[RECOVERY][v500] TWRP 2.8.6.0 - No loki needed - G Pad 8.3 Original Android Development

Team Win Recovery Project 2.x, or twrp2 for short, is a custom recovery built with ease of use and customization in mind. Its a fully touch driven user interface no more volume rocker or power buttons to mash. The GUI is also fully XML driven and completely theme-able. You can change just about every aspect of the look and feel.
TWRP 2.8.6.0 Changelog: http://teamw.in/site/update/2015/03/26/twrp-2.8.6.0-released.html
Why another thread of TWRP?
This build of TWRP doesn't need loki to bypass the bootloader, and it works with both 4.2 and 4.4 bootloaders. It also has the advantage that when you boot the device into recovery it doesn't show that nasty bootloader warning. The kernel in this build is based on cm-12.1 official, but it has the backlight adapted for 4.4 bootloader. You can also use it with a 4.2 bootloader, but you'll probably have brightness issues.
Image: https://www.androidfilehost.com/?fid=95916177934551824
Flashable zip: https://www.androidfilehost.com/?fid=95916177934551825
Install instructions: flash the zip from recovery or install the image using THIS APP (needs root).
XDA:DevDB Information
TWRP v500, Tool/Utility for the LG G Pad 8.3
Contributors
jsevi83
Source Code: https://github.com/awifi-dev/twrp_device_lge_v500
Version Information
Status: Stable
Created 2015-04-07
Last Updated 2015-04-30

Thanks! Working so far...

This is very cool. How does Bump work? Is Bump a utility, similar to loki?
Are you using Open Bump?
http://forum.xda-developers.com/lg-g2/orig-development/tool-bump-sign-boot-images-t2950595

Deltadroid said:
This is very cool. How does Bump work? Is Bump a utility, similar to loki?
Are you using Open Bump?
http://forum.xda-developers.com/lg-g2/orig-development/tool-bump-sign-boot-images-t2950595
Click to expand...
Click to collapse
Open Bump. It's just a python script. As you can see, it's very easy to implement, I think every custom rom/recovery should be using this.
This is how I added it to my recovery repo: https://github.com/awifi-dev/twrp_device_lge_v500/commit/090f1930fe5b0feaada35b6ba1abc5cbd05a8f72
This is how I added it to my cm repo: https://github.com/awifi-dev/androi...mmit/7a8418e656cbc0862a23e3a95ece02cd3c6c277d

That is awesome. I see that python script has some magic signing key from lg embedded in it. Does Open Bump require any modifications to work with our device images?
It would be super cool if there was c based version so that I could create a flashable script to remove loki from the boot image and sign with bump to remove that ugly boot loader error message on boot up.
Something I could flash after applying a nightly update. Just like the script I just made for setting the kernel into permissive mode.

I can't seem to flash roms with this.
E: Errror executing updater binary in zip xxxx

@jsevi83
Do you have more commits for v500 to change the cm kernel update system to remove the loki stuff? Great work!
---------- Post added at 12:25 PM ---------- Previous post was at 12:22 PM ----------
Everyone flashing this should realize that your aboot must still be loki exploitable because of the way cm installs it's kernel. I believe that the cm install script calls loki to install the boot.img.

So, this works on stock 20d version with root (Towelroot) and Flashify? I didn't get TWRP with the tons of the methods found here on xda, and also softbricked the tablet.
I will not try again unless this method really works!

Flashify will try to use loki. Don't use that. Use the command line with the dd command.
---------- Post added at 12:30 PM ---------- Previous post was at 12:27 PM ----------
Btw, stock 20d won't work on cm without an exploitable aboot.

ASW1 said:
E: Errror executing updater binary in zip
Click to expand...
Click to collapse
I keep getting this error no matter what ROM I try to flash.
I am basically stuck now with a tablet that will only boot into TWRP 2.8.6, I messed up the system so TWRP is all I have now.
Any suggestions about what to do?
Should I maybe use TWRP to flash CMW and try that instead?
edit: tried flashing CMW but it won't work; even then I get the same error message.
So all I have now is TWRP that fails to flash anything....

ASW1 said:
I keep getting this error no matter what ROM I try to flash.
I am basically stuck now with a tablet that will only boot into TWRP 2.8.6, I messed up the system so TWRP is all I have now.
Any suggestions about what to do?
Should I maybe use TWRP to flash CMW and try that instead?
edit: tried flashing CMW but it won't work; even then I get the same error message.
So all I have now is TWRP that fails to flash anything....
Click to expand...
Click to collapse
See this
http://forum.xda-developers.com/showthread.php?p=48942830
When I softbricked my tablet this solved my problem.

