Hi,
I have a problem with an Asus TF700T. I had Clockworkmod Recovery installed and tried using it to flash Cyanogenmod. The flash failed and since then, CWM can't mount /data, /system or any other partition from the internal flash memory. I've then used fastboot to flash a new version of CWM, but also the new version (6.0.4.7) can't mount the partitions.
I fear the partition table of /dev/block/mmcblk0 may have been damaged, but recovery works fine. I have access to CWM, adb and fastboot.
Is there a way to fix the partition table or some other way of making the partitions mountable?
I used adb shell for some diagnostics:
cat /proc/partitions
major minor #blocks name
179 0 62087168 mmcblk0
179 32 4096 mmcblk0boot1
179 16 4096 mmcblk0boot0
179 48 15558144 mmcblk1
179 49 15554048 mmcblk1p1
After a reboot (with a half installed Cyanogenmod) somehow, the output is:~ # cat /proc/partitions, but CWM still can't mount /data, /system, etc...
major minor #blocks name
179 0 62087168 mmcblk0
179 1 786432 mmcblk0p1
179 2 438272 mmcblk0p2
179 3 2048 mmcblk0p3
179 4 835584 mmcblk0p4
179 5 5120 mmcblk0p5
179 6 512 mmcblk0p6
179 7 5120 mmcblk0p7
179 8 59976192 mmcblk0p8
179 9 8192 mmcblk0p9
179 10 8192 mmcblk0p10
179 32 4096 mmcblk0boot1
179 16 4096 mmcblk0boot0
179 48 15558144 mmcblk1
179 49 15554048 mmcblk1p1
Output of dmesg| grep mmc
Code:
dmesg|grep mmc
<5>[ 0.000000] Kernel command line: tegra_wdt.heartbeat=30 tegraid=30.1.3.0.0 [email protected] commchip_id=0 vmalloc=768M androidboot.serialno=015d29955e54260c androidboot.commchip_id=0 video=tegrafb no_console_suspend=1 console=ttyS0,115200n8 debug_uartport=lsport,0 usbcore.old_scheme_first=1 [email protected] [email protected] core_edp_mv=0 audio_codec=wm8903 board_info=245:0:fc:a6:29 tegraboot=sdmmc gpt gpt_sector=124174335 modem_id=0 android.kerneltype=recovery androidboot.productid=0x04 androidboot.carrier=wifi-only
<6>[ 0.805791] print_constraints: fixed_reg_en_3v3_emmc: 3300 mV normal standby
<6>[ 0.805974] set_supply: fixed_reg_en_3v3_emmc: supplied by fixed_reg_en_3v3_sys
<6>[ 3.640685] [mmc]:sdhci_tegra_probe:1152 mmc0: built_in 1
<4>[ 3.642707] mmc0: Invalid maximum block size, assuming 512 bytes
<6>[ 3.642994] mmc0: no vmmc regulator found
<7>[ 3.644267] Registered led device: mmc0::
<6>[ 3.646836] [mmc]:mmc_schedule_delayed_work:84 mmc0: delay 0
<6>[ 3.646987] mmc0: SDHCI controller on sdhci-tegra.3 [sdhci-tegra.3] using ADMA
<4>[ 3.648498] mmc1: Invalid maximum block size, assuming 512 bytes
<6>[ 3.648779] mmc1: no vmmc regulator found
<7>[ 3.650058] Registered led device: mmc1::
<6>[ 3.652575] [mmc]:mmc_schedule_delayed_work:84 mmc1: delay 0
<6>[ 3.652723] mmc1: SDHCI controller on sdhci-tegra.2 [sdhci-tegra.2] using ADMA
<6>[ 3.653397] [mmc]:sdhci_tegra_probe:1099 mmc2: non-built_in 0
<4>[ 3.656192] mmc2: Invalid maximum block size, assuming 512 bytes
<6>[ 3.656475] mmc2: no vmmc regulator found
<7>[ 3.657758] Registered led device: mmc2::
<6>[ 3.660210] [mmc]:mmc_schedule_delayed_work:84 mmc2: delay 0
<6>[ 3.660469] mmc2: SDHCI controller on sdhci-tegra.0 [sdhci-tegra.0] using ADMA
<6>[ 3.761658] [mmc]:mmc_decode_cid:118 prv: 0x6f, manfid: 0x90
<6>[ 3.773320] [mmc]:mmc_read_ext_csd:365 Boot Block Expose, boot size of mmc0 is 8388608
<6>[ 3.775552] mmc0: new high speed DDR MMC card at address 0001
<6>[ 3.776088] mmcblk mmc0:0001: Card claimed for testing.
<6>[ 3.776781] mmcblk0: mmc0:0001 HYNIX 59.2 GiB
<6>[ 3.777369] mmcblk0boot0: mmc0:0001 HYNIX partition 1 4.00 MiB
<6>[ 3.778074] mmcblk0boot1: mmc0:0001 HYNIX partition 2 4.00 MiB
<6>[ 3.794728] mmcblk0: p1 p2 p3 p4 p5 p6 p7 p8 p9 p10
<6>[ 3.808067] mmcblk0boot1: unknown partition table
<6>[ 3.812871] mmcblk0boot0: unknown partition table
<6>[ 3.815515] [mmc]:mmc_rescan_try_freq:2010 mmc0: eMMC completed
<4>[ 4.042757] mmc2: host does not support reading read-only switch. assuming write-enable.
<6>[ 4.046107] mmc2: new high speed SDHC card at address e624
<6>[ 4.046532] mmcblk mmc2:e624: Card claimed for testing.
<6>[ 4.047366] mmcblk1: mmc2:e624 SU16G 14.8 GiB
<6>[ 4.058056] mmcblk1: p1
<6>[ 4.058913] [mmc]:mmc_rescan_try_freq:2006 mmc2: SD completed
<6>[ 4.996531] [mmc]:mmc_schedule_delayed_work:84 mmc1: delay 0
<4>[ 5.052746] mmc1 clock request: 50000KHz. currently 48000KHz
<6>[ 5.054371] mmc1: new high speed SDIO card at address 0001
<6>[ 5.062845] [mmc]:mmc_rescan_try_freq:2002 mmc1: sdio completed
<6>[ 7.693501] EXT4-fs (mmcblk0p2): mounted filesystem with ordered data mode. Opts: (null)
<7>[ 7.693580] SELinux: initialized (dev mmcblk0p2, type ext4), uses xattr
Can someone please shed some light on this? Thank you very much!
giza1928 said:
major minor #blocks name
179 0 62087168 mmcblk0
179 1 786432 mmcblk0p1
179 2 438272 mmcblk0p2
179 3 2048 mmcblk0p3
179 4 835584 mmcblk0p4
179 5 5120 mmcblk0p5
179 6 512 mmcblk0p6
179 7 5120 mmcblk0p7
179 8 59976192 mmcblk0p8
179 9 8192 mmcblk0p9
179 10 8192 mmcblk0p10
179 32 4096 mmcblk0boot1
179 16 4096 mmcblk0boot0
179 48 15558144 mmcblk1
179 49 15554048 mmcblk1p1
...
<6>[ 3.794728] mmcblk0: p1 p2 p3 p4 p5 p6 p7 p8 p9 p10
Click to expand...
Click to collapse
That looks quite correct. What happens when you try to mount /data manually?
mount -t ext4 /dev/block/mmcblk0p8 /data
Click to expand...
Click to collapse
_that said:
That looks quite correct. What happens when you try to mount /data manually?
Click to expand...
Click to collapse
Thanks, good idea. But unfortunately, the error message isn't very detailed:
Code:
mount -t ext4 /dev/block/mmcblk0p8 /data
mount: mounting /dev/block/mmcblk0p8 on /data failed: Invalid argument
I also tried to check the filesystem with e2fsck:
Code:
~ # e2fsck /dev/block/mmcblk0p8
e2fsck 1.41.14 (22-Dec-2010)
e2fsck: Superblock invalid, trying backup blocks...
e2fsck: Bad magic number in super-block while trying to open /dev/block/mmcblk0p8
The superblock could not be read or does not describe a correct ext2
filesystem. If the device is valid and it really contains an ext2
filesystem (and not swap or ufs or something else), then the superblock
is corrupt, and you might try running e2fsck with an alternate superblock:
e2fsck -b 8193 <device>
giza1928 said:
Thanks, good idea. But unfortunately, the error message isn't very detailed:
Code:
mount -t ext4 /dev/block/mmcblk0p8 /data
mount: mounting /dev/block/mmcblk0p8 on /data failed: Invalid argument
Click to expand...
Click to collapse
Is there any message in dmesg after trying this?
What do you get from "hexdump -C -n 2048 /dev/block/mmcblk0p8"?
_that said:
Is there any message in dmesg after trying this?
What do you get from "hexdump -C -n 2048 /dev/block/mmcblk0p8"?
Click to expand...
Click to collapse
No, no messages in dmesg after the mount command, only updates like this:
Code:
<4>[ 81.890682] cpu ext_temperature=26
The output from the hexdump command:
Code:
~ # hexdump -C -n 2048 /dev/block/mmcblk0p8
00000000 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
*
00000800
giza1928 said:
The output from the hexdump command:
Code:
~ # hexdump -C -n 2048 /dev/block/mmcblk0p8
00000000 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
*
00000800
Click to expand...
