Hi,
I ran doctest on my prophet which ended up corrupting the doc. I managed to get the doc fixed except for binary partition 1. Now I have a prophet which boots into the OS, but has a corrupt CID, IMEI, SIMLOCK, GSMDATA, etc- which means my prophet is now a PDA without a phone...
In short, 0x0-0x44000 area on binary partition 1 is corrupt and I don't have a backup of it.
Can a dump of this block from another prophet be used directly on my device? What all would have to be reconstructed in this block to make it run successfully on my device?
Pls help!
slickdick said:
Hi,
I ran doctest on my prophet which ended up corrupting the doc. I managed to get the doc fixed except for binary partition 1. Now I have a prophet which boots into the OS, but has a corrupt CID, IMEI, SIMLOCK, GSMDATA, etc- which means my prophet is now a PDA without a phone...
In short, 0x0-0x44000 area on binary partition 1 is corrupt and I don't have a backup of it.
Can a dump of this block from another prophet be used directly on my device? What all would have to be reconstructed in this block to make it run successfully on my device?
Pls help!
Click to expand...
Click to collapse
for people reading this, DO NOT RUN DOCTEST ! EVER !
for sidekick, what do you have ? G3/G4?
if you have a G3 it should be possible to fix with itsme tools if you know what you are doing.
I have a G3 IPL 1.0 SPL 2.15.0000 (+gold card)
I have managed to get 0x00000-0x10000 from a wizard (cid locked/sim unlocked). Updated it with superCID using typhooncidedit.pl and flashed it on my doc using pdocwrite.
However, I am still getting a "GetDeviceCID: Error - InitDecoder" on running 'info 2', IMEI is still the default 44xxxx... and am getting Simlock.exe error-"Data error: contact service....." on inserting a SIM
I can think of the following three reasons why this hasn't worked for me:
1. wizard and prophet have different CID blocks and one from prophet might work
2. CID block contains a unique device specific identifier (docuniqueid maybe) apart from what is not mentioned in typhooncidedit.pl
# 0x0000-0x0004 - version
# 0x0010-0x0018 - checksum cryptkey
# 0x0140-0x0148 - imei
# 0x0160-0x0180 - cid
# 0x01a0-0x01a8 - keyindex at byte +3
# 0x1200-0x1a00 - cid cryptkey
# 0x1c80-0x1c88 - lockflag
# 0x1d00-0x1f00 - lockcodes
# 0x4000-0x4400 - mccmnc ??
# 0xfff8-0xffff - checksum of 0-0xfff8
3. the device looks at information in 0x10000-0x40000 at least for IMEI & simlock
Am I on the right track or are there any easier alternatives? Either ways, I think it is important for me to get 0x00000-0x44000 of a G3 prophet in order to investigate further.
It would of GREEEAAAT help if someone can provide me a dump of this area
pdocread -n 1 0 0x40000 cidblock.bin
pdocread -n 1 0x40000 0x4000 -b 0x4000 gsmdata.bin
(pls also mention your docuniqueid from 'pdocread -l')
slickdick said:
I have a G3 IPL 1.0 SPL 2.15.0000 (+gold card)
I have managed to get 0x00000-0x10000 from a wizard (cid locked/sim unlocked). Updated it with superCID using typhooncidedit.pl and flashed it on my doc using pdocwrite.
However, I am still getting a "GetDeviceCID: Error - InitDecoder" on running 'info 2', IMEI is still the default 44xxxx... and am getting Simlock.exe error-"Data error: contact service....." on inserting a SIM
I can think of the following three reasons why this hasn't worked for me:
1. wizard and prophet have different CID blocks and one from prophet might work
2. CID block contains a unique device specific identifier (docuniqueid maybe) apart from what is not mentioned in typhooncidedit.pl
# 0x0000-0x0004 - version
# 0x0010-0x0018 - checksum cryptkey
# 0x0140-0x0148 - imei
# 0x0160-0x0180 - cid
# 0x01a0-0x01a8 - keyindex at byte +3
# 0x1200-0x1a00 - cid cryptkey
# 0x1c80-0x1c88 - lockflag
# 0x1d00-0x1f00 - lockcodes
# 0x4000-0x4400 - mccmnc ??
# 0xfff8-0xffff - checksum of 0-0xfff8
3. the device looks at information in 0x10000-0x40000 at least for IMEI & simlock
Am I on the right track or are there any easier alternatives? Either ways, I think it is important for me to get 0x00000-0x44000 of a G3 prophet in order to investigate further.
It would of GREEEAAAT help if someone can provide me a dump of this area
pdocread -n 1 0 0x40000 cidblock.bin
pdocread -n 1 0x40000 0x4000 -b 0x4000 gsmdata.bin
(pls also mention your docuniqueid from 'pdocread -l')
Click to expand...
Click to collapse
you are on the right track, as you have a G3 it should be possible to fix as pdocwrite can write a G3 DOC
as you can see from my signature, my G3 is bricked so I can't help at the moment
however, I see you have a gold card !? care to explain how you made it ?
Thanks
Prophet Goldcard
I just followed the instructions in typhoonnbfdecode.pl with slight modifications to some checks in IPL & OS
you have a bricked G3.... stuck in bootloader I presume? There are two ways you can fix it with the help of a gold card.
1. Cardid is known and docuniqueid is not known
use tornado keys and xxx magic and '00' as first two chars in cardid to generate a securitylevel=0 non-flashable sd image.
>perl typhoonnbfdecode.pl -d prophet_gold.img -p magic=xxx -p cardid=00610032DF69A01947323044534D5402 -p keys=tornado -p seclevel=0
using this card I get a the normal bootloader screen but with a security level of 0
Cmd>set 32 0
+ SD Controller init
- SD Controller init
+StorageInit
***** user area size = 0x7AC00000 Bytes
Unlimited time!
GetDeviceCID: Error - InitDecoder <<<<< due to corrupt bin partition 1
g_cKeyCardSecurityLevel = 0 <<<<< Voila!
now use the l or lr command in bootloader!!!
2. both Cardid and and docuniqueid are known
use tornado keys and '00' as first two chars in cardid to generate a flashable sd image.
however, for this to work, comment out all the checks in validate_os and the BIPO check in validate_ipl in typhoonnbfdecode.pl
>perl typhoonnbfdecode.pl -d sd80.img -p cardid=00610032DF69A01947323044534D5402 -p keys=tornado -p seclevel=0 -p docuniqueid=00000000a440020420380318130b0571 -r os=OS.nb
no more "Not Allow Update" 's
I'm so busy now in the college exams, this is my graduation year, and I only look at the posts like checking my mail without replying.
But at least I find a guy understand what he is doing, and has no ego, and polite, not like others in this very impolite, and the problem they are stupid, and think themselves understand, all what they do, reading and repeating without understanding or try to improve.
After this long story you don't have to read it, trying to help you if I can.
About the IMEI block => try to use IMEI wizard for changing the IMEI for prophet it will overwrite the old block. It uses pdocwrite.exe =pdocread.exe
About the other blocks I have a G3 prophet IPL 2.10 SPL 2.20 and I have back up with r2sd all and unlocked CID.
