Database Info

[HELP!] Velocity Cruz T301 Full Brick Recovery

Hi XDA,
so basically i bought a Velocity Cruz T301 recently and followed the known procedures for rooting, flashing ClockworkMod Recovery and custom rom (SJHill Rom v0.3).
before the full brick my device was at ClockworkMod 5 and rooted with SJHill Rom v0.3.
i installed CWM by flashing the zip in stock recovery, then succesfully rooted the device, finally wiped and flashed my custom rom
after major dissapointment in this tablets performance i decided i wanted to get rid of it.
So i downloaded the stock rom, wipe and flashed it onto the tablet...
the tablet turned off when it was finished (i think it was attempting to reboot) and never turned back on again...EVER! :good:
i cant even get to recovery
i tried flashing with adb and fastboot but the device is never even presents itselft to the computer.
i found out that you can boot the device into USB boot mode where you hold the "VOL -" (Volume Down) button and press the reset button and while connected to the computer (windows only) a "JZ4760 USB Boot Device" appears.
i did some googling and also found out that the T301 is based on similar tech to a bunch of tablets and they can all be modified by some software released by Ingenic called USBBootTool.exe
the tool is written in chinese and i cant decypher it all, though i found out how to use it based on its usage for other Ingenic based tablets
1.) you will need to disable driver signature verification (press F8 on boot of windows and toggle the setting, i hate rebooting too but it has to be done)
2.) boot your tablet into USB Boot Mode (hold down Vol - and press Reset button)
3.) install the driver for your device (included in the files below)
4.) with the tablet disconnected you would open the USBBootTool.exe
5.) select your tablet in the options and fill each box with the files needed to flash (files included below)
6.) reconnect the tablet while still in USB Boot Mode and the software will flash your device on detection
everything goes fine for me except when i get to the flashing part in the end.
when USBBootTool detects my tablet, it attempts to flash and gives me a stream of errors and never flashes my device.
i dont know what to do at this point. i have provided direct links to all the software im using and also links to where i got them.
any help would be appreciated, thank you to the XDA community in advance
>------------------- DOWNLOADS ------------------------<
USBBootTool.exe / Tablet Drivers (4725 / 4725B / 4740 / 4750 / 4755 / 4760 / 4770)
http://dl.dropbox.com/u/79196608/burn_tools_3.0.16.rar
obtained from - http://forum.xda-developers.com/showthread.php?t=1720621
Velocity Cruz T301 Update.zip (contains the system.img / data.img / mbr-xboot.bin files)
http://www.cruztablet.com/T301update.zip
obtained from - http://www.cruztablet.com/Article_861.php
SJHill Rom v0.3
http://www.androidfilehost.com/?fid=9390362690511176486
obtained from - http://www.slatedroid.com/topic/27583-rom-t301-sjhill-rom-17-feb-2012-download-link-updated/
ClockworkMod 5
http://files.androtab.info/ingenic/cwm/20120514/T301-recovery-signed.zip
obtained from - http://androtab.info/mips/ingenic/clockworkmod/

I have the same situation. I have gone through every menu in the USB Boot tool and to no avail am I able to recover my T100.

gmick is redoing the software because the coding is set up wrong. Once he gets that figured out there should be a fool proof unbricking method that we can follow. He is posting information over on Slate Droid if you want to take a look.

feyerbrand said:
gmick is redoing the software because the coding is set up wrong. Once he gets that figured out there should be a fool proof unbricking method that we can follow. He is posting information over on Slate Droid if you want to take a look.
Click to expand...
Click to collapse
ok post the link to the thread, and ill add it to the first post as a solution if its found to be a working one

JustSayTech said:
ok post the link to the thread, and ill add it to the first post as a solution if its found to be a working one
Click to expand...
Click to collapse
*Cross Post from SlateDroid* (but I can't post the link because XDA won't allow it)
I found out why the USB boot isn't working. Well, more appropriately I know where it fails but not exactly "why".
The USB Boot tool works like this:
1) Send x00 command (Get CPU Info)
2) Device responds with "JZ4760V1"
3) Host sends two binaries, stage1 and stage2. Stage 1 sets up memory stuff, and Stage 2 sets up USB flashing functions.
4) Host checks that the binaries executed by issuing another x00 command (Which serves as an "Are you still there?" function)
5) If the response is good, the host will flash the images, if the response is bad, it will abort.
Our devices are failing at step 4. The linux usb boot tools (xburst-tools) fail in an identical fashion.
I know that the first stage binary transfers and executes fine because if it didn't the device would be limited to 16k. The second stage is 120K and is transferred successfully. Once the second stage "execute" command is sent, the device crashes.
The second stage is also unique to the CPU type. I've used all of the binaries for JZ4760 I could find on the net and when that failed I cross compiled my own binary from source and it still crashed.
At this point I highly doubt I'll ever be able to fix it, and this completely explains why no one could get any usb recovery tool to work while others using similar devices could. I guess our board is modified just enough for ingenic's stock binaries to fail. Without knowing what's changed (getting Velocity Micro's source) we're SOL.
I can open it up again and solder on the serial header but I'm betting it's going to give me some generic "couldn't execute" message that isn't going to help me. I'll probably do this anyway though because I've come this far so what's the loss.

