Related
Before we begin. This solution is for people who have tried everything multiple times, and failed. If you haven't read and have not tried the following solutions yet, please do so first:
How to start over: From original stock to rooted latest OTA (WiMAX working!)
[GUIDE] Bad WiMax MAC? Broken 4G after update? Fix HERE!
The guide below is ONLY for people who did not have success with above methods (i.e. they are really really hosed). And there are limitations for now, until everything is confirmed and tested. The most important part you need access to a second, healthy and rooted EVO. As of yet, this is the only way to guarantee that one binary dump is not used a million times, negating the effect.
Please read the whole guide before starting the process, so that you know the risks, limitations, and potential issues with all this.
I am going to sign off for a few hours, and go enjoy my life for a brief time, before returning to answer any questions that may arise.
Ok, so for now, this is more of a proof of concept solution, since I understand not everyone has more than one EVO to do what I did.
My idea about partitions was correct, so without further ado, here is how to restore a botched wimax.
What you need.
2 Fully rooted EVOs (step 1 and step 2), one with working 4G (any version of all firmware on either, all we care for is working WiMax)
System which can do fastboot commands. That means you will have to have Android SDK installed. I also add path to /tools folder into my system PATH, so I don't have to type out the full path to adb or fastboot every time
Custom recovery. I use clockwork for this, since I am not sure all the files are signed, as required by Amon RA's recovery
Broken EVO backup
Backup your existing wimax partition on your broken EVO. We may need it some day.
Open command line window (cmd)
Make sure you have no PC36IMG.zip files in the root of your SD Card, or it will take a while to power your phone up
Power down your phone
Power it up while holding down the Volume Down key
HBOOT will attempt to scan for PC36IMG files. Let's hope you read carefully and don't have it on your SD Card root
Once HBOOT fails to find the file, use Vol Up/Down buttons to go into Fastboot mode
Connect the USB cable to your phone (and PC). You may have to install the USB drivers that come with Android SDK, but chances are if you are looking for this solution, you already have them installed and working
The FASTBOOT mode will switch to FASTBOOT USB (that's good)
Test your fastboot by typing "fastboot oem h" in command window you opened earlier (note, no adb, or adb shell anywhere, the command is "fastboot oem h". From here on all fastboot commands are issued in that window
If you see less than ~40 lines of output, you don't have a propertly rooted phone, and you need to do step 1 and step 2 (see above)
Dump your wimax data by issuing "fastboot oem saveprt2sd wimax -n wimax.bin" command (varies, anywhere between 7 to 8.5 MB, mine was 7MB)
Dump complete partition (~12MB) by issuing "fastboot oem saveprt2sd wimax -n wimax.bin -a" command
Reboot your phone
Pull the data files you dumped to a safe place ("adb pull /sdcard/WIMAX.BIN" and "adb pull /sdcard/WIMAXRAW.BIN"). Note the capitalization, it's important
We are done with your "bricked" phone.
Getting correct wimax image from a working phone
Now, repeat the same steps for your working phone (steps 1-14)
Pull the files to a different (safer) place, and cherish them like they are the only thing you care about in this world (which you do, right?)
Make a copy of your WIMAX.BIN file from the working phone (do NOT edit the actual file, just in case something breaks with your working phone at any time)
Use hex editor to update the working file in 2 places, and change the MAC address (which should be your working evo MAC - 1) to your broken evo MAC - 1 (remember, A becomes 9, F becomes E, etc). It's a big file, so search for "00:18" to find the 2 places. There will be exactly 2, not 3+ and not 1.
Rename the file you just edited to "wimax_25641R01.img"
Fixing your bricked phone
Push it to your sd card root: "adb push wimax_25641R01.img /sdcard"
Push the attached zip file to sdcard root: "adb push new_wimax.zip /sdcard"
Reboot your bricked phone into recovery
Flash new_wimax.zip. This will force write wimax_25641R01.img you pushed earlier, including the certificates in it
Reboot from recovery, let it finish, and boot up into Android
If not running the latest evo WiMax firmware yet, use the second attached zip to do so
Reboot your phone. Allow everything to complete and boot into Android
If needed, update PRL/Profile (I didn't need to, but I already updated it 50 times by now, so YMMV)
Now, I can not attach any of my dumps yet, before I test and make sure whether both phones can stay online on 4G without interruption, I will do some more testing later, since the Encryption keys are different (between 2 working evos I dumped binaries from). I still have 1 more phone to check when I get home. So if you have another evo (friend, family, etc) - you can do that already.
Otherwise, be patient, more testing is needed to make sure we are not going to steal anything from your friend, family, etc, since encryption keys are unique.
But the above solution works for completely restoring your 4G into working state.
I am currently running latest rooted OTA update, too, so it definitely works fine on latest and greatest.
