllOptions call) -- if it is NOT checked, Utils.setOemUnlockEnabled(getActivity(), false); then I assume it sets the OemUnlock to false.
Under updateAllOptions(), If mEnableOemUnlock is nonexistant/null then it will automatically "updateSwitchPreference(mEnableOemUnlock, Utils.isOemUnlockEnabled(getActivity()));", which I assume just sets it to false by default if the option simply doesn't exist. This could possibly be abused?
I see a couple of options here, one of those primely being modifying the settings apk (it can be patched/updated via ADB), making it work for the One M9, and then enabling OEM somehow, or making a standalone APK which does the job itself with java (the only problem is I'm not familiar with how permissions would work in java, so I'm not sure about the plausibility of that). I'd assume it'd be somehow use a function akin to the Utils.setOemUnlockEnabled to write the data block that allows for the unlock code to be called in the first place.
There is no real point to this thread, but I thought I might share some of my finding and possibly find someone to help me pursue these findings.
Sorry if I'm all over the place, I've been looking through code for a couple hours and there's a lot to process.
If anyone wants to chat, contact me on skype:
live:dragonfabledonny
Alright, so I have modified the DevelopmentSettings.java to make it so that if you enable any setting/disable (anything that will make it update), it should enable OEM unlocking. However, I'm having an issue compiling the .APK-- is anyone willing to help me do this? Please contact me on skype if you can; "live:dragonfabledonny"
Also, apparently the HTC Settings.apk is completely different from the normal android one, as I've decompiled it's java code and took a peek around to simply find this:
if (SystemProperties.get("ro.frp.pst").equals(""))
Which sets if the option is visible or not. I'll do some tinkering and see if I can manage a recompile. :v
Enabling this setting will not allow the Verizon m9 to be oem unlocked. The issue is that HTC does not allow devices with a Verizon CID to be unlocked.
You would need a way to switch to superCID (or any other nonVerizon CID) in order to oem unlock.
Sent from my Nexus 6 using Tapatalk
I also don't believe an app loaded via adb install will go anywhere other than /data. Meaning it won't have the same privileges as /system installed apps that would enable this on say a nexus device.
Sent from my SM-T810 using Tapatalk
Yeah, I continued my pursuits of it in the developers section if you're curious:
http://forum.xda-developers.com/android/help/help-modifying-recompiling-settings-apk-t3282645
It's completely possible to patch the settings.apk and install it-- if it wasn't for certificates.
Dino10or said:
Yeah, I continued my pursuits of it in the developers section if you're curious:
http://forum.xda-developers.com/android/help/help-modifying-recompiling-settings-apk-t3282645
It's completely possible to patch the settings.apk and install it-- if it wasn't for certificates.
Click to expand...
Click to collapse
So you really believe you can simply edit some settings.apk, install it and unlock like a nexus?
Sent from my SM-T810 using Tapatalk
dottat said:
So you really believe you can simply edit some settings.apk, install it and unlock like a nexus?
Sent from my SM-T810 using Tapatalk
Click to expand...
Click to collapse
i dont believe it. not on a stock device anyway
dottat said:
So you really believe you can simply edit some settings.apk, install it and unlock like a nexus?
Sent from my SM-T810 using Tapatalk
Click to expand...
Click to collapse
I wish. :/
The only issue is for it to successfully "update" the application, it has to has the proper certificate (you can even install HTC settings apk's from other branded phones)-- and modifying it in any way royally messes up the process. (Even if you don't decompile and just edit the .dex file directly, even one byte changed messes up the SHA1 certificate. )
I was a bit ignorant when I first set out to do it, and my pursuits have taught me many things-- so even though it was a completele failure in every way-- at least I learned something.
So I discovered a way to dismount any partition in fastboot-- until you restart the bootloader at least. The method may or may not work in ADB. Yet to be tested.
I'm not sure how this would help me though, as you need certain partitions for a lot of the commands to work correctly.
