Related
I can't read french, but the translation site seems to indicate that this hexedit will permanently unlock any phone. My Captivate nv_data.bin matches perfectly.
I just can't translate all the comments and i really want to read what everyone is saying.
Any french speakers out there?
http://forum.frandroid.com/forum/viewtopic.php?id=26052
Thanks to zzyxy for posting this in another thread.
EDIT - changed title and found English Post on XDA.
http://forum.xda-developers.com/showpost.php?p=8182729&postcount=107
Translated by google chrome
Here is how to unlock a phone that has missed its flash Froyo JPC (request for unlock code and displays the correct imei)
New semi automated method available here: http://forum.frandroid.com/forum/viewtopic.php?id=27019
Beware if the imei is not good before you start, it will not be at the end.
This method can also be used to modify the Product Code for those interested
All that was done on'm Android 2.1 since Froyo modifies the files to his liking (I advise to do New JM1, it works very well).
Thank you for everything you read, do not fly the tutorial is very important !!!!! I could not be responsible for those who are mishandling
Before anything else, save the file efs /, we will play with:
http://forum.frandroid.com/forum/viewtopic.php?id=25668
Need to be root, busybox, android sdk available here:
http://developer.android.com/sdk/index.html
(In windows) we decompress the ZIP, it renames the file "android-sdk-windows" to "android" short and placed in c: \ (the name and location to the sdk is placed are important to commands typed by hand later)
Extracting a nv_data.bin:
Plug the phone in usb mode enabled USB debugging
Start => Run => cmd (a DOS window will open)
Tapper to space by:
cd ..
cd ..
cd android
cd tools
adb pull / efs / nv_data.bin
Close the DOS window
The file will appear in the nv_data.bin réperoire c: \ android \ tools.
Edit the file with a hex editor nv_data.bin (EditHexa available in my example here: ... http://www.logitheque.com/logiciels/win a_9903.htm):
188 021 offset (page 3137) to "XEF" (ca will recognize the phone as "naked") (thus change the product code)
Offset 18146E (page 3,083) to "00000000" (ac will put the network unlock code 00000000)
We backup ^ ^
Then we go back in adb ^ ^
Start => Run => cmd (a DOS window will open)
Tapper and point in space by:
cd ..
cd ..
cd android
cd tools
adb shell mkdir / sdcard / efs "
adb push nv_data.bin / sdcard / efs
adb shell
su
mv / efs / .nv_data.bak / efs / .nv_data.bakk
mv / efs/.nv_data.bak.md5 / efs/.nv_data.bakk.md5
rm / efs / nv_data.bin
rm / efs/nv_data.bin.md5
rm / efs/.nv2.bak
rm / efs/.nv2.bak.md5
cp busybox / sdcard / efs / nv_data.bin / efs / nv_data.bin
chmod 755 / efs / nv_data.bin
chown radio.radio / efs / nv_data.bin
If he ever put the radio user does not exist, try "chown 1001:1001 / efs / nv_data.bin" instead and yes for some it is still not the same ....( thank you Froyo JPC / JPH )
There may be errors on. Nv2.bak and md5 (they do not exist at all)
I renamed the. Bak. BAKK to set aside the time everything is finished, they will be erased later.
do: ctrl + c
unplug the phone, remove the battery without turning the phone 30 seconds.
restart (on or before this point we must put the sim)
The network will unlock code: 00000000, it will the code is good but not unlock it anyway. If its not working properly and restart the phone again.
once functional, * # 06 # displays the correct imei
After there are bugs that require reflashing, reflash in New JM1 via Odin with re-partition active (I did not test other firmwares)
Must rooter again (the busybox normally installs with the root) ... and yes again ^ ^
reboot (so the normally nv_data.bin.md5 must have recreated)
Creating the. Bak
plug the phone into USB debugging mode enabled
We return under adb ^ ^
Start => Run => cmd (a DOS window will open)
Tapper and point in space by:
cd ..
cd ..
cd android
cd tools
adb shell
su
rm / efs / .nv_data.bakk
rm / efs/.nv_data.bakk.md5
busybox cp / efs / nv_data.bin / efs / .nv_data.bak
busybox cp / efs/nv_data.bin.md5 / efs/.nv_data.bak.md5
chown radio.radio / efs / .nv_data.bak
chown radio.radio / efs/.nv_data.bak.md5
Ctrl + c
Unplug your phone
and it finally finished your phone is unlocked and working again all operators ... remember to save them now ^ ^
A big thank you to Rickou who brought me on a platter chown radio.radio Chaineau who was missing.
And has Reve40 with whom I studied nv_data.
And Hideki Jis26 who tested the method before it is online.
A remark Hideki:
hideki wrote:
Otherwise I just add details about my case.
So personally I stopped before the stage flashing in JM1 because I had no problem and my bak files were recreated itself at startup.
I tried the following reredémarrer my imei and no problems still, no application code. And like bin files are recreated at each boot from bak, I concluded that my bak was so good .
What greatly simplify the procedure .
This was not the case for me and therefore Jis26 peus be that after the Roma moved to the base, we could have some small variations, I can not say more.
Last edited by helroz (25-09-2010 1:50:37 p.m.)
Thanks for the translation but I found something even better then machine gobbly gook ,
I just found the original post by Helroz - in english on XDA if anyone wants:
http://forum.xda-developers.com/showpost.php?p=8182729&postcount=107
"This method work for galaxy s with damaged nv_data caused by froyo JPC (good imei but unlock code required)
this method is to recreate a new unlock code and allow the phone to unlock with new unlock code
I post this on frandroid with pictures and link for software:
h***://forum.frandroid.com/forum/viewtopic.php?id=26052"
So has anyone tried this method? Is changing the country code "XEF" necessary for unlock? Is that just for changing the product code?
michael.seltzer said:
So has anyone tried this method? Is changing the country code "XEF" necessary for unlock? Is that just for changing the product code?
Click to expand...
Click to collapse
I have yet to try it, but changing the country code is only necessary if you flashed a different international firmware and it changed that.
Ya i flashed to cognition 2.2 so it shouldn't be an issue right?
michael.seltzer said:
Ya i flashed to cognition 2.2 so it shouldn't be an issue right?
Click to expand...
Click to collapse
Not the country code, since you flashed an AT&T build.
when performing the busybox line, I get
cp: write error: No space left on device
Why? I have plently of room on my phone, what is the problem here?
No one has any idea?
Vae Hostilis said:
when performing the busybox line, I get
cp: write error: No space left on device
Why? I have plently of room on my phone, what is the problem here?
Click to expand...
Click to collapse
I ran into this, and i have an answer... took me bit to discover it...
The /efs partition is only about 6MB in size - the nv_data.bin is 2mb. There is a hidden backup file and another file as well that are also about 2mb.
ls -l -a (you can't do ls -la as in linux or unix) will show you hidden files and sizes.
So you probably tried to backup your nv_data.bin in the /efs folder, and then copying a new one over and you ran out of space. Delete the nv_data.bin after you back it up to your SD card, then copy the changed one over.
alphadog00 said:
I ran into this, and i have an answer... took me bit to discover it...
The /efs partition is only about 6MB in size - the nv_data.bin is 2mb. There is a hidden backup file and another file as well that are also about 2mb.
ls -l -a (you can't do ls -la as in linux or unix) will show you hidden files and sizes.
So you probably tried to backup your nv_data.bin in the /efs folder, and then copying a new one over and you ran out of space. Delete the nv_data.bin after you back it up to your SD card, then copy the changed one over.
Click to expand...
Click to collapse
Tried deleting the file in the efs folder, then just copying the file over using root file manager and it still says I don't have enough room. after deleting the file, I have 1.91mb free in that folder. is there anything in there I can toss?
And what does busybox have to do with transfering the file? as in why do i have to include busybox when typing in the command on adb?
Edit: here is the list of files in there in case I have some unnecessary ones.
.android (folder)
---empty
.imei (size: 15)
.nv_data.bakk (2097152)
.nv_data.bakk.md5 (32)
.nv_state (1)
imei (folder)
---bt.text (23)
---mps_code.dat (3)
nv.log (96)
after listing these off, I notice there is a serious math problem here..... how do i have 4.01 mb (according to root file manager) filled?
Vae Hostilis said:
Tried deleting the file in the efs folder, then just copying the file over using root file manager and it still says I don't have enough room. after deleting the file, I have 1.91mb free in that folder. is there anything in there I can toss?
And what does busybox have to do with transfering the file? as in why do i have to include busybox when typing in the command on adb?
Edit: here is the list of files in there in case I have some unnecessary ones.
.android (folder)
---empty
.imei (size: 15)
.nv_data.bakk (2097152)
.nv_data.bakk.md5 (32)
.nv_state (1)
imei (folder)
---bt.text (23)
---mps_code.dat (3)
nv.log (96)
after listing these off, I notice there is a serious math problem here..... how do i have 4.01 mb (according to root file manager) filled?
Click to expand...
Click to collapse
I did all this via ADB shell and i didnt use the busybox command; but i don't see your original nv_dat.bin - that is 2MB. You can delete the bakk file - that was made by some script - i have never seen the OS add 2 K's.
If you want to keep something move it to SD card and then delete from /efs. I know it is the nv_data.bin and .nv_data.bin that are 2MB files - they take up the room in the partition.
Unless you use a terminal and type in the commands - it is hard to tell what the file manager may still be hiding. I haven't used root file manager.
alphadog00 said:
I did all this via ADB shell and i didnt use the busybox command; but i don't see your original nv_dat.bin - that is 2MB. You can delete the bakk file - that was made by some script - i have never seen the OS add 2 K's.
If you want to keep something move it to SD card and then delete from /efs. I know it is the nv_data.bin and .nv_data.bin that are 2MB files - they take up the room in the partition.
Unless you use a terminal and type in the commands - it is hard to tell what the file manager may still be hiding. I haven't used root file manager.
Click to expand...
Click to collapse
I have the .nv_data.bak, the .nv2.bak, and the nv_data.bin in the sdcard folder. I believe the instructions told us to move those out of the efs folder and rename the copies (left in the efs folder) to .bakk instead of .bak, as they were the ones that would be deleted later.
