Hi All
Not a dev guy but process in lab required root of phone and case was not ever going to see the inside of a courtroom so we processed the phone as per instructions and rooted successfully. We completed the full BIN dump and parsed all data but on trying to reverse the process we are now stuck at booting to either Bootloader or TWRP (Bootloader still unlocked). Essentially, we just want a factory reset phone that can be used ie we don't care about user data as this is secured in forensic form. Any pointers well appreciated.
Minimal ADB can see the device.
Can boot to Fastboot Mode
Can boot to TWRP
Thx in advance.
Flash the boot, recovery, vbmeta, and vbmeta_system images from fastboot. Use the "--disable-verity --disable-verification" flags on both of the meta images though.
Related
I am working with a Sony Xperia L, with Android 4.1 or 4.2. A different model but I believe you will know the issues involved. The phone was stuck in bootloop. I have now put it into fastboot mode. I am trying to recover text and image data (jpegs).
I want to use something like adb, testdisk, or photoRec. But neither adb (or testdisk) recognises the device. It appears I have to enable USB debugging, but I don't know how to do this because I cannot access the phone controls, since it is running now only in fastboot mode, or in bootloop if I restart it.
So right now I cannot get up a proper adb shell or anything else that might recognise the data. (I notice fastboot devices gives a device name, but other fastboot commands do not work, and fastboot does not recover data, does it?).
By what steps ought I proceed to recover test and image data when this phone is in fastboot mode? or the original bootloop which is causing the problem?
Many thanks in advance.
I would try to reflash the device with Androxyde's flashtool and not wipe the data in the process.
The bootloader has to be opened in the process.
I do not know what recovery procedures the SONY tools provide (companion, Emma) but I would check them out.
Thanks for that information. But as I understand it, rooting the device will wipe all existing data.
I need to gain access to the device while it is in fastboot mode without wiping the data I am trying to recover. Then I assume I would run adb, testdisk, photoRec, or whatever.
no root required
flashing a stock rom does not give you root rights
for my device there are only Sony roms available - so it might even work without opening the bootloader...
you are right: opening the boot loader wipes the device (factory reset)
Pixel 2 XL is soft bricked at the moment and I can't for the life of me think of what I need to do to recover it. I unlocked my bootloader and rooted when I switched to Pie, (I saw people we're already able to use Android pay on a rooted device again and I just couldn't help myself.) I installed twrp accidentally tried to flash TWRP not realizing I needed to temporary boot it and pushing the zip over erasing the recovery I proceeded to just fastboot it and carry on with the normal procedure with my phone. after getting Magisk installed I had my phone all set up until the next time I turned it on and back off again It said I forgot my PIN which I know I didn't I think this was because a glitch with smartlock I just setup so I go to my recovery and wipe the Dalvik cache, cache, Internal storage, and data and low and behold my phone bootloops never making past the final stage before it gets to the lockscreen. I go to Fastboot screen on my phone and my mac can't list my phone as a device in adb and now I am having issues getting back into recovery which I think might be because I am on the stock kernel my Fastboot screen on my phone says Product Name - Taimen, Variant - MSM USF:SAMSUNG(64gig) DDR:SAMSUNG, Bootloader version - TM220j, Baseband version - g899800253-1805232234, my Serial number, Serure boot - Yes, Device status - Unlocked, Vart console - Disabled, HW version - rev_10
I can't get it to stop bootlooping and just turn off.
bump
xda Zed said:
bump
Click to expand...
