My phone locked up. Was running CM11 April Snapshot release. Now it shows up as USB device "qhsusb_bulk" I've followed the instructions from the thread http://forum.xda-developers.com/showthread.php?t=2623587 but I get the following error.
Code:
flashing singleimage
Target LOG: Open multi failed, unknown error
Target ERROR: 7 - Open multi failed, unknown error
Failed to open multi image, status = 7
FAILED (sdl-transfer-image:send-image:sdl-open-multi:error opening multi image)
How can I get past this problem or what does the error mean?
Check USB cable..
Enviado desde mi Moto G mediante Tapatalk
Cable OK. Output from new cable follows.
Code:
greeting device for command mode
OKAY [ 0.582s]
identifying device
...serial = 0x25452DA
...chip-id = 0x801 (MSM8626)
...chip-rev = 0x0
...sv-sbl = 0x0
OKAY [ 0.010s]
finding files
...programmer = programmer_8626.mbn
...singleimage = singleimage_8626.bin
OKAY [ 0.013s]
validating files
OKAY [ 0.001s]
switching to download mode
OKAY [ 0.002s]
greeting device for image downloading
OKAY [ 0.003s]
sending programmer
OKAY [ 0.013s]
flashing singleimage
Target LOG: Open multi failed, unknown error
Target ERROR: 7 - Open multi failed, unknown error
Failed to open multi image, status = 7
FAILED (sdl-transfer-image:send-image:sdl-open-multi:error opening multi image)
Press any key to continue . . .
Cable OK. Below isDebug Output after flash singleimage_8626 is complete.
Code:
D - 00000230 00 00 00 20 00 01 00 00 7e |... ....~ |
D - Setting security mode
D - Dumping 6 bytes written
D - 00000000 7e 17 00 00 00 7e |~....~ |
D - Dumping 5 bytes read
D - 00000000 7e 18 00 00 7e |~...~ |
D - Opening device for flashing
D - Dumping 6 bytes written
D - 00000000 7e 1b 21 00 00 7e |~.!..~ |
D - Dumping 38 bytes read
D - 00000000 7e 0e 4f 70 65 6e 20 6d 75 6c 74 69 20 66 61 69 |~.Open multi fai|
D - 00000010 6c 65 64 2c 20 75 6e 6b 6e 6f 77 6e 20 65 72 72 |led, unknown err|
D - 00000020 6f 72 0a 00 00 7e |or...~ |
I - Target LOG: Open multi failed, unknown error
D - Dumping 41 bytes read
D - 00000000 7e 0d 07 00 00 00 4f 70 65 6e 20 6d 75 6c 74 69 |~.....Open multi|
D - 00000010 20 66 61 69 6c 65 64 2c 20 75 6e 6b 6e 6f 77 6e | failed, unknown|
D - 00000020 20 65 72 72 6f 72 00 00 7e | error..~ |
I - Target ERROR: 7 - Open multi failed, unknown error
E - Failed to open multi image, status = 7
D - \\.\COM23 closed
FAILED (sdl-transfer-image:send-image:sdl-open-multi:error opening multi image)
Have you solved this? I have the same msg...
USB dev qhsusb_bulk
capitanbiglio said:
Have you solved this? I have the same msg...
Click to expand...
Click to collapse
USB dev qhsusb_bulk E QUANDO SUA BATERIA TEVE UM MAL SUBITO ESTA OPERANDO EM PERAGEM BAIXA DEMAIS. QUANDO VC FAZ ROOT NO APARELHO E ELE FICA SUPER AQUECIDO A BATERIA FICA COM PERAGEM DESREGULADA, SUGESTÃO E VOCE FAZER REPOSIÇÃO DA BATERIA COLOCAR UMA COM CARGA E REINSTALAR A ROM OFICIAL USANDO COMANDO ADB. ABRAÇO.
Related
Hi All,
Just a few days ago i managed to flash the ARA Rom onto my Vox. My earlier OS (1.22) had stopped booting. With help from MoRkusReX i was able to flash the new ROM.
After 2 days of working fine, it has again stopped booting. It went off on its own and now is not booting into the OS. It gets stuck on the Windows Mobile Screen.
Can any one point out the problem? Is it a hardware issue or sumthing coz even after flashing the phone, it seems to be giving the same problem.
Somebody please provide a solution to this as repeated problems are encouraging me to shift to a P1i or some other phone.
Thanks,
Prateek
Try first to boot w/o sd card, if it doesn't help boot w/o sim card. If that doesn't help try hard reset, and if nothing helps flash another rom.
which programs have you installed?
When I installed Hebrew pack I didn't have any problems until two days later when I reset the phone. Then it wouldn't boot. after few tries I figured it's the Hebrew pack doing it. so could be something you've installed.
so:
1. try to remember what's installed.
2. try Hard Reset\ Flash again and give it few days without installing any program just to see if it happens by itself.
Have tried ...
Have tried hard reset and it functioned okay for 5 mins or so...after that it just hung! Repeated rebooting attempts just reach the Windows Mobile Screen.
Tried reflashing my ROM..says invalid vendor ID...so will need to boot it to flash it like the last time .....
Should i do another hard reset....
Sometimes when it boots (even in hard reset) it does not recognize my SIM..."phone off" mode...even though the SIM is there...
Dont know what to do now...
And did u try booting *without* both SD and SIM?
Booting without SIM and SD...
Yes...i have tried booting without SD and SIM and even tried Hard reset without them....even the hard reset does not boot into the OS...i have tried about 20 times to boot with interval of 5 times for hard reset...no luck....
Can't even flash a new ROM because of Invalid Vendor ID....
Any suggestions?
prateekswarup said:
Can't even flash a new ROM because of Invalid Vendor ID....
Any suggestions?
Click to expand...
Click to collapse
You can flash with my uspl (see sticky)
Invalid Vendor ID
Hi jockyw2001,
I have already downloaded ur UPSL....but to run the UPSL i need to have the phone booted....as first I need to SDA unlock...that only works if my phone is booted to the OS right? From the bootloader the UPSL or the SDA unlock just dont work...so how do i do it from the bootloader...??
I faced the same problem when flashing my phone the 1st time...luckily i was able to boot to the OS once...where i UPSL and flashed the device....looks like my luck has run out this time
Thanks,
Prateek
From the bootloader you can flash a rom with matching CID and ModelID.
matching CID & Model ID?
