Related
I can't read french, but the translation site seems to indicate that this hexedit will permanently unlock any phone. My Captivate nv_data.bin matches perfectly.
I just can't translate all the comments and i really want to read what everyone is saying.
Any french speakers out there?
http://forum.frandroid.com/forum/viewtopic.php?id=26052
Thanks to zzyxy for posting this in another thread.
EDIT - changed title and found English Post on XDA.
http://forum.xda-developers.com/showpost.php?p=8182729&postcount=107
Translated by google chrome
Here is how to unlock a phone that has missed its flash Froyo JPC (request for unlock code and displays the correct imei)
New semi automated method available here: http://forum.frandroid.com/forum/viewtopic.php?id=27019
Beware if the imei is not good before you start, it will not be at the end.
This method can also be used to modify the Product Code for those interested
All that was done on'm Android 2.1 since Froyo modifies the files to his liking (I advise to do New JM1, it works very well).
Thank you for everything you read, do not fly the tutorial is very important !!!!! I could not be responsible for those who are mishandling
Before anything else, save the file efs /, we will play with:
http://forum.frandroid.com/forum/viewtopic.php?id=25668
Need to be root, busybox, android sdk available here:
http://developer.android.com/sdk/index.html
(In windows) we decompress the ZIP, it renames the file "android-sdk-windows" to "android" short and placed in c: \ (the name and location to the sdk is placed are important to commands typed by hand later)
Extracting a nv_data.bin:
Plug the phone in usb mode enabled USB debugging
Start => Run => cmd (a DOS window will open)
Tapper to space by:
cd ..
cd ..
cd android
cd tools
adb pull / efs / nv_data.bin
Close the DOS window
The file will appear in the nv_data.bin réperoire c: \ android \ tools.
Edit the file with a hex editor nv_data.bin (EditHexa available in my example here: ... http://www.logitheque.com/logiciels/win a_9903.htm):
188 021 offset (page 3137) to "XEF" (ca will recognize the phone as "naked") (thus change the product code)
Offset 18146E (page 3,083) to "00000000" (ac will put the network unlock code 00000000)
We backup ^ ^
Then we go back in adb ^ ^
Start => Run => cmd (a DOS window will open)
Tapper and point in space by:
cd ..
cd ..
cd android
cd tools
adb shell mkdir / sdcard / efs "
adb push nv_data.bin / sdcard / efs
adb shell
su
mv / efs / .nv_data.bak / efs / .nv_data.bakk
mv / efs/.nv_data.bak.md5 / efs/.nv_data.bakk.md5
rm / efs / nv_data.bin
rm / efs/nv_data.bin.md5
rm / efs/.nv2.bak
rm / efs/.nv2.bak.md5
cp busybox / sdcard / efs / nv_data.bin / efs / nv_data.bin
chmod 755 / efs / nv_data.bin
chown radio.radio / efs / nv_data.bin
If he ever put the radio user does not exist, try "chown 1001:1001 / efs / nv_data.bin" instead and yes for some it is still not the same ....( thank you Froyo JPC / JPH )
There may be errors on. Nv2.bak and md5 (they do not exist at all)
I renamed the. Bak. BAKK to set aside the time everything is finished, they will be erased later.
do: ctrl + c
unplug the phone, remove the battery without turning the phone 30 seconds.
restart (on or before this point we must put the sim)
The network will unlock code: 00000000, it will the code is good but not unlock it anyway. If its not working properly and restart the phone again.
once functional, * # 06 # displays the correct imei
After there are bugs that require reflashing, reflash in New JM1 via Odin with re-partition active (I did not test other firmwares)
Must rooter again (the busybox normally installs with the root) ... and yes again ^ ^
reboot (so the normally nv_data.bin.md5 must have recreated)
Creating the. Bak
plug the phone into USB debugging mode enabled
We return under adb ^ ^
Start => Run => cmd (a DOS window will open)
Tapper and point in space by:
cd ..
cd ..
cd android
cd tools
adb shell
su
rm / efs / .nv_data.bakk
rm / efs/.nv_data.bakk.md5
busybox cp / efs / nv_data.bin / efs / .nv_data.bak
busybox cp / efs/nv_data.bin.md5 / efs/.nv_data.bak.md5
chown radio.radio / efs / .nv_data.bak
chown radio.radio / efs/.nv_data.bak.md5
Ctrl + c
Unplug your phone
and it finally finished your phone is unlocked and working again all operators ... remember to save them now ^ ^
A big thank you to Rickou who brought me on a platter chown radio.radio Chaineau who was missing.
And has Reve40 with whom I studied nv_data.
And Hideki Jis26 who tested the method before it is online.
A remark Hideki:
hideki wrote:
Otherwise I just add details about my case.
So personally I stopped before the stage flashing in JM1 because I had no problem and my bak files were recreated itself at startup.
I tried the following reredémarrer my imei and no problems still, no application code. And like bin files are recreated at each boot from bak, I concluded that my bak was so good .
What greatly simplify the procedure .
This was not the case for me and therefore Jis26 peus be that after the Roma moved to the base, we could have some small variations, I can not say more.
Last edited by helroz (25-09-2010 1:50:37 p.m.)
Thanks for the translation but I found something even better then machine gobbly gook ,
I just found the original post by Helroz - in english on XDA if anyone wants:
http://forum.xda-developers.com/showpost.php?p=8182729&postcount=107
"This method work for galaxy s with damaged nv_data caused by froyo JPC (good imei but unlock code required)
this method is to recreate a new unlock code and allow the phone to unlock with new unlock code
I post this on frandroid with pictures and link for software:
h***://forum.frandroid.com/forum/viewtopic.php?id=26052"
So has anyone tried this method? Is changing the country code "XEF" necessary for unlock? Is that just for changing the product code?
michael.seltzer said:
So has anyone tried this method? Is changing the country code "XEF" necessary for unlock? Is that just for changing the product code?
Click to expand...
Click to collapse
I have yet to try it, but changing the country code is only necessary if you flashed a different international firmware and it changed that.
Ya i flashed to cognition 2.2 so it shouldn't be an issue right?
michael.seltzer said:
Ya i flashed to cognition 2.2 so it shouldn't be an issue right?
Click to expand...
Click to collapse
Not the country code, since you flashed an AT&T build.
when performing the busybox line, I get
cp: write error: No space left on device
Why? I have plently of room on my phone, what is the problem here?
No one has any idea?
Vae Hostilis said:
when performing the busybox line, I get
cp: write error: No space left on device
Why? I have plently of room on my phone, what is the problem here?
Click to expand...
Click to collapse
I ran into this, and i have an answer... took me bit to discover it...
The /efs partition is only about 6MB in size - the nv_data.bin is 2mb. There is a hidden backup file and another file as well that are also about 2mb.
ls -l -a (you can't do ls -la as in linux or unix) will show you hidden files and sizes.
So you probably tried to backup your nv_data.bin in the /efs folder, and then copying a new one over and you ran out of space. Delete the nv_data.bin after you back it up to your SD card, then copy the changed one over.
alphadog00 said:
I ran into this, and i have an answer... took me bit to discover it...
The /efs partition is only about 6MB in size - the nv_data.bin is 2mb. There is a hidden backup file and another file as well that are also about 2mb.
ls -l -a (you can't do ls -la as in linux or unix) will show you hidden files and sizes.
So you probably tried to backup your nv_data.bin in the /efs folder, and then copying a new one over and you ran out of space. Delete the nv_data.bin after you back it up to your SD card, then copy the changed one over.
