I am cooking using Sjk 8 and have cooked a few roms trying to get the perfect one for release. First I would like to thank Ivan for the kitchen and the dev team who work on the new oskitchen.
my problem is I can not get a connection to the internet through GPRS. I have run the network wizard and mms is fine but for some reason I can not get the internet to work. I am on tmobile and have unlimited internet. Have editied the connections manually but have not got it working.
What am I missing?
Build is 21887 WM 6.5 Old Gui
Here is my log from the kitchen
Cleaning up
Starting a new build process. Actual Locale: 0409
Configuring kitchen to USE:
DPI: 96
ResH: 240
ResV: 320
Device name: Herald
Native 6.5 Kernel: False
Creating folders
Copying OEMs
Copying SYS
Copying EXT and scanning for all add2* files
Copying other folders needed to run...
Doing UPX on EXT directory
OK, Letting Device-specific preparations...
Deleting unneeded resolutions in Titanium
Running Platformrebuilder
----------------------------
Running Tool: Resources\Tools\platformrebuilder.exe
Working Folder: Build
Arguments:
PLATFORMREBUILDER Copyright (c) 2008-2009 bepe Feb 15 2009 22:53:49
Building for old kernel!
Build: Premium
Locale: 0409
Preparing release structure...
... done!
Collecting standard packages and initializing hives...
XIP: 3 packages
IMG: 66 packages
... done!
Processing standard packages...
MSXIPKernelLTK
MSXIPKernel
OEMXipKernel
SIM_TKit
SMIME
Bth_A2DP
DRM
MediaOS
RUNTIMES
GPSID
SMS_Providers
ppgprov
Required
ConfettiCore
BTDUN
BaseAppsFiles
MediaOSFiles
SQLCE
OSFiles
BROWSINGCORE
Metadata
MediaOS_Lang_0409
OS
Bth_A2DP_Lang_0409
BROWSING
BROWSING_Lang_0409
BaseApps
browsingie
Office
Office_Lang_0409
browsingie_Lang_0409
Shell
Base_Lang_0409
PhoneRedist
Redist
Phone
Redist_Lang_0409
Phone_Lang_0409
PhoneRedist_Lang_0409
Bluetooth
Bluetooth_Lang_0409
INTERNETSHARING
Base
Base_DPI_96
Base_DPI_96_resh_240_resv_320
Base_Lang_0409_DPI_96
Base_Lang_0409_DPI_96_resh_240_resv_320
BROWSING_DPI_96
CommonEA
MediaOS_DPI_96_resh_240_resv_320
Office_DPI_96
Office_Lang_0409_DPI_96
PhoneRedist_DPI_96
PhoneRedist_Lang_0409_DPI_96
Phone_DPI_96
Phone_DPI_96_resh_240_resv_320
Phone_Lang_0409_DPI_96
Redist_DPI_96
Redist_DPI_96_resh_240_resv_320
Redist_Lang_0409_DPI_96
Keyboard - Wing (Choose only ONE)
LangDB
OEMAPPS
OEMDrivers
OEMMISC
OEMOPERATORS
OEMVERSION
Warning: Overwriting 'mxipupdate_OEMVERSION_100.provxml'
OEM_DPI_96
OEM_Lang_0409
Warning: Overwriting 'mxipcold_zzPIED_101.provxml'
Warning: Overwriting 'mxipupdate_zz_oemoperators_100_PPC+ModelNameRelates_Herald.provxml'
Warning: Overwriting 'mxipupdate_zz_oemoperators_101_PPC+AKv30_UserAgent_Herald.provxml'
Warning: Overwriting 'mxipupdate_zz_oemoperators_101_PPC+All_AutoDetectSetting.provxml'
Warning: Overwriting 'mxipupdate_zz_oemoperators_101_PPC+All_BookMarkpIE.provxml'
Warning: Overwriting 'mxipupdate_zz_oemoperators_101_PPC+All_DisconnectGPRSPressKey.provxml'
Warning: Overwriting 'mxipupdate_zz_oemoperators_101_PPC+All_EnableDTMF.provxml'
Warning: Overwriting 'mxipupdate_zz_oemoperators_101_PPC+All_GPRS_authentication.provxml'
Warning: Overwriting 'mxipupdate_zz_oemoperators_101_PPC+All_HTCThemeLayout.provxml'
Warning: Overwriting 'mxipupdate_zz_oemoperators_101_PPC+All_NetworkIconDisplay.provxml'
Warning: Overwriting 'mxipupdate_zz_oemoperators_101_PPC+All_SMSUnicodeEnable.provxml'
Warning: Overwriting 'mxipupdate_zz_oemoperators_101_PPC_SPN+ALL_TaoyuanProj.provxml'
Warning: Overwriting 'mxipupdate_zz_oemoperators_999_PPC+All_DisableEmailSetupWelcome.provxml'
Warning: Overwriting 'mxipupdate_zz_oemoperators_999_PPC+All_EnableNewMailAccount.provxml'
Warning: Overwriting 'mxipupdate_zz_OEMOPERATORS_999_Project+ALL_setSTKregistry.provxml'
Warning: Overwriting 'mxip_pied_100_Certificates_ACE.provxml'
Warning: Overwriting 'mxip_pied_101_Certificates_BrightPoint.provxml'
Warning: Overwriting 'mxip_pied_102_Certificates_Dangaard.provxml'
Warning: Overwriting 'mxip_pied_103_Certificates_LeafWireless.provxml'
Warning: Overwriting 'mxip_pied_104_Certificates_Novabase.provxml'
Warning: Overwriting 'mxip_pied_105_Certificates_HughSymons.provxml'
... done!
Processing extended packages...
