Related
Current Status 7/14
Without the NAND being unlocked, we are unable to re-write to the recovery partition. Other than that everything is working good. Unlocked NAND=One Click Root!
This method is directly based on the new root process for the Eris released on xda.
Original thread can be found here
The following information is taken directly from the thread mentioned above with some small modifications by me for the Incredible.
Big thanks to tereg for the toolkit and the guys who rooted the EVO with a file write/chmod race condition exploit that gave me the idea for this.
jcase noticed that a race isn't actually nessisary to exploit the chmod 777 on the file I've been working with, simplifying the script alot.
I used the files from the adb development pack that Tereg put together. Download them here. You don't need them for this root process as long as you have a working adb install.
You will need adb access. Install the android sdk for your platform (macos, windows, linux) get it for your OS here.
If you don't know how to install the sdk, search xda, there are a ton of howtos for that.
Files to download:
hack-v5-DINC.zip
A ROM file
Android SKD (skip if you have a working adb)
Instructions for linux/OSX.
Have adb in your path, or move the files contained in hack-v5-DINC.zip into your sdk/tools directory so your pushes will work properly.
FOR ALL OS's Make sure your phone has Applications->Development->USB Debugging turned on.
Do NOT have your phone in Disk Drive Mode, have it in Charge Only.
Open a terminal window in your /tools/ directory. Type this at the prompt.
Code:
sh runinlinux.sh
This will take a few minutes, follow the instructions on your screen.
If you get adb: command not found, edit runinlinux.sh and change every
Code:
#/bin/bash
adb push flash_image /data/local/
adb push recovery.img /data/local/
adb push testfile /data/local/
etc...
to
Code:
./adb push flash_image /data/local/
./adb push recovery.img /data/local/
./adb push testfile /data/local/
etc...
Instructions for windows (thanks tereg!)
Download the hack.zip file and extract it to the desktop. So, you have a folder on the desktop called hack. I would recommend moving or copying those files (EDIT: that are contained in the hack folder) to the C:\android-sdk-windows\tools folder. Why? Because the script runs "adb ____" commands, and unless you've set up adb to be able to run anywhere within the command prompt, the script won't run. So, it will universally work if the files in the hack folder are placed in C:\android-sdk-windows\tools
So, open a command prompt by pressing WindowsKey+R, or going to Start-Run (in WinXP) and typing
Code:
cmd
in the text box there and press OK
If you are in Windows Vista/Windows 7, go to the Start Menu, then type in
Code:
cmd
in the search bar in the lower right-hand corner of the start menu and press enter, and locate Command Prompt in the search results, or go to Start -> All Programs -> Accessories -> Command Prompt
Type
Code:
cd C:\android-sdk-windows\tools
and press enter
Now, I recommend pushing the ROM you want to flash to the SD card now.
Code:
adb push ROM.zip /sdcard
Then, type
Code:
runindos.bat
to execute the script.
You might have to run it 2 or 3 times for it to work. If it fails, just reboot the phone normally, then run
Code:
runindos.bat
again once the phone is booted back up and you're ready.
----------(Thanks again tereg!)
It will scan for a long time, give it at least 5 minutes. If it doesn't come back after 5 minutes cntrl +c to stop it, start the process again. MOST PEOPLE HAVE TO RUN THIS AT LEAST TWICE!
If your device reboots into a new screen with options on it, you now have root in recovery mode. At this point you will be flashing your Incredible's brains, so YOUR PHONE WILL BE BLANK AFTER LOADING A NEW ROM! All of your apps/numbers will be gone from the phone.
I suggest a nand backup first.
Download and copy one of these ROM's to your sdcard as update.zip and flash it with flash zip from sdcard by selecting "Install zip from sdcard".
The first boot after loading a new ROM takes quite a while to show any activity to the screen. Give it a good 5 minutes before you start wondering if it's ever going to come back.