How do i get the matching CID and Model ID...
Model ID=HTC S710 (sim unlocked)
CID?
I think i can get the model id and cid from the mtty tool that lets me talk to the phone from the bootloader...but where can i get a corresponding ROM matching my phone ?
Sorry if its a dumb question...
Prateek
He already tried from the bootloader.
For some reason even from there he doesn't have a connection, but It does say "USB" on the Voxs screen.
I thought maybe it has to do with the computer but he tried on an XP computer as well.
prateekswarup said:
How do i get the matching CID and Model ID...
Model ID=HTC S710 (sim unlocked)
CID?
I think i can get the model id and cid from the mtty tool that lets me talk to the phone from the bootloader...but where can i get a corresponding ROM matching my phone ?
Sorry if its a dumb question...
Prateek
Click to expand...
Click to collapse
Did u flash my uspl? If not you will have to find out cid by sniffing the RUU update process with a USB sniffer such as USB Monitor or Bus Hound.
Once you know these, you can compare CID and ModelID by opening various official ROM update files (RUU-xxxx files on the XDA ftp site, do a search) in a hexeditor.
Yeah I know, life is a *****
Yes i did flash using ur USPL...then the phone conked out again and since then i cannot boot into the OS...i guess i'll have to try using MTTY tool to sniff out the CID and then search for the corresponding ROM...
ya i know....this sux..
Prateek
prateekswarup said:
...i guess i'll have to try using MTTY tool to sniff out the CID and then search for the corresponding ROM...
Click to expand...
Click to collapse
Yes exactly. In bootloader mode connect with MTTY.
First type: "password BsaD5SeoA"
Now start your sniffer and type "getdevinfo" in MTTY. You will get both model and vendor ID (CID).
After that you can stop sniffing and type:
ruurun 0
ResetDevice
My trace looks like this:
Code:
Bus Hound 5.00 capture. Complements of www.perisoft.net
cid.txt
Data - Hex dump of the data transferred
Descr - Description of the phase
Phase - Phase Type
DI Data in
DO Data out
Data Description Phase
-------------------------------------------------- ---------------- -----
0d . DO
0d 0a .. DI
0d 0a .. DI
43 6d 64 3e Cmd> DI
0d . DO
0d 0a .. DI
0d 0a .. DI
43 6d 64 3e Cmd> DI
67 g DO
67 g DI
65 e DO
65 e DI
74 t DO
74 t DI
64 d DO
64 d DI
65 e DO
65 e DI
76 v DO
76 v DI
69 i DO
69 i DI
6e n DO
6e n DI
66 f DO
66 f DI
6f o DO
6f o DI
0d . DO
0d 0a .. DI
44 65 76 69 63 65 20 4d 6f 64 65 6c 20 49 44 20 Device Model ID DI
3d 20 56 20 4f 20 58 20 30 20 31 20 30 20 31 20 = V O X 0 1 0 1
30 20 30 20 00 20 00 20 00 20 00 20 00 20 00 20 0 0 . . . . . .
00 20 00 20 00 20 00 20 00 20 00 20 00 20 . . . . . . .
00 20 . DI
00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 . . . . . . . . DI
00 20 0d 0d 0a . ...
48 54 43 53 HTCS DI
56 4f 58 30 31 30 31 30 30 00 00 00 00 00 00 00 VOX010100....... DI
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
48 54 43 5f 5f 31 30 32 00 00 00 00 00 00 00 00 HTC__102........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 ..............
00 00 .. DI
0b df a7 6a ...j DI
48 54 43 45 HTCE DI
0d 0a .. DI
43 6d 64 3e Cmd> DI
ROM!
Well sniffed out the CID but cannot find the 1.22 ROM that I need....How is it that i have already installed a new ROM that i still have to CID unlock it...?
Also, since my original ROM was 1.22 i think flashing with the same ROM might get me back the phone....
As of now i cannot even boot into the OS and even hard reset does not boot ....any suggestions....??
The bootloader can be accessed from Mtty through the USB...
Plz help!
Prateek
prateekswarup said:
Well sniffed out the CID but cannot find the 1.22 ROM that I need....How is it that i have already installed a new ROM that i still have to CID unlock it...?
Also, since my original ROM was 1.22 i think flashing with the same ROM might get me back the phone....
As of now i cannot even boot into the OS and even hard reset does not boot ....any suggestions....??
The bootloader can be accessed from Mtty through the USB...
Plz help!
Prateek
Click to expand...
Click to collapse
What is your CID and ModelID?
Model ID and CID..
I used bus hound and mmty and here is the result...
mtty> getdevinfo
Device Model ID = V O X 0 1 0 1 0 0 HTCSVOX010100pÑXHTCE
bushound>
Vox
Device - Device ID (followed by the endpoint for USB devices)
(23) SmartPhone USB Sync
Phase - Phase Type
DI Data in
DO Data out
Data - Hex dump of the data transferred
Descr - Description of the phase
Cmd... - Position in the captured data
Device Phase Data Description Cmd.Phase.Ofs(rep)
------ ----- ------------------------ ---------------- ------------------
23.3 DO 67 g 1.1.0
23.2 DI 67 g 2.1.0
23.3 DO 65 e 3.1.0
23.2 DI 65 e 4.1.0
23.3 DO 74 t 5.1.0
23.2 DI 74 t 6.1.0
23.3 DO 64 d 7.1.0
23.2 DI 64 d 8.1.0
23.3 DO 65 e 9.1.0
23.2 DI 65 e 10.1.0
23.3 DO 76 v 11.1.0
23.2 DI 76 v 12.1.0
23.3 DO 69 i 13.1.0
23.2 DI 69 i 14.1.0
23.3 DO 6e n 15.1.0
23.2 DI 6e n 16.1.0
23.3 DO 66 f 17.1.0
23.2 DI 66 f 18.1.0
23.3 DO 6f o 19.1.0
23.2 DI 6f o 20.1.0
23.3 DO 0d . 21.1.0
23.2 DI 0d 0a .. 22.1.0
23.2 DI 44 65 76 69 63 65 20 4d Device M 23.1.0
23.2 DI 00 20 . 24.1.0
23.2 DI 00 20 00 20 00 20 00 20 . . . . 25.1.0
23.2 DI 48 54 43 53 HTCS 26.1.0
23.2 DI 56 4f 58 30 31 30 31 30 VOX01010 27.1.0
23.2 DI 00 00 .. 28.1.0
23.2 DI 70 02 d1 58 p..X 29.1.0
23.2 DI 48 54 43 45 HTCE 30.1.0
23.2 DI 0d 0a .. 31.1.0
23.2 DI 43 6d 64 3e Cmd> 32.1.0
Is this okay?
