Database Info

[TUT] Downgrade/Unbrick Ville S4

Introduction​
This should work on the S4 version of the HTC One S. I do not recommend trying this on the S3 version..
Nobody is responsible for the outcome of your phone except you. You know the possible risks and you took them
DO NOT ATTEMPT UNLESS YOU ARE COMFORTABLE WITH THIS OR KNOW WHAT YOU ARE DOING
DO NOT ATTEMPT TO DOWNGRADE IF YOU TOOK THE JB OTA. IT HAS BEEN REPORTED TO PERMANENTLY BRICK PHONES ON THE EVITA SIDE
DO NOT ATTEMPT UNLESS YOU HAVE LINUX INSTALLED.. Ubuntu 12.04 or higher preferred - 32/64 bit!
You can use a livecd or wubi. No virtualbox
This guide assumes your Bootloader is unlocked, You have Recovery Installed, and USB Debugging is ENABLED. Please enable USB debugging before continuing​
Creating the brick​
Prerequisites: killp4.. included in the unbrick package
unbrick package: http://dl.dropbox.com/u/40181085/ville.zip
A backed up p4!
*MAKING A NANDROID BACKUP WILL DO NOTHING FOR YOU.. BUT I DO RECOMMEND HAVING ONE AT ALL TIMES*
1. Place killp4 on your /sdcard
2. Download adb and enable USB debugging (adb is in the android SDK, or search Google for a download)
3. Open your command line and type the following
Code:
$ adb shell
$ su
# dd if=/dev/block/mmcblk0p4 of=/sdcard/bakp4
# exit
$ exit
COPY bakp4 to a SAFE location ON YOUR COMPUTER and UNMOUNT your USB storage
4. Kill your phone
Code:
$ adb shell
$ su
# dd if=/sdcard/killp4 of=/dev/block/mmcblk0p4
# exit
$ exit
5. Reboot your phone. The charging light will no longer be on, and you should be stuck on a black screen.
Enumerating your partitions​Q: What does enumerate mean?
A:
Code:
enumerate - to specify one after another.
Synonym: list
Prerequisites: Ubuntu 12.04 or higher. 32/64 bit
unbrick package: http://dl.dropbox.com/u/40181085/ville.zip
A null p4 or the bakp4 you acquired earlier.
a null p4 is included in the unbrick package if you didn't save your backup.. you will need to hex edit your IMEI into this file. the offset is 0x21c, it's after 11111111, which is the SuperCID
1. Open up 3 terminal windows
2. On your first window, type
Code:
$ watch -n 1 lsusb
3. Now, hold power down on your phone for about 10 seconds*,OR until you see (QDL mode) disappear and let go, Then go to your second window and repeatedly run the following command
*On the HTC One X you have to hold power for 10 seconds, on the EVO 4G LTE it is ~30 seconds. This number may vary
Code:
$ ls /dev/sd*
You should go from seeing this..
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
to seeing this...
4. Make note of the following.
for me, my devices was listed as /dev/sdb, yours may be listed as /dev/sdc or even /dev/sdd.
make note of /dev/sd*4 and /dev/sd*12
5. Make sure Linux sees the phone
Code:
$ sudo dmesg | grep "qcserial"
You should see "Qualcomm USB modem converter detected" as the last line of the output. If not, you can unplug and replug the USB cable or run...
Code:
$ sudo modprobe qcserial
to reload the driver
6. Reset the driver
Code:
$ sudo modprobe -r qcserial
7. create the block device
Code:
$ sudo mknod /dev/ttyUSB0 c 188 0
8. Open a third Terminal window and navigate to where you stored the ville folder. I saved it to my desktop, so my code is
Code:
$ cd Desktop/ville
$ chmod +x emmc_recover
9. Now we restore the hboot.. replace /sdc12 with your device location that we discovered in step 3 and 4
Code:
$ sudo ./emmc_recover -f ./hboot.nb0 -d /dev/sdc12 -c 24576
You can hit enter at all of the prompts here. If it stalls at "Waiting for /dev/sdc12, hold the power button down on your phone about 10 seconds, or until your see "Qualcomm. Inc. Gobi Wireless Modem (QDL mode) disappear from your terminal window, then release it. 10 seconds or less after you do this, emmc_recovery will see your phone and proceed. Flashing Hboot will take several minutes, as it has to load data in ~23K chunks followed by a reset after each.
or you can open a new terminal window and run the following command IF AND ONLY IF the phone doesn't reset out of QDL mode
Code:
$ sudo ./emmc_recover -r
10. Once that is finished. We have to reset the qcserial driver again.
Code:
$ sudo modprobe -r qcserial
11. And then recreate the block device
Code:
$ sudo mknod /dev/ttyUSB0 c 188 0
12. Now we restore the original mmcblk0p4 that you should have saved as "bakp4"
Code:
$ sudo ./emmc_recover -f ./bakp4 -d /dev/sdc4 -c 24576
13. Again, if it hangs, hold your phone's power button for about 10 seconds, then release. This file will flash very quickly (it's only 1K) and once it completes, you'll immediately notice that your charging light turns back on. You should see "Qualcomm, Inc." or "Qualcomm, Inc. Gobi Wireless modem (QDL mode) disappear from your terminal screen.
14. Press the thanks button for yarrimapirate. As these are his tools/methods
special thanks to
beaups (for helping me understand how to enumerate the partitions)
18th.abn (for getting me the 1.09 hboot and also agreeing to help me)
and yarrimapirate (not only for the scripts which he made for the Evo 4G LTE, but also agreeing to help me in this project and buying a one x with his own money)

This is why it is easier on evita.. http://db.tt/kCeCpDAE
I made a version for you guys.. http://db.tt/ar4sbw6V
Place on your sdcard
open terminal emulator
Code:
$ su
# dd if=/sdcard/mmcblk0p23 of=/dev/block/mmcblk0p23
reboot to fastboot and lock your bootloader. And then run the RUU
You can download the edited version. USE WITH CAUTION