Those are the partitions I'm getting-- not sure if unmounting any of these would allow me to abuse anything. @scotty1223
Code:
C:\Program Files (x86)\Minimal ADB and Fastboot>adb shell cat /proc/emmc
dev: size erasesize name
mmcblk0p1: 00004000 00000200 "board_info"
mmcblk0p2: 00400000 00000200 "pg1fs"
mmcblk0p3: 00100000 00000200 "sbl1"
mmcblk0p4: 00100000 00000200 "pmic"
mmcblk0p5: 02800000 00000200 "dummy"
mmcblk0p6: 001f7c00 00000200 "reserve_1"
mmcblk0p7: 00040000 00000200 "mfg"
mmcblk0p8: 017afc00 00000200 "pg2fs"
mmcblk0p9: 00080000 00000200 "rpm"
mmcblk0p10: 00200000 00000200 "tz"
mmcblk0p11: 00018000 00000200 "sdi"
mmcblk0p12: 00200000 00000200 "hyp"
mmcblk0p13: 00100000 00000200 "aboot"
mmcblk0p14: 00a00000 00000200 "tool_diag"
mmcblk0p15: 00a00000 00000200 "sp1"
mmcblk0p16: 00100000 00000200 "ddr"
mmcblk0p17: 00100000 00000200 "rfg_0"
mmcblk0p18: 00100000 00000200 "rfg_1"
mmcblk0p19: 00100000 00000200 "rfg_2"
mmcblk0p20: 00100000 00000200 "rfg_3"
mmcblk0p21: 00100000 00000200 "rfg_4"
mmcblk0p22: 00100000 00000200 "rfg_5"
mmcblk0p23: 00100000 00000200 "rfg_6"
mmcblk0p24: 00100000 00000200 "rfg_7"
mmcblk0p25: 00180000 00000200 "fsg"
mmcblk0p26: 03b00400 00000200 "radio"
mmcblk0p27: 01400000 00000200 "adsp"
mmcblk0p28: 00000400 00000200 "limits"
mmcblk0p29: 004f7c00 00000200 "reserve_2"
mmcblk0p30: 01600000 00000200 "persist"
mmcblk0p31: 00a00000 00000200 "ramdump"
mmcblk0p32: 00100000 00000200 "misc"
mmcblk0p33: 00180000 00000200 "modem_st1"
mmcblk0p34: 00180000 00000200 "modem_st2"
mmcblk0p35: 01400000 00000200 "fataldevlog"
mmcblk0p36: 01e00000 00000200 "devlog"
mmcblk0p37: 00040000 00000200 "pdata"
mmcblk0p38: 00004000 00000200 "control"
mmcblk0p39: 00010000 00000200 "extra"
mmcblk0p40: 00100000 00000200 "cdma_record"
mmcblk0p41: 00000400 00000200 "fsc"
mmcblk0p42: 00002000 00000200 "ssd"
mmcblk0p43: 00080000 00000200 "sensor_hub"
mmcblk0p44: 00020000 00000200 "sec"
mmcblk0p45: 00100000 00000200 "abootbak"
mmcblk0p46: 00002800 00000200 "cir_img"
mmcblk0p47: 00140400 00000200 "local"
mmcblk0p48: 00080000 00000200 "frp"
mmcblk0p49: 00200000 00000200 "cpe"
mmcblk0p50: 00a00000 00000200 "vzw_quality"
mmcblk0p51: 00a00000 00000200 "vzw_logger"
mmcblk0p52: 01400000 00000200 "carrier"
mmcblk0p53: 00040000 00000200 "skylink"
mmcblk0p54: 00020000 00000200 "rfg_8"
mmcblk0p55: 00020000 00000200 "rfg_9"
mmcblk0p56: 00020000 00000200 "rfg_10"
mmcblk0p57: 00020000 00000200 "rfg_11"
mmcblk0p58: 00020000 00000200 "rfg_12"
mmcblk0p59: 00020000 00000200 "rfg_13"
mmcblk0p60: 00020000 00000200 "rfg_14"
mmcblk0p61: 00020000 00000200 "rfg_15"
mmcblk0p62: 00a00000 00000200 "battery"
mmcblk0p63: 00007000 00000200 "reserve"
mmcblk0p64: 04000000 00000200 "hosd"
mmcblk0p65: 04000000 00000200 "boot"
mmcblk0p66: 04000000 00000200 "recovery"
mmcblk0p67: 55000000 00000200 "cache"
mmcblk0p68: 18000000 00000200 "system"
mmcblk0p69: a0000000 00000200 "userdata"
mmcblk0p70: 12200000 00000200 "apppreload"
mmcblk0p71: 03c00000 00000200 "cota"
mmcblk0p72: 01000000 00000200 "absolute"
Dino10or said:
Those are the partitions I'm getting-- not sure if unmounting any of these would allow me to abuse anything. @scotty1223
Click to expand...
