WARNING messages created byROM kitchen log files - MDA, XDA, 1010 Software Upgrading

I have been playing around in the kitchen the past days and managed to cook several 'version' of ROMs. Each always produced the same error message, as below:
echo Warning: OS type not detected, you may need to set tounicode variable manuallywrite xip block starting at 81740000, with 7 fileswrite xip block starting at 81b00000, with 122 files!!! your rom is not known to me: md5: 1cd007bbffa268b12b7968cabb7cc75fthis bootloader seems to be V5.22 2003-05-15 17:46:55no operator rom found80000000 - 80040000 -- bootloader 0 files 1 modules80040000 - 8015d5cc 9 XIPKERNEL 5 files 5 modules80180000 - 80375bdc 8 KERNEL 10 files 14 modules80380000 - 8064306c 7 OS 20 files 36 modules80670000 - 80be66a8 6 SHELL 107 files 88 modules80c00000 - 8102ce98 5 BROWSING 11 files 36 modules81050000 - 813ef114 4 COREAPPS 95 files 44 modules81400000 - 815d2238 3 EXAPPS 34 files 7 modules815f0000 - 8171bc7c 2 PHONE 56 files 19 modules81740000 - 8177ffec 10 XDA_DEVELOPERS1 7 files 0 modules81780000 - 81781c34 -- xip chain 11 xip entries817c0000 - 81ae4338 1 MISC 109 files 42 modules81b00000 - 81e1904c 11 XDA_DEVELOPERS2 122 files 0 modules81ec0000 - 81ee5800 -- bitmap : ffffffff .. ffffffff../rom.exe: found a preamble of 31232 bytes adding: English/NK.nbf (deflated 47%)
-------------------------------------------
Does it mean anything? Is this normal?
I have used one of the newly created ROM and installed it in my XDA. The installation went smooth. But now after 12 hours usage my XDA run unusually sluggish...i.e. when I tapped a menu, the response took a good 3 secs or even much longer on some menus...
I just did a hard reset and everything seemed to be fine (for now), but now I am concerned if this thing will happen again.
Has anyone experienced this before? Could any one please be so kind as to give me a short explantion?
BTW, this website is the coolest thing I have ever experienced in my 17 years of internet browsing. Simply the best!!

I have experienced similar warning msgs on the logs. I think they are pretty normal, but the ROMs work fine.
Abt the slow response - I had similar problems with my device initially. After lots of research, I found that the problem was the stk.lnk file in the startup folder. Once I removed this, all was fine.
The ROM kitchen does this for you now.
Also select "fix multiple reset bug .. " as well.
hope this helps

Ignore this warning. It just means the 4.x ROMs aren't in the database of known ROMs yet. Lazyness on our part...

sps: appreciate your kind reply and advises. Did all that ...actually ..
another small problem I just found when i turned on the unit, the xda started a soft reset automatically (i.e. i did not press the soft reset button at all). On another occasion, the unit went off as soon as the back light went off. (my battery was fully charged).
sorry if i asked too many small questions like this, but i wanted to know if anyone else experienced these and that if it is some bugs from WM2003 or something else. I don't mind with all these teething problems, as i always like to try new things. But I need some advises/ comments.
xda-developers : thank you for your prompt n effective explanation..
cheers..

