Database Users

[Interop-Unlocked/FS only] Solution : Windows Phone clogging up due failed downloads

If your phone's storage space is running low (your system partition is getting to big : everything over 3GB is abnormal) and you did download some heavy apps through the Windows Phone Store which failed to install due lack of free space, check this folder on your Interop-Unlocked Phone with Full FS access : \Phone\Data\SharedData\EdmCache\Lib. Go check in each folder for zmz files (they should have names like appbce with a GUID of the app you're installing) which take up a lot of space (Ideal there shouldn't be any of those zmz files in these folders) and delete those : I managed to free up 1,5 GB by doing this.
Edit another folder found causing the system partition to be bloated : Samsung ATIV S\Phone\Data\Users\WPNETWORKDRM\APPDATA\Local\Temp. Not sure if you may delete these files though. They are tmp files and cannot be opened.

bruce142 said:
If your phone's storage space is running low (your system partition is getting to big : everything over 3GB is abnormal) and you did download some heavy apps through the Windows Phone Store which failed to install due lack of free space, check this folder on your Interop-Unlocked Phone with Full FS access : \Phone\Data\SharedData\EdmCache\Lib. Go check in each folder for zmz files (they should have names like appbce with a GUID of the app you're installing) which take up a lot of space (Ideal there shouldn't be any of those zmz files in these folders) and delete those : I managed to free up 1,5 GB by doing this.
Click to expand...
Click to collapse
You sir, are amazing. But sadly I cannot enable full FS access on my interop-unlocked GDR3 retail ATIV S

AlvinPhilemon said:
You sir, are amazing. But sadly I cannot enable full FS access on my interop-unlocked GDR3 retail ATIV S
Click to expand...
Click to collapse
Even With unblock RPC ?
http://forum.xda-developers.com/showthread.php?t=2573355

AlvinPhilemon said:
You sir, are amazing. But sadly I cannot enable full FS access on my interop-unlocked GDR3 retail ATIV S
Click to expand...
Click to collapse
I had also problems with the full FS access. Is the problem you can activate this in SamWP8 Tools but your PC (presumably running Windows 7) can't recognize the phone anymore? My trick is to plug the phone in a USB port with a decent voltage, reboot the phone and unlock your phone with your SIM pin and/or optional lock screen pin. What you also can do is turn off the phone and let it wake up by plugging the USB in, if the lock screen pin window pops-up by itself (normally you have to swipe up), you have increased chance that your PC might recognize the phone. Also install the latest USB security updates (http://support.microsoft.com/kb/2862330), I installed this yesterday and my phone was recognized for the first time I plugged it in, three times in a row now. Also check the Device Manager of your PC, if there is a yellow triangle with a exclamation mark near the Samsung Phone, you have to remove the usb cord out of your phone and plug it back in.
If you have difficulties activating the full FS access in SamWP8 tools itself (keeps turning back off), enable the Full FS access, open a page like accent colors, press back and you get a pop-up (I think) with the steps to enable the Full FS feature. If the Full FS switch is back off again, turn it on and reboot your phone immediately (without pressing back or something, use the phone's power button, immediately after you have turned the Full FS switch on). Worked for me.

Whereas, the solution for me is to un-install the WP8 drivers (both of them) in Device Manager, then switch on Full FS access and reboot both my phone and my PC before reconnecting the phone. This works, but it takes an annoyingly long time, and after I disconnect the phone I will need to reboot the PC again before it will see the phone again. Very irritating. I'm looking into possible ways (muck with the SecurityManager?) to fix this...
As a side note, you can make the MTP service run from C:\ instead of the default location (public folder) even without changing what user it runs under. The PROTOCOLS service account (what MTPSVC usually runs under) can't read the entire file system and can't write to very much of it at all, but it does at least give you read-only access to places like the Windows folder and the root of the file system, plus you still get read/write in the public folder. For bonus points, it always works for me (i.e. if it would work with Full FS Access turned off, it works with it only "half-on" like that).

My Full FS Access works if I plug the phone with screen PIN locked and it'll detect it after a while and then it can be safely unlocked.

@GoodDayToDie : Do you think the zmz could be intercepted and another program could be put into place? Like putting the WP8Diag in the place of another program of the same size and thus bypassing the interop-unlock requirement for writing to the registry? Just brainstorming here.
Did anyone notice the Samsung.M8X60SOC.SecureBootKey.dsm.xml in the location Samsung ATIV S\Phone\Windows\Packages\DsmFiles, maybe it's not just a blown fuse which causes the bootloader to be locked? It's refering to a cab with some sha1 hashes in it : Samsung.M8X60SOC.SecureBootKey.cat located at Samsung ATIV S\Phone\Windows\System32\CATROOT\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}.
Posting content here :
Code:
<?xml version="1.0" encoding="utf-8"?>
<Package xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns="http://schemas.microsoft.com/embedded/2004/10/ImageUpdate">
<Identity>
<Owner>Samsung</Owner>
<Component>M8X60SOC</Component>
<SubComponent>SecureBootKey</SubComponent>
<Version Major="3050" Minor="0" QFE="10517" Build="14864" />
</Identity>
<ReleaseType>Production</ReleaseType>
<OwnerType>OEM</OwnerType>
<BuildType>Retail</BuildType>
<CpuType>ARM</CpuType>
<Culture />
<Resolution />
<Partition>MainOS</Partition>
<Platform>M8X60SOC</Platform>
<IsRemoval>false</IsRemoval>
<GroupingKey />
<TargetGroups />
<BuildString />
<Files>
<FileEntry>
<FileType>Manifest</FileType>
<DevicePath>\Windows\Packages\DsmFiles\Samsung.M8X60SOC.SecureBootKey.dsm.xml</DevicePath>
<CabPath>man.dsm.xml</CabPath>
<Attributes>Normal</Attributes>
</FileEntry>
<FileEntry>
<FileType>Catalog</FileType>
<DevicePath>[B][U]\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Samsung.M8X60SOC.SecureBootKey.cat[/U][/B]</DevicePath>
<CabPath>content.cat</CabPath>
<Attributes>Normal</Attributes>
</FileEntry>
<FileEntry>
<FileType>Regular</FileType>
<DevicePath>\windows\System32\Secure\OEM_DB.bin</DevicePath>
<CabPath>9_OEM_DB.bin</CabPath>
<Attributes>Normal</Attributes>
</FileEntry>
<FileEntry>
<FileType>Regular</FileType>
<DevicePath>\windows\System32\Secure\OEM_DB_Clear.bin</DevicePath>
<CabPath>8_OEM_DB_.bin</CabPath>
<Attributes>Normal</Attributes>
</FileEntry>
<FileEntry>
<FileType>Regular</FileType>
<DevicePath>\windows\System32\Secure\OEM_DBX.bin</DevicePath>
<CabPath>7_OEM_DBX.bin</CabPath>
<Attributes>Normal</Attributes>
</FileEntry>
<FileEntry>
<FileType>Regular</FileType>
<DevicePath>\windows\System32\Secure\OEM_DBX_Clear.bin</DevicePath>
<CabPath>6_OEM_DBX.bin</CabPath>
<Attributes>Normal</Attributes>
</FileEntry>
<FileEntry>
<FileType>Regular</FileType>
<DevicePath>\windows\System32\Secure\OEM_KEK.bin</DevicePath>
<CabPath>5_OEM_KEK.bin</CabPath>
<Attributes>Normal</Attributes>
</FileEntry>
<FileEntry>
<FileType>Regular</FileType>
<DevicePath>\windows\System32\Secure\OEM_KEK_Clear.bin</DevicePath>
<CabPath>4_OEM_KEK.bin</CabPath>
<Attributes>Normal</Attributes>
</FileEntry>
<FileEntry>
<FileType>Regular</FileType>
<DevicePath>\windows\System32\Secure\OEM_PK.bin</DevicePath>
<CabPath>3_OEM_PK.bin</CabPath>
<Attributes>Normal</Attributes>
</FileEntry>
<FileEntry>
<FileType>Regular</FileType>
<DevicePath>\windows\System32\Secure\OEM_PK_Clear.bin</DevicePath>
<CabPath>2_OEM_PK_.bin</CabPath>
<Attributes>Normal</Attributes>
</FileEntry>
</Files>
</Package>

I'm not really sure exactly what you're suggesting doing, but I'm pretty sure it won't work. To substitute one system file for another, you'd need to find a hash collision. Getting the file size to match won't even come close to being sufficient...