Make following settings in Bus Hound and do it again.
In phases to capture check only:
CTL USB Control
DI Data in
DO Data out
In columns to display only check first 3 checkboxes (Data, Descr and Phase)
Do not check "Merge repeated commands"
In Stop when ... only check Buffer Full
Set Buffer size to 60000 Kbytes
Set Max Phase to 10000 bytes
PS: I'm using Bus Hound 5.0
Bus Hound 5.0
I'm using the freeware version of Bus Hound 5.0 so cannot change the buffer or the cycle size...however..doing everying thing else..i got the following output...
Bus Hound 5.00 capture. Complements of www.perisoft.net
Vox
Phase - Phase Type
DI Data in
DO Data out
Data - Hex dump of the data transferred
Descr - Description of the phase
Phase Data Description
----- -------------------------------------------------- ----------------
DO 67 g
DI 67 g
DO 65 e
DI 65 e
DO 74 t
DI 74 t
DO 64 d
DI 64 d
DO 65 e
DI 65 e
DO 76 v
DI 76 v
DO 69 i
DI 69 i
DO 6e n
DI 6e n
DO 66 f
DI 66 f
DO 6f o
DI 6f o
DO 0d .
DI 0d 0a ..
DI 44 65 76 69 63 65 20 4d Device M
DI 00 20 .
DI 00 20 00 20 00 20 00 20 . . . .
DI 48 54 43 53 HTCS
DI 56 4f 58 30 31 30 31 30 VOX01010
DI 00 00 ..
DI 70 02 d1 58 p..X
DI 48 54 43 45 HTCE
DI 0d 0a ..
DI 43 6d 64 3e Cmd>
Is this sufficient?
Also have attached the file...
Prateek
You forgot this:
Code:
Do *not* check "Merge repeated commands"
uncheck that option!
Abstract
This tutorial will debug a corrupted boot.img and is an answer to a question/request.
Background
I took the time to look at a corrupted boot.img, posted on the HTC One X forum [1].
Since the Android boot image structure is general for all devices,
I thought this could be of some help for all of you who is trying to find out why your boot.img doesn't work.
ehsanmp said:
Hi all,
I've been trying to edit a stock boot.img's ramdisk so that I can get proper rw access in USB debugging.
I've successfully
1. unpacked the img.
2. edited the default.prop file to ro.secure=0 and all other variables to 1
3. repacked the ramdisk
But I still can't repack the ramdisk and kernel into the new boot.img!
I've tried using the android kitchen, repack-bootimg.pl and mkbootimg, both in cygwin and a virtual machine running Ubuntu 12.04.
everytime mkbootimg gives an error, either "permission denied" or "no such file or directory"
I'm gonna attach the kernel gz and the edited and compiled ramdisk gz, as well as the boot.img (just in case).
Could someone please repack them into a new boot.img for me?
Many thanks!HelpingEhsan.rar
Click to expand...
Click to collapse
Downloading, hashing, and unpacking the helpingehsan.rar file.
The MD5 hash sum of the original rar-file is of course not necessary...
Code:
[email protected]:~$ [email protected]:~$ mkdir helpingehsan; cd helpingehsan; wget https://dl.dropbox.com/s/72wgogz9ll62s0w/ helpingehsan.rar?dl=1 -O helpingehsan.rar; md5sum helpingehsan.rar; rar x helpingehsan.rar; ls -la
--2012-09-16 21:46:06-- https://dl.dropbox.com/s/72wgogz9ll62s0w/helpingehsan.rar?dl=1
Resolving dl.dropbox.com (dl.dropbox.com)... 23.23.133.20, 50.19.106.181, 107.20.134.222, ...
Connecting to dl.dropbox.com (dl.dropbox.com)|23.23.133.20|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 17250294 (16M) [application/rar]
Saving to: 'helpingehsan.rar'
100%[=====================================================>] 17,250,294 1.01MB/s in 21s
2012-09-16 21:46:29 (807 KB/s) - 'helpingehsan.rar' saved [17250294/17250294]
ea9840823ad5cf2b865a4eb5be86eb5d helpingehsan.rar
RAR 4.20 Copyright (c) 1993-2012 Alexander Roshal 9 Jun 2012
Trial version Type RAR -? for help
Extracting from helpingehsan.rar
Extracting boot.img OK
Extracting boot.img-kernel.gz OK
Extracting ramdisk.cpio.gz OK
All OK
total 37636
drwxr-xr-x 2 j users 4096 Sep 16 21:46 ./
drwx--x--x 34 j users 4096 Sep 16 21:46 ../
-rw-r--r-- 1 j users 8388608 Sep 1 22:42 boot.img
-rw-r--r-- 1 j users 4104448 Sep 2 08:48 boot.img-kernel.gz
-rw-r--r-- 1 j users 17250294 Sep 16 21:46 helpingehsan.rar
-rw-r--r-- 1 j users 8781519 Sep 2 08:51 ramdisk.cpio.gz
Initial preview
At a first look, the boot.img looks suspicioucly big for being a boot image.
The ramdisk.cpio.gz is also even greater than the boot.img, while the compressed kernel seems to have a realistic size.
Dumping the boot.img start with a hex editor reveals that the real header seems to start at offset 0x100 (256 bytes) and
the initial data seems to be irrelevant junk.
