Develop Bugs

[Bootloader] U-boot for the multi-boot support

Hi!
As with Galaxy S2, I have ported the u-boot bootloader to the Galaxy Nexus. It can be chainloaded from samsung bootloader (loaded instead of linux kernel) safely.
It could be useful to have multiple ROMs on one device or test other OS like Ubuntu or Genode.
Detailed installation guide is available at Ksys Labs LLC wiki http://ksyslabs.org/doku.php?id=gnex_uboot .I'll just copy-paste it here
Happy hacking and don't forget to visit our wiki at http://ksyslabs.org !
===== Rationale ======
There were a couple reasons to port u-boot to Galaxy Nexus
* Security: we cannot trust the proprietary samsung bootloader
* Implementing dual-boot for original and custom firmware
* Booting Genode operating system
===== Demo =====
===== Compilation from source =====
Source code is in https://github.com/Ksys-labs/uboot-tuna
There exist two branches of interest
* master - contains the official stable releases. may be force-pushed and rebased, beware
* tuna-fosdem-hacks contains the u-boot that was used for FOSDEM 2013 to demo booting Genode
To compile, you need to have the ARM cross-compiler. I recommend codesourcery 2010q1-188 because that's what I'm using and some users reported that newer compilers produce broken binaries.
There are two ways to use the u-boot. One is flashing it instead of the Samsung SBL bootloader. The other one is chainloading it from the SBL.
Flashing instead of SBL has the following advantages
* Faster boot time than chainloading
* Ability to use the standard partitioning layout
There is a number of issues and therefore we do not recommend flashing it instead of SBL
* No Fastboot support (preliminary USB RNDIS and DHCP BOOTP support is available), you'll have to use OMAPFlash to restore the device if you flash a non-working kernel
* No display initialization. You'll have to disable the "Check for Bootloader initialization" option in kernel config
By default, the chainloaded version is compiled. It is loaded (by the SBL) to the address **0x81808000**.
If you want to build the SBL replacement version, edit the **include/configs/omap4_tuna.h** file and uncomment the **#define TUNA_SPL_BUILD** line. X-loader loads the bootloader to the address **0xa0208000**.
Code:
export PATH=/home/alexander/handhelds/armv6/codesourcery/bin:$PATH
export ARCH=arm
export CROSS_COMPILE=arm-none-eabi-
U_BOARD=omap4_tuna
make clean
make distclean
make ${U_BOARD}_config
make -j8 ${U_BOARD}
mkbootimg --kernel u-boot.bin --ramdisk /dev/null -o u-boot.aimg
===== Installation =====
==== Chainloaded Mode ====
You'll need the root access to your device.
You can take the prebuilt u-boot here. http://ksyslabs.org/lib/exe/fetch.php?media=gnex-uboot-chainloaded.img
The u-boot has the support for android boot images. When flashed instead of the SBL, it boots the kernel off the "Boot" partition. When chainloaded, it looks for the kernel in **/system/boot/vmlinux.uimg** . Additionally, it first looks for the **/system/boot/boot.scr.uimg** so you can put custom commands there and override the kernel image.
It also supports booting custom images from **/sdcard/boot/vmlinux.uimg** and **/sdcard/boot/boot.scr.uimg**
If you need larger images, I suggest that you use the **tuna-fosdem-hacks** branch, format the cache partition to ext2 and put the files to **/cache/media/boot/**
push the files to your device via adb
Code:
adb push gnex-uboot-chainloaded.img /sdcard/
adb hell
now, in the device shell, do the following
Code:
su
cat /dev/block/platform/omap/omap_hsmmc.0/by-name/boot > /sdcard/vmlinux.uimg
mount -o remount,rw /system
mkdir /system/boot
cp /sdcard/vmlinux.uimg /system/boot/
cat /sdcard/gnex-uboot-chainloaded.img > /dev/block/platform/omap/omap_hsmmc.0/by-name/boot
sync
reboot
Instead of installing gnex-uboot-chainloaded.img via dd, you can use fastboot
Code:
fastboot flash:raw boot u-boot.img
===== Replacing samsung bootloader =====
OMAP4 devices cannot be bricked completely because the CPU has a firmware loader in the OTP (one-time programmable) memory. When the device is powered, it tries booting from USB.
Make sure to have an old version of x-loader (PRIMEKK14) because newer ones have the security hole which allowed booting unsigned bootloaders fixed. The installation procedure is roughly the same, but use **sbl** partition. And also install xloader from http://ksyslabs.org/lib/exe/fetch.php?media=gnex-xloader-working.img
Code:
adb push gnex-xloader-working.img /sdcard/
Code:
cat /sdcard/gnex-xloader-working.img > /dev/block/platform/omap/omap_hsmmc.0/by-name/xloader
There exists a Samsung recovery tool which can unbrick the devices with corrupted xloader/SBL. You will need a computer running Windows XP.
Search the internet for the archive named "OMAPFlash_tuna.zip" which has md5 "ddbf07a1d36b044c40af5788a83b5395". We cannot upload it here because of the unclear license status.
===== Making images =====
You can either use Android's mkbootimg to produce ANDROID! type images (not recommended) or u-boot's mkimage (in the u-boot tools directory) to make boot images. Using ANDROID! format is discouraged because the loader code in the u-boot is buggy and may fail in some corner cases such as large images.
==== making a custom boot image ====
Code:
mkimage -A arm -O linux -T kernel -C none -a 0x80008000 -e 0x80008000 -n linux -d zImage vmlinux.uimg
#alternatively, just do that when compiling linux
#do not forget to add mkimage to your PATH variable
make uImage
==== making a custom boot script ====
Code:
mkimage -A arm -O linux -T script -C none -a 0x84000000 -e 0x84000000 -n android -d boot.scr boot.scr.uimg
===== Booting Modes =====
The bootloader supports several boot modes. Each boot mode is indicated by the color of the LED and activated by a combination of hardware buttons. It also supports the Android "reboot to recovery" and "reboot to bootloader" features
* Normal Boot -> no keys are pressed, cyan LED
* Recovery Boot -> Volume Up key pressed, green LED
* Custom Boot -> Volume Down key pressed, blue LED
* USB RNDIS mode -> both Volume keys pressed, purple LED
===== Pitfalls =====
* No Fastboot or DFU (RNDIS BOOTP is untested) -> not a big deal if you're chainloading, right?
* Serial number is always 0123456789abcdef or sth like that. Anyone to fix that?
* UART support is quirky. The device will likely hang if booted with the UART cable. Workaround: boot without the UART cable and plug right after the purple LED flashes.
===== A sample boot script for android =====
Make a boot.scr.uimg from it and push it to the correct location.
Code:
setenv bootargs "mem=1G vmalloc=768M omap_wdt.timer_margin=30 mms_ts.panel_id=18
no_console_suspend console=ttyFIQ0";
setenv loaddaddr 0x82000000;
setenv devtype mmc;
setenv devnum 0;
setenv kernel_part 0xc;
setenv kernel_name /media/boot/vmlinux.uimg;
echo Load Address: ${loaddaddr};
echo cmdline:${bootargs};
if ext4load ${devtype} ${devnum}:${kernel_part} ${loaddaddr} ${kernel_name}; then
bootm ${loaddaddr};
exit 0;
elif ext2load ${devtype} ${devnum}:${kernel_part} ${loaddaddr} ${kernel_name}; then
bootm ${loaddaddr};
exit 0;
else
echo failed to boot custom image;
fi

Nice!
Before there actually wasn't any dual boot stuff for Nexus but now there is really much....
I will laugh if someone ports still another dual boot loader to Nexus, E.g BootiQi dual boot loader or what it is..., (for Jét it is JétQi) but I don't remember the original dual boot files names...

Any toro support?
Sent from my Galaxy Nexus using xda app-developers app

saber.srod said:
Any toro support?
Sent from my Galaxy Nexus using xda app-developers app
Click to expand...
Click to collapse
You may try it out. It is flashed instead of kernel, not overwriting the bootloader, so should be safe. As we don't have any Toro devices, we're not particularly interested in providing support for them unless someone steps up with a patch

Also, make sure to have an old version of x-loader (PRIMEKK14) because newer ones have the security hole which allowed booting unsigned bootloaders fixed.
Click to expand...
Click to collapse
do you have PRIMEKK14 file?
cause I couldn't find it on this thread:
http://forum.xda-developers.com/showthread.php?t=1587498
or this one is PRIMEKK14?
http://ksyslabs.org/lib/exe/fetch.php?media=gnex-xloader-working.img
any enlightenment please?

savantist said:
do you have PRIMEKK14 file?
cause I couldn't find it on this thread:
http://forum.xda-developers.com/showthread.php?t=1587498
or this one is PRIMEKK14?
http://ksyslabs.org/lib/exe/fetch.php?media=gnex-xloader-working.img
any enlightenment please?
Click to expand...
Click to collapse
The latter one is the one I'm using on my phone so it should work.

sp3dev said:
The latter one is the one I'm using on my phone so it should work.
Click to expand...
Click to collapse
I wanna use the chainloaded method, so first thing I should do is fastboot-ing that .img just like another bootloader file? then chainload the u-boot file?
but it looks like I'm replacing samsung SBL (replacing SBL method) if I do that, doesn't it?

savantist said:
I wanna use the chainloaded method, so first thing I should do is fastboot-ing that .img just like another bootloader file? then chainload the u-boot file?
but it looks like I'm replacing samsung SBL (replacing SBL method) if I do that, doesn't it?
Click to expand...
Click to collapse
Yes, you can actually fastboot it via
"fastboot flash:raw boot u-boot.img"
and no, you don't need to mess with xloader for chainloading

sp3dev said:
Yes, you can actually fastboot it via
"fastboot flash:raw boot u-boot.img"
and no, you don't need to mess with xloader for chainloading
Click to expand...
Click to collapse
so it's ok to do chainloading in PRIMELC03 bootloader? If yes, I'm success...

finally "The Great Sp3dev"
nice work like always,
playing with it now,let's see where it goes
Sent from my Galaxy Nexus using xda premium

sp3dev said:
The latter one is the one I'm using on my phone so it should work.
Click to expand...
Click to collapse
ah, I bricked my phone with your gnex-xloader-working using following script... It is only 128K. Is that right?
Code:
cat /sdcard/gnex-xloader-working.img > /dev/block/platform/omap/omap_hsmmc.0/by-name/xloader
Is PRIMEKK14 bootloader the only one to work since we only have http://forum.xda-developers.com/showthread.php?t=1587498 this thread for bootloader and there's no flashable version of PRIMEKK14?
I use OMAPFlash to save it having PRIMEKK15 bootloader and I do not have the courage to do it again...

dlhxr said:
ah, I bricked my phone with your gnex-xloader-working using following script... It is only 128K. Is that right?
Code:
cat /sdcard/gnex-xloader-working.img > /dev/block/platform/omap/omap_hsmmc.0/by-name/xloader
Is PRIMEKK14 bootloader the only one to work since we only have http://forum.xda-developers.com/showthread.php?t=1587498 this thread for bootloader and there's no flashable version of PRIMEKK14?
I use OMAPFlash to save it having PRIMEKK15 bootloader and I do not have the courage to do it again...
Click to expand...
Click to collapse
Oh well, I specially edited the post so that chainloaded users don't flash loader. You only need the xloaded if you flash u-boot instead of SBL. Otherwise, treat u-boot just as linux kernel.
As for replacing bootloader, I guess PRIMEKK15 should also work, I just didn't notice when the security check was introduced. Yeah, use OMAPFlash to recover anyway. And note that you cannot use my precompiled u-boot to replace SBL. As written in the beginning of the post, you need to change a define in config and recompile because the load address and partition layout are different for chainloading and direct booting cases.

Very nice! Keep the good work up! :good:

sp3dev said:
Oh well, I specially edited the post so that chainloaded users don't flash loader. You only need the xloaded if you flash u-boot instead of SBL. Otherwise, treat u-boot just as linux kernel.
As for replacing bootloader, I guess PRIMEKK15 should also work, I just didn't notice when the security check was introduced. Yeah, use OMAPFlash to recover anyway. And note that you cannot use my precompiled u-boot to replace SBL. As written in the beginning of the post, you need to change a define in config and recompile because the load address and partition layout are different for chainloading and direct booting cases.
Click to expand...
Click to collapse
Some feedback here. I flashed u-boot to boot partition and save the original boot image to /system/boot/vmlinux.uimg.
Without any key pressed it shows
Code:
Wrong Image Format for boot command
Error: can't get kernel image!
Not booting xxxxxxxxx
Fail to boot
The characters on the screen does not show well and some of them can't be recognized....
When I press the volume up, it boot into recovery.
When I press the volume down, it shows
Code:
File not found /media/boot/vmlinux.uimg
Unrecognized filesystem type
Fail to boot
Something is wrong with my procedure?

