Here is a small AutoHotkey script for getting your bricked phone back in the game in less than 10 minutes. Today I noticed that my dear phone spent more time being bricked than alive. This all due to failed overclocking trials with next Nova kernel version. And even if I already managed to get my phone up in half an hour or so it still involved a lot of manual work which was disturbing my parallel tasks. Considering the fact that my endeavours with OC are still half way there I decided to automate my life a little. I chose AutoHotkey because it allowed easy interaction with LG Update tool.
Here are the files you'll need:
Code:
161 792 adb.exe
96 256 AdbWinApi.dll
585 731 psneuter
6 291 456 recovery.img
1 534 unbrick.ahk
238 968 158 V10A_00.kdz
adb.exe and AdbWinApi.dll are taken from Android SDK, psneuter is from SuperOneClick, recovery.img I dumped from my phone mmcblk0p4 partition, unbrick.ahk is the script I wrote (you'll need to install AutoHotkey to run it), and V10A_00.kdz is LG KDZ. I did not try newer KDZ versions as my goal here was only to get recovery up and running to be able to flash CyanogenMod and continue from there. The script presumes that you already have LG USB drivers and B2C Client installed.
And here's the script itself:
Code:
; start LG Update tool (presumably installed at %ProgramData%\LGMOBILEAX\B2C_Client\)
Progress, m zh0, Starting LG S/W Update...
Run, %ProgramData%\LGMOBILEAX\B2C_Client\LGUserCSTool.exe userid=QM;usertype=B2C;region=K;country=KR;branch=KR;csemergency=F;language=KR;startstep=1;mode=TRUE;url=%A_ScriptDir%\V10A_00.kdz;binversion=V10A_00;localurl=%A_ScriptDir%\V10A_00.kdz;localver=V10A_00;usernd=Y;fileclass=CSE
WinWait, Select Country
Control, ChooseString, Diff, ComboBox1
Control, ChooseString, English, ComboBox2
Send {Enter}
WinWait, LG S/W Update
; wait for update to finish
ControlGetText, s, Edit4, LG S/W Update
Progress, m zh0, Waiting for LG S/W Update to finish...
While InStr(s, "Found(2004, 100)") = 0 {
Sleep 100
ControlGetText, s, Edit4, LG S/W Update
}
Process, Close, LGUserCSTool.exe
; at this point the phone should be rebooting
Progress, m zh0, Wait for the phone to reboot and turn on USB debugging to continue.
RunWait, adb.exe kill-server
RunWait, adb.exe -d wait-for-device
; get temporary root and flash recovery
Progress, m zh0, Rooting...
RunWait, adb.exe -d push recovery.img /data/local/tmp/
RunWait, adb.exe -d push psneuter /data/local/tmp/
RunWait, adb.exe -d shell "chmod 0755 /data/local/tmp/psneuter"
Run, adb.exe -d shell /data/local/tmp/psneuter,,,pid
Sleep 3000
WinKill, %pid%
RunWait, adb.exe kill-server
RunWait, adb.exe shell "dd if=/data/local/tmp/recovery.img of=/dev/block/mmcblk0p4"
Progress, OFF
RunWait, adb.exe reboot recovery
MsgBox, The phone is rebooting into recovery now and we're done here.
Just boot your phone to software update mode and execute unbrick.ahk. It'll perform the following tasks:
Executes LG Update tool, waits for it to finish, and kills it then
Waits for you to enable USB debugging
Roots the shell with psneuter, flashes and reboots to recovery
From this moment on you can already continue inside recovery to restore your backup or flash CM and so on. This and enabling USB debugging are the only user interactions, everything else is automated with the script.
I hope someone will find it useful beside me as well. Do not fear experimenting with stuff and bricking the phone - unbricking is as easy as running a single script. This is a huge timesaver if you're planning to do this in hourly basis
I've almost always got bootloop with my experiment for bluetooth-audio, but still have nandroid backup and working recovery button
Thanks for your hardwork, aprold
Count me in! I don't know how many times I bricked/unbricked my phone (poor thing). Thanks for dedicating such time.
does it perform a hard reset ?
Thanks a lot aprold, i happen to brick my phone averagely 2-3 times a week. Will surely follow this method with next brick. Perhaps for the first time i 'm eager to see my OB bricked.... may your nova v12 test version give that chance.
Fantastic work, thanks!
Ilko said:
does it perform a hard reset ?
Click to expand...
Click to collapse
What do you mean by that? Wiping data? This is actually a good idea as you'd have to do this in recovery anyway. I'll add it next time I'm bricking my phone
Please add the archive with all files.
aprold said:
What do you mean by that? Wiping data? This is actually a good idea as you'd have to do this in recovery anyway. I'll add it next time I'm bricking my phone
Click to expand...
Click to collapse
I mean the reset process which is performed when r&d test tool is used. in some cases this is the only way to unbrick
Please add the archive with all files.
My phone is in black screen with 4 button blinking. Can't get into Software Update mode. what should I do?
Wrong place to post that. Read the unbricking thread. Do you mean you can't access software upgrade mode by plugin your usb with the battery removed? Did you try with adb?
Worked for me!! Only with V10A_00!!
I also made your script executable with AHK Compiler.
Problems:
- "Different country" and "English" are not automatically selected...
- LGUserCSTool remains at 4% ... but ...it still works
- After the phone reboot, I had to kill LGUserCSTool program with task manager..
- tried with v10i and the script didn't work
But the final result is the one I expect!
Ideeas:
- can V10A firmware been stripped down to the bones in order to speed up the process? maybe a fake firmware?!?
- What has to be changed in order to flash another (any) firmware version, besides V10a, obtaining the desired firmware installed... and rooted in the same time.... Maybe it can be done including installing some user apps... huh?
Please post the files
Since recovery phone via lgb2c doesn't worked at all,so I just have to try this BUT no files are included!! Please post it ASAP before my parents caught my phone bricked....
Does it matter from which rom the recovery.img is coming from? If not, do you mind me uploading the whole package? Nice tutorial anyway
One thing I just noticed, the script uses the wrong path to the LG software in german XP version, as it seems.
The path isn't called D:\Dokumente und Einstellungen\All Users\Application Data\LGMOBILEAX\B2C_Client
but D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\LGMOBILEAX\B2C_Client
maybe also different in other languages...
but I simply searched the file and replaced the line, just wanna inform you, if anyone else reports problems
-edit-
-removed-
-edit2-
Is it possible to revert from v20x to v10x like this? Or will it brick the phone?
-edit3-
can really noone answer my question?
Still waiting for an answer... noone who tried it?
Nice one , I will try on next Brick. I already unbricked my OB by Smart Flash almost 5 times.
Package
Just created a full package to do exacly the same as explained in the first post.
Read the included README!!.txt first!
Download: http://d-h.st/mUM
Does this work to Root v20b?
when i start unbrick.exe this error show
Related
I'm working to enable FM radio functionality, RX and TX on HTC Legend and other devices with TI FM chip.
I need help to get this done ASAP. I'm an experienced embedded Linux dev, but I'm pretty new to smartphones and Android.
A few weeks back I managed to muddle my way through on phone gold card creation, downgrading, rooting, CWMod (2.5 ?) installation, CMMod7 nightly install, S-Off and new Radio flash. Since then I haven't flashed anything and probably forgot half of what I learned.
So now I want to flash the best ROM for the purpose of figuring out the audio routing "secrets" of the HTC FM app. Any suggestions for the best ROM for that purpose ?
Next, I could use some pointers to the best posts or web pages to refer to for flashing the HTC Rom, and then later flashing back to CM7. As easy as possible. Can I do something Nandroid like and save the entire state of the phone to easily get me back to where I started with CM7 ?
Yes, I AM a dev, but very much appreciate easy to follow step by steps that don't leave me scratching my head wondering if I'll brick my device or create some other catastrophy . Eg: Should I ignore those error messages or not worry ? Do I have to reboot 5 times while clicking my heels ? Etc.
Once I get the above figured out, perhaps this thread can be used for discussion of the observations and any reverse engineering results.
Thanks !
Well, the best ROM would probably be BlaY0's, as it has the FM functionality. Take a nandroid of that and then install CM (as that's what your developing for, ye?). Then nandroid the CM and you can easily switch between the 2 without the need to set it up again.