wow, i learned alot from that post, seems like writing a usbboottool-like application that can send the commands but also log and possibly bypass security checks etc but that def would take sometime. thank you for your insight, seems youve come the closest to cracking the case, actually you found the fault, hopefully your methods can eventually bring about a fix

JZ 4770
gmick said:
*Cross Post from SlateDroid* (but I can't post the link because XDA won't allow it)
I found out why the USB boot isn't working. Well, more appropriately I know where it fails but not exactly "why".
The USB Boot tool works like this:
1) Send x00 command (Get CPU Info)
2) Device responds with "JZ4760V1"
3) Host sends two binaries, stage1 and stage2. Stage 1 sets up memory stuff, and Stage 2 sets up USB flashing functions.
4) Host checks that the binaries executed by issuing another x00 command (Which serves as an "Are you still there?" function)
5) If the response is good, the host will flash the images, if the response is bad, it will abort.
Our devices are failing at step 4. The linux usb boot tools (xburst-tools) fail in an identical fashion.
I know that the first stage binary transfers and executes fine because if it didn't the device would be limited to 16k. The second stage is 120K and is transferred successfully. Once the second stage "execute" command is sent, the device crashes.
The second stage is also unique to the CPU type. I've used all of the binaries for JZ4760 I could find on the net and when that failed I cross compiled my own binary from source and it still crashed.
At this point I highly doubt I'll ever be able to fix it, and this completely explains why no one could get any usb recovery tool to work while others using similar devices could. I guess our board is modified just enough for ingenic's stock binaries to fail. Without knowing what's changed (getting Velocity Micro's source) we're SOL.
I can open it up again and solder on the serial header but I'm betting it's going to give me some generic "couldn't execute" message that isn't going to help me. I'll probably do this anyway though because I've come this far so what's the loss.
Click to expand...
Click to collapse
for my JZ4770 Earlier USB tool was flashing .img without any problem but for now it is saying "load cfg failed". "API downlaod failed' like dialogues and doesnt flash anything. Any idea? Thanks in advance!!

First restart your computer (actually restart it) then redownload the USB boot tool and save it in a completely new directory and use a different USB port
Sent from my Pokeball

Yes, I did
JustSayTech said:
First restart your computer (actually restart it) then redownload the USB boot tool and save it in a completely new directory and use a different USB port
Sent from my Pokeball
Click to expand...
Click to collapse
Yes, I tried with this suggestion. Rather I reinstalled xp and the tried again. But the dialogues are same. The history is like this. Was having ICS on JZ 4770. Formatted with usb tool and put JB updates. It was not sensing touch so reflashed another JB updates. Now the tab boots, it reaches to boot logo for around 12 seconds and restarts in stock recovery. While it is in booting stage it get detected by windows and adb also. In stock recovery mode it get detected by windows and in turn by adb also. If I tried to install updates through SD card it shows it had installed and reboots after completion. But again the same way it goes to boot logo and then back to stock JB recovery. It also boots in ingenic boot device mode and gets detected by USB burn tools. But when try to flash any of the ROM it gives the same dialogues "check cfg failed" "api download failed" "boot. fw failed" and cant flash anything.
Is there any tool which can be flashed or a script which can be used from SD card for completely formatting flash memory so that USB burn tool can flash required ROM?

can you flash the stock rom in recovery?

Managed using USB BOOT TOOL for ingenic JZ 4770 board in English
JustSayTech said:
can you flash the stock rom in recovery?
Click to expand...
Click to collapse
thanks man but I managed to boot the device. I used following USB BOOT TOOL for ingenic 4770 boards. The goodness with this tool, this is completely in English. You will know what you are doing. Even after opening the main window of the tool you can right click and then get another options(yes again in English). My problem with this device was bad blocks at 1024. In the options there is chance to force erase whole the nand partitions which I used and erased all the partitions thereby made all the partions available for flashing and readable by the tool. Then from File option selected stock rom files and flashed them. While flashing selected JZ4770 iNanad.ini file in manual configuration. This tool has really helped me to come out of the issue and will be useful for guys using JZ 4770 board.
http://www.4shared.com/rar/m1BUV5r2/USBBurnTool_20120401_for_relea.html

