Database Develop

Which partition is equal to /recovery in other android devices?

I am new to Android, want to customize the system follow the tutorials, but found the Note is different to other Android phones:
for other phone, there will be a /proc/mtd and list all the partitions with mount point, but on Note I can only found /proc/fs, with 3 folders: ext4 jbd2 nfsd
and the mount table is like this:
rootfs on / type rootfs (ro,relatime)
...
/dev/block/mmcblk0p9 on /system type ext4
/dev/block/mmcblk0p7 on /cache type ext4
/dev/block/mmcblk0p1 on /efs type ext4
for other devices, e.g., HTC Wildfire, the partition will like below:
mtd1: recovery
mtd3: system"
...
I downloaded the CF-Root flasher, by Chainfire, found basiclly it's flashing a zImage into /dev/block/mmcblk0p5. I mount the partition before flash and seems there is only some picture files there. how can we know the machine will boot to this partition in recovery mode?

nobody knows? so far what I get seems that the phone do not use the /recovery partition, but use same kernel to handle the recovery state. during boot it will search for /system/etc/install-recovery.sh, maybe that will trigger the recovery process?

The Note, like many other Samsung phones, does not use or follow the mtd layout - at all.
Indeed there is a single kernel for both normal boot and recovery. Normal boot uses init.rc script, recovery boot uses recovery.rc script.
There is a "spare" partition that is both called recovery and available, but it isn't used.

The CWM for Ouya project

Well, since i'm not aware of anyone else doing it, and it will be necessary for any real development to occur, I have decided to try porting Clockworkmod Recovery to the Ouya. I am downloading ubuntu right now and I'll start trying to build it from source against our current recovery tonight or tomorrow night depending on how long the setup and prerequisites take.
The reason I'm posting this now, is to solicit help. I've never built CWM before, but XDA has a really great tutorial I'm going to follow, but if anyone here has had experience in the past I'd love some help/tips, and other than that I would like a few brave souls to volunteer and try flashing it on their Ouya when/if I have a build that works on my own.
I'll update this thread with my progress, if I make any, and please let me know if any of you are willing to help in any way.
Update 1:
I have compiled a version of CWM recovery that theoretically should work, but I'm unable to flash it. I have installed flash_image onto the ouya and it works fine, but i normally would have used "flash_image recovery recovery.img" however there is no "recovery" partition on the ouya. This is what I get:
./flash_image recovery recovery.img
error scanning partitions: No such file or directory
Mount reveals the following info:
mount
rootfs / rootfs ro,relatime 0 0
tmpfs /dev tmpfs rw,nosuid,relatime,mode=755 0 0
devpts /dev/pts devpts rw,relatime,mode=600 0 0
proc /proc proc rw,relatime 0 0
sysfs /sys sysfs rw,relatime 0 0
debugfs /sys/kernel/debug debugfs rw,relatime 0 0
none /acct cgroup rw,relatime,cpuacct 0 0
tmpfs /mnt/asec tmpfs rw,relatime,mode=755,gid=1000 0 0
tmpfs /mnt/obb tmpfs rw,relatime,mode=755,gid=1000 0 0
none /dev/cpuctl cgroup rw,relatime,cpu 0 0
/dev/block/platform/sdhci-tegra.3/by-name/APP /system ext4 ro,relatime,user_xatt
r,acl,barrier=1,data=ordered 0 0
/dev/block/platform/sdhci-tegra.3/by-name/CAC /cache ext4 rw,nosuid,nodev,noatim
e,errors=panic,user_xattr,acl,barrier=1,journal_async_commit,nodelalloc,data=wri
teback 0 0
/dev/block/platform/sdhci-tegra.3/by-name/UDA /data ext4 rw,nosuid,nodev,noatime
,errors=panic,user_xattr,acl,barrier=1,journal_async_commit,nodelalloc,data=writ
eback 0 0
/dev/fuse /storage/sdcard0 fuse rw,nosuid,nodev,relatime,user_id=1023,group_id=1
023,default_permissions,allow_other 0 0
This is the script from the OTA update:
#!/system/bin/sh
if ! applypatch -c EMMC:/dev/block/platform/sdhci-tegra.3/by-name/SOS:5906432:f80238c4f4a53888b547e4463fb4751343f23412; then
log -t recovery "Installing new recovery image"
applypatch EMMC:/dev/block/platform/sdhci-tegra.3/by-name/LNX:5277696:5d7013bf98f76199ea5b7d7d8baeb07fa3ad26ff EMMC:/dev/block/platform/sdhci-tegra.3/by-name/SOS f80238c4f4a53888b547e4463fb4751343f23412 5906432 5d7013bf98f76199ea5b7d7d8baeb07fa3ad26ff:/system/recovery-from-boot.p
else
log -t recovery "Recovery image already installed"
fi
but I can't make any sense of it. If anyone can help out i'd much appreciate it...

sonofskywalker3 said:
but I can't make any sense of it. If anyone can help out i'd much appreciate it...
Click to expand...
Click to collapse
This seems to be the magic lines in the update script:
if ! applypatch -c EMMC:/dev/block/platform/sdhci-tegra.3/by-name/SOS:5906432:f80238c4f4a53888b547e4463fb4751343f23412; then
log -t recovery "Installing new recovery image"
applypatch EMMC:/dev/block/platform/sdhci-tegra.3/by-name/LNX:5277696:5d7013bf98f76199ea5b7d7d8baeb07fa3ad26ff EMMC:/dev/block/platform/sdhci-tegra.3/by-name/SOS f80238c4f4a53888b547e4463fb4751343f23412 5906432 5d7013bf98f76199ea5b7d7d8baeb07fa3ad26ff:/system/recovery-from-boot.p
Click to expand...
Click to collapse
I don't know much about the applypatch program. It might just be another script. Since it isn't being called with a "./", I'd imagine it is installed somewhere that the path mentions. Try looking for "applypatch" to see if it is a program or script. In a terminal running on the Ouya, try running "echo $PATH". Hopefully you get a list of directories containing program locations (e.g. /usr/bin/ ...etc). Applypatch might be in one of those directories.
UPDATE 1:
applypatch is a binary, not a script. It is located in /system/bin/
I tried running it without arguments on my Nexus 7 (to see if we would luck out with a nice "usage" message), but for some annoying reason I can't give it execute permissions, even as root. I'll look deeper into the scripts
UPDATE 2:
I need to verify this on my Ouya, but from the updater-script in the latest OTA, the kernel partition is /dev/block/platform/sdhci-tegra.3/by-name/LNX (I'm going out on a limb here boys, but I think LNX stands for Linux, aka, our kernel, lol).
UPDATE 3:
Seems like the recovery partition is /dev/block/platform/sdhci-tegra.3/by-name/SOS
I don't know much about the details of "applypatch", but the recovery script you posted above seems to first check to see if the recovery partition hashes to f80238c4f4a53888b547e4463fb4751343f23412 (the hash of the latest and greatest recovery). If it doesn't, then we flash the latest recovery, which from the looks of it consists of the kernel (in LNX) with a patch applied to it from recovery-from-boot.p (another mess of binary). In other words, it looks like they build a recovery from the existing kernel, as the name "recovery-from-boot" implies (the kernel is packaged in a file called boot.img).
Long story short, it looks like you can write to the block device /dev/block/platform/sdhci-tegra.3/by-name/SOS to write a new recovery. Aka, in a hacked version of the OTA script, include the line
package_extract_file("recovery.img", "/dev/block/platform/sdhci-tegra.3/by-name/SOS");
where recovery.img is the name of your new recovery. They did something very similar to the kernel (LNX). I'm pretty sure that the correct way to do something like this is to use "dd" after verifying the image is correct (by running a hash against the image). I'm not sure why the Ouya team is using package_extract_file() instead of dd. I'm not in front of my Ouya though, LNX and SOS could be folders rather than block devices (although /dev/block seems to imply otherwise).
You can remove most of the other lines in the script that install the actual OTA update files. If you need help, let me know. I can make a custom update-script for you.
WARNING!!!!!!!! The above is just my take on things from looking at the scripts for 20 minutes. This could total brick your device if your recovery isn't of the right format or is not correctly built. Don't say I didn't warn ya.
You might want to read off the contents of the SOS to compare in a hex editor to your recovery. We might find out some things that would prevent a brick.
Sent from my Nexus 7 using xda premium

