[Q] downgrading - G1 Q&A, Help & Troubleshooting

hello
i'm new to android and i'm interested in rooting and flashing custom roms but i need some help
i have a T-mobole G1 with :
FW version: 1.6
baseband version: 62.50SC.20.17H_2.22.23.02
kernel version: 2.6.29-00479-g3c7df37
[email protected] #19
build number: DMD64
i googled a lot on how to root and flash custom rom and i saw that i need to downgrade and then root and flash, and also i saw that some people are having trouble downgrading.. but still thats not the issue ..
my question that i couldn't find an answer to is:
when i put the DREAIMG.nbh in the sd and flash , it will flash an older version of android , but as i understood this will not affect the radio.. the question is , do i have to downgrade the radio as well or not ? will i brick the phone if i downgrade the firmware but not the radio ?
here and on the unlockr , the radio wasn't mentioned in the guides..
and as you can see in "[How-to] downgrade T-Mobile G1 from Donut (1.6) to Cupcake (1.5) and get root" on gphone, the radio version was older.. so idk..
any help would be appreciated
thanks in advance

bobo122 said:
hello
i'm new to android and i'm interested in rooting and flashing custom roms but i need some help
i have a T-mobole G1 with :
FW version: 1.6
baseband version: 62.50SC.20.17H_2.22.23.02
kernel version: 2.6.29-00479-g3c7df37
[email protected] #19
build number: DMD64
i googled a lot on how to root and flash custom rom and i saw that i need to downgrade and then root and flash, and also i saw that some people are having trouble downgrading.. but still thats not the issue ..
my question that i couldn't find an answer to is:
when i put the DREAIMG.nbh in the sd and flash , it will flash an older version of android , but as i understood this will not affect the radio.. the question is , do i have to downgrade the radio as well or not ? will i brick the phone if i downgrade the firmware but not the radio ?
here and on the unlockr , the radio wasn't mentioned in the guides..
and as you can see in "[How-to] downgrade T-Mobile G1 from Donut (1.6) to Cupcake (1.5) and get root" on gphone, the radio version was older.. so idk..
any help would be appreciated
thanks in advance
Click to expand...
Click to collapse
http://forum.xda-developers.com/showthread.php?t=1098899Guide to downgrade and root to latest radio and hboot

agin, the radio is not mentioned in downgrading .. the guide says downgrade from 1.6 to 1.5 then update the radio to 2.22.23.02, but i already have this (2.22.23.02) radio installed on my phone and as i understood , flashing a new FW doesn't change the radio..
my question still the same, will downgrading the FW version to 1.5 , without downgrading the radio, brick my phone ? should i downgrade the radio as well or there is no relationship between the radio version and the FW version ?
more info:
this is what i get when i turn the phone on while holding the camera botton:
DREA100 PVT 32B
HBOOT-0.95.0000
CPLD-4
RADIO-2.22.23.02
Sep 2 2008
thanks for the reply

bobo122 said:
agin, the radio is not mentioned in downgrading .. the guide says downgrade from 1.6 to 1.5 then update the radio to 2.22.23.02, but i already have this (2.22.23.02) radio installed on my phone and as i understood , flashing a new FW doesn't change the radio..
my question still the same, will downgrading the FW version to 1.5 , without downgrading the radio, brick my phone ? should i downgrade the radio as well or there is no relationship between the radio version and the FW version ?
more info:
this is what i get when i turn the phone on while holding the camera botton:
DREA100 PVT 32B
HBOOT-0.95.0000
CPLD-4
RADIO-2.22.23.02
Sep 2 2008
thanks for the reply
Click to expand...
Click to collapse
yes you have firmware 1.6 and you need to downgrade to 1.5 in order to root the device!! trust me i promise you that is what you are trying to do!! in that guide you get radio 2.22.23.02 again after rooting so you can install the danger spl withouth bricking!! than you can upgrade to the latest radio after danger spl is flashed!!

what i understand from what you are telling me is that flashing 1.5 fw will downgrade the radio
is that correct ? cuz thats what confusing me since the beginning! i don't know if downgrading the fw will downgrade the radio too or not (and if not, idk if my phone will get bricked if i don't downgrade it too)
thanks

Method 1:
ANDROOT
+
Rom Manger
+
install a custom recovery via rom manger
+
install 1.33.2003 (link to 1.33.2003 is on the 2708+ kernel/radio thread) [this only works on t-mobile dreams; rogers or other dreams with 3.xx radio this will cause a brick]
+
follow instrucitons on 2708+ thread to install the new radio and rom;
Method 2:
make gold card
+
put orange NBH on gold card as DREAIMG.nbh [link on 2708+ thread]
+
flash orange NBH
+
follow instructions on 2708+ thread to install the new radio and rom
No downgrade needed. No need for ancient radio, no need to get stuck needing to use and old telnet hack, and no need to blindly install danger (aka death) spl
(and of a small note: nbh files contain a radio that is flashed.. but since its flashed from the bootloader; also flashes the SPL and rom/recovery; and will not force you to boot into recovery.. it usually dosn't cause bricks.. unless you have other hardware problems)

Downgrading a ROM from 1.6 to 1.5 will not cause a brick. You may create a brick, when you flash a non compatible SPL / radio using recovery.
As long as your SPL is compatible to your radio everything will be fine. If you want to be sure that you won't create a brick, you want to flash SPL and radio images only by using fastboot.
Edit: Follow Terry's instructions. He was faster than me and his instructions are much more detailed.
Sent from my Gingerbread on Dream using XDA App

bobo122 said:
what i understand from what you are telling me is that flashing 1.5 fw will downgrade the radio
is that correct ? cuz thats what confusing me since the beginning! i don't know if downgrading the fw will downgrade the radio too or not (and if not, idk if my phone will get bricked if i don't downgrade it too)
thanks
Click to expand...
Click to collapse
when downgrading to 1.5 you flash the DREAIMG.nbh first which brings your device to fw 1.0 and yes it downgrades your radio also!! to
radio- 1.22.12.29
hboot- 0.95.0000
than when you flash the update.zip it updates you to fw 1.5
radio- 2.22.19.26I
hboot- 0.95.0000
than you go to market download 'oi file manager' so you can flash recovery and that is how to root your device (Step 1.)
than step 2. upgrades your radio and hboot and installs danger spl
radio- 2.22.23.02
hboot- 1.33.2005
than from there you follow to step 3. and upgrade to latest radio and hboot
radio- 2.22.28.25
hboot- 1.33.0013d
than you are free to flash rom

There is no need to install DangerSPL! If you would like to install an engineering SPL, use 1.33.2003(!), otherwise follow Terry's instructions.
Sent from my Gingerbread on Dream using XDA App

AndDiSa said:
There is no need to install DangerSPL! If you would like to install an engineering SPL, use 1.33.2003(!), otherwise follow Terry's instructions.
Sent from my Gingerbread on Dream using XDA App
Click to expand...
Click to collapse
you need the danger spl to upgrade to latest radio(2.22.28.25) via recovery.. if youdont have it a warning will pop up while flashing radio file

ldrifta said:
you need the danger spl to upgrade to latest radio(2.22.28.25) via recovery.. if youdont have it a warning will pop up while flashing radio file
Click to expand...
Click to collapse
Makes no sense ... if you have an engineering SPL you can flash the radio using fastboot without any risk, so why would you flash it using recovery?
Sent from my Gingerbread on Dream using XDA App

AndDiSa said:
Makes no sense ... if you have an engineering SPL you can flash the radio using fastboot without any risk, so why would you flash it using recovery?
Sent from my Gingerbread on Dream using XDA App
Click to expand...
Click to collapse
its for the people who dont know how to use fastboot... just an alternative guide to upgrading via recovery.. when i first started doing this i had no clue what fastboot was lol it kinda like a last resort i guess.. lol

sorry for the late reply, i've been a little busy with homeworks
thanks for the help guys , i guess i got what i needed
will look for the methods and choose 1 the next weeked since its my brothers phone , and i'm in the university till then ..

i'm getting "an error occurred while attempting to run privileged commands!"
in rom manager v4.3.2.1 when trying to flash clockworkmod recovery ..
any idea ?

