Database Info

TF700T complete flash layout

I spent some time in analyzing of flash layout. The comprehensive description below attempts to map each byte of the flash and describes way to extract it.
I would be glad if somebody could provide more detailed info about bootloader, signatures, DRM etc.
Patches are welcome.
Code:
mmcblk0 layout
All dumps were done on Asus Eee Pad Transformer Infinity TF700T, 64GB version, firmware 9.4.5.26, locked
mmcblk0 off-partition section
Offset: 0 (0x0)
Size: 38273024 (0x2480000)
Read command: busybox dd if=/dev/block/mmcblk0 of=/mnt/sdcard/mmcblk0pre1.img bs=524288 count=73
Offset: 0 (0x0)
Size: 3670016 (0x380000)
Contains: Zeroes
Purpose: Unknown
Extract command: dd if=mmcblk0pre1.img of=mmcblk0pre1s1.img bs=3670016 count=1
Process command: tr -d '\0' <mmcblk0pre1s1.img >mmcblk0pre1s1nz.img # mmcblk0pre1s1nz.img must be empty file
Offset: 3670016 (0x380000)
Contains: Recovery kernel image followed by zeroes
Size: 8388608 (0x800000)
Extract command: dd if=mmcblk0pre1.img of=mmcblk0pre1s2.img bs=524288 skip=7 count=16
Process commands:
perl split_bootimg.pl mmcblk0pre1s2.img
mkdir mmcblk0pre1s2.img-ramdisk
cd mmcblk0pre1s2.img-ramdisk
zcat ../mmcblk0pre1s2.img-ramdisk.gz | cpio -i
cd ..
# end Process commands
Offset: 12058624 (0xb80000)
Contains: Regular boot kernel image followed by zeroes
Size: 8388608 (0x800000)
Extract command: dd if=mmcblk0pre1.img of=mmcblk0pre1s3.img bs=524288 skip=23 count=16
Process commands:
perl split_bootimg.pl mmcblk0pre1s3.img
mkdir mmcblk0pre1s3.img-ramdisk
cd mmcblk0pre1s3.img-ramdisk
zcat ../mmcblk0pre1s3.img-ramdisk.gz | cpio -i
cd ..
# end Process commands
Offset: 20447232 (0x1380000)
Contains: Block of 16 bytes followed by 0x2de0 hexadecimal numbers followed by FF
Size: 12288 (0x3000)
Extract command: dd if=mmcblk0pre1.img of=mmcblk0pre1s4.img bs=524288 skip=39
Vital data:
Extract command: dd if=mmcblk0pre1s4.img of=mmcblk0pre1s4ss2.img bs=4096 skip=3
Binary part of vital data:
Extract command: dd if=mmcblk0pre1s4ss1.img of=mmcblk0pre1s4ss1ch1.img bs=16 count=1
Hexadecimal part of vital data:
Extract command: dd if=mmcblk0pre1s4ss1.img of=mmcblk0pre1s4ss1ch2.img bs=16 count=734 skip=1
Process command: unhex <mmcblk0pre1s4ss1ch2.img >mmcblk0pre1s4ss1ch2bin.img
FF part of vital data:
Extract command: dd if=mmcblk0pre1s4ss1.img of=mmcblk0pre1s4ss1ch3.img bs=16 skip=735
Process command: tr -d '\377' <mmcblk0pre1s4ss1ch3.img >mmcblk0pre1s4ss1ch3nff.img # mmcblk0pre1s4ss1ch3nff.img must be empty file
Zeroes:
Extract command: dd if=mmcblk0pre1s4.img of=mmcblk0pre1s4ss1.img bs=4096 count=3
Process command: tr -d '\0' <mmcblk0pre1s4ss2.img >mmcblk0pre1s4ss2nz.img # mmcblk0pre1s4ss2nz.img must be empty file
Purpose: Probably encrypted bootloader
mmcblk0p1
Offset: 38273024 (0x2480000)
Size: 805306368 (0x30000000)
File system size: 196608 * 4096 = 805306368 (fully occupies partition)
Format: Linux ext4 filesystem
Mounted at: /system
Mount options: read only, extended attributes, ACL
Permissions: only root can manipulate
Contains: Base system and embedded applications
Purpose: Base system
mmcblk0p2
Offset: 843579392 (0x32480000)
Size: 448790528 (0x1ac00000)
File system size: 109568 * 4096 = 448790528 (fully occupies partition)
Format: Linux ext4 filesystem
Mounted at: /cache
Mount options: read/write, no SUID, no device nodes, no atime
Permissions: only root can manipulate, UID system and GID cache can read and write
Contains: Cache
Purpose: Application cache
Note: The volume has the same UUID as mmcblk0p1
mmcblk0p3
Offset: 1292369920 (0x4d080000)
Size: 2097152 (0x200000)
File system size: 512 * 4096 = 2097152 (fully occupies partition)
Linux rev 1.0 ext3 filesystem
Not mounted
Permissions: GID system can manipulate
Contains: Empty file system
Purpose: Recovery /misc
Referenced by: /system/lib/libandroid_runtime.so recovery ramdisk: /etc/recovery.fstab
Note: File system is referenced in recovery as emmc, not ext3!
mmcblk0p4
Offset: 1294467072 (0x4d280000)
Size: 855638016 (0x33000000)
File system size: 208896 * 4096 = 855638016
Linux rev 1.0 ext3 filesystem
Not mounted
Permissions: GID system can manipulate
Contains: Empty file system
Purpose: Recovery /staging
Referenced by: recovery ramdisk: init.rc /etc/recovery.fstab
mmcblk0p5
Offset: 2150105088 (0x80280000)
Size: 5242880 (0x500000)
File system size: 5092 * 1024 = 5147488
Format: FAT32 file system, no partition table, MS-DOS "Non-system disk" boot block
Not mounted
Permissions: only root can manipulate
Contains: File system with files:
Serial numbers (ISN, PPID, SSN, UUID)
Calibration data (AL3010 light sensor, AMI304 magnetic sensor, KXTF9 motion sensor)
Purpose: Device specific unique system data, mounted as /btmac during Android boot
Referenced by: /system/bin/wifimacwriter /system/bin/brcm_patchram_plus /system/bin/sensors-config /system/bin/sixpair ramdisk: /init recovery ramdisk: /etc/recovery.fstab /init
mmcblk0p5 off file-system area
Offset in section: 5147488 (0x4e8b60)
Size: 28672 (0x7000)
Read command: busybox dd if=/dev/block/mmcblk0p5 of=/mnt/sdcard/mmcblk0p5s2.img bs=1024 skip=5092
Process command: tr -d '\0' <mmcblk0p5s2.img >mmcblk0p5s2nz.img # mmcblk0p5s2nz.img must be empty file
mmcblk0p6
Offset: 2155347968 (0x80780000)
Size: 524288 (0x80000)
Format: binary data
Permissions: UID drm can manipulate
Contains: 208 bytes of binary data, the rest are zeroes
Purpose: DRM, probably contains encrypted DRM key
Referenced by: /system/bin/wvdrmserver /system/vendor/lib/drm/libdrmwvmplugin.so
mmcblk0p7
Offset: 2155872256 (0x80800000)
Size: 5242880 (0x500000)
Format: empty
Contains: Zeroes
Purpose: Unknown
mmcblk0p8
Offset: 2161115136 (0x80d00000)
Size: 61415620608 (0xe4ca80000)
File system size: 14994040 * 4096 = 61415587840
Format: Linux ext4 filesystem
Mounted at: /data
Mount options: read/write, no SUID, no device nodes, no atime
Permissions: only root can manipulate, read and write are directory specific
Contains: User applications, user data, and virtual internal SD card
Note: /data/media is mounted via UID/GID stripping FUSE as /mnt/sdcard
mmcblk0p8 off file-system area
Offset in section: 61415587840 (0xe4ca78000)
Size: 32768 (0x8000)
Read command: busybox dd if=/dev/block/mmcblk0p8 of=/mnt/sdcard/mmcblk0p8s2.img bs=4096 skip=14994040
mmcblk0 off-partition section
Offset: 63576735744 (0xecd780000)
Size: 524288 (0x80000)
Read command: busybox dd if=/dev/block/mmcblk0 of=/mnt/sdcard/mmcblk0post8.img bs=524288 skip=121263
Process command: tr -d '\0' <mmcblk0p8s2.img >mmcblk0p8s2nz.img # mmcblk0p8s2nz.img must be empty file
Offset: 63576735744 (0xecd780000)
Offset in section: 0 (0x0)
Size: 507392 (0x7be00)
Contains: Zeroes
Purpose: Unknown
Extract command: dd if=mmcblk0post8.img of=mmcblk0post8s1.img bs=507392 count=1
Process command: tr -d '\0' <mmcblk0post8s1.img >mmcblk0post8s1nz.img # mmcblk0post8s1nz.img must be empty file
Offset: 63577243136 (0xecd7fbe00)
Offset in section: 507392 (0x7be00)
Size: 16896 (0x4200)
Contains: EFI Partition table (partition names: APP, CAC, MSC, USP, PER, YTU, CRA, UDA)
Extract command: dd if=mmcblk0post8.img of=mmcblk0post8s2.img bs=512 skip=991
Purpose: Partition table
Total size of mmcblk0: 63577260032 (0xecd800000)
Notes:
can manipulate = can read, write partition vital data, only root can mount
can read, write = can read, write partition file system contents
Read commands are ran on the Transformer
Extract and process commands are run anywhere, with pre-read image file in the current directory.
You need dd with large files support. Vanilla dd on TF700T does not support large files. Busybox dd does.
Dropbox link to Asus_Transformer_Infinity_TF700T/flash_layout.txt

