Related
Hi, I've only tried this on a single HTC Hero from Orange UK. I'm about to order one myself, so I'll report back whether it works on there too.
This file (3mb ish) contains the unmodified boot.img dumped from the phone, as well as boot.img.insecure, which is modified to turn off security (exact details here)
I've been testing this with the following method. Obviously if you try this it is at your own risk. You'll need a copy of "fastboot".
1) Decompress zip
2) Attach phone to USB.
3) Turn phone off.
4) Press and hold the back button, then press "power".
5) You should be in the bootloader, and it should say "FASTBOOT USB".
6) On your PC, run "fastboot boot boot.img.insecure".
The phone should boot normally. However, if you do a normal "adb shell", that shell will be running as root.
Note that this doesn't actually flash the phone; it simply uploads a kernel and tells it to boot it. On reboot, it will return to the original secured rom stored on the phone. Of course if you make changes to the filing systems as root, those will be stored to flash.
I just flashed your boot.img onto my HTC branded hero and it work just fine. Thank you sir.
Edit: Hmm just lost wifi capability. Reverting back to stock boot.img
i'm guessing there isn't much point in rooting until a newer device/os comes out?
Will it Work 4 me
I have ordered a sim free phone from the UK (I'm from Israel)
and i need root access to be able to install more font's .
Will this work for me ?
Thanks
JWallstreet said:
I just flashed your boot.img onto my HTC branded hero and it work just fine. Thank you sir.
Edit: Hmm just lost wifi capability. Reverting back to stock boot.img
Click to expand...
Click to collapse
Jwallstreet, try verifying you use the /system/lib/modules/wlan.ko which matches the kernel version you are booting.
It has to be the same build otherwise linux kernel doesn't load the wifi kernel module and your wifi won't work.
fakeer said:
I have ordered a sim free phone from the UK (I'm from Israel)
and i need root access to be able to install more font's .
Will this work for me ?
Thanks
Click to expand...
Click to collapse
It depends on the firmware you'll get on your hero.
Until now it seems all HERO owners reported an SPL able to fastboot rom images.
My Hero Version
Until now it seems all HERO owners reported an SPL able to fastboot rom images. ?
That is SPL ?
how can i know if i got the "good" version ?
Without actually trying to boot an image, the best method I can think of would be to turn it on holding down the BACK button to enter the bootloader, and see what HBOOT version it says it has. Mine says "HBOOT-1.76.0004 (HERO10000)"
daldroid said:
Jwallstreet, try verifying you use the /system/lib/modules/wlan.ko which matches the kernel version you are booting.
It has to be the same build otherwise linux kernel doesn't load the wifi kernel module and your wifi won't work.
Click to expand...
Click to collapse
Running "lsmod" under an adb shell will tell you whether the wifi module is loaded or not. That works even on an un-rooted phone. Mine says:
Code:
wlan 591348 1 - Live 0xbf000000
and they say we are a bit back on some things...
nice to know there are android pips in Israel...
fakeer said:
I have ordered a sim free phone from the UK (I'm from Israel)
and i need root access to be able to install more font's .
Will this work for me ?
Thanks
Click to expand...
Click to collapse
Hebrew Fonts
I Have the same version as you "HBOOT-1.76.0004 (HERO10000)"
Can i use you'r method and use in this guide ?
http://forum.xda-developers.com/showthread.php?t=480964
if someone can help me it will be excellent (and after i do it i will write a guide).
I really need it.
Thanks for your help
fakeer said:
I Have the same version as you "HBOOT-1.76.0004 (HERO10000)"
Can i use you'r method and use in this guide ?
http://forum.xda-developers.com/showthread.php?t=480964
if someone can help me it will be excellent (and after i do it i will write a guide).
I really need it.
Thanks for your help
Click to expand...
Click to collapse
Hey Fakeer,
A guide would be awesome! I also just bought a UK unlocked Hero and also am from Israel, and my biggest worry is that I wont be able to install hebrew fonts.
I am also very new to android. I have been with winmo for many years and just now decided to try Android.
Please report your success/failure with this issue. It would be greatly appreciated.
hebrew fonts
I will let you know as soon as I will make it work .
Let's hope someone here can help me get root access on the device
I managed to "port" cyanogen's cm-recovery-1.4. The kernel is from my wwe version of hero ( 2.6.27-a5504199 #521 PREEMPT Fri Jul 3 07:56:53 CST 2009 ) . I've also recompiled the recovery binary, setting the right keycode for the trackball "press" event (the keycode is 191 ), and removing the console option from the menu.
i've tried only nandroid backup and it works fine. there's no reason for the other "utilities" not to work. There's also root through adb so you can make changes to the filesystem.
i've not "flashed" this image, no reason for now . I've only used it with "fastboot boot cm-hero-recovery.img", and everything seems to work fine.
link(10 downloads): http://rapidshare.com/files/262328508/cm-hero-recovery.img.zip.html
thanks to cyanogen for his awesome work
elcom said:
Hey Fakeer,
A guide would be awesome! I also just bought a UK unlocked Hero and also am from Israel, and my biggest worry is that I wont be able to install hebrew fonts.
I am also very new to android. I have been with winmo for many years and just now decided to try Android.
Please report your success/failure with this issue. It would be greatly appreciated.
Click to expand...
Click to collapse
elcom,
I'll wait for your guide... nice to know there are more Israelis like me with the Hero.
Please let me know!
enlightener said:
I managed to "port" cyanogen's cm-recovery-1.4. The kernel is from my wwe version of hero ( 2.6.27-a5504199 #521 PREEMPT Fri Jul 3 07:56:53 CST 2009 )
Click to expand...
Click to collapse
Boots on my T-mobile G2.
Tested nandroid backup and root shell.
nice work
enlightener said:
link(10 downloads): http://rapidshare.com/files/262328508/cm-hero-recovery.img.zip.html
Click to expand...
Click to collapse
uploaded to my accout
here you go
http://rapidshare.com/files/262621147/cm-hero-recovery.img.zip
btw if you would like me to do anymore link just say
also i have not used this in anyway i use it when its a bit more tested
Works great !
