[DUMP] Bootloader (from devkit atrix) - Atrix 4G Android Development

So I haven't tried to use this yet, but it was dumped from a devkit atrix that supposedly has a bootloader that doesn't blow
http://www.mediafire.com/?d13i7uxrhw38y7o
SHA: FDA1FDBFD70628CBF1C79361525168847A00830B (motoboot.bin)
DO NOT FLASH THIS!
jimmydafish said:
this is P3Droid again,
I have all Dev phones with matching consumer phones, granted these are on VZW, but in the past placing a Dev phone bootloader on a consumer phone would result in a system that is inoperable (basically a soft bricked device). I would strongly urge you to not modify this file until you have a way to backup and restore this file.
This is just a word of caution from someone and a group that actually possesses both dev and consumer model phones and have already attempted what you are proposing here.
either way good luck, but do not return the device to ATT if you break it.
Click to expand...
Click to collapse

designgears said:
So I haven't tried to use this yet, but it was dumped from a devkit atrix that supposedly has a bootloader that doesn't blow
http://www.mediafire.com/?q053u356h5u52zd
It can be flashed with Qualcomm QPST
http://www.filecrop.com/QPST.html
Click to expand...
Click to collapse
the link is dead

Does "doesn't blow" mean unlocked/non-encrypted?

t0dbld said:
the link is dead
Click to expand...
Click to collapse
Which? I was able to get a copy of motoboot.bin (I think, anyway. designgears, could you post a md5/sha hash of the bin file for us?)
FYI, here's what I have for the file I was able to download:
Code:
$ shasum motoboot.bin
fda1fdbfd70628cbf1c79361525168847a00830b motoboot.bin

really i cant tells me file has been removed can you mirror or send ?

"Doesn't blow" should mean "lets us load our own kernels" in this context I think
now to figure out how to get the dev bootloader onto our phones..

sorry, was uploading a compressed version

designgears said:
sorry, was uploading a compressed version
Click to expand...
Click to collapse
ok now to test... this would be great esp considering they jsut anounced on twitter that zoom comes with locked/unlockable bootloader

t0dbld said:
ok now to test... this would be great esp considering they jsut anounced on twitter that zoom comes with locked/unlockable bootloader
Click to expand...
Click to collapse
damn, wish we would have gotten that.

designgears? post the SHA or MD5 checksum of the bin file please? I want to get cracking but want to ensure my downloaded file is intact first.

perdurabo2 said:
designgears? post the SHA or MD5 checksum of the bin file please? I want to get cracking but want to ensure my downloaded file is intact first.
Click to expand...
Click to collapse
already did

perdurabo2 said:
designgears? post the SHA or MD5 checksum of the bin file please? I want to get cracking but want to ensure my downloaded file is intact first.
Click to expand...
Click to collapse
LOOKS PROMISING!!! so far went through with hex editor and i see no signatures etc !!!
lol so excited cant spell or type

Slow Down Everyone...
this is P3Droid again,
I have all Dev phones with matching consumer phones, granted these are on VZW, but in the past placing a Dev phone bootloader on a consumer phone would result in a system that is inoperable (basically a soft bricked device). I would strongly urge you to not modify this file until you have a way to backup and restore this file.
This is just a word of caution from someone and a group that actually possesses both dev and consumer model phones and have already attempted what you are proposing here.
either way good luck, but do not return the device to ATT if you break it.

Not to be too dense here, but how would we make use of this? Wouldn't we still be at square one regaring not being able to get this onto the device?
Sent from my MB860 using XDA App

t0dbld said:
LOOKS PROMISING!!! so far went through with hex editor and i see no signatures etc !!!
lol so excited cant spell or type
Click to expand...
Click to collapse
You are not listening and I'm trying to help you not brick your device. DO NOT FLASH THAT BOOTLOADER or you phone will not work...there are a lot more signatures than just the bootloader, in fact if you don't hack/crack the mbr or change the signing keys and verification in the NVRAM you will just sit there with a brand new paperweight.

perdurabo2 said:
designgears? post the SHA or MD5 checksum of the bin file please? I want to get cracking but want to ensure my downloaded file is intact first.
Click to expand...
Click to collapse
smiths-MacBook-Pro:~ smith$ shasum /Users/smith/Downloads/motoboot.bin
fda1fdbfd70628cbf1c79361525168847a00830b
smiths-MacBook-Pro:~ smith$ md5 /Users/smith/Downloads/motoboot.bin
MD5 (/Users/smith/Downloads/motoboot.bin) = f3cb372a7498f175b53dc7881e4bd3c2
​
P3Droid, you have past experience with Dev phones and retail phones, what does this mean to the hacking efforts? Does an unsigned bootloader move us past any of the previous obstacles or is this just something to study?

t0dbld said:
LOOKS PROMISING!!! so far went through with hex editor and i see no signatures etc !!!
lol so excited cant spell or type
Click to expand...
Click to collapse
humancyborg said:
Not to be too dense here, but how would we make use of this? Wouldn't we still be at square one regaring not being able to get this onto the device?
Sent from my MB860 using XDA App
Click to expand...
Click to collapse
If you would like to brick your device I can teach you how to get it on, but it will require you to be rooted and running a custom recovery, the other method requires a fully released sbf file.

jimmydafish said:
You are not listening and I'm trying to help you not brick your device. DO NOT FLASH THAT BOOTLOADER or you phone will not work...there are a lot more signatures than just the bootloader, in fact if you don't hack/crack the mbr or change the signing keys and verification in the NVRAM you will just sit there with a brand new paperweight.
Click to expand...
Click to collapse
i am listening and i am not flashing anything yet .. .i heard ya before and i hear ya now

Could this bootloader work on Defy also?