---
runinlinux.sh
---
Code:
#/bin/bash
adb push recovery.img /data/local/
adb push flash_image /data/local/
adb shell chmod 777 /data/local/recovery.img
adb shell chmod 777 /data/local/flash_image
adb shell rm /data/local/rights/mid.txt
adb shell ln -s /dev/mtd/mtd1 /data/local/rights/mid.txt
echo "Files copied and permissions set, rebooting HTC Andriod 2.1"
adb reboot
echo "Your phone will now reboot into normal mode, then reboot into recovery mode. If it does not reboot the second time, wait 10 minutes and manually reboot and begin again."
echo "Your phone is now rebooting in Rooted Recovery mode, do a backup and load your ROMs"
adb wait-for-device
adb shell /data/local/flash_image recovery /data/local/recovery.img
adb reboot recovery
---
runindos.bat
---
Code:
@echo off
adb push recovery.img /data/local/
adb push flash_image /data/local/
adb shell chmod 777 /data/local/recovery.img
adb shell chmod 777 /data/local/flash_image
adb shell rm /data/local/rights/mid.txt
adb shell ln -s /dev/mtd/mtd1 /data/local/rights/mid.txt
echo "Files copied and permissions set, rebooting HTC Andriod 2.1"
echo "Your phone will now reboot into normal mode, then reboot into recovery mode. If it does not reboot the second time, wait 10 minutes and manually reboot and begin again."
adb reboot
adb wait-for-device
echo "Your phone is now rebooting in Rooted Recovery mode, do a backup and load your ROMs"
adb shell /data/local/flash_image recovery /data/local/recovery.img
adb reboot recovery
This thread is intended to be an think-tank, similar to the one on the eris forums where I got the idea from. Let the ideas flow!
has this been tested to work on the INC? if not why has this been posted.
outsid0r said:
has this been tested to work on the INC? if not why has this been posted.
Click to expand...
Click to collapse
uhm....do you read?
"This thread is intended to be an think-tank, similar to the one on the eris forums where I got the idea from. Let the ideas flow!"
no. this is not working yet. thats why the title even has {development} in it. the process is almost working, and this is a develpoment thread to work out the issue-which is also in big letters at the top...see where it says
"Without the NAND being unlocked, we are unable to re-write to the recovery partition. Other than that everything is working good. Unlocked NAND=One Click Root!"
So once we solve a much more difficult problem, the less difficult will be easier.
Makes sense.
We already know how to unlock the nand vs the exploit posted last night...also unrevoked will have it done In a few days anyway
Sent from my HTC Incredible using the XDA App
adrynalyne said:
So once we solve a much more difficult problem, the less difficult will be easier.
Makes sense.
Click to expand...
Click to collapse
the difficult problem has already been solved. the unrEVOked team already has the NAND unlocked. now its whether they want to share and make it a true one-click root method, or if they are going to keep it a secret and keep koush's clockworkmod recovery as the only possibility. this tool still uses the clockworkmod recovery, but after a NAND unlock your given the option to change. since koush is working for them too, im starting to think more and more that they are going to keep the monopoly.
im hoping that they will just incorporate their NAND unlock method into this root process. they can even re-lock it after the process is done as they do in their re-flash tool to preserve the monopoly, but a true one-click root is now possible with their co-operation. ive messaged them asking if they want to help out. we will see soon enough, so cross your fingers!
they can even re-lock it after the process is done as they do in their re-flash tool to preserve the monopoly
Click to expand...
Click to collapse
You just lost a ton of respect from me, and I suspect more than a few others. Talk about biting the hand that feeds you.
adrynalyne said:
You just lost a ton of respect from me, and I suspect more than a few others. Talk about biting the hand that feeds you.
Click to expand...
Click to collapse
So I see we have this starting up again....shakes head at OP..
@adrynalyne best to just ignore these people...its not like the winmo days is it man? Le sighe
Good advice, you are right. I will ignore this stuff in the future.
No, not like the winmo days at all. I've never seen so much anomisity and jealousy in a community before like there is for Android.
All I can say is we already intended to release this method, we were making a pretty robust obfuscation for it. But again the community has jumped before thinking and posted the bug for HTC to fix. There might not be any root's left after this one is burnt. Which it now is. Our tool will be released as is soon enough.
We don't care to create a monopoly, we happily work with others that ASK. Those that just jump and tell the world all the secrets we don't want plugged are just stupid, plain and simple.
adrynalyne said:
You just lost a ton of respect from me, and I suspect more than a few others. Talk about biting the hand that feeds you.
Click to expand...
Click to collapse
LOL Whatever, it isnt like respect from you is something anyone cares about. I like someone with the nerve to speak the truth no matter how unpopular it might be.
outsid0r said:
has this been tested to work on the INC? if not why has this been posted.
Click to expand...
Click to collapse
Please read. Think tank! I applaud this dude for trying. More than many others do here!
fader01 said:
LOL Whatever, it isnt like respect from you is something anyone cares about. I like someone with the nerve to speak the truth no matter how untrue it might be.
