I WILL NOT TAKE ANY RESPONSABILITY FOR WHAT HAPPENS TO YOUR PHONE. THIS IS AT YOUR OWN RISK. THIS IS ONLY TRIED ON VERSION 1.1, 1.5 AND 1.6 ON THE DEVELOPER PHONE.
I was fed up with having to hold a and o for my swedish chars, so couple of hours ago I decided to create a swedish layout, and here's how you can do it too. You need an unlocked android phone, such as the Dev1. I will also assume that you have and know how to use the SDK. Connect your phone to your computer and run:
Code:
adb shell
In the shell run getprop and find hw.keyboards.0.devname. This for me is trout-keypad-v3. If it's the same for you, do the following, otherwise change accordingly.
Code:
adb pull /system/usr/keychars/trout-keypad-v3.kcm.bin Desktop/
You now have a copy of the keychar-binary on your desktop, make sure to backup it. Open it in a binary editor, and you will find a file coded with an intro followed by lots of data coded as below (not documented, therefore not guarantied, but I feel pretty certain it's right, dots are 0x00):
..char.numberchar.smallchar.bigchar.smallspecial.bigspecial.(keycode+1).
For example, my A looked like:
..A.2.a.A.a.A.?.
What I want it to look like is:
..A.2.a.A.å.Å.?.
If your hex-editor allows that then congrats to you, mine didn't. What I had to do was to use a ascii-table (http://www.ascii-code.com/) and use teh hex code.
00 00 41 00 32 00 61 00 41 00 61 00 41 00 1E 00
...should therefore be...
00 00 41 00 32 00 61 00 41 00 E5 00 C5 00 1E 00
I now have å and Å on my a-button. The next button for me, Z, could be done using the exact same tactic. The fun part came with X. Notice the coding:
00 00 58 00 39 00 78 00 58 00 78 00 00 EF 35 00
The problem here is EF, which is there to make sure that there is not a ... in the middle of the char-code. What we do here is therefore to change the EF to 00 when we change the 00 before it. The result would therefore be:
00 00 58 00 39 00 78 00 58 00 F6 00 D6 00 35 00
Now let's save the file. We can send it to the device with the following code. THIS WILL REPLACE YOUR CURRENT LAYOUT.
Code:
adb root
adb remount
adb push trout-keypad-v3.kcm.bin /system/usr/keychars/
For security reasons I would recommend you to always reboot your phone after running adb remount, since this will leave your /system more vulnerable then usual.
Now we can restart the phone, and hopefully it will have a new working layout. If the layout is totally different from yours (for example alt+a is #) that means the encoding of the new file is wrong, and another layout is used. If this happens I recommend you start from the beginning, it doesn't take much time, and small errors can be avoided. You can do as above to reset your old layout:
Code:
adb root
adb remount
adb push trout-keypad-v3.kcm.bin.backup /system/usr/keychars/trout-keypad-v3.kcm.bin
My working swedish layout is attached. alt+a => å, alt+z => ä, alt+x => ö.
Hope you will appreciate this as much as I do.
Thanks to Joushou for all the help in #android.
Thank you! this is fantastic. I just have to figure out how this would work with asian fonts
Thanks maybe everybody can put the different layout in this thread.
In France we have azerty layout.
Great thanks!
Would be interesting to be able to SWITCH layouts.
I salute you sir for this easy guide!! Though using notepad ++ i didnt even use hex view! but just chose to see through the null null crap on the screen!! Total matrixe experience! But i definetly vote to get this a sticky for easy goofing with keyboard layouts!
Works great on Haykuro 1.5, changed a to ä and z to ö. Writing finnish on a mobile phone has never been so easy
Tack ska du ha!
Now that would be fun to do the same but by modifying the on-screen keyboard
Just modified the keypad for qwertz to work with haykuro 6hr1.
Download is in the attachment!
Text version of QWERTZ kcm
Hello-
Does any one have the text version of qwertz.kcm.bin?
Thanks.
Hey,
If I've changed that layout will that effect the virtual keyboard layout in 1.5.
If it's not, how can I change the layout for the virtual keyboard.
regards
Nice to see that this is appreciated.
Hamdan919 said:
Hey,
If I've changed that layout will that effect the virtual keyboard layout in 1.5.
If it's not, how can I change the layout for the virtual keyboard.
regards
Click to expand...
Click to collapse
No, it will not. To change the virtual layout you have to program a new layout, or wait for someone else to do it. There are alternative virtual keyboards to download from the market. Make sure that the virtual keyboard does not have internet privileges though, since the virtual keyboard can listen to every single key you push, even on the hardware keyboard. This means that the virtual keyboard can modify the hardware keyboard though, but I haven't seen that except for a bug in a layout.
I don't mind programming the french layout, can you tell me where to find the default qwerty keyboard to alter for the VK?
Right now I have the french layout for the physical keyboard and just miss the VK on my jf1.51 build.
Regards
DJ_Spray said:
I don't mind programming the french layout, can you tell me where to find the default qwerty keyboard to alter for the VK?
Right now I have the french layout for the physical keyboard and just miss the VK on my jf1.51 build.
Regards
Click to expand...
Click to collapse
http://android.git.kernel.org/?p=platform/packages/inputmethods/LatinIME.git;a=summary
Sry for refreshing such an old Thread but i want to ask something.
Is there any way to do this, without adb?
Rey-619 said:
Sry for refreshing such an old Thread but i want to ask something.
Is there any way to do this, without adb?
Click to expand...
Click to collapse
As long as you have root. Get into your phone, write:
Code:
dd if=/system/usr/keychars/trout-keypad-v3.kcm.bin of=/sdcard/keypad
Now you can get the file off your sdcard, and do back it up. When you are ready just put it back. Before you can put it back you will have to remount your /system mount with write access. Run mount and look what is before /system. In my case the line looks like:
/dev/block/mtdblock3 /system yaffs2 ro 0 0
In my case I would therefore write:
Code:
su
mount -o rw,remount /dev/block/mtdblock3 /system
dd if=/sdcard/keypad of=/system/usr/keychars/trout-keypad-v3.kcm.bin
This should work as well as the adb method described in original post.
dd if=/system/usr/keychars/trout-keypad-v3.kcm.bin of=/sdcard/keypad
-> /keypad: canot open for write: Read-only file system
I have root.
Have i type this in terminal commander? right? ore in Bootloader?
Rey-619 said:
dd if=/system/usr/keychars/trout-keypad-v3.kcm.bin of=/sdcard/keypad
-> /keypad: canot open for write: Read-only file system
I have root.
Have i type this in terminal commander? right? ore in Bootloader?
Click to expand...
Click to collapse
You are supposed to put it into a terminal. You do have a sdcard, right? Is it mounted to the computer when you try to run the command? If it is, the unmount it and try again.
i tryed both ^^
damn i need the german keyboard layout xD
Rey-619 said:
i tryed both ^^
damn i need the german keyboard layout xD
Click to expand...
Click to collapse
Could you give me the output of mount that includes /sdcard as second argument?
mhm.... xD
Code:
$ mount
rootfs /dev tmpfs rw,mode=755 0 0
devpts /dev/pts devpts rw,mode=600 0 0
proc /proc proc rw 0 0
sysfs /sys sysfs rw 0 0
tmpfs /sqlite_smt_journals tmpfs rw=,size=4096k 0 0
/dev/block/mtdblock3 /system yaffs2 ro 0 0
/dev/block/mtdblock5 /data yaffs2 rw,nosiud,nodev 0 0
/dev/block/mtdblock4 /cache yaffs2 rw,nosuid,nodev 0 0
/dev/block/mmcblk0p2 /system/sd ext3 rw,noatime,nodiratime,errors=continue,data=ordered 0 0
/dev/block//vold/179:1 /sdcard vflat rw,dirsync,nosuid,nodev noexec,uid=100,gid=1000,fmask=0000,dmask=0000,allow_utime=0022,codepage=cp437,iocharset=iso8859-1,shortname=mixed,utf8 0 0
#
Related
Very soon I will receive a new phone (TyTnII) and I would want a full backup of my phone. The new phone will be flashed with my current phone and thus containing all my current settings and software. I think the only way to do this, is by dumping (cooking) and restoring (flashing) a ROM of my current phone. -Maybe I could be wrong-
Is there a "dumping ROM" -thread for dummies? In each and every thread there are parts of the solution, but nowhere a step-by-step description is to be found. In most of the threads people mention the programming code they use to dump a ROM, is a user-friendly user interface (GUI?) for cooking and flashing already available? Btw, after reading and searching on this superb site for some 3 days, I found out all I needed to know about flashing. Currently using a Dutty ROM with separately flashed RADIO. LAS, for cooking no solution seems to be at hand.