I do have to say though with this Xoom news... gives us hope that maybe with GB release for atrix that was promised soon and to include 1080p it might also come with unlock/lock

Related

Full NAND Unlock

Does anyone know if this will also work on the DInc?
http://forum.xda-developers.com/showthread.php?p=6800690
supagene said:
Does anyone know if this will also work on the DInc?
http://forum.xda-developers.com/showthread.php?p=6800690
Click to expand...
Click to collapse
not a chance unless/until we get an engineering build for the incredible (they tend to be hard to come by sometimes)
NAND has already been unlocked through a patched hboot on the Incredible, we're just waiting for a possible release.
Is this what you are referring to?
"Team unrEVOked is proud to announce that we and @AndroidBruce have the first HTC Incredible with a patched bootloader." - 6:00 PM Jul 16th via web
http://twitter.com/unrevoked
supagene said:
Is this what you are referring to?
"Team unrEVOked is proud to announce that we and @AndroidBruce have the first HTC Incredible with a patched bootloader." - 6:00 PM Jul 16th via web
http://twitter.com/unrevoked
Click to expand...
Click to collapse
Yup. Of course, that doesn't mean they're going to release soon, or maybe not at all, since there's a very real risk of bricking when you're ****ing with hboot.
Noob question here. I tried to search for the answer but couldn't find one.
Why would I want to do this when it seems to me that all of the options are available when I root the phone with Unrevoked3? Is there something more we gain with this full nand unlock?
Some applications try to write to /system for example AdFree so they can modify the hosts file. Currently none of the applications can actually write on the DInc because we only have write permissions when in recovery mode only. Once NAND is fully unlocked, we'll have all the applications running as expected.
supagene said:
Some applications try to write to /system for example AdFree so they can modify the hosts file. Currently none of the applications can actually write on the DInc because we only have write permissions when in recovery mode only. Once NAND is fully unlocked, we'll have all the applications running as expected.
Click to expand...
Click to collapse
I'd love to be able to use metamorph so I don't have to update themes so much... pushing apks with the phone booted really helps me to develop themes as well. Nand unlocked is something I miss about my old android phones....
heavensblade23 said:
Yup. Of course, that doesn't mean they're going to release soon, or maybe not at all, since there's a very real risk of bricking when you're ****ing with hboot.
Click to expand...
Click to collapse
Why would they announce and never release? If the were able to make an easy root app, I hope they can release something for the nand unlock. I wonder how long it will take them to release...
Sent from my ADR6300 using XDA App
supagene said:
Why would they announce and never release? If the were able to make an easy root app, I hope they can release something for the nand unlock. I wonder how long it will take them to release...
Sent from my ADR6300 using XDA App
Click to expand...
Click to collapse
They say they don't want to release the vulnerability they exploit for the NAND flash unlock because they don't want to to go away (get "fixed" by htc).
You can read about it at their wiki if you go to their site, select the Incredible, and select "More Info?"
ok too much misinformation seems to be getting linked together. so just this once ill comment.
we do have a few completely nand unlocked devices now. we have some more experimentation to go with hboot before it will be worthy of release, ie the fastboot commands. patching it is a slower process as you are correct, its easy to brick. we will be planning a release but do not presently have a timeframe. one problem is while with recovery a error would be corrected by trying again, hboot will brick. so if we do release its going to be a slightly technical process requiring more thought and knowledge so that you have the best chance of success.
aotothemax said:
They say they don't want to release the vulnerability they exploit for the NAND flash unlock because they don't want to to go away (get "fixed" by htc).
You can read about it at their wiki if you go to their site, select the Incredible, and select "More Info?"
Click to expand...
Click to collapse
The vulnerability has already been shown... i have a copy of the zip saved on my PC and can unlock my nand at will.. You go into hboot and type in some commands and then reboot and upon reboot into android your NAND is unlocked and you can do anything you want including write to /system while in actual android... then upon rebooting your phone a second time your nand relocks by default...
The reason i know this works is that i did the nand unlock and AdFree was able to successfully install a new hosts file on my phone with no problems.. and that program needs specific /system write access while in android itself... also i can remove files in my /system folder while in android using root explorer on the phone itself, without have to do adb at all
what unrevoked is trying to do now is make it permanent where it stays unlocked after a reboot.. but for now its pretty simple, all i have to do is not turn off my phone and my nand will stay unlocked
Shadowmite and Joe92T, thanks for clearing things up for everyone. I hope nobody goes looking for that zip and bricks their device before unrEVOked's release.
mahkee said:
Shadowmite and Joe92T, thanks for clearing things up for everyone. I hope nobody goes looking for that zip and bricks their device before unrEVOked's release.
Click to expand...
Click to collapse
The whole thread it was located in has been deleted because it was a leaked file and not an official release,the only people that have it are unrevoked and the people lucky enough to download the attachment before the mods found out
I'm glad it's being worked on. Once it works running true linux on the phone will be possible as would dual booting the phone.
Oh, I didn't know that. Thanks for clearing that up!
Sent from my ADR6300 using XDA App
sorry. Edited for your protection
The Dinc is my first android phone (from blackberries), but from what I can tell, HTC seems to not be as anal about exploits found as some other Android phone makers. I like that.
Does a full NAND unlock allow deleting system apps that were previously not able to be uninstalled with the device on ?
Yes that's what it means,
Sent from my HTC Incredible using Tapatalk