Red,
Have you actually seen the encryption keys in plain text? How many bits are they?
Also, when you restored the wimax part from the working phone to your non-wimax-working phone, did you keep the MAC the same between the two phones?
Red,
Now that you have 4g fixed, can you take a look at your *.tree.xml files? Look at the ones from when 4g was broke, and then look after. Everything from boot.bin gets written into that file, and I'm hoping the signature does as well. If so, we may be able to pull it out of an old xml file and somehow work it back into the wimax.img.
Thanks
EDIT: On second thought, I do recall there being a way to flash the signature via fastboot..
MAC addresses were kept different, exactly what they are on a label behind the battery. For each phone. Hence, the editing step for the wimax partition dump.
Tree.xml does not contain any signatures, I verified this some time ago before I even started playing with the wimax partition by taking one from a working evo.
The keys are in plain text, simple RSA keys, judging by the size looks like 1024 bit. both public and private key are stored. Who knows, maybe just faking one will do it but I am guessing they are signed by some sort of CA otherwise it would be too insecure of Sprint.
So if we had a Nandroid backup from when Wimax was working, the boot.bin in that backup would have the key in it right?
Let's pretend it does, it would get written over when you powered on the phone after flashing. What if we didn't reboot after the restore and went back to recovery? We would then be able to get the boot.bin via adb and get our respective signatures. If they are indeed 1024bit, I don't see us being able to regenerate them anytime soon.
This may be worth a shot. I am not sure boot.bin has the signatures, but I will check later tonight. If it does, I am guessing we should be able to just do a drop in replacement of signatures in the image file and it should work.
Sent from my PC36100 using XDA App
Also since nandroid is just a simple copy and I'd the keys are indeed preserved, I would think we can pull them from there.
Sent from my PC36100 using XDA App
mpa4712 said:
So if we had a Nandroid backup from when Wimax was working, the boot.bin in that backup would have the key in it right?
Let's pretend it does, it would get written over when you powered on the phone after flashing. What if we didn't reboot after the restore and went back to recovery? We would then be able to get the boot.bin via adb and get our respective signatures. If they are indeed 1024bit, I don't see us being able to regenerate them anytime soon.
Click to expand...
Click to collapse
Does the Boot.bin actually store the keys? You are correct that once you restore a nandroid your working Boot.bin is replaced on boot of Android, in fact from what I saw it seemed it was replaced upon every boot but I could just be mistaken. With that said once you nandroid you can pull it by adb shell mount -a then adb pull /data/wimax/Boot.bin all from right within recovery without booting back into Android.
redsolar said:
Also since nandroid is just a simple copy and I'd the keys are indeed preserved, I would think we can pull them from there.
Sent from my PC36100 using XDA App
Click to expand...
Click to collapse
Cordy said:
Does the Boot.bin actually store the keys? You are correct that once you restore a nandroid your working Boot.bin is replaced on boot of Android, in fact from what I saw it seemed it was replaced upon every boot but I could just be mistaken. With that said once you nandroid you can pull it by adb shell mount -a then adb pull /data/wimax/Boot.bin all from right within recovery without booting back into Android.
Click to expand...
Click to collapse
My thoughts exactly gentleman.
The only problem I forsee is that when you restore a nandroid backup, doesn't the phone reboot automatically afterwards? I think it does.
mpa4712 said:
My thoughts exactly gentleman.
The only problem I forsee is that when you restore a nandroid backup, doesn't the phone reboot automatically afterwards? I think it does.
Click to expand...
Click to collapse
ugh it shouldn't, not sure what recovery you're using but using toasts or Amon_Ra's recovery it just restores the nandroid and then you choose manually to reboot. In fact I've already pulled my Boot.bin from before I messed up my MAC this way already, I actually puled the whole wimax folder.
you can unyaff your data.img in your nandroid and dig thru watever you want.
david279 said:
you can unyaff your data.img in your nandroid and dig thru watever you want.
Click to expand...
Click to collapse
*grumble* going to compile it now....*grumble*
david279 said:
you can unyaff your data.img in your nandroid and dig thru watever you want.
Click to expand...
Click to collapse
lol or do that so much easier huh!
looking at my boot.bin from 6/20, I don't *think* the signature is in it. However, I will let Red confirm that since he knows exactly what to look for.
I've only dealt with rsa encryption using openssl, in a full screen terminal, not a tiny hex editor.
There are some fw files in the wimax directory that are worth a look too though.
mpa4712 said:
looking at my boot.bin from 6/20, I don't *think* the signature is in it. However, I will let Red confirm that since he knows exactly what to look for.
I've only dealt with rsa encryption using openssl, in a full screen terminal, not a tiny hex editor.
