Well I know I'm not the only one who got a bad WiMax MAC address after trying to update my WiMax radio image. I should learn to not try and fix things if they aren't broken
If you've gotten the dreaded "00:16:08:00:24:05" MAC address like I did, this guide will help you fix it. You'll need fastboot set up, a NAND unlocked phone with Toast's part 2 method, your correct MAC address for WiMax, and the files below.
FILES:
New radio
New WiMax
You MUST download & flash these again even if you already have. I don't care if you think you already have the right ones, download these. If you don't, don't ask me for help if you use the wrong ones.
STEP 1: Fix MAC
First, get your right MAC address. It can be found under the battery by the WiMax tag, or on your box under the WiMax barcode. It should be 12 digits long, with no colons in it. If it were supposed to be "00:16:08:00:24:05" it would look like 001608002405 on the box. Write that address down with a colon between every two characters to get it in the right format.
Next, boot your phone into fastboot mode. If you don't know how to do this, hold down volume and press power to boot into the bootloader. After it brings up the menu where "FASTBOOT" is highlighted, press power. It should say "FASTBOOT USB" in red where it previously said "HBOOT" in green.
On your PC, open a shell. First off, lets see if you have a bad MAC, run
Code:
fastboot oem wimaxrmac
It should return something like
Code:
INFOcmd_wimaxrmac
INFODev MAC = *Your MAC address will be here*
OKAY
If it doesn't match the code you wrote down, then you have a bad MAC. If it does match the code you wrote, then skip to step 2.
To fix it, you need to run:
Code:
fastboot oem wimaxwmac *Address you wrote down here*
Like if you wanted it to be "00:16:08:00:24:05" then you would run:
Code:
fastboot oem wimaxwmac 00:16:08:00:24:05
It should return something like:
Code:
INFOcmd_wimaxwmac
IFNOWrite OK! MAC = *Address you entered here*
OKAY
Then just run
Code:
fastboot reboot
To reboot back into Android with your correct MAC address.
STEP 2: Flash the images again
Now push those files to your SD card & reboot into recovery.
Once you're in recovery, flash the "evo.2.05.00.06.10.zip" file. Reboot from the menu like it tells you. Once you're in Android, update your Profile & update your PRL.
Now reboot into recovery again, this time flash the "evo.wimax.25641_r01.zip" file. Reboot again from the menu, and guess what. Once again, update your Profile & PRL. Reboot one more time for good measure, and you should have working 4G. I haven't been able to confirm 4G myself, but others have reported it working with my method. My logcat no longer shows any 4G errors and neither does the kernel log, plus all the data now matches how it was before my update, so that leads me to believe it's working.
I wrecked my MAC with the update and fixed it like this, but I haven't had a chance to try out 4G yet since I won't be going into the city where I'll have coverage until Saturday.
Please post here if it works for you or if it isn't clear then just post & I'll try and clear it up.
Regards,
Jesse C.
EDIT: As a few posters had trouble, it came to my attention that you MUST have run Toast's root part 2 image to have access to fastboot oem commands.
EDIT 2: Now full 4G fix.
Thank you so much!
Sent from my PC36100 using XDA App
On it.....!!!!
It's possible this may only update the MAC and not the key, Joshua (unrevoked) told me and a few others that was their main issue.
Let's see what results show.
Hot damn!!!! It works!!!
Neotelos_com said:
It's possible this may only update the MAC and not the key, Joshua (unrevoked) told me and a few others that was their main issue.
Let's see what results show.
Click to expand...
Click to collapse
If it really is the key, we can modify that here too. If we can pull a copy off a working device, we can write it with fastboot too I'm pretty sure
Geniusdog254 said:
If it really is the key, we can modify that here too. If we can pull a copy off a working device, we can write it with fastboot too I'm pretty sure
Click to expand...
Click to collapse
My understanding is the key is specific to each MAC, either way someone reported it works.
We just need people to post their before and after MAC address to confirm.
It does seem there are two variations of the bad MAC from different roms (at least from reports I've heard).
Well i changes the mac....i dont know if 4G is working on it.....
ON XP opening a shell using CMD? I'm not sure how to communicate with my EVO. Been without 4G for a while, trying to get it back up and running.
( waiting for device )
*nevermind*
Sleep..needed badly
Travyevo said:
ON XP opening a shell using CMD? I'm not sure how to communicate with my EVO. Been without 4G for a while, trying to get it back up and running.
Click to expand...
Click to collapse
You need adb from the Android SDK.
You also need to set your phone for USB debugging.
If you look around there's hundreds of tips on doing all this.
asrebel said:
*nevermind*
Sleep..needed badly
Click to expand...
Click to collapse
are you in fastboot?
Neotelos_com said:
My understanding is the key is specific to each MAC, either way someone reported it works.
We just need people to post their before and after MAC address to confirm.
It does seem there are two variations of the bad MAC from different roms (at least from reports I've heard).
Click to expand...
Click to collapse
I saw the same thing. I ended up with the one i posted in the OP but it seems they all start with the 00:16:08 characters.
I don't think its safe to post the after MAC address, sicne it's unique to every device. It won't hurt anything, but I'd rather keep mine private
Neotelos_com said:
You need adb from the Android SDK.
You also need to set your phone for USB debugging.
If you look around there's hundreds of tips on doing all this.
Click to expand...
Click to collapse
ADB appeared to install when i connected it. I'll take a look.
Thanks
my fastboot doesn't seem to recognize the 'oem' command. Is that a function of fastboot?
