I am writing a tool under Linux as an implemention of Qpst under linux
plateform: Qualcomm msm8909
PC OS: Linux (ubuntu 12.04) with qcserial model for Gobi QDL
Actually, two protocols refered,(sahara + firehose)
I have some documents about the details of the protocols and I have implement them in C on linux,
There’s a /dev/ttyUSBx for gobi QDL,
below’s a flow on QDL mode(bricked)
PC ——a firmware bin———> PHONE // sahara protocol
PHONE runs the firmware just downloaded, programming the emmc via firehose protocol .
the program has almost done, but the success rate’s low while trying to flash the images to phone.
for example:
if there’s a image named XXX.bin (1k),
the tool will tell the firmware: “hi, i am going to send you a xxx.bin image, please flash it on sector 8787, and the it covers 2 sectors(1K)”,
the firmware:” oK, place send me the raw data of the XXX.bin”,
the tool then sends the raw data to firmware via ttyUSBx ~~
I tried so many times, but most failed though somethins It succeeded. It seems the data lost on the USB wire, , :crying:
Is there any ways to debug the serial port ttyUSBx ? I am not familiar with kernel programming.
I will insist to open source the program when the tool’s finished if it could do more help for other guys.
It’s not a duty work for company, but there’s docs ,programs and devices in work, so I am not quite sure about the legal risk ,
It’s JUST a simplified QPST (QDLtool?) for LINUX.
https://git.linaro.org/landing-teams/working/qualcomm/qdl.git/about/
usage : ./qdl --debug prog_emmc_firehose_8992_lite.mbn rawprogram0.xml patch0.xml
Great tip!
ryu_hayabusa said:
usage : ./qdl --debug prog_emmc_firehose_8992_lite.mbn rawprogram0.xml patch0.xml
Click to expand...
Click to collapse
I was experimenting with the encryption and my Lenovo Vibe K5 (a6020a40) phone was somewhat "bricked": I was able to install and play with various recovery images, but any system image kept stuck on a boot loop. I tried to restore a stock rom with QPST by I was not able to make it talk with the phone: I do not have a windows machine and I had to borrow one, with limited opportunity to tweak the operating system.
Finally I returned to my beloved Debian linux machine, compiled qdl and tried again to install the stock ROM (A6020a40_S033_160824_16G_ROW_qpst.7z, found on shreps web site).
Code:
sudo systemctl stop ModemManager
cd dir_with_mbn
# connect powered off phone and push VolumeUp+VolumeDown+PowerOn
/usr/local/src/qdl/qdl --debug prog_emmc_firehose_8929.mbn rawprogram0.xml patch0.xml
# HELLO version: 0x2 compatible: 0x1 max_len: 1024 mode: 0 ....
After several minutes of XML output I got a diagnostic (Chinese) screen. When I rebooted, without touching anything, the system was in recovery mode with the original recovery image. Then everything worked as usual: I flashed my Lineage 14.1 and my phone was back to life.
Thank you!
I can't help you. I do not know the answer either. Good luck though.
Related
Hi everybody!
You might have already seen the flagship Galaxy devices (S, S2, S3) getting support for various new tools. One of these is Heimdall. It is an Open-Source Cross-Platform Flashing Suite originally meant to run on the Galaxy S, but thanks to its popularity, the S2, S3 and other devices also got the support. Literally speaking, it is the Linux and OS X alternative of Odin (It supports Windows as well.). (Read more about Heimdall here.)
Since our device is a variant to the SGS2, the download mode protocol of the two devices are the same. This enables us to use this tool with our device so we don't have to stick with Windows if we want to reflash a stock rom or install a recovery via download mode.
I have compiled the latest version (1.4 RC1) for Linux if you want to try it out. I'm running a 64-bit Ubuntu 12.10. The tool might work on other distributions, but not on 32-bit systems! (There are precompiled 32-bit versions on the website of the author.)
So what do you need to get it running?