Click to expand...
Click to collapse
Fixed that for ya.
adrynalyne said:
You just lost a ton of respect from me, and I suspect more than a few others. Talk about biting the hand that feeds you.
Click to expand...
Click to collapse
Shadowmite said:
All I can say is we already intended to release this method, we were making a pretty robust obfuscation for it. But again the community has jumped before thinking and posted the bug for HTC to fix. There might not be any root's left after this one is burnt. Which it now is. Our tool will be released as is soon enough.
We don't care to create a monopoly, we happily work with others that ASK. Those that just jump and tell the world all the secrets we don't want plugged are just stupid, plain and simple.
Click to expand...
Click to collapse
it seems like my comment was taken the wrong way.
for one, clockworkmod recovery is the only one that works on the DINC AFAIK, amon_ras isnt working on here either.
the monopoly is basically a monopoly because of the lack of other available options, not necessarily because its enforced.
i apologize if it came off the wrong way or insulted anyone with the preceding comments.
i meant this thread as a co-operative think-tank, it wasnt my intention to start a big ordeal.
adrynalyne said:
Good advice, you are right. I will ignore this stuff in the future.
No, not like the winmo days at all. I've never seen so much anomisity and jealousy in a community before like there is for Android.
Click to expand...
Click to collapse
@adrynalyne yeah its a real rough community at times, but what ya gonna do right...its hard for me to ignore them at times too
@shadowmite. thanks for your guys hard work....the ignorant ones are everywhere nowadays, hope they don't get you guys down.
Cheers!
Shadowmite said:
All I can say is we already intended to release this method, we were making a pretty robust obfuscation for it. But again the community has jumped before thinking and posted the bug for HTC to fix. There might not be any root's left after this one is burnt. Which it now is. Our tool will be released as is soon enough.
We don't care to create a monopoly, we happily work with others that ASK. Those that just jump and tell the world all the secrets we don't want plugged are just stupid, plain and simple.
Click to expand...
Click to collapse
hmm. well i guess thats what happens when people try to help out the community...maybe next time i just wont do anything... :/
and FYI...i did contact you. i sent you a PM earlier today.
this method has been used on the EVO and hasnt been plugged, and its been in the works on the Eris-also an HTC phone- for quite a long time, and in the same way this is...a co-operative community effort to make the phone the best that it can be.And its still not been plugged.
id worry less about HTC plugging the exploits and more about getting the exploits available to the public.
Correct, you are not the original one leaking the method. But my point is devs capable of finding things like this should be capable of thinking about it being plugged. HTC fixed our recovery hold in the next OTA. Now it's quite possible nand and this root will be patched also. we have NO OTHER WAYS IN... Thats it. besides some VERY complicated exploits we are OUT after the next ota.
I got your pm's, but only after you posted this.
It's a moot point, our one click root is due out in a few minutes. we were going to further lengths to protect the method, but it's out anyway at this point.
Shadowmite said:
Correct, you are not the original one leaking the method. But my point is devs capable of finding things like this should be capable of thinking about it being plugged. HTC fixed our recovery hold in the next OTA. Now it's quite possible nand and this root will be patched also. we have NO OTHER WAYS IN... Thats it. besides some VERY complicated exploits we are OUT after the next ota.
I got your pm's, but only after you posted this.
It's a moot point, our one click root is due out in a few minutes. we were going to further lengths to protect the method, but it's out anyway at this point.
Click to expand...
Click to collapse
well i apologize for the fact that i may/may not have ruined your chances to make a big announcement for your release, but IMO its kinda bs that you keep the info on lockdown. the whole point of android is that its open. a select amount of people shouldnt consider themselves the gatekeepers of important information.
ban_dover said:
well i apologize for the fact that i may/may not have ruined your chances to make a big announcement for your release, but IMO its kinda bs that you keep the info on lockdown. the whole point of android is that its open. a select amount of people shouldnt consider themselves the gatekeepers of important information.
Click to expand...
Click to collapse
From our wiki, which you appearently haven't read:
http://unrevoked.com/rootwiki/doku.php/public/unrevoked2
That doesn't seem fair! Android is about open source.