Click to collapse
Funny. Normally the superblock should start at offset 0x400. Yours appears to have gotten wiped.
Try the same command on mmcblk0p1, mmcblk0p2, mmcblk0p3, mmcblk0p5 and post the results just to find out what's going on.
_that said:
Funny. Normally the superblock should start at offset 0x400. Yours appears to have gotten wiped.
Try the same command on mmcblk0p1, mmcblk0p2, mmcblk0p3, mmcblk0p5 and post the results just to find out what's going on.
Click to expand...
Click to collapse
p1:
Code:
hexdump -C -n 2048 /dev/block/mmcblk0p1
00000000 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
*
00000400 00 c0 00 00 00 00 03 00 00 00 00 00 95 ce 01 00 |................|
00000410 d2 b9 00 00 00 00 00 00 02 00 00 00 02 00 00 00 |................|
00000420 00 80 00 00 00 80 00 00 00 20 00 00 38 e3 78 53 |......... ..8.xS|
00000430 38 e3 78 53 05 00 ff ff 53 ef 01 00 02 00 00 00 |8.xS....S.......|
00000440 d2 aa 78 53 00 00 00 00 00 00 00 00 01 00 00 00 |..xS............|
00000450 00 00 00 00 0b 00 00 00 00 01 00 00 1c 00 00 00 |................|
00000460 42 00 00 00 13 00 00 00 57 f8 f4 bc ab f4 65 5f |B.......W.....e_|
00000470 bf 67 94 6f c0 f9 f2 5b 00 00 00 00 00 00 00 00 |.g.o...[........|
00000480 00 00 00 00 00 00 00 00 2f 73 79 73 74 65 6d 00 |......../system.|
00000490 e8 0a 29 c0 00 9c a6 c7 b0 ca b7 c6 00 00 00 00 |..).............|
000004a0 48 b4 54 c7 e0 a3 58 c6 fc fd e0 c6 c8 fd e0 c6 |H.T...X.........|
000004b0 fc 7e 12 c0 80 f3 1a c0 e4 fd e0 c6 74 f3 1a c0 |.~..........t...|
000004c0 bc c7 7c c0 00 9c a6 c7 00 00 00 00 00 00 2f 00 |..|.........../.|
000004d0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
000004e0 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
000004f0 00 00 00 00 00 00 00 00 00 00 00 00 02 01 20 00 |.............. .|
00000500 00 00 00 00 00 00 00 00 00 00 00 00 0a f3 01 00 |................|
00000510 03 00 00 00 00 00 00 00 00 00 00 00 00 0c 00 00 |................|
00000520 33 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |3...............|
00000530 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
*
00000550 00 00 00 00 00 00 00 00 00 00 00 00 1c 00 1c 00 |................|
00000560 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000570 00 00 00 00 00 00 00 00 ec 83 04 00 00 00 00 00 |................|
00000580 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
*
00000800
p2:
Code:
~ # hexdump -C -n 2048 /dev/block/mmcblk0p2
00000000 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
*
00000400 00 6b 00 00 00 ac 01 00 00 00 00 00 86 86 01 00 |.k..............|
00000410 dc 6a 00 00 00 00 00 00 02 00 00 00 02 00 00 00 |.j..............|
00000420 00 80 00 00 00 80 00 00 c0 1a 00 00 f3 eb 78 53 |..............xS|
00000430 f3 eb 78 53 08 00 ff ff 53 ef 01 00 02 00 00 00 |..xS....S.......|
00000440 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 |................|
00000450 00 00 00 00 0b 00 00 00 00 01 00 00 1c 00 00 00 |................|
00000460 46 00 00 00 13 00 00 00 57 f8 f4 bc ab f4 65 5f |F.......W.....e_|
00000470 bf 67 94 6f c0 f9 f2 5b 00 00 00 00 00 00 00 00 |.g.o...[........|
00000480 00 00 00 00 00 00 00 00 2f 63 61 63 68 65 00 e8 |......../cache..|
00000490 0a 29 c0 c0 dd d6 c6 88 d3 b8 c6 00 00 00 00 b8 |.)..............|
000004a0 eb b8 c6 20 cb 81 c7 fc dd da c6 c8 dd da c6 fc |... ............|
000004b0 7e 12 c0 80 f3 1a c0 e4 dd da c6 74 f3 1a c0 bc |~..........t....|
000004c0 c7 7c c0 c0 dd d6 c6 d8 00 00 00 00 00 00 1f 00 |.|..............|
000004d0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
000004e0 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
000004f0 00 00 00 00 00 00 00 00 00 00 00 00 02 01 20 00 |.............. .|
00000500 00 00 00 00 00 00 00 00 00 00 00 00 0a f3 01 00 |................|
00000510 03 00 00 00 00 00 00 00 00 00 00 00 b0 06 00 00 |................|
00000520 cf 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000530 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
*
00000550 00 00 00 00 00 00 00 00 00 00 00 00 1c 00 1c 00 |................|
00000560 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000570 00 00 00 00 00 00 00 00 ec 18 00 00 00 00 00 00 |................|
00000580 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
*
00000800
p3:
Code:
~ # hexdump -C -n 2048 /dev/block/mmcblk0p3
00000000 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
*
00000800
p5:
Code:
~ # hexdump -C -n 2048 /dev/block/mmcblk0p5
00000000 eb 58 90 42 53 44 20 20 34 2e 34 00 02 08 20 00 |.X.BSD 4.4... .|
00000010 02 00 00 00 28 f0 00 00 10 00 04 00 00 00 00 00 |....(...........|
00000020 00 00 00 00 0a 00 00 00 00 00 00 00 02 00 00 00 |................|
00000030 01 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000040 00 00 29 d2 07 38 a4 4e 4f 20 4e 41 4d 45 20 20 |..)..8.NO NAME |
00000050 20 20 46 41 54 33 32 20 20 20 fa 31 c0 8e d0 bc | FAT32 .1....|
00000060 00 7c fb 8e d8 e8 00 00 5e 83 c6 19 bb 07 00 fc |.|......^.......|
00000070 ac 84 c0 74 06 b4 0e cd 10 eb f5 30 e4 cd 16 cd |...t.......0....|
00000080 19 0d 0a 4e 6f 6e 2d 73 79 73 74 65 6d 20 64 69 |...Non-system di|
00000090 73 6b 0d 0a 50 72 65 73 73 20 61 6e 79 20 6b 65 |sk..Press any ke|
000000a0 79 20 74 6f 20 72 65 62 6f 6f 74 0d 0a 00 00 00 |y to reboot.....|
000000b0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
*
000001f0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 aa |..............U.|
00000200 52 52 61 41 00 00 00 00 00 00 00 00 00 00 00 00 |RRaA............|
00000210 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
*
000003e0 00 00 00 00 72 72 41 61 ff ff ff ff 0d 00 00 00 |....rrAa........|
000003f0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 aa |..............U.|
00000400 eb 58 90 42 53 44 20 20 34 2e 34 00 02 08 20 00 |.X.BSD 4.4... .|
00000410 02 00 00 00 28 f0 00 00 10 00 04 00 00 00 00 00 |....(...........|
00000420 00 00 00 00 0a 00 00 00 00 00 00 00 02 00 00 00 |................|
00000430 01 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000440 00 00 29 d2 07 38 a4 4e 4f 20 4e 41 4d 45 20 20 |..)..8.NO NAME |
00000450 20 20 46 41 54 33 32 20 20 20 fa 31 c0 8e d0 bc | FAT32 .1....|
00000460 00 7c fb 8e d8 e8 00 00 5e 83 c6 19 bb 07 00 fc |.|......^.......|
00000470 ac 84 c0 74 06 b4 0e cd 10 eb f5 30 e4 cd 16 cd |...t.......0....|
00000480 19 0d 0a 4e 6f 6e 2d 73 79 73 74 65 6d 20 64 69 |...Non-system di|
00000490 73 6b 0d 0a 50 72 65 73 73 20 61 6e 79 20 6b 65 |sk..Press any ke|
000004a0 79 20 74 6f 20 72 65 62 6f 6f 74 0d 0a 00 00 00 |y to reboot.....|
000004b0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
*
000005f0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 aa |..............U.|
00000600 52 52 61 41 00 00 00 00 00 00 00 00 00 00 00 00 |RRaA............|
00000610 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
*
000007e0 00 00 00 00 72 72 41 61 ff ff ff ff 02 00 00 00 |....rrAa........|
000007f0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 aa |..............U.|
00000800
Thanks already for your help, to be honest I have no clue what I'm looking at. Are those the first 2048 bits of each partition?
giza1928 said:
Thanks already for your help, to be honest I have no clue what I'm looking at. Are those the first 2048 bits of each partition?
Click to expand...
Click to collapse
Yes. All other partitions except /data look normal - p1 is /system, p2 is /cache, p3 is the bootloader command partition which is usually empty, p5 contains device configuration in a FAT32 filesystem.
Try formatting /data from the recovery, then reinstall your ROM (which will format and fill /system).
_that said:
Yes. All other partitions except /data look normal - p1 is /system, p2 is /cache, p3 is the bootloader command partition which is usually empty, p5 contains device configuration in a FAT32 filesystem.
Try formatting /data from the recovery, then reinstall your ROM (which will format and fill /system).
Click to expand...