Download my precompiled binary (http://www.mediafire.com/?85nny8d1mpea5hp) and extract it somewhere. Then install libusb-1.0 which is a prerequisite of running the tool. Finally, give the Heimdall executable execute rights and make sure you run it as root.
First steps to do for making it sure that the tool works and communicates with your device:
Put your device into download mode by holding down Volume down, Home and Power keys.
Connect your USB cable.
Execute: 'heimdall detect' (This will show if the phone cannot be detected.)
Execute: 'heimdall download-pit --output SGR.pit' (This will download the PIT (Partition Information Table) file of the device.)
Execute: 'heimdall print-pit --file SGR.pit' (This will give you detailed information about the partition structure of the device and this information can be used to identify partitions which you will flash to.)
The three most important information shown by the PIT file are 'Identifier', 'Partition Name' and 'Flash Filename'. For example if you want to flash a recovery image, you will look for 'recovery.img' as 'Flash Filename'. You can find that the corresponding 'Identifier' is '14' and 'Partition Name' is 'SOS' for our device. You can flash your recovery.img with one of the following commands:
Code:
heimdall flash --[COLOR="Red"]SOS[/COLOR] /path/to/recovery.img
Code:
heimdall flash --[COLOR="Red"]14[/COLOR] /path/to/recovery.img
Notice the 'Partition Name' and 'Identifier' values highlighted in red.
This was just an example scenario. You can flash full factory images, repartition the device, change the bootloader, or dump a whole partition. There are many opportunities. If you are interested in using this tool, don't neglect taking time for reading about it first as it can seriously brick your device (Even though APX mode gives an enormous help in recovering the device.). I don't recommend that you use this tool for those not having much experience in what they do. However, this tool can help a lot if you use Linux and don't want to reboot to/use Windows if you want to return to a stock rom.
Every custom modification to devices have risks. Use this at your own risk!
Have fun and enjoy!
wow... you are great buddy!!!!
Sent from my GT-I9103 using xda app-developers app
Are the pre-compiled 32-bit versions compatible with our device? If not, can u compile a 32-bit version for our device?
Thnx!
The-Droidster said:
Are the pre-compiled 32-bit versions compatible with our device? If not, can u compile a 32-bit version for our device?
Thnx!
Click to expand...
Click to collapse
It should be. The website says that 1.3.2 has some issues with certain devices, it also recommends 1.3.1.
Sent from my GT-I9103
trying to install heimdall on my macbook air 64bit os 10.7.5 but getting this error 'heimdal frontend cannot be opened because of a problem check with the developer to make sure heimdall-frontend works with this version of macos.'
and for boot.img its --LNX
Envoyé depuis mon GT-I9103
Thanks
Envoyé depuis mon GT-I8190
Adam77Root said:
Hi everybody!
You might have already seen the flagship Galaxy devices (S, S2, S3) getting support for various new tools. One of these is Heimdall. It is an Open-Source Cross-Platform Flashing Suite originally meant to run on the Galaxy S, but thanks to its popularity, the S2, S3 and other devices also got the support. Literally speaking, it is the Linux and OS X alternative of Odin (It supports Windows as well.). (Read more about Heimdall here.)
Since our device is a variant to the SGS2, the download mode protocol of the two devices are the same. This enables us to use this tool with our device so we don't have to stick with Windows if we want to reflash a stock rom or install a recovery via download mode.
I have compiled the latest version (1.4 RC1) for Linux if you want to try it out. I'm running a 64-bit Ubuntu 12.10. The tool might work on other distributions, but not on 32-bit systems! (There are precompiled 32-bit versions on the website of the author.)
So what do you need to get it running?
Download my precompiled binary (http://www.mediafire.com/?85nny8d1mpea5hp) and extract it somewhere. Then install libusb-1.0 which is a prerequisite of running the tool. Finally, give the Heimdall executable execute rights and make sure you run it as root.
First steps to do for making it sure that the tool works and communicates with your device:
Put your device into download mode by holding down Volume down, Home and Power keys.