I can confirm that this method works beautifully. Many many thanks to the OP.
I just wanted to also confirm that the current state of the Open Bump project requires the following patch to work properly with v500 kernel parameters.
Code:
--- open_bump.py 2014-11-23 21:56:00.000000000 +0100
+++ open_bump.v500.py 2015-04-08 21:28:17.098864000 +0200
@@ -27,6 +27,10 @@
# Proof of Concept
POC = False
+if POC:
+ from Crypto.Cipher import AES
+ import hashlib
+
usage = """\
Usage: open_bump.py [-ha] "<image_file>" "<output_image>"
@@ -35,22 +39,29 @@
-a/--apend image_file - <required> if in append mode, the <image_file> is appended rather than <output_file> being generated\
"""
+lg_key = "b5e7fc2010c4a82d6d597ba040816da7832e0a5679c81475a0438447b711140f"
+lg_iv = "[email protected]|[email protected]"
lg_magic = "41a9e467744d1d1ba429f2ecea655279"
+lg_dec_magic = "696e6877612e77651000000047116667"
-def get_kernel_size(image_name):
- page_size = get_page_size(image_name)
- f_image = open(image_name, 'a+b')
- paged_kernel_size = get_size_from_kernel(f_image, page_size, 8)
- paged_ramdisk_size = get_size_from_kernel(f_image, page_size, 16)
- paged_second_size = get_size_from_kernel(f_image, page_size, 24)
- if paged_second_size <= 0:
- paged_second_size = 0
- paged_dt_size = get_size_from_kernel(f_image, page_size, 40)
- if paged_dt_size <= 0:
- paged_dt_size = 0
- f_image.close()
- return page_size + paged_kernel_size + paged_ramdisk_size + paged_second_size + paged_dt_size
+def generate_signature(image_hash):
+ # the iv and key were extracted from the lg g2 aboot.img. I can explain how to find it on request.
+ iv = lg_iv
+ key = binascii.unhexlify(lg_key)
+ # this "magic" number was found after decrypting the bumped images
+ # Without codefire, this would not have been possible as I can find no reference in
+ # the images of the g2 or the g3
+ magic = binascii.unhexlify(lg_magic)
+ image_hash = binascii.unhexlify(image_hash) # insert your hash here
+ # the structure of the signature in bump starts with a magic number, then seemingly random
+ # bytes. 2 zeros follow, then the hash of the image, then 6 zeros, then 512 bytes of random data again
+ data = magic + os.urandom(16) + '\x00'*2 + image_hash + '\x00'*6 + os.urandom(512)
+ # this is then padded to fill the needed 1024 bytes
+ padded_data = data + '\x00'*(1024-len(data))
+ # AES-256 is then used to encrypt the above data
+ cipher = AES.new(key, AES.MODE_CBC, iv)
+ return cipher.encrypt(padded_data)
def bumped(image_data):
@@ -80,10 +91,18 @@
image_size = os.path.getsize(image_name)
num_pages = image_size / page_size
- calculated_size = get_kernel_size(image_name)
-
f_image = open(image_name, 'a+b')
+ paged_kernel_size = get_size_from_kernel(f_image, page_size, 8)
+ paged_ramdisk_size = get_size_from_kernel(f_image, page_size, 16)
+ paged_second_size = get_size_from_kernel(f_image, page_size, 24)
+ if paged_second_size <= 0:
+ paged_second_size = 0
+ paged_dt_size = get_size_from_kernel(f_image, page_size, 40)
+ if paged_dt_size <= 0:
+ paged_dt_size = 0
+ calculated_size = page_size + paged_kernel_size + paged_ramdisk_size + paged_second_size + paged_dt_size
+
if calculated_size > image_size:
print("Invalid image: %s: calculated size greater than actual size" % image_name)
f_image.close()
@@ -91,8 +110,7 @@
if image_size > calculated_size:
difference = image_size - calculated_size
if difference not in [page_size, page_size*2]:
- if difference not in [1024, page_size + 1024, 2 * page_size + 1024,
- 16, page_size + 16, 2 * page_size + 16]:
+ if difference not in [1024, page_size + 1024, 2 * page_size + 1024]:
print("Image already padded. Attempting to remove padding...")
print("Beware: this may invalidate your image.")
i = num_pages - 1
@@ -128,7 +146,11 @@
print("Image already bumped")
finish(out_image)
pad_image(out_image)
- magic = binascii.unhexlify(lg_magic)
+ if POC:
+ sha1sum = get_sha1(out_image)
+ magic = generate_signature(sha1sum)
+ else:
+ magic = binascii.unhexlify(lg_magic)
with open(out_image, 'a+b') as f_out_image:
f_out_image.write(magic)
finish(out_image)

ASW1 said:
I keep getting this error no matter what ROM I try to flash.
I am basically stuck now with a tablet that will only boot into TWRP 2.8.6, I messed up the system so TWRP is all I have now.
Click to expand...
Click to collapse
Something else I noticed after a failed flash:
"assert failed: run_program("/tmp/loki/sh") == 0
(I did use flashify to install 2.8.6.0)

Fyi for those new to bump... (I have a g3, been with it from the beginning). Bump rom flashing requires the rom zip boot (kernel) to be bumped. All rom developers will need to adopt this if we are going to switch from loki to bump. All current lp builds for other lg devices do not have "bumpable" bootloaders due to bump being open sourced (cooperation with lg failed with its open release and they patched it), so once the lp updates become standard, the jb boots may cause problems for aosp while the kk one is working, so this will likely be the preferred method for us down the road, but all new roms will need to be updated accordingly. I can already see this is going to get messy for many that aren't up to speed, and some new guides will need to be made once we get the methods working.

annoyingduck said:
Fyi for those new to bump... (I have a g3, been with it from the beginning). Bump rom flashing requires the rom zip boot (kernel) to be bumped. All rom developers will need to adopt this if we are going to switch from loki to bump. All current lp builds for other lg devices do not have "bumpable" bootloaders due to bump being open sourced (cooperation with lg failed with its open release and they patched it), so once the lp updates become standard, the jb boots may cause problems for aosp while the kk one is working, so this will likely be the preferred method for us down the road, but all new roms will need to be updated accordingly. I can already see this is going to get messy for many that aren't up to speed, and some new guides will need to be made once we get the methods working.
Click to expand...
Click to collapse
Officially, cm will never adopt this method because of the keys that it contains. But, my goal is to make a flashable zip that will automatically convert a loki kernel to a bumped kernel.
We just need to convert this python script to a standalone c application so that I can package it.
---------- Post added at 10:45 AM ---------- Previous post was at 10:30 AM ----------
ASW1 said:
Something else I noticed after a failed flash:
"assert failed: run_program("/tmp/loki/sh") == 0
(I did use flashify to install 2.8.6.0)
Click to expand...
Click to collapse
You still need to have a loki exploitable aboot to install official CyanogenMod.

