Seems like it would be a good idea to get people in the habit of backing up absolutely everything before rooting, installing roms, etc. We could perhaps avoid problems with people overwriting their 4G keys or other unforeseen consequences.
Problem is, I don't know how to do it. Could someone please write a quick guide on how to backup everything (nand, ext, wimax, radio, etc.) and also how to restore it when something goes wrong?
gthing said:
Seems like it would be a good idea to get people in the habit of backing up absolutely everything before rooting, installing roms, etc. We could perhaps avoid problems with people overwriting their 4G keys or other unforeseen consequences.
Problem is, I don't know how to do it. Could someone please write a quick guide on how to backup everything (nand, ext, wimax, radio, etc.) and also how to restore it when something goes wrong?
Click to expand...
Click to collapse
1. Reboot into recovery (Clockwork/RA)
2. Select nandroid backup
3...
4. Profit
imaxreed said:
1. Reboot into recovery (Clockwork/RA)
2. Select nandroid backup
3...
4. Profit
Click to expand...
Click to collapse
A nandroid backup will backup the wimax partition? Pretty sure radio/wimax partitions are not included.
Doesn't that put the previous rom you had when backed up back on there so if you flash a new one then restore the new rom is gone and your back to where you were?
Sent from my PC36100 using XDA App
krizno said:
Doesn't that put the previous rom you had when backed up back on there so if you flash a new one then restore the new rom is gone and your back to where you were?
Click to expand...
Click to collapse
Yes, but some things, like the radios, are not included in the backup.
So you want to be able to back up the radio too i get you I guess you would just have to download the newest radio off here or find the download for the radio you have that works for you and save it to the root of sd and just flash it over when you need it just a suggestion
Sent from my PC36100 using XDA App
gthing said:
Seems like it would be a good idea to get people in the habit of backing up absolutely everything before rooting, installing roms, etc. We could perhaps avoid problems with people overwriting their 4G keys or other unforeseen consequences.
Problem is, I don't know how to do it. Could someone please write a quick guide on how to backup everything (nand, ext, wimax, radio, etc.) and also how to restore it when something goes wrong?
Click to expand...
Click to collapse
Scratch what I had.
I guess nandroid doesn't backup radio and wimax.
My guide I wrote doesn't get this far in depth, but covers boot partition pretty well.
+1 on this request.
I'm not doing any radio changes until I can back up the originals first. (Hence my low post count.)
I found this from the broken 4G thread:
redsolar said:
Broken EVO backup
Backup your existing wimax partition on your broken EVO. We may need it some day.
Open command line window (cmd)
Make sure you have no PC36IMG.zip files in the root of your SD Card, or it will take a while to power your phone up
Power down your phone
Power it up while holding down the Volume Down key
HBOOT will attempt to scan for PC36IMG files. Let's hope you read carefully and don't have it on your SD Card root
Once HBOOT fails to find the file, use Vol Up/Down buttons to go into Fastboot mode
Connect the USB cable to your phone (and PC). You may have to install the USB drivers that come with Android SDK, but chances are if you are looking for this solution, you already have them installed and working
The FASTBOOT mode will switch to FASTBOOT USB (that's good)
Test your fastboot by typing "fastboot oem h" in command window you opened earlier (note, no adb, or adb shell anywhere, the command is "fastboot oem h". From here on all fastboot commands are issued in that window
If you see less than ~40 lines of output, you don't have a propertly rooted phone, and you need to do step 1 and step 2 (see above)
Dump your wimax data by issuing "fastboot oem saveprt2sd wimax -n wimax.bin" command (varies, anywhere between 7 to 8.5 MB, mine was 7MB)
Dump complete partition (~12MB) by issuing "fastboot oem saveprt2sd wimax -n wimax.bin -a" command
Reboot your phone
Pull the data files you dumped to a safe place ("adb pull /sdcard/WIMAX.BIN" and "adb pull /sdcard/WIMAXRAW.BIN"). Note the capitalization, it's important
SNIP
Click to expand...
Click to collapse
Edit:
Haven't tried this yet, but it would backup wimax. How do we back up radio?
krizno said:
So you want to be able to back up the radio too i get you I guess you would just have to download the newest radio off here or find the download for the radio you have that works for you and save it to the root of sd and just flash it over when you need it just a suggestion
Sent from my PC36100 using XDA App
Click to expand...
Click to collapse
The reason you would want your own backup is because it could contain wimax keys, etc. If everyone had backed up we wouldn't have tons of people running around with bricked 4G radios now. Some things you can't fix with a generic download - you need a backup.
nefas110 said:
+1 on this request.
I'm not doing any radio changes until I can back up the originals first. (Hence my low post count.)
I found this from the broken 4G thread:
Edit:
Haven't tried this yet, but it would backup wimax. How do we back up radio?
Click to expand...
Click to collapse
why do you need to backup the radio? there's a list of radio and wimax in the development section, you can always download those file and save it onto your computer or your sdcard if you ever need to use them again.
the PC36IMG.zip itself contain the wimax and the radio in it. i've downgrade from 1.47...OTA update with the new radio and wimax, and it downgraded just fine along with the radio and wimax.
if you wanna backup your wimax, try this.
in a shell,
Code:
cat /proc/mtd
you should get a list from mtd0 through mtd7. wimax should show up as mtd0.
to back up the wimax img to your sdcard,
Code:
cat /dev/mtd/mtd0 > /sdcard/mtd0.img
that should back up your wimax image to your sdcard. i'm now sure if you could flash that like you flash a radio through your recovery(i wouldn't try it) but if you wanna revert you could probably do something like
Code:
cat /sdcard/mtd0.img > /dev/mtd/mtd0
another method may be to use fastboot. i'm not sure if you can do this or not, and i can't verify it since i'm not at home, but maybe do something like
Code:
fastboot flash wimax /sdcard/mtd0.img
might work. but if you try this and something breaks... it's not my fault.
campchi said:
why do you need to backup the radio? there's a list of radio and wimax in the development section, you can always download those file and save it onto your computer or your sdcard if you ever need to use them again.
the PC36IMG.zip itself contain the wimax and the radio in it. i've downgrade from 1.47...OTA update with the new radio and wimax, and it downgraded just fine along with the radio and wimax.
Click to expand...