Connect your USB cable.
Execute: 'heimdall detect' (This will show if the phone cannot be detected.)
Execute: 'heimdall download-pit --output SGR.pit' (This will download the PIT (Partition Information Table) file of the device.)
Execute: 'heimdall print-pit --file SGR.pit' (This will give you detailed information about the partition structure of the device and this information can be used to identify partitions which you will flash to.)
The three most important information shown by the PIT file are 'Identifier', 'Partition Name' and 'Flash Filename'. For example if you want to flash a recovery image, you will look for 'recovery.img' as 'Flash Filename'. You can find that the corresponding 'Identifier' is '14' and 'Partition Name' is 'SOS' for our device. You can flash your recovery.img with one of the following commands:
Code:
heimdall flash --[COLOR="Red"]SOS[/COLOR] /path/to/recovery.img
Code:
heimdall flash --[COLOR="Red"]14[/COLOR] /path/to/recovery.img
Notice the 'Partition Name' and 'Identifier' values highlighted in red.
This was just an example scenario. You can flash full factory images, repartition the device, change the bootloader, or dump a whole partition. There are many opportunities. If you are interested in using this tool, don't neglect taking time for reading about it first as it can seriously brick your device (Even though APX mode gives an enormous help in recovering the device.). I don't recommend that you use this tool for those not having much experience in what they do. However, this tool can help a lot if you use Linux and don't want to reboot to/use Windows if you want to return to a stock rom.
Every custom modification to devices have risks. Use this at your own risk!
Have fun and enjoy!
Click to expand...
Click to collapse
Hello and thank you.
I always get:
libusb error: 0
When downloading or printing.
any Ideas, please?
Fintanusa said:
Hello and thank you.
I always get:
libusb error: 0
When downloading or printing.
any Ideas, please?
Click to expand...
Click to collapse
Did you run it as root?
Sent from my OmniROM-powered LG Optimus 4X HD
Adam77Root said:
Did you run it as root?
Sent from my OmniROM-powered LG Optimus 4X HD
Click to expand...
Click to collapse
I will try that in the morning. Thank you.
Fintanusa said:
I will try that in the morning. Thank you.
Click to expand...
Click to collapse
Ok. Did that. revieved this error:
~$ sudo heimdall-frontend
[sudo] password for fintan3:
Error: "/var/tmp/kdecache-fintan3" is owned by uid 1000 instead of uid 0.
"/org/freedesktop/UDisks2/drives/SAMSUNG_HM320HJ_S2AUJDBB501625" : property "Drive" does not exist
"/org/freedesktop/UDisks2/drives/hp______DVD_RAM_UJ8B1_SKB2426348" : property "Drive" does not exist
"/org/freedesktop/UDisks2/drives/SAMSUNG_HM320HJ_S2AUJDBB501625" : property "DeviceNumber" does not exist
"/org/freedesktop/UDisks2/drives/SAMSUNG_HM320HJ_S2AUJDBB501625" : property "Device" does not exist
Error: "/tmp/ksocket-fintan3" is owned by uid 1000 instead of uid 0.
Error: "/tmp/kde-fintan3" is owned by uid 1000 instead of uid 0.
Click to expand...
Click to collapse
Got my .pit file though. Thnaks. I think I will dig a bit deeper before flashing anything. Cheers
I do not know how to execute it at all. What am I supposed to do? Do I just go into terminal and type sudo heimdall-frontend? That does not do anything. I extracted the executable, but I have no idea as how to run it. I have Linux Mint Petra 16 Cinnamon.
Adam77Root said:
Hi everybody!
You might have already seen the flagship Galaxy devices (S, S2, S3) getting support for various new tools. One of these is Heimdall.
----
Every custom modification to devices have risks. Use this at your own risk!
Have fun and enjoy!
Click to expand...
