USE AT YOUR OWN RISK
adb push C:\Users\*\Downloads\redbend_ua /data/local
adb shell
chmod 755 /data/local/redbend_ua
/data/local/redbend_ua restore /sdcard/zImage.bin /dev/block/bml7
or
/data/local/redbend_ua restore /sdcard/recovery2.bin /dev/block/bml8
http://www.sdx-downloads.com/devs/noobnl/redbend_ua.zip
stock kernel http://www.sdx-downloads.com/devs/noobnl/zImage.bin
clockworkmod recovery: http://www.sdx-downloads.com/devs/noobnl/recovery2.bin
put it in sdcard
build 2: fixes script (made a dumb mistake)
So.. I used at my own risk.
after copying redbend over and trying to flash clockworkmod recovery I got a wierd error telling me something like the "file count is wrong" (if somebody else tries this PM me with the correct message so i can fix this)
I rebooted the phone and tried again. It worked and I can confirm clockwork recovery installed. I have not tried to do anything like format SD or install a zip yet, but I will.
After booting into recovery I was only able to find three working buttons.
1. The "Smiley" button next to left shift will allow you to navigate the menues, it functions like an up arrow would.
2. The "H" button behaves like the "enter" key
3. The "Searching Glass" (On the front, the rightmost lit button that looks like a magnifying glass) = return to the main menu within recovery.
I will test right now.
This is what I got.
FOTA : Make Block Device Nodes
lcd_init(498): start!
lcd_init(507): fb0 open success
lcd_init(514): width = 480, heig
open device file: Permission den
bmldevice_get_size: bmldevice_op
dst: /dev/block/bml8 partition s
part_size: 0x0
reboot: Operation not permitted
Bump for update.
AH I just realized i still have the command prompt window up from both the attempt that work and the attempt that failed.
Code:
C:\android-sdk-windows\tools>adb push c:\redbend_ua\redbend_ua /data/local
1523 KB/s (313888 bytes in 0.201s)
C:\android-sdk-windows\tools>adb shell
$ su
su
# chmod 755 /data/local/redbend_ua
chmod 755 /data/local/redbend_ua
# /data/local/redbend_ua restore /sdcard/recovery.bin /dev/block/bml8
/data/local/redbend_ua restore /sdcard/recovery.bin /dev/block/bml8
RedBend Update Agent 6,1,14,1
FOTA : Make Block Device Nodes
lcd_init(498): start!
lcd_init(507): fb0 open success
lcd_init(514): width = 480, height = 800
page_msize: 4096, phy_unit_size: 262144
src: /sdcard/recovery.bin
dst: /dev/block/bml8 partition size: 0x780000
part_size: 0x780000
failed to read from /sdcard/recovery.bin (Bad file number)
>>>>NOTE INSERT>>>>> BETWEEN THE PREVIOUS LINE AND THE NEXT I DID A BATTERY PULL REBOOT.
C:\android-sdk-windows\tools>adb shell
$ su
# /data/local/redbend_ua restore /sdcard/recovery.bin /dev/block/bml8
/data/local/redbend_ua restore /sdcard/recovery.bin /dev/block/bml8
RedBend Update Agent 6,1,14,1
FOTA : Make Block Device Nodes
lcd_init(498): start!
lcd_init(507): fb0 open success
lcd_init(514): width = 480, height = 800
page_msize: 4096, phy_unit_size: 262144
src: /sdcard/recovery.bin
dst: /dev/block/bml8 partition size: 0x780000
part_size: 0x780000
read 262144 bytes
read 262144 bytes
read 262144 bytes
read 262144 bytes
read 262144 bytes
read 262144 bytes
read 262144 bytes
read 262144 bytes
read 262144 bytes
read 262144 bytes
read 262144 bytes
read 262144 bytes
read 262144 bytes
read 262144 bytes
read 262144 bytes
read 262144 bytes
read 262144 bytes
read 262144 bytes
read 262144 bytes
read 262144 bytes
read 20384 bytes
read finished
C:\android-sdk-windows\tools>
Thanks. I know what went wrong. SU was needed.
BTW. The first time I did it. The many read file appeared to me. But I did not have ClockWork recovery.
Badge2378 said:
AH I just realized i still have the command prompt window up from both the attempt that work and the attempt that failed.
Code:
C:\android-sdk-windows\tools>adb push c:\redbend_ua\redbend_ua /data/local
1523 KB/s (313888 bytes in 0.201s)
C:\android-sdk-windows\tools>adb shell
$ su
su
# chmod 755 /data/local/redbend_ua
chmod 755 /data/local/redbend_ua
# /data/local/redbend_ua restore /sdcard/recovery.bin /dev/block/bml8
/data/local/redbend_ua restore /sdcard/recovery.bin /dev/block/bml8
RedBend Update Agent 6,1,14,1
FOTA : Make Block Device Nodes
lcd_init(498): start!
lcd_init(507): fb0 open success
lcd_init(514): width = 480, height = 800
page_msize: 4096, phy_unit_size: 262144
src: /sdcard/recovery.bin
dst: /dev/block/bml8 partition size: 0x780000
part_size: 0x780000
failed to read from /sdcard/recovery.bin (Bad file number)
>>>>NOTE INSERT>>>>> BETWEEN THE PREVIOUS LINE AND THE NEXT I DID A BATTERY PULL REBOOT.