Booted that recovery img on my hero, used "adb shell" then I typed in :
mount /dev/block/mtdblock3 /system
cat /system/bin/sh > /system/bin/su
chmod 4755 /system/bin/su
/system/bin/reboot
Now my hero is rooted. Nice !
Thanks
Cool! I got it working on my unlocked white Hero. I can use su in adb shell. However, when I try to install Superuser.apk with adb it says INSTALL_FAILED_UPDATE_INCOMPATIBLE and when I try with App Manager it says "Super user permissions could not be installed on this phone". I guess its trying to overwrite /system/bin/su? I tried remounting /system as writeable and chmodding su to be writeable by all but I still get the same problem.
Anybody know how to fix this please?
footboydog said:
Cool! I got it working on my unlocked white Hero. I can use su in adb shell. However, when I try to install Superuser.apk with adb it says INSTALL_FAILED_UPDATE_INCOMPATIBLE and when I try with App Manager it says "Super user permissions could not be installed on this phone". I guess its trying to overwrite /system/bin/su? I tried remounting /system as writeable and chmodding su to be writeable by all but I still get the same problem.
Anybody know how to fix this please?
Click to expand...
Click to collapse
Use Superuser.apk and su in the attachment.
- mount system rw
- adb push su /system/bin/
- adb shell chmod 4755 /system/bin/su
- adb push Superuser.apk /system/app/
Hi Folks
I'm sick of all the bloat-ware on my Sony Arc (Purchased last Aug). I've recently had the phone unlocked and for the life of me, I can't root the damn thing. I've spent the last few days, trawling through all the helpful posts on this site (very informative and top notch stuff), but no matter what I try, the links on the posts are either no longer valid, the exploits have now been patched or my firmware is not listed.
Please, please, please, can someone give me a "Dummie's Guide" on how to root my phone.
My Arc is running Version : 2.3.4, Build Number : 4.0.2.A.0.62
Incidentally, just in case anyone is wondering, if I switch the phone off, hold down the menu key and connect to the USB, my phone displays the little blue led.
The closest I've came to successfully rooting (from my numerous attempts on here) was a simple click systems screen by DoomLord. My phone seemed to take to the program and then rebooted fine, but it still wasn't rooted. I've enabled USB Debugging and enabled unknown sources, etc.
This is driving me crazy. Can anyone help, please?
Dacvolvo said:
Hi Folks
I'm sick of all the bloat-ware on my Sony Arc (Purchased last Aug). I've recently had the phone unlocked and for the life of me, I can't root the damn thing. I've spent the last few days, trawling through all the helpful posts on this site (very informative and top notch stuff), but no matter what I try, the links on the posts are either no longer valid, the exploits have now been patched or my firmware is not listed.
Please, please, please, can someone give me a "Dummie's Guide" on how to root my phone.
My Arc is running Version : 2.3.4, Build Number : 4.0.2.A.0.62
Incidentally, just in case anyone is wondering, if I switch the phone off, hold down the menu key and connect to the USB, my phone displays the little blue led.
The closest I've came to successfully rooting (from my numerous attempts on here) was a simple click systems screen by DoomLord. My phone seemed to take to the program and then rebooted fine, but it still wasn't rooted. I've enabled USB Debugging and enabled unknown sources, etc.
This is driving me crazy. Can anyone help, please?
Click to expand...
Click to collapse
Flash this kernel
http://icxperia.com/doomlord/arc/ask/ARC-Advanced-Stock-v01-boot.img
and have fun..
HOW TO FLASH
1) Open the fastboot folder (generally android-sdk\platform-tools\) and copy the downloaded file there (and better if you rename it to boot.img)
2) Press SHIFT key and right click on any blank part of the explorer window
3) Click on "Open Command Window Here"
4) On the command window type
Code:
fastboot.exe flash boot <kernel name>.img
Have fun..
Hit Thanks if I helped you
Hi now.i.feel
Problems with that too - when I click on your above link, it downloads as a Zip File to my lap-top's desktop and I then try to unzip it, but all I get is a window popping up which says this file cannot be unzipped or opened as it is not a valid Zip File???
I've tried to simply replace it in the "Fast Boot" folder on my desk top (replacing DoomLord's Zip File in there entitled LT15i_4.0.1.A.0.283_Generic_Global_system.img), but now the Command Window won't open???
What am I doing wrong?
Try to use flashtool.
You can find a download link of flashtool on this thread http://forum.xda-developers.com/showthread.php?t=1000012
After this, is just a matter of conect your fone to PC and push Root button.
.62 can't be rooted, you would either have to downgrade like it looks you have or flash a custom kernel like above.
Chances are that zip is actually made from flashtool, download it put the zip in its folder and change the extension to .ftf.
Edit: sorry blonde moment, download any kernel that has cwm, use fastboot boot boot.IMG then use doomlords zergrush script, that will install su and busybox for you.
Sent from my LT18i using XDA
PS. .62 FW CAN BE ROOTED WITH UNLOCKED BOOTLOADER
downgrading, flashing kernel , flashing prerooted roms is a long process and unecessary. You loose your data too.
fastest way (no data loss)
1. Unlock bootloader
2. Download root that supports install via recovery. put it in SD
3. Install CWM
4. Boot into recovery
5. Choose apply update from SD
6. Choose the zip and install it
7. Start up the phone and update the Superuser and SU binary
Introduction:
This is a list of all known OTA's for the Sony Smartwatch 3
The Sony Smartwatch 3 watch has it's ROMs built directly by google, instead of Sony.
Click to expand...
Click to collapse
File List:
KNX01V → LWX48P
See Sony Smartwatch 3 # Official ROMs - XDA Wiki for a list of files
Click to expand...
Click to collapse
How to flash:
Requirements:
Stock recovery
Unmodified /system
Unlocked bootloader (Is this needed?)
Basic understanding of command line/shell (to unlock bootloader)
Unlock your bootloader
Download and set up adb and fastboot
Reboot into fastboot mode (How do you do this for this device?)