Click to collapse
Those don't include the unique encryption key embedded on each phone. It's too bad none of the backup solutions out there do a complete backup.
campchi said:
why do you need to backup the radio? there's a list of radio and wimax in the development section, you can always download those file and save it onto your computer or your sdcard if you ever need to use them again.
the PC36IMG.zip itself contain the wimax and the radio in it. i've downgrade from 1.47...OTA update with the new radio and wimax, and it downgraded just fine along with the radio and wimax.
Click to expand...
Click to collapse
Read that thread by redsolar: [TUTORIAL] Proof of concept solution on fixing badly broken 4G after bad MAC, etc
To summarize, each Evo comes equipped with security keys for wimax that are SPECIFIC TO THAT ONE DEVICE. If you loose those keys, there is no way to revive your bricked 4G at this time. You can lose the keys if you flash a bad image (this is what happened to people) or you can have a bad flash (can happen at random). Now do you want to backup your wimax?
As for the rest of the radio, how can we be certain a generic image will restore the device? The only way to be sure is to make a backup of that image too.
I read that nandroid used to backup the radio. That feature should be brought back as an option. Does anyone know who runs nandroid now? I would like to write to the suggestion box.
justinisyoung said:
if you wanna backup your wimax, try this.
in a shell,
Code:
cat /proc/mtd
you should get a list from mtd0 through mtd7. wimax should show up as mtd0.
to back up the wimax img to your sdcard,
Code:
cat /dev/mtd/mtd0 > /sdcard/mtd0.img
Click to expand...
Click to collapse
Thanks, this part works. I used a hexeditor to at least find and copy my encryption keys. (Search for BEGIN RSA PRIVATE KEY).
justinisyoung said:
if you wanna backup your wimax, try this.
in a shell,
Code:
cat /proc/mtd
you should get a list from mtd0 through mtd7. wimax should show up as mtd0.
to back up the wimax img to your sdcard,
Code:
cat /dev/mtd/mtd0 > /sdcard/mtd0.img
that should back up your wimax image to your sdcard. i'm now sure if you could flash that like you flash a radio through your recovery(i wouldn't try it) but if you wanna revert you could probably do something like
Code:
cat /sdcard/mtd0.img > /dev/mtd/mtd0
another method may be to use fastboot. i'm not sure if you can do this or not, and i can't verify it since i'm not at home, but maybe do something like
Code:
fastboot flash wimax /sdcard/mtd0.img
might work. but if you try this and something breaks... it's not my fault.
Click to expand...
Click to collapse
While this does work for a sheer purpose of extracting wimax key and certificate, the resulting file is not binary safe. cat appears to do some codepage interpretation, so the resulting file is not consistent between phones, even when firmware is mostly identical, and the differences are just MAC address and RSA key/SSL certificate.
So far, the only safe (and restorable) way to do a backup is described here. I verified, and backing up/rewriting image this way does work, and works correctly.
Related
I have been messing around with a G1 I have had on loan for a little bit and just bought the Google Magic / Ion from ebay the one release from dev convention but anyway I want to start messing around with that one for a little and was wondering how I would be able to pull the current build from it and turn into a update.zip or img that i would be able to flash back and will also post online to try other builds and so forth. This one seems like is speical for that phone as has a custom boot screen and so forth not really sure about the rest of features or anything. and also already being fully unlocked is nice if I want to stay with T-Mo or bounce ship but also to get a start on software dev. Any help on how to pull the build and package in an update file would be very helpfull and like I said if it can be done and you guys want I will post it online too.
YES i would like to know too how to create the update.zip from a nand backup. thanx
I think after doing more research I should be able in theory to follow haykuros guide and obtain root and pull the files with adb but that would be like a rooted backup then I guess. I think that should work. But was wondering about just like a stock backup of possible.
I think it is impossible to make a non-root backup from what I have seen, as the backup process itself is only made possible by having root access.
The reason why it was not possible is that, if you are able to backup the whole thing, you may be able to crack the apps downloaded from app market (considering that they are java programs, and consider how -easy- to crack java programs).
On further tests without doing mods to phone it is capable of fast boot I know I can pull system and data imgs for different aspects would it be possible to pull recovery and maybe or how I might be able to turn that to a nbh
Well I was able to find recovery files from htc at the following address:
http://www.htc.com/www/support/android/google-io-device.html
But I am pretty sure that this does not include the spl. Is there a way I can pull it from the phone.
This also may be moot as I was looking thru the rooting files. Does not look like the bootloader is replaced at all but yeh if anyone can say how to backup I will post for all as well.
I do not know if I understood what you all want
but you dont need to make a update.zip from your nand backup
just put the files of your nandroid backup - the img files - into your tools folder of the android sdk
open your windows cmd
change to the tools folder of your android sdk
start your phone in fastboot (the one with the skaterboards)
connect your phone to the pc
and enter the following commands
fastboot erase system -w
fastboot erase boot
fastboot flash system system.img
fastboot flash userdata data.img
fastboot flash boot boot.img
fastboot reboot
with this you will put the files from your nandbackup on your phone and everything is restored
Yeh I have nandroid backups of my g1 muliple times and was never really worried about it. This great community has had 3 different versions of the SPL on the pages. I was looking to try and make a full nbh file of it like for rc29 on dream or a way to pull the bootloader as well. All other default images, radio, system , data, is pulled with adb and then also can be downloaded from htc but do not include spl at all. Not sure if rooting it will change the spl but would like to pull anyway to see what can tweak on it.
Ok, so this is my first Informative thread..so bear with me.
Im a VERY regular hero flasher, and to me, it always seems frustrating to do the whole routine of
Backup>Wipe>Format>Flash>Setup Process>Restore Backup.
especially after you get used to a Rom and you have some stuff that cant be backed up.
Well, i came up with a solution-type thing.
Some people might have tried it out..not sure.
You need:
Nandroid
Android SDK ---> Get it Here
First, do a nandroid backup..(you need it for this to work)
type this into adb
adb shell
echo /dev/block/mmcblk0 > /sys/devices/platform/usb_mass_storage/lun0/file ---->to mount SD in recovery..(or you could just reboot and mount or use an SD reader..whatever)
go to the nandroid folder, and recover the data.img file from your most recent backup. copy it somewhere on your computer.