BlaY0's ROM is based of the official HTC one, so it would probably do for the reverse engineering stuff. Thus I don't think you'd need to go back to a stock HTC ROM. If you do you can just flash a pre-rooted one (found here) and that would do it.
TheGrammarFreak said:
Well, the best ROM would probably be BlaY0's, as it has the FM functionality. Take a nandroid of that and then install CM (as that's what your developing for, ye?). Then nandroid the CM and you can easily switch between the 2 without the need to set it up again.
BlaY0's ROM is based of the official HTC one, so it would probably do for the reverse engineering stuff. Thus I don't think you'd need to go back to a stock HTC ROM. If you do you can just flash a pre-rooted one (found here) and that would do it.
Click to expand...
Click to collapse
OK, thanks GrammarFreak. BlaY0's ROM 0.7 it is.
Hate to be/seem so newb-ish....
So I'm running CM7 now. So:
(1) Run ROM Manager Backup.
(2) Watch phone go into recovery mode with red triangle and exclamation mark.
(3) Don't freak as the backup will take maybe 10-20 minutes or so.
(4) Phone reboots back to CM7 I presume.
(5) Pull any important data from sdcard including ROM backup files.
(6) Download http://blay0.r3volutionary.net/b-0.7.zip
(7) Run ROM Manager to flash Blayo.
(8) Reboot and mess around with Blayo ROM.
(9) When done messing, optionally save Blayo ROM and mods with ROM Manager Backup.
(10) Use ROM Manager restore to return to CM7 ROM.
Sound good ? I don't even have to remember which key when booting brings up CWMod recovery mode ?
I couldn't find a canonical web page documenting CWMod/ROM Manager and it's usage.
Gee my phone has been stuck in red mode for a while now...
EDIT: So I'm reading threads and getting the impression the red triangle is not what I want. So I run "adb reboot" and will check and see if the backup looks good.
I can understand that the "community" has to somehow pull together to pool info, but my experience seems typical of what so many face.
In order to figure out some sort of semi-foolproof method of doing XYZ it seems I have to search threads all over to collect the full info. 50-100+ page threads are a challenge. Do I start with the first few posts or pages of posts, or should I skip to somewhere near the end for latest info ? Yes I can read to see if first posts are updated etc.
Before I started the rooting process on my phone, I read QUITE a few big threads from begin to end. And I made LOTS of notes to try and figure it all out and avoid problems. And my head got so full it almost exploded, and I almost sorta gave up, dived in, did a few more google searches on the way and thankfully finally ended up with a nicely open device.
But it all seems so ridiculously difficult, UNLESS you happen to come across some very succinct, accurate and informative HOWTO somewhere that works well for you.
/rant off
Ok, I want you to do a couple of things:
Forget about ROM manager, it's a piece or crap and it creates more problems than it solves.
So, you said you performed S-OFF, correct? Did you let the S-OFF procedure install ClockworkMOD recovery? Given the red triangle of doom I doubt it. No worries. Here's what you do:
Download this (it's the ADB tools) to a known location. Then extract the zip to a known location. Open a command window in that location (for the sake of this guide: C:\ADB) So open CMD (start, run, type CMD, hit enter) In CMD type "cd C:\ADB". Plug your phone into the computer (make sure you're using CM). Debugging mode should be on (you'll get a notification in the status bar of your phone). Now, I want you to download this (CWM 2.5) and save it to C:\ADB. In CMD type "adb push recovery.img /sdcard" Wait for it to complete. It will output a file-size, time taken and resultant transfer rate. When it's completed type "adb shell". You'll end up with a "#" and nothing else (if you get a "$" just type "su" and hit enter, and on the phone's screen accept the Superuser request). Now, type "flash_image recovery /sdcard/recovery.img", let it do it's thang. When you see the "#" type "reboot recovery", and your phone will reboot to CWM. This is what I refer to as a win
Now, from clockworkMOD you can use the trackball (move and click) to select "backup/restore" then "backup". Let it do its stuff. Once backed up you can flash B-0.7 and then back that up. Note down the name of each backup so you know which is which
TheGrammarFreak said:
Ok, I want you to do a couple of things:
Forget about ROM manager, it's a piece or crap and it creates more problems than it solves.
So, you said you performed S-OFF, correct? Did you let the S-OFF procedure install ClockworkMOD recovery? Given the red triangle of doom I doubt it. No worries. Here's what you do:
Download this (it's the ADB tools) to a known location. Then extract the zip to a known location. Open a command window in that location (for the sake of this guide: C:\ADB) So open CMD (start, run, type CMD, hit enter) In CMD type "cd C:\ADB". Plug your phone into the computer (make sure you're using CM). Debugging mode should be on (you'll get a notification in the status bar of your phone). Now, I want you to download this (CWM 2.5) and save it to C:\ADB. In CMD type "adb push recovery.img /sdcard" Wait for it to complete. It will output a file-size, time taken and resultant transfer rate. When it's completed type "adb shell". You'll end up with a "#" and nothing else (if you get a "$" just type "su" and hit enter, and on the phone's screen accept the Superuser request). Now, type "flash_image recovery /sdcard/recovery.img", let it do it's thang. When you see the "#" type "reboot recovery", and your phone will reboot to CWM. This is what I refer to as a win
Now, from clockworkMOD you can use the trackball (move and click) to select "backup/restore" then "backup". Let it do its stuff. Once backed up you can flash B-0.7 and then back that up. Note down the name of each backup so you know which is which
Click to expand...
Click to collapse
Thanks for the newb-friendly instructions. Much of I don't need, but may help others.
I'm running Linux, I've had adb etc installed for 2 weeks. I've got the SDK installed w/ Eclipse but never tried it, but have done App Inventor. And I've been poking around in the innards of the various source codes, binaries, firmwares and other files for the last 2 weeks too.
OK, I'll "Forget about ROM manager" and just use CWM after manually rebooting into it with Volume Down or whatever.
I'm pretty positive I'm S-OFF and have CWM 2.5.0.0.7 or so installed. ROM Manager says so. I have CWM on before I S-Offed using the Bell/Virgin modified alpharev boot disk.
I'll do the backup manually with CWM later tonight when I get back to this. I checked the SD and the backup isn't there, although there are still 3 backups I took when I installed CM7 2 weeks ago.
So I guess I do a complete flush or wipe or whatever when installing the new (or a backed up) ROM ? And since the backup is a nandroid type it will absolutely restore to exactly the same state as when the backup was taken ? But the SD card is not touched...
EDIT:
"adb reboot recovery" gives me red triangle of doom.
"adb reboot bootloader" gives me AlphaRev and I see S-Off and HBOOT 1.000000000
Did AlphaRev remove CWM ?
Given that you get the red triangle we can assume you don't have CWM installed to /recovery, you have it in fakeflash. Nothing inherently wrong with that, just FYI
As for your rant in post numero uno, I've often considered trying to put together a comprehensive "document" on the matter, but it'd take an age and would probably raise more questions than it'd answer.
"adb reboot recovery" gives me red triangle of doom.
"adb reboot bootloader" gives me AlphaRev and I see S-Off and HBOOT 1.000000000
Did AlphaRev remove CWM ?
Click to expand...
Click to collapse
See above about fakeflash. You could well use the image I linked above and use flash_image on the phone or fastboot to flash it
Fakeflash is pretty easy, I either do that or do my business in rom manager as I find that easy.
Rom manager method for installing a new rom:
If rom manager isn't installed, do so from the market
start up rom manager
tap "backup current ROM" (I suggest naming your backup, I just use the rom name)
Let it reboot and do it's thing
When it's booted back into CM7, open up rom manager again
tap "install ROM from SD card"
browse your sd for your rom and tap it.
You are presented with 2 check box options
Since we already backed up make sure "backup existing rom" is unchecked
If you are flashing a new rom, make sure "Wipe Data and Cache" is checked
If you are flashing a newer version of the same rom, you can leave this area unchecked as it will not erase the stuff stored on the phones built in memory
Press ok, let it do it's thing and thats it.
Place the fakeflash update.zip from http://forum.xda-developers.com/showthread.php?t=698404 on the root of your sd card
turn off your phone
Hold the volume down button as you press the power button
using the volume buttons, navigate to "recovery"
press power
your phone will reboot to th red triangle (of DOOOM)
Don't panic, hold volume up and press power (if it gives you an error just wait few seconds)
Using the volume buttons to scroll and power for enter choose "apply sdcard:update.zip"
Use the trackball and go to "Nandroid" if you are using ClockWorkMod 2.5.xxx fake flash or "backup and recovery" if you are using ClockWorkMod 3.xxx
hit "backup"
Let it do it's thing
If you're installing a new rom, scroll to "wipe data/factory reset", wait, then choose "wipe cache partition". If your installing a newer version of the same rom, don't bother.