In some senses, we agree; but at times, a tradeoff needs to be made. Releasing the source code for this, we believe, would compromise the greater ability to unlock devices like these in the future. Given the choice between sacrificing the liberty of running code on our handsets and the liberty of reading the code by which we unlock it, we feel that the millions of handsets are more important. It is unfortunate that we must make such a choice, and we look forward to the day in the future that no such decision need be made.
Click to expand...
Click to collapse
Shadowmite said:
From our wiki, which you appearently haven't read:
Click to expand...
Click to collapse
already read it.
i dont take my opinions from things i read. i take the information and draw my own conclusions. and in this case my conclusion is that, while i can see your point i still disagree.
Hey guys, it took me 3 whole days to find the right way to downgrade.
Note: This is to be done at your own risk; I am not responsible for any damage or harm caused by this process.
Note: Information in this guide is taken from the works of following Authors:
1. wag3slav3: (http://forum.xda-developers.com/showthread.php?t=725430)
2. Paul (http://android.modaco.com/content/ht...rom-froyo-ota/)
3. TheDeadCpu: (http://forum.xda-developers.com/showthread.php?t=746454)
Please Follow the Instructions Carefully; to ensure success!
Items Required:
1. HTC Legend
2. 1 MicroSD Card (Gold Card)
3. 1 Micro USB Cable
4. Full Charge Recommended
5. Windows OS (I used W7)
Other Stuff:
1. Android SDK
2. hack4legend-v5.zip
3. RUU 1.31 for Legend
Common Errors Faced in the Process:
1. c---rw---- INSTEAD OF crwxrwxrwx
2. ADB Server timed out
3. Various RUU Errors
4. Visionary Not Working/Opening
Troubleshoot:
When you attempt to root you may face ADB timed out errors, it can be very annoying – there are various reasons for this, for me it was HTC Sync that was conflicting with ADB, shutting it down allowed me to boot into the custom recovery (step2 in the root process).
If you run into various other RUU errors (such as: unable to load boot loader, which was fixed by following step 3 correctly.) while trying to downgrade, most likely you didn’t do it correctly. Try doing it again and it should work.
Visionary Not Working/Opening (Solution: Download from phone browser: http://content.modaco.net/dropzone/c...ryplus.r13.apk)
Recommended to Back up Data:
1. Contacts:
You can save you’re contacts from you’re legend by clicking contacts, menu, import/export and export to SD Card.
2. SMS:
Get the SMS Backup and Restore App form Market, Install and Save it on to the SD Card.
3. Backup Complete SD Card:
Copy all the contents of the SD Card and save it onto the PC.
We start now;
Step 1:
Install Android SDK
Extract hack4legend-v5.zip to C Drive
Step 2:
Have adb in your path, or move the files contained in hack4legend-v5.zip into your sdk/tools directory so your pushes will work properly.
FOR ALL OS's Make sure your phone has Applications->Development->USB Debugging turned on.
Do NOT have your phone in Disk Drive Mode, have it in Charge Only.
Open a terminal window in your /tools/ directory. Type this at the prompt.
Code:
crackin.sh
or in Windows
Code:
crackin.bat
Your phone will reboot 5 times.
You WILL see several error messages.
it looks like this c---rw----
c---rw---- 1 1001 2002 90, 0 Jul 19 16:19 /dev/mtd/mtd0
You’re done with this.
Step 3:
- Temproot with VISIONary r13 (install the downloaded file as per a normal APK)
- Once you are temprooted, connect via 'adb' and do 'su' (to get root) then '/data/local/flash_image misc /data/local/misc1-2.img'
Step 4:
RUN RUU to downgrade to 2.1 – it should be possible to do so now.
Hence, you will be downgraded to 2.1 and you can use the normal way to root your legend.
All I can say is that the CM7 Mod is so fast on the Legend, no lag whatsoever, it's beyond! (will post a video 4 you guys)
End.
Forgive me if i seem rude.Hasn't this been covered in many other threads before?
I searched the site but never found this same method, is a combination of 2 or more guides at one place, also touching on some of the common errors faced when downgrading.
after this command '/data/local/flash_image misc /data/local/misc1-2.img'
it says "flash_image not found"....
So? Find it and put it there via adb.
but this is what i try...
i have both files in c:/hack4/ and in c:/android-sdk-windows/tools/
i wright in command " /c/hack4/flash_image misc /c/hack4/misc1-2.img"
and i have the message "flash_image not found"
am i doing something wrong?
i have also tried "/c/android-sdk-windows/tools/flash_image misc /c/android-sdk-windows/tools/misc1-2.img" the same problem...
