Related
Introduction
If you get your hands on a device with Cyanogen OS preinstalled and there is no factory image for it published by Cyanogen Inc. yet, then this script is for you. It constructs download links of factory image from a device running Cyanogen OS.
There are different files for a factory image: signed fastboot flashable zip, signed zip & boot-debuggable image.
Signed fastboot flashable zip: It contains the complete rom and can overwrite everything including your data partition. These cannot be flashed via recovery - extract their contents and flash via fastboot. An unlocked bootloader is required.
Signed zip: Normal recovery-flashable zip that contains just the system and kernel (they won't overwrite your data partition).
Boot-debuggable image: It is boot image/kernel that enables adb root and the developer menu options.
Requirements
1. Windows Vista or newer. 2000/XP should also work if choice.exe is present. Linux & OSX users should check the Python port.
2. Properly installed adb driver; see here.
3. Properly configured adb_usb.ini (optional); see here.
4. A device with regular Cyanogen OS (testing versions aren't supported) installed; list is here.
Download
https://github.com/Titokhan/cosfid
Usage
Download all of the files using "Download ZIP" option, extract somewhere (path with no space is recommended), connect the target device using USB cable & execute COSFID.cmd.
COSFID.py is intended for Linux & OSX users, though Windows users can run it too if Python for Windows is installed. The Python port is a quick-and-dirty one; it needs more refinement.
Don't confuse it by Cyanogen OS OTA trackers like the original one; read carefully to spot the difference.
Credit
1. qewlpal for inspirations in scripting
2. Jernej Simončič for providing Windows builds of GNU wget
3. Google for providing adb binaries under Apache license
4. Cyanogen for making Android more beautiful
Reserved for future.
Great job!
There is a way to get all ROM links for a specific model?
@bartito
Technically yes, but Cyanogen has made the tracking a little bit complicated now for 3rd parties. We also need to develop a database for historic data.
Titokhan said:
@bartito
Technically yes, but Cyanogen has made the tracking a little bit complicated now for 3rd parties. We also need to develop a database for historic data.
Click to expand...
Click to collapse
I'm refer to a way to locate new uploads.
Really not much interest on history but in the future
Hi,
I'm currently waiting for buy the Xperia XZ. I check some of XDA's thread and with Sony's smartphone I'm still afraid. So I want to know if there is a thread gathering all the detailled step to root, install TWRP, flash latest firmware, install custom ROM etc... ?
Thanks a lot
[Guide] Here is the DHGE guide for rooting SONY devices 2019-04
Changelog at the bottom of this post.
nathan30 said:
if there is a thread gathering all the detailed step to root, install TWRP, flash latest firmware, install custom ROM etc... ?
Click to expand...
Click to collapse
No - but you can find all you need to know here in this forum or in the devices-fora later than Z3+ or SONY-cross-device.
https://forum.xda-developers.com/crossdevice-dev/sony
Good introductory (written for devices before Z3+):
https://forum.xda-developers.com/crossdevice-dev/sony/noob-guide-to-sony-ericsson-xperia-t3209012
It is still valid but the 2015 and newer devices are not rootable anymore as described thanks to DM-Verity.
For rooting the current device you have to open the bootloader.
Any claims to the contrary found "on the web" are only tricks to have you install "interesting" software on a Windows PC.
Do you want root?
A classic post to help you decide
No:
wait for the OTA-updates from SONY (over the air - prosaic?)
don't like waiting or want to downgrade: get Flashtool http://www.flashtool.net
it comes with Xperifirm that finds you the latest ROM
https://forum.xda-developers.com/cr...xperifirm-xperia-firmware-downloader-t2834142
Unfortunately Xperifirm only finds the latest ROM (the only available on SONYs servers) so you better keep your downloads (>2 GBytes each) or find an older ROM in case you need it (xda has a search function). Here you'll find some ROM-versions: https://xpericheck.com
since my Xperia XZ/XZ1 I occasionally have problems with Flashtool that it requires a FSC-script which does not come with it or can not easily be copied from a similar device.
Now I use Newflasher https://forum.xda-developers.com/cr...gress-newflasher-xperia-command-line-t3619426 by @munjeni. This is a command line tool that for me unfortunately only works under Windows (have JDK issues under Debian).
You unpack the ROM (ftf-file) and place the newflasher.exe in the directory where you unpacked to. Then you start the device in flash mode (power on while holding the volume down key) and run the tool from the command line as administrator/root.
If you do not delete userdata.sin you will initiate the equivalent of a factory reset (aka loose all your data and settings!). For an upgrade within the same Andoid version I always delete userdata.sin before newflashing.
Yes:
As stated above, you need to unlock the bootloader to modify the system software on your device. Fortunately SONY gives (for non-carrier-locked) devices the option to unlock the bootloader.
Check if unlocking is allowed: in the service menu (dial *#*#7378423#*#* or *#*#SERVICE#*#* ) check under "Service Info"->"Configuration" the line "Bootloader unlock allowed:"
If you read anything other than "Yes" Stop here!
No: flashing another SONY Rom ("Customized CountryX") does not help you.
Hint: there is an app "SONY service menu" in the app-repository (F-Droid or Google).
OK - you can Now it is your last chance to save your device keys or "backup the trim area partition"
You should do this if you ever want to return to a SONY "blessed" state. e.g claiming service in countries where warranty is not for devices with unlocked bootloader or you want to sell it.
There are some device specific kernels out there whose authors state that they mitigate all DRM issues once the TA is restored. I guess you need these kernels otherwise restoring the TA locks up your device ...