Wow, I just checked those files as my phone was running low on space and freed about 3GB! They were listed under "System" in storage settings, now my System is 2,93GB.

I installed Sam8tools in past and enabled FS access. Then I installed the Samsung update that bricked the tool. Will this trick work?
Sent from my GT-I8750 using Tapatalk

lukas_ita said:
I installed Sam8tools in past and enabled FS access. Then I installed the Samsung update that bricked the tool. Will this trick work?
Sent from my GT-I8750 using Tapatalk
Click to expand...
Click to collapse
http://forum.xda-developers.com/showthread.php?t=2573355

So, I need first to unblock RPC and then try this?
Sent from my GT-I8750 using Tapatalk

Sorry for bringing up an old thread but I've found another folder responsible for clogging up your Windows Phone with Interop-Unlock and Full FS access : Samsung ATIV S\Phone\Data\Users\WPNETWORKDRM\APPDATA\Local\Temp. But I need some confirmation if these files may be deleted, they are tmp files and cannot be opened, can it do any harm to delete these files?

bruce142 said:
If your phone's storage space is running low (your system partition is getting to big : everything over 3GB is abnormal) and you did download some heavy apps through the Windows Phone Store which failed to install due lack of free space, check this folder on your Interop-Unlocked Phone with Full FS access : \Phone\Data\SharedData\EdmCache\Lib. Go check in each folder for zmz files (they should have names like appbce with a GUID of the app you're installing) which take up a lot of space (Ideal there shouldn't be any of those zmz files in these folders) and delete those : I managed to free up 1,5 GB by doing this.
Edit another folder found causing the system partition to be bloated : Samsung ATIV S\Phone\Data\Users\WPNETWORKDRM\APPDATA\Local\Temp. Not sure if you may delete these files though. They are tmp files and cannot be opened.
Click to expand...
Click to collapse
will it be wise to delete the entire folder?
And can someone PLEASE help me? My system memory keeps hitting 0 bytes all the time and I have to constantly delete apps. I have 330MB left and I used to have 6.33GB of system storage but now I have 7.40GB of system storage and its rising by the day. @GoodDayToDie any method you can suggest for me?

Did you actually try looking what takes space up if you have full FS access? Shouldn't be too hard with Native Access library.

HOLY BALLS.
I got full fs access to work.
Just modify this:
Code:
[HKEY_LOCAL_MACHINE\Software\Microsoft\MTP]
"DataStore"="C:"
NO BACKSLASH.
EDIT: If that doesn't work, follow what I did:
First change the value to "C:\Data".
Reboot.
It will show contents of C:\Data.
Now change the value to "C:\".
Reboot.
It should work now

AlvinPhilemon said:
HOLY BALLS.
I got full fs access to work.
Just modify this:
Code:
[HKEY_LOCAL_MACHINE\Software\Microsoft\MTP]
"DataStore"="C:"
NO BACKSLASH
Click to expand...
Click to collapse
Good . What about Other Drives like D: or E:
are they available too ?
ATTENTION : I don't have Ativ S to try it by my own so be careful

I can't find the folder specified. Am I missing anything? My ATIV S is interop unlocked.
---------- Post added at 08:52 PM ---------- Previous post was at 08:49 PM ----------
ngame said:
Good . What about Other Drives like D: or E:
are they available too ?
ATTENTION : I don't have Ativ S to try it by my own so be careful
Click to expand...
Click to collapse
I didn't know Drives D: and E: existed. I know D: is most likely Micro SD but E:?

AlvinPhilemon said:
HOLY BALLS.
I got full fs access to work.
Just modify this:
Code:
[HKEY_LOCAL_MACHINE\Software\Microsoft\MTP]
"DataStore"="C:"
NO BACKSLASH
Click to expand...
Click to collapse
Well, nice work
I hope i don't dissappoint you, but this is exactly what SamWP8 Tools does by toggling the FullFS-access option.
I just checked with registry tool, and if i press "read" it is showing "C:"
I have FullFS-access enabled in SamWP8 tools.

AlvinPhilemon said:
I can't find the folder specified. Am I missing anything? My ATIV S is interop unlocked.
---------- Post added at 08:52 PM ---------- Previous post was at 08:49 PM ----------
I didn't know Drives D: and E: existed. I know D: is most likely Micro SD but E:?
Click to expand...
Click to collapse
As I said I have no Ativ Device to try it .
I think D: is SD Card but I'm not sure if is E: F: G: or other Partitions existed

Solution wanted after SD-card fix / several app crashes

Hello,
I just got a new S 5 with build: KOT49H.G900FXXU1ANE2
Background:
- Rooted via Towelroot: o.k.
- Installed SuperSU: o.k
- Installed BusyBox Pro: o.k.
- Restore Titanium backup files (NO system data) with Pro version: worked fine
- installed SD card fix with this guide with total commander file editor:
-- Use a root-enabled file manager and navigate to /system/etc/permissions
-- Edit platform.xml and find “WRITE_EXTERNAL_STORAGE“
-- Add an additional group definition for this permission: <group gid=”media_rw” />
-- Save the changes and restart your device
-- You are now able to write on your external SD card again
After restarting device, many system apps were crashing over and over like:
samsung data cloud relay, samsung account, google account, ....
Steps did so far:
- Connecting via USB cable: No access to internal / external SD card > File explorer shows only internal and external SD card with no files
- Tried to copy/move/backup files from internal to external SD card: failed, files like photos, downloads are gone
- Factory reset: done, still app crashes
- Firmware flashed: done, initial configuration not possible due to app crashes, hangs in the form where to fill in my name
Any solutions, hints, to fix this ?
I would be very gratefull for constructive solutions.
Thanks in advance !

verona said:
Hello,
I just got a new S 5 with build: KOT49H.G900FXXU1ANE2
Background:
- Rooted via Towelroot: o.k.
- Installed SuperSU: o.k
- Installed BusyBox Pro: o.k.
- Restore Titanium backup files (NO system data) with Pro version: worked fine
- installed SD card fix with this guide with total commander file editor:
-- Use a root-enabled file manager and navigate to /system/etc/permissions
-- Edit platform.xml and find “WRITE_EXTERNAL_STORAGE“
-- Add an additional group definition for this permission: <group gid=”media_rw” />
-- Save the changes and restart your device
-- You are now able to write on your external SD card again
After restarting device, many system apps were crashing over and over like:
samsung data cloud relay, samsung account, google account, ....
Steps did so far:
- Connecting via USB cable: No access to internal / external SD card > File explorer shows only internal and external SD card with no files
- Tried to copy/move/backup files from internal to external SD card: failed, files like photos, downloads are gone
- Factory reset: done, still app crashes
- Firmware flashed: done, initial configuration not possible due to app crashes, hangs in the form where to fill in my name
Any solutions, hints, to fix this ?
I would be very gratefull for constructive solutions.
Thanks in advance !
Click to expand...
Click to collapse
Hmm... I've never seen a problem like this in my experience. The only thing I would suggest is going into your recovery and fixing permissions. Beyond that, I wouldn't know how to fix this without recommending you flash a new ROM after fixing permissions. If that still doesn't work, it may very well be a bad SD card or a bad SD card reader. For your sake, I hope it isn't either of these problems, as it would take longer to fix. Good luck!

BJSerpas said:
Hmm... I've never seen a problem like this in my experience. The only thing I would suggest is going into your recovery and fixing permissions. Beyond that, I wouldn't know how to fix this without recommending you flash a new ROM after fixing permissions. If that still doesn't work, it may very well be a bad SD card or a bad SD card reader. For your sake, I hope it isn't either of these problems, as it would take longer to fix. Good luck!
Click to expand...
Click to collapse
Bevor doing a firmware flash, I restored the originally settings for SD card permissions without solution.
If you think this is a persmission issue, how to fix this ?
Any further solutions, hints, tips ?
Greetings

verona said:
Bevor doing a firmware flash, I restored the originally settings for SD card permissions without solution.
If you think this is a persmission issue, how to fix this ?
Any further solutions, hints, tips ?
Greetings
Click to expand...
Click to collapse
Maybe anyone has a solution for how to fix permission as posted above ?
Thanks in advance.