What hboot do you have? Look at the guide for YOUR hboot ive had different Hboots across 2 devices and needed to use the right guide for the right hboot
bonesy said:
What hboot do you have? Look at the guide for YOUR hboot ive had different Hboots across 2 devices and needed to use the right guide for the right hboot
Click to expand...
Click to collapse
i have 1.01
alfagama said:
i have 1.01
Click to expand...
Click to collapse
http://forum.xda-developers.com/showpost.php?p=10217134&postcount=1
bonesy said:
http://forum.xda-developers.com/showpost.php?p=10217134&postcount=1
Click to expand...
Click to collapse
i have tried this to... the same problem
Are you sure you executed these codes from Guide 2 ?
Code:
adb push flash_image /data/local/
adb push misc1-2.img /data/local/...switch back to 1st command prompt and change permission of flash_image_binary:
Code:
chmod 755 /data/local/flash_image
Click to expand...
Click to collapse
These is supposed to upload the images required on your phone and be exventually be executed on your phone to replace the image
ps: im no expert but i just flashed mine recently and i had to read the guides several times to understand the logic behind each guide to avoid mistakes some had with their phones...
alfagama said:
i have tried this to... the same problem
Click to expand...
Click to collapse
Then you cant be followign the guide right.Have you done temproot?
yes i tried with visionairy13 and 14 both time i had su= #
a noob question...'/data/local/flash_image misc /data/local/misc1-2.img' =" /c/hack4/flash_image misc /c/hack4/misc1-2.img" where i have the 2 files...
Blay0 answered correctly...i didnt
alfagama said:
a noob question...'/data/local/flash_image misc /data/local/misc1-2.img' =" /c/hack4/flash_image misc /c/hack4/misc1-2.img" where i have the 2 files...
Click to expand...
Click to collapse
Nooooooooo dammit! You have just pushed both those files to your phone!!!!!!!!! Go to your phone shell via adb, execute su to gain root privileges and then execute flash_image on your phone not on your PC!!!!! It doesn't really matter where on the phone do you have both as long as they are both in /data dir and don't prepend anything!!!
i am very confused now , can yoy help me step by step?
i run on my phone visionairy and then i click on temproot.
then i run on my pc cmd and i give the comand "adb shell" and then i type su and it says #...
after that should i give the next command on the pc again or on my phone, and with what should i replace the /data/local/ ...?
Pay attention dude!
Open two command prompts. Name them ONE and TWO. You gonna use ONE for copying files from your PC to your phone using adb push. You gonna use TWO for connecting from your PC to your phone using adb shell and execute all commands meant to be executed on your phone there. Now use ONE to copy (adb push) a program called flash_image to your phone's directory /data/local. After you do that use TWO to connect to your phone (adb shell), execute su to gain root privileges (you get # prompt) now in the same commnd prompt (that's TWO) change permissions of program flash_image you have just copied to your phone in ONE. Then also on TWO execute flash_image program with parameters from above.
If you don't understand what I'm saying you better sell that phone and instead use phone booth. In fact sell all your hi-tech stuff including your PC. It would be much safer for you and even for us.
Sent from my HTC Legend
alfagama said:
/c/hack4/flash_image misc
Click to expand...
Click to collapse
Faaaairly sure you're gonna want to write C: and not c/ dude, regardless of what other stuff you're doing wrong.
BlaY0 said:
Pay attention dude!
Open two command prompts. Name them ONE and TWO. You gonna use ONE for copying files from your PC to your phone using adb push. You gonna use TWO for connecting from your PC to your phone using adb shell and execute all commands meant to be executed on your phone there. Now use ONE to copy (adb push) a program called flash_image to your phone's directory /data/local. After you do that use TWO to connect to your phone (adb shell), execute su to gain root privileges (you get # prompt) now in the same commnd prompt (that's TWO) change permissions of program flash_image you have just copied to your phone in ONE. Then also on TWO execute flash_image program with parameters from above.
If you don't understand what I'm saying you better sell that phone and instead use phone booth. In fact sell all your hi-tech stuff including your PC. It would be much safer for you and even for us.
Sent from my HTC Legend
Click to expand...
Click to collapse
my friend i pretty sure that you know much than i do...
but for your information i am 48 and i am the last 20 years involved with computers and mobile phones.... over that 20 years i have learned at least to follow instructions (if they are clear), so once again thanks for your help.
my problem was that after unistalling sync 3.0 and installing sync 2.033 i have not uninstalled the drivers so i had problem.
after fixing that everything went smooth.
