NOTE:
I'm not a developer or something even near to that. I'm a newbie and will be, seems so. All information provided here is copied and compiled from different internet sources like this and many others.
This information is according to best of my knowledge and comprehension and is just for curious souls like me who want to understand things in quite simple words. It might be wrong and I will open-heartedly welcome any correction or addition from anyone.
I'm not responsible for any harm to you or your device resulting from this.
1. PARTITION TABLE
The Phone's Internal Memory (eMMC or UFS; not the SD card) is solid-state (flash) memory, aka NAND. Raw NAND, as it's called, is basically a pure flash memory dependent on CPU to control it. But in order to use flash memory just like a traditional hard drive (block device), NAND is equipped with an (embedded multimedia) micro-controller. It's called eMMC.
eMMC can be partitioned much like a hard drive on PC. PC's have traditionally been partitioned with BIOS compatible Master Boot Record (MBR) scheme in which first sector of disk contains the details of partitions called Partition Table. Limited size of boot sector (512 bytes) puts a limitation of at maximum 4 (primary) partitions listed in MBR. Extended partition has been used for 4+ partitions.
GUID Partition Table (GPT) was introduced with UEFI booting system which isn't dependent on first boot sector and hence may contain up to 128 partitions. GPT also does CRC check, has backup GPT, identifies partitions by GUID and partitions have a label.
Android devices use GPT. We can view and manipulate GPT using Linux tools such as parted and gdisk while fdisk is the traditional tool for MBR partitions.
To view partition table on internal memory:
Code:
~# parted /dev/block/mmcblk0
(parted) p free
~# gdisk -l /dev/block/mmcblk0
(The external SD Card can also be partitioned to include a section dedicated to storing user apps (like Link2SD does) or to create partitions for secondary or tertiary OS on Android device using some multiboot kernel and recovery system). Even we can put whole OS/ROM on an SD card.
2. BRIEF INTRO
Contents of Android partitions can be partially or completely modified by flashing an image (filesystem .img or executable binary or a flashable zip) to them. But we never need to modify most of them and whatever manufacturer wrote on them, resides there unmodified (read-only) for the whole of device life. A user uses only one partition /data to save personal data like photos, music etc. All the other are for device to run. There are typically in the range of 50 partitions on an Android device but only a few partitions are modified for the purpose of adding new features or upgrading the device. A custom ROM or minor upgrade is also limited to modify /boot, /system and /data partitions usually. Most of the partitions are almost intact, containing bootloaders, firmwares, settings etc. Here is a "summarized" detail to these partitions which matter to a common but interested user.
On most devices /system and /data are larger partitions (on some devices /custom or a similar partition too) covering almost 90% of eMMC. All others are smaller ones of a few KB's or MB's.
3. SoC / CHIPSET / PROCESSORS RELATED PARTITIONS
SoC is the first component when we start a PC or Mobile phone which initialzes hardware and processors and loads bootloaders in memory to bootstrap OS. It's an integrated chip containing multiple things e.g. CPU, GPU, modem, wifi etc. It varies for device manufacturers and SoC vendors (chipset plus processor).
Some partitions are specific to SoC, most of them are closed-source executable binary blobs (like aboot, sbl, rpm, tz, cmnlib, devcfg, keymaster, lksecapp and others on a Qualcomm device), loaded step-by-step by bootloaders.
MODEM or RADIO - the phone's radio
Also called baseband, it is responsible for signals and on older devices may control wifi, bluetooth, and GPS (on most newer devices, these are handled by the kernel and ROM). Upgrades are country dependent and may improve or diminish battery performance, network signal strength, and roaming capability. It is also sometimes required to have a minimum Baseband version to use a ROM so that the RIL will play nice with the Baseband.
Modem firmware is a mini-OS for the cellular radio chip which has its own processor. Firmware is a general term, firmware exists for a lot of things on phone. The wireless chip for WiFi, GPS, and Bluetooth often has a firmware as can the GPU core among other things. These firmware files are usually located inside the SYSTEM or VENDOR partition. The modem firmware is special because it has its own separate Baseband Processor (BP) so the firmware is left out of the system image in its own partition.
Modem is not an Android-specific partition. It is tied to the hardware of the phone, but the kernel has a code allowing Android to interact with the hardware. But the baseband processor (BP) - which runs modem and is responsible for all communication through mobile networks e.g. call, SMS and internet - is totally isolated from Application Processor (the one we call CPU) and is not governed by Android kernel; it runs an independent RTOS.
RIL/Radio Interface Layer
This is not a separate partition, but a part of the ROM and is like a driver for the Radio. RIL daemons provides telephony and cellular data i.e. adds phone to smartphone. There is a matching RIL for each Baseband version and you can flash it to match your Baseband after flashing a ROM. Having mismatched RIL and Baseband can range from having no effect at all, slight battery drain, loss of roaming, or even no connection to the cell network. Many ROMs keep their RIL updated to the latest. Job of the RIL is to translate all the telephony requests from the Android telephony framework and map them to the corresponding AT commands to the modem, and back again. AT set of commands is used to communicate with modem i.e. baseband processor (BP) which is a must have processor on Android devices in addition to normal CPU i.e. Application Processor (AP).
TZ (TrustZone) - used by ARM processors as an additional lock to security features. It combines user's encryption key with a hardware specific key generated by encryption processor (like TPM on Windows) to make security breaching more difficult. It can also be used to implement Trusted Execution Environment (TEE).
RPM (Resource/Power Management) which starts executing Primary/Primitive BootLoader (PBL) in BootROM - controls power to radio, modem etc.
DSP (Digital Signal Processor) - by Qualcomm to assist in things like smooth video playback (realtime media and sensors processor) as well as runs RTOS for modem
HYP (Hypervisor) - Virtual Machine Monitor, to enable Virtual Machine platform
4. BOOTLOADERS
Bootloaders - in many steps - hand over charge to kernel after loading in RAM. These are mostly standalone ELF executable files becuase at this stage no filesystem is loaded and only executable code may work. These are all closed source components on Android device, provided by SoC vendors - either built-in or as binary blobs.
SBL - Secondary bootloader loaded by SoC, loads ABOOT in memory, also provides (Emergency) Download Mode (EDL) on many devices, a Firmware Update Protocol.
ABOOT (bootloader.img or aboot.mbn file in Factory Firmware) - Applications Bootloader is the main bootloader responsible for loading kernel or recovey and fastboot - a Firmware Update Protocol - as well.
Kernelflinger is a similar bootloader on Intel devices.
Read ANDROID BOOT PROCESS to know more about bootloaders.
5. CORE AOSP PARTITIONS
BOOT - Kernel and initramfs (modern form of of ramdisk and ramfs/tmpfs)
A kernel is a layer of code that allows the OS and applications to interface with your phone's hardware. The degree to which you can access your phone's hardware features depends on the quality of code in the kernel. Several kernel code improvements give us additional features from our hardware that the stock kernel does not. When you flash a custom ROM, you automatically get a kernel. But you can also flash a standalone kernel on top of the existing one, effectively overwriting it. These days, the difference in custom kernels is less about new features and more about alternate configurations. Choosing a custom kernel is basically choosing one that works best with your ROM.
Device Tree Blob (DTB), along with hardware drivers, are baked with kernel source in boot.img. DTB is loaded by bootloader at boot time and passed to kernel so that it can discover hardware and create node points accordingly.
On a Linux system init along with scripts, binaries kernel drivers and modules (in initrd.img), kernel (vmlinuz executable) and bootloader configuration along with modules, they all reside on root or a separate partition (mounted) at /boot. While on Android, init along with a few binaries and configuration files and kernel reside in a separate partition named "boot" with a special filesystem. Boot.img is created using tools like mkbootimg after building kernel.
This is how kenrel and DTB are built:
vmlinux > Image > zImage / Image.gz > Image.gz-dtb
vmlinux: Large sized non-bootable Linux kernel (executable) with debug symbols, just an intermediate step to producing vmlinuz
vmlinux.bin: Same as vmlinux binary but with removed symbols, produced by 'objcopy'
vmlinuz: Compressed and bootable Linux kernel file; one of zImage or bzImage formats; compressed using zlib, LZMA, gzip or bzip2 etc.
zImage: Smaller format, for old kernels
bzImage: Big zImage
Image: vmlinux.bin of embedded devices
Image.gz: zImage or bzImage of embedded devices
.dts (multiple) < > .dtb (1 or more)
Converted using dtc (device tree compiler)
.dtb is appended to zImage / Image.gz i.e. zImage-dtb / Image.gz-dtb (simply concatenate)
zImage-dtb > dtb Can be extracted using split-appended-dtb
Packed as a part of kernel, "--dt" option is not needed when creating boot.img
mkbootimg --kernel *.Image.gz-dtb --ramdisk *.cpio.gz --base . . . --offset . . . --tag-address . . . --cmdline . . .
.dtb is extracted as a part of kernel by unpackbootimg
.dtb < > dtb.img
Converted using mkdtimg
dtb.img is for dtb partition or second stage of boot.img
boot.img is created by using --dt option:
mkbootimg --dt dt.img --kernel *.Image.gz --ramdisk *.cpio.gz --base . . . --offset . . . --tag-address . . . --cmdline . . .
dtb.img is extracted separately by unpackbootimg
Further Reading: Device Tree Overlays and Android Boot and Recovery Images
SYSTEM - ROM / OS
Contains system applications and libraries that have AOSP source code. During normal operation, this partition is mounted read-only; its contents change only during an OTA update or when flashing a new OS. Most ROM's don't allow root level (Admin rights in Windows) access by default. So, "rooting" is required to modify the contents of this partition. This is the actual User Interface we use on our phone i.e. system apps are installed on this partition on /system/app directory. Another important directory is /system/bin which contains executable binaries to perform each and every action by OS in background (as daemons) or by user in shell (bash) scripts or CLI (command line interface). These are native binaries (developed in C / C++ mostly) as opposed to Android apps which are developed in Java. A minimal form of Linux commands is also included in AOSP as toolbox or toybox (or user can add busybox or individual static binaries). /system/lib directory contains native libraries (shared by applications commonly) with .so extensions just like .dll on Windows.
VENDOR
This partition is replaced with a shortcut (symbolic link in fact) to /system/vendor directory. It contains system applications and libraries that do not have source code available on AOSP but added by vendors (OEM's). During normal operation, this partition is mounted read-only; its contents change only during an OTA update. It also contains SoC firmware images i.e. hardware specific libraries and binaries (OpenGL, ISP...).
Proprietary blobs (HALs) usually live in (/system)/vendor as shared libraries (.so files) which are loaded by Android binders when processes call a hardware component. HAL (hardware abstraction layer) is userspace alternative to traditional Linux's system calls for drivers and is a kind of Google's standardization for OEMs/hardware vendors, though being abandoned by mainstream Linux.
PROJECT TREBLE
In an ideal world, there should be a generic AOSP OS and a single kernel for all Android devices, not tied to hardware and vendors. But unfortunately it isn't so because unlike PC world, there is no standardization in mobile world. AOSP is heavily modified on silicon vendor (SoC) as well as phone vendor level. One of the worst outcome of this situation is almost no Long Term Support (LTS). There are delayed or none updates once the consumers have phone, making it vulnerable to security issues and missing new features. Project Treble (starting from Android-8) addresses this issue somewhat by creating a separation between hardware specific code and generic AOSP code.
Previously, phone vendors used to get AOSP code from Google, mixing it with their own cutomizations (UI, apps etc.) and the hardware specific code from SoC vendor. If a minor fix needed to be applied to AOSP code, the whole process had to be repeated because code was intermingled and fixing one thing broke the other. Google resolved this issue by specifying /vendor partition for hardware specific code, /system containing only generic code. Interaction with AOSP code will be through HIDL interfaces, thus making it possible to upgrade the both codes independently. /oem and /odm partitions were added previously for the same purpose.
USERDATA
User applications are installed in different folders under /data. Apps data (user and system) is stored in /data/data. User personal data and some apps data is stored in /data/media. /data/media is also emulated as internal SDCard at /storage/emulated and symlinked at /sdcard. Personalized and apps settings are also stored in this partition. A folder /data/dalvik contains, in simple words, extracted apps to boost loading process. Java bytecode of Android apps is converted to executable code (.odex) by Dalvik Virtual Machine, separate instance of which is launched by zygote (an Android init daemon) for every app.
This partition is not normally touched by the OTA update process. A Factory Reset wipes this partition, normally excluding /data/media i.e. personal data.
When you do a factory reset (AKA: wipe, hard reset, factory wipe, etc.), you are erasing the /data and /cache partitions. Note that a factory reset does NOT put your phone back to its factory state from an OS standpoint. OS upgrades will stay because the OS lives in /system, and that is not touched during a factory reset. So it's not a factory reset. It's a factory DATA reset actually.
RECOVERY
Holds alternate boot partition and the recovery program that lets the device boot into a recovery console for performing advanced recovery and maintenance operations. It contains a second complete Linux system i.e. independent OS, including a user-interface application, kernel and the special recovery binary that reads a package and uses its contents to update i.e. flash or wipe itself or any other partition particularly during OTA updates.
Recovery is also the most commonly used method to flash custom ROM's.
ADB sideload mode through PC is a replacement of flashing files (usually .zip) through Recovery. ADB works when phone is switched on in Recovery (or ROM). ADB/fastboot setup is to be made on PC to use this mode.
CACHE - cached (frequently accessed) data from OS usage and contains the firmware update package downloaded from server during OTA updates. Temporary holding area used by a few applications with the expectation that files can disappear at any time. Major use is by recovery and OTA updates. Recovery last_log is also written to this partition.
6. OTHER PARTITIONS
CUST - also CUSTOM or PRELOAD on some devices, it's used by stock ROM's, holding some preloaded system apps and regional settings which are installed on first use.
MISC - also FOTA on older devices
It's a tiny partition used by recovery to communicate with bootloader store away some information about what it's doing in case the device is restarted while the OTA package is being applied.
It is a boot mode selector used to pass data among various stages of the boot chain (boot into recovery mode, fastboot etc.). e.g. if it is empty (all zero), system boots normally. If it contains recovery mode selector, system boots into recovery mode.
It may also carry some necessarily required information in the form of switches to control hardware or settings related tasks such as CID (Carrier or Region ID) information and USB configurations etc.
PERSIST - contains data which shouldn't be changed after the device is shipped, e.g. DRM related files, sensor reg file (sns.reg) and calibration data of chips; wifi, bluetooth, camera etc.
Some package installers such as OpenGapps also make use of this partition to read configuration file.
EFS, MODEMST1, MODEMST2, FSG, BACKUP
These all are related to IMEI; a unique number used by GSM networks to identify and trace a mobile phone.
EFS may contain hardware info like configuration files, WiFi/BlueTooth MAC’s, IMEI (or ESN for a CDMA based device) etc.
EFS and MODEMST1 may be a single partition on some phones.
FSG (FileSystem Golden copy) and BACKUP are backups of MODEMST1 and MODEMST2 respectively. If MODEMST1 or MODEMST2 are erased (by wrong factory flashing say) and phone notices an invalid partition, FSG and BACKUP will be restored.
MODEMST1 and MODEMST2 also contains modem firmware files.
PARAM - stores a number of parameters, variables and settings of the hardware. It contains info whether MODEMST partitions are backed up or not. Also debug settings, custom ROMs flash count, current stage boot process etc.
OEM - like VENDOR, it incorporates OEM (Original Equipment Manufacturer i.e. hardware manufacturer or Mobile Phone brand) small customization (modifications) to original Android (AOSP) during OTA updates such as customized system properties values etc.
PAD - related to OEM
OTA, FOTA - OTA updates
DDR - Double Data Rate RAM
FSC - Modem FileSystem Cookies
SSD - Secure Software Download, a memory based file system for secure storage, stores some encrypted RSA keys
DEVINFO - device information including: is_unlocked (aboot), is_tampered, is_verified, charger_screen_enabled, display_panel, bootloader_version, radio_version etc. Contents of this partition are displayed by "fastboot oem device-info" command in human readable format. Before loading boot.img or recovery.img, bootloader verifies the locked state from this partition.
CONFIG/FRP/PDB - saves state of Factory Reset Protection (FRP), "Allow bootloader (OEM) unlocking" . (Developer Options), asks already associated account info. This partition is erased/reset if Factory Reset done from Settings.
DEVCFG - used by TZ for upgrades
LKSECAPP - "LK (Little Kernel) Security App", related to RPM, TZ online verification / update
LIMITS - Qualcomm Limits Management Hardware (LMh) driver in SBL writes the data in this partition to use for later reboots
SYSCFG - Qualcomm CPR (Core Power Reduction) Regulator for better performance and power saving of application processor by voltage control
DIP, MDTP - boot verification, use Qualcomm SafeSwitch technology to lock and track theft phones
CMNLIB, KEYMASTER - verified boot
SEC - contains fuse settings, mainly for secure boot (signing bootloaders for chain of trust) and oem setting
KEYSTORE - related to /data Full Disc Encryption (FDE)
MCFG - (Modem Configuration Framework) - on dual SIM devices, loads MBN (modem binary) files depending on SIM/carrier
SPLASH - splash image or boot logo which appears when device boots (at ABOOT stage).