Scroll to "install zip from sdcard"
scroll to "choose zip from sdcard"
choose your zip, let it do it's thing, and thats that.
You're SD is not touched at all during flashing, no need to backup those files.
Wow, can't believe I typed all that out...
TheGrammarFreak said:
As for your rant in post numero uno, I've often considered trying to put together a comprehensive "document" on the matter, but it'd take an age and would probably raise more questions than it'd answer.
See above about fakeflash. You could well use the image I linked above and use flash_image on the phone or fastboot to flash it
Click to expand...
Click to collapse
Re: rant, don't want to come off as complaining, I KNOW documenting semi-foolproof procedures is tons of work, to do properly. I understand a big problem is consideration of the large set of combinations of ROMs, recoveries, apps, S-On/S-Off states, Radios, etc.
OK, cool, I want "realflash" type recovery then. I guess that's one reason to have S-Off ?
I had to slightly alter your first command by appending a '/'.
EDIT: WOOHOO ! Success I think ! Feel free to skip the rest of this post unless you want to hear the details of my adventure...
Thank you ! Editing this post the last hour I wrote "Success ! " here anticipating such, but alas, I have some issue.
I don't know if I have to be extra patient as deodexing happens, Or if I'm stuck in some boot loop... I see "HTC quietly brilliant" and screen flashing on and off and re-writing the HTC spam.
Re: HTC FM app. OK, cool, I see :
ls -l /system/app/HtcFMRadio.apk
-rw-r--r-- root root 826176 2008-08-01 07:00 HtcFMRadio.apk
And bluetooth. Is there any way to switch normal media output, like from TuneIn radio etc, to my cheap new bluetooth headset ? I pushed the button in CM7 and I see I could start a voice dial, but I figured BT would take over all audio I desired routed through it.
-----------------
I did:
adb push recovery.img /sdcard/
adb shell flash_image recovery /sdcard/recovery.img
adb reboot recovery
In the CWM menu I had to select "Nandroid", and then "Backup".
That completed.
I didn't want to bother rebooting, so manually grabbed the backup files:
adb shell ls -l /sdcard/clockworkmod/backup/
adb shell ls -l /sdcard/clockworkmod/backup/2011-02-27.03.19.57/
mkdir cm7backup-2011-02-27.03.19.57
cd cm7backup-2011-02-27.03.19.57
adb pull /sdcard/clockworkmod/backup/2011-02-27.03.19.57/boot.img
adb pull /sdcard/clockworkmod/backup/2011-02-27.03.19.57/cache.img
adb pull /sdcard/clockworkmod/backup/2011-02-27.03.19.57/data.img
adb pull /sdcard/clockworkmod/backup/2011-02-27.03.19.57/nandroid.md5
adb pull /sdcard/clockworkmod/backup/2011-02-27.03.19.57/recovery.img
adb pull /sdcard/clockworkmod/backup/2011-02-27.03.19.57/system.img
Then to be sure:
cat nandroid.md5
md5sum *.img
Yes, looks good ! Now for Blayo:
cd ..
adb push b-0.7.zip /sdcard/
Goto CWM. Version 2.5.0.1, I had a 7 at the end before. Fine I'm sure.
Use volume up/down to select install from a ZIP. Press power to select. Oh, oh, shoulda used the trackball switch as it powered off.
Whoops, press power again and screen comes back, LOL. Choose zip from sdcard and use trackball switch this time. Move and select Blayo b-0.7.zip
Wonderfully wacky confirmation. Error message saying it can't find the zip file. Hmmm....
Reboot a few times and finally do "adb reboot recovery" and retry install from ZIP.
No go, get:
-- Installing: SDCARD:b-0.7.zip
Finding update package...
Opening update package...
E:Can't open sdcard/b-0.7.zip
(bad)
Installation aborted.
Try to open 98 MB zip file. No go. AHA ! corrupted file.
Try download from mirror 2: http://www.dkmdesign.dk/custom_roms/blay0/b-0.7.zip File is supposed to be 126 MB.
Gee I'm glad there's an unzip process that checks the integrity of ROM flashes.
So again:
adb push b-0.7.zip /sdcard/
And install, running..... Done !
Try to use power button to reboot. Use back key and "reboot system now". Cross fingers and offer the gods sacrifices...
See androids on skateboards again. Recall I may have to be patient as deodexing happens... See "HTC quietly brilliant" spam,,, in this context,good. Waiting....
Waiting.... screen flashing on and off and writing the HTC mind control spam.
Try reboot when tired of waiting and same thing. AFAICT, from "adb shell ls * etc" on the filesystem, Blayo ROM is installed but just won't stop flashing the HTC logo.
speedyink said:
If you are flashing a new rom, make sure "Wipe Data and Cache" is checked
Click to expand...
Click to collapse
Thanks. Maybe that's my boot loop or whatever problem now. I didn't recall seeing that option, but should be there with CWMod, so I'll try installing Blayo again after that.
There was some Wipe in main menu, and another w/ factory reset. Also in advanced menu I selected Wipe Dalvik cache. I left the Battery Stats alone. Hmmm. Naah !
Did all 3 wipe twice for good luck. Rebooted in between. Installed. Now waiting... Oh here's the HTC screen again. Time to read the Blayo thread to see how long to wait. etc.
Man what a pain ! Yet likely a world easier than the new paths I attempted to forge on my previous LG Optimus Chic resulting in a hard brick, LOL.
WOOHOO ! Success I think !
Welcome to the BlaY0 universe.. Just remember that many of us went through this journey as well to have our phone in same state Glad you got to fully download the BlaY0 rom from my mirror.. now happy reverse engineering..
Sent from my Legend using XDA App
whitetigerdk said:
Welcome to the BlaY0 universe.. Just remember that many of us went through this journey as well to have our phone in same state Glad you got to fully download the BlaY0 rom from my mirror.. now happy reverse engineering..
Sent from my Legend using XDA App
Click to expand...
Click to collapse
Thanks. Figured I was finished messing with such nasties once I had CM.
(In case you aren't aware, I have scripts that make the FM radio "work" on CM7. I can scan and see RSSI as expected etc. Only "problem" is I haven't figured out the audio routing part yet so no sound, which is why I'm exploring the HTC app for it's special tricks.)
What I want to do now is try running my hcitool scripts and see if they work on Blayo ROM.
If yes, then the Blayo ROM has something the CM7 ROM needs.
If no, then there's likely some magic step required on either stock ROM or CM7 ROM and likely the HTC FM app is doing that step, directly or indirectly.
But the needed hcitool is not on Blayo ROM. I find 3 of the hci utils and install them. Now I can't get hciattach running, which I think is needed for hcitool.
I'm guessing I can edit /init.legend.rc and change service hciattach to enabled. Reboot and no dice. Try running from command line also with no luck. At one point it hung, but now:
# hciattach -n -s 115200 /dev/ttyHS0 texasalt 4000000 flow
Unknown device type or id
# hciattach -n -s 115200 /dev/ttyHS0 any 4000000 flow
Can't set device: Device or resource busy
Can't initialize device: Device or resource busy
# hciattach -n -s 115200 /dev/ttyHS0 any
Can't set device: Device or resource busy
Can't initialize device: Device or resource busy
Waiting with baited breath
Sent from my Legend using XDA App
pjgodd said:
Waiting with baited breath
Sent from my Legend using XDA App
Click to expand...
Click to collapse
Bated ? Baited=fish
Well AFAICT, the world of Bluez bluetooth and hciattach, hcitool, hciconfig and hcidump doesn't get along with the TI BT stack world of btipsd and btipds_cli.
I'll have to bust out the NDK and start trying APIs.
But FIRST, I'm happy to report that btipds_cli is a pretty interesting and cool tool. Once I rebooted, turned BT on and learned the quirky UI, it wasn't too long before I had FM audio coming out of the speakers or the headphone.
I even tried a BT over FM option in another menu, but no go. Next I'll try the FM Tx, cause I'd REALLY like to see if that works.
btipds_cli doesn't seem to want to start FM a second time though, so a few reboots might be needed for testing.