Related

Help - MEGABRICK

Hi
Yesterday with SEUS my X10 is bicked, today i try all this ways and all the same result BRICKED.
1º Several times with SEUS, 2 pcs, and not installed.
2º pccompanion connect to X10 but not identifie.
3º flashupdate with step 1 of root way, several times, KO
Code:
INFO: <<<ERR_SEVERITY="MAJOR";ERR_CLASS="PROTOCOL_CLASS";ERR_STATIC="UNVALID_COMMAND";ERR_DYNAMIC="";
30-jun-2010 12:11:52 X10flash writeCmd
INFO: write(cmd=10) (finish)
30-jun-2010 12:11:52 X10flash readReply
INFO: <<< cmd=10,flags=0,length=0
30-jun-2010 12:11:52 X10flash writeCmd
INFO: write(cmd=4) (finish)
30-jun-2010 12:11:52 X10flash readReply
INFO: <<< cmd=4,flags=1,length=0
30-jun-2010 12:11:52 X10flash run
INFO: ###test end.
4º With special pack unbrick XIOFUB, the same result, KO
hotfile.com/dl/44983907/9d54b5e/XIOFUB.rar.html
5º With Omnius, the same result, KO
Code:
13:11:49 Flash
13:11:49 Allows to change languages supported by the phone and upgrade its firmware.
13:11:49 Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
13:11:49 Application version: 0.04.2151 (beta)
13:11:49 . The action name is 'Flash'
13:11:49 Selected phone type: Xperia™ X10
13:11:49 i Instructions
13:11:49 i 1. Make sure the phone battery is charged to at least 50%.
13:11:49 i 2. Switch off the phone!
13:11:49 i 3. Remove the phone battery and wait at least 5 seconds before reinserting it!
13:11:49 i 4. Press and hold the return back button, then connect the cable to the phone!
13:11:49 . The action started waiting for the user
13:12:31 . The action finished waiting for the user
13:12:31 Conectado por medio de Dispositivo Flash USB SEMC (USB1)...
13:12:31 Version del controlador: 2.2.0.5
13:12:31 Cip detectado: QSD8250
13:12:31 Modo de Arranque: EROM
13:12:31 IMEI:
13:12:31 Enviando Cargador...
13:12:33 Establishing connection to the server...
13:12:38 Receiving news...
13:12:39 i No news
13:12:40 Actual credit: 0.00
13:12:46 Writing file R1FA016_APP_SW_RACHAEL_GENERIC_1227_4612_S1_SW_LIVE_AC12_0001_S1_PARTITION.zip...
13:13:16 e ¡Fallo!
13:13:16 . The action entered shutdown phase
13:13:16 . The action reported failure
Error code
# C882780696072EA7
Detalles del error
---
11 2C C9 F3 6E FE 3A DF 5C 3D FE F8 38 EA 82 99
EE D9 94 3C B0 8F 36 FB 3D B5 B1 B8 86 08 EE A7
44 5B AA 5E 60 2C A6 D1 86 58 4C 8A E8 79 A2 23
11 08 38 33 3E 30 EA 6F D4 29 2A D4 0A 7E 9C 18
DC B5 8A 47 D4 C6 F8 BF B2 4C C2 35 08 29 3E C9
14 65 FA E3 70 CF A4 62 F4 3D CE 0B 18 76 AE 99
04 EB 62 74 CE B3 9A 01 04 1D A2 D5 D8 C3 D6 3C
61 E8
---
6º With Davinci, the same result, KO
Code:
Getting Software List From Server For: X10 / 0001 / Red...
SELECTED: Flash / Debrand / Re-Brand [SonyEricsson] X10 / 0001 / Red / R2BA020 / O2 DE/LUSTER WHITE (1233-2794/R14A | GENERIC)
Script Execution Started...
Checking Files...
Downloading 85Kb...OK! (1 sec)
Downloading 16268Kb...OK! (47 sec)
Downloading 131984Kb...OK! (413 sec)
Starting up...
Script initialization. Please wait...
Loading S1 Loader... OK
20091222 15:39:00 S1_LOADER R4A024 1226-2250
Memory Stick: 8GB
Opening TA...OK
Reading TA Please Wait...OK
Closing TA...OK
Opening MiscTA...OK
Reading TA Please Wait...OK
Requesting Account Status...OK
User: 49574 / Credits: 0 / Counters: 10
Writing TA Data...OK
Writing APP-SW/amss_fs.sin...OK
Writing APP-SW/apps_log.sin...OK
Writing APP-SW/amss.sin...OK
Writing APP-SW/fota0.sin...OK
Writing APP-SW/fota1.sin...OK
Writing APP-SW/recovery.sin...
Error! SIN Body Block Not Accepted! Done 0x575000 of 0x575880
Writing APP-SW/dsp1.sin...
Error! APP-SW/dsp1.sin Header Is Not Accepted!
Writing APP-SW/boot.sin...
Error! APP-SW/boot.sin Header Is Not Accepted!
Writing APP-SW/cache.sin...
Error! FSP/cache.sin Header Is Not Accepted!
Writing APP-SW/preset.ta...FAILED
Error! SIN Body Block Not Accepted! Done 0x575000 of 0x575880
Writing APP-SW/dsp1.sin...
Error! APP-SW/dsp1.sin Header Is Not Accepted!
Writing APP-SW/boot.sin...
Error! APP-SW/boot.sin Header Is Not Accepted!
Writing APP-SW/cache.sin...
Error! FSP/cache.sin Header Is Not Accepted!
Writing APP-SW/preset.ta...FAILED
Failed To Write: 0x08FD Size 0x0010
Writing FSP/system_S1-SW-LIVE-AC12-0001-S1-PARTITION-WITH-SPARE.sin...
Error! FSP/system_S1-SW-LIVE-AC12-0001-S1-PARTITION-WITH-SPARE.sin Header Is Not Accepted!
Writing FSP/userdata_S1-SW-LIVE-AC12-0001-S1-PARTITION-WITH-SPARE.sin...
Error! FSP/userdata_S1-SW-LIVE-AC12-0001-S1-PARTITION-WITH-SPARE.sin Header Is Not Accepted!
Writing TA Data...FAILED
Starting Advanced Section...
Closing TA...FAILED
Shutting Down...OK
Your X10 Has Been Successfully Updated!
Execution Time - 00:10:07
Done!
Loading User Info...
User: / Credits: 0 / Counters: 10
You are, of course putting the device into flash mode each try right?
what do you mean by bricked? bricked usually means unable to do anything including flash roms....
x edude03, of course always put return key and x10 is in flash mode.
x dan-htc-touch, bricked is like you say, power on my x10 and in 30/40 seconds one phone with warning appear in the screen.
May be this problems is by status battery < than 50% ?
thanks a lot
alucine
alucine said:
x edude03, of course always put return key and x10 is in flash mode.
x dan-htc-touch, bricked is like you say, power on my x10 and in 30/40 seconds one phone with warning appear in the screen.
May be this problems is by status battery < than 50% ?
thanks a lot
alucine
Click to expand...
Click to collapse
I have a feeling that is has to do with an incompatible baseband (amss) currently on your phone, and the OS image...
the easy way: why don't you try the root method again?
rodrigofd said:
the easy way: why don't you try the root method again?
Click to expand...
Click to collapse
rodrigofd, if you look first post "way 3" is with root method of this forum, "way 4" is unbrick method of this forum, "way 5" is with Omnius server, and "way 6" is with Davinci server.
I think that is impossible, that 4 differents methods fail.
My last theory is battery status, it is possible to update firm with less than 50% battery ?
May be my X10 brick has less than 50% battery and ALL method fail buy this...
Anybody can updated x10 with less than 50% battery ?
Thanks agains.
alucine
P.D: Gracias amigo, desde Madrid
I updated yesterday, using Omnius, with 38% battery. Then I rooted it. No problems here.
when you tried with omnious , did you try to flash with software that was for your version of the x10, ie, did you use x10a software with an x10a or x10a software on a x10i?
my bricked phone came back to life only after flashing with the correct version of the software
instigator008 , sure that with 38% battery ? you are the first my friend
hondaguy, i sure that firmware is for X10i
by bricked you mean that you have a phone with a triangle on screen?
If so, I had the same problem.
what I did was to flash the latest firmware R2. This booted the phone for me.
Grab the flash tool, and download the Telenor R2 version from here
forum.xda-developers.com/showthread.php?t=683793
backup system.sin and userdata.sin from the flash folder, and rename the files that you got in the R2 rar to system.sin and userdata.sin (userdata.sin should be the file that is 5kb)
and then flashed it, this fixed the issue
stop what you are doing and start with the BASICS.
first of all if your phone goes to yellow triangle then it is not bricked so stop worrying
secondly re download an omnius firmware of your choice ( i suggest UK generic r1b0016 as it will prepare you for root )
i tell you to re-download because your old download may be corrupt
extract the file you downloaded so you get the 2 .zip files
try omnius again. large zip in top , small zip in bottom
if that fails then try from different a computer.
What version of Omnius are you using and where did you get the firmware that you are trying to flash through it from?
Also can you add how you "stuffed" it exactly.
Global Generic R1FA016 for Omnius:
http://www.2shared.com/file/rWZ3YeGm/X10i_GLOBAL_GGL_GENERIC_1232_9.html
http://www.megaupload.com/?d=0JMUI3I5
R1FA016_APP_SW_RACHAEL_GENERIC_1227_4612_S1_SW_LIVE_AC12_0001_S1_PARTITION in as the application file and
R7A_R1FA016_FSP_X10i_GENERICGLOBAL_GGL_GENERIC_1232_9897_S1_SW_LIVE_AC12_0001_S1_PARTITION_WITH_SPARE as the customised file.
and also have you tried emptying your blob_fs folder and getting SEUS to do a repair with its own files ? rather than with the 2 files you put in
andy8271 said:
and also have you tried emptying your blob_fs folder and getting SEUS to do a repair with its own files ? rather than with the 2 files you put in
Click to expand...
Click to collapse
Ok, bad thing what you have there. Seems like part of the erase/write procedure for the recovery image has crashed. What might mean you have a hardware problem (and seus crashed because of that) or some essential area has got corrupt.
First pick omnius and try to backup the Trim Area (TA). Just in case you might need it, and to check it still exists.
Pick Any of the rooting packages, and from step1 move all SIN files EXCEPT loader.sin to another folder.
Then, one by one, go flashing those files, in no particular order, but one by one:
amss first
dsp second
amss_fs
apps_log
boot
fota0
fota1
system
userdata
recovery
If any of them give any kind of error, the rest won't flash. If it always get stucked on recovery, you probably have a bad block on the flash chip, and you should go to a service center, tell them you were updating with SEUS and it crashed. See if you can get a swap.
alucine said:
My last theory is battery status, it is possible to update firm with less than 50% battery ?
May be my X10 brick has less than 50% battery and ALL method fail buy this...
Click to expand...
Click to collapse
Yes it might completely fail with less than 50% battery, I myself had one rooting routine where my battery dropped from 60% to less than 10% in a full ROM flashing. So the guy who did it with only 38% just had a lucky run period.
I can't remember where it was posted but I did see a post from somebody who failed flashing with 48% of battery power.
So before starting any recovery attemp I'd suggest you let your X10 load up to a full 100% (when the led turns off) before trying anything else. I also noticed that when loading the battery directly from a power outlet it loads faster than from powering from USB.
alucine said:
instigator008 , sure that with 38% battery ? you are the first my friend
hondaguy, i sure that firmware is for X10i
Click to expand...
Click to collapse
My impression is the 50% battery is a recommendation for safety, not a must have to proceed.
Hi guys, this morning my battery in another X10 say 30% left only...
My X10 with the battery of a friend, not work update firmware, pccompanion, SEUS and flashtool.
This afternoon i will go to oficial SE support of my city, i hope that will be revive
while rooting yesterday, i left my phone in flash mode for around 20 mins
and from 80% battery it dropped to 10%
if you try rooting or restoring firmware with only 30% battery you are asking for trouble!
I guess I was lucky then lol.. had around 35-40%
Sent from my X10i using XDA App
alucine said:
Hi
Yesterday with SEUS my X10 is bicked, today i try all this ways and all the same result BRICKED.
[/CODE]
Click to expand...
Click to collapse
You mean that its bricked while you used SEUS update?
If this is true and you cannot run X10flash or others again you have a nand failure (hw related).
Then please connect SE and let it fixed by them. I know exactly one person with the same problem, they replaced his device directly .
Regards
Bin4ry

