Thanks to the wonderful information here on this site, I was able to root and unlock my Canadian Samsung Captivate S a.k.a. Rogers Captivate SGH-I896.
Us Canadian phone owners know that our phones are slightly different than what you guys in the states got. Those differences were significant enough to cause me trouble in unlocking my phone (my main priority) and which eventually got me to the realization that I would need to end up rooting my phone.
So here is what I did to root and unlock my phone. Yes, most of this information is found in the SGH-I896 wiki but I'm going to put more detailed instructions here to share my knowledge/experience. Also, note the stock Rogers ROM is Android 2.1 software version I896UXJI2.
Do go to http://www.communityhosting.net/sgsunlock/ and click on the Unlock Instructions for the Captivate. My instructions below follow the general gist of these original instructions but I simplified a few steps to reflect the differences I experienced when unlocking my SGH-i896.
Of course, the caveat always is in play - any attempts on your part to follow my instructions to root/unlock your phone is at your own risk and peril. I take no responsibility for any damages you cause to your own personal device.
With that out of the way, here's what I did!
Chapter 1 - FAIL!
First thing I tried was the SGS unlock tool along with the Windows script that extracts the unlock code. Don't even bother trying - it doesn't work because our phone is different! Then I started tinkering with adb, getting into the shell and poking around. First thing I noticed that in the adb shell, you do not have read access in the /efs directory! Hmm, looks like I need root access to get to the files in here!
I also installed Terminal Emulator on my phone to see if I could get into the /efs directory - same result. The shell user didn't have the elevated privileges to get into that directory.
So poking around, there's talk of the z4root app. Unfortunately, by the time I find this app it's no longer listed in the Android Marketplace. I try downloading it straight off of the thread above, but it wouldn't install! It said that my device was not supported.
This stumped me for a while since I couldn't side load z4root off of the site. Then doing some more reading, I learned how I could run the z4root.apk file off of a file manager.
Chapter 2 - Root!
I mounted my phone in mass storage mode and saved z4root.apk onto it. Then using a file manger, I navigated to the location where I saved it and installed it with no problems! Once installed, I launched the app and it what it needed to do to root my phone.
Chapter 3 - Extracting nv_data.bin!
Now that I have root access, I can now get nv_data.bin out of the /efs directory and place it onto the SD card for easy extraction onto my PC.
You can either do the following steps either using Terminal Emulator on the phone itself (which is just like opening up a command-line shell) or connecting your phone in debug mode and using "adb shell" on your computer. I did use both methods to type in commands to my phone. Using "adb shell" was easier to type on a real keyboard but I had no problems in either environment.
So without further ado, here are the commands I typed in. Please note that when you see "$" this is the regular user shell prompt and "#" is the super user shell prompt. Also, my comments and explanations are italicized.
Start either shell and you'll get this prompt:
$ su type the command su at the dollar sign prompt and press enter. This will turn on "super user" mode.
# This is the new prompt identifying su mode. To exit this mode, you can type the command exit and you'll get back to the $. Type exit again, and you'll quit/close the shell. Don't do it now as we just got started.
# cd /efs This will "change directory" into the efs directory where all the goodies reside![/efs]
# ls -l -a This will list out all of the details of what is in this directory. You'll see something similar below
drwxrwxrwx root root 2005-01-01 16:33 .android
-rwx------ radio radio 32 2010-12-12 07:06 nv_data.bin.md5
-rw-rw-rw- radio radio 1743 2010-10-25 15:08 nv.log
-rwx------ radio radio 1048576 2010-10-25 15:08 .nv2.bak
-rw-rw-rw- radio radio 1 2010-10-25 15:08 .nv_state
-rwx------ radio radio 2097152 2010-12-12 07:06 nv_data.bin
-rwx------ radio radio 32 2010-10-25 15:08 .nv2.bak.md5
drwxrwxrwx radio radio 2010-10-25 14:37 imei
-rwx------ radio radio 2097152 2010-10-25 15:08 .nv_data.bak
-rwx------ radio radio 32 2010-10-25 15:08 .nv_data.bak.md5
If you see something like the above, you're good to go! If you get permission denied or something like that, you didn't root your phone. Assuming all is good, we need to make a place to copy the nv_data.bin file
# cd /sdcard This will change directory to the sdcard directory. When you mount your Android's internal storage, you have access to this as a removable drive.
# mkdir efs_backup This will make a directory on your internal sd card called efs_backup
# busybox cp -d -r /efs /sdcard/efs_backup This calls the copy command and will copy all of the files and directory structure in the /efs directory and put it in the /sdcard/efs_backup directory.
Chapter 4 - Generating the new nv_data.bin
Now you can exit super user and the shell.
Mount your phone as a drive on your computer. Go to http://www.communityhosting.net/sgsunlock/ and submit your nv_data.bin file to this site. You can choose an unlock and unfreeze code, but according to the SGH-I896 wiki, the unlock/unfreeze codes will not work however your phone will be unlocked and you can use any SIM in it.
You'll be prompted to download and save it on your computer. Make a new directory on your phone's SD internal card called "efs_unlocked" and save your downloaded nv_data.bin file in this directory. Safely remove and unmount your phone and get back into a shell.
Chapter 5 - Putting it back together
$ ls /sdcard/efs_unlocked You should see the file nv_data.bin listed in this directory. If you don't see the output similar to the one below, STOP! Find the new nv_data.bin file before moving on!
nv_data.bin If you see this file listed, you're good to go!