Open up a command prompt/shell where you saved fastboot
enter into command prompt/shell: "fastboot oem unlock"
Enter recovery mode via onscreen buttons
Enable recovery ui
(How do you do this for this device?)
Set up adb
Select apply update from adb
enter into command prompt: "adb sideload <path to saved update.zip>
Click to expand...
Click to collapse
FAQ:
How to find the ota?
If you're rooted, wait for the device to prompt you to update, then check /cache for the file
If you're not rooted, wait until the same time and do an adb logcat and look for a line with .zip in it
Why isn't the latest ota listed?
We can only list what we have, if the ota from Build X to Build Y isn't listed, we dont have the file for it yet.
How do you setup adb/fastboot
Please read the stickies in the general subforum, this is not a formal guide
Do I need to unlock the bootloader to flash the update zip?
Yes, if you wish to do it manually.
If you allow android to prompt for the update, you do not need to unlock
Can I flash this if I have a custom rom?
No, you must be on a stock AND unmodified rom
Can I flash this if I'm rooted?
Only if you have not modified any files
Click to expand...
Click to collapse
Credits:
Click to expand...
Click to collapse
Changelog:
Dec 16, 2014: Added KNX01V → LWX48P
Oct 18, 2014: Initial page
Click to expand...
Click to collapse
2char
Kernel source for kitkat-wear Tetra
[QUOTE="Bill Yi]
Bill Yi
Oct 17
hi All,
Today, we pushed a kernel project for kitkat-wear release. The kernel source can be found on the android-bcm-tetra-3.10-kitkat-wear branch in the kernel/bcm project. It has the following tags:
android-4.4w_r5 Factory-ROM
android-4.4w_r6 update #1
bill
[/QUOTE]
There will be an ota when the product launches.
When it finally ships, could someone hook it up to wireshark/etherial/fiddler/<preferred network sniffer> and grab the full url name along with the filename of it?
Also could someone not update theirs immediately and dump the rom when a custom recovery is eventually made for it?
The ota for the SM3 is already rolling out, I do not have any information on either the starting rom or the one it flashes to.
no ota yet but firmware update available for me through pc companion (Ive updated..).
is the a way to convert pc companion files into something helpful?
Ive had already pushed and pulled files to watch via bluetooth adb and have installed towelroot via adb - e install.. didn't work as expected hehe. (I haven't bootloader unlocked yet in case there's drm?).
let me know if my pc companion files and rudimentary adb skills can be of assistance ?
Sent from my D6603 using Tapatalk
fastboot oem unlock works, but make sure to format cache and user data.
How did you grab PC companion files, are they cached on disk or are you intercepted request?
I can force update thru pc companion ~ I presume I can find files somewhere on my pc ? (haven't looked yet, booted into linux atm on dual boot)
Sent from my D6603 using Tapatalk
Looks like you are from Sony Android world, if Sony update images are something easy to extract boot.img we could get permissive/or tethering root kernel and/or twrp.
I'm still trying to figure out how similar this is to sony phones with the phone it is (relatively) easy to convert ota to ftf, then extract, edit default.prop, put back together and flash as insercure stock kernel. (saying that, I'm reinstalling linux after hd failure and have lost all my sony tools).
I don't think any of this is relevant though as I doubt the sony flashtool for ftf conversion will support android wear.
most likely, somebody better at this than me will pop up a recovery and then we are good I guess.
not sure much can be gained by having root yet anyway hehe (itching to sideload tasker though).
(using a not yet rooted z3 not helping either..)
and sry OP for OT.. started off relevant lol
Sent from my D6603 using Tapatalk
I dont use/have sony devices, but in the context of being a wear device: the updates should be otas, not done though pc companions.
wear devices are goog devices in all but name, the only thing separating them from nexus devices is the lack of factory images and redistributable binaries.
I doubt it is different, it shows as s1 device w/o driver in download mode and as SEFlash with driver and updates by the same pc companion using phone/tablet repair screen.
There is no need for Sony to reinvent the wheel. It is like Odin on Samsung, version of flashtool might be different but otherwise the same protocol and I bet the same packaging.
Will try to intercept download request.
Ok, no need to intercept, PC Companion caches the files.
Flashtool extracted it into individual sin files, but smartwatch3 is not listed in devices so I would not risk to flash ftf.
Boot.sin and recovery.sin when extracted by flashtool is actually android img files. Just tested fastboot flash boot boot.ext4 (which is android image) and device boots fine after that.
Extracted boot, recovery, system and userdata, will upload together with all sin files soon.
Also, no there is no need to reflash watch using phone/tablet repair menu, Accessories software update -> Smartwatch 3 allows to reflash stock firmware.
TheManii said:
I dont use/have sony devices, but in the context of being a wear device: the updates should be otas, not done though pc companions.
wear devices are goog devices in all but name, the only thing separating them from nexus devices is the lack of factory images and redistributable binaries.
Click to expand...
Click to collapse
You are right in terms of OTA, but as with other devices - there are OTA and factory images, factory images are managed by the Sony (I bet samsung uses it's odin as well) and can be updated to or reflashed using their PC Companion software through sony s1 bootloader that is accessible with powerbutton (read sony download mode).
As soon as my uploads will be done I'll post urls to sony .sin files extracted by flashtool (can be further extracted from .sin container) and already extracted boot.img, recovery.img, system.ext4, cache.ext4 and userdata.ext4.
Will be in Rom dump request thread.
^^ :good:
Sent from my D6603 using Tapatalk
XorZone said:
You are right in terms of OTA, but as with other devices - there are OTA and factory images, factory images are managed by the Sony (I bet samsung uses it's odin as well) and can be updated to or reflashed using their PC Companion software through sony s1 bootloader that is accessible with powerbutton (read sony download mode).
As soon as my uploads will be done I'll post urls to sony .sin files extracted by flashtool (can be further extracted from .sin container) and already extracted boot.img, recovery.img, system.ext4, cache.ext4 and userdata.ext4.