Another small question. I want to make a zip to flash the U-boot, but always failed. I have to use fastboot command to flash gnex-uboot-chainloaded.img to boot.img.
What is in my updater-script.
Code:
mount("ext4", "EMMC", "/dev/block/platform/omap/omap_hsmmc.0/by-name/system", "/system");
package_extract_file("gnex-uboot-chainloaded.img", "/tmp/gnex-uboot-chainloaded.img");
package_extract_file("META-INF/com/google/android/switch_boot.sh", "/tmp/switch_boot.sh");
set_perm(0, 0, 0777, "/tmp/switch_boot.sh");
run_program("/tmp/switch_boot.sh");
set_perm(0, 0, 0777, "/system/boot/vmlinux.uimg");
unmount("/system");
What is in my switch_boot.sh
Code:
#!/sbin/sh
cat /dev/block/platform/omap/omap_hsmmc.0/by-name/boot > /tmp/vmlinux.uimg
mkdir /system/boot
cp /tmp/vmlinux.uimg /system/boot/
cat /tmp/gnex-uboot-chainloaded.img /dev/block/platform/omap/omap_hsmmc.0/by-name/boot
It seems the last line doesn't work...
Code:
cat /tmp/gnex-uboot-chainloaded.img /dev/block/platform/omap/omap_hsmmc.0/by-name/boot
If I use the following command in updater-script,
Code:
package_extract_file("gnex-uboot-chainloaded.img", "/dev/block/platform/omap/omap_hsmmc.0/by-name/boot");
The device enters bootloader directly showing no boot image after reboot....

dlhxr said:
If I use the following command in updater-script,
Code:
package_extract_file("gnex-uboot-chainloaded.img", "/dev/block/platform/omap/omap_hsmmc.0/by-name/boot");
The device enters bootloader directly showing no boot image after reboot....
Click to expand...
Click to collapse
That's because SBL expects the boot partition to contain the image in ANDROID! format. It creates the image itself when you flash via fastboot with the ":raw" suffix.
Try that
Code:
mkbootimg --kernel gnex-uboot-chainloaded.img --ramdisk /dev/null -o u-boot.aimg
Not sure why the original boot image didn't work for you. Are you copying the boot.img to vmlinux.uimg or the raw zImage? you should do the former, the u-boot expects either the "ANDROID!" image or the one made with mkimage.
If anything, you could try repacking the boot image yourself or try mine to see if it boots (it's for jb 4.1.1 though)
http://rghost.ru/44686398

chainloading method, in fact it works on PRIMELC03 too...
btw,
if I flash the xloader (replacing bootloader method), then how am I gonna back to original samsung bootloader/PRIMELC03 since there isn't fastboot support in your u-boot bootloader?
using odin? or omapflash? :crying:
thanks.

savantist said:
chainloading method, in fact it works on PRIMELC03 too...
Click to expand...
Click to collapse
ok, I probably didn't make it clear enough. chainloading works with any bootloader and is safe.
savantist said:
btw,
if I flash the xloader (replacing bootloader method), then how am I gonna back to original samsung bootloader/PRIMELC03 since there isn't fastboot support in your u-boot bootloader?
using odin? or omapflash? :crying:
thanks.
Click to expand...
Click to collapse
if you can boot android or recovery, thenuse dd it to /dev/block/blah-blah-blah, otherwise - omapflash.

sp3dev said:
ok, I probably didn't make it clear enough. chainloading works with any bootloader and is safe.
if you can boot android or recovery, thenuse dd it to /dev/block/blah-blah-blah, otherwise - omapflash.
Click to expand...
Click to collapse
you wrote it on wrong part on first page yesterday, makes me little bit confused, but it's corrected now...
but to do "replacing bootloader method", one should flash PRIMEKK14 or PRIMEKK15 bootloader before, right?
wow... omapflash...

savantist said:
you wrote it on wrong part on first page yesterday, makes me little bit confused, but it's corrected now...
but to do "replacing bootloader method", one should flash PRIMEKK14 or PRIMEKK15 bootloader before, right?
wow... omapflash...
Click to expand...
Click to collapse
well, some bootloaders after PRIMEKK may work, but I have not tested and we had some new phones with the recent firmware versions from stock, and u-boot failed to work there until xloader was downgraded

P6 state clarify and develop and brainstorming(recovery, boot, fastboot, kitchen)

Hi!
As I promiss, here is the thread for clarify and brainstorming for Ascend P6 avaible development.
First of all, clarify the bootloader and phone status.
Our phone is an "emulator". It is not running Android natively. It's just emulated, Android is running in QEMU. Similar like the real Android SDK.
Huawei patched the QEMU for running Android our MTK chipset.
Huawei take a tricky step. He did the RSA5 encrypt to not able to write any files to the partition system, without a digital signature of Huawei.
Xloader check this signature and if it missing, you won't be able to update. (We are s*cking @ here...)
Bootloader Unlock
It means, you able to send boot image and recovery img via fastboot. I think, our fastboot haven't got some instructions and permission.
DON'T FORGET YOU ARE IN AN EMULATED STATE!!!
If Huawei "unlock the bootloader", 2 way to get this( I think):
1. Modified fastboot, to able flash boot image via fastboot like this:
Code:
fastboot flash boot boot.img/recovery.img
or
Code:
flash_image boot boot.img/recovery.img
2. Ignore the whole system signature check. (which is best for we and able to running native Android but it won't be happen)
1 is a big step forward to custom kernel/Custom rom/CM/AOSP.(Of course second is bigger)
I'm just praying first at this moment.
Partitions.
ONE REAL partition are in the MTK NAND chip. Called: hi_mci.1.
The other partitions are NOT REAL! They are emulated. Just like you running LINUX in Virtualbox or something like this.
Those partitions:
/sdcard vfat /dev/block/platform/hi_mci.1/by-name/sdcard
/system ext4 /dev/block/platform/hi_mci.1/by-name/system
/cache ext4 /dev/block/platform/hi_mci.1/by-name/cache
/data ext4 /dev/block/platform/hi_mci.1/by-name/userdata length=-16384
/misc emmc /dev/block/platform/hi_mci.1/by-name/misc
/boot emmc /dev/block/platform/hi_mci.1/by-name/boot
/recovery emmc /dev/block/platform/hi_mci.1/by-name/recovery
/cust ext4 /dev/block/platform/hi_mci.1/by-name/cust
/uboot emmc /dev/block/platform/hi_mci.1/by-name/uboot
/splash2 ext4 /dev/block/platform/hi_mci.1/by-name/splash2
/modem/modem_image ext4 /dev/block/platform/hi_mci.1/by-name/modemimage
/usb vfat /dev/block/sda
For native Android, we need to repartition the hole NAND chip. I think, it is impossible.
BOOT
Android boot system need boot.img for booting. Which contain the kernel and some system specific files.
This is formatting the device own emulated partition. It contains the ramdisks, etc.
We have an Huaewei Update Extractor, which can be unpack the update.app.
We get boot.img, recovery.img. Good.
Our bootloader is UNLOCKED from the begining. I think, our fastboot haven't got some instructions and permission.
With dsiXDA Kitchen you able to unpack boot and recovery.img, modify it and repack.
Just after the B118 update, I hope Huawei unlock this feature. It is a good point to start.
The new driver for ADB/fastboot
To be continued...
And feel free to contribute!
Take a test and build boot.img from b122. Two modification in:
1. ro.secure=0
2. ro.debuggable=1
Is this mean, you get true root acces to everywhere.
See in attachment.
Of course, it won't be able to to push via fastboot, because the limitations our fastboot.

Hi!
After new firmware B118, nothing will be changed , because secure lock loader was not removed !
You can not push boot.img by fastboot , but you can easy flashed a new kernel by this command :
# dd if=/sdcard/boot.img of=/dev/block/mmcblk0p12
Click to expand...
Click to collapse
and your device will never boot cause you need a signed image !
I was able to flash by this command only the stock kernel !
Good luck !

There appears to be a signed flashable CWM recovery.img with scatter file for the ascend mate over at needrom - I know the P6 is pretty much the same device save the screen size so maybe it can be of some use ?
(assuming it it genuine and works).
Needs an app called SP Flash Tool which is for MTK chipsets.
http://www.needrom.com/mobile/ascend-mate-mt1-u06-s4ui/

lonespeaker said:
There appears to be a signed flashable CWM recovery.img with scatter file for the ascend mate over at needrom - I know the P6 is pretty much the same device save the screen size so maybe it can be of some use ?
(assuming it it genuine and works).
Needs an app called SP Flash Tool which is for MTK chipsets.
http://www.needrom.com/mobile/ascend-mate-mt1-u06-s4ui/
Click to expand...
Click to collapse
Hi!
Yes, you are right , seem they managed to signed a recovery.img to be flashed on partition /recovery !
As long as the loader is locked ( This phone is secure lock state ! ) I do not think it helps us....

surdu_petru said:
Hi!
Yes, you are right , seem they managed to signed a recovery.img to be flashed on partition /recovery !
As long as the loader is locked ( This phone is secure lock state ! ) I do not think it helps us....
Click to expand...
Click to collapse
Yeah maybe you're right, but a bit odd releasing what appears to be an asop based rom with a signed recovery and signed boot.img rom and no way to actually install it. maybe one day...

surdu_petru
What do you think about not removing the hole security, just removing the boot image security. Loader not check the boot image signature. You able to run custom kernel. But not able to change recovery. Only for boot.img. And with this and your method(Blueandroid), we can get custom roms like AOSP. And every time we can go back to stock with our stock recovery.

bukest said:
surdu_petru
What do you think about not removing the hole security, just removing the boot image security. Loader not check the boot image signature. You able to run custom kernel. But not able to change recovery. Only for boot.img. And with this and your method(Blueandroid), we can get custom roms like AOSP. And every time we can go back to stock with our stock recovery.
Click to expand...
Click to collapse
Nop, loader also check boot image signature , because I can not flash a custom kernel ( boot.img ) !
Edit :
I think, I'm not 100% sure, xloader partition is check signature for all partitions on boot !

Who have courage to try this?
Finding some usefull info.
How should our device look like(NAND)
xloader => /dev/block/mmcblk0p1 /first stage bootloader
round => /dev/block/mmcblk0p2
nvme => /dev/block/mmcblk0p3
misc => /dev/block/mmcblk0p4
splash => /dev/block/mmcblk0p5
oeminfo => /dev/block/mmcblk0p6
reserved => /dev/block/mmcblk0p7 /It’s the Huawei digital signature of the boot partition, checked by the bootloader.
reserved2 => /dev/block/mmcblk0p8
splash2 => /dev/block/mmcblk0p9
recovery2 => /dev/block/mmcblk0p10
recovery => /dev/block/mmcblk0p11 /stock recovery
boot => /dev/block/mmcblk0p12 /kernel+ramdisk
modemimage => /dev/block/mmcblk0p13
modemnvm1 => /dev/block/mmcblk0p14
modemnvm2 => /dev/block/mmcblk0p15
system => /dev/block/mmcblk0p16
cache => /dev/block/mmcblk0p17
cust => /dev/block/mmcblk0p18
userdata => /dev/block/mmcblk0p19
mmcblk0boot0
This is the second stage bootloader. Huawei in his UPDATE.APP files call this partition as FASTBOOT!!!!
So, someone in this forum sad, B118 FASTBOOT.IMG is the different size. It's true! B118 FASTBOOT.IMG size is smaller then B122.
I think, we found the trick!
Huawei not unlock the Xloader(1st low-level loader), just unlock the second stage loader which will allow to flash and boot custom boot.img and recovery.img!
Who have any courage, to do this:
1. Place attached FASTBOOT.IMG to sdcard/
2. Connect phone in MTP
3. Enable USB Debug.
4. CMD on PC with administrator privileges
5. Navigate to the folder which contain adb.exe
6. type: ADB.exe shell
7. type su
8.
Code:
# dd if=/sdcard/fastboot.img of=/dev/block/mmcblk0boot0
with fastboot.img from extract from Chinese B118! File attached.
If am I right, after this we are able to use it on any version(unicom/mobile) and version of firmware(B111,B112,B119,B122, etc...)
If anything went wrong, you need to reflash the hole UPDATE.APP. So, I recommend to place update.app file to sdcard/dload/
Maybe if some of you think is real, I will do!

delete

bukest said:
So, someone in this forum sad, B118 FASTBOOT.IMG is the different size. It's true! B118 FASTBOOT.IMG size is smaller then B122.
I think, we found the trick!
Huawei not unlock the Xloader(1st low-level loader), just unlock the second stage loader which will allow to flash and boot custom boot.img and recovery.img!
Click to expand...
Click to collapse
You can not flash a custom kernel on B118 ! Take a look here !

surdu_petru said:
You can not flash a custom kernel on B118 ! Take a look here !
Click to expand...
Click to collapse
And what boot.img he had flashed?
What happend when boot.img needed to signed but not just Huawei. Bootloader allow every digital signed boot.img(public key or something like this)?
Not parse the signature with one stored in the OEMINFO or RESERVED. Just only need to contain a digital signature in the front of the file, which mean, you are little bit better than a hobby weekend engineer.

bukest said:
And what boot.img he had flashed?
What happend when boot.img needed to signed but not just Huawei. Bootloader allow every digital signed boot.img(public key or something like this)?
Not parse the signature with one stored in the OEMINFO or RESERVED. Just only need to contain a digital signature in the front of the file, which mean, you are little bit better than a hobby weekend engineer.
Click to expand...
Click to collapse
Do you already signed a custom kernel with a private key ( not from Huawei ofcourse ), and your device was able to boot ?

surdu_petru said:
Do you already signed a custom kernel with a private key ( not from Huawei ofcourse ), and your device was able to boot ?
Click to expand...
Click to collapse
NOT. If you read a few post back, you will see it's just an idea. But I want to walk around fully all around aspect and all possibility.
Another idea.
What about Huawei check you are on P6-U06 or P6-U00?
And with B118 fastboot.img only flashed if you are on U00. Think about this.
But what happend if we push it manually...