CHGLOGO - charging screen that appears when charger is connected to powered off device.
MSADP, APDP, DPO - related to debug policies
GROW - empty for future expansion
7. FILESYSTEMS
Supported filesystems by your kernel can be viwewd by:
Code:
~# cat /proc/filesystems
Partitions with Mountable Filesystems
Following partitions are mounted during boot process:
system, vendor, odm, userdata (mounted at /data), cache, cust, persist (mounted at /persist or /mnt/vendor/persist), modem (mounted at /firmware or /vendor/firmware_mnt), dsp (mounted at /dsp or /vendor/dsp)
Modem is formatted as vfat while all others are usually ext4 or f2fs on newer devices.
All of these are listed in /fstab.* file which is processes by init. Starting with Android 8.0 (Treble release), fstab.* is moved to /vendor/etc/ and system, vendor and odm entries are included in dtb.
Other partitions don't contain a mountable filesystem. However, we may try to get an idea of the contents by reading smaller partitions e.g.:
Code:
~# cat /dev/block/bootdevice/by-name/config | strings
~# cat /dev/block/bootdevice/by-name/misc | strings
Pseudo / Virtual / in-Memory Filesystems (Kernel space)
These filesystems don't rely on a physical persistent storage but just live in RAM, to provide kernel services interfaces in user space.
rootfs (/) - mounted by kernel before calling init. More details here
sysfs (/sys) - information related to devices, populated by kernel
devpts (/dev/pts) - character device files representing slave side of pseudo terminal pairs
proc (/proc) - information related to all processes, updated as processes are started / killed
tmpfs (/dev) - all device nodes updated from sysfs, accessible from user space
configfs (/config) - intergrated with userspace sdcardfs, controls apps permissions to directories on internal/external sdcard by VOLume Daeomon, a replacement of fusefs
pstore (/sys/fs/pstore) - persistent storage, a replacement of /proc/last_kmsg, saves last kernel console messages on panic / crashes / sudden reboots, solution to volatile nature of pseudo filesystems
cgroup - cgroups manage hardware resources allocation to processes as per load
selinuxfs (/sys/fs/selinux) - implementation of Security-Enahanced Linux, a mandatory access controls (MAC) to manage file permissions, better than traditional Discretionary Access Control (DAC) mechanism (Read-Write-eXecute) of Linux
debugfs (/sys/kernel/debug) - to monitor and debug kernel space implementations from user space
tracefs (/sys/kernel/debug/tracing) - debugfs with better security
functionfs (/dev/usb-ffs/adb) - integrated with configfs, manages USB gadgets, ADB is implemented through functionfs on Android
FILESYSTEM TREE MOUNTED BY INIT: ANDROID vs. LINUX
8. Factory Firmware and Flashable ROMs:
When you flash a custom ROM, that ROM typically includes a kernel and an OS. That means the /boot and /system partitions will be modified at a minimum. Some ROMs require a clean install, so a format of the /data and /cache partitions is sometimes built into the .zip that you flash. This is essentially doing a Factory Reset.
Read here to know more about flashing partitions.
Factory Firmware contains original iamge files of almsot all important partitions. It's provided by OEM's, usually as a package which also incude a flasher software for PC. Or a general flasher software may be uses such as QFIL.
ROM Development
A ROM developer downloads AOSP source code from Google while device tree, driver binaries and kernel source code is provided by (ODM's through) OEM's, if they are generous enough. OEM's manufacture and sell devices themselves while ODM's sell to white-labelers who brand them under their own names. Original Android kernel tree is provided by Google which in turn is taken from Linux and then modified by Google for Android-specific needs.
RELATED:
An Introduction to Android Firmware
First off, don't need be like your never be a dev, lol you never know. Secondly it's a good share. Appreciated
Drivers Partition
What are partitions responsible on drivers like sound and camera,
I restored ROM using TWRP but now, Sound and Camera don't work,
any help?
saprey said:
What are partitions responsible on drivers like sound and camera,
I restored ROM using TWRP but now, Sound and Camera don't work,
any help?
Click to expand...
Click to collapse
Camera and sound are related to your rom i.e. system partition. Do factory data reset or clean install rom
Thanks, but why is my phone talking about a primary partition and a secondary partition?
Tia,
A real newbie
TommyWhite said:
Thanks, but why is my phone talking about a primary partition and a secondary partition?
Tia,
A real newbie
Click to expand...
Click to collapse
At what point talking about primary / secondary partitions? Are you creating new partitions or using some tool / app to view partitions?
Oh, I misunderstood.
It was about public storages (so whats accessible without root, right??).
It said
Public storage (primaire): /storage/emulated/0
Public storage (secondaire): /storage/94F1-34D8 (I didnt realise that was my sd card ...)
RootFs: /
System: /system
Like a said 'a real newbie'
TommyWhite said:
Oh, I misunderstood.
It was about public storages (so whats accessible without root, right??).
It said
Public storage (primaire): /storage/emulated/0
Public storage (secondaire): /storage/94F1-34D8 (I didnt realise that was my sd card ...)
RootFs: /
System: /system
Like a said 'a real newbie'
Click to expand...
Click to collapse
Something like this attachment?
mirfatif said:
Something like this attachment?
Click to expand...
Click to collapse
yes, sorry for the very late response.
While on some devices there is no bootloader partition at all and bootloader(s) resides on SoC.
Click to expand...
Click to collapse
Great post btw! With the bootloader section mentioning like the above, I have a question: I'm having a device with Snapdragon 810 SoC and wasn't able to find the bootloader partition (or at least I didn't know it has because I couldn't get it to boot into that mode). So does that mean the bootloader is on the SoC? How do I figure it out if it exists on the chip?
Hi @mirfatif , what a post! Hats off to you. By the way, where does the blobs/ HALs go when we flash a new ROM zip?
argon9898 said:
Great post btw! With the bootloader section mentioning like the above, I have a question: I'm having a device with Snapdragon 810 SoC and wasn't able to find the bootloader partition (or at least I didn't know it has because I couldn't get it to boot into that mode). So does that mean the bootloader is on the SoC? How do I figure it out if it exists on the chip?
Click to expand...
Click to collapse
Booting in bootloader (or it's equivalent; like fastboot) mode is dependent on the phone manufacturer. Though most of the hardware manufacturers allow users to access bootloader for repair/maintenance or modified boot chain, some may restrict this for Digital Rights Management or to gain forced customer loyalty , irrespective of where bootloader resides. On most phones it's a partition. You may check your partition table to know about all partitions.
azoksky said:
Hi @mirfatif , what a post! Hats off to you. By the way, where does the blobs/ HALs go when we flash a new ROM zip?
Click to expand...
Click to collapse
Thanks for mentioning. I have added this to my post. By "blolbs" you mean DTB or hardware drivers? Well AFAIK, the blobs are included in every ROM where "ROM" is boot.img and system.img at least.
A ROM developer downloads AOSP source code from Google while device tree (map of hardware components), driver binaries and kernel source code is provided by (ODM's through) OEM's, if they are generous enough. OEM's manufacture and sell devices themselves while ODM's sell to white-labelers who brand them under their own names. Original Android kernel tree is provided by Google which in turn is taken from Linux and then modified by Google for Android-specific needs. DTB and drivers are baked with kernel source in boot.img though DTB may live on a separate dtb partition as specified by AOSP (and was the proposed solution for ARM based embedded Linux devices before Android's birth) but I don't think that is widely practiced. DTB is loaded by bootloader at boot time and passed to kernel so that it can discover hardware and create node points accordingly. Proprietary blobs (HALs) usually live in (/system)/vendor as shared libraries (.so files) which are loaded by Android binders when processes call a hardware component. HAL is userspace alternative to traditional Linux's system calls for drivers and is a kind of Google's standardization for OEMs/hardware vendors.
Click to expand...
Click to collapse
Hello everyone. I tell you that one day flashing my oneplus 5 lost the wifi. The MAC address shows me the typical 02: 00: 00: 00: 00: 00 address. The way to fix it is updating the Oreo but I could never do it, it is always in bootloop, I read all the forums and there is no case, do what I always do the same. It happens in many oneplus 5. So I forgot to fix it in that way. The other thing I saw is hundreds of forums with that problem but I could not fix it either, I've been doing it for three months now. What I am trying now is to erase all the partitions except recovery or bootloader but the phone does not start anymore. What I want is to delete all the partitions associated with wifi, delete modem1, modem2, persist, fsg but nothing, I just managed to lose the imei that does not matter to me because I have back up of the efs folder and even the qcn file of the phone. I know it's a lot of work but if someone tells me that they control each partition, I could erase it, load everything from scratch and that's it. Would someone give me a hand so I can fix that damn wifi on the phone ?. Thank you.
--------------------------------------------------------------------------------------------------------------------------------------
drwxr-xr-x 2 root root 1440 1970-05-03 14:23 .
drwxr-xr-x 4 root root 1600 1970-05-03 14:23 ..
lrwxrwxrwx 1 root root 16 1970-05-03 14:23 LOGO -> /dev/block/sde18
lrwxrwxrwx 1 root root 16 1970-05-03 14:23 abl -> /dev/block/sde16
lrwxrwxrwx 1 root root 16 1970-05-03 14:23 ablbak -> /dev/block/sde17
lrwxrwxrwx 1 root root 16 1970-05-03 14:23 apdp -> /dev/block/sde31
lrwxrwxrwx 1 root root 16 1970-05-03 14:23 bluetooth -> /dev/block/sde24
lrwxrwxrwx 1 root root 16 1970-05-03 14:23 boot -> /dev/block/sde19
lrwxrwxrwx 1 root root 16 1970-05-03 14:23 boot_aging -> /dev/block/sde20
lrwxrwxrwx 1 root root 15 1970-05-03 14:23 cache -> /dev/block/sda3
lrwxrwxrwx 1 root root 15 1970-05-03 14:23 cdt -> /dev/block/sdd2
lrwxrwxrwx 1 root root 16 1970-05-03 14:23 cmnlib -> /dev/block/sde27
lrwxrwxrwx 1 root root 16 1970-05-03 14:23 cmnlib64 -> /dev/block/sde29
lrwxrwxrwx 1 root root 16 1970-05-03 14:23 cmnlib64bak -> /dev/block/sde30
lrwxrwxrwx 1 root root 16 1970-05-03 14:23 cmnlibbak -> /dev/block/sde28
lrwxrwxrwx 1 root root 16 1970-05-03 14:23 config -> /dev/block/sda12
lrwxrwxrwx 1 root root 15 1970-05-03 14:23 ddr -> /dev/block/sdd3
lrwxrwxrwx 1 root root 16 1970-05-03 14:23 devcfg -> /dev/block/sde39
lrwxrwxrwx 1 root root 16 1970-05-03 14:23 devinfo -> /dev/block/sde23
lrwxrwxrwx 1 root root 16 1970-05-03 14:23 dip -> /dev/block/sde14
lrwxrwxrwx 1 root root 16 1970-05-03 14:23 dpo -> /dev/block/sde33
lrwxrwxrwx 1 root root 16 1970-05-03 14:23 dsp -> /dev/block/sde11
lrwxrwxrwx 1 root root 15 1970-05-03 14:23 frp -> /dev/block/sda6
lrwxrwxrwx 1 root root 15 1970-05-03 14:23 fsc -> /dev/block/sdf4
lrwxrwxrwx 1 root root 15 1970-05-03 14:23 fsg -> /dev/block/sdf3
lrwxrwxrwx 1 root root 16 1970-05-03 14:23 fw_4g9n4 -> /dev/block/sde45
lrwxrwxrwx 1 root root 16 1970-05-03 14:23 fw_4j1ed -> /dev/block/sde43
lrwxrwxrwx 1 root root 16 1970-05-03 14:23 fw_4t0n8 -> /dev/block/sde46
lrwxrwxrwx 1 root root 16 1970-05-03 14:23 fw_8v1ee -> /dev/block/sde44
lrwxrwxrwx 1 root root 15 1970-05-03 14:23 hyp -> /dev/block/sde5
lrwxrwxrwx 1 root root 15 1970-05-03 14:23 hypbak -> /dev/block/sde6
lrwxrwxrwx 1 root root 16 1970-05-03 14:23 keymaster -> /dev/block/sde25
lrwxrwxrwx 1 root root 16 1970-05-03 14:23 keymasterbak -> /dev/block/sde26
lrwxrwxrwx 1 root root 15 1970-05-03 14:23 keystore -> /dev/block/sda5
lrwxrwxrwx 1 root root 16 1970-05-03 14:23 limits -> /dev/block/sde35
lrwxrwxrwx 1 root root 16 1970-05-03 14:23 logdump -> /dev/block/sde40
lrwxrwxrwx 1 root root 16 1970-05-03 14:23 logfs -> /dev/block/sde37
lrwxrwxrwx 1 root root 15 1970-05-03 14:23 md5 -> /dev/block/sdf5
lrwxrwxrwx 1 root root 16 1970-05-03 14:23 mdtp -> /dev/block/sde15
lrwxrwxrwx 1 root root 16 1970-05-03 14:23 mdtpsecapp -> /dev/block/sde12
lrwxrwxrwx 1 root root 16 1970-05-03 14:23 mdtpsecappbak -> /dev/block/sde13
lrwxrwxrwx 1 root root 16 1970-05-03 14:23 minidump -> /dev/block/sde47
lrwxrwxrwx 1 root root 15 1970-05-03 14:23 misc -> /dev/block/sda4
lrwxrwxrwx 1 root root 16 1970-05-03 14:23 modem -> /dev/block/sde10
lrwxrwxrwx 1 root root 15 1970-05-03 14:23 modemst1 -> /dev/block/sdf1
lrwxrwxrwx 1 root root 15 1970-05-03 14:23 modemst2 -> /dev/block/sdf2
lrwxrwxrwx 1 root root 16 1970-05-03 14:23 msadp -> /dev/block/sde32
lrwxrwxrwx 1 root root 15 1970-05-03 14:23 oem_dycnvbk -> /dev/block/sda7
lrwxrwxrwx 1 root root 15 1970-05-03 14:23 oem_stanvbk -> /dev/block/sda8
lrwxrwxrwx 1 root root 15 1970-05-03 14:23 param -> /dev/block/sda9
lrwxrwxrwx 1 root root 15 1970-05-03 14:23 persist -> /dev/block/sda2
lrwxrwxrwx 1 root root 15 1970-05-03 14:23 pmic -> /dev/block/sde8
lrwxrwxrwx 1 root root 15 1970-05-03 14:23 pmicbak -> /dev/block/sde9
lrwxrwxrwx 1 root root 16 1970-05-03 14:23 recovery -> /dev/block/sde22
lrwxrwxrwx 1 root root 15 1970-05-03 14:23 reserve -> /dev/block/sdd1
lrwxrwxrwx 1 root root 16 1970-05-03 14:23 reserve1 -> /dev/block/sda10
lrwxrwxrwx 1 root root 16 1970-05-03 14:23 reserve2 -> /dev/block/sda11
lrwxrwxrwx 1 root root 15 1970-05-03 14:23 rpm -> /dev/block/sde1
lrwxrwxrwx 1 root root 15 1970-05-03 14:23 rpmbak -> /dev/block/sde2
lrwxrwxrwx 1 root root 15 1970-05-03 14:23 sec -> /dev/block/sde7
lrwxrwxrwx 1 root root 16 1970-05-03 14:23 splash -> /dev/block/sde34
lrwxrwxrwx 1 root root 15 1970-05-03 14:23 ssd -> /dev/block/sda1
lrwxrwxrwx 1 root root 16 1970-05-03 14:23 sti -> /dev/block/sde38
lrwxrwxrwx 1 root root 16 1970-05-03 14:23 storsec -> /dev/block/sde41
lrwxrwxrwx 1 root root 16 1970-05-03 14:23 storsecbak -> /dev/block/sde42
lrwxrwxrwx 1 root root 16 1970-05-03 14:23 system -> /dev/block/sde21
lrwxrwxrwx 1 root root 16 1970-05-03 14:23 toolsfv -> /dev/block/sde36
lrwxrwxrwx 1 root root 15 1970-05-03 14:23 tz -> /dev/block/sde3
lrwxrwxrwx 1 root root 15 1970-05-03 14:23 tzbak -> /dev/block/sde4
lrwxrwxrwx 1 root root 16 1970-05-03 14:23 userdata -> /dev/block/sda13
lrwxrwxrwx 1 root root 15 1970-05-03 14:23 xbl -> /dev/block/sdb1
lrwxrwxrwx 1 root root 15 1970-05-03 14:23 xblbak -> /dev/block/sdc1
thank you
This is one of the best posts that I've ever read. I'm a hobbyist and reverse engineer learn. My primary phones are Samsung S 6 7 and 8 and I've soft bricked phones them more times than I can count (but recovered) justifying it as a learning experience. Sort of like putting your hand in the fire several times and calling it a learning experience. your post opens up more questions which are great. I root all my phones and I have a fear of new security patches disguised as updates disabling what methods work last week so to speak
So if I understand finally there is a section in bootloaders which is the first bootloader that is static yet upgradable but not downgradable as you referred to like the BIOS on PCs which acts as a verification process so you can't flash downgradable security patches. Much like I've encountered with partcyborg great work on rooting the S8 snapdragon however once you upgraded to the bootloader 2 you couldn't go back to the bootloader one. This is in reference to the build, not the partition.