$ su
# rm /efs/nv* remove all files in the efs directory that start with "nv"
# rm /efs/.nv* remove all hidden files starting with ".nv"
# busybox cp /sdcard/efs_unlocked/nv_data.bin /efs This will copy the modified nv_data.bin file into the /efs directory
# chmod 700 /efs/nv_data.bin Set the read-write-execute permissions on nv_data.bin.
# chown radio.radio /efs/nv_data.bin Change ownership and group membership both to radio
# reboot
If all goes well, you've wiped out all the nv_data files and copied over the new nv_data.bin file. As the phone boots up, it will rebuild the necessary data files. My phone booted up normally. Hopefully yours will too.
Get back into the shell - time to check a few more things.
$ su
# ls -l -a /efs
drwxrwxrwx root root 2005-01-01 16:33 .android
-rwx------ radio radio 32 2010-12-12 07:06 nv_data.bin.md5
-rw-rw-rw- radio radio 1743 2010-12-12 15:08 nv.log
-rwx------ radio radio 1048576 2010-12-12 15:08 .nv2.bak
-rw-rw-rw- radio radio 1 2010-12-12 15:08 .nv_state
-rwx------ radio radio 2097152 2010-12-12 07:06 nv_data.bin
-rwx------ radio radio 32 2010-12-12 15:08 .nv2.bak.md5
drwxrwxrwx radio radio 2010-10-25 14:37 imei
-rwx------ radio radio 2097152 2010-12-12 15:08 .nv_data.bak
-rwx------ radio radio 32 2010-12-12 15:08 .nv_data.bak.md5
If you see an nv_data.bin.md5 file like in the example above, then things are in good shape! If there is no nv_data.bin.md5 file, then the original instructions say that you need to reflash your ROM with another version that does rebuild the file. Mine worked so I didn't have to worry about using a different ROM. Also, according to the official instructions at Step 9 it says to make .bak backup copies of the nv_data.bin and nv_data.bin.md5 files. I did not as these files were re-built during the reboot process.
# busybox cp -d -r /efs /sdcard/efs_unlocked Makes a copy of your new files back onto your internal sd card.
# reboot recovery Your phone should now reboot into recovery mode. Follow the instructions on the recovery mode menu and choose the "delete cache data" and then reboot your phone.
Finale
Congratulations! You've now rooted and unlocked your phone! I did test my phone with a Telus SIM card in it. I didn't do a full test - just checked to see if it got any bars of cell reception and of course it did. My phone did not ask for an unlock code either.
I recommend you copy your efs_original and efs_unlocked directories and store them somewhere safe as an off-phone backup.
I'd also like to thank the Android developers who spent their hard earned time, money and effort to make these tools for us to use! All I want to accomplish with this post is a record of what to do for those of us with the current issue Rogers Captivate S.
Without these tools, we'd be stuck with just "regular phones"
Good luck unlocking and rooting your phones
LaterZ!
Darren!!
Hi HO! Great post!
Didnt work for me...
everything executed as said but when finally rebooted the phone it didnt get unlocked instead it keeps booting over and over...
STUCK
Now i am at the boot loop. It keeps booting as soon as lock screen comes up i touch the screen or connect usb cable it turns off.
dont know if i bricked my phone.!!!!!
please help anyone
P.S. i already did odin3 to put stock rom since i can get in download mode but no help
These were pretty much exact steps I used to unlock my Rogers Captivate. Good write up.
Sent from my SAMSUNG-SGH-I896 using XDA App
asadsheraz said:
Now i am at the boot loop. It keeps booting as soon as lock screen comes up i touch the screen or connect usb cable it turns off.
dont know if i bricked my phone.!!!!!
please help anyone
P.S. i already did odin3 to put stock rom since i can get in download mode but no help
Click to expand...
Click to collapse
If you can still get into download mode, it's fixable. If Odin didn't work try Heimdall, few people were successful flashing stock back to Rogers Captivate with it. You might have to restore your original nv_data.bin from the backup manually.
Sent from my SAMSUNG-SGH-I896 using XDA App
sshvetsov said:
If you can still get into download mode, it's fixable. If Odin didn't work try Heimdall, few people were successful flashing stock back to Rogers Captivate with it. You might have to restore your original nv_data.bin from the backup manually.
Sent from my SAMSUNG-SGH-I896 using XDA App
Click to expand...
Click to collapse
I did make backup but how do I access the internal SD to restore backup? Since computer wont detect phone either as it keeps restarting.
Hmm, good question. I usually make a backup of my things to computer. When you patched the nv_data.bin file, didn't you pull it with adb? Perhaps you still have that file around someplace?
Sent from my SAMSUNG-SGH-I896 using XDA App
sshvetsov said:
Hmm, good question. I usually make a backup of my things to computer. When you patched the nv_data.bin file, didn't you pull it with adb? Perhaps you still have that file around someplace?
Sent from my SAMSUNG-SGH-I896 using XDA App
Click to expand...
Click to collapse
No... i was using the android terminal emulator to make backup and what not. Didn't copy it to computer but even if I did how'd I put it back since I cant access the internal SD....
Did it get stuck in the reboot loop after the first reboot?
asadsheraz said:
No... i was using the android terminal emulator to make backup and what not. Didn't copy it to computer but even if I did how'd I put it back since I cant access the internal SD....
Click to expand...
Click to collapse
You might need it later, after you restore your phone with Odin or Heimdall.
Sent from my SAMSUNG-SGH-I896 using XDA App
sshvetsov said:
You might need it later, after you restore your phone with Odin or Heimdall.