@Deltadroid: you told us to not use flashify to update twrp... so best method is flash twrp-(bump edition) inside twrp (loki edition)?
and then flash only bump compliant rom? (like euphoria-os, sure other dev will convert their rom to this new method, except CM official build as you mentioned earlier)

odjinan said:
@Deltadroid: you told us to not use flashify to update twrp... so best method is flash twrp-(bump edition) inside twrp (loki edition)?
and then flash only bump compliant rom? (like euphoria-os, sure other dev will convert their rom to this new method, except CM official build as you mentioned earlier)
Click to expand...
Click to collapse
If you already have a custom recovery installed, then the safest method is to use the flashable zip to install the bumped version of twrp. Just flash it in your recovery to install the new bumped recovery.
If you don't have a custom recovery installed yet, but you have root, then you can use the dd command to flash the boot image to your boot partition.
---------- Post added at 02:12 PM ---------- Previous post was at 01:21 PM ----------
The ROMs you flash don't need to be "bump compliant" if you have a loki exploitable aboot.

thank for the quick reply!
I flashed the zip version from OP and it working well. No more alert on boot screen~

annoyingduck said:
Fyi for those new to bump... (I have a g3, been with it from the beginning). Bump rom flashing requires the rom zip boot (kernel) to be bumped. All rom developers will need to adopt this if we are going to switch from loki to bump. All current lp builds for other lg devices do not have "bumpable" bootloaders due to bump being open sourced (cooperation with lg failed with its open release and they patched it), so once the lp updates become standard, the jb boots may cause problems for aosp while the kk one is working, so this will likely be the preferred method for us down the road, but all new roms will need to be updated accordingly. I can already see this is going to get messy for many that aren't up to speed, and some new guides will need to be made once we get the methods working.
Click to expand...
Click to collapse
The best option would be to use kitkat bootloader and bump for all custom roms and recoveries. It's very easy, I already shared the commits needed to implement this, and I could make a flashable zip with kitkat bootloader so everyone can easily install it.
Deltadroid said:
Officially, cm will never adopt this method because of the keys that it contains. But, my goal is to make a flashable zip that will automatically convert a loki kernel to a bumped kernel.
We just need to convert this python script to a standalone c application so that I can package it.
---------- Post added at 10:45 AM ---------- Previous post was at 10:30 AM ----------
You still need to have a loki exploitable aboot to install official CyanogenMod.
Click to expand...
Click to collapse
That's not true, some LG devices like v400 already use bump in CyanogenMod (officially), check this:
https://github.com/CyanogenMod/andr...mmit/6a647d5664df1bada7d1a36abe8faad79e0096cb
If they have it we could also get it.

Deltadroid said:
I can confirm that this method works beautifully. Many many thanks to the OP.
I just wanted to also confirm that the current state of the Open Bump project requires the following patch to work properly with v500 kernel parameters.
Code:
--- open_bump.py 2014-11-23 21:56:00.000000000 +0100
+++ open_bump.v500.py 2015-04-08 21:28:17.098864000 +0200
@@ -27,6 +27,10 @@
# Proof of Concept
POC = False
+if POC:
+ from Crypto.Cipher import AES
+ import hashlib
+
usage = """\
Usage: open_bump.py [-ha] "<image_file>" "<output_image>"
@@ -35,22 +39,29 @@
-a/--apend image_file - <required> if in append mode, the <image_file> is appended rather than <output_file> being generated\
"""
+lg_key = "b5e7fc2010c4a82d6d597ba040816da7832e0a5679c81475a0438447b711140f"
+lg_iv = "[email protected]|[email protected]"
lg_magic = "41a9e467744d1d1ba429f2ecea655279"
+lg_dec_magic = "696e6877612e77651000000047116667"
-def get_kernel_size(image_name):
- page_size = get_page_size(image_name)
- f_image = open(image_name, 'a+b')
- paged_kernel_size = get_size_from_kernel(f_image, page_size, 8)
- paged_ramdisk_size = get_size_from_kernel(f_image, page_size, 16)
- paged_second_size = get_size_from_kernel(f_image, page_size, 24)
- if paged_second_size <= 0:
- paged_second_size = 0
- paged_dt_size = get_size_from_kernel(f_image, page_size, 40)
- if paged_dt_size <= 0:
- paged_dt_size = 0
- f_image.close()
- return page_size + paged_kernel_size + paged_ramdisk_size + paged_second_size + paged_dt_size
+def generate_signature(image_hash):
+ # the iv and key were extracted from the lg g2 aboot.img. I can explain how to find it on request.
+ iv = lg_iv
+ key = binascii.unhexlify(lg_key)
+ # this "magic" number was found after decrypting the bumped images
+ # Without codefire, this would not have been possible as I can find no reference in
+ # the images of the g2 or the g3
+ magic = binascii.unhexlify(lg_magic)
+ image_hash = binascii.unhexlify(image_hash) # insert your hash here
+ # the structure of the signature in bump starts with a magic number, then seemingly random
+ # bytes. 2 zeros follow, then the hash of the image, then 6 zeros, then 512 bytes of random data again
+ data = magic + os.urandom(16) + '\x00'*2 + image_hash + '\x00'*6 + os.urandom(512)
+ # this is then padded to fill the needed 1024 bytes
+ padded_data = data + '\x00'*(1024-len(data))
+ # AES-256 is then used to encrypt the above data
+ cipher = AES.new(key, AES.MODE_CBC, iv)
+ return cipher.encrypt(padded_data)
def bumped(image_data):
@@ -80,10 +91,18 @@
image_size = os.path.getsize(image_name)
num_pages = image_size / page_size
- calculated_size = get_kernel_size(image_name)
-
f_image = open(image_name, 'a+b')
+ paged_kernel_size = get_size_from_kernel(f_image, page_size, 8)
+ paged_ramdisk_size = get_size_from_kernel(f_image, page_size, 16)
+ paged_second_size = get_size_from_kernel(f_image, page_size, 24)
+ if paged_second_size <= 0:
+ paged_second_size = 0
+ paged_dt_size = get_size_from_kernel(f_image, page_size, 40)
+ if paged_dt_size <= 0:
+ paged_dt_size = 0
+ calculated_size = page_size + paged_kernel_size + paged_ramdisk_size + paged_second_size + paged_dt_size
+
if calculated_size > image_size:
print("Invalid image: %s: calculated size greater than actual size" % image_name)
f_image.close()
@@ -91,8 +110,7 @@
if image_size > calculated_size:
difference = image_size - calculated_size
if difference not in [page_size, page_size*2]:
- if difference not in [1024, page_size + 1024, 2 * page_size + 1024,
- 16, page_size + 16, 2 * page_size + 16]:
+ if difference not in [1024, page_size + 1024, 2 * page_size + 1024]:
print("Image already padded. Attempting to remove padding...")
print("Beware: this may invalidate your image.")
i = num_pages - 1
@@ -128,7 +146,11 @@
print("Image already bumped")
finish(out_image)
pad_image(out_image)
- magic = binascii.unhexlify(lg_magic)
+ if POC:
+ sha1sum = get_sha1(out_image)
+ magic = generate_signature(sha1sum)
+ else:
+ magic = binascii.unhexlify(lg_magic)
with open(out_image, 'a+b') as f_out_image:
f_out_image.write(magic)
finish(out_image)
Click to expand...
Click to collapse
so for a bumped kernel to work we need to use your modified version of the script?
i still dont get the concept