If someone does reply, I'd like to know can you mod a certain file and Odin in the bootloader section when flashing an update to ensure that you stay at a certain bootloader level while the other files such as AP CP and CSC remain intact from the sam mobile stock firmware.(which I assume the term combo firmware file originates)
My most recent encounters are the device and binary are not the same which I attribute to this problem.
In theory from what I understand the phone has a section that is not Factory resettable which is the NAND that contains read-only but system upgrade information? However, it can be modified by a power Superuser rooted? This obviously risking hard bricking a phone
When upgrading firmware specifically the bootloader file in Odin what file(s) {bin} are essential to the new modification patches and can those files be substituted?
Any comment is considered very helpful. Odin itself is coming out with different versions for structures (prince cosmey) for example.
I explore the system file structure often wondering what I could change or alter as simple as a 0 or 1 or a true or a false to enable or disable my ability to access what I feel I need to access.
I could buy the z3x Samprotools but it defeats my intentions to learn the details.
If you do have a suggestion on a GUI Windows-based tool it would be great. Don't know Linux just as a footnote
Once again what a great post and definition of the different sections of terminology it's just enough to educate me and confuse me at the same time keep doing what you're doing. Any tricks or tips will be very appreciated.
partitions
What are partitions responsible on drivers like sound and camera,
Curious Q.!
what about these two ?
Code:
rpm -> /dev/block/mmcblk0p2
rpmbak -> /dev/block/mmcblk0p11
my phone is MOTO-G5-PLUS (potter)
whole partition table is here:
Code:
←7←[r←[999;999H←[6n←8potter:/ # ls -l /dev/block/bootdevice/by-name
total 0
lrwxrwxrwx 1 root root 21 1970-08-28 23:29 DDR -> /dev/block/mmcblk0p23
lrwxrwxrwx 1 root root 20 1970-08-28 23:29 aboot -> /dev/block/mmcblk0p5
lrwxrwxrwx 1 root root 21 1970-08-28 23:29 abootbak -> /dev/block/mmcblk0p14
lrwxrwxrwx 1 root root 21 1970-08-28 23:29 apdp -> /dev/block/mmcblk0p45
lrwxrwxrwx 1 root root 21 1970-08-28 23:29 boot -> /dev/block/mmcblk0p37
lrwxrwxrwx 1 root root 21 1970-08-28 23:29 cache -> /dev/block/mmcblk0p52
lrwxrwxrwx 1 root root 21 1970-08-28 23:29 carrier -> /dev/block/mmcblk0p34
lrwxrwxrwx 1 root root 21 1970-08-28 23:29 cid -> /dev/block/mmcblk0p32
lrwxrwxrwx 1 root root 20 1970-08-28 23:29 cmnlib -> /dev/block/mmcblk0p6
lrwxrwxrwx 1 root root 20 1970-08-28 23:29 cmnlib64 -> /dev/block/mmcblk0p7
lrwxrwxrwx 1 root root 21 1970-08-28 23:29 cmnlib64bak -> /dev/block/mmcblk0p16
lrwxrwxrwx 1 root root 21 1970-08-28 23:29 cmnlibbak -> /dev/block/mmcblk0p15
lrwxrwxrwx 1 root root 20 1970-08-28 23:29 devcfg -> /dev/block/mmcblk0p4
lrwxrwxrwx 1 root root 21 1970-08-28 23:29 devcfgbak -> /dev/block/mmcblk0p13
lrwxrwxrwx 1 root root 21 1970-08-28 23:29 dip -> /dev/block/mmcblk0p42
lrwxrwxrwx 1 root root 21 1970-08-28 23:29 dpo -> /dev/block/mmcblk0p47
lrwxrwxrwx 1 root root 21 1970-08-28 23:29 dsp -> /dev/block/mmcblk0p22
lrwxrwxrwx 1 root root 21 1970-08-28 23:29 frp -> /dev/block/mmcblk0p31
lrwxrwxrwx 1 root root 21 1970-08-28 23:29 fsc -> /dev/block/mmcblk0p20
lrwxrwxrwx 1 root root 21 1970-08-28 23:29 fsg -> /dev/block/mmcblk0p29
lrwxrwxrwx 1 root root 21 1970-08-28 23:29 hw -> /dev/block/mmcblk0p50
lrwxrwxrwx 1 root root 20 1970-08-28 23:29 keymaster -> /dev/block/mmcblk0p8
lrwxrwxrwx 1 root root 21 1970-08-28 23:29 keymasterbak -> /dev/block/mmcblk0p17
lrwxrwxrwx 1 root root 21 1970-08-28 23:29 kpan -> /dev/block/mmcblk0p36
lrwxrwxrwx 1 root root 21 1970-08-28 23:29 limits -> /dev/block/mmcblk0p40
lrwxrwxrwx 1 root root 21 1970-08-28 23:29 logo -> /dev/block/mmcblk0p33
lrwxrwxrwx 1 root root 21 1970-08-28 23:29 logs -> /dev/block/mmcblk0p44
lrwxrwxrwx 1 root root 21 1970-08-28 23:29 metadata -> /dev/block/mmcblk0p35
lrwxrwxrwx 1 root root 21 1970-08-28 23:29 misc -> /dev/block/mmcblk0p39
lrwxrwxrwx 1 root root 21 1970-08-28 23:29 modem -> /dev/block/mmcblk0p19
lrwxrwxrwx 1 root root 21 1970-08-28 23:29 modemst1 -> /dev/block/mmcblk0p27
lrwxrwxrwx 1 root root 21 1970-08-28 23:29 modemst2 -> /dev/block/mmcblk0p28
lrwxrwxrwx 1 root root 21 1970-08-28 23:29 mota -> /dev/block/mmcblk0p41
lrwxrwxrwx 1 root root 21 1970-08-28 23:29 msadp -> /dev/block/mmcblk0p46
lrwxrwxrwx 1 root root 21 1970-08-28 23:29 oem -> /dev/block/mmcblk0p51
lrwxrwxrwx 1 root root 21 1970-08-28 23:29 padA -> /dev/block/mmcblk0p48
lrwxrwxrwx 1 root root 21 1970-08-28 23:29 persist -> /dev/block/mmcblk0p30
lrwxrwxrwx 1 root root 20 1970-08-28 23:29 prov -> /dev/block/mmcblk0p9
lrwxrwxrwx 1 root root 21 1970-08-28 23:29 provbak -> /dev/block/mmcblk0p18
lrwxrwxrwx 1 root root 21 1970-08-28 23:29 recovery -> /dev/block/mmcblk0p38
lrwxrwxrwx 1 root root 20 1970-08-28 23:29 rpm -> /dev/block/mmcblk0p2
lrwxrwxrwx 1 root root 21 1970-08-28 23:29 rpmbak -> /dev/block/mmcblk0p11
lrwxrwxrwx 1 root root 20 1970-08-28 23:29 sbl1 -> /dev/block/mmcblk0p1
lrwxrwxrwx 1 root root 21 1970-08-28 23:29 sbl1bak -> /dev/block/mmcblk0p10
lrwxrwxrwx 1 root root 21 1970-08-28 23:29 sec -> /dev/block/mmcblk0p24
lrwxrwxrwx 1 root root 21 1970-08-28 23:29 sp -> /dev/block/mmcblk0p49
lrwxrwxrwx 1 root root 21 1970-08-28 23:29 ssd -> /dev/block/mmcblk0p21
lrwxrwxrwx 1 root root 21 1970-08-28 23:29 syscfg -> /dev/block/mmcblk0p43
lrwxrwxrwx 1 root root 21 1970-08-28 23:29 system -> /dev/block/mmcblk0p53
lrwxrwxrwx 1 root root 20 1970-08-28 23:29 tz -> /dev/block/mmcblk0p3
lrwxrwxrwx 1 root root 21 1970-08-28 23:29 tzbak -> /dev/block/mmcblk0p12
lrwxrwxrwx 1 root root 21 1970-08-28 23:29 userdata -> /dev/block/mmcblk0p54
lrwxrwxrwx 1 root root 21 1970-08-28 23:29 utags -> /dev/block/mmcblk0p25
lrwxrwxrwx 1 root root 21 1970-08-28 23:29 utagsBackup -> /dev/block/mmcblk0p26
potter:/ #
GEEKOFIA said:
what about these two ?
Code:
rpm -> /dev/block/mmcblk0p2
rpmbak -> /dev/block/mmcblk0p11
my phone is MOTO-G5-PLUS (potter)
Click to expand...
Click to collapse
RPM (Resource/Power Management) or Primary BootLoader (PBL); controls power to radio, modem etc.
koler386 said:
What are partitions responsible on drivers like sound and camera,
Click to expand...
Click to collapse
Kernel and system
mirfatif said:
what about these two ?
RPM (Resource/Power Management) or Primary BootLoader (PBL); controls power to radio, modem etc.
Click to expand...
Click to collapse
I got a script from a xda thread in which OP mentioned that this script is for wiping dalvik/ART cache.
Before flashing it i decided to analyse it,what i found that it was erasing my RPM partition on mmcblk0p2.
Is it really for dalvik cache ?
Related
I have an incident that I have accrued myself so no need for those comments. The history of the hardbrick i created. If any information regarding anything feel free.
First of all i rooted my device using towelroot. It works for alot of devices and runs as 3rd party apk installer. Created by the infamous Geohotz. Godbless. https://towelroot.com/ for those of you who do not know.
2nd i was looking and trying to swap my extSdCard with my internal /sdcard. I edited the vold.fstab and the vold.conf files thinking hey i can use the external as full internal to have the devive install apps on properly w/o manually moving and use the internal remaining sdcard memory as virtual Ram. I have not completed this process yet. Ill explain.
After mounting the internal as external and vice. I ended up being stuck in a boot loop. NOTE: i did not have custom recovery(was one of the oopsies) so was stuck with basic android recovery. Reset device did not fix. Was going to Odin flash the stock rom and/or CWM Recovery, but there is absolutely NO STOCK or LEAKED rom anywhere for the verizon model. I also pulled those 2 files off of my other tab 2 10.1 NON VERIZON *vold.fstab and vold.conf and places it into zip file and signed it using signapk.
which now i feel like an idiot finding this link "http://forum.xda-developers.com/galaxy-nexus/themes-apps/tutorial-making-flashable-zips-edify-t1611615"
NOTE: I used a different post somewhere that didnt explain to have the right binary so it gave me a signature mismatch error when trying to flash. Use above post to make sure you use propery binary.
Luckily i did some research and knowledge of what i actually did to fix it and plus my addiction to play around and learn things. I manually duplicated the vold.fstab/vold.conf files from my one device to the bricked one
Boot up device in Android recovery.
installed and loaded up ADB.exe from command line.
Code:
adb shell
su
echo *yourlinehere*> /system/etc/vold.fstab
echo *yourlinehere*>> /sytem/etc/vold.fstab
the first > rewrites the file from start black document and inputs the first line
the 2nd >> note the double >> appends to the next line.
i rebooted and VOILA FIXED!!! but wait....theres more ><
So knowing the troubles i had to fix my lil play around mistake. I wanted to get custom recovery partition installed. Used Rom Manager to install CWM Recovery. I picked the wrong rom for my device and flashed it. The one i used was for the international Tab 2 10.1 the gt-5100. It said it successfully flashed so i figured wth it couldnt hurt right? WRONG i clicked reboot to recovery to check it. and here is where I lie. HARD BRICK. No boot up at all. Plug in charger to outlet or PC i dont even get the charging device battery image. So now here we go more research fun!!!
I looked up some information on how to fix a hard bricked device. some posts say using a jig to bypass it and get into download mode. Ok this is a 30 pin connector not a 4 pin like most the android devices. I could do some research on this and probably rig a jig to convert and match the pin layouts but meh my problem still lies within not having stock firmware for this model. I also learn of Jtag methods. Oh all well and handy but buying the Riff Box and all this gets your device bootable, but hey guess what? it would allow me to boot into that download mode or android recovery. Which still bottom line fails as i dont have a stock rom to flash. OH the dilemna.
What ive come up with. I plugged in my device into my pc. Well what do you know i can actually get recognition. but this is where i am stuck at.
I figured out that the device is recognized and i needed drivers. I found this handy site
https://developer.qualcomm.com/forum/qdevnet-forums/general-discussion/9428 Which also explains that i messed up my boot partition.
I download and installed the QPST program and installed the drivers on win7. I had to reboot and use advanced options to disable the unsigned drivers check. OK sweet connection is up!
I tried using ADB shell but device isnt connected that way.
In the QPST program it shows my device on com10 in download mode. I tried to retrieve some data or partition information from the device but it says i cannot when device is in download mode. So no pulling files and fixing and reflashing them. Back to the same problem before NO STOCK ROM.
So here are the questions I have regarding my situation. The android device im playing with has the base partitions. As an example of this http://www.all-things-android.com/content/review-android-partition-layout
I do not have my partition layout for my device as its bricked. I dont even know if it needs to be repaired yet. If any of you with a verizon tab 2 10.1 sch-i915 has a rooted device and can get me this table or a pit file for this device it would be appreciated
2nd firmware vs firmware. As previously stated I do not have firmware for this verizon tab. HOWEVER i did find firmware for the Sprint version of this exact tablet. My question is, could these stock firmwares be exact duplicates with the exclusion of the boot up screen bs and the /misc partition containing the imei phone stats and carrier information?
3rd Flashing just certain partitions of this firmware. Is it possible if the above is feasible considering i know my /boot partition is messed up and my /recovery partition is messed up to only flash those 2 partitions with the one from sprint. The stock kernal should be the same in both devices for the /boot and the /recovery partition should hold the same android recovery should it not?
4th. If anyone has a rooted sch-i915 device would you be willing to make dump of the partitions using this guide http://forum.xda-developers.com/showthread.php?t=2450045. That would be appreciated.
Let Me Work On That
You Are Possibly In Luck. I Know Somone That Has That Tablet. Problem Is It Is My Mom's And Well She Rather Beat Me With It Then Let Me Touch It. I'll See What I Can Do And Will Post Back.. Wish Me Luck i Will Need It :fingers-crossed:
][NT3L][G3NC][ said:
You Are Possibly In Luck. I Know Somone That Has That Tablet. Problem Is It Is My Mom's And Well She Rather Beat Me With It Then Let Me Touch It. I'll See What I Can Do And Will Post Back.. Wish Me Luck i Will Need It :fingers-crossed:
Click to expand...
Click to collapse
Appreciated good luck.
If not possible and i get it fixed ill post how i did it and such. and also post up a JB 4.12 stock/updated leaked rom of this device which apparently seems to be missing in the world for some damn reason.
I Got A Question
Sorry I Been Busy, & Google Has Not Been Kind 2 Me. I Did Find The California Lottery Vulnerability Report Generated By Nessus. But If Someone Could Please Point Me In The Right Direction Or Just Break It Down For Me As Quickly And Light As You Could, Short, Straight Forward, The LIghtest Kliff Notes Ever Would Be Appreciated.
Verizion SCH-I915 [ 4.1.2 ]
I Only Had A Few Minutes With The Tablet But I Already Rooted It, Installed BusyBox, I Barely Started To Get Into The FIle System.... I'm Using Kali LInux
1. What Partitions/Blocks Do I Need To Obtain To Create An Odin Flashable Recovery Image
2. Is There A Droid Binary, Or Script I Can Use To Dump The Rom While Creating The Above For Odin?
Just Found Something I Downloaded At Some Point Called: ROMGEN Any Idea On That Binary??? And phantomphr33k Any Request.
Forgive Me I Work Nights, Two Kids, So I'm Up Days + On Call During The Day.
lrwxrwxrwx root root 1970-10-27 01:41 aboot -> /dev/block/mmcblk0p5 ???
lrwxrwxrwx root root 1970-10-27 01:41 backup -> /dev/block/mmcblk0p20
lrwxrwxrwx root root 1970-10-27 01:41 boot -> /dev/block/mmcblk0p7
lrwxrwxrwx root root 1970-10-27 01:41 cache -> /dev/block/mmcblk0p17
lrwxrwxrwx root root 1970-10-27 01:41 efs -> /dev/block/mmcblk0p11
lrwxrwxrwx root root 1970-10-27 01:41 fota -> /dev/block/mmcblk0p19
lrwxrwxrwx root root 1970-10-27 01:41 fsg -> /dev/block/mmcblk0p21
lrwxrwxrwx root root 1970-10-27 01:41 grow -> /dev/block/mmcblk0p23
lrwxrwxrwx root root 1970-10-27 01:41 modem -> /dev/block/mmcblk0p1
lrwxrwxrwx root root 1970-10-27 01:41 modemst1 -> /dev/block/mmcblk0p12
lrwxrwxrwx root root 1970-10-27 01:41 modemst2 -> /dev/block/mmcblk0p13
lrwxrwxrwx root root 1970-10-27 01:41 pad -> /dev/block/mmcblk0p9
lrwxrwxrwx root root 1970-10-27 01:41 param -> /dev/block/mmcblk0p10
lrwxrwxrwx root root 1970-10-27 01:41 persist -> /dev/block/mmcblk0p16
lrwxrwxrwx root root 1970-10-27 01:41 recovery -> /dev/block/mmcblk0p18
lrwxrwxrwx root root 1970-10-27 01:41 rpm -> /dev/block/mmcblk0p6
lrwxrwxrwx root root 1970-10-27 01:41 sbl1 -> /dev/block/mmcblk0p2
lrwxrwxrwx root root 1970-10-27 01:41 sbl2 -> /dev/block/mmcblk0p3
lrwxrwxrwx root root 1970-10-27 01:41 sbl3 -> /dev/block/mmcblk0p4
lrwxrwxrwx root root 1970-10-27 01:41 ssd -> /dev/block/mmcblk0p22
lrwxrwxrwx root root 1970-10-27 01:41 system -> /dev/block/mmcblk0p14
lrwxrwxrwx root root 1970-10-27 01:41 tz -> /dev/block/mmcblk0p8
lrwxrwxrwx root root 1970-10-27 01:41 userdata -> /dev/block/mmcblk0p15
Should Post The Rest Tomorrow
I Have Attached Some Text Files With The Output Of A Couple Commands To Get The block/partition layout.