2_7_1_9_From_Opal
4_04_27385_02_Herald
AdvancedConfig_3_3_0_0
AdvancedNetwork_1_0_10_4
Warning: Overwriting 'CSDLineType.htm'
Warning: Overwriting 'SMSService.htm'
AdvancedPowerManagement 1_5_18162126_1
Arcsoft_MMS_5_2_8_45
BluetoothSetting_2_11_1_2
BootLauncher_1_0_37394_1
ButtonSetting_3_17_0_0
CAB_No_Delete
ClearStorage_1_40_0_5
CLL 1_0_1_10
Concurrence_Mgr_1_5_19162826_00
ContactUtilityEngine_1_0_19122926_0000
DataDisconnect_2_10_0_0
DeviceInfo_1_35_0_4
DiscretixDRM_1_0_20090630_00
DRM_Middleware_1_5_19162824_00
Dshow_2_0_19162825_01
Home Screen ++ Omap Overclock
Warning: Overwriting 'Calendar.lnk'
Warning: Overwriting 'gprs.bmp'
Warning: Overwriting 'rotate.bmp'
Warning: Overwriting 'Tasks.lnk'
HTCFontLink_1_0_19132133_1
HTCMessage_1_81_281_1
HTCScroll_2_0_19171128_00
HTCUtil_1_7_0_0_OlderDevices
JbedJava_Opera_Mini_5_Beta
Failed to parse value name HKEY_LOCAL_MACHINE\SOFTWARE\Apps\Esmertec Java\Properties!!!
Failed to parse value name HKEY_LOCAL_MACHINE\SOFTWARE\Apps\Esmertec Java\Properties!!!
Keyboard Skins - BL Black
LongPressEndKey_1_2_35861_4
mHub_6_37_070320_T0
MicrophoneAGC_0_91_0_6
MyCPL_3_13_0_6
NetCF3_7_8345_00
Warning: Overwriting 'GAC_Microsoft.WindowsMobile.Configuration_v1_0_0_0_cneutral_1.dll'
Warning: Overwriting 'GAC_Microsoft.WindowsMobile.Forms_v1_0_0_0_cneutral_1.dll'
Warning: Overwriting 'GAC_Microsoft.WindowsMobile.PocketOutlook_v1_0_0_0_cneutral_1.dll'
Warning: Overwriting 'GAC_Microsoft.WindowsMobile.Status_v1_0_0_0_cneutral_1.dll'
Warning: Overwriting 'GAC_Microsoft.WindowsMobile.Telephony_v1_0_0_0_cneutral_1.dll'
Warning: Overwriting 'GAC_Microsoft.WindowsMobile.Utilities_v1_0_0_0_cneutral_1.dll'
Warning: Overwriting 'GAC_Microsoft.WindowsMobile_v1_0_0_0_cneutral_1.dll'
Network Wizard_Conection Setup
Warning: Overwriting 'option.xml'
Package Tools - dotFred Task Manager
Warning: Overwriting 'option.xml'
Warning: Overwriting 'TaskMgr.exe'
Package Tools - Glossy Black Bars
Warning: Overwriting 'option.xml'
Package Tools - psShutXP
Warning: Overwriting 'option.xml'
Package Tools - RC Mod
Warning: Overwriting 'option.xml'
PCMKeyboard_.23
Warning: Overwriting 'option.xml'
PhoneCanvas_3_00_1917_1_Optimized
PhoneSettings_6_31_0_2
Warning: Overwriting 'TimeZones.htm'
Picture_Enhancement_1_50_19171326_00
PKG_1_1_0_0
Power_2_25_0_2
Power_Service 2_23_0_2
Redial_1_3_0_0
Warning: Overwriting 'Redial.exe'
ReenableHiddenSettings
Registry_Vibe_And_Ring
Service_1_69_0_0
Set_Arcsoft_MMS_to_QVGA_mode
Warning: Overwriting 'res_240x320.txt'
ShareDLL_2_0_070711_0000
Warning: Overwriting 'HTCDrmAPI.dll'
SharedResource_1_0_19163524_00
Shared_Modules_1_01_19143331_01
Warning: Overwriting 'HTCABOUTLOGO.bmp'
Warning: Overwriting 'VerInfou2.dll'
SIPChange
SlidingSounds_1_0
SMS Chat
Warning: Overwriting '1.JPG'
Warning: Overwriting '2.JPG'
Warning: Overwriting 'option.xml'
softkey Changer
Warning: Overwriting 'option.xml'
SPB_Black_47
SYS_SecurityOff
TCPMP_81_AllCodec
Failed to parse value name HKEY_LOCAL_MACHINE\Software\TCPMP\DLLStamp!!!
Failed to parse value name HKEY_LOCAL_MACHINE\Software\TCPMP\DLLStamp!!!
Failed to parse value name HKEY_LOCAL_MACHINE\Software\TCPMP\DLLStamp!!!
Failed to parse value name HKEY_LOCAL_MACHINE\Software\TCPMP\DLLStamp!!!
Failed to parse value name HKEY_LOCAL_MACHINE\Software\TCPMP\DLLStamp!!!
Failed to parse value name HKEY_LOCAL_MACHINE\Software\TCPMP\DLLStamp!!!
Failed to parse value name HKEY_LOCAL_MACHINE\Software\TCPMP\DLLStamp!!!
Failed to parse value name HKEY_LOCAL_MACHINE\Software\TCPMP\DLLStamp!!!
Failed to parse value name HKEY_LOCAL_MACHINE\Software\TCPMP\DLLStamp!!!
Failed to parse value name HKEY_LOCAL_MACHINE\Software\TCPMP\DLLStamp!!!
Failed to parse value name HKEY_LOCAL_MACHINE\Software\TCPMP\DLLStamp!!!
Failed to parse value name HKEY_LOCAL_MACHINE\Software\TCPMP\DLLStamp!!!
Failed to parse value name HKEY_LOCAL_MACHINE\Software\TCPMP\DLLStamp!!!
Failed to parse value name HKEY_LOCAL_MACHINE\Software\TCPMP\DLLStamp!!!
Failed to parse value name HKEY_LOCAL_MACHINE\Software\TCPMP\DLLStamp!!!
Failed to parse value name HKEY_LOCAL_MACHINE\Software\TCPMP\DLLStamp!!!
Failed to parse value name HKEY_LOCAL_MACHINE\Software\TCPMP\DLLStamp!!!
Failed to parse value name HKEY_LOCAL_MACHINE\Software\TCPMP\DLLStamp!!!