Click to collapse
Nope
Sent from my Nexus 9 using Tapatalk
scotty1223 said:
Nope
Sent from my Nexus 9 using Tapatalk
Click to expand...
Click to collapse
rip
Dino10or said:
So I discovered a way to dismount any partition in fastboot-- until you restart the bootloader at least. The method may or may not work in ADB. Yet to be tested.
I'm not sure how this would help me though, as you need certain partitions for a lot of the commands to work correctly.
Those are the partitions I'm getting-- not sure if unmounting any of these would allow me to abuse anything. @scotty1223
Code:
C:\Program Files (x86)\Minimal ADB and Fastboot>adb shell cat /proc/emmc
dev: size erasesize name
mmcblk0p1: 00004000 00000200 "board_info"
mmcblk0p2: 00400000 00000200 "pg1fs"
mmcblk0p3: 00100000 00000200 "sbl1"
mmcblk0p4: 00100000 00000200 "pmic"
mmcblk0p5: 02800000 00000200 "dummy"
mmcblk0p6: 001f7c00 00000200 "reserve_1"
mmcblk0p7: 00040000 00000200 "mfg"
mmcblk0p8: 017afc00 00000200 "pg2fs"
mmcblk0p9: 00080000 00000200 "rpm"
mmcblk0p10: 00200000 00000200 "tz"
mmcblk0p11: 00018000 00000200 "sdi"
mmcblk0p12: 00200000 00000200 "hyp"
mmcblk0p13: 00100000 00000200 "aboot"
mmcblk0p14: 00a00000 00000200 "tool_diag"
mmcblk0p15: 00a00000 00000200 "sp1"
mmcblk0p16: 00100000 00000200 "ddr"
mmcblk0p17: 00100000 00000200 "rfg_0"
mmcblk0p18: 00100000 00000200 "rfg_1"
mmcblk0p19: 00100000 00000200 "rfg_2"
mmcblk0p20: 00100000 00000200 "rfg_3"
mmcblk0p21: 00100000 00000200 "rfg_4"
mmcblk0p22: 00100000 00000200 "rfg_5"
mmcblk0p23: 00100000 00000200 "rfg_6"
mmcblk0p24: 00100000 00000200 "rfg_7"
mmcblk0p25: 00180000 00000200 "fsg"
mmcblk0p26: 03b00400 00000200 "radio"
mmcblk0p27: 01400000 00000200 "adsp"
mmcblk0p28: 00000400 00000200 "limits"
mmcblk0p29: 004f7c00 00000200 "reserve_2"
mmcblk0p30: 01600000 00000200 "persist"
mmcblk0p31: 00a00000 00000200 "ramdump"
mmcblk0p32: 00100000 00000200 "misc"
mmcblk0p33: 00180000 00000200 "modem_st1"
mmcblk0p34: 00180000 00000200 "modem_st2"
mmcblk0p35: 01400000 00000200 "fataldevlog"
mmcblk0p36: 01e00000 00000200 "devlog"
mmcblk0p37: 00040000 00000200 "pdata"
mmcblk0p38: 00004000 00000200 "control"
mmcblk0p39: 00010000 00000200 "extra"
mmcblk0p40: 00100000 00000200 "cdma_record"
mmcblk0p41: 00000400 00000200 "fsc"
mmcblk0p42: 00002000 00000200 "ssd"
mmcblk0p43: 00080000 00000200 "sensor_hub"
mmcblk0p44: 00020000 00000200 "sec"
mmcblk0p45: 00100000 00000200 "abootbak"
mmcblk0p46: 00002800 00000200 "cir_img"
mmcblk0p47: 00140400 00000200 "local"
mmcblk0p48: 00080000 00000200 "frp"
mmcblk0p49: 00200000 00000200 "cpe"
mmcblk0p50: 00a00000 00000200 "vzw_quality"
mmcblk0p51: 00a00000 00000200 "vzw_logger"
mmcblk0p52: 01400000 00000200 "carrier"
mmcblk0p53: 00040000 00000200 "skylink"
mmcblk0p54: 00020000 00000200 "rfg_8"
mmcblk0p55: 00020000 00000200 "rfg_9"
mmcblk0p56: 00020000 00000200 "rfg_10"