Wow, thanks for this detailed analysis - much more detailed than mine.
So what can I add to your research?
Tegra-based systems have another partition table, which has a proprietary layout and an unknown purpose (maybe just important for NVFlash and for flashing blobs?). Looking at the flash.cfg in the NVFlash package from AndroidRoot.mobi, we can get the Tegra partition layout and partition names:
Partition number 1 is missing in the list, maybe it contains the extremely well-hidden APX mode recovery code or even the answer to life, the universe and everything.
The following 3 partitions are located at the beginning of mmcblk0 and their contents are apparently encrypted with a device-specific key. For some reason, with ICS-based ROMs it reads as all zeros; in JB-based ROMs additional mmcblk0boot0 and mmcblk0boot1 partitions appear which together cover this area. The "bricksafe.img" in the nvflash guide covers these 3 partitions.
2 BCT: Tegra Boot Configuration Table - 3145728 bytes
3 PT: Tegra Partition Table - 524288 bytes
4 EBT: Bootloader - 8388608 bytes
You already know the following 2:
5 SOS: Recovery kernel - 8388608 bytes
6 LNX: Linux kernel - 8388608 bytes
Then some more funny ones:
7 CER: I think this stands for "Certificate" and contains the bootloader unlock token. - 8388608 bytes. If I calculated correctly, this is at 0x1380000 into mmcblk0. Saved as "unlock-token.img" in the nvflash guide.
8 IMG: no idea what this is for - 8388608 bytes
9 GP1: space for a GPT partition table, maybe unused - 1048576 bytes
Now the regular partitions follow (p1 to p8):
10 APP: p1 = /system (Android OS)
11 CAC: p2 = /cache (for communication between Android and recovery)
12 MSC: p3 ="misc", whatever that is. On the TF101 it was used for bootloader commands.
13 USP: p4 = The update staging partition. Update blobs are copied here and flashed to the correct partition by the bootloader.
14 PER: p5 = device-specific config in a FAT filesystem
15 YTU: p6 = Apparently the DRM key. Confirmed to be overwritten with 0 by the unlocking process.
16 CRA: p7 = unknown (reserved for crash dumps?)
17 UDA: p8 = /data (Android user data)
And finally:
18 GPT: the EFI partition table that is actually used by the kernel

Well, it seems, that something (ICS stock kernel, hardware) hides contents of the first (at most) 0x380000 bytes of flash.
I am locked, and I have some token at 0x1380000 as well.
I am still thinking about a way to unlock, keep access to nvflash, and upgrade to JB keeping DRM working, even at cost of using stock system. That is why I wanted to backup and analyze everything and find all keys and signatures.
It would be also nice to know, whether there are areas of flash with hardware or kernel write lock.

utx said:
Well, it seems, that something (ICS stock kernel, hardware) hides contents of the first (at most) 0x380000 bytes of flash.
I am locked, and I have some token at 0x1380000 as well.
Click to expand...
Click to collapse
Yes, before unlocking I had something very similar to you there - a 16 byte header followed by some hexdump. I don't know what it was. It was overwritten by the unlock process with a 4 byte data block prefixed with a "-SIGNED-BY-SIGNBLOB-" header and followed by 256 bytes of what looks like a digital signature, very similar to the signed update blobs.
utx said:
I am still thinking about a way to unlock, keep access to nvflash, and upgrade to JB keeping DRM working, even at cost of using stock system. That is why I wanted to backup and analyze everything and find all keys and signatures.
Click to expand...
Click to collapse
Definitely back up the YTU partition before unlocking (p6) and then make the nvflash backups - but maybe the key must match something that is broken by the unlocking process, or it is renewed periodically, etc., so it might not help. Maybe try using DRM before unlocking and watch if the content of the partition changes over time.
utx said:
It would be also nice to know, whether there are areas of flash with hardware or kernel write lock.
Click to expand...
Click to collapse
Never tried to write directly to the block device - too scared to break something.
---------- Post added at 09:32 PM ---------- Previous post was at 09:28 PM ----------
Another small addition:
Note: /data/media is mounted via UID/GID stripping FUSE as /mnt/sdcard
Click to expand...
Click to collapse
This FUSE trick also makes /mnt/sdcard case-insensitive.

I just thought of something. What if you launched a data recovery process and recovered the DRM keys for the device?

ostar2 said:
I just thought of something. What if you launched a data recovery process and recovered the DRM keys for the device?
Click to expand...
Click to collapse
How do you define "data recovery process"? You cannot recover data that has been overwritten.

_that said:
How do you define "data recovery process"? You cannot recover data that has been overwritten.
Click to expand...
Click to collapse
Well, if the DRM partition is write enabled, it may be possible to restore its contents, if you backed it up before unlock (it is probably per-device unique). But it could be insufficient. Locked bootloader can be different than unlocked bootloader, and may drop cipher needed for DRM decihering. It is just a theory. Somebody could proof it or falsify, if:
1) Backed all accessible data before unlock.
2) Unlocked (and to be safe, also made brickproof image).
3) Recovered the data creates in step 1.
Will DRM work then? Or did we need the contents of (currently inaccessible) locked stock data of the first megabytes?
But I see no way, how to back-up first megabytes of locked device (on ICS; JB is not as interesting for us, once you upgrade to JB, you cannot create brickproof image for nvflash).
I even don't know, which part of the subsystem causes these megabytes being reported as zeroes. Is it stock Asus ICS kernel? Is it bootloader? Is it a hardware lock on the flash device?

Good idea, but what I meant by "Data Recovey". Is restoring the deleted data from that filesystem/partition.

ostar2 said:
Good idea, but what I meant by "Data Recovey". Is restoring the deleted data from that filesystem/partition.
Click to expand...
Click to collapse
I see, so I assume you assume you had a backup before.
Somebody (maybe you?) could try roughly the following sequence:
- get new TF700
- update to 9.4.5.26. if it's already newer, forget nvflash, but the rest could still work.
- root it using debugfs
- make a backup of /dev/block/mmcblk0p6
- do some DRM-dependent stuff and check that it works
- after some days, make another backup of /dev/block/mmcblk0p6 and compare if anything has changed. If the key is static, maybe restoring after unlocking could work. If not, chances are high that it doesn't work.
- unlock (this erases mmcblk06 and voids warranty)
- optional, but very useful: install AndroidRoot hacked bootloader to make blobs for nvflash, then use nvflash to backup all partitions
- restore backup of /dev/block/mmcblk0p6
- try if DRM still works