Click to collapse
Try flashing the stock boot.img with Fastboot. That might get you out of it. Since you did all the wiping I can't say for sure. However, when you were at the point where it wouldn't take your password, that's all that needed to be done. I ran into the same thing. It's a Magisk bug. Magisk gets flashed to the boot partition so flashing the factory boot.img will fix it. TWRP also gets flashed to the boot partition so if you flashed it too, flashing a factory boot image will get rid of that too. ADB won't see the phone while it's in fastboot mode. You need to use "fastboot devices". You can download a factory image if you don't have one and extract the boot.img from it. Put it in the folder your fastboot is in, and then open a command prompt (terminal? I'm not a MAC person) from that folder and type "fastboot flash boot boot.img" (without the quotes). Make sure you use download the factory image that's the same as what you currently have installed on the phone.
robocuff said:
Try flashing the stock boot.img with Fastboot. That might get you out of it. Since you did all the wiping I can't say for sure. However, when you were at the point where it wouldn't take your password, that's all that needed to be done. I ran into the same thing. It's a Magisk bug. Magisk gets flashed to the boot partition so flashing the factory boot.img will fix it. TWRP also gets flashed to the boot partition so if you flashed it too, flashing a factory boot image will get rid of that too. ADB won't see the phone while it's in fastboot mode. You need to use "fastboot devices". You can download a factory image if you don't have one and extract the boot.img from it. Put it in the folder your fastboot is in, and then open a command prompt (terminal? I'm not a MAC person) from that folder and type "fastboot flash boot boot.img" (without the quotes). Make sure you use download the factory image that's the same as what you currently have installed on the phone.
Click to expand...
Click to collapse
I stopped my endless bootloop! Now it says my device is corrupt and cannot be trusted and may not work properly when I tried to start it I couldn't get past the google screen. When I plug it into charge now it doesn't automatically going into a bootloop that can only be stoped by going into the fastboot mode or running out of battery, but the the charging symbol on the screen won't go away. I might have wiped system when I was in TWRP when I couldn't boot back after the first wipe. And I accidentally tried fastbooting Telstra img first. Anyway to get past this white Google screen? Also when I trey to go to recovery now it's the android laying on it's back with a red triangle and it says no command. Should I execute the flash-all script?
Downloaded the stock img files and ran the flash all .sh and now I am back in Android ready to mess something up again I could not thank you enough for your help I am so happy right now
xda Zed said:
Downloaded the stock img files and ran the flash all .sh and now I am back in Android ready to mess something up again I could not thank you enough for your help I am so happy right now
Click to expand...
Click to collapse
Glad to hear you got it working again. As for the recovery screen that say no command, that't the way it works with the stock recovery. When you see that screen, press and hold power and volume up. That will get you into recovery. If you happen to try rooting again and get stuck in a bootloop or some such thing, just flash the stock boot image.. That should get you going again.
Had a bad idea this morning and decided to try to root the phone, leagoo t5. The last time Im going to go messing with a phone that wasnt broken! after spending 10hrs trying to sort it! I downloaded adb tools and and twrp. I unlocked the bootloader with fastboot and installed twrp. However when I rebooted the phone it just booted straight into twrp. I cant get it to boot normally. I reinstalled the firmware but it will still not boot. I can get into recovery and factory modes but thats it. what can I do? Thanks
pcfreeze said:
Had a bad idea this morning and decided to try to root the phone, leagoo t5. The last time Im going to go messing with a phone that wasnt broken! after spending 10hrs trying to sort it! I downloaded adb tools and and twrp. I unlocked the bootloader with fastboot and installed twrp. However when I rebooted the phone it just booted straight into twrp. I cant get it to boot normally. I reinstalled the firmware but it will still not boot. I can get into recovery and factory modes but thats it. what can I do? Thanks
Click to expand...
Click to collapse
Have you tried factory resetting in recovery?
ktmom said:
Have you tried factory resetting in recovery?
Click to expand...
Click to collapse
Yes I did. No Joy. When I power on I just get the leagoo logo coming on and off repeatedly. Pressing the power button then will not turn the phone off again. I can switch it off by pressing vol- and pwr together though.
Is the problem caused by unlocking the bootloader with fastboot or that the firmware I installed is not suiting? Rebooting the phone after unlocking the bootloader before reflashing the firmware caused the leagoo logo to come on and off repeatedly accompanied by this message in very small text "Orange State - Your device has been unlocked and can't be trusted, Your device will boot in 5 seconds". After flashing the firmware with Sp Flash Tool this message is not being shown. Does reflashing firmware undo the action of unlocking the bootloader?
