This thread was something , now it is not so please close it !
Ohh , Just found out that I built a universal tutorial i will add it to General android hacking and stuff
Reserved !
seaskyways said:
Ohh , Just found out that I built a universal tutorial i will add it to General android hacking and stuff
Click to expand...
Click to collapse
Theres already a tool out that does this for you :lol
Sent from my HTC Sensation XL with Beats Audio X315e using Tapatalk 2
That tool created by simon , it is only for the MTD based devices , where as this is for the eMMC based devices !
just tried the commands 4a & 4b, dont see anything mentioning mmcblk:
C:\Users\Shami\nb>fastboot oem listpartitions
...
(bootloader) [ERR] Command error !!!
OKAY [ 0.000s]
finished. total time: 0.000s
C:\Users\Shami\nb>fastboot oem boot
...
(bootloader) setup_tag addr=0xC0000100 cmdline add=0x8D0C4094
(bootloader) TAG:Ramdisk OK
(bootloader) TAG:smi ok, size = 0
(bootloader) TAG:hwid 0x0
(bootloader) TAG:skuid 0x2DD01
(bootloader) TAG:hero panel = 0x89003A
(bootloader) TAG:engineerid = 0x1
(bootloader) MCP dual-die
(bootloader) MCP dual-die
(bootloader) TAG:mono-die = 0x0
(bootloader) TAG: PS ID = 0x0
(bootloader) Device CID is not super CID
(bootloader) CID is super CID
(bootloader) Backup CID is HTC__001
(bootloader) setting->cid::HTC__001
(bootloader) serial number: HT1BVVZ03075
(bootloader) commandline from head: no_console_suspend=1
(bootloader) command line length =634
(bootloader) active commandline: board_runnymede.disable_uart2=0 board_ru
(bootloader) nnymede.usb_h2w_sw=0 board_runnymede.disable_sdcard=0 diag.e
(bootloader) nabled=0 board_runnymede.debug_uart=0 smisize=0 userdata_sel
(bootloader) =0 androidboot.emmc=true androidboot.pagesize=4096 skuid=0 d
(bootloader) dt=20 androidboot.lb=1 androidboot.baseband=3822.10.10.12_M
(bootloader) androidboot.cid=HTC__001 androidboot.devicerev=2 androidboo
(bootloader) t.batt_poweron=good_battery androidboot.carrier=HTC-WWE andr
(bootloader) oidboot.mid=PI3920000 androidboot.keycaps=qwerty androidboot
(bootloader) .dq=PASS androidboot.mode=normal androidboot.serialno=HT1BVV
(bootloader) Z03075 androidboot.bootloader=1.25.0004 androidboot.nledhw=0
(bootloader) zygote_oneshot=off kmemleak=off no_console_suspend=1
(bootloader) aARM_Partion[0].name=misc
(bootloader) aARM_Partion[1].name=recovery
(bootloader) aARM_Partion[2].name=boot
(bootloader) aARM_Partion[3].name=system
(bootloader) aARM_Partion[4].name=cache
(bootloader) aARM_Partion[5].name=userdata
(bootloader) aARM_Partion[6].name=devlog
(bootloader) aARM_Partion[7].name=pdata
(bootloader) aARM_Partion[8].name=modem_st1
(bootloader) aARM_Partion[9].name=modem_st2
(bootloader) partition number=10
(bootloader) Valid partition num=10
(bootloader) jump_to_kernel: machine_id(3597), tags_addr(0x14400100), ker
(bootloader) nel_addr(0x14408000)
(bootloader) -------------------hboot boot time:22891 msec
FAILED (status read failed (Too many links))
finished. total time: 10.920s
C:\Users\Shami\nb>
http://forum.xda-developers.com/showthread.php?t=1619986
edit:
Well, I've got some comments on that..
For whom is interested of knowing the OEM commands, in fastboot write "fastboot oem h".
"adb pull /dev/block/"""mmcblock123""" misc.img" won't work as this is a partition, not a folder.
I suggest using this:
Code:
adb shell
su
dd if=/dev/block/mmcblk0p17 of=/sdcard/misc.img
exit
exit
adb pull /sdcard/misc.img misc.img
adb shell rm /sdcard/misc.img
Well, basically, my bootloader is locked, but for some reason, I have "HTCUUpdate", so it's kinda strange.
It would be great if anybody could post his misc.img of his unlocked bootloader so I can compare and tell what's wrong.
Cheers!
Thanks claudenegm ! will add the code !
I doubt if this works, the unlock_status flag is stored in radio NVRAM and what is stored in misc partition is for RUUs to check it.
Since I don't have a locked device, I can't test it but what claudenegm said kinda confirms this.
EDIT
I can confirm patching the misc partition doesn't have any effects on unlock status.
Hi.....seaskyways i am follow the step by step to done it extract misc.img from my htc sensation xl...but i can't get the part,
'9- Around the 10th line you will find at the right HTC.......... , now edit this and type after the C :
U , so that it is HTCU....... , for Unlocking the bootloader .
R , so that it is HTCR....... , for ReLocking the bootloader .
. , that it is HTC....... , for reversing the bootloader to original state ***LOCKED OOW***"
HTCxxxxx.......it is HTC_044,behind HTCU_044?
Sorry that my poor english hope you understand what i ask and thanks for reply ^^
kenny_chai_2071 said:
Hi.....seaskyways i am follow the step by step to done it extract misc.img from my htc sensation xl...but i can't get the part,
'9- Around the 10th line you will find at the right HTC.......... , now edit this and type after the C :
U , so that it is HTCU....... , for Unlocking the bootloader .
R , so that it is HTCR....... , for ReLocking the bootloader .
. , that it is HTC....... , for reversing the bootloader to original state ***LOCKED OOW***"
HTCxxxxx.......it is HTC_044,behind HTCU_044?
Sorry that my poor english hope you understand what i ask and thanks for reply ^^
Click to expand...
Click to collapse
First of all, this method ain't gonna work since the locked flag is stored in Radio NVRAM and what is stored in misc partition is for RUUs.
Second, "OOW" in "LOCKED OOW" means "Out Of Warranty"!
Oh i.c thanks fardjad , it mean it is still need to using Htc Dev to unlocking bootloader for done all?
kenny_chai_2071 said:
Oh i.c thanks fardjad , it mean it is still need to using Htc Dev to unlocking bootloader for done all?
Click to expand...
Click to collapse
If you need warranty, you shouldn't unlock your bootloader at all.
You can also S-OFF your device by flashing unlimited.io HBOOTs. For doing so, you only need to temp-root your device.
There is also a detailed guide in Sensation XL General Section that might help.
Thanks fardjab i am get my devices s-off with every thing.
fardjad said:
First of all, this method ain't gonna work since the locked flag is stored in Radio NVRAM and what is stored in misc partition is for RUUs.
Second, "OOW" in "LOCKED OOW" means "Out Of Warranty"!
Click to expand...
Click to collapse
It worked for me on my previous Wildfire S , all I did is take mtd0 as misc.img , edit it , flash it with flash_image , all done , i have my bootloader Unlocked without HTC ! Anyways it misses alot , I will just delete it ...
seaskyways said:
It worked for me on my previous Wildfire S , all I did is take mtd0 as misc.img , edit it , flash it with flash_image , all done , i have my bootloader Unlocked without HTC ! Anyways it misses alot , I will just delete it ...
Click to expand...
Click to collapse
I didn't mean to offense or anything , just wanted to report that it's not working on SXL and tried to explain why.
I my self really like to try and discuss these things...
And if I were you I'd rather not to delete it. It may be useful for many people in many ways...
Related
Hello,
i need change cid number from HTC__622 to HTC__J15 ...
i follow the instructions applied for Sensation (with adb tools) in windows 7
My incredible s respond to the adb method but give me Error after last step as following:
Code:
Code:
C:\adb>fastboot oem writecid HTC__J15
...
[bootloader] [ERR] Command error !!!
OKAY [ -0.000s]
finished. total time: -0.000s
Any idea PLz???
HTC Incredible S 2.3.3
HBOOT 1.09.1000
AlphaRev S-offed & Rooted
UP
Sent from my HTC Incredible S using XDA Premium App
I am too uninformed to help you so all I can do is give a +1 to help your cause.
Your welcome.
itsbeertimenow said:
I am too uninformed to help you so all I can do is give a +1 to help your cause.
Your welcome.
Click to expand...
Click to collapse
Thank u
up
Sent from my HTC Incredible S using XDA Premium App
any ideas please ???
>>> up <<<
Stop doing that.
we cant do that at this time with the IS we dont have the same amount of access we do on sensation
Thanks..
Sent from my HTC Incredible S using XDA Premium App
See the list of available commands: fastboot oem h
thats all i get when i type in the command fastboot oem h
Code:
C:\adb>fastboot oem h
...