OTA update file (4.0.19915 to 4.1.26)

Here is the update that the test phones(4.0.19915 to 4.1.26) received right before the launch of the retail unit. You might think this is useless, but it paints a very clear picture of how Moto updates work on the Atrix.
For each file that is being updated it hash checks and then applies the binary patch. This means changing the file permissions, mounting the system as rw will not cause this to fail as someone else had mentioned before. When it comes time to update, we can extract it and run the patch against the retail dump to create an updated dump.
This also tells us we can use recovery to flash update.zip files, we just need to figure it out. This would be very helpful when creating an updated dump.
This file is downloaded to /cache/tmp. A simple script was used to capture it before it was deleted.
Download the file here:
http://www.ponack.net/designgears/atrix/update.7z
This is very good news.
does this also mean that an OTA can be packaged as a zip and "flashed" to a phone?
verrry nice
Thanks DG!
and please stay
we will miss you
GSeeker said:
Thanks DG!
and please stay
we will miss you
Click to expand...
Click to collapse
I will still be around doing things here and there
Anyway to unbrick my atrix with this?
hassanjanjua2002 said:
Anyway to unbrick my atrix with this?
Click to expand...
Click to collapse
What kind of brick do you have on your hands?
Also, thanks dg
Very informative!
Hmmm, tried to flash it as an update.zip through recovery and signature check failed. I'm guessing since this was prior to release it was test signed? Had to try since I need something via RSD, Recovery, or Fastboot to get my phone up and running again.
navalynt said:
Hmmm, tried to flash it as an update.zip through recovery and signature check failed. I'm guessing since this was prior to release it was test signed? Had to try since I need something via RSD, Recovery, or Fastboot to get my phone up and running again.
Click to expand...
Click to collapse
If you look in there you can see that it updates recovery, I am assuming it signs it and requires a signature now.
might want to try one with a test signature and see if that works.
Im on my tablet no computer. . . Is there a boot.bin in therr if so id like to run it through my keyfind program see if i can find the same aes key in it
t0dbld said:
Im on my tablet no computer. . . Is there a boot.bin in therr if so id like to run it through my keyfind program see if i can find the same aes key in it
Click to expand...
Click to collapse
baseband_ota.img and mbm_combo.bin
I want Update.zip signed for this orginal files from /system/lib
libskia.so
libskiagl.so
libwebcore.so
Because I changed these files to make the device read Arabic, but the device stops working and Restart
Now I want to push this and return the original files
designgears said:
baseband_ota.img and mbm_combo.bin
Click to expand...
Click to collapse
Lol damnit lying in bed so tired , but so tempted by what ever mbm_combo.bin is but linux machine and keyfind back at my store only cr-48 and mac air here not enough processing power :-( anyhow thanks so much for post i cant wait to check it out. On side note you sure you going to leave dg ? I mean ever sense we got dock hack figured out im more leaning twoards keeping it . . Also because this is first cheep device i have bought $150 small invesment payed $500 or more for most my devices and cause i think we will get bootloader now and something seems weird abiut that dev dump of gb being vanilla. Maybe an option they will offer to quiet the devs anyhow at least keep posting us the leaks if you wont stay
designgears said:
If you look in there you can see that it updates recovery, I am assuming it signs it and requires a signature now.
might want to try one with a test signature and see if that works.
Same situation here, as you already know. is there a forum for one with a test signature?
Click to expand...
Click to collapse
Im not a dev far from one but from what i am reading this sounds like some pretty good information has been gathered just from this old update.....Also you dont have to stay just keep the leaks and any others a coming....Thanks
it seems as they signed all of the partitions... have you guys looked at the odexed version.... under recoveryand overall... what are they trying to patch... BZIP2 is attached and renamed "updater"??? Also traces of BSDIFF just like in other moto images... .
Also this is from the radio_baseband image...
/localrepo/wxnk36/oly16101P/mdm6600/core/boot/secboot2/dbl/shared/src/dbl_mc.c
/localrepo/wxnk36/oly16101P/mdm6600/core/boot/secboot2/dbl/shared/src/dbl_error_handler.c
/localrepo/wxnk36/oly16101P/mdm6600/core/boot/secboot2/dbl/shared/src/dbl_flash.c
/localrepo/wxnk36/oly16101P/mdm6600/core/boot/secboot2/dbl/shared/src/dbl_configure.c
/localrepo/wxnk36/oly16101P/mdm6600/core/boot/secboot2/dbl/shared/src/dbl_partition.c
/localrepo/wxnk36/oly16101P/mdm6600/core/boot/secboot2/dbl/shared/src/dbl_loader.c
/localrepo/wxnk36/oly16101P/mdm6600/core/boot/secboot2/dbl/shared/src/dbl_auth.c
/localrepo/wxnk36/oly16101P/mdm6600/core/boot/secboot2/dbl/shared/src/dbl_target_accessor.c
/localrepo/wxnk36/oly16101P/mdm6600/core/boot/secboot2/dbl/shared/src/dbl_parser.c
/localrepo/wxnk36/oly16101P/mdm6600/core/boot/secboot2/dbl/target/qsc6695/src/dbl_target.c
/localrepo/wxnk36/oly16101P/mdm6600/core/boot/secboot2/dbl/target/qsc6695/src/dbl_flash_nand.c
/localrepo/wxnk36/oly16101P/mdm6600/core/boot/secboot2/dbl/target/qsc6695/src/dbl_flash_onenand.c
/localrepo/wxnk36/oly16101P/mdm6600/core/boot/secboot2/dbl/target/qsc6695/src/dbl_flash_shared.c
/localrepo/wxnk36/oly16101P/mdm6600/core/boot/secboot2/dbl/target/qsc6695/src/dbl_clk.c
OLYMPUSBP_N_01.61.01P.dbl
hassanjanjua2002 said:
designgears said:
If you look in there you can see that it updates recovery, I am assuming it signs it and requires a signature now.
might want to try one with a test signature and see if that works.
Same situation here, as you already know. is there a forum for one with a test signature?
Click to expand...
Click to collapse
are you brave enough to flash the engineering bootloader from the other tread.... ?
It might circumvent the signature checks...
Click to expand...
Click to collapse
zambezy said:
are you brave enough to flash the engineering bootloader from the other tread.... ?
It might circumvent the signature checks...
Click to expand...
Click to collapse
Not saying that I will do it, but; How would we flash those *.bin files to the phone?
mp2ning said:
Not saying that I will do it, but; How would we flash those *.bin files to the phone?
Click to expand...
Click to collapse
I'm guessing with NVFlasher