bobo122 said:
i'm getting "an error occurred while attempting to run privileged commands!"
in rom manager v4.3.2.1 when trying to flash clockworkmod recovery ..
any idea ?
Click to expand...
Click to collapse
uhh did you unroot your device? can only install custom recovery on 1.5 firmware

i think its root-related issue.. i rooted using "universal androot"
after some googling i found that i can check if i'm rooted or not but downloading teminal emulator and typing "su" , first time i tried it i got permission denied (that tells its not rooted) , then i rooted again , and tried "su" again but this time i got "segmentation fault" and then i tried flashing again but got the same error
here is the content of the log file
Code:
Go for root !
Version: Universal Androot - v1.6.2 beta 5
Detected OS version:4
ls -l /system/etc
-r-xr-x--- root shell 1176 2009-10-04 18:15 init.goldfish.sh
-r--r----- bluetooth bluetooth 935 2009-06-01 13:48 dbus.conf
-rw-r--r-- root root 183 2008-08-01 15:00 pvasflocal.cfg
-rw-r--r-- root root 7276 2009-10-04 18:15 event-log-tags
drwxr-xr-x root root 2008-08-01 15:00 ppp
-r--r--r-- radio audio 44542 2009-06-01 13:48 AudioPara4.csv
-rw-r--r-- root root 2037 2009-10-04 18:15 bookmarks.xml
-r-xr--r-- root root 415 2008-08-01 15:00 install-recovery.sh
-rw-r--r-- root root 6521 2009-10-04 18:15 apns-conf.xml
drwxr-xr-x root root 2008-11-01 04:03 wifi
drwxr-xr-x root root 2008-11-01 04:03 location
-rw-r--r-- root root 1898 2008-11-01 04:03 AudioFilter.csv
drwxr-xr-x root root 2008-11-01 04:03 dhcpcd
drwxr-xr-x root root 2008-11-01 04:03 firmware
-rw-r--r-- root root 25 2008-11-01 04:03 hosts
-rw-r--r-- root root 85 2008-08-01 15:00 01_qcomm_omx.cfg
drwxr-xr-x root root 2010-01-28 17:36 security
-rw-r--r-- root root 60559 2010-01-28 17:36 NOTICE.html.gz
-rw-r--r-- root root 368 2008-08-01 15:00 vold.conf
-rw-r--r-- root root 5220 2008-08-01 15:00 AudioPreProcess.csv
drwxr-xr-x root root 2008-08-01 15:00 permissions
-rw-r--r-- root root 1321 2008-08-01 15:00 contributors.html
-rw-r--r-- root root 682 2008-08-01 15:00 contributors.css
drwxr-xr-x root root 2008-08-01 15:00 bluez
-rw-r--r-- root root 232 2009-06-01 13:48 gps.conf
-rw-r--r-- root root 473 2008-08-01 15:00 pvplayer.cfg
ls -l /system/bin/reboot
lrwxrwxrwx root root 2009-06-01 13:49 reboot -> toolbox
cat /proc/sys/kernel/osrelease
2.6.29-00479-g3c7df37
getprop ro.product.model
T-Mobile G1
getprop ro.product.brand
tmobile
getprop ro.product.name
kila
getprop ro.product.manufacturer
HTC
getprop ro.build.product
dream
ls -l /sqlite_stmt_journals
-rws--x--x root root 16224 2011-06-18 05:19 rootshell
ls -l /data/local/tmp
opendir failed, Permission denied
ls -l /app-cache
/app-cache: No such file or directory
run mount
rootfs / rootfs ro 0 0
tmpfs /dev tmpfs rw,mode=755 0 0
devpts /dev/pts devpts rw,mode=600 0 0
proc /proc proc rw 0 0
sysfs /sys sysfs rw 0 0
tmpfs /sqlite_stmt_journals tmpfs rw,size=4096k 0 0
none /dev/cpuctl cgroup rw,cpu 0 0
/dev/block/mtdblock3 /system yaffs2 ro 0 0
/dev/block/mtdblock5 /data yaffs2 rw,nosuid,nodev 0 0
/dev/block/mtdblock4 /cache yaffs2 rw,nosuid,nodev 0 0
/dev/block//vold/179:1 /sdcard vfat rw,dirsync,nosuid,nodev,noexec,uid=1000,gid=1015,fmask=0702,dmask=0702,allow_utime=0020,codepage=cp437,iocharset=iso8859-1,shortname=mixed,utf8 0 0
run df
/dev: 49192K total, 0K used, 49192K available (block size 4096)
/sqlite_stmt_journals: 4096K total, 16K used, 4080K available (block size 4096)
/system: 69120K total, 68940K used, 180K available (block size 4096)
/data: 76544K total, 58920K used, 17624K available (block size 4096)
/cache: 69120K total, 28952K used, 40168K available (block size 4096)
/sdcard: 991488K total, 956912K used, 34576K available (block size 16384)
Preparing Exploit ... :true
Preparing busybox binary ... :true
User selected: Cupcake
Preparing Su binary ... :true
Preparing Superuser apk ... :true, resid:2131034117
Preparing root toolkit script ... :true
Trying to get mount point:/data
/dev/block/mtdblock5 /data yaffs2 rw,nosuid,nodev 0 0
Trying to get mount point:/system
/dev/block/mtdblock3 /system yaffs2 ro 0 0
mount -o remount,rw -t yaffs2 /dev/block/mtdblock3 /system
mkdir /system/xbin
cat su > /system/xbin/su
chmod 04755 /system/xbin/su
ln -s /system/xbin/su /system/bin/su
mount -o remount,ro -t yaffs2 /dev/block/mtdblock3 /system
mount -o remount,rw,nosuid,nodev -t yaffs2 /dev/block/mtdblock5 /data
mount -o remount,rw -t yaffs2 /dev/block/mtdblock3 /system
rm /system/bin/su
rm /system/xbin/su
Preparing to execute exploit, do chmod
Executing exploit..
cmd: /data/data/com.corner23.android.universalandroot/files/getroot /dev/block/mtdblock5 yaffs2
[*] Android local root exploid (C) The Android Exploid Crew
[*] Modified by shakalaca for various devices
[+] Using basedir=/sqlite_stmt_journals, path=/data/data/com.corner23.android.universalandroot/files/getroot
[+] opening NETLINK_KOBJECT_UEVENT socket
[+] sending add message ...
[*] Try to invoke hotplug now, clicking at the wireless
[*] settings, plugin USB key etc.
[*] You succeeded if you find /system/bin/rootshell.
[*] GUI might hang/restart meanwhile so be patient.
Wifi enabled ...
mkdir failed for /system/xbin, File exists
rm failed for /system/app/Superuser.apk, No such file or directory
write: No space left on device
rm failed for /data/local/tmp/rootshell, No such file or directory
Exploit delete success
Install/Uninstall rootkit: true
ls -l /sqlite_stmt_journals
-rws--x--x root root 16224 2011-06-18 05:20 rootshell
ls -l /data/local/tmp
opendir failed, Permission denied
ls -l /app-cache
/app-cache: No such file or directory
run mount
rootfs / rootfs ro 0 0
tmpfs /dev tmpfs rw,mode=755 0 0
devpts /dev/pts devpts rw,mode=600 0 0
proc /proc proc rw 0 0
sysfs /sys sysfs rw 0 0
tmpfs /sqlite_stmt_journals tmpfs rw,size=4096k 0 0
none /dev/cpuctl cgroup rw,cpu 0 0
/dev/block/mtdblock3 /system yaffs2 ro 0 0
/dev/block/mtdblock5 /data yaffs2 rw,nosuid,nodev 0 0
/dev/block/mtdblock4 /cache yaffs2 rw,nosuid,nodev 0 0
/dev/block//vold/179:1 /sdcard vfat rw,dirsync,nosuid,nodev,noexec,uid=1000,gid=1015,fmask=0702,dmask=0702,allow_utime=0020,codepage=cp437,iocharset=iso8859-1,shortname=mixed,utf8 0 0
run df
/dev: 49192K total, 0K used, 49192K available (block size 4096)
/sqlite_stmt_journals: 4096K total, 16K used, 4080K available (block size 4096)
/system: 69120K total, 69084K used, 36K available (block size 4096)
/data: 76544K total, 58912K used, 17632K available (block size 4096)
/cache: 69120K total, 28952K used, 40168K available (block size 4096)
/sdcard: 991488K total, 956912K used, 34576K available (block size 16384)

i got that error when i tried rooting it , then i tried unrooting and then rooting again.. did unrooting cause the problem and the only way to fix it now is downgrading
sorry for the double reply, i posted the log using my cellphone ..
thanks

bobo122 said:
i got that error when i tried rooting it , then i tried unrooting and then rooting again.. did unrooting cause the problem and the only way to fix it now is downgrading
sorry for the double reply, i posted the log using my cellphone ..
thanks
Click to expand...
Click to collapse
it ok lol so whats the situation now? are you rooted? do you have an active data plan?