Failed to parse value name HKEY_LOCAL_MACHINE\Software\TCPMP\DLLStamp!!!
Failed to parse value name HKEY_LOCAL_MACHINE\Software\TCPMP\DLLStamp!!!
Failed to parse value name HKEY_LOCAL_MACHINE\Software\TCPMP\DLLStamp!!!
Failed to parse value name HKEY_LOCAL_MACHINE\Software\TCPMP\DLLStamp!!!
Failed to parse value name HKEY_LOCAL_MACHINE\Software\TCPMP\DLLStamp!!!
Failed to parse value name HKEY_LOCAL_MACHINE\Software\TCPMP\DLLStamp!!!
Failed to parse value name HKEY_LOCAL_MACHINE\Software\TCPMP\DLLStamp!!!
Total_Comander
Warning: Overwriting 'SetupDLL.dll'
TouchFlo_3_0_31508_9
USBtoPC_exe_1_23_0_0
VersionInfo 1_0_18182525_0
Warning: Overwriting 'HTCABOUTLOGO.bmp'
Warning: Overwriting 'VerInfou2.dll'
VoiceRecorder_1_10_18192131_6
WiFiSettings_1_2_4_3
WLANSettings_2_6_0_0
zlibce_m_1_2_3_1
zzz_feROM_version_pkg
Warning: Overwriting 'welcomehead.96.png'
... done!
Finalizing and optimizing ROM structure...
... done!
Memory Map...
SLOT 0: 0x02000000 - 0x01e30000 (END: 0x00060000, 0 MODULES)
0x02000000 - 0x01fd0000 - ROM 0
0x01f90000 - 0x01e30000 - ROM 1
SLOT 1: 0x04000000 - 0x02760000 (END: 0x02020000, 246 MODULES)
RAM IMAGE: 0x8c100000 - 0x8c39d9d0
RAM: 0x8c39e000 - 0x8c3ce000 - Used for kernel modules
0x8c3ce000 - 0x8fc00000 - 56 MB free
... done!
Donations...
If you're using one of my tools and feel a need to support development
and/or buy me a drink, please feel free to send a donation through PayPal.
Created link in the root of the kitchen.
Updating all files with add2*:
Inserting XIP
----------------------------
Running Tool: Resources\Tools\implantxip.exe
Working Folder: Build\Temp
Arguments: -xip "xip.bin" -payload "OS.nb.payload" -PP 8 -imgstart 0 -uldr -nocert
Getting IMGFS from NB
----------------------------
Running Tool: Resources\Tools\imgfsfromnb.exe
Working Folder: Build\Temp
Arguments: "os.nb.payload" "imgfs.bin"
ImgfsFromNb 2.1rc2
Sector size is 0x200 bytes
ImgFs partition starts at 0x002b0000 and ends at 0x002c0000
Dumping IMGFS at offset 0x002b0000 (size 0x00010000)
Done!
Generating IMGFS from DUMP
----------------------------
Running Tool: Resources\Tools\imgfsfromdump.exe
Working Folder: Build\Temp
Arguments: "imgfs.bin" "imgfs-new.bin"
ImgfsFromDump 2.1rc2 TURBO with Prefetching and MultiThreading Support, by Plax
Using compression type 'LZX'!
Sector size is 0x200
Total Sectors: 0x17f43
And putting IMGFS into NB
----------------------------
Running Tool: Resources\Tools\ImgfsToNb.exe
Working Folder: Build\Temp
Arguments: "imgfs-new.bin" "OS.nb.payload" "OS-new.nb.payload" -bigstoragemove
ImgfsToNb 2.1rc2
Using bigstorage mode
Sector size is 0x200 bytes
Writing imgfs to offset byte 0x2b0000, sector 0x1580
Padding ImgFs from 0x2fe8600 bytes (0x17f43 sectors)
to 0x2ff0000 bytes (0x17f80 sectors)
Not conservative mode. Changing imgfsEnd from 0x2c0000 to 0x32a0000
Partition entry before:
File System: 0x25
Start Sector: 0x00001580
Total Sectors: 0x00000080
Boot indicator: 0x00
First Head: 0x00
First Sector: 0x01
First Track: 0x2b
Last Head: 0x7f
Last Sector: 0x01
Last Track: 0x2b
Partition entry after:
File System: 0x25
Start Sector: 0x00001580
Total Sectors: 0x00017f80
Boot indicator: 0x00
First Head: 0x00
First Sector: 0x01
First Track: 0x2b
Last Head: 0x7f
Last Sector: 0x01
Last Track: 0x329
ImgFs Flash Region log blocks was 0x1, now is 0x2ff
No Storage Flash Region found!
Done!
Generating NBH
----------------------------
Running Tool: Resources\Tools\htcrt.exe
Working Folder:
Arguments: /buildrom ".\FLASH\ferom.htcrtproj" ".\FLASH\RUU_Signed_0409.nbh"
Cleaning again
DONE! Now you can flash!
You may have forgotten to cook in ADC.. follow my guide in my signature below if you need any help..
I don't show ADC available in the selections in this build 21887.
Probably have to manually add it in..
How would I do that.
Ok well Im gonna see if I can break something. I coppied it from the 28205 folders to the 21887 folders.. gonna give it a go.
Find the kitchen files in my guide, in the first post, I think its 'Link 7.'
You'll find that there is a folder named ADC in there. And you will also need the ADC_Lang_0409 folder as well.
Put the ADC folder in the Common folder in the SHARED folder.
Put the ADC_lang_0409 in the 0409 folder in the SHARED folder.
So navigate to C:\kitchens\SuperJustKitchen\Working_Folder\SYS and then choose your build number.. actually you should add it to all your builds..
Okay I tried it from my 28205 folders and ran the the build process flashed and phone booted to first splash and did not go any further. Flashing to a another build through sd right now will try using the files from your links and will report back.
Let meh know
Phone completely booted ADC ran and could not complete the config. Ran network wizard and re ran the auto config still no dice.
My suggestion would be to use the older kitchen and follow my guide.. Not sure what else you might be missing.. I figured ADC because that is what is used for gprs..