Sent from my SAMSUNG-SGH-I896 using XDA App
Click to expand...
Click to collapse
it just wont come up. Even after trying both restoring procedures it keeps booting over and over.
Also yes it started the boot loop from the first boot
Thank you SOOOOO MUCH Penphoe ! I've been trying to unlock my Rogers Captivate i896 for 2 weeks now, and it's now done thanks to you!
I just followed every step using a terminal emulator on my phone. I now works with a Telus and a european SIM card.
SUCCESS!
I am on Rogers with a Galaxy S Captivate which I bought a couple days prior.
THIS SOLUTION WORKS! THANK YOU SO MUCH!
Works like a charm!!!
I have I896 Galaxy S Captivate (purchased and locked for Rogers)
Just make sure you understand and do every step right.
sent it back to samsung after the boot loop issue.
on their website it shows tech replaced TIB.
Does anyone know what that is?
European Sim Issue
I completed this procedure a few days before the posting and everything worked in Canada on the rogers network.
I needed to root and unlock the phone for a trip to France over the holidays.
Once arriving in France, and using Rogers sim, the voice phone calls would not work, only a weird static in the background when someone talked. Text messages and data seemed to function. I used this same sim with an unlocked blackberry in the past with no issues.
I have tried using an SFR sim with the phone now and the same issue, text messaging and data works but the voice calls still do not function, connection is made but nothing can be heard.
Has anyone made a phone call with a European sim card after completing the unlocking? Most people say they register with the network and did not try a voice call.
Any suggestions?
Is there a procedure to re-lock the phone?
Rickets said:
I completed this procedure a few days before the posting and everything worked in Canada on the rogers network.
I needed to root and unlock the phone for a trip to France over the holidays.
Once arriving in France, and using Rogers sim, the voice phone calls would not work, only a weird static in the background when someone talked. Text messages and data seemed to function. I used this same sim with an unlocked blackberry in the past with no issues.
I have tried using an SFR sim with the phone now and the same issue, text messaging and data works but the voice calls still do not function, connection is made but nothing can be heard.
Has anyone made a phone call with a European sim card after completing the unlocking? Most people say they register with the network and did not try a voice call.
Any suggestions?
Is there a procedure to re-lock the phone?
Click to expand...
Click to collapse
I've used this method on my Rogers Captivate and am successfully using it in Indonesia (voice, data, sms) with local SIM.
I doubt just the unlock would cause the problem you're describing. Did you by any chance flash any custom firmware or modem.bin?
I haven't tried to re-lock my phone, I'm guessing it would be almost the same procedure, but instead of pushing patched nv_data.bin file you would have to restore your original, unpatched nv_data.bin file from backup.
sshvetsov said:
I've used this method on my Rogers Captivate and am successfully using it in Indonesia (voice, data, sms) with local SIM.
I doubt just the unlock would cause the problem you're describing. Did you by any chance flash any custom firmware or modem.bin?
I haven't tried to re-lock my phone, I'm guessing it would be almost the same procedure, but instead of pushing patched nv_data.bin file you would have to restore your original, unpatched nv_data.bin file from backup.
Click to expand...
Click to collapse
Thanks for the response, i have not attempted any custom firmware of modem.bin changes.
Did you use sgsunlock or the method posted in this string? SGSunlock would not work when i attempted.
http://forum.xda-developers.com/showthread.php?t=831569
Found the link to this via mobilesyrup
http://mobilesyrup.com/forum/showthread.php?t=4355
This is the orginal posting i used to unlock the i896 after rooting with z4root
When the unlock was completed the EFS folder had a file called nv_data.bin.md5, what is the purpose of this file? It seems to be created when the phone is rebooted after applying the new nv_data.bin. What files were in the original EFS folder before applying the unlock? Did the *.md5 files exist?
Rickets said:
Thanks for the response, i have not attempted any custom firmware of modem.bin changes.
Did you use sgsunlock or the method posted in this string? SGSunlock would not work when i attempted.
http://forum.xda-developers.com/showthread.php?t=831569
This is the orginal posting i used to unlock the i896 after rooting with z4root
When the unlock was completed the EFS folder had a file called nv_data.bin.md5, what is the purpose of this file? It seems to be created when the phone is rebooted after applying the new nv_data.bin. What files were in the original EFS folder before applying the unlock? Did the *.md5 files exist?
Click to expand...
Click to collapse
The method in the thread you're linking to is for Froyo (Android 2.2), but aside from few small OS specific difference it is exactly the same as the sgsunlock web site and the original post of this thread. I used the instructions from http://www.communityhosting.net/sgsunlock/ site (not SGS Unlock app from the market) on my Rogers Captivate, since they are for Eclair (Android 2.1), and they worked perfectly. This thread just adds details on how to root your Rogers Captivate with z4root before you unlock it.
md5 file contains the hash/checksum of the nv_data.bin file, it is generated on restart. I'm not sure exactly what is the purpose of that file, but I'm guessing it is there to make sure that nv_data.bin file is not corrupt or has been modified.
There were several files in the /efs folder, from my memory: nv_data.bin, nv_data.bin.md5, .nv_data.bak, .nv_data.bak.md5, imei, nv.log and maybe a couple more. Most of them are deleted during the unlock procedure and regenerated on restart. The most important of them is nv_data.bin. This is the file you patch to unlock your phone, and I'm guessing this is the file you would have to restore to re-lock it.