EXACT same problem here
Hello Verona, I have EXACT the same problem here. Same hardware, same configuration, same setup, same symptomatic.And also the same: no solution in sight! :crying:

It sounds like a permissions issue. That could be time consuming to track down and fix. I'd suggest restoring your backup to restore your phone to a stable baseline. Then do the SD card write mod following the instructions in one of the proven threads that have a lot of feedback indicating that the method is sound.
Alternately if you don't care about the Knox flag, you could install a custom recovery like TWRP. TWRP has a option to fix permissions for key files with one click. Which may resolve your issues. I rather prefer the former option myself.
Good luck.
.

permission problem
fffft said:
It sounds like a permissions issue. That could be time consuming to track down and fix. I'd suggest restoring your backup to restore your phone to a stable baseline. Then do the SD card write mod following the instructions in one of the proven threads that have a lot of feedback indicating that the method is sound.
Alternately if you don't care about the Knox flag, you could install a custom recovery like TWRP. TWRP has a option to fix permissions for key files with one click. Which may resolve your issues. I rather prefer the former option myself.
Good luck.
.
Click to expand...
Click to collapse
Hello fffft,
Verona already installed a new firmware! Where is here the place for remaining permission problems? I always though that then everyting is written new to the system. I have no nandroid backup because I rooted only with towelroot and it could not be written to the external SDcard....where we are again at the beginning of the story.
Now I can take the decision to bring the S5 without knox flag to the service as it is or to take the risk, that the permission reset with a recovery doen't fix the problem WITH Knox flag.I see no clear way here to make it right

brachypelma said:
Where is here the place for remaining permission problems? I always though that then everyting is written new to the system. I have no nandroid backup because I rooted only with towelroot and it could not be written to the external SDcard....where we are again at the beginning of the story.
Now I can take the decision to bring the S5 without knox flag to the service as it is or to take the risk, that the permission reset with a recovery doen't fix the problem WITH Knox flag.I see no clear way here to make it right
Click to expand...
Click to collapse
It's not clear what you are describing or asking.
It would help if you elaborated in more detail. If I understand you, you are not willing to use TWRP because you don't want to increment the Knox counter. And want an alternative to TWRP to repair your messed up permissions.
I don't recommend that. Permissions are a key characteristic of an OS. If you mess them up in any non-obvious way, your OS is unlikely to ever be 100% stable again. Notwithstanding TWRP's great job in scripting a recursive fix script, I wouldn't want to trust an OS that had to be fixed that way. If you insist, try searching for an app that fixes OS permissions. Or alternately you could extract the script from TWRP and run it from a root command line.
If your OS permissions are a mess, the better solution is reinstalling your OS (firmware). So I'd recommend that you reinstall a full stock firmware image and wipe the data partition to get back to a stable system. Then do a backup before putting your phone at risk again. If not a Nandroid, then the next best thing e.g. Titanium. Then if you wish, do the SD permissions "fix" again, but follow the instructions from a thread that has abundant positive feedback. Meaning that you should succeed this time. And if not for any reason, then you can fall back on your backup.
.

Restored the original platforms.xml file, installed TWRP via Odin (no internet access on S5) and resetted the permissions. No effect at all.
What's now the next step? Wiping what can be wiped and re-flashing the T-Mobile firmware?

brachypelma said:
Restored the original platforms.xml file, installed TWRP via Odin (no internet access on S5) and resetted the permissions. No effect at all.
What's now the next step? Wiping what can be wiped and re-flashing the T-Mobile firmware?
Click to expand...
Click to collapse
Sorry to hear that your phone is still giving you problems. But you haven't taken my advice yet. I did not recommend the TWRP "fix". Merely mentioned that it was a possibility. I further added that it could not be expected to work in all cases.
It wasn't a complete loss though. TWRP is an outstanding backup method and invaluable for miscellaneous maintenance tasks.
As to resolving the permissions issues, I recommended Odin flashing a full stock firmware + wiping the data partition. That will revert you to 99%+ stock and give you a stable base to proceed from. It will also wipe your user files, so backup anything of value that isn't already backed up first.
.

back to life....
fffft said:
Sorry to hear that your phone is still giving you problems. But you haven't taken my advice yet. I did not recommend the TWRP "fix". Merely mentioned that it was a possibility. I further added that it could not be expected to work in all cases.
It wasn't a complete loss though. TWRP is an outstanding backup method and invaluable for miscellaneous maintenance tasks.
As to resolving the permissions issues, I recommended Odin flashing a full stock firmware + wiping the data partition. That will revert you to 99%+ stock and give you a stable base to proceed from. It will also wipe your user files, so backup anything of value that isn't already backed up first.
.
Click to expand...
Click to collapse
fffft, I'm back to a normal behaviour of my S5 now. Thx! Flashing stock rom !+! factory reset brougt it back. TWRP was also gone afterwards, but now with an already set knox counter I'm in a "stressless" situation because this decision is done now forever. Of course I lost 4 weeks of mobile configuration and I would like to investigate a little bit more on the original problem, because my SDcard is still write protected.
When I edited the platform.xml I forgot to the set the permissions to 664 before I rebooted. It was on 755 (don't remember exactly don't know the default umask by heart). A correction in a second loop didn't already help. Could this caused the problem?
You wrote, that I should try the modification with the platform.xml again and take instructions from a reliable source. We have indeed different information in the net.
Variant 1:
add media_rw to WRITE_EXTERNAL_STORAGE
Variant 2:
add media_rw to WRITE_EXTERNAL_STORAGE
add sdcard_rw to WRITE_MEDIA_STORAGE
Variant 3:
add media_rw to WRITE_READ_STORAGE
add media_rw to WRITE_EXTERNAL_STORAGE
add sdcard_rw to WRITE_MEDIA_STORAGE
Which mechanism created deviated problems? Otherwise the system should be ok after restornig the original file.
I could also imagine that the file coding has changed. The files was saved in UNIX mode (LF only), because I modified it with vi in a local root shell. Or that the indenting was done with TAB instead of blanks or someting like that.
Any ideas?
Is there any explanation what happend there and how this can be prevented with the next try?

brachypelma said:
Is there any explanation what happend there and how this can be prevented with the next try?
Click to expand...
Click to collapse
Good to hear that your system is stable again.
Make sure that you make a backup while it's still stable. What happened to you is that you made changes that had unexpected results. That's not a problem per se.. it can happen to anyone. The irredeemable problem is if you have no backup to revert to. Which caused you grief trying to sort it out and get back to a stable base.
The actual problem from your app's perspective was probably that they still didn't have as much SD access as they expected and they didn't cope well with that..
So, first thing - make sure that you make a backup. Opinions vary on how much access to give to the SD card. I'll give you a fairly liberal example that will probably work for you. If not, you can extend or restrict access to suit your situation. Just make sure you have a backup to restore if things go sideways.
The file being edited is /system/etc/permissions/platform.xml
Code:
<permission name="android.permission.READ_EXTERNAL_STORAGE" >
<group gid="sdcard_r" />
</permission>
<permission name="android.permission.WRITE_EXTERNAL_STORAGE" >
<group gid="sdcard_rw" />
<group gid="media_rw" />
</permission>
<permission name="android.permission.ACCESS_ALL_EXTERNAL_STORAGE" >
<group gid="sdcard_r" />
<group gid="sdcard_rw" />
<group gid="sdcard_all" />
</permission>
.
.

To get another result, I decided to send my S5 back for warranty to the distributor.
The feedback will be posted in this thread.
The basic question is, what is the best way for backing up the specific model with its ROM to be on the safe way.
The only difference between branchypalma and me was, that I flashed the firmware and did a factory reset, but every app was crashing straight away.
Maybe branchypalma used another ROM (what exact version?) or something internal broke down.
Before having issues, I used titanium backup for backing up files after setting up the mobile, but it was inaccessible in every tried way.
Maybe someone has another idea for the case, the warranty is being denied. Maybe I used a wrong stock Rom.
What would you suggest (Rom, in this situation) ?

verona said:
To get another result, I decided to send my S5 back for warranty to the distributor.
The feedback will be posted in this thread.
The basic question is, what is the best way for backing up the specific model with its ROM to be on the safe way.
The only difference between branchypalma and me was, that I flashed the firmware and did a factory reset, but every app was crashing straight away.
Maybe branchypalma used another ROM (what exact version?) or something internal broke down.
Before having issues, I used titanium backup for backing up files after setting up the mobile, but it was inaccessible in every tried way.
Maybe someone has another idea for the case, the warranty is being denied. Maybe I used a wrong stock Rom.
What would you suggest (Rom, in this situation) ?
Click to expand...
Click to collapse
Feedback as promised: The device has been successfully repaired & returned.