Will be in Rom dump request thread.
Click to expand...
Click to collapse
From the user's perspective it might be semantics, as even for nexus devices: they still respond to OEM download tools.
For the N4 and N5, they both respond to and have LG tools+restore images, they also responds to qcom tools.
The difference is that these tools are not distributed to the public.
the ota system used however is all identical across goog rom devices, and so is goog factory images.
However: if sony provides their own factory images for this, and the original urls are available, I'll make note of it somewhere.
I need the original urls however, reuploads are not acceptable.
I've attempted to catch otas on motorola devices, but they use urls that are unique to the user and expire after a short amount of time, thusly I don't track OEM motorola otas, only otas for the play edition moto g.
Edit: there may be at least 2 otas for the sm3,
android-4.4w_r6 and android-4.4w_r7 are supposed to be for the sm3,
but the previously provided files are newer then android-4.4w_r8.
So it's possible that currently unboxed devices may have jumped from <unknown build>/r6 to r8 and skipped r7
XorZone said:
fastboot oem unlock works, but make sure to format cache and user data.
How did you grab PC companion files, are they cached on disk or are you intercepted request?
Click to expand...
Click to collapse
I have been unable to unlock...do you have a howto?
cdrshm said:
I have been unable to unlock...do you have a howto?
Click to expand...
Click to collapse
Quick how to in my root guide see signature. If you have trouble may be you batter stay off this.
---------- Post added at 12:33 AM ---------- Previous post was at 12:29 AM ----------
TheManii said:
However: if sony provides their own factory images for this, and the original urls are available, I'll make note of it somewhere.
I need the original urls however, reuploads are not acceptable.
Click to expand...
Click to collapse
Please verify if you can download it: http://software.sonymobile.com/ns/common/1/file/334/281751334_MkNeOD3-Rt7B0pOu9N5WSVtT.bin
This is main file (second of two) used by sony Update Engine, if you can download it I'll redo repair and capture url of the first one.
The files are:
FILE_281727981 - 90.5Kb
FILE_281751334 - 114Mb (120 155 512 bytes)
I dont know what convention sony uses for the files and directory name but they are usable by flashtool to at least extract the partition files (loaders, kernel, system, etc...). I'll try to get in touch with flashtool devs to produce ftf package to keep all files flashable by flashttol to even downgrade if needed.
iBuzman said:
I can force update thru pc companion ~ I presume I can find files somewhere on my pc ? (haven't looked yet, booted into linux atm on dual boot)
Sent from my D6603 using Tapatalk
Click to expand...
Click to collapse
How did you get the PC Companion to work? I can't get it past the 'Prepare' screen which tells me to make sure the watch is off, turn it on, wait for animation and connect the usb cable. The watch shows up in Device Manager as 'Tetra' without drivers installed.
^^ power off, usb plug in, usb connect to pc. a graphic of the usb plugged in shows up if done correctly. it was really hit and miss updating via pc companion for me, failed (it seems) 9 out of 10 times and then the 10th would work. (I reflashed stock 3 times now hehe)
iBuzman said:
^^ power off, usb plug in, usb connect to pc. a graphic of the usb plugged in shows up if done correctly. it was really hit and miss updating via pc companion for me, failed (it seems) 9 out of 10 times and then the 10th would work. (I reflashed stock 3 times now hehe)
Click to expand...
Click to collapse
ahhh i should have read the instructions properly - key bit was to HOLD down the button until after it buzzes and a blue screen with a pic of the back of the watch and a USB cable shows up
---------- Post added at 12:10 AM ---------- Previous post was at 12:09 AM ----------
julz said:
ahhh i should have read the instructions properly - key bit was to HOLD down the button until after it buzzes and a blue screen with a pic of the back of the watch and a USB cable shows up
Click to expand...
Click to collapse
bummer I can't update my watch as it has test/debug firmware installed and isn't recognised
Any way to force an update?
not sure how to force, I don't have debug/test firmware. It said I was up to date but allowed me to reflash 'current firmware' (4.4W2 build KNX01V) as a repair install.
LG Pro Lite D680
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Boot On Charge
Non-generic feature for commercial purposes
URGENT NEED! - WILL DONATE
What we need:
I am looking for an urgent solution to boot-on-charge LG D680 cell phone, I am asking for help to developers who have experience on this area. The subject is related to unlock the bootlaoder, fastboot and custom rom. I understand the task is not simple, I am looking forward to donate whoever hacks the non generic feature.
What we do:
We provide video service through LG D680 cell phone (Also known as LG Pro Lite D680), the phone has 3G connection and is plugged to the power supply when is working.
Problem:
Most of the day the phone is plugged and working properly, however when the weekend comes the cell phone is unplugged and the energy is completely consumed. Currently, when the power is back to the cell phone we need to start the cell phone MANUALLY by pressing the power on button.
Goal:
We need the phone to be booted into the OS automatically when is plugged into the power USB cable (the phone initial status is powered off).
Possible Solutions / Alternatives:
Unlock the bootloader and run fastboot command fastboot oem off-mode-charge 0.
Continue our research, based on the steps described below (see LG D680 experience)
Replace charge animation with boot file command /system/bin/reboot (see Huawei experience below replacing ipod file).
Finding a custom ROM that already contains a Boot on Charge behaviour.
Finding a custom ROM that at least has “Power On Schedule” feature (AOSP certificate permissions level).
Finding a generic Android vestion with “Power On Schedule”.
Cellphone specifications:
PLATFORM
OS - Android OS, v4.1.2 (Jelly Bean), upgradаble to v4.4.2 (KitKat)
Chipset - Mediatek MT6577
CPU - Dual-core 1 GHz Cortex-A9
GPU - PowerVR SGX531
Previous work and research:
We did this "boot on charge" research in two types of cell phones. One is HUAWEI G730 and the other is LG D680. Fortunately, it worked fine in G730, but we haven’t the same results up to now on LG D680.
In Huawei G730, we replaced charging animation located at /system/bin/ipod with an ipod file containing “/system/bin/reboot” and worked like charm!