"did unrooting cause the problem and the only way to fix it now is downgrading "
that supposed to be a question lol
anyway, no i'm not rooted yet, i'm trying to get it rooted using that 1 click root method (much less risky) , but i'll have no choice but to do it the hard way , then i'll do it the hard way..
i keep getting the same errors everytime i try rooting / unrooting using universal androot .. i don't know whats wrong ..
i posted the log, its always the same log .. as i can see in the log some commands are failing for some reason which i don't know , that must be what's causing the problem ...
i'm not from the USA .. i bought the cellphone on ebay, from the US (i unlocked it and i'm using it now in my country) .. i have 3g here with np (i could sign in my gmail account using 3g to activate the cellphone the first time i used it since it was wiped)
thanks

ok so i found some time since i'm in exams time ..
i just had an idea to try to soft root and try "su" in terminal .. IT WORKED!!
i installed the clockwork 2.5.0.7 custom recovery using rom manager .. then after reboot the root is gone since it was soft root .. then i tried normal root and it worked like a charm!
so, to everyone whose having my problem: soft root , reboot , root again (normal root this time)
i'll keep you posted with the rest of the process

Related

can't install any roms :s E: Failure at line 41:: set_perm 0 0 04755 SYSTEM:xbin/busy

I have a bit of a problem.
I have dangerspl, latest radio & cyanogen recovery 1.4 +jf.
I've tried to install numerous roms on my G1:
Both modaco v2 hero roms from http://android.modaco.com/content/h...m-is-here-2-versions-based-on-the-new-update/
also, cyanogen's 4.0.4 from http://forum.xda-developers.com/showthread.php?t=537204
and JAC;s xrom v1.4r3 from http://forum.xda-developers.com/showthread.php?t=543621
The process I'm following is
Code:
alt+w wipe in recovery then,
adb shell mount /sdcard
push the zip over with adp push whatever.zip /sdcard/whatever.zip
and finally apply any zip from sd.
Installation gets to 'copying files' then I get some errors:
Code:
E: Can't chown/mod /system/xbin/busybox (No such file or directory)
E: Failure at line 41:: set_perm 0 0 04755 SYSTEM:xbin/busybox.
Installation aborted.
I've sniffed around and found /system is full via df -h.
Code:
Filesystem Size Used Available Use% Mounted on
tmpfs 47.8M 0 47.8M 0% /dev
/dev/block/mmcblk0p1 1.3G 105.3M 1.2G 8% /sdcard
/dev/block/mtdblock3 90.0M 90.0M 4.0K 100% /system
/dev/block/mtdblock4 30.0M 1.1M 28.9M 4% /cache
Is it safe to rm -rf /system or will it turn my g1 into a shiny black paperweight?
Thanks,
Ruint.
edit: seems /system/app is full of apk/odex files, is it safe to remove them?
edi2: looks like after wiping, /data is never remounted, even if I mount it, it looks like it's unused in the install procsess. :/
repartition ur card to give urself more space. u can pull ur apps off of the partition. or write down what u have and reinstall all of them. also make sure u have the right spl, radio image, and if u haven't grab cyanogen's 1.4 recovery to help with the partitioning. of u can partition with ubuntu or paragon. if u need help check my sig and get back to me on gmail, or gtalk
EDIT: i see that u already have the radio, spl and recovery lol
same problem as yours.......
I can install some roms (CM 3.x, CM 4.x, zeroXd and even some hero ones), but while flashing others (JAC, MoDaCo, ecc.) I receive errors like the one you said and sometime line 88 copy_dir error.
Tried repairing the sdcard filesystem but it didn't help.....maybe it's a space related problem, as you suggested?
ps latest radio, recovery, and spl for me, too.......
I've had these errors and usually what it means is the rom.zip file is corrupt. Are you guys downloading the zip files from your phone? If so try downloading from a computer and then putting it on your phone. Don't use ADB just use windows. This solved my problem.
I'm downloading from the pc. Tried re-downloading and a different microsd card but the situation hasn't improved much....... sigh
any one found a fix for this issue...i cant seem to load newer ROMS..i keep gettin this error...pls help
I'm fairly certain it has nothing to do with the SD. The /system folder is stored on the phone's memory, not on the SD card. I'm looking into modifying the install script to use the busybox that is in /system/bin
EDIT: oh and "rm -r"ing anything is scary. I'm pretty sure that the whole system folder gets overwritten by most ROM install scripts, but why delete it?
EDIT: So I tried removing the copy commands from the install script and then copying the stuff manually and this happened: I first "rm -r"ing the system folder which removes all but the lost+found, then I tried copying the system folder from the ROM manually using "cp -r * /system". Then I got a very tell-tale error: not enough room on device. doing a quick "df -h" shows that my system folder is only allowed 67.5M of space, which is less than what ruin posted as his. anyone know of a way to resize?
i can install any rom on my x1..i try to but the screen just hang... pLLLLLSSSSS help
ruin said:
I have a bit of a problem.
I have dangerspl, latest radio & cyanogen recovery 1.4 +jf.
I've tried to install numerous roms on my G1:
Both modaco v2 hero roms from http://android.modaco.com/content/h...m-is-here-2-versions-based-on-the-new-update/
also, cyanogen's 4.0.4 from http://forum.xda-developers.com/showthread.php?t=537204
and JAC;s xrom v1.4r3 from http://forum.xda-developers.com/showthread.php?t=543621
The process I'm following is
Code:
alt+w wipe in recovery then,
adb shell mount /sdcard
push the zip over with adp push whatever.zip /sdcard/whatever.zip
and finally apply any zip from sd.
Installation gets to 'copying files' then I get some errors:
Code:
E: Can't chown/mod /system/xbin/busybox (No such file or directory)
E: Failure at line 41:: set_perm 0 0 04755 SYSTEM:xbin/busybox.
Installation aborted.
I've sniffed around and found /system is full via df -h.
Code:
Filesystem Size Used Available Use% Mounted on
tmpfs 47.8M 0 47.8M 0% /dev
/dev/block/mmcblk0p1 1.3G 105.3M 1.2G 8% /sdcard
/dev/block/mtdblock3 90.0M 90.0M 4.0K 100% /system
/dev/block/mtdblock4 30.0M 1.1M 28.9M 4% /cache
Is it safe to rm -rf /system or will it turn my g1 into a shiny black paperweight?
Thanks,
Ruint.
edit: seems /system/app is full of apk/odex files, is it safe to remove them?
edi2: looks like after wiping, /data is never remounted, even if I mount it, it looks like it's unused in the install procsess. :/
Click to expand...
Click to collapse
Where the hell is your /system/sd partition?
If your trying to install a Hero rom it needs an ext partition.
According to this:
Code:
Filesystem Size Used Available Use% Mounted on
tmpfs 47.8M 0 47.8M 0% /dev
/dev/block/mmcblk0p1 1.3G 105.3M 1.2G 8% /sdcard
/dev/block/mtdblock3 90.0M 90.0M 4.0K 100% /system
/dev/block/mtdblock4 30.0M 1.1M 28.9M 4% /cache
Where is mmcblk0p2 (system/sd) at?

[DEV] Coburn's Tattoo Hacking Corner - Mount Points, Fastboot and more - Take a peek!