Start up adb and type
adb shell
rm -r /system/sd/app_s
rm -r /system/sd/app-private -->to prevent bootloops
then wipe, and flash new Rom.
reboot and let the device go into setup process, then power off.
boot device into fastboot mode by holding the camera button + Power button.
open cmd, and cd to your android sdk directory. (or however you do it in linux)
now, type in
fastboot flash userdata <chosen path>/data.img
fastboot reboot
Thats it..all done. Now you have all your stuff from previous hero..and dont have to re-enter loadz of information...and also the benefit of having new stuff like "secret optimized apk's" and what-not.
if you have problem with touch-flo force-closing, go to
settings>applications>manage applications.
choose touch flo
choose clear data.
you should have ahome or some other type of home rplacement program because it seems touchflo DEFINATELy force-closes. and you'll need other home replacement to go into settings.
Or you could just assign a shortcut to settings by going to settings>applications>quick launch selecting what u like.
Hey, I really like the idea behind this approach, but being not as savvy as I'd like, lemme ask this:
Could I achieve the same thing by:
1. performing a nandroid backup.
2. Go thru all the steps to flash a new Hero rom.
3. perform another nandroid backup.
4. copy the data file from the first backup to the appropriate location in the new backup, replacing the newer data file with the old.
5. Perform a nandroid restore with the the newly modified backup file. Et voila!
Or not? If not, would someone mind explaining to me the difference in as layman's terms as possible. A clear explanation could likely go a long way towards teaching me alot about many things that I'm not quite clear on.
Thanks!
would this work with a non-Hero ROM? Or going from a Hero back to a cupcake (or whatever it's called?!)
Thanks!
kjdiehl said:
Hey, I really like the idea behind this approach, but being not as savvy as I'd like, lemme ask this:
Could I achieve the same thing by:
1. performing a nandroid backup.
2. Go thru all the steps to flash a new Hero rom.
3. perform another nandroid backup.
4. copy the data file from the first backup to the appropriate location in the new backup, replacing the newer data file with the old.
5. Perform a nandroid restore with the the newly modified backup file. Et voila!
Or not? If not, would someone mind explaining to me the difference in as layman's terms as possible. A clear explanation could likely go a long way towards teaching me alot about many things that I'm not quite clear on.
Thanks!
Click to expand...
Click to collapse
Yeah, that would work, because it's the same thing but rather than just flashing data.img with fastboot, you're reflashing data + everything from your current setup. If that makes sense. You could just use fastboot...
sorry double post..
jomtones said:
would this work with a non-Hero ROM? Or going from a Hero back to a cupcake (or whatever it's called?!)
Thanks!
Click to expand...
Click to collapse
Dont think so, dont think there is a data partition in google based ROMs, all your apps are in the system partition. I'm not entirely sure about that, but I expect you'll get a bootloop.
kjdiehl said:
Hey, I really like the idea behind this approach, but being not as savvy as I'd like, lemme ask this:
Could I achieve the same thing by:
1. performing a nandroid backup.
2. Go thru all the steps to flash a new Hero rom.
3. perform another nandroid backup.
4. copy the data file from the first backup to the appropriate location in the new backup, replacing the newer data file with the old.
5. Perform a nandroid restore with the the newly modified backup file. Et voila!
Or not? If not, would someone mind explaining to me the difference in as layman's terms as possible. A clear explanation could likely go a long way towards teaching me alot about many things that I'm not quite clear on.
Thanks!
Click to expand...
Click to collapse
yes, that should work. sems abit more straight forward...especially for those who dont use adb
kjdiehl said:
Hey, I really like the idea behind this approach, but being not as savvy as I'd like, lemme ask this:
Could I achieve the same thing by:
1. performing a nandroid backup.
2. Go thru all the steps to flash a new Hero rom.
3. perform another nandroid backup.
4. copy the data file from the first backup to the appropriate location in the new backup, replacing the newer data file with the old.
5. Perform a nandroid restore with the the newly modified backup file. Et voila!
Or not? If not, would someone mind explaining to me the difference in as layman's terms as possible. A clear explanation could likely go a long way towards teaching me alot about many things that I'm not quite clear on.
Thanks!
Click to expand...
Click to collapse
Dude that's perfect! I like your style of thinkin!
kjdiehl said:
Hey, I really like the idea behind this approach, but being not as savvy as I'd like, lemme ask this:
Could I achieve the same thing by:
1. performing a nandroid backup.
2. Go thru all the steps to flash a new Hero rom.
3. perform another nandroid backup.
4. copy the data file from the first backup to the appropriate location in the new backup, replacing the newer data file with the old.
5. Perform a nandroid restore with the the newly modified backup file. Et voila!
Or not? If not, would someone mind explaining to me the difference in as layman's terms as possible. A clear explanation could likely go a long way towards teaching me alot about many things that I'm not quite clear on.
Thanks!
Click to expand...
Click to collapse
Sounds kinda round-about to me... You'd have to make a nandroid... flash... then nandroid again... those nandroid backup/restores take much longer than flashing a simple userdata from fastboot. Using fastboot, you could flash it in what... a minute vs another 7-8minutes, but I guess its alright for those terrified of a command prompt...
EDIT: Forgot. Instead of doing the long echo command to mount your sdcard in recovery, you can just type:
Code:
adb shell ums_enable
to start the service and
Code:
adb shell ums_disable
to unmount it from your computer
Thanks for the responses, folks. It's much appreciated.
Yeah, I'm still getting the hang of adb. I don't typically mess around in Terminal, (I'm on a Mac,) so I'm not used to it or the lingo. That doesn't stop me from trying very clear directions, and I do learn a little bit, but the drag-n-drop world makes more sense to me, at least for now.
For instance, when given instructions like this:
"open cmd, and cd to your android sdk directory. (or however you do it in linux)
now, type in
fastboot flash userdata <chosen path>/data.img
fastboot reboot"
I THINK I understand most of it, but I don't know what "cmd" or "cd" means or if it's a typo or what. Also, I think most instructions don't make it clear after what lines I should hit enter and what not. I know that stuff is old hat to most of you guys, but I'm still trying to get the hang of it.
Anyway, thanks for the help!
Drizzy NewVision
Does this work for Drizzy's NewVision? Does it back up the ext3 partition so you dont have to wipe it and get rid of all your apps??