Related

[DEV] Kernel Injector

I was teaching myself CM7 kernel build process yesterday (more here) and stumbled across AnyKernel. Big thanks to Koush! However whatever I tried I was not able to get rid of segmentation fault error in unpackbootimg. But I liked the AnyKernel idea so much that I cooked up my own version of it. Lets call it Kernel Injector. Whenever you want to deploy your kernel image you don't have to mess around with read-split-merge-write-boot-image procedure any more. This is all done by the update script now:
Code:
ui_print("");
ui_print("Kernel Injector by Aprold");
mount("ext4", "EMMC", "/dev/block/mmcblk0p8", "/system");
ui_print("Extracting files...");
package_extract_file("zImage", "/tmp/zImage");
package_extract_dir("modules", "/system/lib/modules");
package_extract_file("kinjector", "/tmp/kinjector");
set_perm(0, 0, 0777, "/tmp/kinjector");
ui_print("Injecting kernel...");
assert(run_program("/system/bin/dd", "if=/dev/block/mmcblk0p3", "of=/tmp/boot.img")=="0");
assert(run_program("/tmp/kinjector", "/tmp/boot.img", "/tmp/zImage", "/tmp/boot.new")=="0");
assert(run_program("/system/bin/dd", "if=/tmp/boot.new", "of=/dev/block/mmcblk0p3")=="0");
unmount("/system");
ui_print("Done!");
Boot image is read and written using system's own dd. Combining kernel image with existing ramdisk is the job for kinjector:
Code:
/* Kernel Injector by Aprold */
#include <stdio.h>
#include <stdlib.h>
#include <memory.h>
int main(int argc, char **argv) {
FILE *in, *out;
unsigned char *header_buf, *kernel_buf, *ramdisk_buf;
unsigned page_size, *kernel_size, kernel_buf_size, ramdisk_size, ramdisk_buf_size;
if (argc < 3) {
printf("Usage: %s <existing boot image> <new kernel image> [new boot image]\n", argv[0]);
return 1;
}
// open existing boot image for reading header and ramdisk from there
if (in = fopen(argv[1], "rb")) {
// get page size from input file
fseek(in, 36, SEEK_SET);
fread(&page_size, sizeof(page_size), 1, in);
fseek(in, 0, SEEK_SET);
// read header
header_buf = (unsigned char*)malloc(page_size);
fread(header_buf, page_size, 1, in);
// get kernel and ramdisk sizes from header
kernel_size = (unsigned*)header_buf + 2;
ramdisk_size = *((unsigned*)header_buf + 4);
// read ramdisk
ramdisk_buf_size = (ramdisk_size / page_size + 1) * page_size;
ramdisk_buf = (unsigned char*)malloc(ramdisk_buf_size);
fseek(in, (*kernel_size / page_size + 2) * page_size, SEEK_SET);
fread(ramdisk_buf, ramdisk_buf_size, 1, in);
fclose(in);
// open new kernel image
if (in = fopen(argv[2], "rb")) {
// get kernel size
fseek(in, 0, SEEK_END);
*kernel_size = ftell(in);
fseek(in, 0, SEEK_SET);
// read kernel
kernel_buf_size = (*kernel_size / page_size + 1) * page_size;
kernel_buf = (unsigned char*)malloc(kernel_buf_size);
fread(kernel_buf, *kernel_size, 1, in);
memset(kernel_buf + *kernel_size, 0, kernel_buf_size - *kernel_size);
// frite new boot image
out = fopen(argv[argc > 3 ? 3 : 1], "wb");
fwrite(header_buf, page_size, 1, out);
fwrite(kernel_buf, kernel_buf_size, 1, out);
fwrite(ramdisk_buf, ramdisk_buf_size, 1, out);
fclose(out);
free(kernel_buf);
}
else {
printf("Failed to open kernel image %s\n", argv[2]);
return 2;
}
free(header_buf);
free(ramdisk_buf);
}
else {
printf("Failed to open boot image %s\n", argv[1]);
return 1;
}
return 0;
}
Compile it like that:
Code:
/usr/bin/arm-linux-gnueabi-gcc -static -o kinjector kinjector.c
Included is an update.zip which you can use as a reference for your own script. Tested with my phone and I even managed to not brick it.
All comments and suggestions are most welcome!
- Aprold
Nice.
You succeeded where I have failed.
Here was the template I was trying to have working for eMMC devices:
http://dl.dropbox.com/u/13427114/AnyKernel-OB-test.7z
knzo said:
Here was the template I was trying to have working for eMMC devices
Click to expand...
Click to collapse
unpackbootimg from there works just fine. If I had found this working binary before I probably would not have written my own. Still, I'm happy that I did.
Good work dudes!
But the question is... if you want to do changes to ramdisk too? Would Anykernel method be able to get rid of it?
Regards.
Huexxx said:
Would Anykernel method be able to get rid of it?
Click to expand...
Click to collapse
Do you mean replacing kernel and/or ramdisk inside boot image? I must say, I don't know much about ramdisk yet, but it would be simple task to update kinjector to allow both parts replaced. However, then I must change the name of the tool to binjector
Hi,
the question is (I can try by myself, but I've no time ATM), apart from zImage, does the script extract the ramdisk into a folder?
If in the process the ramdisk is extracted, it's possible to make mods to the files with the updater-script.
Regards.
The purpose of AnyKernel (and this kernel injector) is to maximize compatibility by only flashing the zImage and keeping the ramdisk out of it. For this, during the flash process it will unpack boot.img into ramdisk + zImage and replace the latter. But of course, it's possible to change the script to also replace files in the ramdisk (such as init.rc) - at least in AnyKernel - but it somewhat defeats the whole purpose of it.
Huexxx said:
does the script extract the ramdisk into a folder?
Click to expand...
Click to collapse
Yes, unpackbootimg does. But inside extracted compressed ramdisk file there is a ramdisk image. I don't see how you can modify this with update-script.