All the files you see, are all the files in there, looking through ADB and the Root File manager app w/ hidden files shown. and the file sizes are not adding up to the total 4 it says I have in there, but I will try deleting the .bakk file and see what happens.
The nv_data.bin is the important one.
With what you listed, you should have about 4mb free, not 4 mb used. If you are in ADB shell you also have the df and du commands to show you how much of the /efs partition is used.
lol. it tells me 4.01mb is used.... sigh.....
Edit: just wiped my phone for the hell of it to see if it fixed anything. All the files are back, safe and sound, and the MATH ADDS UP (Yeay!). I'll try one more time before I give up.
Edit 2: just ordered a replacement device from at&t. I'll just run the Generate Code program on that, hopefully. Thank you for your help!!
So has anyone actually tried this? Does it actually work?
Sent from my SAMSUNG-SGH-I897 using XDA App
How did you get att to replace it?
michael.seltzer said:
So has anyone actually tried this? Does it actually work?
Sent from my SAMSUNG-SGH-I897 using XDA App
Click to expand...
Click to collapse
It does work. As long as your IMEI is good. (*#06#). Take a good unlocked nv_data.bin - put your IMEI and unlock/unfreeze codes in it; in the right places. Move it your phone and reboot.
so if i just follow the guide exactly i'll be good? Is there a chance that my phone might not boot up? For some reason my phone can't get into download or recovery mode so i don't want to be stuck.
michael.seltzer said:
so if i just follow the guide exactly i'll be good? Is there a chance that my phone might not boot up? For some reason my phone can't get into download or recovery mode so i don't want to be stuck.
Click to expand...
Click to collapse
with a bad nv_data.bin - it should still boot -but I can't guarantee it. Never tried.
Hacking system files, there is always the chance the phone won't boot. AT&T did it with OTA upgrade.... How bad do you need to unlock your phone -that is the question you need to ask yourself.
RE:[GUIDE] Downgrade G2 (2.3.X) & DZ (2.3.X) & mT4g (2.3.4) & DHD w/ S-ON to Froyo
Wanted to document my musings... All the following how to's are other peoples with some of my(VERY LITTLE) comments mixed in.. Thanks to all those peeps!!! hope it helps someone to downgrade and root!
Introduction
This guide is written with the assumption that the user has previously used "adb". If you are unfamiliar with "adb" or do not even know what "adb" is, download the Android SDK (found at http://developer.android.com/sdk/index.html). There are a couple guides to help you get started setting up the Android SDK and understanding ADB. If you have not installed the Android SDK or you are unfamiliar with ADB, please take some time and read a couple guides to get a basic understanding of it.
* [GUIDE] ADB Workshop and Guide for everyone
* [HOW-TO] ADB for Dummies(How-To Learner's Guide)
* How To Set Up ADB/USB Drivers for Android Devices
Gaining Temp Root
1. Download the attached files, unzip them, and place the files in your platform-tools folder. To elaborate, place the fre3vo file inside of the fre3vo.zip file and the misc_version file inside the misc_version_01.zip file in your platform-tools directory.).
2. Make sure you have your sdcard inserted in your phone, and you are NOT in USB Storage Mode, and your sdcard is NOT FULL.
3. Run the following command to verify the exploit has access to what it needs. (Only the first line is the command. The second line should be the result returned if all goes well.)
Code:
> adb shell cat /dev/msm_rotator
/dev/msm_rotator: invalid length
4. If you received the same message, you're good to continue on. If not... I'd recommend going back to #g2root and asking them. (I am just passing along the information after all).
5. Run the following commands from your platform-tools directory.
Code:
> adb push fre3vo /data/local/tmp
> adb shell
$ chmod 777 /data/local/tmp/fre3vo
$ /data/local/tmp/fre3vo -debug -start FAA90000 -end FFFFFFFF
6. After you enter that command, with luck you should see something similar to the last few lines in the following displayed. (It may take a minute or two. From what I can tell, this appears to be the quickest method as the exploit seems to be found in the latter regions.)
Code:
Buffer offset: 00000000
Buffer size: 8192
Scanning region fb7b0000...
Scanning region fb8a0000...
Scanning region fb990000...
Scanning region fba90000...
Potential exploit area found at address fbb4d600:a00.
Exploiting device...
7.
1. If the exploit works, you will be kicked out of ADB shell, proceed to Step #8.
2. If the above does not work, and fails, you can try the following, and hopefully one will work, try the following (you must reboot your phone before you try another set):
Code:
$ /data/local/tmp/fre3vo -debug -start 10000000 -end 1FFFFFFF
$ /data/local/tmp/fre3vo -debug -start 20000000 -end 2FFFFFFF
$ /data/local/tmp/fre3vo -debug -start 30000000 -end 3FFFFFFF
$ /data/local/tmp/fre3vo -debug -start F0000000 -end FFFFFFFF
$ /data/local/tmp/fre3vo -debug -start E0000000 -end EFFFFFFF
8. If you did get kicked out of adb shell, open it again. You should now see the lovely # instead of $, thus granting you temp root. Go ahead and exit out of shell to proceed to the next stage.
Code:
> adb shell
# exit
Changing Version Number to Allow Downgrade
1. If you followed the first portion of this, you should of unzipped misc_version_01.zip in the platform-tools directory.
If you haven't done that yet, do that now and then run the following commands from your platform-tools directory.
2.
Code:
> adb push misc_version /data/local/tmp/misc_version
> adb shell chmod 777 /data/local/tmp/misc_version
> adb shell
# /data/local/tmp/misc_version -s 1.00.000.0
--set_version set. VERSION will be changed to: 1.00.000.0
Patching and backing up partition 17...(MIXING THIS IN (specially the folderand file ref) COMPAIRE THE METHOD BELOW WITH THIS ABOVE IF ONE DOES NOT WORK TRY THE DIFFRENT PATHS MISC_VERSION/MISC_VERSION...DID THE TRICK FOR ME:
1.
# /data/local/tmp/misc_version -s 1.00.000.0
2.
/data/local/tmp/misc_version -s 1.00.000.0
3.
/data/local/tmp/misc_version: permission denied
4.
5.
# chmod 777 /data/local/tmp/misc_version/misc_version
6.
chmod 777 /data/local/tmp/misc_version/misc_version
7.
# /data/local/tmp/misc_version/misc_version -s 1.00.000.0
8.
/data/local/tmp/misc_version/misc_version -s 1.00.000.0
9.
--set_version set. VERSION will be changed to: 1.00.000.0
10.
Patching and backing up partition 17...
3.
*Note: If you get the following error, please make sure your sdcard is inserted in your phone and is NOT mounted to your computer (ie: make sure you are NOT in USB Storage Mode).
Code:
Error opening backup file.
4.
Code:
# sync
5. Double check and make sure everything looks good so far by running the following command (still in adb shell).
Code:
# dd if=/dev/block/mmcblk0p17 bs=1 skip=160 count=10 {did not return this 4 me but ok!!!}
1.00.000.010+0 records in
10+0 records out
10 bytes transferred in 0.001 secs (10000 bytes/sec)
6. BE SURE TO BACKUP ANY DATA!!!***
Temp-Rooting to Backup
If you have nothing to back up or don't care to back anything up, proceed to the next section.
Credit goes to Nipqer from #g2root for providing me with this method.
1. Download the attached file, "Vision-fre3vo-temp-root.zip".
2. Extract the contents to your platform-tools directory.
3. Run the following commands in command prompt while in platform-tools directory: notice the / at the end of the commands here DIFFRENT!
4. adb devices is good to check u have proper driver connection, u can enable and then disabe usb debug to glitch usbport into connecting to phone as well as finding another usb port uninstalling reinstalling HTCdrivers of course while untethered
Code: > adb devices (make sure u have a connection)
> adb push su /data/local/tmp/
> adb push busybox /data/local/tmp/
> adb push fixsu.sh /data/local/tmp/
> adb install SuperUser.apk
> adb shell chmod 755 /data/local/tmp/fixsu.sh
> adb shell /data/local/tmp/fixsu.sh
5. Download a backing up application such as...
1. Titanium Backup
2. MyBackup Root
6. Make a backup!
Downgrading
* Download the Stock Rom for your device:
o G2: PC10IMG_Vision_TMOUS_1.19.531.1_Radio_12.21.60.09b _26.02.01.15_M2_release_149459_signed.zip
+ MD5: 531c08dc402e15577b947bf4cd22aec2
o Desire Z: 1.34.405.5_PC10IMG.zip
+ MD5: 2ff42897cd27e0db425a2cf36c8bd078
o myTouch 4G: PD15IMG.zip
+ MD5: 49d07f0ee7de1765a6a84cb12fa53110
o Desire HD: RUU_Ace_HTC_WWE_1.24.405.1_Radio_12.27.60.14b_26.0 2.00.29_M4_release_151852_signed.zip
+ MD5: a107b30a4b397c9238ddc7f4571c2ee8
* Please follow either Manual Downgrade OR Fastboot Downgrade
Manual Downgrade
1. Rename the downloaded rom to it's proper update name:
(Please note, the filenames MUST be all uppercase except for the extension, and if file extensions are hidden, do not include ".zip"):
* G2: "PC10IMG.zip"
* Desire Z: "PC10IMG.zip"
* myTouch 4G: "PD15IMG.zip"
* Desire HD: "PD98IMG.zip"
2. Place the zip file in the root of your sdcard.
3. Reboot your phone into bootloader by typing the following command:
Code:
> adb reboot bootloader
u should have PD15IMG.zip on your newly formatted sd card
4.
Your phone will reboot once or twice - this is completely normal.
This process will take roughly 5-10 minutes so make sure your phone is plugged in, either to an outlet or your computer.
5. THEN I DID THIS
6. EASY PERM/S-OFF FOR MYTOUCH 4G: G2/Desire Z PermRoot/S-OFF I've rooted over 50 Mytouch 4G's and i always have issues lol.
BUT I ALWAYS ROOT THEM IN THE END, and might I add with a headache
lol.