_that said:
I see, so I assume you assume you had a backup before.
Somebody (maybe you?) could try roughly the following sequence:
- get new TF700
- update to 9.4.5.26. if it's already newer, forget nvflash, but the rest could still work.
- root it using debugfs
- make a backup of /dev/block/mmcblk0p6
- optional, but very useful: install AndroidRoot hacked bootloader to make blobs for nvflash, then use nvflash to backup all partitions
- do some DRM-dependent stuff and check that it works
- after some days, make another backup of /dev/block/mmcblk0p6 and compare if anything has changed. If the key is static, maybe restoring after unlocking could work. If not, chances are high that it doesn't work.
- unlock (this erases mmcblk06 and voids warranty)
- restore backup of /dev/block/mmcblk0p6
- try if DRM still works
Click to expand...
Click to collapse
To install AndroidRoot bootloader and by that getting nvflash blobs, you have to unlock first... The order of your steps is therefore wrong.

firetech said:
To install AndroidRoot bootloader and by that getting nvflash blobs, you have to unlock first... The order of your steps is therefore wrong.
Click to expand...
Click to collapse
Oops, thanks for noticing. I edited my post.

what if we were to read from the NAND externally (RAW)....xbox 360 style...wouldn't that be the same as nvflash....
except that the three partitions in question are encrypted with a key that is probably unique per Tegra...
2 BCT: Tegra Boot Configuration Table - 3145728 bytes
3 PT: Tegra Partition Table - 524288 bytes
4 EBT: Bootloader - 8388608 bytes
but I would suppose it wouldn't be a problem since a raw flash would restore everything back to normal...even if we can't read it..the CPU can..and that's all that matters.
---------- Post added at 11:21 AM ---------- Previous post was at 11:13 AM ----------
never mind...its a BGA

_that said:
I see, so I assume you assume you had a backup before.
Somebody (maybe you?) could try roughly the following sequence:
- get new TF700
- update to 9.4.5.26. if it's already newer, forget nvflash, but the rest could still work.
- root it using debugfs
- make a backup of /dev/block/mmcblk0p6
- do some DRM-dependent stuff and check that it works
- after some days, make another backup of /dev/block/mmcblk0p6 and compare if anything has changed. If the key is static, maybe restoring after unlocking could work. If not, chances are high that it doesn't work.
- unlock (this erases mmcblk06 and voids warranty)
- optional, but very useful: install AndroidRoot hacked bootloader to make blobs for nvflash, then use nvflash to backup all partitions
- restore backup of /dev/block/mmcblk0p6
- try if DRM still works
Click to expand...
Click to collapse
Correct order maybe.
- get new TF700
- update to 9.4.5.26.
- root it using debugfs
- make a backup of /dev/block/*.*
- unlock (this erases mmcblk06 and voids warranty)
- install AndroidRoot hacked bootloader to make blobs for nvflash
- restore backup of /dev/block/mmcblk0p6
- try if DRM still works
Q1:If i backed up 9.4.5.26 all block image.After i updated 9.4.5.30 can i get the nvflash blob from backed up images?No way to dig out the blob key from the backup?

W3ber said:
Q1:If i backed up 9.4.5.26 all block image.After i updated 9.4.5.30 can i get the nvflash blob from backed up images?No way to dig out the blob key from the backup?
Click to expand...
Click to collapse
No way - the BCT, bootloader, etc. is not visible to the kernel at all (so it's not included in your images), and I don't know which kind of magic the blob creation tool uses, but I assume it's more than reading stuff from the nand.

[Q] ?? How to backup Firmware on stock device

Hello.
I have a Samsung Relay that is rebranded by Cellular One of North East AZ. They have a fancy super thin sticker over the Tmobile logo on the glass. lol... But the firmware in the device is branded by Cellular One.
I cannot find that firmware anywhere and want to know if anyone has any directions on how to back up the firmware so It could be loaded onto a t-mobile Relay to "brand" it for Cellular One.
Appreciate any help you can offer.
Thanks.
(I normally play in CDMA world, but I moved to po dunk nothing ville and VZW Sucks here, so had to go with Cell One. First real experience with GSM)

I've never done this before and I'm not 100% sure if it can be done. But there probably are ways if you're clever enough. So here's what I would try if I were in your position:
1. Check if there's a way to dump it with Odin. You can google around to see if it's possible but I'm pretty sure it's a feature in Odin (Whether our phone supports it is another story). You would have to boot into download mode, (vol down + home + power when powering on) and then follow whatever directions you find for dumping a rom. Just make sure you don't flash anything to your device. And make sure you know what you're doing with Odin because it can brick your phone if you push the wrong buttons.
2. The other way to do it is to dump your partition contents with the dd command (I would do it through an adb shell). This would require you to have root. I'm not sure of how to get root without modifying your ROM (kind of defeats the purpose of what you're trying to do if we have to change the ROM) but there are usually ways to get a temp root. Not sure how to do it on our phone but maybe someone else can help you with that part. Or maybe do some googling. The dd part I've at least done for the boot partition. Basically what you want to do is open an adb shell and run:
"ls -l /dev/block/platform/msm_sdcc.1/by-name/"
This will give you a list of all the partition name symlinks and show you the block devices they point to. For example, when I was getting boot.img I found that the "boot" symlink pointed to "/dev/block/mmcblk0p7". Find all the partitions you want to image in this list and figure out which block devices they point to.
The next part is to figure out how big each of the partitions is. You can find this in /proc/partitions. So from your adb shell you would run:
"cat /proc/partitions"
This will print out all of your flash block devices (look at the ones you were interested in from above). The 3rd column in this list will be the # of blocks in the partition. I believe the block size is 1k (1024 bytes). For example, my boot partition was 10240 blocks which comes out to 10 Megs, which sounds about right. The 1k assumption also agrees with the total device flash size, which is 7634944 blocks (mmcblk0) which is just under the 8GB they say the phone has. So I'm pretty confident about the block size.
So now we're at the part where things get a little hairy. I'm assuming you've found some way to get root in your adb shell. Be very careful with these dd commands and if you don't know what you're doing, don't do it. You would want to run something like the following:
"dd if=/dev/block/<partition name> of=/storage/sdCard/<name of image file> bs=1024 count=<# of blocks for partition you found in /proc/partions>"
You would do this for each partition you want dumped.
Again, be careful if you decide to try and do any of this stuff (especially with the dd commands, if you mix up the in file and out file you can brick your device). But like I said this worked for me to get boot.img and I was able to extract it and get the kernel and ramdisk. Hope this helps and sorry I don't know more about getting you a temp root without modifying your ROM.
Jeff

Can you send me a screenshot of your about phone screen?
Sent from my SGH-T699 using Tapatalk

hello everyone,
i resurrection this thread so bring some information to pepole who want to backup stock rom so they can flash it back with odin.
i constructed a list of partitions names/partition location nb./partition block size for a refreance of what to backup:
block size partition block location partition name
7634944 /dev/block/mmcblk0 Whole SSD on Device
2048 /dev/block/mmcblk0p5 aboot
6144 /dev/block/mmcblk0p20 backup
10240 /dev/block/mmcblk0p7 boot
860160 /dev/block/mmcblk0p17 cache
13952 /dev/block/mmcblk0p11 efs
10240 /dev/block/mmcblk0p19 fota
3072 /dev/block/mmcblk0p21 fsg
5120 /dev/block/mmcblk0p23 grow
61440 /dev/block/mmcblk0p1 modem
3072 /dev/block/mmcblk0p12 modemst1
3072 /dev/block/mmcblk0p13 modemst2
512 /dev/block/mmcblk0p9 pad
10240 /dev/block/mmcblk0p10 param
8192 /dev/block/mmcblk0p16 persist
10240 /dev/block/mmcblk0p18 recovery
512 /dev/block/mmcblk0p6 rpm
128 /dev/block/mmcblk0p2 sbl1
256 /dev/block/mmcblk0p3 sbl2
512 /dev/block/mmcblk0p4 sbl3
8 /dev/block/mmcblk0p22 ssd
1228800 /dev/block/mmcblk0p14 system
512 /dev/block/mmcblk0p8 tz
5386240 /dev/block/mmcblk0p15 userdata
so all you have to do is to use this command via terminal:
"dd if=/dev/block/<partition name> of=/storage/sdCard/<name of image file> bs=1024 count=<# of blocks for partition>"
you can cnange "sdCard" for "extSdCard" if you wish.
this will make you the raw imgae of all partitions and then you will need to use tar in linux to make a tar.md5 file for odin.
use the commands below in terimanl to do so:
"tar -H ustar -c image1 image2 image3 etc... > package_name.tar"
"md5sum -t package_name.tar >> package_name.tar"
"mv package_name.tar package_name.tar.md5"
remember you will need superuser on you phone to do this, also the commands are without the quotation mark.
the only thing left to know is what partitions you must backup to beable to restore fully to stock with/without data.
i know you should backup the boot/efs/recovery/system partitions for clean stock + userdata/cache if you want your data back.
does anybody know of other critical partitions to backup?

