Dear forum,
I'm struggling to get CM 11 (or any other stable CM MOD) installed on my Galaxy S.
Trying to go back to factory settings, my rooted phone got bricked.
After struggling with the USB drivers via zadig I finally managed ODIN (very flaky tool !) to recognise the deive. I managed to repartition the phone using the PIT file s1_odin_20100512.pit (from google code)
I then started following the guidelines for installing CM on the device and flashed the phone (using Heimdal) with semafore 2.7.4. When going in recovery mode, it gave errors related to the mount points (missing .fstab). Any action from the recovery mode (data wipe, format, etc.) was resulting in errors related to the mount points...
Digging around pointed me to the Replicant recovery image as this would resolve the problem. Which it did. It now states CWM-based recovery v6.0.4.6 and operates without errors when mounting unmounting etc.
Now, when in recovery mode and pushing (adb) any MOD (CM, replicant, etc.) I always get an error stating:
E:Error in storage sdcard0 update.zip
(status 0)
Installation aborted.
I've been spending hours on combinations, rebooting reconnecting, re-wiping, toggling signature verif, sideloading vs pushing, etc. etc. and searching the Internet for answers.
So far I have not found a root cause or way to avoid the error and continue with the ROM installation.
Any idea what is causing the error message in the ROM zip files with Status 0 ?
After a fresh reboot in recovery and going to Advanced-show log, I can see:
Code:
I:Skipping execution of extendedcommand, file not found...
I:Cannot load volume misc
I:Can't partition non mmcblk device: devices platform s3c-sdhci.0 mmc_host mmc0
All hints are welcome.
Thanks
I have an H811 with an unlocked boot loader and rooted with BETA-SuperSU-v2.67-20160121175247.zip. I do not have TWRP installed, but instead opt for fastboot boot trwp-xxx.img when I want to make a nandroid backup. I did not install TWRP specifically so I could use the OTAs when they come in from Tmo. The other day, one came in but the install fails. This is the error message. I'm not sure why GoogleTTS.odex and Hangouts.odex are missing.. I may have froze them in Titanium Backup or accidentally removed them during a bloat cleansing., but it doesn't seem to be barfing on those two Google packages.. just the boot partition. Why?
I've not installed any mod kernels. Only thing I can think of is the unlocked bootloader. I have a stock nandroid that I can restore to the phone, and then possibly apply the patch, but if this is due to the unlocked bootloader that won't matter.
Second question: I have a saved copy of the update.zip from Tmo. I've read that trying to install this from TWRP is a bad idea. Is there another way to kick off the install instead of waiting for the download from Tmo again every night?
Thanks
HTML:
Verifying current system...
failed to stat "system/app/GoogleTTS/oat/arm/GoogleTTS.odex": No such file or directory
failed to stat "system/app/Hangouts/oat/arm64/Hangouts.odex": No such file or directory
contents of partition "/dev/block/bootdevice/by-name/boot" didn't match EMMC:/dev/block/bootdevice/by-name/boot:28227584:bba9b35edd32cf7e117d238d9220ebfedb0b8155:28207104:f3a1ce0f44594bc48e57a0402d2044508ba3d391
file "EMMC:/dev/block/bootdevice/by-name/boot:28227584:bba9b35edd32cf7e117d238d9220ebfedb0b8155:28207104:f3a1ce0f44594bc48e57a0402d2044508ba3d391" doesn't have any of expected sha1 sums; checking cache
failed to stat "/cache/saved.file": No such file or directory
failed to load cache file
script aborted: "EMMC:/dev/block/bootdevice/by-name/boot:28227584:bba9b35edd32cf7e117d238d9220ebfedb0b8155:28207104:f3a1ce0f44594bc48e57a0402d2044508ba3d391" has unexpected contents.
"EMMC:/dev/block/bootdevice/by-name/boot:28227584:bba9b35edd32cf7e117d238d9220ebfedb0b8155:28207104:f3a1ce0f44594bc48e57a0402d2044508ba3d391" has unexpected contents.
E:Error in /cache/update.zip
(Status 7)
[LGE][Recovery] Installation aborted. no valid image in CACHE.