Before we begin. This solution is for people who have tried everything multiple times, and failed. If you haven't read and have not tried the following solutions yet, please do so first:
How to start over: From original stock to rooted latest OTA (WiMAX working!)
[GUIDE] Bad WiMax MAC? Broken 4G after update? Fix HERE!
The guide below is ONLY for people who did not have success with above methods (i.e. they are really really hosed). And there are limitations for now, until everything is confirmed and tested. The most important part you need access to a second, healthy and rooted EVO. As of yet, this is the only way to guarantee that one binary dump is not used a million times, negating the effect.
Please read the whole guide before starting the process, so that you know the risks, limitations, and potential issues with all this.
I am going to sign off for a few hours, and go enjoy my life for a brief time, before returning to answer any questions that may arise.
Ok, so for now, this is more of a proof of concept solution, since I understand not everyone has more than one EVO to do what I did.
My idea about partitions was correct, so without further ado, here is how to restore a botched wimax.
What you need.
2 Fully rooted EVOs (step 1 and step 2), one with working 4G (any version of all firmware on either, all we care for is working WiMax)
System which can do fastboot commands. That means you will have to have Android SDK installed. I also add path to /tools folder into my system PATH, so I don't have to type out the full path to adb or fastboot every time
Custom recovery. I use clockwork for this, since I am not sure all the files are signed, as required by Amon RA's recovery
Broken EVO backup
Backup your existing wimax partition on your broken EVO. We may need it some day.
Open command line window (cmd)
Make sure you have no PC36IMG.zip files in the root of your SD Card, or it will take a while to power your phone up
Power down your phone
Power it up while holding down the Volume Down key
HBOOT will attempt to scan for PC36IMG files. Let's hope you read carefully and don't have it on your SD Card root
Once HBOOT fails to find the file, use Vol Up/Down buttons to go into Fastboot mode
Connect the USB cable to your phone (and PC). You may have to install the USB drivers that come with Android SDK, but chances are if you are looking for this solution, you already have them installed and working
The FASTBOOT mode will switch to FASTBOOT USB (that's good)
Test your fastboot by typing "fastboot oem h" in command window you opened earlier (note, no adb, or adb shell anywhere, the command is "fastboot oem h". From here on all fastboot commands are issued in that window
If you see less than ~40 lines of output, you don't have a propertly rooted phone, and you need to do step 1 and step 2 (see above)
Dump your wimax data by issuing "fastboot oem saveprt2sd wimax -n wimax.bin" command (varies, anywhere between 7 to 8.5 MB, mine was 7MB)
Dump complete partition (~12MB) by issuing "fastboot oem saveprt2sd wimax -n wimax.bin -a" command
Reboot your phone
Pull the data files you dumped to a safe place ("adb pull /sdcard/WIMAX.BIN" and "adb pull /sdcard/WIMAXRAW.BIN"). Note the capitalization, it's important
We are done with your "bricked" phone.
Getting correct wimax image from a working phone
Now, repeat the same steps for your working phone (steps 1-14)
Pull the files to a different (safer) place, and cherish them like they are the only thing you care about in this world (which you do, right?)
Make a copy of your WIMAX.BIN file from the working phone (do NOT edit the actual file, just in case something breaks with your working phone at any time)
Use hex editor to update the working file in 2 places, and change the MAC address (which should be your working evo MAC - 1) to your broken evo MAC - 1 (remember, A becomes 9, F becomes E, etc). It's a big file, so search for "00:18" to find the 2 places. There will be exactly 2, not 3+ and not 1.
Rename the file you just edited to "wimax_25641R01.img"
Fixing your bricked phone
Push it to your sd card root: "adb push wimax_25641R01.img /sdcard"
Push the attached zip file to sdcard root: "adb push new_wimax.zip /sdcard"
Reboot your bricked phone into recovery
Flash new_wimax.zip. This will force write wimax_25641R01.img you pushed earlier, including the certificates in it
Reboot from recovery, let it finish, and boot up into Android
If not running the latest evo WiMax firmware yet, use the second attached zip to do so
Reboot your phone. Allow everything to complete and boot into Android
If needed, update PRL/Profile (I didn't need to, but I already updated it 50 times by now, so YMMV)
Now, I can not attach any of my dumps yet, before I test and make sure whether both phones can stay online on 4G without interruption, I will do some more testing later, since the Encryption keys are different (between 2 working evos I dumped binaries from). I still have 1 more phone to check when I get home. So if you have another evo (friend, family, etc) - you can do that already.
Otherwise, be patient, more testing is needed to make sure we are not going to steal anything from your friend, family, etc, since encryption keys are unique.
But the above solution works for completely restoring your 4G into working state.
I am currently running latest rooted OTA update, too, so it definitely works fine on latest and greatest.
Red,
Have you actually seen the encryption keys in plain text? How many bits are they?
Also, when you restored the wimax part from the working phone to your non-wimax-working phone, did you keep the MAC the same between the two phones?
Red,
Now that you have 4g fixed, can you take a look at your *.tree.xml files? Look at the ones from when 4g was broke, and then look after. Everything from boot.bin gets written into that file, and I'm hoping the signature does as well. If so, we may be able to pull it out of an old xml file and somehow work it back into the wimax.img.
Thanks
EDIT: On second thought, I do recall there being a way to flash the signature via fastboot..
MAC addresses were kept different, exactly what they are on a label behind the battery. For each phone. Hence, the editing step for the wimax partition dump.
Tree.xml does not contain any signatures, I verified this some time ago before I even started playing with the wimax partition by taking one from a working evo.
The keys are in plain text, simple RSA keys, judging by the size looks like 1024 bit. both public and private key are stored. Who knows, maybe just faking one will do it but I am guessing they are signed by some sort of CA otherwise it would be too insecure of Sprint.
So if we had a Nandroid backup from when Wimax was working, the boot.bin in that backup would have the key in it right?
Let's pretend it does, it would get written over when you powered on the phone after flashing. What if we didn't reboot after the restore and went back to recovery? We would then be able to get the boot.bin via adb and get our respective signatures. If they are indeed 1024bit, I don't see us being able to regenerate them anytime soon.
This may be worth a shot. I am not sure boot.bin has the signatures, but I will check later tonight. If it does, I am guessing we should be able to just do a drop in replacement of signatures in the image file and it should work.