(bootloader) command list
(bootloader) keytest
(bootloader) heap
(bootloader) boot
(bootloader) reset
(bootloader) powerdown
(bootloader) rebootRUU
(bootloader) heap_test
(bootloader) rtask
(bootloader) task
(bootloader) enableqxdm
(bootloader) gencheckpt
(bootloader) list_partition_emmc
(bootloader) load_emmc
(bootloader) check_emmc
(bootloader) check_emmc_mid
(bootloader) read_mmc
(bootloader) get_wp_info_emmc
(bootloader) send_wp_info_emmc
(bootloader) get_ext_csd_emmc
(bootloader) get_sector_info_emmc
OKAY [ 0.031s]
UP
إرسلت من HTC Incredible S باستخدام برنامج XDA Premium App
1) execute:
Code:
dd if=/dev/block/mmcblk0p17 of=/sdcard/cid.img
2) edit cid.img with any hex editor (but don't use notepad or any other text editor)
3) write it back:
Code:
dd if=/sdcard/cid.img of=/dev/block/mmcblk0p17
4) reboot and check. your cid should now be changed.
It worked for me, but I'm not responsible if your device will become a brick (which is unlikely anyway)
Good luck.
NeverGone\RU said:
1) execute:
Code:
dd if=/dev/block/mmcblk0p17 of=/sdcard/cid.img
2) edit cid.img with any hex editor (but don't use notepad or any other text editor)
3) write it back:
Code:
dd if=/sdcard/cid.img of=/dev/block/mmcblk0p17
4) reboot and check. your cid should now be changed.
It worked for me, but I'm not responsible if your device will become a brick (which is unlikely anyway)
Good luck.
Click to expand...
Click to collapse
i try but i get
$ dd if=/dev/block/mmcblk0p17 of=/sdcard/cid.img
dd if=/dev/block/mmcblk0p17 of=/sdcard/cid.img
/dev/block/mmcblk0p17: cannot open for read: Permission denied
moustafatch said:
i try but i get
$ dd if=/dev/block/mmcblk0p17 of=/sdcard/cid.img
dd if=/dev/block/mmcblk0p17 of=/sdcard/cid.img
/dev/block/mmcblk0p17: cannot open for read: Permission denied
Click to expand...
Click to collapse
You need to have a rooted system and running the adb shell as Superuser to issue these commands.
it is temporary or not?
thanks
goki1 said:
it is temporary or not?
thanks
Click to expand...
Click to collapse
On a properly rooted system this would make a permanent change.
I have read about this method causing a USB brick in some cases on other models. Would be interested if anyone has similar issues.
Edit: if you're going to change the Cid might as well supercid it (11111111).
Just a question, can anybody execute this on an XL with unlocked bootloader using HTCDev and tell me the output please?
Code:
fastboot oem h
cause I was wondering, if we can execute this to get S-OFF as the bootloader is unlocked so it may give us more permissions?:
Code:
fastboot oem writesecureflag 0
Just wondering if it asks for SMART_IO.CRD or not
Any idea guys?
About htc sensation xl s-off
hi there if you could write set on teminal app see what is writen ?
turkish0852 said:
hi there if you could write set on teminal app see what is writen ?
Click to expand...
Click to collapse
I don't understand what you mean, can you please say it in a clearer way?
thank you
about s-off sensation xl
sorry about that,there's that app called termanel emulater in the market,I was messing around with it, I wrote ( set ) & it showed lots of data, wich I asked what it realy ment if anything,my phone is HTC sensation xl with beats audio permanetly rooted ,bootloader unlocked, s-on,sorry for sbelling.
---------- Post added at 01:04 AM ---------- Previous post was at 12:53 AM ----------
hope it's something worth looking into,type ( set ) then enter,
turkish0852 said:
sorry about that,there's that app called termanel emulater in the market,I was messing around with it, I wrote ( set ) & it showed lots of data, wich I asked what it realy ment if anything,my phone is HTC sensation xl with beats audio permanetly rooted ,bootloader unlocked, s-on,sorry for sbelling.
---------- Post added at 01:04 AM ---------- Previous post was at 12:53 AM ----------
hope it's something worth looking into,type ( set ) then enter,
Click to expand...
Click to collapse
maybe this can help
Code:
ort PATH=/data/local/bin:$PATH
$ su
# set
ANDROID_ASSETS=/system/app
ANDROID_BOOTLOGO=1
ANDROID_DATA=/data
ANDROID_PROPERTY_WORKSPACE=9,65536
ANDROID_ROOT=/system
ANDROID_SOCKET_zygote=10
ASEC_MOUNTPOINT=/mnt/asec
BOOTCLASSPATH=/system/framework/core.jar:/system/framework/bouncycastle.jar:/system/framework/ext.jar:/system/framework/framework.jar:/system/framework/android.policy.jar:/system/framework/services.jar:/system/framework/core-junit.jar:/system/framework/HTCDev.jar:/system/framework/HTCExtension.jar:/system/framework/com.htc.framework.jar:/system/framework/com.scalado.util.ScaladoUtil.jar:/system/framework/com.orange.authentication.simcard.jar:/system/framework/android.supl.jar:/system/framework/com.ecrio.sip.jar
EXTERNAL_STORAGE=/mnt/sdcard
IFS='
'
LD_LIBRARY_PATH=/vendor/lib:/system/lib
LOOP_MOUNTPOINT=/mnt/obb
OPTIND=1
PATH=/data/local/bin:/sbin:/vendor/bin:/system/sbin:/system/bin:/system/xbin
PS1='# '
PS2='> '
PS4='+ '
TERM=screen
#
turkish0852 said:
sorry about that,there's that app called termanel emulater in the market,I was messing around with it, I wrote ( set ) & it showed lots of data, wich I asked what it realy ment if anything,my phone is HTC sensation xl with beats audio permanetly rooted ,bootloader unlocked, s-on,sorry for sbelling.
---------- Post added at 01:04 AM ---------- Previous post was at 12:53 AM ----------
hope it's something worth looking into,type ( set ) then enter,
Click to expand...
Click to collapse
nicky1980 said:
maybe this can help
Code:
ort PATH=/data/local/bin:$PATH
$ su
# set
ANDROID_ASSETS=/system/app
ANDROID_BOOTLOGO=1
ANDROID_DATA=/data
ANDROID_PROPERTY_WORKSPACE=9,65536
ANDROID_ROOT=/system
ANDROID_SOCKET_zygote=10
ASEC_MOUNTPOINT=/mnt/asec
BOOTCLASSPATH=/system/framework/core.jar:/system/framework/bouncycastle.jar:/system/framework/ext.jar:/system/framework/framework.jar:/system/framework/android.policy.jar:/system/framework/services.jar:/system/framework/core-junit.jar:/system/framework/HTCDev.jar:/system/framework/HTCExtension.jar:/system/framework/com.htc.framework.jar:/system/framework/com.scalado.util.ScaladoUtil.jar:/system/framework/com.orange.authentication.simcard.jar:/system/framework/android.supl.jar:/system/framework/com.ecrio.sip.jar
EXTERNAL_STORAGE=/mnt/sdcard
IFS='
'
LD_LIBRARY_PATH=/vendor/lib:/system/lib
LOOP_MOUNTPOINT=/mnt/obb
OPTIND=1
PATH=/data/local/bin:/sbin:/vendor/bin:/system/sbin:/system/bin:/system/xbin
PS1='# '
PS2='> '
PS4='+ '
TERM=screen
#
Click to expand...
Click to collapse
thanks a lot guys! but unfortunately that's nt what I needed
I wanted to know if executing the command in the first post from your SDK tools will get you S-OFF or not with unlocked bootloader!
bootloader and s-off
hi there again,i exacuted those commands in the first posts the outcome is as follows;
fastboot oem h
...
(bootloader) command list
(bootloader) get_identifier_token
(bootloader) keytest
(bootloader) heap
(bootloader) boot
(bootloader) reset
(bootloader) powerdown
(bootloader) rebootRUU
(bootloader) heap_test
(bootloader) gotohboot
(bootloader) rtask
(bootloader) task
(bootloader) enableqxdm
(bootloader) gencheckpt
(bootloadre) lock
(bootloader) list_partition_emmc
(bootloader) load_emmc
(bootloader) check_emmc
(bootloader) check_emmc_mid
(bootloader) read_mmc
(bootloader) get_wp_info_emmc
(bootloader) send_wp_info_emmc
(bootloader) get_ext_csd_emmc
(bootloader) get_sector_info_emmc
OKAY [ 0.031s]
finished. total time: 0.031s
fastboot oem writesecureflag 0
...
(bootloader) [ERR] Command error !!!
OKAY [ -0.000s]
finished. total time: -0.000s
hope this helps..
bootloader s-off
so any more idea's there,did that help in anyway?
turkish0852 said:
so any more idea's there,did that help in anyway?