Click to expand...
Click to collapse
Tried deleting the file in the efs folder, then just copying the file over using root file manager and it still says I don't have enough room. after deleting the file, I have 1.91mb free in that folder. is there anything in there I can toss?
And what does busybox have to do with transfering the file? as in why do i have to include busybox when typing in the command on adb?
Edit: here is the list of files in there in case I have some unnecessary ones.
.android (folder)
---empty
.imei (size: 15)
.nv_data.bakk (2097152)
.nv_data.bakk.md5 (32)
.nv_state (1)
imei (folder)
---bt.text (23)
---mps_code.dat (3)
nv.log (96)
after listing these off, I notice there is a serious math problem here..... how do i have 4.01 mb (according to root file manager) filled?
Vae Hostilis said:
Tried deleting the file in the efs folder, then just copying the file over using root file manager and it still says I don't have enough room. after deleting the file, I have 1.91mb free in that folder. is there anything in there I can toss?
And what does busybox have to do with transfering the file? as in why do i have to include busybox when typing in the command on adb?
Edit: here is the list of files in there in case I have some unnecessary ones.
.android (folder)
---empty
.imei (size: 15)
.nv_data.bakk (2097152)
.nv_data.bakk.md5 (32)
.nv_state (1)
imei (folder)
---bt.text (23)
---mps_code.dat (3)
nv.log (96)
after listing these off, I notice there is a serious math problem here..... how do i have 4.01 mb (according to root file manager) filled?
Click to expand...
Click to collapse
I did all this via ADB shell and i didnt use the busybox command; but i don't see your original nv_dat.bin - that is 2MB. You can delete the bakk file - that was made by some script - i have never seen the OS add 2 K's.
If you want to keep something move it to SD card and then delete from /efs. I know it is the nv_data.bin and .nv_data.bin that are 2MB files - they take up the room in the partition.
Unless you use a terminal and type in the commands - it is hard to tell what the file manager may still be hiding. I haven't used root file manager.
alphadog00 said:
I did all this via ADB shell and i didnt use the busybox command; but i don't see your original nv_dat.bin - that is 2MB. You can delete the bakk file - that was made by some script - i have never seen the OS add 2 K's.
If you want to keep something move it to SD card and then delete from /efs. I know it is the nv_data.bin and .nv_data.bin that are 2MB files - they take up the room in the partition.
Unless you use a terminal and type in the commands - it is hard to tell what the file manager may still be hiding. I haven't used root file manager.
Click to expand...
Click to collapse
I have the .nv_data.bak, the .nv2.bak, and the nv_data.bin in the sdcard folder. I believe the instructions told us to move those out of the efs folder and rename the copies (left in the efs folder) to .bakk instead of .bak, as they were the ones that would be deleted later.
All the files you see, are all the files in there, looking through ADB and the Root File manager app w/ hidden files shown. and the file sizes are not adding up to the total 4 it says I have in there, but I will try deleting the .bakk file and see what happens.
The nv_data.bin is the important one.
With what you listed, you should have about 4mb free, not 4 mb used. If you are in ADB shell you also have the df and du commands to show you how much of the /efs partition is used.
lol. it tells me 4.01mb is used.... sigh.....
Edit: just wiped my phone for the hell of it to see if it fixed anything. All the files are back, safe and sound, and the MATH ADDS UP (Yeay!). I'll try one more time before I give up.
Edit 2: just ordered a replacement device from at&t. I'll just run the Generate Code program on that, hopefully. Thank you for your help!!
So has anyone actually tried this? Does it actually work?
Sent from my SAMSUNG-SGH-I897 using XDA App
How did you get att to replace it?
michael.seltzer said:
So has anyone actually tried this? Does it actually work?
Sent from my SAMSUNG-SGH-I897 using XDA App
Click to expand...
Click to collapse
It does work. As long as your IMEI is good. (*#06#). Take a good unlocked nv_data.bin - put your IMEI and unlock/unfreeze codes in it; in the right places. Move it your phone and reboot.
so if i just follow the guide exactly i'll be good? Is there a chance that my phone might not boot up? For some reason my phone can't get into download or recovery mode so i don't want to be stuck.
michael.seltzer said:
so if i just follow the guide exactly i'll be good? Is there a chance that my phone might not boot up? For some reason my phone can't get into download or recovery mode so i don't want to be stuck.
Click to expand...
Click to collapse
with a bad nv_data.bin - it should still boot -but I can't guarantee it. Never tried.
Hacking system files, there is always the chance the phone won't boot. AT&T did it with OTA upgrade.... How bad do you need to unlock your phone -that is the question you need to ask yourself.
INFORMATION
This guide is intended to make a full backup of your android phone (the entire memory block with all partitions) or a single partition (including sdcards, etc) directly to your computer, in either
Block level (with dd): for single partitions or whole memory block (all partitions in one piece). The backup always has the same size which is the size of the partition.
File level (with tar): only for individual partitions. This only includes files and folders, so occupies much less space, depending on how much filled is the partition.
It can be done with the phone powered on or from ClockWorkMod Recovery (from both ADB works, while in Fastboot doesn't so won't apply). Unless specified the commands meant to be used from Windows. For Linux and Unix is similar.
REQUIREMENTS
Rooted Android Phone
Busybox installed on your phone
If you are using Linux / OS X you have native tools, for Windows download Cygwin, and install with it netcat, pv and util-linux. Get them from Cygwin's setup.exe
ADB installed.
Make sure adb.exe is in your windows' path. See here and here, or use Path Manager.
Android phone with USB Debugging enabled, and the proper drivers installed on Windows so the phone is recognized. Typing 'adb devices' on a terminal should show your device.
PARTITION IDENTIFICATION
You now have to identify the partition or block device that you want to backup. For a single partition you can use either tar or dd, while for the entire memory block you can only use dd.
For example, on Galaxy Nexus you have the list of partitions here and for Galaxy S2 here.
Usually on android, the entire block containing all partitions is located at /dev/block/mmcblk0 and the data partitions is a subpartition of it. You can push parted with GPT support to your device and see all information on a partition or block.
Whole phone memory -> /dev/block/mmcblk0 (may vary, in some phones this is the sdcard)
Subpartitions -> depends on each device. Usually at /dev/block/platform/dw_mmc/by-name/ there are listed by name linking to the real device.
Back up of the whole memory block (via adb)
Connect the phone in ADB mode and unlock the screen.
Open one Cygwin Terminal and enter (replace mmcblk0 if needed):
Code:
adb forward tcp:5555 tcp:5555
adb shell
su
/system/xbin/busybox nc -l -p 5555 -e /system/xbin/busybox dd if=/dev/block/mmcblk0
You will see the cursor blinking at the left. Now the phone is waiting to send the block over the network.
Open another Cygwin terminal and type:
Code:
adb forward tcp:5555 tcp:5555
cd /path/to/store/the/backup
nc 127.0.0.1 5555 | pv -i 0.5 > mmcblk0.raw
You will see how the image size is growing until it finishes. Now you have the whole phone backed up in raw format. You can see the contents of the GPT partition with gptfdisk tool, available for windows, linux and such. See official website and sourceforge to get it. You can do it the same from ClockWorkMod Recovery but you have to mount first the /system partition since the busybox included with clockworkmod does not come with netcat and you have to use the one from the system partition.
With further linux tools you could edit or extract single partitions from the whole block.