So after 20 years in computers, you actually found out that the problem was on your side and not in the instructions. Too bad. My mom is also been using computers for more than 20 years. She knows what is monitor and that she can move cursor around with the mouse.
BTW what has version of sync to do with your confusion? You are trying to say that "flash_image not found" error had something to do with sync version? Ohh, give me a break...
And as far as clear instructions are concerned... I guess they are pretty clear if 99 ppl find them OK and one (that's you) doesn't.
Don't want to be rude but maybe 20 years was too much and it is time to start something completely different.
Hello,
I googled and searched the forum but none o the threads apply to my problem as far as I can see. :/
So my old phone finally dies more or less... and I am trying to get the picture from the internal storage.
My setup: I9000, running CM11 (not sure which nightly exactly), rooted, BUT usb-debugging could be off I dont know for sure.
I can go to recovery mode but as the screen is broken I am limited with my actions. So using
Code:
adb devices
I can see my device
Code:
<long number here> recovery
Here is what I tried:
Code:
adb pull / H:/backup
This does not work because after a short while it aborts with an error message: "... no such file or directory"
Using
Code:
adb shell
followed by cd sdcard gives me a "cant cd to sdcard"
If I try to cd into other directories they are empty when trying to list them with ls.
su is also not found but adb root shows that it is already running as root.
Afterwards I tried Android Commander but that also did not work for me because Android Commander did not show my device and it also crashed after a while.
To make a long story short I am desperate...
What else can I try to get my data?
push
no one?
SaphirX said:
push
no one?
Click to expand...
Click to collapse
I don't think you can just PULL the whole "/" partition. The long number you listed there is likely to be your IMEI number (Just a guess).
EDIT: You might want to check this out: http://stackoverflow.com/questions/19225467/backing-up-android-device-using-adb
In case anybody cares, here's a pure C reimplementation of 'cuber.py'
(my own earlier reimplementation of @vortox's signature.py).
This is what I'm using in my '1-Click' bootloader unlock VM...
See 'grep ^gcc' for "build instructions".
Hack, you can probably build this for ARM and run it right on your very HDX tablet... (-;
UPDATE (JanuaryFebruary 2017):
OK; so, @zivimo had built this for ARM, but people still haven't noticed.
I repacked his binary from a .tar.gz to a .zip archive and decided to spell out the instructions for use.
Perhaps, this helps... With the right bootloader in place, and adb/fastboot installed (and working),
the unlock is as easy as follows...
Download and extract unlock.zip (SHA256: e40e3010f8eccfa9cbd1e73eecac30cf799099d183de23b2d256fc3407f143f6e5db0b8d82c8fd2a25a22b0a598014d22a2ec33cef27a8d4b65a36acde08f27a)
to the same directory that holds the adb and fastboot executables (unless you have added them to your PATH)
Click on get_code.bat in the extracted folder
-- optional (but commonly required) step(s) --
fix root (roll back, if you need to), flash vulnerable bootloader
[you'll definitely need to perform at least some of these if the last step fails]
Click on unlock.bat in the extracted folder
The archive also includes .sh variants of the .bat files for convenience.
You could also just click to show the hidden section and cut&paste... (-;
Code:
[STRIKE]unzip cuber.zip[/STRIKE]
adb push cuber /data/local/tmp/
adb shell chmod 0755 /data/local/tmp/cuber
adb shell 'id=$(cat /sys/class/block/mmcblk0/device/{manfid,serial}); echo "$id"; echo 0x${id:6:2}${id:11:8} | /data/local/tmp/cuber > /sdcard/unlock.code'
adb pull /sdcard/unlock.code
adb shell rm /sdcard/unlock.code /data/local/tmp/cuber
adb reboot-bootloader
fastboot -i 0x1949 flash unlock unlock.code
NOTE: download and extract the attached 'cuberunlock.zip' and run the above commands
in the directory where 'cuber' got extracted to.