[Q] Optimizing ext4 for sd-ext (Samsung EVO MB-MP32D/EU on Xperia Mini Pro)

Goal:
Motivation: As my phone (Sony Ericsson SK17i) has low internal memory, it is essential to have a good MicroSD card with sd-ext and move some parts of /data to /sd-ext.
Problem: I am not satisfied with random I/O performance on ext4.
I, however, don't want to sacrify safety by disabling journaling.
My HW&SW:
My MicroSD: Samsung EVO MB-MP32D/EU, 32GB.
My phone: Sony Ericsson Xperia Mini Pro (SK17i)
ROM: LegacyXperia CM11
Ext4 mount options: noatime,nodiratime,barrier=1
My laptop OS (I ran mkfs.ext4, GParted and fdisk tools there): Ubuntu 12.04, up-to-date
Before making any change, I did a byte-by-byte backup of the original raw data, that is roughly dd if=/dev/sdc bytes=(some size) | compression > output_file. If you are interested in it, you can download the https://public.v6ak.com/samsung-evo-MB-MP32D--EU--32GB/sdc.gz.bz2 (< 1KiB) backup file.
What and why I did:
First, I resized the FAT32 (without reformatting) to 20GiB by GParted,
Second, I determined the sdcard characteristics by flashbench tool using command sudo ./flashbench -a /dev/sdc --blocksize=1024: https://public.v6ak.com/samsung-evo-MB-MP32D--EU--32GB/
There is my conclusion:
Code:
erase_block = 16777216
multi_plane = 16384
page = 8192
So, I took recommendation from https://wiki.gentoo.org/wiki/SDCard#Solution_2:_Tuned_ext4:
Code:
filesystem_block = min(page, 4096) = 4096 # Values higher than 4096 are not supported, so I had to pick 4096.
stride = multi_plane / page = 2 # Should I use page, or filesystem_block?
stripe_width = erase_block / page = 2048 # Should I use page, or filesystem_block?
# The resulting command:
sudo mkfs.ext4 -E stride=2,stripe-width=2048 -b 4096 /dev/sdc2
Third, I made another partitions in the free space. Now, I am just interested in the /dev/sdc2, which is sd-ext. The start of all the partitions is divisible by 8192, so I hope they are all properly aligned:
Code:
Disk /dev/sdc: 32.0 GB, 32010928128 bytes
255 heads, 63 sectors/track, 3891 cylinders, total 62521344 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x0000cf13
Device Boot Start End Blocks Id System
/dev/sdc1 8192 41951231 20971520 c W95 FAT32 (LBA) # The original partition
/dev/sdc2 41951232 50339839 4194304 83 Linux # The sd-ext partition
/dev/sdc3 50339840 52436991 1048576 83 Linux # A legacy partition, nothing important
/dev/sdc4 52436992 56631295 2097152 b W95 FAT32 # Titanium Backup partition, not important at the moment
The results:
I used A1 SD Bench to benchmark both FAT32 (i.e. /dev/sdc1) and ext4 (i.e. /dev/sdc2) filesystems. I did just the random I/O test when phone was in airplane mode (=> no noise from network events) and charging:
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
I've seen some suggestions it should perform several times better: http://forums.storagereview.com/index.php/topic/36678-samsung-evo-sd-memory-card-review-discussion/?p=287587 (Well, SD and microSD might differ, but I hope it not to differ much.)
There are my questions:
* Why is random write performance on the original FS significantly lower than on the benchmark above?
* Random writes are about twice faster on FAT32 than on ext4. Is it caused just by journaling?
* Why is random read significantly better on FAT32 than on ext4?
* Did I choose the right stripe/stride/blocksize? Should I double them?
* Should I perform another benchmark?
P.S.: Sorry there are no hyperlinks, I am not allowed to post them. I've tried to make the references as friendly as possible.

[Kindle Fire HD 7] 3rd Gen (2013) SOHO - Bring it back alive with emmc adapter flash