Anyone 4G back working using this method?
rocolema said:
my fastboot doesn't seem to recognize the 'oem' command. Is that a function of fastboot?
Click to expand...
Click to collapse
Yes. It should work for everyone. Do you have the newest fastboot?
david279 said:
Anyone 4G back working using this method?
Click to expand...
Click to collapse
I thought you said you had it working? Do you not have 4G or did it not fix the 4G errors
It fixed my MAC address. I have no 4G to test to see if thats working.
This is an interesting method.
I have restored my MAC via a different route, but I believe if I were to flash an offical wimax right now, I would lose my MAC again. What I have done requires modification to the wimax.img file.
Does this persist through reboots? If it does, this would likely be the best answer to the problem of the bad mac addresses.
david279 said:
It fixed my MAC address. I have no 4G to test to see if thats working.
Click to expand...
Click to collapse
Ah okay. I'm in the same boat
Related
Hello,
This is a dead easy fix to get tethering working completely with android-wifi-tether (http://code.google.com/p/android-wifi-tether/):
UPDATE
New development version has support for this rolled in, instructions are no longer necessary:
http://code.google.com/p/android-wi...name=wireless_tether_2_0_2-pre14.apk&can=2&q=
Steps:
1. Open adb shell (start cmd.exe, run "adb shell")
2. Issue the following commands:
- "mkdir /sdcard/android.tether"
- "cat /etc/firmware/fw_bcm4329_ap.bin > /sdcard/android.tether/fw_bcm4329.bin"
3. Download and install the android-wifi-tether application, start tethering.
Your log from android-wifi-tether should look like the attached image.
Happy configuration free tethering!
NOTE: This works because of the two separate firmwares that HTC has included in /etc/firmware. One is specific for AP-mode and must be more open to this kind of stuff. The original bug stemmed from the usual firmware dropping ARP requests pretty consistently, possibly as a powersaving measure.
The second firmware is loaded using the firmware_path option when loading the bcm4329.ko kernel module.
anyone else confirm this working please.
I confirm this working...
You will need to have root to run the app of course but 2 or 3 people have confirmed it on bug 362 already on the google project.
Not working for me
AWESOME!!!
actually i ever use wifi tether but this is pretty cool because it actually worked. i know on the heroC we had issues with wifi tether all of a sudden not wrking after 2.1. nice to see that its been fixed. good work spreading the word
ya. it will get SU permissions,
i can find the connection.
i connect to it. but no data transmitting.
would be cool if someone can confirm 4g is able to be tethered.
fdot said:
ya. it will get SU permissions,
i can find the connection.
i connect to it. but no data transmitting.
Click to expand...
Click to collapse
same here. any ideas?
toastcfh said:
would be cool if someone can confirm 4g is able to be tethered.
Click to expand...
Click to collapse
Not confirming but based on what I read harry_m stated the wifi tether app uses the current connection, so in theory if you switch between 3g and 4g the app will switch accordingly.
i can confirm
I originally flashed with toast's rom. Used the recovery .bat to install Flipz's stock root rom.
I then flashed toast's radio rom.
wifi tether did NOT work.
I then performed the above instructions, and viola, it works fine. (i am posting via wifi tether)
I want to thank everyone who is hard at work on these projects, you guys are awesome.
fdot said:
ya. it will get SU permissions,
i can find the connection.
i connect to it. but no data transmitting.
Click to expand...
Click to collapse
Check that the log screen looks exactly like mine does. Did you get any errors when you issued the adb commands?
Look on your sdcard for the android.tether folder and see if fw_bcm4329.bin file exists there.
toastcfh said:
would be cool if someone can confirm 4g is able to be tethered.
Click to expand...
Click to collapse
dcmtnbkr said:
same here. any ideas?
Click to expand...
Click to collapse
It should work according to one of the comments given about the issue. http://code.google.com/p/android-wifi-tether/issues/detail?id=362#c36
Because I am weary of rooting my phone not being able to return it to stock, I am gonna try it with the unrevoked root first.
goodfellaslxa said:
I originally flashed with toast's rom. Used the recovery .bat to install Flipz's stock root rom.
I then flashed toast's radio rom.
wifi tether did NOT work.
I then performed the above instructions, and viola, it works fine. (i am posting via wifi tether)
I want to thank everyone who is hard at work on these projects, you guys are awesome.
Click to expand...
Click to collapse
i followed this same exactly.
andrew500 said:
Check that the log screen looks exactly like mine does. Did you get any errors when you issued the adb commands?
Look on your sdcard for the android.tether folder and see if fw_bcm4329.bin file exists there.
Click to expand...
Click to collapse
no errors in adb.
and the .bin file is sitting in the directory.
and the log looks like yours.
running toasts ROM
can't get this to work
followed instructions, and when i click on the tether button it instantly says: unable to start tethering, please try again!
log screen is completely blank
any ideas?
fdot said:
i followed this same exactly.
no errors in adb.
and the .bin file is sitting in the directory.
Click to expand...
Click to collapse
I meant the screen in android-wifi-tether, does it look like the screen cap I included? It should have a debug line about the loaded firmware on the first item.
- Didn't see the edit you made with that screen:
Have you done the OTA update? Could be the SD card bug possibly. The log screen shows it didn't load the external firmware.
"Unable to start teterhing try again"
I skimmed this thread, I am using toast's rom.
I have just applied the Unrevoked root. I cannot access the sdcard via adb shell. Any ideas?