Just finished downgrading from 1.14 to 1.06.
I started with Jet and replaced the bakp4 after it was created with my own and replaced the hboot with the 1.06 version for the One S. Jet got stuck and kept giving me "Failed to flash hboot" so I jumped over to the manual instructions and finished it that way.
Thanks mikeyinid for bringing to my attention that we can do this and being the first guy to try it with the One S. Thanks absolutelygrim for all your hard work and instructions.

dc211 said:
Just finished downgrading from 1.14 to 1.06.
I started with Jet and replaced the bakp4 after it was created with my own and replaced the hboot with the 1.06 version for the One S. Jet got stuck and kept giving me "Failed to flash hboot" so I jumped over to the manual instructions and finished it that way.
Thanks mikeyinid for bringing to my attention that we can do this and being the first guy to try it with the One S. Thanks absolutelygrim for all your hard work and instructions.
Click to expand...
Click to collapse
Jet has a few bugs right now, some users have reported it working, I haven't gotten it to work for me. Failed at flashing hboot, manual method has always saved them

Nice work! This should be on the dev forum. Please request a moderator move it there where those in need have a better chance to find it.

You should mention that Linux is needed earlier on in the OP so people don't brick then realize they can't unbrick cus they don't have Linux. People won't read the whole thing before they jump in.
Sent from my HTC One S using xda premium

Behold_this said:
Nice work! This should be on the dev forum. Please request a moderator move it there where those in need have a better chance to find it.
Click to expand...
Click to collapse
And maybe sticked.
Send from a phone.

which hboot does this downgrade to? i am currently on 1.14.001 can mine be downgraded?

sherry478 said:
which hboot does this downgrade to? i am currently on 1.14.001 can mine be downgraded?
Click to expand...
Click to collapse
It downgrades you to 1.06

sherry478 said:
which hboot does this downgrade to? i am currently on 1.14.001 can mine be downgraded?
Click to expand...
Click to collapse
Yes it can. I downgraded mine from 1.14 to 1.06.
Sent from my HTC One S using xda premium

How easy is this to do if you never used linux? and also can it be done in Virtualbox?

Darknites said:
How easy is this to do if you never used linux? and also can it be done in Virtualbox?
Click to expand...
Click to collapse
Yes and no. LiveCd or install only

absolutelygrim said:
Yes and no. LiveCd or install only
Click to expand...
Click to collapse
Thanks, I see if I got the balls to do it tomorrow lol.

Darknites said:
How easy is this to do if you never used linux? and also can it be done in Virtualbox?
Click to expand...
Click to collapse
Follow grims instructions and it's simple, for anyone
Sent from my HTC One S using xda premium

mikeyinid said:
Follow grims instructions and it's simple, for anyone
Sent from my HTC One S using xda premium
Click to expand...
Click to collapse
Ya it does seem easy but I never used Linux before and the idea of bricking it to do it just sounds wrong to me lol but the idea of having to use an app or fastboot in till my next phone is no fun lol.
Will I need to download anything other then whats in the OP to go with the linux install?

Darknites said:
Ya it does seem easy but I never used Linux before and the idea of bricking it to do it just sounds wrong to me lol but the idea of having to use an app or fastboot in till my next phone is no fun lol.
Will I need to download anything other then whats in the OP to go with the linux install?
Click to expand...
Click to collapse
Nope.. Should work right off a clean install

absolutelygrim said:
Nope.. Should work right off a clean install
Click to expand...
Click to collapse
Thanks again I get everything sorted tonight to try tomorrow.

Linux running off a usb stick will work right? Think I got puppy linux sitting around my room somewhere.

diabolusmiles said:
Linux running off a usb stick will work right? Think I got puppy linux sitting around my room somewhere.
Click to expand...
Click to collapse
Haven't tried it on puppy.. I prefer using debian based versions

I haven't tried yet, but downgrading hboot like this, does it mean we can run the old ruu?
Sent from my HTC One S using xda premium