Proximity Sensor Problem

Hi all,
Like many of us, I managed to kill a digitizer on my HTC Aria. Replaced the blasted thing, and now I find my proximity sensor is really sensitive. It's locked in proximity mode (Z-devicetest shows distance 0) in normal conditions.
If I pull off the digitizer, so the prox sensor has a clear path in front of it, it goes out of proximity state and Z-devicetest shows the distance as 1 (and the display works properly during calls, speakerphone works, etc) ...
If I slowly move the tip of my finger towards the prox. sensor, digitizer still removed, Z-devicetest shows it flip from 1 to 0 (out of prox to in prox) as my finger gets within ~2 inches.
So it seems the prox. sensor is working but is too sensitive.
Is this the normal failure mode of a CM3602 prox sensor (read: i dropped it, and not only broke the digizer, but took out the prox sensor too!) .. or, is there some sort of calibration i need to do?
Anyone have a USA source of the CM3602? My usual suppliers digikey and mouser don't carry this component..
*curses self* shoulda listened to my friend who warned me this phone is real easy to bust
There is a guy in the accessories board that is selling parts of his aria. I'd link ya but I don't know how from this app.
Sent from my Liberty using XDA App
Right on.
I didn't want to butcher this poor little POS more so I figured out how to turn the bloody sensor off in software.
append
gsm.proximity.enable=false
to /system/build.prop
or just uncomment the line if you have an editor.. but you can just cat >> build.prop in the shell and type in the line. No editor needed.
Must do this via adb shell with phone in clockwork, otherwise nand is lokt. boo. dev eng hardware doesn't have that problem... stupid consumer devices!
So do you just start Android sdk and then type the following.
append (enter)
gsm.proximity.enable=false (enter)
or is there more to it. I really need to get this disabled.
I tried to do it with ASTRO but it doesnt save my changes.
/system/build.prop is a standard text file.
Remember that stuff in /system is protected, I find the best way to deal with the /system partition is through clockworkmod recovery.
a. Disconnect USB, reboot into clockworkmod recovery
b. Mount the /system partition from the partitions menu
c. Connect USB to a system with adb
d. adb pull /system/build.prop
e. Edit file with your favorite text editor to append gsm.proximity.enable=false
f. adb push build.prop /system/build.prop
g. unmount /system from clockworkmod recovery partition menu
h. reboot phone, receive bacon
If you don't have clockworkmod recovery, just use unrevoked to install it
Oh, i should also say CM6 (and maybe all of Froyo images?) do not honor this setting.
Thank you I will try this when I get home..
I may have an issue because if I open build.prop with root explorer it says...
# try to disable proximity sensor in call by default
# gsm.proximity.enable=false
This is located almost at the bottom of the page does this mean I am sol. It is the liberated Rom and I haven't done anything to it.
Sent from my HTC Liberty using XDA App
Just remove the # ...
# gsm.proximity.enable=false
..to
gsm.proximity.enable=false
thank you so much..... you may be oh wait you are the FN man.
ok so if froyo images dont honor this does that mean when we get froyo I shouldn't upgrade.
anyway thank you so much now I can use my phone again, I didn't realize how much my Pure was dated till I had to use it for a few days.
Glad that helped
I didn't find a property in Froyo that disabled the proximity sensor. Maybe there is one, maybe there is not. I went another method..
Code:
# hexdump -C /system/lib/hw/sensors.liberty.so | grep -C3 dev/cm
00001b10 54 5f 54 46 4c 41 47 20 65 72 72 6f 72 20 28 25 |T_TFLAG error (%|
00001b20 73 29 00 45 43 53 5f 49 4f 43 54 4c 5f 41 50 50 |s).ECS_IOCTL_APP|
00001b30 5f 53 45 54 5f 4d 56 46 4c 41 47 20 65 72 72 6f |_SET_MVFLAG erro|
00001b40 72 20 28 25 73 29 00 2f 64 65 76 2f 63 6d 66 75 |r (%s)./dev/cmfu|
00001b50 6b 74 00 43 41 50 45 4c 4c 41 5f 43 4d 33 36 30 |kt.CAPELLA_CM360|
00001b60 32 5f 49 4f 43 54 4c 5f 45 4e 41 42 4c 45 20 65 |2_IOCTL_ENABLE e|
00001b70 72 72 6f 72 20 28 25 73 29 00 2f 64 65 76 2f 6c |rror (%s)./dev/l|
Offset 1b48 in /system/lib/hw/sensors.liberty.so defines the device name of the proximity sensor, normally /dev/cm3602.
Hexedit the file to change the name of the device to something that doesn't exist, and you will no longer use the proximity sensor.
Nasty and totally the wrong way to do this, but it worked for me. I suppose I could have dug through source code to check for a flag to disable the sensor, but that takes more time and is far less hacking fun than hex editing a system library If I didn't want to live dangerously I'd stick with the stock ROM lol.
Thanks again I will check back when group comes out if I can't figure it out. I am going to stick with the liberated Rom till we get the official Rom and it gets liberated.
Sent from my HTC Liberty using XDA App
Not a bad idea if you're happy with 2.1 and Sense
Yeah I really like the sense UI so I will stay with 2.1 until a 2.2 with sense is available.
Sent from my HTC Liberty using XDA App
Thanks for this info. Just changed CM3602 to XM3602 and it stopped.
I just upgraded to the new attn1 2.2 Rom with sense and I used the same fix you gave me for the 2.1 Rom and it worked so I guess that fix will work on all sence roms.
Sent from my HTC Liberty using XDA App
I just used hexeditor on my phone ( fr 2.2) and went to the location you noted 00001b48 but nothing there. I went on looking and found it on a few lines starting at 00002090. but which value do I change to get it to disable. If you could look at this for me it would help alot.
nrvate said:
/system/build.prop is a standard text file.
Remember that stuff in /system is protected, I find the best way to deal with the /system partition is through clockworkmod recovery.
a. Disconnect USB, reboot into clockworkmod recovery
b. Mount the /system partition from the partitions menu
c. Connect USB to a system with adb
d. adb pull /system/build.prop
e. Edit file with your favorite text editor to append gsm.proximity.enable=false
f. adb push build.prop /system/build.prop
g. unmount /system from clockworkmod recovery partition menu
h. reboot phone, receive bacon
If you don't have clockworkmod recovery, just use unrevoked to install it
Click to expand...
Click to collapse
I am trying to use these steps to disable the sensor, but I am having issues pulling build.prop.
In the command prompt, I enter in:
adb pull /system/build.prop c:\
And receive:
264 Kb/s (4695 bytes in .012s)
The issue I am having is that I cannot find where adb stores the file on my computer. It's not in the c:\ directory. It's not in platform-tools folder. I did a search, and nothing came up
Any suggests would be really appreciated.
Thanks!
I'm confused - why are you guys disabling the proximity sensor???
Is it because you improperly installed a new screen?
Might as well use duct tape to hold the new screen on and then JB Weld the back case. Seriously guys, do things right and take the screen back off and install it the right way.
kaschenberg,
I dropped my phone, shattering the screen; resulting in a lot of fractures in the glass where the sensor is located. The phone and screen works when I add pressure to the upper right corner, leaving me to believe the sensor is being interrupted by the fractures. I am hopeful, as a temporary fix, that if I can disable the sensor, the phone will work more optimally until I replace the screen.
- Thoughts?

