Related
Current Status 7/14
Without the NAND being unlocked, we are unable to re-write to the recovery partition. Other than that everything is working good. Unlocked NAND=One Click Root!
This method is directly based on the new root process for the Eris released on xda.
Original thread can be found here
The following information is taken directly from the thread mentioned above with some small modifications by me for the Incredible.
Big thanks to tereg for the toolkit and the guys who rooted the EVO with a file write/chmod race condition exploit that gave me the idea for this.
jcase noticed that a race isn't actually nessisary to exploit the chmod 777 on the file I've been working with, simplifying the script alot.
I used the files from the adb development pack that Tereg put together. Download them here. You don't need them for this root process as long as you have a working adb install.
You will need adb access. Install the android sdk for your platform (macos, windows, linux) get it for your OS here.
If you don't know how to install the sdk, search xda, there are a ton of howtos for that.
Files to download:
hack-v5-DINC.zip
A ROM file
Android SKD (skip if you have a working adb)
Instructions for linux/OSX.
Have adb in your path, or move the files contained in hack-v5-DINC.zip into your sdk/tools directory so your pushes will work properly.
FOR ALL OS's Make sure your phone has Applications->Development->USB Debugging turned on.
Do NOT have your phone in Disk Drive Mode, have it in Charge Only.
Open a terminal window in your /tools/ directory. Type this at the prompt.
Code:
sh runinlinux.sh
This will take a few minutes, follow the instructions on your screen.
If you get adb: command not found, edit runinlinux.sh and change every
Code:
#/bin/bash
adb push flash_image /data/local/
adb push recovery.img /data/local/
adb push testfile /data/local/
etc...
to
Code:
./adb push flash_image /data/local/
./adb push recovery.img /data/local/
./adb push testfile /data/local/
etc...
Instructions for windows (thanks tereg!)
Download the hack.zip file and extract it to the desktop. So, you have a folder on the desktop called hack. I would recommend moving or copying those files (EDIT: that are contained in the hack folder) to the C:\android-sdk-windows\tools folder. Why? Because the script runs "adb ____" commands, and unless you've set up adb to be able to run anywhere within the command prompt, the script won't run. So, it will universally work if the files in the hack folder are placed in C:\android-sdk-windows\tools
So, open a command prompt by pressing WindowsKey+R, or going to Start-Run (in WinXP) and typing
Code:
cmd
in the text box there and press OK
If you are in Windows Vista/Windows 7, go to the Start Menu, then type in
Code:
cmd
in the search bar in the lower right-hand corner of the start menu and press enter, and locate Command Prompt in the search results, or go to Start -> All Programs -> Accessories -> Command Prompt
Type
Code:
cd C:\android-sdk-windows\tools
and press enter
Now, I recommend pushing the ROM you want to flash to the SD card now.
Code:
adb push ROM.zip /sdcard
Then, type
Code:
runindos.bat
to execute the script.
You might have to run it 2 or 3 times for it to work. If it fails, just reboot the phone normally, then run
Code:
runindos.bat
again once the phone is booted back up and you're ready.
----------(Thanks again tereg!)
It will scan for a long time, give it at least 5 minutes. If it doesn't come back after 5 minutes cntrl +c to stop it, start the process again. MOST PEOPLE HAVE TO RUN THIS AT LEAST TWICE!
If your device reboots into a new screen with options on it, you now have root in recovery mode. At this point you will be flashing your Incredible's brains, so YOUR PHONE WILL BE BLANK AFTER LOADING A NEW ROM! All of your apps/numbers will be gone from the phone.
I suggest a nand backup first.
Download and copy one of these ROM's to your sdcard as update.zip and flash it with flash zip from sdcard by selecting "Install zip from sdcard".
The first boot after loading a new ROM takes quite a while to show any activity to the screen. Give it a good 5 minutes before you start wondering if it's ever going to come back.
---
runinlinux.sh
---
Code:
#/bin/bash
adb push recovery.img /data/local/
adb push flash_image /data/local/
adb shell chmod 777 /data/local/recovery.img
adb shell chmod 777 /data/local/flash_image
adb shell rm /data/local/rights/mid.txt
adb shell ln -s /dev/mtd/mtd1 /data/local/rights/mid.txt
echo "Files copied and permissions set, rebooting HTC Andriod 2.1"
adb reboot
echo "Your phone will now reboot into normal mode, then reboot into recovery mode. If it does not reboot the second time, wait 10 minutes and manually reboot and begin again."
echo "Your phone is now rebooting in Rooted Recovery mode, do a backup and load your ROMs"
adb wait-for-device
adb shell /data/local/flash_image recovery /data/local/recovery.img
adb reboot recovery
---
runindos.bat
---
Code:
@echo off
adb push recovery.img /data/local/
adb push flash_image /data/local/
adb shell chmod 777 /data/local/recovery.img
adb shell chmod 777 /data/local/flash_image
adb shell rm /data/local/rights/mid.txt
adb shell ln -s /dev/mtd/mtd1 /data/local/rights/mid.txt
echo "Files copied and permissions set, rebooting HTC Andriod 2.1"
echo "Your phone will now reboot into normal mode, then reboot into recovery mode. If it does not reboot the second time, wait 10 minutes and manually reboot and begin again."
adb reboot
adb wait-for-device
echo "Your phone is now rebooting in Rooted Recovery mode, do a backup and load your ROMs"
adb shell /data/local/flash_image recovery /data/local/recovery.img
adb reboot recovery
This thread is intended to be an think-tank, similar to the one on the eris forums where I got the idea from. Let the ideas flow!
has this been tested to work on the INC? if not why has this been posted.
outsid0r said:
has this been tested to work on the INC? if not why has this been posted.