Click to collapse
Hey, any new pre compiled version available to share? Thanks! :good:
[TOOL][WIN/LIN/MAC] MiUnlockTool - Unlock bootloader of xiaomi devices on mac & linux
Ciao xda users, I'm here to introduce a new tool of mine, MiUnlockTool.
MiUnlockTool is an unofficial tool used to unlock bootloader on Xiaomi devices. This tool is copied from the original windows MiFlashUnlock tool and works the same way. The main feature of this tool is compatibility with linux and mac operating system (and windows too).
If you want more information about the tool and the story behind you can read below, if you just want the download link, here it is:
DOWNLOAD LINK
Requirements: java (javafx for gui if not included in your jdk/jre)
Usage:
- Download and extract the zip file
- If you don't have it, install java
- On windows:
-- open MiFlashUnlock.bat for graphical interface or:
-- open a cmd windows and cd into extracted dir and use "MiUnlockTool.bat username password" command for command-line usage
- On linux:
-- open a terminal window and cd into extracted dir and use "sudo ./MiUnlockTool.sh" command for gui interface or "sudo ./MiUnlockTool.sh username password" for command-line
- On mac:
-- open (double click) MiFlashUnlock.command for graphical interface or
-- open a terminal window and cd into extracted dir and use "./MiFlashUnlock.command username password" for command-line
- Attach your locked device in fastboot mode.
- If you are using gui just follow what you see on your screen
- If you are using command line version remember that there is no confirmation request before unlock and no check if the bootloader is already unlocked.
Possible errors:
- If you get a permission related error on linux or mac when launching the tool, open a terminal and cd into extracted dir and use "chmod 777 MiUnlockTool.sh" (or MiUnlockTool.command on mac) to set the executable permission.
- If your device isn't recognized:
-- On windows: install adb drivers
-- On linux/mac trying launching the tool with sudo (sudo ./MiUnlockTool.sh on linux or sudo ./MiUnlockTool.command on mac)
- Other problems launching the tool: try running "java -jar bin/MiUnlockTool.jar" command
- If you get some errors with javafx class not found stuff when you try to launch the gui, then you are missing javafx library. See openjfx package on linux.
- Any other problem: provide feedback in the comments.
Additional info: original MiFlashUnlock tool is just a bridge between fastboot, you (and your account login credentials) and xiaomi server: the tool gets device info from the device and send them to the server together with the account login token, the server checks wherever you satisfy all their requirements (account authorized, account associated with device in developer settings etc) and if everything is okay the server reply with the unlock key for your device instance (every time you reboot your phone you need a new key). Then the tool send the key to the device with a custom build of fastboot and if the key is right then the device is unlocked, else it reboots. After I discovered all the process behind the original unlock tool (and all the security encryption techniques) I decided to replicate it with a java (cross-platform) tool which embeds a custom fastboot version and replicates what the original tool does. That's a simple explaination of how my tool works (obviously it's more complicated than that).
This tool requires all of what is required by the original tool (an authorized xiaomi account binded to the device through developer options for three days if I remember correctly).
FAQs:
- Is this tool safe to use?
Yes, the main part is communication between tool and server, a safe thing. Also the unlock procedure itself is safe: or the key is correct or it is not. In both cases the device will not be damage.
- How did you find out how to replicate the original tool?
Thank you for your question. It's been a bit difficult since the original tool has been obfuscated and virtualized (protected against reverse engeneering) with a powerful protector: VMProtect. I've spent some time to reverse it (and custom fastboot too) and I finally did it. I will not explain in details how I did it.
- Is this tool more powerful than the original on? why should I use it on Windows?
Absolutely not, my tool is worst than the original one (it will have more bugs and on windows it doesn't manage drivers for example), that's why you should NOT use it on Windows. I made it work even with Windows because it was very simple to do. You can use it one Windows just to test it if you like, but I recommend using the better original tool MiFlashUnlock.
- Wow, you did a tool already done by developers paid by xiaomi, who is paying for the effort you put into this?