I tried this method, and IT WORKED, tried on over 5 phones now.
**NOTE! R E A D!NOTE!**
UNINSTALL ALL ANTI-VIRUS, LOOKOUT, OR ALL THAT CRAP BEFORE INSTALL.
[]ROOT WAS ACHIEVED FROM:
http://forum.xda-developers.com/showthread.php?t=928160
by: ianmcquinn
*REFORMAT SD CARD TO FAT+32
*TEMPROOT ROOT YOUR PHONE WITH VISIONARY+ (LEAVE EVERYTHING UNCHECKED)now redo the phone connect to market get astro file mgr and install clockwork after installing temp root with visionary 14 nothing checked and temp root then run : set to charge or usb tether usb debuging install non market apps.
-DOWNLOAD ANDROID TERMINAL EMULATOR FROM MARKET.
Step one:
-you need root_files.rar
http://forum.xda-developers.com/atta...6&d=1296452641
-then create a new folder on the root of the SD CARD named root_files and extract everything
in the rar there.
Step Two:
Open term. emu. and type.
(DO NOT TYPE */# just commands.)
$) su
#) cp /sdcard/root_files/perm_root /data/local/perm_root
#) chmod 777 /data/local/*
#) /data/local/perm_root
Now turn off phone, take battery out, vol+down, S-OFF PERM ROOT...
Install Rom Manager, flash CWM, and flash your fav. rom (RoyalGinger)
The most painless way I rooted mytouch!
hope it saves you a headache.
1.
Code:
> adb reboot bootloader
Sources:
1. #g2root: http://fishporn.ca/vision.gingerbread.root.html
2. Using fre3vo: http://therootofallevo.com/forums/vi....php?f=6&t=120
3. [GUIDE] ADB Workshop and Guide for everyone
4. [HOW-TO] ADB for Dummies(How-To Learner's Guide)
5. How To Set Up ADB/USB Drivers for Android Devices
6. [ROM]Ace Test & Stock ROMS [RE-UPLOADED]
7. Instructions for flashgc
8. Temp-Root Backup Post by Nipqer
9. Various Chats I've had with individuals.
If anyone needs further help and would prefer messaging me, feel free.
* AIM: IgnorantNihilist
* G-Talk: [email protected]
* MSN: leon.yandel[email protected]
Troubleshooting
Originally Posted by Cimer View Post
[...] If [the downgrade] does not work, Right click your Command prompt, Select All, Right click again. Then go to pastebin.com, paste there, Scroll down, name it and hit submit. After that post the link here and we'll take a look at it.
EVERYONE: If you want a faster diagnostic please do this in advance and other people can see your mistakes.
I wanted to give credit to specific individuals whom have helped write this guide, provided important feedback to further improve this guide, and/or in any other way further improved this guide. I think these invidiuals should be recognized, as if it were not for them, this would wouldn't be as elaborate, dynamic, and informative as it is. So a special thanks to, Cimer, petarpLab, iDylan1357, asharma5290, Nipqer, guhl, pierre_ja, and skorgon from #g2root
Change Log
* 2011/10/27
o Changed the download link for the Desire HD.
o Added MD5 checksums next to the rooms.
* 2011/10/26
o Re-added the manual downgrade method due to people having issues with the fastboot method.
* 2011/10/23
o Fixed a slightly error in code during the temp-root backup section. Had "adb install install Superuser.apk", replaced it with "adb install Superuser.apk"
* 2011/10/22
o Added a method to be able to backup data prior to downgrading! (thanks to Nipqer from #g2root)
* 2011/10/20
o Added Desire HD.
o Changed the downgrading method to use fastboot rather than manually downgrading.
o Added "Creating A Goldcard" method from http://www.thinkthinkdo.com/trac/pro...c_instructions
* 2011/08/26
o Changed modified version number for each device to 1.00.000 as it is more universal and works for each one.
o Made it more clear to extract the attached files and place them in the platform-tools directory for use.
* 2011/08/06
o Added a couple links to ADB guide.
* 2011/08/05
o Added myTouch 4G
o Added link to an "adb" guide.
o Changed title from "[GUIDE] Downgrade G2 2.13.531.8 (2.3.3 T-Mobile Rom w/ S-ON) & DZ 2.3.3 w/ S-ON" to "[GUIDE] Downgrade G2 (2.3.3) & DZ (2.3.3) & mT4g (2.3.4) w/ S-ON to Stock Froyo"
Attached Files
File Type: zip misc_version_01.zip - [Click for QR Code] (10.0 KB, 10460 views)
File Type: zip fre3vo.zip - [Click for QR Code] (5.5 KB, 15754 views)
File Type: zip fastboot.zip - [Click for QR Code] (398.7 KB, 3353 views)
File Type: zip Vision-fre3vo-temp-root.zip - [Click for QR Code] (1.01 MB, 3398 views)
Last edited by Setherio; 27th October 2011 at 10:10 PM. Reason: Added a "Change Log" to keep track of past and future updates. --- Revised the intro to adb portion and added a couple links for further reference --- Added myTouch 4G to the guide.
Just some suggestions to avoid confusion when you run the command
Code:
adb shell cat /dev/msm_rotator
you should get the return of
Code:
/dev/msm_rotator: invalid length
you do not need to enter in this line.
Also after entering
Code:
/data/local/tmp/fre3vo -debug -start FAA90000 -end FFFFFFFF
or one like it and it fails (It should not) you need to reboot the phone between these attempts.
Thanks for writing the guide! We just posted the log lol
Thanks for the tips Cimer, I edited the post, hopefully that clarifies it a bit more.
I've been a quiet browser here on XDA for quite a while but I believe that was actually the first post I made =3 It took me a while to try to get it formatted... fluently / tried to make it easy to read and follow.
And hey, if it wasn't for you all posting the logs from #g2root, I would of never gotten my G2 back to being rooted. I think I had like 8 different pages open when I was doing it, reading the chat log, reviewing the pastebin data, et cetera. But it worked, after searching every day, the trick has been found.
On a side note, I picked the range "-start FAA90000 -end FFFFFFFF" because it appears that the exploit is most likely within that range. It was for yours "FBB47C00:1400", mine was "FBB4D600:A00", and a friend of mine was also an FBB*.
[GUIDE] Make your android device True Root! - by Napalm
I did this on my Nexus 7 but it should all still apply to most devices. You might need to follow different driver advice for other devices.
Pre-requirements:
Installation of the SDK platform-tools.
Have platform-tools directory of the SDK in your PATH environment variable (Google this if your unsure).
This was all done a Windows installation, but access to Linux will be required later on. Mac users might be able to get away with doing the Linux portions directly on there computer. Please let me know if your a Mac user and have had success with this and I will update the guide with details.
Step 1: Driver Installation (READ THIS, do not skip)
First I needed to update to the usb_driver from SDK and then modify the installation inf with the IDs for Nexus 7.
Browse to your SDK directory and futher into <SDK>\extras\google\usb_driver
Open android_winusb.inf in your favorite text editor.
Find the appropriate section Google.NTx86 if your on 32bit or Google.NTamd64 if your on 64bit (doesnt matter that your using intel chip). Now find the ";Google Nexus 7" line inside that section and you'll see a series of settings below. Add the following lines at the end of that block.
Code:
%CompositeAdbInterface% = USB_Install, USB\VID_18D1&PID_4E44&MI_01
%CompositeAdbInterface% = USB_Install, USB\VID_18D1&PID_D001
These are the identifiers for the Nexus 7 recovery and bootloader usb connections.
Step 2: Standard Root
Next you'll need access to the bootloader and recovery mode so follow this guide to unlock and "root" your device. http://forum.xda-developers.com/showthread.php?t=1741395
Here I've laid out the steps I did instead of the above. Remember this wipes your device and its internal memory completely, so backup your data.
All local work is done from the desktop, so when you first open a command prompt or if you close it and reopen it enter the following.
Code:
cd Desktop
Download CWM recovery image to Desktop. http://goo.im/devs/birdman/CWM-grouper-recovery.img
Download SuperSU CWM update zip to Desktop. http://forum.xda-developers.com/showthread.php?t=1538053
Go to Start or Start>Run and type in: cmd
Code:
cd Desktop
fastboot oem unlock
fastboot flash recovery CWM-grouper-recovery.img
adb reboot recovery
Now the device will reboot into recovery mode. If windows asks for drivers for the "new" usb connection direct the wizard to your <SDK>\extras\google\usb_driver. And the earlier modifications made in Step 1 should mean it installs the device and adb link.
Once drivers are installed and every is good go back to the command prompt, and type
Code:
adb devices
It should list your device with the word "recovery" next to it. If it doesn't then your device is not in recovery mode. Now enter in the following commands into the command prompt and it will make your devices CWM installation permanent.
Code:
adb shell
mount /system
cd /system
mv recovery-from-boot.p recovery-from-boot.bak
umount /system
exit
Now to install SuperSU. Tap "reboot system now" on the screen (if you dont see CWM, press the power button to show/hide it). Wait for the reboot. And then enter the following into the command prompt.
Code:
adb push CWM-SuperSU-v0.94.zip /sdcard
adb reboot recovery
Wait for reboot. You should see an image in the center of the screen. You might have to press the power button to toggle the visibility of the CWM menu. If you miss-tap on the screen, the power button acts like a back button and will return you to the previous menu screen.
Tap "install zip from sdcard" and then "choose zip from sdcard". Then select the CWM-SuperSU-v0.94.zip file (You may have to use the vol-up/down keys to highlight this if the file is listed off the bottom of the screen)
Let that install and then go back on the menus and choose "reboot system now".
Now if all is well after the reboot, if you run the following commands in command prompt.
Code:
adb shell
su
SuperSU might now prompt you on your devices screen to accept the root access, and then hopefully your command prompt should end in a # (this means you are root user 0). Now type exit twice to get back to the windows command prompt.
Now if you were to type "adb root" you will notice it tells you adbd is not able to go "full root". This will be solved in the next step. This is going to get complicated. You have been warned.
Step 3: True Rooting!