Click to expand...
Click to collapse
uhm....do you read?
"This thread is intended to be an think-tank, similar to the one on the eris forums where I got the idea from. Let the ideas flow!"
no. this is not working yet. thats why the title even has {development} in it. the process is almost working, and this is a develpoment thread to work out the issue-which is also in big letters at the top...see where it says
"Without the NAND being unlocked, we are unable to re-write to the recovery partition. Other than that everything is working good. Unlocked NAND=One Click Root!"
So once we solve a much more difficult problem, the less difficult will be easier.
Makes sense.
We already know how to unlock the nand vs the exploit posted last night...also unrevoked will have it done In a few days anyway
Sent from my HTC Incredible using the XDA App
adrynalyne said:
So once we solve a much more difficult problem, the less difficult will be easier.
Makes sense.
Click to expand...
Click to collapse
the difficult problem has already been solved. the unrEVOked team already has the NAND unlocked. now its whether they want to share and make it a true one-click root method, or if they are going to keep it a secret and keep koush's clockworkmod recovery as the only possibility. this tool still uses the clockworkmod recovery, but after a NAND unlock your given the option to change. since koush is working for them too, im starting to think more and more that they are going to keep the monopoly.
im hoping that they will just incorporate their NAND unlock method into this root process. they can even re-lock it after the process is done as they do in their re-flash tool to preserve the monopoly, but a true one-click root is now possible with their co-operation. ive messaged them asking if they want to help out. we will see soon enough, so cross your fingers!
they can even re-lock it after the process is done as they do in their re-flash tool to preserve the monopoly
Click to expand...
Click to collapse
You just lost a ton of respect from me, and I suspect more than a few others. Talk about biting the hand that feeds you.
adrynalyne said:
You just lost a ton of respect from me, and I suspect more than a few others. Talk about biting the hand that feeds you.
Click to expand...
Click to collapse
So I see we have this starting up again....shakes head at OP..
@adrynalyne best to just ignore these people...its not like the winmo days is it man? Le sighe
Good advice, you are right. I will ignore this stuff in the future.
No, not like the winmo days at all. I've never seen so much anomisity and jealousy in a community before like there is for Android.
All I can say is we already intended to release this method, we were making a pretty robust obfuscation for it. But again the community has jumped before thinking and posted the bug for HTC to fix. There might not be any root's left after this one is burnt. Which it now is. Our tool will be released as is soon enough.
We don't care to create a monopoly, we happily work with others that ASK. Those that just jump and tell the world all the secrets we don't want plugged are just stupid, plain and simple.
adrynalyne said:
You just lost a ton of respect from me, and I suspect more than a few others. Talk about biting the hand that feeds you.
Click to expand...
Click to collapse
LOL Whatever, it isnt like respect from you is something anyone cares about. I like someone with the nerve to speak the truth no matter how unpopular it might be.
outsid0r said:
has this been tested to work on the INC? if not why has this been posted.
Click to expand...
Click to collapse
Please read. Think tank! I applaud this dude for trying. More than many others do here!
fader01 said:
LOL Whatever, it isnt like respect from you is something anyone cares about. I like someone with the nerve to speak the truth no matter how untrue it might be.
Click to expand...
Click to collapse
Fixed that for ya.
adrynalyne said:
You just lost a ton of respect from me, and I suspect more than a few others. Talk about biting the hand that feeds you.
Click to expand...
Click to collapse
Shadowmite said:
All I can say is we already intended to release this method, we were making a pretty robust obfuscation for it. But again the community has jumped before thinking and posted the bug for HTC to fix. There might not be any root's left after this one is burnt. Which it now is. Our tool will be released as is soon enough.
We don't care to create a monopoly, we happily work with others that ASK. Those that just jump and tell the world all the secrets we don't want plugged are just stupid, plain and simple.
Click to expand...
Click to collapse
it seems like my comment was taken the wrong way.
for one, clockworkmod recovery is the only one that works on the DINC AFAIK, amon_ras isnt working on here either.
the monopoly is basically a monopoly because of the lack of other available options, not necessarily because its enforced.
i apologize if it came off the wrong way or insulted anyone with the preceding comments.
i meant this thread as a co-operative think-tank, it wasnt my intention to start a big ordeal.
adrynalyne said:
Good advice, you are right. I will ignore this stuff in the future.
No, not like the winmo days at all. I've never seen so much anomisity and jealousy in a community before like there is for Android.
Click to expand...
Click to collapse
@adrynalyne yeah its a real rough community at times, but what ya gonna do right...its hard for me to ignore them at times too
@shadowmite. thanks for your guys hard work....the ignorant ones are everywhere nowadays, hope they don't get you guys down.
Cheers!
Shadowmite said:
All I can say is we already intended to release this method, we were making a pretty robust obfuscation for it. But again the community has jumped before thinking and posted the bug for HTC to fix. There might not be any root's left after this one is burnt. Which it now is. Our tool will be released as is soon enough.