C:\android-sdk-windows\tools>adb shell
$ su
# /data/local/redbend_ua restore /sdcard/recovery.bin /dev/block/bml8
/data/local/redbend_ua restore /sdcard/recovery.bin /dev/block/bml8
RedBend Update Agent 6,1,14,1
FOTA : Make Block Device Nodes
lcd_init(498): start!
lcd_init(507): fb0 open success
lcd_init(514): width = 480, height = 800
page_msize: 4096, phy_unit_size: 262144
src: /sdcard/recovery.bin
dst: /dev/block/bml8 partition size: 0x780000
part_size: 0x780000
read 262144 bytes
read 262144 bytes
read 262144 bytes
read 262144 bytes
read 262144 bytes
read 262144 bytes
read 262144 bytes
read 262144 bytes
read 262144 bytes
read 262144 bytes
read 262144 bytes
read 262144 bytes
read 262144 bytes
read 262144 bytes
read 262144 bytes
read 262144 bytes
read 262144 bytes
read 262144 bytes
read 262144 bytes
read 262144 bytes
read 20384 bytes
read finished
C:\android-sdk-windows\tools>
Click to expand...
Click to collapse
nice! time to update the post!
noobnl said:
nice! time to update the post!
Click to expand...
Click to collapse
The thing is Noob, that I had the same result with one try. And I do not have Clockwork recovery.
Here is a wierd bit.
If I reboot using "Volume Down" + "Camera" + "Power" i get into clockwork.
If I "Reboot to Recovery" using a software tool (Root Manager specifically) i end up in the stock recovery (Blue Text)
??
Badge2378 said:
Here is a wierd bit.
If I reboot using "Volume Down" + "Camera" + "Power" i get into clockwork.
If I "Reboot to Recovery" using a software tool (Root Manager specifically) i end up in the stock recovery (Blue Text)
??
Click to expand...
Click to collapse
If I boot on Recovery it boots to recovery. Hm..
C:\SDK\tools>adb shell
$ su
su
# /data/local/redbend_ua restore /sdcard/recovery.bin /dev/block/bml8
/data/local/redbend_ua restore /sdcard/recovery.bin /dev/block/bml8
RedBend Update Agent 6,1,14,1
FOTA : Make Block Device Nodes
lcd_init(498): start!
lcd_init(507): fb0 open success
lcd_init(514): width = 480, height = 800
page_msize: 4096, phy_unit_size: 262144
src: /sdcard/recovery.bin
dst: /dev/block/bml8 partition size: 0x780000
part_size: 0x780000
read 262144 bytes
read 262144 bytes
read 262144 bytes
read 262144 bytes
read 262144 bytes
read 262144 bytes
read 262144 bytes
read 262144 bytes
read 262144 bytes
read 262144 bytes
read 262144 bytes
read 262144 bytes
read 262144 bytes
read 262144 bytes
read 262144 bytes
read 262144 bytes
read 262144 bytes
read 262144 bytes
read 262144 bytes
read 262144 bytes
read 20384 bytes
read finished
I do not have Clockwork.
Fixter said:
If I boot on Recovery it boots to recovery. Hm..
Click to expand...
Click to collapse
I should have said boot, as from power off.
If I start with the power off, then Press "Volume Down" + "Camera" + "Power" and keep holding them, i end up in Clockwork Rocovery v2.5.0.4
I'll shoot a pic as soon as my wife(and her camera) get home.
Badge2378 said:
I should have said boot, as from power off.
If I start with the power off, then Press "Volume Down" + "Camera" + "Power" and keep holding them, i end up in Clockwork Rocovery v2.5.0.4
I'll shoot a pic as soon as my wife(and her camera) get home.
Click to expand...
Click to collapse
I'm gonna go check ROM Manager
Edit: Rom Manager boots me to Stock Recovery.
Fixter said:
I'm gonna go check ROM Manager
Edit: Rom Manager boots me to Stock Recovery.
Click to expand...
Click to collapse
Yeah, that's what i said before. The only way I've been able to boot into ClockworkMod is using the three button combo method.
Badge2378 said:
Yeah, that's what i said before. The only way I've been able to boot into ClockworkMod is using the three button combo method.
Click to expand...
Click to collapse
I get the same thing using both methods.
check the first post again make sure your applying the recovery.bin to bml8
shabbypenguin said:
check the first post again make sure your applying the recovery.bin to bml8
Click to expand...
Click to collapse
If you check my last post with the code, you can see we both have the exact same results. Also. I copy, pasted.
I dont understand the parrt about
/redbend_ua restore'
where do I place that file in the tools folder of sdk? and clockwork file on root of sd card?
rjmjr69 said:
I dont understand the parrt about
/redbend_ua restore'
where do I place that file in the tools folder of sdk? and clockwork file on root of sd card?
Click to expand...
Click to collapse
In the root of the SD Card.
Fixter said:
In the root of the SD Card.
Click to expand...
Click to collapse
thank you so all three files on root?
Related
Ok so I have been trying to flash the newest oneclick flasher to my Epic all day. NOTHING is working.
The driver downloads in the thread are down but I located them else where. I know nothing is suppose to be mounted and debugging should be on. I have all of that and it still does not go through.
I went through the process of manually rooting the phone through the very first root method....I got root. No superuser app but I had root. So I figured hell the .bat file should work now....WRONG...still i get nothing.
I attached a picture of what happens every time I attempt to run the .bat file.
Maybe I'm making this over complicated since all the phones I've previously rooted were all through adb and a lot more work.