Got USBBootTool.exe kind of working.
1. Download the following file from Ingenic.
ftp * ingenic * cn/3sw/01linux/tmp/jz4770-20110610.rar
2. Download Applocale from Microsoft.
www * microsoft * com/en-us/download/details.aspx?id=13209
3. Extract the jz4770-20110610.rar and find the folder. (Using 7zip should keep the UTF encoding in Chinese)
20110610\04burn\20110524_4770_Programmer
4. Copy the folder 20110524_4770_Programmer to location you want to use it in.
5. Install Microsoft Applocale (Just in case, I don't think it is required)
Now Start Applocale and create a shortcut to USBbootTool.exe inside 20110524_4770_Programmer
中文(简体) is simplified Chinese option and should let you view the GUI correctly.
6. Now with the Applocale Shortcut created for USBbootTool.exe you can start the application with correct fonts.
Now this is where is breaks down.
TABLET-8 NAND FINAL BSP(S3 TEST) will allow you to read from it and write to it, but the CFG is off.
\tool_cfg\tablet-8-nand-final.ini is the configuration for it.
DO NOT CONNECT THE DEVICE WITH ANY OPTIONS CHECKED OR LOAD ANY FILES.
See Attached Images.
Next to the Read button is some Boot Option menu. I am not fulling aware of what this does.
What I need is a someone to help me fix/correct the ini/cfg files in
\20110524_4770_Programmer\tool_cfg\.ini
\20110524_4770_Programmer\4760\
to correctly match the files of the NAND.
Also if anyone has a copy (dd to img) or (cat to img) of the block devices.
That would help a ton.
# cat /proc/partitions
# cat /proc/mtd
I would also love another T10x Tablet for cheap.
I want to start building things like new bootloader, kernel, system image,
performance libraries to take full use of the Ingenic JZ4760 (www * ingenic * cn/product.aspx?CID=11)
I also bring Christmas gifts
2 APKS. You can place them in /system/app or /data/app.
Google Play will crash now and again, but it will load and work. (Vending.apk)
Secondly I bring the gift of performance increase, just by a slight bit.
edit the line of the heapsize in /system/build.prop dalvik.vm.heapsize=96m
Remember to make sure the permissions are set back to 666 or 644.
Original Vending.Apk before updates came from here: (Incase you are paranoid)
code * google * com/p/ics-nexus-s-4g/source/browse/trunk/system/app/Vending.apk?spec=svn20&r=18
ics-nexus-s-4g * googlecode * com/svn-history/r18/trunk/system/app/Vending.apk
To prevent spam on the XDA forums, ALL new users prevented from posting outside links in their messages. After approximately 10 posts, you will be able to post outside links. Thank you for
Click to expand...
Click to collapse
Stupid. how do you expect real people to help post Tech Docs? That is bad Moderating and Administrating.
Make sure to replace the Asterisk's with spaces to normal dots.

Requesting Block Images.
Does anyone have a copy of it they can send me for a T10x?

block images......
IceGryphon said:
Does anyone have a copy of it they can send me for a T10x?
Click to expand...
Click to collapse
Which block images do you want?
...also is there a way to rip the stock images off the jz4760 in the t301.
Such as:
Can i usethe ingenic uboot tool?
Anybody find the jtag pins?
Is the 4 pin conn next 2 the batt for serial?
.......i guess ill try to take a look this weekend
Ics would be really nice, but probably slower than stock..... especially with the limited ram
I unpacked the stock rom. I also unpacked an ics rom for a jz4770, and repo sync'd the aosp and mips 3.0.8 android kernel.
I'm still trying to figure out specs for the processor though. I know that its mips32 - el- fp- r1, but i cannot figur out the dsp version ... if it has one?

Error in erasing nand
nanachitang420 said:
thanks man but I managed to boot the device. I used following USB BOOT TOOL for ingenic 4770 boards. The goodness with this tool, this is completely in English. You will know what you are doing. Even after opening the main window of the tool you can right click and then get another options(yes again in English). My problem with this device was bad blocks at 1024. In the options there is chance to force erase whole the nand partitions which I used and erased all the partitions thereby made all the partions available for flashing and readable by the tool. Then from File option selected stock rom files and flashed them. While flashing selected JZ4770 iNanad.ini file in manual configuration. This tool has really helped me to come out of the issue and will be useful for guys using JZ 4770 board.
http://www.4shared.com/rar/m1BUV5r2/USBBurnTool_20120401_for_relea.html
Click to expand...
Click to collapse
I used english ingenic tool to erase bad blocks but m nt able erase bad blocks live suit is giving eror id=0x4848

