Related
Hi all,
Saw there were no guides for ClockworkMod install on Mac. And people cool enough to have the DHD must also surely have Macs Or like hacking about enough to have a hackintosh. So anyways, I made a guide.
Rooting and s-off
I rooted using this thread here
http://forum.xda-developers.com/showthread.php?t=835746
You need to download visionary r12 and a terminal emulator, but its all explained there. Exact same process as for windows users.
Once you are rooted and have s-off, come back here.
ClockworkMod Recovery (Updated guide for [email protected] version)
1. Download the Android SDK for Mac from HERE
Extract it, then move the whole folder to the root of your main drive
e.g for me its full path is "/Snow/android-sdk-mac_x86"
2. Download the HTC fastboot binary from Here
Then extract it and move it to /xxxx/android-sdk-mac_x86/tools/
3. Download the clockwork.img from This thread
And copy it to the tools folder where you put fastboot
4. Connect your DHD to the computer in charge only mode.
5. Open Terminal.app
6. Type
Code:
cd /xxxx/android-sdk-mac_x86/tools/
Where xxxx is the name of your drive
And press enter.
If the drive where your sdk folder is located has a space in its name, you have to add a backslash before the second word.
e.g if your drive is called "Macintosh HD" the path will be:
/Macintosh \HD/android-sdk-mac_x86/tools
Alternatively, if you cant be asked typing into terminal, type cd, then a space, drag the tools folder to the terminal window, make sure it says the right path, then press enter.
7. Type
Code:
./adb devices
And press enter
Check your device is listed correctly y checking its serial number in settings on your phone with the serial number that comes up
8.Type
Code:
./adb reboot bootloader
And press enter
This should reboot your phone to bootloader, with green writing at the top, then fastboot USB in red.
9. Now type
Code:
./fastboot flash recovery clockwork.img
And press enter
If youve done it correctly, it will say
Code:
sending 'recovery' (4914 KB)... OKAY
writing 'recovery'... OKAY
10. Now use the volume buttons to navigate, and power button to select, and navigate to bootloader, then once that loads, to recovery.
Let it load and ClockworkMod will load.
Then click down through the whole menu 3 times until it says 'back menu button enabled"
This means the power button now is the select button.
You now have CM successfully installed, and can reboot, install new roms etc as you please!
No guarantee provided for this guide, if it breaks your device, blows up the computer, gets you sued by google or whatever, I am not responsible and you do all this at your own risk.
Any improvements to the guide, please say in the thread.
I am also working on a script/app to do it all on OS X with one click. Will hopefully be done once this 10 days of coursework and tests is over!
Happy Flashing and thanks to all the devs that made this possible!
Rory
excellent looking forward to the app!
mac OS x needs love from android! devs
Yeah!!!
Useful Guide! Thanks!!
Thanks!
I'm running Ubuntu and the commands are basically the same for Linux systems.
But Linux users will need to add a small file to let the OS see the Device correctly.
Follow step 3 "Setup your system to detect your device." in the guide below:
http://developer.android.com/guide/developing/device.html
Great guide!!!
but on Mac I ceep on getting a signature error??
What am i forgetting?
duanes said:
Great guide!!!
but on Mac I ceep on getting a signature error??
What am i forgetting?
Click to expand...
Click to collapse
Not sure mate, maybe look in the windows threads.
First thing I would suggest is redownload the recovery image.
At what point are you getting the signature error?
excellent i just did it..and my DHD is free!
nandihno said:
excellent i just did it..and my DHD is free!
Click to expand...
Click to collapse
Glad I could help. Will soon be expanding it for flashing kernels and ROMs using fastboot.
Thank you so much for this tutorial is very useful! If Mac users who believe that this method is difficult, can install BootCamp and run Windows natively. I use Windows 7 Ultimate under BootCamp to use the tools for Root, Downgrade, etc... (remember: for use the tools under Windows, runing under "Administrator mode" click right on mouse over the EXE file
Someone with a Mac to use Parallels Desktop or VMWare Fusion for root, to Downgrade, etc with the DHD?
Regards,
I recently bricked my Atrix 2, and since I don't have easy access to a Windows machine, I attempted to flash it back to stock using fastboot from the android dev tools. I noticed that the XML file in the FXZ looked like a set of fastboot commands, so that's what I tried to do. However, no matter which zip I started from, it always failed to flash system.img, saying that verification failed. After giving up on that approach, I used a friend's windows machine to flash the exact same zip using RSDLite, and it succeeded just fine. This leads me to conclude that RSDLite must be doing something special when flashing the system.img. Does anyone know what it is, and is there a way to do the same thing using the standard Android development tools (fastboot, etc)?
Thanks!
bemjb said:
I recently bricked my Atrix 2, and since I don't have easy access to a Windows machine, I attempted to flash it back to stock using fastboot from the android dev tools. I noticed that the XML file in the FXZ looked like a set of fastboot commands, so that's what I tried to do. However, no matter which zip I started from, it always failed to flash system.img, saying that verification failed. After giving up on that approach, I used a friend's windows machine to flash the exact same zip using RSDLite, and it succeeded just fine. This leads me to conclude that RSDLite must be doing something special when flashing the system.img. Does anyone know what it is, and is there a way to do the same thing using the standard Android development tools (fastboot, etc)?
Thanks!
Click to expand...
Click to collapse
Fastboot is basically doing what RSD Lite does manually. If you keep on getting a flash system.img error mkake sure that you have the proper drivers. You can download Android-SDK for your platform and then open the manager. There should be an option to install a drivers package.
I am pretty sure RSD Lite does nothing special. I have flashed just the system.img multiple times to quickly get my phone back up and running.
.
farshad525hou said:
Fastboot is basically doing what RSD Lite does manually. If you keep on getting a flash system.img error mkake sure that you have the proper drivers. You can download Android-SDK for your platform and then open the manager. There should be an option to install a drivers package.
I am pretty sure RSD Lite does nothing special. I have flashed just the system.img multiple times to quickly get my phone back up and running.
.
Click to expand...
Click to collapse
Thanks, but there are no USB drivers available for Mac OS X: the Android SDK says that they are unavailable for this platform. Maybe if I get the chance, I'll see if doing the flash with fastboot on Windows gives different results.
Are you using moto-fastboot?
Oh there's a Mac version here (from here)
There's a size limit on flash operations with normal fastboot.
moofree said:
Are you using moto-fastboot?
Oh there's a Mac version here (from here)
There's a size limit on flash operations with normal fastboot.
Click to expand...
Click to collapse
I've been using normal fastboot, I didn't realize there was a difference there. Thanks a ton, I'm sure that will solve my issue!
This needs to be added to to using the fastboot command that Farshad posted.
If you are doing this from OS X or linux, or well even windows, I posted a string of commands on how to flash these files using fastboot, there is a certain order, and there are files from the fxz you will need to skip.
Next time please do a search on this board for fastboot flash commands....
I will be nice and post this one last time, but this has been answered by me about 10 times now.... just saying....
run these commands from the OS X or linux terminal command line:
cd to the directory that contains the fxz files, and run the following (make sure that the adb and fastboot commands are in your path, I will not include that here, you should google how to add things to your path):
Code:
fastboot erase userdata
fastboot erase boot
fastboot erase system
fastboot erase recovery
fastboot flash userdata userdata.img
fastboot flash system system.img
fastboot flash recovery recovery.img
fastboot flash boot boot.img
fastboot reboot
jimbridgman said:
This needs to be added to to using the fastboot command that Farshad posted.
If you are doing this from OS X or linux, or well even windows, I posted a string of commands on how to flash these files using fastboot, there is a certain order, and there are files from the fxz you will need to skip.
Next time please do a search on this board for fastboot flash commands....
I will be nice and post this one last time, but this has been answered by me about 10 times now.... just saying....
run these commands from the OS X or linux terminal command line:
cd to the directory that contains the fxz files, and run the following (make sure that the adb and fastboot commands are in your path, I will not include that here, you should google how to add things to your path):
Code:
fastboot erase userdata
fastboot erase boot
fastboot erase system
fastboot erase recovery
fastboot flash userdata data.img
fastboot flash system system.img
fastboot flash recovery recovery.img
fastboot flash boot boot.img
fastboot reboot
Click to expand...
Click to collapse
do you really have to erase before flashing? I always try to avoid formatting system, but I have not done this manually, so you may have to.
lkrasner said:
do you really have to erase before flashing? I always try to avoid formatting system, but I have not done this manually, so you may have to.
Click to expand...
Click to collapse
Yes if you don't you will most likely get an error when you try to flash system.img, over a different system version.
jimbridgman said:
This needs to be added to to using the fastboot command that Farshad posted.
If you are doing this from OS X or linux, or well even windows, I posted a string of commands on how to flash these files using fastboot, there is a certain order, and there are files from the fxz you will need to skip.
Next time please do a search on this board for fastboot flash commands....
I will be nice and post this one last time, but this has been answered by me about 10 times now.... just saying....
run these commands from the OS X or linux terminal command line:
cd to the directory that contains the fxz files, and run the following (make sure that the adb and fastboot commands are in your path, I will not include that here, you should google how to add things to your path):
Code:
fastboot erase userdata
fastboot erase boot
fastboot erase system
fastboot erase recovery
fastboot flash userdata data.img
fastboot flash system system.img
fastboot flash recovery recovery.img
fastboot flash boot boot.img
fastboot reboot
Click to expand...
Click to collapse
Sorry I missed your other explanations. I did see a lot of posts with random fastboot commands, but pretty much none with any sort of explanation or rationale. Most of them seemed to be on the order of "Use these commands because I said so" or "I used these and they seem to work, I don't know why".
Do you have a writeup where you explain why should I flash with fastboot in a different order than is given in the fxz? And can you explain why you are skipping flashing most of the partitions? None of the instructions for using RSD Lite suggested removing nearly that many of the entries in the xml file, so I would like to know why I wouldn't want to flash the same things that RSD Lite would be flashing.
If you do have a canonical post explaining what needs to be done and why, I can ask the maintainer of the newbie information post to add a link to that post, so that it is easy to find and hopefully make it so that you don't have to post about it again. If that post doesn't exist, if you would like to give me enough information to write it, I am more than happy to write it up (crediting you for the info, of course), and then see about getting it added to the newbie post.
bemjb said:
Sorry I missed your other explanations. I did see a lot of posts with random fastboot commands, but pretty much none with any sort of explanation or rationale. Most of them seemed to be on the order of "Use these commands because I said so" or "I used these and they seem to work, I don't know why".
Do you have a writeup where you explain why should I flash with fastboot in a different order than is given in the fxz? And can you explain why you are skipping flashing most of the partitions? None of the instructions for using RSD Lite suggested removing nearly that many of the entries in the xml file, so I would like to know why I wouldn't want to flash the same things that RSD Lite would be flashing.
If you do have a canonical post explaining what needs to be done and why, I can ask the maintainer of the newbie information post to add a link to that post, so that it is easy to find and hopefully make it so that you don't have to post about it again. If that post doesn't exist, if you would like to give me enough information to write it, I am more than happy to write it up (crediting you for the info, of course), and then see about getting it added to the newbie post.
Click to expand...
Click to collapse
The reason is there are other files, and some are binary files that run commands and make changes to the bootloader, and other things, you do not need any of that to have a working phone. Some of them also open the bootloader to allow flashing, which is not needed if you erase the boot partition first. Any of those files like mbmloader, and anything with .bin after it will not work correctly unless you use RSDlite, it sends the signatures and such to the files that require it.
For getting your phone back up in a quick and dirty fashion we don't care about the signatures, we are assuming you got the fxz from a known source, by doing it this way.
You should do other research besides this site, pull apart a few roms, the fxz, and figure out how they work. Do some android research as to the boot process, etc. That how this kind of information is learned. The why in this case is less important. I would have to explain android and linux and how they boot as well in more detail here, but those are best left to the google and linux explanation sites.
This is not a process for a beginner, that is why it is not in the beginner thread. It has the possibility of hard bricking your phone if a mistype happens.
I am going to be 100% honest here, if you don't know any of the information I am referring to in this post, just use RSDlite, it has checks and safeguards that this process does not.
If you really want to learn about this, and not just asking questions because you don't understand, then jump in with us devs and start to learn, pull apart some ROMs flash a few ROMs, build a few ROMs, those things will teach you more than you will ever need to know about what files are and are not needed for a working phone. Also google is a good resource.
Also your boot.img and your recovery.img could be left out, since they are never touched by you or a ROM flash. I leave them in for a slight safeguard that your phone will actually be wiped clean.
P.S. I am a linux and OS X user myself, hence why I learned all of this a long time ago... I have been using and working on android since the G1 firat came out.
I also use bootcamp with win7 just to use RSDlite, when the need arises... that is not often, if you follow my process. It skips all the checking, processing that RSDlite does with using fastboot.
jimbridgman said:
The reason is there are other files, and some are binary files that run commands and make changes to the bootloader, and other things, you do not need any of that to have a working phone. Some of them also open the bootloader to allow flashing, which is not needed if you erase the boot partition first. Any of those files like mbmloader, and anything with .bin after it will not work correctly unless you use RSDlite, it sends the signatures and such to the files that require it.
For getting your phone back up in a quick and dirty fashion we don't care about the signatures, we are assuming you got the fxz from a known source, by doing it this way.
You should do other research besides this site, pull apart a few roms, the fxz, and figure out how they work. Do some android research as to the boot process, etc. That how this kind of information is learned. The why in this case is less important. I would have to explain android and linux and how they boot as well in more detail here, but those are best left to the google and linux explanation sites.
This is not a process for a beginner, that is why it is not in the beginner thread. It has the possibility of hard bricking your phone if a mistype happens.
I am going to be 100% honest here, if you don't know any of the information I am referring to in this post, just use RSDlite, it has checks and safeguards that this process does not.
If you really want to learn about this, and not just asking questions because you don't understand, then jump in with us devs and start to learn, pull apart some ROMs flash a few ROMs, build a few ROMs, those things will teach you more than you will ever need to know about what files are and are not needed for a working phone. Also google is a good resource.
Also your boot.img and your recovery.img could be left out, since they are never touched by you or a ROM flash. I leave them in for a slight safeguard that your phone will actually be wiped clean.
P.S. I am a linux and OS X user myself, hence why I learned all of this a long time ago... I have been using and working on android since the G1 firat came out.
I also use bootcamp with win7 just to use RSDlite, when the need arises... that is not often, if you follow my process. It skips all the checking, processing that RSDlite does with using fastboot.
Click to expand...
Click to collapse
Thanks for the rather comprehensive reply. Sadly, I do not have the time or inclination to build ROMs, in fact, I may not have dug into this at all if I had a Windows license, but I do not. So it is true that I didn't know all of the information that you mentioned in the post, but I had guessed a lot of it given the format of the xml file in the fxz and the names of the partitions. I just like to verify that my guesses are not incorrect, thus the questions. I do have plans to spend some time reading Google's official Android documentation, I just hadn't gotten there yet.
Anyways, while I am not interested in building ROMs, given the format of the xml file, it looks like it would be a fairly easy task to build a Java application that would read the XML file, check the MD5 sums, and then do the flashing just like RSD Lite. If I was to do something to contribute to the development effort, I'd probably start there. Don't know if I'll have time, but that's much more of a problem to me than a custom ROM. You mention signature checking: does RSD Lite actually check cryptographic signatures on the images themselves, or is it only checking the MD5s? (Feel free to ignore that question if you think I should spend some time Googling, if you don't answer, I'll get around to looking it up eventually)
P.S. I am an experienced Linux and OS X user. I only happen to be new to the Android world. (I was using webOS before this)
bemjb said:
Thanks for the rather comprehensive reply. Sadly, I do not have the time or inclination to build ROMs, in fact, I may not have dug into this at all if I had a Windows license, but I do not. So it is true that I didn't know all of the information that you mentioned in the post, but I had guessed a lot of it given the format of the xml file in the fxz and the names of the partitions. I just like to verify that my guesses are not incorrect, thus the questions. I do have plans to spend some time reading Google's official Android documentation, I just hadn't gotten there yet.
Anyways, while I am not interested in building ROMs, given the format of the xml file, it looks like it would be a fairly easy task to build a Java application that would read the XML file, check the MD5 sums, and then do the flashing just like RSD Lite. If I was to do something to contribute to the development effort, I'd probably start there. Don't know if I'll have time, but that's much more of a problem to me than a custom ROM. You mention signature checking: does RSD Lite actually check cryptographic signatures on the images themselves, or is it only checking the MD5s? (Feel free to ignore that question if you think I should spend some time Googling, if you don't answer, I'll get around to looking it up eventually)
P.S. I am an experienced Linux and OS X user. I only happen to be new to the Android world. (I was using webOS before this)
Click to expand...
Click to collapse
No worries.... I am and have been a unix linux architect for 20 years (yes I got a job as a sysadmin at 17), been using macs since the 80s, I don't own a machine with a fulltime windows install. I only recently installed win 7 on my bootcamp partition on my macbook just for rdslite, only used it twice....
I have a shell script that will flash the phone using the commands I posted, if you would like I can upload it and post a link tomorrow. My shell script works on both os x and linux.
If you you try to do EXACTLY what rsdlite does line by line it will FAIL, even with a java app. The bin files and the mbm files can only be utilized with RSDlite. RSDlite has SEVERAL checks that only it can do after each step.... If you want to restore the fxz using the mac or linux the shell script is the easiest, no real need for all the fluff, of rsdlite or an app. I have done it about 20 times now without issue, so have others on here.
Again, just let me know if you want my script and I will post it here.
And no it does not check the cryptographic signature of the bootloader, but the mbm program that rdslite runs, does check the signature of the boot image and the bootloader.
I was not implying that you actually jump into rom dev work.... just that, by doing some pulling apart and attempting it will teach you more than reading the android docs.
If you are a linux guy then hopefully you know what sec linux is, and how it uses signatures with the bootloader. That is similar to what motorola has done with their bootloader on their android phones.
Jim
Sent from my MB865 using xda premium
jimbridgman said:
No worries.... I am and have been a unix linux architect for 20 years (yes I got a job as a sysadmin at 17), been using macs since the 80s, I don't own a machine with a fulltime windows install. I only recently installed win 7 on my bootcamp partition on my macbook just for rdslite, only used it twice....
I have a shell script that will flash the phone using the commands I posted, if you would like I can upload it and post a link tomorrow. My shell script works on both os x and linux.
If you you try to do EXACTLY what rsdlite does line by line it will FAIL, even with a java app. The bin files and the mbm files can only be utilized with RSDlite. RSDlite has SEVERAL checks that only it can do after each step.... If you want to restore the fxz using the mac or linux the shell script is the easiest, no real need for all the fluff, of rsdlite or an app. I have done it about 20 times now without issue, so have others on here.
Again, just let me know if you want my script and I will post it here.
And no it does not check the cryptographic signature of the bootloader, but the mbm program that rdslite runs, does check the signature of the boot image and the bootloader.
I was not implying that you actually jump into rom dev work.... just that, by doing some pulling apart and attempting it will teach you more than reading the android docs.
If you are a linux guy then hopefully you know what sec linux is, and how it uses signatures with the bootloader. That is similar to what motorola has done with their bootloader on their android phones.
Jim
Sent from my MB865 using xda premium
Click to expand...
Click to collapse
You do have a couple of years on me on Linux use, and definitely lots more years of Mac use, I didn't use Macs until OS X. But I think we've established geek cred quite effectively at this point. ;-)
Thanks for offering the script, but if it literally just runs the commands that you gave earlier, it would be simple for me to just toss one together myself. (Now, if you want to elaborate on the secret sauce in RSDLite, I'd be all ears.
I do know what SELinux is. I haven't looked into the specifics of how they use signatures with the bootloader, but I have a pretty good idea of ways that it could be implemented. It does make a lot of sense that Moto would do something similar to SELinux. Actually, I'm a little bit surprised that they're doing something similar and not just doing the same thing, but perhaps the bootloaders are different enough that they needed to roll their own signing. (Or they just did what a lot of people do and fell into NIH syndrome.)
Thanks,
Bem
jimbridgman said:
This needs to be added to to using the fastboot command that Farshad posted.
If you are doing this from OS X or linux, or well even windows, I posted a string of commands on how to flash these files using fastboot, there is a certain order, and there are files from the fxz you will need to skip.
Next time please do a search on this board for fastboot flash commands....
I will be nice and post this one last time, but this has been answered by me about 10 times now.... just saying....
run these commands from the OS X or linux terminal command line:
cd to the directory that contains the fxz files, and run the following (make sure that the adb and fastboot commands are in your path, I will not include that here, you should google how to add things to your path):
Code:
fastboot erase userdata
fastboot erase boot
fastboot erase system
fastboot erase recovery
fastboot flash userdata userdata.img
fastboot flash system system.img
fastboot flash recovery recovery.img
fastboot flash boot boot.img
fastboot reboot
Click to expand...
Click to collapse
Hm. My bootloader and I are not on very good terms atm :\
-It tells me "command restricted" when erasing system, recovery, or boot with fastboot. RSD Lite just says "FAIL."
-Also, it tells me "preflash validation failure" when flashing boot or recovery. RSD Lite again just says "FAIL"
-It also gives me the "preflash validation failure" when flashing system with fastboot. Moto-fastboot and RSD Lite both work. Maybe fastboot would work if we could erase system?
-Finally, we don't have a userdata.img
cogeary said:
Hm. My bootloader and I are not on very good terms atm :\
-It tells me "command restricted" when erasing system, recovery, or boot with fastboot. RSD Lite just says "FAIL."
-Also, it tells me "preflash validation failure" when flashing boot or recovery. RSD Lite again just says "FAIL"
-It also gives me the "preflash validation failure" when flashing system with fastboot. Moto-fastboot and RSD Lite both work. Maybe fastboot would work if we could erase system?
-Finally, we don't have a userdata.img
Click to expand...
Click to collapse
In the first line the fastboot command I referenced and that Farshad mentioned and linked to is the moto-fastboot command. You are supposed to rename the binary to fastboot, there was a readme at one time that explained that and was included with the download of moto-fastboot.
Also, yes we don't have a Userdata.img, but I pulled this from my own personal script, that I have been using since the G1 days, that was my first android phone. My script is not customized for just our phone, so the userdata.img line will fail, but since we don't need it, it is no big deal.
Jim
jimbridgman said:
In the first line the fastboot command I referenced and that Farshad mentioned and linked to is the moto-fastboot command. You are supposed to rename the binary to fastboot, there was a readme at one time that explained that and was included with the download of moto-fastboot.
Also, yes we don't have a Userdata.img, but I pulled this from my own personal script, that I have been using since the G1 days, that was my first android phone. My script is not customized for just our phone, so the userdata.img line will fail, but since we don't need it, it is no big deal.
Jim
Click to expand...
Click to collapse
Oh I see now . I typically use moto-fastboot but I never renamed it. Thanks for the clarification.
cogeary said:
Oh I see now . I typically use moto-fastboot but I never renamed it. Thanks for the clarification.
Click to expand...
Click to collapse
Yeah the reason to rename the binary/exe, was for compatibility with other scripts and programs in old days, when there was no odin or RSDlite, etc. I still do it, so that if someone does come up with some bad-assed way to do something via a script or other means for another phone, then I don't have to edit their script to reference the "moto-fastboot" binary/exe. I just rename the fastboot to fastboot-orig, or fastboot-google. If I ever change phones, and I will, I can rename the binary/exe again real easy.
Just one of those things I have learned over the years with both android and linux and well even in the old DOS and windows NT 3.51 and 4.0 command line days.
Disclaimer: This is BETA. It works well, but may still set fire to your house if you anger it.
UPDATE 11/14/12 - Updated OP with SLS's device detection code fixes.
Update 2: Fixed bug in device detection loop causing freeze at "Waking Device"
JET - The Jewel/Evita Tool "kit."
This all started as a downgrade script for the Jewel. You can follow the original JET thread in the EVO 4G LTE forums. I'm creating this thread to track/support issues from Evita users.
JET performs several useful functions, including:
Downgrading your HBOOT to 1.09 for easier radio flashing.
SuperCID (For HTCDev unlocking)
Partition/IMEI backup.
Detection of eMMC partitions on a phone stuck in Qualcomm download mode
Possible unbricking of your device (depending on circumstances)
JET is and always will be 100% open source and with full support given here on XDA.
Changelog
11/9/12 - Name change to better reflect the direction of this project. Ported to Evita. Rewrote device detection code.
11/1/2012 - Added SuperCID capability
10/24/2012 - Modified emmc_recover to catch stalls at "Wait device /dev/sdXXX......" and try to recover.
10/21/2012 - Added --recover and --unbrick command line options
10/19/2012 - Beta posted
Click to expand...
Click to collapse
Credits:
Credit for the original EVO downgrading idea belongs to Mac_Gyver as seen in this post:
http://forum.xda-developers.com/showthread.php?t=1932914
This post refined that process and can still be referenced for manual downgrading:
http://forum.xda-developers.com/showpost.php?p=32761598&postcount=107
Closeone for code submissions and a steady flow of awesome ideas.
SouL Shadow for some slick logging code
Initial Testers (AKA People willing to let a total stranger intentionally brick their phone for SCIENCE!)
AZ Fadeout
benny3
kjcmusic17
michael.stollaire
My lovely wife (distract with shiny object, snatch phone, cackle wildly, proceed to brick)
Some local folks not on XDA
absolutelygrimm and 18th.abn for consulting on the Evita side of things.
The XDA community for rallying behind this project and offering support to your fellow members
Click to expand...
Click to collapse
Requirements
Unlocked bootloader and a recent TWRP already flashed. (For most functions.)
A NATIVE Linux installation, or a LiveCD/Wubi install. Virtual Machines are NOT SUPPORTED.
[*]A 32 bit Linux installation/CD, or install ia32-libs or ia32-libs-multiarch
Linux Kernel v3.0 or higher (Ubuntu 12.04 LiveCDs meet this requirement)
USB Debugging turned on
Click to expand...
Click to collapse
FAQ
Q: Help! The tool keeps saying "Failed to flash HBoot" repeatedly. What do I do?
A: This is a timing issue. If the tool can't get a good lock on your phone, it will give and error and then try again. It will keep trying until it locks onto the phone and can flash. In addition, it is safe to unplug and replug the USB cable during this step, even to another USB port.
Q: This thing is taking forever!! Is it supposed to?
A: The process usually takes about 10 minutes but can take 15 or longer depending. Unfortunately the process for flashing the bootloader is rather painful, and has to be done in very small pieces. Thank HTC for that one. Ubuntu is also partially to blame.
Q: Is this a bootable CD? Can I use this from Windows?
A: This is NOT a bootable LiveCD. A LiveCD version (with further enhancements) is in the works.
Q: Is there/Will there be a Windows version?
A: No. Nor are there plans to make a Windows native version. There are some inherent issues with the way Windows deals with USB devices that prohibits us from accessing QDL. If you're not comfortable trying/using Linux, I suggest you wait for the LiveCD to be finished.
Click to expand...
Click to collapse
Instructions:
Boot Linux.
Download attached package.
Unzip to somewhere you have write access (/home/ubuntu for Ubuntu LiveCD users)
Open terminal.
cd to working directory.
$ chmod +x jet
$ sudo ./jet
Follow the onscreen instructions.
/happydance
Click to expand...
Click to collapse
Command Line Options
Code:
-b or --backup : Backup mode only (make bakp4 and fsp4, don't force QDL)
-c or --cidpreserve : Don't SuperCID the backup P4 file
-d or --detect : Find device (/dev/sd?)
-k or --kill : Soft brick the phone by corrupting P4 (be careful with this)
-r or --recover : Load HBOOT 1.09 and existing backup P4 (for people who stalled after QDL force)
-s or --supercid : SuperCID mod for nonbricked phones
-u or --unbrick : Load existing backup P4 file ONLY. (Quit QDL without downgrade)
Click to expand...
Click to collapse
To do:
P4 file generation from user entered MEID.
Merge both HW versions of JET and detect device at load.
LiveCD
All requests for features considered!
Click to expand...
Click to collapse
Source:
You can follow code revisions for the shell script here:
https://github.com/yarrimapirate/JET
LiveCD Development is underway. You can follow the code here:
https://github.com/closeone/JET
I use a modified version of Fuses emmc_recover. I have forked his source here:
https://github.com/yarrimapirate/emmc_recover
Click to expand...
Click to collapse
A big Thank You to all who've sent donations! Caffeine and beer help generate code, and a few extra bucks convinces the wife it's worth the time I spend glued to my PC/phone. Your donation money is also being used to buy devices to further test/develop with. :good:
Reserved.
This one too...
oh sweet, video coming right up!
Just one step closer to S-Off!
yarrimapirate said:
Since I'm not entirely familiar with the problem, I'll ask grim to expalin it to me so I can properly document it in the OP. Thanks for the heads up!
Click to expand...
Click to collapse
----
Hboot protects itself, I thought sbl3 verified hboot, then it protected itself but that's not the case. Sbl3 is controlling emmc mode from my understanding...
p9 (sbl3) sets emmc mode before p12(hboot) sets protection...........p1,2,3 will never be vulnerable to the same exploit as they have already set their protection well before emmc mode. They are the first 3 partitions so you cannot brick anything earlier in the chain. So, just say, hboot was p7, it would protect itself before emmc mode, and would never be vulnerable. -18th.abn
----
However, if for any reason you cannot flash Kernels/Radios.. Just run the 1.85 RUU and your issues will be solved.
----
To RUU downgrade, you will need to pull mmcblk0p23 from your phone and hex edit it. To do so, open terminal emulator on your phone..
Code:
$ su
# dd if=/dev/block/mmcblk0p23 of=/sdcard/mmcblk0p23
Open this in a hex editor of your choice.
at 0x0A0 you will see
ClearAutoImage..2.20.xxx.x...................... x being whatever number is listed..
change it to 1.00.000.0
Place back on your sdcard
open terminal emulator
Code:
$ su
# dd if=/sdcard/mmcblk0p23 of=/dev/block/mmcblk0p23
reboot to fastboot and lock your bootloader. Boot into your ROM and RUU downgrade
ugh i wish i had linux. i want old hboot back! . awesome job though, this is great to see.
Genetic517 said:
ugh i wish i had linux. i want old hboot back! . awesome job though, this is great to see.
Click to expand...
Click to collapse
Go boot up a liveCD and do it.
I have done it 3 or 4 times, but with the manual process. These tools work. I endorse them.
Genetic517 said:
ugh i wish i had linux. i want old hboot back! . awesome job though, this is great to see.
Click to expand...
Click to collapse
Just use the ubuntu live cd like suggested in the OP. Or dual boot it, ubuntu or other Linux distro is really great to have
EDIT: absolutelygrim beat me to it
Great job to all involved with this !. S-Off would be nice, but having Hboot 1.09 is pretty nice as well.
I'm using this now, a bit concerned that the device seems like it doesn't want to wake right now (stuck at Waking Device...) ANyone have any ideas? Would it be safe to unplug this USB cable and try a different one? I'm using one other than the one that came with the One X
absolutelygrim said:
Go boot up a liveCD and do it.
I have done it 3 or 4 times, but with the manual process. These tools work. I endorse them.
Click to expand...
Click to collapse
bpear96 said:
Just use the ubuntu live cd like suggested in the OP. Or dual boot it, ubuntu or other Linux distro is really great to have
EDIT: absolutelygrim beat me to it
Click to expand...
Click to collapse
i did read i could use livecd but i also read this in the FAQ. livecd looks to be unfinished? please correct me if im wrong. im 100% a windows guy, have never even used linux
Q: Is there/Will there be a Windows version?
A: No. Nor are there plans to make a Windows native version. There are some inherent issues with the way Windows deals with USB devices that prohibits us from accessing QDL. If you're not comfortable trying/using Linux, I suggest you wait for the LiveCD to be finished.
MyronJ906 said:
I'm using this now, a bit concerned that the device seems like it doesn't want to wake right now (stuck at Waking Device...) ANyone have any ideas? Would it be safe to unplug this USB cable and try a different one? I'm using one other than the one that came with the One X
Click to expand...
Click to collapse
Hold power down for 10 seconds
open another terminal window and type
Code:
watch -n.1 lsusb
let go of power when you see "Qualcomm, Inc. Gobi Wireless Modem (QDL mode)" disappear
Genetic517 said:
i did read i could use livecd but i also read this in the FAQ. livecd looks to be unfinished? please correct me if im wrong. im 100% a windows guy, have never even used linux
Q: Is there/Will there be a Windows version?
A: No. Nor are there plans to make a Windows native version. There are some inherent issues with the way Windows deals with USB devices that prohibits us from accessing QDL. If you're not comfortable trying/using Linux, I suggest you wait for the LiveCD to be finished.
Click to expand...
Click to collapse
He means a actual "jet" AIO live cd is what is a unfinished . Theres nothing stopping you from downloading the latest Ubuntu distro, burning it to a disc (or bootable usb) and running that on your computer. Ubuntu can be ran directly from the disc, no install needed (though it will be slower than install obviously ) Once your running the live cd/usb of ubuntu you can easily load up this toolkit.
absolutelygrim said:
Hold power down for 10 seconds
open another terminal window and type
Code:
watch -n.1 lsusb
let go of power when you see "Qualcomm, Inc. Gobi Wireless Modem (QDL mode)" disappear
Click to expand...
Click to collapse
It won't stay disappeared, it's pretty much appearing and then reappearing
MyronJ906 said:
It won't stay disappeared, it's pretty much appearing and then reappearing
Click to expand...
Click to collapse
did you brick by flashing ICJ or are you trying to downgrade?
edit: It should disappear and then say Qualcomm, Inc. for a few seconds
absolutelygrim said:
did you brick by flashing ICJ or are you trying to downgrade?
Click to expand...
Click to collapse
Downgrade. Haha just my luck for trying something I didn't need to do
If it's safe to actually unplug the USB and grab another cable, I'm definitely willing/able to do that
EDIT: and it does disappear and say Qualcom Inc for a few seconds, then nothing and then it flashes the full "Qualcomm, Inc. Gobi Wireless Modem (QDL mode)" for a split second and repeats the process
MyronJ906 said:
Downgrade. Haha just my luck for trying something I didn't need to do
If it's safe to actually unplug the USB and grab another cable, I'm definitely willing/able to do that
Click to expand...
Click to collapse
Yes, go get the cable that came with your phone and restart from the beginning
kickass!
absolutelygrim said:
Yes, go get the cable that came with your phone and restart from the beginning
Click to expand...
Click to collapse
Beginning as in from the very beginning of the script? Just ran home and grabbed the cable. Thanks for the help by the way
MyronJ906 said:
Beginning as in from the very beginning of the script? Just ran home and grabbed the cable. Thanks for the help by the way
Click to expand...
Click to collapse
Use the command line switch -r
sudo ./jet -r
Sent from my One X using xda app-developers app
Great work on this, to all involved!
Phone: Alcatel One touch POP 5036x
PC OS: Windows 8.1
Hello, I am Nick from Holland and I am 13 years old. My first post is a request for help, for which I apologize.
I recently bought my second mobile phone, which is my first smartphone/android device.
Quickly after I purchased it, I decided to root the apparatus and got into sudo-ing and that kind of stuff.
Now my phone is in a boot loop and I am unable to recover from it.
I have been searching and reading this forum for days now, and I just cannot figure out what to do.
I' m having trouble finding the right files ( Stock image, CWM and such ) for my particular model.
What happened before this mess:
I installed an anti-theft program called ' Prey'
To see how this worked, I flagged my device as missing. Nothing happened though, so I reverted its status to OK.
Later on I decided to delete some bloatware, and eventually I accidentally erased a file called ' Android System' or something like that.
I am not 100% sure about this particular name though, but I do know it sounded important.
My phone froze during the deletion process and I decided to take the battery out and do a reset.
Phone OFF
Power + Volume up
wipe cache partition
wipe data/factory reset
After which I ended up[ in this boot loop.
The phone boots past the android logo, and restarts during the blue Alcatel POP-C5 animation.
To make things worse, I looked in the ' Prey Control panel, and noticed my phone was still flagged as missing.
I remember I read something, somewhere about a security measure that involves being unable to simply remove Prey
by resetting the phone to its factory defaults.
My current status:
I installed the necessary USB drivers on my Windows 8.1 machine, and I am able to connect to my phone using ADB.
I am able to reboot into fastboot. (
Code:
ADB reboot-bootloader
)
I am able to transfer files and such using ADB
I have collected and properly configured the paths within windows to use the command line and downloaded (I think) all the necessary software. like Flash Tool, MTK Droid, the Android SDK, etc.
Code:
fastboot devices
resolves mt6572v1_phone fastboot
Some discrepancies:
Code:
adb devices
resolves the following data:
List of devices attached
0123456789ABCDEF sideload
Notice 1-to-9 and A-to-F. This seems weird to me.
Code:
get-state
and
Code:
get-devseria
l both resolve 'unknown'
Is there anyone willing/able to help me resolve my issues?
In return I can eventually make a new tutorial or Alcatel OT-5036x recovery thread.
I will try pulling the debug info and produce a logfile later on and upload them to my Google Drive.
Regards,
p011i3 said:
Phone: Alcatel One touch POP 5036x
PC OS: Windows 8.1
Hello, I am Nick from Holland and I am 13 years old. My first post is a request for help, for which I apologize.
I recently bought my second mobile phone, which is my first smartphone/android device.
Quickly after I purchased it, I decided to root the apparatus and got into sudo-ing and that kind of stuff.
Now my phone is in a boot loop and I am unable to recover from it.
I have been searching and reading this forum for days now, and I just cannot figure out what to do.
I' m having trouble finding the right files ( Stock image, CWM and such ) for my particular model.
What happened before this mess:
I installed an anti-theft program called ' Prey'
To see how this worked, I flagged my device as missing. Nothing happened though, so I reverted its status to OK.
Later on I decided to delete some bloatware, and eventually I accidentally erased a file called ' Android System' or something like that.
I am not 100% sure about this particular name though, but I do know it sounded important.
My phone froze during the deletion process and I decided to take the battery out and do a reset.
Phone OFF
Power + Volume up
wipe cache partition
wipe data/factory reset
After which I ended up[ in this boot loop.
The phone boots past the android logo, and restarts during the blue Alcatel POP-C5 animation.
To make things worse, I looked in the ' Prey Control panel, and noticed my phone was still flagged as missing.
I remember I read something, somewhere about a security measure that involves being unable to simply remove Prey
by resetting the phone to its factory defaults.
My current status:
I installed the necessary USB drivers on my Windows 8.1 machine, and I am able to connect to my phone using ADB.
I am able to reboot into fastboot. (
Code:
ADB reboot-bootloader
)
I am able to transfer files and such using ADB
I have collected and properly configured the paths within windows to use the command line and downloaded (I think) all the necessary software. like Flash Tool, MTK Droid, the Android SDK, etc.
Code:
fastboot devices
resolves mt6572v1_phone fastboot
Some discrepancies:
Code:
adb devices
resolves the following data:
List of devices attached
0123456789ABCDEF sideload
Notice 1-to-9 and A-to-F. This seems weird to me.
Code:
get-state
and
Code:
get-devseria
l both resolve 'unknown'
Is there anyone willing/able to help me resolve my issues?
In return I can eventually make a new tutorial or Alcatel OT-5036x recovery thread.
I will try pulling the debug info and produce a logfile later on and upload them to my Google Drive.
Regards,
Click to expand...
Click to collapse
You mention cwm.
Don't you have a backup?
Try google translating this thread: http://www.phonandroid.com/forum/carliv-recovery-cwm-6-0-4-4-pop-c5-et-x-pop-t81752.html
Lgrootnoob;50489116]You mention cwm.
Don't you have a backup?
Try google translating this thread: *link removed due restrictions*
Click to expand...
Click to collapse
I thank you for your kind answer.
No, I do not have a backup prior to my problem.
I have one now though, before things get worse.
I actually made some progress - I managed to correctly install and boot CWM.
I already stumbled upon and downloaded the files mentioned in your link.
The teXt translates as:
-put mobileuncle tools and recovery on your SD
mobileuncle-install and granted him the rights superSU
-click recovery update
-then recovery.img
clicked OK
-then it will ask to restart a recovery click OK
I downloaded the file called ' recovery.img' but I am unsure how to transfer it to my device and implement it.
Also, how do I install and run mobileuncle without being able to boot?
Regards,
EDIT:
Code:
C:\Users\Maya\Desktop>fastboot flash recovery recovery.img
sending 'recovery' (5522 KB)...
OKAY [ 0.217s]
writing 'recovery'...
FAILED (remote:
partition 'recovery' not support flash)
finished. total time: 0.242s
Install stock firmware anf stock rom and ur phone via Odin.... and ur phone will start as it was when u purchased it...
DeathNotice said:
Install stock firmware anf stock rom and ur phone via Odin.... and ur phone will start as it was when u purchased it...
Click to expand...
Click to collapse
Were do I find these for my Alcatel 5036x?
I searched for like four days without any definitive result.
p011i3 said:
Were do I find these for my Alcatel 5036x?
I searched for like four days without any definitive result.
Click to expand...
Click to collapse
Either try:
Code:
fastboot oem unlock
Or talk to the manufacturer.
They should actually provide source code since it is an android/linux OS.
Once you try these things we will move forward.
Lgrootnoob said:
They should actually provide source code since it is an android/linux OS.
Once you try these things we will move forward.
Click to expand...
Click to collapse
This is wrong. They are not required to provide the source code for the OS. Only the kernel is licensed under the gpl. The rest is closed sourced.
You will need to track down the default software for the device. Which maybe hard if not impossible as clone devices/MTK devices are based out of China and few if any have any after market support.
p011i3 said:
Were do I find these for my Alcatel 5036x?
I searched for like four days without any definitive result.
Click to expand...
Click to collapse
Search it on www.SamMobile.com......U may get ur stock rom and firmware on it
Lgrootnoob said:
Either try:
Code:
fastboot oem unlock
Or talk to the manufacturer.
They should actually provide source code since it is an android/linux OS.
Once you try these things we will move forward.
Click to expand...
Click to collapse
Code:
Windows PowerShell
Copyright (C) 2013 Microsoft Corporation. All rights reserved.
PS C:\Windows\system32> adb start-server
PS C:\Windows\system32> adb reboot-bootloader
PS C:\Windows\system32> fastboot oem unlock
...
And it just hangs there. (Tried 3 times and waited ~10minutes each.)
The cause of this is that I made things worse - yesterday I formatted the /system partition using CWM.
I did make a backup using Android Toolkiot first though, but again I am unsure how to recover it.
Also, I downloaded the files mentioned in the French I briefly discussed above.
I consists of almost all files listed in Flash Tool, except MOBILE_INFO, CACHE and USERDATA
The Alcatel Source code is hosted at Sourceforge under project name ' Alcatel'
zelendel said:
This is wrong. They are not required to provide the source code for the OS. Only the kernel is licensed under the gpl. The rest is closed sourced.
You will need to track down the default software for the device. Which maybe hard if not impossible as clone devices/MTK devices are based out of China and few if any have any after market support.
Click to expand...
Click to collapse
You are probably right. However, Alcatel actually does provide source code. See the ' Open Source' link at the bottom of the Alcatel website.
It is hosted at Sourceforge. Project name:: ' Alcatel'
I downloaded the the tar.gz archive earlier this week and extracted it, but I have no idea how to use this.
I am somewhat familiar with Linux though. I could set something up if I need to.
DeathNotice said:
Search it on SamMobile.com......U may get ur stock rom and firmware on it
Click to expand...
Click to collapse
I searched for ' 5036x' : " No entries found."
p011i3 said:
Code:
Windows PowerShell
Copyright (C) 2013 Microsoft Corporation. All rights reserved.
PS C:\Windows\system32> adb start-server
PS C:\Windows\system32> adb reboot-bootloader
PS C:\Windows\system32> fastboot oem unlock
...
And it just hangs there. (Tried 3 times and waited ~10minutes each.)
The cause of this is that I made things worse - yesterday I formatted the /system partition using CWM.
I did make a backup using Android Toolkiot first though, but again I am unsure how to recover it.
Also, I downloaded the files mentioned in the French I briefly discussed above.
I consists of almost all files listed in Flash Tool, except MOBILE_INFO, CACHE and USERDATA
The Alcatel Source code is hosted at Sourceforge under project name ' Alcatel'
You are probably right. However, Alcatel actually does provide source code. See the ' Open Source' link at the bottom of the Alcatel website.
It is hosted at Sourceforge. Project name:: ' Alcatel'
I downloaded the the tar.gz archive earlier this week and extracted it, but I have no idea how to use this.
I am somewhat familiar with Linux though. I could set something up if I need to.
I searched for ' 5036x' : " No entries found."
Click to expand...
Click to collapse
I did look at it and it is the part of the source code for the kernel and that's it
Bat cave One
zelendel said:
This is wrong. They are not required to provide the source code for the OS. Only the kernel is licensed under the gpl. The rest is closed sourced.
You will need to track down the default software for the device. Which maybe hard if not impossible as clone devices/MTK devices are based out of China and few if any have any after market support.
Click to expand...
Click to collapse
The kernel should be good enough though. (With modules)
---------- Post added at 10:41 AM ---------- Previous post was at 10:36 AM ----------
@p011i3 Hey, what version of android do you have.
YOu might be able to make a flashable zip if you have a working system img.
Or we could make a false cwm backup and just restore system only from that.
I managed to fully recover my Alcatel One Touch POP C5 5036X without having a backup for my own. I did this by formatting the entire device using Flash Tool and downloading the files from the French Website discussed earlier in this thread.
I'll post a 5036X recovery topic including all files later this weekend.
Again, I thank everyone for their kind help.
Read this whole guide before starting.
This is for the 8th gen Fire HD8 (karnak).
Current version: amonet-karnak-v3.0.1.zip
This is based on @xyz`s original work, but adds some features such as reboot to hacked BL.
It also intends to simplify the installation process.
If you are already unlocked you can simply update by flashing the ZIP-file in TWRP.
NOTE: If you are on a firmware lower than 6.3.1.2 this process does not require you to open your device, but should something go horribly wrong, be prepared to do so.
What you need:
A Linux installation or live-system
A micro-USB cable
Install python3, PySerial, adb, fastboot dos2unix. For Debian/Ubuntu something like this should work:
Code:
sudo apt update
sudo add-apt-repository universe
sudo apt install python3 python3-serial adb fastboot dos2unix
1. Extract the attached zip-file "amonet-karnak-v3.0.1.zip" and open a terminal in that directory.
NOTE: If you are already rooted, continue with the next step, otherwise get mtk-su by @diplomatic from here and place (the unpacked binary) into amonet/bin folder
2. Enable ADB in Developer Settings
3. Start the script:
Code:
sudo ./fireos-step.sh
NOTE: If you are on a firmware newer than 6.3.0.1, a downgrade is necessary, this requires bricking the device temporarily. (The screen won't come on at all)
WARNING: There have been numerous reports that would indicate a hardware-change that doesn't allow access to the bootrom.
When bricking these devices there is currently no known way to unbrick.
This makes the hardware-method currently the safest option.
To brick firmware 6.3.1.2 use the attached brick-karnak.zip, boot into fastboot
Code:
adb reboot bootloader
and run
Code:
./brick-6312.sh
Make sure ModemManager is disabled or uninstalled:
Code:
sudo systemctl stop ModemManager
sudo systemctl disable ModemManager
After you have confirmed the bricking by typing "YES", you will need disconnect the device and run
Code:
sudo ./bootrom-step.sh
Then plug the device back in.
The device will reboot into TWRP.
You can now install Magisk from there.
Going back to stock
Extract the attached zip-file "amonet-karnak-return-to-stock.zip" into the same folder where you extracted "amonet-karnak-v3.0.1.zip" and open a terminal in that directory.
Then run:
Code:
sudo ./return-to-stock.sh
Your device should reboot into Amazon Recovery. Use adb sideload to install stock image from there. (Make sure to use FireOS 6.3.0.0 or newer, otherwise you may brick your device)
Important information
Don't flash boot/recovery images from FireOS (FlashFire, MagiskManager etc.)
TWRP will prevent updates from overwriting LK/Preloader/TZ, so generally installing an update should work without issues (only full updates, incremental updates won't work).
For ROM developers there is still an option to overwrite these, which should only be done after thorough testing and if needed (LK should never be updated).
It is still advised to disable OTA.
Very special thanks to @xyz` for making all this possible and putting up with the countless questions I have asked, helping me finish this.
Special thanks also to @diplomatic for his wonderfull mtk-su, allowing you to unlock without opening the device.
Thanks to @Kaijones23 for testing.
Unbricking / Unlocking with Firmware 6.3.1.2+
If Recovery OR FireOS are still accessible (or your firmware is below 6.3.1.2) there are other means of recovery, don't continue.
If your device shows one of the following symptoms:
It doesn't show any life (screen stays dark)
You see the white amazon logo, but cannot access Recovery or FireOS.
If you have a Type 1 brick, you may not have to open the device, if your device comes up in bootrom-mode (See Checking USB connection below).
Make sure the device is powered off, by holding the power-button for 20+ seconds
Start bootrom-step.sh
Plug in USB
In all other cases you will have to open the device.
Make sure ModemManager is disabled or uninstalled:
Code:
sudo systemctl stop ModemManager
sudo systemctl disable ModemManager
NOTE: If you have issues running the scripts, you might have to run them using sudo.
Also try using different USB-ports (preferably USB-2.0-ports)
Open the device and short the pin marked in the attached photo to ground while plugging in.
1. Extract the attached zip-file "amonet-karnak-v3.0.zip" and open a terminal in that directory.
2. start the script:
Code:
sudo ./bootrom-step.sh
It should now say Waiting for bootrom.
3. Short the device according to the attached photo and plug it in.
4. When the script asks you to remove the short, remove the short and press enter.
5. Wait for the script to finish.
If it stalls at some point, stop it and restart the process from step 2.
6. Your device should now reboot into unlocked fastboot state.
7. Run
Code:
sudo ./fastboot-step.sh
8. Wait for the device to reboot into TWRP.
9. Use TWRP to flash custom ROM, Magisk or SuperSU
Checking USB connection
In lsusb the boot-rom shows up as:
Code:
Bus 002 Device 013: ID [b]0e8d:0003[/b] MediaTek Inc. MT6227 phone
If it shows up as:
Code:
Bus 002 Device 014: ID [b]0e8d:2000[/b] MediaTek Inc. MT65xx Preloader
instead, you are in preloader-mode, try again.
dmesg lists the correct device as:
Code:
[ 6383.962057] usb 2-2: New USB device found, idVendor=[b]0e8d[/b], idProduct=[b]0003[/b], bcdDevice= 1.00
Reserved #2
Reserved #3
This is very cool @k4y0z!
Now we can use boot-recovery.sh & boot-fastboot no?
Regards!
Rortiz2 said:
This is very cool @k4y0z!
Now we can use boot-recovery.sh & boot-fastboot no?
Regards!
Click to expand...
Click to collapse
Yes, that is also supported.
k4y0z said:
NOTE: If you are on a firmware lower than 6.3.1.2 this process does not require you to open your device, but should something go horribly wrong, be prepared to do so.
NOTE: If you are on a firmware newer than 6.3.0.1, a downgrade is necessary, this requires bricking the device temporarily. (The screen won't come on at all)[/COLOR]
Click to expand...
Click to collapse
So do you need to open the case to run this exploit on the newest firmware, or can you just brick to install older lk/preloader, and go from there?
Kctucka said:
So do you need to open the case to run this exploit on the newest firmware, or can you just brick to install older lk/preloader, and go from there?
Click to expand...
Click to collapse
On 6.3.1.2 mtk-su has been fixed, so unless you already have root (or another way to get temp-root is found), bricking isn't an option and you will have to open the case.
If you do have root the script will do the bricking for you.
@k4y0z For people who already used the steps in xyz's thread and are running your TWRP and LineageOS, is there anything here that we're missing? Or is this just a new method to arrive at the same results?
jibgilmon said:
@k4y0z For people who already used the steps in xyz's thread and are running your TWRP and LineageOS, is there anything here that we're missing? Or is this just a new method to arrive at the same results?
Click to expand...
Click to collapse
k4y0z said:
This is based on @xyz`s original work, but adds some features such as reboot to hacked BL.
It also intends to simplify the installation process.
If you are already unlocked you can simply update by flashing the ZIP-file in TWRP.
Click to expand...
Click to collapse
Additionally it adds support for the boot-recovery and boot-fastboot scripts.
And a script to enable UART output for the kernel.
So nothing essential if you are already using the updated TWRP.
Ran this pup on a unit that I was keeping unrooted (aside from occational temp root via mtk-su) as a control but was becoming painful to use/maintain. Also missed TWRP. Worked like a champ with zero issues ... aside from stumbling over my own stupidity. Used Lubuntu live 18.04 and Magisk 19.3/7.3.2. Staying on FireOS 6.3.0.1 (w/hijacks) for now until a fully vetted custom ROM becomes available.
Thanks for the great tool and accompanying guidance.
I have added unbricking/bootrom instructions in Post #2
@k4y0z
If I flash your zip, can I then flash Amazon update as is? Will your TWRP manage the bootloaders/etc when flashing the stock ROM?
bibikalka said:
@k4y0z
If I flash your zip, can I then flash Amazon update as is? Will your TWRP manage the bootloaders/etc when flashing the stock ROM?
Click to expand...
Click to collapse
I think yeah:
TWRP will prevent updates from overwriting LK/Preloader/TZ, so generally installing an update should work without issues (only full updates, incremental updates won't work).
Click to expand...
Click to collapse
So I got a HD8 2018 today and it came with OS version that forced me to connect to WiFi and update itself. I was pretty pissed but I used this guide to get root easily.
I had Arch based linux installed which gave problems while running script, so I made bootable Ubuntu usb and that worked fine. Thank you everyone involved in developing this hack.
madman said:
So I got a HD8 2018 today and it came with OS version that forced me to connect to WiFi and update itself. I was pretty pissed but I used this guide to get root easily.
I had Arch based linux installed which gave problems while running script, so I made bootable Ubuntu usb and that worked fine. Thank you everyone involved in developing this hack.
Click to expand...
Click to collapse
For future reference you can avoid the presumed forced WiFi connect by putting in a bogus password; once authentication fails a 'skip' option will appear.
bibikalka said:
@k4y0z
If I flash your zip, can I then flash Amazon update as is? Will your TWRP manage the bootloaders/etc when flashing the stock ROM?
Click to expand...
Click to collapse
Rortiz2 said:
I think yeah:
Click to expand...
Click to collapse
Yes, exactly.
Rortiz2 said:
I think yeah:
Click to expand...
Click to collapse
k4y0z said:
Quote:
TWRP will prevent updates from overwriting LK/Preloader/TZ, so generally installing an update should work without issues (only full updates, incremental updates won't work).
Yes, exactly.
Click to expand...
Click to collapse
OK - tried to upgrade to the latest update-kindle-Fire_HD8_8th_Gen-NS6312_user_1852_0002517056644.bin using the suggestions above, and got a hardcore Amazon logo bootloop.
My actions. I had the old unlock, so I flashed the zip in this thread first. New TWRP showed up - so far so good. Then I flashed the Amazon update zip as is, thinking the updated TWRP would do its magic. Flashed Magisk, tried to reboot. No go - Amazon logo bootloop. No recovery either. So it feels that I lost the unlock, and, perhaps LK & preloader & TZ got overwritten with the new versions from the Amazon update zip.
Any recovery here other than opening the case?
bibikalka said:
OK - tried to upgrade to the latest update-kindle-Fire_HD8_8th_Gen-NS6312_user_1852_0002517056644.bin using the suggestions above, and got a hardcore Amazon logo bootloop.
My actions. I had the old unlock, so I flashed the zip in this thread first. New TWRP showed up - so far so good. Then I flashed the Amazon update zip as is, thinking the updated TWRP would do its magic. Flashed Magisk, tried to reboot. No go - Amazon logo bootloop. No recovery either. So it feels that I lost the unlock, and, perhaps LK & preloader & TZ got overwritten with the new versions from the Amazon update zip.
Any recovery here other than opening the case?
Click to expand...
Click to collapse
That is strange, I've had no issues installing that firmware unmodified through TWRP.
So you can't boot neither normal or recovery?
Does it say something in the corner when trying to boot recovery?
You can try the boot-fastboot.sh script to get into hacked fastboot.
k4y0z said:
That is strange, I've had no issues installing that firmware unmodified through TWRP.
So you can't boot neither normal or recovery?
Does it say something in the corner when trying to boot recovery?
You can try the boot-fastboot.sh script to get into hacked fastboot.
Click to expand...
Click to collapse
Cannot boot anywhere - no message about booting recovery either. When you tried installing unmodified firmware, was that on HD8 2018, or some other tablet? I wonder if perhaps there are some differences with HD8 2018 given that it's Nougat.
I will try the hacked fastboot, but most likely - will have to open the case.