Related
Hello guys,
I been trying in the little time I have to get rid of Fota file by using ADB but have not successfully been able to delete those files. I am not quite sure what is the process to do it but this is what I have been trying.
Open CMD
1- go to platform-tools folder on CMD
2- Type adb push c:\directory\fota_delta_dp1\ \data\fota\
3- repeat for second fota file.
It says that failed to copy c:\directory\file\ \data\fota\ since is read-only
How do I make it "writable" or what am I doing wrong,
I wanted to mention as well that my phone is rooted.
Find Root Explorer. Install it.
Change the file system to R/W.
Then, navigate to \data\fota and delete the files.
-Steve
sgyee said:
Find Root Explorer. Install it.
Change the file system to R/W.
Then, navigate to \data\fota and delete the files.
-Steve
Click to expand...
Click to collapse
Need to be rooted to use this method
Sent from my DAMN Galaxy 4G¡!
Success100 said:
Need to be rooted to use this method
Sent from my DAMN Galaxy 4G¡!
Click to expand...
Click to collapse
The OP said his phone was rooted.
-Steve
However you want to get root shell and do:
# cat /dev/null > /data/fota/fota_delta_dp1
# cat /dev/null > /data/fota/fota_delta_dp2
Well thank you for your advises. I ended up using "Super Manager" checked in setting "Use root function" went to the folder were i had the files alreadt unzipped and copy them over to /data/fota which replacea both of the fota files. Rebooted the phone and had 280mb of available storage.
When i get home i'll make a tutorial using Super Manager.
Sent from SGS4G
Hi there,
Is there a way to temporary root my Nexus S [I9020XXKD1] or alternatively a non-root way to access /data so that I can copy a file in and out? Essentially I want to be able to backup and restore some game saves
Most posts I've read basically have folks saying "Just root it", which is good advice to most but isn't right for me - I really don't want to have to wipe my phone and I'd also like to be able to dip my toe into rooting before taking a full leap. That, and aside from needing this one file in /data my phone works exactly as I'd like it to
I only need "su" access for a brief moment to copy off a file to and from /data. I set up the android sdk but ADB didn't work because of the protection of "production builds".
VISIONary seemed like the right kind of thing, but I don't believe it works for the Nexus S or recent firmware, so while temp rooting would be nice so would any solution that allows me to backup and restore some files in /data.
At the moment I am wondering if writing an apk of my own that copies/replaces this one file is the way to go - but that seems perversely long way around!
So any help/suggestions most appreciated
There is no temporary root for the Nexus S. You're either rooted, or you're not. However, if, perchance, you are on Android 2.3.2 or earlier, you might be able to root without wiping.
Without root, you cannot see the files in /data, but you can read/write the files directly if they have the proper permissions and you know the exact path/filenames. After poking around a bit, it seems that read & write permissions vary among apps. Most apps have full permissions reserved for the parent app. Some allow other apps/user to read some files, and read+write others. (The permissions being app-specific, if it can't be done by command line, I doubt it could be done by creating an app, either.)
So, what is the game? Perhaps I can do some exploring.
If you have the old bootloader (2.3.2 i think) you can boot a recovery without flashing. From you computer use "adb boot recovery.img" and boot clockwork recovery. From there you can mount and access the filysystems.
Sent from my Nexus S using XDA App
Maximilian Mary said:
There is no temporary root for the Nexus S. You're either rooted, or you're not. However, if, perchance, you are on Android 2.3.2 or earlier, you might be able to root without wiping.
Without root, you cannot see the files in /data, but you can read/write the files directly if they have the proper permissions and you know the exact path/filenames. After poking around a bit, it seems that read & write permissions vary among apps. Most apps have full permissions reserved for the parent app. Some allow other apps/user to read some files, and read+write others. (The permissions being app-specific, if it can't be done by command line, I doubt it could be done by creating an app, either.)
So, what is the game? Perhaps I can do some exploring.
Click to expand...
Click to collapse
Thanks I figured as much. The game is Dungeon Hunter 2 and essentially I am trying to implement a simple fix to make my save game work again (the fix is here: http://forum.xda-developers.com/showthread.php?t=1042675 a few posts down) but it requires root. So I do know the exact paths and filename.
Thank you for your helpful answer
Ok, I'm not having any luck here, and it's pissing me off. FYI, I don't have that game, so I'm testing it with Angry Birds. I can read and copy the file just fine, but I can't modify it without using root. The data file itself has read/write access, but the containing folder (files/) is read-only, so I can't overwrite the file after I've modified it. Since the file itself has r/w access, I wonder if it would work to modify the file directly, instead of using an outside program to modify it then overwriting it. (I'm a bit ignorant of the finer points of linux permissions.) This would require an app that would allow you to open and modify a file by typing the full path & filename, instead of just browsing the directory tree. You could also try < adb pull /data/data/com.gameloft.android.TBFV.GloftD2HP.ML/files/dh2_000.savegame dh2_000.savegame > (using the correct path, if that's not it). Then see if < adb push dh2_000.savegame /data/data/com.gameloft.android.TBFV.GloftD2HP.ML/files/dh2_000.savegame > works. The fact that you can copy the file out is promising, anyway. So even if you had to root, you could backup the file before rooting wipes everything, then fix it & back it up after you had root.
Btw, what version of Android are you on?