Can I please get some guidance on what I am doing wrong.
Thank you!
Open the .bat file and copy each command manually into command prompt. If you don't have paths set up, you'll have to CD to the directory with ADB (probably the 1-click-whatever folder you downloaded, which you have to do anyway, so might as well do it now). If you get a phone offline or phone disconected error. Just keep running the sam command until it goes through then move on. Copy+paste for safety. Don't worry about the ping commands.
Sent from my SPH-D700 using XDA App
This happened to me too. Use a different micro usb cable than the one the phone came with and it will fix it.
I had same issues..here is what I did:
1) unplugged phone and reset phone..
2) uninstalled the drivers..then reinstalled them.
3) Plugged in the device..
4) this is the hard part that got me...gotta wait for the device to fully install the drivers on the bottom right...I messed up the first time cause I couldn't wait..(This can take up to 5 minutes or so..there are total of 4 drivers that are installed..you need 3/4 to finish..2/4 is not enough and will cause the issues)
5) ran:
adb.exe get-state
it should give you output of "device" and not "unknown"
6) ran run.bat
7) Profit
I had the same problem the first time, but it only happed because I didn't restart my phone
After turning on debugging. When I plugged it into the usb after that it worked fine don"t even recall having to unmount anything.
I had the same issues as well. Then I tried a different laptop and it worked like a charm
And is the best way to know this goes throught superuser application??
Ok so it looks like it is STILL not working.
I uninstalled the drivers, reinstalled them, reset both computer and the phone, plugged the phone in, waited for those to fully install, ran adb.exe get-state it said device this time but now i get this:
exploit and busybox made by joeykrim and one click installer and andromeda galax
y kernel made by noobnl
Press any key to continue . . .
copy and run the exploit (may take 2 minutes)
adb server is out of date. killing...
* daemon started successfully *
175 KB/s (5392 bytes in 0.030s)
1 KB/s (88 bytes in 0.063s)
[*] CVE-2010-EASY Android local root exploit (C) 2010 by 743C
[*] checking NPROC limit ...
[+] RLIMIT_NPROC={3712, 3712}
[*] Searching for adb ...
[+] Found adb as PID 2223
[*] Spawning children. Dont type anything and wait for reset!
[*]
[*] If you like what we are doing you can send us PayPal money to
[*] [email protected] so we can compensate time, effort and HW costs.
[*] If you are a company and feel like you profit from our work,
[*] we also accept donations > 1000 USD!
[*]
[*] adb connection will be reset. restart adb server on desktop and re-login.
remove joeykrim root method
148 KB/s (14428 bytes in 0.095s)
5 KB/s (279 bytes in 0.051s)
rm failed for /system/bin/remount, No such file or directory
rm failed for /system/bin/busybox, No such file or directory
copy kernel and flasher
346 KB/s (313888 bytes in 0.885s)
488 KB/s (6889960 bytes in 13.785s)
flashing kernel
RedBend Update Agent 6,1,14,1
FOTA : Make Block Device Nodes
lcd_init(498): start!
lcd_init(507): fb0 open success
lcd_init(514): width = 480, height = 800
page_msize: 4096, phy_unit_size: 262144
src: /sdcard/zImage
dst: /dev/block/bml7 partition size: 0x780000
part_size: 0x780000
read 262144 bytes
read 262144 bytes
read 262144 bytes
read 262144 bytes
read 262144 bytes
read 262144 bytes
read 262144 bytes
read 262144 bytes
read 262144 bytes
read 262144 bytes
read 262144 bytes
read 262144 bytes
read 262144 bytes
read 262144 bytes
read 262144 bytes
read 262144 bytes
read 262144 bytes
read 262144 bytes
read 262144 bytes
read 262144 bytes
read 262144 bytes
read 262144 bytes
read 262144 bytes
read 262144 bytes
read 262144 bytes
read 262144 bytes
read 74216 bytes
read finished
wait 60 second
cleanup
done
Press any key to continue . . .
Click to expand...
Click to collapse
So what am I doing wrong now??
What would the physical ADB commands look like?? That's always how I have had to root on my phones in the past and I've never had issues. I have had more problems trying this "easy" one click root than with typing out everything myself.
Spectral8x said:
Ok so it looks like it is STILL not working.
I uninstalled the drivers, reinstalled them, reset both computer and the phone, plugged the phone in, waited for those to fully install, ran adb.exe get-state it said device this time but now i get this:
So what am I doing wrong now??
Click to expand...
Click to collapse
From the looks of it your using the 1.3 root with the kernal..what it failed on is to remove the other root (since you didn't have it which is fine)...seems like everything is ok..restart your phone and you should have root.
I recently decided to root my inspire as i am no longer using it as a phone, so i thought that it would be interesting to do and fun to play around with all of the options available (i recently did the same thing on my Nook Tablet, and that was the single best decision i have made a while!). I started out researching the manual techniques to do it, but i didn't really like the high risk factor there (i really dont want to brick my phone) so i tried Ace Hack Kit. Of course, it has to download the phone from 2.3.5 to be able to work. During this process, it has me hold volume up and power twice, and every time i do that, it flashes up really quick something about holding volume up and volume down and power, but then it skips past that. Anyway, here is where my problem comes in: It says that it should reboot in to hboot, which it does, but that hboot should run a test, then prompt me to continue by pressing volume up, and then should reboot, flashing twice, and that should be the end of it. THe problem is, it does boot in to hboot, but it is just a standard hboot screen asking to recover, load bootloader, etc. When i reboot from there it just boots in to the phone as normal. Does anyone have any experience with his issue, or any idea what i might be doing wrong?
