I AM NOT RESPONSIBLE FOR ANY HARM DONE TO YOUR DEVICE THROUGH METHODS MENTIONED BELOW. THESE METHODS WILL DOWNLOAD UPDATES THAT WILL WANT TO INSTALL. DO NOT INSTALL THEM THEY MAY BRICK YOUR DEVICE. STICK TO THE INSTRUCTIONS BELOW AND YOU SHOULD BE FINE.
Also note it may be weeks, perhaps months before Atrix 2 updates begin rolling in. It's a very new device!
Now, the fastest way we are going to get this Bootloader unlocked is with a little ol' fashioned teamwork. These methods have worked for other devices but require some participation and patience.
Previous devices having used the method:
Bionic
ATRIX 4G
Here are the methods we will be using:
1.Motorola, ATT SBF files for Motorola Atrix 2
2.Project Cheesecake - finding update versions on Motorola servers
1. SBF files
If you or someone you know is able to provide SBF Files intended for the Atrix 2, you can post them here or email them to me at [email protected] if anonymity is an issue.
2. The tried and tested Project Cheesecake!
Automatic Method:
What you will need
1.an ADB setup.
2.Obviously, Root.
3.ClockworkMod Recovery set up on the phone.
4.You should have an FXZ Ready in case you mess up.
5.Root Explorer from market
Now an app does it all for you. Imagine that.
1. Okay, so, download THIS APP RIGHT HERE.
2. Install the app on your phone.
3. Open the app. Click the first button.
4. Reboot.
5. Open app, click second button. Select a server. QA And Staging servers seem most common for updates, but we need to check them all. The default is in Production -> master-blur.whatever.com if you need to get back to it.
6. now click third button in app to check for update. click setup (the moto account thing is bs). Now if it gives you a wifi error, that means the server is down that you chose. If the server is up it will check for an update.
7. If that didn't work, select a new server with button 2, and then check again with button 3.
8. Any comments in this post about the ghettoness of my app will result in replies including but not limited to A) Slander, B) flaming, and C) death. Try to keep the thread pretty on topic to cheesecake method and other info. I know my app can be refined, jcase has been giving me some tips on streamlining my programming and su permission reduction, but it does good stuff, don't worry. It even remounts system as RO when it uses it.
9. godspeed, guys.
What do I do if my phone finds an update?
if you are uncomfortable dealing with it for sake of bricks / other bad stuff, let someone else know or post it in the thread. It will be attended to properly.
DO NOT INSTALL IT. IF YOU FEEL COMFORTABLE YOU CAN DOWNLOAD IT
Depending on what the update contains, it could brick your device. Get in touch with a developer ASAP if you don't know what to do. Post in this thread which server you found it on. load up adb. The file you found should exist somewhere in /cache. pull it to your computer. Then delete it. Be warned that the update after downloaded tries to install every 2 minutes and while typing a text i accidentally clicked install once. I almost messed myself up.
log onto chat.andirc.net and go to #bionic. You might find me in there.
Log onto irc.freenode.net and join #droidbionic and #bionic-dev. The bionic-dev channel is ONLY for dev-related talk. If you just want to kick it, converse in #droidbionic.
Someone experienced here can help you, and let you know what you've found.
If you liked my work here, click the thanks button at the bottom of this post! Thank you all for reading.
Click to expand...
Click to collapse
Link to original topic:http://forum.xda-developers.com/showthread.php?t=1281675
Manual Method:
Instructions:
List of servers:
Code:
master-lab.blurdev.com
master-demo.blurdev.com
master-dev.blurdev.com
master-qa1.blurdev.com
master-qa2.blurdev.com
master-qa3.blurdev.com
master-qa4.blurdev.com
master-staging1.blurdev.com
master-sdc1.svcmot.com
master-blur.svcmot.com
master-homer.blurdev.com
master-bart.blurdev.com
master-lisa.blurdev.com
master-maggie.blurdev.com
master-marge.blurdev.com
master-bqa1.blurdev.com
master-bqa2.blurdev.com
testcloud01-sdc1.blurdev.com
1.Root the device
2.Navigate to /system/etc/motorola/com.motorola.blur.service.blur/ in a root file explorer [ie. Root Explorer]
3.Edit data_wifi_only_settings.mkitso. Replace "data_wifi_only_feat_avail=1" with "data_wifi_only_feat_avail=0"
4.Edit defaults.xml. Replace the entire file contents with:
Code:
<map><string name='blur.service.ws.useApnProxy'>0</string><string name='blur.service.ws.masterCloud'>master-lab.blurdev.com</string></map>
5.to /system/etc/motorola/com.motorola.blur.setup in a root file explorer and Edit defaults.xml. Replace the entire file contents with(you settings may already look like this, if so ignore it):
Code:
<?xml version='1.0' encoding='UTF-8'?>
<map>
<boolean name='AllowActiveSync' value='true'/>
<boolean name='ShowSkipSetupMenu' value='true'/>
<boolean name='ShowConnectionChooser' value='true'/>
<boolean name='ShowDataSaverInSetup' value='true'/>
<boolean name='WifiPreference' value='true'/>
<boolean name='loc_consent_unchecked' value='false'/>
<boolean name='CloudPreference' value='true'/></map>
6.Wipe data and cache
7.Navigate to Settings > About Phone > System Updates
8.If it says "Update Available," let the update download. Do not install the update, because it could potentially brick your device.
9.Pull the update.zip file from /cache [Root Explorer or ADB] and upload/post the file for developer interest
10.Continue to test the next server. Navigate to /system/etc/motorola/com.motorola.blur.service.blur
11.Mount the folder as read/write
12.Edit defaults.xml. Remove "master-lab.blurdev.com" and put in the URL for the next server.
13.Repeat the steps from "Wipe data and cache" every time.
Click to expand...
Click to collapse
Credits: They all deserve thanks so if you see them around the forum, or wish to go to their original topics click that button!
- eval- for his initial discovery on the Atrix 4G
- Navalynt for scanning servers
- SamCripp, the2dcour - working on "Project Cheesecake" and "Pudding" unlock projects
-kennethpenn for the instructions as well as setup.
-Phydo for automatic method and app!
We might try this. It automates the process. All the credit goes to phydo for this though. I am looking at it now to see if we can try it on our Atrix 2
http://forum.xda-developers.com/showthread.php?t=1281675
Jim
I saw that as well... Let me know if its working on the ATRIX 2 and I'll edit the topic accordingly. Thanks again for your continued interest, I really appreciate it.
Sent from my MB865 using XDA App
Phydo's app works beautifully. I installed and ran it on severall of the servers, if it asks to setup and account just click setup... then if it asks to setup a wifi connection then that server is down, which I am getting on most of them right now as would be expected.
Jim
Works flawlessly on my end too.. updated the first post with instructions.
Sent from my MB865 using XDA App
Just pulled Blur_Version.55.11.16.MB865.ATT.en.US.zip with cheesecake.
Judging only by the number in the filename, this is the stock version of blur... probably.
Can't post links so...
Awesome man! I'll check it out!
It's only 50 megs so I don't think it's the full filesytem.
This might be the update from the mythical 2.3.4 version listed on the moto dev site.
edit: I see some recent timestamps... system\etc\motorola\ap_flex_version.txt
Code:
GAS_NA_EDSNGBATT_P015
Sat Oct 29 10:13:33 PDT 2011
derp derp
Code:
Blur_Version.55.13.15.MB865.ATT.en.US %Blur_Version.55.11.16.MB865.ATT.en.US
Went ahead and too a giant leap and upgraded.