Thank you for all your detailed information. I assumed that if my cwm recovery build failed I could just flash the boot.img from the ota and restore it, but it sounds like that might not be correct if the update is dependent on a hashed, preexisting recovery/kernel. I used the boot.img from the ota to build the recovery at http://builder.clockworkmod.com/ and it showed successful and gave me these four files:
https://dl.dropboxusercontent.com/u/7653846/Archive.zip
So to test, should I be able to flash_image /dev/block/platform/sdhci-tegra.3/by-name/SOS recovery.img?
my concern is that particular block doesn't show up on a mount command...

sonofskywalker3 said:
Thank you for all your detailed information. I assumed that if my cwm recovery build failed I could just flash the boot.img from the ota and restore it, but it sounds like that might not be correct if the update is dependent on a hashed, preexisting recovery/kernel. I used the boot.img from the ota to build the recovery at http://builder.clockworkmod.com/ and it showed successful and gave me these four files:
https://dl.dropboxusercontent.com/u/7653846/Archive.zip
So to test, should I be able to flash_image /dev/block/platform/sdhci-tegra.3/by-name/SOS recovery.img?
my concern is that particular block doesn't show up on a mount command...
Click to expand...
Click to collapse
I'm putting together an zip to flash in the stock recovery. This way we mimic what the stock updates do to flash over partitions.
I'm reading http://forums.ouya.tv/discussion/1380/recovery-mode right now in order to figure out how to get into the stock recovery.
One thing that I noticed is that I think your recovery is slightly larger than the stock one. I'm not sure how large SOS is, but I wouldn't want to flash over adjacent blocks (i.e. write out of bounds).

Makes sense. You must know something I don't if you can get it to flash in stock recovery... I tried simply adding files to the ota zip and flashing it and it failed.

sonofskywalker3 said:
Makes sense. You must know something I don't if you can get it to flash in stock recovery... I tried simply adding files to the ota zip and flashing it and it failed.
Click to expand...
Click to collapse
It probably doesn't work because the update.zip we're using is signed.
Just a thought, but an easier way to go, albeit dangerous, is to do the following. You need root access over adb to do this. Using dd is VERY dangerous. THIS MIGHT NOT WORK. We need to make sure that what we are writing to (/dev/block/platform/sdhci-tegra.3/by-name/SOS) is truly the block device containing the recovery partition or else this might brick the Ouya. In the past, I've seen recovery written to /dev/block/mmcblk0pX, where X is the recovery partition for the particular device. I'm not much of a tegra guy. I know more about Samsung's stuff.
1) place the recovery.img on your ouya (let's say in /sdcard/recovery.img)
2) open a terminal running on your Ouya (over adb would probably be best, e.g. "adb shell")
3) enter a root shell, type "su"
4) make a backup of your existing recovery partition with "dd if=/dev/block/mmcblk0p1 of=/sdcard/origRecovery.img"
5) write the new recovery to the recovery partition with "dd if=/sdcard/recovery.img of=/dev/block/mmcblk0p1"
6) perform the following from user mbm in the Ouya forums to get into recovery (thread http://forums.ouya.tv/discussion/1380/recovery-mode)
This is a hack, an unintended sequence of events that results in recovery mode; what you need to do is crash the startup using sysrq.
For this you'll need a usb keyboard with the sysrq key, this is usually the printscreen button if your keyboard isn't labeled. As the OUYA starts to boot, hold down the alt-sysrq keys and press i, wait a few seconds and then repeat. This key combination is kill-all-tasks; thanks to whoever left this enabled in the kernel. Each time you kill the tasks the init process will restart them, after about 5 or 6 times init will print a warning on the console that one of the processes marked critical has been restarted too many times -- this then triggers an automatic reboot into recovery mode.
Unfortunately it's not always obvious when the ouya is in recovery mode. You might get screen with the ouya logo and a large red exclamation mark, or the screen might be entirely black; usually I got a black screen. Press the home button on the keyboard to bring up the recovery menu; it's actually a toggle so feel free to press the home button repeatedly until you see the menu since the timing isn't otherwise obvious.
Click to expand...
Click to collapse
There are two big unknowns here:
1) We don't know for sure that the new recovery (CWM) will actually work
2) We don't know for sure that /dev/block/platform/sdhci-tegra.3/by-name/SOS is the correct place to be writing a recovery
I'll see what I can dig up regarding /dev/block/platform/sdhci-tegra.3/by-name/SOS
---------- Post added at 02:53 PM ---------- Previous post was at 02:30 PM ----------
/dev/block/platform/sdhci-tegra.3/by-name/SOS is a link to /dev/block/mmcblk0p1
So far, it appears that the layout is the following:
Kernel (boot.img) is mmcblk0p2
Recovery is mmcblk0p1
System is mmcblk0p3
Sent from my SCH-I535 using xda premium
---------- Post added at 02:56 PM ---------- Previous post was at 02:53 PM ----------
I would imagine that if the recovery partition really is SOS, then the above steps would work if you could run them as root.
Sent from my SCH-I535 using xda premium