Someone on P6-U00(Originally)!
Extract the boot.img from B118. Make a small modification. Flashed via fastboot. And if it doesn't work, we are able to write down, Bootloader is not unlocked.
Edited:
Attached for this an edited boot.img for B118.
Of course, NOT signed! just unpack original, edit(default.prop) and repack.

Bad news!
Permission denied!
[email protected]:/ $ dd if=/sdcard/fastboot.img of=/dev/block/mmcblk0boot0
dd if=/sdcard/fastboot.img of=/dev/block/mmcblk0boot0
/dev/block/mmcblk0boot0: cannot open for write: Permission denied
Click to expand...
Click to collapse
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}

bukest said:
Permission denied!
View attachment 2431245
Click to expand...
Click to collapse
In the way you use the command, this answer " Permission denied!" is 100% correct !
Please, use "#" instead "$" ! Good luck !

surdu_petru said:
In the way you use the command, this answer " Permission denied!" is 100% correct !
Please, use "#" instead "$" ! Good luck !
Click to expand...
Click to collapse
Ohhhh, stupid me...
Forgot to get su!
Thanks surdu.
But after a little research I find some other info with FASTBOOT partition. I will write down later at the day(have go to work at the moment).

WARNING!!!!
Do not use that method!!!
mmcblk0boot0 partition maybe contain some other information!!!
Unique FOR YOUR DEVICE!!!
Just like wifi MAC adress, etc!
And on a running system, partition around 2MB!
First backup your current boot0 partition!
# dd if=/dev/block/mmcblk0boot0 of=/sdcard/mmcblkboot0.img
It means, if we push the 500k image to 2mb partition directly, you may damage 1,5MB data.
I think, with update.app method, you just install the image file, not pushing directly!

IDEA
If we backup xloader partition:
# dd if=/dev/mmcblk0p1 of=/sdcard/xloader.img
Edit it in hex to remove digital signature check.
Push back and pray...
If it works, you have totally unlock phone, but if not YOUR PHONE TOTALLY DEAD!

hex-editing the xloader.img ...
I also like to live dangerously

[Multi Boot] Boot Menu

Multiboot for Sony Xperia Z1
How to install boot menu
- download bootmenu_honami.rar, extract folder "bootmenu" to the your internal storage
- put boot.img or kernel.elf to the mainrom folder, make sure thats the same kernel like your primary rom (aka main rom)
- download bootmenu.img from attachment, flash bootmenu.img using fastboot commnd: fastboot flash boot bootmenu.img
Since your bootmenu folder not contain settings.ini (you runing bootmenu at a first time) that will be created easily. You need to complete main step aka main rom creation:
1. (mainrom creation) reboot into bootmenu, chose "patch...", navigate to bootmenu, navigate to mainrom, select mainrom.zip package (make sure boot.img or kernel.elf is the same like your current main rom kernel, and make sure boot.img is in folder mainrom), select mainrom.zip and click "yes". Main rom will be added into boot menu entry. Now reboot again into boot menu and you will see new menuentry, chose these menu to boot into your primary rom!
2. (other roms creation - you can do only if you completed main rom step) reboot into bootmenu, chose "patch...", principe is diferent (there is 2 steps):
- step 1: chose rom zip you want to patch, patch them
- step 2: reboot again into boot menu (new rom entry will be displayed), select these rom to boot, on led blinking press to boot into cwm, now you are in cwm of these rom, now navigate to the same folder where is your package, you will find zip with appended name "patched.zip", chose these patched zip to install trought these recovery, you are done!
If something fail, make sure look into bootmenu folder into main script aka "multiboot.sh", try to fix-improve something Enjoy!
WARNING:
- NEVER RENAME FOLDERS OR ZIP ARCHIVES TO HAVE SPACE IN NAME SINCE BOOTMENU WILL NOT WORK!!! INSTEAD OF WRITING SPACE " " WRITE "_" SOMETHING_LIKE_THIS" !
- there is possibility for your partitions of the main rom to get overwriten if multiboot.sh fail to patch these rom you going to patch, just to let you know! Two click solution is in testing stage so there is probably a lot of bugs! I am not responsible if you lost your private data! So guys if you willing to help, I am waiting. Things need to be improved in multiboot.sh !

Here is full source code of the my bootmenu project -> https://github.com/munjeni/bootmenu_z1_and_z1c
Public License for BOOTMENU and for my Auxiliary Work
You can Distribute my source without my Permissions. Distribution should include my XDA name 'munjeni' and Link to this 'BOOTMENU' thread in your Credits sections/About sections and Properly Visible to Human Eyes. If you use our source and have them modified, you need to make them public to everyone!!! If you not propertly use my source and you not give proper credit, and you not share your modified source code which is based on my source code, I will find you and I will report your post!
And... If You Like my BOOTMENU... Remember to Press...Thanks button

Credits
- @abbychauhan first one who helped me in testing boot menu, thanks!
- @krabappel2548 for kernel with kexec! I have used his kexec kernel in our boot menu for Z1, thanks!
- @HypoTurtle for sugestions, thanks!
- @DooMLoRD for opening my eyes since I had a wrong kernel on my local hard drive
- @SafiXS , @Chocolatetrain, @ntmohammad ...sory if I forgot someone, thanks to all for testing!

"Post Updated on 22/06/2014"
MultiBoot Totally Simplified (Noob Friendly)
Whole Multiboot Procedure for better understanding..
We will do this in two parts procedure as Follows -
Part 1 -
First we will do the mainrom creation. "Mainrom" - The ROM which is Currently installed on your phone.
1. First Download bootmenu_honami.rar, extract folder "bootmenu" to your Phone's Internal storage
2. Put boot.img or kernel.elf (Of the ROM which is Currently installed on your phone) to the mainrom folder (its in the bootmenu folder) of extracted rar file,
make sure thats the same kernel i.e, boot.img or kernel.elf like your primary rom of yours which is currently installed
boot.img - you can extract it from the ROM zip file or Custom Kernel zip file eg. ROM.zip or Doomloards Kernel zip
Kernel.elf - U ll have to convert kernel.sin from ROM zip file to kernel.elf via Flashtool (It has got option to do that)
3. Download bootmenu.img from attachment, flash bootmenu.img using fastboot commend: fastboot flash boot bootmenu.img
4. Reboot into bootmenu, choose "patch...", navigate to mainrom folder (it has to be in the internal memory, inside the folder bootmenu),
select mainrom.zip package (make sure boot.img or kernel.elf is the same like your current main rom kernel, and make sure boot.img or kernel.elf is in folder "mainrom" ),
select mainrom.zip and click "yes". Main rom will be added into boot menu entry.
Now reboot again into boot menu and you will see new Entry Mainrom and Mainrom - CWM, choose Mainrom from Multiboot Menu to boot into your primary rom or Choose mainrom - CWM to go into mainrom Recovery
Part 2 -
Other ROMs creation - You can do it only if you completed main rom step)
1. Reboot into bootmenu, chose "patch...",
2. Navigate to Second ROM ZIP file
(Keep it anywhere in External Memory Card Because you wont be able to access Internal Memory of your Phone via another ROM Recovery due to change of Partitions, All ROMs will be installed on Internal Memory),
Choose ROM zip you want to patch, patch them
3. Reboot again into boot menu (new ROM entry will be displayed), go into ROM - CWM to go into Recovery of the particular ROM,
Now you are in Recovery of New ROM, Go to install ZIP (Installation of ROM) and
navigate to the same folder where you kept the ROM ZIP file (on External Card Memory),
you will find a new zip with appended name "patched.zip",
chose these patched zip to install trough the Recovery,
4. Flash C6902 fix, if u have C6902 Device (keep it On External Memory too),
5. Boot into ROM then Do a REBOOT and again go to Secondary ROM - CWM
6. Flash Gapps (keep it On External Memory too)
7. Flash Any Mod or anything if you wanted to flash for Your ROM (keep it On External Memory too)
Except Custom Kernels or Something that will wipe bootmenu.img ( Its WIP you can check out the Conversations on Page 48/49/50 )
8. Do Reboot
9. In Bootmenu Select the Newly installed ROM.
You are done!
Enjoy!
Common Questions -
1. How many ROMs I can Install?
Answ - http://forum.xda-developers.com/showpost.php?p=53236187&postcount=399
2. How to go from One ROM Partation to Another ROM Partation via File Explorer?
Answ - http://forum.xda-developers.com/showpost.php?p=53318812&postcount=476
3. How to get kernel.elf?
Answ - http://forum.xda-developers.com/showpost.php?p=53234909&postcount=384
and http://forum.xda-developers.com/showpost.php?p=53234988&postcount=386
and http://forum.xda-developers.com/showpost.php?p=53235075&postcount=387
4. How to take Screenshot of CWM?
Answ - http://forum.xda-developers.com/showpost.php?p=53229901&postcount=358
and http://forum.xda-developers.com/showpost.php?p=53230193&postcount=362
5. We get ROM updates now and then how do we do it? If we want to remove The Whole Multiboot Thing or a ROM from Bootmenu and to uninstall it completely from our phone then what is the procedure?
Answ - http://forum.xda-developers.com/showpost.php?p=53076327&postcount=277
and http://forum.xda-developers.com/showpost.php?p=53077937&postcount=281
6. Stock Based ROMs ask to flash the Stripped FTF via flashtools in the END, if we keep Stock based ROMs as Secondary ROMs then how will it work then, it will wipe other ROMs Kernal and bootmenu kernal?
Answ - Its Hard but http://forum.xda-developers.com/showpost.php?p=53150024&postcount=325
and http://forum.xda-developers.com/showpost.php?p=53150187&postcount=326
7. Power Off Charging?
Answ - http://forum.xda-developers.com/showpost.php?p=53144286&postcount=322
8. The partition made by Multi Boot for other ROMs is very small, Why is that? Can it be increased?
Answ - http://forum.xda-developers.com/showpost.php?p=53116039&postcount=313
and http://forum.xda-developers.com/showpost.php?p=53118687&postcount=316
and http://forum.xda-developers.com/showpost.php?p=53118722&postcount=317
9. I want to change the name of "mainrom" and Secondary ROM names in boot menu?
Answ - http://forum.xda-developers.com/showpost.php?p=53107296&postcount=307
10. Gapps on Primary ROM?
Answ - http://forum.xda-developers.com/showpost.php?p=53027261&postcount=240
11. Main ROM Update / MainROM Kernal Change?
Answ - http://forum.xda-developers.com/showpost.php?p=53565558&postcount=571

Complicated and not for noobs, but hope some one do it for you if you are confused! Seccond tut will be more complicated since all ramdisks need to be moded specialy for every each android which you going to boot. I will try to explain

munjeni said:
Complicated and not for noobs, but hope some one do it for you if you are confused! Seccond tut will be more complicated since all ramdisks need to be moded specialy for every each android which you going to boot. I will try to explain
Click to expand...
Click to collapse
Ya this thread really need a helpful Dev. Who will answer all questions.. And Of course not for noobs.. I think i ll scratch my head all night..
Sent from my Micromax A110Q using Tapatalk

@munjeni Is this same as XGo Muilti Boot?That is very harder to install.
Sent from my C6903 using XDA Premium 4 mobile app

Awesome work :good:
Could you please give me some instructions on how to add your multiboot to a host kernel when building from source?
I'm working on a kernel for the z1, and I have krabappel's kexec patch implemented.