Sent from my PC36100 using XDA App
Also since nandroid is just a simple copy and I'd the keys are indeed preserved, I would think we can pull them from there.
Sent from my PC36100 using XDA App
mpa4712 said:
So if we had a Nandroid backup from when Wimax was working, the boot.bin in that backup would have the key in it right?
Let's pretend it does, it would get written over when you powered on the phone after flashing. What if we didn't reboot after the restore and went back to recovery? We would then be able to get the boot.bin via adb and get our respective signatures. If they are indeed 1024bit, I don't see us being able to regenerate them anytime soon.
Click to expand...
Click to collapse
Does the Boot.bin actually store the keys? You are correct that once you restore a nandroid your working Boot.bin is replaced on boot of Android, in fact from what I saw it seemed it was replaced upon every boot but I could just be mistaken. With that said once you nandroid you can pull it by adb shell mount -a then adb pull /data/wimax/Boot.bin all from right within recovery without booting back into Android.
redsolar said:
Also since nandroid is just a simple copy and I'd the keys are indeed preserved, I would think we can pull them from there.
Sent from my PC36100 using XDA App
Click to expand...
Click to collapse
Cordy said:
Does the Boot.bin actually store the keys? You are correct that once you restore a nandroid your working Boot.bin is replaced on boot of Android, in fact from what I saw it seemed it was replaced upon every boot but I could just be mistaken. With that said once you nandroid you can pull it by adb shell mount -a then adb pull /data/wimax/Boot.bin all from right within recovery without booting back into Android.
Click to expand...
Click to collapse
My thoughts exactly gentleman.
The only problem I forsee is that when you restore a nandroid backup, doesn't the phone reboot automatically afterwards? I think it does.
mpa4712 said:
My thoughts exactly gentleman.
The only problem I forsee is that when you restore a nandroid backup, doesn't the phone reboot automatically afterwards? I think it does.
Click to expand...
Click to collapse
ugh it shouldn't, not sure what recovery you're using but using toasts or Amon_Ra's recovery it just restores the nandroid and then you choose manually to reboot. In fact I've already pulled my Boot.bin from before I messed up my MAC this way already, I actually puled the whole wimax folder.
you can unyaff your data.img in your nandroid and dig thru watever you want.
david279 said:
you can unyaff your data.img in your nandroid and dig thru watever you want.
Click to expand...
Click to collapse
*grumble* going to compile it now....*grumble*
david279 said:
you can unyaff your data.img in your nandroid and dig thru watever you want.
Click to expand...
Click to collapse
lol or do that so much easier huh!
looking at my boot.bin from 6/20, I don't *think* the signature is in it. However, I will let Red confirm that since he knows exactly what to look for.
I've only dealt with rsa encryption using openssl, in a full screen terminal, not a tiny hex editor.
There are some fw files in the wimax directory that are worth a look too though.
mpa4712 said:
looking at my boot.bin from 6/20, I don't *think* the signature is in it. However, I will let Red confirm that since he knows exactly what to look for.
I've only dealt with rsa encryption using openssl, in a full screen terminal, not a tiny hex editor.
There are some fw files in the wimax directory that are worth a look too though.
Click to expand...
Click to collapse
That was the reason I asked, I as well as others have looked through the Boot.bin before. I also looked through all the firmware files. Interestingly there is a default firmware and that a manufacturer firmware I'm guessing one to fall back on the other. You're mac is in the Boot.bin as well as wimax_properties. If these files stored the keys great, but either way they'd have to be changed on the actual firmware.
Interestingly enough, my boot.bin from my broken wimax is about 10kb smaller than my boot.bin from my nandroid backup that had working wimax.
Clearly there is something in that file that the other one does not have. I do think the rsa keys need to be stored somewhere though. I really do not believe the phone does on the fly encryption/decryption with them from the wimax partition.
If they come in an actual file, red will be able to extract the wimax.img he made and look.
mpa4712 said:
Interestingly enough, my boot.bin from my broken wimax is about 10kb smaller than my boot.bin from my nandroid backup that had working wimax.
Clearly there is something in that file that the other one does not have. I do think the rsa keys need to be stored somewhere though. I really do not believe the phone does on the fly encryption/decryption with them from the wimax partition.
If they come in an actual file, red will be able to extract the wimax.img he made and look.
Click to expand...
Click to collapse
you know for something that obvious I never noticed that. I never ran a diff on them. I just scanned through it to see if there was anything that struck out as being different and I stopped when I saw the different MAC's
I just went through the two boot.bin files and I'm pretty sure the keys are not in there. However, there are plenty of files that get overwritten on every boot, so I'm going to go through all of them. A 1024bit key should stick like a sore thumb if it's in plain text..
How can I tell if my keys were effed up? I'm currently out of 4G coverage and will be for the next week or so, but I'd like to get it fixed.
I know it was broken because my MAC was changed, I've fixed everything, my boot.bin is the same as pre-screwup as is wimax_properties, everything appears to be working fine, but I can't tell without coverage.
I just wanna know if I messed my keys up too, but I'm not sure whether I did or not?
Geniusdog254 said:
How can I tell if my keys were effed up? I'm currently out of 4G coverage and will be for the next week or so, but I'd like to get it fixed.
I know it was broken because my MAC was changed, I've fixed everything, my boot.bin is the same as pre-screwup as is wimax_properties, everything appears to be working fine, but I can't tell without coverage.
I just wanna know if I messed my keys up too, but I'm not sure whether I did or not?
Click to expand...
Click to collapse
From what we know, if you ever had a messed up MAC then your keys are also gone.
- Quick Flash Package: Radio_12.62.60.27_26.13.04.19_M - HTC 3.06.405.1
http://forum.xda-developers.com/showthread.php?t=877295&highlight=radio+thread
Trying to install the above for use with BinDroid. When Im bootloader mode and when its trying to write the radio it says it could't do it. What can I do?
I used the advanced hack toolkit, does this even do RADIO-OFF?
Thanks
mcvigo said:
- Quick Flash Package: Radio_12.62.60.27_26.13.04.19_M - HTC 3.06.405.1
http://forum.xda-developers.com/showthread.php?t=877295&highlight=radio+thread
Trying to install the above for use with BinDroid. When Im bootloader mode and when its trying to write the radio it says it could't do it. What can I do?