No one, I try to help people and getting appreciation for my work is a bit of a reward to me, but if you want to show your gratitude even more and support me as a developer you can make a donation, I will appreciate that even more (donation link below)
- I have to put my xiaomi account credentials, should I trust this?
I'm the developer of XiaoMiTool, I hope that a little bit of my reputation together with the hopefully good early feedback of reckless users on this tool is enough. If you are more a geek you can track the traffic and see that the only server connected are xiaomi and miui.
- I wanted too see the source of this tool but I see it is a bit obfuscated, why?
Xiaomi clearly doesn't wanted people to see how MiFlashUnlock works (since they obfuscated it a lot), I don't want to disrespect xiaomi decision by releasing the source plain, so I decided to obfuscated it a bit just to make it a bit harder to see (even if my tool is 100 times easier to reverse than the original)
- Can I share this tool?
Of course yes, but I would like you to share it using the xiaomitool.com link (not mega.nz one) so that if I release an update new people will get that and not the old version (there is no tool update enginge built in).
- You're english is not wonderful...
I know, hopefully it is understandable enough
Feedback.
I love feedback, feedback is the best you can do to help me improving this tool. I have not time to answer everybody's questions but I generally read feedback and do my best to make the tool work. If the tool worked or if the tool didn't worked you can write it in the comments, adding additional information like what error you get, what screen you see when the tool get stuck or even what you tried to solve the problem are precious to me. I have not all of xiaomi devices, I fully ested my tool only with two devices (a redmi 4x and a mi note 2) and only on two operating systems (linux and windows), so any new combination could lead to new errors or problems. Please include also your operating system when leaving feedback. Sometimes there are problems on gui which are not on command-line version, so if the tools fails launching or when using gui I suggest trying the command-line version.
Donation: free software is great from users prospective, but developers who spend hours of their time and don't get money for it are more unhappy to develop further free tools, so if you liked the tools and it saved you from the need to do 5000 kilometers to get a windows pc, or from the need to download a virtual machine image with your 32kB internet connection, you can show your gratitude by offering me a tasty, cold beer by clicking the link below
DONATION LINK
Download: you missed the download link at the top? Here it is again:
DOWNLOAD LINK
Fully obfuscated tool. Maybe bloatware or password hijacker
Problems with mi unlock on ubuntu system
Dear,
I tried to run this miunlock on my linux pc and it did not work. I installed the javafx using "sudo apt install openjfx" . After I ran "sudo ./*.sh". The program open, but when I put my email and password, it does not connect with the xiaomi server. I tried to access using facebook login and I have the same problem. How can I solve this problem? Do you have any idea?
Thanks
Danillo
The program does not find the phone connected. But "sudo fastboot reboot" work
---------- Post added at 12:03 PM ---------- Previous post was at 11:51 AM ----------
dpvalverde said:
Dear,
I tried to run this miunlock on my linux pc and it did not work. I installed the javafx using "sudo apt install openjfx" . After I ran "sudo ./*.sh". The program open, but when I put my email and password, it does not connect with the xiaomi server. I tried to access using facebook login and I have the same problem. How can I solve this problem? Do you have any idea?
Thanks
Danillo
Click to expand...
Click to collapse
Reinstall certs
disconnects phone on checking bootloader status with an error message on top left corner of phone "press any key to shutdown"
and stays stuck after reconnecting in fastboot mode when reading device info.
How to install it on manjaro arch Linux. did u keep it in AUR.?
Status : Success unlock bootloader
Device : Redmi 4X
Waiting Time : 72hours
Thx for the tool . love3 ??????
worked a treat.
had been struggling to use the mi tool for windows and my device was not being detected.
this took me barely a minute to unlock.
Waiting for a fastboot device...