Now your device is "rooted". This is true, you now have a "su" binary installed and a visible app in the OS to manage super user privileges, but as a developer I want to be able to use things like "hierarchy viewer" on my live device. And have the room to do what I need to debug complex situations. So this is where True Root comes in. This essentially turns the device into a debug device that you would get direct from the manufacturer.
You may be able to get away with doing the following in a different way and you may not need to compile anything since fastboot has a boot flash option, but since I've never used this I've done it this way. If you prefer you can explore things in that direction, but be warned I've not tried it and so I have no idea if it would work.
Now for this step you will need access to a Linux installation. If you've never used Linux before don't be too afraid. But I am going to have to gloss over a few things. If you need further help on this step you will need to post in the topic and allow the community to advise on best pratices.
If you dont have access to a Linux installation or your newb to Linux then go here and follow the steps. It will add Linux to your PCs boot options and then you can go in and out of Linux when you need it. http://www.ubuntu.com/download/help/install-ubuntu-with-windows
Remember if your working on this step from a fresh Linux install like the above then you will probably want to install the android sdk for linux, at least enough to use adb from linux. This topic might help with this: http://forum.xda-developers.com/showthread.php?t=537508
Ok now from Linux follow along. You'll need git installed for this "apt-get install git".
We now need to compile the apps needed to modify our boot image. Details can be found here https://gist.github.com/1087757 but you might just want to follow my specific instructions.
Open a console window and type.
Code:
git clone https://android.googlesource.com/platform/system/core
cd core/libmincrypt
gcc -c *.c -I../include
ar rcs libmincrypt.a *.o
cd ../mkbootimg
gcc mkbootimg.c -o mkbootimg -I../include ../libmincrypt/libmincrypt.a
cd ../cpio
gcc mkbootfs.c -o mkbootfs -I../include
cd ../..
git clone https://github.com/beide/Bootimg-scripts.git
cd Bootimg-scripts
cp ../core/mkbootimg/mkbootimg ./
cp ../core/cpio/mkbootfs ./
Ok that has prapared the a Bootimg-scripts directory with the perl scripts we need and compiled binaries they use. Now make sure you have perl installed "apt-get install perl".
This is where things are going to split and it becomes your best guess as to how to proceed. I will show you the method I used from Windows. But if you have a installation of the SDK in Linux then you should be able to just open a new console and continue from here and ignore the bits I used to transfer files between Linux and Windows.
Back to the command console on Windows. We use adb to identify our boot partition and extract it.
Code:
adb shell cat /proc/partitions
You will now be presented with a list of paritions on your Nexus 7. Each block here for my device is 1K. So I'm looking down the list and I see one thats 8192 blocks, called "mmcblk0p2". Thats 8MB and I'm taking a educated guess that this is the boot partition, and for my Nexus 7 it is. (Note: if anyone has a better way of determining the boot parition please let me know).
Now we need to take a image of the partition. From here on out replace my partition device name in the commands below with yours if it differs.
Code:
adb shell
cat /dev/block/mmcblk0p2 > /sdcard/boot.img
exit
adb pull /sdcard/boot.img
Now if you want to confirm that this is the boot partition you will need to open the image file in your favorite hex editor and confirm the first bytes of the file are "ANDROID!" in ascii.
Now I FTP'd this image file over to my Linux box and into the Bootimg-scripts directory we created previously. If your following these steps from Linux then you should be able to open up the file manager and move the file into the folder.
Now back to Linux. We'll need to modify repack-bootimg.pl with a text editor of your choice. I leave this up to the reader. We need to modify line 19 the system call so that it starts with "./mkbootimg" rather than "mkbootimg". This is so perl fines mkbootimg in the local directory rather than anywhere else.
Now type in the linux console we had open in the Bootimg-scripts directory the following command.
Code:
perl ./unpack-bootimg.pl boot.img
ls -l
You should see boot.img-kernel.gz and boot.img-ramdisk.cpio.gz and a directory boot.img-ramdisk.
Open boot.img-ramdisk/default.prop in your favorite text editor and make the following adjustments.
ro.secure=1 should be edited to ro.secure=0 and ro.debuggable=0 should be ro.debuggable=1 and if you want ro.allow.mock.location can also be changed to 1 if you like.
Now we've made the required changes to our initrd (initial ramdisk) files we need to repack them to put back on the device.
Code:
perl ./repack-bootimg.pl boot.img-kernel.gz boot.img-ramdisk boot-debug.img
You will now have a new file called boot-debug.img. This contains our modified initial ramdisk. It will probably be smaller than the original. This is no concern as the original we copied was an image of the entire disk including the unused areas, where as the new image is only the data we need.
I now FTP'd this file back to my Windows machine, but as before if your doing this from Linux then you can just carry on.
We now need to flash this image file back onto the Nexus 7 replacing our current boot image. To do this we need to put the device into bootloader mode.
Back to your console/command window, and enter in.
Code:
adb reboot bootloader
Windows might want to install drivers and as before direct the wizard to <SDK>\extras\google\usb_driver.
Once your device is in bootloader mode. Go back to the console/command and enter in.
Code:
fastboot flash boot boot-debug.img
fastboot reboot
Now cross your fingers and hopefully you will get the boot loading animation and your device will get back to the Android launcher.
Now finally from your console/command window type in:
Code:
adb root
Hopefully if all is well it should reply with "adbd is already running as root". Now if you type in:
Code:
adb shell getprop ro.debuggable
It should tell you that its set to 1, meaning it is switched on.
Congratulations!! You have now True Rooted your device!.
You can now debug even system level apps, see log messages from all processes and logcat will now resolve all app names. Use Hierarchy Viewer on a live device instead of the horrible emulator. Do absolutely everything with your device that you want.
Happy hacking,
Napalm :good:
better late than never.....a thorough quide
Thanks for this guide.
Sent from my Nexus 7
Thanks.
Napalm2 said:
[GUIDE] Make your android device True Root! - by Napalm
I did this on my Nexus 7 but it should all still apply to most devices. You might need to follow different driver advice for other devices.
Pre-requirements:
Installation of the SDK platform-tools.
Have platform-tools directory of the SDK in your PATH environment variable (Google this if your unsure).
This was all done a Windows installation, but access to Linux will be required later on. Mac users might be able to get away with doing the Linux portions directly on there computer. Please let me know if your a Mac user and have had success with this and I will update the guide with details.
Step 1: Driver Installation (READ THIS, do not skip)
First I needed to update to the usb_driver from SDK and then modify the installation inf with the IDs for Nexus 7.
Browse to your SDK directory and futher into <SDK>\extras\google\usb_driver
Open android_winusb.inf in your favorite text editor.
Find the appropriate section Google.NTx86 if your on 32bit or Google.NTamd64 if your on 64bit (doesnt matter that your using intel chip). Now find the ";Google Nexus 7" line inside that section and you'll see a series of settings below. Add the following lines at the end of that block.
Code:
%CompositeAdbInterface% = USB_Install, USB\VID_18D1&PID_4E44&MI_01
%CompositeAdbInterface% = USB_Install, USB\VID_18D1&PID_D001
These are the identifiers for the Nexus 7 recovery and bootloader usb connections.
Step 2: Standard Root
Next you'll need access to the bootloader and recovery mode so follow this guide to unlock and "root" your device. http://forum.xda-developers.com/showthread.php?t=1741395
Here I've laid out the steps I did instead of the above. Remember this wipes your device and its internal memory completely, so backup your data.
All local work is done from the desktop, so when you first open a command prompt or if you close it and reopen it enter the following.
Code:
cd Desktop
Download CWM recovery image to Desktop. http://goo.im/devs/birdman/CWM-grouper-recovery.img
Download SuperSU CWM update zip to Desktop. http://forum.xda-developers.com/showthread.php?t=1538053
Go to Start or Start>Run and type in: cmd
Code:
cd Desktop
fastboot oem unlock
fastboot flash recovery CWM-grouper-recovery.img
adb reboot recovery
Now the device will reboot into recovery mode. If windows asks for drivers for the "new" usb connection direct the wizard to your <SDK>\extras\google\usb_driver. And the earlier modifications made in Step 1 should mean it installs the device and adb link.
Once drivers are installed and every is good go back to the command prompt, and type
Code:
adb devices
It should list your device with the word "recovery" next to it. If it doesn't then your device is not in recovery mode. Now enter in the following commands into the command prompt and it will make your devices CWM installation permanent.
Code:
adb shell
mount /system
cd /system
mv recovery-from-boot.p recovery-from-boot.bak
umount /system
exit
Now to install SuperSU. Tap "reboot system now" on the screen (if you dont see CWM, press the power button to show/hide it). Wait for the reboot. And then enter the following into the command prompt.
Code:
adb push CWM-SuperSU-v0.94.zip /sdcard
adb reboot recovery
Wait for reboot. You should see an image in the center of the screen. You might have to press the power button to toggle the visibility of the CWM menu. If you miss-tap on the screen, the power button acts like a back button and will return you to the previous menu screen.
Tap "install zip from sdcard" and then "choose zip from sdcard". Then select the CWM-SuperSU-v0.94.zip file (You may have to use the vol-up/down keys to highlight this if the file is listed off the bottom of the screen)
Let that install and then go back on the menus and choose "reboot system now".
Now if all is well after the reboot, if you run the following commands in command prompt.
Code:
adb shell
su
SuperSU might now prompt you on your devices screen to accept the root access, and then hopefully your command prompt should end in a # (this means you are root user 0). Now type exit twice to get back to the windows command prompt.
Now if you were to type "adb root" you will notice it tells you adbd is not able to go "full root". This will be solved in the next step. This is going to get complicated. You have been warned.
Step 3: True Rooting!
Now your device is "rooted". This is true, you now have a "su" binary installed and a visible app in the OS to manage super user privileges, but as a developer I want to be able to use things like "hierarchy viewer" on my live device. And have the room to do what I need to debug complex situations. So this is where True Root comes in. This essentially turns the device into a debug device that you would get direct from the manufacturer.
You may be able to get away with doing the following in a different way and you may not need to compile anything since fastboot has a boot flash option, but since I've never used this I've done it this way. If you prefer you can explore things in that direction, but be warned I've not tried it and so I have no idea if it would work.
Now for this step you will need access to a Linux installation. If you've never used Linux before don't be too afraid. But I am going to have to gloss over a few things. If you need further help on this step you will need to post in the topic and allow the community to advise on best pratices.
If you dont have access to a Linux installation or your newb to Linux then go here and follow the steps. It will add Linux to your PCs boot options and then you can go in and out of Linux when you need it. http://www.ubuntu.com/download/help/install-ubuntu-with-windows
Remember if your working on this step from a fresh Linux install like the above then you will probably want to install the android sdk for linux, at least enough to use adb from linux. This topic might help with this: http://forum.xda-developers.com/showthread.php?t=537508
Ok now from Linux follow along. You'll need git installed for this "apt-get install git".
We now need to compile the apps needed to modify our boot image. Details can be found here https://gist.github.com/1087757 but you might just want to follow my specific instructions.
Open a console window and type.
Code:
git clone https://android.googlesource.com/platform/system/core
cd core/libmincrypt
gcc -c *.c -I../include
ar rcs libmincrypt.a *.o
cd ../mkbootimg
gcc mkbootimg.c -o mkbootimg -I../include ../libmincrypt/libmincrypt.a
cd ../cpio
gcc mkbootfs.c -o mkbootfs -I../include
cd ../..
git clone https://github.com/beide/Bootimg-scripts.git
cd Bootimg-scripts
cp ../core/mkbootimg/mkbootimg ./
cp ../core/cpio/mkbootfs ./
Ok that has prapared the a Bootimg-scripts directory with the perl scripts we need and compiled binaries they use. Now make sure you have perl installed "apt-get install perl".
This is where things are going to split and it becomes your best guess as to how to proceed. I will show you the method I used from Windows. But if you have a installation of the SDK in Linux then you should be able to just open a new console and continue from here and ignore the bits I used to transfer files between Linux and Windows.
Back to the command console on Windows. We use adb to identify our boot partition and extract it.
Code:
adb shell cat /proc/partitions
You will now be presented with a list of paritions on your Nexus 7. Each block here for my device is 1K. So I'm looking down the list and I see one thats 8192 blocks, called "mmcblk0p2". Thats 8MB and I'm taking a educated guess that this is the boot partition, and for my Nexus 7 it is. (Note: if anyone has a better way of determining the boot parition please let me know).
Now we need to take a image of the partition. From here on out replace my partition device name in the commands below with yours if it differs.
Code:
adb shell
cat /dev/block/mmcblk0p2 > /sdcard/boot.img
exit
adb pull /sdcard/boot.img
Now if you want to confirm that this is the boot partition you will need to open the image file in your favorite hex editor and confirm the first bytes of the file are "ANDROID!" in ascii.
Now I FTP'd this image file over to my Linux box and into the Bootimg-scripts directory we created previously. If your following these steps from Linux then you should be able to open up the file manager and move the file into the folder.
Now back to Linux. We'll need to modify repack-bootimg.pl with a text editor of your choice. I leave this up to the reader. We need to modify line 19 the system call so that it starts with "./mkbootimg" rather than "mkbootimg". This is so perl fines mkbootimg in the local directory rather than anywhere else.
Now type in the linux console we had open in the Bootimg-scripts directory the following command.
Code:
perl ./unpack-bootimg.pl boot.img
ls -l
You should see boot.img-kernel.gz and boot.img-ramdisk.cpio.gz and a directory boot.img-ramdisk.
Open boot.img-ramdisk/default.prop in your favorite text editor and make the following adjustments.
ro.secure=1 should be edited to ro.secure=0 and ro.debuggable=0 should be ro.debuggable=1 and if you want ro.allow.mock.location can also be changed to 1 if you like.
Now we've made the required changes to our initrd (initial ramdisk) files we need to repack them to put back on the device.
Code:
perl ./repack-bootimg.pl boot.img-kernel.gz boot.img-ramdisk boot-debug.img
You will now have a new file called boot-debug.img. This contains our modified initial ramdisk. It will probably be smaller than the original. This is no concern as the original we copied was an image of the entire disk including the unused areas, where as the new image is only the data we need.
I now FTP'd this file back to my Windows machine, but as before if your doing this from Linux then you can just carry on.
We now need to flash this image file back onto the Nexus 7 replacing our current boot image. To do this we need to put the device into bootloader mode.
Back to your console/command window, and enter in.
Code:
adb reboot bootloader
Windows might want to install drivers and as before direct the wizard to <SDK>\extras\google\usb_driver.
Once your device is in bootloader mode. Go back to the console/command and enter in.
Code:
fastboot flash boot boot-debug.img
fastboot reboot
Now cross your fingers and hopefully you will get the boot loading animation and your device will get back to the Android launcher.
Now finally from your console/command window type in:
Code:
adb root
Hopefully if all is well it should reply with "adbd is already running as root". Now if you type in:
Code:
adb shell getprop ro.debuggable
It should tell you that its set to 1, meaning it is switched on.
Congratulations!! You have now True Rooted your device!.
You can now debug even system level apps, see log messages from all processes and logcat will now resolve all app names. Use Hierarchy Viewer on a live device instead of the horrible emulator. Do absolutely everything with your device that you want.
Happy hacking,
Napalm :good:
Click to expand...
Click to collapse
can't find recovery-from-boot.p. Y?
5implelove said:
can't find recovery-from-boot.p. Y?
Click to expand...
Click to collapse
Try not to quote a post that big mate, makes navigation a pain
5implelove said:
can't find recovery-from-boot.p. Y?
Click to expand...
Click to collapse
That part is only for the Nexus 7, and if you are using a Nexus 7 with custom ROM then this file may not exist. If you are using stock on a Nexus 7 then the only other question is whether you have renamed/moved/deleted it before. Once you
Code:
cd /system
type
Code:
ls -l recovery*
and see if anything is listed.
Napalm
Where did you find the info for step one?
Sent from my Nexus 7 using Tapatalk 2
I worked it out. You can find your VID and PID from your unknown device in Device Manager. You have to right click the device > Properties > Details > Choose Hardware Ids from the list. Since the driver from Google supports the same interfaces for other devices we can assume it works with the Nexus 7. I made the modifications and it works. Below is a full list of IDs if anyone wants them.
Napalm
Code:
Nexus 7
USB\VID_18D1&PID_4E40 : fastboot
USB\VID_18D1&PID_D001 : adb-recovery
USB\VID_18D1&PID_4E42 : composite-adb-interface (with mtp)
USB\VID_18D1&PID_4E42&MI_00: mtp-composite
USB\VID_18D1&PID_4E42&MI_01: adb-composite
USB\VID_18D1&PID_4E44 : composite-adb-interface (with ptp)
USB\VID_18D1&PID_4E44&MI_00: mtp-composite
USB\VID_18D1&PID_4E44&MI_01: adb-composite
USB\VID_18D1&PID_4E41 : mtp-only
USB\VID_18D1&PID_4E43 : ptp-only
Galaxy Nexus
USB\VID_18D1&PID_4E30 : fastboot
USB\VID_18D1&PID_D001 : adb-recovery
USB\VID_04E8&PID_6860 : composite-adb-interface (with mtp)
USB\VID_04E8&PID_6860&MI_00: mtp-composite
USB\VID_04E8&PID_6860&MI_01: adb-composite
USB\VID_04E8&PID_6866 : composite-adb-interface (with ptp)
USB\VID_04E8&PID_6866&MI_00: ptp-composite
USB\VID_04E8&PID_6866&MI_01: adb-composite
USB\VID_04E8&PID_685C : mtp-only
USB\VID_04E8&PID_6865 : ptp-only
Great guide, but why not just post up the new initrd for people that don't want to do this? It looks as if its the same for all devices.
As requested. Attached are the compiled tools and modified scripts used and the original and modified boot partition image files for the Nexus 7 running Android 4.1.2.
Napalm
Update for Android 4.2
Attached is the original and modified boot partition image files for the Nexus 7 running Android 4.2.
You can update yours with the following:
Code:
adb reboot-bootloader
fastboot flash boot nakasi-jop40c-android42-boot-new.img
Napalm
Attached is the original and modified boot partition image files for the Nexus 7 GSM/HSPA+ running Android 4.2.1
You can update yours with the following:
Code:
adb reboot-bootloader
fastboot flash boot nakasig-jop40d-android421-boot-new.img
Napalm
Amazing !
Is it possible to post the same file for N7 4.2.1 Wifi version?
Thanks
JulienDev said:
Amazing !
Is it possible to post the same file for N7 4.2.1 Wifi version?
Thanks
Click to expand...
Click to collapse
If I'm not mistaken, they are the same for wifi and 3g versions?
Same as before.. just an update for Android 4.2.2... as per the previous posts.. no idea if the non-GSM variant has the same boot partition. If anyone can test please post.
Attached is the original and modified boot partition image files for the Nexus 7 GSM/HSPA+ running Android 4.2.2
You can update yours with the following:
Code:
adb reboot-bootloader
fastboot flash boot nakasig-jdq39-android422-boot-mod.img
Getting a No_Command error
Hi, I am trying to true root Android M on my Nexus 7 2012 Wifi edition. I followed the steps here and was able to create the boot.img with the ro.debuggable=1 and ro.secure=0. however if i flash this boot.img the device boots and gets stuck in a android bot with a Red ! (bang) triangle. and says No command.
Any idea how to get ro.debuggable on for Android M?
INFORMATION
This guide is intended to make a full backup of your android phone (the entire memory block with all partitions) or a single partition (including sdcards, etc) directly to your computer, in either
Block level (with dd): for single partitions or whole memory block (all partitions in one piece). The backup always has the same size which is the size of the partition.
File level (with tar): only for individual partitions. This only includes files and folders, so occupies much less space, depending on how much filled is the partition.
It can be done with the phone powered on or from ClockWorkMod Recovery (from both ADB works, while in Fastboot doesn't so won't apply). Unless specified the commands meant to be used from Windows. For Linux and Unix is similar.
REQUIREMENTS
Rooted Android Phone
Busybox installed on your phone
If you are using Linux / OS X you have native tools, for Windows download Cygwin, and install with it netcat, pv and util-linux. Get them from Cygwin's setup.exe
ADB installed.
Make sure adb.exe is in your windows' path. See here and here, or use Path Manager.
Android phone with USB Debugging enabled, and the proper drivers installed on Windows so the phone is recognized. Typing 'adb devices' on a terminal should show your device.
PARTITION IDENTIFICATION
You now have to identify the partition or block device that you want to backup. For a single partition you can use either tar or dd, while for the entire memory block you can only use dd.
For example, on Galaxy Nexus you have the list of partitions here and for Galaxy S2 here.
Usually on android, the entire block containing all partitions is located at /dev/block/mmcblk0 and the data partitions is a subpartition of it. You can push parted with GPT support to your device and see all information on a partition or block.
Whole phone memory -> /dev/block/mmcblk0 (may vary, in some phones this is the sdcard)
Subpartitions -> depends on each device. Usually at /dev/block/platform/dw_mmc/by-name/ there are listed by name linking to the real device.
Back up of the whole memory block (via adb)
Connect the phone in ADB mode and unlock the screen.
Open one Cygwin Terminal and enter (replace mmcblk0 if needed):
Code:
adb forward tcp:5555 tcp:5555
adb shell
su
/system/xbin/busybox nc -l -p 5555 -e /system/xbin/busybox dd if=/dev/block/mmcblk0
You will see the cursor blinking at the left. Now the phone is waiting to send the block over the network.
Open another Cygwin terminal and type:
Code:
adb forward tcp:5555 tcp:5555
cd /path/to/store/the/backup
nc 127.0.0.1 5555 | pv -i 0.5 > mmcblk0.raw
You will see how the image size is growing until it finishes. Now you have the whole phone backed up in raw format. You can see the contents of the GPT partition with gptfdisk tool, available for windows, linux and such. See official website and sourceforge to get it. You can do it the same from ClockWorkMod Recovery but you have to mount first the /system partition since the busybox included with clockworkmod does not come with netcat and you have to use the one from the system partition.
With further linux tools you could edit or extract single partitions from the whole block.
You can use adb via wifi as well with applications like WiFi ADB.
Back up of the whole memory block (via wifi)
Original post: [Q] Nandroid directly to computer w/o sdcard
We need to install a FTP server on the computer or the other device, configure a user with a password if we want to, and set some port. It uses by default 21 but this example uses 40. We must set a home dir for the user with write permissions.
Usually is a good idea to put myfifo in /cache not in /data because we may overwrite sensitive data in case we want to use that raw image for data recovery.
Open one Cygwin terminal
Code:
adb shell
su
mkfifo /cache/myfifo
ftpput -v -u user -p pass -P 40 COMPUTER_IP block.raw /cache/myfifo
Open another Cygwin terminal
Code:
adb shell
su
dd if=/dev/block/mmcblk0p12 of=/cache/myfifo
Tips:
- Fifos only can be made on linux native filesystems, for example on a FAT partition is not possible.
- Reading from a partition does not modify it.
Now check on Filezilla Server the speed
Back up of the whole memory block (USB tethering, Wifi tethering)
To use tethering you have to disconnect the computer from all networks and connect it only to the phone with the type of connection you want.
Once you connect it, you can view the IP of the computer and the IP of the phone from connection properties. The ip is the computer ip and the gateway is the phone's ip.
Wifi Tethering: Computer <---Wifi---> Phone <---3G---> Internet
USB Tethering:
Computer <---USB---> Phone <---Wifi---> Internet
Conputer <---USB---> Phone <---3G---> Internet
This is exactly the same as via wifi, except that the transfer speed is much higher because the computer and the phone are directly connected, instead of using a router as a gateway. In this case, the gateway is the phone. USB tethering has the highest transfer rate.
Back up of a single partition (raw = every bit of the partition)
It is exactly the same as the the previous but replacing mmcblk0 by the corresponding partition. You can use in this particular case several software to read the partition from windows, depending on partition filesystem: DiskInternals Linux Reader, Ext2Read, Ext2 File System Driver for Windows, Ext4Explore, plugin for Total Commander and ImDisk Virtual Disk Driver. You can also use recovery software on individual partitions like Recuva in combination with VHD Tool or command line tools included with operating systems.
Back up of a single partition (tar = only files and folders)
In this case, you need the partition mounted. To see the list of mounted partitions type on Cygwin Terminal
Code:
adb shell mount
Now you need to know where is mounted the partition you want to backup, for example the firmware is mounted on /system, which is the ROM.
In this case you will have to open three terminals, because of android limitations:
Open one Cygwin terminal and create a fifo, in /cache, for example, and redirect the tar there
Code:
adb forward tcp:5555 tcp:5555
adb shell
su
/system/xbin/busybox mkfifo /cache/myfifo
/system/xbin/busybox tar -cvf /cache/myfifo /system
We have to do it this way because redirecting the tar to stdout (with - ) is broken on android and will corrupt the tar file.
Open a second Cygwin terminal and type:
Code:
adb forward tcp:5555 tcp:5555
adb shell
su
/system/xbin/busybox nc -l -p 5555 -e /system/xbin/busybox cat /cache/myfifo
Open a third Cygwin terminal and type:
Code:
adb forward tcp:5555 tcp:5555
cd /path/to/store/the/backup
nc 127.0.0.1 5555 | pv -i 0.5 > system.tar
You can browse the tar file with Winrar, Total Commander, PeaZip and almost any compression tool. Note that you shouldn't extract files or edit it since the tar format saves the permission and owner data for each file, that is lost when extracted to FAT / NTFS partitions and you will mess things when restoring.
LINKS
[GUIDE] Internal Memory Data Recovery - Yes We Can!
How to Create and Attach a Virtual Hard Disk in Windows 7
[Guide] Types of Android backups
mohsyn said:
On newer android versions (Im on 7.2) data folder has a folder media which is link to sdcard and one ends up backing up entire sd card. I had a 64gb backup which wasn't necessary
In order to avoid skipping the media folder i had to do some trial and error because busybox tar command is not completely the same as GNU tar.
Would appreciate if you can mention it in the mail guide to use the following command to backup /data folder without copying sdcard files
In first terminal
tar cv --exclude data/media/0 -f /cache/myfifo /data
in 3rd terminal
nc 127.0.0.1 5555 | pv -i 0.5 > data.tar
no change in second terminal
Cheers
Click to expand...
Click to collapse
Umm...how to restore back from computer?
Sent from MARVEL
I am a little new to this, I have installed Android sdk and i am able to see my device by using "adb devices" , i have also installed Cygwin, now i want to backup whole phone memory block so i tried executing the first line on cygin "adb forward tcp:5555 tcp:5555" i get an error saying -bash: adb :command not found.
I am sorry if i am missing any thing, please guide me, and also what do you mean by "download Cygwin, and install with it netcat, pv and util-linux"
Thanx a ton !!
aunriz said:
I am a little new to this, I have installed Android sdk and i am able to see my device by using "adb devices" , i have also installed Cygwin, now i want to backup whole phone memory block so i tried executing the first line on cygin "adb forward tcp:5555 tcp:5555" i get an error saying -bash: adb :command not found.
I am sorry if i am missing any thing, please guide me, and also what do you mean by "download Cygwin, and install with it netcat, pv and util-linux"
Thanx a ton !!
Click to expand...
Click to collapse
You've done almost everything! But you skipped the section "make sure adb is in your path"
Probably you have adb.exe in the path
Code:
C:\Program Files (x86)\android-sdk\platform-tools\adb.exe
So you have to just add it to the Cygwin's path (would be better if you had added it earlier to the windows' path and cygwin will import it automatically but it is ok)
Code:
export PATH="/cygdrive/c/Program Files (x86)/android-sdk/platform-tools":$PATH
Remember to backup the path previously if you want.
Code:
echo $PATH > mypathbackup.txt
scandiun said:
You've done almost everything! But you skipped the section "make sure adb is in your path"
Probably you have adb.exe in the path
Code:
C:\Program Files (x86)\android-sdk\platform-tools\adb.exe
So you have to just add it to the Cygwin's path (would be better if you had added it earlier to the windows' path and cygwin will import it automatically but it is ok)
Code:
export PATH="/cygdrive/c/Program Files (x86)/android-sdk/platform-tools":$PATH
Remember to backup the path previously if you want.
Code:
echo $PATH > mypathbackup.txt
Click to expand...
Click to collapse
Thanks for replying but i cant seem to run the 3rd line , see this
[email protected] ~
$ adb forward tcp:5555 tcp:5555
[email protected] ~
$ adb shell
$ /system/xbin/busybox nc -l -p 5555 -e /system/xbin/busybox dd if=/dev/block/mmcblk0
reloc_library[1311]: 10182 cannot locate 'android_reboot'...
CANNOT LINK EXECUTABLE
i hav sucessfully installed busybox v1.14.3, i am not sure what is causing the problem
EDIT:
i found that my directory ws system/bin instead of xbin
so i changed it and first part worked correctly, now i cant seem to get the second part
[email protected] ~
$ adb forward tcp:5555 tcp:5555
[email protected] ~
$ cd c:/
[email protected] /cygdrive/c
$ nc 127.0.0.1 5555 | pv -i 0.5 > mmcblk0.raw
-bash: nc: command not found
-bash: pv: command not found
aunriz said:
[email protected] /cygdrive/c
$ nc 127.0.0.1 5555 | pv -i 0.5 > mmcblk0.raw
-bash: nc: command not found
-bash: pv: command not found
Click to expand...
Click to collapse
You don't have installed pv and netcat on cygwin. Run the setup.exe and install them.
If you run
Code:
whereis pv
whereis nc
should give you some path (in cygwin) but applies similar inside android.
scandiun said:
You don't have installed pv and netcat on cygwin. Run the setup.exe and install them.
If you run
Code:
whereis pv
whereis nc
should give you some path (in cygwin) but applies similar inside android.
Click to expand...
Click to collapse
Now i hav installed cv and nc and commands run sucessfully, but i get the raw file as just 1kb
First terminal:
[email protected] ~
$ adb forward tcp:5555 tcp:5555
adb shell
[email protected] ~
$ adb shell
$ /system/bin/busybox nc -l -p 5555 -e /system/bin/busybox dd if=/dev/block/mmcblk0
/system/bin/busybox nc -l -p 5555 -e /system/bin/busybox dd if=/dev/block/mmcblk0
$
second terminal:
[email protected] ~
$ adb forward tcp:5555 tcp:5555
[email protected] ~
$ cd c:/
[email protected] /cygdrive/c
$ nc 127.0.0.1 5555 | pv -i 0.5 > mmcblk0.raw
55 B 0:00:00 [10.7kiB/s] [<=> ]
[email protected]
No idea what you may be doing wrong
Listen, I appreciate the guide, and it being basically the only one which popped up in google results, I can't gripe too much, but... you really, really need to make it more clear.
The point of a guide is to help a large group of people with varying degrees of knowledge (and if it's a guide targeted at a specific group of people, i.e tech savvy, then it needs to be indicated as such).
With that working definition in place, it follows that you should be as specific as possible; think of *everything*. By doing so, you not only avoid headaches for the people reading the guide, but for yourself as well since you don't have to reply to comments which might've otherwise been avoided.
I would post a question, but I'll probably have figured this out (with a good 1+ hours of searching no doubt) before anyone responds.
Here are some examples of what could be more specific:
"ADB installed." - what is ADB? Where's the link? It's not reasonable to assume people use these tools on a regular basis or remember them.
"You can push parted with GPT support to your device and see all information on a partition or block." - okay, so we know what it does but not how to install it or use it.
"ADB mode" - is this important? What is it? Not sure because it was glossed over.
These are just some examples. It's not the most horrendous trespass ever committed, but definitely annoying. Just spell it out from one step to the next, it works far better than topics with subheadings and unintuitive concepts being assumed as general knowledge on the behalf of noobs like me.
Edit: I'm just going to take everything off my SD card, use nandroid, and then copy the nandroid backup to computer as well. Please improve the guide, thanks.
Greatly appreciate this!
For me, a long-time UNIX and Linux administrator, this little guide was a breath of fresh air. Scandiun, *Thank You* for putting it together. It makes perfect sense to me -- just treat the phone as the linux machine it is. I'm becoming convinced that most of the more recent "developers" hanging around the android community have never used a linux machine before -- they don't seem to know what's going on, they go way out of their way to write overkill tools to do things clumsily that can already be done cleanly and quickly from the command line, and then they wrap those tools in so much mystery, black magic, and script-kiddie terminology that I can't figure out what they do either, and I certainly don't trust them doing things to my phone.
For example, I've got a new Galaxy S3, and just wasted a whole day digging around on xda, reviewing all of the "kewl rooting mods" until I got sick of it. Why the *heck* are people flashing entire partitions just to install a setuid /system/xbin/su on these devices? The rooting method I wound up using was dirt simple -- just find an rc exploit and use it to install an 'su' binary, by typing a few commands via adb. I used a variation of the exploit mentioned in http://seclists.org/fulldisclosure/2012/Aug/171, and elaborated in http://forum.xda-developers.com/showthread.php?t=1790104, http://forum.xda-developers.com/showthread.php?t=1792342, http://galaxys3root.com/galaxy-s3-root/how-to-root-u-s-canadian-dual-core-galaxy-s3-on-mac-osx/, and http://forum.xda-developers.com/showthread.php?t=1827518. If you are a UNIX person, you'll recognize what's going on with that exploit and be able to come up with something that suits your own needs. If you aren't a UNIX person, then you'll be completely lost. Sorta like this guide.
For anyone who doesn't yet know what adb is, or who's never used standard UNIX/Linux tools like dd, netcat, gparted, or busybox, I agree that this guide is not only not going to help you, but may actually aid you in shooting yourself in the foot with extreme efficiency. But please don't criticize or nag the OP in return for helpful advice freely given. You won't learn much about UNIX tools on an Android-related web site in any case. I recommend starting with a Linux systems administration book -- the Nemeth series is always good. But if you do take that route, you need to expect to take time to learn the basics.
Absolutely beautiful!
Thank you for this work. I was able to recover deleted files from my Galaxy Nexus' internal memory using this technique. I made a [GUIDE] using most of what you accomplished here: http://forum.xda-developers.com/showthread.php?p=34185439
Thank you, thank you, thank you! It can't be said enough. I had family photos that I would not have been able to reproduce. Much love to you and yours!
:good: :highfive: :victory:
so did anyone dare to restore the drive (all of storage, everything !)? without bricking the thing ?
mai77 said:
so did anyone dare to restore the drive? w.o bricking the thing ?
Click to expand...
Click to collapse
What drive? A partition?
scandiun said:
If you are using Linux / OS X you have native tools, for Windows download Cygwin, and install with it netcat, pv and util-linux. Get them from Cygwin's setup.exe
Click to expand...
Click to collapse
netcat is obsolete (mark to even find it) install net / nc instead
---------- Post added at 01:03 PM ---------- Previous post was at 01:03 PM ----------
scandiun said:
What drive? A partition?
Click to expand...
Click to collapse
all of storage I mean. the full monty ...
----------------------
parted seems to not work fully with Samsung galaxy Y = SGY proprietary rfs filesystem
on SGY mmcblk0 gives you the sd card, not internal storage with android.
backing up my sd card was a thing I could even do before I read this (lol)
mai77 said:
netcat is obsolete (mark to even find it) install net / nc instead
Click to expand...
Click to collapse
nc is an abbreviation for netcat. On Cygwin, you choose to install either, but for the original, written by the *Hobbit*, that allows direct execution of commands with -e and -t, you have to uncheck "Hide obsolete packages" on Cygwin's setup.exe.
The two of them are here:
Netcat 1.10 (netcat.traditional): http://www.netgull.com/cygwin/release-legacy/netcat/
Netcat 1.107 (netcat.openbsd): http://www.netgull.com/cygwin/release/nc/
mai77 said:
parted seems to not work fully with Samsung galaxy Y = SGY proprietary rfs filesystem
on SGY mmcblk0 gives you the sd card, not internal storage with android.
backing up my sd card was a thing I could even do before I read this (lol)
Click to expand...
Click to collapse
Can you post where is your whole memory block then or even the PIT file for that phone? You have an example here:
[Info] List of Samsung Galaxy S2 GT-I9100 devices and partitions
scandiun said:
Can you post where is your whole memory block then or even the PIT file for that phone? You have an example here:
[Info] List of Samsung Galaxy S2 GT-I9100 devices and partitions
Click to expand...
Click to collapse
I don't know where the "whole memory block" is or what it is. is it internal storage = NAND ?
here is the pit file:
mai77 said:
I don't know where the "whole memory block" is or what it is. is it internal storage = NAND ?
Click to expand...
Click to collapse
Yes it is the NAND. See your pit analysis here:
[INFO] Samsung Galaxy Y GT-S5360 PIT File Analysis
OK
scandiun said:
Yes it is the NAND. See your pit analysis here:
[INFO] Samsung Galaxy Y GT-S5360 PIT File Analysis
Click to expand...
Click to collapse
very interesting tool.
but how do I backup NAND in one piece on SGY ?
mmcblk0 = sd card
???blk0 = NAND
it must be somewhere ...
mai77 said:
but how do I backup NAND in one piece on SGY ?
mmcblk0 = sd card
???blk0 = NAND
it must be somewhere ...
Click to expand...
Click to collapse
Is almost sure that is under /dev/block. Please post the output of
Code:
ls -lR /dev/block
This guide has been made with and for the i9505, but will most likely also work on other Galaxy S4-models.
Please be extra careful on models other than i9505 as the 'mmcblkXpXX' partition numbers might differ on your device. How to check this is written in the procedure.
As I could not find a procedure in this forum yet, I have made one myself.
Of course all of the below is 'USE AT YOUR OWN RISK'.
Requirements before you start
Install KIES software (and included driver) and connected your S4 atleast once (to see if it works)
Have ADB-executable available. It can be found in the ADT Bundle from Google. There are also much smaller packages with ADB-only which will work. I might create one myself later on and attach it to this thread..
Device is rooted and has busybox-installed (default with motochopper root method). Applications with a similar name in Play Store will allow you to install busybox manually.
Enable developer mode, go to Settings - More - Device-info - Tap 7 times on 'Build number' to unlock 'Developer options' in the previous screen. Then go to 'Developer options' and thick 'USB debugging'
Connect USB cable to your computer and smartphone with 'USB debugging' enabled
Preparations for both backup methods
Now open a ADB-shell, in Windows this would be: 'cmd' in Start-menu (or CTRL+R).
Change the directory to the ADT directory: sdk\platform-tools. In my case:
Code:
cd C:\Android\sdk\platform-tools
Then start the shell using adb:
Code:
adb shell
If you get the error:
'error: device offline'
Then, check your device and allow USB debugging for the presented device. Now try again the command 'adb shell'
If all goes well, you will see the following:
[email protected]:/ $
Now switch to root-user:
Code:
su -
It is possible that the phone now asks you to permit or deny root access. Of course, please permit.
When the switch succeeds, the '$' changes to '#', but you can also verify it by the id-command:
Code:
[email protected]:/ # id
id
uid=0(root) gid=0(root) context=u:r:shell:s0
If it shows root, all is fine.
Then, check with the following command if /efs is available and mounted:
Code:
mount | grep efs
It should show something like:
Code:
mount | grep efs
/dev/block/platform/msm_sdcc.1/by-name/efs /efs ext4 rw,seclabel,nosuid,nodev,no
atime,discard,journal_checksum,journal_async_commit,noauto_da_alloc,errors=panic
,data=ordered 0 0
Backup method using TAR
NOTE: In case you left the ADB shell, please return to it using command 'adb shell' and switch to root again via 'su -' as described above.
Run the folowing command to backup the whole efs-partition (all the files available on the system):
Code:
tar -cvf /data/media/0/efs.tar /efs
Your output will look like this:
Code:
[email protected]:/ # tar -cvf /data/media/0/efs.tar /efs
tar -cvf /data/media/0/efs.tar /efs
tar: removing leading '/' from member names
efs/
efs/imei/
efs/imei/mps_code.dat
efs/wifi/
efs/wifi/.mac.info
efs/FactoryApp/
efs/FactoryApp/test_nv
efs/FactoryApp/hist_nv
efs/FactoryApp/fdata
efs/FactoryApp/serial_no
efs/FactoryApp/factorymode
efs/FactoryApp/keystr
efs/FactoryApp/hw_ver
efs/FactoryApp/baro_delta
efs/FactoryApp/prepay
efs/FactoryApp/earjack_count
efs/FactoryApp/batt_cable_count
efs/bluetooth/
efs/bluetooth/bt_addr
efs/gyro_cal_data
efs/00000000.authtokcont
efs/carrier/
efs/carrier/HiddenMenu
efs/drm/
efs/drm/widevine/
efs/drm/widevine/5dsokxEEDXgQhkN50bp-Z2K5InM_/
efs/drm/widevine/5dsokxEEDXgQhkN50bp-Z2K5InM_/D3qpp0bxmJhbiZwIsCbXJ1434rc_
efs/drm/widevine/5dsokxEEDXgQhkN50bp-Z2K5InM_/RXFABDUxyT6Q+Zwx9ZhPGOq2Bq8_
efs/drm/playready/
efs/drm/playready/00004.PRV
efs/drm/playready/playready0.dat
efs/drm/playready/playready1.dat
efs/drm/playready/playready.hds
efs/wv.keys
efs/log/
efs/log/boot_cause
efs/.files/
efs/.files/.dx1/
efs/.files/.dm33/
efs/.files/.mp301/
efs/ss_data
efs/h2k.dat
efs/hw_offset
This will add all files in /efs to the tar archive located on your internal memory as 'efs.tar'.
Now, the permissions of this tar are incorrect (for this location) so we have to correct them:
Change owner and group:
Code:
chown media_rw:media_rw /data/media/0/efs.tar
And the file permissions:
Code:
chmod 664 /data/media/0/efs.tar
Now, your tar-backup is ready and can be copied via MTP towards your computer or you can use adb to copy it over. First type 'exit' twice to exit the adb shell. CTRL+C is an alternative to leave the 'adb shell'.
Code:
adb pull /mnt/shell/emulated/0/efs.tar .
This will copy the efs.tar to your current directory, which is in my case C:\Android\sdk\platform-tools. You can also replace the last . with the directory where you would like to put the file in.
Backup method using 'dd'
NOTE: In case you left the ADB shell, please return to it using command 'adb shell' and switch to root again via 'su -' as described above.
From the output of the earlier executed command 'mount | grep efs', you can get the path of the EFS partition. It start with '/dev/block/..' is the part which you can use to find the original partition on your device.
As you can see, in my case this is, and I do not expect it to be any different on your device:
/dev/block/platform/msm_sdcc.1/by-name/efs
To check which 'mmcblk' partition it is, we should check out this link:
Code:
ls -al /dev/block/platform/msm_sdcc.1/by-name/efs
This will show you the mmcblk which is the EFS-partition:
Code:
ls -al /dev/block/platform/msm_sdcc.1/by-name/efs
lrwxrwxrwx root root 1970-01-05 23:39 efs -> /dev/block/mmcblk0p10
As you can see, the actual partition in my case is:
Code:
/dev/block/mmcblk0p10
I expect that this is the same for all i9505-devices, but it's better safe to check it. On i9500-devices this might be a different number as they have a different partition-layout, that's why we're checking this. It is very important to save this location, also for future restores.
Now, to backup the partition using dd, run the following command, please make sure that the part directly after 'if=' is the partition you found using the 'ls -l' command. In my case '/dev/block/mmcblk0p10':
Code:
dd if=/dev/block/mmcblk0p10 of=/data/media/0/efs.img
When it finishes, it will show you something like:
Code:
27904+0 records in
27904+0 records out
14286848 bytes transferred in 1.195 secs (11955521 bytes/sec)
This command reads the efs-partition, byte-by-byte to your internal memory, which you can transfer later on to your PC using ADB or MTP.
As the file created is owned by root:root and doesn't have the default permissions used for files at this location, it can be corrected with the following 2 commands:
Change owner and group:
Code:
chown media_rw:media_rw /data/media/0/efs.img
And the file permissions:
Code:
chmod 664 /data/media/0/efs.img
Now, your DD-backup is ready and can be copied via MTP towards your computer or you can use adb to copy it over. First type 'exit' twice to exit the adb shell. CTRL+C is an alternative to leave the 'adb shell'.
Code:
adb pull /mnt/shell/emulated/0/efs.img .
This will copy the efs.img to your current directory, which is in my case C:\Android\sdk\platform-tools. You can also replace the last . with the directory where you would like to put the file in.
To restore the files
Now to restore the files, in case there is really a need to, like imei-number ****up or something with the MAC-address of your wifi, or whatever.. the following commands can be used:
Of course, once again. USE AT YOUR OWN RISK!!!! Do not use this if not really necessary, as there are risks involved in doing this.
To restore the tar-backup, open 'adb shell' and switch to root using 'su -'. Now, first switch to the root directory, which is most likely not needed, but just to make sure the files will be extracted to the right location:
Code:
cd /
Before executing the next command, I assume that you have the efs.tar file in the root-directory of your internal SD-card.
Now, extract the tar file:
Code:
tar -xvf /data/media/0/efs.tar
This will extract the efs.tar file back to it's original location. It will show you something like:
Code:
[email protected]:/ # tar -xvf /data/media/0/efs.tar
tar -xvf /data/media/0/efs.tar
efs/
efs/imei/
efs/imei/mps_code.dat
efs/wifi/
efs/wifi/.mac.info
efs/FactoryApp/
efs/FactoryApp/test_nv
efs/FactoryApp/hist_nv
efs/FactoryApp/fdata
efs/FactoryApp/serial_no
efs/FactoryApp/factorymode
efs/FactoryApp/keystr
efs/FactoryApp/hw_ver
efs/FactoryApp/baro_delta
efs/FactoryApp/prepay
efs/FactoryApp/earjack_count
efs/FactoryApp/batt_cable_count
efs/bluetooth/
efs/bluetooth/bt_addr
efs/gyro_cal_data
efs/00000000.authtokcont
efs/carrier/
efs/carrier/HiddenMenu
efs/drm/
efs/drm/widevine/
efs/drm/widevine/5dsokxEEDXgQhkN50bp-Z2K5InM_/
efs/drm/widevine/5dsokxEEDXgQhkN50bp-Z2K5InM_/D3qpp0bxmJhbiZwIsCbXJ1434rc_
efs/drm/widevine/5dsokxEEDXgQhkN50bp-Z2K5InM_/RXFABDUxyT6Q+Zwx9ZhPGOq2Bq8_
efs/drm/playready/
efs/drm/playready/00004.PRV
efs/drm/playready/playready0.dat
efs/drm/playready/playready1.dat
efs/drm/playready/playready.hds
efs/wv.keys
efs/log/
efs/log/boot_cause
efs/.files/
efs/.files/.dx1/
efs/.files/.dm33/
efs/.files/.mp301/
efs/ss_data
efs/h2k.dat
efs/hw_offset
Then reboot your phone normally and see if it works again as you would expect.
If you restored the TAR-backup succesfully, you do not need to restore the dd-image. But in case your tar did not work or your /efs is not mounted due to corruption (in recovery) you can try the dd-recovery instead.
PLEASE BE AWARE THAT YOU SHOULD BE SURE ABOUT THE LOCATION OF THE EFS-PARTITION. THIS LOCATION WAS FOUND USING the 'ls -al /dev/block/platform/msm_sdcc.1/by-name/efs'-COMMAND EARLIER DESCRIBED. If you do not know this location, there's a risk you are overwriting other partitions (MODEM, SYSTEM, RECOVERY, ETC).
If you are sure about the original location, /dev/block/mmcblk......, then use this path just straight after 'of='. On my device the partition is /dev/block/mmcblk0p10.
Code:
dd if=/data/media/0/efs.img of=/dev/block/mmcblk0p10
Output will be similar to:
Code:
27904+0 records in
27904+0 records out
14286848 bytes transferred in 1.195 secs (11955521 bytes/sec)
This will read the efs.img and put it back in the original location.
NOTE 1: This thread gives you two options of backupping the EFS-partition. It is preferred to do both, better safe than sorry.
NOTE 2: Luckily, I have never had to restore any of the backups myself (not on this phone and not on earlier phones). This means that I was never able to test the restores, which counts for the most of us.
NOTE 3: DO NOT RESTORE unless you are really sure this will solve your issue. This will never resolve any lag or other problems with your rom.
NOTE 4: It is normal that the DD-file is much larger (10MB in size) as it also copies unused space and other meta-data of the partition.
NOTE 5: USE AT YOUR OWN RISK! Although the backup part is nearly riskless.
Note X: Feel free to thank me for this post.
Reservation for second post, just in case.
Isn't rooting and using rootexplorer to zip de efs folder to external SD card and just copying that with a microSD cabel way easier?
johan81 said:
Isn't rooting and using rootexplorer to zip de efs folder to external SD card and just copying that with a microSD cabel way easier?
Click to expand...
Click to collapse
Yes, zipping is easier but you will lose your permissions (owner and file permissions (changed via chown/chmod)) so it is actually not a good backup. The permissions/ownerships are backupped with the tar- and dd-backup.
The dd-file includes more than just the file; it also contains the partition meta-data, in case your filesystem got corrupted and it is not possible to recovery it.
Good job man.
EFS Professional v2.0.35 is now support S4. You can also use this:
http://forum.xda-developers.com/showthread.php?t=1308546
shaq1907 said:
EFS Professional v2.0.35 is now support S4. You can also use this:
http://forum.xda-developers.com/showthread.php?t=1308546
Click to expand...
Click to collapse
dont seem to work crashes out while backing up
working now with new update
anybody knows how to adb read the the entire partition table of the galaxy s4?