Before I start, can we please keep the n00bish comments away from this thread. I have experience in doing this, and if I/we find a solution to this rooting drama, I'll post a how-to. A simple "Thanks, this will keep my fingers crossed" post is all that's enough to spark a chain reaction and fuel the fire knowing that we've got a strong user base that can help us test out our hacks.
Let's get down to business, shall we?
Mount Points:
This is the list of mount points that can be retrieved by issuing a simple 'mount' command on the adb shell, while your device is in USB Debugging (Settings > Applications > Development). Or in a terminal emulator.
rootfs / rootfs ro 0 0
[X]tmpfs /dev tmpfs rw,mode=755 0 0
devpts /dev/pts devpts rw,mode=600 0 0
proc /proc proc rw 0 0
sysfs /sys sysfs rw 0 0
[!] tmpfs /sqlite_stmt_journals tmpfs rw,size=4096k 0 0
[!!]/dev/block/mtdblock3 /system yaffs2 ro 0 0
/dev/block/mtdblock5 /data yaffs2 rw,nosuid,nodev 0 0
/dev/block/mtdblock4 /cache yaffs2 rw,nosuid,nodev 0 0
/dev/block//vold/179:1 /sdcard vfat rw,dirsync,nosuid,nodev,noexec,uid=1000,gid=1015,fmask=0000,dmask=0000,allow_utime=0022,codepage=cp437,iocharset=iso8859-1,shortname=mixed,utf8 0 0
Click to expand...
Click to collapse
I've added [X], [!] and [!!] to point out what we can do. The one with the cross is a no-go, despite being a tmpfs (TeMPorary File System), we can't write to it, and /dev/shm doesn't exist either. /dev/shm is commonly on Linux systems, a ram drive - anything written there goes bye-byes on reboot.
The second one, /sqlite_stmt_journals, which is mounted as RW, aka Read Write. Yes, we can run shell scripts, you do 'sh myscript.sh' from a terminal emulator or the adb shell to get them to run. Surpise - No noexec (no executables) flag, we can *possibly* run some custom non-root software! Downside? Only 4MB to play with. Shoot.
The second one, is the main target. /system is where Android is held, locked up in a RO filesystem. RO is Read Only. In other words, we can look but can't touch. (Bummer.) This is where we try to get into (with superuser apk and such), but it restricts us. If we can remount this sucker RW... Well, I did try:
$ mkdir /sdcard/test && mount -t yaffs2 -o rw /dev/block/mtdblock /sdcard/test
mkdir failed for /sdcard/test, File exists
$ mount -t yaffs2 -o rw /dev/block/mtdblock3 /sdcard/test
mount -t yaffs2 -o rw /dev/block/mtdblock3 /sdcard/test
mount: Operation not permitted
$ mount -t yaffs2 -o ro /dev/block/mtdblock3 /sdcard/test
mount -t yaffs2 -o ro /dev/block/mtdblock3 /sdcard/test
mount: Operation not permitted
$
Click to expand...
Click to collapse
...But it failed. /sdcard/test was the mount point on my sdcard that I wanted it to be accessed from, so I could just simply go "bang bang bang woot! GOLD! ". But no. Silly HTC.
Teh fastboot way of life:
Power off your HTC Tattoo and hold VOL Down while pressing the End Call/Power Button to enter the bootloader menu. Let the device scan for some DIAG ramdisk images (Test/Diagnostics mode?). After that, press the back button to enter the fastboot USB menu. While there, open a command prompt (on PC), change to the path where you downloaded fastboot (you can nab the said tool by downloading modaco's superboot 1.2 zip file in a thread in this category). Replace fastboot-windows with fastboot-linux, etc.
C:\Users\Coburn\Downloads\Tattoo>fastboot-windows oem boot tattoo.superboot.img
... INFOsetup_tag addr=0xA0000100 cmdline add=0x8D05E538
INFOTAG:Ramdisk OK
INFOTAG:smi ok, size = 0
INFOTAG:hwid 0x1
INFOTAG:skuid 0x1FC04
INFOTAG:hero panel = 0x0
INFOTAG:engineerid = 0x0
INFOMCP dual-die
INFOMCP dual-die
INFOTAG:mono-die = 0x0
INFODevice CID is not super CID
INFOCID is VODAP001
INFOsetting.cid::VODAP001
INFOserial number: HT99SLG03779
INFOcommandline from head: no_console_suspend=1 console=null
INFOcommand line length =404
INFOactive commandline: board_bahamas.disable_uart3=0 board_baha
INFOmas.usb_h2w_sw=0 board_bahamas.disable_sdcard=0 diag.enabled
INFO=0 board_bahamas.debug_uart=0 smisize=0 androidboot.baseban
INFOd=3.35.07.20 androidboot.cid=VODAP001 androidboot.carrier=VO
INFODA-UK androidboot.mid=CLIC10000 androidboot.keycaps=qwerty a
INFOndroidboot.mode=normal androidboot.serialno=HT99SLG03779 and
INFOroidboot.bootloader=0.52.0001 no_console_suspend=1 console=n
INFOull
INFOaARM_Partion[0].name=misc
INFOaARM_Partion[1].name=recovery
INFOaARM_Partion[2].name=boot
INFOaARM_Partion[3].name=system
INFOaARM_Partion[4].name=cache
INFOaARM_Partion[5].name=userdata
INFOpartition number=6
INFOValid partition num=6
INFO0
INFO0
INFO69466957
INFO69784520
INFO69007473
INFO7473
INFO0
INFO0
INFO0
INFO0
INFO0
INFO0
[....]
FAILED (status read failed (Too many links))
Click to expand...
Click to collapse
Oh my! Look at that! Did I just get a kernel parameter dump?! I tried the oem boot method using paul's superboot boot.img, and that's the data that it spat back. When it rebooted, it did the vibration like it would do on a cold boot. There was a lot of INFO0s though... Then it died with "Too many links". Aww. A Misc Partition?! WHAT?! Who knows what's there... (HTC, what are you hiding from us that you shouldn't be?)
Also, if we can force a custom kernel parameter with the "fastboot -c <something to make kernel remount system rw> oem boot" command, we may have a idea.
reboot-bootloader doesn't seem to work... "FAILED: remote (not allow)."
See below:
usage: fastboot [ <option> ] <command>
commands:
update <filename> reflash device from update.zip
flashall flash boot + recovery + system
flash <partition> [ <filename> ] write a file to a flash partition
erase <partition> erase a flash partition
getvar <variable> display a bootloader variable
boot <kernel> [ <ramdisk> ] download and boot kernel
flash:raw boot <kernel> [ <ramdisk> ] create bootimage and flash it
devices list all connected devices
reboot reboot device normally
reboot-bootloader reboot device into bootloader
options:
-w erase userdata and cache
-s <serial number> specify device serial number
-p <product> specify product name
-c <cmdline> override kernel commandline
-i <vendor id> specify a custom USB vendor id
Click to expand...
Click to collapse
I'm tapped. I hope this helps us in any way, it took about an hour to type (and copy/paste from CMD on Windows 7).
Remember: It's our phone, not theirs. We're breaking free - if Android is open source, why isn't the hardware?
Cheers (and please don't forget to buy me a coffee! ),
Coburn64.
Thanks coburn and f..k HTC
Good investigative work!
One point tho...
Coburn64 said:
The second one, /sqlite_stmt_journals, which is mounted as RW, aka Read Write. Yes, we can run shell scripts, you do 'sh myscript.sh' from a terminal emulator or the adb shell to get them to run. Surpise - No noexec (no executables) flag, we can *possibly* run some custom non-root software! Downside? Only 4MB to play with. Shoot.
Click to expand...
Click to collapse
What does this allow that we can't already do on /data? We can already push executables to /data/local and chmod and execute them... I believe this approach has already been tried for trying asroot2, try3 etc. exploits and the like.
The Tattoo seems pretty tight (altho of course nothing is impenetrable), our best bet is likely to be a leak of a S-OFF bootloader or an as yet unpatched kernel exploit?
P
List of options for "fastboot oem":
Code:
$ ./fastboot.exe oem h
... INFOcommand list
INFOkeytest
INFOheap
INFOboot
INFOreset
INFOpowerdown
INFOrebootRUU
INFOenableqxdm
INFOrtask
INFOtask
OKAY
rebootRUU is particulary usefull, it enables RUU mode without having to go through "adb shell reboot oem-78".
@modaco: Every time I tried to write something in /data/local, I kept getting the message "Permission Denied" like I didn't have write permissions or anything. How did you manage to do this?
@mainfram3: Nice work! I know 'fastboot oem boot' reboots the phone to flashed ROM (even if you try to force a custom image down it's throat) but this is rather interesting.
I wonder what 'fastboot oem enableqxdm' does? I'll try it out tonight...
EDIT: Looking at some exploits, there's a 2.4/2.6 kernel "sock_sendpage() NULL pointer dereference" exploit here on milw0rm.com. Does anyone know what kernel source version on HTC's Dev site is?
enable qxdm enables support for the Qualcomm qxdm debug tool.
Hmmm, like I say, I don't have a tattoo yet, but you can normally write to /data/local. Strange!
P
Coburn64 said:
EDIT: Looking at some exploits, there's a 2.4/2.6 kernel "sock_sendpage() NULL pointer dereference" exploit here on milw0rm.com. Does anyone know what kernel source version on HTC's Dev site is?
Click to expand...
Click to collapse
That's a very nice find! From the source, Linux kernel versions from 2.4.4 to 2.4.37.4, and from 2.6.0 to 2.6.30.4 are vulnerable. Our Tattoos are running 2.6.29
We need a skilled kernel developer to port this to the Android, since the exploit relies on low level assembly code :S
mainfram3 said:
That's a very nice find! From the source, Linux kernel versions from 2.4.4 to 2.4.37.4, and from 2.6.0 to 2.6.30.4 are vulnerable. Our Tattoos are running 2.6.29
We need a skilled kernel developer to port this to the Android, since the exploit relies on low level assembly code :S
Click to expand...
Click to collapse
Confirmed, we're running 2.6.29 on the offical ROMs. This looks promising.
mainfram3 said:
That's a very nice find! From the source, Linux kernel versions from 2.4.4 to 2.4.37.4, and from 2.6.0 to 2.6.30.4 are vulnerable. Our Tattoos are running 2.6.29
We need a skilled kernel developer to port this to the Android, since the exploit relies on low level assembly code :S
Click to expand...
Click to collapse
I wrote to author of FlashRec. Waiting for answer)
5[Strogino] said:
I wrote to author of FlashRec. Waiting for answer)
Click to expand...
Click to collapse
Awesome. What's flashrec anyway?
I was feeling adventous and decided to try some other rooting attempts that have succeeded on other phones. The fun thing was, I could get so close to the finishing line, when the Tattoo would kill the process (asroot2, try3, etc).
Damn. However, we can't give up - the goal is just in sight, we'll get there - we need to reroute the plan.
Coburn64 said:
Awesome. What's flashrec anyway?
I was feeling adventous and decided to try some other rooting attempts that have succeeded on other phones. The fun thing was, I could get so close to the finishing line, when the Tattoo would kill the process (asroot2, try3, etc).
Damn. However, we can't give up - the goal is just in sight, we'll get there - we need to reroute the plan.
Click to expand...
Click to collapse
FlashRec it's application for HTC Magic with exploit inside, to install custom recovery on systems with old Cupcake ROMs.
http://zenthought.org/content/project/flashrec
When HTC closed down a hole, that flashrec has been used, it become out-of-use
But mainfram3 found a new hope. Not only Tattoo users, Magic users (who stucked at new Hboot 1.76.00XX) have this hope too)
5[Strogino] said:
But mainfram3 found a new hope.
Click to expand...
Click to collapse
You meant Coburn64
And also let's not forget Droid Eris users, they're stuck in the same place we are, and they seem to be a much larger group.
this is personal now!!
i know that they just have added support for the sprint hero in flashrec i think it's on version 1.4 now!
all we need is just to find a small hole in the system making us able to write directly to the device and passing all the security sh*t
i have been in contact with htc tech center but have not been able to come through yet
i will request a eng S-off and matching radio!
i will also take take a look at the exploit code for the 2.6.29 kernel
I really hope we will get this working as i already have made custom ROM and recovery.img for it! hehe...
/data/local is writable, so is /sqlite_stmt_journals. The latter is restricted to 4MB, while the first has a lot of space (the rest of the /data partition).
Oh, and I can write to the data/local directory, I have to use adb push to get files on there.
Oddly enough, it allowed me to install a Hero super user APK on my Tattoo. Now, this is getting fun. Could someone disguise asroot2 or something inside an app, package it up as a APK and get android to install it?
I tried the asroot2, try3 and such but I got:
[1] Killed /data/local/asroot2
Click to expand...
Click to collapse
...like there's some watchdog feature inside the kernel or something. :-/
UPDATE: I'm working on a busybox hack for the tattoo. The aim of this is to get busybox installed on the device, so I can dump the NAND chip partitions and get that SPL.
Fingers crossed, and we also have found the debugging ROM for the Tattoo! So yeah, hehe...
Coburn64 said:
UPDATE: I'm working on a busybox hack for the tattoo. The aim of this is to get busybox installed on the device, so I can dump the NAND chip partitions and get that SPL.
Fingers crossed, and we also have found the debugging ROM for the Tattoo! So yeah, hehe...
Click to expand...
Click to collapse
Respect!! Hope for success, thanks for your effort
Thank you for your hard work!
I thought the rooting of tattoo died when benham ceased to exist in another tattoo-related forum and now i stumble upon this!
Crossing fingers!^^
Musenkishi said:
Thank you for your hard work!
I thought the rooting of tattoo died when benham ceased to exist in another tattoo-related forum and now i stumble upon this!
Crossing fingers!^^
Click to expand...
Click to collapse
Heh.
BUMP: My Busybox Hack is now live! Get it and install the sucker on your phone!

