So I've became the lucky owner of two of these devices, and after hosing one and having to rebuild from scratch I want to provide some helpful information on rooting, backing up the device and general info that may or may-not be needed! So let's start this party off right!
These commands posted are for the Linux terminal, add python if using windows or play with the command line of mtkclient to figure things out, I can't assume what everyone OS's are.......
1. get yourself mtkclient from here : https://github.com/bkerler/mtkclient
follow all the steps regarding setup regardless if on Linux or Windoze!
2. BACK-UP the Full device using mtkclient, doing so will save yourself a lot of aggravation that I endured during my endeavors! This will do a Full back-up of the device by partition and place in a single file for making restore painless.
Power OFF the phone
Issue the mtkclient command via Terminal
Code:
mtk rf flash.bin
HOLD VOL+ & VOL- and plug-in the USB-C, if done correctly the phone will go into brom.
Once done backing up ( Total Time is around 60 minutes or less ) we're going to issue the last command, this resets mtkclient safely)
Code:
mtk reset
2a. Restoring you're Device
Now we're going to issue THREE mtk commands, the first is, assuming you're working in the same directory you back-up the file to.
Code:
mtk wf flash.bin
Without un-plugging, issue the next to wipe all data for a full reset.
Code:
mtk e metadata,userdata,md_udc
followed by reset
Code:
mtk reset
In the extreme case I suffered, you need to let the phone die completely if unable to enter brom the normal way, once dead follow the process as if you just turned it off.
This situation came about while I began to figure out how to get twrp working on the device.
Total size of this back-up will be around 32GB, so store in a safe place.. Also, DO NOT SHARE THIS IMAGE WITH ANYONE!!!! It contains all of the phone's sensitive info (IMEI)
Now let's talk rooting with or without bootloader-unlocked.
The good new's about this device is we can use mtkclient to bypass unlocking the bootloader for flashing a rooted boot.img patched by Magisk, the bad new's is that the phone will default to boot_b and not the boot the root boot.img so unlocking the bootloader is a must.
adb install app-release.apk that is attached, this Magisk that is designed for mtk devices and frankly has worked the best for me, once installed we're going to back-up the stock boot with the following commands using mtkclient.
Code:
mtk r boot_a boot.img
mtk reset
this will be placed in you mtkclient directory and will need transferred to the storage for patching by the Magisk app. once done we will transfer the file back to our mtkclient directory.
boot once again back into brom and issue the command
Code:
mtk w boot_a magisk_patched.img
mtk reset
keep in mind that each patched boot.img will be named different so this is not a copy and paste thing currently.
however, if you want to install an already patched version of the boot.img you can download the attached boot.img, place into your mtkclient directory and issue this command
Code:
mtk w boot_a magisk_patched-23001_nx6U2.img
mtk reset
For bootloader-unlocking, just follow the read-me file for more in-depth instructions, however this will get you going regarding the unlock.
boot back into brom and issue the following commands, if done correctly the bootloader is now unlocked. However this is needed for simple root, just flash the attached boot.img
Code:
mtk da seccfg unlock
mtk e metadata,userdata,md_udc
mtk w vbmeta vbmeta.img.empty
mtk reset
This particular guide is addressing Super.img read-writable, focusing on making all partitions write-able for the reason updating the phone with GSI Images or just needing access to add / remove files on the phone.
I found this post most helpful regarding super.img, as i had issue at first understanding boot-loops at first. https://forum.xda-developers.com/t/...s-rw-in-super-partition.4120963/post-87112415
This is assuming you are now comfy with brom, familiar with using mtk and also on Linux.
I've already done all the work need for converting hex to dec, and is a start copy of my note's and the steps I took to get things working. I'll attach the file as well for off-line use if needed as well.
First we need to back-up the super.img from the brom using the following command with-in the mtkclient directory. make a copy of this before we begin and keep in a safe place!!!
Code:
mtk r super super.img
once done we will use this tool to break down the image's into readable partition's using linux.
[TOOL][WIN,LIN,AND,DARW] Super image tools | extract or make partitions RW in super partition
Disclaimer: Super image tools was made for testing and educational purposes, ME is not responsible for what you do on/with your device using our tools, you must agree that you using our tools on your own risk, I am not responsible for anything...
forum.xda-developers.com
once you have your super.img placed into the new extracted directory, we're going to issue a command using terminal from said directory.
Code:
./superunpack.x64 super.img
next we're going to create THREE folders call system, vendor, product. ( Vendor & Product is optional if editing system only )
So lets start with system as most will only likely be editing that for rw access, so let's get down to it.
Code:
e2fsck -f system_a.ext4
resize2fs system_a.ext4 2G
e2fsck -y -E unshare_blocks system_a.ext4
e2fsck -fy system_a.ext4
sudo mount -t ext4 -o,rw system_a.ext4 system
now you're ready for system edits, once done we need to unmount the system using this command
Code:
sudo umount system
next we need to fix the system and resize it so we can add it back into the super.img following these commands.
Code:
e2fsck -fy system_a.ext4
resize2fs system_a.ext4 353376
once done we can use DD the system back into super,img, keep in mind this takes a very long time as it need to read the block and search for the offset that we're using.
Code:
dd if='system_a.ext4' of='super.img' bs=1 seek=2315255808 count=1447428096 conv=notrunc
once done we need to move the new super.img to our mtkclient folder, and flash using
Code:
mtk w super super.img
mtk reset
if done correctly it will boot with read / write access to the system partition.
again I've attached my notes that also include Vendor & Product to keep this thread to a minimum! however i will include partition sized and dd instruction here for vendor, product & system for short hand viewing on-line.
SYSTEM
e2fsck -fy system_a.ext4
resize2fs system_a.ext4 353376
dd if='system_a.ext4' of='super.img' bs=1 seek=2315255808 count=1447428096 conv=notrunc
PRODUCT
e2fsck -fy product_a.ext4
resize2fs product_a.ext4 461253
dd if='product_a.ext4' of='super.img' bs=1 seek=1048576 count=1889292288 conv=notrunc
VENDOR
e2fsck -fy vendor_a.ext4
resize2fs vendor_a.ext4 103509
dd if='vendor_a.ext4' of='super.img' bs=1 seek=1890582528 count=423972864 conv=notrunc
Last but not least, if anything this the most important part regarding Development.
Attached is the Project config make file, I've not currently tried to build this as I'm still digging into this device. However it is a nice Find as it has the build condition as well as the driver info.
some might recall this as a /proc/config.gz file but again we have no kernel source but clearly it's not impossible to build having all the info, but it's a long road.
Related
* What is Nandroid Backup v2.0?
Nandroid Backup is a set of tools and a script that will enable anyone who has root on their G1 and has the engineering/dev spl bootloader [1] (or has a dev phone) + a recovery image with busybox and adbd running as root [2] to make full system backups. These can then be restored using the fastboot [3] commandline tool and your phone in SPL/bootloader mode (hold camera + power). This allows you to create regular backups of your entire phones NAND flash so that you can restore a backup when something breaks. Its backup method works on a level that allows you to completely break, wipe or corrupt any or all partitions and still restore the phone to a working state within a few minutes. This works great for those who use their G1 for normal activities but also want to test their ideas which might break the phone, or when not having an extra G1 to keep purely as a development phone.