root auxus core x2 3g using Android Debug Bridge ADB

Build Properties of Auxus Core X2 3G contains the ro.build.user=root by default firmware update and also Default Properties contains ro.secure=0, ro.debuggable=1. So rooting the devices made very easy.
The following are the things to do to get root access in the front end
Update the binary of the Superuser
Setting the chown & chmod to the Superuser binary
Install the Superuser.apk
Optional:Installing the Root Checker & Root Unistaller
The following are the files required to do the above
ADB Driver for the Rockchip board (Auxus Core X2 Shipped with RK3066)
ADB file & ADB library files
Latest Superuser binary & apk files
Optional:Rootchecker & Root Uninstaller files
Source:
ADB Driver : XDA Post (http://78.140.134.121/d/6ea124157e9cda25ab1707cbcba7/usb_driver.zip)
ADB Files : http://forum.xda-developers.com/showthread.php?t=1987280
SU Files : http://downloads.androidsu.com/superuser/
Optional:RootCheck: http://joeykrim.com/
Optional: RootUnistaller:http://www.apkmania.co/2012/12/root-uninstaller-pro-v32-apk.html
Customizing the folder for the Auxus
Create folder e.g., C:\Auxus\
Extract the ADB files and Copy the adb.exe, AdbWinApi.dll, AdbWinUsbApi.dll to Auxus
Extract the Superuser files and Copy the \system\app\Superuser.apk and \System\bin\su to Auxus
Optional:Also place the RootCheck & RootUnistaller apk
Creating batch file named ROOT.bat
Creating batch file : ROOT.bat
The following code to be added to batch file
Code:
echo off
echo Check list of devices connected
adb devices
pause
adb shell mv /data/local/tmp /data/local/tmp.bak
adb shell ln -s /data /data/local/tmp
echo Rebooting 1/3
adb reboot
echo After Reboot to home screen unlock and press any key
pause
echo Setting Kernel Properties
adb shell rm /data/local.prop > nul
adb shell "echo \"ro.kernel.qemu=1\" > /data/local.prop"
echo Rebooting 2/3
adb reboot
echo After Reboot to home screen unlock and press any key
pause
adb shell id
pause
echo ADB Mounting root drive
adb remount
echo Pushing Superuser files
adb push su /system/xbin/su
adb shell chown 0.0 /system/xbin/su
adb shell chmod 06755 /system/xbin/su
echo Removing changes except ROOT
adb shell rm /data/local.prop
adb shell rm /data/local/tmp
adb shell mv /data/local/tmp.bak /data/local/tmp
echo Installing application
adb push superuser.apk /system/app/superuser.apk
echo Rebooting 3/3
adb reboot
echo ROOTED
pause
Also append below code if optionals downloaded
Code:
echo ADB Mounting root drive
adb remount
echo Installing Root Check & Root Uninstall
adb push Root_Uninstaller_Pro.apk /system/app/Root_Uninstaller_Pro.apk
adb push RootCheckPro.apk /system/app/RootCheckPro.apk
echo Done
pause
echo Rebooting
adb reboot
echo After Reboot to home screen unlock and press any key
pause
Steps to root
Install the ADB driver by double clicking the DPInst-32bit.exe
Now windows will prompt for the Driver security - Click Install anyway to proceed
Now connect the Auxus Core X2 3G in USB Debugging mode, the driver will be identified by windows (if not restart)
Now run the ROOT.bat (Run as Administrator)
The tablet will be reboot 3 times (if optional files used reboot 4 times)
Now run the ROOT.bat file and Auxus Core X2 3G rooted successfully.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Disclaimer :
Though tested many times with my tablet and the post drafted carefully. Kindly Backup data before proceed; All the files download from various link from internet and the attachment (Auxus.rar) contains the combination of them. Screenshots generated by author.
ROOT AT YOUR OWN RISK. Author is not responsible for what you do on your device. Author is not responsible for liability of any kind.

combined attachment included
Update: Auxus.rar is combination made from the above said link and with root batch files. ROOT AT YOUR OWN RISK. Author is not responsible for what you do on your device. Author is not responsible for liability of any kind.

Thanks a bunch!!
I will try this method on my corex2 this weekend and let you know the result. Thanks a lot!:good:

my tabs back camera is very slow and lagging in preview, does anyone having corex2 3g can confirm?

Rear camera- laggy- known issue
guyton100 said:
my tabs back camera is very slow and lagging in preview, does anyone having corex2 3g can confirm?
Click to expand...
Click to collapse
Yes, this is a known issue with the CoreX2. Lets hope that they will fix this issue with future firmware updates.

Please tell me how to unroot the same

Kudremukh said:
Please tell me how to unroot the same
Click to expand...
Click to collapse
muruggan_a has reported a post.
Reason:
Hi Friends,
I have done a pre-booking of X2 3G, i have faced the following issues
1) I was unable to send any 2010 MS office documents from win 7 laptop to auxus x2 3g
2)Even after i paired my tablet with my laptop, i cannot connect the media service from my tablet to laptop using bluetooth
3)Nokia BT head set doesnt get paired
And my last query is if i can root the device whether i can use 3G dongle instead of using SIM slot?
Please help me,
I have handedover to iberry service center and asked for replacement because of the bluetooth issue which i mentioned above. I got the replacement device but that also have the same problem. The new device had some scratches behind so given them back and asked for replacement.

Device Not found
When I oopen ROOT.bat In,
Win 8 it says error:device not found
Win 7 it says path not recognized or something like that
plz help me how to fix it and the
ADB unknown USB driver you gave when i open it win rar says that the file is corrupted or what i dont know
plz help me here:crying:

Will this work for Auxe CoreX4?
skv_vlr_mech said:
Build Properties of Auxus Core X2 3G contains the ro.build.user=root by default firmware update and also Default Properties contains ro.secure=0, ro.debuggable=1. So rooting the devices made very easy.
The following are the things to do to get root access in the front end
Update the binary of the Superuser
Setting the chown & chmod to the Superuser binary
Install the Superuser.apk
Optional:Installing the Root Checker & Root Unistaller
The following are the files required to do the above
ADB Driver for the Rockchip board (Auxus Core X2 Shipped with RK3066)
ADB file & ADB library files
Latest Superuser binary & apk files
Optional:Rootchecker & Root Uninstaller files
Source:
ADB Driver : Unknown (http://78.140.134.121/d/6ea124157e9cda25ab1707cbcba7/usb_driver.zip)
ADB Files : http://forum.xda-developers.com/showthread.php?t=1987280
SU Files : http://downloads.androidsu.com/superuser/
Optional:RootCheck: http://joeykrim.com/
Optional: RootUnistaller:http://www.apkmania.co/2012/12/root-uninstaller-pro-v32-apk.html
Customizing the folder for the Auxus
Create folder e.g., C:\Auxus\
Extract the ADB files and Copy the adb.exe, AdbWinApi.dll, AdbWinUsbApi.dll to Auxus
Extract the Superuser files and Copy the \system\app\Superuser.apk and \System\bin\su to Auxus
Optional:Also place the RootCheck & RootUnistaller apk
Creating batch file named ROOT.bat
Creating batch file : ROOT.bat
The following code to be added to batch file
echo off
echo Check list of devices connected
adb devices
pause
adb shell mv /data/local/tmp /data/local/tmp.bak
adb shell ln -s /data /data/local/tmp
echo Rebooting 1/3
adb reboot
echo After Reboot to home screen unlock and press any key
pause
echo Setting Kernel Properties
adb shell rm /data/local.prop > nul
adb shell "echo \"ro.kernel.qemu=1\" > /data/local.prop"
echo Rebooting 2/3
adb reboot
echo After Reboot to home screen unlock and press any key
pause
adb shell id
pause
echo ADB Mounting root drive
adb remount
echo Pushing Superuser files
adb push su /system/xbin/su
adb shell chown 0.0 /system/xbin/su
adb shell chmod 06755 /system/xbin/su
echo Removing changes except ROOT
adb shell rm /data/local.prop
adb shell rm /data/local/tmp
adb shell mv /data/local/tmp.bak /data/local/tmp
echo Installing application
adb push superuser.apk /system/app/superuser.apk
echo Rebooting 3/3
adb reboot
echo ROOTED
pause
Also append below code if optionals downloaded
echo ADB Mounting root drive
adb remount
echo Installing Root Check & Root Uninstall
adb push Root_Uninstaller_Pro.apk /system/app/Root_Uninstaller_Pro.apk
adb push RootCheckPro.apk /system/app/RootCheckPro.apk
echo Done
pause
echo Rebooting
adb reboot
echo After Reboot to home screen unlock and press any key
pause
Steps to root
Install the ADB driver by double clicking the DPInst-32bit.exe
Now windows will prompt for the Driver security - Click Install anyway to proceed
Now connect the Auxus Core X2 3G in USB Debugging mode, the driver will be identified by windows (if not restart)
Now run the ROOT.bat (Run as Administrator)
The tablet will be reboot 3 times (if optional files used reboot 4 times)
Now run the ROOT.bat file and Auxus Core X2 3G rooted successfully.
Disclaimer :
Though tested many times with my tablet and the post drafted carefully. Kindly Backup data before proceed; All the files download from various link from internet and the attachment (Auxus.rar) contains the combination of them. Screenshots generated by author.
ROOT AT YOUR OWN RISK. Author is not responsible for what you do on your device. Author is not responsible for liability of any kind.
Click to expand...
Click to collapse
Will the above procedure work for the Corex4 as well?