Code:
[email protected]:~/helpingehsan$ ls -la boot.img; hexdump -C -n 2048 boot.img
-rw-r--r-- 1 j users 8388608 Sep 1 22:42 boot.img
00000000 51 16 28 f1 d1 b4 ae 77 fa 56 1f 79 49 ef cf a3 |Q.(ñÑ´®wúV.yIïÏ£|
00000010 92 4e ef 25 61 15 6f fe 80 9a b3 16 05 dd b8 87 |.Nï%a.oþ..³..ݸ.|
00000020 88 d5 1c b1 5d fa 45 1a b4 2a b4 20 d7 e8 e3 84 |.Õ.±]úE.´*´ ×èã.|
00000030 62 a6 41 eb 83 3c 35 77 e3 44 31 6c 34 73 8a 57 |b¦Aë.<5wãD1l4s.W|
00000040 3d ba c0 dc 74 fe 5a 9d bd a1 da bd 20 f6 16 89 |=ºÀÜtþZ.½¡Ú½ ö..|
00000050 d4 ef 97 50 e5 46 f0 fc c5 07 af 13 14 b4 35 de |Ôï.PåFðüÅ.¯..´5Þ|
00000060 4f c8 c1 bd dc 05 67 95 85 76 70 63 88 eb 15 ea |OÈÁ½Ü.g..vpc.ë.ê|
00000070 7d da ac ad 6d c7 44 78 73 d3 8d 1b 37 ad cc 73 |}Ú¬*mÇDxsÓ..7*Ìs|
00000080 d5 a5 d6 e9 6d 0c 05 0a 64 49 d6 65 b3 98 f4 67 |Õ¥Öém...dIÖe³.ôg|
00000090 9c e1 90 64 c6 92 75 dc 55 fd da e5 c3 3c 35 d0 |.á.dÆ.uÜUýÚåÃ<5Ð|
000000a0 e5 7a 92 d5 e8 5f 65 8f f7 77 69 11 72 a6 f8 82 |åz.Õè_e.÷wi.r¦ø.|
000000b0 ee ad cc ad 2a 62 55 11 89 eb 4d dd 74 f2 f1 5b |î*Ì**bU..ëMÝtòñ[|
000000c0 ee 93 05 fe 94 b4 d8 28 09 2c 9b d1 3a d8 1e 60 |î..þ.´Ø(.,.Ñ:Ø.`|
000000d0 89 52 9e f9 3f ea af b5 c0 d0 b6 60 51 ba b6 ab |.R.ù?꯵Àж`Qº¶«|
000000e0 41 ab ab 1b e0 06 a3 ca bb 37 6f aa eb b6 6f c3 |A««.à.£Ê»7oªë¶oÃ|
000000f0 26 fa 28 f7 48 55 10 83 42 4e 02 37 9f be 5f d7 |&ú(÷HU..BN.7.¾_×|
00000100 41 4e 44 52 4f 49 44 21 b0 9b 3e 00 00 80 00 10 |ANDROID!°.>.....|
00000110 7c 8a 04 00 00 00 00 11 00 00 00 00 00 00 f0 10 ||.............ð.|
00000120 00 01 00 10 00 08 00 00 00 00 00 00 00 00 00 00 |................|
00000130 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
*
00000340 bf f4 50 e5 45 4b 2d 1b 13 40 2a be 0d fe 25 2e |¿ôPå[email protected]*¾.þ%.|
00000350 2b ef b4 07 00 00 00 00 00 00 00 00 00 00 00 00 |+ï´.............|
00000360 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
*
00000800
Kernel image analysis
Next up to be analysed is the compressed kernel image, a zImage file.
Also in this case, the image starts at offset 0x100.
The first 256 bytes are zeros and should be chopped off to work as a kernel image.
Code:
[email protected]:~/helpingehsan$ hexdump -C -n 512 boot.img-kernel.gz
00000000 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
*
00000100 00 00 a0 e1 00 00 a0 e1 00 00 a0 e1 00 00 a0 e1 |..*á..*á..*á..*á|
*
00000120 02 00 00 ea 18 28 6f 01 00 00 00 00 b0 9b 3e 00 |...ê.(o.....°.>.|
00000130 01 70 a0 e1 02 80 a0 e1 00 20 0f e1 03 00 12 e3 |.p*á..*á. .á...ã|
00000140 01 00 00 1a 17 00 a0 e3 56 34 12 ef 00 20 0f e1 |......*ãV4.ï. .á|
00000150 c0 20 82 e3 02 f0 21 e1 00 00 00 00 00 00 00 00 |À .ã.ð!á........|
00000160 44 47 9f e5 45 00 00 eb ec 00 8f e2 4e 1a 90 e8 |DG.åE..ëì..âN..è|
00000170 1c d0 90 e5 01 00 40 e0 00 60 86 e0 00 d0 8d e0 |.Ð.å[email protected]à.`.à.Ð.à|
00000180 01 a8 8d e2 01 a9 8a e2 0a 00 54 e1 15 00 00 2a |.¨.â.©.â..Tá...*|
00000190 09 a0 84 e0 0f 00 5a e1 12 00 00 9a 02 ab 8a e2 |.*.à..Zá.....«.â|
000001a0 ff a0 ca e3 44 50 4f e2 1f 50 c5 e3 05 90 46 e0 |ÿ*ÊãDPOâ.PÅã..Fà|
000001b0 1f 90 89 e2 1f 90 c9 e3 05 60 89 e0 0a 90 89 e0 |...â..Éã.`.à...à|
000001c0 0f 5c 36 e9 05 00 56 e1 0f 5c 29 e9 fb ff ff 8a |.\6é..Vá.\)éûÿÿ.|
000001d0 06 60 49 e0 06 d0 8d e0 48 01 00 eb 7c 00 4f e2 |.`Ià.Ð.àH..ë|.Oâ|
000001e0 06 00 80 e0 00 f0 a0 e1 00 00 30 e3 08 00 00 0a |...à.ð*á..0ã....|
000001f0 00 b0 8b e0 00 c0 8c e0 00 20 82 e0 00 30 83 e0 |.°.à.À.à. .à.0.à|
00000200
Ramdisk image analysis
The last file is the gnuzipped ramdisk. A quick analysis of its header indicates that it seems to be fine.
The first two bytes (1f 8b) gives a hint of a gzip file [3].
Code:
[email protected]:~/helpingehsan$ hexdump -C -n 32 ramdisk.cpio.gz
00000000 1f 8b 08 00 7a 80 43 50 00 03 bc 3c 6b 6f db b8 |....z.CP..¼<koÛ¸|
00000010 b2 fb b5 f9 15 44 83 7b ef 2e ce ca b2 9d a4 e9 |²ûµù.D.{ï.Îʲ.¤é|
00000020
An unpack of the huge ramdisk is necessary to better get an idea of its content.