I'll pdocread any block you want but I'm going to send it by e-mail in parts, because I can't guarantee the net in big files, so just read your private messages.
slickdick said:
I just followed the instructions in typhoonnbfdecode.pl with slight modifications to some checks in IPL & OS
you have a bricked G3.... stuck in bootloader I presume? There are two ways you can fix it with the help of a gold card.
1. Cardid is known and docuniqueid is not known
use tornado keys and xxx magic and '00' as first two chars in cardid to generate a securitylevel=0 non-flashable sd image.
>perl typhoonnbfdecode.pl -d prophet_gold.img -p magic=xxx -p cardid=00610032DF69A01947323044534D5402 -p keys=tornado -p seclevel=0
using this card I get a the normal bootloader screen but with a security level of 0
Cmd>set 32 0
+ SD Controller init
- SD Controller init
+StorageInit
***** user area size = 0x7AC00000 Bytes
Unlimited time!
GetDeviceCID: Error - InitDecoder <<<<< due to corrupt bin partition 1
g_cKeyCardSecurityLevel = 0 <<<<< Voila!
now use the l or lr command in bootloader!!!
2. both Cardid and and docuniqueid are known
use tornado keys and '00' as first two chars in cardid to generate a flashable sd image.
however, for this to work, comment out all the checks in validate_os and the BIPO check in validate_ipl in typhoonnbfdecode.pl
>perl typhoonnbfdecode.pl -d sd80.img -p cardid=00610032DF69A01947323044534D5402 -p keys=tornado -p seclevel=0 -p docuniqueid=00000000a440020420380318130b0571 -r os=OS.nb
no more "Not Allow Update" 's
Click to expand...
Click to collapse
Create, Let me try some things here, In my gold card thread I've started outlining this.
I used the same steps as you did, however I got stuck in getting the cardid, for some reason the memdump didnt contain the cardid.
which route did you use to get the cardid ?
(I used my second prophet to get that, but failed)
Thanks for the explaining so far.
paradis_pal said:
I'm so busy now in the college exams, this is my graduation year, and I only look at the posts like checking my mail without replying.
But at least I find a guy understand what he is doing, and has no ego, and polite, not like others in this very impolite, and the problem they are stupid, and think themselves understand, all what they do, reading and repeating without understanding or try to improve.
After this long story you don't have to read it, trying to help you if I can.
About the IMEI block => try to use IMEI wizard for changing the IMEI for prophet it will overwrite the old block. It uses pdocwrite.exe =pdocread.exe
About the other blocks I have a G3 prophet IPL 2.10 SPL 2.20 and I have back up with r2sd all and unlocked CID.
I'll pdocread any block you want but I'm going to send it by e-mail in parts, because I can't guarantee the net in big files, so just read your private messages.
Click to expand...
Click to collapse
Nice to see you back on the board, I've read some of your early posts and they were a great help !
If you could help out that would be great, I know what it is like during exams
Id would be great if you guys could help me find the cardid, I'm trying to get this, but im guessing i'm looking at the wrong section:
Using memmap on my G4 i've dumped the memory section of device.exe
pmemmap -s 0x06000000 -w deviceexe.mem -p 0x10000000-0x12000000
However when searching through it, I can't find the SBDS/ Memory Card section, only a RSDS section at 0x1101C.
Am I dumping the wrong section ?
try to search for memory card using unicode character set ((winhex)), because it's writtin in unicode
I'm not sure, if you are using any other ROM but try to use original qteck s200 rom 2.20 without insalling anyother programs, and try again without installing the ext rom,
try any debuger manger to find out the memory section of device.exe cause it is not always 0x06000000
paradis_pal said:
try to search for memory card using unicode character set ((winhex)), because it's writtin in unicode
I'm not sure, if you are using any other ROM but try to use original qteck s200 rom 2.20 without insalling anyother programs, and try again without installing the ext rom,
try any debuger manger to find out the memory section of device.exe cause it is not always 0x06000000
Click to expand...
Click to collapse
Thanks for the advice, I did use winhex in unicode, I will try with the qtek rom,I will post an update soon, getting my card reader at work now
hope your exams are going ok !
How to find Cardid on Prophet
For CardID, on my G3, I did not find the SBDS signature in the memory dump of device.exe. However, there were two occurances of Unicode "Memory Card". 73 (0x49) bytes after one of them was what I could recognize as the cardid.
From what I can make of the codes (ASCII) mentioned in typoonnbfdecode.pl
'UE...c.U821DSDS.' for minisd
'[email protected]' for kingston
'?<.e.Gd.821DSMT.' for daneelec
All three have 821, which is reverse of 128!!! size 128MB!!! Ring-a-bell?!? Can we interpret similar structure for all other cards < 1GB?
'DSMT' seems to be standard for Dane Elec cards. same can be interpreted for other types like DSDS looks to be standard(maybe somone can confirm this)
If you analyze the ASCII of card id of my 2GB Dane Elec- '%a.2ßi..G20DSMT.'
you will see 'G20' representing size (representation for size seems to be different for cards > 1G. Again, someone needs to confirm this observation) and 'DSMT' standard signature for Dane Elec.
All in all, if you are not able to find the 'Memory Card' pattern, depending upon card make and size, search for any of the CardID ASCII patterns in the memory dump.
(btw, To find the starting offset of CardId- third character of CardId seems to be 0x00. If you are familiar with using grep, finding cardid in the memory dump could be easier)
Let me know if this helps.
Reverse of cardids is shown below:
minisd in typoonnbfdecode.pl
03 53 44 53 44 31 32 38 55 00 63 CF AC 00 45 55 SDSD128U cϬ EU
kingston in typoonnbfdecode.pl
18 49 4E 31 32 38 4D 42 03 40 1F 53 09 00 51 3F IN128MB @ S Q?
Dane Elec in typoonnbfdecode.pl
02 54 4D 53 44 31 32 38 07 64 47 BA 65 00 3C 3F TMSD128 dGºe <?
and finally my 2GB Dane elec
02 54 4D 53 44 30 32 47 19 A0 69 DF 32 00 61 25 TMSD02G *iß2 a%
Makes sense? I think you can directly search for the cardid pattern in the memory dump.
slickdick said:
Reverse of cardids is shown below:
minisd in typoonnbfdecode.pl
03 53 44 53 44 31 32 38 55 00 63 CF AC 00 45 55 SDSD128U cϬ EU
kingston in typoonnbfdecode.pl
18 49 4E 31 32 38 4D 42 03 40 1F 53 09 00 51 3F IN128MB @ S Q?
Dane Elec in typoonnbfdecode.pl
02 54 4D 53 44 31 32 38 07 64 47 BA 65 00 3C 3F TMSD128 dGºe <?
and finally my 2GB Dane elec
02 54 4D 53 44 30 32 47 19 A0 69 DF 32 00 61 25 TMSD02G *iß2 a%
Makes sense? I think you can directly search for the cardid pattern in the memory dump.