Hoping to find a solution, if you are so kind to respons, please no "use the search-section" or "read W.I.K.I. please" - been there, done that - and make sure to use all related links. Maybe this thread might become a first try to build a real "Cooking and flashing for dummies".
With kind regards,
Gert Beckers
Belgium
GertBeckers said:
Very soon I will receive a new phone (TyTnII) and I would want a full backup of my phone. The new phone will be flashed with my current phone and thus containing all my current settings and software. I think the only way to do this, is by dumping (cooking) and restoring (flashing) a ROM of my current phone. -Maybe I could be wrong-
Is there a "dumping ROM" -thread for dummies? In each and every thread there are parts of the solution, but nowhere a step-by-step description is to be found. In most of the threads people mention the programming code they use to dump a ROM, is a user-friendly user interface (GUI?) for cooking and flashing already available? Btw, after reading and searching on this superb site for some 3 days, I found out all I needed to know about flashing. Currently using a Dutty ROM with separately flashed RADIO. LAS, for cooking no solution seems to be at hand.
Hoping to find a solution, if you are so kind to respons, please no "use the search-section" or "read W.I.K.I. please" - been there, done that - and make sure to use all related links. Maybe this thread might become a first try to build a real "Cooking and flashing for dummies".
With kind regards,
Gert Beckers
Belgium
Click to expand...
Click to collapse
Are you sure you've read all the Relevant wiki pages?
This has instructions for Dumping and Reconstructing a ROM.
If you want to read these and make you own tutorial, feel free, but don't ask others to do it for you.
Kyphur says it best: http://forum.xda-developers.com/showpost.php?p=2031989&postcount=45
Ta
Dave
"IF YOU DON'T CARE ABOUT UNDERSTANDING THE JOURNEY THEN YOU PROBABLY SHOULDN'T BE HERE IN THE FIRST PLACE." is exactly what I mean with "In each and every thread there are parts of the solution". Nowhere the -part- of the solution is in clear english. Can I give you an example from your link?
How to dump a ROM :
"$ ./pdocread.exe -l
210.38M (0xd260000) FLASHDR
| 3.12M (0x31f000) Part00
| 3.50M (0x380000) Part01
| 69.38M (0x4560000) Part02
| 134.38M (0x8660000) Part03
STRG handles:
handle e7489c1a134.38M (0x8660000)
handle 474960e6 69.38M (0x4560000)
handle c74b0fda 3.50M (0x380000)
handle 074b0eee 3.12M (0x31f000)
disk e7489c1a
0 partitions, 0 binary partitions
customerid=00000000 uniqueid= 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
disk 474960e6
0 partitions, 0 binary partitions
customerid=00000000 uniqueid= 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
disk c74b0fda
0 partitions, 0 binary partitions
customerid=00000000 uniqueid= 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
disk 074b0eee
0 partitions, 0 binary partitions
customerid=00000000 uniqueid= 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00"
?????????????????????????????????????????????????????????????????????
Maybe some people forget that not everybody is a programmer! Seems to me something is missing here? Anyone can explain to me what the h*ll this means?
Next line:
"DUMP THEM!
Code:
pdocread -w -d FLASHDR -b 0x800 -p Part00 0 0x31f000 Part00.raw
pdocread -w -d FLASHDR -b 0x800 -p Part01 0 0x380000 Part01.raw
pdocread -w -d FLASHDR -b 0x800 -p Part02 0 0x4560000 Part02.raw
pdocread -w -d FLASHDR -b 0x800 -p Part03 0 0x8660000 Part03.raw"
And again something seems to be missing here. Maybe some people forget that not everybody is a programmer!
Anyone can explain to me what the h*ll this means?
Thus my remark:
"Hoping to find a solution, if you are so kind to respons, please no "use the search-section" or "read W.I.K.I. please" - been there, done that -" Maybe -I admid- I should have added: "Are you sure you've read all the Relevant wiki pages?" and "If you want to read these and make you own tutorial, feel free, but don't ask others to do it for you."
Good teachers are just thais hard to find. Thanks for the response anyway, but I will just keep on looking for a clear and understandable explanation and/or guideline.
kind regards,
Gert Beckers
Belgium.
GertBeckers said:
Maybe some people forget that not everybody is a programmer!
Click to expand...
Click to collapse
This is XDA-Developers and your posting in the ROM Development forum. A certain level of understanding is expected.
May I suggest you look at backup software such as Sprite or SPB Backup instead or dumping and reconstructing your ROM.
Thanks
Dave
Sprite backup works great and btw Gert,
those are command line instructions-pretty straightforward actually.
Thank you for your reply , I used "SPB Backup". I just hope this nifty little tool will also make a backup of all installed software (but I doubt it).
Btw, my new 8GB Ultra II SD SDHC Memory Card just arrived!
Sir Thanks-a-lot,
Gert Beckers
GertBeckers said:
Thank you for your reply , I used "SPB Backup". I just hope this nifty little tool will also make a backup of all installed software (but I doubt it).
Btw, my new 8GB Ultra II SD SDHC Memory Card just arrived!
Sir Thanks-a-lot,
Gert Beckers
Click to expand...
Click to collapse
Sprite does-use it all the time, not sure about SPB, haven't used it.
GertBeckers said:
Thank you for your reply , I used "SPB Backup". I just hope this nifty little tool will also make a backup of all installed software (but I doubt it).
Btw, my new 8GB Ultra II SD SDHC Memory Card just arrived!
Sir Thanks-a-lot,
Gert Beckers
Click to expand...
Click to collapse
SPB Backup 2.0 will backup your entire ROM won't it?
Dave
This is becoming less and less of a developer site and more and more of a whinning, lazy a$$, "help me do what I can't do for myself". These users aren't even willing to read and then they retort back with indignation.
By the way, DaveShaw is kind of a big deal here. He doesn't have over 1200 posts because he is too lazy to read or do some research on his own. He has been helping and developing. Show some respect or be ready to be ignored.
kimtyson said:
This is becoming less and less of a developer site and more and more of a whinning, lazy a$$, "help me do what I can't do for myself". These users aren't even willing to read and then they retort back with indignation.
By the way, DaveShaw is kind of a big deal here. He doesn't have over 1200 posts because he is too lazy to read or do some research on his own. He has been helping and developing. Show some respect or be ready to be ignored.
Click to expand...
Click to collapse
... and hot water might have been invented on this "whining-site" over and over again. Thank you for you constructive info and positive feedback.
Since everything is going downhill, and most of you are having a bad day, it might be the moment to close this topic?
Sir Grins-a-lot,
Ger Beckers
This topic shouldn't be opened.
Gert,
I'm not having a bad day.
The ROM dumping instructions are in command line format and as Dave has pointed out, all that info is available in the ROM dumping thread. Read it and try it yourself, works great to dump ROM's.
kristoff_sz said:
This topic shouldn't be opened.
Click to expand...
Click to collapse
I agree. Can we drop this, please.
When a Moderator get's on this thread should be closed.
-Question asked, advice given. End of Discussion.
Dave
hey man,
Well, I haven't tried it, but here's some easy step-by-step instructions on how to dump a ROM:
1. I just put all the necessary files in this folder:
http://www.mediafire.com/download.php?jc1xtnpqnxj
Download it and extract it to your C: drive.
2. Plug in your device
3. Open a Command Prompt and type in the following:
Code:
cd C:\
Code:
pdocread -l
This should bring output something like this:
Code:
210.38M (0xd260000) FLASHDR
| 3.12M (0x31f000) Part00
| 3.50M ([COLOR="orange]0x380000[/COLOR]) Part01
| 69.38M ([COLOR="orange"]0x4560000[/COLOR]) Part02
| 134.38M (0x8660000) Part03
STRG handles:
handle e7489c1a134.38M (0x8660000)
handle 474960e6 69.38M (0x4560000)
handle c74b0fda 3.50M (0x380000)
handle 074b0eee 3.12M (0x31f000)
disk e7489c1a
0 partitions, 0 binary partitions
customerid=00000000 uniqueid= 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
disk 474960e6
0 partitions, 0 binary partitions
customerid=00000000 uniqueid= 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
disk c74b0fda
0 partitions, 0 binary partitions
customerid=00000000 uniqueid= 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
disk 074b0eee
0 partitions, 0 binary partitions
customerid=00000000 uniqueid= 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Look at the orange items at the top. I've made these orange to make note that when you do this, those numbers will probably be different. So, open Notepad and copy and paste the numbers you see there. Now do this:
Code:
pdocread -w -d FLASHDR -b 0x800 -p Part01 0 [COLOR="orange"]0x380000[/COLOR] Part01.raw
NOTE: Replace the orange numbers with the first set of numbers you took down.