What your are describing is a bootloop. It sounds like the device can not find the system kernel to boot to. Did you boot the device after unlocking but before doing anything else?
Where did you get the TWRP recovery from?
Isn't this a mediatek chipset? If so, I think you need to use SP Flash Tool*to install.
I would look for a stock ROM for this device to revert to.
I'm not experienced on mediatek devices, but maybe @SubwayChamp could help.
pcfreeze said:
Yes I did. No Joy. When I power on I just get the leagoo logo coming on and off repeatedly. Pressing the power button then will not turn the phone off again. I can switch it off by pressing vol- and pwr together though.
Is the problem caused by unlocking the bootloader with fastboot or that the firmware I installed is not suiting? Rebooting the phone after unlocking the bootloader before reflashing the firmware caused the leagoo logo to come on and off repeatedly accompanied by this message in very small text "Orange State - Your device has been unlocked and can't be trusted, Your device will boot in 5 seconds". After flashing the firmware with Sp Flash Tool this message is not being shown. Does reflashing firmware undo the action of unlocking the bootloader?
Click to expand...
Click to collapse
Then to unlock bootloader is not normal that Android refuses to boot normally but when you flash a custom recovery or modify other partition this usually could happen so either or both you have to do a factory resetting/format data as @ktmom said or/and flash a kind of DM-verity for your device, this last avoids that bootloader checks the integrity of the partitions and can boot normally to system.
The warning message is normal then to unlock bootloader and reflashing the stock rom doesn´t relock it, you have to relock it at similar way that you unlocked it via fastboot command, most commom is "fastboot oem relock" but there are other variants and keep in mind that you have to return completely to stock before to apply it.
SubwayChamp said:
Then to unlock bootloader is not normal that Android refuses to boot normally but when you flash a custom recovery or modify other partition this usually could happen so either or both you have to do a factory resetting/format data as @ktmom said or/and flash a kind of DM-verity for your device, this last avoids that bootloader checks the integrity of the partitions and can boot normally to system.
The warning message is normal then to unlock bootloader and reflashing the stock rom doesn´t relock it, you have to relock it at similar way that you unlocked it via fastboot command, most commom is "fastboot oem relock" but there are other variants and keep in mind that you have to return completely to stock before to apply it.
Click to expand...
Click to collapse
I relocked the boot loader with the command "fastboot flashing lock". small white text dialogue on phone screen stated bootloader was locked successfully. rebooted phone then and it was still stuck in the boot loop. For a few seconds in between the leagoo logo a strange circular graphic was displayed on the phone with word "erasing" under it. What does this mean?
Can you tell me more about how to flash DM-verity?
pcfreeze said:
I relocked the boot loader with the command "fastboot flashing lock". small white text dialogue on phone screen stated bootloader was locked successfully. rebooted phone then and it was still stuck in the boot loop. For a few seconds in between the leagoo logo a strange circular graphic was displayed on the phone with word "erasing" under it. What does this mean?
Can you tell me more about how to flash DM-verity?
Click to expand...
Click to collapse
Ok, then to relock bootloader I guess that you did successfully boot to system again, right?
When you unlocked bootloader first then device is formatted to avoid a new user can access to the user´s data and when you relock it again the same happens.
As for DM-verity, newer devices strictly since nougat can´t boot to system after any partition was modified like happened when you flashed a custom recovery on it, here is when DM-verity can be useful, is used to avoid bootloader checks the integrity and allow a modified device can perform a reboot and more custom actions not officially permitted. You had to flash it through a custom recovery, sometimes flashing only Magisk is enough but not always.
You *might* be able to use this universal dm-verify script. It can be flashed only in a custom recovery and I'm not certain that is available to you.
ktmom said:
You *might* be able to use this universal dm-verify script. It can be flashed only in a custom recovery and I'm not certain that is available to you.