Hello,
I need some help. At the moment I am connected with the eMMC flash of my SOHO 3rd GEN tablet.
I used the exploitee.rs emmc adapter.
The problem:
-The tablet want not booting anymore. Stuck fw was on it (no idea wich fw).
-I try to bring it back with a fastboot cable but something burned on the mainboard (If you had a 3rd gen device and a microscope pls help)
What I want to try:
-I want to reflash the bootloader (are there two on this device???) and the recovery with my emmc adapter to be able to flash the stock fw again. I want to give him just manually 3.7V with a power adapter, at the battery connector.
The problem now:
I really dont know how to extract the right img-files from the stock-bin file. There are some different img files: (md5 sum at begining)
Code:
f82a8c5518a76b96b95dc0448b772d81 /media/galliumos/MULTIBOOT/Amazon_Kindle_Fire_HD_3rd_gen_SOHO/images/boot.img
Code:
a5224737ba83a65d40e3049ba6d71582 /media/galliumos/MULTIBOOT/Amazon_Kindle_Fire_HD_3rd_gen_SOHO/images/boot-prod.img
Code:
4e6181ea47c7868c2104147dc0b2fce6 /media/galliumos/MULTIBOOT/Amazon_Kindle_Fire_HD_3rd_gen_SOHO/images/u-boot.bin
Code:
38cfffa45008955f2887f7998dbd1c4e /media/galliumos/MULTIBOOT/Amazon_Kindle_Fire_HD_3rd_gen_SOHO/images/u-boot-prod.bin
Code:
aa4b135a185e5486656893f4c7101271 /media/galliumos/MULTIBOOT/Amazon_Kindle_Fire_HD_3rd_gen_SOHO/recovery_images/recovery-eng.img
Code:
5cba5636109eec7c7e5faa35104d65c0 /media/galliumos/MULTIBOOT/Amazon_Kindle_Fire_HD_3rd_gen_SOHO/recovery_images/recovery-prod.img
Code:
Here is recovery from the old system:
7e781998261c22852f6bae53e02335c6 /media/galliumos/MULTIBOOT/Amazon_Kindle_Fire_HD_3rd_gen_SOHO/recovery.img
I really think the bootloader was broken and that was the reason why the device was still black.
So I really would like to flash with
Code:
sudo dd if=/sdcard/bin-extract-stock/images/the-right.img of=/dev/sda2
the needed partitions. Like when I let the device making an update.
Can you help me to get the 100% right image files for the right partitions.
Here are some informations about the current partitions:
Code:
Disk /dev/sda: 14.6 GiB, 15634268160 bytes, 30535680 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: gpt
Disk identifier: F9F21FFF-A8D4-5F0E-9746-594869AEC34E
Device Start End Sectors Size Type
/dev/sda1 256 511 256 128K Microsoft basic data
/dev/sda2 512 1023 512 256K Microsoft basic data
/dev/sda3 1024 1151 128 64K Microsoft basic data
/dev/sda4 1152 1183 32 16K Microsoft basic data
/dev/sda5 1184 1187 4 2K Microsoft basic data
/dev/sda6 2048 34815 32768 16M Microsoft basic data
/dev/sda7 34816 51199 16384 8M Microsoft basic data
/dev/sda8 51200 67583 16384 8M Microsoft basic data
/dev/sda9 67584 2623487 2555904 1.2G Microsoft basic data
/dev/sda10 2623488 4466687 1843200 900M Microsoft basic data
/dev/sda11 4466688 30535679 26068992 12.4G Microsoft basic data
Code:
Command (? for help): ?
b back up GPT data to a file
c change a partition's name
d delete a partition
i show detailed information on a partition
l list known partition types
n add a new partition
o create a new empty GUID partition table (GPT)
p print the partition table
q quit without saving changes
r recovery and transformation options (experts only)
s sort partitions
t change a partition's type code
v verify disk
w write table to disk and exit
x extra functionality (experts only)
? print this menu
Command (? for help): i
Partition number (1-11): 1
Partition GUID code: EBD0A0A2-B9E5-4433-87C0-68B6B72699C7 (Microsoft basic data)
Partition unique GUID: F9F21F00-A8D4-5F0E-9746-594869AEC34E
First sector: 256 (at 128.0 KiB)
Last sector: 511 (at 255.5 KiB)
Partition size: 256 sectors (128.0 KiB)
Attribute flags: 0000000000000000
Partition name: 'xloader'
Command (? for help): i
Partition number (1-11): 2
Partition GUID code: EBD0A0A2-B9E5-4433-87C0-68B6B72699C7 (Microsoft basic data)
Partition unique GUID: F9F21F01-A8D4-5F0E-9746-594869AEC34E
First sector: 512 (at 256.0 KiB)
Last sector: 1023 (at 511.5 KiB)
Partition size: 512 sectors (256.0 KiB)
Attribute flags: 0000000000000000
Partition name: 'bootloader'
Command (? for help): i
Partition number (1-11): 3
Partition GUID code: EBD0A0A2-B9E5-4433-87C0-68B6B72699C7 (Microsoft basic data)
Partition unique GUID: F9F21F02-A8D4-5F0E-9746-594869AEC34E
First sector: 1024 (at 512.0 KiB)
Last sector: 1151 (at 575.5 KiB)
Partition size: 128 sectors (64.0 KiB)
Attribute flags: 0000000000000000
Partition name: 'idme'
Command (? for help): i4
Partition number (1-11): 4
Partition GUID code: EBD0A0A2-B9E5-4433-87C0-68B6B72699C7 (Microsoft basic data)
Partition unique GUID: F9F21F03-A8D4-5F0E-9746-594869AEC34E
First sector: 1152 (at 576.0 KiB)
Last sector: 1183 (at 591.5 KiB)
Partition size: 32 sectors (16.0 KiB)
Attribute flags: 0000000000000000
Partition name: 'crypto'
Command (? for help): i
Partition number (1-11): 5
Partition GUID code: EBD0A0A2-B9E5-4433-87C0-68B6B72699C7 (Microsoft basic data)
Partition unique GUID: F9F21F04-A8D4-5F0E-9746-594869AEC34E
First sector: 1184 (at 592.0 KiB)
Last sector: 1187 (at 593.5 KiB)
Partition size: 4 sectors (2.0 KiB)
Attribute flags: 0000000000000000
Partition name: 'misc'
Command (? for help): i
Partition number (1-11): 6
Partition GUID code: EBD0A0A2-B9E5-4433-87C0-68B6B72699C7 (Microsoft basic data)
Partition unique GUID: F9F21F05-A8D4-5F0E-9746-594869AEC34E
First sector: 2048 (at 1024.0 KiB)
Last sector: 34815 (at 17.0 MiB)
Partition size: 32768 sectors (16.0 MiB)
Attribute flags: 0000000000000000
Partition name: 'efs'
Command (? for help): i
Partition number (1-11): 7
Partition GUID code: EBD0A0A2-B9E5-4433-87C0-68B6B72699C7 (Microsoft basic data)
Partition unique GUID: F9F21F06-A8D4-5F0E-9746-594869AEC34E
First sector: 34816 (at 17.0 MiB)
Last sector: 51199 (at 25.0 MiB)
Partition size: 16384 sectors (8.0 MiB)
Attribute flags: 0000000000000000
Partition name: 'recovery'
Command (? for help): i
Partition number (1-11): 8
Partition GUID code: EBD0A0A2-B9E5-4433-87C0-68B6B72699C7 (Microsoft basic data)
Partition unique GUID: F9F21F07-A8D4-5F0E-9746-594869AEC34E
First sector: 51200 (at 25.0 MiB)
Last sector: 67583 (at 33.0 MiB)
Partition size: 16384 sectors (8.0 MiB)
Attribute flags: 0000000000000000
Partition name: 'boot'
Command (? for help): i
Partition number (1-11): 9
Partition GUID code: EBD0A0A2-B9E5-4433-87C0-68B6B72699C7 (Microsoft basic data)
Partition unique GUID: F9F21F08-A8D4-5F0E-9746-594869AEC34E
First sector: 67584 (at 33.0 MiB)
Last sector: 2623487 (at 1.3 GiB)
Partition size: 2555904 sectors (1.2 GiB)
Attribute flags: 0000000000000000
Partition name: 'system'
Command (? for help): i
Partition number (1-11): 10
Partition GUID code: EBD0A0A2-B9E5-4433-87C0-68B6B72699C7 (Microsoft basic data)
Partition unique GUID: F9F21F09-A8D4-5F0E-9746-594869AEC34E
First sector: 2623488 (at 1.3 GiB)
Last sector: 4466687 (at 2.1 GiB)
Partition size: 1843200 sectors (900.0 MiB)
Attribute flags: 0000000000000000
Partition name: 'cache'
Command (? for help): i
Partition number (1-11): 11
Partition GUID code: EBD0A0A2-B9E5-4433-87C0-68B6B72699C7 (Microsoft basic data)
Partition unique GUID: F9F21F0A-A8D4-5F0E-9746-594869AEC34E
First sector: 4466688 (at 2.1 GiB)
Last sector: 30535679 (at 14.6 GiB)
Partition size: 26068992 sectors (12.4 GiB)
Attribute flags: 0000000000000000
Partition name: 'userdata'
gparted
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Greetings by I_did_it_just_tmrrow

overlode said:
Edit - SUCCESS!!! It seems I may have had one wire touching another so I tidied up the soldering and the eMMC was recognised straight away
I have successfully accessed the Soho eMMC and can see all partitions as in the attached image!!!
Now if only I could find the commands to backup the entire eMMC...
Click to expand...
Click to collapse
overlode said:
Ok, files uploaded -
Bootloader - https://drive.google.com/file/d/0BwMwdZJ36fBoVTNRVmNjX2FmZTQ/edit?usp=sharing
eMMC Dump - https://drive.google.com/file/d/0BwMwdZJ36fBoNTQyUENvbmVGY1E/edit?usp=sharing
Enjoy
Click to expand...
Click to collapse
I found this post here.
So now I had a 100% bootloader partition and my recovery partition.
What is about 'xloader' partition name?
And the partition 8: "boot". It that "u-boot.bin" from my source?
Pls, I need some answers.
Greetings by Idijt

its been awhile since i got mine revived! soo all this is like something new to me! howeveer ill provide what little that i have

abatoir said:
its been awhile since i got mine revived! soo all this is like something new to me! howeveer ill provide what little that i have
Click to expand...
Click to collapse
Did you still own your device? Can dump your partitions with dd?
Greetings by Idijt

No I don't own it anymore. But mine was an 8gb version, seems like yours is a 15gb version or something like that. I do have photos of my complete partitions.
Sent from my Redmi Note 2 using XDA Free mobile app
---------- Post added at 05:07 AM ---------- Previous post was at 04:48 AM ----------
this is my partiton table after succesfully uploading to emmc

Hello, I'm soho everything is normal, but then teardown accidentally short after the motherboard usb boot don't boot, but the computer have a reaction, but did not show for help how to solve the screen is black, from youdao translation

Hope this helps...
I did something similar. I was using a cheap cable so I swapped them out. I got a LG cable and plugged it in, well it borked my tablet. Black Screen, I took cable apart and found a resistor soldered to a pin! Tested it and it was sending odd pulses, whatever it broke mine. Here is a list of what I backed up before testing.
KF3_p1-xloader.img
-rwxrwxrwx 1 root vboxusers 35002 Sep 3 17:35 KF3_p1-xloader.rar
-rwxrwxrwx 1 root vboxusers 262144 Sep 3 17:27 KF3_p2-BootLoader-Orig.img
-rwxrwxrwx 1 root vboxusers 65536 Sep 3 17:35 KF3_p3-idme.img
-rwxrwxrwx 1 root vboxusers 16384 Sep 3 17:35 KF3_p4-crypto.img
-rwxrwxrwx 1 root vboxusers 2048 Sep 3 17:35 KF3_p5-misc.img
-rwxrwxrwx 1 root vboxusers 16777216 Sep 3 17:35 KF3_p6-efs.img
I assume you need to dd a original image to xloader &or bootloader.
I can only get mine in usb boot mode, which shows as omap4470 windows and Linux as:
Bus 002 Device 005: ID 0451:d012 Texas Instruments, Inc. I suspect I may need to mod & recompile the usbboot source. I think its hardcoded for 4430 or 4460.
*Your Method is even more promising.
I will upload the files if you need them. All except idme & efs as it contains my serials, etc. I *assume* those 2 files will work as they are stock and should have signatures intact.
Would You Post a Pic of the rs device connected to your Kindle?
I would love to find the serial and JTAG pinouts...?

