Recovery -- what is it, and how can we root with it? :) H918 - LG V20 Guides, News, & Discussion

My H918 is what is currently in the shop (and this would not work on the H910 -- they use a different format), so I can't test this myself. WIth that said, this should be completely safe -- it will either work or it won't
I figured I would look to see what kind of security there was on the OTA update process.
As stated in the title, this is only for the H918 for now since I haven't had a chance to look at other models.
T-Mobile uses the regular SignApk straight out of the AOSP sources to sign their OTA zips.
It also turns out that the LGFOTA.apk will look on the SDcard for the update.zip:
Code:
/cache/fota/update.zip
/cache/fota/update_flag
/data/fota/update.zip
/pkg/SoftwareUpdate
/pkg/SoftwareUpdate/
#/storage/external_SD/SoftwareUpdate
/storage/external_SD/SoftwareUpdate/
/storage/sdcard0/SoftwareUpdate
/storage/sdcard0/SoftwareUpdate/
#/storage/sdcard0/SoftwareUpdate/enc
$/storage/sdcard0/SoftwareUpdate/enc/
Those are the paths that it searches -- the one we care about is /storage/external_SD/SoftwareUpdate/
Now when you sign an update.zip, it obviously needs to be verified with a key. The thing is, they include the key in the zip -- otacert -- why?
I don't have my H918 right now, but that isn't stopping me from looking for other attack vectors. This time it is stock recovery.
As near as I can tell, stock recovery uses the otacert in the zip to verify the signature of the zi.p. Which is fine from a VERIFICATION point of view. If the zip is modified in any way, the signature will fail. If the otacert file is not valid, the signature will fail. So, you know you are flashing a good file if the signature passes.
Now, from a security point of view, you don't include the cert that checks the signature WITH the file to be checked. I really think they screwed up here.
I don't have an H918 to test this on till mine gets back, but if someone else wants to, I can talk you through making an update.zip.
-- Brian

I'll give it a shot

From Android's developer website, it states that:
Sideloading does not bypass recovery's normal package signature verification mechanism—before installing a package, recovery will verify that it is signed with one of the private keys matching the public keys stored in the recovery partition, just as it would for a package delivered over-the-air...
...The RecoverySystem API checks the signature against public keys stored in the main system, in the file /system/etc/security/otacerts.zip (by default). Recovery checks the signature against public keys stored in the recovery partition RAM disk, in the file /res/keys.
Click to expand...
Click to collapse
Is this somehow bypassing that?

I haven't spent anywhere near the time decompiling lg_fota and recovery (the two main binaries that handle OTA) as I have lafd, but like I said, it looks like if there is an otacert in the zip it uses that instead.
The only way to find out for sure is to test it, and it looks like we have a volunteer
@storm68 I will craft up the zip for you. Gimme an hour to wake up...
-- Brian

runningnak3d said:
I haven't spent anywhere near the time decompiling lg_fota and recovery (the two main binaries that handle OTA) as I have lafd, but like I said, it looks like if there is an otacert in the zip it uses that instead.
The only way to find out for sure is to test it, and it looks like we have a volunteer
@storm68 I will craft up the zip for you. Gimme an hour to wake up...
-- Brian
Click to expand...
Click to collapse
Take your time. In the middle of an oil change. Lol
Also as long it's safe, no brick.

How'd this go? Home all day today and have a back up phone if need be. If you need another volunteer I'm game
Sent from my LG-H918 using Tapatalk
@runningnak3d

Sorry had an issue come up....
Anyway, here is the zip.
First, your bootloader must be unlocked. If not, you will have to flash the KDZ to fix your phone since it will fail the AVB check.
Your SDcard needs to be formatted vfat. Make a directory called SoftwareUpdate (caps matter -- remember this is Linux).
Download the zip and rename it to update.zip and stick it in that directory.
With the phone booted, get an adb shell.
Type (or copy / paste) this:
Code:
am start -n com.lge.lgfota.permission/com.lge.lgfota.permission.DmcEzUpdateStart
Your phone should reboot to recovery, and (crosses fingers) should start to flash. If so, you will have TWRP.
If it fails, I need to know exactly what the error was. If it says that it can't find an OTA, I have a few more things to try. If it says that the OTA failed signature check (or something to that extent), then this was all for nothing.
-- Brian

At work, will try when I get home some time tonight. If it doesn't work will it reboot back to normal?
I also still need to unlock bootloader. I'm still fresh outta the box. Lol

Yep. If it fails due to not finding it, or failing the sig check, you may have to reboot the phone yourself, but no changes will be made.
-- Brian

@runningnak3d
E: footer is wrong
E: signature verification failed
Also from she'll the phone just kinda blacks out for a sec and then nothing happens had to boot into recovery and try it that way

@whojabacod So you used the adb sideload method from recovery? If so, yes, that will fail because it uses the certs that are included with recovery.
I'll have my 918 back in a couple of days, and it will be on 10r or whatever the latest is, so I will have real incentive to get it rooted
-- Brian

With the last few posts being read I think I'll wait till you get your phone back and do your thing.

runningnak3d said:
Sorry had an issue come up....
Anyway, here is the zip.
First, your bootloader must be unlocked. If not, you will have to flash the KDZ to fix your phone since it will fail the AVB check.
Your SDcard needs to be formatted vfat. Make a directory called SoftwareUpdate (caps matter -- remember this is Linux).
Download the zip and rename it to update.zip and stick it in that directory.
With the phone booted, get an adb shell.
Type (or copy / paste) this:
Your phone should reboot to recovery, and (crosses fingers) should start to flash. If so, you will have TWRP.
If it fails, I need to know exactly what the error was. If it says that it can't find an OTA, I have a few more things to try. If it says that the OTA failed signature check (or something to that extent), then this was all for nothing.
-- Brian
Click to expand...
Click to collapse
I'll try this later today. Can I format the SD card via phone?
Sent from my LG V20 using XDA Labs

After browsing around, related to this process. With in The first couple of files I looked at which were related to fota. I will say I'm 100% positive this is how the malware has root on my phone. Explains why my phone says I have an external sd card installed , when i do not have one in. @runningnak3d . I do appreciate all your time and effort you've put into getting root on this phone, again. And this process will work when implemented properly. ( not saying his process is incorrect ) . reason I say I'm certain. Is because the files in my phone. Look reeeeaal.... Firmiliar. Almost like I have seen the words spoken somewhere before.. **cough** previous posts above **cough**

Is this something that still needs a tester? Assuming it's as safe as estimated, since this is my (new) daily driver, I'd be willing to try it with my stock H918 10q.

Related

[TUTORIAL] Proof of concept solution on fixing badly broken 4G after bad MAC, etc