I:Saving locale "en_US"
I:timed out waiting for key input; rebooting.
I:Saving locale "en_US"
[email protected]:/cache/recovery #
Nevermind. After some more searching, this is a really common problem with rooting and OTA. Sorry for the static. I'm new to all this.
I must note: I use linux. I only used Windows because SPFT Linux version gave me a chip mismatch error I couldn't fix easily.
1: Please read. It explains what problems might arise. Especially post #6 and #13.
2: There are 2 versions of the scatter file. The MT6735 version is what I used successfully. The MT6737Tmod version is what comes from post #6 & #13.
3: Please use each scatter file to Readback your boot and recovery partitions first, renaming as fit, so you can have a backup BEFORE ANYTHING. Then test unpacking them to see if everything went correctly. Then readback every partition in the scatter file so you don't have to depend on the stock ROM for a backup. I didn't and it led me to take this route.
3: Seem to be a difference in the naming of the scatter file and sizes of system, cache, and userdata inside from the stock ROM and what works..
4: DO NOT choose Format+Download until you know which scatter file works, unless you want to chance a Hard Brick.
5: Wiping the dalvik and cache in stock recovery before flashing TWRP seems to be the best thing to do to avoid boot loops or a hung boot.
THIS ROOT PROCESS WAS DONE OVER THREE DAYS OF CAR WORK, DRIVING, FAMILY, AND COMPUTER WORK. MOST OF THE TIME SPENT WAS THIS MORNING TRYING TO GO TO SLEEP. DIDN'T HAVE TIME TO DOCUMENT AND TAKE PICTURES. THIS WRITE-UP IS FROM WHAT I REMEMBER DURING THIS PROCESS. IF I CAN REMEMBER SOME VAGUE DETAIL THAT YOU NEED, GOOD. IF NOT, DON'T STRESS ME. THE HARD PART IS DONE. A GOOGLE SEARCH OF SOME OF THESE PROGRAMS WILL GET QUICKER RESULTS IF YOU DON'T HAVE THEM. THE MAIN THING NEEDED FROM MY RESEARCH WAS THE SCATTER FILE. LINKS FOR SCATTER FILE AND RECOVERY IMAGE ARE BELOW.
Looking for a way to root first day getting this phone in February. Read this post last Tuesday about MT67xx rooting, thanks lsemprini. Spent two days finding which versions of the programs work with this phone, already had the ROMs, drivers, and tools. Dove right in.
I downloaded the ROM from needrom. Scatter file was unusable. Wrong chip error. Phone reads MT6735 scatter file read MT6737. Did a manual diff. Used SP Flash Tool v5.1524 to flash, formatted instead of downloading by mistake, cord got pulled, Hard brick. Fought with Windows7 to get drivers to recognize a hard brick. Still don't know how I did it but it read then flashed. Looked like another hard brick but SPFT would recognize it for the Memory Test. I just held power+vol_down with just charging block power to get it to come on. Sometimes just one of the buttons was enough to get it to power on and start a bootloop. Took two minutes sometimes. Flashing the wrong recovery led to bootloops. Starting SP Flash Tool and plugging in the USB to the phone as soon as it powers off during a loop will let the preloader "register" and the images to be flashed. Flashing from a stock ROM will lead to IMEI being erased. Used SN Write Tool v1.1716 to write the IMEI numbers. Got them from the side of the box. The MD1_DB and AP_DB files needed are in the stock rom.
Ported TWRP, credit to jemmini for the post https://forum.xda-developers.com/vivo-xl/development/recovery-t3311601. Used that recovery as a base. Ported according to the myriad of guides that I have been reading over the past few days. None of them worked as instructed, had to modify trial and error style. Finally got TWRP to read the internal partitions AND remain after a reboot. A lot was going on when I did this. Not sure if I formatted before, I remember flashing a lot of because of something. I mounted the system just in case & flashed SuperSu from chainfire's website, no formatting afterwards. Rebooted and installed SuperUser and BusyBox. I tried adb and fastboot. They work but not for everything. Hooked phone up to computer with debugging enabled.