any try this and did can repier of this problem

can you help me please
unimatrix725 said:
I did something similar. I was using a cheap cable so I swapped them out. I got a LG cable and plugged it in, well it borked my tablet. Black Screen, I took cable apart and found a resistor soldered to a pin! Tested it and it was sending odd pulses, whatever it broke mine. Here is a list of what I backed up before testing.
KF3_p1-xloader.img
-rwxrwxrwx 1 root vboxusers 35002 Sep 3 17:35 KF3_p1-xloader.rar
-rwxrwxrwx 1 root vboxusers 262144 Sep 3 17:27 KF3_p2-BootLoader-Orig.img
-rwxrwxrwx 1 root vboxusers 65536 Sep 3 17:35 KF3_p3-idme.img
-rwxrwxrwx 1 root vboxusers 16384 Sep 3 17:35 KF3_p4-crypto.img
-rwxrwxrwx 1 root vboxusers 2048 Sep 3 17:35 KF3_p5-misc.img
-rwxrwxrwx 1 root vboxusers 16777216 Sep 3 17:35 KF3_p6-efs.img
I assume you need to dd a original image to xloader &or bootloader.
I can only get mine in usb boot mode, which shows as omap4470 windows and Linux as:
Bus 002 Device 005: ID 0451:d012 Texas Instruments, Inc. I suspect I may need to mod & recompile the usbboot source. I think its hardcoded for 4430 or 4460.
*Your Method is even more promising.
I will upload the files if you need them. All except idme & efs as it contains my serials, etc. I *assume* those 2 files will work as they are stock and should have signatures intact.
Would You Post a Pic of the rs device connected to your Kindle?
I would love to find the serial and JTAG pinouts...?
View attachment 3866692
Click to expand...
Click to collapse
can you help me please

Nit an expert, mine is still bricked sitting on shelf.
arikurdi said:
can you help me please
Click to expand...
Click to collapse
I would suggest reading from first post. I don't know allot about the kindle. I spent many hours reading the threads to try and fix mine. I would suggest googling for an identification guide, since kindles are hard to tell apart. To make sure you are in the correct place. The second thing when needing help is to provide a detailed description of your problem. You increase chances of more than one person helping.

kindle fire soho
unimatrix725 said:
I would suggest reading from first post. I don't know allot about the kindle. I spent many hours reading the threads to try and fix mine. I would suggest googling for an identification guide, since kindles are hard to tell apart. To make sure you are in the correct place. The second thing when needing help is to provide a detailed description of your problem. You increase chances of more than one person helping.
Click to expand...
Click to collapse
my problem is my kindel fire soho is just read on pc omap4470 and idont know how to make short
and install driver on linux ihave linux but idont how is work iflashed wrong bootloader file

Hi, I also have Kindle Fire HD 7 Soho (2013). I was attempting to unlock the bootloader and install TWRP, following this thread:
https://forum.xda-developers.com/ki...ment/unlock-kfsowi-bootloader-unlock-t3262770
I was able to get into fastboot mode, then proceeded to flash boot with the hijack image, but in the next line, where the system partition is flashed with a system image, I mistakenly flashed system image to the boot partition. I then did continue, before I realized my mistake. It doesn't boot anymore, but I believe the card reader emmc access would be able to get me back in business again.
I've read this thread, and the thread for the HD 7 2012 Tate emmc, I don't see anything pointing to the connections for the card reader to the 2013 soho motherboard. If there is something that has been posted, could someone put a link in this thread? I think it will be very helpful for those of us that want to try that method to unbrick our Kindles (2013, 3rd generation). Thank you.
EDIT: After more reading, I came across a thread which shows the points to connect an sd card reader to the motherboard of a Kindle Fire HD 7 Soho (2013, 3rd gen) in order to access the emmc of the kindle, it will show up as a usb drive when the card reader is connected to the usb port.
https://forum.xda-developers.com/showthread.php?t=2674737&page=3
Here is another related link, it shows the connections using the pins of a micro-sdcard adapter, you should read the entire article because it mentions a 50k-ohm pull up resistor that is required between pins 2 & 4. This was used on a Kindle Fire HD 7 Tate (2012)
https://forum.xda-developers.com/kindle-fire-hd/7-inch-help/kindle-fire-hd-7-emmc-access-t2828906
I am waiting on a fastboot cable first, and it should arrive soon. If I can't get into fastboot mode with the new cable, then I will try the card reader method.

@crackitopen any news?
I found a pin decription for the SOHO and I got a image.
Currently I had still the broken SOHO-8GB from the first post. But I got a second SOHO-16GB version. I could imagine that the bootloader ist the same but I am not sure how to read it and flash it in the right way. Could anybody help with that?
Greetings by Idijt

I_did_it_just_tmrrow said:
@crackitopen any news?
Click to expand...
Click to collapse
Hi Sorry for the late reply, but yes - I waited for the fastboot cable to arrive, and when it did, I was able to get into fastboot mode, so I had only to reflash those 2 partitions. I was very careful this time around, and I was successful in updating the Soho to CyanogenMod 12 unofficial Soho, Android 5.0.2 as described in that other post that I referenced.

crackitopen said:
Hi Sorry for the late reply, but yes - I waited for the fastboot cable to arrive, and when it did, I was able to get into fastboot mode, so I had only to reflash those 2 partitions. I was very careful this time around, and I was successful in updating the Soho to CyanogenMod 12 unofficial Soho, Android 5.0.2 as described in that other post that I referenced.
Click to expand...
Click to collapse
Did you have some tipps for me?
I own 2 SOHO devices and grab from the first one the following partitions:
Code:
=========================================
soho:/ # df
Filesystem 1K-blocks Used Available Use% Mounted on
tmpfs 470440 480 469960 1% /dev
tmpfs 470440 0 470440 0% /mnt
/dev/block/mmcblk0p10 1251544 707172 544372 57% /system
/dev/block/mmcblk0p12 5316696 2888156 2428540 55% /data
/dev/block/mmcblk0p11 907096 15708 891388 2% /cache
/dev/fuse 5316696 2888156 2428540 55% /mnt/runtime/default/emulated
/dev/fuse 5316696 2888156 2428540 55% /mnt/runtime/read/emulated
/dev/fuse 5316696 2888156 2428540 55% /mnt/runtime/write/emulated
=========================================
soho:/ # ls -la /dev/block/platform/omap_hsmmc.1/by-name
total 0
drwxr-xr-x 2 root root 280 2017-10-22 01:35 .
drwxr-xr-x 4 root root 380 2017-10-22 01:35 ..
lrwxrwxrwx 1 root root 20 2017-10-22 01:35 boot -> /dev/block/mmcblk0p8
lrwxrwxrwx 1 root root 20 2017-10-22 01:35 bootloader -> /dev/block/mmcblk0p2
lrwxrwxrwx 1 root root 21 2017-10-22 01:35 cache -> /dev/block/mmcblk0p11
lrwxrwxrwx 1 root root 20 2017-10-22 01:35 crypto -> /dev/block/mmcblk0p4
lrwxrwxrwx 1 root root 20 2017-10-22 01:35 efs -> /dev/block/mmcblk0p6
lrwxrwxrwx 1 root root 20 2017-10-22 01:35 exploit -> /dev/block/mmcblk0p9
lrwxrwxrwx 1 root root 20 2017-10-22 01:35 idme -> /dev/block/mmcblk0p3
lrwxrwxrwx 1 root root 20 2017-10-22 01:35 misc -> /dev/block/mmcblk0p5
lrwxrwxrwx 1 root root 20 2017-10-22 01:35 recovery -> /dev/block/mmcblk0p7
lrwxrwxrwx 1 root root 21 2017-10-22 01:35 system -> /dev/block/mmcblk0p10
lrwxrwxrwx 1 root root 20 2017-10-22 01:35 xloader -> /dev/block/mmcblk0p1
The following partition was to big ofr internal memory:
Code:
lrwxrwxrwx 1 root root 21 2017-10-22 01:35 userdata -> /dev/block/mmcblk0p12
What would I like to do next:
I wanna solder my gtv-Hacker emmc adapter to my SOHO mainboard to fix it. Then I would like to flash "bootloader -> /dev/block/mmcblk0p2" & "recovery -> /dev/block/mmcblk0p7" & "exploit -> /dev/block/mmcblk0p9".
Commands to flash the 3 partitions?
Greetings by Idijt

Jesus christ you fixed it? You are a god to me OP.