Before we begin. This solution is for people who have tried everything multiple times, and failed. If you haven't read and have not tried the following solutions yet, please do so first:
How to start over: From original stock to rooted latest OTA (WiMAX working!)
[GUIDE] Bad WiMax MAC? Broken 4G after update? Fix HERE!
The guide below is ONLY for people who did not have success with above methods (i.e. they are really really hosed). And there are limitations for now, until everything is confirmed and tested. The most important part you need access to a second, healthy and rooted EVO. As of yet, this is the only way to guarantee that one binary dump is not used a million times, negating the effect.
Please read the whole guide before starting the process, so that you know the risks, limitations, and potential issues with all this.
I am going to sign off for a few hours, and go enjoy my life for a brief time, before returning to answer any questions that may arise.
Ok, so for now, this is more of a proof of concept solution, since I understand not everyone has more than one EVO to do what I did.
My idea about partitions was correct, so without further ado, here is how to restore a botched wimax.
What you need.
2 Fully rooted EVOs (step 1 and step 2), one with working 4G (any version of all firmware on either, all we care for is working WiMax)
System which can do fastboot commands. That means you will have to have Android SDK installed. I also add path to /tools folder into my system PATH, so I don't have to type out the full path to adb or fastboot every time
Custom recovery. I use clockwork for this, since I am not sure all the files are signed, as required by Amon RA's recovery
Broken EVO backup
Backup your existing wimax partition on your broken EVO. We may need it some day.
Open command line window (cmd)
Make sure you have no PC36IMG.zip files in the root of your SD Card, or it will take a while to power your phone up
Power down your phone
Power it up while holding down the Volume Down key
HBOOT will attempt to scan for PC36IMG files. Let's hope you read carefully and don't have it on your SD Card root
Once HBOOT fails to find the file, use Vol Up/Down buttons to go into Fastboot mode
Connect the USB cable to your phone (and PC). You may have to install the USB drivers that come with Android SDK, but chances are if you are looking for this solution, you already have them installed and working
The FASTBOOT mode will switch to FASTBOOT USB (that's good)
Test your fastboot by typing "fastboot oem h" in command window you opened earlier (note, no adb, or adb shell anywhere, the command is "fastboot oem h". From here on all fastboot commands are issued in that window
If you see less than ~40 lines of output, you don't have a propertly rooted phone, and you need to do step 1 and step 2 (see above)
Dump your wimax data by issuing "fastboot oem saveprt2sd wimax -n wimax.bin" command (varies, anywhere between 7 to 8.5 MB, mine was 7MB)
Dump complete partition (~12MB) by issuing "fastboot oem saveprt2sd wimax -n wimax.bin -a" command
Reboot your phone
Pull the data files you dumped to a safe place ("adb pull /sdcard/WIMAX.BIN" and "adb pull /sdcard/WIMAXRAW.BIN"). Note the capitalization, it's important
We are done with your "bricked" phone.
Getting correct wimax image from a working phone
Now, repeat the same steps for your working phone (steps 1-14)
Pull the files to a different (safer) place, and cherish them like they are the only thing you care about in this world (which you do, right?)
Make a copy of your WIMAX.BIN file from the working phone (do NOT edit the actual file, just in case something breaks with your working phone at any time)
Use hex editor to update the working file in 2 places, and change the MAC address (which should be your working evo MAC - 1) to your broken evo MAC - 1 (remember, A becomes 9, F becomes E, etc). It's a big file, so search for "00:18" to find the 2 places. There will be exactly 2, not 3+ and not 1.
Rename the file you just edited to "wimax_25641R01.img"
Fixing your bricked phone
Push it to your sd card root: "adb push wimax_25641R01.img /sdcard"
Push the attached zip file to sdcard root: "adb push new_wimax.zip /sdcard"
Reboot your bricked phone into recovery
Flash new_wimax.zip. This will force write wimax_25641R01.img you pushed earlier, including the certificates in it
Reboot from recovery, let it finish, and boot up into Android
If not running the latest evo WiMax firmware yet, use the second attached zip to do so
Reboot your phone. Allow everything to complete and boot into Android
If needed, update PRL/Profile (I didn't need to, but I already updated it 50 times by now, so YMMV)
Now, I can not attach any of my dumps yet, before I test and make sure whether both phones can stay online on 4G without interruption, I will do some more testing later, since the Encryption keys are different (between 2 working evos I dumped binaries from). I still have 1 more phone to check when I get home. So if you have another evo (friend, family, etc) - you can do that already.
Otherwise, be patient, more testing is needed to make sure we are not going to steal anything from your friend, family, etc, since encryption keys are unique.
But the above solution works for completely restoring your 4G into working state.
I am currently running latest rooted OTA update, too, so it definitely works fine on latest and greatest.
Red,
Have you actually seen the encryption keys in plain text? How many bits are they?
Also, when you restored the wimax part from the working phone to your non-wimax-working phone, did you keep the MAC the same between the two phones?
Red,
Now that you have 4g fixed, can you take a look at your *.tree.xml files? Look at the ones from when 4g was broke, and then look after. Everything from boot.bin gets written into that file, and I'm hoping the signature does as well. If so, we may be able to pull it out of an old xml file and somehow work it back into the wimax.img.
Thanks
EDIT: On second thought, I do recall there being a way to flash the signature via fastboot..
MAC addresses were kept different, exactly what they are on a label behind the battery. For each phone. Hence, the editing step for the wimax partition dump.
Tree.xml does not contain any signatures, I verified this some time ago before I even started playing with the wimax partition by taking one from a working evo.
The keys are in plain text, simple RSA keys, judging by the size looks like 1024 bit. both public and private key are stored. Who knows, maybe just faking one will do it but I am guessing they are signed by some sort of CA otherwise it would be too insecure of Sprint.
So if we had a Nandroid backup from when Wimax was working, the boot.bin in that backup would have the key in it right?
Let's pretend it does, it would get written over when you powered on the phone after flashing. What if we didn't reboot after the restore and went back to recovery? We would then be able to get the boot.bin via adb and get our respective signatures. If they are indeed 1024bit, I don't see us being able to regenerate them anytime soon.
This may be worth a shot. I am not sure boot.bin has the signatures, but I will check later tonight. If it does, I am guessing we should be able to just do a drop in replacement of signatures in the image file and it should work.
Sent from my PC36100 using XDA App
Also since nandroid is just a simple copy and I'd the keys are indeed preserved, I would think we can pull them from there.
Sent from my PC36100 using XDA App
mpa4712 said:
So if we had a Nandroid backup from when Wimax was working, the boot.bin in that backup would have the key in it right?
Let's pretend it does, it would get written over when you powered on the phone after flashing. What if we didn't reboot after the restore and went back to recovery? We would then be able to get the boot.bin via adb and get our respective signatures. If they are indeed 1024bit, I don't see us being able to regenerate them anytime soon.
Click to expand...
Click to collapse
Does the Boot.bin actually store the keys? You are correct that once you restore a nandroid your working Boot.bin is replaced on boot of Android, in fact from what I saw it seemed it was replaced upon every boot but I could just be mistaken. With that said once you nandroid you can pull it by adb shell mount -a then adb pull /data/wimax/Boot.bin all from right within recovery without booting back into Android.
redsolar said:
Also since nandroid is just a simple copy and I'd the keys are indeed preserved, I would think we can pull them from there.
Sent from my PC36100 using XDA App
Click to expand...
Click to collapse
Cordy said:
Does the Boot.bin actually store the keys? You are correct that once you restore a nandroid your working Boot.bin is replaced on boot of Android, in fact from what I saw it seemed it was replaced upon every boot but I could just be mistaken. With that said once you nandroid you can pull it by adb shell mount -a then adb pull /data/wimax/Boot.bin all from right within recovery without booting back into Android.
Click to expand...
Click to collapse
My thoughts exactly gentleman.
The only problem I forsee is that when you restore a nandroid backup, doesn't the phone reboot automatically afterwards? I think it does.
mpa4712 said:
My thoughts exactly gentleman.
The only problem I forsee is that when you restore a nandroid backup, doesn't the phone reboot automatically afterwards? I think it does.
Click to expand...
Click to collapse
ugh it shouldn't, not sure what recovery you're using but using toasts or Amon_Ra's recovery it just restores the nandroid and then you choose manually to reboot. In fact I've already pulled my Boot.bin from before I messed up my MAC this way already, I actually puled the whole wimax folder.
you can unyaff your data.img in your nandroid and dig thru watever you want.
david279 said:
you can unyaff your data.img in your nandroid and dig thru watever you want.
Click to expand...
Click to collapse
*grumble* going to compile it now....*grumble*
david279 said:
you can unyaff your data.img in your nandroid and dig thru watever you want.
Click to expand...
Click to collapse
lol or do that so much easier huh!
looking at my boot.bin from 6/20, I don't *think* the signature is in it. However, I will let Red confirm that since he knows exactly what to look for.
I've only dealt with rsa encryption using openssl, in a full screen terminal, not a tiny hex editor.
There are some fw files in the wimax directory that are worth a look too though.
mpa4712 said:
looking at my boot.bin from 6/20, I don't *think* the signature is in it. However, I will let Red confirm that since he knows exactly what to look for.
I've only dealt with rsa encryption using openssl, in a full screen terminal, not a tiny hex editor.
There are some fw files in the wimax directory that are worth a look too though.
Click to expand...
Click to collapse
That was the reason I asked, I as well as others have looked through the Boot.bin before. I also looked through all the firmware files. Interestingly there is a default firmware and that a manufacturer firmware I'm guessing one to fall back on the other. You're mac is in the Boot.bin as well as wimax_properties. If these files stored the keys great, but either way they'd have to be changed on the actual firmware.
Interestingly enough, my boot.bin from my broken wimax is about 10kb smaller than my boot.bin from my nandroid backup that had working wimax.
Clearly there is something in that file that the other one does not have. I do think the rsa keys need to be stored somewhere though. I really do not believe the phone does on the fly encryption/decryption with them from the wimax partition.
If they come in an actual file, red will be able to extract the wimax.img he made and look.
mpa4712 said:
Interestingly enough, my boot.bin from my broken wimax is about 10kb smaller than my boot.bin from my nandroid backup that had working wimax.
Clearly there is something in that file that the other one does not have. I do think the rsa keys need to be stored somewhere though. I really do not believe the phone does on the fly encryption/decryption with them from the wimax partition.
If they come in an actual file, red will be able to extract the wimax.img he made and look.
Click to expand...
Click to collapse
you know for something that obvious I never noticed that. I never ran a diff on them. I just scanned through it to see if there was anything that struck out as being different and I stopped when I saw the different MAC's
I just went through the two boot.bin files and I'm pretty sure the keys are not in there. However, there are plenty of files that get overwritten on every boot, so I'm going to go through all of them. A 1024bit key should stick like a sore thumb if it's in plain text..
How can I tell if my keys were effed up? I'm currently out of 4G coverage and will be for the next week or so, but I'd like to get it fixed.
I know it was broken because my MAC was changed, I've fixed everything, my boot.bin is the same as pre-screwup as is wimax_properties, everything appears to be working fine, but I can't tell without coverage.
I just wanna know if I messed my keys up too, but I'm not sure whether I did or not?
Geniusdog254 said:
How can I tell if my keys were effed up? I'm currently out of 4G coverage and will be for the next week or so, but I'd like to get it fixed.
I know it was broken because my MAC was changed, I've fixed everything, my boot.bin is the same as pre-screwup as is wimax_properties, everything appears to be working fine, but I can't tell without coverage.
I just wanna know if I messed my keys up too, but I'm not sure whether I did or not?
Click to expand...
Click to collapse
From what we know, if you ever had a messed up MAC then your keys are also gone.