Code:
adb root
gives a shell, no errors unlike before. Edit: ADB won't let me start as root anymore.
Needed files
Blu Vivo XL2 TWRP 3 Recovery
MT6735 Scatter File
MT6737T Scatter File
BLU Vivo XL2 V0070UU Stock ROM if you don't have a backup of your partition images.
Step 1
Install Minimal ADB and Fastboot and USB VCOM drivers.
Download SP Flash Tool, SN Write Tool, scatter file, and twrp3.0 to a working folder.
Download SuperSu zip & SuperUser apk then put them on your SD Card.
Install SD card into phone.
Step 1.A For Full ROM Flash and IMEI Write
Download Stock ROM and extract to working folder.
Move twrp3.0 to ROM folder.
Step 2
Install SP Flash Tool and SN Write Tool and run.
Step 3 To flash TWRP only
Reboot phone to recovery then wipe cache and dalvik. Can't remember if it is a dalvik option in the stock recovery now.
Power off phone. Make sure it is not plugged up to the computer.
IN SP Flash Tool:
Load scatter file that works from working folder.
Make sure download only is selected in drop down menu.
Check only the recovery partition box and click the name of the recovery file on the same line.
Browse to TWRP recovery image and select.
Click the Download button with the green arrow.
Plug phone into computer and wait until window with OK pops up. Success.
Step 3.B OPTIONAL
Select format and flash all using stock ROM or images backed up from your phone.
Stock ROM must be extracted and custom recover put into same folder and renamed to "recovery.img" to make
everything automatically load.
Click the Download button with the green arrow.
Plug phone into computer and wait until window with OK pops up. Success
Step 4 Only needed when formating+downloading ROM
With phone still powered off and unplugged, write IMEI numbers using SN Write Tool.
Step 4.A
Click System Config.
Select IMEI in Write Option Area.
Make sure IMEI Checksum and Dual IMEI are checked.
Load MD1_DB and AP_DB files from ROM folder.
Click Load Modem DB from DUT box.
Click Save.
Step 4.B
Click Start.
Input your IMEI numbers from box.
Click OK. Success
Step 5
Boot to recovery.
Swipe to make permanent.
Wipe dalvik and cache.
Flash SuperSu..
Reboot.
Install SuperUser apk and BusyBox of your choice.
Step 5.A
If SuperUser apk or any app that ask for root permission cannot get it, reboot to recovery.
Mount system partition: Shouldn't matter but it worked for me.
Flash SuperSu zip again.
Reboot.
Install SuperUser apk and BusyBox of your choice.
ENJOY
When i connect the device after clicking download, it says "CHIP TYPE NOT match!"
mind you the device is off, i tried to troubleshoot but still getting the same error.
any help would be appreciated
UPDATE: Im thinking it has to be the scatter file, but im not sure.
UPDATE: I got it to work, after flashing superSU, my phone wont boot past the initial white Blu start screen.
[QUOTEUPDATE: I got it to work, after flashing superSU, my phone wont boot past the initial white Blu start screen.[/QUOTE]
Try powering it off, booting to recovery and then wiping dalvik and cache.
The longest it took to get past that logo was 15 minutes. It is either encrypting or decrypting. Didn't get any type of messages until after root, and those were optimizing messages. Only one came through before rooting when I interrupted the boot process and that was about encrypting the phone. Phone was encrypted before root, now it is decrypted. Could have something to do with that. Try wiping the cache and dalvik after flashing. I actually flashed it three times in a row. The third was after mounting storage then flashing the SuperSu zip. Once you see the next logo with the colorful circles and hear the sound it might be another wait. That is where it let me know it was optimizing.
I must note: Please use scatter file to Readback your partitions so you can have a backup BEFORE ANYTHING. I didn't and it led me to take this route.
=smith901;72841007][QUOTEUPDATE: I got it to work, after flashing superSU, my phone wont boot past the initial white Blu start screen.
Click to expand...
Click to collapse
Try powering it off, booting to recovery and then wiping dalvik and cache.