Do the same with this, except replace the orange numbers with the second set of numbers you took down:
Code:
pdocread -w -d FLASHDR -b 0x800 -p Part02 0 [COLOR="orange"]0x4560000[/COLOR] Part02.raw
NOTE: this line might take a while, but don't close the window until it's done.
OK, if done correctly, you should have Part01.raw and Part02.raw in your C:\ drive.
Now, download this file:
http://www.megaupload.com/?d=5NA811QP
and extract it to your C: drive
Now go to your C drive, cut Part01.raw and Part02.raw and paste them in C:\kaiserkitchen\BaseROM.
Now download this file:
http://210.64.124.194/download/TyTN II_SEA_WM6.1_Upgrade_20080602.zip
and take the RUU_signed out of it and place it in C:\kaiserkitchen\BaseROM
then go into C:\kaiserkitchen, double-click on KaiserKitchen.cmd, press e, then press b.
4. Cook the ROM.
Now cook the ROM by following the steps here:
http://wiki.xda-developers.com/index.php?pagename=Kaiser ROM Kitchen Tutorial
although, make sure you do not add any packages
You're done, hope it helps
Eric Draven,
Finally some one who understands the true meaning of a forum!
Thanks a lot for the clear and understandable explanation. I'm sure that I will finally be able to cook my own ROM, I hope that this tread might be used by plenty other seekers At least finally the title of the thread correspond with its content!
Just one last question; at the end of your reply you wrote: "although, make sure you do not add any packages" What kind of packages do you mean? Is installed software considered "packages"?
Sir Thanks-a-lot,
Gert Beckers
Belgium
Eric Draven,
Finally some one who understands the true spirit of a forum: helping others! At last the title of the thread corresponds with its content! No *****ing or wining, just helping! Respect!
I hope this final and conclusif answer might help tons of others in cooking their own ROM!
What do you mean with: "although, make sure you do not add any packages". Is any installed software considered "packages"?
Sir Thanks-a-lot,
Gert Beckers
Belgium
GertBeckers said:
Eric Draven,
Finally some one who understands the true meaning of a forum!
Thanks a lot for the clear and understandable explanation. I'm sure that I will finally be able to cook my own ROM, I hope that this tread might be used by plenty other seekers At least finally the title of the thread correspond with its content!
Just one last question; at the end of your reply you wrote: "although, make sure you do not add any packages" What kind of packages do you mean? Is installed software considered "packages"?
Sir Thanks-a-lot,
Gert Beckers
Belgium
Click to expand...
Click to collapse
Packages are the Equivelant of CABs that you use when Cooking ROMs.
i.e. You would use a new Dialer Package and Cook that into your ROM, rather than install a CAB.
When using the Kitchen, you get to pick what packages you would like.
All of this is in the ROM Cooking Wiki.
Thanks
Dave
Dave- Finally someone who understands the true spirit of a forum: helping others to help themselves.
GertB- You remain thick as a brick! And you double posted.
Oh, and though you "are sure you will finally be able to cook your own ROM" I am not as confident. You don't even understand what packages are. I suggest you stop posting and begin reading a little. Then best of luck to you. I will wait with baited breath for your excellent ROM addition to the forums.
Here is a link to the ROM KITCHEN TUTORIAL, http://forum.xda-developers.com/showthread.php?t=349895&highlight=ROM+cooking+WIKI, posted before you decided to join the party. I'd say "title of the thread correspond with its content".
kimtyson said:
GertB- You remain thick as a brick! And you double posted.
Click to expand...
Click to collapse
I believe that was a mistake, and I'm pretty sure he did not mean to bump this thread
@GertBeckers: Yes, when I say "Do not add any packages" I am talking about the software you would usually add when cooking a ROM
[Hack] Root Phones ("exploit needless" method)
How I root any ROM on (almost?) any Android Phone
My Phone simply needs to fullfill one requirement:
I MUST be able to flash the recovery.img standalone!
Chapter One: unpack, edit and repack recovery.img
I will use these Linux programs:
split bootimg (Thanks to William Enck)
mkbootimg (compiled from AOSP source)
...the former splits the recovery.img into kernel and ramdisk...
...the latter repack all togheteher...
...For example I'll try these commands on a clockworkmod recovery from an HTC desire (I download 5.0.2.0-bravo from ClockWorkMod)...
Linux Side:
Code:
[email protected] $ split_bootimg.pl recovery-clockwork-5.0.2.0-bravo.img
Page size: 2048 (0x00000800)
Kernel size: 1831224 (0x001bf138)
Ramdisk size: 1291948 (0x0013b6ac)
Second size: 0 (0x00000000)
Board name:
Command line: no_console_suspend=1 msmsdcc_sdioirq=1 wire.search_count=5
Writing recovery-clockwork-5.0.2.0-bravo.img-kernel ... complete.
Writing recovery-clockwork-5.0.2.0-bravo.img-ramdisk.gz ... complete.
[email protected] $
I write down parameters needed later on:
Page Size = 2048
Command line = 'no_console_suspend=1 msmsdcc_sdioirq=1 wire.search_count=5'
HexEditing Lookout of recovery.img header:
Code:
[email protected] $ hexedit recovery-clockwork-5.0.2.0-bravo.img
00000000 41 4E 44 52 4F 49 44 21 38 F1 1B 00 00 80 00 20 ANDROID!8......
00000010 AC B6 13 00 00 00 00 21 00 00 00 00 00 00 F0 20 .......!.......
00000020 00 01 [COLOR=#0000ff][B]00[/B][/COLOR] [COLOR=red][B]20[/B][/COLOR] 00 08 00 00 00 00 00 00 00 00 00 00 ... ............
00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000040 6E 6F 5F 63 6F 6E 73 6F 6C 65 5F 73 75 73 70 65 no_console_suspe
00000050 6E 64 3D 31 20 6D 73 6D 73 64 63 63 5F 73 64 69 nd=1 msmsdcc_sdi
00000060 6F 69 72 71 3D 31 20 77 69 72 65 2E 73 65 61 72 oirq=1 wire.sear
00000070 63 68 5F 63 6F 75 6E 74 3D 35 00 00 00 00 00 00 ch_count=5......
I use the highlighted address ordered as follows:
base = 0x20000000
Now I simply repack alltoghether.. just to check new file vs old one:
Code:
[email protected] $ mkbootimg --kernel recovery-clockwork-5.0.2.0-bravo.img-kernel --ramdisk recovery-clockwork-5.0.2.0-bravo.img-ramdisk.gz --base 0x20000000 --pagesize 2048 --cmdline 'no_console_suspend=1 msmsdcc_sdioirq=1 wire.search_count=5' -o recovery_new.img
[email protected] $
[email protected] $ diff recovery-clockwork-5.0.2.0-bravo.img recovery_new.img
[email protected] $
No warnings, binary files don't differ...
Editing ramdisk:
Code:
[email protected] $ mkdir ramdisk
[email protected]ndalf $ cd ramdisk/
[email protected] $ gunzip -c ../recovery-clockwork-5.0.2.0-bravo.img-ramdisk.gz | cpio -i
4294 blocks
[email protected] $ ls -l
totale 144
drwxrwx--x 2 doc doc 4096 23 nov 23.56 data
-rw-r--r-- 1 doc doc 2615 23 nov 23.56 [B]default.prop[/B]
drwxr-xr-x 2 doc doc 4096 23 nov 23.56 dev
drwxr-xr-x 2 doc doc 4096 23 nov 23.56 etc
-rwxr-x--- 1 doc doc 94372 23 nov 23.56 init
-rwxr-x--- 1 doc doc 691 23 nov 23.56 init.rc
drwxr-xr-x 2 doc doc 4096 23 nov 23.56 proc
drwxr-xr-x 3 doc doc 4096 23 nov 23.56 res
drwxr-x--- 2 doc doc 4096 23 nov 23.56 sbin
drwxr-xr-x 2 doc doc 4096 23 nov 23.56 sys
drwxr-xr-x 3 doc doc 4096 23 nov 23.56 system
drwxr-xr-x 2 doc doc 4096 23 nov 23.56 tmp
-rw-r--r-- 1 doc doc 0 23 nov 23.56 ueventd.goldfish.rc
-rw-r--r-- 1 doc doc 4027 23 nov 23.56 ueventd.rc
[email protected] $
I'm going to modify one line of default.prop from
Code:
...
ro.secure=[B]1[/B]
...
to
Code:
...
ro.secure=[B]0[/B]
...