mmcblk0p57: 00020000 00000200 "rfg_11"
mmcblk0p58: 00020000 00000200 "rfg_12"
mmcblk0p59: 00020000 00000200 "rfg_13"
mmcblk0p60: 00020000 00000200 "rfg_14"
mmcblk0p61: 00020000 00000200 "rfg_15"
mmcblk0p62: 00a00000 00000200 "battery"
mmcblk0p63: 00007000 00000200 "reserve"
mmcblk0p64: 04000000 00000200 "hosd"
mmcblk0p65: 04000000 00000200 "boot"
mmcblk0p66: 04000000 00000200 "recovery"
mmcblk0p67: 55000000 00000200 "cache"
mmcblk0p68: 18000000 00000200 "system"
mmcblk0p69: a0000000 00000200 "userdata"
mmcblk0p70: 12200000 00000200 "apppreload"
mmcblk0p71: 03c00000 00000200 "cota"
mmcblk0p72: 01000000 00000200 "absolute"
Click to expand...
Click to collapse
Anyone can (and have) cat proc'd emmc partition lists since the beginning of Android. Mounting and dismounting still does nothing to overcome write protection.
I mean I have to be honest, this thread is getting silly.
Can one of us s off your phone for you ?
Sent from my SM-T810 using Tapatalk
You do not seem to understand that anything you are contemplating requires writing to system, and writing to system requires root access and root access requires bootloader unlock and bootloader unlock on the Verizon M9 requires Sunshine. Period. You could do phhusson's system-less root to avoid writing to \system but you'd *still* need to unlock the bootloader. Your exercises in Android decompiling notwithstanding, you are wasting your time, my friend.
hgoldner said:
You do not seem to understand that anything you are contemplating requires writing to system, and writing to system requires root access and root access requires bootloader unlock and bootloader unlock on the Verizon M9 requires Sunshine. Period. You could do phhusson's system-less root to avoid writing to \system but you'd *still* need to unlock the bootloader. Your exercises in Android decompiling notwithstanding, you are wasting your time, my friend.
Click to expand...
Click to collapse
You forgot that currently Sunshine doesn't work on the Verizon M9.
Zanzibar said:
You forgot that currently Sunshine doesn't work on the Verizon M9.
Click to expand...
Click to collapse
You got me, Zanz. I forgot that @dottat liberated this unit, not Sunshine.
Has anyone got this to work? Bought a M9 recently, didn't know that "factory reset protection" was a thing, now I have a $350 paperweight....
skater95 said:
Has anyone got this to work? Bought a M9 recently, didn't know that "factory reset protection" was a thing, now I have a $350 paperweight....
Click to expand...
Click to collapse
Your issue is with who you bought it from. OEM unlock will not help you.
nrage23 said:
Your issue is with who you bought it from. OEM unlock will not help you.
Click to expand...
Click to collapse
You need to find someone with an xtc2 clip. They can s off your phone and remove the factory reset protection.
Sent from my HTC One using Tapatalk