I Have Dumped The system.img which is 1.6gb In SIze
Tomorrow I Should Have : Modem "firmware" , Boot , Recovery
QUESTIONS:
What Is aboot?
Which Is The Kernel?
What Is Modemst*?
And More Important, Which Ones Do I Need To Pull For A Complete ROM Dump?
lrwxrwxrwx 1 0 0 20 Nov 2 1970 aboot -> /dev/block/mmcblk0p5
lrwxrwxrwx 1 0 0 21 Nov 2 1970 backup -> /dev/block/mmcblk0p20
lrwxrwxrwx 1 0 0 20 Nov 2 1970 boot -> /dev/block/mmcblk0p7
lrwxrwxrwx 1 0 0 21 Nov 2 1970 cache -> /dev/block/mmcblk0p17
lrwxrwxrwx 1 0 0 21 Nov 2 1970 efs -> /dev/block/mmcblk0p11
lrwxrwxrwx 1 0 0 21 Nov 2 1970 fota -> /dev/block/mmcblk0p19
lrwxrwxrwx 1 0 0 21 Nov 2 1970 fsg -> /dev/block/mmcblk0p21
lrwxrwxrwx 1 0 0 21 Nov 2 1970 grow -> /dev/block/mmcblk0p23
lrwxrwxrwx 1 0 0 20 Nov 2 1970 modem -> /dev/block/mmcblk0p1
lrwxrwxrwx 1 0 0 21 Nov 2 1970 modemst1 -> /dev/block/mmcblk0p12
lrwxrwxrwx 1 0 0 21 Nov 2 1970 modemst2 -> /dev/block/mmcblk0p13
lrwxrwxrwx 1 0 0 20 Nov 2 1970 pad -> /dev/block/mmcblk0p9
lrwxrwxrwx 1 0 0 21 Nov 2 1970 param -> /dev/block/mmcblk0p10
lrwxrwxrwx 1 0 0 21 Nov 2 1970 persist -> /dev/block/mmcblk0p16
lrwxrwxrwx 1 0 0 21 Nov 2 1970 recovery -> /dev/block/mmcblk0p18
lrwxrwxrwx 1 0 0 20 Nov 2 1970 rpm -> /dev/block/mmcblk0p6
lrwxrwxrwx 1 0 0 20 Nov 2 1970 sbl1 -> /dev/block/mmcblk0p2
lrwxrwxrwx 1 0 0 20 Nov 2 1970 sbl2 -> /dev/block/mmcblk0p3
lrwxrwxrwx 1 0 0 20 Nov 2 1970 sbl3 -> /dev/block/mmcblk0p4
lrwxrwxrwx 1 0 0 21 Nov 2 1970 ssd -> /dev/block/mmcblk0p22
lrwxrwxrwx 1 0 0 21 Nov 2 1970 system -> /dev/block/mmcblk0p14
lrwxrwxrwx 1 0 0 20 Nov 2 1970 tz -> /dev/block/mmcblk0p8
lrwxrwxrwx 1 0 0 21 Nov 2 1970 userdata -> /dev/block/mmcblk0p15
Sorry its the Holidays so its understandable. Cant really twist your arm to rush it Im by far not an expert on this i do research myself. Ill do my best and if anyone else can shed light please do.
][NT3L][G3NC][ said:
QUESTIONS:
[*]What Is aboot?
[*]Which Is The Kernel?
[*]What Is Modemst*?
[*]And More Important, Which Ones Do I Need To Pull For A Complete ROM Dump?
Click to expand...
Click to collapse
1) Aboot partition is basically your "Odin Downloader" protocol. while booting pressing power + Vol Dwn will put your device in this mode.
2) The kernel/ramdisk is stored in the /boot partition
Note Primary Bootloader and SB* are secondary bootloaders 1,2,3 those are loaded up as well to set certain params + setup/initialize hardware as far as im understanding. and loads up the kernel/ramdisk.
3)Ill quote from another thread: http://forum.xda-developers.com/showthread.php?t=2582811
][NT3L][G3NC][ said:
- backup and restore important device partitions - EFS (Samsung), TA (Sony), MODEM (Exynos devices), MODEMST1 & MODEMST2 (Qualcomm devices),
- root is required
- easy to use
- many localizations
- see paths to important partitions of your device using Menu -> Device Partitions
Click to expand...
Click to collapse
As far as im understanding these partitions hold carrier information/imei and all other sorts of GRPS information in regards to connecting your devices radio to Service. Sorta like your network card drivers and Mac Address
I looked at another persons rom dump and I seen only these partitions in the archive. Sadly I dont remember where i found this but is from a guy who JTAGS devices. So im pretty sure its legit. Its from the Sprints version of this device.
/system.img.ext4(going to be the biggest dump)
/recovery.img
/cache.img.ext4
/boot.img
[QUOTE=']
1. What Partitions/Blocks Do I Need To Obtain To Create An Odin Flashable Recovery Image
2. Is There A Droid Binary, Or Script I Can Use To Dump The Rom While Creating The Above For Odin?
Just Found Something I Downloaded At Some Point Called: ROMGEN Any Idea On That Binary??? And phantomphr33k Any Request.
[/QUOTE]
So basicallly special request if you could is mainly dump those partitions above
This Romgen seemingly looks to dump what is needed for the rom. It also makes and update-script flashable Odin file. Never tried it myself. ive used cygwin/kitchen personally.
If you would do that would be sufficient as a stock rom. Granted if the rom is updated its not stock.....BUT at least it will be an updated stock vwz sch-i915 out there in public finally.
AND...extra special request is a pit file. Reason being is i need to attempt to flash by other means not via odin.(more personal use than general public) and i need the block information to flash partitions to the chip at the certain points. Im extracting the *.img/bin files and compiling *.mbn files and going to attempt to flash directly to the chip. As far as ive seen its worked on a few other devices and i might as well try considering this is a Qualcomm device and it is recognized in QPST. Maybe the security on the bootloader may not allow it but what could it hurt? its already hard bricked right? lol
http://forum.xda-developers.com/showthread.php?t=1916936
program here for windows. I never checked for any linux based tools cuz i use cygwin if i absolutely need linux.
Much appreciated ][NT3L][G3NC][ your making my day :laugh:
happy new years intelligence since it seems ur the only one to view this thread.
so did you ever get a good romdump? I have been trying all night to do it to mine but can not get it to work.
NOTE:
I'm not a developer or something even near to that. All information provided here is copied from different sources and according to the best of my knowledge.
I have tested this on different devices using Windows 8.1 & 10. I'll not be responsible for any harm to you or your device. It works perfectly for me. You may try it on your own risk.
Save / backup your data before performing any actions.
WHAT IS ADB/FASTBOOT
ADB and fastboot are different protocols used through PC to perform different command line operations on device through USB in ROM/Recovery and bootloader mode respectively.
Android Debugging Bridge is basically used by developers to identify and fix bugs in OS (ROM). ADB works in ROM and recovery both.
Fastboot works in bootloader mode even when phone is not switched on in Recovery or ROM or even if Android isn't installed on phone. In later case, bootloader can be accessed by certain button combination while powering on device; usually Power + Vol. Down. See here the booting process of Android devices.
Fastboot/ADB setup is to be made on PC to use this mode. ADB mode has more flexibility than fastboot as it supports more types of flashable files to be flashed. ADB also supports backing up Apps and Data. ADB/fastboot commands can be used to flash recovery and boot images. It can also flash ROMs and mods like rooting solutions and XPOSED by booting into recovery. And above all, it is the only way to unlock bootloader without which the device functionality is too limited. Read here why we need to unlock bootloader.
In bootloader mode, usually boot logo or fastboot logo appears on device screen.
SETUP
Enable USB Debugging in Settings > Developer Options. If not available, Dev. Options can be accessed by tapping 5 (or 7) times Build Number in Settings > About Phone.
Allow ADB root access in Dev. Options or SuperSU. Some commands need root.
Allow data transfer over ADB when prompted on device screen. Otherwise you might get errors like device unauthorized etc. So keep screen unlocked at first connect.
Disable MTP, PTP, UMS etc. from USB computer connection on device to avoid any interruptions.
Install Android SDK or simply install 15 Seconds ADB Setup 1.4.2. It works up to Android Lollipop (AOSP 5). Credits to Snoop05
Windows 8.1 users who got error installing this setup should first install Windows Update KB2917929.
You will have to navigate to adb folder each time you start cmd. Or setup adb to work globally. On your PC, go to System Properties > Advanced System Settings > Environment Variables. Click on New (User Variables). Variables Name: ADB ( Or anything you want). Variables Value: ;C:\adb (if installed 15 seconds setup) or ;C:\SDK\paltform-tools.
Install ADB USB Drivers for your Android Device. To do this automatically, download and run ADB Driver Installer. Connect device through USB cable and install drivers.
NOTE: Spaces in file paths don't work in adb commands. Non-English characters and languages don't work either. Also the commands are case-sensitive.
There is a long list of adb/fastboot commands to perform numerous operations. Here are a few of those being listed keeping in view certain tasks:
COMMON COMMANDS
On PC run Command Prompt as Administrator.
To check connected devices when ROM is running on phone:
Code:
adb devices
To boot into bootloader mode:
Code:
adb reboot bootloader
To check connected devices when in bootloader mode:
Code:
fastboot devices
To boot into ROM:
Code:
fastboot reboot
To boot into recovery:
Code:
fastboot reboot recovery
There are some common Linux commands which can be used in combination with these commands to perform certain operation. However, ADB | FASTBOOT is not necessarily required for these Linux commands. These can be run directly from Terminal Emulator in ROM or Custom Recovery. Some of them are given below.
UNLOCK BOOTLOADER
NOTE: Some newer devices don't allow unlocking of bootloader directly to ensure more security. Instead an official method is provided to unlock BL using PC.
Read here to know about the risks of BL unlocking.
To check the bootloader status:
Code:
fastboot oem device-info
“True” on unlocked status.
If "false", run the following to unlock:
Code:
fastboot oem unlock
However these are OEM specific commands and may differ or not work on all devices. Fastboot's own commands (which are part of AOSP source and) that can unlock bootloader allowing flashing of partitions:
Code:
fastboot flashing unlock
Allow flashing of bootloader related partitions too:
Code:
fastboot flashing unlock_critical
FORMAT DATA PARTITION
This will erase your data.
Code:
fastboot format:ext4 userdata
It can be performed on other flash partitions as well. A general syntax is 'fastboot format:FS PARTITION'
FLASH RECOVERY
Download recovery.img (specific for your device) to adb folder.
To test the recovery without permanently flashing, run the following:
Code:
fastboot boot recovery.img
On next reboot, recovery will be overwritten by previous recovery.
Or to permanently flash recovery, run:
Code:
fastboot flash recovery recovery.img
fastboot reboot recovery
Stock ROM's often tend to replace custom recovery with stock one on first reboot. That's why, booting into recovery is recommended before booting into ROM.
FLASH KERNEL
Download boot.img (specific for your device) to adb folder and run following:
Code:
fastboot flash boot boot.img
FLASH ROM
Download ROM.zip (for your device) created for fastboot i.e. with android-info.txt and android-product.txt.
To wipe your device and then to flash .zip:
Code:
fastboot -w
fastboot update </path/to/your/Rom.zip>
PASSING FASTBOOT ARGUMENTS
Fastboot supports passing options. For example, while booting a modified kernel image with FramBuffer Console support, console device and its font can be provided as option:
Code:
fastboot boot -c "console=tty0,115200 fbcon=font:VGA8x8" boot-fbcon.img
GAIN ROOT (Not recommended method. Better flash directly through custom recovery).
Root is required to modify the contents of /system. You can read here further.
Download (flashable) supersu.zip and custom or modified recovery.img (having support to flash .zip files) to adb folder and run the following:
Code:
fastboot boot recovery.img
Now once you are in recovery, adb will work instead of fastboot.
To copy files from PC to device and then to extract files, run the following:
Code:
adb push supersu.zip /tmp
adb shell /sbin/recovery --update_package=/tmp/supersu.zip
BACKUP / RESTORE APPS & DATA (From/To PC)
To backup and restore all apps and their data:
Code:
adb backup -apk -shared -all -system -f C:\backup.ab
adb restore C:\backup.ab
Read here for details.
COPY WHOLE PARTITION IMAGE (within device)
This method can be used to backup whole device e.g. to backup /data/ including /data/media/ i.e. Internal SD Card which isn't backed up by custom recovery (TWRP). Or you can get any partition image for development purpose. This method retains complete directory structure as well as file permissions, attributes and contexts.
To jump from windows command prompt to android device shell:
Code:
adb shell
These commands can also be given from Recovery Terminal instead of ADB.
To get SuperUser access (in ROM):
Code:
su
To list all available partitions or mount points on device:
Code:
cat /proc/partitions
Or go to "/dev/block/platform/" folder on device. Search for the folder having folder "by-name" inside it. It's msm_sdcc.1 (on Nokia X2). Run the following:
Code:
ls -al /dev/block/platform/*/by-name
Or simply use DiskInfo app to get partition name you want to copy. Say you want to copy /data (userdata) partition. On Nokia X2DS, it is mmcblk0p25.
To confirm:
Code:
readlink /dev/block/bootdevice/by-name/userdata
Run the following to copy partition:
Code:
dd if=/dev/block/mmcblk0p25 of=/sdcard/data.img
or
Code:
cat /dev/block/mmcblk0p25 > /sdcard/data.img
or
Code:
dd if=/dev/block/bootdevice/by-name/userdata of=/sdcard/data.img
data.img will be copied to your SD card.
It also works inversely (restore):
Code:
dd if=/sdcard/data.img of=/dev/block/mmcblk0p25
data.img from your SD card will be written to device.
Similarly you can copy system.img, boot.img or any other partition. However boot.img and other partitions may not be copied in ROM but in recovery mode only. So better use recovery for dd except if you're going to dd recovery partition itself. You can read here more about android partitions.
COPY WHOLE FOLDER (within device)
This method can be used to backup folders like /data/media/ which isn't backed up by custom recovery (TWRP).
To jump from windows command prompt to android device shell:
Code:
adb shell
These commands can also be given from Recovery Terminal.
To get SuperUser access (in ROM):
Code:
su
To copy from Internal Memory to SD Card:
Code:
cp -a /data/media/0/. /external_sd/internal_backup/
Or if you don't have SU permission:
Code:
cp -a /external_sd/. /sdcard/
To copy from SD Card to Internal Memory:
Code:
cp -a /external_sd/internal_backup/. /data/media/0/
However, if you are copying to an SD card with FAT32 file system, android permissions of files won't be retained and you would have to fix permissions yourself. In this case, you can use tar command to create archive of files along with their attributes ( permissions: mode & ownership + time-stamps) and security contexts etc. But FAT32 FS has also a limitations of 4GB maximum file size. You may use "split" command along with "tar" to split the archive in smaller blocks. Or use exFat or Ext4 filesystem for larger file support. Ext4 would give higher writing speed in Android but not supported in Windows i.e. SD card can't be mounted in Windows. MTP however works.
To jump from windows command prompt to android device shell:
Code:
adb shell
To get SuperUser access (in ROM):
Code:
su
To copy from Internal Memory to SD Card:
Code:
tar cvpf /external_sd/internal_backup/media.tar /data/media/0/
To extract from SD Card to Internal Memory (along with path):
Code:
tar -xvf /external_sd/internal_backup/media.tar
To extract from SD Card to some other location, use "-C":
Code:
tar -xvf /external_sd/internal_backup/media.tar -C /data/media/0/extracted_archive/
COPY WHOLE FOLDER (From/To PC)
This method can be used to backup folders like /data/media/ which isn't backed up by custom recovery (TWRP).