* Requirements for use
- Android G1 phone in recovery mode with busybox installed, including appropriate symlinks to at least tar and md5sum, as well as 'adb shell' support running as root. I recommend using JesusFreke US RC30 or UK RC8 v1.2 recovery image. You can flash the RC30 v1.2 recovery.img on your G1 if you don't want to bother constructing your own image. Of course you are free to use your own recovery image and it will work if you set it up correctly.
- dump_image-arm and mkyaffs2image|mkyaffs2image-$ARCH compiled in the current dir, as well as root on a linux/mac (POSIX) machine for constructing system and data images. root is required because the uid, gid and file permissions need to be preserved while extracting and creating the yaffs2 images. You are free to run the script as a normal user and then run the appropriate commands yourself as root; the commands are printed when you run the script as a regular user.
If you don't trust the provided binaries, you are free to compile them yourself. The source for the tools are included. For dump_image, edit nandtools/android-imagetools/Makefile so that you use the proper cross compiling gcc. For mkyaffs2img, just running make in tartools/yaffs2/utils/ should give you a binary. You are on your own in getting stuff compiled, but it should be easy to figure out from the Makefile.
* How to use this (the easy part)
Just boot your phone in recovery mode with the correct recovery.img (one that has adb shell as root + busybox installed with symlinks to tar, md5sum etc) and connect it to your pc/laptop/server. Then run the nandroid.sh script. If something is wrong or missing, it will tell you.
* What about restore?
If you have the dev phone or have root on the G1 and flashed the engineering/dev bootloader, then you can power on your phone while holding camera to get into the bootloader/SPL. It should then show some androids on skateboards (if not, you don't have the engineering/dev bootloader). Plug in your USB cable and push back until it says FASTBOOT instead of Serial0. Now you can fire up fastboot flash {partition} {file.img}.
Fastboot itself is part of the android SDK. If you download and compile your own mydroid build, it should sit in mydroid/out/host/linux-x86/bin/fastboot Perhaps in a future version I'll include a restore script, but for now I don't see the need.
One tip, if you are in fastboot mode on your phone and 'fastboot devices' doesn't show anything, try as root. You might need to edit your udev setup to allow your user to access the phone's usb device (which is different from the one you're in when in recovery or normal boot).
* Where's the source?
Sources are included. They are copies of the Android sources with various changes mostly made by Brainaid.
Everything in the zip is also also available through subversion:
svn co http://svn.infernix.net/nandroid/
Note that I DO NOT recommend checking out the latest revision unless you know damn well what you are doing. No guarantees if you play with fire. At the very least do diff against the latest released version.
* Credits
Bash script hacked together by infernix.
dump_image adapted from flash_image and extended by Brainaid.
Original mtdutils source and mkyaffs2image source by Google.
[1] http://forum.xda-developers.com/showthread.php?t=455860
[2] http://forum.xda-developers.com/showthread.php?t=443713
[3] http://www.gotontheinter.net/fastboot
DOWNLOAD HERE or:
wget http://dx.infernix.net/nandroid-2.0.zip
Originally Posted by trmacdonal
How to Restore your phone on a Windows PC using a Nandroid backup
I am going to assume you already have a Nandroid backup created on your SD card using JF 1.31's recovery Alt-B feature. The backup will create a folder called nandroid on your SD.
What you need:
The Android SDK:
Fastboot Windows Binary in this post:http://forum.xda-developers.com/showpost.php?p=3083753&postcount=1
From your Nandroid backup you need three files:
data.img
system.img
boot.img
Steps to restore your phone
1) Put the files Adb and AdbWinApi.dll from the tools folder in the Android SDK into C:\WINDOWS\System32 folder on your PC. Substitute the correct drive letter if windows is not installed on you C: drive
2) Put the Windows Fastboot.exe into the C:\WINDOWS\System32 folder on your PC
3) Create a folder on the C: drive of your PC called android. The path should be C:\Android.
4) Copy the Nandroid backup files data.img, system.img, and boot.img from your SD card to the folder called Android you created by mounting your SD card as removable disk.
5) Unplug the USB cord and power off your phone
6) Power up your phone by holding CAMERA+POWER, you should see three androids on skateboards. If you don't see this go install the Engineering boot loader
7) Plug the USB cord back into your phone and press back. The screen on your phone should say fastboot.
8) Make sure your pc is using the correct driver. Open the device manager on your pc. It is helpfull to have all other USB storage devices besides your phone unplugged for this part. Look for a USB Mass Storage device in the list of the USB devices. Right click on it and update the driver. Pick the option to browse for a driver on your pc. The driver is located in the Android SDK your downloaded in the folder called usb_driver. If this is done right you will now see a device called HTC Dream
9) Press start, go to run and type cmd (If you are on Vista just type cmd in the search box and hit enter). The command prompt will pop up.
10) Type cd C:\android
then enter the following commands:
fastboot flash system system.img
it will say Sending, then writing and say OKAY if it was successful
then type
fastboot flash userdata data.img
wait for the second OKAY and type
fastboot flash boot boot.img
wait for the second OKAY and type
fastboot reboot
Your phone should now be restored exactly as you had it when it was backed up.
This sounds great! I just recently used the other script to make a backup, but this sounds like it's been a bit more polished
I attempted to compile the yaffs2 utils under OS X 10.5 and I encountered a problem during linking:
ln -s ../yaffs_ecc.c yaffs_ecc.c
gcc -c -I/usr/include -I.. -O2 -Wall -DCONFIG_YAFFS_UTIL -Wshadow -Wpointer-arith -Wwrite-strings -Wstrict-prototypes -Wmissing-declarations -Wmissing-prototypes -Wredundant-decls -Wnested-externs -Winline -static yaffs_ecc.c -o yaffs_ecc.o
gcc -c -I/usr/include -I.. -O2 -Wall -DCONFIG_YAFFS_UTIL -Wshadow -Wpointer-arith -Wwrite-strings -Wstrict-prototypes -Wmissing-declarations -Wmissing-prototypes -Wredundant-decls -Wnested-externs -Winline -static mkyaffsimage.c -o mkyaffsimage.o
mkyaffsimage.c:120: warning: ‘yaffs_CalcNameSum’ defined but not used
gcc -o mkyaffsimage yaffs_ecc.o mkyaffsimage.o
ld: absolute addressing (perhaps -mdynamic-no-pic) used in _process_directory from mkyaffsimage.o not allowed in slidable image
collect2: ld returned 1 exit status
make: *** [mkyaffsimage] Error 1
Any thoughts? I'm heading off to google to figure out what a 'slidable image' is.