[Q] How to modify a file in \system\etc?

Hello,
I would like to modify the file \system\etc\srs_processing.cfg
Specifically, change this below:
//=-=-=-=-=-=-=-=-=-=-=-=-
//BLOCK: (srs_route_out) Routing - Output Device Routing
//=-=-=-=-=-=-=-=-=-=-=-=-
//INFO: srs_route_out:routing_info = 0 = int, 1 = ext, -1 = disallow srs processing, -2 = int dsp, -3 = ext dsp // Routing Values
srs_route_out:wired_headset = 1 // DEVICE_OUT_WIRED_HEADSET -
srs_route_out:wired_headphone = 1 // DEVICE_OUT_WIRED_HEADPHONE -
To:
//=-=-=-=-=-=-=-=-=-=-=-=-
//BLOCK: (srs_route_out) Routing - Output Device Routing
//=-=-=-=-=-=-=-=-=-=-=-=-
//INFO: srs_route_out:routing_info = 0 = int, 1 = ext, -1 = disallow srs processing, -2 = int dsp, -3 = ext dsp // Routing Values
srs_route_out:wired_headset = -1 // DEVICE_OUT_WIRED_HEADSET -
srs_route_out:wired_headphone = -1 // DEVICE_OUT_WIRED_HEADPHONE -
Note the change in BOLD
Can this change be done with rooted stock without having the device reset?
A local.prop file for instance?
Thank you!
I don't think so. But I explain how to modify system files safely on rooted stock in my HD/HD+ stock tips thread linked in my signature. See item 15.
Sent from my Nook HD+ running CM10.1 on emmc.
leapinlar said:
I don't think so. But I explain how to modify system files safely on rooted stock in my HD/HD+ stock tips thread linked in my signature. See item 15.
Sent from my Nook HD+ running CM10.1 on emmc.
Click to expand...
Click to collapse
I understand -- I'll give it try!
Thanks!

/EFS Corrupted Partition Problem(Solved)