WARNING: clockworkmod recoveries could already have ro.secure set to 0
Repack ramdisk:
Code:
[email protected] $ find . | cpio -o -H newc | gzip > ../recovery-clockwork-5.0.2.0-bravo.img-ramdisk.gz
4295 blocks
[email protected] $ cd ..
[email protected] $
Repack recovery.img (as showed before):
Code:
[email protected] $ mkbootimg --kernel recovery-clockwork-5.0.2.0-bravo.img-kernel --ramdisk recovery-clockwork-5.0.2.0-bravo.img-ramdisk.gz --base 0x20000000 --pagesize 2048 --cmdline 'no_console_suspend=1 msmsdcc_sdioirq=1 wire.search_count=5' -o recovery_new.img
[email protected] $
Chapter Two: flash recovery.img to phone
I own a Samsung Galaxy Next, so I need to create an Odin Ready Archive and so on...
Different phone brands need different flash methods, I bet...
Chapter Three: Rooting
I need android sdk and I try android debug bridge...
...on a not rooted phone:
Code:
(i686) [email protected] $ adb shell
[B]$[/B] su
Permission denied
[B]$[/B]
...and on a rooted one:
Code:
(i686) [email protected] $ adb shell
[B]$[/B] su
[B]#[/B]
Now, starting the phone in recovewry mode with ro.secure=0, connecting with "adb shell" I find:
Code:
[email protected] $ adb shell
#
Already a root shell! No exploit needed!
Take a look to /system:
Code:
# mount
...
/dev/block/mmcblk0p3 /system ext4 [B]rw[/B],relatime,barrier=1,data=ordered 0 0
...
WOW! already "read-write" mounted... (if not mounted I can easily remount it "rw"... I'm root!)
Now, having su binary, Superuser.apk and busybox in the linux working directory:
Linux side:
Code:
[email protected] $ adb push su /system/xbin
417 KB/s (22228 bytes in 0.051s)
[email protected] $ adb push su /system/bin
529 KB/s (22228 bytes in 0.041s)
[email protected] $ adb push busybox /system/xbin
5061 KB/s (1674712 bytes in 0.323s)
[email protected] $
Anyway it should be better to make a backup of old su binary before overwriting it (adb pull /system/bin/su su-old)
"adb shell":
Code:
# chown root.shell /system/bin/su
# chmod 06755 /system/bin/su
# chown root.shell /system/xbin/su
# chmod 06755 /system/xbin/su
# chmod 04755 /system/xbin/busybox
#
WARNINNG: ordered commands
Linux:
Code:
[email protected] $ adb push com.noshufou.android.su-1.apk /system/app/Superuser.apk
5198 KB/s (843503 bytes in 0.158s)
[email protected] $
"adb shell":
Code:
# chmod 644 /system/app/Superuser.apk
#
THAT'S ALL FOLKS!
reboot system now!
...
Code:
[email protected] $ adb shell
$ su
#
Enjoy!
...no exploit needed...
...
...Simply Linux Way of Hacking!...
Doc,
I dont get any command line: ...
in stock recovery/boot image.
can i just edit the default.prop of stock recovery img and flash it as PDA? or one package?
also does this not work when done to the boot.img?
roofrider said:
...I dont get any command line: ...
in stock recovery/boot image.
Click to expand...
Click to collapse
Command Line is optional, and usually - for example - you don't get anyone on Samsung Galxy Phone... for the HTC used in the example, instead, there was one, needed to tune the boot parameters on runtime...
can i just edit the default.prop of stock recovery img and flash it as PDA? or one package?
Click to expand...
Click to collapse
Surely you can! This Thread is exactly what you said: "change one file in stock recovery image"... all the rest is explanation on how I did it...
also does this not work when done to the boot.img?
Click to expand...
Click to collapse
Loud and Clear! Boot works in the same way but I prefer not to unsecure the system too much... cause any app could gain root privileges without asking for whenever she wants...
...whilst I'm the only one who decide to enter Recovery Mode...
Hi.
Even I can read on /tmp/recovery.log:
Code:
[property list]
ro.secure=0
ro.allow.mock.location=0
I get a normal user prompt on adb shell when phone is recovery boot.
So I guess I need some more tunning for make this work on a Samsung Galaxy Mini.
Thanks anyway. I've learnt how to build images with this post :good:
Galaxi Mini too!
XiR_ said:
Hi.
Even I can read on /tmp/recovery.log:
Code:
[property list]
ro.secure=0
ro.allow.mock.location=0
I get a normal user prompt on adb shell when phone is recovery boot.
So I guess I need some more tunning for make this work on a Samsung Galaxy Mini.
Thanks anyway. I've learnt how to build images with this post :good:
Click to expand...
Click to collapse
I own a Galaxy Mini too and I just get the same issue while testing Gingerbread 2.3.6 S5570XWKTN; my previous release was S5570XIKQC (2.3.4) where I got easy superuser rights on connection...
Maybe there is something more to check for...
Actually I have two simple workarounds to root, anyway, the working system as explained above:
I flash an old Recovery (2.3.4)! no real need to bump to 2.3.6 other then "on working system" (here there is my one: CODE_S5570XIKQC_recovery.tar.md5)
I flash (my current option) a CWM based recovery (here there is my one, freshly compiled from Mebitek Cyanogen 7.2 Unofficial Source: CODE_S5570CYANO_recovery.tar.md5 - CWM 5.0.2.8)
2.3.6 XWKTN
Testing Gb 2.3.6 XWKTN I got another unusual issue (unconfirmed on the network...):
After root, when I power on the phone I get the binaries
/system/xbin/su
/system/xbin/busybox
always deleted...
I workarounded it modifying the boot image:
I changed permissions of
/sbin
folder
Code:
# ls -l /
...
drwxr-x[B][COLOR="Red"]r[/COLOR][/B]-[B][COLOR="Red"]x[/COLOR][/B] 2 root root 0 Jan 1 1970 sbin
...
to give every user "exec rights" on it, then I put there both binaries!
Eh eh... I know that the system PATH first look there for commands:
Code:
# set | grep ^PATH
PATH=[B][COLOR="Red"]/sbin[/COLOR][/B]:/vendor/bin:/system/sbin:/system/bin:/system/xbin
#
Last:
I also put in 2.3.6 recovery /sbin folder the last "su" binary (source from GitHub)...
On execution I get "SegFault", but Root privileges Anyway:
Code:
$ su
Segmentation Fault
#
...amazing...
after doing a little research on the web why it's asking for sim network unlock pin, found out it's because my device it locked with a certain carrier/provider. i made sure it was already unlocked when i got, i was even able to use for about a week. however, for some reason it got locked again and got that message. i'm sure i didn't make any changes because this is my first time to have a samsung tab, that's when i tried to do more research about it and i know there's a way to do it but i guess i need a more detailed guide, please help... thanks!
This program finds the SIM unlock code for your Samsung Galaxy p6200 device. It requires root / superuser.
Simply install the application, hit the "SIM unlock code" button, wait a few minutes, and it should come up with the code. It can indeed take a while, so plug your phone in the charger before running, and go make yourself a cup of coffee.
Write down the code, turn off your device, insert a SIM that doesn't match your SIM lock, turn the device on again, and enter the code when the device asks for it.