We don't care to create a monopoly, we happily work with others that ASK. Those that just jump and tell the world all the secrets we don't want plugged are just stupid, plain and simple.
Click to expand...
Click to collapse
hmm. well i guess thats what happens when people try to help out the community...maybe next time i just wont do anything... :/
and FYI...i did contact you. i sent you a PM earlier today.
this method has been used on the EVO and hasnt been plugged, and its been in the works on the Eris-also an HTC phone- for quite a long time, and in the same way this is...a co-operative community effort to make the phone the best that it can be.And its still not been plugged.
id worry less about HTC plugging the exploits and more about getting the exploits available to the public.
Correct, you are not the original one leaking the method. But my point is devs capable of finding things like this should be capable of thinking about it being plugged. HTC fixed our recovery hold in the next OTA. Now it's quite possible nand and this root will be patched also. we have NO OTHER WAYS IN... Thats it. besides some VERY complicated exploits we are OUT after the next ota.
I got your pm's, but only after you posted this.
It's a moot point, our one click root is due out in a few minutes. we were going to further lengths to protect the method, but it's out anyway at this point.
Shadowmite said:
Correct, you are not the original one leaking the method. But my point is devs capable of finding things like this should be capable of thinking about it being plugged. HTC fixed our recovery hold in the next OTA. Now it's quite possible nand and this root will be patched also. we have NO OTHER WAYS IN... Thats it. besides some VERY complicated exploits we are OUT after the next ota.
I got your pm's, but only after you posted this.
It's a moot point, our one click root is due out in a few minutes. we were going to further lengths to protect the method, but it's out anyway at this point.
Click to expand...
Click to collapse
well i apologize for the fact that i may/may not have ruined your chances to make a big announcement for your release, but IMO its kinda bs that you keep the info on lockdown. the whole point of android is that its open. a select amount of people shouldnt consider themselves the gatekeepers of important information.
ban_dover said:
well i apologize for the fact that i may/may not have ruined your chances to make a big announcement for your release, but IMO its kinda bs that you keep the info on lockdown. the whole point of android is that its open. a select amount of people shouldnt consider themselves the gatekeepers of important information.
Click to expand...
Click to collapse
From our wiki, which you appearently haven't read:
http://unrevoked.com/rootwiki/doku.php/public/unrevoked2
That doesn't seem fair! Android is about open source.
In some senses, we agree; but at times, a tradeoff needs to be made. Releasing the source code for this, we believe, would compromise the greater ability to unlock devices like these in the future. Given the choice between sacrificing the liberty of running code on our handsets and the liberty of reading the code by which we unlock it, we feel that the millions of handsets are more important. It is unfortunate that we must make such a choice, and we look forward to the day in the future that no such decision need be made.
Click to expand...
Click to collapse
Shadowmite said:
From our wiki, which you appearently haven't read:
Click to expand...
Click to collapse
already read it.
i dont take my opinions from things i read. i take the information and draw my own conclusions. and in this case my conclusion is that, while i can see your point i still disagree.
Generic Nvidia Tegra Secure Boot Key Dumper, v0.4
**************************************
YOU MUST GET ROOT BEFORE PROCESSING!!!
This is a temp memory only fix, after you reboot your phone, everything will restore to it's original status. So it WILL NOT brick your phone at all!
**************************************
I am not sure it work for your devices or not, because I only get a SU660 device!
So , you must knew that P880 use a Secure Boot Key to encrypt its nflash communication, if you don't know the SBK, you can't use nvflash backup/restore your partitions.
I found that in the linux kernel, there is some protection that block the user try to read out SBK when the phone in "odm_production" status. So I designed a little software try to patch the phone RAM to bypass the protection.
This is a kernel patcher which will remove the protection when trying to read /sys/firmware/fuse/secure_boot_key
The dumper will patch the kernel in memory, and let you show the secure_boot_key.
Hope it work for all tegra devices.
Usage:
1. adb push dumpSBK /data/local/
2. adb shell
su
chmod 0777 /data/local/dumpSBK
/data/local/dumpSBK
After that, you can
4. cat /sys/firmware/fuse/secure_boot_key
dumpSBK will search the first 1MB physical address(which kernel will be there), and try to patch it.
Usage: dumpSBK [star_mem_addr in KB]
for example: dumpSBK 32
which will search the 32KB~1MB physical memory.
2012/12/31:
re-compile it with -static switch, so it can run on all android platform.
update instructions.
2013/01/01:
modify the program, and let you select which memory range to patch.
usage: dumpSBK [start_memory_addr] [end_memory_addr]
for example: dumpSBK 1 1024
which will search 1MB ~ 1024MB memory and try to patch the kernel.
2013/01/01:
v0.3 add more error detection in the file.
2013/01/06:
v0.4 wil search the first 1MB physical memory, you can specify the start_address , for example dumpSBK 32
and update the search pattern , it will fit for more compiler options.
2013/01/07:
Secure_Boot_Key Dumper for tegra2/tegra3 v0.1
1. adb push ss.ko /sdcard/
2. adb shell
su
cd /sdcard/
insmod ss.ko
dmesg
3. at the end of dmesg, you should see the secure_boot_key.....
2013/01/08:
v0.2 dump all known fuses.....
If you get a error:
Kernel patching failed! Abort....
that means your device kernel has a differnt tegra source code, or compiled with a different compiler........