[PROJECT]Bootloader Unlock

I AM NOT RESPONSIBLE FOR ANY HARM DONE TO YOUR DEVICE THROUGH METHODS MENTIONED BELOW. THESE METHODS WILL DOWNLOAD UPDATES THAT WILL WANT TO INSTALL. DO NOT INSTALL THEM THEY MAY BRICK YOUR DEVICE. STICK TO THE INSTRUCTIONS BELOW AND YOU SHOULD BE FINE.
​
Also note it may be weeks, perhaps months before Atrix 2 updates begin rolling in. It's a very new device!
Now, the fastest way we are going to get this Bootloader unlocked is with a little ol' fashioned teamwork. These methods have worked for other devices but require some participation and patience.
Previous devices having used the method:
Bionic
ATRIX 4G
Here are the methods we will be using:
1.Motorola, ATT SBF files for Motorola Atrix 2
2.Project Cheesecake - finding update versions on Motorola servers
1. SBF files
If you or someone you know is able to provide SBF Files intended for the Atrix 2, you can post them here or email them to me at [email protected] if anonymity is an issue.
2. The tried and tested Project Cheesecake!
Automatic Method:
What you will need
1.an ADB setup.
2.Obviously, Root.
3.ClockworkMod Recovery set up on the phone.
4.You should have an FXZ Ready in case you mess up.
5.Root Explorer from market
Now an app does it all for you. Imagine that.
1. Okay, so, download THIS APP RIGHT HERE.
2. Install the app on your phone.
3. Open the app. Click the first button.
4. Reboot.
5. Open app, click second button. Select a server. QA And Staging servers seem most common for updates, but we need to check them all. The default is in Production -> master-blur.whatever.com if you need to get back to it.
6. now click third button in app to check for update. click setup (the moto account thing is bs). Now if it gives you a wifi error, that means the server is down that you chose. If the server is up it will check for an update.
7. If that didn't work, select a new server with button 2, and then check again with button 3.
8. Any comments in this post about the ghettoness of my app will result in replies including but not limited to A) Slander, B) flaming, and C) death. Try to keep the thread pretty on topic to cheesecake method and other info. I know my app can be refined, jcase has been giving me some tips on streamlining my programming and su permission reduction, but it does good stuff, don't worry. It even remounts system as RO when it uses it.
9. godspeed, guys.
What do I do if my phone finds an update?
if you are uncomfortable dealing with it for sake of bricks / other bad stuff, let someone else know or post it in the thread. It will be attended to properly.
DO NOT INSTALL IT. IF YOU FEEL COMFORTABLE YOU CAN DOWNLOAD IT
Depending on what the update contains, it could brick your device. Get in touch with a developer ASAP if you don't know what to do. Post in this thread which server you found it on. load up adb. The file you found should exist somewhere in /cache. pull it to your computer. Then delete it. Be warned that the update after downloaded tries to install every 2 minutes and while typing a text i accidentally clicked install once. I almost messed myself up.
log onto chat.andirc.net and go to #bionic. You might find me in there.
Log onto irc.freenode.net and join #droidbionic and #bionic-dev. The bionic-dev channel is ONLY for dev-related talk. If you just want to kick it, converse in #droidbionic.
Someone experienced here can help you, and let you know what you've found.
If you liked my work here, click the thanks button at the bottom of this post! Thank you all for reading.
Click to expand...
Click to collapse
Link to original topic:http://forum.xda-developers.com/showthread.php?t=1281675
Manual Method:
Instructions:
List of servers:
Code:
master-lab.blurdev.com
master-demo.blurdev.com
master-dev.blurdev.com
master-qa1.blurdev.com
master-qa2.blurdev.com
master-qa3.blurdev.com
master-qa4.blurdev.com
master-staging1.blurdev.com
master-sdc1.svcmot.com
master-blur.svcmot.com
master-homer.blurdev.com
master-bart.blurdev.com
master-lisa.blurdev.com
master-maggie.blurdev.com
master-marge.blurdev.com
master-bqa1.blurdev.com
master-bqa2.blurdev.com
testcloud01-sdc1.blurdev.com
1.Root the device
2.Navigate to /system/etc/motorola/com.motorola.blur.service.blur/ in a root file explorer [ie. Root Explorer]
3.Edit data_wifi_only_settings.mkitso. Replace "data_wifi_only_feat_avail=1" with "data_wifi_only_feat_avail=0"
4.Edit defaults.xml. Replace the entire file contents with:
Code:
<map><string name='blur.service.ws.useApnProxy'>0</string><string name='blur.service.ws.masterCloud'>master-lab.blurdev.com</string></map>
5.to /system/etc/motorola/com.motorola.blur.setup in a root file explorer and Edit defaults.xml. Replace the entire file contents with(you settings may already look like this, if so ignore it):
Code:
<?xml version='1.0' encoding='UTF-8'?>
<map>
<boolean name='AllowActiveSync' value='true'/>
<boolean name='ShowSkipSetupMenu' value='true'/>
<boolean name='ShowConnectionChooser' value='true'/>
<boolean name='ShowDataSaverInSetup' value='true'/>
<boolean name='WifiPreference' value='true'/>
<boolean name='loc_consent_unchecked' value='false'/>
<boolean name='CloudPreference' value='true'/></map>
6.Wipe data and cache
7.Navigate to Settings > About Phone > System Updates
8.If it says "Update Available," let the update download. Do not install the update, because it could potentially brick your device.
9.Pull the update.zip file from /cache [Root Explorer or ADB] and upload/post the file for developer interest
10.Continue to test the next server. Navigate to /system/etc/motorola/com.motorola.blur.service.blur
11.Mount the folder as read/write
12.Edit defaults.xml. Remove "master-lab.blurdev.com" and put in the URL for the next server.
13.Repeat the steps from "Wipe data and cache" every time.
Click to expand...
Click to collapse
Credits: They all deserve thanks so if you see them around the forum, or wish to go to their original topics click that button!
- eval- for his initial discovery on the Atrix 4G
- Navalynt for scanning servers
- SamCripp, the2dcour - working on "Project Cheesecake" and "Pudding" unlock projects
-kennethpenn for the instructions as well as setup.
-Phydo for automatic method and app!
We might try this. It automates the process. All the credit goes to phydo for this though. I am looking at it now to see if we can try it on our Atrix 2
http://forum.xda-developers.com/showthread.php?t=1281675
Jim
I saw that as well... Let me know if its working on the ATRIX 2 and I'll edit the topic accordingly. Thanks again for your continued interest, I really appreciate it.
Sent from my MB865 using XDA App
Phydo's app works beautifully. I installed and ran it on severall of the servers, if it asks to setup and account just click setup... then if it asks to setup a wifi connection then that server is down, which I am getting on most of them right now as would be expected.
Jim
Works flawlessly on my end too.. updated the first post with instructions.
Sent from my MB865 using XDA App
Just pulled Blur_Version.55.11.16.MB865.ATT.en.US.zip with cheesecake.
Judging only by the number in the filename, this is the stock version of blur... probably.
Can't post links so...
Awesome man! I'll check it out!
It's only 50 megs so I don't think it's the full filesytem.