If the code does not work, do NOT try it again. You might end up with a freeze. The app can also find the unfreeze code, but if the SIM unlock code was wrong in the first place, maybe so is the unfreeze code.download free sim unlock for galaxy p6200 here:http://www.mobyware.net/get-software-65666.html
........Another method :Step 1. - Retrieve nv_data.bin file
use "adb shell" or a terminal emulator to get a terminal prompt and run the following commands
Code:
su
cat /efs/nv_data.bin >> /sdcard/nv_data.bin
cat /efs/.nv_state >> /sdcard/.nv_state
busybox cp -r /efs /sdcard/
Step 2. - Edit nv_data.bin file
mount the internal SD Card on your computer
make a backup copy of the nv_data.bin file on your computer
using your favorite HEX editor open the nv_data.bin on the sdcard
jump to address 0x181468
you should see a string like this
ff 01 00 00 00 00
there are 5 different types of locks in 5 different bytes
the FF byte should be left alone
the first byte after the FF is the network lock
the next byte is the network subset lock
the next byte is the sp lock
the next byte is the cp lock
the last byte appears to be a data lock.
the 46 46 should be left alone
Change any 0x01 to 0x00 (or 0x00 to 0x01 to lock for warranty)
It should read ff 00 00 00 00 00 46 46 for unlocked
save and close file
unmount SD Card
Step 3. - Replace nv_data.bin file
I want to say it again so no one misses it MAKE SURE YOU HAVE A BACKUP OF YOUR /efs/ FOLDER BEFORE YOU CONTINUE!!!!!
use "adb shell" or a terminal emulator to get a terminal prompt and run the following commands
Code:
su
rm /efs/nv_*
rm /efs/.nv_*
cat /sdcard/nv_data.bin >> /efs/nv_data.bin
cat /sdcard/.nv_state >> /efs/.nv_state
chmod 755 /efs/nv_data.bin
chown radio.radio /efs/nv_data.bin || chown 1001.1001 /efs/nv_data.bin
chmod 755 /efs/.nv_state
chown radio.radio /efs/.nv_state || chown 1001.1001 /efs/.nv_state
reboot
your tab is now unlocked... enjoy
Just make sure you back up your entire /efs folder (save it on your computer and your tablet) before making any change.I believe you can refer to this one on the 10.1 tab forum :http://forum.xda-developers.com/showthread.php?t=1336659&highlight=t-mobile+unlock....
Can anyone confirm that this solution works? I'm reluctant to try without a guarantee
Sent from my HTC Desire S using xda app-developers app
@devid801
Ok, so I've opened the nv_data.bin file in hex edtor and found the following at address 00181468 : ff 01 00 00 00 00 44 4b . As you can see, the 46 46 is not there, instead there is 44 4b . Is this significant? Do I have to replace with 46 46 or should I leave it alone? Could this mean that this solution does not apply in my case and I risk breaking my device if I use it? Please advise.
Edit: I ignored the 44 4b bytes there and just changed the 01 to 00 and it worked, I am now network unlocked. Thanks for posting the solution
Folks,
I was trying to SIM unlock my Galaxy S I9000 using this thread: http://forum.xda-developers.com/showthread.php?t=761045 and noticed the following:
Filesystems Mounted Read only: / and /system are mounted ro
Patching nv_data.bin doesn't work: the result once that's done is the phne still being SIM locked
So here's my amended procedure, that worked on my Galaxy S I9000, locked to T-mobile UK:
If your phone is not rooted, then follow any of the methods listed in this link to root your phone first, before going any further. I will post a full rooting procedure and integrate it with this post shortly, for convenience and completeness.
Once rooted, enable USB debugging on your phone from the settings menu. Various releases of Brokendroid will have subtle differences on how this is done, but I'm sure you'll find your way. Again, I intend to update this procedure once I finish the rooting article, so the instructions are more complete. Also enable SD Card USB access.
Connect your phone to a USB port on a computer
Assuming you have downloaded, extracted and installed Brokendroid SDK from (Google, then there will be a directory under where you extracted the tools that looks something like: sdk/platform-tools. Change to that directory, and issue the following commands:
Code:
$ ./adb shell
[email protected]$ su -
[email protected]# cat /efs/nv_data.bin >> /sdcard/nv_data.bin
Once done, copy the nv_data.bin file from your SD card to your machine and make a working copy (e.g. nv_data-working.bin)
Using your favourite hex editor, go to address 0x00180066 and look for the following sequence of bytes:
Code:
00 [HL] [HL] [HL] [HL] [HL] 23
Where the [HL] sequence represents your present network's PLMN code.
Replace all the sequence above with 00; In n my case, the PLMN for T-mobile is 23410, so the byte sequence was changed as follows:
Code:
From
00 32 33 34 31 30 23
To
00 00 00 00 00 00 00
Go to address 0x181468
This is a sequence of 8 bytes that starts with FF and ends with 46 46. In my case, this was:
Code:
FF 01 00 00 00 00 46 46
The significance of these bytes are as follows:
FF Sart of string - LEAVE ALONE
Network Lock
Network Subset Lock
SP Lock
CP Lock
Data Lock.
46 46 End of string - LEAVE ALONE
You need to change this sequence so that all bytes between the FF and 46 46 are set to 00. I.e.;
Code:
FF 00 00 00 00 00 46 46
Save the resulting file.
Transfer the resulting file to your SD card - I am assuming your new file name is nv_data-working.bin
Issue the following commands, with your phone connected to the computer:
Code:
[email protected]# mount -o rw,remount /
[email protected]# mount -o rw,remount /sys
[email protected]# mount -o rw,remount /system
[email protected]# rm /efs/nv_data.bin
[email protected]# rm /efs/nv_data.bin.md5
[email protected]# cat /sdcard/nv_data-working.bin > /efs/nv_data.bin
[email protected]# chmod 755 /efs/nv_data.bin
[email protected]# chown radio.radio /efs/nv_data.bin || chown 1001.1001 /efs/nv_data.bin
reboot
[/LIST]
And you are done .. your phone is SIM unlocked :)
- for Linux only -
Stock Recovery to TWRP Backup Converter for Android system recovery <3e>
This progam is basically written for unpacking stock recovery android backup userdata_20160823_100259.backup + convert it into custom recovery nandroid backup data.ext4.win000 (but you can create your own TWRP Backups from "any" data source, too)
content and usage of bckp2win.sh is similar to bckp2cwm.sh with some slight modifications. based on previous version, it skips the checksum and unpack /data partition from userdata_00000000_000000.backup then re-pack it as TWRP Backup. optionally the screenlock pattern can be unlocked.
Requirements:
- pc with linux
- ext4 formatted hard disk
may work on ntfs, give a try (in case backup is a partition image)
Requirements (source phone):
- Android system recovery <3e> with
- "backup user data" functionality
- data must not encrypted
- external sdcard
Requirements (target device):
- root
- TWRP custom recovery
- working identical ROM pre-installed (like source phone)
before you start:
download this flashable UPDATE-sdcard.Fix.Permissions-signed.zip from osm0sis @ xda-developers to your phones memory or external sdcard - you might need it later
http://forum.xda-developers.com/showthread.php?t=2239421
TWRP and Internal Storage:
even if TWRP recovery process claims not touching /data/media, it restores files anyway. this is a great advantage side effect as we can easily restore Pictures and Files by simply including it in the backup. However, this will overwrite existing data - please don't use this option unless you know what you're doing!
if apps crashing after restoring from TWRP, this might have to do with Internal Storage - the above flashable zip will fix permissions, ownership and selinux labels for /data/media in case you manually added some files (regarding /data - of course - there is no tool in the world, which can do the same for /data partition - be warned never copy files, just always move files from one linux file system to another, and never use a windows file system)
bckp2win.sh is a linux bash script using GNU tar for creating TWRP archive files from userdata_yyyymmdd_hhmmss.backup files.
in TWRP Backup each data.ext4.win000 file represent a standalone tarball archive - this means each single archive can be unpacked for its own - without concatenating them, or having splitted files spreaded over multiple archives. unfortunately i don't know how they do it (i think TWRP use its own tar implementation), so i decided to write another bash script wich is basically doing the same thing (creating multipart standalone tarball archives):
edit: this is the main converting script (and the only file you need)
multi_tar.sh is not limited to Android system recovery <3e> userdata backup and can be used for any scope of application.