Well, the communication with the 'net seems to work as intended but that is where it stops:
Code:
[18:01:15][INFO ] Starting login procedure
[18:01:24][INFO ] Login procedure succeeded
[18:01:25][INFO ] Checking account unlock permission
[18:01:27][INFO ] Unlock permission confirmed
[18:01:27][INFO ] Waiting for a fastboot device
Using the fastboot command line works for the same user account so this won't be solved by running the tool as root. The device reports itself as 18d1:d00d Google Inc. and shows up clearly when using the fastboot command line tool:
Code:
$ fastboot devices
deadbeef fastboot
(no, my device ID is not deadbeef)
Tried OpenJDK 10 and 9, Oracle JRE 8, no difference.
Digging deeper using strace shows the problem: the 'special' fastboot command you include (in bin/MiUnlockTool_res) is a 64-bit executable while I'm running the tool on a 32-bit machine. Substituting the provided tool for a link to the version already present on this machine makes the command progress to the error:
Code:
$ java -jar bin/MiUnlockTool.jar '[email protected]' 'mysupersecretpassword'
[18:19:25][INFO ] Starting login procedure
[18:19:36][INFO ] Login procedure succeeded
[18:19:36][INFO ] Checking account unlock permission
[18:19:39][INFO ] Unlock permission confirmed
[18:19:39][INFO ] Waiting for a fastboot device
[18:19:39][INFO ] Device connected: deadbeef
[18:19:39][INFO ] Obtaining device info...
[18:19:40][INFO ] Device info obtained
[18:19:40][INFO ] Checking if unlock will erase data and server message
[18:19:42][INFO ] Unlock procedure will erase userdata
[18:19:42][INFO ] Server message: An unlocked device is an easy target for malware which may damage your device or cause financial loss.
[18:19:42][INFO ] Querying unlock server for unlock key
[18:19:48][ERROR ] Unlock request replied with error code 20036
[18:19:48][ERROR ] Error meaning: After %d hours of trying to unlock the device
I guess I have to wait, how long I do not know as this is not shown in either mode (command line or GUI).
Anyway, you might want to add a 32-bit fastboot command or just tell users to install a native version and use that.
@YetAnotherForumUser
I see the same error message when I tried to unlock MI 8 (global version bought yesterday in official Xiaomi store in Poland). I tried official Xiaomi tools on Windows 10, but without any success (verify failed at 50%).
I'm using it on a Linux laptop, I get "buffer overflow detected" after "starting final unlock procedure" and then it fails
i have this 2 errors on linux tring to unlocking my redmi note 5 [20:59:38][ERROR ] Unlock request replied with error code 20036
[20:59:38][ERROR ] Error meaning: After %d hours of trying to unlock the device
After waiting 360 hours I was able to unlock my Mi 8 with this tool on my Ubuntu! With official MiFlashUnlock tool I wasn't able to unlock this device on Windows 10. Thanks a lot!
YetAnotherForumUser said:
Code:
...
[18:19:48][ERROR ] Unlock request replied with error code 20036
[18:19:48][ERROR ] Error meaning: After %d hours of trying to unlock the device
I guess I have to wait, how long I do not know as this is not shown in either mode (command line or GUI).
Click to expand...
Click to collapse
After about 13 days - I only tried twice in between - the thing is now unlocked. I needed to run the tool on a 64-bit machine as the 32-bit fastboot crashed (with a message in the lines of "* buffer overflow detected *"), possibly due to the longish argument used in the unlocking procedure.
YetAnotherForumUser said:
After about 13 days - I only tried twice in between - the thing is now unlocked. I needed to run the tool on a 64-bit machine as the 32-bit fastboot crashed (with a message in the lines of "* buffer overflow detected *"), possibly due to the longish argument used in the unlocking procedure.
Click to expand...
Click to collapse
I also used 64-bit OS -> Ubuntu 18.04 x64. It would be nice to see amount hours instead of %d, however it's just a minor bug. This tool is the best choice for Linux, MacOS and event Windows 10 users.