When i send command
"cat /etc/firmware/fw_bcm4329_ap.bin > /sdcard/android.tether/fw_bcm4329.bin"
it gives me error msg
"cannot creat /sdcard/android.tether/fw_bcm4329.bin: directory nonexistent"
i followed this same exactly.
no errors in adb.
and the .bin file is sitting in the directory.
Click to expand...
Click to collapse
I meant the screen in android-wifi-tether, does it look like the screen cap I included? It should have a debug line about the loaded firmware on the first item.
- Didn't see the edit you made with that screen:
Have you done the OTA update? Could be the SD card bug possibly. The log screen shows it didn't load the external firmware.
Click to expand...
Click to collapse
I have not done the ota.
-------------------------------------
Sent via the XDA Tapatalk App
Before we begin. This solution is for people who have tried everything multiple times, and failed. If you haven't read and have not tried the following solutions yet, please do so first:
How to start over: From original stock to rooted latest OTA (WiMAX working!)
[GUIDE] Bad WiMax MAC? Broken 4G after update? Fix HERE!
The guide below is ONLY for people who did not have success with above methods (i.e. they are really really hosed). And there are limitations for now, until everything is confirmed and tested. The most important part you need access to a second, healthy and rooted EVO. As of yet, this is the only way to guarantee that one binary dump is not used a million times, negating the effect.
Please read the whole guide before starting the process, so that you know the risks, limitations, and potential issues with all this.
I am going to sign off for a few hours, and go enjoy my life for a brief time, before returning to answer any questions that may arise.
Ok, so for now, this is more of a proof of concept solution, since I understand not everyone has more than one EVO to do what I did.
My idea about partitions was correct, so without further ado, here is how to restore a botched wimax.
What you need.
2 Fully rooted EVOs (step 1 and step 2), one with working 4G (any version of all firmware on either, all we care for is working WiMax)
System which can do fastboot commands. That means you will have to have Android SDK installed. I also add path to /tools folder into my system PATH, so I don't have to type out the full path to adb or fastboot every time
Custom recovery. I use clockwork for this, since I am not sure all the files are signed, as required by Amon RA's recovery
Broken EVO backup
Backup your existing wimax partition on your broken EVO. We may need it some day.
Open command line window (cmd)
Make sure you have no PC36IMG.zip files in the root of your SD Card, or it will take a while to power your phone up
Power down your phone
Power it up while holding down the Volume Down key
HBOOT will attempt to scan for PC36IMG files. Let's hope you read carefully and don't have it on your SD Card root
Once HBOOT fails to find the file, use Vol Up/Down buttons to go into Fastboot mode
Connect the USB cable to your phone (and PC). You may have to install the USB drivers that come with Android SDK, but chances are if you are looking for this solution, you already have them installed and working
The FASTBOOT mode will switch to FASTBOOT USB (that's good)
Test your fastboot by typing "fastboot oem h" in command window you opened earlier (note, no adb, or adb shell anywhere, the command is "fastboot oem h". From here on all fastboot commands are issued in that window
If you see less than ~40 lines of output, you don't have a propertly rooted phone, and you need to do step 1 and step 2 (see above)
Dump your wimax data by issuing "fastboot oem saveprt2sd wimax -n wimax.bin" command (varies, anywhere between 7 to 8.5 MB, mine was 7MB)
Dump complete partition (~12MB) by issuing "fastboot oem saveprt2sd wimax -n wimax.bin -a" command
Reboot your phone
Pull the data files you dumped to a safe place ("adb pull /sdcard/WIMAX.BIN" and "adb pull /sdcard/WIMAXRAW.BIN"). Note the capitalization, it's important
We are done with your "bricked" phone.
Getting correct wimax image from a working phone
Now, repeat the same steps for your working phone (steps 1-14)
Pull the files to a different (safer) place, and cherish them like they are the only thing you care about in this world (which you do, right?)
Make a copy of your WIMAX.BIN file from the working phone (do NOT edit the actual file, just in case something breaks with your working phone at any time)
Use hex editor to update the working file in 2 places, and change the MAC address (which should be your working evo MAC - 1) to your broken evo MAC - 1 (remember, A becomes 9, F becomes E, etc). It's a big file, so search for "00:18" to find the 2 places. There will be exactly 2, not 3+ and not 1.
Rename the file you just edited to "wimax_25641R01.img"
Fixing your bricked phone
Push it to your sd card root: "adb push wimax_25641R01.img /sdcard"
Push the attached zip file to sdcard root: "adb push new_wimax.zip /sdcard"
Reboot your bricked phone into recovery
Flash new_wimax.zip. This will force write wimax_25641R01.img you pushed earlier, including the certificates in it
Reboot from recovery, let it finish, and boot up into Android
If not running the latest evo WiMax firmware yet, use the second attached zip to do so
Reboot your phone. Allow everything to complete and boot into Android
If needed, update PRL/Profile (I didn't need to, but I already updated it 50 times by now, so YMMV)
Now, I can not attach any of my dumps yet, before I test and make sure whether both phones can stay online on 4G without interruption, I will do some more testing later, since the Encryption keys are different (between 2 working evos I dumped binaries from). I still have 1 more phone to check when I get home. So if you have another evo (friend, family, etc) - you can do that already.
Otherwise, be patient, more testing is needed to make sure we are not going to steal anything from your friend, family, etc, since encryption keys are unique.
But the above solution works for completely restoring your 4G into working state.
I am currently running latest rooted OTA update, too, so it definitely works fine on latest and greatest.