There are some fw files in the wimax directory that are worth a look too though.
Click to expand...
Click to collapse
That was the reason I asked, I as well as others have looked through the Boot.bin before. I also looked through all the firmware files. Interestingly there is a default firmware and that a manufacturer firmware I'm guessing one to fall back on the other. You're mac is in the Boot.bin as well as wimax_properties. If these files stored the keys great, but either way they'd have to be changed on the actual firmware.
Interestingly enough, my boot.bin from my broken wimax is about 10kb smaller than my boot.bin from my nandroid backup that had working wimax.
Clearly there is something in that file that the other one does not have. I do think the rsa keys need to be stored somewhere though. I really do not believe the phone does on the fly encryption/decryption with them from the wimax partition.
If they come in an actual file, red will be able to extract the wimax.img he made and look.
mpa4712 said:
Interestingly enough, my boot.bin from my broken wimax is about 10kb smaller than my boot.bin from my nandroid backup that had working wimax.
Clearly there is something in that file that the other one does not have. I do think the rsa keys need to be stored somewhere though. I really do not believe the phone does on the fly encryption/decryption with them from the wimax partition.
If they come in an actual file, red will be able to extract the wimax.img he made and look.
Click to expand...
Click to collapse
you know for something that obvious I never noticed that. I never ran a diff on them. I just scanned through it to see if there was anything that struck out as being different and I stopped when I saw the different MAC's
I just went through the two boot.bin files and I'm pretty sure the keys are not in there. However, there are plenty of files that get overwritten on every boot, so I'm going to go through all of them. A 1024bit key should stick like a sore thumb if it's in plain text..
How can I tell if my keys were effed up? I'm currently out of 4G coverage and will be for the next week or so, but I'd like to get it fixed.
I know it was broken because my MAC was changed, I've fixed everything, my boot.bin is the same as pre-screwup as is wimax_properties, everything appears to be working fine, but I can't tell without coverage.
I just wanna know if I messed my keys up too, but I'm not sure whether I did or not?
Geniusdog254 said:
How can I tell if my keys were effed up? I'm currently out of 4G coverage and will be for the next week or so, but I'd like to get it fixed.
I know it was broken because my MAC was changed, I've fixed everything, my boot.bin is the same as pre-screwup as is wimax_properties, everything appears to be working fine, but I can't tell without coverage.
I just wanna know if I messed my keys up too, but I'm not sure whether I did or not?
Click to expand...
Click to collapse
From what we know, if you ever had a messed up MAC then your keys are also gone.
Hello,
I thought of myself as a pretty experienced user, but you never learn enough!
However, I flashed some roms (lollipop) that, probably due to my mistakes, screwed up my file system, to the point that my recovery (latest PhilZ) wasn't able to find its backup anymore. Eventually I solved the problem as I was able to find my backups and use them to revert my phone to the rom I wanted to run (Carbon 4.4.4). But I was really annoyed by the fact that my file system was a bit off and still I was having problems with the recovery. So I decided to begin investigating the possibility to restore my phone to factory default. Before going with it, I tried the soft approach, i.e. I used the soft factory reset available from the settings menu. It all seemed fine and I re-flashed a lollipop rom that suited me.
Now the problem is that, after all the ordeal, I decided to make a new backup and so I did. It appears all fine, my recovery can actually "see" it, but I cannot identify it using a root browser! It seems to have disappeared unless I open the recovery and then I see it there. It is located in a folder that I can, of course, access, but,when I do so, I can't find the file!
I tried to put on my phone an old backup (always a PhilZ one), but when I try to put it on the phone I can't find the Backup folder in the Clockworkmod folder!
Anyone has any idea of what is going on and can give me a suggestion on how to overcome the problem?
Thanks
Luca
PS An alternative would be suggesting how to do a restore from a sideload: I thought I saw a similar option, but I can't seem to find it anymore within the recovery's options! I tried also restoring via NRT, but although all seem to go fine and the software return no failure notice, I can't find the backup file that should have been pushed (successfully) on my device!
Its not a recovery issue. Its an L issue.
Best thing to do would be to wipe data and storage then fastboot flash userdata.IMG
http://forum.xda-developers.com/showthread.php?t=2938749
rootSU said:
Its not a recovery issue. Its an L issue.
Best thing to do would be to wipe data and storage then fastboot flash userdata.IMG
http://forum.xda-developers.com/showthread.php?t=2938749
Click to expand...
Click to collapse
Thanks a lot for your help.
How can I find the img. file to flash?
Would it be ok to just go ahead and start from 0 using this:
http://forum.xda-developers.com/google-nexus-5/general/tutorial-how-to-flash-factory-image-t2513701
How can fastboot flash an image file? I've never done that before! As I said, been doing this for a while, but never done this before...I think!
