Database Info

[Q] Deployment of image to multiple devices

Hi gurus! I have done some searching based on this, but I seem to come across many different answers based on devices, ROMs etc. So I thought I would just ask. Apologies if there is an easy guide I have missed!
I need to configure a number of Android sticks with customized settings and software then deploy them in kiosk environments. Rather than configure each one separately, I'm hoping to be able to deploy an image nice and quickly to them.
The sticks are RK30 based. The webpage is here: http://multitouch.com/istick-a200-fastest-mini-computer.html and the specs are here: http://multitouch.com/download/datasheet/istick-a200-datasheet.pdf.
They are pre-rooted and you can download a "Factory Restore Pack" which includes the ADB driver, RKBatch Tool and a single factory image. It seems pretty easy to use the tool to push the image to the device and reset it.
I'm hoping to be able to configure a single device and then backup or export the image to an img file (like the factory default one) then just push this to the other devices using the same method. Is this possible and if so, how would I create the img file?
I've read and tried to understand about img files, but it seems there are boot.img files, system.img files and a whole bunch of others. I'm guessing this is a system.img file, but if I stuff around with no direction, I'll probably just brick a bunch of devices.
I also guess I could install clockwork mod and then backup to an SD, then install cm on each new device and restore the backup, but I'm hoping to do this without even needing cm by just using the RKBatch tool.
I really appreciate any help anyone can provide. Thanks in advance!

OK - update (maybe)
Can I use this tool: http://vondroid.com/threads/updated-27-08-2012-how-to-dump-current-rom.322/? I'm guessing that the file I then want to get is the system partition? Is this the one that RKBatchTool will push back to the device?
Soooo many ways to brick!!!

[Q] Can you please explain what is the ROM?

Hey, I have really basic information about computers and OSs so I really need some explanations for the case of android smartphone (qualcomm mainly). So let me tell you first what I know (I hope that this is true): For a computer they use EEPROM and it's a type of ROM which is erasable. The bios is stored there and it's the first thing loaded when starting the computer. (It's is easily updatable as I have already updated my bios). For the case of android smartphones I think that they use NVRAM, but I don't know what is NVRAM physically? is it a build-in memory separated from storage devices like on computers?! or is just a partition of internal storage? (internal storage I mean /dev/block/mmcblk0). I found that NVRAM can only be erased using JTAG on some websites but I found that device cloning is done copying mmcblk0 from one phone to another, so that means that NVRAM is located in mmcblk0. And if NVRAM is just a part of mmcblk0 so why is it a read only memory? we can easily write to other partitions, so why not NVRAM?! I'm really confused...
Please share your knowledge, I really need years of studying electronics and computer science to know all this by myself... Thank you all!!

AmineBY said:
Hey, I have really basic information about computers and OSs so I really need some explanations for the case of android smartphone (qualcomm mainly). So let me tell you first what I know (I hope that this is true): For a computer they use EEPROM and it's a type of ROM which is erasable. The bios is stored there and it's the first thing loaded when starting the computer. (It's is easily updatable as I have already updated my bios). For the case of android smartphones I think that they use NVRAM, but I don't know what is NVRAM physically? is it a build-in memory separated from storage devices like on computers?! or is just a partition of internal storage? (internal storage I mean /dev/block/mmcblk0). I found that NVRAM can only be erased using JTAG on some websites but I found that device cloning is done copying mmcblk0 from one phone to another, so that means that NVRAM is located in mmcblk0. And if NVRAM is just a part of mmcblk0 so why is it a read only memory? we can easily write to other partitions, so why not NVRAM?! I'm really confused...
Please share your knowledge, I really need years of studying electronics and computer science to know all this by myself... Thank you all!!
Click to expand...
Click to collapse
Well, I didn't understand a damn thing you just just said, but I can tell you this:
ROM, in the Android world, means the OS or firmware the device runs on. Like Windows or Linux. You can have the stock ROM, which is what the device ships with. Or, if the device allows it, you can install a custom ROM, such as Cyanogenmod.
"ROM" can mean other things in different contexts. You can find these out for yourself by using this thing called "google". But in the Android world, it simply means the operating system.