I'll give it a shot and report back
Tried your kitchen and your selections where they matched for 21887. Still no love.
Did you make the same ext selections as I did. Because I do believe that I have included everything you'll need.
One last thing you can also try is enabling the DRM and the RMGR packages. These two also have to do with cellular service..
Sure did. I did have DRM enabled but cant find the RMGR in the list. Wierd thing is I don't have a problem under WM 6.1 just the WM 6.5 old gui. I even tried a diferent radio.
I really want to find a resolution to this one as I really like this version on WM. Fast stable and easy on the Ram and storage. My builds are about 50 to 55 mb and running about 18-16 free ram. I just need to get over this hurdle.
Okay, go ahead and add the roaming manager (the RMGR) package files too just like you did last time.. in the SHARED folder make sure that you have the 0409 files and the common files setup right..
Cant find RMGR. I noticed in your walk through you are using 28223. The download I got only has 28008 and does not have the RMGR in it.
I really appreciate all your help.
You can use the RMGR from 28223. In my SYS and xip files I actually should have 28230 too. Just locate the files in the SHARED folder and copy the RMGR from the COMMON folder over to your COMMON folder.
ok so this is my first time ever doing anything to a android device, i made the gold card following the instructions and stuff, got it and it says gold card successful when i am done.. i have tried the one click and couldnt get it to work either, so this is where i think I get stuck
Microsoft Windows [Version 6.1.7600]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\Windows\system32>cd c:\ace-hack-kit-v9
c:\ace-hack-kit-v9>hackerize-ace setup-downgrade
* daemon not running. starting it now on port 5037 *
* daemon started successfully *
1270 KB/s (557962 bytes in 0.429s)
572 KB/s (15837 bytes in 0.027s)
Starting adb shell to test temp root, please be patient...
if you see a '#' prompt, okay to proceed
if you see a '$' prompt, temproot failed
type exit at the prompt to continue
The system cannot find the path specified.
error: device not found
error: device not found
c:\ace-hack-kit-v9>hackerize-ace setup-downgrade
1187 KB/s (557962 bytes in 0.459s)
1031 KB/s (15837 bytes in 0.015s)
mmap() failed. Operation not permitted
Starting adb shell to test temp root, please be patient...
if you see a '#' prompt, okay to proceed
if you see a '$' prompt, temproot failed
type exit at the prompt to continue
The system cannot find the path specified.
# exit
exit
--set_version set. VERSION will be changed to: 1.31.405.6
Patching and backing up partition 17...
Error opening backup file.
c:\ace-hack-kit-v9>
i am guessing it is when it says Error opening backup file?
what am i doing wrong?
any suggestions would be greatly appreciated, I have been trying to get my phone rooted for the last 2 days and have not been able to get it. Im pretty frustrated and I dont know what else to do! Am i just missing something obvious. Grr!
please post in the hack kit thread, not start a new one...thread closed.
Hi,
Because I don't run Windows nor NetBSD, I rewrote rkflash from scratch with the use of libusb-1.0, so you can now read and write your rk2818-based tablet's flash memory under Linux (also w/o the need to root your tablet). Credit for reverse-engineering the protocol goes to the original author of rkflash (see source).
Small guide
- unzip the file
- compile
Linux (Debian, Ubuntu, ...)
Code:
sudo apt-get install libusb-1.0-0-dev
gcc -o rkflashtool rkflashtool.c -lusb-1.0 -O2 -W -Wall -s
Mac OS X (thanks to surfer63, binary here)
Code:
sudo port install libusb
gcc -I/opt/local/include -I/opt/local/include/libusb-1.0 \
-L/opt/local/lib -o rkflashtool rkflashtool.c -lusb-1.0 -O2 -W -Wall
Preparation
- powerdown your tablet
- disconnect all cables
To get into flash mode differs for many tablets. Google around or use trial and error
- insert the USB cable in computer
- hold vol+ (or put on/off/locked-switch in the locked position)
- insert the other end of your cable in the tablet
- wait a few seconds
- release vol+
Now if you run lsusb, the following line should appear:
Bus 001 Device 044: ID 2207:281a (290a for rk2918 based tablets)
Bus and device number may be different. The screen of your tablet stays black.
The USB device must be readable and writable for the user running rkflashtool. If that's not the case, you'll see an error like this:
Code:
$ ./rkflashtool b
libusb couldn't open USB device /dev/bus/usb/001/048: Permission denied.
libusb requires write access to USB device nodes.
rkflashtool: fatal: cannot open device
This can be fixed in several ways (chmod, run as root, udev rules) but that's beyond the scope of this posting. For now, chmod 666 the device mentioned in the error message.
Usage of rkflashtool
Code:
$ ./rkflashtool
rkflashtool: fatal: usage:
rkflashtool b reboot device
rkflashtool r offset size >file read flash
rkflashtool w offset size <file write flash
offset and size are in units of 512 bytes
On my tablet, the boot partition starts at offset 0x8000 (in blocks of 512 bytes)
Its size is 0x2000 blocks
To backup the partition, issue:
Code:
$ ./rkflashtool r 0x8000 0x2000 >boot.img.backup
rkflashtool: info: interface claimed
rkflashtool: info: reading flash memory at offset 0x00008000
rkflashtool: info: reading flash memory at offset 0x00008020
.......
rkflashtool: info: reading flash memory at offset 0x00009fe0
To write a new boot.img or an old backup back to the device:
Code:
$ ./rkflashtool w 0x8000 0x2000 <boot.img.backup
rkflashtool: info: interface claimed
rkflashtool: info: writing flash memory at offset 0x00008000
rkflashtool: info: writing flash memory at offset 0x00008020
.......
rkflashtool: info: writing flash memory at offset 0x00009fe0
You can find a list of all partitions of your tablet in the HWDEF file, which is inside the update.img for your tablet. If no such file is available, you can also look at /proc/cmdline on a running device (either through adb or a terminal app running on the device itself). Depending on the tablet, you might need root access to view /proc/cmdline. Another option is dumping the first 0x2000 blocks of nand flash by issuing rkflashtool r 0x0000 0x2000 >parm. View the file with hexedit, xxd, or a similar program. The kernel parameters contain a description of several mtd partitions (sizes and offsets).