Luca
Alas, after reading your post on one-click toolkits, I'm afraid I'm one of those who thinks they can do things, but rely on simple tools to do them. However, I never (almost never) forgot to make a nandroid backup before flashing a new rom and, to be honest, I'm not a flashoolic. I never, ever bricked my phone (got a few bootloops). If I find a rom that suits my need, I stick with it for as long as I can.
The changes between KK and L are such that are beyond my comprehension, but I try hard to solve the problems I have without bugging everyone at the first obstacle. But now, after fidgeting with my phone for 2 days, I had to give up. With a few words, you singled out the reason why I couldn't come on top of this: things change and I was not informed of how much they did!
Luca
Problem partially solved..I think! Now I can see the folder and found my backup!!
I used the restorecon command you suggested. I couldn't make it work using terminal emulator (just did not accept the su command: why I don't really know). Then I thought about using adb shell via pc and, I really surprised myself; I was able to pull it through. I'm not totally brain damaged as I felt when I couldn't even reproduce the command you indicated. It is probably the application that doesn't work. It was my first time with adb shell, so a new thing learned.
However, now I would like to ask you: if I place in the proper folder the backup folder I saved on my pc, will I be able to restore the nandroid backup? I just need some data that I forgot (trivial things, such as text messages and a few app data, like passwords and stuff) but it would be useful.
Thanks once more for your help.
Luca
Hello, everyone and thanks in advance.
I'm not sure the entire sequence of events because I've spent so much time trying to fix the issue that I can't remember what caused it. Sometime after flashing the custom kernel here to try to get safety net to pass checks I rebooted and the stock deodexed ROM told me that encryption was not possible and I had to restore to factory.
So... I didn't. I thought that sounded like a bad idea. Instead I connected with adb and rebooted into fastboot and flashed TWRP to recovery again in case TWRP had been replaced and then I rebooted into TWRP. From there I wiped data and reflashed the 20C deodexed ROM. I figured that would be the safest way to get rid of the message and the phone had just been reset anyway so I wasn't really losing any ground.
Problem is... now it only reboots into TWRP. It will not boot system. I have tried a ton of things since then like flashing the original boot and recovery. I have also tried flashing the boot and recovery from here.
No luck. I've even reflashed TWRP just in case. I bet this is simple but I can't figure it out. Any help is appreciated. Thanks!
I ended up not figuring out a way to solve this from where I was at. Somebody probably could have but nobody saw it in time.
What I ended up doing instead was putting the phone into download mode (holding volume up and plugging the phone into a computer) and then I used LGUP (with uppercut.exe) to flash the 20A KDZ on there. When Android booted it still complained that the data partition was unencrypted so this time I let the phone wipe it. It rebooted... wiped it and now it is starting Android for the first time in a day. That feels pretty good actually.
I guess I'll start over now with recowvery since I'm on stock 20A.
codahq said:
I ended up not figuring out a way to solve this from where I was at. Somebody probably could have but nobody saw it in time.
What I ended up doing instead was putting the phone into download mode (holding volume up and plugging the phone into a computer) and then I used LGUP (with uppercut.exe) to flash the 20A KDZ on there. When Android booted it still complained that the data partition was unencrypted so this time I let the phone wipe it. It rebooted... wiped it and now it is starting Android for the first time in a day. That feels pretty good actually.
I guess I'll start over now with recowvery since I'm on stock 20A.
Click to expand...
Click to collapse
I discovered something in doing this again (because it happened again). When you want to wipe data so that it is unencrypted... don't. From TWRP instead of wiping just format it. So TWRP -> WIPE -> Format -> (Type yes). Wiping for some reason changes the partition information enough that stock can't find the data partition or can't use it or something along those lines. It then freaks out and wants you to factory reset. I think it needs stock recovery to do that so that process fails and then you have the boot loop to TWRP over and over.
That's my working theory anyway. I did it all again but did format instead of wipe and it seems to be working. I'm leaving this here for posterity. Hopefully it will help somebody.
Thank you so, so, so, so, so, .................. much.
You saved my day! I ran into the same exact issue you had. Lots of blessings and best wishes to YOU and this XDA community!
BTW, I found another thread with an easier way to fix this. Go to the terminal in TWRP and run these commands:
dd if=/dev/zero of=/dev/block/bootdevice/by-name/fota
dd if=/dev/zero of=/dev/block/bootdevice/by-name/misc
That should fix it. You may or may not have to reflash your rom after, but it got me up and running without any fuss.
rjcarter3 said:
BTW, I found another thread with an easier way to fix this. Go to the terminal in TWRP and run these commands:
dd if=/dev/zero of=/dev/block/bootdevice/by-name/fota
dd if=/dev/zero of=/dev/block/bootdevice/by-name/misc
That should fix it. You may or may not have to reflash your rom after, but it got me up and running without any fuss.