Click to expand...
Click to collapse
Great ! thanks, I'm dumping right now, after looking for the memory adress of device.exe using pps
will update in a moment
uhmm, I think we have a winner ??
at 00729EC0
23 61 00 3D 92 68 10 80 32 31 35 52 53 44 53 03
#a.=’h.€215RSDS.
for a 512 MB sandisk sd card
created the image, I now have sec level 0.
I've downloaded mtty and want to upload a new SPL using the L or LR command, however I don't know what parameters L or LR takes ?
is it just L <filename>
or do I have to specify the memory adress or the SPL ?
Jesterz said:
is it just L <filename>
or do I have to specify the memory adress or the SPL ?
Click to expand...
Click to collapse
Code:
l <path_name> <startAddr offset>
You have to specify the address of the SPL, if you don't specify it most probably will default to OS address.
pof said:
Code:
l <path_name> <startAddr offset>
You have to specify the address of the SPL, if you don't specify it most probably will default to OS address.
Click to expand...
Click to collapse
ok thanks ! i'm going to give this a go
l spl.nb 0x91000000
fingers crossed, lol
Cmd>l spl.nb 91000000
clean up the image temp buffer at 0x8C100000 Length 0x03900000
BOOTLOAD_PAGE_TABLE_BASE_C_VIRTUAL= 0x8C080000
Clear image temp buffer done .
MTTYDownloadImage "spl.nb"
:F=spl.nb
start download
SAddress A0000000h Length 000C0000h, pszImageTempBuffer = 8C100H000h
OEMGetFlashIndex()- dwVaddr = 0xA0000000
OEMGetFlashIndex()- iIndex = 0xFFFFFFFF
Start flashing new image!!!
<CE-31><CE-1167><CE-995>
weird, the screen then goes all white, and I hear the usb disconnect, for the rest nothing happens.
which format does the spl file need to be ? i've used the "standard" nb file
i'm trying more stuff, but right now, i'm clueless
Jesterz said:
BOOTLOAD_PAGE_TABLE_BASE_C_VIRTUAL= 0x8C080000
Click to expand...
Click to collapse
This seems good, as it is the virtual address from where the bootloader expects to be executed.
Jesterz said:
weird, the screen then goes all white, and I hear the usb disconnect, for the rest nothing happens.
Click to expand...
Click to collapse
Weird... I believe command "l" auto-launches code once downloaded, probably this is the reason.
Jesterz said:
which format does the spl file need to be ? i've used the "standard" nb file
Click to expand...
Click to collapse
I think it should be a BIN file with "l" command... maybe try "lnb" command? (I don't know if prophet has it, I don't have a prophet). Hope the previous "l" command hasn't screewed things more than they where.
Just out of curiosity, tell me how the story ends
pof said:
I think it should be a BIN file with "l" command... maybe try "lnb" command? (I don't know if prophet has it, I don't have a prophet). Hope the previous "l" command hasn't screewed things more than they where.
Just out of curiosity, tell me how the story ends
Click to expand...
Click to collapse
as far as i know, "l" is for .bin only (at least on wizard)... I hope Jesterz did not just nuke his bootloader.
Related
Okay I know this is not posted in the correct area as XDA is only for HTC, however in the spirit of Android and its awesome developers I thought I could bring it this way for some help. Even though the Behold 2 is not an HTC device it is the one of the fastest Android devices(faster than HERO) with a whopping 320 MB ROM. Please Devs look below and help if possible. Thanks
Ok so I have mine rooted(followed persistant root instructions through google search), there is something very interesting about the way Samsung did this. This phone has like 20 different partitionssee below, however I think I know how the phone is able to restore root and the recovery after boot. These 20 partitions include copies of each other. For example if you do su on terminal emulator and then you type "cat /proc/partitions" it will list all the partitions. Notice how some partitions have different labels but are the same size. These are the respective back ups(i think). The only partition that I know is "stl9" or "st9" is the system. (Behold 2 removes any custom recovery or temp root upon reboot)
I tried flash_image recovery and said it wasn't a recognized partition as the BH2 also does not have mtd. cat /proc/mtd produces nothing. Hope this helps.
Oh 1 last thing it seems I may have found an exploit with the device management.apk. It has the option to run a bootloader/bootstrap test, could this be exploited to install customer recovery? Its just a thought...
Can someone with root, compile busybox for install on the Behold 2. I am sorry I only have Windows 7.
So I believe if these partitions, specifically the backup could be modified then we could in theory run a script to modify the phone and then upon reboot when init.rc does it check it would load the modified recovery and custom ROM.
Terminal Output:
See the areas highlighted in BOLD. The G1 has half the number of partitions and mtd has output.
$ export PATH=/data/local/bin:$PATH
$ su
# cat proc/partitions
major minor #blocks name
137 0 513024 bml0/c
137 1 2048 bml1
137 2 512 bml2
137 3 512 bml3
137 4 1024 bml4
137 5 23040 bml5
137 6 6144 bml6
137 7 23040 bml7
137 8 6144 bml8
137 9 226304 bml9
137 10 8192 bml10
137 11 512 bml11
137 12 40960 bml12
137 13 1024 bml13
137 14 173568 bml14
138 9 210432 stl9
138 12 25088 stl12
138 14 157696 stl14
179 0 1982464 mmcblk0
179 1 1982338 mmcblk0p1
#
Click to expand...
Click to collapse
[Reserved for Space]
1 more for screenies of device management.apk
I'm nowhere near experienced enough to be considered a dev just yet but I'm switching to T-Mobile soon and if I get my hands on a Behold II I'll contribute as much as I can to development of this phone. It would be awesome to get this thing up and running on a Android 2.1 Sense ROM! If money's as tight as it is now when I switch though I might have to avoid a contract and just use my unlocked G1
This would be really awesome if executed. I'm in the process of rooting my phone as well, but I first need to find my usb cable...
Have you tried this link?
http://androidforums.com/samsung-behold-2/22470-persistant-root.html
JonInAtl said:
Have you tried this link?
http://androidforums.com/samsung-behold-2/22470-persistant-root.html
Click to expand...
Click to collapse
he already has his phone rooted, just needs to get busybox for the behold 2 i believe.
im pretty much on the same boat, i just got the phone cause it had the most ram for an android phone on t-mobile. it'll be awesome if we get custom roms onto the phone.
btw mods, i think this should be moved, or merged onto the other similar thread.
http://forum.xda-developers.com/showthread.php?t=597501
***** IMPORTANT ROOT IS REQUIRED BEFORE PROCEEDING *****
***** ALSO PLEASE READ CAREFULLY BEFORE ACTUALLY APPLYING STEPS *****
All right ladies and gentlemen, coders and non coders I have personally found the unlock code NOT THE FREEZE CODE only the unlock code for your Samsung Galaxy S 4G hidden in the same files as previous Vibrant phones.
Please understand this was a hard complex and still needs work procedure.
Of-course this all depends on your dedication and time but hopefully I have simplified it for you.