guyton100 said:
my tabs back camera is very slow and lagging in preview, does anyone having corex2 3g can confirm?
Click to expand...
Click to collapse
yes, it is there, but front camera is good. I posted support query in manf webpage and searching the firm update to make custom rom

cdwarak said:
Will the above procedure work for the Corex4 as well?
Click to expand...
Click to collapse
try root methods of Samsung Exynos 4412 for CoreX4 3g

iNOXIA2012 said:
When I oopen ROOT.bat In,
Win 8 it says error:device not found
Win 7 it says path not recognized or something like that
plz help me how to fix it and the
ADB unknown USB driver you gave when i open it win rar says that the file is corrupted or what i dont know
plz help me here:crying:
Click to expand...
Click to collapse
If Root.bat not worked manual use the code as mentioned in the thread.
I'm using windows 7 only and also verified with the XP.
Try downloading the files from source links. If device not recognized then it is the issue of the USB driver installation; Also refer the Screenshots and steps in the post

Kudremukh said:
Please tell me how to unroot the same
Click to expand...
Click to collapse
in command prompt, path to the adb folder
adb remount
adb shell rm /system/app/superuser.apk
adb shell rm /system/bin/su
adb reboot
and so on...

!!!Rooted!!! This method works like a charm. Thanks man!! Trying to figure out if we have cwm recovery for corex2. I tired a couple of them meant for other rockchip 3066 devices but no dice.

clockworkmod-recovery-for-auxus-core-x2
s.rahus said:
!!!Rooted!!! This method works like a charm. Thanks man!! Trying to figure out if we have cwm recovery for corex2. I tired a couple of them meant for other rockchip 3066 devices but no dice.
Click to expand...
Click to collapse
Check out for CWM
http://forum.xda-developers.com/showthread.php?p=37584364#post37584364

Link Error
ADB Driver URL that you gave wont work gives me Error

iNOXIA2012 said:
ADB Driver URL that you gave wont work gives me Error
Click to expand...
Click to collapse
Please find attachment file that i downloaded from the link what i mentioned in first post

skv_vlr_mech said:
please find attachment file that i downloaded from the link what i mentioned in first post
Click to expand...
Click to collapse
thank you so much

Great It worked flawlessly. I wasn't able to root using moborobo or Zhuo. But this method worked. Thanks

Has it got GPS or not???
Hi,
Can anyone please tell whether Auxus core X2 3G has got inbuild GPS or not.

[Q] Is it possible to enable USB debugging via pc

HELP!
my Sony Xperia Go ST27i is locked i forgot the PIN for the screen lock. Is it possible to enable USB debugging using PC? my adb is not recognized since usb debugging is not turned on and I can't unlock my bootloader due to this. I can't boot into recovery mode as well.

hayes.asdfg said:
my Sony Xperia Go ST27i is locked i forgot the PIN for the screen lock. Is it possible to enable USB debugging using PC? my adb is not recognized since usb debugging is not turned on and I can't unlock my bootloader due to this. I can't boot into recovery mode as well.
Click to expand...
Click to collapse
Boot into a custom recovery (like TWRP) and try this in Terminal:
Code:
adb shell
echo "persist.service.adb.enable=1" >>/system/build.prop
echo "persist.service.debuggable=1" >>/system/build.prop
echo "persist.sys.usb.config=mtp,adb" >>/system/build.prop"
reboot
Now reboot to system and see if ADB is working.
If that doesn't help, try this:
Code:
adb shell
setprop persist.service.adb.enable 1
setprop persist.service.debuggable 1
setprop persist.sys.usb.config mtp,adb
reboot
BTW, you can try as many as wrong pins which would enable you to change the pin again via Google account. That's the best way..