Click to expand...
Click to collapse
Do not use the above commands unless the following one commands doesn't work. Using the above commands wipes your whole misc partition and deletes your WiFi Mac address (you'll end up having a Mac address that changes every reboot). I did make a guide in the guides section to fix this, but better to use the correct way so you don't have to fix it later. Here is the correct code to get out of TWRP bootloop:
Code:
dd if=/dev/zero of=/dev/block/bootdevice/by-name/misc bs=256 count=1 conv=notrunc
Yup, if sure does. Any suggestions for how to fix it?
rjcarter3 said:
Yup, if sure does. Any suggestions for how to fix it?
Click to expand...
Click to collapse
Yes I created a guide some while ago located here:
https://forum.xda-developers.com/lg-g5/how-to/guide-fix-wifi-mac-address-changing-t3533841
Note: This fix will stick as long as you don't flash another ROM or wipe system / data when updating a ROM. If you do either of those, you'll need to redo this fix. Unfortunately there doesn't appear to be a permanent fix. I tried to manually edit my misc partition with a Mac address and flash it back, but it didn't work. But my temp fix does work
I didn't realize that by no permanent fix you really meant permanent. I flashed back to stock and it still persists. I guess a full restore isn't really a full restore.
rjcarter3 said:
I didn't realize that by no permanent fix you really meant permanent. I flashed back to stock and it still persists. I guess a full restore isn't really a full restore.
Click to expand...
Click to collapse
Well, that is why it's not recommended to use those commands and also why I stated that any time you flash a new ROM, even stock, you'll need to redo that fix. However, once you do it, it will stay until you flash a different ROM or wipe system for whatever reason.
jeffsga88 said:
Well, that is why it's not recommended to use those commands and also why I stated that any time you flash a new ROM, even stock, you'll need to redo that fix. However, once you do it, it will stay until you flash a different ROM or wipe system for whatever reason.
Click to expand...
Click to collapse
Oh, ok - I didn't see you say stock, but it doesn't matter. This phone isn't a daily driver for me, so I'm fine to do some experimenting with it. Just really interesting that flashing a full factory restore KDZ file doesn't fix the issue. I flashed to 20A, relocked my bootloader and did OTA updates all the way to 20F and then LGUP back to 20A. Still changed every time.
There seems to be some debate in the other thread if this problem existed even before wiping any misc directories. I think you even mentioned that it appears to be from formatting data to remove encryption. Isn't removing encryption central to the process of rooting altogether? ie, wouldn't this problem exist in any rooted G5 phone and not just those who ran those commands I posted above? I realize that wiping misc will break your fix, but is that what causes it in the first place?
rjcarter3 said:
Oh, ok - I didn't see you say stock, but it doesn't matter. This phone isn't a daily driver for me, so I'm fine to do some experimenting with it. Just really interesting that flashing a full factory restore KDZ file doesn't fix the issue. I flashed to 20A, relocked my bootloader and did OTA updates all the way to 20F and then LGUP back to 20A. Still changed every time.
There seems to be some debate in the other thread if this problem existed even before wiping any misc directories. I think you even mentioned that it appears to be from formatting data to remove encryption. Isn't removing encryption central to the process of rooting altogether? ie, wouldn't this problem exist in any rooted G5 phone and not just those who ran those commands I posted above? I realize that wiping misc will break your fix, but is that what causes it in the first place?
Click to expand...
Click to collapse
Well, technically formatting data shouldn't have anything to do with it as the WiFi Mac address is stored in your misc partition. Reason I thought it might be from formatting data before was because I didn't realize I wiped my misc partition. When first rooting the T-Mobile version it was pretty much necessary to run those commands which wipe it and no one had known about the other commands that were safer, so a lot of people ended up with this issue quite awhile ago and not knowing why. I only figured out why with talking with autoprime after posting my guide to fix it. Also, wiping misc partition after doing my fix doesn't break my fix, wiping your data from TWRP, or flashing a new ROM or stock will break the fix as the fix is stored in data/misc/wifi. Also, reason that flashing a kdz of stock doesn't fix it is because the kdz doesn't rewrite your misc partition. Technically, you should be able to pull your misc partition, edit it to have Mac address again and push back with adb, yet when I tried it didn't fix it.
jeffsga88 said:
Do not use the above commands unless the following one commands doesn't work. Using the above commands wipes your whole misc partition and deletes your WiFi Mac address (you'll end up having a Mac address that changes every reboot). I did make a guide in the guides section to fix this, but better to use the correct way so you don't have to fix it later. Here is the correct code to get out of TWRP bootloop:
Code:
dd if=/dev/zero of=/dev/block/bootdevice/by-name/misc bs=256 count=1 conv=notrunc
Click to expand...