In reply to the poster below, i have tried 3 different SD cards, all of which work and are recognized by my PC, my other phone and my Nook tablet. I have also inserted a working sim card, just to be sure that wasnt the issue, and i still cant make it work.
Mckernanx32 said:
I recently decided to root my inspire as i am no longer using it as a phone, so i thought that it would be interesting to do and fun to play around with all of the options available (i recently did the same thing on my Nook Tablet, and that was the single best decision i have made a while!). I started out researching the manual techniques to do it, but i didn't really like the high risk factor there (i really dont want to brick my phone) so i tried Ace Hack Kit. Of course, it has to download the phone from 2.3.5 to be able to work. During this process, it has me hold volume up and power twice, and every time i do that, it flashes up really quick something about holding volume up and volume down and power, but then it skips past that. Anyway, here is where my problem comes in: It says that it should reboot in to hboot, which it does, but that hboot should run a test, then prompt me to continue by pressing volume up, and then should reboot, flashing twice, and that should be the end of it. THe problem is, it does boot in to hboot, but it is just a standard hboot screen asking to recover, load bootloader, etc. When i reboot from there it just boots in to the phone as normal. Does anyone have any experience with his issue, or any idea what i might be doing wrong?
Click to expand...
Click to collapse
Try using a different sdcard. Yours seems to be corrupted to work as a goldcard.
hi,
when I try to root my phone with AAHK I get this message. my version is 2.3.3 what can I do. it stuck at black screen with white HTC logo. After pull out battery I can run my phone normally everytime
Ace Advanced Hack Kit [Linux/OSX/Windows] attn1 2011/2012
___________________________
MAIN MENU | |
| Only ONE Menu Step to: |
1 - Hack Ace <----------------------------+ * S-OFF |
| * SIM Unlock |
2 - DONATE (Encouraged, but optional) | * SuperCID |
-------------------------?q=goldcard | * Root |
--------------------------/ | * Busybox |
| |
**********************************************************************
o - Options Menu (Return to Stock, Flash radios, etc)
**********************************************************************
t - Toggle Flash Method - current method is fastbootRUU
*********************************************************************
q - Quit
[Select and press Enter]1
/sdcard/PD98IMG.zip: No such file or directory
rm failed for /sdcard/PD98IMG.zip, No such file or directory
goldcard.img
goldcard
2192 KB/s (4359771 bytes in 1.942s)
pkg: /data/local/tmp/stericson.busybox-1.apk
Failure [INSTALL_FAILED_ALREADY_EXISTS]
1252 KB/s (19240 bytes in 0.015s)
1842 KB/s (4564992 bytes in 2.419s)
2259 KB/s (3737600 bytes in 1.615s)
1798 KB/s (557962 bytes in 0.303s)
455 KB/s (9796 bytes in 0.021s)
1876 KB/s (572752 bytes in 0.298s)
2050 KB/s (134401 bytes in 0.064s)
437 KB/s (13968 bytes in 0.031s)
ro.build.version.release=2.3.3
Setting up for Gingerbread restore...
2013 KB/s (2801664 bytes in 1.358s)
2036 KB/s (2830336 bytes in 1.357s)
2252 KB/s (285981 bytes in 0.124s)
1886 KB/s (285981 bytes in 0.148s)
1 file(s) copied.
Linux version 2.6.35.10-gd2564fb ([email protected]) (gcc version 4.4.0 (GCC) )
#1 PREEMPT Thu Jun 9 14:33:05 CST 2011
Kernel version is Gingerbread... Using fre3vo to temproot...
fre3vo by #teamwin
Please wait...
Attempting to modify ro.secure property...
fb_fix_screeninfo:
id: msmfb
smem_start: 802160640
smem_len: 3145728
type: 0
type_aux: 0
visual: 2
xpanstep: 0
ypanstep: 1
line_length: 1920
mmio_start: 0
accel: 0
fb_var_screeninfo:
xres: 480
yres: 800
xres_virtual: 480
yres_virtual: 1600
xoffset: 0
yoffset: 800
bits_per_pixel: 32
activate: 16
height: 106
width: 62
rotate: 0
grayscale: 0
nonstd: 0
accel_flags: 0
pixclock: 0
left_margin: 0
right_margin: 0
upper_margin: 0
lower_margin: 0
hsync_len: 0
vsync_len: 0
sync: 0
vmode: 0
Buffer offset: 00000000
Buffer size: 8192
Scanning region faa90000...
Scanning region fab80000...
Scanning region fac70000...
Scanning region fad60000...
Scanning region fae50000...
Scanning region faf40000...
Scanning region fb030000...
Scanning region fb120000...
Scanning region fb210000...
Scanning region fb300000...
Scanning region fb3f0000...
Scanning region fb4e0000...
Scanning region fb5d0000...
Scanning region fb6c0000...
Scanning region fb7b0000...
Scanning region fb8a0000...
Scanning region fb990000...
Scanning region fba80000...
Potential exploit area found at address fbb57a00:1600.
Exploiting device...