Everything solved for me
verona said:
Feedback as promised: The device has been successfully repaired & returned.
Click to expand...
Click to collapse
Hello verona,
I downloaded the firmware from sammobile.com/firmwares and select my T-Mobile brand and flashed it with odin. After that I did a factory reset which solved my problem. Afterwards I installed towelroot again and with root access I reflashed the TWRP recovery again because the stock firmware brought the old one back.
To solve the original SD card problem I downloaded the SD KitKat Fixer from JRummy Apps Inc. which creates a perfect written platform.xml compared to the tool from NextApp with wrong alignment.
With TWRP I'm now able to make my desired nandroid backup as well as TitaniumBackup on my SD card. I'm with all Samsung devices already with knox flag on so I do not care at all about it meanwhile.
Now I'm there were I want to be and everything is fine. Hope you get it also working for you!
brachypelma

[TOOL] [ANDROID] [4.3/4.4] Verizon MMS APN Patch + Alternatives

I maintain a ROM for the Verizon Galaxy Nexus and wanted to see if I could do anything for VZW users who have MMS issues. Try the following methods in order until you can (hopefully) send/receive MMS.
Disclaimer:
I'm not responsible for your device blowing up, yadda yadda yadda. Also I'm on Sprint, so I can only do so much to help.
Click to expand...
Click to collapse
Method 1:
Flash SlimKat's Verizon APNs
Reboot to recovery and flash SLIM_APNS.zip.
Click to expand...
Click to collapse
Method 2:
Reset APNs
Go to Settings - Mobile Networks - Access Point Names - 3 dot menu in the upper right - select Reset To Default.
Click to expand...
Click to collapse
Method 3:
Flash Phone Number-specific APNs
This script I created will add your phone number to the APNs file and create a flashable zip for you. The APNs file is from LiquidSmooth and the magic line has been moved up to the top so that you don't need to hunt for it.
Instructions:
1) Ensure you have a zip binary, likely located at /system/xbin. If not, flash zip_binary_flashable.zip from recovery.
2) Ensure you have busybox. Stericson's 1.22.1 definitely works: https://play.google.com/store/apps/details?id=stericson.busybox. Others may not, try Stericson's before reporting problems.
3) Unzip the vzw_apn_patch zip to an empty folder on your sdcard
4) Edit phone.txt with your 10-digit phone number (no dashes, no "1" at the beginning)
5) Open an Android Terminal
6) Run "cd /sdcard/your_folder"
7) Run "sh patch.sh"
8) Reboot to recovery and flash PATCHED_APNS.zip
Source for idea: http://forum.xda-developers.com/showpost.php?p=50958379&postcount=86
Click to expand...
Click to collapse
My other projects:
LiquidSmooth-OFFICIAL for maguro: http://forum.xda-developers.com/gal...m-official-liquidsmooth-kitkat-4-4-3-t2667078
LiquidSmooth-OFFICIAL for toro: http://forum.xda-developers.com/gal...m-liquidsmooth-v3-1-kitkat4-4-3-toro-t2575560
LiquidSmooth-OFFICIAL for toroplus: http://forum.xda-developers.com/gal...m-official-liquidsmooth-kitkat-4-4-3-t2672510
LiquidSmooth-UNOFFICIAL for maguro: http://forum.xda-developers.com/gal...aguro-toro-t2793275/post53641446#post53641446
LiquidSmooth-UNOFFICIAL for toro: http://forum.xda-developers.com/galaxy-nexus/verizon-develop/rom-liquidsmooth-v3-1-toro-t2793284
LiquidSmooth-UNOFFICIAL for toroplus: http://forum.xda-developers.com/galaxy-nexus/sprint-develop/rom-liquidsmooth-v3-1-toroplus-t2793281
LiquidSmooth-UNOFFICIAL for grouper: http://forum.xda-developers.com/showthread.php?t=2709385
F2FS Converter tools for Galaxy Nexus ROMs: http://forum.xda-developers.com/galaxy-nexus/development/tool-galaxy-nexus-ext4-to-f2fs-rom-t2794702
F2FS Converter tools for grouper ROMs: http://forum.xda-developers.com/nexus-7/development/tool-grouper-ext4-to-f2fs-rom-converter-t2801653
Ting APNs to fix LTE: http://forum.xda-developers.com/galaxy-nexus/general/ting-flashable-zip-fixed-lte-android-4-t2428999
Click to expand...
Click to collapse
[poo]

poo706 said:
I maintain a ROM for the Verizon Galaxy Nexus and was alerted to this APN modification that fixes MMS issues which seem to plague many toro users: http://forum.xda-developers.com/showpost.php?p=50958379&postcount=86 . So I decided to whip up a quick script for the Android terminal that will add your phone number to the APNs file and place it on /system/etc for you. The APNs file is from LiquidSmooth and the magic line has been moved up to the top so that you don't need to hunt for it.
Instructions:
1) Unzip vzw_apn_patch.zip to an empty folder on your sdcard
2) Edit phone.txt with your phone number (no dashes)
3) Open an Android Terminal
4) Run "su"
5) Run "cd /sdcard/<your folder>"
6) Run "sh patch.sh"
Let's start with this for now. I can add Windows and Linux/Mac versions if anyone would want that. I can also have my script create a flashable zip for the APNs file.
[poo]
Click to expand...
Click to collapse
A flashable APN zip would be really nice.
Thanks for getting this out there for us!

DR3W5K1 said:
A flashable APN zip would be really nice.
Thanks for getting this out there for us!
Click to expand...
Click to collapse
Can do! I'll see what I can do tomorrow.
[poo]

hmm i'm failing some where probably
poo706 said:
Can do! I'll see what I can do tomorrow.
[poo]
Click to expand...
Click to collapse
so i tried this, thanks for the fix btw.
I put in the number with no dashes or 1 at the begining (i tried with the 1 at first and it wasn't working(all the run commands etc went through but after reboot, mms on 3g still not sending
so after taking out the 1 at begining of the number in the phone.txt file.. running the steps of commands and seeing poo's script(?) do it's thing in the terminal: after another reboot when terminal requested the mms on 3g still would not send, using 8sms app, hmmm any ideas what might be going wrong?
I am using latest clean install version of cmremix.. toro gnexus, THANKS!

bothgoodandbad said:
so i tried this, thanks for the fix btw.
I put in the number with no dashes or 1 at the begining (i tried with the 1 at first and it wasn't working(all the run commands etc went through but after reboot, mms on 3g still not sending
so after taking out the 1 at begining of the number in the phone.txt file.. running the steps of commands and seeing poo's script(?) do it's thing in the terminal: after another reboot when terminal requested the mms on 3g still would not send, using 8sms app, hmmm any ideas what might be going wrong?
I am using latest clean install version of cmremix.. toro gnexus, THANKS!
Click to expand...
Click to collapse
So you ended up running the script twice, first with a "1" at the beginning, then without? And you didn't delete everything in the folder before trying the second time? Not saying that you necessarily should have, I'm just not sure how my rather simple script would handle such a case.
Take a look at /system/etc/apns-conf.xml. Does the first APN line correctly match:
<apn carrier="LTE - Verizon Internet" mcc="311" mnc="480" apn="VZWINTERNET" type="default,supl,mms,dun" user="your number[/B][/U]@vzwpix.com" password="null" server="null" mmsc="http://mms.vtext.com/servlets/mms?X-VZW-MDN=your number" protocol="IPV4V6" roaming_protocol="IPV4V6" bearer="14" />
[poo]

poo706 said:
So you ended up running the script twice, first with a "1" at the beginning, then without? And you didn't delete everything in the folder before trying the second time? Not saying that you necessarily should have, I'm just not sure how my rather simple script would handle such a case.
Take a look at /system/etc/apns-conf.xml. Does the first APN line correctly match:
<apn carrier="LTE - Verizon Internet" mcc="311" mnc="480" apn="VZWINTERNET" type="default,supl,mms,dun" user="your number[/B][/U]@vzwpix.com" password="null" server="null" mmsc="http://mms.vtext.com/servlets/mms?X-VZW-MDN=your number" protocol="IPV4V6" roaming_protocol="IPV4V6" bearer="14" />
[poo]
Click to expand...
Click to collapse
great reply! so i checked and the 1 is still in there in the number(in the xml file you had me check), I must have messed up the process or something, can I fix it? I tried to re-run the first time and it confirmed that it worked and prompted reboot etc, you think I should try again or did I miff it up by doing something i shouldn't have in the first place:/ ha sorry for the hassle!
To be clear when I went back into the phone.text file on the sd card in the folder, I was unable to edit from the phone(rookie move probably) so I plugged into laptop and still couldn't edit it so I deleted the file directly off the (phone.txt) then created a new phone.txt file on the desktop put in correct number no 1 this time or dashes of course. hmmmmm
Then put file in folder and reran scripts in terminal and rebooted and here we are hmmm

