Sorry for the probably dumb question, but I'm unclear on something.
I know that the new SPL with the OTA Froyo update is perfected. Does that mean that we can't:
A. Flash a custom recovery?
B. Install a custom rom?
C. Apply SAPPIMG if I seriously **** something up?
D. MOST IMPORTANT - nandroid back to where I am now?
I really want to try the official update with new radio but I want to be able to nandroid back to where I am now if I decide for some reason that the update irritates me. Can someone shed some light?
Well the word "perfected" refers to the ability to get unrestricted access to the nand (the storage of the device). With a perfected spl, you have no access to nand + others important instructions. Which means that you cannot flash/erase any of the fun partitions, e.g. spl, radio or recovery. Nor can you flash/erase system, boot ect...
On some non-perfected spl, you had the restriction of the above, but you could load("boot") your images and therefore easily boot a custom recovery and do whatever you wanted.
With perfected spl the option of booting an img is not there.
On some devices, like the magic, we have engineering spl, which ignores the s-off flag. S-on/s-off refers to "security" off/on. With security off you have unrestricted access to the nand.
On some other devices, you have modified spl/hboot, E.g. The Desire device.
Their hboot will simply ignore the s-off flag and give you unrestricted access on the nand + the other fun commands, e.g erase and boot.
Now you aske, Ignore the s-off flag???
Yes, the s-off flag (called "secuflag" ) is actually set in something called Radio NVRAM.
This operate in a lower level then the radio image you flash.
The non + perfected spl reads this flag and behaves accordingly.
The modified hboot + eng hboot simply ignores it.
Going back to the magic device.
As long we can get root on the system, we can flash our own custom recovery. From the custom recovery we can flash the eng spl. And wooooot... we have unrestricted access to nand.
Remember, that the spl, radio and system all are simply partitions on the nand. With root we can flash what ever we want.
The only problem can be, if the 2.2 update has a radio img that do not play nicely with the current eng spl. But will still be able to load a custom recovery wit root access... so the option to flash custom roms will always be there if we can get root on the system.
Last i checked, the android 2.2 is no problem to root using a special exploid.
So don't worry... all is good :0)
Applying a sappimg, is a feature built in all spl. You can ALWAYS flash a sappimg.zip from fastboot if you have same cid nr as the sappimg.zip and the main-version of the phone is the same or lower of what you are trying to flash!
So don't worry :0)
What is goldcard used for?
A good question. Goldcards are used to skip the CID check. E.g. my nordic magic with cid HTC-Y13 can flash the Rogers update with CID ROGER001.
But still, the main-version check still applies :0)
No more knowledge from me today... my hands hurts
mumilover said:
Well the word "perfected" refers to the ability to get unrestricted access to the nand (the storage of the device). With a perfected spl, you have no access to nand + others important instructions. Which means that you cannot flash/erase any of the fun partitions, e.g. spl, radio or recovery. Nor can you flash/erase system, boot ect...
On some non-perfected spl, you had the restriction of the above, but you could load("boot") your images and therefore easily boot a custom recovery and do whatever you wanted.
With perfected spl the option of booting an img is not there.
On some devices, like the magic, we have engineering spl, which ignores the s-off flag. S-on/s-off refers to "security" off/on. With security off you have unrestricted access to the nand.
On some other devices, you have modified spl/hboot, E.g. The Desire device.
Their hboot will simply ignore the s-off flag and give you unrestricted access on the nand + the other fun commands, e.g erase and boot.
Now you aske, Ignore the s-off flag???
Yes, the s-off flag (called "secuflag" ) is actually set in something called Radio NVRAM.
This operate in a lower level then the radio image you flash.
The non + perfected spl reads this flag and behaves accordingly.
The modified hboot + eng hboot simply ignores it.
Going back to the magic device.
As long we can get root on the system, we can flash our own custom recovery. From the custom recovery we can flash the eng spl. And wooooot... we have unrestricted access to nand.
Remember, that the spl, radio and system all are simply partitions on the nand. With root we can flash what ever we want.
The only problem can be, if the 2.2 update has a radio img that do not play nicely with the current eng spl. But will still be able to load a custom recovery wit root access... so the option to flash custom roms will always be there if we can get root on the system.