Rooting the Captivate using the command line under Linux

I've tried just about every automated/one click/whatever method for rooting my spiffy new Captivate, and they all failed for one reason or another. I finally got it to work using adb & the command line. Here's how I did it. Oh, and before someone asks "Why didn't you just use Windoze?", it's because all my computers run Linux so that's not an option.
STANDARD DISCLAIMER: If you root your phone, the ceiling will collapse on your head and your family will die. No one should ever follow these instructions. In fact, I should probably be banned for even posting them.
MY SETUP:
Ubuntu 11.04 (natty)
Samsung Captivate i897, stock, KB2
AT&T
1. Download SuperOneClick
http://forum.xda-developers.com/showthread.php?t=803682
I used 1.9.5, only because another poster told me he had successfully rooted his Captivate using that specific version. This may also work with the files from a newer version; I don't see why it wouldn't.
2. Extract everything
Duh.
3. Put adblinux, psneuter, busybox, su-v2, and Superuser.apk in one directory.
I don't know that it has to specifically be su-v2, but that one worked for me, so huzzah.
4. Put the phone in USB debug mode; plug it in to your computer.
Settings -> Applications -> Development (check the box for USB debugging). Linux users need no drivers.
5. Open a terminal, cd into wherever you extracted the SOC files.
6. Let's dance:
Code:
./adblinux push psneuter /data/local/tmp
./adblinux push su-v2 /data/local/tmp
./adblinux push busybox /data/local/tmp
./adblinux shell
$ cd /data/local/tmp
Make everything you just pushed over executable:
Code:
$ chmod 6755 psneuter
$ chmod 6755 su-v2
$ chmod 6755 busybox
Run the exploit:
Code:
$ /data/local/tmp/psneuter
Running psneuter successfully kicked me out of the shell, so go back. You should also notice when you re-enter the shell that your prompt has changed from "$" to "#", indicating psneuter was successful. This also means you have root privileges, at least temporarily, for the rest of your work.
Code:
./adblinux shell
# mount
"mount" should spit out something that looks like this:
mount
rootfs / rootfs ro 0 0
tmpfs /dev tmpfs rw,mode=755 0 0
devpts /dev/pts devpts rw,mode=600 0 0
proc /proc proc rw 0 0
sysfs /sys sysfs rw 0 0
/dev/block/stl6 /mnt/.lfs j4fs rw 0 0
tmpfs /sqlite_stmt_journals tmpfs rw,size=4096k 0 0
none /dev/cpuctl cgroup rw,cpu 0 0
/dev/block/stl9 /system rfs ro,vfat,llw,check=no,gid/uid/rwx,iocharset=utf8 0 0
/dev/block/mmcblk0p2 /data rfs rw,nosuid,nodev,vfat,llw,check=no,gid/uid/rwx,ioc
harset=utf8 0 0
/dev/block/stl10 /dbdata rfs rw,nosuid,nodev,vfat,llw,check=no,gid/uid/rwx,iocha
rset=utf8 0 0
/dev/block/stl11 /cache rfs rw,nosuid,nodev,vfat,llw,check=no,gid/uid/rwx,iochar
set=utf8 0 0
/dev/block/stl3 /efs rfs rw,nosuid,nodev,vfat,llw,check=no,gid/uid/rwx,iocharset
=utf8 0 0
/dev/block//vold/179:1 /sdcard vfat rw,dirsync,nosuid,nodev,noexec,uid=1000,gid=
1015,fmask=0102,dmask=0002,allow_utime=0020,codepa ge=cp437,iocharset=iso8859-1,s
hortname=mixed,utf8,errors=remount-ro 0 0
Click to expand...
Click to collapse
On your phone, that output might look a little different, but you're looking for the line in BOLD. In the example above, "/dev/block/stl9" is the mount point for "/system". If "mount" gives you a different mount point, then use that in the commands below. The stuff after that tells you the properties of "/system"; "ro" is the one we're concerned with. That tells us that "/system" is mounted as "read-only". We need to change that so we can move some files over.
Code:
# mount -o remount,rw /dev/block/stl9 /system
"/system" is now writable. Let's move some files over.
Code:
# /data/local/tmp/busybox cp /data/local/tmp/busybox /system/xbin
# chmod 6755 /system/xbin/busybox
# /data/local/tmp/busybox chown 0.2000 /system/xbin/busybox
A functional copy of busybox now resides at /system/xbin, so from now on you can just call it with "busybox" instead of having to use the full path to the one we pushed over earlier.
Code:
# busybox mv /data/local/tmp/su-v2 /system/xbin/su
# chmod 6755 /system/xbin/su
# busybox chown 0.2000 /system/xbin/su
# busybox ln -s /system/xbin/su /system/bin/su
IMPORTANT: Do not leave your "/system" mounted as read-write; change it back and exit the shell:
Code:
# mount -o remount,ro /dev/block/stl9 /system
# exit
$ exit
You should be back at your basic Linux command prompt now. Install the Superuser app.
Code:
./adblinux install Superuser.apk
7. Reboot your phone
When everything loads back up, you should have root privileges. Update BusyBox from the market. If everything went according to plan, when you try to install BusyBox you should get a prompt from the Superuser app asking if you want to grant the BusyBox installer superuser privileges. If so, everything worked the way it was supposed to, and you're now a 1337 [email protected]><0r or something.
8. Troubleshooting
Mine didn't take the first time for some reason. After reboot, I installed BusyBox and Titanium Backup, both of which failed to get root privileges. I went back into the phone with adblinux, remounted /system as rw, again set the privileges for "/system/xbin/su" to 6755, then remounted /system as ro and rebooted. It took the second time, so I'm assuming I may have typed something wrong.
Another thing I was keen to try is installing the Superuser app FIRST, then running the hacks to root the phone. The phone does not need to be rooted to install Superuser, only for it to work as designed. I am curious if "SU->root->reboot" would work the first time, instead of "Root->SU->Reboot->Re-Root->Reboot", which is how it's been working now. If I happen to reinstall and try this again, I'll update. If anyone else gives it a whirl, post a comment and I'll update accordingly.
I hope this helps someone else. Please comment below with questions/criticisms/flames.
Thanks bro this is a very handy guide i to use only linux and it kills me how many people say ehh just install windows it easier BLAAA is what i say great work keep it coming...
tkienzle said:
Thanks bro this is a very handy guide i to use only linux and it kills me how many people say ehh just install windows it easier BLAAA is what i say great work keep it coming...
Click to expand...
Click to collapse
I'm with you. I HATE hearing "just use Odin" or "you can buy a copy of Windoze for not much $$$!" If I wanted Windoze, I'd be using it already. If I could use Odin, I'd probably just follow the directions for that and not be asking questions about Heimdall.
+1 thanks. been running linux since 2002, wasn't looking forward to using a friends computer just to root a phone.