After a few harrowing minutes, it was updated to 55.13.15
Android version is 2.3.6
Baseband is
2011-10-28 12:44 Off.Bld
LUD_EDISON_R1D7_PATCH_34_111028_1226
Webtop has been updated, looks like firefox 7.0.1 is installed now, can't test it myself.
Getting prompts from motorola to "upgrade".
Lost root in the update. Going to try to get it back...
Edit: Root works!
Code:
fastboot oem unlock
... FAILED (remote: unsupported command)
what files were in the update? was there an fxz or an sbf? were there any files with I think mbl in the name? Those would be the bootloader, if so we need to take a look at them. I will put it down and check it out.
I am not quite ready to install that yet, since I am on the right track to have a FULL ubuntu desktop running in webtop, right now I have broken tomoyo, so no facls, or security on the webtop files, and I have a terminal and sudo, as well as synaptic, so I will hold off on 2.3.6 for now, since there is a webtop update in there.
I will start a new thread for the webtop stuff once I have more. Now I need to get with tallnerd1985 to get webtop2sd working on our phones.
Jim
Thank You for warning everyone else even while you are still having trouble. You can take it back to At&t/Bestbuy or wherever you bought it - They won't know and 99% don't care especially about the Atrix 1 or 2...
Just act PISSED! If anyone asks you a question...
Looks like motorola really is trying to push an update to me, 15 MB file update to 55.13.16. I'm not going to touch it for now. Gotta get some sleep
Don't see any SBFs or FXZs...
This is my first rooted android phone, so i'm just flying blind here.
Now that I can post links, here's the one linked to through tinyurl above.
Ok, so in the 55.13.15.MB865.ATT.en.US file, there are 2 boot loaders, one is called prologue_loader.ldr and the other one, which I am guessing is the one we already have is called production_loader.ldr
This will require some more looking to see if the prologue_loader.ldr is unlockable, so that they can load thier updated image, then relock it with the production_loader.ldr
This might be good news and it might be nothing, but I will keep everyone posted, with what I find.
Jim
Keep up the good work guys
Try to find the stock build as well, because if that is found i could probably unbrick my phone!
moofree said:
Looks like motorola really is trying to push an update to me, 15 MB file update to 55.13.16. I'm not going to touch it for now. Gotta get some sleep
http://dl.dropbox.com/u/14536681/Blur_Version.55.13.15.MB865.ATT.en.US.zip
Don't see any SBFs or FXZs...
This is my first rooted android phone, so i'm just flying blind here.
Now that I can post links, here's the one linked to through tinyurl above.
http://dl.dropbox.com/u/14536681/Blur_Version.55.11.16.MB865.ATT.en.US.zip
Click to expand...
Click to collapse
Jimmy273 said:
Try to find the stock build as well, because if that is found i could probably unbrick my phone!
Click to expand...
Click to collapse
Ok use the link above and try to get it on the root of your SD card, I am not sure if that zip file work or not, for CWM or fastboot, if you can connect to ADB with fastboot, you should be able to flash it from that.
Jim
Ok .. this is driving me nuts here. Trying to apply the Blur_Version.55.13.15.MB865.ATT.en.US.zip update to my Atrix 2 .. since there is NO WORKING ClockWorkMod that can be used .. tried doing it other way that jimbridgman suggested and that was fastboot.
Well .. that doesn't work either .. receive error message:
>fastboot -w update Blur_Version.55.13.15.MB865.ATT.en.US.zip
archive does not contain 'android-info.txt'
archive does not contain 'android-product.txt'
error: update package has no android-info.txt or android-product.txt
Anyone else have any ideas of how to apply this update ?
LordGeek said:
Ok .. this is driving me nuts here. Trying to apply the Blur_Version.55.13.15.MB865.ATT.en.US.zip update to my Atrix 2 .. since there is NO WORKING ClockWorkMod that can be used .. tried doing it other way that jimbridgman suggested and that was fastboot.
Well .. that doesn't work either .. receive error message:
>fastboot -w update Blur_Version.55.13.15.MB865.ATT.en.US.zip
archive does not contain 'android-info.txt'
archive does not contain 'android-product.txt'
error: update package has no android-info.txt or android-product.txt
Anyone else have any ideas of how to apply this update ?
Click to expand...
Click to collapse
Good question, though you'll need to start from the first file...
Blur_Version.55.11.16.MB865.ATT.en.US.zip
I think the filenames are for the versions that the patch gets applied to, not the version it'd be updated to.
This is all new to me, I'm guessing you could boot up with VolumeUp+VolumeDown held down, choose the recovery mode, and do volup+voldown for the recovery menu and choose update, and the zip from that menu...
Edit: This works. Updated from 55.13.15 to 55.13.16
Baseband got pushed back a few days
2011-10-25 11:19 Off.Bld
LUD_EDISON_R1D7_PATCH_33_111025_1101
Lost root again, but thankfully the zergling rush is a highly effective strategy still
-=Insert warning about updating being AT YOUR OWN RISK and not being responsible for bricks etc... =-
Additional warning that this might cut the phone off from official OTA updates from Motorola...
@moofree:
You are correct, I was successful in getting the 2 updates on, and yes, root was lost. However, I was unable to get the root back !!
Tried manually, tried the 1-click.. Neither would give root. So, since I just received the phone the day before from BestBuy, I did the next logical thing.. Bricked it and returned the phone defective.. LOL
So, now I have a replacement, new Atrix 2.. I'm leaving it exactly where it is until either the OTA's come through the right channels, or something more permanent and correctly working has been done for unlocking the bootloader and rooting.
If not.. 30 days from 11/01/11.. Options are still open with the HTC Vivid and SGS2 Skyrocket.
Sent from my MB865 using Tapatalk
I Want to reiterate to everyone who is trying to help unlock the boot loader by using the cheesecake method here that you don't want to apply any of these updates directly. Motorola always relocks the bootloader with 99% of these updates. It will be one of the development versions that we are looking for, you just want to download the zip file and upload them with a link attached in here to grab the file you get.Then we can have a look at the files contained in them.
We are looking for the magical developmental unlocked bootloader that we can make our own update zip file, with just the bootloader that is unlockable, in it.
Again don't apply the updates that you get from this process. You may brick your phone or worse, permanantly be unable to root or unlock the boot loader.
This is a cat and mouse type of a thing wiith thses big phone makers.
Jim
Sent from my MB865 using XDA App
Related
This guide assumes that you are on a stock Pantech Flex P8010 running either ICS (v4.0.4). or the updated JB (v4.1.2) Please note that rooting a ICS phone has been known to cause issues when trying to run the over the air update. If you have already rooted and are looking for a way to update to JellyBean please skip to the section on updating, if this isn't you keep reading.
So at this point you have decided to continue. You shouldn't run into any issues if you follow the directions and you shouldn't mess your phone up even if root doesn't take. However, in the spirit of covering ones back side....
I am not responsible for anything that goes wrong.
Jelly Bean 4.1.2 or ICS 4.0.4
This method was found by LuneBear and has not been tested by myself so I cannot personally verify its effectiveness. I did check and it seems to work with both ICS and JB but your mileage may vary. You will need to download SRSroot and install it on a Windows machine.
SRS ROOT
SRS Homepage
Make sure that USB debugging is enabled on your phone. Connect your phone via USB and run the program. Select the button for all root methods. Then you will need to select the Legolas exploit. Once everything is done (may take some time) just reboot the phone and you should be good to go.