Click to expand...
Click to collapse
I'm thinking of something, I dunno
turkish0852 said:
hi there again,i exacuted those commands in the first posts the outcome is as follows;
fastboot oem h
...
(bootloader) command list
(bootloader) get_identifier_token
(bootloader) keytest
(bootloader) heap
(bootloader) boot
(bootloader) reset
(bootloader) powerdown
(bootloader) rebootRUU
(bootloader) heap_test
(bootloader) gotohboot
(bootloader) rtask
(bootloader) task
(bootloader) enableqxdm
(bootloader) gencheckpt
(bootloadre) lock
(bootloader) list_partition_emmc
(bootloader) load_emmc
(bootloader) check_emmc
(bootloader) check_emmc_mid
(bootloader) read_mmc
(bootloader) get_wp_info_emmc
(bootloader) send_wp_info_emmc
(bootloader) get_ext_csd_emmc
(bootloader) get_sector_info_emmc
OKAY [ 0.031s]
finished. total time: 0.031s
fastboot oem writesecureflag 0
...
(bootloader) [ERR] Command error !!!
OKAY [ -0.000s]
finished. total time: -0.000s
hope this helps..
Click to expand...
Click to collapse
thanks a lot, HTC has limited the oem commands on their bootloader :/
can you try this please?
fastboot oem rebootRUU
fastboot oem h
fastboot oem writesecureflag 0
to restart your phone:
fastboot reboot
and copy and paste me the output, thank you
C:\Users\Turkish>fastboot oem rebootRUU
...
(bootloader) erase sector 163328 ~ 163839 (512)
OKAY [ 0.484s]
finished. total time: 0.484s
C:\Users\Turkish>fastboot oem h
...
(bootloader) command list
(bootloader) get_identifier_token
(bootloader) keytest
(bootloader) heap
(bootloader) boot
(bootloader) reset
(bootloader) powerdown
(bootloader) rebootRUU
(bootloader) heap_test
(bootloader) gotohboot
(bootloader) rtask
(bootloader) task
(bootloader) enableqxdm
(bootloader) gencheckpt
(bootloader) lock
(bootloader) list_partition_emmc
(bootloader) load_emmc
(bootloader) check_emmc
(bootloader) check_emmc_mid
(bootloader) read_mmc
(bootloader) get_wp_info_emmc
(bootloader) send_wp_info_emmc
(bootloader) get_ext_csd_emmc
(bootloader) get_sector_info_emmc
OKAY [ 0.031s]
finished. total time: 0.031s
C:\Users\Turkish>fastboot writesecureflag 0
usage: fastboot [ <option> ] <command>
commands:
update <filename> reflash device from update.zip
flashall flash boot + recovery + system
flash <partition> [ <filename> ] write a file to a flash partition
erase <partition> erase a flash partition
getvar <variable> display a bootloader variable
boot <kernel> [ <ramdisk> ] download and boot kernel
flash:raw boot <kernel> [ <ramdisk> ] create bootimage and flash it
devices list all connected devices
continue continue with autoboot
reboot reboot device normally
reboot-bootloader reboot device into bootloader
help show this help message
options:
-w erase userdata and cache
-s <serial number> specify device serial number
-p <product> specify product name
-c <cmdline> override kernel commandline
-i <vendor id> specify a custom USB vendor id
-b <base_addr> specify a custom kernel base address
-n <page size> specify the nand page size. default:
2048
C:\Users\Turkish>fastboot reboot
rebooting...
finished. total time: 0.312s
hope this helps,if anything else please let me know...
turkish0852 said:
C:\Users\Turkish>fastboot oem rebootRUU
...
(bootloader) erase sector 163328 ~ 163839 (512)
OKAY [ 0.484s]
finished. total time: 0.484s
C:\Users\Turkish>fastboot oem h
...
(bootloader) command list
(bootloader) get_identifier_token
(bootloader) keytest
(bootloader) heap
(bootloader) boot
(bootloader) reset
(bootloader) powerdown
(bootloader) rebootRUU
(bootloader) heap_test
(bootloader) gotohboot
(bootloader) rtask
(bootloader) task
(bootloader) enableqxdm
(bootloader) gencheckpt
(bootloader) lock
(bootloader) list_partition_emmc
(bootloader) load_emmc
(bootloader) check_emmc
(bootloader) check_emmc_mid
(bootloader) read_mmc
(bootloader) get_wp_info_emmc
(bootloader) send_wp_info_emmc
(bootloader) get_ext_csd_emmc
(bootloader) get_sector_info_emmc
OKAY [ 0.031s]
finished. total time: 0.031s
C:\Users\Turkish>fastboot writesecureflag 0
usage: fastboot [ <option> ] <command>
commands:
update <filename> reflash device from update.zip
flashall flash boot + recovery + system
flash <partition> [ <filename> ] write a file to a flash partition
erase <partition> erase a flash partition
getvar <variable> display a bootloader variable
boot <kernel> [ <ramdisk> ] download and boot kernel
flash:raw boot <kernel> [ <ramdisk> ] create bootimage and flash it
devices list all connected devices
continue continue with autoboot
reboot reboot device normally
reboot-bootloader reboot device into bootloader
help show this help message
options:
-w erase userdata and cache
-s <serial number> specify device serial number
-p <product> specify product name
-c <cmdline> override kernel commandline
-i <vendor id> specify a custom USB vendor id
-b <base_addr> specify a custom kernel base address
-n <page size> specify the nand page size. default:
2048
C:\Users\Turkish>fastboot reboot
rebooting...
finished. total time: 0.312s
hope this helps,if anything else please let me know...
Click to expand...
Click to collapse
Thank You!
Seems like there is no real way of gaining S-OFF using oem..
I'll get an XL in several days and will see if I can do anything (but I don't really think I'll be able to anyway)!
We'll need to find a signed Engineering hboot that can be flashed to gain S-OFF after that!
Doesn't seem fair from HTC anyway.. They should unlock and S-OFF too in their unlocking process..
it was supposed to be "fastboot oem writesecureflag 0" I wrote it wrong, but anyway, as writesecureflag isn't accessible using oem, so it's useless to try it.
If anybody has any other idea, please share
bootloader and s-off
i exacuted the wright command again "fastboot oem secuerflag 0" but it gave me that same error "bootloader err Command error !!! "
But when i exacuted command " fastboot oem rebootRUU " the sensation xl screen whent black with black and white HTC letters in the midle of the screen,haven't seen that before...
I have XL with bootloader S-Off....tell me please, what I can do, to let you see, what the difference is
bootloader and s-off
icecream 4.0.1 has just been realeased for the sensation xe 1.0 beta version,i'd like to see this rom on the xl,iv had devices with bootloader s-off its bloody fantastic ,all htc's should come with bootloader s-off its a shame,i sapouse it's a waiting game,im shore great minds a working on it, I don't know if the sensation xl came with bootloader s-off in Australia......
jammysunny said:
I have XL with bootloader S-Off....tell me please, what I can do, to let you see, what the difference is
Click to expand...
Click to collapse
Ship s-off or Eng s-off?
ship s-off.....
turkish0852 said:
i exacuted the wright command again "fastboot oem secuerflag 0" but it gave me that same error "bootloader err Command error !!! "
But when i exacuted command " fastboot oem rebootRUU " the sensation xl screen whent black with black and white HTC letters in the midle of the screen,haven't seen that before...
Click to expand...
Click to collapse
yea, it wont work I know!
Its totally normal abt the rebootRUU thing, it just puts the phone in a state that accepts the flashing of any signed (or unsigned I think) images and many other things we may not know! Haha
jammysunny said:
ship s-off.....
Click to expand...
Click to collapse
interesting! may I ask how did you get it?
Would be good to acheive s-off but unlocked bootloader isnt half bad. We have permanent root and at least one custom rom so guess things will get up to speed as more people get the device. Alpha rev should do their thing soon so we can get full control over this device
Sent from my EPAD using xda premium
I got it with it....so, where you can see the difference between a normal and a ship s-offed Bootloader??
tapatraced with Sensation XL
pull the battery and then boot into hboot.Volume down and power.
eng hboot with S-off is hboot version 1.25.2003.
i started, this in the dev section, to have a CLEAN THREAD, with ONLY RELEVANT info.
if mod gives me permission i will clean this thread several times each day (if someone posts nonsense)
FOR DEVS ONLY! theres alot of other threads about this for Q&A etc..
thanks to orb3000 for making it a stickie..
reserved for later
What we got so far:
fastboot oem h
...