Planterz said:
Well, I didn't understand a damn thing you just just said, but I can tell you this:
ROM, in the Android world, means the OS or firmware the device runs on. Like Windows or Linux. You can have the stock ROM, which is what the device ships with. Or, if the device allows it, you can install a custom ROM, such as Cyanogenmod.
"ROM" can mean other things in different contexts. You can find these out for yourself by using this thing called "google". But in the Android world, it simply means the operating system.
Click to expand...
Click to collapse
Thanks for the quick reply! but I'm not talking about ROM files. I'm asking about this http://en.wikipedia.org/wiki/Read-only_memory
Of course I already tried googling it but it's just general information, I'm searching for information about android hardware (qualcomm mainly).

Any idea about android devices ROM (Read Only Memory) please?!

I'm not sure about low-level stuff (like the actual bootloader, which probably is isolated on different ROM chips on various devices), but most of what we normally consider the "ROM" -- i.e. the Android system software discussed above -- and even a sort of miniature OS for performing updates called the recovery -- is stored on a flash memory chip (sometimes eMMC) within the phone. Definitely not NVRAM/EEPROM, though the bootloader could be on one of those.

maclynb said:
I'm not sure about low-level stuff (like the actual bootloader, which probably is isolated on different ROM chips on various devices), but most of what we normally consider the "ROM" -- i.e. the Android system software discussed above -- and even a sort of miniature OS for performing updates called the recovery -- is stored on a flash memory chip (sometimes eMMC) within the phone. Definitely not NVRAM/EEPROM, though the bootloader could be on one of those.
Click to expand...
Click to collapse
Thanks! I think some information should be on NVRAM, if not why do people use JTAG to unlock devices?! Flash memory can be edited easily using usb cable only...

AmineBY said:
Thanks! I think some information should be on NVRAM, if not why do people use JTAG to unlock devices?! Flash memory can be edited easily using usb cable only...
Click to expand...
Click to collapse
I don't think it's possible to edit flash memory with USB cables alone on most devices; that's actually rather tough and requires a phone that's had its bootloader unlocked (even then, official bootloader unlocks -- like HTC's -- don't always let you write over certain bits of it). Not quite sure about the JTAG stuff -- that reaches the limits of my knowledge.

[HELP] forensic file recovery from f2fs filesystem

The background: thought I had everything backed up but didn't realize there was something I missed. A quick wipe of all partitions on the phone has removed the data partition's file index. Then I realized I was missing data from my backup.
The problem: file recovery tools I've come across thus far don't seem to want to look for this particular type of file... simple XML. I'm also trying to limit use of the phone itself because installing of new apps to try and recover the data may overwrite sectors that are needed for the recovery. I'm already feeling sort of lucky that this is a 32GB internal memory device and my estimate of the file size is going to be <200MB. In that respect odds of data already having been overwritten in the minimal use I've had since should be slim, and if it has occurred it is probably something I can fake my way around.
Steps taken so far: from TWRP recovery's terminal I performed a dd of /dev/block/mmcblk0p38 (data partition on my Moto XT926M) to a file on an external card. This has enabled me to more easily work with the data from my Ubuntu desktop and also to not have to worry about further changes of the data from phone usage. I've already located via grep and parsed out via dd two XML files that I lost but those were easy as they were each under 100KB. I've located the start of the last XML file I want to recover but after about 1.5MB the trail goes cold. Either the data was contiguous and has already been overwritten at that point or the original file was being written, encountered a next block that was already occupied and continued writing elsewhere. I'm hoping for the latter.
SO...
With this image of the data partition and the knowledge of "this is where the file starts" does anyone have thoughts on how I can continue to work to find the missing pieces of this file? Assuming that from the staring point I've found that the original write just had to skip and continue writing at a different block, in f2fs is there a way to see that from the vicinity of the data I've located? I seem to think when looking at low-level data for some disk format method that the last handful of bytes (or maybe in some sort of header bytes?) of one file segment would indicate what block/sector/offset the next file segment would start but I don't know if that is the case here. Better yet any Linux based utilities that can take an f2fs partition dump and do advanced forensic recovery? I'm able to instruct it that the file starts at byte X of the image. I could try an Android app based solution but 1) that partition will continue to evolve and risk further destruction of desired data and 2) apps I've examined so far are great for finding pictures and videos, not so much at anything else.
My alternative is going to be to continue grepping through the image searching for known XML tags and manually trying to piece things together. At that point the 32GB MMC size changes from a blessing to a curse. Needle, meet haystack.