Ice Cream Sandwich 4.0.4 ONLY
Windows Option
This method has been tried on a number of Windows versions and some work some don't so your mileage may very. This method uses Bin4ry's Root method and was orgnially discovered by aaki_rocker and is WAY LESS COMPLICATED. However please note that some users have had issues using this method with Bin4ry's latest version of the root script. It is recommended that you download an older version if you run into any issues or the root doesn't take.
First lets get some drivers on your Windows box. To do this you will need to download the Pantech PC Suite and install it.
http://c724062.r62.cf2.rackcdn.com/PantechPCSuite_1.1.1.3437.exe
Next you will need to download and extract Bin4ry's root script.
http://ul.to/z7krermj
Once you have these two files you will need to plug your phone into the PC via USB and enable the USB type as Data Mode.
Next run the Bin4ry's script and follow the directions when in doubt about what to choose select the simplest option in all cases.
If everything goes well you will have a nicely rooted phone.
Linux Option
This is not a point and click root and is not for the faint of heart. This method of rooting is based off of Bin4ry's root for ICS/JB. Changes have been made to the srcipt to allow it to work with the Flex please follow the steps below and you will have root in just a few minutes. It will probably take you longer to download the files you need than to actually root the phone.
This method has been performed successfully using Ubuntu 12.10 64bit it may work with other versions of linux but it will not work with Windows due to the driver issues and the fact that I didn't alter the windows batch file, in fact I removed any windows related files from Bin4ry's original package.
First you will need to set up the linux machine if you don't already have it. This can be done in one of a few ways you can run a live copy using a Live CD/USB boot (this will not install linux on your computer unless you tell it to) or you can install it in the standard manner or using WUBI, the third option us setting up linux in a virtual machine. If you don't know how to do this google it, there is a wealth of information out there on these subjects and probably some you can even understand without a degree in astro-physics.
Second you will need to set your phone up so that USB debug mode is turned on [settings>developer options]. Make sure you phone isnt plugged into the USB or it won't let you change the setting.
Now plug your phone into to the (linux) computer with the USB. Next you will need to set the USB computer connection type to Media Device(MTP)
In order for the computer to communicate with the phone we will need to install Android Debug Bridge (ADB) and create a couple of files.
These files will basically trick the computer into thinking it has actual drivers for the phone.
Open a terminal window, and enter the following (this will install ADB):
sudo apt-get install android-tools-adb
Once this is done enter the following
sudo gedit /etc/udev/rules.d/70-android.rules
Gedit will open at this point copy the the following into it and then click save and close the window.
SUBSYSTEMS=="usb", ATTRS{idVendor}=="10a9:6055", MODE="0666"
In the terminal window enter this (yeah I know it looks the same just go with it)
sudo gedit /lib/udev/rules.d/70-android.rules
After the window opens paste the same line of code into the file that you did in the previous files, save and close.
Test your connection by issuing the following command in the terminal window:
adb devices
Should see something similar to:
OSCAR01111112010204 device
Your adb is now recognizing your phone and you can now move on to the next step if you are not getting this don't even bother moving to the next step it wont work. If you don't see this check your settings and go again.
Ok so you are now ready to actually root the phone. The first thing your going to need to do is download my modified Bin4ry script. See the attached file.
After you have it downloaded you will need to extract it you can do this by opening the file manager (click on the home folder icon) and going to download. Find the file called Root_Flex.zip. Right click on it and select EXTRACT HERE. After its done extracting you should see a directory called Root_Flex. In a terminal windows enter the following:
cd Downloads/Root_Flex
Your prompt should now look something like
[email protected]_name~/Downloads/Root_Flex$
From here just enter the command:
bash RunMeFlex.sh
At this point you should see a bunch of junk come up and a menu asking which way you want to try to root. Type 1 and press enter. It will give you 3 errors, ignore them. It should copy a bunch of files and ask you to press restore on your phone, do it. It should ask you to press Enter to reboot the phone, do so and the phone will reboot. It should be waiting on you to press enter again dont press enter until the phone is completely rebooted and for good measure give it an extra few seconds. The script should finish and the phone will reboot again this time you should see a little box with an update appear on the phone. At this point you should be rooted. If not try the script again.
I hope this helps out a lot of folks out there. Let me know if I need to change anything in this How to or if I made any mistakes along the way.
Updating If you're already rooted
So you rooted your phone and now you want JellyBean but when you run the update you get the dead droid image and the update fails OR you live in an area that isn't covered by AT&T and you want the update, what do you do? Well thanks to some hard work by Attn1 we have a solution and its pretty simple. First off you will need to have CWM running on the phone. Now there are a few ways to go about this but the method I used was here:
http://forum.xda-developers.com/showthread.php?t=2133857
You only need to go as far as getting CWM up an running on the phone you do not need to install it as the the update by Attn1 will take care of a full install of a better version. You will need to have a copy of Fastboot.exe and some img files. Below is a rar file that has all the necessary files to get CWM running (not installed) on the phone using windows (sorry I don't have the linux files for this one). Just unpack them into a convienent folder somewhere and follow the instructions on the link above.
http://tinyurl.com/oa2p48f
I recommend using the boot_external.img but if you do not have an external SD card and only have the internal storage just use boot_internal.img instead. This method relys on you being able to get into fast boot. If you do not have access to fastboot for what ever reason I suggest you jump ahead in the thread and read Attn1 methods for installing CWM:
http://forum.xda-developers.com/showthread.php?t=2008888&page=44
Next get the update files from this link (second post)
http://forum.xda-developers.com/showthread.php?t=2008888&page=47
Once you have all the files downloaded and copied everything to the appropriate SD cards on your phone your ready to go. If you don't know how to do this don't even think about anything else till you learn this. After this is all done follow the directions below (copied from Attn1's post)
Procedure if you ARE NOT running baseband JYUS06032013 (ICS Basebands) :
boot ICS CWM
flash FLEX-JB-JYUS06032013-FIRMWARE.zip from CWM
format system in CWM (will NOT wipe data, but makes sure old rom does not flash back stock recovery)
restart start recovery/adb reboot recovery (JB CWM is installed - do not try to fastboot boot ICS CWM)
flash FLEX-JB-JYUS06032013-ROM.zip from CWM.
reboot
Procedure if you ARE running baseband JYUS06032013 (JB Baseband) :
get root (Instructions HERE - use GANDALF)
install CWM (Instructions HERE)
flash FLEX-JB-JYUS06032013-FIRMWARE.zip from CWM
format system in CWM (will NOT wipe data, but makes sure old rom does not flash back stock recovery)
reboot to CWM
flash FLEX-JB-JYUS06032013-ROM.zip from CWM.
reboot
This ROM is Pantech stock with no mods other than CWM installation protection and all stock permissions and symlinks carefully maintained and consistent with the product of a successful OTA.
The firmware is also stock, with the exception of the open aboot allowing fastboot boot <bootimage>, and installation of JB CWM with nothing else added or changed. It runs well with nothing broken. You MUST be on JB firmware (below) to run it properly.
You can let the new CWM root it if you like when you exit - it will prompt you. It will also prompt you to disable CWM on reboot make sure this gets disabled or the phone will keep booting to CWM rather than the ROM.
Downloads:
md5: 1a0ca5f177bce2f4c428931616e0ecd1 FLEX-JB-JYUS06032013-FIRMWARE.zip
md5: 17c0e611ab6dfbca230571c1e40f3d14 FLEX-JB-JYUS06032013-ROM.zip
Make sure you check the md5sum on the files before you flash them if there wrong download them again this is vital.