(bootloader) command list
(bootloader) get_identifier_token
(bootloader) keytest
(bootloader) heap
(bootloader) boot
(bootloader) reset
(bootloader) powerdown
(bootloader) rebootRUU
(bootloader) heap_test
(bootloader) gotohboot
(bootloader) rtask
(bootloader) task
(bootloader) enableqxdm
(bootloader) gencheckpt
(bootloadre) lock
(bootloader) list_partition_emmc
(bootloader) load_emmc
(bootloader) check_emmc
(bootloader) check_emmc_mid
(bootloader) read_mmc
(bootloader) get_wp_info_emmc
(bootloader) send_wp_info_emmc
(bootloader) get_ext_csd_emmc
(bootloader) get_sector_info_emmc
OKAY [ 0.031s]
finished. total time: 0.031s
fastboot oem writesecureflag 0
...
(bootloader) [ERR] Command error !!!
OKAY [ -0.000s]
finished. total time: -0.000s
Click to expand...
Click to collapse
C:\Users\Turkish>fastboot oem rebootRUU
...
(bootloader) erase sector 163328 ~ 163839 (512)
OKAY [ 0.484s]
finished. total time: 0.484s
C:\Users\Turkish>fastboot oem h
...
(bootloader) command list
(bootloader) get_identifier_token
(bootloader) keytest
(bootloader) heap
(bootloader) boot
(bootloader) reset
(bootloader) powerdown
(bootloader) rebootRUU
(bootloader) heap_test
(bootloader) gotohboot
(bootloader) rtask
(bootloader) task
(bootloader) enableqxdm
(bootloader) gencheckpt
(bootloader) lock
(bootloader) list_partition_emmc
(bootloader) load_emmc
(bootloader) check_emmc
(bootloader) check_emmc_mid
(bootloader) read_mmc
(bootloader) get_wp_info_emmc
(bootloader) send_wp_info_emmc
(bootloader) get_ext_csd_emmc
(bootloader) get_sector_info_emmc
OKAY [ 0.031s]
finished. total time: 0.031s
C:\Users\Turkish>fastboot writesecureflag 0
usage: fastboot [ <option> ] <command>
commands:
update <filename> reflash device from update.zip
flashall flash boot + recovery + system
flash <partition> [ <filename> ] write a file to a flash partition
erase <partition> erase a flash partition
getvar <variable> display a bootloader variable
boot <kernel> [ <ramdisk> ] download and boot kernel
flash:raw boot <kernel> [ <ramdisk> ] create bootimage and flash it
devices list all connected devices
continue continue with autoboot
reboot reboot device normally
reboot-bootloader reboot device into bootloader
help show this help message
options:
-w erase userdata and cache
-s <serial number> specify device serial number
-p <product> specify product name
-c <cmdline> override kernel commandline
-i <vendor id> specify a custom USB vendor id
-b <base_addr> specify a custom kernel base address
-n <page size> specify the nand page size. default:
2048
C:\Users\Turkish>fastboot reboot
rebooting...
finished. total time: 0.312s
Click to expand...
Click to collapse
We have tested to do these commands on the s-offed device of jammysunny.
cd/
cd SDK
cd platform-tools
adb devices
adb shell
su
dd if=/dev/block/mmcblk0p18 of=/sdcard/backup.img
This worked successfully and we got an hboot.img file of his Device on the SD.
On the next step i tried to install his s-off hboot.img to my s-on device with the following commands:
cd/
cd SDK
cd platform-tools
adb devices
adb shell
su
dd if=/sdcard/hboot.img of=/dev/block/mmcblk0p18
This worked successfully too, but my bootloader is the same as before. Its s-on
Click to expand...
Click to collapse
hboot is useless from S-off device, as our bootloaders are unlocked.
What needs to be done is: get rid of Nand write protection, so we can flash radio's
Click to expand...
Click to collapse
Stickied, thanks!
waiting boot.img s-off
Im pretty sure s-off invokves the security flag on hboot not the boot.img
Sent from my HTC Sensation XL with Beats Audio X315b using XDA
Hi booyaga,
where I can find the s-off hboot.img file ?
thanks.
bye
Would love to see s-off lol
not sure if this can help...but my desire was s-off using alpharev
http://alpharev.nl/
maybe they can give some info ...?!?
with kind regards
It would be great to get alpharev on board. Seems everyone is neglecting our xl lol.
Sent from my GT-N7000 using xda premium
shingers5 said:
It would be great to get alpharev on board. Seems everyone is neglecting our xl lol.
Sent from my GT-N7000 using xda premium
Click to expand...
Click to collapse
yep...if they dont want or do it (if we ask) maybe we can give a bit support...real s-off is nice...
Alex-V said:
yep...if they dont want or do it (if we ask) maybe we can give a bit support...real s-off is nice...
Click to expand...
Click to collapse
Willing to donate if needs be.
Sent from my GT-N7000 using xda premium
shingers5 said:
Willing to donate if needs be.
Sent from my GT-N7000 using xda premium
Click to expand...
Click to collapse
i also
with kind regards
Setting up a S-OFF donation thread to see who wants to donate and how much, might trigger there interest.
This is been seen on many dev treads, and can run up to few hundrerd euros
DutchDanny said:
Setting up a S-OFF donation thread to see who wants to donate and how much, might trigger there interest.
This is been seen on many dev treads, and can run up to few hundrerd euros
Click to expand...
Click to collapse
yea but not many devs even looking at xl and dont wanna line someones pocket who doesnt deliver!
shingers5 said:
yea but not many devs even looking at xl and dont wanna line someones pocket who doesnt deliver!
Click to expand...
Click to collapse
Guide them to the thread, and money will only be deliverd when s-off is deleverd
iḿ for that what DutchDanny says...and want give 20€ for s-off...who go with me...???!!!!!!!???!!
with kind regards
Alex-V said:
iḿ for that what DutchDanny says...and want give 20€ for s-off...who go with me...???!!!!!!!???!!
with kind regards
Click to expand...
Click to collapse
im in, with 10
DutchDanny said:
Guide them to the thread, and money will only be deliverd when s-off is deleverd
Click to expand...
Click to collapse
cool I shall donate soon as with 20 when needs be
Sent from my GT-N7000 using xda premium
30
Just because I want to learn more on this device and it will make life much easier!
Nice to See Some ideas, but Please make a bounty thread as its not really related to Development progress.
Sent from my HTC Sensation XL with Beats Audio X315e using xda premium
Device is stuck in fastboot mode
screen shows
Device is LOCKED: Status code: 0
IMEI : 00000000000
SKU: 00000
Serial number shows values
Date being shown as 01-01-1970
Bootloader logs shows
fastboot reason: failed to initialize partition table
any advise on how to recover from this?
Fastboot erase userdata plus cache
Sent from my Nexus 6 using XDA-Developers mobile app
get error on erase
MacBook-Pro:~ user$ fastboot devices -l
994f3b10 fastboot usb:337641472X
MacBook-Pro:~ user$ fastboot erase cache
erasing 'cache'...
(bootloader) Invalid partition name cache
FAILED (remote failure)
finished. total time: 0.067s
MacBook-Pro:~ user$ fastboot erase userdata
erasing 'userdata'...
(bootloader) Invalid partition name userdata
FAILED (remote failure)
finished. total time: 0.066s
MacBook-Pro:~ user$
fastboot flash bootloader. Are you trying to flash N Preview?
reagan1998 said:
fastboot flash bootloader. Are you trying to flash N Preview?
Click to expand...
Click to collapse
my device was running fine with 5.1 and not sure what caused to get into this stuck where its stuck in fastboot boot
i am just trying to flash factory images from https://developers.google.com/android/nexus/images#shamu
Given the suddenness of your problem as well as the symptoms, I believe the internal memory has failed, meaning a service call. However, I hope I'm wrong.
Regardless, flashing factory images won't work because your bootloader is locked. Assuming this is a software issue you may be able to restore the system by sideloading the Android N OTA through recovery. If you can successfully do that, head to Developer Options in the N preview and enable OEM unlock. From there, unlock the bootloader, so you can flash factory images.
Strephon Alkhalikoi said:
Given the suddenness of your problem as well as the symptoms, I believe the internal memory has failed, meaning a service call. However, I hope I'm wrong.
Regardless, flashing factory images won't work because your bootloader is locked. Assuming this is a software issue you may be able to restore the system by sideloading the Android N OTA through recovery. If you can successfully do that, head to Developer Options in the N preview and enable OEM unlock. From there, unlock the bootloader, so you can flash factory images.
Click to expand...
Click to collapse
- I read some threads on sideload, they need device booted with adb access, since mine is stuck in fastboot, i don't have access to device via adb, would side load still work?
- still looking for zip for side load for nexus 6, if you have pointer for it, please let me know
To sideload the Android N OTA, which is the only thing that will help you here, you need to be able to get into recovery and set the recovery to adb sideload mode. If you cannot get into recovery, you definitely have a hardware problem and will need to get the internal storage chip replaced. As for the Android N OTA zip, check in the General subforum. Of course you could also simply do a quick Google search for "Android N OTA Brick" and get to Google's page of OTA zips that way.