This means you can simply create TWRP Backups from "any" data source. It is summarizing files in a index file until archive size is reached and then archiving from index with GNU tar. This is a very slow procedure but it works. optionally it uses GZIP compression. (i really dont know how to check compressed file size from bash without compressing it, therefore it is compressed twice in a 2 pass way, 1-st pass is for checking size only)
edit: do not download this script, try bckp2win.sh without multi_tar.sh first (press No when asked). it is for splitting large backups only and not required in most cases
twrp_sign.sh is another bash script for creating sha2 checksums especially for TWRP Backups. But checksums can be disabled in TWRP - therefore its optional.
needs ~ 120% of free disk space and takes time about ~ 30 min, enjoy your coffee
[TUTORIAL] How to convert stock backup into TWRP backup
First of all you need to know, that userdata_yyyymmdd_hhmmss.backup files contain user data only. it is NOT a full nandroid backup like TWRP / CWM.
So we can just restore data partition from TWRP:
userdata_20160823_100259.backup -> data.ext4.win000 -> /data
The data partition contains the Internal Virtual SD Card. It is usually not included in TWRP backup. It is your decision to manually copy back to phone (recommended). But you can also restore Internal Virtual SD Card from TWRP:
/data/media/0 -> /storage/emulated/0
IMEI and WiFi MAC-Address:
/data/nvram (NOT recommended)
If there is a copy of NVRAM partition in folder /data/nvram, the script will delete it by default. However, there is a option to use IMEI and WiFi MAC-Address from backup (clone), instead from Phone.
Windows Users please click here
download UNetbootin -> https://unetbootin.github.io <- scroll this page down for tutorial
format USB flash drive FAT32install any Linux Distro to USB flash drive
Reboot your PC from USB flash drive
to access the boot menu while booting your computer:
- press the appropriate key F11 or F12 during the initial startup screen
- select the USB boot option in the BIOS boot menu
- boot Default entry
congratulations, you have
sucessfully entered your
own working Linux system!
it's easy, isn't it?
Now, come back to forum.xda-developers.com
- find Start Menu on upper left corner
- open the "Web Browser" from Favorites
- search for "bckp2win" in google
you can add your Keyboard Layout from: Settings - Keyboard
Note: performance of Firefox badly depends on USB flash drive speed
if it is too slow, try another one, or disable persistence:
- find syslinux.cfg file on USB flash drive
- open syslinux.cfg file with editor
- delete --- persistent from Try Xubuntu without installing entry
- save the changes, reboot from USB flash drive Try Xubuntu without installing entry
However, without persistence it is a read-only Live system and will lose all settings on reboot
Let's begin with preparations
- copy UPDATE-sdcard.Fix.Permissions-signed.zip to microSD card / or
- download UPDATE-sdcard.Fix.Permissions-signed.zip to target phone
- connect the source phone USB cable / or
- insert the microSD card into the PC's SD Card Reader
- copy all userdata_20160823_100259.backup files to any folder on local disk
- download all the zip files from this thread
- unpack zip files to same folder on local disk
run the shell script in Terminal
- do right-click somewhere in the backup folder, select "Open Terminal Here"
- type "sudo bash bckp2win.sh" in Terminal
- check disk space
example: when backup is 2 GB,
Avail must > 2,4 GB (120%)
when backup is 55 GB,
Avail must > 66 GB (120%)
- check file system type
Type must not vfat, fat32
all others allowed
(ntfs, ext4, fuseblk, ...)
this is very important! otherwise it will fail at the end and waste your time, and you won't know the reason. so please check carefully
- select file number to extract
- wait a long time, depends on disk speed and backup size (1~2 min / 1 GB)
Halftime break
- when message appears Press 'y' to unlock: [y/n] - Congratulations! The backup is sucessfully extracted
(if you need to edit/modify/delete files within backup this is the point for break)
- to continue with re-packing:
answer all questions with No
(or just press Enter for default):
Android sparse image (simg2img) support -> No
Flash-Friendly File System (F2FS) support -> No
unlock screenlock pattern -> No
clone old IMEI and Wifi Mac Address -> No
Restore /storage/emulated/0 -> No
use gzip compression -> No
Extract Internal Virtual SD Card to local disk -> Yes
(this will extract /data/media to TWRP folder instead, but exclude it from backup)
- wait for the script is finished
- wait for background processes
(it happens sometimes script finishes too early, if there is a data.ext4.win000 + data.ext4.win0000 file, just wait for the target size 1 GB each file)
- if checksums missing or failed, please manually run twrp_sign.sh again
(successful checksums look like this)
Finally we can restore the new backup
- copy back TWRP folder to phone
- boot into recovery mode
- create a failsafe backup (just in case...)
- move folder to the right location via MTP, or
- Advanced -> File Manager -> TWRP/BACKUPS/<serialno>/<backup folder>
- Options (blue icon on the right bottom) -> Move -> TWRP/BACKUPS/<phone name> -> Swipe to confirm
(in case converted backup is not visible in Restore list...)
- restore converted backup from TWRP
- install the flashable UPDATE-sdcard.Fix.Permissions-signed.zip
(just in case you have added files to data/media...)
- boot the phone
- move/copy all your pictures videos etc from TWRP folder back to phone
Troubleshooting
If you fail at some point please try again with more disk space or gzip compression
phone is not showing up on PC
enable Settings -> Developer options -> Select USB Configuration -> MTP:
- goto Settings -> About phone
- tab Build number seven times until you see a message
- goto Settings -> Developer options
- enable Developer options, confirm Allow development settings
- scroll down to -> Select USB Configuration
- select MTP (Media Transfer Protocol)
My source backup file is not in "userdata_YYYYMMDD_hhmmss.backup" format
This script may work with other archives, but only accept "userdata_YYYYMMDD_hhmmss.backup" pattern as input file name. But you can specify any input file or folder as parameter. the script will scan the folder for known archive types and link files into script folder:
sudo bash bckp2win.sh ~/Android/Backup/TWRP/2016-08-23--10-02-59/data.ext4.win*
mkdir: cannot create directory ‘b2wtmp’: File exists
There was a previous session left, delete the folder ‘b2wtmp’ and try again. You can keep previous session for testing purposes with parameter -f force unpack:
sudo bash bckp2win.sh -f
ERROR: something goes wrong. check disk space
The GNU tar unpacking or archiving process may fail for various reasons. However, you can suppress error messages and skip this exit point for testing purposes with parameter -f force unpack. If you run out of disk space, you can exclude folders from backup with parameter -e --exclude PATTERN, for example:
sudo bash bckp2win.sh -e */com.google.android.googlequicksearchbox*
Bugs & Known Issues
extractTarFork() process ended with ERROR: 255
probably bug in script. at the moment, only solution is manually restoring backup files. i know its annoying but i don't know the reason, yet.
- download GNU tar for android
- unpack the zip and copy the tar binary to phone
- in TWRP, copy tar binary to /cache, then wipe data
- in TWRP, go back to -> Advanced -> Terminal
- in Terminal, change directory to backup folder, then run for each file
Code:
chmod 0755 /cache/tar
cd /external_sd/TWRP/BACKUPS/<phone>/2016-08-23--10-02-59*
/cache/tar --selinux --xattrs -P -vxpf data.ext4.win000
(or for compressed files)
busybox gzip -cd data.ext4.win000 | /cache/tar --selinux --xattrs -P -vxp
Please post here for support i will answer your questions
found a multipart image, merge files
==================
... merged
try to unpack ...failed
try to mount as *...failed
skip first 512 bytes and try to mount again as ext2, as rfs, as fsfs
... failed
no files in folder "data"
exiting script
What can I do ?
My phone model is Bluboo S1 with Android 7.0, before I wiped all out I was made backup with stock backup and now I have TWRP 3.2.1. Now I have phone flashed with BLUBOO_S1_Helio_P25_L_V04_20170908 and is working but I want put my old userdata because I think there is all my 230 apps already installed.
Please check if your userdata_20180926_141645.backup is ext4 image. Each file start with a 512 byte checksum header, followed by partition image. The ext4 Super Block will start at offset 1024 bytes (from partition). The ext4 magic number 0xEF53 you can find at offset 0x38 (from the Super Block start)
We can skip (512 bytes) checksum + (1024 bytes) unused padding, because the Super Block start is at (1536 bytes) = 0x600 in this case
Please note the ext4 magic 0xEF53 at offset 0x638
encrypted files not supported
If the files look like this (no zeros within, after skip 512 bytes checksum) it is probably a raw backup of encrypted data partition
you can check with hexdump
Code:
hexdump -C -n1600 userdata_20180926_141645.backup
Unfortunately, these userdata backups are pretty useless since android 7.0 (encrypted by default), because they will not backup efs/metadata. If you wipe data from stock recovery, the metadata is wiped, too. It is impossible to decrypt data without encryption key (which is stored in metadata).