The longest it took to get past that logo was 15 minutes. It is either encrypting or decrypting. Didn't get any type of messages until after root, and those were optimizing messages. Only one came through before rooting when I interrupted the boot process and that was about encrypting the phone. Phone was encrypted before root, now it is decrypted. Could have something to do with that. Try wiping the cache and dalvik after flashing. I actually flashed it three times in a row. The third was after mounting storage then flashing the SuperSu zip. Once you see the next logo with the colorful circles and hear the sound it might be another wait. That is where it let me know it was optimizing.
I must note: Please use scatter file to Readback your partitions so you can have a backup BEFORE ANYTHING. I didn't and it led me to take this route.[/QUOTE]
chip type not match. pls help
---------- Post added at 10:46 AM ---------- Previous post was at 10:41 AM ----------
ANJIII said:
chip type not match. pls help
Click to expand...
Click to collapse
what version of stock rom did you use? there are 3 versions in needrom; v7, v11, and v12. i use v11 cause of automatic update
ANJIII said:
chip type not match. pls help
---------- Post added at 10:46 AM ---------- Previous post was at 10:41 AM ----------
what version of stock rom did you use? there are 3 versions in needrom; v7, v11, and v12. i use v11 cause of automatic update
Click to expand...
Click to collapse
i solved my own problem hahaha. just rename the file to mt6737t instead of mt6735. also edit the platform in scatter file. change it to mt6737t too then install your supersu with the use of twrp then wipe dalvic then its done
ANJIII said:
i solved my own problem hahaha. just rename the file to mt6737t instead of mt6735. also edit the platform in scatter file. change it to mt6737t too then install your supersu with the use of twrp then wipe dalvic then its done
Click to expand...
Click to collapse
Good. I had to name it that because of the chip mismatch error. It was from the V7 ROM. The other two are updates. I also messed up big time along the way. My phone always read MT6735 but it does have MT6737T in different files. I always wondered about that. I got it to work without buying another phone.
It seem that the phone boot logo never goes away. What should I do now?
Alexis96312 said:
It seem that the phone boot logo never goes away. What should I do now?
Click to expand...
Click to collapse
Hope you Readback your original recovery and other partitions. I didn't and worked hard to get it back. When I just flashed the recovery and something went wrong, it reverted back to the stock recovery.
Try doing this:
1. Start SPFT with the reçovery you want to flash.
2. Hold down the power button. AS SOON AS IT VIBRATES, PLUG THE USB CORD IN.
3. Hopefully you timed it right and it will flash and boot.
Sometimes it took 15 minutes to get past the boot logo.
Here what I did so far
1. Format using SP Flash Tool
2. Download /// By Using Scatter-Loading Files (MT6737T_Android_scatter.txt {From Rom}) Which it check all the boxes AUTO ///// It works but I didn't change the recovery.img like TWRP.img
Download it
It works normal.
___________________________________
But I want TRWP.img to be my recovery for root (SuperSU)
I try SP Flash Tool to change the recovery img to TRWP.img /// Using Scatter-Loading Files (MT6737T_Android_scatter.txt {From Rom}) I UNCHECK ALL BUT RECOVERY.IMG
Before this happen I didn't factory reset or Format anything yet.
It work to Recovery.img but THE BLU LOGO IS STILL LONG
I feel like it not working
Help Help Help ME
Please
Alexis96312 said:
Here what I did so far
1. Format using SP Flash Tool
2. Download /// By Using Scatter-Loading Files (MT6737T_Android_scatter.txt {From Rom}) Which it check all the boxes AUTO ///// It works but I didn't change the recovery.img like TWRP.img
Download it
It works normal.
___________________________________
But I want TRWP.img to be my recovery for root (SuperSU)
I try SP Flash Tool to change the recovery img to TRWP.img /// Using Scatter-Loading Files (MT6737T_Android_scatter.txt {From Rom}) I UNCHECK ALL BUT RECOVERY.IMG
Before this happen I didn't factory reset or Format anything yet.
It work to Recovery.img but THE BLU LOGO IS STILL LONG
I feel like it not working
Help Help Help ME
Please
Click to expand...