Possible reason for HD2 CoreDroid HD GB 2.3.3 V2 slowness

Seems like having SD card inserted causes high IOWait.
User 1%, System 3%, IOW 95%, IRQ 0%
User 5 + Nice 0 + Sys 10 + Idle 0 + IOW 291 + IRQ 0 + SIRQ 0 = 306
Currently running smsBackup+ that restores sms messages from Gmail (1 message in 4 sec)
This also seems to cause reported installation issues:
(thread http://forum.xda-developers.com/showthread.php?t=926507)
Installed several times myself... waited up to 0.5 hour.. still splash screen.
Several processes (com.android.phone, etc) got "Force" or "Wait" messages.
Only after connecting ADB console was i able to see that android was still initializing.. waited for longer and in the end ~1 - 1.5 hours phone booted up.
Are you affected? .. Try removing SD card.. does HD2 boot up within 10 min.? .. then probably you have the same issue.
(not really usable with no SD card.. settings are lost on each boot)
This is discussed very often in the developing thread that you already mentioned: Dev Thread
The first time it needs a lot of time - in my case it was more then one hour before the splash screen was away - for the FCs just press the "Wait" button and wait - after the first time it will become less and less and the device will work quite fast (just the known bugs are still there).
Some people told that they had to wait for 2 or one even for 4 hours before the splash screen was away. I had very strong problems with installing and it did not disappear after 6 hours.
If you have that try the following:
1.) data wipe
2.) d-cache wipe
3.) starting in MAGLDR
4.) USB flasher / DAF.exe
5.) recovery menu / cwm partition sd card (1024/0M)
6.) mounting and transfering .zip
7.) install .zip
8.) reboot
hope i got you right