Edit: I think I'm getting somewhere. While you can't modify the file itself, you can modify the file contents. So something like this might work: < adb shell >
< more /sdcard/dh2_000.savegame > /data/data/com.gameloft.android.TBFV.GloftD2HP.ML/files/dh2_000.savegame >
So the next step is to get some help from someone who has the game and is rooted as to the exact path to the savegame file. Once we have that, I think we're golden. (Or, let me know if adb pull works with the path I guessed at.)
wow! Thank you for your help
In answer to your questions: my Nexus s is running 2.3.4 and you are correct about the file path (many other kind xda users died to bring us those paths ) is /data/data/com.gameloft.android.TB with the filename being dh2_000.savegame
I don't want to drive you to distraction! If I could back it up I probably would go ahead then and root the phone given how complexplaying with a non-rooted phone is!
I will try the adb pull method and let you know how I get on.
Thank you again for your help and for showing me why I probably do want to root!
I'm posting this information because 1 I was asked to and 2 I feel it could be helpful for the "MORE ADVANCED" users.
Do Not try any of my methods, None of them. Unless you WANT to brick your phone.
With that said, here to the best of my memory is what I have done.
I pulled my framework-res file as well as the other 3 that relate to it and tried to theme them. It worked a few times and after tweaking I eventually broke the permission of the files.. Hence putting me in a bootloop.
What I did..
Thankfully I had the Bionic Safestrap installed. (DO NOT INSTALL THE SAFESTRAP) So, I was able to boot into the safestrap and use adb commands. This took some toying around. For the sake of saving people from bricking i'm not going to list all of the adb commands. But I had to mount both the /sdcard and /systemorig. Now simple enough, I just went through and rm every file from inside the folders. (Do not rm the folder, You will not be able to recover the folder and no you can not push the folder) rm all files from /systemorig /apps /osh etc.. then push all my restore files (backup made with safestrap) to the /sdcard. (For some reason they have to be placed on the sdcard before being copied to the root directory otherwise it breaks the permission of the files, idk y?) A few times in order to mount /systemorig as full rw I had to quick toggle safe mode. Now cp all files from the sdcard to their places on the phone turn safe mode off if you had to enable it and reboot. Bam, You just recovered from a soft brick. I have also used this method to restore webtop after breaking that also. Yes it does take a long time to restore and it is cumbersome but at least you can do it. I was also able to mount /emmc to /sdcard and flash a rom from the razr (yes i knew at this point it wouldn't work, this was a test) although it did not boot it did unpack and fully install the rom in the correct locations and it looked as though it would with a little more code boot from the sdcard. What i'm playing with now is trying to use the overclock method from the razr on my a2 but seems how I don't know exactly what files are being changed i'm being cautious. Sorry guys I'm not exactly a linux guy, I do what I can and I am always learning.
I'll edit this post as more info comes to mind. But to let you know I have been able to play with most files w/o fear of bricking so long as you don't mess up the .rc files in /systemorig you will always be able to boot into safestrap.
Dear all,
it is time for me to pay back. I have found a lot of information and tips from this forum. However, when I bricked my device by erasing the efs folder (trying to install Linux on my N8013 Tablet) I only found partial fixes, like creating the directory FactoryApp and the file factorymode with ON inside it.
I have searched forums and forums and I could not find a comprehensive answer. I tinker and tinker with my device and at last I recovered the efs folder and it does not get wiped out on boot.
Before today, I had to boot my Tablet and create the FactoryApp and file factorymode with ON inside it to make my Tablet not showing the Factory Test have stopped and to show the lock screen. Now all is back to normal.
When in recovery mode CWM the efs would not mount!!
Thanks to too many people, I have been visiting so many sites I do not remember the names of all!!! Thank you all!!
Ok, this is the procedure it worked for me.
1.- Install CWM recovery in your rooted tablet.
2.- Install ADB in your pc to be able to communicate with the tablet via com window. Install busybox as well.
3.- google a nv_data.bin file if you find one. I found one. I could find the download link if someone ask for it.
4.- BOOT your Tablet in Recovery mode push both the power and the volume up button (the farthest to the power button). When the First letters appear, release the power button, not the volume up until entering in recovery mode.
5.- Go to your PC, connect the USB cable to your tablet and go to C:\Program Files\Android\android-sdk\platform-tools>
6.- Type adb shell and hit return
7.- if you see # good, you have access to your tablet. Do not type su because does not work. You are root (I assume).
8.- type busybox df -h and check you do not have the efs mounted. In fact it does not even appear.
9.- Try to mount mmcblk0p3 (mount -w -t ext4 /dev/block/mmcblk0p3 /efs ) YES 0p3. I have found a lot of forums saying it is 0p1 but not in the Galaxy Note N8013. I tried with the 0p1 and did not work.
10.- Of course did not mount!!! That is the error. So we have to....
11.- Now try to make that partition, by typing mke2fs /dev/block/mmcblk0p3
12.- Now try to mount it again by typing mount -w -t ext4 /dev/block/mmcblk0p3 /efs It worked!!
13.- Now you have to keep the downloaded nv_data.bin file in the root of your sdcard, and a text file named factorymode with the letters ON inside.
14.- do busybox ls -ltr and you will see there is a folder called sdcard -> /data/media
15.- create a folder inside the /efs/ folder named FactoryApp
16.- Copy the factorymode from the root of your sdcard to the /efs/FactoryApp folder by typing: busybox cp /data/media/factorymode /efs/FactoryApp
17.- Copy the nv_data.bin from your sdcard to your efs folder by typing: busybox cp /data/media/nv_data.bin /efs
18.- Now change permissions to all those files inside efs with 0744 by typing: busybox chmod 0744 /efs/FactoryApp/factorymode
Do it with all!!