Steps:
1. Install "010 Hex editor" you can use trial does not have to be registered
2. Go to your SGS 4G and open a terminal emulator (free on the Market) - (Root Required)
The following steps are credit to SS2006 on a different post
*** Dont forget the (su) command *** after the second line
_____
after opening a terminal emulator type the following
cd /dev/block <enter>
su <enter> <at this point your phone will ask for superuser access ALLOW it if you already havent done so>
dd if=/dev/block/bml3 of=/sdcard/bml3.bak <enter>
Go find the file on your SD Card and transfer it to your computer
3. Open 010 Hex Editor
4. In 010 Hex Editor go to the Menus above and select VIEW>LINEFEEDS>SELECT CUSTOM>SET YOUR BYTES TO "32" Nothing Less
5. Locate the bml3.bak file you created and transfered to your computer and open it using the editor
(CREDIT TO FR0Z3N FOR CLARIFYING THE FOLLOWING 2 STEPS)
6. Using your keyboard select CRTL+F to search for a hex string, when the search window pops up select "Hex byte" in the Type field and then search for the following string below:
"FFFFFFFFFF0100000000" ALL TOGETHER, Then Hit the FIND ALL button to the right, some of you will get 2 results and others up to 10 results on your screen below
7. If you look at your Hex editor there are 3 window panes on the selected line (See Image Below)
e.g 4CCC60h <-- Offset
01 01 01 01 < -- Hex Keys
yyyyyyyyy <- ASCII text where your code is
h.t .t p / / i1201.photobucket . com /albums/ bb359/sanfranx415/unlock.jpg
8. Go through each result from the above search and you will see on the 3rd window pane (as shown on pic above) after the hex keys there is an 8 DIGIT CODE (Write this code Down) this is your unlock code NCK for your phone
Sidenote: THIS 8 DIG CODE SHOULD SHOW ON AT-LEAST ONE MORE RESULT CHECK ALL YOUR RESULTS FROM THE SEARCH ABOVE IF YOU HAVE ANY DOUBTS ( SOME OF YOU WILL HAVE YOUR CODE SHOWN AT-LEAST 2 TIMES AND SOME OF YOU WILL HAVE THE CODE SHOW MORE THAN 4 TIMES BUT YOU SHOULD NOT HAVE THAT MANY RESULTS )
**** TO INPUT THE UNLOCK NETWORK CODE DO THE FOLLOWING ****
9. Turn off your phone
10. Insert a foreign SIM card not attached to your current provider (e.g if you have T-mob use an ATT SIM CARD) and turn on your phone
11. You will be prompted to enter a Network Unlock Control Key ( Use the code above that you wrote down and type it in your phone exactly)
12. After entering your NCK please hit Unlock or GO button and you should see a screen that says "network unlock successful" and your phone should go in the main screen after your phone has been unlocked.
THATS IT FOLKS HAVE FUN
PS> If you entered an incorrect code you must of entered the wrong code or wrote it down wrong please read carefully and verify the code matches the results from above in at-least more than one instance
SHOULD ANYONE NEED HELP PM ME AND I WILL BE GLAD TO HELP
personally my SGS4G has been rooted from day 1 and wi-fi tethering enabled and now it has been Unlocked
Thanks, will try
This seems like it doesn't work. If you go to line 157028 you end up at offset 4CAC60h which is nothing but zeros. And if you go to offset 4CCC60h, there's no 01010101 value.
Ok is this BS or what? I noticed that no one else has posted here. I have tried every combination with these line #'s and I cant find any 8 digit code in the third section. con anybody tell me if this is legit?
doesnt work for me either
OMG! Sick it did work, i found it on a different line
w00t just unlocked mine!
fr0z3n said:
OMG! Sick it did work, i found it on a different line
w00t just unlocked mine!
Click to expand...
Click to collapse
Well can you share what line you found it on
I just unlocked two of them, its on different lines everytime.
Folowing are the instructions:
Open the file in Hex Editor
1.) Press - Ctrl + F
A window should open up
2.) Change the type to "Hex Bytes (h)
3.) Value: FF FF FF FF FF 01 00 00 00 00
4.) Click Find All, for me the code
the code is visible right after this, 8 digit code. For me it was repeared 9-10 times in the file.
Good luck
did it work?
No this is not BS and Yes Fr0z3N is correct I should have said look for this line value
Value: FF FF FF FF FF 01 00 00 00 00
You will find your code it takes patience but your code is there if you follow the instructions
Thanks Fr0Z3n for the clarification and more indepth analysis
Works for me, too. Thanx sanfran and fr0z3n.
Sent from my SGH-T959V using XDA App
hello, can you tell me if moving to Europe this device will work also on European 3G UMTS 900/2100 ? Thanks a lot
pipporobby said:
hello, can you tell me if moving to Europe this device will work also on European 3G UMTS 900/2100 ? Thanks a lot
Click to expand...
Click to collapse
Moving to europe has no barring at all- Once you unlock your Phone you can use it with any GSM provider in the world including Europe just switch out the sim Cards with the european SIM
The technology has not changed for 3G phones are still capable of the same frequencies its just 4G is now being used more common in the US depending on your carrier of-course either HSPA or LTE or WIMAX in the US but in Short to answer your question YES it will work
Have fun in Europe
Still no luck Ive tried it over and over the only numbers that I find that are on more than one line is 0123456789 and I doubt that is my unlock code. And I followed the instructions to the "T" Why is this not working? Also you said 2 to 10 results below and I get 160 results every time.
@droidboy: Is your Samsung Galaxy S 4G rooted?
Sent from my SGH-T959V using XDA App
sk8er_ said:
@droidboy: Is your Samsung Galaxy S 4G rooted?
Sent from my SGH-T959V using XDA App
Click to expand...
Click to collapse
Yeah I am rooted, I rooted through super one click v1.7
@Droidboy quick question did you try using any galaxy s unlock app from the market if you did and they alter your original files that came with your phone thus causing a different bak file to be outputed when you do the terminal commands as stated. You should revert if possible with the same program used or PM me and send me your bak file to see if I can help
Thanks. It worked!!
Sent from my SGH-T959V using XDA App
fr0z3n said:
I just unlocked two of them, its on different lines everytime.
Folowing are the instructions:
Open the file in Hex Editor
1.) Press - Ctrl + F
A window should open up
2.) Change the type to "Hex Bytes (h)
3.) Value: FF FF FF FF FF 01 00 00 00 00
4.) Click Find All, for me the code
the code is visible right after this, 8 digit code. For me it was repeared 9-10 times in the file.
Good luck
Click to expand...
Click to collapse
I followed these instructions after I downloaded the .bak file, used the CTRL+F to find the first instance then used F3 (Find Next) to find the other places where the code is.