This might be the update from the mythical 2.3.4 version listed on the moto dev site.
edit: I see some recent timestamps... system\etc\motorola\ap_flex_version.txt
Code:
GAS_NA_EDSNGBATT_P015
Sat Oct 29 10:13:33 PDT 2011
derp derp
Code:
Blur_Version.55.13.15.MB865.ATT.en.US %Blur_Version.55.11.16.MB865.ATT.en.US
Went ahead and too a giant leap and upgraded.
After a few harrowing minutes, it was updated to 55.13.15
Android version is 2.3.6
Baseband is
2011-10-28 12:44 Off.Bld
LUD_EDISON_R1D7_PATCH_34_111028_1226
Webtop has been updated, looks like firefox 7.0.1 is installed now, can't test it myself.
Getting prompts from motorola to "upgrade".
Lost root in the update. Going to try to get it back...
Edit: Root works!
Code:
fastboot oem unlock
... FAILED (remote: unsupported command)
what files were in the update? was there an fxz or an sbf? were there any files with I think mbl in the name? Those would be the bootloader, if so we need to take a look at them. I will put it down and check it out.
I am not quite ready to install that yet, since I am on the right track to have a FULL ubuntu desktop running in webtop, right now I have broken tomoyo, so no facls, or security on the webtop files, and I have a terminal and sudo, as well as synaptic, so I will hold off on 2.3.6 for now, since there is a webtop update in there.
I will start a new thread for the webtop stuff once I have more. Now I need to get with tallnerd1985 to get webtop2sd working on our phones.
Jim
Thank You for warning everyone else even while you are still having trouble. You can take it back to At&t/Bestbuy or wherever you bought it - They won't know and 99% don't care especially about the Atrix 1 or 2...
Just act PISSED! If anyone asks you a question...
Looks like motorola really is trying to push an update to me, 15 MB file update to 55.13.16. I'm not going to touch it for now. Gotta get some sleep
Don't see any SBFs or FXZs...
This is my first rooted android phone, so i'm just flying blind here.
Now that I can post links, here's the one linked to through tinyurl above.
Ok, so in the 55.13.15.MB865.ATT.en.US file, there are 2 boot loaders, one is called prologue_loader.ldr and the other one, which I am guessing is the one we already have is called production_loader.ldr
This will require some more looking to see if the prologue_loader.ldr is unlockable, so that they can load thier updated image, then relock it with the production_loader.ldr
This might be good news and it might be nothing, but I will keep everyone posted, with what I find.
Jim
Keep up the good work guys
Try to find the stock build as well, because if that is found i could probably unbrick my phone!
moofree said:
Looks like motorola really is trying to push an update to me, 15 MB file update to 55.13.16. I'm not going to touch it for now. Gotta get some sleep
http://dl.dropbox.com/u/14536681/Blur_Version.55.13.15.MB865.ATT.en.US.zip
Don't see any SBFs or FXZs...
This is my first rooted android phone, so i'm just flying blind here.
Now that I can post links, here's the one linked to through tinyurl above.
http://dl.dropbox.com/u/14536681/Blur_Version.55.11.16.MB865.ATT.en.US.zip
Click to expand...
Click to collapse
Jimmy273 said:
Try to find the stock build as well, because if that is found i could probably unbrick my phone!
Click to expand...
Click to collapse
Ok use the link above and try to get it on the root of your SD card, I am not sure if that zip file work or not, for CWM or fastboot, if you can connect to ADB with fastboot, you should be able to flash it from that.
Jim
Ok .. this is driving me nuts here. Trying to apply the Blur_Version.55.13.15.MB865.ATT.en.US.zip update to my Atrix 2 .. since there is NO WORKING ClockWorkMod that can be used .. tried doing it other way that jimbridgman suggested and that was fastboot.
Well .. that doesn't work either .. receive error message:
>fastboot -w update Blur_Version.55.13.15.MB865.ATT.en.US.zip
archive does not contain 'android-info.txt'
archive does not contain 'android-product.txt'
error: update package has no android-info.txt or android-product.txt
Anyone else have any ideas of how to apply this update ?
LordGeek said:
Ok .. this is driving me nuts here. Trying to apply the Blur_Version.55.13.15.MB865.ATT.en.US.zip update to my Atrix 2 .. since there is NO WORKING ClockWorkMod that can be used .. tried doing it other way that jimbridgman suggested and that was fastboot.
Well .. that doesn't work either .. receive error message:
>fastboot -w update Blur_Version.55.13.15.MB865.ATT.en.US.zip
archive does not contain 'android-info.txt'
archive does not contain 'android-product.txt'
error: update package has no android-info.txt or android-product.txt
Anyone else have any ideas of how to apply this update ?
Click to expand...
Click to collapse
Good question, though you'll need to start from the first file...
Blur_Version.55.11.16.MB865.ATT.en.US.zip
I think the filenames are for the versions that the patch gets applied to, not the version it'd be updated to.
This is all new to me, I'm guessing you could boot up with VolumeUp+VolumeDown held down, choose the recovery mode, and do volup+voldown for the recovery menu and choose update, and the zip from that menu...
Edit: This works. Updated from 55.13.15 to 55.13.16
Baseband got pushed back a few days
2011-10-25 11:19 Off.Bld
LUD_EDISON_R1D7_PATCH_33_111025_1101
Lost root again, but thankfully the zergling rush is a highly effective strategy still
-=Insert warning about updating being AT YOUR OWN RISK and not being responsible for bricks etc... =-
Additional warning that this might cut the phone off from official OTA updates from Motorola...
@moofree:
You are correct, I was successful in getting the 2 updates on, and yes, root was lost. However, I was unable to get the root back !!
Tried manually, tried the 1-click.. Neither would give root. So, since I just received the phone the day before from BestBuy, I did the next logical thing.. Bricked it and returned the phone defective.. LOL
So, now I have a replacement, new Atrix 2.. I'm leaving it exactly where it is until either the OTA's come through the right channels, or something more permanent and correctly working has been done for unlocking the bootloader and rooting.
If not.. 30 days from 11/01/11.. Options are still open with the HTC Vivid and SGS2 Skyrocket.
Sent from my MB865 using Tapatalk
I Want to reiterate to everyone who is trying to help unlock the boot loader by using the cheesecake method here that you don't want to apply any of these updates directly. Motorola always relocks the bootloader with 99% of these updates. It will be one of the development versions that we are looking for, you just want to download the zip file and upload them with a link attached in here to grab the file you get.Then we can have a look at the files contained in them.
We are looking for the magical developmental unlocked bootloader that we can make our own update zip file, with just the bootloader that is unlockable, in it.
Again don't apply the updates that you get from this process. You may brick your phone or worse, permanantly be unable to root or unlock the boot loader.
This is a cat and mouse type of a thing wiith thses big phone makers.
Jim
Sent from my MB865 using XDA App