Click to collapse
Try flashing stock ROM, wipe data in stock recovery, then flashing TWRP, wipe dalvik.
If that don't work, wipe data then flash stock ROM with TWRP recovery, wipe dalvik.
The scatter file from the stock ROM gave me problems. Had to modify mine.
Don't forget to restore your IMEI afterwards since you formatted+flashed.
I will try
---------- Post added at 08:33 PM ---------- Previous post was at 08:23 PM ----------
I did try it but it seem not to do anything
Can you be so kind to upload the mod Scatter File Please
Alexis96312 said:
I will try
---------- Post added at 08:33 PM ---------- Previous post was at 08:23 PM ----------
I did try it but it seem not to do anything
Can you be so kind to upload the mod Scatter File Please
Click to expand...
Click to collapse
The one I attatched on the first post #1 is my modified scatter file. The mods included changing the size to the system, cache, and userdata. Just compared all three. The stock MT6737T scatter file and the V12 ota scatter are the same. The one I changed, MT6735, have the file name, platform name, and partition changes. I don't know why I had to modify it., especially the size parts. It all worked when I did that. I basically gave up on it because of a hard brick. Then I remembered reading MT6735 in some file a few months back while roaming the file system. Made the changes and was back in business. Maybe you need the stock scatter file, here it is.
It's what the end result of this post @ANJIII did minus the size changes..
He just did the name changes and it worked for him. Ya'll seem 180° from where I was.
The second one is from the V12 OTA update. It is very minimal, must be all that is needed for a scatter file. Not really sure tho. Hope it is just scatter file issues.
As long as SPFT is reading your phone, it's still a chance on it all working out. That is how I viewed it.
@andromedaXVIII Don't know if you got it working. This might be a potential solution.
Unable to find partition for path '/sdcard'
Unable to find partition for path '/sdcard'
Unable to find partition for path '/sdcard'
Updating partition details...
Failed to mount '/protect_f'(Invalid argument)
Failed to mount '/protect_s'(Invalid argument)
Failed to mount '/nvdata' (Invalid argument)
...done
Full SELinux support is persent,
MTP Enable
Wiping Dalvik Cache Directories...
--Dalvik Cache Directories Wipe Complete!
Formatting Cache using make_ext4fs..
Updating partition details...
Failed to mount '/protect_f'(Invalid argument)
Failed to mount '/protect_s'(Invalid argument)
Failed to mount '/nvdata' (Invalid argument)
..done
Is this good or bad? This is in Twrp recovery
Alexis96312 said:
Unable to find partition for path '/sdcard'
Is this good or bad? This is in Twrp recovery
Click to expand...
Click to collapse
I take it TWRP flashed successfully, it is having a problem reading those four partitons. Possibly encryption is stopping you. Try flashing this in TWRP before anything else to remove the encryption.
I didn't get any errors. I know the userdata partition was different in the scatter files. That could be the reason for /sdcard not being recognized. Must be a difference in the layout of phones, not really sure. My protect_s, protect_f, and nvdata partitions and /sdcard all mount fine, pictures attached. I am able to do a backup in TWRP. I have been playing around with porting different ROMs and came across an issue similar to this. Had to change some lines in updater-script.
I checked fstab.mt6735 file in the stock recovery, the modded twrp3 recovery, and stock boot recovery to make sure I didn't make any typos or leave anything out. They all have the same lines. Had to do this:
Code:
("ext4", "EMMC", "/dev/block/mmcblk0p5", "/system")
in the updater-script I was working on. I got ahead of myself flashing a ROM and was stuck on the 1st logo screen. Held power+vol_down to get it unstuck. Yes I was all calling myself kind of names like I'm sure some people have done following this guide.
Which scatter file you used? Did you do a readback in SPFT with the WORKING scatter file and mount one of those images to check if you can read and write the files. I mounted system.img from the stock ROM to make sure I could read and write the files before I started with flashing. I'm thinking there is are internal differences in the XL2s. You might have to reflash using the stock ROM with TWRP as the recovery with the Format+Download option since you got TWRP installed.