Nice job! Originally I wanted to use OpenSSL BigNum too, but I hadn't enough time and Python was easier to use
hey,
made a static compile with an arm debian (jessie). seemed the easiest solution to me. compile command:
Code:
# gcc -fPIE -static cuber.c -o cuber -lssl -lcrypto
# strip cuber
# ldd cuber
not a dynamic executable
# ./cuber
Usage: cuber [RSA-bytes] < data > sig
seems to work. arm(!) binary attached.
ok draxie, you pointed me here but something seems to be missing. i downloaded unlock.zip, put the files in my adb directory. when i run get_code.bat, it pushes cuber to the kindle in the right directory, changes permissions (dont see any errors there) but then stops saying the system can't find the specified path. Whats funny is i used es file explorer to check the paths in the script, and they are there so not sure where the hang up is.
chin_bone said:
ok draxie, you pointed me here but something seems to be missing. i downloaded unlock.zip, put the files in my adb directory. when i run get_code.bat, it pushes cuber to the kindle in the right directory, changes permissions (dont see any errors there) but then stops saying the system can't find the specified path. Whats funny is i used es file explorer to check the paths in the script, and they are there so not sure where the hang up is.
Click to expand...
Click to collapse
Did you check all three paths?
/data/local/tmp
/sdcard
/sys/class/block/mmcblk0
The 2nd one _may_ be problematic if you're on SafeStrap.
I don't know why. I'm yet to install that on one of my test
devices to investigate. (Or, was that the 1st... )
The 0 in the 3rd one may actually be a 1 on some systems.
I have a few extra lines in my VM script to work around
that, I can easily add that here as well, if that turns out
to be the issue.
BUT, to try and troubleshoot: how far does the script get?
If it didn't complain with the permissions, the 1st path is probably OK.
Does it print your manfid/serial?
If so, mmcblkX would be right as well.
Any chance that you're on SafeStrap?
Can you push/pull to/from /sdcard?
- - - - -
On a second thought: I've only ever tested this on Linux.
String quoting on Windows may work differently, and could *royally* mess up how that more complex command is interpreted.
I'll test tomorrow; it's like 20 past 1am here. I need to get some sleep.
In the meantime, as a workaround, you could just hard-code your manfid/serial, and replace this line:
Code:
adb shell 'id=$(cat /sys/class/block/mmcblk0/device/{manfid,serial}); echo "$id"; echo 0x${id:6:2}${id:11:8} | /data/local/tmp/cuber > /sdcard/unlock.code'
by the decidedly much simpler:
Code:
adb shell 'echo 0xmmssssssss | /data/local/tmp/cuber > /sdcard/unlock.code'
draxie said:
Did you check all three paths?
/data/local/tmp
/sdcard
/sys/class/block/mmcblk0
The 2nd one _may_ be problematic if you're on SafeStrap.
I don't know why. I'm yet to install that on one of my test
devices to investigate. (Or, was that the 1st... )
The 0 in the 3rd one may actually be a 1 on some systems.
I have a few extra lines in my VM script to work around
that, I can easily add that here as well, if that turns out
to be the issue.
BUT, to try and troubleshoot: how far does the script get?
If it didn't complain with the permissions, the 1st path is probably OK.
Does it print your manfid/serial?
If so, mmcblkX would be right as well.
Any chance that you're on SafeStrap?
Can you push/pull to/from /sdcard?
- - - - -
On a second thought: I've only ever tested this on Linux.
String quoting on Windows may work differently, and could *royally* mess up how that more complex command is interpreted.
I'll test tomorrow; it's like 20 past 1am here. I need to get some sleep.
Click to expand...
Click to collapse
It's all good draxie, i figured out what i was doing wrong with the other procedure, that damn STEP 2, once i did it, everything fell into place. Bootloader unlocked and now just trying to figure out which rom to try first. Thanks again, you guys are great and i know how valuable everyones time is. :good:
I keep hitting road blocks, I am rooted and on Fire OS 4.5.5.2 I click get code a screen flashes up then I click Unlock and my Kindle boots to the Grey Kindle screen with Fastboot underneath and nothing else happens. Same happens when I copy and past the code into ADB. What step am I failing at? Thanks for the help!
pdanforth said:
I keep hitting road blocks, I am rooted and on Fire OS 4.5.5.2 I click get code a screen flashes up then I click Unlock and my Kindle boots to the Grey Kindle screen with Fastboot underneath and nothing else happens. Same happens when I copy and past the code into ADB. What step am I failing at? Thanks for the help!
Click to expand...
Click to collapse
@draxie - I have no experience with this tool; python/gmpy2 works reliably for me. Sorry to pull you in ...
Davey126 said:
@draxie - I have no experience with this tool; python/gmpy2 works reliably for me. Sorry to pull you in ...