Last i checked, the android 2.2 is no problem to root using a special exploid.
So don't worry... all is good :0)
Applying a sappimg, is a feature built in all spl. You can ALWAYS flash a sappimg.zip from fastboot if you have same cid nr as the sappimg.zip and the main-version of the phone is the same or lower of what you are trying to flash!
So don't worry :0)
What is goldcard used for?
A good question. Goldcards are used to skip the CID check. E.g. my nordic magic with cid HTC-Y13 can flash the Rogers update with CID ROGER001.
But still, the main-version check still applies :0)
Click to expand...
Click to collapse
Wow, thank you very much for the prompt and extremely detailed reply! That's exactly what I needed to know.
So since it's already been verified that the superoneclick root method works on mt3g with ota 2.2, I'll be fine if I decide I'm not happy.
Cool, that's what I needed to know.
Thanks!
Glad i could clarify :0)
Related
I've found this using search, but I just want someone else to back it. What I want to do is install the ADP 1.5 unrooted version by HTC. I want to do this on my normal US T-Mobile G1. All I need to do is update to the Engineering SPL, and flash the Nbh of 1.1 then to 1.5, correct? I've rooted before so I know most of what I'm doing, I just don't want to brick it. Thanks in advance!
There is no nbh for ADP1 firmware as no nbh is needed (feature of the engineering bootloader is that this is not needed). Everything you need is available as update.zip files. Root (requires RC29 nbh file), run the update.zip for the SPL, then install the ADP1 v1.5 firmware. Why would you want to write 1.1 first?? Makes no sense. Go straight to 1.5. Also, ADP1 firmware, by definition, gives you root access, so there is no such thing as ADP1 "unrooted" firmware. "unrooted" is a stupid word anyways.
I JUST found out about the Hard SPL (after Googling about various SPLs due to the various recent threads on this subject). I had the Engineering bootloader to begin with, but I just downloaded and installed the HardSPL. In other words, I used the Wiki.
Hardspl is redundant since you don't need nbh files at all with engineering spl.
Do you know of a thread that explains how the perfected SPL is protected?
Like what keeps us from flashing say http://rapidshare.com/files/26747561...010-signed.zip
From CM1.4
aside from following the gold card instructions elsewhere and the link i got, i would like to know what keeps me from flashing another SPL from a rooted phone with a recovery image (i understand i can not fastboot boot recovery.img as in the link)
but what mechanism is in place that would let the step 5 fail once you are past step 3 of getting into a recovery image)
Since the guide is a way to do it on a phone that apparently does not have a recovery image you can boot into and "apply any zip" from, in which case perfected SPL would keep you from ever booting the recovery image.
I seem to be missing something because in my simplistic thinking i wonder why not put the update-spl-signed.zip onto sdcard, home+power into cm1.4, apply any zip, reboot, voila.
If the recovery image is doing all the erasing and flashing and SPL itself is not there to protect itself, why not?
What am i missing that it seems so simple?
And gold card or not, i see .1009 and .2010 recommended, which one? coin toss?
Thanks in advance for anyone who can clear this up for me,
Daniel
i used this to bypass perfect spl, beware it says g1 but it worked on my 32b board! i dont guaruntee it will work with ures! I found the link on these forums i suggest you do the same
Mods move this to qna. But regardless simple answer for simple ques. If you used one touch root assuming you did. Bc your making this way to difficult. Yes download the spl amon ra has a list of spls you can download its prob on 2nd 3rd or 4th page. Then pick what spl you want put to root of sd and install in recovery as update.zip or as pick ur update. You really shouldnt need a diff spl from 2006 it already is an eng spl. But 2005 does run hero roms better.
There is a newer version of flashrec than that one.
See http://zenthought.org/content/project/flashrec
josharmour said:
There is a newer version of flashrec than that one.
See http://zenthought.org/content/project/flashrec
Click to expand...
Click to collapse
I still prefer the previous one, coz the new one couldn't flash the cusom recovery rom. It only allows you to download CM1.4 and flash it!