Some definite info:
SOS is recovery
OUYA firmware updates patches the boot partition on the fly (binary patching) - silly and error prone, but *shrug*. Don't need apply patch at all. dd is fine
It's much safer to use 'fastboot boot recovery.img' while in fastboot mode. This allows loading recovery or boot.img's into ram and execute them from there. Once that works 100%, you can flash it to SOS.
As most people already know, it's not possible to force the device into recovery. It has to be done with something like 'adb reboot recovery'.

mybook4 said:
I'm putting together an zip to flash in the stock recovery. This way we mimic what the stock updates do to flash over partitions.
I'm reading http://forums.ouya.tv/discussion/1380/recovery-mode right now in order to figure out how to get into the stock recovery.
One thing that I noticed is that I think your recovery is slightly larger than the stock one. I'm not sure how large SOS is, but I wouldn't want to flash over adjacent blocks (i.e. write out of bounds).
Click to expand...
Click to collapse
It's 8MB. If you dd to the block device (e.g. mmcblk0p1), you can't write out of bounds. The linux kernel knows the size and refuses it.

rayman said:
Some definite info:
SOS is recovery
OUYA firmware updates patches the boot partition on the fly (binary patching) - silly and error prone, but *shrug*. Don't need apply patch at all. dd is fine
It's much safer to use 'fastboot boot recovery.img' while in fastboot mode. This allows loading recovery or boot.img's into ram and execute them from there. Once that works 100%, you can flash it to SOS.
As most people already know, it's not possible to force the device into recovery. It has to be done with something like 'adb reboot recovery'.
Click to expand...
Click to collapse
I did the following with skywalker's recovery.
1) Attached a usb keyboard to the Ouya's full size usb port
2) Attached my computer to the Ouya's micr usb port
3) Ran "adb reboot bootloader" (the Ouya rebooted to a blank screen)
4) Waited 30 seconds and ran "fastboot boot recovery.img" (skywalker's recovery file)
The Ouya rebooted into CWM Recovery v6.0.3.2!
Error messages were encountered on the recovery screen (image attached)
5) Navigated around CWM with the arrow keys and the enter key
6) Rebooted with "reboot system now". Ouya booted right up.
When we flash the recovery to mmcblk0p1, we should rename /system/etc/install-recovery.sh (and maybe /system/recovery-from-boot.p) to prevent the recovery partition from being overwritten.
Looks like we need to adjust the recovery so it properly mounts the partitions. Hopefully after that we are good to go.

Wow, that's awesome progress! So I'll try the same steps when I get home tonight and then try building another recovery with proper mount points.

sonofskywalker3 said:
Wow, that's awesome progress! So I'll try the same steps when I get home tonight and then try building another recovery with proper mount points.
Click to expand...
Click to collapse
I think it should be a matter of placing the proper partitions in the fstab prior to creating the recovery image. From the error messages it looks like /cache and /data are the culprits.
If you get a chance to, please post the fstab you use so we can double check everything (want to avoid the potential for bricks).
Sent from my SCH-I535 using xda premium

I did the build without a custom fstab first to see if it would work. I'll make one tonight, or if anyone here has done it before feel free to make sure it's done right, this will be my first try at it.
Update:
Started making the fstab and got rid of the errors on my second build, seems it still can't mount some. making progress though.
Update2:
I have compiled a new recovery using the following recovery.fstab:
/cache ext4 /dev/block/platform/sdhci-tegra.3/by-name/CAC
/system ext4 /dev/block/platform/sdhci-tegra.3/by-name/APP
/data ext4 /dev/block/platform/sdhci-tegra.3/by-name/UDA
/sdcard fuse /dev/fuse
this is based on information gathered from the mount command in an adb shell. it no longer gives the long string of errors, or complains that it can't mount any partitions except i get the following errors now:
can't mount /cache/recovery/command
can't mount /cache/recovery/last_log
can't open /cache/recovery/last_log
and a few others. not sure how to proceed at this point. I'm searching Google, but has anyone run into this before?

sonofskywalker3 said:
I did the build without a custom fstab first to see if it would work. I'll make one tonight, or if anyone here has done it before feel free to make sure it's done right, this will be my first try at it.
Update:
Started making the fstab and got rid of the errors on my second build, seems it still can't mount some. making progress though.
Update2:
I have compiled a new recovery using the following recovery.fstab:
/cache ext4 /dev/block/platform/sdhci-tegra.3/by-name/CAC
/system ext4 /dev/block/platform/sdhci-tegra.3/by-name/APP
/data ext4 /dev/block/platform/sdhci-tegra.3/by-name/UDA
/sdcard fuse /dev/fuse
this is based on information gathered from the mount command in an adb shell. it no longer gives the long string of errors, or complains that it can't mount any partitions except i get the following errors now:
can't mount /cache/recovery/command
can't mount /cache/recovery/last_log
can't open /cache/recovery/last_log
and a few others. not sure how to proceed at this point. I'm searching Google, but has anyone run into this before?
Click to expand...
Click to collapse
I'm still new at making a recovery.fstab, but I noticed the following:
From running "ls -l /dev/block/platform/sdhci-tegra.3/by-name/"
lrwxrwxrwx root root 2013-05-25 02:23 APP -> /dev/block/mmcblk0p3
lrwxrwxrwx root root 2013-05-25 02:23 CAC -> /dev/block/mmcblk0p4
lrwxrwxrwx root root 2013-05-25 02:23 LNX -> /dev/block/mmcblk0p2
lrwxrwxrwx root root 2013-05-25 02:23 MDA -> /dev/block/mmcblk0p8
lrwxrwxrwx root root 2013-05-25 02:23 MSC -> /dev/block/mmcblk0p6
lrwxrwxrwx root root 2013-05-25 02:23 SOS -> /dev/block/mmcblk0p1
lrwxrwxrwx root root 2013-05-25 02:23 UDA -> /dev/block/mmcblk0p9
lrwxrwxrwx root root 2013-05-25 02:23 UPP -> /dev/block/mmcblk0p5
lrwxrwxrwx root root 2013-05-25 02:23 USP -> /dev/block/mmcblk0p7
Click to expand...
Click to collapse
Since the APP, CAC, LNX files are links to mmcblk0pX devices, maybe we should be using the mmcblk0pX names?
We should look at more examples to see what the recovery.fstab for other devices looks like. From what I've seen of other devices, mmcblk0pX devices are listed in recovery.fstab.
P.S. So far, I think we are fairly certain that
APP is the system partition
CAC is the cache partition
LNX is kernel boot.img
SOS is the recovery partition
I'm not sure what the rest are (data, etc). Is there a definitive list somewhere?