Click to collapse
Ok, do you mean the format command I can select in recovery? Because it says:
Code:
Formatting /data...
Error mounting /data!
Skipping format...
Done.
But can I maybe use mke2fs or something similar to format /dev/mmcblk0p8? If so, could you tell me what options I should use?
Thanks
giza1928 said:
Ok, do you mean the format command I can select in recovery? Because it says:
Code:
Formatting /data...
Error mounting /data!
Skipping format...
Done.
Click to expand...
Click to collapse
I have no experience with CWM; apparently it sucks.
giza1928 said:
But can I maybe use mke2fs or something similar to format /dev/mmcblk0p8? If so, could you tell me what options I should use?
Click to expand...
Click to collapse
Code:
make_ext4fs /dev/block/mmcblk0p8
should do it. Assuming that CWM ships with a make_ext4fs binary.
_that said:
I have no experience with CWM; apparently it sucks.
Code:
make_ext4fs /dev/block/mmcblk0p8
should do it. Assuming that CWM ships with a make_ext4fs binary.
Click to expand...
Click to collapse
Thanks, that worked! CWM does ship with make_ext4fs, I flashed Cyanogenmod and it booted successfully! :victory:
I figured I would post my experience with a sudden bootloop. My tf700t was unlocked and rooted a very long time ago and I've used a few ROM's since doing that. First was CROMI-x then Cyanogenmod 11 nightlies then CROMBi-kk and then I switched to ZOMBI-x.
I installed Zombi-x using F2FS file system and never had any issues except for the usual mind numbing lag from the horrible IO issues.
So just last night (12/21/2014) my tablet froze with a light grey screen and about 10 seconds later it rebooted, but it kept rebooting over and over. I tried cold booting, but that didn't help, so I booted into CWM (ver. 6.0.4.7) and tried to do a wipe data/system reset, but the tablet would just reboot part way through. I tried formatting the /data partition directly but it caused the tablet to reboot as well. So a few other posts around the interwebs led me to the conclusion that I needed to get rid of clockworkmod and switch to TWRP.
Thankfully I was able to connect to the tablet using fastboot, but only in Linux. (my Win7 PC saw that something was there, but it wouldn't let me install the driver)(http://lifehacker.com/the-easiest-way-to-install-androids-adb-and-fastboot-to-1586992378) So I installed TWRP 2.8.3.0 and used it to do a complete wipe. It started the format but had several errors about not being able to mount /data and then it said it was formatting Data using ext4fs. I've read that it should only take 5 minutes or so, so you can imagine my worry when 5 minutes past and then 10 and so on until it finished up after a little over 30 minutes, so if it's just sitting there, there's a good chance it is actually doing something, so leave it be for awhile and don't forget to check your battery, you don't want your tab to shut off suddenly!
I reinstalled CROMBi-kk and let it boot. Much to my surprise it booted and the resulting performance was nothing short of shocking!
So far this thing is running like it NEVER has before! The lag so far is so much less than ever and things open and close very quickly!
So without any surprise here, I won't be using F2FS anymore for fear I'll have corruption on the internal storage again! Thankfully TWRP came through for me. So if your tf700 is bootlooping and you still have fastboot, try installing the latest TWRP, it may just make the difference between a functioning tablet and a brick!
Viking8 said:
So I installed TWRP 2.8.3.0 and used it to do a complete wipe. It started the format but had several errors about not being able to mount /data and then it said it was formatting Data using ext4fs. I've read that it should only take 5 minutes or so, so you can imagine my worry when 5 minutes past and then 10 and so on until it finished up after a little over 30 minutes, so if it's just sitting there, there's a good chance it is actually doing something, so leave it be for awhile and don't forget to check your battery, you don't want your tab to shut off suddenly!
I reinstalled CROMBi-kk and let it boot. Much to my surprise it booted and the resulting performance was nothing short of shocking!
So far this thing is running like it NEVER has before! The lag so far is so much less than ever and things open and close very quickly!
Click to expand...
Click to collapse
The long time it takes for formatting and the performance gains are actually related. Creating the filesystem takes probably less than 5 minutes, but then the recovery does a "trim" on the free blocks - telling the eMMC that it may discard the data in these blocks and erase them. Erasing flash memory is slow. But following write requests by the booted ROM will be much faster because they can be written directly without prior erasing and shuffling data around.
_that said:
The long time it takes for formatting and the performance gains are actually related. Creating the filesystem takes probably less than 5 minutes, but then the recovery does a "trim" on the free blocks - telling the eMMC that it may discard the data in these blocks and erase them. Erasing flash memory is slow. But following write requests by the booted ROM will be much faster because they can be written directly without prior erasing and shuffling data around.
Click to expand...
Click to collapse
So the performance boost after formatting /data is temporary until the emmc again has to shuffle data around when it gets write requests?
I thought f2fs was supposed to take care of that?
berndblb said:
So the performance boost after formatting /data is temporary until the emmc again has to shuffle data around when it gets write requests?
I thought f2fs was supposed to take care of that?
Click to expand...
Click to collapse
Using f2fs should increase the time until the eMMC has to shuffle data around because it does less random writes. But when all blocks have been written once, something must be erased to rewrite more. The permanent solution is to run fstrim regularly (I've seen some comments in the Android source code that runs it automatically from time to time) or to mount with the discard option, and to leave a reasonable amount of space free (10 to 15%).
_that said:
Using f2fs should increase the time until the eMMC has to shuffle data around because it does less random writes. But when all blocks have been written once, something must be erased to rewrite more. The permanent solution is to run fstrim regularly (I've seen some comments in the Android source code that runs it automatically from time to time) or to mount with the discard option, and to leave a reasonable amount of space free (10 to 15%).
Click to expand...
Click to collapse
Enlightening as always! Happy Holidays to you and your family!
[emoji319] [emoji319] [emoji318] [emoji319] [emoji319]
It doesn't seem that lagfix can trim /data formated to f2fs.
Sent from my TF700T using Tapatalk
Related
This is wat I have done:
With romupdate I made a backup on 512MB SD Card
Put SD card away
Installed TMob rom, all ok.
Tmobile is too pink for me so I wanted to install my old rom
Put in SD card and immediatedly bootloader says SD card, update blabla and it worked.
----
Now I want to have that bigstorage. I ntrw'd the SDcard to a file, opened it with hexeditor, changed the 2 020008000 thingies, saved it and ntrw'd it back onto the SDcard.
Sow, when inserted in bootloader, it just sais
SERIAL
V1.02
When I remove the card very sometimes it THEN IMMEDIATELDY askes to install, but than sections=1 and read card is fail. Somtimes when removing and reinserting it sais ROM size not enough.
What should I do? I tried everything. Should I keep my old rom and forget the big storage?
I tried leaving the phone for 1 night in the bootloader, hoping next morning it would say SD update.
It left me with a drained battery (0%!) it wouldn't reset anymore until I plugged the device in te loader, I had it fully recharged. Strange.
Ok. I think this could be a problem.
My SD image looks like this (first somewhat 500 bytes
Code:
4d 41 47 49 43 49 41 4e 20 20 20 20 20 20 20 20 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 31 2e 30 32 20 20 20 20 20 20 20 20 20 20 20 20 25 8e f4 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 9e 8a c5 37 53 41 30 30 d8 00 45 07 00 06 7d 77 57 00 3c 27 bf 22 e7 00 07 b4 2e 0b 19 96 d8 bb 88 ef c3 dd 49 c6 26 3a 50 e6 00 1c b8 2f 59 e0 27 ec 45 f2 af 00 00 f9 ab 7a ca 4e 5a 9d 0f b3 cc 00 00 00 00 9d a8 a3 51 99 3f 82 07 ba 4d 40 51 00 ff e9 5c 9a 8b 67 bb 3a b9 f5 09 a9 a3 d6 69 74 71 4f 17 46 a3 2e 4e ee 8e 61 e8 f3 b0 a5 cc cb d6 1c b5 59 d0 47 1a ea 9f 29 4f 84 2e cc b3 d0 b1 a5 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 f0 48 cd 47 ab 32 f5 57 1e 36 1a 99 8c 93 4c 67 35 9d 60 d3 34 10 f3 99 a8 a4 ab 53 12 e1 c0 ec fe 35 bb 57 e6 44 7e 81 53 7f 85 84 45 f8 6b 1d d5 74 b0 60 19 c2 b9 aa 48 4c 18 d8 1e ec 0e b6 82 01 4e ba 67 c1 04 f3 f0 d1 16 3c d7 13 aa b5 0f bf e8 74 a8 b5 01 77 f4 11 70 dd e8 00 80 56 c4 d3 0e d9 f7 52 90 95 3c 53 56 29 0a 8b 10 48 54 43 53 41 30 30 34 30 30 30 30 30 33 46 43 30 30 30 30 30 43 46 34 38 45 32 35 fe 03 00 ea 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 45 43 45 43 34 ec 0d 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 56 4f 44 41 50 30 30
cant get the text copied, but when I encode it to a /nbf file, with good romdumps it shows the operator and things, now it shows garbage:
Code:
Good one:
deviceId=PM10A
cellOpName=T-MOB005
language=WWE
firmwareVersion=1.13.00
deviceModelName=Magician
address0=0
address1=0
address2=0
crc32=6448ae5b
File crc32: dd221a2f
Code:
My own:
deviceId=MAGICIAN
cellOpName=0000000000000000
language=1.02
firmwareVersion= %Ķ♀
deviceModelName=
address0=
address1=
address2=
crc32=
File crc32: 148cd320
Where dit it go wrong???
ntrw, romupdate.exe? It's a bit scrambled.