Has anyone tried a AT&T sim card to see if 3G works just like it did for the Vibrant?
wtf... when you need wifi access it turns out that the mac address of the phone is filtered...
to be sure, changed my laptop wifi mac to match the phone one, and guess... no access....
ok the mac address on the phone wifi, can be changed temporary, but it is a pain (and when i say pain i mean repeating pain )
so i found that actually the mac is stored in /pds/wifi/nvs_map.bin
long story short...
moto mac 11:22:33:44:55:66
relevant part in hex of the nvs_map:
Code:
00000000 01 6D 54 [b]66[/b] [b]55[/b] [b]44[/b] [b]33[/b] 01 71 54 [b]22[/b] [b]11[/b]
and changed mac aa:bb:cc:dd:ee:ff
and the relevant part in the nvs_map
Code:
00000000 01 6D 54 [b]ff[/b] [b]ee[/b] [b]dd[/b] [b]cc[/b] 01 71 54 [b]bb[/b] [b]aa[/b]
after replacing the file (ofcourse, make a backup)
the change will be permanent (or at least until restore from the backup
so choose carefully the mac address please
i tested that with success on my xt720, i suppose that the trick will work on every phone which utilize /pds/wifi/nvs_map.bin file on wlan initialization...
e.g. if there is service like
Code:
service wlan_loader /system/bin/wlan_loader \
-f /system/etc/wifi/fw_wlan1271.bin -i /system/etc/wifi/tiwlan.ini \
-e [b]/pds/wifi/nvs_map.bin[/b]
class post-zygote_services
disabled
oneshot
p.s. intensionally the post is not very user friendly. the reason is that i am afraid that if somebody do not understand really well what to do, can screw the wifi. I cannot explain in great details, but the above is more than enough if someone know about hex editors, copying files etc..
problem with MAC Wifi - Motorola Defy
peshovec said:
wtf... when you need wifi access it turns out that the mac address of the phone is filtered...
to be sure, changed my laptop wifi mac to match the phone one, and guess... no access....
ok the mac address on the phone wifi, can be changed temporary, but it is a pain (and when i say pain i mean repeating pain )
so i found that actually the mac is stored in /pds/wifi/nvs_map.bin
long story short...
moto mac 11:22:33:44:55:66
relevant part in hex of the nvs_map:
Code:
00000000 01 6D 54 [b]66[/b] [b]55[/b] [b]44[/b] [b]33[/b] 01 71 54 [b]22[/b] [b]11[/b]
and changed mac aa:bb:cc:dd:ee:ff
and the relevant part in the nvs_map
Code:
00000000 01 6D 54 [b]ff[/b] [b]ee[/b] [b]dd[/b] [b]cc[/b] 01 71 54 [b]bb[/b] [b]aa[/b]
after replacing the file (ofcourse, make a backup)
the change will be permanent (or at least until restore from the backup
so choose carefully the mac address please
i tested that with success on my xt720, i suppose that the trick will work on every phone which utilize /pds/wifi/nvs_map.bin file on wlan initialization...
e.g. if there is service like
Code:
service wlan_loader /system/bin/wlan_loader \
-f /system/etc/wifi/fw_wlan1271.bin -i /system/etc/wifi/tiwlan.ini \
-e [b]/pds/wifi/nvs_map.bin[/b]
class post-zygote_services
disabled
oneshot
p.s. intensionally the post is not very user friendly. the reason is that i am afraid that if somebody do not understand really well what to do, can screw the wifi. I cannot explain in great details, but the above is more than enough if someone know about hex editors, copying files etc..
Click to expand...
Click to collapse
----------------------------
Hi guys...
I need help to configure the nvs_map.bin... Edit the file with Hex Editor program and now the WIFI does not work. I have no backup file nvs_map.bin.
I need to get back to the Mac I had before. I have not a backup file nvs_map.bin, but if I have a backup of the MAC shown in the phone settings menu. Now I get 00:00:00:00:00:00.
Sorry. My English is bad .. I am Spanish
Thanks for the info
We are proud to announce that the MyTouch 4G Slide is now UNbrickable. Users with the QHSUSB_DLOAD issue can now fully recover their phones and get them fully functional.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Note: This will fix only devices which were bricked by turning S ON. And bricks caused by a damaged hboot via interrupted OTA update/RUU flash on a S-ON device. Any devices bricked with other ways are currently *not* supported. We are working on it
The "core" of the unbricking project dev team:
MOVZX
RussianBear
Fuses
Dexter93
Testing stuff and irc support:
globatron
Deceptivechaos
dburgd84
Snake_skw
Other stuff:
dmcb123
xIndirect
Hawke84
Thanks to trevE, xHausx and the rest of the evo3d team that gave us the basic info to work on and made us curious to see if we could get something out of it. Also thanks to ief and his team @revolutionary for helping us understand the bootloaders better. We should also not forget to thank cxb01 of malshenzu.com and xda members arthurire and untrueparadox who helped in translation.
Prerequisites
a linux box/live cd with automount disabled and without unity
the appropriate package for the device
the latest RUU for your device
a device bricked by writing security flag 3 with an unsigned hboot, or caused by a damaged hboot via interrupted OTA update/RUU flash on a S-ON device
a usb cable
some basic linux experience
patience
DISCLAIMER: We do NOT guarantee that this method will work for you, or that it is flawless. We are also not responsible if your phone is completely dead after the procedure, or your house burns down because your phone exploded. You are doing this in YOUR OWN RISK.
Instructions
NEW: Detailed video on the process. Its displaying the process on a Sensation, but its pretty much the same thing. Thanks to kgs1992
Boot the linux box and download the appropriate package for the device.
Extract the package in the home directory
Open up a terminal
Remove SIM, microSD card and battery and connect the device using the USB cable. This procedure must be done without battery
Detect the device using the script provided. Type this in the terminal
Code:
./brickdetect.sh
You should get something like sdX. We are interested on that "X"
Unplug the usb cable from the device
Backup the hboot currently in the phone by using this command. Plug the device in ONLY when asked to
Code:
sudo ./emmc_recover --backup b_hboot.img --device /dev/sdX12
Replace the "X" with the letter the script gave you
Follow the on-screen instructions from emmc_recover
Hexdump the b_hboot to check the hboot version
Code:
hexdump -C b_hboot.img |less
The output should be like this:
Code:
00000000 05 00 00 00 03 00 00 00 00 00 00 00 00 00 10 40 |[email protected]|
00000010 d8 fc 0f 00 d8 fb 0f 00 d8 fb 1f 40 00 01 00 00 |[email protected]|
00000020 d8 fc 1f 40 00 00 00 00 12 00 00 ea 31 2e 34 35 |[email protected]|
00000030 2e 31 33 31 33 00 00 00 38 32 36 30 20 53 50 4c |.1313...8260 SPL|
00000040 00 00 00 00 00 f0 20 e3 53 48 49 50 00 00 00 00 |...... .SHIP....|
00000050 00 f0 20 e3 00 f0 20 e3 48 42 4f 4f 54 2d 38 32 |.. ... .HBOOT-82|
00000060 36 30 00 00 00 f0 20 e3 38 63 61 38 33 62 37 31 |60.... .8ca83b71|
This is the typical hex of a hboot. We are interested to check if that is the hboot partition and if it is, to get to know the version. In this case it is 1.45
If in the above step you failed to identify the hboot, unplug all devices connected to that pc, reboot and try again
Unplug the device
Check again it is the right version, because if you do a mistake here, you won't be able to go back
You can only flash the same version as the one in the device.