LG D680, we could not find the animation file, but we found that it might be inside the boot image. We did some research in order to modify it, but we got blocked (someone might continue our steps if useful).
HUAWEI G730 Extended Procedure:
Since this phone has a Mediatek chipset, the “battery animation” app is running on /system/bin folder. Is running with the filename ipod. The main task is to exchange ipod content (which is originally binary) to an ipod file with this content: /system/bin/reboot.
So, create a brand new file called ipod, and wrote the line in there. We transferred the file to the phone via adb push, as shown in next steps below.
Copy procedure: So, we set our phone to USB Debugging Mode, then we connected it to the PC, and run the following script:
adb shell mkdir /storage/sdcard0/carga/ (We created a folder to store files being pushed from the PC to the phone)
adb push ipod /storage/sdcard0/carga/ (We are pushing the file to the storage folder within the phone)
adb shell "su -c 'mount -o rw,remount -t ext4 /dev/block/mmcblk0p5 /system'" (This step is very important, here we remount the /system folder with read-write permissions. Only doing this we will be able to copy programmatically the “hacked” file ipod to /system/app. Look out that we used mmcblk0p5 because the system folder is mapped there in this phone. You can check this running cat /proc/dumchar_info)
adb shell "su -c 'chattr -i /system/bin/ipod'" (doing this we took out immutability to the original file ipod)
adb shell "su -c 'cp /system/bin/ipod /storage/sdcard0/carga/ipod.old'" (just creating a backup file from the original ipod)
adb shell "su -c 'rm /system/bin/ipod'" (here we are removing original ipod file)
adb shell "su -c 'cp /storage/sdcard0/carga/ipod /system/bin/'" (now we copy the new file ipod to the destination folder)
adb shell "su -c 'chmod 755 /system/bin/ipod'" (change the permission ro rwx-rx-rx)
adb shell "su -c 'mount -o ro,remount -t ext4 /dev/block/mmcblk0p5 /system'" (we remount the /system folder with read-only permissions)
adb shell "su -c 'reboot'" (Finally we reboot the phone)
RESULT: Whenever you plug in the phone to the charger when it is off, it will try to boot on the battery animation, but instead, it will be redirected to a “reboot” command, which in turn will be redirecting execution to the O.S.
LG D680 Procedure:
We found that this phone also has a Mediatek chipset. Moreover, it also has a file called ipod within /system/bin. But in this case, the bootloader image doesn’t call ipod whenever it displays the battery animation. So we had to check where is mapped the boot image on the phone by executing adb shell "cat /proc/dumchar_info". As the picture shows, the boot image (bootimg) is mapped in /dev/block/mmcblk0, from offset 0x1200000, and with size 0x900000.
We tried the following steps, in order to test if we were able to download / upload booting without bricking the phone:
We copy bootimg partition to boot.img by doing adb shell "su -c dd if=/dev/block/mmcblk0 of=/storage/sdcard0/boot.img bs=1024 skip=18432 count=9216’. (Skip and Count are measured on KBytes, and those values are offset and size translated from hexa to dec).
Then we did the inverse operation by executing: adb shell "su -c dd if=/storage/sdcard0/boot.img of=/dev/block/mmcblk0 bs=1024 seek=18432”
RESULT: The phone WASN’T bricked, and reboot normally (obviously without any change on bootimg).
Because these steps worked, we went even further, this time by unpacking and repacking boot.img file. The steps done were:
Same as (b)
We pulled boot.img file from the phone to a folder within the PC, and then we unpacked the image with bootimg.exe as the picture shows below. One interesting fact is that the pulled file sized almost 9MB.
Then we repacked it without any change inside the image, as the picture shows below. The “repacked” image is now on file “boot-new.img”, but its size is almost 7.4MB. We don’t know why we have this difference.
Same as step (ii) on (b).
RESULT: The phone resulted in a SECURITY_ERROR. It is weird because we didn’t change anything. We didn’t tried further since we are not able to unpack-repack the same image, and loading it successfully.
Edited: The security error can be avoided please follow the just below instructions.
Avoid Security Error:
In order to avoid the security error above mentioned, you need to edit the default.prop file (located at /bootimg/initrd)
Change the value from 1 to 0.
FastBoot Note LG:
Fastboot is a solution performing these commands, the problem is that the bootloader is locked for these operations on the generic vesion:
fastboot oem unlock
fastboot oem off-mode-charge 0
fastboot oem lock
fastboot reboot
The command "adb reboot bootloader" does not enter on fastboot upon reboot. There seems to be an opened option while booting on "Download Mode". What I did find out is that when you go into "Download Mode" a new ADB Device is detected on my computer however no driver matched the device. I assume fastboot could be avilable on Download Mode. I have been suggested by romulocarlos to Install the drivers on LG's website however did not work out.
Files:
For making the tests your will need the system.img, boot.img images files. If you brick your phone and want to un-brick the phone please follow this guide [Guide] LG G PRO LITE- Unroot/Unbrick - flash official factory firmware. Currently we are using this kdz image.
Forum:
G Pro Lite D680 Android Development at Android General.
XDA considered the case and opened a new forum for the phone. Thanks very much laufersteppenwolf (aka Wolf), MikeChannon (forum moderator) and svetius.
Conclusion:
We have reached this spot and need help from more advanced hackers. As you guys can see, we have been working hard to trying to hack the boot-on-charge feature on the D680 however has not been yet possible. There is no precedent on this phone on custom CWM & TWRP and custom roms yet therefore the is no out of the box solution as on many other phones (i.e. cyanogen list). We have also tried XDA University practices with no results.
I am ready to donate whoever would help us in solving this problem, its an urgent matter that needs to be solved as soon as possible. I will reward a developer by making a donation.
Appreciate very much the help in advance and reading.
Best,
Jose
Well, it's not that easy without having the actual device, but it'd help quite a bit if you could upload a system dump as well as the boot.img
laufersteppenwolf said:
Well, it's not that easy without having the actual device, but it'd help quite a bit if you could upload a system dump as well as the boot.img
Click to expand...