It wás the problem.
What I did:
FOrmat SD card
Get rom on SD card with romupdate
ntrw it to disk
used hexedit to remove the 400meg of zero's (512mb sdcard)
ran mksBigStoragerENG.exe from ftp site for patch it bigstorage and so,
format SD card again
ntrw new patched file to SD
put it in Magician, start bootloader, and in 10 sec SD UPDATE and off it goes, now 51%...
Wish me luck!
Yes, done it.
Now have Dutch Vodafone 1.12 ROM with 1.12 Radio, extended rom is on my harddisk and bigstorage.
If someone wants this ROM please let me know, have no fast connection but then I will upload it at night.
Thanks for your thoughtfulness but I believe ROM 1.12 with Radio 1.12 is already in the ftp. In fact, the latest ROM version is 1.13 with Radio 1.12, but there's a stand alone Radio 1.13.
Well I'm happy it worked this way. There were some people struggling to get the SD card to update, this should do the trick then. I tried everything else
And I had some problems with pushmanager + bluesoleil in 1.13 (no vodafone?) which I dont have now. Maybe it was not the 1.13 fault, but ey, what's the difference?
Hi,
I'm an Australian user of the Optus Dream / G1.
I've searched on here as well as Google in general to try and find an example of a goldcard. Whenever I make mine, windows *****es that it cannot read the device to load the dreaming file on. I just want to find out if i'm on the right track.
Ok, so here's the CID straight from terminal emulator:
Code:
0353445355303147801060c16d009198
and now, reversed with 00 at the start:
Code:
0091006dc16010804731305553445303
I load this into qmat and generate this goldcard:
Code:
6F E9 DB F4 62 CF 43 51 09 60 42 63 C6 5E 17 A8
39 68 F0 67 A8 40 85 41 4D BE 7D 74 2E 28 81 02
FB 98 90 61 C8 DD 02 A0 46 12 FF AB 02 F6 E9 0A
C3 37 09 00 7D 62 10 4C 3F 66 F2 F2 D5 D2 F8 0E
67 FD DC 18 4E D8 B3 49 74 AA 58 B9 06 9E 57 E8
79 A8 30 A7 E8 80 C5 81 8D FE BD B4 6E 68 C1 42
3B D8 D0 A1 08 0D 2B 96 97 30 4F 19 52 54 F9 4A
03 77 49 40 BD A2 50 8C 7F A6 32 32 92 ED AB F4
53 41 30 30 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 5F 00 9E 00 00 00 00 00 00
75 00 00 00 00 A5 7E 00 00 00 00 00 00 00 00 00
00 D8 2D 00 00 00 00 00 00 00 00 00 00 8F CD 07
42 00 00 00 00 00 00 00 00 00 00 00 00 82 00 00
00 00 00 00 00 00 00 00 00 00 00 00 52 28 7D 3C
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 FF FF FF FF FF FF FF FF 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
(the goldcard is x180 long)
This is what the first x180 of my SD card looks like when it is freshly formatted to FAT32 and opened in hxD:
Code:
EB 58 90 4D 53 44 4F 53 35 2E 30 00 02 08 0C 11
02 00 00 00 00 F8 00 00 3F 00 FF 00 00 20 00 00
BB 06 1E 00 7A 07 00 00 00 00 00 00 02 00 00 00
01 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00
80 00 29 C6 28 D5 F6 4E 4F 20 4E 41 4D 45 20 20
20 20 46 41 54 33 32 20 20 20 33 C9 8E D1 BC F4
7B 8E C1 8E D9 BD 00 7C 88 4E 02 8A 56 40 B4 41
BB AA 55 CD 13 72 10 81 FB 55 AA 75 0A F6 C1 01
74 05 FE 46 02 EB 2D 8A 56 40 B4 08 CD 13 73 05
B9 FF FF 8A F1 66 0F B6 C6 40 66 0F B6 D1 80 E2
3F F7 E2 86 CD C0 ED 06 41 66 0F B7 C9 66 F7 E1
66 89 46 F8 83 7E 16 00 75 38 83 7E 2A 00 77 32
66 8B 46 1C 66 83 C0 0C BB 00 80 B9 01 00 E8 2B
00 E9 2C 03 A0 FA 7D B4 7D 8B F0 AC 84 C0 74 17
3C FF 74 09 B4 0E BB 07 00 CD 10 EB EE A0 FB 7D
EB E5 A0 F9 7D EB E0 98 CD 16 CD 19 66 60 80 7E
02 00 0F 84 20 00 66 6A 00 66 50 06 53 66 68 10
00 01 00 B4 42 8A 56 40 8B F4 CD 13 66 58 66 58
66 58 66 58 EB 33 66 3B 46 F8 72 03 F9 EB 2A 66
33 D2 66 0F B7 4E 18 66 F7 F1 FE C2 8A CA 66 8B
D0 66 C1 EA 10 F7 76 1A 86 D6 8A 56 40 8A E8 C0
E4 06 0A CC B8 01 02 CD 13 66 61 0F 82 75 FF 81
C3 00 02 66 40 49 75 94 C3 42 4F 4F 54 4D 47 52
20 20 20 20 00 00 00 00 00 00 00 00 00 00 00 00
Now, various instructions (that I cannot link to being a new user) I have seen say to copy the first x170 of the goldcard to the sdcard. But the goldcard is x180 long???
Anyway, I've tried both (copying x180 and x170), and that doesn't work. I've tried adding replacing the first byte of the reversed CID with "00", and not replacing it, and neither work.
TL;DR: Does the above goldcard and unmodified SD card look like yours?
can't you just flash that nbh img from bootloader?
not sure how much different australian g1s from US. but I didn't use gold card in rooting my g1.
Did you try this?
xtenpeben said:
can't you just flash that nbh img from bootloader?
not sure how much different australian g1s from US. but I didn't use gold card in rooting my g1.
Click to expand...
Click to collapse
I tried that, but when I reboot and hold the camera button it comes up and says "Not allowed"
nk111 said:
Did you try this?
Click to expand...
Click to collapse
Yes I tried the online goldcard generator, same results on all fronts.
I have also tried different SD Cards, a 2gb Kingston and a 1gb sandisk
The best this is to use qmat to do the reverse string thingie.
I had done it a lot of times manually, but failed every time.
After using qmat I got it to work.
Hello,
I can not check your goldcard right now because I am on my phone, but I think this is not your problem. If windows complains about beeing not able to read the drive, you most likely copied your goldcard to the wrong part of the disk.
You have to overwrite the first 170 Byte of your sd Card. It is important that you do not choose the logical drive (say drive letter e: for example) but the actual physical drive with your sdcard (should not have a drive letter)
I just assume this is your problem. Maybe you could pos the first bytes of your selected drive and tell us what you did.
edit: ah you did post that. The first bytes should be a bunch of 0s. Check what I stated above and tell us if you still have problems.
Please try my software: http://www.mediafire.com/download.php?mzqdyrtmimj
I bet its wether a mistake in the transcription of the CID or you havent used the physical drive. If the sd card has to be formated, it wont work.
I just got mine to work. My problem was same as yours, my mistake was using "logical disk" instead of physical in HxD. I also switched my sd card to older 1gb that I formatted first in a camera (fat16) then formatted in vista to fat32 right before writing the 170 bytes (length: 180). Save after you copy paste the hex but dont close. put the DREAIMG.nhb on it first then close HxD, then "safely remove"
This worked for me but I struggled until I got here, made so many mistakes. Good Luck.
goldcard is really x180 long just
copy all 00 00 00 00 ... from x170 to x180 and save
thanks man you are the best
you have an extra 3 at the end in the reversed code.. lol
I hope this question is appropriate for this subforum, but before I void my warranty, I want to know *exactly* what is going on in my device so that I am prepared if something goes wrong.
On my locked TF700 (via adb) I get this:
Code:
[email protected]:/ $ su
[email protected]:/ # cat /proc/partitions
major minor #blocks name
179 0 62087168 mmcblk0
179 1 786432 mmcblk0p1
179 2 438272 mmcblk0p2
179 3 2048 mmcblk0p3
179 4 835584 mmcblk0p4
179 5 5120 mmcblk0p5
179 6 512 mmcblk0p6
179 7 5120 mmcblk0p7
179 8 59976192 mmcblk0p8
8 0 31166976 sda
8 1 31162880 sda1
[email protected]:/ # hexdump -C /dev/block/mmcblk0 | head -3
00000000 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
*
00380000 41 4e 44 52 4f 49 44 21 dc d0 3d 00 00 80 00 10 |ANDROID!..=.....|
[email protected]:/ #
I already know what the important partitions are, and that there are no visible partition entries for bootloader, recovery and kernel. But if I dump mmcblk0 directly, shouldn't I be able to see the code of the bootloader in the first few blocks? Where the BCT, PT and EBT partitions should be according to the NVFlash layout, I read only zeros.
Can someone with unlocked bootloader, root and busybox installed please run the hexdump line from above and tell me if you get more than all zeros before offset 00380000?