Here's what I was able to find based on your suggestion, it's the recovery.fstab from the nexus 7:
/system ext4 /dev/block/platform/sdhci-tegra.3/by-name/APP
/cache ext4 /dev/block/platform/sdhci-tegra.3/by-name/CAC
/data ext4 /dev/block/platform/sdhci-tegra.3/by-name/UDA length=-32768
/misc emmc /dev/block/platform/sdhci-tegra.3/by-name/MSC
/boot emmc /dev/block/platform/sdhci-tegra.3/by-name/LNX
/recovery emmc /dev/block/platform/sdhci-tegra.3/by-name/SOS
/staging emmc /dev/block/platform/sdhci-tegra.3/by-name/USP
Obviously this isn't exactly right, but it's a start until we can find more about the mounts.
I tried making the recovery.fstab using the mmcblk numbers but that made no difference... Cache always mounts empty. I'm going to try one more thing, then I'll post my final results and go to bed.
Update:
Well still no love, and no noticeable progress between recovery 2 and 7, but I feel like we're chipping away in the right direction. I'll seek some help from some more experienced recovery people tomorrow.

sonofskywalker3 said:
Here's what I was able to find based on your suggestion, it's the recovery.fstab from the nexus 7:
/systemext4/dev/block/platform/sdhci-tegra.3/by-name/APP
/cacheext4/dev/block/platform/sdhci-tegra.3/by-name/CAC
/dataext4/dev/block/platform/sdhci-tegra.3/by-name/UDAlength=-32768
/misc emmc /dev/block/platform/sdhci-tegra.3/by-name/MSC
/bootemmc/dev/block/platform/sdhci-tegra.3/by-name/LNX
/recoveryemmc/dev/block/platform/sdhci-tegra.3/by-name/SOS
/staging emmc /dev/block/platform/sdhci-tegra.3/by-name/USP
Obviously this isn't exactly right, but it's a start until we can find more about the mounts.
I tried making the recovery.fstab using the mmcblk numbers but that made no difference... Cache always mounts empty. I'm going to try one more thing, then I'll post my final results and go to bed.
Click to expand...
Click to collapse
Good stuff.
Not sure how we are going to get the field length= . I noticed the same field being used in the US Galaxy S III recovery https://raw.github.com/CyanogenMod/android_device_samsung_d2-common/cm-10.1/recovery.fstab
length= field is probably not needed, as the stock recovery doesn't list it.
Sent from my SCH-I535 using xda premium

Here's the recovery.fstab from my Ouya's recovery partition.
# mount point fstype device
/recovery emmc /dev/block/platform/sdhci-tegra.3/by-name/SOS
/boot emmc /dev/block/platform/sdhci-tegra.3/by-name/LNX
/system ext4 /dev/block/platform/sdhci-tegra.3/by-name/APP
/cache ext4 /dev/block/platform/sdhci-tegra.3/by-name/CAC
/misc emmc /dev/block/platform/sdhci-tegra.3/by-name/MSC
/staging emmc /dev/block/platform/sdhci-tegra.3/by-name/USP
/metadata emmc /dev/block/platform/sdhci-tegra.3/by-name/MDA
/data ext4 /dev/block/platform/sdhci-tegra.3/by-name/UDA
/sdcard vfat /dev/block/platform/sdhci-tegra.0/by-num/p1
Click to expand...
Click to collapse
I tried doing CWM build with this recovery.fstab. /system, /data, and /cache all mounted.
Couldn't mount /sdcard automatically (trying to choose zip from sdcard) or manually (in mounts and storage, mount /sdcard).
I tweaked the recovery.fstab to the following:
/recovery emmc /dev/block/platform/sdhci-tegra.3/by-name/SOS
/boot emmc /dev/block/platform/sdhci-tegra.3/by-name/LNX
/system ext4 /dev/block/platform/sdhci-tegra.3/by-name/APP
/cache ext4 /dev/block/platform/sdhci-tegra.3/by-name/CAC
/misc emmc /dev/block/platform/sdhci-tegra.3/by-name/MSC
/staging emmc /dev/block/platform/sdhci-tegra.3/by-name/USP
/metadata emmc /dev/block/platform/sdhci-tegra.3/by-name/MDA
/data ext4 /dev/block/platform/sdhci-tegra.3/by-name/UDA
/sdcard datamedia /dev/null
Click to expand...
Click to collapse
This one mounted /sdcard correctly. I can "choose a zip from sdcard". I didn't actually choose a zip yet. I didn't format any of the partitions. I suppose we could try making a quick cwm zip to write something to the sdcard to test it out.
I've attached the stock Ouya recovery.img (from SOS partition). THIS IS NOT A CWM FLASHABLE ZIP, it only contains a zipped up version of the stock recovery.img. The md5 hash of the unzipped recovery.img is a6c1a6962984e9080ed8821628c4cc3f.
I've attached the CWM recovery.img that worked for me. THIS IS NOT A CWM FLASHABLE ZIP, it only contains a zipped up version of a newly built CWM recovery.img. The md5 hash of the unzipped recovery.img is c6b37906f280b16cd200503c3cde6dfb.

well, when I build using your suggested recovery.fstab i'm still getting the same error about the cache, but i booted the cwm you built and saw what you meant. can you post your actual recovery.fstab file so I can try to build with it? where did you get the boot.img you are using?
Update!
It worked!! I booted to your attached cwm and I'm running a nandroid backup right now. I'll try a restore next. In the meantime I'm putting together a Playmusic.zip flashable zip with the files necessary to get play music up and running and I'll try flashing it. Awesome work tracking down those partitions!

sonofskywalker3 said:
well, when I build using your suggested recovery.fstab i'm still getting the same error about the cache, but i booted the cwm you built and saw what you meant. can you post your actual recovery.fstab file so I can try to build with it? where did you get the boot.img you are using?
Click to expand...
Click to collapse
I edited the comment right above yours.
Recovery Builder wants the stock recovery.img, so I used adb to copy my Ouya's recovery partition to the sdcard, then I used adb pull to copy the recovery partition to my computer.
1) adb shell
2) su
3) cd /dev/block/platform/sdhci-tegra.3/by-name
4) dd if=SOS of=/sdcard/stockRecovery.img
5) exit
6) adb pull /sdcard/stockRecovery.img .
I used the recovery.fstab attached to this post. I obtained the stock Ouya recovery.fstab by doing the following:
I used split_bootimg.pl to split up the recovery.img into kernel and ramdisk (see Alternate Method in http://android-dls.com/wiki/index.php?title=HOWTO:_Unpack,_Edit,_and_Re-Pack_Boot_Images). I used gzip to unzip the ramdisk and saw the stock recovery.fstab in /etc.
Here's what I did step by step:
1) split_bootimg.pl stockRecovery.img
2) mkdir ramdisk
3) cd ramdisk
4) gzip -dc ../stockRecovery.img-ramdisk.gz | cpio -i
in the ramdisk directory is etc/recovery.fstab
I then copied this file and edited the last line (/sdcard stuff). I used the new recovery.fstab with the Recovery Builder.

sonofskywalker3 said:
It worked!! I booted to your attached cwm and I'm running a nandroid backup right now. I'll try a restore next. In the meantime I'm putting together a Playmusic.zip flashable zip with the files necessary to get play music up and running and I'll try flashing it. Awesome work tracking down those partitions!
Click to expand...
Click to collapse
Awesome! Let us know how the backup/restore and zip flashing goes.
Once we verify that this CWM works correctly, people should be able write the new recovery by doing the following (NOTE this wasn't tested yet. I need to test it out first):
1) adb reboot bootloader
2) wait 30 seconds (blank screen is normal)
3) fastboot flash recovery recovery.img
4) fastboot reboot recovery (need a usb keyboard to navigate CWM)
5) flash a CWM zip to prevent stock recovery overwrite (we need to make this. The zip file should mount /system, rename recovery-from-boot.p to recovery-from-boot.bak, and unmount /system)
6) profit
Most of this could potentially be automated into a root/install CWM script.