Please let me know which kernel source code and compiler / compile switch it used.
marsgod said:
If you get a error:
Kernel patching failed! Abort....
that means your device kernel has a differnt tegra source code, or compiled with a different compiler........
Please let me know which kernel source code and compiler / compile switch it used.
Click to expand...
Click to collapse
will it hard brick the phone???
razerblade17 said:
will it hard brick the phone???
Click to expand...
Click to collapse
Do you want to try and find out? I certainly don't.
I like my phone and don't want to end up with an expensive paperweight instead :banghead:
SimonTS said:
Do you want to try and find out? I certainly don't.
I like my phone and don't want to end up with an expensive paperweight instead :banghead:
Click to expand...
Click to collapse
i'd have tried if i didnt sell mine
plus this wont brick the device
nothing can since bootloader's lock so u practically cant mess up anything that matters for booting up
The Troll said:
i'd have tried if i didnt sell mine
plus this wont brick the device
nothing can since bootloader's lock so u practically cant mess up anything that matters for booting up
Click to expand...
Click to collapse
Yep, i think Troll isn't trolling us i would try it out ,but i'm waitin' for my LG, factory reset via recovery bricked it.
This is a temp memory only fix, after you reboot your phone, everything will restore to it's original status. So it WILL NOT brick your phone at all!
The patcher will patch a single byte in your phone RAM, it will not modify any bit in your NAND Flash.
C:\adb>adb shell chmod 0777 /data/local/dumpSBK
Unable to chmod /data/local/dumpSBK: Operation not permitted
I got this
Here is a log of what happened, after I ran the program on my 4X with 10H F/W:
[email protected]:/data/local # /data/local/dumpSBK
/data/local/dumpSBK
[1] + Stopped (signal) /data/local/dumpSBK
[email protected]:/data/local # cat /sys/firmware/fuse/secure_boot_key
cat /sys/firmware/fuse/secure_boot_key
[1] + Segmentation fault /data/local/dumpSBK
Click to expand...
Click to collapse
^ You guys have rooted phone and debugging turned on? maybe that's why these errors.
phone rooted, recheked with root checker.
I have debuging mode one.
But i cant push files to /data/local/
C:\o4xr>adb push dumpSBK /data/local/
push: dumpSBK/Readme.txt -> /data/local/Readme.txt
failed to copy 'dumpSBK/Readme.txt' to '/data/local/Readme.txt': Permission deni
ed
Click to expand...
Click to collapse
So i put those files there with es file explorer and try to run second comand:
C:\o4xr>adb shell chmod 0777 /data/local/dumpSBK
Unable to chmod /data/local/dumpSBK: Operation not permitted
Click to expand...
Click to collapse
Who can explain why?
s7ar73r said:
phone rooted, recheked with root checker.
I have debuging mode one.
But i cant push files to /data/local/
So i put those files there with es file explorer and try to run second comand:
Who can explain why?
Click to expand...
Click to collapse
uhmm
as i seem to recall, the hello world rooting method *only known method* turns on access to that location..
thats where superuser and binaries are added
so if im correct u'd be able to push it if u follow the rooting method and adding the commands to the root.bat *or whatever its name it* that we run in pc by using notepad or anything..
so it should reroot and push ur desired file as well
*again, dun remember, been months but im sure hello world/backuptest thingy will be useful*
k1337Ultra said:
Here is a log of what happened, after I ran the program on my 4X with 10H F/W:
Click to expand...
Click to collapse
I get the this,too.
the v1 patch did not completely work.
The Troll said:
uhmm
as i seem to recall, the hello world rooting method *only known method* turns on access to that location..
thats where superuser and binaries are added
so if im correct u'd be able to push it if u follow the rooting method and adding the commands to the root.bat *or whatever its name it* that we run in pc by using notepad or anything..
so it should reroot and push ur desired file as well
*again, dun remember, been months but im sure hello world/backuptest thingy will be useful*
Click to expand...
Click to collapse
Its not the only known method... but now I don't have time, even to think... I just woke up and came to the computer.
You need to think widder
Gonna back to sleep :angel:
k1337Ultra said:
Here is a log of what happened, after I ran the program on my 4X with 10H F/W:
Click to expand...
Click to collapse
En.... I think it is due to I compiled the dumpSBK with 4.1.2 android, so it will not work on a ICS rom... I will check it later...
s7ar73r said:
C:\adb>adb shell chmod 0777 /data/local/dumpSBK
Unable to chmod /data/local/dumpSBK: Operation not permitted
I got this
Click to expand...
Click to collapse
You MUST root your device.
then type
adb root
to get the adb rooted work.
Of couse, you must have your device USB debug ON.
please do all the steps the right way , starting with the OP instruction you the right way.
OP is assuming we got a "unsecure" booted device, which we have not exactly due to the locked bootloader.
so its pointless to write "root" instruction froms adb when the device is in secure mode. OP is now told and should update the instructions, thank you.
ignore all the "adb shell" instruction and log into the device with "adb shell" once only.
in that shell which is opened execute the "su", so you get a root # prompt.
then run instructions given and skip all "adb shell" infront.
thats it, good luck.
edit:
adb remount,adb root and running root commands only work on unsecure devices , we got ro.secure=1 here and adb not allowed to run root commands
i think it's better toroot Your 4X with Dexter http://forum.xda-developers.com/showpost.php?p=30574547&postcount=85 because it doesn't have any issues, for me with 1st root method for example titanium backup wasn't working.