Click to collapse
Hi laufersteppenwolf,
Congratulations for your achievements and career, amazing.
I am hereby sharing two link resoruces to download what you have asked for, system.html containing the system.img and boot.html containing boot.img. Please let me know if you have problems downloading.
I understand the side effects of not having the cellphone by your side, hope we can mitigate it with the image files you are asking. As extended solution I can open a vnc session or whatever remote tool you can consider.
Thanks so much for the answer and support.
Best,
Jose
JoseVigil said:
Hi laufersteppenwolf,
Congratulations for your achievements and career, amazing.
I am hereby sharing two link resoruces to download what you have asked for, system.html containing the system.img and boot.html containing boot.img. Please let me know if you have problems downloading.
I understand the side effects of not having the cellphone by your side, hope we can mitigate it with the image files you are asking. As extended solution I can open a vnc session or whatever remote tool you can consider.
Thanks so much for the answer and support.
Best,
Jose
Click to expand...
Click to collapse
I am DL'ing the files now, but please use another hoster, as 4shared is not allowed on XDA
laufersteppenwolf said:
I am DL'ing the files now, but please use another hoster, as 4shared is not allowed on XDA
Click to expand...
Click to collapse
Hi laufersteppenwolf,
Thanks for clarifying, I was not aware 4shared was not allowed. I am changing the hosting and updating the link.
Cheers,
Jose
Alright, what I have done so far is I have unpacked the boot image and the ramdisk, edited the ramdisk so it shoud execute /system/bin/reboot when the phone boots because of the charger. Then I repacked both and signed the boot.img again so the bootloader would accept it.
The result, however, is a bootloop. I am just not yet sure whether it is caused by a "false alarm" (the ramdisk always thinking the phone is being booted because of a plugged in charger) or caused by either the bootloader or other low-level security checks. But I also doubt that, as the bootloader seems to accept the repacked image (doesn't show the security error screen).
But I currently do not have any logs, which is why all this is wild guessing. So the highest priority now is to get some proper logs so I know what's going on
laufersteppenwolf said:
Alright, what I have done so far is I have unpacked the boot image and the ramdisk, edited the ramdisk so it shoud execute /system/bin/reboot when the phone boots because of the charger. Then I repacked both and signed the boot.img again so the bootloader would accept it.
The result, however, is a bootloop. I am just not yet sure whether it is caused by a "false alarm" (the ramdisk always thinking the phone is being booted because of a plugged in charger) or caused by either the bootloader or other low-level security checks. But I also doubt that, as the bootloader seems to accept the repacked image (doesn't show the security error screen).
But I currently do not have any logs, which is why all this is wild guessing. So the highest priority now is to get some proper logs so I know what's going on
Click to expand...
Click to collapse
Hi Wolf,
Great advance! Keep the great work up .
I have made some modifications on the original post. Yes you are right, the bootloader friendly accepts the original image and we have figured out the security error. We have found on our end that you need to edit the default.prop file (located at /bootimg/initrd) and set ro.secure to value 0. I also added the files to the post (yet to change the server origin on the boot.image though), added the kdz image to unbrick. Also appended the new forum for the phone.
I appreciate that you have favored to create the forum for the G Pro Lite D680 Android Development. Its great that we can help the community with our achievements.
Best,
Jose
JoseVigil said:
Hi Wolf,
Great advance! Keep the great work up .
I have made some modifications on the original post. Yes you are right, the bootloader friendly accepts the original image and we have figured out the security error. We have found on our end that you need to edit the default.prop file (located at /bootimg/initrd) and set ro.secure to value 0. I also added the files to the post (yet to change the server origin on the boot.image though), added the kdz image to unbrick. Also appended the new forum for the phone.
I appreciate that you have favored to create the forum for the G Pro Lite D680 Android Development. Its great that we can help the community with our achievements.
Best,
Jose
Click to expand...
Click to collapse
ro.secure doesn't trigger the security checks, this prop is only for other things like adb on early boot, enabling adb remount, adb as root by default,...
I also set ro.secure to 0 in the builds I sent you, so that's not the cause of the issue
@JoseVigil
I have some pretty good news The phone now does exactly what you want it to do, as soon as you plug in the charger, the phone boots into offline charging mode, but then directly reboots again into the normal system.
The reboot is not that nice, but it's by far the easiest, as well as safest, way to do it.
Turns out, LG did a pretty sloppy job, giving me adb access to the device when in offline charging mode, giving me the chance to read which process is running and patching the binary to run my hack before actually executing the binary. And that's it. A few lines of bash code and you're good to go
Now my question, do you want me to write a tiny script to do all the work patching the system, or shall I just explain what to do?
laufersteppenwolf said:
@JoseVigil
I have some pretty good news The phone now does exactly what you want it to do, as soon as you plug in the charger, the phone boots into offline charging mode, but then directly reboots again into the normal system.
The reboot is not that nice, but it's by far the easiest, as well as safest, way to do it.
Turns out, LG did a pretty sloppy job, giving me adb access to the device when in offline charging mode, giving me the chance to read which process is running and patching the binary to run my hack before actually executing the binary. And that's it. A few lines of bash code and you're good to go
Now my question, do you want me to write a tiny script to do all the work patching the system, or shall I just explain what to do?
Click to expand...
Click to collapse
You are the man Wolf!
Its great that you have been able to find a workaround.
Yes, ideally both. I would appreciate if you can write the script so we can run it on our rooted phones pragmatically and a brief description of what it does (comprehensive from reading the script too) with implementation steps to reproduce too.
With the script I will do the proper test on my end and provide you feedback in case we have an issue. I will place the donation the coming week early on right after the test, I will be pleased that you get your reaward .
Once that, I think It would be pertinent though that we can expose how far we have reached with our research. If you agree, we can set the ground for someone (either me or you or anyone) to get a bootable customized boot image and unlock the door for CM.