If you need a program to check md5sums copy this .exe file to your c:\windows\system\ and run it from the command line.
http://tinyurl.com/l74wl9q
Thanks go to Bin4ry for the original script and all the technical help provided.
Check out the thread and give a thanks and donate a few bucks if you can.
http://forum.xda-developers.com/showthread.php?t=1886460
Thanks to Atadres for getting me going in the right direction and help testing along the way.
Thanks to Esau Silva for this post that helped get the drivers working for us in Ubutnu.
http://esausilva.com/2010/05/13/setting-up-adbusb-drivers-for-android-devices-in-linux-ubuntu/
Thanks to Aaki_rocker for coming up with the Windows version of this root method you can find his original post here.
http://forum.xda-developers.com/showthread.php?t=2141538
Thanks to LuneBear for finding the root method for JellyBean.
Thanks to Attn1 for the JellyBean update and CM 10.2 version of CWM Recovery.
jist a quick memo guys when you issue the command adb devices please cd to proper android sdk platform tools folder or else youll get an error like no command did you mean..... heres the proper way do this step before you do the adb devices step type in cd ~/android-sdk-linux/platform-tools press enter then type in ./adb devices
i am now trying to contact team win for help with porting the recovery image team win recovery so we can start roming this device and adding ports and roms
atadres said:
jist a quick memo guys when you issue the command adb devices please cd to proper android sdk platform tools folder or else youll get an error like no command did you mean..... heres the proper way do this step before you do the adb devices step type in cd ~/android-sdk-linux/platform-tools press enter then type in ./adb devices....
Click to expand...
Click to collapse
Acutally this assumes you are on a completely fresh install and did not have adb installed through the platform tools if that is the case everything I typed up will work. However you are correct too. Let me know if you think I should go ahead and rework the stuff to be a little more universal if so please PM me an update of the commands.
your right my apologies but one thing i noticed that i would like to say idk if its my experiance or universal after successfully rooting the flex the lockscreen fails to resize itself leaving a black space where the onscreen dock is usualy located no big issue though and the rooting was easy and painless once adb was set up correctly 100000+ points thanks so much
Good job guys. Respect! I have a Pantech Flex, which is an awesome device with the same specs (things that matter to me) as S3, but without big name. I like Pantech Flex because it's size is much better for me than.
The only thing now is to create a ROM! Is it difficult to make a pure Android ROM? Nothing additional, just a pure Android like in Nexus?
Again, thank you guys for your dedication! I'll definitely donate as soon as I have Jelly Bean loaded on my Pantech Flex!
Thanks, this worked great. I am gonna start on a ROM. Hope I don't get bricked.
Sent from the new Pantech Flex. Nominated best lowest priced new smartphone. U jelly I paid nothing, for a phone almost as good as the Galaxy S3?
HighCommander540 said:
Thanks, this worked great. I am gonna start on a ROM. Hope I don't get bricked.
Sent from the new Pantech Flex. Nominated best lowest priced new smartphone. U jelly I paid nothing, for a phone almost as good as the Galaxy S3?
Click to expand...
Click to collapse
lets not get ahead of ourselves here guys in order to create a rom we would need to get a custom recovery on our phone this can be achived by mapping out the devices bootloader extracting an img file of it and using koushes clockworks mod recovery creator only when we achive a port of a custom recovery can we make roms and be able to flash them if any of you have knowledge of this as i am a noob when it comes to recoveries pleasae feel free to input we need all the help we can get guys
---------- Post added at 02:03 PM ---------- Previous post was at 01:58 PM ----------
ivansana said:
Good job guys. Respect! I have a Pantech Flex, which is an awesome device with the same specs (things that matter to me) as S3, but without big name. I like Pantech Flex because it's size is much better for me than.
The only thing now is to create a ROM! Is it difficult to make a pure Android ROM? Nothing additional, just a pure Android like in Nexus?
Again, thank you guys for your dedication! I'll definitely donate as soon as I have Jelly Bean loaded on my Pantech Flex!
Click to expand...
Click to collapse
lol right now we need knowledge donations unfourtunatly we cannot start working on roms till we have a custom recovery ported over either team win or clockworks mod recovery this will take a little bit of time and knowledge and to answer your question about the stock nexus rom your talking along the terms of a cynaogen mod port? or akop port looking into it i would say untill we have mapped the bootloader we wouldnt know how diffcult it would be because the simlinks maybe difcult for a phone that has not yet caught fire in the dev world
i wish i had the time to do a recovery myself and get cwm working but with my family and my fulltime job i barely get any time. Im going to spend all my time on this amazing little phone to do what i can. props to the root method it worked flawlessly!!!
Sent from my PantechP8010 using Tapatalk 2
Awesome I'm glad im getting some good feed back on the root. I wasnt sure if I did the rightup correctly and im glad its working out for everyone.
If I get some time I will start looking into a custom CWM and all that junk I have a contact that should be a pretty good help in this just have to find the time to do it.
Yeah after coming from the LG Nitro HD I was surprised at how easy this was to root.
If you want to get together on gtalk we can work on this together. Right now I'm in the process of getting a ROM dump so we can recover our phones from stock images if we happen to mess them up, which I'm sure we will, but that's the best part! Lol.
I can smell CM9 and CM10 calling to this phone!!!
Sent from my PantechP8010 using Tapatalk 2
jSterling said:
Yeah after coming from the LG Nitro HD I was surprised at how easy this was to root.
If you want to get together on gtalk we can work on this together. Right now I'm in the process of getting a ROM dump so we can recover our phones from stock images if we happen to mess them up, which I'm sure we will, but that's the best part! Lol.
I can smell CM9 and CM10 calling to this phone!!!
Sent from my PantechP8010 using Tapatalk 2
Click to expand...
Click to collapse
Yeah I love this phone but I have to say the Pantech launcher kinda pisses me off.
donavan01 said:
Yeah I love this phone but I have to say the Pantech launcher kinda pisses me off.
Click to expand...
Click to collapse
Agreed lol im using nova
I actually don't mind the launcher, its pretty nice compared to other brand launchers. I'm probably going to try launcher pro though that's been my favorite sense I had my prepaid optimus V
Sent from my PantechP8010 using Tapatalk 2
jSterling said:
I actually don't mind the launcher, its pretty nice compared to other brand launchers. I'm probably going to try launcher pro though that's been my favorite sense I had my prepaid optimus V
Sent from my PantechP8010 using Tapatalk 2
Click to expand...
Click to collapse
I had launcher pro and hated it ... check out APEX seems like the stock ICS but with a lot of extras and without the annoying bits of the pantech that make me insane
donavan01 said:
I had launcher pro and hated it ... check out APEX seems like the stock ICS but with a lot of extras and without the annoying bits of the pantech that make me insane
Click to expand...
Click to collapse
hey guys... is there a pantech flex forum????????
also is it possible to unlock the device if you forget the log in pattern????? thanks
I don't know anything about mapping the device. So I am just going to work on a ROM for my infuse.
I will help with anything for testing. A stock image would be awesome. =-)
No flex forum yet.
_______
Sent from the new rooted Pantech Flex. Nominated best lowest priced new smartphone. U jelly I paid nothing, for a phone almost as good as the Galaxy S3?
jSterling said:
I actually don't mind the launcher, its pretty nice compared to other brand launchers. I'm probably going to try launcher pro though that's been my favorite sense I had my prepaid optimus V
Sent from my PantechP8010 using Tapatalk 2
Click to expand...
Click to collapse
sense is my fav launcher and no no forum yet ive requested and gotten no reply smh
did this thread die guys?
atadres said:
did this thread die guys?