My output:
Code:
[email protected]:/ # hexdump -C /dev/block/mmcblk0 | head -3
00000000 0b 72 0f 00 78 09 33 ef 99 6f 51 bf b0 6b 39 8c |.r..x.3..oQ..k9.|
00000010 4b e8 ff 0a 96 ce ce e1 34 8c 8a 89 0b b1 c3 6f |K.......4......o|
00000020 53 ec 76 61 ba 77 f1 af 61 eb 51 10 b6 96 bb 06 |S.va.w..a.Q.....|
Sent from my ASUS Transformer Pad TF700T using XDA Premium HD app
BossMafia2 said:
My output
Click to expand...
Click to collapse
Thanks! This proves that the unlocked bootloader "un-hides" the data at the beginning of the eMMC. However it looks encrypted, I expected a lot more zeros.
Can someone else try the same command and check if you get the same or a completely different output?
Alternatively, could maybe some developer explain to me what unlocking does in detail?
[email protected]:/ # hexdump -C /dev/block/mmcblk0 |head -3
00000000 8b 8d 9e 8f ff ff ff ff 00 01 00 00 a0 05 00 00 |................|
00000010 f3 43 fa 12 9c b6 e6 f2 07 ea 37 ad 9b c0 6d 3e |.C........7...m>|
00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
above all is my output,I also have such a problem just like you ,my tablet is crappy and even the offical does not want to release the rom for us!and recently they updated system from 1.05 to 1.07,and it's very frustrating that they didn't correct any bugs but gave us 4.1.1 system ,and the power battery consuming problem is still exist since they updated system to 1.05!!
I want to grab bootloader from device nand,but no solution till now!
first of all ,you should know that my tablet is not asus tf700
my tablet's info.
I have a rooted galaxy tab 3 7" device
major minor #blocks name
179 0 15388672 mmcblk0
179 1 61440 mmcblk0p1
179 2 128 mmcblk0p2
179 3 256 mmcblk0p3
179 4 512 mmcblk0p4
179 5 2048 mmcblk0p5
179 6 512 mmcblk0p6
179 7 512 mmcblk0p7
179 8 12800 mmcblk0p8
179 9 8192 mmcblk0p9
179 10 13952 mmcblk0p10
179 11 3072 mmcblk0p11
179 12 3072 mmcblk0p12
179 13 10240 mmcblk0p13
179 14 10240 mmcblk0p14
179 15 10240 mmcblk0p15
179 16 7160 mmcblk0p16
179 17 3072 mmcblk0p17
179 18 8 mmcblk0p18
179 19 8192 mmcblk0p19
179 20 12288 mmcblk0p20
179 21 1740800 mmcblk0p21
179 22 512000 mmcblk0p22
179 23 16384 mmcblk0p23
179 24 20480 mmcblk0p24
179 25 12926959 mmcblk0p25
179 32 62367744 mmcblk1
179 33 62366720 mmcblk1p
The command for hex dump with the head -3 wasn't eventful so here is the beginnings of my blk0:
00000000 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
*
000001c0 00 00 ee 00 00 00 01 00 00 00 ff 9f d5 01 00 00 |................|
000001d0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
*
000001f0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 aa |..............U.|
00000200 45 46 49 20 50 41 52 54 00 00 01 00 5c 00 00 00 |EFI PART....\...|
00000210 d2 06 97 6c 00 00 00 00 01 00 00 00 00 00 00 00 |...l............|
00000220 ff 9f d5 01 00 00 00 00 22 00 00 00 00 00 00 00 |........".......|
00000230 de 9f d5 01 00 00 00 00 32 1b 10 98 e2 bb f2 4b |........2......K|
00000240 a0 6e 2b b3 3d 00 0c 20 02 00 00 00 00 00 00 00 |.n+.=.. ........|
00000250 80 00 00 00 80 00 00 00 51 a4 95 d5 00 00 00 00 |........Q.......|
00000260 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
*
00000400 a2 a0 d0 eb e5 b9 33 44 87 c0 68 b6 b7 26 99 c7 |......3D..h..&..|
00000410 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000420 00 20 00 00 00 00 00 00 ff ff 01 00 00 00 00 00 |. ..............|
00000430 00 00 00 00 00 00 00 00 6d 00 6f 00 64 00 65 00 |........m.o.d.e.|
00000440 6d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |m...............|
00000450 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
...
07600000 41 4e 44 52 4f 49 44 21 88 ad 64 00 00 80 20 80 |ANDROID!..d... .|
07600010 5a 4a 2a 00 00 00 20 82 00 00 00 00 00 00 10 81 |ZJ*... .........|
07600020 00 01 20 80 00 08 00 00 00 00 00 00 00 00 00 00 |.. .............|
07600030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
07600040 63 6f 6e 73 6f 6c 65 3d 6e 75 6c 6c 20 61 6e 64 |console=null and|
07600050 72 6f 69 64 62 6f 6f 74 2e 68 61 72 64 77 61 72 |roidboot.hardwar|
07600060 65 3d 71 63 6f 6d 20 75 73 65 72 5f 64 65 62 75 |e=qcom user_debu|
07600070 67 3d 33 31 00 00 00 00 00 00 00 00 00 00 00 00 |g=31............|
07600080 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
mine also shows zeros, even though it's unlocked:
[email protected]:/ # busybox hexdump -C /dev/block/mmcblk0 | head -3
00000000 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
*
00380000 41 4e 44 52 4f 49 44 21 6c 68 38 00 00 80 00 10 |ANDROID!lh8.....|
<><sharkcow><>
I am not sure if this is the right place, mostly because I dont know how someone else would categorize this info. Mods exist for a reason, today that reason might be to move this to the correct place
According to google some is new info some is old.
I dumped /dev/block/mmcblk0p7 which appears to be the baseband firmware. It is not compressed or encrypted but rather appears to be a filesystem of some sort.
I have identified that they are using RTOS.com's threadX and traceX.
I identified a zip file which indicates the authors used IBM Rational ClearCase
I identified another zip file which is a process trace, attached here for convenience.
There is a file that appears to be a DES encrypted with mcrypt 2.2 (not compatible with 2.4). 56 bit key so it should not take terribly long to brute force. As I still do not have a firm grasp on the structure of the 32M disk dump I do not know where the key might be. I also do not have an idle system with sufficient capacity to deal with this in a timely fashion. Anyone got some FPGAs from the old bitcoin days?
There are probably some additional things I will eventually find. I have to go away for a few days so I wont be able to work on this until I return. I am going to look through threadX to see if that sheds light on the file format (they have a free demo download). The only other thing I can think of off the top of my head is that maybe the chip itself expects a specific filesystem.
Maybe this post will spur some people to start looking into it more (or publish what they have if they have looked into it).
I have done further digging.
Firmware header - first 512 bytes
Name ... about 0xD is the offset for that section ... about 0x15 is the size of that section
PSI - start at 0x1000 length 0xE000
EBL - start at 0xF000 length 0x019000
MAIN - start at 0x28000 length 0x9D7800
SECPAC - start at 0x9FF800 length 0x800
NV - starts at 0 length 200000 (its from /efs/nv_data.bin)
It becomes easy to see where the start and size offsets are in the header as well. This also tells me the chip is set to little endian mode (arm 11 based). There is still some data I do not know what it does.
I got a bunch of false positives from binwalk suggesting there is LZMA compressed data. None of it validated.
Baseband file XXELLA
Target File MD5 Checksum
ebl e68042d611aef558dc525009e03d2e50
main 99e7aa119c684b1b569dcc1ec867112a
nv_data.bin 5707f4f934b4ad2a4ee4a7530b92073d
psiram 7e3fe83c24c7e1a6b9110cd68e7564e6
secpac 91cb74b48e35f0f6d61f298d841af59a
MAIN is the only one that had anything at all.
gzip compressed data, was "config_spec.txt", from NTFS filesystem (NT), last modified: Fri Dec 21 21:02:29 2012
mcrypt 2.2 encrypted data, algorithm: DES, mode: CBC, keymode: MD5 hash
Zip archive data, at least v2.0 to extract, compressed size: 37806, uncompressed size: 200962, name: "trace.dec"
config_spec.txt just says "No ClearCase Config Spec available"
trace_dec.zip is attached above
the mcrypted file is being brute forced, slowly ... very slowly. 1 core on a busy system. I will likely abort it because it is not going to finish in a reasonable time.
512 bytes of the disk image
Code:
00000000 50 53 49 52 41 4d 00 00 00 00 00 00 00 10 00 00 |PSIRAM..........|
00000010 00 00 00 00 00 e0 00 00 00 00 00 00 00 00 00 00 |................|
00000020 45 42 4c 00 00 00 00 00 00 00 00 00 00 f0 00 00 |EBL.............|
00000030 00 00 00 60 00 90 01 00 00 00 00 00 00 00 00 00 |...`............|
00000040 4d 41 49 4e 00 00 00 00 00 00 00 00 00 80 02 00 |MAIN............|
00000050 00 00 30 60 00 78 9d 00 00 00 00 00 00 00 00 00 |..0`.x..........|
00000060 53 45 43 50 41 43 4b 00 00 00 00 00 00 f8 9f 00 |SECPACK.........|
00000070 00 00 00 00 00 08 00 00 00 00 00 00 00 00 00 00 |................|
00000080 4e 56 00 00 00 00 00 00 00 00 00 00 00 00 a0 00 |NV..............|
00000090 00 00 e8 60 00 00 20 00 00 00 00 00 00 00 00 00 |...`.. .........|
[rest is null]
00000200
reserved
This guide should be generic for all of Qualcomm A/B devices came with Android 9 or older out of box - in other words, devices with "super" partition are not applicable.