Code:
[email protected]:~/helpingehsan$ mkdir ramdisk; cd ramdisk; gunzip -c ../ramdisk.cpio.gz | cpio -i; ls -al
25487 blocks
total 12272
drwxr-xr-x 3 j users 4096 Sep 16 22:11 ./
drwxr-xr-x 3 j users 4096 Sep 16 22:11 ../
-rwxrwxrwx 1 j users 8388608 Sep 16 22:11 boot.img*
-rw-rw-r-- 1 j users 4104448 Sep 16 22:11 boot.img-kernel.gz
drwxrwxr-x 8 j users 4096 Sep 16 22:11 boot.img-ramdisk/
-rwxrwxrwx 1 j users 24302 Sep 16 22:11 mkbootfs*
-rwxrwxrwx 1 j users 23798 Sep 16 22:11 mkbootimg*
-rwxrwxrwx 1 j users 901 Sep 16 22:11 repack-bootimg.pl*
-rwxrwxrwx 1 j users 1710 Sep 16 22:11 unpack-bootimg.pl*
No wonder why the size!
The ramdisk contains even more you could wish for - and an incorrect directory structure.
By hashing the boot.img and the boot.img-kernel.gz in the compressed ramdisk
and comparing them with the included images in the helpingehsan.rar
will tell if those files are identical - which seems to be the case.
The only conlusion to make is that something went wrong.
Code:
[email protected]:~/helpingehsan/ramdisk$ md5sum ../boot.img boot.img ../boot.img-kernel.gz boot.img-kernel.gz
00aec167963e7d5df4b3fc9661439fa3 ../boot.img
00aec167963e7d5df4b3fc9661439fa3 boot.img
f5adbe66ef11e0d6a3cea6f0d04ec798 ../boot.img-kernel.gz
f5adbe66ef11e0d6a3cea6f0d04ec798 boot.img-kernel.gz
We also need to get a picture of the boot.img-ramdisk directory. How big is it? What does it contain?
Code:
[email protected]:~/helpingehsan/ramdisk$ du -b boot.img-ramdisk/
322935 boot.img-ramdisk/sbin
4096 boot.img-ramdisk/system
4096 boot.img-ramdisk/data
4096 boot.img-ramdisk/sys
4096 boot.img-ramdisk/proc
4096 boot.img-ramdisk/dev
529719 boot.img-ramdisk/
Code:
[email protected]:~/helpingehsan/ramdisk$ du -b boot.img-ramdisk; ls -la boot.img-ramdisk
322935 boot.img-ramdisk/sbin
4096 boot.img-ramdisk/system
4096 boot.img-ramdisk/data
4096 boot.img-ramdisk/sys
4096 boot.img-ramdisk/proc
4096 boot.img-ramdisk/dev
529719 boot.img-ramdisk
total 244
drwxrwxr-x 8 j users 4096 Sep 16 22:11 ./
drwxr-xr-x 3 j users 4096 Sep 16 22:11 ../
-rw-r--r-- 1 j users 1395 Sep 16 22:11 cwkeys
drwxrwx--x 2 j users 4096 Sep 16 22:11 data/
-rw-r--r-- 1 j users 118 Sep 16 22:11 default.prop
-rw-r--r-- 1 j users 118 Sep 16 22:11 default.prop~
drwxr-xr-x 2 j users 4096 Sep 16 22:11 dev/
-rwxr-x--- 1 j users 111468 Sep 16 22:11 init*
-rwxr-x--- 1 j users 14390 Sep 16 22:11 init.endeavoru.common.rc*
-rwxr-x--- 1 j users 18122 Sep 16 22:11 init.endeavoru.rc*
-rwxr-x--- 1 j users 2344 Sep 16 22:11 init.goldfish.rc*
-rwxr-x--- 1 j users 22319 Sep 16 22:11 init.rc*
-rwxr-x--- 1 j users 6140 Sep 16 22:11 init.usb.rc*
drwxr-xr-x 2 j users 4096 Sep 16 22:11 proc/
drwxr-x--- 2 j users 4096 Sep 16 22:11 sbin/
drwxr-xr-x 2 j users 4096 Sep 16 22:11 sys/
drwxr-xr-x 2 j users 4096 Sep 16 22:11 system/
-rw-r--r-- 1 j users 1417 Sep 16 22:11 ueventd.endeavoru.rc
-rw-r--r-- 1 j users 272 Sep 16 22:11 ueventd.goldfish.rc
-rw-r--r-- 1 j users 4105 Sep 16 22:11 ueventd.rc
Identification of the kernel base address
The kernel base address = (hdr.kernel_addr - 0x00008000) [2].
We can from the boot.img see that the hdr.kernel_addr is set to the value 0x10008000.
This results in the base address 0x10000000.
Code:
[email protected]:~/helpingehsan/ramdisk$ hexdump -C -n 16 -s 256 boot.img
00000100 41 4e 44 52 4f 49 44 21 b0 9b 3e 00 00 80 00 10 |ANDROID!°.>.....|
00000110
Recompilation of the ramdisk
A recompilation into a new ramdisk (boot.img-ramdisk.cpio.gz) is the carried out [4],
even if we do not know if it works properly. It's all depending on the source.
Code:
[email protected]:~/helpingehsan/ramdisk$ cd boot.img-ramdisk; find . | cpio -o -H newc | gzip > ../boot.img-ramdisk.cpio.gz; cd ..; ls -la
985 blocks
total 12564
drwxr-xr-x 3 j users 4096 Sep 16 23:44 ./
drwxr-xr-x 4 j users 4096 Sep 16 22:57 ../
-rwxrwxrwx 1 j users 8388608 Sep 16 22:11 boot.img*
-rw-rw-r-- 1 j users 4104448 Sep 16 22:11 boot.img-kernel.gz
drwxrwxr-x 8 j users 4096 Sep 16 22:11 boot.img-ramdisk/
-rw-r--r-- 1 j users 297162 Sep 16 23:44 boot.img-ramdisk.cpio.gz
-rwxrwxrwx 1 j users 24302 Sep 16 22:11 mkbootfs*
-rwxrwxrwx 1 j users 23798 Sep 16 22:11 mkbootimg*
-rwxrwxrwx 1 j users 901 Sep 16 22:11 repack-bootimg.pl*
-rwxrwxrwx 1 j users 1710 Sep 16 22:11 unpack-bootimg.pl*
Removal of the initial 256 zeros from the boot.img-kernel.gz
Code:
[email protected]:~/helpingehsan/ramdisk$ dd if=boot.img-kernel.gz of=boot.img-kernel.gz.new skip=256 iflag=skip_bytes
8016+0 records in
8016+0 records out
4104192 bytes (4.1 MB) copied, 0.03337 s, 123 MB/s
Creating a new boot.img
Remeber: the original boot.img header did not have a kernel command line.