GokulNC said:
Drain your phone charge to 0%
Then plug in your phone, but don't switch it ON.
After 15mins, use your regular key combination like power+volumeUp+volumeDown or whatever to get into bootloader menu.
Open up recovery mode or fastboot mode and do whatever you need.
If you want to enable USB debugging, try this in fastboot mode:
Code:
adb shell
echo "persist.service.adb.enable=1" >>/system/build.prop
echo "persist.service.debuggable=1" >>/system/build.prop
echo "persist.sys.usb.config=mass_storage,adb" >>/system/build.prop"
reboot
If that doesn't help, try this:
Code:
adb shell
setprop persist.service.adb.enable 1
setprop persist.service.debuggable 1
setprop persist.sys.usb.config mass_storage,adb
reboot
BTW, you can try as many as wrong pins which would enable you to change the pin again via Google account.
Click to expand...
Click to collapse
I have a similar problem in that I can't access my phone and settings. I tried the adb shell and it goes error: device '(null)' not found.
Then I tried the
echo "persist.service.adb.enable=1" >>/system/build.prop but again no good "The system cannot find the path specified."
Does the phone really need to be drained for this to work? My phone charge though I can't see it is around 90%.
On the setprop persist.service.adb.enable 1 is says that 'setprop' is not recognized as an internal or external command, operable program or batch file.
Another question that comes to mind is whether doing factory reset removes root?

[ROOT available] [18-01-2015] Acer Liquid S1 / S510 / A10 with KK ROM!

Hi all,
*Q&A Thread is here*
Automatic process:
Please use the root from scratch method (only on UNIX!) from the Acer Iconia Toolkit thread
Manual process:
I have succeeded to root Acer Liquid S1 (S510 / A10). In the Acer Iconia Toolkit thread @Optimissimus99 mentioned to use the MTK Logger when using a Kitkat ROM. Using @vache's S1 root sources I figured out how root was done with JB using the Network Utility, so I tried doing the same steps using the MTK Logger.
Requirements:
Acer Liquid S1 (S510 / A10)
Being able to follow procedure to the step
Have an Ubuntu installation (I used 14.10)
Post screenshots, clear steps and results when asking for help
Getting root can be achieved with these steps:
Copy or download a busybox file (I used the one from the Iconia Toolkit) to your /sdcard
Using MTK Logger Util
Open engineering mode (for instance with MTK Engineering Mode)
Swipe to Log and Debugging screen
Open MTKLogger
Click on Settings
Click Run Command and execute the following commands:
cp /sdcard/busybox /data/local/tmp
chmod 755 /data/local/tmp/busybox
/data/local/tmp/busybox telnetd -l /system/bin/sh -p 1234
Using Terminal
ls -la /data/local/tmp/busybox
This should show correct execute permissions on busybox
/data/local/tmp/busybox telnet 127.0.0.1 1234
This should open Telnet correctly
cat /proc/dumchar_info | grep "android"
This should show the size of your system image. In my case:
"android 0x0000000040000000 0x0000000005d00000 2 /dev/block/mmcblk0p5”
so quickly calculating (using the code from Vache’s S1 Root tool)
l_seekBlocks = systemEndAddr / 4096; var endA = addrs[2]; endAddr = Convert.ToInt64(endA, 16); 0x0000000005d00000 97517568/4096 = 23808
l_countBlocks = systemStartAddr / 4096; var startA = addrs[1]; startAddr = Convert.ToInt64(startA, 16); 0x0000000040000000 1073741824/4096 = 262144
dd if=/dev/block/mmcblk0 bs=4096 skip=23808 count=262144 | gzip >/storage/sdcard1/system.img.gz
This should create your gzipped ROM dump on the external sdcard.
Within Ubuntu
Transfer the system.img.gz file to Ubuntu
Transfer extracted SuperSU (I used UPDATE-SuperSU-v2.40.zip)
Run the following code:
Code:
gunzip system.img.gz
sudo mkdir /media/iconia
sudo mount -o loop system.img /media/iconia
sudo mv /media/iconia/etc/install-recovery.sh /media/iconia/etc/install-recovery_original.sh
sudo mkdir /media/iconia/bin/.ext
sudo chmod 0777 /media/iconia/bin/.ext
sudo cp UPDATE-SuperSU-v2.40/common/Superuser.apk /media/iconia/app/Superuser.apk
sudo cp UPDATE-SuperSU-v2.40/common/install-recovery.sh /media/iconia/etc/install-recovery.sh
sudo cp UPDATE-SuperSU-v2.40/armv7/su /media/iconia/xbin/daemonsu
sudo cp UPDATE-SuperSU-v2.40/armv7/su /media/iconia/xbin/sugote
sudo cp UPDATE-SuperSU-v2.40/armv7/su /media/iconia/xbin/su
sudo cp UPDATE-SuperSU-v2.40/armv7/su /media/iconia/bin/.ext/.su
sudo cp /media/iconia/bin/mksh /media/iconia/xbin/sugote-mksh
sudo cp UPDATE-SuperSU-v2.40/armv7/supolicy /media/iconia/xbin/supolicy
sudo cp UPDATE-SuperSU-v2.40/armv7/libsupol.so /media/iconia/lib/libsupol.so
sudo chmod 0644 /media/iconia/app/Superuser.apk
sudo chmod 0755 /media/iconia/etc/install-recovery.sh
sudo chmod 0755 /media/iconia/xbin/daemonsu
sudo chmod 0755 /media/iconia/xbin/su
sudo chmod 0755 /media/iconia/bin/.ext/.su
sudo chmod 0755 /media/iconia/xbin/sugote
sudo chmod 0755 /media/iconia/xbin/sugote-mksh
sudo chmod 0755 /media/iconia/xbin/supolicy
sudo chmod 0644 /media/iconia/lib/libsupol.so
sudo ln -s /media/iconia/etc/install-recovery.sh /media/iconia/bin/install-recovery.sh
sudo umount /media/iconia
sudo rm -rf /media/iconia
mv system.img systemrooted.img
gzip systemrooted.img
Check for errors - if there is any, fix them
Next steps is to reload the system image with the following command:
copy systemrooted.img.gz to device
start mtklogger (see above 2.3 / 2.4)
start telnetdaemon (see above 2.5.3)
start terminal (see 3)
start telnet (see 3.2)
Run the command:
/data/local/tmp/busybox zcat /storage/sdcard1/systemrooted.img.gz | dd of=/dev/block/mmcblk0 bs=4096 seek=23808 count=262144
As I do not have much time, I am not sure when I can do this... will post progress in this thread.
Next steps in the development:
Add Xposed Framework
Thanks go to @vache @paugustin @Shreps @Optimissimus99 for providing some of the above info and helping me with this device!
Regards,
Nika.