[TOOL][NABIXD] NabiRootXD Root, Gapps, Recovery

NabiRootXD v2​
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
This is a tool for rooting, installing Gapps(Play Store, etc), and adding custom TWRP recovery on Nabi XD. It's written as a windows command line batch file, and is based off NabiLab I made for Nabi2.
It was an adventure to say the least. I include some of the hurdles for those that want to duplicate the root process or just to place my thoughts "on paper" because of the 100's of posts I read from those that posted detailed information and allowed me to gain useful insight in how I could adapt things for the XD, and explain in one swoop to the many PM's I have received about "when will we see root on the XD" why it took so freaking long. Those that just want the program can continue to the Overview section.
What started as an interesting avenue was TWRP using the Nabi2 kernel was booting the NabiXD to TWRP without video. I thought it possible to dd the recovery, or boot kernel. Unfortunately it was unable to recognize internal storage as a block device and that ended that. Like a few devices on Android 4.1.1 and above the standard once click program using Bin4ry's ADB restore exploit doesn't work. It doesn't work for a couple of reasons, when restoring fakebackup.ab in locks up writing the first file, and even if it did work placing ro.kernel.qemu=1 in local.prop doesn't work because Jelly Bean doesn't parse any property files to set the ownership of adb daemon. Searching the file system I found su2 in the xbin directory. This was promising as it is the su program but renamed, also unfortunate was its permissions had no setuid bit set and while it was executable it would not change uid to 0. I then foolishly went down the path of nvflash(forced recovery). I attempted a few different avenues here to try and possibly get the SBK to unlock nvflash, that proved uneventful, especially without root access. I tried extracting what "could" be the key from the Nabi2 it hope it was reused. That lead no where, it would be awesome to have access to it for many other reasons but it turned out to be an exercise in learning but ultimately a waste of time. Then on to other Android exploits... Tried Samba, debugfs, and vfat exploit. All of those are either patched or I'm not skilled enough. I finally returned to looking at the ADB restore exploit.
The "tabletS" exploitation showed promise as it takes the avenue of installing /dev/sh vs ro.kernel. A side effect of the failed ADB restore bug was leaving a directory with full permissions. Bads3ctor had an interesting fakebackup.ab that was more reliable at making a directory or file that you simlinked have full permissions. Now you can step through the tabletS script more effectively where you couldn't before by manually setting permissions for files/directories you need by doing the restore for each file and directory you need. The script installs VPNfaker and backs up the /data/app directory, then creates a new app directory. This however will cause the NabiXD to rerun the initial kidsmode setup and breaks everything. You can dance around that by not rebooting, and VPN faker will still give you a Term app with system uid. From there you can't symlink the sysfs links properly to data/property but that can be worked around by moving and then removing files. Finally you can makedev /dev/sh and run su from /data/local/tmp. The end result is that the exploits and bugs found by others are adequate when strung together in the right order on the NabiXD just not the one click solutions provided on the forums, they needed some modifications and done by hand to figure out for the NabiXD
Here is a nice publication I found in my searches that is more layman terms for older root methods. http://www.sourceconference.com/publications/bos12pubs/android-modding-source.pdf
Overview
Video Overview of NabiRootXD - a video tutorial of the use of NabiRootXD.
-Root the Nabi XD
-Install Gapps(Play Store, etc)
-Make a stock backup of unrooted device
-Install stock, or TWRP recovery
-NabiLab patching system to install updates to this program
Version 2
-Fixed scripting error causing early exit
-Added 7z for patching system
Download
Read the installation section below to determine which version you want.
File names:
NabiRootXD.zip 96MB (Version 2)
Download
Download Mirror
Installation
NEW INSTALLS
1) Download NabiRootXD
NabiRootXD.zip 96MB
2) Extract the zip files to a location of your choosing. Run the NabiRootXD.bat file.
Prerequisites
1) Script is for Windows
2) ADB enabled in Android. Enter Mommy/Daddy mode. Open settings->developer options->put a check mark in USB debugging.
3) ADB and Fastboot driver. Most popular are the PDAnet drivers. You can get them here: PDAnet drivers
Usage
Obviously using this script on your NabiXD voids the warranty and I take no responsibility for the damage you cause.
MENU 1 - Root, Gapps, Recovery​
Menu Option 1 - Install Root, Recovery and Gapps
This option is best used if you have a brand new Nabi. At this point you should have met the prerequisites of enabling ADB in Android. Follow directions, most sticking points are pressing the volume + and then pressing the volume - button twice and making sure recovery kernel is the one highlighted. After its complete you should have a rooted Nabi, with Gapps and a backup of your unmodified Nabi in the folder TWRP/BACKUPS/YOURSERIAL/stockunrooted on your device. Not a bad idea to copy this off the Nabi to your computer if you need to free space or have it in a second location.
Menu Option 2 - Install Root and Recovery
Same as above but doesn't install Gapps. Some people have trouble with option 1 taking the Gapps install, I personally have never experienced it but the option is this one, or I guess if you are an elite hacker that just wants root.
Menu Option 3 - Install Gapps
Same Gapps installed in the Option 1. Useful for re-installing Gapps. This is Jelly Bean Gapps dated 10/11/2012 without Google Search. This makes NO backup of you Nabi. You will have to already have installed TWRP.
Menu Option 4 - Install Root
Installs root. Nothing fancy here, and likely unneeded but here for completeness if you find yourself in a strange situation. One that comes to mind is that you have a stock backup which you restored and don't want to do another backup so you would just run this and the gapps install. It makes NO backup. You will have to already have installed TWRP.
MENU 2 - Install Recoveries​
Menu Option 1 - Install TWRP 2.3.3.0 for Nabi Version 1.2.3
Installs TWRP 2.4.4.0. This is the latest at this time. It has a screen timeout, if the screen goes black touch the screen to wake the screen, it's not locked up.
Menu Option 2 - Install Stock Recovery
Installs stock recovery. This is useful for taking an OTA, or completely returning Nabi to stock.
Notes: TWRP installs are based off my work in this thread if you want to read more.
MENU 3 - Patch NabiLab​
Menu Option 1 - Install Patch
For any updates to NabiRootXD this is where you can automatically load them. Basically you will download NabiPatchXD.zip and place the entire zip in the patch folder. No unzipping just the single file. Then run this option.
Credits - If you see these guys buy them a beer.
jzmtaylor - Original Nabi2 script that this is based off of.
Bin4ry, Bads3ctor, HEXcube, drjbliss - all the bugs/exploits needed to accomplish root
Dees_Troy - TWRP build tutorial
Eric Karz - TWRP Theming and rooting assistance
TeamWin - They are the guys that make TWRP possible