After reading and writing at will, you can reboot your tablet by issuing
./rkflashtool b
Note that if your tablet has an on/off/locked-switch and it is still in the locked position, rebooting won't work.
If the file you are writing is smaller than the specified size, the rest is padded with zeroes. If it's bigger, it will be truncated. This is different from rkflash, which will overwrite blocks beyond the partition size.
rkflashtool does not support flashing a new bootloader directly.
If you have a different tablet, please try rkflashtool b and r first before flashing (w) something new.
Standard DISCLAIMER with regard to bricking your tablet applies.
Enjoy!
EDIT: better build instructions, clean up text
EDIT2: works on rk2918 tablets too (tested on Arnova 7 G2) if you change the USB product id from 0x281a to 0x290a before compilation
EDIT3: released version 2 of rkflashtool. now supports rk2918 tablets out of the box. if it doesn't find one, it falls back to rk2808/rk2818. also, updated the wording a bit.
EDIT4: new mac osx binary
EDIT5: more ways to find offsets and sizes of partitions on your tablet
EDIT6: small emphasis changes above and...
version 1 is here ONLY for archival purposes or if version 2 does not work on your rk28xx tablet. In all other cases, you need to download rkflashtool-v2.zip
Thanks a lot for this flash tool. I'm on MacOSX and Ubuntu and don't have Windows either. I tried the original rkflash as well but couldn't get it to work. On my Ubuntu boxes your rkflashtool compiles and works fine.
My Archos 7 HT V2 presents itself also as:
Code:
Bus 002 Device 004: ID 2207:281a
Reading partitions works fine and so does writing.
I did a quick modification of a system.img (left some files out) of my custom froyo rom and wrote it to my tablet.
That works fine. As /data is a separate partition I even have all my downloaded apps, data, settings, etc. This makes modifying a new rom much faster then building a complete update.img, flashing it, restore some data and then start testing.
Nice work.
great! finally I can remove one line from my todo list
thank you!
EDIT:
random notes (I don't see your code yet so it may be fixed, then sorry)
* I always specify b(reboot) for rk2818 tablets with my rkflash because it hanged easily if I try to write multiple times without b
* parameter file need to be converted with rkcrc -p. official RKAndroid tools flashed it 5 times with offsets. (read & check 1st 0x0-0x2000 block)
* I logged how to update bootloader, but it's complicated and I could not understand probably bootloader can be updated via misc partition. see update-script in update.img. (but not recommended/no reason to do it)
EDIT2:
there is libusb for Windows and OS X. rkflashtool may work on them.
on Windows, there is RKAndroidTool.exe (not batchupgrade). but "read" function in rkflash/rkflashtool may be useful on some case on Windows
Good to hear it works for others, too! I have not had a hanging tablet after several writes in one session, but this might depend on the tablet.
Thanks for mentioning that it should also work on other platforms supported by libusb. I'd forgotten to do that.
About using update.img to flash a new bootloader, this can be done, but if you brick the tablet by flashing a wrong/faulty bootloader, you can only unbrick it with the Windows tools
Which leads me to the question: could you send me the snooped log of updating the bootloader? Two people see more than one and perhaps we can eventually manage to do this through libusb too.
ivop said:
About using update.img to flash a new bootloader, this can be done, but if you brick the tablet by flashing a wrong/faulty bootloader, you can only unbrick it with the Windows tools
Click to expand...
Click to collapse
probably you also need a needle to short pins of NAND chip
so I don't recommend to flash bootloader
ivop said:
Which leads me to the question: could you send me the snooped log of updating the bootloader? Two people see more than one and perhaps we can eventually manage to do this through libusb too.
Click to expand...
Click to collapse
I made that log several months ago with another windows machine which is not used lately. I'm not sure log is still exist... if I find it, I'll send it to you (but please don't expect)
probably you may also get log on Windows on VM on Linux. it seems VMware has log function (refer http://vusb-analyzer.sourceforge.net/tutorial.html) or there is "usbmon" function in Linux.
actually I didn't try this way myself so it may be wrong, sorry.
I've tryed a couple of firmwares, cooking my own.
Every time after flashing, tablet shows boot animation and after few seconds display becomes dark.
My investigation led me to following:
Log shows:
Code:
ERROR/Lights(865): write_int failed to open /sys/class/backlight/rk28_button_light/brightness
in /sys/class/backlight I found symlink (rk28_bl):
rk28_bl -> ../../devices/platform/rk28_backlight/backlight/rk28_bl
Shouldn't be there another symlink named r28_button_light ?
I'm using MANTA MID001 from Poland.
fun_ said:
EDIT2:
there is libusb for Windows and OS X. rkflashtool may work on them.
Click to expand...
Click to collapse
ivop said:
Good to hear it works for others, too! I have not had a hanging tablet after several writes in one session, but this might depend on the tablet.
Click to expand...
Click to collapse
I did a couple of successive writes as well from ubuntu.
ivop said:
Thanks for mentioning that it should also work on other platforms supported by libusb. I'd forgotten to do that.
Click to expand...
Click to collapse
My main platform is OSX and I immediately added libusb. So far I have not been able to compile rkflashtool despite declaring all kind of CFLAGS, CXXFLAGS and/or LDFLAGS.
Trying a little bit more.
Could you post the compiler warnings/errors here? I might be able to help out.
ivop said:
Could you post the compiler warnings/errors here? I might be able to help out.
Click to expand...
Click to collapse
I managed to compile it. It took a lot of hurdles. I used the build environment I also use for Hugin for which I'm the OSX maintainer.
I now built a single combined 32/64bit (i386/x86_64) rkflashtool that will run on 10.4.x/10.5.x/10.6.x/10.7.x (building multi-architecture, multi-version binaries/libraries in one binary/library is possible on OSX. I'm not going to explain that here but it's a feature of OSX).
The compiled version is attached. You can also attach it to your first post if you like.
It works fine. I did some reading/writing of images without issues.