I rooted my phone using the "one click" root method (from standard Rogers 1.5 firmware) (http://zenthought.org/system/files/asset/2/flashrec-1.1.1-20090908.apk) and then updated to the latest radio:
•2.22.19.26I
•Baseband Version: 62.50S.20.17H_2.22.19.26I
•http://sapphire-port-dream.googlecode.com/files/ota-radio-2_22_19_26I.zip
I initiall got the box with the arrow then the phone continued to the Rogers boot screen and has been stuck there for 20 minutes at least! So i took out the battery and turned it back on again and it get stuck on the Rogers screen still!
Have I bricked it!?! I thought you can only brick it when you update the SPL ... all I did was update the radio. Please HELP!
Thanks in advance.
Do you have a RA or Cyan recovery?
If so, try booting into it. You know, Home+Power.
yes when i did the "one step" root, it made a recovery image ... but when I press home+power it still sits on the Rogers screen!
the power+camera button combination doesn't work either.
--
If it helps I was following the instructions step by step from: http://www.maximumpc.com/article/howtos/howto_hack_your_android_g1_phone?page=0,2
If you have a Rogers Dream you should be following the guide here:
http://wiki.cyanogenmod.com/index.php/Full_Update_Guide_-_Rogers_Dream_EBI1_to_CyanogenMod
You have a radio that is incompatible with your rom and recovery. You should be able to fix this by just flashing the radio for rogers phone again.
Boot into fastboot on your phone using camera and power on and check what SPL you have (hboot 1.33.00??).
according to that guide I bricked my phone:
2.Be very careful of any upgrade or mod instructions that require you to install an HTC "Recovery" zip/image, a replacement radio, or anything that might cause a difference of versions thereby bricking your phone.
eg: you currently have an EBI1 system and recovery image. If you boot an EBI0 radio image you will no longer be able to boot your phone.
Click to expand...
Click to collapse
That guide should really say "thereby possibly bricking your phone". I will make the change. If you want me to try to help you fix your phone I can but you will need to tell me what version your spl is.
I would appreciate your help! except that I can't boot into recovery mode/fast boot mode or any other mode, therefore can't check spl version.
I knew that you wouldn't be able to get into recovery but I thought you would still be able to get into fastboot. You can also try holding back while powering on. Without getting into one of these modes I'm afraid there's not much we can do.
Its sorta a long shot but you could try this: (its for the magic but its worth a shot as a last resort)
http://forum.xda-developers.com/showthread.php?t=548218
http://forum.xda-developers.com/showthread.php?t=572683
FLASH RADIO FIRST THEN FLASH SPL. LOOK BELOW FOR INSTRUCTIONS.
you are supposed to update radio and spl. you cannot choose one. first flash radio and when it says to reboot, reboot and it will reboot back into recovery when done. then flash the spl. same steps as above. then wipe data, wipe ext file system, then repair ext. after that flash the rom again. the radio and the spl is from the same site you used.
hope this helped. you should do research before flashing anything. i'm glad i did before flashing a new radio and spl. also once you get sorted out, flash the same recovery image i have (in signature) and make a nandroid backup for cyanogen or a donut rom and make a bart backup for hero rom (i recommend MLIGN 3.2B but switch to the Hero 2.1 ROM when they fix everthing) so you can switch those out. it is safe and I did it a lot of times.
I really want to get 1.6 on my device, (Rogers Dream) but I really don't want to flash the SPL, because if I brick that I have to buy a totally new Dream, no warranty.
What to do!
edit: I booted with camera and power and it says hboot is 1.33.0009, does this mean I don't have to risk bricking when I root? The tutorial is for 1.33.0010.
AndroidNoobie said:
FLASH RADIO FIRST THEN FLASH SPL. LOOK BELOW FOR INSTRUCTIONS.
you are supposed to update radio and spl. you cannot choose one. first flash radio and when it says to reboot, reboot and it will reboot back into recovery when done. then flash the spl. same steps as above. then wipe data, wipe ext file system, then repair ext. after that flash the rom again. the radio and the spl is from the same site you used.
hope this helped. you should do research before flashing anything. i'm glad i did before flashing a new radio and spl. also once you get sorted out, flash the same recovery image i have (in signature) and make a nandroid backup for cyanogen or a donut rom and make a bart backup for hero rom (i recommend MLIGN 3.2B but switch to the Hero 2.1 ROM when they fix everthing) so you can switch those out. it is safe and I did it a lot of times.