Weeee more Easter goodies haha.
thanks aicjofs

Sir can i use this tool for installing Gapps for unrooted Galaxy Tab 7.0+ (wifi)? bcoz i updated my tablet for Honeycomb to Ice creamsandwich (China Firmware), everything is fine except that i cant open google playstore...

first of huge thank-you.. who do i send a bear donation to as a thank-you
there is a possible bug or its just me when pressing the menu button it will pull up a search, or say Google with a white back ground only way to get out isto press home if a menu appears then pressing back produces the same results

srgsng25 said:
first of huge thank-you.. who do i send a bear donation to as a thank-you
there is a possible bug or its just me when pressing the menu button it will pull up a search, or say Google with a white back ground only way to get out isto press home if a menu appears then pressing back produces the same results
Click to expand...
Click to collapse
The gapps removes the problem in system/app/quicksearchbox.apk you can rename it toquicksearchbox.bak
only other way I can think of is some how playstore added it to data/app
rename com.google.android.googlequicksearchbox.apk to com.google.android.googlequicksearchbox.bak
hth
ps: thank the op he spent hours and hours to make this happen = sacrificed his free time

Thanks for the feedback.
Perhaps we should have used the 7/26/2012 gapps? http://goo.im/gapps/gapps-jb-20120726-signed.zip 10/11/2012 is suppose to be 4.1.1 backward compatible, but perhaps there are some bugs with it on XD. Flash over the top of the current one. It will leave behind /system/app/thinkfree.apk, /system/app/microbes.apk and /system/lib/libmicrobes_jni.so, which you could remove manually. Wipe caches.
How about GPS stuff? Is that working?

i was looking at gapps-jb-20120810-JRO03C-Formula84-Custom
it has some things that sort of work like maps/local/ latitude /
I don't think gps is working
Even in the productions test it fails .
could it be a permissions problem ? I have not tried 20120726 .

Eric Karz said:
i was looking at gapps-jb-20120810-JRO03C-Formula84-Custom
it has some things that sort of work like maps/local/ latitude /
I don't think gps is working
Even in the productions test it fails .
could it be a permissions problem ? I have not tried 20120726 .
Click to expand...
Click to collapse
Do we know that the GPS works at all?

aicjofs said:
Do we know that the GPS works at all?
Click to expand...
Click to collapse
with gapps installed it doesn't seem to work .
maybe we are going to need a edited gapps ?

I'm just going to remove Google Search for now. That is highly annoying, I was messing around with ways to fix it, and got it to open in apps when you press the settings button, I was previously only getting it when pressing back button.. I updated the downloads. Until we figure out the fix, it's just too troublesome.

cool that did the trick renaming the file i do have a really stupid question is there a hiden proxy setting that makes the tablet able to bypass our DNS security filters with open dns just curious

srgsng25 said:
cool that did the trick renaming the file i do have a really stupid question is there a hiden proxy setting that makes the tablet able to bypass our DNS security filters with open dns just curious
Click to expand...
Click to collapse
I don't know if there is a hidden proxy. I'm not sure of your question. You could try going to settings-wifi. Long press the name of the network and a pop up will come up. Modify network, show advanced options. There is the proxy and DNS, for DNS you have to be static. I think there is 4.4.4.4 in there by default, plus what your router gives out.
If you are talking about something more underground I think you could use a getprop in adb shell or term.apk. I know I have seen stuff in there for DNS, something like dhcp.wlan0.dns there is stuff in there about "change" too. Should be able to set if you "su" and do a setprop. That would only be good until reboot, but could help you trouble shoot. I think it's set here /system/etc/dhcpcd/dhcpcd-hooks/20-dns.conf, maybe not in Jellybean. Anyway those are places to look if it's more then in settings that you are looking for.

ok it seems that this might be a work around to the quick search problem
edit the buildprop and change
ro.sf.lcd_density=160
to
ro.sf.lcd_density=145
I tried 149,150,59 and 120
120 does seem to fix it also but the screen makes every thing look smaller and some may not like that .(I do)
also I had to install BusyBox in order to get a few things to work including
build prop Editor by Nathan Campos (this tool seems to be a good test app to see if you have proper permissions)
note that the swipe screen will be a bit smaller under 160
maybe some one can use this info to edit quick search box we wouldn't have to change anything?

i am trying to get this tablet to use my network opendns settings and web filters

Can someone direct me to where I can get a Vista MTP driver for the Navi XD? I installed PdaNet as instructed but the tool wont connect, and I have a yellow exclamation mark by MTP Device. Can't seem to find anything else online.
EDIT: After rebooting a few times, then disabling my firewall, the tool connected. Thanks for the awesome tool.