/dev/block/vold/179:65 /mnt/sdcard vfat rw,dirsync,nosuid,nodev,noexec,relatime,
uid=1000,gid=1015,fmask=0702,dmask=0702,allow_utime=0020,codepage=cp437,iocharse
t=iso8859-1,shortname=mixed,utf8,errors=remount-ro 0 0
tmpfs /mnt/sdcard/.android_secure tmpfs ro,relatime,size=0k,mode=000 0 0
HTC android goldcard tool Copyright (C) 2011, Wayne D. Hoxsie Jr.
Original code by B. Kerler. Special thanks to ATTN1 and the XDA team.
Donations can be made to the Electronic Frontier Foundation:
-------
or to B. Kerler:
-----------
0+1 records in
0+1 records out
384 bytes transferred in 0.209 secs (1837 bytes/sec)
--set_version set. VERSION will be changed to: 1.31.405.6
Misc partition is "/dev/block/mmcblk0p17"
Patching and backing up misc partition...
* server not running *
Starting update process....
< waiting for device >
kaiowas89 said:
hi,
when I try to root my phone with AAHK I get this message. my version is 2.3.3 what can I do. it stuck at black screen with white HTC logo. After pull out battery I can run my phone normally everytime
Ace Advanced Hack Kit [Linux/OSX/Windows] attn1 2011/2012
___________________________
MAIN MENU | |
| Only ONE Menu Step to: |
1 - Hack Ace <----------------------------+ * S-OFF |
| * SIM Unlock |
2 - DONATE (Encouraged, but optional) | * SuperCID |
-------------------------?q=goldcard | * Root |
--------------------------/ | * Busybox |
| |
**********************************************************************
o - Options Menu (Return to Stock, Flash radios, etc)
**********************************************************************
t - Toggle Flash Method - current method is fastbootRUU
*********************************************************************
q - Quit
[Select and press Enter]1
/sdcard/PD98IMG.zip: No such file or directory
rm failed for /sdcard/PD98IMG.zip, No such file or directory
goldcard.img
goldcard
2192 KB/s (4359771 bytes in 1.942s)
pkg: /data/local/tmp/stericson.busybox-1.apk
Failure [INSTALL_FAILED_ALREADY_EXISTS]
1252 KB/s (19240 bytes in 0.015s)
1842 KB/s (4564992 bytes in 2.419s)
2259 KB/s (3737600 bytes in 1.615s)
1798 KB/s (557962 bytes in 0.303s)
455 KB/s (9796 bytes in 0.021s)
1876 KB/s (572752 bytes in 0.298s)
2050 KB/s (134401 bytes in 0.064s)
437 KB/s (13968 bytes in 0.031s)
ro.build.version.release=2.3.3
Setting up for Gingerbread restore...
2013 KB/s (2801664 bytes in 1.358s)
2036 KB/s (2830336 bytes in 1.357s)
2252 KB/s (285981 bytes in 0.124s)
1886 KB/s (285981 bytes in 0.148s)
1 file(s) copied.
Linux version 2.6.35.10-gd2564fb ([email protected]) (gcc version 4.4.0 (GCC) )
#1 PREEMPT Thu Jun 9 14:33:05 CST 2011
Kernel version is Gingerbread... Using fre3vo to temproot...
fre3vo by #teamwin
Please wait...
Attempting to modify ro.secure property...
fb_fix_screeninfo:
id: msmfb
smem_start: 802160640
smem_len: 3145728
type: 0
type_aux: 0
visual: 2
xpanstep: 0
ypanstep: 1
line_length: 1920
mmio_start: 0
accel: 0
fb_var_screeninfo:
xres: 480
yres: 800
xres_virtual: 480
yres_virtual: 1600
xoffset: 0
yoffset: 800
bits_per_pixel: 32
activate: 16
height: 106
width: 62
rotate: 0
grayscale: 0
nonstd: 0
accel_flags: 0
pixclock: 0
left_margin: 0
right_margin: 0
upper_margin: 0
lower_margin: 0
hsync_len: 0
vsync_len: 0
sync: 0
vmode: 0
Buffer offset: 00000000
Buffer size: 8192
Scanning region faa90000...
Scanning region fab80000...
Scanning region fac70000...
Scanning region fad60000...
Scanning region fae50000...
Scanning region faf40000...
Scanning region fb030000...
Scanning region fb120000...
Scanning region fb210000...
Scanning region fb300000...
Scanning region fb3f0000...
Scanning region fb4e0000...
Scanning region fb5d0000...
Scanning region fb6c0000...
Scanning region fb7b0000...
Scanning region fb8a0000...
Scanning region fb990000...
Scanning region fba80000...
Potential exploit area found at address fbb57a00:1600.
Exploiting device...
/dev/block/vold/179:65 /mnt/sdcard vfat rw,dirsync,nosuid,nodev,noexec,relatime,
uid=1000,gid=1015,fmask=0702,dmask=0702,allow_utime=0020,codepage=cp437,iocharse
t=iso8859-1,shortname=mixed,utf8,errors=remount-ro 0 0
tmpfs /mnt/sdcard/.android_secure tmpfs ro,relatime,size=0k,mode=000 0 0
HTC android goldcard tool Copyright (C) 2011, Wayne D. Hoxsie Jr.
Original code by B. Kerler. Special thanks to ATTN1 and the XDA team.
Donations can be made to the Electronic Frontier Foundation:
-------
or to B. Kerler:
-----------
0+1 records in
0+1 records out
384 bytes transferred in 0.209 secs (1837 bytes/sec)
--set_version set. VERSION will be changed to: 1.31.405.6
Misc partition is "/dev/block/mmcblk0p17"
Patching and backing up misc partition...