Red,
Have you actually seen the encryption keys in plain text? How many bits are they?
Also, when you restored the wimax part from the working phone to your non-wimax-working phone, did you keep the MAC the same between the two phones?
Red,
Now that you have 4g fixed, can you take a look at your *.tree.xml files? Look at the ones from when 4g was broke, and then look after. Everything from boot.bin gets written into that file, and I'm hoping the signature does as well. If so, we may be able to pull it out of an old xml file and somehow work it back into the wimax.img.
Thanks
EDIT: On second thought, I do recall there being a way to flash the signature via fastboot..
MAC addresses were kept different, exactly what they are on a label behind the battery. For each phone. Hence, the editing step for the wimax partition dump.
Tree.xml does not contain any signatures, I verified this some time ago before I even started playing with the wimax partition by taking one from a working evo.
The keys are in plain text, simple RSA keys, judging by the size looks like 1024 bit. both public and private key are stored. Who knows, maybe just faking one will do it but I am guessing they are signed by some sort of CA otherwise it would be too insecure of Sprint.
So if we had a Nandroid backup from when Wimax was working, the boot.bin in that backup would have the key in it right?
Let's pretend it does, it would get written over when you powered on the phone after flashing. What if we didn't reboot after the restore and went back to recovery? We would then be able to get the boot.bin via adb and get our respective signatures. If they are indeed 1024bit, I don't see us being able to regenerate them anytime soon.
This may be worth a shot. I am not sure boot.bin has the signatures, but I will check later tonight. If it does, I am guessing we should be able to just do a drop in replacement of signatures in the image file and it should work.
Sent from my PC36100 using XDA App
Also since nandroid is just a simple copy and I'd the keys are indeed preserved, I would think we can pull them from there.
Sent from my PC36100 using XDA App
mpa4712 said:
So if we had a Nandroid backup from when Wimax was working, the boot.bin in that backup would have the key in it right?
Let's pretend it does, it would get written over when you powered on the phone after flashing. What if we didn't reboot after the restore and went back to recovery? We would then be able to get the boot.bin via adb and get our respective signatures. If they are indeed 1024bit, I don't see us being able to regenerate them anytime soon.
Click to expand...
Click to collapse
Does the Boot.bin actually store the keys? You are correct that once you restore a nandroid your working Boot.bin is replaced on boot of Android, in fact from what I saw it seemed it was replaced upon every boot but I could just be mistaken. With that said once you nandroid you can pull it by adb shell mount -a then adb pull /data/wimax/Boot.bin all from right within recovery without booting back into Android.
redsolar said:
Also since nandroid is just a simple copy and I'd the keys are indeed preserved, I would think we can pull them from there.
Sent from my PC36100 using XDA App
Click to expand...
Click to collapse
Cordy said:
Does the Boot.bin actually store the keys? You are correct that once you restore a nandroid your working Boot.bin is replaced on boot of Android, in fact from what I saw it seemed it was replaced upon every boot but I could just be mistaken. With that said once you nandroid you can pull it by adb shell mount -a then adb pull /data/wimax/Boot.bin all from right within recovery without booting back into Android.
Click to expand...
Click to collapse
My thoughts exactly gentleman.
The only problem I forsee is that when you restore a nandroid backup, doesn't the phone reboot automatically afterwards? I think it does.
mpa4712 said:
My thoughts exactly gentleman.
The only problem I forsee is that when you restore a nandroid backup, doesn't the phone reboot automatically afterwards? I think it does.
Click to expand...
Click to collapse
ugh it shouldn't, not sure what recovery you're using but using toasts or Amon_Ra's recovery it just restores the nandroid and then you choose manually to reboot. In fact I've already pulled my Boot.bin from before I messed up my MAC this way already, I actually puled the whole wimax folder.
you can unyaff your data.img in your nandroid and dig thru watever you want.
david279 said:
you can unyaff your data.img in your nandroid and dig thru watever you want.
Click to expand...
Click to collapse
*grumble* going to compile it now....*grumble*
david279 said:
you can unyaff your data.img in your nandroid and dig thru watever you want.
Click to expand...
Click to collapse
lol or do that so much easier huh!
looking at my boot.bin from 6/20, I don't *think* the signature is in it. However, I will let Red confirm that since he knows exactly what to look for.
I've only dealt with rsa encryption using openssl, in a full screen terminal, not a tiny hex editor.
There are some fw files in the wimax directory that are worth a look too though.
mpa4712 said:
looking at my boot.bin from 6/20, I don't *think* the signature is in it. However, I will let Red confirm that since he knows exactly what to look for.
I've only dealt with rsa encryption using openssl, in a full screen terminal, not a tiny hex editor.
There are some fw files in the wimax directory that are worth a look too though.
Click to expand...
Click to collapse
That was the reason I asked, I as well as others have looked through the Boot.bin before. I also looked through all the firmware files. Interestingly there is a default firmware and that a manufacturer firmware I'm guessing one to fall back on the other. You're mac is in the Boot.bin as well as wimax_properties. If these files stored the keys great, but either way they'd have to be changed on the actual firmware.
Interestingly enough, my boot.bin from my broken wimax is about 10kb smaller than my boot.bin from my nandroid backup that had working wimax.
Clearly there is something in that file that the other one does not have. I do think the rsa keys need to be stored somewhere though. I really do not believe the phone does on the fly encryption/decryption with them from the wimax partition.