Backup worked fine, flash worked and I'm booting now to make sure it put the files where it was supposed to and see if they work. Then i'll reboot and restore and make sure those files go away.One thing to note is that when i choose reboot system now it asked me to disable recovery flash,so I took the plunge and said yes, we'll see if it goes back to stock or not...
Update:
The .zip I built said it flashed correctly (unless i'm reading wrong the parts i could see with the overscan problems i'm having) but the files did not go to /system/app. I have attached the .zip file to see if I did something wrong with it, I just grabbed a sample from online and changed the files, haven't checked updater-script yet. I am restoring now, will post update on if that works.
It rebooted to stock recovery, as I expected, so still haven't flashed it just yet.
Well my oversensitive keyboard just hit enter twice so I'm actually backing up again, but I have to leave and take my daughter to a muesuem now, so I won't be able to continue until later. Good luck, i'll be keeping up with this thread on my phone.
Edit: removed non working zip

How to mount deprecated external_sd on Milaq's CM-11 KitKat rom

I'm still on 10.2 so I haven't tried this but give it a shot.
Milaq removed the mount configuration from fstab.tenderloin, init.tenderloin.rc, storagelist.xml, and recovery.fstab
if you look here on github.com/milaq/android_device_hp_tenderloin you can see the changes made if you click on "storage: prep webos-less setup"
removed from fstab.tenderloin:
-/devices/virtual/block/dm-6 auto vfats defaults voldmanaged=sdcard1:auto,nonremovable,noemulatedsd
removed from init.tenderloin.rc:
- mkdir /storage/sdcard1 0700 root root
- mkdir /mnt/media_rw/sdcard1 0700 media_rw media_rw
- export SECONDARY_STORAGE /storage/sdcard1
- symlink /storage/sdcard1 /mnt/external_sd
- symlink /storage/sdcard1 /external_sd
-service fuse_sdcard1 /system/bin/sdcard -u 1023 -g 1023 -d /mnt/media_rw/sdcard1 /storage/sdcard1
- class late_start
- disabled
removed from storagelist.xml:
- <storage android:mountPoint="/storage/sdcard0"
- <!-- internal sdcard partition -->
- <storage android:mountPoint="/storage/sdcard1"
- android:storageDescription="@string/storage_sd_card"
- androidrimary="false"
- android:removable="false"
- android:allowMassStorage="true" />
removed from recovery.fstab:
-/devices/virtual/block/dm-6 /external_sd vfat defaults voldmanaged=sdcard:auto,nonremovable
Larry

No easy solution
The files modified are packed into the boot.img file of the ROM. Therefore there is no easy way to provide a zip to flash and overwrite/update these files after flashing a new ROM.
I had entered the following into the terminal app and was able to get read/write access to the webos media folder:
su
busybox mount /dev/mapper/store-media /data/media/legacy
You should see the .palm folder and other files in /data/media/legacy from within android.
Instead I recommend deleting all files from LOST.DIR (recycle bin) in WebOS and then using Tailor to resize the /media partition down to 400mb and add the remaining space to /data as milaq suggested. This should negate the need to access it from android.
Jim
laspero said:
I'm still on 10.2 so I haven't tried this but give it a shot.
Milaq removed the mount configuration from fstab.tenderloin, init.tenderloin.rc, storagelist.xml, and recovery.fstab
if you look here on github.com/milaq/android_device_hp_tenderloin you can see the changes made if you click on "storage: prep webos-less setup"
removed from fstab.tenderloin:
-/devices/virtual/block/dm-6 auto vfats defaults voldmanaged=sdcard1:auto,nonremovable,noemulatedsd
removed from init.tenderloin.rc:
- mkdir /storage/sdcard1 0700 root root
- mkdir /mnt/media_rw/sdcard1 0700 media_rw media_rw
- export SECONDARY_STORAGE /storage/sdcard1
- symlink /storage/sdcard1 /mnt/external_sd
- symlink /storage/sdcard1 /external_sd
-service fuse_sdcard1 /system/bin/sdcard -u 1023 -g 1023 -d /mnt/media_rw/sdcard1 /storage/sdcard1
- class late_start
- disabled
removed from storagelist.xml:
- <storage android:mountPoint="/storage/sdcard0"
- <!-- internal sdcard partition -->
- <storage android:mountPoint="/storage/sdcard1"
- android:storageDescription="@string/storage_sd_card"
- androidrimary="false"
- android:removable="false"
- android:allowMassStorage="true" />
removed from recovery.fstab:
-/devices/virtual/block/dm-6 /external_sd vfat defaults voldmanaged=sdcard:auto,nonremovable
Larry
Click to expand...
Click to collapse

zoser42 said:
The files modified are packed into the boot.img file of the ROM. Therefore there is no easy way to provide a zip to flash and overwrite/update these files after flashing a new ROM.
I had entered the following into the terminal app and was able to get read/write access to the webos media folder:
su
busybox mount /dev/mapper/store-media /data/media/legacy
You should see the .palm folder and other files in /data/media/legacy from within android.
Instead I recommend deleting all files from LOST.DIR (recycle bin) in WebOS and then using Tailor to resize the /media partition down to 400mb and add the remaining space to /data as milaq suggested. This should negate the need to access it from android.
Jim
Click to expand...
Click to collapse
Excellent Job. You are right, I see no reason do continue using this partition. I was just wondering how it could be done.
could also use the native command
mount -t vfat /dev/mapper/store-media /data/media/legacy