19.- Now change owner of the directory efs down with: busybox chown 1001.1001 /efs (I think there is a switch to change all at once, but I forgot so I changed all directories and folders inside efs.
11.- in CWM go to advanced and fix permissions.
12.- Boot in recovery mode.
13.- Try to mount efs partition and it works!!! Check with ADB that all your files are there and a lot more.
14.- Reboot the Tablet and the efs is there for good.
15.- Install in your computer EFS Pro and do a backup ofthe efs folder.
16.- I am sure the IMEI is not the good one, but the N8013 is not used as a phone anyway.
Please be careful and backup all the partitions of your tablet before doing this. It worked for my N8013 but I do not know if it will brick yours or if you have another model.
Thanks to:
XDA forum
arizzle.com even I did not use his efs image, but I used the instructions he provided. http://www.arizzle.com/android/gt-n8013/
SPT Team: http://forum.gsmhosting.com/vbb/archive/t-1296409.html
Da-G XDA forum: http://forum.xda-developers.com/showthread.php?t=882039
alvhergon at: http://www.htcmania.com/showthread.php?t=177297
People at community hosting: http://www.communityhosting.net/sgsunlock/i9000.html
Of course EFS Pro, ADB, busybox, ODIN, CWM Recovery developers!!
I hope this serve for somebody with my same problem. I gather all that information, put it together in this post and fixed my two months old tablet!!! Now I can go back to install Ubuntu again
Thanks for reading up to here!!
hey man,
thanks for your tut, my device is n8000 and it doesn't boot due to me installing tablet rom by mistake anyway, i did everything you did except i used .jar root explorer from here in the forums and transfered the files after i mounted it and choose 0p1 , im not sure what went wrong but anyway after that i used the commands to give permission and owner like you but they get wiped after restart, any ideas ?
dieselz said:
hey man,
thanks for your tut, my device is n8000 and it doesn't boot due to me installing tablet rom by mistake anyway, i did everything you did except i used .jar root explorer from here in the forums and transfered the files after i mounted it and choose 0p1 , im not sure what went wrong but anyway after that i used the commands to give permission and owner like you but they get wiped after restart, any ideas ?
Click to expand...
Click to collapse
Geez, I am far from an expert here. What folder/partition gets wiped out? efs? Because searching the web I realized the 0p1 is /system (maybe I am wrong) and 0p3 is /efs.
Did you try " mke2fs /dev/block/mmcblk0p3" or with 0p1? What happened?
Did you try "-w -t ext4 /dev/block/mmcblk0p3 /efs It worked!!" What happened?
I think, those are the most important steps, because it allows you to mount in recovery mode the /efs partition.
Later on, an important step is " cp /data/media/nv_data.bin /efs" but I do not know why?
Of course changing owership...
I am very sorry is not working for you. Please, try it again. I know what frustrating it is!!! I have had my tablet broken for more than two months and by trial and error finally got it working. I could send you the nv_data.bin file if you wanted. However, it will set your serial number to 000000 and I assume a wrong IMEI. But I do not use my tablet as a phone anyway.
I hope it helps!! Thanks for reading!!
nv_data.bin please help!
hey man! i have the same problem!!! i flashed a galaxy tab rom on my note 10.1, can you please post the nv_data.bin link.? i also tried to flash stock rom with odin but it still doesn't boot up
darko454 said:
hey man! i have the same problem!!! i flashed a galaxy tab rom on my note 10.1, can you please post the nv_data.bin link.? i also tried to flash stock rom with odin but it still doesn't boot up
Click to expand...
Click to collapse
Let me search for it and I will send it to you.
tripijb said:
Let me search for it and I will send it to you.
Click to expand...
Click to collapse
There you go!!
Thanks !! But should I reset the binary counter and return it or I'm better just playing with it???
Sent from my SPH-L710 using Tapatalk 2
darko454 said:
Thanks !! But should I reset the binary counter and return it or I'm better just playing with it???
Sent from my SPH-L710 using Tapatalk 2
Click to expand...
Click to collapse
Reset the counter and return it at the last option. Just follow my instructions above and see if you could fix it!!! So far is bricked, isn't it?
Good luck!!!
Well I got it to boot but in factory mode... so I'll follow your instructions ! I'll get back to you. Thanks
Sent from my SPH-L710 using Tapatalk 2
darko454 said:
Well I got it to boot but in factory mode... so I'll follow your instructions ! I'll get back to you. Thanks
Sent from my SPH-L710 using Tapatalk 2
Click to expand...
Click to collapse
Do it step by step!!!! let me know if it worked!!! It took me two months of search to find out the solution I posted!!!
tripijb said:
Do it step by step!!!! let me know if it worked!!! It took me two months of search to find out the solution I posted!!!
Click to expand...
Click to collapse
hey man sorry to bother i cant find text file named factorymode with the letters ON inside??
darko454 said:
hey man sorry to bother i cant find text file named factorymode with the letters ON inside??
Click to expand...
Click to collapse
No bothering at all!!!
Please help
tripijb said:
No bothering at all!!!
Click to expand...
Click to collapse
15.- create a folder inside the /efs/ folder named FactoryApp how do i do that>>???
Im stuck on this step!!
Is this right???
is this right?? please help i don't know what im doing!:crying:
i accidentally put in this command how do i go back??
C:\Android\platform-tools> im a mess please help???
darko454 said:
is this right?? please help i don't know what im doing!:crying:
i accidentally put in this command how do i go back??