If they come in an actual file, red will be able to extract the wimax.img he made and look.
mpa4712 said:
Interestingly enough, my boot.bin from my broken wimax is about 10kb smaller than my boot.bin from my nandroid backup that had working wimax.
Clearly there is something in that file that the other one does not have. I do think the rsa keys need to be stored somewhere though. I really do not believe the phone does on the fly encryption/decryption with them from the wimax partition.
If they come in an actual file, red will be able to extract the wimax.img he made and look.
Click to expand...
Click to collapse
you know for something that obvious I never noticed that. I never ran a diff on them. I just scanned through it to see if there was anything that struck out as being different and I stopped when I saw the different MAC's
I just went through the two boot.bin files and I'm pretty sure the keys are not in there. However, there are plenty of files that get overwritten on every boot, so I'm going to go through all of them. A 1024bit key should stick like a sore thumb if it's in plain text..
How can I tell if my keys were effed up? I'm currently out of 4G coverage and will be for the next week or so, but I'd like to get it fixed.
I know it was broken because my MAC was changed, I've fixed everything, my boot.bin is the same as pre-screwup as is wimax_properties, everything appears to be working fine, but I can't tell without coverage.
I just wanna know if I messed my keys up too, but I'm not sure whether I did or not?
Geniusdog254 said:
How can I tell if my keys were effed up? I'm currently out of 4G coverage and will be for the next week or so, but I'd like to get it fixed.
I know it was broken because my MAC was changed, I've fixed everything, my boot.bin is the same as pre-screwup as is wimax_properties, everything appears to be working fine, but I can't tell without coverage.
I just wanna know if I messed my keys up too, but I'm not sure whether I did or not?
Click to expand...
Click to collapse
From what we know, if you ever had a messed up MAC then your keys are also gone.
I hope you enjoy this. These are pretty easy for me to make, so if you have a request... ... At any rate, "thank" me if you like it and use it. And if you screw anything up and your phone explodes, or breaks, or Smurfs attack from outer space, it's your fault. you have been warned!
How to flash:
1. Unzip the file so you have "splash1.img" and place this file in your "tools" folder of your SDK package.
2. Boot into your bootloader (fastboot mode)
3. From the command prompt: Change directories to your SDK "Tools" folder then type:
Code:
fastboot flash splash1 splash1.img
4. Reboot and enjoy
Got a preview pic by chance. Also check your pm's.
Preview pic should be up... I see it on my end?? It's HUGE. lol..
Anyone else not see the pic?
EDIT: Just checked the OP on a different PC, and pic WAS NOT showing up. This has now been corrected. ...
How do we revert to default, if desired?
smalis said:
How do we revert to default, if desired?
Click to expand...
Click to collapse
You will have to re-flash the default boot splash. Using the same method as mentioned.
Note: I will update the OP with the stock Boot splash as well, once I receive my phone.
OK, stupid question time (my specialty) I get into the Inspire bootloader OK, but then how do I call up or otherwise access "command prompt"? It's not like I have a menu button I can push, and command prompt doesn't seem to be one of the options displayed on the screen. I may be overlooking the obvious, and if so I apologize.
Ultra Droid said:
OK, stupid question time (my specialty) I get into the Inspire bootloader OK, but then how do I call up or otherwise access "command prompt"? It's not like I have a menu button I can push, and command prompt doesn't seem to be one of the options displayed on the screen. I may be overlooking the obvious, and if so I apologize.
Click to expand...
Click to collapse
What T.A.G. was referring to was using the command prompt in Windows. This would also be used in conjunction with having the Android SDK installed in Windows.
Wolf_2 said:
What T.A.G. was referring to was using the command prompt in Windows. This would also be used in conjunction with having the Android SDK installed in Windows.
Click to expand...
Click to collapse
OK, *now* I understand! Told you, dumb questions are my specialty!
Thanks much!
-Mike
The only dumb questions are those that are not asked.
Sent from my Inspire 4G using XDA Premium App.
tribalartgod-
Awesome job!
kimtyson said:
tribalartgod-
Awesome job!
Click to expand...
Click to collapse
Thanks. I've been slacking on a lot of stuff here lately. Bout to go full force on this stuff again soon. (Job and life away from Android takes priority.) Stay tuned.
can this be flashed through cwr?
stryfe2010 said:
can this be flashed through cwr?
Click to expand...
Click to collapse
I have not tried it. So as of right now, the official answer is NO. If you decide to try anyway, it's at your own risk. I'm not responsible if your phone becomes a pretty brick.
I have a WiFi only Xoom and it is unlocked/rooted.
I decided to use the hack on the stock browser which enables fulltime desktop mode. I downloaded the apk, renamed it to framework-res.apk and dropped in system/framework and overwrote the existing file. I dl the file from http://forum.androidcentral.com/xoom-rooting-roms-hacks/75616-full-browser.html
I've since discovered that had I read further into the thread, I would have known not to use the file on a WiFi Xoom.
The gist of my problem is I have managed to finally get the Xoom to boot to the homescreen but It's force close city. As soon as I force close one app, others come up (FC) too. The one FC that will not go away is Launcher. it will FC loop forever. The Google/Mic in the top left corner is missing but the bottom bar has the normal icons, but I can't use them because I am stuck in a FC loop. I also get stuck/locked up while rebooting using the power button and volume down and have to use the power/volume up to restart.
I'm wondering if I use the the same one click root file (with kernel) that I still have and root again if this may fix the issue?
Perhaps their may be an easier method if I am only missing the one (framework-res.apk) file I overwrote?