Once I get through playing around with trying to flash this ROM, I will restore and try to find all the partition mappings and update TWRP to work with the format from the updater-script and see if that work. Will let you know what happened.
Alexis96312 said:
Unable to find partition for path '/sdcard'
Unable to find partition for path '/sdcard'
Unable to find partition for path '/sdcard'
Updating partition details...
Failed to mount '/protect_f'(Invalid argument)
Failed to mount '/protect_s'(Invalid argument)
Failed to mount '/nvdata' (Invalid argument)
...done
Full SELinux support is persent,
MTP Enable
Wiping Dalvik Cache Directories...
--Dalvik Cache Directories Wipe Complete!
Formatting Cache using make_ext4fs..
Updating partition details...
Failed to mount '/protect_f'(Invalid argument)
Failed to mount '/protect_s'(Invalid argument)
Failed to mount '/nvdata' (Invalid argument)
..done
Is this good or bad? This is in Twrp recovery
Click to expand...
Click to collapse
can you send us your vivo xl2 specs because there are two versions of xl2, V0070UU and V0070EE. Mine is V0070UU. I just did some renaming and editing in the scatter file of MT6735 and it bootloop once after I installed the twrp. I restarted my phone during the bootloop by holding the power button. After that, I opened the twrp to install the supersu then wipe dalvic cache. You may now boot up the phone and it took 10-15mins to use it because the system shows that it optimizes 205 apps(in my case, maybe because I have installed numerous apps). After that my phone is usefull again and I installed V4A because that's the only reason why I wanted to root this phone.
Here is all the information I have pulled so far from the phone. Have a screenshot attached from About device in settings. The attached zip file is all the information I could think to pull using adb . The attached file is my partitionlayout. I just ran cat against every file to see what it would give me and redirected the output. Using adb while the phone is in recovery let me pull and read the files I couldn't while the phone was booted.
@Alexis96312, try to run this command in terminal to get your partition map:
Code:
adb shell "su -c 'ls -l /dev/block/platform/mtk-msdc.0/11230000.msdc0/by-name/'" > someFileName.txt
I have mine listed in the zip file as partitionLayout.txt It will list which names go to what device in /dev and save it in your current directory. The file can be used to get the correct partition layout on your phone. Post the results and I will repack the recovery to see if it will work for you. You can do it also with Carliv Image Kitchen, it has a menu :good:. You will have to modify the fstab files in the ramdisk folder of the extracted image to what the partition map specifies. I went thru all of them to be sure when I first ported TWRP.
@ANJIII is correct about the different versions, nice catch. I forgot about that. I assumed you had the V0070UU version like mine, fault on me for not asking. Mine specifically says BLU_V0070UU_V07_GENERIC 25-11-2016 09:46. I'm thinking the GENERIC part comes from me having to flash the stock ROM. I think it had BLU_V0070UU_V07 with user/keys before I bricked it and had to flash the stock ROM. Got three extra apps that I instantly removed. Seems like the stock ROM function the same as before bricking flashing stock.
ScreenShot
ANJIII said:
can you send us your vivo xl2 specs because there are two versions of xl2, V0070UU and V0070EE. Mine is V0070UU. I just did some renaming and editing in the scatter file of MT6735 and it bootloop once after I installed the twrp. I restarted my phone during the bootloop by holding the power button. After that, I opened the twrp to install the supersu then wipe dalvic cache. You may now boot up the phone and it took 10-15mins to use it because the system shows that it optimizes 205 apps(in my case, maybe because I have installed numerous apps). After that my phone is usefull again and I installed V4A because that's the only reason why I wanted to root this phone.
Click to expand...
Click to collapse
Answer in pictures
ADB USB
It seem that the computer can't find it what now
Do I need to install the ADB driver again?
I'm trying to do it on stock recovery
Do I have to do it on TWRP recovery?
Alexis96312 said:
It seem that the computer can't find it what now
Do I need to install the ADB driver again
Click to expand...
Click to collapse
It look like the pid:vid aren't recognized correctly. Usually a reboot will help.