bothgoodandbad said:
great reply! so i checked and the 1 is still in there in the number(in the xml file you had me check), I must have messed up the process or something, can I fix it? I tried to re-run the first time and it confirmed that it worked and prompted reboot etc, you think I should try again or did I miff it up by doing something i shouldn't have in the first place:/ ha sorry for the hassle!
To be clear when I went back into the phone.text file on the sd card in the folder, I was unable to edit from the phone(rookie move probably) so I plugged into laptop and still couldn't edit it so I deleted the file directly off the (phone.txt) then created a new phone.txt file on the desktop put in correct number no 1 this time or dashes of course. hmmmmm
Then put file in folder and reran scripts in terminal and rebooted and here we are hmmm
Click to expand...
Click to collapse
When you run the script, it takes the template xml, adds in your phone number, and renames it to apns-conf.xml. Then this gets copied over to /system/etc which is where it needs to be. But my script doesn't delete that apns-conf.xml from your sdcard. So when you reran it the second time, it may have not created the new apns-conf.xml because the old one was still there. And then the script just recopied the old one to /system/etc. I think if you delete apns-conf.xml from the sdcard and start over, you'll probably get it this time.
Clearly I still have some tweaking to do. Thank you very much for the feedback by the way.
[poo]

poo706 said:
When you run the script, it takes the template xml, adds in your phone number, and renames it to apns-conf.xml. Then this gets copied over to /system/etc which is where it needs to be. But my script doesn't delete that apns-conf.xml from your sdcard. So when you reran it the second time, it may have not created the new apns-conf.xml because the old one was still there. And then the script just recopied the old one to /system/etc. I think if you delete apns-conf.xml from the sdcard and start over, you'll probably get it this time.
Clearly I still have some tweaking to do. Thank you very much for the feedback by the way.
[poo]
Click to expand...
Click to collapse
Sweet, thanks so much! I'm gonna see if I can get it done now ehe. I will report back, if it works and if not I can always restore nandroid:good:

bothgoodandbad said:
Sweet, thanks so much! I'm gonna see if I can get it done now ehe. I will report back, if it works and if not I can always restore nandroid:good:
Click to expand...
Click to collapse
Reflashing your ROM would work too.
[poo]

poo706 said:
Reflashing your ROM would work too.
[poo]
Click to expand...
Click to collapse
hah didn't think of that, perfect!
So i reran the script after deleteing the apn file and confirming it was gone etc, now looking at the html file as before i see the 1 is in fact not there so yay, but mms isn't sending, well it says still sending, although sms does work hmm
---------- Post added at 02:47 AM ---------- Previous post was at 02:45 AM ----------
i tried with stock messaging at that last time, I will try with 8sms now
---------- Post added at 02:56 AM ---------- Previous post was at 02:47 AM ----------
K, so the verdict is it's not sending I can add myself to the mms (group) message or whatever and I receive it but the other people do not hmm, I would love to be able to use mms and 3g instead of only 4g on a lot of these ROMS:highfive:

bothgoodandbad said:
hah didn't think of that, perfect!
So i reran the script after deleteing the apn file and confirming it was gone etc, now looking at the html file as before i see the 1 is in fact not there so yay, but mms isn't sending, well it says still sending, although sms does work hmm
---------- Post added at 02:47 AM ---------- Previous post was at 02:45 AM ----------
i tried with stock messaging at that last time, I will try with 8sms now
Click to expand...
Click to collapse
This all started with @swarlesbarkely: http://forum.xda-developers.com/showpost.php?p=54464793&postcount=57. You might want to contact him, I'm actually on sprint not verizon. I know that he did say in that link that 8sms worked for him.
[poo]
Edit: Actually, it looks like he said he got 8 mms messages...

poo706 said:
This all started with @swarlesbarkely: http://forum.xda-developers.com/showpost.php?p=54464793&postcount=57. You might want to contact him, I'm actually on sprint not verizon. I know that he did say in that link that 8sms worked for him.
[poo]
Edit: Actually, it looks like he said he got 8 mms messages...
Click to expand...
Click to collapse
cool cool! thanks for the info and efforts! If figure out what I'm doing wrong or anything I'll make a post

New version of the tool added to the OP. It's much more elegant now. It'll remove old files that will conflict first if they exist, put your phone number in the APNs file, create a flashable zip, and output the APN line in question so that you can verify that it was substituted correctly. The script will NOT go ahead and replace your APNs on /system like the last one did, you need to flash the zip from recovery. Make sure to read the updated instructions in the OP.
[poo]

I don't know if this will help, but I was one of those Toro users who was having MMS issues on Liquid's KK roms. MMS would send/receive on 4g but not on 3g (or lower). This was particularly vexing and noticeable to me because I spend a large amount of time in marginal data areas and deal with a sizable number of group texts. (And before I get jumped on, I understand not every user has the issue). I tried every suggestion I saw to get MMS to function but nothing worked (assorted text clients, playing with APNs, etc). Based on a suggestion in one of the threads, I switched over to the SlimKat rom. I haven't had any MMS issues on 5.9 or 6.6 (the only two I have tried thus far).
Slim uses a proprietary gapps set, Liquid points you to the standard PA gapps. I would not think that is a factor, but I mention it just in case.
I say this not to praise one rom over another, but if one of you master coders could figure out what Slim is doing vs. what Liquid is doing, it may help get to the bottom of the issue.

GherkinSavorus said:
I don't know if this will help, but I was one of those Toro users who was having MMS issues on Liquid's KK roms. MMS would send/receive on 4g but not on 3g (or lower). This was particularly vexing and noticeable to me because I spend a large amount of time in marginal data areas and deal with a sizable number of group texts. (And before I get jumped on, I understand not every user has the issue). I tried every suggestion I saw to get MMS to function but nothing worked (assorted text clients, playing with APNs, etc). Based on a suggestion in one of the threads, I switched over to the SlimKat rom. I haven't had any MMS issues on 5.9 or 6.6 (the only two I have tried thus far).
Slim uses a proprietary gapps set, Liquid points you to the standard PA gapps. I would not think that is a factor, but I mention it just in case.
I say this not to praise one rom over another, but if one of you master coders could figure out what Slim is doing vs. what Liquid is doing, it may help get to the bottom of the issue.
Click to expand...
Click to collapse
My gut tells me that this is not a gapps issue and that it's an APN problem. I downloaded slim's latest toro build and looked at their APNs and they are significantly different than LS's.
So let's try this... I put Slim's APNs file into a flashable zip. Those of you that have MMS problems, try flashing the attached zip and see what happens.
[poo]
Edit: Removed attachment, moved to OP.

poo706 said:
So let's try this... I put Slim's APNs file into a flashable zip. Those of you that have MMS problems, try flashing the attached zip and see what happens.
[poo]
Click to expand...
Click to collapse
testing slims now.. will report back..
ive attached the verizon section of the apn file from my rom. if you compare, you can see that slims is quite similar, but adds more duplicate entries with different "bearers." hmm..
HOLY PISS BALLS IT WORKS. skjehkzdjrgblidurgdlirgb WOOT. AND it even worked WITH wifi connected,

gohamstergo said:
testing slims now.. will report back..
ive attached the verizon section of the apn file from my rom. if you compare, you can see that slims is quite similar, but adds more duplicate entries with different "bearers." hmm..
Click to expand...
Click to collapse
Do you have working MMS on your ROM and what ROM are you talking about?
[poo]

poo706 said:
Do you have working MMS on your ROM and what ROM are you talking about?
[poo]
Click to expand...
Click to collapse
MMS was previously NOT working for me at home on the east coast. i mention this because it DID work in alaska, which makes me suspect that Verizon changed their APNs at some point and the 3rd party carrier in alaska (alaska communications) still uses the older APNs.
ROM in sig: CM-REMIX on toro. Now, tested multiple times and working, even with Wifi on.