Any help would be most appreciated.
You wanted a new theme right?
http://forum.xda-developers.com/showthread.php?t=1015434
This theme has the framework you are looking for.
Or.. this is the original Wifi Xoom system dump. It may be in there. (I'm at work so i cant check myself)
http://forum.xda-developers.com/showthread.php?t=1011484
Just got home and read your post and do appreciate it.
I was going to begin but just discovered that my Xoom will no longer mount on my pc. Not sure what to do....
yooper said:
I have a WiFi only Xoom and it is unlocked/rooted.
I decided to use the hack on the stock browser which enables fulltime desktop mode. I downloaded the apk, renamed it to framework-res.apk and dropped in system/framework and overwrote the existing file. I dl the file from
I've since discovered that had I read further into the thread, I would have known not to use the file on a WiFi Xoom.
The gist of my problem is I have managed to finally get the Xoom to boot to the homescreen but It's force close city. As soon as I force close one app, others come up (FC) too. The one FC that will not go away is Launcher. it will FC loop forever. The Google/Mic in the top left corner is missing but the bottom bar has the normal icons, but I can't use them because I am stuck in a FC loop. I also get stuck/locked up while rebooting using the power button and volume down and have to use the power/volume up to restart.
I'm wondering if I use the the same one click root file (with kernel) that I still have and root again if this may fix the issue?
Perhaps their may be an easier method if I am only missing the one (framework-res.apk) file I overwrote?
Any help would be most appreciated.
Click to expand...
Click to collapse
I did the same thing my friend, twice in fact. Actually it was likely my post you are referencing above Second time around I still had USB debugging turned on so I didn't have to reload the images.
Do you have the original .apk backed up? If not, i'm attaching it. What I did to fix this was using the adb shell, I remounted the file system as rw and adb pushed the original .apk. You're good to go after that. Hope you have your USB Debugging still turned on
Hope this helps.
yooper said:
Just got home and read your post and do appreciate it.
I was going to begin but just discovered that my Xoom will no longer mount on my pc. Not sure what to do....
Click to expand...
Click to collapse
Are you stuck at the dual core screen? If so can you get into fastboot? You would have to flash the system and boot .img I believe. This is what I had to do when i bricked my wifi without having the USB Debugging turned on. Don't lose hope, you likely do not have a $600 paperweight on your hands.
joen1ce,
I cant thank you enough for your help and time as well as uploading the file for me. Thank you.
I do have dubugging turned on and can boot to the home screen. Actually I have gotten a bit further. I found that if I hit "ok" and force close and quickly continued to hit the time on the lower right corner, I could eventually get into the setting menu. Takes a lot of "tapping" to get it to work, but it did. I am able to get into the reset option but it simply wont work. I push the button and nothing happens. I even tried using bluetooth via my Fascinate and Xoom to see what I could do with the apk you uploaded within the xoom since I could get into the bluetooth downloads, but no worky.
Upon startup, I find that I can get into "Starting fastboot protocol support" as well as well as RSD - Fastboot and NvFlash. Although, I still cant get the Xoom to talk with the computer. I have a Mac with Windows installed and have neither will communicate with the Xoom.
I'm not overly savy with ADB and am not sure if I would know what to do with a boot.img nor where to put it let alone the commands needed to make it work with no communication between devices.
I do have SDK/ADB and the Fastboot (.exe) both on the Mac and Windows side.
I can do an exchange on the Xoom but would rather fix it myself and consider it a valuable learning experience, but I'm at my wit's end.
yooper said:
joen1ce,
I cant thank you enough for your help and time as well as uploading the file for me. Thank you.
I do have dubugging turned on and can boot to the home screen. Actually I have gotten a bit further. I found that if I hit "ok" and force close and quickly continued to hit the time on the lower right corner, I could eventually get into the setting menu. Takes a lot of "tapping" to get it to work, but it did. I am able to get into the reset option but it simply wont work. I push the button and nothing happens. I even tried using bluetooth via my Fascinate and Xoom to see what I could do with the apk you uploaded within the xoom since I could get into the bluetooth downloads, but no worky.
Upon startup, I find that I can get into "Starting fastboot protocol support" as well as well as RSD - Fastboot and NvFlash. Although, I still cant get the Xoom to talk with the computer. I have a Mac with Windows installed and have neither will communicate with the Xoom.
I'm not overly savy with ADB and am not sure if I would know what to do with a boot.img nor where to put it let alone the commands needed to make it work with no communication between devices.
I do have SDK/ADB and the Fastboot (.exe) both on the Mac and Windows side.
I can do an exchange on the Xoom but would rather fix it myself and consider it a valuable learning experience, but I'm at my wit's end.
Click to expand...
Click to collapse
Copy the apk file I uploaded to the directory where you have the adb files. Go to the command line and switch to that same directory.
Let the device reboot to the point where you get those damn force close messages.
at the command line type:
adb devices
you should see your device listed there. If so, do the following:
adb shell
mount
You should see all the mounts on your device listed. Copy the path for system you will need it for this next part. It may be exactly like mine. So next you will type in:
mount -o rw,remount /dev/block/platform/sdhci-tegra.3/by-name/system /system
the "/dev/block/platform/sdhci-tegra.3/by-name/system" above is the true path
to my /system mount. Use whatever the path yours is mounted to from the previous command.
Next hit ctrl + c to exit out of the shell and at the command line type this:
adb push framework-res.apk /system/framework/framework-res.apk
If the above was successful you should be able to reboot the device and be back in business.