To copy from PC to device:
Code:
adb push \path\to\folder\on\PC\ /path/to/folder/on/device/
To copy from device to PC:
Code:
adb pull /path/to/folder/on/device/ \path\to\folder\on\PC\
After copying from PC to device's Internal Memory (/data/media/), you might get Permission Denied error e.g. apps can't write or even read from Internal Memory. It's because Android (Linux) and Windows have different file permissions system. To FIX PERMISSIONS, boot into recovery and run following commands:
(Credits to xak944 )
Code:
adb shell
To take ownership of whole "media" directory:
Code:
chown -R media_rw:media_rw /data/media/
To fix permissions of directories:
Code:
find /data/media/ -type d -exec chmod 775 '{}' ';'
To fix permissions of files:
Code:
find /data/media/ -type f -exec chmod 664 '{}' ';'
HELP PLEASE! Fastboot is acting funny for first time, Huawei Honor 6X
Okay, so I have a Huawei Honor 6X. This device has been rooted and and had custom roms of sorts flashed fine, and bootloader has been unlocked several times only to later have me flash the stock firmware back thus locking bootloader, etc. So this isn't my first rodeo. However, have never seen this. Basically, going from the Stock ROM, I had enabled USB DEBUGGING and approved the little allow always toast popup. Then using my command line in linux, I issued
Code:
adb devices
.... saw it was seeing the device. Then issued
Code:
adb reboot bootloader
. Fine. I see
PHONE locked FRP Unlocked
Click to expand...
Click to collapse
on my fastboot screen. So I know my bootloader is locked. Also, I had previously gotten my unlock code from Huawei as well. But please see the attached image attached belowe here for the real picture of things because once in my fastboot mode, issuing
Code:
fastboot devices
shows my Device ID. However when trying to issue the
Code:
fastboot oem unlock bootloader
code, it acts then like it can find the device or either the devices doesn't find the command? It just says waiting for devices as you can see... wtf? This is all at the same instance. Please see attached and any help, suggestions, etc. are appreciated!
i also have problem trying to issue some fastboot command
bootloader have been unlock
except fastboot reboot command, the rest of fastboot cannot be execute
the error were
...
FAILED (remote: Command not allowed)
finished. total time: 0.00s
can i issue fastboot command from twrp terminal
i want to enable charge reboot
on fastboot
fastboot oem off-mode-charge disable
how to issue comand from within twrp terminal?
ahhl said:
i also have problem trying to issue some fastboot command
bootloader have been unlock
except fastboot reboot command, the rest of fastboot cannot be execute
the error were
...
FAILED (remote: Command not allowed)
finished. total time: 0.00s
can i issue fastboot command from twrp terminal
i want to enable charge reboot
on fastboot
fastboot oem off-mode-charge disable
how to issue comand from within twrp terminal?
Click to expand...
Click to collapse
All vendors don't allow all fastboot commands. Despite of unlocked bootloader, some commands might not work or work differently on certain devices.
No you can't control fastboot from TWRP. Bootloader / fastboot come at lower level in boot process. Recovery itself is loaded by bootloader. We can't control fastboot from recovery. However a few adb commands work in TWRP as well.
Hi guys!
BACKUP / RESTORE APPS & DATA (From/To PC)
Is it still possible on Android Nougat/Oreo on last Samsung devices?
Thanks!
Sent from my SM-G950F using Tapatalk
PIRATA! said:
Hi guys!
BACKUP / RESTORE APPS & DATA (From/To PC)
Is it still possible on Android Nougat/Oreo on last Samsung devices?
Thanks!
Click to expand...
Click to collapse
It's related to adb which is same on Nougat/Oreo, I think. So it should work similarly.
ahhl said:
i also have problem trying to issue some fastboot command
bootloader have been unlock
except fastboot reboot command, the rest of fastboot cannot be execute
the error were
Click to expand...
Click to collapse
FRP locked?
---------- Post added at 11:43 AM ---------- Previous post was at 10:50 AM ----------
Very nice guide with detailed information.
Thanks
struggling with fastboot
Fastboot doesn't want to write out my unlock file???
I'm trying to unlock the bootloader on an old HTC wildfire S, and have followed all the steps listed on the official htcdev.com site to get the unlock token from HTC, but when I run
./fastboot flash unlocktoken Unlock_code.bin
I get
target didn't report max-download-size
sending 'unlocktoken' (0 KB)
but then it just sits these forever
all other fastboot commands seem to work fine, just the flash unlock thats not being written
I can find lots of posts from people with same problem, but no answers that get me any nearer.
enviro here is debian with latest android dev installed from the standard repositories, and fastboot 1:7.0.0+r33-1
phone is wildfire s
Marvel pvt ship s-on rl
hboot 1.09.0099
microp 0451
radio 7.57.39.10m
feb 8 2012,10:29.31
branded for the uk three network.
any help would be appreciated!
chris w
Try this with that Huawei. This should.unlock the oem
Go into settings . Go all the way to the bottom to about phone, then go find build number press at a bunch of times rapidly that'll take you into developer mode. Once in developer mode back into the main menu of settings scroll down to developer options. You should find OEM bootloader unlock about three or four down in that section click unlock and you should be good to go. Good luck oh and I didn't have to back mine up first so you should be good to go.....
theburrus1 said:
Okay, so I have a Huawei Honor 6X. This device has been rooted and and had custom roms of sorts flashed fine, and bootloader has been unlocked several times only to later have me flash the stock firmware back thus locking bootloader, etc. So this isn't my first rodeo. However, have never seen this. Basically, going from the Stock ROM, I had enabled USB DEBUGGING and approved the little allow always toast popup. Then using my command line in linux, I issued
Code:
adb devices
.... saw it was seeing the device. Then issued
Code:
adb reboot bootloader
. Fine. I see on my fastboot screen. So I know my bootloader is locked. Also, I had previously gotten my unlock code from Huawei as well. But please see the attached image attached belowe here for the real picture of things because once in my fastboot mode, issuing
Code:
fastboot devices
shows my Device ID. However when trying to issue the
Code:
fastboot oem unlock bootloader
code, it acts then like it can find the device or either the devices doesn't find the command? It just says waiting for devices as you can see... wtf? This is all at the same instance. Please see attached and any help, suggestions, etc. are appreciated!
Click to expand...
Click to collapse
unknown command while flashing through fastboot
i keep getting unknown command while trying to flash recovery images or firmware, please help me
whitehat15 said:
i keep getting unknown command while trying to flash recovery images or firmware, please help me
Click to expand...
Click to collapse
What commands are you trying and which phone/android version as command has changed since oreo
@mirfatif Do you know what the fastboot update command is doing under the hood? It's obviously flashing the images to the correct partitions but how does it know what image goes where? fastboot flash boot boot.img makes sense to me but running a fastboot command on a bunch of image files in a zip file doesn't. Thanks.
jd1639 said:
@mirfatif Do you know what the fastboot update command is doing under the hood? It's obviously flashing the images to the correct partitions but how does it know what image goes where? fastboot flash boot boot.img makes sense to me but running a fastboot command on a bunch of image files in a zip file doesn't. Thanks.
Click to expand...
Click to collapse
Can you give me example of such zip file? Fastboot protocol is provided by application bootloader (aboot) which knows very well the exact boundaries of partitions on device. When flashing images, we are telling fastboot what image it is or where it is to be written.
mirfatif said:
Can you give me example of such zip file? Fastboot protocol is provided by application bootloader (aboot) which knows very well the exact boundaries of partitions on device. When flashing images, we are telling fastboot what image it is or where it is to be written.
Click to expand...
Click to collapse
The Nexus and pixel phones have had a batch file in the factory image zip file that runs fastboot flashes for the bootloader and radio and then runs a command fastboot update xyz.zip. The xyz.zip is another zip file within the factory image zip. This zip contains all the other image files, i.e. system, modem, etc. Also, I have a pixel 3 and there is no aboot partition. The kernel and recovery images are also both contained in the boot.img. These phones are getting more difficult to deal with.
These are the partitions:
127|:/dev/block/bootdevice/by-name # ls -all
total 0
drwxr-xr-x 2 root root 1440 1970-05-03 01:39:00.159934065 -0500 .
drwxr-xr-x 3 root root 1580 1970-05-03 01:39:00.159934065 -0500 ..
lrwxrwxrwx 1 root root** 15 1970-05-03 01:39:00.146602064 -0500 ALIGN_TO_128K_1 -> /dev/block/sdd1
lrwxrwxrwx 1 root root** 15 1970-05-03 01:39:00.143269064 -0500 ALIGN_TO_128K_2 -> /dev/block/sdf1
lrwxrwxrwx 1 root root** 16 1970-05-03 01:39:00.139936063 -0500 ImageFv -> /dev/block/sdf14
lrwxrwxrwx 1 root root** 15 1970-05-03 01:39:00.149935064 -0500 abl_a -> /dev/block/sde4
lrwxrwxrwx 1 root root** 16 1970-05-03 01:39:00.153268065 -0500 abl_b -> /dev/block/sde16
lrwxrwxrwx 1 root root** 15 1970-05-03 01:39:00.153268065 -0500 aop_a -> /dev/block/sde1
lrwxrwxrwx 1 root root** 16 1970-05-03 01:39:00.153268065 -0500 aop_b -> /dev/block/sde13
lrwxrwxrwx 1 root root** 16 1970-05-03 01:39:00.143269064 -0500 apdp_a -> /dev/block/sda15
lrwxrwxrwx 1 root root** 16 1970-05-03 01:39:00.156601065 -0500 apdp_b -> /dev/block/sda16
lrwxrwxrwx 1 root root** 16 1970-05-03 01:39:00.159934065 -0500 boot_a -> /dev/block/sda11
lrwxrwxrwx 1 root root** 16 1970-05-03 01:39:00.143269064 -0500 boot_b -> /dev/block/sda12
lrwxrwxrwx 1 root root** 15 1970-05-03 01:39:00.146602064 -0500 cdt -> /dev/block/sdd2
lrwxrwxrwx 1 root root** 15 1970-05-03 01:39:00.153268065 -0500 cmnlib64_a -> /dev/block/sde7
lrwxrwxrwx 1 root root** 16 1970-05-03 01:39:00.139936063 -0500 cmnlib64_b -> /dev/block/sde19
lrwxrwxrwx 1 root root** 15 1970-05-03 01:39:00.153268065 -0500 cmnlib_a -> /dev/block/sde6
lrwxrwxrwx 1 root root** 16 1970-05-03 01:39:00.149935064 -0500 cmnlib_b -> /dev/block/sde18
lrwxrwxrwx 1 root root** 15 1970-05-03 01:39:00.146602064 -0500 ddr -> /dev/block/sdd3
lrwxrwxrwx 1 root root** 15 1970-05-03 01:39:00.139936063 -0500 devcfg_a -> /dev/block/sde8
lrwxrwxrwx 1 root root** 16 1970-05-03 01:39:00.149935064 -0500 devcfg_b -> /dev/block/sde20
lrwxrwxrwx 1 root root** 15 1970-05-03 01:39:00.139936063 -0500 devinfo -> /dev/block/sdf7
lrwxrwxrwx 1 root root** 15 1970-05-03 01:39:00.139936063 -0500 dip -> /dev/block/sdf8
lrwxrwxrwx 1 root root** 16 1970-05-03 01:39:00.143269064 -0500 dtbo_a -> /dev/block/sde11
lrwxrwxrwx 1 root root** 16 1970-05-03 01:39:00.149935064 -0500 dtbo_b -> /dev/block/sde23
lrwxrwxrwx 1 root root** 15 1970-05-03 01:39:00.153268065 -0500 frp -> /dev/block/sda4
lrwxrwxrwx 1 root root** 15 1970-05-03 01:39:00.139936063 -0500 fsc -> /dev/block/sdf6
lrwxrwxrwx 1 root root** 15 1970-05-03 01:39:00.146602064 -0500 fsg -> /dev/block/sdf5
lrwxrwxrwx 1 root root** 15 1970-05-03 01:39:00.149935064 -0500 hyp_a -> /dev/block/sde3
lrwxrwxrwx 1 root root** 16 1970-05-03 01:39:00.149935064 -0500 hyp_b -> /dev/block/sde15
lrwxrwxrwx 1 root root** 15 1970-05-03 01:39:00.139936063 -0500 keymaster_a -> /dev/block/sde5
lrwxrwxrwx 1 root root** 16 1970-05-03 01:39:00.139936063 -0500 keymaster_b -> /dev/block/sde17
lrwxrwxrwx 1 root root** 15 1970-05-03 01:39:00.156601065 -0500 keystore -> /dev/block/sda3
lrwxrwxrwx 1 root root** 16 1970-05-03 01:39:00.159934065 -0500 klog -> /dev/block/sda19
lrwxrwxrwx 1 root root** 16 1970-05-03 01:39:00.146602064 -0500 limits -> /dev/block/sdf10
lrwxrwxrwx 1 root root** 16 1970-05-03 01:39:00.143269064 -0500 logfs -> /dev/block/sdf12
lrwxrwxrwx 1 root root** 16 1970-05-03 01:39:00.156601065 -0500 metadata -> /dev/block/sda20
lrwxrwxrwx 1 root root** 15 1970-05-03 01:39:00.153268065 -0500 misc -> /dev/block/sda2
lrwxrwxrwx 1 root root** 16 1970-05-03 01:39:00.156601065 -0500 modem_a -> /dev/block/sda13
lrwxrwxrwx 1 root root** 16 1970-05-03 01:39:00.156601065 -0500 modem_b -> /dev/block/sda14
lrwxrwxrwx 1 root root** 15 1970-05-03 01:39:00.139936063 -0500 modemcal -> /dev/block/sdd4
lrwxrwxrwx 1 root root** 15 1970-05-03 01:39:00.143269064 -0500 modemst1 -> /dev/block/sdf3
lrwxrwxrwx 1 root root** 15 1970-05-03 01:39:00.146602064 -0500 modemst2 -> /dev/block/sdf4
lrwxrwxrwx 1 root root** 16 1970-05-03 01:39:00.143269064 -0500 msadp_a -> /dev/block/sda17
lrwxrwxrwx 1 root root** 16 1970-05-03 01:39:00.149935064 -0500 msadp_b -> /dev/block/sda18
lrwxrwxrwx 1 root root** 15 1970-05-03 01:39:00.146602064 -0500 persist -> /dev/block/sdf2
lrwxrwxrwx 1 root root** 15 1970-05-03 01:39:00.143269064 -0500 product_a -> /dev/block/sda7
lrwxrwxrwx 1 root root** 15 1970-05-03 01:38:59.939956043 -0500 product_b -> /dev/block/sda8
lrwxrwxrwx 1 root root** 15 1970-05-03 01:39:00.149935064 -0500 qupfw_a -> /dev/block/sde9
lrwxrwxrwx 1 root root** 16 1970-05-03 01:39:00.143269064 -0500 qupfw_b -> /dev/block/sde21
lrwxrwxrwx 1 root root** 15 1970-05-03 01:39:00.139936063 -0500 sec -> /dev/block/sdd6
lrwxrwxrwx 1 root root** 16 1970-05-03 01:39:00.139936063 -0500 splash -> /dev/block/sdf15
lrwxrwxrwx 1 root root** 15 1970-05-03 01:39:00.136603063 -0500 spunvm -> /dev/block/sdf9
lrwxrwxrwx 1 root root** 15 1970-05-03 01:39:00.143269064 -0500 ssd -> /dev/block/sda1
lrwxrwxrwx 1 root root** 16 1970-05-03 01:39:00.143269064 -0500 sti -> /dev/block/sdf13
lrwxrwxrwx 1 root root** 16 1970-05-03 01:39:00.146602064 -0500 storsec_a -> /dev/block/sde12
lrwxrwxrwx 1 root root** 16 1970-05-03 01:39:00.149935064 -0500 storsec_b -> /dev/block/sde24
lrwxrwxrwx 1 root root** 15 1970-05-03 01:39:00.153268065 -0500 system_a -> /dev/block/sda5
lrwxrwxrwx 1 root root** 15 1970-05-03 01:39:00.159934065 -0500 system_b -> /dev/block/sda6
lrwxrwxrwx 1 root root** 16 1970-05-03 01:39:00.146602064 -0500 toolsfv -> /dev/block/sdf11
lrwxrwxrwx 1 root root** 15 1970-05-03 01:39:00.139936063 -0500 tz_a -> /dev/block/sde2
lrwxrwxrwx 1 root root** 16 1970-05-03 01:39:00.139936063 -0500 tz_b -> /dev/block/sde14
lrwxrwxrwx 1 root root** 15 1970-05-03 01:39:00.149935064 -0500 uefivar -> /dev/block/sdd5
lrwxrwxrwx 1 root root** 16 1970-05-03 01:39:00.153268065 -0500 userdata -> /dev/block/sda21
lrwxrwxrwx 1 root root** 16 1970-05-03 01:39:00.153268065 -0500 vbmeta_a -> /dev/block/sde10
lrwxrwxrwx 1 root root** 16 1970-05-03 01:39:00.139936063 -0500 vbmeta_b -> /dev/block/sde22
lrwxrwxrwx 1 root root** 15 1970-05-03 01:39:00.143269064 -0500 vendor_a -> /dev/block/sda9
lrwxrwxrwx 1 root root** 16 1970-05-03 01:38:59.939956043 -0500 vendor_b -> /dev/block/sda10
lrwxrwxrwx 1 root root** 15 1970-05-03 01:39:00.139936063 -0500 xbl_a -> /dev/block/sdb1
lrwxrwxrwx 1 root root** 15 1970-05-03 01:39:00.149935064 -0500 xbl_b -> /dev/block/sdc1
lrwxrwxrwx 1 root root** 15 1970-05-03 01:39:00.146602064 -0500 xbl_config_a -> /dev/block/sdb2
lrwxrwxrwx 1 root root** 15 1970-05-03 01:39:00.149935064 -0500 xbl_config_b -> /dev/block/s
Sent from my [device_name] using XDA-Developers Legacy app
jd1639 said:
The xyz.zip is another zip file within the factory image zip. This zip contains all the other image files, i.e. system, modem, etc.