Galaxyninja66 said:
Jesus christ you fixed it? You are a god to me OP.
Click to expand...
Click to collapse
If you mean me, no I dont fix it yet. I was on the right way but then my noob-Linux knowledge or any other reason seems to destroy the one mainboard. I had SOHO mainboard, one with hardware error and one with software-Brick error.
But I think you have another kindle, I had 2 SOHO boards and you seems to have a TATE:
Code:
>KFHD 7 2012 (tate) - CyanogenMod 13 (Considering an SFOS port)
Greetings by Idijt

I_did_it_just_tmrrow said:
If you mean me, no I dont fix it yet. I was on the right way but then my noob-Linux knowledge or any other reason seems to destroy the one mainboard. I had SOHO mainboard, one with hardware error and one with software-Brick error.
But I think you have another kindle, I had 2 SOHO boards and you seems to have a TATE:
Code:
>KFHD 7 2012 (tate) - CyanogenMod 13 (Considering an SFOS port)
Greetings by Idijt
Click to expand...
Click to collapse
I know we have different kindles, but raising a messed up board from the dead is an accomplishment no less
On a side note, and SFOS port might not be possible due to the nature of the Kindle fire bootloader. Each build just goes straight to fastboot which is un heard of on any other device.

Just wanted to say thank you to @overlode and @unimatrix725. Thanks to you I was able to bring my hard bricked Fire HD 3rd gen (soho) back to the land of living. I've made a mistake of flashing a wrong bootloader.
After a bit of googling I came across a thread on xda where @overlode shared an immensely helpful photo with eMMC pins mapped out - you rock! Using this mapping I was able to solder an usb sdcard reader to the eMMC and access it from gparted. Then I've found this thread where @unimatrix725 shared his original bootloader.img which I then subsequently flashed to my device. Now my Fire HD is happy again - thank you!

Glad you were able to sort it @pfoltyn, I haven't looked at this for a couple of years and have since moved on to other projects but glad it's still helping people

[GUIDE] Dual-Boot for any Android Device

Code:
disclaimer
/*
* Your warranty is... still valid?
*
* I am not responsible for bricked devices, dead SD cards,
*/
Hello
This Guide to make Dual-Boot for any android device that can be useful. It allows two Android os installed at the same time and switch between them almost as easily as a simple reboot.
Spoiler: General information
This done by creating a new system partition using Parted (shrink userdata partition and creat the new system partition)
To Boot from the new system partition: change the name of the new system partition to "system" and the name of old system partition to any name e.g. "system-b"
To Boot from the old system partition: change the name of the old system partition to "system" and the name of new system partition to any name e.g. "system-b"
Dual boot for P20 lite - demonstration video (I am using SHRP RECOVERY (like TWRP) with tweaks to change boot partition easily, instead of writing terminal commands. This a video shows the dual boot process)
Requirements​
TWRP
Parted (attached arm and arm64, unzip the file)
Latest fastboot and ADB commands installed
Backup all your data because you will make a factory reset and format data partition
Steps:​
Boot to TWRP
Run the following commands
Code:
adb push /path/to/parted /sbin/parted
adb shell
chmod 777 /sbin/parted
parted /dev/block/mmcblk0
p free
note: parted /dev/block/xxxxx according do your device
3- it will show the list of partition "save this you may use it later". remember the number of old system partition which is in my case "52"
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
4- remove "userdata" partition which in my case number 59 using the following command
Code:
rm 59
5- create the new system partition (partition number 59 in my case ) using the following command
Code:
mkpart name fs_type start end
name: name of new partition e.g "system-b"
fs_type: file system type e.g "ex4"
start: the end value in MB of the previous partition, in my case "7153MB"
end: equal to start + size where size will be the size of the target partition. in my case in need 4GB partition so end=7153MB + 4GB =11153MB
In my case I'll type:
Code:
mkpart system-b ext4 7153MB 11153MB
set 59 msftdata on
6- create the "userdata" partition (partition number 60 in my case, start= 11153MB )
In my case I'll type:
Code:
mkpart userdata ext4 11153MB 31.3GB
set 60 msftdata on
7- get the new partition list
Code:
p free
8- exit
Code:
quit
9- format userdata and the new system partition using "mkfs.type /dev/block/mmcblk0pxx" (in my case partition number 59 and 60). you may need to reboot before doing that or make factory reset using your recovery
Code:
adb push /path/to/mkfs.ext4 /sbin/mkfs.ext4
adb shell
chmod 777 /sbin/mkfs.ext4
mkfs.ext4 /dev/block/mmcblk0p59
mkfs.f2fs /dev/block/mmcblk0p60
10- To Boot from your new system partition > boot to twrp and run the following command
Code:
adb push /path/to/parted /sbin/parted
adb shell
chmod 777 /sbin/parted
parted /dev/block/mmcblk0
name 52 system-b
name 59 system
or from TWRP terminal write the following
Code:
parted -s /dev/block/mmcblk0 name 52 system-b
parted -s /dev/block/mmcblk0 name 59 system
change the number 52 and 59 according to your partition list (in my case 59: new system partion, 52 old system partition ). Then reboot TWRP and flash your new android os
11- To Boot from your old system partition > boot to twrp and run the following command
Code:
adb push /path/to/parted /sbin/parted
adb shell
chmod 777 /sbin/parted
parted /dev/block/mmcblk0
name 59 system-b
name 52 system
or from TWRP terminal write the following
Code:
parted -s /dev/block/mmcblk0 name 59 system-b
parted -s /dev/block/mmcblk0 name 52 system
change the number 52 and 59 according to your partition list (in my case 59: new system partion, 52 old system partition ). Then reboot
-------------------------------------------------------
You may create flashable zip or modify TWRP file to switch between the two android os easily[/CODE]

You can also create two userdata profiles such as here
https://forum.xda-developers.com/t/a-simple-way-to-kind-of-dual-boot-an-android.4176415/

Did you get what you described on your phone and would you like to show it in a video?

ze7zez said:
Did you get what you described on your phone and would you like to show it in a video?
Click to expand...
Click to collapse
Yes. It is worked on my phone Huawei P20 lite ... I am using SHRP RECOVERY (like TWRP) with tweaks to change boot partition easily, instead of writing terminal commands. This a video shows the dual boot process

Flashable zip Files to switch easily between the two android os (you must have "System" and "System-b" partitions, other names not accepted)
Flash "Active-New-System-partition-arm64-v2" to active the new system partition
Flash "Active-Default-System-partition-arm64-v2" to active the default system partition

Anyone else tried this? I'm courious how safe this is... Someone warned me it's very easy to brick device