Greetings;
I've been wrestling with EFS & DM-Verity problem on my SM-T713 for a week now to no avail!
I've tried almost every solution/info from Google search to no avail.
My Tab can get to "Download & Recovery(Custom or Oem) mode with no problem
but any Firmware flash from odin wind up with "Samsung" bootloop!
And if I flash stock firmware, it ends up at Recovery mode with the following error:
"failed to mount /efs (invalid argument) dm-varity verification failed"
Any help is much appreciated.
Thank you.
Just factory reset in recovery. does that help?
Lightn1ng said:
Just factory reset in recovery. does that help?
Click to expand...
Click to collapse
Hi and thank you for replying.
BTW, I enjoy your rom bro, thanks for all the time you put in man.
I tried everything to no avail. I think I know how to resolve it but my know how
is probably limited to work it through! If that make any sense!
I first need to know the exact name of the "EFS Partition" on SM-T713. Then I
need to use the terminal/command line to format it and re-mount it, that should
do it if nothing else is a problem.
If you do own the T713, maybe you can help or anyone else reading this and
Thank you for your help.
samteeee said:
Hi and thank you for replying.
BTW, I enjoy your rom bro, thanks for all the time you put in man.
I tried everything to no avail. I think I know how to resolve it but my know how
is probably limited to work it through! If that make any sense!
I first need to know the exact name of the "EFS Partition" on SM-T713. Then I
need to use the terminal/command line to format it and re-mount it, that should
do it if nothing else is a problem.
If you do own the T713, maybe you can help or anyone else reading this and
Thank you for your help.
Click to expand...
Click to collapse
Wiping your EFS is a bad idea, it contains stuff that should truly NEVER be deleted.
I'm going to bed now. I'll try to continue helping in the morning.
This is important: is TWRP working?
Lightn1ng said:
Wiping your EFS is a bad idea, it contains stuff that should truly NEVER be deleted.
I'm going to bed now. I'll try to continue helping in the morning.
This is important: is TWRP working?
Click to expand...
Click to collapse
Ok I'll hold till you get back to me and Yes TWRP working and I have root
but of course I cannot boot to Android. I'll talk to you Tomorrow if you have time
and appreciate your help brother.
samteeee said:
Ok I'll hold till you get back to me and Yes TWRP working and I have root
but of course I cannot boot to Android. I'll talk to you Tomorrow if you have time
and appreciate your help brother.
Click to expand...
Click to collapse
Sounds like an easy fix. Will post the links tomorrow. Cya!
samteeee said:
Ok I'll hold till you get back to me and Yes TWRP working and I have root
but of course I cannot boot to Android. I'll talk to you Tomorrow if you have time
and appreciate your help brother.
Click to expand...
Click to collapse
OK. I'm going to start with a simple fix. Flash the stock firmware, then flash TWRP. Within TWRP, go to Wipe, then tap Format Data. Now, type yes and hit enter. After that, go to Reboot>Recovery. Now, flash this zip by @ashyx:
https://www.androidfilehost.com/?fid=24591000424951049
Reboot and tell me if it works or not
Lightn1ng said:
OK. I'm going to start with a simple fix. Flash the stock firmware, then flash TWRP. Within TWRP, go to Wipe, then tap Format Data. Now, type yes and hit enter. After that, go to Reboot>Recovery. Now, flash this zip by @ashyx:
https://www.androidfilehost.com/?fid=24591000424951049
Reboot and tell me if it works or not
Click to expand...
Click to collapse
Unfortunately I did this yesterday but just to be 100% sure I did it again just
now and got the same result. Right after flashing the stock firmware with odin, it winds up in android
recovery with the following error:
"E: failed to mount /efs (Invalid argument"
" E: DM-Verity failed"!
samteeee said:
Unfortunately I did this yesterday but just to be 100% sure I did it again just
now and got the same result. Right after flashing the stock firmware with odin, it winds up in android
recovery with the following error:
"E: failed to mount /efs (Invalid argument"
" E: DM-Verity failed"!
Click to expand...
Click to collapse
Yes at that point reboot back into download mode and flash twrp, then continue
Lightn1ng said:
Yes at that point reboot back into download mode and flash twrp, then continue
Click to expand...
Click to collapse
Done! Stuck at "Samsung Blinking" !
samteeee said:
Done! Stuck at "Samsung Blinking" !
Click to expand...
Click to collapse
Can you do this from a terminal in TWRP:
cat /proc/last_kmsg > /sdcard/kmsg.log
And send me kmsg.log from your internal storage please
Lightn1ng said:
Can you do this from a terminal in TWRP:
cat /proc/last_kmsg > /sdcard/kmsg.log
And send me kmsg.log from your internal storage please
Click to expand...
Click to collapse
How did you want me to send it to you?!!!
samteeee said:
How did you want me to send it to you?!!!
Click to expand...
Click to collapse
Copy it via USB.
Here you go...........
B - 530547 - VSENSE CX: Vol1=900000,Code1=98, Vol2=1000000,Code2=123
B - 536830 - VSENSE APC0: Vol1=900000,Code1=97, Vol2=1000000,Code2=121
B - 543327 - VSENSE APC1: Vol1=900000,Code1=96, Vol2=1000000,Code2=120
D - 58712 - vsense_init, Delta
B - 565134 - clock_init, Start
D - 640 - clock_init, Delta
B - 565897 - @@ pm power on reason[0x200000080]
B - 569526 - @@ Reset status @sdi[0x7f6e24db]
B - 573979 - @@ Reset status @sbl1[0x0]
B - 579195 - boot_fota_restore_partition, Start
B - 583068 - FOTA restore magic no matching
D - 4148 - boot_fota_restore_partition, Delta
B - 593743 - Image metadata authentication, Start
D - 17598 - Image metadata authentication, Delta
B - 613324 - Load all segments into memory, Start
D - 23454 - Load all segments into memory, Delta
B - 639890 - Hash verification of all segments, Start
D - 11102 - Hash verification of all segments, Delta
D - 63409 - QSEE Image Loaded, Delta - (660012 Bytes)
B - 658281 - Image Load, Start
D - 793 - SEC Image Loaded, Delta - (2048 Bytes)
B - 666699 - sbl1_efs_handle_cookies, Start
D - 884 - sbl1_efs_handle_cookies, Delta
B - 674416 - VSENSE codes wrote into SMEM
B - 678503 - boot_fota_close_hdev, Start
D - 0 - boot_fota_close_hdev, Delta
B - 688842 - Image metadata authentication, Start
D - 17507 - Image metadata authentication, Delta
B - 708423 - Load all segments into memory, Start
D - 2775 - Load all segments into memory, Delta
B - 716079 - Hash verification of all segments, Start
D - 1098 - Hash verification of all segments, Delta
D - 39925 - QHEE Image Loaded, Delta - (99056 Bytes)
B - 731390 - RPM loading is successful.
B - 737551 - Image metadata authentication, Start
D - 17507 - Image metadata authentication, Delta
B - 757254 - Load all segments into memory, Start
D - 6466 - Load all segments into memory, Delta
B - 766800 - Hash verification of all segments, Start
D - 6740 - Hash verification of all segments, Delta
D - 41937 - RPM Image Loaded, Delta - (192712 Bytes)
B - 783270 - Image metadata authentication, Start
D - 17507 - Image metadata authentication, Delta
B - 802882 - Load all segments into memory, Start
D - 49684 - Load all segments into memory, Delta
B - 855616 - Hash verification of all segments, Start
D - 24796 - Hash verification of all segments, Delta
D - 103120 - APPSBL Image Loaded, Delta - (1508364 Bytes)
B - 887977 - QSEE Execution, Start
D - 61 - QSEE Execution, Delta
B - 894687 - SBL1, End
D - 593743 - SBL1, Delta
S - Flash Throughput, 25000 KB/s (2465934 Bytes, 94911 us)
S - DDR Frequency, 931 MHz
S - Core 0 Frequency, 800 MHz
device type 1 = 0x0
device type 2 = 0x0
microusb_clear_register() - reset start
microusb_clear_register() - reset end
device type 1 = 0x0
device type 2 = 0x0
device type 1 = 0x0
device type 2 = 0x0
device type 1 = 0x0
device type 2 = 0x0
Initialization_routine: Already F/G initialized(version:0x1)
device type 1 = 0x0
device type 2 = 0x0
BOOTLOADER VERSION : T713XXU1APG1
check_pit_integrity: invalid pit magic code.(0x0)
B - 509472 - VSENSE CX: Vol1=900000,Code1=99, Vol2=1000000,Code2=123
B - 515755 - VSENSE APC0: Vol1=900000,Code1=98, Vol2=1000000,Code2=121
B - 522312 - VSENSE APC1: Vol1=900000,Code1=97, Vol2=1000000,Code2=120
D - 58682 - vsense_init, Delta
B - 544028 - clock_init, Start
D - 640 - clock_init, Delta
B - 544821 - @@ pm power on reason[0x2000000081]
B - 548542 - @@ Reset status @sdi[0xfb6e24db]
B - 552904 - @@ Reset status @sbl1[0x0]
B - 558211 - boot_fota_restore_partition, Start
B - 562115 - FOTA restore magic no matching
D - 4148 - boot_fota_restore_partition, Delta
B - 572790 - Image metadata authentication, Start
D - 17598 - Image metadata authentication, Delta
B - 592310 - Load all segments into memory, Start
D - 23881 - Load all segments into memory, Delta
B - 619272 - Hash verification of all segments, Start
D - 11102 - Hash verification of all segments, Delta
D - 63775 - QSEE Image Loaded, Delta - (660012 Bytes)
B - 637663 - Image Load, Start
D - 793 - SEC Image Loaded, Delta - (2048 Bytes)
B - 645990 - sbl1_efs_handle_cookies, Start
D - 884 - sbl1_efs_handle_cookies, Delta
B - 653828 - VSENSE codes wrote into SMEM
B - 657824 - boot_fota_close_hdev, Start
D - 0 - boot_fota_close_hdev, Delta
B - 668255 - Image metadata authentication, Start
D - 17507 - Image metadata authentication, Delta
B - 687866 - Load all segments into memory, Start
D - 2806 - Load all segments into memory, Delta
B - 695552 - Hash verification of all segments, Start
D - 1098 - Hash verification of all segments, Delta
D - 40016 - QHEE Image Loaded, Delta - (99056 Bytes)
B - 710802 - RPM loading is successful.
B - 717055 - Image metadata authentication, Start
D - 17507 - Image metadata authentication, Delta
B - 736666 - Load all segments into memory, Start
D - 6588 - Load all segments into memory, Delta
B - 746335 - Hash verification of all segments, Start
D - 6832 - Hash verification of all segments, Delta
D - 42090 - RPM Image Loaded, Delta - (192712 Bytes)
B - 762927 - Image metadata authentication, Start
D - 17507 - Image metadata authentication, Delta
B - 782538 - Load all segments into memory, Start
D - 50599 - Load all segments into memory, Delta
B - 836218 - Hash verification of all segments, Start
D - 24766 - Hash verification of all segments, Delta
D - 104066 - APPSBL Image Loaded, Delta - (1508364 Bytes)
B - 868548 - QSEE Execution, Start
D - 61 - QSEE Execution, Delta
B - 875289 - SBL1, End
D - 595573 - SBL1, Delta
S - Flash Throughput, 25000 KB/s (2465934 Bytes, 96617 us)
S - DDR Frequency, 931 MHz
S - Core 0 Frequency, 800 MHz
device type 1 = 0x4
device type 2 = 0x0
device type 1 = 0x0
device type 2 = 0x0
device type 1 = 0x0
device type 2 = 0x0
device type 1 = 0x0
device type 2 = 0x0
Initialization_routine: Already F/G initialized(version:0x1)
device type 1 = 0x0
device type 2 = 0x0
BOOTLOADER VERSION : T713XXU1APG1
check_pit_integrity: invalid pit magic code.(0x0)
AST_POWERON
device type 1 = 0x0
device type 2 = 0x0
RUSTPROOF : Power on Status 0x0000002000000081
device type 1 = 0x0
device type 2 = 0x0
Gimme a second to decypher that.
---------- Post added at 08:38 AM ---------- Previous post was at 08:35 AM ----------
Hmm... This is very weird - I don't see anything abnormal in that kmsg, just booting.
Are you sure you attempted to boot, then rebooted recovery to get the log?
@ashyx?
Lightn1ng said:
Gimme a second to decypher that.
---------- Post added at 08:38 AM ---------- Previous post was at 08:35 AM ----------
Hmm... This is very weird - I don't see anything abnormal in that kmsg, just booting.
Are you sure you attempted to boot, then rebooted recovery to get the log?
@ashyx?
Click to expand...
Click to collapse
I'll do it again......And send you the log!
Sorry tried twice to paste it here but the
XDA system won't allow me to do it, "Too long", it's 512 kb!
Can I email it to you??
samteeee said:
Sorry tried twice to paste it here but the
XDA system won't allow me to do it, "Too long", it's 512 kb!
Can I email it to you??
Click to expand...
Click to collapse
Yes. Email to [email protected] please thanjs
Lightn1ng said:
Yes. Email to [email protected] please thanjs
Click to expand...
Click to collapse
Sent....
samteeee said:
Sent....
Click to expand...
Click to collapse
Received. Looking over it now.