[REQ]Htc First/Myst System Dump

Like the title says im after the system dump for this device, it has already been leaked as a few sites are reporting having it so if anyone has it or knows where to find it please share so i can extract wallpapers sounds apps etc to share
Any advice on how to do a system dump? I should have my First in a few days.
fungflex said:
Any advice on how to do a system dump? I should have my First in a few days.
Click to expand...
Click to collapse
I have mine right now but I don't know how to go about dumping the system.
rooobbbbb said:
I have mine right now but I don't know how to go about dumping the system.
Click to expand...
Click to collapse
Do you have the Android SDK installed and are familiar with using adb?
dstaley said:
Do you have the Android SDK installed and are familiar with using adb?
Click to expand...
Click to collapse
Absolutely to both.
rooobbbbb said:
I have mine right now but I don't know how to go about dumping the system.
Click to expand...
Click to collapse
Could you check to see if it's possible to disable LTE? or did AT&T do something to prevent that as it does on every phone but the iPhone?
Sent from my SAMSUNG-SGH-I747
rooobbbbb said:
Absolutely to both.
Click to expand...
Click to collapse
IIRC, you should just be able to `adb pull /system` to get the important bits. It's not a full dump, but I think you need root level access for that. And the only way I know how to get root access is to flash a zip through recovery, and TWRP/CWM hasn't yet been released for the First.
I couldn't disable LTE but I don't see why I would, the battery is awesome. Can't dump anything right now I'm out. Am I the only person with this phone already?
Sent from my HTC first using xda premium
rooobbbbb said:
I couldn't disable LTE but I don't see why I would, the battery is awesome. Can't dump anything right now I'm out. Am I the only person with this phone already?
Sent from my HTC first using xda premium
Click to expand...
Click to collapse
Well, considering that it doesn't come out until tomorrow, I'd be willing to say yes.
I was wondering why no one was posting anything about it. Lol
Sent from my HTC first using xda premium
So in all seriousness, I have the First, I have the bootloader unlocked via htcdev.com, I'm rather familiar with adb and fastboot, and I would love to upload a system dump if someone can tell me what commands to run.
I'm trying `adb pull /system` right now, but it's getting "permission denied" on some files, so I don't know how useful that will be. I've also tried looking around online, but just about everything I find is assuming that you already have a custom recovery or a rooted system; nothing wants to tell me how to get myself to that state from scratch, and I'm very hesitant to just start flashing stuff at random without a proper image dump to fall back to.
Anyone have a good idea where to start?
nuclear_eclipse said:
So in all seriousness, I have the First, I have the bootloader unlocked via htcdev.com, I'm rather familiar with adb and fastboot, and I would love to upload a system dump if someone can tell me what commands to run.
I'm trying `adb pull /system` right now, but it's getting "permission denied" on some files, so I don't know how useful that will be. I've also tried looking around online, but just about everything I find is assuming that you already have a custom recovery or a rooted system; nothing wants to tell me how to get myself to that state from scratch, and I'm very hesitant to just start flashing stuff at random without a proper image dump to fall back to.
Anyone have a good idea where to start?
Click to expand...
Click to collapse
Do you have a retail AT&T First? Can you confirm that retail AT&T First is unlockable via htcdev?
Sent from my SAMSUNG-SGH-I747
Yes, this is a retail model, and yes, the bootloader was unlocked via htcdev.com.
nuclear_eclipse said:
So in all seriousness, I have the First, I have the bootloader unlocked via htcdev.com, I'm rather familiar with adb and fastboot, and I would love to upload a system dump if someone can tell me what commands to run.
I'm trying `adb pull /system` right now, but it's getting "permission denied" on some files, so I don't know how useful that will be. I've also tried looking around online, but just about everything I find is assuming that you already have a custom recovery or a rooted system; nothing wants to tell me how to get myself to that state from scratch, and I'm very hesitant to just start flashing stuff at random without a proper image dump to fall back to.
Anyone have a good idea where to start?
Click to expand...
Click to collapse
Humor me for a moment, if you will. Connect your device to your computer and run `adb root`. You should get a permission denied error of some sorts. I'm curious to see if Facebook is shipping with root enabled.
dstaley said:
Humor me for a moment, if you will. Connect your device to your computer and run `adb root`. You should get a permission denied error of some sorts. I'm curious to see if Facebook is shipping with root enabled.
Click to expand...
Click to collapse
Code:
[email protected] ~/first » adb root
adbd cannot run as root in production builds
^C
nuclear_eclipse said:
Code:
[email protected] ~/first » adb root
adbd cannot run as root in production builds
^C
Click to expand...
Click to collapse
That's what I figured would happen! It looks like this may be an option to root the 4.1.2 build. It worked on the One S and the Nexus 7, which gives me hope.
dstaley said:
That's what I figured would happen! It looks like this may be an option to root the 4.1.2 build. It worked on the One S and the Nexus 7, which gives me hope.
Click to expand...
Click to collapse
No good, but thanks for providing the link. The only shot we have left is waiting for the RUU to be leaked so we can pull recovery out of it, and get a CWM/TWRP made from it.
What is RUU and how does that help us? Sorry, just coming from a Nexus-only world, so I'm not familiar with modern HTC/Samsung devices.
Sent from my HTC first using xda premium
RUU stands for ROM Update Utility and is a Windows executable file that can flash and restore a HTC device. There are ways to extract binaries from this file, and if there are no root exploits that will work on this phone, we will need to extract the original recovery.img from that RUU to build a custom recovery, in which at that point allows us to flash SuperUser.apk to get root.
TRF-Inferno said:
RUU stands for ROM Update Utility and is a Windows executable file that can flash and restore a HTC device. There are ways to extract binaries from this file, and if there are no root exploits that will work on this phone, we will need to extract the original recovery.img from that RUU to build a custom recovery, in which at that point allows us to flash SuperUser.apk to get root.
Click to expand...
Click to collapse
RUUs for the HTC One were first available on March 26, just about a month after its announcement (and, oddly, a few weeks before it's general release). Since these have to be leaked by HTC, there's no telling when we will see those. Is there any chance another root exploit exists in stock Android 4.1.2 that we could exploit in order to get root?