Otherwise do not bother with restoring the TA-partition. Doing so after the next steps will soft brick your device.
Now you have to prepare your PC with some drivers in order to start the backup process:
Go to SONY's developver world http://developer.sonymobile.com
Under "Downloads" you will find the drivers for the XZ or any other device http://developer.sonymobile.com/downloads/drivers/xperia-xz/
These drivers are for Windows, do not bother if you are running a free operating system.
To get fastboot running you might additionally have to find the "fastboot_driver" in the download area. Put the content of the ZIP-file into the directory where you you unzipped the device driver and install it via right-clicking on the file android_winusb.inf.
Install these drivers if you are a Windows user. Under Windows 8 and newer there could be problems with installing "non signed" drivers.
Do a web/xda search to circumvent this security measure of Microsoft or do click on reboot while holding the shift-key and figure it out yourself.
http://www.flashtool.net/win8drivers.php
When you are installing: You also need to install the programs adb and fastboot.
https://forum.xda-developers.com/showthread.php?t=2317790
If you are running a free operating system: search for adb/fastboot or Android SDK in your repository and install these.
Running Linux it helps to insert the udev-rule mentioned in http://www.flashtool.net/lininstall.php otherwise you have to run esp. fastboot with root-privileges (not recommended, although the udev rule saves no punches ...)
On Android on your SONY device you have to be root to save a partition - catch 22 :crying: ...
https://en.wikipedia.org/wiki/Catch-22
Don't fear the ... / catch: For Android Marshmallow ROMs, e.g. up to version 39.0.A.3.30 of the Xperia XZ ROM, exists an exploit of the copy on write function in the Linux kernel that gets you root privileges temporarily.
On newer devices where there is no Marshmallow ROM with a vulnerable kernel available you are out of luck until another exploit is found.
Follow https://forum.xda-developers.com/crossdevice-dev/sony/universal-dirtycow-based-ta-backup-t3514236
Hint: In post #21 is described how to restore the TA (read the last sentence! -> you have to flash a stock ROM after restore).
If it does not work the first time let the tarnished bovine do its stride several times more.
Or: Repeat the process until success.
If you are already on Nougat you must downgrade the system ROM (see above) to use the exploit and backup the TA-partition.
The latest exploit that is available for devices that came out with Oreo uses a different exploit.
Search for this exploit in the specific forum or on "Sony Cross Device". If you are already on Pie you have to download an Oreo ROM for your device.
This is similar to the procedure described above that has the Xperia XZ in mind.
TA-partiton backed up?
Now the non-reversible part:
Under http://developer.sonymobile.com/unlockbootloader/ you request an unlock code.
READ, READ what SONY have written there!
- You will lose some DRM functionality: https://forum.xda-developers.com/z3-compact/general/loss-drm-keys-t2890936
- Your device will factory reset. You have a backup?
You can get the IMEI-number from the original package of your phone (if you have good eye sight and nobody swapped the boxes) or pull a tab from the side of the phone (you do not want to do that) or print a screen shot of the relevant page of your service menu or head into settings->about device->status->IMEI-Info.
You follow SONY's instructions to unlock the bootloader and hold your breath as after a long reboot everything on your device is wiped. On the newer devices you get an ugly warning "the device can't be trusted anymore".
NEVER EVER enable the MyXperia software from now on!
On some devices this in combination with an unlocked bootloader will hard brick your device.
Here was a link to fxpblog where they destroyed two devices.
Hey, you have been warned. With the TA-backup you always can return to the chicken den.
Become a "developer"
- Tap seven times on the build number of your device. (settings->device info)
- then enable "OEM unlocking" (new for the 2016 and later devices like XZ) and "USB-debugging"
You have read the SONY advice?
Next decision: Root stock ROM or go Custom Rom?
I am VERY happy with LineageOS on a Tablet Z and other devices in my household. I liked the Resurrection Remix ROM on my SAMSUNG phone.
Your mileage may vary: Testing a ROM and reversing will cost you with a proper backup minimum 4-5 hours.
If you choose a custom ROM:
- read the thread to get a hunch if you really want to install it (get over the off topic noob questions and annoying full quotes)
- Follow the instructions of the first page of the ROM-thread to install it. If you can not do this: stop or be prepared for searching and learning.
From February 2017 until May 2017 I had eXistenZ N on my Xperia XZ and like the UI tuning modifications. This "ROM" does not come pre-rooted it is a patch for the stock ROM (match the versions exactly!) that enhances the settings/look.
On SONY devices I recommend rooting stock ROMs.
Shortcut: Pie users can proceed to step 7 here
Having a custom kernel might still be advantageous for you.
You need a custom (or modified stock) kernel (aka boot image) with DM-Verity and SONY-RIC OFF.
This kernel has to be in sync with your ROM. Flashing an unsuitable kernel (e.g. MM-kernel on N-Roms) will result in a boot loop aka "soft brick".
You even can bake one yourself (no easy task) if you find/adapt the sources for your device. -> first stop SONY developer world
This is might be easy! THANKS to the efforts of @AndroPlus, @janjan and others.
You have to look into the device specific fora to find a proper kernel for your ROM-version.
They have also included many patches to improve battery life, mitigate some (e.g. camera) issues from the loss of the device keys ...
Download the kernel and recovery for your device and ROM-version and follow the kernel makers' instructions.