Here's some screenshots:
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}

You have done the hardest part, just need to push the su daemon service for KK ?
Envoyé de mon A1-840FHD en utilisant Tapatalk

Just in case anyone reads this thread and decides to try it on their own - the system.img wasn't mountable (yet). Looks like I used seek= instead of skip= when creating the new image... will try again later....

Yeah, rooting works!
Check first post for details...

Nice!!! Realy like your work So we now have root on Acer Liquid S1! Will there be a quick way to root it?
with a kinda batch tool for instance?

ARRRDJ said:
Nice!!! Realy like your work So we now have root on Acer Liquid S1! Will there be a quick way to root it?
with a kinda batch tool for instance?
Click to expand...
Click to collapse
Oh yeah, we sure will. I'll contact @entonjackson to know whether we can add it to his toolkit and @Chainfire to know whether we are allowed to include SuperSU in a kit this way...

nikagl said:
Oh yeah, we sure will. I'll contact @entonjackson to know whether we can add it to his toolkit and @Chainfire to know whether we are allowed to include SuperSU in a kit this way...
Click to expand...
Click to collapse
Nice!! Finally, root for S1
Will you keep us up to date with the latest developments? I cannot wait to run Xposed

ARRRDJ said:
Nice!! Finally, root for S1
Will you keep us up to date with the latest developments? I cannot wait to run Xposed
Click to expand...
Click to collapse
Sure. I will need @entonjackson for that though, otherwise I'll have to rewrite his code to suite S1, use the MTKLogger and add SuperSU. Adding Xposed is a good idea too - the problem with the /system on this device is that it's locked and we cannot unlock it. So adding stuff (or removing for that matter) always requires to use an existing /system dump and restore it to the device using dd. Recovery too, will only allow installation of signed zips and as we don't have the right keys, we won't be able to use (or change) it... In the end, doing a root from scratch will always require either Ubuntu (to do it with the ROM you have on your device) or restore a system.img from another device... It requires Ubuntu btw, because in Ubuntu you can mount a system.img and easily change it, which is not feasible from DOS/Windows...
So... for the time being, let's wait for @entonjackson and if he doesn't have the option, I'll try to write something. Just keep in mind I am not a developer, I can follow procedures and hack my way into existing stuff, but writing from scratch remains a bridge too far...

nikagl said:
Sure. I will need @entonjackson for that though, otherwise I'll have to rewrite his code to suite S1, use the MTKLogger and add SuperSU. Adding Xposed is a good idea too - the problem with the /system on this device is that it's locked and we cannot unlock it. So adding stuff (or removing for that matter) always requires to use an existing /system dump and restore it to the device using dd. Recovery too, will only allow installation of signed zips and as we don't have the right keys, we won't be able to use (or change) it... In the end, doing a root from scratch will always require either Ubuntu (to do it with the ROM you have on your device) or restore a system.img from another device... It requires Ubuntu btw, because in Ubuntu you can mount a system.img and easily change it, which is not feasible from DOS/Windows...
So... for the time being, let's wait for @entonjackson and if he doesn't have the option, I'll try to write something. Just keep in mind I am not a developer, I can follow procedures and hack my way into existing stuff, but writing from scratch remains a bridge too far...
Click to expand...
Click to collapse
Okay, let's hope @entonjackson can help! Oehw that's sad. So it's impossible to root this phone on the 'normal' way? Is it restricted in the software or in the hardware?
But once you've rooted it, can you use Xposed (or another rootapp), without having to restore a systemdump file?
Ubuntu is not a problem, since I develop in Ubuntu
No problem! I've a lot of respect that you came so far without having a lot of experience

ARRRDJ said:
Okay, let's hope @entonjackson can help! Oehw that's sad. So it's impossible to root this phone on the 'normal' way? Is it restricted in the software or in the hardware?
But once you've rooted it, can you use Xposed (or another rootapp), without having to restore a systemdump file?
Ubuntu is not a problem, since I develop in Ubuntu
No problem! I've a lot of respect that you came so far without having a lot of experience
Click to expand...
Click to collapse
It's in the software/signing of the zips. The keys are unavailable for "normal" people like us. Just Acer has them I guess.
Yes, as soon as Xposed is integrated, you can use it. With the integration I am a bit worried to do it though. I have looked at the current release of Xposed (de.robv.android.xposed.installer_v33_36570c) and it requires me to replace /system/bin/app_process with the one from Xposed. My S1 does not have USB access anymore so I am very hesitant to replace a file like that. If it gets into a bootloop, I won’t be able to recover it…
Also, the update-binary that Xposed uses to integrate itself into the framework replaces that app_process file, but also expects certain configuration (/data/data/de.robv.android.xposed.installer) of the APK to be available. I am afraid that the apk needs to be installed before actually introducing the new app_process file. As the installation of the APK is not part of /system and therefore the /data folders will not be created, I wonder how it behaves if the new file is introduced in the new /system...hopefully it won't cause bootloops....
Regards,
Nika.