[KEYLAYOUT] Hungarian keyboard for Droid 4

Hungarian has 9 special characters: áéíóöőúüű. Using this tutorial I remapped the keylayout as follows:
1. 'sym' + 'a' = 'á'
2. 'sym' + 'e' = 'é'
3. 'sym' + 'i' = 'í'
4. 'sym' + 'o' = 'ó'
5. 'sym' + 'u' = 'ú'
6. 'sym' + '7' = 'ü'
7. 'sym' + '8' = 'ű'
8. 'sym' + '9' = 'ö'
9. 'sym' + '0' = 'ő'
Shift & capslock gives you the capital ÁÉÍÓÖŐÚÜŰ, of course. For the changes to take effect, you have to have root access, and replace the following 7 original files in the /system/usr folder to my 7 attached modified files (in zip) using Cyanogenmod / Lineage OS file manager app (or any other root explorer app, e.g. the premium version of File Expert):
1. /system/usr/keylayout/Generic.kl
2. /system/usr/keylayout/omap4-keypad.kl
3. /system/usr/keylayout/qwerty.kl
4. /system/usr/keychars/Generic.kcm
5. /system/usr/keychars/omap4-keypad.kcm
6. /system/usr/keychars/qwerty.kcm
7. /system/usr/keychars/qwerty2.kcm
Don't forget to set the permissions of all the 7 new files using the above mentioned tutorial as follows:
OWNER: READ & WRITE
GROUP: READ
ALL: READ
After that, restart your Droid 4 - you'll have a fully functional HUNGARIAN layout physical keyboard.