[Q] Trying to Root: hboot 1.45.0013, Unlocked Bootloader, S-ON

Okay, have found a lot of threads similar to this, but with key differences that are making the answers not-terribly-helpful in my particular circumstances. Not a comment on the answers, but enough that I feel the need to ask my question specifically.
I am trying to gain more control over my MyTouch 4g Slide (aka Doubleshot), obviously on T-Mobile.
It is running Android 2.3.4, and has hboot 1.45.0013. I have wiped it a few times in the process of fuxing with it, so right now I'm not worried about losing anything other than basic function (i.e., bricking it is still bad).
I have tried the zergrush exploit (it's been closed),
have managed to unlock the bootloader using the HTC unlock tool,
and have managed to flash the appropriate Clockworkmod recovery and get the blue menu to come up.
My overall goal isn't to do any major overhauls- I want to be able to allow some apps to turn my GPS on and off, clean out some bloatware, and put some new ringtones into the same folder as the stock ones. My understanding is that temporary root access is enough to do these things- go in and clean up, change some permissions on apps, then go back to being a normal user, just like with a well-managed Linux computer.
I just can't seem to get the next step to work.
My understanding is that I now somehow use Clockworkmod to install Superuser from the .zip archive. The options I get in the recovery screen are:
reboot system now
apply update from sdcard
wipe data/factory reset
wipe cache partition
install zip from sdcard
backup and restore
mounts and storage
advanced
power off
My impression is that I should be using "install zip from sdcard" to install Superuser, but when I select that, the menu just disappears, and I am left looking at the logo, with no further options. I have seen it implied that there should be choices about which zip to install- those never come up.
What am I missing? My google-fu is failing me in trying to find instructions or guides for this particular combination of limitations and progress.
EDIT TO ADD: Ah- found part of my problem... the recovery menu uses the camera button, not the power button. Still somewhat at a loss to see what's next. Installing from the SD card fails. Info in a second post.
Got the menu working, but now failing to install Superuser. I get the following output:
Mounting SYSTEM...
Deleting SYSTEM:bin/su...
Extracting files to SYSTEM...
Setting SYSTEM:bin/su permissions to 06755...
Creating SYSTEM:xbin/su symbolic link...
E:Error in /sdcard/Superuser-3.0.7-efghi-signed.zip
(Status 0)
Installation aborted.
Now what?
I am seeing in other places that HBOOT 1.45.0013 can't be rooted. I've been trying for about 9 hours to do this. . .no luck, even with a variety of methods.
bummer.
I'm in the same boat as the both of you. Spent the last two hours and enough tabs in my browser that my music player was skipping when switching between them, and my machine is nothing to be scoffed at!
There just doesn't seem to be enough clear information about how to root this device, and with only 7 pages of development threads, it's gonna be hard to be told to search!
In recovery you use the trackpad to navigate, and select....also, why not just flash a pre rooted stock rom? Follow the directions in this thread, it will work with any rom, not just ICS roms. I used the instructions in this thread to install Bulletproof on my Bf's phone which was an insurance replacement, so it had the same hboot that you guys have, and S-on. It worked flawlessly, I am not sure why so many people are having such a hard time, because it worked the first time perfectly for me.
http://forum.xda-developers.com/showthread.php?t=1508556
Edit: Which recovery are you using?
Woot! Oops...
Well, I managed to root my phone... and then borked it through my own overexuberance. :headdesk: Oh well, I can fix it. Important part:
I finally found out what "Status 0" means- the zip you are trying to install wasn't signed properly. I re-downloaded, no luck. But there is an option to turn off signature checking in CWM, and that worked, after some fiddling- Superuser installed and worked fine. Not sure if re-downloading ended up being relevant or not.
So, you can root this version without flashing a new ROM.
That said, I think I probably did enough weirdness to mine that I will go for a new stock ROM, so much thanks to yellowjacket for posting that thread link. Removed HTC Sense, then somehow borked Go Launcher Ex, so my phone doesn't have a home screen and I can't get to the app I used to move stuff to fix it. Of course I never found a set of instructions for making a Nandroid backup until after I messed things up... Oh, well, time to go looking for the stock ROM.
Thanks all!
If anyone has a Nandroid backup or copy of the dead-standard out-of-the-box ROM for this phone, please let me know. All I am finding is modified versions. Can't find the base that they were made from, and even the most basic version says it requires S-OFF to install. :headdesk:
Do you specifically need a nandroid backup, or would a flashable ZIP do? Pointers to the latter are available.
Flashable zip would actually be preferable, and pointers would be very much appreciated. I know they have to be out there somewhere, I'm just not finding the right search terms to locate them among all the modified versions.
Look at this post in the developer reference thread: http://forum.xda-developers.com/showpost.php?p=17384145&postcount=7
(There's lots of stuff listed there, but look for the 400 MB+ images.)
NOTE: Some ZIP tools get confused by these signed ZIPs, so they might seem corrupt. Check the MD5s to see that you got a good download. 7Zip seems to deal with them OK if you want to look inside.
I have personally flashed the 1.28 and 1.55 ZIPs without incident, but I did check the MD5s.
Well, I was not able to restore the ROMS from the links wjcarpenter linked- everything worked fine, as far as I can tell, but the phone said the "updates" were older than what was originally installed, so the installation was aborted. Not sure how to fix/handle that.
For the moment, I have one of the cleaned-up ROMs that is very similar to stock, but I would really rather it not be obvious that I rooted the phone the second you start it up (the one I found has changed the startup animations), so I will keep looking.
If it's going to be obvious that I changed the ROM, I guess I might as well start looking for the best custom ROM... any suggestions as to which is the most stable?
Firefairy said:
Well, I managed to root my phone... and then borked it through my own overexuberance. :headdesk: Oh well, I can fix it. Important part:
I finally found out what "Status 0" means- the zip you are trying to install wasn't signed properly. I re-downloaded, no luck. But there is an option to turn off signature checking in CWM, and that worked, after some fiddling- Superuser installed and worked fine. Not sure if re-downloading ended up being relevant or not.
So, you can root this version without flashing a new ROM.
That said, I think I probably did enough weirdness to mine that I will go for a new stock ROM, so much thanks to yellowjacket for posting that thread link. Removed HTC Sense, then somehow borked Go Launcher Ex, so my phone doesn't have a home screen and I can't get to the app I used to move stuff to fix it. Of course I never found a set of instructions for making a Nandroid backup until after I messed things up... Oh, well, time to go looking for the stock ROM.
Thanks all!
Click to expand...
Click to collapse
Just think of it as a big learning experience! The first time I rooted a phone, I messed it up so much I had to keep flashing back to stock and rerooting at least 3 or 4 times. Thankfully I had a phone that was virtually unbrickable. It was a good learning experience though, and I now feel comfortable rooting and flashing on several different devices.
Firefairy said:
Got the menu working, but now failing to install Superuser. I get the following output:
Mounting SYSTEM...
Deleting SYSTEM:bin/su...
Extracting files to SYSTEM...
Setting SYSTEM:bin/su permissions to 06755...
Creating SYSTEM:xbin/su symbolic link...
E:Error in /sdcard/Superuser-3.0.7-efghi-signed.zip
(Status 0)
Installation aborted.
Now what?
Click to expand...
Click to collapse
download from androidsu and either save it directly to the ROOT of your sdcard, or copy and paste to the root of your sd card. i always get that same error when i install superuser from a folder in my sd card.