laspero said:
Excellent Job. You are right, I see no reason do continue using this partition. I was just wondering how it could be done.
could also use the native command
mount -t vfat /dev/mapper/store-media /data/media/legacy
Click to expand...
Click to collapse
Thanks for the comments and creating the thread. I suggested creating a thread with someone else on milaq's thread since I thought it was off topic. I was using the native mount syntax early in my efforts but it was the last two parameters that were the problem.
Perhaps someone might try copying the boot.img from and earlier rom into a current rom but I have no idea if it is mostly the same or different every build. I wasn't willing to risk it but someone else may weigh in on that one. I think the changes should be in the ramcache part of boot.img.
I'm not saying it's impossible in a flashable zip but would demand a lot of time to a solution I have no intention of using.
---------- Post added at 04:50 PM ---------- Previous post was at 04:27 PM ----------
zoser42 said:
Thanks for the comments and creating the thread. I suggested creating a thread with someone else on milaq's thread since I thought it was off topic. I was using the native mount syntax early in my efforts but it was the last two parameters that were the problem.
Perhaps someone might try copying the boot.img from and earlier rom into a current rom but I have no idea if it is mostly the same or different every build. I wasn't willing to risk it but someone else may weigh in on that one. I think the changes should be in the ramcache part of boot.img.
I'm not saying it's impossible in a flashable zip but would demand a lot of time to a solution I have no intention of using.
Click to expand...
Click to collapse
It occurred to me that a "mini" build could be created that only changed the appropriate files but it would have to be kept up to date and runs counter to what milaq is trying to accomplish. I saw that some apps were even storing their data in the sdcard1(webos) folder so it was confusing android as it was. Also, I meant ramdisk and not ramcache in my previous post. My bad.
btw I branched miliq's build code and got to step 9 of 10 of cm's build instructions before running into trouble, just for the knowledge of what goes into it.

[RECOVERY] Unofficial TWRP 2.8.5.2 by Syhost (for 4G)

As we all know our device does not get official TWRP builds yet. Hopefully now that the sources have been released, it's just a matter of time before this happens, but meanwhile an unofficial TWRP 2.8.5.2 build has just been released by Syhost. More information is available on his blog (in Chinese). To install:
Download the file from Baidu
The password (posted publicly on Syhost's blog) is sa89.
The download is an .exe file. It appears to be just an installation script but I did not run it. Instead, I just unpacked it with WinRAR (right-click on the file).
Inside there is the file recovery.img, which can be flashed with standard methods. The way I do it:
Code:
adb reboot bootloader
fastboot erase recovery
fastboot flash recovery recovery.img
Alternatively, if you just want to test it without replacing your current recovery:
Code:
adb reboot bootloader
fastboot boot recovery.img
The interface is all in Chinese. If you're comfortable with that language, you can stop here. However, what I did was:
Keep the kernel from Syhost's version.
Replace the RAM Disk image with files from the stock TWRP for another device: I used openrecovery-twrp-2.8.5.2-mako.img, as I already had the file.
Integrate the TWRP Materialised Play theme in the appropriate resolution (720x1280). The file is 2850_v1_720_play.zip and you'll also want to replace the curtain.jpg file with one of the splash screens from here: splashes_720.zip.
Delete the following files:
Code:
/fstab.mako
/ueventd.mako.rc
Copy over the following files from Syhost's RAM Disk image:
Code:
/default.prop
/file_contexts
/init.rc
/init.recovery.qcom.rc
/property_contexts
/seapp_contexts
/selinux_version
/sepolicy
/service_contexts
/ueventd.rc
Replace /etc/recovery.fstab with the following contents:
Code:
/dev/block/platform/msm_sdcc.1/by-name/system /system ext4 ro,barrier=1 wait
/dev/block/platform/msm_sdcc.1/by-name/cache /cache ext4 noatime,nosuid,nodev,barrier=1,data=ordered wait,check
/dev/block/platform/msm_sdcc.1/by-name/userdata /data ext4 noatime,nosuid,nodev,barrier=1,data=ordered,noauto_da_alloc wait,check
/dev/block/platform/msm_sdcc.1/by-name/persist /persist ext4 nosuid,nodev,barrier=1,data=ordered,nodelalloc wait
/dev/block/platform/msm_sdcc.1/by-name/modem /firmware vfat ro,uid=1000,gid=1000,dmask=227,fmask=337,context=u:object_r:radio_efs_file:s0 wait
/dev/block/platform/msm_sdcc.1/by-name/boot /boot emmc defaults defaults
/dev/block/platform/msm_sdcc.1/by-name/recovery /recovery emmc defaults defaults
/dev/block/platform/msm_sdcc.1/by-name/misc /misc emmc defaults defaults
/dev/block/platform/msm_sdcc.1/by-name/modem /radio emmc defaults defaults
/dev/block/platform/msm_sdcc.1/by-name/sbl1 /sbl1 emmc defaults defaults
/dev/block/platform/msm_sdcc.1/by-name/tz /tz emmc defaults defaults
/dev/block/platform/msm_sdcc.1/by-name/rpm /rpm emmc defaults defaults
/dev/block/platform/msm_sdcc.1/by-name/aboot /aboot emmc defaults defaults
/dev/block/mmcblk1p1 /external_sd vfat rw,noatime,nodev,noexec,nosuid,uid=1000,gid=1015,fmask=0002,dmask=0002,utf8 defaults
/dev/block/sda1 /usbdisk vfat rw,noatime,nodev,noexec,nosuid,uid=1000,gid=1015,fmask=0002,dmask=0002,utf8 defaults
Replace /etc/twrp.fstab with the following contents:
Code:
/boot emmc /dev/block/platform/msm_sdcc.1/by-name/boot
/recovery emmc /dev/block/platform/msm_sdcc.1/by-name/recovery
/system ext4 /dev/block/platform/msm_sdcc.1/by-name/system
/data ext4 /dev/block/platform/msm_sdcc.1/by-name/userdata length=-16384
/cache ext4 /dev/block/platform/msm_sdcc.1/by-name/cache
/external_sd vfat /dev/block/mmcblk1p1 flags=display="SD Card";storage;wipeingui;removable
/usbdisk vfat /dev/block/sda1 flags=display="USB Disk";storage;removable
.
I don't think I can post the resulting image file, as none of this is my work and I don't have the original authors' permission but if you follow the above instructions, you'll end up with a working TWRP 2.8.5.2 recovery image with the English interface that also looks great thanks to the excellent TWRP Materialised theme. Haven't had the chance to test it extensively yet but everything appears to work just great at this point. Screenshots - before and after:

That's really great find. And helpful tip. Cool.
Btw, I do think you can share the resulting TWRP, in English and themed, by simply crediting the original dev/page for the find. Without credit, it won't be cool for sure, but with credit, it's good.