Androguide.fr said:
Awesome work :good:
Could you please give me some instructions on how to add your multiboot to a host kernel when building from source?
I'm working on a kernel for the z1, and I have krabappel's kexec patch implemented.
Click to expand...
Click to collapse
Simple extract ramdisk and make boot.img with your kernel! I will upload new version now, version v1.1 (support for booting from booth internal and external sdcard)! Since booting from extrernal sdcard sause some lags if sd cards is not "best speed", recomended is booting from internal sdcard since performance is the same like booting from regular boot! Wait a moment, going to upload new version in next 10 minutes! When I get more free time I will give you preconfigured menu entry with installed CM11 into file partitions so you can multiboot them without needs for lookig into our tutorials, you will simple extract them and boot

New version of the bootmenu is out, enjoy!
Changelog:
- support for booting from booth internal or external sdcard
- fixed bug with reboot timer when there is no rom in settings ini or when there is no bootmenu folder

I'll try to release the multiboot I was working on. It is a lot easier for users then all this editing probably
Sent from my C6903 using xda app-developers app

krabappel2548 said:
I'll try to release the multiboot I was working on. It is a lot easier for users then all this editing probably
Sent from my C6903 using xda app-developers app
Click to expand...
Click to collapse
We all will be very thankful to u
Sent from my Xperia Z1 using Tapatalk

krabappel2548 said:
I'll try to release the multiboot I was working on. It is a lot easier for users then all this editing probably
Sent from my C6903 using xda app-developers app
Click to expand...
Click to collapse
How you think to make that simple? Since external partitions is needed, allso since standard flashable zips will allso need to be modified in updater-script, allso since ramdisks need to be modified, all fstabs need to be modified, DTB need to be appended propertly to the zImage in order to boot them with kexec... a lot of other things, I think easy method is not possible definitely! Maybe a am wrong?
I have 2 ideas now for my boot menu:
- create 3 partitions (probably will open a new thread for sharing diferent partitions layout, for example cache 50mb, cache 100mb, cache 150mb, cache 200mb, system 500mb, system 1gb, system 1.6gb, data 500mb, data 1gb, data 2gb...) so after compresing them to rar size of the archive will be ~100mb
- or maybe we can implement on the fly partitions creation by the updter-script
Problem will be kernel and ramdisk since it need modification. Maybe we can ask devs to include ramdisk and kernel for multiboot in his posts.
I am out of ideas, but I think we need to make automated tool for these things. If you guys have idea please comment!
Tool needed:
- tool for extracting boot image and making zImage-dtb
- tool for extracting ramdisk, making changes needed for boot from loop device, compresing modified ramdisk
- tool for partitions creation with defined size and defined path for puting them to defined folder
- tool for entry in settings.ini creation

Partition creation is easy. There is few steps to create file based partition:
1. first of all - how to calculate size of the partition:
Simple using calculator. Formula is: (size * 1024 * 1024) / 4096
Foe example: you want 500mb partition, ok, formula is: (500 * 1024 * 1024) / 4096
So command for making them with adb will be:
adb shell
mkdir /data/media/0/bootmenu/folder_you_want
dd if=/dev/zero of=/data/media/0/bootmenu/folder_you_want/system.ext4 bs=4096 count=count_from_your_calculation
dd if=/dev/zero of=/data/media/0/bootmenu/folder_you_want/data.ext4 bs=4096 count=count_from_your_calculation
dd if=/dev/zero of=/data/media/0/bootmenu/folder_you_want/cache.ext4 bs=4096 count=count_from_your_calculation
Click to expand...
Click to collapse
2. get UUID of the system partition (need for step 3):
blkid /dev/block/platform/msm_sdcc.1/by-name/system
Click to expand...
Click to collapse
3. format created partiton:
losetup /dev/block/loop1 /data/media/0/bootmenu/folder_you_want/system.ext4
losetup /dev/block/loop2 /data/media/0/bootmenu/folder_you_want/data.ext4
losetup /dev/block/loop3 /data/media/0/bootmenu/folder_you_want/cache.ext4
mke2fs -T ext4 -O has_journal,ext_attr,resize_inode,filetype,extent,sparse_super,large_file,uninit_bg -U paste here your UUID -I 256 /dev/block/loop1
mke2fs -T ext4 -O has_journal,ext_attr,resize_inode,filetype,extent,sparse_super,large_file,uninit_bg -U paste here your UUID -I 256 /dev/block/loop2
mke2fs -T ext4 -O has_journal,ext_attr,resize_inode,filetype,extent,sparse_super,large_file,uninit_bg -U paste here your UUID -I 256 /dev/block/loop3
tune2fs -o journal_data_writeback /dev/block/loop2
tune2fs -o journal_data_writeback /dev/block/loop3
losetup -d /dev/block/loop1
losetup -d /dev/block/loop2
losetup -d /dev/block/loop3
Click to expand...
Click to collapse
Partitions created easily
Note:
These things must be done while you are in bootmenu since I am not sure if mke2fs, blkid and tune2fs tool is available while you are on android! So you can done that in bootmenu via adb!

CWM ramdisk modifications
all fstabs need to be modified, for example fstab.qcom:
Code:
/dev/block/platform/msm_sdcc.1/by-name/boot /boot emmc defaults recoveryonly
/dev/block/platform/msm_sdcc.1/by-name/system /system ext4 ro,barrier=1 wait
/dev/block/platform/msm_sdcc.1/by-name/cache /cache ext4 noatime,nosuid,nodev,barrier=1,data=ordered,nomblk_io_submit,noauto_da_alloc,errors=panic wait,check
/dev/block/platform/msm_sdcc.1/by-name/userdata /data ext4 noatime,nosuid,nodev,barrier=1,data=ordered,nomblk_io_submit,noauto_da_alloc,errors=panic wait,check,encryptable=footer,length=-16384
remove line:
/dev/block/platform/msm_sdcc.1/by-name/boot /boot emmc defaults recoveryonly
Click to expand...
Click to collapse
changed:
Code:
/dev/block/loop1 /system ext4 ro,barrier=1 wait
/dev/block/loop3 /cache ext4 noatime,nosuid,nodev,barrier=1,data=ordered,nomblk_io_submit,noauto_da_alloc,errors=panic wait,check
/dev/block/loop2 /data ext4 noatime,nosuid,nodev,barrier=1,data=ordered,nomblk_io_submit,noauto_da_alloc,errors=panic wait,check,encryptable=footer,length=-16384
In etc you can see another recovery.fstab, change them like you done for qcom.fstab!
init.rc:
write /sys/class/android_usb/android0/enable 0
write /sys/class/android_usb/android0/idVendor 18D1
write /sys/class/android_usb/android0/idProduct D001
write /sys/class/android_usb/android0/functions adb
write /sys/class/android_usb/android0/iManufacturer ${ro.product.manufacturer}
write /sys/class/android_usb/android0/iProduct ${ro.product.model}
write /sys/class/android_usb/android0/iSerial ${ro.serialno}
on boot
ifup lo
hostname localhost
domainname localdomain
Click to expand...
Click to collapse
add:
write /sys/class/android_usb/android0/enable 0
write /sys/class/android_usb/android0/idVendor 18D1
write /sys/class/android_usb/android0/idProduct D001
write /sys/class/android_usb/android0/functions adb
write /sys/class/android_usb/android0/iManufacturer ${ro.product.manufacturer}
write /sys/class/android_usb/android0/iProduct ${ro.product.model}
write /sys/class/android_usb/android0/iSerial ${ro.serialno}
on fs
wait /dev/block/platform/msm_sdcc.1/by-name/userdata
mkdir /sde
mount ext4 /dev/block/platform/msm_sdcc.1/by-name/userdata /sde rw wait
exec /sbin/losetup /dev/block/loop1 /sde/media/0/bootmenu/cm11/system.ext4
exec /sbin/losetup /dev/block/loop2 /sde/media/0/bootmenu/cm11/data.ext4
exec /sbin/losetup /dev/block/loop3 /sde/media/0/bootmenu/cm11/cache.ext4
on boot
ifup lo
hostname localhost
domainname localdomain
Click to expand...
Click to collapse
red line "cm11" mean that you have created cm11 folder in boot menu and use these folder for example for booting into cm11! On these "cm11" folder you have created partitons, ramdisks, kernel...etc!

munjeni said:
Problem will be kernel and ramdisk since it need modification. Maybe we can ask devs to include ramdisk and kernel for multiboot in his posts.
Click to expand...
Click to collapse
Yes that will do some work for the people.. Atleast Custom Kernal Devs can include it.
Sent from my Xperia Z1 using Tapatalk

ROM ramdisk modifications
For example CM11 ramdisk.
when you unpack cm11 boot.img, when you unpack ramdisk you will notice 2 ramdisks, one is rom ramdisk and one is recovery ramdisk (ramdisk.cpio and ramdisk.recovery.cpio). Look into previous post for CWM ramdisk modification.
Modification for ROM ramdisk (ramdisk.cpio):
init.rc file:
look for line "mkdir /system", added one line before these line: "mkdir /sde"
fstab.qcom:
the same like you done on CWM ramdisk!
init.qcom.rc:
look for lines:
on fs
mount_all ./fstab.qcom
setprop ro.crypto.fuse_sdcard true
Click to expand...
Click to collapse
add:
on fs
wait /dev/block/platform/msm_sdcc.1/by-name/userdata
mkdir /sde
mount ext4 /dev/block/platform/msm_sdcc.1/by-name/userdata /sde rw wait
exec /sbin/losetup /dev/block/loop1 /sde/media/0/bootmenu/cm11/system.ext4
exec /sbin/losetup /dev/block/loop2 /sde/media/0/bootmenu/cm11/data.ext4
exec /sbin/losetup /dev/block/loop3 /sde/media/0/bootmenu/cm11/cache.ext4
exec /sbin/e2fsck -y /dev/block/loop2
exec /sbin/e2fsck -y /dev/block/loop3
mount_all ./fstab.qcom
setprop ro.crypto.fuse_sdcard true
Click to expand...
Click to collapse
red line "cm11" mean that you have created cm11 folder in boot menu and use these folder for example for booting into cm11! On these "cm11" folder you have created partitons, ramdisks, kernel...etc!

updater script in rom zip modification
For example you want to install cm11 in multiboot, ok, download an rom, for example download CM11 by FXP or one by Cyanogenmod, open zip, find, open and modify updater-script and change all lines:
1. for system:
Code:
.........."/dev/block/platform/msm_sdcc.1/by-name/system"............
change to:
Code:
.............."/dev/block/loop1"..............
2. for userdata:
Code:
............."/dev/block/platform/msm_sdcc.1/by-name/userdata"............
change to:
Code:
..........."/dev/block/loop2"................
3. for cache:
Code:
........"/dev/block/platform/msm_sdcc.1/by-name/cache"..........
change to:
Code:
..........."/dev/block/loop3"...........
4. for boot:
Code:
.........."/dev/block/platform/msm_sdcc.1/by-name/boot".........
change to:
Code:
............"/dev/null"...........
Note:
To understand this step. You doing these modifications since you going to install rom to partitions which you created on your internal sdcard! For example: if you not modify ramdisk, your rom will be installed to your phone partitions instead of one created by you! So to install rom to partitions which you have created, you must modify updater script to point installation to install rom into partitions which you created earlier instead of intalling them to regular partition! If you install rom to regular partitions that mean you will overwrite your main rom and bootmenu, so you will boot into cm11 on reboot instead of buting into multiboot! Hope thing clear?

Creating menuentry for new rom in multiboot (boot menu) settings.ini
Since you created partitions, since you modified ramdsiks, since you created kernel (sorry I removed post entry related to kernel modification... I will instruct you later!), since you modified rom zip which you want to install... you are ready for flashing! Before flashing rom to partitions, you need to add menu entry in settings.ini of the bootmenu!
How to add new rom entry to boot menu:
For example you created all partitons in .../bootmenu/cm11 folder
For example you have system.ext4, data.ext4, cache.ext.4, initrd.gz (modified cm11 ramdisk), and Zimage-dtb (modified CM11 zImage) in cm11 folder
Ok now you can add menuentry to setting.ini:
[rom-1]
menutitle=CM11
kernel=/data/media/0/bootmenu/cm11/zImage-dtb
ramdisk=/data/media/0/bootmenu/cm11/initrd.gz
cmdline=no_need_anymore
Click to expand...
Click to collapse
You are done! Title you have defined in "menutitle" will be displayed in boot menu!
Now you need to boot into cm11. When you boot into cm11 you will get "timing for recovery boot, led light!", if everything is propertly modified in all of the things you will get lucky to see led light where you need to pres volume button to get into recovery! If you enter into cm11 recovery that mean that you are in sucess , Ok now install your modified rom zip package (in these step cm11 will be installed to partitions which you have created earlier) and you are done! Reboot and enjoy cm11 in multiboot! The same steps is for all roms which you want in multi boot! Max roms is 10!

Not for noobs but hope our things is clear now for experienced users?