!!!!!DO NOT ATTEMPT TO FLASH ANOTHER VERSION OR DOWNGRADE!!!IT HAS BEEN PROVEN FATAL!!!!
Flash the hboot on the device. Replace "V.VV" with hboot version (eg. 1.44, 1.45) and "X" with the one you got from the detect script. Plug the device in ONLY when asked to
Code:
sudo ./emmc_recover --flash dshotV.VV.nb0 --device /dev/sdX12 --backupafter hboot_f.nb0
Follow the on-screen instructions from emmc_recover. A successful flash should have this output:
Code:
511+1 records in
511+1 records out
1047808 bytes(1.0 MB) copied
Unplug the device, put SIM, microSD card and battery in and power on
Congratulations, the device is unbricked.
FLASH THE RUU IMMEDIATELY AFTER RECOVERING!! The device will be unstable after the recovery if you don't flash it.
Notes on the procedure:
If the device doesn't power on, get a copy of the hboot_f.nb0 and b_hboot.img (should be located in the home directory) and contact us
The connection between the device and the pc will be unstable, and will time out. You have to be quick when doing the above, specially while flashing. If the connection times out don't panic, just unplug and replug the device
Unity and automount are known to cause issues. We recommend getting rid of both
USB3 ports do not work properly. Please plug the device in a USB2 port
How to disable automount on ubuntu
Code:
gsettings set org.gnome.desktop.media-handling automount false
Downloads
For T-Mobile MyTouch 4G slide( Doubleshot):
32bit version MD5: 50a5f503151d37ccd3160d38afa7382a
64bit version MD5: eabe6061fcded077bb4a01432e17dd0e
Don't have a linux distro installed on your pc? We highly recommend this livecd
nice....i see this over on the sensation a lot.....so is it done or a wip
xmc wildchild22 said:
nice....i see this over on the sensation a lot.....so is it done or a wip
Click to expand...
Click to collapse
I believe the two posts above say it all
RELEASE BUMP!
hi
no experience on linux
[email protected]:~$ ./brickdetect.sh
Searching for bricked device...
The bricked device is on
Use the above node to perform operations using the emmc_recover tool
it\s not find something sdX
after i paste next command sudo ./emmc_recover --backup b_hboot.img --device /dev/sdX12
Searching for bricked device...
The bricked device is on
Use the above node to perform operations using the emmc_recover tool
[email protected]:~$ sudo ./emmc_recover --backup b_hboot.img --device /dev/sdX12
=== emmc_recover 0.2, written by Fuses =====
Messing up with device /dev/sdX12, ARE YOU SURE?
CTRL+C if not, ENTER to continue
Waiting device /dev/sdX12.......
Awesome thanks man!!!
nickmatine said:
hi
no experience on linux
[email protected]:~$ ./brickdetect.sh
Searching for bricked device...
The bricked device is on
Use the above node to perform operations using the emmc_recover tool
it\s not find something sdX
after i paste next command sudo ./emmc_recover --backup b_hboot.img --device /dev/sdX12
Searching for bricked device...
The bricked device is on
Use the above node to perform operations using the emmc_recover tool
[email protected]:~$ sudo ./emmc_recover --backup b_hboot.img --device /dev/sdX12
=== emmc_recover 0.2, written by Fuses =====
Messing up with device /dev/sdX12, ARE YOU SURE?
CTRL+C if not, ENTER to continue
Waiting device /dev/sdX12.......
Click to expand...
Click to collapse
Hey... Don't rush. You shouldn't be skipping steps or you might damage your pc for good . Check the connections and that your brick is one of the supported ones . That X should be a letter corresponding to the device
Sent from my HTC Sensation Z710e
downloads updated with fixed detection scripts. the output should be more clear now
after i put this code ./brickdetect.sh it says permision denided
sam.assad said:
after i put this code ./brickdetect.sh it says permision denided
Click to expand...
Click to collapse
Linux? try
Code:
chmod a+x brickdetect.sh
then
Code:
./brickdetect.sh
thanks for the code ..it does work but unfortunatlly i got this " device cant be detected. check connections
glecier works for?
ant0ni0 said:
glecier works for?
Click to expand...
Click to collapse
Glacier is a completely different device.
Hastily spouted for your befuddlement
Is there an IRC channel for this? My device is not being detected on the Ubuntu live CD but is on my windows 7 machine.
i have the mt4g glacier...
im running ubuntu (12.10)
i installed the files in the home directory in linux..
after i plug the phone up with no battery, etc...
and type ./brickdetect.sh
it says the device is not detected...
what am im doing wrong?
mrbubs3 said:
Is there an IRC channel for this? My device is not being detected on the Ubuntu live CD but is on my windows 7 machine.
Click to expand...
Click to collapse
yes, there is. #unbrick on irc.freenode.net
12manytimes said:
i have the mt4g glacier...
im running ubuntu (12.10)
i installed the files in the home directory in linux..
after i plug the phone up with no battery, etc...
and type ./brickdetect.sh
it says the device is not detected...
what am im doing wrong?
Click to expand...
Click to collapse
The Glacier is not supported.
Sent from the brick
I have a MT4GS that's showing in Windows as qhsusb_dload.
I tried to follow the direction in post 1, but I can't get any of my HTC phones to show in my Ubuntu VM.
GoPadge said:
I have a MT4GS that's showing in Windows as qhsusb_dload.
I tried to follow the direction in post 1, but I can't get any of my HTC phones to show in my Ubuntu VM.
Click to expand...
Click to collapse
How did you end up there?
VMs don't work btw
dexter93 said:
How did you end up there?
VMs don't work btw
Click to expand...
Click to collapse
Heh. It's a "new" phone off eBay. I already have a MT4GS on CM9 and I wanted to have a backup, so I've been stalking eBay for some good deals. This new phone is in relatively good shape, other than being bricked....
I can't install Ubuntu on my work PC (IT is sort of picky about that for some reason). But the VM has worked so far for flashing CM9 to both my HP TouchPad and my primary MT4GS. I do have an older Dell laptop that needs to have XP reinstalled anyway. I could skip that and move it to Ubuntu for good.
So I guess I'm sort of stuck on the qhsusb_dload MT4GS for now.
dexter93 said:
How did you end up there?
VMs don't work btw
Click to expand...
Click to collapse
Would a Live CD work?
I wrote the following attached PERL routines for reading/decrypting/decompressing and writing/encrypting/compressing adb backup format backup files.
The routines are:
backupdecrypt.pl: Decrypt (and decompress) android backup file
backupencrypt.pl: Encrypt (and decompress) android backup file
tarfix.pl: Fix broken tar files produced by android backup when using -shared flag
The first two routines allow for reading and writing to the standard ".ab" adb backup format.
Backupdecrypt.pl takes an '.ab' file as input and outputs a standard format tar file (which may be optionally gzip'd).