[GUIDE] Recovering Recovery/Obtaining SKB

Recently I decided to upgrade to ICS. True ICS, new bootloader and stuff from my quazi-ICS install (HC bootloader, ICS rom)
This sounds easy, however, my recovery was too old!
Being used to using my forgiving Samsung SGS2X, I just flashed a NEW recovery while IN recovery - thus REMOVING recovery. (rather than using the problem-free Acer Recovery Installer via google play like smart people do)
Heres where it begins.
symtoms:
-Boots to ACER logo and stops
-Refuses to read update.zip package from microSD/USB (likely, as the recovery was corrupted!)
-I can enter APX mode however.
I have no recovery, no boot, no ADB mode, no way to read internal flash.
I did do a NANDROID backup, which is immensely important and EVERYONE should have at least ONE of these, due to your UID being recorded. This is where my problem came in. The NANDROID backup was on the internal storage!
So, I have a tablet that has no recovery, won't update.zip install, but WILL get to APX mode. I have NO UID, no SKB, no NANDROID backup. Solution is to send to acer? I think not!
Theres some brilliant people on this forum. One post in particular was golden. http://forum.xda-developers.com/showpost.php?p=23783875&postcount=9 by eppeP
"If you can get the device into APX mode it will answer the first read request with the UID."
This is 100% true, and he provided a simple source example but little instructions. I hope I can elaborate and make someone elses life easier.
Requirements:
-Ubuntu (I used 12.04 LTS)
-microUSB cable
-powered tablet (can't be dead)
-paper clip, tac, needle - something to hit reset with
-patience
Boot Ubuntu, can be from CD/DVD/USB/network or installed copy
Install GCC, lsusb, libusb-1.0.x, libusb-1.0-dev - you NEED these! (hoping these are the only ones required for fresh installs)
Grab the code eppeP posted and save to a text file as apx.c
fire up terminal, browse to where the apx.c file is ('cd /home/<user>/Desktop/APX' for me)
run the following commands
sudo su
gcc apx.c -o apx -lusb-1.0
You should now have a file called apx on your desktop, that is ready to run.
If you get errors, you are likely missing a package. This should be fairly straight-forward, but refer to google and post the results please!
Next, pop your tablet into APX mode - plug in microUSB, hold the RESET button, and press power for around 4 sec. Windows gave me a 'usb detected' noise but Ubuntu just don't care.
Now run the following commands (assuming same root terminal permissions. If not run sudo su beforehand)
./apx
the terminal window should spit back to you a 15 character UID if everythings correct. 0x123456789ABCDEF (yours should be different combos of those hex values)
Proceed to guard this with your life! (although now you know how to retrieve again provided APX works)
now visit http://vache-android.com/v1/index.php?site=sbk MOD EDIT: Link no longer valid. SBK generator is available in the forums. Just check @dibb_nz profile signature and there's a link to a downloadable version in the guides.
and enter your UID. The website should spit back a series of 4, 8 character keys known as your SKB. Guard that too in case the website ever disappears.
Hard parts over. The tablet will live on now.
Next - choose how to recover!
I used a file called:
V8-UNL-ICS-HC-bootloader-MULTI-cwm.zip 32MB
MD5: 33D6692A997649111995CB690EF73213
I sadly lost the link to this package but im sure if you search google/this forum you will find it.
It uses nvflash. Amazing program. Theres also A500APXflash, based off nvflash. The rest mainly require ADB or USB debugging which you can't set as the tablet won't boot so don't waste your time with proggies like afterota (which won't work if you only have APX) You can also do everything in ubuntu with nvflash and the terminal. just read the commands from the batch, they should be nearly identical commands in either environment.
I booted back to windows, ran the V8.bat file, and followed instructions.
In 30 seconds my iconia was booting recovery again and that ROM I initially tried to install worked perfect!
After it booted, I realized I used 44% of my battery attempting to recover the tablet. This whole process takes maybe 30 minutes first-time through, getting ubuntu packages took the longest. LiveBoot will want to update everything as well, which I never considered, and usually fails (due to live install). Everything should be installed from Terminal if possible if using a live distro. It should be one command-line for the packages, reference exact package names in the package manager maybe.
My nandroid backup was still on the flash though! I knew enough that a 'hard reset' wasn't going to fix anything, so I never erased any userdata ironically, but botched the ROM and recovery.
This is the 100% fool-proof way to get your UID using APX. If its your only method this is your only option.
Your method is very useful, thank you!
It doesn't work correctly for me. It gives me only the last 8 digits of my uid. The rest is filled up with zeroes.
Gesendet von meinem Iconia A501 mit Tapatalk 2
VelosCohagen said:
It doesn't work correctly for me. It gives me only the last 8 digits of my uid. The rest is filled up with zeroes.
Click to expand...
Click to collapse
You are probably using a 32bit system, while the others have been using a 64bit system.
Try replacing
Code:
printf("uid: %#016lx\n", *(uint64_t*)data);
with
Code:
printf("uid: 0x%016llx\n", *(uint64_t*)data);
or
Code:
printf("uid: 0x%08X%08X\n", *((uint32_t*)data+1), *((uint32_t*)data+0));
I would expect either to work.
Will try it out.
Edit: You were right. Tried it with 64bit opensuse, and it worked.
Gesendet von meinem Iconia A501 mit Tapatalk 2
Just curious after seeing this on the front page, but couldn't you just dd a new recovery partition from within Android? (assuming you're rooted)
I also had lost recovery after flashing from Thor's rom to CM9. In the end after stressing out and not being able to figure anything out, I ran Blackthund3r's "A500 APX Flash Tool". After running this, I had re instated recovery and was free to launch the Jelly Bean AOSP You will need some knowledge in findiing ANDROIDSERIALNO, but not too hard if you google it.
Recovery failed
Hi, thank you for your post, I apply your solution, i have my cpuid, skb but when i use V8.bat I see "rcm version 0x4 command send failed (usb write failed)" anyone can help me?
"Usb write failed" message appears when your cpuid is wrong. How many digits has your cpuid?
Gesendet von meinem Iconia A501 mit Tapatalk 2
VelosCohagen said:
"Usb write failed" message appears when your cpuid is wrong. How many digits has your cpuid?
Gesendet von meinem Iconia A501 mit Tapatalk 2
Click to expand...
Click to collapse
I've got 16 digits (0x000000XXXXXXXX) got with ubuntu
My problem was resolved with "printf("uid: 0x%08X%08X\n", *((uint32_t*)data+1), *((uint32_t*)data+0));"
The zeros are wrong. Did you use a32bit version of linux? You must use a 64bit one.
Gesendet von meinem Iconia A501 mit Tapatalk 2
VelosCohagen said:
The zeros are wrong. Did you use a32bit version of linux? You must use a 64bit one.
Click to expand...
Click to collapse
32bit should be fine as long as you replace the printout.
Vache's website offline - how do we get get the SBK??
http://vache-android.com/v1/index.php?site=sbk
Horrors, bricked and now this site is offline, does anybody know another way to generate the SBK?
Seriously, what genius decided the only way to flash your tablet was via a magic number you have to get off a website?
Found a really roundabout way to get it without needing his website:
http://forum.xda-developers.com/showpost.php?p=29602543&postcount=3
[OTA TOOL] [A50X/G100W] Afterota v1.09 won't work unless you have a Honeycomb OTA ROM
davr said:
Found a really roundabout way to get it without needing his website:
http://forum.xda-developers.com/showpost.php?p=29602543&postcount=3
Click to expand...
Click to collapse
My bootloader is wiped which is why I need the SBK.
[OTA TOOL] [A50X/G100W] Afterota v1.09 won't work unless you have a Honeycomb OTA ROM
http://forum.xda-developers.com/showthread.php?t=1675939