-jwb
No idea, and I don't have access to a mac. You could change the makefile and skip compiling of mkyaffsimage, you only need mkyaffs2image, but you'll probably get similar errors.
infernix said:
No idea, and I don't have access to a mac. You could change the makefile and skip compiling of mkyaffsimage, you only need mkyaffs2image, but you'll probably get similar errors.
Click to expand...
Click to collapse
Google seems to imply its a common issue, possibly solved in a later XCode rev.. We'll see how that pans out.
mkyaffs2image on mac
It built just fine for me when I did the whole mydroid build. It's in out/host/darwin-x86/bin.
Is there some way to mount the yaffs2 image, though? Does one need to do the kernel patch etc on a linux box and then use loop?
Wow this a awesome. Thanks for all the hard work everyone.
you are are ridiculous.....ly good!
so you telling me if we have root and jf's modified rc30 v1.2 and be brick our phone, there's another quarter in your pocket after you die (game over) and you can start a whole new game?
hbguy
hbguy said:
so you telling me if we have root and jf's modified rc30 v1.2 and be brick our phone, there's another quarter in your pocket after you die (game over) and you can start a whole new game?
Click to expand...
Click to collapse
If you have flashed the engineering bootloader (the androids on skateboards appear when powering on your phone while holding camera button), yes.
haha very nice ::borat voice::
P.S. For the borat fans out there, he is making a new movie, insider info baby
hbguy!
Error messages but still makes backups?
I got the following when I ran nandroid.sh on my mac. Are the error messages safe to disregard -- it seems like it worked:
Code:
nandroid v2.0
mounting system and data read-only on device
error: device not found
error: device not found
start adb portforward on port 4531
error: device not found
checking free space on cache
error: device not found
./nandroid.sh: line 152: [: -le: unary operator expected
pushing tools to /cache: dump_image-arm... error: device not found
done
Getting md5sum on device for boot...error: device not found
done ()
Dumping boot from device over tcp to backup_2008-12-19//boot.img...
error: device not found
done
Comparing md5sum...parseopts.c:76: setup_check: fopen '--status': No such file or directory
md5sum verified for boot.img
Getting md5sum on device for recovery...error: device not found
done ()
Dumping recovery from device over tcp to backup_2008-12-19//recovery.img...
error: device not found
done
Comparing md5sum...parseopts.c:76: setup_check: fopen '--status': No such file or directory
md5sum verified for recovery.img
Getting md5sum on device for misc...error: device not found
done ()
Dumping misc from device over tcp to backup_2008-12-19//misc.img...
error: device not found
done
Comparing md5sum...parseopts.c:76: setup_check: fopen '--status': No such file or directory
md5sum verified for misc.img
Getting md5sum on device for tar for system...error: device not found
done ()
Dumping tar file for system backup_2008-12-19//system.tar...error: device not found
done
Comparing md5sum...parseopts.c:76: setup_check: fopen '--status': No such file or directory
md5sum verified for system.tar
To convert system.tar to system.img, run the following commands as root:
mkdir /tmp/-system-tmp
tar x -C /tmp/-system-tmp -f backup_2008-12-19//system.tar
/Users/brock/Inbox/nandroid-2.0/mkyaffs2image /tmp/-system-tmp/system backup_2008-12-19//system.img
Make sure that /tmp/-system-tmp doesn't exist befor you extract, or use different paths.
Remember to remove the tmp dirs when you are done.
Getting md5sum on device for tar for data...error: device not found
done ()
Dumping tar file for data backup_2008-12-19//data.tar...error: device not found
done
Comparing md5sum...parseopts.c:76: setup_check: fopen '--status': No such file or directory
md5sum verified for data.tar
To convert data.tar to data.img, run the following commands as root:
mkdir /tmp/-data-tmp
tar x -C /tmp/-data-tmp -f backup_2008-12-19//data.tar
/Users/brock/Inbox/nandroid-2.0/mkyaffs2image /tmp/-data-tmp/data backup_2008-12-19//data.img
Make sure that /tmp/-data-tmp doesn't exist befor you extract, or use different paths.
Remember to remove the tmp dirs when you are done.
Getting md5sum on device for tar for cache...error: device not found
done ()
Dumping tar file for cache backup_2008-12-19//cache.tar...error: device not found
done
Comparing md5sum...parseopts.c:76: setup_check: fopen '--status': No such file or directory
md5sum verified for cache.tar
To convert cache.tar to cache.img, run the following commands as root:
mkdir /tmp/-cache-tmp
tar x -C /tmp/-cache-tmp -f backup_2008-12-19//cache.tar
/Users/brock/Inbox/nandroid-2.0/mkyaffs2image /tmp/-cache-tmp/cache backup_2008-12-19//cache.img
Make sure that /tmp/-cache-tmp doesn't exist befor you extract, or use different paths.
Remember to remove the tmp dirs when you are done.
removing tools from /cache: dump_image-arm... error: device not found
done
unmounting system and data on device
error: device not found
error: device not found
Backup successful.
brocktice said:
I got the following when I ran nandroid.sh on my mac. Are the error messages safe to disregard -- it seems like it worked:
Code:
nandroid v2.0
mounting system and data read-only on device
error: device not found
[/QUOTE]
This didn't work at all.
What I don't really get is that it continues at all, if the device isn't connected it should not even start.
It's a bit hard to tell because I don't have a mac here. Please run the following commands on your mac and post them:
[code]which adb
adb devices
BLAH=foo
echo "without $BLAH"
echo "with ${BLAH}"
I'll look at this soon, should have access to a mac sometime in the next few weeks
Click to expand...
Click to collapse
brocktice said:
I got the following when I ran nandroid.sh on my mac. Are the error messages safe to disregard -- it seems like it worked:
Code:
nandroid v2.0
mounting system and data read-only on device
error: device not found
error: device not found
start adb portforward on port 4531
error: device not found
checking free space on cache
error: device not found
./nandroid.sh: line 152: [: -le: unary operator expected
pushing tools to /cache: dump_image-arm... error: device not found
done
Getting md5sum on device for boot...error: device not found
done ()
Dumping boot from device over tcp to backup_2008-12-19//boot.img...
error: device not found
done
Comparing md5sum...parseopts.c:76: setup_check: fopen '--status': No such file or directory
md5sum verified for boot.img
Getting md5sum on device for recovery...error: device not found
done ()
Dumping recovery from device over tcp to backup_2008-12-19//recovery.img...
error: device not found
done
Comparing md5sum...parseopts.c:76: setup_check: fopen '--status': No such file or directory
md5sum verified for recovery.img
Getting md5sum on device for misc...error: device not found
done ()
Dumping misc from device over tcp to backup_2008-12-19//misc.img...
error: device not found
done
Comparing md5sum...parseopts.c:76: setup_check: fopen '--status': No such file or directory
md5sum verified for misc.img
Getting md5sum on device for tar for system...error: device not found
done ()
Dumping tar file for system backup_2008-12-19//system.tar...error: device not found
done
Comparing md5sum...parseopts.c:76: setup_check: fopen '--status': No such file or directory
md5sum verified for system.tar
To convert system.tar to system.img, run the following commands as root:
mkdir /tmp/-system-tmp
tar x -C /tmp/-system-tmp -f backup_2008-12-19//system.tar
/Users/brock/Inbox/nandroid-2.0/mkyaffs2image /tmp/-system-tmp/system backup_2008-12-19//system.img
Make sure that /tmp/-system-tmp doesn't exist befor you extract, or use different paths.