Click to collapse
Worked like a charm, you are the ****ing man, Thanks man.
Skyline GTR78 said:
Worked like a charm, you are the ****ing man, Thanks man.
Click to expand...
Click to collapse
Hey, can you check to see:
a) if you have the same wifi mac address after successive reboots
b) if you do, can you browse to
"/system/etc/wifi"
and open this file in a text editor:
"bcmdhd.cal"
And see if the Mac address is located in the top of the file matches the one in your settings menu? I just want to verify this is the correct hardware address when I use the manual fix for this.
---------- Post added at 03:22 PM ---------- Previous post was at 03:14 PM ----------
jeffsga88 said:
Well, technically formatting data shouldn't have anything to do with it as the WiFi Mac address is stored in your misc partition. Reason I thought it might be from formatting data before was because I didn't realize I wiped my misc partition. When first rooting the T-Mobile version it was pretty much necessary to run those commands which wipe it and no one had known about the other commands that were safer, so a lot of people ended up with this issue quite awhile ago and not knowing why. I only figured out why with talking with autoprime after posting my guide to fix it. Also, wiping misc partition after doing my fix doesn't break my fix, wiping your data from TWRP, or flashing a new ROM or stock will break the fix as the fix is stored in data/misc/wifi. Also, reason that flashing a kdz of stock doesn't fix it is because the kdz doesn't rewrite your misc partition. Technically, you should be able to pull your misc partition, edit it to have Mac address again and push back with adb, yet when I tried it didn't fix it.
Click to expand...
Click to collapse
Thanks - has anyone verified that those who've rooted but not run those commands did not exhibit the MAC changing issue (ie, that it's definitely the cause of the problem and doesn't just duplicate the problem)?
Also, I was trying to follow your directions for the manual fix, created the config file but when I run the command from the terminal, I get this:
sush: cat: /sdcard/config: No such file or directory
Any ideas? Thanks!
rjcarter3 said:
Hey, can you check to see:
a) if you have the same wifi mac address after successive reboots
b) if you do, can you browse to
"/system/etc/wifi"
and open this file in a text editor:
"bcmdhd.cal"
And see if the Mac address is located in the top of the file matches the one in your settings menu? I just want to verify this is the correct hardware address when I use the manual fix for this.
---------- Post added at 03:22 PM ---------- Previous post was at 03:14 PM ----------
Thanks - has anyone verified that those who've rooted but not run those commands did not exhibit the MAC changing issue (ie, that it's definitely the cause of the problem and doesn't just duplicate the problem)?
Also, I was trying to follow your directions for the manual fix, created the config file but when I run the command from the terminal, I get this:
sush: cat: /sdcard/config: No such file or directory
Any ideas? Thanks!
Click to expand...
Click to collapse
Ok, first let's try and keep this on topic, this thread is about TWRP bootlooop not the wifi Mac address. Anything else about the wifi Mac address ask in my wifi Mac address guide thread. I just don't want to get way off topic for people looking to figure out the TWRP bootlooop. Anyways, I will answer both questions though.
So, first answer is the Mac address that's in the bcmdhd.cal is based on what it gets from the config file. If that config come doesn't exist and your wifi Mac address isn't in your misc partition, it will just make up a random Mac address, hence the random Mac address every reboot. If you're wanting your real wifi Mac address, it may be pretty hard to figure it out, why I say just pick something you like and it will stay that each time you reboot.
Second answer, make sure you create the config file (with no extension) at root of internal sd card. Then, copy and paste the command exactly into the terminal and it'll work.
Code:
su -c "cat /sdcard/config > /data/misc/wifi/config"
Hopefully that'll help, if you have any more questions regarding the fix for the wifi Mac address feel free to ask me in that thread.
jeffsga88 said:
Do not use the above commands unless the following one commands doesn't work. Using the above commands wipes your whole misc partition and deletes your WiFi Mac address (you'll end up having a Mac address that changes every reboot). I did make a guide in the guides section to fix this, but better to use the correct way so you don't have to fix it later. Here is the correct code to get out of TWRP bootloop:
Code:
dd if=/dev/zero of=/dev/block/bootdevice/by-name/misc bs=256 count=1 conv=notrunc
Click to expand...
Click to collapse
Thanks! Had to use it after trying to upgrade Lineage on my h830 today. :good:
Fixing with stock recovery
If I've managed to get into the same situation, but tried to fix it by using LGUP to flash the .KDZ of the stock 20a ROM (including stock recovery), and then found that it still does this recovery loop type of thing (shows T-mobile logo for 10 seconds, then boots into stock recovery erasing the data, then repeat) how would I fix it?