gohamstergo said:
MMS was previously NOT working for me at home on the east coast. i mention this because it DID work in alaska, which makes me suspect that Verizon changed their APNs at some point and the 3rd party carrier in alaska (alaska communications) still uses the older APNs.
ROM in sig: CM-REMIX on toro. Now, tested multiple times and working, even with Wifi on.
Click to expand...
Click to collapse
Well I'll be damned. Who knew that getting past this vzw mms bug was just a matter of using slim's apns?!?! If we could get a few more people to confirm this, I think we can run with it!
NOOICE key and peele reference by the way. I just texted "nooice" to my gf yesterday.
[poo]

poo706 said:
Well I'll be damned. Who knew that getting past this vzw mms bug was just a matter of using slim's apns?!?! If we could get a few more people to confirm this, I think we can run with it!
NOOICE key and peele reference by the way. I just texted "nooice" to my gf yesterday.
[poo]
Click to expand...
Click to collapse
Ya, I had no idea it was such a simple fix afterall! haha. I really do hope it works for people and they find this thread. I've been spreading it around in threads I remember people having issues.
and heck ya, key and peele are hilarious

Root for setup KITKAT

Hello,
Just bought one week ago my S5 and so far It's working fine unless the GSM that some times lost connection!!!
I would like to install apps on micro Sd an get also write access on my micro SD.
For that I'm planning to root my S5 and set up the platform.xml to <group gid=”media_rw” />
Also take this opportunity and try to disable the Android updates to Lollipop (I want to stay on KitKat, I've eared a lot of problems on S5 with Lollipop).
Can someone if the warranty will be loosen?
I will not upload any ROM!
I've seen on forums kn0x and 0x0, but to be honest I don't know what mean and if one of that values will be changed when perform the Root!
Thanks

Faking OTA updates to rollback to an earlier version

Disclaimer: I haven't confirmed if this actually works or not and I'm not really too smart with these things, but I am a programmer.
So I was talking to my friends about rolling back to root on my Fire 7 (2015) 5th generation and a little thought came into my head for the later versions that you can't root: what if you faked an OTA update to rollback? I can't go into much detail on how to do this, but an idea was creating a router filter to redirect all amazon OTA servers to your own local OTA server. (this would probably cause certificate issues to rise, since fireOS probably checks a security certificate before downloading and installing the update)
These ideas would only work if the rollback protection relied on OTA updates to tell it what's a rollback and what's real, so if it doesn't, then this won't work.
What do you all think?

OTAs have to be signed. You don't have the private key.
Even if you might "inject" an OTA as MITM, you couldn't roll back unless you rewrite the initial loader, to disable the anti-rollback measures built into the bootloader files (all three of them) - or manage to erase the RPMB which stores the anti-rollback version information (nobody knows whether this would brick or free the device).
So there are at least two minor obstacles on your path. Watch your step.

steve8x8 said:
OTAs have to be signed. You don't have the private key.
Even if you might "inject" an OTA as MITM, you couldn't roll back unless you rewrite the initial loader, to disable the anti-rollback measures built into the bootloader files (all three of them) - or manage to erase the RPMB which stores the anti-rollback version information (nobody knows whether this would brick or free the device).
So there are at least two minor obstacles on your path. Watch your step.
Click to expand...
Click to collapse
I've been trying to modify official Amazon APKs to trick then into thinking they are reinstalling themselves or installing an update. The main focus is /system/priv-app/FireTabletSettings. I have been trying to decompile (success, using APKtool...I think...), edit res/xml/development (I don't recall the rest of the file extension offhand but it's the only xml in that folder with development) to allow the OEM unlock option appear in settings (half success. Not sure what I am supposed to edit the code to but I can edit it) then reinstall the apk.
1) I don't know what to edit to make that setting appear, so I changed what I thought would.
2) I sent it back to internal storage and installed from there. Success. I was able to at least get it to "install"
3) Reinstallation didn't hold. No effect.
4) Tried adb sideload from recovery, installation aborted. Signature verification failed.
So not sure if I have anything or nothing.
EDIT NOTE: Prior to using APKtool, I would make small changes using other ways, and try to reinstall from internal storage, and each time the file was rejected. So I know APKtool works, but what I am doing clearly isn't correct.

DragonFire1024 said:
I've been trying to modify official Amazon APKs to trick then into thinking they are reinstalling themselves or installing an update. The main focus is /system/priv-app/FireTabletSettings. I have been trying to decompile (success, using APKtool...I think...), edit res/xml/development (I don't recall the rest of the file extension offhand but it's the only xml in that folder with development) to allow the OEM unlock option appear in settings (half success. Not sure what I am supposed to edit the code to but I can edit it) then reinstall the apk.
1) I don't know what to edit to make that setting appear, so I changed what I thought would.
2) I sent it back to internal storage and installed from there. Success. I was able to at least get it to "install"
3) Reinstallation didn't hold. No effect.
4) Tried adb sideload from recovery, installation aborted. Signature verification failed.
So not sure if I have anything or nothing.
EDIT NOTE: Prior to using APKtool, I would make small changes using other ways, and try to reinstall from internal storage, and each time the file was rejected. So I know APKtool works, but what I am doing clearly isn't correct.
Click to expand...
Click to collapse
You didn't give me credit for the idea, next time do.

savvytechwinner said:
You didn't give me credit for the idea, next time do.
Click to expand...
Click to collapse
Sorry was just a general post. Yes you have been more than a big help. I just am not sure if this will work. As good of an idea as it is...

DragonFire1024 said:
I've been trying to modify official Amazon APKs to trick then into thinking they are reinstalling themselves or installing an update. The main focus is /system/priv-app/FireTabletSettings. I have been trying to decompile (success, using APKtool...I think...), edit res/xml/development (I don't recall the rest of the file extension offhand but it's the only xml in that folder with development) to allow the OEM unlock option appear in settings (half success. Not sure what I am supposed to edit the code to but I can edit it) then reinstall the apk.
1) I don't know what to edit to make that setting appear, so I changed what I thought would.
2) I sent it back to internal storage and installed from there. Success. I was able to at least get it to "install"
3) Reinstallation didn't hold. No effect.
4) Tried adb sideload from recovery, installation aborted. Signature verification failed.
So not sure if I have anything or nothing.
EDIT NOTE: Prior to using APKtool, I would make small changes using other ways, and try to reinstall from internal storage, and each time the file was rejected. So I know APKtool works, but what I am doing clearly isn't correct.
Click to expand...
Click to collapse
Inspired by this idea, I decided to try my hand at things. The place to make the edits is going to be in the smali decompiled Dalvick instructions. I identified a number of locations that could potentially be modified to allow the OEM Unlock switch to appear in the developer settings, such as the following:
Code:
# Taken from smali/com/amazon/settings/DevelopmentSettings$4.smali, starting at line 61
.method public getNonIndexableKeys(Landroid/content/Context;)Ljava/util/List;
.locals 2
.param p1, "context" # Landroid/content/Context;
.annotation system Ldalvik/annotation/Signature;
value = {
"(",
"Landroid/content/Context;",
")",
"Ljava/util/List",
"<",
"Ljava/lang/String;",
">;"
}
.end annotation
.prologue
.line 1777
invoke-direct {p0, p1}, Lcom/android/settings/DevelopmentSettings$4;->isShowingDeveloperOptions(Landroid/content/Context;)Z
move-result v1
if-nez v1, :cond_1
.line 1778
const/4 v0, 0x0
.line 1785
:cond_0
:goto_0
return-object v0
.line 1781
:cond_1
new-instance v0, Ljava/util/ArrayList;
invoke-direct {v0}, Ljava/util/ArrayList;-><init>()V
.line 1782
.local v0, "keys":Ljava/util/List;, "Ljava/util/List<Ljava/lang/String;>;"
# invokes: Lcom/android/settings/DevelopmentSettings;->showEnableOemUnlockPreference()Z
invoke-static {}, Lcom/android/settings/DevelopmentSettings;->access$400()Z
move-result v1
######### BEGIN MODIFICATION ##########
# Commenting out this line should add the oem_unlock_enable key to the list of menu entries to show regardless of the method call above
# if-nez v1, :cond_0
######### END MODIFICATION ##########
.line 1783
const-string v1, "oem_unlock_enable"
invoke-interface {v0, v1}, Ljava/util/List;->add(Ljava/lang/Object;)Z
goto :goto_0
.end method
I was hoping that this would get the OEM unlock switch to show up in the Developer Settings. There were a couple of other modifications that I tried as well. I was able to recompile the APK and supposedly install it on my tablet, but I don't believe the installation was actually succeeding. None of the changes I tried to make had any affect, and when I copied back the supposedly updated APK and decompiled it again, none of my changes were there.
Anyway, that's just my $0.02 from a first attempt at tackling this issue. Editing the smali code would be the way to go in my book, but I'm guessing that FireTabletSettings won't actually take the update in this fashion.