Hey guys,
Although I've unlocked & rooted other Android's in the past, this is my first time with a Xiaomi device. I've tried running the tool, and appear to get the "Error meaning: After %d hours of trying to unlock the device" error. Am I right in thinking this is just a bug in terms of the hours displayed, and that I will just need to wait the 15 or so days before I can unlock the device? At what point does that 15 days begin?
Also, once unlocked, what is the best way to flash a ROM? ADB via Terminal?
Looking to flash the Global MIUI over the Chinese one I currrently have.
Thanks!
Help. Can not connect to my phone in fastboot when using this tool. But the MiUnlock is still connected
huynhkhoa said:
Help. Can not connect to my phone in fastboot when using this tool. But the MiUnlock is still connected
Click to expand...
Click to collapse
Windows or linux ?
naik2902 said:
Windows or linux ?
Click to expand...
Click to collapse
window bro, please help me :crying:
huynhkhoa said:
window bro, please help me :crying:
Click to expand...
Click to collapse
Why r u not using original miunlock tool for windows ?
Did u enable oem unlock, usb debugging?
Installed fastboot drivers
Use fastboot devices command to check if u r device connected to pc.
Did u bind ur account to miunlock status in developer option?
Hi,
I am stuck with my tablet.
1. With a linux live usb I've removed all the partitions of the device. (create new partition table GPT)
2. Now when I boot, I see the BIOS only. I can also boot in DNX fastboot mode.
Nevertheless, fastboot cli and Phone flash tool doesn't recognize my device.
I've well installed the Intel driver called IntelAndroidDrvSetup1.10.0.exe and if I go to the Device Manager, I can see my device as Intel Android ADB Interface with a ! saying:
Code:
This device cannot start. (Code 10)
An invalid parameter was passed to a service or function.
How to make windows recognizing my tablet?
Please help me to solve this problem.
Thank you!
Hi there everyone, how would one go about checking what partitions are present on devices such as Huawei e3372h or e8372h and how to dump them using gnu/linux. I am OK with terminal/shell scripting, I've done some basic Arduino/Raspberry projects, but I want to get more into firmware (binwalk, repackaging, etc). Where would one start? What tools shall I look to familiarize myself with? I very much want to avoid using blobs like pre-compiled windows tools that are difficult to inspect. Is it possible to dump firmware (incl. boot partitions) using standard gnu/linux toolset (like dd) or at least tools that have source code available?
I have been looking for resources both here and on Russian/German fora, unfortunately most of posted solutions are based on Windows *.exe files and knowing a bit about Linux I am 100% sure that whatever these programs are doing is also possible to be done on Linux in a cleaner more transparent and reproducible manner (that is better for educating oneself).
Any hints much appreciated
If device's Android is rooted, if Android is version 6 and higher, then you can dd the partitions in question.
Thank you for your response! Is there an Android running on USB modems/routers such as Huawei e8372h? I am looking to dump all partitions from such device and to be able to restore them before I start any modifications. This way I should be able to restore devices to their original "factory" state if anything goes sideways (except if I hard-brick them).
I have a number of e3372h(-153) and e8372h(-153) devices that I can experiment with (they have different versions of firmware on them and the very-very first thing I want to do is to extract all images (including boot partition if possible) and test if I can restore from these backups). Only then I want to start modding them or checking other people's modifications...
So far I have managed to switch modes of these devices. For example for e8372 I can have it on the host machine (Ubuntu GNU/Linux laptop) visible as
virtual CD-ROM (/dev/sr0)
hi-link device (accessible from 192.168.8.1)
3 x TTY device (one of which can execute AT commands)
emergency boot mode with one TTY device
With the last one i have executed
balong-usbdload -p /dev/ttyUSB0 usblsafe-8372.bin (following https://gist.github.com/ValdikSS/323bcdfceb2f09d9c6ef02db1bc573e2 and https://github.com/forth32/balong-usbdload.git)
expecting to gain telnet acces to device and possibly dump the remaining partitions to the microDS card (using nanddump) but for some reason I still cannot log in using telnet
BTW Using Windows based tools that I have no source code for is pointless for me as my main goal is to learn the structure and functioning of these devices and be able to modify them myself.