Click to expand...
Click to collapse
Wait till after Xmas I bet you a lot of people will get this phone as presents.
donavan01 said:
Wait till after Xmas I bet you a lot of people will get this phone as presents.
Click to expand...
Click to collapse
Yeah I can see that happening. This weekend I am going to work on it to see what I can come up with. I've been so swamped with work and life bs that I haven't had a chance.
No this thread didn't die.
Sent from my PantechP8010 using Tapatalk 2
Well, some of you might have had the same urge to buy one of these little wonder with almost the same data sheet than a LG G2 but with a Dual SIM functionality and at a much smaller price. If you are one of these crazy people that ordered their in China just like me, you might have the same disappointment that I felt when I finally received mine: the advertised SD Card slot is just a fantasy and all Google apps have been replaced by their Baidu counterparts. If the English language is indeed present in the Operating System, none of the installed application seems to understand this language. If you just don't speak Chinese just like me, you might end up wondering why on earth you bought a smartphone destined to Chinese people.
So I decided to turn this frustration into something positive and succeeded so I'm happy to bring you my home cooked ROM for the Lenovo K910. But first of all, the usual disclaimer:
Disclaimer
Don't hold me responsible if you brick your phone. This method have been successfully tested on mine but this is no guarantee for yours. You should obviously always have a backup of your data at all time if you're willing to install this ROM (or any other).
Safety measures
Like most Android phones, the Lenovo Vibe Z have many possibilities of recovery. I would advise you to be ready to apply at least this one:
Download the QSB file of your ROM (for example, mine is K910_SS_S_2_040_0039_131101.qsb). Google will point you to a Baidu site where it is downloadable
Put it in the folder /sdcard/SDFUSE/
Shut down your phone
Hold Volume Down and Power button for a few seconds
You end up in a menu with a "SD Card Update" entry. Move down to this entry using the Volume Down button then press ENTER or power button.
Make sure your ROM is available in the list
Cancel and reboot
If your QSB file is visible in the list, you should be pretty safe. If anything goes wrong, use the same method but apply the upgrade this time. Note that this method overwrite everything included your applications, SD Card, ...
What it is
The ROM I'm offering is:
An extract from K910_SS_S_2_040_0039_131101.qsb
Applying only to your system partition (your applications and data should be safe)
Rooted
Busybox-ed
Grossly freed from most vendor applications
Replaced by Google applications
What it is NOT
This was already some work to figure out how to reach that goal so it is not:
Bug free (I have at least observed a strange display glitch for the network icons which turn standard blue instead of Lenovo's white one)
A multi-language ROM
A ROM build from scratch like MIUI, Cyanogenmod, ...
A custom recovery (though this might come in a later stage)
...
Prerequisite
You should have installed:
K910 ADB Driver (available on the CD that appear when you connect the device)
ADB
Fastboot
Just check that your USB debug mode is enabled (in the USB Access Mode menu).
In any of these prerequisite is an issue for you, I'm ready to explain you further but you should also wonder if you are ready to go further because if anything goes wrong, you won't be able to properly act.
The installation
OK, enough talking, now some action. It is pretty simple actually:
Download the ROM and un-7zip it (mirroring in progress)
Reboot your phone in bootloader mode. Therefore, open a command prompt (no matter which OS you're using) and type:
Code:
adb reboot-bootloader
Now your phone is displaying the Lenovo logo
Check that you can access the system
Code:
fastboot devices
If fastboot just return displaying nothing, you might have to run in Administrator/root mode. Under Linux, I had to use sudo.
Unlock the bootloader (this should wipe all your data if it wasn't unlocked previously):
Code:
fastboot oem unlock
Flash the system:
Code:
fastboot flash system <path-to-file>system.img
Reboot:
Code:
fastboot reboot
That's all folks ! After your phone restarts, you should be able to use Google applications (though not all of them are there, at least the Play Store is allowing you to install the others).
What's next ?
I hope to be able to free some time to achieve these next steps:
Publish the script I wrote to extract content from Lenovo QSB files
Apply the same method to the last upgrade (K910_SS_S_2_040_0078_131203 ?). If you are lucky enough to have this version please contact me to see if you can provide the QSB file.
See if I can cook a custom recovery.
This is probably my very first participation to the community so I'll accept any comments as long as they are constructive :good:
Thanks!!!!!
Thank you so much, I'm crazy because I get the phone and to try, where is the link to download please??
Thanks again, you can post pictures?
---------- Post added at 04:44 PM ---------- Previous post was at 04:35 PM ----------
Another important question ... How did you rooteado?
What program did you use?
Thanks.
All need you help please.
I'll need just a few more hours since my upload just missed (I'm not sure why it only uploaded 437 Mb on the 659 Mb)
It will be for the first hours of 2014 (at least for me).
csu333 said:
I'll need just a few more hours since my upload just missed (I'm not sure why it only uploaded 437 Mb on the 659 Mb)
It will be for the first hours of 2014 (at least for me).
Click to expand...
Click to collapse
Thank you very much for your work, but you can tell us how you got to be root??
sakilxda said:
Thank you very much for your work, but you can tell us how you got to be root??
Click to expand...
Click to collapse
Probably in the most complicated way possible: I extracted the system partition from the upgrade file, mounted it in my Linux, put all the needed files and authorization then flashed it on my device.
I confirm that the file is now available but I need a few more messages before I can add the link. In the meanwhile, I can send it privately.
csu333 said:
Probably in the most complicated way possible: I extracted the system partition from the upgrade file, mounted it in my Linux, put all the needed files and authorization then flashed it on my device.
I confirm that the file is now available but I need a few more messages before I can add the link. In the meanwhile, I can send it privately.
Click to expand...
Click to collapse
Sure I get it, I also took little time here and leaves add links.
You could pass it private?
With your permission I'll share it on other sites of course directing people to this thread so they can see their creator and comment.
In several HTCMania we are waiting to receive the phone and while we're compiling everything.
Root on many threads where people are wanting to get and so far you're the only one.
I await your email with the link partner, and with your permission I'll share. A greeting.
sakilxda said:
Sure I get it, I also took little time here and leaves add links.
You could pass it private?
With your permission I'll share it on other sites of course directing people to this thread so they can see their creator and comment.
In several HTCMania we are waiting to receive the phone and while we're compiling everything.
Root on many threads where people are wanting to get and so far you're the only one.
Click to expand...
Click to collapse
As long as you don't ask money for it, feel free to share this as much as you want. My goal is sharing !
You should have received the link in the meanwhile. I'm also busy trying to mirror it on AndroidFileHost but it failed last time so just wait and see.
Latest ROM version release notes
By the way, here are the release notes of the next ROM (K910_SS_S_2_040_0078_131203).
What Google translate by:
Recommend
* Expand the system partition, a number of bug fixes
Update log
System
* Expand the system partition to 1.5G
* Boot and recovery signature added to the system
Show
* Fixed shutdown problem dialog scene mode switching
* Modify profile English translation error
* Adjust section shows the layout
Camera
* Pre-correction first picture black beauty
Click to expand...
Click to collapse
This means that next upgrade will most probably erase all the content of your phone (again) included your data and internal SD Card. This also means that flashing the first version of my custom ROM will make you "lose" 500 Mb, at least until a release based on the latest version of Lenovo's original ROM.
This also mean that:
Next Custom ROM upgrade won't be applicable to the not upgraded phone (you would be certain of bricking your phone)
You will lost 500 Mb worth of storage on your non expandable device
This isn't all good news ...
csu333 said:
As long as you don't ask money for it, feel free to share this as much as you want. My goal is sharing !