Click to expand...
Click to collapse
And it also contains rawprogram_unsparse.xml or something similar with all partitions listed?
Also, I have a pixel 3 and there is no aboot partition.
Click to expand...
Click to collapse
I haven't used a device so far with A/B partitioning scheme, so I'm not sure what nomenclature they use for partitions but I think abl_* is the application bootloader.
The kernel and recovery images are also both contained in the boot.img.
Click to expand...
Click to collapse
Yes. There is no recovery partition with A/B scheme.
mirfatif said:
And it also contains rawprogram_unsparse.xml or something similar with all partitions listed?
I haven't used a device so far with A/B partitioning scheme, so I'm not sure what nomenclature they use for partitions but I think abl_* is the application bootloader.
Yes. There is no recovery partition with A/B scheme.
Click to expand...
Click to collapse
There's nothing in the zip but image files. There's one text file but it just checks for latest bootloader. There's an image, xbl_config.img. I'm not sure what that does.
Sent from my [device_name] using XDA-Developers Legacy app
jd1639 said:
There's nothing in the zip but image files. There's one text file but it just checks for latest bootloader. There's an image, xbl_config.img. I'm not sure what that does.
Click to expand...
Click to collapse
Actaully rawprogram_unsparse.xml or similar files are used by Factory Flashers such as in Download Mode or ODIN etc. If the device is booted up to the stage of application bootloader (aboot), enough detail of partitions on eMMC is already loaded, including partition names (or labels) that are assigned at the time of creating GUID partition table (GPT). When we execute fastboot update xyz.zip, it flashes all images one by one very similar to fastboot flash boot boot.img, fastboot flash system system.img and so on. Here boot and system are partition names (part_name) while boot.img and system.img are image files (img_name) that should be found in OTA update zip file. Which image file is to be written to which partition is hard-coded in fastboot command's source code:
Code:
static struct {
const char* nickname;
const char* img_name;
const char* sig_name;
const char* part_name;
bool is_optional;
bool is_secondary;
} images[] = {
{ "boot", "boot.img", "boot.sig", "boot", false, false },
{ "system", "system.img", "system.sig", "system", false, false },
...
...
}
mirfatif said:
Actaully rawprogram_unsparse.xml or similar files are used by Factory Flashers such as in Download Mode or ODIN etc. If the device is booted up to the stage of application bootloader (aboot), enough detail of partitions on eMMC is already loaded, including partition names (or labels) that are assigned at the time of creating GUID partition table (GPT). When we execute fastboot update xyz.zip, it flashes all images one by one very similar to fastboot flash boot boot.img, fastboot flash system system.img and so on. Here boot and system are partition names (part_name) while boot.img and system.img are image files (img_name) that should be found in OTA update zip file. Which image file is to be written to which partition is hard-coded in fastboot command's source code:
Code:
static struct {
const char* nickname;
const char* img_name;
const char* sig_name;
const char* part_name;
bool is_optional;
bool is_secondary;
} images[] = {
{ "boot", "boot.img", "boot.sig", "boot", false, false },
{ "system", "system.img", "system.sig", "system", false, false },
...
...
}
Click to expand...
Click to collapse
This is great, especially the source code. It tells me a lot. I learned something new for the day!
how to use unlock oem command when no Volume button is available on car GPS T98 10 inches UNIT.?
WARNING
This should go without saying, but you MUST have your bootloader unlocked (check OEM UNLOCK in developer options AND fastboot oem unlock).
If you don't, you WILL brick your phone.
If you don't know how to FULLY unlock your bootloader -- search. This thread is not here to educate you on unlocking your bootloader.
If your bootloader isn't unlocked, you will get a RED warning that your phone has been modified, and will refuse to boot.
If your bootloader IS unlocked, your will have a YELLOW warning even if you haven't modified your phone yet, and your phone will still boot. This is normal!
If you use this on any model V20 besides the H918, you will be stuck in a bootloop, and you will not be able to fix it since you will have wiped out download mode!
There is NO fixing this!
You must be on version H91810p or H91810q
This is now completely safe. It will either work or it won't, but it can NOT brick your phone if you meet the requirements listed above, and you follow the procedure exactly.
If it DOES brick your phone, I am not responsible.
If you deviate from this procedure, and think: "I can just skip a step, or I can do this on my own Linux install". Don't complain if you brick your phone.
This ONLY replaces download mode with TWRP. If you want to root, you can search for how to root. If you don't know how to use TWRP -- search.
PREREQUISITES:
If you aren't on 10p or 10q, grab the H918 10p KDZ: here.
This is NOT a guide for flashing KDZs -- there are plenty of those out there -- search.
You need to grab FWUL (version 2.7 or later) and burn it to a USB stick: link
Even if you have Linux, and you think you can install the dependencies, don't. I know this works from FWUL.
If you choose to press on in expert mode (using FWUL in a VM, using your own Linux install, using WSL, etc), don't get upset if I don't answer your questions.
For Windows you will need Rufus to burn FWUL onto a USB stick.
If you have questions about FWUL, please ask in the FWUL thread.
Installing TWRP
Again, this will ONLY install TWRP onto download mode. What you do with TWRP when it is done is up to you. Flash Magisk or SuperSU. Flash a ROM, or just make a backup of your phone. It is up to you.
I would suggest flashing TWRP onto recovery as well, otherwise you will need to use the vol up + USB cable method to get to TWRP. There is no key combination to get to download mode.
Boot from your FWUL USB stick.
Put your phone into download mode. With the phone powered off, hold vol up and plug in the USB cable. You do not need to touch the power button -- the phone will power on and enter download mode.
Once booted, login. The password is: linux
Double click the LG folder that is on the desktop
Double click on LG LAF (runningnak3d) icon and you will be at a terminal prompt.
The following are the commands that you enter into that terminal. You can copy / paste them if you like.
Code:
git pull
git checkout h918-miscwrte
./step1.sh
When you are told to, pull the USB cable, and the phone will power off. You now have TWRP on your laf partition.
It must be said again, flash TWRP onto recovery so you can easily get to TWRP.
OPTIONAL
If you would like to restore download mode onto your laf partition AFTER you have installed TWRP onto recovery:
Boot to TWRP that is on recovery
Flash this zip: laf_restore.zip
This can be done at any time after you are rooted. About the only reason you would want to flash laf back is if you use LG Backup.
TWRP has the ability to backup your phone, so I am not sure why someone would want this (maybe you are more comfortable with it?).
Also, flashing back to 100% unrooted stock can be accomplished by flashing a zip in TWRP, you don't NEED to flash a KDZ, but again, maybe you are more comfortable doing it that way.
The bottom line is TWRP on both laf and recovery is FAR FAR more useful than flashing laf back. You can test new versions of TWRP while keeping your old known working version (for example).
If you are having problems flashing a ROM, ask in the appropriate ROM thread.
If you are having problems with Magisk, ask in the Magisk thread.
If you are having problems with SuperSU, Lineage, or even TWRP itself, ask in the appropriate thread.
This thread is ONLY for problems if TWRP doesn't boot when you are done.
CREDITS:
Lekensteyn -- His base work on the G2 / G3 gave me a GREAT headstart!
@steadfasterX - He added some real nice features, great guy to bounce ideas off, and just testing crazy ideas because he wasn't afraid to brick his phone Also, for FWUL
tuxuser - Helping with my lacking in Python
@smitel - His original reverse engineering of LG UP. Great inspiration!
@me2151 - His original DirtySanta exploit. Without it, the V20 would probably still not be rooted.
-- Brian
XDA:DevDB Information
lafsploit, Tool/Utility for the LG V20
Contributors
runningnak3d
Source Code: https://gitlab.com/runningnak3d/lglaf
Version Information
Status: Stable
Current Stable Version: 1.1
Stable Release Date: 2018-07-15
Created 2018-04-05
Last Updated 2018-07-16
Congratulations for this amazing work I been follow your work on your original tread it's amazing !!! I current have the note 8 but I still have a v20 (from what i posting right now lol ) the first was. TMobile and right now I have a Verizon unlock v20 Wich I really enjoying Whit Xposed mode well anyway what I trying to said is you work make me pick up my v20 again and give me some inspiration to learn ... Keep going
UPDATE: I GET A TMOBILE V20 now I have root again, thanks again ?
Congrats been following your work since day 1 man the effort paid off. Thanks one man that took on the whole lg dev team.
Will there ever be a chance for the US998 (US Cellular) ?
Awesome can't wait to build lineage for the v20! Now that I have a spare device it'll make learning a lot easier. So now I can test on my current daily driver before adding the mods to my v20 builds. I can't even begin to describe how much this means to so many of us in the community! Especially myself.
That said I'll give it a try tomorrow after work assuming I have friday off & l'll report back asap.
If installing python 3 on windows 10 will the default install settings work? Just wanted to double check. & thanks again man. Amazingly awesome work!
Sent from my LG-D851 using XDA Labs
---------- Post added at 01:35 AM ---------- Previous post was at 01:32 AM ----------
KanBorges said:
Will there ever be a chance for the US998 (US Cellular) ?
Click to expand...
Click to collapse
He is also working on the locked bootloader devices. I'll let him explain most of the details if he has the time. However if you want to read up on the progress check this thread:
https://forum.xda-developers.com/v20/how-to/laf-download-mode-how-root-t3676011/page92
Sent from my LG-D851 using XDA Labs
omg, you sir are a God! [emoji122] [emoji122]
Sent from my LG-H918 using XDA-Developers Legacy app
KanBorges said:
Will there ever be a chance for the US998 (US Cellular) ?
Click to expand...
Click to collapse
Even though the US998 isn't officially unlockable yet, you can follow this: https://forum.xda-developers.com/lg-v30/how-to/us998-bootloader-unlock-achieved-t3743359
https://gist.github.com/zacharee/6aa5fcb56d0a42937869494b12d77da2
working link
Thanks @dudeawsome and @Zacharee1 I fixed the link.
using the instructions provided, I'm consistently getting a usb device not found runtime error, any advice?
If you are on Windows, did you install the LG drivers?
-- Brian
runningnak3d said:
WARNING to G5 and G6 users. I need a partition listing before you try this to make sure misc is in the same location. You can brick your phone if misc is in a different location than the V20.
I am splitting this off from the main laf thread because that thread really needs to be cleaned. It was supposed to just be for development, and now it is impossible to find some valuable info
I say this is for the H918 only, but it should work on the H830 (G5) and H872 (G6) as well. I don't have those devices, so I can't test it. The H830 has a TWRP build, but the H872 doesn't -- so someone would have to risk using the US997 build.
Anyway, if you aren't feint at heart....
Here is a much more detailed guide that @Zacharee1 put together: link.
Enjoy your now rooted H918...
If this scares anyone, I will make it easier, but for the hardcore people, I wanted to get it out there.
I will clean this up and make it prettier when I have the chance.
-- Brian
Click to expand...
Click to collapse
Code:
1|lucye:/ $ ls -l /dev/block/platform/soc/624000.ufshc/by-name/
total 0
lrwxrwxrwx 1 root root 15 2018-01-16 19:40 aboot -> /dev/block/sde6
lrwxrwxrwx 1 root root 15 2018-01-16 19:40 abootbak -> /dev/block/sde7
lrwxrwxrwx 1 root root 16 2018-01-16 19:40 apdp -> /dev/block/sde26
lrwxrwxrwx 1 root root 15 2018-01-16 19:40 boot -> /dev/block/sde1
lrwxrwxrwx 1 root root 16 2018-01-16 19:40 cache -> /dev/block/sda17
lrwxrwxrwx 1 root root 15 2018-01-16 19:40 cdt -> /dev/block/sdd3
lrwxrwxrwx 1 root root 16 2018-01-16 19:40 cmnlib -> /dev/block/sde22
lrwxrwxrwx 1 root root 16 2018-01-16 19:40 cmnlib64 -> /dev/block/sde24
lrwxrwxrwx 1 root root 16 2018-01-16 19:40 cmnlib64bak -> /dev/block/sde25
lrwxrwxrwx 1 root root 16 2018-01-16 19:40 cmnlibbak -> /dev/block/sde23
lrwxrwxrwx 1 root root 15 2018-01-16 19:40 ddr -> /dev/block/sdd1
lrwxrwxrwx 1 root root 16 2018-01-16 19:40 devcfg -> /dev/block/sde16
lrwxrwxrwx 1 root root 16 2018-01-16 19:40 devcfgbak -> /dev/block/sde17
lrwxrwxrwx 1 root root 15 2018-01-16 19:40 devinfo -> /dev/block/sdb6
lrwxrwxrwx 1 root root 15 2018-01-16 19:40 dip -> /dev/block/sdb5
lrwxrwxrwx 1 root root 16 2018-01-16 19:40 dpo -> /dev/block/sde28
lrwxrwxrwx 1 root root 15 2018-01-16 19:40 drm -> /dev/block/sda4
lrwxrwxrwx 1 root root 16 2018-01-16 19:40 eksst -> /dev/block/sda11
lrwxrwxrwx 1 root root 16 2018-01-16 19:40 encrypt -> /dev/block/sda10
lrwxrwxrwx 1 root root 15 2018-01-16 19:40 eri -> /dev/block/sda7
lrwxrwxrwx 1 root root 15 2018-01-16 19:40 factory -> /dev/block/sda9
lrwxrwxrwx 1 root root 15 2018-01-16 19:40 fota -> /dev/block/sdb3
lrwxrwxrwx 1 root root 15 2018-01-16 19:40 fsc -> /dev/block/sdf3
lrwxrwxrwx 1 root root 15 2018-01-16 19:40 fsg -> /dev/block/sdb4
lrwxrwxrwx 1 root root 16 2018-01-16 19:40 grow -> /dev/block/sda19
lrwxrwxrwx 1 root root 15 2018-01-16 19:40 grow2 -> /dev/block/sdb7
lrwxrwxrwx 1 root root 15 2018-01-16 19:40 grow3 -> /dev/block/sdc3
lrwxrwxrwx 1 root root 15 2018-01-16 19:40 grow4 -> /dev/block/sdd4
lrwxrwxrwx 1 root root 16 2018-01-16 19:40 grow5 -> /dev/block/sde29
lrwxrwxrwx 1 root root 15 2018-01-16 19:40 grow6 -> /dev/block/sdf4
lrwxrwxrwx 1 root root 15 2018-01-16 19:40 grow7 -> /dev/block/sdg2
lrwxrwxrwx 1 root root 16 2018-01-16 19:40 hyp -> /dev/block/sde12
lrwxrwxrwx 1 root root 16 2018-01-16 19:40 hypbak -> /dev/block/sde13
lrwxrwxrwx 1 root root 16 2018-01-16 19:40 keymaster -> /dev/block/sde20
lrwxrwxrwx 1 root root 16 2018-01-16 19:40 keymasterbak -> /dev/block/sde21
lrwxrwxrwx 1 root root 16 2018-01-16 19:40 keystore -> /dev/block/sda14
lrwxrwxrwx 1 root root 15 2018-01-16 19:40 laf -> /dev/block/sda1
lrwxrwxrwx 1 root root 15 2018-01-16 19:40 lafbak -> /dev/block/sda2
lrwxrwxrwx 1 root root 15 2018-01-16 19:40 misc -> /dev/block/sda8
lrwxrwxrwx 1 root root 16 2018-01-16 19:40 modem -> /dev/block/sde18
lrwxrwxrwx 1 root root 15 2018-01-16 19:40 modemst1 -> /dev/block/sdf1
lrwxrwxrwx 1 root root 15 2018-01-16 19:40 modemst2 -> /dev/block/sdf2
lrwxrwxrwx 1 root root 15 2018-01-16 19:40 mpt -> /dev/block/sda3
lrwxrwxrwx 1 root root 16 2018-01-16 19:40 msadp -> /dev/block/sde27
lrwxrwxrwx 1 root root 15 2018-01-16 19:40 operatorlogging -> /dev/block/sda6
lrwxrwxrwx 1 root root 16 2018-01-16 19:40 persist -> /dev/block/sda15
lrwxrwxrwx 1 root root 15 2018-01-16 19:40 persistent -> /dev/block/sdg1
lrwxrwxrwx 1 root root 16 2018-01-16 19:40 pmic -> /dev/block/sde14
lrwxrwxrwx 1 root root 16 2018-01-16 19:40 pmicbak -> /dev/block/sde15
lrwxrwxrwx 1 root root 15 2018-01-16 19:40 raw_resources -> /dev/block/sde8
lrwxrwxrwx 1 root root 15 2018-01-16 19:40 raw_resourcesbak -> /dev/block/sde9
lrwxrwxrwx 1 root root 16 2018-01-16 19:40 rct -> /dev/block/sda12
lrwxrwxrwx 1 root root 15 2018-01-16 19:40 recovery -> /dev/block/sde2
lrwxrwxrwx 1 root root 15 2018-01-16 19:40 recoverybak -> /dev/block/sde3
lrwxrwxrwx 1 root root 15 2018-01-16 19:40 reserve -> /dev/block/sdd2
lrwxrwxrwx 1 root root 16 2018-01-16 19:40 rpm -> /dev/block/sde10
lrwxrwxrwx 1 root root 16 2018-01-16 19:40 rpmbak -> /dev/block/sde11
lrwxrwxrwx 1 root root 16 2018-01-16 19:40 sec -> /dev/block/sde19
lrwxrwxrwx 1 root root 15 2018-01-16 19:40 sns -> /dev/block/sda5
lrwxrwxrwx 1 root root 16 2018-01-16 19:40 ssd -> /dev/block/sda13
lrwxrwxrwx 1 root root 16 2018-01-16 19:40 system -> /dev/block/sda16
lrwxrwxrwx 1 root root 15 2018-01-16 19:40 tz -> /dev/block/sde4
lrwxrwxrwx 1 root root 15 2018-01-16 19:40 tzbak -> /dev/block/sde5
lrwxrwxrwx 1 root root 16 2018-01-16 19:40 userdata -> /dev/block/sda18
lrwxrwxrwx 1 root root 15 2018-01-16 19:40 xbl -> /dev/block/sdb1
lrwxrwxrwx 1 root root 15 2018-01-16 19:40 xbl2 -> /dev/block/sdc1
lrwxrwxrwx 1 root root 15 2018-01-16 19:40 xbl2bak -> /dev/block/sdc2
lrwxrwxrwx 1 root root 15 2018-01-16 19:40 xblbak -> /dev/block/sdb2
I am trying to download source to build twrp for the g6 but I am on my backup dsl (762kb/s) which sucks majorly.