Oops, in hindsight I probably should have had this under "Android General" instead of this sub forum. Mods, I leave it to your discretion regarding movement but you can't argue that this is highly technical.

Any Luck
Pow_2k said:
Oops, in hindsight I probably should have had this under "Android General" instead of this sub forum. Mods, I leave it to your discretion regarding movement but you can't argue that this is highly technical.
Click to expand...
Click to collapse
Hi mate .. have you been able to recover files .. i am in a same situation ( forgot to back up my pictures and formatted internal sd to F2FS ..
please let me know
Thanks

I would recommend the link here.
At the end you will find all the interesting tools as link.
https://articles.forensicfocus.com/...bile-devices-running-android-operating-system
Best regards!
Sent from my HTC One_M8 using XDA-Developers mobile app

just some more useless link
https://www.magnetforensics.com/resources/recovering-evidence-from-f2fs-file-systems-with-ief
has anyone ever undeleted single file?

Backing up and Restoring - Stock ROM

is there a non intrusive (as in rooting not required) method
for "backing up" and "restoring" a Samsung S6 (SM-G920I) stock ROM.
thank you in advance.
note: not interested in any custom rom nor any tinkering. this is strictly for recovery option should the operating system ever get corrupt or get mal-ware.

UaVaj said:
is there a non intrusive (as in rooting not required) method
for "backing up" and "restoring" a Samsung S6 (SM-G920I) stock ROM.
thank you in advance.
note: not interested in any custom rom nor any tinkering. this is strictly for recovery option should the operating system ever get corrupt or get mal-ware.
Click to expand...
Click to collapse
Smart switch can backup every thing u need with out a custom recovey theres no way to make a complete img backup

given the lack of response here and limited results via any search engine/forum.
perhaps there is no such method available.
given that said. all these "stock" rom floating around available for download.
these must be all rooted stock rom then.
if not. how did the owners of these stock rom rips the original rom off the device?
for further clarification. simply looking to back up the original operating system and could care less about the latter data/updates.

UaVaj said:
given the lack of response here and limited results via any search engine/forum.
perhaps there is no such method available.
given that said. all these "stock" rom floating around available for download.
these must be all rooted stock rom then.
if not. how did the owners of these stock rom rips the original rom off the device?
for further clarification. simply looking to back up the original operating system and could care less about the latter data/updates.
Click to expand...
Click to collapse
As said before, Smart Switch is the tool to use. In case of emergency you factory reset your phone and use this tool to recover broken system files and restore your data.
Stock roms are compiled with the official firmwares you get from sammobile.

The following method has been used from the begging of the android i think.
http://www.techrepublic.com/article/how-to-create-a-full-backup-of-your-android-device-without-root/
(If external links are not allowed ,inform me and i will remove immediately! )
Please note that i have not personally tested the ADB backup method,but i dont see any reason to not work with user apps and data.
Dont know about system files on the other hand.
Also you dont need to install the whole Android SDK, just the adb files and drivers (google them).

nighthawk696969 said:
The following method has been used from the begging of the android i think.
http://www.techrepublic.com/article/how-to-create-a-full-backup-of-your-android-device-without-root/
(If external links are not allowed ,inform me and i will remove immediately! )
Please note that i have not personally tested the ADB backup method,but i dont see any reason to not work with user apps and data.
Dont know about system files on the other hand.
Also you dont need to install the whole Android SDK, just the adb files and drivers (google them).
Click to expand...
Click to collapse
This method works for the APKs off the installed Userapps but not for data. And it's definitely not working for system files because you would need root for that.
It's a good question how to backup data of userapps without root. But nowadays most apps sync their data to the cloud.