If you are on OSX and have macports installed, you can do the following to build rkflashtool.
Install libusb from Macports:
Code:
sudo port install libusb
cd into the folder where your rkflashtool.c is is and run the following command:
Code:
gcc -I/opt/local/include -I/opt/local/include/libusb-1.0 \
-L/opt/local/lib -o rkflashtool rkflashtool.c -lusb-1.0 -W -Wall
This will build rkflashtool for your native environment (OSX version, hardware and config).
--- removed the rest of the post as well as the attachments. He/She who is interested in building a complete universal distributable rkflashtool can ask via this thread ---
UPDATE: Works on rk2918 tablet too
Yesterday I have tested the tool on an Arnova 7 G2 tablet, which has an rk2918 CPU. If you change the ProductID before compilation, like this:
... libusb_open_device_with_vid_pid(c, 0x2207, 0x281a) ...
to
... libusb_open_device_with_vid_pid(c, 0x2207, 0x290a) ...
it'll work, except for rebooting the device if the tablet is still locked. To boot the tablet in bootloader mode, turn off the tablet completely, put the on/off-switch in the locked position and connect it to your computer. It should be visible now with lsusb. For further instructions, see first post. I advise dumping the first 0x2000 blocks at offset 0x0000 first as this contains the parameter block in which you can see where each partition starts and how big it is.
ivop said:
UPDATE: Works on rk2918 tablet too
Yesterday I have tested the tool on an Arnova 7 G2 tablet, which has an rk2918 CPU. If you change the ProductID before compilation, like this:
... libusb_open_device_with_vid_pid(c, 0x2207, 0x281a) ...
to
... libusb_open_device_with_vid_pid(c, 0x2207, 0x290a) ...
Click to expand...
Click to collapse
Feature request :
I's nice but could you also make it a startup option, like the b,r,w options, with an if-else option in the source code? Something like (RK)2818 and (RK)2918 and maybe even for the older ones: (RK)2808.
In that case you only need one binary. Users who are going to use the tool will definitely know what CPU they have.
surfer63 said:
Feature request :
I's nice but could you also make it a startup option, like the b,r,w options, with an if-else option in the source code? Something like (RK)2818 and (RK)2918 and maybe even for the older ones: (RK)2808.
In that case you only need one binary. Users who are going to use the tool will definitely know what CPU they have.
Click to expand...
Click to collapse
I released a new version and updated the first post. It now tries to connect to an rk2918 tablet and if it doesn't find one, it falls back to rk2818.
The V2 version works fine too on MacOSX. The compilation is still the same for a "my machine only" version.
I compiled a universal Intel 32bit/64bit 10.4/10.5/10.6/10.7 V2 version as well.
See attached.
Note: I don't have a RK2918 so I can only test for a RK2818 tablet.
Hi,
Thanks for your thread it's very intersting.
I succeed flashing my boot partition with your tool but I don't success in remount,rw my system partition. It's cramFS and in init.rk28board.rc you can see those line :
Code:
# Mount /system rw first to give the filesystem a chance to save a checkpoint
mount cramfs [email protected] /system
mount cramfs [email protected] /system ro remount
I tried everything like replacing ro by rw, deleting the second line but my system stills in ReadOnly, don't understand why. I also tried deleting those lines to test if my flash process works properly and it's worked... So I'm lost. Any idea ?
----
Other thing, if I want to do same as flashing boot partition but with system partition is it possible with the same process ? Unfortunately I don't know the beginning offset of the partition. I don't know where to find HWDEF file. The size of partition is 00038000 (hex) bytes => 229376 (dec) bytes
Here is my /proc/mtd :
Code:
dev: size erasesize name
mtd0: 00002000 00000010 "misc"
mtd1: 00004000 00000010 "kernel"
mtd2: 00002000 00000010 "boot"
mtd3: 00004000 00000010 "recovery"
mtd4: 00038000 00000010 "system"
mtd5: 0003a000 00000010 "backup"
mtd6: 0003a000 00000010 "cache"
mtd7: 00080000 00000010 "userdata"
mtd8: 00534000 00000010 "user"
mtd9: 00020000 00000010 "pagecache"
mtd10: 00020000 00000010 "swap"
Thank you for your great job
My problem is solved. I was searching for a while but ivop gave the answer in a previous post
I advise dumping the first 0x2000 blocks at offset 0x0000 first as this contains the parameter block in which you can see where each partition starts and how big it is.
Click to expand...
Click to collapse
So I did it, after I opened an Hex Editor like GHex on Ubuntu and I can saw this :
Code:
[email protected](misc),
[email protected](kernel),
[email protected](boot),
[email protected](recovery),
[email protected](system),
[email protected](backup),
[email protected](cache),
[email protected](userdata),
[email protected](user)
So system partition starts at E000 and has a length of 38000 (hex) bytes.
Thanks for your help this thread is now in my bookmarks
And really nice job with this flashtool
I pushed latest my rkutils to https://github.com/naobsd/rkutils
rkunpack can unpack RKFW image used in RK2918 ROM, RKAF image (update.img), KRNL/PARM image used in some single partition image. unpack will be done recursively.
rkcrc can make KRNL/PARM images with -k/-p.
rkafpack can make RKAF image. (I need to write docs/howtos...)
little off-topic,
latest RK2918 ROMs which is based on "SDK2.0", new format for boot.img/recovery.img is introduced. it's almost same as common boot.img format for android. unpackbootimg/mkbootimg can be used to unpack/repack it with one exception...
there is SHA1 hash value in header of boot.img (offset 0x240 bytes). Rockchip changes it by some unknown way. normal mkbootimg can't generate same hash value as Rockchip, so we can't make custom boot.img with new format
fortunately, we can split new boot.img, and we can make separate kernel.img and boot.img(ramdisk) like as pre-SDK2.0 RK2918 ROMs, which is loadable with new bootloader in SDK2.0 ROMs.