I think it's possible that the "14.start_audiO" option in the "4.fm_Rx/" is the missing link for FM in non HTC ROMs. I don't know yet if it initiates a digital PCM / SCO connection or just switches analog. I don't see any new processes for that but btipsd might be doing the good stuff.
Following this thread with great interest..
Sent from my Legend using XDA App
I still can't get the transmitter to work, despite all the commands seeming successful. Both with hcitool on CM7 and btipsd_ci on Blayo0.7.
So I think one, or both, of the following are the TX issues:
(A) - It is somehow disabled by the hardware. The Tx antenna pin could be tied to ground, perhaps even through a capacitor or something. It may even just be unconnected and unable to transmit a few inches because it's inside an RF shield.
(B) - The firmware file for the FM portion disables TX, yet the registers still respond as if it works.
(A) would be difficult to infeasible to fix.
(B) should be fixable by loading a firmware file from a TI FM chip device that is known to support transmission.
For a TI based device that is known to transmit, I presume firmware files for a TI or TI partner evaluation board may work.
So far I can't get hciattach and hcitool etc working on BlaY0 ROM.
I HAVE, however, gotten btipsd and btipsd_cli to work on CM7. I had to create the /data/btips directory and am running btipsd manually in foreground.
What I find is exactly the same as with my hcitool scripts: everything seems to work but actual sound doesn't exit the device. Even after doing everything else the same as with BlaY0 ROM.
The /etc/firmware files on both ROMs are identical.
So I'm thinking there is some other thing separating the two ROMs. Could be some HTC customized library, or a config file or who knows.
Hi Mike, your work is appreciated, i hope you wil get it to work. We have great legend dev's. Please BlaYo and. Ali Ba, help this guy!
mikereidis said:
I HAVE, however, gotten btipsd and btipsd_cli to work on CM7. I had to create the /data/btips directory and am running btipsd manually in foreground.
Click to expand...
Click to collapse
Then you got as far as I did a few months ago. The btipsd stuff can be found in the original init.legend.rc, if you are interested.
mikereidis said:
So I'm thinking there is some other thing separating the two ROMs. Could be some HTC customized library, or a config file or who knows.
Click to expand...
Click to collapse
"Customized library" applies here, but that's in fact a euphemism for "all kinds of proprietary code in the framework".
I gave up reverse engineering after looking at the disassembled HTC radio application. As I already told you there are loads of pointers to closed source TI code that can be found in the framework (= /system/lib/whatever.so). You will have to reverse engineer all those rpcs, libandroid_servers and god knows whatnot.
ali ba said:
I gave up reverse engineering after looking at the disassembled HTC radio application. As I already told you there are loads of pointers to closed source TI code that can be found in the framework (= /system/lib/whatever.so). You will have to reverse engineer all those rpcs, libandroid_servers and god knows whatnot.
Click to expand...
Click to collapse
Oh, there must be SOME shortcut...
Since I have the FM radio and audio working with the btipsd_cli. I'm not sure the answer would lie in the HTC FM app. Or at least the answer is in btipsd_cli also.
I'd love to find the source to btipsd_cli. I DO have source for TI's fmapp and fmstack-0.12 and I can see they share some, but not all code.
In a log I can see an HCI command is sent when audio starts; I just don't know which one or with which parameters.
btipsd_cli has some rather weird bugs that prevent me from experimenting well with audio routing. When I disable analog, audio keeps playing. At first I thought it was using digital, but now I think it's part of the buginess. When I select various digital options, various weird things happen, including a crash in btipsd for most of them.
If I can run some HCI queries, I might get better clues or the actual answer. I managed to get hciattach to sort of work with "texas" as the type, but I think I need "texasalt" and the binary I have that runs on Blayo doesn't support it. The CM7 binaries wont run on Blayo.
So unless there are some other tools I can use, I'm wondering if it's time to write an NDK app.
Unless I can increase the verbosity of the btipsd logging to tell me everything it's doing. Will check.
These AudioRouting strings aren't in the CM7 libandroid_runtime so I tried pushing the Blayo lib to CM7. GUI never boots fully, but no audio still using the btipsd_cli.
Same when I also replace libandroid_servers.so, bluez-plugin/audio.so and bluez-plugin/input.so
strings blayo/system/lib/libandroid_runtime.so |grep -i audiorouting
FM_RX_DisableAudioRouting
FM_RX_EnableAudioRouting
nativeJFmRx_SetAudioRouting(): Entered
nativeJFmRx_SetAudioRouting: fmapp_set_audio_routing() returned %d
nativeJFmRx_SetAudioRouting(): Exit
nativeJFmRx_disableAudioRouting(): Entered
nativeJFmRx_disableAudioRouting: FM_RX_DisableAudioRouting() returned %d
nativeJFmRx_disableAudioRouting(): Exit
nativeJFmRx_enableAudioRouting(): Entered
nativeJFmRx_enableAudioRouting: FM_RX_EnableAudioRouting() returned %d
nativeJFmRx_enableAudioRouting(): Exit
nativeJFmRx_EnableAudioRouting
nativeJFmRx_DisableAudioRouting
nativeJFmRx_SetAudioRouting
FM_RX_DisableAudioRouting
FM_RX_EnableAudioRouting
DisableAudioRouting
EnableAudioRouting
How to downgrade to 1.36 (release ruu)
This only works on froyo based roms, gingerbread radio won't downgrade
About:
Currently it is not necessary to downgrade since no exploits have been found. But for the case we have to downgrade, we have it. It is currently only tested on the leaked ASIA rom, but cannot imagine it is not working on later/other ROMs.
I have nothing to do with this method, i only wrote the guide.
This guide is based on the DHD downgrade (so many similarities will be found)
Anyhow keep in mind that:
You will lose all data on your phone (not from your sd-card)
First boot after downgrade can take pretty long (a few minutes) so dont be scared it didn't work and absolutly DON'T pull your battery out. Just wait a while, if its beyond 15min and still not working. Come here and ask. And DONT PULL THE BATTERY unless you are told to.
Thanks:
Scotty2, rhcp and Guhl for development of this method
jkoljo for putting up the DHD guide
bippolinno for the ruu mirror
lge73 for testing and getting it done
If i miss someone, please tell me and i add u
System requirements:
HTC Sync (or ADB drivers)
Incredible S with build number higher than 1.36
A working ADB setup (ADB is included in the downgrade package though)
Howto downgrade:
If you have a branded device, Goldcard is required (have not tested it if its required for a non-branded device EDIT: unbranded seems to work without goldcard)
The PG32IMG.zip (if the download is not working extract it from the RUU, can be done by yourself (see below))
Connect Incredible S to a computer. Charge only, USB Debugging enabled!
Open up cmd/terminal and go to downgrade folder
Code:
adb push psneuter /data/local/tmp
adb push misc_version /data/local/tmp
adb shell chmod 777 /data/local/tmp/psneuter
adb shell chmod 777 /data/local/tmp/misc_version
adb shell /data/local/tmp/psneuter
adb shell
If you got "#" in the result, you have temproot! Proceed:
Code:
cd /data/local/tmp
./misc_version -s 1.31.405.1
Put the PG32IMG.zip on the root of your SD Card (trough adb push or just connect it as a disk drive)
Reboot into bootloader (adb reboot-bootloader or hold volume down while rebooting)
Follow the instructions
Ready, you have downgraded your Incredible S to release ROM
Extracting rom.zip from RUU.exe
Ruu can be found here
Make sure your INC s is connected
Start installer
Click next
Click next
Goto your temp folder (open the start menu, type %tmp% and press enter, ty l0st.prophet)
Sort folders on date
Pick the most recend and look inside one of that folders for rom.zip
Copy it to downgrade folder (or anywhere else) and rename to PG32IMG.zip
Disclaimer:
I am not responsible for bricks
Thanks to all involved!
I would recommend that you mention all data on the device will be wiped by this downgrade and that the reboot after downgrade will take a little while and not to get scared or do silly things like pull the battery out!
Thank you for this very clear guide !
Now, I just need to know where to get the European rom ! (i will install the european rom instead of the asian)
Someone can give me the link ? Please ?
It is in the guide (RUU.exe). Just download and install. Just received message from the tester that it is also possible with just the misc_version hack and use the RUU.exe
It is the oldest currently available. But i'm not 100% sure if its the same as the old European Rom, but it has the same number as mine (Netherlands) so i quite sure its the same.