Code:
[email protected]:~/helpingehsan/ramdisk$ mkbootimg --kernel boot.img-kernel.gz.new --ramdisk boot.img-ramdisk.cpio.gz --base 0x10000000 -o boot.img
[email protected]:~/helpingehsan/ramdisk$ ls -la boot.img; md5sum boot.img
-rwxrwxrwx 1 j users 4405248 Sep 16 23:58 boot.img*
dba17088ff533adec1fb5a92478fafe2 boot.img
Summary
With knowledge in the boot.img structure, some experience in using a hex editor
(my personal favourite is the KDE Okteta) and DIY-mentality, I think you could solve most of such problems.
I have no idea if theresulting boot.img will work, the content is based on the files that was found in the original tar-file.
Here is a copy of the original file in case the original file was deleted
The resulting boot.img is there too.
For those who wonders about the analysis environment: Linux (here: Slackware 13.37 / current).
Take care and good luck!
References:
[1] [HELP] Can anyone help me recompile this boot.img?, Sept 2012
[2] mkbootimg.c, bootimg.h by The Android Open Source Project, 2007
[3] GZIP file format specification version 4.3, RFC 1952, chapter 2.3.1., L. Peter Deutsch, 1996
[4] HOWTO: Unpack, Edit, and Re-Pack Boot Images, Android-DLS, 2012
Lollipops are on me!
This is Absolutely Glorious
Nice guide. Amazing for those new to building ROMs, and a good read for those who are experieced
Sent from my HTC One XL using XDA Premium 4 mobile app
My moto e boot corrupted
Means hardbrick
Now it is not starting not even.going to fastboot mode
Plz help me to install official bootloader
HELLO ALL
i need to know to port ics rom to lg 3d max p720
zak53 said:
HELLO ALL
i need to know to port ics rom to lg 3d max p720
Click to expand...
Click to collapse
Don't have P720 but i think you would nee the following:
A SU870 User on ICS to Get the Following
system.img
boot.img
Resizing of System Partition to Match SU870 - Bernies THread
Wkparks Bootloader 1.25 for P720
Edit boot.img to symlink things such as /log to /data/misc since on ICS this are actual partition used for sensor data etc so you would symlink them to data partition so this paths exist even without the actual partitions.
you would need lge-ril.so from P920/L9/P940 as well as telephonyprovider / lgmms from P920.
Then
Either Install VIA CWM / Fastboot Flash
package extract to sys partition
fastboot flash system system.img
it should boot
then ask a kernel dev to compile a 4 key Kernel.
defcomg said:
Don't have P720 but i think you would nee the following:
A SU870 User on ICS to Get the Following
system.img
boot.img
Resizing of System Partition to Match SU870 - Bernies THread
Wkparks Bootloader 1.25 for P720
Edit boot.img to symlink things such as /log to /data/misc since on ICS this are actual partition used for sensor data etc so you would symlink them to data partition so this paths exist even without the actual partitions.
you would need lge-ril.so from P920/L9/P940 as well as telephonyprovider / lgmms from P920.
Then
Either Install VIA CWM / Fastboot Flash
package extract to sys partition
fastboot flash system system.img
it should boot
then ask a kernel dev to compile a 4 key Kernel.
Click to expand...
Click to collapse
Wow ,, it was so easy to say .
It was a very useful informations .
However , as far as I know , the P720 can boot with SU870 but with disabled secure boot (it's so easy , just change 1 to 0 , lol ) .
Someone has successfully boot it but without network .
@zak , here is the link :-
http://forum.xda-developers.com/showthread.php?t=1891573
Sent from my LG-P880 using xda app-developers app
OS_Hacking said:
Wow ,, it was so easy to say .
It was a very useful informations .
However , as far as I know , the P720 can boot with SU870 but with disabled secure boot (it's so easy , just change 1 to 0 , lol ) .
Someone has successfully boot it but without network .
Sent from my LG-P880 using xda app-developers app
Click to expand...
Click to collapse
yeah but i think some of those partition are needed by ics so it will not work correctly
in framework com/android/telephony you may wanna replace that with the one from P920 might bring the network to life he also had issue with missing files but there where just not symlinked correctly a quicker way would be to use miui patchrom script to extract the files symlinks certs and Generate Flashable Zip and mod boot.img
defcomg said:
yeah but i think some of those partition are needed by ics so it will not work correctly
in framework com/android/telephony you may wanna replace that with the one from P920 might bring the network to life he also had issue with missing files but there where just not symlinked correctly a quicker way would be to use miui patchrom script to extract the files symlinks certs and Generate Flashable Zip and mod boot.img
Click to expand...
Click to collapse
Hmm ... now I have understood why .
Thanks very much for the info , really helps .
By the way ,,
why don't you apply for Recognized Developer ?? You deserve it .
Sent from my LG-P880 using xda app-developers app
OS_Hacking said:
Hmm ... now I have understood why the project has been closed .
Thanks very much for the info , really helps .
By the way ,,
why don't you apply for Recognized Developer ?? You deserve it .
Sent from my LG-P880 using xda app-developers app
Click to expand...
Click to collapse
lol nah it's cool don't do it for the title do it because its fUn LoL:silly:
defcomg said:
lol nah it's cool don't do it for the title do it because its fUn LoL:silly:
Click to expand...
Click to collapse
Wow , you say this "fun" .
I spend hours every day learning these stuff , and fighting to get books to learn c/c++ .
And you say it's fun .
You really deserve to be Recognized Developer ... you won't lose anything .
Pandaball is a Recognized Developer while you are much better than him .
Sent from my LG-P880 using xda app-developers app
U deserve it defcomg
sent from my lg-p920 powered with xbsall's finest work
THANX ALL
But why the developers don't make a custom rom based on ICS for P720
zak53 said:
THANX ALL
But why the developers don't make a costum rom based on ICS for P720
Click to expand...