Thanks,
Elliot
jeffsga88 said:
Do not use the above commands unless the following one commands doesn't work. Using the above commands wipes your whole misc partition and deletes your WiFi Mac address (you'll end up having a Mac address that changes every reboot). I did make a guide in the guides section to fix this, but better to use the correct way so you don't have to fix it later. Here is the correct code to get out of TWRP bootloop:
Code:
dd if=/dev/zero of=/dev/block/bootdevice/by-name/misc bs=256 count=1 conv=notrunc
Click to expand...
Click to collapse
You saved me with this command :good:
Works fine on LG G6 as well!
jeffsga88 said:
Do not use the above commands unless the following one commands doesn't work. Using the above commands wipes your whole misc partition and deletes your WiFi Mac address (you'll end up having a Mac address that changes every reboot). I did make a guide in the guides section to fix this, but better to use the correct way so you don't have to fix it later. Here is the correct code to get out of TWRP bootloop:
Code:
dd if=/dev/zero of=/dev/block/bootdevice/by-name/misc bs=256 count=1 conv=notrunc
Click to expand...
Click to collapse
I don't usually post on xda as I am not a dev nor am I a mad custom rom lover, but man You have saved me a sleepless night, Thank you! If you are ever in Cork, Ireland I would love to buy you a coffee or a beer!!!!
Hi,
I have a note 3 neo, 7505 and i updated the firmware. It was all working good for a week then i was listening to soundcloud to sleep and the phone restarted, since then the phone doesn't have an imei and says to insert sim card, and of course unknown modem..
Anyway, i created a backup of the efs using twrp, i have tried gazillion ways to restore the backup and gazillion manual ways too. Going to stock recovery... trying to copy manually the nvdata and all but it doesnt resolve. The files are placed there, i can see it in the shell but the thing just wont work!
i don't know how to proceed to this, i don't know if its a hardware fault, had it been that, shouldnt have i gotten the efs corrupted or some issue? could it be that the hardware itself is damaged all of a sudden? i dont think so, i pretty much think its the efs and yet i cant restore it?
should i attach my efs folder if someone can look through hex editor or logs to suggest a possible solution?
Thanks a lot and also i have search through and proceeded with many solutions and after that created a thread. hope someone can help.
P.S. I just noticed the serial number can be seen in phone status, so apparently its reading NVdata? or is it getting it from elsewhere? how to test if its a hardware fault?
penandweb said:
Hi,
I have a note 3 neo, 7505 and i updated the firmware. It was all working good for a week then i was listening to soundcloud to sleep and the phone restarted, since then the phone doesn't have an imei and says to insert sim card, and of course unknown modem..
Anyway, i created a backup of the efs using twrp, i have tried gazillion ways to restore the backup and gazillion manual ways too. Going to stock recovery... trying to copy manually the nvdata and all but it doesnt resolve. The files are placed there, i can see it in the shell but the thing just wont work!
i don't know how to proceed to this, i don't know if its a hardware fault, had it been that, shouldnt have i gotten the efs corrupted or some issue? could it be that the hardware itself is damaged all of a sudden? i dont think so, i pretty much think its the efs and yet i cant restore it?
should i attach my efs folder if someone can look through hex editor or logs to suggest a possible solution?
Thanks a lot and also i have search through and proceeded with many solutions and after that created a thread. hope someone can help.
P.S. I just noticed the serial number can be seen in phone status, so apparently its reading NVdata? or is it getting it from elsewhere? how to test if its a hardware fault?
Click to expand...
Click to collapse
The point is that TWRP creates faulty EFS backups on many devices which can't be restored properly.
There are different backup solutions (e.g. EFS Pro) confirmed working which may help you prevent future issues. I prefer the manual backup using adb shell or terminal emulator:
dd if=/dev/block/mmcblk0pXX of=/storage/SdCard/efs.img bs=4096
(XX needs to be replaced with the model specific partition number as they use different partition tables)
Restore:
dd if=/storage/SdCard/efs.img of=/dev/block/mmcblk0pXX bs=4096
thanks LS.xd, but i guess i have a pretty solid backup as i did create backup various ways, some were corrupt, but one that i working with has nvdata and every other file along with imei pretty intact....
i can open it up with winrar, and open the nvdata with hexeditor, i was wondering if i could confirm some way that the back up is actually 100% solid?
wondering if the partition's aren't aligned. I don't know for sure if EFS folder in the root directory is the same as being pointed by /mmcblkp03/platform/by-name/EFS ?
i mean they should be the same thing, its just a redirection right?
what should i be doing now? the baseband is unknown and the imei wont just work, waste the phone? or it could be done via some boxes or some other process?
there must be a starting point? isn't there some way i could use a generic imei and just any modem? then i could replace nvdata may be? right now, i'm installing various versions of stock firmware and repeatedly placing old efs data in various ways and i kind of turning hopeless. first i lost a nexus then i bought a g4 last month, gave me a bootloop just a week after, gone dead. then i bought the n3n and now this..... i mean 3 phones in a row..... i really hope this could work..
penandweb said:
there must be a starting point? isn't there some way i could use a generic imei and just any modem? then i could replace nvdata may be? right now, i'm installing various versions of stock firmware and repeatedly placing old efs data in various ways and i kind of turning hopeless. first i lost a nexus then i bought a g4 last month, gave me a bootloop just a week after, gone dead. then i bought the n3n and now this..... i mean 3 phones in a row..... i really hope this could work..