For some reason, if you prefer custom ROM rather than stock, or you want to get more storage space especially for 32GB or fewer devices, this should be a good start point.
I have never tested MediaTek or Unisoc devices, but for Qualcomm devices, this should work properly.
The point is, simply rename, eliminate and resize partitions so it will behave like A-only devices.
Devices with AVB1 need to repurpose these partitions:
Code:
boot_a -> boot
boot_b -> recovery
modem_a -> modem
modem_b -> (whatever you want)
bluetooth_a -> bluetooth
bluetooth_b -> (whatever you want)
dsp_a -> dsp
dsp_b -> dsp
mdtp_a -> mdtp
mdtp_b -> (whatever you want)
system_a -> system
vendor_a -> vendor
system_b -> (eliminated)
vendor_b -> (eliminated)
userdata -> enlarged
Devices with AVB2 need to repurpose these partitions additionally:
Code:
dtbo_a -> dtbo
dtbo_b -> (whatever you want)
vbmeta_a -> vbmeta
vbmeta_b -> (whatever you want)
MediaTek and Unisoc devices may have few more different partitions, may need to take care of them individually.
Few OEMs may have minor differences on few partitions - for example, HTC renamed modem to radio.
I know there's one device with such paranoid partition layout, that is Blackberry Key 2 (BBF100). I was wondering if using such paranoid partition layout on other A/B devices will make it behave like A-only devices, and the answer is yes.
To readers who want to check partition table of Blackberry Key 2, please unhide following content.
Code:
Sector size (logical): 512 bytes
Disk identifier (GUID): 85AF7333-4C28-063E-1A0A-A25F7F0A55C7
Partition table holds up to 80 entries
Main partition table begins at sector 2 and ends at sector 21
First usable sector is 34, last usable sector is 122142686
Partitions will be aligned on 8-sector boundaries
Total free space is 27642 sectors (13.5 MiB)
Number Start (sector) End (sector) Size Code Name
1 40 16383 8.0 MiB FFFF padding0
2 16384 18431 1024.0 KiB FFFF traceability
3 18432 32767 7.0 MiB FFFF padding1
4 32768 40959 4.0 MiB A02A fsg
5 40960 43007 1024.0 KiB FFFF dip
6 43008 43015 4.0 KiB A021 devinfo
7 43016 43527 256.0 KiB A022 apdp
8 43528 44039 256.0 KiB A023 msadp
9 44040 44041 1024 bytes A024 dpo
10 44048 110895 32.6 MiB FFFF splash
11 110896 110903 4.0 KiB A040 limits
12 110904 112951 1024.0 KiB FFFF toolsfv
13 112952 114999 1024.0 KiB A01A ddr
14 115000 115031 16.0 KiB A01D sec
15 115032 115287 128.0 KiB FFFF storsec
16 115288 123479 4.0 MiB FFFF tunning
17 123480 123983 252.0 KiB FFFF prdid
18 123984 124487 252.0 KiB FFFF boardid
19 124488 124615 64.0 KiB FFFF vbmeta
20 124616 126663 1024.0 KiB FFFF bluetooth
21 126664 159431 16.0 MiB FFFF dsp
22 159432 224967 32.0 MiB FFFF mdtp
23 224968 356039 64.0 MiB A036 boot
24 356040 581319 110.0 MiB 0700 modem
25 581320 581327 4.0 KiB FFFF bootsig
26 581328 589823 4.1 MiB FFFF padding2
27 589824 596991 3.5 MiB A012 xbl_a
28 596992 605183 4.0 MiB A016 tz_a
29 605184 606207 512.0 KiB A018 rpm_a
30 606208 607231 512.0 KiB A017 hyp_a
31 607232 608255 512.0 KiB A01E pmic_a
32 608256 610303 1024.0 KiB FFFF keymaster_a
33 610304 612351 1024.0 KiB FFFF cmnlib_a
34 612352 614399 1024.0 KiB FFFF cmnlib64_a
35 614400 622591 4.0 MiB FFFF mdtpsecapp_a
36 622592 624639 1024.0 KiB FFFF devcfg_a
37 624640 626687 1024.0 KiB FFFF abl_a
38 626688 638975 6.0 MiB FFFF padding3
39 638976 646143 3.5 MiB FFFF xbl_b
40 646144 654335 4.0 MiB FFFF tz_b
41 654336 655359 512.0 KiB FFFF rpm_b
42 655360 656383 512.0 KiB FFFF hyp_b
43 656384 657407 512.0 KiB FFFF pmic_b
44 657408 659455 1024.0 KiB FFFF keymaster_b
45 659456 661503 1024.0 KiB FFFF cmnlib_b
46 661504 663551 1024.0 KiB FFFF cmnlib64_b
47 663552 671743 4.0 MiB FFFF mdtpsecapp_b
48 671744 673791 1024.0 KiB FFFF devcfg_b
49 673792 675839 1024.0 KiB FFFF abl_b
50 688128 704511 8.0 MiB FFFF logfs
51 704512 704513 1024 bytes A029 fsc
52 704520 704535 8.0 KiB A02C ssd
53 704536 770071 32.0 MiB A026 persist
54 770072 772119 1024.0 KiB A01F misc
55 772120 773143 512.0 KiB A02D keystore
56 773144 774167 512.0 KiB FFFF frp
57 774168 905231 64.0 MiB A025 recovery
58 905232 905239 4.0 KiB FFFF recoverysig
59 905240 946199 20.0 MiB FFFF hdcp
60 946200 1048599 50.0 MiB FFFF oempersist
61 1048600 1179671 64.0 MiB FFFF logdump
62 1179672 1183767 2.0 MiB FFFF sti
63 1183768 1445911 128.0 MiB A01C rawdump
64 1445912 1454103 4.0 MiB A027 modemst1
65 1454104 1462295 4.0 MiB A028 modemst2
66 1462296 1462807 256.0 KiB FFFF perm
67 1462808 1463319 256.0 KiB FFFF nvuser
68 1463320 1465367 1024.0 KiB FFFF metadata
69 1465368 1498135 16.0 MiB FFFF rcause
70 1498136 1522711 12.0 MiB FFFF bcota
71 1522712 1524759 1024.0 KiB FFFF blog
72 1524760 1565719 20.0 MiB FFFF bbpersist
73 1572864 9142271 3.6 GiB FFFF system
74 9142272 10780671 800.0 MiB FFFF vendor
75 10780672 13033471 1.1 GiB FFFF oem
76 13041664 15138815 1024.0 MiB A039 cache
77 15138816 122142686 51.0 GiB A03A userdata
Now let's get started with the modding procedure.
Step 1: Get the gpt_both0.bin
This can be found from your stock firmware. If it doesn't exist, you have to dump it. Take the phone with eMMC storage for example:
Code:
dd if=/dev/block/mmcblk0 of=/storage/emulated/0/gpt_both0.bin bs=512 count=67
For devices with UFS storage, you have to get gpt_both0.bin - gpt_both5.bin from stock firmware or dump from /dev/block/sda ~ /dev/block/sdf.
If it's dumped from the phone, save it to a safe place to ensure we can restore partition table anytime we want.
Step 2: Hack the gpt_both0.bin (or gpt_both*.bin for UFS storage) - rename partitions
Make a copy of the gpt_both0.bin and use Hex Editor to open the gpt_both0.bin.
The actual partition table is separated into 2 parts, one is main partition table, another is backup.
main partition table is located between these offsets: 0x400~0x43FF
backup partition table is located between these offsets: 0x4400~0x83FF
As contents of 0x400~0x43FF and 0x4400~0x83FF are identical, we just need to edit the content between 0x400~0x43FF, then copy what we have done between 0x400~0x43FF and overwrite into 0x4400~0x83FF.
Every 0x7F content between 0x400~0x43FF is information of a partition. Take this for example:
Code:
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
00000000 D4 6C 03 77 D5 03 BB 42 8E D1 37 E5 A8 8B AA 34 Ôl.wÕ.»BŽÑ7娋ª4
00000010 E7 1F 76 6E 50 DA DC 52 E6 6E 63 D4 6C 4D 06 C5 ç.vnPÚÜRæncÔlM.Å
00000020 00 10 10 00 00 00 00 00 FF 0F 12 00 00 00 00 00 ........ÿ.......
00000030 00 00 00 00 00 00 00 00 62 00 6F 00 6F 00 74 00 ........b.o.o.t.
00000040 5F 00 62 00 00 00 00 00 00 00 00 00 00 00 00 00 _.b.............
00000050 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000060 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000070 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x0~0x1F - GUID of the partition.
0x20~0x27 - Begin offset in reversed order. The unit is KiB. In this case, the begin offset is 0x0000000000101000.
0x28~0x2F - End offset in reversed order. In this case, the end offset is 0x0000000000120FFF.
0x38~0x7F - Partition label. Every character of the partition label need to be separated with 0x00.
Always remember to use the calculator came with BASE-N function (including Windows Calculator and many high-end scientific calculator) to calculate the length of partitions, so we can resize in the next step.