I used the advanced hack toolkit, does this even do RADIO-OFF?
Thanks
Click to expand...
Click to collapse
You must rename the downloaded file exactly "PD98IMG.zip". Once you do that, place on the root of your SD card (i.e. put it on the sd card). Once there, boot into bootloader and it should find the file and flash the radio. I cannot stress enough 2 things. You MUST name the file exactly "PD98IMG.zip" or it will not recognize the file. Also, if you have hide extension preference on, you may not need to add the .zip part to the end of the file. If you do add the .zip and it doesn't recognize in hboot, and you have named it exactly "PD98IMG.zip" then delete the .zip part and try again. Secondly, check the md5 number to be sure you didn't download a corrupt file. More times then not its fine but I cannot stress enough that only bad things can happen if you flash a corrupt radio. Lastly, search search search! there are numerous threads, especially in the dev section (1st thread) that details how to flash radios. Below I've added the link, while the radio that you're about to flash is on the DHD forum, the method to flash is still the same in the provided link below. If this has helped you, know where the thanks button is
FOLLOW THESE INSTRUCTIONS!
Edit: Uhm, not sure what you mean by does this do radio off? If you ran the hack kit and you have successfully installed Bindroid, you should be rooted with S-Off, enabling you to flash the radio with the above mentioned method..in bootloader it should say S-off, again though if you have flashed bindroid, you are rooted successfully I would think..
I did what you told me and its not working for some reason. What could this be? Says something like Wrong Image.
Tried flashing Radio with the toolkit too, it goes through the process but radio is the same.... So frustrating.
Stop. You can't just take any file and rename it to PD98IMG and it will magically work. There needs to be a script included to actually run it correctly. Now if you hold on for a while, I made a PD98IMG file for this radio a while ago for someone else. Let me look for it and I will post back.
The hack kit gives you S-OFF. That's all you need to flash a radio PD99IMG file. Also, please post if you have the Inspire or the DHD. Just curious.
thanks, I will wait. What I did was put the file in root, do a restart into bootloader, select hboot then started running saying wrong P98IMG.zip. Tried 3 different methods and no go. I have an inspire 4g from ATT and has the gingerbread stock radio on it. I want a new radio due to horrible battery life. I noticed that it gives me 3.9v instead of 4.2, is this a problem?
Before I post the file, please make sure you delete any other PD98IMG zip files that are on your sd card.
Yeah I know, also what method should I use with your file?
It seems it was the RADIO i was looking the problem. I put in this one,
Radio w/RCDATA: 12.59.60.26P_26.11.04.21_M
MD5 Sum: 57cccef401c372c6d421c986ee42e0fe and flashing worked perfectly. Guess Ill try this one for a while.
Boot into Hboot. You can do this by these methods. First go into your menu settings and it is usually under Power. Make sure the option for Fasboot is unchecked. After this power phone off. After phone is powered off, hold down the volume down key and keep pressing it. While still pressing volume down key press power buttonfor a second or two. You can let go of the volume button as soon as the white Hboot screen shows up. The phone will scan for files and find the PD98IMG file. It will then ask you if you want to update. Press the correct volume key to accept. DO NOT POWER OFF THE PHONE DURING THE UPDATE. It should take less than a minute. Once it is done, press power to reboot. After phone is running, make sure you delete PD98IMG file off of sd card. It will save you a headache if you ever need to go back into Hboot. Link is posted. Before you transfer to sd card, rename the file to exactly "PD98IMG", without the quotes. Just delete the underscore and the ending I added.
http://www.mediafire.com/?rysi497mkxmrh9g
---------- Post added at 10:58 PM ---------- Previous post was at 10:53 PM ----------
If you flash a radio file then make sure you flash the matching RIL file in recovery, not Hboot. In recovery options, go to mounts, mount system, then go back and select the RIL zip file to flash.
thanks alot, will try with the one you posted now. I was able to flash with another radio so it was that one specifically that was bad or w.e.
If you are going to use the ATT 421 radio you just posted, then flash the RIL file in recovery like I described. Flash the matching RIL file in recovery, not Hboot. In recovery options, go to mounts, mount system, then go back and select the RIL zip file to flash. I am posting the RIL for the radio you just listed and for the one I posted, which will end in 4.19.
I am also including a program created by ZikyHD. Install it on your phone. It is an easy way to check and see what radio and RIL you have installed.
ahhh! my apologies!! I thought he pulled the radio file from the same page I did (not the case) holy crap what a bonehead move by me! Wolf good man! I'm using BinDroid too and flashed the recommended radio recently and pulled the file from a different page...glad Wolf got you straightened out..I should have just posted the PD98IMG I had, glad wolf is on his game better then I am. Assumptions are really killing me lately!
It happens, but be careful when messing around with radio files because you can brick your phone if it messes up. To the OP, make sure you check the previous post made by me for additional information and downloads. Also let us know how it worked out. Test any new radio for at least a few days to a week. It needs to settle down. Remember, what works well for some people in their area may not work well for you, and vice versa.
Wolf_2 said:
It happens, but be careful when messing around with radio files because you can brick your phone if it messes up. To the OP, make sure you check the previous post made by me for additional information and downloads. Also let us know how it worked out. Test any new radio for at least a few days to a week. It needs to settle down. Remember, what works well for some people in their area may not work well for you, and vice versa.
Click to expand...
Click to collapse
I always take extreme caution when dealing with radios...and I cannot stress enough how important it is to delete the radio off the SD card..what nightmare that can become if you softbrick or something...not that I learned that the hard way or anything
I tried installing that app to check the RIL, doesn't phone says its not recognized.
mcvigo said:
I tried installing that app to check the RIL, doesn't phone says its not recognized.
Click to expand...
Click to collapse
well at the risk of making myself an ass again, I use terminal commands to check my ril..as far as I know it does work. If you want to take this route, download your favorite terminal app (I use terminal emulator). Open a command windown and type "su" and hit enter. First time it should prompt you to allow superuser permission. Allow it. then type: getprop "gsm.version.ril-impl" and hit enter. It will display the RIL file and hopefully the one you're expecting!
What phone do you have? That should work with most phones. It an Android program. If you are having trouble installing it then try a program like Easy Installer from the market. You can also run terminal commands on your phone or your computer to check the radio/RIL information.