Remember to remove the tmp dirs when you are done.
Getting md5sum on device for tar for data...error: device not found
done ()
Dumping tar file for data backup_2008-12-19//data.tar...error: device not found
done
Comparing md5sum...parseopts.c:76: setup_check: fopen '--status': No such file or directory
md5sum verified for data.tar
To convert data.tar to data.img, run the following commands as root:
mkdir /tmp/-data-tmp
tar x -C /tmp/-data-tmp -f backup_2008-12-19//data.tar
/Users/brock/Inbox/nandroid-2.0/mkyaffs2image /tmp/-data-tmp/data backup_2008-12-19//data.img
Make sure that /tmp/-data-tmp doesn't exist befor you extract, or use different paths.
Remember to remove the tmp dirs when you are done.
Getting md5sum on device for tar for cache...error: device not found
done ()
Dumping tar file for cache backup_2008-12-19//cache.tar...error: device not found
done
Comparing md5sum...parseopts.c:76: setup_check: fopen '--status': No such file or directory
md5sum verified for cache.tar
To convert cache.tar to cache.img, run the following commands as root:
mkdir /tmp/-cache-tmp
tar x -C /tmp/-cache-tmp -f backup_2008-12-19//cache.tar
/Users/brock/Inbox/nandroid-2.0/mkyaffs2image /tmp/-cache-tmp/cache backup_2008-12-19//cache.img
Make sure that /tmp/-cache-tmp doesn't exist befor you extract, or use different paths.
Remember to remove the tmp dirs when you are done.
removing tools from /cache: dump_image-arm... error: device not found
done
unmounting system and data on device
error: device not found
error: device not found
Backup successful.
Click to expand...
Click to collapse
I had this problem too but disconnecting and reconnecting the usb cable fixed it.
SplasPood said:
I had this problem too but disconnecting and reconnecting the usb cable fixed it.
Click to expand...
Click to collapse
Well the script is supposed to check for a device and stop when theres a problem.
also if this can happen at all then other things might go wrong on mac too. I think mac requires bash variables to be called like #{VAR} and doesn't handle $VAR for some reason.
update on mac issues
OK, it seems it was all a problem on my end -- didn't have the correct set-up. I now have the appropriate recovery image (thought I did, but I guess I didn't) and it seems to work, except for this:
Code:
Comparing md5sum...parseopts.c:76: setup_check: fopen '--status': No such file or directory
The images and such now have non-zero filesize, though. That's an improvement over before.
yeah i've gotten some more reports. will make it mac OS X compatible soonish
I can't seem to figure out how to get this to work. If someone who knows linux can IM me, that'd be great. (or is there a way to do this on XP?)
AIM:adventninja
Thanks in advance
Does this also back up radio and htc secure nand partitions?
tranks
backed up successfully.
for those who get errors in the script.
i assume you have installed modiffied recovery image + jesusfreke's rc30v2 and
before running the script check this.
this steps involves having linux i dont know how its done in windows maybe its the same i dont know.
1: disconnect usb cable
2: check that you have adb program in your path, eg: /usr/bin/adb
if you dont know what adb is, adb is a program to comunicate with phone via usb (its not the same as transfering files between pc and g1),
adb program is found in android-sdk-linux_x86-1.0_r2, unpack it, and copy adb to your path, just google and find latest android sdk.
once you downloaded sdk unpacked it and copied the executable file adb to /usr/bin go to next step.
3: boot the phone into recovery mode ( power up the phone and holding "power + home" keys and a triangle will appear on its screen.
4: in your pc open konsole, su root, and plug your USB G1
5: type adb devices
if the response to this command is "HTC G1 bla bla.. found.", then you are ready to execute the script, it will no give errors and you will backup its contents.
if you dont see HTC G1 words, then its likely your phone was detected as "USB MASS STORAGE", and we dont want that. we need that its detected as a "HTC DIRECT ACCESS DEVICE".
a: control +c
b: killall adb (this is important)
c: unplug USB, plug it in another port,
d: go to step 5
hope it helps.
infernix said:
* What is Nandroid Backup v2.0?
Nandroid Backup is a set of tools and a script that will enable anyone who has root on their G1 and has the engineering/dev spl bootloader [1] (or has a dev phone) + a recovery image with busybox and adbd running as root [2] to make full system backups. These can then be restored using the fastboot [3] commandline tool and your phone in SPL/bootloader mode (hold camera + power). This allows you to create regular backups of your entire phones NAND flash so that you can restore a backup when something breaks. Its backup method works on a level that allows you to completely break, wipe or corrupt any or all partitions and still restore the phone to a working state within a few minutes. This works great for those who use their G1 for normal activities but also want to test their ideas which might break the phone, or when not having an extra G1 to keep purely as a development phone.
* Requirements for use
- Android G1 phone in recovery mode with busybox installed, including appropriate symlinks to at least tar and md5sum, as well as 'adb shell' support running as root. I recommend using JesusFreke US RC30 or UK RC8 v1.2 recovery image. You can flash the RC30 v1.2 recovery.img on your G1 if you don't want to bother constructing your own image. Of course you are free to use your own recovery image and it will work if you set it up correctly.
- dump_image-arm and mkyaffs2image|mkyaffs2image-$ARCH compiled in the current dir, as well as root on a linux/mac (POSIX) machine for constructing system and data images. root is required because the uid, gid and file permissions need to be preserved while extracting and creating the yaffs2 images. You are free to run the script as a normal user and then run the appropriate commands yourself as root; the commands are printed when you run the script as a regular user.
If you don't trust the provided binaries, you are free to compile them yourself. The source for the tools are included. For dump_image, edit nandtools/android-imagetools/Makefile so that you use the proper cross compiling gcc. For mkyaffs2img, just running make in tartools/yaffs2/utils/ should give you a binary. You are on your own in getting stuff compiled, but it should be easy to figure out from the Makefile.
* How to use this (the easy part)
Just boot your phone in recovery mode with the correct recovery.img (one that has adb shell as root + busybox installed with symlinks to tar, md5sum etc) and connect it to your pc/laptop/server. Then run the nandroid.sh script. If something is wrong or missing, it will tell you.
* What about restore?
If you have the dev phone or have root on the G1 and flashed the engineering/dev bootloader, then you can power on your phone while holding camera to get into the bootloader/SPL. It should then show some androids on skateboards (if not, you don't have the engineering/dev bootloader). Plug in your USB cable and push back until it says FASTBOOT instead of Serial0. Now you can fire up fastboot flash {partition} {file.img}.