If you are in an IRC chan I will be more then happy to join and give you access to my device remotely if need be.
on windows 10, latest insider build, all drivers installed, v20 detected in normal boot, download and fastboot modes. I'm reinstalling ubuntu just in case something weird happened with it..
@KAsp3rd Join #lglaf on irc.freenode.net
What I need is the GPT -- start LBA / end LBA of misc.
You can get that by running ./partitions.py --list
-- Brian
So after entering Download/LAF Mode and plugging in to computer, I get the following error when running the first command in step 6 of @Zacharee1's guide:
Code:
C:\lglaf>partitions.py --dump laf.img laf
LAF Crypto failed to import!
Traceback (most recent call last):
File "C:\lglaf\partitions.py", line 459, in <module>
main()
File "C:\lglaf\partitions.py", line 406, in main
comm = lglaf.autodetect_device()
File "C:\lglaf\lglaf.py", line 441, in autodetect_device
return USBCommunication()
File "C:\lglaf\lglaf.py", line 297, in __init__
custom_match = self._match_device)
File "C:\Users\SMTB\AppData\Local\Programs\Python\Python36-32\lib\site-packages\usb\core.py", line 1263, in find
raise NoBackendError('No backend available')
usb.core.NoBackendError: No backend available
As I am a total n00b, I have no idea what this means. Any help appreciated!
(using Windows Python install)
You didn't pip install cryptography or PyUSB
-- Brian
Getting the same backend error. Trying to reinstall just throws up an already installed reply. Windows 8.1
That is, trying to run the ./ cmds and the already installed elements are pyusb and crypt
runningnak3d said:
You didn't pip install cryptography or PyUSB
-- Brian
Click to expand...
Click to collapse
Well I did install those. When I try running pip install cryptography/PyUSB again, I get:
Code:
C:\lglaf>pip install cryptography
Requirement already satisfied: cryptography in c:\users\smtb\appdata\local\programs\python\python36-32\lib\site-packages
Requirement already satisfied: idna>=2.1 in c:\users\smtb\appdata\local\programs\python\python36-32\lib\site-packages (from cryptography)
Requirement already satisfied: six>=1.4.1 in c:\users\smtb\appdata\local\programs\python\python36-32\lib\site-packages (from cryptography)
Requirement already satisfied: asn1crypto>=0.21.0 in c:\users\smtb\appdata\local\programs\python\python36-32\lib\site-packages (from cryptography)
Requirement already satisfied: cffi>=1.7; platform_python_implementation != "PyPy" in c:\users\smtb\appdata\local\programs\python\python36-32\lib\site-packages (from cryptography)
Requirement already satisfied: pycparser in c:\users\smtb\appdata\local\programs\python\python36-32\lib\site-packages (from cffi>=1.7; platform_python_implementation != "PyPy"->cryptography)
C:\lglaf>pip install PyUSB
Requirement already satisfied: PyUSB in c:\users\smtb\appdata\local\programs\python\python36-32\lib\site-packages
I take it you aren't on Windows 10 so you can't install Ubuntu from the app store?
I can see now why @steadfasterX pushes FWUL (a Linux VM) for things like this. WIndows is such a freaking PITA
Hopefully someone that has Windows can help you, otherwise I am going to grab FWUL tomorrow and maybe change the procedure for people that aren't on WIndows 10.
-- Brian
ok, just tried the whole procedure from start to finish exactly for the second time and am getting the same "usb device not found"
I also tried the non windows 10 method and ended up having the same issue that smtb1963 has, including the laf crypto failed to import message at the top and I do believe that when it says no backend available under usb lib, that these ar basically the same error, no usb communication. I think i am going to try this on a unbuntu virtual box install and see if I get the same error
[RADIO] Cellular Radio Communication -\/ Modem | IMEI \/- Related Security Discussion!
I hope this Thread Section is A-Ok for the following. @MikeChanning i see this is one of which you are in control of. If not suitable please move it to where you see it is best fit for its final resting place. If you see this and i am sure i have the correct Mike from XDA..... Hey there guy.. =] been a while since we have spoke about the good ol days of the 90's and 00's internet. We will have to have another chat when time permits. Curious to hear more stories about my ex marketing associates and other mutual walks of underground life we ran around with.
Alright now to what I wanted to get a good discussion going on...
This whole discussion you are about to get into is spawned from my extended thirst for knowledge and related comment from @tecknight i just so happened to see moments ago. It is something that could use more educated discussion here as for one it's important to watch what you include in your EDL dumps or file pulls you provide to others. Secondly the more you know the better... The easier it is to *repair* loss of International Mobile Equipment Identity of your device without blowing a gasket!
tecknight said:
I will need all partitions except for:
fsg
modemst1
modemst2
Which contain unique information tied to your phone (IMEI, serial,etc)
I would recommend that you zip the partition images into an archive and upload them to Google drive on some other file sharing service, then PM the URL to me.
Click to expand...
Click to collapse
I too used to think that these partitions carried valuable information however after dealing with Android second operating system aka the RIL and reading various informative articles I have found out that only 2 of those are actually ones to really worry about except for [fsg] and some other partitions.
From what I understand and I have seen modem ST1 and modem st2 do you contain sensitive data however are encrypted and unreadable until you erase them and they get restored on the next reboot which I'm sure you already know. Now [modem] is just an ext4 partition containing nothing but radio firmware binaries themselves. As for [fsg] partition it's still doesn't contain all the NV items for instance and you won't find any IMEI there. Now [/dev/block/boot/device/by-name] directory however does have some interesting information according to articles and more I have recently read. Apparently according to the author of one part of where some of your information is coming from is the [tunning] partition which contained some references to NV items as well but totally different than the ones in [fsg]. Including [/nv/num/550 and [/nvm/context1/550]. When looking at the familiar patterns read from partitions [nvdiag_client -r -p /nvm/num/550] they showed up there more just as well.
This information is coming from a new 2019 Nokia model phone from what I'm Gathering but the bulk of it is common and applies to most all Qualcomm. Defile looked into was a raw binary on an EMMC partition but had some interesting regular structure despite having no file system it appeared as one. This my friends would be the second operating system on Android the RIL. This is where all the complicated work goes on when it comes to programming anything radio related. I am very limited and have unlock numerous phones in my time. Really the most experience I have is with CDMA going back to early days of last decade. So this is all still interesting information I am glad to have came across and share to everyone here. Ok.. Back to this strange amazing structure it appears to contain name-contents and also some o d d ustar references. to some when seeing this you might realize where you have seen them before.. Think and try applying tar xf ... ? With me?
[fsg] and [tunning] partitions are just TAR archives with logic structured EFS items critical for the handsets radiomodule functionality. They are apparently also TOTALLY unencrypted unlike modemst1 and modemst2 partitions that get restored from these. .... So now down to the obvious reason you would do this.. to repair and more by modifying their TAR contents and erasing the modesmst1 and modemst2 partitions that, again, get restored from these you can either repair or run game on the EFS and for example have complete total File System control in a "custom rom" and could create whats been done already but not so advanced as the ideas I have in my mind which would be randomization of these very important sacred identifier numbers 14 numbers long with a luhn check digit. The author i gathered some of this information from has already created a very small self spawning shell script running in busybox of a certain rooted Custom ROM. I don't want to lead this down the negative road and get this convo banned with those of us choosing to discuss how everything works warned/banned so i will end this here.
However if mods do not mind us discussing this in detail simply as protection measures to be watched and or protected by means of hardening security in this area that would be great and I could show an example of a simple small script that does would do the imei repair or worse with ease in a matter of seconds ...
I see positive and negative out of this and already have a load of PoC's that will work. This which people more dedicated than myself these days to research leading to action in the pentesting field might find interesting not to mention including all HATS, cellular manafacturers, ROM programmers, companies both large and small and so many more...
I would love those more experienced in this disucssion to chime in with their comments and correct me / update me if and where I am off and of course make it easier for XDA members to understand what gives so many trouble and renders devices useless unless fixed.. -=]
.
.
.
/me inserts Lamar Burks photo and whispers "this has been a reading rainbow moment" ha ha..
q=]
-noidodroid
RESERVED ..
(off to count sheep for a while - ZZZzz..)
Bump.. nobody?
Anyone ?? Surprised nobody has researched this
I would be interested to know more specific information about the topics you would like to discuss. I can see you have given thoughtful consideration to forum choice and posting guidelines, however the original message is just a little TOO circumspect and vague for me to follow. I am particularly interested to hear about your observations of the RIL and file system in this recent Nokia release, and where you see the vulnerabilities lie. If you could maybe also give some hypothetical scenarios as to how exploitations of your observations might look IRL (yes... IRL, not RIL, lol!). I am at a stage where I'm still learning about the enormous amount of unseen stuff on Android (filesystems, partitions, libraries, APIs, the nuts and bolts of the OS, all the mysterious looking stuff, and of course, the radio interface layer and all its constituents - which, I believe, are STILL relatively insecure - which I think it's also the point of your discussion...).
So... Yes... If you could perhaps give a more concise account of your observations, and perhaps a few starter questions, hopefully those with more knowledge than us might deign to lower themselves to our sordid little level, and get a little dirt on their polished fingernails sharing that sweet sweet knowledge...
With the correct information about this could u technically get any phone from the past working on any carrier or cdma /gsm and then lte (or is that hardware capabilities ) . I'm off topic slightly but not really
thorax.x said:
I would be interested to know more specific information about the topics you would like to discuss. I can see you have given thoughtful consideration to forum choice and posting guidelines, however the original message is just a little TOO circumspect and vague for me to follow. I am particularly interested to hear about your observations of the RIL and file system in this recent Nokia release, and where you see the vulnerabilities lie. If you could maybe also give some hypothetical scenarios as to how exploitations of your observations might look IRL (yes... IRL, not RIL, lol!). I am at a stage where I'm still learning about the enormous amount of unseen stuff on Android (filesystems, partitions, libraries, APIs, the nuts and bolts of the OS, all the mysterious looking stuff, and of course, the radio interface layer and all its constituents - which, I believe, are STILL relatively insecure - which I think it's also the point of your discussion...).
So... Yes... If you could perhaps give a more concise account of your observations, and perhaps a few starter questions, hopefully those with more knowledge than us might deign to lower themselves to our sordid little level, and get a little dirt on their polished fingernails sharing that sweet sweet knowledge...
Click to expand...
Click to collapse
Thanks for replying. Basically what I am trying to get discussion on here is where critical modem related files and RIL files (imei, esn, etc) reside within the files listed and whether or not one can trully gain enough information from said files to find that information. I already know the answer and also wanted to make it a point to others on what not to include in your EDL / Firmware dumps as it could be used by the wrong hands. I also had a bunch of other information more detailed but it looks like its been edited out by someone... Maybe a bit TOO detailed. ha
I will come up with some more direct questions sometime when i get a few minutes free.
.......
camm44 said:
With the correct information about this could u technically get any phone from the past working on any carrier or cdma /gsm and then lte (or is that hardware capabilities ) . I'm off topic slightly but not really
Click to expand...
Click to collapse
Technically yes and no. If the idea i mentioned will write out through serial to RIL and all security is saved or updated then yes but the other methods would be a soft IME! spoof so to speak and the other advanced methods well i cant discuss these as yeah they really could be something new not ever explored. Simply ideas for exploring to help security improve NOT to defraud or do anything illegal... -=]
What programs can be used to read binary code from phone partitions ?
OP topic is not clear...
:good:
thorax.x said:
I would be interested to know more specific information about the topics you would like to discuss. I can see you have given thoughtful consideration to forum choice and posting guidelines, however the original message is just a little TOO circumspect and vague for me to follow. I am particularly interested to hear about your observations of the RIL and file system in this recent Nokia release, and where you see the vulnerabilities lie. If you could maybe also give some hypothetical scenarios as to how exploitations of your observations might look IRL (yes... IRL, not RIL, lol!). I am at a stage where I'm still learning about the enormous amount of unseen stuff on Android (filesystems, partitions, libraries, APIs, the nuts and bolts of the OS, all the mysterious looking stuff, and of course, the radio interface layer and all its constituents - which, I believe, are STILL relatively insecure - which I think it's also the point of your discussion...).
So... Yes... If you could perhaps give a more concise account of your observations, and perhaps a few starter questions, hopefully those with more knowledge than us might deign to lower themselves to our sordid little level, and get a little dirt on their polished fingernails sharing that sweet sweet knowledge...
Click to expand...
Click to collapse
The nature of the discussion here is very unclear to say the least, does the OP have information to share with the community or it is looking for information? Seems like others are interested in the VERY BROAD topic but does not even know where to start a real discussion here. If the OP has valuable info please start by sharing that first and then the community can build on that, thanks
Excellent thread. One of the reasons I no longer use SIM cards is to avoid IMSI catcher detection by bad players. However, even when my Pixel wasn't rooted, a simple PlayStore App showed me local cell towers and they easily detected by IMEI number. I don't even know if Airplane mode does anything. Airplane mode prevents mobile data and telephony Apps from working, but does it prevent leakage of IMEI?
camm44 said:
What programs can be used to read binary code from phone partitions ?
Click to expand...
Click to collapse
What exactly are you trying to read? Which sections of the phone?
alipendier said:
:good:
The nature of the discussion here is very unclear to say the least, does the OP have information to share with the community or it is looking for information? Seems like others are interested in the VERY BROAD topic but does not even know where to start a real discussion here. If the OP has valuable info please start by sharing that first and then the community can build on that, thanks
Click to expand...
Click to collapse
DirtyAngelicaSecured said:
Excellent thread. One of the reasons I no longer use SIM cards is to avoid IMSI catcher detection by bad players. However, even when my Pixel wasn't rooted, a simple PlayStore App showed me local cell towers and they easily detected by IMEI number. I don't even know if Airplane mode does anything. Airplane mode prevents mobile data and telephony Apps from working, but does it prevent leakage of IMEI?
Click to expand...
Click to collapse
Thanks for replying guys. Basically I wanted more discussion on what crucial modem related details such as your IMEI for example reside within modemst1, modemst2, and FSG. This is with the Android operating system and is not only limited to the Nokia that I mentioned. Pretty much should be the same for Qualcomm phones but others I am not so certain. It would be interesting to know across all types of chipsets what we should protect and what is really not a big of a concern as we have always thought. There are already some discussions fear that are great that deal with unlocking T-Mobile and some other carriers but I don't really want to get into that kind of discussion as moderators will can our posts quick. These are some of my ideas in addition to the things I mentioned in the lengthy OP. Would be great to see what we really do need to be careful about and this is also can be a primer for how to repair our lost numbers if need be. Encourage any chat related to the RIL underbelly, modem files, sensitive related files and do hope some of you with greater knowledge then I and others will chime in.
RE: IMSI CATCHERS - I don't worry so much about these. I have monitored Towers for years everywhere I went as a hobby. If you are some kind of person caught in a large group of people such as a rally these are the type of places you really want to be sure to secure your phone. You can buy some material and make a ESD jamming protectant bag to conceal your phone. I just actually bought a roll for the heck of it so I could line my wallets and also a safe box and safe pouch. Again saying I don't worry kind of I guess you could say would be an understatement but I did all of this for sport as I like to put it. Perhaps one day I really will have to use it. Walking to almost any T-Mobile store for example with a booster and you've already connected to an imsi.