Teclast X70 3G SoFIA Atom x3-C3130 Quad Core 7 Inch Android 4.4 Tablet PC IPS Screen

The Teclast X70 3G SoFIA Atom x3-C3130 Quad Core 7 Inch Android 4.4 Tablet is a very cheap tablet with some pretty good specifications, lets have a look on these here:
- Android 4.4 OS
- 7 inch 1024x600 IPS capacitive touch screen
- SoFIA Atom x3-C3130 Quad Core Max 1.8GHz
- 512MB LPDDR2 RAM and 4GB EMMC
- Support Bluetooth/WIFI/GPS/OTG/3G Phone Call function
- Front 0.3MP + Rear 2.0MP camera
- 187*113*8.9mm and 270g
What I especially like about it is the very cool slim design. Typical for other cheap tablets is that they are normally bulky and cheaplooking. But not the Teclast X70, it still looks really nice.
It should come with preinstalled Youtube/Facebook/Twitter/MSN/Android market/Skype/Calculator/Google Mail/Google maps/iReader/Quick Office. And support audio types like MP3/WMA/FLAC/OGG/AAC/WAV/APE.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}

Great device, How about battery life?

Battery life sucks, at least on mine, the 2nd available Intel Atom x3 AKA SoFIA on the market but what more can you ask for; an approx USD 79 Android device from Intel...
Been hunting & trying to root this sucker, nothing seems to work ATM & i found the Flash Tool/ USB driver/ Firmware for X70 here mirrored here just in case it disappear... Updates : Found quite a few more here...
More info...
Hacking
After some hex editing, X70 recovery.fls can be unpack, at least there are some leads as adb command only list out its path but not its partition name, this means custom recoveries such as PhilZ Touch or TWRP is possible... Updates : The included FlsTool won't repack it back to the correct fls format...
Intel SoFIA uses 2ndbootloader
Code:
[COLOR="blue"]mkbootimg[/COLOR]
usage: mkbootimg
--kernel <filename>
--ramdisk <filename>
[ [COLOR="Blue"]--second <2ndbootloader-filename>[/COLOR] ]
[ --cmdline <kernel-commandline> ]
[ --board <boardname> ]
[ --base <address> ]
[ --pagesize <pagesize> ]
-o|--output <filename>
Use osm0sis's AIK or Carliv's CIK to unpack/ repack... :good:
adb shell ls -l /dev/block/platform/soc0/e0000000.noc/by-name
Code:
lrwxrwxrwx root root 2015-07-17 10:39 ImcPartID001 -> /dev/block/mmcblk0p2
lrwxrwxrwx root root 2015-07-17 10:39 ImcPartID022 -> /dev/block/mmcblk0p7
lrwxrwxrwx root root 2015-07-17 10:39 ImcPartID068 -> /dev/block/mmcblk0p8
lrwxrwxrwx root root 2015-07-17 10:39 ImcPartID069 -> /dev/block/mmcblk0p11
lrwxrwxrwx root root 2015-07-17 10:39 ImcPartID070 -> /dev/block/mmcblk0p9
lrwxrwxrwx root root 2015-07-17 10:39 ImcPartID071 -> /dev/block/mmcblk0p3
lrwxrwxrwx root root 2015-07-17 10:39 ImcPartID074 -> /dev/block/mmcblk0p12
lrwxrwxrwx root root 2015-07-17 10:39 ImcPartID076 -> /dev/block/mmcblk0p10
lrwxrwxrwx root root 2015-07-17 10:39 ImcPartID115 -> /dev/block/mmcblk0p1
lrwxrwxrwx root root 2015-07-17 10:39 ImcPartID118 -> /dev/block/mmcblk0p5
lrwxrwxrwx root root 2015-07-17 10:39 ImcPartID119 -> /dev/block/mmcblk0p4
lrwxrwxrwx root root 2015-07-17 10:39 ImcPartID120 -> /dev/block/mmcblk0p6
lrwxrwxrwx root root 2015-07-17 10:39 ImcPartID121 -> /dev/block/mmcblk0p13
recovery.fstab
Code:
#
# Copyright (C) 2013 Intel Mobile Communications GmbH
#
# Sec Class: Intel Confidential (IC)
#
# Android fstab file.
#<src> <mnt_point> <type> <mnt_flags and options> <fs_mgr_flags>
# The filesystem that contains the filesystem checker binary (typically /system) cannot
# specify MF_CHECK, and must come before any filesystems that do specify MF_CHECK
#
/dev/block/platform/soc0/e0000000.noc/by-name/ImcPartID068 /system ext4 defaults defaults
/dev/block/platform/soc0/e0000000.noc/by-name/ImcPartID069 /data ext4 defaults defaults
/dev/block/platform/soc0/e0000000.noc/by-name/ImcPartID070 /cache ext4 defaults defaults
/dev/block/mmcblk1p1 /sdcard vfat defaults defaults
/dev/block/platform/soc0/e0000000.noc/by-name/ImcPartID076 /nvm_fs_partition ext4 defaults defaults
/dev/block/platform/soc0/e0000000.noc/by-name/ImcPartID074 /misc emmc defaults defaults
/dev/block/platform/soc0/e0000000.noc/by-name/ImcPartID071 /boot emmc defaults defaults
/dev/block/platform/soc0/e0000000.noc/by-name/ImcPartID119 /recovery emmc defaults defaults
/dev/block/platform/soc0/e0000000.noc/by-name/ImcPartID120 /recoverym emmc defaults defaults
/dev/block/platform/soc0/e0000000.noc/by-name/ImcPartID001 /mobilevisor emmc defaults defaults
/dev/block/platform/soc0/e0000000.noc/by-name/ImcPartID013 /splash_screen emmc defaults defaults
/dev/block/platform/soc0/e0000000.noc/by-name/ImcPartID115 /mvconfig emmc defaults defaults
/dev/block/platform/soc0/e0000000.noc/by-name/ImcPartID118 /secvm emmc defaults defaults
fstab.sofia3g
Code:
#
# Copyright (C) 2013 Intel Mobile Communications GmbH
#
# Sec Class: Intel Confidential (IC)
#
# Android fstab file.
#<src> <mnt_point> <type> <mnt_flags and options> <fs_mgr_flags>
# The filesystem that contains the filesystem checker binary (typically /system) cannot
# specify MF_CHECK, and must come before any filesystems that do specify MF_CHECK
#
/dev/block/platform/soc0/e0000000.noc/by-name/ImcPartID068 /system ext4 ro wait
/dev/block/platform/soc0/e0000000.noc/by-name/ImcPartID069 /data ext4 nosuid,journal_async_commit,nodev,nodiratime,noatime,noauto_da_alloc,discard,data=ordered wait,encryptable=footer
/dev/block/platform/soc0/e0000000.noc/by-name/ImcPartID070 /cache ext4 nosuid,nodev wait
/devices/soc0/e0000000.noc/ef010000.l2_noc/e1000000.ahb_per/e1400000.sd/mmc_host/mmc1 auto vfat defaults voldmanaged=sdcard1:auto,noemulatedsd
/devices/soc0/e0000000.noc/ef010000.l2_noc/e2000000.ahb_per/e2100000.usb/usb1 auto auto defaults voldmanaged=usbdisk:auto
#/dev/block/platform/soc0/e0000000.noc/by-name/ImcPartID076 /nvm_fs_partition ext4 nosuid,nodev,data=journal wait,check
To reboot to stock 3e recovery
With the device at power off state, USB cable unplug, press & hold Volume Up, now press & hold Power button & it'll vibrate once then let go Power. Keep on holding Volume Up until you see the boot logo then let go & it boots up the stock 3e recovery.
To reboot to fastboot
There is no button combination to boot to fastboot however with the adb command -> adb reboot fastboot, you can boot to fastboot with correct adb driver installed at all the 3 modes...
At fully booted up Android OS
Even while the device at off-state ! (Charger init)
And the unknown Safe mode
There is no Intel Droidboot only distorted yellow screen but fastboot command works.
fastboot
fastboot getvar all
Code:
(bootloader) version-baseband: 23569
(bootloader) version-bootloader: 1525.100_M1S1
(bootloader) product: SF_3G
(bootloader) secure: NO
(bootloader) [COLOR="Blue"]unlocked: [B]NO[/B][/COLOR]
(bootloader) off-mode-charge: 1
(bootloader) ========== parition type ==========
(bootloader) system parition type: ext4
(bootloader) userdata parition type: ext4
(bootloader) cache parition type: ext4
(bootloader) radio parition type: raw
(bootloader) dsp parition type: raw
(bootloader) hypervisor parition type: raw
(bootloader) boot parition type: raw
(bootloader) recovery parition type: raw
(bootloader) splash parition type: raw
(bootloader) mvconfig parition type: raw
(bootloader) secvm parition type: raw
(bootloader) prg parition type: raw
(bootloader) psi parition type: raw
(bootloader) slb parition type: raw
(bootloader) nvm parition type: raw
(bootloader) ucode_patch parition type: raw
(bootloader) ===================================
(bootloader) ========== parition size ==========
(bootloader) system parition size: 0x40000000
(bootloader) userdata parition size: 0x4b960000
(bootloader) cache parition size: 0x40000000
(bootloader) radio parition size: 0x0
(bootloader) dsp parition size: 0x0
(bootloader) hypervisor parition size: 0x100000
(bootloader) boot parition size: 0x1080000
(bootloader) recovery parition size: 0x1180000
(bootloader) splash parition size: 0xa80000
(bootloader) mvconfig parition size: 0x80000
(bootloader) secvm parition size: 0x400800
(bootloader) prg parition size: 0x800
(bootloader) psi parition size: 0x20000
(bootloader) slb parition size: 0x100800
(bootloader) nvm parition size: 0x180000
(bootloader) ucode_patch parition size: 0x3800
(bootloader) ===================================
(bootloader) max-download-size: 0x38fff00
all:
finished. total time: 0.215s
fastboot oem unlock
Code:
...
(bootloader) Unlocking the bootloader means the following:
(bootloader) All user data will be deleted
(bootloader) Any securely stored data will be inaccessible
(bootloader) Warranty will be void
(bootloader) After unlocking you have to execute
(bootloader) > fastboot format userdata
(bootloader) > fastboot format cache
(bootloader) or carry out a factory reset from recovery
(bootloader) To confirm the unlock, please execute the command
(bootloader) > fastboot oem unlock confirm
OKAY [ 0.050s]
finished. total time: 0.050s
i don't intend to unlock mine yet as it will be getting LP update soon or i won't be able to update it, i donno... Initial look at the Flash Tool, tutorial, it seems SoFIA devices should be unbrickable & should be upgradable too, in spite of unlocked bootloader & rooting however i wouldn't want to risk it...
Updates : fastboot flash recovery twrp-recovery.img doesn't work... Flashing the Firmware doesn't overwrite the bootloader, it will remain unlock if you have unlocked it, fastboot oem lock doesn't work...
Unknown PTEST mode
To boot to PTEST mode => With the device at power off state, USB cable unplug, press & hold both Volume Up + Down, now press & hold Power button & it'll vibrate once then let go Power. Keep on holding both volume button until you see boot logo then let go & it boots up to a screen that says...
Code:
Press volume up or down key to exit PTEST Mode
Now plug-in USB cable to PC
Unknown device at Device Manager
For adb, you can use google adb driver
One of the CDC is Intel USB, use the one included in the Flash USB Driver folder
i've tried alot of CDC driver, non-worked, except for MediaTek CDC driver that i have, seems compatible, attach below CDC.zip...
All the drivers needed for Flash Tool to work are installed
As the device i own is not X70, i only tried the upload, seems to be working except for a compatible ebl.fls is needed for a successful upload...
Final Note
Use this guide at your own risk !
Unknown Safe mode
With the device at power off state, USB cable unplug, press & hold Volume Down, now press & hold Power button & it'll vibrate once then let go Power. Keep on holding Volume Down until it boots up
View attachment 3417538
Safe mode at the bottom left corner
Manage to unpack X70 system.img too...
Updates
Hmm, Chuwi Vi7 seems to be the exact clone, wonder if the firmware can be used on X70 or mine... Not compatible... Even X70 system.img won't boot on mine...
Further digging, its a single SIM device C3230 with better spec...
Cross-comparison
Found a few more X3...
Vido M7S
Onda V719 3Gs
Digma Plane 7.7
4good T700i
mediacom smartpad iPro 3G
iBall Slide Brillante
BLUEING S706
Updates - 08-Aug-2015
Found out my device is in fact actually an oem of X70 & damn Intel for making such cheap device while you can't even use fastboot to install custom recoveries to root it...
Updates : Hmm, it seems to be an oem of an oem, found it on default.prop...
There seems to be some headers needed to boot up the recovery, found out the included FlashTool has a back-end DOS program that can unpack & extract image parts from the FLS file.
Code:
[COLOR="Blue"]FlsTool -x recovery.fls[/COLOR]
FlsTool v.1.20
[Loading] recovery.fls (Fls2)
[Extract] 13905 recovery/meta.json
[Extract] 844 recovery/recovery.fls_inj_PSI_ver.txt
[Extract] 914 recovery/recovery.fls_inj_EBL_ver.txt
[Extract] 64320 recovery/recovery.fls_inj_PSI.bin
[Extract] 144084 recovery/recovery.fls_inj_EBL.bin
[Extract] 2048 recovery/recovery.fls_ID0_CUST_SecureBlock.bin
[Extract] 617168 recovery/recovery.fls_ID0_CUST_LoadMap0.bin
[Extract] 32430 recovery/recovery.fls_ID0_CUST_LoadMap1.bin
[Extract] 7786496 recovery/[COLOR="Blue"]recovery.fls_ID0_CUST_LoadMap2.bin[/COLOR]
recovery.fls_ID0_CUST_LoadMap2.bin is the stock 3e recovery.img
Need to figure out the correct way to repack the stock 3e recovery.fls & when it boots then will try it out on the ported TWRP, hopefully it boots too...
In the mean time, i have also contacted Intel, hopefully they'll respond or we'll have to figured ourselves how to repack custom recoveries so that it'll boot on our device to root it or wait for exploit root software to work on our SoFIA x3 device... Updates : They never respond...
Anyone wants to explore then here is the Guide, FlashTool & Firmware for my device... Not compatible for X70
Updates - 10-Aug-2015
Feedback from our Russian counterpart seems true that X70 recovery partition size is only 8MB only, no custom recoveries would fit except old version !
Code:
FlsTool v.1.20
This tool can do several different operations of FLS files.
Use the 'Action' option to select to required operation.
Actions:
-p [ --pack ] Packing multiple FLS files into one
-i [ --inject ] Inject NVM, Certificates or Security into FLS file
-x [ --extract ] Extract all image parts from the FLS file(s)
--extract-fls Extract embedded files from the FLS file(s)
--extract-prg Extract PRG file
-b [ --to-bin ] Convert a single Hex file to binary file
--hex-to-fls Create an Fls from a Prg file
--sign Formerly known as FlsSign
--to-fls2 [ arg ] Force output file format to Fls2
--to-fls3 [ arg ] Force output file format to Fls3
-d [ --dump ] Dump the meta data of an FLS file.
--sec-pack Dump all SecPack data of an FLS file.
HexToFls options:
--prg arg Choose a PRG file to create the Fls from
--psi arg Add a PSI to the Fls file (replaces if '-r' option)
--ebl arg Add an EBL to the Fls file (replaces if '-r' option)
--meta arg Inject any meta file to the Fls file (Equal to --version or -v in HexToFls)
--xml arg Add an XML file to the Fls file (replaces if '-r' option)
--zip arg Add a ZIP file to the Fls file (replaces if '-r' option)
--script arg Add a Script file to the Fls file (replaces if '-r' option)
--tag arg Specifies the memory region tag to insert the input file (replaces if '-r' option)
Inject options:
-n [ --nvm-path ] arg Path to the NVM input files
Generic Options:
-o [ --output ] arg Output path
-r [ --replace ] [ arg ] Defaults to replace when trying to add a section which is already existing
-v [ --verbose ] [ arg ] Set verbosity
--prompt [ arg ] Prompt before quitting
--version Show the version of this tool
-h [ --help ] Show command line help
Please specify an input file
Code:
FlsTool -d recovery.fls > partlist.txt
Code:
{
"addr": "0x1CC00000",
"length": "[COLOR="Blue"]0x00800000[/COLOR]",
"class": "Cust",
"tag": "RECOVERY:3#77",
"options": [ ],
},
recovery partition size of 0x00800000 in decimal is 8388608 = 8MB only...
X70 Flash Tool Driver Installation & firmware download
Typically, installing the Intel USB driver that comes with the firmware will work ( right-click it & Run as Administrator ) & if it doesn't then follow below guide.
With the device at power off state, USB cable unplug, open Device Manager, plugin the USB cable & an unknown device will appear, quickly double-click it & manually install the FlashUSB.inf included in the FlashUSB_Driver folder.
To download the firmware successfully, follow the guide that comes with it.
Again : Use at your own risk
Great product interview/ review by armdevices.net
Updates
Hmm, even Asus Zenpad 7.0 uses the x3 too AKA SoFIA but with better spec, the Z170 series & Z370 series
Updates - 17-08-2015 Finally, got ROOT access
Use FlsTool to download the x70-unsecured-boot.fls then most of the existing exploit rooting software will work, i think...
Updates
WARNING : For heaven sack's, noobs & newbies, pls READ EVERYTHING FIRST before hands on ! On & off, i got just too many pm regarding brick devices... There is only one post so pls read it, unlock your bootloader first before flashing the unsecured boot fls...
If you're using JOI then use JOI-unsecured-boot.fls...
Updates
Feedback seems some are not able to root with existing exploit rooting software, fyi, i manually root mine using adb commands then unroot & only tried iroot/ vroot & it works so i presume Kingo, Baidu & others will work too... Try giving the exploit software a helping hand first before using it...
Code:
adb root
adb remount
Updates - 23-08-2015 Since many still couldn't root it...
i'll share my manual rooting script here...
On Linux
Code:
adb root
sh root.bat
[COLOR="blue"]OR[/COLOR]
chmod 777 root.bat
./root.bat
On Windows
Code:
adb root
root.bat
[COLOR="blue"]OR[/COLOR]
Double-click root.bat
If you don't have a working adb then use the one from here... :good:
What to do once you got ROOT :good:
Install Xposed Installer => XDA :good:
Install GravityBox [KK] => XDA => youtube overviews & tutorials :good:
[GUIDE] Extreme Battery Life Thread ( Greenify+Amplify+Power Nap ) :good:
More info here, enjoy your New Custom ROM with Extreme Battery Life :laugh:
Must have Modules
More Modules
All Modules
Updates - 07-09-2015
Got just too many miss call, i can hardly hear it so i purchase this inexpensive mini bluetooth speaker strap to my sling bag & problem solved... :laugh:
Updates - 09-09-2015 => 4pda users IMEI problem
i've already told you guys here that i'm not able to login b'cos of that site super unreasonable Russian captcha but still nobody post reply here...
i wouldn't even bother to reply when i saw his thread here while the previous user ask exactly the same problem & he don't even bother to reply with the solution that he had...
Funny though, i don't have such IMEI problem after so many flashing on my X70 clone...
Possible other Solutions
Xposed IMEI Changer
Repair imei number in android => On x3, to check IMEI No. is *#06#
Others possible solutions
Updates
Thanks to Invisibot for sharing his findings & solutions for IMEI... :good: Mirrored here the software & the manual just in case it disappear
Updated JOI 7 lite unsecured boot.fls - 13-09-2015
i can't believe oem actually disabled the swap partition until i unpack Chuwi vi7 & discovered how it is enabled...
Huge apks now start up almost immediately though it takes quiet awhile for the OS to stabilize after every reboot but i guess its worth it as apps are more responsive after that...
Updated X70 unsecured boot.fls with swap enabled - 15-09-2015
Added X70 C6F9 unsecured boot.fls with swap enabled - 24-09-2015
X70 C5F9 => 512MB RAM
X70 C6F9 => 1GB RAM
Updates - 2016
Refer to here for TWRP & flash SuperSU to ROOT...