Fastboot itself is part of the android SDK. If you download and compile your own mydroid build, it should sit in mydroid/out/host/linux-x86/bin/fastboot Perhaps in a future version I'll include a restore script, but for now I don't see the need.
One tip, if you are in fastboot mode on your phone and 'fastboot devices' doesn't show anything, try as root. You might need to edit your udev setup to allow your user to access the phone's usb device (which is different from the one you're in when in recovery or normal boot).
* Where's the source?
Sources are included. They are copies of the Android sources with various changes mostly made by Brainaid.
Everything in the zip is also also available through subversion:
svn co http://svn.infernix.net/nandroid/
Note that I DO NOT recommend checking out the latest revision unless you know damn well what you are doing. No guarantees if you play with fire. At the very least do diff against the latest released version.
* Credits
Bash script hacked together by infernix.
dump_image adapted from flash_image and extended by Brainaid.
Original mtdutils source and mkyaffs2image source by Google.
[1] http://forum.xda-developers.com/showthread.php?t=455860
[2] http://forum.xda-developers.com/showthread.php?t=443713
[3] http://www.gotontheinter.net/fastboot
DOWNLOAD HERE or:
wget http://dx.infernix.net/nandroid-2.0.zip
Click to expand...
Click to collapse
hey infernix, did you happen to get a mac version of this together? thanks!
Hello,
I am trying to recover from a softbrick issue. I have a BLU Studio C 5+5 LTE and therefore can't use TWRP or CWM (At least that is my assumption, maybe someone knows different). Before getting into the softbrick state I took 3 different types of backups in the hopes that one of them could be used in case it was needed. (like this)
Type 1 - I did an ADB shell backup from a completely stock device (unrooted) I used this command-
adb backup -apk -all -f fullbackup.adb
For this method I followed this guide here-
https://linuxiswonderful.wordpress.com/2015/04/04/full-backup-of-nonrooted-android/
Type 2 - I used Titanium backup and performed a complete system and application backup
Type 3 - I rooted the phone and backed up all partitions using dd after reviewing the partition layout of the device. For example, to backup the system partition I did the following at an ADB shell-
dd if=/dev/block/mmcblk0p21 of=/storage/sdcard1/firmware-img/system.img
I believe the last operation I tried before softbricking was installing the Xposed framework module for my device (running Lollipop 5.1.1).
I am able to still communicate to my device using ADB and I can get an ADB shell. or enter fastboot mode My device presently shows the manufacturer's logo when booting and gets no further.
To recover from this issue I think I have two basic options
#1 restore from backup
#2 locate the problem that is causing the system to hang at startup in the first place
At the end of the day I am trying to find the simplest, quickest method to get back up and running. Both methods are acceptable to me. I am not worried about losing any data.
My challenge/sticking point is how to turn my backups into a usable format to get me back on track or understand the boot process enough to get out of the boot loop.
The first thing I tried was mounting my raw image files created from the dd process. I followed this guide-
https://samindaw.wordpress.com/2012/03/21/mounting-a-file-as-a-file-system-in-linux/
I ran these commands-
#losetup /dev/loop0 /path/to/my/system.img
# mkfs -t ext3 -m 1 -v /dev/loop0
# mount -t ext3 /dev/loop0 /mnt
# cd /mnt
# ls
The various image files I created all seemed to mount "ok" OK meaning that the loopback mount process worked but it appears there is nothing but a lost+found folder in the mounted image. (I'm not sure why that is.)
I am still researching methods to turn my other backups into something usable for recovery purposes.
For using the adb backup file I created, this is what my understanding is-
Adb backup uses a type of compression (don’t remember what kind). I would need to uncompress the file first. After uncompressing and being able to view the file contents I would think I should be able to put together a flashable zip file of some sort.
I think the process for Titanium backup would generally be the same- uncompress/convert file format, create/assemble a flashable zip file
The last thought I had was trying to get the system to boot. To do so, I need to better understand the boot process. I am familiar with how Linux boots as I am a Sys Admin. I know Android is similar but just different enough to make me research this further. I can pull dmesg log for anyone if that will help. I was also seeing where you could use the logcat command. (That is new to me as it seems more Android specific and not used in Linux that I know of)
If there is any other info you need to see, please let me know. I made a lot of notes about the system architecture, partition layout, etc.
Many thanks in advance for your help!
XDA Visitor said:
Hello,
I am trying to recover from a softbrick issue. I have a BLU Studio C 5+5 LTE and therefore can't use TWRP or CWM (At least that is my assumption, maybe someone knows different). Before getting into the softbrick state I took 3 different types of backups in the hopes that one of them could be used in case it was needed. (like this)
Type 1 - I did an ADB shell backup from a completely stock device (unrooted) I used this command-
adb backup -apk -all -f fullbackup.adb
For this method I followed this guide here-
https://linuxiswonderful.wordpress.com/2015/04/04/full-backup-of-nonrooted-android/
Type 2 - I used Titanium backup and performed a complete system and application backup
Type 3 - I rooted the phone and backed up all partitions using dd after reviewing the partition layout of the device. For example, to backup the system partition I did the following at an ADB shell-
dd if=/dev/block/mmcblk0p21 of=/storage/sdcard1/firmware-img/system.img
I believe the last operation I tried before softbricking was installing the Xposed framework module for my device (running Lollipop 5.1.1).
I am able to still communicate to my device using ADB and I can get an ADB shell. or enter fastboot mode My device presently shows the manufacturer's logo when booting and gets no further.
To recover from this issue I think I have two basic options
#1 restore from backup
#2 locate the problem that is causing the system to hang at startup in the first place
At the end of the day I am trying to find the simplest, quickest method to get back up and running. Both methods are acceptable to me. I am not worried about losing any data.
My challenge/sticking point is how to turn my backups into a usable format to get me back on track or understand the boot process enough to get out of the boot loop.
The first thing I tried was mounting my raw image files created from the dd process. I followed this guide-
https://samindaw.wordpress.com/2012/03/21/mounting-a-file-as-a-file-system-in-linux/
I ran these commands-
#losetup /dev/loop0 /path/to/my/system.img
# mkfs -t ext3 -m 1 -v /dev/loop0
# mount -t ext3 /dev/loop0 /mnt
# cd /mnt
# ls
The various image files I created all seemed to mount "ok" OK meaning that the loopback mount process worked but it appears there is nothing but a lost+found folder in the mounted image. (I'm not sure why that is.)
I am still researching methods to turn my other backups into something usable for recovery purposes.
For using the adb backup file I created, this is what my understanding is-
Adb backup uses a type of compression (don’t remember what kind). I would need to uncompress the file first. After uncompressing and being able to view the file contents I would think I should be able to put together a flashable zip file of some sort.
I think the process for Titanium backup would generally be the same- uncompress/convert file format, create/assemble a flashable zip file
The last thought I had was trying to get the system to boot. To do so, I need to better understand the boot process. I am familiar with how Linux boots as I am a Sys Admin. I know Android is similar but just different enough to make me research this further. I can pull dmesg log for anyone if that will help. I was also seeing where you could use the logcat command. (That is new to me as it seems more Android specific and not used in Linux that I know of)
If there is any other info you need to see, please let me know. I made a lot of notes about the system architecture, partition layout, etc.