Click to expand...
Click to collapse
Good news and bad news! I got the phone to boot! I reinstalled twrp and the "magisk","no verity opt encrypt" and "disable dm verity" zips from the ext sdcard with fastboot. Twrp stated the zips installed ok but there were also some red line failure lines in the dialogue as they were being installed. I rebooted the phone via fastboot but this just resulted in it booting direct to twrp as before. I tried normal boot from twrp but it still booted straight back to twrp. I then tried selecting normal boot from the fastboot, normal, recovery option menu accessed on the Leagoo T5 by powering off the phone and then pressing the pwr and vol+ buttons together but this still resulted in it booting straight to twrp. I then decided to uninstall twrp by flashing the stock firmware recovery image to try to boot from stock recovery. I did same and rebooted from fastboot and it booted to system.
The bad news is there is an imei failure message and the sim is not connecting to the network.I googled imei failure and saw that its can happen when firmware is changed. I installed the "mobileuncle" app but according to a youtube video I watched, when I tap "Engineer Mode" there should be 2 further options available, one being MTK Mode. I am only getting one option "Engineering Mode (Android) which when I select just results in being returned to the previous menu. please say this is not a major problem!
@pcfreeze you quoted me, but as I said earlier, I'm not experienced with mediatek devices. You'd be better off quoting @SubwayChamp
pcfreeze said:
Good news and bad news! I got the phone to boot! I reinstalled twrp and the "magisk","no verity opt encrypt" and "disable dm verity" zips from the ext sdcard with fastboot. Twrp stated the zips installed ok but there were also some red line failure lines in the dialogue as they were being installed. I rebooted the phone via fastboot but this just resulted in it booting direct to twrp as before. I tried normal boot from twrp but it still booted straight back to twrp. I then tried selecting normal boot from the fastboot, normal, recovery option menu accessed on the Leagoo T5 by powering off the phone and then pressing the pwr and vol+ buttons together but this still resulted in it booting straight to twrp. I then decided to uninstall twrp by flashing the stock firmware recovery image to try to boot from stock recovery. I did same and rebooted from fastboot and it booted to system.
The bad news is there is an imei failure message and the sim is not connecting to the network.I googled imei failure and saw that its can happen when firmware is changed. I installed the "mobileuncle" app but according to a youtube video I watched, when I tap "Engineer Mode" there should be 2 further options available, one being MTK Mode. I am only getting one option "Engineering Mode (Android) which when I select just results in being returned to the previous menu. please say this is not a major problem!
Click to expand...
Click to collapse
It could be many reasons why device didn´t boot to system. Then to flash it you had to format data + flash DM-verity. Also is possible that this TWRP version is not completely suitable for your device or is unable to mount/unmount partitions correctly, you have to check from where you downloaded it and if some users are experiencing similar issues with it.
As per you IMEI lost, better is ever take a backup of the NVRAM through TWRP before to go further then it´ll be easy to recover it. In almost all firmwares for mediatek devices you´ll fnd inside the zips SPFT and SN Writer that is to recover your IMEI. Your IMEI is not really lost only got actually covered by blank codes due to a bad/incorrect flashing/wrong sequence firmware, so be careful what you do with Mobile Uncle tool if you´re not experimented with otherwise you´ll lost permanently.
SubwayChamp said:
It could be many reasons why device didn´t boot to system. Then to flash it you had to format data + flash DM-verity. Also is possible that this TWRP version is not completely suitable for your device or is unable to mount/unmount partitions correctly, you have to check from where you downloaded it and if some users are experiencing similar issues with it.
As per you IMEI lost, better is ever take a backup of the NVRAM through TWRP before to go further then it´ll be easy to recover it. In almost all firmwares for mediatek devices you´ll fnd inside the zips SPFT and SN Writer that is to recover your IMEI. Your IMEI is not really lost only got actually covered by blank codes due to a bad/incorrect flashing/wrong sequence firmware, so be careful what you do with Mobile Uncle tool if you´re not experimented with otherwise you´ll lost permanently.