On devices where there is no custom kernel, you can try patching the stock kernel to switch off RIC and DM-verity. In reality behind the scenes it is a bit more than just patching (=modifying) the kernel. You also get some updated init-scripts and as a end result a new boot.img
Very useful is [PoC][Work in progress] Trim Area Proof Of Concept developed by @munjeni
These scripts not only prepare a stock kernel for rooting but also put your TA backup from above to such a use that you regain the DRM-features lost by opening the bootloader! So you do not need a custom kernel with partial DRM-fixes!
For Oreo it is more complicated (it might be easier to search for a suitable boot.img aka kernel and I have not tested it on Pie but see next step):
@serajr enhanced a script specifically for Xperia X Performance, XZ and XZs
https://forum.xda-developers.com/showpost.php?p=74724162&postcount=2793
Under Linux I had to set the executable attributes on the shell scripts and binaries (chmod +x).
You get the required kernel.elf via the tools menu in Flashtool. Dump "kernel.sin".
I started applying the scripts to the Stock ROM in May 2017 since eXistenZ ROM lagged a bit behind in security patches and Android version:
- flashed stock ROM via Flashtool or Newflasher
- prepared a patched boot image with PoC and my kernel...sin and TA.img and answered all questions with "yes" (hit return each time)
Code:
./ta_poc kernel.sin TA.img ramdisk
I am on Debian as operating system.
On Windows you just run the provided batch files and follow the instructions here and in the thread for the scripts.
- flashed the resulting boot image with fastboot flash boot boot.img and test it works. Service menu/Security: keys provided YEAH
- flash recovery and from there root with SuperSU and flash Titanium Backup
- restored my apps with their data via Titanium Backup
==============
Some hints:
==============
Most of these commands emit useful info on the command line - read it, post their error messages if you are stuck.
Version numbers of the software used speeds diagnosis of problems. Often a good advice: "Use latest version."
adb reboot bootloader or switching OFF the device and then pressing the "volume up" button while plugging the USB cable gets you into fastboot mode. You see a black screen and the blue LED light.
I normally do not flash the kernel-ZIP-file via recovery but unpack it and flash this: fastboot flash boot boot.img
To get into recovery mode:
Switch OFF your device. Press the "power" button shortly to switch ON and hold "volume down" button more than 5 seconds (or when you see the yellow LED light on some devices).
Or: adb reboot recovery
If you can not get into recovery (e.g. AndroPlus has no kernel for your latest SONY ROM):
fastboot boot TWRP_latest_version.img
I use an SD card (content there survives factory resets) and there a directory "for_recovery" well stocked with the zip-files I intend to flash. In TWRP you can tell the file manager on what storage (internal, SD-card, USB ...) it will find the flashable ZIP-files. The default is "internal".
Pressing the Power button and "volume up" for about five seconds gives you a hard reset.
Good if you are totally struck - just flash a SONY ROM for your device with Flashtool and all the wipe boxes checked or use Newflasher (overwrites most partitions including your data).
If you like to read about the haarrrdddd way:
https://forum.xda-developers.com/z4-tablet/help/enybody-root-t3154926
The first rooting of a DM-Verity secured device in 2015. Thanks to SONY for releasing source code and binaries.
Rooting - aaahh, finally
Flash the latest Magisk (up to late 2017 I used SuperSU which still works) from recovery.
https://forum.xda-developers.com/apps/magisk/official-magisk-v7-universal-systemless-t3473445
https://www.chainfire.eu/ Find the latest SuperSU from there. You will not find it there any more since Chainfire has sold the rights to the utility. I endorse Magisk since that is open sourced on GitHub.
No: flashing a custom kernel and recovery does not root your device.
For Android Pie users: On my Xperia XZ1 I can skip step 6 completely!
Just install/upgrade to the latest Pie ROM and flash Magisk and install the Magisk app.
Bonus: Debloat the device
https://forum.xda-developers.com/search/forum/2522?query=debloat
Nowadays I use a debloat script written by @serajr for my devices https://forum.xda-developers.com/xperia-xz2/development/oreo-debloat-script-v1-0-t3798979,.
I edit (comment out) the debloat_list.sh in order to keep "com.google.android.apps.maps" and "com.sonymobile.email" which I both use.
mine (you screened my script?):
flash the attached ZIP-file
View attachment xtrm_debloat.flashable_ew_2016-12.zip
found in https://forum.xda-developers.com/xperia-z5/general/discussion-bloat-sony-xperia-z5-t3518860 probably original work by @ganeshbiyer
=============================================================
With opened bootloader you will not get OTA updates any more!
You have to check with the Xperifirm program if there are newer ROMs for your device.
I have not had any problems with installing e.g. a Swiss ROM over a Central Europe. There could be some worries when switching continents.
Download the desired ROM via Xperifirm and follow the instructions of Flashtool to flash the device (over USB update = OUU :laugh.
Accept the use of the FSC script.
Repeat the steps 5 to 6(7) for any other/newer SONY ROMs you flash followed by step 4 (if necessary).
If a wipe is needed I prefer the full wipe in TWRP compared to checking the boxes in Flashtool.
Or use Newflasher without flashing userdata.sin (just delete the file) in case of an upgrade.