Click to expand...
Click to collapse
So you got some non TWRP made EFS backup, too? You can list your partitions using shell:
[email protected]:/ # cat /proc/emmc
You can use the dd command once you know the layout. Backups not generated manually may only be restored with the specific app/version and are probably not compatible using other restore methods. For my OnePlus 3 EFS backup can generated fine using TWRP but restoring it screws up the partition. Manually created image works fine. As I don't have a Note 3 Neo I don't know how it behaves for your device.
any idea how would i go on about inspecting the nvdata.bin? i'm in hex editor trying to see something resembling imei but its just so much garbage except a few lines.
i can't be sure whether its corrupt or not...
in efs -> imei -> a file called mps_code.dat i open it up in hex editor, and it has only 3 characters.....
is it possible i could initially use a generic imei and modem and later on populate it with actual somehow or just keep using generic one for now until i find a better solution, using hex editor or something...?
there are some tutorials on qualcom.. none for exynos but it should happen the same way, somewhere in nvdata, you place the imei ... and it would be generic method for most exynos devices...
i wish someone could guide me to that...
also can it be restored via "boxes"?
penandweb said:
any idea how would i go on about inspecting the nvdata.bin? i'm in hex editor trying to see something resembling imei but its just so much garbage except a few lines.
i can't be sure whether its corrupt or not...
in efs -> imei -> a file called mps_code.dat i open it up in hex editor, and it has only 3 characters.....
is it possible i could initially use a generic imei and modem and later on populate it with actual somehow or just keep using generic one for now until i find a better solution, using hex editor or something...?
there are some tutorials on qualcom.. none for exynos but it should happen the same way, somewhere in nvdata, you place the imei ... and it would be generic method for most exynos devices...
i wish someone could guide me to that...
also can it be restored via "boxes"?
Click to expand...
Click to collapse
After 3 years I had to retire my HTC One S. I flashed roms and firmwares up to 3-4 times a week without having any issues. One sunny day some update bricked then nvdata. I spent a bunch of hours trying to restore it in different ways, extracted data from stock firmware as well as using dumps from other user's phones, as some users reported this error fixed doing so. Even when the files was identical it just did not work for me. Changing the mainboard was the only possible solution so I decided to get a new device.
All I want to say is try to restore a valid backup in a way confirmed working. If you don't have a usable backup ask in your device's forum for somebody may upload it. Or spend 100 hours messing around with hex editors until you reach then point where you realize its cheaper to switch the device as wasting a year's holidays browsing the internet for some solution.
I guess I've been spoiled by @Funk Wizard Guides... Those were great when switching to a new device. How do you make an EFS backup on the 8T? I guess I should ask in the same thread just in case about restoring?
Ok I got my 8T a couple days ago, just been busy and haven't had time to mess with it so it's been sitting on my desk. I'm not finding many guides dedicated to the 8T, so perhaps someone can verify this. I've tested these on some other devices and they seem to work as long as the devices are rooted:
Run from an ADB Shell:
This backs up the persist partition:
dd if=/dev/block/bootdevice/by-name/persist of=/sdcard/persist.img
This backs up the EFS (Modems):
dd if=/dev/block/bootdevice/by-name/modemst1 of=/sdcard/modemst1.bin
dd if=/dev/block/bootdevice/by-name/modemst2 of=/sdcard/modemst2.bin
One thing I've noticed is the modemst1.bin files from my other OnePlus devices are different than my original backups? I'm assuming these just get updated with firmware / software updates or something?
I am by no means an expert. But I think that is the ones that is important to backup, especially the persist partition.
Qnorsten said:
I am by no means an expert. But I think that is the ones that is important to backup, especially the persist partition.
Click to expand...
Click to collapse
I know on previous OP devices the EFS (modems) stuff was backed up because that is where your IMEI (both in this case) was stored. If this got corrupted, you lost cell functionality. I think it's separate of the persist partition?
Hey dudes, is there another way to backup the EFS folder? I'm trying to copy it with root explorer pro but it doesn´t let me. I have a SM-G780F (S20 fan edition 4g)