I don't want to be rude, but what's the point in starting a thread for a device, list some official specs but no hands-on? This routine (hunt for thanks or OP threads?) just creates parallel threads on the forum for the same device. I mean, the next person who actually owns or have access to the device and wants to post a real review of it might not want to post it here. That person might want to be the OP for that thread.

MacArthur67 said:
I don't want to be rude, but what's the point in starting a thread for a device, list some official specs but no hands-on? This routine (hunt for thanks or OP threads?) just creates parallel threads on the forum for the same device. I mean, the next person who actually owns or have access to the device and wants to post a real review of it might not want to post it here. That person might want to be the OP for that thread.
Click to expand...
Click to collapse
Well, I actually truly planned to get the device when I created the topic, but changed my mind. If you check my profile and other posts, you would notice that I actually always post a hands-on or review also in my posts if I get the device.
Anyone that actually got the device and want to add a review, can just contact me and I will put in up in post #1 - so no! its not a problem at all.
Parallel threads are not allowed in here, so anyone creating a thread for this, should actually first check if there is an existing one.
There is no real advantage of being a OP for at thread (other than I have a lot of work also answering questions like yours now). If I for instance post your review in #1, I would also write the credits/name for the review so they can thank you and not me.

s7yler said:
Well, I actually truly planned to get the device when I created the topic, but changed my mind. If you check my profile and other posts, you would notice that I actually always post a hands-on or review also in my posts if I get the device.
Anyone that actually got the device and want to add a review, can just contact me and I will put in up in post #1 - so no! its not a problem at all.
Parallel threads are not allowed in here, so anyone creating a thread for this, should actually first check if there is an existing one.
There is no real advantage of being a OP for at thread (other than I have a lot of work also answering questions like yours now). If I for instance post your review in #1, I would also write the credits/name for the review so they can thank you and not me.
Click to expand...
Click to collapse
Yes I know that parallel threads are against the forum rules but a thread with only a news about a forthcoming device is not a real thread on a developer forum. It shouldn't be allowed in the first place in my opinion. This is not a news site/forum so what's the point in just echoing here what you have read in a press release on some other site? If people can read your echo here they can also read the original news where you found it. You seem to mass produce short and very trivial reviews of various devices from some reason and then you always leave the thread more or less. It's very counterproductive on a developer site and it's about time that someone tell you that. I'm just sorry it had to be me. Next time at least wait until you have the device or let people with a real interest in the device start the thread and write the review. You don't need to be an Einstein to understand that on a developer forum it would be a great advantage if the OP of a tread has a real interest in the device the thread is all about. Your interest seems to be something completely different that I can't really figure out, but in any case it's counterproductive on a developer forum. Peace!

MacArthur67 said:
Yes I know that parallel threads are against the forum rules but a thread with only a news about a forthcoming device is not a real thread on a developer forum. It shouldn't be allowed in the first place in my opinion. This is not a news site/forum so what's the point in just echoing here what you have read in a press release on some other site? If people can read your echo here they can also read the original news where you found it. You seem to mass produce short and very trivial reviews of various devices from some reason and then you always leave the thread more or less. It's very counterproductive on a developer site and it's about time that someone tell you that. I'm just sorry it had to be me. Next time at least wait until you have the device or let people with a real interest in the device start the thread and write the review. You don't need to be an Einstein to understand that on a developer forum it would be a great advantage if the OP of a tread has a real interest in the device the thread is all about. Your interest seems to be something completely different that I can't really figure out, but in any case it's counterproductive on a developer forum. Peace!
Click to expand...
Click to collapse
"If people can read your echo here they can also read the original news where you found it"
No not always, I get info directly from the manufactures sometimes. And sometimes I write texts myself. That you can't read somewhere else. Of course it is not always so, depends on the info/news and devices. I love phones and tablets, and that's why I like to be a news poster. If I don't post, someone else would do.
You seem to mass produce short and very trivial reviews of various devices from some reason and then you always leave the thread more or less
No, I follow every single thread I make (else I would probably also not answer in this old thread here now) and if people have real interest in the device I also answer or follow up with news. If people ask something already answered I don't reply, that's right. Else I could spend the whole day answering questions from people. And I would say on 80% of the threads I make, I also always follow up with a full video review of the device.
Next time at least wait until you have the device or let people with a real interest in the device start the thread and write the review.
Doesn't work that way, as the manufactures already post info before the device is released. And many want info as soon it is possible, not 1 month after when the device already is old again.
a great advantage if the OP of a tread has a real interest in the device
Well, it is not really up to you to judge if I have real interest in a device or not. If I am going to test it I will have real interest in it. But some devices are more interesting than others, also after they have been received.
I don't see anything bad in creating threads that can gather people around a device. In these people can help, discuss & develop the device. I see that in my Elephone P8000 thread, my Jiayu S3 thread and UMI ZERO thread, for some devices like for example the UMI IRON it doesn't happen but that's not really my fault. I personally still love the phone.
And PS. I'm from Denmark, so you should really try to be a little more nice to one from your neighbouring country.