MTP Status
MTP does not appear to work in the modified version but neither does it work for me in the original, unmodified one, even if the description on Syhost's blog seems to suggest it should. I don't really use this function so I'll leave it like that at the moment, as it's not immediately obvious what's going on. If someone wants to take over from here, the following might be useful:
Logcat:
Code:
MtpServer::run fd: 16
E:request read returned -1, errno: 22, exiting MtpServer::run loop
TWRP Source, mtp/mtp_MtpServer.cpp:55
Code:
int fd = open(mtp_device, O_RDWR);
TWRP Source, mtp/mtp_MtpServer.cpp:47
Code:
#ifdef USB_MTP_DEVICE
#define STRINGIFY(x) #x
#define EXPAND(x) STRINGIFY(x)
const char* mtp_device = EXPAND(USB_MTP_DEVICE);
MTPI("Using '%s' for MTP device.\n", EXPAND(USB_MTP_DEVICE));
#else
const char* mtp_device = "/dev/mtp_usb";
#endif
Android Source, include/errno.h:55
Code:
#define EINVAL 22 /* Invalid argument */

itskapil said:
That's really great find. And helpful tip. Cool.
Btw, I do think you can share the resulting TWRP, in English and themed, by simply crediting the original dev/page for the find. Without credit, it won't be cool for sure, but with credit, it's good.
Click to expand...
Click to collapse
Thanks! I've PMed Syhost and will upload the image if he's OK with it.

Aqq123 said:
Thanks! I've PMed Syhost and will upload the image if he's OK with it.
Click to expand...
Click to collapse
:good:

How to patch `system.img` to root the Samsung S10 5G (Qualcomm) device?

Hi All,
Device Detail:
- Samsung S10 5G
- Qualcomm Device
- Model: SM-G977U
- ROM: VZW-G977UVRU2ASH7-20190827135903
- Kernel-Version - Linux version 4.14.83-16633035 ([email protected]) (clang version 6.0.10 for Android NDK) #2 SMP PREEMPT Wed Aug 14 16:23:48 KST 2019
Background: I have
- rooted the device with instructions given by Magisk.
- I can successfully reboot to the recovery rootfs.
Problem: I am trying to modify the `system.img.ext4.lz4` file to root the device with normal boot. I am aware that it will not let the device install OTA Updates.
Unpack-Pack System and make new AP.tar, flash:
- Without any modification to the `system.img`, I have just unpacked `system.img.ext4.lz4`->`system.img.ext4`->`system.img`->mounted to system directory and packed it back to `system.img`->`system.img.ext4`->`system.img.ext4.lz4`.
- Replaced unpack-packed `system.img.ext4.lz4` with the AP `system.img.ext4.lz4` and make a tar of it.
- Then I have flashed it using Odin v3.13 along with BL, CP, and HOME_CSC.
- Odin has show PASS and I have rebooted the device into recovery mode.
- Done the Wipe data/factory reset and reboot to recovery again but released the recovery key combination on splash screen as mentioned in the root instructions .
- The device stuck in a boot loop.
Tries:
1. Disable Dm-verity
- Removed `avb` flag from `boot.img` with
Code:
magiskboot dtb boot.img patch
- Removed `avb` and `verify` flags from `dtbo.img` with
Code:
magiskboot dtb dtbo.img patch
- Patched `ramdisk.cpio` with
Code:
magiskboot cpio ./initrd 'patch false true'
Patched `boot.img` and `dtbo.img` is working fine with magisk patched AP file but the `ramdisk.cpio` creating the issue: Stuck at splash screen when trying to go to recovery after successfully flash with Odin. Download mode is appearing on splash screen.
So, I have used `boot.img` and `dtbo.img` along with unpack-packed `system.img.ext4.lz4` but the result is still a boot loop. I have also tried a combination of `boot.img` and `dtbo.img` along with unpack-packed `vendor.img.ext4.lz4` and flashed the AP.tar with other files but still the result is a boot loop.
So, I want to debug the problem and got to know about `pstore` which preserve the logs when kernel panic.
2. pstore
- Checked that `/sys/fs/pstore` is mounted by the system with following in init file: Grep the pstore using `find . | grep '\.rc' | xargs cat | grep pstore -n -i` and get following result:
Code:
314: # pstore/ramoops previous console log
315: mount pstore pstore /sys/fs/pstore nodev noexec nosuid
316: chown system log /sys/fs/pstore/console-ramoops
317: chmod 0440 /sys/fs/pstore/console-ramoops
318: chown system log /sys/fs/pstore/console-ramoops-0
319: chmod 0440 /sys/fs/pstore/console-ramoops-0
320: chown system log /sys/fs/pstore/pmsg-ramoops-0
321: chmod 0440 /sys/fs/pstore/pmsg-ramoops-0
- Checked the kernel config by pulling the file from /proc/config.gz.
Code:
$ cat config | grep PSTORE
CONFIG_PSTORE=y
CONFIG_PSTORE_ZLIB_COMPRESS=y
# CONFIG_PSTORE_LZO_COMPRESS is not set
# CONFIG_PSTORE_LZ4_COMPRESS is not set
CONFIG_PSTORE_CONSOLE=y
CONFIG_PSTORE_PMSG=y
CONFIG_PSTORE_PMSG_SSPLOG=y
CONFIG_PSTORE_RAM=y
- Check the `ramoops` configuration:
Code:
./sys/module/ramoops/parameters/console_size 262144
./sys/module/ramoops/parameters/dump_oops 1
./sys/module/ramoops/parameters/ecc 0
./sys/module/ramoops/parameters/ftrace_size 262144
./sys/module/ramoops/parameters/mem_address 3241148416
./sys/module/ramoops/parameters/mem_size 1048576
./sys/module/ramoops/parameters/mem_type 0
./sys/module/ramoops/parameters/pmsg_size 262144
./sys/module/ramoops/parameters/record_size 262144
`pstore` setup looks fine but when I am trying the get logs from `sys/fs/pstore` then I found nothing.
I have tried it by two ways:
1. Crash manually with panic kernel using:
Code:
echo 1 > /proc/sys/kernel/sysrq
echo c > /proc/sysrq-trigger
Followed Reading Kernel Logs
2. Flashing non-working rom that cause a boot loop and then flashed a working ROM with rooting steps and checked the file at `sys/fs/pstore`.
I need a favor in:
- Any steps to fix/debug the `pstore` problem?
- Any other way to find the kernel logs?
Update 1: I get the logs from recovery but I am not able to identify the problem.
Logs link: https://drive.google.com/file/d/1b-XNmjpYvH-L8lY0xA0SYr7XcITVCrVS/view?usp=sharing
Description: In this video, I have done the following:
1. Displayed recovery logs before: The last recovery logs are ends with 8.
2. Rebooted the device with a recovery key combination. I have already wipe data partition before making this video.
3. The boot loop happens and in the next reboot, I have pressed the recovery key combination to open the recovery mode where logs that end with 9 displayed.
4. Then I have recorded `last_history`, `last_avc_message_recovery`, `last_log.9` and `last_kmsg.9`
5. `last_history` and `last_avc_message_recovery` looks unchanged(same as before boot loop).
6. Then, I just have tried to mount the system but that didn't work.
7. At last, I have just rebooted the system normally without any recovery key combination.
Some Highlighted logs of last_log.9
exec -f /system/bin/e2fsck -v -y /dev/block/bootdevice/by-name/cache
error: _do_exec: can't run '/system/bin/e2fsck'
(errno 13 : Permission denied)
/system/bin/e2fsck terminated by exit(255)
...
E:Can't read /cache/recovery/last_locale: No such file or directory
...
W:Failed to unmount /efs: Device or resource busy
can't unmount /efs - Device or resource busy
...
W:Failed to set brightness: Invalid argument
I:Screensaver disabled
Atomic Commit failed in DisableNonMainCrtcs
Atomic Commit failed, rc = 0
...
Reboot Recovery Cause is [[BootChecker]RebootRecoveryWithKey]
...
print_recovery_cause() : reboot_reason=[[BootChecker]RebootRecoveryWithKey]
...
[property list]
persist.audio.fluence.speaker=true
...
ro.vendor.build.security_patch=2018-08-05
Supported API: 3
I:/efs is already mounted
W:Failed to unmount /efs: Device or resource busy
check_selective_file:Can't unmount /efs - Device or resource busy
just_reboot_after_update = 1
should_wipe_cahcewipe_cache
-- Wiping cache...
erase_volume(/cache)
...
MDF_I: Completed reset MDF flag!
MDF_I: Completed initialized MDF for Recovery!
mke2fs 1.43.3 (04-Sep-2016)
Discarding device blocksL 4096/153600??????????????????????????????done
Discard takes 0.00051s
Creating filesystem with 153600 4k blocks and 38400 inodes
...
Creating journal (2048 blocks): done
...
copy_logs
...
Cache wipe complete
[Checking pre-multi-csc2]
[start failed section]
sales_code=VZW
Carrier ID=[XAA]
[system partition space check]
The device has /product partition.
[out-recovery]
I:system root image is true, so need to change the unmount point from /system to /system_root
running out-recovery time : 0.000s
running recovery time: 1.738s
copy_avc_msg_to_data(1, )
I:fs_type "ext4" for /cache
copy_file 'proc/avc_msg' 'cache/recovery/last_avc_msg_recovery'
!__RECOVERY_FOR_ASSAMBLY
b_del_recovery_command = true
Rebooting...
## finish_recovery_terminate(del=1, reboot_cmd=reboot, clear_BCB=1)
## finish_recovery(delcmd=1,...
I:Saving locale "en-US"
I:fs_type "ext4" for /cache
I:[libfs_mgr]dt_fstab: Skip disabled entry for partition vm-linux
I:## unlink /cache/recovery/command
copy_logs
I:fs_type "ext4" for /cache
copy_log_file :: create recovery log file '/cache/recovery/log'
copy_log_file :: create recovery log file '/cache/recovery/last_log'
Click to expand...
Click to collapse
Is anyone have experience in detecting problems from the kernel logs?