@marsgod, yep - we don't have 4.1.2 but 4.0.3, but u can leave this version because we'll get 4.1.2 in january
k1337Ultra said:
Here is a log of what happened, after I ran the program on my 4X with 10H F/W:
Click to expand...
Click to collapse
[email protected]:/data/local # /data/local/dumpSBK
/data/local/dumpSBK
[1] + Stopped (signal) /data/local/dumpSBK
[email protected]:/data/local # cat /sys/firmware/fuse/secure_boot_key
cat /sys/firmware/fuse/secure_boot_key
[1] + Segmentation fault /data/local/dumpSBK
i have same result . segmentation fault
whats wrong?
bullghost said:
[email protected]:/data/local # /data/local/dumpSBK
/data/local/dumpSBK
[1] + Stopped (signal) /data/local/dumpSBK
[email protected]:/data/local # cat /sys/firmware/fuse/secure_boot_key
cat /sys/firmware/fuse/secure_boot_key
[1] + Segmentation fault /data/local/dumpSBK
i have same result . segmentation fault
whats wrong?
Click to expand...
Click to collapse
after adb shell type su, u should have [email protected], not [email protected]
@edit so... anyone tested it in right way?
I am trying to kill write protection on my brand new Moto X so that I can root.
I am running MotoWpNoMo from a vmware Windows XP image hosted on a Macbook Pro. It looks to me like MotoWpNoMo is getting stuck trying to boot the device.
Here's the output from MotoWpNoMo:
Code:
!! Do NOT for any reason bite, punch, or molest your device !!
Please wait....
..........
Checking for updates......
Test 1: Rebooting into bootloader
Waiting for fastboot (3/120)
Waiting
Test 2: Booting device
Waiting for ADB (120/120)
ADB connection failed!!
FIX IT, yes, YOU fix it now!!!FIX IT NOW!!!!!
ERROR: usb connection error
FIX IT, yes, YOU fix it now!!!FIX IT NOW!!!!!
Press ENTER to exit
When I check for success via ADB I get this:
Code:
C:\Android>adb shell getprop ro.boot.write_protect
* daemon not running. starting it now on port 5037 *
* daemon started successfully *
1
After five attempts like that, I decided to help MotoWpNoMo along by pressing the selecting Normal Powerup from the Bootloader. Here are the results from that attempt:
Code:
==================== Moto-WP-NoMo 0.0.4 ==============================
Moto-WP-NoMo comes with NO WARRANTY (express or implied)
and NO GUARANTEE OF FITNESS for any particular task.
We have made every effort we can to make this a safe process for users
however the authors disclaim any liability for damage to your phone
or other materials or devices used during this process.
The entire risk of running Moto-WP-NoMo lies with you, the user.
By using this software you acknowledge and accept that the authors
are not liable for any loss, material or otherwise howsoever caused.
Do you understand the implications of this warning?
(Yes/No)
Yes
Dear User: We will expect that YOU:
(1) Know how to use ADB and FASTBOOT binaries
---- [Yes, use these tools to test USB connection BEFORE running Moto-WP-NoMo] -
---
(1) Know how to enable USB-debugging on YOUR device (Yes, do that now)
(2) Understand that you may NOT repack or redistribute Moto-WP-NoMo
Ok?
(Yes/No)
Yes
!! Do NOT for any reason bite, punch, or molest your device !!
Please wait....
..........
Checking for updates......
Test 1: Rebooting into bootloader
Waiting for fastboot (3/120)
Waiting
Test 2: Booting device
Waiting for ADB (26/120)
must play a little while longer...
it's so cold in here
hmm, hold please
..............................................
[TTTT*****************************************]
Press ENTER to exit
What am I doing wrong?
same
I am having the same problem, i'm going to try running as an administrator and then on a fresh windows install.
it WORKS... eventually
Aaronbern said:
I am having the same problem, i'm going to try running as an administrator and then on a fresh windows install.
Click to expand...
Click to collapse
ok i finally got it to work, here's what I did: for a verizon Droid (ultra) MAXX xt1080m root through RockMyMoto
Running Windows on a 2009 Mac Pro in Bootcamp i had several issues:
Network errors. wpbegone.exe would close on its own.
1 i had to disable the firewall on my Landlord's wifi router by social-engineering my way to the administrator password
2 I had to disable windows firewall as it had started itself after connecting to the new wifi
Now I had a new problem; in the the command window i was getting the Line of ********, then a line of [TTTTTT*****************] then ENTER to close
FAIL
I had to run wovegone.exe as an anministrator(again kind of new to windows) via right click
Another NEW issue; on Test 2, after rebooting from fastboot, the phone would not re-connect to the computer, wake from sleep, debug toggled, everything no dice until I get : adb FAILED, USB FAILED FIX IT!!! yes YOU fix it NOW!!!!!, cute lots of help there I kept yelling at my computer no YOU fix it i'm done....
it was now 3am, i went to bed, woke up at 11, breakfast, took a walk, did some "yoga" (aka minecraft for an hour) then went back to it:
i restarted in win 7: got the same issues: [TTTTT*****] failure if run as normal, USB failure when run as an admin, I tried different usb plugs, wires i tried toggling Debug, diffent su setting (install on system, re install supersu, upgrade to pro
I tried through my keyboard (not enough power) then a Powered USB hub, it failed again, i toggled USB debug, unplugged hub (power, usb) re-plugged and ran wpbegone.exe as admin and.......