Many thanks in advance for your help!
Click to expand...
Click to collapse
Greetings,
Thank you for using XDA Assist.
There are no specific forums for your device model on XDA. However, if you create an XDA account, you can ask your questions here:
Android Q&A, Help & Troubleshooting
You will receive expert advice there.
Good luck and welcome to XDA!
In this guide a describe how you can easily fix the touchscreen issue in TWRP for Moto G 5G.
Before providing the necessary steps, I would like to express my gratitude to the guys here, especially Andrew Hexen for providing the sources and instructions to build the TWRP for this great device.
Building the TWRP from source might result in a recovery without the touchscreen support. To fix that, you can follow these simple steps.
First, we need to extract the touchscreen drivers from the phone. To do this, you need to boot to TWRP. Connect your phone to your PC, open up the terminal and type:
Bash:
# reboot to bootloader
adb reboot bootloader
# boot to recovery
fastboot boot twrp.img
Wait for the phone to boot to recovery. If your phone uses password/PIN or other forms of protection you might have to decrypt the filesystem before proceeding. You can use OTG mouse to do that.
On your PC, in terminal type:
Bash:
adb pull "/vendor/lib/modules/" <path to where you want the modules folder to be pulled>
This will pull from the phone all the necessary drivers, among those are the drivers for the touchscreen. (Probably you could pull just the touchscreen driver, but to be sure I pulled everything.)
On you PC, use Android Kitchen to unpack the recovey image. I usually use the terminal to go to the Android Kitchen folder and I run:
Bash:
./unpacking.sh <path to your twrp.img>
Then go to ramdisk folder that was created by Android Kitchen
Bash:
cd ramdisk
and manually create the following folder:
Bash:
sudo mkdir -p vendor/lib/modules
Then copy the drivers you previously pulled from your phone to this folder:
Bash:
sudo cp <path to modules folder with drivers>/* vendor/lib/modules/
In the ramdisk folder open the init.rc file. We need to open it as su user. You can use:
Bash:
sudo gedit
and then open the file from the editor.
Find the following lines:
Code:
# Load properties, Android 6.0+, vendor init lives here
on load_persist_props_action
load_persist_props
and add a line after load_persist_props so that you get:
Code:
# Load properties, Android 6.0+, vendor init lives here
on load_persist_props_action
load_persist_props
start load_modules # this is the line you must add
Use Android Kitchen to repack the image:
Bash:
cd .. # to move back to the folder where Android Kitchen is
./repacking.sh
You'll get a file called image-new.img. That's your new recovery with a working touchscreen!
I'm sure there's a better way to do this so feedback is welcome.
I tired your method and completed with a newimage file, and flastboot booted off it. Still had touch problems, files attached. Vendor.zip was placed in ramdisk\vendor\lib\modules. Any ideas?
Thankyou
PS (edit): would anything needed to be added to ramdisk/vendor/manifest.xml?
Lostwon said:
I tired your method and completed with a newimage file, and flastboot booted off it. Still had touch problems, files attached. Vendor.zip was placed in ramdisk\vendor\lib\modules. Any ideas?
Thankyou
Click to expand...
Click to collapse
Lostwon said:
I tired your method and completed with a newimage file, and flastboot booted off it. Still had touch problems, files attached. Vendor.zip was placed in ramdisk\vendor\lib\modules. Any ideas?
Thankyou
PS (edit): would anything needed to be added to ramdisk/vendor/manifest.xml?
Click to expand...
Click to collapse
PPS I am trying this on the Moto G stylus xt2043-4. I just noticed thats not the phone you wrote this for, Im going to pull and umpack my stock recovery and compre that to the Twrp3.4 image and see whats missing .
Using a Xiaomi Mi11 (rooted). Recently upgraded to MIUI 13 which is based on Android 12. Was going to do my usual TWRP backup before bringing the phone in to fix some minor problems with sticky volume keys, when I realized (!) my TWRP cannot even mount the /data partition, let alone decrypting and doing any backup.
So I started reading up on TWRP developments, and realized TWRP for now has lost its ability to see anything under /data if your phone is on Android 12.
Never a fan of things like Titanium backup where the backup is done on an app-by-app basis, so a lot of of settings like magisk modules / phone behavior, etc etc cannot be retained (at least that was my impression of it when I briefly tried those solutions). So when I decided to bring my phone in for repair anyway, I went ahead and wiped the phone clean, and had to live with losing 10 day's worth of my data - 10 days because fortunately I did a backup just before I upgraded from MIUI 12 to MIUI 13 10 days ago... (yeah could have done a lot of manual work to salvage some of the data before I wiped it clean, but I didn't bother with the tedious processes).
So I now have a fixed phone, no more sticky buttons, and restored my nandroid backup with the older MIUI 12 system (android 11 based), and not even considering moving back to MIUI 13 until there is a feasible way to do a TOTAL backup of the /data partition, in others words a nandroid backup on Android 12....
Question - is there any feasible method of doing a Nandroid Backup on an Android 12 system, with or without TWRP?
Thank you !!!
A NANDroid-backup is the bitwise 1:1 copy of existing Android system.
If phone's Anndroid OS is rooted then you always can launch a NANDroid-backup.
This can get achieved by pure ADB commands what of course requires ADB is enabled on phone.
xXx yYy said:
A NANDroid-backup is the bitwise 1:1 copy of existing Android system.
If phone's Anndroid OS is rooted then you always can launch a NANDroid-backup.
This can get achieved by pure ADB commands what of course requires ADB is enabled on phone.
Click to expand...
Click to collapse
Could you elaborate?
I can picture this issue -
if you do "adb shell" to enter terminal (or plain adb pull?) while your phone is switched on, a lot of files are being locked and/or being modified while the phone OS is running so how can someone just take a snapshot of everything under /data even with proper adb commands?
And if you go to recovery mode first, well at the present time no TWRP can access the data partition it seems. So again even with the appropriate adb commands, no copying is possible....?
Any clarification appreciated !
You would run
Code:
adb wait-for-device
adb root & adb shell "stop"
adb shell "mount -o rw,remount /data"
: run the backup command here
adb shell "start" & adb unroot
xXx yYy said:
You would run
Code:
adb wait-for-device
adb root & adb shell "stop"
adb shell "mount -o rw,remount /data"
: run the backup command here
adb shell "start" & adb unroot
Click to expand...
Click to collapse
Dear Android export @xXx yYy - wow ! This looks really promising !!
I just did a quick test by going straight to adb shell, "su", then "stop". My phone screen totally went blank, and I was amazed ! This is awesome !!! "start" and after a while the phone boots up again.
I then tried "top" while the phone is stopped. It seems to still have a few android related processes running, so I am not 100% sure if the whole system has been frozen. But you obviously know what you are talking about, and I have faith in you.