You can use adb via wifi as well with applications like WiFi ADB.
Back up of the whole memory block (via wifi)
Original post: [Q] Nandroid directly to computer w/o sdcard
We need to install a FTP server on the computer or the other device, configure a user with a password if we want to, and set some port. It uses by default 21 but this example uses 40. We must set a home dir for the user with write permissions.
Usually is a good idea to put myfifo in /cache not in /data because we may overwrite sensitive data in case we want to use that raw image for data recovery.
Open one Cygwin terminal
Code:
adb shell
su
mkfifo /cache/myfifo
ftpput -v -u user -p pass -P 40 COMPUTER_IP block.raw /cache/myfifo
Open another Cygwin terminal
Code:
adb shell
su
dd if=/dev/block/mmcblk0p12 of=/cache/myfifo
Tips:
- Fifos only can be made on linux native filesystems, for example on a FAT partition is not possible.
- Reading from a partition does not modify it.
Now check on Filezilla Server the speed
Back up of the whole memory block (USB tethering, Wifi tethering)
To use tethering you have to disconnect the computer from all networks and connect it only to the phone with the type of connection you want.
Once you connect it, you can view the IP of the computer and the IP of the phone from connection properties. The ip is the computer ip and the gateway is the phone's ip.
Wifi Tethering: Computer <---Wifi---> Phone <---3G---> Internet
USB Tethering:
Computer <---USB---> Phone <---Wifi---> Internet
Conputer <---USB---> Phone <---3G---> Internet
This is exactly the same as via wifi, except that the transfer speed is much higher because the computer and the phone are directly connected, instead of using a router as a gateway. In this case, the gateway is the phone. USB tethering has the highest transfer rate.
Back up of a single partition (raw = every bit of the partition)
It is exactly the same as the the previous but replacing mmcblk0 by the corresponding partition. You can use in this particular case several software to read the partition from windows, depending on partition filesystem: DiskInternals Linux Reader, Ext2Read, Ext2 File System Driver for Windows, Ext4Explore, plugin for Total Commander and ImDisk Virtual Disk Driver. You can also use recovery software on individual partitions like Recuva in combination with VHD Tool or command line tools included with operating systems.
Back up of a single partition (tar = only files and folders)
In this case, you need the partition mounted. To see the list of mounted partitions type on Cygwin Terminal
Code:
adb shell mount
Now you need to know where is mounted the partition you want to backup, for example the firmware is mounted on /system, which is the ROM.
In this case you will have to open three terminals, because of android limitations:
Open one Cygwin terminal and create a fifo, in /cache, for example, and redirect the tar there
Code:
adb forward tcp:5555 tcp:5555
adb shell
su
/system/xbin/busybox mkfifo /cache/myfifo
/system/xbin/busybox tar -cvf /cache/myfifo /system
We have to do it this way because redirecting the tar to stdout (with - ) is broken on android and will corrupt the tar file.
Open a second Cygwin terminal and type:
Code:
adb forward tcp:5555 tcp:5555
adb shell
su
/system/xbin/busybox nc -l -p 5555 -e /system/xbin/busybox cat /cache/myfifo
Open a third Cygwin terminal and type:
Code:
adb forward tcp:5555 tcp:5555
cd /path/to/store/the/backup
nc 127.0.0.1 5555 | pv -i 0.5 > system.tar
You can browse the tar file with Winrar, Total Commander, PeaZip and almost any compression tool. Note that you shouldn't extract files or edit it since the tar format saves the permission and owner data for each file, that is lost when extracted to FAT / NTFS partitions and you will mess things when restoring.
LINKS
[GUIDE] Internal Memory Data Recovery - Yes We Can!
How to Create and Attach a Virtual Hard Disk in Windows 7
[Guide] Types of Android backups
mohsyn said:
On newer android versions (Im on 7.2) data folder has a folder media which is link to sdcard and one ends up backing up entire sd card. I had a 64gb backup which wasn't necessary
In order to avoid skipping the media folder i had to do some trial and error because busybox tar command is not completely the same as GNU tar.
Would appreciate if you can mention it in the mail guide to use the following command to backup /data folder without copying sdcard files
In first terminal
tar cv --exclude data/media/0 -f /cache/myfifo /data
in 3rd terminal
nc 127.0.0.1 5555 | pv -i 0.5 > data.tar
no change in second terminal
Cheers
Click to expand...
Click to collapse
Umm...how to restore back from computer?
Sent from MARVEL
I am a little new to this, I have installed Android sdk and i am able to see my device by using "adb devices" , i have also installed Cygwin, now i want to backup whole phone memory block so i tried executing the first line on cygin "adb forward tcp:5555 tcp:5555" i get an error saying -bash: adb :command not found.
I am sorry if i am missing any thing, please guide me, and also what do you mean by "download Cygwin, and install with it netcat, pv and util-linux"
Thanx a ton !!
aunriz said:
I am a little new to this, I have installed Android sdk and i am able to see my device by using "adb devices" , i have also installed Cygwin, now i want to backup whole phone memory block so i tried executing the first line on cygin "adb forward tcp:5555 tcp:5555" i get an error saying -bash: adb :command not found.
I am sorry if i am missing any thing, please guide me, and also what do you mean by "download Cygwin, and install with it netcat, pv and util-linux"
Thanx a ton !!
Click to expand...
Click to collapse
You've done almost everything! But you skipped the section "make sure adb is in your path"
Probably you have adb.exe in the path
Code:
C:\Program Files (x86)\android-sdk\platform-tools\adb.exe
So you have to just add it to the Cygwin's path (would be better if you had added it earlier to the windows' path and cygwin will import it automatically but it is ok)
Code:
export PATH="/cygdrive/c/Program Files (x86)/android-sdk/platform-tools":$PATH
Remember to backup the path previously if you want.
Code:
echo $PATH > mypathbackup.txt
scandiun said:
You've done almost everything! But you skipped the section "make sure adb is in your path"
Probably you have adb.exe in the path
Code:
C:\Program Files (x86)\android-sdk\platform-tools\adb.exe
So you have to just add it to the Cygwin's path (would be better if you had added it earlier to the windows' path and cygwin will import it automatically but it is ok)
Code:
export PATH="/cygdrive/c/Program Files (x86)/android-sdk/platform-tools":$PATH
Remember to backup the path previously if you want.
Code:
echo $PATH > mypathbackup.txt
Click to expand...
Click to collapse
Thanks for replying but i cant seem to run the 3rd line , see this
[email protected] ~
$ adb forward tcp:5555 tcp:5555
[email protected] ~
$ adb shell
$ /system/xbin/busybox nc -l -p 5555 -e /system/xbin/busybox dd if=/dev/block/mmcblk0
reloc_library[1311]: 10182 cannot locate 'android_reboot'...
CANNOT LINK EXECUTABLE
i hav sucessfully installed busybox v1.14.3, i am not sure what is causing the problem
EDIT:
i found that my directory ws system/bin instead of xbin
so i changed it and first part worked correctly, now i cant seem to get the second part
[email protected] ~
$ adb forward tcp:5555 tcp:5555
[email protected] ~
$ cd c:/
[email protected] /cygdrive/c
$ nc 127.0.0.1 5555 | pv -i 0.5 > mmcblk0.raw
-bash: nc: command not found
-bash: pv: command not found
aunriz said:
[email protected] /cygdrive/c
$ nc 127.0.0.1 5555 | pv -i 0.5 > mmcblk0.raw
-bash: nc: command not found
-bash: pv: command not found
Click to expand...