May Update Help?

Google Store purchased, currently have root and twrp installed, bootloader unlocked.
I read briefly that to accept the new update and keep root, you have to mess with the bootloader? Is there some sort of simplified guide on this?
Thanks to chainfire, there is a guide for updating to may version and keep may bootloader.
First, you have to flash new factory image or sideload the ota
Let it reboot, now you lost recovery, custom kernel, root etc..
Reboot to bootloader and boot to twrp, flash supersu and the zip provided by chainfire for signing the bootloader
Reboot and you should have root with may update
If you want a custom kernel or twrp you should flash the zips and the verification tool, i didn't understand the right process for this, for me it looped a couple of times but after flashing those files a bunch of times in different orders it succesfully booted with no errors.
I'm currently running stock 7.1.2 may update with supersu 2.79 SR3, TWRP 3.0.1 RC1, franco kernel r15 with no errors, everything running perfectly
Where can we get the May ota download and a refresher on sideloading it? I've done that before but don't do it often enough to get through it quickly... currently running 7.1.2 / NHG47K on my Google bought Pixel which has been unlocked, and rooted. Though I've not installed TWRP, I can bootload into it fine....
My phone app has suddenly started acting all wonky, so I'd really like to update and see if that will help straighten things up.
Thanks for the assistance...
Got the May ota and will now sideload it. Where is this 'guide' that you mentioned Chainfire has setup to assist folks handling the May update?? I'd like, specifically, to get a copy of the zip file that signs the bootloader.
Thanks!!
I am wondering also. Still using NDE63P from October, wasn't aware we could take OTA's at all and keep root. Been having so many Bluetooth issues, it's worth a shot given their focus on it a month or so ago.
Well... up until this recent May ota release, it used to be pretty easy to simply download the latest Superuser zip file and re-install it on your phone, thereby re-establishing root access (assuming your phone is / was unlocked and rooted prior to taking the update). That is not the case going forward.... but I am still researching it.... follow along by looking here: https://forum.xda-developers.com/an...signing-boot-images-android-verified-t3600606
Oh wow, that's super easy. Sweet! Now I need to find out where the past OTA's are so I can flash all of those...
I'm going to give all that a try soon, if anyone following this thread needs help or has questions, feel free to reply here with them.
To dumb down that entire OP into the reason why it's needed: the OTA's being sent out up through April 2017 was just the OTA itself. In May, they started requiring them to be encrypted with a certificate, but didn't provide requirements on from whom the certificate comes from. This means that now, instead of just flashing the ZIP, you first encrypt it with your own certificate and then flash the result of that.
They mention the private keys can be discarded later, given they are generated for the sole purpose of uploading OTA's to the phone, I would think keeping them on the internal SD card of the phone itself would be suitable. Heck, zip those puppies up and email them to yourself, they're not being used for security, why not, right?
Try here: https://developers.google.com/android/ota
Just sideload the latest... you only need one
pstgh said:
... https://developers.google.com/android/ota
Just sideload the latest
Click to expand...
Click to collapse
pstgh said:
... follow along by looking here: https://forum.xda-developers.com/an...signing-boot-images-android-verified-t3600606
Click to expand...
Click to collapse
Yes, the first link is the ota repositories, download the zip of may, then put it in the adb folder, reboot to recovery, go in advanced menu and start sideload, without wipe cache or dalvik.
Then in cmd just type "adb sideload <name-of-the-ota.zip>"
Let it finish both steps and reboot, then you are ready to boot to twrp and flash supersu and the zip v3 from chainfire's thread for signin the bootloader.
That's it
Agree. Pro tip: after downloading the proper ota update, rename it to something simpler so you can more easily enter that adb sideload ota-filename.zip command!
pstgh said:
Agree. Pro tip: after downloading the proper ota update, rename it to something simpler so you can more easily enter that adb sideload ota-filename.zip command!
Click to expand...
Click to collapse
better pro tip: tab auto completes the filename.
exad said:
better pro tip: tab auto completes the filename.
Click to expand...
Click to collapse
Expert pro tip: shift+right click the file, "Copy As Path", paste into the terminal.
(I use ConEmu, so right-clicking the terminal itself pastes what's on the clipboard; some Linux distros do this also Command Prompt I think right click is done on the title bar or some obscure thing like that, can't remember).
Expert pro tip: shift+right click the file, "Copy As Path", paste into the terminal. -
I like this one but when I tried it, fyi, it pastes the path with quote marks on either end.... which is burdensome
Quotes are accepted in the adb commands. Without them, each space in the path is interpreted as an argument delimiter.
adb some-command C:\Program Files\Some-Program\Main.exe
passes "C:\Program" and "Files\Some-Program\Main.exe" as two different arguments to adb. Surrounding​ it with quotes instead allows adb to use the full path correctly. Common practice with command-line apps, although not universally supported.
It does work with adb/fastboot though, just did it a couple days ago to upgrade my Huawei Watch with the Wear 2.0 OTA that it kept failing to detect was available.

Will the current root method used on C432e7r1p8(patch03) allow install font apps?