Click to expand...
Click to collapse
I am up and running now, unlocked and running kk-fire-nexus-rom-thor-20161017. Play store is also up and running.
pdanforth said:
I am up and running now, unlocked and running kk-fire-nexus-rom-thor-20161017. Play store is also up and running.
Click to expand...
Click to collapse
Did you end up using some other method, or did these scripts work for you in the end?
Either way, others may find useful if you could share whatever worked for you. (-;
Unfortunately, I still haven't had a chance to test these scripts in Windows;
so, I couldn't answer your first call for help in a good way. If there's something
wrong and there's enough interest, I'll be happy to fix it as soon as I can.
draxie said:
Did you end up using some other method, or did these scripts work for you in the end?
Either way, others may find useful if you could share whatever worked for you. (-;
Unfortunately, I still haven't had a chance to test these scripts in Windows;
so, I couldn't answer your first call for help in a good way. If there's something
wrong and there's enough interest, I'll be happy to fix it as soon as I can.
Click to expand...
Click to collapse
@stangri did my unlock file and I used this thread to unlock https://forum.xda-developers.com/kindle-fire-hdx/general/thor-unlocking-bootloader-firmware-t3463982
I had trouble making the Unlock file, once that was done and some help from other users I am now up and running!
Ok so this is the rundown. Ran Fix Contexts in TWRP recovery no longer could get phone to connect to pc to read SD card period. Ran several apps that didn't fix SD card permissions. wiped phone completely including DATA, SYSTEM, and SDCARD. had a custom rom on the phone didnt think it would wipe its wiped.
Im in TWRP no adb sideload, no fastboot from bootloader. something with file permissions is preventing phone from even being seen by PC. and no its not USB issues i tried to run RUU. it cant even see my phone. No one can even provide a suggestion i can still do terminal from TWRP but it has something to do with me using the fix contexts that screwed it up.
really no one has a suggestion? i have access to TWRP recovery and can run terminal commands i just need something to fix what ever fix contexts did so i can get access to usb functionality. please? if looked all over google and there is no one with this issue. every topic points to adb sideload and fastboot working but usb doesnt work in my case due to use of fix contexts.
M4rin3r said:
really no one has a suggestion? i have access to TWRP recovery and can run terminal commands i just need something to fix what ever fix contexts did so i can get access to usb functionality. please? if looked all over google and there is no one with this issue. every topic points to adb sideload and fastboot working but usb doesnt work in my case due to use of fix contexts.
Click to expand...
Click to collapse
i solved it mysself no thanks to a forum that supposed to help and yet im a noob at this ****.
for those of you who have done as i did and bricked the phone.
go into twrp recovery and go to terminal
Code:
busybox
echo "persist.service.adb.enable=1" >> default.prop
echo "persist.service.debuggable=1" >> default.prop
echo "persist.sys.usb.config=mtp,adb" >> default.prop
Reboot phone to see if it worked. then try to see if you can use adb on pc to sideload a rom.
M4rin3r said:
i solved it mysself no thanks to a forum that supposed to help and yet im a noob at this ****.
for those of you who have done as i did and bricked the phone.
go into twrp recovery and go to terminal
Code:
busybox
echo "persist.service.adb.enable=1" >> default.prop
echo "persist.service.debuggable=1" >> default.prop
echo "persist.sys.usb.config=mtp,adb" >> default.prop
Reboot phone to see if it worked. then try to see if you can use adb on pc to sideload a rom.
Click to expand...
Click to collapse
Well, I could have come in here and pretended I've seen this before, but honestly, I've never run Fix Contexts in TWRP (in fact, I've never heard of it). You've got to remember that most of us know what we know either through our own bad experiences or by following how others fixed their bad experiences. So, I appreciate that you marked it solved and put how you solved it in this thread. Next time someone has the same issue, I'll know where to look for a solution.
coal686 said:
Well, I could have come in here and pretended I've seen this before, but honestly, I've never run Fix Contexts in TWRP (in fact, I've never heard of it). You've got to remember that most of us know what we know either through our own bad experiences or by following how others fixed their bad experiences. So, I appreciate that you marked it solved and put how you solved it in this thread. Next time someone has the same issue, I'll know where to look for a solution.
Click to expand...
Click to collapse
Its also known as fix permissions.
@ M4rin3r
Can you PM me with more details on how to do this, I'm facing the same problem....