Click to collapse
You don't have installed pv and netcat on cygwin. Run the setup.exe and install them.
If you run
Code:
whereis pv
whereis nc
should give you some path (in cygwin) but applies similar inside android.
scandiun said:
You don't have installed pv and netcat on cygwin. Run the setup.exe and install them.
If you run
Code:
whereis pv
whereis nc
should give you some path (in cygwin) but applies similar inside android.
Click to expand...
Click to collapse
Now i hav installed cv and nc and commands run sucessfully, but i get the raw file as just 1kb
First terminal:
[email protected] ~
$ adb forward tcp:5555 tcp:5555
adb shell
[email protected] ~
$ adb shell
$ /system/bin/busybox nc -l -p 5555 -e /system/bin/busybox dd if=/dev/block/mmcblk0
/system/bin/busybox nc -l -p 5555 -e /system/bin/busybox dd if=/dev/block/mmcblk0
$
second terminal:
[email protected] ~
$ adb forward tcp:5555 tcp:5555
[email protected] ~
$ cd c:/
[email protected] /cygdrive/c
$ nc 127.0.0.1 5555 | pv -i 0.5 > mmcblk0.raw
55 B 0:00:00 [10.7kiB/s] [<=> ]
[email protected]
No idea what you may be doing wrong
Listen, I appreciate the guide, and it being basically the only one which popped up in google results, I can't gripe too much, but... you really, really need to make it more clear.
The point of a guide is to help a large group of people with varying degrees of knowledge (and if it's a guide targeted at a specific group of people, i.e tech savvy, then it needs to be indicated as such).
With that working definition in place, it follows that you should be as specific as possible; think of *everything*. By doing so, you not only avoid headaches for the people reading the guide, but for yourself as well since you don't have to reply to comments which might've otherwise been avoided.
I would post a question, but I'll probably have figured this out (with a good 1+ hours of searching no doubt) before anyone responds.
Here are some examples of what could be more specific:
"ADB installed." - what is ADB? Where's the link? It's not reasonable to assume people use these tools on a regular basis or remember them.
"You can push parted with GPT support to your device and see all information on a partition or block." - okay, so we know what it does but not how to install it or use it.
"ADB mode" - is this important? What is it? Not sure because it was glossed over.
These are just some examples. It's not the most horrendous trespass ever committed, but definitely annoying. Just spell it out from one step to the next, it works far better than topics with subheadings and unintuitive concepts being assumed as general knowledge on the behalf of noobs like me.
Edit: I'm just going to take everything off my SD card, use nandroid, and then copy the nandroid backup to computer as well. Please improve the guide, thanks.
Greatly appreciate this!
For me, a long-time UNIX and Linux administrator, this little guide was a breath of fresh air. Scandiun, *Thank You* for putting it together. It makes perfect sense to me -- just treat the phone as the linux machine it is. I'm becoming convinced that most of the more recent "developers" hanging around the android community have never used a linux machine before -- they don't seem to know what's going on, they go way out of their way to write overkill tools to do things clumsily that can already be done cleanly and quickly from the command line, and then they wrap those tools in so much mystery, black magic, and script-kiddie terminology that I can't figure out what they do either, and I certainly don't trust them doing things to my phone.
For example, I've got a new Galaxy S3, and just wasted a whole day digging around on xda, reviewing all of the "kewl rooting mods" until I got sick of it. Why the *heck* are people flashing entire partitions just to install a setuid /system/xbin/su on these devices? The rooting method I wound up using was dirt simple -- just find an rc exploit and use it to install an 'su' binary, by typing a few commands via adb. I used a variation of the exploit mentioned in http://seclists.org/fulldisclosure/2012/Aug/171, and elaborated in http://forum.xda-developers.com/showthread.php?t=1790104, http://forum.xda-developers.com/showthread.php?t=1792342, http://galaxys3root.com/galaxy-s3-root/how-to-root-u-s-canadian-dual-core-galaxy-s3-on-mac-osx/, and http://forum.xda-developers.com/showthread.php?t=1827518. If you are a UNIX person, you'll recognize what's going on with that exploit and be able to come up with something that suits your own needs. If you aren't a UNIX person, then you'll be completely lost. Sorta like this guide.
For anyone who doesn't yet know what adb is, or who's never used standard UNIX/Linux tools like dd, netcat, gparted, or busybox, I agree that this guide is not only not going to help you, but may actually aid you in shooting yourself in the foot with extreme efficiency. But please don't criticize or nag the OP in return for helpful advice freely given. You won't learn much about UNIX tools on an Android-related web site in any case. I recommend starting with a Linux systems administration book -- the Nemeth series is always good. But if you do take that route, you need to expect to take time to learn the basics.
Absolutely beautiful!
Thank you for this work. I was able to recover deleted files from my Galaxy Nexus' internal memory using this technique. I made a [GUIDE] using most of what you accomplished here: http://forum.xda-developers.com/showthread.php?p=34185439
Thank you, thank you, thank you! It can't be said enough. I had family photos that I would not have been able to reproduce. Much love to you and yours!
:good: :highfive: :victory:
so did anyone dare to restore the drive (all of storage, everything !)? without bricking the thing ?
mai77 said:
so did anyone dare to restore the drive? w.o bricking the thing ?
Click to expand...
Click to collapse
What drive? A partition?
scandiun said:
If you are using Linux / OS X you have native tools, for Windows download Cygwin, and install with it netcat, pv and util-linux. Get them from Cygwin's setup.exe
Click to expand...
Click to collapse
netcat is obsolete (mark to even find it) install net / nc instead
---------- Post added at 01:03 PM ---------- Previous post was at 01:03 PM ----------
scandiun said:
What drive? A partition?
Click to expand...
Click to collapse
all of storage I mean. the full monty ...
----------------------
parted seems to not work fully with Samsung galaxy Y = SGY proprietary rfs filesystem
on SGY mmcblk0 gives you the sd card, not internal storage with android.
backing up my sd card was a thing I could even do before I read this (lol)
mai77 said:
netcat is obsolete (mark to even find it) install net / nc instead
Click to expand...
Click to collapse
nc is an abbreviation for netcat. On Cygwin, you choose to install either, but for the original, written by the *Hobbit*, that allows direct execution of commands with -e and -t, you have to uncheck "Hide obsolete packages" on Cygwin's setup.exe.
The two of them are here:
Netcat 1.10 (netcat.traditional): http://www.netgull.com/cygwin/release-legacy/netcat/
Netcat 1.107 (netcat.openbsd): http://www.netgull.com/cygwin/release/nc/
mai77 said:
parted seems to not work fully with Samsung galaxy Y = SGY proprietary rfs filesystem
on SGY mmcblk0 gives you the sd card, not internal storage with android.
backing up my sd card was a thing I could even do before I read this (lol)
Click to expand...
Click to collapse
Can you post where is your whole memory block then or even the PIT file for that phone? You have an example here:
[Info] List of Samsung Galaxy S2 GT-I9100 devices and partitions
scandiun said:
Can you post where is your whole memory block then or even the PIT file for that phone? You have an example here:
[Info] List of Samsung Galaxy S2 GT-I9100 devices and partitions
Click to expand...
Click to collapse
I don't know where the "whole memory block" is or what it is. is it internal storage = NAND ?
here is the pit file:
mai77 said:
I don't know where the "whole memory block" is or what it is. is it internal storage = NAND ?