(by the way, I cannot "adb root", seems like after doing a quick search I will need to make my phone think it is a development build by patching the adbd daemon first on my phone.. suggestions on what to do appreciated)
You have just made me decide to spend the coming hours to test the following. Let me know if I should skip any of the steps below because you know it works so I don't need to waste time to validate:
1. Do a proper backup with TWRP first in case I screw up anything
2. start a terminal session with adb shell
3. "su", "stop"
4. "cd /data"
5. "tar -cvpzf /data/backup.tar.gz -C /data"
(If no error, this should be my nandroid backup...?)
6. flash phone and wipe everything clean, so it is back to brand new status, non-rooted
7. reboot phone, see if it is starting new as if I have just bought the phone
8. root the phone, then try and "stop", "delete everything under /data except /data/media", "delete everything under /data/media", "copy backup.tar.gz back to /data", "tar -xvzf /data/backup.tar.gz -C /"
9. If phone works and is back to the state immediately before backup, then restore successful
Take note that
Code:
adb root
is giving root access to adb ( adbd - read: adb daemon )
what has nothing to do with giving root access to current Android user with following shell command
Code:
adb shell "su"
Also take note that Android services aren't located in /data partition, the partition you want to back up.
With @xXx yYy 's help I think I am getting somewhere.
So essentially a "stop" command in android will stop Zygote (i.e. the mother of all app processes if I am not mistaken). Once you have stopped Zygote, I believe you are then free to make a duplicate of the entire /data environment.
So far that's exactly what I have done. Created a tar.gz file with a size of around 40GB. I believe I am halfway there in my quest to do Nandroid without TWRP, but what I still need to try is to restore the tar file after factory resetting the phone. Will be a time consuming process (as obviously I will also need to have a tried-and-true real backup created first in case I screw something up... I am doing everything on my main phone that I actually use everyday), so I will continue my experiment in the coming days.
One question I have already encountered however - I still cannot do "adb root", which would have allowed me to directly create the backup tar file AND pipe it to my PC all in one go. So far I have had to tar all within the phone, which means space will be a constraint, and it is more time consuming creating the backup file THEN think of a way to transfer that file out of the phone. Already posted a question here asking for help, and if anyone knows of a good way to get adbd to grant adb root request, please let me know.
Above all else, once I have a working method, and I have polished the process, I will be happy to share. I suspect many others are also yearning for a good backup / restore procedure on Android 12.
one can't backup /data partition this way, because tar is just a toybox applet not cabable of preserving secontext. get a gnu tar binary (for example from opengapps installer), set mount namespaces to global, set selinux permissive (if kernel allows it, important) and run from su
/storage/1234-5678 is exFAT and has enough free disk space
Code:
tar --selinux --xattrs --numeric-owner -vcpPf /storage/1234-5678/data.tar /data
/storage/1234-5678 is vfat or less free disk space
Code:
tar --selinux --xattrs --numeric-owner -vcpP /data | gzip | split -a 1 -b 1024m - /storage/1234-5678/data.tar.gz.
another approach would be loop mount some file and busybox cp -avc everything where the -c flag is responsible for secontext (proper busybox required)
--numeric-owner flag is recommended if you are planning to extract it on linux PC later
you could also exec-out straight to PC if no MicroSD Card available, but requires gzip or other compressed stream, otherwise windows will mess up linefeed with carriage return and render your file unreadable
Code:
adb exec-out "su -c 'tar --selinux --xattrs --numeric-owner -vcpP /data | gzip'" > data.tar.gz
restoring .tar.gz from TWRP is absolutely possible, it's just that TWRP can't handle encrypted userdata partition (yet)
Code:
cat /external_sd/data.tar.gz.* | gzip -d | tar --selinux --xattrs -vxpPC /
(where tar must called with full path to binary like /cache/tar or /tmp/tar, or unlink /sbin/tar applet and place binary /sbin, or just rename it gtar)
Note: bitwise 1:1 copy of apps is not possible/sufficient if you factory reset your device, because apps might save data in TEE TrustZone (which is flushed on factory reset)
Hi @seemebreakthis, very interesting discussion on Android 12 backup!
Did you reach a workable solution with this?
Since we can restore most apps from a Google backup, it seems the real issue is to recover the user settings etc. after the Google restore.
Interested in this. Any success thus far?
aIecxs said:
one can't backup /data partition this way, because tar is just a toybox applet not cabable of preserving secontext. get a gnu tar binary (for example from opengapps installer), set mount namespaces to global, set selinux permissive (if kernel allows it, important) and run from su
/storage/1234-5678 is exFAT and has enough free disk space
Code:
tar --selinux --xattrs --numeric-owner -vcpPf /storage/1234-5678/data.tar /data
/storage/1234-5678 is vfat or less free disk space
Code:
tar --selinux --xattrs --numeric-owner -vcpP /data | gzip | split -a 1 -b 1024m - /storage/1234-5678/data.tar.gz.
another approach would be loop mount some file and busybox cp -avc everything where the -c flag is responsible for secontext (proper busybox required)
--numeric-owner flag is recommended if you are planning to extract it on linux PC later
you could also exec-out straight to PC if no MicroSD Card available, but requires gzip or other compressed stream, otherwise windows will mess up linefeed with carriage return and render your file unreadable
Code:
adb exec-out "su -c 'tar --selinux --xattrs --numeric-owner -vcpP /data | gzip'" > data.tar.gz
restoring .tar.gz from TWRP is absolutely possible, it's just that TWRP can't handle encrypted userdata partition (yet)
Code:
cat /external_sd/data.tar.gz.* | gzip -d | tar --selinux --xattrs -vxpPC /
(where tar must called with full path to binary like /cache/tar or /tmp/tar, or unlink /sbin/tar applet and place binary /sbin, or just rename it gtar)
Note: bitwise 1:1 copy of apps is not possible/sufficient if you factory reset your device, because apps might save data in TEE TrustZone (which is flushed on factory reset)
Click to expand...
Click to collapse
You are a genius! That's excactly what i was searching for! Thank you!
This is a bit beyond me.. though I'm looking for a full ROM backup on Android 12. Does this work?
TWRP 3.7.0 is for Android 12 including Encryption Support (except for Samsung)
After an Update of Two magisk modules, my Ulefone Armor 11 5G staied stucked on boot logo, I can only enter in recovery or fastboot.
I try to build a TWRP, but it is not able to mount userdata.
I was able to download with the help of mtkclient all the partition on my phone, even userdata , it took 7 hours.
I wanted to load the image in linux but using mount disk imag or using the command sudo mount -o loop userdata.img ~/Armor_11_5G doesn't do anything not even an error message.
I'm wondering if the filesystem was corrupted during the update.
Is it possible to repair the fylesystem like in Windows?
Thanks
did you previously disable encryption and factory reset long time before the modules updates failed?
what do you mean mount doesn't do anything not even an error message? either it give error message or it succeed.