Anyone who has a mofo flashed turbo... Help me help us

I'm working on a (100% legit legal and 100% ORIGINAL works) way to flash to our /system partition for kitkat.
I've put my turbo through physical abuse. And it finally croaked weeks after "the drop".
I would need someone who has flashed a /system img via mofo to run USBlyzer on the correct port during the flashing process and then save and upload the log file. I will guide as needed. Remote desktop would allow me to quickly setup and start the process.
No longer having a phone that even turns on, I've resorted to using as USBlyzer as my debugging info by comparing my output to the known correct output. However, I have only logged the beginning of an upload. I need a complete, in order log.
I can help in about 12 hours
Why not apply yourself to figuring out how to root 5.1, maintain root upgrading to 5.1, or how to use mofo to flash 5.1? I think people care more about that then anything else.
Because I've spent countless days on 4.4, I know how it works. Its actually pretty simple, way less complicated than when I first started with it. And I rather help those that were smart enough to stay on the 4.4 bootloader and waited for the mofo flashable 5.1 rom. Because anyone who cared or even had the fainted idea about exploits knew better than to upgrade, when they could STILL get 5.1, but would have to wait... like what less than a week before the first flashable image appeared?
5.1:
How it works: Nobody has a clue because the 4.4 loophole is patched.
4.4
How it works: (I'm just making an example don't pick apart my math or partition sizes)
system.img = 3.5gb
cache partition = 1.5gb
So with a modified fastboot, you will write to the cache partition, but send more than 1.5gb of data, since the /system partition is next in order anything you send now will actually write to /system and not the /cache partition.
There are a few quirks I've seen, fastboot sends the "download" command 2x back to back, while the first "download" command hardly sends anything. This has something I assume to be "fake writing" Not quite sure. Its like it writes a tiny amount of data to /cache, sends the second "download" command to now write to /system. I've noticed that the data sent to /cache is actually a clone of a portion of the data sent to /system. Also there is 3gb of ram on the device, so after that gets filled up, the flash command is sent, then it goes back to download commands.
At the end it erases /cache because its full of garbage.
koftheworld said:
Why not apply yourself to figuring out how to root 5.1, maintain root upgrading to 5.1, or how to use mofo to flash 5.1? I think people care more about that then anything else.
Click to expand...
Click to collapse
SaschaElble said:
Because I've spent countless days on 4.4, I know how it works. Its actually pretty simple, way less complicated than when I first started with it. And I rather help those that were smart enough to stay on the 4.4 bootloader and waited for the mofo flashable 5.1 rom. Because anyone who cared or even had the fainted idea about exploits knew better than to upgrade, when they could STILL get 5.1, but would have to wait... like what less than a week before the first flashable image appeared?
Click to expand...
Click to collapse
Fair enough that is exactly why I stayed on kk.
I still have not had anyone help out. If done right, nothing will be wiped or corrupted. Just need someone who has flashed a modded /system using mofo and still have that .img file. Flashing the same file again wont harm anything and will get me the info needed.
Does anyone have any info on the lolipop .img s
SaschaElble said:
I still have not had anyone help out. If done right, nothing will be wiped or corrupted. Just need someone who has flashed a modded /system using mofo and still have that .img file. Flashing the same file again wont harm anything and will get me the info needed.
Click to expand...
Click to collapse
I'm interested in helping, but I'm not interested in giving you remote access to my computer. No offense, I just don't know you and really have no reason to trust you. If you give me instructions on how to generate the log file that you want, I'll be happy to do it. I'm tech savvy enough to modify system images, so you shouldn't have to dumb it down too much for me.
TheSt33v said:
I'm interested in helping, but I'm not interested in giving you remote access to my computer. No offense, I just don't know you and really have no reason to trust you. If you give me instructions on how to generate the log file that you want, I'll be happy to do it. I'm tech savvy enough to modify system images, so you shouldn't have to dumb it down too much for me.
Click to expand...
Click to collapse
just use a vm...
Michaelmansour1997 said:
just use a vm...
Click to expand...
Click to collapse
Good idea. I'd be willing to do that.
Okay,
Download USBlyzer
Turn on device in fastboot mode
Open USBlyzer
On the left hand side of USBlyzer, watch, while you plug in the device
checkmark the new device in USBlyzer in the left hand side (should say xt1254 or turbo or fastboot or anything that indicates the turbo)
click "start capture" in USBlyzer
Open mofo and flash your rom as usual.
When mofo is done, go back to USBlyzer and save the capture log where you will remember.
That log data contains your device serial and UID for your turbo... Thanks for helping the turbo community!