You should have received the link in the meanwhile. I'm also busy trying to mirror it on AndroidFileHost but it failed last time so just wait and see.
Click to expand...
Click to collapse
Thank you very much for sharing, of course I will not ask for money and in forums where I am at all costs to visit this thread.
csu333 said:
By the way, here are the release notes of the last ROM (K910_SS_S_2_040_0078_131203):
What Google translate by:
This means that next upgrade will most probably erase all the content of your phone (again) included your data and internal SD Card. This also means that flashing the first version of my custom ROM will make you "lose" 500 Mb, at least until a release based on the latest version of Lenovo's original ROM.
This also mean that:
Next Custom ROM upgrade won't be applicable to the not upgraded phone (you would be certain of bricking your phone)
You will lost 500 Mb worth of storage on your non expandable device
This isn't all good news ...
Click to expand...
Click to collapse
They are not good news. but I honestly what I need are 3 things:
1 Language Spanish, but we already you can not imagine not doing anything?
2 Root, to be able to use apps like Titanium Backup, Root Explorer, etc..
3 Very importantly, GAPPS (Play Store, Gmail), but of course in Spanish or English.
Your Rom has 2 I need and it is very important to me and very many users, it is a great job and the first to do so was you.
I do not mind losing 500mb, but I worry that the next official update is dangerous for us.
Thank you very much for sharing the link. If you write more answers in this thread at XDA have permission to put the link publicly, I think the requirement is 10 responses and almost have them.
---------- Post added at 12:28 PM ---------- Previous post was at 12:11 PM ----------
Apply the same method to the last upgrade (K910_SS_S_2_040_0078_131203). If you are lucky enough to have this version please contact me to see if you can Provide the QSB file.
You control by private (Because here I can not yet) a link to the version you want, I found on google, as I said I have not tested, I hope that this can do wonders lol
I also hope that I root Gapps and either Spanish or English: D
sakilxda said:
They are not good news. but I honestly what I need are 3 things:
1 Language Spanish, but we already you can not imagine not doing anything?
2 Root, to be able to use apps like Titanium Backup, Root Explorer, etc..
3 Very importantly, GAPPS (Play Store, Gmail), but of course in Spanish or English.
Click to expand...
Click to collapse
The few post I read about this are telling that it is close to impossible but I installed morelocale 2 on mine and it does add my language in the application that supports it.
Root is probably my top priority so it will stay available in the future releases
Play Store and GMail are present in the ROM and if you install morelocale 2, it will be in Spanish
sakilxda said:
You control by private (Because here I can not yet) a link to the version you want, I found on google, as I said I have not tested, I hope that this can do wonders lol
I also hope that I root Gapps and either Spanish or English: D
Click to expand...
Click to collapse
This is the link on Baidu I also found but for some reason, I can't flash it on my device so I can't cook it properly. I have to be able to flash it first
csu333 said:
The few post I read about this are telling that it is close to impossible but I installed morelocale 2 on mine and it does add my language in the application that supports it.
Root is probably my top priority so it will stay available in the future releases
Play Store and GMail are present in the ROM and if you install morelocale 2, it will be in Spanish
This is the link on Baidu I also found but for some reason, I can't flash it on my device so I can't cook it properly. I have to be able to flash it first
Click to expand...
Click to collapse
Of course, the priority is Root.
About the Gapps in Spanish or Englis, the could include a patch?
If not, do not worry that you use MoreLocale2.
I'll try to find more links ... it's a shame it does not work ...
The good news with root access is that you can do a lot of crazy things. For example, I'm starting to understand why it is so hard to get this upgrade thanks to a network dump:
Code:
POST /reaper/server/config2 HTTP/1.1
Host: fsr.lenovomm.com
Content-Length: 131
Content-Type: text/plain; charset=ISO-8859-1
Connection: Keep-Alive
User-Agent: Apache-HttpClient/UNAVAILABLE (java 1.4)
Config.2.1.2.imei.8628720201xxxxxxxxxxxxx
HTTP/1.1 503 Service Unavailable: [B][COLOR="Red"]Back-end server is at capacity[/COLOR][/B]
Content-Length: 0
Connection: keep-alive
That said, I'm sick of coming close to the end and receiving a connection time out
Patience friend, I do not really understand how you could do, but I'm sure you will. Good luck ...
sakilxda said:
Patience friend, I do not really understand how you could do, but I'm sure you will. Good luck ...
Click to expand...
Click to collapse
If I have latest version K910_SS_S_2_040_0109_131226 installed via ota update and push this system.img from previous version it's ok?
Really apreciate your work and hoping to be able to support you anyway. Keep working ! Respect.
katalinscrob said:
If I have latest version K910_SS_S_2_040_0109_131226 installed via ota update and push this system.img from previous version it's ok?
Really apreciate your work and hoping to be able to support you anyway. Keep working ! Respect.
Click to expand...
Click to collapse
This should work since the system it pretty much self contained but since I haven't tested it, I really can't be sure. Furthermore, this is a downgrade of your system.
If you have this version, could you check if you still have the image on your sdcard? This could be in folder /sdcard/lenovoota.
csu333 said:
This should work since the system it pretty much self contained but since I haven't tested it, I really can't be sure. Furthermore, this is a downgrade of your system.
If you have this version, could you check if you still have the image on your sdcard? This could be in folder /sdcard/lenovoota.
Click to expand...
Click to collapse
ok, here's the deal:
1. I tried to push system.img but no working, adb respond "failed: targed locked".
2. I don't have the ota file anymore BUT I have the K910_SS_S_2_040_0109_131226.qsb file. I poot this one in sdfuse folder and updated already before starting procedure with adb from above as you described, no problem just flashed it, btw it wipes everything.
So, my opinions:
1. Locked target issue could be determined by the bootloader beeing locked? Don't we need to unlock it somehow?
2. Can you reinsert root and gapps in this newer version K910_SS_S_2_040_0109_131226.qsb file?
3. How do you decompiled .qsbfile ?
Waiting for your feedback asap.
Respect.
Obs:
- we can use android-aio-flasher just to substitute from working with cmd commands... just sayin', works for me.
- reboot in recovery command doesn't work, just adb reboot bootloader, then lenovo logo appears.
- correct command for pushing system.img is adb fastboot flash system path to system.img.
katalinscrob said:
ok, here's the deal:
1. I tried to push system.img but no working, adb respond "failed: targed locked".
Click to expand...
Click to collapse
Just to be sure, is it an answer from adb or fastboot?
katalinscrob said:
2. I don't have the ota file anymore BUT I have the K910_SS_S_2_040_0109_131226.qsb file. I poot this one in sdfuse folder and updated already before starting procedure with adb from above as you described, no problem just flashed it, btw it wipes everything.
Click to expand...
Click to collapse
This is great news! Do you have any way of posting ithe QSB somewhere?
katalinscrob said:
So, my opinions:
1. Locked target issue could be determined by the bootloader beeing locked? Don't we need to unlock it somehow?
Click to expand...
Click to collapse
I had nothing to do but I did restart a few time with a custom boot.img that I never actually flashed. Maybe this helped?
katalinscrob said:
2. Can you reinsert root and gapps in this newer version K910_SS_S_2_040_0109_131226.qsb file?
Click to expand...
Click to collapse
I sure will!
katalinscrob said:
3. How do you decompiled .qsbfile ?
Click to expand...