Click to collapse
most if not all have no P720 just the OG P92x
thanx for repl
can you show me how to port the rom
zak53 said:
thanx for repl
can you show me how to port the rom
Click to expand...
Click to collapse
I can help with it, I have a P720h that I almost bricked because I don´t know what I was doing, and now I am learning a LOT of things reading every topic of this forum.
Now I am almost extracting the .img files inside the .bin image, I can see the partitions but not extract them. See below:
Is there a way to extract with another tool ? I am extracting to use fastboot to write them to the cellphone, is this right ?
Code:
GPT HEADER
----------
Signature 45 46 49 20 50 41 52 54
Revision 65536
Header Size 92
CRC32 of Header 56 6F 11 15
Current Header LBA 1
Backup Header LBA 15532031
First Usable LBA 34
Last Usable LBA 15531998
Disk GUID 86 28 17 26 61 B8 8E 4B 9E 95 0E A5 B7 E9 50 D9
Start of Partition Entries 2
Number of Partition Entries 128
Size of Partition Entries 128
CRC32 of Partition Array 24 2A D7 89
PARTITION ENTRIES
-----------------
PARTITION ENTRY
---------------
Partition Type GUID A2 A0 D0 EB E5 B9 33 44 87 C0 68 B6 B7 26 99 C7
Unique Partition GUID 4B 41 3F FD 9B C3 E3 41 BD 39 00 4F FB 1D 67 FF
First LBA 256
Last LBA 1023
Attributes 0
Partition Name x-loader
PARTITION ENTRY
---------------
Partition Type GUID A2 A0 D0 EB E5 B9 33 44 87 C0 68 B6 B7 26 99 C7
Unique Partition GUID 8C 9A FF DE B8 F3 85 44 86 3E 9F B0 69 8A EF A9
First LBA 1024
Last LBA 3071
Attributes 0
Partition Name u-boot
PARTITION ENTRY
---------------
Partition Type GUID A2 A0 D0 EB E5 B9 33 44 87 C0 68 B6 B7 26 99 C7
Unique Partition GUID EA 3F 19 DE 3A E9 1F 4D 85 36 73 7B 46 CA 62 4F
First LBA 3072
Last LBA 33791
Attributes 0
Partition Name kernel
PARTITION ENTRY
---------------
Partition Type GUID A2 A0 D0 EB E5 B9 33 44 87 C0 68 B6 B7 26 99 C7
Unique Partition GUID 5C 83 26 18 C9 09 6C 4B B8 B1 37 1D E5 25 C2 68
First LBA 33792
Last LBA 34303
Attributes 0
Partition Name nv1
PARTITION ENTRY
---------------
Partition Type GUID A2 A0 D0 EB E5 B9 33 44 87 C0 68 B6 B7 26 99 C7
Unique Partition GUID D1 DC D0 65 B6 9A 30 48 A4 C6 F5 4E 6C 8A 4C 87
First LBA 34304
Last LBA 34815
Attributes 0
Partition Name nv2
PARTITION ENTRY
---------------
Partition Type GUID A2 A0 D0 EB E5 B9 33 44 87 C0 68 B6 B7 26 99 C7
Unique Partition GUID FC 4E AD CD 5F 4E 93 40 84 52 B3 94 3B 74 F7 86
First LBA 34816
Last LBA 65535
Attributes 0
Partition Name recovery
PARTITION ENTRY
---------------
Partition Type GUID A2 A0 D0 EB E5 B9 33 44 87 C0 68 B6 B7 26 99 C7
Unique Partition GUID B8 81 ED 65 BA 1B B4 49 BA C5 60 AC 2E FF 2F E4
First LBA 65536
Last LBA 1819135
Attributes 0
Partition Name system
PARTITION ENTRY
---------------
Partition Type GUID A2 A0 D0 EB E5 B9 33 44 87 C0 68 B6 B7 26 99 C7
Unique Partition GUID B0 CA 40 8A 48 B7 54 46 84 70 D9 71 1D CA 76 0B
First LBA 1819136
Last LBA 3916287
Attributes 0
Partition Name userdata
PARTITION ENTRY
---------------
Partition Type GUID A2 A0 D0 EB E5 B9 33 44 87 C0 68 B6 B7 26 99 C7
Unique Partition GUID 30 79 05 67 A4 01 99 42 87 BF AE C0 4C 84 1D 15
First LBA 3916288
Last LBA 3957247
Attributes 0
Partition Name fota
PARTITION ENTRY
---------------
Partition Type GUID A2 A0 D0 EB E5 B9 33 44 87 C0 68 B6 B7 26 99 C7
Unique Partition GUID 0F 80 3F 2D CC 15 39 46 A3 BD BC C2 D2 F2 07 D5
First LBA 3957248
Last LBA 4264447
Attributes 0
Partition Name cache
PARTITION ENTRY
---------------
Partition Type GUID A2 A0 D0 EB E5 B9 33 44 87 C0 68 B6 B7 26 99 C7
Unique Partition GUID 96 8F 94 D7 1C D9 B2 40 95 7F 43 A5 62 99 41 7F
First LBA 4264448
Last LBA 4268543
Attributes 0
Partition Name lgdrm
PARTITION ENTRY
---------------
Partition Type GUID A2 A0 D0 EB E5 B9 33 44 87 C0 68 B6 B7 26 99 C7
Unique Partition GUID 00 CB 92 C9 B4 56 A6 42 A9 4D FA 18 5B F7 73 CC
First LBA 4268544
Last LBA 4276735
Attributes 0
Partition Name misc
PARTITION ENTRY
---------------
Partition Type GUID A2 A0 D0 EB E5 B9 33 44 87 C0 68 B6 B7 26 99 C7
Unique Partition GUID BF ED 9F 84 3E 64 C6 46 94 DE 7D 83 F6 29 A4 4C
First LBA 4276736
Last LBA 4538879
Attributes 0
Partition Name fsswap
PARTITION ENTRY
---------------
Partition Type GUID A2 A0 D0 EB E5 B9 33 44 87 C0 68 B6 B7 26 99 C7
Unique Partition GUID E6 1D AC A3 04 97 2B 4E 8E F1 7A 72 B7 CE E2 30
First LBA 4538880
Last LBA 4540927
Attributes 0
Partition Name divxkey
PARTITION ENTRY
---------------
Partition Type GUID A2 A0 D0 EB E5 B9 33 44 87 C0 68 B6 B7 26 99 C7