In phone terminal, type the following after typing su and hitting enter:
getprop "gsm.version.ril-imp"
In command prompt, ADB, type the following after adb shell:
getprop "gsm.version.ril-impl"
Edit: Looks like I did not pay attention and refresh the screen. MMM answered the question. To the OP, what phone do you have and I am assuming the radio flash worked.
Thanks alot bro, with your file it was the only way I could this radio to install, tried alot of other methods and it would't work. Thanks alot again.
followed this thread http://forum.xda-developers.com/showthread.php?t=2046439 yesterday to root my samsung galaxy s3 and unlock the bootloader, but i am unsure if it worked 100%. i know it is rooted because i dl'ed titanium backup and it works, but how do i tell if my bootloader is unlocked or not? did a search, couldn't find an answer, so i am asking here.
There's not really a concrete way to tell however if you reboot and the Samsung logo flashes by in a second then you're unlocked. Typically it sits for three to five seconds on this screen but once unlocked, this screen just flashes by.
Sent from my SCH-I535 using xda app-developers app
considering we all use the same unlocked aboot.img, it's pretty easy to concretely verify that you're bootloader is unlocked.
but im too stupid to write a script, and no one wants to do it because it's a bit longer than timing the samsung boot logo (which when you compare time-invested to information given, is pretty reliable)
basically involves comparing the md5 of the aboot.img of your phone to the known unlocked aboot.img (will try to find the terminal/adb shell commandsi posted before)
found it:
The unlocked md5 is: 0ba9ad45fc15cf3d62af7dd363686b3f
So if you pull a copy of your current aboot partition and save it to your sd card.
Run the following in ADB shell or terminal. Make sure you run it as superuser:
dd if=/dev/block/mmcblk0p5 of=/storage/sdcard0/aboot.img
That command will save an aboot.img to your internal sd. Check it's md5 and see if it matches.
Can run in adb:
md5 /storage/sdcard0/aboot.img
or
use any of the many md5 checking apps out there
SlimSnoopOS said:
There's not really a concrete way to tell however if you reboot and the Samsung logo flashes by in a second then you're unlocked. Typically it sits for three to five seconds on this screen but once unlocked, this screen just flashes by.
Sent from my SCH-I535 using xda app-developers app
Click to expand...
Click to collapse
ok, cool, thanks! so it looks like the root took, but the bootloader didn't unlock. the samsung logo took 3 seconds to pass by. so what do i need to do now to unlock it? should i repeat the steps from what i did yesterday?
corbn89 said:
considering we all use the same unlocked aboot.img, it's pretty easy to concretely verify that you're bootloader is unlocked.
but im too stupid to write a script, and no one wants to do it because it's a bit longer than timing the samsung boot logo (which when you compare time-invested to information given, is pretty reliable)
basically involves comparing the md5 of the aboot.img of your phone to the known unlocked aboot.img (will try to find the terminal/adb shell commandsi posted before)
found it:
The unlocked md5 is: 0ba9ad45fc15cf3d62af7dd363686b3f
So if you pull a copy of your current aboot partition and save it to your sd card.
Run the following in ADB shell or terminal. Make sure you run it as superuser:
dd if=/dev/block/mmcblk0p5 of=/storage/sdcard0/aboot.img
That command will save an aboot.img to your internal sd. Check it's md5 and see if it matches.
Can run in adb:
md5 /storage/sdcard0/aboot.img
or
use any of the many md5 checking apps out there
Click to expand...
Click to collapse
I'm gonna bookmark this cuz this is a really good explanation. I don't ever suggest dd methods (nor memorize them) cuz I know a single typo could brick the device.
a.demarco said:
ok, cool, thanks! so it looks like the root took, but the bootloader didn't unlock. the samsung logo took 3 seconds to pass by. so what do i need to do now to unlock it? should i repeat the steps from what i did yesterday?
Click to expand...
Click to collapse
Just sideload EZ Unlock v1.2 and press the unlock button. You'll hear an audio confirmation and boom, unlocked.
ok, so now i am confused. i have the correct supersu+bootloader on the sd card, and the supersu app on the phone, but the samsung logo still takes a while to disappear.
edit: nevermind, got it working, samsung logo now just flashes by. thanks again for all your help!
SlimSnoopOS said:
I'm gonna bookmark this cuz this is a really good explanation. I don't ever suggest dd methods (nor memorize them) cuz I know a single typo could brick the device.
Just sideload EZ Unlock v1.2 and press the unlock button. You'll hear an audio confirmation and boom, unlocked.
Click to expand...
Click to collapse
Yep, it's pretty straightforward. I tested my unlocked bootloader with this. Haven't had a chance to tested while locked though (will have to wait till my next odin to stock).
But yeah, as long as no one switches the "if" and the "of" it should be safe (aka accidentally pasting something into the normally inaccessible partition rather than copying out to the sd)
---------- Post added at 10:32 AM ---------- Previous post was at 10:29 AM ----------
a.demarco said:
ok, so now i am confused. i have the correct supersu+bootloader on the sd card, and the supersu app on the phone, but the samsung logo still takes a while to disappear.
Click to expand...
Click to collapse
sometime that image doesn't take for whatever reason. just use the app slimsnoop os linked to, should do the trick
a.demarco said:
ok, so now i am confused. i have the correct supersu+bootloader on the sd card, and the supersu app on the phone, but the samsung logo still takes a while to disappear.
edit: nevermind, got it working, samsung logo now just flashes by. thanks again for all your help!
Click to expand...
Click to collapse
Great! Just so you know, you can uninstall EZ Unlock (if you installed it that is) and never use it again. You will not need it again unless you do the following which which will re-lock your bootloader:
1) take a Verizon OTA
2) Odin flash a stock image
Make sure to do a nandroid and happy flashing!
SlimSnoopOS said:
Great! Just so you know, you can uninstall EZ Unlock (if you installed it that is) and never use it again. You will not need it again unless you do the following which which will re-lock your bootloader:
1) take a Verizon OTA
2) Odin flash a stock image
Make sure to do a nandroid and happy flashing!
Click to expand...
Click to collapse
still learning all about this, i will have to search what a nandroid is. i am doing a backup currently using titanium backup (free version right now), and it seems to be working well.
i want to flash either the cm 10.1 or jellybeans v.15 i think, just gotta read more about them.
a.demarco said:
still learning all about this, i will have to search what a nandroid is. i am doing a backup currently using titanium backup (free version right now), and it seems to be working well.
i want to flash either the cm 10.1 or jellybeans v.15 i think, just gotta read more about them.