If successful I intend to publish these images and tutorialize my notes on how to backup/restore, but for now I need a direction myself
IMO all tools, either compiled for Windows OS or Mac OS or Linux OS, in background simply run Android shell scripts.
Hi,
A friend of mine want's to recover some pictures from an old phone of his, but he forgot the pattern to unlock the device...
* The phone is a CAT S41 stock android.
* The phone is in perfect conditions
* The USB debug option of the phone is disabled.
- Because of that, I've been unable to execute any adb commands on the device.
- When the phone is in Recovery Mode, the device is detected by adb, but unauthorized:
[email protected]:~$ adb devices
List of devices attached
S411931008366 unauthorized
[email protected]:~$ adb shell
adb: device unauthorized.
This adb server's $ADB_VENDOR_KEYS is not set
Try 'adb kill-server' if that seems wrong.
Otherwise check for a confirmation dialog on your device.
Click to expand...
Click to collapse
I've tried to set the $ADB_VENDOR_KEYS manually, with no success.
In this situation, I have some questions to ask:
1. Is there a known way of bypassing the pattern lock?
2. Is there a known way of dumping data to any other device, in order to retrieve the pictures
3. Can the debug options be activated somehow?
As a last resource, I'd be willing to open the phone and spend some bucks on whatever hardware is needed to dump the whole disk, if that is relatively feasible to do.
4. Could you give me any feedback/information on hardware methods of dumping the disk of the phone? 0 experience there.
I would greatly appreciate any input you could give me.
If more details of the system or the situation are needed, please ask.
Thank you kindly for your attention,
abocador
Can't offer a solution.
But, even if there is a way to dump the files - what requires phone's Android is got rooted and USB-Debugging is activated , IMO it makes no sense to waste more time in this because since Android 4 data are AES-128 encrypted ( FBE and/or FDE method ) and the encryption probably can't get cracked.
2. + 4. won't work because of encryption, but 1. + 3. is possible on that old android 7 mediatek device.
assuming device runs on FDE full-disk encryption, is encrypted with default_password, one can hack boot.img and authorize usb-debugging. because device decrypts itself on boot that's all you need to get access.
but first install VCOM preloader drivers and make a readback of device with WwrMTK v2.51 + SP Flash Tool (old method) or mtkclient (new method).
I will tell you how to patch and resign boot.img once you made the important backup step. most important partitions are userdata+metadata.
Btw there is maybe another (even more easier) method. Just port TWRP recovery for that device. Because of weak security implementation phone will boot into custom recovery on locked bootloader (I did on Cubot King Kong)
Hi,
Thank you a lot for your reply.
I've been trying to do the backup, but I wasn't able to even use the mtkclient
I think I will just forget about this.
you know device must powered off completely, and preloader only says 'Hello' to computer for ~ 1 second? Did you install VCOM preloader drivers during that second (device manager -> pick device -> Update Driver -> Browse my computer for driver software -> Let me pick from the list of device drivers on my computer -> Show all devices -> Have Disk) ?
Hello again!
Yes, I'm aware the device must be powered off.
I'm quite sure I have all the drivers I need. I'm working from a Debian system.
Some weeks ago, I posted the log I get when I try to connect mtkclient to the phone:
Error on sending data: DA hash mismatch · Issue #575 · bkerler/mtkclient
Hi! I'm trying to use this tool on a CAT S41 phone, but I'm unable to get any proper connection between the device and my computer. After initializing the GUI with_python mtk_gui_, I get the follow...
github.com
One more time, thanks for your help,
I think I'm going to park this project for a while.
Cheers,
abocador
okay, for linux no need for drivers looks good, have you tried some random cmd line usage just for fun?
Code:
python3 mtk printgpt
python3 mtk rl out
python3 mtk crash
python3 mtk --preloader printgpt
python3 mtk --preloader rl out