Are you connect using adb while in recovery? If so, see if Windows will install new drivers for you. My Linux box read mine as a Samsung at one point. Try running the ls part of the command in TWRP terminal.
This is where I fought with windows when the cord got pulled during flashing. I never got an error like the 2 at the top, always like the bottom one. I kept adding legacy hardware in device manager until one of them worked. The Linux version of SPFT always give a chip mismatch error. Wish it worked so I won't have to boot to Windows.
I kept doing format+download and and plugging the phone in until Windows recognized it because it was in a bootloop when that happened. You need the preloader to be recognized.
Both stock ROMs are on needrom.com. I downloaded the UU version, the EE version is what you might need. I'll pm you a link to my backups from TWRP to see if they will work for you. Same thing happened to me playing with the new ROM. Restoring my boot and system got it back working.
Hi, I am stuck in a bootloop with my pixel 4XL and can only access fastboot/adb. I want to pull my photos from the device before wiping it to factory settings but cannot figure out a way to do it. My bootloader is unlocked so figured it was possible somehow.
I cannot access files under sdcard using abd and changing the recovery image doesn't seem to work (I tried TWRP) using fastboot flash recovery, I get this error:
Writing 'recovery' FAILED (remote: 'No such file or directory')
I am guessing TWRP doesn't work because of Android 10
Have I got any options to try and backup my data?
TWRP doesn't work on devices that had Android 10 pre-installed due to a new partition scheme.
I would try dirty flashing a Google stock image of your current build. It should undo any kernel or Magisk changes for booting purposes.
Google images: https://developers.google.com/android/images#coral
Platform Tools: https://developer.android.com/studio/releases/platform-tools.html
Extract the image ZIP somewhere, extract platform-tools into that same folder. (fastboot/adb, the .bat file and the 2nd image-coral*.zip should all be in the same folder)
Edit the "flash-all.bat" file, line 23 should look like this: "fastboot update image-coral-qq2a.200405.005.zip" (remove the '-w' or your photos/data will be wiped!)
Make sure fastboot devices sees the phone, run the .bat and mostly ignore your phone screen until the .bat says it's done.
Dirty flashing may corrupt your face data which might later require a full factory reset. Normally you would delete the face data before dirty flashing.
Hi everyone. Got a puzzle for you forensic data recovery guys out there. I am a fool having a bad day today. For the first time in 10 years of screwing with Android, I backed up my ROM with twrp and also backed up my sms and calls, but then managed to somehow forget to copy those files off the internal storage before trying to flash my phone to LineageOS and botching the internal storage. Here is what happened.
0) Before state: Rooted (I think) and for sure running OxygenOS 5.0.3, flashed via TWRP. TWRP version 3.2.1-0. 128 GB OnePlus 3T
1) Backed up System, data, etc to backup on internal storage via TWRP. Booted into OS and backed up SMS and calls to .xml file.
2) Wiped data, system, cache and dalvik/art cache.
3) Downloaded LineageOS w/ microG via zip in TWRP and attempted to install. Received error that I needed to update the modem to at least 9.0.3.
4) Mounted storage from TWRP and copied in Stable9.0.3+Firmware+Modem_OnePlus+3T.zip. Ran the install and was successful.
5) Installed lineage-17.1-20200826-microG-oneplus3.zip via TWRP. Left prompt to install TWRP checked and booted into OS.
6) Upon boot, saw the message: "Decryption unsuccessful" The password that you entered is correct but unfortunately your data is corrupt.
7) Rebooted back into TWRP to mount storage. Could not get anything to mount because it would not accept my decrypt passcode.
8) Figured TWRP bug, flashed twrp-3.4.0-0-oneplus3.img via fastboot. Could decrypt now with passcode but all storage read 0MB
9) Flashed modem back to OnePlus3T_5.0.3-25-05-18-FIRMWARE-flashable.zip via adb sideload method which is what I assume I was running before since that was the OS version. Rebooted
10) Booted back into TWRP, discovered I still couldn't see files. Downgraded TWRP back to 3.2.1-0 via fastboot.
11) Unable to decrypt from TWRP or even install zips. No change at any point in the OS. Flashed TWRP back to 3.4.0.0.