==================== Moto-WP-NoMo 0.0.4 ==============================
Moto-WP-NoMo comes with NO WARRANTY (express or implied)
and NO GUARANTEE OF FITNESS for any particular task.
We have made every effort we can to make this a safe process for users
however the authors disclaim any liability for damage to your phone
or other materials or devices used during this process.
The entire risk of running Moto-WP-NoMo lies with you, the user.
By using this software you acknowledge and accept that the authors
are not liable for any loss, material or otherwise howsoever caused.
Do you understand the implications of this warning?
(Yes/No)
Yes
Dear User: We will expect that YOU:
(1) Know how to use ADB and FASTBOOT binaries
---- [Yes, use these tools to test USB connection BEFORE running Moto-WP-NoMo] -
---
(1) Know how to enable USB-debugging on YOUR device (Yes, do that now)
(2) Understand that you may NOT repack or redistribute Moto-WP-NoMo
Ok?
(Yes/No)
Yes
!! Do NOT for any reason bite, punch, or molest your device !!
Please wait....
..........
Checking for updates......
Test 1: Rebooting into bootloader
Waiting for fastboot (3/120)
Waiting
Test 2: Booting device
Waiting for ADB (116/120)
must play a little while longer...
it's so cold in here
hmm, hold please
..............................................
[---------------------------------------------]
doing some *stuff*..................
this is getting boring, let's go ahead and get started..
clobbering (1)...............................................
clobbering (2)......
Waiting for ADB (48/120)
must play a little while longer...
lets put some things back in place...
installing root stuff, thanks chainfire
wait for it.........
yep, done. bye bye pesky write protection!
send your money, ALL OF YOUR MONIES to - [email protected]
Press ENTER to exit
Click to expand...
Click to collapse
ran adb shell getp[rop ro.boot.write_protect
GOT 0!!!
so my advice is take your time and keep trying i guess its like throwing a puzzle at a wall and needing it to come together on its own
just keep trying and try different things i think it just takes time
~A
I keep getting stuck at this line and it's driving me absolutely nuts.
clobbering (1)...
WTF: why are you even here?
Why is SuperSU crashing at this point? Any help please.
I have never been able to get anything that tries to get to the phone from inside any virtual machine on my Mac. I have not tried in Bootcamp, but I can honestly say that I had to do it twice to get it working on my Windows 7 laptop and it does need to be run as administrator.
My guess would be that some kind of low level access to the USB system are not passed on from the VM to the Mac. Bootcamp should work, if you are persistent.
nwinston96 said:
I keep getting stuck at this line and it's driving me absolutely nuts.
clobbering (1)...
WTF: why are you even here?
Why is SuperSU crashing at this point? Any help please.
Click to expand...
Click to collapse
http://forum.xda-developers.com/showpost.php?p=49780077&postcount=4
look here and see if that makes sense to you he was having the same issues.
In case anybody cares, here's a pure C reimplementation of 'cuber.py'
(my own earlier reimplementation of @vortox's signature.py).
This is what I'm using in my '1-Click' bootloader unlock VM...
See 'grep ^gcc' for "build instructions".
Hack, you can probably build this for ARM and run it right on your very HDX tablet... (-;
UPDATE (JanuaryFebruary 2017):
OK; so, @zivimo had built this for ARM, but people still haven't noticed.
I repacked his binary from a .tar.gz to a .zip archive and decided to spell out the instructions for use.
Perhaps, this helps... With the right bootloader in place, and adb/fastboot installed (and working),
the unlock is as easy as follows...
Download and extract unlock.zip (SHA256: e40e3010f8eccfa9cbd1e73eecac30cf799099d183de23b2d256fc3407f143f6e5db0b8d82c8fd2a25a22b0a598014d22a2ec33cef27a8d4b65a36acde08f27a)
to the same directory that holds the adb and fastboot executables (unless you have added them to your PATH)
Click on get_code.bat in the extracted folder
-- optional (but commonly required) step(s) --
fix root (roll back, if you need to), flash vulnerable bootloader
[you'll definitely need to perform at least some of these if the last step fails]
Click on unlock.bat in the extracted folder
The archive also includes .sh variants of the .bat files for convenience.
You could also just click to show the hidden section and cut&paste... (-;
Code:
[STRIKE]unzip cuber.zip[/STRIKE]
adb push cuber /data/local/tmp/
adb shell chmod 0755 /data/local/tmp/cuber
adb shell 'id=$(cat /sys/class/block/mmcblk0/device/{manfid,serial}); echo "$id"; echo 0x${id:6:2}${id:11:8} | /data/local/tmp/cuber > /sdcard/unlock.code'
adb pull /sdcard/unlock.code
adb shell rm /sdcard/unlock.code /data/local/tmp/cuber
adb reboot-bootloader
fastboot -i 0x1949 flash unlock unlock.code
NOTE: download and extract the attached 'cuberunlock.zip' and run the above commands
in the directory where 'cuber' got extracted to.