[Q] Read-Only internal storage?

Hi All,
(I've read tons of Threads here, but not yet found a solution).
My Galaxy Tab 10.1 is useless right now as it cannot write to internal storage.
Lots of apps crashing on use and doing a factory reset from the recovery menu does not help (Tablet is in exact same state aon reboot).
So, I've been using adb
Code:
C:\Program Files (x86)\Android\android-sdk\platform-tools>adb remount
remount failed: Operation not permitted
Here's the mount information from shell
Code:
[email protected]:/mnt/asec $ mount
mount
rootfs / rootfs ro,relatime 0 0
tmpfs /dev tmpfs rw,nosuid,relatime,mode=755 0 0
devpts /dev/pts devpts rw,relatime,mode=600 0 0
proc /proc proc rw,relatime 0 0
sysfs /sys sysfs rw,relatime 0 0
debugfs /sys/kernel/debug debugfs rw,relatime 0 0
none /acct cgroup rw,relatime,cpuacct 0 0
tmpfs /mnt/asec tmpfs rw,relatime,mode=755,gid=1000 0 0
tmpfs /mnt/obb tmpfs rw,relatime,mode=755,gid=1000 0 0
none /dev/cpuctl cgroup rw,relatime,cpu 0 0
/dev/block/mmcblk0p4 /system ext4 ro,relatime,barrier=1,data=ordered 0 0
/dev/block/mmcblk0p5 /cache ext4 rw,nosuid,nodev,noatime,barrier=1,data=ordered 0 0
/dev/block/mmcblk0p8 /data ext4 ro,nosuid,nodev,noatime,barrier=1,data=ordered,noauto_da_alloc,discard 0 0
/dev/block/mmcblk0p1 /efs ext4 rw,nosuid,nodev,noatime,barrier=1,data=ordered 0 0
/dev/fuse /mnt/sdcard fuse rw,nosuid,nodev,relatime,user_id=1023,group_id=1023,default_permissions,allow_other 0 0
So, I've tried to mount manually from adb shell:
Code:
[email protected]:/ $ mount -o rw,remount -t yaffs2 /dev/block/mtdblock3 /system
mount -o rw,remount -t yaffs2 /dev/block/mtdblock3 /system
mount: Operation not permitted
[email protected]:/ $
[email protected]:/ $ mount -o remount,rw -t rfs /dev/block/stl9 /system
mount -o remount,rw -t rfs /dev/block/stl9 /system
mount: Operation not permitted
But, I have no SU command:
Code:
[email protected]:/ $ su
su
/system/bin/sh: su: not found
I've got the su binary from downloading off this forum, but I cannot copy that up either (even to seemingly writable mount points)
Code:
C:\Program Files (x86)\Android\android-sdk\platform-tools>adb push su /cache
failed to copy 'su' to '/cache/su': Permission denied
Any hints to what I can do now?
Ro
Hey, this forum is for Samsung Galaxy Tab 7.
Here is link for SGT 10.1
http://forum.xda-developers.com/forumdisplay.php?f=1050
But looks like your device is not yet rooted correctly.
The easiest thing is to find pre-rooted kernel and flash them via odin.
Thanks for the reply, yappoe!
I was following a guide I found linked on a forum to get the Tablet Restocked to factory settings.
However, when I try to write via Odin, I get an error message on the tablet in Red
Code:
Bct_sync_Odin: Error to NvBuBctUpdate![err:0x140005]
DownloadPartition_Odin: Error to Bct_sync_Odin![err:0x140005]
Tegra_Nand_Write: Error to DownloadPartition![err:0x140005]
Obviously a write error, presumably as the File system is in Read-Only mode ?
Ro
Yes, because permission is not set correctly. You need root access to do that.
I really don't know much about G-Tab 10.1, and I don't know what you were trying to do or are trying to do.
But if you are trying to go back to stock firmware, you can follow this steps.. it works on most Samsung. (Note: Unless you are moving from Honeycomb to ICS or vice versa, you do NOT need to re-partition).
you can download any official firmware at http://fus.nanzen.se/
1. Download Fus Check Downloader 2.1 and downloaded a Firmware for your region. It will automatically decode the .enc2 file to.zip file
(or find your firmware at sammobile.com, you can skip step 2).
2. Extract the .zip file generated from decoding file to a folder and I got
tar.md 5 file.
3. Start Odin - put the .md5 to PDA and leave everything else as is.
4. Go to download mode on the G-tab
and click start. It takes about 6 to 7 minutes to do the flashing.
Can't guarentee if it would work, but good luck.
Once you get it work with STOCK, go to the Galaxy Tab 10.1 forum
and find the instruction there to ROOT
http://forum.xda-developers.com/forumdisplay.php?f=1050
Thanks yappoe,
That is a nice tool for firmware downloading.
Unfortunately I get the exact same error immediately when trying to write to the tablet via Odin.
Code:
Bct_sync_Odin: Error to NvBuBctUpdate![err:0x140005]
DownloadPartition_Odin: Error to Bct_sync_Odin![err:0x140005]
Tegra_Nand_Write: Error to DownloadPartition![err:0x140005]
I think I have a sort of chicken and egg situation where I my problem is my drive is mounted in read-only mode and I cannot change it without rooting/executing su
Ro
same situation
I have the same situation but with my omnia 2.
suddenly, the internal storage became read-only.
I have tried flashing the ROM and unchecking "preserve device contents".
I have tried spyware, malware, antivirus from PC via usb mode.
I have tried low-level format.
I have tried hard reset.
I have tried below cabs.
MoviPatch_Eng_100416
nueStorageManager-v1.1
Til now, i still have the problem.
Im using a micro sd instead.
Im planning on opening my phone and removing the internal memory chip instead lol.
I did open up my tablet.
The internal memory is part of a single mainboard.
(I think its the same in almost every device)
Looking into getting a replacement mainboard now.
It's possible to use an external SD card as the internal storage. This won't fix the internal storage, but your Tab will work again. See this thread.
ableeker said:
It's possible to use an external SD card as the internal storage. This won't fix the internal storage, but your Tab will work again. See this thread.
Click to expand...
Click to collapse
Cheers for the pointer, but the Galaxy Tab 10.1 doesn't have a place for an SD / micro SD card addition.
Ah. But you asked in the wrong forum.
Go to Galaxy tab 10.1 forum
Sent from my GT-P1000 using xda app-developers app
Yeah i asked a technician if he could do it, he said he has no idea where that chip is in the mainboard
Sent from my GT-I8160 using Tapatalk 2
supersaiyanx said:
Yeah i asked a technician if he could do it, he said he has no idea where that chip is in the mainboard
Click to expand...
Click to collapse
The mainboard cannot have components removed/added ... You have to replace the entire mainboard.