Click to expand...
Click to collapse
Yes it is the NAND. See your pit analysis here:
[INFO] Samsung Galaxy Y GT-S5360 PIT File Analysis
OK
scandiun said:
Yes it is the NAND. See your pit analysis here:
[INFO] Samsung Galaxy Y GT-S5360 PIT File Analysis
Click to expand...
Click to collapse
very interesting tool.
but how do I backup NAND in one piece on SGY ?
mmcblk0 = sd card
???blk0 = NAND
it must be somewhere ...
mai77 said:
but how do I backup NAND in one piece on SGY ?
mmcblk0 = sd card
???blk0 = NAND
it must be somewhere ...
Click to expand...
Click to collapse
Is almost sure that is under /dev/block. Please post the output of
Code:
ls -lR /dev/block
This guide has been made with and for the i9505, but will most likely also work on other Galaxy S4-models.
Please be extra careful on models other than i9505 as the 'mmcblkXpXX' partition numbers might differ on your device. How to check this is written in the procedure.
As I could not find a procedure in this forum yet, I have made one myself.
Of course all of the below is 'USE AT YOUR OWN RISK'.
Requirements before you start
Install KIES software (and included driver) and connected your S4 atleast once (to see if it works)
Have ADB-executable available. It can be found in the ADT Bundle from Google. There are also much smaller packages with ADB-only which will work. I might create one myself later on and attach it to this thread..
Device is rooted and has busybox-installed (default with motochopper root method). Applications with a similar name in Play Store will allow you to install busybox manually.
Enable developer mode, go to Settings - More - Device-info - Tap 7 times on 'Build number' to unlock 'Developer options' in the previous screen. Then go to 'Developer options' and thick 'USB debugging'
Connect USB cable to your computer and smartphone with 'USB debugging' enabled
Preparations for both backup methods
Now open a ADB-shell, in Windows this would be: 'cmd' in Start-menu (or CTRL+R).
Change the directory to the ADT directory: sdk\platform-tools. In my case:
Code:
cd C:\Android\sdk\platform-tools
Then start the shell using adb:
Code:
adb shell
If you get the error:
'error: device offline'
Then, check your device and allow USB debugging for the presented device. Now try again the command 'adb shell'
If all goes well, you will see the following:
[email protected]:/ $
Now switch to root-user:
Code:
su -
It is possible that the phone now asks you to permit or deny root access. Of course, please permit.
When the switch succeeds, the '$' changes to '#', but you can also verify it by the id-command:
Code:
[email protected]:/ # id
id
uid=0(root) gid=0(root) context=u:r:shell:s0
If it shows root, all is fine.
Then, check with the following command if /efs is available and mounted:
Code:
mount | grep efs
It should show something like:
Code:
mount | grep efs
/dev/block/platform/msm_sdcc.1/by-name/efs /efs ext4 rw,seclabel,nosuid,nodev,no
atime,discard,journal_checksum,journal_async_commit,noauto_da_alloc,errors=panic
,data=ordered 0 0
Backup method using TAR
NOTE: In case you left the ADB shell, please return to it using command 'adb shell' and switch to root again via 'su -' as described above.
Run the folowing command to backup the whole efs-partition (all the files available on the system):
Code:
tar -cvf /data/media/0/efs.tar /efs
Your output will look like this:
Code:
[email protected]:/ # tar -cvf /data/media/0/efs.tar /efs
tar -cvf /data/media/0/efs.tar /efs
tar: removing leading '/' from member names
efs/
efs/imei/
efs/imei/mps_code.dat
efs/wifi/
efs/wifi/.mac.info
efs/FactoryApp/
efs/FactoryApp/test_nv
efs/FactoryApp/hist_nv
efs/FactoryApp/fdata
efs/FactoryApp/serial_no
efs/FactoryApp/factorymode
efs/FactoryApp/keystr
efs/FactoryApp/hw_ver
efs/FactoryApp/baro_delta
efs/FactoryApp/prepay
efs/FactoryApp/earjack_count
efs/FactoryApp/batt_cable_count
efs/bluetooth/
efs/bluetooth/bt_addr
efs/gyro_cal_data
efs/00000000.authtokcont
efs/carrier/
efs/carrier/HiddenMenu
efs/drm/
efs/drm/widevine/
efs/drm/widevine/5dsokxEEDXgQhkN50bp-Z2K5InM_/
efs/drm/widevine/5dsokxEEDXgQhkN50bp-Z2K5InM_/D3qpp0bxmJhbiZwIsCbXJ1434rc_
efs/drm/widevine/5dsokxEEDXgQhkN50bp-Z2K5InM_/RXFABDUxyT6Q+Zwx9ZhPGOq2Bq8_
efs/drm/playready/
efs/drm/playready/00004.PRV
efs/drm/playready/playready0.dat
efs/drm/playready/playready1.dat
efs/drm/playready/playready.hds
efs/wv.keys
efs/log/
efs/log/boot_cause
efs/.files/
efs/.files/.dx1/
efs/.files/.dm33/
efs/.files/.mp301/
efs/ss_data
efs/h2k.dat
efs/hw_offset
This will add all files in /efs to the tar archive located on your internal memory as 'efs.tar'.
Now, the permissions of this tar are incorrect (for this location) so we have to correct them:
Change owner and group:
Code:
chown media_rw:media_rw /data/media/0/efs.tar
And the file permissions:
Code:
chmod 664 /data/media/0/efs.tar
Now, your tar-backup is ready and can be copied via MTP towards your computer or you can use adb to copy it over. First type 'exit' twice to exit the adb shell. CTRL+C is an alternative to leave the 'adb shell'.
Code:
adb pull /mnt/shell/emulated/0/efs.tar .
This will copy the efs.tar to your current directory, which is in my case C:\Android\sdk\platform-tools. You can also replace the last . with the directory where you would like to put the file in.
Backup method using 'dd'
NOTE: In case you left the ADB shell, please return to it using command 'adb shell' and switch to root again via 'su -' as described above.
From the output of the earlier executed command 'mount | grep efs', you can get the path of the EFS partition. It start with '/dev/block/..' is the part which you can use to find the original partition on your device.
As you can see, in my case this is, and I do not expect it to be any different on your device:
/dev/block/platform/msm_sdcc.1/by-name/efs
To check which 'mmcblk' partition it is, we should check out this link:
Code:
ls -al /dev/block/platform/msm_sdcc.1/by-name/efs
This will show you the mmcblk which is the EFS-partition:
Code:
ls -al /dev/block/platform/msm_sdcc.1/by-name/efs
lrwxrwxrwx root root 1970-01-05 23:39 efs -> /dev/block/mmcblk0p10
As you can see, the actual partition in my case is:
Code:
/dev/block/mmcblk0p10
I expect that this is the same for all i9505-devices, but it's better safe to check it. On i9500-devices this might be a different number as they have a different partition-layout, that's why we're checking this. It is very important to save this location, also for future restores.
Now, to backup the partition using dd, run the following command, please make sure that the part directly after 'if=' is the partition you found using the 'ls -l' command. In my case '/dev/block/mmcblk0p10':
Code:
dd if=/dev/block/mmcblk0p10 of=/data/media/0/efs.img
When it finishes, it will show you something like:
Code:
27904+0 records in
27904+0 records out
14286848 bytes transferred in 1.195 secs (11955521 bytes/sec)
This command reads the efs-partition, byte-by-byte to your internal memory, which you can transfer later on to your PC using ADB or MTP.