=============================================================
CHANGES to this Guide
2019-04-23 updated for Pie, endorsed Newflasher, added link to serjars debloat script, link ckecks
2018-02-28 clarified getting kernel.elf for self patching, some typos, link ckecks
2018-01-31 link for better suited ta_poc added, toned down AndroPlus endorsement, added Magisk
2017-06-25 added link to xpericheck (find older ROMs), added hint for restoring TA for those TLDR-guys
2017-06-02 added procedure for patching stock kernel as alternative to custom kernels
2017-02-05 added recommendation for eXistenZ N ROM
2017-01-25 new URL for SuperSU, typos
2017-01-18 corrected the advice for booting into TWRP
2017-01-17 added info on fastboot driver for Windows users
DHGE said:
No - but you can find anything here or in the devices-fora later than Z3+ or SONY-cross-device.
https://forum.xda-developers.com/crossdevice-dev/sony
Good introductory (written for devices before Z3+):
https://forum.xda-developers.com/crossdevice-dev/sony/noob-guide-to-sony-ericsson-xperia-t3209012
It is still valid but the 2015 and newer devices are not rootable anymore (as described) thanks to DM-Verity.
For rooting the current device you have to open the bootloader.
Any claims to the contrary found "on the web" are only tricks to have you install "interesting" software on a Windows PC.
Do you want root?
No:
wait for the OTA-updates from SONY
don't like waiting or want to downgrade: get flashtool http://www.flashtool.net
it comes with Xperifirm (at least for my linux machines) that finds you the latest ROM
https://forum.xda-developers.com/cr...xperifirm-xperia-firmware-downloader-t2834142
Unfortunately it does not find many older ROMs anymore so you better keep your downloads (>2 GBytes each) or find an older ROM in case you need it (xda has a search function).
Yes:
As stated above, you need to unlock the bootloader to modify the system software on your device. Fortunately SONY gives (for non-carrier-locked) devices the option to unlock the bootloader.
Check if unlocking is allowed: in the service menu (dial *#*#7378423#*#* or *#*#SERVICE#*#* ) check under "Service Info"->"Configuration" the line "Bootloader unlock allowed:"
If you read anything other than "Yes" Stop here!
No: flashing another SONY Rom ("Customized CountryX") does not help you.
Hint: there is an app "SONY service menu" in the app-repository (F-Droid or Google).
OK - you can Now it is your last chance to save your device keys or "backup the trim area partition"
You should do this if you ever want to return to a SONY "blessed" state. e.g claiming service in countries where warranty is not for devices with unlocked bootloader or you want to sell it.
Otherwise do not bother with restoring the TA-partition. Doing so after the next steps will soft brick your device.
Go to SONY's developver world http://developer.sonymobile.com
Under drivers you find the drivers for the XZ under "Downloads" http://developer.sonymobile.com/downloads/drivers/xperia-xz/
These drivers are for Windows (which version?), do not bother if you are running a free operating system.
Install these drivers if you are a Windows user. Under Windows 8+ there could be problems with installing "non signed" drivers. Do a web/xda search to circumvent this security measure of Microsoft. http://www.flashtool.net/win8drivers.php
When you are installing: You also need to install the programs adb and fastboot.
https://forum.xda-developers.com/showthread.php?t=2317790
If you are running a free operating system: search for adb/fastboot or Android SDK in your repository and install these.
Running Linux it helps to insert the udev-rule mentioned in http://www.flashtool.net/lininstall.php otherwise you have to run esp. fastboot with root-privileges (not recommended, although the udev rule saves no punches ...)
You have to be root to save a partition - catch 22 :crying: ...
For Android Marshmallow ROMs, precisely up to version 39.0.A.3.30, exists an exploit of the copy on write function in the Linux kernel that gets you root privileges temporarily.
Follow https://forum.xda-developers.com/crossdevice-dev/sony/universal-dirtycow-based-ta-backup-t3514236
If you are already on Nougat you must downgrade the system ROM (see above) to use the exploit and backup the TA-partition.
TA-partiton backed up?
Now the non-reversible part:
Under http://developer.sonymobile.com/unlockbootloader/ you request an unlock code.
READ, READ what SONY have written there!
- You will lose some DRM functionality: https://forum.xda-developers.com/z3-compact/general/loss-drm-keys-t2890936
- Your device will factory reset. You have a backup?
You can get the IMEI-number from the original package of your phone (if you have good eye sight and nobody swapped the boxes) or pull a tab from the side of the phone (you do not want to do that) or print a screen shot of the relevant page of your service menu or head into settings->about device->status->IMEI-Info.
You follow SONY's instructions to unlock the bootloader and hold your breath as after a long reboot everything on your device is wiped. On the newer devices you get an ugly warning "the device can't be trusted anymore".
Hey, you have been warned. With the TA-backup you always can return to the chicken den.
Become a "developer"
- Tap seven times on the build number of your device. (settings->device info)
- then enable "OEM unlocking" (new for the 2016 devices like XZ) and "USB-debugging"
You have read the SONY advice?
Next decision: Root stock ROM or go Custom Rom?
Well - my opinion - for the newer SONY devices I have not found a recommendable custom ROM yet. I am VERY happy with a generic CyanogenMod on a tablet Z in my household. Do not ask me about the sad story of CyanogenMod as of late 2016...
Your mileage may vary: testing a ROM and reversing will cost you with a proper backup minimum 4-5 hours.
If you choose a custom ROM:
- read the thread to get a hunch if you really want to install it (get over the off topic newbie questions)
- Follow the instructions of the first page of the ROM-thread to install it. If you can not do this stop or be prepared for searching and learning.
On SONY devices I recommend rooting stock ROMs.
You need a custom kernel (aka boot image) with DM-Verity and SONY-RIC OFF.
This kernel has to be in sync with your ROM. Flashing an unsuitable kernel (e.g. MM-kernel on N-Roms) will result in a boot loop aka "soft brck".