Looks like an OTA was released for the Nabi XD today that bumbs the Nabi XD up to version 1.3.5. I tried doing the stock recovery option but the NabiRootXD app just closes out after selecting it. I looked into the NabiRootXD.bat file and I noticed on line 483 that it says to "GOTO Install_4" which doesn't seem to exist. I believe it should actually say "GOTO Install_2".
After making this change I was able to restore to the stock recovery to perform the OTA.
Now once I tried to install the OTA it appeared to atart the installs and then fails with the dead android symbol about a third of the way through. No idea what the problem is now so I'll just wait for others to try this and see what their results are.

yup getting the dead droid

Reinstall TWRP and "Install" this to update. Have a backup. Should work if you have made no system modifications, except what NabiRootXD did.
Download
TWRP may or may not ask you to reinstall superuser.
Also working on a patch to fix the exiting error in script.
EDIT: New links for a version 2. Fixed scripting error and patch system error. Easier to just download the whole program again then for me to explain fixing the patching system manually.

OTA procedure
srgsng25 said:
yup getting the dead droid [
BOOT into TWRP and perform and system restore to pre-root image
reboot
download and install the OTA
reapply root and gapps
Click to expand...
Click to collapse

aicjofs said:
Reinstall TWRP and "Install" this to update. Have a backup. Should work if you have made no system modifications, except what NabiRootXD did.
Download
TWRP may or may not ask you to reinstall superuser.
Also working on a patch to fix the exiting error in script.
EDIT: New links for a version 2. Fixed scripting error and patch system error. Easier to just download the whole program again then for me to explain fixing the patching system manually.
Click to expand...
Click to collapse
Thanks for the update aicjofs! I'll test this out shortly and let you know how everything goes.

[Root] H901 - For Newbies!

None of the methods in this thread are my own work. I struggled with getting my phone rooted for a long time and spend 10s of hours on the process. I had never rooted before and was therefore unfamiliar with all the terms, unfamiliar with how to complete all the recommended checks to ensure one had the right model, etc. There were several helpful threads but most approach the subject with the assumption that one knows something about the process. In this post I lay out what worked for me in a step-by-step way and what you have to do to achieve my results.
#1 Ensure you have a H-901 motherboard and not the Korean F600 motherboard by checking the sticker, and checking “About Phone” -> “Hardware Info” -> “Model number” in settings. These must both be LG-H901…from what I can tell the community has only developed technique for the H-901 variant.
#2 Get a micro SD card and load it with Magisk https://forum.xda-developers.com/apps/magisk/official-magisk-v7-universal-systemless-t3473445 , and if you have Marshmallow or Lollipop and want Nougat (much better experience IMHO), load the files in this thread: https://forum.xda-developers.com/tmobile-lg-v10/development/h901-t-mobile-nougat-v30b-twrp-t3639203 And maybe this thread as well (read both and then decide): https://forum.xda-developers.com/tm.../h901-t-mobile-nougat-v30c-flashable-t3744648
#3 Ensure you have unlocked your bootloader. (apparently only for T-mobile LG v10s since other carriers lock the bootloader) The FWUL virtual machine root method will not work if you have not done so. This is an entire process in itself. The following 2 videos which show how to root android 6.0 or earlier (process will not work with Nougat, 7.0, since some fastboot commands are missing). https://youtu.be/OtXlokk6JkQ , https://youtu.be/PPLwFGxLQA4
Also, this thread may be helpful. https://forum.xda-developers.com/tm...t-mobile-bootloader-factory-unlocked-t3236224 , download the nexus root toolkit here for easy ADB command entry http://www.wugfresh.com/nrt/ —we will only use the “Advanced Utilities” -> ”Manual Input” -> ”Launch CMD Prompt”. When it prompts you to select a phone, select the first option and then for android version select Android *** Any. Don’t use any of the other commands because they are not configured for your device.
If you get a “waiting for device” error while attempting the fastboot oem unlock command in the above thread, see: https://forum.xda-developers.com/tmobile-g4/help/fastboot-waiting-device-t3489789 Great video which shows how to change drivers. You will need to do this, I found a number of drivers that were already on my PC from google and Samsung worked although I didn’t have the specific one mentioned in the above thread. Don’t be afraid to experiment… you can always try another driver. And don’t require it to be hardware compatible. Ignore the warning message: https://youtu.be/nQjg6ePnGAc
---------------------------------------------
NOW that you have your bootloader unlocked you can proceed to actually flash the TWRP image as per this thread: https://forum.xda-developers.com/tmobile-lg-v10/general/root-h901-nougat-t3773942
Notes before beginning:
-To enter download mode to begin: Plug a USB cable into your phone with your phone powered off, hold down on the Vol Up button and plug the USB cord into your computer. It should immediately boot into download mode. Exiting Download mode after flash: pull battery…no damage will be done.
-To enter recovery after flashing TWRP: power off the phone then hold both the down volume and power at the same time. When you see the black LG screen briefly release the power button and then press it again while not letting the volume down up. You will see a screen asking if you want to delete all user settings. Say YES (via the volume and power keys—no touch input). You will see a screen asking if you want to delete all user data. Say YES (the data is only deleted if TWRP loads successfully) You will briefly see the black LG bootup screen. TWRP or factory recovery will load. Or if you did not unlock your bootloader, it will say recovery is corrupted and cannot be trusted, and then boot normally without changing your settings or deleting files.
-Additional note: as of 7-23-18 some commands had changed:
From V20 forum, Brian (runningnak3d) has moved to gitlab.com. So instead of github.com, we have to use a new git repository that Brian created in gitlab.com.
cd
mv lglaf lglaf_BAK
git clone https://gitlab.com/runningnak3d/lglaf
cd lglaf
git pull
git checkout v10-miscwrte
There are additional comments in the thread. Some timeout errors may be solved by: 1 - Download the VirtualBox extension pack: https://download.virtualbox.org/vir..._VirtualBox_Extension_Pack-5.2.8.vbox-extpack
2 - Go to File / Preferences / Extensions / click the + and browse to where you downloaded it.
3 - Once installed, with the VM off, right click on the VM, and go to settings. Click on USB, and pick USB 3.0. If your machine doesn't have a USB 3 port, pick 2.0.
But frankly, simply up arrow after a timeout error to load the last command on the command line and hit enter again. Simply keep doing this until it works. You know it works because no dialog appears for several minutes before informing one of success.
**Upgrade to Nougat after Flashing TWRP and booting to Recovery steps: (I did a full wipe as suggested by this thread: https://forum.xda-developers.com/v20/development/h918-recowvery-unlock-v20-root-shell-t3490594 before flashing the v30b upgrade then full Nougat zip, and then flashing Magisk. I flashed the 3 zips sequentially. I was afraid Nougat would not boot successfully because the zip files are less than 2 gb combined but success! You may want to also flash the 30c upgrade before flashing Magisk for a total of 4 zip flashes. I did not try this. However doing all this means no backups are done so if there is a problem you may have to flash a KDZ with the LG UP tool (don’t ask me how).
As a final note, I cannot answer specific questions about the various processes provided or errors you may encounter that I have not listed in this write up since I have not experienced them. A bit of research on your part may be required, but this post should provide you with a huge head start compared to where I started. Good luck!