I can not extract with ruu...
Cause i have an asian version. I didn't upgraded it...
I just need to install the european Rom.
If someone can share this for me, it will be great !
Thank you guys
Like i said: download the ruu from this topic it is the european. Than follow the guide. I don't know how I can be any clearer.
Don't know what the problem is since all you say that you want the European ROM. Btw if you have preinstalled Asian ROM, there is a possibility that there are minor differences. But you can always flash the Asian ROM back.
Thank you again...
Sorry but my English and android's knowledge are not so good
That's no problem. I advice to get a little basic knowledge about Android, since this process on the IS is still in its early stage a lot can go wrong and currently there are not many methods available for fixing it. Not that a lot can go wrong here, but if it does you are screwed.
So if you don't know what is going on, I advice to stay at the default stock ROM.
Extracting rom.zip from RUU.exe
Ruu can be found here
Make sure your INC s is connected
Start installer
Click next
Click next
Goto your temp folder
Sort folders on date
Pick the most recend and look inside one of that folders for rom.zip
Copy it to downgrade folder (or anywhere else) and rename to PG32IMG.zip
Oh hell 2 nights I used to figure it out were that temp folder could be.
First I had to turn on the option see hidden files.
C:/Users/%user%/Appdata/Local/Temp
Windows is so frustrating wen your used to a Mac.
ab65 said:
Extracting rom.zip from RUU.exe
Ruu can be found here
Make sure your INC s is connected
Start installer
Click next
Click next
Goto your temp folder
Sort folders on date
Pick the most recend and look inside one of that folders for rom.zip
Copy it to downgrade folder (or anywhere else) and rename to PG32IMG.zip
Oh hell 2 nights I used to figure it out were that temp folder could be.
First I had to turn on the option see hidden files.
C:/Users/%user%/Appdata/Local/Temp
Windows is so frustrating wen your used to a Mac.
Click to expand...
Click to collapse
It's alot simpler than that, just open the start menu, type %tmp% and press enter. Voila!
thanks l0st.prophet
that information comes in handy. it's so easy if you know
don't ask how long I used to get a working ADB setup, and that is also a piece of cake wen you figured it out.
( I'm still on PPC Mac and muss use the Pc of my son, and he is enjoying it seeing me so helpless on windows system)
But it's a great tutorial and in the end all went fine.
Thank you xda comunity.
thanks for share
this is very helpful
does this work for s-on devices?
shiftyllama said:
does this work for s-on devices?
Click to expand...
Click to collapse
Yes, although it's untested on the new GB ROMs.
I get an error when running the adb command:
adb shell /data/local/tmp/psneuter
reading:
Failed to set prot mask <Inappropriate ioctl for device>
I'm trying to downgrade from Vivo_Gingerbread_S_Virgin_Mobile_AU_2.12.981.2
Any ideas. Does the psneuter exploit no longer work with gingerbread?
doctorsax said:
Yes, although it's untested on the new GB ROMs.
Click to expand...
Click to collapse
Tested on Gingerbread 2.3.3 but, the radio will not downgrade so the OS does not load.
The "How to" is a little different tho.
Note: Do not update to GB if you want to downgrade back to froyo anytime soon.
I'll attach this here for safe keeping.
touchpro247 said:
Tested on Gingerbread 2.3.3 but, the radio will not downgrade so the OS does not load.
The "How to" is a little different tho.
Note: Do not update to GB if you want to downgrade back to froyo anytime soon.
I'll attach this here for safe keeping.
Click to expand...
Click to collapse
so am i stuck with the aussie virgin ROM untill an RUU for europe is released?
shiftyllama said:
so am i stuck with the aussie virgin ROM untill an RUU for europe is released?
Click to expand...
Click to collapse
Yes or until a full root method is released.
I am trying to downgrade now tho and then force the ota.
Wish me luck...
touchpro247 said:
Yes or until a full root method is released.
I am trying to downgrade now tho and then force the ota.
Wish me luck...
Click to expand...
Click to collapse
good luck.....
and let us know if you manage it and how!!
If you are looking for how to get back to stock Bell, go HERE.
Disclaimer: I have not tested this on anything but my phone. This is a development section of a hacking website. Make backups. Know what you are doing.
Credits:
Brut.all for apktool
edgan for 2nd-init
designgears for aroot inspiration.
xda for being a source of info.
Requirements:
Windows 7 or Ubuntu 10.10+ (10.10 and 11.04 tested)
Java installed. (For applymods, it uses apktool)
Running Phone, not in recovery mode, etc.
Tips:
Don't factory reset please if something goes wrong, it just erases your personal settings, it doesn't write to the system partition. It also deletes your data partition, making it harder to get back to stock.
Early usb mode, turn your phone on while holding down the lower volume button, when it says fastboot, release and press volume down repeatedly until it says early usb enumeration, then press up volume. It takes 30 seconds or so before adb is ready.
Version 9:
Download it here.
What's new:
Added support for 2nd-int (WIP, tested on stock Bell only)
shsu updated to allow a super user to become a super user, acts like sh in that case.
fixed linux install_recovery.sh and uninstall_recovery.sh scripts to use shsu instead of remaining using su. Ditto with ApplyMods.sh
Boot animation now smaller, using jpegs instead of png files, no difference in appearance.
Version 8:
Download it here.
What's new:
Added full phone backup and full restore phone options to the menu. It will download a backup if there is none found.
root script more universal, tries psneuter first, then gingerbreak.
Early usb recovery updated, now uses a tmpfs for system, also mounts /sdcard and /sdcard-ext.
Deodexed French 2.1.1 files incorporated.
Misc fixes
Version 7:
What's new:
New Menu script for windows and linux in the top folder, double click Menu and enter options.
ApplyMods and other scripts updated to use /data/local/tmp/system, this means I can update system.tar.gz and add folders to be copied into system.
Early USB enumeration recovery option. (experimental but useful as is)
Fixed bugs in windows scripts. Can't get user input from bat file while in a parenthesis block apparently.
Bloat backed up to sdcard now
root and unroot scripts updated with more prompts for rebooting phone.
Version 6:
What's new:
Support for Telstra 1.4.2.
ApplyMods can create signed update.zips now, Create_update.bat updated. both using basic ready made scripts in main bin folder instead of creating them on the fly, CR LF issues.
Updated root and unroot scripts, more fool proofing, has to be Bell stock firmware (psneuter doesn't work on telstra).
Includes basic boot animation, and mod for Bell apn on telstra firmware. (Have to reset to default under access point names in settings.)
transparent status bar, yellow tinted white for text color, matches front buttons somewhat.
Version 5.1:
Features:
Works under Linux and Windows 7
Includes root and no ads scripts
Patch system for applying modifications.
What's new:
New scripts for doing mods, fixes issues with patch 9 images.
Updated root and unroot scripts, more fool proofing.
New RestoreSystemPartition script
Custom apktool for more [hopefully] bug free installations.
How to use:
Extract archive, keeping folder structure intact.
run a command prompt/terminal (There is a link to one in the windows folder)
run root.bat or root.sh from the linux or windows folders, depending on which one you are using.
Turn the phone off after that is done and turn it back on again.
The rest of the scripts shouldn't be run with psneuter affecting the phone.
run ApplyMods.bat (.sh) [OPTIONAL] This applies webtop hack and translucent status bar, translucent notification drop down, etc. Select update system.tar.gz.
run install_bell_deodex.bat or .sh
System image of stock Bell.
Mirror of above
Cheers!
Very nice! Looks good!
Will try this when I get home
Sent from my Motorola Olympus
So what is the benefit of this? Will I be able to theme my device with some of the themes that are available? Or should I play it safe and wait for a bell. Sbf to leak before I try anything and brick my phone again lol thanks in advance
EDIT: i see that you have included soft_brick.bat is it the same as this one http://forum.xda-developers.com/showthread.php?t=982859 because that one did not work for me thanks again
Sent from my MB860 using XDA Premium App
cool, i'll try this tomorrow when i don't still have a ****load to do and only 5 hours to sleep
nice to see a Bell dev here!
Also I just wanted to say major props for the crazy awesome idea of doing over-the-air download and installation. Really smart and original.
Atrices, just so you know
NFHimself said:
Hi,
(What is the plural of Atrix?)
Click to expand...