You fixed it!!
joen1ce, I can't begin to thank you enough for your help Took me a couple tries as well as rebooting the Xoom for it to take but by god it worked!!!
I'm sure your post will help others out out in future too. As the WiFi Xoom becomes more popular, I'm sure this will happen again to more people looking to modify their Xoom stock browser to desktop mode.
I'm thinking their should be a sticky on bricking with possible fixes and your post should be noted for sure.
People like you really help make this site the cat's a**.
Thanks again,
Mark
yooper said:
joen1ce, I can't begin to thank you enough for your help Took me a couple tries as well as rebooting the Xoom for it to take but by god it worked!!!
I'm sure your post will help others out out in future too. As the WiFi Xoom becomes more popular, I'm sure this will happen again to more people looking to modify their Xoom stock browser to desktop mode.
I'm thinking their should be a sticky on bricking with possible fixes and your post should be noted for sure.
People like you really help make this site the cat's a**.
Thanks again,
Mark
Click to expand...
Click to collapse
No problem, glad I could help. I bricked my Xoom basically within an hour of buying it and I know how it feels, especially when trying to be moral and not return it! Had it about a week now and it's my first Android device so I'm new to these forums. But the helpfulness of the community is very impressive indeed.
Regards,
Joe
joen1ce said:
Are you stuck at the dual core screen? If so can you get into fastboot? You would have to flash the system and boot .img I believe. This is what I had to do when i bricked my wifi without having the USB Debugging turned on. Don't lose hope, you likely do not have a $600 paperweight on your hands.
Click to expand...
Click to collapse
joen1ce. Could you please help? I am stuck at the Dual Core Screen and cannot get my computer to recognize my device in adb. I am trying to return to stock 3.2.1.
Hi!
Is there a root available or in the works for the dual-screen NEC Medias W N-05E?
The question has been asked (no answer so far) at the end of a thread under the N-05D but that's a quite different model.
I'd like to create a separate thread for this model to give it more visibility. Hope that's ok!
Thanks in advance!
bohemianRhapsody said:
Hi!
Is there a root available or in the works for the dual-screen NEC Medias W N-05E?
The question has been asked (no answer so far) at the end of a thread under the N-05D but that's a quite different model.
I'd like to create a separate thread for this model to give it more visibility. Hope that's ok!
Thanks in advance!
Click to expand...
Click to collapse
OK! I've made some progress on this: the japanese blogger "dupondroid" appears to say that run_root_shell (hosted at github)
successfully gives temp root. At least, that's my necessarily blurry understanding via google translate. Would any japanese readers here be able to post a better translation?
And a thread at r-2ch dot com links to the github commit in run_root_shell which made that possible: it's commit ID 811be8639aed64c158798a72a1d520a4d21e8b8b "Support N-05E"
Code:
+ { "N-05E", "A1000311", 0xc0094430, 0xc0093ebc }
So it definitely seems temp root is possible.
Sorry for the lack of links but I'm a new user so can't add them for now.
root is easy
bohemianRhapsody said:
OK! I've made some progress on this: the japanese blogger "dupondroid" appears to say that run_root_shell (hosted at github)
successfully gives temp root. At least, that's my necessarily blurry understanding via google translate. Would any japanese readers here be able to post a better translation?
And a thread at r-2ch dot com links to the github commit in run_root_shell which made that possible: it's commit ID 811be8639aed64c158798a72a1d520a4d21e8b8b "Support N-05E"
Code:
+ { "N-05E", "A1000311", 0xc0094430, 0xc0093ebc }
So it definitely seems temp root is possible.
Sorry for the lack of links but I'm a new user so can't add them for now.
Click to expand...
Click to collapse
root is easy via a tool called impactor.
however it's only temporary, I couldn't get /system mounted for rw. so I made a new recovery image to push.
that didn't work either, although I cannot write to recovery there is no error. recoverybkp was successful.
Also I found that the code to enter in recovery mode is based on your imei.
If I remember correctly digit 2,12,13,14 of your imei.
So possible attack vectors are:
1) kernel module to unlock partitions
2) figure out how update.dat files are constructed.
3) write to recovery partition
it0 said:
root is easy via a tool called impactor.
however it's only temporary, I couldn't get /system mounted for rw. so I made a new recovery image to push.
that didn't work either, although I cannot write to recovery there is no error. recoverybkp was successful.
Also I found that the code to enter in recovery mode is based on your imei.
If I remember correctly digit 2,12,13,14 of your imei.
So possible attack vectors are:
1) kernel module to unlock partitions
2) figure out how update.dat files are constructed.
3) write to recovery partition
Click to expand...
Click to collapse
I can't seem to get anything to work i'v tried Impactor did not work just gave me errors also tried run_root_shell but had to have some device.db file with I didn't really figured out, could some one please help?
Lukas_a_1996 said:
I can't seem to get anything to work i'v tried Impactor did not work just gave me errors also tried run_root_shell but had to have some device.db file with I didn't really figured out, could some one please help?
Click to expand...
Click to collapse
I used impactor 0.9.14, you just hook up the phone using microusb and put the phone in usb debugging mode under development options. then selecct "# start telnetd as root on port 22" from the pulldown and click start.
Then using a tool like putty ,telnet to your phone on port 22 (make sure it's connected to you wifi network when you do).