TheSt33v said:
I'm interested in helping, but I'm not interested in giving you remote access to my computer. No offense, I just don't know you and really have no reason to trust you. If you give me instructions on how to generate the log file that you want, I'll be happy to do it. I'm tech savvy enough to modify system images, so you shouldn't have to dumb it down too much for me.
Click to expand...
Click to collapse
That should work
Michaelmansour1997 said:
just use a vm...
Click to expand...
Click to collapse
SaschaElble said:
Okay,
Download USBlyzer
Turn on device in fastboot mode
Open USBlyzer
On the left hand side of USBlyzer, watch, while you plug in the device
checkmark the new device in USBlyzer in the left hand side (should say xt1254 or turbo or fastboot or anything that indicates the turbo)
click "start capture" in USBlyzer
Open mofo and flash your rom as usual.
When mofo is done, go back to USBlyzer and save the capture log where you will remember.
Enjoy uploading 5-8gb of log data since you don't trust me being on your computer. Oh and since we are talking trust, that log data contains your device serial and UID for your turbo... SO actually you might not even want to do that either. Thanks for helping the turbo community!
Click to expand...
Click to collapse
I think I can handle that. Unless you were planning on coming to my house with a flash drive, I'm pretty sure a large file transfer was inevitable, so I'm okay with uploading it somewhere. Thanks for the info about the sensitive information though. If I can figure out how to remove that from the log, I will do so before sending it to you. If I can't, I'll consider sending it to you anyway. If I can't do any of that (because, you know, apparently I'm a moron for not immediately realizing that I could use a VM to have you do this exact same thing), then sorry for bugging you.
TheSt33v said:
I think I can handle that. Unless you were planning on coming to my house with a flash drive, I'm pretty sure a large file transfer was inevitable, so I'm okay with uploading it somewhere. Thanks for the info about the sensitive information though. If I can figure out how to remove that from the log, I will do so before sending it to you. If I can't, I'll consider sending it to you anyway. If I can't do any of that (because, you know, apparently I'm a moron for not immediately realizing that I could use a VM to have you do this exact same thing), then sorry for bugging you.
Click to expand...
Click to collapse
Open the log (ends in .ulz) in a hex editor such as HxD, and you can zero out your serial and UID, I apologise for the rude response. I've surprisingly had lots of resistance getting everyone on the same page here on xda. I did screw up by posting a modded mofo package, but that needs to be water under the bridge. I'm working on making a legit version.
The part that was surprising is how a few people had the knowledge on how to make a clean and 100% original version but refused to share it or gave vague hints.
SaschaElble said:
Open the log (ends in .ulz) in a hex editor such as HxD, and you can zero out your serial and UID, I apologise for the rude response. I've surprisingly had lots of resistance getting everyone on the same page here on xda. I did screw up by posting a modded mofo package, but that needs to be water under the bridge. I'm working on making a legit version.
The part that was surprising is how a few people had the knowledge on how to make a clean and 100% original version but refused to share it or gave vague hints.
Click to expand...
Click to collapse
No worries. I've been following your posts. I don't really care about who you piss off. You seem to be knowledgeable/talented enough to recreate and improve upon mofo, and that's good enough for me. Just promise me that you'll send me a copy of whatever you come up with if you get yourself banned again .
I'll start the process as soon as I'm near my PC, and I'll pm you a link as soon as the upload is complete.
TheSt33v said:
No worries. I've been following your posts. I don't really care about who you piss off. You seem to be knowledgeable/talented enough to recreate and improve upon mofo, and that's good enough for me. Just promise me that you'll send me a copy of whatever you come up with if you get yourself banned again .
I'll start the process as soon as I'm near my PC, and I'll pm you a link as soon as the upload is complete.
Click to expand...
Click to collapse
lol. I will for sure! But I won't get banned again. Not if everyone plays by the same rules they expect me to.
Anyone is free to contact me at (Edit: I was such an idiot. 5 years later... wow. ) If you want an easy two click way to get onto my channel on IRC follow the link in my signature.
if i was rooted id help, but i have one turbo on lolipop and one bricked which is supposed to be on lolipop
Michaelmansour1997 said:
if i was rooted id help, but i have one turbo on lolipop and one bricked which is supposed to be on lolipop
Click to expand...
Click to collapse
I would buy the bricked one, or you can let me see if I can fix it remotely.
NEW:
My vouching thread for those who I request access to their device remotely or gain knowledge of sensitive information:
http://forum.xda-developers.com/general/off-topic/saschaelble-vouching-thread-want-help-t3150299
Do you have a hangouts