Click to expand...
Click to collapse
Ahh, you'll see a lot of terms thrown around like that haha here's a glossary of common terms taken from DroidStyle's guide in the dev section.
Basically a nandroid is a complete system or rom backup akin to a computer backup. You perform a nandroid in custom recovery (CWM or TWRP) however its labeled as "Backup" in both recoveries. "Nandroid" is just the common name for it. The reason you perform a nandroid is to have a safe point to restore your phone to if you flash a rom, kernel, or mod and your phone begins to misbehave. Before flashing your first rom, it's highly recommended that you perform a nandroid in your custom recovery and even save a copy on a computer so you always have that in two places. It may take about 1.5-2 GB's of space per backup so I wouldn't keep too many on your phone at a time.
SlimSnoopOS said:
Ahh, you'll see a lot of terms thrown around like that haha here's a glossary of common terms taken from DroidStyle's guide in the dev section.
Basically a nandroid is a complete system or rom backup akin to a computer backup. You perform a nandroid in custom recovery (CWM or TWRP) however its labeled as "Backup" in both recoveries. "Nandroid" is just the common name for it. The reason you perform a nandroid is to have a safe point to restore your phone to if you flash a rom, kernel, or mod and your phone begins to misbehave. Before flashing your first rom, it's highly recommended that you perform a nandroid in your custom recovery and even save a copy on a computer so you always have that in two places. It may take about 1.5-2 GB's of space per backup so I wouldn't keep too many on your phone at a time.
Click to expand...
Click to collapse
good to know... should i bother with titanium backup at all? or just boot into cwm and do a nandroid from there?
a.demarco said:
good to know... should i bother with titanium backup at all? or just boot into cwm and do a nandroid from there?
Click to expand...
Click to collapse
Perform both actually. Backup apps with TB so when you flash a rom you can restore apps at once if you actually like the rom. I typically restore a few apps when trying new roms then if I like the rom, I'll restore more apps. Backup with CWM so that in case you dislike the rom you flash, you can completely restore to your previous rom. They serve two similar functions yet distinctly different as well.
SlimSnoopOS said:
Perform both actually. Backup apps with TB so when you flash a rom you can restore apps at once if you actually like the rom. I typically restore a few apps when trying new roms then if I like the rom, I'll restore more apps. Backup with CWM so that in case you dislike the rom you flash, you can completely restore to your previous rom. They serve two similar functions yet distinctly different as well.
Click to expand...
Click to collapse
awesome, thank you for the help. doing the nandroid backup right now through cwm, backing it up to the external sd card so i can then save it to the computer.
so i should only use the tb to back up the apps? oops, i backed everything up on it, was wondering why it took so damn long!
a.demarco said:
awesome, thank you for the help. doing the nandroid backup right now through cwm, backing it up to the external sd card so i can then save it to the computer.
so i should only use the tb to back up the apps? oops, i backed everything up on it, was wondering why it took so damn long!
Click to expand...
Click to collapse
No problem! Yea, TB is useful for a lot once you have a grasp of the basic functions. Only backup user apps and do not backup/restore system apps. Depending on the number of apps and their storage size, backup time varies. You can always delete the previous TB backup files cuz its stored in the Titanium Backup folder of your internal or external sdcard. Doesn't hurt to copy that to a computer every once in awhile too.
corbn89 said:
considering we all use the same unlocked aboot.img, it's pretty easy to concretely verify that you're bootloader is unlocked.
but im too stupid to write a script, and no one wants to do it because it's a bit longer than timing the samsung boot logo (which when you compare time-invested to information given, is pretty reliable)
basically involves comparing the md5 of the aboot.img of your phone to the known unlocked aboot.img (will try to find the terminal/adb shell commandsi posted before)
found it:
The unlocked md5 is: 0ba9ad45fc15cf3d62af7dd363686b3f
So if you pull a copy of your current aboot partition and save it to your sd card.
Run the following in ADB shell or terminal. Make sure you run it as superuser:
dd if=/dev/block/mmcblk0p5 of=/storage/sdcard0/aboot.img
That command will save an aboot.img to your internal sd. Check it's md5 and see if it matches.
Can run in adb:
md5 /storage/sdcard0/aboot.img
or
use any of the many md5 checking apps out there
Click to expand...
Click to collapse
So when I start up terminal emulator, next to where it says "[email protected]:/ $" I type in su right? Then hit enter? Then on the following line I type: "dd if=/dev/block/mmcblk0p5 of=/storage/sdcard0/aboot.img"
After I type this a copy of aboot.img will be saved to my external memory card and from there I can match it up with the unlocked md5 and if it matches this garuntees that my bootloader is unlocked. Is this correct?
I'm a noob, please forgive me.
jricks said:
So when I start up terminal emulator, next to where it says "[email protected]:/ $" I type in su right? Then hit enter? Then on the following line I type: "dd if=/dev/block/mmcblk0p5 of=/storage/sdcard0/aboot.img"
Click to expand...
Click to collapse
Correct.
After I type this a copy of aboot.img will be saved to my external memory card and from there I can match it up with the unlocked md5 and if it matches this garuntees that my bootloader is unlocked. Is this correct?
I'm a noob, please forgive me.
Click to expand...
Click to collapse
It will save to your internal sdcard. sdcard0 = internal storage, sdcard1 = external sdcard.
Sent from my SCH-I535 using xda app-developers app
Much appreciated my friend.
Sent from my SCH-I535 using xda app-developers app
Let us know what your results are and which method you used to unlock.
I confirmed it on my phone that used the ez unlock app but multiple trials by others would be beneficial. Thanks
SlimSnoopOS said:
Correct.
It will save to your internal sdcard. sdcard0 = internal storage, sdcard1 = external sdcard.
Sent from my SCH-I535 using xda app-developers app
Click to expand...
Click to collapse
I did everything mentioned above and it saved to my internal card however im unable to view it. What program do i to install to view it.
Sent from my SCH-I535 using xda app-developers app
You don't need to view it. You just need to run the file through a md5 checksum app or check the md5 with terminal or adb using the command I posted earlier