Click to expand...
Click to collapse
1) This is for ROGERS Dreams, they use different radios and SPLs to regular HTC Dreams/G1's. So your instructions would brick ROGERS Dreams.
2) You don't have to flash the radio and SPL at the same time. They are independant, however the 1.33.2005 requires the 26i radio. If you're on 1.1 and you upgrade to a 1.5/1.6 ROM you should update the radio, but there's no reason to change the SPL from stock unless you want to flash builds the require extra space in the NAND.
if im using the dwang 1.13 flash, will the sapphire radio update work with the g1? is it compatible?
sorry what does updating the radio do for you?
I was wondering if it would be possible to flash a ROM without an S-OFF hboot. The logic is as follows:
The NAND lock is performed by the hboot.
Flashing is performed by the recovery OS.
We can now disable the NAND lock using a kernel module regardless of the hboot.
Could the recovery OS disable the NAND lock and flash a ROM without using an S-OFF hboot?
There are a few reasons against flashing the S-OFF hboot, namely, it's less risky, and easier to revert to factory if a warranty claim needs to be made.
Simple answer NO.
Long answer, you can't flash a custom rom without a custom recovery.
You can't flash a custom recovery without and unlock hboot.
So what ur saying will not work because u will not be able to flash the recovery.
Also no risk if u follow the steps. And reverting is as easy as running pc10img
Also this needs to be move to gen thread
Sent from my T-Mobile G2 using XDA App
Technically, you can probably use dd to reflash the recovery partition instead of hboot, which would allow you to install custom ROMs because the NAND is always unlocked in recovery.
But nobody is going to do that, and there are catches: even then you still can't write to /system without Android without the hack S-OFF is best.
I agree that S-OFF is best, but there might be people who are reluctant to flash an hboot. I figured ROMs can include the kernel module that disables the lock, so they would be able to write to /system.
If it's easy to restore to factory though, I guess there isn't much point in working around the lock all the time like that. S-OFF it is then.
If I missed it, would it be possible to go S-OFF, flash a custom ROM, then go S-ON again?
ok this is a debate i had going on in dz forum. you can flash clockwork recovery via rom manager and prob dd cmd after running the wpthis.ko. you can also perm root it as we know. it has been done in dz forum.
now i agree with you. at this point you should be able to boot into recovery and flash whatever you want and have perm root. however WP will still be on when booted into andriod which can be good and bad depending on how you look at it. (noobs vs pain in ass). this leaves u 2 options. reboot to recovery for any changes, or run the wpthis.ko make changes, reboot.
that being said. heres the prob with having s-on. if you screw up your phone you have less of a chance fixing it. (currently helping someone in this position).
ot anyone know of stock rom in update.zip format?
xile6 said:
You can't flash a custom recovery without and unlock hboot.
Click to expand...
Click to collapse
That's not true......i'm proof
Would need atleast a recovery which uses test keys or simply ignores them.
With the wpthis.ko u could dd other imgs but not enough for a rom as you can not access the system while you are on it.
If you had an S-off hboot u can atleast fastboot the images without the recovery.
Right?
Sent from my T-Mobile G2 using XDA App
Basically, I want to know if i can flash a new radio when i rooted using visionary method. I dont know if a radio s-off is required or whatever, or whether or not i have it.
I think permroot and S-OFF is enough, but if you wanna have radio S-OFF, then you need to use gfree. It's not yet clear that the other radios are any better than the one you have already, but if you're up for experimenting, do as you please.
any chance you could explain what radio S-OFF means?
According to this page:
. . . The security level is a flag stored on the radio; when the flag is S-OFF, the bootloader (HBOOT) will no longer check the signatures of firmware images before flashing them. This allows custom firmware images to be uploaded, including unsigned boot, recovery, splash1, and hboot images (as well as official images that have been modified). When the system is S-OFF, the NAND flash memory protection is also reduced; this allows all partitions (including /system) to be written to while the operating system is booted. . . .
Click to expand...
Click to collapse
I think radio S-OFF also is what allows you to unlock the SIM and Carrier ID, which is what gfree does.