Click to collapse
Can I run this on my mac? Sorry relatively new to adb
Sent from my Motorola Olympus
you could run it on a mac, just had to edit the script a bit.
Hi,
So what is the benefit of this? Will I be able to theme my device with some of the themes that are available? Or should I play it safe and wait for a bell. Sbf to leak before I try anything and brick my phone again lol thanks in advance
Click to expand...
Click to collapse
I wouldn't try theming with ATT files, I would take what was done to them and apply them myself to the deodexed files here. There may or may not be differences that are not obvious. I am never really sure if there is any benefit to this stuff, it's fun to do, about it.
EDIT: i see that you have included soft_brick.bat is it the same as this one http://forum.xda-developers.com/showthread.php?t=982859 because that one did not work for me thanks again
Click to expand...
Click to collapse
The soft_brick.bat script is specific to the folders I am using for transferring data to /system/app and /system/framework. It tries to get root via psneuter, mounts system read write, deletes dalvik-cache files, and tries to copy the files already on the phone to the right folders. It could be that just one file caused the phone to crash mid copy and copying it again will fix things. This avoids trying to do a usb data transfer of all the files which you don't have time to do otherwise. I was also thinking that install-recovery.sh would be a good place to do this, (and then clobber it later with the init.d hack) but I couldn't find setprop and I wasn't in need enough to select a file to use as a semaphore.
Can I run this on my mac? Sorry relatively new to adb
Click to expand...
Click to collapse
It would be easier to do it all from a sh script really, and that would likely be more compatible with a Mac.
Also I just wanted to say major props for the crazy awesome idea of doing over-the-air download and installation. Really smart and original.
Click to expand...
Click to collapse
Thanks!
Cheers!
maledyris said:
Atrices, just so you know
Click to expand...
Click to collapse
Thanks, a lot, really, 10 chars..
How do I recover from a softbrick from this? Thanks.
Before anything is done, all the files are extracted to /data/local/tmp/app and /data/local/tmp/framework. If you run into problems put the phone into fastboot/early usb enumeration mode (see here) and run soft_brick.bat (.sh for linux)
Quote:
A soft brick, in this case, is when you make a bad edit to your framework files and the phone won't fully boot and starts flashing a red LED at you.
There is one catch, you only get about 1-2min to do all of this before the phone reboots on its own. If that happens, do SuperOneClick steps again and continue where you left off. Better yet, build a script to do it all for you
Power off your device
Enter Fastboot:
Hold Volume down + power until you see Fastboot at the top left
Use volume down to scroll down to "Early USB Enumeration" (only shows one item at a time, if you pass it, keep going down, up selects)
Press Volume up to select
This is the message I get when i run the batch file.
This is of course when invoking Early USB Enumeration.
Wait for the count down to finish ...
'TIMEOUT' is not recognized as an internal or external command,
operable program or batch file.
clearing Dalvik cache..
rm failed for /data/dalvik-cache/[email protected]*.dex, No such file or directory
rm failed for /data/dalvik-cache/[email protected]*.dex, No such file or director
y
rm failed for /data/dalvik-cache/[email protected]*.odex, No such file or directory
rm failed for /data/dalvik-cache/[email protected]*.odex, No such file or directo
ry
reinstalling apps
cp: cannot stat '/data/local/tmp/app/*': No such file or directory
reinstalling framework..
cp: cannot stat '/data/local/tmp/framework/*': No such file or directory
done.
The timeout message means you are running a version of windows without timeout, see adeo thread.
The lines for rm just mean there are no files to delete in the Dalvik-cache, which is normal, you should see that the second time around.
The cp lines are saying that there are no files in /data/local/tmp/app (/framework).
So, that's unusual, in order to get soft bricked using my script you would to have copied files from /data/local/tmp to /system, and if you are bricked would be unable to delete the files afterword.
sequence:
cd /system
cp /data/local/tmp/app/* app/
sync
reboot now
**brick**
So, how are the /data/local/tmp/app files being deleted?
No clue. I'm not sure what to do here? Is my phone permanently bricked? Any other way to recover from this? The one thing that could have gone wrong is I tried installing from my behind my works firewall. Maybe I could not download the proper files.
No, you are soft bricked, you only made a change (that I know of) in system files.
Were you rooted before you tried this?
If you copy the soft_brick.bat files and change the last line to be adb.exe shell ls -R /data/local/tmp, what do you get?
Basically, it sounds like to need to get the files copied over to data/local/tmp, how they are missing/inaccessible is odd. So, create a script to copy the files over bit by bit, might take a while but it should be able to be done.
EDIT:
Do this:
from command prompt:
adb.exe shell ./data/local/tmp/psneuter
wait a few seconds
type this:
adb shell ls -l -R /data/local/tmp
if psneuter fails, it isn't in /data/local/tmp, which is also odd.
I was rooted before this. So I should attempt all these commands while Early USB Enumeration right? That doesn't give me much time Lol.
OK, here's the output.
C:\bell_deodex>adb.exe shell ./data/local/tmp/psneuter
* daemon not running. starting it now on port 5037 *
* daemon started successfully *
property service neutered.
killing adbd. (should restart in a second or two)
C:\bell_deodex>adb shell ls -l -R /data/local/tmp
/data/local/tmp:
-rwxr-xr-x root root 585731 2011-01-09 02:02 psneuter
-rw-r--r-- mot_tcmd mot_tcmd 4 2011-03-30 21:00 ap_tcmd.pid
C:\bell_deodex>^A
And sorry to be a pain. How would I create the script? What are the files that need to be copied? Are they included in your script?
I'm just sayin' I hope that we get to see some love and get the CM9 rom for the OB. I would really like to get ICS before the middle of next year. Is there somewhere we can put in some kind of request? or is there a way to use an existing CM9 build to port it to the OB using something from a CM7 build? I've had the phone for about 5 months and getting tired of running 2.2 Froyo just still debating whether to take the plunge and root and put on CM7 or wait it out a little longer. I really have never messed with an android phone before but I read alot on the forum and it seems relatively easy to get the CM7 on there just afraid to root and lose my warranty and something break lol.
Just hack away, don't worry about your warranty. You might get your phone stuck in a bootloop, i've done that several times already, lol. It sucks when it happens, but you can always connect it to your windows pc and restore it to factory settings, unrooted and everything. No one will ever know your phone was rooted
And just to add something, if you can install Android SDK on your computer, you can use ADB Reboot Recovery (if you put recovery on your phone of course). It save me great time.
Sent from my LG-P970 using xda premium
how do u restore the phone? if I know I can unroot it and it won't affect my warrenty ill do it lol I have v10a and have never been able to update higher then that. do I use gingerbreak and the app says it can unroot? like I said if I can unroot it and keep warrenty ill do it
Sent from my LG-P970g using xda premium
I would like Sobralobo to elaborate what he is talking about, sounds like it could save some time after a screwup. However, no matter the condition of your software, you can remove battery, hold vol+ and connect the microusb to your pc. On your pc, you run a LG app, input your imei, and the app will identify your device. It will also tell you if a new software is available. Even if it says it isn't, you can click Options > Recovery (or something like that, i write from my own memory now), and force a update. I'm also pretty sure you'll get V10d or V10e if you do. This process equals to format you phone and install everything from scratch, the way LG intended it to be. All of your personal stuff will be gone, all apps etc. (Obviously, not the stuff you got stored on your sd card, and apps you already bought are linked to your google account and will always follow you
Gingerbreak works for V10a/b afaik, if you get V10c/d/e, you can use this method:
xantaro said:
I got the EU Version of 10c rootet with this method:
1. Download and start SuperoneClick 1.9.5, click Shell Root
2. When it hangs up on a black CMD windows, close this Window. (You should have Shell Root now)
3. Unpack the attached File in your ADB Folder.
4. open a Command Prompt and enter "adb push su /tmp/" & adb push superuser.apk /tmp/"
5. Type "adb shell" ( When Shellroot worked, you should se a "#" on the shell
6. Enter the following commands in shell:
Code:
mount -o rw,remount -t ext3 /dev/block/mmcblk0p8 /system
cat /tmp/su > /system/bin/su
cat /tmp/superuser.apk > /system/app/Superuser.apk
chown root.root /system/bin/su
chmod 06755 /system/bin/su
chown root.root /system/app/Superuser.apk
chmod 0644 /system/app/Superuser.apk
reboot
7. The Phone will now reboot, after reboot it´s rooted again
Click to expand...