You even can bake one yourself (no easy task) if you find/adapt the sources for your device. -> first stop SONY developer world
This is easy! THANKS to @AndroPlus
AndroPlus has also included many patches to improve battery life, mitigate some (e.g. camera) issues from the loss of the device keys ...
https://forum.xda-developers.com/xperia-xz/development/kernel-andropluskernel-v01-t3475240
AndroPlus has kernels for other devices too. Look into the specific device forum for a custom kernel,
Download the kernel and recovery for your device and ROM-version and follow AndroPlus' instructions.
Some hints: (most of these commands emit useful info on the command line - read it, post it if you are stuck)
adb reboot bootloader or switching OFF the device and then pressing the "volume up" button while plugging the USB cable (hooked to your PC! we need DC power for all this) gets you into fastboot mode. You see a black screen and the blue LED light.
I normally unpack the kernel-ZIP-file and flash this: fastboot flash boot boot.img
You get into recovery mode on booting by pressing the "volume up" button when you see the yellow LED light.
If you can not get into recovery (e.g. AndroPlus has no kernel for your latest SONY ROM):
fastboot boot TWRP_latest_version
I use an SD card (content there survives factory resets) and there a directory "for_recovery" well stocked with the zip-files I intend to flash.
Pressing the Power button and "volume up" for about five seconds gives you a hard reset.
If you like to read about the hard way:
https://forum.xda-developers.com/z4-tablet/help/enybody-root-t3154926
The first rooting of a DM-Verity secured device in 2015. Thanks to SONY for releasing source code and binaries.
Rooting - aaahh, finally
Flash the latest SuperSU from recovery.
https://download.chainfire.eu/1019/SuperSU
No: flashing AndroPlus or TWRP does not root your device. You'll have to flash Chainfire's ZIP-file!
Bonus: Debloat the device
https://forum.xda-developers.com/search/forum/2522?query=debloat
mine (you screened my script?):
flash the attached ZIP-file
View attachment 4000189
With opened bootloader you will not get OTA (over the air - prosaic?) updates any more!
You have to check with Xperifirm if there are newer ROMs for your device.
I have not had any problems with installing e.g. a Swiss ROM over a Central Europe. There could be some worries when switching continents.
Download the desired ROM via Xperifirm and follow the instructions of flashtool to flash the device. Accept the use of the FSC script.
Repeat the steps 5 to 6(7) for SONY ROMs followed by step 4 (if necessary).
If a wipe is needed I prefer the full wipe in TWRP compared to checking the boxes in FlashTool.
Click to expand...
Click to collapse
Woaw, thanks a lot for your awesome answer !
I receive my phone today, I'll follow your instructions
@DHGE your guide is well put, and I've not had any problems so far (I used a slightly different version of the Xperia ROM since the version you specified didn't show up, but it worked just fine, is sitting on Android 6.0, and I have the TA backed up).
I've obtained the unlock code from Sony's developer site, but I've still yet to get their email with the instructions on where to shove the code. Its been about two or three hours now, and it was sent to a Gmail address (which has received other mail since). I tried generating a new code to make sure the email was right (it was), and it spat out the same unlock code, so I'm guessing its just based off of the IMEI.
Question is: what does one do with the unlock code? I can't imagine the instructions would be different for each person and am not sure how long it may take Sony to email the Gmail account...
k2trf said:
What does one do with the unlock code?
Click to expand...
Click to collapse
Follow the steps on SONY's website where you obtained the unlock code.
Look at the big link at the right bottom after all the warnings...
Somehow I missed that completely, and just latched onto it saying to wait for the instructions via email. Honestly, I don't even know why they think it necessary. Anyone playing with unlock codes damn sure better be familiar with ADB and fastboot already, or be learning as they go. >_>
Hi,
there something I can do to roll back if I didn't backed up my TA partition?
thanks
bigkekko said:
Hi,
there something I can do to roll back if I didn't backed up my TA partition?
thanks
Click to expand...
Click to collapse
Roll back to recover TA? Unfortunately not.
This is a developer level tool, aimed at advanced users
(see next post for releases)
My Ares8 allows you to boot from EFI by holding Home while powering on. This is good because fastboot blocks flashing the partition table and some partitions.
So I have created this mini OS (zefieOS) using Buildroot and a custom kernel I have been hacking together for the Ares8.
This system allows you to completely wipe and repartition your eMMC, restoring partition table and factory image.
A system like this will allow you to take greater risks with your tablet, especially useful for development.
If you wipe your eMMC to install Windows or Linux, you can easily restore to Android (if you have an Ares8, or use the upcoming backup feature).
It should be easy for developers to port to other boards by swapping out the kernel.
Buildroot custom files and configs are available on my GitHub. (may be needed for porting due to keymap overrides to navigate menus)
You can also check the "Projects" section on the GitHub to see what I am planning.
Video:
(QEMU Demo, but tested on my Ares8)
Features:
Restore compressed disk images (xz, bz2, gz)
Restore raw disk images
Restore TWRP raw eMMC images
Restore TWRP ext4 partititons, compressed and/or split
Secure Erase (Discard) entire eMMC and repartition
Copy log to USB
Entire OS is run from RAM Disk.
Shell access (keyboard required)
Dialog GUI navigable from device with keymap overrides
Restore without touching partition table
Multiple backup support
Source code available, easy to rebuild
Future:
To keep up on future plans, check out the "Projects" section on the GitHub
Disclaimer:
I have tested this on, and have successfully restored my Ares8 Gen2 (manufactured August 2016). However while this tool is being released on the assumption that it will work on all Ares8 devices, I will not be held responsible for any damage caused by this tool. This tool, in its current developer alpha state, is not meant to replace TWRP. It is meant to restore your tablet if it is otherwise useless to you, such as being in DnX mode (which means your ESP partition is corrupt or missing). Running this tool needlessly may cause damage, and this is solely your responsibility.