I was hoping that this would get the OEM unlock switch to show up in the Developer Settings. There were a couple of other modifications that I tried as well. I was able to recompile the APK and supposedly install it on my tablet, but I don't believe the installation was actually succeeding. None of the changes I tried to make had any affect, and when I copied back the supposedly updated APK and decompiled it again, none of my changes were there.
Anyway, that's just my $0.02 from a first attempt at tackling this issue. Editing the smali code would be the way to go in my book, but I'm guessing that FireTabletSettings won't actually take the update in this fashion.
Click to expand...
Click to collapse
If I had to guess, without being totally bummed, I would put some money on the signature and maybe even properly decompiling an apk still messes with it. I think the fact we can even get the apks to "install" means we're half right or at least have the right idea.

DragonFire1024 said:
If I had to guess, without being totally bummed, I would put some money on the signature and maybe even properly decompiling an apk still messes with it. I think the fact we can even get the apks to "install" means we're half right or at least have the right idea.
Click to expand...
Click to collapse
You do realize that this type of generic vulnerability, if it actually existed, would have been exploited long ago by those with the technical background to easily move around the obsticles you are facing. Just say'in.

Davey126 said:
You do realize that this type of generic vulnerability, if it actually existed, would have been exploited long ago by those with the technical background to easily move around the obsticles you are facing. Just say'in.
Click to expand...
Click to collapse
Perhaps. Doesn't mean we can't at least try. Beats sitting around waiting for root, which seems less likely as the days go on. Computers have one sure thing in common with every other manufactured item on the planet: Humans built them. We're smart, but we're also dumb or at least we do dumb things, not necessarily intentionally. So that being said, with every update there's a chance for a mistake. All it takes it the smallest one.
On that note...How about this. I'll just come out and say it instead of hinting. Would it be possible, through editing an APK of an app such as Ice Box - Apps freezer and elevate it's permissions and or activities in order to get it the access it needs to do it's job, without root? In other words, it needs to be device owner and that's just not going to happen I don't think. I've tried literally every trick I can track down on the web. The only way to provision them again would be through ADB. Since Amazon has blocked NFC from functioning (which is weird because I thought Bluetooth relied on NFC or parts of it to function) , that avenue is out of the question.
There are two things I have yet to try because of the time I need, which I could do in the next two days. I'll write a quickie if anyone is interested. It would require Android Studio as you would be importing from GitHub and compiling a program/app.
EDIT: In this case we really don't have to worry about signatures. As long as it's resigned after editing, the app would still, theoretically, install. Whether it would work or not is another story.
---------- Post added at 11:46 AM ---------- Previous post was at 11:13 AM ----------
Ok So I just did a quick glance at the Android.Manifest of Ice Box. It requires certain permissions in order to perform it's functions, without root. I am going to paste two things below. I might be wrong so follow me for a second.
1). Android.Manifest lists the permissions each app asks for when you install it. If you go through play store, those are usually listed when it asks you to 'accept.' If not, you've already installed the app once and it's settings were saved. It also lists permissions it asks for, but doesn't get? I don't know maybe that's the wrong way of saying it. Below is the permission list:
Code:
<?xml version="1.0" encoding="utf-8" standalone="no"?><manifest xmlns:android="http://schemas.android.com/apk/res/android" package="com.catchingnow.icebox" platformBuildVersionCode="25" platformBuildVersionName="7.1.1">
<permission android:label="@string/e_" android:name="com.catchingnow.icebox.MODIFY_APP_STATE" android:protectionLevel="dangerous"/>
<uses-permission android:name="com.android.vending.BILLING"/>
<uses-permission android:name="android.permission.INTERNET"/>
<uses-permission android:name="android.permission.WAKE_LOCK"/>
<uses-permission android:name="android.permission.RECEIVE_BOOT_COMPLETED"/>
<uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE"/>
<uses-permission android:name="android.permission.ACCESS_NETWORK_STATE"/>
<uses-permission android:name="android.permission.USE_FINGERPRINT"/>
<uses-permission android:name="com.android.launcher.permission.INSTALL_SHORTCUT"/>
Nothing too serious right? Well below is a list of permissions, that aren't listed above, but are listed as being required for certain other functions to be able to take place, according to Google anyways. Below are those permissions???
Code:
<receiver android:description="@string/ce" android:label="@string/gi" android:name="com.catchingnow.icebox.receiver.DPMReceiver" android:permission="android.permission.BIND_DEVICE_ADMIN">
<meta-data android:name="android.app.device_admin" android:resource="@xml/g"/>
<intent-filter>
<action android:name="android.app.action.PROFILE_PROVISIONING_COMPLETE"/>
<action android:name="android.app.action.DEVICE_ADMIN_ENABLED"/>
<action android:name="android.app.action.DEVICE_ADMIN_DISABLE_REQUESTED"/>
<action android:name="android.app.action.DEVICE_ADMIN_DISABLED"/>
</intent-filter>
</receiver>
<receiver android:exported="true" android:name="com.catchingnow.icebox.receiver.FreezeActionReceiver">
<intent-filter>
<action android:name="com.catchingnow.icebox.FREEZE_APP"/>
</intent-filter>
<intent-filter>
<action android:name="com.twofortyfouram.locale.intent.action.FIRE_SETTING"/>
</intent-filter>
</receiver>
<receiver android:enabled="false" android:exported="true" android:name="com.catchingnow.icebox.receiver.InstallNewAppReceiver">
<intent-filter>
<action android:name="android.intent.action.PACKAGE_ADDED"/>
<data android:scheme="package"/>
</intent-filter>
</receiver>
<receiver android:exported="true" android:name="com.catchingnow.icebox.receiver.AppStateChangeReceiver">
<intent-filter>
<action android:name="android.intent.action.PACKAGE_ADDED"/>
<action android:name="android.intent.action.PACKAGE_CHANGED"/>
<action android:name="android.intent.action.PACKAGE_REMOVED"/>
<data android:scheme="package"/>
</intent-filter>
</receiver>
<receiver android:exported="true" android:label="@string/da" android:name="com.catchingnow.icebox.receiver.StartupReceiver">
<intent-filter>
<action android:name="android.intent.action.BOOT_COMPLETED"/>
<data android:scheme="package"/>
</intent-filter>
</receiver>
Those seemed to be the most important. There are a few others:
Code:
<service android:icon="@drawable/ca" android:label="@string/eh" android:name="com.catchingnow.icebox.service.QuickSettingService" android:permission="android.permission.BIND_QUICK_SETTINGS_TILE" android:process=":Service">
<intent-filter>
<action android:name="android.service.quicksettings.action.QS_TILE"/>
</intent-filter>
</service>
<service android:enabled="true" android:exported="true" android:label="@string/d7" android:name="com.catchingnow.icebox.service.LauncherObserverService" android:permission="android.permission.BIND_ACCESSIBILITY_SERVICE" android:process=":Service">
<intent-filter>
<action android:name="android.accessibilityservice.AccessibilityService"/>
</intent-filter>
<meta-data android:name="android.accessibilityservice" android:resource="@xml/a"/>
</service>
<service android:label="@string/d_" android:name="com.catchingnow.icebox.service.NotificationObserverService" android:permission="android.permission.BIND_NOTIFICATION_LISTENER_SERVICE" android:process=":Service">
<intent-filter>
<action android:name="android.service.notification.NotificationListenerService"/>
</intent-filter>
What if those "permissions" were added at the very top with the rest?

DragonFire1024 said:
Perhaps. Doesn't mean we can't at least try. Beats sitting around waiting for root, which seems less likely as the days go on. Computers have one sure thing in common with every other manufactured item on the planet: Humans built them. We're smart, but we're also dumb or at least we do dumb things, not necessarily intentionally. So that being said, with every update there's a chance for a mistake. All it takes it the smallest one.
Click to expand...
Click to collapse
Say it again - this type of attack vector (and the permission exploit outlined in the previous post) has virtually no chance in succeeding. Suggest reading up on basic security principles utilized by operating systems in general and Android in particular to protect against such obvious permission escalations.