Click to collapse
hulkhaugen said:
I would like Sobralobo to elaborate what he is talking about, sounds like it could save some time after a screwup. However, no matter the condition of your software, you can remove battery, hold vol+ and connect the microusb to your pc. On your pc, you run a LG app, input your imei, and the app will identify your device. It will also tell you if a new software is available. Even if it says it isn't, you can click Options > Recovery (or something like that, i write from my own memory now), and force a update. I'm also pretty sure you'll get V10d or V10e if you do. This process equals to format you phone and install everything from scratch, the way LG intended it to be. All of your personal stuff will be gone, all apps etc. (Obviously, not the stuff you got stored on your sd card, and apps you already bought are linked to your google account and will always follow you
Gingerbreak works for V10a/b afaik, if you get V10c/d/e, you can use this method:
Click to expand...
Click to collapse
What Sobralobo said is that just installing Android SDK (Search Google and you get more thousands of tutorials to install SDK and everything you need. Even in O Black section I think there is one with Black drivers and all. Maybe is this one.) you can use "adb reboot recovery" when your Black is in a bootloop or whatever, then you just flash/restore and you are done way faster than reflashing stock firmware. And in certain occasions (for example when you have a certain ROM and you try to flash a modded file in flashable zip that breaks it, you can just flash your ROM without wipe just to fix it and you lose nothing).
PS: You don't even need SDK. There are standalone adb packages, and with LG Black drivers, you can do the same.
This is needed when you mess up with the phone testing all the freaking day like I used to and many others do now.
OK, cool. I'm using adb for rooting and pull/push framework-res.apk and other small mods, didn't know it was compatible with nandroid backups. That can save me a lot of time and trouble next time i mess it up
hulkhaugen said:
OK, cool. I'm using adb for rooting and pull/push framework-res.apk and other small mods, didn't know it was compatible with nandroid backups. That can save me a lot of time and trouble next time i mess it up
Click to expand...
Click to collapse
Well, not directly related to nandroid backups. Just do "adb reboot recovery" (without the "") when you are in trouble. Depending on the situation you will have to input that many times (up arrow and enter fast and many times) if it's bootlooping to find the proper moment when the phone actually receives the command, but it's easy. Once in recovery, you do what you need to do.
aha. so i suppose it won't work with stock bootloader, since LG says "ERROR, LG Security team!!". Still neat that i can restore my backup from bootloader
hulkhaugen said:
aha. so i suppose it won't work with stock bootloader, since LG says "ERROR, LG Security team!!". Still neat that i can restore my backup from bootloader
Click to expand...
Click to collapse
Hmm I think you are partially right. I think in Black bootloader is never changed. When "ERROR, LG Security team!!" is because you really messed up and I believe you have nothing else than flashing. But if you have Clockworkmod recovery (you have if you do nandroid backups), it's worth a try.
I was talking more about bootloops, but maybe when "ERROR, LG Security team!!", if you take the battery off and when put it in again you play with adb reboot recovery, it may work. I can't remember.
antonio1475 said:
Hmm I think you are partially right. I think in Black bootloader is never changed. When "ERROR, LG Security team!!" is because you really messed up and I believe you have nothing else than flashing. But if you have Clockworkmod recovery (you have if you do nandroid backups), it's worth a try.
I was talking more about bootloops, but maybe when "ERROR, LG Security team!!", if you take the battery off and when put it in again you play with adb reboot recovery, it may work. I can't remember.
Click to expand...
Click to collapse
It won't work with adb reboot recovery,I've tried it and failed,won't detect the phone
At least,in my case, it happened when i tried to do a nandroid restore from cm7 to stock (v10a, wiped)
Sent from my heart into yours
Verified Downgraded from ZVA to ZV6 with full root access
LS991 Sprint Only.
QUICK GUIDE & TESTING
(Please read the entire guide before trying anything.)
I nor anyone at XDA is responsible for anything that may happen to your device.
Simply, by taking incentive to change the stock setup provided by the manufacturer for your device; you assume all responsibility for anything that happens.
download LGUP
http://forum.xda-developers.com/g4/help/lgup-install-kdz-mm-lp-t3249803
(Thanks to shakeyabooti)
download LS991ZV6_00.zip and extract to get .tot file with winrar/7zip or any other unzipping program
http://downloads.codefi.re/autoprime/LG/LG_G4/LS991/LS991ZV6/LS991ZV6_00.zip (or google/xda search for mirrors) (Thanks to autoprime)
download LGROOT
http://forum.xda-developers.com/android/development/guide-root-method-lg-devices-t3049772
(Thanks to Unjustified Dev)
download LG Drivers
http://forum.xda-developers.com/android/development/guide-root-method-lg-devices-t3049772 (or google)
(Thanks to Unjustified Dev)
download rootedsystem.ls991.zip and extract to get .img file with winrar/7zip or any other unzipping program
http://forum.xda-developers.com/sprint-g4/general/zv6-root-success-t3205963/page3
(scroll down to parin11's post. #29 and thank you to both parin11 and mswlogo)
-install drivers
-enable oem unlock in developer settings
-plug device in as charge only, switch to mtp to verify drivers are working correctly, then disconnect
--if on mtp then switch to charge only to verify drivers are working correctly, then disconnect
-enable usb debugging
-reconnect and drivers auto install
-disconnect after 2 minutes.
--while you wait;
-for LGUP extract and install _dll version then the second msi.
-for LGROOT extract to a folder to keep things organized
-remove the back cover of your device and leave it off for access to battery pulls.
-power off device
-hold volume up key and plug in your device and keep holding the volume down key until it passes the screen that says download mode.
-open LGUP
-make sure UPGRADE is checked/has a little circle/bullet point
-click in the empty space directly to the right of where it says BIN with the checkmark
-3 dots will appear to the right of the program in the same row that says BIN; which is your browse option
-navigate to LS991ZV6_00.tot and select
-reconfirm your UPGRADE option is checked
-press start and allow the device to fully complete the process.
-your device will boot to the loading screen right before showing the android desktop and "freeze"
-In most if not all new flash scenarios; your device will not boot up until a factory restore and clear cache is done.
-To do this you must simply remove the battery and usb cable from your device AFTER it has hung on the logo for about 3 minutes / 180 seconds.
(Most new devices average a first time boot of up to 150 seconds maximum to be considered fully "loaded")
-With the battery and cable removed; hold the power and volume DOWN button together at the same time.
-insert the battery while holding these buttons together and just wait while holding them and you will see it says booting into recovery.
-once your in the recovery you use the power key to select and the volume keys to navigate.
-navigate to factory restore/reset hit the power button, navigate to "yes" out of all the "no's" and hit the power button again
-it will say its complete and either ask you to go back reboot or return to menu. RETURN TO THE MENU, do not boot up yet.
-Once returned to the main menu you will see it says clear cache. Select and press yes and now you can select reboot; or return to menu then reboot.
Your device will be on ZV6 stock and fully booted after this.
Now this is where it gets kind of odd because my device never actually loaded the rootedsystemls991.img file nor did I run a root script
when attempting to flash it with the steps listed in the other root guides BUT i followed this guide from step one to step 9 (and outlined continuing through the guide)
http://forum.xda-developers.com/android/development/guide-root-method-lg-devices-t3049772
this allowed all the necessary rooting files to be in the places necessary to execute the root but I did one extra step
I did an adb.exe push rootedsystem.ls991.img /data/local/tmp command as well while the device was on the home screen.
This was so I could basically emulate the command listed by |Unjustified Dev| as it also states to do in the ZV5 guide.
So this is what I did,
-After my device booted up and loaded to the home screen on stock zv6, I opened the LGROOT folder
-held shift and clicked "open command prompt here"
-when cmd opened I ran the following command
adb.exe devices
This allowed me to see that my device was connected to the PC with its generated serial number.
-then i ran the following command
adb.exe push busybox /data/local/tmp/ && adb.exe push lg_root.sh /data/local/tmp && adb.exe push UPDATE-SuperSU-v2.46.zip /data/local/tmp
-After this I applied the command to push the .img file to the same location. This was the "emulated command" I spoke of.
adb.exe push rootedsystem.LS991.ZV6.img /data/local/tmp
-I then added the .img file directly to the Internal Storage / Stock Phone MTP storage
-Afterwards I simply powered off my device, removed the usb cable, held the volume up button, then plugged it back in still holding the volume button until
the text download mode was gone again; and no this is not a timing thing im just saying that again incase anyone forgot how to get into download mode. lol.