* server not running *
Starting update process....
< waiting for device >
Click to expand...
Click to collapse
That means that your PC has connectivity issues. Read the effen manual to make sure that everything that should be disabled or uninstalled it is and then re run the hack kit.
If the issue persists, then try using an ubuntu liveCD.
glevitan said:
That means that your PC has connectivity issues. Read the effen manual to make sure that everything that should be disabled or uninstalled it is and then re run the hack kit.
If the issue persists, then try using an ubuntu liveCD.
Click to expand...
Click to collapse
I try it again it gives me another error. if I use ubuntu does it fix ?
I try it again it gives me another error. if I use ubuntu does it fix ?
the error ,
Ace Advanced Hack Kit [Linux/OSX/Windows] attn1 2011/2012
___________________________
MAIN MENU | |
| Only ONE Menu Step to: |
1 - Hack Ace <----------------------------+ * S-OFF |
| * SIM Unlock |
2 - DONATE (Encouraged, but optional) | * SuperCID |
http://psas.revskills.de/?q=goldcard | * Root |
http://www.eff.org/ | * Busybox |
| |
**********************************************************************
o - Options Menu (Return to Stock, Flash radios, etc)
**********************************************************************
t - Toggle Flash Method - current method is fastbootRUU
*********************************************************************
q - Quit
[Select and press Enter]1
/sdcard/PD98IMG.zip: No such file or directory
rm failed for /sdcard/PD98IMG.zip, No such file or directory
goldcard.img
goldcard
1822 KB/s (4359771 bytes in 2.336s)
- waiting for device -
error: more than one device and emulator
- waiting for device -
kaiowas89 said:
I try it again it gives me another error. if I use ubuntu does it fix ?
I try it again it gives me another error. if I use ubuntu does it fix ?
the error ,
Ace Advanced Hack Kit [Linux/OSX/Windows] attn1 2011/2012
___________________________
MAIN MENU | |
| Only ONE Menu Step to: |
1 - Hack Ace <----------------------------+ * S-OFF |
| * SIM Unlock |
2 - DONATE (Encouraged, but optional) | * SuperCID |
http://psas.revskills.de/?q=goldcard | * Root |
http://www.eff.org/ | * Busybox |
| |
**********************************************************************
o - Options Menu (Return to Stock, Flash radios, etc)
**********************************************************************
t - Toggle Flash Method - current method is fastbootRUU
*********************************************************************
q - Quit
[Select and press Enter]1
/sdcard/PD98IMG.zip: No such file or directory
rm failed for /sdcard/PD98IMG.zip, No such file or directory
goldcard.img
goldcard
1822 KB/s (4359771 bytes in 2.336s)
- waiting for device -
error: more than one device and emulator
- waiting for device -
Click to expand...
Click to collapse
this: error: more than one device and emulator... means that there is something messing up with the connectivity. UBUNTU is a fresh installed OS with no bloatware at all. You can boot it from a CD without installing anything at all.
glevitan said:
this: error: more than one device and emulator... means that there is something messing up with the connectivity. UBUNTU is a fresh installed OS with no bloatware at all. You can boot it from a CD without installing anything at all.
Click to expand...
Click to collapse
thank you. I will try ubuntu live cd. but I havent used ubuntu? I hope I can root my phone
EDIT: I rooted my phone with another pc. thank you again
Please post all questions in the Q & A section. Thread moved.
Sent from my Galaxy Nexus using Tapatalk 2
What partitions there are in out tablet?
"fastboot getvar all" gets this:
bootloader
recovery
boot
system
cache
userdata
Also i can find such list:
mmcblk0boot0
mmcblk0boot1
mmcblk0 ... 8
(and mmcblk1 is external uSD card)
What is tre partition table (and its sizes, for 32G model), and what is function (and content) of these partitions?
tijl-comdor said:
What partitions there are in out tablet?
"fastboot getvar all" gets this:
bootloader
recovery
boot
system
cache
userdata
Also i can find such list:
mmcblk0boot0
mmcblk0boot1
mmcblk0 ... 8
(and mmcblk1 is external uSD card)
What is tre partition table (and its sizes, for 32G model), and what is function (and content) of these partitions?
Click to expand...
Click to collapse
mmcblk0 layout
All dumps were done on Asus Eee Pad Transformer Infinity TF700T, 64GB version, firmware 9.4.5.26, locked
mmcblk0 off-partition section
Offset: 0 (0x0)
Size: 38273024 (0x2480000)
Read command: busybox dd if=/dev/block/mmcblk0 of=/mnt/sdcard/mmcblk0pre1.img bs=524288 count=73
Offset: 0 (0x0)
Size: 3670016 (0x380000)
Contains: Zeroes
Purpose: Unknown
Extract command: dd if=mmcblk0pre1.img of=mmcblk0pre1s1.img bs=3670016 count=1
Process command: tr -d '\0' <mmcblk0pre1s1.img >mmcblk0pre1s1nz.img # mmcblk0pre1s1nz.img must be empty file
Offset: 3670016 (0x380000)
Contains: Recovery kernel image followed by zeroes
Size: 8388608 (0x800000)
Extract command: dd if=mmcblk0pre1.img of=mmcblk0pre1s2.img bs=524288 skip=7 count=16
Process commands:
perl split_bootimg.pl mmcblk0pre1s2.img
mkdir mmcblk0pre1s2.img-ramdisk
cd mmcblk0pre1s2.img-ramdisk
zcat ../mmcblk0pre1s2.img-ramdisk.gz | cpio -i
cd ..