--
btw I just found interesting one: https://github.com/jhonxie/rk2918_tools
relsyou said:
My problem is solved. I was searching for a while but ivop gave the answer in a previous post
So I did it, after I opened an Hex Editor like GHex on Ubuntu and I can saw this :
Code:
[email protected](misc),
[email protected](kernel),
[email protected](boot),
[email protected](recovery),
[email protected](system),
[email protected](backup),
[email protected](cache),
[email protected](userdata),
[email protected](user)
So system partition starts at E000 and has a length of 38000 (hex) bytes.
Thanks for your help this thread is now in my bookmarks
And really nice job with this flashtool
Click to expand...
Click to collapse
I'll add that to my first post. Also, you can view /proc/cmdline to see a list of partitions. It's part of the kernel command line.
Note that the lengths are not in bytes but in blocks of 512 bytes. This happens to be the same as the requirements of the rkflashtool btw (length in blocks).
As for having a writable system partition, currently the system partition is cramfs which cannot be written to. Ever. If you want a writable system partition, you need to change it to ext3 for example. That means unpacking fun_'s system.img and recreating it as an ext3 partition.
In short:
Unpack cramfs img with cramfsck -x (as root, so you preserve permissions and uid/gid)
Create an empty file the size of your system partition (dd if=/dev/null of=fubar.img bs=512 count=...... et cetera, do the math)
mkfs.ext3 fubar.img
mount -o loop fubar.img /someplacemountable
copy contents of old image to /someplacemountable (use cp -a to preserve ownership etc)
umount
flash fubar.img to system partition
change init.rk28board.rc to reflect the changes
reflash boot.img
reboot device
This is untested, but should work in theory.
Another option is to keep the system partition read-only and use unionfs to overlay a writable partition. I'm not sure if this can be a file on your userdata partition mounted with -o loop, but I suppose it can. This depends on your kernel having unionfs and loopback support though.
fun_ said:
I pushed latest my rkutils to https://github.com/naobsd/rkutils
Click to expand...
Click to collapse
Nice! I was thinking about creating an rkpack(tool ) myself, but I see it's not necessary anymore.
here is an example for rkafpack
Code:
$ rkunpack N3NET-2.3-20110722.img
[COLOR="Red"][B]FIRMWARE_VER:1.0.0[/B][/COLOR]
[COLOR="Red"][B]MACHINE_MODEL:rk2818sdk[/B][/COLOR]
MACHINE_ID:
[COLOR="Red"][B]MANUFACTURER:rock-chips[/B][/COLOR]
unpacking 12 files
-------------------------------------------------------------------------------
00000800-00000fff [COLOR="Red"][B]HWDEF:HWDEF[/B][/COLOR] 797 bytes
00001000-000017ff [COLOR="Red"][B]package-file:package-file[/B][/COLOR] 532 bytes
00001800-00021fff [COLOR="Red"][B]bootloader:RK28xxLoader(L).bin[/B][/COLOR] 131700 bytes
00022000-000227ff [COLOR="Red"][B]parameter:parameter:[email protected][/B][/COLOR] 506 bytes
00022800-0002e7ff [COLOR="Red"][B]misc:Image/misc.img:[email protected][/B][/COLOR] 49152 bytes
0002e800-0066bfff [COLOR="Red"][B]kernel:Image/kernel.img:[email protected][/B][/COLOR] 6541946 bytes
0066c000-006947ff [COLOR="Red"][B]boot:Image/boot.img:[email protected][/B][/COLOR] 163844 bytes
00694800-008e8fff [COLOR="Red"][B]recovery:Image/recovery.img:[email protected][/B][/COLOR] 2441220 bytes
008e9000-085fc7ff [COLOR="Red"][B]system:Image/system.img:[email protected][/B][/COLOR] 131149828 bytes
----------------- [COLOR="Red"][B]backup:SELF:[email protected][/B][/COLOR] (N3NET-2.3-20110722.img) 140498948 bytes
085fc800-085fcfff [COLOR="Red"][COLOR="Red"][B]update-script:update-script[/B][/COLOR][/COLOR] 1294 bytes
085fd000-085fd7ff [COLOR="Red"][B]recover-script:recover-script[/B][/COLOR] 266 bytes
-------------------------------------------------------------------------------
unpacked
$ rkafpack \
[COLOR="Red"][B]FIRMWARE_VER:1.0.0[/B][/COLOR] \
[COLOR="Red"][B]MACHINE_MODEL:rk2818sdk[/B][/COLOR] \
[COLOR="Red"][B]MANUFACTURER:rock-chips[/B][/COLOR] \
[COLOR="Red"][B]HWDEF:HWDEF[/B][/COLOR] \
[COLOR="Red"][B]package-file:package-file[/B][/COLOR] \
'[COLOR="Red"][B]bootloader:RK28xxLoader(L).bin[/B][/COLOR]' \
[COLOR="Red"][B]parameter:parameter:[email protected][/B][/COLOR] \
[COLOR="Red"][B]misc:Image/misc.img:[email protected][/B][/COLOR] \
[COLOR="Red"][B][B]kernel:Image/kernel.img:[email protected][/B][/B][/COLOR] \
[COLOR="Red"][B]boot:Image/boot.img:[email protected][/B][/COLOR] \
[COLOR="Red"][B]recovery:Image/recovery.img:[email protected][/B][/COLOR] \
[COLOR="Red"][B]system:Image/system.img:[email protected][/B][/COLOR] \
[COLOR="Red"][B]backup:SELF:[email protected][/B][/COLOR] \
[COLOR="Red"][B]update-script:update-script[/B][/COLOR] \
[COLOR="Red"][B]recover-script:recover-script[/B][/COLOR] \
> new.img
$ sha1sum N3NET-2.3-20110722.img new.img
e758a6c47dca7f09f0b8a82ad89b0cd7c7c8e826 N3NET-2.3-20110722.img
e758a6c47dca7f09f0b8a82ad89b0cd7c7c8e826 new.img
some values are empty in RK2818 ROM.