-I then ran the ports.bat file included in LGROOT to find the COM port drivers.
-Followed up with this command
Send_Command.exe \\.\COM8 (<--Replace number here with the COM port listed for the "DIAG" portion of the device.)
-Now, still in download mode I executed this command about three times with no avail.
dd if=/data/media/0/rootedsystem.LS991.ZV6.img bs=8192 seek=65536 count=557312 of=/dev/block/mmcblk0
(Which by the way I had the file in both the MTP side of root and in the data/local/tmp)
or you could change it to /data/local/tmp/ like
dd if=/data/local/tmp/rootedsystem.LS991.ZV6.img bs=8192 seek=65536 count=557312 of=/dev/block/mmcblk0
This would possibly solve the issue I was having. So you would have root now.
THIS PART REQUIRES TESTING.
BUT continue reading you'll be shocked.
sidenote:
They state that all you have to do is put the .img file into the root of your Internal Storage / Stock Phone MTP storage
and run the command in download mode but this failed when I tried to execute it.
dd if=/data/media/0/rootedsystem.LS991.ZV6.img bs=8192 seek=65536 count=557312 of=/dev/block/mmcblk0
The command above was the command they listed to be able to restore the device from stock to stock with root access. Please note I tried this command while the phone was turned on in debugging with enable oem unlock on, while in download mode and while in recovery mode all with debugging and enable oem unlock checked with either no response / device detected, or attempts causing the command prompt to show the # symbol after a few seconds of executing the line above which shouldn't happen,
since the size of the file is 4GB... The ENTIRE SYSTEM PARITION. -_-. There is a considerable amount of hangtime here is what I'm saying.
If the dd if=/data/media/0/rootedsystem.LS991.ZV6.img bs=8192 seek=65536 count=557312 of=/dev/block/mmcblk0 command worked for you then great, boot up and enjoy root! BUT.
For those who didnt have luck doing so with the command that failed me above, for some odd reason after pushing both the SuperSU bundle and the entire .img file to /data/local/tmp/ with the files in the internal storage /data/media/0/ as well
trying to only execute the command for the .img (/media/0/ not /local/tmp/) | (not the "fixed" command") and NOT for the SuperSU
eg.
-This was for the image which was the only one I used. (USED)
dd if=/data/media/0/rootedsystem.LS991.ZV6.img bs=8192 seek=65536 count=557312 of=/dev/block/mmcblk0
This was for root only which I did not touch. (NOT USED)
sh /data/local/tmp/lg_root.sh dummy 1 /data/local/tmp/UPDATE-SuperSU-v2.46.zip /data/local/tmp/busybox
-This caused the device to simply show the # sign almost immediately as I spoke of above.
-I typed in LEAVE and the device booted back up.
-The odd thing I'm speaking about is when I turned the device back on it showed that SuperSU was installed and was requesting to be "updated".
-I chose normal and it asked for a reboot. Rebooted started back up and it asked for root access when I clicked on it.
-Granted and successful.
-Went to the playstore.
-It said update next to SuperSU which was even odder.
-Clicked it and updated it and it got the latest version, asked for one more reboot, started back up, then I opened the app. Everything was normal.
-Downloaded root checker basic, titanium backup, and greenify immediately.
All passed with flying colors.
-There is an error that pops up in titanium backup regarding adding underscores or slashes into modified file directories for backup purposes assumed but
opening greenify ended up picking up this issue and requesting to fix it.
Why not right?
-Heh. It worked.
I have never experienced this type of latency within programming so this is extremely odd and without executing the SuperSU script command or,
a sucessful flash of the .img it just seems too odd, but; there you have it! All of the mods / developers working on this device I would like to hear
your insight on this.
So you have two options. Follow what I did or test the command with /data/local/tmp/ and try your luck flashing stock with root again or just run the root script on stock instead of trying to flash from stock to stock rooted.
Thank you and enjoy your root!
P.S. I didn't end up experiencing this issue since it works perfectly but in the event that SuperSU does not install after trying to flash the .img and getting
the 2 second delay with the # sign appearing immediately and rebooting after 3 attempts I would have personally tested the original adb SuperSU script command recommended for the ZV5 users
which was listed above and is
sh /data/local/tmp/lg_root.sh dummy 1 /data/local/tmp/UPDATE-SuperSU-v2.46.zip /data/local/tmp/busybox
And for the love of your device. Don't try to update your device from an older version using this method. Ayeeeyiyiy
I will re-test what I stated and make a completely organized guide and video for everyone.
I just wanted to let you all know now to assist the entire community in understanding this device's root process a little more.
Will this work with brand new phone?
This method looks exactly like what I would need if I were to sign up with Sprint and get a brand new G4 from them. I just want to make sure that this method would work on the brand new phone to get root access and possibly flash new ROMs to the device. I have gotten burned before by getting devices that I think would work only to find out I had gotten an unsupported variant. Any knowledge would be greatly appreciated. Thank you.
wow, thanks!
Thanks for all your hard work. This phone has been one of my best and the only thing missing has been root, etc. Chewing over your instructions and thoughts. My confidence level is not quite there to pull the trigger, but i'm getting close. Hoping this is a promising method for those of us on Sprint ZVA. I will continue to do research and watch this thread. Thanks so much for your time, tips and expertise.
brpaaron said:
This method looks exactly like what I would need if I were to sign up with Sprint and get a brand new G4 from them. I just want to make sure that this method would work on the brand new phone to get root access and possibly flash new ROMs to the device. I have gotten burned before by getting devices that I think would work only to find out I had gotten an unsupported variant. Any knowledge would be greatly appreciated. Thank you.
Click to expand...
Click to collapse
As long as its not been updated to zvb. Antirollback implemented on zvb
Still running zv6
I am still running zv6 and never updated. Do I need to update to downgrade to root or can I just skip to after the downgrade?
i am running zv9 i can not stock zv6
I have ZVC can i downgrade to ZV6?
LG G4 LS991.
LG G3 D850 ROM Fulmics 6.6
Recovery TWRP v2.8.7.0 bumped
LS991 ZVD
Hi there does anyone know whether or not it will work on the ls991 zvd update??? Sprint variant
Ls 991 ZVD
Will this method work on ls991 zvd i havent found anything on it
Expo6810 said:
Will this method work on ls991 zvd i havent found anything on it
Click to expand...
Click to collapse
No. Zva or lower. You will brick it.
---------- Post added at 02:28 AM ---------- Previous post was at 02:28 AM ----------
No zva or lower
TheMadScientist420 said:
No. Zva or lower. You will brick it.
---------- Post added at 02:28 AM ---------- Previous post was at 02:28 AM ----------
No zva or lower
Click to expand...
Click to collapse
Is there anything i can do for my zvd
Expo6810 said:
Is there anything i can do for my zvd
Click to expand...
Click to collapse
as far as i know. nothing
new root methods and tweaks come out everyday.
all the good devs as far as i know have stopped developing g4 and moved on due to the locked bootloader d other issues
---------- Post added at 09:24 AM ---------- Previous post was at 09:17 AM ----------
Expo6810 said:
Is there anything i can do for my zvd
Click to expand...
Click to collapse
a root method has been exposed on the g5
intime it may come for the g4 also but not adapted rite now
Expo6810 said:
Is there anything i can do for my zvd
Click to expand...
Click to collapse
Right now i have ZVC software version can i downgrade zv6????
hawzsth said:
Right now i have ZVC software version can i downgrade zv6????
Click to expand...
Click to collapse
no u will brick
TheMadScientist420 said:
no u will brick
Click to expand...
Click to collapse
its already brick any solution...... now its show 9008 no power on ...
hawzsth said:
its already brick any solution...... now its show 9008 no power on ...
Click to expand...
Click to collapse
octoplus box with jtags the only fix
thats a hardbrick
---------- Post added at 08:30 AM ---------- Previous post was at 08:29 AM ----------
Expo6810 said:
Is there anything i can do for my zvd
Click to expand...
Click to collapse
as of rite now no
If I downgrade my zva will it allow me to sim unlock it
Somebody know if can downgrade ZVI to another version
Pls any update on locked bootloader?
Thank you!
Just learned here enough. Thank you!
I just head through UsU thread after reading this; Respectively thanks for the post again! ??