thank you all for trying to help. greatly appreciated.
however this is not getting anywhere.
one last time. "this is strictly for backing up and restoring the operating system (android 5.1.1) incase of corruption or malware." not the user application. not the user data. not user settings.
for restore - looks like odin can handle the restore. just have to root the device first. and then it will be back to factory stock.
for backup - want the current stock rom on the s6 in my hand and keep it 100.0% original. is seems to be a dead end.
why? have a "stock" note3 that got malware so bad. malware has embedded itself into the root. even a master reset does not get rid of the malware. just bought a S6. does not want history to repeat itself. hence looking for a non invasive backup/restore method.

How to acquire an Android physical disk image?

Hi there,
As the title suggests, I would like to acquire a physical disk image of my Samsung Galaxy A01 which I will be using Autopsy to analyze. My research has lead me to believe that in order to do so one must first root the device. So my questions are:
1. If I root the device will all the data I am attempting to analyze be deleted/erased in the process?
2. Does anyone know of a good guide for Android disk image acquisition?
I have been following the DFIRScience channel on youtube but in his video on disk image acquisition he uses KingoRoot which according to this rooting guide (last section at bottom of article) by XDA is bad practice.
This rooting guide from guidetoroot.com mentions that during the rooting process all the data will be erased, and this is where my confusion has come from. If that is true it would seem counter productive to the purpose of acquiring a disk image. My operating system is Win 8.1 Pro by the way.
I would very much appreciate it if someone could help me out with this.

Dune_Rat said:
Hi there,
As the title suggests, I would like to acquire a physical disk image of my Samsung Galaxy A01 which I will be using Autopsy to analyze. My research has lead me to believe that in order to do so one must first root the device. So my questions are:
1. If I root the device will all the data I am attempting to analyze be deleted/erased in the process?
2. Does anyone know of a good guide for Android disk image acquisition?
I have been following the DFIRScience channel on youtube but in his video on disk image acquisition he uses KingoRoot which according to this rooting guide (last section at bottom of article) by XDA is bad practice.
This rooting guide from guidetoroot.com mentions that during the rooting process all the data will be erased, and this is where my confusion has come from. If that is true it would seem counter productive to the purpose of acquiring a disk image. My operating system is Win 8.1 Pro by the way.
I would very much appreciate it if someone could help me out with this.
Click to expand...
Click to collapse
The guides that discuss the device being wiped during the root process only applies to devices that have locked bootloader. These devices have to unlock the bootloader before they can modify the device, the device gets wiped by default as part of the process of unlocking the bootloader.

Droidriven said:
The guides that discuss the device being wiped during the root process only applies to devices that have locked bootloader. These devices have to unlock the bootloader before they can modify the device, the device gets wiped by default as part of the process of unlocking the bootloader.
Click to expand...
Click to collapse
Ah I see, thanks very much, Droidriven. Do you perhaps know of any good recent guides for android disk image acquisition?

Dune_Rat said:
Ah I see, thanks very much, Droidriven. Do you perhaps know of any good recent guides for android disk image acquisition?
Click to expand...
Click to collapse
The term "disk image" does not apply to android. What do you mean by "disk image"?
If you are asking if there is a way to backup the operating system on your device and all other data on your device before you attempt to root your device, there is no way to do that without either root or TWRP custom recovery. You don't need both, but, you do need at least one of them. There are ways to backup user data using adb without root but you can't backup the operating system or anything else in the system partition.
Without root, you, as the user, can only backup user installed apps and their corresponding app data/settings, user data stored in internal storage and device settings.
If the operating system gets corrupted during your rooting attempt, you will have to flash your device's stock firmware via Odin then restore any data that you backed up.