# end Process commands
Offset: 12058624 (0xb80000)
Contains: Regular boot kernel image followed by zeroes
Size: 8388608 (0x800000)
Extract command: dd if=mmcblk0pre1.img of=mmcblk0pre1s3.img bs=524288 skip=23 count=16
Process commands:
perl split_bootimg.pl mmcblk0pre1s3.img
mkdir mmcblk0pre1s3.img-ramdisk
cd mmcblk0pre1s3.img-ramdisk
zcat ../mmcblk0pre1s3.img-ramdisk.gz | cpio -i
cd ..
# end Process commands
Offset: 20447232 (0x1380000)
Contains: Block of 16 bytes followed by 0x2de0 hexadecimal numbers followed by FF
Size: 12288 (0x3000)
Extract command: dd if=mmcblk0pre1.img of=mmcblk0pre1s4.img bs=524288 skip=39
Vital data:
Extract command: dd if=mmcblk0pre1s4.img of=mmcblk0pre1s4ss2.img bs=4096 skip=3
Binary part of vital data:
Extract command: dd if=mmcblk0pre1s4ss1.img of=mmcblk0pre1s4ss1ch1.img bs=16 count=1
Hexadecimal part of vital data:
Extract command: dd if=mmcblk0pre1s4ss1.img of=mmcblk0pre1s4ss1ch2.img bs=16 count=734 skip=1
Process command: unhex <mmcblk0pre1s4ss1ch2.img >mmcblk0pre1s4ss1ch2bin.img
FF part of vital data:
Extract command: dd if=mmcblk0pre1s4ss1.img of=mmcblk0pre1s4ss1ch3.img bs=16 skip=735
Process command: tr -d '\377' <mmcblk0pre1s4ss1ch3.img >mmcblk0pre1s4ss1ch3nff.img # mmcblk0pre1s4ss1ch3nff.img must be empty file
Zeroes:
Extract command: dd if=mmcblk0pre1s4.img of=mmcblk0pre1s4ss1.img bs=4096 count=3
Process command: tr -d '\0' <mmcblk0pre1s4ss2.img >mmcblk0pre1s4ss2nz.img # mmcblk0pre1s4ss2nz.img must be empty file
Purpose: Probably encrypted bootloader
mmcblk0p1
Offset: 38273024 (0x2480000)
Size: 805306368 (0x30000000)
File system size: 196608 * 4096 = 805306368 (fully occupies partition)
Format: Linux ext4 filesystem
Mounted at: /system
Mount options: read only, extended attributes, ACL
Permissions: only root can manipulate
Contains: Base system and embedded applications
Purpose: Base system
mmcblk0p2
Offset: 843579392 (0x32480000)
Size: 448790528 (0x1ac00000)
File system size: 109568 * 4096 = 448790528 (fully occupies partition)
Format: Linux ext4 filesystem
Mounted at: /cache
Mount options: read/write, no SUID, no device nodes, no atime
Permissions: only root can manipulate, UID system and GID cache can read and write
Contains: Cache
Purpose: Application cache
Note: The volume has the same UUID as mmcblk0p1
mmcblk0p3
Offset: 1292369920 (0x4d080000)
Size: 2097152 (0x200000)
File system size: 512 * 4096 = 2097152 (fully occupies partition)
Linux rev 1.0 ext3 filesystem
Not mounted
Permissions: GID system can manipulate
Contains: Empty file system
Purpose: Recovery /misc
Referenced by: /system/lib/libandroid_runtime.so recovery ramdisk: /etc/recovery.fstab
Note: File system is referenced in recovery as emmc, not ext3!
mmcblk0p4
Offset: 1294467072 (0x4d280000)
Size: 855638016 (0x33000000)
File system size: 208896 * 4096 = 855638016
Linux rev 1.0 ext3 filesystem
Not mounted
Permissions: GID system can manipulate
Contains: Empty file system
Purpose: Recovery /staging
Referenced by: recovery ramdisk: init.rc /etc/recovery.fstab
mmcblk0p5
Offset: 2150105088 (0x80280000)
Size: 5242880 (0x500000)
File system size: 5092 * 1024 = 5147488
Format: FAT32 file system, no partition table, MS-DOS "Non-system disk" boot block
Not mounted
Permissions: only root can manipulate
Contains: File system with files:
Serial numbers (ISN, PPID, SSN, UUID)
Calibration data (AL3010 light sensor, AMI304 magnetic sensor, KXTF9 motion sensor)
Purpose: Device specific unique system data, mounted as /btmac during Android boot
Referenced by: /system/bin/wifimacwriter /system/bin/brcm_patchram_plus /system/bin/sensors-config /system/bin/sixpair ramdisk: /init recovery ramdisk: /etc/recovery.fstab /init
mmcblk0p5 off file-system area
Offset in section: 5147488 (0x4e8b60)
Size: 28672 (0x7000)
Read command: busybox dd if=/dev/block/mmcblk0p5 of=/mnt/sdcard/mmcblk0p5s2.img bs=1024 skip=5092
Process command: tr -d '\0' <mmcblk0p5s2.img >mmcblk0p5s2nz.img # mmcblk0p5s2nz.img must be empty file
mmcblk0p6
Offset: 2155347968 (0x80780000)
Size: 524288 (0x80000)
Format: binary data
Permissions: UID drm can manipulate
Contains: 208 bytes of binary data, the rest are zeroes
Purpose: DRM, probably contains encrypted DRM key
Referenced by: /system/bin/wvdrmserver /system/vendor/lib/drm/libdrmwvmplugin.so
mmcblk0p7
Offset: 2155872256 (0x80800000)
Size: 5242880 (0x500000)
Format: empty
Contains: Zeroes
Purpose: Unknown
mmcblk0p8
Offset: 2161115136 (0x80d00000)
Size: 61415620608 (0xe4ca80000)