Teclast M40 Android 12L

Hi! I managed to get Android 12L running on the Teclast M40 by making some changes to the AOSP source code. A build of the modified AOSP source code can be downloaded from here, but I would not suggest trying it on other devices except the Teclast M40.
I will describe the changes I made to the AOSP source code so that you can reproduce this build.
1. change PRODUCT_SHIPPING_API_LEVEL from 30 to 29 in gsi_release.mk, since the Teclast M40 is shipped with Android 10.
Diff:
diff --git a/target/product/gsi_release.mk b/target/product/gsi_release.mk
index a2a29ed0fc..9a75bf8b3b 100644
--- a/target/product/gsi_release.mk
+++ b/target/product/gsi_release.mk
@@ -34,7 +34,7 @@ PRODUCT_ARTIFACT_PATH_REQUIREMENT_ALLOWED_LIST += \
# GSI should always support up-to-date platform features.
# Keep this value at the latest API level to ensure latest build system
# default configs are applied.
-PRODUCT_SHIPPING_API_LEVEL := 30
+PRODUCT_SHIPPING_API_LEVEL := 29
# Enable dynamic partitions to facilitate mixing onto Cuttlefish
PRODUCT_USE_DYNAMIC_PARTITIONS := true
2. change PRODUCT_CHARACTERISTICS from emulator to tablet in emulator_vendor.mk.
Diff:
diff --git a/target/product/emulator_vendor.mk b/target/product/emulator_vendor.mk
index b9f33abb9a..93ad9482b3 100644
--- a/target/product/emulator_vendor.mk
+++ b/target/product/emulator_vendor.mk
@@ -28,7 +28,7 @@ PRODUCT_PACKAGES += \
DEVICE_PACKAGE_OVERLAYS := device/generic/goldfish/overlay
-PRODUCT_CHARACTERISTICS := emulator
+PRODUCT_CHARACTERISTICS := tablet
PRODUCT_FULL_TREBLE_OVERRIDE := true
3. change EngineBase.cpp, so that fix audioserver crash during startup.
Diff:
diff --git a/services/audiopolicy/engine/common/src/EngineBase.cpp b/services/audiopolicy/engine/common/src/EngineBase.cpp
index 150a9a8e4f..9d5dff6d9f 100644
--- a/services/audiopolicy/engine/common/src/EngineBase.cpp
+++ b/services/audiopolicy/engine/common/src/EngineBase.cpp
@@ -165,16 +165,7 @@ engineConfig::ParsingResult EngineBase::loadAudioPolicyEngineConfig()
android::status_t ret = engineConfig::parseLegacyVolumes(config.volumeGroups);
result = {std::make_unique<engineConfig::Config>(config),
static_cast<size_t>(ret == NO_ERROR ? 0 : 1)};
- } else {
- // Append for internal use only volume groups (e.g. rerouting/patch)
- result.parsedConfig->volumeGroups.insert(
- std::end(result.parsedConfig->volumeGroups),
- std::begin(gSystemVolumeGroups), std::end(gSystemVolumeGroups));
}
- // Append for internal use only strategies (e.g. rerouting/patch)
- result.parsedConfig->productStrategies.insert(
- std::end(result.parsedConfig->productStrategies),
- std::begin(gOrderedSystemStrategies), std::end(gOrderedSystemStrategies));
ALOGE_IF(result.nbSkippedElement != 0, "skipped %zu elements", result.nbSkippedElement);
4. change AudioPolicyManager.cpp, so that fix audioserver crash when headset plugs in.
Diff:
diff --git a/services/audiopolicy/managerdefault/AudioPolicyManager.cpp b/services/audiopolicy/managerdefault/AudioPolicyManager.cpp
index 5a18762967..f3f50f513c 100644
--- a/services/audiopolicy/managerdefault/AudioPolicyManager.cpp
+++ b/services/audiopolicy/managerdefault/AudioPolicyManager.cpp
@@ -5349,15 +5349,7 @@ status_t AudioPolicyManager::checkOutputsForDevice(const sp<DeviceDescriptor>& d
}
if (state == AUDIO_POLICY_DEVICE_STATE_AVAILABLE) {
- // first call getAudioPort to get the supported attributes from the HAL
- struct audio_port_v7 port = {};
- device->toAudioPort(&port);
- status_t status = mpClientInterface->getAudioPort(&port);
- if (status == NO_ERROR) {
- device->importAudioPort(port);
- }
-
- // then list already open outputs that can be routed to this device
+ // first list already open outputs that can be routed to this device
for (size_t i = 0; i < mOutputs.size(); i++) {
desc = mOutputs.valueAt(i);
if (!desc->isDuplicated() && desc->supportsDevice(device)
Tried this just now, it fixed the headset jack and the audio is now properly routed. Thanks!
Is there a way to apply this fix without building another system.img?
I've installed it on my M40 and it works. Unfortunately, ADB no longer will function with it. Drivers are loaded correctly and it will work with any other GSI rom I put on the tablet. With this one, when performing adb devices, it comes up with a blank list.
Edit: Nevermind. Helps if I read more
Hi, I'm trying to get this working on my M40, but I'm not sure how to install.
My device is rooted using Magisk.
I tried flashing via fastboot:
Bash:
fastboot -S 100M flash system system.img
The process completed, but after booting I was still at Android 10.
Any advice?
SapuSeven said:
Hi, I'm trying to get this working on my M40, but I'm not sure how to install.
My device is rooted using Magisk.
I tried flashing via fastboot:
Bash:
fastboot -S 100M flash system system.img
The process completed, but after booting I was still at Android 10.
Any advice?
Click to expand...
Click to collapse
Flash,then switch your device to recovery mode using volume and power buttons, wipe all data and reboot.
There is no GMS on this system, and Bluetooth audio cannot be used, I would like to know how to solve it, thank you
When using this, is there any way to get Magisk and Gapps installed without twrp? As far as I know there is no twrp for Teclast m40 Pro, but this rom installed great.
HisokaRyodan said:
When using this, is there any way to get Magisk and Gapps installed without twrp? As far as I know there is no twrp for Teclast m40 Pro, but this rom installed great.
Click to expand...
Click to collapse
[For_Tablet]_PixelExperience_Plus_treble_arm64_bgN-12.1-20230514-01002-UNOFFICIAL

Categories

Resources