Strephon Alkhalikoi said:
To sideload the Android N OTA, which is the only thing that will help you here, you need to be able to get into recovery and set the recovery to adb sideload mode. If you cannot get into recovery, you definitely have a hardware problem and will need to get the internal storage chip replaced. As for the Android N OTA zip, check in the General subforum. Of course you could also simply do a quick Google search for "Android N OTA Brick" and get to Google's page of OTA zips that way.
Click to expand...
Click to collapse
Android N has a new bootloader, so sideloading it will probably make the device not boot into Android.
---------- Post added at 08:24 PM ---------- Previous post was at 08:23 PM ----------
Have you tried flashing a TWRP recovery and maybe flashing a custom ROM to see if it is a storage issue? This phone is not even two years old, it should not be having internal storage issues.
The Android N OTA I'm talking about includes the bootloader, as it is a full system image. Flashing TWRP will not work as the device has a locked bootloader. But since the device apparently has no partitions at all, the exercise I believe is moot. This is a hardware issue.
Run 'fastboot format cache' and 'fastboot format userdata', then run the most holy words in android 'fastboot oem unlock'. Check this: http://forum.xda-developers.com/nexus-6/help/solution-stuck-bootloop-locked-t3053783 it really helped me out of a deep hole.
The only way that will work is if the OP enabled OEM Unlocking in Developer Options prior to the device forgetting its partitions. I hope he did, as having the option enabled doesn't affect the ability to get OTAs from Google. If however his device's EMMC chip failed as I believe, it won't help him resolve this issue.
reagan1998 said:
Run 'fastboot format cache' and 'fastboot format userdata', then run the most holy words in android 'fastboot oem unlock'. Check this: http://forum.xda-developers.com/nexus-6/help/solution-stuck-bootloop-locked-t3053783 it really helped me out of a deep hole.
Click to expand...
Click to collapse
apologies for delayed response, i didn't realize there was second page in replies and you guys are still trying to help
here is outout
sh-3.2# fastboot devices
994f3b10 fastboot
sh-3.2# fastboot format cache
Formatting is not supported for filesystem with type ''.
sh-3.2# fastboot oem unlock
...
(bootloader) Check 'Allow OEM Unlock' in Developer Options.
FAILED (remote failure)
finished. total time: 0.002s
sh-3.2# fastboot getvar all
(bootloader) version: 0.5
(bootloader) version-bootloader: moto-apq8084-71.08(*)
(bootloader) product: shamu
(bootloader) board: shamu
(bootloader) secure: yes
(bootloader) hwrev: 0x83A0
(bootloader) radio: 0x6
(bootloader) emmc: 32GB Sandisk REV=07 PRV=01 TYPE=57
(bootloader) ram: 3072MB Elpida S8 SDRAM DIE=6Gb
(bootloader) cpu: APQ8084 ES1.1
(bootloader) serialno: 994f3b10
(bootloader) cid: 0xFFFF
(bootloader) channelid: 0xDEAD
(bootloader) uid: 7858B30111000000000000000000
(bootloader) unlocked: Not supported
(bootloader) iswarrantyvoid: Not supported
(bootloader) mot_sst: 8
(bootloader) max-download-size: 536870912
(bootloader) reason: Failed to initialize partition table
(bootloader) imei: 000000000000000
(bootloader) meid:
(bootloader) date: 01-01-1970
(bootloader) sku: 000000000000000
(bootloader) iccid:
(bootloader) cust_md5:
(bootloader) max-sparse-size: 268435456
(bootloader) current-time:
(bootloader) ro.build.fingerprint:
(bootloader) ro.build.version.full:
(bootloader) ro.build.version.qcom:
(bootloader) version-baseband:
(bootloader) kernel.version:
(bootloader) sdi.git: sdi.git
(bootloader) sbl1.git: sbl1.git
(bootloader) rpm.git: rpm.git
(bootloader) tz.git: tz.git
(bootloader) aboot.git: git=MBM-NG-V71.08-0-g32b8854
(bootloader) qe:
(bootloader) ro.carrier:
all: listed above
finished. total time: 0.040s
sh-3.2#
If it's failing to initialize the partition table, there's nothing you can do here. It needs to go to Motorola for warranty service.
EDIT: How I can tell? The date was set to 1/1/70. That's the beginning date of the Unix clock, which means something got screwed up internally. That plus the lost IMEI and the failure of the device to find its partitions means a bad device.
Sorry to be the bearer of bad news here, but this isn't something software can fix.
Strephon Alkhalikoi said:
If it's failing to initialize the partition table, there's nothing you can do here. It needs to go to Motorola for warranty service.
EDIT: How I can tell? The date was set to 1/1/70. That's the beginning date of the Unix clock, which means something got screwed up internally. That plus the lost IMEI and the failure of the device to find its partitions means a bad device.
Sorry to be the bearer of bad news here, but this isn't something software can fix.
Click to expand...
Click to collapse
Thanks for looking in, warranty must be void since i had open the back cover .
EDIT: Bad advice given.
Strephon Alkhalikoi said:
I would try anyway. The worst that will happen is they will want to charge you.
Click to expand...
Click to collapse
Which is considered fraud and not condoned by xda.
@zelendel: Echh. I'm not looking to get myself or XDA in trouble. I'll edit my post appropriately. Thank you for the reminder.
Strephon Alkhalikoi said:
@zelendel: Echh. I'm not looking to get myself or XDA in trouble. I'll edit my post appropriately. Thank you for the reminder.
Click to expand...
Click to collapse
Not a worry. I know a lot of people advise it but we don't condone it. This is why the disclosure in the OP of every rom thread. We accept what we do might mean killing our device and having to buy a new one. It's a risk of the hobby.
Just got a used xz1 compact. I've been rooting and flashing android phones for years, so I'm not a total noob. Nevertheless, I find myself a bit stuck on an issue I've never experienced before.
So, first step to me was to unlock the bootloader so that i can flash twrp and the unofficial lineage 16 from modpunk. So I do the usual thing of getting the code from the sony website, opening the dev-settings in the stock android and clicking "allow unlock", rebooting to fastboot mode and then:
Code:
$ fastboot oem unlock 0xCODEHERE
Well, so I didn't get what I expected. Instead of a success message, I got a message that said "command failed". But then, on a subsequent try, I got the message "already unlocked". Then, I tried a reboot, and I see a warning screen saying "device cannot be checked for for corruption, please lock bootloader". Then it enters the Xperia splash screen and never progresses. Well, that's not too big of an issue since I don't really want the stock ROM anyway. So I go ahead and try to flash twrp (modpunk's version for xz1 compact) and I get:
Code:
$ fastboot flash -v recovery twrp-3.3.1-0-lilac-pie-5.img
fastboot: verbose: target didn't report max-download-size
Sending 'recovery' (34548 KB) FAILED (remote: 'unknown command')
fastboot: error: Command failed
So that's a bit discouraging. I also tried to see what I could find with "fastboot getvar all", and I was surprised that I couldn't even get any debugging info. The `devices` command seems normal, tho:
Code:
$ fastboot devices
XXXXXXXXX fastboot
$ fastboot getvar all
getvar:all FAILED (remote: 'GetVar Variable Not found')
Finished. Total time: 0.002s
Also related, I tried the sony flashtool, which I'm already familiar with because my old phone is a Z3 Compact (see, not my first rodeo). When I try to connect in fastboot mode with flashtool, the flashtool menu says "device connected in fastboot mode" followed immediately by "device disconnected". I notice that in the stderr from flashtool there's a message from libusb which is associated:
Code:
libusb_get_string_descriptor_ascii : I/O Errors
So, that's not encouraging. So, I wonder if the unlocking command ended up failing in a partially done way, leaving things broken. Let me know if you have ideas on what I might try next. One other note, I'm using the same laptop and usb ports that have worked in the past for flashing my z3 compact. The cable is a bit of an unknown though. I'm using the usb->usbc cable that came with the phone. But I've also just tried some of other usb cables I have around the house with an adapter for usbc.
A heads up, I'm on linux with no Windows machine available. I'm technically competent and I'd prefer detailed hypotheses to "try x". But I'm all ears. Anyone have ideas?