Nice job! Originally I wanted to use OpenSSL BigNum too, but I hadn't enough time and Python was easier to use
hey,
made a static compile with an arm debian (jessie). seemed the easiest solution to me. compile command:
Code:
# gcc -fPIE -static cuber.c -o cuber -lssl -lcrypto
# strip cuber
# ldd cuber
not a dynamic executable
# ./cuber
Usage: cuber [RSA-bytes] < data > sig
seems to work. arm(!) binary attached.
ok draxie, you pointed me here but something seems to be missing. i downloaded unlock.zip, put the files in my adb directory. when i run get_code.bat, it pushes cuber to the kindle in the right directory, changes permissions (dont see any errors there) but then stops saying the system can't find the specified path. Whats funny is i used es file explorer to check the paths in the script, and they are there so not sure where the hang up is.
chin_bone said:
ok draxie, you pointed me here but something seems to be missing. i downloaded unlock.zip, put the files in my adb directory. when i run get_code.bat, it pushes cuber to the kindle in the right directory, changes permissions (dont see any errors there) but then stops saying the system can't find the specified path. Whats funny is i used es file explorer to check the paths in the script, and they are there so not sure where the hang up is.
Click to expand...
Click to collapse
Did you check all three paths?
/data/local/tmp
/sdcard
/sys/class/block/mmcblk0
The 2nd one _may_ be problematic if you're on SafeStrap.
I don't know why. I'm yet to install that on one of my test
devices to investigate. (Or, was that the 1st... )
The 0 in the 3rd one may actually be a 1 on some systems.
I have a few extra lines in my VM script to work around
that, I can easily add that here as well, if that turns out
to be the issue.
BUT, to try and troubleshoot: how far does the script get?
If it didn't complain with the permissions, the 1st path is probably OK.
Does it print your manfid/serial?
If so, mmcblkX would be right as well.
Any chance that you're on SafeStrap?
Can you push/pull to/from /sdcard?
- - - - -
On a second thought: I've only ever tested this on Linux.
String quoting on Windows may work differently, and could *royally* mess up how that more complex command is interpreted.
I'll test tomorrow; it's like 20 past 1am here. I need to get some sleep.
In the meantime, as a workaround, you could just hard-code your manfid/serial, and replace this line:
Code:
adb shell 'id=$(cat /sys/class/block/mmcblk0/device/{manfid,serial}); echo "$id"; echo 0x${id:6:2}${id:11:8} | /data/local/tmp/cuber > /sdcard/unlock.code'
by the decidedly much simpler:
Code:
adb shell 'echo 0xmmssssssss | /data/local/tmp/cuber > /sdcard/unlock.code'
draxie said:
Did you check all three paths?
/data/local/tmp
/sdcard
/sys/class/block/mmcblk0
The 2nd one _may_ be problematic if you're on SafeStrap.
I don't know why. I'm yet to install that on one of my test
devices to investigate. (Or, was that the 1st... )
The 0 in the 3rd one may actually be a 1 on some systems.
I have a few extra lines in my VM script to work around
that, I can easily add that here as well, if that turns out
to be the issue.
BUT, to try and troubleshoot: how far does the script get?
If it didn't complain with the permissions, the 1st path is probably OK.
Does it print your manfid/serial?
If so, mmcblkX would be right as well.
Any chance that you're on SafeStrap?
Can you push/pull to/from /sdcard?
- - - - -
On a second thought: I've only ever tested this on Linux.
String quoting on Windows may work differently, and could *royally* mess up how that more complex command is interpreted.
I'll test tomorrow; it's like 20 past 1am here. I need to get some sleep.
Click to expand...
Click to collapse
It's all good draxie, i figured out what i was doing wrong with the other procedure, that damn STEP 2, once i did it, everything fell into place. Bootloader unlocked and now just trying to figure out which rom to try first. Thanks again, you guys are great and i know how valuable everyones time is. :good:
I keep hitting road blocks, I am rooted and on Fire OS 4.5.5.2 I click get code a screen flashes up then I click Unlock and my Kindle boots to the Grey Kindle screen with Fastboot underneath and nothing else happens. Same happens when I copy and past the code into ADB. What step am I failing at? Thanks for the help!
pdanforth said:
I keep hitting road blocks, I am rooted and on Fire OS 4.5.5.2 I click get code a screen flashes up then I click Unlock and my Kindle boots to the Grey Kindle screen with Fastboot underneath and nothing else happens. Same happens when I copy and past the code into ADB. What step am I failing at? Thanks for the help!
Click to expand...
Click to collapse
@draxie - I have no experience with this tool; python/gmpy2 works reliably for me. Sorry to pull you in ...
Davey126 said:
@draxie - I have no experience with this tool; python/gmpy2 works reliably for me. Sorry to pull you in ...
Click to expand...
Click to collapse
I am up and running now, unlocked and running kk-fire-nexus-rom-thor-20161017. Play store is also up and running.
pdanforth said:
I am up and running now, unlocked and running kk-fire-nexus-rom-thor-20161017. Play store is also up and running.
Click to expand...
Click to collapse
Did you end up using some other method, or did these scripts work for you in the end?
Either way, others may find useful if you could share whatever worked for you. (-;
Unfortunately, I still haven't had a chance to test these scripts in Windows;
so, I couldn't answer your first call for help in a good way. If there's something
wrong and there's enough interest, I'll be happy to fix it as soon as I can.
draxie said:
Did you end up using some other method, or did these scripts work for you in the end?