What android version are you running ? 4.1.2 is vulnarable for this attack.
it0 said:
I used impactor 0.9.14, you just hook up the phone using microusb and put the phone in usb debugging mode under development options. then selecct "# start telnetd as root on port 22" from the pulldown and click start.
Then using a tool like putty ,telnet to your phone on port 22 (make sure it's connected to you wifi network when you do).
What android version are you running ? 4.1.2 is vulnarable for this attack.
Click to expand...
Click to collapse
Thanks for the reply . I tried to run the command in impactor but whatever i do i get "Signature bugs unavailable" could it be that i have the wrong ADB drivers installed or is my Impactor setup wrong?
Edit: yeah im running 4.1.2 Build A1001231
You could try if you can just get an adb connection working.
with commands like
adb devices
adb shell
If that works then the rest should work as well.
it0 said:
You could try if you can just get an adb connection working.
with commands like
adb devices
adb shell
If that works then the rest should work as well.
Click to expand...
Click to collapse
All the adb commands basically work but nothing works with impactor i just get error
it0 said:
You could try if you can just get an adb connection working.
with commands like
adb devices
adb shell
If that works then the rest should work as well.
Click to expand...
Click to collapse
Bump!
How to Root Medias N05e
Dear All Pro
Does anyone show me how to root N05e? because there is very few information about that. I want to Swapfile to increase Ram size but it required N05e must be rooted.
So if anyone have any information about N05e, please share. Thanks
nguyenbuulam said:
Dear All Pro
Does anyone show me how to root N05e? because there is very few information about that. I want to Swapfile to increase Ram size but it required N05e must be rooted.
So if anyone have any information about N05e, please share. Thanks
Click to expand...
Click to collapse
There is a way for temp root N05E, basically u can use pm disable command or other su stuff. But u cannot mount system rw right now.
Some news about rooting
If someone in doubt, temp root is 100% working with run_root_shell https://github.com/android-rooting-tools/android_run_root_shell
With this I was able to copy full system, boot and recovery image. But I can't push new boot or recovery.
More than that, almost all fuctions in standard recovery mode (available through "reboot recovery" in root shell) are protected with some code. And it's not 2,11,12,13 numbers of IMEI.
Anyone know where to get this code? Or how to write new boot, recovery image? If we do so, we can get permanent root access =)
Maybe someone have Japanese friends? Search all English web, but maybe in Japan web there are some info.
P.S. with Impactor you only can start talnetd from root, becouse Impactor can't remount /system in rw mode and ro.kernel.qemu=1 option is not working
How to enter recovery mode?
Despite starting this thread, in the end I never did bother to attempt rooting.
Anyway, unfortunately now the phone refuses to boot. Not triggered by anything obvious, haven't installed any new software recently, etc. Just hung one day and then when I removed and re-inserted the battery, it won't get any further than the "docomo" splash screen. I.e. the OS doesn't appear to be getting bootstrapped at all. The "docomo" splash screen appears and disappears then the phone sits there with both screens powered up but blank.
As it happens, I had ADB Debug enabled in the developer options at the time, so I've tried to see if I can adb shell into the device, but no luck. Not surprised as it's clearly not getting far enough into the boot for that to work.
Any other suggestions? From the way it happened I do suspect it might just be hardware failure....
Not even sure how I enter recovery mode -- what are the key combinations for this?
bohemianRhapsody said:
Despite starting this thread, in the end I never did bother to attempt rooting.
Any other suggestions? From the way it happened I do suspect it might just be hardware failure....
Not even sure how I enter recovery mode -- what are the key combinations for this?
Click to expand...
Click to collapse
In recovery mode, clear cache, etc..
To get there hold volume down and power at the same time,then you'll see the broken android then wait/ press vol down a couple of times to see the menu.
GRbit said:
Some news about rooting
If someone in doubt, temp root is 100% working with run_root_shell https://github.com/android-rooting-tools/android_run_root_shell
With this I was able to copy full system, boot and recovery image. But I can't push new boot or recovery.
More than that, almost all fuctions in standard recovery mode (available through "reboot recovery" in root shell) are protected with some code. And it's not 2,11,12,13 numbers of IMEI.
Anyone know where to get this code? Or how to write new boot, recovery image? If we do so, we can get permanent root access =)
Maybe someone have Japanese friends? Search all English web, but maybe in Japan web there are some info.
P.S. with Impactor you only can start talnetd from root, becouse Impactor can't remount /system in rw mode and ro.kernel.qemu=1 option is not working
Click to expand...
Click to collapse
did you ever figure out the recovery keys?
hamishhhhs said:
did you ever figure out the recovery keys?
Click to expand...
Click to collapse
No I didn't(
I'm actually sold this phone and lost interest in the topic.
GRbit said:
No I didn't(
I'm actually sold this phone and lost interest in the topic.
Click to expand...
Click to collapse
do you by chance still have the files you dumped?
Ive teamed with a friend in twitter to try and make a rom for this but I haven't gotten very far
hamishhhhs said:
do you by chance still have the files you dumped?
Ive teamed with a friend in twitter to try and make a rom for this but I haven't gotten very far
Click to expand...
Click to collapse
Sorry, but this was too long time ago. Nothing left
GRbit said:
Sorry, but this was too long time ago. Nothing left
Click to expand...
Click to collapse
how would j be able to get the files from my phone?
hamishhhhs said:
how would j be able to get the files from my phone?
Click to expand...
Click to collapse
I dunno man.
I've already described (in the first post you have quoted) what I achieved with this github repo https://github.com/android-rooting-tools/android_run_root_shell . That's all I've got.