when i try to get to where the file is on my desktop in terminal it does nothing else i just get this symbol > and if i keep typing the next steps it does nothing but give me the same symbol again i don't know where i went wrong
help please
sanjayayogi said:
does anybody know another way to generate the SBK?
Click to expand...
Click to collapse
Yes, the algorithm it is quite simple and can without to much trouble be reversed out of known UID/SBK pair.
A short description http://projects.pappkartong.se/a500/#generatesbk.
davr said:
Seriously, what genius decided the only way to flash your tablet was via a magic number you have to get off a website?
Click to expand...
Click to collapse
Acer, except for the part where you can actually get it which was most likely not part of the plan.
TechiiGirl said:
when i try to get to where the file is on my desktop in terminal it does nothing else i just get this symbol > and if i keep typing the next steps it does nothing but give me the same symbol again i don't know where i went wrong
help please
Click to expand...
Click to collapse
You will have to be much more specific if you want help.
Describe exactly what did you did and the results, step by step.
eppeP said:
Yes, the algorithm it is quite simple and can without to much trouble be reversed out of known UID/SBK pair.
A short description http://projects.pappkartong.se/a500/#generatesbk.
Acer, except for the part where you can actually get it which was most likely not part of the plan.
You will have to be much more specific if you want help.
Describe exactly what did you did and the results, step by step.
Click to expand...
Click to collapse
0x0288424341e173d7
0x
0288
4243
41e1
73d7
0288
4243
41e1
73d7
FROM THIS LINK: HOW TO CREATE THE SECURE BOOT KEY (SBK) from the UID
http://projects.pappkartong.se/a500/
Generating the SBK
To generate the SBK from the UID (assuming UID is a hexadecimal string)
1. Discard any leading 0x in the UID
2. Split the UID into four 4 character strings
3. For each part, take the ascii values and multiply with 100 raised to the position.
e.g. "89AB" => 56*100**3 + 57*100**2 + 65*100**2 + 66*100**0 = 56576566.
4. xor
5. If using a little-endian architecture, swap the byte order
6. Print the key
============================================
UID:
0x0288424341e173d7
============================================
STEP 1. Remove 0x
0288424341e173d7
============================================
============================================
STEP 2. Split the UID into four 4 character strings
0288
4243
41e1
73d7
============================================
============================================
============================================
STEP 3 - For each part, take the ascii values and multiply with 100 raised to the position.
FIRST SET
Text Converted 0288
http://www.whatasciicode.com/?cmd=submit
Dec
48
50
56
56
============================================
https://www.google.com/search?q=48*100^3&sugexp=chrome,mod=4&sourceid=chrome&ie=UTF-8
0 => 48*100^3 = 48000000
============================================
https://www.google.com/webhp?source...f.&fp=6c7790a71c61b51c&biw=1274&bih=604&ion=1
2 => 50*100^2 = 500000
============================================
https://www.google.com/webhp?source...&bav=on.2,or.r_gc.r_pw.r_qf.&biw=1274&bih=604
8 => 56*100^1 = 5600
============================================
https://www.google.com/webhp?source...&bav=on.2,or.r_gc.r_pw.r_qf.&biw=1274&bih=604
8 => 56*100^0 = 56
============================================
FIRST SET: SUM the PARTS
https://www.google.com/search?q=480...cp.r_qf.&fp=917465cf75d369c2&biw=1274&bih=604
48000000 + 500000 + 5600 + 56 = 48505605
RESULT:
0288 => 48505605
ASCII TO HEX
http://www.dolcevie.com/js/converter.html
34:38:35:30:35:36:30:35
============================================
============================================
SECOND SET
Text Converted 4243
Dec
52
50
52
51
http://www.whatasciicode.com/?cmd=submit
============================================
http://www.google.com/webhp#hl=en&g...pw.r_qf.&fp=6c7790a71c61b51c&biw=1274&bih=648
52 => 52*100^3 = 52000000
============================================
http://www.google.com/webhp?sourcei...&bav=on.2,or.r_gc.r_pw.r_qf.&biw=1274&bih=648
50 = 50*100^2 = 500000
============================================
http://www.google.com/webhp?sourcei...&bav=on.2,or.r_gc.r_pw.r_qf.&biw=1274&bih=648
52 => 52*100^1 = 5200
============================================
http://www.google.com/webhp?sourcei...&bav=on.2,or.r_gc.r_pw.r_qf.&biw=1274&bih=648
51 => 51*100^0 = 51
============================================
SECOND SET: SUM the PARTS
http://www.google.com/webhp?sourcei...&bav=on.2,or.r_gc.r_pw.r_qf.&biw=1274&bih=648
52000000 + 500000 + 5200 + 51 = 52505251
4243 => 52505251
ASCII => HEX
http://www.dolcevie.com/js/converter.html
35:32:35:30:35:32:35:31
============================================
============================================
============================================
THIRD SET
Text Converted 41e1
http://www.whatasciicode.com/?cmd=submit
Dec
52
49
101
49
============================================
http://www.google.com/webhp?sourcei...&bav=on.2,or.r_gc.r_pw.r_qf.&biw=1274&bih=648
52 => 52*100^3 = 52000000
============================================
http://www.google.com/webhp?sourcei...f.&fp=6c7790a71c61b51c&biw=1274&bih=648&ion=1
49 => 49*100^2 = 490000
============================================
http://www.google.com/webhp?sourcei...&bav=on.2,or.r_gc.r_pw.r_qf.&biw=1274&bih=648
101 => 101*100^1 = 10100
============================================
http://www.google.com/webhp?sourcei...&bav=on.2,or.r_gc.r_pw.r_qf.&biw=1274&bih=648
49 => 49*100^0 = 49
============================================
THIRD SET: SUM the PARTS
http://www.google.com/webhp?sourcei...&bav=on.2,or.r_gc.r_pw.r_qf.&biw=1274&bih=648
52000000 + 490000 + 10100 + 49 = 52500149
ASCII => HEX
http://www.dolcevie.com/js/converter.html
35:32:35:30:30:31:34:39
============================================
============================================
============================================
============================================
FOURTH SET
Text Converted 73d7
http://www.whatasciicode.com/?cmd=submit
Dec
55
51
100
55
============================================
http://www.google.com/webhp?sourcei...&bav=on.2,or.r_gc.r_pw.r_qf.&biw=1274&bih=648
55 => 55*100^3 = 55000000
============================================
http://www.google.com/webhp?sourcei...&bav=on.2,or.r_gc.r_pw.r_qf.&biw=1274&bih=648
51 => 51*100^2 = 510000
============================================
http://www.google.com/webhp?sourcei...f.&fp=6c7790a71c61b51c&biw=1274&bih=648&ion=1
100 => 100*100^1 = 10000
============================================
http://www.google.com/webhp?sourcei...f.&fp=6c7790a71c61b51c&biw=1274&bih=648&ion=1
55 => 55*100^0 = 55
============================================
FOURTH SET: SUM the PARTS
http://www.google.com/webhp?sourcei...&bav=on.2,or.r_gc.r_pw.r_qf.&biw=1274&bih=648
55000000 + 510000 + 10000 + 55 = 55520055
ASCII => HEX
35:35:35:32:30:30:35:35
============================================
============================================
============================================
============================================
ASCII => HEX
http://www.dolcevie.com/js/converter.html
ALSO THIS SEEMS TO WORK (I am on MAC OSX 10.7):
echo "48505605" | od -t x1
0000000 34 38 35 30 35 36 30 35 0a
0000011
echo "52505251" | od -t x1
0000000 35 32 35 30 35 32 35 31 0a
0000011
halcasteel$ echo "52500149" | od -t x1
0000000 35 32 35 30 30 31 34 39 0a
0000011
echo "55520055" | od -t x1
0000000 35 35 35 32 30 30 35 35 0a
0000011
48505605 => 34:38:35:30:35:36:30:35
52505251 => 35:32:35:30:35:32:35:31
52500149 => 35:32:35:30:30:31:34:39
55520055 => 35:35:35:32:30:30:35:35
Sorry this is so verbose, but I wanted to show all of my steps.
THIS IS WHERE I AM STUCK, any ideas?
sanjayayogi said:
THIS IS WHERE I AM STUCK, any ideas?
Click to expand...
Click to collapse
http://forum.xda-developers.com/showthread.php?t=1810618 Has everything that you need.
And a HUGE thanks to srbeen for putting the guide up for us. My nephew forgot his lock code and the tablet is pure stock. Never ADB'd it or CWM'd and backup... So, as you can imagine, I'm very happy to have the sbk.