I'm fairly reluctant to root the phone. I have had an excellent resource on here pretty much warn me against that.
I really want to put a different font on the phone. That's really the only reason I interest in rooting. I'm not wanting it just to be more decorative...I find the bold font hard to read in whatever app may be presenting bold text.
So anyway, l'd hate to do the root (which I understand is not really a full root), and then find it doesn't allow me to install the new fonts anyway.
ewingr said:
I'm fairly reluctant to root the phone. I have had an excellent resource on here pretty much warn me against that.
I really want to put a different font on the phone. That's really the only reason I interest in rooting. I'm not wanting it just to be more decorative...I find the bold font hard to read in whatever app may be presenting bold text.
So anyway, l'd hate to do the root (which I understand is not really a full root), and then find it doesn't allow me to install the new fonts anyway.
Click to expand...
Click to collapse
Rooting is 'full', just that technology (Android 9/10) is changing.
For AdAway app you must enable Systemless hosts (option/module in Magisk Manager), for modules Magisc automatically handles symlinking to the read-only System
So, even from root explorer (sugested MiXPlorer), you see as if AdAway wrote directly to the file system/etc/hosts, or that BusyBox tools are applied directly to system/xbin
Since EMUI 8, Huawei replaced Boot with Ramdisk, and since EMUI 9.1 Ramdisk is also read-only, hence Magisk must patch to Recovery instead
Because of that, you cannot have TWRP if you go for root (don't consider an alternative solution to flash TWRP over erecovery). But formally speaking, TWRP is not part of root (on the old systems, you could have TWRP without root, vice versa, or both). Even with TWRP, TWRP could not change read-only System, and it cannot see dynamical linking active only when system is running (Magisk running). Plus, because of new encryption since EMUI 8, TWRP cannot handle Internal storage (don't consider alternative solution to completely wipe Internal storage and format it without encryption)
All together, from system, systemless works fully seemlessly (as 'full' root). Just you don't use TWRP
To root:
- Install Huawei UpdateExtractor (PC), download update.zip for your 9.1.0.252 c432 from FirmwareFinder, unzip and extract Recovery_Ramdisk.img
- Copy Recovery_Ramdisk.img to the phone, install Magisk Manager, choose Install and then Patch a file, check all three options Preserve AVB, Preserve encryption, Recovery file
- Copy patched_boot.img (rename to patched_recovery.img or so) to PC and flash from Fastboot to Recovery (similar like flashing TWRP) - of course, Bootloader must be unlocked (you have code) and OEM/FRP must be unlocked
- You must boot to system through recovery (because Magisk was patched to recovery), if Magisk Manager shows rooted, you are done
To unroot:
- In case of bootloop or anything: just flash stock Recovery_Ramdisk.img back to Recovery, and you are back to stock
- Regular unrooting: take Uninstall from Magisk (and later, optionally, flash stock recovery_ramdisk.img)
- In case of OTA: unroot (regularly, as above), accept OTA, root again
Btw, you could update your sig now (no more EMUI 5)
Thanks for all the info.
One thing I did not understand from that: will rooting then allow me to add different fonts?
Thanks for the reminder on the sig. I've been thinking of it but procrastinating...which means I would ultimately forget.
ewingr said:
Thanks for all the info.
One thing I did not understand from that: will rooting then allow me to add different fonts?
Thanks for the reminder on the sig. I've been thinking of it but procrastinating...which means I would ultimately forget.
Click to expand...
Click to collapse
Font size can be changed in Settings /Display
I never changed system fonts but there are Magisk modules to do so, search by Google, eg:
https://forum.xda-developers.com/apps/magisk/avfonts-march-6-t3760827
https://forum.xda-developers.com/apps/magisk/module-midnightcore-one-midnight-modules-t3762758
Maybe I just am having a mental block...I can't find the firmware in FF. I searched on each of these as criteria:
MHA-L129C432
MHA-L129C432E7R1P8
9.1.0.252
9.1.0.252 c432
MHAJ-L129C432 9.1.0.252
None of those searches found a FW for L129 for the 9.1.0.252 version. I did see a lot for MHA-LGRP2.
I used FF on the phone. I downloaded FF for the PC, and can't figure out how to use it. I put a model in on the Main Page, nothing happens. I see no way to put a model in on the Search Firmwares page.
Of course, I was updated to 9.1 via OTA, so all the work I did getting to 9.1 did not involve downloading the firmware to my PC, so I don't have it from all that work.
ewingr said:
Maybe I just am having a mental block...I can't find the firmware in FF. I searched on each of these as criteria:
MHA-L129C432
MHA-L129C432E7R1P8
9.1.0.252
9.1.0.252 c432
MHAJ-L129C432 9.1.0.252
None of those searches found a FW for L129 for the 9.1.0.252 version. I did see a lot for MHA-LGRP2.
I used FF on the phone. I downloaded FF for the PC, and can't figure out how to use it. I put a model in on the Main Page, nothing happens. I see no way to put a model in on the Search Firmwares page.
Of course, I was updated to 9.1 via OTA, so all the work I did getting to 9.1 did not involve downloading the firmware to my PC, so I don't have it from all that work.
Click to expand...
Click to collapse
Look for MHA-LGRP2-OVS - see screenshots.
You can also find through Web:
https://pro-teammt.ru/firmware-database/?firmware_model=MHA-LGRP2-OVS
Btw, there are several b252 packages there, all the same size (and probably all ok) but I was told that package number #279403
is the one that is distributed by OTA
Thanks.
I saw the MHA-LGRP2-OVS ones, but I thought I needed to find one with identical name to the one I'm on.
This stuff doesn't make much sense...at least not logical. Only experience and/or help makes it possible to get it done.
Appreciate y our help.
Well, I don't know what's going on. I downloaded the FW from the link you provided, as well as from FF on the phone.
The one from the phone, once I transferred it to the PC, wouldn't extract anything from the zip.
The one from the link extracted, but when I loaded the Update.app into Update EXtractor, I got this error:
So, I then downloaded a different version from the web site (282444), and got this in Update Extracter:
Maybe it's warning me to not root:silly:
I am going through the thread about the extracter tool now to see if I find anything helpful. First blush looks like I'd need to make a profile file that is outside the limits of my knowledge. We'll see.
I found a post saying:
Try with crc check off (in settings) for extracting
Click to expand...
Click to collapse
So I turned off the settings outlined in red:
I ended up with these two files and sizes:
Do those sizes look right?
ewingr said:
I found a post saying:
So I turned off the settings outlined in red:
I ended up with these two files and sizes:
Do those sizes look right?
Click to expand...
Click to collapse
Yeah, I also switched checksum off and it showed things as usual.
Extracted Recovery-Ramdisk (32 MB is usual size, you need only that IMG file):
https://mega.nz/#!g4lwiCIC!ikK7xJk2j1G9aSsIj1y0sQsV_s6pWTcrxCJtn56YCik
Btw, now having also service repair package for MHA-L29 9.1.0.252 c432E7R1P8 (like you used MHA-L29c432b386), i.e., suitable for DLOAD installation (if anything goes wrong):
https://www.androidfilehost.com/?fid=4349826312261725171
zgfg said:
Yeah, I also switched checksum off and it showed things as usual.
Extracted Recovery-Ramdisk (32 MB is usual size, you need only that IMG file):
https://mega.nz/#!g4lwiCIC!ikK7xJk2j1G9aSsIj1y0sQsV_s6pWTcrxCJtn56YCik
Btw, now having also service repair package for MHA-L29 9.1.0.252 c432E7R1P8 (like you used MHA-L29c432b386), i.e., suitable for DLOAD installation (if anything goes wrong):
https://www.androidfilehost.com/?fid=4349826312261725171
Click to expand...
Click to collapse
Sounds good
So, I figured I need to start by re-unlocking my phone. But at the site for DC Unlocker, the following message seems to indicate I can't unlock:
WARNING:
If your phone runs Android 8 or later with latest security patch - then this service won't work!
Click to expand...
Click to collapse
I'm on Android 9 with security patch 3.
ewingr said:
Sounds good
So, I figured I need to start by re-unlocking my phone. But at the site for DC Unlocker, the following message seems to indicate I can't unlock:
I'm on Android 9 with security patch 3.
Click to expand...
Click to collapse
OMG - I think Im writing you THIRD or FOURTH time that the same unlock code you obtained will still work!!!
Because the code is bound to the serial number of your phone and will work for unlocking/relocking for the lifetime of your phone
Huawei is just making harder and harder to obtain the code (in the old days Huawei was giving the codes immediately and for free through their own page, now with the new EMUI versions it is needed to physically open the phone and use Testpoints and code providers charge you 30 Euros or more) but once you have a code (no matter when and how you obtained) , you can use the code the same way as always (fastboot oem unlock/relock ...)
zgfg said:
OMG - I think Im writing you THIRD or FOURTH time that the same unlock code you obtained will still work!!!