As the file created is owned by root:root and doesn't have the default permissions used for files at this location, it can be corrected with the following 2 commands:
Change owner and group:
Code:
chown media_rw:media_rw /data/media/0/efs.img
And the file permissions:
Code:
chmod 664 /data/media/0/efs.img
Now, your DD-backup is ready and can be copied via MTP towards your computer or you can use adb to copy it over. First type 'exit' twice to exit the adb shell. CTRL+C is an alternative to leave the 'adb shell'.
Code:
adb pull /mnt/shell/emulated/0/efs.img .
This will copy the efs.img to your current directory, which is in my case C:\Android\sdk\platform-tools. You can also replace the last . with the directory where you would like to put the file in.
To restore the files
Now to restore the files, in case there is really a need to, like imei-number ****up or something with the MAC-address of your wifi, or whatever.. the following commands can be used:
Of course, once again. USE AT YOUR OWN RISK!!!! Do not use this if not really necessary, as there are risks involved in doing this.
To restore the tar-backup, open 'adb shell' and switch to root using 'su -'. Now, first switch to the root directory, which is most likely not needed, but just to make sure the files will be extracted to the right location:
Code:
cd /
Before executing the next command, I assume that you have the efs.tar file in the root-directory of your internal SD-card.
Now, extract the tar file:
Code:
tar -xvf /data/media/0/efs.tar
This will extract the efs.tar file back to it's original location. It will show you something like:
Code:
[email protected]:/ # tar -xvf /data/media/0/efs.tar
tar -xvf /data/media/0/efs.tar
efs/
efs/imei/
efs/imei/mps_code.dat
efs/wifi/
efs/wifi/.mac.info
efs/FactoryApp/
efs/FactoryApp/test_nv
efs/FactoryApp/hist_nv
efs/FactoryApp/fdata
efs/FactoryApp/serial_no
efs/FactoryApp/factorymode
efs/FactoryApp/keystr
efs/FactoryApp/hw_ver
efs/FactoryApp/baro_delta
efs/FactoryApp/prepay
efs/FactoryApp/earjack_count
efs/FactoryApp/batt_cable_count
efs/bluetooth/
efs/bluetooth/bt_addr
efs/gyro_cal_data
efs/00000000.authtokcont
efs/carrier/
efs/carrier/HiddenMenu
efs/drm/
efs/drm/widevine/
efs/drm/widevine/5dsokxEEDXgQhkN50bp-Z2K5InM_/
efs/drm/widevine/5dsokxEEDXgQhkN50bp-Z2K5InM_/D3qpp0bxmJhbiZwIsCbXJ1434rc_
efs/drm/widevine/5dsokxEEDXgQhkN50bp-Z2K5InM_/RXFABDUxyT6Q+Zwx9ZhPGOq2Bq8_
efs/drm/playready/
efs/drm/playready/00004.PRV
efs/drm/playready/playready0.dat
efs/drm/playready/playready1.dat
efs/drm/playready/playready.hds
efs/wv.keys
efs/log/
efs/log/boot_cause
efs/.files/
efs/.files/.dx1/
efs/.files/.dm33/
efs/.files/.mp301/
efs/ss_data
efs/h2k.dat
efs/hw_offset
Then reboot your phone normally and see if it works again as you would expect.
If you restored the TAR-backup succesfully, you do not need to restore the dd-image. But in case your tar did not work or your /efs is not mounted due to corruption (in recovery) you can try the dd-recovery instead.
PLEASE BE AWARE THAT YOU SHOULD BE SURE ABOUT THE LOCATION OF THE EFS-PARTITION. THIS LOCATION WAS FOUND USING the 'ls -al /dev/block/platform/msm_sdcc.1/by-name/efs'-COMMAND EARLIER DESCRIBED. If you do not know this location, there's a risk you are overwriting other partitions (MODEM, SYSTEM, RECOVERY, ETC).
If you are sure about the original location, /dev/block/mmcblk......, then use this path just straight after 'of='. On my device the partition is /dev/block/mmcblk0p10.
Code:
dd if=/data/media/0/efs.img of=/dev/block/mmcblk0p10
Output will be similar to:
Code:
27904+0 records in
27904+0 records out
14286848 bytes transferred in 1.195 secs (11955521 bytes/sec)
This will read the efs.img and put it back in the original location.
NOTE 1: This thread gives you two options of backupping the EFS-partition. It is preferred to do both, better safe than sorry.
NOTE 2: Luckily, I have never had to restore any of the backups myself (not on this phone and not on earlier phones). This means that I was never able to test the restores, which counts for the most of us.
NOTE 3: DO NOT RESTORE unless you are really sure this will solve your issue. This will never resolve any lag or other problems with your rom.
NOTE 4: It is normal that the DD-file is much larger (10MB in size) as it also copies unused space and other meta-data of the partition.
NOTE 5: USE AT YOUR OWN RISK! Although the backup part is nearly riskless.
Note X: Feel free to thank me for this post.
Reservation for second post, just in case.
Isn't rooting and using rootexplorer to zip de efs folder to external SD card and just copying that with a microSD cabel way easier?
johan81 said:
Isn't rooting and using rootexplorer to zip de efs folder to external SD card and just copying that with a microSD cabel way easier?
Click to expand...
Click to collapse
Yes, zipping is easier but you will lose your permissions (owner and file permissions (changed via chown/chmod)) so it is actually not a good backup. The permissions/ownerships are backupped with the tar- and dd-backup.
The dd-file includes more than just the file; it also contains the partition meta-data, in case your filesystem got corrupted and it is not possible to recovery it.
Good job man.
EFS Professional v2.0.35 is now support S4. You can also use this:
http://forum.xda-developers.com/showthread.php?t=1308546
shaq1907 said:
EFS Professional v2.0.35 is now support S4. You can also use this:
http://forum.xda-developers.com/showthread.php?t=1308546
Click to expand...
Click to collapse
dont seem to work crashes out while backing up
working now with new update
anybody knows how to adb read the the entire partition table of the galaxy s4?
Hello everybody,
I'm new user on this forum please forgive me for my english as I am Belgian.
I try to make a backup of my Huawei G6-L11 with Android SDK.
I am on Xbuntu 14.04 (I am not a specialist but I use it for some months). I have installed the packages android-tools-adb and android-tools-fastboot and also android sdk.
My phone is connected to the PC via usb and the debug mode is active.
I followed the next steps in a terminal
[email protected]:~$ adb devices
List of devices attached
68a0f6753968 device
[email protected]:~$ adb backup -apk -shared -all -f backup.ab
Now unlock your device and confirm the backup operation.
[email protected]:~$
Click to expand...
Click to collapse
The problem is that I unlock the phone but the backup does not begin. Why? What can I do to begin it?
I really need to do this operation as I can not make any upgrade, any changes on my phone as the memory is full
Thanks a lot for your help
Use ADB, need root
Sent from my HUAWEI G6-L11 using XDA-Developers mobile app
persona78 said:
Use ADB, need root
Sent from my HUAWEI G6-L11 using XDA-Developers mobile app
Click to expand...
Click to collapse
Hello,
Thanks for your reply
I have tried with root and it does not function
I followed the steps I saw here https://memo-linux.com/android-utiliser-adb-pour-faire-une-sauvegarde-complete-de-son-smartphone-ou-tablette-sur-pc-sous-gnulinux/
And I can do the first steps, the problem is that the phone is not locked as it should be and the backup does not begin
Other solution?