Windows 10 Anniversary Permanently Disable LockScreen Patch

Hi guys,
I decompiled the file that was causing the key to be set back on (AllowLockScreen) and successfully disabled it. The culprit is in C:\windows\system32\LogonController.dll
You will need to get a hex editor to do this. This is for the 64-bit version, 10.0.14393.0, with md5sum of 3a12a4ce74b958564c0e4346869fcd8c.
This address location jump to file location 0x156EE, It should look like this:
75 4A 48 8B 8C 24 etc
Change the 75 to 74 (jump not zero to jump zero), save it and replace the LogonController.dll in your system folder.
You'll have to take ownership and then rename the file, and drop the new one in its place. Reboot and voila!
Some details of what is going on:
.text:0000000180016270 ; __int32 __fastcall CProcessStateManager:ut_IsLockScreenAllowed(CProcessStateManager *__hidden this, unsigned __int8)
.text:0000000180016270 [email protected]@@[email protected] proc near
text:00000001800162E4 call cs:__imp_RegCreateKeyExW
.text:00000001800162EA mov ebx, eax
.text:00000001800162EC test eax, eax
This line below is what we're patching:
.text:00000001800162EE jnz short loc_18001633A
.text:00000001800162F0 mov rcx, [rsp+78h+hKey] ; hKey
.text:00000001800162F8 lea rax, [rsp+78h+Data]
.text:0000000180016300 mov [rsp+78h+samDesired], 4 ; cbData
.text:0000000180016308 lea r9d, [rsi+3] ; dwType
.text:000000018001630C xor r8d, r8d ; Reserved
.text:000000018001630F mov qword ptr [rsp+78h+dwOptions], rax ; __int32
.text:0000000180016314 lea rdx, aAllowlockscree ; "AllowLockScreen"
.text:000000018001631B call cs:__imp_RegSetValueExW
.text:0000000180016321 mov rcx, [rsp+78h+hKey] ; hKey
.text:0000000180016329 mov ebx, eax
.text:000000018001632B cmp rcx, 0FFFFFFFF80000002h
.text:0000000180016332 jz short loc_18001633A
.text:0000000180016334 call cs:__imp_RegCloseKey
Patched DLL
I've uploaded a patched 64-bit DLL, in addition to disabling the LockScreen it also disables quite a few of the Telemetry functions. Seems to actually boot slightly faster with the extra telemetry disabled.
Patched DLL v2
The first version I posted only prevented windows from re-enabling the lock screen if it was already disabled. This version also disables it if it was enabled.
for me it doesn't work. I only get a spinning ring progress at logon in VM
Hi darkfires!
Love your stuff!
I think you posted elsewhere on the net the final v.3 fix for this that is:
(This is better than what's posted in the first thread)
Code:
0xBF50 48 89 5C 24 08 -> C3 90 90 90 90
It works perfect for me except one small caveat, and that is that returning from "Sleep" sometimes give you a black screen?.
Hitting the keyboard a few times solves that issue as the login screen then "re-appears".
Any other way to patch this dll, adressing this issue to make it "perfect"?
I was wondering, what disassembler tool did you use to get this output?:
.text:00000001800162EE jnz short loc_18001633A
.text:00000001800162F0 mov rcx, [rsp+78h+hKey] ; hKey
.text:00000001800162F8 lea rax, [rsp+78h+Data]
.text:0000000180016300 mov [rsp+78h+samDesired], 4 ; cbData
.text:0000000180016308 lea r9d, [rsi+3] ; dwType
.text:000000018001630C xor r8d, r8d ; Reserved
.text:000000018001630F mov qword ptr [rsp+78h+dwOptions], rax ; __int32
.text:0000000180016314 lea rdx, aAllowlockscree ; "AllowLockScreen"
.text:000000018001631B call cs:__imp_RegSetValueExW
.text:0000000180016321 mov rcx, [rsp+78h+hKey] ; hKey
.text:0000000180016329 mov ebx, eax
.text:000000018001632B cmp rcx, 0FFFFFFFF80000002h
.text:0000000180016332 jz short loc_18001633A
.text:0000000180016334 call cs:__imp_RegCloseKey
Click to expand...
Click to collapse
Would be nice to get some newbie tips on this as this stuff interests me, thanks !
dobbelina said:
Hi darkfires!
Love your stuff!
I think you posted elsewhere on the net the final v.3 fix for this that is:
(This is better than what's posted in the first thread)
Code:
0xBF50 48 89 5C 24 08 -> C3 90 90 90 90
It works perfect for me except one small caveat, and that is that returning from "Sleep" sometimes give you a black screen?.
Hitting the keyboard a few times solves that issue as the login screen then "re-appears".
Any other way to patch this dll, adressing this issue to make it "perfect"?
I was wondering, what disassembler tool did you use to get this output?:
Would be nice to get some newbie tips on this as this stuff interests me, thanks !
Click to expand...
Click to collapse
Hi,
Sorry I didn't get a notification anyone had replied to this thread for some reason! I posted an updated version here that fixes black screen http://repo.ezzi.net/nolock/. And I used IDA to decompile it, send me a PM if you're interested in a copy of it. I had to target a totally different function than what I originally was.
I actually started out by targeting the difference from pre-anniv which was automatically setting the registry key. So that worked in most cases but not all, and instead I targeted the function that checked the key instead and made it return false every time.
As for the 0xBF50 48 89 5C 24 08 -> C3 90 90 90 90, the first part is the file offset, and the rest are op codes. You can look up x86 opcodes on google and get the hex values. The first 5 are actually a single instruction (instruction, address and value), C3 is retn (forces function to return) and 90 are all NOP (no operation). It's pretty trivial with the right tools and some patience
darkfires said:
Hi,
Sorry I didn't get a notification anyone had replied to this thread for some reason! I posted an updated version here that fixes black screen http://repo.ezzi.net/nolock/. And I used IDA to decompile it, send me a PM if you're interested in a copy of it. I had to target a totally different function than what I originally was.
I actually started out by targeting the difference from pre-anniv which was automatically setting the registry key. So that worked in most cases but not all, and instead I targeted the function that checked the key instead and made it return false every time.
As for the 0xBF50 48 89 5C 24 08 -> C3 90 90 90 90, the first part is the file offset, and the rest are op codes. You can look up x86 opcodes on google and get the hex values. The first 5 are actually a single instruction (instruction, address and value), C3 is retn (forces function to return) and 90 are all NOP (no operation). It's pretty trivial with the right tools and some patience
Click to expand...
Click to collapse
Hi again
And thanks for the updated info!
I actually figured out you were using IDA in my quest to dig deeper.
I got a copy, and I really like the graphical overview which makes it easy to navigate between the numerous functions.
This machine language stuff is not as easy to digest though lol!
But thanks for the pointers.
Btw, I was wrong about your patch causing a blackscreen!
This one:0xBF50 48 89 5C 24 08 -> C3 90 90 90 90
It had nothing to do with the patch, but was/is a quirk with VMware when going into sleep mode.
The patch works 100% perfect.
The Home version uses the same dll, I have checked, same MD5.
I'll get back in this thread when I have done some more studying.
It's not that much that the lockscreen is bothering me,
It's just the challenge to get rid of it that's firing me up, because MS decided they should decide it for us.
//EDIT
Would this be the same place to patch 32Bit version as well?:
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Thanks! :victory:
Hi hi ! :laugh:
Patch for the 32bit
File version 10.0.14393.0 (Anniversary Edition)
MD5 Original LogonController.dll:
cdcc698bc43848baa789c3a7060167fd
Is:Offset:0x1C680 8B FF -> C3 90
Patched dll attached.
Hi all!
This topic is for those that don't like the lockscreen.
When the anniversary update came, the option to disable this was removed.
There are a few tricks out there to somewhat disable it, but none of
those works from boot.
This solution does.
Earlier I made a patch for LogonController.dll, that has worked beatifully
until today, when the KB3189866 update came out and replaced it.
So I made an autopatcher instead.
Even if a new update replace the patched dll,
just run the autopatcher again!
(It is always the same bytes that need replacing), and it will probably
be a long time before they update this dll again.
It's very easy to use, first run the "Take_Ownership.cmd" file as
Administrator, then run LogonController_Patch.exe also as Admin
and point it to:
%SYSTEMROOT%\system32\LogonController.dll
And click Start, Done!
It automatically creates a backup of your old LogonController.dll.
Works for both Home & Pro and all Languages, just choose
right architecture.
Architecture x86
https://drive.google.com/open?id=0ByXxjI18DZC5YTZWbVRueS1IWVU
(Use d/l arrow up in the right corner to get the zip file)
Architecture x64
https://drive.google.com/open?id=0ByXxjI18DZC5aEd4VVhLZVVIbXc
(Use d/l arrow up in the right corner to get the zip file)
That's it folks !