Abdelhay.ali said:
Code:
disclaimer
/*
* Your warranty is... still valid?
*
* I am not responsible for bricked devices, dead SD cards,
*/
Hello
This Guide to make Dual-Boot for any android device that can be useful. It allows two Android os installed at the same time and switch between them almost as easily as a simple reboot.
Spoiler: General information
This done by creating a new system partition using Parted (shrink userdata partition and creat the new system partition)
To Boot from the new system partition: change the name of the new system partition to "system" and the name of old system partition to any name e.g. "system-b"
To Boot from the old system partition: change the name of the old system partition to "system" and the name of new system partition to any name e.g. "system-b"
Dual boot for P20 lite - demonstration video (I am using SHRP RECOVERY (like TWRP) with tweaks to change boot partition easily, instead of writing terminal commands. This a video shows the dual boot process)
Requirements​
TWRP
Parted (attached arm and arm64, unzip the file)
Latest fastboot and ADB commands installed
Backup all your data because you will make a factory reset and format data partition
Steps:​
Boot to TWRP
Run the following commands
Code:
adb push /path/to/parted /sbin/parted
adb shell
chmod 777 /sbin/parted
parted /dev/block/mmcblk0
p free
note: parted /dev/block/xxxxx according do your device
3- it will show the list of partition "save this you may use it later". remember the number of old system partition which is in my case "52"
View attachment 5772225
4- remove "userdata" partition which in my case number 59 using the following command
Code:
rm 59
5- create the new system partition (partition number 59 in my case ) using the following command
Code:
mkpart name fs_type start end
name: name of new partition e.g "system-b"
fs_type: file system type e.g "ex4"
start: the end value in MB of the previous partition, in my case "7153MB"
end: equal to start + size where size will be the size of the target partition. in my case in need 4GB partition so end=7153MB + 4GB =11153MB
In my case I'll type:
Code:
mkpart system-b ext4 7153MB 11153MB
set 59 msftdata on
6- create the "userdata" partition (partition number 60 in my case, start= 11153MB )
In my case I'll type:
Code:
mkpart userdata ext4 11153MB 31.3GB
set 60 msftdata on
7- get the new partition list
Code:
p free
View attachment 5775221
8- exit
Code:
quit
9- format userdata and the new system partition using "mkfs.type /dev/block/mmcblk0pxx" (in my case partition number 59 and 60). you may need to reboot before doing that or make factory reset using your recovery
Code:
adb push /path/to/mkfs.ext4 /sbin/mkfs.ext4
adb shell
chmod 777 /sbin/mkfs.ext4
mkfs.ext4 /dev/block/mmcblk0p59
mkfs.f2fs /dev/block/mmcblk0p60
10- To Boot from your new system partition > boot to twrp and run the following command
Code:
adb push /path/to/parted /sbin/parted
adb shell
chmod 777 /sbin/parted
parted /dev/block/mmcblk0
name 52 system-b
name 59 system
or from TWRP terminal write the following
Code:
parted -s /dev/block/mmcblk0 name 52 system-b
parted -s /dev/block/mmcblk0 name 59 system
change the number 52 and 59 according to your partition list (in my case 59: new system partion, 52 old system partition ). Then reboot TWRP and flash your new android os
11- To Boot from your old system partition > boot to twrp and run the following command
Code:
adb push /path/to/parted /sbin/parted
adb shell
chmod 777 /sbin/parted
parted /dev/block/mmcblk0
name 59 system-b
name 52 system
or from TWRP terminal write the following
Code:
parted -s /dev/block/mmcblk0 name 59 system-b
parted -s /dev/block/mmcblk0 name 52 system
change the number 52 and 59 according to your partition list (in my case 59: new system partion, 52 old system partition ). Then reboot
-------------------------------------------------------
You may create flashable zip or modify TWRP file to switch between the two android os easily[/CODE]
Click to expand...
Click to collapse
Is only GSI flashing possible with this method or any custom ROM?

It should work with any GSI/ROM..... It just change the name of the system partition.
Lord Sithek said:
Is only GSI flashing possible with this method or any custom ROM?
Click to expand...
Click to collapse

Abdelhay.ali said:
It should work with any GSI/ROM..... It just change the name of the system partition.
Click to expand...
Click to collapse
Well, I've tried that procedure on my secondary device but something got screwed and I ended up with the need of EDL flash. Maybe I made a mistake, idk, but it's definitely dangerous

Lord Sithek said:
Anyone else tried this? I'm courious how safe this is... Someone warned me it's very easy to brick device
Click to expand...
Click to collapse
Lord Sithek said:
Well, I've tried that procedure on my secondary device but something got screwed and I ended up with the need of EDL flash. Maybe I made a mistake, idk, but it's definitely dangerous
Click to expand...
Click to collapse
This can happen

Abdelhay.ali said:
Code:
disclaimer
/*
* Your warranty is... still valid?
*
* I am not responsible for bricked devices, dead SD cards,
*/
Hello
This Guide to make Dual-Boot for any android device that can be useful. It allows two Android os installed at the same time and switch between them almost as easily as a simple reboot.
Spoiler: General information
This done by creating a new system partition using Parted (shrink userdata partition and creat the new system partition)
To Boot from the new system partition: change the name of the new system partition to "system" and the name of old system partition to any name e.g. "system-b"
To Boot from the old system partition: change the name of the old system partition to "system" and the name of new system partition to any name e.g. "system-b"
Dual boot for P20 lite - demonstration video (I am using SHRP RECOVERY (like TWRP) with tweaks to change boot partition easily, instead of writing terminal commands. This a video shows the dual boot process)
Requirements​
TWRP
Parted (attached arm and arm64, unzip the file)
Latest fastboot and ADB commands installed
Backup all your data because you will make a factory reset and format data partition
Steps:​
Boot to TWRP
Run the following commands
Code:
adb push /path/to/parted /sbin/parted
adb shell
chmod 777 /sbin/parted
parted /dev/block/mmcblk0
p free
note: parted /dev/block/xxxxx according do your device
3- it will show the list of partition "save this you may use it later". remember the number of old system partition which is in my case "52"
View attachment 5772225
4- remove "userdata" partition which in my case number 59 using the following command
Code:
rm 59
5- create the new system partition (partition number 59 in my case ) using the following command
Code:
mkpart name fs_type start end
name: name of new partition e.g "system-b"
fs_type: file system type e.g "ex4"
start: the end value in MB of the previous partition, in my case "7153MB"
end: equal to start + size where size will be the size of the target partition. in my case in need 4GB partition so end=7153MB + 4GB =11153MB
In my case I'll type:
Code:
mkpart system-b ext4 7153MB 11153MB
set 59 msftdata on
6- create the "userdata" partition (partition number 60 in my case, start= 11153MB )
In my case I'll type:
Code:
mkpart userdata ext4 11153MB 31.3GB
set 60 msftdata on
7- get the new partition list
Code:
p free
View attachment 5775221
8- exit
Code:
quit
9- format userdata and the new system partition using "mkfs.type /dev/block/mmcblk0pxx" (in my case partition number 59 and 60). you may need to reboot before doing that or make factory reset using your recovery
Code:
adb push /path/to/mkfs.ext4 /sbin/mkfs.ext4
adb shell
chmod 777 /sbin/mkfs.ext4
mkfs.ext4 /dev/block/mmcblk0p59
mkfs.f2fs /dev/block/mmcblk0p60
10- To Boot from your new system partition > boot to twrp and run the following command
Code:
adb push /path/to/parted /sbin/parted
adb shell
chmod 777 /sbin/parted
parted /dev/block/mmcblk0
name 52 system-b
name 59 system
or from TWRP terminal write the following
Code:
parted -s /dev/block/mmcblk0 name 52 system-b
parted -s /dev/block/mmcblk0 name 59 system
change the number 52 and 59 according to your partition list (in my case 59: new system partion, 52 old system partition ). Then reboot TWRP and flash your new android os
11- To Boot from your old system partition > boot to twrp and run the following command
Code:
adb push /path/to/parted /sbin/parted
adb shell
chmod 777 /sbin/parted
parted /dev/block/mmcblk0
name 59 system-b
name 52 system
or from TWRP terminal write the following
Code:
parted -s /dev/block/mmcblk0 name 59 system-b
parted -s /dev/block/mmcblk0 name 52 system
change the number 52 and 59 according to your partition list (in my case 59: new system partion, 52 old system partition ). Then reboot
-------------------------------------------------------
You may create flashable zip or modify TWRP file to switch between the two android os easily[/CODE]
Click to expand...
Click to collapse
look what i got
edit: appearently any name u put when u use the command mkpart doesn't register or smtg idk what's wrong tbh
edit2: i found a solution just do "name 38(in my case) userdata" and it'll name the partition

i accidentally hardbricked my xiaomi pad 5 by deleting the dbg partition (could not find any information about it online), can anybody help?

Does not the new system-b alias requires its own data partition? The new system image may not be compatible with data partition.
New Android OS requires its own data. Above approach will share the /data among different system images which is something not useful.

dual boot is nonsense because one can't share same userdata partition between ROMs

alecxs said:
dual boot is nonsense because one can't share same userdata partition between ROMs
Click to expand...
Click to collapse
Yes you can but it does not work with all apps.
I got an app in the Dualboot I made for Oneplus 6/7 series and had an app where you can choose which apps should be shared on both roms.