If you are really lucky maybe its not to late, do a read back of metadata partition with SP Flash Tool. Furthermore, check if userdata backup is encrypted
. . .
If the files look like this (no zeros within, after skip 512 bytes checksum) it is probably a raw backup of encrypted data partition
you can check with hexdump
Code:
hexdump -C -n1600 userdata_20180926_141645.backup
[/QUOTE]
***
there was also too little disk space and I installed the new Ubuntu on the other computer so I'll try it later
if you prefer to re-pack data by yourself, stop the script when it ask for unlock screenlock pattern (CTRL + C)
enter parent directory of data folder
run multi_tar.sh - while first arg is destination and all other args are source folders
Note you can change the output to any file or folder:
replace "data.ext4.win" with "/media/xubuntu/my-drive/Android/my-output-folder/my-file-name"
Code:
sudo bash multi_tar.sh -z -L 1048576 data.ext4.win data --transform 's,^data,/data,'
(with parameters -z for compression and -L for split size, and some string replacement within the archive - replaceing "data" with "/data" in this case)
there are still some bugs i am struggle with, restoring in TWRP fails when a single file within backup is failed.
Please check out my other solution for encrypted backup. You can restore TWRP backup from this zip instead of restoring from TWRP menu
https://forum.xda-developers.com/showthread.php?t=3899918
aIecxs said:
We can skip (512 bytes) checksum + (1024 bytes) unused padding, because the Super Block start is at (1536 bytes) = 0x600 in this case
Click to expand...
Click to collapse
Hi,
i have exact these offset you wrote here but i do not have success to mount my data. Have you an idea what could be wrong on my side?
Code:
000001d0 ab 0a 44 a3 c5 ee 69 fa 44 78 c2 ca ec 13 bb f5 |..D...i.Dx......|
000001e0 38 f4 e7 ca f2 7c 49 e3 a2 a0 d8 1e e3 f9 94 c5 |8....|I.........|
000001f0 f5 f5 3e c2 6a bc 8a 58 1c ef 0e 8a 91 29 c4 99 |..>.j..X.....)..|
00000200 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
*
00000600 00 40 02 00 80 fc 08 00 00 10 00 00 77 e3 00 00 |[email protected]|
00000610 da 10 02 00 00 00 00 00 02 00 00 00 02 00 00 00 |................|
00000620 00 80 00 00 00 80 00 00 00 20 00 00 0f 8e a4 54 |......... .....T|
00000630 0f 8e a4 54 6c 02 ff ff 53 ef 01 00 02 00 00 00 |...Tl...S.......|
Code:
try to mount as ext4
...failed
skip first 512 bytes and try to mount again as ext4
...failed
try to mount as ext3
...failed
skip first 512 bytes and try to mount again as ext3
...failed
try to mount as ext2
...failed
skip first 512 bytes and try to mount again as ext2
...failed
try to mount as rfs
...failed
skip first 512 bytes and try to mount again as rfs
...failed
try to mount as f2fs
...failed
skip first 512 bytes and try to mount again as f2fs
...failed
./bckp2win.sh: Zeile 796: cd: .//b2wtmp: Datei oder Verzeichnis nicht gefunden
WARNING: no files in folder "data"
exiting script
Thanks
script looks buggy, maybe wrong mount options, or it makes a difference when called with "sudo bash bckp2win.sh"
Hello all.
Is there a way to do the inverse (system.ext4.win -> system.img) ? Does anybody know a link to instruction ?
With that system.img, I can then do: Bootloader> fastboot -S 130M flash system system.img
(if bootloader is unlocked).
Thank you everyone.
yes it is possible, check my edited reply later in 10 hours
edit: see reply in other thread
https://forum.xda-developers.com/showthread.php?t=4015725
@e5e197740b what is the error message when using this tool?
aIecxs said:
@e5e197740b what is the error message when using this tool?
Click to expand...
Click to collapse
Do I need a rooted Tablet for this? I'm not sure I understood all the instructions..
Edit:
So I ran bckpwin.sh in an Ubuntu VM, here is the output:
Code:
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
#
#
# This script converts "Android system recovery <3e>" stock recovery file
# "userdata_YYYYMMDD_hhmmss.backup" into custom recovery nandroid backup file.
#
# executing file system must be ext2/3/4 otherwise app permissions will be lost.
#
#
run this script as root. type "sudo -i" or "sudo bash bckp2win.sh".
are you root?
Press 'y' to continue: [y/n] y
2,0G userdata_20200609_220537.backup
2,0G userdata_20200609_220537.backup1
2,0G userdata_20200609_220537.backup2
2,0G userdata_20200609_220537.backup3
2,0G userdata_20200609_220537.backup4
2,0G userdata_20200609_220537.backup5
110M userdata_20200609_220537.backup6
13G total
Dateisystem Typ Größe Benutzt Verf. Verw% Eingehängt auf
/dev/sda5 ext4 98G 45G 48G 49% /
WARNING: Make sure enough free disk space - NOT checked during process!!
1) userdata_20200609_220537.backup
select file number to extract (q to quit): 1
1) "userdata_20200609_220537.backup"
try to unpack as tar (multipart image support)
...failed
WARNING: No ext4 magic number detected. Try it anyway? [y/n] y
OPTION: install support for (EXT4) Android sparse image (simg2img)? [y/n] y
Paketlisten werden gelesen... Fertig
Abhängigkeitsbaum wird aufgebaut.
Statusinformationen werden eingelesen.... Fertig
Paket android-tools-fsutils ist nicht verfügbar, wird aber von einem anderen Paket
referenziert. Das kann heißen, dass das Paket fehlt, dass es abgelöst
wurde oder nur aus einer anderen Quelle verfügbar ist.
Doch die folgenden Pakete ersetzen es:
android-sdk-libsparse-utils android-sdk-ext4-utils
E: Für Paket »android-tools-fsutils« existiert kein Installationskandidat.
OPTION: install support for (F2FS) Flash-Friendly File System? [y/n] y
Paketlisten werden gelesen... Fertig
Abhängigkeitsbaum wird aufgebaut.
Statusinformationen werden eingelesen.... Fertig
Die folgenden zusätzlichen Pakete werden installiert:
libf2fs-format4 libf2fs5
Die folgenden NEUEN Pakete werden installiert:
f2fs-tools libf2fs-format4 libf2fs5
0 aktualisiert, 3 neu installiert, 0 zu entfernen und 3 nicht aktualisiert.
Es müssen 185 kB an Archiven heruntergeladen werden.
Nach dieser Operation werden 568 kB Plattenplatz zusätzlich benutzt.
Holen:1 http://de.archive.ubuntu.com/ubuntu focal/universe amd64 libf2fs5 amd64 1.11.0-1.1ubuntu1 [14,1 kB]
Holen:2 http://de.archive.ubuntu.com/ubuntu focal/universe amd64 libf2fs-format4 amd64 1.11.0-1.1ubuntu1 [16,6 kB]
Holen:3 http://de.archive.ubuntu.com/ubuntu focal/universe amd64 f2fs-tools amd64 1.11.0-1.1ubuntu1 [154 kB]
Es wurden 185 kB in 0 s geholt (608 kB/s).
Vormals nicht ausgewähltes Paket libf2fs5:amd64 wird gewählt.
(Lese Datenbank ... 189666 Dateien und Verzeichnisse sind derzeit installiert.)
Vorbereitung zum Entpacken von .../libf2fs5_1.11.0-1.1ubuntu1_amd64.deb ...
Entpacken von libf2fs5:amd64 (1.11.0-1.1ubuntu1) ...
Vormals nicht ausgewähltes Paket libf2fs-format4:amd64 wird gewählt.
Vorbereitung zum Entpacken von .../libf2fs-format4_1.11.0-1.1ubuntu1_amd64.deb ...
Entpacken von libf2fs-format4:amd64 (1.11.0-1.1ubuntu1) ...
Vormals nicht ausgewähltes Paket f2fs-tools wird gewählt.
Vorbereitung zum Entpacken von .../f2fs-tools_1.11.0-1.1ubuntu1_amd64.deb ...