New Radio install Mod?

EDIT: This does work for us.. Confirmed! Screenshot page 2.
Thanks @Turge for the help with this. Great Mod!!
Turge has posted a way to change radios on the OneX+ which is still s-on. Does anyone with some dev smarts know if this procedure could be ported to the one? Thought it was interesting and wanted to share. Hopefully it helps. Turge's original thread for One X+ http://forum.xda-developers.com/showthread.php?t=2240968
Turge said:
Description:
This mod enables you to switch radios without actually flashing the radio partition (which requires S-OFF).​
How does it work?
The mod flashes the radio files to /system/mdm. On boot up, if the radio exists in this location, the radio partition will be unmounted and a symbolic link will be created from /firmware/mdm to /system/mdm.​
Boot.img Specifications:
Unsecured
init.d support
Requirements:
Unlocked bootloader
Custom boot.img with init.d support (see Downloads below)
Busybox (see Downloads below)
New AT&T (1.19.502.1) or Telus (1.20.661.1) build (Other builds have not been qualified yet)
See my thread: http://forum.xda-developers.com/showthread.php?p=40450319#post40450319
Install:
Download and flash custom boot.img with init.d support for your current build
Example:
Code:
fastboot flash boot c:\boot-1.20.661.1.img
Reboot to Recovery
Flash Busybox zip
Flash desired radio zip
Reboot
Profit
Downloads:
Custom boot.img with init.d support:
AT&T 1.19.502.1: http://www.androidfilehost.com/?fid=22909751817930309 (5MB)
Telus 1.20.661.1: http://www.androidfilehost.com/?fid=22909751817930305 (5MB)​
Busybox Install:
Busybox_Install.zip: http://www.androidfilehost.com/?fid=22909751817930298 (2MB)​
Radios:
AT&T/Telus 1.09.55.17: http://www.androidfilehost.com/?fid=22909751817930300 (19MB)
AT&T 2.14.55.01: http://www.androidfilehost.com/?fid=22909751817930299 (19MB)
Telus 2.15.55.11: http://www.androidfilehost.com/?fid=22909751817930301 (19MB)​
Click to expand...
Click to collapse
nugzo said:
Turge has posted a way to change radios on the OneX+ which is still s-off.. Does anyone with some dev smarts know if this procedure could be ported to the one? Thought it was interesting and wanted to share. Hopefully it helps.
http://forum.xda-developers.com/showthread.php?t=2240968
Click to expand...
Click to collapse
Send me the boot.img and I'll let you know..
Turge said:
Send me the boot.img and I'll let you know..
Click to expand...
Click to collapse
https://dl.dropboxusercontent.com/u/10203258/boot.img Thanks for quick reply. Guess i shoulda asked you first A
Are you just on the ball like that or do you get a notification when someone posts your name lol
Ahh the quote probably did it
nugzo said:
https://dl.dropboxusercontent.com/u/10203258/boot.img Thanks for quick reply. Guess i shoulda asked you first A
Are you just on the ball like that or do you get a notification when someone posts your name lol
Ahh the quote probably did it
Click to expand...
Click to collapse
Shouldn't be a problem. I can create something, but need some more info:
1. Which radio do you want to flash? Do you have a link to the firmware? Maybe the OTA? All I'm looking for is the mdm*.img file.
2. Does your boot.img have init.d support? I can update this one and add init.d support if desired.
3. If I'm repackaging the boot.img, how does it get flashed? Can it be flashed via recovery or only through fastboot?
4. Do you need a busybox installer? Busybox/init.d is required for my mod
5. Can you send me an update-binary from the META-INF folder of a working custom ROM? I don't want to download a 1GB zip just for it.
Turge
We want T-Mobile radio! I want to see if a T-Mobile radio will enable penta band on AT&T or dev edition phones.
Sent from my HTC One X
ECEXCURSION said:
We want T-Mobile radio! I want to see if a T-Mobile radio will enable penta band on AT&T or dev edition phones.
Sent from my HTC One X
Click to expand...
Click to collapse
Do you have a link to the ruu?
Turge said:
Shouldn't be a problem. I can create something, but need some more info:
1. Which radio do you want to flash? Do you have a link to the firmware? Maybe the OTA? All I'm looking for is the mdm*.img file.
2. Does your boot.img have init.d support? I can update this one and add init.d support if desired.
3. If I'm repackaging the boot.img, how does it get flashed? Can it be flashed via recovery or only through fastboot?
4. Do you need a busybox installer? Busybox/init.d is required for my mod
5. Can you send me an update-binary from the META-INF folder of a working custom ROM? I don't want to download a 1GB zip just for it.
Turge
Click to expand...
Click to collapse
boot.img gets flashed through fastboot. I dont have any particular radio in mind yet, just wanted to share your MOD. I am having some LTE speed issues but not sure if international radio will work for me, Probably not. I'm in the US (AT&T) and all the custom roms and kernels are from Non-US bases. This is a unique phone, ATT and International can use the same roms finally. (unlike one x+)
Yes the kernel has init.d support. Not sure about busy box.
This is the rom i'm using atm. But If you want to test anything i can change roms to whatever you request. Here is the update_binary https://dl.dropboxusercontent.com/u/10203258/update-binary
And here is Mike1986 firmware package from the latest wwe ruu. My CID is not supported so cant flash the firmware package. I think that's everything you needed..
Well on the rom i'm using i guess kernel can flash through recovery.. this is from the rom details: "Kernels get flashed through recovery (thanks xHausx)"
Turge said:
Do you have a link to the ruu?
Click to expand...
Click to collapse
Unfortunately I couldn't find an RUU. :-/ but it seems Tachi91 is under the impression that this will not enable all bands anyway. I just thought it was worth a try.
nugzo said:
boot.img gets flashed through fastboot. I dont have any particular radio in mind yet, just wanted to share your MOD. I am having some LTE speed issues but not sure if international radio will work for me, Probably not. I'm in the US (AT&T) and all the custom roms and kernels are from Non-US bases. This is a unique phone, ATT and International can use the same roms finally. (unlike one x+)
Yes the kernel has init.d support. Not sure about busy box.
This is the rom i'm using atm. But If you want to test anything i can change roms to whatever you request. Here is the update_binary https://dl.dropboxusercontent.com/u/10203258/update-binary
And here is Mike1986 firmware package from the latest wwe ruu. My CID is not supported so cant flash the firmware package. I think that's everything you needed..
Well on the rom i'm using i guess kernel can flash through recovery.. this is from the rom details: "Kernels get flashed through recovery (thanks xHausx)"
Click to expand...
Click to collapse
Give this a shot: http://www.androidfilehost.com/?fid=22909751817930629 (23MB)
If it doesn't change the frmware version, run "adb shell busybox sh /system/etc/init.d/00firmware" and post the output.
You can also post the output of "adb shell mount"
To get rid of the mod, delete "/system/etc/init.d/00firmware" or "/system/mdm" or both.
Turge said:
Give this a shot: http://www.androidfilehost.com/?fid=22909751817930629 (23MB)