12) Ran adb shell twrp decrypt XXXXXX (where XXXXXX is my pin) which gave me this message:
Attempting to decrypt data partition or user data via command line.
(then it returned to shell so I assume it worked)
13) Ran an ADB pull command (adb pull /dev/block/dm-0 backup.img). There is obviously something there because it downloaded 111 GB worth of .img file (which I'm 99% certain was the amount of space I had used on the phone). Tried to open the .img file with multiple EXT4 programs and they all said the file/partition was corrupt.
14) Tried to wipe data via TWRP. Failed to wipe because it couldn't be mounted. Followed this:
https://************/how-to-fix-twrp-unable-to-mount-storage-internal-storage-0mb/
15) Ended up with MTP mount of 101 GB free space. Everything seems to be lost on the phone at present. No programs I use to recover the data off the MTP mount (just doing a raw file scrape) can see it as a OnePlus in Windows.
After finding a better guide on XDA, it sounds like this is a known issue that happens when you go from 5.0.x to 9.x on this phone where your encryption breaks and you lose all files. Unfortunately I saw that about 15 minutes after step 14...
My next thoughts would be to:
a) downgrade everything (ROM, firmware, etc) and then try to push the 111 GB .img file back to the phone via ADB, then flash a stock OnePlus 5.0.3 ROM over it to see if I could get the internal storage to mount again. Don't even need to boot into the OS--just to get the internal storage mounted again through TWRP.
--OR--
b) convert the .img file to a .raw and then possibly a .vhd and use Recuva or something to scan the image of the phone and see if I can find those .xml files and maybe a twrp backup if I'm lucky. Although if the entire .img contents is still encrypted and not actually just a corrupt android filesystem, I think I am hosed on this option.
I would prefer option a) but I didn't know if anyone had any insight on this. I thought maybe there would be a way for me to get into the filesystem via ADB maybe and clear out some botched encryption cache or keystore/etc in order to get it to mount again. I'm also not sure if you're able to downgrade the firmware or modem either from 9 to 5 (even though I never got errors on downgrade). Thoughts? Am I just royally hosed?
Tried option b. Nothing but garbage. I made a backup of the .img file this time... so still would be willing to try option a) unless anyone thinks that this is impossible.
Edit: yep... may be too late... https://forum.xda-developers.com/on...-9-0-3-5-0-8-firmware-barrier-t3941164/page18
To my knowledge the data partitions content is unrecoverable lost after the reboot from 5) to 6). The img contains the messed up (and still encrypted) dm0 container but without the enctyption footer which is "outside" the dm0 container in sda15 (aka userdata) partition. To decrypt the img you are missing the device dependent key (an encrypzed partition can be decrypted only on the device the enctyption has been done on) as well as the encryption footer (which is messed up after the reboot).
Format data (not only wipe!) and start over.
Thanks for the reply. That makes sense and is what I was afraid of.
I wonder if it would be possible to regenerate the crypto footer by doing something like this to get the HMAC keys and then flashing a rom to recreate the cryptofooter and then editing the key values to reflect the old cryptofooter values based on the KeyMaster extraction via this exploit.
http://bits-please.blogspot.com/2016/06/extracting-qualcomms-keymaster-keys.html?m=1
It might depend on how much of the cryptofooter is left and whether or not 5.0.3 is vulnerable to these CVEs...
I’m not sure if I know enough about the KeyMaster structure to know how to rebuild it even if I were able to retrieve the HMAC keys.
I also know TWRP now supports EDL so perhaps there is something with a Qualcomm tool I could yse to assist.
Obviously this would mean security issues for everyone on these older builds if I am able to regenerate the crypto footer.
Are you aware of adb commands or likewise that I could run to survey the KeyMaster damage?
As stated: to my knowledge the data is lost after the first reboot with the 9.0.x bootloader.
If you search the official los thread (don't remember if 17 or 16) you'll find some detaled postings on restoring the keys after updating the bl from 5.0.x to 9.0.x. The user, who has examined that has failed, but perhaps it helps to shine some light on your questions.