Downgrade modem
Hello guys, I currently have an S10e and I have the imei at 0 and that is why I am investigating since the binary 6 is very new and they have not yet launched the exploid to violate this security ... But the issue of radios, modems, ril and baseband have always interested me
noidodroid said:
Thanks for replying guys. Basically I wanted more discussion on what crucial modem related details such as your IMEI for example reside within modemst1, modemst2, and FSG. This is with the Android operating system and is not only limited to the Nokia that I mentioned. Pretty much should be the same for Qualcomm phones but others I am not so certain. It would be interesting to know across all types of chipsets what we should protect and what is really not a big of a concern as we have always thought. There are already some discussions fear that are great that deal with unlocking T-Mobile and some other carriers but I don't really want to get into that kind of discussion as moderators will can our posts quick. These are some of my ideas in addition to the things I mentioned in the lengthy OP. Would be great to see what we really do need to be careful about and this is also can be a primer for how to repair our lost numbers if need be. Encourage any chat related to the RIL underbelly, modem files, sensitive related files and do hope some of you with greater knowledge then I and others will chime in.
RE: IMSI CATCHERS - I don't worry so much about these. I have monitored Towers for years everywhere I went as a hobby. If you are some kind of person caught in a large group of people such as a rally these are the type of places you really want to be sure to secure your phone. You can buy some material and make a ESD jamming protectant bag to conceal your phone. I just actually bought a roll for the heck of it so I could line my wallets and also a safe box and safe pouch. Again saying I don't worry kind of I guess you could say would be an understatement but I did all of this for sport as I like to put it. Perhaps one day I really will have to use it. Walking to almost any T-Mobile store for example with a booster and you've already connected to an imsi.
Click to expand...
Click to collapse
vodoque said:
Hello guys, I currently have an S10e and I have the imei at 0 and that is why I am investigating since the binary 6 is very new and they have not yet launched the exploid to violate this security ... But the issue of radios, modems, ril and baseband have always interested me
Click to expand...
Click to collapse
Keep this "But the issue of radios, modems, ril and baseband have always interested me" kind of talk here and move the s10e talk to their forums. Much cleaner this way. Plus better answers for you. =]
Hi,
1-Firstly I want to ask something are you chronovir. ? if you are the one can you give me your mail adress I want to contact with you
2-When I started to research the android phone in my hand and to examine its partition, I realized that there is no source on the internet.The phone I am currently using is xiaomi mi note 10 lite.Information is usually removed because the illegal part is used some people for bad purposes.No one know anyting about what quallcom partitions do in phone. In the sources I have found now, in addition to modemst1, modemst2 and fsg, some of them also say fsc partition also related to imei.In my phone there is no tunning partition maybe in my phone name is fsc. in my phone there is quallcom chipset.I can backup my nvdata via qualcomm qpst software and it takes backup filename extension qcn or xqcn type.In my phone, when I tried to change imei numbers just beacuse out of curiosity (not illegal purposes) first I delete modemst1, modemst2 and fsg partition after that I edit qcn file and change both imei. after flashed phone detect to imei change and reboot phone in recovery mode and show nv data is corrupted writing . the only fix is the wipe data and after that when my phone open there is no signal or change.If I change only imei2 and delete imei1 . There is no security phone works correctly but only sim2 have signal sim1 cant work anymore.I think inside to rom there is protection. When I searched to rom. I find 2 things. in build.prop there is one sting name is ro.miui.restrict_imei=1 I think this one related to protection but in the internet noting found.Also I find another file but I dont want to say in this forum because of the illegal usage.I dont like apple because of the reason is apple is black box.Do you know.I pull my phone modemst1,modemst2,fsg partition in .img format.I want to edit in my pc but I cant find any method.
2-if you have any android phone can you look at the bk51 and bk52 partition.I suspect those partition but I cannot understand what happened because my knowledge is limited.
Sorry my bad english
I am sharing my phone partition name and list:
lrwxrwxrwx 1 root root 16 1970-03-22 19:02 abl -> /dev/block/sde36
lrwxrwxrwx 1 root root 16 1970-03-22 19:02 ablbak -> /dev/block/sde37
lrwxrwxrwx 1 root root 16 1970-03-22 19:02 aop -> /dev/block/sde16
lrwxrwxrwx 1 root root 16 1970-03-22 19:02 aopbak -> /dev/block/sde17
lrwxrwxrwx 1 root root 15 1970-03-22 19:02 apdp -> /dev/block/sde8
lrwxrwxrwx 1 root root 15 1970-03-22 19:02 bk01 -> /dev/block/sda4
lrwxrwxrwx 1 root root 15 1970-03-22 19:02 bk02 -> /dev/block/sda5
lrwxrwxrwx 1 root root 15 1970-03-22 19:02 bk03 -> /dev/block/sda6
lrwxrwxrwx 1 root root 15 1970-03-22 19:02 bk04 -> /dev/block/sda7
lrwxrwxrwx 1 root root 16 1970-03-22 19:02 bk05 -> /dev/block/sda10
lrwxrwxrwx 1 root root 16 1970-03-22 19:02 bk06 -> /dev/block/sda13
lrwxrwxrwx 1 root root 16 1970-03-22 19:02 bk07 -> /dev/block/sda15
lrwxrwxrwx 1 root root 16 1970-03-22 19:02 bk08 -> /dev/block/sda20
lrwxrwxrwx 1 root root 16 1970-03-22 19:02 bk09 -> /dev/block/sda22
lrwxrwxrwx 1 root root 15 1970-03-22 19:02 bk31 -> /dev/block/sdd1
lrwxrwxrwx 1 root root 15 1970-03-22 19:02 bk32 -> /dev/block/sdd3
lrwxrwxrwx 1 root root 15 1970-03-22 19:02 bk33 -> /dev/block/sdd5
lrwxrwxrwx 1 root root 15 1970-03-22 19:02 bk41 -> /dev/block/sde5
lrwxrwxrwx 1 root root 16 1970-03-22 19:02 bk43 -> /dev/block/sde24
lrwxrwxrwx 1 root root 16 1970-03-22 19:02 bk44 -> /dev/block/sde30
lrwxrwxrwx 1 root root 16 1970-03-22 19:02 bk45 -> /dev/block/sde40
lrwxrwxrwx 1 root root 16 1970-03-22 19:02 bk47 -> /dev/block/sde50
lrwxrwxrwx 1 root root 15 1970-03-22 19:02 bk51 -> /dev/block/sdf3
lrwxrwxrwx 1 root root 15 1970-03-22 19:02 bk52 -> /dev/block/sdf4
lrwxrwxrwx 1 root root 16 1970-03-22 19:02 bluetooth -> /dev/block/sde27
lrwxrwxrwx 1 root root 16 1970-03-22 19:02 boot -> /dev/block/sde49
lrwxrwxrwx 1 root root 16 1970-03-22 19:02 cache -> /dev/block/sda29
lrwxrwxrwx 1 root root 16 1970-03-22 19:02 catecontentfv -> /dev/block/sde29
lrwxrwxrwx 1 root root 16 1970-03-22 19:02 catefv -> /dev/block/sde19
lrwxrwxrwx 1 root root 16 1970-03-22 19:02 cateloader -> /dev/block/sde32
lrwxrwxrwx 1 root root 15 1970-03-22 19:02 cdt -> /dev/block/sdd2
lrwxrwxrwx 1 root root 16 1970-03-22 19:02 cmnlib -> /dev/block/sde20
lrwxrwxrwx 1 root root 16 1970-03-22 19:02 cmnlib64 -> /dev/block/sde22
lrwxrwxrwx 1 root root 16 1970-03-22 19:02 cmnlib64bak -> /dev/block/sde23
lrwxrwxrwx 1 root root 16 1970-03-22 19:02 cmnlibbak -> /dev/block/sde21
lrwxrwxrwx 1 root root 16 1970-03-22 19:02 core_nhlos -> /dev/block/sde51
lrwxrwxrwx 1 root root 16 1970-03-22 19:02 cust -> /dev/block/sda31
lrwxrwxrwx 1 root root 15 1970-03-22 19:02 dbg -> /dev/block/sda3
lrwxrwxrwx 1 root root 15 1970-03-22 19:02 ddr -> /dev/block/sdd4
lrwxrwxrwx 1 root root 16 1970-03-22 19:02 devcfg -> /dev/block/sde14
lrwxrwxrwx 1 root root 16 1970-03-22 19:02 devcfgbak -> /dev/block/sde15
lrwxrwxrwx 1 root root 16 1970-03-22 19:02 devinfo -> /dev/block/sda17
lrwxrwxrwx 1 root root 16 1970-03-22 19:02 dip -> /dev/block/sde28
lrwxrwxrwx 1 root root 16 1970-03-22 19:02 dsp -> /dev/block/sde48
lrwxrwxrwx 1 root root 16 1970-03-22 19:02 dtbo -> /dev/block/sde45
lrwxrwxrwx 1 root root 16 1970-03-22 19:02 exaid -> /dev/block/sda30
lrwxrwxrwx 1 root root 15 1970-03-22 19:02 frp -> /dev/block/sda9
lrwxrwxrwx 1 root root 15 1970-03-22 19:02 fsc -> /dev/block/sdf2
lrwxrwxrwx 1 root root 15 1970-03-22 19:02 fsg -> /dev/block/sdf1
lrwxrwxrwx 1 root root 16 1970-03-22 19:02 gsort -> /dev/block/sde44
lrwxrwxrwx 1 root root 16 1970-03-22 19:02 hyp -> /dev/block/sde42
lrwxrwxrwx 1 root root 16 1970-03-22 19:02 hypbak -> /dev/block/sde43
lrwxrwxrwx 1 root root 16 1970-03-22 19:02 ifaa -> /dev/block/sde46
lrwxrwxrwx 1 root root 16 1970-03-22 19:02 imagefv -> /dev/block/sda27
lrwxrwxrwx 1 root root 16 1970-03-22 19:02 keymaster -> /dev/block/sde25
lrwxrwxrwx 1 root root 16 1970-03-22 19:02 keymasterbak -> /dev/block/sde26
lrwxrwxrwx 1 root root 15 1970-03-22 19:02 keystore -> /dev/block/sda8
lrwxrwxrwx 1 root root 15 1970-03-22 19:02 limits -> /dev/block/sde4
lrwxrwxrwx 1 root root 16 1970-03-22 19:02 logdump -> /dev/block/sda24
lrwxrwxrwx 1 root root 16 1970-03-22 19:02 logfs -> /dev/block/sda14
lrwxrwxrwx 1 root root 16 1970-03-22 19:02 logo -> /dev/block/sde47
lrwxrwxrwx 1 root root 16 1970-03-22 19:02 metadata -> /dev/block/sda19
lrwxrwxrwx 1 root root 16 1970-03-22 19:02 minidump -> /dev/block/sda25
lrwxrwxrwx 1 root root 16 1970-03-22 19:02 misc -> /dev/block/sda11
lrwxrwxrwx 1 root root 16 1970-03-22 19:02 modem -> /dev/block/sde52
lrwxrwxrwx 1 root root 15 1970-03-22 19:02 modemst1 -> /dev/block/sdf5
lrwxrwxrwx 1 root root 15 1970-03-22 19:02 modemst2 -> /dev/block/sdf6
lrwxrwxrwx 1 root root 15 1970-03-22 19:02 msadp -> /dev/block/sde9
lrwxrwxrwx 1 root root 15 1970-03-22 19:02 multiimgoem -> /dev/block/sde1
lrwxrwxrwx 1 root root 15 1970-03-22 19:02 multiimgqti -> /dev/block/sde2
lrwxrwxrwx 1 root root 16 1970-03-22 19:02 oem_misc1 -> /dev/block/sda18
lrwxrwxrwx 1 root root 16 1970-03-22 19:02 oops -> /dev/block/sda16
lrwxrwxrwx 1 root root 15 1970-03-22 19:02 persist -> /dev/block/sdf7
lrwxrwxrwx 1 root root 15 1970-03-22 19:02 persistbak -> /dev/block/sdf8
lrwxrwxrwx 1 root root 15 1970-03-22 19:02 qupfw -> /dev/block/sde6
lrwxrwxrwx 1 root root 15 1970-03-22 19:02 qupfwbak -> /dev/block/sde7
lrwxrwxrwx 1 root root 16 1970-03-22 19:02 rawdump -> /dev/block/sda26
lrwxrwxrwx 1 root root 16 1970-03-22 19:02 recovery -> /dev/block/sda28
lrwxrwxrwx 1 root root 14 1970-03-22 19:02 sda -> /dev/block/sda
lrwxrwxrwx 1 root root 14 1970-03-22 19:02 sdb -> /dev/block/sdb
lrwxrwxrwx 1 root root 14 1970-03-22 19:02 sdc -> /dev/block/sdc
lrwxrwxrwx 1 root root 14 1970-03-22 19:02 sdd -> /dev/block/sdd
lrwxrwxrwx 1 root root 14 1970-03-22 19:02 sde -> /dev/block/sde
lrwxrwxrwx 1 root root 14 1970-03-22 19:02 sdf -> /dev/block/sdf
lrwxrwxrwx 1 root root 15 1970-03-22 19:02 secdata -> /dev/block/sde3
lrwxrwxrwx 1 root root 16 1970-03-22 19:02 splash -> /dev/block/sda21
lrwxrwxrwx 1 root root 16 1970-03-22 19:02 spunvm -> /dev/block/sde41
lrwxrwxrwx 1 root root 15 1970-03-22 19:02 ssd -> /dev/block/sda2
lrwxrwxrwx 1 root root 16 1970-03-22 19:02 storsec -> /dev/block/sde11
lrwxrwxrwx 1 root root 16 1970-03-22 19:02 super -> /dev/block/sda23
lrwxrwxrwx 1 root root 15 1970-03-22 19:02 switch -> /dev/block/sda1
lrwxrwxrwx 1 root root 16 1970-03-22 19:02 toolsfv -> /dev/block/sde35
lrwxrwxrwx 1 root root 16 1970-03-22 19:02 tz -> /dev/block/sde38
lrwxrwxrwx 1 root root 16 1970-03-22 19:02 tzbak -> /dev/block/sde39
lrwxrwxrwx 1 root root 16 1970-03-22 19:02 uefisecapp -> /dev/block/sde33
lrwxrwxrwx 1 root root 16 1970-03-22 19:02 uefisecappbak -> /dev/block/sde34
lrwxrwxrwx 1 root root 16 1970-03-22 19:02 uefivarstore -> /dev/block/sde18
lrwxrwxrwx 1 root root 16 1970-03-22 19:02 userdata -> /dev/block/sda32
lrwxrwxrwx 1 root root 16 1970-03-22 19:02 vbmeta -> /dev/block/sde10
lrwxrwxrwx 1 root root 16 1970-03-22 19:02 vbmeta_system -> /dev/block/sde12
lrwxrwxrwx 1 root root 16 1970-03-22 19:02 vbmeta_vendor -> /dev/block/sde13
lrwxrwxrwx 1 root root 16 1970-03-22 19:02 vm-data -> /dev/block/sda12
lrwxrwxrwx 1 root root 15 1970-03-22 19:02 xbl -> /dev/block/sdb2
lrwxrwxrwx 1 root root 15 1970-03-22 19:02 xbl_config -> /dev/block/sdb1
lrwxrwxrwx 1 root root 15 1970-03-22 19:02 xbl_configbak -> /dev/block/sdc1
lrwxrwxrwx 1 root root 15 1970-03-22 19:02 xblbak -> /dev/block/sdc2
Phone: TCL C5 with Android 8.1
i have tested mtk-su and it works
i can make a copy of the boot partition and everything
i have unlocked the bootloader
for some reason i have 2 boot files ( or more )
lrwxrwxrwx 1 root root 21 2020-12-03 16:24 boot -> /dev/block/mmcblk0p31
lrwxrwxrwx 1 root root 21 2020-12-03 16:24 boot2 -> /dev/block/mmcblk0p32
lrwxrwxrwx 1 root root 20 2020-12-03 16:24 boot_para -> /dev/block/mmcblk0p3
lrwxrwxrwx 1 root root 23 2020-12-03 16:24 preloader_a -> /dev/block/mmcblk0boot0
lrwxrwxrwx 1 root root 23 2020-12-03 16:24 preloader_b -> /dev/block/mmcblk0boot1
i don't know what is going on here but i can patch boot and boot2 with magisk
the files goes from 24 MB to 7.7 MB so i think this is kinda weird
i want to know how i can make a good backup of everything before trying to flash anything
so i can prevent bootloop
and i want to know if there is any way to test the boot.img before flashing it
if not i would like some help to backup everything before flashing it
i patch the boot.img and try doing "fastboot boot boot.img"
but the magisk manager doesn't show installed or anything so i don't think "fastboot boot" works in this situation
is there anything i can do to be sure before flashing?
Update: seems like i only need boot and boot2
maybe patching both and flashing it?
seems a little risky, they both are the same file with the same md5sum hash