Methods to get unlimited mobile hotspot, very useful if you're on the $50 MetroPCs (owned by T-mobile) unlimited plan. All you $70 T-mobile plan suckazzz! https://forum.xda-developers.com/tm...ited-tetherting-hotspot-t3825144#post77249285
I would actually recommend using a USB tether client and forgoing root access if tethering is your only objective and you are trying to be efficient with your time. However, with root you can install all these cool apps!: https://www.digitaltrends.com/mobile/best-android-root-apps/
The following caught my eye:
-Rec: screen record
-liveboot: boot animation (does not work with Magisk)
-Servicely: checks to see which apps are using a lot of battery and lets you suppress them
-Adblock Plus
-Titanium backup: very powerful phone backup application & bloatware remover look into for quickly switching over to a different lg v10
-Greenify: put apps into hibernation
-System tuner: get lots of info about you phone but be careful making changes
-ES file explorer: dig into the android system
-Disk digger: recovers deleted files (photos only?)

nethunter error E:not enough free space on /system

I'm on stock oos 10.3.11(Rooted and have twrp 3.5.2). Today I decided to install nethunter 2021.2 on my device.
since my last try with 2021.1 was a failure Installation was complete and finished but was stuck with bootloop last time.
But this time, I stuck on installation itself. I'm getting not enough free space on /system error during the installation.
I googled for like 2 hours and found only one article about this issue but that article was about lineage os.
solution from that article is moving pre-installed apps from ‘/system/app/’ to ‘/sdcard/Documents/’ temporarily.
So i tried to move some pre installed apps using the command it provided but it's not working and little bit out dated it seems. so i tried the help function in terminal but i don't know which options i should be using in order to do that operation. I don't want to brick my device. So, if anyone know how to fix this issue, please help me out here.
nethunter dl link: https://images.kali.org/nethunter/nethunter-2021.2-oneplus6-oos-ten-kalifs-full.zip
solution for lineage os link: https://www.zerodaysnoop.com/how-to/how-to-install-nethunter-lite-part-2/

Amudhan501 said:
I'm on stock oos 10.3.11(Rooted and have twrp 3.5.2). Today I decided to install nethunter 2021.2 on my device.
since my last try with 2021.1 was a failure Installation was complete and finished but was stuck with bootloop last time.
But this time, I stuck on installation itself. I'm getting not enough free space on /system error during the installation.
I googled for like 2 hours and found only one article about this issue but that article was about lineage os.
solution from that article is moving pre-installed apps from ‘/system/app/’ to ‘/sdcard/Documents/’ temporarily.
So i tried to move some pre installed apps using the command it provided but it's not working and little bit out dated it seems. so i tried the help function in terminal but i don't know which options i should be using in order to do that operation. I don't want to brick my device. So, if anyone know how to fix this issue, please help me out here.
nethunter dl link: https://images.kali.org/nethunter/nethunter-2021.2-oneplus6-oos-ten-kalifs-full.zip
solution for lineage os link: https://www.zerodaysnoop.com/how-to/how-to-install-nethunter-lite-part-2/
Click to expand...
Click to collapse
Im getting the exact same issue with my stock OOS 10.2.12. I was able to successfully disable dm-verity and force encryption. When I got to the step of installing nethunter I ended up with
"Error: Not enough space on /system to continue!
Aborting...
Cleaning Up...
Failed to install Kali Nethunter!
Updater process ended with ERROR: 1 Error installing zip file usbstorage/Download/nethunter-2021.2-oneplus6-oos-ten-kalifs-full.zip"