Click to collapse
I wrote a script for that purpose. I have to clean it a bit before I can publish it but I'll definitely do it.
katalinscrob said:
Obs:
- we can use android-aio-flasher just to substitute from working with cmd commands... just sayin', works for me.
- reboot in recovery command doesn't work, just adb reboot bootloader, then lenovo logo appears.
- correct command for pushing system.img is adb fastboot flash system path to system.img.
Click to expand...
Click to collapse
You are right. I didn't know about android-auto-flasher, probably because I'm running Linux (which made my task easier to cook the ROM since the system partition can be mourned like any other).
I edited my first post with your correction and the link since I have now 10 messages on the board !
Well who are finding out that important things. Hopefully soon have new developments. I keep watching your work. I hope that more and more we are, I have put in all the sites I've found this link for more developers to come.
csu33 said:
This is great news! Do you have any way of posting ithe QSB somewhere?
Click to expand...
Click to collapse
I have it. please contact me in PM
Hello peoples.
I just found this out from T-Mobile Website.
Android version 4.4.2
Build number C2GUMG1
Your phone can update to build number C2CUMC3:
Starting November 4, 2015, you may be prompted to update automatically (OTA).
That was only a few days ago. Someone has to have a phone that's not updated yet.
https://support.t-mobile.com/docs/DOC-13470
We need that update desperately
We can use it to fix Boot looped phones due to corrupting the ROM.
We can use it to potentially build a modified stock rom that will flash.
I know from the recovery.log in the Cache folder that the update zip will be downloaded to ".download" folder. Do notice the " ." it means its a hidden folder. You can view in linux pressing. ctrl - H.
Root Browser or es-file explorer might be able to see the hidden folder.
download the update but pull the battery so it dont install.
Copy that sucker.
Im pretty sure it deletes the update after it installs.
Also maybe safer I have seen people use ADB and start logcat to get the actual download url.
Please someone do this. If i can get my phone back up im working on building a rom.
Here is a thread on how to get the ota update for nexus. I think we can do the same.
http://forum.xda-developers.com/nexus-4/general/how-to-download-url-nexus-ota-update-t2414424
hey whts up
Hey man I've got an "Alcatel one touch fierce 2 7040t.. I've also got the option to download the c2cumc3 update but I have to unroot it first before it will let me download it though...if u can tell me what exactly u need and a lil help and I don't mind tryn to get what u need..I can do minor things with phones like flashing and other lil things so u might have to answer a cpl questions for me though lol so just hmu if u still need it..
BigCountry907 said:
Hello peoples.
I just found this out from T-Mobile Website.
Android version 4.4.2
Build number C2GUMG1
Your phone can update to build number C2CUMC3:
Starting November 4, 2015, you may be prompted to update automatically (OTA).
That was only a few days ago. Someone has to have a phone that's not updated yet.
https://support.t-mobile.com/docs/DOC-13470
We need that update desperately
We can use it to fix Boot looped phones due to corrupting the ROM.
We can use it to potentially build a modified stock rom that will flash.
I know from the recovery.log in the Cache folder that the update zip will be downloaded to ".download" folder. Do notice the " ." it means its a hidden folder. You can view in linux pressing. ctrl - H.
Root Browser or es-file explorer might be able to see the hidden folder.
download the update but pull the battery so it dont install.
Copy that sucker.
Im pretty sure it deletes the update after it installs.
Also maybe safer I have seen people use ADB and start logcat to get the actual download url.
Please someone do this. If i can get my phone back up im working on building a rom.
Here is a thread on how to get the ota update for nexus. I think we can do the same.
http://forum.xda-developers.com/nexus-4/general/how-to-download-url-nexus-ota-update-t2414424
Click to expand...
Click to collapse
Did you ever get the OTA?
Google Store purchased, currently have root and twrp installed, bootloader unlocked.
I read briefly that to accept the new update and keep root, you have to mess with the bootloader? Is there some sort of simplified guide on this?
Thanks to chainfire, there is a guide for updating to may version and keep may bootloader.
First, you have to flash new factory image or sideload the ota
Let it reboot, now you lost recovery, custom kernel, root etc..
Reboot to bootloader and boot to twrp, flash supersu and the zip provided by chainfire for signing the bootloader
Reboot and you should have root with may update
If you want a custom kernel or twrp you should flash the zips and the verification tool, i didn't understand the right process for this, for me it looped a couple of times but after flashing those files a bunch of times in different orders it succesfully booted with no errors.
I'm currently running stock 7.1.2 may update with supersu 2.79 SR3, TWRP 3.0.1 RC1, franco kernel r15 with no errors, everything running perfectly
Where can we get the May ota download and a refresher on sideloading it? I've done that before but don't do it often enough to get through it quickly... currently running 7.1.2 / NHG47K on my Google bought Pixel which has been unlocked, and rooted. Though I've not installed TWRP, I can bootload into it fine....
My phone app has suddenly started acting all wonky, so I'd really like to update and see if that will help straighten things up.
Thanks for the assistance...
Got the May ota and will now sideload it. Where is this 'guide' that you mentioned Chainfire has setup to assist folks handling the May update?? I'd like, specifically, to get a copy of the zip file that signs the bootloader.
Thanks!!
I am wondering also. Still using NDE63P from October, wasn't aware we could take OTA's at all and keep root. Been having so many Bluetooth issues, it's worth a shot given their focus on it a month or so ago.
Well... up until this recent May ota release, it used to be pretty easy to simply download the latest Superuser zip file and re-install it on your phone, thereby re-establishing root access (assuming your phone is / was unlocked and rooted prior to taking the update). That is not the case going forward.... but I am still researching it.... follow along by looking here: https://forum.xda-developers.com/an...signing-boot-images-android-verified-t3600606
Oh wow, that's super easy. Sweet! Now I need to find out where the past OTA's are so I can flash all of those...
I'm going to give all that a try soon, if anyone following this thread needs help or has questions, feel free to reply here with them.
To dumb down that entire OP into the reason why it's needed: the OTA's being sent out up through April 2017 was just the OTA itself. In May, they started requiring them to be encrypted with a certificate, but didn't provide requirements on from whom the certificate comes from. This means that now, instead of just flashing the ZIP, you first encrypt it with your own certificate and then flash the result of that.
They mention the private keys can be discarded later, given they are generated for the sole purpose of uploading OTA's to the phone, I would think keeping them on the internal SD card of the phone itself would be suitable. Heck, zip those puppies up and email them to yourself, they're not being used for security, why not, right?
Try here: https://developers.google.com/android/ota
Just sideload the latest... you only need one
pstgh said:
... https://developers.google.com/android/ota
Just sideload the latest
Click to expand...
Click to collapse
pstgh said:
... follow along by looking here: https://forum.xda-developers.com/an...signing-boot-images-android-verified-t3600606
Click to expand...
Click to collapse
Yes, the first link is the ota repositories, download the zip of may, then put it in the adb folder, reboot to recovery, go in advanced menu and start sideload, without wipe cache or dalvik.
Then in cmd just type "adb sideload <name-of-the-ota.zip>"
Let it finish both steps and reboot, then you are ready to boot to twrp and flash supersu and the zip v3 from chainfire's thread for signin the bootloader.
That's it
Agree. Pro tip: after downloading the proper ota update, rename it to something simpler so you can more easily enter that adb sideload ota-filename.zip command!
pstgh said:
Agree. Pro tip: after downloading the proper ota update, rename it to something simpler so you can more easily enter that adb sideload ota-filename.zip command!
Click to expand...