Either way, others may find useful if you could share whatever worked for you. (-;
Unfortunately, I still haven't had a chance to test these scripts in Windows;
so, I couldn't answer your first call for help in a good way. If there's something
wrong and there's enough interest, I'll be happy to fix it as soon as I can.
Click to expand...
Click to collapse
@stangri did my unlock file and I used this thread to unlock https://forum.xda-developers.com/kindle-fire-hdx/general/thor-unlocking-bootloader-firmware-t3463982
I had trouble making the Unlock file, once that was done and some help from other users I am now up and running!
Hey you lucky Mi 11 owners,
I'm trying to compile a database for Android Devices - something like the Grade Partition Table Reference started a while ago here @xda, but a lot more detailed, including:
-cat /proc/cpuinfo
- getprop
- service list
- lshal
- ps -Zef
- ls -l /dev
- ls -l /dev/block/by-name
- cat /proc/partitions
- df
- mount
- dumpsys (lots of output)
I make the results public at http://newandroidbook.com/ddb/ so other people, primarily researchers and rooters/modders, can benefit. Any help would be *greatly* appreciated. It's really simple to do this (especially on Linux, just use "script" then "adb shell", then run all these , exit from device, exit from script, and grab typescript.txt)
I have sent my debugging records, copied and saved by CMD of win10. Because my linux can't seem to load usb
G731882624 said:
I have sent my debugging records, copied and saved by CMD of win10. Because my linux can't seem to load usb
Click to expand...
Click to collapse
That's great! Thank you! But... where did you send them? I didn't get anything either here or at the [email protected] mail..
And btw, running "Adb" as root usually fixes the usb problems on Linux. Either that, or changing dev rules
morpheus______ said:
That's great! Thank you! But... where did you send them? I didn't get anything either here or at the [email protected] mail..
And btw, running "Adb" as root usually fixes the usb problems on Linux. Either that, or changing dev rules
Click to expand...
Click to collapse
Oh, I probably sent the wrong email address. I am using the Linux subsystem under win10. Run lsusb to get [email protected]:/mnt/c/Users/Ge# lsusb
unable to initialize libusb: -99
G731882624 said:
Oh, I probably sent the wrong email address. I am using the Linux subsystem under win10. Run lsusb to get [email protected]:/mnt/c/Users/Ge# lsusb
unable to initialize libusb: -99
Click to expand...
Click to collapse
Is it the address at [email protected]? . .
G731882624 said:
Is it the address at [email protected]? . .
Click to expand...
Click to collapse
Got it! Thank you so much! This is super helpful!!!
how to root ?any one can help?
feng.zh.cfo said:
how to root ?any one can help?
Click to expand...
Click to collapse
It should be as easy as unlocking the bootloader and trying magisk through Magisk Manager on the boot.img from the OTA (which I put at http://NewAndroidbook.com/ddb/Mi11/OTA). Let me know if you need help with that.
feng.zh.cfo said:
how to root ?any one can help?
Click to expand...
Click to collapse
I am rooted, very simple
G731882624 said:
I am rooted, very simple
Click to expand...
Click to collapse
I have unlocked the bootloader, what should I do?Can you give me detailed steps, thank you!
I have unlocked the bootloader, what should I do?Can you give me detailed steps, thank you!
morpheus______ said:
It should be as easy as unlocking the bootloader and trying magisk through Magisk Manager on the boot.img from the OTA (which I put at http://NewAndroidbook.com/ddb/Mi11/OTA). Let me know if you need help with that.
Click to expand...
Click to collapse
I have unlocked the bootloader, what should I do?Can you give me detailed steps, thank you!
morpheus______ said:
It should be as easy as unlocking the bootloader and trying magisk through Magisk Manager on the boot.img from the OTA (which I put at http://NewAndroidbook.com/ddb/Mi11/OTA). Let me know if you need help with that.
Click to expand...
Click to collapse
I have unlocked the bootloader, what should I do?Can you give me detailed steps, thank you!
morpheus______ said:
Got it! Thank you so much! This is super helpful!!!
Click to expand...
Click to collapse
I'm rooted, I will do the un-debugged part later
127|venus:/data/local/tmp # ./bindump
Usage: bindump [-h|-?]
bindump [ns] list
bindump [ns] check SERVICE
bindump [ns] call SERVICE [i32 N | i64 N | s16 STR ] ...
bindump [ns] users SERVICE # As per my 'bindump' tool (try 'all' for SERVICE)
bindump [ns] dump SERVICE # As per 'dumpsys' tool
Where: [ns] is optionally 'binder' (default), 'hwbinder' or 'vndbinder'
Bindump, Dumpsys, Service & more - v0.1 - By Jonathan Levin
This tool is part of the resources for 'Android Internals', Volume II
Free for non-commercial use at http://NewAndroidBook.com/
用于商业用途(和纯C活页夹库)mail://[email protected]
I don’t know how to enter next to get debugging information
127|venus:/data/local/tmp # ./bindump users all
venus:/data/local/tmp #
For example, he has no output
G731882624 said:
127|venus:/data/local/tmp # ./bindump users all
venus:/data/local/tmp #
For example, he has no output
Click to expand...
Click to collapse
That happens if debugs is not mounted
mount -t debugfs none /sys/kernel/debug
fixes problem