I am getting the same issue on a OnePlus 6T, OOS 10.3.12
The steps I follow to install are:
Wipe data
Flash stock ROM
Flash TWRP Installer Zip
Reboot into TWRP
Flash force-decrypt
Flash magisk
I verify with Root Checker that I do indeed have root
I also verify that force-decrypt works by:
Mount vendor
cat /vendor/etc/fstab.* | grep force
No output - suggesting decryption is successful
I am using the official Oneplus 6 Kali image from:
Get Kali | Kali Linux
Home of Kali Linux, an Advanced Penetration Testing Linux distribution used for Penetration Testing, Ethical Hacking and network security assessments.
www.kali.org
Any advice on how to fix this?
Thank you!

Hey guys,
try this
for me this works!

5K1PP3R said:
Hey guys,
try this
for me this works!
Click to expand...
Click to collapse
I tried that but it didn't work. Im not really in the mood to try the other method. I'm just going to get another phone to do it with because Im using this one for some personal stuff I dont want deleted anyway. Great post though, should help someone out for sure.

So heres the steps I used to get Nethunter up and running.
Tmobile 6T user converted to International. (So for all of you running 6, skip the next paragraph and start at Unlock bootloader).
Started fresh with a msm firehose, went back to android 9. Updated to whatever the version you had to download first to get to 10. 9.0.17 I believe. Then after that I upgraded to the very last 10 version. 10.3.12.
Unlock bootloader.
After that I install magisk, pull the payload from the 10.3.12 firmware and pull my boot.img. Patch it.
Boot into TWRP, flash the magisk boot img. Boot into OOS
Now heres the part where everyone (myself included) messes up. Install nethunter via magisk, and not via TWRP. There's just something messed up with how the storage size of system is being reported to the nethunter install script. I've had plenty of space and the script say theres not enough space 0mb free.
Installing via magisk worked just fine as far as app support goes. I haven't checked functionality beyond an apt upgrade and booting into KeX so I havent put it through its paces yet.
Edit: You can also disable system updates afterwards by running:
Code:
adb shell pm disable-user --user 0 com.oneplus.opbackup

i have had the problem o when trying to flash nethunter through twrp it always ending in error not enough space blah blah it was doing my head in but i found a solution so fdroid goto an app called smart flasher and flash it through that it will install after rebooting

PostmarketOS on Samsung S7 not booting

I want to repurpose my old S7 (Exynos) as a Server. From what i read, PostmarketOS is the only way to run pure Linux on the S7. Sadly, i have not been successful at booting.
I followed the Installation "guide" from this wiki page.
The installation process in itself works fine. I first flash the kernel using
Bash:
pmbootstrap flasher flash_kernel
while in download mode, then i switch into TWRP (ADB Sideload) and run
Bash:
pmbootstrap install --android-recovery-zip && pmbootstrap flasher --method=adb sideload
The image should be installing correctly, atleast there are no errors and everything seems to look "normal".
Although, when booting, it gets stuck at the PostmarketOS Loading screen and is not booting (SSH over USB does not work)
Going back into TWRP reveals that it has problems mounting the /system partition
"Failed to mount '/system' (Device or Resource is busy)"
I've been trying so many things, but the outcome is always the same
I tried:
* WSL2 Ubuntu
* VirtualBox XUbuntu
* Debian Live Install
* Sending the recovery zip on my phone using USB and then installing it from there
I've been stuck at this for 3 days now, and i have no idea what else i could try...
Any help would be appreciated.

Here's my last_kmsg

I have the same device, but I''ve been stuck for 5 days Also same cryptic-nothing-to look-at last_kmesg, it just stops. Did you make any progress? Most people here are more familiar with Android ROMs. I think we're better off taking this to postmarketOS's Gitlab issues.
I can install Lineage OS 18.1 from some post here on XDA just fine. But I don't want Android on the device, I want to build it as a LAMP server to serve Moodle. Internet and electric power are a mess here, distributed is the way to go. But I'm not going anywhere if I can't show some POC.

I think it's something to do with DM-Verity being tripped, or is it no-verity? I'm following this to restore it to stock and start over with the postmarketOS howto.. The install logs look clean, I must have done this more than 50 times now.. from what I understand reading the logs, seems like it's a partition issue. Kernel just stops ... I confirm the kernel is booting successfully by making it continuously vibrate with :: pmbootstrap initfs hook_add maximum-attention
I'm trying this download PIT part now:
How To Use PIT Files On Odin For Flashing Samsung Device - MTKArena
If you need to change the partition of the firmware and want to use the PIT files for your device, you are in the place. We will share how to use PIT files on
mtkarena.com

any prog @nonick @Xirado ?