-----
Update:
I realized that there was a chance at least some of my issue was due to usb-c support in my kernel. So I built a 5.0 kernel and rebooted. The nice thing is that now `fastboot getvar all` is working. That's very encouraging. Here are the details:
Code:
(bootloader) hw-revision:20001
(bootloader) unlocked:yes
(bootloader) off-mode-charge:0
(bootloader) charger-screen-enabled:0
(bootloader) battery-soc-ok:yes
(bootloader) battery-voltage:4269
(bootloader) version-baseband:1308-8921_47.2.A.10.107
(bootloader) version-bootloader:1306-5035_X_Boot_MSM8998_LA2.0_P_114
(bootloader) erase-block-size: 0x1000
(bootloader) logical-block-size: 0x1000
(bootloader) variant:MSM UFS
(bootloader) partition-type:xblbak:raw
(bootloader) partition-size:xblbak: 0x3F5000
(bootloader) partition-type:xbl:raw
(bootloader) partition-size:xbl: 0x3F5000
(bootloader) partition-type:userdata:ext4
(bootloader) partition-size:userdata: 0x587D76000
(bootloader) partition-type:system:ext4
(bootloader) partition-size:system: 0x138800000
(bootloader) partition-type:vendor:raw
(bootloader) partition-size:vendor: 0x60000000
(bootloader) partition-type:oem:raw
(bootloader) partition-size:oem: 0x19000000
(bootloader) partition-type:rdimage:raw
(bootloader) partition-size:rdimage: 0x2000000
(bootloader) partition-type:fsmetadata:raw
(bootloader) partition-size:fsmetadata: 0x101000
(bootloader) partition-type:Qnovo:raw
(bootloader) partition-size:Qnovo: 0x1800000
(bootloader) partition-type:diag:raw
(bootloader) partition-size:diag: 0x2000000
(bootloader) partition-type:appslog:raw
(bootloader) partition-size:appslog: 0x1000000
(bootloader) partition-type:vbmeta:raw
(bootloader) partition-size:vbmeta: 0x10000
(bootloader) partition-type:frp:raw
(bootloader) partition-size:frp: 0x80000
(bootloader) partition-type:keystore:raw
(bootloader) partition-size:keystore: 0x80000
(bootloader) partition-type:misc:raw
(bootloader) partition-size:misc: 0x100000
(bootloader) partition-type:cache:ext4
(bootloader) partition-size:cache: 0x17C00000
(bootloader) partition-type:ssd:raw
(bootloader) partition-size:ssd: 0x2000
(bootloader) partition-type:fsc:raw
(bootloader) partition-size:fsc: 0x1000
(bootloader) partition-type:modemst2:raw
(bootloader) partition-size:modemst2: 0x200000
(bootloader) partition-type:modemst1:raw
(bootloader) partition-size:modemst1: 0x200000
(bootloader) partition-type:ddr:raw
(bootloader) partition-size:ddr: 0x100000
(bootloader) partition-type:FOTAKernel:raw
(bootloader) partition-size:FOTAKernel: 0x4000000
(bootloader) partition-type:logfs:raw
(bootloader) partition-size:logfs: 0x800000
(bootloader) partition-type:toolsfv:raw
(bootloader) partition-size:toolsfv: 0x100000
(bootloader) partition-type:limits:raw
(bootloader) partition-size:limits: 0x1000
(bootloader) partition-type:splash:raw
(bootloader) partition-size:splash: 0x20A4000
(bootloader) partition-type:dpo:raw
(bootloader) partition-size:dpo: 0x1000
(bootloader) partition-type:msadp:raw
(bootloader) partition-size:msadp: 0x40000
(bootloader) partition-type:apdp:raw
(bootloader) partition-size:apdp: 0x40000
(bootloader) partition-type:bluetooth:raw
(bootloader) partition-size:bluetooth: 0x100000
(bootloader) partition-type:boot:raw
(bootloader) partition-size:boot: 0x4000000
(bootloader) partition-type:dsp:raw
(bootloader) partition-size:dsp: 0x1000000
(bootloader) partition-type:modem:raw
(bootloader) partition-size:modem: 0x6E00000
(bootloader) partition-type:sec:raw
(bootloader) partition-size:sec: 0x4000
(bootloader) partition-type:fsg:raw
(bootloader) partition-size:fsg: 0x180000
(bootloader) partition-type:persist:raw
(bootloader) partition-size:persist: 0x2000000
(bootloader) partition-type:xflkeystorebak:raw
(bootloader) partition-size:xflkeystorebak: 0x20000
(bootloader) partition-type:xflkeystore:raw
(bootloader) partition-size:xflkeystore: 0x20000
(bootloader) partition-type:tzxflbak:raw
(bootloader) partition-size:tzxflbak: 0x80000
(bootloader) partition-type:tzxfl:raw
(bootloader) partition-size:tzxfl: 0x80000
(bootloader) partition-type:tzxflattestbak:raw
(bootloader) partition-size:tzxflattestbak: 0x80000
(bootloader) partition-type:tzxflattest:raw
(bootloader) partition-size:tzxflattest: 0x80000
(bootloader) partition-type:xflbak:raw
(bootloader) partition-size:xflbak: 0x1E00000
(bootloader) partition-type:xfl:raw
(bootloader) partition-size:xfl: 0x1E00000
(bootloader) partition-type:storsecbak:raw
(bootloader) partition-size:storsecbak: 0x20000
(bootloader) partition-type:storsec:raw
(bootloader) partition-size:storsec: 0x20000
(bootloader) partition-type:devcfgbak:raw
(bootloader) partition-size:devcfgbak: 0x20000
(bootloader) partition-type:devcfg:raw
(bootloader) partition-size:devcfg: 0x20000
(bootloader) partition-type:sti:raw
(bootloader) partition-size:sti: 0x200000
(bootloader) partition-type:cmnlib64bak:raw
(bootloader) partition-size:cmnlib64bak: 0x80000
(bootloader) partition-type:cmnlib64:raw
(bootloader) partition-size:cmnlib64: 0x80000
(bootloader) partition-type:cmnlibbak:raw
(bootloader) partition-size:cmnlibbak: 0x80000
(bootloader) partition-type:cmnlib:raw
(bootloader) partition-size:cmnlib: 0x80000
(bootloader) partition-type:keymasterbak:raw
(bootloader) partition-size:keymasterbak: 0x80000
(bootloader) partition-type:keymaster:raw
(bootloader) partition-size:keymaster: 0x80000
(bootloader) partition-type:devinfo:raw
(bootloader) partition-size:devinfo: 0x1000
(bootloader) partition-type:ablbak:raw
(bootloader) partition-size:ablbak: 0x180000
(bootloader) partition-type:abl:raw
(bootloader) partition-size:abl: 0x180000
(bootloader) partition-type:pmicbak:raw
(bootloader) partition-size:pmicbak: 0x80000
(bootloader) partition-type:pmic:raw
(bootloader) partition-size:pmic: 0x80000
(bootloader) partition-type:hypbak:raw
(bootloader) partition-size:hypbak: 0x80000
(bootloader) partition-type:hyp:raw
(bootloader) partition-size:hyp: 0x80000
(bootloader) partition-type:tzbak:raw
(bootloader) partition-size:tzbak: 0x200000
(bootloader) partition-type:tz:raw
(bootloader) partition-size:tz: 0x200000
(bootloader) partition-type:rpmbak:raw
(bootloader) partition-size:rpmbak: 0x80000
(bootloader) partition-type:rpm:raw
(bootloader) partition-size:rpm: 0x80000
(bootloader) partition-type:LTALabel:raw
(bootloader) partition-size:LTALabel: 0x1000000
(bootloader) partition-type:TA:raw
(bootloader) partition-size:TA: 0x200000
(bootloader) secure:no
(bootloader) serialno:XXXXXXXX
(bootloader) serial:1a322f75
(bootloader) product:G8441
(bootloader) max-download-size:536870912
(bootloader) kernel:uefi
So that seems like I did succeed at the unlocking. Now, I still can't seem to flash twrp:
Code:
$ fastboot -v flash recovery twrp-3.3.1-0-lilac-pie-5.img
fastboot: verbose: target reported max download size of 536870912 bytes
Sending 'recovery' (34548 KB) FAILED (Status read failed (No such device))
fastboot: error: Command failed
But things look normalish otherwise (max download size actually reported). And I still get libusb I/O error messages from flashtool when I tried to connect the device in fastboot mode while running flashtool. So, now my question has really morphed into help with this specific error. Why would it say "no such device"?
---
One more note: tailing /var/log/kern.log while doing the above (trying to flash recovery with fastboot), I can see that the device does reconnect. So I'm assuming that the "no such device" message is due to the disconnection. It's not clear to me if my troubles are due to kernel version, libusb version, cables/cable-types or something else. Looking forward to any advice.