I tried adding Xposed by changing the app_process file but it didn't work. I used the following commands:
Code:
sudo cp de.robv.android.xposed.installer_v33_36570c.apk /media/iconia/app/
sudo cp -a /media/iconia/bin/app_process /media/iconia/bin/app_process.orig
sudo cp de.robv.android.xposed.installer_v33_36570c/assets/arm/app_process_xposed_sdk16 /media/iconia/bin/app_process
sudo chmod 0755 /media/iconia/bin/app_process
It does see the new file version installed but Xposed is not running. Asked in some threads for extra help. Also no response yet from @entonjackson, so asked in the Iconia thread whether there's others that can help

nikagl said:
I tried adding Xposed by changing the app_process file but it didn't work. I used the following commands:
Code:
sudo cp de.robv.android.xposed.installer_v33_36570c.apk /media/iconia/app/
sudo cp -a /media/iconia/bin/app_process /media/iconia/bin/app_process.orig
sudo cp de.robv.android.xposed.installer_v33_36570c/assets/arm/app_process_xposed_sdk16 /media/iconia/bin/app_process
sudo chmod 0755 /media/iconia/bin/app_process
It does see the new file version installed but Xposed is not running. Asked in some threads for extra help. Also no response yet from @entonjackson, so asked in the Iconia thread whether there's others that can help
Click to expand...
Click to collapse
Ah okay, unfortunately!! I cant wait to run xposed! I hope you'll get some support from members with more experience, because I think we're really close to a more easier rooting way
Let me know if you make some progress

ARRRDJ said:
Ah okay, unfortunately!! I cant wait to run xposed! I hope you'll get some support from members with more experience, because I think we're really close to a more easier rooting way
Let me know if you make some progress
Click to expand...
Click to collapse
So do I and trust me - I tried it all. Also tried it on another device, it will simply not start and I don't know why
Regards,
Nika.

progress?
Any progress yet?

ARRRDJ said:
Any progress yet?
Click to expand...
Click to collapse
Nope, just root works. If you want I can add it to the rootfrom scratch method of the toolkit, but Xposed won't work. Simply do not get any help from anywhere to fix this and spent hours (if not days!) troubleshooting it, so i have given up...

thanks it's a wonderful job anyway u really deserve respect! :highfive:

Make sure to monitor the following thread for new versions:
http://forum.xda-developers.com/showthread.php?t=2240029
I am not yet sure when I get to make one, it's almost holiday week here in NL and with that and the preparations for it I don't have much time... more news soon.

I have created the first Acer Liquid S1 version of the toolkit. Let me know what you think.

First of all thank you very much for your efforts, I just downloaded your toolkit but it says "put prerooted system.img.gz... " etc. Question is where do I find prerooted system.img.gz?

Question Resolve "adbd cannot run as root in production builds"

Hi!
I'm running Android 13. I've used Magisk to root the device but the command
Code:
adb root
results in
Code:
adbd cannot run as root in production builds
I already tried "adbd Insecure v2.00.apk" but it fails with the message
Code:
Could not patch adbd !
Is there a way to fix this?

you can overlay /system/bin/adbd with magisk module. create new directory in /data/adb/modules and place your files
Code:
/data/adb/modules/my_module/system/bin/adbd
/data/adb/modules/my_module/module.prop
https://topjohnwu.github.io/Magisk/guides.html#magisk-modules
or escalate to privileged shell and stream file content over stdin/stdout (linux only)
Code:
adb shell "su -c 'dd bs=1m if=/dev/block/bootdevice/by-name/boot 2> /dev/null'" > boot.img
adb shell "su -c 'dd bs=1m of=/dev/block/bootdevice/by-name/boot'" < path/to/boot.img

alecxs said:
you can overlay /system/bin/adbd with magisk module. create new directory in /data/adb/modules and place your files
Code:
/data/adb/modules/my_module/system/bin/adbd
/data/adb/modules/my_module/module.prop
https://topjohnwu.github.io/Magisk/guides.html#magisk-modules
or escalate to privileged shell and stream file content over stdin/stdout (linux only)
Code:
adb shell "su -c 'dd bs=1m if=/dev/block/bootdevice/by-name/boot 2> /dev/null'" > boot.img
adb shell "su -c 'dd bs=1m of=/dev/block/bootdevice/by-name/boot'" < path/to/boot.img
Click to expand...
Click to collapse
Thank you very much for your reply.
How would method 1 work? I find a different binary of adbd that has the root feature enabled and overlay the original with it through a Magisk module?

mattdeox said:
I already tried "adbd Insecure v2.00.apk" but it fails with the message
Click to expand...
Click to collapse
you found already, just unzip the assets/adbd.21.png from apk

alecxs said:
you found already, just unzip the assets/adbd.21.png from apk
Click to expand...
Click to collapse
I checked the file you mentioned and it has those contents:
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
What should I do with them?

mattdeox said:
. I've used Magisk to root the device but the command
Code:
adb root
results in
Code:
adbd cannot run as root in production builds
Click to expand...
Click to collapse
Why do you need this?

WoKoschekk said:
Why do you need this?
Click to expand...
Click to collapse
I would like to do some automated testing on my device using Appium to check if my website works correctly.
As I understood, adb root is needed to do it properly.