Unique Partition GUID 4C 67 48 AD 81 E2 D5 4E 8E 04 78 45 EA 90 B5 71
First LBA 4540928
Last LBA 15458303
Attributes 0
Partition Name fat
PARTITION ENTRY
---------------
Partition Type GUID A2 A0 D0 EB E5 B9 33 44 87 C0 68 B6 B7 26 99 C7
Unique Partition GUID BC D4 86 18 CF 73 D6 4E 81 0E 56 32 16 A3 82 E6
First LBA 15458304
Last LBA 15473663
Attributes 0
Partition Name persist
PARTITION ENTRY
---------------
Partition Type GUID A2 A0 D0 EB E5 B9 33 44 87 C0 68 B6 B7 26 99 C7
Unique Partition GUID 46 C5 FF 07 D8 FE 0F 45 8A A2 7F 9B FB 6C 38 6E
First LBA 15473664
Last LBA 15506431
Attributes 0
Partition Name mlt
PARTITION ENTRY
---------------
Partition Type GUID A2 A0 D0 EB E5 B9 33 44 87 C0 68 B6 B7 26 99 C7
Unique Partition GUID F3 FD D0 22 6E E4 FA 45 9C AD 90 74 F1 24 12 E5
First LBA 15506432
Last LBA 15510527
Attributes 0
Partition Name drm
PARTITION ENTRY
---------------
Partition Type GUID A2 A0 D0 EB E5 B9 33 44 87 C0 68 B6 B7 26 99 C7
Unique Partition GUID 28 B1 4B 0A 94 F0 47 4B 91 4B 87 71 B4 79 4B 51
First LBA 15510528
Last LBA 15531007
Attributes 0
Partition Name logdata
i have an idea.
do same with p720 kdz what you did with the su870 kdz..
and try to change the partition from p720 with su870
only the partitions that do not match...
like data partition and few more.
if you can do that you can flash it successfully...
and by the way i guess i have all other partitions in .img format except system.img
Sent from my LG-P725 using xda app-developers app
i have a i9003 broken by flashing with wrong files ( i9000)
when i use the omap flash (after installing driver)
i got the next message :
» Looking for device (omap usb)
» Please turn on device
» Waiting for device (omap usb)
» Found device (omap usb)
» Requesting ASIC id
» AsicId items 05
» AsicId id 01 05 01 36 30 07 07
» AsicId secure_mode 13 02 01 00
» AsicId public_id 12 15 01 DC 64 77 05 87 18 3E 62 48 1F DC 73 69 7D D2 1C F2 AA 8D 4C
» AsicId root_key_hash 14 15 01 D7 81 BB D5 CD EC 1F F7 E4 DA 7A F9 BE 79 A2 4C 72 DF 89 43
» AsicId checksum 15 09 01 13 BF 3E EF 15 52 E7 03
» Raw data transfer failure (No error) during peripheral boot (sending boot message)
I dont really understand what it is, but my phone broke once and i restock it with odin.
Sent from my GT-I9003 using xda app-developers app
The same title. I want to use 1 license for multiple devices but max of license just for 1 device. To use it for multiple devices I need to check what information the software receives from the device (example: android id, imei, android version,...). Then fake the 2nd device information into the first device's information. But when I check, the information is encoded into strings that are difficult to understand. So I want to ask what kind of encryption is that, and the data after decrypted. Below is an image of the encrypted string that the software checks my device information. Please help me.
"htttp://arteam.pro/log-sys/?data=Qcdw1B9CILI+xcDA7mY9v/wSuMPEvvjr3H72jMubzO3MaWWONvTbZc34J+qxHq1tNYSVhJezLBJM4EuapwTqhqqtCcxCWA6+Dai9lm99D32nj+RqIuvN3Z3QE7ezJ4ZFrLn8QsUEFka7x6DDQj4ekQJbyuQ+prf80PDh7kSWTfzllQq9munu/9UKCg1XolmtY5EDRPxMU99nnPkrAf5lmfOkeVMV4Bn1yR/o0vUPopQ="
The data parameter is some binary data encoded in base64. I used
Bash:
$ echo "Qcdw1B9CILI+xcDA7mY9v/wSuMPEvvjr3H72jMubzO3MaWWONvTbZc34J+qxHq1tNYSVhJezLBJM4EuapwTqhqqtCcxCWA6+Dai9lm99D32nj+RqIuvN3Z3QE7ezJ4ZFrLn8QsUEFka7x6DDQj4ekQJbyuQ+prf80PDh7kSWTfzllQq9munu/9UKCg1XolmtY5EDRPxMU99nnPkrAf5lmfOkeVMV4Bn1yR/o0vUPopQ=" | base64 -d - | tee decode.bin
and opened that in Bless. It's using some kind of encryption, output below in hex.
Code:
41 C7 70 D4 1F 42 20 B2 3E C5 C0 C0 EE 66 3D BF
FC 12 B8 C3 C4 BE F8 EB DC 7E F6 8C CB 9B CC ED
CC 69 65 8E 36 F4 DB 65 CD F8 27 EA B1 1E AD 6D
35 84 95 84 97 B3 2C 12 4C E0 4B 9A A7 04 EA 86
AA AD 09 CC 42 58 0E BE 0D A8 BD 96 6F 7D 0F 7D
A7 8F E4 6A 22 EB CD DD 9D D0 13 B7 B3 27 86 45
AC B9 FC 42 C5 04 16 46 BB C7 A0 C3 42 3E 1E 91
02 5B CA E4 3E A6 B7 FC D0 F0 E1 EE 44 96 4D FC
E5 95 0A BD 9A E9 EE FF D5 0A 0A 0D 57 A2 59 AD
63 91 03 44 FC 4C 53 DF 67 9C F9 2B 01 FE 65 99
F3 A4 79 53 15 E0 19 F5 C9 1F E8 D2 F5 0F A2 94
Good luck decrypting it. Considering this is an app with such highly restrictive license terms, I'm sure the devs have heavily guarded the code against reverse engineering. The best way to deal with this imo is to just find an alternative if one exists.
The binary data encoded in base64 is difficult to understand.