Thanks a lot
Hello,
I become completely crazy with my problem :silly: I can't do it
I tried a lot of manipulations in order to do the backup and I found something interesting. In a file I had to create in /etc/udev.rules.d/ with the name 51-android.rules, I saw that the product ID seems change every time it is connected/disconnected of the PC. It was 1054, 1037 and also 1051. I suppose it make some trouble... Is it possible to blok it, ?
HTML:
ATTR{idVendor}=="12d1", ATTR{idProduct}=="1051", MODE=”0666"
Thanks a lot.
Hi!
With the phone ON, with root, plug USB, choose MTP, tuurn ON debug mode, it will pop up a window in phone requesting permissions to connect YOU MUST GIVE IT, need 2GB free in your sd card, use ADB and type this:
adb shell "su -c 'dd if=/dev/block/mmcblk0p4 of=/storage/sdcard1/rpm.img bs=4096; dd if=/dev/block/mmcblk0p5 of=/storage/sdcard1/tz.img bs=4096; dd if=/dev/block/mmcblk0p1 of=/storage/sdcard1/sbl1.img bs=4096; dd if=/dev/block/mmcblk0p11 of=/storage/sdcard1/modem.img bs=4096; dd if=/dev/block/mmcblk0p9 of=/storage/sdcard1/modemst1.img bs=4096; dd if=/dev/block/mmcblk0p10 of=/storage/sdcard1/modemst2.img bs=4096; dd if=/dev/block/mmcblk0p2 of=/storage/sdcard1/sdi.img bs=4096; dd if=/dev/block/mmcblk0p6 of=/storage/sdcard1/aboot.img bs=4096; dd if=/dev/block/mmcblk0p19 of=/storage/sdcard1/recovery.img bs=4096; dd if=/dev/block/mmcblk0p23 of=/storage/sdcard1/system.img bs=4096; dd if=/dev/block/mmcblk0p18 of=/storage/sdcard1/boot.img bs=4096; dd if=/dev/block/mmcblk0p24 of=/storage/sdcard1/userdata.img bs=4096; dd if=/dev/block/mmcblk0p21 of=/storage/sdcard1/cache.img bs=4096; dd if=/dev/block/mmcblk0p20 of=/storage/sdcard1/cust.img bs=4096; dd if=/dev/block/mmcblk0p12 of=/storage/sdcard1/fsg.img bs=4096'"
Now you have your ROM images in sd card. You will need a flash zip to flash it if you need it.
You can use this one, only need to paste the images inside.
RomBackup.zip
https://mega.nz/#!n5plABBT
Key:
!L5EVKRl6AnTyr24IrhwPacxU_DbO7t2moVVzw9gOOT4
Use TWRP to flash it: http://forum.xda-developers.com/ascend-g6/general/twrp-3-0-0-0-g6-lte-devices-t3378495
Hi Persona78,
Thanks a lot for your quick answer
As I understand what you explain in your answer, you proposed me to flash the ROM of the phone but that is not my aim. I only want to make a backup for after try to increase the internal memory. I do not want to root the phone so I found on Internet the ADB program.
I plug the phone which is ON, I plug it with the USB cable, choose MTP transfer protocol, turn it on debug mode and agree with the pop up on the phone. Everything is good until the time when a message should appear to UNLOCK the phone in order to backup. This message does not appear as the phone is already unlocked and as it get blocked, no message appears. Whatever, the backup does not begin!
Thanks a lot.
filipinne13 said:
Hi Persona78,
Thanks a lot for your quick answer
As I understand what you explain in your answer, you proposed me to flash the ROM of the phone but that is not my aim. I only want to make a backup for after try to increase the internal memory. I do not want to root the phone so I found on Internet the ADB program.
I plug the phone which is ON, I plug it with the USB cable, choose MTP transfer protocol, turn it on debug mode and agree with the pop up on the phone. Everything is good until the time when a message should appear to UNLOCK the phone in order to backup. This message does not appear as the phone is already unlocked and as it get blocked, no message appears. Whatever, the backup does not begin!
Thanks a lot.
Click to expand...
Click to collapse
Hmmm, all apps I know to do backup use root.
You can use CWM or TWRP to backup, but they don't backup cust, and I don't know if recover to images default size.
The only way I know is fashing default ROM.
---------- Post added at 09:54 AM ---------- Previous post was at 09:50 AM ----------
persona78 said:
Hmmm, all apps I know to do backup use root.
You can use CWM or TWRP to backup, but they don't backup cust, and I don't know if riecover to images default size.
The only way I know is fashing default ROM.
Click to expand...
Click to collapse
I have a L11 rom, modify by me, resided and if you create in sd card a primary ext4 partition it wil send the apps to sd card automatically.
Hello Persona78,
Hmmm, all apps I know to do backup use root.
You can use CWM or TWRP to backup, but they don't backup cust, and I don't know if recover to images default size.
The only way I know is fashing default ROM.
Click to expand...
Click to collapse
Finally, I made a manual backup by drag and drop and also with Mybackup which do not use root.
I have a L11 rom, modify by me, resided and if you create in sd card a primary ext4 partition it wil send the apps to sd card automatically.
Click to expand...
Click to collapse
I made a reset of the phone with the manufacturer's parameters but I would like to use one other rom as they do not have any update for this model but it seems to be complicated to do it. I do not know how to backup the manufacturer's rom as I met a problem after. I think I would not be possible for me to root, unlock, extend the sd card with Gparted (as I work under UBUNTU 14.04 LTS), and make the update with the new rom, as I am not so talented with computer science.
Thanks a lot.
I tried and finally I have used Gparted in order to split the sd card. I have now 4 partitions
- swap partition (29 mb),
- fat32 partition (6.35 Gb)
- ext4 partition (23.34Gb)
try one of my versions
You can try one of my versions.
Read first to know what you get if you flash it!
https://www.facebook.com/Huawei.Ascend.G6.L11.Kit.kat.B370/?ref=bookmarks
Greetings all.
Several weeks ago, I made this post seeking help with a self-created problem. I am happy to announce that the problem has been resolved with the immense help of sephstyler. He is literally my phone's messiah.
The afore-mentioned XDA member has a device identical to mine. I borrowed his and mirrored most of the data on his device by copying several partitions off his phone on to mine. I followed this guide about changing CID/MID.
I got a hold of a notepad document (you'll find it here) that lists partition information of the U11+. I wasn't sure which of my partitions were corrupt but I was certain the one containing the OS and IMEI information were messed up. My IMEI was blank. The OS version reported in fastboot was 9.99999 or something like that.
So I set out to copy these partitions and their corresponding img files in no particular order - boot, hosd, radio, modemst1, modemst2, cache, system, vendor, persist, and sdf1 (which carries CID info).
Please note that this method fixes the issue where your device is stuck on the bootloader screen with the message, "this phone has been flashed with unauthorised software and is locked....." And you will need a second device that is identical to yours (and functional too) for this process to work. I don't know if they both have to come from the same region (i.e have the same CID and MID). I guess there is no harm in trying. You couldn't possibly do more harm to your device by doing this. Or maybe you could. Either way, I will not be held responsible for any undesirable outcomes.
Steps taken:
- I installed HTC drivers on my computer, running Windows 10 64-bit. And 15-second ADB Installer. Get them both from here and here. I uninstalled HTC Sync Manager after the installation was done as I only needed the drivers.