In this part, we will need to rename few partitions.
Take the boot_a and boot_b partitions for example. Just simply rename the partition label.
Before:
Code:
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
00001D80 86 7F 11 20 85 E9 57 43 B9 EE 37 4B C1 D8 48 7D †.. …éWC¹î7KÁØH}
00001D90 12 B0 CE 25 F6 D5 85 67 BC 87 81 4E 99 D2 CD 24 .°Î%öÕ…g¼‡.N™ÒÍ$
00001DA0 00 10 0E 00 00 00 00 00 FF 0F 10 00 00 00 00 00 ........ÿ.......
00001DB0 00 00 00 00 00 00 00 00 62 00 6F 00 6F 00 74 00 ........b.o.o.t.
00001DC0 5F 00 61 00 00 00 00 00 00 00 00 00 00 00 00 00 _.a.............
00001DD0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00001DE0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00001DF0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00001E00 D4 6C 03 77 D5 03 BB 42 8E D1 37 E5 A8 8B AA 34 Ôl.wÕ.»BŽÑ7娋ª4
00001E10 E7 1F 76 6E 50 DA DC 52 E6 6E 63 D4 6C 4D 06 C5 ç.vnPÚÜRæncÔlM.Å
00001E20 00 10 10 00 00 00 00 00 FF 0F 12 00 00 00 00 00 ........ÿ.......
00001E30 00 00 00 00 00 00 00 00 62 00 6F 00 6F 00 74 00 ........b.o.o.t.
00001E40 5F 00 62 00 00 00 00 00 00 00 00 00 00 00 00 00 _.b.............
00001E50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00001E60 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00001E70 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
After:
Code:
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
00001D80 86 7F 11 20 85 E9 57 43 B9 EE 37 4B C1 D8 48 7D †.. …éWC¹î7KÁØH}
00001D90 12 B0 CE 25 F6 D5 85 67 BC 87 81 4E 99 D2 CD 24 .°Î%öÕ…g¼‡.N™ÒÍ$
00001DA0 00 10 0E 00 00 00 00 00 FF 0F 10 00 00 00 00 00 ........ÿ.......
00001DB0 00 00 00 00 00 00 00 00 62 00 6F 00 6F 00 74 00 ........b.o.o.t.
00001DC0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00001DD0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00001DE0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00001DF0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00001E00 D4 6C 03 77 D5 03 BB 42 8E D1 37 E5 A8 8B AA 34 Ôl.wÕ.»BŽÑ7娋ª4
00001E10 E7 1F 76 6E 50 DA DC 52 E6 6E 63 D4 6C 4D 06 C5 ç.vnPÚÜRæncÔlM.Å
00001E20 00 10 10 00 00 00 00 00 FF 0F 12 00 00 00 00 00 ........ÿ.......
00001E30 00 00 00 00 00 00 00 00 72 00 65 00 63 00 6F 00 ........r.e.c.o.
00001E40 76 00 65 00 72 00 79 00 00 00 00 00 00 00 00 00 v.e.r.y.........
00001E50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00001E60 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00001E70 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
As for modem_a and modem_b, here's what I did. You should do the same for bluetooth, dsp and mdtp partitions.
Before:
Code:
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
00000800 A2 A0 D0 EB E5 B9 33 44 87 C0 68 B6 B7 26 99 C7 ¢*Ðëå¹3D‡Àh¶·&™Ç
00000810 2B 1D C0 46 24 90 83 B6 96 0B B5 1F 35 4B 61 FF +.ÀF$.ƒ¶–.µ.5Kaÿ
00000820 00 10 02 00 00 00 00 00 FF 7F 05 00 00 00 00 00 ........ÿ.......
00000830 00 00 00 00 00 00 00 10 6D 00 6F 00 64 00 65 00 ........m.o.d.e.
00000840 6D 00 5F 00 61 00 00 00 00 00 00 00 00 00 00 00 m._.a...........
00000850 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000860 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000870 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000880 D4 6C 03 77 D5 03 BB 42 8E D1 37 E5 A8 8B AA 34 Ôl.wÕ.»BŽÑ7娋ª4
00000890 E7 52 D4 C9 31 F9 55 9D F6 A4 56 78 36 07 85 99 çRÔÉ1ùU.ö¤Vx6.…™
000008A0 00 80 05 00 00 00 00 00 FF EF 08 00 00 00 00 00 .€......ÿï......
000008B0 00 00 00 00 00 00 00 10 6D 00 6F 00 64 00 65 00 ........m.o.d.e.
000008C0 6D 00 5F 00 62 00 00 00 00 00 00 00 00 00 00 00 m._.b...........
000008D0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000008E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000008F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
After:
Code:
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
00000800 A2 A0 D0 EB E5 B9 33 44 87 C0 68 B6 B7 26 99 C7 ¢*Ðëå¹3D‡Àh¶·&™Ç
00000810 2B 1D C0 46 24 90 83 B6 96 0B B5 1F 35 4B 61 FF +.ÀF$.ƒ¶–.µ.5Kaÿ
00000820 00 10 02 00 00 00 00 00 FF 7F 05 00 00 00 00 00 ........ÿ.......
00000830 00 00 00 00 00 00 00 10 6D 00 6F 00 64 00 65 00 ........m.o.d.e.
00000840 6D 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 m...............
00000850 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000860 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000870 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000880 D4 6C 03 77 D5 03 BB 42 8E D1 37 E5 A8 8B AA 34 Ôl.wÕ.»BŽÑ7娋ª4
00000890 E7 52 D4 C9 31 F9 55 9D F6 A4 56 78 36 07 85 99 çRÔÉ1ùU.ö¤Vx6.…™
000008A0 00 80 05 00 00 00 00 00 FF EF 08 00 00 00 00 00 .€......ÿï......
000008B0 00 00 00 00 00 00 00 10 65 00 6C 00 69 00 6D 00 ........e.l.i.m.
000008C0 69 00 6E 00 61 00 74 00 65 00 64 00 5F 00 6D 00 i.n.a.t.e.d._.m.
000008D0 6F 00 64 00 65 00 6D 00 5F 00 62 00 00 00 00 00 o.d.e.m._.b.....
000008E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000008F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
For devices with AVB2 enabled, you should know how to repurpose dtbo and vbmeta partitions.
Step 3: Eliminate system_b, vendor_b, and repurpose remaining partitions
This depends on how your phone originally partitioned. In many cases for devices with eMMC storage, system_a, system_b, vendor_a, vendor_b and userdata are 5 last partitions of the phone.
Take this one for example. Before:
Code:
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
00002C00 11 B0 D7 97 DA 54 35 48 B3 C4 91 7A D6 E7 3D 74 .°×—ÚT5H³Ä‘zÖç=t
00002C10 42 C8 9A 2C 46 11 33 9D C7 90 B8 74 F4 FC F6 4B BÈš,F.3.Ç.¸tôüöK
00002C20 18 EC 1F 00 00 00 00 00 17 EC 6F 00 00 00 00 00 .ì.......ìo.....
00002C30 00 00 00 00 00 00 00 00 73 00 79 00 73 00 74 00 ........s.y.s.t.
00002C40 65 00 6D 00 5F 00 61 00 00 00 00 00 00 00 00 00 e.m._.a.........
00002C50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00002C60 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00002C70 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00002C80 D4 6C 03 77 D5 03 BB 42 8E D1 37 E5 A8 8B AA 34 Ôl.wÕ.»BŽÑ7娋ª4
00002C90 D2 4C 63 24 6E 37 13 6F 57 5B 73 4A B3 8A 93 EC ÒLc$n7.oW[sJ³Š“ì
00002CA0 18 EC 6F 00 00 00 00 00 17 EC BF 00 00 00 00 00 .ìo......ì¿.....
00002CB0 00 00 00 00 00 00 00 00 73 00 79 00 73 00 74 00 ........s.y.s.t.
00002CC0 65 00 6D 00 5F 00 62 00 00 00 00 00 00 00 00 00 e.m._.b.........
00002CD0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00002CE0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00002CF0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00002D00 11 B0 D7 97 DA 54 35 48 B3 C4 91 7A D6 E7 3D 74 .°×—ÚT5H³Ä‘zÖç=t
00002D10 87 4C 96 DB C8 A9 3F 76 E8 BF FF 62 5B A4 42 20 ‡L–ÛÈ©?vè¿ÿb[¤B
00002D20 00 00 C0 00 00 00 00 00 FF FF CF 00 00 00 00 00 ..À.....ÿÿÏ.....
00002D30 00 00 00 00 00 00 00 10 76 00 65 00 6E 00 64 00 ........v.e.n.d.
00002D40 6F 00 72 00 5F 00 61 00 00 00 00 00 00 00 00 00 o.r._.a.........
00002D50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00002D60 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00002D70 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00002D80 D4 6C 03 77 D5 03 BB 42 8E D1 37 E5 A8 8B AA 34 Ôl.wÕ.»BŽÑ7娋ª4
00002D90 21 A8 AB 40 79 5E 89 16 78 16 A6 B6 17 D7 EA 01 !¨«@y^‰.x.¦¶.×ê.
00002DA0 00 00 D0 00 00 00 00 00 FF FF DF 00 00 00 00 00 ..Ð.....ÿÿß.....