Backupencrypt.pl takes an arbitrary file (though typically it should be tar file) as input and outputs a standard ".ab" format backup file. Options include the ability to encrypt (or not) and deflate (or not) the backup. Also, one can automatically decompress most standard input formats before encrypting.
For encryption, passwords can be queried for or passed on the command line or read from a file.
NOTE: unfortunately the standard 'adb backup' routine seem to have a SEVERE *BUG* in it when using the '--shared' option in combination with certain other options.
First, the backup is not compressed even though the header claims it is. To get around this, backupdecrypt.pl has a --nocompress option to override the header.
Second, the encapsulated tar file is corrupted by the insertion of 4 extra bytes before every file header and before every group of 64 512-byte blocks of data.
The third routine tarfix.pl fixes this corruption and outputs a normal readable tar file. So, if you are not able to recover a valid tar backup file using backupdecrypt.pl, try doing the following:
backupdecrypt.pl --nocompress <backup.ab> <backupdata>
tarfix.pl backupdata | tar xv
Enjoy!
NOTE: I am incredibly grateful to Nikolay Elenkov for providing sample java routines and for help in understanding the encryption formats
Thanks for this. I was looking for away to peek into the backup file.
Problem decrypting
just what i was looking for, unfortunately, the tarfix.pl doesn't seem to like my backup.
Code:
[email protected]:~/Sandbox/transformerprime$ ~/bin/adbbackup/backupdecrypt.pl --nocompress backup.ab decrypted
the following is where things get funky. not recognized as a tar archive
Code:
[email protected]:~/Sandbox/transformerprime$ ~/bin/adbbackup/tarfix.pl decrypted | tar xv
Illegal binary digit ']' ignored at /home/user/bin/adbbackup/tarfix.pl line 107.
Wide character in oct at /home/user/bin/adbbackup/tarfix.pl line 107.
Illegal binary digit '�������������' ignored at /home/user/bin/adbbackup/tarfix.pl line 107.
tar: This does not look like a tar archive
tar: Skipping to next header
Illegal octal digit '8' ignored at /home/user/bin/adbbackup/tarfix.pl line 107.
Wide character in oct at /home/user/bin/adbbackup/tarfix.pl line 107.
Illegal binary digit '�������������' ignored at /home/user/bin/adbbackup/tarfix.pl line 107.
Illegal hexadecimal digit 'X' ignored at /home/user/bin/adbbackup/tarfix.pl line 107.
Illegal hexadecimal digit '' ignored at /home/user/bin/adbbackup/tarfix.pl line 107.
Illegal octal digit '9' ignored at /home/user/bin/adbbackup/tarfix.pl line 107.
Wide character in oct at /home/user/bin/adbbackup/tarfix.pl line 107.
Illegal binary digit '�������������' ignored at /home/user/bin/adbbackup/tarfix.pl line 107.
Wide character in oct at /home/user/bin/adbbackup/tarfix.pl line 107.
Fix for tarfix.pl issue
I had ran into issues with ADB backups performed under Android 4.0.4 before the JB upgrade (on a Samsung Galaxy Nexus). I did include the shared storage (accidentally or intentionally I don't remember) and I ran into this bug (Android issue 28303; sorry, I am new here and not allowed to post outside links). Some investigation revealed that while the backup was supposedly AES encrypted and "Deflate" compressed, this was only true for the first "part" of it. At around 150 MB into the file, a simple tar archive of the SD card content was appended. ADB was unable to restore any SD card content per the bug linked to above.
What I did to resolve:
Use a hex editor (HxD) to get to the start of the appended tar archive
Copy this part to a new ".tar" file
Experiment with tarfix.pl and run into the same issues as the previous poster
Look at the code and TAR file content and find out that 00 00 02 00 needs to be prepended to the tar file for tarfix.pl to do its job
Key learning was that the ADB backup tool will create plaintext, corrupted tar format backups that it cannot restore. It is problematic that while the user will believe they have an encrypted backup they can restore, they actually have a plaintext backup that they cannot restore...
Hi,
where did you get PBKDF2.pm from?
I couldnt find it in Fedora repos and the only one I got from the internat has an issue:
Undefined subroutine &Crypt:penSSL:BKDF2::derive called at ./backupdecrypt.pl line 266, <STDIN> line 1.
Thanks,
Klement
CPAN
All modules were pulled from CPAN directly (I had to use Cygwin as I was on the road), e.g. "perl -M CPAN -e shell" and then issuing "install Crypt:penSSL:BKDF2".
binaryhero said:
I had ran into issues with ADB backups performed under Android 4.0.4 before the JB upgrade (on a Samsung Galaxy Nexus). I did include the shared storage (accidentally or intentionally I don't remember) and I ran into this bug (Android issue 28303; sorry, I am new here and not allowed to post outside links). Some investigation revealed that while the backup was supposedly AES encrypted and "Deflate" compressed, this was only true for the first "part" of it. At around 150 MB into the file, a simple tar archive of the SD card content was appended. ADB was unable to restore any SD card content per the bug linked to above.
What I did to resolve:
Use a hex editor (HxD) to get to the start of the appended tar archive
Copy this part to a new ".tar" file
Experiment with tarfix.pl and run into the same issues as the previous poster
Look at the code and TAR file content and find out that 00 00 02 00 needs to be prepended to the tar file for tarfix.pl to do its job
Key learning was that the ADB backup tool will create plaintext, corrupted tar format backups that it cannot restore. It is problematic that while the user will believe they have an encrypted backup they can restore, they actually have a plaintext backup that they cannot restore...
Click to expand...
Click to collapse
I ran afoul of this (foolishly didn't finish the 30 page forum post on it before diving in ). I'm trying your perl solution now, but I'm afraid I'm unfamiliar with tar headers in a hex viewer. Could I trouble you for some pointers on how best to determine where the TAR starts? I understand there is some sort of header, but I can't figure out what to look for.
Thanks, though, the perl runs well and I'm learning alot (far more than I ever wanted, tbh) about tars,encrypted backups, adb, etc.
:good:
Thanks for your great tools! Here is some better way for unpacking?
dd if=mybackup.ab bs=1 skip=24 | openssl zlib -d > mybackup.tar
For packing (just need to add 24 butes to header (41 4E 44 52 4F 49 44 20 42 41 43 4B 55 50 0A 31 0A 31 0A 6E 6F 6E 65 0A)?
openssl zlib -in mybackup.tar -out gg.ab
Hope it helps! :good:
munjeni said:
Thanks for your great tools! Here is some better way for unpacking?
dd if=mybackup.ab bs=1 skip=24 | openssl zlib -d > mybackup.tar
For packing (just need to add 24 butes to header (41 4E 44 52 4F 49 44 20 42 41 43 4B 55 50 0A 31 0A 31 0A 6E 6F 6E 65 0A)?
openssl zlib -in mybackup.tar -out gg.ab
Hope it helps! :good:
Click to expand...
Click to collapse
Of course. You have to concatenate the created ab backup to the first 24 bytes.