--
here is how to make RKFW image
Code:
$ rkunpack N50-2.3-20111103-ZZ-SDK2.0.img
VERSION:2.0.3
unpacking
00000000-00000065 N50-2.3-20111103-ZZ-SDK2.0.img-HEAD 102 bytes
00000066-00022623 N50-2.3-20111103-ZZ-SDK2.0.img-BOOT 140734 bytes
00022624-0c342627 update.img 204603396 bytes
unpacking update.img
================================================================================
FIRMWARE_VER:0.2.3
MACHINE_MODEL:rk29sdk
MACHINE_ID:007
MANUFACTURER:RK29SDK
unpacking 10 files
-------------------------------------------------------------------------------
00000800-00000fff package-file:package-file 540 bytes
00001000-000237ff bootloader:RK29xxLoader(L)_V2.08.bin 140734 bytes
00023800-00023fff parameter:parameter:[email protected] 610 bytes
00024000-0002ffff misc:Image/misc.img:[email protected] 49152 bytes
00030000-006a3fff boot:Image/boot.img:[email protected] 6766592 bytes
006a4000-01167fff recovery:Image/recovery.img:[email protected] 11288576 bytes
01168000-0c31efff system:Image/system.img:[email protected] 186346496 bytes
----------------- backup:SELF:[email protected] (update.img) 204603396 bytes
0c31f000-0c31f7ff update-script:update-script 933 bytes
0c31f800-0c31ffff recover-script:recover-script 266 bytes
-------------------------------------------------------------------------------
================================================================================
00022624-0c342627 N50-2.3-20111103-ZZ-SDK2.0.img-MD5 32 bytes
unpacked
$ cat N50-2.3-20111103-ZZ-SDK2.0.img-HEAD N50-2.3-20111103-ZZ-SDK2.0.img-BOOT update.img > new.img
$ md5sum new.img
[COLOR="Red"][B]5191abc65649eacf8d2476e37d84a046[/B][/COLOR] new.img
$ cat N50-2.3-20111103-ZZ-SDK2.0.img-MD5
5191abc65649eacf8d2476e37d84a046
$ echo -n [COLOR="Red"][B]5191abc65649eacf8d2476e37d84a046[/B][/COLOR] >> new.img
$ sha1sum N50-2.3-20111103-ZZ-SDK2.0.img new.img
3120b13df8886e0ddfae0e35379443c27c925572 N50-2.3-20111103-ZZ-SDK2.0.img
3120b13df8886e0ddfae0e35379443c27c925572 new.img
Can not backup TA with BackupTA_V2 on Z3 dual with stock ROM. Will someone please help find out what is going wrong? Here are the details:
Code:
$ adb devices -l
List of devices attached
CB5A25TMFR device usb:2-1.1 product:D6633 model:D6633 device:D6633
$ adb shell getprop ro.build.description
D6633-user 5.0.2 23.1.1.E.0.1 937646546 release-keys
$ adb shell cat /proc/version
Linux version 3.4.0-perf-g72984dd ([email protected]) (gcc version 4.8 (GCC) ) #1 SMP PREEMPT Fri Feb 27 18:06:32 2015
$ ./backupTA.sh
Running on D6633 on 32-bit platform
Pushing files
127 KB/s (13644 bytes in 0.104s)
109 KB/s (5364 bytes in 0.047s)
185 KB/s (9512 bytes in 0.050s)
98 KB/s (5416 bytes in 0.053s)
109 KB/s (5364 bytes in 0.047s)
23 KB/s (1094 bytes in 0.046s)
Running scripts to dump ta to "TA_D6633_CB5A25TMFR_20171203-1843.img" on device
Overwriting run-as
Attempting to dirtycow
Done dirtycowing
Overwriting secondary payload (screenrecord)
Attempting to dirtycow
Done dirtycowing
Reading dumpta from stdin...
Read dumpta from stdin at 0 bytes
Attempting exploit with buf of length 0
Error loading source file: No such file or directory
Error dirtycowing, trying again...
Attempting exploit with buf of length 0
Error loading source file: No such file or directory
Error dirtycowing, trying again...
Attempting exploit with buf of length 0
Error loading source file: No such file or directory
Error dirtycowing, trying again...
Attempting exploit with buf of length 0
Error loading source file: No such file or directory
Error dirtycowing, trying again...
Attempting exploit with buf of length 0
Error loading source file: No such file or directory
Error dirtycowing, trying again...
Attempting exploit with buf of length 0
Error loading source file: No such file or directory
Error dirtycowing, trying again...
Attempting exploit with buf of length 0
Error loading source file: No such file or directory
Error dirtycowing, trying again...
Attempting exploit with buf of length 0
Error loading source file: No such file or directory
Error dirtycowing, trying again...
Attempting exploit with buf of length 0
Error loading source file: No such file or directory
Error dirtycowing, trying again...
Attempting exploit with buf of length 0
Error loading source file: No such file or directory
Error dirtycowing, trying again...
Dumped TA as TA_D6633_CB5A25TMFR_20171203-1843.img
File: /data/local/tmp/TA_D6633_CB5A25TMFR_20171203-1843.img with size: 0x0 is not a valid dump!
Sorry trim area dump is corupted and not a safe, please try again!
Pulling image
remote object '/data/local/tmp/TA_D6633_CB5A25TMFR_20171203-1843.img' does not exist
Cleaning up
TA Backup Failed!! Please reboot and try again.
NOTE: If you are running Android Nougat, you need to downgrade to use this tool.
$
The solution was to update to Android 6.0.1
$ adb shell getprop ro.build.description
D6633-user 6.0.1 23.5.A.1.291 2769308465 release-keys
$ adb shell cat /proc/version
Linux version 3.4.0-perf-gc14c2d5 ([email protected]) (gcc version 4.9.x-google 20140827 (prerelease) (GCC) ) #1 SMP PREEMPT Tue Jun 28 11:15:51 2016
Now the backupTA_v2 workes.
Meanwhile I found out that backupTA.sh leaves two files (particularly dumpta and checkta) on the device:
Code:
echo "Cleaning up"
adb shell "rm -f /data/local/tmp/dirtycow /data/local/tmp/run-as /data/local/tmp/exploitta /sdcard/dumpta /data/local/tmp/backupTA.sh"
If you think that this information worth mentioning, please copy it to TA Backup v2 thread, cause I still can not