Teclast 3G x70
Hello freinds
Please could someone help me, because i am very stuck with the problem and no one over the internet doesnt know how to help me.
My tablet Teclast 3G x70 suddenly become dead and I have luck to repair it by reflashing procedure, but the IMEI has been lost
Please maybe somebody know how to repair it, because I have already tried everything I know...
Thank you

You guy always said already tried everything, what actually have you tried, list out everything so its easier to trouble-shoot & to narrow things down...
First of all, did you guys even read the included guide/ tutorial, i flash so many times on my X70 clone, never even once loose the IMEI, try rebooting to stock 3e recovery & do a Factory Reset or using fastboot to do that, that should reset everything back to normal ...
Code:
adb reboot fastboot
fastboot format userdata
fastboot format cache
Refer to here for more IMEI repair info....

to : yuweng TECLAST X70 3G
Hello dear friend Yuweng
I come from 4 PDA forum you must be aware of.
And there is no one can resolve this issue.
First of all I want to thank you for the ROOTING guide - I get root with your help
And about IMEI : i have tried everything you advise to do to recover IMEI
I think it is maybe impossible to recover IMEI because it is INTEL platform like Google Nexus for example (need special hardware to recover IMEI)
Thank you

Your username ends with il then only i try 012.net.il then only realize it... :laugh: All Android OS comes from Google so this means all Android devices are more or less the same, i guess its just a corrupted partition or file missing that causes this IMEI issues, same as many Android devices are experiencing...
Ok, try below command, give me a download link to it & i'll make a comparison to see which file is missing...
Code:
adb shell su -c "ls -R" > myx70.txt
After that, try to follow exactly as the FlashTool_E2 guide to download the firmware all over again, one of the pdf stated single-threaded download mode, multi-threaded download mode, try & see if that makes a different.... :fingers-crossed: Russian translated version here...
Updates
Hmm, that pdf stated 15 firmware files, that means modem.fls, mvconfig.fls & thread.fls is missing, wonder if that causes the IMEI to disappear...
[email protected] said:
Hello dear friend Yuweng
I come from 4 PDA forum you must be aware of.
And there is no one can resolve this issue.
First of all I want to thank you for the ROOTING guide - I get root with your help
And about IMEI : i have tried everything you advise to do to recover IMEI
I think it is maybe impossible to recover IMEI because it is INTEL platform like Google Nexus for example (need special hardware to recover IMEI)
Thank you
Click to expand...
Click to collapse

to : yuweng TECLAST X70 3G
Helo again dear friend
It is very nice you still support this thread
I did get the file myx70.txt you need
Please check it, Thank you

to : yuweng TECLAST X70 3G
Helo again dear friend
It is very nice you still support this thread
I did get the file myx70.txt you need
https://www.mediafire.com/?0iskyl3hazaketo
Please check it, Thank you
By the way it is some softwareprogram I have been informed in that can do everything including restoring IMEI
But I cant use it bacause it is in CHINESE
it called Rabbit Root and it is web page is: http://www.7to.cn/#

When i ask you to do a Factory Reset using the stock 3e recovery & you said you did it but your myx70.txt says otherwise... Few files missing, seems like it is not initialize properly...
Code:
./data/media/0:
91 WireLess
Alarms
Android
AppGame
DCIM
Download
GOLauncherEX
GoStore
MIUI
Mihome
Movies
Music
Notifications
Pada
Pictures
Podcasts
Ringtones
XPOSED IMEI Changer_1.3_apk-dl.com.apk
baidu
com.91.channel.repository
dianxin
libs
mgyun
nd
system
system.info
tencent
tmp
xutils
To reboot to stock 3e recovery
With the device at power off state, USB cable unplug, press & hold Volume Up, now press & hold Power button & it'll vibrate once then let go Power. Keep on holding Volume Up until you see the boot logo then let go & it'll boots up the stock 3e recovery.
Click to expand...
Click to collapse
Press the power button once & you'll see the stock 3e recovery menu
Use the volume down key to go to wipe data/ factory reset & press power button
Use the volume down key to go to Yes -- delete all user data & press power button
Do the same for cache partition
reboot system now
* Manually format the internal sdcard as well if Factory Reset doesn't remove it
That software you pointed out, the IMEI repair is for MTK devices only.
Updates
Check with dAverk how he did it, every detail like where he got the firmware from, the step by step that he took on flashing the firmware, this will narrow things down as why IMEI is lost on you guy's x70 & not him... i believe if you guys follow his steps exactly, you should be able to get the IMEI working again... :fingers-crossed:
Firmware flashing bricks the device, Factory Reset corrupts the IMEI was a thing in the past ( Jellybean/ ICS/ GB issues ), it shouldn't happened on KitKat/ Lollipop devices, i believe...

OK I have reflashed this tablet with all FIRMWARES i have found on this forums
I cant get to Boot Menu ( Power ON+Volume UP) - tablet continue to load and nothing happens
And the ADB command doesnt help
adb reboot fastboot
fastboot format userdata
fastboot format cache
The tablet reboots and I get GREEN screen
https://www.mediafire.com/?0pkb7pk89d8c33s

What have you done to yourself, that green screen is the fastboot screen, you'll need adb driver & fastboot.exe for it to work...
i already mentioned, be specific, all FIRMWARES, which one ? JOI, X70 from geekbuying or chinagadgetsreviews & etc, may be they are all different, i donno, i didn't download all to check if they are identical, may be thats the cause of your green screen problem & IMEI problem ?
This is a General not Development thread, i don't intend to start a new one, i shouldn't even be sharing these infos here...
Warnings : Use this guide at your own risk ! For Developers ONLY
These infos are the results of spending many hours with FlsTool( linux version ) & flstool.exe
Code:
./FlsTool -x recovery.fls
./FlsTool --extract-prg recovery.fls
./FlsTool -x system.fls
./FlsTool --extract-prg system.fls
./FlsTool -x mvconfig_smp.fls
./FlsTool --extract-prg mvconfig_smp.fls
./FlsTool -x mobilevisor.fls
./FlsTool --extract-prg mobilevisor.fls
After unpack, these individual fls files contains PRG, EBL, PSI, meta files & the actual Android img file or binary files. Each of these extracted files, PRG, EBL, PSI, meta files are identical.
When you use dd command to backup these partition, it is not an Android image file nor a fls file & a dd restore with either the dd backed up or the fls file won't boot or work correctly
Eg.
Code:
adb shell su -c "dd if=/dev/block/platform/soc0/e0000000.noc/by-name/ImcPartID119 of=storage/sdcard1/recovery.img"
adb shell su -c "dd if=storage/sdcard1/recovery.img of=/dev/block/platform/soc0/e0000000.noc/by-name/ImcPartID119"
[COLOR="blue"]OR[/COLOR]
adb shell su -c "dd if=storage/sdcard1/recovery.[COLOR="Blue"]fls[/COLOR] of=/dev/block/platform/soc0/e0000000.noc/by-name/ImcPartID119"
[COLOR="blue"]OR[/COLOR]
fastboot flash recovery recovery.img
fastboot flash recovery recovery.[COLOR="blue"]fls[/COLOR]
[COLOR="blue"]OR[/COLOR]
fastboot flash system system.img
fastboot flash system system.[COLOR="blue"]fls[/COLOR]
When Hex edit/ compare those files, they are totally different. Eg. dd backed up recovery.img with recovery.fls is not the same.
The recovery.fls when unpack has three different regions, i think the existing FlsTool version 1.20 has bugs, it doesn't repack it back to the correct format.
recovery.fls_ID0_CUST_LoadMap0.bin is identical to mobilevisor.fls_ID0_CODE_LoadMap0.bin
recovery.fls_ID0_CUST_LoadMap1.bin is identical to mvconfig_smp.fls_ID0_CUST_LoadMap0.bin
recovery.fls_ID0_CUST_LoadMap2.bin is the actual Android recovery.img that can be unpack with AIK or CIK as already explained on this post here
Even if it works, custom recoveries such as PhilZ Touch or TWRP which is also using the dd command for backups, will not be able restore it correctly as it is not a fls file or an Android image file.
As for the boot.fls, what i did was change the default.prop & repack it back.
Code:
ro.secure=1 [COLOR="Blue"]<= Change to [B]0[/B][/COLOR]
ro.allow.mock.location=0 [COLOR="blue"]<= Change to [B]1[/B][/COLOR]
ro.debuggable=0 [COLOR="blue"]<= Change to [B]1[/B][/COLOR]
ro.adb.secure=1 [COLOR="Blue"]<= Change to [B]0[/B][/COLOR]
Unpack boot.fls
Code:
./FlsTool -x boot.fls
./FlsTool --extract-prg boot.fls
After unpack/ repack with AIK, copy image-new.img to the same folder.
Repack boot.fls
Code:
./FlsTool --psi boot/boot.fls_inj_PSI.bin --prg boot_0.fls --ebl boot/boot.fls_inj_EBL.bin image-new.img --tag BOOT_IMG -o new-boot.fls
After this, any exploit rooting software should work.
Found two new link for X70 (C6F9) -Android4.4.4-V1.05-5726 may be this one will solved the IMEI issues, i donno...
Source 1
Source 2
Conclusion : You can't do much on Intel x3 but to bug your device manufacturer to release the firmware then only rooting is possible otherwise forget it, its file system is not regular Android image, use the device as it is or you'll brick it in doing so...
4Good T700i 3G users
Since you guys confirmed X70 firmware can be downloaded successfully & the camera doesn't work after that, meaning the firmware is almost compatible except for the camera driver.
Since 4Good doesn't release the firmware, the correct way is to create an ebl.fls file, upload the boot.bin then port an unsecured-boot.fls & root it...
Code:
./FlsTool -x boot.fls
./FlsTool --extract-prg boot.fls
./FlsTool --hex-to-fls boot/boot.fls_inj_EBL.bin --prg boot_0.fls --psi boot/boot.fls_inj_PSI.bin --tag BOOT_IMG -o ebl.fls
View attachment 3475319
View attachment 3475321
Hex edit boot.bin & extract the boot.img( look for the header ANDROID! ), with above mentioned technique to make an unsecured boot.fls, unlock the bootloader, download this unsecured boot.fls then root it & the firmware stays as stock with both camera working.
View attachment 3475504
Or upload the boot.bin & i'll port an unsecured-boot.fls for you guys...
View attachment C5F9-ebl.fls.zip
View attachment C6F9-ebl.fls.zip
Or after rooting, copy all 4Good camera *.so files, flash x70 system.fls ONLY then manually use any ROOT Explorer to copy back these 4Good camera *.so files over & both cameras should work on 4Good after a reboot...
Theoretically, you can also dd the system.img, mount it, make changes then repack it back to fls file but then again, these files will be huge & i don't even know whether it works, never try that...
Code:
adb shell su -c "dd if=/dev/block/platform/soc0/e0000000.noc/by-name/ImcPartID068 of=storage/sdcard1/system.img"
adb pull storage/sdcard1/system.img
mkdir sys
sudo mount -t ext4 -o loop system.img sys/
Do whatever you want with the files & folders at [COLOR="Blue"]sys/[/COLOR]
sudo ./make_ext4fs -s -l 1024M -a system new.img sys/
sudo umount sys
./FlsTool --prg system_0.fls --ebl system/system.fls_inj_EBL.bin --psi system/system.fls_inj_PSI.bin new.img --tag SYSTEM -o new-system.fls
Download it with FlashTool_E2
Updates - Nov 2015
Thanks to benderit for sharing his detailed findings & how-tos for backing up/ creating a restored boot.img/ system.img via fastboot for x3 devices without FlashTool_E2 ROM... :good:
Updates - Jan 2016
Refer to here on how to create system.img on Win OS & using fastboot to flash it... :good:
Updates
The adb command adb shell ls -l /dev/block/platform/soc0/e0000000.noc/by-name correspond to recovery.fstab as shared on this post here EXCEPT for ImcPartID022 & ImcPartID121.
Hex editing the partition ImcPartID121 show that it is empty while ImcPartID022 shows there are some data inside it, i cannot tell whether its the bootloader or the IMEI info.
Those that lost their IMEI can use below command to backup & check whether there is data in it or its empty( all zero ). If its empty means the IMEI info might be at this partition...
Code:
adb shell su -c "dd if=/dev/block/platform/soc0/e0000000.noc/by-name/ImcPartID022 of=storage/sdcard1/ImcPartID022.img"
adb pull storage/sdcard1/ImcPartID022.img

To yuweng
Everything seems to be OK. And now after a week of try I finally understand that it was not worth trying. Because it finally become clear that it is nothing to do with IMEI. Very good yuweng.
It is seems that actually no one know how to resolve it.
And what is about trying different firmwares?
I just don't understand how would it help.
And about that all android systems are similar it also mistake.
If you want to restore IMEI on Nexus 4 you need special equipment.