- I flashed TWRP on the borrowed device so I could have access to adb from recovery.
- I then opened up a command prompt window on my computer, typed adb devices just to be sure that drivers were installed correctly.
The next few steps can be achieved right from within TWRP using the Terminal function. But I chose to use my computer as it'd be much quicker and I am less likely to make typos on a full-sized keyboard.
In a command prompt window, type adb shell. Hit enter.
To copy the system image, type dd if=/dev/block/sda5 of=/sdcard/system.img
For cache, type dd if=/dev/block/sdd21 of=/sdcard/cache.img
For boot, type dd if=/dev/block/sda3 of=/sdcard/boot.img
For radio, type dd if=/dev/block/sdd13 of=/sdcard/radio.img
For modemst1, type dd if=/dev/block/sde2 of=/sdcard/modemst1.img
For modemst2, type dd if=/dev/block/sde3 of=/sdcard/modemst2.img
For persist, type dd if=/dev/block/sde5 of=/sdcard/persist.img
For vendor, type dd if=/dev/block/sda6 of=/sdcard/vendor.img
For sdf1 (board_info), type dd if=/dev/block/sdf1 of=/sdcard/sdf1.img
For hosd, type dd if=/dev/block/sdd12 of=/sdcard/hosd.img
These img files would be saved to your internal storage. I then copied all files to the root folder of my faulty device's storage using Windows Explorer. System.img however refused to transfer. I got creative and used a microSD to make the transfer possible.
Now that these files were sitting comfortably on my phone, I booted to TWRP, connected it to my PC, then entered the following commands in Command Prompt via adb shell.
To copy these images to the appropriate partitions on your phone:
For board_info, type dd if=/sdcard/sdf1.img of=/dev/block/sdf1
For system, type dd if=/sdcard/system.img of=/dev/block/sda5
For cache, type dd if=/sdcard/cache.img of=/dev/block/sdd21
For boot, type dd if=/sdcard/boot.img of=/dev/block/sda3
For radio, type dd if=/sdcard/radio.img of=/dev/block/sdd13
For modemst1, type dd if=/sdcard/modemst1.img of=/dev/block/sde2
For modemst2, type dd if=/sdcard/modemst2.img of=/dev/block/sde3
For persist, type dd if=/sdcard/persist.img of=/dev/block/sde5
For vendor, type dd if=/sdcard/vendor.img of=/dev/block/sda6
For hosd, type dd if=/sdcard/hosd.img of=/dev/block/sdd12
Upon completion, press Ctrl+C or type exit to quit adb shell. Then type adb reboot to reboot your device.
If the above commands were entered correctly (and if the adb gods smile upon you), your device should be restored.
Now I know that copying all images fixed the issue. My guess is the system, boot, and radio images were the crucial ones. I am not entirely sure. But I was desperate for a positive result so I copied the ones that I deemed important.
I hope this helps someone. Cheers.
P.S: My apologies for the formatting. I am still fairly new to this. Also, I just realised I could upload these images for anyone who doesn't have access to a second device. I shall update the post with download links after the upload's completed. Sorry about the brain fart.
[EDIT] Images are up. You can find them here. These files are for the Taiwan-based HTC U11+ (CID - HTC_621)
Nice tutorial.
Hi, I'm having a similar problem with my U11+.... followed ur download link but a decryption key is needed. whats the decryption key?
ChuDust said:
Hi, I'm having a similar problem with my U11+.... followed ur download link but a decryption key is needed. whats the decryption key?
Click to expand...
Click to collapse
Here's the key. I had no idea the files were encrypted to begin with. Sorry about that.
-b087zdU9re0k3e3HHah1w
P.S: Since you're downloading the image files from the link provided, you don't have to go through the first half of the process - copying data from a working phone to an external location.
Best of luck.
Hello. I have an identical situation. My original CID is 622. I changed the CID to 001, but after RUU firmware I could not boot into the system. Now after flash RUU, the phone will reboot into the bootloader. Can anyone help me?
Do you have to be rooted or with unlocked bootloader to be able to backup the phone partitions using this method ?
Or does it just work on completely stock from an db connection to PC ?
Thank you.
The bootloader needs to be unlocked at the very least so you can gain access to the required partitions. Root isn't necessary.
Hope this helps.
Hello, I followed your instructions and made backups of my partitions from HTC U11+ dual-sim european version 401.12.
With unlocked bootloader and rooted with magisk by patched boot image.
Ran adb shell and su while phone was running normally in Android OS and connected to PC.
I'm curious about the sizes of the images created because they don't match with the sizes from partitions.txt.
For example "4210688 sda5 - system" is actually 4,311,744,512 bytes,
"65536 sda3 - boot" is actually 67,108,864 bytes in created image, but the actual boot.img from the OTA file is 38,163,762 bytes.
If these sizes are different can I actually trust the created images ? and use them in need.
Can these created images be flashed by fastboot, for example for system.img: "fastboot flash -S 1G system system.img" ?
Thanks.
andreipaval said:
I'm curious about the sizes of the images created because they don't match with the sizes from partitions.txt.
For example "4210688 sda5 - system" is actually 4,311,744,512 bytes,
"65536 sda3 - boot" is actually 67,108,864 bytes in created image, but the actual boot.img from the OTA file is 38,163,762 bytes.
Thanks.
Click to expand...
Click to collapse
If you divide the 4,311,744,512 bytes by the 1024, you get what you need - 4210688 - this is in Kb.
And so same for boot - 67,108,864 bytes / 1024 = 65536 Kb.
andreipaval said:
Hello, I followed your instructions and made backups of my partitions from HTC U11+ dual-sim european version 401.12.
With unlocked bootloader and rooted with magisk by patched boot image.
Ran adb shell and su while phone was running normally in Android OS and connected to PC.
I'm curious about the sizes of the images created because they don't match with the sizes from partitions.txt.
For example "4210688 sda5 - system" is actually 4,311,744,512 bytes,
"65536 sda3 - boot" is actually 67,108,864 bytes in created image, but the actual boot.img from the OTA file is 38,163,762 bytes.
If these sizes are different can I actually trust the created images ? and use them in need.
Can these created images be flashed by fastboot, for example for system.img: "fastboot flash -S 1G system system.img" ?
Thanks.
Click to expand...
Click to collapse
Hi. I hope your first question was answered. Regarding your second concern, I'm afraid I don't have an answer to that. At the time, flashing any image files onto my device didn't fix the issue even though each flash completed successfully. Copying them manually sure did.
Hope this helps.
Do you have the twrp backup of the stock rom?
andreipaval said:
Hello, I followed your instructions and made backups of my partitions from HTC U11+ dual-sim european version 401.12.
With unlocked bootloader and rooted with magisk by patched boot image.
Ran adb shell and su while phone was running normally in Android OS and connected to PC.
I'm curious about the sizes of the images created because they don't match with the sizes from partitions.txt.
For example "4210688 sda5 - system" is actually 4,311,744,512 bytes,
"65536 sda3 - boot" is actually 67,108,864 bytes in created image, but the actual boot.img from the OTA file is 38,163,762 bytes.
If these sizes are different can I actually trust the created images ? and use them in need.
Can these created images be flashed by fastboot, for example for system.img: "fastboot flash -S 1G system system.img" ?
Thanks.
Click to expand...
Click to collapse
Hello,
do you have the twrp backup of stock rom?
I did not make backups with twrp.