Click to expand...
Click to collapse
I got into engineering mode via dialer code. CDS option was missing from connectivity. I installed https://m.apkpure.com/cds-mobile/com.doubleapaper.cds.cds_mobile but CDS is still missing from engineering mode
pcfreeze said:
I got into engineering mode via dialer code. CDS option was missing from connectivity. I installed https://m.apkpure.com/cds-mobile/com.doubleapaper.cds.cds_mobile but CDS is still missing from engineering mode
Click to expand...
Click to collapse
Sorry, just realised that this is the wrong app! nothing to do with cds in engineering mode! I triedhttps://apkcombo.com/common-data-service/com.mediatek.connectivity/
but got message that the file was corrupted and it would not install
I was reading a question that matched my situation: unable to access fastboot via buttons, adb reboot bootloader/fastboot, etc.
I read farther down to the answers and found quite a lengthy one that struck my interest.
“Let me explain why the Fastboot is useless..
On MediTek Device's, you dont flash new images via Fastboot because there is size limitations to each image, if you tried to flash a massive 3 GB system, it wouldn't allow you to, because of maximum flash size in Fastboot.... Instead MediaTek uses a Pre-Boot that is prior to the bootloader, it doesn't even have a GUI... This is called the Preloader on MTK Devices, and you do all your flashing using the Preloader... Usually you use a tool called SP Flash Tool for doing flashes....
Unlocking your bootloader isn't necessary, and disabling FRP is not going to make any changes to your bootloader unlocking... You flash a recovery image via the Preloader in SP Flash Tool, and then wipe the partition called FRP, and factory reset... it isn't like other Android ( HTC for example ) Htc devices need to be unlocked in order to install custom recoveries etc... this is not even a problem with MTK Device's because the Preloader gives you factory level flashing abilities.”
Previous answers on the question I had earlier said that I couldn’t do anything if I couldn’t really get into fastboot mode but is that really all though? Would the pre-loader do the trick? I know I said I’d give up trying to root the joytab but this answer made me second guess myself.
You could read the question and answers yourself under this.
how to succesfully boot into bootloader/fastboot mode on alcatel 5049z smartphone
I am having issues( i am a "novice" when it comes to unlocking a30 android bootloader with a PC...) with booting into bootloader/fastboot mode on my stock rom--android 7--Alcatel a30(non rooted 504...
android.stackexchange.com
So a while back I unlocked and rooted my phone. I did something wrong the first time around and it bricked, so I started from scratch and flashed a stock firmware image, then installed Magisk. I used TWRP, but did not install it. No problems, except the OTA updates don't work, and the phone constantly nags me about it. I had a similar problem on a prior phone (Moto G4+) when the recovery partition was modified, and flashing back to stock fixed it on that phone. I finally get around to trying to fix this, figured Magisk did something to either boot or bootloader, so I re-flash boot.img and bootloader.img using the same images and instructions I originally used to flash my phone. boot.img fails claming bad signature, but bootloader.img succeeds. Now my phone will not successfully boot and claims it needs a factory reset. If I boot to TWRP, I can decrypt and see my data is intact (I explicitly chose not to encrypt my phone for this exact reason but *shrug*). If I install TWRP, it only boots to a TWRP screen and will not accept touch input. Booting TWRP from fastboot functions normally.
So basically, my data is intact. I want it to remain intact. My bootloader is mad at me. What do I do?
I have tried flashing the bootloader.img from multiple versions of the stock ROM and all of them have the same result. Using 'fastboot flash bootloader bootloader.img'
My only theory is that the key was written to the bootloader and flashing stock it doesn't have that key, but that doesn't make sense because what's the point of encryption then (see: I explicitly did not want my phone encrypted).
Update: I was able to fix it and retain all my data by using LMSA to recover it, but I edited the flashfile.xml to remove the step where it wipes userdata.