Update (a second state acheived)
I managed to get the phone into some other mode (I guess what was called "flash mode" in other xperia devices). The indicator here is that the led is green instead of blue (fastboot). Well, it still seems to be some sort of fastboot mode, although quite a bit is different. For one thing, the device doesn't send its serial. In /var/log/kern.log I see:
Code:
Sep 22 21:53:11 kernel: [25251.575770] usb 1-1: Product: Android
Sep 22 21:53:11 kernel: [25251.575772] usb 1-1: Manufacturer: Sony
Sep 22 21:56:50 kernel: [25470.553359] usb 1-1: USB disconnect, device number 40
Sep 22 21:56:57kernel: [25477.008071] usb 1-1: new high-speed USB device number 41 using xhci_hcd
Sep 22 21:56:57 kernel: [25477.158020] usb 1-1: New USB device found, idVendor=0fce, idProduct=b00b, bcdDevice= 4.04
Sep 22 21:56:57 kernel: [25477.158025] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=0
Then, fastboot itself says that the serial is a bunch of question marks:
Code:
$ fastboot devices
???????????? fastboot
Most interesting, now I get farther along the 'flash' command, instead of failing on 'Sending' with no such device, I see that the sending is "OKAY", but then the command to write fails as "unauthenticated".
Code:
$ fastboot flash recovery recovery.img
Sending 'recovery' (34548 KB) OKAY [ 1.314s]
Writing 'recovery' FAILED (remote: 'Command not authenticated')
fastboot: error: Command failed
Also, now `getvar all` has different info:
Code:
fastboot getvar all
(bootloader) version:0.4-SONY-0.31
(bootloader) max-download-size:104857600
(bootloader) Version-sony:0.31
(bootloader) Loader-version:XFL-MSM8998-N-47
(bootloader) serialno:YYYYYYYY
(bootloader) version-bootloader:1306-5035_X_Boot_MSM8998_LA2.0_P_114
(bootloader) version-baseband:1308-8921_47.2.A.10.107
(bootloader) product:G8441
(bootloader) Phone-id:0000:XXXXXXXX
(bootloader) Rooting-status:ROOTED
(bootloader) Device-id:EDF6B4C3
(bootloader) Platform-id:2005E0E1
(bootloader) Frp-partition:frp
(bootloader) secure:no
(bootloader) Sector-size:4096
(bootloader) Ufs-info:SKhynix,H28U62301AMR,D003
(bootloader) Keystore-counter:1
(bootloader) Sake-root:D159
(bootloader) Default-security:eek:N
(bootloader) S1-root:S1_Root_e69c
(bootloader) Security-state:162509AE6B4B54D487F2496DDC4D4B6C6747A73B
(bootloader) USB-version:0x0200
(bootloader) slot-count:0
(bootloader) slot-suffixes:<empty>
(bootloader) current-slot:<empty>
all:
Finished. Total time: 0.107s
Also, in this mode, instead of just hanging if I retry the `oem unlock` command, it promptly replies that it's already unlocked.
Code:
$ fastboot oem unlock 0xBADHEAD
FAILED (remote: 'Bootloader already unlocked')
fastboot: error: Command failed
These seem like important clues. I'm looking for any tips parsing them
Rooting is not worth it anymore.
With any flashing there is the risk to damage the memory chips (because, you know, manufacturing defects, wearing out, etc). With old device the risk is even higher - and you won't have warranty anymore.
What I am saying is that you may have a (now) defective device.
bookworth said:
Rooting is not worth it anymore.
With any flashing there is the risk to damage the memory chips (because, you know, manufacturing defects, wearing out, etc). With old device the risk is even higher - and you won't have warranty anymore.
What I am saying is that you may have a (now) defective device.
Click to expand...
Click to collapse
Sure. It's possible that the device is defective. The purpose of this thread is to determine that. Do you have any experience which is relevant?
This is not about "rooting" in the traditional sense of owning uid 0 in Android. This is about installing a system which I'm comfortable using.
apexofservice said:
Sure. It's possible that the device is defective. The purpose of this thread is to determine that. Do you have any experience which is relevant?
This is not about "rooting" in the traditional sense of owning uid 0 in Android. This is about installing a system which I'm comfortable using.
Click to expand...
Click to collapse
I think you can obviously see that the device is old and both the offial and unofficial support has faded. It is just like flashing a Nokia E6 from 2011 today - noone cares. I know because I just did the Nokia thing.
@apexofservice, for flashing twrp image you need fastboot mode - blue led light (vol+ held while connecting to usb).
The other mode - green led light - is flash mode (Sony Service Mode) - there you can flash only sony signed stock firmware (like with newflasher all those .sin files).
I guess you troubles are most likely caused by some old version of 'fastboot' utility in your linux distro - are you using the version you've installed for modding your previous sony phone?
Or did you follow the sony unlocking guide and really installed the recommended fastboot utility version (as part of some android devel pack)?
To rule out flash error, you may try to just boot twrp without flashing it:
Code:
fastboot reboot bootloader
fastboot boot twrp.img
I wonder why so many people just unlock the phone without reading first?
You might have noticed, there is a drm keys backup method and do that first before unlocking...
j4nn said:
@apexofservice, for flashing twrp image you need fastboot mode - blue led light (vol+ held while connecting to usb).
The other mode - green led light - is flash mode (Sony Service Mode) - there you can flash only sony signed stock firmware (like with newflasher all those .sin files).
I guess you troubles are most likely caused by some old version of 'fastboot' utility in your linux distro - are you using the version you've installed for modding your previous sony phone?
Or did you follow the sony unlocking guide and really installed the recommended fastboot utility version (as part of some android devel pack)?
To rule out flash error, you may try to just boot twrp without flashing it:
Code:
fastboot reboot bootloader
fastboot boot twrp.img
I wonder why so many people just unlock the phone without reading first?
You might have noticed, there is a drm keys backup method and do that first before unlocking...
Click to expand...
Click to collapse
@j4nn: thanks so much for picking up the conversation. I realized what you said about green vs blue led and fastboot vs Sony Service mode sometime after my last post. But I didn't want to keep updating and just talking to myself so I held off. Still it's interesting that sony service mode is clearly based at least partially on the fastboot protocol.
In terms of which fastboot binary, I started by using the one I had installed from previous work with my z3c, that one is:
Code:
fastboot version 28.0.1-4986621
It was new enough not to have the -i $vendor_id option which is quoted in a bunch of guides for xperia stuff, and that's one of the things which lead me to try upgrading fastboot. Nowadays, it turns out, you can get the platform-tools without downloading the Sdk. So that download was quite convenient and I downloaded this version:
Code:
$ ./platform-tools/fastboot --version
fastboot version 29.0.4-5871666
I believe that's the latest fastboot, but let me know if it's not and if I should try to find something more recent. Actually, regarding fastboot, I ended up turning up the source code repo and found the README quite fascinating. I actually started using pyUSB to make a python version of fastboot, but that's a bit of an aside. In any case, I guess I could just compile fastboot from source. However, I suspect that the fastboot version isn't actually my issue.
Regarding booting from twrp using fastboot: Alas, that fails too. And, interestingly (perhaps), it fails in a similar way to the flash command. The phone seems to restart during or after the data send part:
Code:
./fastboot boot twrp-3.3.1-0-lilac-pie-5.img
Sending 'boot.img' (34548 KB) FAILED (Write to device failed (Cannot send after transport endpoint shutdown))
fastboot: error: Command failed
So then, given that the Green LED is Sony Mode, I thought maybe I should try to use FlashTool to try to reflash a working ROM/boot/kernel. So, I downloaded a stock ROM (same major version, Android 9 in my case), and then used the bundle command to prepare an FTF package.
Unfortunately, the version of FlashTool that I have doesnt' seem to be able to recognize the "flash mode" (green LED) that this phone provides. After preparing the firmware for flashing, it just says "phone connected with usb debugging disabled" when I connect it with Green LED. So, I figured that I needed to upgrade FlashTool. I found the lastest FlashTool and then tried to run it. But the jvm that comes with it seems to have been linked dynamically against a newer GLIBC than the one I have on this distro, so I started compiling a newer GLIBC into /opt but haven't gotten any farther before it was time to go work and set this aside for a while.
In terms of why I went straight to bootloader unlock instead of doing the firmware exploit to backup the TA keys, the main reason is as follows. The first is that I went through that exercise twice with my Z3C (I had two Z3Cs over the last 4 years), and it never ended up being useful. I never wanted to go back to stock, I never ended up caring about the DRM keys on the TA partition. So, I didn't really want to go through a bunch of hoops just to backup some keys that at this point it's clear that I'm not going to be using---I just wanted to get to the business of getting lineage up.
Please do post any further ideas or suggestions. I'd love any advice. Thanks in advance!
@apexofservice, instead of flashtool, just use newflasher to try to flash stock fw.
In linux you can ignore the pre-built binaries and just compile from source.
You may ignore even the prepared makefile and just use
gcc -o newflasher newflasher.c -lz -lexpat -ggdb
in order to use your system libs instead of those bundled.
Just do not use -O2 as that seams to cause flashtool segfault if compiled with -O2 with some recent gcc versions (there is probably a bug somewhere), -O0 resolves the segfault if it happens.