Entpacken von f2fs-tools (1.11.0-1.1ubuntu1) ...
libf2fs5:amd64 (1.11.0-1.1ubuntu1) wird eingerichtet ...
libf2fs-format4:amd64 (1.11.0-1.1ubuntu1) wird eingerichtet ...
f2fs-tools (1.11.0-1.1ubuntu1) wird eingerichtet ...
Trigger für man-db (2.9.1-1) werden verarbeitet ...
Trigger für initramfs-tools (0.136ubuntu6) werden verarbeitet ...
update-initramfs: Generating /boot/initrd.img-5.4.0-37-generic
Trigger für libc-bin (2.31-0ubuntu9) werden verarbeitet ...
found a multipart image, merge files:
../userdata_20200609_220537.backup
../userdata_20200609_220537.backup1
../userdata_20200609_220537.backup2
../userdata_20200609_220537.backup3
../userdata_20200609_220537.backup4
../userdata_20200609_220537.backup5
../userdata_20200609_220537.backup6
(please wait - up to 15 min - don't worry computer is still alive)
...merged
try to unpack as sparse ext4 image (skipping ... )
...failed
try to mount as ext4
...failed
try to mount as ext3
...failed
try to mount as ext2
...failed
try to mount as rfs
...failed
try to mount as f2fs
...failed
no files in folder "data"
caching file to disk again for second run
(please wait - up to 15 min)
try to mount as ext4
...failed
skip first 512 bytes and try to mount again as ext4
...failed
try to mount as ext3
...failed
skip first 512 bytes and try to mount again as ext3
...failed
try to mount as ext2
...failed
skip first 512 bytes and try to mount again as ext2
...failed
try to mount as rfs
...failed
skip first 512 bytes and try to mount again as rfs
...failed
try to mount as f2fs
...failed
skip first 512 bytes and try to mount again as f2fs
...failed
./bckp2win.sh: Zeile 796: cd: .//b2wtmp: Datei oder Verzeichnis nicht gefunden
WARNING: no files in folder "data"
exiting script
So it had to load some stuff of the internet (namely simg2img and F2FS and its dependencies), but it seemed to run through properly, apart from not retrieving any data.
simg2img or f2fs is not required, it's from the days i wasn't aware of backup format
try to unpack as tar ...failed
mean it doesn't extract with tar(gz) with or without 512 bytes header
WARNING: No ext4 magic number detected
mean it did not find hex 53 ef with or without 512 bytes header (f2fs/ext4 is checked both)
but it tries to mount anyway
this could mean
a) script is not working (@matrix4you claimed this, too)
b) header is not 512 bytes
c) backup is encrypted
a) and b) can be double checked with unencrypted backup. do a factory reset then right after create another backup without booting android. this should give you 12 GB backup which can be zipped into less a few MiB because it is empty ext4 image
edit: did you run the script via 'sudo ./bckp2win.sh' that would explain the bug in line 796? usage is 'sudo bash bckp2win.sh' maybe behavior is different
aIecxs said:
simg2img or f2fs is not required, it's from the days i wasn't aware of backup format
try to unpack as tar ...failed
mean it doesn't extract with tar(gz) with or without 512 bytes header
WARNING: No ext4 magic number detected
mean it did not find hex 53 ef with or without 512 bytes header (f2fs/ext4 is checked both)
but it tries to mount anyway
this could mean
a) script is not working (@matrix4you claimed this, too)
b) header is not 512 bytes
c) backup is encrypted
a) and b) can be double checked with unencrypted backup. do a factory reset then right after create another backup without booting android. this should give you 12 GB backup which can be zipped into less a few MiB because it is empty ext4 image
edit: did you run the script via 'sudo ./bckp2win.sh' that would explain the bug in line 796? usage is 'sudo bash bckp2win.sh' maybe behavior is different
Click to expand...
Click to collapse
I did go sudo bash.
I can try the reset-backup thing.
aIecxs said:
simg2img or f2fs is not required, it's from the days i wasn't aware of backup format
try to unpack as tar ...failed
mean it doesn't extract with tar(gz) with or without 512 bytes header
WARNING: No ext4 magic number detected
mean it did not find hex 53 ef with or without 512 bytes header (f2fs/ext4 is checked both)
but it tries to mount anyway
this could mean
a) script is not working (@matrix4you claimed this, too)
b) header is not 512 bytes
c) backup is encrypted
a) and b) can be double checked with unencrypted backup. do a factory reset then right after create another backup without booting android. this should give you 12 GB backup which can be zipped into less a few MiB because it is empty ext4 image
edit: did you run the script via 'sudo ./bckp2win.sh' that would explain the bug in line 796? usage is 'sudo bash bckp2win.sh' maybe behavior is different
Click to expand...
Click to collapse
So what I did now:
Reset the device, without rebooting make a backup:
I still creates 7 files 12 gigs in total.
The are, as expected, seemingly completely empty, apart from the first 512 Bytes, allthough even those are empty in files 4-7.
The first 8 bytes are always the same, both in the empty and the real backup, if the first 512 exist at all.
Here are the first 512 bytes from the first file of the empty backup:
Code:
AB EF CA 9C B0 C5 4A 0A 38 3D BE C5 5E 4F B5 ED DB 14 73 B2 5C 52 64 1B FA 57 83 A1 6A 63 BF 7A 81 4F AF 09 8D 90 07 18 D6 00 68 0B 94 80 62 62 70 4E 35 8E 28 35 2A 65 63 8D 60 6C E6 1B BF 84 22 DC 8D 22 FF BE FA D8 40 A5 37 01 14 DA 80 C0 92 4A 41 24 EA 80 F6 B3 4B 2C 45 A1 17 99 E0 2D DF F5 7E 9D 10 3B 39 DD FE 1E 48 D4 A8 24 81 B4 E1 91 55 BC 2B 80 7D 9E 1B 1C 82 C5 BD 98 59 66 FF 07 00 1E 4F 41 0B 87 4F 17 CC C4 12 2A 50 1E 70 2F 96 61 09 EF 37 B6 A3 7C 01 9C 09 49 D5 0E 98 91 EB 68 09 FE 51 6D D1 7C 4A 15 02 FF 12 5B B2 CA 31 FD 9F 07 8E 26 FA 56 72 F7 BD 55 85 BB F6 F7 59 8C 11 54 B4 E8 04 3E 10 41 B9 32 54 19 A8 BF 0C 5B 40 5D 37 72 68 BA 46 2A E5 C6 98 28 C1 79 DD F6 8E 8F AD 75 43 BA DA 1B 48 DD B9 F8 AB BC 02 6E E3 62 E5 C8 E2 20 60 43 D9 C5 47 E4 81 04 13 A9 04 8C 1E B3 0B 9D 59 B7 D4 CF A9 2F D9 96 93 BA 02 F9 A8 4E D5 FD 7A B2 74 E4 DB 9C 8B 4C 94 CF CD 61 C6 98 E7 88 B7 51 79 E9 0B FB B2 DE 63 66 A5 08 44 24 CE 76 E2 F2 7D 16 80 DA BF 3E F4 58 B3 8C 76 83 62 ED 40 CC 73 6C 28 B8 C7 78 65 8E 11 BB 8D B7 64 4B 66 B7 32 F8 88 14 BB 54 17 D0 52 3D 5A 47 B8 06 D8 00 94 7C 0B FF 7B 07 6E 4A B7 23 A9 6E 91 BB FE 6F 61 C8 0B C5 B3 E9 96 FB 9F 21 33 F8 BF 0A 9A C7 3E ED 31 B5 F5 66 BD 12 1D E9 1F D7 B2 DA 2E FC 3C 22 F4 F4 B6 10 10 BA 7E 9A 41 76 B0 43 91 DE 2E 31 64 59 DD 1E A5 5D 20 D9 5E 17 78 59 12 35 66 35 3A E6 7B 67 D5 64 D7 93 9C F4 01 47 6C 0F 92 4D 45 F9 B8 34 81 0A EA 47 1A 6C 4D 68 C1 6E A0 6C DE 7D 3E 33 06 82 D2 BF 05 82 5D 0E CF 5B E3 15 98 BB 51 98 79 A2 05 8F 7B BC 70 D1 76 35 67 A8 A0 EF
Is there any chance left?
no there is nothing you can do. what does the script say to empty backup? does it mount ext4 image?
So I had to take a few days off, but I ran the script on the empty backup.
It does mount it as a ext4 image. But I can't find the folder it mounted it to.