I would love to see this running on CM. But I also know we have to be realistic, as you mentioned, this could be a hell of a work to have a working custom recovery, the device tree and blobs with kernel (almost XDA University I have not been able to deal with too).
It has been a lot of fun and a pleasure to know you and interact with you. I hope this is our first experience.
Thanks very much for the great work.
Best,
Jose
JoseVigil said:
You are the man Wolf!
Its great that you have been able to find a workaround.
Yes, ideally both. I would appreciate if you can write the script so we can run it on our rooted phones pragmatically and a brief description of what it does (comprehensive from reading the script too) with implementation steps to reproduce too.
With the script I will do the proper test on my end and provide you feedback in case we have an issue. I will place the donation the coming week early on right after the test, I will be pleased that you get your reaward .
Once that, I think It would be pertinent though that we can expose how far we have reached with our research. If you agree, we can set the ground for someone (either me or you or anyone) to get a bootable customized boot image and unlock the door for CM.
I would love to see this running on CM. But I also know we have to be realistic, as you mentioned, this could be a hell of a work to have a working custom recovery, the device tree and blobs with kernel (almost XDA University I have not been able to deal with too).
It has been a lot of fun and a pleasure to know you and interact with you. I hope this is our first experience.
Thanks very much for the great work.
Best,
Jose
Click to expand...
Click to collapse
Alright, in the attachment I have uploaded the script, including all needed files in order to execute it. The script will also tell you what it's about to do before doing it, so in case you run into issues, you know where to look into
So, what the installer script is going to do:
It will first of all push a script temporarily to the internal sdcard, then it will back up /system/bin/rtcd to /system/bin/rtcd_original, as we need to execute it later again. Next it will copy the script over from the sdcard to /system/bin/rtcd, replacing the original binary (and setting the correct permissions to both modified files). As the last step it will delete the temp file from the sdcard again.
That's all the installer script does.
The actual "magic" is inside the script being pushed to /system. It gets executed before starting chargemon and reads out the devices boot mode. If the boot mode is charger, it executes /system/bin/reboot. Otherwise it executes the original binary in /system/bin/rtcd_original.
And that's about it As simple as it could only be
Regarding further development, up until now, every device I own received a werewolf kernel, and I'm not planning on making an exception for this phone
I will definitely keep on looking into it, though it will not be as high on my priorities list as this workaround was
I will most likely open a new thread in the next couple of days, stating my findings regarding the phone/boot image/bootloader.
@JoseVigil @laufersteppenwolf
I'm New In Rom Developing . But I Think This Can Help You To Find Security Checks
I need lg g pro lite dual d686 custom twrp recovery i cant find anywhere plz provide working recovery link for d686 as iam new it seems custom recovery for specific d686 dosnt exits so share tested link for d686
Sent from my LG-D686 using xda Forums PRO
Hello I need boot on charge on my LG E460 with MTK. I done ipod change, rctd replace from laufersteppenwolf file without results. I can't went into fastboot mode of course to set oem mode charge for 0
Phone have root, bootloader unlock, busybox and supersu. Any suggestions?
Maxjimme said:
I need lg g pro lite dual d686 custom twrp recovery i cant find anywhere plz provide working recovery link for d686 as iam new it seems custom recovery for specific d686 dosnt exits so share tested link for d686
Sent from my LG-D686 using xda Forums PRO
Click to expand...
Click to collapse
TWRP RECOVERY
http://forum.xda-developers.com/optimus-g-pro/d680-development/d686-unsecured-boot-img-twrp-2-8-7-x-t3163144
Same Problem here with LG E460. Is there a solution for fastboot mode with this device?
hi, do you think this script could work on a LG G Pro 2 ?
hi guys, any chance i could get this working on a chinese mediatek device running kitkat 4.4.2 ??
Hello everyone, I want to ask if there is any developer who can help us please, we need unbrick tool for Redmagic 6 and 6 pro ASAP because the RM support team doesn't answer our complaints or emails. Please help us
M5tha said:
Hello everyone, I want to ask if there is any developer who can help us please, we need unbrick tool for Redmagic 6 and 6 pro ASAP because the RM support team doesn't answer our complaints or emails. Please help us
Click to expand...
Click to collapse
i've been waiting for my paperweight turn into a phone for a month now, i don't think it will be here any soon....
Nocturne Seigneur said:
i've been waiting for my paperweight turn into a phone for a month now, i don't think it will be here any soon....
Click to expand...
Click to collapse
It’s like Cinderella turning into a pumpkin after midnight. Our devices went from being phones to paperweights overnight.
Someone get our fairy god mothers up in here to bipity bopity this crap back into a working state
Out of curiosity may I ask how did it get to this state? Also I was able to get myself out thru a combination of reflashing boot.img (i was on 4.12), unlocking and relocking bootloader, and factory resetting via recovery mode. Not in that order and each multiple times. Somehow it worked out. Possibly worth a try if you are just waiting anyways with not too much to lose?
I found that a locked bootloader is good at telling whether you didn't quite flash an img right. It kept telling me that things are corrupt and whatnot, and all of a sudden it booted.
So I'm pretty close to getting a working TWRP for this device. I have extracted a basic TWRP.img file and merged it with the boot image for the Red Magic 6. When I flashed it, the logo shows up but nothing happens.
When I have time this weekend, I'll mess around with it some more.
That way we can unbrick it with twrp and not have to worry about waiting for an unbrick tool.
Nocturne Seigneur said:
i've been waiting for my paperweight turn into a phone for a month now, i don't think it will be here any soon....
Click to expand...
Click to collapse
I didn't unlock my bootloader, so I can't do anything to unbric this **** device
M5tha said:
I didn't unlock my bootloader, so I can't do anything to unbric this **** device
Click to expand...
Click to collapse
I’m in the same boat but Nubia is having me send my phone back to them to check out.