Releases can be found here:
https://archive.midnightchannel.net/zefie/linux/intel_baytrail_soc/zefieOS/
I am linking to a folder because I have decided to release zefieOS and the restore packs separately for easy updating.
To use, download the latest uploaded version of zefieOS, then download the Ares8 Gen2 restore pack.
More information can be found on the top of the page linked.
For now, I would not recommend this unless your tablet is in need of a FULL recovery (aka you are getting the DnX mode error), or if you are a developer interested in porting this to your device.
Developers should know the modular design of zefieOS is intended for easy porting to another device. This means you will not have to update your files 99% of the time when I release updates.
Eventually this will be a more user-friendly tool, but I wanted to release this functioning alpha release for those who may need to recover their Ares8 tablets.
I have successfully restored my Ares8 from DnX mode to a full working system using this tool.
I will continue to work on and improve zefieOS in my spare time.
Developers looking to port this to their devices should respond in this thread and I will help as much as I can.
Eventually there will be both a user guide as well as a developer guide.
instantnoodle-tools-cli-mainHey all!
I've started this project to allow people to use their devices longer, right now with a focus on the OnePlus 8, but eventually spreading to more devices. These scripts are currently for Linux Ubuntu/Debian distros only, but I plan on expanding support to other systems as well. Below is a link to all the files you will need to start using the scripts for beta testing on Linux machines. The only three ROMs available at the moment are Lineage OS 18.1 (with or without Google), ShapeShift OS v2.6, and Pixel Experience, but, again, more ROMs will be supported. I also plan to include troubleshooting support for frequent issues that can be fixed.
GitHub - kyg203/Android-Tools-CLI-
Contribute to kyg203/Android-Tools-CLI- development by creating an account on GitHub.
github.com
setup.sh - this script installs all of the tools and software for the next scripts to use for flashing. Please initiate this script first time and every week or so to keep tools up-to-date and fresh.
autotools.sh - This is the main script you will be executing. The rest will be executed from here. Do not execute any others manually to ensure you don't break anything.
rom-installer.sh - ROM chooser script. downloads the ROM of your choice and extracts the fastboot images from the payload.bin file. Do not execute from here.
In each ROM folder, there will be an info "readme" file. These files basically serve as a directory listing, allowing you to find the project page on XDA/GitHub/Website, look at any known bugs before you flash, and see any special install instructions. Please check these files regularly!
I will be focusing on perfecting the process on the command line on Ubuntu and Debian based distros first before I begin supporting more distros and operating systems. feel free to leave comments about the project below and begin porting your device into the project!
<---------- WARNING ---------->
// THIS IS STRICTLY IN ALPHA TESTING
// USE AT YOUR OWN RISK AND ALWAYS BACKUP YOUR DATA
<---------- WARNING ---------->
<---------- REQUIREMENTS ---------->
YOUR DEVICE MUST BE BOOTLOADER UNLOCKED
PUT THIS FOLDER IN ROOT (~) aka Home
PATIENCE - This project is still in the process of setting up and may produce errors. Feel free to contact me or anyone on XDA to help you with any issues or answer your questions.
BACKUP YOUR DATA - Backup all of your data even before you unlock your bootlaoder, because as soon as it is unlocked the device is wiped. Be prepared and you have been warned.
<-------------- RECOMMENDATIONS ------------>
I highly recommend you root your phone and leave Lineage Recovery or Pixel Experience Recovery on the device. This generally makes troubleshooting faster and easier. Plus, it allows you to backup your persist.img in the chances it does get corrupted. I will be adding a tool to backup and restore this image for you.
If enough support comes through, I will make a Telegram and Discord for this project specifically for support.
This is a really exciting concept and thank you very much for your efforts thus far.
UPDATE [2020-06-03]
- Added a new folder hierarchy to organize the mess a bit
- The entire project does not create anymore folders inside or outside of the branch
- Trying to leave a small footprint, so deletes all .img's, .bin's, and any other files immediately after usage.
- Updated README (and above)
- Brought support for ShapeShift OS (v2.6 Sceptile)
- Trying out an info file in each ROM folder to highlight features, issues, support, and information. Still working on gathering more information.
Hope everyone is doing well! If anyone has tried it out yet, even an older version, did it work for you and how was the overall process?
Can this be already used or not yet ?
dan20063 said:
Can this be already used or not yet ?
Click to expand...
Click to collapse
Yep! Only works on Ubuntu based systems.
Download the folder, execute setup.sh (as sudo) and then execute autotools.sh (as sudo).
You're "average Linux user" (ik basically a meme at this point) will have no issue installing a ROM manually instead, and would most likely prefer the control and ease of mind of the manual way. Especially because they still need to download and get an understanding of ADB/Fastboot and its commands since that's necessary for unlocking the bootloader.
With that being said I'm glad you made this, looking forward to further development, and I'm downloading now to test and for S&G.
Yeah, that's true. I just wanted to get it going and working on Linux where I'm a bit more comfortable and then switch it to Windows once I have a Windows device. I definitely added a bootloader unlock, but that obviously only works for unlocked devices
Nice work!
Thanks for your time, effort and sharing.
Just updated the autotools project!
What's new?
-- Updated all the available custom ROMs and custom recoveries
-- Shorted a couple of scripts to reduce folder size
-- New backup_persist.sh script - self explanatory. Everytime you run this script, it erases the previous backup, so be careful about executing this one!