Droidriven said:
The term "disk image" does not apply to android. What do you mean by "disk image"?
If you are asking if there is a way to backup the operating system on your device and all other data on your device before you attempt to root your device, there is no way to do that without either root or TWRP custom recovery. You don't need both, but, you do need at least one of them. There are ways to backup user data using adb without root but you can't backup the operating system or anything else in the system partition.
Without root, you, as the user, can only backup user installed apps and their corresponding app data/settings, user data stored in internal storage and device settings.
If the operating system gets corrupted during your rooting attempt, you will have to flash your device's stock firmware via Odin then restore any data that you backed up.
Click to expand...
Click to collapse
Thanks for the info. By "disk image" I was referring to the "cloning" of the device once rooted. I would like to test out some digital forensic software like Autopsy with a real world device like my A01 by acquiring/making a physical disk image of it.
That's the term they use in digital forensics...there's physical and then there's logical disk images. Logical disk images are used more for surface analysis and has limitations on what can be done with it and does not appear to need rooting. Physical disk images on the other hand provide full unrestricted access to all files. Well, that's my understanding of it, anyway.
I would like to try using FTK Imager for this purpose (acquiring a disk image) but it's not detecting the device so I'm also hoping that will be sorted out once the phone has been rooted.

Dune_Rat said:
Thanks for the info. By "disk image" I was referring to the "cloning" of the device once rooted. I would like to test out some digital forensic software like Autopsy with a real world device like my A01 by acquiring/making a physical disk image of it.
That's the term they use in digital forensics...there's physical and then there's logical disk images. Logical disk images are used more for surface analysis and has limitations on what can be done with it and does not appear to need rooting. Physical disk images on the other hand provide full unrestricted access to all files. Well, that's my understanding of it, anyway.
I would like to try using FTK Imager for this purpose (acquiring a disk image) but it's not detecting the device so I'm also hoping that will be sorted out once the phone has been rooted.
Click to expand...
Click to collapse
You're looking for what we call a "nandroid backup", a copy of all data that is stored on the device. Typically, creating a nandroid backup requires either rooting the device then using adb commands to pull a nandroid backup or it requires installing a custom recovery such as TWRP that has an option to create a nandroid backup from within recovery mode.
Your device probably doesn't have a custom recovery/TWRP. Custom recoveries are built specific to the model number that they are to be installed on, there is no such thing as a universal custom recovery that can be used on all android devices. If no developer has chosen to build a version of TWRP for your specific model number then your device can't use TWRP unless you manage to build it for yourself.
These days, most Samsung devices cannot be rooted because they have bootloaders that cannot be unlocked. The only hope of rooting a Samsung device that has a locked bootloader that cannot be unlocked is to find an android app or PC program that has an exploit that your device is vulnerable to. But, these kinds of apps and programs have not been able to root devices since somewhere around the time that android Lollipop or Marshmallow was released, they are no longer able to root today's devices.
You may have to choose another device to experiment with. Preferably one that already has a custom recovery available for that specific model number or has known working root method for that specific model number.
What is your A01's specific model number? That is what will determine wgat is or isn't available for your device and what you can and can't do with it.

Thanks so much for the thorough responses, Droidriven. This has cleared everything up for me. The specific model number of my phone is SM-A015F/DS.

Dune_Rat said:
Thanks so much for the thorough responses, Droidriven. This has cleared everything up for me. The specific model number of my phone is SM-A015F/DS.
Click to expand...
Click to collapse
Apparently, there is a version of TWRP for your model number, but, from what I've been reading, you need to be on android 11 in order to unlock your bootloader then install TWRP. Once you have TWRP installed, you can use it to create a nandroid backup by using the Backup option in TWRP. In your case, you probably want to backup absolutely everything that can be backed up, therefore, when you choose the Backup option in TWRP, on the next screen you'll see a list of partitions to backup, select the partitions you want to backup then initiate the backup by sliding the slider at the bottom. Then you'll have to find the correct tools to extract the data from the backup, it can be tricky because of the type of file that TWRP creates.
unofficial twrp 3.5.2 Root Samsung Galaxy A01 SM-A015F
Download unofficial twrp 3.5.2 Root Samsung Galaxy A01 SM-A015F, user who own Galaxy A01 can root it by following the below Instructions
unofficialtwrp.com

Awesome, this looks promising...I'll take a look at it. Thanks again for all the info, Droidriven, you've been a star.