Guys the unbrick tool is already in this forum: https://forum.xda-developers.com/t/unbrick-tool-edl-flash-switch-from-cn-to-eu.4284797/
Note if you are rooted before going to EDL mode (9008) you should backup EFS via QFIL QCOM tool as a few people lost their IMEIs - I think it's in EFS Explorer the tool is free just Google it. Then do an EFS backup and save where you can't lose it. Here's a guide just ignore the Lenovo part, but you must go into diag mode Qualcomm 901D which is (try dial code *#7678# first it worked on the Red Magic 5 series, probably puts you in diag mode still) otherwise: adb shell; su; setprop sys.usb.config diag,adb before QFIL will see it: https://forums.easy-firmware.com/showthread.php/29143-How-To-Restore-Backup-QCN-EFS-on-Qualcomm-devices-(Giuide)
You can also back up the partition if you are rooted via adb shell. From memory, enable dev options (click build # under system until it shows up), patch your boot.img with Magisk Manager (should be in the ROM zip file you downloaded, copy to phone), flash back to the phone with fastboot (it will be in Downloads/magisk_patched_xyz.img "xyz" changes names just depends on Magisk) command is just after reboot to fastboot: fastboot flash boot magisk_patched_xyz.img; reboot and you should be rooted. Then from ADB do an ADB shell (it will ask to trust the device connected) adb shell (on PC), su (will ask for root access, grant it), $ dd if=/dev/block/bootdevice/by-name/persist of=/sdcard/persist.img and copy that to your PC. That's your persist partition in case it gets messed up you should be able to: $dd if=/sdcard/persist.img of=/dev/block/bootdevice/by-name/persist that assumes you copied persist.img back to your /sdcard/ in internal memory.
If I messed up a step feel free to correct it, this is all from memory no PC in front of me on vacation...
mslezak said:
Guys the unbrick tool is already in this forum: https://forum.xda-developers.com/t/unbrick-tool-edl-flash-switch-from-cn-to-eu.4284797/
Note if you are rooted before going to EDL mode (9008) you should backup EFS via QFIL QCOM tool as a few people lost their IMEIs - I think it's in EFS Explorer the tool is free just Google it. Then do an EFS backup and save where you can't lose it. Here's a guide just ignore the Lenovo part, but you must go into diag mode Qualcomm 901D which is (try dial code *#7678# first it worked on the Red Magic 5 series, probably puts you in diag mode still) otherwise: adb shell; su; setprop sys.usb.config diag,adb before QFIL will see it: https://forums.easy-firmware.com/showthread.php/29143-How-To-Restore-Backup-QCN-EFS-on-Qualcomm-devices-(Giuide)
You can also back up the partition if you are rooted via adb shell. From memory, enable dev options (click build # under system until it shows up), patch your boot.img with Magisk Manager (should be in the ROM zip file you downloaded, copy to phone), flash back to the phone with fastboot (it will be in Downloads/magisk_patched_xyz.img "xyz" changes names just depends on Magisk) command is just after reboot to fastboot: fastboot flash boot magisk_patched_xyz.img; reboot and you should be rooted. Then from ADB do an ADB shell (it will ask to trust the device connected) adb shell (on PC), su (will ask for root access, grant it), $ dd if=/dev/block/bootdevice/by-name/persist of=/sdcard/persist.img and copy that to your PC. That's your persist partition in case it gets messed up you should be able to: $dd if=/sdcard/persist.img of=/dev/block/bootdevice/by-name/persist that assumes you copied persist.img back to your /sdcard/ in internal memory.
If I messed up a step feel free to correct it, this is all from memory no PC in front of me on vacation...
Click to expand...
Click to collapse
I locked the bootlooder the screen is black, the only way to connect to the device is on a PC "COM",
I tried this link but and the next steps but it doesn't work, I don't know what to do with the phone and still it doesn't work,
I think I need the firmware RED MAGIC 6 "NX669J_NON EU Common".
PLEASE HELP ME
https://mega.nz/file/ntBSxDKa#h9vUPGoWVyqtyDYWYmSgz8bE1_vNimBMAqTp9csvv-w
2) Make sure all the drivers are installed correctly (Qualcomm, EDL etc...)
3) Open the MiTool application
4) in MiTool, select the folder images
5) Put your phone in EDL mode
6) Once connected, Click flash - the brushing process will start automatically.
Good evening I found a guy who unlocked the phone for me at 150 dollars.
the phone quickly repaired without any problems so the problem is solved.
Marofyxx said:
I locked the bootlooder the screen is black, the only way to connect to the device is on a PC "COM",
I tried this link but and the next steps but it doesn't work, I don't know what to do with the phone and still it doesn't work,
I think I need the firmware RED MAGIC 6 "NX669J_NON EU Common".
PLEASE HELP ME
https://mega.nz/file/ntBSxDKa#h9vUPGoWVyqtyDYWYmSgz8bE1_vNimBMAqTp9csvv-w
2) Make sure all the drivers are installed correctly (Qualcomm, EDL etc...)
3) Open the MiTool application
4) in MiTool, select the folder images
5) Put your phone in EDL mode
6) Once connected, Click flash - the brushing process will start automatically.
Click to expand...
Click to collapse
i tried running it and now the phone is on but no display . who can help me ?
my device is :
Model: NX669J-P
Red magic OS :V4.5
Build number : NX669J_CNCommon_V7.14
Adroid version :11
Hardware version : NX669J_V1AM
I will pay for the software for you if I have to . Hope your help!
Hello,
I can give you the email of the person who repaired my phone but it's expensive 150dollar
manhdoan1601 said:
i tried running it and now the phone is on but no display . who can help me ?
my device is :
Model: NX669J-P
Red magic OS :V4.5
Build number : NX669J_CNCommon_V7.14
Adroid version :11
Hardware version : NX669J_V1AM
I will pay for the software for you if I have to . Hope your help!
Click to expand...
Click to collapse
Hello,
I can give you the email of the person who repaired my phone but it's expensive 150dollar
guide
Marofyxx said:
Hello,
I can give you the email of the person who repaired my phone but it's expensive 150dollar
Click to expand...
Click to collapse
i can pay it 150 usd . give me email
Ok
hey guys..
can u pls share qcn or especially xqcn for NX669J..?