-- New restore_persist.sh script - self explanatory - Uses the last made backup of your persist.img!
If you want multiple backups of the persist, maybe for different versions of Android, you will need to go in and rename those files separately. To do this from the terminal, just type "mv persist.img new-name-of-file-here.img" or you can rename the file from your local file manager.
Just a reminder: this project is open source! Please port it to support your own device! I'll be finishing up the OnePlus 8 by this weekend and then working towards my Pixel 6 when it comes in by Christmas.
This is the Android 10 recovery image by HCT (version 10.3.1) patched to skip signature checking on .zip files
Tested on MTCE_LM (Eunavi). Use at your own risk
It can be flashed from a root shell (either adb or via terminal emulator) by performing the following steps
1. upload recovery via adb
Code:
adb push hct_recovery_patched.img /sdcard/
2. flash recovery
Code:
# backup current recovery
dd if=/dev/block/by-name/recovery of=/sdcard/recovery_backup.img
# write new recovery
dd if=/sdcard/hct_recovery_patched.img of=/dev/block/by-name/recovery
NOTE: If you do not disable the "flash_recovery" service in /init.rc, AND you have a stock kernel, recovery will be restored to the original version after rebooting.
There are 3 ways to avoid this:
- Flash magisk (or a modified kernel) while in recovery. The patch will then fail to apply and recovery won't be overwritten
- Disable "flash_recovery" by doing "adb remount" and editing /init.rc (comment out the following)
Code:
service flash_recovery /system/bin/install-recovery.sh
class main
oneshot
- Neuter the service by either:
- removing /system/bin/install-recovery.sh- replacing /system/bin/install-recovery.sh with a dummy script- removing /system/recovery-from-boot.p
Woo-hoo, after hundreds of rubbish posts in the MTCD forums, we have a real development post!
Great work and thanks for sharing this, these forums need more like you.
Thanks for the kind comment!
I have to admit that it was frustrating to see the lack of information sharing on this forum, and the pervasive pay-per-use model.
I spent a lot of time just getting Android 10 installed (starting from Android 9), and i had to bring the head unit to my desk as working in the car was rather hard and all i achieved was a brick.
I unfortunately had to bring it back in the car now (can't sit on my desk forever) but, now that i figured out how to make bootable recoveries, i was wondering how hard it could be to have TWRP or at least a hassle-free recovery to install Android 10 from Android 9.
As a first step, this recovery makes it possible to install Magisk or other zip files without doing it manually within adb.
Cheers!
Your work is really good!
Thanks a lot for it.
Now you can also modify ROM's without signatur errors when installing.
Wouldn't it be good if we had an app like the ModInstaller ?
So a one click installation of the recovery without shell or adb.
I have now built an app.
And now need help.
Namely, in the app is the recovery and the script.
Unfortunately, the flash process is not started.
It always comes only the first message from the script.
The app is open source and the script and the recovery are in res/raw.
In the attach you will find the finished app and pictures.
If someone has a solution, he can write me or make a pull request on Github.
Source code:
GitHub - jamal2362/RK33XX-Custom-Recovery-Installer: Application for flashing custom recovery on Rockchip Android Head-Units.
Application for flashing custom recovery on Rockchip Android Head-Units. - GitHub - jamal2362/RK33XX-Custom-Recovery-Installer: Application for flashing custom recovery on Rockchip Android Head-Units.
github.com
The script:
RK33XX-Custom-Recovery-Installer/script at master · jamal2362/RK33XX-Custom-Recovery-Installer
Application for flashing custom recovery on Rockchip Android Head-Units. - RK33XX-Custom-Recovery-Installer/script at master · jamal2362/RK33XX-Custom-Recovery-Installer
github.com
First of all, congrats for the work!
DISCLAIMER:
I don't own ModInstaller, i have never bought a copy of it and i don't intend to do so.
Analysis is purely done from Youtube videos, open source code analysis and existing and openly available binary images.
I was working to figure out how to make a FLOSS alternative to ModInstaller.
The issues i found in all my attempts are the following:
- A6 recovery is the only one that can boot from SD Card (which can then be used to flash A9 -> A10 with the 2SD trick)
- (it took me a long time to pull these information together and unbrick my unit)- The A6 recovery is unable to directly flash A10 RKAF/RKFW images (sdupdate.img) due to the code being too old
- a failure will be observed while writing super.img. This happens because the device needs to be repartitioned, and the A6 recovery is not doing it correctly- A9 recovery is buggy. Booting it with no system installed will result in a black screen.
- it will only boot succesfully after being written by the A6 flash tool, which writes the "misc" partition with the recovery commands to run (the "hint" i get from this is that the misc partition is important)- A10 recovery can't be loaded by the A6 recovery. I always got a black screen after flash. Is it a flash issue? is it an issue with the recovery itself? hard to know
Theory: maybe the recovery could be written over the kernel partition? ("boot")
This way, the recovery will always run after being flashed instead of requiring an explicit "enter recovery" trigger (buttons, misc partition, etc.)
Besides these experiments, in parallel, i did some bug fixing to this repository: https://github.com/liftoff-sr/rockchip-tool/commits/master (i'm "smx-smx")
That allows me to unpack nad repack "sdupdate.img" , "reduced recovery images" and "full IMG files".
With those tools. i tried to swap "recovery.img" in the A6 image, but i always got the black screen upon booting from SD.
Either A9/A10 breaks sdboot or the bootloader crashes before it gets there.