Because the code is bound to the serial number of your phone and will work for unlocking/relocking for the lifetime of your phone
Huawei is just making harder and harder to obtain the code (in the old days Huawei was giving the codes immediately and for free through their own page, now with the new EMUI versions it is needed to physically open the phone and use Testpoints and code providers charge you 30 Euros or more) but once you have a code (no matter when and how you obtained) , you can use the code the same way as always (fastboot oem unlock/relock ...)
Click to expand...
Click to collapse
OMG, yes, you have. BUT the site that provided the method to do it says it won't, per the quote I put in my post. I'm inclined to believe you, you have been a very good source and patient. But, I was wondering why would they say it won't work? That is their exact words, about their tool.
That being said, I guess as that I had the code before upgrading to 9, then just following the fastboot commands with that code will work, and in fact doesn't even use their tool. . So, I'll continue with that then. The information out here can sure be confusing.
Thanks...
[EDIT]
I figured that likely it would be the ramdisk.img file, and through Google search I found a thread that verified that. So, I'm continuing on.
Thanks...
Here's an interesting thing.
After patching the file, and seeing the instructions here, I find that the file they referenced in Downloads is a different size from the one I selected to patch, which was the RECOVERY_RAMDIS.img.
Do you think that indicates a problem? I presume I should use the one I selected, which was your instructions, but wonder if maybe something went wrong with the patch.
Again, just being cautious.
Thanks for your help.
56_kruiser said:
Here's an interesting thing.
After patching the file, and seeing the instructions here, I find that the file they referenced in Downloads is a different size from the one I selected to patch, which was the RECOVERY_RAMDIS.img.
Do you think that indicates a problem? I presume I should use the one I selected, which was your instructions, but wonder if maybe something went wrong with the patch.
Again, just being cautious.
Thanks for your help.
Click to expand...
Click to collapse
So, are you the same as previously, @ewingr?
If so, have you successfully unlocked Bootloader with that old code
OpenKirin instruct to patch Ramdisk and that was correct for EMUI 8.
(If) yu are on EMUI 9.1, hence you need to patch and flash Recovery Ramdisk
When patching from Magisk Manager (MM), you have to check all three options: Preserve AVB 2.0 DM-Verity, Preserve Force Encryption and Recovery Mode.
Does MM report any error while flashing or success/ok?
You can rename patched_boot.img to like patched_recovery.img, doesn't matter, but you must flash it to Recovery (like flashing TWRP to Recovery).
Right after flashing, boot by key combo to that patched Recovery (like booting to TWRP by key combo, after flashing TWRP).
Of course, you will not flash/use TWRP here
I don't imagine you'll find this hard to believe, but I got an error on the flash attempt
I renamed the patched file to: Patched_RECOVERY_RAMDIS.img
I entered this command:
fastboot flash ramdisk Patched_RECOVERY_RAMDIS.img
Click to expand...
Click to collapse
I got this response:
target reported max download size of 471859200 bytes
sending 'ramdisk' (32768 KB)...
OKAY [ 0.721s]
writing 'ramdisk'...
FAILED (remote: partition length get error)
finished. total time: 0.757s
Click to expand...
Click to collapse
56_kruiser said:
I don't imagine you'll find this hard to believe, but I got an error on the flash attempt
I renamed the patched file to: Patched_RECOVERY_RAMDIS.img
I entered this command:
I got this response:
Click to expand...
Click to collapse
Again, if you are on EMUI 9.1, forget Open Kirin instructions (for EMUI 8).
You must patch Recovery Ramdisk and flash to Recovery Ramdisk, so:
fastboot flash recovery_ramdisk Patched_RECOVERY_RAMDIS.img
I did in fact not use anything from the OpenKirin. But I apparently used wrong syntax for the command. But you providing that will help.
.......
It didn't work at first pass. I think this is why.
You will recall that in the discussion I had about the OpenKirin instructions that I mentioned they referenced a patched file in Downloads. Well, stepping through it again, and reading the small print, it says "Patched file is in downloads". So, it did not update the file I had put there, it used that to create a new patched file that was saved in downloads.
So, I will not go ahead and download that one and continue with the instructions. I bet it works this time.
---------- Post added at 10:04 PM ---------- Previous post was at 09:41 PM ----------
I think I have success. But of course, a couple interesting things:
So, you indicated I need to "boot through recovery". So I expected to hold power, and vol-up to boot into recover. But it booted to the phone.
I got a request to grant Superuser to Tasker, which I did.
I loaded Magisk, and it says it is installed, but doesn't have any indication if it is rooted. I presume it is, given the request for Superuser for Tasker.
Just now had it pop up with a notice that there is an important system update patch. I don't know if I can stop it, or if I should care about it. I did say "later" so for now, it is not installing.
One other question: Is the method to have root accomplished in the future by booting with Power+Vol-UP? If not done that way, it boots non-rooted? (I ask because it did get booted up w/o holding pwer+vol-up, and it did not show Magisk installed. After that was when I booted with the key sequence.
56_kruiser said:
I did in fact not use anything from the OpenKirin. But I apparently used wrong syntax for the command. But you providing that will help.
.......
It didn't work at first pass. I think this is why.
You will recall that in the discussion I had about the OpenKirin instructions that I mentioned they referenced a patched file in Downloads. Well, stepping through it again, and reading the small print, it says "Patched file is in downloads". So, it did not update the file I had put there, it used that to create a new patched file that was saved in downloads.
So, I will not go ahead and download that one and continue with the instructions. I bet it works this time.
---------- Post added at 10:04 PM ---------- Previous post was at 09:41 PM ----------
I think I have success. But of course, a couple interesting things:
So, you indicated I need to "boot through recovery". So I expected to hold power, and vol-up to boot into recover. But it booted to the phone.
I got a request to grant Superuser to Tasker, which I did.
I loaded Magisk, and it says it is installed, but doesn't have any indication if it is rooted. I presume it is, given the request for Superuser for Tasker.
Just now had it pop up with a notice that there is an important system update patch. I don't know if I can stop it, or if I should care about it. I did say "later" so for now, it is not installing.
One other question: Is the method to have root accomplished in the future by booting with Power+Vol-UP? If not done that way, it boots non-rooted? (I ask because it did get booted up w/o holding pwer+vol-up, and it did not show Magisk installed. After that was when I booted with the key sequence.
Click to expand...
Click to collapse
Magisk by default means you have root. You can install and disable modules in Magisk Manager, but you cannot disable root - for that you must Unistall Magisk (an option in Magisk Manager).
In MM you have a tab/menu showing all apps that were granted root - you can suspend or even revoke to some
Check in Settings/About, does it show you have b252 or b252 Patch03. I think that it thinks you are on b252 without Patch03, and it wants to install that patch.
But I don't know would you loose Magisk if you accept (or even get bootloop), so better disable authomatic OTA updates for now.
Believe me, similar 'Important' patches were receiving users (starting at the same time) with various Huawei phones running EMUI 9.1, discussing on XDA what it was, but there was never an answer, nobody detected any change for something better or worse.
So you don't loose anything if About showing b252 without Patch03
To boot to Magisk you must boot with Vol+ pressed - with USB discinnected.
If connected by USB to charger or PC, booting with Vol+ pressed will boot to eRecovery.
Normal booting (without Vol+ pressed) boots to the system (Android), but with Magisk disabled (MM will say that Magisk is not installed), so no root.
Reboot again with Vol+ and you are again rooted
If it ever comes an OTA for higher than b252, you will have to Uninstall Magisk from Magisk Manager and then accept OTA (and root by yhe same procedure one more time, with recovery_ramdisk.img from the new firmware).
Anomoly with root...
Root is working, albeit with anomalies.
If I boot w/o going through the recovery/Magisk, the phone boots up w/o root, and all works fine. When I go through recovery/Magisk, it comes up rooted, but with the following untenable anomalies: Dialer/Phone does not load; Contacts are not available; As result calls I receive do not show who is calling, and I cannot make calls out.
Given that changing fonts do not give me the fix I was chasing (see this thread), I may, unroot. But given that I can boot up w/o root and it works fine, I'll hold off un-rooting for a bit.

Categories

Resources