File system size: 14994040 * 4096 = 61415587840
Format: Linux ext4 filesystem
Mounted at: /data
Mount options: read/write, no SUID, no device nodes, no atime
Permissions: only root can manipulate, read and write are directory specific
Contains: User applications, user data, and virtual internal SD card
Note: /data/media is mounted via UID/GID stripping FUSE as /mnt/sdcard
mmcblk0p8 off file-system area
Offset in section: 61415587840 (0xe4ca78000)
Size: 32768 (0x8000)
Read command: busybox dd if=/dev/block/mmcblk0p8 of=/mnt/sdcard/mmcblk0p8s2.img bs=4096 skip=14994040
mmcblk0 off-partition section
Offset: 63576735744 (0xecd780000)
Size: 524288 (0x80000)
Read command: busybox dd if=/dev/block/mmcblk0 of=/mnt/sdcard/mmcblk0post8.img bs=524288 skip=121263
Process command: tr -d '\0' <mmcblk0p8s2.img >mmcblk0p8s2nz.img # mmcblk0p8s2nz.img must be empty file
Offset: 63576735744 (0xecd780000)
Offset in section: 0 (0x0)
Size: 507392 (0x7be00)
Contains: Zeroes
Purpose: Unknown
Extract command: dd if=mmcblk0post8.img of=mmcblk0post8s1.img bs=507392 count=1
Process command: tr -d '\0' <mmcblk0post8s1.img >mmcblk0post8s1nz.img # mmcblk0post8s1nz.img must be empty file
Offset: 63577243136 (0xecd7fbe00)
Offset in section: 507392 (0x7be00)
Size: 16896 (0x4200)
Contains: EFI Partition table (partition names: APP, CAC, MSC, USP, PER, YTU, CRA, UDA)
Extract command: dd if=mmcblk0post8.img of=mmcblk0post8s2.img bs=512 skip=991
Purpose: Partition table
Total size of mmcblk0: 63577260032 (0xecd800000)
Notes:
can manipulate = can read, write partition vital data, only root can mount
can read, write = can read, write partition file system contents
Read commands are ran on the Transformer
Extract and process commands are run anywhere, with pre-read image file in the current directory.
You need dd with large files support. Vanilla dd on TF700T does not support large files. Busybox dd does.
hi everyone. i have bricked i535. i am working on it for about 3 days. sd card method, qfil method and others did not worked. so i am looking for this files for flashing it with unbrick.sh script on ubuntu.
unbrick.sh came with this files but i think they are not for i535. hex is working but at the end:
:
:
:
Writing 1024 bytes to 0x2a02ec00; 1180 bytes left.
Writing 1024 bytes to 0x2a02f000; 156 bytes left.
Writing 156 bytes to 0x2a02f400; 0 bytes left.
Executing file...
Failed to get response.
Sending MAGIC...
Invalid MAGIC response.
i think the hex and mbn are for 8960 cpu but not for i535. Can you help
Hi,
After a botched attempt to install LineageOS 17 on my Samsung Galaxy S5, I decided to revert to LOS16. the problem is that I had completely wiped my device in order to install LOS 17, and my only available 16.x ROM was gone, so I found another ROM on a backup site (October 2020 version).
Once installed, this version did not recognize my SD card where I had stored all my user data. Therefore I dumped the partitions on my Linux PC using dd, and let Android reformat the card.
I dumped 2 individual partitions (not the whole device with the partition table), one of 16Mb, and the other about 29Gb (it's a 32Gb SD card).
Now I want to browse my old data on the backup, but I cannot mount or fsck the partition dumps. the superblock is not recognized as ext*, fat, or even f2fs.
This is all the info I have on the 2 partitions:
Bash:
$ sudo fdisk -l klte-sdc1.img
Disk klte-sdc1.img: 16 MiB, 16777216 bytes, 32768 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
$ sudo fdisk -l klte-sdc2.img
Disk klte-sdc2.img: 29.71 GiB, 31897140736 bytes, 62299103 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Also, for comparison, I dumped the partition table of the currently working SD card:
Bash:
$ sudo fdisk -l /dev/sdc
Disk /dev/sdc: 29.72 GiB, 31914983424 bytes, 62333952 sectors
Disk model: MicroSD/M2
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: gpt
Disk identifier: 35D0FC04-06BD-4578-87FB-D6ED991C03A5
Device Start End Sectors Size Type
/dev/sdc1 2048 34815 32768 16M unknown
/dev/sdc2 34816 62333918 62299103 29.7G unknown
As you see, the partition sizes are identical. I can chance it and dd the original partitions into the new ones, but I don't want to lose recent data on the current partition. I could also corrupt the partition headers if the ones in the backups are corrupt, and be back to square 1.
Can anybody help? Which kind of partition or specialized tools shall I look for?
Thanks,
gm