00002DB0 00 00 00 00 00 00 00 10 76 00 65 00 6E 00 64 00 ........v.e.n.d.
00002DC0 6F 00 72 00 5F 00 62 00 00 00 00 00 00 00 00 00 o.r._.b.........
00002DD0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00002DE0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00002DF0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00002E00 E6 E7 81 1B 0D F5 9B 41 A7 39 2A EE F8 DA 33 35 æç...õ›A§9*îøÚ35
00002E10 9C 19 0C DB 03 B2 D8 DB 79 62 74 EB F6 88 6D C7 œ..Û.²ØÛybtëöˆmÇ
00002E20 00 00 E0 00 00 00 00 00 FF FF DF 00 00 00 00 00 ..à.....ÿÿß.....
00002E30 00 00 00 00 00 00 00 00 75 00 73 00 65 00 72 00 ........u.s.e.r.
00002E40 64 00 61 00 74 00 61 00 00 00 00 00 00 00 00 00 d.a.t.a.........
00002E50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00002E60 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00002E70 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
We need to move 0x2D00~0x2D7F to 0x2C80~0x2CFF, and 0x2E00~0x2E7F to 0x2D00~0x2D7F, then fill 0x2D80~2E70 with 0x00.
And of course, rename system_a to system, vendor_a to vendor.
And here's the result:
Code:
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
00002C00 11 B0 D7 97 DA 54 35 48 B3 C4 91 7A D6 E7 3D 74 .°×—ÚT5H³Ä‘zÖç=t
00002C10 42 C8 9A 2C 46 11 33 9D C7 90 B8 74 F4 FC F6 4B BÈš,F.3.Ç.¸tôüöK
00002C20 18 EC 1F 00 00 00 00 00 17 EC 6F 00 00 00 00 00 .ì.......ìo.....
00002C30 00 00 00 00 00 00 00 00 73 00 79 00 73 00 74 00 ........s.y.s.t.
00002C40 65 00 6D 00 00 00 00 00 00 00 00 00 00 00 00 00 e.m.............
00002C50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00002C60 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00002C70 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00002C80 11 B0 D7 97 DA 54 35 48 B3 C4 91 7A D6 E7 3D 74 .°×—ÚT5H³Ä‘zÖç=t
00002C90 87 4C 96 DB C8 A9 3F 76 E8 BF FF 62 5B A4 42 20 ‡L–ÛÈ©?vè¿ÿb[¤B
00002CA0 00 00 C0 00 00 00 00 00 FF FF CF 00 00 00 00 00 ..À.....ÿÿÏ.....
00002CB0 00 00 00 00 00 00 00 10 76 00 65 00 6E 00 64 00 ........v.e.n.d.
00002CC0 6F 00 72 00 00 00 00 00 00 00 00 00 00 00 00 00 o.r.............
00002CD0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00002CE0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00002CF0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00002D00 E6 E7 81 1B 0D F5 9B 41 A7 39 2A EE F8 DA 33 35 æç...õ›A§9*îøÚ35
00002D10 9C 19 0C DB 03 B2 D8 DB 79 62 74 EB F6 88 6D C7 œ..Û.²ØÛybtëöˆmÇ
00002D20 00 00 E0 00 00 00 00 00 FF FF DF 00 00 00 00 00 ..à.....ÿÿß.....
00002D30 00 00 00 00 00 00 00 00 75 00 73 00 65 00 72 00 ........u.s.e.r.
00002D40 64 00 61 00 74 00 61 00 00 00 00 00 00 00 00 00 d.a.t.a.........
00002D50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00002D60 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00002D70 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00002D80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00002D90 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00002DA0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00002DB0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00002DC0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00002DD0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00002DE0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00002DF0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00002E00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00002E10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00002E20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00002E30 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00002E40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00002E50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00002E60 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00002E70 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
You might have noticed, there're two huge gaps between system and vendor, vendor and userdata, so we need to edit the offset of vendor and userdata to eliminate the huge gaps.
In this case, the end offset of system partition is 0x00000000006FEC17. Therefore, the begin offset of vendor partition should be at least 0x00000000006FEC18. Just take note.
The original offset of vendor partition is 0x0000000000C00000~0x0000000000CFFFFF. It's not hard to get the length of vendor partition is 0xFFFFF.
With the help of calculator, we can get the new end offset of vendor partition is 0x00000000007FEC17.
As for userdata partition, the begin offset need to be at least 0x00000000007FEC18, but for end offset need to be the same to vendor partition. Therefore, bootloader will use allocate all of remaining storage space to userdata.
(This is for the most of cases, if userdata is the last partition of your phone)
Now we get new offset of vendor and userdata partition:
vendor: 0x00000000006FEC18~0x00000000007FEC17
userdata: 0x00000000007FEC18~0x00000000007FEC17
Input them into the partition table.
So the result is:
Code:
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
00002C00 11 B0 D7 97 DA 54 35 48 B3 C4 91 7A D6 E7 3D 74 .°×—ÚT5H³Ä‘zÖç=t
00002C10 42 C8 9A 2C 46 11 33 9D C7 90 B8 74 F4 FC F6 4B BÈš,F.3.Ç.¸tôüöK
00002C20 18 EC 1F 00 00 00 00 00 17 EC 6F 00 00 00 00 00 .ì.......ìo.....
00002C30 00 00 00 00 00 00 00 00 73 00 79 00 73 00 74 00 ........s.y.s.t.
00002C40 65 00 6D 00 00 00 00 00 00 00 00 00 00 00 00 00 e.m.............
00002C50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00002C60 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00002C70 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00002C80 11 B0 D7 97 DA 54 35 48 B3 C4 91 7A D6 E7 3D 74 .°×—ÚT5H³Ä‘zÖç=t
00002C90 87 4C 96 DB C8 A9 3F 76 E8 BF FF 62 5B A4 42 20 ‡L–ÛÈ©?vè¿ÿb[¤B
00002CA0 18 EC 6F 00 00 00 00 00 17 EC 7F 00 00 00 00 00 .ìo......ì......
00002CB0 00 00 00 00 00 00 00 10 76 00 65 00 6E 00 64 00 ........v.e.n.d.
00002CC0 6F 00 72 00 00 00 00 00 00 00 00 00 00 00 00 00 o.r.............
00002CD0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00002CE0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00002CF0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00002D00 E6 E7 81 1B 0D F5 9B 41 A7 39 2A EE F8 DA 33 35 æç...õ›A§9*îøÚ35
00002D10 9C 19 0C DB 03 B2 D8 DB 79 62 74 EB F6 88 6D C7 œ..Û.²ØÛybtëöˆmÇ
00002D20 7F EC 18 00 00 00 00 00 7F EC 17 00 00 00 00 00 .ì.......ì......
00002D30 00 00 00 00 00 00 00 00 75 00 73 00 65 00 72 00 ........u.s.e.r.
00002D40 64 00 61 00 74 00 61 00 00 00 00 00 00 00 00 00 d.a.t.a.........
00002D50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00002D60 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00002D70 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00002D80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00002D90 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00002DA0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00002DB0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00002DC0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00002DD0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00002DE0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00002DF0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00002E00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00002E10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00002E20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00002E30 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00002E40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00002E50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00002E60 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00002E70 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Step 4: Copy what we have done to backup partition table, and save it as "gpt_main0.mod.bin"
Pretty simple. Copy the content between 0x400~0x43FF and overwrite it from 0x4400, so the backup partition table will get the same result.
Now save it as "gpt_main0.mod.bin".
Step 5: Flash it to your phone and check result
This may require your phone get critical unlocked (fastboot flashing unlock_critical).
Before you flash, you can use this command to check what are the partitions originally be:
For macOS / Linux distro:
Code:
fastboot getvar all|grep partition-size
For Windows:
Code:
fastboot getvar all 2>&1|findstr partition-size
Flash it with this command:
Code:
fastboot flash partition /path/to/gpt_main0.mod.bin
fastboot reboot-bootloader
For devices with UFS storage (take partition table of lun3 for example):
Code:
fastboot flash partition:3 /path/to/gpt_main3.mod.bin
fastboot reboot-bootloader
After that, you can use this command to check the result:
For macOS / Linux distro:
Code:
fastboot getvar all|grep partition-size
For Windows:
Code:
fastboot getvar all 2>&1|findstr partition-size
If values changed to what you have expected (unit is bytes), then the modification is successful.
From what I have tested, flash existing TWRP to recovery partition and boot it with recovery mode combination key will make the phone boot to TWRP successfully, and it can still mount system/vendor partitions - no modifications need to be done.
However, the phone will not boot with unmodified boot image, may need to modify fstab and init.rc to ensure it will boot on such environment, and this is up to developers.
If you only want to minimalize the system_b and vendor_b for maximum compatibility, then you cannot rename partitions, only resize can be done. You can allocate at least 1KiB for system_b and vendor_b to gain extra storage spaces for userdata.
Click to expand...
Click to collapse
That wraps up the entire guide, and I hope it could be helpful for custom ROM development.
Reserved #1
Reserved #2
What device(s) have you tested this on?
MishaalRahman said:
What device(s) have you tested this on?
Click to expand...
Click to collapse
Nokia 6.1 Plus, a.k.a Nokia X6 in China.
In theory this will also work on Nokia 6.1, Nokia 7, Nokia 7 Plus and Nokia 7.1.
I have never tested devices with UFS storage yet.