C:\Android\platform-tools> im a mess please help???
Click to expand...
Click to collapse
http://forum.xda-developers.com/showthread.php?t=2111485
Do I have to do everything again?
Sent from my SPH-L710 using Tapatalk 2
Now what is wrong? Sorry to be a noob
darko454 said:
Do I have to do everything again?
Sent from my SPH-L710 using Tapatalk 2
Click to expand...
Click to collapse
What did i do???
Please help!!!! What should I do next?
Sent from my SPH-L710 using Tapatalk 2
Help Me!!
Hey i seem to do everything correct, untill i get to step 5, witch seems to be missing a step??
In platform-tools folder, what do i open up to get access to the tablet??
I get compleatly lost in step 6, i get a message saying......(in attachments).
I got N8013
darko454 said:
15.- create a folder inside the /efs/ folder named FactoryApp how do i do that>>???
Im stuck on this step!!
Click to expand...
Click to collapse
Geez I forgot, if you are in a PC using ADB use the command window and do mkdir to create a directory.
However, let me take a look at my step by step procedure to put myself in context.
I have been disconnected due an emergency trip, but I will be back in couple of days. Sorry for the late reply!!!
Hi Guys,
I want to change my CID in order to S-OFF, in order to downgrade my touch panel firmware in order to install an AOSP ROM. (currently stock Tesltra ROM)
I've unlocked my bootloader via HTCDev, installed TWRP 2.5.0.0, and used TWRP to install SuperSU (root checker verifies root).
I've spent the last 4 hours searching this forum and have so far tried:
The one click unlock with Telstra mod. It failed to recognise my device as telstra, even though "fastboot getvar cid" returns with "TELST001". I opened the bat file with notepad, it seems to be trying to modify line 214, where if i look at the ORIG file, the CID is on line 210.
So i found the hex edit of mmcblk0p4 method. I can successfully pull the mmcblk0p4 file and modify it to replace TELST001 with 11111111 and save the file. When i push it back to the SD card and transfer it to /dev/block/ it all appears to work normally as per screenshots i've found arouns here. But it doesn't. If i pull the mmcblk0p4 back off the phone as soon as i have put the modified one there it appears to have reverted to TELST001, or never have over written the original in the first place.
Do i need to do anything special to write to /dev/block/ if i'm in the adb shell with SU access?
P.S. using the command "fastboot oem writecid 11111111" doesn't work for me, not that i really expected it to.
Austempest said:
Hi Guys,
I want to change my CID in order to S-OFF, in order to downgrade my touch panel firmware in order to install an AOSP ROM. (currently stock Tesltra ROM)
I've unlocked my bootloader via HTCDev, installed TWRP 2.5.0.0, and used TWRP to install SuperSU (root checker verifies root).
I've spent the last 4 hours searching this forum and have so far tried:
The one click unlock with Telstra mod. It failed to recognise my device as telstra, even though "fastboot getvar cid" returns with "TELST001". I opened the bat file with notepad, it seems to be trying to modify line 214, where if i look at the ORIG file, the CID is on line 210.
So i found the hex edit of mmcblk0p4 method. I can successfully pull the mmcblk0p4 file and modify it to replace TELST001 with 11111111 and save the file. When i push it back to the SD card and transfer it to /dev/block/ it all appears to work normally as per screenshots i've found arouns here. But it doesn't. If i pull the mmcblk0p4 back off the phone as soon as i have put the modified one there it appears to have reverted to TELST001, or never have over written the original in the first place.
Do i need to do anything special to write to /dev/block/ if i'm in the adb shell with SU access?
P.S. using the command "fastboot oem writecid 11111111" doesn't work for me, not that i really expected it to.
Click to expand...
Click to collapse
Just make sure you're pushing the modified file back to you phone and not the backup file. I did exactly what you're describing to supedcid my device and it worked fine, so there's no problem with the process.
cr1960 said:
Just make sure you're pushing the modified file back to you phone and not the backup file. I did exactly what you're describing to supedcid my device and it worked fine, so there's no problem with the process.
Click to expand...
Click to collapse
lol, yeah that was the first thing i checked.
I've tried this process about 10 times now, and everything seems to work (i.e. no error messages), but everytime i pull the file back out of /dev/block/, it's in an unmodified state.
I transfer the mmcblk0p4MOD file to the SD card, then open it in a hex editor on my phone and it says "11111111" in the right place (and deleting the old mmcblk0p4 file that i origionally pulled from /dev/block/). I use "dd if=/sdcard/mmcblk0p4MOD of=/dev/block/mmcblk0p4" to put it back into /dev/block. Then i immediately use "dd if=/dev/block/mmcblk0p4 of=/sdcard/mmcblk0p4" to place a copy of mmcblk0p4 back on the SD card and the hex editor shows it as "TELST001" again
Could it have anything to do with being on a stock kernel or have the software version of 3.17 ?
Austempest said:
lol, yeah that was the first thing i checked.
I've tried this process about 10 times now, and everything seems to work (i.e. no error messages), but everytime i pull the file back off my phone, it's in an unmodified state.
Could it have anything to do with being on stock firmware or have the software version of 3.17 ?
Click to expand...
Click to collapse
Reopen the file with your hex editor, make sure it changed. Some hex editors won't allow you to save the file unless a setting is changed. There's no way the file is changing as you flash it.
exad said:
Reopen the file with your hex editor, make sure it changed. Some hex editors won't allow you to save the file unless a setting is changed. There's no way the file is changing as you flash it.
Click to expand...