just rename the file > adbd
/data/data/eu.chainfire.adbd/files/adbd.21.png: ELF executable, 32-bit LSB arm, static, stripped

mattdeox said:
I would like to do some automated testing on my device using Appium to check if my website works correctly.
As I understood, adb root is needed to do it properly.
Click to expand...
Click to collapse
Basically: ADB is a commandline tool which acts as a client-server programm. You send ADB commands (usually from a desktop PC, but also possible from a rooted mobile) as a client to the adbd (daemon) on another device. The adbd executes those commands on the other device as user:shell. If you want the adbd acts as user:root then you have to execute adb root. BUT it's not possible to grant the adbd root permissions on a stock ROM (production builds). Even if the other device is rooted with Magisk it's still a production build!
The only way to execute commands as root via ADB on another device is
Code:
adb shell
su

alecxs said:
just rename the file > adbd
/data/data/eu.chainfire.adbd/files/adbd.21.png: ELF executable, 32-bit LSB arm, static, stripped
Click to expand...
Click to collapse
I created the structure you recommended
Code:
/data/adb/modules/adbRoot/module.prop
/data/adb/modules/adbRoot/system/bin/adbd
I opened Magisk and could see the module enabled.
Then restarted adbd
Code:
setprop ctl.restart adbd
But there was still the error
adbd cannot run as root in production builds
Click to expand...
Click to collapse
Then I found out on this page https://source.android.com/docs/core/ota/modular-system/adbd
that adbd moved on Android 13, supposedly to this location:
Code:
/apex/com.android.adbd/bin/adbd
Then I also created this file for the Magisk module
Code:
/data/adb/modules/adbRoot/system/apex/com.android.adbd/bin/adbd
Again, I restarted adb
Code:
setprop ctl.restart adbd
But the result still is the same
adbd cannot run as root in production builds
Click to expand...
Click to collapse
Anything else I could do/something that is wrong?

WoKoschekk said:
Basically: ADB is a commandline tool which acts as a client-server programm. You send ADB commands (usually from a desktop PC, but also possible from a rooted mobile) as a client to the adbd (daemon) on another device. The adbd executes those commands on the other device as user:shell. If you want the adbd acts as user:root then you have to execute adb root. BUT it's not possible to grant the adbd root permissions on a stock ROM (production builds). Even if the other device is rooted with Magisk it's still a production build!
The only way to execute commands as root via ADB on another device is
Code:
adb shell
su
Click to expand...
Click to collapse
Thank you very much for your input.
Are you saying there is nothing that can be done by replacing the adbd file or the config?
Do you think the solution by alecxs to replace the binary is not working?

mattdeox said:
Thank you very much for your input.
Are you saying there is nothing that can be done by replacing the adbd file or the config?
Do you think the solution by alecxs to replace the binary is not working?
Click to expand...
Click to collapse
Still do not understand the reason. Assume the command adb root is successful. how to proceed then?

Here's what you need for adb root:
daemon/main.cpp - platform/system/adb - Git at Google
These criterias have to be met to execute adb root.
In case the adbd gets root permissions, then you keep the privileges to run:
Code:
adb disable-verity
enable-verity
sideload OTAPACKAGE
remount [-R]
unroot
(For further information see 'adb help')
All the other ADB commands don't require the adbd to be rooted.

the insecure adbd by @Chainfire according to this logcat requires some additional sepolicy rules and probably therefore does not work with magisk out of the box.
found some magisk modules, maybe one of these binaries work for android 13 if you place it system/apex
[MODULE] Insecure adbd for Pixel devices
Hi everyone, I made a simple module for my own needs and I figured I'd share it here as well. This module enables "insecure adbd" on Pixel devices, which allows you to restart adbd in root mode via "adb root" and push/pull to/from the /data...
forum.xda-developers.com
[MODULE] Debugging modules: ADB Root, SELinux Permissive, Enable Eng
These modules are not meant for everyday use. They are intended for debugging and modification of a firmware. They significantly lower security of your device while active and even could softbrick it. You've been warned. ADB Root Magisk Module...
forum.xda-developers.com

Do I understand correctly:
To use/install the patched adbd I need a device with root permissions. Otherwise it wouldn't be possible to copy the adbd to /system/bin and make it executable. Having that patched adbd in /system/bin, I'm able to use the command adb root which let's me execute ADB commands with root permissions.
Why not using
Code:
adb shell
su
? Why I need a adbd with root permissions on a rooted device?

@WoKoschekk most likely he don't need it. we don't know. but there are cases where it can be useful, for example
Code:
adb pull /dev/block/bootdevice/by-name/userdata

alecxs said:
@WoKoschekk most likely he don't need it. we don't know. but there are cases where it can be useful, for example
Code:
adb pull /dev/block/bootdevice/by-name/userdata
Click to expand...
Click to collapse
Apart from the fact that it's not possible to restore such an image (e.g. corrupted encryption) you have to copy 128GB (minus the system) or more via USB. There is a reason why TWRP saves the data as a TAR archive and splits it into 1GB chunks.
I know there are more examples for a rooted adbd. But it could all be done in a root shell, too.

TWRP is useful for backup only if encryption is supported, which is not the case for Samsung encryption. But for forensic and recovery of deleted files full partition image is required. on FBE that /dev/block/bootdevice/by-name/userdata is already decrypted during runtime. for FDE one must adb pull /dev/block/dm-0 or whatever is mounted /data of course. Restoring works fine btw. just some encryption related files (like locksettings.db) must deleted.
I have posted workaround for streaming partitions with su (refer to 2. method in post #2) but it does not work on windows (not even with dos2unix)

TWRP was only an example for how /data could be backed up. In the most cases you restore /data after a wipe or when /data gets formatted. Then you will have a conflict with the already established encryption. After /data gets formatted the system generates a new master key during the next boot. You can't decrypt an old encryption with that master key.
The partition mirrors ~/dm-0 and so on are based on AVB and the device-mapper layer.
alecxs said:
I have posted workaround for streaming partitions with su
Click to expand...
Click to collapse
Yes, I know the 'netcat' method. Of course it's better to have a desktop PC and its storage for large images like /data. Better than an external sd. But you could also use the device's shell to create tar files.

WoKoschekk said:
Then you will have a conflict with the already established encryption.
Click to expand...
Click to collapse
Nope. works fine, as the partition image does not contain any encryption at all. consider it's already decrypted in AFU state.
WoKoschekk said:
After /data gets formatted the system generates a new master key during the next boot. You can't decrypt an old encryption with that master key.
Click to expand...
Click to collapse
Yes. only for FBE, for FDE it's static key. But encryption type doesn't matter, it contains plain files - same as TWRP backup.