Get the first 24 bytes of an unencrypted backup
Code:
dd if=mybackup.ab bs=24 count=1 of=first24
Concatenate
Code:
cp first24 backup.ab
openssl zlib -in mybackup.tar >> backup.ab
---------- Post added at 10:25 AM ---------- Previous post was at 10:21 AM ----------
binaryhero said:
All modules were pulled from CPAN directly (I had to use Cygwin as I was on the road), e.g. "perl -M CPAN -e shell" and then issuing "install Crypt:openSSL:BKDF2".
Click to expand...
Click to collapse
Says "Missing argument to -M."
You concatenation is wrong! Your command "cp" will overwrite backup.ab! You can concetate 2 files using "cat" for example "cat first24 backup.ab > new.backup.ab"
Do you have idea how I can generate timestamp of these file in "13 number" format?
<?xml version="1.0" encoding="UTF-8"?>
<recordset version="1" timestamp="1344764788434" size="61667">
<record name="back.ab" type="1" size="12662" order="1" catagory="1" id="back.ab"><packagelist><package>com.android.settings</package></packagelist></record>
</recordset>
Click to expand...
Click to collapse
Edit:
found a way for generating timestamt with 13 numbers
stat -c '%Y000' backup.ab
munjeni said:
You concatenation is wrong! Your command "cp" will overwrite backup.ab!
Click to expand...
Click to collapse
Of course, you have to use different names.
binaryhero said:
I had ran into issues with ADB backups performed under Android 4.0.4 before the JB upgrade (on a Samsung Galaxy Nexus). I did include the shared storage (accidentally or intentionally I don't remember) and I ran into this bug (Android issue 28303; sorry, I am new here and not allowed to post outside links). Some investigation revealed that while the backup was supposedly AES encrypted and "Deflate" compressed, this was only true for the first "part" of it. At around 150 MB into the file, a simple tar archive of the SD card content was appended. ADB was unable to restore any SD card content per the bug linked to above.
What I did to resolve:
Use a hex editor (HxD) to get to the start of the appended tar archive
Copy this part to a new ".tar" file
Experiment with tarfix.pl and run into the same issues as the previous poster
Look at the code and TAR file content and find out that 00 00 02 00 needs to be prepended to the tar file for tarfix.pl to do its job
Key learning was that the ADB backup tool will create plaintext, corrupted tar format backups that it cannot restore. It is problematic that while the user will believe they have an encrypted backup they can restore, they actually have a plaintext backup that they cannot restore...
Click to expand...
Click to collapse
Hi al!
I also ran into the problem, that my .ab backup created with -shared option can't be restored.
Running backupdecrypt.pl seems to work fine, but tar archive is corrpted. But not the whole file: e.g. Ark sees some files and folders both from apps and storage. When using tarfix.pl i get same errors like trogdan in 3rd post.
To me it seems, that not every file in the tar archive is corrupted. I tried with cpio to rescue at least something and it runs quite a while. It also can read files from storage folder, but fails then somewhere in the middle (to be specific: i have a TitaniumBackup folder in storage. cpio can copy some of the files from this folder, but then fails at others. i don't know, why the corrupted segment should start somewhere and not at the beginning of storage...)
binaryhero and others: could you be please more specific how you managed to repair the .ab file or at least rescued the containing files? I would like to know, how to get tarfix.pl working. Is it possible, that only segments of the .ab file are corrupted? how can i identify them?
Any help and hints are highly appreciated! Thanks in advance! LLAP _\V/, bye Marc.
marchard said:
Hi al!
I also ran into the problem, that my .ab backup created with -shared option can't be restored.
Click to expand...
Click to collapse
Create an adb backup with the apps/ folder only, and the shared/ is just the sdcard you can restore it with another adb backup or manually, for example via ftp.
scandiun said:
Create an adb backup with the apps/ folder only, and the shared/ is just the sdcard you can restore it with another adb backup or manually, for example via ftp.
Click to expand...
Click to collapse
Unfortunately dataloss occurred. that means, it is essential for me, to read somehow the content of .ab file.
marchard said:
Unfortunately dataloss occurred. that means, it is essential for me, to read somehow the content of .ab file.
Click to expand...
Click to collapse
zlib has to be able to process the ab file (considering that has no password). If zlib doesn't work, I don't know how could you workaround that, but seems impossible to me.
munjeni said:
You can concetate 2 files using "cat" for example "cat first24 backup.ab > new.backup.ab"
Click to expand...
Click to collapse
To overwrite is this operator: >
To binary append this one: >>
So in this case is being done right.
Hi all! I'm having a few problems, and not really sure where I'm going wrong so hoping you can help. I am coming from froyo (rooted) to jelly bean (not rooted), so cannot use adb backup on the froyo phone, and cannot use adb push on jelly bean (don't want to root my htc one x+). So at the moment I haven't got many options to transfer my app data from my froyo phone to jelly bean.
At the moment, my plan is to use adb pull on the froyo phone to grab my "app data" (specifically angry birds), and then use adb backup on the jelly bean phone to create a .ab file. I then use the OPs perl files to convert the .ab file to a .tar, and then extract that file (on Ubuntu 12.04), replace the app data in the extracted folder with my froyo app data, compress that back to a .tar, then use the perl file to convert back to .ab. I then use adb restore to restore the backup. However, when I then go into angry birds, its just reset and there is no save data. Can anybody see if there is anything wrong with what i'm doing?
cn198 said:
Hi all! I'm having a few problems, and not really sure where I'm going wrong so hoping you can help. I am coming from froyo (rooted) to jelly bean (not rooted), so cannot use adb backup on the froyo phone, and cannot use adb push on jelly bean (don't want to root my htc one x+). So at the moment I haven't got many options to transfer my app data from my froyo phone to jelly bean.
At the moment, my plan is to use adb pull on the froyo phone to grab my "app data" (specifically angry birds), and then use adb backup on the jelly bean phone to create a .ab file. I then use the OPs perl files to convert the .ab file to a .tar, and then extract that file (on Ubuntu 12.04), replace the app data in the extracted folder with my froyo app data, compress that back to a .tar, then use the perl file to convert back to .ab. I then use adb restore to restore the backup. However, when I then go into angry birds, its just reset and there is no save data. Can anybody see if there is anything wrong with what i'm doing?
Click to expand...
Click to collapse
I am almost 100% sure that you are generating an invalid tar file.
scandiun said:
I am almost 100% sure that you are generating an invalid tar file.
Click to expand...
Click to collapse
Is there a unique attribute applied to the original tar file then? Any idea how to generate a valid tar file?
cn198 said:
Is there a unique attribute applied to the original tar file then? Any idea how to generate a valid tar file?
Click to expand...
Click to collapse
It's not that simple. I am writing a guide based on a third party software for the purpose of Android backups. I'll post here as soon as is published. I hope to have it completed in a day our do.
scandiun said:
It's not that simple. I am writing a guide based on a third party software for the purpose of Android backups. I'll post here as soon as is published. I hope to have it completed in a day our do.
Click to expand...
Click to collapse
That sounds great, looking forward to seeing your efforts! :good: