Hi Forum,
i am new owner of a Asus Transformer Pad Infinity TF700T. As i know from my other(Samsung Galaxy S2, Galaxy S Young) Android-Devices was posible make a CustomRecovery(in my Case CWM-Backup) with a Install.Zip from the Factory-Recovery-Engine. This Install.zip was loaded from the Factory-Recovery-Engine without replace Factory-Recovery or Bootloader, and allow me to Backup and Recover my Full-System.
As i want to do this with my TF700T too, i read a lot here and arround the Web. So with all that i was read for me looks like with TF700T this way is not posible. All that i read says, its need 1. unlock Bootloader, 2. Replace Factory-Recovery-Engine(Case of CWM and TWRP) or Replace Bootloader(Case of NVFlash-Method).
For me in the End its not a real Problem to open the bootloader special because i want make/have a backup of full-system. But before i take this way i would like to understand why this is need and why its not posible take a backup like this way i did on my other androids.
I read a lot of answers like: "its not posible" or "you need unlock bootloader first". But not in one case someone explain why exactly isnt posible. This i want to clearify with my post here.
What i want to know, if i load a install.zip from the factory-recovery like i did in my other device(without replace factory-recovery only load the Custom-Recovery), this need a unlock bootloader? In case of yes, why?
In case of no, why its not avaible/posible for the knowledge peoples here make a install.zip Custom-Recovery like on the other device(without replace Factory-Recovery) for TF700T? I suggest its have something to do with sign this file that its not posible, if its this please a short explain why?
What i really did like is make a Fullbackup with the locked bootloader and the Factory-ROM as it is before first use. But as all i read until now i think this will not be posible. So i think i am obligated to take the other way(for me i think it would be NVFlash-Method as first Step and then change CWM or TWRP - Recovery).
Thanks in advance for your time to answer my questions.
Regards
The stock recovery allows only install.zips that are digitally signed with Asus' private key, and fastboot allows only flashing partition images signed with Asus' private key. Unlocking the bootloader disables the signature checks for the recovery and boot (kernel) partitions.
_that said:
The stock recovery allows only install.zips that are digitally signed with Asus' private key, and fastboot allows only flashing partition images signed with Asus' private key. Unlocking the bootloader disables the signature checks for the recovery and boot (kernel) partitions.
Click to expand...
Click to collapse
Thanks a lot for your answer, so its more or less what i found out by reading a lot of threads. Now we have this in a centralplace...
See ya:good:
Related
I have combed through these forums and haven't been able to find an answer yet, so please forgive me if I have missed something. So here goes:
If: a) I have updated to JB, and
b) I unlocked my device and
c) I successfully installed TWRP and
d) I managed to brick my device insomuch that ONLY APX mode is available to me when I connect to my PC, is there a solution unbrick my device at this time?
Currently booting my device will only display the first ASUS boot screen and never goes any further.
Many thanks to anybody who can provide some insight.
jeremiah.wells said:
I have combed through these forums and haven't been able to find an answer yet, so please forgive me if I have missed something. So here goes:
If: a) I have updated to JB, and
b) I unlocked my device and
c) I successfully installed TWRP and
d) I managed to brick my device insomuch that ONLY APX mode is available to me when I connect to my PC, is there a solution unbrick my device at this time?
Currently booting my device will only display the first ASUS boot screen and never goes any further.
Many thanks to anybody who can provide some insight.
Click to expand...
Click to collapse
What have you tried in the meantime? Did you install NvFlash before the update to JB? You cannot get to recovery? If you cannot but do have fastboot available, either use TWRP or CWM (which can be flashed via fastboot as well: http://forum.xda-developers.com/showthread.php?t=1926286 in case your recovery has been borked) and then flash a stock ROM from ASUS from here: http://www.asus.com/Tablet/Transformer_Pad/ASUS_Transformer_Pad_Infinity_TF700T/#download
Take a look here: http://forum.xda-developers.com/showthread.php?t=1938129 as well.
MartyHulskemper said:
What have you tried in the meantime? Did you install NvFlash before the update to JB? You cannot get to recovery? If you cannot but do have fastboot available, either use TWRP or CWM (which can be flashed via fastboot as well: http://forum.xda-developers.com/showthread.php?t=1926286 in case your recovery has been borked) and then flash a stock ROM from ASUS from here: http://www.asus.com/Tablet/Transformer_Pad/ASUS_Transformer_Pad_Infinity_TF700T/#download
Take a look here: http://forum.xda-developers.com/showthread.php?t=1938129 as well.
Click to expand...
Click to collapse
MartyHulskemper, many thanks for your prompt reply. To answer your questions:
1) I have tried (in vain, I now understand) to use nvflash (first using wheelie with a couple configurations) and to no avail
2) I did NOT install nvflash before, as I was excited about rooting and wasn't abreast of all the consequences of updating directly to JB and then unlock and then root with a new device. Unfortunately I had read a post on (another website) that nvflash wasn't working on the TF700T (which I presume was correct at the time it was written) only to now learn that it is.
A note -- fastboot is not available and the only way I can get the device visible to a computer is to put it in APX mode.
This is a classic case of me jumping the gun without fully understanding what's implied with the various updates and root solutions out there. Basically I followed a guide and used a set of files distributed on scottsroms that indeed rooted my device with the TWRP recovery. What I then attempted and (I think what ultimately did my device to its current state) was to attempt to flash CWM. After that flash I couldn't get either recovery to boot and so I attempted a data wipe and was going to reflash with CWM. After that data wipe is when I could not longer boot.
Sorry about the novel but I guess I'm vainly hoping this may trigger and idea from you or a future reader about what my options are. I will look at the link you suggested and go from there.
Again, thank-you for any assistance you may provide.
Can you get into recovery at all when you hold vol down and power? I had the same problem with my infinity when the .18 update came out, i had a freeze and a crash during normal use while the update was either downloading or changing something and when it restarted I couldnt do anything but go into APX. I never unlocked it (mainly because the asus tool wouldnt work) but I had to RMA to get it fixed. If you can at least get to the recovery menu you can try reinstalling the stock rom from an mSD. Otherwise you may have to do the same as me and RMA and hope that they dont tell you tough luck since its unlocked As far as I know the only way to recover the tablet when APX is your only option is with NVFlash, which I never installed because .30 was on my infinity when i bought it.
jeremiah.wells said:
I couldn't get either recovery to boot and so I attempted a data wipe
Click to expand...
Click to collapse
That is the exactly step that bricked many TF700s here (search the forums). "Wipe data" with a broken recovery = bootloader won't do anything else than try to boot the broken recovery.
If you didn't create a blob for wheelie/nvflash before, your only option now is to send it to Asus for a costly "repair" (they claim they have to change the mainboard, I don't know why they don't just use nvflash).
_that said:
That is the exactly step that bricked many TF700s here (search the forums). "Wipe data" with a broken recovery = bootloader won't do anything else than try to boot the broken recovery.
If you didn't create a blob for wheelie/nvflash before, your only option now is to send it to Asus for a costly "repair" (they claim they have to change the mainboard, I don't know why they don't just use nvflash).
Click to expand...
Click to collapse
Yes, with only APX available but no NvFlash backup, there's very little to no light at the end of the tunnel. I also wondered why the reports of RMA'd users mention a motherboard change, but I do remember something about unit-specific code being backed up with NvFlash. Although I'd think it strange, it might be that even ASUS cannot revive a bricked 700 without knowing that code, necessitating the new motherboard with a known code. This is only speculation, of course, but it's the only reason I could think of.
@OP: with no fastboot available, you will not be able to follow either Scott's guide or reflash a recovery. I sincerely feel for you, especially since it was enthusiasm that got you into trouble. I know the resultant feeling, and I hate it, for it quells said enthusiasm in the future and make you overly cautious. I wish you a speedy and effective RMA!
jeremiah.wells said:
MartyHulskemper, many thanks for your prompt reply. To answer your questions:
1) I have tried (in vain, I now understand) to use nvflash (first using wheelie with a couple configurations) and to no avail
2) I did NOT install nvflash before, as I was excited about rooting and wasn't abreast of all the consequences of updating directly to JB and then unlock and then root with a new device. Unfortunately I had read a post on (another website) that nvflash wasn't working on the TF700T (which I presume was correct at the time it was written) only to now learn that it is.
A note -- fastboot is not available and the only way I can get the device visible to a computer is to put it in APX mode.
This is a classic case of me jumping the gun without fully understanding what's implied with the various updates and root solutions out there. Basically I followed a guide and used a set of files distributed on scottsroms that indeed rooted my device with the TWRP recovery. What I then attempted and (I think what ultimately did my device to its current state) was to attempt to flash CWM. After that flash I couldn't get either recovery to boot and so I attempted a data wipe and was going to reflash with CWM. After that data wipe is when I could not longer boot.
Sorry about the novel but I guess I'm vainly hoping this may trigger and idea from you or a future reader about what my options are. I will look at the link you suggested and go from there.
Again, thank-you for any assistance you may provide.
Click to expand...
Click to collapse
I really feel for you...just bricked a phone last week and it's an awful feeling, like you should have known better. Good luck.
Just out of curiosity, did you use Rom Manager to flash CWM recovery? That's the kiss of death for the TF700.
I feel for you too as this happened to me even without any type of modifications to my recovery or bootloader! As far as RMA and the motherboard change I am not sure whether they recovered my device without an actual change. When i got it back from RMA it was on the same firmware as before (not the most recent at the time) as well as retaining the same SN on my device. Since I got it back though I am unable to use the unlocker tool. I get that network error and a refusal from the asus unlock server that lots of people were having issues with a while back. I am in touch with Asus service now, but asus service is usually a long arduous process! I hope that they dont charge you for the replacement, but seeing as you unlocked its very possible if you have any sort of insurance from your credit card that may be a better route by trying to replace it as a lost or broken unit. My RMA was free (except shipping) but again, no unlock!
best of luck.
MartyHulskemper said:
it might be that even ASUS cannot revive a bricked 700 without knowing that code, necessitating the new motherboard with a known code. This is only speculation, of course, but it's the only reason I could think of.
Click to expand...
Click to collapse
They must know the device key, because the unlocking process requires it. However it is plausible that service centers have no access to this information.
It's somehow depressing that not knowing 128 secret bits takes away control over our own devices.
_that said:
They must know the device key, because the unlocking process requires it. However it is plausible that service centers have no access to this information.
It's somehow depressing that not knowing 128 secret bits takes away control over our own devices.
Click to expand...
Click to collapse
In cases like this, I always hope you get a motivated technician that actually hunts down your serial from that database and helps you out. Guess I'm a bit naive in that regard.
Yeah, those 16 bytes keeping the door shut are a major bummer, as is the fact that NvFlash was not pre-installed anyway...
okantomi said:
I really feel for you...just bricked a phone last week and it's an awful feeling, like you should have known better. Good luck.
Just out of curiosity, did you use Rom Manager to flash CWM recovery? That's the kiss of death for the TF700.
Click to expand...
Click to collapse
To answer your curiosity, NO... I did not install or use Rom Manager in any way to get to this state.
Got a question. Mine is rooted but locked, i attempted to install TWRP before unlocking. I can still boot it up but i cant get into recovery. Can i unlock it without a working recovery and just reinstall TWRP? what are my options? Any help would be great.
edit: nevermind, i think i found the answer...
Sent from my ASUS Transformer Pad TF700T using Tapatalk 2
I'm sure by the time you're reading this you have already heard how critical it is to backup the pre .30 bootloader blobs using NVflash so you have a fool-proof plan to recovery from any flashing disaster.
If not, please read about it in the relevant threads:
- [TOOL][BRICKPROOF]TF700 NVFlash release!
- Overview for the Transformer TF700 & Guide
- Technical Details on the TF secure boot key
Suffice it to say, if you upgraded to a bootloader newer than 9.4.5.30r01; you cannot use this tool to make this ultimate backup. The excuses abound and mine is simply the same of impatience. Nevertheless, I've done a good bit of reading about how nvflash and wheelie work and, provided I'm not vastly misunderstanding, wish to work on bringing the same greatness to those of us who have already upgraded past 9.4.5.30r01.
Most of the responses to a lot of these questions I've seen are basically 'sucks for you' and, while that is true, I don't know if it's the whole picture or why.
What precisely changed post .30 in the bootloader? From my understanding you need to first flash staging with a custom built blob (ebtblob.bin) and I wonder if the issue is simply (well, you know.. sorta) based around the pre-.30 bootloader that was reverse engineered? Or is it something far worse?
I would love to hear any of the technical details as I do enjoy reverse engineering Android applications, firmware and pretty much anything.
I'm also curious what is different between each user's backups making one incompatible with another, or is it just as simple as there is no vector to load the recovery images without first having access APX and a fastboot that might as well output a usage of 'reboot, devices'
I've read the great details posted above regarding the TF secure boot process but wondered if anyone would be so kind as to look at what can be done for those who have upgraded past 9.4.5.30r01 and waste sometime explaining the details to me so I might hopefully one day be able to flash new kernels with out the panic attacks I get from that delay between the bootloader and OS load..
Thoughts?
jhannah01 said:
What precisely changed post .30 in the bootloader? From my understanding you need to first flash staging with a custom built blob (ebtblob.bin) and I wonder if the issue is simply (well, you know.. sorta) based around the pre-.30 bootloader that was reverse engineered? Or is it something far worse?
I would love to hear any of the technical details as I do enjoy reverse engineering Android applications, firmware and pretty much anything.
I'm also curious what is different between each user's backups making one incompatible with another, or is it just as simple as there is no vector to load the recovery images without first having access APX and a fastboot that might as well output a usage of 'reboot, devices'
Click to expand...
Click to collapse
1. Starting with the 9.4.5.30 bootloader, Asus added a check that only correctly signed bootloaders can be flashed. That locks out the hacked bootloader (ebtblob.bin) that we need to obtain the blob for wheelie.
2. The chip ID and the related SBK are unique per device. The bootloader is encrypted with the SBK, so each user's backup is different and not exchangeable.
For more info, read the whole nvflash thread - it's all already explained there.
Hi everyone,
So lets say that the sun would rise from the west tomorrow and Asus/Nvidia released an update for NVFlash compatible with 4.1 and 4.2. Would people including myself who have a bricked tf300t with nonfunctional "fastboot flash" be able to save the tablet or are we simply screwed? (changing motherboard is not worth it in my opinion) Could some body with enough knowledge be kind and explain?
By the way, if you haven't signed the NVFlash petition yet. Do a favor and do it now! Thanks.
I think you can only install nvflash on not-yet bricked devices!
Sent from my Transformer Pad TF300T using xda app-developers app
vahid_shirvani said:
Hi everyone,
So lets say that the sun would rise from the west tomorrow and Asus/Nvidia released an update for NVFlash compatible with 4.1 and 4.2. Would people including myself who have a bricked tf300t with nonfunctional "fastboot flash" be able to save the tablet or are we simply screwed? (changing motherboard is not worth it in my opinion) Could some body with enough knowledge be kind and explain?
By the way, if you haven't signed the NVFlash petition yet. Do a favor and do it now! Thanks.
Click to expand...
Click to collapse
1. It will only work on UNLOCKED devices
2. It requires access to Fastboot to prepare device first time
3. It won't work on fully bricked devices (See 2.)
from http://androidroot.mobi
http://androidroot.mobi/nvflash-for-tegra3-transformer-tf300t/
tobdaryl said:
1. It will only work on UNLOCKED devices
2. It requires access to Fastboot to prepare device first time
3. It won't work on fully bricked devices (See 2.)
from http://androidroot.mobi
http://androidroot.mobi/nvflash-for-tegra3-transformer-tf300t/
Click to expand...
Click to collapse
I'm not sure why that has to be the case. On the Iconia A500 and the TF101, getting into apx mode with the code allows NVflash to wipe the NAND clean, rewrite the partition table and then rewrite the bootloader. Which retros you back to the state antebellum, which would allow reinstallment of a rom of choice after. This, at least theoretically. I make no pretense at being an expert at it, but perhaps android mobi's is not the only possible way. If truth be told, instructions by mobi's are about as clear as mud for debutants. If enough devils get involved, we may even have an automated device not unlike the APX Flash Tool or BadSector for the A500. Again, I could be missing some critical elements big time. Please enlighten us if you could, tobdaryl. Many thanks.
graphdarnell said:
I'm not sure why that has to be the case. On the Iconia A500 and the TF101, getting into apx mode with the code allows NVflash to wipe the NAND clean, rewrite the partition table and then rewrite the bootloader. Which retros you back to the state antebellum, which would allow reinstallment of a rom of choice after. This, at least theoretically. I make no pretense at being an expert at it, but perhaps android mobi's is not the only possible way. If truth be told, instructions by mobi's are about as clear as mud for debutants. If enough devils get involved, we may even have an automated device not unlike the APX Flash Tool or BadSector for the A500. Again, I could be missing some critical elements big time. Please enlighten us if you could, tobdaryl. Many thanks.
Click to expand...
Click to collapse
Once nvflash is installed what you present is correct (at least that is my understanding - I have only done a simple restore for testing purposes). Look at my signature for a guide to restore with nvflash. The second method presented is what you suggest for the tf101.
The situation to install is different because Asus has locked the tablet to exclude installing nvflash.
I am in the dark as you are. I only know what I can and can't do on my tablet. Otherwise I can pass information provided by others.
My reference is the Nook Tablet. I can delete every partition and rebuild the drive from a blank state this is possible because the tablet can boot from an sdcard.
I had a pm request to provide an nvflash installation guide. I complied but did not present it on xda. The member making the request was pleased and successfully used it to install nvflash. I have since used it to install nvflash on one tablet. Honestly my guide is no better than the guide provided, just a different presentation and can be done by anyone who wishes go step by step through the guide already presented. Just copy and paste the info and do some minor rewording.
I wish I could truly help but I honestly can't. I have come to accept some related info as fact since I have not been able to prove otherwise and have grown tired while chasing dead ends. I don't have the expertise, experience, or hardware to move forward.
First off, i'm sorry if the title is misleading and/or belong in the wrong part of this forum.
So, I'm late to the party, just got myself a Z5 E6653 and when I look for guides on how to obtain root they kind of out-of-date. So i'm here to make sure the path I choose to follow will be the correct one as I dont want to lose my TA partition. As far as I know, according to this guide to back up my TA partition I have to downgrade to Lollipop, but I found something interesting about backing up TA partition on Marshmallow using dirtycow method (sorry Nougat users).
So, the steps I'm proposed is, if my device is already on stock MM unrooted, locked bootloader.
1. Go here Sony cross-devices development and download file called backupTA_v2.zip this shouldnt makes us need to downgrade
2. Run the BackupTA.cmd file if you're on windows
3. There will be errors about dirtycow failed but the script automatically retry, me myself got screen-full of retries before the script actually backed up my TA partition and you'll be presented with .imgfile called TA_devicemodel_somenumbers_timestamp.img about 2MB in size (am i correct so far? this is why i want to make sure this will work)
4. Save your file in a very secure place.
That concludes the Backup TA part of rooting process am I on the right path so far?
To get unlocked bootloader according to this :
Given that you have downloaded flashtool and installed the drivers in the \drivers folder in flashtool installation
!!THIS WILL WIPE ALL DATA!!
1. Click the BLU button at top then open Sony developer website
2. Select device and follow instruction until you get a key
3. Paste the key to flashtool
4. THAT'S IT?
Now after this we can use fastboot command to flash kernel and the kernel includes recovery.
Are these steps correct so far?
I might as well add these here.
To get kernel and recovery up and running, I'll be taking androplus kernel for example, I'm assuming it works with stock ROM.
1. Get the kernel .zip here at Androplus homepage
2. And download latest TWRP recovery from androplus download page, at this time of writing it should be TWRP-3.0.2.2-e6653.img
3. Notice that it's in .zip format which we cannot use yet since we don't have custom recovery.
4. Open the zip file you just downloaded and you should see boot.img That's your brand new shining kernel, extract it outside put it in a folder along with your favorite fastboot.exe file
5. Go to fastboot, as far as I know you go to fastboot by turning off the device -> hold volume down then plug USB cable. (see note)
6. First, according to Androplus page, flash the kernel first using the command
Code:
fastboot flash boot boot.img
7. Then the recovery
Code:
fastboot flash recovery TWRP-3.0.2.2-E6653.img
8. Reboot by unplugging the USB cable
Note: some interesting thing I found while trying to enter fastboot or flashmode that it might not work if your USB port is powered How to tell if your port is powered? I'm not sure. You will have to change port and hope for the best ^_^
Yes. Explained many times. Not hard to do.. 4-5 minutes then WHOLA!
sceryavuz said:
Yes. Explained many times. Not hard to do.. 4-5 minutes then WHOLA!
Click to expand...
Click to collapse
Ahaha, sorry. Those guides are "old" in android way of changing things very fast, and I haven't seen a guide which includes backup TA partition on marshmallow so I wasn't sure it'd work correctly. Now that I know it worked, I can proceed to unlock my bootloader.
Any tips or Kernel/Rom I should use for first time flash?
webslasher said:
Ahaha, sorry. Those guides are "old" in android way of changing things very fast, and I haven't seen a guide which includes backup TA partition on marshmallow so I wasn't sure it'd work correctly. Now that I know it worked, I can proceed to unlock my bootloader.
Any tips or Kernel/Rom I should use for first time flash?
Click to expand...
Click to collapse
LineageOS, CarbonROM, eXistenZ, SunKernel..
Dear both,
I was just doing quite the same, so it was nice to read the short summary. Honestly, I'm doing these "Flash ROM stuff" very rarely, so I'm not 100% confident how to bring back those DRM/TA. I recorded it - the device came with Android LP 5.11, so this was easy done by iovyroot.
Anyway, I have the TA-backup - so I'm also going to unlock the Boot Loader now. :good:
Good to know I spend a day on reading so many related stuff, and it could be done in 4-5 min
sceryavuz said:
LineageOS, CarbonROM, eXistenZ, SunKernel..
Click to expand...
Click to collapse
I will try Existenz as I want to keep it stock looking, thanks!
bosquarid said:
Dear both,
I was just doing quite the same, so it was nice to read the short summary. Honestly, I'm doing these "Flash ROM stuff" very rarely, so I'm not 100% confident how to bring back those DRM/TA. I recorded it - the device came with Android LP 5.11, so this was easy done by iovyroot.
Anyway, I have the TA-backup - so I'm also going to unlock the Boot Loader now. :good:
Good to know I spend a day on reading so many related stuff, and it could be done in 4-5 min
Click to expand...
Click to collapse
I'm glad to find someone that is going to go through these procedures too! I will also proceed to unlock my bootloader what rom and kernel do you plan to flash?
Hi, thanks for this. I just got the Z5 today so my first port of call was coming here and finding out how to root it. I previously had the Z2 and Z2 tablet which I rooted last year with the help of the members here, I hope the process for this isn't too different for this one. I think I forget more than I remember so the guide is helpful.
Hello everyone,
So I've been off the fourms for quite some time, woun't go in detail about that. And as some might know I've broke my LCD touch screen. I got a replacement and replaced it with no isuess, works perfectly.
But...
I forgot the gesutre key I set on this phone because I haven't used it for months, and used my other A217F for the replacement.
I haven't been doing anything related to android so I forgot quite the stuff I use to know. My question is how can I bypass the disk encryption and pull the GESTURE.KEY from USERDATA. It OEM unlocked, rooted via magisk, and runs TWRP custom recovery. This is quite the older version of TWRP. I can flash it to the new one but the SYSTEM root is still under encryption. Idk if maybe I can dissasemble it from the SCATTAR, or pulling it via ADB (wich probably woun't work). I also want to help others who want to achive this so that's also one of the points for this thread. I'll list some of the info of this phone:
SM-A125F
BUF9 firmware SW_REV 1
Patched BOOT and VBMETA images via magisk
Custom recovery (TWRP)
Fixed IMEI and BASEBAND
Thanks,
Krypton
You can't bypass encryption.That's the point of it.To make sure the data is unreadable without the right key.If there was a way to read encrypted data without the key then it would be pointless
jesus201820 said:
You can't bypass encryption.That's the point of it.To make sure the data is unreadable without the right key.If there was a way to read encrypted data without the key then it would be pointless
Click to expand...
Click to collapse
Yea Ik the point is it can still be forceivly disabled via running unsinged firmware. It's OEM unlocked, I should have every ability possible.