Got Sprint Userdebug

this one was more of a proof of concept but it works. you will get the red triangle but don't worry about it. BUUUUUT if you wanna run it. Here's how:
DISCLAMER: first and foremost, I take NO responsibilities for the possibility of a bricked phone(none whatsoever). if you brick it, it's YOUR fault, not mine.
ALWAYS BACKUP YOUR DATA BEFORE YOU DO ANYTHING
1.your phone has to be fully running ZV4. DO NOT DELETE YOUR DATA (but do back it up in case something does happen)
2. Make sure you have LGUP working. if not, refer to here
3. Download the edited ZV4.tot from here, and extract the zip.
4. Put phone in download mode ( Phone off, vol up while plugging in usb from PC).
5. Start LGUP
6. Make sure you see a com # and phone model
7. At the bottom where it says BIN, select it, at which point you should see 3 dot on the right, select it and choose the tot file that you downloaded from here
8. make sure you select "update" and none of the others. if you select any of the other options it will bootloop the phone.
If you bootloop your device:
1. Put phone in download mode ( Phone off, vol up while plugging in usb from PC).
2. Start LGUP
3. Make sure you see a com # and phone model
4. At the bottom where it says BIN, select it, at which point you should see 3 dot on the right, select it and choose the original ZV4 .tot file that you got from Honestly Annoying that he has listed here
5. select "refurbish", then "start" and wait for the magic.
I give creds to Honestly Annoying, and Tungkick for providing the original ZV4 tot file
schizoidd said:
this one was more of a proof of concept but it works. you will get the red triangle but don't worry about it. BUUUUUT if you wanna run it. Here's how:
DISCLAMER: first and foremost, I take NO responsibilities for the possibility of a bricked phone(none whatsoever). if you brick it, it's YOUR fault, not mine.
ALWAYS BACKUP YOUR DATA BEFORE YOU DO ANYTHING
1.your phone has to be fully running ZV4. DO NOT DELETE YOUR DATA (but do back it up in case something does happen)
2. Make sure you have LGUP working. if not, refer to here
3. Download the edited ZV4.tot from here
4. Put phone in download mode ( Phone off, vol up while plugging in usb from PC).
5. Start LGUP
6. Make sure you see a com # and phone model
7. At the bottom where it says BIN, select it, at which point you should see 3 dot on the right, select it and choose the tot file that you downloaded from here
8. make sure you select "update" and none of the others. if you select any of the other options it will bootloop the phone.
If you bootloop your device:
1. Put phone in download mode ( Phone off, vol up while plugging in usb from PC).
2. Start LGUP
3. Make sure you see a com # and phone model
4. At the bottom where it says BIN, select it, at which point you should see 3 dot on the right, select it and choose the original ZV4 .tot file that you got from Honestly Annoying that he has listed here
5. select "refurbish", then "start" and wait for the magic.
I give creds to Honestly Annoying, and Tungkick for providing the original ZV4 tot file
Click to expand...
Click to collapse
What exactly does this do? I'm very interested in this... It has some potential
Also, what is the red triangle? Does it not let you boot?
Honestly Annoying said:
What exactly does this do? I'm very interested in this... It has some potential
Also, what is the red triangle? Does it not let you boot?
Click to expand...
Click to collapse
it lets you boot fully. you just get a warning that your device can't be verified
schizoidd said:
it lets you boot fully. you just get a warning that your device can't be verified
Click to expand...
Click to collapse
Damn... great job with this! Can you please explain (with as much detail as you can) how you did this? This is extremely promising and I'm trying out some stuff now
Honestly Annoying said:
What exactly does this do? I'm very interested in this... It has some potential
Also, what is the red triangle? Does it not let you boot?
Click to expand...
Click to collapse
Honestly Annoying said:
Damn... great job with this! Can you please explain (with as much detail as you can) how you did this? This is extremely promising and I'm trying out some stuff now
Click to expand...
Click to collapse
well, simply I used a hex editor
schizoidd said:
well, simply I used a hex editor
Click to expand...
Click to collapse
But what parts did you edit? This could be very helpful
@autoprime Anything here?
Is this a pre-rooted tot file?
newbreedsoftware said:
Is this a pre-rooted tot file?
Click to expand...
Click to collapse
no. all it does is make your device show userdebug. nothing else is done, no root, no nothing. this one was a proof of concept to see if editing the .tot file would work.
What the crap @schizoidd. I live in Boise too.
I'd possibly be down to help out.
A thing about signatures, if it's a md5 type signature, you can make changes and not trigger failed verification if all characters are in there. Moved around but not changed. Like string "abcdef" can be changed to "fedcba" because it still evaluates the same. So maybe change a tot's security directory to the reverse and the phone won't be able to find it. I think I read that somewhere on these boards.
Would this work with the dirtysanta exploit from the LG v20?
i am not sure if this is an actual debug firmware.. it almost seems he took a stock zv4 tot and simply used a hex editor to say its a debug firmware?
eagleeyered said:
mostly. took a lot more than that. only used the hexeditor to extract the images for edit and to put them back in.
Click to expand...
Click to collapse
my point was, just because it was modded to "look" like a debug doesnt make it a debug.. if it was youd have fastboot enabled and you could simply unlock the bootloader..
---------- Post added at 01:24 AM ---------- Previous post was at 01:24 AM ----------
essentially that makes this thread misleading as you dont have sprint user debug
eagleeyered said:
who said it was me that created that file. that was all schizoidd. but i can tell you that there was a lot more than "just edited to look like userdebug". if it was edited to look like that, it wouldn't say that it was edited on boot, nor would it boot at all. it would just brick your device. now as he said, "this one was more of a proof of concept". in other words, it was made to see if the TOT for ZV4 (and others) could be picked apart and edited and put back together.
you do realize that the userdebug/eng ZV4 boot.img that tunkick released was used to make that even bootable. and it was schizoidd that realized that it was a userdebug boot, not an eng boot. if it wasn't for schizoidd, the userdebug on ZV4 would have never been released. it was only a proof of concept(i.e. bugs). fastboot is one and adb root is the other. but if you also look around, there was a ZV4 fastboot that was released. which kind of worked. and as we get close to releasing a good modded tot for the latest version of the software for our device, another one gets released. And as there are only 5 (yes 5) give-or-take people working diligently on attaining root for the LS992 with only 2 test devices, that stuff takes time, especially when one has to be replaced. for the record, 8 phones have been fried while attaining root (and that is out of pocket for the cost of those devices). so until we can get more people on the project, either as testers or as devs, it will take a while.
Click to expand...
Click to collapse
before you get panties in a bunch no one ever said you released anything.. was just going based off his posts and clearly saying all he did was use a hex editor and you guys not having any actual ddbug features it doesnt appear to be a debug firmware.. if it did youd have an unlocked BL already with fastboot
eagleeyered said:
just to give you a heads-up. ALL of the fastboot areas have been disabled and aren't in the aboot.img at all for the LS992. the only one that has fastboot that is close to what is needed is the tmobile version. and integrating 2 boot and 2 aboots and tring to get it to boot is hard. especially since an improper edited aboot results in bricked device.
And i was only pointing out the facts. i aint at all mad.
Click to expand...
Click to collapse
just a heads up, if you had debug firmware the aboot would have the necessary fastboot commands.. thats what im tryna tell you lol
we got a debug firmware on the lg v20 and debug aboot was already unlocked and had fastboot working
---------- Post added at 03:45 AM ---------- Previous post was at 03:44 AM ----------
not to mention the OPs account was disabled lol.. i wonder why
eagleeyered said:
as we dont have an actual userdebug device, we have to build the bootloader from the ground, up from source (kind of a pain).
although the QSEC_HASH key is the same from the LS992 and the V20. so might be able to pull some things from that, and they are based on the MSM board. i just want to make sure before saying the V20 root method will work, i wanna check to make sure that the aboot and boot is compatiblle
Click to expand...
Click to collapse
lol if you are making it from the ground up then it will never be a debug firmware.. debug firmwares come directly from the device manufacturer/carrier.. not something domeone just whips up..
youre not creating a debug anytjing, you guys are trying to find a way to unlock/root the device is all lol
eagleeyered said:
no one said it was easy.
Click to expand...
Click to collapse
i know.. but op sayin he got userdebug isnt true lol he has a slightly modified rom that if anything is only visually a userdebug
eagleeyered said:
oh, and do you wanna know why Schiziodd was banned? he was banned for the simple fact that him and one other person got into an arguement and due to that person using a technicallity in words and also trapping, he got banned. if he had known that what he had was what it was, he would have deleted it and added it for everyone and then left it at that.
Click to expand...
Click to collapse
lol sorry but this comment confuses me.. he was banned due to a technicality in words?? wht does that even mean lol.. he was trapped on xda??
and if he knew what he had was what it was he could have deleted it and add it for everyone then left? why would he delete and readd?
it sounds like he took someone elses work and got banned for it but who knows, im not a mod lol but doesnt seem to be a trustworthy fellow at all...
elliwigy said:
lol sorry but this comment confuses me.. he was banned due to a technicality in words?? wht does that even mean lol.. he was trapped on xda??
and if he knew what he had was what it was he could have deleted it and add it for everyone then left? why would he delete and readd?
it sounds like he took someone elses work and got banned for it but who knows, im not a mod lol but doesnt seem to be a trustworthy fellow at all...
Click to expand...
Click to collapse
Please check PMs, ignore eagleeyered...
Also you are very right about this only being hex edited. there is no official userdebug anything in this TOT, as I have tested this and flashed myself. Thread is misleading.
eagleeyered said:
[/COLOR]i have a ZV4 userdebug that boots and has the system set to RW. the only reason it's not released is due to the fact that not a lot of people are on ZV4.
Click to expand...
Click to collapse
So, less than a month ago, you're telling people on 4 not to update because IT'S COMING!! within a month. Now you're saying you've got it, it works, AND ON TIME, but you're not going to release it because, what, the "not a lot of people" who would want it, wouldn't want it now?
Hell, if I was actually able to deliver on something that big, ESPECIALLY within the time frame I set for it, I'd be paying Google to get my work to the top of search results. I'd be going door to door with it. I'd set up shop in front of Sprint stores until they stop selling the device, crowing about my ability to get RW to ANY build of this thing. But, that's just me, I guess.
You see how incredibly fishy that seems?

Categories

Resources