I didn't disable encryption before updating the modules, I already updated this modules many times.
what do you mean mount doesn't do anything not even an error message? either it give error message or it succeed.
Click to expand...
Click to collapse
That is the problem, it doesn't succed and I don't have an error message. The file is 256 Gbyte big, I don't know if it plays a role. I'm using Ubuntu 22
if phone is encrypted that's just 256G garbage. post the output of
Code:
$ parted <file> unit B print
Here are the results of parted
Code:
Error: /home/*****/Public/userdata.bin.img: unrecognised disk label
Model: (file)
Disk /home/osboxes/Public/userdata.bin.img: 249208733696B
Sector size (logical/physical): 512B/512B
Partition Table: unknown
Disk Flags:
Thanks
You may try https://www.cgsecurity.org/wiki/TestDisk_Download
I'd be glad for your feedback.
sorry thought it's whole disk, but it's only 232G file therefore parted won't print partition table
does apply to FDE only
assuming this file is dump of single userdata partition, open with HxD editor. if the partition image is not encrypted, you will see lot zeros within first 1024 bytes.
in that case you can check for file system type is ext4 or f2fs.
Code:
$ xxd -l 1080 dump.img | grep 53ef
$ xxd -l 1024 dump.img | grep 1020.f5f2
But most likely the userdata partition is encrypted, therefore no way to recover data offline.
The easiest way not to load Magisk modules is, not to load Magisk. Flashing stock boot.img will solve it.
Beware, in case you disabled encryption beforehand, booting stock boot.img will force encryption. This may take long time without notice.
I never disabled encryption, I don't know if Magisk do it without informing. I used this phone for an year without a problem.
After the update I left the phone on for one night but nothing happens. I tried to reflash the stock boot image, and again a whole night wait, but again nothing happens.
Reading the fstab the file system should be ext4.
The file is the dump of the whole userdata partition of my Ulefone Armor 11 5G.
I did a backup of the whole system before doing any experiment so if the partition table is corrupted maybe if I reflash back the userdata partition with a working partition table I have again access to the datas.
there is no partition table in userdata partition, I just gave you wrong advise. because the phones total storage is 256G, I made wrong assumptions (you can view partition table from file pgpt.bin)
full 1:1 backup is impossible for FBE encryption because encryption keys are stored in TEE. once you factory reset device backup of userdata + metadata becomes useless.
fstab doesn't tell you what file you just have dumped. if you can't find ext4 super magic (#7) it's impossible to loop mount that file (and impossible to decrypt on linux PC)
if you can't fix boot-loop by stock boot.img then it's unrelated to magisk modules. you can however enable adb in default.prop and capture adb logcat during boot-loop for further analysis. you could also inject own script that deletes some files (only DE encrypted files, CE encrypted files requires lock screen credentials aka pin/pattern)
boot this TWRP and get log from adb
Code:
$ fastboot boot recovery.img
$ adb shell twrp decrypt '1234'
$ adb pull /tmp/recovery.log
https://twrp.me/faq/openrecoveryscript.html
full 1:1 backup is impossible for FBE encryption because encryption keys are stored in TEE. once you factory reset device backup of userdata + metadata becomes useless.
Click to expand...
Click to collapse
With mtk client I was able to do the backup of tee1 and tee2 and also of gpt_backup and gpt_main.
$ xxd -l 1080 dump.img | grep 53ef
$ xxd -l 1024 dump.img | grep 1020.f5f2
Click to expand...
Click to collapse
Doesn't produce any results.
I have immediately the command prompt.
you can however enable adb in default.prop
Click to expand...
Click to collapse
How can I do that? Which value should I change in default.prop?
so your "backup" is encrypted. please note Trustonic Kinibi is TEE OS running in secure memory one can't access or backup with mtkclient. the tee partitions in phone storage do not contain any encryption key (none of the partitions does, secure memory is not even a partition). the only crypto related partition is metadata used for keydirectory of metadata encryption (on top of FBE encryption) but it is useless for backup purposes.
yes you can modify default.prop in boot.img, ro.secure=0 should give root access.
https://forum.xda-developers.com/t/...hone-with-broken-screen.2965462/post-85905033
Code:
ro.secure=0
ro.debuggable=1
persist.service.adb.enable=1
in case the default.prop modification is not sufficient, you need additional command to be executed as root.
Code:
# settings put global adb_enabled 1
as you installed magisk, you could use magisk overlay.d/sbin/ for running startup script.
https://forum.xda-developers.com/t/...ithout-losing-your-data.4383255/post-86934375
aIecxs said:
boot this TWRP and get log from adb
Code:
$ fastboot boot recovery.img
$ adb shell twrp decrypt '1234'
$ adb pull /tmp/recovery.log
https://twrp.me/faq/openrecoveryscript.html
Click to expand...
Click to collapse
How about this TWRP? it should be able to decrypt userdata. if decryption failed, provide recovery.log
Until tomorrow I cannot do a logcat and I cannot find my view logcat on my laptop.
I unpacked boot.img with Carliv Image Kitchen and there is no default.prop, that is present in the recovery as prop.default.
Is there a way to backup secure memory of Trustonic?
How about this TWRP? it should be able to decrypt userdata. if decryption failed, provide recovery.log
Click to expand...
Click to collapse
I already tried that version but it cannot decrypt, that' why I'm trying to build my own version of TWRp with the help of the creator of that version of TWRP, but I'm stucked.
oh, you know how to build TWRP with proper FBE + metadata encryption support? have a look at other Oppo devices how they did... good luck.
regarding default.prop in boot.img (it's a symlink to system unfortunately) you can do it the other way
use magisk overlay.d/sbin/
create a boot script that does the thing with resetprop -n <prop_name> <prop_value>
don't use outdated Carliv Image Kitchen! use osm0sis AIK from link above.
oh, you know how to build TWRP with proper FBE + metadata encryption support? have a look at other Oppo devices how they did... good luck.
Click to expand...
Click to collapse
I'm learning.
I try to integrate the decryption service following the suggestion of ADeadTrouser on Github, but the service doesn't want to start and I don't understand why.
I never checked Oppo, I will take a look at them also, thanks for the suggestion.
I think I figured out now the adb logcat at least. hope that helps
https://forum.xda-developers.com/t/accessing-my-phone-with-a-dead-screen.4542763/post-88016019
I tried your script butr nothing happens, the telephone is not listed when I type
Code:
adb devices
and if I type
Code:
adb logcat
I receive the message waiting for device
you might follow the thread
wenyendev said:
You may try https://www.cgsecurity.org/wiki/TestDisk_Download
I'd be glad for your feedback.
Click to expand...
Click to collapse
I run the software on the image and it identify the contents and can read the encrypted and not encrypted part, that means that all the files are there, but I cannot mount in Linux or in TWRP
The fact that I cannot mount in Linux or TWRP the userdata image/partition can be that is corrupted the partition or the file index?
That would also explain why the script for Magisk provided by aIecxs is not able to copy the adb_key from the cache in the data partition.