Davey126 said:
Say it again - this type of attack vector (and the permission exploit outlined in the previous post) has virtually no chance in succeeding. Suggest reading up on basic security principles utilized by operating systems in general and Android in particular to protect against such obvious permission escalations.
Click to expand...
Click to collapse
Your not helping at all. Thinking that if it isn't happened in the past means that it will never happen in the future rudiculus. Sure, I see your point but telling everyone not to try things most people haven't ever tried before because their not "professional" is rude. You could help or just butt out instead of saying it won't work. Even if it won't or you think it won't work, you don't even have the erg to even try Dave. I'll say it again, let people try and fail or succeed, instead of saying it won't work.

savvytechwinner said:
Your not helping at all. Thinking that if it isn't happened in the past means that it will never happen in the future rudiculus. Sure, I see your point but telling everyone not to try things most people haven't ever tried before because their not "professional" is rude. You could help or just butt out instead of saying it won't work. Even if it won't or you think it won't work, you don't even have the erg to even try Dave. I'll say it again, let people try and fail or succeed, instead of saying it won't work.
Click to expand...
Click to collapse
Sigh - have at it. It would be great to see that energy directed at more plausible exploits which requires an understanding of likely vulnerabilities. On a positive note I'm sure you are learning quite a bit which ultimately may lead to a deeper interest in information security. It's a great profession.

Davey126 said:
Say it again - this type of attack vector (and the permission exploit outlined in the previous post) has virtually no chance in succeeding. Suggest reading up on basic security principles utilized by operating systems in general and Android in particular to protect against such obvious permission escalations.
Click to expand...
Click to collapse
I am very much aware of what you are saying. And I am sure the same goes the other way.
---------- Post added at 11:33 PM ---------- Previous post was at 11:28 PM ----------
Davey126 said:
Sigh - have at it. It would be great to see that energy directed at more plausible exploits which requires an understanding of likely vulnerabilities. On a positive note I'm sure you are learning quite a bit which ultimately may lead to a deeper interest in information security. It's a great profession.
Click to expand...
Click to collapse
We need scripts. There are none. I have no clue how you create them. Do you? There are a dozen or so we could try but no one who has been commenting, can write any. I'd be more than happy to do so if I knew how. Until then, we have to make do with what we can think of. Trying never hurt anyone.

DragonFire1024 said:
I am very much aware of what you are saying. And I am sure the same goes the other way.
We need scripts. There are none. I have no clue how you create them. Do you? There are a dozen or so we could try but no one who has been commenting, can write any. I'd be more than happy to do so if I knew how. Until then, we have to make do with what we can think of. Trying never hurt anyone.
Click to expand...
Click to collapse
Scripts aren't the issue. But as you said (in so many words) we agree to disagree on the viability of this effort. Best of luck.

Davey126 said:
Scripts aren't the issue. But as you said (in so many words) we agree to disagree on the viability of this effort. Best of luck.
Click to expand...
Click to collapse
Sure. I doubted it would work when we first suggested it. I knew it was a long shot. But to try is to learn. I have other things I'm trying to work on. So as bummed as I am, there is other work to be done.
Anyone have a chance to look over the Ice Box permissions? Is there an avenue there to at least get it to work?

Can we focus back on the device *hardware*?
Here's a number of questions I couldn't find consistent answers to:
Did anyone, with any device, ever succeed in corrupting the RPMB partition, by accident or on purpose?
Did anyone, for any MTK device, have a closer look at RPMB access from what we call "the bootloader" (i.e. little kernel, preloader, or tz), and which checks are performed in terms of anti-rollback *and* consistency of contents? (I remember a few names for the latter, but did we actually learn anything beyond the text of the patent application?)
There has been a suggestion that A*n wouldn't throw away a Fire with a bad flash, but AFAIK there's no JTAG. Anything else close to that?
For another device, there was a - USB? SDcard? HDMI? - JTAG adapter. Could this work, and if so, how?
Would it be possible to boot "something" from the SDcard, signed or unsigned? (Any hints in console logs?)

steve8x8 said:
Can we focus back on the device *hardware*?
Here's a number of questions I couldn't find consistent answers to:
Did anyone, with any device, ever succeed in corrupting the RPMB partition, by accident or on purpose?
Did anyone, for any MTK device, have a closer look at RPMB access from what we call "the bootloader" (i.e. little kernel, preloader, or tz), and which checks are performed in terms of anti-rollback *and* consistency of contents? (I remember a few names for the latter, but did we actually learn anything beyond the text of the patent application?)
There has been a suggestion that A*n wouldn't throw away a Fire with a bad flash, but AFAIK there's no JTAG. Anything else close to that?
For another device, there was a - USB? SDcard? HDMI? - JTAG adapter. Could this work, and if so, how?
Would it be possible to boot "something" from the SDcard, signed or unsigned? (Any hints in console logs?)
Click to expand...
Click to collapse
1) I don't think so, but if so, it's buried deep in the threads here. I've been hanging around for like 8 months or something and I've never seen anything.
2) I've seen bits here and there re bootloader. I don't think anything was done beyond the general peek-a-boo, but again, it would be buried. But yes I do recall something.
3) No idea what JTAG is.
I had an idea a while back, if it would be possible to install say a Linux OS over the top of the current OS, aka alongside, without root using an SDcard or something.
I also thought about USB OTG, which I asked in the HD 8 forums. I've read it's possible to hack one android with another, providing you have a USB OTG cable. There are some available online and I know that both my XT907 phone and my tablet support USB OTG (There are several apps to test if OTG is available on your device).
There is also the option of still trying to get device owner status back. I've tried just about everything I can to try and get it back. Only thing I can do is make the tablet CPU happy that I used ADB to issue admin status to Ice Box (yes I am aware I can do that in settings. I thought ADB would have more of an authority effect). I have NOT yet tried:
-Test Device Policy Control (Test DPC) App. Requires Android Studio and Gradlew.
-Supposedly when you factory reset, at the language select screen, the first screen you can interact with, you can use ADB to provision an app for device owner. See number 2 here, though this link is helpful all around.
-Merge "Set device admin on dpm set-device-owner command" into lmp-dev
-Android Shell Tricks: Using Mass Provisioning as an Example, Part 3
-Admin - On Google.

DomenicP said:
I was hoping that this would get the OEM unlock switch to show up in the Developer Settings. There were a couple of other modifications that I tried as well. I was able to recompile the APK and supposedly install it on my tablet, but I don't believe the installation was actually succeeding. None of the changes I tried to make had any affect, and when I copied back the supposedly updated APK and decompiled it again, none of my changes were there.
Anyway, that's just my $0.02 from a first attempt at tackling this issue. Editing the smali code would be the way to go in my book, but I'm guessing that FireTabletSettings won't actually take the update in this fashion.
Click to expand...
Click to collapse
Also For the signature I am sure you have to install the framework into APKtool. Not even sure if I am installing the right one. But pull and install:
Code:
adb pull /system/framework/framework-res.apk /xxx
(x being the apktool directory. I found it helpful to copy and paste ADB into APKtool directory as well).
Code:
apktool if framework-res.apk
That installs the Amazon framework into APKtool as a basis to decompile and build. The reference to installing the framework is here along with other instructions.

I think we were doing this wrong...well not wrong, but not right. If you read the link above regarding framework, you'll see, we haven't been resigning the APKs. Somehow the signature needs to be replaced into the APK and I don't think APKtool is doing that. If that's the case, we're just missing signature files. So we would have to resign them. See this reference on how we are to resign APKs.
In /data/system, is the hexdump of both the private and public keys of apps you installed onto your device. I still haven't figured that part out. It also contains other info such as permissions.
/data/system/packages.list contains the list of installed packages.
/data/system/packages.xml contains the list of permissions per package their issuer and many more
These files are created by com.android.server.PackageManagerService.Settings.writeLP().
The first contains 4 fields: the package name , the user id for the package , a flag (1 means debugable) and the data
dir of the packages.
The second file , packages.xml is more complex. it describes known permissions, packages and their signatures.
Click to expand...
Click to collapse
And there's this as well:
By default build/target/product/security will contain a set of pre-generated certificates that are used for signing
packages in the platform. Prior to releasing a device these keys must be replaced as having access to these keys gives
people access to the whole platform.
Click to expand...
Click to collapse
And here is an example of a packages.xml file and it's private keys.

In other words, if you have a rooted device, try to install any of the Amazon APKs we've been trying to modify. If you can, you'll be able to go to packages.xml and get the signatures.