Since this also happens when being flashed, this could either be a bug in the flashing program or a bug in the boot stack (which fails to run recovery perhaps due to a dirty state of the internal flash). It's hard to know for sure without having a UART connection with the board.
BUT, we have an alternative, in the form of the recovery built-in ISP flash tool.
This is the code that reads "sdupdate.img" from the SD Card and flashes it
After reading the recovery source code, i realised that this code can only be triggered correctly when booting from the SD card.
It detects this state by reading /proc/cmdline and probing for specific values (https://github.com/rockchip-android...6f72b7d3123dab27135ac41d55029/sdboot.cpp#L206)
This means the bootloader can (and will) pass those arguments under specific conditions (https://github.com/rockchip-linux/u...c873f178c/arch/arm/mach-rockchip/board.c#L358)
If you check here https://github.com/rockchip-linux/u...3f178c/arch/arm/mach-rockchip/boot_mode.c#L47 you can see the magic word that needs to be written to the "misc" partition in order to trigger that code.
Note that, besides the well known "sdboot", "usbboot" is also possible.
I'm not sure if the ROM can physically boot from USB, but the bootloader and recovery do support (according to code) passing the flag to enable flashing from USB.
So, recapping, there are these ways we can try:
a - try to overwrite "boot" with "recovery" (but it might not work due to the partitioning layout, e.g. jumping from A6 -> A10)
- note: uboot might also need to be written when doing this.
b - making a modified "sdupdate.img" that flashes recovery on top of boot, and all the other core partitions like "misc", "uboot", "trust", "vbmeta"
c - writing "misc" from android in order to triggers the "rkfwupdate" mode
d - taking a dump of the first portion of the flash in various states (A6, A8, A9, A10), and having a "dd" that writes it back to the beginning of the flash (i suspect this is how ModInstaller does it)
Considering cases "b" and "c" depend on a recovery that can write them correctly (and the A6 one is buggy), this leaves us with "a" and "d"
Considering that ModInstaller does it in one shot, and doesn't seem to matter about the partitioning layout, i believe "d" might be the most viable option...
Using the "rockchip-tool" repository i linked from github, the partition table can be dumped from any .img file
You can observe "Image/parameter.txt" from the extracted firmware
This is the partition table from A6's recovery:
[email protected](uboot)
[email protected](trust)
[email protected](misc)
[email protected](resource)
[email protected](kernel)
[email protected](dtb)
[email protected](dtbo)
[email protected](vbmeta)
[email protected](boot)
[email protected](recovery)
[email protected](backup)
[email protected](security)
[email protected](cache)
[email protected](system)
[email protected](metadata)
[email protected](vendor)
[email protected](oem)
[email protected](frp)
[email protected](userdata)
And this is the partition table from A9's recovery
[email protected](uboot)
[email protected](trust)
[email protected](misc)
[email protected](resource)
[email protected](kernel)
[email protected](dtb)
[email protected](dtbo)
[email protected](vbmeta)
[email protected](boot)
[email protected](recovery)
[email protected](backup)
[email protected](security)
[email protected](cache)
[email protected](system)
[email protected](metadata)
[email protected](vendor)
[email protected](oem)
[email protected](frp)
[email protected](userdata)
Notice how uboot, trust, misc, resource, kernel, dtb, and others live in the same space. (2000, 4000, 6000, 8000, 10000, ...)
What we could do is create a raw blob that spans that address range, and "dd" it directly to /dev/mmcblk0 at the right offset.
So i would focus on converting recovery images to raw blobs, with recovery-as-kernel so it boots straight away on the first try.
Bump a real thread.
Is it possible to convert it to a file installed by SDDiskTool?
marchnz said:
Bump a real thread.
Click to expand...
Click to collapse
I created a flashing tool to flash recovery within Android, using Rockchip's own code: https://forum.xda-developers.com/t/...chip-firmware-flash-tool-for-android.4458299/
blala said:
I created a flashing tool to flash recovery within Android, using Rockchip's own code: https://forum.xda-developers.com/t/...chip-firmware-flash-tool-for-android.4458299/
Click to expand...
Click to collapse
This file hct_recovery.patched.img does not appear to be installed via rkupdate
sadaghiani said:
Is it possible to convert it to a file installed by SDDiskTool?
Click to expand...
Click to collapse
It needs to be converted, yes
I'll take a look this afternoon
blala said:
It needs to be converted, yes
I'll take a look this afternoon
Click to expand...
Click to collapse
Is it possible to create a boot image that includes moded recovery & magisk and moded kernel ?
If by image you mean firmware image then yes, it can be done with https://github.com/liftoff-sr/rockchip-tool
But what i would recommend is the modded recovery only, with the magisk .zip to use in Recovery
Otherwise you risk flashing a kernel that doesn't match with kernel modules or is otherwise not fully compatible with the installed system
blala said:
If by image you mean firmware image then yes, it can be done with https://github.com/liftoff-sr/rockchip-tool
But what i would recommend is the modded recovery only, with the magisk .zip to use in Recovery
Otherwise you risk flashing a kernel that doesn't match with kernel modules or is otherwise not fully compatible with the installed system
Click to expand...
Click to collapse
boot.img file included recovery+magisk+kernel
Flashing a boot.img (Kernel, for example) in an Android mobile phone via adb shell
Flashing a boot.img (Kernel, for example) in an Android mobile phone via adb shell - script.sh
gist.github.com
MTCD has separate boot and recovery partitions.
Perhaps you can adapt both recovery/kernel to be in the same image but the bootloader won't know about that (and will always boot from "recovery" partition)