Click to collapse
Yep, tried that. Open the file, change the CID to 11111111, save as MOD then close. Reopen the file to check the changes and it all good.
Even after i've pushed the file to the SD card, i open it again and it's still modified with "11111111".
push it to /dev/block/, pull it back off and its back to TESLT001 again.
the only thing i can think of is that it's not letting me modify /dev/block/ for some reason. But wouldn't there be some sort of error message in the adb shell if that were the case?
Austempest said:
Yep, tried that. Open the file, change the CID to 11111111, save as MOD then close. Reopen the file to check the changes and it all good.
Even after i've pushed the file to the SD card, i open it again and it's still modified with "11111111".
push it to /dev/block/, pull it back off and its back to TESLT001 again.
the only thing i can think of is that it's not letting me modify /dev/block/ for some reason. But wouldn't there be some sort of error message in the adb shell if that were the case?
Click to expand...
Click to collapse
yes, are you root when you push it? maybe pastebin?
exad said:
yes, are you root when you push it? maybe pastebin?
Click to expand...
Click to collapse
Yes, the phone is rooted and i've given the adb shell SU privileges.
I'm probably misinterpreting you, but how would pastebin help?
For some reason the permissions of that file in /dev/block seem to be different to the other files around it, as per the attached screen shot.
Should i manually change it to brw------- ?
Would this have anything to do with my HBOOT being 2.14 ?
Austempest said:
For some reason the permissions of that file in /dev/block seem to be different to the other files around it, as per the attached screen shot.
Should i manually change it to brw------- ?
Click to expand...
Click to collapse
Must be write protection from the software version. I don't think you'll be able to change it... Hmm.. try running that push command from the TWRP terminal. Don't su, twrp doesn't use su.
exad said:
Must be write protection from the software version. I don't think you'll be able to change it... Hmm.. try running that push command from the TWRP terminal. Don't su, twrp doesn't use su.
Click to expand...
Click to collapse
Nope
I booted into TWRP, opened the Terminal Command (don't know if that was neccessary, but i did anyway)
Then i pushed the MOD file to the sdcard again (after double checking it had "11111111" in it)..etc...etc... see the attached image
Still said TELST001
Austempest said:
Nope
I booted into TWRP, opened the Terminal Command (don't know if that was neccessary, but i did anyway)
Then i pushed the MOD file to the sdcard again (after double checking it had "11111111" in it)..etc...etc... see the attached image
Still said TELST001
Click to expand...
Click to collapse
through twrp terminal you have to type it in the phone directly
I have the same situation as you. I think the files are either locked or on reboot they are overwritten with originals.
I am 2.14 plus I had taken all updates, prior to unlocking and loading twrp.
I am running Viper
I also tried using terminal on the phone, bit it would only copy the file to the sdcard not to the root directory
I slso tried it throught TWRP and terminal.
Sent from my HTC One X using XDA Premium HD app
That seems odd. Not going to be much help, but I'm on hboot 2.14 and got scid to stick. Jumped off Telstra rom in march, but took all ota updates until then.
Did you follow steps 6-11 here:
http://forum.xda-developers.com/showthread.php?t=1671396
Sent from my HTC One X using Tapatalk 2
nitens said:
Did you follow steps 6-11 here:
http://forum.xda-developers.com/showthread.php?t=1671396
Click to expand...
Click to collapse
Yes, i most defiantly did. That was the guide i was following
exad said:
through twrp terminal you have to type it in the phone directly
Click to expand...
Click to collapse
i knew that ....
Just tried that now. In "browse to starting folder" in the Terminal in TWRP, i chose the SD card. Then entered "dd if=/sdcard/mmcblk0p4MOD of=/dev/block/mmcblk0p4" (i double checked before entering TWRP that the mmcblk0p4MOD file contained the SuperCID code).
It seemed to have the same out put of 2+0 records in, 2+0 records out, as in the CMD screenshot above.
and ....."(bootloader) cid: TELST001"
sigh
When I lost my last One XL and got a replacement that came with JB Firmware and 2.14 hboot on it.
I got SuperCID by using the jet toolkit and then it was cake to get s-off.
Don't bother downgrading the hboot version with jet though when I did it was unsuccessful and just left me with a blank screen and a little scare till I restored the backup it made.
Besides once you're s-off you can do that by running an earlier RUU.
thejosh86 said:
When I lost my last One XL and got a replacement that came with JB Firmware and 2.14 hboot on it.
I got SuperCID by using the jet toolkit and then it was cake to get s-off.
Don't bother downgrading the hboot version with jet though when I did it was unsuccessful and just left me with a blank screen and a little scare till I restored the backup it made.
Besides once you're s-off you can do that by running an earlier RUU.
Click to expand...
Click to collapse
Yeah, i was thinking Jet was the next step. I just need to find my Ubuntu LiveCD around here somewhere. It's been a while since i've delved into Linux, but it's like riding a bike right?
Jet tool will be your best bet. Be careful as it purposefully bricks your phone to force a downgrade.
Sent from my One X using xda app-developers app
exad said:
Jet tool will be your best bet. Be careful as it purposefully bricks your phone to force a downgrade.
Sent from my One X using xda app-developers app
Click to expand...
Click to collapse
I was just about to try that when i was chatting with beaups and he said that the software 3.17.841.9 had write protection on the CID partition, so he stepped me through downgrading to 3.17.841.2.
Then it was just a case of re unlock, TWRP, root, and SuperCID. Then it worked.
I'll write up the process tomorrow for others to read.