-------------------------------------------------------
Thanks "darkfires" for the inspiration to patch LogonController.dll !
Awesome job man! You learn quick
You could also combine both arch's into a single script if you wanted, just check %PROCESSOR_ARCHITECTURE% == AMD64 for 64, if you're using C or whatever GetSystemInfo() should do it as well. I was going to make an auto-patcher but haven't had much free time lately as I would have hoped, so I am thrilled to see you did that! I'm not sure how the one you wrote works but it's not entirely safe to assume the location of the patch will never change in newer versions. I was looking into making something that downloaded the associated pdb from microsoft and verify the function location from that (that's how IDA is able to put useful labels on the functions), which would make it dynamically work if the offset ever did change. So I would recommend you make another script that is easy to run from advanced recovery command prompt that would restore the original if it ever changed and they couldn't login, just in case. However I think it's safe to say it's very unlikely this would be a problem until their next major build (the only reason it changed this time was to fix a security vulnerability)
Keep up the great work!
dobbelina said:
Hi all!
This topic is for those that don't like the lockscreen.
When the anniversary update came, the option to disable this was removed.
There are a few tricks out there to somewhat disable it, but none of
those works from boot.
This solution does.
Earlier I made a patch for LogonController.dll, that has worked beatifully
until today, when the KB3189866 update came out and replaced it.
So I made an autopatcher instead.
Even if a new update replace the patched dll,
just run the autopatcher again!
(It is always the same bytes that need replacing), and it will probably
be a long time before they update this dll again.
It's very easy to use, first run the "Take_Ownership.cmd" file as
Administrator, then run LogonController_Patch.exe also as Admin
and point it to:
%SYSTEMROOT%\system32\LogonController.dll
And click Start, Done!
It automatically creates a backup of your old LogonController.dll.
Works for both Home & Pro and all Languages, just choose
right architecture.
Architecture x86
https://drive.google.com/open?id=0ByXxjI18DZC5YTZWbVRueS1IWVU
(Use d/l arrow up in the right corner to get the zip file)
Architecture x64
https://drive.google.com/open?id=0ByXxjI18DZC5aEd4VVhLZVVIbXc
(Use d/l arrow up in the right corner to get the zip file)
That's it folks !
-------------------------------------------------------
Thanks "darkfires" for the inspiration to patch LogonController.dll !
Click to expand...
Click to collapse
darkfires said:
Awesome job man! You learn quick
You could also combine both arch's into a single script if you wanted, just check %PROCESSOR_ARCHITECTURE% == AMD64 for 64, if you're using C or whatever GetSystemInfo() should do it as well. I was going to make an auto-patcher but haven't had much free time lately as I would have hoped, so I am thrilled to see you did that! I'm not sure how the one you wrote works but it's not entirely safe to assume the location of the patch will never change in newer versions. I was looking into making something that downloaded the associated pdb from microsoft and verify the function location from that (that's how IDA is able to put useful labels on the functions), which would make it dynamically work if the offset ever did change. So I would recommend you make another script that is easy to run from advanced recovery command prompt that would restore the original if it ever changed and they couldn't login, just in case. However I think it's safe to say it's very unlikely this would be a problem until their next major build (the only reason it changed this time was to fix a security vulnerability)
Keep up the great work!
Click to expand...
Click to collapse
Hi darkfires!
I know I could have bundled the two architectures and
script it to choose the right one but I was lazy!
I noticed that the patch offset was the same in the updated dll in KB3189866, that's why I made the "Autopatcher".
There are 2 safety features in the patch engine preventing
a bad patch, and that is 1. filename, and 2. filesize.
There is a third option to calculate filehash, but i opted out on that one, as you couldn't apply the patch to any new version of the dll.
If there's a new update coming later on, and the offset changed(Or they re-wrote it totally) I hope fingers crossed that the patch engine errors out.
Your idea to d/l the associated pdb from microsoft and verify the function location would be awesome!
Easily done over a cup of coffe right!? :laugh:
Regarding scripting for recovery purposes I think a small tutorial is the best
option.
Most people wouldn't know how to navigate to a recovery script in the first place, ha ha lol!
Basically I tell them this:
Boot from install media, press SHIFT + F10 at first screen, then at cmd prompt, type D:
(it usually is)
cd windows
cd system 32
del LogonController.dll
ren LogonController.bak LogonController.dll
This is quite straightforward, and off course it's really nice that the patch utility
makes this backup file, otherwise I wouldn't use it.
Always nice to get your feedback!
I bundled the 2 architectures into 1 installer script.
It's now very easy to use, Just run Install.cmd as Administrator.
I also made a restore script.
To restore the backed up LogonController.dll run Restore.cmd as Administrator.
Works for both Home & Pro and all Languages 32bit & 64bit.
Architecture x86
(Patches Offset:0x1C680 8B FF -> C3 90)
Architecture x64
(Patches Offset:0xBF50 48 89 5C 24 08 -> C3 90 90 90 90)
LogonController_Patch.zip
(Use d/l arrow up in the right corner to get the zip file)
As a safety feature you can't apply a patch twice, as you would then overwrite the backup file.
The script looks for LogonController.bak in the system32
folder which is the backupfiles name.
In the future, if MS updates the dll file, manually delete
that backupfile in order to run the autopatcher again.
can you try to provide a service which does inmemory patching of the file?
MagicAndre1981 said:
can you try to provide a service which does inmemory patching of the file?
Click to expand...
Click to collapse
any update? Also can you add RS2 support? For RS3 this will be no longer needed, because here MS allows skipping of Lockscreen in Pro again.
Changes, improvements, and fixes for PC
The existing Group Policy to disable the lock screen is now available for those on the Pro edition of Windows 10. Appreciate all who shared feedback on the subject.
Click to expand...
Click to collapse
dobbelina said:
Hi all!
This topic is for those that don't like the lockscreen.
When the anniversary update came, the option to disable this was removed.
There are a few tricks out there to somewhat disable it, but none of
those works from boot.
This solution does.
Earlier I made a patch for LogonController.dll, that has worked beatifully
until today, when the KB3189866 update came out and replaced it.
So I made an autopatcher instead.
Even if a new update replace the patched dll,
just run the autopatcher again!
(It is always the same bytes that need replacing), and it will probably
be a long time before they update this dll again.
It's very easy to use, first run the "Take_Ownership.cmd" file as
Administrator, then run LogonController_Patch.exe also as Admin
and point it to:
%SYSTEMROOT%\system32\LogonController.dll
And click Start, Done!
It automatically creates a backup of your old LogonController.dll.
Works for both Home & Pro and all Languages, just choose
right architecture.
Architecture x86
https://drive.google.com/open?id=0ByXxjI18DZC5YTZWbVRueS1IWVU
(Use d/l arrow up in the right corner to get the zip file)
Architecture x64
https://drive.google.com/open?id=0ByXxjI18DZC5aEd4VVhLZVVIbXc
(Use d/l arrow up in the right corner to get the zip file)
That's it folks !
-------------------------------------------------------
Thanks "darkfires" for the inspiration to patch LogonController.dll !
Click to expand...
Click to collapse
This patcher does not work anymore with new windows update. I get error: "There was an error applying patch: 0x80070057 (The parameter is incorrect.)"
Can you fix it? Win10 version 1607 build 14393.1480
---------- Post added at 01:43 PM ---------- Previous post was at 01:42 PM ----------
darkfires said:
As for the 0xBF50 48 89 5C 24 08 -> C3 90 90 90 90, the first part is the file offset, and the rest are op codes. You can look up x86 opcodes on google and get the hex values. The first 5 are actually a single instruction (instruction, address and value), C3 is retn (forces function to return) and 90 are all NOP (no operation). It's pretty trivial with the right tools and some patience
Click to expand...
Click to collapse
So should I use this code replace or the first post one 75 -> 74?

Categories

Resources