The reason for your case i guess is everyone is new on your side, as the saying too many cooks spoil the broth...
Fyi, my previous device, the MTK, bcos of one Russian DEV shared his findings, thousands of users save hundreds of dollars each.... :good:
Bcos of one DEV shared his unpack/ repack script, i discovered that MTKs ROM can ported over to hundreds if not thousands of similar devices...
And Yes, i've also seen many that says they will never use PhilZ Touch or TWRP ever again bcos it corrupts their device, the reason for this is bcos no DEV is working on that device & end users just blindly installing it & complaining after that... The same at 4pda, few that swear to throw away their X70 too... :laugh: We need more DEVs to look into it then it will become a better Android device...
OT : And Yes, you can actually port 4Good firmware to work on X70 & vice-versa, when DEVs starts to work on it, if there is one, bcos it is an exact clone while mine is different, i donno, may be the newer X70 (C6F9) is compatible, i didn't try it...
Port means identify & taking parts of the firmware from other similar device & make it work on yours while flashing the whole firmware will normally leads to a brick device...

at now we tried flash 7 block of mmc (because we found many diffs in this block) from working device on dead[imei] - but nothing happens. Try work with whole mmc.

it seems that InvisiBot have already made the discovery... :good:
Haven't took a deep look at InvisiBot's findings yet, but found out my device is indeed an exact clone of x70 (C6F9), first flash the recovery.fls, got a landscape 3e stock recovery instead of the original portrait, then proceed to flash the system.fls, everything works except for bluetooth & wifi, last flash the boot.fls & now i got x70 (C6F9) ROM fully working on my device... :laugh:
i guess intel/ Teclast must have made some improvement to libhoudini, overall, it performs better than the original stock ROM with Xposed installed & with zram enabled ...
Updates
Guys, as i've always mentioned it on my other threads, users always feedback it doesn't work, pls describe every little steps that you took, it will be easier to trouble-shoot, narrow things down & solve your problems....
According to InvisiBot, he began experiment by Hex editing partition ImcPartID022 & that bricks his x70 & in doing so he found out there is a hidden feature that you can still download by holding the Power button for 10 seconds then release it & FlashTool_E2 will automatically start to download on your brick device, this mean intel x3 is truly unbrickable... :good:
Thats where he discovered that you guys use the erase whole flash at FlashTool_E2 & that erases the IMEI info, luckily he manage to get his IMEI back...
View attachment 3478674
WARNING : Never use both the erase whole flash option, it will delete your IMEI info ! You guys with the IMEI problem never even once mentioned that...
Conclusion
Indeed the partition ImcPartID022 contains both the IMEI info, device serial number & adb command => adb devices serial no. which is the same as SIM 1, good job InvisiBot... :good:
Code:
[COLOR="blue"]Setttings[/COLOR] => [COLOR="blue"]About tablet [/COLOR]=> [COLOR="blue"]Status [/COLOR]=> [COLOR="blue"]SIM 1[/COLOR]/ [COLOR="blue"]SIM 2[/COLOR]
On my x70 clone or shall i say an actual x70 (C6F9) rebrand, the offset is at different location.
Device serial no => 0x1AAC8
SIM 1 => 0x24360
SIM 2 => 0x2436C
adb command => adb devices serial no => 0x2549C
So do make a backup of partition ImcPartID022, this is the only partition that FlashTool_E2 cannot restore if you brick it.
Attention to InvisiBot
Since you said you're making a How-to Guide i'm not going to spoil the soup... :laugh: Don't forget to make one in English Language for sharing with XDA member here too... :good:
Attach below is my empty IMEI for your R&D, i think it should be the same as X70 C6F9...
View attachment EMPTY-C6F9-IMEI.zip
Search for the reference text as below
#IMEI01#
#IMEI02#
#ADB-SN#
##INTEL-X3-S/N## <= This is the 16 digit alphanumeric Serial number display at Settings => SIM1/ SIM2
Updates - Restore invalid IMEI
For those who lost their IMEI, you can try this Thanks to Invisibot & buxbux for the link... :good:
Don't ask me how-to, i've never loose my IMEI before so i donno how to use it, you'll have to find that out yourself...

How To Guide How to backup your partitions with command line (requires root)

How to backup partition images with dd on the command line (root required)​
We don't currently have a working custom recovery for the Xperia 10 III, but if you have root there's a simple method to dump partition images.
This is a very good idea and you should do it at least once, especially if you like to mess around the device a lot.
You won't be able to do this before you root, so by the time you do some partitions will not be stock anymore. Use XperiFirm instead to get the clean stock images.
Special partitions:​
The userdata partition holds all your personal files and system settings. It's huge (about 105 GB) and obviously you can't dump it into itself. You can dump it on an SD card if it's 128+ GB.
The super partition is a physical partition that contains several logical partitions (including system and vendor) That's why you won't find those in the partition list. This is done on Android 10+ devices to allow those logical partitions to be resized or rearranged as needed. You don't need to split out the internal logical partitions, you can flash back the entire super partition. The stock firmware also comes with a super image, not individual logical partitions.
Using a helper script:​There's a Magisk module called Backup (by Draco) which gives you a command line shell script you can use if you prefer. It mostly does the same things I described above. The script is here if anybody wants to just grab it directly.
On the plus side, the script knows to dump only the active A/B image (which is the one that interests you most). On the flip side, it doesn't have a feature to skip userdata.
So here is a shell command that will use the backup script to dump all partitions, but only those matching your device's active A/B slot, and skips userdata:
Code:
backup $(ls /dev/block/bootdevice/by-name/ | grep -v userdata | sed 's/_[ab]$//')
And here's one that also skips super:
Code:
backup $(ls /dev/block/bootdevice/by-name/ | grep -v userdata | grep -v super | sed 's/_[ab]$//')
How to dump partitions manually:​If you can't/won't use the helper script you can do it by hand. All the following commands need root:
Find the names of all the partitions:
Code:
ls /dev/block/bootdevice/by-name/
Dump one specific partition identified by NAME:
Code:
dd if=/dev/block/bootdevice/by-name/NAME of=NAME.img
Dump all partitions except userdata:
Code:
ls /dev/block/bootdevice/by-name/ | grep -v userdata | while read NAME; do echo dd if=/dev/block/bootdevice/by-name/${NAME} of=${NAME}.img; done
Find the active slot:
Code:
getprop ro.boot.slot_suffix
Get checksums for all the images after the dump:
Code:
md5sum *.img
Confused about _a and _b partitions?​You should read about A/B Seamless Updates.
Long story short, some partitions have two copies eg. boot_a and boot_b. When you boot up the device you use the partitions in one slot (eg. the _a partitions). When an OTA update is being downloaded, it writes into the partitions for the other slot (eg. the _b partitions). Your phone can stay in use while this happens. If the OTA fails nothing is broken, you just keep using the good slot partitions. After the OTA is successful you switch to the other slot and also have the previous version in the other slot in case you need to switch back.
This means that some of the _a and _b images for the same partition can be different for you! So it's strongly recommended to do the checksums, and also to find out which is your active slot, so you know which partitions you're using right now.

I used a 128 GB card to take a backup of userdata. The backup script had some trouble with the backup location being on the storage card for some reason and I didn't have time to figure it out, but the dd command I gave above worked fine.
Code:
# time dd if=/dev/block/bootdevice/by-name/userdata of=userdata.img
112111374336 bytes (104 G) copied, 2342.274225 s, 46 M/s
39m02.31s real 1m11.78s user 14m44.72s system
Code:
# adb pull /storage/1234-ABCD/backup/userdata.img ./
/storage/1234-ABCD/backup/userdata.img: 1 file pulled, 0 skipped.
87.2 MB/s (112111374336 bytes in 1225.663s)
So that's 104 GB that took 39 minutes to be written to a new Samsung Evo U3/V30 microSDXC (46 MB/sec real write speed) and 20 minutes to be read to the PC (Samsung Evo M.2) with adb pull over USB (87 MB/sec read speed). Just so you know what you're in for.

I was looking into whether I could speed up the process of taking userdata snapshots by dumping the partition directly to the PC, but you need to be root to access the device block. The stock ROM doesn't allow the command adb root, but I found this blog post which made me realize you can run a su -c command that asks dd to write to stdout and just pipe the output to a file. The post author has also made this helpful Python script which lets you do pulls and pushes with root-only files.
If you want to run the command directly (I've only tested on Linux, no idea if it works on PowerShell but it might):
Code:
# adb shell "su -c" "dd if=/dev/block/bootdevice/by-name/userdata" > userdata.img
If you want to use the Python script:
Code:
# adb-root.py pull /dev/block/bootdevice/by-name/userdata userdata.img
Using the same fast SSD on the PC side as above, I now get:
Code:
218967528+0 records in
218967528+0 records out
112111374336 bytes (104 G) copied, 1077.681097 s, 99 M/s
real 17m57.910s
So that's roughly 15 minutes compared to 1 hour total with the previous method and you don't need to have a 128 GB SD card anymore.

Are you able to switch to a different backup location? Say a USB OTG if possible.

mikeshutte said:
Are you able to switch to a different backup location? Say a USB OTG if possible.
Click to expand...
Click to collapse
With dd yes, simply move to the directory you want before you call dd.
The backup script is bugged and seems to ignore the -d parameter for the backup location so it always uses /sdcard/backup. (I think it might be expecting a different version of getopts...) Normally I would say to try creating a symlink from /sdcard/backup to the OTG storage but the ln utility is also behaving strangely and I can't make any symlinks (even with root).

wirespot said:
With dd yes, simply move to the directory you want before you call dd.
The backup script is bugged and seems to ignore the -d parameter for the backup location so it always uses /sdcard/backup. (I think it might be expecting a different version of getopts...) Normally I would say to try creating a symlink from /sdcard/backup to the OTG storage but the ln utility is also behaving strangely and I can't make any symlinks (even with root).
Click to expand...
Click to collapse
Ok I'll give it a try and see what happens. Thanks for your help.

Hi, I'm used to TWRP backups, so I don't really understand this tool. I've backedup everything except the massive userdata partition. If needed, how would I restore this? Is the userdata partition required when I have all the others?
Thanks!

jakito said:
Hi, I'm used to TWRP backups, so I don't really understand this tool. I've backedup everything except the massive userdata partition. If needed, how would I restore this? Is the userdata partition required when I have all the others?
Thanks!
Click to expand...
Click to collapse
This is basically the same thing that TWRP does, dd is a command line Linux tool that makes a "raw" copy of a partition.
Restoration is a bit more tricky. In theory you can simply dump the raw backup copy over the partition. The problem is that it's not ok to do it while the system is running. Typically it's done by booting into recovery (TWRP) and overwriting the partition from there.
Another method for restore is to use fastboot, which is an alternative tool you can boot into that only does one thing, write partitions. But fastboot is typically locked by the vendor to only write signed images, so it can only be used to write official release ROMs.
There are some limited uses for fastboot, such as overwriting the boot partition, which is not checked for signature anymore once you've unlocked the bootloader. So if you want to experiment with unofficial kernels and mess something up you can always restore a good boot partition with fastboot.
TLDR: for the time being until we get a working TWRP recovery the most you can do is take backups, but not restore them.

wirespot said:
This is basically the same thing that TWRP does, dd is a command line Linux tool that makes a "raw" copy of a partition.
Restoration is a bit more tricky. In theory you can simply dump the raw backup copy over the partition. The problem is that it's not ok to do it while the system is running. Typically it's done by booting into recovery (TWRP) and overwriting the partition from there.
Another method for restore is to use fastboot, which is an alternative tool you can boot into that only does one thing, write partitions. But fastboot is typically locked by the vendor to only write signed images, so it can only be used to write official release ROMs.
There are some limited uses for fastboot, such as overwriting the boot partition, which is not checked for signature anymore once you've unlocked the bootloader. So if you want to experiment with unofficial kernels and mess something up you can always restore a good boot partition with fastboot.
TLDR: for the time being until we get a working TWRP recovery the most you can do is take backups, but not restore them.
Click to expand...
Click to collapse
I see. Thank you nonetheless!

wirespot said:
This is basically the same thing that TWRP does, dd is a command line Linux tool that makes a "raw" copy of a partition.
Restoration is a bit more tricky. In theory you can simply dump the raw backup copy over the partition. The problem is that it's not ok to do it while the system is running. Typically it's done by booting into recovery (TWRP) and overwriting the partition from there.
Another method for restore is to use fastboot, which is an alternative tool you can boot into that only does one thing, write partitions. But fastboot is typically locked by the vendor to only write signed images, so it can only be used to write official release ROMs.
There are some limited uses for fastboot, such as overwriting the boot partition, which is not checked for signature anymore once you've unlocked the bootloader. So if you want to experiment with unofficial kernels and mess something up you can always restore a good boot partition with fastboot.
TLDR: for the time being until we get a working TWRP recovery the most you can do is take backups, but not restore them.
Click to expand...
Click to collapse
I don't know how I ended up but making a backup you can't restore is completely pointless.

Techguy777 said:
I don't know how I ended up but making a backup you can't restore is completely pointless.
Click to expand...
Click to collapse
No, it's not. All your data is in there. You can mount your backup on a linux computer and pull out apks as well as app data. You can then restore these folder by folder with adb and a root shell on your phone.
That beeing said, does anyone know a proper backup software like Titanium Backup for Android 11 and above? Sometimes I read recommendations, but looking at the ratings it seems that no software manages to achieve the same level of comfort and control. Also they all seem to suffer from the same limitations.
Let's be honest: Google wants to make your life hard, so they can lock you in.

@xperinaut
I'm using Titanium on Android 11. Is it not working for you?