If it doesn't change the frmware version, run "adb shell busybox sh /system/etc/init.d/00firmware" and post the output.
You can also post the output of "adb shell mount"
To get rid of the mod, delete "/system/etc/init.d/00firmware" or "/system/mdm" or both.
Click to expand...
Click to collapse
Ok thanks so much. Just gave it a shot. Radio version did not change. Ran command adb shell busybox sh /system/etc/init.d/00firmware and got this.
Code:
D:\Storage\Android Stuff\ASDK\platform-tools>adb shell busybox sh /system/etc/in
it.d/00firmware
sh: applet not found
And adb shell mount
Code:
D:\Storage\Android Stuff\ASDK\platform-tools>adb shell mount
rootfs / rootfs ro,relatime 0 0
tmpfs /dev tmpfs rw,nosuid,relatime,mode=755 0 0
devpts /dev/pts devpts rw,relatime,mode=600 0 0
proc /proc proc rw,relatime 0 0
sysfs /sys sysfs rw,relatime 0 0
none /acct cgroup rw,relatime,cpuacct 0 0
tmpfs /mnt/asec tmpfs rw,relatime,mode=755,gid=1000 0 0
tmpfs /mnt/obb tmpfs rw,relatime,mode=755,gid=1000 0 0
none /dev/cpuctl cgroup rw,relatime,cpu 0 0
none /dev/timer_group cgroup rw,relatime,timer_slack 0 0
/dev/block/mmcblk0p35 /system ext4 ro,relatime,nobarrier,data=ordered 0 0
/dev/block/mmcblk0p37 /data ext4 rw,nosuid,nodev,noatime,discard,nobarrier,noaut
o_da_alloc,data=ordered 0 0
/dev/block/mmcblk0p36 /cache ext4 rw,nosuid,nodev,noatime,nobarrier,data=ordered
0 0
/dev/block/mmcblk0p22 /devlog ext4 rw,nosuid,nodev,noatime,nobarrier,errors=cont
inue,data=ordered 0 0
tmpfs /data/qcks tmpfs rw,relatime,size=20480k,mode=750,gid=1000 0 0
tmpfs /data/efs tmpfs rw,relatime,size=20480k,mode=750,gid=1000 0 0
tmpfs /data/secure/data tmpfs rw,relatime,mode=755,gid=1000 0 0
/dev/fuse /storage/sdcard0 fuse rw,nosuid,nodev,relatime,user_id=1023,group_id=1
023,default_permissions,allow_other 0 0
/dev/block/mmcblk0p16 /firmware/q6 vfat ro,relatime,fmask=0000,dmask=0000,allow_
utime=0022,codepage=cp437,iocharset=iso8859-1,shortname=lower,errors=remount-ro
0 0
DxDrmServerIpc /data/DxDrm/fuse fuse.DxDrmServerIpc rw,nosuid,nodev,relatime,use
r_id=0,group_id=0,allow_other 0 0
debugfs /sys/kernel/debug debugfs rw,relatime 0 0
D:\Storage\Android Stuff\ASDK\platform-tools>
2 more:
adb shell busybox sh
adb shell ls -l /system/etc/init.d
Sent from my HTC One X using Tapatalk 2
Turge said:
2 more:
adb shell busybox sh
adb shell ls -l /system/etc/init.d
Sent from my HTC One X using Tapatalk 2
Click to expand...
Click to collapse
D:\Storage\Android Stuff\ASDK\platform-tools>adb shell busybox sh
sh: applet not found
D:\Storage\Android Stuff\ASDK\platform-tools>adb shell ls -l /system/etc/init.d
-rwxrwxrwx root shell 621 2008-08-01 08:00 00firmware
-rwxrwxrwx root shell 2572 2008-08-01 08:00 01renovate
-rwxrwxrwx root shell 1878 2008-08-01 08:00 85sqlite
-rwxrwxrwx root shell 598 2008-08-01 08:00 90initdtest
-rwxrwxrwx root shell 1601 2008-08-01 08:00 99pure
-rwxrwxrwx root shell 66 2008-08-01 08:00 99sysctl
D:\Storage\Android Stuff\ASDK\platform-tools>
Edit: just realized i didnt have busybox installed. Installing now and gonna reflash mod.
Same result.
Turge said:
2 more:
adb shell busybox sh
adb shell ls -l /system/etc/init.d
Sent from my HTC One X using Tapatalk 2
Click to expand...
Click to collapse
Is the busybox in the playstore the same as the one you posted in your mod thread? i had to use the one from play store because mid check failed during aroma install for the one in your thread.
Turge said:
Give this a shot: http://www.androidfilehost.com/?fid=22909751817930629 (23MB)
If it doesn't change the frmware version, run "adb shell busybox sh /system/etc/init.d/00firmware" and post the output.
You can also post the output of "adb shell mount"
To get rid of the mod, delete "/system/etc/init.d/00firmware" or "/system/mdm" or both.
Click to expand...
Click to collapse
Ok after manually pushing the busybox from your installer to xbin.. i get this when i run the busybox commands
Code:
D:\Storage\Android Stuff\ASDK\platform-tools>adb shell busybox sh
/system/bin/sh: busybox: can't execute: Permission denied
D:\Storage\Android Stuff\ASDK\platform-tools>adb shell busybox sh /system/etc/in
it.d/00firmware
/system/bin/sh: busybox: can't execute: Permission denied
Gonna wipe everything and start from scratch.
And if it's successful am i looking for the build number to change or the baseband numbers to change?
Edit. Tried everything again and baseband nor build number changed
nugzo said:
Gonna wipe everything and start from scratch.
And if it's successful am i looking for the build number to change or the baseband numbers to change?
Click to expand...
Click to collapse
Try running adb shell and typing "su" then run the commands above without the "adb shell" part
Sent from my HTC One X using Tapatalk 2
Turge said:
Try running adb shell and typing "su" then run the commands above without the "adb shell" part
Sent from my HTC One X using Tapatalk 2
Click to expand...
Click to collapse
getting same thing. applet not found. I installed busybox from playstore. If i push your busybox to the xbin folder i get the permision denied response when running the commands.
nugzo said:
getting same thing. applet not found. I installed busybox from playstore. If i push your busybox to the xbin folder i get the permision denied response when running the commands.
Click to expand...
Click to collapse
Tell me your radio version before applying the mod. You need to find a different radio to verify if it works. Meanwhile, try this:
adb shell
$ su
# sh /system/etc/init.d/00firmware
Ignore the $ and # signs
Sent from my HTC Flyer P512 using xda app-developers app
Namit1994 said:
Tell me your radio version before applying the mod. You need to find a different radio to verify if it works. Meanwhile, try this:
adb shell
$ su
# sh /system/etc/init.d/00firmware
Ignore the $ and # signs
Sent from my HTC Flyer P512 using xda app-developers app
Click to expand...
Click to collapse
My radio should be different, ATT radio 4A 14.3250.13_10.33.1150.01L
[email protected]/# /system/etc/init.d/00firmware
/system/etc/init.d/00firmware
00firmware
**VENOM: mdmFolder: /system/mdm
**VENOM: Flag File: /system/mdm/radiover.cfg
**VENOM: Mounting /system/mdm to /firmware/mdm
[email protected]/#
nugzo said:
My radio should be different, ATT radio 4A 14.3250.13_10.33.1150.01L
[email protected]/# /system/etc/init.d/00firmware
/system/etc/init.d/00firmware
00firmware
**VENOM: mdmFolder: /system/mdm
**VENOM: Flag File: /system/mdm/radiover.cfg
**VENOM: Mounting /system/mdm to /firmware/mdm
[email protected]/#
Click to expand...
Click to collapse
Looks like the script ran but but the radio from Turge's package is also 4A 14.3250.13 (same as your AT&T). We cannot be sure if it worked because the radio is the same version anway. We need to mount an older radio with a different number.
---------- Post added at 11:53 PM ---------- Previous post was at 11:43 PM ----------
Turge said:
Do you have a link to the ruu?
Click to expand...
Click to collapse
Turge, it seems your package uses the same radio that nugzo's device already has. Would you mind creating a new package from an older radio with a different version number?
This is the link to the RUU with a different radio version (4A.13.3231.20 instead of 4A.14.3250.13):
http://www.androidfiles.org/ruu/sec...0_10.30.1131.05_release_309365_signed_2_4.exe

Categories

Resources