i can not help you, but we can collect ideas. what about re-sign the system.img? there is a key somewhere, i guess just deleting won't work but maybe it is possible to calculate checksum

or maybe you can switch to SuperSU 2.79 SR3 (latest release from chainfire) or at least look inside the update-binary shell script how to root system.
regarding dm-verity i would start with searching for "verify" flag in your fstabs and remove it. magisk is also doing some hex patches and re-signing, it's the best source to look inside magisk installer zip update-binary/ updater-script, if you have the knowledge to read code
another option is try to port a twrp recovery from another snapdragon (i wonder if somebody did this already) if you can find a porting guide

so the vzw s10 5g is unlockable?

elliwigy said:
so the vzw s10 5g is unlockable?
Click to expand...
Click to collapse
yes

aIecxs said:
yes
Click to expand...
Click to collapse
Figures lol.. I have a g975u from big red n don't plan on buying another lol

aIecxs said:
yes
Click to expand...
Click to collapse
Message me on telegram and I can help you if you help me.. I'm curious in some logs and what not.. I also might have something you can use..

Did you get it working? I have the same phone and I want to use the 600mgz tmobile 5g in a few days, so I need the right rom.

elliwigy said:
so the vzw s10 5g is unlockable?
Click to expand...
Click to collapse
aIecxs said:
yes
Click to expand...
Click to collapse
Snapdragon bootloader unlockable? How?
I'm a VZW customer and can get the phone on an upgrade, but want to root it...

i got a g977p and twrp n magisk working great

do you think it is possible to flash other branding on verizon devices with modded odin?

aIecxs said:
do you think it is possible to flash other branding on verizon devices with modded odin?
Click to expand...
Click to collapse
dunno.. its not possible on n976v..

Was there any luck on rooting the Verizon G977U?

@Vats12 has already successful rooted with magisk in recovery. this thread is for rooting system (kind of rooting where su binary is placed in /system/xbin like for older devices, which breaks OTA)

aIecxs said:
@Vats12 has already successful rooted with magisk in recovery. this thread is for rooting system (kind of rooting where su binary is placed in /system/xbin like for older devices, which breaks OTA)
Click to expand...
Click to collapse
So you want like the supersu method?

ExtremeGrief said:
So you want like the supersu method?
Click to expand...
Click to collapse
Yes, do you know how to do this?
Magisk (guide) does a lot of other things too..
Maybe we can use Magisk to disable the securities and then SuperSu can help in the rooting system?

Vats12 said:
Yes, do you know how to do this?
Magisk (guide) does a lot of other things too..
Maybe we can use Magisk to disable the securities and then SuperSu can help in the rooting system?
Click to expand...
Click to collapse
But why? Safetynet will be gone
What model is the device?

ExtremeGrief said:
But why? Safetynet will be gone
What model is the device?
Click to expand...
Click to collapse
model see OP! i guess because of the buttons needed for booting in magiskrecovery, but the reason is not important only HOW (for Vats12, not for me i don't own this device)

Sorry but this thread needs to be closed
aIecxs said:
model see OP! i guess because of the buttons needed for booting in magiskrecovery, but the reason is not important only HOW (for Vats12, not for me i don't own this device)
Click to expand...
Click to collapse
I don't want to be the one who shouts fake, but the instructions you gave a link to says you have to be able to flash a bootloader first, which means an unlocked blootloader, if you have Verizon rom this is not possible, as the blootloader is locked.
If you did find a way to flash a modified bootloader, or a modified recovery those are the instructions we need, because in fastboot you are unable to do this with a locked bootloader and you are unable to unlock the bootloader on Verizon. If you have a modified bootloader or recovery flashed on your device what did you use to flash it with Odin? Because only way to flash a boot.img is either get into download mode and flash with Odin, or with Edl, if you got into edl mode then can you provide instructions on that, because we would like to know how to get the device into EDL mode as well
Sorry boys this is a hoax.

@DroidisLINUX there is video proof in OP, and again for you:
This is not a tutorial about unlocking and rooting, it is a question how he can modify /system to permanently integrate su