Click to collapse
better pro tip: tab auto completes the filename.
exad said:
better pro tip: tab auto completes the filename.
Click to expand...
Click to collapse
Expert pro tip: shift+right click the file, "Copy As Path", paste into the terminal.
(I use ConEmu, so right-clicking the terminal itself pastes what's on the clipboard; some Linux distros do this also Command Prompt I think right click is done on the title bar or some obscure thing like that, can't remember).
Expert pro tip: shift+right click the file, "Copy As Path", paste into the terminal. -
I like this one but when I tried it, fyi, it pastes the path with quote marks on either end.... which is burdensome
Quotes are accepted in the adb commands. Without them, each space in the path is interpreted as an argument delimiter.
adb some-command C:\Program Files\Some-Program\Main.exe
passes "C:\Program" and "Files\Some-Program\Main.exe" as two different arguments to adb. Surrounding it with quotes instead allows adb to use the full path correctly. Common practice with command-line apps, although not universally supported.
It does work with adb/fastboot though, just did it a couple days ago to upgrade my Huawei Watch with the Wear 2.0 OTA that it kept failing to detect was available.
My H918 is what is currently in the shop (and this would not work on the H910 -- they use a different format), so I can't test this myself. WIth that said, this should be completely safe -- it will either work or it won't
I figured I would look to see what kind of security there was on the OTA update process.
As stated in the title, this is only for the H918 for now since I haven't had a chance to look at other models.
T-Mobile uses the regular SignApk straight out of the AOSP sources to sign their OTA zips.
It also turns out that the LGFOTA.apk will look on the SDcard for the update.zip:
Code:
/cache/fota/update.zip
/cache/fota/update_flag
/data/fota/update.zip
/pkg/SoftwareUpdate
/pkg/SoftwareUpdate/
#/storage/external_SD/SoftwareUpdate
/storage/external_SD/SoftwareUpdate/
/storage/sdcard0/SoftwareUpdate
/storage/sdcard0/SoftwareUpdate/
#/storage/sdcard0/SoftwareUpdate/enc
$/storage/sdcard0/SoftwareUpdate/enc/
Those are the paths that it searches -- the one we care about is /storage/external_SD/SoftwareUpdate/
Now when you sign an update.zip, it obviously needs to be verified with a key. The thing is, they include the key in the zip -- otacert -- why?
I don't have my H918 right now, but that isn't stopping me from looking for other attack vectors. This time it is stock recovery.
As near as I can tell, stock recovery uses the otacert in the zip to verify the signature of the zi.p. Which is fine from a VERIFICATION point of view. If the zip is modified in any way, the signature will fail. If the otacert file is not valid, the signature will fail. So, you know you are flashing a good file if the signature passes.
Now, from a security point of view, you don't include the cert that checks the signature WITH the file to be checked. I really think they screwed up here.
I don't have an H918 to test this on till mine gets back, but if someone else wants to, I can talk you through making an update.zip.
-- Brian
I'll give it a shot
From Android's developer website, it states that:
Sideloading does not bypass recovery's normal package signature verification mechanism—before installing a package, recovery will verify that it is signed with one of the private keys matching the public keys stored in the recovery partition, just as it would for a package delivered over-the-air...
...The RecoverySystem API checks the signature against public keys stored in the main system, in the file /system/etc/security/otacerts.zip (by default). Recovery checks the signature against public keys stored in the recovery partition RAM disk, in the file /res/keys.
Click to expand...
Click to collapse
Is this somehow bypassing that?
I haven't spent anywhere near the time decompiling lg_fota and recovery (the two main binaries that handle OTA) as I have lafd, but like I said, it looks like if there is an otacert in the zip it uses that instead.
The only way to find out for sure is to test it, and it looks like we have a volunteer
@storm68 I will craft up the zip for you. Gimme an hour to wake up...
-- Brian
runningnak3d said:
I haven't spent anywhere near the time decompiling lg_fota and recovery (the two main binaries that handle OTA) as I have lafd, but like I said, it looks like if there is an otacert in the zip it uses that instead.
The only way to find out for sure is to test it, and it looks like we have a volunteer
@storm68 I will craft up the zip for you. Gimme an hour to wake up...
-- Brian
Click to expand...
Click to collapse
Take your time. In the middle of an oil change. Lol
Also as long it's safe, no brick.
How'd this go? Home all day today and have a back up phone if need be. If you need another volunteer I'm game
Sent from my LG-H918 using Tapatalk
@runningnak3d
Sorry had an issue come up....
Anyway, here is the zip.
First, your bootloader must be unlocked. If not, you will have to flash the KDZ to fix your phone since it will fail the AVB check.
Your SDcard needs to be formatted vfat. Make a directory called SoftwareUpdate (caps matter -- remember this is Linux).
Download the zip and rename it to update.zip and stick it in that directory.
With the phone booted, get an adb shell.
Type (or copy / paste) this:
Code:
am start -n com.lge.lgfota.permission/com.lge.lgfota.permission.DmcEzUpdateStart
Your phone should reboot to recovery, and (crosses fingers) should start to flash. If so, you will have TWRP.
If it fails, I need to know exactly what the error was. If it says that it can't find an OTA, I have a few more things to try. If it says that the OTA failed signature check (or something to that extent), then this was all for nothing.
-- Brian
At work, will try when I get home some time tonight. If it doesn't work will it reboot back to normal?
I also still need to unlock bootloader. I'm still fresh outta the box. Lol
Yep. If it fails due to not finding it, or failing the sig check, you may have to reboot the phone yourself, but no changes will be made.
-- Brian
@runningnak3d
E: footer is wrong
E: signature verification failed
Also from she'll the phone just kinda blacks out for a sec and then nothing happens had to boot into recovery and try it that way
@whojabacod So you used the adb sideload method from recovery? If so, yes, that will fail because it uses the certs that are included with recovery.
I'll have my 918 back in a couple of days, and it will be on 10r or whatever the latest is, so I will have real incentive to get it rooted
-- Brian
With the last few posts being read I think I'll wait till you get your phone back and do your thing.
runningnak3d said:
Sorry had an issue come up....
Anyway, here is the zip.
First, your bootloader must be unlocked. If not, you will have to flash the KDZ to fix your phone since it will fail the AVB check.
Your SDcard needs to be formatted vfat. Make a directory called SoftwareUpdate (caps matter -- remember this is Linux).
Download the zip and rename it to update.zip and stick it in that directory.
With the phone booted, get an adb shell.
Type (or copy / paste) this:
Your phone should reboot to recovery, and (crosses fingers) should start to flash. If so, you will have TWRP.
If it fails, I need to know exactly what the error was. If it says that it can't find an OTA, I have a few more things to try. If it says that the OTA failed signature check (or something to that extent), then this was all for nothing.
-- Brian
Click to expand...
Click to collapse
I'll try this later today. Can I format the SD card via phone?
Sent from my LG V20 using XDA Labs
After browsing around, related to this process. With in The first couple of files I looked at which were related to fota. I will say I'm 100% positive this is how the malware has root on my phone. Explains why my phone says I have an external sd card installed , when i do not have one in. @runningnak3d . I do appreciate all your time and effort you've put into getting root on this phone, again. And this process will work when implemented properly. ( not saying his process is incorrect ) . reason I say I'm certain. Is because the files in my phone. Look reeeeaal.... Firmiliar. Almost like I have seen the words spoken somewhere before.. **cough** previous posts above **cough**
Is this something that still needs a tester? Assuming it's as safe as estimated, since this is my (new) daily driver, I'd be willing to try it with my stock H918 10q.