@apexofservice, xz1c sony flash mode init script contains this
Code:
# Increase min_free_kbytes to reduce risk of getting out of memory when doing USB read.
# The value 56766 was created by adding 12*4096 to the default value of 7614. I.e. we
# add 12 4MB buffers and this seems to be big enough for our use case.
write /proc/sys/vm/min_free_kbytes 56766
Maybe it is related also to your linux setup?
Could you test
Code:
echo 56766 > /proc/sys/vm/min_free_kbytes
before testing fastboot or newflasher?
Last update for now. I upgraded glibc and got to try out the lastest FlashTool. It's very cool that they've got XperiFirm integrated now. However, my situation is unchanged. When I go ServiceMode (Green LED), FlashTool says "Device connected with usb debugging disabled". When I connect with fastboot mode (Blue LED), i see a libusb error in stderr which says "libusb_get_string_descriptor_ascii : I/O Errors".
So, I guess I've tried all the tools now, and the device really is responding surprisingly to commands, it seems. I think I'm down to USB ports/cables. Unless people have other ideas.
Just saw your posts. Thanks for the quick reply.
j4nn said:
@apexofservice, xz1c sony flash mode init script contains this
Code:
# Increase min_free_kbytes to reduce risk of getting out of memory when doing USB read.
# The value 56766 was created by adding 12*4096 to the default value of 7614. I.e. we
# add 12 4MB buffers and this seems to be big enough for our use case.
write /proc/sys/vm/min_free_kbytes 56766
Maybe it is related also to your linux setup?
Could you test
Code:
echo 56766 > /proc/sys/vm/min_free_kbytes
before testing fastboot or newflasher?
Click to expand...
Click to collapse
FWIW, my system currently has 67584, so technically 56766 is a *decrease*. In any case, I tried it. Unfortunately, same output as previous:
Code:
./platform-tools/fastboot flash recovery twrp-3.3.1-0-lilac-pie-5.img
Sending 'recovery' (34548 KB) FAILED (remote: 'unknown command')
fastboot: error: Command failed
Btw, where are you reading the source of that sony init script from?
j4nn said:
@apexofservice, instead of flashtool, just use newflasher to try to flash stock fw.
In linux you can ignore the pre-built binaries and just compile from source.
You may ignore even the prepared makefile and just use
gcc -o newflasher newflasher.c -lz -lexpat -ggdb
in order to use your system libs instead of those bundled.
Just do not use -O2 as that seams to cause flashtool segfault if compiled with -O2 with some recent gcc versions (there is probably a bug somewhere), -O0 resolves the segfault if it happens.
Click to expand...
Click to collapse
Cool, I actually did try newflasher already. I had compiled it from source (I had to change the source minimally because it has a hard-coded device id). After I changed that (to 0x0dde), I built it with `make`. I recompiled using your suggested `gcc` invocation and alas, same error as what I saw last time I tried it.
Code:
$ ./newflasher
--------------------------------------------------------
newflasher v18 by Munjeni @ 2017/2019
--------------------------------------------------------
Determining available free space:
Available space to caller = 114642 MB
Total space on current drive = 471964 MB
Free space on drive = 138685 MB
found device with vid:0x0fce pid:0x0dde.
Optional step! Type 'y' and press ENTER if you want dump trim area, or type 'n' and press ENTER to skip.
Do in mind this doesn't dump drm key since sake authentifiction is need for that!
n
- Error, no DATA reply!
End. You can disconnect your device when you close newflasher
I read in the fastboot README that that DATA reply is what's supposed to happen when the device reports that it's ready to read after and OKAY.
In fact, it was pretty easy to add the line `printf("%s\n", tmp_reply);" to the source code right after the line which is printing
"no DATA reply" and then I recompile and see:
Code:
- Error, no DATA reply!
FAILunknown command
So that's the same "unknown command" message that I'm seeing from the fastboot tool too. Shucks.
@apexofservice, your change of "hardcoded" device id does not make sense. The original device id in newflasher is all right.
Changing it to 0x0dde means you are trying to use newflasher in fastboot mode (i.e. idVendor=0fce, idProduct=0dde) which is indicated by blue led light. That will not work.
You need to use flash mode (green led light: idVendor=0fce, idProduct=b00b) with newflasher - no change in source needed.
apexofservice said:
In terms of why I went straight to bootloader unlock instead of doing the firmware exploit to backup the TA keys, the main reason is as follows. The first is that I went through that exercise twice with my Z3C (I had two Z3Cs over the last 4 years), and it never ended up being useful. I never wanted to go back to stock, I never ended up caring about the DRM keys on the TA partition. So, I didn't really want to go through a bunch of hoops just to backup some keys that at this point it's clear that I'm not going to be using---I just wanted to get to the business of getting lineage up.
Click to expand...
Click to collapse
You should know that even LOS16 is depending on stock heavily - my (a bit outdated) source build tree contains 467MB of stock fw proprietary binary blobs. Those blobs might still contain functions that depend on drm, like for example stock camera.
Another discussion about this topic with interesting links is in this thread:
j4nn said:
@Didgesteve, that "no one else seems to have noticed" - a rather big assumption of yours. There are many users complaining about xzp/xz1/xz1c camera quality in general.
But just with regard to oreo vs pie, read the xzp thread from here: post#27, particularly post#30 contains very interesting internal stuff.
I would like to believe sony stopped conditioning camera with keeping bootloader locked with pie but somehow I am not sure about that at all considering all the circumstances and my linked camera quality comparison test.
Thanks for your advice, luckily I do not need janjan's kernels as I've implemented the TA backup exploit, so both my phones can have drm keys restored (in fact one of them is still locked on purpose).
I (and anybody who saved TA-unlocked.img together with TA-locked.img) can switch easily between "drm keys restored" and "drm keys lost" states for testing/comparisons.
Click to expand...
Click to collapse
j4nn said:
@apexofservice, for flashing twrp image you need fastboot mode - blue led light (vol+ held while connecting to usb).
The other mode - green led light - is flash mode (Sony Service Mode) - there you can flash only sony signed stock firmware (like with newflasher all those .sin files).
I guess you troubles are most likely caused by some old version of 'fastboot' utility in your linux distro - are you using the version you've installed for modding your previous sony phone?
Or did you follow the sony unlocking guide and really installed the recommended fastboot utility version (as part of some android devel pack)?
To rule out flash error, you may try to just boot twrp without flashing it:
Code:
fastboot reboot bootloader
fastboot boot twrp.img
I wonder why so many people just unlock the phone without reading first?
You might have noticed, there is a drm keys backup method and do that first before unlocking...
Click to expand...
Click to collapse
Good news here is that I managed to finally properly use newflasher to flash a stock ROM (android 9) and boot into it. Hooray. Bad news is that I still get the same behavior as reported above when I try to flash twrp. As above, I can't even boot into it with `fastboot boot twrp.img`. Since I'm really not interested in using the stock ROM, I'd love advice on what I may need to try next in order to get a custom recovery working (and eventually, obviously, a custom ROM).
Had very similar issues - could only get to fastboot devices. Nothing else worked. Then I read that connecting through USB hub could work. Now fastboot getvar all works as well, managed to unlock the bootloader and flash TWRP...
bookworth said:
Rooting is not worth it anymore.
With any flashing there is the risk to damage the memory chips (because, you know, manufacturing defects, wearing out, etc). With old device the risk is even higher - and you won't have warranty anymore.
What I am saying is that you may have a (now) defective device.
Click to expand...
Click to collapse
Go take this garbage elsewhere, rooting and custom roms are very much worth it unless you like a crappy bloated stock rom. The devices are not defective nor is there any risk really as long as you're able to read. Way to waste the OP's time too and mine.
apexofservice said:
Good news here is that I managed to finally properly use newflasher to flash a stock ROM (android 9) and boot into it. Hooray. Bad news is that I still get the same behavior as reported above when I try to flash twrp. As above, I can't even boot into it with `fastboot boot twrp.img`. Since I'm really not interested in using the stock ROM, I'd love advice on what I may need to try next in order to get a custom recovery working (and eventually, obviously, a custom ROM).
Click to expand...
Click to collapse
Still having issues or did you figure it out?
Same for me after flashing the firmware. Issue solved.
I got the latest TWRP here: https://forum.xda-developers.com/xp...t/recovery-twrp-3-1-1-stock-security-t3706704
Then I activated flash mode. (Phone off, volume down, then connect USB. The green LED is lit, otherwise black screen.)
Code:
fastboot reboot-bootloader
fastboot boot twrp-3.xxx.img
I Copied the TWRP image to the phone, then I used TWRP to install the TWRP image. (There is an option to install ZIP, which is default, or image.)
R3xXDA said:
Had very similar issues - could only get to fastboot devices. Nothing else worked. Then I read that connecting through USB hub could work. Now fastboot getvar all works as well, managed to unlock the bootloader and flash TWRP...
Click to expand...
Click to collapse
Using a USB hub was also the fix for me on an Xperia XA2 when flashing AOSP 9.0.